Kind	ID	Nodes
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-63be833bbb100650:SESSION-63be833bbb100650	SESSION-63be833bbb100650 → pe:tls:SESSION-63be833bbb100650
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-defe39665fdb6580:host:177.10.237.83	SESSION-defe39665fdb6580 → host:177.10.237.83
FLOW_FROM_HOSTOBS	e:from:SESSION-928f584a0bc46099:host:177.10.232.65	SESSION-928f584a0bc46099 → host:177.10.232.65
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-27c94fb85f37f774:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-27c94fb85f37f774 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.34:geo_-23.62930_-46.63510	host:131.196.31.34 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0f20859a8cab5c7a:host:177.10.232.104	SESSION-0f20859a8cab5c7a → host:177.10.232.104
FLOW_FROM_HOSTOBS	e:from:SESSION-3d6a52e82bb8db7f:host:172.234.197.23	SESSION-3d6a52e82bb8db7f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f5941954cc437ab4:SESSION-f5941954cc437ab4	SESSION-f5941954cc437ab4 → pe:tls:SESSION-f5941954cc437ab4
FLOW_DST_PORTOBS	e:fp:flow:db9420429575:port:tcp:443	flow:db9420429575 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-f255eba3b0795a16:host:131.196.30.24	SESSION-f255eba3b0795a16 → host:131.196.30.24
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7312728f8a99afb:SESSION-b7312728f8a99afb	SESSION-b7312728f8a99afb → pe:tls:SESSION-b7312728f8a99afb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-74f51cf412342155:host:172.234.197.23:host:131.196.30.223	SESSION-74f51cf412342155 → host:172.234.197.23 → host:131.196.30.223
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9c73da0e6ec113c:host:131.196.28.168	SESSION-f9c73da0e6ec113c → host:131.196.28.168
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a108f3a8f652bd55:PCAP:capture_20260428010001:b1b402c7b202	SESSION-a108f3a8f652bd55 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c874ff4a201372ef:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c874ff4a201372ef → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ac0f4c4f1d3b1c15:SESSION-ac0f4c4f1d3b1c15	SESSION-ac0f4c4f1d3b1c15 → pe:syn:SESSION-ac0f4c4f1d3b1c15
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ba035d2018b1429:SESSION-6ba035d2018b1429	SESSION-6ba035d2018b1429 → pe:tls:SESSION-6ba035d2018b1429
FLOW_DST_PORTOBS	e:fp:flow:a81a0cacd656:port:tcp:443	flow:a81a0cacd656 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-a9343604177341c5:host:172.234.197.23	SESSION-a9343604177341c5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3fba4062f618c50:host:131.196.29.12	SESSION-e3fba4062f618c50 → host:131.196.29.12
FLOW_DST_PORTOBS	e:fp:flow:78b4b783fded:port:tcp:60576	flow:78b4b783fded → port:tcp:60576
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d55d0fcf91e9ec79:SESSION-d55d0fcf91e9ec79	SESSION-d55d0fcf91e9ec79 → pe:syn:SESSION-d55d0fcf91e9ec79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f482eb7fd49a3f1b:host:177.10.239.210	SESSION-f482eb7fd49a3f1b → host:177.10.239.210
flow_observed5-aryOBS	e:fo:flow:b4e8fe474765	flow:b4e8fe474765 → host:131.196.30.19 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e938dc96c7665991:host:172.234.197.23	SESSION-e938dc96c7665991 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2c18145c92d838e0:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2c18145c92d838e0 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0e1f57d75854220c:flow:e8999195bf53	SESSION-0e1f57d75854220c → flow:e8999195bf53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d85be3a5c3c244d6:host:177.10.239.38	SESSION-d85be3a5c3c244d6 → host:177.10.239.38
flow_observed5-aryOBS	e:fo:flow:69043b5c7039	flow:69043b5c7039 → host:177.10.237.249 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-5712989ddbf4728b:host:172.234.197.23	SESSION-5712989ddbf4728b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:91dee87e0652:port:tcp:443	flow:91dee87e0652 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c36eb4dd059a78a3:SESSION-c36eb4dd059a78a3	SESSION-c36eb4dd059a78a3 → pe:syn:SESSION-c36eb4dd059a78a3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c430ce1d88348c67:host:177.10.238.183:host:172.234.197.23	SESSION-c430ce1d88348c67 → host:177.10.238.183 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5a6c292407ac:port:tcp:62633	flow:5a6c292407ac → port:tcp:62633
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ba981a6eb39461c8:host:177.10.237.35:host:172.234.197.23	SESSION-ba981a6eb39461c8 → host:177.10.237.35 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e5490e36eb363059:host:177.10.234.186	SESSION-e5490e36eb363059 → host:177.10.234.186
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4d1e35f842f44326:PCAP:capture_20260430110001:43611bdf6759	SESSION-4d1e35f842f44326 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2ae6b0bca9a8c33:host:172.234.197.23	SESSION-f2ae6b0bca9a8c33 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.99:asn:273470	host:45.173.156.99 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fc91fd95f4bed82:host:177.10.233.208	SESSION-3fc91fd95f4bed82 → host:177.10.233.208
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-472112a6b5df57cd:SESSION-472112a6b5df57cd	SESSION-472112a6b5df57cd → pe:syn:SESSION-472112a6b5df57cd
flow_observed5-aryOBS	e:fo:flow:c26cdc0c5253	flow:c26cdc0c5253 → host:131.196.28.62 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:764b0b5581af:port:tcp:443	flow:764b0b5581af → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:078b14d45d42	flow:078b14d45d42 → host:177.10.239.200 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:2849688ffc31	flow:2849688ffc31 → host:172.234.197.23 → host:177.10.232.208 → port:tcp:48227
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bb5021014b7af5cb:PCAP:capture_20260430110001:43611bdf6759	SESSION-bb5021014b7af5cb → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:76d7847b27d9:port:tcp:443	flow:76d7847b27d9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6fea2a5b83daabbc:host:172.234.197.23	SESSION-6fea2a5b83daabbc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a7cd300d305b207c:SESSION-a7cd300d305b207c	SESSION-a7cd300d305b207c → pe:tls:SESSION-a7cd300d305b207c
FLOW_FROM_HOSTOBS	e:from:SESSION-e10e261831a1079d:host:172.234.197.23	SESSION-e10e261831a1079d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0af842276eef56a1:host:51.161.119.157	SESSION-0af842276eef56a1 → host:51.161.119.157
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59a5b7880376a89f:host:172.234.197.23	SESSION-59a5b7880376a89f → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.71:geo_-16.28860_-49.01640	host:177.10.236.71 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0200d7ef8e83c7c3:host:172.234.197.23	SESSION-0200d7ef8e83c7c3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0fc61bce823543f:host:172.234.197.23	SESSION-b0fc61bce823543f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:63ec30f12b69	flow:63ec30f12b69 → host:45.173.156.43 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-20b594788160c43c:host:172.234.197.23:host:177.10.236.11	SESSION-20b594788160c43c → host:172.234.197.23 → host:177.10.236.11
FLOW_FROM_HOSTOBS	e:from:SESSION-8ab61e60544120f5:host:177.10.236.45	SESSION-8ab61e60544120f5 → host:177.10.236.45
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb2f54f0354a144e:host:177.10.234.164	SESSION-fb2f54f0354a144e → host:177.10.234.164
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3be9919fc6df9ffa:host:172.234.197.23	SESSION-3be9919fc6df9ffa → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:12c18556932b:port:tcp:443	flow:12c18556932b → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eead3829bc62f23e:host:177.10.236.242:host:172.234.197.23	SESSION-eead3829bc62f23e → host:177.10.236.242 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cb2ab3101d5e046e:host:172.234.197.23	SESSION-cb2ab3101d5e046e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8cb5baa2c4d67a55:host:172.234.197.23	SESSION-8cb5baa2c4d67a55 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.80:geo_-23.62930_-46.63510	host:131.196.28.80 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.34:geo_-21.10010_-41.69200	host:45.173.156.34 → geo_-21.10010_-41.69200
flow_observed4-aryOBS	e:fo:flow:c7a78933e8b2	flow:c7a78933e8b2 → host:172.234.197.23 → host:177.10.232.153 → port:tcp:56225
FLOW_FROM_HOSTOBS	e:from:SESSION-fa9dc0f394726313:host:195.96.138.88	SESSION-fa9dc0f394726313 → host:195.96.138.88
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.103:asn:262880	host:177.10.234.103 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-925ab2a859ac277f:PCAP:capture_20260430110001:43611bdf6759	SESSION-925ab2a859ac277f → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:fae1a9cd01c6	flow:fae1a9cd01c6 → host:131.196.28.242 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3ad1374907e690a1:PCAP:capture_20260430090001:065659c7d314	SESSION-3ad1374907e690a1 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b9523bcd246277dc:SESSION-b9523bcd246277dc	SESSION-b9523bcd246277dc → pe:syn:SESSION-b9523bcd246277dc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b6005e750e5a47f:host:172.234.197.23	SESSION-8b6005e750e5a47f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:821c1d151be5:port:tcp:443	flow:821c1d151be5 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:00a102725075:port:tcp:443	flow:00a102725075 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-01c9c3509e882c26:host:45.173.156.158:host:172.234.197.23	SESSION-01c9c3509e882c26 → host:45.173.156.158 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7ccf0be9923f197d:flow:af163fb10b44	SESSION-7ccf0be9923f197d → flow:af163fb10b44
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b22f1be22326dd94:host:172.234.197.23	SESSION-b22f1be22326dd94 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-132ae74090c90dac:host:177.10.234.11	SESSION-132ae74090c90dac → host:177.10.234.11
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b4f32c5c51558e8:host:172.234.197.23	SESSION-6b4f32c5c51558e8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-41957bf4b3a50ded:host:177.10.234.186:host:172.234.197.23	SESSION-41957bf4b3a50ded → host:177.10.234.186 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ba0aa5ef9cb5	flow:ba0aa5ef9cb5 → host:131.196.29.60 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ed79241b929fab43:SESSION-ed79241b929fab43	SESSION-ed79241b929fab43 → pe:syn:SESSION-ed79241b929fab43
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.15:geo_-23.62930_-46.63510	host:131.196.30.15 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a4d237675f94d453:SESSION-a4d237675f94d453	SESSION-a4d237675f94d453 → pe:tls:SESSION-a4d237675f94d453
HOST_IN_ASNOBS 85%	e:ha:host:44.247.223.188:asn:16509	host:44.247.223.188 → asn:16509
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.42:asn:271410	host:131.196.31.42 → asn:271410
flow_observed4-aryOBS	e:fo:flow:5711ff8b5c9f	flow:5711ff8b5c9f → host:172.234.197.23 → host:131.196.31.80 → port:tcp:55913
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.55:geo_41.02140_28.99480	host:37.221.79.55 → geo_41.02140_28.99480
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-288c2773d91d95c9:host:177.10.232.229	SESSION-288c2773d91d95c9 → host:177.10.232.229
FLOW_FROM_HOSTOBS	e:from:SESSION-714dd24b305adb19:host:131.196.28.46	SESSION-714dd24b305adb19 → host:131.196.28.46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a46a988dc3d14a3:host:177.10.237.113	SESSION-1a46a988dc3d14a3 → host:177.10.237.113
FLOW_DST_PORTOBS	e:fp:flow:fdac8cc665b7:port:tcp:443	flow:fdac8cc665b7 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:d0f04f8b9fda:port:tcp:7797	flow:d0f04f8b9fda → port:tcp:7797
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a96ffc9fa12c0c5a:host:131.196.30.156:host:172.234.197.23	SESSION-a96ffc9fa12c0c5a → host:131.196.30.156 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6d83a9aba23a117e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6d83a9aba23a117e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.90:asn:271410	host:131.196.28.90 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-37bca0dc2914cafb:SESSION-37bca0dc2914cafb	SESSION-37bca0dc2914cafb → pe:syn:SESSION-37bca0dc2914cafb
flow_observed5-aryOBS	e:fo:flow:248bb9448096	flow:248bb9448096 → host:131.196.30.169 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-efb89dcd313d4029:SESSION-efb89dcd313d4029	SESSION-efb89dcd313d4029 → pe:syn:SESSION-efb89dcd313d4029
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ddbd1238f020bf6b:flow:0338b37a2569	SESSION-ddbd1238f020bf6b → flow:0338b37a2569
FLOW_FROM_HOSTOBS	e:from:SESSION-606a9e702080ed7e:host:131.196.31.93	SESSION-606a9e702080ed7e → host:131.196.31.93
flow_observed5-aryOBS	e:fo:flow:e68dc8e4f9d6	flow:e68dc8e4f9d6 → host:177.10.238.30 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.21:geo_41.00190_28.96450	host:92.112.71.21 → geo_41.00190_28.96450
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c56dcfb05d3a50ba:PCAP:capture_20260430060001:919b39a74464	SESSION-c56dcfb05d3a50ba → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f3651e68c2556a1c:host:177.10.239.235:host:172.234.197.23	SESSION-f3651e68c2556a1c → host:177.10.239.235 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-222c821677f323de:SESSION-222c821677f323de	SESSION-222c821677f323de → pe:tls:SESSION-222c821677f323de
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:109.89.117.44:geo_50.69790_5.59810	host:109.89.117.44 → geo_50.69790_5.59810
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-022fbc52c5dbb7ff:host:172.234.197.23	SESSION-022fbc52c5dbb7ff → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7eb43af6b38a5d78:host:157.180.84.94	SESSION-7eb43af6b38a5d78 → host:157.180.84.94
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fd6ef4118ff649ff:host:131.196.30.176:host:172.234.197.23	SESSION-fd6ef4118ff649ff → host:131.196.30.176 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b6b6d1180ef3:port:tcp:443	flow:b6b6d1180ef3 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:9d3b08953582	flow:9d3b08953582 → host:172.234.197.23 → host:45.173.156.11 → port:tcp:59008
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-efb63adb0418d7f8:flow:8943c204982c	SESSION-efb63adb0418d7f8 → flow:8943c204982c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-23efb1317beab0b3:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-23efb1317beab0b3 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:2b98ad37e1cb:port:tcp:11066	flow:2b98ad37e1cb → port:tcp:11066
flow_observed5-aryOBS	e:fo:flow:9966d446f9da	flow:9966d446f9da → host:177.10.238.77 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:92d87b4a1082:port:tcp:443	flow:92d87b4a1082 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-57039b95174af1c3:host:172.234.197.23	SESSION-57039b95174af1c3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-46aa20776642b201:SESSION-46aa20776642b201	SESSION-46aa20776642b201 → pe:syn:SESSION-46aa20776642b201
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a03207ab88db82b5:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-a03207ab88db82b5 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-959e19b011db2562:flow:9eff1d4678ce	SESSION-959e19b011db2562 → flow:9eff1d4678ce
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47ed07d15aa63df9:flow:d847f2e978d6	SESSION-47ed07d15aa63df9 → flow:d847f2e978d6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-da377d395ffcc3d3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-da377d395ffcc3d3 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:9a60b6d3f633:port:tcp:47356	flow:9a60b6d3f633 → port:tcp:47356
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8b3f73c59938d0a7:SESSION-8b3f73c59938d0a7	SESSION-8b3f73c59938d0a7 → pe:tls:SESSION-8b3f73c59938d0a7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2eaffc60d664a8c9:host:172.234.197.23	SESSION-2eaffc60d664a8c9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c76cb7a55699fff8:flow:5560424714e6	SESSION-c76cb7a55699fff8 → flow:5560424714e6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d75311b4cd1e33ff:host:131.196.28.129	SESSION-d75311b4cd1e33ff → host:131.196.28.129
FLOW_DST_PORTOBS	e:fp:flow:3c63108e4ee7:port:tcp:443	flow:3c63108e4ee7 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-78ad99b8772b1e3f:host:104.28.157.111:host:172.234.197.23	SESSION-78ad99b8772b1e3f → host:104.28.157.111 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e896271e9295df4:host:177.10.239.166	SESSION-9e896271e9295df4 → host:177.10.239.166
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0940876600cf1421:flow:a0c1489991a7	SESSION-0940876600cf1421 → flow:a0c1489991a7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6abbbca78e64654:host:177.10.238.82	SESSION-e6abbbca78e64654 → host:177.10.238.82
FLOW_TO_HOSTOBS	e:to:SESSION-39452ac6bcbae8d3:host:172.234.197.23	SESSION-39452ac6bcbae8d3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a130b65a3fb1:port:tcp:443	flow:a130b65a3fb1 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-05167940272dd019:flow:1ee72008a57f	SESSION-05167940272dd019 → flow:1ee72008a57f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-666cc538c7e1a156:flow:3b12551e0bf1	SESSION-666cc538c7e1a156 → flow:3b12551e0bf1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-107eaa9172a242e7:SESSION-107eaa9172a242e7	SESSION-107eaa9172a242e7 → pe:syn:SESSION-107eaa9172a242e7
FLOW_FROM_HOSTOBS	e:from:SESSION-f479af38d87d852f:host:177.10.232.45	SESSION-f479af38d87d852f → host:177.10.232.45
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a103d39af7264a48:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-a103d39af7264a48 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:4288b0386576:port:tcp:443	flow:4288b0386576 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-f79e79f663ba44d9:host:172.234.197.23	SESSION-f79e79f663ba44d9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-abff9bfe6a29f0b5:host:172.234.197.23:host:131.196.28.198	SESSION-abff9bfe6a29f0b5 → host:172.234.197.23 → host:131.196.28.198
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30f00b6e6078f800:host:172.234.197.23	SESSION-30f00b6e6078f800 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf132b40533c7dcc:host:177.10.235.114:host:172.234.197.23	SESSION-bf132b40533c7dcc → host:177.10.235.114 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a8694ae6f41e5eb8:flow:351cb218e97f	SESSION-a8694ae6f41e5eb8 → flow:351cb218e97f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-21e452657508b689:SESSION-21e452657508b689	SESSION-21e452657508b689 → pe:syn:SESSION-21e452657508b689
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b6f4863e4efa4050:host:177.10.233.248:host:172.234.197.23	SESSION-b6f4863e4efa4050 → host:177.10.233.248 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-01fb4d6a9472c8c7:flow:2d5bc9418602	SESSION-01fb4d6a9472c8c7 → flow:2d5bc9418602
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.75:geo_-23.62930_-46.63510	host:131.196.29.75 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.238:geo_-23.62930_-46.63510	host:131.196.29.238 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:8687e2ada99c	flow:8687e2ada99c → host:131.196.30.81 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f799bd198c08bce:host:172.234.197.23	SESSION-7f799bd198c08bce → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:60519bb0000c:port:tcp:80	flow:60519bb0000c → port:tcp:80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ce217831fb6e1103:flow:10baf7420b2a	SESSION-ce217831fb6e1103 → flow:10baf7420b2a
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.156:asn:273470	host:45.173.156.156 → asn:273470
FLOW_DST_PORTOBS	e:fp:flow:37a8c8cbb511:port:tcp:443	flow:37a8c8cbb511 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:43.192.54.92:asn:135629	host:43.192.54.92 → asn:135629
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c67539e40b0db6c0:SESSION-c67539e40b0db6c0	SESSION-c67539e40b0db6c0 → pe:tls:SESSION-c67539e40b0db6c0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-341cb53ffc41c3af:PCAP:capture_20260430160001:9bfa4498506a	SESSION-341cb53ffc41c3af → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e76f09c0f210884:SESSION-4e76f09c0f210884	SESSION-4e76f09c0f210884 → pe:syn:SESSION-4e76f09c0f210884
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72f157e6b3da81bc:host:45.173.156.11	SESSION-72f157e6b3da81bc → host:45.173.156.11
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-122c6042cd97886a:host:177.10.235.59	SESSION-122c6042cd97886a → host:177.10.235.59
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.170:asn:262880	host:177.10.232.170 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7b223dcd1f64dfb9:SESSION-7b223dcd1f64dfb9	SESSION-7b223dcd1f64dfb9 → pe:syn:SESSION-7b223dcd1f64dfb9
FLOW_TO_HOSTOBS	e:to:SESSION-7e89ccbf4d277fb8:host:172.234.197.23	SESSION-7e89ccbf4d277fb8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b6f4863e4efa4050:host:177.10.233.248	SESSION-b6f4863e4efa4050 → host:177.10.233.248
flow_observed5-aryOBS	e:fo:flow:d415b9a57558	flow:d415b9a57558 → host:51.75.171.21 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaed9d07c71d3d80:host:177.10.233.73	SESSION-eaed9d07c71d3d80 → host:177.10.233.73
FLOW_TO_HOSTOBS	e:to:SESSION-5ed34bf9fded9d68:host:172.234.197.23	SESSION-5ed34bf9fded9d68 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1a765a6c1e1b:port:tcp:443	flow:1a765a6c1e1b → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:c7fe82c435bb	flow:c7fe82c435bb → host:172.234.197.23 → host:177.10.235.120 → port:tcp:16276
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4aeecdec5ead7952:host:172.234.197.23:host:177.10.238.37	SESSION-4aeecdec5ead7952 → host:172.234.197.23 → host:177.10.238.37
flow_observed5-aryOBS	e:fo:flow:6bccd1e0d7eb	flow:6bccd1e0d7eb → host:45.173.156.80 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-96eb62897cd314d5:host:177.10.235.188	SESSION-96eb62897cd314d5 → host:177.10.235.188
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09c0e42aa6120a11:host:37.27.162.26	SESSION-09c0e42aa6120a11 → host:37.27.162.26
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.236:asn:262880	host:177.10.238.236 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-8b5f689fd50e4895:host:44.243.2.252	SESSION-8b5f689fd50e4895 → host:44.243.2.252
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8cb528496ded9d11:host:177.10.238.94	SESSION-8cb528496ded9d11 → host:177.10.238.94
flow_observed5-aryOBS	e:fo:flow:add213556538	flow:add213556538 → host:131.196.31.220 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-93cfcdba6a26f550:host:177.10.238.185	SESSION-93cfcdba6a26f550 → host:177.10.238.185
FLOW_TO_HOSTOBS	e:to:SESSION-d274b6d174d04d01:host:172.234.197.23	SESSION-d274b6d174d04d01 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-714dd24b305adb19:flow:a34c53113814	SESSION-714dd24b305adb19 → flow:a34c53113814
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0844998e370f9b20:SESSION-0844998e370f9b20	SESSION-0844998e370f9b20 → pe:syn:SESSION-0844998e370f9b20
FLOW_TO_HOSTOBS	e:to:SESSION-1d0453327d6800ed:host:131.196.31.4	SESSION-1d0453327d6800ed → host:131.196.31.4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e115bc688365a9e7:PCAP:capture_20260430060001:919b39a74464	SESSION-e115bc688365a9e7 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47fbdf6c3cd24fcc:host:177.10.236.203:host:172.234.197.23	SESSION-47fbdf6c3cd24fcc → host:177.10.236.203 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-60cd9cc046a23835:flow:0724a1e4ffed	SESSION-60cd9cc046a23835 → flow:0724a1e4ffed
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ad4be2ec0ec8e7ca:SESSION-ad4be2ec0ec8e7ca	SESSION-ad4be2ec0ec8e7ca → pe:tls:SESSION-ad4be2ec0ec8e7ca
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c265ba6f34eebd39:host:172.234.197.23	SESSION-c265ba6f34eebd39 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1053aee7675dcd07:host:172.234.197.23	SESSION-1053aee7675dcd07 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-931a0ea4dc7054bf:PCAP:capture_20260430070001:903a0e7a436b	SESSION-931a0ea4dc7054bf → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4ba070ea29625f6c:SESSION-4ba070ea29625f6c	SESSION-4ba070ea29625f6c → pe:syn:SESSION-4ba070ea29625f6c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-598f28b8a9577970:flow:26e9f149e36d	SESSION-598f28b8a9577970 → flow:26e9f149e36d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-abaf8d71fe47df1c:SESSION-abaf8d71fe47df1c	SESSION-abaf8d71fe47df1c → pe:tls:SESSION-abaf8d71fe47df1c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-78e554a3c30f161c:host:177.10.236.137:host:172.234.197.23	SESSION-78e554a3c30f161c → host:177.10.236.137 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:951f2fdaa1bf:port:tcp:443	flow:951f2fdaa1bf → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-9f6479625c7774ad:host:172.234.197.23	SESSION-9f6479625c7774ad → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8dbd1afb05a3a814:host:172.234.197.23	SESSION-8dbd1afb05a3a814 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:c8ea7a8a3a9a	flow:c8ea7a8a3a9a → host:172.234.197.23 → host:131.196.31.78 → port:tcp:61472
FLOW_DST_PORTOBS	e:fp:flow:8848124e5a84:port:tcp:60331	flow:8848124e5a84 → port:tcp:60331
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-60cd9cc046a23835:PCAP:capture_20260430060001:919b39a74464	SESSION-60cd9cc046a23835 → PCAP:capture_20260430060001:919b39a74464
flow_observed4-aryOBS	e:fo:flow:62208a88cbc7	flow:62208a88cbc7 → host:172.234.197.23 → host:131.196.30.231 → port:tcp:36612
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7edb52a0a7553f53:PCAP:capture_20260430150001:ded20914761d	SESSION-7edb52a0a7553f53 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-cd92f1d715637398:host:172.234.197.23	SESSION-cd92f1d715637398 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-84e5e89f26aa2ca2:SESSION-84e5e89f26aa2ca2	SESSION-84e5e89f26aa2ca2 → pe:tls:SESSION-84e5e89f26aa2ca2
flow_observed5-aryOBS	e:fo:flow:d63c1cec9276	flow:d63c1cec9276 → host:131.196.29.161 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a6c7a2e5cf818d0a:SESSION-a6c7a2e5cf818d0a	SESSION-a6c7a2e5cf818d0a → pe:syn:SESSION-a6c7a2e5cf818d0a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4ec917f0e741b647:flow:60298f4176e8	SESSION-4ec917f0e741b647 → flow:60298f4176e8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ea33f21558d3ba7:host:172.234.197.23	SESSION-3ea33f21558d3ba7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-83ce9ba3d421fc3f:SESSION-83ce9ba3d421fc3f	SESSION-83ce9ba3d421fc3f → pe:syn:SESSION-83ce9ba3d421fc3f
FLOW_FROM_HOSTOBS	e:from:SESSION-76bcf8447ee973fd:host:45.173.156.237	SESSION-76bcf8447ee973fd → host:45.173.156.237
FLOW_DST_PORTOBS	e:fp:flow:32d972b9f5d8:port:tcp:59963	flow:32d972b9f5d8 → port:tcp:59963
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-586aad203217304c:flow:f97864e9b884	SESSION-586aad203217304c → flow:f97864e9b884
FLOW_DST_PORTOBS	e:fp:flow:2b1ca5b244f0:port:tcp:40421	flow:2b1ca5b244f0 → port:tcp:40421
flow_observed5-aryOBS	e:fo:flow:9cb459810b54	flow:9cb459810b54 → host:177.10.234.224 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-905738e9b4f08562:host:172.234.197.23	SESSION-905738e9b4f08562 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b3c5b9cd096d7e31:host:172.234.197.23	SESSION-b3c5b9cd096d7e31 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0634c65493dd9b22:SESSION-0634c65493dd9b22	SESSION-0634c65493dd9b22 → pe:tls:SESSION-0634c65493dd9b22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-52e63b8cb0c4a7de:SESSION-52e63b8cb0c4a7de	SESSION-52e63b8cb0c4a7de → pe:tls:SESSION-52e63b8cb0c4a7de
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-176c7cfb0e699b4d:flow:0cf1880561ef	SESSION-176c7cfb0e699b4d → flow:0cf1880561ef
FLOW_FROM_HOSTOBS	e:from:SESSION-75f19254cb816cbd:host:172.234.197.23	SESSION-75f19254cb816cbd → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8d0575d2f6b8	flow:8d0575d2f6b8 → host:177.10.238.112 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-a015ddbfdf91f569:host:172.234.197.23	SESSION-a015ddbfdf91f569 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:6f3bfee5bc2d	flow:6f3bfee5bc2d → host:172.234.197.23 → host:131.196.30.37 → port:tcp:5273
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f49d888fd824b97a:host:177.10.232.204	SESSION-f49d888fd824b97a → host:177.10.232.204
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f1de6d316dd7305f:SESSION-f1de6d316dd7305f	SESSION-f1de6d316dd7305f → pe:tls:SESSION-f1de6d316dd7305f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6a10e6ba939684b8:host:131.196.31.180:host:172.234.197.23	SESSION-6a10e6ba939684b8 → host:131.196.31.180 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5cc5078bf4d23558:PCAP:capture_20260428010001:b1b402c7b202	SESSION-5cc5078bf4d23558 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_DST_PORTOBS	e:fp:flow:05eb72932c3d:port:tcp:443	flow:05eb72932c3d → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:a86792050fb6:port:tcp:35407	flow:a86792050fb6 → port:tcp:35407
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-86f296cd3a39a7c2:flow:25a8e2ead68a	SESSION-86f296cd3a39a7c2 → flow:25a8e2ead68a
flow_observed5-aryOBS	e:fo:flow:1366dc593583	flow:1366dc593583 → host:177.10.236.236 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-923cb7ae7a40da65:host:172.234.197.23:host:177.10.234.249	SESSION-923cb7ae7a40da65 → host:172.234.197.23 → host:177.10.234.249
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7928f63a898f7aac:SESSION-7928f63a898f7aac	SESSION-7928f63a898f7aac → pe:syn:SESSION-7928f63a898f7aac
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f9ee22ced6a72efa:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f9ee22ced6a72efa → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:cff9dae844c6:port:tcp:44109	flow:cff9dae844c6 → port:tcp:44109
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5ef49ba6d990c029:SESSION-5ef49ba6d990c029	SESSION-5ef49ba6d990c029 → pe:tls:SESSION-5ef49ba6d990c029
flow_observed5-aryOBS	e:fo:flow:f2eba56c437c	flow:f2eba56c437c → host:91.240.224.238 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e8f7fc765f54b5ec:flow:1ac3ec916046	SESSION-e8f7fc765f54b5ec → flow:1ac3ec916046
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68317c08ea2eebc2:host:131.196.31.221:host:172.234.197.23	SESSION-68317c08ea2eebc2 → host:131.196.31.221 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c223b0c1ae63:port:tcp:443	flow:c223b0c1ae63 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b25c94efbacaf7d7:host:172.234.197.23	SESSION-b25c94efbacaf7d7 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.0:asn:262880	host:177.10.239.0 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2625cb17cae199d1:host:177.10.239.71	SESSION-2625cb17cae199d1 → host:177.10.239.71
FLOW_TO_HOSTOBS	e:to:SESSION-f344d747ad66bc9c:host:172.234.197.23	SESSION-f344d747ad66bc9c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d9ef85fb3b83fc71:PCAP:capture_20260430150001:ded20914761d	SESSION-d9ef85fb3b83fc71 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2a705ce382fec48a:SESSION-2a705ce382fec48a	SESSION-2a705ce382fec48a → pe:syn:SESSION-2a705ce382fec48a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-378aa47dbf901697:flow:e77c47e6f503	SESSION-378aa47dbf901697 → flow:e77c47e6f503
FLOW_DST_PORTOBS	e:fp:flow:5a8bf8d48b0e:port:tcp:443	flow:5a8bf8d48b0e → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:559fc8443a60	flow:559fc8443a60 → host:131.196.29.208 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-1cbcb5d52df9d7c9:host:131.196.30.124	SESSION-1cbcb5d52df9d7c9 → host:131.196.30.124
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5e9dc14d87b5185c:flow:f2b7c7be1c86	SESSION-5e9dc14d87b5185c → flow:f2b7c7be1c86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-244625927b0e7703:SESSION-244625927b0e7703	SESSION-244625927b0e7703 → pe:syn:SESSION-244625927b0e7703
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0847a7bc7e933771:host:172.234.197.23	SESSION-0847a7bc7e933771 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a8ab97210507c98d:host:172.234.197.23	SESSION-a8ab97210507c98d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-83dd76c193cbd2e0:SESSION-83dd76c193cbd2e0	SESSION-83dd76c193cbd2e0 → pe:rst:SESSION-83dd76c193cbd2e0
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.113:asn:271410	host:131.196.31.113 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9e6c979070fb893e:PCAP:capture_20260430150001:ded20914761d	SESSION-9e6c979070fb893e → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-a038f6735218c73a:host:177.10.233.134	SESSION-a038f6735218c73a → host:177.10.233.134
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d678c7d14c2f15db:SESSION-d678c7d14c2f15db	SESSION-d678c7d14c2f15db → pe:tls:SESSION-d678c7d14c2f15db
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9ec3678e1070a7a4:SESSION-9ec3678e1070a7a4	SESSION-9ec3678e1070a7a4 → pe:syn:SESSION-9ec3678e1070a7a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.10:geo_-16.28860_-49.01640	host:177.10.239.10 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:c7709144102c:port:tcp:443	flow:c7709144102c → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.193:geo_-16.28860_-49.01640	host:177.10.234.193 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.39:geo_-16.28860_-49.01640	host:177.10.236.39 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-295a993db8b4e397:host:177.10.238.5	SESSION-295a993db8b4e397 → host:177.10.238.5
flow_observed5-aryOBS	e:fo:flow:f54f749b0a4f	flow:f54f749b0a4f → host:131.196.30.132 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7ba8377fba710c4:host:172.234.197.23	SESSION-b7ba8377fba710c4 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:1d160c4828b5	flow:1d160c4828b5 → host:172.234.197.23 → host:177.10.234.51 → port:tcp:14382
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d9c211d2931ae713:SESSION-d9c211d2931ae713	SESSION-d9c211d2931ae713 → pe:syn:SESSION-d9c211d2931ae713
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4363548d57b1d6df:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4363548d57b1d6df → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-791eac8e49df4e5d:host:172.234.197.23	SESSION-791eac8e49df4e5d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-39cfa534eb7ca418:host:172.234.197.23	SESSION-39cfa534eb7ca418 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d077f88c61181481:SESSION-d077f88c61181481	SESSION-d077f88c61181481 → pe:tls:SESSION-d077f88c61181481
FLOW_FROM_HOSTOBS	e:from:SESSION-333a850c89106bc0:host:177.10.237.70	SESSION-333a850c89106bc0 → host:177.10.237.70
FLOW_TO_HOSTOBS	e:to:SESSION-0e323950505f0871:host:177.10.235.196	SESSION-0e323950505f0871 → host:177.10.235.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-755eaab432e9c6a6:host:172.234.197.23	SESSION-755eaab432e9c6a6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-200e4a8806f83581:host:172.234.197.23	SESSION-200e4a8806f83581 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-64a8af826dc81e59:SESSION-64a8af826dc81e59	SESSION-64a8af826dc81e59 → pe:syn:SESSION-64a8af826dc81e59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ad1374907e690a1:host:177.10.234.16	SESSION-3ad1374907e690a1 → host:177.10.234.16
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4bda9924d3f6d619:host:177.10.237.74:host:172.234.197.23	SESSION-4bda9924d3f6d619 → host:177.10.237.74 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:902492c89b6a:port:tcp:53519	flow:902492c89b6a → port:tcp:53519
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d4741bb1b7e9e5b0:SESSION-d4741bb1b7e9e5b0	SESSION-d4741bb1b7e9e5b0 → pe:tls:SESSION-d4741bb1b7e9e5b0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-53d75396bd30ce89:SESSION-53d75396bd30ce89	SESSION-53d75396bd30ce89 → pe:tls:SESSION-53d75396bd30ce89
FLOW_FROM_HOSTOBS	e:from:SESSION-63f078b7cf539982:host:131.196.29.51	SESSION-63f078b7cf539982 → host:131.196.29.51
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6113f2cc2cfc5017:SESSION-6113f2cc2cfc5017	SESSION-6113f2cc2cfc5017 → pe:syn:SESSION-6113f2cc2cfc5017
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ef3fadfeb89ec1c3:flow:fe55cb260818	SESSION-ef3fadfeb89ec1c3 → flow:fe55cb260818
flow_observed4-aryOBS	e:fo:flow:5e4ddb5df46c	flow:5e4ddb5df46c → host:172.234.197.23 → host:131.196.29.27 → port:tcp:44979
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-745ac23dbe7bf2d2:PCAP:capture_20260430090001:065659c7d314	SESSION-745ac23dbe7bf2d2 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85a8f577301970a2:host:177.10.238.53:host:172.234.197.23	SESSION-85a8f577301970a2 → host:177.10.238.53 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f35bbd3887f167bf:flow:65fd82ba3983	SESSION-f35bbd3887f167bf → flow:65fd82ba3983
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-28599206da4f4816:SESSION-28599206da4f4816	SESSION-28599206da4f4816 → pe:syn:SESSION-28599206da4f4816
flow_observed5-aryOBS	e:fo:flow:a364bf313740	flow:a364bf313740 → host:177.10.236.44 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a082d71203d179a:host:177.10.233.168	SESSION-3a082d71203d179a → host:177.10.233.168
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-292edad33ae38c98:flow:2242c7b203cd	SESSION-292edad33ae38c98 → flow:2242c7b203cd
FLOW_DST_PORTOBS	e:fp:flow:f3dfdf6b0313:port:tcp:45067	flow:f3dfdf6b0313 → port:tcp:45067
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4f3c3204c65c6f4:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d4f3c3204c65c6f4 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a38d88507263cddf:flow:0320ce5d32ae	SESSION-a38d88507263cddf → flow:0320ce5d32ae
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9d65a28f7cbebfeb:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9d65a28f7cbebfeb → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-957293060df71cd6:SESSION-957293060df71cd6	SESSION-957293060df71cd6 → pe:rst:SESSION-957293060df71cd6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2579d58cc01cbffa:SESSION-2579d58cc01cbffa	SESSION-2579d58cc01cbffa → pe:syn:SESSION-2579d58cc01cbffa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1ec6b7d17caa72c:host:177.10.234.15	SESSION-d1ec6b7d17caa72c → host:177.10.234.15
FLOW_TO_HOSTOBS	e:to:SESSION-b31cf1240fb1e101:host:177.10.237.129	SESSION-b31cf1240fb1e101 → host:177.10.237.129
FLOW_FROM_HOSTOBS	e:from:SESSION-73c4b3cbea42a394:host:46.4.252.37	SESSION-73c4b3cbea42a394 → host:46.4.252.37
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1053aee7675dcd07:host:177.10.236.253:host:172.234.197.23	SESSION-1053aee7675dcd07 → host:177.10.236.253 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f84489ae8c75:port:tcp:443	flow:f84489ae8c75 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:4ca6b5fbbb83	flow:4ca6b5fbbb83 → host:131.196.29.233 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:1c637a2b8639	flow:1c637a2b8639 → host:131.196.30.179 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1440a3c9b30a4056:SESSION-1440a3c9b30a4056	SESSION-1440a3c9b30a4056 → pe:tls:SESSION-1440a3c9b30a4056
FLOW_DST_PORTOBS	e:fp:flow:f14115578559:port:tcp:80	flow:f14115578559 → port:tcp:80
FLOW_FROM_HOSTOBS	e:from:SESSION-797ddf76fc257ebf:host:177.10.238.248	SESSION-797ddf76fc257ebf → host:177.10.238.248
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:78.12.248.31:geo_20.58790_-100.38790	host:78.12.248.31 → geo_20.58790_-100.38790
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85172baad8a91878:host:172.234.197.23:host:177.10.232.193	SESSION-85172baad8a91878 → host:172.234.197.23 → host:177.10.232.193
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.230:geo_-23.62930_-46.63510	host:131.196.29.230 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5a1525d7a099ba42:flow:0e7e44787360	SESSION-5a1525d7a099ba42 → flow:0e7e44787360
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-56d3faf83e1ced7d:BSG-DATA_EXFIL-bc54c09ee48f	SESSION-56d3faf83e1ced7d → BSG-DATA_EXFIL-bc54c09ee48f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8cb5baa2c4d67a55:PCAP:capture_20260430150001:ded20914761d	SESSION-8cb5baa2c4d67a55 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-1be36b841cb9bb38:host:131.196.30.169	SESSION-1be36b841cb9bb38 → host:131.196.30.169
FLOW_TO_HOSTOBS	e:to:SESSION-164d60043533ec4c:host:177.10.237.143	SESSION-164d60043533ec4c → host:177.10.237.143
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4020db38e68a457:host:131.196.31.57	SESSION-b4020db38e68a457 → host:131.196.31.57
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7536a33faff5a95d:SESSION-7536a33faff5a95d	SESSION-7536a33faff5a95d → pe:syn:SESSION-7536a33faff5a95d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eec2a7691ff15afc:SESSION-eec2a7691ff15afc	SESSION-eec2a7691ff15afc → pe:syn:SESSION-eec2a7691ff15afc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8663c7c8fd51be8d:flow:32a84ee85b0b	SESSION-8663c7c8fd51be8d → flow:32a84ee85b0b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-912ea161e3e6ffdc:host:131.196.29.158	SESSION-912ea161e3e6ffdc → host:131.196.29.158
FLOW_TO_HOSTOBS	e:to:SESSION-f74caf722af4b362:host:172.234.197.23	SESSION-f74caf722af4b362 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.97:asn:262880	host:177.10.234.97 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b25c94efbacaf7d7:SESSION-b25c94efbacaf7d7	SESSION-b25c94efbacaf7d7 → pe:tls:SESSION-b25c94efbacaf7d7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0f4fd2f0020968b3:SESSION-0f4fd2f0020968b3	SESSION-0f4fd2f0020968b3 → pe:syn:SESSION-0f4fd2f0020968b3
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.254:asn:262880	host:177.10.233.254 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7cc58ab2d16fcbf8:host:172.234.197.23:host:131.196.29.125	SESSION-7cc58ab2d16fcbf8 → host:172.234.197.23 → host:131.196.29.125
FLOW_TO_HOSTOBS	e:to:SESSION-06ad44a538684c23:host:172.234.197.23	SESSION-06ad44a538684c23 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ef18db4a9eedd9d:host:172.234.197.23	SESSION-2ef18db4a9eedd9d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6c92725f4a9fb4a7:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-6c92725f4a9fb4a7 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0125cea84e0c02fd:flow:224adaf0ad90	SESSION-0125cea84e0c02fd → flow:224adaf0ad90
HOST_IN_ASNOBS 85%	e:ha:host:13.208.213.50:asn:16509	host:13.208.213.50 → asn:16509
FLOW_FROM_HOSTOBS	e:from:SESSION-b3fd62b1832b0e41:host:172.234.197.23	SESSION-b3fd62b1832b0e41 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-77abcf8d7f3aee2e:host:177.10.237.16	SESSION-77abcf8d7f3aee2e → host:177.10.237.16
FLOW_FROM_HOSTOBS	e:from:SESSION-a47ed447671c9b0b:host:131.196.31.68	SESSION-a47ed447671c9b0b → host:131.196.31.68
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.29:geo_-21.10010_-41.69200	host:45.173.156.29 → geo_-21.10010_-41.69200
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.187:geo_-23.62930_-46.63510	host:131.196.30.187 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a918f52003c304f:host:185.231.226.253	SESSION-0a918f52003c304f → host:185.231.226.253
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-958fc48089d68c44:flow:c704f1ae0c68	SESSION-958fc48089d68c44 → flow:c704f1ae0c68
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6e8b24d973ac1177:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-6e8b24d973ac1177 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-18178a1924ee92a1:host:177.10.237.237	SESSION-18178a1924ee92a1 → host:177.10.237.237
FLOW_TO_HOSTOBS	e:to:SESSION-cd38adf08b5d5a9e:host:172.234.197.23	SESSION-cd38adf08b5d5a9e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4fb8a50f2916880:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d4fb8a50f2916880 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-b47539014cc5976c:host:172.234.197.23	SESSION-b47539014cc5976c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-537378f36f2f8a26:SESSION-537378f36f2f8a26	SESSION-537378f36f2f8a26 → pe:syn:SESSION-537378f36f2f8a26
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d59ad8978cc7e8b9:flow:11ee47bc8fde	SESSION-d59ad8978cc7e8b9 → flow:11ee47bc8fde
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-80f99961f353c40e:host:172.234.197.23	SESSION-80f99961f353c40e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d42f41260fbe7c09:SESSION-d42f41260fbe7c09	SESSION-d42f41260fbe7c09 → pe:syn:SESSION-d42f41260fbe7c09
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2287ae96f90f1374:host:177.10.234.81	SESSION-2287ae96f90f1374 → host:177.10.234.81
HOST_IN_ASNOBS 85%	e:ha:host:47.129.136.46:asn:16509	host:47.129.136.46 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d00f55e5db951c5:host:131.196.30.43	SESSION-1d00f55e5db951c5 → host:131.196.30.43
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-84a17a716ed94f5c:flow:224dc220eca8	SESSION-84a17a716ed94f5c → flow:224dc220eca8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fd4f176877b3d058:SESSION-fd4f176877b3d058	SESSION-fd4f176877b3d058 → pe:tls:SESSION-fd4f176877b3d058
flow_observed5-aryOBS	e:fo:flow:c75de00edeed	flow:c75de00edeed → host:177.10.236.184 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-276035998be5d0c6:SESSION-276035998be5d0c6	SESSION-276035998be5d0c6 → pe:syn:SESSION-276035998be5d0c6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dca77cba3fb011ca:flow:6d30acc95cd3	SESSION-dca77cba3fb011ca → flow:6d30acc95cd3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-996c7a5f028b9d80:PCAP:capture_20260430110001:43611bdf6759	SESSION-996c7a5f028b9d80 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:01b815de05a8	flow:01b815de05a8 → host:177.10.233.107 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cdfe5014ffcf69db:PCAP:capture_20260430090001:065659c7d314	SESSION-cdfe5014ffcf69db → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d00f55e5db951c5:host:172.234.197.23	SESSION-1d00f55e5db951c5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-314a3839bafadb97:SESSION-314a3839bafadb97	SESSION-314a3839bafadb97 → pe:syn:SESSION-314a3839bafadb97
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e52442a00447444:host:131.196.30.59	SESSION-0e52442a00447444 → host:131.196.30.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20c0393579af9382:host:172.234.197.23	SESSION-20c0393579af9382 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f3b2b5737f36d7ec:PCAP:capture_20260430060001:919b39a74464	SESSION-f3b2b5737f36d7ec → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8cba099c11564e8:host:172.234.197.23	SESSION-f8cba099c11564e8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fb0bca31750919c1:flow:2b22278734db	SESSION-fb0bca31750919c1 → flow:2b22278734db
FLOW_FROM_HOSTOBS	e:from:SESSION-58ff4ad892ea2c04:host:131.196.28.87	SESSION-58ff4ad892ea2c04 → host:131.196.28.87
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8d2a460a472c4c29:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8d2a460a472c4c29 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afd30c72829a35a2:host:131.196.28.157	SESSION-afd30c72829a35a2 → host:131.196.28.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c1a14827dc654457:SESSION-c1a14827dc654457	SESSION-c1a14827dc654457 → pe:syn:SESSION-c1a14827dc654457
FLOW_FROM_HOSTOBS	e:from:SESSION-b55fe86aa2a31ece:host:131.196.29.144	SESSION-b55fe86aa2a31ece → host:131.196.29.144
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c393069a667f4e79:host:172.234.197.23	SESSION-c393069a667f4e79 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fd437604af995a2a:SESSION-fd437604af995a2a	SESSION-fd437604af995a2a → pe:syn:SESSION-fd437604af995a2a
FLOW_TO_HOSTOBS	e:to:SESSION-1d8b07a8bebdede3:host:172.232.0.16	SESSION-1d8b07a8bebdede3 → host:172.232.0.16
FLOW_FROM_HOSTOBS	e:from:SESSION-6ccddbdb53d5af45:host:172.234.197.23	SESSION-6ccddbdb53d5af45 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:654f4f59f24b	flow:654f4f59f24b → host:131.196.29.85 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57039b95174af1c3:host:177.10.236.40	SESSION-57039b95174af1c3 → host:177.10.236.40
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-527acdf0d3ebbbcc:SESSION-527acdf0d3ebbbcc	SESSION-527acdf0d3ebbbcc → pe:tls:SESSION-527acdf0d3ebbbcc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0ca3b8aea25b593:host:172.234.197.23	SESSION-b0ca3b8aea25b593 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3ba165dc958434de:host:54.184.232.115	SESSION-3ba165dc958434de → host:54.184.232.115
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3553d3f3f842e7ac:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3553d3f3f842e7ac → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-11d1e958623763ef:host:177.10.234.46:host:172.234.197.23	SESSION-11d1e958623763ef → host:177.10.234.46 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b4752d4afe8ec71:host:177.10.232.105	SESSION-6b4752d4afe8ec71 → host:177.10.232.105
FLOW_FROM_HOSTOBS	e:from:SESSION-b3948aeec4a52663:host:131.196.31.80	SESSION-b3948aeec4a52663 → host:131.196.31.80
FLOW_FROM_HOSTOBS	e:from:SESSION-c8b38e5755a85588:host:177.10.237.108	SESSION-c8b38e5755a85588 → host:177.10.237.108
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.191:asn:262880	host:177.10.238.191 → asn:262880
flow_observed5-aryOBS	e:fo:flow:1837740c68b6	flow:1837740c68b6 → host:131.196.31.26 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.188:asn:203771	host:45.145.152.188 → asn:203771
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-abaf8d71fe47df1c:flow:f8c2daf7dcef	SESSION-abaf8d71fe47df1c → flow:f8c2daf7dcef
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8977638e8d6c6909:SESSION-8977638e8d6c6909	SESSION-8977638e8d6c6909 → pe:syn:SESSION-8977638e8d6c6909
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f0b2e3019193f1ba:flow:a45d884a7082	SESSION-f0b2e3019193f1ba → flow:a45d884a7082
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3be9919fc6df9ffa:host:45.173.156.248	SESSION-3be9919fc6df9ffa → host:45.173.156.248
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b6806cb851ed3b70:flow:d9eaf86df5ae	SESSION-b6806cb851ed3b70 → flow:d9eaf86df5ae
FLOW_TO_HOSTOBS	e:to:SESSION-b2586028491b4edc:host:177.10.233.195	SESSION-b2586028491b4edc → host:177.10.233.195
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.107:geo_-23.62930_-46.63510	host:131.196.29.107 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:100396c47d7a	flow:100396c47d7a → host:131.196.31.233 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:2f54bb1db205	flow:2f54bb1db205 → host:172.234.197.23 → host:131.196.30.8 → port:tcp:5405
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.192:geo_-16.28860_-49.01640	host:177.10.232.192 → geo_-16.28860_-49.01640
ASN_IN_ORGOBS 80%	e:ao:asn:210558:org:1337 Services GmbH	asn:210558 → org:1337 Services GmbH
FLOW_TO_HOSTOBS	e:to:SESSION-9a7f0a64436ce2ca:host:177.10.236.189	SESSION-9a7f0a64436ce2ca → host:177.10.236.189
FLOW_TO_HOSTOBS	e:to:SESSION-f81fa7919a8c03a8:host:177.10.235.40	SESSION-f81fa7919a8c03a8 → host:177.10.235.40
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.224.74.176:geo_52.51960_13.40690	host:51.224.74.176 → geo_52.51960_13.40690
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9ed3c0cac572dff6:SESSION-9ed3c0cac572dff6	SESSION-9ed3c0cac572dff6 → pe:syn:SESSION-9ed3c0cac572dff6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.38:geo_-23.62930_-46.63510	host:131.196.28.38 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-34c02a09bd1ab4d1:flow:d3bce88fd7b7	SESSION-34c02a09bd1ab4d1 → flow:d3bce88fd7b7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-20c0393579af9382:flow:e5901fc962e8	SESSION-20c0393579af9382 → flow:e5901fc962e8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f9c73da0e6ec113c:host:131.196.28.168:host:172.234.197.23	SESSION-f9c73da0e6ec113c → host:131.196.28.168 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9e87c1bf59f6ff4a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-9e87c1bf59f6ff4a → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b875e262090a3924:host:131.196.28.167	SESSION-b875e262090a3924 → host:131.196.28.167
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-971b25349fba9c5b:flow:05ef58c38b72	SESSION-971b25349fba9c5b → flow:05ef58c38b72
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b63214403b2d20c7:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b63214403b2d20c7 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-4614700214209776:host:172.234.197.23	SESSION-4614700214209776 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ad42e8c66a89ee5:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-8ad42e8c66a89ee5 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e905599dc3c27c65:host:172.234.197.23	SESSION-e905599dc3c27c65 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0119815c01d3319:flow:a6bdf7255a92	SESSION-c0119815c01d3319 → flow:a6bdf7255a92
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a88c1288033e7cc:host:45.173.156.48:host:172.234.197.23	SESSION-0a88c1288033e7cc → host:45.173.156.48 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-359d98e6d1200746:SESSION-359d98e6d1200746	SESSION-359d98e6d1200746 → pe:syn:SESSION-359d98e6d1200746
FLOW_TO_HOSTOBS	e:to:SESSION-b9f10142199cea9c:host:172.234.197.23	SESSION-b9f10142199cea9c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a918f52003c304f:host:172.234.197.23	SESSION-0a918f52003c304f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3f379966fef2	flow:3f379966fef2 → host:131.196.29.196 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-d9260442e0efbdc6:host:177.10.235.211	SESSION-d9260442e0efbdc6 → host:177.10.235.211
FLOW_TO_HOSTOBS	e:to:SESSION-f83bf77e11c8adb3:host:172.234.197.23	SESSION-f83bf77e11c8adb3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-472112a6b5df57cd:host:131.196.29.48:host:172.234.197.23	SESSION-472112a6b5df57cd → host:131.196.29.48 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:266d570cd855:port:tcp:443	flow:266d570cd855 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2927944fbf9fbe3:host:172.234.197.23	SESSION-c2927944fbf9fbe3 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4c6ce7a55e2ab654:host:177.10.236.130	SESSION-4c6ce7a55e2ab654 → host:177.10.236.130
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.250:asn:203771	host:37.221.79.250 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:744777def8bc:port:tcp:443	flow:744777def8bc → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-896e151c898991bb:PCAP:capture_20260430080001:93f47cc296a4	SESSION-896e151c898991bb → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f215cf2f031026d:host:177.10.237.80	SESSION-5f215cf2f031026d → host:177.10.237.80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a2a075c2c818644a:host:131.196.30.84:host:172.234.197.23	SESSION-a2a075c2c818644a → host:131.196.30.84 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7ff40ca0c390500b:PCAP:capture_20260430090001:065659c7d314	SESSION-7ff40ca0c390500b → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65bd30307946d7be:host:177.10.233.13:host:172.234.197.23	SESSION-65bd30307946d7be → host:177.10.233.13 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8ab658d53a1eebd:SESSION-c8ab658d53a1eebd	SESSION-c8ab658d53a1eebd → pe:tls:SESSION-c8ab658d53a1eebd
FLOW_TO_HOSTOBS	e:to:SESSION-31126205fa7b72e3:host:172.234.197.23	SESSION-31126205fa7b72e3 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.83:geo_-23.62930_-46.63510	host:131.196.30.83 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0b0b2d167e93bb2e:host:172.234.197.23:host:131.196.28.80	SESSION-0b0b2d167e93bb2e → host:172.234.197.23 → host:131.196.28.80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac89834f3c269f55:host:177.10.233.163	SESSION-ac89834f3c269f55 → host:177.10.233.163
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2f35e45e57d830f4:SESSION-2f35e45e57d830f4	SESSION-2f35e45e57d830f4 → pe:syn:SESSION-2f35e45e57d830f4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.38:asn:271410	host:131.196.28.38 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f105059d1ed0a542:host:172.234.197.23	SESSION-f105059d1ed0a542 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ea34ef73cf330d2:host:172.234.197.23	SESSION-0ea34ef73cf330d2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-460a4898e7c07917:host:45.173.156.150	SESSION-460a4898e7c07917 → host:45.173.156.150
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4b6b757282734812:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4b6b757282734812 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:bd845b73dcef:port:tcp:443	flow:bd845b73dcef → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-0b8fd41df39b968c:host:45.173.156.158	SESSION-0b8fd41df39b968c → host:45.173.156.158
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5a3cad014cd3066:host:177.10.233.185	SESSION-b5a3cad014cd3066 → host:177.10.233.185
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.168:asn:262880	host:177.10.235.168 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-08df11bd27017e71:host:172.232.0.17	SESSION-08df11bd27017e71 → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-02836b6eb824cc45:SESSION-02836b6eb824cc45	SESSION-02836b6eb824cc45 → pe:syn:SESSION-02836b6eb824cc45
FLOW_DST_PORTOBS	e:fp:flow:309a8c27afa8:port:tcp:443	flow:309a8c27afa8 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-f3651e68c2556a1c:host:177.10.239.235	SESSION-f3651e68c2556a1c → host:177.10.239.235
flow_observed4-aryOBS	e:fo:flow:d3ddefa260d1	flow:d3ddefa260d1 → host:172.234.197.23 → host:177.10.234.0 → port:tcp:18723
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46290f7655d18c8b:host:172.234.197.23	SESSION-46290f7655d18c8b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fc0d354223e065ab:host:172.234.197.23:host:59.24.133.197	SESSION-fc0d354223e065ab → host:172.234.197.23 → host:59.24.133.197
FLOW_TO_HOSTOBS	e:to:SESSION-b66b69fe93183378:host:45.173.156.51	SESSION-b66b69fe93183378 → host:45.173.156.51
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b9d11ee49864a2bc:host:177.10.234.224:host:172.234.197.23	SESSION-b9d11ee49864a2bc → host:177.10.234.224 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66fe61e0e919e0c7:host:172.234.197.23	SESSION-66fe61e0e919e0c7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9962740ce107c36d:host:131.196.29.48	SESSION-9962740ce107c36d → host:131.196.29.48
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-38a436ec3884f938:SESSION-38a436ec3884f938	SESSION-38a436ec3884f938 → pe:syn:SESSION-38a436ec3884f938
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24ee1f6ef023209d:host:177.10.234.22	SESSION-24ee1f6ef023209d → host:177.10.234.22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f2f5812045d2e3b:host:177.10.233.216	SESSION-6f2f5812045d2e3b → host:177.10.233.216
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-017fcd2c03e3a5c1:SESSION-017fcd2c03e3a5c1	SESSION-017fcd2c03e3a5c1 → pe:tls:SESSION-017fcd2c03e3a5c1
FLOW_FROM_HOSTOBS	e:from:SESSION-873a01bbf1ba0d09:host:95.135.228.95	SESSION-873a01bbf1ba0d09 → host:95.135.228.95
FLOW_DST_PORTOBS	e:fp:flow:b4c30fbfab23:port:tcp:443	flow:b4c30fbfab23 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-08463d47d249df1d:flow:06e8ffaae8d9	SESSION-08463d47d249df1d → flow:06e8ffaae8d9
FLOW_TO_HOSTOBS	e:to:SESSION-1228b317d5ce27b4:host:172.234.197.23	SESSION-1228b317d5ce27b4 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-659e9e20b25ca2e2:PCAP:capture_20260430080001:93f47cc296a4	SESSION-659e9e20b25ca2e2 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aaa8cebb6aaa8760:host:177.10.237.27	SESSION-aaa8cebb6aaa8760 → host:177.10.237.27
flow_observed4-aryOBS	e:fo:flow:4095d9e6e8e6	flow:4095d9e6e8e6 → host:172.234.197.23 → host:177.10.239.25 → port:tcp:95
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6e612a684f25ac0f:PCAP:capture_20260430090001:065659c7d314	SESSION-6e612a684f25ac0f → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-e8f7d68f255e7d9c:host:177.10.239.106	SESSION-e8f7d68f255e7d9c → host:177.10.239.106
FLOW_DST_PORTOBS	e:fp:flow:cf6d8e640456:port:tcp:52480	flow:cf6d8e640456 → port:tcp:52480
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a904c233015ef9c:PCAP:capture_20260430060001:919b39a74464	SESSION-4a904c233015ef9c → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.150:asn:271410	host:131.196.30.150 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc77084e1c24867c:host:172.234.197.23	SESSION-cc77084e1c24867c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef46e42b79ae57cb:host:172.234.197.23	SESSION-ef46e42b79ae57cb → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ea7d08352653c32:host:131.196.29.215:host:172.234.197.23	SESSION-2ea7d08352653c32 → host:131.196.29.215 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bbbdb4b028c8:port:tcp:56056	flow:bbbdb4b028c8 → port:tcp:56056
flow_observed4-aryOBS	e:fo:flow:a252eb165cd5	flow:a252eb165cd5 → host:172.234.197.23 → host:177.10.239.192 → port:tcp:44639
FLOW_DST_PORTOBS	e:fp:flow:064e5a3fddb4:port:tcp:443	flow:064e5a3fddb4 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58209016b963372b:host:131.196.31.129	SESSION-58209016b963372b → host:131.196.31.129
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.245:geo_-16.28860_-49.01640	host:177.10.236.245 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11ee8787e5fc7b06:host:172.234.197.23	SESSION-11ee8787e5fc7b06 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f79e79f663ba44d9:flow:622120e32052	SESSION-f79e79f663ba44d9 → flow:622120e32052
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2d226dc6e18df532:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2d226dc6e18df532 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9a4b68b400a3161c:SESSION-9a4b68b400a3161c	SESSION-9a4b68b400a3161c → pe:tls:SESSION-9a4b68b400a3161c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fd6ef4118ff649ff:SESSION-fd6ef4118ff649ff	SESSION-fd6ef4118ff649ff → pe:syn:SESSION-fd6ef4118ff649ff
FLOW_TO_HOSTOBS	e:to:SESSION-d30bf1800064cde2:host:177.10.234.176	SESSION-d30bf1800064cde2 → host:177.10.234.176
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.200:asn:203771	host:95.170.25.200 → asn:203771
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-61267dc46edf9a47:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-61267dc46edf9a47 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:eeb87832b420	flow:eeb87832b420 → host:177.10.237.10 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:51c50c31258a	flow:51c50c31258a → host:177.10.234.239 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7c6580975a2d7416:PCAP:capture_20260430110001:43611bdf6759	SESSION-7c6580975a2d7416 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:3e63df49f560:port:tcp:443	flow:3e63df49f560 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6d4e81930fa292a8:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6d4e81930fa292a8 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:938135b0a0a2	flow:938135b0a0a2 → host:131.196.28.234 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35fc058c4fe240ad:host:172.234.197.23	SESSION-35fc058c4fe240ad → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1648e82053b1	flow:1648e82053b1 → host:177.10.237.243 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc77084e1c24867c:flow:6774651fbdd3	SESSION-cc77084e1c24867c → flow:6774651fbdd3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d8d921ace7c85ce9:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d8d921ace7c85ce9 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c16307b11a026263:host:172.234.197.23	SESSION-c16307b11a026263 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bef16d9c79cba2c2:host:172.234.197.23	SESSION-bef16d9c79cba2c2 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:c937676c594a	flow:c937676c594a → host:172.234.197.23 → host:177.10.237.28 → port:tcp:42725
ASN_IN_ORGOBS 80%	e:ao:asn:47890:org:Unmanaged Ltd	asn:47890 → org:Unmanaged Ltd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-204050056bc27f05:PCAP:capture_20260430090001:065659c7d314	SESSION-204050056bc27f05 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-29f6930bb002305c:SESSION-29f6930bb002305c	SESSION-29f6930bb002305c → pe:syn:SESSION-29f6930bb002305c
FLOW_DST_PORTOBS	e:fp:flow:118567956373:port:tcp:11778	flow:118567956373 → port:tcp:11778
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9eb3af12cfff0086:SESSION-9eb3af12cfff0086	SESSION-9eb3af12cfff0086 → pe:tls:SESSION-9eb3af12cfff0086
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-597a035229423245:host:172.234.197.23	SESSION-597a035229423245 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0ba942f2694f4960:flow:97e0a8deaaff	SESSION-0ba942f2694f4960 → flow:97e0a8deaaff
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1c5519b0e5712e1e:SESSION-1c5519b0e5712e1e	SESSION-1c5519b0e5712e1e → pe:tls:SESSION-1c5519b0e5712e1e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.166:geo_-23.62930_-46.63510	host:131.196.31.166 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a3bc2c7dd7e8bd1:host:172.234.197.23	SESSION-8a3bc2c7dd7e8bd1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:af2b39367810	flow:af2b39367810 → host:131.196.30.220 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3fc91fd95f4bed82:flow:2022b021ddcf	SESSION-3fc91fd95f4bed82 → flow:2022b021ddcf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-befc987f4c77d80c:host:103.230.240.59	SESSION-befc987f4c77d80c → host:103.230.240.59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-74adb0edbcc9dd0a:SESSION-74adb0edbcc9dd0a	SESSION-74adb0edbcc9dd0a → pe:tls:SESSION-74adb0edbcc9dd0a
FLOW_DST_PORTOBS	e:fp:flow:8722ec6291f0:port:tcp:443	flow:8722ec6291f0 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-970263f3772afe71:host:45.173.156.38	SESSION-970263f3772afe71 → host:45.173.156.38
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b5b84f652a18f91:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5b5b84f652a18f91 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-c84f2bc6bdec600e:host:131.196.28.80	SESSION-c84f2bc6bdec600e → host:131.196.28.80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-19009ef53e5ab2ef:flow:121dc1e70533	SESSION-19009ef53e5ab2ef → flow:121dc1e70533
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36e366306285e270:host:177.10.235.114	SESSION-36e366306285e270 → host:177.10.235.114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-94f070a5530c9e09:SESSION-94f070a5530c9e09	SESSION-94f070a5530c9e09 → pe:syn:SESSION-94f070a5530c9e09
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41c82fa43395463b:host:45.173.156.120	SESSION-41c82fa43395463b → host:45.173.156.120
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.100:geo_-16.28860_-49.01640	host:177.10.234.100 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e323950505f0871:host:172.234.197.23	SESSION-0e323950505f0871 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5e0d4c52be74	flow:5e0d4c52be74 → host:131.196.28.143 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-34b8eff946ae371a:host:172.234.197.23	SESSION-34b8eff946ae371a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f852deb0b74344a0:host:177.10.236.134	SESSION-f852deb0b74344a0 → host:177.10.236.134
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea53a00807c951b5:host:172.232.0.17	SESSION-ea53a00807c951b5 → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-3645126144628c28:host:45.173.156.32	SESSION-3645126144628c28 → host:45.173.156.32
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.72:asn:262880	host:177.10.237.72 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3b520e491b5957c0:host:131.196.28.72	SESSION-3b520e491b5957c0 → host:131.196.28.72
flow_observed5-aryOBS	e:fo:flow:34f10ddde6b1	flow:34f10ddde6b1 → host:177.10.236.154 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e3089f893be8ea87:PCAP:capture_20260430150001:ded20914761d	SESSION-e3089f893be8ea87 → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.141:asn:271410	host:131.196.29.141 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e63705938a499015:SESSION-e63705938a499015	SESSION-e63705938a499015 → pe:tls:SESSION-e63705938a499015
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1933fbedf850967f:SESSION-1933fbedf850967f	SESSION-1933fbedf850967f → pe:syn:SESSION-1933fbedf850967f
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.213:asn:271410	host:131.196.30.213 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-baf4494100018e3a:host:131.196.30.8	SESSION-baf4494100018e3a → host:131.196.30.8
FLOW_DST_PORTOBS	e:fp:flow:a0c1b75ee432:port:tcp:54539	flow:a0c1b75ee432 → port:tcp:54539
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-12096b18b6e78b60:flow:bb9a57566950	SESSION-12096b18b6e78b60 → flow:bb9a57566950
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-af4f3fe4058b61ab:SESSION-af4f3fe4058b61ab	SESSION-af4f3fe4058b61ab → pe:syn:SESSION-af4f3fe4058b61ab
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-e2eb0c2c4028db16:SESSION-e2eb0c2c4028db16	SESSION-e2eb0c2c4028db16 → pe:rst:SESSION-e2eb0c2c4028db16
FLOW_DST_PORTOBS	e:fp:flow:430c72f6e0da:port:tcp:42888	flow:430c72f6e0da → port:tcp:42888
FLOW_DST_PORTOBS	e:fp:flow:aa1d9d5e2b97:port:tcp:16540	flow:aa1d9d5e2b97 → port:tcp:16540
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2edb1208bb0bd400:SESSION-2edb1208bb0bd400	SESSION-2edb1208bb0bd400 → pe:syn:SESSION-2edb1208bb0bd400
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-80f68e8f687f2dc5:SESSION-80f68e8f687f2dc5	SESSION-80f68e8f687f2dc5 → pe:tls:SESSION-80f68e8f687f2dc5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1f0a0478f83cd119:host:31.40.196.97:host:172.234.197.23	SESSION-1f0a0478f83cd119 → host:31.40.196.97 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.226:geo_-16.28860_-49.01640	host:177.10.237.226 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2b7cd4519c0a4eb9:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2b7cd4519c0a4eb9 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8417ba17d1562cbc:SESSION-8417ba17d1562cbc	SESSION-8417ba17d1562cbc → pe:tls:SESSION-8417ba17d1562cbc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-72cd504b232e316e:SESSION-72cd504b232e316e	SESSION-72cd504b232e316e → pe:syn:SESSION-72cd504b232e316e
FLOW_DST_PORTOBS	e:fp:flow:e611585b6a4a:port:tcp:443	flow:e611585b6a4a → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.66:asn:262880	host:177.10.233.66 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.19:geo_19.07480_72.88560	host:45.145.152.19 → geo_19.07480_72.88560
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fd2d57a3e3d90491:host:177.10.234.221:host:172.234.197.23	SESSION-fd2d57a3e3d90491 → host:177.10.234.221 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d5a74cc524a51e3d:host:131.196.30.141:host:172.234.197.23	SESSION-d5a74cc524a51e3d → host:131.196.30.141 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.116:asn:262880	host:177.10.236.116 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-265a2f0fa666e936:SESSION-265a2f0fa666e936	SESSION-265a2f0fa666e936 → pe:syn:SESSION-265a2f0fa666e936
FLOW_QUERIED_DNSOBS	e:fd:flow:62b791bbed2d:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:62b791bbed2d → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0ffcc2d542e7be59:PCAP:capture_20260430060001:919b39a74464	SESSION-0ffcc2d542e7be59 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4b062ac7956d3a5:host:172.234.197.23	SESSION-a4b062ac7956d3a5 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3d7f5e615b32	flow:3d7f5e615b32 → host:177.10.233.13 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.222:asn:271410	host:131.196.31.222 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8d11cc9a154a777c:flow:6a96e5f8b346	SESSION-8d11cc9a154a777c → flow:6a96e5f8b346
FLOW_TO_HOSTOBS	e:to:SESSION-d37583bcd3c19c57:host:172.234.197.23	SESSION-d37583bcd3c19c57 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-316a629875744009:host:177.10.236.46:host:172.234.197.23	SESSION-316a629875744009 → host:177.10.236.46 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.109:asn:203771	host:92.112.71.109 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cf07a99306d1414b:SESSION-cf07a99306d1414b	SESSION-cf07a99306d1414b → pe:tls:SESSION-cf07a99306d1414b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b51b74891d2de4c5:SESSION-b51b74891d2de4c5	SESSION-b51b74891d2de4c5 → pe:tls:SESSION-b51b74891d2de4c5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-06c7d2e525939bdd:host:177.10.239.205:host:172.234.197.23	SESSION-06c7d2e525939bdd → host:177.10.239.205 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0fa0595b0c8a6ef6:host:177.10.232.22	SESSION-0fa0595b0c8a6ef6 → host:177.10.232.22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a9042bd9c6a81d17:SESSION-a9042bd9c6a81d17	SESSION-a9042bd9c6a81d17 → pe:syn:SESSION-a9042bd9c6a81d17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-56e8cb1a5e296d06:SESSION-56e8cb1a5e296d06	SESSION-56e8cb1a5e296d06 → pe:tls:SESSION-56e8cb1a5e296d06
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-292edad33ae38c98:host:131.196.30.60	SESSION-292edad33ae38c98 → host:131.196.30.60
FLOW_FROM_HOSTOBS	e:from:SESSION-9726c360f8e7f49c:host:177.10.236.102	SESSION-9726c360f8e7f49c → host:177.10.236.102
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ee2f1f025d37aa07:host:177.10.238.97:host:172.234.197.23	SESSION-ee2f1f025d37aa07 → host:177.10.238.97 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ca59b4a9ab5138ce:host:177.10.238.10:host:172.234.197.23	SESSION-ca59b4a9ab5138ce → host:177.10.238.10 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cfdf430166eb3e5d:host:131.196.31.40	SESSION-cfdf430166eb3e5d → host:131.196.31.40
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e52ff6e3dab6ecf9:host:177.10.238.83	SESSION-e52ff6e3dab6ecf9 → host:177.10.238.83
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-09e72a02b44d9649:PCAP:capture_20260430090001:065659c7d314	SESSION-09e72a02b44d9649 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f9ee22ced6a72efa:SESSION-f9ee22ced6a72efa	SESSION-f9ee22ced6a72efa → pe:tls:SESSION-f9ee22ced6a72efa
FLOW_TO_HOSTOBS	e:to:SESSION-8314ac7032421127:host:172.234.197.23	SESSION-8314ac7032421127 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d3825fb81dc5	flow:d3825fb81dc5 → host:177.10.239.84 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-6d547ed30afcbb9f:host:131.196.30.233	SESSION-6d547ed30afcbb9f → host:131.196.30.233
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c3b504551617ec2c:host:131.196.31.188:host:172.234.197.23	SESSION-c3b504551617ec2c → host:131.196.31.188 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a3123a8609bb9fc1:host:172.234.197.23	SESSION-a3123a8609bb9fc1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-971b25349fba9c5b:SESSION-971b25349fba9c5b	SESSION-971b25349fba9c5b → pe:syn:SESSION-971b25349fba9c5b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e3764b25412d87e:host:177.10.236.1	SESSION-2e3764b25412d87e → host:177.10.236.1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e48a8daff67bbc71:SESSION-e48a8daff67bbc71	SESSION-e48a8daff67bbc71 → pe:syn:SESSION-e48a8daff67bbc71
FLOW_DST_PORTOBS	e:fp:flow:f61fd76e10dc:port:tcp:21796	flow:f61fd76e10dc → port:tcp:21796
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57e647fa0cdcfe5a:host:177.10.239.87	SESSION-57e647fa0cdcfe5a → host:177.10.239.87
FLOW_DST_PORTOBS	e:fp:flow:f8b646b92b02:port:tcp:443	flow:f8b646b92b02 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-774b2bcff77bd614:host:172.234.197.23:host:177.10.238.235	SESSION-774b2bcff77bd614 → host:172.234.197.23 → host:177.10.238.235
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2d226dc6e18df532:SESSION-2d226dc6e18df532	SESSION-2d226dc6e18df532 → pe:tls:SESSION-2d226dc6e18df532
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5c60d99c484411b4:host:177.10.236.92:host:172.234.197.23	SESSION-5c60d99c484411b4 → host:177.10.236.92 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a5292197f57e4263:SESSION-a5292197f57e4263	SESSION-a5292197f57e4263 → pe:tls:SESSION-a5292197f57e4263
flow_observed5-aryOBS	e:fo:flow:a7f663752ab6	flow:a7f663752ab6 → host:177.10.235.218 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77d6ed106817bb5a:SESSION-77d6ed106817bb5a	SESSION-77d6ed106817bb5a → pe:syn:SESSION-77d6ed106817bb5a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3553d3f3f842e7ac:SESSION-3553d3f3f842e7ac	SESSION-3553d3f3f842e7ac → pe:syn:SESSION-3553d3f3f842e7ac
FLOW_DST_PORTOBS	e:fp:flow:4e6607c4638e:port:tcp:443	flow:4e6607c4638e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d30c685e20a11d4e:SESSION-d30c685e20a11d4e	SESSION-d30c685e20a11d4e → pe:syn:SESSION-d30c685e20a11d4e
FLOW_TO_HOSTOBS	e:to:SESSION-022fbc52c5dbb7ff:host:172.234.197.23	SESSION-022fbc52c5dbb7ff → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7828bb27afafcc71:host:172.234.197.23	SESSION-7828bb27afafcc71 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-31e4a260829c636e:host:177.10.238.29	SESSION-31e4a260829c636e → host:177.10.238.29
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.125:asn:262880	host:177.10.238.125 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf00afe8057eb986:SESSION-bf00afe8057eb986	SESSION-bf00afe8057eb986 → pe:syn:SESSION-bf00afe8057eb986
FLOW_TO_HOSTOBS	e:to:SESSION-f5347add21fd9245:host:172.234.197.23	SESSION-f5347add21fd9245 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8f16f611b98ecbfd:SESSION-8f16f611b98ecbfd	SESSION-8f16f611b98ecbfd → pe:tls:SESSION-8f16f611b98ecbfd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-84a17a716ed94f5c:host:131.196.28.162:host:172.234.197.23	SESSION-84a17a716ed94f5c → host:131.196.28.162 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-46f163e73b58987c:host:177.10.239.136	SESSION-46f163e73b58987c → host:177.10.239.136
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9ed5696d63c7b154:PCAP:capture_20260430150001:ded20914761d	SESSION-9ed5696d63c7b154 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-51603301232db2ce:SESSION-51603301232db2ce	SESSION-51603301232db2ce → pe:tls:SESSION-51603301232db2ce
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1cb1824ec0ef0f8a:host:172.234.197.23	SESSION-1cb1824ec0ef0f8a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-205f350cdfc6cb9d:host:172.234.197.23	SESSION-205f350cdfc6cb9d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-779dfe498151f730:host:172.234.197.23:host:177.10.233.211	SESSION-779dfe498151f730 → host:172.234.197.23 → host:177.10.233.211
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.230:geo_-23.62930_-46.63510	host:131.196.30.230 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f6588417d002f2ed:host:172.234.197.23	SESSION-f6588417d002f2ed → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c98ee522a60a5600:host:177.10.236.6:host:172.234.197.23	SESSION-c98ee522a60a5600 → host:177.10.236.6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c828adcf318b7963:host:185.231.226.138	SESSION-c828adcf318b7963 → host:185.231.226.138
flow_observed3-aryOBS	e:fo:flow:701784ac65ea	flow:701784ac65ea → host:13.208.161.175 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-45f8302f1d804897:flow:69309691d7b0	SESSION-45f8302f1d804897 → flow:69309691d7b0
flow_observed4-aryOBS	e:fo:flow:8ac84bfcb797	flow:8ac84bfcb797 → host:172.234.197.23 → host:131.196.31.142 → port:tcp:49033
FLOW_TO_HOSTOBS	e:to:SESSION-f9ddceec57447449:host:172.234.197.23	SESSION-f9ddceec57447449 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6585a8f099e9e465:host:172.234.197.23	SESSION-6585a8f099e9e465 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-205f350cdfc6cb9d:flow:bdb442638fa0	SESSION-205f350cdfc6cb9d → flow:bdb442638fa0
FLOW_TO_HOSTOBS	e:to:SESSION-9be6dcd7d7b7ac03:host:172.234.197.23	SESSION-9be6dcd7d7b7ac03 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.35:asn:262880	host:177.10.237.35 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5bab109b42e3a8d7:SESSION-5bab109b42e3a8d7	SESSION-5bab109b42e3a8d7 → pe:tls:SESSION-5bab109b42e3a8d7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc57d45d1a1b2f7b:host:172.234.197.23	SESSION-bc57d45d1a1b2f7b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ac3ac59e74f457a2:host:172.234.197.23	SESSION-ac3ac59e74f457a2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-873a01bbf1ba0d09:host:172.234.197.23	SESSION-873a01bbf1ba0d09 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-db9e8149201eae0f:host:172.234.197.23	SESSION-db9e8149201eae0f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a65c242582e5e81:host:172.234.197.23	SESSION-7a65c242582e5e81 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67a9355576766cfe:host:131.196.30.253	SESSION-67a9355576766cfe → host:131.196.30.253
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79349287be3864ac:host:172.234.197.23	SESSION-79349287be3864ac → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.103:geo_-16.28860_-49.01640	host:177.10.238.103 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6f2f5812045d2e3b:host:177.10.233.216:host:172.234.197.23	SESSION-6f2f5812045d2e3b → host:177.10.233.216 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2d9131452e31:port:tcp:443	flow:2d9131452e31 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ac55ff303c5de83:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1ac55ff303c5de83 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db8bd5551afdaf6c:host:177.10.233.93	SESSION-db8bd5551afdaf6c → host:177.10.233.93
FLOW_FROM_HOSTOBS	e:from:SESSION-2646f5b9f41a01d2:host:172.234.197.23	SESSION-2646f5b9f41a01d2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:cb4be7a193fc:port:tcp:443	flow:cb4be7a193fc → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:e53d7ed83f31	flow:e53d7ed83f31 → host:172.234.197.23 → host:131.196.30.129 → port:tcp:8751
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b6dd65fa073f3265:host:185.231.226.194:host:172.234.197.23	SESSION-b6dd65fa073f3265 → host:185.231.226.194 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dbacd0066146a93a:SESSION-dbacd0066146a93a	SESSION-dbacd0066146a93a → pe:syn:SESSION-dbacd0066146a93a
flow_observed5-aryOBS	e:fo:flow:4dc412940a0d	flow:4dc412940a0d → host:177.10.236.101 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc0003e096ddb203:flow:dc93c0b0eb29	SESSION-cc0003e096ddb203 → flow:dc93c0b0eb29
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d11c29aca82696f2:SESSION-d11c29aca82696f2	SESSION-d11c29aca82696f2 → pe:syn:SESSION-d11c29aca82696f2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5f56081dde23b5ed:flow:550413e8132d	SESSION-5f56081dde23b5ed → flow:550413e8132d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dbe0692b3b05f921:SESSION-dbe0692b3b05f921	SESSION-dbe0692b3b05f921 → pe:syn:SESSION-dbe0692b3b05f921
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca55f398b8ed07e1:host:172.234.197.23	SESSION-ca55f398b8ed07e1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-eaf5b03036efa5c6:host:172.234.197.23	SESSION-eaf5b03036efa5c6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f0699d4f0c2d48e:host:172.234.197.23	SESSION-9f0699d4f0c2d48e → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-2e615d118f3247e2:BSG-BEACON-88937f81db51	SESSION-2e615d118f3247e2 → BSG-BEACON-88937f81db51
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.189:geo_-16.28860_-49.01640	host:177.10.234.189 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-df6efecba493c79c:host:177.10.237.38:host:172.234.197.23	SESSION-df6efecba493c79c → host:177.10.237.38 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-59d92efe40de2f35:host:177.10.236.124	SESSION-59d92efe40de2f35 → host:177.10.236.124
FLOW_FROM_HOSTOBS	e:from:SESSION-7f350449fc7d11b3:host:172.234.197.23	SESSION-7f350449fc7d11b3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf7044e44d29be7c:host:172.234.197.23	SESSION-cf7044e44d29be7c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-61838f073a9a90b1:host:177.10.236.62:host:172.234.197.23	SESSION-61838f073a9a90b1 → host:177.10.236.62 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c56dcfb05d3a50ba:host:177.10.238.146	SESSION-c56dcfb05d3a50ba → host:177.10.238.146
FLOW_DST_PORTOBS	e:fp:flow:26daf91e1f0d:port:tcp:443	flow:26daf91e1f0d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b135329a33dc60c2:host:131.196.31.40	SESSION-b135329a33dc60c2 → host:131.196.31.40
FLOW_FROM_HOSTOBS	e:from:SESSION-12096b18b6e78b60:host:185.236.240.137	SESSION-12096b18b6e78b60 → host:185.236.240.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-113354c1b6207940:SESSION-113354c1b6207940	SESSION-113354c1b6207940 → pe:tls:SESSION-113354c1b6207940
FLOW_TO_HOSTOBS	e:to:SESSION-ed37df036f91c955:host:131.196.31.174	SESSION-ed37df036f91c955 → host:131.196.31.174
FLOW_TO_HOSTOBS	e:to:SESSION-f51f16a6829ff61b:host:172.234.197.23	SESSION-f51f16a6829ff61b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.104:geo_-16.28860_-49.01640	host:177.10.236.104 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8de302c0e306721c:SESSION-8de302c0e306721c	SESSION-8de302c0e306721c → pe:syn:SESSION-8de302c0e306721c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72411a82d36d6add:host:177.10.237.107	SESSION-72411a82d36d6add → host:177.10.237.107
FLOW_TO_HOSTOBS	e:to:SESSION-9466cbe9e9dd26aa:host:177.10.233.32	SESSION-9466cbe9e9dd26aa → host:177.10.233.32
FLOW_FROM_HOSTOBS	e:from:SESSION-a8ab97210507c98d:host:172.234.197.23	SESSION-a8ab97210507c98d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-df1edf3c82c78294:host:177.10.234.236:host:172.234.197.23	SESSION-df1edf3c82c78294 → host:177.10.234.236 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e8b71ac0dda5d9d9:host:172.234.197.23	SESSION-e8b71ac0dda5d9d9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-92cb25b3a2aea70a:SESSION-92cb25b3a2aea70a	SESSION-92cb25b3a2aea70a → pe:syn:SESSION-92cb25b3a2aea70a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d18ddb12cf5478af:SESSION-d18ddb12cf5478af	SESSION-d18ddb12cf5478af → pe:tls:SESSION-d18ddb12cf5478af
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e8070c9158a1a853:SESSION-e8070c9158a1a853	SESSION-e8070c9158a1a853 → pe:tls:SESSION-e8070c9158a1a853
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e4bb5568f0e725a3:SESSION-e4bb5568f0e725a3	SESSION-e4bb5568f0e725a3 → pe:tls:SESSION-e4bb5568f0e725a3
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-9d9ed6ae798457b7:BSG-BEACON-137dcd60b691	SESSION-9d9ed6ae798457b7 → BSG-BEACON-137dcd60b691
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9c0ba3366d883914:SESSION-9c0ba3366d883914	SESSION-9c0ba3366d883914 → pe:tls:SESSION-9c0ba3366d883914
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4cf4d7f5409c1837:host:172.234.197.23	SESSION-4cf4d7f5409c1837 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ce217831fb6e1103:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ce217831fb6e1103 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8d52381659b8aa3f:SESSION-8d52381659b8aa3f	SESSION-8d52381659b8aa3f → pe:syn:SESSION-8d52381659b8aa3f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d274b6d174d04d01:host:131.196.31.100	SESSION-d274b6d174d04d01 → host:131.196.31.100
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d0d83e3d3d1fc018:host:172.234.197.23:host:131.196.30.158	SESSION-d0d83e3d3d1fc018 → host:172.234.197.23 → host:131.196.30.158
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1620c835b56464d4:host:172.234.197.23	SESSION-1620c835b56464d4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-801ebd343e287ece:host:177.10.237.6	SESSION-801ebd343e287ece → host:177.10.237.6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.203:geo_-23.62930_-46.63510	host:131.196.31.203 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ab61e60544120f5:host:177.10.236.45:host:172.234.197.23	SESSION-8ab61e60544120f5 → host:177.10.236.45 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:19b5b49ec869:port:tcp:80	flow:19b5b49ec869 → port:tcp:80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85a5e7fc435163e0:flow:2dd366d504c3	SESSION-85a5e7fc435163e0 → flow:2dd366d504c3
FLOW_FROM_HOSTOBS	e:from:SESSION-76cae08532c4b8eb:host:177.10.238.71	SESSION-76cae08532c4b8eb → host:177.10.238.71
flow_observed5-aryOBS	e:fo:flow:bdd75a10e1d0	flow:bdd75a10e1d0 → host:177.10.239.25 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6fdc52c769919c0f:PCAP:capture_20260430050001:8868731bf8a4	SESSION-6fdc52c769919c0f → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.139:geo_-16.28860_-49.01640	host:177.10.236.139 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-17000fdd70ecbf97:host:131.196.31.98	SESSION-17000fdd70ecbf97 → host:131.196.31.98
FLOW_FROM_HOSTOBS	e:from:SESSION-3f25ebe7728e5694:host:172.234.197.23	SESSION-3f25ebe7728e5694 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d501ba0fe92f	flow:d501ba0fe92f → host:172.234.197.23 → host:177.10.233.182 → port:tcp:47084
flow_observed5-aryOBS	e:fo:flow:cf7618617ae6	flow:cf7618617ae6 → host:131.196.29.48 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-74f0d8e902dc1bc9:host:177.10.239.146	SESSION-74f0d8e902dc1bc9 → host:177.10.239.146
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-24ee1f6ef023209d:flow:d36181c32e79	SESSION-24ee1f6ef023209d → flow:d36181c32e79
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-56e56d8157575627:flow:8dbba576826a	SESSION-56e56d8157575627 → flow:8dbba576826a
FLOW_TO_HOSTOBS	e:to:SESSION-ac14845b1a23366d:host:172.234.197.23	SESSION-ac14845b1a23366d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ea5a5c8bbfcfd548:host:131.196.29.229	SESSION-ea5a5c8bbfcfd548 → host:131.196.29.229
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d60f9952407f0d18:SESSION-d60f9952407f0d18	SESSION-d60f9952407f0d18 → pe:syn:SESSION-d60f9952407f0d18
FLOW_TO_HOSTOBS	e:to:SESSION-9e2a4babdc2dc965:host:172.234.197.23	SESSION-9e2a4babdc2dc965 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7c9cadb68fe1ad17:host:131.196.31.100:host:172.234.197.23	SESSION-7c9cadb68fe1ad17 → host:131.196.31.100 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b8a5b7dbb39a	flow:b8a5b7dbb39a → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_FROM_HOSTOBS	e:from:SESSION-3c3e0ded89b78d8d:host:177.10.234.203	SESSION-3c3e0ded89b78d8d → host:177.10.234.203
FLOW_TO_HOSTOBS	e:to:SESSION-7034c460bd0f5720:host:172.234.197.23	SESSION-7034c460bd0f5720 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-884df81342ed3b04:SESSION-884df81342ed3b04	SESSION-884df81342ed3b04 → pe:syn:SESSION-884df81342ed3b04
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a20ec48656879fce:host:172.234.197.23	SESSION-a20ec48656879fce → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:092300811091:dns:172-234-197-23.ip.linodeusercontent.com	flow:092300811091 → dns:172-234-197-23.ip.linodeusercontent.com
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.232:geo_-21.10010_-41.69200	host:45.173.156.232 → geo_-21.10010_-41.69200
flow_observed4-aryOBS	e:fo:flow:8ad9cc7c0c57	flow:8ad9cc7c0c57 → host:172.234.197.23 → host:177.10.238.145 → port:tcp:58611
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-55aa5069b830c261:PCAP:capture_20260430150001:ded20914761d	SESSION-55aa5069b830c261 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-04737cadee3282a6:host:131.196.31.60	SESSION-04737cadee3282a6 → host:131.196.31.60
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ca10b4490797e89:PCAP:capture_20260430060001:919b39a74464	SESSION-8ca10b4490797e89 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:5ff22c5fc613:port:tcp:443	flow:5ff22c5fc613 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e6f3d2670453324e:SESSION-e6f3d2670453324e	SESSION-e6f3d2670453324e → pe:syn:SESSION-e6f3d2670453324e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf34c898669d01e7:PCAP:capture_20260430160001:9bfa4498506a	SESSION-bf34c898669d01e7 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4754bc389b07ad3e:PCAP:capture_20260430150001:ded20914761d	SESSION-4754bc389b07ad3e → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-81ef982aa5449fd9:host:172.234.197.23	SESSION-81ef982aa5449fd9 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f19cc3e0ef766dd7:host:177.10.237.73	SESSION-f19cc3e0ef766dd7 → host:177.10.237.73
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.206:geo_-16.28860_-49.01640	host:177.10.236.206 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-25a3718851106c53:host:131.196.29.126	SESSION-25a3718851106c53 → host:131.196.29.126
FLOW_DST_PORTOBS	e:fp:flow:1652bba9052d:port:tcp:443	flow:1652bba9052d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f971b95dedbfd9a:host:131.196.30.213	SESSION-7f971b95dedbfd9a → host:131.196.30.213
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b304bd763b72b95f:host:37.221.79.239:host:172.234.197.23	SESSION-b304bd763b72b95f → host:37.221.79.239 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f9ddceec57447449:SESSION-f9ddceec57447449	SESSION-f9ddceec57447449 → pe:syn:SESSION-f9ddceec57447449
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e52442a00447444:host:172.234.197.23	SESSION-0e52442a00447444 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2b54b11bede7a4d5:host:177.10.237.99:host:172.234.197.23	SESSION-2b54b11bede7a4d5 → host:177.10.237.99 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fac4a2f466e4583d:host:172.234.197.23	SESSION-fac4a2f466e4583d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-49ea9885c560f158:flow:b004ebd7b4c6	SESSION-49ea9885c560f158 → flow:b004ebd7b4c6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-15d25700bea96717:SESSION-15d25700bea96717	SESSION-15d25700bea96717 → pe:tls:SESSION-15d25700bea96717
flow_observed5-aryOBS	e:fo:flow:710d7a94d133	flow:710d7a94d133 → host:177.10.239.199 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-dae3e228e98c74e4:host:131.196.30.185	SESSION-dae3e228e98c74e4 → host:131.196.30.185
FLOW_TO_HOSTOBS	e:to:SESSION-15d25700bea96717:host:172.234.197.23	SESSION-15d25700bea96717 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-305a85099066f209:host:172.234.197.23	SESSION-305a85099066f209 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-621f42bc5edaa56f:SESSION-621f42bc5edaa56f	SESSION-621f42bc5edaa56f → pe:tls:SESSION-621f42bc5edaa56f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e6270bfda958738:flow:6ffd15e339d9	SESSION-7e6270bfda958738 → flow:6ffd15e339d9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ed55c24c9ffd87b5:SESSION-ed55c24c9ffd87b5	SESSION-ed55c24c9ffd87b5 → pe:tls:SESSION-ed55c24c9ffd87b5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-23aaa31711ea4954:PCAP:capture_20260430110001:43611bdf6759	SESSION-23aaa31711ea4954 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bc2ea3f70e7bccaf:PCAP:capture_20260430090001:065659c7d314	SESSION-bc2ea3f70e7bccaf → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2b0a36bcb50aee6b:host:172.234.197.23:host:177.10.237.189	SESSION-2b0a36bcb50aee6b → host:172.234.197.23 → host:177.10.237.189
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eee2452aad82d1c2:SESSION-eee2452aad82d1c2	SESSION-eee2452aad82d1c2 → pe:tls:SESSION-eee2452aad82d1c2
FLOW_TO_HOSTOBS	e:to:SESSION-1e0550020c1215cf:host:131.196.28.16	SESSION-1e0550020c1215cf → host:131.196.28.16
flow_observed4-aryOBS	e:fo:flow:5c7c371a697d	flow:5c7c371a697d → host:172.234.197.23 → host:177.10.232.253 → port:tcp:9592
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7ac9bb77fb56e773:SESSION-7ac9bb77fb56e773	SESSION-7ac9bb77fb56e773 → pe:syn:SESSION-7ac9bb77fb56e773
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-08a40451c9cdc962:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-08a40451c9cdc962 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:eafdc5cc4f89	flow:eafdc5cc4f89 → host:177.10.238.57 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd2d57a3e3d90491:host:177.10.234.221	SESSION-fd2d57a3e3d90491 → host:177.10.234.221
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1fa31db6279a0e7c:SESSION-1fa31db6279a0e7c	SESSION-1fa31db6279a0e7c → pe:syn:SESSION-1fa31db6279a0e7c
FLOW_TO_HOSTOBS	e:to:SESSION-b73c5a859c05f554:host:177.10.232.255	SESSION-b73c5a859c05f554 → host:177.10.232.255
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-81679789c998e700:SESSION-81679789c998e700	SESSION-81679789c998e700 → pe:tls:SESSION-81679789c998e700
flow_observed4-aryOBS	e:fo:flow:8cacf1a45ce9	flow:8cacf1a45ce9 → host:172.234.197.23 → host:131.196.30.108 → port:tcp:17604
FLOW_TO_HOSTOBS	e:to:SESSION-7139746cbd677852:host:172.234.197.23	SESSION-7139746cbd677852 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5250861d994b3dc2:flow:4cefb8d622a4	SESSION-5250861d994b3dc2 → flow:4cefb8d622a4
FLOW_FROM_HOSTOBS	e:from:SESSION-b9deb407202a7aa0:host:172.234.197.23	SESSION-b9deb407202a7aa0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0ef3697a55617fe8:host:177.10.233.24:host:172.234.197.23	SESSION-0ef3697a55617fe8 → host:177.10.233.24 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8feacc6abd2fe08c:flow:4fdc0949fed1	SESSION-8feacc6abd2fe08c → flow:4fdc0949fed1
FLOW_DST_PORTOBS	e:fp:flow:d2f21addcb09:port:tcp:21279	flow:d2f21addcb09 → port:tcp:21279
FLOW_FROM_HOSTOBS	e:from:SESSION-94f070a5530c9e09:host:45.173.156.47	SESSION-94f070a5530c9e09 → host:45.173.156.47
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8d0bef7920d84e31:SESSION-8d0bef7920d84e31	SESSION-8d0bef7920d84e31 → pe:syn:SESSION-8d0bef7920d84e31
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21e452657508b689:host:172.234.197.23	SESSION-21e452657508b689 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.227:geo_-23.62930_-46.63510	host:131.196.31.227 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b42fc656319c5bfc:host:177.10.233.225	SESSION-b42fc656319c5bfc → host:177.10.233.225
FLOW_FROM_HOSTOBS	e:from:SESSION-edebc7da73e26840:host:131.196.30.245	SESSION-edebc7da73e26840 → host:131.196.30.245
FLOW_TO_HOSTOBS	e:to:SESSION-96d412735d478f25:host:172.234.197.23	SESSION-96d412735d478f25 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-045546313cbf5843:host:177.10.237.86	SESSION-045546313cbf5843 → host:177.10.237.86
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.102:asn:262880	host:177.10.239.102 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:62c530228f25:port:tcp:33882	flow:62c530228f25 → port:tcp:33882
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-eff9d1155e5c571f:BSG-BEACON-026b83b0f096	SESSION-eff9d1155e5c571f → BSG-BEACON-026b83b0f096
FLOW_DST_PORTOBS	e:fp:flow:3f8c718ef8ea:port:tcp:443	flow:3f8c718ef8ea → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d7bdeba7c000ea7:host:172.234.197.23:host:177.10.234.109	SESSION-1d7bdeba7c000ea7 → host:172.234.197.23 → host:177.10.234.109
FLOW_TLS_SNIOBS	e:fs:flow:3cce400dbd51:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:3cce400dbd51 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b99a2a75b4ae9e98:flow:c10793bfc512	SESSION-b99a2a75b4ae9e98 → flow:c10793bfc512
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.135:geo_-16.28860_-49.01640	host:177.10.234.135 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:a0fbbefeb08f:port:tcp:443	flow:a0fbbefeb08f → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-e700dd1746307a02:host:172.234.197.23	SESSION-e700dd1746307a02 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-edfeffbce5127655:flow:35f22b918404	SESSION-edfeffbce5127655 → flow:35f22b918404
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf7009921f0152ab:host:172.234.197.23	SESSION-cf7009921f0152ab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-910213045742f7e4:host:51.225.22.198	SESSION-910213045742f7e4 → host:51.225.22.198
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.64:asn:203771	host:95.170.25.64 → asn:203771
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.148:asn:271410	host:131.196.28.148 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e01aa770e4fba49e:SESSION-e01aa770e4fba49e	SESSION-e01aa770e4fba49e → pe:tls:SESSION-e01aa770e4fba49e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.133:geo_-16.28860_-49.01640	host:177.10.235.133 → geo_-16.28860_-49.01640
ASN_IN_ORGOBS 80%	e:ao:asn:14618:org:Amazon.com, Inc.	asn:14618 → org:Amazon.com, Inc.
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.189:asn:262880	host:177.10.234.189 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-02163c9e3a8cc49d:host:131.196.28.149	SESSION-02163c9e3a8cc49d → host:131.196.28.149
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-557aaca226ee6bf8:host:177.10.234.75	SESSION-557aaca226ee6bf8 → host:177.10.234.75
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.224:geo_-16.28860_-49.01640	host:177.10.235.224 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29bf5bdb9e3850fd:host:131.196.30.141	SESSION-29bf5bdb9e3850fd → host:131.196.30.141
flow_observed4-aryOBS	e:fo:flow:164fda188da7	flow:164fda188da7 → host:172.234.197.23 → host:131.196.31.204 → port:tcp:50493
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-403d8f142c86493c:host:172.234.197.23	SESSION-403d8f142c86493c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb7f3482601c970a:flow:57bb81ff7455	SESSION-cb7f3482601c970a → flow:57bb81ff7455
FLOW_TO_HOSTOBS	e:to:SESSION-7c96791011a0f6f2:host:177.10.233.176	SESSION-7c96791011a0f6f2 → host:177.10.233.176
FLOW_FROM_HOSTOBS	e:from:SESSION-5e8c587e48bf8617:host:131.196.29.183	SESSION-5e8c587e48bf8617 → host:131.196.29.183
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2625cb17cae199d1:flow:fe447701d1cd	SESSION-2625cb17cae199d1 → flow:fe447701d1cd
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.236:geo_-21.10010_-41.69200	host:45.173.156.236 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afeab5601fa36440:host:177.10.235.206	SESSION-afeab5601fa36440 → host:177.10.235.206
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4d3ca4dbaf4c9647:SESSION-4d3ca4dbaf4c9647	SESSION-4d3ca4dbaf4c9647 → pe:syn:SESSION-4d3ca4dbaf4c9647
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf34c898669d01e7:host:131.196.30.242:host:172.234.197.23	SESSION-bf34c898669d01e7 → host:131.196.30.242 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9baedb01cc14:port:tcp:6278	flow:9baedb01cc14 → port:tcp:6278
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0aa7cb63cd191443:host:172.234.197.23:host:177.10.232.150	SESSION-0aa7cb63cd191443 → host:172.234.197.23 → host:177.10.232.150
FLOW_DST_PORTOBS	e:fp:flow:0f410ff5afe2:port:tcp:443	flow:0f410ff5afe2 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c9527954f73f19b6:host:177.10.233.153:host:172.234.197.23	SESSION-c9527954f73f19b6 → host:177.10.233.153 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c7ece8090c9a4b7f:flow:c5a04b88e2dc	SESSION-c7ece8090c9a4b7f → flow:c5a04b88e2dc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d47b6311855994f0:flow:fe4ed0e5e9b3	SESSION-d47b6311855994f0 → flow:fe4ed0e5e9b3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.164:geo_-16.28860_-49.01640	host:177.10.239.164 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.138:asn:271410	host:131.196.29.138 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-02e2db787a51689b:host:172.234.197.23	SESSION-02e2db787a51689b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-edf23c7505754934:host:172.234.197.23	SESSION-edf23c7505754934 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:219e467789b8:port:tcp:443	flow:219e467789b8 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d3cf98bfbd337a47:SESSION-d3cf98bfbd337a47	SESSION-d3cf98bfbd337a47 → pe:syn:SESSION-d3cf98bfbd337a47
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5257ce7e592379ae:host:3.103.16.171	SESSION-5257ce7e592379ae → host:3.103.16.171
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e217016f21152908:host:131.196.31.133:host:172.234.197.23	SESSION-e217016f21152908 → host:131.196.31.133 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.211:asn:262880	host:177.10.238.211 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-913ac926bd708af5:SESSION-913ac926bd708af5	SESSION-913ac926bd708af5 → pe:tls:SESSION-913ac926bd708af5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5f5575c7d9faf65d:SESSION-5f5575c7d9faf65d	SESSION-5f5575c7d9faf65d → pe:tls:SESSION-5f5575c7d9faf65d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-161fb053b15bb516:host:172.234.197.23	SESSION-161fb053b15bb516 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dfd5cbc4ed1c485c:PCAP:capture_20260430090001:065659c7d314	SESSION-dfd5cbc4ed1c485c → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-55d5dc737e01c0f7:host:92.112.71.68:host:172.234.197.23	SESSION-55d5dc737e01c0f7 → host:92.112.71.68 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:03e51e79ea00	flow:03e51e79ea00 → host:177.10.238.106 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-efcc1618f79daeb7:flow:ca6e1431913e	SESSION-efcc1618f79daeb7 → flow:ca6e1431913e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f5bb0fb568e127c0:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f5bb0fb568e127c0 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a6ec641540644ee0:flow:7a63b1bfd4f1	SESSION-a6ec641540644ee0 → flow:7a63b1bfd4f1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bde2562b2e16b844:SESSION-bde2562b2e16b844	SESSION-bde2562b2e16b844 → pe:syn:SESSION-bde2562b2e16b844
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85172baad8a91878:host:177.10.232.193	SESSION-85172baad8a91878 → host:177.10.232.193
flow_observed5-aryOBS	e:fo:flow:6abf6297d34f	flow:6abf6297d34f → host:131.196.28.238 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.162:geo_-23.62930_-46.63510	host:131.196.28.162 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5fcf38b0a54673cb:flow:801bbf52a78d	SESSION-5fcf38b0a54673cb → flow:801bbf52a78d
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.156:asn:271410	host:131.196.31.156 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:a90b185749f1:port:tcp:6388	flow:a90b185749f1 → port:tcp:6388
flow_observed5-aryOBS	e:fo:flow:914f8417aa2d	flow:914f8417aa2d → host:177.10.234.148 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2f1449f3d42ccdf:host:131.196.29.157	SESSION-e2f1449f3d42ccdf → host:131.196.29.157
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-366e271d3ddb3e11:flow:8c1b2bbd3824	SESSION-366e271d3ddb3e11 → flow:8c1b2bbd3824
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb7b7dca9012c682:host:131.196.31.30	SESSION-eb7b7dca9012c682 → host:131.196.31.30
flow_observed5-aryOBS	e:fo:flow:c08b4e45346e	flow:c08b4e45346e → host:177.10.239.244 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c382f6b8063de44f:SESSION-c382f6b8063de44f	SESSION-c382f6b8063de44f → pe:tls:SESSION-c382f6b8063de44f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc2833e8abe7ed0a:host:172.234.197.23	SESSION-cc2833e8abe7ed0a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d6c901db44791138:SESSION-d6c901db44791138	SESSION-d6c901db44791138 → pe:tls:SESSION-d6c901db44791138
FLOW_DST_PORTOBS	e:fp:flow:35a56b105d0d:port:tcp:443	flow:35a56b105d0d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62b98bdaf08d2190:host:131.196.28.122	SESSION-62b98bdaf08d2190 → host:131.196.28.122
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.153:asn:262880	host:177.10.236.153 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3a0847605e0d04e:host:177.10.234.66	SESSION-e3a0847605e0d04e → host:177.10.234.66
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c2bdd821ab6e9acc:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c2bdd821ab6e9acc → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd2a5925828b8076:host:172.234.197.23	SESSION-fd2a5925828b8076 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0bcd74883eff8339:host:172.234.197.23:host:177.10.232.19	SESSION-0bcd74883eff8339 → host:172.234.197.23 → host:177.10.232.19
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3e1df474445c908f:SESSION-3e1df474445c908f	SESSION-3e1df474445c908f → pe:syn:SESSION-3e1df474445c908f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c70bd35e108ab91c:host:177.10.237.76	SESSION-c70bd35e108ab91c → host:177.10.237.76
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d6d83b2373dd8cdc:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-d6d83b2373dd8cdc → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:34.220.91.24:asn:16509	host:34.220.91.24 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7eb43af6b38a5d78:SESSION-7eb43af6b38a5d78	SESSION-7eb43af6b38a5d78 → pe:tls:SESSION-7eb43af6b38a5d78
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cbc4338326105aa3:flow:cae8d2561dde	SESSION-cbc4338326105aa3 → flow:cae8d2561dde
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-734d97fdd69356a6:host:172.234.197.23:host:131.196.28.162	SESSION-734d97fdd69356a6 → host:172.234.197.23 → host:131.196.28.162
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3483d96fbaf632b7:host:177.10.234.23:host:172.234.197.23	SESSION-3483d96fbaf632b7 → host:177.10.234.23 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb0c069bf1f40e5a:host:54.91.240.230	SESSION-bb0c069bf1f40e5a → host:54.91.240.230
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.46:asn:271410	host:131.196.29.46 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-40f1f2214a3951bb:host:172.234.197.23:host:177.10.239.84	SESSION-40f1f2214a3951bb → host:172.234.197.23 → host:177.10.239.84
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0bc704eff4d88e9:host:177.10.236.31	SESSION-c0bc704eff4d88e9 → host:177.10.236.31
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3fe48e08f3f123e2:SESSION-3fe48e08f3f123e2	SESSION-3fe48e08f3f123e2 → pe:syn:SESSION-3fe48e08f3f123e2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.161:asn:262880	host:177.10.237.161 → asn:262880
flow_observed5-aryOBS	e:fo:flow:690c407955d0	flow:690c407955d0 → host:177.10.232.124 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c9527954f73f19b6:flow:c3391332133e	SESSION-c9527954f73f19b6 → flow:c3391332133e
FLOW_FROM_HOSTOBS	e:from:SESSION-aae42b7cc2993272:host:17.22.253.177	SESSION-aae42b7cc2993272 → host:17.22.253.177
flow_observed5-aryOBS	e:fo:flow:7942cfe9505f	flow:7942cfe9505f → host:45.173.156.116 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-442d12ad40b35d12:SESSION-442d12ad40b35d12	SESSION-442d12ad40b35d12 → pe:tls:SESSION-442d12ad40b35d12
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3dc32d1b123f77b5:flow:68ab9bebddb0	SESSION-3dc32d1b123f77b5 → flow:68ab9bebddb0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f61464efb17d4b1:host:172.234.197.23	SESSION-6f61464efb17d4b1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c124aef8e6ea7da5:PCAP:capture_20260430090001:065659c7d314	SESSION-c124aef8e6ea7da5 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eff9d1155e5c571f:flow:e3dcadda68db	SESSION-eff9d1155e5c571f → flow:e3dcadda68db
FLOW_TO_HOSTOBS	e:to:SESSION-63f078b7cf539982:host:172.234.197.23	SESSION-63f078b7cf539982 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ae37c351bfd95cd:host:45.173.156.63	SESSION-6ae37c351bfd95cd → host:45.173.156.63
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6109906c198ad0ac:host:177.10.238.15:host:172.234.197.23	SESSION-6109906c198ad0ac → host:177.10.238.15 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:507431930c66	flow:507431930c66 → host:177.10.239.253 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77abcf8d7f3aee2e:flow:b427586d6e58	SESSION-77abcf8d7f3aee2e → flow:b427586d6e58
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-458faec2c6be4af1:host:172.234.197.23	SESSION-458faec2c6be4af1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7240be1eb77ed4f4:SESSION-7240be1eb77ed4f4	SESSION-7240be1eb77ed4f4 → pe:tls:SESSION-7240be1eb77ed4f4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-66a529d98727e997:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-66a529d98727e997 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-500f03715884566d:host:177.10.233.11	SESSION-500f03715884566d → host:177.10.233.11
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.145:asn:262880	host:177.10.233.145 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-67e4e454d5bff348:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-67e4e454d5bff348 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5cc5078bf4d23558:SESSION-5cc5078bf4d23558	SESSION-5cc5078bf4d23558 → pe:syn:SESSION-5cc5078bf4d23558
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1a82d55b52198391:host:131.196.31.118:host:172.234.197.23	SESSION-1a82d55b52198391 → host:131.196.31.118 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e938dc96c7665991:host:177.10.232.215	SESSION-e938dc96c7665991 → host:177.10.232.215
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-158ec8f739ce5586:host:172.234.197.23	SESSION-158ec8f739ce5586 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:eab2ca047921:port:tcp:51229	flow:eab2ca047921 → port:tcp:51229
FLOW_FROM_HOSTOBS	e:from:SESSION-1844a866ec523fcf:host:131.196.30.132	SESSION-1844a866ec523fcf → host:131.196.30.132
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9fba97aa139b6de4:flow:306d4674c16a	SESSION-9fba97aa139b6de4 → flow:306d4674c16a
flow_observed5-aryOBS	e:fo:flow:7952e1e20910	flow:7952e1e20910 → host:131.196.29.236 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c1a633dafddc79f1:SESSION-c1a633dafddc79f1	SESSION-c1a633dafddc79f1 → pe:syn:SESSION-c1a633dafddc79f1
FLOW_TO_HOSTOBS	e:to:SESSION-2e4cb96e9954f000:host:172.234.197.23	SESSION-2e4cb96e9954f000 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7240be1eb77ed4f4:host:172.234.197.23	SESSION-7240be1eb77ed4f4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e32df6cc4891bacc:SESSION-e32df6cc4891bacc	SESSION-e32df6cc4891bacc → pe:syn:SESSION-e32df6cc4891bacc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-310a1cee325ffc65:host:45.173.156.178:host:172.234.197.23	SESSION-310a1cee325ffc65 → host:45.173.156.178 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c124aef8e6ea7da5:flow:662f3d11402c	SESSION-c124aef8e6ea7da5 → flow:662f3d11402c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e49b447cbf9c1ef7:SESSION-e49b447cbf9c1ef7	SESSION-e49b447cbf9c1ef7 → pe:tls:SESSION-e49b447cbf9c1ef7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-51bc0a4af53b62cc:SESSION-51bc0a4af53b62cc	SESSION-51bc0a4af53b62cc → pe:tls:SESSION-51bc0a4af53b62cc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-21a6fb1ae6879e55:flow:afe32a0820ec	SESSION-21a6fb1ae6879e55 → flow:afe32a0820ec
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a27690ff20574d25:host:131.196.31.27	SESSION-a27690ff20574d25 → host:131.196.31.27
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-576e43142f03a150:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-576e43142f03a150 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a70cd7da1062faad:host:177.10.233.176:host:172.234.197.23	SESSION-a70cd7da1062faad → host:177.10.233.176 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-674d0a1b38b3c135:SESSION-674d0a1b38b3c135	SESSION-674d0a1b38b3c135 → pe:tls:SESSION-674d0a1b38b3c135
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-290c9b11e52fd3ba:host:177.10.233.51:host:172.234.197.23	SESSION-290c9b11e52fd3ba → host:177.10.233.51 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e088d2ccbc3966c5:host:172.234.197.23	SESSION-e088d2ccbc3966c5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e8c587e48bf8617:host:131.196.29.183	SESSION-5e8c587e48bf8617 → host:131.196.29.183
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-58eea5e67f2190af:SESSION-58eea5e67f2190af	SESSION-58eea5e67f2190af → pe:tls:SESSION-58eea5e67f2190af
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f778ec59760ca534:host:172.234.197.23	SESSION-f778ec59760ca534 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cdcb5008ac7e3b15:PCAP:capture_20260430080001:93f47cc296a4	SESSION-cdcb5008ac7e3b15 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-a5292197f57e4263:host:177.10.235.35	SESSION-a5292197f57e4263 → host:177.10.235.35
FLOW_FROM_HOSTOBS	e:from:SESSION-9d43b9fecb8f031e:host:172.234.197.23	SESSION-9d43b9fecb8f031e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9ab980d26fa84a5e:SESSION-9ab980d26fa84a5e	SESSION-9ab980d26fa84a5e → pe:syn:SESSION-9ab980d26fa84a5e
FLOW_FROM_HOSTOBS	e:from:SESSION-c0b3c5797223848b:host:177.10.235.121	SESSION-c0b3c5797223848b → host:177.10.235.121
FLOW_DST_PORTOBS	e:fp:flow:1f34a2a1eb06:port:tcp:443	flow:1f34a2a1eb06 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:84814d01cbbd:port:tcp:443	flow:84814d01cbbd → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-5d5e50cd91d4ac54:host:172.234.197.23	SESSION-5d5e50cd91d4ac54 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f4a69b65a94c1ea1:host:131.196.31.120:host:172.234.197.23	SESSION-f4a69b65a94c1ea1 → host:131.196.31.120 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-664154a8ce71c549:PCAP:capture_20260430070001:903a0e7a436b	SESSION-664154a8ce71c549 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a0605f48b345a3ed:flow:e8c214b29c0d	SESSION-a0605f48b345a3ed → flow:e8c214b29c0d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a486ebfba002f553:SESSION-a486ebfba002f553	SESSION-a486ebfba002f553 → pe:tls:SESSION-a486ebfba002f553
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.211:asn:203771	host:31.40.196.211 → asn:203771
FLOW_TO_HOSTOBS	e:to:SESSION-6ba4a623ca0c8731:host:177.10.237.116	SESSION-6ba4a623ca0c8731 → host:177.10.237.116
FLOW_TLS_SNIOBS	e:fs:flow:f55e3eaa0043:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:f55e3eaa0043 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f852deb0b74344a0:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f852deb0b74344a0 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:56817ae9d85f:port:tcp:443	flow:56817ae9d85f → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.200:geo_-16.28860_-49.01640	host:177.10.237.200 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e32df6cc4891bacc:SESSION-e32df6cc4891bacc	SESSION-e32df6cc4891bacc → pe:tls:SESSION-e32df6cc4891bacc
FLOW_DST_PORTOBS	e:fp:flow:b45cce3384ef:port:tcp:18922	flow:b45cce3384ef → port:tcp:18922
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f033dc8b343a68ab:host:172.234.197.23	SESSION-f033dc8b343a68ab → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9ef022319f6b:port:tcp:443	flow:9ef022319f6b → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:edb8df6f40af	flow:edb8df6f40af → host:172.234.197.23 → host:177.10.236.11 → port:tcp:46520
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a6c7a2e5cf818d0a:flow:52d84ef17d07	SESSION-a6c7a2e5cf818d0a → flow:52d84ef17d07
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a11ee5d378ab4f4:host:172.234.197.23	SESSION-7a11ee5d378ab4f4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-091d255d08b85143:host:98.130.128.246:host:172.234.197.23	SESSION-091d255d08b85143 → host:98.130.128.246 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:714:org:Apple Inc.	asn:714 → org:Apple Inc.
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b78ee328a5f7ceab:host:31.40.196.119	SESSION-b78ee328a5f7ceab → host:31.40.196.119
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3c1e38c6e6df43f1:SESSION-3c1e38c6e6df43f1	SESSION-3c1e38c6e6df43f1 → pe:tls:SESSION-3c1e38c6e6df43f1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-76b0da8a82e9902a:host:177.10.235.137:host:172.234.197.23	SESSION-76b0da8a82e9902a → host:177.10.235.137 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-86a02a9ab2988acd:flow:276ba7d502b9	SESSION-86a02a9ab2988acd → flow:276ba7d502b9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96d412735d478f25:host:131.196.30.183	SESSION-96d412735d478f25 → host:131.196.30.183
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-548dd69287ac8927:SESSION-548dd69287ac8927	SESSION-548dd69287ac8927 → pe:syn:SESSION-548dd69287ac8927
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.23:asn:262880	host:177.10.238.23 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90426299281da133:host:172.234.197.23	SESSION-90426299281da133 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-367c844590f11a50:host:131.196.28.38	SESSION-367c844590f11a50 → host:131.196.28.38
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-59a63fae51b24a38:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-59a63fae51b24a38 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-802ccc988b65b38c:SESSION-802ccc988b65b38c	SESSION-802ccc988b65b38c → pe:syn:SESSION-802ccc988b65b38c
flow_observed4-aryOBS	e:fo:flow:0a248a4219ae	flow:0a248a4219ae → host:172.234.197.23 → host:177.10.237.172 → port:tcp:26829
FLOW_DST_PORTOBS	e:fp:flow:6386656d45fb:port:tcp:443	flow:6386656d45fb → port:tcp:443
FLOW_TLS_SNIOBS	e:fs:flow:006a40e5f40d:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:006a40e5f40d → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-754d0cc424848140:host:177.10.236.201:host:172.234.197.23	SESSION-754d0cc424848140 → host:177.10.236.201 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eed27da13c534290:host:177.10.236.184:host:172.234.197.23	SESSION-eed27da13c534290 → host:177.10.236.184 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-85c181ffe8433ff0:host:177.10.237.15	SESSION-85c181ffe8433ff0 → host:177.10.237.15
FLOW_DST_PORTOBS	e:fp:flow:b827d514f40a:port:tcp:443	flow:b827d514f40a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7ac209c33b5c7f5:host:131.196.30.138	SESSION-b7ac209c33b5c7f5 → host:131.196.30.138
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-86b61cf52362ae86:flow:099252cb5d04	SESSION-86b61cf52362ae86 → flow:099252cb5d04
FLOW_TO_HOSTOBS	e:to:SESSION-bf343490b1b7ef49:host:131.196.28.44	SESSION-bf343490b1b7ef49 → host:131.196.28.44
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.11:asn:271410	host:131.196.30.11 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-244625927b0e7703:host:172.234.197.23	SESSION-244625927b0e7703 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-03bb88743ccc2c68:SESSION-03bb88743ccc2c68	SESSION-03bb88743ccc2c68 → pe:tls:SESSION-03bb88743ccc2c68
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9a236c6c04af1f19:SESSION-9a236c6c04af1f19	SESSION-9a236c6c04af1f19 → pe:syn:SESSION-9a236c6c04af1f19
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.177:asn:271410	host:131.196.29.177 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-5ab8147bbacef01b:host:172.234.197.23	SESSION-5ab8147bbacef01b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-44c3a4d4ec5442f2:SESSION-44c3a4d4ec5442f2	SESSION-44c3a4d4ec5442f2 → pe:syn:SESSION-44c3a4d4ec5442f2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.138:asn:262880	host:177.10.238.138 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bef335bbd7bd0f49:host:45.173.156.31	SESSION-bef335bbd7bd0f49 → host:45.173.156.31
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e85a67565660f7c:host:172.234.197.23	SESSION-2e85a67565660f7c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e391b214be46ad73:host:131.196.30.246	SESSION-e391b214be46ad73 → host:131.196.30.246
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c3fa9d5496b14fae:SESSION-c3fa9d5496b14fae	SESSION-c3fa9d5496b14fae → pe:syn:SESSION-c3fa9d5496b14fae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b699e12e3fdc2278:SESSION-b699e12e3fdc2278	SESSION-b699e12e3fdc2278 → pe:syn:SESSION-b699e12e3fdc2278
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b70d9bf346b75217:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b70d9bf346b75217 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7fad01c8dca4d847:SESSION-7fad01c8dca4d847	SESSION-7fad01c8dca4d847 → pe:syn:SESSION-7fad01c8dca4d847
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7a24ae76392ce429:SESSION-7a24ae76392ce429	SESSION-7a24ae76392ce429 → pe:tls:SESSION-7a24ae76392ce429
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-295a993db8b4e397:PCAP:capture_20260430060001:919b39a74464	SESSION-295a993db8b4e397 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-af4f3fe4058b61ab:host:172.234.197.23	SESSION-af4f3fe4058b61ab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a139b1df55cde4d7:host:131.196.30.74	SESSION-a139b1df55cde4d7 → host:131.196.30.74
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b22fd3d92fd3016:host:131.196.31.27	SESSION-9b22fd3d92fd3016 → host:131.196.31.27
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cd1b98a612532c8e:PCAP:capture_20260428010001:b1b402c7b202	SESSION-cd1b98a612532c8e → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-febabcac2b03c9d1:host:172.234.197.23	SESSION-febabcac2b03c9d1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3e05f2032b3abac3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-3e05f2032b3abac3 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eaecff6799ccb464:SESSION-eaecff6799ccb464	SESSION-eaecff6799ccb464 → pe:tls:SESSION-eaecff6799ccb464
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.227:asn:262880	host:177.10.235.227 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ec199f8b9a6f389:flow:205fc6d7337e	SESSION-8ec199f8b9a6f389 → flow:205fc6d7337e
FLOW_FROM_HOSTOBS	e:from:SESSION-bdbc33b564dc3f1f:host:2.57.121.112	SESSION-bdbc33b564dc3f1f → host:2.57.121.112
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb7dd74b64c1f7c7:host:172.234.197.23:host:131.196.30.114	SESSION-cb7dd74b64c1f7c7 → host:172.234.197.23 → host:131.196.30.114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-561fca01c9d6b351:SESSION-561fca01c9d6b351	SESSION-561fca01c9d6b351 → pe:syn:SESSION-561fca01c9d6b351
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eff9d1155e5c571f:host:172.234.197.23	SESSION-eff9d1155e5c571f → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:f6708e611b35	flow:f6708e611b35 → host:172.234.197.23 → host:177.10.232.143 → port:tcp:2457
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b8693b808e1d6b7d:host:172.234.197.23:host:177.10.233.135	SESSION-b8693b808e1d6b7d → host:172.234.197.23 → host:177.10.233.135
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.62:asn:262880	host:177.10.232.62 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9726c360f8e7f49c:SESSION-9726c360f8e7f49c	SESSION-9726c360f8e7f49c → pe:syn:SESSION-9726c360f8e7f49c
FLOW_TO_HOSTOBS	e:to:SESSION-0940876600cf1421:host:177.10.233.177	SESSION-0940876600cf1421 → host:177.10.233.177
FLOW_FROM_HOSTOBS	e:from:SESSION-c0cb5698f1d5957a:host:31.40.196.151	SESSION-c0cb5698f1d5957a → host:31.40.196.151
FLOW_TO_HOSTOBS	e:to:SESSION-b22f1be22326dd94:host:172.234.197.23	SESSION-b22f1be22326dd94 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf9e0725ec95e307:host:172.234.197.23	SESSION-bf9e0725ec95e307 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-978d4fdbc8d38350:host:177.10.239.198	SESSION-978d4fdbc8d38350 → host:177.10.239.198
FLOW_FROM_HOSTOBS	e:from:SESSION-e3d7339ef5a101ca:host:51.94.180.11	SESSION-e3d7339ef5a101ca → host:51.94.180.11
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3ecb424a0a4d5b0f:SESSION-3ecb424a0a4d5b0f	SESSION-3ecb424a0a4d5b0f → pe:tls:SESSION-3ecb424a0a4d5b0f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2bcd65d8e62fc5a1:host:172.234.197.23	SESSION-2bcd65d8e62fc5a1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd801ce1250407dd:host:172.234.197.23	SESSION-cd801ce1250407dd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-44cdc048c80875b5:SESSION-44cdc048c80875b5	SESSION-44cdc048c80875b5 → pe:tls:SESSION-44cdc048c80875b5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-285399b7803aab9b:SESSION-285399b7803aab9b	SESSION-285399b7803aab9b → pe:tls:SESSION-285399b7803aab9b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:142.132.190.158:geo_50.47770_12.36490	host:142.132.190.158 → geo_50.47770_12.36490
FLOW_FROM_HOSTOBS	e:from:SESSION-8cc58a61b872e266:host:172.234.197.23	SESSION-8cc58a61b872e266 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1fa8a238d1165695:host:172.234.197.23	SESSION-1fa8a238d1165695 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2392c0826d87e845:host:45.173.156.238	SESSION-2392c0826d87e845 → host:45.173.156.238
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ca971b9386eb0b9:flow:e464be43f527	SESSION-2ca971b9386eb0b9 → flow:e464be43f527
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87f83ff8260cc70d:host:172.234.197.23	SESSION-87f83ff8260cc70d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4dc0a9d4d6e7897:host:172.234.197.23	SESSION-d4dc0a9d4d6e7897 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4dc16adec194cf9c:SESSION-4dc16adec194cf9c	SESSION-4dc16adec194cf9c → pe:tls:SESSION-4dc16adec194cf9c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dd5c7cb019cd55a3:host:177.10.238.46:host:172.234.197.23	SESSION-dd5c7cb019cd55a3 → host:177.10.238.46 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7a0913a57a803cab:host:172.234.197.23:host:177.10.232.157	SESSION-7a0913a57a803cab → host:172.234.197.23 → host:177.10.232.157
flow_observed5-aryOBS	e:fo:flow:feacee804cee	flow:feacee804cee → host:131.196.29.140 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5e220c81ec884c58:SESSION-5e220c81ec884c58	SESSION-5e220c81ec884c58 → pe:tls:SESSION-5e220c81ec884c58
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e2f2dfbe9df7c080:SESSION-e2f2dfbe9df7c080	SESSION-e2f2dfbe9df7c080 → pe:tls:SESSION-e2f2dfbe9df7c080
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-21e452657508b689:SESSION-21e452657508b689	SESSION-21e452657508b689 → pe:tls:SESSION-21e452657508b689
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ee625266e5aa068:host:54.201.244.199:host:172.234.197.23	SESSION-5ee625266e5aa068 → host:54.201.244.199 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a7c0fd7040b0:port:tcp:443	flow:a7c0fd7040b0 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-99cbc6df23fa1e57:flow:5bf9d9774457	SESSION-99cbc6df23fa1e57 → flow:5bf9d9774457
FLOW_TO_HOSTOBS	e:to:SESSION-4e4d63ce34019de3:host:172.234.197.23	SESSION-4e4d63ce34019de3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-422ba54da9c49203:host:131.196.31.23	SESSION-422ba54da9c49203 → host:131.196.31.23
flow_observed5-aryOBS	e:fo:flow:a73661cc047d	flow:a73661cc047d → host:51.210.99.95 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7239dbaec89ca2f:host:131.196.30.223	SESSION-c7239dbaec89ca2f → host:131.196.30.223
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-68e98907ffe6aa24:SESSION-68e98907ffe6aa24	SESSION-68e98907ffe6aa24 → pe:syn:SESSION-68e98907ffe6aa24
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-516e4259bbcb51e8:host:172.234.197.23	SESSION-516e4259bbcb51e8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c6d85d433251:port:tcp:80	flow:c6d85d433251 → port:tcp:80
FLOW_FROM_HOSTOBS	e:from:SESSION-5d0f919734488d0b:host:172.234.197.23	SESSION-5d0f919734488d0b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-144e16262f6e2a62:host:131.196.29.65	SESSION-144e16262f6e2a62 → host:131.196.29.65
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-87f83ff8260cc70d:host:177.10.238.197:host:172.234.197.23	SESSION-87f83ff8260cc70d → host:177.10.238.197 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-37c1a586e90e7a3b:SESSION-37c1a586e90e7a3b	SESSION-37c1a586e90e7a3b → pe:tls:SESSION-37c1a586e90e7a3b
FLOW_DST_PORTOBS	e:fp:flow:1a64cb5832d1:port:tcp:443	flow:1a64cb5832d1 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.66:geo_-21.10010_-41.69200	host:45.173.156.66 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-97344bc6f8ca22f4:SESSION-97344bc6f8ca22f4	SESSION-97344bc6f8ca22f4 → pe:tls:SESSION-97344bc6f8ca22f4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0d0c8f73043707f:host:172.234.197.23	SESSION-f0d0c8f73043707f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dcbceebcfa7feba5:PCAP:capture_20260430090001:065659c7d314	SESSION-dcbceebcfa7feba5 → PCAP:capture_20260430090001:065659c7d314
flow_observed4-aryOBS	e:fo:flow:b53c87af663d	flow:b53c87af663d → host:172.234.197.23 → host:177.10.234.9 → port:tcp:41889
FLOW_TO_HOSTOBS	e:to:SESSION-6a66568eff025692:host:177.10.236.62	SESSION-6a66568eff025692 → host:177.10.236.62
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b12621bc2223af13:host:177.10.237.225:host:172.234.197.23	SESSION-b12621bc2223af13 → host:177.10.237.225 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-03724996262dbf01:host:172.234.197.23	SESSION-03724996262dbf01 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da14e554ef56152a:host:172.234.197.23	SESSION-da14e554ef56152a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-091ae841df8cdc2c:PCAP:capture_20260428010001:b1b402c7b202	SESSION-091ae841df8cdc2c → PCAP:capture_20260428010001:b1b402c7b202
flow_observed5-aryOBS	e:fo:flow:d0648f3d1bca	flow:d0648f3d1bca → host:177.10.232.247 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-c8ab658d53a1eebd:host:172.234.197.23	SESSION-c8ab658d53a1eebd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6e612a684f25ac0f:flow:143027392511	SESSION-6e612a684f25ac0f → flow:143027392511
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-577376347fdfe894:host:172.234.197.23:host:177.10.236.37	SESSION-577376347fdfe894 → host:172.234.197.23 → host:177.10.236.37
FLOW_TO_HOSTOBS	e:to:SESSION-44555c754c6c7558:host:172.234.197.23	SESSION-44555c754c6c7558 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-adbb0156eea80d2f:host:37.27.162.26:host:172.234.197.23	SESSION-adbb0156eea80d2f → host:37.27.162.26 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-64a8475d206a0785:PCAP:capture_20260430070001:903a0e7a436b	SESSION-64a8475d206a0785 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-122d3bc093be76f2:flow:0c0e1523deb4	SESSION-122d3bc093be76f2 → flow:0c0e1523deb4
FLOW_TO_HOSTOBS	e:to:SESSION-d3f8bf2b05f7ab82:host:172.234.197.23	SESSION-d3f8bf2b05f7ab82 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b01d2e5ef9a6	flow:b01d2e5ef9a6 → host:172.234.197.23 → host:131.196.31.143 → port:tcp:36469
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.11:asn:271410	host:131.196.28.11 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-d290f0be98eecddb:host:172.234.197.23	SESSION-d290f0be98eecddb → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c21627d8f6f11a27:SESSION-c21627d8f6f11a27	SESSION-c21627d8f6f11a27 → pe:syn:SESSION-c21627d8f6f11a27
FLOW_DST_PORTOBS	e:fp:flow:c66f85b789a3:port:tcp:47087	flow:c66f85b789a3 → port:tcp:47087
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6634561e4b2b2821:SESSION-6634561e4b2b2821	SESSION-6634561e4b2b2821 → pe:tls:SESSION-6634561e4b2b2821
flow_observed5-aryOBS	e:fo:flow:cb9a4a784bb4	flow:cb9a4a784bb4 → host:177.10.235.133 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c78f1de05120efd8:SESSION-c78f1de05120efd8	SESSION-c78f1de05120efd8 → pe:tls:SESSION-c78f1de05120efd8
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-1530091b08a9906d:BSG-DATA_EXFIL-4603c5493fc5	SESSION-1530091b08a9906d → BSG-DATA_EXFIL-4603c5493fc5
flow_observed4-aryOBS	e:fo:flow:b5fc41b8314e	flow:b5fc41b8314e → host:172.234.197.23 → host:177.10.232.178 → port:tcp:50113
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-be196df3d425cb31:SESSION-be196df3d425cb31	SESSION-be196df3d425cb31 → pe:tls:SESSION-be196df3d425cb31
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f4bcb88049ff8a93:SESSION-f4bcb88049ff8a93	SESSION-f4bcb88049ff8a93 → pe:syn:SESSION-f4bcb88049ff8a93
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f30fa3bd65a965fa:host:177.10.236.209:host:172.234.197.23	SESSION-f30fa3bd65a965fa → host:177.10.236.209 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6fd2d6a70384f754:SESSION-6fd2d6a70384f754	SESSION-6fd2d6a70384f754 → pe:syn:SESSION-6fd2d6a70384f754
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.236:geo_-23.62930_-46.63510	host:131.196.30.236 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-90972096b6b00a4b:flow:133dcdd96d63	SESSION-90972096b6b00a4b → flow:133dcdd96d63
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9ab980d26fa84a5e:PCAP:capture_20260430090001:065659c7d314	SESSION-9ab980d26fa84a5e → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f88b9847e7767e00:flow:cc6ee1599869	SESSION-f88b9847e7767e00 → flow:cc6ee1599869
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:195.154.100.87:geo_48.85580_2.34940	host:195.154.100.87 → geo_48.85580_2.34940
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-76512232807349be:flow:d297a1162663	SESSION-76512232807349be → flow:d297a1162663
flow_observed5-aryOBS	e:fo:flow:de2bca123a5e	flow:de2bca123a5e → host:185.231.226.20 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.159:asn:273470	host:45.173.156.159 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a77adff1667c3d1:host:172.234.197.23	SESSION-0a77adff1667c3d1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-422ba54da9c49203:PCAP:capture_20260430160001:9bfa4498506a	SESSION-422ba54da9c49203 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ff9648a7e097bde:host:149.210.194.32	SESSION-7ff9648a7e097bde → host:149.210.194.32
FLOW_TO_HOSTOBS	e:to:SESSION-46082ee63fe36bdf:host:172.234.197.23	SESSION-46082ee63fe36bdf → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ff2c95cfb4d3a4dd:host:44.243.2.252:host:172.234.197.23	SESSION-ff2c95cfb4d3a4dd → host:44.243.2.252 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bfbb16ce344dac5c:host:91.99.124.205	SESSION-bfbb16ce344dac5c → host:91.99.124.205
FLOW_DST_PORTOBS	e:fp:flow:2d91021715d1:port:tcp:443	flow:2d91021715d1 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-a733fde11cff5d03:host:172.234.197.23	SESSION-a733fde11cff5d03 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1355eedcc36803bb:flow:643c889fdaf8	SESSION-1355eedcc36803bb → flow:643c889fdaf8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77162e002cdf71b4:host:131.196.30.158:host:172.234.197.23	SESSION-77162e002cdf71b4 → host:131.196.30.158 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ad7e9be9d0a80554:host:172.234.197.23:host:177.10.236.125	SESSION-ad7e9be9d0a80554 → host:172.234.197.23 → host:177.10.236.125
FLOW_FROM_HOSTOBS	e:from:SESSION-ed610f5ec8b698f6:host:177.10.236.234	SESSION-ed610f5ec8b698f6 → host:177.10.236.234
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e6270bfda958738:SESSION-7e6270bfda958738	SESSION-7e6270bfda958738 → pe:syn:SESSION-7e6270bfda958738
FLOW_TO_HOSTOBS	e:to:SESSION-de82cbdf751e150b:host:172.234.197.23	SESSION-de82cbdf751e150b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-67c350ca0312f6cb:host:177.10.238.238	SESSION-67c350ca0312f6cb → host:177.10.238.238
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-198cd8f9bb6f8909:host:177.10.234.78:host:172.234.197.23	SESSION-198cd8f9bb6f8909 → host:177.10.234.78 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b91cc7f2039924f2:host:131.196.29.248	SESSION-b91cc7f2039924f2 → host:131.196.29.248
FLOW_FROM_HOSTOBS	e:from:SESSION-a74ec174530f5239:host:44.244.28.93	SESSION-a74ec174530f5239 → host:44.244.28.93
FLOW_TO_HOSTOBS	e:to:SESSION-dde31743640b587a:host:177.10.236.90	SESSION-dde31743640b587a → host:177.10.236.90
FLOW_FROM_HOSTOBS	e:from:SESSION-14a74b0f0f76c3f9:host:172.234.197.23	SESSION-14a74b0f0f76c3f9 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-15539e18bbfcb0e8:BSG-BEACON-bbe881c142fc	SESSION-15539e18bbfcb0e8 → BSG-BEACON-bbe881c142fc
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.65:geo_-16.28860_-49.01640	host:177.10.235.65 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.63:geo_-16.28860_-49.01640	host:177.10.233.63 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ba96028c0d9bf0a3:flow:6c9e69924488	SESSION-ba96028c0d9bf0a3 → flow:6c9e69924488
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-007d1747f3bd10df:PCAP:capture_20260430090001:065659c7d314	SESSION-007d1747f3bd10df → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:d767a7e82616	flow:d767a7e82616 → host:131.196.29.76 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d467c8665ef34f6a:host:172.234.197.23	SESSION-d467c8665ef34f6a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:81af941cebab:port:tcp:443	flow:81af941cebab → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4503d5677d79139:SESSION-c4503d5677d79139	SESSION-c4503d5677d79139 → pe:tls:SESSION-c4503d5677d79139
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.130:geo_41.02140_28.99480	host:37.221.79.130 → geo_41.02140_28.99480
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b854a8a0c04494b2:PCAP:capture_20260427200001:3ed6eed62060	SESSION-b854a8a0c04494b2 → PCAP:capture_20260427200001:3ed6eed62060
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:2.57.122.197:geo_45.99680_24.99700	host:2.57.122.197 → geo_45.99680_24.99700
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4013c9000873101b:host:172.234.197.23	SESSION-4013c9000873101b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-045b8a3eae800458:PCAP:capture_20260430110001:43611bdf6759	SESSION-045b8a3eae800458 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-328591b09b0655cf:PCAP:capture_20260430080001:93f47cc296a4	SESSION-328591b09b0655cf → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-accb56e5453b3fbd:host:172.234.197.23	SESSION-accb56e5453b3fbd → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-eca69a208ab39d5f:host:177.10.237.159	SESSION-eca69a208ab39d5f → host:177.10.237.159
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-2be48cd916ee7ccc:BSG-BEACON-38c437a6a592	SESSION-2be48cd916ee7ccc → BSG-BEACON-38c437a6a592
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-685011adf9d67a1b:host:131.196.29.230	SESSION-685011adf9d67a1b → host:131.196.29.230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-414bf7406e62b7e2:SESSION-414bf7406e62b7e2	SESSION-414bf7406e62b7e2 → pe:syn:SESSION-414bf7406e62b7e2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4c1ac661b3c1fca0:flow:2006ea332961	SESSION-4c1ac661b3c1fca0 → flow:2006ea332961
FLOW_FROM_HOSTOBS	e:from:SESSION-51daf4959db84d02:host:172.234.197.23	SESSION-51daf4959db84d02 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-536e36b5c95ee442:SESSION-536e36b5c95ee442	SESSION-536e36b5c95ee442 → pe:rst:SESSION-536e36b5c95ee442
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-52edfb1e7fe307be:host:177.10.239.99:host:172.234.197.23	SESSION-52edfb1e7fe307be → host:177.10.239.99 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9beaab7062aef373:host:88.99.91.59	SESSION-9beaab7062aef373 → host:88.99.91.59
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f76d275e2b42c8d0:flow:93e9d451b334	SESSION-f76d275e2b42c8d0 → flow:93e9d451b334
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4ce32efb58e1da83:PCAP:capture_20260430090001:065659c7d314	SESSION-4ce32efb58e1da83 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-206c176870c7b9f2:host:172.234.197.23	SESSION-206c176870c7b9f2 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.154:geo_-23.62930_-46.63510	host:131.196.29.154 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9f49b20c8baea20b:flow:84d4e523a6b1	SESSION-9f49b20c8baea20b → flow:84d4e523a6b1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e77bd841354043c4:flow:f69e7ff11a0f	SESSION-e77bd841354043c4 → flow:f69e7ff11a0f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1745753d6a990e0e:host:177.10.238.70:host:172.234.197.23	SESSION-1745753d6a990e0e → host:177.10.238.70 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-36f4c424d3b5f86e:SESSION-36f4c424d3b5f86e	SESSION-36f4c424d3b5f86e → pe:tls:SESSION-36f4c424d3b5f86e
FLOW_FROM_HOSTOBS	e:from:SESSION-136fe1663b76b4f2:host:172.234.197.23	SESSION-136fe1663b76b4f2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b8107d9388b9d334:host:172.234.197.23:host:131.196.30.227	SESSION-b8107d9388b9d334 → host:172.234.197.23 → host:131.196.30.227
FLOW_DST_PORTOBS	e:fp:flow:00ea2c27d768:port:tcp:443	flow:00ea2c27d768 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:87cb7bba02bc:port:tcp:443	flow:87cb7bba02bc → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-d30c685e20a11d4e:host:172.234.197.23	SESSION-d30c685e20a11d4e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be24a8e57194faf0:host:45.173.156.215	SESSION-be24a8e57194faf0 → host:45.173.156.215
flow_observed5-aryOBS	e:fo:flow:ba545b1ede58	flow:ba545b1ede58 → host:131.196.31.80 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72e48e4dc313a64d:host:131.196.30.44	SESSION-72e48e4dc313a64d → host:131.196.30.44
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.204:asn:262880	host:177.10.238.204 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e7ad62492e870e2b:flow:f44d8b39227f	SESSION-e7ad62492e870e2b → flow:f44d8b39227f
FLOW_DST_PORTOBS	e:fp:flow:89dfb84bffe8:port:tcp:443	flow:89dfb84bffe8 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-680820c56f27d295:host:131.196.31.33	SESSION-680820c56f27d295 → host:131.196.31.33
FLOW_TO_HOSTOBS	e:to:SESSION-edfeffbce5127655:host:172.234.197.23	SESSION-edfeffbce5127655 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2996f9b3a522abad:SESSION-2996f9b3a522abad	SESSION-2996f9b3a522abad → pe:tls:SESSION-2996f9b3a522abad
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c227f10fbea5d546:flow:84d1886e94c2	SESSION-c227f10fbea5d546 → flow:84d1886e94c2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-754d0cc424848140:PCAP:capture_20260430110001:43611bdf6759	SESSION-754d0cc424848140 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-77c18cfa23ea97ee:host:177.10.232.251	SESSION-77c18cfa23ea97ee → host:177.10.232.251
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-926b7babcf98185f:host:172.234.197.23:host:131.196.31.150	SESSION-926b7babcf98185f → host:172.234.197.23 → host:131.196.31.150
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a7bf37c238cc392:SESSION-4a7bf37c238cc392	SESSION-4a7bf37c238cc392 → pe:syn:SESSION-4a7bf37c238cc392
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-704e3a6bbdc29013:host:177.10.234.246	SESSION-704e3a6bbdc29013 → host:177.10.234.246
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ffa310b40a91058:host:45.173.156.188	SESSION-2ffa310b40a91058 → host:45.173.156.188
flow_observed5-aryOBS	e:fo:flow:a0fae993b285	flow:a0fae993b285 → host:131.196.31.2 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6631f08e8c06a9b6:host:177.10.232.253:host:172.234.197.23	SESSION-6631f08e8c06a9b6 → host:177.10.232.253 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-92c4be10fc1322be:host:172.234.197.23	SESSION-92c4be10fc1322be → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06ad44a538684c23:host:172.234.197.23	SESSION-06ad44a538684c23 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-18af1f65a173a9cf:flow:ee7eddf74104	SESSION-18af1f65a173a9cf → flow:ee7eddf74104
FLOW_DST_PORTOBS	e:fp:flow:d79939a9c159:port:tcp:443	flow:d79939a9c159 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:57e2b37c68b2:port:tcp:443	flow:57e2b37c68b2 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:b0d8a98e8306:port:tcp:49749	flow:b0d8a98e8306 → port:tcp:49749
HOST_IN_ASNOBS 85%	e:ha:host:44.248.141.231:asn:16509	host:44.248.141.231 → asn:16509
FLOW_FROM_HOSTOBS	e:from:SESSION-968009a702657adb:host:172.234.197.23	SESSION-968009a702657adb → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-78d87c88323785f9:PCAP:capture_20260430050001:8868731bf8a4	SESSION-78d87c88323785f9 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-1433a266c3f7170c:host:177.10.238.24	SESSION-1433a266c3f7170c → host:177.10.238.24
FLOW_FROM_HOSTOBS	e:from:SESSION-cd0176ca8d9bf386:host:177.10.233.130	SESSION-cd0176ca8d9bf386 → host:177.10.233.130
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3b376322eb831975:host:177.10.236.193:host:172.234.197.23	SESSION-3b376322eb831975 → host:177.10.236.193 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-fad6b9be10f7d404:SESSION-fad6b9be10f7d404	SESSION-fad6b9be10f7d404 → pe:rst:SESSION-fad6b9be10f7d404
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e6588ddd9fabb341:host:172.234.197.23:host:177.10.235.214	SESSION-e6588ddd9fabb341 → host:172.234.197.23 → host:177.10.235.214
flow_observed4-aryOBS	e:fo:flow:3641ab71d6be	flow:3641ab71d6be → host:172.234.197.23 → host:177.10.235.87 → port:tcp:43059
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e8e2f8ae5ea03a25:SESSION-e8e2f8ae5ea03a25	SESSION-e8e2f8ae5ea03a25 → pe:tls:SESSION-e8e2f8ae5ea03a25
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4ba4bb01be574ad6:SESSION-4ba4bb01be574ad6	SESSION-4ba4bb01be574ad6 → pe:syn:SESSION-4ba4bb01be574ad6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5634ee3b30a0b6aa:PCAP:capture_20260430070001:903a0e7a436b	SESSION-5634ee3b30a0b6aa → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb29ab40cdae1c01:host:172.234.197.23	SESSION-cb29ab40cdae1c01 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-02cfffe2a1cdb1f3:host:177.10.234.84:host:172.234.197.23	SESSION-02cfffe2a1cdb1f3 → host:177.10.234.84 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6ae8012f8306fedb:host:172.234.197.23	SESSION-6ae8012f8306fedb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f392894730d574f3:flow:649c06ee489b	SESSION-f392894730d574f3 → flow:649c06ee489b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-682271ad5b560620:host:131.196.28.176	SESSION-682271ad5b560620 → host:131.196.28.176
FLOW_TO_HOSTOBS	e:to:SESSION-30152f28b63d1649:host:172.234.197.23	SESSION-30152f28b63d1649 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2ed760af2d8fedd4:host:172.234.197.23	SESSION-2ed760af2d8fedd4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0b0070ff484a299:host:177.10.235.128:host:172.234.197.23	SESSION-c0b0070ff484a299 → host:177.10.235.128 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:c487525969c2	flow:c487525969c2 → host:172.234.197.23 → host:131.196.29.16 → port:tcp:63655
FLOW_DST_PORTOBS	e:fp:flow:d2c9dbccf315:port:tcp:443	flow:d2c9dbccf315 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-00ca7ee72922697b:SESSION-00ca7ee72922697b	SESSION-00ca7ee72922697b → pe:tls:SESSION-00ca7ee72922697b
FLOW_TO_HOSTOBS	e:to:SESSION-90804beaa6aefbc0:host:172.234.197.23	SESSION-90804beaa6aefbc0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ead27f853a5aab01:host:172.234.197.23	SESSION-ead27f853a5aab01 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9ec3678e1070a7a4:host:131.196.29.60	SESSION-9ec3678e1070a7a4 → host:131.196.29.60
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-053d7bf7ef41d243:SESSION-053d7bf7ef41d243	SESSION-053d7bf7ef41d243 → pe:tls:SESSION-053d7bf7ef41d243
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8a3bc2c7dd7e8bd1:SESSION-8a3bc2c7dd7e8bd1	SESSION-8a3bc2c7dd7e8bd1 → pe:syn:SESSION-8a3bc2c7dd7e8bd1
FLOW_FROM_HOSTOBS	e:from:SESSION-35fc058c4fe240ad:host:131.196.29.211	SESSION-35fc058c4fe240ad → host:131.196.29.211
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e074c277760af7b:SESSION-4e074c277760af7b	SESSION-4e074c277760af7b → pe:tls:SESSION-4e074c277760af7b
flow_observed5-aryOBS	e:fo:flow:7c2c1f50d17a	flow:7c2c1f50d17a → host:177.10.235.36 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9de26895ffb34a3:host:177.10.236.56	SESSION-a9de26895ffb34a3 → host:177.10.236.56
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ce1a5aa06c53f62:flow:278d5aaa1a79	SESSION-8ce1a5aa06c53f62 → flow:278d5aaa1a79
FLOW_DST_PORTOBS	e:fp:flow:2bec5cd34a40:port:tcp:443	flow:2bec5cd34a40 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.121:geo_-16.28860_-49.01640	host:177.10.235.121 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-991550775dcb0266:host:177.10.237.52	SESSION-991550775dcb0266 → host:177.10.237.52
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.179:geo_-16.28860_-49.01640	host:177.10.238.179 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-259d89cf1511dc5c:host:131.196.29.27	SESSION-259d89cf1511dc5c → host:131.196.29.27
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.199:asn:203771	host:92.112.71.199 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7ac052262d51e17:SESSION-b7ac052262d51e17	SESSION-b7ac052262d51e17 → pe:syn:SESSION-b7ac052262d51e17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bedf3bb9bf60dde0:host:45.173.156.156	SESSION-bedf3bb9bf60dde0 → host:45.173.156.156
FLOW_TO_HOSTOBS	e:to:SESSION-0c6698f170085be7:host:177.10.237.248	SESSION-0c6698f170085be7 → host:177.10.237.248
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4370d06debc0fcec:flow:a7a308f001e2	SESSION-4370d06debc0fcec → flow:a7a308f001e2
flow_observed4-aryOBS	e:fo:flow:9566befee33d	flow:9566befee33d → host:172.234.197.23 → host:177.10.236.91 → port:tcp:35431
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.70:asn:271410	host:131.196.31.70 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3cf60c38091a57a:host:172.234.197.23	SESSION-f3cf60c38091a57a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c93964ffa7e29d50:host:177.10.232.193:host:172.234.197.23	SESSION-c93964ffa7e29d50 → host:177.10.232.193 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-621f42bc5edaa56f:host:172.234.197.23	SESSION-621f42bc5edaa56f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-051bd0ccc4bec756:flow:282e04bd7969	SESSION-051bd0ccc4bec756 → flow:282e04bd7969
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.66:asn:262880	host:177.10.238.66 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-af4f3fe4058b61ab:SESSION-af4f3fe4058b61ab	SESSION-af4f3fe4058b61ab → pe:tls:SESSION-af4f3fe4058b61ab
FLOW_FROM_HOSTOBS	e:from:SESSION-1bd78fd10af70dea:host:172.234.197.23	SESSION-1bd78fd10af70dea → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2e3f5af343ed075a:SESSION-2e3f5af343ed075a	SESSION-2e3f5af343ed075a → pe:tls:SESSION-2e3f5af343ed075a
FLOW_DST_PORTOBS	e:fp:flow:77c4e561c87b:port:tcp:443	flow:77c4e561c87b → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-f1e9c5398b5e18f4:host:172.234.197.23	SESSION-f1e9c5398b5e18f4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9cfc56b56021:port:tcp:443	flow:9cfc56b56021 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-77162e002cdf71b4:host:131.196.30.158	SESSION-77162e002cdf71b4 → host:131.196.30.158
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4fb1f3797e8f19a3:flow:e4d1d674f42b	SESSION-4fb1f3797e8f19a3 → flow:e4d1d674f42b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de12aa9c0bf7f485:host:172.234.197.23	SESSION-de12aa9c0bf7f485 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-82093c184ece9713:SESSION-82093c184ece9713	SESSION-82093c184ece9713 → pe:tls:SESSION-82093c184ece9713
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.178:geo_-16.28860_-49.01640	host:177.10.235.178 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:cb77aa2dacf9:port:tcp:15013	flow:cb77aa2dacf9 → port:tcp:15013
flow_observed5-aryOBS	e:fo:flow:1b98b9f04daf	flow:1b98b9f04daf → host:89.58.44.225 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-788920b93ac95b5f:host:172.234.197.23:host:131.196.30.164	SESSION-788920b93ac95b5f → host:172.234.197.23 → host:131.196.30.164
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0b8fd41df39b968c:host:172.234.197.23:host:45.173.156.158	SESSION-0b8fd41df39b968c → host:172.234.197.23 → host:45.173.156.158
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f73f713a631f7530:SESSION-f73f713a631f7530	SESSION-f73f713a631f7530 → pe:syn:SESSION-f73f713a631f7530
flow_observed5-aryOBS	e:fo:flow:0b91fe313611	flow:0b91fe313611 → host:131.196.31.27 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-56ec76ae342b7ee6:flow:e484d817f907	SESSION-56ec76ae342b7ee6 → flow:e484d817f907
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ca1727d5d29ffb7f:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-ca1727d5d29ffb7f → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:953873827fa1:port:tcp:443	flow:953873827fa1 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-1f29948747ee8d5c:host:172.234.197.23	SESSION-1f29948747ee8d5c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-abc64529b37d4840:SESSION-abc64529b37d4840	SESSION-abc64529b37d4840 → pe:syn:SESSION-abc64529b37d4840
FLOW_TO_HOSTOBS	e:to:SESSION-118e26ad77e50cb0:host:131.196.29.239	SESSION-118e26ad77e50cb0 → host:131.196.29.239
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7dbbf6b8420ecf88:host:172.234.197.23:host:131.196.31.146	SESSION-7dbbf6b8420ecf88 → host:172.234.197.23 → host:131.196.31.146
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a137096eda6236d7:flow:d48fc354fcdd	SESSION-a137096eda6236d7 → flow:d48fc354fcdd
FLOW_FROM_HOSTOBS	e:from:SESSION-d5407005cb310ce8:host:131.196.30.214	SESSION-d5407005cb310ce8 → host:131.196.30.214
flow_observed5-aryOBS	e:fo:flow:064e5a3fddb4	flow:064e5a3fddb4 → host:131.196.28.21 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-26a93711200ab02b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-26a93711200ab02b → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-516e4259bbcb51e8:SESSION-516e4259bbcb51e8	SESSION-516e4259bbcb51e8 → pe:tls:SESSION-516e4259bbcb51e8
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.204:asn:262880	host:177.10.237.204 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3e54eb0866acbe21:SESSION-3e54eb0866acbe21	SESSION-3e54eb0866acbe21 → pe:syn:SESSION-3e54eb0866acbe21
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4993bcd996008da0:SESSION-4993bcd996008da0	SESSION-4993bcd996008da0 → pe:syn:SESSION-4993bcd996008da0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7eb452f0b60197b3:host:172.234.197.23	SESSION-7eb452f0b60197b3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f49d888fd824b97a:PCAP:capture_20260430060001:919b39a74464	SESSION-f49d888fd824b97a → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b53dcb5377a03d44:PCAP:capture_20260427200001:3ed6eed62060	SESSION-b53dcb5377a03d44 → PCAP:capture_20260427200001:3ed6eed62060
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6372f3e6dae2e87f:host:172.234.197.23	SESSION-6372f3e6dae2e87f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-46ff0fa4ec42545a:SESSION-46ff0fa4ec42545a	SESSION-46ff0fa4ec42545a → pe:rst:SESSION-46ff0fa4ec42545a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.135:geo_-16.28860_-49.01640	host:177.10.238.135 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb7dd74b64c1f7c7:PCAP:capture_20260430160001:9bfa4498506a	SESSION-cb7dd74b64c1f7c7 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:056fa8bf83c9:port:tcp:28564	flow:056fa8bf83c9 → port:tcp:28564
FLOW_TO_HOSTOBS	e:to:SESSION-f0fe0e8460d1c75f:host:177.10.234.49	SESSION-f0fe0e8460d1c75f → host:177.10.234.49
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-574dd53dd07894c0:flow:b6c8a80798fe	SESSION-574dd53dd07894c0 → flow:b6c8a80798fe
FLOW_TO_HOSTOBS	e:to:SESSION-aae7a2cdf7b4e8cc:host:172.234.197.23	SESSION-aae7a2cdf7b4e8cc → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cea44595be79fe10:host:131.196.30.13:host:172.234.197.23	SESSION-cea44595be79fe10 → host:131.196.30.13 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.86:asn:262880	host:177.10.237.86 → asn:262880
flow_observed4-aryOBS	e:fo:flow:485571b4585c	flow:485571b4585c → host:172.234.197.23 → host:177.10.234.89 → port:tcp:38639
FLOW_TO_HOSTOBS	e:to:SESSION-e61b886c68594d41:host:172.232.0.17	SESSION-e61b886c68594d41 → host:172.232.0.17
flow_observed5-aryOBS	e:fo:flow:3f99712a5e3e	flow:3f99712a5e3e → host:177.10.234.135 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-a29ca5d80bc122d0:host:177.10.235.60	SESSION-a29ca5d80bc122d0 → host:177.10.235.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6afafa975f8bbed9:host:172.234.197.23	SESSION-6afafa975f8bbed9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d8900744845bb6f3:SESSION-d8900744845bb6f3	SESSION-d8900744845bb6f3 → pe:syn:SESSION-d8900744845bb6f3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-647d0fec9adf08f1:flow:b9e53f112bb2	SESSION-647d0fec9adf08f1 → flow:b9e53f112bb2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9d11ee49864a2bc:host:177.10.234.224	SESSION-b9d11ee49864a2bc → host:177.10.234.224
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-498c2476ff0ce5ee:PCAP:capture_20260430150001:ded20914761d	SESSION-498c2476ff0ce5ee → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-3762cafcd0c66be2:host:172.234.197.23	SESSION-3762cafcd0c66be2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5b203844c0afbb25:host:172.234.197.23	SESSION-5b203844c0afbb25 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d47d434116add089:host:131.196.31.105	SESSION-d47d434116add089 → host:131.196.31.105
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c7c9a5d15324e2ea:flow:e7cfd0a388ab	SESSION-c7c9a5d15324e2ea → flow:e7cfd0a388ab
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e87421895e57790a:flow:6317a0a33a58	SESSION-e87421895e57790a → flow:6317a0a33a58
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35834184401bcda8:host:54.184.232.115	SESSION-35834184401bcda8 → host:54.184.232.115
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a103d39af7264a48:SESSION-a103d39af7264a48	SESSION-a103d39af7264a48 → pe:syn:SESSION-a103d39af7264a48
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7fea0326f1ddbdfc:SESSION-7fea0326f1ddbdfc	SESSION-7fea0326f1ddbdfc → pe:tls:SESSION-7fea0326f1ddbdfc
FLOW_TO_HOSTOBS	e:to:SESSION-9a6aeb664ff97dbd:host:172.234.197.23	SESSION-9a6aeb664ff97dbd → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d4b99e72a5e5	flow:d4b99e72a5e5 → host:172.234.197.23 → host:131.196.31.227 → port:tcp:27546
flow_observed5-aryOBS	e:fo:flow:ff07c644ba1f	flow:ff07c644ba1f → host:177.10.235.197 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-90d4f232d3edc1de:host:172.234.197.23	SESSION-90d4f232d3edc1de → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fbcf03ac27ad8556:host:172.234.197.23	SESSION-fbcf03ac27ad8556 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.166:asn:262880	host:177.10.234.166 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96abdd68944f2af2:host:177.10.233.17:host:172.234.197.23	SESSION-96abdd68944f2af2 → host:177.10.233.17 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d43da16ef3276f9b:SESSION-d43da16ef3276f9b	SESSION-d43da16ef3276f9b → pe:tls:SESSION-d43da16ef3276f9b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2d3ff3dcf229051b:SESSION-2d3ff3dcf229051b	SESSION-2d3ff3dcf229051b → pe:tls:SESSION-2d3ff3dcf229051b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.24:asn:262880	host:177.10.238.24 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-37ce4ecafac50117:host:172.234.197.23	SESSION-37ce4ecafac50117 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0703046ab49b:port:tcp:443	flow:0703046ab49b → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-d1b588a91707aaaf:host:172.234.197.23	SESSION-d1b588a91707aaaf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6af0fd134ffb330e:SESSION-6af0fd134ffb330e	SESSION-6af0fd134ffb330e → pe:syn:SESSION-6af0fd134ffb330e
FLOW_TO_HOSTOBS	e:to:SESSION-e8ef5b0d475390b4:host:172.234.197.23	SESSION-e8ef5b0d475390b4 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6c9e69924488	flow:6c9e69924488 → host:177.10.232.114 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7fb420f75ffa7d0f:SESSION-7fb420f75ffa7d0f	SESSION-7fb420f75ffa7d0f → pe:syn:SESSION-7fb420f75ffa7d0f
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.205:asn:273470	host:45.173.156.205 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-c58c12f678d65836:host:177.10.235.211	SESSION-c58c12f678d65836 → host:177.10.235.211
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.57:geo_-16.28860_-49.01640	host:177.10.236.57 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-b6806cb851ed3b70:host:45.173.156.220	SESSION-b6806cb851ed3b70 → host:45.173.156.220
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.8:asn:262880	host:177.10.239.8 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7dea1c67796075ab:SESSION-7dea1c67796075ab	SESSION-7dea1c67796075ab → pe:tls:SESSION-7dea1c67796075ab
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-73c4b3cbea42a394:SESSION-73c4b3cbea42a394	SESSION-73c4b3cbea42a394 → pe:syn:SESSION-73c4b3cbea42a394
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2af2d979895f4943:host:177.10.236.101	SESSION-2af2d979895f4943 → host:177.10.236.101
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2dd1a49fa9f1084b:flow:41e89e3f233c	SESSION-2dd1a49fa9f1084b → flow:41e89e3f233c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ee986621b3f988f:host:172.234.197.23:host:177.10.237.64	SESSION-1ee986621b3f988f → host:172.234.197.23 → host:177.10.237.64
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d53928eb39cd6093:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d53928eb39cd6093 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:cedcf4e5a862:port:tcp:443	flow:cedcf4e5a862 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a27e337d4c0b49f3:host:172.234.197.23	SESSION-a27e337d4c0b49f3 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.19:asn:262880	host:177.10.232.19 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-9e1cb285535c63d0:host:177.10.233.228	SESSION-9e1cb285535c63d0 → host:177.10.233.228
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b73ad2a19ec53d4:host:172.234.197.23	SESSION-5b73ad2a19ec53d4 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8afefd3a9ee9	flow:8afefd3a9ee9 → host:131.196.31.196 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:e41cd30fc843:port:tcp:5426	flow:e41cd30fc843 → port:tcp:5426
FLOW_DST_PORTOBS	e:fp:flow:0afb774e9b77:port:tcp:80	flow:0afb774e9b77 → port:tcp:80
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.151:geo_-16.28860_-49.01640	host:177.10.236.151 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-12879c55e793c987:flow:fe720b597bbb	SESSION-12879c55e793c987 → flow:fe720b597bbb
FLOW_FROM_HOSTOBS	e:from:SESSION-458faec2c6be4af1:host:172.234.197.23	SESSION-458faec2c6be4af1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36abdcc0889b5aa2:host:172.234.197.23	SESSION-36abdcc0889b5aa2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-95c23d407c86213b:flow:3de7f41573d5	SESSION-95c23d407c86213b → flow:3de7f41573d5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9cd8abbfdfb95d18:host:172.234.197.23	SESSION-9cd8abbfdfb95d18 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.134:geo_-16.28860_-49.01640	host:177.10.236.134 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9eb3af12cfff0086:SESSION-9eb3af12cfff0086	SESSION-9eb3af12cfff0086 → pe:syn:SESSION-9eb3af12cfff0086
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dee230b22d739e8a:flow:4095d9e6e8e6	SESSION-dee230b22d739e8a → flow:4095d9e6e8e6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-664154a8ce71c549:host:172.234.197.23	SESSION-664154a8ce71c549 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2a81d3c71843f89e:host:149.210.194.32:host:172.234.197.23	SESSION-2a81d3c71843f89e → host:149.210.194.32 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0b8fd41df39b968c:SESSION-0b8fd41df39b968c	SESSION-0b8fd41df39b968c → pe:syn:SESSION-0b8fd41df39b968c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1600cc83b8cea24d:flow:00a102725075	SESSION-1600cc83b8cea24d → flow:00a102725075
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2b9c1bf42f4683a2:SESSION-2b9c1bf42f4683a2	SESSION-2b9c1bf42f4683a2 → pe:tls:SESSION-2b9c1bf42f4683a2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-68adb943f73c50e9:SESSION-68adb943f73c50e9	SESSION-68adb943f73c50e9 → pe:syn:SESSION-68adb943f73c50e9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-359d98e6d1200746:host:131.196.30.129:host:172.234.197.23	SESSION-359d98e6d1200746 → host:131.196.30.129 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-bfbb16ce344dac5c:SESSION-bfbb16ce344dac5c	SESSION-bfbb16ce344dac5c → pe:rst:SESSION-bfbb16ce344dac5c
flow_observed5-aryOBS	e:fo:flow:a4dd7b09efb9	flow:a4dd7b09efb9 → host:131.196.29.4 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-eb9826b2bc40f219:host:177.10.238.191	SESSION-eb9826b2bc40f219 → host:177.10.238.191
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-365dad18baa46a43:host:95.170.25.190:host:172.234.197.23	SESSION-365dad18baa46a43 → host:95.170.25.190 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.178:geo_-16.28860_-49.01640	host:177.10.234.178 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38ea28f2e42013a7:host:177.10.237.8	SESSION-38ea28f2e42013a7 → host:177.10.237.8
flow_observed4-aryOBS	e:fo:flow:b28ee83bee37	flow:b28ee83bee37 → host:172.234.197.23 → host:177.10.232.12 → port:tcp:6778
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-698d45df22ea2a48:host:45.173.156.2	SESSION-698d45df22ea2a48 → host:45.173.156.2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2290de8fcf2817df:flow:cbd950fb1800	SESSION-2290de8fcf2817df → flow:cbd950fb1800
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2f35e45e57d830f4:PCAP:capture_20260430090001:065659c7d314	SESSION-2f35e45e57d830f4 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8452ffa75e7fe764:flow:1a1072de1ab1	SESSION-8452ffa75e7fe764 → flow:1a1072de1ab1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5e5c0136d660133a:SESSION-5e5c0136d660133a	SESSION-5e5c0136d660133a → pe:tls:SESSION-5e5c0136d660133a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-29bd7d52bed21c18:SESSION-29bd7d52bed21c18	SESSION-29bd7d52bed21c18 → pe:syn:SESSION-29bd7d52bed21c18
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1f29948747ee8d5c:PCAP:capture_20260430060001:919b39a74464	SESSION-1f29948747ee8d5c → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-41c82fa43395463b:host:172.234.197.23:host:45.173.156.120	SESSION-41c82fa43395463b → host:172.234.197.23 → host:45.173.156.120
flow_observed5-aryOBS	e:fo:flow:ec21a296c078	flow:ec21a296c078 → host:131.196.28.153 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:31327b4941f7:port:tcp:443	flow:31327b4941f7 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-affecc1e92c420cb:host:177.10.234.146	SESSION-affecc1e92c420cb → host:177.10.234.146
flow_observed4-aryOBS	e:fo:flow:e802dd97f0ec	flow:e802dd97f0ec → host:172.234.197.23 → host:177.10.237.162 → port:tcp:56852
flow_observed5-aryOBS	e:fo:flow:47c922c3eea5	flow:47c922c3eea5 → host:131.196.29.183 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7c96791011a0f6f2:SESSION-7c96791011a0f6f2	SESSION-7c96791011a0f6f2 → pe:syn:SESSION-7c96791011a0f6f2
FLOW_DST_PORTOBS	e:fp:flow:158fee2de95a:port:tcp:55154	flow:158fee2de95a → port:tcp:55154
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d75311b4cd1e33ff:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d75311b4cd1e33ff → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-438fb49dfab0fe81:flow:30f3c6e42212	SESSION-438fb49dfab0fe81 → flow:30f3c6e42212
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6a9e4c3921500675:SESSION-6a9e4c3921500675	SESSION-6a9e4c3921500675 → pe:tls:SESSION-6a9e4c3921500675
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:13.208.213.50:geo_34.69300_135.50050	host:13.208.213.50 → geo_34.69300_135.50050
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f4e3933219f15471:SESSION-f4e3933219f15471	SESSION-f4e3933219f15471 → pe:tls:SESSION-f4e3933219f15471
FLOW_TO_HOSTOBS	e:to:SESSION-caf4287e8000c114:host:172.234.197.23	SESSION-caf4287e8000c114 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4a4f6dd7436745b4:host:172.234.197.23	SESSION-4a4f6dd7436745b4 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e73771addca62c13:PCAP:capture_20260430070001:903a0e7a436b	SESSION-e73771addca62c13 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-8165f1476121226e:host:147.135.97.222	SESSION-8165f1476121226e → host:147.135.97.222
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-578ff4b2beeb08df:SESSION-578ff4b2beeb08df	SESSION-578ff4b2beeb08df → pe:tls:SESSION-578ff4b2beeb08df
FLOW_DST_PORTOBS	e:fp:flow:06b8e713de3e:port:tcp:15755	flow:06b8e713de3e → port:tcp:15755
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81a82597e7e06ed6:host:177.10.234.140	SESSION-81a82597e7e06ed6 → host:177.10.234.140
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-98452f7d1a82c494:flow:ac5114e8861b	SESSION-98452f7d1a82c494 → flow:ac5114e8861b
FLOW_FROM_HOSTOBS	e:from:SESSION-1705f35e2db46a43:host:172.234.197.23	SESSION-1705f35e2db46a43 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-217f16055e8d00da:host:172.234.197.23	SESSION-217f16055e8d00da → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5c24af053222fbf1:SESSION-5c24af053222fbf1	SESSION-5c24af053222fbf1 → pe:tls:SESSION-5c24af053222fbf1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5de3ca130be8f6d5:host:45.173.156.167	SESSION-5de3ca130be8f6d5 → host:45.173.156.167
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e6a5c0858fcd0d09:SESSION-e6a5c0858fcd0d09	SESSION-e6a5c0858fcd0d09 → pe:syn:SESSION-e6a5c0858fcd0d09
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ee6825b3a9be6d1:PCAP:capture_20260430110001:43611bdf6759	SESSION-6ee6825b3a9be6d1 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c3d488fa50a25e1f:host:45.173.156.253:host:172.234.197.23	SESSION-c3d488fa50a25e1f → host:45.173.156.253 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-647d0fec9adf08f1:PCAP:capture_20260430080001:93f47cc296a4	SESSION-647d0fec9adf08f1 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d8cc052a984adc75:flow:2b98ad37e1cb	SESSION-d8cc052a984adc75 → flow:2b98ad37e1cb
FLOW_TO_HOSTOBS	e:to:SESSION-0e42d909a57b4903:host:131.196.28.12	SESSION-0e42d909a57b4903 → host:131.196.28.12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9ce76aef4cf62c0f:SESSION-9ce76aef4cf62c0f	SESSION-9ce76aef4cf62c0f → pe:tls:SESSION-9ce76aef4cf62c0f
FLOW_FROM_HOSTOBS	e:from:SESSION-e606b3df4d49b4d1:host:131.196.31.38	SESSION-e606b3df4d49b4d1 → host:131.196.31.38
FLOW_FROM_HOSTOBS	e:from:SESSION-95e8a61a9d5e6397:host:172.234.197.23	SESSION-95e8a61a9d5e6397 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b63f651026b2:port:tcp:443	flow:b63f651026b2 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bc3cb32f8be8837a:SESSION-bc3cb32f8be8837a	SESSION-bc3cb32f8be8837a → pe:syn:SESSION-bc3cb32f8be8837a
FLOW_DST_PORTOBS	e:fp:flow:974c9a601f83:port:tcp:443	flow:974c9a601f83 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8d587dd5c581936e:PCAP:capture_20260430150001:ded20914761d	SESSION-8d587dd5c581936e → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-60441095965530ae:PCAP:capture_20260430080001:93f47cc296a4	SESSION-60441095965530ae → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b30dbd402b74df1:host:131.196.31.83	SESSION-9b30dbd402b74df1 → host:131.196.31.83
flow_observed4-aryOBS	e:fo:flow:9f8b2f6a6213	flow:9f8b2f6a6213 → host:172.234.197.23 → host:177.10.238.201 → port:tcp:64651
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4fd6590fe23ccd99:PCAP:capture_20260430060001:919b39a74464	SESSION-4fd6590fe23ccd99 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-354c21b56902e892:host:131.196.31.10	SESSION-354c21b56902e892 → host:131.196.31.10
FLOW_TO_HOSTOBS	e:to:SESSION-55e2fb280d3c8e24:host:172.234.197.23	SESSION-55e2fb280d3c8e24 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2005509481f3ca7:host:131.196.31.234	SESSION-a2005509481f3ca7 → host:131.196.31.234
FLOW_DST_PORTOBS	e:fp:flow:6bf63e143c80:port:tcp:443	flow:6bf63e143c80 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-142a24cb96c02884:flow:19f7959faebc	SESSION-142a24cb96c02884 → flow:19f7959faebc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d8d8471d99b0ccf5:flow:2d1cf2749b3f	SESSION-d8d8471d99b0ccf5 → flow:2d1cf2749b3f
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.0:asn:262880	host:177.10.238.0 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f479797471e82d6b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-f479797471e82d6b → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ae5500b1626fa45f:SESSION-ae5500b1626fa45f	SESSION-ae5500b1626fa45f → pe:tls:SESSION-ae5500b1626fa45f
flow_observed5-aryOBS	e:fo:flow:1ebdbf8c87e0	flow:1ebdbf8c87e0 → host:131.196.29.215 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:aabc1306386d:port:tcp:443	flow:aabc1306386d → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:a39fcd817f5f:port:tcp:443	flow:a39fcd817f5f → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b4f4901fb8368e3:host:172.234.197.23	SESSION-7b4f4901fb8368e3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2646f5b9f41a01d2:host:177.10.236.94	SESSION-2646f5b9f41a01d2 → host:177.10.236.94
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec928f375ba591f1:host:45.173.156.26	SESSION-ec928f375ba591f1 → host:45.173.156.26
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3ecb9e93c79a4bef:PCAP:capture_20260430060001:919b39a74464	SESSION-3ecb9e93c79a4bef → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-fad7428bd8cc35c5:host:172.234.197.23	SESSION-fad7428bd8cc35c5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ee088f254667f6a:host:131.196.28.175	SESSION-6ee088f254667f6a → host:131.196.28.175
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.199:geo_-16.28860_-49.01640	host:177.10.237.199 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:8c48fea8e45c:port:tcp:443	flow:8c48fea8e45c → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:1bf759d3ac72	flow:1bf759d3ac72 → host:172.234.197.23 → host:131.196.31.165 → port:tcp:52773
FLOW_FROM_HOSTOBS	e:from:SESSION-4ec917f0e741b647:host:131.196.29.196	SESSION-4ec917f0e741b647 → host:131.196.29.196
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-567e9582c6914b15:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-567e9582c6914b15 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-06ba851c038c998a:host:177.10.233.255	SESSION-06ba851c038c998a → host:177.10.233.255
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-608f6686d64f8e3e:SESSION-608f6686d64f8e3e	SESSION-608f6686d64f8e3e → pe:tls:SESSION-608f6686d64f8e3e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d5941c68a821530:host:172.234.197.23	SESSION-5d5941c68a821530 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-903738316b123ea7:PCAP:capture_20260430090001:065659c7d314	SESSION-903738316b123ea7 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:c55582ff0267	flow:c55582ff0267 → host:177.10.239.20 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-ca5156d485d150e2:SESSION-ca5156d485d150e2	SESSION-ca5156d485d150e2 → pe:rst:SESSION-ca5156d485d150e2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-24f1ec9c7d379a9b:flow:079d8a1faf2e	SESSION-24f1ec9c7d379a9b → flow:079d8a1faf2e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c35942669d0b12c8:host:95.56.227.200	SESSION-c35942669d0b12c8 → host:95.56.227.200
FLOW_TO_HOSTOBS	e:to:SESSION-20c169d44973b1e9:host:172.234.197.23	SESSION-20c169d44973b1e9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4fd5cc70e8cf2108:SESSION-4fd5cc70e8cf2108	SESSION-4fd5cc70e8cf2108 → pe:tls:SESSION-4fd5cc70e8cf2108
FLOW_FROM_HOSTOBS	e:from:SESSION-7640c6607dc14992:host:131.196.28.240	SESSION-7640c6607dc14992 → host:131.196.28.240
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-426c38e34029cb1b:host:172.234.197.23:host:177.10.233.76	SESSION-426c38e34029cb1b → host:172.234.197.23 → host:177.10.233.76
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-affea3171060a6d3:host:177.10.239.207:host:172.234.197.23	SESSION-affea3171060a6d3 → host:177.10.239.207 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.34:geo_-16.28860_-49.01640	host:177.10.232.34 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f8d6efdf3cd688f1:SESSION-f8d6efdf3cd688f1	SESSION-f8d6efdf3cd688f1 → pe:tls:SESSION-f8d6efdf3cd688f1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ed3cc3ecfbc3d3c:host:172.234.197.23	SESSION-7ed3cc3ecfbc3d3c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5ba8512040d3b37b:host:172.234.197.23	SESSION-5ba8512040d3b37b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fc0d354223e065ab:flow:745dc28faeae	SESSION-fc0d354223e065ab → flow:745dc28faeae
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e5c0136d660133a:host:172.234.197.23	SESSION-5e5c0136d660133a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7eeea37688fc574d:host:177.10.238.157	SESSION-7eeea37688fc574d → host:177.10.238.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-55ac8b9837cbe539:SESSION-55ac8b9837cbe539	SESSION-55ac8b9837cbe539 → pe:syn:SESSION-55ac8b9837cbe539
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2625555cac004c06:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2625555cac004c06 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d678c7d14c2f15db:host:172.234.197.23:host:177.10.237.146	SESSION-d678c7d14c2f15db → host:172.234.197.23 → host:177.10.237.146
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c2474adee374207e:SESSION-c2474adee374207e	SESSION-c2474adee374207e → pe:syn:SESSION-c2474adee374207e
FLOW_FROM_HOSTOBS	e:from:SESSION-784ef99bf699df93:host:104.28.202.77	SESSION-784ef99bf699df93 → host:104.28.202.77
FLOW_DST_PORTOBS	e:fp:flow:b9b222cba2fe:port:tcp:443	flow:b9b222cba2fe → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ae33589f66e7ab9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6ae33589f66e7ab9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5491ebf26b201b1a:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5491ebf26b201b1a → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-605f000d6a5e20b1:host:172.234.197.23	SESSION-605f000d6a5e20b1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fe1d6d23886f083a:host:172.234.197.23	SESSION-fe1d6d23886f083a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e7098e9f09e131f1:host:172.234.197.23	SESSION-e7098e9f09e131f1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6ac8ab77b48a8c37:host:177.10.238.250	SESSION-6ac8ab77b48a8c37 → host:177.10.238.250
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.152:geo_-16.28860_-49.01640	host:177.10.238.152 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-93d8ace0d48e8910:host:177.10.232.19	SESSION-93d8ace0d48e8910 → host:177.10.232.19
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9f9972302e9230d9:host:45.173.156.163:host:172.234.197.23	SESSION-9f9972302e9230d9 → host:45.173.156.163 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f9432a8af193:port:tcp:443	flow:f9432a8af193 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc060cc400f18b5d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-cc060cc400f18b5d → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3643dbad405bac1:host:172.234.197.23	SESSION-a3643dbad405bac1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-848626bce2ee7b76:host:172.234.197.23	SESSION-848626bce2ee7b76 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-de195b26c1af220a:SESSION-de195b26c1af220a	SESSION-de195b26c1af220a → pe:syn:SESSION-de195b26c1af220a
FLOW_DST_PORTOBS	e:fp:flow:555248b9d27b:port:tcp:443	flow:555248b9d27b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-26f197960c59c7f7:host:131.196.28.195	SESSION-26f197960c59c7f7 → host:131.196.28.195
flow_observed5-aryOBS	e:fo:flow:58c3e3a098e4	flow:58c3e3a098e4 → host:45.173.156.169 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ae64075781208b0:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6ae64075781208b0 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9d58dc4e289d6c4c:PCAP:capture_20260430110001:43611bdf6759	SESSION-9d58dc4e289d6c4c → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:2a26dc28d5ba	flow:2a26dc28d5ba → host:177.10.236.151 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-167179e2a869fa22:SESSION-167179e2a869fa22	SESSION-167179e2a869fa22 → pe:syn:SESSION-167179e2a869fa22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9e896271e9295df4:SESSION-9e896271e9295df4	SESSION-9e896271e9295df4 → pe:tls:SESSION-9e896271e9295df4
FLOW_DST_PORTOBS	e:fp:flow:688f8270244b:port:tcp:443	flow:688f8270244b → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b6f4863e4efa4050:PCAP:capture_20260430060001:919b39a74464	SESSION-b6f4863e4efa4050 → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:88ae630b16fe	flow:88ae630b16fe → host:177.10.238.50 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f3cf945d3d1ddd41:host:177.10.236.86	SESSION-f3cf945d3d1ddd41 → host:177.10.236.86
FLOW_FROM_HOSTOBS	e:from:SESSION-ef002e94e1d9ac81:host:172.234.197.23	SESSION-ef002e94e1d9ac81 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65a2e80880ae05c5:host:177.10.239.113	SESSION-65a2e80880ae05c5 → host:177.10.239.113
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.239:geo_-16.28860_-49.01640	host:177.10.239.239 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.8:asn:271410	host:131.196.31.8 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-324907e130151d7d:host:131.196.29.134	SESSION-324907e130151d7d → host:131.196.29.134
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-527af3b786e52b88:flow:f40a64ba9fc2	SESSION-527af3b786e52b88 → flow:f40a64ba9fc2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ec2cd7bdebda0247:host:177.10.237.6:host:172.234.197.23	SESSION-ec2cd7bdebda0247 → host:177.10.237.6 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9ea69d35daebb9b8:flow:acc8fbc4722c	SESSION-9ea69d35daebb9b8 → flow:acc8fbc4722c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-418ea5f834fbfdc6:host:172.234.197.23	SESSION-418ea5f834fbfdc6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8452ffa75e7fe764:host:172.234.197.23	SESSION-8452ffa75e7fe764 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:dd029d64292f	flow:dd029d64292f → host:177.10.237.24 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7fd0e8f46f0bc660:SESSION-7fd0e8f46f0bc660	SESSION-7fd0e8f46f0bc660 → pe:tls:SESSION-7fd0e8f46f0bc660
FLOW_DST_PORTOBS	e:fp:flow:ae8c060ae852:port:tcp:443	flow:ae8c060ae852 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:de2bca123a5e:port:tcp:443	flow:de2bca123a5e → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.253:asn:273470	host:45.173.156.253 → asn:273470
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.220:geo_-16.28860_-49.01640	host:177.10.232.220 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2997df12bb4a545b:host:177.10.233.87	SESSION-2997df12bb4a545b → host:177.10.233.87
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1227c455b771a86:host:177.10.238.160:host:172.234.197.23	SESSION-d1227c455b771a86 → host:177.10.238.160 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2fd944013b60077a:host:172.234.197.23	SESSION-2fd944013b60077a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9e8879d591cbfcd7:host:131.196.30.98:host:172.234.197.23	SESSION-9e8879d591cbfcd7 → host:131.196.30.98 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a8376f0f57e00ff1:host:172.234.197.23	SESSION-a8376f0f57e00ff1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.197:geo_-16.28860_-49.01640	host:177.10.239.197 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ba1cfcea34ace70:host:177.10.239.244	SESSION-2ba1cfcea34ace70 → host:177.10.239.244
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6d547ed30afcbb9f:flow:a72e0ef9e58a	SESSION-6d547ed30afcbb9f → flow:a72e0ef9e58a
FLOW_DST_PORTOBS	e:fp:flow:3ca25dda4ddb:port:tcp:443	flow:3ca25dda4ddb → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6492f21e062d19aa:PCAP:capture_20260430160001:9bfa4498506a	SESSION-6492f21e062d19aa → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4eeddeaeae099136:host:131.196.31.121	SESSION-4eeddeaeae099136 → host:131.196.31.121
flow_observed4-aryOBS	e:fo:flow:faf417b2cefd	flow:faf417b2cefd → host:172.234.197.23 → host:177.10.232.251 → port:tcp:37712
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-724b8ddf902cc285:host:16.171.55.148	SESSION-724b8ddf902cc285 → host:16.171.55.148
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0af0d5d1b3f6259:flow:0734cf22f874	SESSION-c0af0d5d1b3f6259 → flow:0734cf22f874
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-99a4fe376d3938fb:PCAP:capture_20260430150001:ded20914761d	SESSION-99a4fe376d3938fb → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:7ef7e61abeff:port:tcp:443	flow:7ef7e61abeff → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f580776b9a7f0d25:SESSION-f580776b9a7f0d25	SESSION-f580776b9a7f0d25 → pe:syn:SESSION-f580776b9a7f0d25
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.8:geo_-16.28860_-49.01640	host:177.10.233.8 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8739e7552ccb5cc0:SESSION-8739e7552ccb5cc0	SESSION-8739e7552ccb5cc0 → pe:tls:SESSION-8739e7552ccb5cc0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8fbc053aa21c3a10:host:172.234.197.23	SESSION-8fbc053aa21c3a10 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d0485ecaf8e8edab:host:172.234.197.23	SESSION-d0485ecaf8e8edab → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f377c5e49ededc1c:SESSION-f377c5e49ededc1c	SESSION-f377c5e49ededc1c → pe:tls:SESSION-f377c5e49ededc1c
FLOW_TO_HOSTOBS	e:to:SESSION-3fa65fdb17829700:host:177.10.232.34	SESSION-3fa65fdb17829700 → host:177.10.232.34
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dba7d64f7032fffd:host:177.10.232.207:host:172.234.197.23	SESSION-dba7d64f7032fffd → host:177.10.232.207 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1898da4930ba04f2:host:131.196.31.30	SESSION-1898da4930ba04f2 → host:131.196.31.30
FLOW_TO_HOSTOBS	e:to:SESSION-498c2476ff0ce5ee:host:131.196.29.166	SESSION-498c2476ff0ce5ee → host:131.196.29.166
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4337995d605bd9f8:host:177.10.232.156	SESSION-4337995d605bd9f8 → host:177.10.232.156
FLOW_FROM_HOSTOBS	e:from:SESSION-7852f400065b4a55:host:131.196.30.143	SESSION-7852f400065b4a55 → host:131.196.30.143
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06d2ad4243fb8941:host:172.234.197.23	SESSION-06d2ad4243fb8941 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1b86cb8b1911:port:tcp:443	flow:1b86cb8b1911 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f78268addd9f6ca3:PCAP:capture_20260430080001:93f47cc296a4	SESSION-f78268addd9f6ca3 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a7cfd4f435147ff3:flow:d46d851df776	SESSION-a7cfd4f435147ff3 → flow:d46d851df776
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-60f4d0af24f032dd:SESSION-60f4d0af24f032dd	SESSION-60f4d0af24f032dd → pe:tls:SESSION-60f4d0af24f032dd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db5998ef2bd3405b:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-db5998ef2bd3405b → PCAP:capture_20260427230001:ca8bd1ce36e2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5a4d952075d0ee24:host:177.10.234.224:host:172.234.197.23	SESSION-5a4d952075d0ee24 → host:177.10.234.224 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a038f6735218c73a:flow:48b5e51b7b0b	SESSION-a038f6735218c73a → flow:48b5e51b7b0b
FLOW_FROM_HOSTOBS	e:from:SESSION-f00ab97ef4b401c8:host:172.234.197.23	SESSION-f00ab97ef4b401c8 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:135629:org:Ningxia West Cloud Data Technology Co.Ltd.	asn:135629 → org:Ningxia West Cloud Data Technology Co.Ltd.
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47ed07d15aa63df9:host:177.10.234.103:host:172.234.197.23	SESSION-47ed07d15aa63df9 → host:177.10.234.103 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-17fb8dd67040757e:host:172.234.197.23:host:177.10.233.63	SESSION-17fb8dd67040757e → host:172.234.197.23 → host:177.10.233.63
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-952305350dc386c3:host:131.196.30.102:host:172.234.197.23	SESSION-952305350dc386c3 → host:131.196.30.102 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a9f928f7ece6fbf:host:172.234.197.23	SESSION-2a9f928f7ece6fbf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fb6a6e3ef5fc132c:SESSION-fb6a6e3ef5fc132c	SESSION-fb6a6e3ef5fc132c → pe:syn:SESSION-fb6a6e3ef5fc132c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28e21153f6abb648:host:131.196.30.9	SESSION-28e21153f6abb648 → host:131.196.30.9
FLOW_FROM_HOSTOBS	e:from:SESSION-5bab109b42e3a8d7:host:172.234.197.23	SESSION-5bab109b42e3a8d7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f939f17e17be:port:tcp:443	flow:f939f17e17be → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-4a2f82c2a85816be:host:172.234.197.23	SESSION-4a2f82c2a85816be → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1362b7f51908925c:host:131.196.29.237:host:172.234.197.23	SESSION-1362b7f51908925c → host:131.196.29.237 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-41808c8c85c3c4d3:host:177.10.232.1:host:172.234.197.23	SESSION-41808c8c85c3c4d3 → host:177.10.232.1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2996f9b3a522abad:flow:4fc6b8b9e911	SESSION-2996f9b3a522abad → flow:4fc6b8b9e911
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ff369745433a15b5:SESSION-ff369745433a15b5	SESSION-ff369745433a15b5 → pe:tls:SESSION-ff369745433a15b5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff2bd1b9d0923cc1:host:172.234.197.23	SESSION-ff2bd1b9d0923cc1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:124cc7b94ae6:port:tcp:443	flow:124cc7b94ae6 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-3ea330cf59d2a2f8:host:172.234.197.23	SESSION-3ea330cf59d2a2f8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5e08e3213e2e0e28:PCAP:capture_20260430060001:919b39a74464	SESSION-5e08e3213e2e0e28 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6c0d18b24ee9d3d4:SESSION-6c0d18b24ee9d3d4	SESSION-6c0d18b24ee9d3d4 → pe:tls:SESSION-6c0d18b24ee9d3d4
flow_observed5-aryOBS	e:fo:flow:d02dda6f047e	flow:d02dda6f047e → host:177.10.236.180 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0d11915f1f4e9ef9:SESSION-0d11915f1f4e9ef9	SESSION-0d11915f1f4e9ef9 → pe:syn:SESSION-0d11915f1f4e9ef9
FLOW_TO_HOSTOBS	e:to:SESSION-5c1a2c7dc69870b1:host:172.234.197.23	SESSION-5c1a2c7dc69870b1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:24c19681bc1b	flow:24c19681bc1b → host:177.10.232.45 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:bea613e6f5e4:port:tcp:30706	flow:bea613e6f5e4 → port:tcp:30706
FLOW_TO_HOSTOBS	e:to:SESSION-605cf9d10467f8d3:host:172.234.197.23	SESSION-605cf9d10467f8d3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-846d654fbba579ab:SESSION-846d654fbba579ab	SESSION-846d654fbba579ab → pe:rst:SESSION-846d654fbba579ab
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9a5aae11508cfd60:flow:48fe1a33ef41	SESSION-9a5aae11508cfd60 → flow:48fe1a33ef41
FLOW_TO_HOSTOBS	e:to:SESSION-617da6f9980af1b7:host:172.234.197.23	SESSION-617da6f9980af1b7 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:53c36095e850	flow:53c36095e850 → host:177.10.239.107 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c1a633dafddc79f1:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-c1a633dafddc79f1 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-c639517e7e5752d7:host:172.234.197.23	SESSION-c639517e7e5752d7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5ee9797d15d423e:SESSION-b5ee9797d15d423e	SESSION-b5ee9797d15d423e → pe:syn:SESSION-b5ee9797d15d423e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.172:geo_-16.28860_-49.01640	host:177.10.232.172 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1995c5dc0203e07b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1995c5dc0203e07b → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-536e36b5c95ee442:host:31.40.196.151	SESSION-536e36b5c95ee442 → host:31.40.196.151
FLOW_FROM_HOSTOBS	e:from:SESSION-85869808bb7240b3:host:172.234.197.23	SESSION-85869808bb7240b3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-492b019ad94826ae:flow:8811d2339559	SESSION-492b019ad94826ae → flow:8811d2339559
FLOW_TO_HOSTOBS	e:to:SESSION-0e52442a00447444:host:131.196.30.59	SESSION-0e52442a00447444 → host:131.196.30.59
FLOW_DST_PORTOBS	e:fp:flow:b9d1ec120f8e:port:tcp:24181	flow:b9d1ec120f8e → port:tcp:24181
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d083da2d95669221:host:177.10.237.63	SESSION-d083da2d95669221 → host:177.10.237.63
FLOW_FROM_HOSTOBS	e:from:SESSION-eb82ec2c88e573dc:host:172.234.197.23	SESSION-eb82ec2c88e573dc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f15dcbaf5ef33ebd:host:131.196.29.230	SESSION-f15dcbaf5ef33ebd → host:131.196.29.230
FLOW_DST_PORTOBS	e:fp:flow:c4b12d61b6c1:port:tcp:443	flow:c4b12d61b6c1 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-ce92926e8e7d59d2:host:177.10.238.68	SESSION-ce92926e8e7d59d2 → host:177.10.238.68
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0228dcfe5eb3ed0e:host:177.10.235.1:host:172.234.197.23	SESSION-0228dcfe5eb3ed0e → host:177.10.235.1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-347bad418eab3a6f:SESSION-347bad418eab3a6f	SESSION-347bad418eab3a6f → pe:tls:SESSION-347bad418eab3a6f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.140:geo_-16.28860_-49.01640	host:177.10.235.140 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-3bec1644a83cc4e1:host:177.10.232.253	SESSION-3bec1644a83cc4e1 → host:177.10.232.253
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-08eebf44a6874d1b:flow:5ddcdc0f12fb	SESSION-08eebf44a6874d1b → flow:5ddcdc0f12fb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ee402158031a28f0:host:177.10.235.152:host:172.234.197.23	SESSION-ee402158031a28f0 → host:177.10.235.152 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a10e6ba939684b8:host:172.234.197.23	SESSION-6a10e6ba939684b8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5a78d91cebd5172f:SESSION-5a78d91cebd5172f	SESSION-5a78d91cebd5172f → pe:tls:SESSION-5a78d91cebd5172f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6d4e81930fa292a8:host:177.10.233.101:host:172.234.197.23	SESSION-6d4e81930fa292a8 → host:177.10.233.101 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:6a1093ef65dd	flow:6a1093ef65dd → host:54.200.68.109 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8e3ae4e48a37cfd6:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8e3ae4e48a37cfd6 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df8de933ba817d8f:host:172.234.197.23	SESSION-df8de933ba817d8f → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.142:asn:273470	host:45.173.156.142 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d00c2356d94b56a1:host:172.234.197.23	SESSION-d00c2356d94b56a1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ff0c6bdae7c0fa78:SESSION-ff0c6bdae7c0fa78	SESSION-ff0c6bdae7c0fa78 → pe:syn:SESSION-ff0c6bdae7c0fa78
flow_observed5-aryOBS	e:fo:flow:d6e76a66edfd	flow:d6e76a66edfd → host:177.10.232.168 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:01417a6aeccd	flow:01417a6aeccd → host:172.234.197.23 → host:177.10.234.51 → port:tcp:45869
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57d0b948d59d1db4:host:172.234.197.23	SESSION-57d0b948d59d1db4 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2c0e36a618e9	flow:2c0e36a618e9 → host:177.10.234.194 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-cff48a7a06adcd8f:host:172.234.197.23	SESSION-cff48a7a06adcd8f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c8bf059b02e9beec:host:177.10.235.107	SESSION-c8bf059b02e9beec → host:177.10.235.107
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a886511518ded078:SESSION-a886511518ded078	SESSION-a886511518ded078 → pe:syn:SESSION-a886511518ded078
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a3df3a26ac38d69:PCAP:capture_20260430070001:903a0e7a436b	SESSION-4a3df3a26ac38d69 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-def0cb8d87964dca:host:131.196.30.64	SESSION-def0cb8d87964dca → host:131.196.30.64
flow_observed5-aryOBS	e:fo:flow:65d3f69449d7	flow:65d3f69449d7 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.48:geo_-16.28860_-49.01640	host:177.10.237.48 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-602a14335703e220:host:172.234.197.23:host:177.10.235.74	SESSION-602a14335703e220 → host:172.234.197.23 → host:177.10.235.74
flow_observed5-aryOBS	e:fo:flow:5900a1534891	flow:5900a1534891 → host:177.10.233.20 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7401284f40d9f52:host:56.155.73.64	SESSION-a7401284f40d9f52 → host:56.155.73.64
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.231:asn:262880	host:177.10.236.231 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-0da9d7ff41780d23:host:177.10.232.16	SESSION-0da9d7ff41780d23 → host:177.10.232.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bef08b3c32a1c401:SESSION-bef08b3c32a1c401	SESSION-bef08b3c32a1c401 → pe:syn:SESSION-bef08b3c32a1c401
FLOW_TO_HOSTOBS	e:to:SESSION-28af2e1f4e778075:host:172.234.197.23	SESSION-28af2e1f4e778075 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8a70682fed3cc6c8:SESSION-8a70682fed3cc6c8	SESSION-8a70682fed3cc6c8 → pe:syn:SESSION-8a70682fed3cc6c8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f580776b9a7f0d25:flow:ea483d23635f	SESSION-f580776b9a7f0d25 → flow:ea483d23635f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1600cc83b8cea24d:SESSION-1600cc83b8cea24d	SESSION-1600cc83b8cea24d → pe:syn:SESSION-1600cc83b8cea24d
flow_observed5-aryOBS	e:fo:flow:c20c9bc4a385	flow:c20c9bc4a385 → host:45.173.156.238 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-d9b13ac4e6d83a5e:host:172.234.197.23	SESSION-d9b13ac4e6d83a5e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17a3924886eb315f:host:172.234.197.23	SESSION-17a3924886eb315f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0b02fe311e9b10a6:flow:22753125df6d	SESSION-0b02fe311e9b10a6 → flow:22753125df6d
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.58:asn:271410	host:131.196.31.58 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb444db8c099bc0f:SESSION-cb444db8c099bc0f	SESSION-cb444db8c099bc0f → pe:tls:SESSION-cb444db8c099bc0f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-baf4494100018e3a:SESSION-baf4494100018e3a	SESSION-baf4494100018e3a → pe:tls:SESSION-baf4494100018e3a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-21640db65210a47d:host:131.196.28.93:host:172.234.197.23	SESSION-21640db65210a47d → host:131.196.28.93 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8865861020a3	flow:8865861020a3 → host:177.10.233.64 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b145e081d4e87ab3:flow:1be9a91b56b4	SESSION-b145e081d4e87ab3 → flow:1be9a91b56b4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-defec876bf358011:host:172.234.197.23	SESSION-defec876bf358011 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.48:asn:262880	host:177.10.233.48 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-46082ee63fe36bdf:host:131.196.28.255	SESSION-46082ee63fe36bdf → host:131.196.28.255
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-19cb9f6f0c8358bd:flow:926320651e1b	SESSION-19cb9f6f0c8358bd → flow:926320651e1b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d4e81930fa292a8:host:177.10.233.101	SESSION-6d4e81930fa292a8 → host:177.10.233.101
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a6ca8d988675ead3:host:172.234.197.23:host:45.173.156.26	SESSION-a6ca8d988675ead3 → host:172.234.197.23 → host:45.173.156.26
FLOW_TO_HOSTOBS	e:to:SESSION-1c0e19c2beda7d84:host:172.234.197.23	SESSION-1c0e19c2beda7d84 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-d8d89328eefc28d4:BSG-BEACON-cac69090d49b	SESSION-d8d89328eefc28d4 → BSG-BEACON-cac69090d49b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5016108ab6552957:SESSION-5016108ab6552957	SESSION-5016108ab6552957 → pe:syn:SESSION-5016108ab6552957
FLOW_DST_PORTOBS	e:fp:flow:f2d543abeb28:port:tcp:443	flow:f2d543abeb28 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-bded37485db78f4a:host:177.10.237.24	SESSION-bded37485db78f4a → host:177.10.237.24
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c9cadb68fe1ad17:host:172.234.197.23	SESSION-7c9cadb68fe1ad17 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f00ab97ef4b401c8:host:172.234.197.23:host:177.10.234.243	SESSION-f00ab97ef4b401c8 → host:172.234.197.23 → host:177.10.234.243
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3f1e2986117d2a1f:host:172.234.197.23:host:177.10.238.163	SESSION-3f1e2986117d2a1f → host:172.234.197.23 → host:177.10.238.163
flow_observed5-aryOBS	e:fo:flow:5feb8893f1da	flow:5feb8893f1da → host:177.10.237.227 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f416b1590e3cca4:host:177.10.236.247	SESSION-5f416b1590e3cca4 → host:177.10.236.247
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-58ff4ad892ea2c04:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-58ff4ad892ea2c04 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d776155c4ea7cbea:flow:85f692c6f243	SESSION-d776155c4ea7cbea → flow:85f692c6f243
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a2f82c2a85816be:flow:199e722fa4e3	SESSION-4a2f82c2a85816be → flow:199e722fa4e3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0e1f57d75854220c:SESSION-0e1f57d75854220c	SESSION-0e1f57d75854220c → pe:syn:SESSION-0e1f57d75854220c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cd0176ca8d9bf386:PCAP:capture_20260430110001:43611bdf6759	SESSION-cd0176ca8d9bf386 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cdcb5008ac7e3b15:host:177.10.237.183	SESSION-cdcb5008ac7e3b15 → host:177.10.237.183
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a242c68bb3594796:host:172.234.197.23	SESSION-a242c68bb3594796 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:40c7e92d4532:port:tcp:443	flow:40c7e92d4532 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-7912a0e1302b3ba3:host:172.234.197.23	SESSION-7912a0e1302b3ba3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3553d3f3f842e7ac:SESSION-3553d3f3f842e7ac	SESSION-3553d3f3f842e7ac → pe:tls:SESSION-3553d3f3f842e7ac
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.68:asn:262880	host:177.10.237.68 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-86e3f0fd63ed2ea3:host:172.234.197.23:host:177.10.234.33	SESSION-86e3f0fd63ed2ea3 → host:172.234.197.23 → host:177.10.234.33
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-082f90538556b940:flow:41766cff5d7c	SESSION-082f90538556b940 → flow:41766cff5d7c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a4b062ac7956d3a5:flow:c66f85b789a3	SESSION-a4b062ac7956d3a5 → flow:c66f85b789a3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6fd2d6a70384f754:host:185.231.226.45	SESSION-6fd2d6a70384f754 → host:185.231.226.45
FLOW_FROM_HOSTOBS	e:from:SESSION-2d53672361f048e5:host:172.234.197.23	SESSION-2d53672361f048e5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:194ccbe06af6:port:tcp:443	flow:194ccbe06af6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-715e4cea63e7cde7:host:172.234.197.23	SESSION-715e4cea63e7cde7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4614700214209776:PCAP:capture_20260430110001:43611bdf6759	SESSION-4614700214209776 → PCAP:capture_20260430110001:43611bdf6759
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.82:geo_-16.28860_-49.01640	host:177.10.236.82 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-d4bc305941088d24:SESSION-d4bc305941088d24	SESSION-d4bc305941088d24 → pe:dns:SESSION-d4bc305941088d24
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-03bb88743ccc2c68:host:177.10.234.216:host:172.234.197.23	SESSION-03bb88743ccc2c68 → host:177.10.234.216 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-12c594123030dc05:host:54.149.68.137:host:172.234.197.23	SESSION-12c594123030dc05 → host:54.149.68.137 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9f09d42f07c3	flow:9f09d42f07c3 → host:177.10.238.81 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-be196df3d425cb31:SESSION-be196df3d425cb31	SESSION-be196df3d425cb31 → pe:syn:SESSION-be196df3d425cb31
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3d2c48d2810841c0:host:172.234.197.23:host:177.10.234.116	SESSION-3d2c48d2810841c0 → host:172.234.197.23 → host:177.10.234.116
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e1a13f968b47fc9d:host:172.234.197.23:host:177.10.239.63	SESSION-e1a13f968b47fc9d → host:172.234.197.23 → host:177.10.239.63
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-55d7f3379dec0798:SESSION-55d7f3379dec0798	SESSION-55d7f3379dec0798 → pe:tls:SESSION-55d7f3379dec0798
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf36cee0aa989ce3:flow:f3e0a6fab4e8	SESSION-bf36cee0aa989ce3 → flow:f3e0a6fab4e8
flow_observed4-aryOBS	e:fo:flow:8b119f6991a9	flow:8b119f6991a9 → host:172.234.197.23 → host:177.10.233.185 → port:tcp:41079
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.155:asn:262880	host:177.10.236.155 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:c71d0ad84949:port:tcp:51882	flow:c71d0ad84949 → port:tcp:51882
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ec86a4c74825774a:SESSION-ec86a4c74825774a	SESSION-ec86a4c74825774a → pe:syn:SESSION-ec86a4c74825774a
FLOW_FROM_HOSTOBS	e:from:SESSION-8a80be6abc21d5bd:host:13.208.213.50	SESSION-8a80be6abc21d5bd → host:13.208.213.50
flow_observed5-aryOBS	e:fo:flow:74e60f4378aa	flow:74e60f4378aa → host:45.145.152.164 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-587fbc18dc61ddb0:host:172.234.197.23	SESSION-587fbc18dc61ddb0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-877b851a45681e10:SESSION-877b851a45681e10	SESSION-877b851a45681e10 → pe:tls:SESSION-877b851a45681e10
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-00ca7ee72922697b:SESSION-00ca7ee72922697b	SESSION-00ca7ee72922697b → pe:syn:SESSION-00ca7ee72922697b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.156:asn:262880	host:177.10.236.156 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9cc387e98cb8cb82:host:172.234.197.23	SESSION-9cc387e98cb8cb82 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c3a58fc1fb15d0c4:host:131.196.31.8:host:172.234.197.23	SESSION-c3a58fc1fb15d0c4 → host:131.196.31.8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-370545020cd57187:host:172.234.197.23	SESSION-370545020cd57187 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bc2ea3f70e7bccaf:host:177.10.233.182	SESSION-bc2ea3f70e7bccaf → host:177.10.233.182
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.145:geo_-23.62930_-46.63510	host:131.196.31.145 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:bb1be86dfa91:port:tcp:10108	flow:bb1be86dfa91 → port:tcp:10108
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a46bc5971af02e3:host:94.183.177.120	SESSION-6a46bc5971af02e3 → host:94.183.177.120
FLOW_TO_HOSTOBS	e:to:SESSION-a592f97b57bb2999:host:172.234.197.23	SESSION-a592f97b57bb2999 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6f91a0bc6116:port:tcp:443	flow:6f91a0bc6116 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-e3a0847605e0d04e:host:177.10.234.66	SESSION-e3a0847605e0d04e → host:177.10.234.66
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f45c3ab8ea783ada:flow:aab775347fea	SESSION-f45c3ab8ea783ada → flow:aab775347fea
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b6ebe77d02701b58:SESSION-b6ebe77d02701b58	SESSION-b6ebe77d02701b58 → pe:tls:SESSION-b6ebe77d02701b58
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a18dc2bb6be0117f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a18dc2bb6be0117f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-718b3dc95b6876be:PCAP:capture_20260430070001:903a0e7a436b	SESSION-718b3dc95b6876be → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-90804beaa6aefbc0:SESSION-90804beaa6aefbc0	SESSION-90804beaa6aefbc0 → pe:tls:SESSION-90804beaa6aefbc0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.71:geo_-16.28860_-49.01640	host:177.10.237.71 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ab6d0c9e6f54de20:SESSION-ab6d0c9e6f54de20	SESSION-ab6d0c9e6f54de20 → pe:syn:SESSION-ab6d0c9e6f54de20
flow_observed5-aryOBS	e:fo:flow:3f8c718ef8ea	flow:3f8c718ef8ea → host:45.173.156.61 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fb20cb96e066d018:SESSION-fb20cb96e066d018	SESSION-fb20cb96e066d018 → pe:tls:SESSION-fb20cb96e066d018
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a6a106ff5da861ac:SESSION-a6a106ff5da861ac	SESSION-a6a106ff5da861ac → pe:syn:SESSION-a6a106ff5da861ac
FLOW_TO_HOSTOBS	e:to:SESSION-9b3d68511ee3e6e7:host:177.10.239.136	SESSION-9b3d68511ee3e6e7 → host:177.10.239.136
FLOW_TO_HOSTOBS	e:to:SESSION-8e743a12f6a9d6a4:host:172.234.197.23	SESSION-8e743a12f6a9d6a4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-167179e2a869fa22:host:172.234.197.23	SESSION-167179e2a869fa22 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-10d6a2736c7d59d6:host:177.10.237.115:host:172.234.197.23	SESSION-10d6a2736c7d59d6 → host:177.10.237.115 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b906f6cfbd63:port:tcp:25088	flow:b906f6cfbd63 → port:tcp:25088
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e4815ec5b053775:SESSION-4e4815ec5b053775	SESSION-4e4815ec5b053775 → pe:tls:SESSION-4e4815ec5b053775
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48cf6591de1d67a3:host:177.10.239.24	SESSION-48cf6591de1d67a3 → host:177.10.239.24
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e626c78b08de0a8b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e626c78b08de0a8b → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-360f4972fec5b7e0:SESSION-360f4972fec5b7e0	SESSION-360f4972fec5b7e0 → pe:rst:SESSION-360f4972fec5b7e0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9d9495404a53bc0:host:172.234.197.23	SESSION-c9d9495404a53bc0 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:867d546c7ebe	flow:867d546c7ebe → host:172.234.197.23 → host:177.10.237.218 → port:tcp:40309
FLOW_TO_HOSTOBS	e:to:SESSION-b10aefef2d5c06b7:host:172.234.197.23	SESSION-b10aefef2d5c06b7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51cc268447a19ae7:flow:c4c82fc5a59a	SESSION-51cc268447a19ae7 → flow:c4c82fc5a59a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5080263f1b2fd5b9:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-5080263f1b2fd5b9 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2c4d285e0a09c2a4:PCAP:capture_20260430050001:8868731bf8a4	SESSION-2c4d285e0a09c2a4 → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.164:geo_-16.28860_-49.01640	host:177.10.238.164 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f042798b154a2bb2:host:172.234.197.23	SESSION-f042798b154a2bb2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3cdf0b404a4678c5:flow:041259ac1bfc	SESSION-3cdf0b404a4678c5 → flow:041259ac1bfc
FLOW_FROM_HOSTOBS	e:from:SESSION-a24ab62cbf4deb47:host:177.10.232.126	SESSION-a24ab62cbf4deb47 → host:177.10.232.126
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.189:geo_-16.28860_-49.01640	host:177.10.236.189 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-48baa2e7639de342:host:131.196.29.208	SESSION-48baa2e7639de342 → host:131.196.29.208
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf997a1aac5d0ef1:host:172.234.197.23	SESSION-bf997a1aac5d0ef1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a60100c841341ace:flow:162cd2226747	SESSION-a60100c841341ace → flow:162cd2226747
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60281e53e47bfb2b:host:131.196.29.56	SESSION-60281e53e47bfb2b → host:131.196.29.56
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-99eb989e9371b0fb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-99eb989e9371b0fb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-8ce1a5aa06c53f62:host:131.196.31.4	SESSION-8ce1a5aa06c53f62 → host:131.196.31.4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-669451aeea441b50:host:177.10.232.152:host:172.234.197.23	SESSION-669451aeea441b50 → host:177.10.232.152 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-912ea161e3e6ffdc:host:131.196.29.158:host:172.234.197.23	SESSION-912ea161e3e6ffdc → host:131.196.29.158 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a3f7ff0146b0	flow:a3f7ff0146b0 → host:177.10.236.2 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:739dcc01ed96:port:tcp:443	flow:739dcc01ed96 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb7f3482601c970a:host:172.234.197.23	SESSION-cb7f3482601c970a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e4da5ee22f0b	flow:e4da5ee22f0b → host:131.196.30.75 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:c10793bfc512:port:tcp:26232	flow:c10793bfc512 → port:tcp:26232
flow_observed4-aryOBS	e:fo:flow:e5616facb20a	flow:e5616facb20a → host:172.234.197.23 → host:177.10.236.94 → port:tcp:49742
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2c00c77bcbb5602:host:131.196.29.167	SESSION-f2c00c77bcbb5602 → host:131.196.29.167
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-040c9c1730fd990c:SESSION-040c9c1730fd990c	SESSION-040c9c1730fd990c → pe:tls:SESSION-040c9c1730fd990c
FLOW_DST_PORTOBS	e:fp:flow:15d752012211:port:tcp:443	flow:15d752012211 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e921959b541072de:SESSION-e921959b541072de	SESSION-e921959b541072de → pe:syn:SESSION-e921959b541072de
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e1cb285535c63d0:host:172.234.197.23	SESSION-9e1cb285535c63d0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-86f90a53110dcf25:host:172.234.197.23	SESSION-86f90a53110dcf25 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7edb52a0a7553f53:host:172.234.197.23	SESSION-7edb52a0a7553f53 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4312a4e24087:port:tcp:443	flow:4312a4e24087 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cf7044e44d29be7c:SESSION-cf7044e44d29be7c	SESSION-cf7044e44d29be7c → pe:syn:SESSION-cf7044e44d29be7c
FLOW_TO_HOSTOBS	e:to:SESSION-7375b1770c27cca2:host:172.234.197.23	SESSION-7375b1770c27cca2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b04de7cc8d8a:port:tcp:50472	flow:b04de7cc8d8a → port:tcp:50472
FLOW_DST_PORTOBS	e:fp:flow:66f91fbbd552:port:tcp:10434	flow:66f91fbbd552 → port:tcp:10434
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6c7a2e5cf818d0a:host:172.234.197.23	SESSION-a6c7a2e5cf818d0a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0bf923c759cb9e4a:host:172.232.0.16	SESSION-0bf923c759cb9e4a → host:172.232.0.16
FLOW_FROM_HOSTOBS	e:from:SESSION-ad03ceeb377f3976:host:172.234.197.23	SESSION-ad03ceeb377f3976 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31b8d1ec0bbdfa48:host:172.234.197.23	SESSION-31b8d1ec0bbdfa48 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1f29948747ee8d5c:SESSION-1f29948747ee8d5c	SESSION-1f29948747ee8d5c → pe:tls:SESSION-1f29948747ee8d5c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db1ee555567b9b22:SESSION-db1ee555567b9b22	SESSION-db1ee555567b9b22 → pe:syn:SESSION-db1ee555567b9b22
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-11e7a161068ba48e:flow:2a765593f423	SESSION-11e7a161068ba48e → flow:2a765593f423
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f92c0af2b04d2b16:SESSION-f92c0af2b04d2b16	SESSION-f92c0af2b04d2b16 → pe:tls:SESSION-f92c0af2b04d2b16
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.27:asn:271410	host:131.196.29.27 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:9764e892a4e4:port:tcp:443	flow:9764e892a4e4 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-da377d395ffcc3d3:flow:53a6aa87e901	SESSION-da377d395ffcc3d3 → flow:53a6aa87e901
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f95aea3e66ab57b:PCAP:capture_20260430110001:43611bdf6759	SESSION-4f95aea3e66ab57b → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:dd936079be3d:port:tcp:63649	flow:dd936079be3d → port:tcp:63649
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6af0fd134ffb330e:host:172.234.197.23	SESSION-6af0fd134ffb330e → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.162:geo_-23.62930_-46.63510	host:131.196.31.162 → geo_-23.62930_-46.63510
flow_observed4-aryOBS	e:fo:flow:fa92306a8300	flow:fa92306a8300 → host:172.234.197.23 → host:177.10.235.166 → port:tcp:60871
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a4506f2fb402b7f:PCAP:capture_20260430150001:ded20914761d	SESSION-0a4506f2fb402b7f → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aee71e8cd1625550:flow:67bdaa37076f	SESSION-aee71e8cd1625550 → flow:67bdaa37076f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-691bf265b7044ac7:host:177.10.234.6	SESSION-691bf265b7044ac7 → host:177.10.234.6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7c6483e185c23934:SESSION-7c6483e185c23934	SESSION-7c6483e185c23934 → pe:tls:SESSION-7c6483e185c23934
flow_observed3-aryOBS	e:fo:flow:371ab4a86a3a	flow:371ab4a86a3a → host:54.184.232.115 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-97537ed6358a20d5:SESSION-97537ed6358a20d5	SESSION-97537ed6358a20d5 → pe:syn:SESSION-97537ed6358a20d5
flow_observed5-aryOBS	e:fo:flow:f9be4f44f5ed	flow:f9be4f44f5ed → host:131.196.30.98 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f67ce0567774b305:PCAP:capture_20260430080001:93f47cc296a4	SESSION-f67ce0567774b305 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-def0cb8d87964dca:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-def0cb8d87964dca → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:6676abf9b718:port:tcp:443	flow:6676abf9b718 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ed5a5f4d7e8650f:SESSION-6ed5a5f4d7e8650f	SESSION-6ed5a5f4d7e8650f → pe:syn:SESSION-6ed5a5f4d7e8650f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-686bda995aabc86f:SESSION-686bda995aabc86f	SESSION-686bda995aabc86f → pe:tls:SESSION-686bda995aabc86f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1410d14cf4ff2548:SESSION-1410d14cf4ff2548	SESSION-1410d14cf4ff2548 → pe:syn:SESSION-1410d14cf4ff2548
FLOW_DST_PORTOBS	e:fp:flow:2f7ff643ec0e:port:tcp:443	flow:2f7ff643ec0e → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.76:geo_-16.28860_-49.01640	host:177.10.238.76 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-7b0fec424d0db7c3:host:172.234.197.23	SESSION-7b0fec424d0db7c3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7edb52a0a7553f53:SESSION-7edb52a0a7553f53	SESSION-7edb52a0a7553f53 → pe:syn:SESSION-7edb52a0a7553f53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0482ff4f8e4ec953:host:172.234.197.23:host:131.196.31.21	SESSION-0482ff4f8e4ec953 → host:172.234.197.23 → host:131.196.31.21
flow_observed5-aryOBS	e:fo:flow:9c47255c861d	flow:9c47255c861d → host:57.128.95.181 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-8684436ffb4e26c7:host:131.196.29.60	SESSION-8684436ffb4e26c7 → host:131.196.29.60
FLOW_DST_PORTOBS	e:fp:flow:bd6abeea0073:port:tcp:443	flow:bd6abeea0073 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5f0044b48e7e1824:SESSION-5f0044b48e7e1824	SESSION-5f0044b48e7e1824 → pe:tls:SESSION-5f0044b48e7e1824
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ec65811ecc506ca:flow:386ff33f19bb	SESSION-2ec65811ecc506ca → flow:386ff33f19bb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6104696c1212e0a0:host:34.216.76.26	SESSION-6104696c1212e0a0 → host:34.216.76.26
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7377b91dd9eda5d9:host:177.10.234.34:host:172.234.197.23	SESSION-7377b91dd9eda5d9 → host:177.10.234.34 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2c18145c92d838e0:flow:1837740c68b6	SESSION-2c18145c92d838e0 → flow:1837740c68b6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-13b449bea21c4b54:SESSION-13b449bea21c4b54	SESSION-13b449bea21c4b54 → pe:tls:SESSION-13b449bea21c4b54
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee9fbb8d7f6cf47b:host:172.234.197.23	SESSION-ee9fbb8d7f6cf47b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1bf280e9db7bb994:host:44.255.175.112:host:172.234.197.23	SESSION-1bf280e9db7bb994 → host:44.255.175.112 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec67d149df3809f6:host:172.234.197.23	SESSION-ec67d149df3809f6 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.132:geo_-16.28860_-49.01640	host:177.10.235.132 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-30e9e6bd80ef39ea:host:131.196.30.90:host:172.234.197.23	SESSION-30e9e6bd80ef39ea → host:131.196.30.90 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1227c455b771a86:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d1227c455b771a86 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96f4af5cf9f3425a:SESSION-96f4af5cf9f3425a	SESSION-96f4af5cf9f3425a → pe:syn:SESSION-96f4af5cf9f3425a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-61267dc46edf9a47:host:172.234.197.23	SESSION-61267dc46edf9a47 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:62b594a026ee:port:tcp:57436	flow:62b594a026ee → port:tcp:57436
FLOW_FROM_HOSTOBS	e:from:SESSION-f45c3ab8ea783ada:host:131.196.31.177	SESSION-f45c3ab8ea783ada → host:131.196.31.177
FLOW_TO_HOSTOBS	e:to:SESSION-fb6a6e3ef5fc132c:host:177.10.234.95	SESSION-fb6a6e3ef5fc132c → host:177.10.234.95
FLOW_FROM_HOSTOBS	e:from:SESSION-eed27da13c534290:host:177.10.236.184	SESSION-eed27da13c534290 → host:177.10.236.184
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b977b804ba3f4edd:host:104.28.234.79:host:172.234.197.23	SESSION-b977b804ba3f4edd → host:104.28.234.79 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e76f09c0f210884:host:131.196.31.137:host:172.234.197.23	SESSION-4e76f09c0f210884 → host:131.196.31.137 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77c36ee0b21ed6bb:SESSION-77c36ee0b21ed6bb	SESSION-77c36ee0b21ed6bb → pe:syn:SESSION-77c36ee0b21ed6bb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3fc91fd95f4bed82:SESSION-3fc91fd95f4bed82	SESSION-3fc91fd95f4bed82 → pe:syn:SESSION-3fc91fd95f4bed82
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.22:asn:262880	host:177.10.236.22 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-7ab52a513e5ed877:host:172.234.197.23	SESSION-7ab52a513e5ed877 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b880a07e89a760de:host:131.196.30.183	SESSION-b880a07e89a760de → host:131.196.30.183
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-424fe4b4ecc22e45:PCAP:capture_20260430150001:ded20914761d	SESSION-424fe4b4ecc22e45 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-1e028dd5dd71b411:host:172.234.197.23	SESSION-1e028dd5dd71b411 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e47ff6197158625f:host:172.234.197.23	SESSION-e47ff6197158625f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ac3ac59e74f457a2:SESSION-ac3ac59e74f457a2	SESSION-ac3ac59e74f457a2 → pe:tls:SESSION-ac3ac59e74f457a2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-777f9d135946568c:PCAP:capture_20260430110001:43611bdf6759	SESSION-777f9d135946568c → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ea9e167400c380e9:SESSION-ea9e167400c380e9	SESSION-ea9e167400c380e9 → pe:syn:SESSION-ea9e167400c380e9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a4b1418ed7a7a9f3:SESSION-a4b1418ed7a7a9f3	SESSION-a4b1418ed7a7a9f3 → pe:tls:SESSION-a4b1418ed7a7a9f3
FLOW_DST_PORTOBS	e:fp:flow:81ec5a0f7e7c:port:tcp:22867	flow:81ec5a0f7e7c → port:tcp:22867
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0aa7cb63cd191443:PCAP:capture_20260430110001:43611bdf6759	SESSION-0aa7cb63cd191443 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-9726c360f8e7f49c:host:172.234.197.23	SESSION-9726c360f8e7f49c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75ad621f5d402513:host:177.10.232.114	SESSION-75ad621f5d402513 → host:177.10.232.114
flow_observed5-aryOBS	e:fo:flow:4a4d65023e3f	flow:4a4d65023e3f → host:45.173.156.30 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3cd6c8dc824ee14d:flow:55a6b1de4d76	SESSION-3cd6c8dc824ee14d → flow:55a6b1de4d76
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6d4e81930fa292a8:SESSION-6d4e81930fa292a8	SESSION-6d4e81930fa292a8 → pe:syn:SESSION-6d4e81930fa292a8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-518ecd8ebc2250f7:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-518ecd8ebc2250f7 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-9a8c913718f2ecd3:host:172.234.197.23	SESSION-9a8c913718f2ecd3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7db2d3f3f113e007:host:172.234.197.23	SESSION-7db2d3f3f113e007 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.183:asn:262880	host:177.10.238.183 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-d6ddb3deb8cc2873:host:172.234.197.23	SESSION-d6ddb3deb8cc2873 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2469f0734cea:port:tcp:15566	flow:2469f0734cea → port:tcp:15566
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b35e3cddd5fc2e72:host:172.234.197.23	SESSION-b35e3cddd5fc2e72 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a1375745ca86fe64:host:172.234.197.23:host:45.173.156.37	SESSION-a1375745ca86fe64 → host:172.234.197.23 → host:45.173.156.37
FLOW_FROM_HOSTOBS	e:from:SESSION-87462f91a35c5198:host:172.234.197.23	SESSION-87462f91a35c5198 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1f3af12abbb2ff56:host:131.196.30.212	SESSION-1f3af12abbb2ff56 → host:131.196.30.212
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-324907e130151d7d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-324907e130151d7d → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96b1920351aaff79:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-96b1920351aaff79 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-9fed3e3a3ac1c6fb:host:177.10.234.221	SESSION-9fed3e3a3ac1c6fb → host:177.10.234.221
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:44.244.28.93:geo_45.84010_-119.70500	host:44.244.28.93 → geo_45.84010_-119.70500
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bedaa62e135c647a:flow:03fdc6fabf43	SESSION-bedaa62e135c647a → flow:03fdc6fabf43
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c7b12eb68f09b08a:SESSION-c7b12eb68f09b08a	SESSION-c7b12eb68f09b08a → pe:syn:SESSION-c7b12eb68f09b08a
FLOW_TO_HOSTOBS	e:to:SESSION-7912a0e1302b3ba3:host:131.196.31.79	SESSION-7912a0e1302b3ba3 → host:131.196.31.79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab81c1372abfe2ce:host:177.10.237.82	SESSION-ab81c1372abfe2ce → host:177.10.237.82
FLOW_TO_HOSTOBS	e:to:SESSION-182527d04a349453:host:172.234.197.23	SESSION-182527d04a349453 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7a8bea4194d810df:host:131.196.28.67:host:172.234.197.23	SESSION-7a8bea4194d810df → host:131.196.28.67 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e277cf0bccc7:port:tcp:19717	flow:e277cf0bccc7 → port:tcp:19717
FLOW_DST_PORTOBS	e:fp:flow:b22610351f52:port:tcp:443	flow:b22610351f52 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d7baf95bca9d9bdc:flow:997ec73c2b83	SESSION-d7baf95bca9d9bdc → flow:997ec73c2b83
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97344bc6f8ca22f4:host:172.234.197.23	SESSION-97344bc6f8ca22f4 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fa08911a1f564da4:PCAP:capture_20260428010001:b1b402c7b202	SESSION-fa08911a1f564da4 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-60d7d302576d36ac:PCAP:capture_20260430150001:ded20914761d	SESSION-60d7d302576d36ac → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2289078120ff48cc:flow:a9a71af39f70	SESSION-2289078120ff48cc → flow:a9a71af39f70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6e5392ca321cb1ed:SESSION-6e5392ca321cb1ed	SESSION-6e5392ca321cb1ed → pe:tls:SESSION-6e5392ca321cb1ed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1dda0e3344468f76:host:177.10.239.62	SESSION-1dda0e3344468f76 → host:177.10.239.62
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5c7330336192768:host:177.10.239.122:host:172.234.197.23	SESSION-b5c7330336192768 → host:177.10.239.122 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-90e5db50c9887f08:SESSION-90e5db50c9887f08	SESSION-90e5db50c9887f08 → pe:tls:SESSION-90e5db50c9887f08
FLOW_TO_HOSTOBS	e:to:SESSION-0482ff4f8e4ec953:host:131.196.31.21	SESSION-0482ff4f8e4ec953 → host:131.196.31.21
FLOW_DST_PORTOBS	e:fp:flow:9e86a2f1ebc9:port:tcp:443	flow:9e86a2f1ebc9 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2604bc3e94e22829:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2604bc3e94e22829 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1b9f91f77c860b7c:SESSION-1b9f91f77c860b7c	SESSION-1b9f91f77c860b7c → pe:syn:SESSION-1b9f91f77c860b7c
flow_observed5-aryOBS	e:fo:flow:beb8478974cf	flow:beb8478974cf → host:45.173.156.110 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-08b271f63f4ccc89:flow:ddfb42618eb7	SESSION-08b271f63f4ccc89 → flow:ddfb42618eb7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d18ddb12cf5478af:host:172.234.197.23	SESSION-d18ddb12cf5478af → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-99cedbc5d14c9ef2:host:131.196.28.125	SESSION-99cedbc5d14c9ef2 → host:131.196.28.125
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.105:geo_-16.28860_-49.01640	host:177.10.232.105 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-710b55a9f3a0edd9:host:131.196.28.146	SESSION-710b55a9f3a0edd9 → host:131.196.28.146
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f83bf77e11c8adb3:PCAP:capture_20260430060001:919b39a74464	SESSION-f83bf77e11c8adb3 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7eecd546334ac489:host:51.224.53.144:host:172.234.197.23	SESSION-7eecd546334ac489 → host:51.224.53.144 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1cb1824ec0ef0f8a:host:177.10.236.14	SESSION-1cb1824ec0ef0f8a → host:177.10.236.14
FLOW_FROM_HOSTOBS	e:from:SESSION-57d0b948d59d1db4:host:177.10.238.109	SESSION-57d0b948d59d1db4 → host:177.10.238.109
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68031782b8336c69:PCAP:capture_20260430080001:93f47cc296a4	SESSION-68031782b8336c69 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-ee8a8be73e4592b1:host:172.234.197.23	SESSION-ee8a8be73e4592b1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fd0571d5316a48e1:SESSION-fd0571d5316a48e1	SESSION-fd0571d5316a48e1 → pe:syn:SESSION-fd0571d5316a48e1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4d4d7fb155f65fdf:SESSION-4d4d7fb155f65fdf	SESSION-4d4d7fb155f65fdf → pe:syn:SESSION-4d4d7fb155f65fdf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ff0c6bdae7c0fa78:SESSION-ff0c6bdae7c0fa78	SESSION-ff0c6bdae7c0fa78 → pe:tls:SESSION-ff0c6bdae7c0fa78
flow_observed5-aryOBS	e:fo:flow:79cc06b2667c	flow:79cc06b2667c → host:177.10.239.139 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-587fbc18dc61ddb0:PCAP:capture_20260430050001:8868731bf8a4	SESSION-587fbc18dc61ddb0 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-0acd91014f6238ed:host:172.234.197.23	SESSION-0acd91014f6238ed → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a4b43b46bbfc9c3:host:177.10.233.22	SESSION-0a4b43b46bbfc9c3 → host:177.10.233.22
flow_observed4-aryOBS	e:fo:flow:be505aff798a	flow:be505aff798a → host:172.234.197.23 → host:177.10.237.57 → port:tcp:14837
FLOW_QUERIED_DNSOBS	e:fd:flow:7bfaaabeaf49:dns:172-234-197-23.ip.linodeusercontent.com	flow:7bfaaabeaf49 → dns:172-234-197-23.ip.linodeusercontent.com
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.137:geo_-16.28860_-49.01640	host:177.10.234.137 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5bfd6f31a89c294d:host:177.10.233.116:host:172.234.197.23	SESSION-5bfd6f31a89c294d → host:177.10.233.116 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:99625993f9a8	flow:99625993f9a8 → host:131.196.29.162 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-bd8e744bc487bcb1:host:172.234.197.23	SESSION-bd8e744bc487bcb1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.32:geo_-23.62930_-46.63510	host:131.196.30.32 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-df1a511d64dc2d8e:flow:fb5f5db80365	SESSION-df1a511d64dc2d8e → flow:fb5f5db80365
flow_observed5-aryOBS	e:fo:flow:c9a4f7dc3c5c	flow:c9a4f7dc3c5c → host:92.112.71.158 → host:172.234.197.23 → port:tcp:80 → svc:http
flow_observed5-aryOBS	e:fo:flow:16d1fe4b54fe	flow:16d1fe4b54fe → host:177.10.235.189 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-16ea01a17fc6b7f7:host:177.10.232.167	SESSION-16ea01a17fc6b7f7 → host:177.10.232.167
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aad95c97a46f4b66:SESSION-aad95c97a46f4b66	SESSION-aad95c97a46f4b66 → pe:syn:SESSION-aad95c97a46f4b66
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-edebc7da73e26840:host:172.234.197.23	SESSION-edebc7da73e26840 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e8f7fc765f54b5ec:host:172.234.197.23:host:131.196.29.4	SESSION-e8f7fc765f54b5ec → host:172.234.197.23 → host:131.196.29.4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a03e1a67bd79b062:host:131.196.29.206	SESSION-a03e1a67bd79b062 → host:131.196.29.206
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6635e725f15c4a26:SESSION-6635e725f15c4a26	SESSION-6635e725f15c4a26 → pe:syn:SESSION-6635e725f15c4a26
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-9e0d73c88dd83fb6:BSG-BEACON-feba1b4d0616	SESSION-9e0d73c88dd83fb6 → BSG-BEACON-feba1b4d0616
FLOW_DST_PORTOBS	e:fp:flow:358bac299cb2:port:tcp:443	flow:358bac299cb2 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:60d41579784e	flow:60d41579784e → host:172.234.197.23 → host:177.10.237.143 → port:tcp:58684
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2f14bb2a06741aa:host:177.10.239.135	SESSION-f2f14bb2a06741aa → host:177.10.239.135
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-15d25700bea96717:flow:9d9c4818e854	SESSION-15d25700bea96717 → flow:9d9c4818e854
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-5cc5078bf4d23558:SESSION-5cc5078bf4d23558	SESSION-5cc5078bf4d23558 → pe:rst:SESSION-5cc5078bf4d23558
FLOW_FROM_HOSTOBS	e:from:SESSION-c83e078f141652ea:host:172.234.197.23	SESSION-c83e078f141652ea → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fd6f9b80bb02e0f5:flow:6cb5cb4669a3	SESSION-fd6f9b80bb02e0f5 → flow:6cb5cb4669a3
FLOW_TO_HOSTOBS	e:to:SESSION-1fd73a09d62d6f89:host:177.10.237.11	SESSION-1fd73a09d62d6f89 → host:177.10.237.11
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-72e57a99703d053d:flow:a873c288e348	SESSION-72e57a99703d053d → flow:a873c288e348
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-952305350dc386c3:PCAP:capture_20260430150001:ded20914761d	SESSION-952305350dc386c3 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-905738e9b4f08562:SESSION-905738e9b4f08562	SESSION-905738e9b4f08562 → pe:syn:SESSION-905738e9b4f08562
flow_observed5-aryOBS	e:fo:flow:139df7a387eb	flow:139df7a387eb → host:177.10.236.61 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62e68b494cd2572d:host:177.10.236.92	SESSION-62e68b494cd2572d → host:177.10.236.92
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-605cf9d10467f8d3:flow:f6a804141977	SESSION-605cf9d10467f8d3 → flow:f6a804141977
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e2f5f99625dcfae4:flow:ea6b723a5943	SESSION-e2f5f99625dcfae4 → flow:ea6b723a5943
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.47:asn:271410	host:131.196.31.47 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:0cf17e9c0d46:port:tcp:443	flow:0cf17e9c0d46 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:96221e72071d:port:tcp:443	flow:96221e72071d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec2cd7bdebda0247:host:172.234.197.23	SESSION-ec2cd7bdebda0247 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d3b7489a7d07	flow:d3b7489a7d07 → host:177.10.235.45 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-15939dedfcffc5e5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-15939dedfcffc5e5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:16c57d759bca	flow:16c57d759bca → host:131.196.30.170 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ca971b9386eb0b9:host:172.234.197.23	SESSION-2ca971b9386eb0b9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:14e2611523e3	flow:14e2611523e3 → host:177.10.236.43 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:3afe34ad79e5	flow:3afe34ad79e5 → host:131.196.31.95 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.206:geo_-16.28860_-49.01640	host:177.10.232.206 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0dea31b94d7dde57:host:131.196.31.195:host:172.234.197.23	SESSION-0dea31b94d7dde57 → host:131.196.31.195 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9e1dffa0e2317c3:host:177.10.236.215	SESSION-d9e1dffa0e2317c3 → host:177.10.236.215
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-727af4ad5af6cc01:host:54.91.240.230:host:172.234.197.23	SESSION-727af4ad5af6cc01 → host:54.91.240.230 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4059a39607153158:host:177.10.232.165	SESSION-4059a39607153158 → host:177.10.232.165
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a238538ee50c7862:host:172.234.197.23	SESSION-a238538ee50c7862 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c130f2091984b84c:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-c130f2091984b84c → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-330bec399d401574:SESSION-330bec399d401574	SESSION-330bec399d401574 → pe:syn:SESSION-330bec399d401574
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-106a8139a282a728:SESSION-106a8139a282a728	SESSION-106a8139a282a728 → pe:tls:SESSION-106a8139a282a728
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e8de37a87806b5e4:host:177.10.235.252:host:172.234.197.23	SESSION-e8de37a87806b5e4 → host:177.10.235.252 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d4c5cce04e81	flow:d4c5cce04e81 → host:177.10.238.29 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-592321b004976459:host:177.10.239.190	SESSION-592321b004976459 → host:177.10.239.190
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-43d9721f29111779:SESSION-43d9721f29111779	SESSION-43d9721f29111779 → pe:syn:SESSION-43d9721f29111779
FLOW_TO_HOSTOBS	e:to:SESSION-f306c00af6aee0a4:host:172.234.197.23	SESSION-f306c00af6aee0a4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db907559277cbdbb:flow:16c98c510c8d	SESSION-db907559277cbdbb → flow:16c98c510c8d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ba035d2018b1429:SESSION-6ba035d2018b1429	SESSION-6ba035d2018b1429 → pe:syn:SESSION-6ba035d2018b1429
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6b6e18a39fae0db6:host:131.196.28.242:host:172.234.197.23	SESSION-6b6e18a39fae0db6 → host:131.196.28.242 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77da6a9292c08caa:host:172.234.197.23	SESSION-77da6a9292c08caa → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e651a2d530ee:port:tcp:443	flow:e651a2d530ee → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:4067d550a9ce:port:tcp:443	flow:4067d550a9ce → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f5b8d372cd42441:host:172.234.197.23	SESSION-6f5b8d372cd42441 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5466f79125fb	flow:5466f79125fb → host:177.10.234.99 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2cb296f879c20d45:host:95.170.25.175:host:172.234.197.23	SESSION-2cb296f879c20d45 → host:95.170.25.175 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-312b2e72c1d2a2ee:PCAP:capture_20260430160001:9bfa4498506a	SESSION-312b2e72c1d2a2ee → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dc1a3553c9b143c5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-dc1a3553c9b143c5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-c2bdd821ab6e9acc:host:91.240.224.238	SESSION-c2bdd821ab6e9acc → host:91.240.224.238
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e883c2ce63ee6e05:host:172.232.0.16	SESSION-e883c2ce63ee6e05 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-596b6c60b11eaa92:host:177.10.234.195	SESSION-596b6c60b11eaa92 → host:177.10.234.195
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5f8d7516bed96e97:PCAP:capture_20260430070001:903a0e7a436b	SESSION-5f8d7516bed96e97 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.80:geo_-16.28860_-49.01640	host:177.10.238.80 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-4298399acb708ae5:host:131.196.31.138	SESSION-4298399acb708ae5 → host:131.196.31.138
ASN_IN_ORGOBS 80%	e:ao:asn:132203:org:Tencent Building, Kejizhongyi Avenue	asn:132203 → org:Tencent Building, Kejizhongyi Avenue
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.158:geo_-16.28860_-49.01640	host:177.10.237.158 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a5ceca64359b9f0d:SESSION-a5ceca64359b9f0d	SESSION-a5ceca64359b9f0d → pe:syn:SESSION-a5ceca64359b9f0d
FLOW_DST_PORTOBS	e:fp:flow:2ff1be4df60b:port:tcp:443	flow:2ff1be4df60b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58fb8de1a3a0b1f1:host:172.234.197.23	SESSION-58fb8de1a3a0b1f1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2505ce7e1d614150:host:172.234.197.23	SESSION-2505ce7e1d614150 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ee625266e5aa068:flow:0e813fc9aed2	SESSION-5ee625266e5aa068 → flow:0e813fc9aed2
FLOW_TO_HOSTOBS	e:to:SESSION-86f296cd3a39a7c2:host:172.234.197.23	SESSION-86f296cd3a39a7c2 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.156:asn:262880	host:177.10.234.156 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-cc0003e096ddb203:host:172.234.197.23	SESSION-cc0003e096ddb203 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:18b95de0c94f:port:tcp:18835	flow:18b95de0c94f → port:tcp:18835
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-13b449bea21c4b54:host:172.234.197.23	SESSION-13b449bea21c4b54 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-21e452657508b689:host:172.234.197.23:host:177.10.236.153	SESSION-21e452657508b689 → host:172.234.197.23 → host:177.10.236.153
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f9479b510131ce6c:SESSION-f9479b510131ce6c	SESSION-f9479b510131ce6c → pe:tls:SESSION-f9479b510131ce6c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f0fe0e8460d1c75f:PCAP:capture_20260430050001:8868731bf8a4	SESSION-f0fe0e8460d1c75f → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-93e1e76eb6bfe5a3:SESSION-93e1e76eb6bfe5a3	SESSION-93e1e76eb6bfe5a3 → pe:syn:SESSION-93e1e76eb6bfe5a3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3ea63b0a223461f6:SESSION-3ea63b0a223461f6	SESSION-3ea63b0a223461f6 → pe:tls:SESSION-3ea63b0a223461f6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b9523bcd246277dc:SESSION-b9523bcd246277dc	SESSION-b9523bcd246277dc → pe:tls:SESSION-b9523bcd246277dc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4bda9924d3f6d619:SESSION-4bda9924d3f6d619	SESSION-4bda9924d3f6d619 → pe:tls:SESSION-4bda9924d3f6d619
FLOW_FROM_HOSTOBS	e:from:SESSION-deb97792675d8a5d:host:131.196.28.169	SESSION-deb97792675d8a5d → host:131.196.28.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-526fa727f8be74e3:host:172.234.197.23	SESSION-526fa727f8be74e3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-29f6930bb002305c:host:172.234.197.23:host:177.10.233.254	SESSION-29f6930bb002305c → host:172.234.197.23 → host:177.10.233.254
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ddbd1238f020bf6b:host:177.10.239.132:host:172.234.197.23	SESSION-ddbd1238f020bf6b → host:177.10.239.132 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-98030dd572a97d39:flow:d23d429ef386	SESSION-98030dd572a97d39 → flow:d23d429ef386
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dd1fe9b471d92d57:flow:1d160c4828b5	SESSION-dd1fe9b471d92d57 → flow:1d160c4828b5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9912439438040361:SESSION-9912439438040361	SESSION-9912439438040361 → pe:tls:SESSION-9912439438040361
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3094c6d527f665e9:flow:7baba6975c1f	SESSION-3094c6d527f665e9 → flow:7baba6975c1f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b82d9882ea505987:host:172.234.197.23:host:177.10.235.174	SESSION-b82d9882ea505987 → host:172.234.197.23 → host:177.10.235.174
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-489ca31c7f776997:flow:6386656d45fb	SESSION-489ca31c7f776997 → flow:6386656d45fb
FLOW_DST_PORTOBS	e:fp:flow:ac199626a1c4:port:tcp:443	flow:ac199626a1c4 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f60661a19246ebd9:host:172.234.197.23:host:177.10.238.239	SESSION-f60661a19246ebd9 → host:172.234.197.23 → host:177.10.238.239
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4691236308c01a5:host:54.149.68.137	SESSION-d4691236308c01a5 → host:54.149.68.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d60298c7dc6ec77f:SESSION-d60298c7dc6ec77f	SESSION-d60298c7dc6ec77f → pe:tls:SESSION-d60298c7dc6ec77f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4628aedb62e0673e:flow:29182df01ffc	SESSION-4628aedb62e0673e → flow:29182df01ffc
FLOW_TO_HOSTOBS	e:to:SESSION-b6ebe77d02701b58:host:172.234.197.23	SESSION-b6ebe77d02701b58 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-14cb036847147428:host:131.196.30.182	SESSION-14cb036847147428 → host:131.196.30.182
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d42f41260fbe7c09:flow:e83f49b54561	SESSION-d42f41260fbe7c09 → flow:e83f49b54561
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.164:geo_-21.10010_-41.69200	host:45.173.156.164 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-375dced119266894:PCAP:capture_20260430110001:43611bdf6759	SESSION-375dced119266894 → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.134:asn:271410	host:131.196.29.134 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a6ed96bf23ac2f6b:SESSION-a6ed96bf23ac2f6b	SESSION-a6ed96bf23ac2f6b → pe:tls:SESSION-a6ed96bf23ac2f6b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-957293060df71cd6:flow:308ea8154f83	SESSION-957293060df71cd6 → flow:308ea8154f83
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21e452657508b689:host:177.10.236.153	SESSION-21e452657508b689 → host:177.10.236.153
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c58b004ff38abe14:host:177.10.236.60	SESSION-c58b004ff38abe14 → host:177.10.236.60
FLOW_DST_PORTOBS	e:fp:flow:a7d103cc9c4d:port:tcp:443	flow:a7d103cc9c4d → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-8d58c039fa1a1304:host:172.232.0.17	SESSION-8d58c039fa1a1304 → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-fef93e1a24936adf:host:172.234.197.23	SESSION-fef93e1a24936adf → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b03f12d359ceed54:PCAP:capture_20260430160001:9bfa4498506a	SESSION-b03f12d359ceed54 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d077f88c61181481:flow:00e85a80309b	SESSION-d077f88c61181481 → flow:00e85a80309b
FLOW_DST_PORTOBS	e:fp:flow:bb2d5dd241a4:port:tcp:36491	flow:bb2d5dd241a4 → port:tcp:36491
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6394463f1caee3eb:SESSION-6394463f1caee3eb	SESSION-6394463f1caee3eb → pe:syn:SESSION-6394463f1caee3eb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28d0a7763ce2861c:host:172.234.197.23	SESSION-28d0a7763ce2861c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-461eadc2db19418d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-461eadc2db19418d → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-00efe759e05a1a39:host:177.10.239.93	SESSION-00efe759e05a1a39 → host:177.10.239.93
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d11580ecaeb7d77b:flow:ebcf7e2690fc	SESSION-d11580ecaeb7d77b → flow:ebcf7e2690fc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-975059a05a34b0ad:flow:118567956373	SESSION-975059a05a34b0ad → flow:118567956373
flow_observed5-aryOBS	e:fo:flow:af8b39b89b62	flow:af8b39b89b62 → host:177.10.235.128 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b43557542c64d676:host:172.234.197.23	SESSION-b43557542c64d676 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b6c8a80798fe	flow:b6c8a80798fe → host:172.234.197.23 → host:177.10.237.96 → port:tcp:38514
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8ab658d53a1eebd:SESSION-c8ab658d53a1eebd	SESSION-c8ab658d53a1eebd → pe:syn:SESSION-c8ab658d53a1eebd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ac69dcbefbb93dfd:host:131.196.28.167:host:172.234.197.23	SESSION-ac69dcbefbb93dfd → host:131.196.28.167 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-49ea8e2d7734ace3:host:172.234.197.23	SESSION-49ea8e2d7734ace3 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-022fbc52c5dbb7ff:host:177.10.237.180	SESSION-022fbc52c5dbb7ff → host:177.10.237.180
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc57a46aa64b7388:SESSION-cc57a46aa64b7388	SESSION-cc57a46aa64b7388 → pe:syn:SESSION-cc57a46aa64b7388
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-710eb7de55f51893:SESSION-710eb7de55f51893	SESSION-710eb7de55f51893 → pe:tls:SESSION-710eb7de55f51893
FLOW_DST_PORTOBS	e:fp:flow:3f51040d34d3:port:tcp:443	flow:3f51040d34d3 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afde502531c1ddca:host:172.234.197.23	SESSION-afde502531c1ddca → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2be203d892e5c4c6:SESSION-2be203d892e5c4c6	SESSION-2be203d892e5c4c6 → pe:syn:SESSION-2be203d892e5c4c6
FLOW_DST_PORTOBS	e:fp:flow:55a6b1de4d76:port:tcp:443	flow:55a6b1de4d76 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-27f108382ab89b5c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-27f108382ab89b5c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-724515316ace62dc:host:199.16.157.181	SESSION-724515316ace62dc → host:199.16.157.181
flow_observed4-aryOBS	e:fo:flow:1ee72008a57f	flow:1ee72008a57f → host:172.234.197.23 → host:177.10.236.115 → port:tcp:52767
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3ecb424a0a4d5b0f:PCAP:capture_20260430070001:903a0e7a436b	SESSION-3ecb424a0a4d5b0f → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:a36e5f4c9cca	flow:a36e5f4c9cca → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
flow_observed5-aryOBS	e:fo:flow:bbdcfb726e93	flow:bbdcfb726e93 → host:177.10.234.29 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cac7290643404699:host:103.230.240.59:host:172.234.197.23	SESSION-cac7290643404699 → host:103.230.240.59 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d8c0a98b52014301:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d8c0a98b52014301 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TLS_SNIOBS	e:fs:flow:9d3bfcd21805:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:9d3bfcd21805 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a77e99309dd6e28:flow:4d3f821e6497	SESSION-8a77e99309dd6e28 → flow:4d3f821e6497
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8614773ef8a3b357:host:177.10.233.109:host:172.234.197.23	SESSION-8614773ef8a3b357 → host:177.10.233.109 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d9ca387fd672ab7a:SESSION-d9ca387fd672ab7a	SESSION-d9ca387fd672ab7a → pe:tls:SESSION-d9ca387fd672ab7a
flow_observed4-aryOBS	e:fo:flow:3cfb47e7be4e	flow:3cfb47e7be4e → host:172.234.197.23 → host:177.10.235.222 → port:tcp:24265
FLOW_TO_HOSTOBS	e:to:SESSION-7dc8a86be27d0230:host:172.234.197.23	SESSION-7dc8a86be27d0230 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-592f6a5ffad96a3b:host:35.95.128.58:host:172.234.197.23	SESSION-592f6a5ffad96a3b → host:35.95.128.58 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c8b621e12628	flow:c8b621e12628 → host:177.10.234.94 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-952305350dc386c3:flow:15d752012211	SESSION-952305350dc386c3 → flow:15d752012211
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b97d7b281ae973a8:host:172.234.197.23	SESSION-b97d7b281ae973a8 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e50b4d368dc0	flow:e50b4d368dc0 → host:172.234.197.23 → host:177.10.236.189 → port:tcp:60659
flow_observed4-aryOBS	e:fo:flow:0320ce5d32ae	flow:0320ce5d32ae → host:172.234.197.23 → host:45.173.156.173 → port:tcp:6820
flow_observed5-aryOBS	e:fo:flow:306fbd5f32f8	flow:306fbd5f32f8 → host:177.10.232.83 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.182:asn:271410	host:131.196.30.182 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3bf7bb3dc8319468:SESSION-3bf7bb3dc8319468	SESSION-3bf7bb3dc8319468 → pe:tls:SESSION-3bf7bb3dc8319468
FLOW_DST_PORTOBS	e:fp:flow:4ef48c8a3468:port:tcp:443	flow:4ef48c8a3468 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c402fe398bbf1491:host:172.234.197.23:host:172.232.0.16	SESSION-c402fe398bbf1491 → host:172.234.197.23 → host:172.232.0.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cf286e26fb783f2f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cf286e26fb783f2f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b074fbdb748702cc:SESSION-b074fbdb748702cc	SESSION-b074fbdb748702cc → pe:tls:SESSION-b074fbdb748702cc
FLOW_TO_HOSTOBS	e:to:SESSION-da14485ca0be7376:host:172.234.197.23	SESSION-da14485ca0be7376 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5278b2d1db18e971:host:172.234.197.23:host:177.10.233.17	SESSION-5278b2d1db18e971 → host:172.234.197.23 → host:177.10.233.17
flow_observed4-aryOBS	e:fo:flow:7dddb16f6aa7	flow:7dddb16f6aa7 → host:172.234.197.23 → host:177.10.236.236 → port:tcp:27665
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9d0d1a45a4e9ec7:host:144.76.23.34	SESSION-b9d0d1a45a4e9ec7 → host:144.76.23.34
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-abc806ef9f1a9dce:host:172.234.197.23	SESSION-abc806ef9f1a9dce → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6354b0819147ed1d:host:172.234.197.23	SESSION-6354b0819147ed1d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2b523e88f9ec69c3:host:172.234.197.23	SESSION-2b523e88f9ec69c3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:57c5a1bd2723	flow:57c5a1bd2723 → host:45.173.156.44 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-09e8a1451dd94c84:flow:a80934ee9d8f	SESSION-09e8a1451dd94c84 → flow:a80934ee9d8f
FLOW_FROM_HOSTOBS	e:from:SESSION-a7401284f40d9f52:host:56.155.73.64	SESSION-a7401284f40d9f52 → host:56.155.73.64
FLOW_TO_HOSTOBS	e:to:SESSION-9f7884afbce83d50:host:172.234.197.23	SESSION-9f7884afbce83d50 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:c344393f012a	flow:c344393f012a → host:172.234.197.23 → host:177.10.235.249 → port:tcp:49563
FLOW_TO_HOSTOBS	e:to:SESSION-21640db65210a47d:host:172.234.197.23	SESSION-21640db65210a47d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.146:asn:262880	host:177.10.237.146 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-4bee67245b0f1ffd:host:78.12.83.235	SESSION-4bee67245b0f1ffd → host:78.12.83.235
flow_observed4-aryOBS	e:fo:flow:6caf715a57a5	flow:6caf715a57a5 → host:172.234.197.23 → host:177.10.234.91 → port:tcp:42434
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.37:asn:271410	host:131.196.31.37 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.57:geo_-16.28860_-49.01640	host:177.10.239.57 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-296f629f4229b1a2:PCAP:capture_20260430050001:8868731bf8a4	SESSION-296f629f4229b1a2 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fd573746c1e36a64:PCAP:capture_20260430160001:9bfa4498506a	SESSION-fd573746c1e36a64 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:aae931213988	flow:aae931213988 → host:177.10.236.84 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-332b957940cff81b:SESSION-332b957940cff81b	SESSION-332b957940cff81b → pe:tls:SESSION-332b957940cff81b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d96211015a0fddb9:SESSION-d96211015a0fddb9	SESSION-d96211015a0fddb9 → pe:syn:SESSION-d96211015a0fddb9
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.26:asn:262880	host:177.10.236.26 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-e280ba6e8e483a35:host:177.10.238.152	SESSION-e280ba6e8e483a35 → host:177.10.238.152
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.191:asn:262880	host:177.10.235.191 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94f17b7b7397155e:host:177.10.233.60	SESSION-94f17b7b7397155e → host:177.10.233.60
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.215:geo_-16.28860_-49.01640	host:177.10.234.215 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.232:geo_41.00190_28.96450	host:92.112.71.232 → geo_41.00190_28.96450
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37ba5323333f9720:flow:4b35d99dad77	SESSION-37ba5323333f9720 → flow:4b35d99dad77
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cd13e266b02b3087:SESSION-cd13e266b02b3087	SESSION-cd13e266b02b3087 → pe:tls:SESSION-cd13e266b02b3087
flow_observed5-aryOBS	e:fo:flow:f0f010e38ebe	flow:f0f010e38ebe → host:131.196.29.116 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-481702f1e56ec074:host:172.234.197.23	SESSION-481702f1e56ec074 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-9e2a4babdc2dc965:SESSION-9e2a4babdc2dc965	SESSION-9e2a4babdc2dc965 → pe:rst:SESSION-9e2a4babdc2dc965
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2b68ed671c67acfd:flow:44762f5cbd02	SESSION-2b68ed671c67acfd → flow:44762f5cbd02
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.40:asn:271410	host:131.196.28.40 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5eed95be9c1a7022:flow:6abeeac5086e	SESSION-5eed95be9c1a7022 → flow:6abeeac5086e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1350be77996fff9b:host:172.234.197.23	SESSION-1350be77996fff9b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c24af053222fbf1:host:131.196.29.69	SESSION-5c24af053222fbf1 → host:131.196.29.69
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-926b7babcf98185f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-926b7babcf98185f → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-d5aeffc2a4b56ba0:host:131.196.31.190	SESSION-d5aeffc2a4b56ba0 → host:131.196.31.190
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-112f4fdeb678f643:flow:eb22f21caf3d	SESSION-112f4fdeb678f643 → flow:eb22f21caf3d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-810f814d66b016e7:SESSION-810f814d66b016e7	SESSION-810f814d66b016e7 → pe:tls:SESSION-810f814d66b016e7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c6924fc6c1078bec:host:172.234.197.23	SESSION-c6924fc6c1078bec → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1f0a324b14316cd:host:177.10.239.221	SESSION-e1f0a324b14316cd → host:177.10.239.221
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-30052afb1f0268ab:PCAP:capture_20260428010001:b1b402c7b202	SESSION-30052afb1f0268ab → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b73ad2a19ec53d4:SESSION-5b73ad2a19ec53d4	SESSION-5b73ad2a19ec53d4 → pe:syn:SESSION-5b73ad2a19ec53d4
flow_observed5-aryOBS	e:fo:flow:a5bfd56e390d	flow:a5bfd56e390d → host:45.173.156.92 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f19ceabce4d2fbb5:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-f19ceabce4d2fbb5 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2997df12bb4a545b:host:177.10.233.87:host:172.234.197.23	SESSION-2997df12bb4a545b → host:177.10.233.87 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-913ac926bd708af5:host:177.10.238.218	SESSION-913ac926bd708af5 → host:177.10.238.218
flow_observed5-aryOBS	e:fo:flow:494513d358c8	flow:494513d358c8 → host:131.196.31.111 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-bdbc4c9f7cbfe0c2:host:177.10.235.132	SESSION-bdbc4c9f7cbfe0c2 → host:177.10.235.132
FLOW_FROM_HOSTOBS	e:from:SESSION-8ec199f8b9a6f389:host:167.235.194.109	SESSION-8ec199f8b9a6f389 → host:167.235.194.109
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c98ee522a60a5600:flow:22aa90f0cf17	SESSION-c98ee522a60a5600 → flow:22aa90f0cf17
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:43.192.54.92:geo_37.25340_105.99760	host:43.192.54.92 → geo_37.25340_105.99760
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.63:asn:262880	host:177.10.238.63 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-99de4fcd637901fc:host:177.10.239.59	SESSION-99de4fcd637901fc → host:177.10.239.59
FLOW_TO_HOSTOBS	e:to:SESSION-537461a77052bb13:host:172.234.197.23	SESSION-537461a77052bb13 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.137:geo_-16.28860_-49.01640	host:177.10.233.137 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7b11513eff2bd1e6:SESSION-7b11513eff2bd1e6	SESSION-7b11513eff2bd1e6 → pe:tls:SESSION-7b11513eff2bd1e6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2035a3586bc1f35f:host:172.234.197.23	SESSION-2035a3586bc1f35f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-21b1ebb6f3d7bd68:host:172.232.0.16	SESSION-21b1ebb6f3d7bd68 → host:172.232.0.16
FLOW_TO_HOSTOBS	e:to:SESSION-0a79875656e67c68:host:172.234.197.23	SESSION-0a79875656e67c68 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-144e16262f6e2a62:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-144e16262f6e2a62 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-079ef1e0e1e74623:flow:91daccc6e701	SESSION-079ef1e0e1e74623 → flow:91daccc6e701
FLOW_FROM_HOSTOBS	e:from:SESSION-f51f16a6829ff61b:host:131.196.29.236	SESSION-f51f16a6829ff61b → host:131.196.29.236
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ade0b807fe10f93e:host:172.234.197.23:host:177.10.236.114	SESSION-ade0b807fe10f93e → host:172.234.197.23 → host:177.10.236.114
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.98:geo_-16.28860_-49.01640	host:177.10.238.98 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-efd1ddb1a087b877:host:172.234.197.23	SESSION-efd1ddb1a087b877 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-71340f64d1455f4f:host:172.234.197.23	SESSION-71340f64d1455f4f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bcb34449111b6ae:host:172.234.197.23	SESSION-4bcb34449111b6ae → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6af0fd134ffb330e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6af0fd134ffb330e → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-fdca441bb1b3810b:host:172.234.197.23	SESSION-fdca441bb1b3810b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f96a240aba6afcc:host:131.196.30.221	SESSION-2f96a240aba6afcc → host:131.196.30.221
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4ec222cc1c3a7faf:PCAP:capture_20260430050001:8868731bf8a4	SESSION-4ec222cc1c3a7faf → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9868c83546c2d563:PCAP:capture_20260430150001:ded20914761d	SESSION-9868c83546c2d563 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:7a82c850348c:port:tcp:17478	flow:7a82c850348c → port:tcp:17478
FLOW_DST_PORTOBS	e:fp:flow:ed2ddb316adb:port:tcp:59999	flow:ed2ddb316adb → port:tcp:59999
flow_observed5-aryOBS	e:fo:flow:5a0cd8781a01	flow:5a0cd8781a01 → host:177.10.237.83 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96c13a83414ab25f:SESSION-96c13a83414ab25f	SESSION-96c13a83414ab25f → pe:tls:SESSION-96c13a83414ab25f
flow_observed5-aryOBS	e:fo:flow:8eef3970e8dd	flow:8eef3970e8dd → host:95.170.25.208 → host:172.234.197.23 → port:tcp:80 → svc:http
flow_observed5-aryOBS	e:fo:flow:bf1cd7116e24	flow:bf1cd7116e24 → host:177.10.233.35 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b325e5efc54d34b8:flow:0378764a4149	SESSION-b325e5efc54d34b8 → flow:0378764a4149
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-08b637759d13ec04:SESSION-08b637759d13ec04	SESSION-08b637759d13ec04 → pe:tls:SESSION-08b637759d13ec04
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1842fb1b2a9a6572:SESSION-1842fb1b2a9a6572	SESSION-1842fb1b2a9a6572 → pe:syn:SESSION-1842fb1b2a9a6572
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4235901c81cb167b:flow:700fed86d816	SESSION-4235901c81cb167b → flow:700fed86d816
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bd0de62eb0560e2b:SESSION-bd0de62eb0560e2b	SESSION-bd0de62eb0560e2b → pe:syn:SESSION-bd0de62eb0560e2b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-afde502531c1ddca:flow:844eea514ea2	SESSION-afde502531c1ddca → flow:844eea514ea2
FLOW_DST_PORTOBS	e:fp:flow:3ef5d98ffb33:port:tcp:26723	flow:3ef5d98ffb33 → port:tcp:26723
FLOW_FROM_HOSTOBS	e:from:SESSION-291dfe079248afc7:host:177.10.233.127	SESSION-291dfe079248afc7 → host:177.10.233.127
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ae37c351bfd95cd:host:45.173.156.63:host:172.234.197.23	SESSION-6ae37c351bfd95cd → host:45.173.156.63 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:bcec3454bc9d	flow:bcec3454bc9d → host:172.234.197.23 → host:131.196.31.146 → port:tcp:14271
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f86e42aef9b2f482:flow:6cdd6f90666a	SESSION-f86e42aef9b2f482 → flow:6cdd6f90666a
FLOW_DST_PORTOBS	e:fp:flow:bc0d66ba9370:port:tcp:443	flow:bc0d66ba9370 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:19e51d619eb1	flow:19e51d619eb1 → host:131.196.31.183 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7ddcefc7eea69488:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7ddcefc7eea69488 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-97957d43d677156c:SESSION-97957d43d677156c	SESSION-97957d43d677156c → pe:syn:SESSION-97957d43d677156c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9e4489cf6c262aa3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-9e4489cf6c262aa3 → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.104:asn:262880	host:177.10.232.104 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-94594005437ae120:PCAP:capture_20260430050001:8868731bf8a4	SESSION-94594005437ae120 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0553c47d8718786a:SESSION-0553c47d8718786a	SESSION-0553c47d8718786a → pe:tls:SESSION-0553c47d8718786a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-40ef48225b459fb9:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-40ef48225b459fb9 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:b0ea91d62d64:port:tcp:55952	flow:b0ea91d62d64 → port:tcp:55952
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e4ae2c6ddba3051:host:177.10.235.158	SESSION-7e4ae2c6ddba3051 → host:177.10.235.158
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-41172116812e3a49:host:177.10.236.39:host:172.234.197.23	SESSION-41172116812e3a49 → host:177.10.236.39 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0e6f218d3e359434:SESSION-0e6f218d3e359434	SESSION-0e6f218d3e359434 → pe:syn:SESSION-0e6f218d3e359434
FLOW_DST_PORTOBS	e:fp:flow:43136ed91747:port:tcp:26674	flow:43136ed91747 → port:tcp:26674
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.143:asn:262880	host:177.10.239.143 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-738a9f5daf478976:SESSION-738a9f5daf478976	SESSION-738a9f5daf478976 → pe:tls:SESSION-738a9f5daf478976
FLOW_TO_HOSTOBS	e:to:SESSION-4337995d605bd9f8:host:177.10.232.156	SESSION-4337995d605bd9f8 → host:177.10.232.156
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.80:asn:271410	host:131.196.29.80 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dba7d64f7032fffd:host:172.234.197.23	SESSION-dba7d64f7032fffd → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2f8e534a226c	flow:2f8e534a226c → host:131.196.31.7 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:cb392402663a	flow:cb392402663a → host:172.234.197.23 → host:131.196.29.131 → port:tcp:40509
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-07124c917c797d63:flow:d918f8fcd068	SESSION-07124c917c797d63 → flow:d918f8fcd068
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-abc64529b37d4840:BSG-BEACON-5db8221010e8	SESSION-abc64529b37d4840 → BSG-BEACON-5db8221010e8
FLOW_FROM_HOSTOBS	e:from:SESSION-4af5e0493e3bd78c:host:177.10.239.185	SESSION-4af5e0493e3bd78c → host:177.10.239.185
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-63e207f92d9c898d:host:45.173.156.32	SESSION-63e207f92d9c898d → host:45.173.156.32
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75d8d9da58d6d51c:host:172.234.197.23	SESSION-75d8d9da58d6d51c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.96:asn:262880	host:177.10.237.96 → asn:262880
flow_observed5-aryOBS	e:fo:flow:3f94093d8b40	flow:3f94093d8b40 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2e46bef1b2f6daf0:host:172.234.197.23:host:177.10.239.209	SESSION-2e46bef1b2f6daf0 → host:172.234.197.23 → host:177.10.239.209
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.246:asn:262880	host:177.10.239.246 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e77bd841354043c4:SESSION-e77bd841354043c4	SESSION-e77bd841354043c4 → pe:tls:SESSION-e77bd841354043c4
FLOW_TO_HOSTOBS	e:to:SESSION-e2edb47571c4ed35:host:131.196.29.12	SESSION-e2edb47571c4ed35 → host:131.196.29.12
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ae747b0389dd0111:PCAP:capture_20260430090001:065659c7d314	SESSION-ae747b0389dd0111 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.125:geo_-16.28860_-49.01640	host:177.10.232.125 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c35942669d0b12c8:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c35942669d0b12c8 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85f6b1896204af93:host:172.234.197.23	SESSION-85f6b1896204af93 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ba8512040d3b37b:flow:ae23623ba6a8	SESSION-5ba8512040d3b37b → flow:ae23623ba6a8
flow_observed5-aryOBS	e:fo:flow:6bf9f984b3f5	flow:6bf9f984b3f5 → host:131.196.28.242 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TLS_SNIOBS	e:fs:flow:e90c527361e6:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:e90c527361e6 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ec00857ef12f8e7e:host:177.10.235.65:host:172.234.197.23	SESSION-ec00857ef12f8e7e → host:177.10.235.65 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-14ec4f61373e7262:SESSION-14ec4f61373e7262	SESSION-14ec4f61373e7262 → pe:tls:SESSION-14ec4f61373e7262
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4754bc389b07ad3e:SESSION-4754bc389b07ad3e	SESSION-4754bc389b07ad3e → pe:tls:SESSION-4754bc389b07ad3e
flow_observed5-aryOBS	e:fo:flow:bcf7cfc90ac1	flow:bcf7cfc90ac1 → host:177.10.239.252 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0d1802072f1dd852:SESSION-0d1802072f1dd852	SESSION-0d1802072f1dd852 → pe:syn:SESSION-0d1802072f1dd852
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-81c3f53ebeacb521:SESSION-81c3f53ebeacb521	SESSION-81c3f53ebeacb521 → pe:syn:SESSION-81c3f53ebeacb521
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3b2d33602e817e1:host:131.196.28.100	SESSION-b3b2d33602e817e1 → host:131.196.28.100
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-86086a72c76b1135:SESSION-86086a72c76b1135	SESSION-86086a72c76b1135 → pe:tls:SESSION-86086a72c76b1135
FLOW_DST_PORTOBS	e:fp:flow:87e1e650d9d0:port:tcp:443	flow:87e1e650d9d0 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-cd81cfaee9483060:host:172.234.197.23	SESSION-cd81cfaee9483060 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d32b9643240d8a79:flow:e3ea775b7999	SESSION-d32b9643240d8a79 → flow:e3ea775b7999
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5ae6e0246d28b44:host:172.234.197.23	SESSION-d5ae6e0246d28b44 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e49b447cbf9c1ef7:host:177.10.235.205	SESSION-e49b447cbf9c1ef7 → host:177.10.235.205
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.211:asn:262880	host:177.10.239.211 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.75:geo_-16.28860_-49.01640	host:177.10.239.75 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db3c6ad3393f14ad:host:172.234.197.23	SESSION-db3c6ad3393f14ad → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-98c12e77f111e64e:flow:39c25f60b4e5	SESSION-98c12e77f111e64e → flow:39c25f60b4e5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3fd9b76b5230e873:SESSION-3fd9b76b5230e873	SESSION-3fd9b76b5230e873 → pe:syn:SESSION-3fd9b76b5230e873
FLOW_FROM_HOSTOBS	e:from:SESSION-6e798ff0c310952a:host:177.10.234.144	SESSION-6e798ff0c310952a → host:177.10.234.144
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48de9f7b9a5a464c:host:172.234.197.23	SESSION-48de9f7b9a5a464c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ae64075781208b0:host:172.234.197.23	SESSION-6ae64075781208b0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fc3b21937ae9:port:tcp:443	flow:fc3b21937ae9 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:197556b63536	flow:197556b63536 → host:177.10.236.51 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:0ce76c6207ea	flow:0ce76c6207ea → host:172.234.197.23 → host:177.10.232.130 → port:tcp:11135
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b7d412d830baf98:host:172.234.197.23	SESSION-4b7d412d830baf98 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ba642a19e1a643ce:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ba642a19e1a643ce → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-ac1869edc353761e:host:172.234.197.23	SESSION-ac1869edc353761e → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d8c9b51009f5	flow:d8c9b51009f5 → host:172.234.197.23 → host:177.10.234.44 → port:tcp:59587
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae3419cd71fb8b85:host:45.173.156.232	SESSION-ae3419cd71fb8b85 → host:45.173.156.232
FLOW_DST_PORTOBS	e:fp:flow:4a6b04783091:port:tcp:443	flow:4a6b04783091 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9e0dcae8b099ffa5:flow:a7995a0a82ed	SESSION-9e0dcae8b099ffa5 → flow:a7995a0a82ed
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-792b602eaec629a3:flow:49f2a7783588	SESSION-792b602eaec629a3 → flow:49f2a7783588
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c7b12eb68f09b08a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c7b12eb68f09b08a → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8feacc6abd2fe08c:host:131.196.28.228:host:172.234.197.23	SESSION-8feacc6abd2fe08c → host:131.196.28.228 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e77738dbb03f9aec:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e77738dbb03f9aec → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-67e4e454d5bff348:flow:98facdade98c	SESSION-67e4e454d5bff348 → flow:98facdade98c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2f890b9cda6af294:PCAP:capture_20260430080001:93f47cc296a4	SESSION-2f890b9cda6af294 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed4-aryOBS	e:fo:flow:114e2cfb6ecb	flow:114e2cfb6ecb → host:172.234.197.23 → host:177.10.234.186 → port:tcp:60224
FLOW_FROM_HOSTOBS	e:from:SESSION-ed8e90a0efd647ab:host:177.10.239.242	SESSION-ed8e90a0efd647ab → host:177.10.239.242
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4117bfae8d393f9c:SESSION-4117bfae8d393f9c	SESSION-4117bfae8d393f9c → pe:syn:SESSION-4117bfae8d393f9c
FLOW_FROM_HOSTOBS	e:from:SESSION-959e19b011db2562:host:57.128.95.174	SESSION-959e19b011db2562 → host:57.128.95.174
FLOW_DST_PORTOBS	e:fp:flow:6263b85fb722:port:tcp:25765	flow:6263b85fb722 → port:tcp:25765
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2c659a567a628e2:host:177.10.236.41	SESSION-d2c659a567a628e2 → host:177.10.236.41
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-082589f81acb7a8f:SESSION-082589f81acb7a8f	SESSION-082589f81acb7a8f → pe:tls:SESSION-082589f81acb7a8f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b074fbdb748702cc:flow:b0c4f4fc61a3	SESSION-b074fbdb748702cc → flow:b0c4f4fc61a3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.167:geo_-23.62930_-46.63510	host:131.196.30.167 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1052ae798d70afda:flow:eaab4ec79949	SESSION-1052ae798d70afda → flow:eaab4ec79949
FLOW_DST_PORTOBS	e:fp:flow:6ffd15e339d9:port:tcp:443	flow:6ffd15e339d9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-083cc9a3854de3cd:host:91.240.224.238	SESSION-083cc9a3854de3cd → host:91.240.224.238
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6455927ff3f8f851:host:177.10.238.117:host:172.234.197.23	SESSION-6455927ff3f8f851 → host:177.10.238.117 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-efcc1618f79daeb7:host:45.173.156.26:host:172.234.197.23	SESSION-efcc1618f79daeb7 → host:45.173.156.26 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-29f2fc627b4350bb:SESSION-29f2fc627b4350bb	SESSION-29f2fc627b4350bb → pe:tls:SESSION-29f2fc627b4350bb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a8441f04433657ee:SESSION-a8441f04433657ee	SESSION-a8441f04433657ee → pe:syn:SESSION-a8441f04433657ee
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.247:geo_-23.62930_-46.63510	host:131.196.30.247 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-14a60b0039fa135f:SESSION-14a60b0039fa135f	SESSION-14a60b0039fa135f → pe:syn:SESSION-14a60b0039fa135f
FLOW_DST_PORTOBS	e:fp:flow:f80c07f5c415:port:tcp:15904	flow:f80c07f5c415 → port:tcp:15904
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6dc77b6505beb2bc:host:172.234.197.23	SESSION-6dc77b6505beb2bc → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:306c1d5ac8d4	flow:306c1d5ac8d4 → host:54.186.85.102 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:aeca250f29dc	flow:aeca250f29dc → host:78.47.249.154 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.6:geo_-16.28860_-49.01640	host:177.10.237.6 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47ed07d15aa63df9:PCAP:capture_20260430090001:065659c7d314	SESSION-47ed07d15aa63df9 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3d2c48d2810841c0:host:172.234.197.23	SESSION-3d2c48d2810841c0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1d975c41b16afdd4:host:172.234.197.23	SESSION-1d975c41b16afdd4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4bd4f427df690125:host:172.234.197.23	SESSION-4bd4f427df690125 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ebc4720c3766	flow:ebc4720c3766 → host:131.196.29.175 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:54f02f05c06a:port:tcp:443	flow:54f02f05c06a → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a24ab62cbf4deb47:SESSION-a24ab62cbf4deb47	SESSION-a24ab62cbf4deb47 → pe:syn:SESSION-a24ab62cbf4deb47
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cd1b98a612532c8e:SESSION-cd1b98a612532c8e	SESSION-cd1b98a612532c8e → pe:tls:SESSION-cd1b98a612532c8e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-364411d92a5a41bf:SESSION-364411d92a5a41bf	SESSION-364411d92a5a41bf → pe:tls:SESSION-364411d92a5a41bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f02a050799431d6e:host:172.234.197.23	SESSION-f02a050799431d6e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d6e3c617395c3b07:host:104.28.202.77:host:172.234.197.23	SESSION-d6e3c617395c3b07 → host:104.28.202.77 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c1f401a82a26	flow:c1f401a82a26 → host:108.217.180.26 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:ffcab162b11c:port:tcp:443	flow:ffcab162b11c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ab83f0ea1c3b60ab:SESSION-ab83f0ea1c3b60ab	SESSION-ab83f0ea1c3b60ab → pe:syn:SESSION-ab83f0ea1c3b60ab
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-825be4419cbefff8:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-825be4419cbefff8 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-76b0da8a82e9902a:SESSION-76b0da8a82e9902a	SESSION-76b0da8a82e9902a → pe:tls:SESSION-76b0da8a82e9902a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.252:geo_-16.28860_-49.01640	host:177.10.237.252 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-396da887f3ac73e5:host:177.10.234.171	SESSION-396da887f3ac73e5 → host:177.10.234.171
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-70ca21a7c0c8fc42:PCAP:capture_20260430060001:919b39a74464	SESSION-70ca21a7c0c8fc42 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8fbacc1128a5208:host:172.234.197.23	SESSION-c8fbacc1128a5208 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-113c4b09005431cc:host:172.234.197.23	SESSION-113c4b09005431cc → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-364411d92a5a41bf:host:45.173.156.225:host:172.234.197.23	SESSION-364411d92a5a41bf → host:45.173.156.225 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.130:geo_-23.62930_-46.63510	host:131.196.31.130 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bef16d9c79cba2c2:host:177.10.233.96	SESSION-bef16d9c79cba2c2 → host:177.10.233.96
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.231:geo_-16.28860_-49.01640	host:177.10.238.231 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a776552d0ac90a05:host:45.173.156.99	SESSION-a776552d0ac90a05 → host:45.173.156.99
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0ccbf098e115515a:host:177.10.232.65:host:172.234.197.23	SESSION-0ccbf098e115515a → host:177.10.232.65 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.121:geo_-23.62930_-46.63510	host:131.196.30.121 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.27:geo_-23.62930_-46.63510	host:131.196.29.27 → geo_-23.62930_-46.63510
flow_observed3-aryOBS	e:fo:flow:e7d1e5021626	flow:e7d1e5021626 → host:103.155.16.117 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-40c5d05833b5d363:SESSION-40c5d05833b5d363	SESSION-40c5d05833b5d363 → pe:syn:SESSION-40c5d05833b5d363
flow_observed5-aryOBS	e:fo:flow:44ae2f180ff5	flow:44ae2f180ff5 → host:177.10.237.80 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:ca9c9c940fe6:port:tcp:443	flow:ca9c9c940fe6 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-99e2981b3b5fa520:flow:bcf7cfc90ac1	SESSION-99e2981b3b5fa520 → flow:bcf7cfc90ac1
FLOW_FROM_HOSTOBS	e:from:SESSION-f26dae72fe8e9fa0:host:172.234.197.23	SESSION-f26dae72fe8e9fa0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f9e70132665ab339:host:172.234.197.23	SESSION-f9e70132665ab339 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.11:asn:262880	host:177.10.234.11 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-37a8b94aca0a72fd:host:172.234.197.23	SESSION-37a8b94aca0a72fd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-4d3ca4dbaf4c9647:SESSION-4d3ca4dbaf4c9647	SESSION-4d3ca4dbaf4c9647 → pe:rst:SESSION-4d3ca4dbaf4c9647
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b0b2d167e93bb2e:host:131.196.28.80	SESSION-0b0b2d167e93bb2e → host:131.196.28.80
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.71:asn:271410	host:131.196.31.71 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5d6622ca4a22ed44:SESSION-5d6622ca4a22ed44	SESSION-5d6622ca4a22ed44 → pe:tls:SESSION-5d6622ca4a22ed44
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37ce4ecafac50117:host:177.10.232.220	SESSION-37ce4ecafac50117 → host:177.10.232.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3056fcd37df4e63f:SESSION-3056fcd37df4e63f	SESSION-3056fcd37df4e63f → pe:syn:SESSION-3056fcd37df4e63f
FLOW_DST_PORTOBS	e:fp:flow:48d5c490e0d2:port:tcp:443	flow:48d5c490e0d2 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-643a90c68c400c64:host:172.234.197.23	SESSION-643a90c68c400c64 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4754bc389b07ad3e:flow:1438472b9ed2	SESSION-4754bc389b07ad3e → flow:1438472b9ed2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-149428cb73969f2b:flow:d2a27537cb94	SESSION-149428cb73969f2b → flow:d2a27537cb94
FLOW_DST_PORTOBS	e:fp:flow:c1e3509c8979:port:tcp:27555	flow:c1e3509c8979 → port:tcp:27555
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-588e177edbf40597:SESSION-588e177edbf40597	SESSION-588e177edbf40597 → pe:tls:SESSION-588e177edbf40597
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f21aae4e1b352568:host:45.145.152.104:host:172.234.197.23	SESSION-f21aae4e1b352568 → host:45.145.152.104 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c5c2c07cb426	flow:c5c2c07cb426 → host:177.10.234.64 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1da9f85a5b3be49b:host:131.196.31.167:host:172.234.197.23	SESSION-1da9f85a5b3be49b → host:131.196.31.167 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:4784e4b5fa43	flow:4784e4b5fa43 → host:172.234.197.23 → host:177.10.237.164 → port:tcp:64831
flow_observed5-aryOBS	e:fo:flow:c54afd12c1fc	flow:c54afd12c1fc → host:177.10.239.166 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ea3a69414cbbc32d:SESSION-ea3a69414cbbc32d	SESSION-ea3a69414cbbc32d → pe:syn:SESSION-ea3a69414cbbc32d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e4cbb1218941faec:SESSION-e4cbb1218941faec	SESSION-e4cbb1218941faec → pe:syn:SESSION-e4cbb1218941faec
FLOW_FROM_HOSTOBS	e:from:SESSION-b60cd26b4cd717ea:host:177.10.235.226	SESSION-b60cd26b4cd717ea → host:177.10.235.226
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.97:asn:271410	host:131.196.28.97 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b1dabd85b6a07947:host:177.10.232.217:host:172.234.197.23	SESSION-b1dabd85b6a07947 → host:177.10.232.217 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e548e1862e666d4:host:177.10.236.240	SESSION-4e548e1862e666d4 → host:177.10.236.240
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-412d8e92812f4ea2:host:177.10.239.129:host:172.234.197.23	SESSION-412d8e92812f4ea2 → host:177.10.239.129 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b61117bf3d91dba8:host:177.10.238.110:host:172.234.197.23	SESSION-b61117bf3d91dba8 → host:177.10.238.110 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.253:asn:262880	host:177.10.232.253 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:926320651e1b:port:tcp:80	flow:926320651e1b → port:tcp:80
flow_observed5-aryOBS	e:fo:flow:e77c47e6f503	flow:e77c47e6f503 → host:177.10.232.245 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-47e6906e0a27d254:host:177.10.237.179	SESSION-47e6906e0a27d254 → host:177.10.237.179
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-97231868d06ff2ed:SESSION-97231868d06ff2ed	SESSION-97231868d06ff2ed → pe:syn:SESSION-97231868d06ff2ed
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-801ebd343e287ece:SESSION-801ebd343e287ece	SESSION-801ebd343e287ece → pe:syn:SESSION-801ebd343e287ece
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b8c772918251267:host:172.234.197.23	SESSION-0b8c772918251267 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-eb72c41fb24aaf81:host:172.234.197.23	SESSION-eb72c41fb24aaf81 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-31f4941ab57ed47b:host:177.10.235.117	SESSION-31f4941ab57ed47b → host:177.10.235.117
flow_observed4-aryOBS	e:fo:flow:eeea191af78d	flow:eeea191af78d → host:172.234.197.23 → host:131.196.30.231 → port:tcp:512
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-42ac4798d48b113f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-42ac4798d48b113f → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bc37b0c14be06192:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-bc37b0c14be06192 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a3123a8609bb9fc1:SESSION-a3123a8609bb9fc1	SESSION-a3123a8609bb9fc1 → pe:syn:SESSION-a3123a8609bb9fc1
FLOW_TO_HOSTOBS	e:to:SESSION-65a2e80880ae05c5:host:172.234.197.23	SESSION-65a2e80880ae05c5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9343604177341c5:host:172.234.197.23	SESSION-a9343604177341c5 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.97:geo_-16.28860_-49.01640	host:177.10.238.97 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-b9deb407202a7aa0:host:131.196.30.37	SESSION-b9deb407202a7aa0 → host:131.196.30.37
FLOW_TO_HOSTOBS	e:to:SESSION-4628aedb62e0673e:host:131.196.31.21	SESSION-4628aedb62e0673e → host:131.196.31.21
flow_observed5-aryOBS	e:fo:flow:97684df2988c	flow:97684df2988c → host:177.10.239.165 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8e0f3c8a35641f7b:PCAP:capture_20260430090001:065659c7d314	SESSION-8e0f3c8a35641f7b → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4b91d700ec898758:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4b91d700ec898758 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-0caa41ae62241956:host:177.10.235.93	SESSION-0caa41ae62241956 → host:177.10.235.93
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c2bde5ab088d2882:host:3.112.93.79:host:172.234.197.23	SESSION-c2bde5ab088d2882 → host:3.112.93.79 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ea6dafd9e19b:port:tcp:443	flow:ea6dafd9e19b → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.5:asn:262880	host:177.10.234.5 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-63be833bbb100650:host:131.196.28.128	SESSION-63be833bbb100650 → host:131.196.28.128
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5ab8147bbacef01b:SESSION-5ab8147bbacef01b	SESSION-5ab8147bbacef01b → pe:syn:SESSION-5ab8147bbacef01b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-292edad33ae38c98:host:172.234.197.23	SESSION-292edad33ae38c98 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-40497d6996ef2088:host:172.234.197.23	SESSION-40497d6996ef2088 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-354c21b56902e892:SESSION-354c21b56902e892	SESSION-354c21b56902e892 → pe:syn:SESSION-354c21b56902e892
FLOW_DST_PORTOBS	e:fp:flow:c4ad118541b1:port:tcp:443	flow:c4ad118541b1 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8bf7420041ec56c9:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-8bf7420041ec56c9 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-921caeacc0f03622:host:177.10.233.100:host:172.234.197.23	SESSION-921caeacc0f03622 → host:177.10.233.100 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2966a121f8fe86e9:PCAP:capture_20260430070001:903a0e7a436b	SESSION-2966a121f8fe86e9 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-6dacc3093e29f894:host:172.234.197.23	SESSION-6dacc3093e29f894 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.247:asn:262880	host:177.10.238.247 → asn:262880
flow_observed5-aryOBS	e:fo:flow:d9811549b700	flow:d9811549b700 → host:177.10.237.245 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:bd07e448a44e:port:tcp:443	flow:bd07e448a44e → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-06d2ad4243fb8941:host:131.196.30.12	SESSION-06d2ad4243fb8941 → host:131.196.30.12
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.62:asn:271410	host:131.196.28.62 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:3839d01ad8f6:port:tcp:443	flow:3839d01ad8f6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fb420f75ffa7d0f:host:172.234.197.23	SESSION-7fb420f75ffa7d0f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d618ae22306fa7b9:SESSION-d618ae22306fa7b9	SESSION-d618ae22306fa7b9 → pe:tls:SESSION-d618ae22306fa7b9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8bf059b02e9beec:host:172.234.197.23	SESSION-c8bf059b02e9beec → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6e6afdb068db09de:host:45.173.156.220	SESSION-6e6afdb068db09de → host:45.173.156.220
FLOW_FROM_HOSTOBS	e:from:SESSION-711f533390ef220f:host:172.234.197.23	SESSION-711f533390ef220f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-840476c00c988ec7:host:172.234.197.23	SESSION-840476c00c988ec7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d58cfad877959bea:host:172.234.197.23	SESSION-d58cfad877959bea → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6010f1ab3b1ee9c7:host:172.234.197.23	SESSION-6010f1ab3b1ee9c7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-230e735532621bd7:SESSION-230e735532621bd7	SESSION-230e735532621bd7 → pe:tls:SESSION-230e735532621bd7
FLOW_FROM_HOSTOBS	e:from:SESSION-e8ef5b0d475390b4:host:131.196.29.168	SESSION-e8ef5b0d475390b4 → host:131.196.29.168
flow_observed5-aryOBS	e:fo:flow:8ee9465bb257	flow:8ee9465bb257 → host:177.10.234.9 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0da9d7ff41780d23:SESSION-0da9d7ff41780d23	SESSION-0da9d7ff41780d23 → pe:syn:SESSION-0da9d7ff41780d23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b9d0d1a45a4e9ec7:SESSION-b9d0d1a45a4e9ec7	SESSION-b9d0d1a45a4e9ec7 → pe:syn:SESSION-b9d0d1a45a4e9ec7
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.40:asn:271410	host:131.196.31.40 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e4de8bcb2f0334a:flow:9e2efcab33d5	SESSION-4e4de8bcb2f0334a → flow:9e2efcab33d5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c70d9a6440c9b19a:flow:f810268e2b18	SESSION-c70d9a6440c9b19a → flow:f810268e2b18
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-92a69e37100365d0:PCAP:capture_20260430080001:93f47cc296a4	SESSION-92a69e37100365d0 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7037fa1e0334ef5:PCAP:capture_20260430110001:43611bdf6759	SESSION-b7037fa1e0334ef5 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b880a07e89a760de:host:172.234.197.23	SESSION-b880a07e89a760de → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.25:asn:262880	host:177.10.235.25 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9ea69d35daebb9b8:SESSION-9ea69d35daebb9b8	SESSION-9ea69d35daebb9b8 → pe:tls:SESSION-9ea69d35daebb9b8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b5b84f652a18f91:host:172.234.197.23:host:177.10.233.246	SESSION-5b5b84f652a18f91 → host:172.234.197.23 → host:177.10.233.246
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.255:asn:271410	host:131.196.29.255 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.228:asn:262880	host:177.10.238.228 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a208e591aeac31e9:PCAP:capture_20260430110001:43611bdf6759	SESSION-a208e591aeac31e9 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-745809bcd8ad6979:SESSION-745809bcd8ad6979	SESSION-745809bcd8ad6979 → pe:tls:SESSION-745809bcd8ad6979
FLOW_DST_PORTOBS	e:fp:flow:ed30ae43a62a:port:tcp:443	flow:ed30ae43a62a → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b9d11ee49864a2bc:SESSION-b9d11ee49864a2bc	SESSION-b9d11ee49864a2bc → pe:syn:SESSION-b9d11ee49864a2bc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-47fcc0d7da6d7c1a:SESSION-47fcc0d7da6d7c1a	SESSION-47fcc0d7da6d7c1a → pe:tls:SESSION-47fcc0d7da6d7c1a
flow_observed4-aryOBS	e:fo:flow:cc415382b4b7	flow:cc415382b4b7 → host:172.234.197.23 → host:177.10.239.69 → port:tcp:9122
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.120:geo_41.02140_28.99480	host:37.221.79.120 → geo_41.02140_28.99480
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8b9d154eee5d788:host:131.196.28.242	SESSION-c8b9d154eee5d788 → host:131.196.28.242
FLOW_TO_HOSTOBS	e:to:SESSION-fecc6fa34e31300b:host:172.234.197.23	SESSION-fecc6fa34e31300b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2c24cbdb3e7b273c:SESSION-2c24cbdb3e7b273c	SESSION-2c24cbdb3e7b273c → pe:syn:SESSION-2c24cbdb3e7b273c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9eddb8081d100874:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-9eddb8081d100874 → PCAP:capture_20260427220001:43a3d6220bc6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.10:geo_-16.28860_-49.01640	host:177.10.236.10 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:27e848fcece9	flow:27e848fcece9 → host:177.10.235.217 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-86086a72c76b1135:host:131.196.30.147	SESSION-86086a72c76b1135 → host:131.196.30.147
FLOW_DST_PORTOBS	e:fp:flow:4ae7f98c921b:port:tcp:443	flow:4ae7f98c921b → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-727af4ad5af6cc01:BSG-DATA_EXFIL-07c7d2adce82	SESSION-727af4ad5af6cc01 → BSG-DATA_EXFIL-07c7d2adce82
flow_observed3-aryOBS	e:fo:flow:7513315664df	flow:7513315664df → host:170.106.14.53 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1fb163f3769ccb67:host:131.196.31.235	SESSION-1fb163f3769ccb67 → host:131.196.31.235
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-205f350cdfc6cb9d:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-205f350cdfc6cb9d → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9222c19da42c0aaa:SESSION-9222c19da42c0aaa	SESSION-9222c19da42c0aaa → pe:syn:SESSION-9222c19da42c0aaa
flow_observed5-aryOBS	e:fo:flow:fc3b21937ae9	flow:fc3b21937ae9 → host:131.196.31.220 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a98c5df3fe5e6d6:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4a98c5df3fe5e6d6 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:dcf514f92a72	flow:dcf514f92a72 → host:177.10.232.130 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f750867699c9a944:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f750867699c9a944 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-282c3beb2e9d9d39:host:45.173.156.149:host:172.234.197.23	SESSION-282c3beb2e9d9d39 → host:45.173.156.149 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b42fc656319c5bfc:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b42fc656319c5bfc → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-979dfdf677607677:SESSION-979dfdf677607677	SESSION-979dfdf677607677 → pe:syn:SESSION-979dfdf677607677
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cd38adf08b5d5a9e:flow:aa0e77b18e64	SESSION-cd38adf08b5d5a9e → flow:aa0e77b18e64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d1532b7922e59746:SESSION-d1532b7922e59746	SESSION-d1532b7922e59746 → pe:syn:SESSION-d1532b7922e59746
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e074701a4b6d6566:host:172.234.197.23	SESSION-e074701a4b6d6566 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:62442:org:Dade Samane Fanava Company (PJS)	asn:62442 → org:Dade Samane Fanava Company (PJS)
FLOW_DST_PORTOBS	e:fp:flow:1fd0dc7523f1:port:tcp:443	flow:1fd0dc7523f1 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96afec3035986aab:flow:31aded4cced4	SESSION-96afec3035986aab → flow:31aded4cced4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-168c4e3df9119bba:SESSION-168c4e3df9119bba	SESSION-168c4e3df9119bba → pe:syn:SESSION-168c4e3df9119bba
FLOW_DST_PORTOBS	e:fp:flow:6e499fdcb6ff:port:tcp:443	flow:6e499fdcb6ff → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4b7d412d830baf98:SESSION-4b7d412d830baf98	SESSION-4b7d412d830baf98 → pe:tls:SESSION-4b7d412d830baf98
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c1a14827dc654457:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c1a14827dc654457 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f74caf722af4b362:flow:3d3570f8986d	SESSION-f74caf722af4b362 → flow:3d3570f8986d
FLOW_TO_HOSTOBS	e:to:SESSION-96b1920351aaff79:host:172.234.197.23	SESSION-96b1920351aaff79 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b16751dae4d82103:host:177.10.236.16:host:172.234.197.23	SESSION-b16751dae4d82103 → host:177.10.236.16 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e2ecbcecdc44a459:host:177.10.237.113:host:172.234.197.23	SESSION-e2ecbcecdc44a459 → host:177.10.237.113 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-af55ab527d360ebd:host:172.234.197.23	SESSION-af55ab527d360ebd → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f9c73da0e6ec113c:PCAP:capture_20260430150001:ded20914761d	SESSION-f9c73da0e6ec113c → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-6ff9e556bf199706:host:177.10.234.15	SESSION-6ff9e556bf199706 → host:177.10.234.15
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3fa29bafd0740f46:host:172.234.197.23:host:131.196.29.126	SESSION-3fa29bafd0740f46 → host:172.234.197.23 → host:131.196.29.126
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-216df7510915a954:SESSION-216df7510915a954	SESSION-216df7510915a954 → pe:syn:SESSION-216df7510915a954
FLOW_TO_HOSTOBS	e:to:SESSION-58f2a638c6bf8581:host:172.234.197.23	SESSION-58f2a638c6bf8581 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-46aa20776642b201:host:172.234.197.23:host:45.173.156.83	SESSION-46aa20776642b201 → host:172.234.197.23 → host:45.173.156.83
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-999a3a68382b7707:host:131.196.28.90	SESSION-999a3a68382b7707 → host:131.196.28.90
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-555dcb6965008cb6:SESSION-555dcb6965008cb6	SESSION-555dcb6965008cb6 → pe:syn:SESSION-555dcb6965008cb6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48726e3ec935fccb:host:172.234.197.23	SESSION-48726e3ec935fccb → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cd248be3cf9515b5:host:172.234.197.23	SESSION-cd248be3cf9515b5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b26b1d0f64e1:port:udp:53	flow:b26b1d0f64e1 → port:udp:53
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-34d820c66fac079b:flow:5015886c6c7c	SESSION-34d820c66fac079b → flow:5015886c6c7c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7d1b2f476de49a99:host:177.10.238.161:host:172.234.197.23	SESSION-7d1b2f476de49a99 → host:177.10.238.161 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0665b9726687b63:flow:41f1b68a64df	SESSION-c0665b9726687b63 → flow:41f1b68a64df
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.194:asn:262880	host:177.10.239.194 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51c7000fcfeb98d4:host:172.234.197.23	SESSION-51c7000fcfeb98d4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db5e0e0456a4bec1:host:177.10.236.72	SESSION-db5e0e0456a4bec1 → host:177.10.236.72
FLOW_TO_HOSTOBS	e:to:SESSION-7937f820efd31935:host:172.234.197.23	SESSION-7937f820efd31935 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ffb355c8f64da05f:host:172.234.197.23	SESSION-ffb355c8f64da05f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8d6177ca01e3:port:tcp:443	flow:8d6177ca01e3 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:9b70d955992c	flow:9b70d955992c → host:131.196.28.10 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-38739a517334cf5a:SESSION-38739a517334cf5a	SESSION-38739a517334cf5a → pe:syn:SESSION-38739a517334cf5a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1075bb458d3b18a:PCAP:capture_20260428010001:b1b402c7b202	SESSION-d1075bb458d3b18a → PCAP:capture_20260428010001:b1b402c7b202
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bd3259577d52904f:host:43.192.54.92:host:172.234.197.23	SESSION-bd3259577d52904f → host:43.192.54.92 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d48167229286:port:tcp:41556	flow:d48167229286 → port:tcp:41556
FLOW_FROM_HOSTOBS	e:from:SESSION-c184642b13b6de27:host:177.10.239.2	SESSION-c184642b13b6de27 → host:177.10.239.2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e921959b541072de:host:177.10.236.176:host:172.234.197.23	SESSION-e921959b541072de → host:177.10.236.176 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-361f1ea86b9f3cf3:host:177.10.236.253	SESSION-361f1ea86b9f3cf3 → host:177.10.236.253
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5e5c0136d660133a:flow:2109a657de5e	SESSION-5e5c0136d660133a → flow:2109a657de5e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3407d813acebc00f:host:177.10.239.107	SESSION-3407d813acebc00f → host:177.10.239.107
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2091e87bc96ca173:host:131.196.29.25:host:172.234.197.23	SESSION-2091e87bc96ca173 → host:131.196.29.25 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b59030bd39741ab3:host:131.196.29.114	SESSION-b59030bd39741ab3 → host:131.196.29.114
FLOW_DST_PORTOBS	e:fp:flow:ebb0075612c2:port:tcp:23	flow:ebb0075612c2 → port:tcp:23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6411f10800cf3ef5:host:91.240.224.238	SESSION-6411f10800cf3ef5 → host:91.240.224.238
flow_observed5-aryOBS	e:fo:flow:1b3159206e19	flow:1b3159206e19 → host:131.196.30.92 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-586cf5bb6d743be1:host:172.234.197.23:host:177.10.239.114	SESSION-586cf5bb6d743be1 → host:172.234.197.23 → host:177.10.239.114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9d74d897cd43b428:SESSION-9d74d897cd43b428	SESSION-9d74d897cd43b428 → pe:tls:SESSION-9d74d897cd43b428
FLOW_TO_HOSTOBS	e:to:SESSION-14e24a51491967d5:host:172.234.197.23	SESSION-14e24a51491967d5 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:2edaf935b546	flow:2edaf935b546 → host:172.234.197.23 → host:177.10.239.153 → port:tcp:40321
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b0b8b90e300d9c11:PCAP:capture_20260430090001:065659c7d314	SESSION-b0b8b90e300d9c11 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d32ea7105612ce28:host:172.234.197.23:host:131.196.30.59	SESSION-d32ea7105612ce28 → host:172.234.197.23 → host:131.196.30.59
FLOW_TO_HOSTOBS	e:to:SESSION-a437e2422713bf06:host:177.10.236.245	SESSION-a437e2422713bf06 → host:177.10.236.245
FLOW_FROM_HOSTOBS	e:from:SESSION-a390ade8fe745ada:host:131.196.29.233	SESSION-a390ade8fe745ada → host:131.196.29.233
FLOW_DST_PORTOBS	e:fp:flow:72ecfaac0bcc:port:tcp:443	flow:72ecfaac0bcc → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68a45a74f687a5a4:flow:1f974a8deb0f	SESSION-68a45a74f687a5a4 → flow:1f974a8deb0f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ab185a89adee30ab:SESSION-ab185a89adee30ab	SESSION-ab185a89adee30ab → pe:tls:SESSION-ab185a89adee30ab
FLOW_TO_HOSTOBS	e:to:SESSION-c89027ab2a1ddeda:host:172.234.197.23	SESSION-c89027ab2a1ddeda → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b68ed671c67acfd:host:172.234.197.23	SESSION-2b68ed671c67acfd → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f810268e2b18:port:tcp:443	flow:f810268e2b18 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-76b0da8a82e9902a:PCAP:capture_20260430090001:065659c7d314	SESSION-76b0da8a82e9902a → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.245:geo_-16.28860_-49.01640	host:177.10.237.245 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-2ca59997a1fd2235:host:45.173.156.148	SESSION-2ca59997a1fd2235 → host:45.173.156.148
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.136:asn:271410	host:131.196.28.136 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fbe3edafde6a655f:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-fbe3edafde6a655f → PCAP:capture_20260427230001:ca8bd1ce36e2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86f90a53110dcf25:host:177.10.237.28	SESSION-86f90a53110dcf25 → host:177.10.237.28
FLOW_TO_HOSTOBS	e:to:SESSION-96623b45a0a307c2:host:45.173.156.116	SESSION-96623b45a0a307c2 → host:45.173.156.116
FLOW_FROM_HOSTOBS	e:from:SESSION-c2bde5ab088d2882:host:3.112.93.79	SESSION-c2bde5ab088d2882 → host:3.112.93.79
FLOW_DST_PORTOBS	e:fp:flow:96b976c06096:port:tcp:45167	flow:96b976c06096 → port:tcp:45167
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.247:asn:271410	host:131.196.29.247 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e10e261831a1079d:host:177.10.236.186	SESSION-e10e261831a1079d → host:177.10.236.186
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-11a1cfec66708475:flow:b4f400ee5378	SESSION-11a1cfec66708475 → flow:b4f400ee5378
flow_observed5-aryOBS	e:fo:flow:a72e0ef9e58a	flow:a72e0ef9e58a → host:131.196.30.233 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:bb9ff70d845a:port:tcp:443	flow:bb9ff70d845a → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:aae2eedc2eb2:port:tcp:22	flow:aae2eedc2eb2 → port:tcp:22
FLOW_FROM_HOSTOBS	e:from:SESSION-2824f9b79e0fb1f1:host:172.234.197.23	SESSION-2824f9b79e0fb1f1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6010f1ab3b1ee9c7:host:172.234.197.23	SESSION-6010f1ab3b1ee9c7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7a0913a57a803cab:host:177.10.232.157	SESSION-7a0913a57a803cab → host:177.10.232.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-62b98bdaf08d2190:SESSION-62b98bdaf08d2190	SESSION-62b98bdaf08d2190 → pe:syn:SESSION-62b98bdaf08d2190
FLOW_DST_PORTOBS	e:fp:flow:c211def664df:port:tcp:443	flow:c211def664df → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eead59d5c9e2a3d1:host:131.196.31.113	SESSION-eead59d5c9e2a3d1 → host:131.196.31.113
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.226:geo_-16.28860_-49.01640	host:177.10.239.226 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4939a9166796718f:SESSION-4939a9166796718f	SESSION-4939a9166796718f → pe:syn:SESSION-4939a9166796718f
flow_observed4-aryOBS	e:fo:flow:71584c32ac7e	flow:71584c32ac7e → host:172.234.197.23 → host:177.10.239.218 → port:tcp:63473
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.144:asn:262880	host:177.10.239.144 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96eb62897cd314d5:SESSION-96eb62897cd314d5	SESSION-96eb62897cd314d5 → pe:tls:SESSION-96eb62897cd314d5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ef18db4a9eedd9d:PCAP:capture_20260430150001:ded20914761d	SESSION-2ef18db4a9eedd9d → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-388e36b23caa508f:host:131.196.28.145	SESSION-388e36b23caa508f → host:131.196.28.145
flow_observed5-aryOBS	e:fo:flow:3af72bc41bd9	flow:3af72bc41bd9 → host:131.196.29.77 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-de7198c98f7f92ee:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-de7198c98f7f92ee → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8624692ea119f1f3:SESSION-8624692ea119f1f3	SESSION-8624692ea119f1f3 → pe:syn:SESSION-8624692ea119f1f3
FLOW_TO_HOSTOBS	e:to:SESSION-e791e8d702f57f3e:host:177.10.237.18	SESSION-e791e8d702f57f3e → host:177.10.237.18
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-30f00b6e6078f800:flow:cc284845b732	SESSION-30f00b6e6078f800 → flow:cc284845b732
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-62151f99a31dc755:host:172.234.197.23:host:177.10.239.137	SESSION-62151f99a31dc755 → host:172.234.197.23 → host:177.10.239.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-977a7c6dd83aa424:SESSION-977a7c6dd83aa424	SESSION-977a7c6dd83aa424 → pe:tls:SESSION-977a7c6dd83aa424
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-11d5793dfe2c0097:host:177.10.237.172:host:172.234.197.23	SESSION-11d5793dfe2c0097 → host:177.10.237.172 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5c7330336192768:host:172.234.197.23	SESSION-b5c7330336192768 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:0c4bd7089ed1	flow:0c4bd7089ed1 → host:172.234.197.23 → host:131.196.31.98 → port:tcp:48867
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-290c9b11e52fd3ba:SESSION-290c9b11e52fd3ba	SESSION-290c9b11e52fd3ba → pe:syn:SESSION-290c9b11e52fd3ba
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40e0d0b129f437fd:host:172.234.197.23	SESSION-40e0d0b129f437fd → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-81679789c998e700:PCAP:capture_20260430110001:43611bdf6759	SESSION-81679789c998e700 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f3e5ef5a453dff40:host:177.10.238.151:host:172.234.197.23	SESSION-f3e5ef5a453dff40 → host:177.10.238.151 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.165:geo_-16.28860_-49.01640	host:177.10.235.165 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d27008d937f2d8be:SESSION-d27008d937f2d8be	SESSION-d27008d937f2d8be → pe:syn:SESSION-d27008d937f2d8be
FLOW_TO_HOSTOBS	e:to:SESSION-4a3df3a26ac38d69:host:172.234.197.23	SESSION-4a3df3a26ac38d69 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:331ab659ef61:port:tcp:443	flow:331ab659ef61 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8f7fc765f54b5ec:host:172.234.197.23	SESSION-e8f7fc765f54b5ec → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-161fb053b15bb516:host:172.234.197.23	SESSION-161fb053b15bb516 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.104:geo_-16.28860_-49.01640	host:177.10.234.104 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c7b20ceba4f49bfd:SESSION-c7b20ceba4f49bfd	SESSION-c7b20ceba4f49bfd → pe:rst:SESSION-c7b20ceba4f49bfd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07a7172489c9ad9c:host:177.10.232.103	SESSION-07a7172489c9ad9c → host:177.10.232.103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec91eda6d4bd732e:host:172.234.197.23	SESSION-ec91eda6d4bd732e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ad468f8fa72444f5:SESSION-ad468f8fa72444f5	SESSION-ad468f8fa72444f5 → pe:tls:SESSION-ad468f8fa72444f5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.39:geo_-23.62930_-46.63510	host:131.196.28.39 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8d587dd5c581936e:SESSION-8d587dd5c581936e	SESSION-8d587dd5c581936e → pe:tls:SESSION-8d587dd5c581936e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8452ffa75e7fe764:SESSION-8452ffa75e7fe764	SESSION-8452ffa75e7fe764 → pe:syn:SESSION-8452ffa75e7fe764
flow_observed4-aryOBS	e:fo:flow:4f18ab34c3f5	flow:4f18ab34c3f5 → host:172.234.197.23 → host:131.196.29.46 → port:tcp:6170
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ae3419cd71fb8b85:flow:f30fc2973ede	SESSION-ae3419cd71fb8b85 → flow:f30fc2973ede
flow_observed4-aryOBS	e:fo:flow:ac5114e8861b	flow:ac5114e8861b → host:172.234.197.23 → host:177.10.238.160 → port:tcp:27708
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c766f181ead012ae:host:92.112.71.21	SESSION-c766f181ead012ae → host:92.112.71.21
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-74a0cb408b3fb354:SESSION-74a0cb408b3fb354	SESSION-74a0cb408b3fb354 → pe:tls:SESSION-74a0cb408b3fb354
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7a24ae76392ce429:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7a24ae76392ce429 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:935c0ab7e069:port:tcp:443	flow:935c0ab7e069 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dd108cc47984c911:flow:d196788d241e	SESSION-dd108cc47984c911 → flow:d196788d241e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d59ff2f2672e21c:host:177.10.236.161	SESSION-0d59ff2f2672e21c → host:177.10.236.161
FLOW_FROM_HOSTOBS	e:from:SESSION-1129a02e66df3e40:host:131.196.30.252	SESSION-1129a02e66df3e40 → host:131.196.30.252
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-83dd76c193cbd2e0:BSG-DATA_EXFIL-c717db0499e7	SESSION-83dd76c193cbd2e0 → BSG-DATA_EXFIL-c717db0499e7
flow_observed4-aryOBS	e:fo:flow:a1775d39c56b	flow:a1775d39c56b → host:172.234.197.23 → host:131.196.31.27 → port:tcp:28153
FLOW_FROM_HOSTOBS	e:from:SESSION-652478bc70a2d711:host:172.234.197.23	SESSION-652478bc70a2d711 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-41b7279875030e7d:flow:05d2df524e4e	SESSION-41b7279875030e7d → flow:05d2df524e4e
FLOW_TO_HOSTOBS	e:to:SESSION-8a9273620e0aaedc:host:177.10.238.63	SESSION-8a9273620e0aaedc → host:177.10.238.63
FLOW_TO_HOSTOBS	e:to:SESSION-6635e725f15c4a26:host:172.234.197.23	SESSION-6635e725f15c4a26 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d451d20656a7	flow:d451d20656a7 → host:172.234.197.23 → host:177.10.236.57 → port:tcp:5156
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-100c3fd7436ef8f8:PCAP:capture_20260430060001:919b39a74464	SESSION-100c3fd7436ef8f8 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dd108cc47984c911:SESSION-dd108cc47984c911	SESSION-dd108cc47984c911 → pe:syn:SESSION-dd108cc47984c911
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3c8bfb1726ad64d7:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3c8bfb1726ad64d7 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6965561db8b52827:host:172.234.197.23	SESSION-6965561db8b52827 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c4a20638e830:port:tcp:443	flow:c4a20638e830 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ad468f8fa72444f5:flow:b56df08c2f82	SESSION-ad468f8fa72444f5 → flow:b56df08c2f82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a4d237675f94d453:SESSION-a4d237675f94d453	SESSION-a4d237675f94d453 → pe:syn:SESSION-a4d237675f94d453
FLOW_DST_PORTOBS	e:fp:flow:962b552243c1:port:tcp:443	flow:962b552243c1 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:5e5be571de9c:port:tcp:60057	flow:5e5be571de9c → port:tcp:60057
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4baa6f7cc0122cad:host:185.231.226.148:host:172.234.197.23	SESSION-4baa6f7cc0122cad → host:185.231.226.148 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-105866a23abaa0d9:host:45.173.156.21	SESSION-105866a23abaa0d9 → host:45.173.156.21
ASN_IN_ORGOBS 80%	e:ao:asn:8849:org:Melbikomas UAB	asn:8849 → org:Melbikomas UAB
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cfdf42e58546762b:host:172.234.197.23:host:131.196.31.235	SESSION-cfdf42e58546762b → host:172.234.197.23 → host:131.196.31.235
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc0f694a62c9abc8:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-cc0f694a62c9abc8 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-367825c4b1c7c6d4:host:172.234.197.23	SESSION-367825c4b1c7c6d4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f5347add21fd9245:SESSION-f5347add21fd9245	SESSION-f5347add21fd9245 → pe:syn:SESSION-f5347add21fd9245
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.22:asn:262880	host:177.10.232.22 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e0dcae8b099ffa5:host:172.234.197.23	SESSION-9e0dcae8b099ffa5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1be36b841cb9bb38:SESSION-1be36b841cb9bb38	SESSION-1be36b841cb9bb38 → pe:tls:SESSION-1be36b841cb9bb38
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.216:geo_-23.62930_-46.63510	host:131.196.30.216 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-bfc33587dc4bfad3:host:177.10.234.160	SESSION-bfc33587dc4bfad3 → host:177.10.234.160
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-973fc1252d207af1:host:177.10.232.251	SESSION-973fc1252d207af1 → host:177.10.232.251
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4bee67245b0f1ffd:host:78.12.83.235:host:172.234.197.23	SESSION-4bee67245b0f1ffd → host:78.12.83.235 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8693b808e1d6b7d:host:177.10.233.135	SESSION-b8693b808e1d6b7d → host:177.10.233.135
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.250:asn:262880	host:177.10.239.250 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6da60a47e57e7ba3:flow:d724b9218f6c	SESSION-6da60a47e57e7ba3 → flow:d724b9218f6c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a77adff1667c3d1:host:177.10.236.237:host:172.234.197.23	SESSION-0a77adff1667c3d1 → host:177.10.236.237 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:11c7bb2f84e7:port:tcp:443	flow:11c7bb2f84e7 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-16b33dfc60975324:host:5.75.182.251	SESSION-16b33dfc60975324 → host:5.75.182.251
FLOW_DST_PORTOBS	e:fp:flow:32c017fb3195:port:tcp:38916	flow:32c017fb3195 → port:tcp:38916
flow_observed5-aryOBS	e:fo:flow:2d8e7a3e879f	flow:2d8e7a3e879f → host:177.10.232.62 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-168a40fae7c0f56d:host:172.234.197.23	SESSION-168a40fae7c0f56d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e1a13f968b47fc9d:PCAP:capture_20260430110001:43611bdf6759	SESSION-e1a13f968b47fc9d → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02e2db787a51689b:host:131.196.31.32	SESSION-02e2db787a51689b → host:131.196.31.32
FLOW_TO_HOSTOBS	e:to:SESSION-ee5756ac65b5ed68:host:172.234.197.23	SESSION-ee5756ac65b5ed68 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.109:asn:273470	host:45.173.156.109 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0ba40ec67b0f6097:SESSION-0ba40ec67b0f6097	SESSION-0ba40ec67b0f6097 → pe:syn:SESSION-0ba40ec67b0f6097
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c382f6b8063de44f:host:131.196.30.9	SESSION-c382f6b8063de44f → host:131.196.30.9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b82d9882ea505987:SESSION-b82d9882ea505987	SESSION-b82d9882ea505987 → pe:tls:SESSION-b82d9882ea505987
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-406d5e8256fbfc45:host:172.234.197.23	SESSION-406d5e8256fbfc45 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bf473035e2d9:port:tcp:443	flow:bf473035e2d9 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-131cbd262c833b9b:host:177.10.235.253:host:172.234.197.23	SESSION-131cbd262c833b9b → host:177.10.235.253 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2d6a9bd007ca:port:tcp:443	flow:2d6a9bd007ca → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-69461a2f3e15a448:SESSION-69461a2f3e15a448	SESSION-69461a2f3e15a448 → pe:rst:SESSION-69461a2f3e15a448
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e52ff6e3dab6ecf9:flow:b5daea78878e	SESSION-e52ff6e3dab6ecf9 → flow:b5daea78878e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0e3916b0aa19b751:SESSION-0e3916b0aa19b751	SESSION-0e3916b0aa19b751 → pe:tls:SESSION-0e3916b0aa19b751
FLOW_DST_PORTOBS	e:fp:flow:9f0c432ad89d:port:tcp:443	flow:9f0c432ad89d → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-458a0c6775d84d5e:flow:54355afdc05d	SESSION-458a0c6775d84d5e → flow:54355afdc05d
FLOW_FROM_HOSTOBS	e:from:SESSION-948ad6eee5512e98:host:131.196.28.22	SESSION-948ad6eee5512e98 → host:131.196.28.22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cd248be3cf9515b5:SESSION-cd248be3cf9515b5	SESSION-cd248be3cf9515b5 → pe:tls:SESSION-cd248be3cf9515b5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-736a99dd90ae6491:host:131.196.28.216:host:172.234.197.23	SESSION-736a99dd90ae6491 → host:131.196.28.216 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f5d8e8d5ecc4e1f:host:172.234.197.23	SESSION-9f5d8e8d5ecc4e1f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-93cfcdba6a26f550:flow:e5e33f836a64	SESSION-93cfcdba6a26f550 → flow:e5e33f836a64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ea66afd66f329a0:host:131.196.29.144	SESSION-0ea66afd66f329a0 → host:131.196.29.144
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65d181126b4cfd8f:flow:47595b71d3ae	SESSION-65d181126b4cfd8f → flow:47595b71d3ae
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-077a58eb2518fab4:BSG-BEACON-9f226d1d4d6f	SESSION-077a58eb2518fab4 → BSG-BEACON-9f226d1d4d6f
FLOW_FROM_HOSTOBS	e:from:SESSION-b53dcb5377a03d44:host:51.21.249.220	SESSION-b53dcb5377a03d44 → host:51.21.249.220
flow_observed5-aryOBS	e:fo:flow:7bd8690a791a	flow:7bd8690a791a → host:104.28.202.79 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-803b2289978a359c:host:37.221.79.87	SESSION-803b2289978a359c → host:37.221.79.87
FLOW_DST_PORTOBS	e:fp:flow:401c8f0fd65c:port:tcp:443	flow:401c8f0fd65c → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bd66824284de98ed:host:172.234.197.23:host:177.10.233.220	SESSION-bd66824284de98ed → host:172.234.197.23 → host:177.10.233.220
FLOW_FROM_HOSTOBS	e:from:SESSION-4a0e660e7f8fdd6f:host:172.234.197.23	SESSION-4a0e660e7f8fdd6f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f44e90059c2f2195:PCAP:capture_20260430160001:9bfa4498506a	SESSION-f44e90059c2f2195 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fef5e1438bdea640:host:172.234.197.23	SESSION-fef5e1438bdea640 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d0a8864bb9eb:port:tcp:36337	flow:d0a8864bb9eb → port:tcp:36337
FLOW_TO_HOSTOBS	e:to:SESSION-c47a34d160ec21ba:host:172.234.197.23	SESSION-c47a34d160ec21ba → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6d74877df7cdd5d7:host:172.234.197.23	SESSION-6d74877df7cdd5d7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.157:geo_-23.62930_-46.63510	host:131.196.31.157 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cf669240db189a71:SESSION-cf669240db189a71	SESSION-cf669240db189a71 → pe:syn:SESSION-cf669240db189a71
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-40ef48225b459fb9:SESSION-40ef48225b459fb9	SESSION-40ef48225b459fb9 → pe:tls:SESSION-40ef48225b459fb9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d3f99262a1bb3592:flow:639cb22fe98d	SESSION-d3f99262a1bb3592 → flow:639cb22fe98d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74d9117e815e4c77:host:131.196.28.242	SESSION-74d9117e815e4c77 → host:131.196.28.242
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-378aa47dbf901697:host:177.10.232.245:host:172.234.197.23	SESSION-378aa47dbf901697 → host:177.10.232.245 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1b714ce8916a149:host:131.196.29.21	SESSION-b1b714ce8916a149 → host:131.196.29.21
FLOW_TO_HOSTOBS	e:to:SESSION-bfe3e48aa982c746:host:172.234.197.23	SESSION-bfe3e48aa982c746 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-66897d09e7f9757a:host:45.173.156.66:host:172.234.197.23	SESSION-66897d09e7f9757a → host:45.173.156.66 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.218:asn:271410	host:131.196.31.218 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-bdc14171c537b7eb:host:177.10.232.93	SESSION-bdc14171c537b7eb → host:177.10.232.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c47d04961700459f:SESSION-c47d04961700459f	SESSION-c47d04961700459f → pe:tls:SESSION-c47d04961700459f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db62c05acb7f0b0b:host:172.234.197.23	SESSION-db62c05acb7f0b0b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5792429a5c60:port:tcp:443	flow:5792429a5c60 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85f4ab9e3ed21fa2:host:177.10.235.212	SESSION-85f4ab9e3ed21fa2 → host:177.10.235.212
FLOW_TO_HOSTOBS	e:to:SESSION-5792abf3d18d9356:host:172.234.197.23	SESSION-5792abf3d18d9356 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.128:asn:271410	host:131.196.29.128 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-07a584f2a7f89f38:flow:3020ab7bcafc	SESSION-07a584f2a7f89f38 → flow:3020ab7bcafc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fbcf03ac27ad8556:flow:c80293dc61c3	SESSION-fbcf03ac27ad8556 → flow:c80293dc61c3
FLOW_DST_PORTOBS	e:fp:flow:dfde970711eb:port:tcp:443	flow:dfde970711eb → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4002f150bb6dd768:host:177.10.239.24	SESSION-4002f150bb6dd768 → host:177.10.239.24
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0799ff092dfcce41:host:172.234.197.23	SESSION-0799ff092dfcce41 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c7239dbaec89ca2f:host:172.234.197.23	SESSION-c7239dbaec89ca2f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-27b2c896335b5c16:flow:d067f06f7951	SESSION-27b2c896335b5c16 → flow:d067f06f7951
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-76ac71b30f764df7:SESSION-76ac71b30f764df7	SESSION-76ac71b30f764df7 → pe:syn:SESSION-76ac71b30f764df7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6411f10800cf3ef5:host:91.240.224.238:host:172.234.197.23	SESSION-6411f10800cf3ef5 → host:91.240.224.238 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-770902b82fea5ce5:host:177.10.235.75	SESSION-770902b82fea5ce5 → host:177.10.235.75
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-decb8c6a12a4d67a:SESSION-decb8c6a12a4d67a	SESSION-decb8c6a12a4d67a → pe:tls:SESSION-decb8c6a12a4d67a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.19:asn:262880	host:177.10.233.19 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-6e2683c2a1a03e97:host:172.234.197.23	SESSION-6e2683c2a1a03e97 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3617089369b58aaa:host:177.10.232.226	SESSION-3617089369b58aaa → host:177.10.232.226
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e61b886c68594d41:flow:d103874e528f	SESSION-e61b886c68594d41 → flow:d103874e528f
FLOW_FROM_HOSTOBS	e:from:SESSION-42dd33a8e6552b73:host:34.216.30.208	SESSION-42dd33a8e6552b73 → host:34.216.30.208
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d1b2f476de49a99:host:172.234.197.23	SESSION-7d1b2f476de49a99 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bee309b4d5047c7d:host:131.196.29.103	SESSION-bee309b4d5047c7d → host:131.196.29.103
FLOW_TO_HOSTOBS	e:to:SESSION-848ab23bc1105d57:host:172.234.197.23	SESSION-848ab23bc1105d57 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b578cd49b856e8a0:host:45.173.156.77:host:172.234.197.23	SESSION-b578cd49b856e8a0 → host:45.173.156.77 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b420826720a06333:host:177.10.233.185:host:172.234.197.23	SESSION-b420826720a06333 → host:177.10.233.185 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-328b0864666a263b:SESSION-328b0864666a263b	SESSION-328b0864666a263b → pe:tls:SESSION-328b0864666a263b
FLOW_DST_PORTOBS	e:fp:flow:7ebe5ea3bba9:port:tcp:24972	flow:7ebe5ea3bba9 → port:tcp:24972
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-e88ec164d738844a:SESSION-e88ec164d738844a	SESSION-e88ec164d738844a → pe:rst:SESSION-e88ec164d738844a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7f4f84053ddcae3c:flow:71c66bc2bd72	SESSION-7f4f84053ddcae3c → flow:71c66bc2bd72
flow_observed5-aryOBS	e:fo:flow:9796cc5458b7	flow:9796cc5458b7 → host:174.202.97.85 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cfdf430166eb3e5d:host:131.196.31.40:host:172.234.197.23	SESSION-cfdf430166eb3e5d → host:131.196.31.40 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e61b886c68594d41:host:172.234.197.23:host:172.232.0.17	SESSION-e61b886c68594d41 → host:172.234.197.23 → host:172.232.0.17
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-63e207f92d9c898d:host:45.173.156.32:host:172.234.197.23	SESSION-63e207f92d9c898d → host:45.173.156.32 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ddc877c0ed3a64ea:host:172.234.197.23	SESSION-ddc877c0ed3a64ea → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-532708ef58f2707f:host:54.200.68.109	SESSION-532708ef58f2707f → host:54.200.68.109
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-216df7510915a954:PCAP:capture_20260430080001:93f47cc296a4	SESSION-216df7510915a954 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-dca9298136f0125a:host:172.234.197.23	SESSION-dca9298136f0125a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d4fc1e4b458a:port:tcp:28703	flow:d4fc1e4b458a → port:tcp:28703
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f0daf10b890c2667:SESSION-f0daf10b890c2667	SESSION-f0daf10b890c2667 → pe:syn:SESSION-f0daf10b890c2667
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a238538ee50c7862:SESSION-a238538ee50c7862	SESSION-a238538ee50c7862 → pe:syn:SESSION-a238538ee50c7862
FLOW_TO_HOSTOBS	e:to:SESSION-6713221fe5694a6d:host:172.234.197.23	SESSION-6713221fe5694a6d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.74:asn:271410	host:131.196.30.74 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-708abc4c81aa7c60:host:177.10.236.31	SESSION-708abc4c81aa7c60 → host:177.10.236.31
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3109063707c4a5e1:host:131.196.30.188	SESSION-3109063707c4a5e1 → host:131.196.30.188
FLOW_DST_PORTOBS	e:fp:flow:1ad708fe6e05:port:tcp:443	flow:1ad708fe6e05 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:7e8c092f69b8:port:tcp:443	flow:7e8c092f69b8 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:d4fc1e4b458a	flow:d4fc1e4b458a → host:172.234.197.23 → host:177.10.233.231 → port:tcp:28703
flow_observed5-aryOBS	e:fo:flow:0ea601f47c8a	flow:0ea601f47c8a → host:177.10.236.157 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.6:asn:262880	host:177.10.235.6 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-919126906ac50297:PCAP:capture_20260430050001:8868731bf8a4	SESSION-919126906ac50297 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d00c2356d94b56a1:SESSION-d00c2356d94b56a1	SESSION-d00c2356d94b56a1 → pe:tls:SESSION-d00c2356d94b56a1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-206979254a17108f:SESSION-206979254a17108f	SESSION-206979254a17108f → pe:tls:SESSION-206979254a17108f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5004eb3121e0f98:host:172.234.197.23	SESSION-a5004eb3121e0f98 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6af89b3798eaaf52:host:172.234.197.23	SESSION-6af89b3798eaaf52 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:dd71ff03f3cb	flow:dd71ff03f3cb → host:172.234.197.23 → host:131.196.29.22 → port:tcp:19274
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e995e7d6e6aa04f6:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-e995e7d6e6aa04f6 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-90798b7c1b8c7636:SESSION-90798b7c1b8c7636	SESSION-90798b7c1b8c7636 → pe:tls:SESSION-90798b7c1b8c7636
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-12cb447eb42d83b5:flow:c81e53996cf9	SESSION-12cb447eb42d83b5 → flow:c81e53996cf9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-54d5efa8aa8025c4:flow:10758d6a819f	SESSION-54d5efa8aa8025c4 → flow:10758d6a819f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a20ec48656879fce:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a20ec48656879fce → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-03cee9bc49b35179:host:45.173.156.57:host:172.234.197.23	SESSION-03cee9bc49b35179 → host:45.173.156.57 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-066d98dee3275acb:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-066d98dee3275acb → PCAP:capture_20260428000001:7e90c7cb899e
FLOW_DST_PORTOBS	e:fp:flow:0e3ea2ef1c63:port:tcp:443	flow:0e3ea2ef1c63 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9b0c47b1e862acc1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-9b0c47b1e862acc1 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-fa1be017e5052d0a:host:172.234.197.23	SESSION-fa1be017e5052d0a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a108f3a8f652bd55:host:172.234.197.23	SESSION-a108f3a8f652bd55 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d6d47e7b31036f28:host:131.196.28.35	SESSION-d6d47e7b31036f28 → host:131.196.28.35
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1c0e19c2beda7d84:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1c0e19c2beda7d84 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-122d3bc093be76f2:host:131.196.29.226	SESSION-122d3bc093be76f2 → host:131.196.29.226
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2b7cd4519c0a4eb9:host:172.234.197.23:host:177.10.235.12	SESSION-2b7cd4519c0a4eb9 → host:172.234.197.23 → host:177.10.235.12
flow_observed5-aryOBS	e:fo:flow:64abb5157d6d	flow:64abb5157d6d → host:177.10.233.90 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-76fc6cf591b9ed20:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-76fc6cf591b9ed20 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:59f9ac0a020b:port:tcp:443	flow:59f9ac0a020b → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.94:geo_-16.28860_-49.01640	host:177.10.234.94 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c85a65cf2db0ee65:SESSION-c85a65cf2db0ee65	SESSION-c85a65cf2db0ee65 → pe:syn:SESSION-c85a65cf2db0ee65
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-775ba1157917a355:flow:73940bbfeb00	SESSION-775ba1157917a355 → flow:73940bbfeb00
flow_observed4-aryOBS	e:fo:flow:5c24a41a15ce	flow:5c24a41a15ce → host:172.234.197.23 → host:131.196.31.251 → port:tcp:55117
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-36abdcc0889b5aa2:flow:e9f24a0dad4a	SESSION-36abdcc0889b5aa2 → flow:e9f24a0dad4a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68010cf4db790ce8:PCAP:capture_20260428010001:b1b402c7b202	SESSION-68010cf4db790ce8 → PCAP:capture_20260428010001:b1b402c7b202
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.78:asn:271410	host:131.196.31.78 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-69d41e5348c00130:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-69d41e5348c00130 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2c18145c92d838e0:SESSION-2c18145c92d838e0	SESSION-2c18145c92d838e0 → pe:tls:SESSION-2c18145c92d838e0
FLOW_TO_HOSTOBS	e:to:SESSION-d9ef85fb3b83fc71:host:131.196.28.0	SESSION-d9ef85fb3b83fc71 → host:131.196.28.0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9222c19da42c0aaa:host:131.196.30.214	SESSION-9222c19da42c0aaa → host:131.196.30.214
FLOW_DST_PORTOBS	e:fp:flow:fff8d3de1b9c:port:tcp:26643	flow:fff8d3de1b9c → port:tcp:26643
FLOW_FROM_HOSTOBS	e:from:SESSION-77593e2039f5e18a:host:177.10.233.52	SESSION-77593e2039f5e18a → host:177.10.233.52
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab185a89adee30ab:host:172.234.197.23	SESSION-ab185a89adee30ab → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-532708ef58f2707f:host:54.200.68.109:host:172.234.197.23	SESSION-532708ef58f2707f → host:54.200.68.109 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b5a59556c261862d:host:131.196.29.244	SESSION-b5a59556c261862d → host:131.196.29.244
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b203844c0afbb25:flow:2c72d32f2cfc	SESSION-5b203844c0afbb25 → flow:2c72d32f2cfc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c652a29a62d722ea:host:54.91.240.230	SESSION-c652a29a62d722ea → host:54.91.240.230
flow_observed5-aryOBS	e:fo:flow:c9008a9987d9	flow:c9008a9987d9 → host:131.196.31.190 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-5f07a2dad0dfb354:host:172.234.197.23	SESSION-5f07a2dad0dfb354 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5641975097c1:port:tcp:17410	flow:5641975097c1 → port:tcp:17410
FLOW_FROM_HOSTOBS	e:from:SESSION-1cb1824ec0ef0f8a:host:172.234.197.23	SESSION-1cb1824ec0ef0f8a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9c68429e2f7bfcd9:flow:362bd8a9c9ac	SESSION-9c68429e2f7bfcd9 → flow:362bd8a9c9ac
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1980da9de3362b69:host:172.234.197.23	SESSION-1980da9de3362b69 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.21:asn:262880	host:177.10.234.21 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:a88eed846aeb:port:tcp:443	flow:a88eed846aeb → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c4ed0368ffe58f8:host:172.234.197.23	SESSION-6c4ed0368ffe58f8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e484d817f907:port:tcp:443	flow:e484d817f907 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-76cec71360f7a00a:SESSION-76cec71360f7a00a	SESSION-76cec71360f7a00a → pe:syn:SESSION-76cec71360f7a00a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc2833e8abe7ed0a:SESSION-cc2833e8abe7ed0a	SESSION-cc2833e8abe7ed0a → pe:tls:SESSION-cc2833e8abe7ed0a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bd3259577d52904f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-bd3259577d52904f → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-13f8871a9bd8cb8e:PCAP:capture_20260430150001:ded20914761d	SESSION-13f8871a9bd8cb8e → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dc3f24e93e3e0fb3:PCAP:capture_20260430090001:065659c7d314	SESSION-dc3f24e93e3e0fb3 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.51:geo_-16.28860_-49.01640	host:177.10.233.51 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7eeea37688fc574d:SESSION-7eeea37688fc574d	SESSION-7eeea37688fc574d → pe:tls:SESSION-7eeea37688fc574d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2875d034c942a134:host:172.234.197.23	SESSION-2875d034c942a134 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.101:geo_-16.28860_-49.01640	host:177.10.233.101 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:555fbcdc8478	flow:555fbcdc8478 → host:95.170.25.192 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a2a075c2c818644a:SESSION-a2a075c2c818644a	SESSION-a2a075c2c818644a → pe:tls:SESSION-a2a075c2c818644a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4145be500857fbf:SESSION-c4145be500857fbf	SESSION-c4145be500857fbf → pe:tls:SESSION-c4145be500857fbf
FLOW_FROM_HOSTOBS	e:from:SESSION-aae44d6cd669040c:host:172.234.197.23	SESSION-aae44d6cd669040c → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:782656ad87ac	flow:782656ad87ac → host:172.234.197.23 → host:45.173.156.60 → port:tcp:48325
FLOW_FROM_HOSTOBS	e:from:SESSION-32012e3b5048e415:host:131.196.31.83	SESSION-32012e3b5048e415 → host:131.196.31.83
FLOW_FROM_HOSTOBS	e:from:SESSION-160e5a0882acae87:host:172.234.197.23	SESSION-160e5a0882acae87 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2edb1208bb0bd400:host:172.234.197.23	SESSION-2edb1208bb0bd400 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d330bd9c2261:port:tcp:443	flow:d330bd9c2261 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:47767f008320	flow:47767f008320 → host:172.234.197.23 → host:177.10.238.102 → port:tcp:51957
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.26:asn:273470	host:45.173.156.26 → asn:273470
FLOW_DST_PORTOBS	e:fp:flow:e133ec05acd6:port:tcp:443	flow:e133ec05acd6 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.53:asn:262880	host:177.10.238.53 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-391d28a36308a996:SESSION-391d28a36308a996	SESSION-391d28a36308a996 → pe:syn:SESSION-391d28a36308a996
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d44c53e781b5466e:SESSION-d44c53e781b5466e	SESSION-d44c53e781b5466e → pe:syn:SESSION-d44c53e781b5466e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51c60ff5c6e820bd:flow:4f21000eb399	SESSION-51c60ff5c6e820bd → flow:4f21000eb399
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ed59d63ff912d69c:SESSION-ed59d63ff912d69c	SESSION-ed59d63ff912d69c → pe:syn:SESSION-ed59d63ff912d69c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.234:geo_-16.28860_-49.01640	host:177.10.239.234 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:59.24.133.197:asn:4766	host:59.24.133.197 → asn:4766
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f275f56cd4e0d64:host:172.234.197.23	SESSION-3f275f56cd4e0d64 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:84d1886e94c2:port:tcp:26791	flow:84d1886e94c2 → port:tcp:26791
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.205:geo_-16.28860_-49.01640	host:177.10.236.205 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-364513c2995bfd3b:host:131.196.31.174	SESSION-364513c2995bfd3b → host:131.196.31.174
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ee12e96d458a4e4:host:177.10.239.200	SESSION-1ee12e96d458a4e4 → host:177.10.239.200
FLOW_DST_PORTOBS	e:fp:flow:29182df01ffc:port:tcp:4270	flow:29182df01ffc → port:tcp:4270
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ca707063b726bac:SESSION-8ca707063b726bac	SESSION-8ca707063b726bac → pe:tls:SESSION-8ca707063b726bac
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0c7d8b58da7be6c5:flow:7eb0540e2c7f	SESSION-0c7d8b58da7be6c5 → flow:7eb0540e2c7f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8396d269748cb9c:host:172.234.197.23	SESSION-f8396d269748cb9c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ddd0457559a3680:host:131.196.31.226:host:172.234.197.23	SESSION-1ddd0457559a3680 → host:131.196.31.226 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:c81e53996cf9	flow:c81e53996cf9 → host:172.234.197.23 → host:177.10.236.90 → port:tcp:65005
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41f0125815f54041:host:172.234.197.23	SESSION-41f0125815f54041 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ab20216cf3eeb0ee:host:177.10.236.205:host:172.234.197.23	SESSION-ab20216cf3eeb0ee → host:177.10.236.205 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8a3c1d53f1688156:SESSION-8a3c1d53f1688156	SESSION-8a3c1d53f1688156 → pe:tls:SESSION-8a3c1d53f1688156
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39aafc698c61dd93:host:172.234.197.23	SESSION-39aafc698c61dd93 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-acf0f47433b56858:host:172.234.197.23	SESSION-acf0f47433b56858 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b65436b870ef703a:host:172.234.197.23	SESSION-b65436b870ef703a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:334395d16888	flow:334395d16888 → host:177.10.239.150 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:6564d0aa4b14	flow:6564d0aa4b14 → host:177.10.235.218 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:2ed28a4071d9:port:tcp:1727	flow:2ed28a4071d9 → port:tcp:1727
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.19:asn:271410	host:131.196.29.19 → asn:271410
flow_observed5-aryOBS	e:fo:flow:0a874088480d	flow:0a874088480d → host:131.196.30.126 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-527acdf0d3ebbbcc:host:172.234.197.23	SESSION-527acdf0d3ebbbcc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-80c2fbd298f78f5d:host:172.234.197.23	SESSION-80c2fbd298f78f5d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a99ef89e8b00159:host:172.234.197.23	SESSION-3a99ef89e8b00159 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-85ceb858b118c816:SESSION-85ceb858b118c816	SESSION-85ceb858b118c816 → pe:tls:SESSION-85ceb858b118c816
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6c09b181dae043f:host:172.234.197.23	SESSION-d6c09b181dae043f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5fdb408b0b3dd802:host:172.234.197.23	SESSION-5fdb408b0b3dd802 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-79760fcdb710bc7a:PCAP:capture_20260430090001:065659c7d314	SESSION-79760fcdb710bc7a → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-d4e339b9f879a911:host:37.221.79.52	SESSION-d4e339b9f879a911 → host:37.221.79.52
flow_observed5-aryOBS	e:fo:flow:2ba008c1adde	flow:2ba008c1adde → host:37.27.162.26 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-136fe1663b76b4f2:flow:a25ac9fa913a	SESSION-136fe1663b76b4f2 → flow:a25ac9fa913a
FLOW_FROM_HOSTOBS	e:from:SESSION-107eaa9172a242e7:host:177.10.234.192	SESSION-107eaa9172a242e7 → host:177.10.234.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32ae480396f4c201:host:172.234.197.23	SESSION-32ae480396f4c201 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de7198c98f7f92ee:host:172.234.197.23	SESSION-de7198c98f7f92ee → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a8441f04433657ee:host:172.234.197.23	SESSION-a8441f04433657ee → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:149.202.187.73:geo_48.85820_2.33870	host:149.202.187.73 → geo_48.85820_2.33870
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7f3bd7044d582575:SESSION-7f3bd7044d582575	SESSION-7f3bd7044d582575 → pe:syn:SESSION-7f3bd7044d582575
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e49f7df60935172:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-4e49f7df60935172 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1d147c13acfa404:host:45.173.156.164	SESSION-a1d147c13acfa404 → host:45.173.156.164
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ceaacc21db1a34ae:SESSION-ceaacc21db1a34ae	SESSION-ceaacc21db1a34ae → pe:syn:SESSION-ceaacc21db1a34ae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3dc32d1b123f77b5:SESSION-3dc32d1b123f77b5	SESSION-3dc32d1b123f77b5 → pe:syn:SESSION-3dc32d1b123f77b5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-077636b939c69f3b:PCAP:capture_20260428010001:b1b402c7b202	SESSION-077636b939c69f3b → PCAP:capture_20260428010001:b1b402c7b202
FLOW_TO_HOSTOBS	e:to:SESSION-1745753d6a990e0e:host:172.234.197.23	SESSION-1745753d6a990e0e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce047c01fb54580f:host:45.173.156.239	SESSION-ce047c01fb54580f → host:45.173.156.239
FLOW_DST_PORTOBS	e:fp:flow:2c77f1210f93:port:tcp:443	flow:2c77f1210f93 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-77e1145855a55905:host:172.234.197.23	SESSION-77e1145855a55905 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f77ce7a71f03	flow:f77ce7a71f03 → host:131.196.29.201 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.248:geo_-16.28860_-49.01640	host:177.10.236.248 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:2746e9118ab2	flow:2746e9118ab2 → host:131.196.28.95 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-d5aeffc2a4b56ba0:BSG-BEACON-c01588764f49	SESSION-d5aeffc2a4b56ba0 → BSG-BEACON-c01588764f49
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b9ca26e5420bb5bf:flow:2d58321ba87c	SESSION-b9ca26e5420bb5bf → flow:2d58321ba87c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7ff40ca0c390500b:host:34.140.18.6:host:172.234.197.23	SESSION-7ff40ca0c390500b → host:34.140.18.6 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:11c8071bc639	flow:11c8071bc639 → host:172.234.197.23 → host:131.196.29.215 → port:tcp:23628
FLOW_DST_PORTOBS	e:fp:flow:867d546c7ebe:port:tcp:40309	flow:867d546c7ebe → port:tcp:40309
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.49:geo_-16.28860_-49.01640	host:177.10.232.49 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c73d5dfb4b98c8a4:host:172.234.197.23	SESSION-c73d5dfb4b98c8a4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-22bb8f06cde321ca:SESSION-22bb8f06cde321ca	SESSION-22bb8f06cde321ca → pe:tls:SESSION-22bb8f06cde321ca
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3db1c42fb505a2f9:SESSION-3db1c42fb505a2f9	SESSION-3db1c42fb505a2f9 → pe:tls:SESSION-3db1c42fb505a2f9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6bbf6176d0f5e38d:host:177.10.234.154:host:172.234.197.23	SESSION-6bbf6176d0f5e38d → host:177.10.234.154 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4006f2fdc1f3:port:tcp:443	flow:4006f2fdc1f3 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be622897972653aa:host:31.40.196.79:host:172.234.197.23	SESSION-be622897972653aa → host:31.40.196.79 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.138:geo_-23.62930_-46.63510	host:131.196.31.138 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c1640005abec031d:host:43.196.122.133:host:172.234.197.23	SESSION-c1640005abec031d → host:43.196.122.133 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:6263b85fb722	flow:6263b85fb722 → host:172.234.197.23 → host:131.196.31.84 → port:tcp:25765
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d28501729ed200f7:SESSION-d28501729ed200f7	SESSION-d28501729ed200f7 → pe:syn:SESSION-d28501729ed200f7
FLOW_FROM_HOSTOBS	e:from:SESSION-04ab6357fe1e6c0a:host:177.10.232.234	SESSION-04ab6357fe1e6c0a → host:177.10.232.234
FLOW_FROM_HOSTOBS	e:from:SESSION-c76cb7a55699fff8:host:172.234.197.23	SESSION-c76cb7a55699fff8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8d52381659b8aa3f:host:172.234.197.23	SESSION-8d52381659b8aa3f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7661066332b8e82:host:172.234.197.23	SESSION-b7661066332b8e82 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f79e79f663ba44d9:host:131.196.30.20	SESSION-f79e79f663ba44d9 → host:131.196.30.20
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.54:geo_-16.28860_-49.01640	host:177.10.232.54 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5048c6b31ef60c96:SESSION-5048c6b31ef60c96	SESSION-5048c6b31ef60c96 → pe:tls:SESSION-5048c6b31ef60c96
FLOW_FROM_HOSTOBS	e:from:SESSION-e5eab3f22e87eb3f:host:45.173.156.147	SESSION-e5eab3f22e87eb3f → host:45.173.156.147
FLOW_TO_HOSTOBS	e:to:SESSION-6afafa975f8bbed9:host:177.10.234.9	SESSION-6afafa975f8bbed9 → host:177.10.234.9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-355b17fab14031de:flow:fb63bd02d584	SESSION-355b17fab14031de → flow:fb63bd02d584
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bdbc33b564dc3f1f:host:2.57.121.112:host:172.234.197.23	SESSION-bdbc33b564dc3f1f → host:2.57.121.112 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.73:asn:262880	host:177.10.234.73 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4d9a4406bd7b3b41:SESSION-4d9a4406bd7b3b41	SESSION-4d9a4406bd7b3b41 → pe:syn:SESSION-4d9a4406bd7b3b41
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e6b70cce2b53886b:flow:c1e3509c8979	SESSION-e6b70cce2b53886b → flow:c1e3509c8979
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-309223c775254000:host:172.234.197.23:host:172.232.0.16	SESSION-309223c775254000 → host:172.234.197.23 → host:172.232.0.16
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e6238265b6cc9ea0:host:177.10.234.81:host:172.234.197.23	SESSION-e6238265b6cc9ea0 → host:177.10.234.81 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-007ba64cafd5a15c:host:177.10.232.124	SESSION-007ba64cafd5a15c → host:177.10.232.124
FLOW_FROM_HOSTOBS	e:from:SESSION-46631c2a8361f405:host:172.234.197.23	SESSION-46631c2a8361f405 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1f082f9fe3332438:PCAP:capture_20260430090001:065659c7d314	SESSION-1f082f9fe3332438 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:b46fb9b05512	flow:b46fb9b05512 → host:177.10.235.170 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:309e31a0a9a9:port:tcp:443	flow:309e31a0a9a9 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-abf4853d72eba17e:SESSION-abf4853d72eba17e	SESSION-abf4853d72eba17e → pe:syn:SESSION-abf4853d72eba17e
FLOW_FROM_HOSTOBS	e:from:SESSION-4b447e1896cf3c7e:host:177.10.238.157	SESSION-4b447e1896cf3c7e → host:177.10.238.157
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-03f7a565a7cd59d8:flow:6e46b809e37b	SESSION-03f7a565a7cd59d8 → flow:6e46b809e37b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8897ca7200c8655e:host:172.234.197.23	SESSION-8897ca7200c8655e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bce97f10a4a571f4:host:177.10.234.82	SESSION-bce97f10a4a571f4 → host:177.10.234.82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e77787f9a5bab711:SESSION-e77787f9a5bab711	SESSION-e77787f9a5bab711 → pe:syn:SESSION-e77787f9a5bab711
flow_observed5-aryOBS	e:fo:flow:124937f3939e	flow:124937f3939e → host:95.170.25.6 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_DST_PORTOBS	e:fp:flow:9cdd8a130290:port:tcp:443	flow:9cdd8a130290 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a5004eb3121e0f98:SESSION-a5004eb3121e0f98	SESSION-a5004eb3121e0f98 → pe:tls:SESSION-a5004eb3121e0f98
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.166:geo_-16.28860_-49.01640	host:177.10.236.166 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:0d4b5be8f725:port:tcp:443	flow:0d4b5be8f725 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8749b2c626b3f1be:host:172.234.197.23:host:177.10.236.57	SESSION-8749b2c626b3f1be → host:172.234.197.23 → host:177.10.236.57
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1633b12f0e20b97e:flow:f55dc2533c7d	SESSION-1633b12f0e20b97e → flow:f55dc2533c7d
flow_observed5-aryOBS	e:fo:flow:89478ea7795e	flow:89478ea7795e → host:177.10.239.185 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2d3ff3dcf229051b:host:131.196.31.222:host:172.234.197.23	SESSION-2d3ff3dcf229051b → host:131.196.31.222 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c227f10fbea5d546:SESSION-c227f10fbea5d546	SESSION-c227f10fbea5d546 → pe:syn:SESSION-c227f10fbea5d546
flow_observed5-aryOBS	e:fo:flow:d5bb80ec7e3d	flow:d5bb80ec7e3d → host:131.196.30.170 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-d1d74e40d653f073:SESSION-d1d74e40d653f073	SESSION-d1d74e40d653f073 → pe:rst:SESSION-d1d74e40d653f073
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2d19f64abed8cdcd:PCAP:capture_20260430090001:065659c7d314	SESSION-2d19f64abed8cdcd → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-31126205fa7b72e3:host:177.10.239.197	SESSION-31126205fa7b72e3 → host:177.10.239.197
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-537378f36f2f8a26:host:45.173.156.99	SESSION-537378f36f2f8a26 → host:45.173.156.99
FLOW_DST_PORTOBS	e:fp:flow:2fe97f13971f:port:tcp:443	flow:2fe97f13971f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7a11ee5d378ab4f4:SESSION-7a11ee5d378ab4f4	SESSION-7a11ee5d378ab4f4 → pe:syn:SESSION-7a11ee5d378ab4f4
FLOW_DST_PORTOBS	e:fp:flow:7dea48a828dd:port:tcp:443	flow:7dea48a828dd → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-e6238265b6cc9ea0:host:177.10.234.81	SESSION-e6238265b6cc9ea0 → host:177.10.234.81
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-736a99dd90ae6491:PCAP:capture_20260430160001:9bfa4498506a	SESSION-736a99dd90ae6491 → PCAP:capture_20260430160001:9bfa4498506a
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.179:asn:273470	host:45.173.156.179 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-919126906ac50297:host:177.10.233.38	SESSION-919126906ac50297 → host:177.10.233.38
FLOW_DST_PORTOBS	e:fp:flow:51883b5f936b:port:tcp:443	flow:51883b5f936b → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:05da84aac06b	flow:05da84aac06b → host:177.10.238.249 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f30fa3bd65a965fa:host:177.10.236.209	SESSION-f30fa3bd65a965fa → host:177.10.236.209
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-accb56e5453b3fbd:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-accb56e5453b3fbd → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cf7009921f0152ab:host:131.196.28.148:host:172.234.197.23	SESSION-cf7009921f0152ab → host:131.196.28.148 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-92922842b80104c6:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-92922842b80104c6 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a9915da62b53f74:host:131.196.29.138	SESSION-5a9915da62b53f74 → host:131.196.29.138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0485e2f41480d0ab:host:172.234.197.23	SESSION-0485e2f41480d0ab → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.214:asn:271410	host:131.196.28.214 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-da3b2b353303e8e1:PCAP:capture_20260430090001:065659c7d314	SESSION-da3b2b353303e8e1 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.4:geo_-16.28860_-49.01640	host:177.10.239.4 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-09c0e42aa6120a11:host:37.27.162.26:host:172.234.197.23	SESSION-09c0e42aa6120a11 → host:37.27.162.26 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d58cfad877959bea:host:45.173.156.90	SESSION-d58cfad877959bea → host:45.173.156.90
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-324b6311c2d003f7:flow:03a23d7be674	SESSION-324b6311c2d003f7 → flow:03a23d7be674
FLOW_DST_PORTOBS	e:fp:flow:b2c833b1ef62:port:tcp:443	flow:b2c833b1ef62 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:e5fed5a187d0	flow:e5fed5a187d0 → host:177.10.235.215 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:3f3bc7b7f0bc	flow:3f3bc7b7f0bc → host:177.10.234.250 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-69c66b3db447dca1:host:177.10.234.15:host:172.234.197.23	SESSION-69c66b3db447dca1 → host:177.10.234.15 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be374c360242db8a:PCAP:capture_20260430060001:919b39a74464	SESSION-be374c360242db8a → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-98083f958ccf36d4:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-98083f958ccf36d4 → PCAP:capture_20260428000001:7e90c7cb899e
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.170:asn:271410	host:131.196.28.170 → asn:271410
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-9a8c913718f2ecd3:BSG-BEACON-e07f4250263f	SESSION-9a8c913718f2ecd3 → BSG-BEACON-e07f4250263f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2af2d979895f4943:host:172.234.197.23	SESSION-2af2d979895f4943 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-378aa47dbf901697:SESSION-378aa47dbf901697	SESSION-378aa47dbf901697 → pe:tls:SESSION-378aa47dbf901697
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-456e62c8b4b103dc:host:177.10.235.46:host:172.234.197.23	SESSION-456e62c8b4b103dc → host:177.10.235.46 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:6a8aa8884777	flow:6a8aa8884777 → host:172.234.197.23 → host:131.196.31.127 → port:tcp:60638
FLOW_DST_PORTOBS	e:fp:flow:06b5920360d2:port:tcp:443	flow:06b5920360d2 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.2:asn:271410	host:131.196.28.2 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2139588c74105d1b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-2139588c74105d1b → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.176:geo_-16.28860_-49.01640	host:177.10.239.176 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-606a9e702080ed7e:host:172.234.197.23	SESSION-606a9e702080ed7e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3e5a346c4f0315a5:PCAP:capture_20260430060001:919b39a74464	SESSION-3e5a346c4f0315a5 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-230e735532621bd7:host:45.173.156.31	SESSION-230e735532621bd7 → host:45.173.156.31
FLOW_FROM_HOSTOBS	e:from:SESSION-2117b91b7562ba94:host:172.234.197.23	SESSION-2117b91b7562ba94 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.63:geo_-16.28860_-49.01640	host:177.10.234.63 → geo_-16.28860_-49.01640
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-eadf7b6ccdd54c7f:BSG-BEACON-ddcd58bdc4dc	SESSION-eadf7b6ccdd54c7f → BSG-BEACON-ddcd58bdc4dc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-381a570e386b12a2:SESSION-381a570e386b12a2	SESSION-381a570e386b12a2 → pe:tls:SESSION-381a570e386b12a2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0cb5698f1d5957a:host:172.234.197.23	SESSION-c0cb5698f1d5957a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-744a603206d06e24:flow:6cd807157248	SESSION-744a603206d06e24 → flow:6cd807157248
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5a59556c261862d:host:172.234.197.23	SESSION-b5a59556c261862d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bc3cb32f8be8837a:SESSION-bc3cb32f8be8837a	SESSION-bc3cb32f8be8837a → pe:tls:SESSION-bc3cb32f8be8837a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-996af5414634114f:host:172.234.197.23	SESSION-996af5414634114f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2f997fef874b1b1e:PCAP:capture_20260430050001:8868731bf8a4	SESSION-2f997fef874b1b1e → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:b46fb9b05512:port:tcp:443	flow:b46fb9b05512 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:4467f1177f09	flow:4467f1177f09 → host:177.10.234.212 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-59a5b7880376a89f:SESSION-59a5b7880376a89f	SESSION-59a5b7880376a89f → pe:rst:SESSION-59a5b7880376a89f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d04c60e569cc19ba:host:177.10.237.83	SESSION-d04c60e569cc19ba → host:177.10.237.83
FLOW_TO_HOSTOBS	e:to:SESSION-3675340578297917:host:131.196.28.205	SESSION-3675340578297917 → host:131.196.28.205
flow_observed5-aryOBS	e:fo:flow:c06bd4f04746	flow:c06bd4f04746 → host:131.196.28.50 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.249:geo_-16.28860_-49.01640	host:177.10.232.249 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5eb3b0eaf7de1b7d:flow:d91049f8faa7	SESSION-5eb3b0eaf7de1b7d → flow:d91049f8faa7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.225:geo_-23.62930_-46.63510	host:131.196.29.225 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.139:geo_-16.28860_-49.01640	host:177.10.239.139 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-4a5d297f882a3348:host:172.234.197.23	SESSION-4a5d297f882a3348 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.163:asn:271410	host:131.196.31.163 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-09a6e49240d11692:host:172.234.197.23:host:45.173.156.51	SESSION-09a6e49240d11692 → host:172.234.197.23 → host:45.173.156.51
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.96:geo_41.02140_28.99480	host:31.40.196.96 → geo_41.02140_28.99480
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b51b74891d2de4c5:host:172.234.197.23:host:177.10.234.239	SESSION-b51b74891d2de4c5 → host:172.234.197.23 → host:177.10.234.239
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf997a1aac5d0ef1:flow:47c2f2779cfc	SESSION-bf997a1aac5d0ef1 → flow:47c2f2779cfc
FLOW_DST_PORTOBS	e:fp:flow:3122f5c62a02:port:tcp:443	flow:3122f5c62a02 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4bb4f425427d3bee:SESSION-4bb4f425427d3bee	SESSION-4bb4f425427d3bee → pe:tls:SESSION-4bb4f425427d3bee
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-73ad5b34385541ce:SESSION-73ad5b34385541ce	SESSION-73ad5b34385541ce → pe:tls:SESSION-73ad5b34385541ce
flow_observed4-aryOBS	e:fo:flow:5015886c6c7c	flow:5015886c6c7c → host:172.234.197.23 → host:177.10.239.255 → port:tcp:46059
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8c54e8a5253d053d:host:172.234.197.23:host:177.10.235.169	SESSION-8c54e8a5253d053d → host:172.234.197.23 → host:177.10.235.169
FLOW_DST_PORTOBS	e:fp:flow:0203a7b3c078:port:tcp:50844	flow:0203a7b3c078 → port:tcp:50844
FLOW_DST_PORTOBS	e:fp:flow:32a84ee85b0b:port:tcp:443	flow:32a84ee85b0b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3417e991c57bd21:host:177.10.234.162	SESSION-a3417e991c57bd21 → host:177.10.234.162
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81dd4006fe67ac3f:host:18.175.215.247	SESSION-81dd4006fe67ac3f → host:18.175.215.247
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4ecf1376a54312e6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4ecf1376a54312e6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0e52442a00447444:SESSION-0e52442a00447444	SESSION-0e52442a00447444 → pe:tls:SESSION-0e52442a00447444
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e57fbe39684f8bc8:host:177.10.236.108:host:172.234.197.23	SESSION-e57fbe39684f8bc8 → host:177.10.236.108 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5d9ac96edb9e:port:tcp:443	flow:5d9ac96edb9e → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-89c3cc1547edab47:BSG-BEACON-e07f4250263f	SESSION-89c3cc1547edab47 → BSG-BEACON-e07f4250263f
FLOW_TO_HOSTOBS	e:to:SESSION-01d7e8e7f6d6f55b:host:172.234.197.23	SESSION-01d7e8e7f6d6f55b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-08a40451c9cdc962:SESSION-08a40451c9cdc962	SESSION-08a40451c9cdc962 → pe:tls:SESSION-08a40451c9cdc962
flow_observed5-aryOBS	e:fo:flow:6774651fbdd3	flow:6774651fbdd3 → host:177.10.234.103 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ce76d6af7b7d93f:host:177.10.234.188	SESSION-1ce76d6af7b7d93f → host:177.10.234.188
FLOW_TO_HOSTOBS	e:to:SESSION-e280ba6e8e483a35:host:172.234.197.23	SESSION-e280ba6e8e483a35 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e6b70cce2b53886b:host:177.10.239.224	SESSION-e6b70cce2b53886b → host:177.10.239.224
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35910be85c736a39:host:172.234.197.23	SESSION-35910be85c736a39 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0948a596b6903965:host:172.234.197.23	SESSION-0948a596b6903965 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.8:geo_-16.28860_-49.01640	host:177.10.236.8 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2963f6e37ebf1d0d:host:172.234.197.23	SESSION-2963f6e37ebf1d0d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0371abab0ef43e73:host:172.234.197.23	SESSION-0371abab0ef43e73 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-213b6cb7e75b87f2:host:172.234.197.23	SESSION-213b6cb7e75b87f2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:81873425f8e1:port:tcp:443	flow:81873425f8e1 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.77:asn:271410	host:131.196.29.77 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5de3ca130be8f6d5:host:172.234.197.23	SESSION-5de3ca130be8f6d5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b4d5ec492dcde12c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b4d5ec492dcde12c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-f910dce05c4c16f4:host:177.10.235.227	SESSION-f910dce05c4c16f4 → host:177.10.235.227
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d58e8fad9dafe114:host:172.234.197.23	SESSION-d58e8fad9dafe114 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5cb36fee7e75b97b:SESSION-5cb36fee7e75b97b	SESSION-5cb36fee7e75b97b → pe:tls:SESSION-5cb36fee7e75b97b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c82cc9c39e4191e7:SESSION-c82cc9c39e4191e7	SESSION-c82cc9c39e4191e7 → pe:tls:SESSION-c82cc9c39e4191e7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaf5b03036efa5c6:host:185.231.226.223	SESSION-eaf5b03036efa5c6 → host:185.231.226.223
flow_observed5-aryOBS	e:fo:flow:89234f33732b	flow:89234f33732b → host:131.196.29.182 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.94:asn:262880	host:177.10.236.94 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2289078120ff48cc:PCAP:capture_20260430110001:43611bdf6759	SESSION-2289078120ff48cc → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-13906a0b4b02de94:host:37.221.79.63	SESSION-13906a0b4b02de94 → host:37.221.79.63
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69ca44a412c8d221:host:172.234.197.23	SESSION-69ca44a412c8d221 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6c65188d7893:port:tcp:14178	flow:6c65188d7893 → port:tcp:14178
FLOW_TO_HOSTOBS	e:to:SESSION-44a6b99289a2f8de:host:172.234.197.23	SESSION-44a6b99289a2f8de → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.37:geo_-23.62930_-46.63510	host:131.196.31.37 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-82093c184ece9713:PCAP:capture_20260430160001:9bfa4498506a	SESSION-82093c184ece9713 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-206979254a17108f:host:177.10.239.191	SESSION-206979254a17108f → host:177.10.239.191
FLOW_DST_PORTOBS	e:fp:flow:eeee15d6a3f1:port:tcp:6886	flow:eeee15d6a3f1 → port:tcp:6886
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e652971bc7c2d2d5:PCAP:capture_20260430150001:ded20914761d	SESSION-e652971bc7c2d2d5 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:3c78e4fa9a53:port:tcp:443	flow:3c78e4fa9a53 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b654d700a53d4a94:SESSION-b654d700a53d4a94	SESSION-b654d700a53d4a94 → pe:syn:SESSION-b654d700a53d4a94
FLOW_TO_HOSTOBS	e:to:SESSION-3560085925cb3717:host:172.234.197.23	SESSION-3560085925cb3717 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d6e7d46ad1b0c983:SESSION-d6e7d46ad1b0c983	SESSION-d6e7d46ad1b0c983 → pe:tls:SESSION-d6e7d46ad1b0c983
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1a7a1da766d51711:PCAP:capture_20260430060001:919b39a74464	SESSION-1a7a1da766d51711 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-843bbb86e5601bd5:host:172.234.197.23	SESSION-843bbb86e5601bd5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aab54ece2b0af0b4:host:177.10.237.114:host:172.234.197.23	SESSION-aab54ece2b0af0b4 → host:177.10.237.114 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:356dc5b46539	flow:356dc5b46539 → host:172.234.197.23 → host:177.10.234.140 → port:tcp:25979
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f73bbd477b19c775:flow:17b4483c0fea	SESSION-f73bbd477b19c775 → flow:17b4483c0fea
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d24a424002821105:host:131.196.31.136	SESSION-d24a424002821105 → host:131.196.31.136
FLOW_DST_PORTOBS	e:fp:flow:a154865920f4:port:tcp:443	flow:a154865920f4 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.108:asn:262880	host:177.10.233.108 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fdee4339c7caabb6:SESSION-fdee4339c7caabb6	SESSION-fdee4339c7caabb6 → pe:tls:SESSION-fdee4339c7caabb6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34d820c66fac079b:host:177.10.239.255	SESSION-34d820c66fac079b → host:177.10.239.255
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf343490b1b7ef49:PCAP:capture_20260430160001:9bfa4498506a	SESSION-bf343490b1b7ef49 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8e3933798ce80a4c:flow:bcafed8ac50c	SESSION-8e3933798ce80a4c → flow:bcafed8ac50c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77755e4fda54087c:flow:9fabf4659f5f	SESSION-77755e4fda54087c → flow:9fabf4659f5f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fe84550c6b54c988:flow:66affa9e115f	SESSION-fe84550c6b54c988 → flow:66affa9e115f
FLOW_TO_HOSTOBS	e:to:SESSION-5c83cde1dbe634e7:host:172.234.197.23	SESSION-5c83cde1dbe634e7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a519ad2ae4c53179:host:177.10.233.76:host:172.234.197.23	SESSION-a519ad2ae4c53179 → host:177.10.233.76 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-192cf58c18726bf1:flow:563f5b886e49	SESSION-192cf58c18726bf1 → flow:563f5b886e49
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6cbb8d1d16f40477:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6cbb8d1d16f40477 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3982f1a8e532b400:host:95.170.25.243:host:172.234.197.23	SESSION-3982f1a8e532b400 → host:95.170.25.243 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c4d285e0a09c2a4:host:172.234.197.23	SESSION-2c4d285e0a09c2a4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f3cf945d3d1ddd41:host:177.10.236.86:host:172.234.197.23	SESSION-f3cf945d3d1ddd41 → host:177.10.236.86 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b07a5e743a2061fa:host:172.234.197.23	SESSION-b07a5e743a2061fa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8f7fc765f54b5ec:host:131.196.29.4	SESSION-e8f7fc765f54b5ec → host:131.196.29.4
FLOW_DST_PORTOBS	e:fp:flow:bbe9e2d3420e:port:tcp:2932	flow:bbe9e2d3420e → port:tcp:2932
FLOW_TO_HOSTOBS	e:to:SESSION-79f857f82eac6daa:host:172.234.197.23	SESSION-79f857f82eac6daa → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9ed5696d63c7b154:host:172.234.197.23:host:131.196.30.196	SESSION-9ed5696d63c7b154 → host:172.234.197.23 → host:131.196.30.196
FLOW_FROM_HOSTOBS	e:from:SESSION-92cb25b3a2aea70a:host:172.234.197.23	SESSION-92cb25b3a2aea70a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0125cea84e0c02fd:SESSION-0125cea84e0c02fd	SESSION-0125cea84e0c02fd → pe:tls:SESSION-0125cea84e0c02fd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2c00c77bcbb5602:host:172.234.197.23	SESSION-f2c00c77bcbb5602 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5a277796632a248:host:172.234.197.23	SESSION-b5a277796632a248 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-500747aefaa736d2:host:172.234.197.23	SESSION-500747aefaa736d2 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-a0605f48b345a3ed:BSG-BEACON-0731e82139b7	SESSION-a0605f48b345a3ed → BSG-BEACON-0731e82139b7
flow_observed5-aryOBS	e:fo:flow:44762f5cbd02	flow:44762f5cbd02 → host:177.10.234.179 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37617ebce6c7f9ac:flow:d8c9b51009f5	SESSION-37617ebce6c7f9ac → flow:d8c9b51009f5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a846b5687af75eeb:host:131.196.29.91:host:172.234.197.23	SESSION-a846b5687af75eeb → host:131.196.29.91 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.41:geo_-16.28860_-49.01640	host:177.10.237.41 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-86feda8665cc2010:SESSION-86feda8665cc2010	SESSION-86feda8665cc2010 → pe:tls:SESSION-86feda8665cc2010
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-465906ddd8becee4:host:172.234.197.23	SESSION-465906ddd8becee4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-33075a11d7099c2b:host:131.196.29.140:host:172.234.197.23	SESSION-33075a11d7099c2b → host:131.196.29.140 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4503d5677d79139:host:177.10.237.138	SESSION-c4503d5677d79139 → host:177.10.237.138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-af13e3f1012247aa:host:177.10.235.64	SESSION-af13e3f1012247aa → host:177.10.235.64
flow_observed4-aryOBS	e:fo:flow:a3a569e5aede	flow:a3a569e5aede → host:172.234.197.23 → host:177.10.232.2 → port:tcp:61680
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-62458b132c4d6b0d:SESSION-62458b132c4d6b0d	SESSION-62458b132c4d6b0d → pe:tls:SESSION-62458b132c4d6b0d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3676532bb2f3ac59:host:172.234.197.23	SESSION-3676532bb2f3ac59 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0bf80193393b0fad:host:172.234.197.23	SESSION-0bf80193393b0fad → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5bec9c6872f5835:SESSION-b5bec9c6872f5835	SESSION-b5bec9c6872f5835 → pe:syn:SESSION-b5bec9c6872f5835
FLOW_TO_HOSTOBS	e:to:SESSION-7ff9648a7e097bde:host:172.234.197.23	SESSION-7ff9648a7e097bde → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a27690ff20574d25:SESSION-a27690ff20574d25	SESSION-a27690ff20574d25 → pe:syn:SESSION-a27690ff20574d25
FLOW_DST_PORTOBS	e:fp:flow:23f7091bd6a9:port:tcp:443	flow:23f7091bd6a9 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-16a7442acd9adfae:host:172.234.197.23	SESSION-16a7442acd9adfae → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3524905b33baacd0:host:172.234.197.23	SESSION-3524905b33baacd0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e61eb47c134600b1:PCAP:capture_20260430090001:065659c7d314	SESSION-e61eb47c134600b1 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a9d7ef6e96dbb9c5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a9d7ef6e96dbb9c5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6d6cedb2de1ad8d:host:172.234.197.23	SESSION-d6d6cedb2de1ad8d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5167ceabb03264f1:host:172.234.197.23	SESSION-5167ceabb03264f1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa0381bae4f9498b:SESSION-aa0381bae4f9498b	SESSION-aa0381bae4f9498b → pe:syn:SESSION-aa0381bae4f9498b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9466cbe9e9dd26aa:SESSION-9466cbe9e9dd26aa	SESSION-9466cbe9e9dd26aa → pe:syn:SESSION-9466cbe9e9dd26aa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-928f584a0bc46099:SESSION-928f584a0bc46099	SESSION-928f584a0bc46099 → pe:syn:SESSION-928f584a0bc46099
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.141:asn:262880	host:177.10.236.141 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e0a730d87d8b98f3:host:172.234.197.23	SESSION-e0a730d87d8b98f3 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:3cfdba58cb5b	flow:3cfdba58cb5b → host:172.234.197.23 → host:177.10.235.192 → port:tcp:48959
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9e1cb285535c63d0:host:177.10.233.228:host:172.234.197.23	SESSION-9e1cb285535c63d0 → host:177.10.233.228 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5fd776fee1455ee3:host:172.234.197.23	SESSION-5fd776fee1455ee3 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-60dab6a51248be22:host:131.196.28.209	SESSION-60dab6a51248be22 → host:131.196.28.209
FLOW_DST_PORTOBS	e:fp:flow:074dd4a6e3c7:port:tcp:443	flow:074dd4a6e3c7 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3056fcd37df4e63f:host:172.234.197.23	SESSION-3056fcd37df4e63f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d5407005cb310ce8:host:172.234.197.23	SESSION-d5407005cb310ce8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0cf49defbe006f77:host:45.173.156.84	SESSION-0cf49defbe006f77 → host:45.173.156.84
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bce308e5c94583d6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-bce308e5c94583d6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-403d8f142c86493c:SESSION-403d8f142c86493c	SESSION-403d8f142c86493c → pe:tls:SESSION-403d8f142c86493c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-4ef3ba231e3ca4d6:SESSION-4ef3ba231e3ca4d6	SESSION-4ef3ba231e3ca4d6 → pe:rst:SESSION-4ef3ba231e3ca4d6
FLOW_TO_HOSTOBS	e:to:SESSION-acae490ef1211ca7:host:172.234.197.23	SESSION-acae490ef1211ca7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66746867faa9cf3c:host:172.234.197.23	SESSION-66746867faa9cf3c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5626602f012a6e70:host:177.10.236.230	SESSION-5626602f012a6e70 → host:177.10.236.230
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5bec9c6872f5835:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b5bec9c6872f5835 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:83d4b6376697:port:tcp:443	flow:83d4b6376697 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-75251a40e4bc6a46:host:172.234.197.23	SESSION-75251a40e4bc6a46 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b4020db38e68a457:flow:34b053eab7a8	SESSION-b4020db38e68a457 → flow:34b053eab7a8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-141e3c6c8d153d1d:SESSION-141e3c6c8d153d1d	SESSION-141e3c6c8d153d1d → pe:syn:SESSION-141e3c6c8d153d1d
FLOW_FROM_HOSTOBS	e:from:SESSION-e700dd1746307a02:host:177.10.239.78	SESSION-e700dd1746307a02 → host:177.10.239.78
FLOW_DST_PORTOBS	e:fp:flow:dc40f257c300:port:tcp:443	flow:dc40f257c300 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-e77bd841354043c4:host:172.234.197.23	SESSION-e77bd841354043c4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2887c6ee2de14ac9:host:131.196.29.175	SESSION-2887c6ee2de14ac9 → host:131.196.29.175
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7cf4eefda54138cc:SESSION-7cf4eefda54138cc	SESSION-7cf4eefda54138cc → pe:syn:SESSION-7cf4eefda54138cc
FLOW_TO_HOSTOBS	e:to:SESSION-324907e130151d7d:host:172.234.197.23	SESSION-324907e130151d7d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a6b762e1d0d174fb:SESSION-a6b762e1d0d174fb	SESSION-a6b762e1d0d174fb → pe:syn:SESSION-a6b762e1d0d174fb
FLOW_TO_HOSTOBS	e:to:SESSION-7ff40ca0c390500b:host:172.234.197.23	SESSION-7ff40ca0c390500b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b9e2dc825daf	flow:b9e2dc825daf → host:45.173.156.51 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-954e70596a40db71:SESSION-954e70596a40db71	SESSION-954e70596a40db71 → pe:syn:SESSION-954e70596a40db71
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ccb8c7743352cfdc:PCAP:capture_20260430150001:ded20914761d	SESSION-ccb8c7743352cfdc → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-bac5dc0e18d2349f:SESSION-bac5dc0e18d2349f	SESSION-bac5dc0e18d2349f → pe:rst:SESSION-bac5dc0e18d2349f
flow_observed4-aryOBS	e:fo:flow:66d3f8b0f2a7	flow:66d3f8b0f2a7 → host:172.234.197.23 → host:177.10.238.28 → port:tcp:29298
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b63214403b2d20c7:flow:a7d77fe955ab	SESSION-b63214403b2d20c7 → flow:a7d77fe955ab
FLOW_FROM_HOSTOBS	e:from:SESSION-71cb82af8f37b35d:host:199.16.157.181	SESSION-71cb82af8f37b35d → host:199.16.157.181
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d7aef03828b51e64:SESSION-d7aef03828b51e64	SESSION-d7aef03828b51e64 → pe:tls:SESSION-d7aef03828b51e64
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1d74e40d653f073:flow:df9b8944cbe1	SESSION-d1d74e40d653f073 → flow:df9b8944cbe1
FLOW_TO_HOSTOBS	e:to:SESSION-ca59b4a9ab5138ce:host:172.234.197.23	SESSION-ca59b4a9ab5138ce → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:133dcdd96d63	flow:133dcdd96d63 → host:177.10.236.240 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-8739e7552ccb5cc0:host:177.10.234.194	SESSION-8739e7552ccb5cc0 → host:177.10.234.194
FLOW_FROM_HOSTOBS	e:from:SESSION-f6ad5e06ec5a3a76:host:177.10.238.41	SESSION-f6ad5e06ec5a3a76 → host:177.10.238.41
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b99a2a75b4ae9e98:host:131.196.30.230	SESSION-b99a2a75b4ae9e98 → host:131.196.30.230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-01ac49b549a49417:SESSION-01ac49b549a49417	SESSION-01ac49b549a49417 → pe:tls:SESSION-01ac49b549a49417
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fab752fe97090e4a:SESSION-fab752fe97090e4a	SESSION-fab752fe97090e4a → pe:tls:SESSION-fab752fe97090e4a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ae8076186321ef8:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8ae8076186321ef8 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:86e4868e6941	flow:86e4868e6941 → host:177.10.239.68 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-d2ed4131e5585f31:host:172.234.197.23	SESSION-d2ed4131e5585f31 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c977b8f3627ab3c3:SESSION-c977b8f3627ab3c3	SESSION-c977b8f3627ab3c3 → pe:syn:SESSION-c977b8f3627ab3c3
FLOW_DST_PORTOBS	e:fp:flow:6542cea94835:port:tcp:31572	flow:6542cea94835 → port:tcp:31572
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bb0c069bf1f40e5a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-bb0c069bf1f40e5a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:54db2b5d922b:port:tcp:443	flow:54db2b5d922b → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9494583da7ce1d88:host:131.196.29.105:host:172.234.197.23	SESSION-9494583da7ce1d88 → host:131.196.29.105 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62458b132c4d6b0d:host:172.234.197.23	SESSION-62458b132c4d6b0d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9bc5f3d34b7b8244:SESSION-9bc5f3d34b7b8244	SESSION-9bc5f3d34b7b8244 → pe:tls:SESSION-9bc5f3d34b7b8244
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-66746867faa9cf3c:SESSION-66746867faa9cf3c	SESSION-66746867faa9cf3c → pe:syn:SESSION-66746867faa9cf3c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.87:geo_-16.28860_-49.01640	host:177.10.233.87 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6966225f20017b9e:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6966225f20017b9e → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.216:geo_-16.28860_-49.01640	host:177.10.237.216 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44593e1f87cfdd92:host:172.234.197.23	SESSION-44593e1f87cfdd92 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-200a4f7a7e5b3996:SESSION-200a4f7a7e5b3996	SESSION-200a4f7a7e5b3996 → pe:tls:SESSION-200a4f7a7e5b3996
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-48de9f7b9a5a464c:host:177.10.234.210:host:172.234.197.23	SESSION-48de9f7b9a5a464c → host:177.10.234.210 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e7af3e500f20cf8:host:172.234.197.23	SESSION-4e7af3e500f20cf8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fdca441bb1b3810b:SESSION-fdca441bb1b3810b	SESSION-fdca441bb1b3810b → pe:syn:SESSION-fdca441bb1b3810b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d741000864bcf81f:SESSION-d741000864bcf81f	SESSION-d741000864bcf81f → pe:tls:SESSION-d741000864bcf81f
FLOW_DST_PORTOBS	e:fp:flow:78fa7f111390:port:tcp:443	flow:78fa7f111390 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6a936b4b3a73fb0c:PCAP:capture_20260430060001:919b39a74464	SESSION-6a936b4b3a73fb0c → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be67080b9ae14b48:PCAP:capture_20260430150001:ded20914761d	SESSION-be67080b9ae14b48 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-06ad44a538684c23:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-06ad44a538684c23 → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.196:asn:262880	host:177.10.236.196 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.34:asn:203771	host:95.170.25.34 → asn:203771
FLOW_FROM_HOSTOBS	e:from:SESSION-003677474853cb22:host:177.10.232.148	SESSION-003677474853cb22 → host:177.10.232.148
FLOW_DST_PORTOBS	e:fp:flow:4a61bb84d464:port:tcp:443	flow:4a61bb84d464 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-56476ce9df92fd09:flow:3b689cdb82ed	SESSION-56476ce9df92fd09 → flow:3b689cdb82ed
flow_observed5-aryOBS	e:fo:flow:3c63108e4ee7	flow:3c63108e4ee7 → host:131.196.31.105 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:a8bcd235a333	flow:a8bcd235a333 → host:172.234.197.23 → host:177.10.238.79 → port:tcp:44651
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-586cf5bb6d743be1:host:172.234.197.23	SESSION-586cf5bb6d743be1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fea0326f1ddbdfc:host:177.10.234.115	SESSION-7fea0326f1ddbdfc → host:177.10.234.115
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-89c2fe6aad8232be:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-89c2fe6aad8232be → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-c4437969c398261c:host:177.10.239.51	SESSION-c4437969c398261c → host:177.10.239.51
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2560fc1185e4e3e7:host:45.173.156.202	SESSION-2560fc1185e4e3e7 → host:45.173.156.202
flow_observed5-aryOBS	e:fo:flow:f8430a3f1b8e	flow:f8430a3f1b8e → host:177.10.237.153 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-eb8a27373acd6451:host:131.196.30.197	SESSION-eb8a27373acd6451 → host:131.196.30.197
FLOW_DST_PORTOBS	e:fp:flow:cb549d83e833:port:tcp:2183	flow:cb549d83e833 → port:tcp:2183
flow_observed5-aryOBS	e:fo:flow:5972bd93e84b	flow:5972bd93e84b → host:177.10.232.103 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e44d3b0a0ee22cd6:flow:3fd84d52a8b0	SESSION-e44d3b0a0ee22cd6 → flow:3fd84d52a8b0
FLOW_DST_PORTOBS	e:fp:flow:46ce982f7e4b:port:tcp:443	flow:46ce982f7e4b → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-acf0f47433b56858:flow:4b4d3205861f	SESSION-acf0f47433b56858 → flow:4b4d3205861f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-de01d31bf4634055:SESSION-de01d31bf4634055	SESSION-de01d31bf4634055 → pe:tls:SESSION-de01d31bf4634055
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-980b61ddea9c5965:BSG-BEACON-e07f4250263f	SESSION-980b61ddea9c5965 → BSG-BEACON-e07f4250263f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f9c73da0e6ec113c:SESSION-f9c73da0e6ec113c	SESSION-f9c73da0e6ec113c → pe:syn:SESSION-f9c73da0e6ec113c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4af9ea8e19c0cf86:host:172.234.197.23:host:131.196.29.61	SESSION-4af9ea8e19c0cf86 → host:172.234.197.23 → host:131.196.29.61
FLOW_DST_PORTOBS	e:fp:flow:0357935f6477:port:tcp:22	flow:0357935f6477 → port:tcp:22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4879ced74a20729f:SESSION-4879ced74a20729f	SESSION-4879ced74a20729f → pe:tls:SESSION-4879ced74a20729f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0b8fd41df39b968c:flow:a54cfd642968	SESSION-0b8fd41df39b968c → flow:a54cfd642968
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8098f7aeb1e3da6f:flow:c697e487c7c3	SESSION-8098f7aeb1e3da6f → flow:c697e487c7c3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d77475f82108632b:flow:d0eed4caabbe	SESSION-d77475f82108632b → flow:d0eed4caabbe
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bfc33587dc4bfad3:host:177.10.234.160	SESSION-bfc33587dc4bfad3 → host:177.10.234.160
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1e1ef170279bd06:host:172.234.197.23	SESSION-e1e1ef170279bd06 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-383c10f8cce4ec29:host:172.234.197.23	SESSION-383c10f8cce4ec29 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-11da84003d7810c4:host:172.234.197.23	SESSION-11da84003d7810c4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:844eea514ea2:port:tcp:443	flow:844eea514ea2 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0b22fbd69b6831b9:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0b22fbd69b6831b9 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.237:geo_-23.62930_-46.63510	host:131.196.31.237 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-6667ca1b9f8ba8d1:host:172.234.197.23	SESSION-6667ca1b9f8ba8d1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-96623b45a0a307c2:host:172.234.197.23	SESSION-96623b45a0a307c2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5b79680f4b436a5:flow:c11de5831f54	SESSION-b5b79680f4b436a5 → flow:c11de5831f54
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3168a3173448dd7d:host:172.234.197.23	SESSION-3168a3173448dd7d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-42b603b0c5709a24:flow:34b3e06e1c51	SESSION-42b603b0c5709a24 → flow:34b3e06e1c51
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.233:asn:273470	host:45.173.156.233 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a60c132d3a0c7657:host:177.10.236.33	SESSION-a60c132d3a0c7657 → host:177.10.236.33
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.224.135.22:geo_52.51960_13.40690	host:51.224.135.22 → geo_52.51960_13.40690
FLOW_FROM_HOSTOBS	e:from:SESSION-7c274d9ac0119175:host:177.10.238.119	SESSION-7c274d9ac0119175 → host:177.10.238.119
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c9eb08591878d33c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c9eb08591878d33c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e26c73b3a0fde5e3:SESSION-e26c73b3a0fde5e3	SESSION-e26c73b3a0fde5e3 → pe:tls:SESSION-e26c73b3a0fde5e3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-17e71ce1458770d6:flow:55f3a75120ee	SESSION-17e71ce1458770d6 → flow:55f3a75120ee
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.81:asn:262880	host:177.10.234.81 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ee237db5b674d6c4:SESSION-ee237db5b674d6c4	SESSION-ee237db5b674d6c4 → pe:syn:SESSION-ee237db5b674d6c4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db8bd5551afdaf6c:host:172.234.197.23	SESSION-db8bd5551afdaf6c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-324907e130151d7d:SESSION-324907e130151d7d	SESSION-324907e130151d7d → pe:syn:SESSION-324907e130151d7d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e529f6ef28aca515:host:131.196.28.125:host:172.234.197.23	SESSION-e529f6ef28aca515 → host:131.196.28.125 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ad4db4cca9d566af:host:177.10.235.233:host:172.234.197.23	SESSION-ad4db4cca9d566af → host:177.10.235.233 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.222:geo_-23.62930_-46.63510	host:131.196.31.222 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-024c55a268626b80:host:131.196.30.42:host:172.234.197.23	SESSION-024c55a268626b80 → host:131.196.30.42 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-328e38096bb05d60:host:177.10.235.236	SESSION-328e38096bb05d60 → host:177.10.235.236
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-873a01bbf1ba0d09:flow:a2afd08744a3	SESSION-873a01bbf1ba0d09 → flow:a2afd08744a3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d58cfad877959bea:flow:cdf5f2e2e9eb	SESSION-d58cfad877959bea → flow:cdf5f2e2e9eb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d776155c4ea7cbea:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d776155c4ea7cbea → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac9ecab386602d8f:host:172.234.197.23	SESSION-ac9ecab386602d8f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c89e102c8b8b6c97:host:177.10.233.35	SESSION-c89e102c8b8b6c97 → host:177.10.233.35
FLOW_DST_PORTOBS	e:fp:flow:9301d7981011:port:tcp:443	flow:9301d7981011 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9d65a28f7cbebfeb:SESSION-9d65a28f7cbebfeb	SESSION-9d65a28f7cbebfeb → pe:tls:SESSION-9d65a28f7cbebfeb
FLOW_TO_HOSTOBS	e:to:SESSION-e7e110cd2632aa64:host:172.234.197.23	SESSION-e7e110cd2632aa64 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2be48cd916ee7ccc:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2be48cd916ee7ccc → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c88d3e9918500cb2:host:177.10.235.215	SESSION-c88d3e9918500cb2 → host:177.10.235.215
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0200d7ef8e83c7c3:flow:33a86ba2b575	SESSION-0200d7ef8e83c7c3 → flow:33a86ba2b575
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-195f8b2639df23c4:host:131.196.30.92	SESSION-195f8b2639df23c4 → host:131.196.30.92
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a4651c2a8eec0e6f:flow:16c7a0cad34a	SESSION-a4651c2a8eec0e6f → flow:16c7a0cad34a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7536a33faff5a95d:host:177.10.235.168:host:172.234.197.23	SESSION-7536a33faff5a95d → host:177.10.235.168 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac742257199be2dd:host:172.234.197.23	SESSION-ac742257199be2dd → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3d6a52e82bb8db7f:host:172.234.197.23:host:131.196.31.69	SESSION-3d6a52e82bb8db7f → host:172.234.197.23 → host:131.196.31.69
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a83f7d2591dcabf5:SESSION-a83f7d2591dcabf5	SESSION-a83f7d2591dcabf5 → pe:syn:SESSION-a83f7d2591dcabf5
FLOW_DST_PORTOBS	e:fp:flow:2002322f6670:port:tcp:443	flow:2002322f6670 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:acc8fbc4722c	flow:acc8fbc4722c → host:177.10.238.177 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ef49ba6d990c029:host:177.10.239.136	SESSION-5ef49ba6d990c029 → host:177.10.239.136
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16b002b5a5ba0e61:host:177.10.238.127	SESSION-16b002b5a5ba0e61 → host:177.10.238.127
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.100:asn:262880	host:177.10.233.100 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e88ec164d738844a:flow:c223b0c1ae63	SESSION-e88ec164d738844a → flow:c223b0c1ae63
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c47e89745eb205fd:SESSION-c47e89745eb205fd	SESSION-c47e89745eb205fd → pe:tls:SESSION-c47e89745eb205fd
HOST_IN_ASNOBS 85%	e:ha:host:144.76.23.34:asn:24940	host:144.76.23.34 → asn:24940
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5527f09aaa715d91:flow:ce213669da36	SESSION-5527f09aaa715d91 → flow:ce213669da36
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-810f814d66b016e7:host:45.173.156.240	SESSION-810f814d66b016e7 → host:45.173.156.240
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-764219a5db7d50bc:SESSION-764219a5db7d50bc	SESSION-764219a5db7d50bc → pe:tls:SESSION-764219a5db7d50bc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-996c7a5f028b9d80:host:172.234.197.23	SESSION-996c7a5f028b9d80 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-70f9355e024c975b:SESSION-70f9355e024c975b	SESSION-70f9355e024c975b → pe:syn:SESSION-70f9355e024c975b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1e2a14af4b2a82fd:SESSION-1e2a14af4b2a82fd	SESSION-1e2a14af4b2a82fd → pe:tls:SESSION-1e2a14af4b2a82fd
FLOW_TO_HOSTOBS	e:to:SESSION-4a33620a262b3196:host:172.234.197.23	SESSION-4a33620a262b3196 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-353fd641d57f7d93:host:172.234.197.23	SESSION-353fd641d57f7d93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f29948747ee8d5c:host:177.10.235.174	SESSION-1f29948747ee8d5c → host:177.10.235.174
FLOW_TO_HOSTOBS	e:to:SESSION-68317c08ea2eebc2:host:172.234.197.23	SESSION-68317c08ea2eebc2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7f44cd8b141a7b5c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-7f44cd8b141a7b5c → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:afb4988040a5:port:tcp:5300	flow:afb4988040a5 → port:tcp:5300
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e76870e292a86821:SESSION-e76870e292a86821	SESSION-e76870e292a86821 → pe:syn:SESSION-e76870e292a86821
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6372f3e6dae2e87f:host:131.196.30.44	SESSION-6372f3e6dae2e87f → host:131.196.30.44
FLOW_FROM_HOSTOBS	e:from:SESSION-08a40451c9cdc962:host:172.3.50.214	SESSION-08a40451c9cdc962 → host:172.3.50.214
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2eff7ebef8fd9091:SESSION-2eff7ebef8fd9091	SESSION-2eff7ebef8fd9091 → pe:tls:SESSION-2eff7ebef8fd9091
FLOW_DST_PORTOBS	e:fp:flow:7247acb14be4:port:tcp:443	flow:7247acb14be4 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:7ec4606e67d3:port:tcp:23420	flow:7ec4606e67d3 → port:tcp:23420
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-32ae480396f4c201:PCAP:capture_20260430070001:903a0e7a436b	SESSION-32ae480396f4c201 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:fb19f5ee5964:port:tcp:11842	flow:fb19f5ee5964 → port:tcp:11842
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-46da9b8beaa478c9:host:177.10.239.204:host:172.234.197.23	SESSION-46da9b8beaa478c9 → host:177.10.239.204 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41b7279875030e7d:host:177.10.234.178	SESSION-41b7279875030e7d → host:177.10.234.178
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c1640005abec031d:flow:af020dea481e	SESSION-c1640005abec031d → flow:af020dea481e
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.157:asn:271410	host:131.196.29.157 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c7e6be5ba8db3cda:SESSION-c7e6be5ba8db3cda	SESSION-c7e6be5ba8db3cda → pe:syn:SESSION-c7e6be5ba8db3cda
FLOW_TO_HOSTOBS	e:to:SESSION-31de31d3c82f498d:host:131.196.31.107	SESSION-31de31d3c82f498d → host:131.196.31.107
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f0044b48e7e1824:host:177.10.234.63	SESSION-5f0044b48e7e1824 → host:177.10.234.63
flow_observed5-aryOBS	e:fo:flow:efc0306a2c81	flow:efc0306a2c81 → host:177.10.234.147 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6354b0819147ed1d:SESSION-6354b0819147ed1d	SESSION-6354b0819147ed1d → pe:tls:SESSION-6354b0819147ed1d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ab1f168a37fae671:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ab1f168a37fae671 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed4-aryOBS	e:fo:flow:f3dfdf6b0313	flow:f3dfdf6b0313 → host:172.234.197.23 → host:131.196.30.74 → port:tcp:45067
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cfbd2e877e86cd2a:host:177.10.234.238	SESSION-cfbd2e877e86cd2a → host:177.10.234.238
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c3db1a0404e21661:PCAP:capture_20260430150001:ded20914761d	SESSION-c3db1a0404e21661 → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.129:asn:262880	host:177.10.235.129 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-21b975753a100632:host:172.234.197.23	SESSION-21b975753a100632 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8fbc053aa21c3a10:flow:4372f6da63a9	SESSION-8fbc053aa21c3a10 → flow:4372f6da63a9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7205a781bd8c8542:SESSION-7205a781bd8c8542	SESSION-7205a781bd8c8542 → pe:tls:SESSION-7205a781bd8c8542
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bea10d62e606d6ea:host:172.234.197.23	SESSION-bea10d62e606d6ea → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-616ab8d382244a8d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-616ab8d382244a8d → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-e991043fa3bca90d:host:172.234.197.23	SESSION-e991043fa3bca90d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1d7bdeba7c000ea7:host:172.234.197.23	SESSION-1d7bdeba7c000ea7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:74e60f4378aa:port:tcp:80	flow:74e60f4378aa → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-759329d52e4cabab:host:172.234.197.23	SESSION-759329d52e4cabab → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-12c594123030dc05:flow:8b3b3d47a40d	SESSION-12c594123030dc05 → flow:8b3b3d47a40d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-afd30c72829a35a2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-afd30c72829a35a2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a34ec08b35e90b0:host:172.234.197.23	SESSION-2a34ec08b35e90b0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-319dd83e6310ac59:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-319dd83e6310ac59 → PCAP:capture_20260430140001:aaa9b3fc898b
ASN_IN_ORGOBS 80%	e:ao:asn:9198:org:JSC Kazakhtelecom	asn:9198 → org:JSC Kazakhtelecom
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-00efe759e05a1a39:host:172.234.197.23	SESSION-00efe759e05a1a39 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a6f73143abd0c86:host:172.234.197.23	SESSION-3a6f73143abd0c86 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb82ec2c88e573dc:host:177.10.236.239	SESSION-eb82ec2c88e573dc → host:177.10.236.239
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96f33e27040b9bc9:host:172.234.197.23	SESSION-96f33e27040b9bc9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f7884afbce83d50:host:172.234.197.23	SESSION-9f7884afbce83d50 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e10e261831a1079d:SESSION-e10e261831a1079d	SESSION-e10e261831a1079d → pe:syn:SESSION-e10e261831a1079d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2b4854b4491f9b7:host:172.234.197.23	SESSION-e2b4854b4491f9b7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.70:geo_-23.62930_-46.63510	host:131.196.30.70 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cdcb5008ac7e3b15:host:172.234.197.23	SESSION-cdcb5008ac7e3b15 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.180:geo_-16.28860_-49.01640	host:177.10.232.180 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-f1de6d316dd7305f:host:131.196.31.173	SESSION-f1de6d316dd7305f → host:131.196.31.173
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0c4b638117ccca22:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0c4b638117ccca22 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:a0b3ac6a412f:port:tcp:443	flow:a0b3ac6a412f → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-65316f3920c6d168:host:172.234.197.23	SESSION-65316f3920c6d168 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c83c0a366733c9bb:PCAP:capture_20260430110001:43611bdf6759	SESSION-c83c0a366733c9bb → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-764219a5db7d50bc:host:131.196.30.189	SESSION-764219a5db7d50bc → host:131.196.30.189
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.186:geo_-23.62930_-46.63510	host:131.196.29.186 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-845630b36dc2dead:SESSION-845630b36dc2dead	SESSION-845630b36dc2dead → pe:syn:SESSION-845630b36dc2dead
FLOW_DST_PORTOBS	e:fp:flow:3e49d98774e6:port:tcp:5125	flow:3e49d98774e6 → port:tcp:5125
FLOW_TO_HOSTOBS	e:to:SESSION-53d75396bd30ce89:host:172.234.197.23	SESSION-53d75396bd30ce89 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3bec1644a83cc4e1:host:172.234.197.23:host:177.10.232.253	SESSION-3bec1644a83cc4e1 → host:172.234.197.23 → host:177.10.232.253
FLOW_TO_HOSTOBS	e:to:SESSION-d18ddb12cf5478af:host:177.10.233.231	SESSION-d18ddb12cf5478af → host:177.10.233.231
FLOW_FROM_HOSTOBS	e:from:SESSION-1c5519b0e5712e1e:host:177.10.236.62	SESSION-1c5519b0e5712e1e → host:177.10.236.62
FLOW_TO_HOSTOBS	e:to:SESSION-b5a3cad014cd3066:host:172.234.197.23	SESSION-b5a3cad014cd3066 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3553d3f3f842e7ac:host:172.234.197.23	SESSION-3553d3f3f842e7ac → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae5500b1626fa45f:host:177.10.239.186	SESSION-ae5500b1626fa45f → host:177.10.239.186
FLOW_DST_PORTOBS	e:fp:flow:2242c7b203cd:port:tcp:443	flow:2242c7b203cd → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.201:asn:271410	host:131.196.29.201 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.107:geo_-16.28860_-49.01640	host:177.10.232.107 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2c59cadc4597ab32:flow:d1de667db311	SESSION-2c59cadc4597ab32 → flow:d1de667db311
FLOW_TO_HOSTOBS	e:to:SESSION-99cbc6df23fa1e57:host:172.234.197.23	SESSION-99cbc6df23fa1e57 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:695d32c2bdde	flow:695d32c2bdde → host:177.10.235.222 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ed5a5f4d7e8650f:host:172.234.197.23	SESSION-6ed5a5f4d7e8650f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee7b628709e11cd4:host:177.10.234.186	SESSION-ee7b628709e11cd4 → host:177.10.234.186
FLOW_TO_HOSTOBS	e:to:SESSION-69d28aa413742c82:host:172.234.197.23	SESSION-69d28aa413742c82 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28e949edc1bba418:host:172.234.197.23	SESSION-28e949edc1bba418 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-291dfe079248afc7:SESSION-291dfe079248afc7	SESSION-291dfe079248afc7 → pe:syn:SESSION-291dfe079248afc7
flow_observed5-aryOBS	e:fo:flow:f2d1957f48c3	flow:f2d1957f48c3 → host:177.10.232.34 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-09a6e49240d11692:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-09a6e49240d11692 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-63fc840f6df40503:PCAP:capture_20260430150001:ded20914761d	SESSION-63fc840f6df40503 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51de65c9ef505a13:host:131.196.30.170	SESSION-51de65c9ef505a13 → host:131.196.30.170
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.159:asn:271410	host:131.196.29.159 → asn:271410
flow_observed5-aryOBS	e:fo:flow:d3569eada1d9	flow:d3569eada1d9 → host:95.170.25.175 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3f928c0ad9f6130d:flow:1b3159206e19	SESSION-3f928c0ad9f6130d → flow:1b3159206e19
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-58ff4ad892ea2c04:SESSION-58ff4ad892ea2c04	SESSION-58ff4ad892ea2c04 → pe:tls:SESSION-58ff4ad892ea2c04
FLOW_FROM_HOSTOBS	e:from:SESSION-2794803b6e3661a7:host:172.234.197.23	SESSION-2794803b6e3661a7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.239:geo_-23.62930_-46.63510	host:131.196.30.239 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e53dab5788851a26:PCAP:capture_20260430080001:93f47cc296a4	SESSION-e53dab5788851a26 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-afb2aada9aae789c:host:104.28.157.111	SESSION-afb2aada9aae789c → host:104.28.157.111
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a87d3ab31183768a:flow:80e3cf1c3f31	SESSION-a87d3ab31183768a → flow:80e3cf1c3f31
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-39aafc698c61dd93:flow:2efde4485be8	SESSION-39aafc698c61dd93 → flow:2efde4485be8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ac1869edc353761e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-ac1869edc353761e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-f5958a673e968588:SESSION-f5958a673e968588	SESSION-f5958a673e968588 → pe:rst:SESSION-f5958a673e968588
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4d5ec492dcde12c:host:172.234.197.23	SESSION-b4d5ec492dcde12c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8c47c9c0c965:port:tcp:443	flow:8c47c9c0c965 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-9f6479625c7774ad:host:177.10.239.118	SESSION-9f6479625c7774ad → host:177.10.239.118
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f5958a673e968588:host:185.231.226.214:host:172.234.197.23	SESSION-f5958a673e968588 → host:185.231.226.214 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0fd6726780ee8778:host:172.234.197.23	SESSION-0fd6726780ee8778 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-20cf12e311e55250:host:177.10.234.91	SESSION-20cf12e311e55250 → host:177.10.234.91
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-49652bb4e1e9db35:flow:35322a654e75	SESSION-49652bb4e1e9db35 → flow:35322a654e75
FLOW_DST_PORTOBS	e:fp:flow:47adaf8e89df:port:tcp:443	flow:47adaf8e89df → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-3a22e38c714d83c7:host:172.234.197.23	SESSION-3a22e38c714d83c7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.5:geo_-23.62930_-46.63510	host:131.196.31.5 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-30ddbb300887e80e:SESSION-30ddbb300887e80e	SESSION-30ddbb300887e80e → pe:tls:SESSION-30ddbb300887e80e
FLOW_TO_HOSTOBS	e:to:SESSION-60cd9cc046a23835:host:177.10.237.91	SESSION-60cd9cc046a23835 → host:177.10.237.91
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.40:geo_-23.62930_-46.63510	host:131.196.28.40 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ee4f55e8adb586c5:PCAP:capture_20260430070001:903a0e7a436b	SESSION-ee4f55e8adb586c5 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-1624b178b88eb54d:host:131.196.30.245	SESSION-1624b178b88eb54d → host:131.196.30.245
FLOW_DST_PORTOBS	e:fp:flow:9887d287d357:port:tcp:443	flow:9887d287d357 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:08e013e88cca:port:tcp:80	flow:08e013e88cca → port:tcp:80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-63e207f92d9c898d:SESSION-63e207f92d9c898d	SESSION-63e207f92d9c898d → pe:syn:SESSION-63e207f92d9c898d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1433a266c3f7170c:host:172.234.197.23	SESSION-1433a266c3f7170c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-17a3924886eb315f:SESSION-17a3924886eb315f	SESSION-17a3924886eb315f → pe:syn:SESSION-17a3924886eb315f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-97a932b8098f01e0:host:177.10.239.39:host:172.234.197.23	SESSION-97a932b8098f01e0 → host:177.10.239.39 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-67e118b3ac1b9481:SESSION-67e118b3ac1b9481	SESSION-67e118b3ac1b9481 → pe:tls:SESSION-67e118b3ac1b9481
FLOW_TO_HOSTOBS	e:to:SESSION-b9d0d1a45a4e9ec7:host:172.234.197.23	SESSION-b9d0d1a45a4e9ec7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-718b3dc95b6876be:SESSION-718b3dc95b6876be	SESSION-718b3dc95b6876be → pe:tls:SESSION-718b3dc95b6876be
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e076f857aa349ed0:host:172.234.197.23	SESSION-e076f857aa349ed0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-83267dedfd50dbe7:host:177.10.239.72:host:172.234.197.23	SESSION-83267dedfd50dbe7 → host:177.10.239.72 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b3fd62b1832b0e41:host:131.196.31.45	SESSION-b3fd62b1832b0e41 → host:131.196.31.45
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6bfe68f8e20317f4:host:177.10.234.185	SESSION-6bfe68f8e20317f4 → host:177.10.234.185
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-370545020cd57187:flow:31dd5b8aecb6	SESSION-370545020cd57187 → flow:31dd5b8aecb6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65aa50b6e4bd0a70:host:177.10.239.102	SESSION-65aa50b6e4bd0a70 → host:177.10.239.102
FLOW_DST_PORTOBS	e:fp:flow:c8d339210a8b:port:tcp:443	flow:c8d339210a8b → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d6d6cedb2de1ad8d:host:177.10.233.124:host:172.234.197.23	SESSION-d6d6cedb2de1ad8d → host:177.10.233.124 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d4a20519f18b	flow:d4a20519f18b → host:131.196.29.154 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f3b2b5737f36d7ec:host:177.10.236.220	SESSION-f3b2b5737f36d7ec → host:177.10.236.220
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08b271f63f4ccc89:host:177.10.238.49	SESSION-08b271f63f4ccc89 → host:177.10.238.49
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-54da05b162213325:flow:33939d4aeb62	SESSION-54da05b162213325 → flow:33939d4aeb62
flow_observed4-aryOBS	e:fo:flow:19dfc6870514	flow:19dfc6870514 → host:172.234.197.23 → host:131.196.30.75 → port:tcp:23759
flow_observed5-aryOBS	e:fo:flow:ccf81e5a8a06	flow:ccf81e5a8a06 → host:177.10.235.95 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-46f163e73b58987c:SESSION-46f163e73b58987c	SESSION-46f163e73b58987c → pe:tls:SESSION-46f163e73b58987c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-abc806ef9f1a9dce:SESSION-abc806ef9f1a9dce	SESSION-abc806ef9f1a9dce → pe:syn:SESSION-abc806ef9f1a9dce
FLOW_DST_PORTOBS	e:fp:flow:ffa767bf73be:port:tcp:19502	flow:ffa767bf73be → port:tcp:19502
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b977b804ba3f4edd:host:172.234.197.23	SESSION-b977b804ba3f4edd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-de7198c98f7f92ee:host:177.10.235.251	SESSION-de7198c98f7f92ee → host:177.10.235.251
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68031782b8336c69:flow:b0a84a3195d1	SESSION-68031782b8336c69 → flow:b0a84a3195d1
FLOW_DST_PORTOBS	e:fp:flow:960a1f66ca09:port:tcp:443	flow:960a1f66ca09 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-86b498cacf4afadd:flow:795d0440d4c2	SESSION-86b498cacf4afadd → flow:795d0440d4c2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.28:geo_-16.28860_-49.01640	host:177.10.237.28 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c0e19c2beda7d84:host:172.234.197.23	SESSION-1c0e19c2beda7d84 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7e12300b6212ab14:SESSION-7e12300b6212ab14	SESSION-7e12300b6212ab14 → pe:tls:SESSION-7e12300b6212ab14
FLOW_DST_PORTOBS	e:fp:flow:2fe8baa33d5c:port:tcp:37173	flow:2fe8baa33d5c → port:tcp:37173
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b16751dae4d82103:SESSION-b16751dae4d82103	SESSION-b16751dae4d82103 → pe:syn:SESSION-b16751dae4d82103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-048f9271a2e27be7:host:172.234.197.23	SESSION-048f9271a2e27be7 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.45:asn:203771	host:185.231.226.45 → asn:203771
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.30:asn:271410	host:131.196.31.30 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d6e7d46ad1b0c983:PCAP:capture_20260430150001:ded20914761d	SESSION-d6e7d46ad1b0c983 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf286e26fb783f2f:host:172.234.197.23	SESSION-cf286e26fb783f2f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-21e452657508b689:host:172.234.197.23	SESSION-21e452657508b689 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd92f1d715637398:host:34.216.76.26	SESSION-cd92f1d715637398 → host:34.216.76.26
flow_observed5-aryOBS	e:fo:flow:a92b40db2dd8	flow:a92b40db2dd8 → host:45.145.152.51 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2e0b5328aa075dd2:flow:f1d2d3e59021	SESSION-2e0b5328aa075dd2 → flow:f1d2d3e59021
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-92fb186a1f8eeacc:host:177.10.232.253:host:172.234.197.23	SESSION-92fb186a1f8eeacc → host:177.10.232.253 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7948a18eeb1cbc0d:host:95.170.25.31	SESSION-7948a18eeb1cbc0d → host:95.170.25.31
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5826a910dfa3cb7f:SESSION-5826a910dfa3cb7f	SESSION-5826a910dfa3cb7f → pe:syn:SESSION-5826a910dfa3cb7f
FLOW_TO_HOSTOBS	e:to:SESSION-3c1e38c6e6df43f1:host:177.10.232.251	SESSION-3c1e38c6e6df43f1 → host:177.10.232.251
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-985c12f522f7e9ff:SESSION-985c12f522f7e9ff	SESSION-985c12f522f7e9ff → pe:syn:SESSION-985c12f522f7e9ff
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0ce4fb974af5131d:SESSION-0ce4fb974af5131d	SESSION-0ce4fb974af5131d → pe:tls:SESSION-0ce4fb974af5131d
flow_observed5-aryOBS	e:fo:flow:cc69fbf2913b	flow:cc69fbf2913b → host:131.196.31.57 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3fa41b89da3fc0a6:SESSION-3fa41b89da3fc0a6	SESSION-3fa41b89da3fc0a6 → pe:syn:SESSION-3fa41b89da3fc0a6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-037b6464dda97429:host:95.170.25.134	SESSION-037b6464dda97429 → host:95.170.25.134
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6d6666ae3e8c32da:host:177.10.237.229:host:172.234.197.23	SESSION-6d6666ae3e8c32da → host:177.10.237.229 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bc3cb32f8be8837a:host:177.10.237.204:host:172.234.197.23	SESSION-bc3cb32f8be8837a → host:177.10.237.204 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-db907559277cbdbb:host:177.10.234.210	SESSION-db907559277cbdbb → host:177.10.234.210
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cd801ce1250407dd:SESSION-cd801ce1250407dd	SESSION-cd801ce1250407dd → pe:tls:SESSION-cd801ce1250407dd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-527acdf0d3ebbbcc:host:131.196.30.56	SESSION-527acdf0d3ebbbcc → host:131.196.30.56
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-724515316ace62dc:host:172.234.197.23	SESSION-724515316ace62dc → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-905738e9b4f08562:host:177.10.235.213:host:172.234.197.23	SESSION-905738e9b4f08562 → host:177.10.235.213 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-621f2e97c51ae8e1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-621f2e97c51ae8e1 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-453cfacc8e209f2f:host:172.234.197.23	SESSION-453cfacc8e209f2f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d77012e48557176:host:131.196.29.206:host:172.234.197.23	SESSION-1d77012e48557176 → host:131.196.29.206 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:673591fae970:port:tcp:443	flow:673591fae970 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.211:geo_-16.28860_-49.01640	host:177.10.235.211 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa38dbd858d86f82:host:172.234.197.23:host:177.10.237.122	SESSION-aa38dbd858d86f82 → host:172.234.197.23 → host:177.10.237.122
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-542567c32b647819:flow:d80cf89ab1c3	SESSION-542567c32b647819 → flow:d80cf89ab1c3
FLOW_FROM_HOSTOBS	e:from:SESSION-7c1c3bc51aa7232b:host:172.234.197.23	SESSION-7c1c3bc51aa7232b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f43bb83d69743819:host:172.234.197.23	SESSION-f43bb83d69743819 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ffc31ee499a3f223:host:177.10.232.62	SESSION-ffc31ee499a3f223 → host:177.10.232.62
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-658ca3f75d8ef503:flow:5271c61bb9ad	SESSION-658ca3f75d8ef503 → flow:5271c61bb9ad
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9ee22ced6a72efa:host:131.196.30.3	SESSION-f9ee22ced6a72efa → host:131.196.30.3
FLOW_TLS_SNIOBS	e:fs:flow:c223b0c1ae63:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:c223b0c1ae63 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1f059fe4a40805f2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1f059fe4a40805f2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd2d57a3e3d90491:host:172.234.197.23	SESSION-fd2d57a3e3d90491 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-161fb053b15bb516:PCAP:capture_20260430110001:43611bdf6759	SESSION-161fb053b15bb516 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf988ed4220ca0ac:PCAP:capture_20260430080001:93f47cc296a4	SESSION-bf988ed4220ca0ac → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c716fd204e4ddd99:flow:b8a5b7dbb39a	SESSION-c716fd204e4ddd99 → flow:b8a5b7dbb39a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ffa310b40a91058:flow:3882f120ecd6	SESSION-2ffa310b40a91058 → flow:3882f120ecd6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-845fd343ebc60049:flow:72cbbda16d03	SESSION-845fd343ebc60049 → flow:72cbbda16d03
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3d0d891734a12161:flow:54f02f05c06a	SESSION-3d0d891734a12161 → flow:54f02f05c06a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fa49f714001a7a70:SESSION-fa49f714001a7a70	SESSION-fa49f714001a7a70 → pe:syn:SESSION-fa49f714001a7a70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-51c60ff5c6e820bd:SESSION-51c60ff5c6e820bd	SESSION-51c60ff5c6e820bd → pe:syn:SESSION-51c60ff5c6e820bd
FLOW_TO_HOSTOBS	e:to:SESSION-5a17077467e1bba6:host:172.234.197.23	SESSION-5a17077467e1bba6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-66dcd1fd6d28b07f:SESSION-66dcd1fd6d28b07f	SESSION-66dcd1fd6d28b07f → pe:syn:SESSION-66dcd1fd6d28b07f
FLOW_FROM_HOSTOBS	e:from:SESSION-ff9ef052366910da:host:172.234.197.23	SESSION-ff9ef052366910da → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77593e2039f5e18a:flow:48bf951f542b	SESSION-77593e2039f5e18a → flow:48bf951f542b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7bf74715b11f1486:SESSION-7bf74715b11f1486	SESSION-7bf74715b11f1486 → pe:tls:SESSION-7bf74715b11f1486
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d2d2e0adb85f8f3e:flow:064e5a3fddb4	SESSION-d2d2e0adb85f8f3e → flow:064e5a3fddb4
FLOW_QUERIED_DNSOBS	e:fd:flow:9fdd0c4709fb:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:9fdd0c4709fb → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
FLOW_FROM_HOSTOBS	e:from:SESSION-76b86119fe5d0a6f:host:131.196.30.167	SESSION-76b86119fe5d0a6f → host:131.196.30.167
FLOW_DST_PORTOBS	e:fp:flow:d18b0b138742:port:tcp:443	flow:d18b0b138742 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.98:geo_-16.28860_-49.01640	host:177.10.235.98 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.187:geo_-16.28860_-49.01640	host:177.10.236.187 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-d0cd9b8959e0e89e:host:172.234.197.23	SESSION-d0cd9b8959e0e89e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c766f181ead012ae:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-c766f181ead012ae → PCAP:capture_20260428000001:7e90c7cb899e
FLOW_DST_PORTOBS	e:fp:flow:ecd35dc16e75:port:tcp:443	flow:ecd35dc16e75 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0e6517dadbfe4bb3:SESSION-0e6517dadbfe4bb3	SESSION-0e6517dadbfe4bb3 → pe:syn:SESSION-0e6517dadbfe4bb3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-177c9265a29fe644:host:177.10.232.153	SESSION-177c9265a29fe644 → host:177.10.232.153
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d54bd183a716274c:PCAP:capture_20260430110001:43611bdf6759	SESSION-d54bd183a716274c → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:179a27b6c82f:port:tcp:443	flow:179a27b6c82f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5f8d7516bed96e97:SESSION-5f8d7516bed96e97	SESSION-5f8d7516bed96e97 → pe:syn:SESSION-5f8d7516bed96e97
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5826a910dfa3cb7f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5826a910dfa3cb7f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5f416b1590e3cca4:flow:3839d01ad8f6	SESSION-5f416b1590e3cca4 → flow:3839d01ad8f6
HOST_IN_ASNOBS 85%	e:ha:host:80.94.92.186:asn:47890	host:80.94.92.186 → asn:47890
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e074c277760af7b:SESSION-4e074c277760af7b	SESSION-4e074c277760af7b → pe:syn:SESSION-4e074c277760af7b
FLOW_FROM_HOSTOBS	e:from:SESSION-a27690ff20574d25:host:131.196.31.27	SESSION-a27690ff20574d25 → host:131.196.31.27
flow_observed4-aryOBS	e:fo:flow:1c8e149ce566	flow:1c8e149ce566 → host:172.234.197.23 → host:177.10.236.10 → port:tcp:2154
FLOW_FROM_HOSTOBS	e:from:SESSION-167179e2a869fa22:host:177.10.239.184	SESSION-167179e2a869fa22 → host:177.10.239.184
FLOW_DST_PORTOBS	e:fp:flow:dac34675aa7c:port:tcp:44765	flow:dac34675aa7c → port:tcp:44765
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-92cb25b3a2aea70a:PCAP:capture_20260430060001:919b39a74464	SESSION-92cb25b3a2aea70a → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-d99d46a236a5e045:host:131.196.30.150	SESSION-d99d46a236a5e045 → host:131.196.30.150
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f73bbd477b19c775:host:177.10.237.153	SESSION-f73bbd477b19c775 → host:177.10.237.153
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be4f81bef58a140b:host:172.234.197.23	SESSION-be4f81bef58a140b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c812f2a31a60fc9:host:172.234.197.23	SESSION-3c812f2a31a60fc9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-928f584a0bc46099:SESSION-928f584a0bc46099	SESSION-928f584a0bc46099 → pe:tls:SESSION-928f584a0bc46099
flow_observed4-aryOBS	e:fo:flow:a3391bc3a0b3	flow:a3391bc3a0b3 → host:172.234.197.23 → host:177.10.237.10 → port:tcp:41813
FLOW_DST_PORTOBS	e:fp:flow:13d8c496e757:port:tcp:7474	flow:13d8c496e757 → port:tcp:7474
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd728e6d9f0647f9:host:177.10.239.205	SESSION-bd728e6d9f0647f9 → host:177.10.239.205
flow_observed5-aryOBS	e:fo:flow:e0aacc449aaf	flow:e0aacc449aaf → host:177.10.233.95 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-cddd8421db4c97d9:BSG-BEACON-dcf3a82bd112	SESSION-cddd8421db4c97d9 → BSG-BEACON-dcf3a82bd112
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ba035d2018b1429:host:172.234.197.23:host:177.10.232.72	SESSION-6ba035d2018b1429 → host:172.234.197.23 → host:177.10.232.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a7aa94b5f9268de0:SESSION-a7aa94b5f9268de0	SESSION-a7aa94b5f9268de0 → pe:tls:SESSION-a7aa94b5f9268de0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b6d027087dbd516e:SESSION-b6d027087dbd516e	SESSION-b6d027087dbd516e → pe:tls:SESSION-b6d027087dbd516e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-80f68e8f687f2dc5:SESSION-80f68e8f687f2dc5	SESSION-80f68e8f687f2dc5 → pe:syn:SESSION-80f68e8f687f2dc5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96f33e27040b9bc9:PCAP:capture_20260430150001:ded20914761d	SESSION-96f33e27040b9bc9 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-3f077149cc71812a:host:172.234.197.23	SESSION-3f077149cc71812a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-42b603b0c5709a24:host:177.10.237.93	SESSION-42b603b0c5709a24 → host:177.10.237.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-921caeacc0f03622:SESSION-921caeacc0f03622	SESSION-921caeacc0f03622 → pe:syn:SESSION-921caeacc0f03622
FLOW_FROM_HOSTOBS	e:from:SESSION-499399e6896a45f7:host:95.135.228.52	SESSION-499399e6896a45f7 → host:95.135.228.52
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9c08b167ed56233b:flow:da656094cd00	SESSION-9c08b167ed56233b → flow:da656094cd00
flow_observed5-aryOBS	e:fo:flow:af4d6e2418ef	flow:af4d6e2418ef → host:177.10.238.192 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.29:asn:262880	host:177.10.236.29 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.36:asn:262880	host:177.10.234.36 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-c88d3e9918500cb2:host:177.10.235.215	SESSION-c88d3e9918500cb2 → host:177.10.235.215
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.229:geo_-23.62930_-46.63510	host:131.196.31.229 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20c0393579af9382:host:131.196.28.59	SESSION-20c0393579af9382 → host:131.196.28.59
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-54530aea57b72d0f:flow:64c0950ebd04	SESSION-54530aea57b72d0f → flow:64c0950ebd04
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c184642b13b6de27:host:172.234.197.23	SESSION-c184642b13b6de27 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:507197005ee2	flow:507197005ee2 → host:131.196.28.80 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3c3e0ded89b78d8d:flow:bb55c33944ff	SESSION-3c3e0ded89b78d8d → flow:bb55c33944ff
flow_observed5-aryOBS	e:fo:flow:9fb46ecf28f1	flow:9fb46ecf28f1 → host:177.10.237.25 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f56538a064e25a46:flow:5d21062ad7da	SESSION-f56538a064e25a46 → flow:5d21062ad7da
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8b38e5755a85588:flow:eb3db027c028	SESSION-c8b38e5755a85588 → flow:eb3db027c028
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.211:asn:262880	host:177.10.232.211 → asn:262880
flow_observed4-aryOBS	e:fo:flow:5ec23c1a1f63	flow:5ec23c1a1f63 → host:172.234.197.23 → host:45.173.156.31 → port:tcp:15164
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-35834184401bcda8:PCAP:capture_20260430070001:903a0e7a436b	SESSION-35834184401bcda8 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:108.217.180.26:geo_27.31820_-80.35240	host:108.217.180.26 → geo_27.31820_-80.35240
FLOW_FROM_HOSTOBS	e:from:SESSION-3a082d71203d179a:host:177.10.233.168	SESSION-3a082d71203d179a → host:177.10.233.168
FLOW_FROM_HOSTOBS	e:from:SESSION-310c82c2a589a705:host:172.234.197.23	SESSION-310c82c2a589a705 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b145e081d4e87ab3:host:177.10.239.221	SESSION-b145e081d4e87ab3 → host:177.10.239.221
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1440a3c9b30a4056:host:172.234.197.23	SESSION-1440a3c9b30a4056 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f130592ce1f7f0fb:host:177.10.239.16:host:172.234.197.23	SESSION-f130592ce1f7f0fb → host:177.10.239.16 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-21a6fb1ae6879e55:PCAP:capture_20260430070001:903a0e7a436b	SESSION-21a6fb1ae6879e55 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-019264e09ceae880:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-019264e09ceae880 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1b9603c0e1ea765:host:172.234.197.23	SESSION-c1b9603c0e1ea765 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4a07a3724199:port:tcp:33540	flow:4a07a3724199 → port:tcp:33540
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e8a6e8a4db8ac534:SESSION-e8a6e8a4db8ac534	SESSION-e8a6e8a4db8ac534 → pe:syn:SESSION-e8a6e8a4db8ac534
FLOW_FROM_HOSTOBS	e:from:SESSION-ce9448c6704b565d:host:177.10.237.196	SESSION-ce9448c6704b565d → host:177.10.237.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-15539e18bbfcb0e8:host:131.196.30.12	SESSION-15539e18bbfcb0e8 → host:131.196.30.12
FLOW_DST_PORTOBS	e:fp:flow:da7acd6d5ce1:port:tcp:15372	flow:da7acd6d5ce1 → port:tcp:15372
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bce308e5c94583d6:host:131.196.31.113:host:172.234.197.23	SESSION-bce308e5c94583d6 → host:131.196.31.113 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c85a65cf2db0ee65:host:172.234.197.23	SESSION-c85a65cf2db0ee65 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b5770b374496	flow:b5770b374496 → host:177.10.235.179 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4145be500857fbf:host:177.10.239.99:host:172.234.197.23	SESSION-c4145be500857fbf → host:177.10.239.99 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fa3e2132fc0a:port:tcp:443	flow:fa3e2132fc0a → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7140a8719778d6c0:PCAP:capture_20260430060001:919b39a74464	SESSION-7140a8719778d6c0 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e25d600ec07dd53e:host:172.234.197.23:host:131.196.31.246	SESSION-e25d600ec07dd53e → host:172.234.197.23 → host:131.196.31.246
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b61fb09d40ad349:host:172.234.197.23	SESSION-8b61fb09d40ad349 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-738e0b0c3dd2dd03:flow:c46fe74e3b56	SESSION-738e0b0c3dd2dd03 → flow:c46fe74e3b56
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b12621bc2223af13:SESSION-b12621bc2223af13	SESSION-b12621bc2223af13 → pe:tls:SESSION-b12621bc2223af13
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f4d08df9b5b22c8b:SESSION-f4d08df9b5b22c8b	SESSION-f4d08df9b5b22c8b → pe:syn:SESSION-f4d08df9b5b22c8b
FLOW_FROM_HOSTOBS	e:from:SESSION-44424f48705b3a9d:host:177.10.239.135	SESSION-44424f48705b3a9d → host:177.10.239.135
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e38f46dc000b6625:PCAP:capture_20260430110001:43611bdf6759	SESSION-e38f46dc000b6625 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-750eaff924399322:host:45.173.156.70:host:172.234.197.23	SESSION-750eaff924399322 → host:45.173.156.70 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-557aaca226ee6bf8:host:172.234.197.23	SESSION-557aaca226ee6bf8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-079ef1e0e1e74623:PCAP:capture_20260430110001:43611bdf6759	SESSION-079ef1e0e1e74623 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed80052f988e41bd:host:131.196.28.28	SESSION-ed80052f988e41bd → host:131.196.28.28
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b93959f6df3f665b:SESSION-b93959f6df3f665b	SESSION-b93959f6df3f665b → pe:syn:SESSION-b93959f6df3f665b
flow_observed5-aryOBS	e:fo:flow:1df7c7c9d3f6	flow:1df7c7c9d3f6 → host:177.10.239.154 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:0cf167553f52	flow:0cf167553f52 → host:172.234.197.23 → host:177.10.236.92 → port:tcp:24097
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1863330d3e94cce5:host:131.196.30.65	SESSION-1863330d3e94cce5 → host:131.196.30.65
FLOW_DST_PORTOBS	e:fp:flow:6526fd742d74:port:tcp:443	flow:6526fd742d74 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-fa6f99be6bce12b0:host:172.234.197.23	SESSION-fa6f99be6bce12b0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-954029bd3fad39c7:SESSION-954029bd3fad39c7	SESSION-954029bd3fad39c7 → pe:syn:SESSION-954029bd3fad39c7
FLOW_DST_PORTOBS	e:fp:flow:d21b6b0f101f:port:tcp:443	flow:d21b6b0f101f → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e3ba2cf190ed0b5c:flow:c1253daa5bfb	SESSION-e3ba2cf190ed0b5c → flow:c1253daa5bfb
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.208:asn:262880	host:177.10.233.208 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-60b46aef513c4722:host:177.10.235.61:host:172.234.197.23	SESSION-60b46aef513c4722 → host:177.10.235.61 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f29ae4ea1d6d03ed:SESSION-f29ae4ea1d6d03ed	SESSION-f29ae4ea1d6d03ed → pe:syn:SESSION-f29ae4ea1d6d03ed
FLOW_DST_PORTOBS	e:fp:flow:0234d60caf47:port:tcp:62231	flow:0234d60caf47 → port:tcp:62231
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-67ad2a69e8a9ea9e:SESSION-67ad2a69e8a9ea9e	SESSION-67ad2a69e8a9ea9e → pe:syn:SESSION-67ad2a69e8a9ea9e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7b4f4901fb8368e3:SESSION-7b4f4901fb8368e3	SESSION-7b4f4901fb8368e3 → pe:syn:SESSION-7b4f4901fb8368e3
FLOW_TO_HOSTOBS	e:to:SESSION-9b373f59ff0198ea:host:177.10.235.78	SESSION-9b373f59ff0198ea → host:177.10.235.78
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9de698333fa1afcb:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-9de698333fa1afcb → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0847a7bc7e933771:flow:48eead35e82a	SESSION-0847a7bc7e933771 → flow:48eead35e82a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dddaf831f2a46242:host:172.234.197.23	SESSION-dddaf831f2a46242 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21cd302cb5783965:host:172.234.197.23	SESSION-21cd302cb5783965 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:fb4025e95017	flow:fb4025e95017 → host:131.196.30.11 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d24a424002821105:host:172.234.197.23	SESSION-d24a424002821105 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:162cd2226747	flow:162cd2226747 → host:37.27.162.26 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67f971eb3e92b8d2:host:172.234.197.23	SESSION-67f971eb3e92b8d2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-87b50db5a64a4926:host:172.234.197.23	SESSION-87b50db5a64a4926 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a3417e991c57bd21:host:177.10.234.162:host:172.234.197.23	SESSION-a3417e991c57bd21 → host:177.10.234.162 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f49ef9eceb986e78:host:172.234.197.23	SESSION-f49ef9eceb986e78 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c3fb7e9e34f6:port:udp:53	flow:c3fb7e9e34f6 → port:udp:53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-10ba6936b0af1959:SESSION-10ba6936b0af1959	SESSION-10ba6936b0af1959 → pe:syn:SESSION-10ba6936b0af1959
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-46f70ffa54883bab:flow:6ddb0818d575	SESSION-46f70ffa54883bab → flow:6ddb0818d575
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.227:asn:271410	host:131.196.30.227 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:436e93c989c9:port:tcp:443	flow:436e93c989c9 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.31:asn:271410	host:131.196.29.31 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-671350c0b0fa8f65:host:172.234.197.23	SESSION-671350c0b0fa8f65 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e8f7d68f255e7d9c:SESSION-e8f7d68f255e7d9c	SESSION-e8f7d68f255e7d9c → pe:syn:SESSION-e8f7d68f255e7d9c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a3df3a26ac38d69:host:177.10.238.227	SESSION-4a3df3a26ac38d69 → host:177.10.238.227
FLOW_FROM_HOSTOBS	e:from:SESSION-51cc268447a19ae7:host:172.234.197.23	SESSION-51cc268447a19ae7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e2eb0c2c4028db16:SESSION-e2eb0c2c4028db16	SESSION-e2eb0c2c4028db16 → pe:syn:SESSION-e2eb0c2c4028db16
flow_observed5-aryOBS	e:fo:flow:f69e7ff11a0f	flow:f69e7ff11a0f → host:177.10.237.155 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-d43ecb134342fe00:host:172.234.197.23	SESSION-d43ecb134342fe00 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e0b427fe2d6e	flow:e0b427fe2d6e → host:177.10.235.213 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8b9309f53afd487:host:172.234.197.23	SESSION-d8b9309f53afd487 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-149428cb73969f2b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-149428cb73969f2b → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f6d18082a7e4dce:host:172.234.197.23	SESSION-4f6d18082a7e4dce → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ff9e39cb371b24f:host:172.234.197.23	SESSION-1ff9e39cb371b24f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e01aa770e4fba49e:host:172.234.197.23:host:177.10.233.96	SESSION-e01aa770e4fba49e → host:172.234.197.23 → host:177.10.233.96
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7c6e69b3f05bcd99:PCAP:capture_20260430070001:903a0e7a436b	SESSION-7c6e69b3f05bcd99 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c506d9600407809:host:172.234.197.23	SESSION-7c506d9600407809 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-52e63b8cb0c4a7de:SESSION-52e63b8cb0c4a7de	SESSION-52e63b8cb0c4a7de → pe:syn:SESSION-52e63b8cb0c4a7de
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-43ba6051cf9120c0:host:177.10.239.102	SESSION-43ba6051cf9120c0 → host:177.10.239.102
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-991550775dcb0266:PCAP:capture_20260430080001:93f47cc296a4	SESSION-991550775dcb0266 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7ac209c33b5c7f5:host:131.196.30.138:host:172.234.197.23	SESSION-b7ac209c33b5c7f5 → host:131.196.30.138 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0f329fce2004d812:host:172.234.197.23	SESSION-0f329fce2004d812 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e7e110cd2632aa64:SESSION-e7e110cd2632aa64	SESSION-e7e110cd2632aa64 → pe:tls:SESSION-e7e110cd2632aa64
FLOW_TO_HOSTOBS	e:to:SESSION-4e3ca473e8fbcab1:host:172.234.197.23	SESSION-4e3ca473e8fbcab1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3e361598c12a1af0:host:131.196.29.95:host:172.234.197.23	SESSION-3e361598c12a1af0 → host:131.196.29.95 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-840476c00c988ec7:host:172.234.197.23	SESSION-840476c00c988ec7 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:331ab659ef61	flow:331ab659ef61 → host:131.196.29.252 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b8fb4f1df9684ff2:PCAP:capture_20260430150001:ded20914761d	SESSION-b8fb4f1df9684ff2 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68282fbeb04671d9:host:172.234.197.23	SESSION-68282fbeb04671d9 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-6a72e7bc5d973ed2:BSG-BEACON-38c437a6a592	SESSION-6a72e7bc5d973ed2 → BSG-BEACON-38c437a6a592
FLOW_FROM_HOSTOBS	e:from:SESSION-5e220c81ec884c58:host:177.10.235.128	SESSION-5e220c81ec884c58 → host:177.10.235.128
FLOW_FROM_HOSTOBS	e:from:SESSION-2490746063a947f9:host:131.196.28.10	SESSION-2490746063a947f9 → host:131.196.28.10
flow_observed4-aryOBS	e:fo:flow:51e729dbd815	flow:51e729dbd815 → host:172.234.197.23 → host:131.196.29.125 → port:tcp:30431
FLOW_TO_HOSTOBS	e:to:SESSION-4f95aea3e66ab57b:host:177.10.235.64	SESSION-4f95aea3e66ab57b → host:177.10.235.64
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3f12e4f5ba81c4d8:host:45.173.156.87:host:172.234.197.23	SESSION-3f12e4f5ba81c4d8 → host:45.173.156.87 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6a72c1d938dd	flow:6a72c1d938dd → host:131.196.29.50 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-5fa5716fea2946da:host:131.196.30.170	SESSION-5fa5716fea2946da → host:131.196.30.170
FLOW_DST_PORTOBS	e:fp:flow:121dc1e70533:port:tcp:443	flow:121dc1e70533 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6f5b8d372cd42441:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6f5b8d372cd42441 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-30b7709547a366f1:host:177.10.238.110:host:172.234.197.23	SESSION-30b7709547a366f1 → host:177.10.238.110 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23dcfe77dd45a14a:host:172.234.197.23	SESSION-23dcfe77dd45a14a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96b1ae4f2b433079:SESSION-96b1ae4f2b433079	SESSION-96b1ae4f2b433079 → pe:syn:SESSION-96b1ae4f2b433079
FLOW_DST_PORTOBS	e:fp:flow:67397cae3e03:port:tcp:65116	flow:67397cae3e03 → port:tcp:65116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c5fe81cc60001f5:host:172.234.197.23	SESSION-8c5fe81cc60001f5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5c7330336192768:SESSION-b5c7330336192768	SESSION-b5c7330336192768 → pe:syn:SESSION-b5c7330336192768
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-da6e864635febf48:PCAP:capture_20260430160001:9bfa4498506a	SESSION-da6e864635febf48 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-bdc14171c537b7eb:host:172.234.197.23	SESSION-bdc14171c537b7eb → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1ea20601fa7d993b:host:131.196.29.53	SESSION-1ea20601fa7d993b → host:131.196.29.53
FLOW_DST_PORTOBS	e:fp:flow:f3a7fe5c3c2c:port:tcp:443	flow:f3a7fe5c3c2c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55979c68784410e0:host:177.10.232.81	SESSION-55979c68784410e0 → host:177.10.232.81
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-976978a22e52e06d:host:177.10.235.231	SESSION-976978a22e52e06d → host:177.10.235.231
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9a4b68b400a3161c:SESSION-9a4b68b400a3161c	SESSION-9a4b68b400a3161c → pe:syn:SESSION-9a4b68b400a3161c
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.179:asn:262880	host:177.10.237.179 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.158:geo_-23.62930_-46.63510	host:131.196.31.158 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a103d39af7264a48:host:45.173.156.67:host:172.234.197.23	SESSION-a103d39af7264a48 → host:45.173.156.67 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cd81cfaee9483060:flow:5feb8893f1da	SESSION-cd81cfaee9483060 → flow:5feb8893f1da
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6dcacced517b07e8:SESSION-6dcacced517b07e8	SESSION-6dcacced517b07e8 → pe:tls:SESSION-6dcacced517b07e8
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.155:asn:262880	host:177.10.235.155 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:a0071da0b04c:port:tcp:47847	flow:a0071da0b04c → port:tcp:47847
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f766219ab3f1d4b:host:172.234.197.23	SESSION-4f766219ab3f1d4b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-eadf7b6ccdd54c7f:host:172.234.197.23	SESSION-eadf7b6ccdd54c7f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-933bde1224d44bcc:host:172.234.197.23	SESSION-933bde1224d44bcc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7240be1eb77ed4f4:host:172.234.197.23	SESSION-7240be1eb77ed4f4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:97158fea544e:port:tcp:10022	flow:97158fea544e → port:tcp:10022
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bcba548cda079292:flow:975970d47051	SESSION-bcba548cda079292 → flow:975970d47051
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eac07967aaca78dc:PCAP:capture_20260430060001:919b39a74464	SESSION-eac07967aaca78dc → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.134:asn:262880	host:177.10.232.134 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b84527735a90d253:SESSION-b84527735a90d253	SESSION-b84527735a90d253 → pe:tls:SESSION-b84527735a90d253
flow_observed5-aryOBS	e:fo:flow:033017b17dce	flow:033017b17dce → host:177.10.239.135 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:32215df6c1e9:port:tcp:443	flow:32215df6c1e9 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c491b8c96ce6e8c2:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c491b8c96ce6e8c2 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-caaa6bcaac59e7b9:host:172.234.197.23	SESSION-caaa6bcaac59e7b9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9166f313177f7326:flow:074dd4a6e3c7	SESSION-9166f313177f7326 → flow:074dd4a6e3c7
FLOW_TO_HOSTOBS	e:to:SESSION-9e87c1bf59f6ff4a:host:177.10.238.208	SESSION-9e87c1bf59f6ff4a → host:177.10.238.208
FLOW_TO_HOSTOBS	e:to:SESSION-a247b2224692840d:host:172.234.197.23	SESSION-a247b2224692840d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-44424f48705b3a9d:SESSION-44424f48705b3a9d	SESSION-44424f48705b3a9d → pe:tls:SESSION-44424f48705b3a9d
flow_observed5-aryOBS	e:fo:flow:2f47b2ba0bf8	flow:2f47b2ba0bf8 → host:157.180.84.94 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fe9137916d2eb5d4:host:131.196.29.154:host:172.234.197.23	SESSION-fe9137916d2eb5d4 → host:131.196.29.154 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-226dccfda73d96ef:host:177.10.237.161	SESSION-226dccfda73d96ef → host:177.10.237.161
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-316231fad61f009e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-316231fad61f009e → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9b209515fa806d4a:SESSION-9b209515fa806d4a	SESSION-9b209515fa806d4a → pe:tls:SESSION-9b209515fa806d4a
FLOW_DST_PORTOBS	e:fp:flow:f226062110a9:port:tcp:12720	flow:f226062110a9 → port:tcp:12720
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d19f64abed8cdcd:host:177.10.234.178	SESSION-2d19f64abed8cdcd → host:177.10.234.178
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9ab65b5d8a01cf3d:SESSION-9ab65b5d8a01cf3d	SESSION-9ab65b5d8a01cf3d → pe:tls:SESSION-9ab65b5d8a01cf3d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-efabffc9197efb23:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-efabffc9197efb23 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-792b602eaec629a3:SESSION-792b602eaec629a3	SESSION-792b602eaec629a3 → pe:syn:SESSION-792b602eaec629a3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d6c92d9b97cea9da:host:172.234.197.23:host:131.196.28.160	SESSION-d6c92d9b97cea9da → host:172.234.197.23 → host:131.196.28.160
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-62b0720ae8fecbf5:SESSION-62b0720ae8fecbf5	SESSION-62b0720ae8fecbf5 → pe:tls:SESSION-62b0720ae8fecbf5
FLOW_FROM_HOSTOBS	e:from:SESSION-a418060e7d2d204b:host:177.10.235.140	SESSION-a418060e7d2d204b → host:177.10.235.140
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-971b25349fba9c5b:host:45.173.156.38	SESSION-971b25349fba9c5b → host:45.173.156.38
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96b1920351aaff79:flow:cb419cbb47c7	SESSION-96b1920351aaff79 → flow:cb419cbb47c7
FLOW_DST_PORTOBS	e:fp:flow:47c922c3eea5:port:tcp:443	flow:47c922c3eea5 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-79349287be3864ac:host:172.234.197.23	SESSION-79349287be3864ac → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4dc16adec194cf9c:host:177.10.232.4:host:172.234.197.23	SESSION-4dc16adec194cf9c → host:177.10.232.4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-67fb5a3b6b27b953:host:172.234.197.23	SESSION-67fb5a3b6b27b953 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-686bda995aabc86f:host:172.234.197.23	SESSION-686bda995aabc86f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e3db8610837fd0b8:host:177.10.238.211:host:172.234.197.23	SESSION-e3db8610837fd0b8 → host:177.10.238.211 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-affea3171060a6d3:SESSION-affea3171060a6d3	SESSION-affea3171060a6d3 → pe:tls:SESSION-affea3171060a6d3
FLOW_FROM_HOSTOBS	e:from:SESSION-f34bafe5f2be5770:host:131.196.29.16	SESSION-f34bafe5f2be5770 → host:131.196.29.16
flow_observed4-aryOBS	e:fo:flow:98c03e37a107	flow:98c03e37a107 → host:172.234.197.23 → host:177.10.239.253 → port:tcp:628
FLOW_TO_HOSTOBS	e:to:SESSION-8417ba17d1562cbc:host:172.234.197.23	SESSION-8417ba17d1562cbc → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f40f233058919cef:flow:630633a4892c	SESSION-f40f233058919cef → flow:630633a4892c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a24a5811642df328:flow:b5fc41b8314e	SESSION-a24a5811642df328 → flow:b5fc41b8314e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c1ac661b3c1fca0:host:177.10.237.220	SESSION-4c1ac661b3c1fca0 → host:177.10.237.220
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33fdac1ad6f47ac8:host:177.10.232.130	SESSION-33fdac1ad6f47ac8 → host:177.10.232.130
flow_observed5-aryOBS	e:fo:flow:15998bf30ce3	flow:15998bf30ce3 → host:177.10.236.195 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8417ba17d1562cbc:host:131.196.30.216:host:172.234.197.23	SESSION-8417ba17d1562cbc → host:131.196.30.216 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1227c455b771a86:host:177.10.238.160	SESSION-d1227c455b771a86 → host:177.10.238.160
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-367a6218c741fe93:host:177.10.232.11:host:172.234.197.23	SESSION-367a6218c741fe93 → host:177.10.232.11 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6d95ea715a47abbc:flow:96b86482edb7	SESSION-6d95ea715a47abbc → flow:96b86482edb7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47f7d0be3b0e89e2:flow:2d49d0a052df	SESSION-47f7d0be3b0e89e2 → flow:2d49d0a052df
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-206c176870c7b9f2:SESSION-206c176870c7b9f2	SESSION-206c176870c7b9f2 → pe:tls:SESSION-206c176870c7b9f2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e4b14eb8b6ee95ef:SESSION-e4b14eb8b6ee95ef	SESSION-e4b14eb8b6ee95ef → pe:tls:SESSION-e4b14eb8b6ee95ef
FLOW_DST_PORTOBS	e:fp:flow:5e742d447609:port:tcp:15990	flow:5e742d447609 → port:tcp:15990
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c587e64f570c8df7:SESSION-c587e64f570c8df7	SESSION-c587e64f570c8df7 → pe:syn:SESSION-c587e64f570c8df7
FLOW_DST_PORTOBS	e:fp:flow:fd4c9b42e462:port:tcp:443	flow:fd4c9b42e462 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-6ee088f254667f6a:host:172.234.197.23	SESSION-6ee088f254667f6a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cca8cec112e53d8f:flow:4c859adc1608	SESSION-cca8cec112e53d8f → flow:4c859adc1608
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96abdd68944f2af2:host:177.10.233.17	SESSION-96abdd68944f2af2 → host:177.10.233.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b3a17f957b1f0153:SESSION-b3a17f957b1f0153	SESSION-b3a17f957b1f0153 → pe:syn:SESSION-b3a17f957b1f0153
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-759329d52e4cabab:PCAP:capture_20260430090001:065659c7d314	SESSION-759329d52e4cabab → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3560085925cb3717:flow:99460b559763	SESSION-3560085925cb3717 → flow:99460b559763
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7f56efcee303c963:PCAP:capture_20260430060001:919b39a74464	SESSION-7f56efcee303c963 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-6cdad751a34344e1:host:172.234.197.23	SESSION-6cdad751a34344e1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-54d23880cad1a846:host:172.234.197.23	SESSION-54d23880cad1a846 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9df9d2c1feb9:port:tcp:443	flow:9df9d2c1feb9 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:2250f63b7582	flow:2250f63b7582 → host:172.234.197.23 → host:177.10.234.249 → port:tcp:13345
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52e5c47434ed6c74:host:172.234.197.23	SESSION-52e5c47434ed6c74 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c7a78933e8b2:port:tcp:56225	flow:c7a78933e8b2 → port:tcp:56225
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-35fc058c4fe240ad:SESSION-35fc058c4fe240ad	SESSION-35fc058c4fe240ad → pe:tls:SESSION-35fc058c4fe240ad
flow_observed5-aryOBS	e:fo:flow:53536406705f	flow:53536406705f → host:177.10.235.69 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-576cc11ebde25a50:SESSION-576cc11ebde25a50	SESSION-576cc11ebde25a50 → pe:tls:SESSION-576cc11ebde25a50
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db946f3602afd068:host:177.10.237.192	SESSION-db946f3602afd068 → host:177.10.237.192
FLOW_TO_HOSTOBS	e:to:SESSION-aee71e8cd1625550:host:177.10.237.254	SESSION-aee71e8cd1625550 → host:177.10.237.254
FLOW_DST_PORTOBS	e:fp:flow:bda97b94938d:port:tcp:52029	flow:bda97b94938d → port:tcp:52029
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9db977289667177f:flow:a94ed5a3e04e	SESSION-9db977289667177f → flow:a94ed5a3e04e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5969e9f81f277f3:host:172.234.197.23	SESSION-d5969e9f81f277f3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c73d5dfb4b98c8a4:PCAP:capture_20260430150001:ded20914761d	SESSION-c73d5dfb4b98c8a4 → PCAP:capture_20260430150001:ded20914761d
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-9a207ecea3558884:BSG-BEACON-f6c2b3d0e42d	SESSION-9a207ecea3558884 → BSG-BEACON-f6c2b3d0e42d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5adf4423481534a6:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-5adf4423481534a6 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-b7312728f8a99afb:host:172.234.197.23	SESSION-b7312728f8a99afb → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.156:geo_19.07480_72.88560	host:45.145.152.156 → geo_19.07480_72.88560
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7852f400065b4a55:host:172.234.197.23	SESSION-7852f400065b4a55 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.19:geo_-23.62930_-46.63510	host:131.196.31.19 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e08dddd9edfa5277:SESSION-e08dddd9edfa5277	SESSION-e08dddd9edfa5277 → pe:syn:SESSION-e08dddd9edfa5277
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.242:asn:271410	host:131.196.28.242 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.167:asn:271410	host:131.196.30.167 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2a0d556a7af957b2:flow:9bf9cf9055b9	SESSION-2a0d556a7af957b2 → flow:9bf9cf9055b9
FLOW_FROM_HOSTOBS	e:from:SESSION-f35bbd3887f167bf:host:172.234.197.23	SESSION-f35bbd3887f167bf → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cdf732629d327c4c:host:92.112.71.52	SESSION-cdf732629d327c4c → host:92.112.71.52
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-25fe6bafaa94a84d:host:45.145.152.13:host:172.234.197.23	SESSION-25fe6bafaa94a84d → host:45.145.152.13 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-458a0c6775d84d5e:host:177.10.232.148:host:172.234.197.23	SESSION-458a0c6775d84d5e → host:177.10.232.148 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d858e5d91e76	flow:d858e5d91e76 → host:172.234.197.23 → host:177.10.233.29 → port:tcp:49713
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-693fee7d62fe51b9:SESSION-693fee7d62fe51b9	SESSION-693fee7d62fe51b9 → pe:tls:SESSION-693fee7d62fe51b9
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.140:asn:262880	host:177.10.238.140 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5bae596d14ec2741:host:172.234.197.23	SESSION-5bae596d14ec2741 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1b4aebfef6c24ca0:flow:d0124c1ae468	SESSION-1b4aebfef6c24ca0 → flow:d0124c1ae468
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f42dcf2468c4a64f:host:131.196.31.61	SESSION-f42dcf2468c4a64f → host:131.196.31.61
FLOW_FROM_HOSTOBS	e:from:SESSION-7a70c074fb73905e:host:172.234.197.23	SESSION-7a70c074fb73905e → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.36:geo_-16.28860_-49.01640	host:177.10.238.36 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-803381ec4a55866c:SESSION-803381ec4a55866c	SESSION-803381ec4a55866c → pe:syn:SESSION-803381ec4a55866c
FLOW_DST_PORTOBS	e:fp:flow:e54bcb908ef4:port:tcp:55633	flow:e54bcb908ef4 → port:tcp:55633
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-964acfd97ca38755:host:177.10.234.95	SESSION-964acfd97ca38755 → host:177.10.234.95
FLOW_DST_PORTOBS	e:fp:flow:35b89e4ab0ec:port:tcp:443	flow:35b89e4ab0ec → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5d0f919734488d0b:PCAP:capture_20260430150001:ded20914761d	SESSION-5d0f919734488d0b → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-48cf6591de1d67a3:SESSION-48cf6591de1d67a3	SESSION-48cf6591de1d67a3 → pe:syn:SESSION-48cf6591de1d67a3
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.84:asn:262880	host:177.10.234.84 → asn:262880
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-77c18cfa23ea97ee:BSG-BEACON-026b83b0f096	SESSION-77c18cfa23ea97ee → BSG-BEACON-026b83b0f096
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a1cda6283fa3945:SESSION-4a1cda6283fa3945	SESSION-4a1cda6283fa3945 → pe:tls:SESSION-4a1cda6283fa3945
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2f691479e1fc1edf:host:177.10.235.205:host:172.234.197.23	SESSION-2f691479e1fc1edf → host:177.10.235.205 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-42d85a7a0d0a6c22:SESSION-42d85a7a0d0a6c22	SESSION-42d85a7a0d0a6c22 → pe:tls:SESSION-42d85a7a0d0a6c22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-131cbd262c833b9b:host:177.10.235.253	SESSION-131cbd262c833b9b → host:177.10.235.253
flow_observed5-aryOBS	e:fo:flow:bf734c94e9b1	flow:bf734c94e9b1 → host:131.196.29.220 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.187:asn:271410	host:131.196.31.187 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-643a90c68c400c64:PCAP:capture_20260430070001:903a0e7a436b	SESSION-643a90c68c400c64 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-38fb62728f2b5e64:host:177.10.237.255:host:172.234.197.23	SESSION-38fb62728f2b5e64 → host:177.10.237.255 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4d5b5151108975cf:PCAP:capture_20260430080001:93f47cc296a4	SESSION-4d5b5151108975cf → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-285399b7803aab9b:host:172.234.197.23:host:177.10.234.81	SESSION-285399b7803aab9b → host:172.234.197.23 → host:177.10.234.81
flow_observed5-aryOBS	e:fo:flow:b5d485827129	flow:b5d485827129 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bfa418bfe374bf06:host:172.234.197.23	SESSION-bfa418bfe374bf06 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-592321b004976459:PCAP:capture_20260430080001:93f47cc296a4	SESSION-592321b004976459 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:a4a590b26aa1	flow:a4a590b26aa1 → host:177.10.237.163 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2f99dd3ca5b14a25:SESSION-2f99dd3ca5b14a25	SESSION-2f99dd3ca5b14a25 → pe:tls:SESSION-2f99dd3ca5b14a25
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-23fc04533211debf:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-23fc04533211debf → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cfdf430166eb3e5d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cfdf430166eb3e5d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-27ee7c401cb71f02:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-27ee7c401cb71f02 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ad3aa4b6b6de70e6:flow:8cc36fa22779	SESSION-ad3aa4b6b6de70e6 → flow:8cc36fa22779
FLOW_DST_PORTOBS	e:fp:flow:cb9a4a784bb4:port:tcp:443	flow:cb9a4a784bb4 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-06a6b67473c48ddd:PCAP:capture_20260430150001:ded20914761d	SESSION-06a6b67473c48ddd → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc57a46aa64b7388:SESSION-cc57a46aa64b7388	SESSION-cc57a46aa64b7388 → pe:tls:SESSION-cc57a46aa64b7388
FLOW_DST_PORTOBS	e:fp:flow:10758d6a819f:port:tcp:443	flow:10758d6a819f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a5f9d16efb179df1:SESSION-a5f9d16efb179df1	SESSION-a5f9d16efb179df1 → pe:tls:SESSION-a5f9d16efb179df1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d3e80fb3431ec3f4:host:185.231.226.159	SESSION-d3e80fb3431ec3f4 → host:185.231.226.159
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d1227c455b771a86:SESSION-d1227c455b771a86	SESSION-d1227c455b771a86 → pe:syn:SESSION-d1227c455b771a86
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.237:geo_-16.28860_-49.01640	host:177.10.237.237 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-53d75396bd30ce89:host:45.173.156.228	SESSION-53d75396bd30ce89 → host:45.173.156.228
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f5c08654c75b915c:SESSION-f5c08654c75b915c	SESSION-f5c08654c75b915c → pe:syn:SESSION-f5c08654c75b915c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e09e8a3cbea3c18a:host:172.234.197.23	SESSION-e09e8a3cbea3c18a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7679fd0fd118c12e:host:131.196.30.91	SESSION-7679fd0fd118c12e → host:131.196.30.91
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-301cccab595ff1f6:flow:ac3806b9df7d	SESSION-301cccab595ff1f6 → flow:ac3806b9df7d
FLOW_FROM_HOSTOBS	e:from:SESSION-d44c53e781b5466e:host:172.234.197.23	SESSION-d44c53e781b5466e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f42753b09b481d7e:host:131.196.29.215	SESSION-f42753b09b481d7e → host:131.196.29.215
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e32df6cc4891bacc:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e32df6cc4891bacc → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d0153bfe1e0550f7:flow:048a9b4699ef	SESSION-d0153bfe1e0550f7 → flow:048a9b4699ef
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ab6d0c9e6f54de20:flow:9796cc5458b7	SESSION-ab6d0c9e6f54de20 → flow:9796cc5458b7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-942872364f4f0f53:host:172.234.197.23	SESSION-942872364f4f0f53 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2887c6ee2de14ac9:host:172.234.197.23	SESSION-2887c6ee2de14ac9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2e920b338cbbee7b:SESSION-2e920b338cbbee7b	SESSION-2e920b338cbbee7b → pe:tls:SESSION-2e920b338cbbee7b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7063a4bdff0e259c:PCAP:capture_20260430150001:ded20914761d	SESSION-7063a4bdff0e259c → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:d6068bac240a:port:tcp:443	flow:d6068bac240a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2490746063a947f9:host:172.234.197.23	SESSION-2490746063a947f9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be8cffb783bfde31:host:172.234.197.23	SESSION-be8cffb783bfde31 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6713221fe5694a6d:SESSION-6713221fe5694a6d	SESSION-6713221fe5694a6d → pe:syn:SESSION-6713221fe5694a6d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-03724996262dbf01:SESSION-03724996262dbf01	SESSION-03724996262dbf01 → pe:tls:SESSION-03724996262dbf01
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-94f17b7b7397155e:flow:dcab33a7f74b	SESSION-94f17b7b7397155e → flow:dcab33a7f74b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-779f746558d2d979:SESSION-779f746558d2d979	SESSION-779f746558d2d979 → pe:tls:SESSION-779f746558d2d979
FLOW_TO_HOSTOBS	e:to:SESSION-97a6ca320e2242f6:host:172.234.197.23	SESSION-97a6ca320e2242f6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-171cec02c0effee6:host:172.234.197.23	SESSION-171cec02c0effee6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5d5e5bbccd32f2d5:host:172.234.197.23	SESSION-5d5e5bbccd32f2d5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-21b1ebb6f3d7bd68:flow:17f351eb2800	SESSION-21b1ebb6f3d7bd68 → flow:17f351eb2800
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-954029bd3fad39c7:flow:505ce40fcfde	SESSION-954029bd3fad39c7 → flow:505ce40fcfde
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19279b7c3b267599:host:131.196.29.220	SESSION-19279b7c3b267599 → host:131.196.29.220
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06b5f759c1748871:host:172.234.197.23	SESSION-06b5f759c1748871 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-11d5793dfe2c0097:SESSION-11d5793dfe2c0097	SESSION-11d5793dfe2c0097 → pe:syn:SESSION-11d5793dfe2c0097
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9166f313177f7326:host:45.173.156.179:host:172.234.197.23	SESSION-9166f313177f7326 → host:45.173.156.179 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:270633e55f2d:port:tcp:443	flow:270633e55f2d → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-30152f28b63d1649:host:177.10.236.122:host:172.234.197.23	SESSION-30152f28b63d1649 → host:177.10.236.122 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a3ddadd26471	flow:a3ddadd26471 → host:172.234.197.23 → host:131.196.28.110 → port:tcp:13628
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b30f6f845792a67e:host:177.10.234.243	SESSION-b30f6f845792a67e → host:177.10.234.243
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5804e26655ff1a06:host:172.234.197.23	SESSION-5804e26655ff1a06 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a1e631f6e627b67d:SESSION-a1e631f6e627b67d	SESSION-a1e631f6e627b67d → pe:tls:SESSION-a1e631f6e627b67d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.42:asn:262880	host:177.10.239.42 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-27536868d2d29d68:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-27536868d2d29d68 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:0f65dad4c09c:port:tcp:443	flow:0f65dad4c09c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f479797471e82d6b:SESSION-f479797471e82d6b	SESSION-f479797471e82d6b → pe:syn:SESSION-f479797471e82d6b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e9e9835a2b91f231:host:172.234.197.23	SESSION-e9e9835a2b91f231 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a38bfeac3fad0550:SESSION-a38bfeac3fad0550	SESSION-a38bfeac3fad0550 → pe:syn:SESSION-a38bfeac3fad0550
flow_observed5-aryOBS	e:fo:flow:ded84b73dcc2	flow:ded84b73dcc2 → host:131.196.28.87 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.163:geo_-16.28860_-49.01640	host:177.10.233.163 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4673fb47ee0c5a9:host:172.234.197.23	SESSION-d4673fb47ee0c5a9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.180:asn:262880	host:177.10.237.180 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.184:asn:262880	host:177.10.235.184 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-527acdf0d3ebbbcc:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-527acdf0d3ebbbcc → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8e3933798ce80a4c:SESSION-8e3933798ce80a4c	SESSION-8e3933798ce80a4c → pe:tls:SESSION-8e3933798ce80a4c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a5b7661178bc9fc6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a5b7661178bc9fc6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:cb7e1163ea09	flow:cb7e1163ea09 → host:177.10.237.6 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b9fb0652618e8095:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b9fb0652618e8095 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-99af0da0e550d67b:host:131.196.31.18	SESSION-99af0da0e550d67b → host:131.196.31.18
FLOW_DST_PORTOBS	e:fp:flow:5ad2ff1940be:port:tcp:80	flow:5ad2ff1940be → port:tcp:80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cfe71d52ef2e928b:SESSION-cfe71d52ef2e928b	SESSION-cfe71d52ef2e928b → pe:tls:SESSION-cfe71d52ef2e928b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6af89b3798eaaf52:PCAP:capture_20260430160001:9bfa4498506a	SESSION-6af89b3798eaaf52 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-35910be85c736a39:SESSION-35910be85c736a39	SESSION-35910be85c736a39 → pe:syn:SESSION-35910be85c736a39
FLOW_TO_HOSTOBS	e:to:SESSION-8f62140848f2b702:host:172.234.197.23	SESSION-8f62140848f2b702 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:152516e88773	flow:152516e88773 → host:172.234.197.23 → host:177.10.237.226 → port:tcp:20418
FLOW_FROM_HOSTOBS	e:from:SESSION-5fd776fee1455ee3:host:93.119.5.133	SESSION-5fd776fee1455ee3 → host:93.119.5.133
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a4f6dd7436745b4:SESSION-4a4f6dd7436745b4	SESSION-4a4f6dd7436745b4 → pe:syn:SESSION-4a4f6dd7436745b4
FLOW_FROM_HOSTOBS	e:from:SESSION-66f42b3418de6818:host:45.173.156.47	SESSION-66f42b3418de6818 → host:45.173.156.47
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.159:asn:262880	host:177.10.232.159 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-635c4a1226b6dd4e:host:131.196.28.130	SESSION-635c4a1226b6dd4e → host:131.196.28.130
FLOW_DST_PORTOBS	e:fp:flow:df7fa005a388:port:tcp:54560	flow:df7fa005a388 → port:tcp:54560
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.98:geo_-16.28860_-49.01640	host:177.10.234.98 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:be92f25f6322	flow:be92f25f6322 → host:131.196.29.235 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44cdc048c80875b5:host:172.234.197.23	SESSION-44cdc048c80875b5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a83f7d2591dcabf5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a83f7d2591dcabf5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4289737814dbd64:SESSION-c4289737814dbd64	SESSION-c4289737814dbd64 → pe:tls:SESSION-c4289737814dbd64
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ecb25cc7396151e7:host:177.10.239.139:host:172.234.197.23	SESSION-ecb25cc7396151e7 → host:177.10.239.139 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8806932607856a75:host:177.10.235.190	SESSION-8806932607856a75 → host:177.10.235.190
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-282c3beb2e9d9d39:SESSION-282c3beb2e9d9d39	SESSION-282c3beb2e9d9d39 → pe:syn:SESSION-282c3beb2e9d9d39
FLOW_TO_HOSTOBS	e:to:SESSION-030a81db4532bd3a:host:177.10.238.204	SESSION-030a81db4532bd3a → host:177.10.238.204
FLOW_DST_PORTOBS	e:fp:flow:5513de486200:port:tcp:443	flow:5513de486200 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-09e72a02b44d9649:SESSION-09e72a02b44d9649	SESSION-09e72a02b44d9649 → pe:syn:SESSION-09e72a02b44d9649
FLOW_FROM_HOSTOBS	e:from:SESSION-60f4d0af24f032dd:host:172.234.197.23	SESSION-60f4d0af24f032dd → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bd3259577d52904f:host:172.234.197.23	SESSION-bd3259577d52904f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-11ee8787e5fc7b06:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-11ee8787e5fc7b06 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-cfb2466cf35b5342:host:172.234.197.23	SESSION-cfb2466cf35b5342 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2111fdd56ba5	flow:2111fdd56ba5 → host:177.10.237.226 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-da14e554ef56152a:PCAP:capture_20260430110001:43611bdf6759	SESSION-da14e554ef56152a → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-17133b7d31116a9e:host:172.234.197.23	SESSION-17133b7d31116a9e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-10314c25bdbc198a:host:177.10.233.126:host:172.234.197.23	SESSION-10314c25bdbc198a → host:177.10.233.126 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.139:asn:273470	host:45.173.156.139 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9f49b20c8baea20b:SESSION-9f49b20c8baea20b	SESSION-9f49b20c8baea20b → pe:syn:SESSION-9f49b20c8baea20b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-449915b4a668f160:flow:56fb0bb7a878	SESSION-449915b4a668f160 → flow:56fb0bb7a878
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf9713fb7209fcf9:flow:1a8a06fabc44	SESSION-bf9713fb7209fcf9 → flow:1a8a06fabc44
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-74ad535621338757:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-74ad535621338757 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2963f6e37ebf1d0d:flow:482b91ee59c0	SESSION-2963f6e37ebf1d0d → flow:482b91ee59c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c84656a173f6275:host:177.10.238.192	SESSION-9c84656a173f6275 → host:177.10.238.192
FLOW_FROM_HOSTOBS	e:from:SESSION-51603301232db2ce:host:177.10.235.126	SESSION-51603301232db2ce → host:177.10.235.126
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f8491791342c7cb3:SESSION-f8491791342c7cb3	SESSION-f8491791342c7cb3 → pe:syn:SESSION-f8491791342c7cb3
FLOW_TO_HOSTOBS	e:to:SESSION-350febc37b3f152d:host:172.234.197.23	SESSION-350febc37b3f152d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-76fc6cf591b9ed20:SESSION-76fc6cf591b9ed20	SESSION-76fc6cf591b9ed20 → pe:syn:SESSION-76fc6cf591b9ed20
flow_observed4-aryOBS	e:fo:flow:07d2e0a26bff	flow:07d2e0a26bff → host:172.234.197.23 → host:177.10.234.186 → port:tcp:48582
FLOW_FROM_HOSTOBS	e:from:SESSION-926b7babcf98185f:host:172.234.197.23	SESSION-926b7babcf98185f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d0bad8110700772:host:131.196.28.243:host:172.234.197.23	SESSION-1d0bad8110700772 → host:131.196.28.243 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-56d3b103682c9fbe:SESSION-56d3b103682c9fbe	SESSION-56d3b103682c9fbe → pe:syn:SESSION-56d3b103682c9fbe
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.134:asn:203771	host:95.170.25.134 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2df5a0c07309bf07:host:177.10.232.155	SESSION-2df5a0c07309bf07 → host:177.10.232.155
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ee9fbb8d7f6cf47b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ee9fbb8d7f6cf47b → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5407005cb310ce8:host:131.196.30.214	SESSION-d5407005cb310ce8 → host:131.196.30.214
flow_observed5-aryOBS	e:fo:flow:40ddd64a6350	flow:40ddd64a6350 → host:177.10.232.61 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-587cecb9c2d65d84:host:172.234.197.23	SESSION-587cecb9c2d65d84 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0064e8629093:port:tcp:54552	flow:0064e8629093 → port:tcp:54552
FLOW_FROM_HOSTOBS	e:from:SESSION-2ec65811ecc506ca:host:177.10.235.230	SESSION-2ec65811ecc506ca → host:177.10.235.230
FLOW_FROM_HOSTOBS	e:from:SESSION-1b69502656f28818:host:172.234.197.23	SESSION-1b69502656f28818 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7738f57138403f60:host:45.173.156.7	SESSION-7738f57138403f60 → host:45.173.156.7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-066d98dee3275acb:host:31.40.196.26	SESSION-066d98dee3275acb → host:31.40.196.26
flow_observed5-aryOBS	e:fo:flow:a2e5567adfc2	flow:a2e5567adfc2 → host:45.173.156.245 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.138:geo_-21.10010_-41.69200	host:45.173.156.138 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3fb8ed1fbc81e736:SESSION-3fb8ed1fbc81e736	SESSION-3fb8ed1fbc81e736 → pe:tls:SESSION-3fb8ed1fbc81e736
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0da58b5e3634dda2:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0da58b5e3634dda2 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-51de65c9ef505a13:host:131.196.30.170	SESSION-51de65c9ef505a13 → host:131.196.30.170
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ee6825b3a9be6d1:host:177.10.235.215:host:172.234.197.23	SESSION-6ee6825b3a9be6d1 → host:177.10.235.215 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6081275b2fa04e5c:host:116.235.165.166:host:172.234.197.23	SESSION-6081275b2fa04e5c → host:116.235.165.166 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-83f081267b847a58:host:172.234.197.23	SESSION-83f081267b847a58 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:58f6dfb807f6:port:tcp:18231	flow:58f6dfb807f6 → port:tcp:18231
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5e8651e0c063dc0a:flow:58f6dfb807f6	SESSION-5e8651e0c063dc0a → flow:58f6dfb807f6
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-86a02a9ab2988acd:BSG-BEACON-a8a8c3c8a37f	SESSION-86a02a9ab2988acd → BSG-BEACON-a8a8c3c8a37f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-660bfab63a10a518:host:177.10.234.68:host:172.234.197.23	SESSION-660bfab63a10a518 → host:177.10.234.68 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:67579f5ba801	flow:67579f5ba801 → host:172.234.197.23 → host:45.173.156.221 → port:tcp:9300
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e4e6682786f65470:PCAP:capture_20260430090001:065659c7d314	SESSION-e4e6682786f65470 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a4fdea987cb08476:flow:4bcf39a2cae9	SESSION-a4fdea987cb08476 → flow:4bcf39a2cae9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fa2f81c8f6798425:flow:454a5a5ddf6b	SESSION-fa2f81c8f6798425 → flow:454a5a5ddf6b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86f90a53110dcf25:host:172.234.197.23	SESSION-86f90a53110dcf25 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5c7f3c61dd4869fc:host:172.234.197.23	SESSION-5c7f3c61dd4869fc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5f56081dde23b5ed:PCAP:capture_20260430160001:9bfa4498506a	SESSION-5f56081dde23b5ed → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79760fcdb710bc7a:host:177.10.237.18	SESSION-79760fcdb710bc7a → host:177.10.237.18
FLOW_FROM_HOSTOBS	e:from:SESSION-6459c4621d226611:host:131.196.30.104	SESSION-6459c4621d226611 → host:131.196.30.104
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.216:asn:271410	host:131.196.30.216 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf12b1de67086909:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-bf12b1de67086909 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6a46bc5971af02e3:host:172.234.197.23:host:94.183.177.120	SESSION-6a46bc5971af02e3 → host:172.234.197.23 → host:94.183.177.120
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c9d9495404a53bc0:SESSION-c9d9495404a53bc0	SESSION-c9d9495404a53bc0 → pe:tls:SESSION-c9d9495404a53bc0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7ae30acbd5f5fc5:host:177.10.235.15	SESSION-b7ae30acbd5f5fc5 → host:177.10.235.15
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.146:geo_-21.10010_-41.69200	host:45.173.156.146 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-bf1d5c3c8737f760:host:172.234.197.23	SESSION-bf1d5c3c8737f760 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3931cb15b35f138a:SESSION-3931cb15b35f138a	SESSION-3931cb15b35f138a → pe:syn:SESSION-3931cb15b35f138a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b2474eb623db0155:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b2474eb623db0155 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c7b12eb68f09b08a:host:177.10.239.192:host:172.234.197.23	SESSION-c7b12eb68f09b08a → host:177.10.239.192 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a55a830d22fea90d:SESSION-a55a830d22fea90d	SESSION-a55a830d22fea90d → pe:tls:SESSION-a55a830d22fea90d
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.85:asn:273470	host:45.173.156.85 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4be6b5471ca196a:SESSION-c4be6b5471ca196a	SESSION-c4be6b5471ca196a → pe:tls:SESSION-c4be6b5471ca196a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.171:geo_-16.28860_-49.01640	host:177.10.234.171 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-f83bf77e11c8adb3:host:177.10.239.78	SESSION-f83bf77e11c8adb3 → host:177.10.239.78
FLOW_FROM_HOSTOBS	e:from:SESSION-3a3baa467b71ba10:host:177.10.232.223	SESSION-3a3baa467b71ba10 → host:177.10.232.223
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8cb5baa2c4d67a55:SESSION-8cb5baa2c4d67a55	SESSION-8cb5baa2c4d67a55 → pe:tls:SESSION-8cb5baa2c4d67a55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-2842c4c08e29d7d7:SESSION-2842c4c08e29d7d7	SESSION-2842c4c08e29d7d7 → pe:rst:SESSION-2842c4c08e29d7d7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3bfa302feda190a0:host:172.234.197.23:host:131.196.30.142	SESSION-3bfa302feda190a0 → host:172.234.197.23 → host:131.196.30.142
FLOW_DST_PORTOBS	e:fp:flow:1dce484c4ff7:port:tcp:443	flow:1dce484c4ff7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b3edcc633e4f5b2c:SESSION-b3edcc633e4f5b2c	SESSION-b3edcc633e4f5b2c → pe:tls:SESSION-b3edcc633e4f5b2c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa9dc0f394726313:host:172.234.197.23	SESSION-fa9dc0f394726313 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4c6ce7a55e2ab654:flow:d6068bac240a	SESSION-4c6ce7a55e2ab654 → flow:d6068bac240a
FLOW_DST_PORTOBS	e:fp:flow:a7998d580970:port:tcp:443	flow:a7998d580970 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6bd47d8fd21ead6d:flow:bb3f8d8dd333	SESSION-6bd47d8fd21ead6d → flow:bb3f8d8dd333
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-578ff4b2beeb08df:host:131.196.29.61:host:172.234.197.23	SESSION-578ff4b2beeb08df → host:131.196.29.61 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.122:geo_-16.28860_-49.01640	host:177.10.237.122 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.121:geo_-16.28860_-49.01640	host:177.10.236.121 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2b2ef1696b4c4f00:PCAP:capture_20260430090001:065659c7d314	SESSION-2b2ef1696b4c4f00 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-83d893adc4ebe669:SESSION-83d893adc4ebe669	SESSION-83d893adc4ebe669 → pe:syn:SESSION-83d893adc4ebe669
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2ec4538209fcf12:host:172.234.197.23	SESSION-d2ec4538209fcf12 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:c1e3509c8979	flow:c1e3509c8979 → host:172.234.197.23 → host:177.10.239.224 → port:tcp:27555
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-57d2db6c2c177c2e:SESSION-57d2db6c2c177c2e	SESSION-57d2db6c2c177c2e → pe:tls:SESSION-57d2db6c2c177c2e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-57d0b948d59d1db4:SESSION-57d0b948d59d1db4	SESSION-57d0b948d59d1db4 → pe:tls:SESSION-57d0b948d59d1db4
FLOW_DST_PORTOBS	e:fp:flow:be505aff798a:port:tcp:14837	flow:be505aff798a → port:tcp:14837
FLOW_DST_PORTOBS	e:fp:flow:81a15ff062a8:port:tcp:443	flow:81a15ff062a8 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:e8e30e710466:port:tcp:443	flow:e8e30e710466 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:2ba008c1adde:port:tcp:443	flow:2ba008c1adde → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-652478bc70a2d711:host:172.234.197.23:host:177.10.236.64	SESSION-652478bc70a2d711 → host:172.234.197.23 → host:177.10.236.64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7549effe520d0229:host:177.10.239.25	SESSION-7549effe520d0229 → host:177.10.239.25
FLOW_TO_HOSTOBS	e:to:SESSION-c36a1f3b5aad9a99:host:172.234.197.23	SESSION-c36a1f3b5aad9a99 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-33db7a85fa9e759a:SESSION-33db7a85fa9e759a	SESSION-33db7a85fa9e759a → pe:tls:SESSION-33db7a85fa9e759a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3ea9485b82ac2233:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3ea9485b82ac2233 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-354d6c0d37a0b016:host:172.234.197.23	SESSION-354d6c0d37a0b016 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:337390b0db9e	flow:337390b0db9e → host:177.10.237.129 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65274afd8d8bc249:SESSION-65274afd8d8bc249	SESSION-65274afd8d8bc249 → pe:tls:SESSION-65274afd8d8bc249
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b4e7d8d3f995a1a9:SESSION-b4e7d8d3f995a1a9	SESSION-b4e7d8d3f995a1a9 → pe:syn:SESSION-b4e7d8d3f995a1a9
FLOW_DST_PORTOBS	e:fp:flow:87c0f5d21d31:port:tcp:48960	flow:87c0f5d21d31 → port:tcp:48960
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0b71b9d0133c3b30:flow:bc301461f31d	SESSION-0b71b9d0133c3b30 → flow:bc301461f31d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-205f7c84653f0fb6:PCAP:capture_20260430150001:ded20914761d	SESSION-205f7c84653f0fb6 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-e22ceaf98f82b588:host:177.10.232.131	SESSION-e22ceaf98f82b588 → host:177.10.232.131
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ab46af96ea11edd:host:172.234.197.23	SESSION-7ab46af96ea11edd → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d69d721ba9bae694:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d69d721ba9bae694 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb5c3fce7274dac7:SESSION-cb5c3fce7274dac7	SESSION-cb5c3fce7274dac7 → pe:syn:SESSION-cb5c3fce7274dac7
FLOW_TO_HOSTOBS	e:to:SESSION-57d0b948d59d1db4:host:172.234.197.23	SESSION-57d0b948d59d1db4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ae5500b1626fa45f:host:177.10.239.186:host:172.234.197.23	SESSION-ae5500b1626fa45f → host:177.10.239.186 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-70cb56f6bea3d067:host:177.10.234.28	SESSION-70cb56f6bea3d067 → host:177.10.234.28
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc0f694a62c9abc8:flow:032a41dd171b	SESSION-cc0f694a62c9abc8 → flow:032a41dd171b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ba1793b4e05c9885:host:172.234.197.23	SESSION-ba1793b4e05c9885 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8631759e2d7ec30:host:177.10.233.185:host:172.234.197.23	SESSION-c8631759e2d7ec30 → host:177.10.233.185 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8e6988ed77a3d110:flow:9ac58cc69d5e	SESSION-8e6988ed77a3d110 → flow:9ac58cc69d5e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.182:asn:262880	host:177.10.236.182 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ca027ca401d4d122:SESSION-ca027ca401d4d122	SESSION-ca027ca401d4d122 → pe:tls:SESSION-ca027ca401d4d122
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7391507b773a5722:SESSION-7391507b773a5722	SESSION-7391507b773a5722 → pe:syn:SESSION-7391507b773a5722
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e7f9687dfabd8cdb:SESSION-e7f9687dfabd8cdb	SESSION-e7f9687dfabd8cdb → pe:syn:SESSION-e7f9687dfabd8cdb
FLOW_TO_HOSTOBS	e:to:SESSION-2625555cac004c06:host:131.196.31.104	SESSION-2625555cac004c06 → host:131.196.31.104
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fa31db6279a0e7c:host:172.234.197.23	SESSION-1fa31db6279a0e7c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5792abf3d18d9356:host:177.10.237.35	SESSION-5792abf3d18d9356 → host:177.10.237.35
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ef7241157e60b5c0:host:95.170.25.6:host:172.234.197.23	SESSION-ef7241157e60b5c0 → host:95.170.25.6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29f2fc627b4350bb:host:172.234.197.23	SESSION-29f2fc627b4350bb → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c184642b13b6de27:host:172.234.197.23	SESSION-c184642b13b6de27 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:af12d296b9cb	flow:af12d296b9cb → host:177.10.234.108 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d815390d9091f577:SESSION-d815390d9091f577	SESSION-d815390d9091f577 → pe:tls:SESSION-d815390d9091f577
FLOW_FROM_HOSTOBS	e:from:SESSION-93e5d317492a213b:host:177.10.232.233	SESSION-93e5d317492a213b → host:177.10.232.233
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-537378f36f2f8a26:SESSION-537378f36f2f8a26	SESSION-537378f36f2f8a26 → pe:tls:SESSION-537378f36f2f8a26
FLOW_DST_PORTOBS	e:fp:flow:0dfe7cae9b59:port:tcp:443	flow:0dfe7cae9b59 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-685011adf9d67a1b:host:172.234.197.23	SESSION-685011adf9d67a1b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b16231fef814b904:host:177.10.237.80	SESSION-b16231fef814b904 → host:177.10.237.80
FLOW_FROM_HOSTOBS	e:from:SESSION-81de972e9a362700:host:95.135.228.1	SESSION-81de972e9a362700 → host:95.135.228.1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67fe6c66ab1f1fcd:host:172.234.197.23	SESSION-67fe6c66ab1f1fcd → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.93:geo_-16.28860_-49.01640	host:177.10.237.93 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d8d921ace7c85ce9:flow:4925c1a24954	SESSION-d8d921ace7c85ce9 → flow:4925c1a24954
FLOW_TO_HOSTOBS	e:to:SESSION-975059a05a34b0ad:host:177.10.235.64	SESSION-975059a05a34b0ad → host:177.10.235.64
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.135.228.95:geo_41.00190_28.96450	host:95.135.228.95 → geo_41.00190_28.96450
flow_observed5-aryOBS	e:fo:flow:dcd71f326a6e	flow:dcd71f326a6e → host:177.10.234.188 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-301cccab595ff1f6:host:172.234.197.23	SESSION-301cccab595ff1f6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d415b9a57558:port:tcp:443	flow:d415b9a57558 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1fc279480f80cfd1:PCAP:capture_20260430070001:903a0e7a436b	SESSION-1fc279480f80cfd1 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:5c96717ce09e:port:tcp:443	flow:5c96717ce09e → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-3e1df474445c908f:host:131.196.30.179	SESSION-3e1df474445c908f → host:131.196.30.179
flow_observed5-aryOBS	e:fo:flow:972221c19bc6	flow:972221c19bc6 → host:177.10.235.170 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d741000864bcf81f:SESSION-d741000864bcf81f	SESSION-d741000864bcf81f → pe:syn:SESSION-d741000864bcf81f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c6580975a2d7416:host:172.234.197.23	SESSION-7c6580975a2d7416 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67a710d2531b2faa:host:45.173.156.162	SESSION-67a710d2531b2faa → host:45.173.156.162
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f39fdcb76f4b9f9d:host:172.234.197.23	SESSION-f39fdcb76f4b9f9d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-266bac80b9ef8487:host:172.234.197.23	SESSION-266bac80b9ef8487 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bf6bfb4b9f17f41e:host:172.234.197.23	SESSION-bf6bfb4b9f17f41e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e327e4197615d5bf:host:172.234.197.23	SESSION-e327e4197615d5bf → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.233:geo_-23.62930_-46.63510	host:131.196.31.233 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3930651da0a26cb4:PCAP:capture_20260430150001:ded20914761d	SESSION-3930651da0a26cb4 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5792abf3d18d9356:host:172.234.197.23	SESSION-5792abf3d18d9356 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f76d275e2b42c8d0:host:177.10.233.230	SESSION-f76d275e2b42c8d0 → host:177.10.233.230
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-003677474853cb22:host:177.10.232.148:host:172.234.197.23	SESSION-003677474853cb22 → host:177.10.232.148 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2edb47571c4ed35:host:131.196.29.12	SESSION-e2edb47571c4ed35 → host:131.196.29.12
FLOW_TO_HOSTOBS	e:to:SESSION-b16231fef814b904:host:172.234.197.23	SESSION-b16231fef814b904 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f3d13cea2cf7dcee:host:172.234.197.23	SESSION-f3d13cea2cf7dcee → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f9dfce76a0e2:port:tcp:443	flow:f9dfce76a0e2 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-edeb3dca8d1da30b:host:172.234.197.23	SESSION-edeb3dca8d1da30b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8e1fcfb1c4254c4b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-8e1fcfb1c4254c4b → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7a800bc67052acb8:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7a800bc67052acb8 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7a11ee5d378ab4f4:SESSION-7a11ee5d378ab4f4	SESSION-7a11ee5d378ab4f4 → pe:tls:SESSION-7a11ee5d378ab4f4
FLOW_TO_HOSTOBS	e:to:SESSION-a7aa94b5f9268de0:host:172.234.197.23	SESSION-a7aa94b5f9268de0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-481702f1e56ec074:PCAP:capture_20260430070001:903a0e7a436b	SESSION-481702f1e56ec074 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:28f3f26a1ea2	flow:28f3f26a1ea2 → host:177.10.232.182 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a238538ee50c7862:host:131.196.28.10:host:172.234.197.23	SESSION-a238538ee50c7862 → host:131.196.28.10 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-76512232807349be:SESSION-76512232807349be	SESSION-76512232807349be → pe:syn:SESSION-76512232807349be
flow_observed5-aryOBS	e:fo:flow:21a048a11bf5	flow:21a048a11bf5 → host:177.10.239.108 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0307b3c9af33eb0:host:45.145.152.227:host:172.234.197.23	SESSION-c0307b3c9af33eb0 → host:45.145.152.227 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-140cb8b81d438202:host:172.234.197.23:host:177.10.237.82	SESSION-140cb8b81d438202 → host:172.234.197.23 → host:177.10.237.82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ae3419cd71fb8b85:SESSION-ae3419cd71fb8b85	SESSION-ae3419cd71fb8b85 → pe:tls:SESSION-ae3419cd71fb8b85
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bdbc33b564dc3f1f:host:2.57.121.112	SESSION-bdbc33b564dc3f1f → host:2.57.121.112
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f3567442ac940551:SESSION-f3567442ac940551	SESSION-f3567442ac940551 → pe:tls:SESSION-f3567442ac940551
FLOW_DST_PORTOBS	e:fp:flow:060fa8c13a73:port:tcp:58782	flow:060fa8c13a73 → port:tcp:58782
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5bb0fb568e127c0:host:172.234.197.23	SESSION-f5bb0fb568e127c0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5048c6b31ef60c96:host:131.196.31.190	SESSION-5048c6b31ef60c96 → host:131.196.31.190
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7eabead80f81736f:SESSION-7eabead80f81736f	SESSION-7eabead80f81736f → pe:tls:SESSION-7eabead80f81736f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eb6c1367f6b2a786:flow:478fb11578dd	SESSION-eb6c1367f6b2a786 → flow:478fb11578dd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-df4b466e6cf802c5:SESSION-df4b466e6cf802c5	SESSION-df4b466e6cf802c5 → pe:syn:SESSION-df4b466e6cf802c5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5739ac8f3bafac6c:SESSION-5739ac8f3bafac6c	SESSION-5739ac8f3bafac6c → pe:syn:SESSION-5739ac8f3bafac6c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1eb19142561b47ba:host:131.196.31.142	SESSION-1eb19142561b47ba → host:131.196.31.142
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b3ab5aeea0af112:host:177.10.234.143	SESSION-8b3ab5aeea0af112 → host:177.10.234.143
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5f8d7516bed96e97:flow:0e2ef251883e	SESSION-5f8d7516bed96e97 → flow:0e2ef251883e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e7c834c7664f83e9:flow:15c9711f86b0	SESSION-e7c834c7664f83e9 → flow:15c9711f86b0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a846b5687af75eeb:host:131.196.29.91	SESSION-a846b5687af75eeb → host:131.196.29.91
flow_observed5-aryOBS	e:fo:flow:b96ebacbeedc	flow:b96ebacbeedc → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-66fe61e0e919e0c7:flow:d767a7e82616	SESSION-66fe61e0e919e0c7 → flow:d767a7e82616
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-57e647fa0cdcfe5a:SESSION-57e647fa0cdcfe5a	SESSION-57e647fa0cdcfe5a → pe:tls:SESSION-57e647fa0cdcfe5a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a038f6735218c73a:host:177.10.233.134	SESSION-a038f6735218c73a → host:177.10.233.134
FLOW_TO_HOSTOBS	e:to:SESSION-c3fa9d5496b14fae:host:172.234.197.23	SESSION-c3fa9d5496b14fae → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44a5aa522f98da19:host:92.112.71.248	SESSION-44a5aa522f98da19 → host:92.112.71.248
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-11da84003d7810c4:host:172.234.197.23:host:104.28.202.77	SESSION-11da84003d7810c4 → host:172.234.197.23 → host:104.28.202.77
FLOW_TO_HOSTOBS	e:to:SESSION-0a4506f2fb402b7f:host:131.196.30.243	SESSION-0a4506f2fb402b7f → host:131.196.30.243
FLOW_DST_PORTOBS	e:fp:flow:7baba6975c1f:port:tcp:443	flow:7baba6975c1f → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54d23880cad1a846:host:172.234.197.23	SESSION-54d23880cad1a846 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb9e9108ca8bff14:host:45.173.156.43:host:172.234.197.23	SESSION-cb9e9108ca8bff14 → host:45.173.156.43 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-736a99dd90ae6491:SESSION-736a99dd90ae6491	SESSION-736a99dd90ae6491 → pe:tls:SESSION-736a99dd90ae6491
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-692aeceb01bd702a:SESSION-692aeceb01bd702a	SESSION-692aeceb01bd702a → pe:syn:SESSION-692aeceb01bd702a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa8465f08de511a2:host:172.234.197.23	SESSION-aa8465f08de511a2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-792b602eaec629a3:host:172.234.197.23	SESSION-792b602eaec629a3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:764c895d5614:port:tcp:878	flow:764c895d5614 → port:tcp:878
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-03724996262dbf01:flow:1813f51dfd27	SESSION-03724996262dbf01 → flow:1813f51dfd27
FLOW_TO_HOSTOBS	e:to:SESSION-453cfacc8e209f2f:host:131.196.30.37	SESSION-453cfacc8e209f2f → host:131.196.30.37
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-187a70856b24c84b:host:177.10.234.201:host:172.234.197.23	SESSION-187a70856b24c84b → host:177.10.234.201 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5b7d005fcddd05eb:host:131.196.31.95	SESSION-5b7d005fcddd05eb → host:131.196.31.95
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-75f19254cb816cbd:host:172.234.197.23:host:2.57.122.197	SESSION-75f19254cb816cbd → host:172.234.197.23 → host:2.57.122.197
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a117da50f6c2c30f:SESSION-a117da50f6c2c30f	SESSION-a117da50f6c2c30f → pe:syn:SESSION-a117da50f6c2c30f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8b61fb09d40ad349:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8b61fb09d40ad349 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-71cb82af8f37b35d:host:199.16.157.181:host:172.234.197.23	SESSION-71cb82af8f37b35d → host:199.16.157.181 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7eb452f0b60197b3:SESSION-7eb452f0b60197b3	SESSION-7eb452f0b60197b3 → pe:tls:SESSION-7eb452f0b60197b3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-35228babc2ac6e48:host:177.10.235.185:host:172.234.197.23	SESSION-35228babc2ac6e48 → host:177.10.235.185 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9b23d33d2c76:port:tcp:443	flow:9b23d33d2c76 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c96791011a0f6f2:host:177.10.233.176	SESSION-7c96791011a0f6f2 → host:177.10.233.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1375745ca86fe64:host:172.234.197.23	SESSION-a1375745ca86fe64 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-db60e018ea4d304a:host:172.234.197.23	SESSION-db60e018ea4d304a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.65:geo_-23.62930_-46.63510	host:131.196.29.65 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9bc9a3180c6fb10:host:172.234.197.23	SESSION-f9bc9a3180c6fb10 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1261f8c6b87cf73:host:172.234.197.23	SESSION-b1261f8c6b87cf73 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4cde7abdf73c6af1:host:172.232.0.16	SESSION-4cde7abdf73c6af1 → host:172.232.0.16
flow_observed5-aryOBS	e:fo:flow:995deb079eac	flow:995deb079eac → host:177.10.234.84 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6e6d70ae2d31fba9:host:131.196.28.190:host:172.234.197.23	SESSION-6e6d70ae2d31fba9 → host:131.196.28.190 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f73f713a631f7530:SESSION-f73f713a631f7530	SESSION-f73f713a631f7530 → pe:tls:SESSION-f73f713a631f7530
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6a19fd3219cd89ed:flow:74e60f4378aa	SESSION-6a19fd3219cd89ed → flow:74e60f4378aa
FLOW_FROM_HOSTOBS	e:from:SESSION-c0665b9726687b63:host:45.173.156.98	SESSION-c0665b9726687b63 → host:45.173.156.98
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3fc91fd95f4bed82:host:177.10.233.208:host:172.234.197.23	SESSION-3fc91fd95f4bed82 → host:177.10.233.208 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:30a4fb2d35f0:port:tcp:443	flow:30a4fb2d35f0 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:0710fc26396d	flow:0710fc26396d → host:177.10.236.182 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3da2bdbc54650cc7:host:172.234.197.23	SESSION-3da2bdbc54650cc7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5cb3d18d192da5f3:flow:7fb6ef520631	SESSION-5cb3d18d192da5f3 → flow:7fb6ef520631
FLOW_DST_PORTOBS	e:fp:flow:5271c61bb9ad:port:tcp:443	flow:5271c61bb9ad → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49828b0c1667648d:host:131.196.28.19	SESSION-49828b0c1667648d → host:131.196.28.19
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db62c05acb7f0b0b:host:131.196.29.53	SESSION-db62c05acb7f0b0b → host:131.196.29.53
FLOW_TO_HOSTOBS	e:to:SESSION-1d862dda647c7051:host:172.234.197.23	SESSION-1d862dda647c7051 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f951b8fc6e0dd11c:host:177.10.232.158	SESSION-f951b8fc6e0dd11c → host:177.10.232.158
FLOW_TO_HOSTOBS	e:to:SESSION-01e03a84392b1398:host:177.10.237.10	SESSION-01e03a84392b1398 → host:177.10.237.10
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.221:asn:262880	host:177.10.239.221 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-83ce9ba3d421fc3f:SESSION-83ce9ba3d421fc3f	SESSION-83ce9ba3d421fc3f → pe:tls:SESSION-83ce9ba3d421fc3f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-73bdc276c5a845ed:SESSION-73bdc276c5a845ed	SESSION-73bdc276c5a845ed → pe:tls:SESSION-73bdc276c5a845ed
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3bedd6d77774b5e6:host:172.234.197.23:host:177.10.232.55	SESSION-3bedd6d77774b5e6 → host:172.234.197.23 → host:177.10.232.55
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d4e81930fa292a8:host:172.234.197.23	SESSION-6d4e81930fa292a8 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.45:geo_-16.28860_-49.01640	host:177.10.235.45 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-12b2fb0a733c24b6:SESSION-12b2fb0a733c24b6	SESSION-12b2fb0a733c24b6 → pe:syn:SESSION-12b2fb0a733c24b6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c21627d8f6f11a27:flow:dd602e0f6666	SESSION-c21627d8f6f11a27 → flow:dd602e0f6666
flow_observed5-aryOBS	e:fo:flow:5b833fe29bb1	flow:5b833fe29bb1 → host:131.196.29.137 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.78:geo_-16.28860_-49.01640	host:177.10.239.78 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:0f8216fdb548:port:tcp:443	flow:0f8216fdb548 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-ecb67f73d2142d93:host:172.234.197.23	SESSION-ecb67f73d2142d93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-43d9721f29111779:host:89.58.44.225	SESSION-43d9721f29111779 → host:89.58.44.225
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-33348e69a2613db6:SESSION-33348e69a2613db6	SESSION-33348e69a2613db6 → pe:syn:SESSION-33348e69a2613db6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8098f7aeb1e3da6f:host:172.234.197.23	SESSION-8098f7aeb1e3da6f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-360f4972fec5b7e0:host:95.170.25.152	SESSION-360f4972fec5b7e0 → host:95.170.25.152
FLOW_FROM_HOSTOBS	e:from:SESSION-310a1cee325ffc65:host:45.173.156.178	SESSION-310a1cee325ffc65 → host:45.173.156.178
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd6f9b80bb02e0f5:host:131.196.30.39	SESSION-fd6f9b80bb02e0f5 → host:131.196.30.39
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f83bf77e11c8adb3:SESSION-f83bf77e11c8adb3	SESSION-f83bf77e11c8adb3 → pe:syn:SESSION-f83bf77e11c8adb3
FLOW_TLS_SNIOBS	e:fs:flow:9c47255c861d:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:9c47255c861d → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b1f042103d1727f:host:177.10.239.153:host:172.234.197.23	SESSION-5b1f042103d1727f → host:177.10.239.153 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e2683c2a1a03e97:host:177.10.234.9	SESSION-6e2683c2a1a03e97 → host:177.10.234.9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.243:geo_-23.62930_-46.63510	host:131.196.28.243 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b73c5a859c05f554:flow:4bd61e2fa10c	SESSION-b73c5a859c05f554 → flow:4bd61e2fa10c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-841299f020c7f00d:host:177.10.238.15:host:172.234.197.23	SESSION-841299f020c7f00d → host:177.10.238.15 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b0b8b90e300d9c11:SESSION-b0b8b90e300d9c11	SESSION-b0b8b90e300d9c11 → pe:syn:SESSION-b0b8b90e300d9c11
FLOW_FROM_HOSTOBS	e:from:SESSION-57ceaaaea8de5082:host:131.196.28.246	SESSION-57ceaaaea8de5082 → host:131.196.28.246
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-76aff26f067fcb92:SESSION-76aff26f067fcb92	SESSION-76aff26f067fcb92 → pe:tls:SESSION-76aff26f067fcb92
FLOW_TO_HOSTOBS	e:to:SESSION-5e8651e0c063dc0a:host:177.10.232.212	SESSION-5e8651e0c063dc0a → host:177.10.232.212
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f38f9d39dae0e5a:host:172.234.197.23	SESSION-3f38f9d39dae0e5a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e217016f21152908:SESSION-e217016f21152908	SESSION-e217016f21152908 → pe:tls:SESSION-e217016f21152908
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b481f21a133f6fd1:host:177.10.239.159:host:172.234.197.23	SESSION-b481f21a133f6fd1 → host:177.10.239.159 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ed55c24c9ffd87b5:flow:fdac8cc665b7	SESSION-ed55c24c9ffd87b5 → flow:fdac8cc665b7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-077636b939c69f3b:SESSION-077636b939c69f3b	SESSION-077636b939c69f3b → pe:syn:SESSION-077636b939c69f3b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5d5e5bbccd32f2d5:SESSION-5d5e5bbccd32f2d5	SESSION-5d5e5bbccd32f2d5 → pe:tls:SESSION-5d5e5bbccd32f2d5
flow_observed5-aryOBS	e:fo:flow:f84489ae8c75	flow:f84489ae8c75 → host:131.196.30.74 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65d310d8fe50c39e:SESSION-65d310d8fe50c39e	SESSION-65d310d8fe50c39e → pe:syn:SESSION-65d310d8fe50c39e
FLOW_FROM_HOSTOBS	e:from:SESSION-43ba6051cf9120c0:host:177.10.239.102	SESSION-43ba6051cf9120c0 → host:177.10.239.102
HOST_IN_ASNOBS 85%	e:ha:host:49.12.170.238:asn:24940	host:49.12.170.238 → asn:24940
FLOW_TO_HOSTOBS	e:to:SESSION-913ac926bd708af5:host:177.10.238.218	SESSION-913ac926bd708af5 → host:177.10.238.218
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-41957bf4b3a50ded:SESSION-41957bf4b3a50ded	SESSION-41957bf4b3a50ded → pe:syn:SESSION-41957bf4b3a50ded
FLOW_FROM_HOSTOBS	e:from:SESSION-0427ab07f20fae31:host:131.196.31.46	SESSION-0427ab07f20fae31 → host:131.196.31.46
flow_observed5-aryOBS	e:fo:flow:df87bb415296	flow:df87bb415296 → host:177.10.234.68 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:27a30c1d9498:port:tcp:64001	flow:27a30c1d9498 → port:tcp:64001
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9f2c14118785728f:SESSION-9f2c14118785728f	SESSION-9f2c14118785728f → pe:syn:SESSION-9f2c14118785728f
FLOW_DST_PORTOBS	e:fp:flow:01654e0070e3:port:tcp:443	flow:01654e0070e3 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-63d746c5afa978f6:host:177.10.232.60	SESSION-63d746c5afa978f6 → host:177.10.232.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-def0cb8d87964dca:host:172.234.197.23	SESSION-def0cb8d87964dca → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c36bc9032caa64b:host:45.145.152.109	SESSION-9c36bc9032caa64b → host:45.145.152.109
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a0605f48b345a3ed:SESSION-a0605f48b345a3ed	SESSION-a0605f48b345a3ed → pe:tls:SESSION-a0605f48b345a3ed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b53dcb5377a03d44:host:172.234.197.23	SESSION-b53dcb5377a03d44 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-191c84cbdd981857:host:172.234.197.23	SESSION-191c84cbdd981857 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ba981a6eb39461c8:host:172.234.197.23	SESSION-ba981a6eb39461c8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b2c924632948936b:host:131.196.31.26	SESSION-b2c924632948936b → host:131.196.31.26
FLOW_DST_PORTOBS	e:fp:flow:75d2f1361fa5:port:tcp:443	flow:75d2f1361fa5 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e8e2f8ae5ea03a25:host:177.10.234.187:host:172.234.197.23	SESSION-e8e2f8ae5ea03a25 → host:177.10.234.187 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.237:asn:262880	host:177.10.238.237 → asn:262880
flow_observed5-aryOBS	e:fo:flow:4cefb8d622a4	flow:4cefb8d622a4 → host:177.10.232.219 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c78f1de05120efd8:flow:863cf77a74ad	SESSION-c78f1de05120efd8 → flow:863cf77a74ad
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6a66cf91ad155464:SESSION-6a66cf91ad155464	SESSION-6a66cf91ad155464 → pe:tls:SESSION-6a66cf91ad155464
FLOW_DST_PORTOBS	e:fp:flow:7be41fc9ed2d:port:tcp:443	flow:7be41fc9ed2d → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.244:geo_-16.28860_-49.01640	host:177.10.236.244 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.244:asn:262880	host:177.10.236.244 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e3ba2cf190ed0b5c:host:131.196.28.18:host:172.234.197.23	SESSION-e3ba2cf190ed0b5c → host:131.196.28.18 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5a2ddb999c90e17:host:177.10.234.100	SESSION-e5a2ddb999c90e17 → host:177.10.234.100
FLOW_FROM_HOSTOBS	e:from:SESSION-6cb17c89d7425739:host:172.234.197.23	SESSION-6cb17c89d7425739 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85c181ffe8433ff0:host:172.234.197.23:host:177.10.237.15	SESSION-85c181ffe8433ff0 → host:172.234.197.23 → host:177.10.237.15
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-60d7d302576d36ac:host:131.196.31.233:host:172.234.197.23	SESSION-60d7d302576d36ac → host:131.196.31.233 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6430336fded9a803:host:131.196.29.99	SESSION-6430336fded9a803 → host:131.196.29.99
flow_observed5-aryOBS	e:fo:flow:4390e50ad8b5	flow:4390e50ad8b5 → host:131.196.30.184 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fb6fe079446275d:host:172.234.197.23	SESSION-5fb6fe079446275d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.230:asn:262880	host:177.10.235.230 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3185739188bf8a1e:host:131.196.30.11:host:172.234.197.23	SESSION-3185739188bf8a1e → host:131.196.30.11 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:da656094cd00:port:tcp:443	flow:da656094cd00 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:3293ca960e74:port:tcp:443	flow:3293ca960e74 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-76408b67fb88a4bd:host:172.234.197.23	SESSION-76408b67fb88a4bd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5bf52bbf16270a2a:host:104.28.202.77	SESSION-5bf52bbf16270a2a → host:104.28.202.77
FLOW_TO_HOSTOBS	e:to:SESSION-577376347fdfe894:host:177.10.236.37	SESSION-577376347fdfe894 → host:177.10.236.37
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f34bafe5f2be5770:host:131.196.29.16:host:172.234.197.23	SESSION-f34bafe5f2be5770 → host:131.196.29.16 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aee37cb69186d910:PCAP:capture_20260430090001:065659c7d314	SESSION-aee37cb69186d910 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ef7fe2bb78158297:SESSION-ef7fe2bb78158297	SESSION-ef7fe2bb78158297 → pe:syn:SESSION-ef7fe2bb78158297
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fe2a9708180e5d71:PCAP:capture_20260430110001:43611bdf6759	SESSION-fe2a9708180e5d71 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b84527735a90d253:host:177.10.235.175:host:172.234.197.23	SESSION-b84527735a90d253 → host:177.10.235.175 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.64:asn:262880	host:177.10.236.64 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0758ca9101405049:host:177.10.239.35	SESSION-0758ca9101405049 → host:177.10.239.35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b6806cb851ed3b70:SESSION-b6806cb851ed3b70	SESSION-b6806cb851ed3b70 → pe:syn:SESSION-b6806cb851ed3b70
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-b30f6f845792a67e:BSG-BEACON-13f5c1fd6ae7	SESSION-b30f6f845792a67e → BSG-BEACON-13f5c1fd6ae7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a971dfbf90734efe:host:45.173.156.110	SESSION-a971dfbf90734efe → host:45.173.156.110
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.84:asn:271410	host:131.196.30.84 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-add028e8e7760fa2:flow:f1ac2b056425	SESSION-add028e8e7760fa2 → flow:f1ac2b056425
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-38231883b4033aa4:SESSION-38231883b4033aa4	SESSION-38231883b4033aa4 → pe:syn:SESSION-38231883b4033aa4
FLOW_TO_HOSTOBS	e:to:SESSION-9485d3e307f01514:host:131.196.30.214	SESSION-9485d3e307f01514 → host:131.196.30.214
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-977a7c6dd83aa424:host:177.10.239.192	SESSION-977a7c6dd83aa424 → host:177.10.239.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e76870e292a86821:SESSION-e76870e292a86821	SESSION-e76870e292a86821 → pe:tls:SESSION-e76870e292a86821
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-79349287be3864ac:host:131.196.29.235:host:172.234.197.23	SESSION-79349287be3864ac → host:131.196.29.235 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff0c6bdae7c0fa78:host:177.10.235.152	SESSION-ff0c6bdae7c0fa78 → host:177.10.235.152
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ad7e9be9d0a80554:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ad7e9be9d0a80554 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-70e7a4a5208b1da3:host:177.10.237.89	SESSION-70e7a4a5208b1da3 → host:177.10.237.89
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ef36b158fc63267:host:177.10.234.89	SESSION-9ef36b158fc63267 → host:177.10.234.89
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc2cf38876d5e15c:host:172.234.197.23	SESSION-cc2cf38876d5e15c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7f62a59cabf6a851:flow:20b420a6068e	SESSION-7f62a59cabf6a851 → flow:20b420a6068e
FLOW_DST_PORTOBS	e:fp:flow:abef35df2d70:port:tcp:443	flow:abef35df2d70 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.114:asn:262880	host:177.10.234.114 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-2e627b58284e1729:host:177.10.234.72	SESSION-2e627b58284e1729 → host:177.10.234.72
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-354d6c0d37a0b016:host:45.173.156.38	SESSION-354d6c0d37a0b016 → host:45.173.156.38
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-73c4b3cbea42a394:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-73c4b3cbea42a394 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7601ec92d63a89e6:SESSION-7601ec92d63a89e6	SESSION-7601ec92d63a89e6 → pe:syn:SESSION-7601ec92d63a89e6
FLOW_TO_HOSTOBS	e:to:SESSION-4baa6f7cc0122cad:host:172.234.197.23	SESSION-4baa6f7cc0122cad → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb2ab3101d5e046e:host:172.234.197.23	SESSION-cb2ab3101d5e046e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6fdc52c769919c0f:flow:b0d8a98e8306	SESSION-6fdc52c769919c0f → flow:b0d8a98e8306
FLOW_FROM_HOSTOBS	e:from:SESSION-37a8b94aca0a72fd:host:69.222.187.134	SESSION-37a8b94aca0a72fd → host:69.222.187.134
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b7f4612f7527a5d:PCAP:capture_20260430060001:919b39a74464	SESSION-5b7f4612f7527a5d → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0aa7b6956faccec:SESSION-c0aa7b6956faccec	SESSION-c0aa7b6956faccec → pe:tls:SESSION-c0aa7b6956faccec
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f39c81a37ca9c9d3:flow:ee0e8e42a22e	SESSION-f39c81a37ca9c9d3 → flow:ee0e8e42a22e
FLOW_FROM_HOSTOBS	e:from:SESSION-a03e1a67bd79b062:host:131.196.29.206	SESSION-a03e1a67bd79b062 → host:131.196.29.206
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-350febc37b3f152d:host:131.196.28.1	SESSION-350febc37b3f152d → host:131.196.28.1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f3651e68c2556a1c:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-f3651e68c2556a1c → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1a930dc0f03fa17:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d1a930dc0f03fa17 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d60f9952407f0d18:flow:be59cc1e99e5	SESSION-d60f9952407f0d18 → flow:be59cc1e99e5
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.21:asn:271410	host:131.196.28.21 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2392c0826d87e845:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-2392c0826d87e845 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.143:asn:271410	host:131.196.28.143 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.63:asn:273470	host:45.173.156.63 → asn:273470
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.247:asn:203771	host:31.40.196.247 → asn:203771
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7c274d9ac0119175:host:177.10.238.119:host:172.234.197.23	SESSION-7c274d9ac0119175 → host:177.10.238.119 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7098e9f09e131f1:host:172.234.197.23	SESSION-e7098e9f09e131f1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f302c09f7d22a8d1:PCAP:capture_20260430110001:43611bdf6759	SESSION-f302c09f7d22a8d1 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-16f8bda1e1d11332:flow:4ae7f98c921b	SESSION-16f8bda1e1d11332 → flow:4ae7f98c921b
FLOW_TO_HOSTOBS	e:to:SESSION-0b22fbd69b6831b9:host:177.10.238.137	SESSION-0b22fbd69b6831b9 → host:177.10.238.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-60d7d302576d36ac:SESSION-60d7d302576d36ac	SESSION-60d7d302576d36ac → pe:tls:SESSION-60d7d302576d36ac
HOST_IN_ASNOBS 85%	e:ha:host:95.135.228.1:asn:203771	host:95.135.228.1 → asn:203771
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e62c7e5ed36c3850:flow:a5157ecee7f0	SESSION-e62c7e5ed36c3850 → flow:a5157ecee7f0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d0485ecaf8e8edab:SESSION-d0485ecaf8e8edab	SESSION-d0485ecaf8e8edab → pe:tls:SESSION-d0485ecaf8e8edab
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a242c68bb3594796:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-a242c68bb3594796 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-23efb1317beab0b3:host:177.10.239.80	SESSION-23efb1317beab0b3 → host:177.10.239.80
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.66:asn:271410	host:131.196.30.66 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-8a77e99309dd6e28:host:172.234.197.23	SESSION-8a77e99309dd6e28 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4aeecdec5ead7952:host:177.10.238.37	SESSION-4aeecdec5ead7952 → host:177.10.238.37
flow_observed5-aryOBS	e:fo:flow:3ab5e62334de	flow:3ab5e62334de → host:177.10.238.171 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e703980a48f1e09:host:177.10.234.107:host:172.234.197.23	SESSION-4e703980a48f1e09 → host:177.10.234.107 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d0f144e1366b:port:tcp:443	flow:d0f144e1366b → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3c787945ac898609:SESSION-3c787945ac898609	SESSION-3c787945ac898609 → pe:syn:SESSION-3c787945ac898609
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb6cea4441256ebd:host:172.234.197.23	SESSION-cb6cea4441256ebd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8cf04cf372371106:host:172.234.197.23	SESSION-8cf04cf372371106 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b31cf1240fb1e101:SESSION-b31cf1240fb1e101	SESSION-b31cf1240fb1e101 → pe:tls:SESSION-b31cf1240fb1e101
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e4bb5568f0e725a3:SESSION-e4bb5568f0e725a3	SESSION-e4bb5568f0e725a3 → pe:syn:SESSION-e4bb5568f0e725a3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ec00857ef12f8e7e:SESSION-ec00857ef12f8e7e	SESSION-ec00857ef12f8e7e → pe:tls:SESSION-ec00857ef12f8e7e
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-81679789c998e700:BSG-BEACON-c5c416645e2f	SESSION-81679789c998e700 → BSG-BEACON-c5c416645e2f
FLOW_DST_PORTOBS	e:fp:flow:b81f7fd27c1a:port:tcp:443	flow:b81f7fd27c1a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8a57b2200e62e75:host:172.234.197.23	SESSION-c8a57b2200e62e75 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0796a13a25fe417a:host:177.10.233.93	SESSION-0796a13a25fe417a → host:177.10.233.93
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e094b52f54dff79:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4e094b52f54dff79 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a4200861230ead3:flow:2ced477327d5	SESSION-0a4200861230ead3 → flow:2ced477327d5
FLOW_FROM_HOSTOBS	e:from:SESSION-850471f172c9c8e6:host:131.196.31.165	SESSION-850471f172c9c8e6 → host:131.196.31.165
FLOW_DST_PORTOBS	e:fp:flow:b80e056f3e31:port:tcp:443	flow:b80e056f3e31 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:6cb5cb4669a3:port:tcp:443	flow:6cb5cb4669a3 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-baf6029a4a920bc4:SESSION-baf6029a4a920bc4	SESSION-baf6029a4a920bc4 → pe:syn:SESSION-baf6029a4a920bc4
FLOW_DST_PORTOBS	e:fp:flow:ccf81e5a8a06:port:tcp:443	flow:ccf81e5a8a06 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-2392c0826d87e845:host:45.173.156.238	SESSION-2392c0826d87e845 → host:45.173.156.238
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.39:geo_-16.28860_-49.01640	host:177.10.234.39 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa49f714001a7a70:host:172.234.197.23	SESSION-fa49f714001a7a70 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9f7884afbce83d50:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-9f7884afbce83d50 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed4-aryOBS	e:fo:flow:b140447e670d	flow:b140447e670d → host:172.234.197.23 → host:131.196.29.125 → port:tcp:10240
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e280ba6e8e483a35:host:177.10.238.152	SESSION-e280ba6e8e483a35 → host:177.10.238.152
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a84fec3b32ec885d:host:131.196.30.9	SESSION-a84fec3b32ec885d → host:131.196.30.9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cff1d643020db9d5:PCAP:capture_20260430160001:9bfa4498506a	SESSION-cff1d643020db9d5 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9f597f69b0915b82:flow:7513315664df	SESSION-9f597f69b0915b82 → flow:7513315664df
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dd4c16dfff279521:host:177.10.239.105:host:172.234.197.23	SESSION-dd4c16dfff279521 → host:177.10.239.105 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4a0e33124638	flow:4a0e33124638 → host:177.10.236.79 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3094c6d527f665e9:host:45.173.156.207	SESSION-3094c6d527f665e9 → host:45.173.156.207
FLOW_FROM_HOSTOBS	e:from:SESSION-fa3e9fc803f342ab:host:45.173.156.123	SESSION-fa3e9fc803f342ab → host:45.173.156.123
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a38d88507263cddf:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-a38d88507263cddf → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ea20601fa7d993b:flow:d03f88ab246d	SESSION-1ea20601fa7d993b → flow:d03f88ab246d
FLOW_TO_HOSTOBS	e:to:SESSION-be95a34ad4eedb81:host:172.234.197.23	SESSION-be95a34ad4eedb81 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c1df48b404d2bce0:SESSION-c1df48b404d2bce0	SESSION-c1df48b404d2bce0 → pe:tls:SESSION-c1df48b404d2bce0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2daf8cded5fb19ed:SESSION-2daf8cded5fb19ed	SESSION-2daf8cded5fb19ed → pe:tls:SESSION-2daf8cded5fb19ed
FLOW_DST_PORTOBS	e:fp:flow:79b777e6f63d:port:tcp:443	flow:79b777e6f63d → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:55b0d3b78c4c	flow:55b0d3b78c4c → host:172.234.197.23 → host:131.196.30.126 → port:tcp:16574
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e12e5221262ce88f:flow:4ef3722f4d43	SESSION-e12e5221262ce88f → flow:4ef3722f4d43
FLOW_TO_HOSTOBS	e:to:SESSION-9804aaba4767b862:host:177.10.232.2	SESSION-9804aaba4767b862 → host:177.10.232.2
FLOW_FROM_HOSTOBS	e:from:SESSION-a6a106ff5da861ac:host:172.234.197.23	SESSION-a6a106ff5da861ac → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6ac71782250ec9a1:host:45.173.156.85	SESSION-6ac71782250ec9a1 → host:45.173.156.85
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9f5d8e8d5ecc4e1f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9f5d8e8d5ecc4e1f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.81:geo_-16.28860_-49.01640	host:177.10.238.81 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:9320ba5c0d1c	flow:9320ba5c0d1c → host:131.196.29.254 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-721df94622c41f42:host:131.196.31.151	SESSION-721df94622c41f42 → host:131.196.31.151
FLOW_DST_PORTOBS	e:fp:flow:75ceec3cd86b:port:tcp:443	flow:75ceec3cd86b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb72c41fb24aaf81:host:172.234.197.23	SESSION-eb72c41fb24aaf81 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e167d585a8e48501:host:172.234.197.23	SESSION-e167d585a8e48501 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f42480d66c27	flow:f42480d66c27 → host:177.10.232.27 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-014d878748f613f9:SESSION-014d878748f613f9	SESSION-014d878748f613f9 → pe:syn:SESSION-014d878748f613f9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6798e98bad768e0d:host:131.196.28.32	SESSION-6798e98bad768e0d → host:131.196.28.32
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.215:geo_41.00190_28.96450	host:95.170.25.215 → geo_41.00190_28.96450
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f737e621c51c7ecf:host:172.234.197.23	SESSION-f737e621c51c7ecf → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8bdafe91f45dd428:flow:97c43f7faea6	SESSION-8bdafe91f45dd428 → flow:97c43f7faea6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-637d01fb7fe8b725:host:177.10.238.181	SESSION-637d01fb7fe8b725 → host:177.10.238.181
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ef3fadfeb89ec1c3:host:37.221.79.198:host:172.234.197.23	SESSION-ef3fadfeb89ec1c3 → host:37.221.79.198 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e548e1862e666d4:flow:e3eed6582d14	SESSION-4e548e1862e666d4 → flow:e3eed6582d14
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d811160d7459a4b2:flow:1c4d193b3400	SESSION-d811160d7459a4b2 → flow:1c4d193b3400
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31836a23201b59b7:host:177.10.237.162	SESSION-31836a23201b59b7 → host:177.10.237.162
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7963f405207d2813:flow:97fdbda409b9	SESSION-7963f405207d2813 → flow:97fdbda409b9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-34b8eff946ae371a:host:131.196.28.170:host:172.234.197.23	SESSION-34b8eff946ae371a → host:131.196.28.170 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ea3a69414cbbc32d:host:177.10.236.216:host:172.234.197.23	SESSION-ea3a69414cbbc32d → host:177.10.236.216 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a60794a5b314271e:host:172.234.197.23	SESSION-a60794a5b314271e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b79e234ad6fb:port:tcp:443	flow:b79e234ad6fb → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a72e7bc5d973ed2:host:131.196.31.140	SESSION-6a72e7bc5d973ed2 → host:131.196.31.140
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-82fb3096076edb8c:host:172.234.197.23:host:45.173.156.70	SESSION-82fb3096076edb8c → host:172.234.197.23 → host:45.173.156.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-60cd9cc046a23835:SESSION-60cd9cc046a23835	SESSION-60cd9cc046a23835 → pe:syn:SESSION-60cd9cc046a23835
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68a45a74f687a5a4:host:172.234.197.23	SESSION-68a45a74f687a5a4 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.97:geo_-21.10010_-41.69200	host:45.173.156.97 → geo_-21.10010_-41.69200
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.204:asn:203771	host:45.145.152.204 → asn:203771
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-320a5544f819c3b7:host:172.234.197.23:host:177.10.233.196	SESSION-320a5544f819c3b7 → host:172.234.197.23 → host:177.10.233.196
FLOW_FROM_HOSTOBS	e:from:SESSION-367a6218c741fe93:host:177.10.232.11	SESSION-367a6218c741fe93 → host:177.10.232.11
FLOW_TO_HOSTOBS	e:to:SESSION-c7239dbaec89ca2f:host:131.196.30.223	SESSION-c7239dbaec89ca2f → host:131.196.30.223
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96272a0a54480e7a:host:172.234.197.23	SESSION-96272a0a54480e7a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2c7091281d7e2abc:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2c7091281d7e2abc → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2240076057fcee51:SESSION-2240076057fcee51	SESSION-2240076057fcee51 → pe:syn:SESSION-2240076057fcee51
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03cfd9b1d0f62704:host:172.234.197.23	SESSION-03cfd9b1d0f62704 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-92fb186a1f8eeacc:SESSION-92fb186a1f8eeacc	SESSION-92fb186a1f8eeacc → pe:syn:SESSION-92fb186a1f8eeacc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5397b2a7490ae0fb:host:177.10.237.120	SESSION-5397b2a7490ae0fb → host:177.10.237.120
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.132:geo_-16.28860_-49.01640	host:177.10.234.132 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-af1aec9a84a08d25:flow:be9255afc4b4	SESSION-af1aec9a84a08d25 → flow:be9255afc4b4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.3:asn:262880	host:177.10.237.3 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.236:geo_-16.28860_-49.01640	host:177.10.235.236 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cd81cfaee9483060:PCAP:capture_20260430080001:93f47cc296a4	SESSION-cd81cfaee9483060 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-793bdbe15c87a87a:SESSION-793bdbe15c87a87a	SESSION-793bdbe15c87a87a → pe:syn:SESSION-793bdbe15c87a87a
flow_observed4-aryOBS	e:fo:flow:829cd549e8bd	flow:829cd549e8bd → host:172.234.197.23 → host:177.10.239.106 → port:tcp:51302
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bdbc4c9f7cbfe0c2:PCAP:capture_20260430110001:43611bdf6759	SESSION-bdbc4c9f7cbfe0c2 → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.4:asn:271410	host:131.196.29.4 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-5940a5357983452d:host:172.234.197.23	SESSION-5940a5357983452d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:53b3f0a9de81	flow:53b3f0a9de81 → host:177.10.238.62 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8663c7c8fd51be8d:host:172.234.197.23	SESSION-8663c7c8fd51be8d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0bcd74883eff8339:host:177.10.232.19	SESSION-0bcd74883eff8339 → host:177.10.232.19
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d0d83e3d3d1fc018:SESSION-d0d83e3d3d1fc018	SESSION-d0d83e3d3d1fc018 → pe:tls:SESSION-d0d83e3d3d1fc018
FLOW_DST_PORTOBS	e:fp:flow:2d8b8a6b6bad:port:tcp:443	flow:2d8b8a6b6bad → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:cc4e9257354e	flow:cc4e9257354e → host:131.196.28.100 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-193ccf82e1088d1d:host:177.10.239.18	SESSION-193ccf82e1088d1d → host:177.10.239.18
flow_observed5-aryOBS	e:fo:flow:07bf3b36f425	flow:07bf3b36f425 → host:45.173.156.72 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-9c30e2da5c8abbcf:host:177.10.238.50	SESSION-9c30e2da5c8abbcf → host:177.10.238.50
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0ac7328414c6be9:host:177.10.234.218	SESSION-d0ac7328414c6be9 → host:177.10.234.218
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a05a386609def1c:SESSION-0a05a386609def1c	SESSION-0a05a386609def1c → pe:tls:SESSION-0a05a386609def1c
FLOW_FROM_HOSTOBS	e:from:SESSION-1627b9df9d2fc920:host:177.10.236.231	SESSION-1627b9df9d2fc920 → host:177.10.236.231
FLOW_DST_PORTOBS	e:fp:flow:82f753dafc19:port:tcp:42936	flow:82f753dafc19 → port:tcp:42936
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa1be017e5052d0a:host:177.10.239.170	SESSION-fa1be017e5052d0a → host:177.10.239.170
FLOW_TO_HOSTOBS	e:to:SESSION-e44d3b0a0ee22cd6:host:172.234.197.23	SESSION-e44d3b0a0ee22cd6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8dabb052ca27	flow:8dabb052ca27 → host:177.10.232.167 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0684dbb2a7f8dcaf:PCAP:capture_20260430060001:919b39a74464	SESSION-0684dbb2a7f8dcaf → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7858b3452cd9a479:host:45.173.156.134:host:172.234.197.23	SESSION-7858b3452cd9a479 → host:45.173.156.134 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-45775bc626dbc608:flow:2e0ba50458ee	SESSION-45775bc626dbc608 → flow:2e0ba50458ee
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-14cb036847147428:flow:6c40783bfbe0	SESSION-14cb036847147428 → flow:6c40783bfbe0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f0bdeae27fd42a89:flow:daab24d3782e	SESSION-f0bdeae27fd42a89 → flow:daab24d3782e
FLOW_FROM_HOSTOBS	e:from:SESSION-a33a5bbd98f17a5b:host:5.182.209.49	SESSION-a33a5bbd98f17a5b → host:5.182.209.49
FLOW_TO_HOSTOBS	e:to:SESSION-216df7510915a954:host:172.234.197.23	SESSION-216df7510915a954 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e0879fac4437	flow:e0879fac4437 → host:177.10.232.170 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8e2a1b696130dd57:SESSION-8e2a1b696130dd57	SESSION-8e2a1b696130dd57 → pe:syn:SESSION-8e2a1b696130dd57
FLOW_FROM_HOSTOBS	e:from:SESSION-066d98dee3275acb:host:31.40.196.26	SESSION-066d98dee3275acb → host:31.40.196.26
FLOW_FROM_HOSTOBS	e:from:SESSION-8bf7420041ec56c9:host:172.234.197.23	SESSION-8bf7420041ec56c9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:18c30dc84099	flow:18c30dc84099 → host:177.10.239.77 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-0125cea84e0c02fd:host:131.196.29.254	SESSION-0125cea84e0c02fd → host:131.196.29.254
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e22ceaf98f82b588:host:177.10.232.131	SESSION-e22ceaf98f82b588 → host:177.10.232.131
FLOW_FROM_HOSTOBS	e:from:SESSION-292edad33ae38c98:host:131.196.30.60	SESSION-292edad33ae38c98 → host:131.196.30.60
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f0fe0e8460d1c75f:SESSION-f0fe0e8460d1c75f	SESSION-f0fe0e8460d1c75f → pe:tls:SESSION-f0fe0e8460d1c75f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8431b5fa38a73955:flow:c39193d67795	SESSION-8431b5fa38a73955 → flow:c39193d67795
flow_observed5-aryOBS	e:fo:flow:b66c105ebde7	flow:b66c105ebde7 → host:177.10.237.101 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:57553c5c5f75:port:tcp:443	flow:57553c5c5f75 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-8c60a94331c3e233:host:131.196.30.183	SESSION-8c60a94331c3e233 → host:131.196.30.183
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da3b2b353303e8e1:host:172.234.197.23	SESSION-da3b2b353303e8e1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9b22fd3d92fd3016:host:131.196.31.27	SESSION-9b22fd3d92fd3016 → host:131.196.31.27
FLOW_TO_HOSTOBS	e:to:SESSION-edaec15d65a63fe7:host:172.234.197.23	SESSION-edaec15d65a63fe7 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1638449ddab5	flow:1638449ddab5 → host:177.10.235.9 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-118e26ad77e50cb0:host:172.234.197.23	SESSION-118e26ad77e50cb0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6605cb18f1ab	flow:6605cb18f1ab → host:108.217.180.26 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-96eb62897cd314d5:host:172.234.197.23	SESSION-96eb62897cd314d5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37c43e7a9f6dcf12:host:172.234.197.23	SESSION-37c43e7a9f6dcf12 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5905fa7bc47f:port:tcp:43193	flow:5905fa7bc47f → port:tcp:43193
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-32091c263c5425e7:host:172.234.197.23:host:177.10.233.108	SESSION-32091c263c5425e7 → host:172.234.197.23 → host:177.10.233.108
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0c6698f170085be7:PCAP:capture_20260430050001:8868731bf8a4	SESSION-0c6698f170085be7 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3fba4062f618c50:host:172.234.197.23	SESSION-e3fba4062f618c50 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1ee986621b3f988f:host:177.10.237.64	SESSION-1ee986621b3f988f → host:177.10.237.64
FLOW_DST_PORTOBS	e:fp:flow:704270ce5d2a:port:tcp:443	flow:704270ce5d2a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2634dc5934886659:host:131.196.31.239	SESSION-2634dc5934886659 → host:131.196.31.239
FLOW_DST_PORTOBS	e:fp:flow:dca142dce243:port:tcp:443	flow:dca142dce243 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f34bafe5f2be5770:PCAP:capture_20260430150001:ded20914761d	SESSION-f34bafe5f2be5770 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77c18cfa23ea97ee:PCAP:capture_20260430080001:93f47cc296a4	SESSION-77c18cfa23ea97ee → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-6050ca7af62c0465:host:172.234.197.23	SESSION-6050ca7af62c0465 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2dbb680dd253e19c:flow:331ab659ef61	SESSION-2dbb680dd253e19c → flow:331ab659ef61
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e76870e292a86821:host:45.173.156.94	SESSION-e76870e292a86821 → host:45.173.156.94
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-139ea45d2e45809a:host:177.10.237.234	SESSION-139ea45d2e45809a → host:177.10.237.234
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e1aa0d90742fe552:SESSION-e1aa0d90742fe552	SESSION-e1aa0d90742fe552 → pe:tls:SESSION-e1aa0d90742fe552
FLOW_DST_PORTOBS	e:fp:flow:1ec238a64eb6:port:tcp:443	flow:1ec238a64eb6 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:dd936079be3d	flow:dd936079be3d → host:172.234.197.23 → host:177.10.239.239 → port:tcp:63649
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7140a8719778d6c0:SESSION-7140a8719778d6c0	SESSION-7140a8719778d6c0 → pe:tls:SESSION-7140a8719778d6c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e80661c10e8e6e7:host:172.234.197.23	SESSION-5e80661c10e8e6e7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b78a88d97420:port:tcp:443	flow:b78a88d97420 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-56ec76ae342b7ee6:host:172.234.197.23	SESSION-56ec76ae342b7ee6 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:f2abe0420a48	flow:f2abe0420a48 → host:172.234.197.23 → host:177.10.236.1 → port:tcp:51356
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.100:asn:273470	host:45.173.156.100 → asn:273470
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f59e3038c71b15e1:PCAP:capture_20260430090001:065659c7d314	SESSION-f59e3038c71b15e1 → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:1fd9c482bee8:port:tcp:443	flow:1fd9c482bee8 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-91e694161f32570f:host:131.196.28.227	SESSION-91e694161f32570f → host:131.196.28.227
FLOW_DST_PORTOBS	e:fp:flow:7c2c1f50d17a:port:tcp:443	flow:7c2c1f50d17a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-c3cae868156d4440:host:131.196.29.42	SESSION-c3cae868156d4440 → host:131.196.29.42
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b2c61460e754c8f6:host:172.234.197.23:host:177.10.239.155	SESSION-b2c61460e754c8f6 → host:172.234.197.23 → host:177.10.239.155
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.166:geo_-16.28860_-49.01640	host:177.10.238.166 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.140:asn:271410	host:131.196.29.140 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40a7926fcdf458e7:host:131.196.31.82	SESSION-40a7926fcdf458e7 → host:131.196.31.82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-980b61ddea9c5965:host:172.232.0.16	SESSION-980b61ddea9c5965 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c402fe398bbf1491:host:172.232.0.16	SESSION-c402fe398bbf1491 → host:172.232.0.16
FLOW_DST_PORTOBS	e:fp:flow:5590b431c6bb:port:tcp:443	flow:5590b431c6bb → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ba4a623ca0c8731:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-6ba4a623ca0c8731 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3617089369b58aaa:host:172.234.197.23	SESSION-3617089369b58aaa → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ce92926e8e7d59d2:flow:0c2ade1f884a	SESSION-ce92926e8e7d59d2 → flow:0c2ade1f884a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.118:geo_-16.28860_-49.01640	host:177.10.233.118 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-d957287df88430bb:host:172.234.197.23	SESSION-d957287df88430bb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6944fe230f08618b:host:131.196.29.29	SESSION-6944fe230f08618b → host:131.196.29.29
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ca5156d485d150e2:host:172.234.197.23:host:2.57.122.194	SESSION-ca5156d485d150e2 → host:172.234.197.23 → host:2.57.122.194
flow_observed4-aryOBS	e:fo:flow:53a6aa87e901	flow:53a6aa87e901 → host:172.234.197.23 → host:177.10.234.32 → port:tcp:22949
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.30:geo_-21.10010_-41.69200	host:45.173.156.30 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8a3cdd61760cc277:SESSION-8a3cdd61760cc277	SESSION-8a3cdd61760cc277 → pe:syn:SESSION-8a3cdd61760cc277
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e6abbbca78e64654:flow:ad7d3e5bff7d	SESSION-e6abbbca78e64654 → flow:ad7d3e5bff7d
FLOW_DST_PORTOBS	e:fp:flow:60298f4176e8:port:tcp:443	flow:60298f4176e8 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ce32efb58e1da83:host:177.10.232.226	SESSION-4ce32efb58e1da83 → host:177.10.232.226
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4636706714da3434:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-4636706714da3434 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-2479e88ee1ee68c6:host:172.234.197.23	SESSION-2479e88ee1ee68c6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8ef5b0d475390b4:host:131.196.29.168	SESSION-e8ef5b0d475390b4 → host:131.196.29.168
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-396da887f3ac73e5:host:177.10.234.171:host:172.234.197.23	SESSION-396da887f3ac73e5 → host:177.10.234.171 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:70a16a96af81:port:tcp:443	flow:70a16a96af81 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-9c68429e2f7bfcd9:host:177.10.232.164	SESSION-9c68429e2f7bfcd9 → host:177.10.232.164
flow_observed5-aryOBS	e:fo:flow:d75aeae08cca	flow:d75aeae08cca → host:177.10.232.88 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-338820b1c26f8211:host:177.10.237.10	SESSION-338820b1c26f8211 → host:177.10.237.10
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3186af5a0774c3b5:flow:ab0c50a1d4b1	SESSION-3186af5a0774c3b5 → flow:ab0c50a1d4b1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.157:geo_-16.28860_-49.01640	host:177.10.232.157 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.253:geo_-16.28860_-49.01640	host:177.10.233.253 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-87462f91a35c5198:PCAP:capture_20260430070001:903a0e7a436b	SESSION-87462f91a35c5198 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-49d1ccfce5e59a68:flow:fa169d87bfaf	SESSION-49d1ccfce5e59a68 → flow:fa169d87bfaf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-82d78308744a8bb2:SESSION-82d78308744a8bb2	SESSION-82d78308744a8bb2 → pe:syn:SESSION-82d78308744a8bb2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.67:geo_-23.62930_-46.63510	host:131.196.30.67 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-5d27f09d7c919692:host:172.234.197.23	SESSION-5d27f09d7c919692 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-76ac71b30f764df7:host:131.196.28.128:host:172.234.197.23	SESSION-76ac71b30f764df7 → host:131.196.28.128 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3ba2cf190ed0b5c:host:172.234.197.23	SESSION-e3ba2cf190ed0b5c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8a957b04bd86:port:tcp:3103	flow:8a957b04bd86 → port:tcp:3103
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1f991b6c62555b6c:host:177.10.236.193:host:172.234.197.23	SESSION-1f991b6c62555b6c → host:177.10.236.193 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e938dc96c7665991:host:172.234.197.23	SESSION-e938dc96c7665991 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.126:asn:262880	host:177.10.234.126 → asn:262880
flow_observed5-aryOBS	e:fo:flow:ce9e994e23f8	flow:ce9e994e23f8 → host:131.196.30.162 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8327be02acf872a5:host:177.10.232.184:host:172.234.197.23	SESSION-8327be02acf872a5 → host:177.10.232.184 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6585a8f099e9e465:PCAP:capture_20260430150001:ded20914761d	SESSION-6585a8f099e9e465 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aae42b7cc2993272:host:17.22.253.177	SESSION-aae42b7cc2993272 → host:17.22.253.177
FLOW_DST_PORTOBS	e:fp:flow:262704d151c7:port:tcp:443	flow:262704d151c7 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7ba8377fba710c4:host:131.196.28.177	SESSION-b7ba8377fba710c4 → host:131.196.28.177
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1274fc3e3cafac71:host:131.196.29.12	SESSION-1274fc3e3cafac71 → host:131.196.29.12
FLOW_DST_PORTOBS	e:fp:flow:b9a8ec600f68:port:tcp:443	flow:b9a8ec600f68 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.248:asn:203771	host:92.112.71.248 → asn:203771
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1cb1824ec0ef0f8a:flow:ae8d941664b0	SESSION-1cb1824ec0ef0f8a → flow:ae8d941664b0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9f10bcf378efcbb9:flow:9c1dd216af28	SESSION-9f10bcf378efcbb9 → flow:9c1dd216af28
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88f0aa854ba7cdd7:host:45.173.156.51	SESSION-88f0aa854ba7cdd7 → host:45.173.156.51
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-181666d0ed9d45b8:flow:3df4a18d0a97	SESSION-181666d0ed9d45b8 → flow:3df4a18d0a97
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76fc6cf591b9ed20:host:172.234.197.23	SESSION-76fc6cf591b9ed20 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-680820c56f27d295:host:172.234.197.23	SESSION-680820c56f27d295 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ddc82f590dd8a411:host:177.10.237.200	SESSION-ddc82f590dd8a411 → host:177.10.237.200
FLOW_FROM_HOSTOBS	e:from:SESSION-6e2683c2a1a03e97:host:177.10.234.9	SESSION-6e2683c2a1a03e97 → host:177.10.234.9
FLOW_FROM_HOSTOBS	e:from:SESSION-c3cd15ae05af1e0a:host:177.10.235.68	SESSION-c3cd15ae05af1e0a → host:177.10.235.68
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-43d9721f29111779:BSG-DATA_EXFIL-c97ae35c3537	SESSION-43d9721f29111779 → BSG-DATA_EXFIL-c97ae35c3537
flow_observed4-aryOBS	e:fo:flow:97fdbda409b9	flow:97fdbda409b9 → host:172.234.197.23 → host:177.10.234.162 → port:tcp:53376
FLOW_DST_PORTOBS	e:fp:flow:c47c7aa7a02f:port:tcp:22	flow:c47c7aa7a02f → port:tcp:22
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-931a0ea4dc7054bf:flow:bb9a911fd3e5	SESSION-931a0ea4dc7054bf → flow:bb9a911fd3e5
FLOW_FROM_HOSTOBS	e:from:SESSION-44cdc048c80875b5:host:177.10.238.20	SESSION-44cdc048c80875b5 → host:177.10.238.20
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6263455e390c054e:flow:eb9c7ca8e40c	SESSION-6263455e390c054e → flow:eb9c7ca8e40c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ab42e00b724a7daa:host:177.10.237.243:host:172.234.197.23	SESSION-ab42e00b724a7daa → host:177.10.237.243 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a1628bbd64c13f5a:SESSION-a1628bbd64c13f5a	SESSION-a1628bbd64c13f5a → pe:tls:SESSION-a1628bbd64c13f5a
flow_observed5-aryOBS	e:fo:flow:704270ce5d2a	flow:704270ce5d2a → host:131.196.28.118 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b7cd4519c0a4eb9:host:172.234.197.23	SESSION-2b7cd4519c0a4eb9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8ee775e10cbe172:host:172.234.197.23	SESSION-b8ee775e10cbe172 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7dbbf6b8420ecf88:host:172.234.197.23	SESSION-7dbbf6b8420ecf88 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9429230c27071ffa:host:177.10.234.132	SESSION-9429230c27071ffa → host:177.10.234.132
FLOW_FROM_HOSTOBS	e:from:SESSION-f3567442ac940551:host:172.234.197.23	SESSION-f3567442ac940551 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7b0f0a34a565	flow:7b0f0a34a565 → host:177.10.239.174 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-29e21c95f9df9427:host:172.234.197.23	SESSION-29e21c95f9df9427 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0fe99f41b36441fa:host:131.196.31.223	SESSION-0fe99f41b36441fa → host:131.196.31.223
FLOW_DST_PORTOBS	e:fp:flow:70cdb8314418:port:tcp:3819	flow:70cdb8314418 → port:tcp:3819
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca027ca401d4d122:host:177.10.232.181	SESSION-ca027ca401d4d122 → host:177.10.232.181
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.134:asn:271410	host:131.196.28.134 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:6caf715a57a5:port:tcp:42434	flow:6caf715a57a5 → port:tcp:42434
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.61:geo_-16.28860_-49.01640	host:177.10.237.61 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2eb24274e849c36c:host:172.234.197.23	SESSION-2eb24274e849c36c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2bb494efc59c:port:tcp:443	flow:2bb494efc59c → port:tcp:443
flow_observed3-aryOBS	e:fo:flow:b3263c50c98f	flow:b3263c50c98f → host:16.171.55.148 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3b520e491b5957c0:host:172.234.197.23:host:131.196.28.72	SESSION-3b520e491b5957c0 → host:172.234.197.23 → host:131.196.28.72
FLOW_DST_PORTOBS	e:fp:flow:6ccb35207b9a:port:tcp:443	flow:6ccb35207b9a → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-368729c748b57591:flow:c3ec42c5d25d	SESSION-368729c748b57591 → flow:c3ec42c5d25d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d3eca13f5e50de63:SESSION-d3eca13f5e50de63	SESSION-d3eca13f5e50de63 → pe:tls:SESSION-d3eca13f5e50de63
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c5ac08008a4ed5c1:host:177.10.236.46:host:172.234.197.23	SESSION-c5ac08008a4ed5c1 → host:177.10.236.46 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-06ad44a538684c23:SESSION-06ad44a538684c23	SESSION-06ad44a538684c23 → pe:tls:SESSION-06ad44a538684c23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ac55ff303c5de83:host:172.234.197.23	SESSION-1ac55ff303c5de83 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7c274d9ac0119175:SESSION-7c274d9ac0119175	SESSION-7c274d9ac0119175 → pe:tls:SESSION-7c274d9ac0119175
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dca9298136f0125a:SESSION-dca9298136f0125a	SESSION-dca9298136f0125a → pe:tls:SESSION-dca9298136f0125a
FLOW_FROM_HOSTOBS	e:from:SESSION-660cb7ef624de29d:host:172.234.197.23	SESSION-660cb7ef624de29d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-02999fe2096ad39b:host:45.173.156.78	SESSION-02999fe2096ad39b → host:45.173.156.78
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-33fdede36596a62f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-33fdede36596a62f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.142:geo_-23.62930_-46.63510	host:131.196.30.142 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a8441f04433657ee:PCAP:capture_20260430150001:ded20914761d	SESSION-a8441f04433657ee → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.199:asn:262880	host:177.10.236.199 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4904f64e7943cb47:SESSION-4904f64e7943cb47	SESSION-4904f64e7943cb47 → pe:tls:SESSION-4904f64e7943cb47
FLOW_DST_PORTOBS	e:fp:flow:23cc248dcadf:port:tcp:13114	flow:23cc248dcadf → port:tcp:13114
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.203:asn:262880	host:177.10.237.203 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-7d9537ea92aed5d6:host:177.10.237.84	SESSION-7d9537ea92aed5d6 → host:177.10.237.84
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-05f783d5d2ea4019:host:172.234.197.23	SESSION-05f783d5d2ea4019 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5527f09aaa715d91:PCAP:capture_20260430160001:9bfa4498506a	SESSION-5527f09aaa715d91 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:fdf3c5552a29:port:tcp:41462	flow:fdf3c5552a29 → port:tcp:41462
FLOW_DST_PORTOBS	e:fp:flow:b59b545e522a:port:tcp:443	flow:b59b545e522a → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.208:asn:271410	host:131.196.28.208 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a24ab62cbf4deb47:host:177.10.232.126:host:172.234.197.23	SESSION-a24ab62cbf4deb47 → host:177.10.232.126 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3d0d891734a12161:host:131.196.30.54	SESSION-3d0d891734a12161 → host:131.196.30.54
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e10e261831a1079d:PCAP:capture_20260430090001:065659c7d314	SESSION-e10e261831a1079d → PCAP:capture_20260430090001:065659c7d314
flow_observed4-aryOBS	e:fo:flow:e928e277e980	flow:e928e277e980 → host:172.234.197.23 → host:177.10.236.3 → port:tcp:43705
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a8eb3ecb5c5b32a8:SESSION-a8eb3ecb5c5b32a8	SESSION-a8eb3ecb5c5b32a8 → pe:tls:SESSION-a8eb3ecb5c5b32a8
FLOW_TO_HOSTOBS	e:to:SESSION-f3616b79a24490a3:host:172.234.197.23	SESSION-f3616b79a24490a3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f47343671c29:port:udp:53	flow:f47343671c29 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb7c4827354230c4:host:172.234.197.23	SESSION-bb7c4827354230c4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11142ad74b2052de:host:177.10.232.134	SESSION-11142ad74b2052de → host:177.10.232.134
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5fd776fee1455ee3:host:93.119.5.133:host:172.234.197.23	SESSION-5fd776fee1455ee3 → host:93.119.5.133 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7f62a59cabf6a851:host:177.10.236.104	SESSION-7f62a59cabf6a851 → host:177.10.236.104
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7771c9cc3604c57a:host:131.196.29.21:host:172.234.197.23	SESSION-7771c9cc3604c57a → host:131.196.29.21 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:fa102252011b	flow:fa102252011b → host:184.171.210.134 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-32273c66c8bf9656:host:177.10.235.51:host:172.234.197.23	SESSION-32273c66c8bf9656 → host:177.10.235.51 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:47679687883b	flow:47679687883b → host:45.173.156.34 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-04c23b7b96a70798:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-04c23b7b96a70798 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b475107bbd97ed39:SESSION-b475107bbd97ed39	SESSION-b475107bbd97ed39 → pe:syn:SESSION-b475107bbd97ed39
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5e7695ca2cac12f:host:172.234.197.23	SESSION-b5e7695ca2cac12f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-44424f48705b3a9d:host:172.234.197.23	SESSION-44424f48705b3a9d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6a214ec19ba198e7:host:172.234.197.23	SESSION-6a214ec19ba198e7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3c3e0ded89b78d8d:host:172.234.197.23	SESSION-3c3e0ded89b78d8d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-27ee7c401cb71f02:flow:a66f17d65208	SESSION-27ee7c401cb71f02 → flow:a66f17d65208
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-41b7279875030e7d:host:177.10.234.178:host:172.234.197.23	SESSION-41b7279875030e7d → host:177.10.234.178 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0d9e3720b73bcaea:PCAP:capture_20260430110001:43611bdf6759	SESSION-0d9e3720b73bcaea → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:9084a8142295	flow:9084a8142295 → host:177.10.234.144 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37a50d9fe3e20191:host:172.234.197.23	SESSION-37a50d9fe3e20191 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.203:asn:271410	host:131.196.30.203 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a148e202465c0b29:flow:940a647764f1	SESSION-a148e202465c0b29 → flow:940a647764f1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-36e366306285e270:flow:5f9206fa154d	SESSION-36e366306285e270 → flow:5f9206fa154d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d43ada4a289f704d:flow:ea0e53107fcd	SESSION-d43ada4a289f704d → flow:ea0e53107fcd
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-25f56036928a5a45:flow:ace9cb4d5e9d	SESSION-25f56036928a5a45 → flow:ace9cb4d5e9d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e00c0cf74d0af603:host:172.234.197.23	SESSION-e00c0cf74d0af603 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3ae59ca72364f9e1:host:131.196.30.65	SESSION-3ae59ca72364f9e1 → host:131.196.30.65
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bf7bb3dc8319468:host:172.234.197.23	SESSION-3bf7bb3dc8319468 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f479797471e82d6b:SESSION-f479797471e82d6b	SESSION-f479797471e82d6b → pe:tls:SESSION-f479797471e82d6b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db0c4d22fd57aedf:host:172.234.197.23	SESSION-db0c4d22fd57aedf → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.244:asn:273470	host:45.173.156.244 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-38fb62728f2b5e64:SESSION-38fb62728f2b5e64	SESSION-38fb62728f2b5e64 → pe:syn:SESSION-38fb62728f2b5e64
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96639b4b4a33e422:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-96639b4b4a33e422 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:29bfaeba90ca:port:tcp:443	flow:29bfaeba90ca → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3185739188bf8a1e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-3185739188bf8a1e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-361b290e75b75885:host:172.234.197.23:host:177.10.233.63	SESSION-361b290e75b75885 → host:172.234.197.23 → host:177.10.233.63
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-043f15d6badfcd64:flow:7c2c1f50d17a	SESSION-043f15d6badfcd64 → flow:7c2c1f50d17a
FLOW_DST_PORTOBS	e:fp:flow:34d94ae03fc0:port:tcp:443	flow:34d94ae03fc0 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e50b84c66ab32ef:PCAP:capture_20260430080001:93f47cc296a4	SESSION-7e50b84c66ab32ef → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-ada1853624679841:host:131.196.29.41	SESSION-ada1853624679841 → host:131.196.29.41
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8df47c2606014223:host:131.196.31.196	SESSION-8df47c2606014223 → host:131.196.31.196
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-67fe6c66ab1f1fcd:flow:83dcab51c9e9	SESSION-67fe6c66ab1f1fcd → flow:83dcab51c9e9
FLOW_DST_PORTOBS	e:fp:flow:99eaae9230cf:port:tcp:28704	flow:99eaae9230cf → port:tcp:28704
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-17dd55091d27669a:PCAP:capture_20260430090001:065659c7d314	SESSION-17dd55091d27669a → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:8f932617cc08	flow:8f932617cc08 → host:177.10.235.192 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ddd0457559a3680:SESSION-1ddd0457559a3680	SESSION-1ddd0457559a3680 → pe:syn:SESSION-1ddd0457559a3680
FLOW_FROM_HOSTOBS	e:from:SESSION-0c4b638117ccca22:host:172.234.197.23	SESSION-0c4b638117ccca22 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ada1853624679841:host:172.234.197.23:host:131.196.29.41	SESSION-ada1853624679841 → host:172.234.197.23 → host:131.196.29.41
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ca00666a1b5cdae:host:172.234.197.23:host:177.10.233.137	SESSION-1ca00666a1b5cdae → host:172.234.197.23 → host:177.10.233.137
FLOW_TO_HOSTOBS	e:to:SESSION-d220051223525d86:host:172.234.197.23	SESSION-d220051223525d86 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b9fb0652618e8095:SESSION-b9fb0652618e8095	SESSION-b9fb0652618e8095 → pe:syn:SESSION-b9fb0652618e8095
FLOW_FROM_HOSTOBS	e:from:SESSION-90804beaa6aefbc0:host:177.10.232.10	SESSION-90804beaa6aefbc0 → host:177.10.232.10
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-975059a05a34b0ad:host:177.10.235.64	SESSION-975059a05a34b0ad → host:177.10.235.64
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1fc518dfa07303a8:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-1fc518dfa07303a8 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:2e98db8cda75	flow:2e98db8cda75 → host:177.10.239.213 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:15572ed67243	flow:15572ed67243 → host:131.196.30.9 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9ddceec57447449:host:177.10.234.250	SESSION-f9ddceec57447449 → host:177.10.234.250
flow_observed4-aryOBS	e:fo:flow:2073e59d39ae	flow:2073e59d39ae → host:172.234.197.23 → host:177.10.238.44 → port:tcp:18862
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5b80b4b47f274ca:host:177.10.233.77	SESSION-d5b80b4b47f274ca → host:177.10.233.77
flow_observed5-aryOBS	e:fo:flow:2a56385e550c	flow:2a56385e550c → host:177.10.237.202 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2875d034c942a134:host:172.234.197.23:host:131.196.30.183	SESSION-2875d034c942a134 → host:172.234.197.23 → host:131.196.30.183
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83267dedfd50dbe7:host:172.234.197.23	SESSION-83267dedfd50dbe7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-aa515f25c4c77655:host:172.234.197.23	SESSION-aa515f25c4c77655 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:22e2e56d643a:port:tcp:443	flow:22e2e56d643a → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-55e2fb280d3c8e24:host:131.196.29.122:host:172.234.197.23	SESSION-55e2fb280d3c8e24 → host:131.196.29.122 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-89ddb9a3043f63a3:flow:dcc7deb4e4c9	SESSION-89ddb9a3043f63a3 → flow:dcc7deb4e4c9
flow_observed4-aryOBS	e:fo:flow:9150fc122a60	flow:9150fc122a60 → host:172.234.197.23 → host:177.10.232.217 → port:tcp:13104
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.104:geo_-16.28860_-49.01640	host:177.10.232.104 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-48726e3ec935fccb:host:2.57.121.112	SESSION-48726e3ec935fccb → host:2.57.121.112
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.138:asn:262880	host:177.10.232.138 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-99de4fcd637901fc:host:172.234.197.23	SESSION-99de4fcd637901fc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-478ebcd540b5d0ef:host:172.234.197.23	SESSION-478ebcd540b5d0ef → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e61430efc09a:port:tcp:443	flow:e61430efc09a → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:167.235.194.109:geo_50.47770_12.36490	host:167.235.194.109 → geo_50.47770_12.36490
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-196ad93208fa5be9:host:177.10.239.211:host:172.234.197.23	SESSION-196ad93208fa5be9 → host:177.10.239.211 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4bcbdea9ec1c:port:tcp:443	flow:4bcbdea9ec1c → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-9eb3af12cfff0086:host:172.234.197.23	SESSION-9eb3af12cfff0086 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8432ee5dd236020:host:51.75.171.21	SESSION-d8432ee5dd236020 → host:51.75.171.21
FLOW_TO_HOSTOBS	e:to:SESSION-cf7044e44d29be7c:host:172.234.197.23	SESSION-cf7044e44d29be7c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-409db122b916fc83:flow:9e4fc69d7f5c	SESSION-409db122b916fc83 → flow:9e4fc69d7f5c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1d9ece39eb531c8b:SESSION-1d9ece39eb531c8b	SESSION-1d9ece39eb531c8b → pe:syn:SESSION-1d9ece39eb531c8b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dc65fb323eff44ce:PCAP:capture_20260430070001:903a0e7a436b	SESSION-dc65fb323eff44ce → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-576e43142f03a150:host:177.10.234.219	SESSION-576e43142f03a150 → host:177.10.234.219
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8d0bef7920d84e31:host:172.234.197.23:host:131.196.31.13	SESSION-8d0bef7920d84e31 → host:172.234.197.23 → host:131.196.31.13
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-59a63fae51b24a38:SESSION-59a63fae51b24a38	SESSION-59a63fae51b24a38 → pe:syn:SESSION-59a63fae51b24a38
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.37:asn:262880	host:177.10.232.37 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4531330495d6a6b8:flow:000fd5deac60	SESSION-4531330495d6a6b8 → flow:000fd5deac60
flow_observed5-aryOBS	e:fo:flow:fe21c49df113	flow:fe21c49df113 → host:177.10.235.213 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.50:asn:271410	host:131.196.29.50 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ba98677b43b4662:host:172.234.197.23	SESSION-8ba98677b43b4662 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37e4af30bda4d3e9:host:131.196.29.22:host:172.234.197.23	SESSION-37e4af30bda4d3e9 → host:131.196.29.22 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf988ed4220ca0ac:flow:32b2fdbd6001	SESSION-bf988ed4220ca0ac → flow:32b2fdbd6001
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5cb36fee7e75b97b:host:172.234.197.23	SESSION-5cb36fee7e75b97b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-520789f72dcf866a:SESSION-520789f72dcf866a	SESSION-520789f72dcf866a → pe:tls:SESSION-520789f72dcf866a
ASN_IN_ORGOBS 80%	e:ao:asn:50219:org:Valence Technology Co.	asn:50219 → org:Valence Technology Co.
FLOW_DST_PORTOBS	e:fp:flow:de9828eb48de:port:tcp:443	flow:de9828eb48de → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6aacd35f912a2971:host:177.10.235.202	SESSION-6aacd35f912a2971 → host:177.10.235.202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f3b2b5737f36d7ec:SESSION-f3b2b5737f36d7ec	SESSION-f3b2b5737f36d7ec → pe:tls:SESSION-f3b2b5737f36d7ec
FLOW_TO_HOSTOBS	e:to:SESSION-1c47767899447038:host:172.234.197.23	SESSION-1c47767899447038 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1aca9c39dc4e:port:tcp:443	flow:1aca9c39dc4e → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5d5941c68a821530:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5d5941c68a821530 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.19:asn:273470	host:45.173.156.19 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-6081275b2fa04e5c:host:116.235.165.166	SESSION-6081275b2fa04e5c → host:116.235.165.166
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-08b271f63f4ccc89:PCAP:capture_20260430110001:43611bdf6759	SESSION-08b271f63f4ccc89 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dedab35c401db9fa:flow:eec6bea5ad7b	SESSION-dedab35c401db9fa → flow:eec6bea5ad7b
FLOW_FROM_HOSTOBS	e:from:SESSION-8f486345fbdf5443:host:172.234.197.23	SESSION-8f486345fbdf5443 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-69029b06bbd64972:SESSION-69029b06bbd64972	SESSION-69029b06bbd64972 → pe:syn:SESSION-69029b06bbd64972
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.72:geo_-16.28860_-49.01640	host:177.10.239.72 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.162:asn:262880	host:177.10.235.162 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-853e897de6767cda:flow:b7e210d67eff	SESSION-853e897de6767cda → flow:b7e210d67eff
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8d52381659b8aa3f:flow:e2dc5be34a26	SESSION-8d52381659b8aa3f → flow:e2dc5be34a26
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dedab35c401db9fa:PCAP:capture_20260430060001:919b39a74464	SESSION-dedab35c401db9fa → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.136:asn:271410	host:131.196.31.136 → asn:271410
flow_observed3-aryOBS	e:fo:flow:ea09b1425fd1	flow:ea09b1425fd1 → host:54.250.227.157 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c155b50123efabb5:host:177.10.235.147	SESSION-c155b50123efabb5 → host:177.10.235.147
flow_observed5-aryOBS	e:fo:flow:34d8db9f8965	flow:34d8db9f8965 → host:177.10.236.122 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9beaab7062aef373:host:172.234.197.23	SESSION-9beaab7062aef373 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c31bc4788e97db71:SESSION-c31bc4788e97db71	SESSION-c31bc4788e97db71 → pe:syn:SESSION-c31bc4788e97db71
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.122:geo_-16.28860_-49.01640	host:177.10.239.122 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0684dbb2a7f8dcaf:SESSION-0684dbb2a7f8dcaf	SESSION-0684dbb2a7f8dcaf → pe:tls:SESSION-0684dbb2a7f8dcaf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68317c08ea2eebc2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-68317c08ea2eebc2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77755e4fda54087c:host:172.234.197.23	SESSION-77755e4fda54087c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f6061b9b172c119c:SESSION-f6061b9b172c119c	SESSION-f6061b9b172c119c → pe:syn:SESSION-f6061b9b172c119c
FLOW_TO_HOSTOBS	e:to:SESSION-305a85099066f209:host:131.196.28.242	SESSION-305a85099066f209 → host:131.196.28.242
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-163f2e33c9f4a8f4:PCAP:capture_20260430160001:9bfa4498506a	SESSION-163f2e33c9f4a8f4 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1699a282bb5af583:PCAP:capture_20260430080001:93f47cc296a4	SESSION-1699a282bb5af583 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-e41b633abf5898e8:host:177.10.233.107	SESSION-e41b633abf5898e8 → host:177.10.233.107
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ccddbdb53d5af45:host:172.234.197.23	SESSION-6ccddbdb53d5af45 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3efb69df0be27ca4:host:131.196.29.137:host:172.234.197.23	SESSION-3efb69df0be27ca4 → host:131.196.29.137 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e04d863bd380e3e5:host:177.10.235.200:host:172.234.197.23	SESSION-e04d863bd380e3e5 → host:177.10.235.200 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e91394d00b664372:host:172.234.197.23	SESSION-e91394d00b664372 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b1dabd85b6a07947:host:177.10.232.217	SESSION-b1dabd85b6a07947 → host:177.10.232.217
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3f25ebe7728e5694:flow:18fe52facc0f	SESSION-3f25ebe7728e5694 → flow:18fe52facc0f
FLOW_DST_PORTOBS	e:fp:flow:0bb22495fed6:port:tcp:24622	flow:0bb22495fed6 → port:tcp:24622
FLOW_FROM_HOSTOBS	e:from:SESSION-cfb2466cf35b5342:host:177.10.232.35	SESSION-cfb2466cf35b5342 → host:177.10.232.35
FLOW_DST_PORTOBS	e:fp:flow:180dff40240a:port:tcp:443	flow:180dff40240a → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:d2e20ee2a51f	flow:d2e20ee2a51f → host:45.145.152.169 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6511e777b0d792c1:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6511e777b0d792c1 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d975c41b16afdd4:host:172.234.197.23	SESSION-1d975c41b16afdd4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8fb17d6554827f30:host:177.10.233.167	SESSION-8fb17d6554827f30 → host:177.10.233.167
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-139ea45d2e45809a:host:177.10.237.234:host:172.234.197.23	SESSION-139ea45d2e45809a → host:177.10.237.234 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.158:geo_-23.62930_-46.63510	host:131.196.30.158 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-25103b8a97127215:host:177.10.235.9:host:172.234.197.23	SESSION-25103b8a97127215 → host:177.10.235.9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-06ba851c038c998a:flow:e80b8abc3477	SESSION-06ba851c038c998a → flow:e80b8abc3477
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8684436ffb4e26c7:host:172.234.197.23:host:131.196.29.60	SESSION-8684436ffb4e26c7 → host:172.234.197.23 → host:131.196.29.60
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a3e524c73cd89280:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-a3e524c73cd89280 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3a22e38c714d83c7:flow:534064b8a844	SESSION-3a22e38c714d83c7 → flow:534064b8a844
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ed29e6defb1050d9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ed29e6defb1050d9 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-49fc7ea897578489:host:172.234.197.23	SESSION-49fc7ea897578489 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b577caf03caf	flow:b577caf03caf → host:177.10.238.88 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6535f7c42f72cb7f:host:131.196.30.95	SESSION-6535f7c42f72cb7f → host:131.196.30.95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9df048180bcb59b6:SESSION-9df048180bcb59b6	SESSION-9df048180bcb59b6 → pe:tls:SESSION-9df048180bcb59b6
FLOW_DST_PORTOBS	e:fp:flow:4fc6b8b9e911:port:tcp:443	flow:4fc6b8b9e911 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:c9b2de003e0c	flow:c9b2de003e0c → host:45.173.156.47 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f73f713a631f7530:host:172.234.197.23	SESSION-f73f713a631f7530 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a74ed405a2a2:port:tcp:443	flow:a74ed405a2a2 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:2a6474e91598	flow:2a6474e91598 → host:131.196.31.141 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.213:geo_-23.62930_-46.63510	host:131.196.30.213 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:4914a5c37230:port:tcp:80	flow:4914a5c37230 → port:tcp:80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-17084582559fbd8c:host:172.234.197.23:host:131.196.28.176	SESSION-17084582559fbd8c → host:172.234.197.23 → host:131.196.28.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0847a7bc7e933771:host:131.196.29.16	SESSION-0847a7bc7e933771 → host:131.196.29.16
FLOW_TO_HOSTOBS	e:to:SESSION-4993bcd996008da0:host:172.234.197.23	SESSION-4993bcd996008da0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:feacee804cee:port:tcp:443	flow:feacee804cee → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-4619747059efac6f:host:172.234.197.23	SESSION-4619747059efac6f → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.82:asn:262880	host:177.10.237.82 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-e7341740ccb6f292:host:177.10.232.109	SESSION-e7341740ccb6f292 → host:177.10.232.109
FLOW_TO_HOSTOBS	e:to:SESSION-4ce89d337c6c28e5:host:172.234.197.23	SESSION-4ce89d337c6c28e5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d23179f45fe2:port:tcp:443	flow:d23179f45fe2 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4bd79e02a6b67038:flow:05038aaf6329	SESSION-4bd79e02a6b67038 → flow:05038aaf6329
flow_observed5-aryOBS	e:fo:flow:0d406dc36797	flow:0d406dc36797 → host:2.57.122.196 → host:172.234.197.23 → port:tcp:22 → svc:ssh
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.19:geo_-16.28860_-49.01640	host:177.10.234.19 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-030b2a260e8012dd:host:172.234.197.23	SESSION-030b2a260e8012dd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b1b714ce8916a149:SESSION-b1b714ce8916a149	SESSION-b1b714ce8916a149 → pe:tls:SESSION-b1b714ce8916a149
FLOW_DST_PORTOBS	e:fp:flow:62208a88cbc7:port:tcp:36612	flow:62208a88cbc7 → port:tcp:36612
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9fba97aa139b6de4:host:131.196.31.16:host:172.234.197.23	SESSION-9fba97aa139b6de4 → host:131.196.31.16 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:73e988299d2f	flow:73e988299d2f → host:131.196.29.22 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96878fba39db06d8:PCAP:capture_20260430110001:43611bdf6759	SESSION-96878fba39db06d8 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:66affa9e115f:port:tcp:443	flow:66affa9e115f → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fa9dc0f394726313:host:195.96.138.88:host:172.234.197.23	SESSION-fa9dc0f394726313 → host:195.96.138.88 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5adf4423481534a6:host:172.234.197.23	SESSION-5adf4423481534a6 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:929493d04888	flow:929493d04888 → host:172.234.197.23 → host:177.10.234.6 → port:tcp:23912
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fec8e81be891b7cc:SESSION-fec8e81be891b7cc	SESSION-fec8e81be891b7cc → pe:tls:SESSION-fec8e81be891b7cc
FLOW_TO_HOSTOBS	e:to:SESSION-458a0c6775d84d5e:host:172.234.197.23	SESSION-458a0c6775d84d5e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0537be800f2fa6cb:flow:beb8478974cf	SESSION-0537be800f2fa6cb → flow:beb8478974cf
flow_observed5-aryOBS	e:fo:flow:7f324461981c	flow:7f324461981c → host:177.10.235.6 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:53668eb96100:port:tcp:8952	flow:53668eb96100 → port:tcp:8952
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4628aedb62e0673e:host:131.196.31.21	SESSION-4628aedb62e0673e → host:131.196.31.21
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.141:geo_-23.62930_-46.63510	host:131.196.30.141 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:f678dba79a31	flow:f678dba79a31 → host:177.10.238.9 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dfde0f74dbe81c3a:SESSION-dfde0f74dbe81c3a	SESSION-dfde0f74dbe81c3a → pe:tls:SESSION-dfde0f74dbe81c3a
flow_observed4-aryOBS	e:fo:flow:6443c8802cc9	flow:6443c8802cc9 → host:172.234.197.23 → host:131.196.28.204 → port:tcp:27532
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a83465e2bbc20296:host:131.196.28.234	SESSION-a83465e2bbc20296 → host:131.196.28.234
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f7b35d3dad632382:SESSION-f7b35d3dad632382	SESSION-f7b35d3dad632382 → pe:syn:SESSION-f7b35d3dad632382
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-00ca7ee72922697b:host:172.234.197.23	SESSION-00ca7ee72922697b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.252:asn:262880	host:177.10.237.252 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6ebe77d02701b58:host:92.112.71.14	SESSION-b6ebe77d02701b58 → host:92.112.71.14
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c421ecd159f7b93a:SESSION-c421ecd159f7b93a	SESSION-c421ecd159f7b93a → pe:syn:SESSION-c421ecd159f7b93a
flow_observed5-aryOBS	e:fo:flow:91ba6653c68a	flow:91ba6653c68a → host:45.173.156.35 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:0df55cdf98a4:port:tcp:443	flow:0df55cdf98a4 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.133:geo_-23.62930_-46.63510	host:131.196.31.133 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c977b8f3627ab3c3:SESSION-c977b8f3627ab3c3	SESSION-c977b8f3627ab3c3 → pe:tls:SESSION-c977b8f3627ab3c3
FLOW_TO_HOSTOBS	e:to:SESSION-74d0e7e40a4e478e:host:172.234.197.23	SESSION-74d0e7e40a4e478e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52ffcd7f81b035e2:host:131.196.29.75	SESSION-52ffcd7f81b035e2 → host:131.196.29.75
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e316662e5f9d5ce:host:172.234.197.23	SESSION-2e316662e5f9d5ce → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3bb818ce2b02135d:host:131.196.28.219:host:172.234.197.23	SESSION-3bb818ce2b02135d → host:131.196.28.219 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b97d7b281ae973a8:host:177.10.237.196	SESSION-b97d7b281ae973a8 → host:177.10.237.196
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8c058dbfcf0ab82c:flow:03576699bee3	SESSION-8c058dbfcf0ab82c → flow:03576699bee3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f344d747ad66bc9c:host:177.10.238.207:host:172.234.197.23	SESSION-f344d747ad66bc9c → host:177.10.238.207 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a82d55b52198391:host:131.196.31.118	SESSION-1a82d55b52198391 → host:131.196.31.118
FLOW_FROM_HOSTOBS	e:from:SESSION-9222c19da42c0aaa:host:131.196.30.214	SESSION-9222c19da42c0aaa → host:131.196.30.214
flow_observed4-aryOBS	e:fo:flow:654cced2e929	flow:654cced2e929 → host:172.234.197.23 → host:177.10.233.192 → port:tcp:14898
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a0605f48b345a3ed:PCAP:capture_20260430090001:065659c7d314	SESSION-a0605f48b345a3ed → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-606a9e702080ed7e:flow:543ad9915703	SESSION-606a9e702080ed7e → flow:543ad9915703
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d85be3a5c3c244d6:host:172.234.197.23:host:177.10.239.38	SESSION-d85be3a5c3c244d6 → host:172.234.197.23 → host:177.10.239.38
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.63:asn:271410	host:131.196.31.63 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ae64075781208b0:flow:d685a98a7d85	SESSION-6ae64075781208b0 → flow:d685a98a7d85
flow_observed4-aryOBS	e:fo:flow:88d5a4971090	flow:88d5a4971090 → host:172.234.197.23 → host:131.196.29.203 → port:tcp:47721
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5252ca05229eda25:host:177.10.238.211:host:172.234.197.23	SESSION-5252ca05229eda25 → host:177.10.238.211 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bedf3bb9bf60dde0:host:172.234.197.23	SESSION-bedf3bb9bf60dde0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-10314c25bdbc198a:SESSION-10314c25bdbc198a	SESSION-10314c25bdbc198a → pe:tls:SESSION-10314c25bdbc198a
FLOW_FROM_HOSTOBS	e:from:SESSION-5405d05650907428:host:45.173.156.107	SESSION-5405d05650907428 → host:45.173.156.107
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a84fec3b32ec885d:SESSION-a84fec3b32ec885d	SESSION-a84fec3b32ec885d → pe:syn:SESSION-a84fec3b32ec885d
FLOW_TO_HOSTOBS	e:to:SESSION-e8278f913dbee560:host:172.234.197.23	SESSION-e8278f913dbee560 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4eeddeaeae099136:flow:53321ee7cdbc	SESSION-4eeddeaeae099136 → flow:53321ee7cdbc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9fad2531a6ee4032:SESSION-9fad2531a6ee4032	SESSION-9fad2531a6ee4032 → pe:syn:SESSION-9fad2531a6ee4032
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fb20cb96e066d018:flow:44ae2f180ff5	SESSION-fb20cb96e066d018 → flow:44ae2f180ff5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c5f8419335024f52:SESSION-c5f8419335024f52	SESSION-c5f8419335024f52 → pe:syn:SESSION-c5f8419335024f52
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5c1a2c7dc69870b1:SESSION-5c1a2c7dc69870b1	SESSION-5c1a2c7dc69870b1 → pe:tls:SESSION-5c1a2c7dc69870b1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b308d2f7d4fdfaa:host:172.234.197.23	SESSION-7b308d2f7d4fdfaa → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c059322f6c89:port:tcp:443	flow:c059322f6c89 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.95:asn:271410	host:131.196.31.95 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:19ae6f68407d:port:tcp:443	flow:19ae6f68407d → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a27e337d4c0b49f3:PCAP:capture_20260430090001:065659c7d314	SESSION-a27e337d4c0b49f3 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-63e564f28f734573:SESSION-63e564f28f734573	SESSION-63e564f28f734573 → pe:syn:SESSION-63e564f28f734573
FLOW_TO_HOSTOBS	e:to:SESSION-7d436d9a2a0e2483:host:172.234.197.23	SESSION-7d436d9a2a0e2483 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e7f9687dfabd8cdb:host:172.234.197.23	SESSION-e7f9687dfabd8cdb → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-66746867faa9cf3c:PCAP:capture_20260430060001:919b39a74464	SESSION-66746867faa9cf3c → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:a2aa611e0372:port:tcp:443	flow:a2aa611e0372 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-ddb8ef81f168c6c0:host:172.234.197.23	SESSION-ddb8ef81f168c6c0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e3a0847605e0d04e:SESSION-e3a0847605e0d04e	SESSION-e3a0847605e0d04e → pe:tls:SESSION-e3a0847605e0d04e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-7c35a263dbc41a3d:SESSION-7c35a263dbc41a3d	SESSION-7c35a263dbc41a3d → pe:rst:SESSION-7c35a263dbc41a3d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.11:geo_-23.62930_-46.63510	host:131.196.31.11 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aec01d0deaddfc4b:SESSION-aec01d0deaddfc4b	SESSION-aec01d0deaddfc4b → pe:syn:SESSION-aec01d0deaddfc4b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:91.99.124.205:geo_50.47770_12.36490	host:91.99.124.205 → geo_50.47770_12.36490
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f86e42aef9b2f482:host:131.196.30.39	SESSION-f86e42aef9b2f482 → host:131.196.30.39
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cddf604912330e1b:host:45.173.156.76	SESSION-cddf604912330e1b → host:45.173.156.76
flow_observed5-aryOBS	e:fo:flow:7e6cf50ce9e4	flow:7e6cf50ce9e4 → host:177.10.233.239 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be0f12df58cf6d46:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-be0f12df58cf6d46 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-c7b12eb68f09b08a:host:177.10.239.192	SESSION-c7b12eb68f09b08a → host:177.10.239.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-142a24cb96c02884:SESSION-142a24cb96c02884	SESSION-142a24cb96c02884 → pe:syn:SESSION-142a24cb96c02884
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-295a993db8b4e397:host:177.10.238.5:host:172.234.197.23	SESSION-295a993db8b4e397 → host:177.10.238.5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-27da8f08a1512941:SESSION-27da8f08a1512941	SESSION-27da8f08a1512941 → pe:tls:SESSION-27da8f08a1512941
FLOW_QUERIED_DNSOBS	e:fd:flow:1b01833b9299:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:1b01833b9299 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
FLOW_DST_PORTOBS	e:fp:flow:ad31982a38b2:port:tcp:22	flow:ad31982a38b2 → port:tcp:22
FLOW_DST_PORTOBS	e:fp:flow:0691a722d6b7:port:tcp:443	flow:0691a722d6b7 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-de23fe28677c4a6e:PCAP:capture_20260430150001:ded20914761d	SESSION-de23fe28677c4a6e → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-de23fe28677c4a6e:host:172.234.197.23:host:131.196.28.208	SESSION-de23fe28677c4a6e → host:172.234.197.23 → host:131.196.28.208
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4d5ec492dcde12c:host:131.196.30.74	SESSION-b4d5ec492dcde12c → host:131.196.30.74
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ad03ceeb377f3976:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-ad03ceeb377f3976 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d93e05fe8ec7e58:host:131.196.29.35	SESSION-6d93e05fe8ec7e58 → host:131.196.29.35
FLOW_DST_PORTOBS	e:fp:flow:df5a8f8b6956:port:tcp:54610	flow:df5a8f8b6956 → port:tcp:54610
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-add028e8e7760fa2:SESSION-add028e8e7760fa2	SESSION-add028e8e7760fa2 → pe:syn:SESSION-add028e8e7760fa2
FLOW_DST_PORTOBS	e:fp:flow:0ed5acb768fc:port:tcp:443	flow:0ed5acb768fc → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca1727d5d29ffb7f:host:172.234.197.23	SESSION-ca1727d5d29ffb7f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-22bb8f06cde321ca:flow:510e35c8d36e	SESSION-22bb8f06cde321ca → flow:510e35c8d36e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5ee9797d15d423e:host:172.234.197.23	SESSION-b5ee9797d15d423e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fae3464e58310370:SESSION-fae3464e58310370	SESSION-fae3464e58310370 → pe:tls:SESSION-fae3464e58310370
FLOW_FROM_HOSTOBS	e:from:SESSION-805d717a82cbb042:host:172.234.197.23	SESSION-805d717a82cbb042 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9fad2531a6ee4032:PCAP:capture_20260430110001:43611bdf6759	SESSION-9fad2531a6ee4032 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-20066dd45b76b973:flow:016756b273f6	SESSION-20066dd45b76b973 → flow:016756b273f6
FLOW_DST_PORTOBS	e:fp:flow:fe55cb260818:port:tcp:443	flow:fe55cb260818 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b23254615c6167a0:host:177.10.235.59	SESSION-b23254615c6167a0 → host:177.10.235.59
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-56fe4753b2794494:flow:68d41f876fc0	SESSION-56fe4753b2794494 → flow:68d41f876fc0
FLOW_FROM_HOSTOBS	e:from:SESSION-bf12b1de67086909:host:45.173.156.84	SESSION-bf12b1de67086909 → host:45.173.156.84
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-75add779b1a22971:host:172.234.197.23:host:2.57.121.112	SESSION-75add779b1a22971 → host:172.234.197.23 → host:2.57.121.112
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d8cc052a984adc75:SESSION-d8cc052a984adc75	SESSION-d8cc052a984adc75 → pe:syn:SESSION-d8cc052a984adc75
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d508940aefc84528:flow:a0f17022a425	SESSION-d508940aefc84528 → flow:a0f17022a425
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7c274d9ac0119175:flow:f07ae9327f23	SESSION-7c274d9ac0119175 → flow:f07ae9327f23
FLOW_DST_PORTOBS	e:fp:flow:a47a7c567369:port:tcp:35881	flow:a47a7c567369 → port:tcp:35881
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d28501729ed200f7:host:172.234.197.23	SESSION-d28501729ed200f7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-58a871785a3878fd:SESSION-58a871785a3878fd	SESSION-58a871785a3878fd → pe:syn:SESSION-58a871785a3878fd
FLOW_DST_PORTOBS	e:fp:flow:a3872eabdf69:port:tcp:443	flow:a3872eabdf69 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-d147f8cae941ed80:host:131.196.31.2	SESSION-d147f8cae941ed80 → host:131.196.31.2
flow_observed5-aryOBS	e:fo:flow:6d32e46c8f2d	flow:6d32e46c8f2d → host:177.10.232.222 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.220:geo_-23.62930_-46.63510	host:131.196.31.220 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:5961da0e448a	flow:5961da0e448a → host:45.173.156.164 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.80:geo_-16.28860_-49.01640	host:177.10.232.80 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d6eb1289c3370840:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d6eb1289c3370840 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-319dd83e6310ac59:SESSION-319dd83e6310ac59	SESSION-319dd83e6310ac59 → pe:tls:SESSION-319dd83e6310ac59
flow_observed5-aryOBS	e:fo:flow:478fb11578dd	flow:478fb11578dd → host:177.10.237.73 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.185:geo_-16.28860_-49.01640	host:177.10.239.185 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-76ac71b30f764df7:host:172.234.197.23	SESSION-76ac71b30f764df7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc35857ee3808de8:host:131.196.31.37	SESSION-cc35857ee3808de8 → host:131.196.31.37
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a0e660e7f8fdd6f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-4a0e660e7f8fdd6f → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7912a0e1302b3ba3:host:172.234.197.23	SESSION-7912a0e1302b3ba3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-664631b6c582f1f7:host:177.10.236.86	SESSION-664631b6c582f1f7 → host:177.10.236.86
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.19:geo_-23.62930_-46.63510	host:131.196.28.19 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e6f5f35bde9b3d2:SESSION-7e6f5f35bde9b3d2	SESSION-7e6f5f35bde9b3d2 → pe:syn:SESSION-7e6f5f35bde9b3d2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-19e0bdfc1305c6ba:SESSION-19e0bdfc1305c6ba	SESSION-19e0bdfc1305c6ba → pe:tls:SESSION-19e0bdfc1305c6ba
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf36cee0aa989ce3:host:172.234.197.23	SESSION-bf36cee0aa989ce3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d60c66268e099206:host:172.234.197.23:host:177.10.237.80	SESSION-d60c66268e099206 → host:172.234.197.23 → host:177.10.237.80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4d1e35f842f44326:host:177.10.232.34:host:172.234.197.23	SESSION-4d1e35f842f44326 → host:177.10.232.34 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e25d600ec07dd53e:host:172.234.197.23	SESSION-e25d600ec07dd53e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ac69dcbefbb93dfd:flow:219e467789b8	SESSION-ac69dcbefbb93dfd → flow:219e467789b8
FLOW_FROM_HOSTOBS	e:from:SESSION-8663c7c8fd51be8d:host:177.10.238.146	SESSION-8663c7c8fd51be8d → host:177.10.238.146
FLOW_DST_PORTOBS	e:fp:flow:2d1cf2749b3f:port:tcp:443	flow:2d1cf2749b3f → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.109:asn:203771	host:45.145.152.109 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:2e98db8cda75:port:tcp:443	flow:2e98db8cda75 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3094c6d527f665e9:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-3094c6d527f665e9 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.164:asn:262880	host:177.10.237.164 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-074c4a6b1ee06430:flow:3442e9a21fdf	SESSION-074c4a6b1ee06430 → flow:3442e9a21fdf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.16:geo_-16.28860_-49.01640	host:177.10.238.16 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-08924e756ead6523:host:154.85.87.65:host:172.234.197.23	SESSION-08924e756ead6523 → host:154.85.87.65 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e2b4854b4491f9b7:flow:0f5278c2bb93	SESSION-e2b4854b4491f9b7 → flow:0f5278c2bb93
flow_observed5-aryOBS	e:fo:flow:7d9a7cb09d6c	flow:7d9a7cb09d6c → host:131.196.29.192 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:b6d722c11701:port:tcp:443	flow:b6d722c11701 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-948ad6eee5512e98:flow:312734cc429c	SESSION-948ad6eee5512e98 → flow:312734cc429c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1ff5f640d9a1d3a:host:177.10.237.153	SESSION-e1ff5f640d9a1d3a → host:177.10.237.153
flow_observed5-aryOBS	e:fo:flow:6d6065168bb6	flow:6d6065168bb6 → host:177.10.233.52 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a58d8beb20a4c9e1:host:54.201.215.37:host:172.234.197.23	SESSION-a58d8beb20a4c9e1 → host:54.201.215.37 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0f3b543446abe714:host:131.196.29.132	SESSION-0f3b543446abe714 → host:131.196.29.132
FLOW_TO_HOSTOBS	e:to:SESSION-11c0fc2d370ea41a:host:131.196.31.239	SESSION-11c0fc2d370ea41a → host:131.196.31.239
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bff0166abbd0d576:flow:1f272876d5bf	SESSION-bff0166abbd0d576 → flow:1f272876d5bf
FLOW_FROM_HOSTOBS	e:from:SESSION-c532caa5d41cfcbc:host:5.75.182.251	SESSION-c532caa5d41cfcbc → host:5.75.182.251
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c282c87f3b4a743:host:177.10.235.179	SESSION-3c282c87f3b4a743 → host:177.10.235.179
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.23:asn:271410	host:131.196.31.23 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51c7000fcfeb98d4:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-51c7000fcfeb98d4 → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed5-aryOBS	e:fo:flow:d56ee3dd8c0b	flow:d56ee3dd8c0b → host:177.10.236.144 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-00f403aeec8e6c17:SESSION-00f403aeec8e6c17	SESSION-00f403aeec8e6c17 → pe:syn:SESSION-00f403aeec8e6c17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bee41282d03c4eb5:host:172.234.197.23	SESSION-bee41282d03c4eb5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c2cb78a800ce3917:host:172.234.197.23:host:177.10.232.168	SESSION-c2cb78a800ce3917 → host:172.234.197.23 → host:177.10.232.168
FLOW_FROM_HOSTOBS	e:from:SESSION-41d09b35a7c7bf56:host:172.234.197.23	SESSION-41d09b35a7c7bf56 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a846b5687af75eeb:SESSION-a846b5687af75eeb	SESSION-a846b5687af75eeb → pe:syn:SESSION-a846b5687af75eeb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-46a01539128daee6:SESSION-46a01539128daee6	SESSION-46a01539128daee6 → pe:tls:SESSION-46a01539128daee6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.48:geo_-21.10010_-41.69200	host:45.173.156.48 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6cb17c89d7425739:SESSION-6cb17c89d7425739	SESSION-6cb17c89d7425739 → pe:tls:SESSION-6cb17c89d7425739
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ddbd1238f020bf6b:SESSION-ddbd1238f020bf6b	SESSION-ddbd1238f020bf6b → pe:tls:SESSION-ddbd1238f020bf6b
FLOW_DST_PORTOBS	e:fp:flow:cc96ecdc8b9f:port:tcp:443	flow:cc96ecdc8b9f → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:c1a070eb40ea:port:tcp:42342	flow:c1a070eb40ea → port:tcp:42342
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eaf9de21464647a2:PCAP:capture_20260430050001:8868731bf8a4	SESSION-eaf9de21464647a2 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:47b8c9445e07	flow:47b8c9445e07 → host:172.234.197.23 → host:177.10.237.249 → port:tcp:64564
FLOW_TO_HOSTOBS	e:to:SESSION-17fb8dd67040757e:host:177.10.233.63	SESSION-17fb8dd67040757e → host:177.10.233.63
FLOW_TO_HOSTOBS	e:to:SESSION-12c594123030dc05:host:172.234.197.23	SESSION-12c594123030dc05 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-845fd343ebc60049:PCAP:capture_20260430090001:065659c7d314	SESSION-845fd343ebc60049 → PCAP:capture_20260430090001:065659c7d314
flow_observed4-aryOBS	e:fo:flow:73447e28b1e9	flow:73447e28b1e9 → host:172.234.197.23 → host:177.10.236.43 → port:tcp:57171
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11da84003d7810c4:host:172.234.197.23	SESSION-11da84003d7810c4 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:40788:org:Start Communications	asn:40788 → org:Start Communications
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8b3ab5aeea0af112:PCAP:capture_20260430110001:43611bdf6759	SESSION-8b3ab5aeea0af112 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-5f215cf2f031026d:host:177.10.237.80	SESSION-5f215cf2f031026d → host:177.10.237.80
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.94:geo_-16.28860_-49.01640	host:177.10.239.94 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-2eff7ebef8fd9091:host:172.234.197.23	SESSION-2eff7ebef8fd9091 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b338c508fb604797:SESSION-b338c508fb604797	SESSION-b338c508fb604797 → pe:syn:SESSION-b338c508fb604797
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b61117bf3d91dba8:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b61117bf3d91dba8 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fbd574144622ed91:SESSION-fbd574144622ed91	SESSION-fbd574144622ed91 → pe:syn:SESSION-fbd574144622ed91
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f033dc8b343a68ab:flow:e658d099a963	SESSION-f033dc8b343a68ab → flow:e658d099a963
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84a17a716ed94f5c:host:172.234.197.23	SESSION-84a17a716ed94f5c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e8f7fc765f54b5ec:SESSION-e8f7fc765f54b5ec	SESSION-e8f7fc765f54b5ec → pe:syn:SESSION-e8f7fc765f54b5ec
FLOW_TO_HOSTOBS	e:to:SESSION-ab83f0ea1c3b60ab:host:131.196.29.103	SESSION-ab83f0ea1c3b60ab → host:131.196.29.103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e2a96a3225ff388:host:172.234.197.23	SESSION-7e2a96a3225ff388 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-133d7db2ccbe04c8:PCAP:capture_20260430090001:065659c7d314	SESSION-133d7db2ccbe04c8 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c88d3e9918500cb2:host:172.234.197.23	SESSION-c88d3e9918500cb2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-347bad418eab3a6f:host:177.10.236.144	SESSION-347bad418eab3a6f → host:177.10.236.144
FLOW_TO_HOSTOBS	e:to:SESSION-baf6029a4a920bc4:host:172.234.197.23	SESSION-baf6029a4a920bc4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fa0b840fdb1355d3:host:131.196.30.91:host:172.234.197.23	SESSION-fa0b840fdb1355d3 → host:131.196.30.91 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c4503d5677d79139:host:177.10.237.138	SESSION-c4503d5677d79139 → host:177.10.237.138
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7cb141c8461d1a4d:host:131.196.29.23:host:172.234.197.23	SESSION-7cb141c8461d1a4d → host:131.196.29.23 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-dd1fe9b471d92d57:host:177.10.234.51	SESSION-dd1fe9b471d92d57 → host:177.10.234.51
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3b8a5f0932f0fd6d:host:88.99.91.59	SESSION-3b8a5f0932f0fd6d → host:88.99.91.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b8b9e098330595b:host:172.234.197.23	SESSION-8b8b9e098330595b → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e6a33b2431fb	flow:e6a33b2431fb → host:172.234.197.23 → host:177.10.237.18 → port:tcp:42045
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6d2d33fef3a69334:SESSION-6d2d33fef3a69334	SESSION-6d2d33fef3a69334 → pe:tls:SESSION-6d2d33fef3a69334
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f56adc7043a43d99:host:172.234.197.23	SESSION-f56adc7043a43d99 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ef90c0e24c7a1c11:SESSION-ef90c0e24c7a1c11	SESSION-ef90c0e24c7a1c11 → pe:syn:SESSION-ef90c0e24c7a1c11
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1fb163f3769ccb67:PCAP:capture_20260430150001:ded20914761d	SESSION-1fb163f3769ccb67 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-11e7a161068ba48e:SESSION-11e7a161068ba48e	SESSION-11e7a161068ba48e → pe:tls:SESSION-11e7a161068ba48e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7c6e69b3f05bcd99:flow:d3825fb81dc5	SESSION-7c6e69b3f05bcd99 → flow:d3825fb81dc5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1053aee7675dcd07:host:177.10.236.253	SESSION-1053aee7675dcd07 → host:177.10.236.253
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f7287a957cb5e0d9:host:172.234.197.23:host:177.10.239.184	SESSION-f7287a957cb5e0d9 → host:172.234.197.23 → host:177.10.239.184
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19f4ea615eaf7325:host:172.234.197.23	SESSION-19f4ea615eaf7325 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3168a3173448dd7d:host:177.10.239.77	SESSION-3168a3173448dd7d → host:177.10.239.77
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-921caeacc0f03622:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-921caeacc0f03622 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:5e088d8e5126:port:tcp:31653	flow:5e088d8e5126 → port:tcp:31653
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.16:asn:262880	host:177.10.237.16 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-20c0393579af9382:host:131.196.28.59	SESSION-20c0393579af9382 → host:131.196.28.59
FLOW_TO_HOSTOBS	e:to:SESSION-921389e161f019e9:host:177.10.235.205	SESSION-921389e161f019e9 → host:177.10.235.205
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ed760af2d8fedd4:flow:a930bba2e2dc	SESSION-2ed760af2d8fedd4 → flow:a930bba2e2dc
flow_observed5-aryOBS	e:fo:flow:da047bc8435b	flow:da047bc8435b → host:91.240.224.238 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-defe39665fdb6580:host:177.10.237.83:host:172.234.197.23	SESSION-defe39665fdb6580 → host:177.10.237.83 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0afc12079a05a1b1:SESSION-0afc12079a05a1b1	SESSION-0afc12079a05a1b1 → pe:syn:SESSION-0afc12079a05a1b1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f07097ffc1d464e5:SESSION-f07097ffc1d464e5	SESSION-f07097ffc1d464e5 → pe:tls:SESSION-f07097ffc1d464e5
FLOW_TO_HOSTOBS	e:to:SESSION-c4d7e31822e7386a:host:172.234.197.23	SESSION-c4d7e31822e7386a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-331f26717743f7bf:host:131.196.28.246:host:172.234.197.23	SESSION-331f26717743f7bf → host:131.196.28.246 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.146:asn:262880	host:177.10.233.146 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8d89328eefc28d4:host:131.196.28.198	SESSION-d8d89328eefc28d4 → host:131.196.28.198
FLOW_TO_HOSTOBS	e:to:SESSION-ce9448c6704b565d:host:172.234.197.23	SESSION-ce9448c6704b565d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2f93cb0de4645e47:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2f93cb0de4645e47 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-a1d147c13acfa404:host:45.173.156.164	SESSION-a1d147c13acfa404 → host:45.173.156.164
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-69029b06bbd64972:host:177.10.234.51:host:172.234.197.23	SESSION-69029b06bbd64972 → host:177.10.234.51 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1fc6dd1896fecefa:SESSION-1fc6dd1896fecefa	SESSION-1fc6dd1896fecefa → pe:syn:SESSION-1fc6dd1896fecefa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65029066d9cd1f24:SESSION-65029066d9cd1f24	SESSION-65029066d9cd1f24 → pe:tls:SESSION-65029066d9cd1f24
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d47b6311855994f0:PCAP:capture_20260430150001:ded20914761d	SESSION-d47b6311855994f0 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:0eac9f1304ea:port:tcp:80	flow:0eac9f1304ea → port:tcp:80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-62d5a334e1fc9bd1:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-62d5a334e1fc9bd1 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cac46254a85b1ec3:host:131.196.31.43	SESSION-cac46254a85b1ec3 → host:131.196.31.43
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c393069a667f4e79:SESSION-c393069a667f4e79	SESSION-c393069a667f4e79 → pe:syn:SESSION-c393069a667f4e79
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-24ee0ec1cbf12b9d:host:185.231.226.205:host:172.234.197.23	SESSION-24ee0ec1cbf12b9d → host:185.231.226.205 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d5d486009dccd362:SESSION-d5d486009dccd362	SESSION-d5d486009dccd362 → pe:syn:SESSION-d5d486009dccd362
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d53928eb39cd6093:flow:8d2f335c9cd5	SESSION-d53928eb39cd6093 → flow:8d2f335c9cd5
FLOW_TO_HOSTOBS	e:to:SESSION-bde2562b2e16b844:host:177.10.235.14	SESSION-bde2562b2e16b844 → host:177.10.235.14
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-414103fa622913fc:host:213.209.159.159	SESSION-414103fa622913fc → host:213.209.159.159
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d957287df88430bb:host:172.234.197.23	SESSION-d957287df88430bb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f10bcf378efcbb9:host:177.10.239.199	SESSION-9f10bcf378efcbb9 → host:177.10.239.199
flow_observed5-aryOBS	e:fo:flow:094d156117d7	flow:094d156117d7 → host:45.173.156.87 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.0:geo_-16.28860_-49.01640	host:177.10.239.0 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9ef36b158fc63267:flow:fa2e9bc8f3da	SESSION-9ef36b158fc63267 → flow:fa2e9bc8f3da
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4fe97044eaa4ff8:host:177.10.236.124:host:172.234.197.23	SESSION-c4fe97044eaa4ff8 → host:177.10.236.124 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:15df16109c4b	flow:15df16109c4b → host:177.10.239.192 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2634dc5934886659:host:131.196.31.239:host:172.234.197.23	SESSION-2634dc5934886659 → host:131.196.31.239 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b1e49cd1beb0:port:tcp:443	flow:b1e49cd1beb0 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-67f971eb3e92b8d2:PCAP:capture_20260430160001:9bfa4498506a	SESSION-67f971eb3e92b8d2 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-df6efecba493c79c:PCAP:capture_20260430090001:065659c7d314	SESSION-df6efecba493c79c → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:b035af59ec11:port:tcp:41946	flow:b035af59ec11 → port:tcp:41946
FLOW_DST_PORTOBS	e:fp:flow:e0ae4a4ac42f:port:tcp:443	flow:e0ae4a4ac42f → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:111b323c837f	flow:111b323c837f → host:131.196.28.160 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-38a9f2b2580a8fb5:host:131.196.30.12	SESSION-38a9f2b2580a8fb5 → host:131.196.30.12
FLOW_DST_PORTOBS	e:fp:flow:a853b92280fb:port:tcp:443	flow:a853b92280fb → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cbaaa2b8364f7158:SESSION-cbaaa2b8364f7158	SESSION-cbaaa2b8364f7158 → pe:tls:SESSION-cbaaa2b8364f7158
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%	e:bsg:SESSION-3eb6cc7ca453157a:BSG-DATA_EXFIL-590627668243	SESSION-3eb6cc7ca453157a → BSG-DATA_EXFIL-590627668243
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e6a5c0858fcd0d09:SESSION-e6a5c0858fcd0d09	SESSION-e6a5c0858fcd0d09 → pe:tls:SESSION-e6a5c0858fcd0d09
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4cc2e8571100ea2b:host:177.10.232.136	SESSION-4cc2e8571100ea2b → host:177.10.232.136
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8f5b7d4cd5351b11:host:177.10.233.88:host:172.234.197.23	SESSION-8f5b7d4cd5351b11 → host:177.10.233.88 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6420523769b66d4c:host:177.10.237.43	SESSION-6420523769b66d4c → host:177.10.237.43
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-70e7a4a5208b1da3:host:177.10.237.89:host:172.234.197.23	SESSION-70e7a4a5208b1da3 → host:177.10.237.89 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-efcc1618f79daeb7:host:172.234.197.23	SESSION-efcc1618f79daeb7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.47:geo_-16.28860_-49.01640	host:177.10.233.47 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96ad3251c1ecb855:SESSION-96ad3251c1ecb855	SESSION-96ad3251c1ecb855 → pe:syn:SESSION-96ad3251c1ecb855
flow_observed4-aryOBS	e:fo:flow:4f9ba05f8ce7	flow:4f9ba05f8ce7 → host:172.234.197.23 → host:177.10.234.113 → port:tcp:24306
flow_observed4-aryOBS	e:fo:flow:58e329a82c5e	flow:58e329a82c5e → host:172.234.197.23 → host:131.196.29.29 → port:tcp:41399
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ed2dc2be6795ae2:host:177.10.232.149:host:172.234.197.23	SESSION-5ed2dc2be6795ae2 → host:177.10.232.149 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8a57b2200e62e75:host:177.10.233.11:host:172.234.197.23	SESSION-c8a57b2200e62e75 → host:177.10.233.11 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9726c360f8e7f49c:host:177.10.236.102	SESSION-9726c360f8e7f49c → host:177.10.236.102
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b16751dae4d82103:host:177.10.236.16	SESSION-b16751dae4d82103 → host:177.10.236.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-17084582559fbd8c:SESSION-17084582559fbd8c	SESSION-17084582559fbd8c → pe:tls:SESSION-17084582559fbd8c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-474ea5236769f0a3:SESSION-474ea5236769f0a3	SESSION-474ea5236769f0a3 → pe:tls:SESSION-474ea5236769f0a3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b61117bf3d91dba8:flow:e7c4ea58d513	SESSION-b61117bf3d91dba8 → flow:e7c4ea58d513
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-05b6ffb2a7e9e145:host:177.10.235.131	SESSION-05b6ffb2a7e9e145 → host:177.10.235.131
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-139cf5bd66e27bf0:SESSION-139cf5bd66e27bf0	SESSION-139cf5bd66e27bf0 → pe:syn:SESSION-139cf5bd66e27bf0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4bd4f427df690125:host:177.10.237.223:host:172.234.197.23	SESSION-4bd4f427df690125 → host:177.10.237.223 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e872279913929717:host:177.10.232.35	SESSION-e872279913929717 → host:177.10.232.35
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b11ad70426b43374:host:177.10.235.36	SESSION-b11ad70426b43374 → host:177.10.235.36
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eaf5b03036efa5c6:host:185.231.226.223:host:172.234.197.23	SESSION-eaf5b03036efa5c6 → host:185.231.226.223 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-bb9766ebe449a845:SESSION-bb9766ebe449a845	SESSION-bb9766ebe449a845 → pe:rst:SESSION-bb9766ebe449a845
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-422ba54da9c49203:SESSION-422ba54da9c49203	SESSION-422ba54da9c49203 → pe:tls:SESSION-422ba54da9c49203
FLOW_DST_PORTOBS	e:fp:flow:9150fc122a60:port:tcp:13104	flow:9150fc122a60 → port:tcp:13104
FLOW_TO_HOSTOBS	e:to:SESSION-592f6a5ffad96a3b:host:172.234.197.23	SESSION-592f6a5ffad96a3b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.53:asn:262880	host:177.10.239.53 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e1d806fe7541c4b2:SESSION-e1d806fe7541c4b2	SESSION-e1d806fe7541c4b2 → pe:syn:SESSION-e1d806fe7541c4b2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f9d01126d5763bf9:SESSION-f9d01126d5763bf9	SESSION-f9d01126d5763bf9 → pe:tls:SESSION-f9d01126d5763bf9
FLOW_DST_PORTOBS	e:fp:flow:9c90a0ccccb1:port:tcp:443	flow:9c90a0ccccb1 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-e6588ddd9fabb341:host:177.10.235.214	SESSION-e6588ddd9fabb341 → host:177.10.235.214
FLOW_TO_HOSTOBS	e:to:SESSION-0a05a386609def1c:host:172.234.197.23	SESSION-0a05a386609def1c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c382f6b8063de44f:host:131.196.30.9:host:172.234.197.23	SESSION-c382f6b8063de44f → host:131.196.30.9 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f30fa3bd65a965fa:host:172.234.197.23	SESSION-f30fa3bd65a965fa → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-76512232807349be:host:172.234.197.23	SESSION-76512232807349be → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7eb452f0b60197b3:host:172.234.197.23:host:45.173.156.150	SESSION-7eb452f0b60197b3 → host:172.234.197.23 → host:45.173.156.150
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2d6545f001e19457:SESSION-2d6545f001e19457	SESSION-2d6545f001e19457 → pe:tls:SESSION-2d6545f001e19457
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-98d504bd384337f5:host:177.10.235.147:host:172.234.197.23	SESSION-98d504bd384337f5 → host:177.10.235.147 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-364513c2995bfd3b:host:172.234.197.23	SESSION-364513c2995bfd3b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ac8ab77b48a8c37:host:177.10.238.250:host:172.234.197.23	SESSION-6ac8ab77b48a8c37 → host:177.10.238.250 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:781e6bc42ab0	flow:781e6bc42ab0 → host:54.186.85.102 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0ccbf098e115515a:host:172.234.197.23	SESSION-0ccbf098e115515a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a269382e1e5b425:host:131.196.29.151	SESSION-9a269382e1e5b425 → host:131.196.29.151
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.194:geo_-23.62930_-46.63510	host:131.196.31.194 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:e676589bf44a	flow:e676589bf44a → host:177.10.234.164 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.44:asn:262880	host:177.10.238.44 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-4a7bf37c238cc392:host:131.196.30.135	SESSION-4a7bf37c238cc392 → host:131.196.30.135
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-79574872517ba47f:host:172.234.197.23:host:177.10.234.56	SESSION-79574872517ba47f → host:172.234.197.23 → host:177.10.234.56
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a09dd97dc23cca0:host:177.10.235.70	SESSION-1a09dd97dc23cca0 → host:177.10.235.70
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-bfbb16ce344dac5c:BSG-DATA_EXFIL-ed038fad8256	SESSION-bfbb16ce344dac5c → BSG-DATA_EXFIL-ed038fad8256
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.97:asn:273470	host:45.173.156.97 → asn:273470
flow_observed4-aryOBS	e:fo:flow:d1b35c5e32e7	flow:d1b35c5e32e7 → host:172.234.197.23 → host:177.10.236.176 → port:tcp:42738
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e9e5b45e575f3797:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e9e5b45e575f3797 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-48bb234f8161dc4f:host:177.10.237.66	SESSION-48bb234f8161dc4f → host:177.10.237.66
flow_observed5-aryOBS	e:fo:flow:8a86df2a5d76	flow:8a86df2a5d76 → host:131.196.30.191 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-a5106b190666c06c:host:131.196.30.125	SESSION-a5106b190666c06c → host:131.196.30.125
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e700dd1746307a02:PCAP:capture_20260430060001:919b39a74464	SESSION-e700dd1746307a02 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-6d547ed30afcbb9f:host:172.234.197.23	SESSION-6d547ed30afcbb9f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3e361598c12a1af0:SESSION-3e361598c12a1af0	SESSION-3e361598c12a1af0 → pe:tls:SESSION-3e361598c12a1af0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8d9cfeb1a925e0c3:SESSION-8d9cfeb1a925e0c3	SESSION-8d9cfeb1a925e0c3 → pe:tls:SESSION-8d9cfeb1a925e0c3
FLOW_FROM_HOSTOBS	e:from:SESSION-db76c4941d3529f6:host:172.234.197.23	SESSION-db76c4941d3529f6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b64d5290bb69	flow:b64d5290bb69 → host:177.10.235.84 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5405d05650907428:host:45.173.156.107	SESSION-5405d05650907428 → host:45.173.156.107
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8cf2e3dd1491b22c:SESSION-8cf2e3dd1491b22c	SESSION-8cf2e3dd1491b22c → pe:syn:SESSION-8cf2e3dd1491b22c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b699e12e3fdc2278:PCAP:capture_20260430110001:43611bdf6759	SESSION-b699e12e3fdc2278 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:3d634a6706b3:port:tcp:61538	flow:3d634a6706b3 → port:tcp:61538
FLOW_FROM_HOSTOBS	e:from:SESSION-e3b214bdb989f663:host:177.10.235.196	SESSION-e3b214bdb989f663 → host:177.10.235.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0dd74fd8f314e65:host:172.234.197.23	SESSION-f0dd74fd8f314e65 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ae64075781208b0:host:172.234.197.23:host:177.10.235.177	SESSION-6ae64075781208b0 → host:172.234.197.23 → host:177.10.235.177
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.54:asn:262880	host:177.10.232.54 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-217f16055e8d00da:flow:f77233f9c1d1	SESSION-217f16055e8d00da → flow:f77233f9c1d1
flow_observed5-aryOBS	e:fo:flow:b2facc8158c8	flow:b2facc8158c8 → host:177.10.236.102 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.112:asn:262880	host:177.10.232.112 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db0c4d22fd57aedf:flow:08b00cb520f1	SESSION-db0c4d22fd57aedf → flow:08b00cb520f1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3bebc5cb41e4621f:host:177.10.239.91:host:172.234.197.23	SESSION-3bebc5cb41e4621f → host:177.10.239.91 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c6936c129ef58e74:SESSION-c6936c129ef58e74	SESSION-c6936c129ef58e74 → pe:tls:SESSION-c6936c129ef58e74
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-87bc9df611d2f97d:host:177.10.237.118:host:172.234.197.23	SESSION-87bc9df611d2f97d → host:177.10.237.118 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c8277822e9833952:host:172.234.197.23	SESSION-c8277822e9833952 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2996f9b3a522abad:host:131.196.30.145:host:172.234.197.23	SESSION-2996f9b3a522abad → host:131.196.30.145 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b11513eff2bd1e6:host:131.196.29.215:host:172.234.197.23	SESSION-7b11513eff2bd1e6 → host:131.196.29.215 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.116:geo_-16.28860_-49.01640	host:177.10.239.116 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:e0b427fe2d6e:port:tcp:443	flow:e0b427fe2d6e → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:8b1738dc4ada	flow:8b1738dc4ada → host:177.10.234.161 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8e2a1b696130dd57:SESSION-8e2a1b696130dd57	SESSION-8e2a1b696130dd57 → pe:tls:SESSION-8e2a1b696130dd57
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.134:asn:262880	host:177.10.233.134 → asn:262880
flow_observed4-aryOBS	e:fo:flow:a86792050fb6	flow:a86792050fb6 → host:172.234.197.23 → host:45.173.156.18 → port:tcp:35407
FLOW_TO_HOSTOBS	e:to:SESSION-3e583d09be0235fc:host:172.234.197.23	SESSION-3e583d09be0235fc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-efcc1618f79daeb7:host:45.173.156.26	SESSION-efcc1618f79daeb7 → host:45.173.156.26
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e63bd10e327c33f1:host:177.10.238.106	SESSION-e63bd10e327c33f1 → host:177.10.238.106
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-05ec7baf0d99b24d:PCAP:capture_20260430070001:903a0e7a436b	SESSION-05ec7baf0d99b24d → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa0381bae4f9498b:host:177.10.239.68	SESSION-aa0381bae4f9498b → host:177.10.239.68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7eecd546334ac489:host:172.234.197.23	SESSION-7eecd546334ac489 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-375dced119266894:SESSION-375dced119266894	SESSION-375dced119266894 → pe:tls:SESSION-375dced119266894
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6353435fcd827ef1:SESSION-6353435fcd827ef1	SESSION-6353435fcd827ef1 → pe:syn:SESSION-6353435fcd827ef1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7d9537ea92aed5d6:SESSION-7d9537ea92aed5d6	SESSION-7d9537ea92aed5d6 → pe:tls:SESSION-7d9537ea92aed5d6
FLOW_TO_HOSTOBS	e:to:SESSION-d52597e88babdbe8:host:131.196.31.217	SESSION-d52597e88babdbe8 → host:131.196.31.217
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0e3916b0aa19b751:SESSION-0e3916b0aa19b751	SESSION-0e3916b0aa19b751 → pe:syn:SESSION-0e3916b0aa19b751
flow_observed5-aryOBS	e:fo:flow:b4f400ee5378	flow:b4f400ee5378 → host:177.10.238.221 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-baf09a66da0e4962:host:172.234.197.23	SESSION-baf09a66da0e4962 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-921389e161f019e9:SESSION-921389e161f019e9	SESSION-921389e161f019e9 → pe:tls:SESSION-921389e161f019e9
flow_observed5-aryOBS	e:fo:flow:f9c407d7f851	flow:f9c407d7f851 → host:131.196.30.162 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.49:geo_-16.28860_-49.01640	host:177.10.233.49 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-f4e3933219f15471:host:172.234.197.23	SESSION-f4e3933219f15471 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31d47da03b5e0774:host:172.234.197.23	SESSION-31d47da03b5e0774 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d0d83e3d3d1fc018:flow:1791685c818a	SESSION-d0d83e3d3d1fc018 → flow:1791685c818a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d798baf71c597a3:host:43.196.88.244	SESSION-2d798baf71c597a3 → host:43.196.88.244
FLOW_DST_PORTOBS	e:fp:flow:0c15eb22a5d3:port:tcp:443	flow:0c15eb22a5d3 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:e8a892fc5820:port:tcp:443	flow:e8a892fc5820 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:d80cf89ab1c3:port:tcp:443	flow:d80cf89ab1c3 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cbaaa2b8364f7158:SESSION-cbaaa2b8364f7158	SESSION-cbaaa2b8364f7158 → pe:syn:SESSION-cbaaa2b8364f7158
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a73f5b0635e28ad4:flow:d56ee3dd8c0b	SESSION-a73f5b0635e28ad4 → flow:d56ee3dd8c0b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e115bc688365a9e7:SESSION-e115bc688365a9e7	SESSION-e115bc688365a9e7 → pe:syn:SESSION-e115bc688365a9e7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.134:geo_-23.62930_-46.63510	host:131.196.31.134 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-802ccc988b65b38c:host:131.196.28.2:host:172.234.197.23	SESSION-802ccc988b65b38c → host:131.196.28.2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9cc387e98cb8cb82:host:172.234.197.23	SESSION-9cc387e98cb8cb82 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-03f351fbd88acdc4:host:172.234.197.23	SESSION-03f351fbd88acdc4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-efd1ddb1a087b877:flow:aae2eedc2eb2	SESSION-efd1ddb1a087b877 → flow:aae2eedc2eb2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8aa4413fe5db5235:SESSION-8aa4413fe5db5235	SESSION-8aa4413fe5db5235 → pe:syn:SESSION-8aa4413fe5db5235
FLOW_DST_PORTOBS	e:fp:flow:f73d7d2f1a01:port:tcp:50416	flow:f73d7d2f1a01 → port:tcp:50416
FLOW_DST_PORTOBS	e:fp:flow:197556b63536:port:tcp:443	flow:197556b63536 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-35e3c61c67455ba8:host:131.196.28.145	SESSION-35e3c61c67455ba8 → host:131.196.28.145
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35dd0088a1238ab9:host:172.234.197.23	SESSION-35dd0088a1238ab9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.12:asn:262880	host:177.10.236.12 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-314616832d67d639:flow:75ceec3cd86b	SESSION-314616832d67d639 → flow:75ceec3cd86b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1f059fe4a40805f2:SESSION-1f059fe4a40805f2	SESSION-1f059fe4a40805f2 → pe:syn:SESSION-1f059fe4a40805f2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e606b3df4d49b4d1:flow:3765ec9be9d5	SESSION-e606b3df4d49b4d1 → flow:3765ec9be9d5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9429230c27071ffa:SESSION-9429230c27071ffa	SESSION-9429230c27071ffa → pe:syn:SESSION-9429230c27071ffa
FLOW_TO_HOSTOBS	e:to:SESSION-0a4b43b46bbfc9c3:host:172.234.197.23	SESSION-0a4b43b46bbfc9c3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5a4d952075d0ee24:host:172.234.197.23	SESSION-5a4d952075d0ee24 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b5ddc9130fa518dc:host:177.10.236.164	SESSION-b5ddc9130fa518dc → host:177.10.236.164
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c828adcf318b7963:flow:0afb774e9b77	SESSION-c828adcf318b7963 → flow:0afb774e9b77
FLOW_FROM_HOSTOBS	e:from:SESSION-86f48b7df98fd466:host:177.10.234.252	SESSION-86f48b7df98fd466 → host:177.10.234.252
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fa49e5af791c6122:SESSION-fa49e5af791c6122	SESSION-fa49e5af791c6122 → pe:syn:SESSION-fa49e5af791c6122
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.18:asn:271410	host:131.196.31.18 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf8660b1b7ea6f50:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-bf8660b1b7ea6f50 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:e0aacc449aaf:port:tcp:443	flow:e0aacc449aaf → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0b2db5b5e20e8c4e:host:172.234.197.23:host:172.232.0.17	SESSION-0b2db5b5e20e8c4e → host:172.234.197.23 → host:172.232.0.17
FLOW_FROM_HOSTOBS	e:from:SESSION-fa9d2876c7b3abea:host:177.10.235.64	SESSION-fa9d2876c7b3abea → host:177.10.235.64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8e1fcfb1c4254c4b:SESSION-8e1fcfb1c4254c4b	SESSION-8e1fcfb1c4254c4b → pe:syn:SESSION-8e1fcfb1c4254c4b
FLOW_DST_PORTOBS	e:fp:flow:9777e38d6ca3:port:tcp:443	flow:9777e38d6ca3 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ce76aef4cf62c0f:host:172.234.197.23	SESSION-9ce76aef4cf62c0f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e66594520e7edee5:PCAP:capture_20260430150001:ded20914761d	SESSION-e66594520e7edee5 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:c26cdc0c5253:port:tcp:443	flow:c26cdc0c5253 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-7f971b95dedbfd9a:host:172.234.197.23	SESSION-7f971b95dedbfd9a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2e85a67565660f7c:PCAP:capture_20260430150001:ded20914761d	SESSION-2e85a67565660f7c → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-85483e16d9e2576e:SESSION-85483e16d9e2576e	SESSION-85483e16d9e2576e → pe:tls:SESSION-85483e16d9e2576e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3ea63b0a223461f6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3ea63b0a223461f6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-352a47a3f8b3882e:PCAP:capture_20260430050001:8868731bf8a4	SESSION-352a47a3f8b3882e → PCAP:capture_20260430050001:8868731bf8a4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.250:asn:271410	host:131.196.31.250 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e699a2f9558bf8d:host:172.234.197.23	SESSION-1e699a2f9558bf8d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e067a71c5ba5:port:tcp:443	flow:e067a71c5ba5 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2625555cac004c06:host:131.196.31.104	SESSION-2625555cac004c06 → host:131.196.31.104
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1433a266c3f7170c:flow:0f65dad4c09c	SESSION-1433a266c3f7170c → flow:0f65dad4c09c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-24ac712a23adf430:SESSION-24ac712a23adf430	SESSION-24ac712a23adf430 → pe:tls:SESSION-24ac712a23adf430
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b47e385ca946fd94:SESSION-b47e385ca946fd94	SESSION-b47e385ca946fd94 → pe:syn:SESSION-b47e385ca946fd94
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.225:geo_-21.10010_-41.69200	host:45.173.156.225 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7f9cc68ffb76114:host:172.234.197.23	SESSION-b7f9cc68ffb76114 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b63214403b2d20c7:host:177.10.239.237	SESSION-b63214403b2d20c7 → host:177.10.239.237
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6c0d18b24ee9d3d4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6c0d18b24ee9d3d4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-70cb56f6bea3d067:SESSION-70cb56f6bea3d067	SESSION-70cb56f6bea3d067 → pe:tls:SESSION-70cb56f6bea3d067
FLOW_FROM_HOSTOBS	e:from:SESSION-8f5e9ebe80065c9c:host:177.10.236.206	SESSION-8f5e9ebe80065c9c → host:177.10.236.206
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.66:geo_-16.28860_-49.01640	host:177.10.237.66 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa49e5af791c6122:host:172.234.197.23	SESSION-fa49e5af791c6122 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ce53b2931ed237cb:host:172.234.197.23	SESSION-ce53b2931ed237cb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3cd15ae05af1e0a:host:177.10.235.68	SESSION-c3cd15ae05af1e0a → host:177.10.235.68
FLOW_DST_PORTOBS	e:fp:flow:d4a20519f18b:port:tcp:443	flow:d4a20519f18b → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:11405b7410bd	flow:11405b7410bd → host:172.234.197.23 → host:131.196.28.174 → port:tcp:21201
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d27008d937f2d8be:host:177.10.234.142	SESSION-d27008d937f2d8be → host:177.10.234.142
FLOW_FROM_HOSTOBS	e:from:SESSION-ca5156d485d150e2:host:172.234.197.23	SESSION-ca5156d485d150e2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b048d8915129480a:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b048d8915129480a → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-829f75d99e4943bf:host:177.10.235.5	SESSION-829f75d99e4943bf → host:177.10.235.5
flow_observed5-aryOBS	e:fo:flow:d2dfda47f669	flow:d2dfda47f669 → host:177.10.236.205 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-44d3fd3ee1d51da1:host:172.234.197.23	SESSION-44d3fd3ee1d51da1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e4b14eb8b6ee95ef:host:172.234.197.23	SESSION-e4b14eb8b6ee95ef → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-44c3a4d4ec5442f2:host:177.10.236.201	SESSION-44c3a4d4ec5442f2 → host:177.10.236.201
FLOW_DST_PORTOBS	e:fp:flow:cb8516635eb4:port:tcp:443	flow:cb8516635eb4 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-29bd7d52bed21c18:flow:cc19df9248ba	SESSION-29bd7d52bed21c18 → flow:cc19df9248ba
FLOW_FROM_HOSTOBS	e:from:SESSION-e8f7d68f255e7d9c:host:172.234.197.23	SESSION-e8f7d68f255e7d9c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e853a157c23802e1:SESSION-e853a157c23802e1	SESSION-e853a157c23802e1 → pe:syn:SESSION-e853a157c23802e1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d673ded8fa5efc5:host:177.10.237.80	SESSION-4d673ded8fa5efc5 → host:177.10.237.80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb7dd74b64c1f7c7:SESSION-cb7dd74b64c1f7c7	SESSION-cb7dd74b64c1f7c7 → pe:syn:SESSION-cb7dd74b64c1f7c7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ead5791c5617fb56:host:172.234.197.23	SESSION-ead5791c5617fb56 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4bee67245b0f1ffd:flow:23940c26d681	SESSION-4bee67245b0f1ffd → flow:23940c26d681
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7eb452f0b60197b3:SESSION-7eb452f0b60197b3	SESSION-7eb452f0b60197b3 → pe:syn:SESSION-7eb452f0b60197b3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-caaa6bcaac59e7b9:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-caaa6bcaac59e7b9 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-55d5dc737e01c0f7:PCAP:capture_20260428010001:b1b402c7b202	SESSION-55d5dc737e01c0f7 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b6ebe77d02701b58:flow:dfeeec60d377	SESSION-b6ebe77d02701b58 → flow:dfeeec60d377
FLOW_TO_HOSTOBS	e:to:SESSION-4235901c81cb167b:host:172.232.0.16	SESSION-4235901c81cb167b → host:172.232.0.16
FLOW_FROM_HOSTOBS	e:from:SESSION-e2b1b7c009dcf05e:host:172.234.197.23	SESSION-e2b1b7c009dcf05e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86feda8665cc2010:host:45.173.156.150	SESSION-86feda8665cc2010 → host:45.173.156.150
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1241ed8a2f02aa7:host:172.234.197.23	SESSION-a1241ed8a2f02aa7 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:054340c43d7f	flow:054340c43d7f → host:172.234.197.23 → host:177.10.235.230 → port:tcp:51880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.252:geo_-16.28860_-49.01640	host:177.10.235.252 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0ffe1a7a04c39301:host:172.234.197.23:host:177.10.234.38	SESSION-0ffe1a7a04c39301 → host:172.234.197.23 → host:177.10.234.38
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5b79680f4b436a5:host:172.234.197.23	SESSION-b5b79680f4b436a5 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-aa574f1f11f5b30b:host:172.234.197.23	SESSION-aa574f1f11f5b30b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-b304bd763b72b95f:SESSION-b304bd763b72b95f	SESSION-b304bd763b72b95f → pe:rst:SESSION-b304bd763b72b95f
FLOW_DST_PORTOBS	e:fp:flow:ec21a296c078:port:tcp:443	flow:ec21a296c078 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.235:asn:203771	host:31.40.196.235 → asn:203771
FLOW_QUERIED_DNSOBS	e:fd:flow:7a9e45f4aff9:dns:172-234-197-23.ip.linodeusercontent.com	flow:7a9e45f4aff9 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e15824f9dd78d2b4:flow:27e848fcece9	SESSION-e15824f9dd78d2b4 → flow:27e848fcece9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d8801f02b141d30:host:172.234.197.23	SESSION-0d8801f02b141d30 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-592321b004976459:host:172.234.197.23:host:177.10.239.190	SESSION-592321b004976459 → host:172.234.197.23 → host:177.10.239.190
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-19fcdbc3c5b0e100:SESSION-19fcdbc3c5b0e100	SESSION-19fcdbc3c5b0e100 → pe:syn:SESSION-19fcdbc3c5b0e100
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6b4f32c5c51558e8:host:177.10.237.24:host:172.234.197.23	SESSION-6b4f32c5c51558e8 → host:177.10.237.24 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-319dd83e6310ac59:SESSION-319dd83e6310ac59	SESSION-319dd83e6310ac59 → pe:syn:SESSION-319dd83e6310ac59
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-275d804358752875:flow:6f014e747003	SESSION-275d804358752875 → flow:6f014e747003
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-492b019ad94826ae:host:131.196.31.136	SESSION-492b019ad94826ae → host:131.196.31.136
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dad0ff120323eed1:SESSION-dad0ff120323eed1	SESSION-dad0ff120323eed1 → pe:tls:SESSION-dad0ff120323eed1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4b8f135d82b00569:PCAP:capture_20260430070001:903a0e7a436b	SESSION-4b8f135d82b00569 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:dbade0df5981:port:tcp:443	flow:dbade0df5981 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85f4ab9e3ed21fa2:host:177.10.235.212:host:172.234.197.23	SESSION-85f4ab9e3ed21fa2 → host:177.10.235.212 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:98f29b91e66a	flow:98f29b91e66a → host:177.10.238.91 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7f4f84053ddcae3c:SESSION-7f4f84053ddcae3c	SESSION-7f4f84053ddcae3c → pe:tls:SESSION-7f4f84053ddcae3c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-33075a11d7099c2b:SESSION-33075a11d7099c2b	SESSION-33075a11d7099c2b → pe:tls:SESSION-33075a11d7099c2b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-10bd62a158add0c4:flow:e48740498ad9	SESSION-10bd62a158add0c4 → flow:e48740498ad9
FLOW_TO_HOSTOBS	e:to:SESSION-a5643c60889fe0da:host:131.196.30.187	SESSION-a5643c60889fe0da → host:131.196.30.187
flow_observed5-aryOBS	e:fo:flow:ae154a35ce42	flow:ae154a35ce42 → host:45.173.156.84 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.172:geo_-16.28860_-49.01640	host:177.10.233.172 → geo_-16.28860_-49.01640
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-c491b8c96ce6e8c2:BSG-DATA_EXFIL-6b08553366a0	SESSION-c491b8c96ce6e8c2 → BSG-DATA_EXFIL-6b08553366a0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-60281e53e47bfb2b:flow:efeaf9943020	SESSION-60281e53e47bfb2b → flow:efeaf9943020
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e632e9ec3b8d735c:SESSION-e632e9ec3b8d735c	SESSION-e632e9ec3b8d735c → pe:tls:SESSION-e632e9ec3b8d735c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a4167334bdfae4b6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a4167334bdfae4b6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cf2d710eb7a0f34a:flow:2b94ecd8e2fd	SESSION-cf2d710eb7a0f34a → flow:2b94ecd8e2fd
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.180:geo_-16.28860_-49.01640	host:177.10.238.180 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:0699a99fcbbc:port:tcp:443	flow:0699a99fcbbc → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9072e99a39ab8173:host:45.173.156.61:host:172.234.197.23	SESSION-9072e99a39ab8173 → host:45.173.156.61 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-12c594123030dc05:PCAP:capture_20260430070001:903a0e7a436b	SESSION-12c594123030dc05 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-3a3b20edc3bf85f8:host:172.234.197.23	SESSION-3a3b20edc3bf85f8 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.33:geo_41.00190_28.96450	host:92.112.71.33 → geo_41.00190_28.96450
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-350febc37b3f152d:flow:7d70f7a84199	SESSION-350febc37b3f152d → flow:7d70f7a84199
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-02999fe2096ad39b:SESSION-02999fe2096ad39b	SESSION-02999fe2096ad39b → pe:tls:SESSION-02999fe2096ad39b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c59147b81bc92a14:host:177.10.234.239	SESSION-c59147b81bc92a14 → host:177.10.234.239
flow_observed5-aryOBS	e:fo:flow:b955ab4d2cb1	flow:b955ab4d2cb1 → host:177.10.232.226 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7ee8538a8ddcb6ee:host:172.234.197.23:host:177.10.239.221	SESSION-7ee8538a8ddcb6ee → host:172.234.197.23 → host:177.10.239.221
flow_observed4-aryOBS	e:fo:flow:83f6df2d4e8a	flow:83f6df2d4e8a → host:172.234.197.23 → host:177.10.237.192 → port:tcp:24975
FLOW_FROM_HOSTOBS	e:from:SESSION-83d893adc4ebe669:host:172.234.197.23	SESSION-83d893adc4ebe669 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-36f959353527c71a:host:131.196.29.148	SESSION-36f959353527c71a → host:131.196.29.148
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ef18db4a9eedd9d:host:172.234.197.23:host:131.196.29.139	SESSION-2ef18db4a9eedd9d → host:172.234.197.23 → host:131.196.29.139
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67e4e454d5bff348:host:131.196.28.35	SESSION-67e4e454d5bff348 → host:131.196.28.35
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c1947a05c179b1d2:flow:f617ae242ef6	SESSION-c1947a05c179b1d2 → flow:f617ae242ef6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-17133b7d31116a9e:host:172.234.197.23:host:45.173.156.170	SESSION-17133b7d31116a9e → host:172.234.197.23 → host:45.173.156.170
FLOW_TO_HOSTOBS	e:to:SESSION-b4e8d87fd06149df:host:131.196.29.232	SESSION-b4e8d87fd06149df → host:131.196.29.232
FLOW_DST_PORTOBS	e:fp:flow:a5cf2da74863:port:tcp:80	flow:a5cf2da74863 → port:tcp:80
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-bfe3e48aa982c746:BSG-BEACON-dcf3a82bd112	SESSION-bfe3e48aa982c746 → BSG-BEACON-dcf3a82bd112
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d1e0a6d0f6eee882:SESSION-d1e0a6d0f6eee882	SESSION-d1e0a6d0f6eee882 → pe:syn:SESSION-d1e0a6d0f6eee882
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.68:geo_-16.28860_-49.01640	host:177.10.235.68 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b91cc7f2039924f2:SESSION-b91cc7f2039924f2	SESSION-b91cc7f2039924f2 → pe:tls:SESSION-b91cc7f2039924f2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-484d7e89f92d0359:PCAP:capture_20260430080001:93f47cc296a4	SESSION-484d7e89f92d0359 → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:2.57.122.196:asn:47890	host:2.57.122.196 → asn:47890
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-342ba7535c6572a7:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-342ba7535c6572a7 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f9bec963f9028f2:host:172.234.197.23	SESSION-7f9bec963f9028f2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c54c8f2f9fead0c6:flow:a98344343537	SESSION-c54c8f2f9fead0c6 → flow:a98344343537
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d1c9303996834523:SESSION-d1c9303996834523	SESSION-d1c9303996834523 → pe:tls:SESSION-d1c9303996834523
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-76b86119fe5d0a6f:SESSION-76b86119fe5d0a6f	SESSION-76b86119fe5d0a6f → pe:tls:SESSION-76b86119fe5d0a6f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-8d58c039fa1a1304:SESSION-8d58c039fa1a1304	SESSION-8d58c039fa1a1304 → pe:dns:SESSION-8d58c039fa1a1304
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f0b6872bf6474c44:flow:d5d20e36d494	SESSION-f0b6872bf6474c44 → flow:d5d20e36d494
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54da05b162213325:host:172.234.197.23	SESSION-54da05b162213325 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f42753b09b481d7e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-f42753b09b481d7e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-396da887f3ac73e5:host:172.234.197.23	SESSION-396da887f3ac73e5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e83a493a000d:port:tcp:443	flow:e83a493a000d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-527af3b786e52b88:host:172.234.197.23	SESSION-527af3b786e52b88 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e529f6ef28aca515:host:131.196.28.125	SESSION-e529f6ef28aca515 → host:131.196.28.125
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-69461a2f3e15a448:SESSION-69461a2f3e15a448	SESSION-69461a2f3e15a448 → pe:syn:SESSION-69461a2f3e15a448
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.35:geo_-16.28860_-49.01640	host:177.10.237.35 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.190:geo_-16.28860_-49.01640	host:177.10.232.190 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8977638e8d6c6909:host:177.10.239.206:host:172.234.197.23	SESSION-8977638e8d6c6909 → host:177.10.239.206 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7845496c0c03c20:host:131.196.29.93	SESSION-b7845496c0c03c20 → host:131.196.29.93
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.143:geo_-16.28860_-49.01640	host:177.10.234.143 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-304db5c18798dbb4:host:172.234.197.23:host:131.196.29.105	SESSION-304db5c18798dbb4 → host:172.234.197.23 → host:131.196.29.105
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3f426eb3b5d19b7:host:177.10.234.119	SESSION-c3f426eb3b5d19b7 → host:177.10.234.119
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3f48cf8f11b8f73e:flow:0b5125f695b7	SESSION-3f48cf8f11b8f73e → flow:0b5125f695b7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a4f6dd7436745b4:SESSION-4a4f6dd7436745b4	SESSION-4a4f6dd7436745b4 → pe:tls:SESSION-4a4f6dd7436745b4
FLOW_FROM_HOSTOBS	e:from:SESSION-b07a5e743a2061fa:host:131.196.29.209	SESSION-b07a5e743a2061fa → host:131.196.29.209
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65f6be25ebaee411:SESSION-65f6be25ebaee411	SESSION-65f6be25ebaee411 → pe:syn:SESSION-65f6be25ebaee411
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-86f90a53110dcf25:host:177.10.237.28:host:172.234.197.23	SESSION-86f90a53110dcf25 → host:177.10.237.28 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7037fa1e0334ef5:SESSION-b7037fa1e0334ef5	SESSION-b7037fa1e0334ef5 → pe:syn:SESSION-b7037fa1e0334ef5
flow_observed4-aryOBS	e:fo:flow:8801f7aa7326	flow:8801f7aa7326 → host:172.234.197.23 → host:177.10.237.79 → port:tcp:39538
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.235:asn:262880	host:177.10.239.235 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-474ea5236769f0a3:host:131.196.29.196	SESSION-474ea5236769f0a3 → host:131.196.29.196
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.228:asn:271410	host:131.196.29.228 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-099b4106de78317b:host:177.10.234.43	SESSION-099b4106de78317b → host:177.10.234.43
FLOW_TO_HOSTOBS	e:to:SESSION-cc35857ee3808de8:host:172.234.197.23	SESSION-cc35857ee3808de8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-65d310d8fe50c39e:host:177.10.234.230	SESSION-65d310d8fe50c39e → host:177.10.234.230
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c430ce1d88348c67:host:172.234.197.23	SESSION-c430ce1d88348c67 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-791eac8e49df4e5d:host:131.196.30.66:host:172.234.197.23	SESSION-791eac8e49df4e5d → host:131.196.30.66 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6cbb8d1d16f40477:SESSION-6cbb8d1d16f40477	SESSION-6cbb8d1d16f40477 → pe:tls:SESSION-6cbb8d1d16f40477
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-884df81342ed3b04:host:172.234.197.23	SESSION-884df81342ed3b04 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-276035998be5d0c6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-276035998be5d0c6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-686bda995aabc86f:SESSION-686bda995aabc86f	SESSION-686bda995aabc86f → pe:syn:SESSION-686bda995aabc86f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a73f5b0635e28ad4:PCAP:capture_20260430050001:8868731bf8a4	SESSION-a73f5b0635e28ad4 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96d412735d478f25:host:131.196.30.183:host:172.234.197.23	SESSION-96d412735d478f25 → host:131.196.30.183 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dd8a89b380cdaceb:SESSION-dd8a89b380cdaceb	SESSION-dd8a89b380cdaceb → pe:syn:SESSION-dd8a89b380cdaceb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a516ba4c4f8948a0:host:177.10.236.236:host:172.234.197.23	SESSION-a516ba4c4f8948a0 → host:177.10.236.236 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.162:asn:262880	host:177.10.237.162 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-4da5ddbc1348c177:host:172.234.197.23	SESSION-4da5ddbc1348c177 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a117da50f6c2c30f:host:131.196.31.42	SESSION-a117da50f6c2c30f → host:131.196.31.42
FLOW_DST_PORTOBS	e:fp:flow:139d27eec0b8:port:tcp:443	flow:139d27eec0b8 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.101:asn:262880	host:177.10.233.101 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-b9574d05ba0801a5:host:95.170.25.192	SESSION-b9574d05ba0801a5 → host:95.170.25.192
FLOW_DST_PORTOBS	e:fp:flow:ce541888aeb1:port:tcp:443	flow:ce541888aeb1 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5167ceabb03264f1:SESSION-5167ceabb03264f1	SESSION-5167ceabb03264f1 → pe:syn:SESSION-5167ceabb03264f1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-25a3718851106c53:SESSION-25a3718851106c53	SESSION-25a3718851106c53 → pe:tls:SESSION-25a3718851106c53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5643c60889fe0da:host:131.196.30.187	SESSION-a5643c60889fe0da → host:131.196.30.187
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ccbfb0ac760822d:flow:273d8d2012ce	SESSION-5ccbfb0ac760822d → flow:273d8d2012ce
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fd2e4550d5ebaf09:flow:ff07c644ba1f	SESSION-fd2e4550d5ebaf09 → flow:ff07c644ba1f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.206:geo_-16.28860_-49.01640	host:177.10.239.206 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aee71e8cd1625550:SESSION-aee71e8cd1625550	SESSION-aee71e8cd1625550 → pe:syn:SESSION-aee71e8cd1625550
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e4e6682786f65470:SESSION-e4e6682786f65470	SESSION-e4e6682786f65470 → pe:syn:SESSION-e4e6682786f65470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07ba7d1d1566dce2:host:37.221.79.130	SESSION-07ba7d1d1566dce2 → host:37.221.79.130
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8dff22511e3d5727:host:172.234.197.23	SESSION-8dff22511e3d5727 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb7db2afd613f778:SESSION-cb7db2afd613f778	SESSION-cb7db2afd613f778 → pe:tls:SESSION-cb7db2afd613f778
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-656bb895abc59727:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-656bb895abc59727 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8e3ae4e48a37cfd6:host:131.196.31.183:host:172.234.197.23	SESSION-8e3ae4e48a37cfd6 → host:131.196.31.183 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4d673ded8fa5efc5:PCAP:capture_20260430080001:93f47cc296a4	SESSION-4d673ded8fa5efc5 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1be36b841cb9bb38:SESSION-1be36b841cb9bb38	SESSION-1be36b841cb9bb38 → pe:syn:SESSION-1be36b841cb9bb38
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-49652bb4e1e9db35:host:31.40.196.96:host:172.234.197.23	SESSION-49652bb4e1e9db35 → host:31.40.196.96 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1dce484c4ff7	flow:1dce484c4ff7 → host:131.196.31.61 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-48bb234f8161dc4f:host:172.234.197.23	SESSION-48bb234f8161dc4f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4a17e20e34301cc9:host:172.234.197.23	SESSION-4a17e20e34301cc9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-48bb234f8161dc4f:flow:d99324379975	SESSION-48bb234f8161dc4f → flow:d99324379975
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4db42491c04de440:flow:39685dbf6c4f	SESSION-4db42491c04de440 → flow:39685dbf6c4f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f7bf4f785679ea3b:flow:a07aacbe73d0	SESSION-f7bf4f785679ea3b → flow:a07aacbe73d0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-753bfef963e546aa:SESSION-753bfef963e546aa	SESSION-753bfef963e546aa → pe:tls:SESSION-753bfef963e546aa
flow_observed5-aryOBS	e:fo:flow:f04fde117157	flow:f04fde117157 → host:131.196.30.145 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-49652bb4e1e9db35:SESSION-49652bb4e1e9db35	SESSION-49652bb4e1e9db35 → pe:tls:SESSION-49652bb4e1e9db35
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-193ccf82e1088d1d:host:177.10.239.18	SESSION-193ccf82e1088d1d → host:177.10.239.18
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4fd5cc70e8cf2108:host:177.10.233.230	SESSION-4fd5cc70e8cf2108 → host:177.10.233.230
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-472adb1eeb20f880:flow:a7f663752ab6	SESSION-472adb1eeb20f880 → flow:a7f663752ab6
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.184:asn:271410	host:131.196.30.184 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c7c9a5d15324e2ea:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-c7c9a5d15324e2ea → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7a301fd9da8621bb:SESSION-7a301fd9da8621bb	SESSION-7a301fd9da8621bb → pe:tls:SESSION-7a301fd9da8621bb
flow_observed5-aryOBS	e:fo:flow:8ab7e6316a87	flow:8ab7e6316a87 → host:177.10.233.10 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cddd8421db4c97d9:host:177.10.237.169:host:172.234.197.23	SESSION-cddd8421db4c97d9 → host:177.10.237.169 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d47d434116add089:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d47d434116add089 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ac69dcbefbb93dfd:SESSION-ac69dcbefbb93dfd	SESSION-ac69dcbefbb93dfd → pe:syn:SESSION-ac69dcbefbb93dfd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-efd1ddb1a087b877:PCAP:capture_20260430110001:43611bdf6759	SESSION-efd1ddb1a087b877 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d5cd00671f435cc6:PCAP:capture_20260430060001:919b39a74464	SESSION-d5cd00671f435cc6 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-4933624db1b9ac84:host:177.10.239.93	SESSION-4933624db1b9ac84 → host:177.10.239.93
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ac058e9f0280088:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-2ac058e9f0280088 → PCAP:capture_20260427220001:43a3d6220bc6
FLOW_FROM_HOSTOBS	e:from:SESSION-b60a9d1a25ff8255:host:131.196.29.122	SESSION-b60a9d1a25ff8255 → host:131.196.29.122
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf1d5c3c8737f760:host:177.10.235.153	SESSION-bf1d5c3c8737f760 → host:177.10.235.153
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.58:geo_-16.28860_-49.01640	host:177.10.239.58 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-be622897972653aa:SESSION-be622897972653aa	SESSION-be622897972653aa → pe:rst:SESSION-be622897972653aa
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-919ba311fe0cedbc:host:131.196.30.64:host:172.234.197.23	SESSION-919ba311fe0cedbc → host:131.196.30.64 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3931cb15b35f138a:host:172.234.197.23	SESSION-3931cb15b35f138a → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:c796175077a2	flow:c796175077a2 → host:172.234.197.23 → host:177.10.234.74 → port:tcp:7663
FLOW_TO_HOSTOBS	e:to:SESSION-352a47a3f8b3882e:host:177.10.237.60	SESSION-352a47a3f8b3882e → host:177.10.237.60
FLOW_FROM_HOSTOBS	e:from:SESSION-acada2cd7035c790:host:177.10.232.212	SESSION-acada2cd7035c790 → host:177.10.232.212
FLOW_FROM_HOSTOBS	e:from:SESSION-cc77084e1c24867c:host:177.10.234.103	SESSION-cc77084e1c24867c → host:177.10.234.103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf1d5c3c8737f760:host:172.234.197.23	SESSION-bf1d5c3c8737f760 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b0233a0286136dd2:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b0233a0286136dd2 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fa31db6279a0e7c:host:131.196.28.37	SESSION-1fa31db6279a0e7c → host:131.196.28.37
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ffc31ee499a3f223:PCAP:capture_20260430110001:43611bdf6759	SESSION-ffc31ee499a3f223 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95c23d407c86213b:host:172.234.197.23	SESSION-95c23d407c86213b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e4cb96e9954f000:host:177.10.235.87	SESSION-2e4cb96e9954f000 → host:177.10.235.87
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.193:geo_-16.28860_-49.01640	host:177.10.235.193 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6430336fded9a803:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6430336fded9a803 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1e2a6d6aa009e10c:SESSION-1e2a6d6aa009e10c	SESSION-1e2a6d6aa009e10c → pe:tls:SESSION-1e2a6d6aa009e10c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-61e3533744fe7104:host:177.10.235.24	SESSION-61e3533744fe7104 → host:177.10.235.24
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0844998e370f9b20:flow:625b35d276e8	SESSION-0844998e370f9b20 → flow:625b35d276e8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-09e72a02b44d9649:SESSION-09e72a02b44d9649	SESSION-09e72a02b44d9649 → pe:tls:SESSION-09e72a02b44d9649
flow_observed5-aryOBS	e:fo:flow:ee3db2b4dc4c	flow:ee3db2b4dc4c → host:131.196.29.215 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86951cb3218963fd:host:172.234.197.23	SESSION-86951cb3218963fd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52e1254f2f15b333:host:172.234.197.23	SESSION-52e1254f2f15b333 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09c382be05e629ee:host:172.234.197.23	SESSION-09c382be05e629ee → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-28af2e1f4e778075:SESSION-28af2e1f4e778075	SESSION-28af2e1f4e778075 → pe:tls:SESSION-28af2e1f4e778075
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b73ad2a19ec53d4:flow:0b4dff132ea3	SESSION-5b73ad2a19ec53d4 → flow:0b4dff132ea3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e49a14deb2e22da:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-4e49a14deb2e22da → PCAP:capture_20260427230001:ca8bd1ce36e2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-586aad203217304c:SESSION-586aad203217304c	SESSION-586aad203217304c → pe:syn:SESSION-586aad203217304c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-05ec7baf0d99b24d:SESSION-05ec7baf0d99b24d	SESSION-05ec7baf0d99b24d → pe:tls:SESSION-05ec7baf0d99b24d
FLOW_DST_PORTOBS	e:fp:flow:6b27cbf98b5b:port:tcp:443	flow:6b27cbf98b5b → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:e83a493a000d	flow:e83a493a000d → host:177.10.235.186 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-213b6cb7e75b87f2:PCAP:capture_20260430090001:065659c7d314	SESSION-213b6cb7e75b87f2 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:7fd257e9ad8f	flow:7fd257e9ad8f → host:103.230.240.59 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-45775bc626dbc608:host:172.234.197.23	SESSION-45775bc626dbc608 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eb2fd2ce02add556:host:45.173.156.13:host:172.234.197.23	SESSION-eb2fd2ce02add556 → host:45.173.156.13 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a3e524c73cd89280:host:172.234.197.23:host:177.10.234.189	SESSION-a3e524c73cd89280 → host:172.234.197.23 → host:177.10.234.189
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4eec40051c49c7bf:flow:fd218fb5fdef	SESSION-4eec40051c49c7bf → flow:fd218fb5fdef
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6c5381aaad8fa568:PCAP:capture_20260430090001:065659c7d314	SESSION-6c5381aaad8fa568 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-164d60043533ec4c:host:172.234.197.23:host:177.10.237.143	SESSION-164d60043533ec4c → host:172.234.197.23 → host:177.10.237.143
FLOW_TO_HOSTOBS	e:to:SESSION-bcb514f388fb99c6:host:172.234.197.23	SESSION-bcb514f388fb99c6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-481702f1e56ec074:host:177.10.239.167	SESSION-481702f1e56ec074 → host:177.10.239.167
FLOW_TO_HOSTOBS	e:to:SESSION-cf669240db189a71:host:177.10.237.12	SESSION-cf669240db189a71 → host:177.10.237.12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-da3b2b353303e8e1:SESSION-da3b2b353303e8e1	SESSION-da3b2b353303e8e1 → pe:tls:SESSION-da3b2b353303e8e1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-370545020cd57187:SESSION-370545020cd57187	SESSION-370545020cd57187 → pe:tls:SESSION-370545020cd57187
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.101:asn:271410	host:131.196.29.101 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-21cca31493e9287d:flow:d79939a9c159	SESSION-21cca31493e9287d → flow:d79939a9c159
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-30052afb1f0268ab:SESSION-30052afb1f0268ab	SESSION-30052afb1f0268ab → pe:rst:SESSION-30052afb1f0268ab
FLOW_FROM_HOSTOBS	e:from:SESSION-fcb174e83803b1f7:host:131.196.29.85	SESSION-fcb174e83803b1f7 → host:131.196.29.85
FLOW_FROM_HOSTOBS	e:from:SESSION-c652a29a62d722ea:host:54.91.240.230	SESSION-c652a29a62d722ea → host:54.91.240.230
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ffa027db374a629:host:172.234.197.23	SESSION-9ffa027db374a629 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9dcf6e772a239b46:SESSION-9dcf6e772a239b46	SESSION-9dcf6e772a239b46 → pe:tls:SESSION-9dcf6e772a239b46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8cf2e3dd1491b22c:host:172.234.197.23	SESSION-8cf2e3dd1491b22c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-22f2328c9f1b641e:host:172.234.197.23	SESSION-22f2328c9f1b641e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-045b8a3eae800458:flow:816aac7e5fac	SESSION-045b8a3eae800458 → flow:816aac7e5fac
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-1057767eda3c24b1:BSG-BEACON-a1a38dfffb73	SESSION-1057767eda3c24b1 → BSG-BEACON-a1a38dfffb73
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7e06a830af01410:host:172.234.197.23:host:131.196.28.164	SESSION-b7e06a830af01410 → host:172.234.197.23 → host:131.196.28.164
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:34.231.77.232:geo_39.04690_-77.49030	host:34.231.77.232 → geo_39.04690_-77.49030
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.5:asn:271410	host:131.196.31.5 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-6e3139069f2c261e:host:172.234.197.23	SESSION-6e3139069f2c261e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fb971e48f4a1e66e:host:177.10.235.202	SESSION-fb971e48f4a1e66e → host:177.10.235.202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ffb3444ca3f5caf:SESSION-1ffb3444ca3f5caf	SESSION-1ffb3444ca3f5caf → pe:tls:SESSION-1ffb3444ca3f5caf
FLOW_DST_PORTOBS	e:fp:flow:5468bb482602:port:tcp:49512	flow:5468bb482602 → port:tcp:49512
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ac9ecab386602d8f:SESSION-ac9ecab386602d8f	SESSION-ac9ecab386602d8f → pe:tls:SESSION-ac9ecab386602d8f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b07a5e743a2061fa:PCAP:capture_20260430160001:9bfa4498506a	SESSION-b07a5e743a2061fa → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e91394d00b664372:SESSION-e91394d00b664372	SESSION-e91394d00b664372 → pe:syn:SESSION-e91394d00b664372
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e2a1b696130dd57:host:177.10.235.241	SESSION-8e2a1b696130dd57 → host:177.10.235.241
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-81c8b3fdf002e09e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-81c8b3fdf002e09e → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.69:asn:262880	host:177.10.239.69 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:63f3b7f9b67e:port:tcp:443	flow:63f3b7f9b67e → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6350f63c148b5b0b:flow:7015af75baa6	SESSION-6350f63c148b5b0b → flow:7015af75baa6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8ffffed45ee6ab8:host:172.234.197.23	SESSION-f8ffffed45ee6ab8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed59d63ff912d69c:host:177.10.238.50	SESSION-ed59d63ff912d69c → host:177.10.238.50
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-36f4c424d3b5f86e:SESSION-36f4c424d3b5f86e	SESSION-36f4c424d3b5f86e → pe:syn:SESSION-36f4c424d3b5f86e
flow_observed5-aryOBS	e:fo:flow:fe55cb260818	flow:fe55cb260818 → host:37.221.79.198 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-d0835843463ad3c8:host:172.234.197.23	SESSION-d0835843463ad3c8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29162d9ed8336732:host:177.10.232.83	SESSION-29162d9ed8336732 → host:177.10.232.83
flow_observed5-aryOBS	e:fo:flow:2cea5d283468	flow:2cea5d283468 → host:131.196.29.244 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-41b7279875030e7d:host:172.234.197.23	SESSION-41b7279875030e7d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9eddb8081d100874:host:172.234.197.23:host:172.232.0.17	SESSION-9eddb8081d100874 → host:172.234.197.23 → host:172.232.0.17
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8cb5f38c68f62897:host:177.10.236.215:host:172.234.197.23	SESSION-8cb5f38c68f62897 → host:177.10.236.215 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1fa31db6279a0e7c:SESSION-1fa31db6279a0e7c	SESSION-1fa31db6279a0e7c → pe:tls:SESSION-1fa31db6279a0e7c
FLOW_FROM_HOSTOBS	e:from:SESSION-619cd2820aafdf33:host:172.234.197.23	SESSION-619cd2820aafdf33 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-677c9237241fc75d:host:172.234.197.23	SESSION-677c9237241fc75d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c2bdd821ab6e9acc:flow:02c86af336eb	SESSION-c2bdd821ab6e9acc → flow:02c86af336eb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7f44cd8b141a7b5c:SESSION-7f44cd8b141a7b5c	SESSION-7f44cd8b141a7b5c → pe:syn:SESSION-7f44cd8b141a7b5c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e41fa1676c790d65:PCAP:capture_20260430070001:903a0e7a436b	SESSION-e41fa1676c790d65 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fa6f99be6bce12b0:SESSION-fa6f99be6bce12b0	SESSION-fa6f99be6bce12b0 → pe:syn:SESSION-fa6f99be6bce12b0
FLOW_FROM_HOSTOBS	e:from:SESSION-c54b7fde1829c775:host:131.196.28.231	SESSION-c54b7fde1829c775 → host:131.196.28.231
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86f48b7df98fd466:host:177.10.234.252	SESSION-86f48b7df98fd466 → host:177.10.234.252
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f15dcbaf5ef33ebd:flow:2b887733bd54	SESSION-f15dcbaf5ef33ebd → flow:2b887733bd54
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7ad60f3efcde14b7:PCAP:capture_20260430070001:903a0e7a436b	SESSION-7ad60f3efcde14b7 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-a47ed447671c9b0b:host:172.234.197.23	SESSION-a47ed447671c9b0b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d11d527af6d7:port:tcp:443	flow:d11d527af6d7 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-defe39665fdb6580:host:172.234.197.23	SESSION-defe39665fdb6580 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-878a5ce24b3ea2a6:host:140.179.228.29	SESSION-878a5ce24b3ea2a6 → host:140.179.228.29
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9eb85eb3deaacc18:SESSION-9eb85eb3deaacc18	SESSION-9eb85eb3deaacc18 → pe:syn:SESSION-9eb85eb3deaacc18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ddc60a1db971e20b:SESSION-ddc60a1db971e20b	SESSION-ddc60a1db971e20b → pe:syn:SESSION-ddc60a1db971e20b
FLOW_DST_PORTOBS	e:fp:flow:f984201cd04e:port:tcp:37129	flow:f984201cd04e → port:tcp:37129
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-381a570e386b12a2:flow:d2c9dbccf315	SESSION-381a570e386b12a2 → flow:d2c9dbccf315
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.46:asn:262880	host:177.10.238.46 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.233:geo_-23.62930_-46.63510	host:131.196.29.233 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:01654e0070e3	flow:01654e0070e3 → host:131.196.29.0 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.186:geo_-16.28860_-49.01640	host:177.10.239.186 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b81fa97d99ce77b6:PCAP:capture_20260430150001:ded20914761d	SESSION-b81fa97d99ce77b6 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-d467c8665ef34f6a:host:177.10.232.196	SESSION-d467c8665ef34f6a → host:177.10.232.196
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-afde502531c1ddca:SESSION-afde502531c1ddca	SESSION-afde502531c1ddca → pe:tls:SESSION-afde502531c1ddca
flow_observed4-aryOBS	e:fo:flow:ff650bf65086	flow:ff650bf65086 → host:172.234.197.23 → host:45.173.156.13 → port:tcp:39555
FLOW_DST_PORTOBS	e:fp:flow:b05614546d7d:port:tcp:443	flow:b05614546d7d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a137096eda6236d7:SESSION-a137096eda6236d7	SESSION-a137096eda6236d7 → pe:syn:SESSION-a137096eda6236d7
FLOW_DST_PORTOBS	e:fp:flow:67579f5ba801:port:tcp:9300	flow:67579f5ba801 → port:tcp:9300
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1d90a5aaa3545c15:SESSION-1d90a5aaa3545c15	SESSION-1d90a5aaa3545c15 → pe:tls:SESSION-1d90a5aaa3545c15
FLOW_TO_HOSTOBS	e:to:SESSION-184aec41cea03479:host:172.234.197.23	SESSION-184aec41cea03479 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:08b78d4a079b:port:tcp:39140	flow:08b78d4a079b → port:tcp:39140
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0d59ff2f2672e21c:SESSION-0d59ff2f2672e21c	SESSION-0d59ff2f2672e21c → pe:tls:SESSION-0d59ff2f2672e21c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ec67d149df3809f6:SESSION-ec67d149df3809f6	SESSION-ec67d149df3809f6 → pe:tls:SESSION-ec67d149df3809f6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5c7f3c61dd4869fc:SESSION-5c7f3c61dd4869fc	SESSION-5c7f3c61dd4869fc → pe:syn:SESSION-5c7f3c61dd4869fc
flow_observed5-aryOBS	e:fo:flow:2e31b6b97fde	flow:2e31b6b97fde → host:177.10.235.11 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-0b2db5b5e20e8c4e:BSG-BEACON-f6c2b3d0e42d	SESSION-0b2db5b5e20e8c4e → BSG-BEACON-f6c2b3d0e42d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c9716031ec5470ef:host:131.196.30.212:host:172.234.197.23	SESSION-c9716031ec5470ef → host:131.196.30.212 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-de35503b4a9f2ce3:SESSION-de35503b4a9f2ce3	SESSION-de35503b4a9f2ce3 → pe:tls:SESSION-de35503b4a9f2ce3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-118e26ad77e50cb0:host:172.234.197.23:host:131.196.29.239	SESSION-118e26ad77e50cb0 → host:172.234.197.23 → host:131.196.29.239
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-158ec8f739ce5586:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-158ec8f739ce5586 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e0a8afad40ce0aa2:SESSION-e0a8afad40ce0aa2	SESSION-e0a8afad40ce0aa2 → pe:tls:SESSION-e0a8afad40ce0aa2
FLOW_TO_HOSTOBS	e:to:SESSION-328591b09b0655cf:host:172.234.197.23	SESSION-328591b09b0655cf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-151e53ee3004033b:SESSION-151e53ee3004033b	SESSION-151e53ee3004033b → pe:tls:SESSION-151e53ee3004033b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3645126144628c28:host:45.173.156.32	SESSION-3645126144628c28 → host:45.173.156.32
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f40be42edcf6e8ed:host:131.196.31.190:host:172.234.197.23	SESSION-f40be42edcf6e8ed → host:131.196.31.190 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:559550acef46:port:tcp:443	flow:559550acef46 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-cbc349d6e82ad363:SESSION-cbc349d6e82ad363	SESSION-cbc349d6e82ad363 → pe:rst:SESSION-cbc349d6e82ad363
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3fd9b76b5230e873:host:172.234.197.23:host:131.196.31.157	SESSION-3fd9b76b5230e873 → host:172.234.197.23 → host:131.196.31.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7d9ab0e2fb8bff1f:SESSION-7d9ab0e2fb8bff1f	SESSION-7d9ab0e2fb8bff1f → pe:syn:SESSION-7d9ab0e2fb8bff1f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b6e18a39fae0db6:host:172.234.197.23	SESSION-6b6e18a39fae0db6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0feaffd55940508b:host:172.234.197.23	SESSION-0feaffd55940508b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.3:asn:271410	host:131.196.31.3 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-024c55a268626b80:host:172.234.197.23	SESSION-024c55a268626b80 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.34:asn:262880	host:177.10.235.34 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-979974e101979ba8:host:172.234.197.23	SESSION-979974e101979ba8 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:430858ea5ed8	flow:430858ea5ed8 → host:172.234.197.23 → host:131.196.29.248 → port:tcp:56794
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4898aa8f3840ecd5:host:177.10.238.98:host:172.234.197.23	SESSION-4898aa8f3840ecd5 → host:177.10.238.98 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-baee22f4fffa81d2:host:177.10.235.111	SESSION-baee22f4fffa81d2 → host:177.10.235.111
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b96b3cde986adfb1:flow:2860805f4ccd	SESSION-b96b3cde986adfb1 → flow:2860805f4ccd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-168a40fae7c0f56d:SESSION-168a40fae7c0f56d	SESSION-168a40fae7c0f56d → pe:syn:SESSION-168a40fae7c0f56d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5a4d952075d0ee24:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-5a4d952075d0ee24 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-22873a115734b4a8:SESSION-22873a115734b4a8	SESSION-22873a115734b4a8 → pe:tls:SESSION-22873a115734b4a8
FLOW_DST_PORTOBS	e:fp:flow:3f99712a5e3e:port:tcp:443	flow:3f99712a5e3e → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.145:asn:262880	host:177.10.238.145 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-347229f80efdfaa4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-347229f80efdfaa4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bac5dc0e18d2349f:flow:8940134437ac	SESSION-bac5dc0e18d2349f → flow:8940134437ac
FLOW_FROM_HOSTOBS	e:from:SESSION-26e26ae77a5f41e1:host:177.10.238.247	SESSION-26e26ae77a5f41e1 → host:177.10.238.247
FLOW_FROM_HOSTOBS	e:from:SESSION-72859a91c292f326:host:131.196.28.11	SESSION-72859a91c292f326 → host:131.196.28.11
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.48:geo_-23.62930_-46.63510	host:131.196.31.48 → geo_-23.62930_-46.63510
FLOW_QUERIED_DNSOBS	e:fd:flow:5725aeb457d8:dns:172-234-197-23.ip.linodeusercontent.com	flow:5725aeb457d8 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b578cd49b856e8a0:host:45.173.156.77	SESSION-b578cd49b856e8a0 → host:45.173.156.77
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.232:asn:203771	host:92.112.71.232 → asn:203771
FLOW_FROM_HOSTOBS	e:from:SESSION-69ac7334931bf6c1:host:131.196.30.83	SESSION-69ac7334931bf6c1 → host:131.196.30.83
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2035a3586bc1f35f:PCAP:capture_20260430110001:43611bdf6759	SESSION-2035a3586bc1f35f → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6b4b9c738c314ebf:SESSION-6b4b9c738c314ebf	SESSION-6b4b9c738c314ebf → pe:syn:SESSION-6b4b9c738c314ebf
FLOW_DST_PORTOBS	e:fp:flow:033017b17dce:port:tcp:443	flow:033017b17dce → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-122c6042cd97886a:host:172.234.197.23	SESSION-122c6042cd97886a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b3254874520e1dae:SESSION-b3254874520e1dae	SESSION-b3254874520e1dae → pe:syn:SESSION-b3254874520e1dae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f19ceabce4d2fbb5:SESSION-f19ceabce4d2fbb5	SESSION-f19ceabce4d2fbb5 → pe:tls:SESSION-f19ceabce4d2fbb5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1844a866ec523fcf:host:131.196.30.132	SESSION-1844a866ec523fcf → host:131.196.30.132
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-98e2e9e1db14446c:SESSION-98e2e9e1db14446c	SESSION-98e2e9e1db14446c → pe:syn:SESSION-98e2e9e1db14446c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-528b3497658f46ec:SESSION-528b3497658f46ec	SESSION-528b3497658f46ec → pe:tls:SESSION-528b3497658f46ec
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8a57b2200e62e75:host:177.10.233.11	SESSION-c8a57b2200e62e75 → host:177.10.233.11
flow_observed5-aryOBS	e:fo:flow:023c06168fdb	flow:023c06168fdb → host:177.10.233.44 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b59030bd39741ab3:host:172.234.197.23:host:131.196.29.114	SESSION-b59030bd39741ab3 → host:172.234.197.23 → host:131.196.29.114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3e54eb0866acbe21:SESSION-3e54eb0866acbe21	SESSION-3e54eb0866acbe21 → pe:tls:SESSION-3e54eb0866acbe21
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8feeff9d44d6e844:SESSION-8feeff9d44d6e844	SESSION-8feeff9d44d6e844 → pe:syn:SESSION-8feeff9d44d6e844
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33075a11d7099c2b:host:131.196.29.140	SESSION-33075a11d7099c2b → host:131.196.29.140
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-91da8f4807f085e6:flow:5b29f7395281	SESSION-91da8f4807f085e6 → flow:5b29f7395281
FLOW_FROM_HOSTOBS	e:from:SESSION-4c7b4cea62f376fb:host:131.196.30.143	SESSION-4c7b4cea62f376fb → host:131.196.30.143
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c24aca5564d2ae55:host:54.87.95.7:host:172.234.197.23	SESSION-c24aca5564d2ae55 → host:54.87.95.7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dc82e917a0ac0289:host:177.10.236.231:host:172.234.197.23	SESSION-dc82e917a0ac0289 → host:177.10.236.231 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-368729c748b57591:host:172.234.197.23	SESSION-368729c748b57591 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c98ee522a60a5600:host:172.234.197.23	SESSION-c98ee522a60a5600 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f392894730d574f3:host:172.234.197.23	SESSION-f392894730d574f3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5498d903f3b2d41:SESSION-b5498d903f3b2d41	SESSION-b5498d903f3b2d41 → pe:tls:SESSION-b5498d903f3b2d41
FLOW_TLS_SNIOBS	e:fs:flow:31aded4cced4:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:31aded4cced4 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-e04d863bd380e3e5:host:172.234.197.23	SESSION-e04d863bd380e3e5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d9c211d2931ae713:flow:89dfb84bffe8	SESSION-d9c211d2931ae713 → flow:89dfb84bffe8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-100c3fd7436ef8f8:flow:fc88b4593c6e	SESSION-100c3fd7436ef8f8 → flow:fc88b4593c6e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3eb6cc7ca453157a:flow:e90c527361e6	SESSION-3eb6cc7ca453157a → flow:e90c527361e6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f57d963826b0d8cc:host:131.196.31.192	SESSION-f57d963826b0d8cc → host:131.196.31.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bee67245b0f1ffd:host:172.234.197.23	SESSION-4bee67245b0f1ffd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5fc95fe30edf5706:SESSION-5fc95fe30edf5706	SESSION-5fc95fe30edf5706 → pe:tls:SESSION-5fc95fe30edf5706
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e1f0a324b14316cd:SESSION-e1f0a324b14316cd	SESSION-e1f0a324b14316cd → pe:syn:SESSION-e1f0a324b14316cd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3f1e2986117d2a1f:PCAP:capture_20260430090001:065659c7d314	SESSION-3f1e2986117d2a1f → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-da8ba1d6891d9574:SESSION-da8ba1d6891d9574	SESSION-da8ba1d6891d9574 → pe:tls:SESSION-da8ba1d6891d9574
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-62337f4a23aa4d2d:host:172.234.197.23:host:177.10.237.62	SESSION-62337f4a23aa4d2d → host:172.234.197.23 → host:177.10.237.62
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5f416b1590e3cca4:SESSION-5f416b1590e3cca4	SESSION-5f416b1590e3cca4 → pe:syn:SESSION-5f416b1590e3cca4
FLOW_DST_PORTOBS	e:fp:flow:6e3832b2b70d:port:tcp:443	flow:6e3832b2b70d → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5bd73118ac3f9f7:host:131.196.29.67:host:172.234.197.23	SESSION-b5bd73118ac3f9f7 → host:131.196.29.67 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac14845b1a23366d:host:177.10.232.52	SESSION-ac14845b1a23366d → host:177.10.232.52
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ea2f6118de4330ea:PCAP:capture_20260430150001:ded20914761d	SESSION-ea2f6118de4330ea → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-168c4e3df9119bba:PCAP:capture_20260430060001:919b39a74464	SESSION-168c4e3df9119bba → PCAP:capture_20260430060001:919b39a74464
FLOW_QUERIED_DNSOBS	e:fd:flow:ede82bb3f685:dns:172-234-197-23.ip.linodeusercontent.com	flow:ede82bb3f685 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-34d820c66fac079b:SESSION-34d820c66fac079b	SESSION-34d820c66fac079b → pe:tls:SESSION-34d820c66fac079b
FLOW_DST_PORTOBS	e:fp:flow:910913aa1637:port:tcp:443	flow:910913aa1637 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-15939dedfcffc5e5:host:172.234.197.23	SESSION-15939dedfcffc5e5 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:aa0e77b18e64	flow:aa0e77b18e64 → host:69.222.187.134 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-361f1ea86b9f3cf3:host:172.234.197.23	SESSION-361f1ea86b9f3cf3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9427f5c2202c5258:host:177.10.239.148	SESSION-9427f5c2202c5258 → host:177.10.239.148
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1a13f968b47fc9d:host:177.10.239.63	SESSION-e1a13f968b47fc9d → host:177.10.239.63
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-226dccfda73d96ef:host:172.234.197.23:host:177.10.237.161	SESSION-226dccfda73d96ef → host:172.234.197.23 → host:177.10.237.161
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d8b9309f53afd487:host:45.173.156.162:host:172.234.197.23	SESSION-d8b9309f53afd487 → host:45.173.156.162 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-605cf9d10467f8d3:host:177.10.237.2	SESSION-605cf9d10467f8d3 → host:177.10.237.2
FLOW_TO_HOSTOBS	e:to:SESSION-a7b3f412ee893afd:host:177.10.239.39	SESSION-a7b3f412ee893afd → host:177.10.239.39
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ddb8ef81f168c6c0:flow:d865c9d97541	SESSION-ddb8ef81f168c6c0 → flow:d865c9d97541
FLOW_DST_PORTOBS	e:fp:flow:d89b7042eba6:port:tcp:443	flow:d89b7042eba6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f0044b48e7e1824:host:172.234.197.23	SESSION-5f0044b48e7e1824 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:884ce823120d	flow:884ce823120d → host:177.10.235.81 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:9fa066ff97a0:port:tcp:443	flow:9fa066ff97a0 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-21b1ebb6f3d7bd68:SESSION-21b1ebb6f3d7bd68	SESSION-21b1ebb6f3d7bd68 → pe:dns:SESSION-21b1ebb6f3d7bd68
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-132ae74090c90dac:SESSION-132ae74090c90dac	SESSION-132ae74090c90dac → pe:syn:SESSION-132ae74090c90dac
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-36966af2dfd8700b:flow:11839f4b0a73	SESSION-36966af2dfd8700b → flow:11839f4b0a73
FLOW_DST_PORTOBS	e:fp:flow:3bc938eaf0e8:port:tcp:80	flow:3bc938eaf0e8 → port:tcp:80
FLOW_DST_PORTOBS	e:fp:flow:ebaf2d276c65:port:tcp:17625	flow:ebaf2d276c65 → port:tcp:17625
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5bec9c6872f5835:SESSION-b5bec9c6872f5835	SESSION-b5bec9c6872f5835 → pe:tls:SESSION-b5bec9c6872f5835
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cbc08c1422c92ccf:PCAP:capture_20260430090001:065659c7d314	SESSION-cbc08c1422c92ccf → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eb243e65e2b1808d:PCAP:capture_20260430060001:919b39a74464	SESSION-eb243e65e2b1808d → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:9eec284b5d7b	flow:9eec284b5d7b → host:177.10.238.138 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9d65a28f7cbebfeb:SESSION-9d65a28f7cbebfeb	SESSION-9d65a28f7cbebfeb → pe:syn:SESSION-9d65a28f7cbebfeb
FLOW_TO_HOSTOBS	e:to:SESSION-077636b939c69f3b:host:172.234.197.23	SESSION-077636b939c69f3b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-99ffd8e203ea7715:PCAP:capture_20260430160001:9bfa4498506a	SESSION-99ffd8e203ea7715 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8c07bee6bb583aca:SESSION-8c07bee6bb583aca	SESSION-8c07bee6bb583aca → pe:tls:SESSION-8c07bee6bb583aca
FLOW_TO_HOSTOBS	e:to:SESSION-868abcdaf084ea7c:host:172.232.0.16	SESSION-868abcdaf084ea7c → host:172.232.0.16
FLOW_DST_PORTOBS	e:fp:flow:851dc7e1352e:port:tcp:56801	flow:851dc7e1352e → port:tcp:56801
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.88:asn:262880	host:177.10.239.88 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b66b69fe93183378:host:45.173.156.51	SESSION-b66b69fe93183378 → host:45.173.156.51
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.250:asn:262880	host:177.10.237.250 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-57be4ad64c21b6c4:flow:306c1d5ac8d4	SESSION-57be4ad64c21b6c4 → flow:306c1d5ac8d4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b30f6f845792a67e:host:177.10.234.243:host:172.234.197.23	SESSION-b30f6f845792a67e → host:177.10.234.243 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8614773ef8a3b357:flow:53d37a6eb3a2	SESSION-8614773ef8a3b357 → flow:53d37a6eb3a2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e39b76c4ba6c4cf6:host:177.10.232.69:host:172.234.197.23	SESSION-e39b76c4ba6c4cf6 → host:177.10.232.69 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85683c3aa8c095db:host:66.228.53.46	SESSION-85683c3aa8c095db → host:66.228.53.46
FLOW_TO_HOSTOBS	e:to:SESSION-87843d3af97b013e:host:172.234.197.23	SESSION-87843d3af97b013e → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-73c4b3cbea42a394:BSG-DATA_EXFIL-9472f16179aa	SESSION-73c4b3cbea42a394 → BSG-DATA_EXFIL-9472f16179aa
FLOW_FROM_HOSTOBS	e:from:SESSION-55aa5069b830c261:host:131.196.28.160	SESSION-55aa5069b830c261 → host:131.196.28.160
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.184:asn:262880	host:177.10.233.184 → asn:262880
flow_observed5-aryOBS	e:fo:flow:2622d4ad7ff2	flow:2622d4ad7ff2 → host:177.10.238.170 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-56e56d8157575627:host:177.10.236.56:host:172.234.197.23	SESSION-56e56d8157575627 → host:177.10.236.56 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5a1525d7a099ba42:PCAP:capture_20260430050001:8868731bf8a4	SESSION-5a1525d7a099ba42 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ec3678e1070a7a4:host:131.196.29.60	SESSION-9ec3678e1070a7a4 → host:131.196.29.60
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a7bf37c238cc392:SESSION-4a7bf37c238cc392	SESSION-4a7bf37c238cc392 → pe:tls:SESSION-4a7bf37c238cc392
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-63f078b7cf539982:SESSION-63f078b7cf539982	SESSION-63f078b7cf539982 → pe:tls:SESSION-63f078b7cf539982
FLOW_TO_HOSTOBS	e:to:SESSION-7d9ab0e2fb8bff1f:host:45.173.156.78	SESSION-7d9ab0e2fb8bff1f → host:45.173.156.78
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-007d1747f3bd10df:SESSION-007d1747f3bd10df	SESSION-007d1747f3bd10df → pe:tls:SESSION-007d1747f3bd10df
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.250:asn:271410	host:131.196.30.250 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0fe99f41b36441fa:host:131.196.31.223	SESSION-0fe99f41b36441fa → host:131.196.31.223
FLOW_FROM_HOSTOBS	e:from:SESSION-dad0ff120323eed1:host:172.234.197.23	SESSION-dad0ff120323eed1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4c41cf07253f	flow:4c41cf07253f → host:131.196.30.242 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa35d0a8fa5d9f77:host:177.10.236.101	SESSION-fa35d0a8fa5d9f77 → host:177.10.236.101
flow_observed5-aryOBS	e:fo:flow:b80e056f3e31	flow:b80e056f3e31 → host:131.196.30.128 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:0088c7458bb0	flow:0088c7458bb0 → host:177.10.237.128 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46a01539128daee6:host:172.234.197.23	SESSION-46a01539128daee6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-378ead2076355bca:host:172.234.197.23:host:131.196.28.94	SESSION-378ead2076355bca → host:172.234.197.23 → host:131.196.28.94
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e00c0cf74d0af603:host:131.196.30.19:host:172.234.197.23	SESSION-e00c0cf74d0af603 → host:131.196.30.19 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a78c6319ce69:port:tcp:443	flow:a78c6319ce69 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-66897d09e7f9757a:host:45.173.156.66	SESSION-66897d09e7f9757a → host:45.173.156.66
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-acf0f47433b56858:host:172.234.197.23	SESSION-acf0f47433b56858 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9df9d2c1feb9	flow:9df9d2c1feb9 → host:177.10.234.103 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.99:geo_-16.28860_-49.01640	host:177.10.239.99 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:c6a2d0b31f21:port:tcp:443	flow:c6a2d0b31f21 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.40:asn:262880	host:177.10.237.40 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.192:asn:262880	host:177.10.235.192 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:9645bfc7fe4d:port:tcp:38852	flow:9645bfc7fe4d → port:tcp:38852
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-314a3839bafadb97:flow:30edcb23ec52	SESSION-314a3839bafadb97 → flow:30edcb23ec52
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1191ea69c7b9e8e5:host:109.89.117.44:host:172.234.197.23	SESSION-1191ea69c7b9e8e5 → host:109.89.117.44 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bfa418bfe374bf06:host:172.234.197.23	SESSION-bfa418bfe374bf06 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1620c835b56464d4:host:177.10.234.248	SESSION-1620c835b56464d4 → host:177.10.234.248
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b9574d05ba0801a5:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-b9574d05ba0801a5 → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed4-aryOBS	e:fo:flow:b187841e7f45	flow:b187841e7f45 → host:172.234.197.23 → host:177.10.232.66 → port:tcp:45304
FLOW_FROM_HOSTOBS	e:from:SESSION-d12c89e59455016e:host:172.234.197.23	SESSION-d12c89e59455016e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0d11915f1f4e9ef9:SESSION-0d11915f1f4e9ef9	SESSION-0d11915f1f4e9ef9 → pe:tls:SESSION-0d11915f1f4e9ef9
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.211:asn:262880	host:177.10.235.211 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-024c55a268626b80:SESSION-024c55a268626b80	SESSION-024c55a268626b80 → pe:tls:SESSION-024c55a268626b80
FLOW_DST_PORTOBS	e:fp:flow:568b0c6364ac:port:tcp:80	flow:568b0c6364ac → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4dc175dd74a3b00:host:104.28.157.111	SESSION-b4dc175dd74a3b00 → host:104.28.157.111
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-81679789c998e700:SESSION-81679789c998e700	SESSION-81679789c998e700 → pe:syn:SESSION-81679789c998e700
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77661c4fb07edf10:SESSION-77661c4fb07edf10	SESSION-77661c4fb07edf10 → pe:tls:SESSION-77661c4fb07edf10
FLOW_DST_PORTOBS	e:fp:flow:6db8ecd7eb72:port:tcp:443	flow:6db8ecd7eb72 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cce146f15a17b9a1:SESSION-cce146f15a17b9a1	SESSION-cce146f15a17b9a1 → pe:syn:SESSION-cce146f15a17b9a1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cdd13464c217a214:host:172.234.197.23	SESSION-cdd13464c217a214 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1b4aebfef6c24ca0:host:177.10.236.42	SESSION-1b4aebfef6c24ca0 → host:177.10.236.42
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.156:geo_-16.28860_-49.01640	host:177.10.236.156 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-74a0cb408b3fb354:PCAP:capture_20260430050001:8868731bf8a4	SESSION-74a0cb408b3fb354 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2b54b11bede7a4d5:SESSION-2b54b11bede7a4d5	SESSION-2b54b11bede7a4d5 → pe:tls:SESSION-2b54b11bede7a4d5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-964acfd97ca38755:flow:10c4e8fbc188	SESSION-964acfd97ca38755 → flow:10c4e8fbc188
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.24:geo_-16.28860_-49.01640	host:177.10.235.24 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.59:asn:271410	host:131.196.30.59 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d44d2d34cc029e97:host:131.196.30.152	SESSION-d44d2d34cc029e97 → host:131.196.30.152
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d3cf98bfbd337a47:host:177.10.234.126:host:172.234.197.23	SESSION-d3cf98bfbd337a47 → host:177.10.234.126 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-72411a82d36d6add:flow:4cb26e73e001	SESSION-72411a82d36d6add → flow:4cb26e73e001
FLOW_TO_HOSTOBS	e:to:SESSION-c4fe97044eaa4ff8:host:172.234.197.23	SESSION-c4fe97044eaa4ff8 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.170:asn:262880	host:177.10.238.170 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:3cd87ec6e33e:port:tcp:443	flow:3cd87ec6e33e → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:4cefb8d622a4:port:tcp:443	flow:4cefb8d622a4 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-734d97fdd69356a6:host:172.234.197.23	SESSION-734d97fdd69356a6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e512980b1e52beb:SESSION-7e512980b1e52beb	SESSION-7e512980b1e52beb → pe:syn:SESSION-7e512980b1e52beb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68e98907ffe6aa24:host:172.234.197.23:host:131.196.31.63	SESSION-68e98907ffe6aa24 → host:172.234.197.23 → host:131.196.31.63
flow_observed5-aryOBS	e:fo:flow:22aa90f0cf17	flow:22aa90f0cf17 → host:177.10.236.6 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_QUERIED_DNSOBS	e:fd:flow:85aacd5feb03:dns:172-234-197-23.ip.linodeusercontent.com	flow:85aacd5feb03 → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-397164cbc5836ff1:host:177.10.232.67	SESSION-397164cbc5836ff1 → host:177.10.232.67
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.85:asn:271410	host:131.196.31.85 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:a0836fcd7bb1:port:tcp:52981	flow:a0836fcd7bb1 → port:tcp:52981
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b2c924632948936b:SESSION-b2c924632948936b	SESSION-b2c924632948936b → pe:syn:SESSION-b2c924632948936b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3123a8609bb9fc1:host:177.10.233.197	SESSION-a3123a8609bb9fc1 → host:177.10.233.197
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6617d8dfad1357d9:host:45.173.156.95	SESSION-6617d8dfad1357d9 → host:45.173.156.95
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a80be6abc21d5bd:host:172.234.197.23	SESSION-8a80be6abc21d5bd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3676532bb2f3ac59:host:131.196.31.90	SESSION-3676532bb2f3ac59 → host:131.196.31.90
FLOW_FROM_HOSTOBS	e:from:SESSION-e00c0cf74d0af603:host:131.196.30.19	SESSION-e00c0cf74d0af603 → host:131.196.30.19
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.162:geo_-16.28860_-49.01640	host:177.10.237.162 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:a47a7c567369	flow:a47a7c567369 → host:172.234.197.23 → host:131.196.31.80 → port:tcp:35881
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6bfe68f8e20317f4:SESSION-6bfe68f8e20317f4	SESSION-6bfe68f8e20317f4 → pe:tls:SESSION-6bfe68f8e20317f4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47699582b69b5d99:host:172.234.197.23	SESSION-47699582b69b5d99 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47e6906e0a27d254:flow:fc2f9ab2e66c	SESSION-47e6906e0a27d254 → flow:fc2f9ab2e66c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-674d0a1b38b3c135:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-674d0a1b38b3c135 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7de8e99103378c90:host:172.234.197.23:host:172.232.0.16	SESSION-7de8e99103378c90 → host:172.234.197.23 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c774247ce2f7d3db:host:131.196.30.168	SESSION-c774247ce2f7d3db → host:131.196.30.168
FLOW_TO_HOSTOBS	e:to:SESSION-a2005509481f3ca7:host:172.234.197.23	SESSION-a2005509481f3ca7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ced9ee95145c:port:tcp:43464	flow:ced9ee95145c → port:tcp:43464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e15824f9dd78d2b4:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e15824f9dd78d2b4 → PCAP:capture_20260430050001:8868731bf8a4
HOST_IN_ASNOBS 85%	e:ha:host:69.222.187.134:asn:7018	host:69.222.187.134 → asn:7018
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.149:asn:262880	host:177.10.232.149 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.98:asn:273470	host:45.173.156.98 → asn:273470
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.95:geo_-16.28860_-49.01640	host:177.10.236.95 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:ebf3e86f8a9a	flow:ebf3e86f8a9a → host:177.10.234.56 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-979dfdf677607677:SESSION-979dfdf677607677	SESSION-979dfdf677607677 → pe:tls:SESSION-979dfdf677607677
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.15:asn:262880	host:177.10.234.15 → asn:262880
flow_observed4-aryOBS	e:fo:flow:4d295ea72925	flow:4d295ea72925 → host:172.234.197.23 → host:131.196.30.189 → port:tcp:58230
FLOW_FROM_HOSTOBS	e:from:SESSION-68342cf3c00e7f2e:host:131.196.28.6	SESSION-68342cf3c00e7f2e → host:131.196.28.6
FLOW_FROM_HOSTOBS	e:from:SESSION-98452f7d1a82c494:host:172.234.197.23	SESSION-98452f7d1a82c494 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-288ea97e67f438e3:host:45.173.156.230:host:172.234.197.23	SESSION-288ea97e67f438e3 → host:45.173.156.230 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f277335c7e8c32bb:host:45.145.152.19	SESSION-f277335c7e8c32bb → host:45.145.152.19
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.192:geo_-16.28860_-49.01640	host:177.10.239.192 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-124cb6be20cbe456:PCAP:capture_20260430090001:065659c7d314	SESSION-124cb6be20cbe456 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a6b62b6aad076f58:flow:66f91fbbd552	SESSION-a6b62b6aad076f58 → flow:66f91fbbd552
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-befc987f4c77d80c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-befc987f4c77d80c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:91c1af006574	flow:91c1af006574 → host:177.10.233.183 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-bd9436da4a7a552d:host:172.232.0.17	SESSION-bd9436da4a7a552d → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-ed473d20582b9e99:host:177.10.236.76	SESSION-ed473d20582b9e99 → host:177.10.236.76
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-abaf8d71fe47df1c:host:172.234.197.23	SESSION-abaf8d71fe47df1c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-324b6311c2d003f7:host:172.234.197.23	SESSION-324b6311c2d003f7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8c3d14af1a5eb503:SESSION-8c3d14af1a5eb503	SESSION-8c3d14af1a5eb503 → pe:syn:SESSION-8c3d14af1a5eb503
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-367c844590f11a50:host:172.234.197.23	SESSION-367c844590f11a50 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-ed55c24c9ffd87b5:BSG-BEACON-d0e3cf456f12	SESSION-ed55c24c9ffd87b5 → BSG-BEACON-d0e3cf456f12
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e938dc96c7665991:host:172.234.197.23:host:177.10.232.215	SESSION-e938dc96c7665991 → host:172.234.197.23 → host:177.10.232.215
FLOW_FROM_HOSTOBS	e:from:SESSION-d58cfad877959bea:host:45.173.156.90	SESSION-d58cfad877959bea → host:45.173.156.90
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-01d7e8e7f6d6f55b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-01d7e8e7f6d6f55b → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cd81cfaee9483060:SESSION-cd81cfaee9483060	SESSION-cd81cfaee9483060 → pe:tls:SESSION-cd81cfaee9483060
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3cdf0b404a4678c5:host:177.10.239.15	SESSION-3cdf0b404a4678c5 → host:177.10.239.15
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-347bad418eab3a6f:PCAP:capture_20260430050001:8868731bf8a4	SESSION-347bad418eab3a6f → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a288a75f40d03563:host:172.234.197.23	SESSION-a288a75f40d03563 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c7e6be5ba8db3cda:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c7e6be5ba8db3cda → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-78d87c88323785f9:host:172.234.197.23:host:177.10.235.169	SESSION-78d87c88323785f9 → host:172.234.197.23 → host:177.10.235.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-650fd2b828a7b477:host:172.234.197.23	SESSION-650fd2b828a7b477 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d957287df88430bb:SESSION-d957287df88430bb	SESSION-d957287df88430bb → pe:syn:SESSION-d957287df88430bb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ff374888c4809584:SESSION-ff374888c4809584	SESSION-ff374888c4809584 → pe:tls:SESSION-ff374888c4809584
HOST_IN_ASNOBS 85%	e:ha:host:5.182.209.49:asn:62068	host:5.182.209.49 → asn:62068
FLOW_DST_PORTOBS	e:fp:flow:abc8fc2a68c4:port:tcp:443	flow:abc8fc2a68c4 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87ea4b729b5b64e3:host:131.196.31.48	SESSION-87ea4b729b5b64e3 → host:131.196.31.48
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4449fca2fd34af5e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4449fca2fd34af5e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-7b11513eff2bd1e6:host:131.196.29.215	SESSION-7b11513eff2bd1e6 → host:131.196.29.215
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-793a524af1982647:host:172.234.197.23	SESSION-793a524af1982647 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d2af0189f90c79b2:host:131.196.31.77	SESSION-d2af0189f90c79b2 → host:131.196.31.77
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2e920b338cbbee7b:flow:ea3534a0835f	SESSION-2e920b338cbbee7b → flow:ea3534a0835f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e10e261831a1079d:flow:3144878b6b9a	SESSION-e10e261831a1079d → flow:3144878b6b9a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3eb6cc7ca453157a:PCAP:capture_20260430060001:919b39a74464	SESSION-3eb6cc7ca453157a → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fb971e48f4a1e66e:SESSION-fb971e48f4a1e66e	SESSION-fb971e48f4a1e66e → pe:tls:SESSION-fb971e48f4a1e66e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b3254874520e1dae:PCAP:capture_20260430160001:9bfa4498506a	SESSION-b3254874520e1dae → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2096050a1fa0221d:host:131.196.28.25	SESSION-2096050a1fa0221d → host:131.196.28.25
FLOW_TO_HOSTOBS	e:to:SESSION-73eca1f22df524d3:host:172.234.197.23	SESSION-73eca1f22df524d3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3ea33f21558d3ba7:host:172.234.197.23	SESSION-3ea33f21558d3ba7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f316080d1441:port:tcp:443	flow:f316080d1441 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.191:asn:262880	host:177.10.236.191 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f51f16a6829ff61b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-f51f16a6829ff61b → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7ccf0be9923f197d:host:131.196.30.182:host:172.234.197.23	SESSION-7ccf0be9923f197d → host:131.196.30.182 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9a9df261a7287913:host:131.196.29.78:host:172.234.197.23	SESSION-9a9df261a7287913 → host:131.196.29.78 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-be4f81bef58a140b:host:172.234.197.23	SESSION-be4f81bef58a140b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-8c07bee6bb583aca:SESSION-8c07bee6bb583aca	SESSION-8c07bee6bb583aca → pe:rst:SESSION-8c07bee6bb583aca
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b8a95576c112cc14:flow:fc3b21937ae9	SESSION-b8a95576c112cc14 → flow:fc3b21937ae9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-770902b82fea5ce5:host:177.10.235.75	SESSION-770902b82fea5ce5 → host:177.10.235.75
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.91:asn:271410	host:131.196.31.91 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0d1e9854752b2176:SESSION-0d1e9854752b2176	SESSION-0d1e9854752b2176 → pe:tls:SESSION-0d1e9854752b2176
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-36f959353527c71a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-36f959353527c71a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dc1a3553c9b143c5:flow:e651a2d530ee	SESSION-dc1a3553c9b143c5 → flow:e651a2d530ee
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f597f69b0915b82:host:172.234.197.23	SESSION-9f597f69b0915b82 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f4a86c40e28bf330:host:45.173.156.48	SESSION-f4a86c40e28bf330 → host:45.173.156.48
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e0a730d87d8b98f3:flow:9a745d03101e	SESSION-e0a730d87d8b98f3 → flow:9a745d03101e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f2aa671fdac09172:SESSION-f2aa671fdac09172	SESSION-f2aa671fdac09172 → pe:syn:SESSION-f2aa671fdac09172
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d1ec6b7d17caa72c:SESSION-d1ec6b7d17caa72c	SESSION-d1ec6b7d17caa72c → pe:syn:SESSION-d1ec6b7d17caa72c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-94f070a5530c9e09:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-94f070a5530c9e09 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36b6bef962351df3:host:172.234.197.23	SESSION-36b6bef962351df3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e5901fc962e8:port:tcp:443	flow:e5901fc962e8 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-288c2773d91d95c9:host:172.234.197.23	SESSION-288c2773d91d95c9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d290f0be98eecddb:host:172.234.197.23:host:177.10.238.56	SESSION-d290f0be98eecddb → host:172.234.197.23 → host:177.10.238.56
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-259d89cf1511dc5c:PCAP:capture_20260430160001:9bfa4498506a	SESSION-259d89cf1511dc5c → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:0088c7458bb0:port:tcp:443	flow:0088c7458bb0 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c402fe398bbf1491:flow:a9ef69b0237c	SESSION-c402fe398bbf1491 → flow:a9ef69b0237c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41b7279875030e7d:host:172.234.197.23	SESSION-41b7279875030e7d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.254:geo_-16.28860_-49.01640	host:177.10.234.254 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88a21eebc91cc549:host:172.234.197.23	SESSION-88a21eebc91cc549 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-917ad6cf3046e17b:host:172.234.197.23:host:45.173.156.101	SESSION-917ad6cf3046e17b → host:172.234.197.23 → host:45.173.156.101
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dbacd0066146a93a:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-dbacd0066146a93a → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8136a084d82536a6:host:95.135.228.10	SESSION-8136a084d82536a6 → host:95.135.228.10
FLOW_FROM_HOSTOBS	e:from:SESSION-40e0d0b129f437fd:host:147.135.97.222	SESSION-40e0d0b129f437fd → host:147.135.97.222
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-febabcac2b03c9d1:host:131.196.28.242	SESSION-febabcac2b03c9d1 → host:131.196.28.242
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-57e647fa0cdcfe5a:host:177.10.239.87:host:172.234.197.23	SESSION-57e647fa0cdcfe5a → host:177.10.239.87 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ea7d04d29ddc:port:tcp:443	flow:ea7d04d29ddc → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:c550b9d61da6:port:tcp:54639	flow:c550b9d61da6 → port:tcp:54639
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0119815c01d3319:host:131.196.31.183:host:172.234.197.23	SESSION-c0119815c01d3319 → host:131.196.31.183 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5d780f89354efd9:SESSION-b5d780f89354efd9	SESSION-b5d780f89354efd9 → pe:tls:SESSION-b5d780f89354efd9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b5948254caf12dd:host:172.234.197.23	SESSION-9b5948254caf12dd → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:16c7a0cad34a:port:tcp:25199	flow:16c7a0cad34a → port:tcp:25199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-911659ba7d4041d9:host:172.234.197.23	SESSION-911659ba7d4041d9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.131:asn:262880	host:177.10.235.131 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:4925c1a24954:port:tcp:6304	flow:4925c1a24954 → port:tcp:6304
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0b22fbd69b6831b9:SESSION-0b22fbd69b6831b9	SESSION-0b22fbd69b6831b9 → pe:syn:SESSION-0b22fbd69b6831b9
FLOW_TO_HOSTOBS	e:to:SESSION-f3748d9d14aafdb8:host:177.10.236.115	SESSION-f3748d9d14aafdb8 → host:177.10.236.115
flow_observed5-aryOBS	e:fo:flow:cb62cbda5136	flow:cb62cbda5136 → host:131.196.29.205 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ef8854f2d4650c5:SESSION-2ef8854f2d4650c5	SESSION-2ef8854f2d4650c5 → pe:tls:SESSION-2ef8854f2d4650c5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bee309b4d5047c7d:flow:420626ea8769	SESSION-bee309b4d5047c7d → flow:420626ea8769
FLOW_FROM_HOSTOBS	e:from:SESSION-921389e161f019e9:host:172.234.197.23	SESSION-921389e161f019e9 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ad62b54803b59875:host:172.234.197.23	SESSION-ad62b54803b59875 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b2ef1696b4c4f00:host:177.10.234.207	SESSION-2b2ef1696b4c4f00 → host:177.10.234.207
flow_observed5-aryOBS	e:fo:flow:4810b7b3c231	flow:4810b7b3c231 → host:88.99.91.59 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b59030bd39741ab3:host:172.234.197.23	SESSION-b59030bd39741ab3 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-d4bc305941088d24:BSG-BEACON-e07f4250263f	SESSION-d4bc305941088d24 → BSG-BEACON-e07f4250263f
FLOW_DST_PORTOBS	e:fp:flow:1c4d193b3400:port:tcp:443	flow:1c4d193b3400 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ee8a8be73e4592b1:flow:87c0f5d21d31	SESSION-ee8a8be73e4592b1 → flow:87c0f5d21d31
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-76512232807349be:host:45.173.156.51:host:172.234.197.23	SESSION-76512232807349be → host:45.173.156.51 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-66897d09e7f9757a:SESSION-66897d09e7f9757a	SESSION-66897d09e7f9757a → pe:tls:SESSION-66897d09e7f9757a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9b209515fa806d4a:host:177.10.238.87:host:172.234.197.23	SESSION-9b209515fa806d4a → host:177.10.238.87 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3bf7bb3dc8319468:flow:751e2322b01d	SESSION-3bf7bb3dc8319468 → flow:751e2322b01d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.199:geo_-23.62930_-46.63510	host:131.196.29.199 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e8ef5b0d475390b4:SESSION-e8ef5b0d475390b4	SESSION-e8ef5b0d475390b4 → pe:syn:SESSION-e8ef5b0d475390b4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e3944d5014504521:SESSION-e3944d5014504521	SESSION-e3944d5014504521 → pe:syn:SESSION-e3944d5014504521
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-970108b06912c1b7:host:177.10.234.231	SESSION-970108b06912c1b7 → host:177.10.234.231
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-931a0ea4dc7054bf:host:172.234.197.23	SESSION-931a0ea4dc7054bf → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-231f5887ddd9d406:host:172.234.197.23:host:177.10.239.145	SESSION-231f5887ddd9d406 → host:172.234.197.23 → host:177.10.239.145
flow_observed5-aryOBS	e:fo:flow:ee90f0835cbc	flow:ee90f0835cbc → host:45.173.156.21 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2091e87bc96ca173:host:172.234.197.23	SESSION-2091e87bc96ca173 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2214f7d76e31:port:tcp:443	flow:2214f7d76e31 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-664631b6c582f1f7:SESSION-664631b6c582f1f7	SESSION-664631b6c582f1f7 → pe:tls:SESSION-664631b6c582f1f7
flow_observed4-aryOBS	e:fo:flow:2f3e5c1f74a5	flow:2f3e5c1f74a5 → host:172.234.197.23 → host:177.10.232.19 → port:tcp:11176
FLOW_FROM_HOSTOBS	e:from:SESSION-112f4fdeb678f643:host:172.234.197.23	SESSION-112f4fdeb678f643 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-edf23c7505754934:host:172.234.197.23:host:177.10.233.35	SESSION-edf23c7505754934 → host:172.234.197.23 → host:177.10.233.35
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-091d255d08b85143:flow:7a74743236f4	SESSION-091d255d08b85143 → flow:7a74743236f4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e5496341eed0b869:SESSION-e5496341eed0b869	SESSION-e5496341eed0b869 → pe:tls:SESSION-e5496341eed0b869
FLOW_TO_HOSTOBS	e:to:SESSION-f08e9fcec07329fb:host:172.234.197.23	SESSION-f08e9fcec07329fb → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.44:asn:262880	host:177.10.234.44 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.86:geo_-23.62930_-46.63510	host:131.196.28.86 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:874f2acd2406:port:tcp:443	flow:874f2acd2406 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:ffbe47ee66cd	flow:ffbe47ee66cd → host:177.10.237.38 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.37:asn:271410	host:131.196.30.37 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f147f2227c6d965:host:172.234.197.23	SESSION-5f147f2227c6d965 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6ccc6c1f2d86	flow:6ccc6c1f2d86 → host:177.10.236.174 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b6d44dc6146dcb58:host:177.10.239.109:host:172.234.197.23	SESSION-b6d44dc6146dcb58 → host:177.10.239.109 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ea69cbe21998:port:tcp:16317	flow:ea69cbe21998 → port:tcp:16317
FLOW_FROM_HOSTOBS	e:from:SESSION-2384be4238de1707:host:177.10.232.230	SESSION-2384be4238de1707 → host:177.10.232.230
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9c5b30eb4b7e446:host:172.234.197.23	SESSION-c9c5b30eb4b7e446 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9b13ac4e6d83a5e:host:177.10.239.166	SESSION-d9b13ac4e6d83a5e → host:177.10.239.166
FLOW_FROM_HOSTOBS	e:from:SESSION-7aaaf2932de65e0e:host:177.10.234.155	SESSION-7aaaf2932de65e0e → host:177.10.234.155
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7c1c3bc51aa7232b:host:172.234.197.23:host:172.232.0.17	SESSION-7c1c3bc51aa7232b → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f1009c3ce0fc23df:host:172.234.197.23	SESSION-f1009c3ce0fc23df → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-105ac3e4c69fbe80:host:172.234.197.23	SESSION-105ac3e4c69fbe80 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-34c02a09bd1ab4d1:SESSION-34c02a09bd1ab4d1	SESSION-34c02a09bd1ab4d1 → pe:rst:SESSION-34c02a09bd1ab4d1
FLOW_TO_HOSTOBS	e:to:SESSION-aab54ece2b0af0b4:host:172.234.197.23	SESSION-aab54ece2b0af0b4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-acd63ec8ffcea8e7:host:131.196.29.228	SESSION-acd63ec8ffcea8e7 → host:131.196.29.228
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3fdceaf69f291402:SESSION-3fdceaf69f291402	SESSION-3fdceaf69f291402 → pe:tls:SESSION-3fdceaf69f291402
flow_observed4-aryOBS	e:fo:flow:60035740abc7	flow:60035740abc7 → host:172.234.197.23 → host:177.10.233.195 → port:tcp:28420
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77b68b84e12bfaab:SESSION-77b68b84e12bfaab	SESSION-77b68b84e12bfaab → pe:tls:SESSION-77b68b84e12bfaab
FLOW_TO_HOSTOBS	e:to:SESSION-1c5a72a6fbc2381d:host:172.234.197.23	SESSION-1c5a72a6fbc2381d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:07d8a2b430bf:port:tcp:13868	flow:07d8a2b430bf → port:tcp:13868
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c1c3bc51aa7232b:host:172.232.0.17	SESSION-7c1c3bc51aa7232b → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0940876600cf1421:SESSION-0940876600cf1421	SESSION-0940876600cf1421 → pe:tls:SESSION-0940876600cf1421
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cfb2466cf35b5342:SESSION-cfb2466cf35b5342	SESSION-cfb2466cf35b5342 → pe:tls:SESSION-cfb2466cf35b5342
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59aca44477f61d35:host:172.234.197.23	SESSION-59aca44477f61d35 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b2586028491b4edc:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b2586028491b4edc → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47699582b69b5d99:host:177.10.239.107	SESSION-47699582b69b5d99 → host:177.10.239.107
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e503c69e36c27590:host:172.234.197.23	SESSION-e503c69e36c27590 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65fda4a5b580780a:flow:504bc5233da5	SESSION-65fda4a5b580780a → flow:504bc5233da5
flow_observed5-aryOBS	e:fo:flow:4183b8da1840	flow:4183b8da1840 → host:177.10.235.89 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5816b4a8f681ef76:flow:3231af7735e8	SESSION-5816b4a8f681ef76 → flow:3231af7735e8
flow_observed4-aryOBS	e:fo:flow:241ea1fbd65f	flow:241ea1fbd65f → host:172.234.197.23 → host:177.10.232.19 → port:tcp:54525
FLOW_DST_PORTOBS	e:fp:flow:2d81150733e9:port:tcp:443	flow:2d81150733e9 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c651848d98d2f620:SESSION-c651848d98d2f620	SESSION-c651848d98d2f620 → pe:syn:SESSION-c651848d98d2f620
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.20:geo_-16.28860_-49.01640	host:177.10.238.20 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:199e722fa4e3:port:tcp:443	flow:199e722fa4e3 → port:tcp:443
FLOW_QUERIED_DNSOBS	e:fd:flow:342afbe20bfa:dns:172-234-197-23.ip.linodeusercontent.com	flow:342afbe20bfa → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0b0b2d167e93bb2e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0b0b2d167e93bb2e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f76d275e2b42c8d0:SESSION-f76d275e2b42c8d0	SESSION-f76d275e2b42c8d0 → pe:syn:SESSION-f76d275e2b42c8d0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e5eab3f22e87eb3f:SESSION-e5eab3f22e87eb3f	SESSION-e5eab3f22e87eb3f → pe:tls:SESSION-e5eab3f22e87eb3f
FLOW_DST_PORTOBS	e:fp:flow:ade63f4d8dc5:port:tcp:443	flow:ade63f4d8dc5 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.62:geo_-21.10010_-41.69200	host:45.173.156.62 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fae3464e58310370:PCAP:capture_20260430090001:065659c7d314	SESSION-fae3464e58310370 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47982c1c81b3c1d7:host:172.234.197.23	SESSION-47982c1c81b3c1d7 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:cb47bc720a0a	flow:cb47bc720a0a → host:35.95.128.58 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.98:geo_-16.28860_-49.01640	host:177.10.239.98 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:bfe10a3879ef:port:tcp:26865	flow:bfe10a3879ef → port:tcp:26865
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-94f070a5530c9e09:flow:3d555bea47e9	SESSION-94f070a5530c9e09 → flow:3d555bea47e9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-932a817ddabc353f:SESSION-932a817ddabc353f	SESSION-932a817ddabc353f → pe:tls:SESSION-932a817ddabc353f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9e1cb285535c63d0:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9e1cb285535c63d0 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a148e202465c0b29:host:172.234.197.23:host:131.196.30.22	SESSION-a148e202465c0b29 → host:172.234.197.23 → host:131.196.30.22
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-285399b7803aab9b:flow:015971f697e9	SESSION-285399b7803aab9b → flow:015971f697e9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d73d5fbffa5706a1:host:172.234.197.23	SESSION-d73d5fbffa5706a1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0665b9726687b63:host:172.234.197.23	SESSION-c0665b9726687b63 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2dca77003c0beb45:host:44.248.141.231:host:172.234.197.23	SESSION-2dca77003c0beb45 → host:44.248.141.231 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8b1edba75af29ea2:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8b1edba75af29ea2 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-195f8b2639df23c4:flow:b48a91345e9a	SESSION-195f8b2639df23c4 → flow:b48a91345e9a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ba642a19e1a643ce:SESSION-ba642a19e1a643ce	SESSION-ba642a19e1a643ce → pe:syn:SESSION-ba642a19e1a643ce
FLOW_FROM_HOSTOBS	e:from:SESSION-f10bf652ebbcd899:host:172.234.197.23	SESSION-f10bf652ebbcd899 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1f059fe4a40805f2:flow:3fed8b877378	SESSION-1f059fe4a40805f2 → flow:3fed8b877378
FLOW_DST_PORTOBS	e:fp:flow:32adc553baea:port:tcp:443	flow:32adc553baea → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.195:geo_-16.28860_-49.01640	host:177.10.235.195 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-1842fb1b2a9a6572:host:177.10.236.199	SESSION-1842fb1b2a9a6572 → host:177.10.236.199
FLOW_TO_HOSTOBS	e:to:SESSION-59aca44477f61d35:host:172.234.197.23	SESSION-59aca44477f61d35 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ea19b3bdbd95a16b:SESSION-ea19b3bdbd95a16b	SESSION-ea19b3bdbd95a16b → pe:syn:SESSION-ea19b3bdbd95a16b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7dea1c67796075ab:host:177.10.238.218	SESSION-7dea1c67796075ab → host:177.10.238.218
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ffc4775cc215b441:PCAP:capture_20260430160001:9bfa4498506a	SESSION-ffc4775cc215b441 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6752f583f7e09519:host:45.173.156.161:host:172.234.197.23	SESSION-6752f583f7e09519 → host:45.173.156.161 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:5e762bb85ae7	flow:5e762bb85ae7 → host:172.234.197.23 → host:131.196.28.100 → port:tcp:17043
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-90426299281da133:host:177.10.233.85:host:172.234.197.23	SESSION-90426299281da133 → host:177.10.233.85 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ce27e65991f6:port:tcp:443	flow:ce27e65991f6 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e3fba4062f618c50:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e3fba4062f618c50 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.228:asn:271410	host:131.196.30.228 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.245:asn:262880	host:177.10.237.245 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4883770547012399:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-4883770547012399 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f83bf77e11c8adb3:SESSION-f83bf77e11c8adb3	SESSION-f83bf77e11c8adb3 → pe:tls:SESSION-f83bf77e11c8adb3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2f14bb2a06741aa:host:172.234.197.23	SESSION-f2f14bb2a06741aa → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e477027ac4a6	flow:e477027ac4a6 → host:177.10.236.118 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8d5b41a2eb16ae40:flow:46b2fc5fae22	SESSION-8d5b41a2eb16ae40 → flow:46b2fc5fae22
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-760c61036eedf2e4:host:177.10.239.9:host:172.234.197.23	SESSION-760c61036eedf2e4 → host:177.10.239.9 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1c97f1fb2524:port:tcp:443	flow:1c97f1fb2524 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a9c12f6159b9a7a1:SESSION-a9c12f6159b9a7a1	SESSION-a9c12f6159b9a7a1 → pe:tls:SESSION-a9c12f6159b9a7a1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b61a304f889dfad6:SESSION-b61a304f889dfad6	SESSION-b61a304f889dfad6 → pe:syn:SESSION-b61a304f889dfad6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ec00857ef12f8e7e:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ec00857ef12f8e7e → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-aee37cb69186d910:host:172.234.197.23	SESSION-aee37cb69186d910 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5b3d50f7cdb9	flow:5b3d50f7cdb9 → host:177.10.237.160 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f1e9c5398b5e18f4:SESSION-f1e9c5398b5e18f4	SESSION-f1e9c5398b5e18f4 → pe:syn:SESSION-f1e9c5398b5e18f4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-472adb1eeb20f880:host:177.10.235.218:host:172.234.197.23	SESSION-472adb1eeb20f880 → host:177.10.235.218 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa9dc0f394726313:host:195.96.138.88	SESSION-fa9dc0f394726313 → host:195.96.138.88
FLOW_TO_HOSTOBS	e:to:SESSION-341cb53ffc41c3af:host:172.234.197.23	SESSION-341cb53ffc41c3af → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e49f7df60935172:SESSION-4e49f7df60935172	SESSION-4e49f7df60935172 → pe:syn:SESSION-4e49f7df60935172
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e73771addca62c13:SESSION-e73771addca62c13	SESSION-e73771addca62c13 → pe:syn:SESSION-e73771addca62c13
flow_observed5-aryOBS	e:fo:flow:de8975ee43cf	flow:de8975ee43cf → host:131.196.28.193 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03f351fbd88acdc4:host:172.234.197.23	SESSION-03f351fbd88acdc4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c3601b8f3a6cf17:host:172.234.197.23	SESSION-7c3601b8f3a6cf17 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.40:asn:262880	host:177.10.239.40 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c70bd35e108ab91c:host:177.10.237.76:host:172.234.197.23	SESSION-c70bd35e108ab91c → host:177.10.237.76 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e00ced36c846b73a:host:177.10.234.76	SESSION-e00ced36c846b73a → host:177.10.234.76
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6299cf50d0e2e558:host:172.234.197.23	SESSION-6299cf50d0e2e558 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e5e4b6893c364bde:host:177.10.234.56:host:172.234.197.23	SESSION-e5e4b6893c364bde → host:177.10.234.56 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:bba78eddc048	flow:bba78eddc048 → host:177.10.232.35 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3483d96fbaf632b7:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3483d96fbaf632b7 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:0394f2543852:port:tcp:12001	flow:0394f2543852 → port:tcp:12001
FLOW_DST_PORTOBS	e:fp:flow:4cb26e73e001:port:tcp:443	flow:4cb26e73e001 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6109906c198ad0ac:host:172.234.197.23	SESSION-6109906c198ad0ac → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.190:geo_-16.28860_-49.01640	host:177.10.235.190 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f4e3933219f15471:SESSION-f4e3933219f15471	SESSION-f4e3933219f15471 → pe:syn:SESSION-f4e3933219f15471
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8f5e9ebe80065c9c:SESSION-8f5e9ebe80065c9c	SESSION-8f5e9ebe80065c9c → pe:syn:SESSION-8f5e9ebe80065c9c
flow_observed5-aryOBS	e:fo:flow:bf0c197d9e2b	flow:bf0c197d9e2b → host:177.10.238.48 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81dd4006fe67ac3f:host:172.234.197.23	SESSION-81dd4006fe67ac3f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ef46e42b79ae57cb:host:172.234.197.23:host:177.10.239.219	SESSION-ef46e42b79ae57cb → host:172.234.197.23 → host:177.10.239.219
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-14d5e1e17a6f21ad:SESSION-14d5e1e17a6f21ad	SESSION-14d5e1e17a6f21ad → pe:tls:SESSION-14d5e1e17a6f21ad
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a03dc7893b60925b:SESSION-a03dc7893b60925b	SESSION-a03dc7893b60925b → pe:syn:SESSION-a03dc7893b60925b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-458faec2c6be4af1:SESSION-458faec2c6be4af1	SESSION-458faec2c6be4af1 → pe:syn:SESSION-458faec2c6be4af1
FLOW_TO_HOSTOBS	e:to:SESSION-2887c6ee2de14ac9:host:172.234.197.23	SESSION-2887c6ee2de14ac9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0269809e9208	flow:0269809e9208 → host:131.196.28.114 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf132b40533c7dcc:SESSION-bf132b40533c7dcc	SESSION-bf132b40533c7dcc → pe:syn:SESSION-bf132b40533c7dcc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e791e8d702f57f3e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e791e8d702f57f3e → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd8dbb599c016751:host:172.234.197.23	SESSION-cd8dbb599c016751 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55ef1be4460b895e:host:172.234.197.23	SESSION-55ef1be4460b895e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c59a88aa03340e00:host:172.234.197.23	SESSION-c59a88aa03340e00 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1241ed8a2f02aa7:host:177.10.233.90	SESSION-a1241ed8a2f02aa7 → host:177.10.233.90
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.32:geo_-16.28860_-49.01640	host:177.10.233.32 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1898da4930ba04f2:SESSION-1898da4930ba04f2	SESSION-1898da4930ba04f2 → pe:syn:SESSION-1898da4930ba04f2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5a277796632a248:SESSION-b5a277796632a248	SESSION-b5a277796632a248 → pe:syn:SESSION-b5a277796632a248
FLOW_FROM_HOSTOBS	e:from:SESSION-912ea161e3e6ffdc:host:131.196.29.158	SESSION-912ea161e3e6ffdc → host:131.196.29.158
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-20b9f3feffcc2290:host:131.196.31.194:host:172.234.197.23	SESSION-20b9f3feffcc2290 → host:131.196.31.194 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-388e36b23caa508f:host:172.234.197.23	SESSION-388e36b23caa508f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-99ffd8e203ea7715:host:172.234.197.23	SESSION-99ffd8e203ea7715 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2fef4a6efd16	flow:2fef4a6efd16 → host:91.240.224.238 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:49d51b781591	flow:49d51b781591 → host:177.10.234.171 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1b69502656f28818:host:92.118.39.236	SESSION-1b69502656f28818 → host:92.118.39.236
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9028600f4eef977b:host:177.10.235.116	SESSION-9028600f4eef977b → host:177.10.235.116
FLOW_DST_PORTOBS	e:fp:flow:2a53da8d97d6:port:tcp:443	flow:2a53da8d97d6 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8aa4413fe5db5235:host:177.10.232.63:host:172.234.197.23	SESSION-8aa4413fe5db5235 → host:177.10.232.63 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0125cea84e0c02fd:host:131.196.29.254	SESSION-0125cea84e0c02fd → host:131.196.29.254
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8293f5a95baa645a:host:45.173.156.34:host:172.234.197.23	SESSION-8293f5a95baa645a → host:45.173.156.34 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b8f2b3515afd502b:host:131.196.28.94:host:172.234.197.23	SESSION-b8f2b3515afd502b → host:131.196.28.94 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-276035998be5d0c6:flow:d59379eb709f	SESSION-276035998be5d0c6 → flow:d59379eb709f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f19cc3e0ef766dd7:host:172.234.197.23	SESSION-f19cc3e0ef766dd7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ad4be2ec0ec8e7ca:host:172.234.197.23	SESSION-ad4be2ec0ec8e7ca → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-206c176870c7b9f2:host:177.10.235.112	SESSION-206c176870c7b9f2 → host:177.10.235.112
flow_observed3-aryOBS	e:fo:flow:e9e202723533	flow:e9e202723533 → host:44.243.2.252 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-42ed5696c9e60897:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-42ed5696c9e60897 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b0fec424d0db7c3:host:172.234.197.23	SESSION-7b0fec424d0db7c3 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1462f3fe112e9d96:host:172.234.197.23	SESSION-1462f3fe112e9d96 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a83b6f19c39d579f:host:172.234.197.23:host:131.196.30.23	SESSION-a83b6f19c39d579f → host:172.234.197.23 → host:131.196.30.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1980da9de3362b69:host:177.10.239.74	SESSION-1980da9de3362b69 → host:177.10.239.74
FLOW_FROM_HOSTOBS	e:from:SESSION-98d24f4ecefc5585:host:64.237.250.51	SESSION-98d24f4ecefc5585 → host:64.237.250.51
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47f0fc6e11d78716:host:95.135.228.136	SESSION-47f0fc6e11d78716 → host:95.135.228.136
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ba4a623ca0c8731:host:172.234.197.23	SESSION-6ba4a623ca0c8731 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8dc28b29833676bc:flow:9ea1e6616e07	SESSION-8dc28b29833676bc → flow:9ea1e6616e07
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-105ac3e4c69fbe80:host:177.10.237.233	SESSION-105ac3e4c69fbe80 → host:177.10.237.233
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1684e8254d6d3165:flow:d98879de1566	SESSION-1684e8254d6d3165 → flow:d98879de1566
FLOW_FROM_HOSTOBS	e:from:SESSION-fd524e1c02193f64:host:2.57.122.192	SESSION-fd524e1c02193f64 → host:2.57.122.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-57039b95174af1c3:SESSION-57039b95174af1c3	SESSION-57039b95174af1c3 → pe:tls:SESSION-57039b95174af1c3
flow_observed5-aryOBS	e:fo:flow:9b9c3f9f208d	flow:9b9c3f9f208d → host:131.196.28.125 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-f1b581ea0c38fa14:host:45.173.156.68	SESSION-f1b581ea0c38fa14 → host:45.173.156.68
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.60:asn:271410	host:131.196.31.60 → asn:271410
flow_observed4-aryOBS	e:fo:flow:5bf9ff58b9e3	flow:5bf9ff58b9e3 → host:172.234.197.23 → host:177.10.239.199 → port:tcp:26923
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d0bef7920d84e31:host:131.196.31.13	SESSION-8d0bef7920d84e31 → host:131.196.31.13
FLOW_TO_HOSTOBS	e:to:SESSION-d4dc0a9d4d6e7897:host:172.234.197.23	SESSION-d4dc0a9d4d6e7897 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-84186d30322c849e:host:131.196.28.107:host:172.234.197.23	SESSION-84186d30322c849e → host:131.196.28.107 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b3948aeec4a52663:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b3948aeec4a52663 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-174e61a8ff8b9c0e:PCAP:capture_20260430150001:ded20914761d	SESSION-174e61a8ff8b9c0e → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b4f4901fb8368e3:host:177.10.238.205	SESSION-7b4f4901fb8368e3 → host:177.10.238.205
FLOW_TO_HOSTOBS	e:to:SESSION-77c4b389d95f1453:host:131.196.31.171	SESSION-77c4b389d95f1453 → host:131.196.31.171
FLOW_FROM_HOSTOBS	e:from:SESSION-474ea5236769f0a3:host:131.196.29.196	SESSION-474ea5236769f0a3 → host:131.196.29.196
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3759208ef2a99af0:PCAP:capture_20260430060001:919b39a74464	SESSION-3759208ef2a99af0 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-55187c9d4dc6d2e7:host:172.234.197.23	SESSION-55187c9d4dc6d2e7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-00efe759e05a1a39:PCAP:capture_20260430110001:43611bdf6759	SESSION-00efe759e05a1a39 → PCAP:capture_20260430110001:43611bdf6759
flow_observed4-aryOBS	e:fo:flow:f900942fa998	flow:f900942fa998 → host:172.234.197.23 → host:131.196.29.232 → port:tcp:65341
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.1:asn:271410	host:131.196.28.1 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-55ac8b9837cbe539:PCAP:capture_20260430150001:ded20914761d	SESSION-55ac8b9837cbe539 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ea7d08352653c32:host:131.196.29.215	SESSION-2ea7d08352653c32 → host:131.196.29.215
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.160:asn:271410	host:131.196.29.160 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c639517e7e5752d7:SESSION-c639517e7e5752d7	SESSION-c639517e7e5752d7 → pe:syn:SESSION-c639517e7e5752d7
flow_observed5-aryOBS	e:fo:flow:5ba485b7e96f	flow:5ba485b7e96f → host:131.196.28.72 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-df8de933ba817d8f:SESSION-df8de933ba817d8f	SESSION-df8de933ba817d8f → pe:rst:SESSION-df8de933ba817d8f
FLOW_FROM_HOSTOBS	e:from:SESSION-30ae225adc0bd1e0:host:177.10.234.2	SESSION-30ae225adc0bd1e0 → host:177.10.234.2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4baa6f7cc0122cad:host:172.234.197.23	SESSION-4baa6f7cc0122cad → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:44.250.172.176:asn:16509	host:44.250.172.176 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5fbe4987e86bc38:SESSION-b5fbe4987e86bc38	SESSION-b5fbe4987e86bc38 → pe:tls:SESSION-b5fbe4987e86bc38
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-93d8ace0d48e8910:PCAP:capture_20260430050001:8868731bf8a4	SESSION-93d8ace0d48e8910 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-eb8a27373acd6451:host:172.234.197.23	SESSION-eb8a27373acd6451 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d9c211d2931ae713:host:172.234.197.23	SESSION-d9c211d2931ae713 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.180:geo_-16.28860_-49.01640	host:177.10.234.180 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.15:asn:262880	host:177.10.236.15 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.250:geo_-16.28860_-49.01640	host:177.10.239.250 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:a305d6c00ad8	flow:a305d6c00ad8 → host:37.221.79.120 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4aa43b0ccd10448e:SESSION-4aa43b0ccd10448e	SESSION-4aa43b0ccd10448e → pe:syn:SESSION-4aa43b0ccd10448e
FLOW_TO_HOSTOBS	e:to:SESSION-1ff9e39cb371b24f:host:131.196.29.249	SESSION-1ff9e39cb371b24f → host:131.196.29.249
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e26c1de83807ce87:host:172.234.197.23	SESSION-e26c1de83807ce87 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eaf7cd3e5a2b7709:SESSION-eaf7cd3e5a2b7709	SESSION-eaf7cd3e5a2b7709 → pe:syn:SESSION-eaf7cd3e5a2b7709
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd4c16dfff279521:host:177.10.239.105	SESSION-dd4c16dfff279521 → host:177.10.239.105
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b23254615c6167a0:flow:27c337ce6ac9	SESSION-b23254615c6167a0 → flow:27c337ce6ac9
FLOW_QUERIED_DNSOBS	e:fd:flow:98f62f7def50:dns:172-234-197-23.ip.linodeusercontent.com	flow:98f62f7def50 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e87421895e57790a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e87421895e57790a → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c56dcfb05d3a50ba:host:172.234.197.23:host:177.10.238.146	SESSION-c56dcfb05d3a50ba → host:172.234.197.23 → host:177.10.238.146
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4424212d2efd30c8:SESSION-4424212d2efd30c8	SESSION-4424212d2efd30c8 → pe:tls:SESSION-4424212d2efd30c8
FLOW_DST_PORTOBS	e:fp:flow:8e9b6b8e0548:port:tcp:443	flow:8e9b6b8e0548 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.20:geo_41.02140_28.99480	host:185.231.226.20 → geo_41.02140_28.99480
flow_observed5-aryOBS	e:fo:flow:276b9ed754b6	flow:276b9ed754b6 → host:45.173.156.204 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a34bb428906fa48c:SESSION-a34bb428906fa48c	SESSION-a34bb428906fa48c → pe:syn:SESSION-a34bb428906fa48c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.153:geo_-16.28860_-49.01640	host:177.10.236.153 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:60298f4176e8	flow:60298f4176e8 → host:131.196.29.196 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.152:geo_-23.62930_-46.63510	host:131.196.30.152 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.231:geo_-23.62930_-46.63510	host:131.196.31.231 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-893e080e65f2ed4f:host:131.196.31.144	SESSION-893e080e65f2ed4f → host:131.196.31.144
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0948a596b6903965:PCAP:capture_20260430110001:43611bdf6759	SESSION-0948a596b6903965 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:e6053f3476b8	flow:e6053f3476b8 → host:177.10.237.124 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-903738316b123ea7:SESSION-903738316b123ea7	SESSION-903738316b123ea7 → pe:tls:SESSION-903738316b123ea7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-091ae841df8cdc2c:SESSION-091ae841df8cdc2c	SESSION-091ae841df8cdc2c → pe:rst:SESSION-091ae841df8cdc2c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-21ced843a950a21a:SESSION-21ced843a950a21a	SESSION-21ced843a950a21a → pe:tls:SESSION-21ced843a950a21a
flow_observed5-aryOBS	e:fo:flow:2b94ecd8e2fd	flow:2b94ecd8e2fd → host:131.196.28.43 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:44.248.141.231:geo_45.84010_-119.70500	host:44.248.141.231 → geo_45.84010_-119.70500
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c8bfb1726ad64d7:host:177.10.236.110	SESSION-3c8bfb1726ad64d7 → host:177.10.236.110
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f320997aa88d5819:host:172.234.197.23	SESSION-f320997aa88d5819 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f9bc9a3180c6fb10:SESSION-f9bc9a3180c6fb10	SESSION-f9bc9a3180c6fb10 → pe:tls:SESSION-f9bc9a3180c6fb10
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-66c6d225095e379c:SESSION-66c6d225095e379c	SESSION-66c6d225095e379c → pe:tls:SESSION-66c6d225095e379c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.28:geo_-16.28860_-49.01640	host:177.10.233.28 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.78:asn:262880	host:177.10.234.78 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f44e90059c2f2195:host:136.243.57.208	SESSION-f44e90059c2f2195 → host:136.243.57.208
flow_observed5-aryOBS	e:fo:flow:a2955e8909e8	flow:a2955e8909e8 → host:185.231.226.101 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7759d4a46d500e47:host:34.220.91.24:host:172.234.197.23	SESSION-7759d4a46d500e47 → host:34.220.91.24 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6457b3248e0b30fe:host:172.234.197.23	SESSION-6457b3248e0b30fe → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:08b11684af7a:port:tcp:65124	flow:08b11684af7a → port:tcp:65124
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.125:asn:273470	host:45.173.156.125 → asn:273470
FLOW_TO_HOSTOBS	e:to:SESSION-af24c7046d264e7e:host:45.173.156.43	SESSION-af24c7046d264e7e → host:45.173.156.43
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.191:geo_-16.28860_-49.01640	host:177.10.238.191 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a7cd300d305b207c:host:177.10.237.129:host:172.234.197.23	SESSION-a7cd300d305b207c → host:177.10.237.129 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca6098e1767361a3:host:172.234.197.23	SESSION-ca6098e1767361a3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:aafd37b28fd5:port:tcp:443	flow:aafd37b28fd5 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.60:geo_-16.28860_-49.01640	host:177.10.234.60 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:1f7e754d6e2c:port:tcp:443	flow:1f7e754d6e2c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-37a8b94aca0a72fd:SESSION-37a8b94aca0a72fd	SESSION-37a8b94aca0a72fd → pe:rst:SESSION-37a8b94aca0a72fd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8d6efdf3cd688f1:host:172.234.197.23	SESSION-f8d6efdf3cd688f1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-aec01d0deaddfc4b:host:172.234.197.23	SESSION-aec01d0deaddfc4b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-296f629f4229b1a2:flow:5c0a8784cda1	SESSION-296f629f4229b1a2 → flow:5c0a8784cda1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-36db005d6a8b5922:PCAP:capture_20260430060001:919b39a74464	SESSION-36db005d6a8b5922 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d2ea88f589d3294:host:172.234.197.23	SESSION-1d2ea88f589d3294 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0667f103db24cb40:host:177.10.233.135:host:172.234.197.23	SESSION-0667f103db24cb40 → host:177.10.233.135 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d6bdcd515a2308bd:host:177.10.236.26:host:172.234.197.23	SESSION-d6bdcd515a2308bd → host:177.10.236.26 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2db29654b7388c8c:SESSION-2db29654b7388c8c	SESSION-2db29654b7388c8c → pe:tls:SESSION-2db29654b7388c8c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-828db1ebc34fa50a:host:177.10.233.249	SESSION-828db1ebc34fa50a → host:177.10.233.249
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-17000fdd70ecbf97:host:131.196.31.98:host:172.234.197.23	SESSION-17000fdd70ecbf97 → host:131.196.31.98 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c15ada1b10271eef:SESSION-c15ada1b10271eef	SESSION-c15ada1b10271eef → pe:tls:SESSION-c15ada1b10271eef
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7440e76ff1d72d2f:flow:c45f5a560659	SESSION-7440e76ff1d72d2f → flow:c45f5a560659
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bd8363b8ee3ddfde:flow:f58dd69d84b4	SESSION-bd8363b8ee3ddfde → flow:f58dd69d84b4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.82:asn:262880	host:177.10.234.82 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c6580975a2d7416:host:177.10.238.35	SESSION-7c6580975a2d7416 → host:177.10.238.35
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.118:asn:262880	host:177.10.239.118 → asn:262880
flow_observed5-aryOBS	e:fo:flow:c66a26c8ade1	flow:c66a26c8ade1 → host:131.196.28.106 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-60c160c47311ca12:host:172.234.197.23	SESSION-60c160c47311ca12 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-364513c2995bfd3b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-364513c2995bfd3b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.91:asn:262880	host:177.10.238.91 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c3bfd44b04badb9b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c3bfd44b04badb9b → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:8c2c13a662a6	flow:8c2c13a662a6 → host:177.10.234.145 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-106d77d887836a65:host:172.234.197.23	SESSION-106d77d887836a65 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1b7e5e87f526ce8d:host:172.234.197.23	SESSION-1b7e5e87f526ce8d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.253:geo_-23.62930_-46.63510	host:131.196.29.253 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5c3d3f3d87b7f1a0:SESSION-5c3d3f3d87b7f1a0	SESSION-5c3d3f3d87b7f1a0 → pe:syn:SESSION-5c3d3f3d87b7f1a0
FLOW_FROM_HOSTOBS	e:from:SESSION-d47b6311855994f0:host:131.196.28.165	SESSION-d47b6311855994f0 → host:131.196.28.165
flow_observed5-aryOBS	e:fo:flow:bad9568a8243	flow:bad9568a8243 → host:45.173.156.248 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-710b55a9f3a0edd9:SESSION-710b55a9f3a0edd9	SESSION-710b55a9f3a0edd9 → pe:tls:SESSION-710b55a9f3a0edd9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-06c7d2e525939bdd:PCAP:capture_20260430050001:8868731bf8a4	SESSION-06c7d2e525939bdd → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3762cafcd0c66be2:host:172.234.197.23	SESSION-3762cafcd0c66be2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a6a106ff5da861ac:host:172.234.197.23:host:177.10.236.242	SESSION-a6a106ff5da861ac → host:172.234.197.23 → host:177.10.236.242
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7679fd0fd118c12e:flow:84cb2f5c2276	SESSION-7679fd0fd118c12e → flow:84cb2f5c2276
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-841299f020c7f00d:flow:a149d042783d	SESSION-841299f020c7f00d → flow:a149d042783d
FLOW_DST_PORTOBS	e:fp:flow:0429471effef:port:tcp:443	flow:0429471effef → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-10017e021bbc0f25:flow:3406130d707d	SESSION-10017e021bbc0f25 → flow:3406130d707d
flow_observed5-aryOBS	e:fo:flow:f88f22bb8c6d	flow:f88f22bb8c6d → host:177.10.232.229 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7e41a4ef6cc929c5:SESSION-7e41a4ef6cc929c5	SESSION-7e41a4ef6cc929c5 → pe:tls:SESSION-7e41a4ef6cc929c5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e2713dc0653d6ae5:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e2713dc0653d6ae5 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bbc35343aa20f600:flow:2aac95e416ec	SESSION-bbc35343aa20f600 → flow:2aac95e416ec
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0c0cdf691d2bdc12:SESSION-0c0cdf691d2bdc12	SESSION-0c0cdf691d2bdc12 → pe:syn:SESSION-0c0cdf691d2bdc12
FLOW_TLS_SNIOBS	e:fs:flow:7d842f33d9ec:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:7d842f33d9ec → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-60a71bd7fc87f54e:SESSION-60a71bd7fc87f54e	SESSION-60a71bd7fc87f54e → pe:tls:SESSION-60a71bd7fc87f54e
FLOW_TO_HOSTOBS	e:to:SESSION-f635007151c479b8:host:172.234.197.23	SESSION-f635007151c479b8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:42bb404c3b16:port:tcp:443	flow:42bb404c3b16 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-586aad203217304c:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-586aad203217304c → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:2bb494efc59c	flow:2bb494efc59c → host:177.10.234.187 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-5ef49ba6d990c029:host:177.10.239.136	SESSION-5ef49ba6d990c029 → host:177.10.239.136
FLOW_FROM_HOSTOBS	e:from:SESSION-671350c0b0fa8f65:host:177.10.234.228	SESSION-671350c0b0fa8f65 → host:177.10.234.228
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-88449fe846038c62:flow:509b2796b80a	SESSION-88449fe846038c62 → flow:509b2796b80a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75f19254cb816cbd:host:2.57.122.197	SESSION-75f19254cb816cbd → host:2.57.122.197
flow_observed5-aryOBS	e:fo:flow:ea6dafd9e19b	flow:ea6dafd9e19b → host:177.10.235.84 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-cb4d3e328cdf4bcd:host:131.196.31.105	SESSION-cb4d3e328cdf4bcd → host:131.196.31.105
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4aa43b0ccd10448e:flow:514ff26d4034	SESSION-4aa43b0ccd10448e → flow:514ff26d4034
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-202b4507c8c6a688:SESSION-202b4507c8c6a688	SESSION-202b4507c8c6a688 → pe:syn:SESSION-202b4507c8c6a688
flow_observed5-aryOBS	e:fo:flow:d10569cf24d3	flow:d10569cf24d3 → host:177.10.239.87 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:d7bc32b0bd73:port:tcp:443	flow:d7bc32b0bd73 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f19cc3e0ef766dd7:host:172.234.197.23:host:177.10.237.73	SESSION-f19cc3e0ef766dd7 → host:172.234.197.23 → host:177.10.237.73
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-417f532a2a507181:SESSION-417f532a2a507181	SESSION-417f532a2a507181 → pe:syn:SESSION-417f532a2a507181
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5f4a8961dba27f33:flow:6bf91f01045a	SESSION-5f4a8961dba27f33 → flow:6bf91f01045a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8a95576c112cc14:host:172.234.197.23	SESSION-b8a95576c112cc14 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e998b802e74a3139:SESSION-e998b802e74a3139	SESSION-e998b802e74a3139 → pe:tls:SESSION-e998b802e74a3139
FLOW_DST_PORTOBS	e:fp:flow:b5ead2da4aee:port:tcp:443	flow:b5ead2da4aee → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c5ed9f49ee99549f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c5ed9f49ee99549f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:43.196.122.133:geo_39.91100_116.39500	host:43.196.122.133 → geo_39.91100_116.39500
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-97957d43d677156c:flow:8e573b3684b6	SESSION-97957d43d677156c → flow:8e573b3684b6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eb243e65e2b1808d:flow:c0b92e0ed952	SESSION-eb243e65e2b1808d → flow:c0b92e0ed952
FLOW_QUERIED_DNSOBS	e:fd:flow:b1dff4ad0695:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:b1dff4ad0695 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e89ccbf4d277fb8:PCAP:capture_20260430050001:8868731bf8a4	SESSION-7e89ccbf4d277fb8 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-edaec15d65a63fe7:host:177.10.239.96:host:172.234.197.23	SESSION-edaec15d65a63fe7 → host:177.10.239.96 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ead5791c5617fb56:host:45.173.156.109:host:172.234.197.23	SESSION-ead5791c5617fb56 → host:45.173.156.109 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:05dd83abcaed:port:tcp:443	flow:05dd83abcaed → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d30c685e20a11d4e:host:177.10.239.26:host:172.234.197.23	SESSION-d30c685e20a11d4e → host:177.10.239.26 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a046afd146222299:PCAP:capture_20260430120001:56630107de80	SESSION-a046afd146222299 → PCAP:capture_20260430120001:56630107de80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8132ea082e988f13:SESSION-8132ea082e988f13	SESSION-8132ea082e988f13 → pe:tls:SESSION-8132ea082e988f13
FLOW_DST_PORTOBS	e:fp:flow:878d78b455c9:port:tcp:16612	flow:878d78b455c9 → port:tcp:16612
flow_observed5-aryOBS	e:fo:flow:6cb5cb4669a3	flow:6cb5cb4669a3 → host:131.196.30.39 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c92176ee8d876ba:host:45.173.156.80	SESSION-6c92176ee8d876ba → host:45.173.156.80
flow_observed5-aryOBS	e:fo:flow:67e1fa03f403	flow:67e1fa03f403 → host:131.196.30.223 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:c4a20638e830	flow:c4a20638e830 → host:131.196.30.234 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:85ecd73a7e83:port:tcp:443	flow:85ecd73a7e83 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:fa3e8260206c	flow:fa3e8260206c → host:177.10.232.65 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-4aeecdec5ead7952:host:172.234.197.23	SESSION-4aeecdec5ead7952 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.45:geo_41.02140_28.99480	host:185.231.226.45 → geo_41.02140_28.99480
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8be5aa373d930e54:flow:f3680fa657a2	SESSION-8be5aa373d930e54 → flow:f3680fa657a2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc57a46aa64b7388:PCAP:capture_20260430060001:919b39a74464	SESSION-cc57a46aa64b7388 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bb7c4827354230c4:flow:7a82c850348c	SESSION-bb7c4827354230c4 → flow:7a82c850348c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-200b6d1dbf438627:SESSION-200b6d1dbf438627	SESSION-200b6d1dbf438627 → pe:tls:SESSION-200b6d1dbf438627
FLOW_TO_HOSTOBS	e:to:SESSION-b4af85088cb1b366:host:172.234.197.23	SESSION-b4af85088cb1b366 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-124cb6be20cbe456:SESSION-124cb6be20cbe456	SESSION-124cb6be20cbe456 → pe:syn:SESSION-124cb6be20cbe456
FLOW_DST_PORTOBS	e:fp:flow:df1118cf58c3:port:tcp:443	flow:df1118cf58c3 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:3569a5a521df:port:tcp:443	flow:3569a5a521df → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:094d156117d7:port:tcp:443	flow:094d156117d7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5c60d99c484411b4:SESSION-5c60d99c484411b4	SESSION-5c60d99c484411b4 → pe:tls:SESSION-5c60d99c484411b4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fad6b9be10f7d404:flow:d415b9a57558	SESSION-fad6b9be10f7d404 → flow:d415b9a57558
flow_observed5-aryOBS	e:fo:flow:acbb8fcdb057	flow:acbb8fcdb057 → host:131.196.30.88 → host:172.234.197.23 → port:tcp:443 → svc:https
PORT_IMPLIED_SERVICEIMP 70%	e:ps:port:tcp:22:svc:ssh	port:tcp:22 → svc:ssh
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.201.215.37:geo_45.84010_-119.70500	host:54.201.215.37 → geo_45.84010_-119.70500
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-79ceb7ef9cce8d79:host:177.10.237.57:host:172.234.197.23	SESSION-79ceb7ef9cce8d79 → host:177.10.237.57 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0fa06d2bfceab141:host:172.234.197.23	SESSION-0fa06d2bfceab141 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1739bca4a014ab7e:host:80.94.92.182	SESSION-1739bca4a014ab7e → host:80.94.92.182
flow_observed4-aryOBS	e:fo:flow:482b91ee59c0	flow:482b91ee59c0 → host:172.234.197.23 → host:177.10.234.203 → port:tcp:29368
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c92725f4a9fb4a7:host:185.231.226.255	SESSION-6c92725f4a9fb4a7 → host:185.231.226.255
FLOW_DST_PORTOBS	e:fp:flow:7dddb16f6aa7:port:tcp:27665	flow:7dddb16f6aa7 → port:tcp:27665
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f3e5ef5a453dff40:SESSION-f3e5ef5a453dff40	SESSION-f3e5ef5a453dff40 → pe:tls:SESSION-f3e5ef5a453dff40
flow_observed5-aryOBS	e:fo:flow:6b1835ff26c3	flow:6b1835ff26c3 → host:177.10.237.252 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-662271688fa2b491:host:131.196.28.234:host:172.234.197.23	SESSION-662271688fa2b491 → host:131.196.28.234 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-623bd72e2e38d66b:host:172.234.197.23	SESSION-623bd72e2e38d66b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:549ca914ae37:port:tcp:443	flow:549ca914ae37 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-65a2e80880ae05c5:host:177.10.239.113	SESSION-65a2e80880ae05c5 → host:177.10.239.113
FLOW_TO_HOSTOBS	e:to:SESSION-414bf7406e62b7e2:host:172.234.197.23	SESSION-414bf7406e62b7e2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4b0821df7b169e6a:host:131.196.28.196:host:172.234.197.23	SESSION-4b0821df7b169e6a → host:131.196.28.196 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57be4ad64c21b6c4:host:172.234.197.23	SESSION-57be4ad64c21b6c4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d4673fb47ee0c5a9:SESSION-d4673fb47ee0c5a9	SESSION-d4673fb47ee0c5a9 → pe:syn:SESSION-d4673fb47ee0c5a9
FLOW_TO_HOSTOBS	e:to:SESSION-88c19910e1cb1242:host:45.173.156.13	SESSION-88c19910e1cb1242 → host:45.173.156.13
flow_observed3-aryOBS	e:fo:flow:304b76c2960d	flow:304b76c2960d → host:52.12.196.158 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec928f375ba591f1:host:172.234.197.23	SESSION-ec928f375ba591f1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.94:geo_-23.62930_-46.63510	host:131.196.29.94 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-81c3f53ebeacb521:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-81c3f53ebeacb521 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-57092e6ea3a8c881:SESSION-57092e6ea3a8c881	SESSION-57092e6ea3a8c881 → pe:syn:SESSION-57092e6ea3a8c881
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1848195311cbff19:flow:d284821cdfb8	SESSION-1848195311cbff19 → flow:d284821cdfb8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-718be43f3a8e9f39:host:131.196.29.232	SESSION-718be43f3a8e9f39 → host:131.196.29.232
FLOW_TO_HOSTOBS	e:to:SESSION-77b68b84e12bfaab:host:172.234.197.23	SESSION-77b68b84e12bfaab → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:29fb0c6ad658:port:tcp:34138	flow:29fb0c6ad658 → port:tcp:34138
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a5f9d16efb179df1:host:172.234.197.23:host:131.196.29.203	SESSION-a5f9d16efb179df1 → host:172.234.197.23 → host:131.196.29.203
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-378ead2076355bca:host:172.234.197.23	SESSION-378ead2076355bca → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5a631db0468c49ef:PCAP:capture_20260430150001:ded20914761d	SESSION-5a631db0468c49ef → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.59:asn:271410	host:131.196.29.59 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-4898aa8f3840ecd5:host:177.10.238.98	SESSION-4898aa8f3840ecd5 → host:177.10.238.98
FLOW_FROM_HOSTOBS	e:from:SESSION-b5bd73118ac3f9f7:host:131.196.29.67	SESSION-b5bd73118ac3f9f7 → host:131.196.29.67
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c58c12f678d65836:flow:2a05fafdd2a9	SESSION-c58c12f678d65836 → flow:2a05fafdd2a9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c774247ce2f7d3db:host:172.234.197.23	SESSION-c774247ce2f7d3db → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db3c6ad3393f14ad:flow:84814d01cbbd	SESSION-db3c6ad3393f14ad → flow:84814d01cbbd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b8fd41df39b968c:host:172.234.197.23	SESSION-0b8fd41df39b968c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4939a9166796718f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-4939a9166796718f → PCAP:capture_20260430080001:93f47cc296a4
flow_observed4-aryOBS	e:fo:flow:2eef0c640804	flow:2eef0c640804 → host:172.234.197.23 → host:177.10.235.214 → port:tcp:31733
FLOW_TO_HOSTOBS	e:to:SESSION-7fc1282909254587:host:172.234.197.23	SESSION-7fc1282909254587 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6944fe230f08618b:SESSION-6944fe230f08618b	SESSION-6944fe230f08618b → pe:syn:SESSION-6944fe230f08618b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b0fc61bce823543f:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-b0fc61bce823543f → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0835843463ad3c8:host:131.196.29.225	SESSION-d0835843463ad3c8 → host:131.196.29.225
FLOW_DST_PORTOBS	e:fp:flow:9345b6af3372:port:tcp:443	flow:9345b6af3372 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b42fc656319c5bfc:host:172.234.197.23	SESSION-b42fc656319c5bfc → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:cbf3d3b9734e	flow:cbf3d3b9734e → host:172.234.197.23 → host:177.10.232.249 → port:tcp:43994
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e4e6682786f65470:flow:a7998d580970	SESSION-e4e6682786f65470 → flow:a7998d580970
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f307fcf20a41b5a0:host:177.10.239.106	SESSION-f307fcf20a41b5a0 → host:177.10.239.106
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ba98677b43b4662:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-8ba98677b43b4662 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-1311876ef555b88e:BSG-BEACON-e07f4250263f	SESSION-1311876ef555b88e → BSG-BEACON-e07f4250263f
FLOW_DST_PORTOBS	e:fp:flow:e6d0c733a638:port:tcp:443	flow:e6d0c733a638 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-afeab5601fa36440:SESSION-afeab5601fa36440	SESSION-afeab5601fa36440 → pe:syn:SESSION-afeab5601fa36440
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0427ab07f20fae31:PCAP:capture_20260430150001:ded20914761d	SESSION-0427ab07f20fae31 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-c4325a6893dda791:host:131.196.29.254	SESSION-c4325a6893dda791 → host:131.196.29.254
FLOW_FROM_HOSTOBS	e:from:SESSION-eeeeaab9fc572806:host:185.231.226.199	SESSION-eeeeaab9fc572806 → host:185.231.226.199
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fef93e1a24936adf:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-fef93e1a24936adf → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7858b3452cd9a479:SESSION-7858b3452cd9a479	SESSION-7858b3452cd9a479 → pe:tls:SESSION-7858b3452cd9a479
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-140ad048b49f1a57:flow:1fd9c482bee8	SESSION-140ad048b49f1a57 → flow:1fd9c482bee8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0c01d0fd13ba220b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-0c01d0fd13ba220b → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d73d5fbffa5706a1:host:172.234.197.23:host:131.196.28.172	SESSION-d73d5fbffa5706a1 → host:172.234.197.23 → host:131.196.28.172
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-693fee7d62fe51b9:flow:101cbd7b1949	SESSION-693fee7d62fe51b9 → flow:101cbd7b1949
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.224:geo_41.02140_28.99480	host:37.221.79.224 → geo_41.02140_28.99480
FLOW_TO_HOSTOBS	e:to:SESSION-df6efecba493c79c:host:172.234.197.23	SESSION-df6efecba493c79c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9d0c24f0912a7520:host:131.196.29.22	SESSION-9d0c24f0912a7520 → host:131.196.29.22
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d2af0189f90c79b2:host:172.234.197.23:host:131.196.31.77	SESSION-d2af0189f90c79b2 → host:172.234.197.23 → host:131.196.31.77
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-08ee685c4e8cc842:flow:cedcf4e5a862	SESSION-08ee685c4e8cc842 → flow:cedcf4e5a862
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d52381659b8aa3f:host:172.234.197.23	SESSION-8d52381659b8aa3f → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:3ef5d98ffb33	flow:3ef5d98ffb33 → host:172.234.197.23 → host:177.10.236.159 → port:tcp:26723
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6a304c3ca72ee3e7:SESSION-6a304c3ca72ee3e7	SESSION-6a304c3ca72ee3e7 → pe:syn:SESSION-6a304c3ca72ee3e7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.44:geo_-23.62930_-46.63510	host:131.196.28.44 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8c973292e4e10a2:host:45.173.156.5	SESSION-f8c973292e4e10a2 → host:45.173.156.5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6328c86c978f61df:host:177.10.232.27	SESSION-6328c86c978f61df → host:177.10.232.27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-85d2db504e73f17a:SESSION-85d2db504e73f17a	SESSION-85d2db504e73f17a → pe:tls:SESSION-85d2db504e73f17a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8c18109925f9685a:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8c18109925f9685a → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.225:geo_-16.28860_-49.01640	host:177.10.235.225 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.251:geo_-16.28860_-49.01640	host:177.10.238.251 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:81be4e730893:port:tcp:443	flow:81be4e730893 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-e09f613cd450ebc9:host:172.234.197.23	SESSION-e09f613cd450ebc9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ad1374907e690a1:host:172.234.197.23	SESSION-3ad1374907e690a1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6b4419d123b2f0e3:host:177.10.232.253:host:172.234.197.23	SESSION-6b4419d123b2f0e3 → host:177.10.232.253 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c7e6be5ba8db3cda:host:131.196.30.228:host:172.234.197.23	SESSION-c7e6be5ba8db3cda → host:131.196.30.228 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a3bc2c7dd7e8bd1:PCAP:capture_20260430080001:93f47cc296a4	SESSION-8a3bc2c7dd7e8bd1 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47982c1c81b3c1d7:host:44.244.28.93:host:172.234.197.23	SESSION-47982c1c81b3c1d7 → host:44.244.28.93 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-942872364f4f0f53:host:177.10.235.49	SESSION-942872364f4f0f53 → host:177.10.235.49
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-868abcdaf084ea7c:BSG-BEACON-e07f4250263f	SESSION-868abcdaf084ea7c → BSG-BEACON-e07f4250263f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-de1fc6391256943a:PCAP:capture_20260430160001:9bfa4498506a	SESSION-de1fc6391256943a → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e49a14deb2e22da:SESSION-4e49a14deb2e22da	SESSION-4e49a14deb2e22da → pe:syn:SESSION-4e49a14deb2e22da
FLOW_TO_HOSTOBS	e:to:SESSION-a18dc2bb6be0117f:host:172.234.197.23	SESSION-a18dc2bb6be0117f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fdb0bb1f6466838c:SESSION-fdb0bb1f6466838c	SESSION-fdb0bb1f6466838c → pe:syn:SESSION-fdb0bb1f6466838c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-739affc996a6fe99:host:177.10.239.253	SESSION-739affc996a6fe99 → host:177.10.239.253
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0caa41ae62241956:PCAP:capture_20260430090001:065659c7d314	SESSION-0caa41ae62241956 → PCAP:capture_20260430090001:065659c7d314
flow_observed4-aryOBS	e:fo:flow:a6993633811b	flow:a6993633811b → host:172.234.197.23 → host:131.196.30.244 → port:tcp:54231
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-46f163e73b58987c:PCAP:capture_20260430070001:903a0e7a436b	SESSION-46f163e73b58987c → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-528b3497658f46ec:SESSION-528b3497658f46ec	SESSION-528b3497658f46ec → pe:syn:SESSION-528b3497658f46ec
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-03cee9bc49b35179:SESSION-03cee9bc49b35179	SESSION-03cee9bc49b35179 → pe:tls:SESSION-03cee9bc49b35179
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a16442ff0a72733c:SESSION-a16442ff0a72733c	SESSION-a16442ff0a72733c → pe:tls:SESSION-a16442ff0a72733c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47e6906e0a27d254:host:177.10.237.179:host:172.234.197.23	SESSION-47e6906e0a27d254 → host:177.10.237.179 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ce53b2931ed237cb:host:172.234.197.23:host:131.196.28.88	SESSION-ce53b2931ed237cb → host:172.234.197.23 → host:131.196.28.88
FLOW_DST_PORTOBS	e:fp:flow:696886d3d3f0:port:tcp:39744	flow:696886d3d3f0 → port:tcp:39744
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.226:asn:203771	host:185.231.226.226 → asn:203771
flow_observed5-aryOBS	e:fo:flow:a37ef82274d7	flow:a37ef82274d7 → host:95.170.25.152 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e921959b541072de:host:172.234.197.23	SESSION-e921959b541072de → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:c8895d5095fd	flow:c8895d5095fd → host:172.234.197.23 → host:177.10.234.98 → port:tcp:17747
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-55aa5069b830c261:SESSION-55aa5069b830c261	SESSION-55aa5069b830c261 → pe:syn:SESSION-55aa5069b830c261
FLOW_FROM_HOSTOBS	e:from:SESSION-caf71fb423b46c4a:host:177.10.233.183	SESSION-caf71fb423b46c4a → host:177.10.233.183
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8fcd4a12026b870e:SESSION-8fcd4a12026b870e	SESSION-8fcd4a12026b870e → pe:tls:SESSION-8fcd4a12026b870e
FLOW_FROM_HOSTOBS	e:from:SESSION-efb63adb0418d7f8:host:177.10.233.145	SESSION-efb63adb0418d7f8 → host:177.10.233.145
FLOW_DST_PORTOBS	e:fp:flow:fa3e8260206c:port:tcp:443	flow:fa3e8260206c → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:1d331255738c	flow:1d331255738c → host:172.234.197.23 → host:177.10.232.222 → port:tcp:6949
flow_observed5-aryOBS	e:fo:flow:c31400c1dc74	flow:c31400c1dc74 → host:177.10.239.207 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0667f103db24cb40:host:172.234.197.23	SESSION-0667f103db24cb40 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f307fcf20a41b5a0:SESSION-f307fcf20a41b5a0	SESSION-f307fcf20a41b5a0 → pe:syn:SESSION-f307fcf20a41b5a0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94e95046da2771ab:host:131.196.31.45	SESSION-94e95046da2771ab → host:131.196.31.45
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-02cfffe2a1cdb1f3:SESSION-02cfffe2a1cdb1f3	SESSION-02cfffe2a1cdb1f3 → pe:tls:SESSION-02cfffe2a1cdb1f3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.59:geo_-16.28860_-49.01640	host:177.10.235.59 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-44a6b99289a2f8de:PCAP:capture_20260430110001:43611bdf6759	SESSION-44a6b99289a2f8de → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-605cf9d10467f8d3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-605cf9d10467f8d3 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db3c6ad3393f14ad:SESSION-db3c6ad3393f14ad	SESSION-db3c6ad3393f14ad → pe:tls:SESSION-db3c6ad3393f14ad
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7fc1282909254587:host:103.230.240.59:host:172.234.197.23	SESSION-7fc1282909254587 → host:103.230.240.59 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a2869823e4d7:port:tcp:443	flow:a2869823e4d7 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:4e4dc3612eef	flow:4e4dc3612eef → host:177.10.236.237 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c5ac08008a4ed5c1:flow:91e9ca77788c	SESSION-c5ac08008a4ed5c1 → flow:91e9ca77788c
FLOW_FROM_HOSTOBS	e:from:SESSION-89fe4f171fdbfa97:host:92.112.71.158	SESSION-89fe4f171fdbfa97 → host:92.112.71.158
FLOW_DST_PORTOBS	e:fp:flow:6fd31bcc48c3:port:tcp:19833	flow:6fd31bcc48c3 → port:tcp:19833
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7752628607af1d9e:host:177.10.238.215	SESSION-7752628607af1d9e → host:177.10.238.215
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d30bf1800064cde2:host:172.234.197.23	SESSION-d30bf1800064cde2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e47ff6197158625f:host:172.234.197.23	SESSION-e47ff6197158625f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-67c350ca0312f6cb:flow:86a13bb5a965	SESSION-67c350ca0312f6cb → flow:86a13bb5a965
FLOW_FROM_HOSTOBS	e:from:SESSION-5e08e3213e2e0e28:host:177.10.234.219	SESSION-5e08e3213e2e0e28 → host:177.10.234.219
flow_observed4-aryOBS	e:fo:flow:69177a9aac9e	flow:69177a9aac9e → host:172.234.197.23 → host:177.10.237.64 → port:tcp:61119
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.196:geo_-16.28860_-49.01640	host:177.10.235.196 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-424264fd6333414c:host:172.234.197.23	SESSION-424264fd6333414c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.213:asn:262880	host:177.10.237.213 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-b5d780f89354efd9:host:131.196.31.158	SESSION-b5d780f89354efd9 → host:131.196.31.158
FLOW_FROM_HOSTOBS	e:from:SESSION-03cfd9b1d0f62704:host:177.10.236.255	SESSION-03cfd9b1d0f62704 → host:177.10.236.255
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3f4f2e64710996bb:host:177.10.233.134:host:172.234.197.23	SESSION-3f4f2e64710996bb → host:177.10.233.134 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:089584818b89:port:tcp:443	flow:089584818b89 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.132:geo_-16.28860_-49.01640	host:177.10.237.132 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ce53b2931ed237cb:SESSION-ce53b2931ed237cb	SESSION-ce53b2931ed237cb → pe:tls:SESSION-ce53b2931ed237cb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-67fb5a3b6b27b953:host:131.196.31.183:host:172.234.197.23	SESSION-67fb5a3b6b27b953 → host:131.196.31.183 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-682271ad5b560620:host:131.196.28.176	SESSION-682271ad5b560620 → host:131.196.28.176
FLOW_FROM_HOSTOBS	e:from:SESSION-841299f020c7f00d:host:177.10.238.15	SESSION-841299f020c7f00d → host:177.10.238.15
flow_observed5-aryOBS	e:fo:flow:2ad668520c4d	flow:2ad668520c4d → host:177.10.235.87 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a979a64e0f94d26:host:172.234.197.23	SESSION-8a979a64e0f94d26 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4faf0bdb2ec15f7a:host:172.234.197.23	SESSION-4faf0bdb2ec15f7a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-75bc03759038657d:flow:16d8e26d4cd3	SESSION-75bc03759038657d → flow:16d8e26d4cd3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a3e524c73cd89280:SESSION-a3e524c73cd89280	SESSION-a3e524c73cd89280 → pe:syn:SESSION-a3e524c73cd89280
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-500f03715884566d:PCAP:capture_20260430070001:903a0e7a436b	SESSION-500f03715884566d → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:0a7adc7b38b0:port:tcp:32911	flow:0a7adc7b38b0 → port:tcp:32911
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.17:asn:262880	host:177.10.237.17 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-b3254874520e1dae:host:131.196.31.203	SESSION-b3254874520e1dae → host:131.196.31.203
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7caa5c0db9dc8d4:host:172.234.197.23	SESSION-b7caa5c0db9dc8d4 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:63ccea984296	flow:63ccea984296 → host:92.112.71.111 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-329dd162e3e18437:SESSION-329dd162e3e18437	SESSION-329dd162e3e18437 → pe:tls:SESSION-329dd162e3e18437
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2338a143c0830527:SESSION-2338a143c0830527	SESSION-2338a143c0830527 → pe:tls:SESSION-2338a143c0830527
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3bb178420802ca16:SESSION-3bb178420802ca16	SESSION-3bb178420802ca16 → pe:syn:SESSION-3bb178420802ca16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a87d3ab31183768a:host:172.234.197.23	SESSION-a87d3ab31183768a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-88449fe846038c62:SESSION-88449fe846038c62	SESSION-88449fe846038c62 → pe:tls:SESSION-88449fe846038c62
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.71:geo_-21.10010_-41.69200	host:45.173.156.71 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-add028e8e7760fa2:host:177.10.234.111:host:172.234.197.23	SESSION-add028e8e7760fa2 → host:177.10.234.111 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1b4aebfef6c24ca0:host:172.234.197.23	SESSION-1b4aebfef6c24ca0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:75b6c1453f5f:port:tcp:443	flow:75b6c1453f5f → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-024c55a268626b80:flow:40c7e92d4532	SESSION-024c55a268626b80 → flow:40c7e92d4532
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-39845edf8e8f640a:PCAP:capture_20260430150001:ded20914761d	SESSION-39845edf8e8f640a → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:4ca05642840a:port:tcp:7441	flow:4ca05642840a → port:tcp:7441
flow_observed4-aryOBS	e:fo:flow:eec6bea5ad7b	flow:eec6bea5ad7b → host:172.234.197.23 → host:177.10.239.84 → port:tcp:23502
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.23:geo_-23.62930_-46.63510	host:131.196.30.23 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.35:asn:273470	host:45.173.156.35 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ca00666a1b5cdae:SESSION-1ca00666a1b5cdae	SESSION-1ca00666a1b5cdae → pe:tls:SESSION-1ca00666a1b5cdae
FLOW_FROM_HOSTOBS	e:from:SESSION-862fcc949d847857:host:177.10.237.158	SESSION-862fcc949d847857 → host:177.10.237.158
FLOW_TO_HOSTOBS	e:to:SESSION-3bc35cbabc9b015e:host:172.234.197.23	SESSION-3bc35cbabc9b015e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e7f9687dfabd8cdb:SESSION-e7f9687dfabd8cdb	SESSION-e7f9687dfabd8cdb → pe:tls:SESSION-e7f9687dfabd8cdb
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.166:asn:262880	host:177.10.233.166 → asn:262880
flow_observed5-aryOBS	e:fo:flow:9a8bda96a1d7	flow:9a8bda96a1d7 → host:131.196.30.252 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ff90c657a3c2e88:host:172.234.197.23	SESSION-5ff90c657a3c2e88 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a16085aea35a1403:flow:a9f0ade491b8	SESSION-a16085aea35a1403 → flow:a9f0ade491b8
flow_observed5-aryOBS	e:fo:flow:3cd15a54c43e	flow:3cd15a54c43e → host:131.196.31.228 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.52:geo_-16.28860_-49.01640	host:177.10.234.52 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5a5092ccda361ecd:SESSION-5a5092ccda361ecd	SESSION-5a5092ccda361ecd → pe:tls:SESSION-5a5092ccda361ecd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bee67245b0f1ffd:host:78.12.83.235	SESSION-4bee67245b0f1ffd → host:78.12.83.235
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-13bd66b79cddeec8:PCAP:capture_20260430070001:903a0e7a436b	SESSION-13bd66b79cddeec8 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c639517e7e5752d7:host:95.135.228.17:host:172.234.197.23	SESSION-c639517e7e5752d7 → host:95.135.228.17 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a631db0468c49ef:host:172.234.197.23	SESSION-5a631db0468c49ef → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:64d50f2445dd	flow:64d50f2445dd → host:172.234.197.23 → host:131.196.31.174 → port:tcp:50600
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2e8105cbb514d7cf:SESSION-2e8105cbb514d7cf	SESSION-2e8105cbb514d7cf → pe:tls:SESSION-2e8105cbb514d7cf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f3cf60c38091a57a:SESSION-f3cf60c38091a57a	SESSION-f3cf60c38091a57a → pe:tls:SESSION-f3cf60c38091a57a
FLOW_TO_HOSTOBS	e:to:SESSION-fe8896cc58e0f0aa:host:131.196.29.166	SESSION-fe8896cc58e0f0aa → host:131.196.29.166
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb20cb96e066d018:host:172.234.197.23	SESSION-fb20cb96e066d018 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b2aed99cc8c09f5c:host:177.10.234.145	SESSION-b2aed99cc8c09f5c → host:177.10.234.145
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3c1e38c6e6df43f1:host:172.234.197.23:host:177.10.232.251	SESSION-3c1e38c6e6df43f1 → host:172.234.197.23 → host:177.10.232.251
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d0cb11649434d08c:host:177.10.232.196:host:172.234.197.23	SESSION-d0cb11649434d08c → host:177.10.232.196 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e99befaea58c8acf:SESSION-e99befaea58c8acf	SESSION-e99befaea58c8acf → pe:syn:SESSION-e99befaea58c8acf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-37451ceb7f45e2a3:SESSION-37451ceb7f45e2a3	SESSION-37451ceb7f45e2a3 → pe:tls:SESSION-37451ceb7f45e2a3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7f799bd198c08bce:host:177.10.232.24:host:172.234.197.23	SESSION-7f799bd198c08bce → host:177.10.232.24 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5257ce7e592379ae:host:3.103.16.171:host:172.234.197.23	SESSION-5257ce7e592379ae → host:3.103.16.171 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a5ceca64359b9f0d:host:172.234.197.23:host:177.10.238.211	SESSION-a5ceca64359b9f0d → host:172.234.197.23 → host:177.10.238.211
FLOW_TO_HOSTOBS	e:to:SESSION-de115ad7179345b0:host:172.234.197.23	SESSION-de115ad7179345b0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:13e7e383a869:port:tcp:30471	flow:13e7e383a869 → port:tcp:30471
FLOW_DST_PORTOBS	e:fp:flow:eec6bea5ad7b:port:tcp:23502	flow:eec6bea5ad7b → port:tcp:23502
FLOW_DST_PORTOBS	e:fp:flow:27e848fcece9:port:tcp:443	flow:27e848fcece9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d31cb6e546f767b7:host:131.196.31.75	SESSION-d31cb6e546f767b7 → host:131.196.31.75
FLOW_TO_HOSTOBS	e:to:SESSION-6756f0bedb2cdb12:host:172.234.197.23	SESSION-6756f0bedb2cdb12 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c31bc4788e97db71:host:177.10.237.82	SESSION-c31bc4788e97db71 → host:177.10.237.82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-025a43ae01804438:SESSION-025a43ae01804438	SESSION-025a43ae01804438 → pe:tls:SESSION-025a43ae01804438
FLOW_FROM_HOSTOBS	e:from:SESSION-9886228ef28af254:host:172.234.197.23	SESSION-9886228ef28af254 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.79:geo_-16.28860_-49.01640	host:177.10.238.79 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02836b6eb824cc45:host:131.196.30.98	SESSION-02836b6eb824cc45 → host:131.196.30.98
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fa9d2876c7b3abea:host:177.10.235.64:host:172.234.197.23	SESSION-fa9d2876c7b3abea → host:177.10.235.64 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2d551807307fa9b9:host:131.196.29.50	SESSION-2d551807307fa9b9 → host:131.196.29.50
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-042b5a6edf64c734:host:177.10.233.137	SESSION-042b5a6edf64c734 → host:177.10.233.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5739ac8f3bafac6c:SESSION-5739ac8f3bafac6c	SESSION-5739ac8f3bafac6c → pe:tls:SESSION-5739ac8f3bafac6c
flow_observed5-aryOBS	e:fo:flow:e658d099a963	flow:e658d099a963 → host:45.173.156.31 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.68:geo_-16.28860_-49.01640	host:177.10.234.68 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:9566befee33d:port:tcp:35431	flow:9566befee33d → port:tcp:35431
FLOW_TO_HOSTOBS	e:to:SESSION-e26c1de83807ce87:host:172.234.197.23	SESSION-e26c1de83807ce87 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c2b8c61368a6	flow:c2b8c61368a6 → host:177.10.232.109 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-76cae08532c4b8eb:SESSION-76cae08532c4b8eb	SESSION-76cae08532c4b8eb → pe:tls:SESSION-76cae08532c4b8eb
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.179:geo_-21.10010_-41.69200	host:45.173.156.179 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e7caeaef261aefc4:flow:1d8ac3ce6292	SESSION-e7caeaef261aefc4 → flow:1d8ac3ce6292
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-99d609228b1b32ef:flow:995deb079eac	SESSION-99d609228b1b32ef → flow:995deb079eac
FLOW_DST_PORTOBS	e:fp:flow:b59aa54799af:port:tcp:443	flow:b59aa54799af → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6f99e1376da42693:PCAP:capture_20260430150001:ded20914761d	SESSION-6f99e1376da42693 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4619747059efac6f:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-4619747059efac6f → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:9b9c3f9f208d:port:tcp:443	flow:9b9c3f9f208d → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.248:asn:262880	host:177.10.233.248 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-652478bc70a2d711:SESSION-652478bc70a2d711	SESSION-652478bc70a2d711 → pe:tls:SESSION-652478bc70a2d711
FLOW_FROM_HOSTOBS	e:from:SESSION-42ed5696c9e60897:host:131.196.30.132	SESSION-42ed5696c9e60897 → host:131.196.30.132
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e225557ebe736948:SESSION-e225557ebe736948	SESSION-e225557ebe736948 → pe:syn:SESSION-e225557ebe736948
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f19cc3e0ef766dd7:SESSION-f19cc3e0ef766dd7	SESSION-f19cc3e0ef766dd7 → pe:tls:SESSION-f19cc3e0ef766dd7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6aacd35f912a2971:SESSION-6aacd35f912a2971	SESSION-6aacd35f912a2971 → pe:tls:SESSION-6aacd35f912a2971
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47fbdf6c3cd24fcc:flow:ca4954cc6e7b	SESSION-47fbdf6c3cd24fcc → flow:ca4954cc6e7b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e1a13f968b47fc9d:flow:50892e912e82	SESSION-e1a13f968b47fc9d → flow:50892e912e82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ec65811ecc506ca:host:177.10.235.230	SESSION-2ec65811ecc506ca → host:177.10.235.230
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-df1a511d64dc2d8e:host:172.234.197.23:host:177.10.232.34	SESSION-df1a511d64dc2d8e → host:172.234.197.23 → host:177.10.232.34
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1fa8a238d1165695:SESSION-1fa8a238d1165695	SESSION-1fa8a238d1165695 → pe:tls:SESSION-1fa8a238d1165695
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-42d85a7a0d0a6c22:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-42d85a7a0d0a6c22 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:6e3832b2b70d	flow:6e3832b2b70d → host:131.196.30.58 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-424264fd6333414c:host:131.196.29.186	SESSION-424264fd6333414c → host:131.196.29.186
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.247:geo_-16.28860_-49.01640	host:177.10.238.247 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1f78283937123fd5:SESSION-1f78283937123fd5	SESSION-1f78283937123fd5 → pe:tls:SESSION-1f78283937123fd5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.3:geo_-16.28860_-49.01640	host:177.10.236.3 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a9343604177341c5:flow:1c82b7b012f1	SESSION-a9343604177341c5 → flow:1c82b7b012f1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b4f32c5c51558e8:host:177.10.237.24	SESSION-6b4f32c5c51558e8 → host:177.10.237.24
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5c7f3c61dd4869fc:flow:59c0c7a37f54	SESSION-5c7f3c61dd4869fc → flow:59c0c7a37f54
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ccbf098e115515a:host:172.234.197.23	SESSION-0ccbf098e115515a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d1c9303996834523:host:172.234.197.23	SESSION-d1c9303996834523 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0393cf21271be7e9:host:177.10.232.158	SESSION-0393cf21271be7e9 → host:177.10.232.158
FLOW_FROM_HOSTOBS	e:from:SESSION-8cf04cf372371106:host:177.10.236.47	SESSION-8cf04cf372371106 → host:177.10.236.47
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-35fc058c4fe240ad:PCAP:capture_20260430150001:ded20914761d	SESSION-35fc058c4fe240ad → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b8196f582d24c6a3:flow:b3209d10aa76	SESSION-b8196f582d24c6a3 → flow:b3209d10aa76
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-13906a0b4b02de94:flow:49c4bc3f2b08	SESSION-13906a0b4b02de94 → flow:49c4bc3f2b08
flow_observed5-aryOBS	e:fo:flow:077f96403dc5	flow:077f96403dc5 → host:177.10.234.97 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:1c5cadac5198:port:tcp:443	flow:1c5cadac5198 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5491ebf26b201b1a:host:172.234.197.23	SESSION-5491ebf26b201b1a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.55:geo_-16.28860_-49.01640	host:177.10.232.55 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-8b5f689fd50e4895:host:172.234.197.23	SESSION-8b5f689fd50e4895 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d7508894fe5424d7:host:172.234.197.23	SESSION-d7508894fe5424d7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9868c83546c2d563:SESSION-9868c83546c2d563	SESSION-9868c83546c2d563 → pe:tls:SESSION-9868c83546c2d563
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d96211015a0fddb9:host:177.10.239.88	SESSION-d96211015a0fddb9 → host:177.10.239.88
flow_observed4-aryOBS	e:fo:flow:74dcb9f76d20	flow:74dcb9f76d20 → host:172.234.197.23 → host:131.196.28.143 → port:tcp:21784
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.157:asn:271410	host:131.196.31.157 → asn:271410
flow_observed5-aryOBS	e:fo:flow:18e92ec9b6d5	flow:18e92ec9b6d5 → host:177.10.239.62 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-8409f84148f471e2:host:131.196.28.100	SESSION-8409f84148f471e2 → host:131.196.28.100
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4bcb34449111b6ae:host:177.10.235.61:host:172.234.197.23	SESSION-4bcb34449111b6ae → host:177.10.235.61 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7ee8a4dda8e6:port:tcp:23593	flow:7ee8a4dda8e6 → port:tcp:23593
FLOW_FROM_HOSTOBS	e:from:SESSION-896e151c898991bb:host:172.234.197.23	SESSION-896e151c898991bb → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-932a817ddabc353f:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-932a817ddabc353f → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.55:asn:262880	host:177.10.235.55 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b84527735a90d253:flow:26daf91e1f0d	SESSION-b84527735a90d253 → flow:26daf91e1f0d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-06ad44a538684c23:SESSION-06ad44a538684c23	SESSION-06ad44a538684c23 → pe:syn:SESSION-06ad44a538684c23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-70f9355e024c975b:host:131.196.31.13:host:172.234.197.23	SESSION-70f9355e024c975b → host:131.196.31.13 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e25d600ec07dd53e:host:131.196.31.246	SESSION-e25d600ec07dd53e → host:131.196.31.246
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5dbf12d77f23d3eb:SESSION-5dbf12d77f23d3eb	SESSION-5dbf12d77f23d3eb → pe:tls:SESSION-5dbf12d77f23d3eb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-458a0c6775d84d5e:host:177.10.232.148	SESSION-458a0c6775d84d5e → host:177.10.232.148
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-caf71fb423b46c4a:SESSION-caf71fb423b46c4a	SESSION-caf71fb423b46c4a → pe:syn:SESSION-caf71fb423b46c4a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-07a7172489c9ad9c:SESSION-07a7172489c9ad9c	SESSION-07a7172489c9ad9c → pe:tls:SESSION-07a7172489c9ad9c
FLOW_TLS_SNIOBS	e:fs:flow:6cd807157248:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:6cd807157248 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4503d5677d79139:SESSION-c4503d5677d79139	SESSION-c4503d5677d79139 → pe:syn:SESSION-c4503d5677d79139
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-31126205fa7b72e3:flow:47ea6f78701e	SESSION-31126205fa7b72e3 → flow:47ea6f78701e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23f94e137932a031:host:172.234.197.23	SESSION-23f94e137932a031 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.170:asn:271410	host:131.196.31.170 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-8ef41947f9929862:host:131.196.28.142	SESSION-8ef41947f9929862 → host:131.196.28.142
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aad95c97a46f4b66:host:172.234.197.23	SESSION-aad95c97a46f4b66 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de46def2c97c3533:host:177.10.236.56	SESSION-de46def2c97c3533 → host:177.10.236.56
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-58fb8de1a3a0b1f1:flow:5761bb4e0fa0	SESSION-58fb8de1a3a0b1f1 → flow:5761bb4e0fa0
FLOW_FROM_HOSTOBS	e:from:SESSION-07d653be0b30b2f4:host:31.40.196.235	SESSION-07d653be0b30b2f4 → host:31.40.196.235
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-95f80a98e12e105d:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-95f80a98e12e105d → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed4-aryOBS	e:fo:flow:0f84ecdb7bf2	flow:0f84ecdb7bf2 → host:172.234.197.23 → host:185.72.218.77 → port:tcp:60071
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4354e5bc798bd13a:PCAP:capture_20260430050001:8868731bf8a4	SESSION-4354e5bc798bd13a → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-35561958c0468d3f:SESSION-35561958c0468d3f	SESSION-35561958c0468d3f → pe:tls:SESSION-35561958c0468d3f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f5c08654c75b915c:SESSION-f5c08654c75b915c	SESSION-f5c08654c75b915c → pe:tls:SESSION-f5c08654c75b915c
FLOW_FROM_HOSTOBS	e:from:SESSION-a07ffa981e156af1:host:172.234.197.23	SESSION-a07ffa981e156af1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e00c0cf74d0af603:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e00c0cf74d0af603 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:965934c253f8	flow:965934c253f8 → host:172.234.197.23 → host:131.196.28.162 → port:tcp:64830
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-86f296cd3a39a7c2:SESSION-86f296cd3a39a7c2	SESSION-86f296cd3a39a7c2 → pe:syn:SESSION-86f296cd3a39a7c2
FLOW_DST_PORTOBS	e:fp:flow:a0a925e53e44:port:tcp:13236	flow:a0a925e53e44 → port:tcp:13236
flow_observed4-aryOBS	e:fo:flow:29e57c1817e3	flow:29e57c1817e3 → host:172.234.197.23 → host:45.173.156.219 → port:tcp:46750
FLOW_FROM_HOSTOBS	e:from:SESSION-4ba4bb01be574ad6:host:131.196.29.168	SESSION-4ba4bb01be574ad6 → host:131.196.29.168
FLOW_FROM_HOSTOBS	e:from:SESSION-bf8660b1b7ea6f50:host:172.234.197.23	SESSION-bf8660b1b7ea6f50 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1eb9812de4c91c82:SESSION-1eb9812de4c91c82	SESSION-1eb9812de4c91c82 → pe:syn:SESSION-1eb9812de4c91c82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7e06a830af01410:host:172.234.197.23	SESSION-b7e06a830af01410 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b1ca06073d474c63:host:172.234.197.23:host:177.10.236.3	SESSION-b1ca06073d474c63 → host:172.234.197.23 → host:177.10.236.3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ca1727d5d29ffb7f:host:172.234.197.23:host:45.173.156.92	SESSION-ca1727d5d29ffb7f → host:172.234.197.23 → host:45.173.156.92
FLOW_TO_HOSTOBS	e:to:SESSION-2c2ee5c4e3db47f8:host:172.234.197.23	SESSION-2c2ee5c4e3db47f8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-077a58eb2518fab4:host:172.234.197.23	SESSION-077a58eb2518fab4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f9e70132665ab339:SESSION-f9e70132665ab339	SESSION-f9e70132665ab339 → pe:syn:SESSION-f9e70132665ab339
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3b13920773df7284:host:131.196.29.103	SESSION-3b13920773df7284 → host:131.196.29.103
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-536e36b5c95ee442:PCAP:capture_20260428010001:b1b402c7b202	SESSION-536e36b5c95ee442 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_TO_HOSTOBS	e:to:SESSION-7b4a3756900fa00c:host:172.234.197.23	SESSION-7b4a3756900fa00c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f580f0e619786fa7:host:177.10.239.86:host:172.234.197.23	SESSION-f580f0e619786fa7 → host:177.10.239.86 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ddd0457559a3680:host:131.196.31.226	SESSION-1ddd0457559a3680 → host:131.196.31.226
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.104:asn:262880	host:177.10.236.104 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-63e207f92d9c898d:host:45.173.156.32	SESSION-63e207f92d9c898d → host:45.173.156.32
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-587fbc18dc61ddb0:host:177.10.235.189:host:172.234.197.23	SESSION-587fbc18dc61ddb0 → host:177.10.235.189 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7f56efcee303c963:host:172.234.197.23	SESSION-7f56efcee303c963 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-efb89dcd313d4029:host:131.196.29.43	SESSION-efb89dcd313d4029 → host:131.196.29.43
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-276107f90ab0c118:host:177.10.236.51	SESSION-276107f90ab0c118 → host:177.10.236.51
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01e9e36dd29e3f1f:host:177.10.235.169	SESSION-01e9e36dd29e3f1f → host:177.10.235.169
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-15939dedfcffc5e5:SESSION-15939dedfcffc5e5	SESSION-15939dedfcffc5e5 → pe:tls:SESSION-15939dedfcffc5e5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-24aa07f03f2c2273:host:177.10.233.118:host:172.234.197.23	SESSION-24aa07f03f2c2273 → host:177.10.233.118 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.121:asn:271410	host:131.196.30.121 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56e8cb1a5e296d06:host:172.234.197.23	SESSION-56e8cb1a5e296d06 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6c15e0230f45f826:SESSION-6c15e0230f45f826	SESSION-6c15e0230f45f826 → pe:syn:SESSION-6c15e0230f45f826
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-16f8bda1e1d11332:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-16f8bda1e1d11332 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-64abd49ab16af3e3:host:177.10.234.253:host:172.234.197.23	SESSION-64abd49ab16af3e3 → host:177.10.234.253 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a7cd300d305b207c:host:172.234.197.23	SESSION-a7cd300d305b207c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-82d78308744a8bb2:SESSION-82d78308744a8bb2	SESSION-82d78308744a8bb2 → pe:tls:SESSION-82d78308744a8bb2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-664631b6c582f1f7:PCAP:capture_20260430090001:065659c7d314	SESSION-664631b6c582f1f7 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4ef3ba231e3ca4d6:flow:e17fa3c43e75	SESSION-4ef3ba231e3ca4d6 → flow:e17fa3c43e75
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-10ed4263d8057f18:PCAP:capture_20260430050001:8868731bf8a4	SESSION-10ed4263d8057f18 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ce6819df966f00de:PCAP:capture_20260430090001:065659c7d314	SESSION-ce6819df966f00de → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-379e8704803db8ae:SESSION-379e8704803db8ae	SESSION-379e8704803db8ae → pe:syn:SESSION-379e8704803db8ae
flow_observed5-aryOBS	e:fo:flow:89b547a4b5d8	flow:89b547a4b5d8 → host:177.10.237.76 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-4993bcd996008da0:host:131.196.30.195	SESSION-4993bcd996008da0 → host:131.196.30.195
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-87f83ff8260cc70d:SESSION-87f83ff8260cc70d	SESSION-87f83ff8260cc70d → pe:syn:SESSION-87f83ff8260cc70d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5cdb2ff7fda09377:PCAP:capture_20260430070001:903a0e7a436b	SESSION-5cdb2ff7fda09377 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-469f9efa6316e344:BSG-DATA_EXFIL-155ac8fe2ddd	SESSION-469f9efa6316e344 → BSG-DATA_EXFIL-155ac8fe2ddd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f8cba099c11564e8:host:103.230.240.59:host:172.234.197.23	SESSION-f8cba099c11564e8 → host:103.230.240.59 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-002a4fad2ef08bcf:flow:fd4c9b42e462	SESSION-002a4fad2ef08bcf → flow:fd4c9b42e462
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-853e897de6767cda:host:172.234.197.23	SESSION-853e897de6767cda → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.46:asn:262880	host:177.10.236.46 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7c1c3bc51aa7232b:PCAP:capture_20260427210001:f654efae4e3b	SESSION-7c1c3bc51aa7232b → PCAP:capture_20260427210001:f654efae4e3b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-001dbe9c45882aae:host:177.10.236.2	SESSION-001dbe9c45882aae → host:177.10.236.2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a4b1418ed7a7a9f3:SESSION-a4b1418ed7a7a9f3	SESSION-a4b1418ed7a7a9f3 → pe:syn:SESSION-a4b1418ed7a7a9f3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c874ff4a201372ef:host:131.196.30.23	SESSION-c874ff4a201372ef → host:131.196.30.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d2803f457704e39:host:131.196.29.214	SESSION-7d2803f457704e39 → host:131.196.29.214
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8f2cb956713b4a7f:SESSION-8f2cb956713b4a7f	SESSION-8f2cb956713b4a7f → pe:syn:SESSION-8f2cb956713b4a7f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47acb5bee39822f1:host:172.234.197.23	SESSION-47acb5bee39822f1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0d1e9854752b2176:flow:2cc478f595ba	SESSION-0d1e9854752b2176 → flow:2cc478f595ba
flow_observed5-aryOBS	e:fo:flow:262704d151c7	flow:262704d151c7 → host:177.10.233.53 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d0bad8110700772:host:172.234.197.23	SESSION-1d0bad8110700772 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-89c2fe6aad8232be:host:172.234.197.23:host:45.173.156.131	SESSION-89c2fe6aad8232be → host:172.234.197.23 → host:45.173.156.131
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-02ee946ab454bede:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-02ee946ab454bede → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:82e56c143909	flow:82e56c143909 → host:177.10.233.228 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2b1b7c009dcf05e:host:172.234.197.23	SESSION-e2b1b7c009dcf05e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1e699a2f9558bf8d:host:177.10.237.145	SESSION-1e699a2f9558bf8d → host:177.10.237.145
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d2af0189f90c79b2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d2af0189f90c79b2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:6ff9de6d0222	flow:6ff9de6d0222 → host:172.234.197.23 → host:45.173.156.192 → port:tcp:31312
FLOW_FROM_HOSTOBS	e:from:SESSION-8d0bef7920d84e31:host:172.234.197.23	SESSION-8d0bef7920d84e31 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7a38503de520	flow:7a38503de520 → host:131.196.28.168 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:b3d67977a2fe:port:tcp:49833	flow:b3d67977a2fe → port:tcp:49833
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-99cedbc5d14c9ef2:PCAP:capture_20260430160001:9bfa4498506a	SESSION-99cedbc5d14c9ef2 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7569a7ee383f653c:flow:03213edca3f5	SESSION-7569a7ee383f653c → flow:03213edca3f5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0daf10b890c2667:host:45.173.156.208	SESSION-f0daf10b890c2667 → host:45.173.156.208
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b23254615c6167a0:host:177.10.235.59:host:172.234.197.23	SESSION-b23254615c6167a0 → host:177.10.235.59 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d5e50cd91d4ac54:host:172.234.197.23	SESSION-5d5e50cd91d4ac54 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a83f7d2591dcabf5:host:131.196.29.125	SESSION-a83f7d2591dcabf5 → host:131.196.29.125
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d13284d1e9c6a901:host:177.10.236.170	SESSION-d13284d1e9c6a901 → host:177.10.236.170
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-da4440e5d8ead4fe:host:177.10.239.2:host:172.234.197.23	SESSION-da4440e5d8ead4fe → host:177.10.239.2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cdf732629d327c4c:host:92.112.71.52:host:172.234.197.23	SESSION-cdf732629d327c4c → host:92.112.71.52 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.42:asn:262880	host:177.10.232.42 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:5d8fbc6c3c79:port:tcp:443	flow:5d8fbc6c3c79 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-59d5bafa56d514c9:host:172.234.197.23:host:45.173.156.31	SESSION-59d5bafa56d514c9 → host:172.234.197.23 → host:45.173.156.31
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.144:geo_-16.28860_-49.01640	host:177.10.237.144 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b22fbd69b6831b9:host:172.234.197.23	SESSION-0b22fbd69b6831b9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7b12eb68f09b08a:host:172.234.197.23	SESSION-c7b12eb68f09b08a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ed610f5ec8b698f6:flow:4274b947f0e0	SESSION-ed610f5ec8b698f6 → flow:4274b947f0e0
FLOW_DST_PORTOBS	e:fp:flow:5ad3b0f91a3d:port:tcp:443	flow:5ad3b0f91a3d → port:tcp:443
flow_observed3-aryOBS	e:fo:flow:6bf91f01045a	flow:6bf91f01045a → host:103.155.16.117 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-189d055e7be1f56c:host:177.10.234.166	SESSION-189d055e7be1f56c → host:177.10.234.166
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1624b178b88eb54d:flow:f2cb88ffae09	SESSION-1624b178b88eb54d → flow:f2cb88ffae09
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-921caeacc0f03622:SESSION-921caeacc0f03622	SESSION-921caeacc0f03622 → pe:tls:SESSION-921caeacc0f03622
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8d5b41a2eb16ae40:SESSION-8d5b41a2eb16ae40	SESSION-8d5b41a2eb16ae40 → pe:syn:SESSION-8d5b41a2eb16ae40
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-11d1e958623763ef:flow:85d6ec4465fb	SESSION-11d1e958623763ef → flow:85d6ec4465fb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-88c7e3106e33eb03:host:177.10.239.182:host:172.234.197.23	SESSION-88c7e3106e33eb03 → host:177.10.239.182 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-328b0864666a263b:host:177.10.238.66	SESSION-328b0864666a263b → host:177.10.238.66
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-191997595ec6754e:SESSION-191997595ec6754e	SESSION-191997595ec6754e → pe:tls:SESSION-191997595ec6754e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d6d47e7b31036f28:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d6d47e7b31036f28 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:1cb9e3855c9b	flow:1cb9e3855c9b → host:177.10.234.73 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b325e5efc54d34b8:PCAP:capture_20260430090001:065659c7d314	SESSION-b325e5efc54d34b8 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-f65d16e06243eafc:host:172.234.197.23	SESSION-f65d16e06243eafc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d82ce6b730f5fc6b:host:172.234.197.23	SESSION-d82ce6b730f5fc6b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f40be42edcf6e8ed:host:131.196.31.190	SESSION-f40be42edcf6e8ed → host:131.196.31.190
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fda1fcad7dd8a834:SESSION-fda1fcad7dd8a834	SESSION-fda1fcad7dd8a834 → pe:tls:SESSION-fda1fcad7dd8a834
flow_observed5-aryOBS	e:fo:flow:32adc553baea	flow:32adc553baea → host:177.10.235.93 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0667f103db24cb40:flow:980518987f5e	SESSION-0667f103db24cb40 → flow:980518987f5e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ceaf5a04e9815b11:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-ceaf5a04e9815b11 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eab64f08bdc755fb:host:172.234.197.23:host:131.196.28.237	SESSION-eab64f08bdc755fb → host:172.234.197.23 → host:131.196.28.237
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ca0d45baeb856677:flow:3e18bd3fd270	SESSION-ca0d45baeb856677 → flow:3e18bd3fd270
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.175:asn:262880	host:177.10.237.175 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:32c97d2c0cb3:port:tcp:443	flow:32c97d2c0cb3 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5634ee3b30a0b6aa:SESSION-5634ee3b30a0b6aa	SESSION-5634ee3b30a0b6aa → pe:tls:SESSION-5634ee3b30a0b6aa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ba165dc958434de:host:172.234.197.23	SESSION-3ba165dc958434de → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dc3f24e93e3e0fb3:flow:6ccc6c1f2d86	SESSION-dc3f24e93e3e0fb3 → flow:6ccc6c1f2d86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-17000fdd70ecbf97:SESSION-17000fdd70ecbf97	SESSION-17000fdd70ecbf97 → pe:tls:SESSION-17000fdd70ecbf97
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7832d3594ed31e4:SESSION-b7832d3594ed31e4	SESSION-b7832d3594ed31e4 → pe:syn:SESSION-b7832d3594ed31e4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f78268addd9f6ca3:flow:5a18bfe2e6a6	SESSION-f78268addd9f6ca3 → flow:5a18bfe2e6a6
FLOW_DST_PORTOBS	e:fp:flow:d2b58a19713b:port:tcp:443	flow:d2b58a19713b → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:5a300d7140a6	flow:5a300d7140a6 → host:131.196.29.96 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fd57eb7fcad3510c:flow:df175b99d66e	SESSION-fd57eb7fcad3510c → flow:df175b99d66e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c73d5dfb4b98c8a4:flow:9cb79ec77286	SESSION-c73d5dfb4b98c8a4 → flow:9cb79ec77286
FLOW_DST_PORTOBS	e:fp:flow:4b456720b757:port:tcp:443	flow:4b456720b757 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c9a0f035acc4428:host:131.196.29.215	SESSION-0c9a0f035acc4428 → host:131.196.29.215
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f39c81a37ca9c9d3:SESSION-f39c81a37ca9c9d3	SESSION-f39c81a37ca9c9d3 → pe:syn:SESSION-f39c81a37ca9c9d3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-196ad93208fa5be9:SESSION-196ad93208fa5be9	SESSION-196ad93208fa5be9 → pe:syn:SESSION-196ad93208fa5be9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-44c3a4d4ec5442f2:host:172.234.197.23:host:177.10.236.201	SESSION-44c3a4d4ec5442f2 → host:172.234.197.23 → host:177.10.236.201
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-94c9082e66baa6b5:host:172.234.197.23:host:177.10.238.10	SESSION-94c9082e66baa6b5 → host:172.234.197.23 → host:177.10.238.10
flow_observed4-aryOBS	e:fo:flow:5f95ab8f43b5	flow:5f95ab8f43b5 → host:172.234.197.23 → host:131.196.31.239 → port:tcp:4719
FLOW_FROM_HOSTOBS	e:from:SESSION-6ae33589f66e7ab9:host:184.171.210.134	SESSION-6ae33589f66e7ab9 → host:184.171.210.134
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d6a7aaaa54e7dd63:flow:f35a1591b089	SESSION-d6a7aaaa54e7dd63 → flow:f35a1591b089
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34efc230578c0ec6:host:192.99.232.216	SESSION-34efc230578c0ec6 → host:192.99.232.216
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c88d7695016e6fbb:SESSION-c88d7695016e6fbb	SESSION-c88d7695016e6fbb → pe:tls:SESSION-c88d7695016e6fbb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9c64ea68345b811b:PCAP:capture_20260430060001:919b39a74464	SESSION-9c64ea68345b811b → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf9713fb7209fcf9:host:177.10.232.184:host:172.234.197.23	SESSION-bf9713fb7209fcf9 → host:177.10.232.184 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-99664d33d11b43d2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-99664d33d11b43d2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2969d43ba10a409c:host:172.234.197.23:host:45.173.156.119	SESSION-2969d43ba10a409c → host:172.234.197.23 → host:45.173.156.119
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d7cf6e510c352d8:host:131.196.29.101	SESSION-8d7cf6e510c352d8 → host:131.196.29.101
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7ab46af96ea11edd:SESSION-7ab46af96ea11edd	SESSION-7ab46af96ea11edd → pe:syn:SESSION-7ab46af96ea11edd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-314616832d67d639:host:177.10.235.64:host:172.234.197.23	SESSION-314616832d67d639 → host:177.10.235.64 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d40530d159a1:port:tcp:443	flow:d40530d159a1 → port:tcp:443
flow_observed3-aryOBS	e:fo:flow:3d1380dea746	flow:3d1380dea746 → host:44.243.2.252 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cf2d710eb7a0f34a:host:172.234.197.23	SESSION-cf2d710eb7a0f34a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2622d4ad7ff2:port:tcp:443	flow:2622d4ad7ff2 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a776552d0ac90a05:host:45.173.156.99:host:172.234.197.23	SESSION-a776552d0ac90a05 → host:45.173.156.99 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-88f0aa854ba7cdd7:SESSION-88f0aa854ba7cdd7	SESSION-88f0aa854ba7cdd7 → pe:syn:SESSION-88f0aa854ba7cdd7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aad95c97a46f4b66:host:177.10.234.210	SESSION-aad95c97a46f4b66 → host:177.10.234.210
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf132b40533c7dcc:host:177.10.235.114	SESSION-bf132b40533c7dcc → host:177.10.235.114
FLOW_TO_HOSTOBS	e:to:SESSION-94bbfef7eb27207b:host:172.234.197.23	SESSION-94bbfef7eb27207b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.18:asn:262880	host:177.10.235.18 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd58ba429e3d894b:host:131.196.28.174	SESSION-dd58ba429e3d894b → host:131.196.28.174
FLOW_FROM_HOSTOBS	e:from:SESSION-bd0de62eb0560e2b:host:35.216.234.82	SESSION-bd0de62eb0560e2b → host:35.216.234.82
FLOW_QUERIED_DNSOBS	e:fd:flow:b7489016e282:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:b7489016e282 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.133:asn:273470	host:45.173.156.133 → asn:273470
FLOW_TLS_SNIOBS	e:fs:flow:bf85860c61db:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:bf85860c61db → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8b858978950d9ddc:host:131.196.31.10:host:172.234.197.23	SESSION-8b858978950d9ddc → host:131.196.31.10 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7dea1c67796075ab:PCAP:capture_20260430060001:919b39a74464	SESSION-7dea1c67796075ab → PCAP:capture_20260430060001:919b39a74464
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.107:geo_-21.10010_-41.69200	host:45.173.156.107 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ef2cf125c8c7b83a:flow:faadb4fd5bdf	SESSION-ef2cf125c8c7b83a → flow:faadb4fd5bdf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8f16f611b98ecbfd:SESSION-8f16f611b98ecbfd	SESSION-8f16f611b98ecbfd → pe:syn:SESSION-8f16f611b98ecbfd
FLOW_FROM_HOSTOBS	e:from:SESSION-c9eb08591878d33c:host:172.234.197.23	SESSION-c9eb08591878d33c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.32:asn:273470	host:45.173.156.32 → asn:273470
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0371abab0ef43e73:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-0371abab0ef43e73 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f42dcf2468c4a64f:host:131.196.31.61:host:172.234.197.23	SESSION-f42dcf2468c4a64f → host:131.196.31.61 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4d0ab62891a0a5c:host:172.234.197.23	SESSION-d4d0ab62891a0a5c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a87c967af45101a2:host:172.234.197.23	SESSION-a87c967af45101a2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-69ca44a412c8d221:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-69ca44a412c8d221 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fd524e1c02193f64:SESSION-fd524e1c02193f64	SESSION-fd524e1c02193f64 → pe:syn:SESSION-fd524e1c02193f64
FLOW_DST_PORTOBS	e:fp:flow:7a4e69d85fd3:port:tcp:443	flow:7a4e69d85fd3 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-78ad99b8772b1e3f:SESSION-78ad99b8772b1e3f	SESSION-78ad99b8772b1e3f → pe:tls:SESSION-78ad99b8772b1e3f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5d5e5bbccd32f2d5:PCAP:capture_20260430160001:9bfa4498506a	SESSION-5d5e5bbccd32f2d5 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-3bf7bb3dc8319468:host:131.196.30.102	SESSION-3bf7bb3dc8319468 → host:131.196.30.102
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-328b0864666a263b:host:177.10.238.66:host:172.234.197.23	SESSION-328b0864666a263b → host:177.10.238.66 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a60c132d3a0c7657:host:177.10.236.33:host:172.234.197.23	SESSION-a60c132d3a0c7657 → host:177.10.236.33 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-31cda31fe1b0dd07:host:172.234.197.23:host:45.148.10.151	SESSION-31cda31fe1b0dd07 → host:172.234.197.23 → host:45.148.10.151
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67c350ca0312f6cb:host:172.234.197.23	SESSION-67c350ca0312f6cb → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8277822e9833952:SESSION-c8277822e9833952	SESSION-c8277822e9833952 → pe:syn:SESSION-c8277822e9833952
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a4506f2fb402b7f:flow:3b93b67df890	SESSION-0a4506f2fb402b7f → flow:3b93b67df890
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-acf0f47433b56858:host:172.234.197.23:host:131.196.28.19	SESSION-acf0f47433b56858 → host:172.234.197.23 → host:131.196.28.19
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f082f9fe3332438:host:177.10.236.26	SESSION-1f082f9fe3332438 → host:177.10.236.26
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6d1acf39452c448:host:172.234.197.23	SESSION-a6d1acf39452c448 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f234671aee206898:host:172.234.197.23	SESSION-f234671aee206898 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ecb424a0a4d5b0f:host:172.234.197.23	SESSION-3ecb424a0a4d5b0f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7b1078812f997c85:SESSION-7b1078812f997c85	SESSION-7b1078812f997c85 → pe:syn:SESSION-7b1078812f997c85
FLOW_FROM_HOSTOBS	e:from:SESSION-12b2fb0a733c24b6:host:177.10.232.153	SESSION-12b2fb0a733c24b6 → host:177.10.232.153
flow_observed5-aryOBS	e:fo:flow:17dcf413c382	flow:17dcf413c382 → host:131.196.28.216 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:dcc7deb4e4c9:port:tcp:443	flow:dcc7deb4e4c9 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ec928f375ba591f1:SESSION-ec928f375ba591f1	SESSION-ec928f375ba591f1 → pe:syn:SESSION-ec928f375ba591f1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-020ce81cb9d50ce5:SESSION-020ce81cb9d50ce5	SESSION-020ce81cb9d50ce5 → pe:tls:SESSION-020ce81cb9d50ce5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f06d97c7ac4f577b:host:172.234.197.23:host:131.196.29.194	SESSION-f06d97c7ac4f577b → host:172.234.197.23 → host:131.196.29.194
FLOW_TO_HOSTOBS	e:to:SESSION-60d7d302576d36ac:host:172.234.197.23	SESSION-60d7d302576d36ac → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9c5b30eb4b7e446:host:45.173.156.219	SESSION-c9c5b30eb4b7e446 → host:45.173.156.219
flow_observed5-aryOBS	e:fo:flow:f996eec81ce9	flow:f996eec81ce9 → host:177.10.235.36 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-868abcdaf084ea7c:host:172.234.197.23	SESSION-868abcdaf084ea7c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-527af3b786e52b88:SESSION-527af3b786e52b88	SESSION-527af3b786e52b88 → pe:tls:SESSION-527af3b786e52b88
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d96c6feac6dadd94:host:172.234.197.23	SESSION-d96c6feac6dadd94 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b479aa11234b67ae:SESSION-b479aa11234b67ae	SESSION-b479aa11234b67ae → pe:tls:SESSION-b479aa11234b67ae
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0b02fe311e9b10a6:host:177.10.233.98:host:172.234.197.23	SESSION-0b02fe311e9b10a6 → host:177.10.233.98 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db60e018ea4d304a:flow:d06e75a28da9	SESSION-db60e018ea4d304a → flow:d06e75a28da9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41957bf4b3a50ded:host:172.234.197.23	SESSION-41957bf4b3a50ded → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1dda0e3344468f76:host:172.234.197.23	SESSION-1dda0e3344468f76 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-161fb053b15bb516:host:177.10.236.165	SESSION-161fb053b15bb516 → host:177.10.236.165
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-887f47388267b095:host:177.10.237.61:host:172.234.197.23	SESSION-887f47388267b095 → host:177.10.237.61 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a38bfeac3fad0550:host:172.234.197.23	SESSION-a38bfeac3fad0550 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a720c7dde0362052:SESSION-a720c7dde0362052	SESSION-a720c7dde0362052 → pe:syn:SESSION-a720c7dde0362052
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-113c4b09005431cc:PCAP:capture_20260430150001:ded20914761d	SESSION-113c4b09005431cc → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0482ff4f8e4ec953:host:131.196.31.21	SESSION-0482ff4f8e4ec953 → host:131.196.31.21
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b9deb407202a7aa0:SESSION-b9deb407202a7aa0	SESSION-b9deb407202a7aa0 → pe:syn:SESSION-b9deb407202a7aa0
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.158:asn:262880	host:177.10.238.158 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3ae59ca72364f9e1:SESSION-3ae59ca72364f9e1	SESSION-3ae59ca72364f9e1 → pe:tls:SESSION-3ae59ca72364f9e1
FLOW_DST_PORTOBS	e:fp:flow:1a1072de1ab1:port:tcp:58482	flow:1a1072de1ab1 → port:tcp:58482
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9501d29cea91bd7b:SESSION-9501d29cea91bd7b	SESSION-9501d29cea91bd7b → pe:tls:SESSION-9501d29cea91bd7b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ab20216cf3eeb0ee:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ab20216cf3eeb0ee → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:5e254158c026	flow:5e254158c026 → host:131.196.31.48 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b11ad70426b43374:flow:55b8d007960c	SESSION-b11ad70426b43374 → flow:55b8d007960c
FLOW_TO_HOSTOBS	e:to:SESSION-d098d799c39976fd:host:172.234.197.23	SESSION-d098d799c39976fd → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1acc74ca4adb622d:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-1acc74ca4adb622d → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a782bfdef89df980:host:172.234.197.23	SESSION-a782bfdef89df980 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7db2d3f3f113e007:host:177.10.238.44:host:172.234.197.23	SESSION-7db2d3f3f113e007 → host:177.10.238.44 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0146df147eb3c3bd:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0146df147eb3c3bd → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09c97c2e7f8ca5a6:host:177.10.238.7	SESSION-09c97c2e7f8ca5a6 → host:177.10.238.7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4203cad708a9d562:SESSION-4203cad708a9d562	SESSION-4203cad708a9d562 → pe:tls:SESSION-4203cad708a9d562
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9f2c14118785728f:flow:93e9c37360c6	SESSION-9f2c14118785728f → flow:93e9c37360c6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d290f0be98eecddb:SESSION-d290f0be98eecddb	SESSION-d290f0be98eecddb → pe:tls:SESSION-d290f0be98eecddb
FLOW_FROM_HOSTOBS	e:from:SESSION-4f73d5c81ac41c00:host:172.234.197.23	SESSION-4f73d5c81ac41c00 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ee9fbb8d7f6cf47b:SESSION-ee9fbb8d7f6cf47b	SESSION-ee9fbb8d7f6cf47b → pe:tls:SESSION-ee9fbb8d7f6cf47b
flow_observed5-aryOBS	e:fo:flow:b004ebd7b4c6	flow:b004ebd7b4c6 → host:177.10.238.113 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-63be833bbb100650:flow:8d146c274485	SESSION-63be833bbb100650 → flow:8d146c274485
FLOW_DST_PORTOBS	e:fp:flow:48b5e51b7b0b:port:tcp:443	flow:48b5e51b7b0b → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-cc431699568b9daa:host:172.234.197.23	SESSION-cc431699568b9daa → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d44b61a87a7b	flow:d44b61a87a7b → host:172.234.197.23 → host:131.196.28.5 → port:tcp:45649
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f6ab7360966186b9:PCAP:capture_20260430090001:065659c7d314	SESSION-f6ab7360966186b9 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e0b5328aa075dd2:host:172.234.197.23	SESSION-2e0b5328aa075dd2 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.165:geo_-23.62930_-46.63510	host:131.196.29.165 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fa41b89da3fc0a6:host:177.10.232.136	SESSION-3fa41b89da3fc0a6 → host:177.10.232.136
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.96:geo_-16.28860_-49.01640	host:177.10.238.96 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-8b8b9e098330595b:host:172.234.197.23	SESSION-8b8b9e098330595b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-26a93711200ab02b:host:177.10.236.43	SESSION-26a93711200ab02b → host:177.10.236.43
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2e8105cbb514d7cf:flow:5b1519d94b48	SESSION-2e8105cbb514d7cf → flow:5b1519d94b48
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.38:asn:262880	host:177.10.239.38 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2460b60c939eb75b:host:177.10.239.76:host:172.234.197.23	SESSION-2460b60c939eb75b → host:177.10.239.76 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-149428cb73969f2b:SESSION-149428cb73969f2b	SESSION-149428cb73969f2b → pe:tls:SESSION-149428cb73969f2b
FLOW_DST_PORTOBS	e:fp:flow:2c5cf90e9824:port:tcp:443	flow:2c5cf90e9824 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-671ee03668a9eda8:flow:b5cae6f976a7	SESSION-671ee03668a9eda8 → flow:b5cae6f976a7
FLOW_FROM_HOSTOBS	e:from:SESSION-2b9c1bf42f4683a2:host:172.234.197.23	SESSION-2b9c1bf42f4683a2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ac3abc26fe7d2af5:host:172.234.197.23	SESSION-ac3abc26fe7d2af5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0804c956ce93675c:host:172.234.197.23	SESSION-0804c956ce93675c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:550a225d20a6	flow:550a225d20a6 → host:177.10.234.221 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ead5791c5617fb56:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-ead5791c5617fb56 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:28ab5fc046d9:port:tcp:443	flow:28ab5fc046d9 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e5496341eed0b869:flow:a5769e3e2edd	SESSION-e5496341eed0b869 → flow:a5769e3e2edd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-871dd8a53b87e11e:SESSION-871dd8a53b87e11e	SESSION-871dd8a53b87e11e → pe:tls:SESSION-871dd8a53b87e11e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-111e536a3f33c549:flow:548c6f416d7f	SESSION-111e536a3f33c549 → flow:548c6f416d7f
flow_observed5-aryOBS	e:fo:flow:97e08a6b4ec8	flow:97e08a6b4ec8 → host:177.10.233.11 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31cda31fe1b0dd07:host:45.148.10.151	SESSION-31cda31fe1b0dd07 → host:45.148.10.151
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-c8b38e5755a85588:BSG-BEACON-aca7f2deb21d	SESSION-c8b38e5755a85588 → BSG-BEACON-aca7f2deb21d
flow_observed5-aryOBS	e:fo:flow:76ee58955fc5	flow:76ee58955fc5 → host:177.10.238.190 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-feb3207d55e7c5c5:host:177.10.238.122:host:172.234.197.23	SESSION-feb3207d55e7c5c5 → host:177.10.238.122 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:f44d8b39227f	flow:f44d8b39227f → host:172.234.197.23 → host:177.10.232.61 → port:tcp:17425
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7d861e0bc561d261:SESSION-7d861e0bc561d261	SESSION-7d861e0bc561d261 → pe:syn:SESSION-7d861e0bc561d261
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ee625266e5aa068:host:54.201.244.199	SESSION-5ee625266e5aa068 → host:54.201.244.199
FLOW_TO_HOSTOBS	e:to:SESSION-3f928c0ad9f6130d:host:172.234.197.23	SESSION-3f928c0ad9f6130d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f0a0478f83cd119:host:172.234.197.23	SESSION-1f0a0478f83cd119 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d446777121d9b1f8:SESSION-d446777121d9b1f8	SESSION-d446777121d9b1f8 → pe:syn:SESSION-d446777121d9b1f8
FLOW_DST_PORTOBS	e:fp:flow:ff20c5693ea1:port:tcp:443	flow:ff20c5693ea1 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db9e8149201eae0f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-db9e8149201eae0f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2f9ea4c8ad78eb8e:SESSION-2f9ea4c8ad78eb8e	SESSION-2f9ea4c8ad78eb8e → pe:syn:SESSION-2f9ea4c8ad78eb8e
FLOW_DST_PORTOBS	e:fp:flow:a72e0ef9e58a:port:tcp:443	flow:a72e0ef9e58a → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8f8f919bfd11f34b:SESSION-8f8f919bfd11f34b	SESSION-8f8f919bfd11f34b → pe:tls:SESSION-8f8f919bfd11f34b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.25:asn:262880	host:177.10.238.25 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-457bc509f900e32f:host:172.234.197.23	SESSION-457bc509f900e32f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d694cf0080c35c2f:host:172.234.197.23	SESSION-d694cf0080c35c2f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5e3e928d9f8f:port:tcp:753	flow:5e3e928d9f8f → port:tcp:753
flow_observed5-aryOBS	e:fo:flow:2591fb04a88d	flow:2591fb04a88d → host:185.231.226.148 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:39b0cee06cef	flow:39b0cee06cef → host:177.10.237.48 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-73eae13080f416f8:SESSION-73eae13080f416f8	SESSION-73eae13080f416f8 → pe:syn:SESSION-73eae13080f416f8
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.105:asn:262880	host:177.10.235.105 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-3224b320d23ec0cd:host:172.234.197.23	SESSION-3224b320d23ec0cd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b51c77a005c8dfc8:flow:4a9b5bb3cf88	SESSION-b51c77a005c8dfc8 → flow:4a9b5bb3cf88
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0e4303498e9ae3e:host:172.234.197.23	SESSION-b0e4303498e9ae3e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ee9fbb8d7f6cf47b:SESSION-ee9fbb8d7f6cf47b	SESSION-ee9fbb8d7f6cf47b → pe:syn:SESSION-ee9fbb8d7f6cf47b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6d93e05fe8ec7e58:flow:3ecc4430f83a	SESSION-6d93e05fe8ec7e58 → flow:3ecc4430f83a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4904f64e7943cb47:flow:f094c0b9e79e	SESSION-4904f64e7943cb47 → flow:f094c0b9e79e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a1d91047073c4c2:PCAP:capture_20260430060001:919b39a74464	SESSION-4a1d91047073c4c2 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-586aad203217304c:host:45.173.156.41:host:172.234.197.23	SESSION-586aad203217304c → host:45.173.156.41 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:98475c8ec4d7	flow:98475c8ec4d7 → host:177.10.238.160 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:15328a444bdb:port:tcp:11510	flow:15328a444bdb → port:tcp:11510
FLOW_DST_PORTOBS	e:fp:flow:3adb4fd2df9b:port:tcp:4502	flow:3adb4fd2df9b → port:tcp:4502
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4081c2e8ed1c2925:flow:3d68dedcff75	SESSION-4081c2e8ed1c2925 → flow:3d68dedcff75
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-33fdac1ad6f47ac8:host:177.10.232.130:host:172.234.197.23	SESSION-33fdac1ad6f47ac8 → host:177.10.232.130 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8811d2339559:port:tcp:23711	flow:8811d2339559 → port:tcp:23711
FLOW_FROM_HOSTOBS	e:from:SESSION-e91394d00b664372:host:177.10.234.232	SESSION-e91394d00b664372 → host:177.10.234.232
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd81cfaee9483060:host:177.10.237.227	SESSION-cd81cfaee9483060 → host:177.10.237.227
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0b8c772918251267:SESSION-0b8c772918251267	SESSION-0b8c772918251267 → pe:syn:SESSION-0b8c772918251267
FLOW_TO_HOSTOBS	e:to:SESSION-e332f49c3a5896d2:host:172.234.197.23	SESSION-e332f49c3a5896d2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2a81d3c71843f89e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2a81d3c71843f89e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9c12f6159b9a7a1:host:131.196.30.8	SESSION-a9c12f6159b9a7a1 → host:131.196.30.8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7678ab8e642a5a2a:SESSION-7678ab8e642a5a2a	SESSION-7678ab8e642a5a2a → pe:syn:SESSION-7678ab8e642a5a2a
FLOW_TO_HOSTOBS	e:to:SESSION-46a01539128daee6:host:172.234.197.23	SESSION-46a01539128daee6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-417f532a2a507181:host:177.10.238.158:host:172.234.197.23	SESSION-417f532a2a507181 → host:177.10.238.158 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4023081e4eab:port:tcp:5546	flow:4023081e4eab → port:tcp:5546
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0f8a559c2faf4a64:host:177.10.234.48:host:172.234.197.23	SESSION-0f8a559c2faf4a64 → host:177.10.234.48 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-df3beb1e5143a102:SESSION-df3beb1e5143a102	SESSION-df3beb1e5143a102 → pe:tls:SESSION-df3beb1e5143a102
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1c5a72a6fbc2381d:flow:cb62cbda5136	SESSION-1c5a72a6fbc2381d → flow:cb62cbda5136
HOST_IN_ASNOBS 85%	e:ha:host:92.118.39.236:asn:47890	host:92.118.39.236 → asn:47890
FLOW_FROM_HOSTOBS	e:from:SESSION-f5347add21fd9245:host:177.10.233.255	SESSION-f5347add21fd9245 → host:177.10.233.255
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.52:asn:262880	host:177.10.237.52 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4c4adfb3e188a176:host:177.10.236.157:host:172.234.197.23	SESSION-4c4adfb3e188a176 → host:177.10.236.157 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8bfe47632c127d09:flow:92515270b68c	SESSION-8bfe47632c127d09 → flow:92515270b68c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6a214ec19ba198e7:SESSION-6a214ec19ba198e7	SESSION-6a214ec19ba198e7 → pe:tls:SESSION-6a214ec19ba198e7
FLOW_DST_PORTOBS	e:fp:flow:da19865bc885:port:tcp:76	flow:da19865bc885 → port:tcp:76
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fb9800c0b594ef9b:flow:690c407955d0	SESSION-fb9800c0b594ef9b → flow:690c407955d0
FLOW_FROM_HOSTOBS	e:from:SESSION-685011adf9d67a1b:host:131.196.29.230	SESSION-685011adf9d67a1b → host:131.196.29.230
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65a2e80880ae05c5:flow:f9d5c4236faa	SESSION-65a2e80880ae05c5 → flow:f9d5c4236faa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3560085925cb3717:host:177.10.237.15	SESSION-3560085925cb3717 → host:177.10.237.15
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f302c09f7d22a8d1:SESSION-f302c09f7d22a8d1	SESSION-f302c09f7d22a8d1 → pe:syn:SESSION-f302c09f7d22a8d1
FLOW_DST_PORTOBS	e:fp:flow:1254a28c0960:port:tcp:12763	flow:1254a28c0960 → port:tcp:12763
flow_observed5-aryOBS	e:fo:flow:a1c10d36ceb1	flow:a1c10d36ceb1 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
FLOW_TO_HOSTOBS	e:to:SESSION-69029b06bbd64972:host:172.234.197.23	SESSION-69029b06bbd64972 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-72786bca04f1b5c7:SESSION-72786bca04f1b5c7	SESSION-72786bca04f1b5c7 → pe:tls:SESSION-72786bca04f1b5c7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-409db122b916fc83:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-409db122b916fc83 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ad42e8c66a89ee5:host:172.234.197.23:host:177.10.234.250	SESSION-8ad42e8c66a89ee5 → host:172.234.197.23 → host:177.10.234.250
FLOW_FROM_HOSTOBS	e:from:SESSION-70cb56f6bea3d067:host:177.10.234.28	SESSION-70cb56f6bea3d067 → host:177.10.234.28
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7d5ec38dc75ef648:flow:d4a20519f18b	SESSION-7d5ec38dc75ef648 → flow:d4a20519f18b
FLOW_TO_HOSTOBS	e:to:SESSION-e4cbb1218941faec:host:172.234.197.23	SESSION-e4cbb1218941faec → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d027fcdf19e82664:host:177.10.233.47:host:172.234.197.23	SESSION-d027fcdf19e82664 → host:177.10.233.47 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.222:geo_-16.28860_-49.01640	host:177.10.235.222 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.253:geo_-21.10010_-41.69200	host:45.173.156.253 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e63705938a499015:host:177.10.233.235	SESSION-e63705938a499015 → host:177.10.233.235
FLOW_DST_PORTOBS	e:fp:flow:3d196b4085ad:port:tcp:443	flow:3d196b4085ad → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-3e54eb0866acbe21:host:172.234.197.23	SESSION-3e54eb0866acbe21 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d10569cf24d3:port:tcp:443	flow:d10569cf24d3 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-750fc9f72ee279c6:host:172.234.197.23:host:131.196.29.248	SESSION-750fc9f72ee279c6 → host:172.234.197.23 → host:131.196.29.248
flow_observed5-aryOBS	e:fo:flow:a414d91a7218	flow:a414d91a7218 → host:37.221.79.55 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-f6061b9b172c119c:host:172.234.197.23	SESSION-f6061b9b172c119c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9c4a3ef3072acfd2:flow:58f5f0dbd944	SESSION-9c4a3ef3072acfd2 → flow:58f5f0dbd944
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-794cf5b08878bd55:host:131.196.30.220:host:172.234.197.23	SESSION-794cf5b08878bd55 → host:131.196.30.220 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8e2f8ae5ea03a25:host:177.10.234.187	SESSION-e8e2f8ae5ea03a25 → host:177.10.234.187
FLOW_FROM_HOSTOBS	e:from:SESSION-1f059fe4a40805f2:host:131.196.31.242	SESSION-1f059fe4a40805f2 → host:131.196.31.242
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4d9a4406bd7b3b41:SESSION-4d9a4406bd7b3b41	SESSION-4d9a4406bd7b3b41 → pe:tls:SESSION-4d9a4406bd7b3b41
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2af2d979895f4943:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2af2d979895f4943 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f234671aee206898:PCAP:capture_20260430090001:065659c7d314	SESSION-f234671aee206898 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-8a20fc4ba13bfca4:host:172.234.197.23	SESSION-8a20fc4ba13bfca4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e632e9ec3b8d735c:host:177.10.239.70	SESSION-e632e9ec3b8d735c → host:177.10.239.70
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-699c907c7ac66403:flow:71ecf670b095	SESSION-699c907c7ac66403 → flow:71ecf670b095
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-738a9f5daf478976:host:177.10.235.61	SESSION-738a9f5daf478976 → host:177.10.235.61
FLOW_TO_HOSTOBS	e:to:SESSION-6455927ff3f8f851:host:172.234.197.23	SESSION-6455927ff3f8f851 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-877b851a45681e10:host:131.196.29.90	SESSION-877b851a45681e10 → host:131.196.29.90
HOST_IN_ASNOBS 85%	e:ha:host:103.155.16.117:asn:138915	host:103.155.16.117 → asn:138915
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6b4752d4afe8ec71:PCAP:capture_20260430110001:43611bdf6759	SESSION-6b4752d4afe8ec71 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14a74b0f0f76c3f9:host:131.196.30.135	SESSION-14a74b0f0f76c3f9 → host:131.196.30.135
FLOW_DST_PORTOBS	e:fp:flow:60035740abc7:port:tcp:28420	flow:60035740abc7 → port:tcp:28420
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8098f7aeb1e3da6f:host:13.60.168.200:host:172.234.197.23	SESSION-8098f7aeb1e3da6f → host:13.60.168.200 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-328e38096bb05d60:flow:08b11684af7a	SESSION-328e38096bb05d60 → flow:08b11684af7a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ee14fe05044df9df:flow:5fed7e81abee	SESSION-ee14fe05044df9df → flow:5fed7e81abee
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-578ff4b2beeb08df:flow:9690312925a2	SESSION-578ff4b2beeb08df → flow:9690312925a2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.252:geo_-23.62930_-46.63510	host:131.196.29.252 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-30152f28b63d1649:SESSION-30152f28b63d1649	SESSION-30152f28b63d1649 → pe:tls:SESSION-30152f28b63d1649
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bd728e6d9f0647f9:PCAP:capture_20260430060001:919b39a74464	SESSION-bd728e6d9f0647f9 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e225557ebe736948:host:131.196.30.28	SESSION-e225557ebe736948 → host:131.196.30.28
FLOW_DST_PORTOBS	e:fp:flow:35f8b65cdfe8:port:tcp:47861	flow:35f8b65cdfe8 → port:tcp:47861
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-276035998be5d0c6:host:172.234.197.23	SESSION-276035998be5d0c6 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.147:asn:273470	host:45.173.156.147 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-006e3a8766fa0c7d:host:172.234.197.23	SESSION-006e3a8766fa0c7d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-341468c084cc4cf3:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-341468c084cc4cf3 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:09e69323670d	flow:09e69323670d → host:131.196.30.12 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08b271f63f4ccc89:host:172.234.197.23	SESSION-08b271f63f4ccc89 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bde2562b2e16b844:host:172.234.197.23	SESSION-bde2562b2e16b844 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2e0b5328aa075dd2:SESSION-2e0b5328aa075dd2	SESSION-2e0b5328aa075dd2 → pe:syn:SESSION-2e0b5328aa075dd2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec2cd7bdebda0247:host:177.10.237.6	SESSION-ec2cd7bdebda0247 → host:177.10.237.6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fa9d2876c7b3abea:flow:ad69a09da0dd	SESSION-fa9d2876c7b3abea → flow:ad69a09da0dd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-037b6464dda97429:SESSION-037b6464dda97429	SESSION-037b6464dda97429 → pe:rst:SESSION-037b6464dda97429
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-049aa291881e8f8b:SESSION-049aa291881e8f8b	SESSION-049aa291881e8f8b → pe:tls:SESSION-049aa291881e8f8b
FLOW_DST_PORTOBS	e:fp:flow:5cbd1147ed0a:port:tcp:28179	flow:5cbd1147ed0a → port:tcp:28179
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-31e4a260829c636e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-31e4a260829c636e → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:f413e7c103a3:port:tcp:443	flow:f413e7c103a3 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4449fca2fd34af5e:SESSION-4449fca2fd34af5e	SESSION-4449fca2fd34af5e → pe:syn:SESSION-4449fca2fd34af5e
flow_observed4-aryOBS	e:fo:flow:2aff54998db0	flow:2aff54998db0 → host:172.234.197.23 → host:177.10.236.239 → port:tcp:56874
FLOW_TO_HOSTOBS	e:to:SESSION-2287ae96f90f1374:host:172.234.197.23	SESSION-2287ae96f90f1374 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.220:geo_-21.10010_-41.69200	host:45.173.156.220 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-3cdf0b404a4678c5:host:172.234.197.23	SESSION-3cdf0b404a4678c5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-de195b26c1af220a:flow:1a13868d230b	SESSION-de195b26c1af220a → flow:1a13868d230b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4cb8ade3138db412:SESSION-4cb8ade3138db412	SESSION-4cb8ade3138db412 → pe:tls:SESSION-4cb8ade3138db412
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39845edf8e8f640a:host:172.234.197.23	SESSION-39845edf8e8f640a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b65c6ec30f2c8117:host:172.234.197.23	SESSION-b65c6ec30f2c8117 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5fcf38b0a54673cb:SESSION-5fcf38b0a54673cb	SESSION-5fcf38b0a54673cb → pe:tls:SESSION-5fcf38b0a54673cb
FLOW_FROM_HOSTOBS	e:from:SESSION-31b8d1ec0bbdfa48:host:35.95.113.227	SESSION-31b8d1ec0bbdfa48 → host:35.95.113.227
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89ddb9a3043f63a3:host:172.234.197.23	SESSION-89ddb9a3043f63a3 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.1:asn:262880	host:177.10.233.1 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-70a92a3cd71eafd5:SESSION-70a92a3cd71eafd5	SESSION-70a92a3cd71eafd5 → pe:tls:SESSION-70a92a3cd71eafd5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21640db65210a47d:host:172.234.197.23	SESSION-21640db65210a47d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.149:geo_-16.28860_-49.01640	host:177.10.238.149 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:157.180.84.94:geo_60.17190_24.93470	host:157.180.84.94 → geo_60.17190_24.93470
FLOW_DST_PORTOBS	e:fp:flow:6516de271457:port:tcp:443	flow:6516de271457 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-05167940272dd019:host:172.234.197.23	SESSION-05167940272dd019 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.125:asn:262880	host:177.10.232.125 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a47ed447671c9b0b:host:172.234.197.23	SESSION-a47ed447671c9b0b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:195.96.138.88:asn:210924	host:195.96.138.88 → asn:210924
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b9d0d1a45a4e9ec7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b9d0d1a45a4e9ec7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:a301ca4ce719:port:tcp:443	flow:a301ca4ce719 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-744a603206d06e24:host:46.4.252.37:host:172.234.197.23	SESSION-744a603206d06e24 → host:46.4.252.37 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ea9e167400c380e9:host:172.234.197.23	SESSION-ea9e167400c380e9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da15c25f39b20c68:host:172.234.197.23	SESSION-da15c25f39b20c68 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.91:geo_-23.62930_-46.63510	host:131.196.29.91 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e6f5f35bde9b3d2:flow:924a7bf90f20	SESSION-7e6f5f35bde9b3d2 → flow:924a7bf90f20
FLOW_FROM_HOSTOBS	e:from:SESSION-3b13920773df7284:host:131.196.29.103	SESSION-3b13920773df7284 → host:131.196.29.103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-265fcf20a19ad440:host:172.234.197.23	SESSION-265fcf20a19ad440 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ecb25cc7396151e7:host:177.10.239.139	SESSION-ecb25cc7396151e7 → host:177.10.239.139
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4cc2e8571100ea2b:SESSION-4cc2e8571100ea2b	SESSION-4cc2e8571100ea2b → pe:syn:SESSION-4cc2e8571100ea2b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-463ebb9b343c8b6a:host:131.196.29.153:host:172.234.197.23	SESSION-463ebb9b343c8b6a → host:131.196.29.153 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.116:geo_-16.28860_-49.01640	host:177.10.233.116 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-896e151c898991bb:host:177.10.239.102	SESSION-896e151c898991bb → host:177.10.239.102
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0ba942f2694f4960:host:177.10.235.72:host:172.234.197.23	SESSION-0ba942f2694f4960 → host:177.10.235.72 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85483e16d9e2576e:host:172.234.197.23:host:131.196.28.110	SESSION-85483e16d9e2576e → host:172.234.197.23 → host:131.196.28.110
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.81:asn:262880	host:177.10.232.81 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-f580f0e619786fa7:host:177.10.239.86	SESSION-f580f0e619786fa7 → host:177.10.239.86
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.5:asn:271410	host:131.196.28.5 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d3cf98bfbd337a47:PCAP:capture_20260430110001:43611bdf6759	SESSION-d3cf98bfbd337a47 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a43b551ff0093c7:host:172.234.197.23	SESSION-8a43b551ff0093c7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d6a7aaaa54e7dd63:SESSION-d6a7aaaa54e7dd63	SESSION-d6a7aaaa54e7dd63 → pe:tls:SESSION-d6a7aaaa54e7dd63
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.29:geo_-23.62930_-46.63510	host:131.196.31.29 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-e5eab3f22e87eb3f:host:172.234.197.23	SESSION-e5eab3f22e87eb3f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1980da9de3362b69:SESSION-1980da9de3362b69	SESSION-1980da9de3362b69 → pe:syn:SESSION-1980da9de3362b69
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-afa0e3a30bb0024e:host:172.234.197.23:host:131.196.31.240	SESSION-afa0e3a30bb0024e → host:172.234.197.23 → host:131.196.31.240
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-265a2f0fa666e936:flow:34d94ae03fc0	SESSION-265a2f0fa666e936 → flow:34d94ae03fc0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-065b3042ded53057:host:172.234.197.23:host:177.10.232.247	SESSION-065b3042ded53057 → host:172.234.197.23 → host:177.10.232.247
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9d9c8489868c7191:SESSION-9d9c8489868c7191	SESSION-9d9c8489868c7191 → pe:syn:SESSION-9d9c8489868c7191
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6634561e4b2b2821:flow:0a7bf45be75c	SESSION-6634561e4b2b2821 → flow:0a7bf45be75c
flow_observed4-aryOBS	e:fo:flow:f8d302369066	flow:f8d302369066 → host:172.234.197.23 → host:177.10.239.11 → port:tcp:43515
FLOW_DST_PORTOBS	e:fp:flow:da1cc2692f9e:port:tcp:80	flow:da1cc2692f9e → port:tcp:80
FLOW_TO_HOSTOBS	e:to:SESSION-aec4f33b062c0e6b:host:172.234.197.23	SESSION-aec4f33b062c0e6b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aecaf39909333efc:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-aecaf39909333efc → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f8cba099c11564e8:flow:b4e15c624c90	SESSION-f8cba099c11564e8 → flow:b4e15c624c90
flow_observed5-aryOBS	e:fo:flow:aeda0575aba8	flow:aeda0575aba8 → host:177.10.237.47 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-8b61fb09d40ad349:host:172.234.197.23	SESSION-8b61fb09d40ad349 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-affecc1e92c420cb:host:177.10.234.146:host:172.234.197.23	SESSION-affecc1e92c420cb → host:177.10.234.146 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-99d609228b1b32ef:host:177.10.234.84:host:172.234.197.23	SESSION-99d609228b1b32ef → host:177.10.234.84 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c93e86640e8945ad:host:172.234.197.23	SESSION-c93e86640e8945ad → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-41172116812e3a49:host:172.234.197.23	SESSION-41172116812e3a49 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0dea31b94d7dde57:host:131.196.31.195	SESSION-0dea31b94d7dde57 → host:131.196.31.195
FLOW_FROM_HOSTOBS	e:from:SESSION-14d517e62aef6020:host:37.221.79.128	SESSION-14d517e62aef6020 → host:37.221.79.128
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d8900744845bb6f3:PCAP:capture_20260430110001:43611bdf6759	SESSION-d8900744845bb6f3 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-72859a91c292f326:flow:1373d13393f6	SESSION-72859a91c292f326 → flow:1373d13393f6
FLOW_DST_PORTOBS	e:fp:flow:b51fdfa1efbb:port:tcp:443	flow:b51fdfa1efbb → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-002a4fad2ef08bcf:host:177.10.236.207:host:172.234.197.23	SESSION-002a4fad2ef08bcf → host:177.10.236.207 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afa0e3a30bb0024e:host:131.196.31.240	SESSION-afa0e3a30bb0024e → host:131.196.31.240
flow_observed5-aryOBS	e:fo:flow:63f677001d7d	flow:63f677001d7d → host:177.10.236.176 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-73f1c8de70c12118:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-73f1c8de70c12118 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-41d09b35a7c7bf56:PCAP:capture_20260430090001:065659c7d314	SESSION-41d09b35a7c7bf56 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-c1947a05c179b1d2:host:172.234.197.23	SESSION-c1947a05c179b1d2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-393d4d02c091bd7e:host:172.234.197.23	SESSION-393d4d02c091bd7e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6372f3e6dae2e87f:PCAP:capture_20260430150001:ded20914761d	SESSION-6372f3e6dae2e87f → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f6577138d25ad9e:host:177.10.232.88	SESSION-6f6577138d25ad9e → host:177.10.232.88
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.208:geo_-16.28860_-49.01640	host:177.10.238.208 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-517e17fbfcdc9eaf:host:172.234.197.23	SESSION-517e17fbfcdc9eaf → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9a236c6c04af1f19:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9a236c6c04af1f19 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-997b652ef378c5d4:flow:cff9dae844c6	SESSION-997b652ef378c5d4 → flow:cff9dae844c6
FLOW_TO_HOSTOBS	e:to:SESSION-6ef4dd3d9fcb73b5:host:172.234.197.23	SESSION-6ef4dd3d9fcb73b5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b4af85088cb1b366:host:92.112.71.111	SESSION-b4af85088cb1b366 → host:92.112.71.111
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e883c2ce63ee6e05:PCAP:capture_20260430150001:ded20914761d	SESSION-e883c2ce63ee6e05 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6d3dc2c705a19d83:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6d3dc2c705a19d83 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:85e06e2b4ed1	flow:85e06e2b4ed1 → host:131.196.30.97 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6713221fe5694a6d:host:131.196.30.162	SESSION-6713221fe5694a6d → host:131.196.30.162
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d45c3fc16863e5ef:PCAP:capture_20260430150001:ded20914761d	SESSION-d45c3fc16863e5ef → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.46:asn:262880	host:177.10.232.46 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-74adb0edbcc9dd0a:host:131.196.29.146	SESSION-74adb0edbcc9dd0a → host:131.196.29.146
FLOW_DST_PORTOBS	e:fp:flow:c4c82fc5a59a:port:tcp:22164	flow:c4c82fc5a59a → port:tcp:22164
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1a75f9666a4fd8c5:flow:2c20c026d21d	SESSION-1a75f9666a4fd8c5 → flow:2c20c026d21d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4449fca2fd34af5e:flow:c26cdc0c5253	SESSION-4449fca2fd34af5e → flow:c26cdc0c5253
FLOW_TLS_SNIOBS	e:fs:flow:103321f9936d:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:103321f9936d → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-c8c94fcea26d4cb3:host:45.173.156.30	SESSION-c8c94fcea26d4cb3 → host:45.173.156.30
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f1b581ea0c38fa14:flow:b5ea336c0629	SESSION-f1b581ea0c38fa14 → flow:b5ea336c0629
flow_observed5-aryOBS	e:fo:flow:0cf17e9c0d46	flow:0cf17e9c0d46 → host:177.10.234.215 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-76b0da8a82e9902a:host:177.10.235.137	SESSION-76b0da8a82e9902a → host:177.10.235.137
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b048ecd988d76f67:flow:e013fe153b32	SESSION-b048ecd988d76f67 → flow:e013fe153b32
FLOW_DST_PORTOBS	e:fp:flow:98eeeece514c:port:tcp:22	flow:98eeeece514c → port:tcp:22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-20b9f3feffcc2290:SESSION-20b9f3feffcc2290	SESSION-20b9f3feffcc2290 → pe:tls:SESSION-20b9f3feffcc2290
flow_observed5-aryOBS	e:fo:flow:8fa4bbb2f12f	flow:8fa4bbb2f12f → host:131.196.29.51 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.164:geo_-16.28860_-49.01640	host:177.10.237.164 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-341468c084cc4cf3:host:172.234.197.23:host:177.10.239.220	SESSION-341468c084cc4cf3 → host:172.234.197.23 → host:177.10.239.220
FLOW_TO_HOSTOBS	e:to:SESSION-e88ec164d738844a:host:172.234.197.23	SESSION-e88ec164d738844a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-24f08652bbd6b16b:host:57.128.95.174	SESSION-24f08652bbd6b16b → host:57.128.95.174
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3ea330cf59d2a2f8:host:177.10.237.218:host:172.234.197.23	SESSION-3ea330cf59d2a2f8 → host:177.10.237.218 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ce76d6af7b7d93f:flow:dcd71f326a6e	SESSION-1ce76d6af7b7d93f → flow:dcd71f326a6e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7c6483e185c23934:host:177.10.236.134:host:172.234.197.23	SESSION-7c6483e185c23934 → host:177.10.236.134 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c6936c129ef58e74:host:131.196.28.147	SESSION-c6936c129ef58e74 → host:131.196.28.147
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5e80661c10e8e6e7:PCAP:capture_20260427200001:3ed6eed62060	SESSION-5e80661c10e8e6e7 → PCAP:capture_20260427200001:3ed6eed62060
FLOW_TO_HOSTOBS	e:to:SESSION-b977b804ba3f4edd:host:172.234.197.23	SESSION-b977b804ba3f4edd → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c6e0f5297a66	flow:c6e0f5297a66 → host:131.196.29.105 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5e220c81ec884c58:flow:145bd14ae672	SESSION-5e220c81ec884c58 → flow:145bd14ae672
FLOW_TO_HOSTOBS	e:to:SESSION-d79f2acd73027b39:host:172.234.197.23	SESSION-d79f2acd73027b39 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaf9de21464647a2:host:172.234.197.23	SESSION-eaf9de21464647a2 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.226:asn:262880	host:177.10.235.226 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e6b70cce2b53886b:SESSION-e6b70cce2b53886b	SESSION-e6b70cce2b53886b → pe:tls:SESSION-e6b70cce2b53886b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-1530091b08a9906d:SESSION-1530091b08a9906d	SESSION-1530091b08a9906d → pe:rst:SESSION-1530091b08a9906d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3d0d891734a12161:host:172.234.197.23	SESSION-3d0d891734a12161 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:dcf514f92a72:port:tcp:443	flow:dcf514f92a72 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed37df036f91c955:host:172.234.197.23	SESSION-ed37df036f91c955 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb4d3e328cdf4bcd:SESSION-cb4d3e328cdf4bcd	SESSION-cb4d3e328cdf4bcd → pe:tls:SESSION-cb4d3e328cdf4bcd
FLOW_FROM_HOSTOBS	e:from:SESSION-29bf5bdb9e3850fd:host:172.234.197.23	SESSION-29bf5bdb9e3850fd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-032a0dfc971c5b00:flow:a57a86bd2d87	SESSION-032a0dfc971c5b00 → flow:a57a86bd2d87
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7d87083f9dd8844d:flow:5049b00b9614	SESSION-7d87083f9dd8844d → flow:5049b00b9614
FLOW_DST_PORTOBS	e:fp:flow:96a000e25c40:port:tcp:443	flow:96a000e25c40 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.189:asn:262880	host:177.10.238.189 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-38485db7731deeee:flow:e87d8b46b4b2	SESSION-38485db7731deeee → flow:e87d8b46b4b2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-244625927b0e7703:flow:edb17132cf14	SESSION-244625927b0e7703 → flow:edb17132cf14
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0fe99f41b36441fa:flow:01b74c686b48	SESSION-0fe99f41b36441fa → flow:01b74c686b48
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.215:asn:273470	host:45.173.156.215 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6c92725f4a9fb4a7:SESSION-6c92725f4a9fb4a7	SESSION-6c92725f4a9fb4a7 → pe:syn:SESSION-6c92725f4a9fb4a7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68e98907ffe6aa24:host:172.234.197.23	SESSION-68e98907ffe6aa24 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1f082f9fe3332438:host:177.10.236.26:host:172.234.197.23	SESSION-1f082f9fe3332438 → host:177.10.236.26 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-810f814d66b016e7:host:172.234.197.23	SESSION-810f814d66b016e7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7dea1c67796075ab:flow:78dd53e84e2c	SESSION-7dea1c67796075ab → flow:78dd53e84e2c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-44c3a4d4ec5442f2:flow:7e0530f5b553	SESSION-44c3a4d4ec5442f2 → flow:7e0530f5b553
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a60794a5b314271e:flow:7f9f21fabb0b	SESSION-a60794a5b314271e → flow:7f9f21fabb0b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-90972096b6b00a4b:SESSION-90972096b6b00a4b	SESSION-90972096b6b00a4b → pe:tls:SESSION-90972096b6b00a4b
flow_observed5-aryOBS	e:fo:flow:afe32a0820ec	flow:afe32a0820ec → host:177.10.236.239 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69c66b3db447dca1:host:177.10.234.15	SESSION-69c66b3db447dca1 → host:177.10.234.15
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-6d95ea715a47abbc:BSG-BEACON-c5c416645e2f	SESSION-6d95ea715a47abbc → BSG-BEACON-c5c416645e2f
FLOW_TO_HOSTOBS	e:to:SESSION-394efd35512401c0:host:172.234.197.23	SESSION-394efd35512401c0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7121cc7b6361:port:tcp:443	flow:7121cc7b6361 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.148:geo_-23.62930_-46.63510	host:131.196.31.148 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.230:asn:262880	host:177.10.236.230 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-54d5efa8aa8025c4:PCAP:capture_20260430090001:065659c7d314	SESSION-54d5efa8aa8025c4 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.255:geo_-16.28860_-49.01640	host:177.10.235.255 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16b33dfc60975324:host:172.234.197.23	SESSION-16b33dfc60975324 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6010f1ab3b1ee9c7:host:92.112.71.183:host:172.234.197.23	SESSION-6010f1ab3b1ee9c7 → host:92.112.71.183 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f6bbc079dc776bc:host:172.234.197.23	SESSION-1f6bbc079dc776bc → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:744c88bd6df1	flow:744c88bd6df1 → host:177.10.239.94 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:654cced2e929:port:tcp:14898	flow:654cced2e929 → port:tcp:14898
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-561fca01c9d6b351:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-561fca01c9d6b351 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-2e0b5328aa075dd2:host:131.196.29.69	SESSION-2e0b5328aa075dd2 → host:131.196.29.69
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9eda278d49363b57:PCAP:capture_20260430150001:ded20914761d	SESSION-9eda278d49363b57 → PCAP:capture_20260430150001:ded20914761d
flow_observed4-aryOBS	e:fo:flow:624258993193	flow:624258993193 → host:172.234.197.23 → host:177.10.235.55 → port:tcp:39260
flow_observed5-aryOBS	e:fo:flow:56b16aab94d2	flow:56b16aab94d2 → host:131.196.30.129 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-347229f80efdfaa4:SESSION-347229f80efdfaa4	SESSION-347229f80efdfaa4 → pe:tls:SESSION-347229f80efdfaa4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-35228babc2ac6e48:SESSION-35228babc2ac6e48	SESSION-35228babc2ac6e48 → pe:tls:SESSION-35228babc2ac6e48
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a846b5687af75eeb:PCAP:capture_20260430150001:ded20914761d	SESSION-a846b5687af75eeb → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a3a44f67a1174447:SESSION-a3a44f67a1174447	SESSION-a3a44f67a1174447 → pe:syn:SESSION-a3a44f67a1174447
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7eabead80f81736f:flow:9ea1c5ffb1e1	SESSION-7eabead80f81736f → flow:9ea1c5ffb1e1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-332b957940cff81b:SESSION-332b957940cff81b	SESSION-332b957940cff81b → pe:syn:SESSION-332b957940cff81b
FLOW_DST_PORTOBS	e:fp:flow:179393637920:port:tcp:443	flow:179393637920 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.220:geo_-16.28860_-49.01640	host:177.10.237.220 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:c559408cb1c8:port:tcp:59182	flow:c559408cb1c8 → port:tcp:59182
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47ac7feaf227c129:flow:cb05e49e69ec	SESSION-47ac7feaf227c129 → flow:cb05e49e69ec
FLOW_TO_HOSTOBS	e:to:SESSION-045a77174f347205:host:172.234.197.23	SESSION-045a77174f347205 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4f016f4a38011f9c:SESSION-4f016f4a38011f9c	SESSION-4f016f4a38011f9c → pe:tls:SESSION-4f016f4a38011f9c
FLOW_FROM_HOSTOBS	e:from:SESSION-9335dee651513692:host:177.10.232.207	SESSION-9335dee651513692 → host:177.10.232.207
flow_observed5-aryOBS	e:fo:flow:a88eed846aeb	flow:a88eed846aeb → host:177.10.232.212 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.145:geo_-23.62930_-46.63510	host:131.196.30.145 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fed96f9f16ada01c:host:172.234.197.23:host:131.196.28.170	SESSION-fed96f9f16ada01c → host:172.234.197.23 → host:131.196.28.170
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c8bfb1726ad64d7:host:172.234.197.23	SESSION-3c8bfb1726ad64d7 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5c7e706032fa	flow:5c7e706032fa → host:131.196.29.146 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc399ebe92ddbae6:SESSION-cc399ebe92ddbae6	SESSION-cc399ebe92ddbae6 → pe:syn:SESSION-cc399ebe92ddbae6
flow_observed5-aryOBS	e:fo:flow:e9c7cc68a121	flow:e9c7cc68a121 → host:177.10.238.16 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-d4341cc9426e2382:host:177.10.238.171	SESSION-d4341cc9426e2382 → host:177.10.238.171
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d4af1d7a3219c207:SESSION-d4af1d7a3219c207	SESSION-d4af1d7a3219c207 → pe:tls:SESSION-d4af1d7a3219c207
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d5e50cd91d4ac54:host:131.196.28.113	SESSION-5d5e50cd91d4ac54 → host:131.196.28.113
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-182527d04a349453:SESSION-182527d04a349453	SESSION-182527d04a349453 → pe:syn:SESSION-182527d04a349453
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6d6666ae3e8c32da:SESSION-6d6666ae3e8c32da	SESSION-6d6666ae3e8c32da → pe:syn:SESSION-6d6666ae3e8c32da
FLOW_TO_HOSTOBS	e:to:SESSION-588e177edbf40597:host:172.234.197.23	SESSION-588e177edbf40597 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-37451ceb7f45e2a3:SESSION-37451ceb7f45e2a3	SESSION-37451ceb7f45e2a3 → pe:syn:SESSION-37451ceb7f45e2a3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-deb97792675d8a5d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-deb97792675d8a5d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f0cdd1d919af3f4a:SESSION-f0cdd1d919af3f4a	SESSION-f0cdd1d919af3f4a → pe:syn:SESSION-f0cdd1d919af3f4a
flow_observed5-aryOBS	e:fo:flow:d5957e7d54a0	flow:d5957e7d54a0 → host:177.10.239.176 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-6109906c198ad0ac:host:172.234.197.23	SESSION-6109906c198ad0ac → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-333a850c89106bc0:host:177.10.237.70:host:172.234.197.23	SESSION-333a850c89106bc0 → host:177.10.237.70 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1842fb1b2a9a6572:host:172.234.197.23	SESSION-1842fb1b2a9a6572 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:98f29b91e66a:port:tcp:443	flow:98f29b91e66a → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d60f9952407f0d18:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-d60f9952407f0d18 → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8a3bc2c7dd7e8bd1:SESSION-8a3bc2c7dd7e8bd1	SESSION-8a3bc2c7dd7e8bd1 → pe:tls:SESSION-8a3bc2c7dd7e8bd1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df3beb1e5143a102:host:131.196.30.205	SESSION-df3beb1e5143a102 → host:131.196.30.205
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8c18109925f9685a:host:177.10.237.122:host:172.234.197.23	SESSION-8c18109925f9685a → host:177.10.237.122 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db858a9d0e579c0c:host:177.10.239.94:host:172.234.197.23	SESSION-db858a9d0e579c0c → host:177.10.239.94 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-361f1ea86b9f3cf3:flow:bc43384c18c9	SESSION-361f1ea86b9f3cf3 → flow:bc43384c18c9
FLOW_TO_HOSTOBS	e:to:SESSION-777f9d135946568c:host:177.10.232.159	SESSION-777f9d135946568c → host:177.10.232.159
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-993efaa98cc6a9ac:SESSION-993efaa98cc6a9ac	SESSION-993efaa98cc6a9ac → pe:syn:SESSION-993efaa98cc6a9ac
flow_observed5-aryOBS	e:fo:flow:773dd2f1e445	flow:773dd2f1e445 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-17fce8ea46af65f2:PCAP:capture_20260430070001:903a0e7a436b	SESSION-17fce8ea46af65f2 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e652971bc7c2d2d5:host:131.196.29.240:host:172.234.197.23	SESSION-e652971bc7c2d2d5 → host:131.196.29.240 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3a6f73143abd0c86:SESSION-3a6f73143abd0c86	SESSION-3a6f73143abd0c86 → pe:syn:SESSION-3a6f73143abd0c86
FLOW_DST_PORTOBS	e:fp:flow:1ed341656f40:port:tcp:443	flow:1ed341656f40 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9b22fd3d92fd3016:SESSION-9b22fd3d92fd3016	SESSION-9b22fd3d92fd3016 → pe:tls:SESSION-9b22fd3d92fd3016
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2def334ee7bae1e1:SESSION-2def334ee7bae1e1	SESSION-2def334ee7bae1e1 → pe:syn:SESSION-2def334ee7bae1e1
flow_observed5-aryOBS	e:fo:flow:8ea02b6f9852	flow:8ea02b6f9852 → host:177.10.238.97 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-e9e5b45e575f3797:host:177.10.232.97	SESSION-e9e5b45e575f3797 → host:177.10.232.97
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.239:geo_41.02140_28.99480	host:37.221.79.239 → geo_41.02140_28.99480
FLOW_TO_HOSTOBS	e:to:SESSION-6798e98bad768e0d:host:172.234.197.23	SESSION-6798e98bad768e0d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f83bf77e11c8adb3:host:177.10.239.78:host:172.234.197.23	SESSION-f83bf77e11c8adb3 → host:177.10.239.78 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-017fcd2c03e3a5c1:flow:8d9fc7278c00	SESSION-017fcd2c03e3a5c1 → flow:8d9fc7278c00
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea2b78fffe48f844:host:131.196.28.204	SESSION-ea2b78fffe48f844 → host:131.196.28.204
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8e2a1b696130dd57:flow:c9e3aedcd058	SESSION-8e2a1b696130dd57 → flow:c9e3aedcd058
FLOW_DST_PORTOBS	e:fp:flow:8037dcc8826c:port:tcp:443	flow:8037dcc8826c → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-75f19254cb816cbd:host:2.57.122.197	SESSION-75f19254cb816cbd → host:2.57.122.197
FLOW_FROM_HOSTOBS	e:from:SESSION-49f6aac001a41393:host:177.10.233.109	SESSION-49f6aac001a41393 → host:177.10.233.109
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ca59997a1fd2235:SESSION-2ca59997a1fd2235	SESSION-2ca59997a1fd2235 → pe:syn:SESSION-2ca59997a1fd2235
FLOW_TO_HOSTOBS	e:to:SESSION-a2e73cad916b1394:host:172.234.197.23	SESSION-a2e73cad916b1394 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2338a143c0830527:flow:f0f43f14c846	SESSION-2338a143c0830527 → flow:f0f43f14c846
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dd58ba429e3d894b:SESSION-dd58ba429e3d894b	SESSION-dd58ba429e3d894b → pe:tls:SESSION-dd58ba429e3d894b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-de12aa9c0bf7f485:flow:9ff212dda63b	SESSION-de12aa9c0bf7f485 → flow:9ff212dda63b
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.95:asn:271410	host:131.196.30.95 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0acd91014f6238ed:SESSION-0acd91014f6238ed	SESSION-0acd91014f6238ed → pe:tls:SESSION-0acd91014f6238ed
FLOW_DST_PORTOBS	e:fp:flow:010c8d6bcc21:port:tcp:443	flow:010c8d6bcc21 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0612d11703a94cf9:host:92.112.71.176:host:172.234.197.23	SESSION-0612d11703a94cf9 → host:92.112.71.176 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2daf8cded5fb19ed:host:136.243.57.208:host:172.234.197.23	SESSION-2daf8cded5fb19ed → host:136.243.57.208 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6a72e7bc5d973ed2:host:131.196.31.140:host:172.234.197.23	SESSION-6a72e7bc5d973ed2 → host:131.196.31.140 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6a936b4b3a73fb0c:host:172.234.197.23	SESSION-6a936b4b3a73fb0c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cf7044e44d29be7c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-cf7044e44d29be7c → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-527af3b786e52b88:host:177.10.237.226:host:172.234.197.23	SESSION-527af3b786e52b88 → host:177.10.237.226 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.174:geo_-21.10010_-41.69200	host:45.173.156.174 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-21e452657508b689:host:177.10.236.153	SESSION-21e452657508b689 → host:177.10.236.153
FLOW_TO_HOSTOBS	e:to:SESSION-84a1a640eb0d0e14:host:172.234.197.23	SESSION-84a1a640eb0d0e14 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-69b211b684a77852:flow:88ea342ab17d	SESSION-69b211b684a77852 → flow:88ea342ab17d
flow_observed5-aryOBS	e:fo:flow:4edef4e070ab	flow:4edef4e070ab → host:45.173.156.85 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-606a9e702080ed7e:host:131.196.31.93:host:172.234.197.23	SESSION-606a9e702080ed7e → host:131.196.31.93 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8b0b2d1539d6	flow:8b0b2d1539d6 → host:177.10.235.14 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-998c67ab79f4e23e:host:177.10.236.122	SESSION-998c67ab79f4e23e → host:177.10.236.122
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa515f25c4c77655:PCAP:capture_20260430060001:919b39a74464	SESSION-aa515f25c4c77655 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a466e26c77a91e3:host:177.10.239.196	SESSION-9a466e26c77a91e3 → host:177.10.239.196
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-95c23d407c86213b:SESSION-95c23d407c86213b	SESSION-95c23d407c86213b → pe:syn:SESSION-95c23d407c86213b
FLOW_FROM_HOSTOBS	e:from:SESSION-55ef1be4460b895e:host:131.196.31.3	SESSION-55ef1be4460b895e → host:131.196.31.3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-83ce9ba3d421fc3f:flow:054340c43d7f	SESSION-83ce9ba3d421fc3f → flow:054340c43d7f
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.35:asn:262880	host:177.10.233.35 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-df8de933ba817d8f:host:172.234.197.23	SESSION-df8de933ba817d8f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d9466ee8fbea2465:SESSION-d9466ee8fbea2465	SESSION-d9466ee8fbea2465 → pe:syn:SESSION-d9466ee8fbea2465
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a22fc187bcc4d705:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-a22fc187bcc4d705 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-7e0284f837155748:host:172.234.197.23	SESSION-7e0284f837155748 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d4f3c3204c65c6f4:SESSION-d4f3c3204c65c6f4	SESSION-d4f3c3204c65c6f4 → pe:syn:SESSION-d4f3c3204c65c6f4
FLOW_DST_PORTOBS	e:fp:flow:80e3cf1c3f31:port:tcp:80	flow:80e3cf1c3f31 → port:tcp:80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-976978a22e52e06d:host:172.234.197.23:host:177.10.235.231	SESSION-976978a22e52e06d → host:172.234.197.23 → host:177.10.235.231
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4b859feadb239919:PCAP:capture_20260430090001:065659c7d314	SESSION-4b859feadb239919 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-9e8879d591cbfcd7:host:172.234.197.23	SESSION-9e8879d591cbfcd7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c36eb4dd059a78a3:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c36eb4dd059a78a3 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:224dc220eca8	flow:224dc220eca8 → host:131.196.28.162 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-ac3ac59e74f457a2:host:177.10.233.240	SESSION-ac3ac59e74f457a2 → host:177.10.233.240
flow_observed4-aryOBS	e:fo:flow:e0d8beafc856	flow:e0d8beafc856 → host:172.234.197.23 → host:45.173.156.3 → port:tcp:24088
FLOW_TO_HOSTOBS	e:to:SESSION-8b14f4f7e9ebbac1:host:172.234.197.23	SESSION-8b14f4f7e9ebbac1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b7f75116e650c71:host:177.10.237.101:host:172.234.197.23	SESSION-7b7f75116e650c71 → host:177.10.237.101 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7b308d2f7d4fdfaa:SESSION-7b308d2f7d4fdfaa	SESSION-7b308d2f7d4fdfaa → pe:tls:SESSION-7b308d2f7d4fdfaa
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7aec1fe7f0c7787b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-7aec1fe7f0c7787b → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4f1cb2d411cdd6d7:SESSION-4f1cb2d411cdd6d7	SESSION-4f1cb2d411cdd6d7 → pe:syn:SESSION-4f1cb2d411cdd6d7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-375dced119266894:host:177.10.235.46	SESSION-375dced119266894 → host:177.10.235.46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9072e99a39ab8173:host:172.234.197.23	SESSION-9072e99a39ab8173 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:86aa11a315d0	flow:86aa11a315d0 → host:177.10.236.165 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fc2888c0eb9bd2ad:SESSION-fc2888c0eb9bd2ad	SESSION-fc2888c0eb9bd2ad → pe:syn:SESSION-fc2888c0eb9bd2ad
flow_observed3-aryOBS	e:fo:flow:c11de5831f54	flow:c11de5831f54 → host:34.216.76.26 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7141588dcb909c75:SESSION-7141588dcb909c75	SESSION-7141588dcb909c75 → pe:tls:SESSION-7141588dcb909c75
FLOW_TO_HOSTOBS	e:to:SESSION-3d526a62cd76fa97:host:172.234.197.23	SESSION-3d526a62cd76fa97 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-142a24cb96c02884:host:131.196.30.138	SESSION-142a24cb96c02884 → host:131.196.30.138
FLOW_DST_PORTOBS	e:fp:flow:a8d9f4468145:port:tcp:443	flow:a8d9f4468145 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e41a4ef6cc929c5:host:131.196.29.48:host:172.234.197.23	SESSION-7e41a4ef6cc929c5 → host:131.196.29.48 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d52381659b8aa3f:host:177.10.238.53	SESSION-8d52381659b8aa3f → host:177.10.238.53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-745809bcd8ad6979:host:172.234.197.23	SESSION-745809bcd8ad6979 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3c10724e1713	flow:3c10724e1713 → host:45.145.152.13 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-97a722c9ef92a65e:host:172.234.197.23	SESSION-97a722c9ef92a65e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-63e564f28f734573:host:172.234.197.23	SESSION-63e564f28f734573 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-da6e864635febf48:flow:650010dca645	SESSION-da6e864635febf48 → flow:650010dca645
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5a78d91cebd5172f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5a78d91cebd5172f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f92c0af2b04d2b16:host:45.173.156.183	SESSION-f92c0af2b04d2b16 → host:45.173.156.183
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8a1214f59f834d98:SESSION-8a1214f59f834d98	SESSION-8a1214f59f834d98 → pe:tls:SESSION-8a1214f59f834d98
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.219:geo_-23.62930_-46.63510	host:131.196.30.219 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:3a0edaf239a2:port:tcp:8633	flow:3a0edaf239a2 → port:tcp:8633
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5206c0f0c9583a29:SESSION-5206c0f0c9583a29	SESSION-5206c0f0c9583a29 → pe:syn:SESSION-5206c0f0c9583a29
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-53fc35cd2bdb80ce:host:177.10.238.30	SESSION-53fc35cd2bdb80ce → host:177.10.238.30
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eadecea9d5615d15:host:37.221.79.120:host:172.234.197.23	SESSION-eadecea9d5615d15 → host:37.221.79.120 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-048f9271a2e27be7:PCAP:capture_20260430060001:919b39a74464	SESSION-048f9271a2e27be7 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c32ee209d5d1aa5e:host:172.234.197.23:host:131.196.29.95	SESSION-c32ee209d5d1aa5e → host:172.234.197.23 → host:131.196.29.95
FLOW_TO_HOSTOBS	e:to:SESSION-f9ee22ced6a72efa:host:172.234.197.23	SESSION-f9ee22ced6a72efa → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:576c55007fd6	flow:576c55007fd6 → host:177.10.232.253 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-28af2e1f4e778075:PCAP:capture_20260430050001:8868731bf8a4	SESSION-28af2e1f4e778075 → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.112:geo_-16.28860_-49.01640	host:177.10.233.112 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-280b0d78f93705fd:SESSION-280b0d78f93705fd	SESSION-280b0d78f93705fd → pe:rst:SESSION-280b0d78f93705fd
FLOW_FROM_HOSTOBS	e:from:SESSION-ec86a4c74825774a:host:131.196.31.63	SESSION-ec86a4c74825774a → host:131.196.31.63
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.43:geo_-16.28860_-49.01640	host:177.10.236.43 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:4023081e4eab	flow:4023081e4eab → host:172.234.197.23 → host:213.209.159.159 → port:tcp:5546
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.225:asn:262880	host:177.10.237.225 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0d9e3720b73bcaea:SESSION-0d9e3720b73bcaea	SESSION-0d9e3720b73bcaea → pe:syn:SESSION-0d9e3720b73bcaea
flow_observed5-aryOBS	e:fo:flow:b951a656f8db	flow:b951a656f8db → host:131.196.28.217 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-cc399ebe92ddbae6:host:45.173.156.211	SESSION-cc399ebe92ddbae6 → host:45.173.156.211
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a6ed96bf23ac2f6b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a6ed96bf23ac2f6b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-98544383f10b4583:flow:44efce266f3b	SESSION-98544383f10b4583 → flow:44efce266f3b
flow_observed5-aryOBS	e:fo:flow:beb643cc4247	flow:beb643cc4247 → host:177.10.234.146 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0ca3b8aea25b593:host:45.173.156.221	SESSION-b0ca3b8aea25b593 → host:45.173.156.221
FLOW_TO_HOSTOBS	e:to:SESSION-ceaacc21db1a34ae:host:177.10.237.71	SESSION-ceaacc21db1a34ae → host:177.10.237.71
FLOW_FROM_HOSTOBS	e:from:SESSION-077636b939c69f3b:host:92.112.71.131	SESSION-077636b939c69f3b → host:92.112.71.131
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a1d9624273099964:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a1d9624273099964 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ab686f0f0916fec6:host:13.53.140.247:host:172.234.197.23	SESSION-ab686f0f0916fec6 → host:13.53.140.247 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-019264e09ceae880:host:172.234.197.23	SESSION-019264e09ceae880 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9b95e1310dc4ff34:host:131.196.30.125:host:172.234.197.23	SESSION-9b95e1310dc4ff34 → host:131.196.30.125 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c05cd50533aa04ad:host:131.196.31.52	SESSION-c05cd50533aa04ad → host:131.196.31.52
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9c68429e2f7bfcd9:SESSION-9c68429e2f7bfcd9	SESSION-9c68429e2f7bfcd9 → pe:tls:SESSION-9c68429e2f7bfcd9
flow_observed5-aryOBS	e:fo:flow:f2febbd542f8	flow:f2febbd542f8 → host:85.11.167.8 → host:172.234.197.23 → port:tcp:80 → svc:http
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.150:asn:271410	host:131.196.31.150 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.162:geo_-23.62930_-46.63510	host:131.196.29.162 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-31068e75a101287d:host:177.10.234.155	SESSION-31068e75a101287d → host:177.10.234.155
flow_observed5-aryOBS	e:fo:flow:77c4e561c87b	flow:77c4e561c87b → host:131.196.28.214 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:027d214e6f11:port:tcp:443	flow:027d214e6f11 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-588e177edbf40597:host:131.196.28.40:host:172.234.197.23	SESSION-588e177edbf40597 → host:131.196.28.40 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb59d1b27c368873:host:177.10.236.22	SESSION-cb59d1b27c368873 → host:177.10.236.22
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.129:asn:273470	host:45.173.156.129 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e49f7df60935172:host:177.10.236.129	SESSION-4e49f7df60935172 → host:177.10.236.129
FLOW_DST_PORTOBS	e:fp:flow:dd46417013ed:port:tcp:443	flow:dd46417013ed → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.159:asn:271410	host:131.196.28.159 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e883c2ce63ee6e05:flow:8aa8cac023d8	SESSION-e883c2ce63ee6e05 → flow:8aa8cac023d8
FLOW_DST_PORTOBS	e:fp:flow:b55125dd0018:port:tcp:443	flow:b55125dd0018 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d585afab4eb6ac7e:host:172.234.197.23:host:177.10.235.187	SESSION-d585afab4eb6ac7e → host:172.234.197.23 → host:177.10.235.187
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-222c821677f323de:host:45.173.156.198	SESSION-222c821677f323de → host:45.173.156.198
FLOW_FROM_HOSTOBS	e:from:SESSION-92484e45d6e7b321:host:172.234.197.23	SESSION-92484e45d6e7b321 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-244625927b0e7703:host:177.10.235.213	SESSION-244625927b0e7703 → host:177.10.235.213
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f0835af6109bb7c1:SESSION-f0835af6109bb7c1	SESSION-f0835af6109bb7c1 → pe:syn:SESSION-f0835af6109bb7c1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c05cd50533aa04ad:host:131.196.31.52:host:172.234.197.23	SESSION-c05cd50533aa04ad → host:131.196.31.52 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9500d9b64493d052:SESSION-9500d9b64493d052	SESSION-9500d9b64493d052 → pe:tls:SESSION-9500d9b64493d052
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7569a7ee383f653c:SESSION-7569a7ee383f653c	SESSION-7569a7ee383f653c → pe:syn:SESSION-7569a7ee383f653c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8de6c1be9d0210fa:flow:8eef3970e8dd	SESSION-8de6c1be9d0210fa → flow:8eef3970e8dd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ef18db4a9eedd9d:host:131.196.29.139	SESSION-2ef18db4a9eedd9d → host:131.196.29.139
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7828bb27afafcc71:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7828bb27afafcc71 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d815390d9091f577:SESSION-d815390d9091f577	SESSION-d815390d9091f577 → pe:syn:SESSION-d815390d9091f577
flow_observed4-aryOBS	e:fo:flow:cc284845b732	flow:cc284845b732 → host:172.234.197.23 → host:177.10.234.164 → port:tcp:44772
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9427f5c2202c5258:host:177.10.239.148:host:172.234.197.23	SESSION-9427f5c2202c5258 → host:177.10.239.148 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8de37a87806b5e4:host:172.234.197.23	SESSION-e8de37a87806b5e4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:74ec24f6b294:port:tcp:443	flow:74ec24f6b294 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-414bf7406e62b7e2:host:177.10.239.112	SESSION-414bf7406e62b7e2 → host:177.10.239.112
flow_observed4-aryOBS	e:fo:flow:1254a28c0960	flow:1254a28c0960 → host:172.234.197.23 → host:45.173.156.84 → port:tcp:12763
FLOW_TO_HOSTOBS	e:to:SESSION-d47d434116add089:host:131.196.31.105	SESSION-d47d434116add089 → host:131.196.31.105
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7ff9648a7e097bde:flow:afd09763fa29	SESSION-7ff9648a7e097bde → flow:afd09763fa29
FLOW_FROM_HOSTOBS	e:from:SESSION-72e48e4dc313a64d:host:172.234.197.23	SESSION-72e48e4dc313a64d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-122c3f68e4c2a7ca:host:177.10.233.95	SESSION-122c3f68e4c2a7ca → host:177.10.233.95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e50b84c66ab32ef:SESSION-7e50b84c66ab32ef	SESSION-7e50b84c66ab32ef → pe:syn:SESSION-7e50b84c66ab32ef
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f67ce0567774b305:SESSION-f67ce0567774b305	SESSION-f67ce0567774b305 → pe:tls:SESSION-f67ce0567774b305
FLOW_DST_PORTOBS	e:fp:flow:aeca250f29dc:port:tcp:443	flow:aeca250f29dc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-df6efecba493c79c:SESSION-df6efecba493c79c	SESSION-df6efecba493c79c → pe:syn:SESSION-df6efecba493c79c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31126205fa7b72e3:host:172.234.197.23	SESSION-31126205fa7b72e3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ddf14cd5aa65	flow:ddf14cd5aa65 → host:131.196.31.6 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.27:geo_41.00190_28.96450	host:92.112.71.27 → geo_41.00190_28.96450
FLOW_DST_PORTOBS	e:fp:flow:3b8b26a46ac2:port:tcp:55282	flow:3b8b26a46ac2 → port:tcp:55282
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4b859feadb239919:SESSION-4b859feadb239919	SESSION-4b859feadb239919 → pe:syn:SESSION-4b859feadb239919
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-71d059e3750765d4:host:172.234.197.23	SESSION-71d059e3750765d4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30e9e6bd80ef39ea:host:172.234.197.23	SESSION-30e9e6bd80ef39ea → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3ea9485b82ac2233:host:177.10.234.144:host:172.234.197.23	SESSION-3ea9485b82ac2233 → host:177.10.234.144 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.125:geo_-16.28860_-49.01640	host:177.10.233.125 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:99660646d967:port:tcp:443	flow:99660646d967 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-d32b9643240d8a79:host:172.234.197.23	SESSION-d32b9643240d8a79 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5496341eed0b869:host:131.196.29.150	SESSION-e5496341eed0b869 → host:131.196.29.150
FLOW_FROM_HOSTOBS	e:from:SESSION-1410d14cf4ff2548:host:177.10.233.49	SESSION-1410d14cf4ff2548 → host:177.10.233.49
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-acae490ef1211ca7:host:177.10.237.40:host:172.234.197.23	SESSION-acae490ef1211ca7 → host:177.10.237.40 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5ed2dc2be6795ae2:SESSION-5ed2dc2be6795ae2	SESSION-5ed2dc2be6795ae2 → pe:syn:SESSION-5ed2dc2be6795ae2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7301756ca24c49ab:PCAP:capture_20260430060001:919b39a74464	SESSION-7301756ca24c49ab → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-501c474d8a937a90:SESSION-501c474d8a937a90	SESSION-501c474d8a937a90 → pe:dns:SESSION-501c474d8a937a90
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6cfabb521c7f73a1:SESSION-6cfabb521c7f73a1	SESSION-6cfabb521c7f73a1 → pe:tls:SESSION-6cfabb521c7f73a1
FLOW_FROM_HOSTOBS	e:from:SESSION-17084582559fbd8c:host:172.234.197.23	SESSION-17084582559fbd8c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ef8854f2d4650c5:flow:287e33120754	SESSION-2ef8854f2d4650c5 → flow:287e33120754
flow_observed4-aryOBS	e:fo:flow:85fc1fdd3721	flow:85fc1fdd3721 → host:172.234.197.23 → host:177.10.239.151 → port:tcp:45105
flow_observed4-aryOBS	e:fo:flow:4ba06b514d2b	flow:4ba06b514d2b → host:172.234.197.23 → host:131.196.29.151 → port:tcp:10892
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93d8ace0d48e8910:host:177.10.232.19	SESSION-93d8ace0d48e8910 → host:177.10.232.19
FLOW_TO_HOSTOBS	e:to:SESSION-39cfa534eb7ca418:host:177.10.234.76	SESSION-39cfa534eb7ca418 → host:177.10.234.76
flow_observed5-aryOBS	e:fo:flow:f9d5c4236faa	flow:f9d5c4236faa → host:177.10.239.113 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-623bfc839a4f3b4e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-623bfc839a4f3b4e → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-a24ab62cbf4deb47:host:172.234.197.23	SESSION-a24ab62cbf4deb47 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c3e3260e9cc0:port:tcp:22787	flow:c3e3260e9cc0 → port:tcp:22787
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7d861e0bc561d261:SESSION-7d861e0bc561d261	SESSION-7d861e0bc561d261 → pe:tls:SESSION-7d861e0bc561d261
flow_observed5-aryOBS	e:fo:flow:f56a15af06b9	flow:f56a15af06b9 → host:131.196.28.128 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-848ab23bc1105d57:host:131.196.31.166:host:172.234.197.23	SESSION-848ab23bc1105d57 → host:131.196.31.166 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6dcacced517b07e8:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6dcacced517b07e8 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:a1208b68c508	flow:a1208b68c508 → host:131.196.29.29 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0228dcfe5eb3ed0e:SESSION-0228dcfe5eb3ed0e	SESSION-0228dcfe5eb3ed0e → pe:tls:SESSION-0228dcfe5eb3ed0e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-660bfab63a10a518:host:172.234.197.23	SESSION-660bfab63a10a518 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a7bf37c238cc392:host:131.196.30.135	SESSION-4a7bf37c238cc392 → host:131.196.30.135
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-054885aa6e2323da:host:172.234.197.23	SESSION-054885aa6e2323da → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8de302c0e306721c:host:172.234.197.23:host:177.10.239.102	SESSION-8de302c0e306721c → host:172.234.197.23 → host:177.10.239.102
FLOW_DST_PORTOBS	e:fp:flow:e0430cbe48d4:port:tcp:443	flow:e0430cbe48d4 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:5741256ce11e	flow:5741256ce11e → host:177.10.237.39 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ad31d7217a236b09:host:172.234.197.23:host:177.10.237.14	SESSION-ad31d7217a236b09 → host:172.234.197.23 → host:177.10.237.14
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.33:geo_-23.62930_-46.63510	host:131.196.30.33 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f479797471e82d6b:host:172.234.197.23	SESSION-f479797471e82d6b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1418649c62d3:port:tcp:443	flow:1418649c62d3 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-7d6af4ef287316d5:host:177.10.238.190	SESSION-7d6af4ef287316d5 → host:177.10.238.190
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a6cc06f30e6c05bb:host:131.196.28.44:host:172.234.197.23	SESSION-a6cc06f30e6c05bb → host:131.196.28.44 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-846d654fbba579ab:SESSION-846d654fbba579ab	SESSION-846d654fbba579ab → pe:syn:SESSION-846d654fbba579ab
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.71:geo_-23.62930_-46.63510	host:131.196.31.71 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:c06bd4f04746:port:tcp:443	flow:c06bd4f04746 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-3ad1374907e690a1:host:172.234.197.23	SESSION-3ad1374907e690a1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96c13a83414ab25f:PCAP:capture_20260430050001:8868731bf8a4	SESSION-96c13a83414ab25f → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-14d517e62aef6020:host:37.221.79.128:host:172.234.197.23	SESSION-14d517e62aef6020 → host:37.221.79.128 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1b4aebfef6c24ca0:host:177.10.236.42	SESSION-1b4aebfef6c24ca0 → host:177.10.236.42
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2713dc0653d6ae5:host:131.196.30.81	SESSION-e2713dc0653d6ae5 → host:131.196.30.81
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-114b93c0875a1701:flow:16f141b8a376	SESSION-114b93c0875a1701 → flow:16f141b8a376
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c1aa9055f8e3197b:SESSION-c1aa9055f8e3197b	SESSION-c1aa9055f8e3197b → pe:tls:SESSION-c1aa9055f8e3197b
flow_observed3-aryOBS	e:fo:flow:8b3b3d47a40d	flow:8b3b3d47a40d → host:54.149.68.137 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe84550c6b54c988:host:172.234.197.23	SESSION-fe84550c6b54c988 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e9497f317705308:host:172.234.197.23	SESSION-8e9497f317705308 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9f9f6272f7b6:port:tcp:443	flow:9f9f6272f7b6 → port:tcp:443
ASN_IN_ORGOBS 80%	e:ao:asn:7018:org:AT&T Enterprises, LLC	asn:7018 → org:AT&T Enterprises, LLC
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-90e5db50c9887f08:SESSION-90e5db50c9887f08	SESSION-90e5db50c9887f08 → pe:syn:SESSION-90e5db50c9887f08
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ddfef5208babd34:host:177.10.238.236	SESSION-6ddfef5208babd34 → host:177.10.238.236
FLOW_TO_HOSTOBS	e:to:SESSION-17133b7d31116a9e:host:45.173.156.170	SESSION-17133b7d31116a9e → host:45.173.156.170
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4614700214209776:flow:ad28e31e7902	SESSION-4614700214209776 → flow:ad28e31e7902
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-edaec15d65a63fe7:host:177.10.239.96	SESSION-edaec15d65a63fe7 → host:177.10.239.96
FLOW_FROM_HOSTOBS	e:from:SESSION-dd05928698dec5c4:host:131.196.30.20	SESSION-dd05928698dec5c4 → host:131.196.30.20
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9c08b167ed56233b:host:177.10.239.241:host:172.234.197.23	SESSION-9c08b167ed56233b → host:177.10.239.241 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cf2d710eb7a0f34a:host:131.196.28.43	SESSION-cf2d710eb7a0f34a → host:131.196.28.43
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ca6098e1767361a3:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ca6098e1767361a3 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-52ffcd7f81b035e2:host:131.196.29.75	SESSION-52ffcd7f81b035e2 → host:131.196.29.75
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9af79ddb47e5c950:host:172.234.197.23	SESSION-9af79ddb47e5c950 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-87b50db5a64a4926:SESSION-87b50db5a64a4926	SESSION-87b50db5a64a4926 → pe:syn:SESSION-87b50db5a64a4926
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.238:geo_-21.10010_-41.69200	host:45.173.156.238 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-442d12ad40b35d12:host:172.234.197.23	SESSION-442d12ad40b35d12 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-846d654fbba579ab:host:54.91.240.230	SESSION-846d654fbba579ab → host:54.91.240.230
FLOW_DST_PORTOBS	e:fp:flow:6c40783bfbe0:port:tcp:443	flow:6c40783bfbe0 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a5a0c98ce5f67db5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a5a0c98ce5f67db5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b2586028491b4edc:host:172.234.197.23:host:177.10.233.195	SESSION-b2586028491b4edc → host:172.234.197.23 → host:177.10.233.195
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db858a9d0e579c0c:SESSION-db858a9d0e579c0c	SESSION-db858a9d0e579c0c → pe:tls:SESSION-db858a9d0e579c0c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37bca0dc2914cafb:host:172.234.197.23	SESSION-37bca0dc2914cafb → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b0dab8159384d982:host:131.196.31.19	SESSION-b0dab8159384d982 → host:131.196.31.19
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc0003e096ddb203:host:172.234.197.23	SESSION-cc0003e096ddb203 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d32b9643240d8a79:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d32b9643240d8a79 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-846d654fbba579ab:host:54.91.240.230	SESSION-846d654fbba579ab → host:54.91.240.230
FLOW_FROM_HOSTOBS	e:from:SESSION-4fb4b7758d99e149:host:172.234.197.23	SESSION-4fb4b7758d99e149 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eb243e65e2b1808d:SESSION-eb243e65e2b1808d	SESSION-eb243e65e2b1808d → pe:syn:SESSION-eb243e65e2b1808d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4e8d87fd06149df:host:172.234.197.23	SESSION-b4e8d87fd06149df → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be196df3d425cb31:host:177.10.234.39	SESSION-be196df3d425cb31 → host:177.10.234.39
FLOW_TO_HOSTOBS	e:to:SESSION-36f4c424d3b5f86e:host:172.234.197.23	SESSION-36f4c424d3b5f86e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e2fb5dc0a769:port:tcp:20055	flow:e2fb5dc0a769 → port:tcp:20055
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da377d395ffcc3d3:host:172.234.197.23	SESSION-da377d395ffcc3d3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ff6c08aab12a	flow:ff6c08aab12a → host:131.196.30.28 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-378aa47dbf901697:host:172.234.197.23	SESSION-378aa47dbf901697 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7928f63a898f7aac:host:177.10.233.219	SESSION-7928f63a898f7aac → host:177.10.233.219
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d8c774bbe3f97971:flow:1c25e14dd3be	SESSION-d8c774bbe3f97971 → flow:1c25e14dd3be
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a47ed447671c9b0b:SESSION-a47ed447671c9b0b	SESSION-a47ed447671c9b0b → pe:tls:SESSION-a47ed447671c9b0b
FLOW_FROM_HOSTOBS	e:from:SESSION-c21627d8f6f11a27:host:172.234.197.23	SESSION-c21627d8f6f11a27 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-675cba805cfc6bb8:host:172.234.197.23	SESSION-675cba805cfc6bb8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fc3065336ab4dc3e:flow:08c7002b42a3	SESSION-fc3065336ab4dc3e → flow:08c7002b42a3
FLOW_FROM_HOSTOBS	e:from:SESSION-41eaa3dd80eab155:host:45.173.156.193	SESSION-41eaa3dd80eab155 → host:45.173.156.193
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fad613e75ea639b5:PCAP:capture_20260430050001:8868731bf8a4	SESSION-fad613e75ea639b5 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1a9948d7535bcfa1:SESSION-1a9948d7535bcfa1	SESSION-1a9948d7535bcfa1 → pe:tls:SESSION-1a9948d7535bcfa1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ad62b54803b59875:SESSION-ad62b54803b59875	SESSION-ad62b54803b59875 → pe:syn:SESSION-ad62b54803b59875
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-75bc03759038657d:SESSION-75bc03759038657d	SESSION-75bc03759038657d → pe:tls:SESSION-75bc03759038657d
FLOW_DST_PORTOBS	e:fp:flow:3646d9aa9585:port:tcp:17692	flow:3646d9aa9585 → port:tcp:17692
FLOW_DST_PORTOBS	e:fp:flow:cb6541d20503:port:tcp:29698	flow:cb6541d20503 → port:tcp:29698
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eadecea9d5615d15:PCAP:capture_20260428010001:b1b402c7b202	SESSION-eadecea9d5615d15 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-97c8a314f3fd1c5a:PCAP:capture_20260430160001:9bfa4498506a	SESSION-97c8a314f3fd1c5a → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f482eb7fd49a3f1b:flow:b20cde943d03	SESSION-f482eb7fd49a3f1b → flow:b20cde943d03
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4341cc9426e2382:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d4341cc9426e2382 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:dd631d17b504:port:tcp:443	flow:dd631d17b504 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f60661a19246ebd9:host:172.234.197.23	SESSION-f60661a19246ebd9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-17fb8dd67040757e:flow:53668eb96100	SESSION-17fb8dd67040757e → flow:53668eb96100
FLOW_FROM_HOSTOBS	e:from:SESSION-f0dd74fd8f314e65:host:45.173.156.55	SESSION-f0dd74fd8f314e65 → host:45.173.156.55
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-040c9c1730fd990c:host:131.196.31.227:host:172.234.197.23	SESSION-040c9c1730fd990c → host:131.196.31.227 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:634c06e7731f:port:tcp:443	flow:634c06e7731f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1213fdeaeb0b4e25:SESSION-1213fdeaeb0b4e25	SESSION-1213fdeaeb0b4e25 → pe:syn:SESSION-1213fdeaeb0b4e25
FLOW_DST_PORTOBS	e:fp:flow:5961da0e448a:port:tcp:443	flow:5961da0e448a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-6635e725f15c4a26:host:131.196.31.30	SESSION-6635e725f15c4a26 → host:131.196.31.30
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2b6fa392d99e4e2:host:177.10.232.198	SESSION-c2b6fa392d99e4e2 → host:177.10.232.198
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fbe82bcd0d20589:host:172.234.197.23	SESSION-5fbe82bcd0d20589 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ecb67f73d2142d93:flow:472c7e82ce31	SESSION-ecb67f73d2142d93 → flow:472c7e82ce31
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-58ff4ad892ea2c04:host:131.196.28.87:host:172.234.197.23	SESSION-58ff4ad892ea2c04 → host:131.196.28.87 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9db977289667177f:PCAP:capture_20260430060001:919b39a74464	SESSION-9db977289667177f → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:6c03c0136ad8:port:tcp:23367	flow:6c03c0136ad8 → port:tcp:23367
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.116:asn:271410	host:131.196.28.116 → asn:271410
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-d6c09b181dae043f:BSG-BEACON-e07f4250263f	SESSION-d6c09b181dae043f → BSG-BEACON-e07f4250263f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d3dc2c705a19d83:host:172.234.197.23	SESSION-6d3dc2c705a19d83 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-31de31d3c82f498d:host:172.234.197.23:host:131.196.31.107	SESSION-31de31d3c82f498d → host:172.234.197.23 → host:131.196.31.107
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64913b40dfec355f:host:172.234.197.23	SESSION-64913b40dfec355f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c7ece8090c9a4b7f:host:177.10.234.89	SESSION-c7ece8090c9a4b7f → host:177.10.234.89
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9f49b20c8baea20b:PCAP:capture_20260430090001:065659c7d314	SESSION-9f49b20c8baea20b → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:4d7367284527:port:tcp:443	flow:4d7367284527 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e4bb5568f0e725a3:PCAP:capture_20260430110001:43611bdf6759	SESSION-e4bb5568f0e725a3 → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.206:asn:273470	host:45.173.156.206 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-98544383f10b4583:host:177.10.239.196	SESSION-98544383f10b4583 → host:177.10.239.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e8879d591cbfcd7:host:172.234.197.23	SESSION-9e8879d591cbfcd7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d18ddb12cf5478af:flow:ca33735becee	SESSION-d18ddb12cf5478af → flow:ca33735becee
FLOW_DST_PORTOBS	e:fp:flow:d93f22ce77fe:port:tcp:443	flow:d93f22ce77fe → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-51bc0a4af53b62cc:SESSION-51bc0a4af53b62cc	SESSION-51bc0a4af53b62cc → pe:syn:SESSION-51bc0a4af53b62cc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5ad7ae70426d3354:SESSION-5ad7ae70426d3354	SESSION-5ad7ae70426d3354 → pe:syn:SESSION-5ad7ae70426d3354
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fb6fbeeb95cb61c8:host:177.10.238.20:host:172.234.197.23	SESSION-fb6fbeeb95cb61c8 → host:177.10.238.20 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-019d89e6bcaa6e4e:host:172.234.197.23	SESSION-019d89e6bcaa6e4e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01e03a84392b1398:host:177.10.237.10	SESSION-01e03a84392b1398 → host:177.10.237.10
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a9273620e0aaedc:host:172.234.197.23:host:177.10.238.63	SESSION-8a9273620e0aaedc → host:172.234.197.23 → host:177.10.238.63
FLOW_FROM_HOSTOBS	e:from:SESSION-eb243e65e2b1808d:host:177.10.237.117	SESSION-eb243e65e2b1808d → host:177.10.237.117
FLOW_FROM_HOSTOBS	e:from:SESSION-7f971b95dedbfd9a:host:131.196.30.213	SESSION-7f971b95dedbfd9a → host:131.196.30.213
FLOW_FROM_HOSTOBS	e:from:SESSION-415d7b69c6628cc7:host:172.234.197.23	SESSION-415d7b69c6628cc7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fc2888c0eb9bd2ad:host:172.234.197.23	SESSION-fc2888c0eb9bd2ad → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-678637d3dc5962bf:host:172.234.197.23	SESSION-678637d3dc5962bf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c422154c7899227e:host:172.234.197.23	SESSION-c422154c7899227e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9e540dbaefa45433:SESSION-9e540dbaefa45433	SESSION-9e540dbaefa45433 → pe:tls:SESSION-9e540dbaefa45433
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f0fa0972c78e2ef:host:177.10.239.51	SESSION-6f0fa0972c78e2ef → host:177.10.239.51
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-34a5ce0f23d7a2a1:SESSION-34a5ce0f23d7a2a1	SESSION-34a5ce0f23d7a2a1 → pe:tls:SESSION-34a5ce0f23d7a2a1
flow_observed5-aryOBS	e:fo:flow:415a498bc6a3	flow:415a498bc6a3 → host:45.173.156.110 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.219:geo_41.00190_28.96450	host:92.112.71.219 → geo_41.00190_28.96450
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.67:asn:262880	host:177.10.233.67 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:798c9865fb79:port:tcp:443	flow:798c9865fb79 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:5b833fe29bb1:port:tcp:443	flow:5b833fe29bb1 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b5f77768a227f3c:host:177.10.237.212	SESSION-0b5f77768a227f3c → host:177.10.237.212
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-89fe4f171fdbfa97:SESSION-89fe4f171fdbfa97	SESSION-89fe4f171fdbfa97 → pe:syn:SESSION-89fe4f171fdbfa97
flow_observed4-aryOBS	e:fo:flow:4b4999df1225	flow:4b4999df1225 → host:172.234.197.23 → host:177.10.233.59 → port:tcp:25824
FLOW_FROM_HOSTOBS	e:from:SESSION-23fc04533211debf:host:45.173.156.165	SESSION-23fc04533211debf → host:45.173.156.165
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3675340578297917:flow:2b2e4340e11b	SESSION-3675340578297917 → flow:2b2e4340e11b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-44593e1f87cfdd92:PCAP:capture_20260430160001:9bfa4498506a	SESSION-44593e1f87cfdd92 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0393cf21271be7e9:host:172.234.197.23	SESSION-0393cf21271be7e9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c3601b8f3a6cf17:host:177.10.234.97	SESSION-7c3601b8f3a6cf17 → host:177.10.234.97
HOST_IN_ASNOBS 85%	e:ha:host:95.135.228.136:asn:203771	host:95.135.228.136 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa51bce6270c7d63:SESSION-aa51bce6270c7d63	SESSION-aa51bce6270c7d63 → pe:syn:SESSION-aa51bce6270c7d63
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-28d0a7763ce2861c:SESSION-28d0a7763ce2861c	SESSION-28d0a7763ce2861c → pe:tls:SESSION-28d0a7763ce2861c
flow_observed4-aryOBS	e:fo:flow:2b2e4340e11b	flow:2b2e4340e11b → host:172.234.197.23 → host:131.196.28.205 → port:tcp:49113
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a70682fed3cc6c8:host:177.10.233.220	SESSION-8a70682fed3cc6c8 → host:177.10.233.220
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.34:asn:271410	host:131.196.29.34 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:54.245.183.167:asn:16509	host:54.245.183.167 → asn:16509
FLOW_FROM_HOSTOBS	e:from:SESSION-6ae8012f8306fedb:host:177.10.238.251	SESSION-6ae8012f8306fedb → host:177.10.238.251
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-710eb7de55f51893:host:172.234.197.23	SESSION-710eb7de55f51893 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3df4a18d0a97	flow:3df4a18d0a97 → host:45.173.156.38 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76cec71360f7a00a:host:172.234.197.23	SESSION-76cec71360f7a00a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9ffa027db374a629:SESSION-9ffa027db374a629	SESSION-9ffa027db374a629 → pe:syn:SESSION-9ffa027db374a629
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a83465e2bbc20296:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a83465e2bbc20296 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47982c1c81b3c1d7:PCAP:capture_20260430070001:903a0e7a436b	SESSION-47982c1c81b3c1d7 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:1472db5bfc99:port:tcp:443	flow:1472db5bfc99 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.245:asn:262880	host:177.10.236.245 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.60:geo_-23.62930_-46.63510	host:131.196.30.60 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-598f28b8a9577970:SESSION-598f28b8a9577970	SESSION-598f28b8a9577970 → pe:tls:SESSION-598f28b8a9577970
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3fa29bafd0740f46:flow:a4b0ee19d173	SESSION-3fa29bafd0740f46 → flow:a4b0ee19d173
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0c7d8b58da7be6c5:SESSION-0c7d8b58da7be6c5	SESSION-0c7d8b58da7be6c5 → pe:tls:SESSION-0c7d8b58da7be6c5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ceaf5a04e9815b11:SESSION-ceaf5a04e9815b11	SESSION-ceaf5a04e9815b11 → pe:syn:SESSION-ceaf5a04e9815b11
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fc5634306e23209a:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-fc5634306e23209a → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-2966a121f8fe86e9:host:172.234.197.23	SESSION-2966a121f8fe86e9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4799248f1ba6e544:host:177.10.232.222	SESSION-4799248f1ba6e544 → host:177.10.232.222
FLOW_TO_HOSTOBS	e:to:SESSION-512816cd1ae61d60:host:172.234.197.23	SESSION-512816cd1ae61d60 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-79f857f82eac6daa:SESSION-79f857f82eac6daa	SESSION-79f857f82eac6daa → pe:syn:SESSION-79f857f82eac6daa
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-288ea97e67f438e3:flow:4a24348b282d	SESSION-288ea97e67f438e3 → flow:4a24348b282d
flow_observed5-aryOBS	e:fo:flow:eddc440ccdc9	flow:eddc440ccdc9 → host:177.10.236.169 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:36ebab8ca775:port:tcp:443	flow:36ebab8ca775 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-66fe61e0e919e0c7:host:131.196.29.76	SESSION-66fe61e0e919e0c7 → host:131.196.29.76
FLOW_TO_HOSTOBS	e:to:SESSION-316231fad61f009e:host:172.234.197.23	SESSION-316231fad61f009e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-d7bf020c0439ffaa:SESSION-d7bf020c0439ffaa	SESSION-d7bf020c0439ffaa → pe:rst:SESSION-d7bf020c0439ffaa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dae67c02b176a3ce:host:177.10.239.138	SESSION-dae67c02b176a3ce → host:177.10.239.138
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-24ac712a23adf430:flow:6db8ecd7eb72	SESSION-24ac712a23adf430 → flow:6db8ecd7eb72
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.78:geo_-21.10010_-41.69200	host:45.173.156.78 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-25a3718851106c53:host:131.196.29.126:host:172.234.197.23	SESSION-25a3718851106c53 → host:131.196.29.126 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:964813f28710	flow:964813f28710 → host:177.10.234.52 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96c334cbd5a64077:host:172.234.197.23	SESSION-96c334cbd5a64077 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b91cc7f2039924f2:host:172.234.197.23	SESSION-b91cc7f2039924f2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a3643dbad405bac1:host:172.234.197.23	SESSION-a3643dbad405bac1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5252ca05229eda25:host:172.234.197.23	SESSION-5252ca05229eda25 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d33ef29909b4f2d5:host:172.234.197.23	SESSION-d33ef29909b4f2d5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4886aa3300be1da9:host:172.234.197.23	SESSION-4886aa3300be1da9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1fb163f3769ccb67:flow:43e026d41eaa	SESSION-1fb163f3769ccb67 → flow:43e026d41eaa
FLOW_TO_HOSTOBS	e:to:SESSION-d32ea7105612ce28:host:131.196.30.59	SESSION-d32ea7105612ce28 → host:131.196.30.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee9fbb8d7f6cf47b:host:177.10.239.149	SESSION-ee9fbb8d7f6cf47b → host:177.10.239.149
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9eb08591878d33c:host:131.196.30.132	SESSION-c9eb08591878d33c → host:131.196.30.132
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-decb8c6a12a4d67a:host:172.234.197.23	SESSION-decb8c6a12a4d67a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf9713fb7209fcf9:host:177.10.232.184	SESSION-bf9713fb7209fcf9 → host:177.10.232.184
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8cb5baa2c4d67a55:host:131.196.28.248	SESSION-8cb5baa2c4d67a55 → host:131.196.28.248
flow_observed5-aryOBS	e:fo:flow:41b84374eed5	flow:41b84374eed5 → host:31.40.196.2 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3bb178420802ca16:SESSION-3bb178420802ca16	SESSION-3bb178420802ca16 → pe:tls:SESSION-3bb178420802ca16
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f130592ce1f7f0fb:flow:7f816c2a0cdd	SESSION-f130592ce1f7f0fb → flow:7f816c2a0cdd
FLOW_FROM_HOSTOBS	e:from:SESSION-c05cd50533aa04ad:host:131.196.31.52	SESSION-c05cd50533aa04ad → host:131.196.31.52
FLOW_DST_PORTOBS	e:fp:flow:dd35d042edae:port:tcp:443	flow:dd35d042edae → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e3916b0aa19b751:host:172.234.197.23	SESSION-0e3916b0aa19b751 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5816b4a8f681ef76:host:177.10.233.192	SESSION-5816b4a8f681ef76 → host:177.10.233.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-355b17fab14031de:SESSION-355b17fab14031de	SESSION-355b17fab14031de → pe:syn:SESSION-355b17fab14031de
flow_observed5-aryOBS	e:fo:flow:19e5b730c332	flow:19e5b730c332 → host:131.196.30.195 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:a3e5489924b1	flow:a3e5489924b1 → host:172.234.197.23 → host:131.196.30.187 → port:tcp:8842
FLOW_FROM_HOSTOBS	e:from:SESSION-cbc4338326105aa3:host:172.234.197.23	SESSION-cbc4338326105aa3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-a60100c841341ace:SESSION-a60100c841341ace	SESSION-a60100c841341ace → pe:rst:SESSION-a60100c841341ace
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ef3fadfeb89ec1c3:SESSION-ef3fadfeb89ec1c3	SESSION-ef3fadfeb89ec1c3 → pe:tls:SESSION-ef3fadfeb89ec1c3
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-6631f08e8c06a9b6:BSG-BEACON-9f226d1d4d6f	SESSION-6631f08e8c06a9b6 → BSG-BEACON-9f226d1d4d6f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8fcd4a12026b870e:host:131.196.31.98:host:172.234.197.23	SESSION-8fcd4a12026b870e → host:131.196.31.98 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b6dd65fa073f3265:flow:160f1437aa00	SESSION-b6dd65fa073f3265 → flow:160f1437aa00
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e0a8afad40ce0aa2:SESSION-e0a8afad40ce0aa2	SESSION-e0a8afad40ce0aa2 → pe:syn:SESSION-e0a8afad40ce0aa2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.206:asn:262880	host:177.10.235.206 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aab54ece2b0af0b4:SESSION-aab54ece2b0af0b4	SESSION-aab54ece2b0af0b4 → pe:syn:SESSION-aab54ece2b0af0b4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-637d01fb7fe8b725:PCAP:capture_20260430090001:065659c7d314	SESSION-637d01fb7fe8b725 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-6da898acb6c07034:host:177.10.233.192	SESSION-6da898acb6c07034 → host:177.10.233.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8293f5a95baa645a:host:172.234.197.23	SESSION-8293f5a95baa645a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3108c78e87d1	flow:3108c78e87d1 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33fdac1ad6f47ac8:host:172.234.197.23	SESSION-33fdac1ad6f47ac8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e0b8f15e6ec3ec0f:SESSION-e0b8f15e6ec3ec0f	SESSION-e0b8f15e6ec3ec0f → pe:tls:SESSION-e0b8f15e6ec3ec0f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-34da31e596580b61:SESSION-34da31e596580b61	SESSION-34da31e596580b61 → pe:syn:SESSION-34da31e596580b61
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d82c2d4eaa13efdb:host:172.234.197.23:host:131.196.31.80	SESSION-d82c2d4eaa13efdb → host:172.234.197.23 → host:131.196.31.80
FLOW_TO_HOSTOBS	e:to:SESSION-9de9d154fbb04a83:host:172.234.197.23	SESSION-9de9d154fbb04a83 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e6b5909bb3b3:port:tcp:44183	flow:e6b5909bb3b3 → port:tcp:44183
FLOW_DST_PORTOBS	e:fp:flow:c664a3f725a3:port:tcp:443	flow:c664a3f725a3 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.60:geo_-23.62930_-46.63510	host:131.196.28.60 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-21ced843a950a21a:host:172.234.197.23:host:177.10.233.112	SESSION-21ced843a950a21a → host:172.234.197.23 → host:177.10.233.112
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0f20859a8cab5c7a:SESSION-0f20859a8cab5c7a	SESSION-0f20859a8cab5c7a → pe:syn:SESSION-0f20859a8cab5c7a
FLOW_FROM_HOSTOBS	e:from:SESSION-1ffcf84507219fc2:host:172.234.197.23	SESSION-1ffcf84507219fc2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8fe8ab751bca	flow:8fe8ab751bca → host:131.196.29.15 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cf1b38a91c361f4b:host:177.10.235.64:host:172.234.197.23	SESSION-cf1b38a91c361f4b → host:177.10.235.64 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1718a7391604	flow:1718a7391604 → host:131.196.30.56 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f7ca91f03ba114f2:host:44.246.129.80	SESSION-f7ca91f03ba114f2 → host:44.246.129.80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48bb234f8161dc4f:host:172.234.197.23	SESSION-48bb234f8161dc4f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9804aaba4767b862:SESSION-9804aaba4767b862	SESSION-9804aaba4767b862 → pe:syn:SESSION-9804aaba4767b862
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-95229c7c61064646:host:177.10.233.70:host:172.234.197.23	SESSION-95229c7c61064646 → host:177.10.233.70 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-715e4cea63e7cde7:host:177.10.232.27	SESSION-715e4cea63e7cde7 → host:177.10.232.27
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7d87083f9dd8844d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-7d87083f9dd8844d → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e5392ca321cb1ed:host:131.196.29.85	SESSION-6e5392ca321cb1ed → host:131.196.29.85
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fae3464e58310370:host:177.10.234.61:host:172.234.197.23	SESSION-fae3464e58310370 → host:177.10.234.61 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-52edfb1e7fe307be:flow:12dede9deba0	SESSION-52edfb1e7fe307be → flow:12dede9deba0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fcb174e83803b1f7:host:131.196.29.85:host:172.234.197.23	SESSION-fcb174e83803b1f7 → host:131.196.29.85 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69b211b684a77852:host:177.10.236.72	SESSION-69b211b684a77852 → host:177.10.236.72
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de1fc6391256943a:host:131.196.30.183	SESSION-de1fc6391256943a → host:131.196.30.183
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6511e777b0d792c1:host:45.173.156.212:host:172.234.197.23	SESSION-6511e777b0d792c1 → host:45.173.156.212 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38d81f2383b0ad0b:host:177.10.232.219	SESSION-38d81f2383b0ad0b → host:177.10.232.219
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d220051223525d86:flow:de8975ee43cf	SESSION-d220051223525d86 → flow:de8975ee43cf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e09f613cd450ebc9:SESSION-e09f613cd450ebc9	SESSION-e09f613cd450ebc9 → pe:tls:SESSION-e09f613cd450ebc9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc3065336ab4dc3e:host:172.234.197.23	SESSION-fc3065336ab4dc3e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ea1b99f43729:port:tcp:3881	flow:ea1b99f43729 → port:tcp:3881
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f5347add21fd9245:SESSION-f5347add21fd9245	SESSION-f5347add21fd9245 → pe:tls:SESSION-f5347add21fd9245
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.73:geo_-16.28860_-49.01640	host:177.10.237.73 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-309223c775254000:host:172.234.197.23	SESSION-309223c775254000 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-66f42b3418de6818:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-66f42b3418de6818 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ad7ae70426d3354:flow:34b9193bd10f	SESSION-5ad7ae70426d3354 → flow:34b9193bd10f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59e3e2edbc9b18fa:host:172.234.197.23	SESSION-59e3e2edbc9b18fa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b47e385ca946fd94:host:172.234.197.23	SESSION-b47e385ca946fd94 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-662271688fa2b491:host:131.196.28.234	SESSION-662271688fa2b491 → host:131.196.28.234
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-74a0cb408b3fb354:SESSION-74a0cb408b3fb354	SESSION-74a0cb408b3fb354 → pe:syn:SESSION-74a0cb408b3fb354
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c382f6b8063de44f:flow:15572ed67243	SESSION-c382f6b8063de44f → flow:15572ed67243
FLOW_FROM_HOSTOBS	e:from:SESSION-8614773ef8a3b357:host:177.10.233.109	SESSION-8614773ef8a3b357 → host:177.10.233.109
FLOW_DST_PORTOBS	e:fp:flow:9d4afa03dc6f:port:tcp:443	flow:9d4afa03dc6f → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c6936c129ef58e74:flow:0975c7f9052d	SESSION-c6936c129ef58e74 → flow:0975c7f9052d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6cdad751a34344e1:SESSION-6cdad751a34344e1	SESSION-6cdad751a34344e1 → pe:syn:SESSION-6cdad751a34344e1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0146df147eb3c3bd:host:131.196.31.92	SESSION-0146df147eb3c3bd → host:131.196.31.92
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d5e711c3b45ec85:host:172.234.197.23	SESSION-6d5e711c3b45ec85 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-235be73d0ead16ae:SESSION-235be73d0ead16ae	SESSION-235be73d0ead16ae → pe:tls:SESSION-235be73d0ead16ae
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5c9754d7075a4d12:host:172.234.197.23:host:131.196.30.36	SESSION-5c9754d7075a4d12 → host:172.234.197.23 → host:131.196.30.36
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8f2b3515afd502b:host:172.234.197.23	SESSION-b8f2b3515afd502b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c01d0fd13ba220b:host:177.10.239.224	SESSION-0c01d0fd13ba220b → host:177.10.239.224
FLOW_FROM_HOSTOBS	e:from:SESSION-1898da4930ba04f2:host:131.196.31.30	SESSION-1898da4930ba04f2 → host:131.196.31.30
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.212:asn:271410	host:131.196.28.212 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79574872517ba47f:host:172.234.197.23	SESSION-79574872517ba47f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7759d4a46d500e47:host:34.220.91.24	SESSION-7759d4a46d500e47 → host:34.220.91.24
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-99cbc6df23fa1e57:SESSION-99cbc6df23fa1e57	SESSION-99cbc6df23fa1e57 → pe:syn:SESSION-99cbc6df23fa1e57
flow_observed5-aryOBS	e:fo:flow:2700d829f582	flow:2700d829f582 → host:131.196.30.36 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5d1f774a6af2df76:PCAP:capture_20260430060001:919b39a74464	SESSION-5d1f774a6af2df76 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-57d0b948d59d1db4:host:177.10.238.109:host:172.234.197.23	SESSION-57d0b948d59d1db4 → host:177.10.238.109 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a33620a262b3196:SESSION-4a33620a262b3196	SESSION-4a33620a262b3196 → pe:tls:SESSION-4a33620a262b3196
FLOW_TO_HOSTOBS	e:to:SESSION-d0a2ec1133f1da31:host:172.234.197.23	SESSION-d0a2ec1133f1da31 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d45c3fc16863e5ef:host:131.196.30.78	SESSION-d45c3fc16863e5ef → host:131.196.30.78
FLOW_DST_PORTOBS	e:fp:flow:e8999195bf53:port:tcp:39947	flow:e8999195bf53 → port:tcp:39947
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7140a8719778d6c0:host:172.234.197.23	SESSION-7140a8719778d6c0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-54f6eb1f506e4a3a:SESSION-54f6eb1f506e4a3a	SESSION-54f6eb1f506e4a3a → pe:tls:SESSION-54f6eb1f506e4a3a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-905e7318b3a63042:flow:f3381dfc2bf4	SESSION-905e7318b3a63042 → flow:f3381dfc2bf4
FLOW_FROM_HOSTOBS	e:from:SESSION-e36c77c5ab0d7e92:host:57.128.95.174	SESSION-e36c77c5ab0d7e92 → host:57.128.95.174
FLOW_DST_PORTOBS	e:fp:flow:cbd950fb1800:port:tcp:443	flow:cbd950fb1800 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-37ce4ecafac50117:host:177.10.232.220	SESSION-37ce4ecafac50117 → host:177.10.232.220
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.112:geo_-16.28860_-49.01640	host:177.10.238.112 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:c739bac7578a:port:tcp:443	flow:c739bac7578a → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1a7a1da766d51711:SESSION-1a7a1da766d51711	SESSION-1a7a1da766d51711 → pe:syn:SESSION-1a7a1da766d51711
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a5381df0c70f3b63:host:172.234.197.23:host:177.10.232.66	SESSION-a5381df0c70f3b63 → host:172.234.197.23 → host:177.10.232.66
FLOW_FROM_HOSTOBS	e:from:SESSION-d7aef03828b51e64:host:172.234.197.23	SESSION-d7aef03828b51e64 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8087a35b1573	flow:8087a35b1573 → host:131.196.30.106 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-90d4f232d3edc1de:host:172.234.197.23:host:177.10.238.201	SESSION-90d4f232d3edc1de → host:172.234.197.23 → host:177.10.238.201
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-495677aa294b030b:host:177.10.235.147	SESSION-495677aa294b030b → host:177.10.235.147
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1a82d55b52198391:SESSION-1a82d55b52198391	SESSION-1a82d55b52198391 → pe:tls:SESSION-1a82d55b52198391
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ea2e2a37f857a7f:host:177.10.239.35	SESSION-3ea2e2a37f857a7f → host:177.10.239.35
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f255eba3b0795a16:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f255eba3b0795a16 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:35be8d7fc23e:port:tcp:443	flow:35be8d7fc23e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a586e6b93cbc00d:host:172.234.197.23	SESSION-0a586e6b93cbc00d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b5b79680f4b436a5:host:34.216.76.26	SESSION-b5b79680f4b436a5 → host:34.216.76.26
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e872279913929717:flow:690c59565928	SESSION-e872279913929717 → flow:690c59565928
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-970108b06912c1b7:host:172.234.197.23	SESSION-970108b06912c1b7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.211:geo_-16.28860_-49.01640	host:177.10.233.211 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-db98e45dca973468:host:172.234.197.23	SESSION-db98e45dca973468 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:93cfcbc224e1:port:tcp:443	flow:93cfcbc224e1 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-394aeca8e13c39b2:host:45.173.156.133	SESSION-394aeca8e13c39b2 → host:45.173.156.133
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e2b1b7c009dcf05e:flow:bd015446e72b	SESSION-e2b1b7c009dcf05e → flow:bd015446e72b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7c6580975a2d7416:SESSION-7c6580975a2d7416	SESSION-7c6580975a2d7416 → pe:syn:SESSION-7c6580975a2d7416
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e96c97861c631394:host:131.196.29.62:host:172.234.197.23	SESSION-e96c97861c631394 → host:131.196.29.62 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a62ba4cb8390	flow:a62ba4cb8390 → host:131.196.28.32 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.46:geo_-23.62930_-46.63510	host:131.196.28.46 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-b03f12d359ceed54:host:131.196.31.26	SESSION-b03f12d359ceed54 → host:131.196.31.26
FLOW_TO_HOSTOBS	e:to:SESSION-acada2cd7035c790:host:172.234.197.23	SESSION-acada2cd7035c790 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d846bfa2b8f8474d:host:177.10.235.61	SESSION-d846bfa2b8f8474d → host:177.10.235.61
FLOW_TO_HOSTOBS	e:to:SESSION-331f26717743f7bf:host:172.234.197.23	SESSION-331f26717743f7bf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-610b47e21d599964:host:177.10.236.13	SESSION-610b47e21d599964 → host:177.10.236.13
FLOW_FROM_HOSTOBS	e:from:SESSION-2f93cb0de4645e47:host:131.196.31.29	SESSION-2f93cb0de4645e47 → host:131.196.31.29
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5c7330336192768:PCAP:capture_20260430110001:43611bdf6759	SESSION-b5c7330336192768 → PCAP:capture_20260430110001:43611bdf6759
flow_observed4-aryOBS	e:fo:flow:d17061662425	flow:d17061662425 → host:172.234.197.23 → host:45.173.156.120 → port:tcp:43763
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e167d585a8e48501:SESSION-e167d585a8e48501	SESSION-e167d585a8e48501 → pe:syn:SESSION-e167d585a8e48501
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ea5a5c8bbfcfd548:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-ea5a5c8bbfcfd548 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:fe7e1e129435:port:tcp:443	flow:fe7e1e129435 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:5b849e915364	flow:5b849e915364 → host:172.234.197.23 → host:45.173.156.185 → port:tcp:10885
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-38298ff8ded7155d:SESSION-38298ff8ded7155d	SESSION-38298ff8ded7155d → pe:syn:SESSION-38298ff8ded7155d
FLOW_FROM_HOSTOBS	e:from:SESSION-c98ee522a60a5600:host:177.10.236.6	SESSION-c98ee522a60a5600 → host:177.10.236.6
FLOW_TO_HOSTOBS	e:to:SESSION-d5aeffc2a4b56ba0:host:172.234.197.23	SESSION-d5aeffc2a4b56ba0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-710eb7de55f51893:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-710eb7de55f51893 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c70bd35e108ab91c:flow:89b547a4b5d8	SESSION-c70bd35e108ab91c → flow:89b547a4b5d8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4f2a561db8449259:SESSION-4f2a561db8449259	SESSION-4f2a561db8449259 → pe:tls:SESSION-4f2a561db8449259
flow_observed4-aryOBS	e:fo:flow:df5a8f8b6956	flow:df5a8f8b6956 → host:172.234.197.23 → host:131.196.28.241 → port:tcp:54610
FLOW_FROM_HOSTOBS	e:from:SESSION-f19cc3e0ef766dd7:host:172.234.197.23	SESSION-f19cc3e0ef766dd7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5405d05650907428:flow:90755bcc0d94	SESSION-5405d05650907428 → flow:90755bcc0d94
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5133340de07cf838:host:131.196.30.226:host:172.234.197.23	SESSION-5133340de07cf838 → host:131.196.30.226 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5e8651e0c063dc0a:host:172.234.197.23:host:177.10.232.212	SESSION-5e8651e0c063dc0a → host:172.234.197.23 → host:177.10.232.212
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-526fa727f8be74e3:host:177.10.239.86	SESSION-526fa727f8be74e3 → host:177.10.239.86
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.149:geo_-23.62930_-46.63510	host:131.196.28.149 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9466cbe9e9dd26aa:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9466cbe9e9dd26aa → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ba4a623ca0c8731:host:172.234.197.23:host:177.10.237.116	SESSION-6ba4a623ca0c8731 → host:172.234.197.23 → host:177.10.237.116
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a5f9d16efb179df1:flow:1f92222490cc	SESSION-a5f9d16efb179df1 → flow:1f92222490cc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-23f94e137932a031:host:177.10.236.61:host:172.234.197.23	SESSION-23f94e137932a031 → host:177.10.236.61 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3baedacad496627d:host:172.234.197.23	SESSION-3baedacad496627d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97231868d06ff2ed:host:172.234.197.23	SESSION-97231868d06ff2ed → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc7ab250b87b35be:SESSION-cc7ab250b87b35be	SESSION-cc7ab250b87b35be → pe:syn:SESSION-cc7ab250b87b35be
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.188:asn:262880	host:177.10.237.188 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-1191ea69c7b9e8e5:SESSION-1191ea69c7b9e8e5	SESSION-1191ea69c7b9e8e5 → pe:rst:SESSION-1191ea69c7b9e8e5
FLOW_FROM_HOSTOBS	e:from:SESSION-2997df12bb4a545b:host:177.10.233.87	SESSION-2997df12bb4a545b → host:177.10.233.87
FLOW_DST_PORTOBS	e:fp:flow:f6be814c9910:port:tcp:443	flow:f6be814c9910 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-4883770547012399:host:45.173.156.129	SESSION-4883770547012399 → host:45.173.156.129
FLOW_TO_HOSTOBS	e:to:SESSION-27d66e2c1260cc5f:host:177.10.238.43	SESSION-27d66e2c1260cc5f → host:177.10.238.43
FLOW_FROM_HOSTOBS	e:from:SESSION-9b5948254caf12dd:host:177.10.238.216	SESSION-9b5948254caf12dd → host:177.10.238.216
FLOW_DST_PORTOBS	e:fp:flow:1bdfdcdcdcb1:port:tcp:443	flow:1bdfdcdcdcb1 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2dd1a49fa9f1084b:SESSION-2dd1a49fa9f1084b	SESSION-2dd1a49fa9f1084b → pe:syn:SESSION-2dd1a49fa9f1084b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.240:asn:262880	host:177.10.232.240 → asn:262880
flow_observed5-aryOBS	e:fo:flow:615fb32b3639	flow:615fb32b3639 → host:131.196.30.220 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-11e7a161068ba48e:host:177.10.234.69	SESSION-11e7a161068ba48e → host:177.10.234.69
FLOW_TO_HOSTOBS	e:to:SESSION-aad95c97a46f4b66:host:172.234.197.23	SESSION-aad95c97a46f4b66 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:75ebfafff6d6	flow:75ebfafff6d6 → host:177.10.239.8 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-b70d9bf346b75217:host:177.10.239.59	SESSION-b70d9bf346b75217 → host:177.10.239.59
FLOW_FROM_HOSTOBS	e:from:SESSION-0bcd74883eff8339:host:172.234.197.23	SESSION-0bcd74883eff8339 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce6819df966f00de:host:172.234.197.23	SESSION-ce6819df966f00de → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c0f2dd55f138:port:udp:53	flow:c0f2dd55f138 → port:udp:53
flow_observed5-aryOBS	e:fo:flow:aafd37b28fd5	flow:aafd37b28fd5 → host:131.196.29.91 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:23a083c73ae6	flow:23a083c73ae6 → host:177.10.233.39 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:b2f4e26cdd4a	flow:b2f4e26cdd4a → host:177.10.239.249 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2af2d979895f4943:SESSION-2af2d979895f4943	SESSION-2af2d979895f4943 → pe:syn:SESSION-2af2d979895f4943
FLOW_FROM_HOSTOBS	e:from:SESSION-46cfffaa3fdb7f1d:host:172.234.197.23	SESSION-46cfffaa3fdb7f1d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e4dd8b9d1b64d369:host:131.196.29.203	SESSION-e4dd8b9d1b64d369 → host:131.196.29.203
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-079c82b45cfad420:host:172.234.197.23:host:177.10.237.169	SESSION-079c82b45cfad420 → host:172.234.197.23 → host:177.10.237.169
FLOW_DST_PORTOBS	e:fp:flow:7942cfe9505f:port:tcp:443	flow:7942cfe9505f → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-ac69dcbefbb93dfd:host:131.196.28.167	SESSION-ac69dcbefbb93dfd → host:131.196.28.167
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4eeddeaeae099136:SESSION-4eeddeaeae099136	SESSION-4eeddeaeae099136 → pe:syn:SESSION-4eeddeaeae099136
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ffb3444ca3f5caf:host:177.10.233.126:host:172.234.197.23	SESSION-1ffb3444ca3f5caf → host:177.10.233.126 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5804e26655ff1a06:host:131.196.30.231	SESSION-5804e26655ff1a06 → host:131.196.30.231
FLOW_FROM_HOSTOBS	e:from:SESSION-8136a084d82536a6:host:95.135.228.10	SESSION-8136a084d82536a6 → host:95.135.228.10
FLOW_FROM_HOSTOBS	e:from:SESSION-6c83a3382d975674:host:177.10.234.26	SESSION-6c83a3382d975674 → host:177.10.234.26
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d508940aefc84528:SESSION-d508940aefc84528	SESSION-d508940aefc84528 → pe:syn:SESSION-d508940aefc84528
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-39d5adc1c22dd7ee:SESSION-39d5adc1c22dd7ee	SESSION-39d5adc1c22dd7ee → pe:tls:SESSION-39d5adc1c22dd7ee
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-2c24cbdb3e7b273c:SESSION-2c24cbdb3e7b273c	SESSION-2c24cbdb3e7b273c → pe:rst:SESSION-2c24cbdb3e7b273c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.93:geo_-16.28860_-49.01640	host:177.10.235.93 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3a44f67a1174447:host:172.234.197.23	SESSION-a3a44f67a1174447 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.169:geo_-16.28860_-49.01640	host:177.10.236.169 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b8b9e098330595b:host:177.10.239.210	SESSION-8b8b9e098330595b → host:177.10.239.210
FLOW_TO_HOSTOBS	e:to:SESSION-b7f9cc68ffb76114:host:172.234.197.23	SESSION-b7f9cc68ffb76114 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-16ea01a17fc6b7f7:flow:e52630dccfec	SESSION-16ea01a17fc6b7f7 → flow:e52630dccfec
flow_observed5-aryOBS	e:fo:flow:5434ce9d30fa	flow:5434ce9d30fa → host:67.219.103.9 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-91c3828e0c41fbe7:SESSION-91c3828e0c41fbe7	SESSION-91c3828e0c41fbe7 → pe:syn:SESSION-91c3828e0c41fbe7
FLOW_FROM_HOSTOBS	e:from:SESSION-0efcb065a58cc475:host:172.234.197.23	SESSION-0efcb065a58cc475 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.183:asn:203771	host:92.112.71.183 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-93c7fae83342c58e:SESSION-93c7fae83342c58e	SESSION-93c7fae83342c58e → pe:tls:SESSION-93c7fae83342c58e
FLOW_TO_HOSTOBS	e:to:SESSION-82f2c01059fea89b:host:172.234.197.23	SESSION-82f2c01059fea89b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-37dea09d598a2ad1:host:177.10.234.148	SESSION-37dea09d598a2ad1 → host:177.10.234.148
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5527f09aaa715d91:SESSION-5527f09aaa715d91	SESSION-5527f09aaa715d91 → pe:syn:SESSION-5527f09aaa715d91
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1705f35e2db46a43:SESSION-1705f35e2db46a43	SESSION-1705f35e2db46a43 → pe:syn:SESSION-1705f35e2db46a43
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f3bd7044d582575:host:85.11.167.8	SESSION-7f3bd7044d582575 → host:85.11.167.8
FLOW_DST_PORTOBS	e:fp:flow:8c6f2857ece5:port:tcp:39579	flow:8c6f2857ece5 → port:tcp:39579
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-83ce9ba3d421fc3f:host:172.234.197.23:host:177.10.235.230	SESSION-83ce9ba3d421fc3f → host:172.234.197.23 → host:177.10.235.230
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ceaacc21db1a34ae:host:172.234.197.23	SESSION-ceaacc21db1a34ae → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f8362a96ce0b7626:host:172.234.197.23	SESSION-f8362a96ce0b7626 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3f89af1089fc	flow:3f89af1089fc → host:45.173.156.253 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-114b93c0875a1701:SESSION-114b93c0875a1701	SESSION-114b93c0875a1701 → pe:tls:SESSION-114b93c0875a1701
FLOW_TO_HOSTOBS	e:to:SESSION-1933fbedf850967f:host:172.234.197.23	SESSION-1933fbedf850967f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:36f8ae69fc1a:port:tcp:443	flow:36f8ae69fc1a → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:33f4b3008bff	flow:33f4b3008bff → host:177.10.233.252 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-da4440e5d8ead4fe:host:177.10.239.2	SESSION-da4440e5d8ead4fe → host:177.10.239.2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0ffe1a7a04c39301:flow:9a60b6d3f633	SESSION-0ffe1a7a04c39301 → flow:9a60b6d3f633
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5d4cb0f7560af550:SESSION-5d4cb0f7560af550	SESSION-5d4cb0f7560af550 → pe:tls:SESSION-5d4cb0f7560af550
FLOW_DST_PORTOBS	e:fp:flow:de9a31b6abf8:port:tcp:443	flow:de9a31b6abf8 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-f580776b9a7f0d25:host:177.10.239.254	SESSION-f580776b9a7f0d25 → host:177.10.239.254
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c93e86640e8945ad:SESSION-c93e86640e8945ad	SESSION-c93e86640e8945ad → pe:syn:SESSION-c93e86640e8945ad
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-04a75396d111d878:host:177.10.238.222:host:172.234.197.23	SESSION-04a75396d111d878 → host:177.10.238.222 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7dea1c67796075ab:SESSION-7dea1c67796075ab	SESSION-7dea1c67796075ab → pe:syn:SESSION-7dea1c67796075ab
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cf31506875543a88:SESSION-cf31506875543a88	SESSION-cf31506875543a88 → pe:syn:SESSION-cf31506875543a88
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.120:geo_-16.28860_-49.01640	host:177.10.236.120 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a6a106ff5da861ac:SESSION-a6a106ff5da861ac	SESSION-a6a106ff5da861ac → pe:tls:SESSION-a6a106ff5da861ac
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ca707063b726bac:SESSION-8ca707063b726bac	SESSION-8ca707063b726bac → pe:syn:SESSION-8ca707063b726bac
flow_observed5-aryOBS	e:fo:flow:c2b1c487e1ac	flow:c2b1c487e1ac → host:177.10.239.93 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-610b47e21d599964:host:172.234.197.23	SESSION-610b47e21d599964 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2632ba515271ea31:host:177.10.239.185:host:172.234.197.23	SESSION-2632ba515271ea31 → host:177.10.239.185 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9962740ce107c36d:SESSION-9962740ce107c36d	SESSION-9962740ce107c36d → pe:tls:SESSION-9962740ce107c36d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-defe39665fdb6580:PCAP:capture_20260430070001:903a0e7a436b	SESSION-defe39665fdb6580 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-038099de878067a0:host:131.196.29.247	SESSION-038099de878067a0 → host:131.196.29.247
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.28:geo_-16.28860_-49.01640	host:177.10.239.28 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bc9c57ce6bc30045:host:172.234.197.23:host:177.10.237.164	SESSION-bc9c57ce6bc30045 → host:172.234.197.23 → host:177.10.237.164
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f3d13cea2cf7dcee:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f3d13cea2cf7dcee → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:41bc1e553486	flow:41bc1e553486 → host:131.196.29.196 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-ce17c1c4b6f006e0:host:177.10.234.249	SESSION-ce17c1c4b6f006e0 → host:177.10.234.249
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-74505beccb017396:SESSION-74505beccb017396	SESSION-74505beccb017396 → pe:tls:SESSION-74505beccb017396
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.130:asn:262880	host:177.10.235.130 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-16fca057f28c0943:host:177.10.238.87	SESSION-16fca057f28c0943 → host:177.10.238.87
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6806cb851ed3b70:host:172.234.197.23	SESSION-b6806cb851ed3b70 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a3bb54d95c2cdaff:flow:51883b5f936b	SESSION-a3bb54d95c2cdaff → flow:51883b5f936b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0e1f57d75854220c:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0e1f57d75854220c → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed4-aryOBS	e:fo:flow:3b613d9758b6	flow:3b613d9758b6 → host:172.234.197.23 → host:45.173.156.39 → port:tcp:3951
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a91fe9a6e775a606:host:172.234.197.23	SESSION-a91fe9a6e775a606 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.241:asn:262880	host:177.10.239.241 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb77a42bb02f4581:SESSION-cb77a42bb02f4581	SESSION-cb77a42bb02f4581 → pe:tls:SESSION-cb77a42bb02f4581
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c2099dbde4b7ef03:SESSION-c2099dbde4b7ef03	SESSION-c2099dbde4b7ef03 → pe:syn:SESSION-c2099dbde4b7ef03
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-589f676f16819868:host:177.10.239.139	SESSION-589f676f16819868 → host:177.10.239.139
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e2811d191c294e0:SESSION-7e2811d191c294e0	SESSION-7e2811d191c294e0 → pe:syn:SESSION-7e2811d191c294e0
FLOW_FROM_HOSTOBS	e:from:SESSION-8de302c0e306721c:host:172.234.197.23	SESSION-8de302c0e306721c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4d7e31822e7386a:SESSION-c4d7e31822e7386a	SESSION-c4d7e31822e7386a → pe:syn:SESSION-c4d7e31822e7386a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5e717c742e2e64ea:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5e717c742e2e64ea → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:ac8a4b797024:port:tcp:443	flow:ac8a4b797024 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.137:asn:262880	host:177.10.234.137 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa26c3a0a6de1666:host:172.234.197.23	SESSION-aa26c3a0a6de1666 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:af12d296b9cb:port:tcp:443	flow:af12d296b9cb → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:0642648552e6	flow:0642648552e6 → host:177.10.237.72 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:c5aa2acab467:port:tcp:50629	flow:c5aa2acab467 → port:tcp:50629
FLOW_TO_HOSTOBS	e:to:SESSION-807885e153f56a02:host:172.234.197.23	SESSION-807885e153f56a02 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-be09ba54da571689:host:131.196.30.81	SESSION-be09ba54da571689 → host:131.196.30.81
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-438fb49dfab0fe81:host:177.10.236.238	SESSION-438fb49dfab0fe81 → host:177.10.236.238
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6d4e81930fa292a8:SESSION-6d4e81930fa292a8	SESSION-6d4e81930fa292a8 → pe:tls:SESSION-6d4e81930fa292a8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4117bfae8d393f9c:host:177.10.238.189	SESSION-4117bfae8d393f9c → host:177.10.238.189
FLOW_DST_PORTOBS	e:fp:flow:9eff1d4678ce:port:tcp:443	flow:9eff1d4678ce → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cd4f490a373a283b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cd4f490a373a283b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8383343898074aaa:SESSION-8383343898074aaa	SESSION-8383343898074aaa → pe:tls:SESSION-8383343898074aaa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c88d7695016e6fbb:host:172.234.197.23	SESSION-c88d7695016e6fbb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e699a2f9558bf8d:host:177.10.237.145	SESSION-1e699a2f9558bf8d → host:177.10.237.145
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-493920f19ab5585b:host:131.196.31.253:host:172.234.197.23	SESSION-493920f19ab5585b → host:131.196.31.253 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65f49e29fd3c9157:host:172.234.197.23	SESSION-65f49e29fd3c9157 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb520d5460f73062:host:172.234.197.23	SESSION-fb520d5460f73062 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90972096b6b00a4b:host:177.10.236.240	SESSION-90972096b6b00a4b → host:177.10.236.240
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-caa2e371708bdf2e:SESSION-caa2e371708bdf2e	SESSION-caa2e371708bdf2e → pe:tls:SESSION-caa2e371708bdf2e
flow_observed5-aryOBS	e:fo:flow:511640d4b71a	flow:511640d4b71a → host:177.10.237.145 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a4b68b400a3161c:host:172.234.197.23	SESSION-9a4b68b400a3161c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3a6f73143abd0c86:flow:deb8fc46e85e	SESSION-3a6f73143abd0c86 → flow:deb8fc46e85e
FLOW_DST_PORTOBS	e:fp:flow:baf8cb1ead66:port:tcp:24082	flow:baf8cb1ead66 → port:tcp:24082
flow_observed5-aryOBS	e:fo:flow:e9d30a67fb9b	flow:e9d30a67fb9b → host:177.10.234.179 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-3f1e2986117d2a1f:host:172.234.197.23	SESSION-3f1e2986117d2a1f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f43bb83d69743819:PCAP:capture_20260430060001:919b39a74464	SESSION-f43bb83d69743819 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-58f4b45cf908ad77:host:131.196.30.88	SESSION-58f4b45cf908ad77 → host:131.196.30.88
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cff1d643020db9d5:flow:1ecc35664d1e	SESSION-cff1d643020db9d5 → flow:1ecc35664d1e
FLOW_FROM_HOSTOBS	e:from:SESSION-1ac55ff303c5de83:host:131.196.30.49	SESSION-1ac55ff303c5de83 → host:131.196.30.49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-36966af2dfd8700b:SESSION-36966af2dfd8700b	SESSION-36966af2dfd8700b → pe:syn:SESSION-36966af2dfd8700b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb5c3fce7274dac7:flow:c344393f012a	SESSION-cb5c3fce7274dac7 → flow:c344393f012a
ASN_IN_ORGOBS 80%	e:ao:asn:138915:org:Kaopu Cloud HK Limited	asn:138915 → org:Kaopu Cloud HK Limited
FLOW_FROM_HOSTOBS	e:from:SESSION-9d58dc4e289d6c4c:host:172.234.197.23	SESSION-9d58dc4e289d6c4c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-32273c66c8bf9656:PCAP:capture_20260430090001:065659c7d314	SESSION-32273c66c8bf9656 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-368729c748b57591:SESSION-368729c748b57591	SESSION-368729c748b57591 → pe:syn:SESSION-368729c748b57591
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b0ca3b8aea25b593:SESSION-b0ca3b8aea25b593	SESSION-b0ca3b8aea25b593 → pe:syn:SESSION-b0ca3b8aea25b593
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9b30dbd402b74df1:host:172.234.197.23:host:131.196.31.83	SESSION-9b30dbd402b74df1 → host:172.234.197.23 → host:131.196.31.83
FLOW_TO_HOSTOBS	e:to:SESSION-020ce81cb9d50ce5:host:172.234.197.23	SESSION-020ce81cb9d50ce5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c36eb4dd059a78a3:host:177.10.233.183	SESSION-c36eb4dd059a78a3 → host:177.10.233.183
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e0b5328aa075dd2:host:131.196.29.69	SESSION-2e0b5328aa075dd2 → host:131.196.29.69
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37a8b94aca0a72fd:host:172.234.197.23	SESSION-37a8b94aca0a72fd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-331f26717743f7bf:SESSION-331f26717743f7bf	SESSION-331f26717743f7bf → pe:tls:SESSION-331f26717743f7bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-414bf7406e62b7e2:SESSION-414bf7406e62b7e2	SESSION-414bf7406e62b7e2 → pe:tls:SESSION-414bf7406e62b7e2
FLOW_DST_PORTOBS	e:fp:flow:ac271c0d298b:port:tcp:443	flow:ac271c0d298b → port:tcp:443
FLOW_TLS_SNIOBS	e:fs:flow:3a460404baad:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:3a460404baad → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-352a47a3f8b3882e:host:172.234.197.23:host:177.10.237.60	SESSION-352a47a3f8b3882e → host:172.234.197.23 → host:177.10.237.60
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6a214ec19ba198e7:host:172.234.197.23:host:177.10.233.191	SESSION-6a214ec19ba198e7 → host:172.234.197.23 → host:177.10.233.191
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3ae59ca72364f9e1:flow:a5ba946b42e4	SESSION-3ae59ca72364f9e1 → flow:a5ba946b42e4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8984df52681cb36:host:172.234.197.23	SESSION-c8984df52681cb36 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e2b1b7c009dcf05e:host:177.10.235.151	SESSION-e2b1b7c009dcf05e → host:177.10.235.151
FLOW_FROM_HOSTOBS	e:from:SESSION-ffa84d5a72af3dab:host:131.196.29.137	SESSION-ffa84d5a72af3dab → host:131.196.29.137
flow_observed5-aryOBS	e:fo:flow:440525ebabd8	flow:440525ebabd8 → host:131.196.30.59 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:4231a3cc4c78:port:tcp:61041	flow:4231a3cc4c78 → port:tcp:61041
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1bc39f4f18cf27f2:SESSION-1bc39f4f18cf27f2	SESSION-1bc39f4f18cf27f2 → pe:syn:SESSION-1bc39f4f18cf27f2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-625fc1856b5bb87f:host:177.10.239.235	SESSION-625fc1856b5bb87f → host:177.10.239.235
FLOW_TO_HOSTOBS	e:to:SESSION-f2a0bf61df119bc4:host:172.234.197.23	SESSION-f2a0bf61df119bc4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1f991b6c62555b6c:host:177.10.236.193	SESSION-1f991b6c62555b6c → host:177.10.236.193
flow_observed4-aryOBS	e:fo:flow:655ce0523929	flow:655ce0523929 → host:172.234.197.23 → host:177.10.232.247 → port:tcp:48781
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd108cc47984c911:host:177.10.233.145	SESSION-dd108cc47984c911 → host:177.10.233.145
FLOW_DST_PORTOBS	e:fp:flow:833e3a42ca42:port:tcp:31125	flow:833e3a42ca42 → port:tcp:31125
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-75ac13f212ea06a5:host:177.10.232.54:host:172.234.197.23	SESSION-75ac13f212ea06a5 → host:177.10.232.54 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-99e2981b3b5fa520:SESSION-99e2981b3b5fa520	SESSION-99e2981b3b5fa520 → pe:syn:SESSION-99e2981b3b5fa520
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-de01d31bf4634055:PCAP:capture_20260430050001:8868731bf8a4	SESSION-de01d31bf4634055 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-567e9582c6914b15:flow:1e0a32bc1765	SESSION-567e9582c6914b15 → flow:1e0a32bc1765
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.104:asn:262880	host:177.10.238.104 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-67f971eb3e92b8d2:flow:d75121ea7e90	SESSION-67f971eb3e92b8d2 → flow:d75121ea7e90
FLOW_DST_PORTOBS	e:fp:flow:c8ea7a8a3a9a:port:tcp:61472	flow:c8ea7a8a3a9a → port:tcp:61472
FLOW_FROM_HOSTOBS	e:from:SESSION-3930651da0a26cb4:host:172.234.197.23	SESSION-3930651da0a26cb4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f1777a33d63b:port:tcp:80	flow:f1777a33d63b → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc0d354223e065ab:host:59.24.133.197	SESSION-fc0d354223e065ab → host:59.24.133.197
FLOW_FROM_HOSTOBS	e:from:SESSION-8cf2e3dd1491b22c:host:177.10.237.177	SESSION-8cf2e3dd1491b22c → host:177.10.237.177
flow_observed5-aryOBS	e:fo:flow:3cd87ec6e33e	flow:3cd87ec6e33e → host:177.10.235.114 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1d74e40d653f073:host:91.240.224.238:host:172.234.197.23	SESSION-d1d74e40d653f073 → host:91.240.224.238 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-449915b4a668f160:host:172.234.197.23	SESSION-449915b4a668f160 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b37dbc8f4449b96:host:172.234.197.23:host:131.196.29.141	SESSION-5b37dbc8f4449b96 → host:172.234.197.23 → host:131.196.29.141
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f8382ccd890fe862:flow:781e6bc42ab0	SESSION-f8382ccd890fe862 → flow:781e6bc42ab0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57092e6ea3a8c881:host:172.234.197.23	SESSION-57092e6ea3a8c881 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6667ca1b9f8ba8d1:SESSION-6667ca1b9f8ba8d1	SESSION-6667ca1b9f8ba8d1 → pe:tls:SESSION-6667ca1b9f8ba8d1
FLOW_FROM_HOSTOBS	e:from:SESSION-9ed5696d63c7b154:host:172.234.197.23	SESSION-9ed5696d63c7b154 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:43.196.88.244:geo_39.91100_116.39500	host:43.196.88.244 → geo_39.91100_116.39500
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb77a42bb02f4581:host:172.234.197.23	SESSION-cb77a42bb02f4581 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6372f3e6dae2e87f:flow:947ed1ed059c	SESSION-6372f3e6dae2e87f → flow:947ed1ed059c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f635007151c479b8:host:172.234.197.23	SESSION-f635007151c479b8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ac9bb77fb56e773:host:177.10.234.114	SESSION-7ac9bb77fb56e773 → host:177.10.234.114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-975059a05a34b0ad:SESSION-975059a05a34b0ad	SESSION-975059a05a34b0ad → pe:syn:SESSION-975059a05a34b0ad
FLOW_TO_HOSTOBS	e:to:SESSION-c4d1c4ac80a0d275:host:172.234.197.23	SESSION-c4d1c4ac80a0d275 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ad9dd4ac6be1fc2:flow:c7bd36073942	SESSION-1ad9dd4ac6be1fc2 → flow:c7bd36073942
FLOW_DST_PORTOBS	e:fp:flow:44efce266f3b:port:tcp:443	flow:44efce266f3b → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-54c75738c2308981:host:35.94.26.156	SESSION-54c75738c2308981 → host:35.94.26.156
flow_observed4-aryOBS	e:fo:flow:1d5670e1573a	flow:1d5670e1573a → host:172.234.197.23 → host:131.196.29.25 → port:tcp:50499
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a9042bd9c6a81d17:flow:f316080d1441	SESSION-a9042bd9c6a81d17 → flow:f316080d1441
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-543230bb149abbcc:SESSION-543230bb149abbcc	SESSION-543230bb149abbcc → pe:tls:SESSION-543230bb149abbcc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-131cbd262c833b9b:flow:313e7cddc626	SESSION-131cbd262c833b9b → flow:313e7cddc626
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.198:asn:271410	host:131.196.28.198 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-d60f9952407f0d18:host:172.234.197.23	SESSION-d60f9952407f0d18 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae6c5a18819e9434:host:172.234.197.23	SESSION-ae6c5a18819e9434 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e503c69e36c27590:host:172.234.197.23	SESSION-e503c69e36c27590 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.137:asn:271410	host:131.196.31.137 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:55f3a75120ee:port:tcp:443	flow:55f3a75120ee → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ba8512040d3b37b:host:177.10.233.148:host:172.234.197.23	SESSION-5ba8512040d3b37b → host:177.10.233.148 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e54bcb908ef4	flow:e54bcb908ef4 → host:172.234.197.23 → host:177.10.235.111 → port:tcp:55633
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.102:geo_-16.28860_-49.01640	host:177.10.238.102 → geo_-16.28860_-49.01640
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-7b0fec424d0db7c3:BSG-BEACON-3eb51709f414	SESSION-7b0fec424d0db7c3 → BSG-BEACON-3eb51709f414
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ff9e556bf199706:SESSION-6ff9e556bf199706	SESSION-6ff9e556bf199706 → pe:tls:SESSION-6ff9e556bf199706
FLOW_DST_PORTOBS	e:fp:flow:f6468a8c8ce9:port:tcp:443	flow:f6468a8c8ce9 → port:tcp:443
flow_observed3-aryOBS	e:fo:flow:a2d0d15e106e	flow:a2d0d15e106e → host:3.102.9.236 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-37c43e7a9f6dcf12:SESSION-37c43e7a9f6dcf12	SESSION-37c43e7a9f6dcf12 → pe:syn:SESSION-37c43e7a9f6dcf12
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bc4f127cbdf1d5a3:PCAP:capture_20260430110001:43611bdf6759	SESSION-bc4f127cbdf1d5a3 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-ff9ef052366910da:host:177.10.234.107	SESSION-ff9ef052366910da → host:177.10.234.107
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b22f1be22326dd94:host:54.200.68.109	SESSION-b22f1be22326dd94 → host:54.200.68.109
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ecb67f73d2142d93:host:177.10.232.142	SESSION-ecb67f73d2142d93 → host:177.10.232.142
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0146df147eb3c3bd:SESSION-0146df147eb3c3bd	SESSION-0146df147eb3c3bd → pe:syn:SESSION-0146df147eb3c3bd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-29f6930bb002305c:PCAP:capture_20260430070001:903a0e7a436b	SESSION-29f6930bb002305c → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.169:asn:271410	host:131.196.31.169 → asn:271410
flow_observed5-aryOBS	e:fo:flow:c059322f6c89	flow:c059322f6c89 → host:177.10.232.126 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-1f29948747ee8d5c:host:177.10.235.174	SESSION-1f29948747ee8d5c → host:177.10.235.174
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2625cb17cae199d1:SESSION-2625cb17cae199d1	SESSION-2625cb17cae199d1 → pe:syn:SESSION-2625cb17cae199d1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-c37bd5454075ced3:SESSION-c37bd5454075ced3	SESSION-c37bd5454075ced3 → pe:dns:SESSION-c37bd5454075ced3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5ea1449320ef78b:host:172.234.197.23	SESSION-c5ea1449320ef78b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb7db2afd613f778:SESSION-cb7db2afd613f778	SESSION-cb7db2afd613f778 → pe:syn:SESSION-cb7db2afd613f778
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be2d81a12844874f:PCAP:capture_20260430070001:903a0e7a436b	SESSION-be2d81a12844874f → PCAP:capture_20260430070001:903a0e7a436b
flow_observed4-aryOBS	e:fo:flow:780934a9be2c	flow:780934a9be2c → host:172.234.197.23 → host:131.196.28.176 → port:tcp:39361
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2d19f64abed8cdcd:host:172.234.197.23:host:177.10.234.178	SESSION-2d19f64abed8cdcd → host:172.234.197.23 → host:177.10.234.178
FLOW_FROM_HOSTOBS	e:from:SESSION-01fb4d6a9472c8c7:host:31.40.196.211	SESSION-01fb4d6a9472c8c7 → host:31.40.196.211
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8f59bcaffd8dcae9:flow:e7d613fd7a38	SESSION-8f59bcaffd8dcae9 → flow:e7d613fd7a38
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-76b86119fe5d0a6f:SESSION-76b86119fe5d0a6f	SESSION-76b86119fe5d0a6f → pe:syn:SESSION-76b86119fe5d0a6f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0cba2347786f28d:host:177.10.235.85	SESSION-b0cba2347786f28d → host:177.10.235.85
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c58c12f678d65836:host:172.234.197.23	SESSION-c58c12f678d65836 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-76aff26f067fcb92:host:177.10.237.72	SESSION-76aff26f067fcb92 → host:177.10.237.72
ASN_IN_ORGOBS 80%	e:ao:asn:208137:org:Feo Prest SRL	asn:208137 → org:Feo Prest SRL
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4ecf1376a54312e6:flow:f9c407d7f851	SESSION-4ecf1376a54312e6 → flow:f9c407d7f851
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.105:geo_-16.28860_-49.01640	host:177.10.239.105 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-3b8a8c73a52fb2ca:host:177.10.233.145	SESSION-3b8a8c73a52fb2ca → host:177.10.233.145
flow_observed5-aryOBS	e:fo:flow:472712aef2aa	flow:472712aef2aa → host:37.221.79.52 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2bb4f19f005244d2:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2bb4f19f005244d2 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-fbdf1132d9fb1d0d:host:172.234.197.23	SESSION-fbdf1132d9fb1d0d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-72e48e4dc313a64d:flow:5e088d8e5126	SESSION-72e48e4dc313a64d → flow:5e088d8e5126
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f2c14118785728f:host:131.196.31.156	SESSION-9f2c14118785728f → host:131.196.31.156
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5e8c587e48bf8617:SESSION-5e8c587e48bf8617	SESSION-5e8c587e48bf8617 → pe:syn:SESSION-5e8c587e48bf8617
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33bdca28f4470cd7:host:172.234.197.23	SESSION-33bdca28f4470cd7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae2c237b5906e067:host:172.234.197.23	SESSION-ae2c237b5906e067 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4449fca2fd34af5e:host:172.234.197.23	SESSION-4449fca2fd34af5e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ca55f398b8ed07e1:flow:d3e623b4b6ff	SESSION-ca55f398b8ed07e1 → flow:d3e623b4b6ff
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1429c4885068b09:host:177.10.236.8	SESSION-c1429c4885068b09 → host:177.10.236.8
FLOW_DST_PORTOBS	e:fp:flow:03a779e7b01d:port:tcp:80	flow:03a779e7b01d → port:tcp:80
flow_observed4-aryOBS	e:fo:flow:d73b005dadbd	flow:d73b005dadbd → host:172.234.197.23 → host:177.10.239.133 → port:tcp:20213
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3ecb9e93c79a4bef:SESSION-3ecb9e93c79a4bef	SESSION-3ecb9e93c79a4bef → pe:syn:SESSION-3ecb9e93c79a4bef
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65d310d8fe50c39e:flow:0acac59bfefe	SESSION-65d310d8fe50c39e → flow:0acac59bfefe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d1ca1108b3f9fffc:SESSION-d1ca1108b3f9fffc	SESSION-d1ca1108b3f9fffc → pe:tls:SESSION-d1ca1108b3f9fffc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-25d670562ff80de0:host:177.10.233.100:host:172.234.197.23	SESSION-25d670562ff80de0 → host:177.10.233.100 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ff9ef052366910da:host:172.234.197.23:host:177.10.234.107	SESSION-ff9ef052366910da → host:172.234.197.23 → host:177.10.234.107
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-31de31d3c82f498d:SESSION-31de31d3c82f498d	SESSION-31de31d3c82f498d → pe:syn:SESSION-31de31d3c82f498d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eb9826b2bc40f219:flow:fc416c033937	SESSION-eb9826b2bc40f219 → flow:fc416c033937
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b6f4863e4efa4050:SESSION-b6f4863e4efa4050	SESSION-b6f4863e4efa4050 → pe:syn:SESSION-b6f4863e4efa4050
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.35:geo_-16.28860_-49.01640	host:177.10.235.35 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.118:asn:262880	host:177.10.234.118 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5f0044b48e7e1824:host:177.10.234.63:host:172.234.197.23	SESSION-5f0044b48e7e1824 → host:177.10.234.63 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ab20216cf3eeb0ee:SESSION-ab20216cf3eeb0ee	SESSION-ab20216cf3eeb0ee → pe:syn:SESSION-ab20216cf3eeb0ee
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2b0a36bcb50aee6b:SESSION-2b0a36bcb50aee6b	SESSION-2b0a36bcb50aee6b → pe:tls:SESSION-2b0a36bcb50aee6b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8dbd1afb05a3a814:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-8dbd1afb05a3a814 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55794f9e7b1a9e7f:host:172.234.197.23	SESSION-55794f9e7b1a9e7f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-354d6c0d37a0b016:SESSION-354d6c0d37a0b016	SESSION-354d6c0d37a0b016 → pe:syn:SESSION-354d6c0d37a0b016
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1633b12f0e20b97e:host:185.231.226.245	SESSION-1633b12f0e20b97e → host:185.231.226.245
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0371abab0ef43e73:host:31.40.196.125:host:172.234.197.23	SESSION-0371abab0ef43e73 → host:31.40.196.125 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-187a70856b24c84b:SESSION-187a70856b24c84b	SESSION-187a70856b24c84b → pe:tls:SESSION-187a70856b24c84b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a83f7d2591dcabf5:host:131.196.29.125:host:172.234.197.23	SESSION-a83f7d2591dcabf5 → host:131.196.29.125 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ca59997a1fd2235:host:172.234.197.23	SESSION-2ca59997a1fd2235 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.156:asn:262880	host:177.10.239.156 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:7390756c80d4:port:tcp:10229	flow:7390756c80d4 → port:tcp:10229
FLOW_FROM_HOSTOBS	e:from:SESSION-0c7d8b58da7be6c5:host:131.196.28.175	SESSION-0c7d8b58da7be6c5 → host:131.196.28.175
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.153:asn:271410	host:131.196.28.153 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5c60d99c484411b4:flow:b254e83aa241	SESSION-5c60d99c484411b4 → flow:b254e83aa241
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01b1445b3dd1d2e4:host:172.234.197.23	SESSION-01b1445b3dd1d2e4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8578034648884afe:host:131.196.29.4	SESSION-8578034648884afe → host:131.196.29.4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a7a08ae566a4a8b:host:172.234.197.23	SESSION-5a7a08ae566a4a8b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5bab109b42e3a8d7:flow:ae9e0c134c79	SESSION-5bab109b42e3a8d7 → flow:ae9e0c134c79
FLOW_DST_PORTOBS	e:fp:flow:162cd2226747:port:tcp:443	flow:162cd2226747 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bb512b6db53333ff:flow:66d3f8b0f2a7	SESSION-bb512b6db53333ff → flow:66d3f8b0f2a7
FLOW_DST_PORTOBS	e:fp:flow:5d7ec192c72c:port:tcp:443	flow:5d7ec192c72c → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65f6be25ebaee411:flow:f04fde117157	SESSION-65f6be25ebaee411 → flow:f04fde117157
flow_observed5-aryOBS	e:fo:flow:eaa8659511f0	flow:eaa8659511f0 → host:177.10.237.251 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-fc3065336ab4dc3e:host:172.234.197.23	SESSION-fc3065336ab4dc3e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51c60ff5c6e820bd:host:177.10.235.85	SESSION-51c60ff5c6e820bd → host:177.10.235.85
FLOW_DST_PORTOBS	e:fp:flow:a59865cbe96a:port:tcp:30114	flow:a59865cbe96a → port:tcp:30114
flow_observed5-aryOBS	e:fo:flow:93dc34757c1c	flow:93dc34757c1c → host:109.89.117.44 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:c3391332133e	flow:c3391332133e → host:177.10.233.153 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c876d9731eec34af:SESSION-c876d9731eec34af	SESSION-c876d9731eec34af → pe:syn:SESSION-c876d9731eec34af
FLOW_TO_HOSTOBS	e:to:SESSION-fc3065336ab4dc3e:host:177.10.235.213	SESSION-fc3065336ab4dc3e → host:177.10.235.213
FLOW_TO_HOSTOBS	e:to:SESSION-3e2d293cdcc6efc8:host:172.234.197.23	SESSION-3e2d293cdcc6efc8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f30fa3bd65a965fa:host:177.10.236.209	SESSION-f30fa3bd65a965fa → host:177.10.236.209
flow_observed5-aryOBS	e:fo:flow:bb3f8d8dd333	flow:bb3f8d8dd333 → host:94.130.10.221 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-119f9a3698c24414:host:172.234.197.23	SESSION-119f9a3698c24414 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-779d668625040802:host:172.234.197.23	SESSION-779d668625040802 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f59e3038c71b15e1:host:172.234.197.23	SESSION-f59e3038c71b15e1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9440bd4080fa	flow:9440bd4080fa → host:177.10.236.174 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:1175089c845f	flow:1175089c845f → host:131.196.31.137 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ee088f254667f6a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6ee088f254667f6a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-3da2bdbc54650cc7:host:177.10.233.150	SESSION-3da2bdbc54650cc7 → host:177.10.233.150
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-266bac80b9ef8487:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-266bac80b9ef8487 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b68b7374dcfd0024:host:172.234.197.23	SESSION-b68b7374dcfd0024 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3a286fa1508a759d:SESSION-3a286fa1508a759d	SESSION-3a286fa1508a759d → pe:syn:SESSION-3a286fa1508a759d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-341cb53ffc41c3af:flow:77cfe94da839	SESSION-341cb53ffc41c3af → flow:77cfe94da839
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-24f08652bbd6b16b:host:57.128.95.174:host:172.234.197.23	SESSION-24f08652bbd6b16b → host:57.128.95.174 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-659e9e20b25ca2e2:SESSION-659e9e20b25ca2e2	SESSION-659e9e20b25ca2e2 → pe:syn:SESSION-659e9e20b25ca2e2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e44d3b0a0ee22cd6:host:131.196.28.159	SESSION-e44d3b0a0ee22cd6 → host:131.196.28.159
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ebb29f0c8a91fe62:host:177.10.233.82:host:172.234.197.23	SESSION-ebb29f0c8a91fe62 → host:177.10.233.82 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:84b115f7b002	flow:84b115f7b002 → host:131.196.30.234 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0be9ff1ae53d349:host:177.10.232.222	SESSION-f0be9ff1ae53d349 → host:177.10.232.222
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7034c460bd0f5720:SESSION-7034c460bd0f5720	SESSION-7034c460bd0f5720 → pe:tls:SESSION-7034c460bd0f5720
FLOW_TO_HOSTOBS	e:to:SESSION-27536868d2d29d68:host:172.234.197.23	SESSION-27536868d2d29d68 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66fe61e0e919e0c7:host:131.196.29.76	SESSION-66fe61e0e919e0c7 → host:131.196.29.76
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0f2cdff3ab49e1a1:host:177.10.234.160	SESSION-0f2cdff3ab49e1a1 → host:177.10.234.160
FLOW_DST_PORTOBS	e:fp:flow:4cdfd20426a3:port:tcp:443	flow:4cdfd20426a3 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c84f2bc6bdec600e:flow:b906f6cfbd63	SESSION-c84f2bc6bdec600e → flow:b906f6cfbd63
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9d7ef6e96dbb9c5:host:172.234.197.23	SESSION-a9d7ef6e96dbb9c5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7f9bec963f9028f2:host:177.10.235.140:host:172.234.197.23	SESSION-7f9bec963f9028f2 → host:177.10.235.140 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4832bd407d6b:port:tcp:443	flow:4832bd407d6b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79b864f146b8f07b:host:177.10.238.208	SESSION-79b864f146b8f07b → host:177.10.238.208
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65c3eea3bc378ff0:host:172.234.197.23	SESSION-65c3eea3bc378ff0 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.102:geo_-23.62930_-46.63510	host:131.196.30.102 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.53:asn:262880	host:177.10.236.53 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-091ae841df8cdc2c:host:172.234.197.23	SESSION-091ae841df8cdc2c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-797ddf76fc257ebf:host:172.234.197.23	SESSION-797ddf76fc257ebf → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bce97f10a4a571f4:host:172.234.197.23	SESSION-bce97f10a4a571f4 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b67e2b1b04d4	flow:b67e2b1b04d4 → host:172.234.197.23 → host:177.10.238.116 → port:tcp:55580
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.47:asn:271410	host:131.196.30.47 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dd1fe9b471d92d57:SESSION-dd1fe9b471d92d57	SESSION-dd1fe9b471d92d57 → pe:tls:SESSION-dd1fe9b471d92d57
flow_observed4-aryOBS	e:fo:flow:c2712c5339c4	flow:c2712c5339c4 → host:172.234.197.23 → host:45.173.156.208 → port:tcp:46955
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1d9624273099964:host:131.196.29.229	SESSION-a1d9624273099964 → host:131.196.29.229
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.111:asn:203771	host:37.221.79.111 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cef4b415a72da702:SESSION-cef4b415a72da702	SESSION-cef4b415a72da702 → pe:syn:SESSION-cef4b415a72da702
flow_observed5-aryOBS	e:fo:flow:6a9de5a5ca92	flow:6a9de5a5ca92 → host:45.173.156.189 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2632ba515271ea31:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2632ba515271ea31 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TLS_SNIOBS	e:fs:flow:6ddb0818d575:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:6ddb0818d575 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4d9a4406bd7b3b41:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-4d9a4406bd7b3b41 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-34da31e596580b61:host:177.10.235.46	SESSION-34da31e596580b61 → host:177.10.235.46
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3573d87c5a129f8e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-3573d87c5a129f8e → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.147:asn:262880	host:177.10.237.147 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77da6a9292c08caa:PCAP:capture_20260430060001:919b39a74464	SESSION-77da6a9292c08caa → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1446b81625870ef0:host:13.208.161.175:host:172.234.197.23	SESSION-1446b81625870ef0 → host:13.208.161.175 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:55c81ca43275:port:tcp:443	flow:55c81ca43275 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5bfd6f31a89c294d:host:172.234.197.23	SESSION-5bfd6f31a89c294d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db76c4941d3529f6:host:172.234.197.23:host:177.10.236.92	SESSION-db76c4941d3529f6 → host:172.234.197.23 → host:177.10.236.92
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8e523425c561e01e:SESSION-8e523425c561e01e	SESSION-8e523425c561e01e → pe:syn:SESSION-8e523425c561e01e
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.104:asn:271410	host:131.196.30.104 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.62:asn:262880	host:177.10.238.62 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:0c531332d334:port:tcp:443	flow:0c531332d334 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9e0dcae8b099ffa5:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-9e0dcae8b099ffa5 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-d0d83e3d3d1fc018:host:172.234.197.23	SESSION-d0d83e3d3d1fc018 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be622897972653aa:flow:c211bfdf4443	SESSION-be622897972653aa → flow:c211bfdf4443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-09db40e08b93496c:PCAP:capture_20260430070001:903a0e7a436b	SESSION-09db40e08b93496c → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e05f2032b3abac3:host:172.234.197.23	SESSION-3e05f2032b3abac3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d5ac91adedbe1ec7:flow:82ed4e90b8f2	SESSION-d5ac91adedbe1ec7 → flow:82ed4e90b8f2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-926d10c9776453b9:SESSION-926d10c9776453b9	SESSION-926d10c9776453b9 → pe:syn:SESSION-926d10c9776453b9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-02cad694702cb9f1:flow:688f8270244b	SESSION-02cad694702cb9f1 → flow:688f8270244b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d9b13ac4e6d83a5e:host:177.10.239.166:host:172.234.197.23	SESSION-d9b13ac4e6d83a5e → host:177.10.239.166 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-677c9237241fc75d:SESSION-677c9237241fc75d	SESSION-677c9237241fc75d → pe:syn:SESSION-677c9237241fc75d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ffa84d5a72af3dab:PCAP:capture_20260430160001:9bfa4498506a	SESSION-ffa84d5a72af3dab → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e6588ddd9fabb341:PCAP:capture_20260430060001:919b39a74464	SESSION-e6588ddd9fabb341 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a9273620e0aaedc:flow:2be39705dda1	SESSION-8a9273620e0aaedc → flow:2be39705dda1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6a19fd3219cd89ed:SESSION-6a19fd3219cd89ed	SESSION-6a19fd3219cd89ed → pe:syn:SESSION-6a19fd3219cd89ed
FLOW_FROM_HOSTOBS	e:from:SESSION-84e5e89f26aa2ca2:host:177.10.239.175	SESSION-84e5e89f26aa2ca2 → host:177.10.239.175
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a70682fed3cc6c8:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8a70682fed3cc6c8 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-85383edd293fa3f5:SESSION-85383edd293fa3f5	SESSION-85383edd293fa3f5 → pe:tls:SESSION-85383edd293fa3f5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7488427d80d09cd9:host:131.196.29.70	SESSION-7488427d80d09cd9 → host:131.196.29.70
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.132:geo_-23.62930_-46.63510	host:131.196.31.132 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb444db8c099bc0f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cb444db8c099bc0f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:daaebd94ce82	flow:daaebd94ce82 → host:95.170.25.105 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_DST_PORTOBS	e:fp:flow:ea9cac00d4f8:port:tcp:443	flow:ea9cac00d4f8 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-ef849695f946a5ec:host:177.10.239.138	SESSION-ef849695f946a5ec → host:177.10.239.138
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-68a3da1f806283eb:SESSION-68a3da1f806283eb	SESSION-68a3da1f806283eb → pe:syn:SESSION-68a3da1f806283eb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1933fbedf850967f:flow:94b142bbe9f6	SESSION-1933fbedf850967f → flow:94b142bbe9f6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c21627d8f6f11a27:host:172.234.197.23:host:177.10.235.125	SESSION-c21627d8f6f11a27 → host:172.234.197.23 → host:177.10.235.125
FLOW_TO_HOSTOBS	e:to:SESSION-b69e4016453478aa:host:172.234.197.23	SESSION-b69e4016453478aa → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b2f232bbd4758bf:host:131.196.29.236:host:172.234.197.23	SESSION-7b2f232bbd4758bf → host:131.196.29.236 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fe8896cc58e0f0aa:SESSION-fe8896cc58e0f0aa	SESSION-fe8896cc58e0f0aa → pe:syn:SESSION-fe8896cc58e0f0aa
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b2474eb623db0155:flow:0d841c385d57	SESSION-b2474eb623db0155 → flow:0d841c385d57
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d2d2e0adb85f8f3e:SESSION-d2d2e0adb85f8f3e	SESSION-d2d2e0adb85f8f3e → pe:syn:SESSION-d2d2e0adb85f8f3e
FLOW_TO_HOSTOBS	e:to:SESSION-7bf74715b11f1486:host:131.196.28.122	SESSION-7bf74715b11f1486 → host:131.196.28.122
FLOW_TO_HOSTOBS	e:to:SESSION-29f2fc627b4350bb:host:172.234.197.23	SESSION-29f2fc627b4350bb → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3c787945ac898609:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3c787945ac898609 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:29836d882b78:port:tcp:12769	flow:29836d882b78 → port:tcp:12769
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.120:asn:262880	host:177.10.238.120 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-154a0a352559b94b:host:131.196.29.224	SESSION-154a0a352559b94b → host:131.196.29.224
FLOW_FROM_HOSTOBS	e:from:SESSION-8e44af15232c6a53:host:45.173.156.37	SESSION-8e44af15232c6a53 → host:45.173.156.37
FLOW_TO_HOSTOBS	e:to:SESSION-42dd33a8e6552b73:host:172.234.197.23	SESSION-42dd33a8e6552b73 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-295c5f4e2a8126b8:host:177.10.233.58	SESSION-295c5f4e2a8126b8 → host:177.10.233.58
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.18:asn:273470	host:45.173.156.18 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-90e5db50c9887f08:host:172.234.197.23:host:131.196.30.71	SESSION-90e5db50c9887f08 → host:172.234.197.23 → host:131.196.30.71
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.175:asn:271410	host:131.196.28.175 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f06d97c7ac4f577b:host:172.234.197.23	SESSION-f06d97c7ac4f577b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:fc416c033937	flow:fc416c033937 → host:177.10.238.191 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-954029bd3fad39c7:SESSION-954029bd3fad39c7	SESSION-954029bd3fad39c7 → pe:tls:SESSION-954029bd3fad39c7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-739affc996a6fe99:flow:98c03e37a107	SESSION-739affc996a6fe99 → flow:98c03e37a107
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.62:asn:273470	host:45.173.156.62 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0786c46a404d7589:host:177.10.238.124	SESSION-0786c46a404d7589 → host:177.10.238.124
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b4b9c738c314ebf:host:131.196.28.0	SESSION-6b4b9c738c314ebf → host:131.196.28.0
FLOW_TO_HOSTOBS	e:to:SESSION-afde502531c1ddca:host:172.234.197.23	SESSION-afde502531c1ddca → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-27ea3c16306f2f5f:host:172.234.197.23	SESSION-27ea3c16306f2f5f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-65e7ac6f998115f7:host:177.10.232.158	SESSION-65e7ac6f998115f7 → host:177.10.232.158
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0bcd74883eff8339:SESSION-0bcd74883eff8339	SESSION-0bcd74883eff8339 → pe:syn:SESSION-0bcd74883eff8339
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7aa70a6d3547ceb7:SESSION-7aa70a6d3547ceb7	SESSION-7aa70a6d3547ceb7 → pe:tls:SESSION-7aa70a6d3547ceb7
FLOW_DST_PORTOBS	e:fp:flow:301bea5aae22:port:tcp:65018	flow:301bea5aae22 → port:tcp:65018
flow_observed5-aryOBS	e:fo:flow:5590b431c6bb	flow:5590b431c6bb → host:192.99.232.216 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98452f7d1a82c494:host:177.10.238.160	SESSION-98452f7d1a82c494 → host:177.10.238.160
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-621f2e97c51ae8e1:flow:da534c89e93d	SESSION-621f2e97c51ae8e1 → flow:da534c89e93d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea53a00807c951b5:host:172.234.197.23	SESSION-ea53a00807c951b5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-760c61036eedf2e4:host:177.10.239.9	SESSION-760c61036eedf2e4 → host:177.10.239.9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca0d45baeb856677:host:172.234.197.23	SESSION-ca0d45baeb856677 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-da4440e5d8ead4fe:PCAP:capture_20260430070001:903a0e7a436b	SESSION-da4440e5d8ead4fe → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f2c00c77bcbb5602:flow:288111f38e5f	SESSION-f2c00c77bcbb5602 → flow:288111f38e5f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-492b019ad94826ae:SESSION-492b019ad94826ae	SESSION-492b019ad94826ae → pe:tls:SESSION-492b019ad94826ae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-310c82c2a589a705:SESSION-310c82c2a589a705	SESSION-310c82c2a589a705 → pe:tls:SESSION-310c82c2a589a705
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-007ba64cafd5a15c:host:177.10.232.124	SESSION-007ba64cafd5a15c → host:177.10.232.124
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fa6f99be6bce12b0:SESSION-fa6f99be6bce12b0	SESSION-fa6f99be6bce12b0 → pe:tls:SESSION-fa6f99be6bce12b0
FLOW_DST_PORTOBS	e:fp:flow:ca4f3a212e98:port:tcp:443	flow:ca4f3a212e98 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65a2e80880ae05c5:SESSION-65a2e80880ae05c5	SESSION-65a2e80880ae05c5 → pe:syn:SESSION-65a2e80880ae05c5
HOST_IN_ASNOBS 85%	e:ha:host:195.20.104.8:asn:214139	host:195.20.104.8 → asn:214139
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6635e725f15c4a26:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6635e725f15c4a26 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6e6afdb068db09de:SESSION-6e6afdb068db09de	SESSION-6e6afdb068db09de → pe:tls:SESSION-6e6afdb068db09de
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d75311b4cd1e33ff:host:131.196.28.129:host:172.234.197.23	SESSION-d75311b4cd1e33ff → host:131.196.28.129 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.79:asn:203771	host:31.40.196.79 → asn:203771
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e49b447cbf9c1ef7:PCAP:capture_20260430090001:065659c7d314	SESSION-e49b447cbf9c1ef7 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:29836bac5672	flow:29836bac5672 → host:95.135.228.136 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_TO_HOSTOBS	e:to:SESSION-cdf732629d327c4c:host:172.234.197.23	SESSION-cdf732629d327c4c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:180dff40240a	flow:180dff40240a → host:45.173.156.67 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9de9d154fbb04a83:host:131.196.28.0:host:172.234.197.23	SESSION-9de9d154fbb04a83 → host:131.196.28.0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3982f1a8e532b400:host:95.170.25.243	SESSION-3982f1a8e532b400 → host:95.170.25.243
flow_observed5-aryOBS	e:fo:flow:3c1aab944236	flow:3c1aab944236 → host:131.196.31.113 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7536a33faff5a95d:host:172.234.197.23	SESSION-7536a33faff5a95d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f83043602330:port:tcp:443	flow:f83043602330 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:78fc82b301d5	flow:78fc82b301d5 → host:97.139.12.85 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c6936c129ef58e74:SESSION-c6936c129ef58e74	SESSION-c6936c129ef58e74 → pe:syn:SESSION-c6936c129ef58e74
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b7d005fcddd05eb:host:131.196.31.95	SESSION-5b7d005fcddd05eb → host:131.196.31.95
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38a436ec3884f938:host:172.234.197.23	SESSION-38a436ec3884f938 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:90fb23778ba2	flow:90fb23778ba2 → host:172.234.197.23 → host:104.28.234.79 → port:tcp:50418
FLOW_TO_HOSTOBS	e:to:SESSION-ead5791c5617fb56:host:172.234.197.23	SESSION-ead5791c5617fb56 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3bc307f96255	flow:3bc307f96255 → host:177.10.234.119 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:11405b7410bd:port:tcp:21201	flow:11405b7410bd → port:tcp:21201
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-999a3a68382b7707:flow:9d5d9e92af7a	SESSION-999a3a68382b7707 → flow:9d5d9e92af7a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.57:geo_-16.28860_-49.01640	host:177.10.237.57 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bac5dc0e18d2349f:host:172.234.197.23	SESSION-bac5dc0e18d2349f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-44424f48705b3a9d:host:177.10.239.135:host:172.234.197.23	SESSION-44424f48705b3a9d → host:177.10.239.135 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-577376347fdfe894:flow:bb284da23027	SESSION-577376347fdfe894 → flow:bb284da23027
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.99:asn:262880	host:177.10.234.99 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-19009ef53e5ab2ef:SESSION-19009ef53e5ab2ef	SESSION-19009ef53e5ab2ef → pe:tls:SESSION-19009ef53e5ab2ef
FLOW_FROM_HOSTOBS	e:from:SESSION-a1375745ca86fe64:host:172.234.197.23	SESSION-a1375745ca86fe64 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5e9fbc6cb5f2:port:tcp:30402	flow:5e9fbc6cb5f2 → port:tcp:30402
FLOW_TO_HOSTOBS	e:to:SESSION-3bfa302feda190a0:host:131.196.30.142	SESSION-3bfa302feda190a0 → host:131.196.30.142
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-2c2ee5c4e3db47f8:BSG-DATA_EXFIL-8b14c7270c05	SESSION-2c2ee5c4e3db47f8 → BSG-DATA_EXFIL-8b14c7270c05
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1f003ce3fae962ee:PCAP:capture_20260430050001:8868731bf8a4	SESSION-1f003ce3fae962ee → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b0cba2347786f28d:host:177.10.235.85:host:172.234.197.23	SESSION-b0cba2347786f28d → host:177.10.235.85 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-096419478460628e:host:172.234.197.23	SESSION-096419478460628e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9cd8abbfdfb95d18:PCAP:capture_20260430150001:ded20914761d	SESSION-9cd8abbfdfb95d18 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:21e85bbf73fa:port:tcp:443	flow:21e85bbf73fa → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-b7caa5c0db9dc8d4:host:131.196.29.184	SESSION-b7caa5c0db9dc8d4 → host:131.196.29.184
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-323caf5dcc039926:PCAP:capture_20260430160001:9bfa4498506a	SESSION-323caf5dcc039926 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4cd4ae8706680eb9:host:172.234.197.23:host:131.196.29.164	SESSION-4cd4ae8706680eb9 → host:172.234.197.23 → host:131.196.29.164
flow_observed4-aryOBS	e:fo:flow:719154bccefe	flow:719154bccefe → host:172.234.197.23 → host:131.196.29.160 → port:tcp:51999
FLOW_DST_PORTOBS	e:fp:flow:6605cb18f1ab:port:tcp:443	flow:6605cb18f1ab → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:c806484b2435:port:tcp:443	flow:c806484b2435 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d4af1d7a3219c207:SESSION-d4af1d7a3219c207	SESSION-d4af1d7a3219c207 → pe:syn:SESSION-d4af1d7a3219c207
FLOW_DST_PORTOBS	e:fp:flow:5f3a08ecc862:port:tcp:443	flow:5f3a08ecc862 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c5a72a6fbc2381d:host:131.196.29.205	SESSION-1c5a72a6fbc2381d → host:131.196.29.205
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-63f078b7cf539982:SESSION-63f078b7cf539982	SESSION-63f078b7cf539982 → pe:syn:SESSION-63f078b7cf539982
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e08dddd9edfa5277:host:172.234.197.23	SESSION-e08dddd9edfa5277 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ca6098e1767361a3:host:172.234.197.23	SESSION-ca6098e1767361a3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aec4f33b062c0e6b:SESSION-aec4f33b062c0e6b	SESSION-aec4f33b062c0e6b → pe:tls:SESSION-aec4f33b062c0e6b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-122af33beaf7e9c5:SESSION-122af33beaf7e9c5	SESSION-122af33beaf7e9c5 → pe:tls:SESSION-122af33beaf7e9c5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-67fe6c66ab1f1fcd:SESSION-67fe6c66ab1f1fcd	SESSION-67fe6c66ab1f1fcd → pe:syn:SESSION-67fe6c66ab1f1fcd
flow_observed5-aryOBS	e:fo:flow:9a3e7ed89dbc	flow:9a3e7ed89dbc → host:177.10.238.64 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b22fd3d92fd3016:host:172.234.197.23	SESSION-9b22fd3d92fd3016 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c36eb4dd059a78a3:host:172.234.197.23	SESSION-c36eb4dd059a78a3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29cd9f7300aa5893:host:172.234.197.23	SESSION-29cd9f7300aa5893 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-44555c754c6c7558:SESSION-44555c754c6c7558	SESSION-44555c754c6c7558 → pe:syn:SESSION-44555c754c6c7558
FLOW_DST_PORTOBS	e:fp:flow:a6e0ee7010b9:port:tcp:57388	flow:a6e0ee7010b9 → port:tcp:57388
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-69ca44a412c8d221:SESSION-69ca44a412c8d221	SESSION-69ca44a412c8d221 → pe:syn:SESSION-69ca44a412c8d221
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3f275f56cd4e0d64:SESSION-3f275f56cd4e0d64	SESSION-3f275f56cd4e0d64 → pe:tls:SESSION-3f275f56cd4e0d64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ebb29f0c8a91fe62:SESSION-ebb29f0c8a91fe62	SESSION-ebb29f0c8a91fe62 → pe:tls:SESSION-ebb29f0c8a91fe62
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0e2a52b4f9db01a4:flow:b391f560b483	SESSION-0e2a52b4f9db01a4 → flow:b391f560b483
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-032a0dfc971c5b00:host:172.234.197.23	SESSION-032a0dfc971c5b00 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-23b772dcd58e4ef3:SESSION-23b772dcd58e4ef3	SESSION-23b772dcd58e4ef3 → pe:syn:SESSION-23b772dcd58e4ef3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b3254874520e1dae:host:131.196.31.203:host:172.234.197.23	SESSION-b3254874520e1dae → host:131.196.31.203 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2474eb623db0155:host:131.196.30.9	SESSION-b2474eb623db0155 → host:131.196.30.9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.224.252.115:geo_52.51960_13.40690	host:51.224.252.115 → geo_52.51960_13.40690
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-59e3e2edbc9b18fa:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-59e3e2edbc9b18fa → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.6:asn:262880	host:177.10.233.6 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d815390d9091f577:host:172.234.197.23	SESSION-d815390d9091f577 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bc2ea3f70e7bccaf:host:172.234.197.23:host:177.10.233.182	SESSION-bc2ea3f70e7bccaf → host:172.234.197.23 → host:177.10.233.182
FLOW_TO_HOSTOBS	e:to:SESSION-251fcdeeb3ee3f58:host:177.10.235.26	SESSION-251fcdeeb3ee3f58 → host:177.10.235.26
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dca77cba3fb011ca:host:172.234.197.23:host:177.10.238.205	SESSION-dca77cba3fb011ca → host:172.234.197.23 → host:177.10.238.205
FLOW_FROM_HOSTOBS	e:from:SESSION-08b25d9f54ecadf2:host:172.234.197.23	SESSION-08b25d9f54ecadf2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0bdeae27fd42a89:host:177.10.232.243	SESSION-f0bdeae27fd42a89 → host:177.10.232.243
FLOW_FROM_HOSTOBS	e:from:SESSION-6af366568a421f52:host:172.234.197.23	SESSION-6af366568a421f52 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6a46bc5971af02e3:host:94.183.177.120	SESSION-6a46bc5971af02e3 → host:94.183.177.120
FLOW_TO_HOSTOBS	e:to:SESSION-56e8cb1a5e296d06:host:177.10.237.144	SESSION-56e8cb1a5e296d06 → host:177.10.237.144
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9c8bcacffc7072b:host:172.232.0.16	SESSION-c9c8bcacffc7072b → host:172.232.0.16
FLOW_DST_PORTOBS	e:fp:flow:b64554ad3d41:port:tcp:443	flow:b64554ad3d41 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.255:asn:271410	host:131.196.30.255 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4636706714da3434:SESSION-4636706714da3434	SESSION-4636706714da3434 → pe:syn:SESSION-4636706714da3434
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b4ed0c7009b8f0d4:SESSION-b4ed0c7009b8f0d4	SESSION-b4ed0c7009b8f0d4 → pe:tls:SESSION-b4ed0c7009b8f0d4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4d6f38e3582127c:SESSION-c4d6f38e3582127c	SESSION-c4d6f38e3582127c → pe:tls:SESSION-c4d6f38e3582127c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-20c169d44973b1e9:SESSION-20c169d44973b1e9	SESSION-20c169d44973b1e9 → pe:syn:SESSION-20c169d44973b1e9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.173:geo_-16.28860_-49.01640	host:177.10.238.173 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.15:asn:203771	host:45.145.152.15 → asn:203771
FLOW_FROM_HOSTOBS	e:from:SESSION-526fa727f8be74e3:host:177.10.239.86	SESSION-526fa727f8be74e3 → host:177.10.239.86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f8362a96ce0b7626:SESSION-f8362a96ce0b7626	SESSION-f8362a96ce0b7626 → pe:syn:SESSION-f8362a96ce0b7626
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-082589f81acb7a8f:host:104.28.234.79:host:172.234.197.23	SESSION-082589f81acb7a8f → host:104.28.234.79 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-da14e430733ddeb2:SESSION-da14e430733ddeb2	SESSION-da14e430733ddeb2 → pe:tls:SESSION-da14e430733ddeb2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d6a1a522f9ca6e79:PCAP:capture_20260430060001:919b39a74464	SESSION-d6a1a522f9ca6e79 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-2a0d556a7af957b2:host:131.196.30.194	SESSION-2a0d556a7af957b2 → host:131.196.30.194
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cecd25b5e4e4c9c:host:177.10.234.89	SESSION-6cecd25b5e4e4c9c → host:177.10.234.89
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d77225c69f4fe117:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-d77225c69f4fe117 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:55f3a75120ee	flow:55f3a75120ee → host:131.196.28.97 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f6588417d002f2ed:host:45.173.156.170	SESSION-f6588417d002f2ed → host:45.173.156.170
FLOW_DST_PORTOBS	e:fp:flow:8287af1083ef:port:tcp:443	flow:8287af1083ef → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2604bc3e94e22829:host:172.234.197.23	SESSION-2604bc3e94e22829 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a24ae76392ce429:host:172.234.197.23	SESSION-7a24ae76392ce429 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3f12e4f5ba81c4d8:host:172.234.197.23	SESSION-3f12e4f5ba81c4d8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f76d275e2b42c8d0:host:172.234.197.23	SESSION-f76d275e2b42c8d0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fda5d1d0c89bbfd4:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-fda5d1d0c89bbfd4 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e576d93486607572:SESSION-e576d93486607572	SESSION-e576d93486607572 → pe:syn:SESSION-e576d93486607572
flow_observed5-aryOBS	e:fo:flow:7eb0540e2c7f	flow:7eb0540e2c7f → host:131.196.28.175 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7a70c074fb73905e:flow:6c16b3c1d71a	SESSION-7a70c074fb73905e → flow:6c16b3c1d71a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-37fa495f79e351e9:SESSION-37fa495f79e351e9	SESSION-37fa495f79e351e9 → pe:tls:SESSION-37fa495f79e351e9
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.222:asn:262880	host:177.10.234.222 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3414b775ddfde4b:host:177.10.238.194	SESSION-a3414b775ddfde4b → host:177.10.238.194
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.183:asn:271410	host:131.196.30.183 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:4cb1cab3440e:port:tcp:443	flow:4cb1cab3440e → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f2a561db8449259:PCAP:capture_20260430090001:065659c7d314	SESSION-4f2a561db8449259 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-49f6aac001a41393:PCAP:capture_20260430060001:919b39a74464	SESSION-49f6aac001a41393 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-757e5ed1a89f1610:SESSION-757e5ed1a89f1610	SESSION-757e5ed1a89f1610 → pe:syn:SESSION-757e5ed1a89f1610
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b475107bbd97ed39:host:172.234.197.23	SESSION-b475107bbd97ed39 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-df8de933ba817d8f:flow:a2955e8909e8	SESSION-df8de933ba817d8f → flow:a2955e8909e8
FLOW_TO_HOSTOBS	e:to:SESSION-6ae37c351bfd95cd:host:172.234.197.23	SESSION-6ae37c351bfd95cd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-99752db79d6c830d:host:131.196.30.184	SESSION-99752db79d6c830d → host:131.196.30.184
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.215:geo_-16.28860_-49.01640	host:177.10.232.215 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.114:geo_-23.62930_-46.63510	host:131.196.29.114 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-eaa7799a31d50d65:host:172.234.197.23	SESSION-eaa7799a31d50d65 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3e4fd7e6d9e6:port:tcp:17417	flow:3e4fd7e6d9e6 → port:tcp:17417
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e6800c9c0f40710:host:172.234.197.23	SESSION-0e6800c9c0f40710 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2479e88ee1ee68c6:flow:34dbff5e9e02	SESSION-2479e88ee1ee68c6 → flow:34dbff5e9e02
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6420523769b66d4c:host:172.234.197.23	SESSION-6420523769b66d4c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-082f90538556b940:host:172.234.197.23	SESSION-082f90538556b940 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-21cca31493e9287d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-21cca31493e9287d → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-2fc2bfb2b0c4767b:host:177.10.239.205	SESSION-2fc2bfb2b0c4767b → host:177.10.239.205
flow_observed4-aryOBS	e:fo:flow:9b30438b62ce	flow:9b30438b62ce → host:172.234.197.23 → host:131.196.31.91 → port:tcp:14033
flow_observed4-aryOBS	e:fo:flow:105d6e9d76b0	flow:105d6e9d76b0 → host:172.234.197.23 → host:177.10.236.57 → port:tcp:35101
flow_observed5-aryOBS	e:fo:flow:d11c40fa264a	flow:d11c40fa264a → host:177.10.232.67 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-677c9237241fc75d:host:45.173.156.68	SESSION-677c9237241fc75d → host:45.173.156.68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed29e6defb1050d9:host:177.10.234.152	SESSION-ed29e6defb1050d9 → host:177.10.234.152
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-74744b11834c8470:SESSION-74744b11834c8470	SESSION-74744b11834c8470 → pe:syn:SESSION-74744b11834c8470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6c5da4152a907bbd:flow:9232c73db8ec	SESSION-6c5da4152a907bbd → flow:9232c73db8ec
FLOW_TO_HOSTOBS	e:to:SESSION-a759d297db5368da:host:172.234.197.23	SESSION-a759d297db5368da → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f302c09f7d22a8d1:host:172.234.197.23	SESSION-f302c09f7d22a8d1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3854a3544c69d398:host:172.234.197.23:host:172.232.0.16	SESSION-3854a3544c69d398 → host:172.234.197.23 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28d97429831b8272:host:78.12.248.31	SESSION-28d97429831b8272 → host:78.12.248.31
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.83:asn:273470	host:45.173.156.83 → asn:273470
flow_observed5-aryOBS	e:fo:flow:e1c367b611de	flow:e1c367b611de → host:147.135.97.222 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c3db1a0404e21661:SESSION-c3db1a0404e21661	SESSION-c3db1a0404e21661 → pe:tls:SESSION-c3db1a0404e21661
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68adb943f73c50e9:host:172.234.197.23	SESSION-68adb943f73c50e9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db858a9d0e579c0c:flow:194ccbe06af6	SESSION-db858a9d0e579c0c → flow:194ccbe06af6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee5756ac65b5ed68:host:131.196.30.223	SESSION-ee5756ac65b5ed68 → host:131.196.30.223
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-41f0125815f54041:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-41f0125815f54041 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:b77838ce36c8	flow:b77838ce36c8 → host:177.10.232.91 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9c8bcacffc7072b:host:172.234.197.23	SESSION-c9c8bcacffc7072b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-63be833bbb100650:host:172.234.197.23	SESSION-63be833bbb100650 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a17077467e1bba6:host:177.10.237.111	SESSION-5a17077467e1bba6 → host:177.10.237.111
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f1cb2d411cdd6d7:PCAP:capture_20260430060001:919b39a74464	SESSION-4f1cb2d411cdd6d7 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dd2928203fc01c8b:SESSION-dd2928203fc01c8b	SESSION-dd2928203fc01c8b → pe:tls:SESSION-dd2928203fc01c8b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2354f30fe4af5f56:flow:70693ccf5e74	SESSION-2354f30fe4af5f56 → flow:70693ccf5e74
FLOW_DST_PORTOBS	e:fp:flow:ea5cad6713a3:port:tcp:55918	flow:ea5cad6713a3 → port:tcp:55918
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d2c659a567a628e2:host:172.234.197.23:host:177.10.236.41	SESSION-d2c659a567a628e2 → host:172.234.197.23 → host:177.10.236.41
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a899a8160ea28b7:host:177.10.237.188	SESSION-3a899a8160ea28b7 → host:177.10.237.188
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.91:asn:262880	host:177.10.237.91 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:0580c69484a4:port:tcp:443	flow:0580c69484a4 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.10:geo_-16.28860_-49.01640	host:177.10.233.10 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c652a29a62d722ea:flow:235168171731	SESSION-c652a29a62d722ea → flow:235168171731
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a5c85963c9f133e2:SESSION-a5c85963c9f133e2	SESSION-a5c85963c9f133e2 → pe:syn:SESSION-a5c85963c9f133e2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5c80786b4900f92c:SESSION-5c80786b4900f92c	SESSION-5c80786b4900f92c → pe:syn:SESSION-5c80786b4900f92c
flow_observed4-aryOBS	e:fo:flow:6597f6249945	flow:6597f6249945 → host:172.234.197.23 → host:177.10.237.15 → port:tcp:54100
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47fa70a72a159eed:host:172.234.197.23	SESSION-47fa70a72a159eed → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.125:geo_-23.62930_-46.63510	host:131.196.28.125 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89883827e26a2cf6:host:172.234.197.23	SESSION-89883827e26a2cf6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35fc058c4fe240ad:host:131.196.29.211	SESSION-35fc058c4fe240ad → host:131.196.29.211
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-27ea3c16306f2f5f:PCAP:capture_20260430090001:065659c7d314	SESSION-27ea3c16306f2f5f → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:9644c81b1050:port:tcp:443	flow:9644c81b1050 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ba96028c0d9bf0a3:SESSION-ba96028c0d9bf0a3	SESSION-ba96028c0d9bf0a3 → pe:syn:SESSION-ba96028c0d9bf0a3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c83c0a366733c9bb:host:172.234.197.23	SESSION-c83c0a366733c9bb → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:dd631d17b504	flow:dd631d17b504 → host:131.196.28.139 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-9582152c6f7e826d:host:172.234.197.23	SESSION-9582152c6f7e826d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0ce4962ca3a156ee:PCAP:capture_20260430110001:43611bdf6759	SESSION-0ce4962ca3a156ee → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-e36c77c5ab0d7e92:SESSION-e36c77c5ab0d7e92	SESSION-e36c77c5ab0d7e92 → pe:rst:SESSION-e36c77c5ab0d7e92
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.52:geo_41.00190_28.96450	host:92.112.71.52 → geo_41.00190_28.96450
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.240:asn:271410	host:131.196.31.240 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-06d2ad4243fb8941:host:131.196.30.12:host:172.234.197.23	SESSION-06d2ad4243fb8941 → host:131.196.30.12 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.241:geo_-23.62930_-46.63510	host:131.196.28.241 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-7c96791011a0f6f2:host:172.234.197.23	SESSION-7c96791011a0f6f2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c390a73ee41b4c6d:host:103.230.240.59	SESSION-c390a73ee41b4c6d → host:103.230.240.59
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e3a0847605e0d04e:flow:d484f7132ed0	SESSION-e3a0847605e0d04e → flow:d484f7132ed0
flow_observed4-aryOBS	e:fo:flow:411f88e09190	flow:411f88e09190 → host:172.234.197.23 → host:177.10.233.54 → port:tcp:22561
FLOW_DST_PORTOBS	e:fp:flow:3639fff40dd8:port:tcp:443	flow:3639fff40dd8 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:7034e2e8b8e3:port:tcp:443	flow:7034e2e8b8e3 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-609fd31f908d95c5:host:177.10.239.55	SESSION-609fd31f908d95c5 → host:177.10.239.55
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.219:asn:262880	host:177.10.232.219 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:4fedbb5ad08e:port:tcp:13408	flow:4fedbb5ad08e → port:tcp:13408
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e0284f837155748:host:172.234.197.23:host:177.10.236.63	SESSION-7e0284f837155748 → host:172.234.197.23 → host:177.10.236.63
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ad31d7217a236b09:PCAP:capture_20260430110001:43611bdf6759	SESSION-ad31d7217a236b09 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-5eed95be9c1a7022:host:131.196.29.33	SESSION-5eed95be9c1a7022 → host:131.196.29.33
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.115:geo_-23.62930_-46.63510	host:131.196.28.115 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-381a0e70ba36b75c:host:131.196.31.69:host:172.234.197.23	SESSION-381a0e70ba36b75c → host:131.196.31.69 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a1775d39c56b:port:tcp:28153	flow:a1775d39c56b → port:tcp:28153
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0debd2a005265c6e:host:45.173.156.35:host:172.234.197.23	SESSION-0debd2a005265c6e → host:45.173.156.35 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9a41357d15f4	flow:9a41357d15f4 → host:95.135.228.10 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4bd79e02a6b67038:host:78.12.17.95:host:172.234.197.23	SESSION-4bd79e02a6b67038 → host:78.12.17.95 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e4bb5568f0e725a3:host:172.234.197.23	SESSION-e4bb5568f0e725a3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c22096904d93:port:tcp:443	flow:c22096904d93 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9c4ebc5699ec1c63:host:172.234.197.23:host:177.10.238.116	SESSION-9c4ebc5699ec1c63 → host:172.234.197.23 → host:177.10.238.116
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9466cbe9e9dd26aa:host:172.234.197.23:host:177.10.233.32	SESSION-9466cbe9e9dd26aa → host:172.234.197.23 → host:177.10.233.32
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5d0f919734488d0b:SESSION-5d0f919734488d0b	SESSION-5d0f919734488d0b → pe:tls:SESSION-5d0f919734488d0b
FLOW_FROM_HOSTOBS	e:from:SESSION-7c6e69b3f05bcd99:host:177.10.239.84	SESSION-7c6e69b3f05bcd99 → host:177.10.239.84
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf36cee0aa989ce3:host:177.10.236.141:host:172.234.197.23	SESSION-bf36cee0aa989ce3 → host:177.10.236.141 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7af80619f13211ba:host:37.221.79.224	SESSION-7af80619f13211ba → host:37.221.79.224
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b9ca26e5420bb5bf:SESSION-b9ca26e5420bb5bf	SESSION-b9ca26e5420bb5bf → pe:syn:SESSION-b9ca26e5420bb5bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4dd5260308cf6ea:flow:e133ec05acd6	SESSION-c4dd5260308cf6ea → flow:e133ec05acd6
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.49:asn:262880	host:177.10.233.49 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81de972e9a362700:host:95.135.228.1	SESSION-81de972e9a362700 → host:95.135.228.1
flow_observed4-aryOBS	e:fo:flow:4b4d3205861f	flow:4b4d3205861f → host:172.234.197.23 → host:131.196.28.19 → port:tcp:62120
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6a66568eff025692:SESSION-6a66568eff025692	SESSION-6a66568eff025692 → pe:syn:SESSION-6a66568eff025692
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ef5ed6d64625f76:host:172.234.197.23:host:131.196.28.242	SESSION-8ef5ed6d64625f76 → host:172.234.197.23 → host:131.196.28.242
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ec4c9189aa8273c:host:172.234.197.23	SESSION-2ec4c9189aa8273c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-70a92a3cd71eafd5:host:177.10.235.34	SESSION-70a92a3cd71eafd5 → host:177.10.235.34
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7738f57138403f60:SESSION-7738f57138403f60	SESSION-7738f57138403f60 → pe:syn:SESSION-7738f57138403f60
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0ba40ec67b0f6097:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0ba40ec67b0f6097 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-6263455e390c054e:host:177.10.237.216	SESSION-6263455e390c054e → host:177.10.237.216
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-09c382be05e629ee:SESSION-09c382be05e629ee	SESSION-09c382be05e629ee → pe:tls:SESSION-09c382be05e629ee
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7c274d9ac0119175:PCAP:capture_20260430080001:93f47cc296a4	SESSION-7c274d9ac0119175 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ce2516dd8311d56:SESSION-1ce2516dd8311d56	SESSION-1ce2516dd8311d56 → pe:syn:SESSION-1ce2516dd8311d56
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-09e9de69a12074bb:PCAP:capture_20260430150001:ded20914761d	SESSION-09e9de69a12074bb → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d59ff2f2672e21c:host:172.234.197.23	SESSION-0d59ff2f2672e21c → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.196:geo_-16.28860_-49.01640	host:177.10.233.196 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:72830d708a5c	flow:72830d708a5c → host:92.112.71.183 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_DST_PORTOBS	e:fp:flow:b01ee652321d:port:tcp:443	flow:b01ee652321d → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:f9432a8af193	flow:f9432a8af193 → host:131.196.29.203 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:95e6c73ff7d7:port:tcp:443	flow:95e6c73ff7d7 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:240bff1f6054:port:tcp:443	flow:240bff1f6054 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b8a147e2e8b42f79:SESSION-b8a147e2e8b42f79	SESSION-b8a147e2e8b42f79 → pe:syn:SESSION-b8a147e2e8b42f79
FLOW_FROM_HOSTOBS	e:from:SESSION-c977b8f3627ab3c3:host:172.234.197.23	SESSION-c977b8f3627ab3c3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-25f56036928a5a45:host:172.234.197.23	SESSION-25f56036928a5a45 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c0cb5698f1d5957a:SESSION-c0cb5698f1d5957a	SESSION-c0cb5698f1d5957a → pe:rst:SESSION-c0cb5698f1d5957a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0f20859a8cab5c7a:PCAP:capture_20260430090001:065659c7d314	SESSION-0f20859a8cab5c7a → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.214:asn:271410	host:131.196.30.214 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-548dd69287ac8927:PCAP:capture_20260430080001:93f47cc296a4	SESSION-548dd69287ac8927 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-fda1fcad7dd8a834:host:172.234.197.23	SESSION-fda1fcad7dd8a834 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa31472460997bf3:PCAP:capture_20260430110001:43611bdf6759	SESSION-aa31472460997bf3 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf68ee1b1745b1ca:SESSION-bf68ee1b1745b1ca	SESSION-bf68ee1b1745b1ca → pe:syn:SESSION-bf68ee1b1745b1ca
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0debd2a005265c6e:host:45.173.156.35	SESSION-0debd2a005265c6e → host:45.173.156.35
flow_observed4-aryOBS	e:fo:flow:02bec74f62e0	flow:02bec74f62e0 → host:172.234.197.23 → host:131.196.29.26 → port:tcp:33435
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c60d99c484411b4:host:172.234.197.23	SESSION-5c60d99c484411b4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4354e5bc798bd13a:flow:5466f79125fb	SESSION-4354e5bc798bd13a → flow:5466f79125fb
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.93:asn:262880	host:177.10.233.93 → asn:262880
flow_observed5-aryOBS	e:fo:flow:6ca74d3a8e5f	flow:6ca74d3a8e5f → host:131.196.31.27 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4d1c4ac80a0d275:host:131.196.30.98	SESSION-c4d1c4ac80a0d275 → host:131.196.30.98
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.117:geo_-16.28860_-49.01640	host:177.10.234.117 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-acd63ec8ffcea8e7:host:172.234.197.23	SESSION-acd63ec8ffcea8e7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-276035998be5d0c6:host:131.196.30.56	SESSION-276035998be5d0c6 → host:131.196.30.56
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e61eb47c134600b1:host:177.10.232.167:host:172.234.197.23	SESSION-e61eb47c134600b1 → host:177.10.232.167 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f778ec59760ca534:flow:c43288878bab	SESSION-f778ec59760ca534 → flow:c43288878bab
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-08d3390238946fda:host:195.154.100.87:host:172.234.197.23	SESSION-08d3390238946fda → host:195.154.100.87 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:cf10ff39f766:port:tcp:443	flow:cf10ff39f766 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2619cb568c6b860e:flow:c7dc5afda64e	SESSION-2619cb568c6b860e → flow:c7dc5afda64e
flow_observed5-aryOBS	e:fo:flow:c0880772c3a5	flow:c0880772c3a5 → host:177.10.238.163 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-136fe1663b76b4f2:host:172.234.197.23:host:177.10.237.49	SESSION-136fe1663b76b4f2 → host:172.234.197.23 → host:177.10.237.49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0bc55e1159bab546:SESSION-0bc55e1159bab546	SESSION-0bc55e1159bab546 → pe:syn:SESSION-0bc55e1159bab546
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2cb78a800ce3917:host:177.10.232.168	SESSION-c2cb78a800ce3917 → host:177.10.232.168
flow_observed5-aryOBS	e:fo:flow:b2bdb96a74f9	flow:b2bdb96a74f9 → host:177.10.235.254 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b145e081d4e87ab3:host:177.10.239.221:host:172.234.197.23	SESSION-b145e081d4e87ab3 → host:177.10.239.221 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4bfb1fbb46ab	flow:4bfb1fbb46ab → host:177.10.237.132 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:8afecebd30fc	flow:8afecebd30fc → host:177.10.233.115 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7832d3594ed31e4:SESSION-b7832d3594ed31e4	SESSION-b7832d3594ed31e4 → pe:tls:SESSION-b7832d3594ed31e4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaae06fce38c131f:host:172.234.197.23	SESSION-eaae06fce38c131f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5e785a603a1b	flow:5e785a603a1b → host:177.10.239.164 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:434276056bf3	flow:434276056bf3 → host:177.10.236.176 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2eff7ebef8fd9091:host:172.234.197.23	SESSION-2eff7ebef8fd9091 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ffe985a3149f	flow:ffe985a3149f → host:45.173.156.13 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-42eae260ad8ea663:flow:8f568a8ff1de	SESSION-42eae260ad8ea663 → flow:8f568a8ff1de
FLOW_FROM_HOSTOBS	e:from:SESSION-14e24a51491967d5:host:163.192.126.71	SESSION-14e24a51491967d5 → host:163.192.126.71
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.14:geo_-16.28860_-49.01640	host:177.10.236.14 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bce308e5c94583d6:SESSION-bce308e5c94583d6	SESSION-bce308e5c94583d6 → pe:tls:SESSION-bce308e5c94583d6
FLOW_TO_HOSTOBS	e:to:SESSION-c8a57b2200e62e75:host:172.234.197.23	SESSION-c8a57b2200e62e75 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-91196c5d66e04f5c:SESSION-91196c5d66e04f5c	SESSION-91196c5d66e04f5c → pe:syn:SESSION-91196c5d66e04f5c
flow_observed4-aryOBS	e:fo:flow:042a169e6320	flow:042a169e6320 → host:172.234.197.23 → host:131.196.28.16 → port:tcp:29010
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e6437ba0c2aceec:host:45.173.156.44	SESSION-1e6437ba0c2aceec → host:45.173.156.44
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c1ac661b3c1fca0:host:172.234.197.23	SESSION-4c1ac661b3c1fca0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-eaed9d07c71d3d80:host:172.234.197.23	SESSION-eaed9d07c71d3d80 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-884df81342ed3b04:host:172.234.197.23:host:177.10.239.24	SESSION-884df81342ed3b04 → host:172.234.197.23 → host:177.10.239.24
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03f7a565a7cd59d8:host:199.195.254.215	SESSION-03f7a565a7cd59d8 → host:199.195.254.215
flow_observed5-aryOBS	e:fo:flow:e99aac970179	flow:e99aac970179 → host:177.10.233.127 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-d8d8471d99b0ccf5:host:177.10.239.28	SESSION-d8d8471d99b0ccf5 → host:177.10.239.28
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5f416b1590e3cca4:host:177.10.236.247:host:172.234.197.23	SESSION-5f416b1590e3cca4 → host:177.10.236.247 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fe3fb5807179bb52:host:172.234.197.23	SESSION-fe3fb5807179bb52 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1be36b841cb9bb38:host:131.196.30.169	SESSION-1be36b841cb9bb38 → host:131.196.30.169
FLOW_FROM_HOSTOBS	e:from:SESSION-36f959353527c71a:host:172.234.197.23	SESSION-36f959353527c71a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee2f1f025d37aa07:host:172.234.197.23	SESSION-ee2f1f025d37aa07 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c59a88aa03340e00:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c59a88aa03340e00 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24f08652bbd6b16b:host:172.234.197.23	SESSION-24f08652bbd6b16b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e5ba4a44df249a00:SESSION-e5ba4a44df249a00	SESSION-e5ba4a44df249a00 → pe:syn:SESSION-e5ba4a44df249a00
flow_observed5-aryOBS	e:fo:flow:7ccb0cb641f4	flow:7ccb0cb641f4 → host:177.10.238.93 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e217016f21152908:flow:616dac6316b5	SESSION-e217016f21152908 → flow:616dac6316b5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fa08911a1f564da4:host:45.145.152.204:host:172.234.197.23	SESSION-fa08911a1f564da4 → host:45.145.152.204 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-53ca21169d5f7469:host:172.234.197.23	SESSION-53ca21169d5f7469 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e87421895e57790a:host:172.234.197.23	SESSION-e87421895e57790a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3982f1a8e532b400:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-3982f1a8e532b400 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ac55ff303c5de83:SESSION-1ac55ff303c5de83	SESSION-1ac55ff303c5de83 → pe:tls:SESSION-1ac55ff303c5de83
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eecb9eac95f77073:host:177.10.239.219:host:172.234.197.23	SESSION-eecb9eac95f77073 → host:177.10.239.219 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b8254c8ce12b:port:tcp:443	flow:b8254c8ce12b → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:504bc5233da5:port:tcp:39587	flow:504bc5233da5 → port:tcp:39587
FLOW_FROM_HOSTOBS	e:from:SESSION-367c844590f11a50:host:172.234.197.23	SESSION-367c844590f11a50 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f07ae9327f23:port:tcp:443	flow:f07ae9327f23 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:e3dcadda68db	flow:e3dcadda68db → host:177.10.232.251 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:998829d1b012:port:tcp:443	flow:998829d1b012 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-44d3fd3ee1d51da1:SESSION-44d3fd3ee1d51da1	SESSION-44d3fd3ee1d51da1 → pe:tls:SESSION-44d3fd3ee1d51da1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.3:geo_-21.10010_-41.69200	host:45.173.156.3 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7cb141c8461d1a4d:SESSION-7cb141c8461d1a4d	SESSION-7cb141c8461d1a4d → pe:syn:SESSION-7cb141c8461d1a4d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e905599dc3c27c65:SESSION-e905599dc3c27c65	SESSION-e905599dc3c27c65 → pe:tls:SESSION-e905599dc3c27c65
FLOW_TO_HOSTOBS	e:to:SESSION-803381ec4a55866c:host:177.10.238.152	SESSION-803381ec4a55866c → host:177.10.238.152
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bded37485db78f4a:PCAP:capture_20260430110001:43611bdf6759	SESSION-bded37485db78f4a → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16b33dfc60975324:host:5.75.182.251	SESSION-16b33dfc60975324 → host:5.75.182.251
FLOW_TO_HOSTOBS	e:to:SESSION-8c60a94331c3e233:host:172.234.197.23	SESSION-8c60a94331c3e233 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-192cf58c18726bf1:host:172.234.197.23	SESSION-192cf58c18726bf1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c80fd68cbbc51442:host:172.234.197.23	SESSION-c80fd68cbbc51442 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afb2aada9aae789c:host:104.28.157.111	SESSION-afb2aada9aae789c → host:104.28.157.111
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37bca0dc2914cafb:flow:26ac88054b83	SESSION-37bca0dc2914cafb → flow:26ac88054b83
flow_observed5-aryOBS	e:fo:flow:84814d01cbbd	flow:84814d01cbbd → host:177.10.234.186 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e1b90ecadb949fa3:SESSION-e1b90ecadb949fa3	SESSION-e1b90ecadb949fa3 → pe:syn:SESSION-e1b90ecadb949fa3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf343490b1b7ef49:SESSION-bf343490b1b7ef49	SESSION-bf343490b1b7ef49 → pe:tls:SESSION-bf343490b1b7ef49
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e09f613cd450ebc9:host:131.196.30.74:host:172.234.197.23	SESSION-e09f613cd450ebc9 → host:131.196.30.74 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:3611369f9fee	flow:3611369f9fee → host:172.234.197.23 → host:45.173.156.2 → port:tcp:62665
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.195:asn:262880	host:177.10.233.195 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.20:asn:262880	host:177.10.233.20 → asn:262880
flow_observed3-aryOBS	e:fo:flow:983e7d9866fc	flow:983e7d9866fc → host:16.60.106.214 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-228e058fc2527275:host:177.10.235.118	SESSION-228e058fc2527275 → host:177.10.235.118
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-457bc509f900e32f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-457bc509f900e32f → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-727af4ad5af6cc01:host:172.234.197.23	SESSION-727af4ad5af6cc01 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4362813c4376	flow:4362813c4376 → host:177.10.234.84 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1e631f6e627b67d:host:177.10.239.196	SESSION-a1e631f6e627b67d → host:177.10.239.196
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.223:asn:262880	host:177.10.237.223 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d47b3cf0d6133fea:host:177.10.236.21:host:172.234.197.23	SESSION-d47b3cf0d6133fea → host:177.10.236.21 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7034c460bd0f5720:host:131.196.30.36	SESSION-7034c460bd0f5720 → host:131.196.30.36
FLOW_FROM_HOSTOBS	e:from:SESSION-97e21cf514a48728:host:172.234.197.23	SESSION-97e21cf514a48728 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-136fe1663b76b4f2:SESSION-136fe1663b76b4f2	SESSION-136fe1663b76b4f2 → pe:tls:SESSION-136fe1663b76b4f2
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.149:asn:273470	host:45.173.156.149 → asn:273470
flow_observed5-aryOBS	e:fo:flow:ce592ad1e762	flow:ce592ad1e762 → host:45.173.156.117 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ffcc2d542e7be59:host:177.10.237.5	SESSION-0ffcc2d542e7be59 → host:177.10.237.5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-27f830f77ddb5dd1:host:177.10.236.153:host:172.234.197.23	SESSION-27f830f77ddb5dd1 → host:177.10.236.153 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d17b7bdf4ae9fb2c:host:172.234.197.23	SESSION-d17b7bdf4ae9fb2c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:04aa2d3b9485:port:tcp:443	flow:04aa2d3b9485 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-caadff286c632ea0:host:40.177.170.73	SESSION-caadff286c632ea0 → host:40.177.170.73
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ad31d7217a236b09:flow:21fbd5ffa598	SESSION-ad31d7217a236b09 → flow:21fbd5ffa598
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3109063707c4a5e1:host:172.234.197.23	SESSION-3109063707c4a5e1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9e9c761e9ca1eb65:SESSION-9e9c761e9ca1eb65	SESSION-9e9c761e9ca1eb65 → pe:tls:SESSION-9e9c761e9ca1eb65
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fa35d0a8fa5d9f77:host:177.10.236.101:host:172.234.197.23	SESSION-fa35d0a8fa5d9f77 → host:177.10.236.101 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.229:asn:271410	host:131.196.29.229 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-60aea8c76fce71c9:SESSION-60aea8c76fce71c9	SESSION-60aea8c76fce71c9 → pe:syn:SESSION-60aea8c76fce71c9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-94bbfef7eb27207b:flow:52d611ee4d3f	SESSION-94bbfef7eb27207b → flow:52d611ee4d3f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3eb6cc7ca453157a:host:172.234.197.23	SESSION-3eb6cc7ca453157a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c83c0a366733c9bb:host:172.234.197.23	SESSION-c83c0a366733c9bb → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-05f783d5d2ea4019:host:172.234.197.23:host:177.10.238.140	SESSION-05f783d5d2ea4019 → host:172.234.197.23 → host:177.10.238.140
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d5b56d4198adefd3:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d5b56d4198adefd3 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d87083f9dd8844d:host:172.234.197.23	SESSION-7d87083f9dd8844d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:78589cc764f0:port:tcp:11384	flow:78589cc764f0 → port:tcp:11384
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.81:geo_-16.28860_-49.01640	host:177.10.232.81 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:684f698a3206:port:tcp:443	flow:684f698a3206 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.117:asn:262880	host:177.10.235.117 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-62b98bdaf08d2190:host:172.234.197.23	SESSION-62b98bdaf08d2190 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d8e075f82077	flow:d8e075f82077 → host:177.10.236.59 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.37:asn:271410	host:131.196.28.37 → asn:271410
flow_observed5-aryOBS	e:fo:flow:ee4982f68279	flow:ee4982f68279 → host:177.10.239.2 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d06d4272bf4950c7:host:177.10.234.243	SESSION-d06d4272bf4950c7 → host:177.10.234.243
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-997b652ef378c5d4:host:172.234.197.23:host:131.196.29.80	SESSION-997b652ef378c5d4 → host:172.234.197.23 → host:131.196.29.80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7bf4f785679ea3b:host:177.10.234.28	SESSION-f7bf4f785679ea3b → host:177.10.234.28
FLOW_FROM_HOSTOBS	e:from:SESSION-54016b03ecf1701c:host:172.234.197.23	SESSION-54016b03ecf1701c → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:475a10e825a7	flow:475a10e825a7 → host:51.224.78.219 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fbcca05a1b3df0cf:host:131.196.29.170	SESSION-fbcca05a1b3df0cf → host:131.196.29.170
FLOW_DST_PORTOBS	e:fp:flow:d8c9b51009f5:port:tcp:59587	flow:d8c9b51009f5 → port:tcp:59587
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8b9d154eee5d788:flow:6bf9f984b3f5	SESSION-c8b9d154eee5d788 → flow:6bf9f984b3f5
FLOW_TO_HOSTOBS	e:to:SESSION-b304bd763b72b95f:host:172.234.197.23	SESSION-b304bd763b72b95f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-518ecd8ebc2250f7:host:172.234.197.23:host:45.173.156.14	SESSION-518ecd8ebc2250f7 → host:172.234.197.23 → host:45.173.156.14
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e89ccbf4d277fb8:host:172.234.197.23	SESSION-7e89ccbf4d277fb8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-80c2fbd298f78f5d:flow:ca22a7528306	SESSION-80c2fbd298f78f5d → flow:ca22a7528306
flow_observed5-aryOBS	e:fo:flow:ee984b950533	flow:ee984b950533 → host:177.10.239.137 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-4faf0bdb2ec15f7a:host:177.10.237.54	SESSION-4faf0bdb2ec15f7a → host:177.10.237.54
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ad7ae70426d3354:host:131.196.28.223:host:172.234.197.23	SESSION-5ad7ae70426d3354 → host:131.196.28.223 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:923a547e64db	flow:923a547e64db → host:131.196.30.187 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-006e3a8766fa0c7d:host:177.10.239.139	SESSION-006e3a8766fa0c7d → host:177.10.239.139
FLOW_FROM_HOSTOBS	e:from:SESSION-379e8704803db8ae:host:177.10.237.132	SESSION-379e8704803db8ae → host:177.10.237.132
flow_observed5-aryOBS	e:fo:flow:8655dfcab066	flow:8655dfcab066 → host:177.10.236.116 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-1d975c41b16afdd4:host:177.10.234.27	SESSION-1d975c41b16afdd4 → host:177.10.234.27
FLOW_DST_PORTOBS	e:fp:flow:99b079c2bd3a:port:tcp:443	flow:99b079c2bd3a → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:6a96e5f8b346:port:tcp:50136	flow:6a96e5f8b346 → port:tcp:50136
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-44a5aa522f98da19:SESSION-44a5aa522f98da19	SESSION-44a5aa522f98da19 → pe:rst:SESSION-44a5aa522f98da19
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f181002c59096f4:host:172.234.197.23	SESSION-7f181002c59096f4 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-244625927b0e7703:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-244625927b0e7703 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-453cfacc8e209f2f:host:172.234.197.23:host:131.196.30.37	SESSION-453cfacc8e209f2f → host:172.234.197.23 → host:131.196.30.37
FLOW_FROM_HOSTOBS	e:from:SESSION-96cc205c664fccab:host:172.234.197.23	SESSION-96cc205c664fccab → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9c58d6336bd500b5:SESSION-9c58d6336bd500b5	SESSION-9c58d6336bd500b5 → pe:syn:SESSION-9c58d6336bd500b5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-95f80a98e12e105d:SESSION-95f80a98e12e105d	SESSION-95f80a98e12e105d → pe:tls:SESSION-95f80a98e12e105d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eed6a9b72737e44d:host:172.234.197.23:host:45.173.156.39	SESSION-eed6a9b72737e44d → host:172.234.197.23 → host:45.173.156.39
flow_observed4-aryOBS	e:fo:flow:5905fa7bc47f	flow:5905fa7bc47f → host:172.234.197.23 → host:45.173.156.31 → port:tcp:43193
FLOW_FROM_HOSTOBS	e:from:SESSION-51c7000fcfeb98d4:host:172.234.197.23	SESSION-51c7000fcfeb98d4 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.249:asn:203771	host:45.145.152.249 → asn:203771
flow_observed5-aryOBS	e:fo:flow:29ca525d09fc	flow:29ca525d09fc → host:177.10.234.75 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.223:asn:271410	host:131.196.30.223 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-905e7318b3a63042:host:177.10.236.7:host:172.234.197.23	SESSION-905e7318b3a63042 → host:177.10.236.7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a238538ee50c7862:PCAP:capture_20260430150001:ded20914761d	SESSION-a238538ee50c7862 → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-02e2db787a51689b:host:131.196.31.32:host:172.234.197.23	SESSION-02e2db787a51689b → host:131.196.31.32 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e673f566483c0ed3:host:172.234.197.23:host:131.196.28.7	SESSION-e673f566483c0ed3 → host:172.234.197.23 → host:131.196.28.7
FLOW_DST_PORTOBS	e:fp:flow:f4c6bf1043ac:port:tcp:37212	flow:f4c6bf1043ac → port:tcp:37212
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cac7290643404699:SESSION-cac7290643404699	SESSION-cac7290643404699 → pe:syn:SESSION-cac7290643404699
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ac9ecab386602d8f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ac9ecab386602d8f → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8624692ea119f1f3:SESSION-8624692ea119f1f3	SESSION-8624692ea119f1f3 → pe:tls:SESSION-8624692ea119f1f3
FLOW_DST_PORTOBS	e:fp:flow:f6708e611b35:port:tcp:2457	flow:f6708e611b35 → port:tcp:2457
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce973eb9d12ea742:host:174.202.97.85	SESSION-ce973eb9d12ea742 → host:174.202.97.85
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.236:asn:262880	host:177.10.235.236 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6fd2d6a70384f754:flow:5227bbafa149	SESSION-6fd2d6a70384f754 → flow:5227bbafa149
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3f1e2986117d2a1f:SESSION-3f1e2986117d2a1f	SESSION-3f1e2986117d2a1f → pe:syn:SESSION-3f1e2986117d2a1f
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.87:asn:271410	host:131.196.31.87 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5a74cc524a51e3d:host:172.234.197.23	SESSION-d5a74cc524a51e3d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-02836b6eb824cc45:host:172.234.197.23:host:131.196.30.98	SESSION-02836b6eb824cc45 → host:172.234.197.23 → host:131.196.30.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-007ba64cafd5a15c:SESSION-007ba64cafd5a15c	SESSION-007ba64cafd5a15c → pe:syn:SESSION-007ba64cafd5a15c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eaf9de21464647a2:flow:de8c7a745d46	SESSION-eaf9de21464647a2 → flow:de8c7a745d46
FLOW_DST_PORTOBS	e:fp:flow:241ea1fbd65f:port:tcp:54525	flow:241ea1fbd65f → port:tcp:54525
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21ae4bade70b1440:host:172.234.197.23	SESSION-21ae4bade70b1440 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8132ea082e988f13:host:177.10.239.57	SESSION-8132ea082e988f13 → host:177.10.239.57
FLOW_DST_PORTOBS	e:fp:flow:a6f690ed8e7b:port:tcp:443	flow:a6f690ed8e7b → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:ff3a11bb817b:port:tcp:443	flow:ff3a11bb817b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42d2a5353a30deb6:host:177.10.238.152	SESSION-42d2a5353a30deb6 → host:177.10.238.152
FLOW_FROM_HOSTOBS	e:from:SESSION-7edb52a0a7553f53:host:131.196.29.23	SESSION-7edb52a0a7553f53 → host:131.196.29.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a33a5bbd98f17a5b:host:5.182.209.49	SESSION-a33a5bbd98f17a5b → host:5.182.209.49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2a81d3c71843f89e:SESSION-2a81d3c71843f89e	SESSION-2a81d3c71843f89e → pe:tls:SESSION-2a81d3c71843f89e
FLOW_DST_PORTOBS	e:fp:flow:b391f560b483:port:tcp:443	flow:b391f560b483 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6c8dea047b3a203b:SESSION-6c8dea047b3a203b	SESSION-6c8dea047b3a203b → pe:syn:SESSION-6c8dea047b3a203b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-16b002b5a5ba0e61:flow:a22b87d5bf56	SESSION-16b002b5a5ba0e61 → flow:a22b87d5bf56
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-158ec8f739ce5586:host:131.196.30.68:host:172.234.197.23	SESSION-158ec8f739ce5586 → host:131.196.30.68 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f5b7d4cd5351b11:host:172.234.197.23	SESSION-8f5b7d4cd5351b11 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-89c3cc1547edab47:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-89c3cc1547edab47 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:e4dd419a2453	flow:e4dd419a2453 → host:131.196.30.61 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-623bd72e2e38d66b:flow:198bd9bc5e38	SESSION-623bd72e2e38d66b → flow:198bd9bc5e38
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2969d43ba10a409c:host:45.173.156.119	SESSION-2969d43ba10a409c → host:45.173.156.119
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4325a6893dda791:SESSION-c4325a6893dda791	SESSION-c4325a6893dda791 → pe:syn:SESSION-c4325a6893dda791
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39aafc698c61dd93:host:177.10.235.248	SESSION-39aafc698c61dd93 → host:177.10.235.248
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa38dbd858d86f82:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-aa38dbd858d86f82 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-850471f172c9c8e6:SESSION-850471f172c9c8e6	SESSION-850471f172c9c8e6 → pe:syn:SESSION-850471f172c9c8e6
HOST_IN_ASNOBS 85%	e:ha:host:54.222.137.228:asn:55960	host:54.222.137.228 → asn:55960
flow_observed5-aryOBS	e:fo:flow:a3fe5d1002fc	flow:a3fe5d1002fc → host:177.10.233.235 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3a286fa1508a759d:host:177.10.232.59:host:172.234.197.23	SESSION-3a286fa1508a759d → host:177.10.232.59 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3e70a8d6fd08b895:host:172.234.197.23	SESSION-3e70a8d6fd08b895 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f9c5288639cc167:host:172.234.197.23	SESSION-3f9c5288639cc167 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.237:asn:271410	host:131.196.30.237 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ad42e8c66a89ee5:SESSION-8ad42e8c66a89ee5	SESSION-8ad42e8c66a89ee5 → pe:tls:SESSION-8ad42e8c66a89ee5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0fe55e7c11d50f79:SESSION-0fe55e7c11d50f79	SESSION-0fe55e7c11d50f79 → pe:tls:SESSION-0fe55e7c11d50f79
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-25a3718851106c53:flow:c1abf974bb89	SESSION-25a3718851106c53 → flow:c1abf974bb89
FLOW_TO_HOSTOBS	e:to:SESSION-88a21eebc91cc549:host:172.234.197.23	SESSION-88a21eebc91cc549 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.117:asn:262880	host:177.10.238.117 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-97a722c9ef92a65e:SESSION-97a722c9ef92a65e	SESSION-97a722c9ef92a65e → pe:syn:SESSION-97a722c9ef92a65e
FLOW_TO_HOSTOBS	e:to:SESSION-911659ba7d4041d9:host:172.234.197.23	SESSION-911659ba7d4041d9 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-89c2fe6aad8232be:host:45.173.156.131	SESSION-89c2fe6aad8232be → host:45.173.156.131
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-621f2e97c51ae8e1:host:172.234.197.23	SESSION-621f2e97c51ae8e1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be09ba54da571689:flow:d11d527af6d7	SESSION-be09ba54da571689 → flow:d11d527af6d7
FLOW_DST_PORTOBS	e:fp:flow:0572a0ca26a2:port:tcp:443	flow:0572a0ca26a2 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:96df7cf294bd:port:tcp:13023	flow:96df7cf294bd → port:tcp:13023
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ed473d20582b9e99:SESSION-ed473d20582b9e99	SESSION-ed473d20582b9e99 → pe:syn:SESSION-ed473d20582b9e99
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b12621bc2223af13:flow:6fa2b6fe9053	SESSION-b12621bc2223af13 → flow:6fa2b6fe9053
FLOW_TO_HOSTOBS	e:to:SESSION-1870bc27b62a60a2:host:177.10.234.186	SESSION-1870bc27b62a60a2 → host:177.10.234.186
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.201:asn:271410	host:131.196.30.201 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8d5fc6f7b2bd264:host:177.10.238.181	SESSION-c8d5fc6f7b2bd264 → host:177.10.238.181
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5c7bf6a31f6e2d56:host:172.234.197.23:host:2.57.122.194	SESSION-5c7bf6a31f6e2d56 → host:172.234.197.23 → host:2.57.122.194
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5f5575c7d9faf65d:PCAP:capture_20260430110001:43611bdf6759	SESSION-5f5575c7d9faf65d → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0634c65493dd9b22:host:131.196.31.171:host:172.234.197.23	SESSION-0634c65493dd9b22 → host:131.196.31.171 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.3:asn:271410	host:131.196.29.3 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-202b4507c8c6a688:flow:a2c47ad0c791	SESSION-202b4507c8c6a688 → flow:a2c47ad0c791
FLOW_FROM_HOSTOBS	e:from:SESSION-c9a9ddd86aa762a0:host:172.234.197.23	SESSION-c9a9ddd86aa762a0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-784ef99bf699df93:host:104.28.202.77:host:172.234.197.23	SESSION-784ef99bf699df93 → host:104.28.202.77 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ef41947f9929862:host:172.234.197.23:host:131.196.28.142	SESSION-8ef41947f9929862 → host:172.234.197.23 → host:131.196.28.142
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d147f8cae941ed80:SESSION-d147f8cae941ed80	SESSION-d147f8cae941ed80 → pe:tls:SESSION-d147f8cae941ed80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d2af0189f90c79b2:flow:3e8e71298b45	SESSION-d2af0189f90c79b2 → flow:3e8e71298b45
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.186:asn:262880	host:177.10.236.186 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.222:asn:262880	host:177.10.235.222 → asn:262880
flow_observed5-aryOBS	e:fo:flow:6c0273891f97	flow:6c0273891f97 → host:177.10.233.51 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-919ba311fe0cedbc:host:131.196.30.64	SESSION-919ba311fe0cedbc → host:131.196.30.64
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.14:asn:262880	host:177.10.236.14 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-14d5e1e17a6f21ad:host:177.10.232.242	SESSION-14d5e1e17a6f21ad → host:177.10.232.242
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-32626bc077790390:host:131.196.30.74:host:172.234.197.23	SESSION-32626bc077790390 → host:131.196.30.74 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.158:asn:262880	host:177.10.239.158 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-671350c0b0fa8f65:PCAP:capture_20260430070001:903a0e7a436b	SESSION-671350c0b0fa8f65 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-68010cf4db790ce8:SESSION-68010cf4db790ce8	SESSION-68010cf4db790ce8 → pe:rst:SESSION-68010cf4db790ce8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-baf09a66da0e4962:flow:55c81ca43275	SESSION-baf09a66da0e4962 → flow:55c81ca43275
flow_observed5-aryOBS	e:fo:flow:c9e3ada284c1	flow:c9e3ada284c1 → host:131.196.30.230 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-608f6686d64f8e3e:host:177.10.236.92	SESSION-608f6686d64f8e3e → host:177.10.236.92
FLOW_DST_PORTOBS	e:fp:flow:ec874a67e7cd:port:tcp:13815	flow:ec874a67e7cd → port:tcp:13815
flow_observed3-aryOBS	e:fo:flow:f8cbd06fd16f	flow:f8cbd06fd16f → host:35.95.128.58 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-96afec3035986aab:host:172.234.197.23	SESSION-96afec3035986aab → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-621f42bc5edaa56f:host:131.196.30.37	SESSION-621f42bc5edaa56f → host:131.196.30.37
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92484e45d6e7b321:host:185.72.218.77	SESSION-92484e45d6e7b321 → host:185.72.218.77
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4325a6893dda791:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c4325a6893dda791 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:78895a78917c:port:tcp:443	flow:78895a78917c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cbc4338326105aa3:PCAP:capture_20260430050001:8868731bf8a4	SESSION-cbc4338326105aa3 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cbc4338326105aa3:host:177.10.234.84	SESSION-cbc4338326105aa3 → host:177.10.234.84
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-366e271d3ddb3e11:PCAP:capture_20260430080001:93f47cc296a4	SESSION-366e271d3ddb3e11 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5bf52bbf16270a2a:PCAP:capture_20260430160001:9bfa4498506a	SESSION-5bf52bbf16270a2a → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9f9972302e9230d9:flow:350d70420336	SESSION-9f9972302e9230d9 → flow:350d70420336
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aee37cb69186d910:host:177.10.239.129	SESSION-aee37cb69186d910 → host:177.10.239.129
flow_observed5-aryOBS	e:fo:flow:53d02928b48f	flow:53d02928b48f → host:177.10.234.253 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:9c0494f4c271	flow:9c0494f4c271 → host:172.234.197.23 → host:177.10.238.163 → port:tcp:60679
flow_observed4-aryOBS	e:fo:flow:b173003c6346	flow:b173003c6346 → host:172.234.197.23 → host:177.10.238.189 → port:tcp:58600
FLOW_FROM_HOSTOBS	e:from:SESSION-1c0e19c2beda7d84:host:177.10.239.226	SESSION-1c0e19c2beda7d84 → host:177.10.239.226
FLOW_FROM_HOSTOBS	e:from:SESSION-793a524af1982647:host:3.102.169.199	SESSION-793a524af1982647 → host:3.102.169.199
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4081c2e8ed1c2925:host:172.234.197.23:host:131.196.31.27	SESSION-4081c2e8ed1c2925 → host:172.234.197.23 → host:131.196.31.27
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.192:asn:271410	host:131.196.31.192 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.144:geo_-16.28860_-49.01640	host:177.10.233.144 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c80fd68cbbc51442:PCAP:capture_20260430060001:919b39a74464	SESSION-c80fd68cbbc51442 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-80f99961f353c40e:host:104.28.202.80:host:172.234.197.23	SESSION-80f99961f353c40e → host:104.28.202.80 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2f1d9ef885e7	flow:2f1d9ef885e7 → host:45.173.156.254 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dad0ff120323eed1:host:177.10.237.227	SESSION-dad0ff120323eed1 → host:177.10.237.227
flow_observed5-aryOBS	e:fo:flow:be1f0d23506c	flow:be1f0d23506c → host:177.10.239.24 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-285399b7803aab9b:SESSION-285399b7803aab9b	SESSION-285399b7803aab9b → pe:syn:SESSION-285399b7803aab9b
FLOW_FROM_HOSTOBS	e:from:SESSION-c3b9d914716975ab:host:177.10.239.58	SESSION-c3b9d914716975ab → host:177.10.239.58
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fef93e1a24936adf:host:172.234.197.23	SESSION-fef93e1a24936adf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-defe39665fdb6580:SESSION-defe39665fdb6580	SESSION-defe39665fdb6580 → pe:tls:SESSION-defe39665fdb6580
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a03dc7893b60925b:host:172.234.197.23:host:177.10.237.161	SESSION-a03dc7893b60925b → host:172.234.197.23 → host:177.10.237.161
flow_observed5-aryOBS	e:fo:flow:179a27b6c82f	flow:179a27b6c82f → host:131.196.28.157 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-745ac23dbe7bf2d2:host:177.10.233.53:host:172.234.197.23	SESSION-745ac23dbe7bf2d2 → host:177.10.233.53 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9d59512d9649ead5:SESSION-9d59512d9649ead5	SESSION-9d59512d9649ead5 → pe:tls:SESSION-9d59512d9649ead5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-accb56e5453b3fbd:host:45.173.156.3:host:172.234.197.23	SESSION-accb56e5453b3fbd → host:45.173.156.3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3e48eb65a424	flow:3e48eb65a424 → host:177.10.239.67 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b69e4016453478aa:flow:253dd770fdc9	SESSION-b69e4016453478aa → flow:253dd770fdc9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2df5a0c07309bf07:flow:d3362d5dbe1e	SESSION-2df5a0c07309bf07 → flow:d3362d5dbe1e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0414bb340c93930b:flow:c8519290c6a5	SESSION-0414bb340c93930b → flow:c8519290c6a5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0fd6726780ee8778:SESSION-0fd6726780ee8778	SESSION-0fd6726780ee8778 → pe:syn:SESSION-0fd6726780ee8778
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77c4b389d95f1453:flow:12f29ad30879	SESSION-77c4b389d95f1453 → flow:12f29ad30879
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e872279913929717:host:172.234.197.23	SESSION-e872279913929717 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.124:asn:262880	host:177.10.238.124 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.89:asn:262880	host:177.10.234.89 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.5:asn:262880	host:177.10.239.5 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e12e5221262ce88f:host:172.234.197.23:host:2.57.122.192	SESSION-e12e5221262ce88f → host:172.234.197.23 → host:2.57.122.192
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8f8f919bfd11f34b:flow:6526fd742d74	SESSION-8f8f919bfd11f34b → flow:6526fd742d74
FLOW_FROM_HOSTOBS	e:from:SESSION-dc1a3553c9b143c5:host:131.196.31.205	SESSION-dc1a3553c9b143c5 → host:131.196.31.205
FLOW_FROM_HOSTOBS	e:from:SESSION-d9c211d2931ae713:host:131.196.30.11	SESSION-d9c211d2931ae713 → host:131.196.30.11
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5e08e3213e2e0e28:host:177.10.234.219:host:172.234.197.23	SESSION-5e08e3213e2e0e28 → host:177.10.234.219 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6113f2cc2cfc5017:host:172.234.197.23	SESSION-6113f2cc2cfc5017 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f92c0af2b04d2b16:host:172.234.197.23	SESSION-f92c0af2b04d2b16 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d43ecb134342fe00:host:172.234.197.23	SESSION-d43ecb134342fe00 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e853a157c23802e1:flow:6b1835ff26c3	SESSION-e853a157c23802e1 → flow:6b1835ff26c3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e57fbe39684f8bc8:flow:bd6abeea0073	SESSION-e57fbe39684f8bc8 → flow:bd6abeea0073
flow_observed5-aryOBS	e:fo:flow:970629490006	flow:970629490006 → host:131.196.31.100 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c184642b13b6de27:host:177.10.239.2:host:172.234.197.23	SESSION-c184642b13b6de27 → host:177.10.239.2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f81e7ae5e8e38135:host:172.234.197.23	SESSION-f81e7ae5e8e38135 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.114:geo_-16.28860_-49.01640	host:177.10.236.114 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ddb8ef81f168c6c0:host:172.234.197.23	SESSION-ddb8ef81f168c6c0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c8984df52681cb36:host:177.10.234.140	SESSION-c8984df52681cb36 → host:177.10.234.140
FLOW_TO_HOSTOBS	e:to:SESSION-774b2bcff77bd614:host:177.10.238.235	SESSION-774b2bcff77bd614 → host:177.10.238.235
flow_observed4-aryOBS	e:fo:flow:bd0c0f3ef9a8	flow:bd0c0f3ef9a8 → host:172.234.197.23 → host:177.10.239.38 → port:tcp:15522
FLOW_TO_HOSTOBS	e:to:SESSION-be5c05381a363417:host:172.234.197.23	SESSION-be5c05381a363417 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.35:geo_-21.10010_-41.69200	host:45.173.156.35 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-46631c2a8361f405:host:177.10.233.123	SESSION-46631c2a8361f405 → host:177.10.233.123
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.143:asn:262880	host:177.10.236.143 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a176047016eec520:SESSION-a176047016eec520	SESSION-a176047016eec520 → pe:tls:SESSION-a176047016eec520
FLOW_FROM_HOSTOBS	e:from:SESSION-2ddf07020985eed3:host:177.10.237.151	SESSION-2ddf07020985eed3 → host:177.10.237.151
FLOW_FROM_HOSTOBS	e:from:SESSION-3fd74aeb66a6a85e:host:177.10.234.52	SESSION-3fd74aeb66a6a85e → host:177.10.234.52
FLOW_DST_PORTOBS	e:fp:flow:78e73b44f51c:port:tcp:51772	flow:78e73b44f51c → port:tcp:51772
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-d1191e0b24f1d121:SESSION-d1191e0b24f1d121	SESSION-d1191e0b24f1d121 → pe:rst:SESSION-d1191e0b24f1d121
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b2f232bbd4758bf:flow:793550407790	SESSION-7b2f232bbd4758bf → flow:793550407790
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ef3fadfeb89ec1c3:SESSION-ef3fadfeb89ec1c3	SESSION-ef3fadfeb89ec1c3 → pe:syn:SESSION-ef3fadfeb89ec1c3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0481c3a1b2d7b867:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0481c3a1b2d7b867 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:3dc8eab660f9:port:tcp:443	flow:3dc8eab660f9 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c31bc4788e97db71:PCAP:capture_20260430110001:43611bdf6759	SESSION-c31bc4788e97db71 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d9a539c485f657b5:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d9a539c485f657b5 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-43d9721f29111779:host:89.58.44.225:host:172.234.197.23	SESSION-43d9721f29111779 → host:89.58.44.225 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:48fd2710b8bf	flow:48fd2710b8bf → host:131.196.29.153 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:4c23aa66defb:port:tcp:16548	flow:4c23aa66defb → port:tcp:16548
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5d5941c68a821530:flow:e44cc1cbe9f3	SESSION-5d5941c68a821530 → flow:e44cc1cbe9f3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4b869f0759406bd5:flow:501aaf2159ed	SESSION-4b869f0759406bd5 → flow:501aaf2159ed
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-57096089299b193e:host:131.196.30.104:host:172.234.197.23	SESSION-57096089299b193e → host:131.196.30.104 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b391f560b483	flow:b391f560b483 → host:177.10.235.160 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-add028e8e7760fa2:host:172.234.197.23	SESSION-add028e8e7760fa2 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-b60a9d1a25ff8255:BSG-BEACON-85bd2bc80aee	SESSION-b60a9d1a25ff8255 → BSG-BEACON-85bd2bc80aee
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1995c5dc0203e07b:SESSION-1995c5dc0203e07b	SESSION-1995c5dc0203e07b → pe:syn:SESSION-1995c5dc0203e07b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-309223c775254000:SESSION-309223c775254000	SESSION-309223c775254000 → pe:dns:SESSION-309223c775254000
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f18f27343d540733:host:131.196.29.51:host:172.234.197.23	SESSION-f18f27343d540733 → host:131.196.29.51 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.172:geo_-23.62930_-46.63510	host:131.196.29.172 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-954e70596a40db71:host:172.234.197.23	SESSION-954e70596a40db71 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1c2781325e97:port:tcp:20796	flow:1c2781325e97 → port:tcp:20796
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.246:geo_-21.10010_-41.69200	host:45.173.156.246 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a486ebfba002f553:host:172.234.197.23	SESSION-a486ebfba002f553 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9eddb8081d100874:host:172.232.0.17	SESSION-9eddb8081d100874 → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-a9beff4b34540729:host:172.234.197.23	SESSION-a9beff4b34540729 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3b520e491b5957c0:host:172.234.197.23	SESSION-3b520e491b5957c0 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d60298c7dc6ec77f:flow:33ea2e46c94c	SESSION-d60298c7dc6ec77f → flow:33ea2e46c94c
flow_observed4-aryOBS	e:fo:flow:2eb460b087f2	flow:2eb460b087f2 → host:172.234.197.23 → host:131.196.28.246 → port:tcp:27110
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ca819812f7c370c2:PCAP:capture_20260430050001:8868731bf8a4	SESSION-ca819812f7c370c2 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:0c15eb22a5d3	flow:0c15eb22a5d3 → host:177.10.236.209 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0f20859a8cab5c7a:host:172.234.197.23	SESSION-0f20859a8cab5c7a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-95229c7c61064646:host:172.234.197.23	SESSION-95229c7c61064646 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-34b8eff946ae371a:host:131.196.28.170	SESSION-34b8eff946ae371a → host:131.196.28.170
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa0d5d025ae2ba4d:host:172.234.197.23	SESSION-aa0d5d025ae2ba4d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fad613e75ea639b5:SESSION-fad613e75ea639b5	SESSION-fad613e75ea639b5 → pe:tls:SESSION-fad613e75ea639b5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9db977289667177f:host:177.10.234.96:host:172.234.197.23	SESSION-9db977289667177f → host:177.10.234.96 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2a19838102931ca6:flow:023c06168fdb	SESSION-2a19838102931ca6 → flow:023c06168fdb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc58620ced71d747:SESSION-cc58620ced71d747	SESSION-cc58620ced71d747 → pe:tls:SESSION-cc58620ced71d747
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aec4f33b062c0e6b:host:136.243.57.208	SESSION-aec4f33b062c0e6b → host:136.243.57.208
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf132b40533c7dcc:flow:3cd87ec6e33e	SESSION-bf132b40533c7dcc → flow:3cd87ec6e33e
FLOW_QUERIED_DNSOBS	e:fd:flow:58c76ba5674f:dns:172-234-197-23.ip.linodeusercontent.com	flow:58c76ba5674f → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c54b7fde1829c775:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c54b7fde1829c775 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34c02a09bd1ab4d1:host:172.234.197.23	SESSION-34c02a09bd1ab4d1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-db1ee555567b9b22:host:131.196.28.234	SESSION-db1ee555567b9b22 → host:131.196.28.234
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1110d6d36f6ebd42:SESSION-1110d6d36f6ebd42	SESSION-1110d6d36f6ebd42 → pe:syn:SESSION-1110d6d36f6ebd42
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d6c92d9b97cea9da:SESSION-d6c92d9b97cea9da	SESSION-d6c92d9b97cea9da → pe:syn:SESSION-d6c92d9b97cea9da
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8e6988ed77a3d110:host:131.196.30.13:host:172.234.197.23	SESSION-8e6988ed77a3d110 → host:131.196.30.13 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.173:asn:273470	host:45.173.156.173 → asn:273470
FLOW_DST_PORTOBS	e:fp:flow:ba34db124ffc:port:tcp:239	flow:ba34db124ffc → port:tcp:239
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-675cba805cfc6bb8:SESSION-675cba805cfc6bb8	SESSION-675cba805cfc6bb8 → pe:syn:SESSION-675cba805cfc6bb8
FLOW_DST_PORTOBS	e:fp:flow:43a1a1f1a713:port:tcp:443	flow:43a1a1f1a713 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-098ed7054a17b347:host:172.234.197.23	SESSION-098ed7054a17b347 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6b4b9c738c314ebf:flow:e6b7da900ca4	SESSION-6b4b9c738c314ebf → flow:e6b7da900ca4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a437e2422713bf06:host:172.234.197.23:host:177.10.236.245	SESSION-a437e2422713bf06 → host:172.234.197.23 → host:177.10.236.245
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9e4489cf6c262aa3:SESSION-9e4489cf6c262aa3	SESSION-9e4489cf6c262aa3 → pe:syn:SESSION-9e4489cf6c262aa3
FLOW_DST_PORTOBS	e:fp:flow:eeea191af78d:port:tcp:512	flow:eeea191af78d → port:tcp:512
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-97bd7f793ae0ea11:host:45.173.156.159:host:172.234.197.23	SESSION-97bd7f793ae0ea11 → host:45.173.156.159 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a0468409f112:port:tcp:443	flow:a0468409f112 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f34bafe5f2be5770:flow:555248b9d27b	SESSION-f34bafe5f2be5770 → flow:555248b9d27b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-13906a0b4b02de94:host:37.221.79.63	SESSION-13906a0b4b02de94 → host:37.221.79.63
FLOW_FROM_HOSTOBS	e:from:SESSION-6617d8dfad1357d9:host:45.173.156.95	SESSION-6617d8dfad1357d9 → host:45.173.156.95
FLOW_FROM_HOSTOBS	e:from:SESSION-afde502531c1ddca:host:45.173.156.183	SESSION-afde502531c1ddca → host:45.173.156.183
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b65436b870ef703a:SESSION-b65436b870ef703a	SESSION-b65436b870ef703a → pe:syn:SESSION-b65436b870ef703a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a8376f0f57e00ff1:SESSION-a8376f0f57e00ff1	SESSION-a8376f0f57e00ff1 → pe:syn:SESSION-a8376f0f57e00ff1
FLOW_TLS_SNIOBS	e:fs:flow:935c0ab7e069:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:935c0ab7e069 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3ba165dc958434de:flow:b296d0de8ba2	SESSION-3ba165dc958434de → flow:b296d0de8ba2
FLOW_TO_HOSTOBS	e:to:SESSION-656bb895abc59727:host:172.234.197.23	SESSION-656bb895abc59727 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a7b3f412ee893afd:SESSION-a7b3f412ee893afd	SESSION-a7b3f412ee893afd → pe:tls:SESSION-a7b3f412ee893afd
flow_observed5-aryOBS	e:fo:flow:7e6d2a7769d6	flow:7e6d2a7769d6 → host:177.10.239.235 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-c4e9a3a3a63cdb2e:host:172.234.197.23	SESSION-c4e9a3a3a63cdb2e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23264de44b7cb73c:host:131.196.29.122	SESSION-23264de44b7cb73c → host:131.196.29.122
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-52c764b77552a86d:SESSION-52c764b77552a86d	SESSION-52c764b77552a86d → pe:syn:SESSION-52c764b77552a86d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-941b4a1386b7be8f:host:177.10.238.90	SESSION-941b4a1386b7be8f → host:177.10.238.90
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e08dddd9edfa5277:host:131.196.31.84	SESSION-e08dddd9edfa5277 → host:131.196.31.84
FLOW_DST_PORTOBS	e:fp:flow:f0576135d180:port:tcp:50614	flow:f0576135d180 → port:tcp:50614
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3fd74aeb66a6a85e:flow:964813f28710	SESSION-3fd74aeb66a6a85e → flow:964813f28710
FLOW_TO_HOSTOBS	e:to:SESSION-2a19838102931ca6:host:172.234.197.23	SESSION-2a19838102931ca6 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37dea09d598a2ad1:PCAP:capture_20260430050001:8868731bf8a4	SESSION-37dea09d598a2ad1 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-04737cadee3282a6:host:131.196.31.60	SESSION-04737cadee3282a6 → host:131.196.31.60
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6490de849a8e5020:host:185.231.226.202:host:172.234.197.23	SESSION-6490de849a8e5020 → host:185.231.226.202 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-86afdd078b90270f:PCAP:capture_20260430150001:ded20914761d	SESSION-86afdd078b90270f → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f04e938497dcf32a:host:172.234.197.23	SESSION-f04e938497dcf32a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9bc5f3d34b7b8244:host:177.10.235.150	SESSION-9bc5f3d34b7b8244 → host:177.10.235.150
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7c506d9600407809:host:177.10.234.236:host:172.234.197.23	SESSION-7c506d9600407809 → host:177.10.234.236 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fddb1520b60b4e20:flow:c7f74b0fa92a	SESSION-fddb1520b60b4e20 → flow:c7f74b0fa92a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5f147f2227c6d965:flow:a30010932181	SESSION-5f147f2227c6d965 → flow:a30010932181
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5f6c80d4cd630a20:SESSION-5f6c80d4cd630a20	SESSION-5f6c80d4cd630a20 → pe:tls:SESSION-5f6c80d4cd630a20
flow_observed5-aryOBS	e:fo:flow:a7d103cc9c4d	flow:a7d103cc9c4d → host:104.28.202.77 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-161fb053b15bb516:flow:86aa11a315d0	SESSION-161fb053b15bb516 → flow:86aa11a315d0
FLOW_TO_HOSTOBS	e:to:SESSION-208c35e6fa834cd1:host:172.234.197.23	SESSION-208c35e6fa834cd1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-310c82c2a589a705:SESSION-310c82c2a589a705	SESSION-310c82c2a589a705 → pe:syn:SESSION-310c82c2a589a705
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7ed3cc3ecfbc3d3c:SESSION-7ed3cc3ecfbc3d3c	SESSION-7ed3cc3ecfbc3d3c → pe:syn:SESSION-7ed3cc3ecfbc3d3c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-911659ba7d4041d9:flow:47327e57a845	SESSION-911659ba7d4041d9 → flow:47327e57a845
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22bb8f06cde321ca:host:45.173.156.229	SESSION-22bb8f06cde321ca → host:45.173.156.229
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a58d8beb20a4c9e1:host:172.234.197.23	SESSION-a58d8beb20a4c9e1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1eb9812de4c91c82:SESSION-1eb9812de4c91c82	SESSION-1eb9812de4c91c82 → pe:tls:SESSION-1eb9812de4c91c82
FLOW_DST_PORTOBS	e:fp:flow:20b420a6068e:port:tcp:443	flow:20b420a6068e → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:924a996c5dd9:port:tcp:27649	flow:924a996c5dd9 → port:tcp:27649
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e316662e5f9d5ce:host:131.196.30.143	SESSION-2e316662e5f9d5ce → host:131.196.30.143
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8c1a20baa14a0758:SESSION-8c1a20baa14a0758	SESSION-8c1a20baa14a0758 → pe:tls:SESSION-8c1a20baa14a0758
flow_observed5-aryOBS	e:fo:flow:f3d64f6abe2d	flow:f3d64f6abe2d → host:45.145.152.104 → host:172.234.197.23 → port:tcp:80 → svc:http
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.223:geo_41.02140_28.99480	host:185.231.226.223 → geo_41.02140_28.99480
FLOW_DST_PORTOBS	e:fp:flow:0d33aea872dc:port:tcp:443	flow:0d33aea872dc → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-ff374888c4809584:host:177.10.236.0	SESSION-ff374888c4809584 → host:177.10.236.0
flow_observed4-aryOBS	e:fo:flow:93e9d451b334	flow:93e9d451b334 → host:172.234.197.23 → host:177.10.233.230 → port:tcp:8229
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-78704dd999ae95fc:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-78704dd999ae95fc → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:3bf5d6577914:port:tcp:23	flow:3bf5d6577914 → port:tcp:23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c76cb7a55699fff8:host:172.234.197.23	SESSION-c76cb7a55699fff8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e50198195b1abda9:host:172.234.197.23	SESSION-e50198195b1abda9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8d0bef7920d84e31:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8d0bef7920d84e31 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e26c73b3a0fde5e3:host:131.196.29.53:host:172.234.197.23	SESSION-e26c73b3a0fde5e3 → host:131.196.29.53 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e9e5b45e575f3797:host:172.234.197.23:host:177.10.232.97	SESSION-e9e5b45e575f3797 → host:172.234.197.23 → host:177.10.232.97
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-42d2a5353a30deb6:host:177.10.238.152:host:172.234.197.23	SESSION-42d2a5353a30deb6 → host:177.10.238.152 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d31cb6e546f767b7:flow:9e3b10c8440c	SESSION-d31cb6e546f767b7 → flow:9e3b10c8440c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-19ae824852752386:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-19ae824852752386 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.55:asn:262880	host:177.10.232.55 → asn:262880
flow_observed5-aryOBS	e:fo:flow:92d87b4a1082	flow:92d87b4a1082 → host:177.10.234.144 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-992ac29a78433ae4:SESSION-992ac29a78433ae4	SESSION-992ac29a78433ae4 → pe:tls:SESSION-992ac29a78433ae4
FLOW_FROM_HOSTOBS	e:from:SESSION-bcb514f388fb99c6:host:177.10.235.186	SESSION-bcb514f388fb99c6 → host:177.10.235.186
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7139746cbd677852:host:45.173.156.34:host:172.234.197.23	SESSION-7139746cbd677852 → host:45.173.156.34 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.129:geo_-23.62930_-46.63510	host:131.196.31.129 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa4dbd42e40690e9:SESSION-aa4dbd42e40690e9	SESSION-aa4dbd42e40690e9 → pe:tls:SESSION-aa4dbd42e40690e9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ec86a4c74825774a:SESSION-ec86a4c74825774a	SESSION-ec86a4c74825774a → pe:tls:SESSION-ec86a4c74825774a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e8105cbb514d7cf:host:172.234.197.23	SESSION-2e8105cbb514d7cf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48726e3ec935fccb:host:2.57.121.112	SESSION-48726e3ec935fccb → host:2.57.121.112
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-86f90a53110dcf25:flow:e31aa8f495d5	SESSION-86f90a53110dcf25 → flow:e31aa8f495d5
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.216:asn:262880	host:177.10.234.216 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.70:asn:262880	host:177.10.238.70 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b69e4016453478aa:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b69e4016453478aa → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:05fb2af39457	flow:05fb2af39457 → host:177.10.238.125 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-2eb15df038685c53:host:104.28.234.79	SESSION-2eb15df038685c53 → host:104.28.234.79
FLOW_FROM_HOSTOBS	e:from:SESSION-57d2db6c2c177c2e:host:177.10.237.138	SESSION-57d2db6c2c177c2e → host:177.10.237.138
FLOW_TO_HOSTOBS	e:to:SESSION-537378f36f2f8a26:host:172.234.197.23	SESSION-537378f36f2f8a26 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-49fc7ea897578489:SESSION-49fc7ea897578489	SESSION-49fc7ea897578489 → pe:syn:SESSION-49fc7ea897578489
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-12b2fb0a733c24b6:SESSION-12b2fb0a733c24b6	SESSION-12b2fb0a733c24b6 → pe:tls:SESSION-12b2fb0a733c24b6
FLOW_DST_PORTOBS	e:fp:flow:0269809e9208:port:tcp:443	flow:0269809e9208 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.175:geo_-16.28860_-49.01640	host:177.10.235.175 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a16085aea35a1403:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a16085aea35a1403 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-144e16262f6e2a62:host:172.234.197.23	SESSION-144e16262f6e2a62 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-34da31e596580b61:host:172.234.197.23:host:177.10.235.46	SESSION-34da31e596580b61 → host:172.234.197.23 → host:177.10.235.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4385c2f73c2ee0db:SESSION-4385c2f73c2ee0db	SESSION-4385c2f73c2ee0db → pe:syn:SESSION-4385c2f73c2ee0db
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f30fa3bd65a965fa:SESSION-f30fa3bd65a965fa	SESSION-f30fa3bd65a965fa → pe:tls:SESSION-f30fa3bd65a965fa
flow_observed5-aryOBS	e:fo:flow:e762cb0e4cde	flow:e762cb0e4cde → host:177.10.236.196 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-087551762f1417e7:PCAP:capture_20260430090001:065659c7d314	SESSION-087551762f1417e7 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.59:geo_-16.28860_-49.01640	host:177.10.232.59 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3e5a346c4f0315a5:SESSION-3e5a346c4f0315a5	SESSION-3e5a346c4f0315a5 → pe:syn:SESSION-3e5a346c4f0315a5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ed59d63ff912d69c:host:177.10.238.50:host:172.234.197.23	SESSION-ed59d63ff912d69c → host:177.10.238.50 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69a0e56e6767912e:host:131.196.31.146	SESSION-69a0e56e6767912e → host:131.196.31.146
FLOW_FROM_HOSTOBS	e:from:SESSION-9f10bcf378efcbb9:host:177.10.239.199	SESSION-9f10bcf378efcbb9 → host:177.10.239.199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2632ba515271ea31:host:172.234.197.23	SESSION-2632ba515271ea31 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a7f859cb03c026fc:SESSION-a7f859cb03c026fc	SESSION-a7f859cb03c026fc → pe:syn:SESSION-a7f859cb03c026fc
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.229:asn:262880	host:177.10.239.229 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-637d01fb7fe8b725:flow:3c10ce58d99a	SESSION-637d01fb7fe8b725 → flow:3c10ce58d99a
FLOW_DST_PORTOBS	e:fp:flow:075d88a58c71:port:tcp:64543	flow:075d88a58c71 → port:tcp:64543
flow_observed4-aryOBS	e:fo:flow:7b82ba7177f8	flow:7b82ba7177f8 → host:172.234.197.23 → host:131.196.30.184 → port:tcp:1128
FLOW_DST_PORTOBS	e:fp:flow:a57a86bd2d87:port:tcp:443	flow:a57a86bd2d87 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:4cb1cab3440e	flow:4cb1cab3440e → host:177.10.234.236 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-6010f1ab3b1ee9c7:SESSION-6010f1ab3b1ee9c7	SESSION-6010f1ab3b1ee9c7 → pe:rst:SESSION-6010f1ab3b1ee9c7
flow_observed4-aryOBS	e:fo:flow:18b935d78c07	flow:18b935d78c07 → host:172.234.197.23 → host:131.196.28.216 → port:tcp:17824
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d55d0fcf91e9ec79:host:177.10.237.192:host:172.234.197.23	SESSION-d55d0fcf91e9ec79 → host:177.10.237.192 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6c0d18b24ee9d3d4:SESSION-6c0d18b24ee9d3d4	SESSION-6c0d18b24ee9d3d4 → pe:syn:SESSION-6c0d18b24ee9d3d4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf8660b1b7ea6f50:host:172.234.197.23:host:131.196.28.241	SESSION-bf8660b1b7ea6f50 → host:172.234.197.23 → host:131.196.28.241
FLOW_DST_PORTOBS	e:fp:flow:1e6d3fc93a23:port:tcp:443	flow:1e6d3fc93a23 → port:tcp:443
FLOW_TLS_SNIOBS	e:fs:flow:2c788cfe0774:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:2c788cfe0774 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-2daf8cded5fb19ed:host:172.234.197.23	SESSION-2daf8cded5fb19ed → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5cdb2ff7fda09377:host:54.201.215.37	SESSION-5cdb2ff7fda09377 → host:54.201.215.37
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e391b214be46ad73:flow:6c589b7c75b1	SESSION-e391b214be46ad73 → flow:6c589b7c75b1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-954029bd3fad39c7:host:172.234.197.23:host:177.10.237.122	SESSION-954029bd3fad39c7 → host:172.234.197.23 → host:177.10.237.122
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:147.135.97.222:geo_38.88090_-77.30080	host:147.135.97.222 → geo_38.88090_-77.30080
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-abff9bfe6a29f0b5:flow:c3e3260e9cc0	SESSION-abff9bfe6a29f0b5 → flow:c3e3260e9cc0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-31e4a260829c636e:host:177.10.238.29:host:172.234.197.23	SESSION-31e4a260829c636e → host:177.10.238.29 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73bdc276c5a845ed:host:172.234.197.23	SESSION-73bdc276c5a845ed → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-40e0d0b129f437fd:SESSION-40e0d0b129f437fd	SESSION-40e0d0b129f437fd → pe:rst:SESSION-40e0d0b129f437fd
FLOW_TO_HOSTOBS	e:to:SESSION-3a3baa467b71ba10:host:172.234.197.23	SESSION-3a3baa467b71ba10 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a2005509481f3ca7:SESSION-a2005509481f3ca7	SESSION-a2005509481f3ca7 → pe:tls:SESSION-a2005509481f3ca7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-718be43f3a8e9f39:SESSION-718be43f3a8e9f39	SESSION-718be43f3a8e9f39 → pe:syn:SESSION-718be43f3a8e9f39
flow_observed5-aryOBS	e:fo:flow:f20bf7e667e6	flow:f20bf7e667e6 → host:177.10.235.250 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cddf604912330e1b:host:172.234.197.23	SESSION-cddf604912330e1b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0b6a2a1033b9:port:tcp:10009	flow:0b6a2a1033b9 → port:tcp:10009
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.141:asn:262880	host:177.10.233.141 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-d2e29524ed5dcc05:host:172.234.197.23	SESSION-d2e29524ed5dcc05 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-342ba7535c6572a7:SESSION-342ba7535c6572a7	SESSION-342ba7535c6572a7 → pe:tls:SESSION-342ba7535c6572a7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-151e53ee3004033b:host:177.10.234.9:host:172.234.197.23	SESSION-151e53ee3004033b → host:177.10.234.9 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b197d648fac856a7:host:172.234.197.23	SESSION-b197d648fac856a7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-38fb62728f2b5e64:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-38fb62728f2b5e64 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-295c5f4e2a8126b8:SESSION-295c5f4e2a8126b8	SESSION-295c5f4e2a8126b8 → pe:syn:SESSION-295c5f4e2a8126b8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e77738dbb03f9aec:host:172.234.197.23	SESSION-e77738dbb03f9aec → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7ed3cc3ecfbc3d3c:host:172.234.197.23	SESSION-7ed3cc3ecfbc3d3c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-161fb053b15bb516:SESSION-161fb053b15bb516	SESSION-161fb053b15bb516 → pe:syn:SESSION-161fb053b15bb516
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8663c7c8fd51be8d:SESSION-8663c7c8fd51be8d	SESSION-8663c7c8fd51be8d → pe:syn:SESSION-8663c7c8fd51be8d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-793a524af1982647:PCAP:capture_20260428020001:ce87acd1c162	SESSION-793a524af1982647 → PCAP:capture_20260428020001:ce87acd1c162
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2a2cae37d21287a7:SESSION-2a2cae37d21287a7	SESSION-2a2cae37d21287a7 → pe:tls:SESSION-2a2cae37d21287a7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cac3103b39cc2b1a:SESSION-cac3103b39cc2b1a	SESSION-cac3103b39cc2b1a → pe:syn:SESSION-cac3103b39cc2b1a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.164:asn:262880	host:177.10.232.164 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0c6698f170085be7:host:172.234.197.23:host:177.10.237.248	SESSION-0c6698f170085be7 → host:172.234.197.23 → host:177.10.237.248
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d0246a8b70a825de:host:131.196.29.224:host:172.234.197.23	SESSION-d0246a8b70a825de → host:131.196.29.224 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:eeb87832b420:port:tcp:443	flow:eeb87832b420 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-c74fe87f9177e103:host:131.196.31.225	SESSION-c74fe87f9177e103 → host:131.196.31.225
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca819812f7c370c2:host:172.234.197.23	SESSION-ca819812f7c370c2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f6ad5e06ec5a3a76:host:172.234.197.23	SESSION-f6ad5e06ec5a3a76 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.236:geo_-16.28860_-49.01640	host:177.10.237.236 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ddf07020985eed3:SESSION-2ddf07020985eed3	SESSION-2ddf07020985eed3 → pe:syn:SESSION-2ddf07020985eed3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b203844c0afbb25:host:172.234.197.23	SESSION-5b203844c0afbb25 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a17e20e34301cc9:flow:1dab4caf120b	SESSION-4a17e20e34301cc9 → flow:1dab4caf120b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.161:asn:262880	host:177.10.238.161 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0485ecaf8e8edab:host:177.10.238.16	SESSION-d0485ecaf8e8edab → host:177.10.238.16
FLOW_TO_HOSTOBS	e:to:SESSION-2edb1208bb0bd400:host:131.196.30.39	SESSION-2edb1208bb0bd400 → host:131.196.30.39
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5fa5716fea2946da:SESSION-5fa5716fea2946da	SESSION-5fa5716fea2946da → pe:tls:SESSION-5fa5716fea2946da
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.37:geo_-16.28860_-49.01640	host:177.10.236.37 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.147:geo_-23.62930_-46.63510	host:131.196.28.147 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:35ff38a37805:port:tcp:443	flow:35ff38a37805 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-62151f99a31dc755:SESSION-62151f99a31dc755	SESSION-62151f99a31dc755 → pe:syn:SESSION-62151f99a31dc755
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5ce88726966df20e:SESSION-5ce88726966df20e	SESSION-5ce88726966df20e → pe:syn:SESSION-5ce88726966df20e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-537378f36f2f8a26:host:45.173.156.99:host:172.234.197.23	SESSION-537378f36f2f8a26 → host:45.173.156.99 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.148:asn:262880	host:177.10.232.148 → asn:262880
flow_observed4-aryOBS	e:fo:flow:acc28689c530	flow:acc28689c530 → host:172.234.197.23 → host:177.10.239.137 → port:tcp:32333
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a904c233015ef9c:host:177.10.236.166	SESSION-4a904c233015ef9c → host:177.10.236.166
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-befc987f4c77d80c:BSG-BEACON-61380c9a629a	SESSION-befc987f4c77d80c → BSG-BEACON-61380c9a629a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5bd73118ac3f9f7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b5bd73118ac3f9f7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:10aedd4ec233	flow:10aedd4ec233 → host:45.173.156.37 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c55eb6f1c0bb6137:host:172.232.0.16	SESSION-c55eb6f1c0bb6137 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95229c7c61064646:host:177.10.233.70	SESSION-95229c7c61064646 → host:177.10.233.70
FLOW_TO_HOSTOBS	e:to:SESSION-7e12300b6212ab14:host:172.234.197.23	SESSION-7e12300b6212ab14 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b67c661cd116	flow:b67c661cd116 → host:177.10.235.64 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6bdebc30581f3c5f:SESSION-6bdebc30581f3c5f	SESSION-6bdebc30581f3c5f → pe:syn:SESSION-6bdebc30581f3c5f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.249:geo_-16.28860_-49.01640	host:177.10.238.249 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-c876d9731eec34af:host:172.234.197.23	SESSION-c876d9731eec34af → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-528b3497658f46ec:host:172.234.197.23	SESSION-528b3497658f46ec → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6242cf24a2978d6d:SESSION-6242cf24a2978d6d	SESSION-6242cf24a2978d6d → pe:tls:SESSION-6242cf24a2978d6d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8e3ae4e48a37cfd6:SESSION-8e3ae4e48a37cfd6	SESSION-8e3ae4e48a37cfd6 → pe:syn:SESSION-8e3ae4e48a37cfd6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-efb89dcd313d4029:host:172.234.197.23	SESSION-efb89dcd313d4029 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9e15ab26c418:port:tcp:26480	flow:9e15ab26c418 → port:tcp:26480
FLOW_TO_HOSTOBS	e:to:SESSION-997b652ef378c5d4:host:131.196.29.80	SESSION-997b652ef378c5d4 → host:131.196.29.80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-06ba851c038c998a:SESSION-06ba851c038c998a	SESSION-06ba851c038c998a → pe:tls:SESSION-06ba851c038c998a
FLOW_FROM_HOSTOBS	e:from:SESSION-62e68b494cd2572d:host:172.234.197.23	SESSION-62e68b494cd2572d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0ef3697a55617fe8:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0ef3697a55617fe8 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7aec1fe7f0c7787b:SESSION-7aec1fe7f0c7787b	SESSION-7aec1fe7f0c7787b → pe:syn:SESSION-7aec1fe7f0c7787b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f49d888fd824b97a:SESSION-f49d888fd824b97a	SESSION-f49d888fd824b97a → pe:tls:SESSION-f49d888fd824b97a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.216:geo_-16.28860_-49.01640	host:177.10.236.216 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f496191c2c04cb7e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-f496191c2c04cb7e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a516ba4c4f8948a0:SESSION-a516ba4c4f8948a0	SESSION-a516ba4c4f8948a0 → pe:tls:SESSION-a516ba4c4f8948a0
flow_observed4-aryOBS	e:fo:flow:9d5d9e92af7a	flow:9d5d9e92af7a → host:172.234.197.23 → host:131.196.28.90 → port:tcp:62217
FLOW_DST_PORTOBS	e:fp:flow:7bfaaabeaf49:port:udp:53	flow:7bfaaabeaf49 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e512980b1e52beb:host:172.234.197.23	SESSION-7e512980b1e52beb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b654d700a53d4a94:host:177.10.232.225	SESSION-b654d700a53d4a94 → host:177.10.232.225
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b2754fb6a113c6b7:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b2754fb6a113c6b7 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:fa169d87bfaf:port:tcp:443	flow:fa169d87bfaf → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-659e9e20b25ca2e2:SESSION-659e9e20b25ca2e2	SESSION-659e9e20b25ca2e2 → pe:tls:SESSION-659e9e20b25ca2e2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-200a4f7a7e5b3996:host:172.234.197.23	SESSION-200a4f7a7e5b3996 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-66fe61e0e919e0c7:host:131.196.29.76:host:172.234.197.23	SESSION-66fe61e0e919e0c7 → host:131.196.29.76 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-aab351c0be27393b:host:172.234.197.23	SESSION-aab351c0be27393b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5f0044b48e7e1824:host:177.10.234.63	SESSION-5f0044b48e7e1824 → host:177.10.234.63
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ddc324b0d6a8eb6:host:131.196.29.203	SESSION-1ddc324b0d6a8eb6 → host:131.196.29.203
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8bd396f5705de0fe:host:131.196.30.78:host:172.234.197.23	SESSION-8bd396f5705de0fe → host:131.196.30.78 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e15824f9dd78d2b4:host:177.10.235.217	SESSION-e15824f9dd78d2b4 → host:177.10.235.217
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bac5dc0e18d2349f:SESSION-bac5dc0e18d2349f	SESSION-bac5dc0e18d2349f → pe:syn:SESSION-bac5dc0e18d2349f
FLOW_TO_HOSTOBS	e:to:SESSION-738e0b0c3dd2dd03:host:172.234.197.23	SESSION-738e0b0c3dd2dd03 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e632e9ec3b8d735c:flow:3c53acf68acf	SESSION-e632e9ec3b8d735c → flow:3c53acf68acf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-168c4e3df9119bba:host:177.10.234.51	SESSION-168c4e3df9119bba → host:177.10.234.51
FLOW_FROM_HOSTOBS	e:from:SESSION-2d6be65d6480cd7d:host:177.10.237.160	SESSION-2d6be65d6480cd7d → host:177.10.237.160
FLOW_TO_HOSTOBS	e:to:SESSION-24aa07f03f2c2273:host:172.234.197.23	SESSION-24aa07f03f2c2273 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf9e0725ec95e307:PCAP:capture_20260430080001:93f47cc296a4	SESSION-bf9e0725ec95e307 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:f1d2d3e59021	flow:f1d2d3e59021 → host:131.196.29.69 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-38ea28f2e42013a7:host:177.10.237.8	SESSION-38ea28f2e42013a7 → host:177.10.237.8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c6cb018cbd8a763:host:177.10.239.217	SESSION-0c6cb018cbd8a763 → host:177.10.239.217
FLOW_TO_HOSTOBS	e:to:SESSION-1e699a2f9558bf8d:host:172.234.197.23	SESSION-1e699a2f9558bf8d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.251:geo_-16.28860_-49.01640	host:177.10.237.251 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1311876ef555b88e:flow:9609b976f9f0	SESSION-1311876ef555b88e → flow:9609b976f9f0
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.207:asn:271410	host:131.196.30.207 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:a5157ecee7f0:port:tcp:443	flow:a5157ecee7f0 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-a60c132d3a0c7657:host:172.234.197.23	SESSION-a60c132d3a0c7657 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fc59b28fe233796a:host:177.10.238.156	SESSION-fc59b28fe233796a → host:177.10.238.156
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6dd65fa073f3265:host:172.234.197.23	SESSION-b6dd65fa073f3265 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c471169f59e284ee:host:172.234.197.23	SESSION-c471169f59e284ee → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9c0456097f35e54:host:172.234.197.23	SESSION-c9c0456097f35e54 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c0d5ddcdc1fc	flow:c0d5ddcdc1fc → host:95.170.25.31 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-14cb036847147428:host:131.196.30.182:host:172.234.197.23	SESSION-14cb036847147428 → host:131.196.30.182 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3524905b33baacd0:host:172.234.197.23	SESSION-3524905b33baacd0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bb9766ebe449a845:SESSION-bb9766ebe449a845	SESSION-bb9766ebe449a845 → pe:tls:SESSION-bb9766ebe449a845
flow_observed5-aryOBS	e:fo:flow:15d2a905685b	flow:15d2a905685b → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
FLOW_FROM_HOSTOBS	e:from:SESSION-8578034648884afe:host:131.196.29.4	SESSION-8578034648884afe → host:131.196.29.4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-032a0dfc971c5b00:SESSION-032a0dfc971c5b00	SESSION-032a0dfc971c5b00 → pe:syn:SESSION-032a0dfc971c5b00
FLOW_FROM_HOSTOBS	e:from:SESSION-303cd1de44c58c29:host:172.234.197.23	SESSION-303cd1de44c58c29 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-724b8ddf902cc285:host:172.234.197.23	SESSION-724b8ddf902cc285 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f3cf60c38091a57a:flow:50c8e81c7bbb	SESSION-f3cf60c38091a57a → flow:50c8e81c7bbb
FLOW_FROM_HOSTOBS	e:from:SESSION-610b47e21d599964:host:177.10.236.13	SESSION-610b47e21d599964 → host:177.10.236.13
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4c6ce7a55e2ab654:host:177.10.236.130:host:172.234.197.23	SESSION-4c6ce7a55e2ab654 → host:177.10.236.130 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-879f882e46cb6c3f:SESSION-879f882e46cb6c3f	SESSION-879f882e46cb6c3f → pe:syn:SESSION-879f882e46cb6c3f
FLOW_DST_PORTOBS	e:fp:flow:90755bcc0d94:port:tcp:443	flow:90755bcc0d94 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.191:asn:262880	host:177.10.239.191 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:a860b1a17716:port:tcp:213	flow:a860b1a17716 → port:tcp:213
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ee7b628709e11cd4:host:172.234.197.23:host:177.10.234.186	SESSION-ee7b628709e11cd4 → host:172.234.197.23 → host:177.10.234.186
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.51:geo_19.07480_72.88560	host:45.145.152.51 → geo_19.07480_72.88560
flow_observed4-aryOBS	e:fo:flow:b242b62ec151	flow:b242b62ec151 → host:172.234.197.23 → host:177.10.237.161 → port:tcp:53188
flow_observed4-aryOBS	e:fo:flow:a25ac9fa913a	flow:a25ac9fa913a → host:172.234.197.23 → host:177.10.237.49 → port:tcp:11213
flow_observed5-aryOBS	e:fo:flow:1813f51dfd27	flow:1813f51dfd27 → host:177.10.239.148 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-deef720c855898df:host:177.10.234.126	SESSION-deef720c855898df → host:177.10.234.126
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-baf09a66da0e4962:host:177.10.239.213:host:172.234.197.23	SESSION-baf09a66da0e4962 → host:177.10.239.213 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e47cd7d3b6c5e00d:host:172.234.197.23:host:177.10.237.221	SESSION-e47cd7d3b6c5e00d → host:172.234.197.23 → host:177.10.237.221
FLOW_TO_HOSTOBS	e:to:SESSION-520789f72dcf866a:host:172.234.197.23	SESSION-520789f72dcf866a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dae3e228e98c74e4:flow:42884a63293f	SESSION-dae3e228e98c74e4 → flow:42884a63293f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-69a0e56e6767912e:SESSION-69a0e56e6767912e	SESSION-69a0e56e6767912e → pe:tls:SESSION-69a0e56e6767912e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-11a1cfec66708475:host:177.10.238.221:host:172.234.197.23	SESSION-11a1cfec66708475 → host:177.10.238.221 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1fdaf54c444b72c0:host:172.234.197.23:host:131.196.30.19	SESSION-1fdaf54c444b72c0 → host:172.234.197.23 → host:131.196.30.19
FLOW_FROM_HOSTOBS	e:from:SESSION-ee7b628709e11cd4:host:172.234.197.23	SESSION-ee7b628709e11cd4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0a918f52003c304f:host:185.231.226.253	SESSION-0a918f52003c304f → host:185.231.226.253
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.161:asn:262880	host:177.10.235.161 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-1b9f91f77c860b7c:host:172.234.197.23	SESSION-1b9f91f77c860b7c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.107:asn:262880	host:177.10.232.107 → asn:262880
flow_observed4-aryOBS	e:fo:flow:0fd68f9b352a	flow:0fd68f9b352a → host:172.234.197.23 → host:131.196.30.150 → port:tcp:5408
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-361b290e75b75885:flow:b01957630e90	SESSION-361b290e75b75885 → flow:b01957630e90
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4002f150bb6dd768:SESSION-4002f150bb6dd768	SESSION-4002f150bb6dd768 → pe:tls:SESSION-4002f150bb6dd768
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f320997aa88d5819:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f320997aa88d5819 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5626602f012a6e70:SESSION-5626602f012a6e70	SESSION-5626602f012a6e70 → pe:syn:SESSION-5626602f012a6e70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-993efaa98cc6a9ac:host:172.234.197.23	SESSION-993efaa98cc6a9ac → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c58b004ff38abe14:flow:c3353594435e	SESSION-c58b004ff38abe14 → flow:c3353594435e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.151:geo_-16.28860_-49.01640	host:177.10.238.151 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.101:asn:203771	host:185.231.226.101 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6bbf6176d0f5e38d:host:177.10.234.154	SESSION-6bbf6176d0f5e38d → host:177.10.234.154
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.86:asn:262880	host:177.10.238.86 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-d083da2d95669221:host:172.234.197.23	SESSION-d083da2d95669221 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8806932607856a75:host:172.234.197.23	SESSION-8806932607856a75 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ce217831fb6e1103:SESSION-ce217831fb6e1103	SESSION-ce217831fb6e1103 → pe:tls:SESSION-ce217831fb6e1103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f306c00af6aee0a4:host:172.234.197.23	SESSION-f306c00af6aee0a4 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5e70f5bd0100	flow:5e70f5bd0100 → host:177.10.237.71 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e028dd5dd71b411:host:177.10.237.25	SESSION-1e028dd5dd71b411 → host:177.10.237.25
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-da6e864635febf48:SESSION-da6e864635febf48	SESSION-da6e864635febf48 → pe:syn:SESSION-da6e864635febf48
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78c74ad080075522:host:31.40.196.247	SESSION-78c74ad080075522 → host:31.40.196.247
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a77adff1667c3d1:host:177.10.236.237	SESSION-0a77adff1667c3d1 → host:177.10.236.237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b5f689fd50e4895:host:172.234.197.23	SESSION-8b5f689fd50e4895 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-586aad203217304c:host:172.234.197.23	SESSION-586aad203217304c → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:fc35dfb5ba01	flow:fc35dfb5ba01 → host:172.234.197.23 → host:177.10.233.16 → port:tcp:48669
flow_observed5-aryOBS	e:fo:flow:eb3db027c028	flow:eb3db027c028 → host:177.10.237.108 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-493920f19ab5585b:host:131.196.31.253	SESSION-493920f19ab5585b → host:131.196.31.253
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-38298ff8ded7155d:SESSION-38298ff8ded7155d	SESSION-38298ff8ded7155d → pe:tls:SESSION-38298ff8ded7155d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ae37191400d64fc:SESSION-2ae37191400d64fc	SESSION-2ae37191400d64fc → pe:syn:SESSION-2ae37191400d64fc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b1dfe7de9432473b:flow:29de516052b7	SESSION-b1dfe7de9432473b → flow:29de516052b7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-36abdcc0889b5aa2:PCAP:capture_20260430060001:919b39a74464	SESSION-36abdcc0889b5aa2 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-361f1ea86b9f3cf3:host:172.234.197.23	SESSION-361f1ea86b9f3cf3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2240076057fcee51:host:172.234.197.23	SESSION-2240076057fcee51 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a47ed447671c9b0b:SESSION-a47ed447671c9b0b	SESSION-a47ed447671c9b0b → pe:syn:SESSION-a47ed447671c9b0b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f73bbd477b19c775:host:172.234.197.23	SESSION-f73bbd477b19c775 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ca44e56e93546a2c:host:172.234.197.23	SESSION-ca44e56e93546a2c → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:eab2ca047921	flow:eab2ca047921 → host:172.234.197.23 → host:131.196.31.4 → port:tcp:51229
FLOW_FROM_HOSTOBS	e:from:SESSION-1a8968fd2a11ede8:host:172.234.197.23	SESSION-1a8968fd2a11ede8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-472112a6b5df57cd:host:131.196.29.48	SESSION-472112a6b5df57cd → host:131.196.29.48
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ddc877c0ed3a64ea:SESSION-ddc877c0ed3a64ea	SESSION-ddc877c0ed3a64ea → pe:tls:SESSION-ddc877c0ed3a64ea
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c47e89745eb205fd:flow:6ce2843bcef8	SESSION-c47e89745eb205fd → flow:6ce2843bcef8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ef022cf55a10b05:host:172.234.197.23	SESSION-6ef022cf55a10b05 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:c352d0e74b3b:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:c352d0e74b3b → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd58ba429e3d894b:host:172.234.197.23	SESSION-dd58ba429e3d894b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7063a4bdff0e259c:flow:c9e3ada284c1	SESSION-7063a4bdff0e259c → flow:c9e3ada284c1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4741bb1b7e9e5b0:flow:b77838ce36c8	SESSION-d4741bb1b7e9e5b0 → flow:b77838ce36c8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-605acf1f49534e97:flow:322c92de5b4d	SESSION-605acf1f49534e97 → flow:322c92de5b4d
FLOW_FROM_HOSTOBS	e:from:SESSION-ae2c237b5906e067:host:177.10.239.127	SESSION-ae2c237b5906e067 → host:177.10.239.127
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5cb3d18d192da5f3:host:172.234.197.23:host:177.10.235.86	SESSION-5cb3d18d192da5f3 → host:172.234.197.23 → host:177.10.235.86
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-12096b18b6e78b60:host:185.236.240.137	SESSION-12096b18b6e78b60 → host:185.236.240.137
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c98ee522a60a5600:host:172.234.197.23	SESSION-c98ee522a60a5600 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7f9cc68ffb76114:SESSION-b7f9cc68ffb76114	SESSION-b7f9cc68ffb76114 → pe:tls:SESSION-b7f9cc68ffb76114
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.112:asn:262880	host:177.10.233.112 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5d5d721b5ee8bbbc:flow:3569a5a521df	SESSION-5d5d721b5ee8bbbc → flow:3569a5a521df
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8b9d154eee5d788:host:172.234.197.23	SESSION-c8b9d154eee5d788 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a43b551ff0093c7:flow:6511290d64f1	SESSION-8a43b551ff0093c7 → flow:6511290d64f1
FLOW_FROM_HOSTOBS	e:from:SESSION-9dc3dafcee87c5f7:host:172.234.197.23	SESSION-9dc3dafcee87c5f7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ac6ab160136e0424:SESSION-ac6ab160136e0424	SESSION-ac6ab160136e0424 → pe:tls:SESSION-ac6ab160136e0424
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0634c65493dd9b22:SESSION-0634c65493dd9b22	SESSION-0634c65493dd9b22 → pe:syn:SESSION-0634c65493dd9b22
flow_observed4-aryOBS	e:fo:flow:b3209d10aa76	flow:b3209d10aa76 → host:172.234.197.23 → host:177.10.235.72 → port:tcp:357
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-29f2fc627b4350bb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-29f2fc627b4350bb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-cf669240db189a71:host:172.234.197.23	SESSION-cf669240db189a71 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ab185a89adee30ab:flow:1ed102356031	SESSION-ab185a89adee30ab → flow:1ed102356031
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e6270bfda958738:host:177.10.236.218	SESSION-7e6270bfda958738 → host:177.10.236.218
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-290c9b11e52fd3ba:SESSION-290c9b11e52fd3ba	SESSION-290c9b11e52fd3ba → pe:tls:SESSION-290c9b11e52fd3ba
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.203:asn:271410	host:131.196.29.203 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3df67864d859fde0:SESSION-3df67864d859fde0	SESSION-3df67864d859fde0 → pe:syn:SESSION-3df67864d859fde0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9222c19da42c0aaa:flow:19ae6f68407d	SESSION-9222c19da42c0aaa → flow:19ae6f68407d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-550b52f6103256cd:PCAP:capture_20260430060001:919b39a74464	SESSION-550b52f6103256cd → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-ea2f6118de4330ea:host:172.234.197.23	SESSION-ea2f6118de4330ea → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d083da2d95669221:SESSION-d083da2d95669221	SESSION-d083da2d95669221 → pe:syn:SESSION-d083da2d95669221
FLOW_DST_PORTOBS	e:fp:flow:534064b8a844:port:tcp:65020	flow:534064b8a844 → port:tcp:65020
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e548e1862e666d4:host:172.234.197.23	SESSION-4e548e1862e666d4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a238538ee50c7862:host:172.234.197.23	SESSION-a238538ee50c7862 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d2e29524ed5dcc05:host:172.234.197.23:host:177.10.234.193	SESSION-d2e29524ed5dcc05 → host:172.234.197.23 → host:177.10.234.193
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cfe71d52ef2e928b:host:172.234.197.23	SESSION-cfe71d52ef2e928b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:61ede21d1dc4	flow:61ede21d1dc4 → host:95.170.25.181 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-113354c1b6207940:host:172.234.197.23	SESSION-113354c1b6207940 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64a8475d206a0785:host:177.10.236.115	SESSION-64a8475d206a0785 → host:177.10.236.115
FLOW_DST_PORTOBS	e:fp:flow:2ee4cc406398:port:tcp:34577	flow:2ee4cc406398 → port:tcp:34577
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3f486f528dd93473:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3f486f528dd93473 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-c69fd5cbb3980413:host:177.10.236.219	SESSION-c69fd5cbb3980413 → host:177.10.236.219
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.81:geo_-16.28860_-49.01640	host:177.10.237.81 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.168:asn:262880	host:177.10.233.168 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1311876ef555b88e:host:172.234.197.23:host:172.232.0.16	SESSION-1311876ef555b88e → host:172.234.197.23 → host:172.232.0.16
FLOW_FROM_HOSTOBS	e:from:SESSION-664154a8ce71c549:host:177.10.233.61	SESSION-664154a8ce71c549 → host:177.10.233.61
FLOW_FROM_HOSTOBS	e:from:SESSION-412d8e92812f4ea2:host:177.10.239.129	SESSION-412d8e92812f4ea2 → host:177.10.239.129
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b07a5e743a2061fa:host:131.196.29.209	SESSION-b07a5e743a2061fa → host:131.196.29.209
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e63bd10e327c33f1:host:172.234.197.23	SESSION-e63bd10e327c33f1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a9d5fe3bfafc:port:tcp:443	flow:a9d5fe3bfafc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-21640db65210a47d:SESSION-21640db65210a47d	SESSION-21640db65210a47d → pe:syn:SESSION-21640db65210a47d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8f3823f20b5aa8c6:flow:d65e2ae92c41	SESSION-8f3823f20b5aa8c6 → flow:d65e2ae92c41
flow_observed5-aryOBS	e:fo:flow:ce39f2d1d3cb	flow:ce39f2d1d3cb → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2d407d786bd09817:SESSION-2d407d786bd09817	SESSION-2d407d786bd09817 → pe:syn:SESSION-2d407d786bd09817
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-409f2c106c7c54cc:host:131.196.31.78	SESSION-409f2c106c7c54cc → host:131.196.31.78
FLOW_TO_HOSTOBS	e:to:SESSION-aecaf39909333efc:host:177.10.237.4	SESSION-aecaf39909333efc → host:177.10.237.4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9beaab7062aef373:SESSION-9beaab7062aef373	SESSION-9beaab7062aef373 → pe:syn:SESSION-9beaab7062aef373
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1fc518dfa07303a8:SESSION-1fc518dfa07303a8	SESSION-1fc518dfa07303a8 → pe:syn:SESSION-1fc518dfa07303a8
flow_observed5-aryOBS	e:fo:flow:d4446d793930	flow:d4446d793930 → host:185.231.226.144 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-2460b60c939eb75b:host:172.234.197.23	SESSION-2460b60c939eb75b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.241:asn:262880	host:177.10.235.241 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-33b7a287fd9eafc1:PCAP:capture_20260430150001:ded20914761d	SESSION-33b7a287fd9eafc1 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-739affc996a6fe99:host:177.10.239.253	SESSION-739affc996a6fe99 → host:177.10.239.253
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0427ab07f20fae31:host:131.196.31.46:host:172.234.197.23	SESSION-0427ab07f20fae31 → host:131.196.31.46 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-981fac77dd79326b:flow:9ca610a28dc3	SESSION-981fac77dd79326b → flow:9ca610a28dc3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.8:geo_-16.28860_-49.01640	host:177.10.239.8 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-59de2965684be0b6:host:172.234.197.23	SESSION-59de2965684be0b6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8977638e8d6c6909:host:177.10.239.206	SESSION-8977638e8d6c6909 → host:177.10.239.206
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d678c7d14c2f15db:SESSION-d678c7d14c2f15db	SESSION-d678c7d14c2f15db → pe:syn:SESSION-d678c7d14c2f15db
flow_observed4-aryOBS	e:fo:flow:6654f90df68f	flow:6654f90df68f → host:172.234.197.23 → host:177.10.237.147 → port:tcp:7782
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-320a5544f819c3b7:PCAP:capture_20260430110001:43611bdf6759	SESSION-320a5544f819c3b7 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c315b0bf7f59a30:host:172.234.197.23	SESSION-1c315b0bf7f59a30 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.57:asn:271410	host:131.196.30.57 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.69:asn:271410	host:131.196.30.69 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-70a92a3cd71eafd5:host:177.10.235.34	SESSION-70a92a3cd71eafd5 → host:177.10.235.34
FLOW_TO_HOSTOBS	e:to:SESSION-2aa7e55175462248:host:177.10.234.250	SESSION-2aa7e55175462248 → host:177.10.234.250
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2df4632ec7c2c624:SESSION-2df4632ec7c2c624	SESSION-2df4632ec7c2c624 → pe:syn:SESSION-2df4632ec7c2c624
flow_observed5-aryOBS	e:fo:flow:5ad2ff1940be	flow:5ad2ff1940be → host:37.221.79.239 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_TO_HOSTOBS	e:to:SESSION-4b1f95fcf0f122c7:host:172.234.197.23	SESSION-4b1f95fcf0f122c7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fa6f99be6bce12b0:flow:36f6bcbb2a92	SESSION-fa6f99be6bce12b0 → flow:36f6bcbb2a92
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.233:geo_-16.28860_-49.01640	host:177.10.237.233 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:340449867541	flow:340449867541 → host:177.10.233.222 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77a13185d72dec11:host:177.10.234.156:host:172.234.197.23	SESSION-77a13185d72dec11 → host:177.10.234.156 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-75ac13f212ea06a5:flow:16586d100b1f	SESSION-75ac13f212ea06a5 → flow:16586d100b1f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ab75a0984f628f7a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-ab75a0984f628f7a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:c3621c90336e:port:tcp:443	flow:c3621c90336e → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:13.61.34.23:asn:16509	host:13.61.34.23 → asn:16509
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.211:asn:262880	host:177.10.233.211 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-354d6c0d37a0b016:host:45.173.156.38	SESSION-354d6c0d37a0b016 → host:45.173.156.38
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4c33b44718448cc2:SESSION-4c33b44718448cc2	SESSION-4c33b44718448cc2 → pe:tls:SESSION-4c33b44718448cc2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b854a8a0c04494b2:host:172.234.197.23	SESSION-b854a8a0c04494b2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2811f86b559a674a:flow:d39c7cd1ee50	SESSION-2811f86b559a674a → flow:d39c7cd1ee50
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-669a514c7e7ceed8:PCAP:capture_20260430080001:93f47cc296a4	SESSION-669a514c7e7ceed8 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-925ab2a859ac277f:host:177.10.232.46	SESSION-925ab2a859ac277f → host:177.10.232.46
FLOW_FROM_HOSTOBS	e:from:SESSION-97957d43d677156c:host:172.234.197.23	SESSION-97957d43d677156c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e1dc74fab400:port:tcp:443	flow:e1dc74fab400 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:938135b0a0a2:port:tcp:443	flow:938135b0a0a2 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cf40158902d38ce6:SESSION-cf40158902d38ce6	SESSION-cf40158902d38ce6 → pe:syn:SESSION-cf40158902d38ce6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b61a304f889dfad6:SESSION-b61a304f889dfad6	SESSION-b61a304f889dfad6 → pe:tls:SESSION-b61a304f889dfad6
flow_observed4-aryOBS	e:fo:flow:6e55bb86ccd8	flow:6e55bb86ccd8 → host:172.234.197.23 → host:177.10.235.252 → port:tcp:7730
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-251fcdeeb3ee3f58:host:172.234.197.23	SESSION-251fcdeeb3ee3f58 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f0cdd1d919af3f4a:host:131.196.30.51	SESSION-f0cdd1d919af3f4a → host:131.196.30.51
FLOW_FROM_HOSTOBS	e:from:SESSION-72f157e6b3da81bc:host:45.173.156.11	SESSION-72f157e6b3da81bc → host:45.173.156.11
FLOW_DST_PORTOBS	e:fp:flow:9336642b1396:port:tcp:443	flow:9336642b1396 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-8f59bcaffd8dcae9:host:92.112.71.255	SESSION-8f59bcaffd8dcae9 → host:92.112.71.255
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9338ac17b36dc2c1:flow:305d5fed5670	SESSION-9338ac17b36dc2c1 → flow:305d5fed5670
FLOW_TO_HOSTOBS	e:to:SESSION-afa0e3a30bb0024e:host:131.196.31.240	SESSION-afa0e3a30bb0024e → host:131.196.31.240
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-79349287be3864ac:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-79349287be3864ac → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-63e564f28f734573:host:131.196.28.27:host:172.234.197.23	SESSION-63e564f28f734573 → host:131.196.28.27 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-341cb53ffc41c3af:host:131.196.31.150	SESSION-341cb53ffc41c3af → host:131.196.31.150
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-043f15d6badfcd64:PCAP:capture_20260430080001:93f47cc296a4	SESSION-043f15d6badfcd64 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed4-aryOBS	e:fo:flow:d1769d6cea4e	flow:d1769d6cea4e → host:172.234.197.23 → host:177.10.238.194 → port:tcp:16227
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-314a3839bafadb97:SESSION-314a3839bafadb97	SESSION-314a3839bafadb97 → pe:tls:SESSION-314a3839bafadb97
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9500d9b64493d052:SESSION-9500d9b64493d052	SESSION-9500d9b64493d052 → pe:syn:SESSION-9500d9b64493d052
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.43:asn:262880	host:177.10.237.43 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-28a7ecee4eeacba6:flow:2d91021715d1	SESSION-28a7ecee4eeacba6 → flow:2d91021715d1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-167179e2a869fa22:PCAP:capture_20260430070001:903a0e7a436b	SESSION-167179e2a869fa22 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-586cf5bb6d743be1:SESSION-586cf5bb6d743be1	SESSION-586cf5bb6d743be1 → pe:tls:SESSION-586cf5bb6d743be1
FLOW_FROM_HOSTOBS	e:from:SESSION-8366f626d6b88fcf:host:172.234.197.23	SESSION-8366f626d6b88fcf → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0cf1880561ef:port:tcp:34520	flow:0cf1880561ef → port:tcp:34520
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1684e8254d6d3165:SESSION-1684e8254d6d3165	SESSION-1684e8254d6d3165 → pe:syn:SESSION-1684e8254d6d3165
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.65:geo_-23.62930_-46.63510	host:131.196.30.65 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-af24c7046d264e7e:host:172.234.197.23	SESSION-af24c7046d264e7e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7db2d3f3f113e007:host:177.10.238.44	SESSION-7db2d3f3f113e007 → host:177.10.238.44
FLOW_FROM_HOSTOBS	e:from:SESSION-e67ae3320dee0238:host:177.10.235.65	SESSION-e67ae3320dee0238 → host:177.10.235.65
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.23:asn:271410	host:131.196.30.23 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d9f933822471a5a:host:177.10.236.84	SESSION-8d9f933822471a5a → host:177.10.236.84
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.168:geo_-23.62930_-46.63510	host:131.196.28.168 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-838eea3d6dd669fd:SESSION-838eea3d6dd669fd	SESSION-838eea3d6dd669fd → pe:syn:SESSION-838eea3d6dd669fd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db907559277cbdbb:host:172.234.197.23	SESSION-db907559277cbdbb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ab20216cf3eeb0ee:host:177.10.236.205	SESSION-ab20216cf3eeb0ee → host:177.10.236.205
flow_observed5-aryOBS	e:fo:flow:8e9b6b8e0548	flow:8e9b6b8e0548 → host:131.196.31.33 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.169:geo_41.00190_28.96450	host:92.112.71.169 → geo_41.00190_28.96450
FLOW_DST_PORTOBS	e:fp:flow:38b1bbea26e7:port:tcp:443	flow:38b1bbea26e7 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bca14afee5df98e9:host:131.196.29.60:host:172.234.197.23	SESSION-bca14afee5df98e9 → host:131.196.29.60 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fa49f714001a7a70:SESSION-fa49f714001a7a70	SESSION-fa49f714001a7a70 → pe:tls:SESSION-fa49f714001a7a70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f580f0e619786fa7:host:172.234.197.23	SESSION-f580f0e619786fa7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:65fd82ba3983:port:tcp:46038	flow:65fd82ba3983 → port:tcp:46038
FLOW_FROM_HOSTOBS	e:from:SESSION-868abcdaf084ea7c:host:172.234.197.23	SESSION-868abcdaf084ea7c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bebd9f8afa50544a:flow:05dd83abcaed	SESSION-bebd9f8afa50544a → flow:05dd83abcaed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-15939dedfcffc5e5:host:172.234.197.23	SESSION-15939dedfcffc5e5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:386ff33f19bb:port:tcp:443	flow:386ff33f19bb → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-33b7a287fd9eafc1:flow:81af941cebab	SESSION-33b7a287fd9eafc1 → flow:81af941cebab
FLOW_DST_PORTOBS	e:fp:flow:de8c7a745d46:port:tcp:443	flow:de8c7a745d46 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c59a88aa03340e00:host:172.234.197.23:host:177.10.239.221	SESSION-c59a88aa03340e00 → host:172.234.197.23 → host:177.10.239.221
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0be6cf40df30cb93:host:172.234.197.23	SESSION-0be6cf40df30cb93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa51bce6270c7d63:host:172.234.197.23	SESSION-aa51bce6270c7d63 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dca77cba3fb011ca:host:177.10.238.205	SESSION-dca77cba3fb011ca → host:177.10.238.205
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2b0a36bcb50aee6b:flow:7f0eceff083c	SESSION-2b0a36bcb50aee6b → flow:7f0eceff083c
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.68:asn:262880	host:177.10.239.68 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8432ee5dd236020:host:172.234.197.23	SESSION-d8432ee5dd236020 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.10:asn:262880	host:177.10.237.10 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.57:asn:262880	host:177.10.236.57 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f0bdeae27fd42a89:SESSION-f0bdeae27fd42a89	SESSION-f0bdeae27fd42a89 → pe:tls:SESSION-f0bdeae27fd42a89
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46d2f77cc38b38db:host:172.234.197.23	SESSION-46d2f77cc38b38db → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9eb85eb3deaacc18:SESSION-9eb85eb3deaacc18	SESSION-9eb85eb3deaacc18 → pe:tls:SESSION-9eb85eb3deaacc18
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-43a9f8d54e48850a:host:131.196.31.168	SESSION-43a9f8d54e48850a → host:131.196.31.168
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.58:asn:271410	host:131.196.30.58 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a176047016eec520:PCAP:capture_20260430050001:8868731bf8a4	SESSION-a176047016eec520 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:66e056753fd5:port:tcp:49553	flow:66e056753fd5 → port:tcp:49553
ASN_IN_ORGOBS 80%	e:ao:asn:4718:org:Cyber Kansai Project	asn:4718 → org:Cyber Kansai Project
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c265ba6f34eebd39:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c265ba6f34eebd39 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-6aca00d0413062e5:host:131.196.28.114	SESSION-6aca00d0413062e5 → host:131.196.28.114
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ee8538a8ddcb6ee:host:177.10.239.221	SESSION-7ee8538a8ddcb6ee → host:177.10.239.221
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-59aca44477f61d35:PCAP:capture_20260430110001:43611bdf6759	SESSION-59aca44477f61d35 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:1100b27fc0e7	flow:1100b27fc0e7 → host:131.196.30.176 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4117bfae8d393f9c:flow:b173003c6346	SESSION-4117bfae8d393f9c → flow:b173003c6346
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.170:asn:262880	host:177.10.239.170 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ab61e60544120f5:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8ab61e60544120f5 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:70693ccf5e74	flow:70693ccf5e74 → host:131.196.28.205 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0bf80193393b0fad:host:177.10.233.183	SESSION-0bf80193393b0fad → host:177.10.233.183
FLOW_FROM_HOSTOBS	e:from:SESSION-b91cc7f2039924f2:host:131.196.29.248	SESSION-b91cc7f2039924f2 → host:131.196.29.248
FLOW_FROM_HOSTOBS	e:from:SESSION-53fc35cd2bdb80ce:host:177.10.238.30	SESSION-53fc35cd2bdb80ce → host:177.10.238.30
flow_observed5-aryOBS	e:fo:flow:f37d154a9190	flow:f37d154a9190 → host:177.10.232.69 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dcbceebcfa7feba5:flow:80a6298ed117	SESSION-dcbceebcfa7feba5 → flow:80a6298ed117
FLOW_TO_HOSTOBS	e:to:SESSION-19ae824852752386:host:131.196.28.221	SESSION-19ae824852752386 → host:131.196.28.221
flow_observed5-aryOBS	e:fo:flow:9b4ed8f29561	flow:9b4ed8f29561 → host:131.196.28.242 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:35f22b918404	flow:35f22b918404 → host:136.243.57.208 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.221:geo_-23.62930_-46.63510	host:131.196.29.221 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87edcc7df5436fbe:host:172.234.197.23	SESSION-87edcc7df5436fbe → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3efb69df0be27ca4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3efb69df0be27ca4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-24e3c3c409f2ba92:flow:9a015298b4d0	SESSION-24e3c3c409f2ba92 → flow:9a015298b4d0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-46b3e65e40562e00:PCAP:capture_20260430160001:9bfa4498506a	SESSION-46b3e65e40562e00 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c178d8ef65578b24:SESSION-c178d8ef65578b24	SESSION-c178d8ef65578b24 → pe:syn:SESSION-c178d8ef65578b24
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7172790c1950eaef:flow:7b82ba7177f8	SESSION-7172790c1950eaef → flow:7b82ba7177f8
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.224:asn:262880	host:177.10.235.224 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67ad2a69e8a9ea9e:host:172.234.197.23	SESSION-67ad2a69e8a9ea9e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4c405aff0251	flow:4c405aff0251 → host:131.196.29.53 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c2099dbde4b7ef03:SESSION-c2099dbde4b7ef03	SESSION-c2099dbde4b7ef03 → pe:tls:SESSION-c2099dbde4b7ef03
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5fa5716fea2946da:SESSION-5fa5716fea2946da	SESSION-5fa5716fea2946da → pe:syn:SESSION-5fa5716fea2946da
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0d59ff2f2672e21c:SESSION-0d59ff2f2672e21c	SESSION-0d59ff2f2672e21c → pe:syn:SESSION-0d59ff2f2672e21c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f234671aee206898:host:172.234.197.23	SESSION-f234671aee206898 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5e254158c026:port:tcp:443	flow:5e254158c026 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-62d5a334e1fc9bd1:SESSION-62d5a334e1fc9bd1	SESSION-62d5a334e1fc9bd1 → pe:syn:SESSION-62d5a334e1fc9bd1
FLOW_TO_HOSTOBS	e:to:SESSION-bc4f127cbdf1d5a3:host:172.234.197.23	SESSION-bc4f127cbdf1d5a3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6cbb8d1d16f40477:flow:55b0d3b78c4c	SESSION-6cbb8d1d16f40477 → flow:55b0d3b78c4c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3ca442589a0a5e5d:SESSION-3ca442589a0a5e5d	SESSION-3ca442589a0a5e5d → pe:tls:SESSION-3ca442589a0a5e5d
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.87:asn:271410	host:131.196.28.87 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e806a1e4171599f:SESSION-4e806a1e4171599f	SESSION-4e806a1e4171599f → pe:syn:SESSION-4e806a1e4171599f
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-4b447e1896cf3c7e:BSG-BEACON-135373721785	SESSION-4b447e1896cf3c7e → BSG-BEACON-135373721785
flow_observed4-aryOBS	e:fo:flow:9a334e6dc60d	flow:9a334e6dc60d → host:172.234.197.23 → host:131.196.31.10 → port:tcp:56822
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e7341740ccb6f292:PCAP:capture_20260430110001:43611bdf6759	SESSION-e7341740ccb6f292 → PCAP:capture_20260430110001:43611bdf6759
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.134:geo_-23.62930_-46.63510	host:131.196.30.134 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-78f6342ed3f64031:host:131.196.31.18	SESSION-78f6342ed3f64031 → host:131.196.31.18
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-31836a23201b59b7:flow:e802dd97f0ec	SESSION-31836a23201b59b7 → flow:e802dd97f0ec
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0feaffd55940508b:flow:9c5e84c9804a	SESSION-0feaffd55940508b → flow:9c5e84c9804a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-62b0720ae8fecbf5:SESSION-62b0720ae8fecbf5	SESSION-62b0720ae8fecbf5 → pe:syn:SESSION-62b0720ae8fecbf5
FLOW_DST_PORTOBS	e:fp:flow:c0819e2dfaa1:port:tcp:443	flow:c0819e2dfaa1 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ca10b4490797e89:flow:1366dc593583	SESSION-8ca10b4490797e89 → flow:1366dc593583
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7b679e6887c5a68a:SESSION-7b679e6887c5a68a	SESSION-7b679e6887c5a68a → pe:syn:SESSION-7b679e6887c5a68a
flow_observed5-aryOBS	e:fo:flow:008ea860cb75	flow:008ea860cb75 → host:131.196.30.121 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-27b2c896335b5c16:host:172.234.197.23	SESSION-27b2c896335b5c16 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db62c05acb7f0b0b:SESSION-db62c05acb7f0b0b	SESSION-db62c05acb7f0b0b → pe:tls:SESSION-db62c05acb7f0b0b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c93964ffa7e29d50:host:172.234.197.23	SESSION-c93964ffa7e29d50 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56ec76ae342b7ee6:host:131.196.29.192	SESSION-56ec76ae342b7ee6 → host:131.196.29.192
flow_observed5-aryOBS	e:fo:flow:8fff356c5f0c	flow:8fff356c5f0c → host:177.10.233.148 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f852deb0b74344a0:SESSION-f852deb0b74344a0	SESSION-f852deb0b74344a0 → pe:tls:SESSION-f852deb0b74344a0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ac89834f3c269f55:SESSION-ac89834f3c269f55	SESSION-ac89834f3c269f55 → pe:syn:SESSION-ac89834f3c269f55
FLOW_FROM_HOSTOBS	e:from:SESSION-a27e337d4c0b49f3:host:177.10.235.132	SESSION-a27e337d4c0b49f3 → host:177.10.235.132
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a1525d7a099ba42:host:172.234.197.23	SESSION-5a1525d7a099ba42 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-69d28aa413742c82:host:177.10.236.176	SESSION-69d28aa413742c82 → host:177.10.236.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8feacc6abd2fe08c:host:172.234.197.23	SESSION-8feacc6abd2fe08c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-119f9a3698c24414:host:172.234.197.23	SESSION-119f9a3698c24414 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0dea31b94d7dde57:host:172.234.197.23	SESSION-0dea31b94d7dde57 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-73436bd95d7b2637:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-73436bd95d7b2637 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.192:geo_-16.28860_-49.01640	host:177.10.235.192 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-996c7a5f028b9d80:SESSION-996c7a5f028b9d80	SESSION-996c7a5f028b9d80 → pe:syn:SESSION-996c7a5f028b9d80
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.169:geo_-23.62930_-46.63510	host:131.196.30.169 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:50c8e81c7bbb:port:tcp:443	flow:50c8e81c7bbb → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ef18db4a9eedd9d:flow:8c6f2857ece5	SESSION-2ef18db4a9eedd9d → flow:8c6f2857ece5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0804c956ce93675c:flow:a151816abb36	SESSION-0804c956ce93675c → flow:a151816abb36
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27f108382ab89b5c:host:172.234.197.23	SESSION-27f108382ab89b5c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.234:asn:271410	host:131.196.30.234 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ba642a19e1a643ce:SESSION-ba642a19e1a643ce	SESSION-ba642a19e1a643ce → pe:tls:SESSION-ba642a19e1a643ce
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b679e6887c5a68a:host:177.10.235.85:host:172.234.197.23	SESSION-7b679e6887c5a68a → host:177.10.235.85 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-788920b93ac95b5f:SESSION-788920b93ac95b5f	SESSION-788920b93ac95b5f → pe:tls:SESSION-788920b93ac95b5f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02ee946ab454bede:host:131.196.29.161	SESSION-02ee946ab454bede → host:131.196.29.161
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae99c26bd6d2dd56:host:172.234.197.23	SESSION-ae99c26bd6d2dd56 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b4ed0c7009b8f0d4:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b4ed0c7009b8f0d4 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-924a4e21bceaf0d1:host:177.10.235.120	SESSION-924a4e21bceaf0d1 → host:177.10.235.120
FLOW_DST_PORTOBS	e:fp:flow:f9be4f44f5ed:port:tcp:443	flow:f9be4f44f5ed → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.42:geo_-16.28860_-49.01640	host:177.10.233.42 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96878fba39db06d8:flow:f413e7c103a3	SESSION-96878fba39db06d8 → flow:f413e7c103a3
flow_observed5-aryOBS	e:fo:flow:8d1f402a4c48	flow:8d1f402a4c48 → host:177.10.234.15 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:b968d8524475	flow:b968d8524475 → host:177.10.239.166 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:ace9cb4d5e9d	flow:ace9cb4d5e9d → host:177.10.236.78 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bc4f127cbdf1d5a3:SESSION-bc4f127cbdf1d5a3	SESSION-bc4f127cbdf1d5a3 → pe:tls:SESSION-bc4f127cbdf1d5a3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e50198195b1abda9:SESSION-e50198195b1abda9	SESSION-e50198195b1abda9 → pe:syn:SESSION-e50198195b1abda9
FLOW_DST_PORTOBS	e:fp:flow:32fced2fce95:port:tcp:443	flow:32fced2fce95 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:4e5add2f1c65	flow:4e5add2f1c65 → host:131.196.29.198 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed3-aryOBS	e:fo:flow:c697e487c7c3	flow:c697e487c7c3 → host:13.60.168.200 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e52ff6e3dab6ecf9:host:177.10.238.83:host:172.234.197.23	SESSION-e52ff6e3dab6ecf9 → host:177.10.238.83 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e4de8bcb2f0334a:host:131.196.28.69	SESSION-4e4de8bcb2f0334a → host:131.196.28.69
FLOW_FROM_HOSTOBS	e:from:SESSION-e115bc688365a9e7:host:177.10.239.180	SESSION-e115bc688365a9e7 → host:177.10.239.180
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5a9915da62b53f74:flow:afa4794a1a01	SESSION-5a9915da62b53f74 → flow:afa4794a1a01
FLOW_DST_PORTOBS	e:fp:flow:5cc135c6f42c:port:tcp:443	flow:5cc135c6f42c → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1e6437ba0c2aceec:flow:a30bb5948cc0	SESSION-1e6437ba0c2aceec → flow:a30bb5948cc0
FLOW_TO_HOSTOBS	e:to:SESSION-be2d81a12844874f:host:172.234.197.23	SESSION-be2d81a12844874f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c184642b13b6de27:host:177.10.239.2	SESSION-c184642b13b6de27 → host:177.10.239.2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5e9dc14d87b5185c:SESSION-5e9dc14d87b5185c	SESSION-5e9dc14d87b5185c → pe:syn:SESSION-5e9dc14d87b5185c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-561fca01c9d6b351:host:131.196.30.72	SESSION-561fca01c9d6b351 → host:131.196.30.72
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9ffa027db374a629:host:172.234.197.23:host:177.10.233.233	SESSION-9ffa027db374a629 → host:172.234.197.23 → host:177.10.233.233
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a117da50f6c2c30f:flow:4520e47e28d0	SESSION-a117da50f6c2c30f → flow:4520e47e28d0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-032a0dfc971c5b00:host:177.10.232.180	SESSION-032a0dfc971c5b00 → host:177.10.232.180
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b9f10142199cea9c:SESSION-b9f10142199cea9c	SESSION-b9f10142199cea9c → pe:tls:SESSION-b9f10142199cea9c
flow_observed4-aryOBS	e:fo:flow:4c33618c52a6	flow:4c33618c52a6 → host:172.234.197.23 → host:45.173.156.3 → port:tcp:16127
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ae8012f8306fedb:SESSION-6ae8012f8306fedb	SESSION-6ae8012f8306fedb → pe:syn:SESSION-6ae8012f8306fedb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4ef3ba231e3ca4d6:PCAP:capture_20260428010001:b1b402c7b202	SESSION-4ef3ba231e3ca4d6 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1a136c944084425c:PCAP:capture_20260430150001:ded20914761d	SESSION-1a136c944084425c → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:36a71c0eb0ea:port:tcp:443	flow:36a71c0eb0ea → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-f750867699c9a944:SESSION-f750867699c9a944	SESSION-f750867699c9a944 → pe:dns:SESSION-f750867699c9a944
FLOW_FROM_HOSTOBS	e:from:SESSION-4f2a561db8449259:host:172.234.197.23	SESSION-4f2a561db8449259 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a3643dbad405bac1:host:131.196.28.28	SESSION-a3643dbad405bac1 → host:131.196.28.28
flow_observed4-aryOBS	e:fo:flow:92c68a9e0443	flow:92c68a9e0443 → host:172.234.197.23 → host:177.10.238.218 → port:tcp:29248
FLOW_FROM_HOSTOBS	e:from:SESSION-4dcbfb7362ab6402:host:177.10.238.209	SESSION-4dcbfb7362ab6402 → host:177.10.238.209
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-75ac13f212ea06a5:SESSION-75ac13f212ea06a5	SESSION-75ac13f212ea06a5 → pe:syn:SESSION-75ac13f212ea06a5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d7bf020c0439ffaa:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d7bf020c0439ffaa → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:bc6e4eea3acb	flow:bc6e4eea3acb → host:172.234.197.23 → host:131.196.30.143 → port:tcp:39874
FLOW_TO_HOSTOBS	e:to:SESSION-c70f7d0fa3cda32b:host:177.10.235.118	SESSION-c70f7d0fa3cda32b → host:177.10.235.118
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-93cfcdba6a26f550:host:177.10.238.185:host:172.234.197.23	SESSION-93cfcdba6a26f550 → host:177.10.238.185 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d3b7489a7d07:port:tcp:443	flow:d3b7489a7d07 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:ffe985a3149f:port:tcp:443	flow:ffe985a3149f → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ad3aa4b6b6de70e6:host:172.234.197.23:host:177.10.232.120	SESSION-ad3aa4b6b6de70e6 → host:172.234.197.23 → host:177.10.232.120
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1c5519b0e5712e1e:flow:9280036d235b	SESSION-1c5519b0e5712e1e → flow:9280036d235b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fa2f81c8f6798425:SESSION-fa2f81c8f6798425	SESSION-fa2f81c8f6798425 → pe:tls:SESSION-fa2f81c8f6798425
FLOW_TO_HOSTOBS	e:to:SESSION-85172baad8a91878:host:177.10.232.193	SESSION-85172baad8a91878 → host:177.10.232.193
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-828db1ebc34fa50a:SESSION-828db1ebc34fa50a	SESSION-828db1ebc34fa50a → pe:tls:SESSION-828db1ebc34fa50a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-520789f72dcf866a:host:131.196.29.127:host:172.234.197.23	SESSION-520789f72dcf866a → host:131.196.29.127 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-19ad8f01572b4d12:flow:717284c6f6ed	SESSION-19ad8f01572b4d12 → flow:717284c6f6ed
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1af702d2aa4c9d9d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-1af702d2aa4c9d9d → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dda196b654200873:SESSION-dda196b654200873	SESSION-dda196b654200873 → pe:tls:SESSION-dda196b654200873
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4d17209bd675d4be:SESSION-4d17209bd675d4be	SESSION-4d17209bd675d4be → pe:syn:SESSION-4d17209bd675d4be
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-74ad535621338757:SESSION-74ad535621338757	SESSION-74ad535621338757 → pe:syn:SESSION-74ad535621338757
FLOW_TLS_SNIOBS	e:fs:flow:6bf63e143c80:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:6bf63e143c80 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f9c73da0e6ec113c:SESSION-f9c73da0e6ec113c	SESSION-f9c73da0e6ec113c → pe:tls:SESSION-f9c73da0e6ec113c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4eeddeaeae099136:host:172.234.197.23	SESSION-4eeddeaeae099136 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.126:asn:262880	host:177.10.233.126 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-213b6cb7e75b87f2:SESSION-213b6cb7e75b87f2	SESSION-213b6cb7e75b87f2 → pe:syn:SESSION-213b6cb7e75b87f2
flow_observed4-aryOBS	e:fo:flow:9b52713bd4bb	flow:9b52713bd4bb → host:172.234.197.23 → host:131.196.29.151 → port:tcp:8735
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c3957034b2fd24e8:host:172.234.197.23:host:131.196.31.100	SESSION-c3957034b2fd24e8 → host:172.234.197.23 → host:131.196.31.100
FLOW_DST_PORTOBS	e:fp:flow:f269f8c627cd:port:tcp:27626	flow:f269f8c627cd → port:tcp:27626
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.204:geo_19.07480_72.88560	host:45.145.152.204 → geo_19.07480_72.88560
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d47b3cf0d6133fea:flow:9352eabb144b	SESSION-d47b3cf0d6133fea → flow:9352eabb144b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9820f222b36503c3:host:172.234.197.23	SESSION-9820f222b36503c3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1f34a2a1eb06	flow:1f34a2a1eb06 → host:131.196.30.183 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b7f4612f7527a5d:SESSION-5b7f4612f7527a5d	SESSION-5b7f4612f7527a5d → pe:syn:SESSION-5b7f4612f7527a5d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06d2ad4243fb8941:host:131.196.30.12	SESSION-06d2ad4243fb8941 → host:131.196.30.12
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-28af2e1f4e778075:host:177.10.234.232:host:172.234.197.23	SESSION-28af2e1f4e778075 → host:177.10.234.232 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4883770547012399:host:172.234.197.23	SESSION-4883770547012399 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f1b980e392c4795:host:172.234.197.23	SESSION-4f1b980e392c4795 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.49:geo_-23.62930_-46.63510	host:131.196.31.49 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d47b3cf0d6133fea:SESSION-d47b3cf0d6133fea	SESSION-d47b3cf0d6133fea → pe:tls:SESSION-d47b3cf0d6133fea
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a9de26895ffb34a3:SESSION-a9de26895ffb34a3	SESSION-a9de26895ffb34a3 → pe:syn:SESSION-a9de26895ffb34a3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-458a0c6775d84d5e:host:172.234.197.23	SESSION-458a0c6775d84d5e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3f48cf8f11b8f73e:SESSION-3f48cf8f11b8f73e	SESSION-3f48cf8f11b8f73e → pe:syn:SESSION-3f48cf8f11b8f73e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d9fdfee14b0ac469:SESSION-d9fdfee14b0ac469	SESSION-d9fdfee14b0ac469 → pe:syn:SESSION-d9fdfee14b0ac469
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-002a4fad2ef08bcf:host:177.10.236.207	SESSION-002a4fad2ef08bcf → host:177.10.236.207
FLOW_DST_PORTOBS	e:fp:flow:5c055db31751:port:tcp:443	flow:5c055db31751 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-884df81342ed3b04:PCAP:capture_20260430070001:903a0e7a436b	SESSION-884df81342ed3b04 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-106a8139a282a728:host:172.234.197.23	SESSION-106a8139a282a728 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c0819e2dfaa1	flow:c0819e2dfaa1 → host:177.10.233.98 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-534aae6aa0ff39bc:PCAP:capture_20260430060001:919b39a74464	SESSION-534aae6aa0ff39bc → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:a80934ee9d8f:port:tcp:443	flow:a80934ee9d8f → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:ce9908fd477e:port:tcp:63179	flow:ce9908fd477e → port:tcp:63179
flow_observed5-aryOBS	e:fo:flow:f9ec3d0cc6bb	flow:f9ec3d0cc6bb → host:131.196.30.73 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e00ced36c846b73a:host:177.10.234.76:host:172.234.197.23	SESSION-e00ced36c846b73a → host:177.10.234.76 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f479af38d87d852f:host:172.234.197.23	SESSION-f479af38d87d852f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-59de2965684be0b6:SESSION-59de2965684be0b6	SESSION-59de2965684be0b6 → pe:syn:SESSION-59de2965684be0b6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d6d83b2373dd8cdc:SESSION-d6d83b2373dd8cdc	SESSION-d6d83b2373dd8cdc → pe:tls:SESSION-d6d83b2373dd8cdc
flow_observed5-aryOBS	e:fo:flow:f3a7fe5c3c2c	flow:f3a7fe5c3c2c → host:131.196.29.48 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a1525d7a099ba42:host:177.10.238.250	SESSION-5a1525d7a099ba42 → host:177.10.238.250
FLOW_TO_HOSTOBS	e:to:SESSION-b854a8a0c04494b2:host:172.232.0.17	SESSION-b854a8a0c04494b2 → host:172.232.0.17
FLOW_FROM_HOSTOBS	e:from:SESSION-e4f9227bbb6fbbfc:host:131.196.31.5	SESSION-e4f9227bbb6fbbfc → host:131.196.31.5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8614773ef8a3b357:host:177.10.233.109	SESSION-8614773ef8a3b357 → host:177.10.233.109
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3739e8b613327ce5:SESSION-3739e8b613327ce5	SESSION-3739e8b613327ce5 → pe:tls:SESSION-3739e8b613327ce5
flow_observed5-aryOBS	e:fo:flow:b8930a348aad	flow:b8930a348aad → host:131.196.31.126 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d47b6311855994f0:host:131.196.28.165	SESSION-d47b6311855994f0 → host:131.196.28.165
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-779dfe498151f730:host:172.234.197.23	SESSION-779dfe498151f730 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4862cddc1ddaa50:host:172.234.197.23	SESSION-d4862cddc1ddaa50 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f1fbed100f42	flow:f1fbed100f42 → host:177.10.234.162 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c88d3e9918500cb2:PCAP:capture_20260430090001:065659c7d314	SESSION-c88d3e9918500cb2 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-024c55a268626b80:SESSION-024c55a268626b80	SESSION-024c55a268626b80 → pe:syn:SESSION-024c55a268626b80
FLOW_DST_PORTOBS	e:fp:flow:313e7cddc626:port:tcp:443	flow:313e7cddc626 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8bd396f5705de0fe:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8bd396f5705de0fe → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9fba97aa139b6de4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9fba97aa139b6de4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f6c732897c2ca80c:SESSION-f6c732897c2ca80c	SESSION-f6c732897c2ca80c → pe:syn:SESSION-f6c732897c2ca80c
FLOW_DST_PORTOBS	e:fp:flow:048fd4fb8e93:port:tcp:443	flow:048fd4fb8e93 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0acd91014f6238ed:SESSION-0acd91014f6238ed	SESSION-0acd91014f6238ed → pe:syn:SESSION-0acd91014f6238ed
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.238:geo_-16.28860_-49.01640	host:177.10.233.238 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.217:asn:262880	host:177.10.237.217 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-78c74ad080075522:host:172.234.197.23	SESSION-78c74ad080075522 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-06814c349a39e79e:host:45.173.156.153	SESSION-06814c349a39e79e → host:45.173.156.153
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68a3766ff3680ecf:flow:d4b99e72a5e5	SESSION-68a3766ff3680ecf → flow:d4b99e72a5e5
FLOW_TO_HOSTOBS	e:to:SESSION-b00e597f7260eb50:host:172.234.197.23	SESSION-b00e597f7260eb50 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b836173867007d89:host:177.10.232.195	SESSION-b836173867007d89 → host:177.10.232.195
flow_observed5-aryOBS	e:fo:flow:f7eb9287a4ce	flow:f7eb9287a4ce → host:131.196.28.230 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e896271e9295df4:host:172.234.197.23	SESSION-9e896271e9295df4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d17209bd675d4be:host:131.196.28.143	SESSION-4d17209bd675d4be → host:131.196.28.143
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5470436eecf7738e:SESSION-5470436eecf7738e	SESSION-5470436eecf7738e → pe:syn:SESSION-5470436eecf7738e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b73c5a859c05f554:host:177.10.232.255	SESSION-b73c5a859c05f554 → host:177.10.232.255
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b0ca3b8aea25b593:flow:67579f5ba801	SESSION-b0ca3b8aea25b593 → flow:67579f5ba801
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0afc12079a05a1b1:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-0afc12079a05a1b1 → PCAP:capture_20260428000001:7e90c7cb899e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.57:asn:262880	host:177.10.234.57 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6d83a9aba23a117e:flow:d330bd9c2261	SESSION-6d83a9aba23a117e → flow:d330bd9c2261
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-52c764b77552a86d:flow:29c853a24919	SESSION-52c764b77552a86d → flow:29c853a24919
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db907559277cbdbb:host:177.10.234.210	SESSION-db907559277cbdbb → host:177.10.234.210
FLOW_FROM_HOSTOBS	e:from:SESSION-677c9237241fc75d:host:45.173.156.68	SESSION-677c9237241fc75d → host:45.173.156.68
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f67ce0567774b305:flow:4a2e0a063a42	SESSION-f67ce0567774b305 → flow:4a2e0a063a42
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-499399e6896a45f7:host:172.234.197.23	SESSION-499399e6896a45f7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bef08b3c32a1c401:host:177.10.234.108:host:172.234.197.23	SESSION-bef08b3c32a1c401 → host:177.10.234.108 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ee8963275c4b434b:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-ee8963275c4b434b → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-f5c08654c75b915c:host:177.10.239.0	SESSION-f5c08654c75b915c → host:177.10.239.0
FLOW_TO_HOSTOBS	e:to:SESSION-8452ffa75e7fe764:host:177.10.237.115	SESSION-8452ffa75e7fe764 → host:177.10.237.115
FLOW_DST_PORTOBS	e:fp:flow:35d670918235:port:tcp:443	flow:35d670918235 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:93c49d69a1fc:port:tcp:443	flow:93c49d69a1fc → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-78dc8874b859c826:host:172.234.197.23	SESSION-78dc8874b859c826 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b0a40d55d6f8	flow:b0a40d55d6f8 → host:131.196.30.3 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-75add779b1a22971:flow:2349cb958fdf	SESSION-75add779b1a22971 → flow:2349cb958fdf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d52597e88babdbe8:flow:f7227496e47f	SESSION-d52597e88babdbe8 → flow:f7227496e47f
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.58:asn:262880	host:177.10.239.58 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.48:geo_-23.62930_-46.63510	host:131.196.29.48 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46da9b8beaa478c9:host:172.234.197.23	SESSION-46da9b8beaa478c9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30052afb1f0268ab:host:172.234.197.23	SESSION-30052afb1f0268ab → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9ab55f3989857eec:host:131.196.30.88:host:172.234.197.23	SESSION-9ab55f3989857eec → host:131.196.30.88 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c83e078f141652ea:flow:097845287463	SESSION-c83e078f141652ea → flow:097845287463
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-603529cff661c41d:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-603529cff661c41d → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f65d16e06243eafc:SESSION-f65d16e06243eafc	SESSION-f65d16e06243eafc → pe:syn:SESSION-f65d16e06243eafc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b048d8915129480a:host:177.10.232.52	SESSION-b048d8915129480a → host:177.10.232.52
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2713dc0653d6ae5:host:172.234.197.23	SESSION-e2713dc0653d6ae5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77c4ff849445b3aa:PCAP:capture_20260430110001:43611bdf6759	SESSION-77c4ff849445b3aa → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b9a69c63a7b588de:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b9a69c63a7b588de → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c24cbdb3e7b273c:host:172.234.197.23	SESSION-2c24cbdb3e7b273c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19cb9f6f0c8358bd:host:31.40.196.45	SESSION-19cb9f6f0c8358bd → host:31.40.196.45
flow_observed5-aryOBS	e:fo:flow:c702f410ff47	flow:c702f410ff47 → host:177.10.239.2 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bee309b4d5047c7d:SESSION-bee309b4d5047c7d	SESSION-bee309b4d5047c7d → pe:syn:SESSION-bee309b4d5047c7d
FLOW_DST_PORTOBS	e:fp:flow:9e3b10c8440c:port:tcp:443	flow:9e3b10c8440c → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa26c3a0a6de1666:flow:1dfa5ca65851	SESSION-aa26c3a0a6de1666 → flow:1dfa5ca65851
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.198:geo_-21.10010_-41.69200	host:45.173.156.198 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2354f30fe4af5f56:SESSION-2354f30fe4af5f56	SESSION-2354f30fe4af5f56 → pe:tls:SESSION-2354f30fe4af5f56
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38c7d1687d10af97:host:177.10.238.125	SESSION-38c7d1687d10af97 → host:177.10.238.125
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89883827e26a2cf6:host:177.10.239.31	SESSION-89883827e26a2cf6 → host:177.10.239.31
PORT_IMPLIED_SERVICEIMP 70%	e:ps:port:udp:53:svc:dns	port:udp:53 → svc:dns
FLOW_FROM_HOSTOBS	e:from:SESSION-6b6e18a39fae0db6:host:131.196.28.242	SESSION-6b6e18a39fae0db6 → host:131.196.28.242
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b01750df014e0bb:flow:a7699745f5ad	SESSION-5b01750df014e0bb → flow:a7699745f5ad
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ee4f55e8adb586c5:SESSION-ee4f55e8adb586c5	SESSION-ee4f55e8adb586c5 → pe:syn:SESSION-ee4f55e8adb586c5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ac87af78ff19f5c9:host:177.10.233.35:host:172.234.197.23	SESSION-ac87af78ff19f5c9 → host:177.10.233.35 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5aad3921ba28	flow:5aad3921ba28 → host:177.10.238.215 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.172:asn:262880	host:177.10.238.172 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.161:geo_-16.28860_-49.01640	host:177.10.237.161 → geo_-16.28860_-49.01640
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-c9c8bcacffc7072b:BSG-BEACON-e07f4250263f	SESSION-c9c8bcacffc7072b → BSG-BEACON-e07f4250263f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5f3e8e9199df130f:PCAP:capture_20260430110001:43611bdf6759	SESSION-5f3e8e9199df130f → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f344d747ad66bc9c:SESSION-f344d747ad66bc9c	SESSION-f344d747ad66bc9c → pe:syn:SESSION-f344d747ad66bc9c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b37dbc8f4449b96:flow:5641975097c1	SESSION-5b37dbc8f4449b96 → flow:5641975097c1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9de698333fa1afcb:SESSION-9de698333fa1afcb	SESSION-9de698333fa1afcb → pe:syn:SESSION-9de698333fa1afcb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7fc1282909254587:PCAP:capture_20260430060001:919b39a74464	SESSION-7fc1282909254587 → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-850471f172c9c8e6:PCAP:capture_20260430150001:ded20914761d	SESSION-850471f172c9c8e6 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fa49e5af791c6122:SESSION-fa49e5af791c6122	SESSION-fa49e5af791c6122 → pe:tls:SESSION-fa49e5af791c6122
FLOW_FROM_HOSTOBS	e:from:SESSION-75251a40e4bc6a46:host:45.173.156.72	SESSION-75251a40e4bc6a46 → host:45.173.156.72
FLOW_TO_HOSTOBS	e:to:SESSION-c88d7695016e6fbb:host:177.10.239.164	SESSION-c88d7695016e6fbb → host:177.10.239.164
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.229:asn:271410	host:131.196.31.229 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ddc60a1db971e20b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-ddc60a1db971e20b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa515f25c4c77655:flow:bd3840ea5a34	SESSION-aa515f25c4c77655 → flow:bd3840ea5a34
FLOW_DST_PORTOBS	e:fp:flow:ba936f422e0d:port:tcp:443	flow:ba936f422e0d → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:2469f0734cea	flow:2469f0734cea → host:172.234.197.23 → host:177.10.232.159 → port:tcp:15566
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-34b42a1bd1f93900:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-34b42a1bd1f93900 → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77e1145855a55905:SESSION-77e1145855a55905	SESSION-77e1145855a55905 → pe:tls:SESSION-77e1145855a55905
flow_observed5-aryOBS	e:fo:flow:2b9c751256f3	flow:2b9c751256f3 → host:131.196.29.25 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5e5c0136d660133a:PCAP:capture_20260430110001:43611bdf6759	SESSION-5e5c0136d660133a → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e8de37a87806b5e4:PCAP:capture_20260430080001:93f47cc296a4	SESSION-e8de37a87806b5e4 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:b33a99c12d3a	flow:b33a99c12d3a → host:177.10.239.143 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-edaec15d65a63fe7:SESSION-edaec15d65a63fe7	SESSION-edaec15d65a63fe7 → pe:tls:SESSION-edaec15d65a63fe7
flow_observed5-aryOBS	e:fo:flow:0df55cdf98a4	flow:0df55cdf98a4 → host:5.75.182.251 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-687ff071deb77d90:SESSION-687ff071deb77d90	SESSION-687ff071deb77d90 → pe:syn:SESSION-687ff071deb77d90
FLOW_TLS_SNIOBS	e:fs:flow:2ba008c1adde:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:2ba008c1adde → tls_sni:172-234-197-23.ip.linodeusercontent.com
flow_observed5-aryOBS	e:fo:flow:9a745d03101e	flow:9a745d03101e → host:177.10.234.46 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4691236308c01a5:host:54.149.68.137:host:172.234.197.23	SESSION-d4691236308c01a5 → host:54.149.68.137 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-617da6f9980af1b7:PCAP:capture_20260430070001:903a0e7a436b	SESSION-617da6f9980af1b7 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:8fe8ab751bca:port:tcp:443	flow:8fe8ab751bca → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:c411afbea564	flow:c411afbea564 → host:177.10.237.46 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:e484d817f907	flow:e484d817f907 → host:131.196.29.192 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1b9f91f77c860b7c:SESSION-1b9f91f77c860b7c	SESSION-1b9f91f77c860b7c → pe:tls:SESSION-1b9f91f77c860b7c
FLOW_TO_HOSTOBS	e:to:SESSION-265a2f0fa666e936:host:172.234.197.23	SESSION-265a2f0fa666e936 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-036bdbf16af23428:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-036bdbf16af23428 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dd5c7cb019cd55a3:flow:d612e7f6da31	SESSION-dd5c7cb019cd55a3 → flow:d612e7f6da31
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e6d45a86f046cac8:host:172.234.197.23:host:45.173.156.3	SESSION-e6d45a86f046cac8 → host:172.234.197.23 → host:45.173.156.3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-853e897de6767cda:SESSION-853e897de6767cda	SESSION-853e897de6767cda → pe:tls:SESSION-853e897de6767cda
FLOW_DST_PORTOBS	e:fp:flow:2bd4f5d8a688:port:tcp:11295	flow:2bd4f5d8a688 → port:tcp:11295
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1f29948747ee8d5c:SESSION-1f29948747ee8d5c	SESSION-1f29948747ee8d5c → pe:syn:SESSION-1f29948747ee8d5c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df6efecba493c79c:host:172.234.197.23	SESSION-df6efecba493c79c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.171:asn:262880	host:177.10.235.171 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.150:geo_-16.28860_-49.01640	host:177.10.236.150 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-8e3933798ce80a4c:host:177.10.234.120	SESSION-8e3933798ce80a4c → host:177.10.234.120
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-323caf5dcc039926:host:172.234.197.23	SESSION-323caf5dcc039926 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.176:asn:262880	host:177.10.236.176 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-bcca913f927ee07e:host:172.3.50.214	SESSION-bcca913f927ee07e → host:172.3.50.214
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9222c19da42c0aaa:host:131.196.30.214:host:172.234.197.23	SESSION-9222c19da42c0aaa → host:131.196.30.214 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2e4cb96e9954f000:SESSION-2e4cb96e9954f000	SESSION-2e4cb96e9954f000 → pe:tls:SESSION-2e4cb96e9954f000
flow_observed5-aryOBS	e:fo:flow:a3872eabdf69	flow:a3872eabdf69 → host:131.196.29.29 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2e1e1ea3d3f0587:host:172.234.197.23	SESSION-f2e1e1ea3d3f0587 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-99664d33d11b43d2:host:57.128.95.174	SESSION-99664d33d11b43d2 → host:57.128.95.174
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6d6666ae3e8c32da:flow:c0d2094dfac4	SESSION-6d6666ae3e8c32da → flow:c0d2094dfac4
FLOW_DST_PORTOBS	e:fp:flow:6c8243309e3c:port:tcp:443	flow:6c8243309e3c → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-85a8f577301970a2:host:172.234.197.23	SESSION-85a8f577301970a2 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-33fdede36596a62f:BSG-BEACON-5db8221010e8	SESSION-33fdede36596a62f → BSG-BEACON-5db8221010e8
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.136:geo_-16.28860_-49.01640	host:177.10.233.136 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:a1fd172a9ae7:port:tcp:443	flow:a1fd172a9ae7 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:77891346ee5e	flow:77891346ee5e → host:172.234.197.23 → host:177.10.233.98 → port:tcp:32486
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8614773ef8a3b357:host:172.234.197.23	SESSION-8614773ef8a3b357 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-05ec7baf0d99b24d:host:177.10.238.122	SESSION-05ec7baf0d99b24d → host:177.10.238.122
flow_observed5-aryOBS	e:fo:flow:14fd74da1fdf	flow:14fd74da1fdf → host:177.10.234.236 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-31b6c18ffff74955:SESSION-31b6c18ffff74955	SESSION-31b6c18ffff74955 → pe:syn:SESSION-31b6c18ffff74955
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f4a8961dba27f33:host:172.234.197.23	SESSION-5f4a8961dba27f33 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1ec00a834c5afff3:host:177.10.235.107	SESSION-1ec00a834c5afff3 → host:177.10.235.107
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.32:asn:262880	host:177.10.233.32 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5cdb2ff7fda09377:host:172.234.197.23	SESSION-5cdb2ff7fda09377 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-72ea8a7fe39a298e:host:45.173.156.126	SESSION-72ea8a7fe39a298e → host:45.173.156.126
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d90a5aaa3545c15:flow:1704308eae32	SESSION-1d90a5aaa3545c15 → flow:1704308eae32
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.114:geo_-23.62930_-46.63510	host:131.196.28.114 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ae53b938ea3675b:host:177.10.234.173:host:172.234.197.23	SESSION-2ae53b938ea3675b → host:177.10.234.173 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b8531a25e714	flow:b8531a25e714 → host:131.196.28.195 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-0af842276eef56a1:host:172.234.197.23	SESSION-0af842276eef56a1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3767fab91283496e:host:177.10.232.143:host:172.234.197.23	SESSION-3767fab91283496e → host:177.10.232.143 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76408b67fb88a4bd:host:177.10.237.17	SESSION-76408b67fb88a4bd → host:177.10.237.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3675340578297917:host:131.196.28.205	SESSION-3675340578297917 → host:131.196.28.205
flow_observed4-aryOBS	e:fo:flow:fb19f5ee5964	flow:fb19f5ee5964 → host:172.234.197.23 → host:131.196.28.39 → port:tcp:11842
flow_observed5-aryOBS	e:fo:flow:ba9d53194809	flow:ba9d53194809 → host:177.10.239.226 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-417f532a2a507181:host:172.234.197.23	SESSION-417f532a2a507181 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:7ebe5ea3bba9	flow:7ebe5ea3bba9 → host:172.234.197.23 → host:177.10.236.235 → port:tcp:24972
FLOW_TO_HOSTOBS	e:to:SESSION-17fce8ea46af65f2:host:177.10.232.249	SESSION-17fce8ea46af65f2 → host:177.10.232.249
ASN_IN_ORGOBS 80%	e:ao:asn:62068:org:SpectraIP B.V.	asn:62068 → org:SpectraIP B.V.
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.124:geo_-21.10010_-41.69200	host:45.173.156.124 → geo_-21.10010_-41.69200
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.251:asn:262880	host:177.10.234.251 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:e05bb1ac9ff3:port:tcp:27690	flow:e05bb1ac9ff3 → port:tcp:27690
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-807885e153f56a02:host:172.234.197.23	SESSION-807885e153f56a02 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4b447e1896cf3c7e:host:177.10.238.157:host:172.234.197.23	SESSION-4b447e1896cf3c7e → host:177.10.238.157 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7f971b95dedbfd9a:SESSION-7f971b95dedbfd9a	SESSION-7f971b95dedbfd9a → pe:syn:SESSION-7f971b95dedbfd9a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-acd63ec8ffcea8e7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-acd63ec8ffcea8e7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:000fd5deac60	flow:000fd5deac60 → host:177.10.232.225 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.89:geo_-23.62930_-46.63510	host:131.196.28.89 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.167:asn:271410	host:131.196.31.167 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:b0ce171daf3a:port:tcp:15339	flow:b0ce171daf3a → port:tcp:15339
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a437e2422713bf06:host:172.234.197.23	SESSION-a437e2422713bf06 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c716fd204e4ddd99:host:172.232.0.17	SESSION-c716fd204e4ddd99 → host:172.232.0.17
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-b854a8a0c04494b2:BSG-BEACON-f6c2b3d0e42d	SESSION-b854a8a0c04494b2 → BSG-BEACON-f6c2b3d0e42d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d82ce6b730f5fc6b:SESSION-d82ce6b730f5fc6b	SESSION-d82ce6b730f5fc6b → pe:tls:SESSION-d82ce6b730f5fc6b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ac9ecab386602d8f:flow:9d4afa03dc6f	SESSION-ac9ecab386602d8f → flow:9d4afa03dc6f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6aca8ef237a42da9:SESSION-6aca8ef237a42da9	SESSION-6aca8ef237a42da9 → pe:syn:SESSION-6aca8ef237a42da9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e2b1b7c009dcf05e:PCAP:capture_20260430090001:065659c7d314	SESSION-e2b1b7c009dcf05e → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:362e866ff083:port:tcp:443	flow:362e866ff083 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-93446cf6bcbe5afe:host:131.196.31.126:host:172.234.197.23	SESSION-93446cf6bcbe5afe → host:131.196.31.126 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db946f3602afd068:PCAP:capture_20260430070001:903a0e7a436b	SESSION-db946f3602afd068 → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.137:asn:262880	host:177.10.238.137 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f077149cc71812a:host:172.234.197.23	SESSION-3f077149cc71812a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f07ae9327f23	flow:f07ae9327f23 → host:177.10.238.119 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:6413836dd819:port:tcp:443	flow:6413836dd819 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-11641f941720f4cf:SESSION-11641f941720f4cf	SESSION-11641f941720f4cf → pe:tls:SESSION-11641f941720f4cf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5a1525d7a099ba42:host:172.234.197.23:host:177.10.238.250	SESSION-5a1525d7a099ba42 → host:172.234.197.23 → host:177.10.238.250
FLOW_TO_HOSTOBS	e:to:SESSION-969e64e33723c991:host:172.234.197.23	SESSION-969e64e33723c991 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1fdaf54c444b72c0:host:172.234.197.23	SESSION-1fdaf54c444b72c0 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.182:geo_-16.28860_-49.01640	host:177.10.232.182 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.97:geo_-23.62930_-46.63510	host:131.196.28.97 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:4abd29b514be:port:tcp:13351	flow:4abd29b514be → port:tcp:13351
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0dbdaab1cb35f54:host:131.196.30.244	SESSION-c0dbdaab1cb35f54 → host:131.196.30.244
FLOW_TO_HOSTOBS	e:to:SESSION-e938dc96c7665991:host:177.10.232.215	SESSION-e938dc96c7665991 → host:177.10.232.215
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eaecff6799ccb464:flow:d5a249ab2d27	SESSION-eaecff6799ccb464 → flow:d5a249ab2d27
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e73771addca62c13:host:177.10.235.255	SESSION-e73771addca62c13 → host:177.10.235.255
FLOW_TO_HOSTOBS	e:to:SESSION-55ac8b9837cbe539:host:172.234.197.23	SESSION-55ac8b9837cbe539 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-386a52b5a647d101:flow:3faa83c68201	SESSION-386a52b5a647d101 → flow:3faa83c68201
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d957287df88430bb:host:177.10.239.58	SESSION-d957287df88430bb → host:177.10.239.58
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-394efd35512401c0:flow:0699a99fcbbc	SESSION-394efd35512401c0 → flow:0699a99fcbbc
FLOW_FROM_HOSTOBS	e:from:SESSION-d9b13ac4e6d83a5e:host:177.10.239.166	SESSION-d9b13ac4e6d83a5e → host:177.10.239.166
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c32ee209d5d1aa5e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c32ee209d5d1aa5e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ff374888c4809584:SESSION-ff374888c4809584	SESSION-ff374888c4809584 → pe:syn:SESSION-ff374888c4809584
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d28501729ed200f7:flow:9b441099c4bf	SESSION-d28501729ed200f7 → flow:9b441099c4bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7858b3452cd9a479:host:45.173.156.134	SESSION-7858b3452cd9a479 → host:45.173.156.134
FLOW_DST_PORTOBS	e:fp:flow:26f9905a5f90:port:tcp:39743	flow:26f9905a5f90 → port:tcp:39743
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7bd472de7dbc823f:host:172.234.197.23:host:45.173.156.209	SESSION-7bd472de7dbc823f → host:172.234.197.23 → host:45.173.156.209
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6585a8f099e9e465:host:131.196.31.199	SESSION-6585a8f099e9e465 → host:131.196.31.199
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.66:asn:262880	host:177.10.234.66 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.228:asn:262880	host:177.10.235.228 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:f8a5a4fdedd5:port:tcp:10943	flow:f8a5a4fdedd5 → port:tcp:10943
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f2c00c77bcbb5602:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f2c00c77bcbb5602 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.230:asn:271410	host:131.196.31.230 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-fbe3edafde6a655f:host:80.94.92.182	SESSION-fbe3edafde6a655f → host:80.94.92.182
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b2aed99cc8c09f5c:SESSION-b2aed99cc8c09f5c	SESSION-b2aed99cc8c09f5c → pe:tls:SESSION-b2aed99cc8c09f5c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f42753b09b481d7e:host:131.196.29.215:host:172.234.197.23	SESSION-f42753b09b481d7e → host:131.196.29.215 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-359d98e6d1200746:host:131.196.30.129	SESSION-359d98e6d1200746 → host:131.196.30.129
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-78ad99b8772b1e3f:flow:f5e29d2fb7d9	SESSION-78ad99b8772b1e3f → flow:f5e29d2fb7d9
flow_observed5-aryOBS	e:fo:flow:982e28d20ec8	flow:982e28d20ec8 → host:177.10.235.202 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7ae30acbd5f5fc5:SESSION-b7ae30acbd5f5fc5	SESSION-b7ae30acbd5f5fc5 → pe:syn:SESSION-b7ae30acbd5f5fc5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a03e1a67bd79b062:host:172.234.197.23	SESSION-a03e1a67bd79b062 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7af80619f13211ba:SESSION-7af80619f13211ba	SESSION-7af80619f13211ba → pe:tls:SESSION-7af80619f13211ba
FLOW_DST_PORTOBS	e:fp:flow:8eef620e7e16:port:tcp:44736	flow:8eef620e7e16 → port:tcp:44736
FLOW_TO_HOSTOBS	e:to:SESSION-1ffb3444ca3f5caf:host:172.234.197.23	SESSION-1ffb3444ca3f5caf → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:235158a23b67:port:tcp:443	flow:235158a23b67 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4ba070ea29625f6c:SESSION-4ba070ea29625f6c	SESSION-4ba070ea29625f6c → pe:tls:SESSION-4ba070ea29625f6c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1b588a91707aaaf:flow:b01d2e5ef9a6	SESSION-d1b588a91707aaaf → flow:b01d2e5ef9a6
FLOW_TO_HOSTOBS	e:to:SESSION-3186af5a0774c3b5:host:172.234.197.23	SESSION-3186af5a0774c3b5 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:6eec87534247	flow:6eec87534247 → host:172.234.197.23 → host:45.173.156.210 → port:tcp:41124
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.251:geo_-16.28860_-49.01640	host:177.10.234.251 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8bfe47632c127d09:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8bfe47632c127d09 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c47d04961700459f:PCAP:capture_20260430110001:43611bdf6759	SESSION-c47d04961700459f → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cbaaa2b8364f7158:host:172.234.197.23	SESSION-cbaaa2b8364f7158 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f60661a19246ebd9:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f60661a19246ebd9 → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.113:asn:262880	host:177.10.234.113 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5b2e6696cab81646:SESSION-5b2e6696cab81646	SESSION-5b2e6696cab81646 → pe:tls:SESSION-5b2e6696cab81646
FLOW_DST_PORTOBS	e:fp:flow:8ac017970638:port:tcp:54071	flow:8ac017970638 → port:tcp:54071
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e7e8f7da56292748:flow:3d196b4085ad	SESSION-e7e8f7da56292748 → flow:3d196b4085ad
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bce97f10a4a571f4:SESSION-bce97f10a4a571f4	SESSION-bce97f10a4a571f4 → pe:syn:SESSION-bce97f10a4a571f4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.35:asn:262880	host:177.10.238.35 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d147f8cae941ed80:SESSION-d147f8cae941ed80	SESSION-d147f8cae941ed80 → pe:syn:SESSION-d147f8cae941ed80
FLOW_FROM_HOSTOBS	e:from:SESSION-5ef74cd6b285b3c9:host:45.173.156.189	SESSION-5ef74cd6b285b3c9 → host:45.173.156.189
FLOW_TO_HOSTOBS	e:to:SESSION-764a731a27d64086:host:172.234.197.23	SESSION-764a731a27d64086 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ce2f2546c044634:SESSION-8ce2f2546c044634	SESSION-8ce2f2546c044634 → pe:syn:SESSION-8ce2f2546c044634
FLOW_FROM_HOSTOBS	e:from:SESSION-f482eb7fd49a3f1b:host:177.10.239.210	SESSION-f482eb7fd49a3f1b → host:177.10.239.210
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-40d48b3e3ce773b5:flow:4a5a098691d5	SESSION-40d48b3e3ce773b5 → flow:4a5a098691d5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.223:geo_-23.62930_-46.63510	host:131.196.31.223 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-cca8cec112e53d8f:host:177.10.235.110	SESSION-cca8cec112e53d8f → host:177.10.235.110
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1cf957f4a121d77:host:172.234.197.23	SESSION-b1cf957f4a121d77 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ba1cfcea34ace70:SESSION-2ba1cfcea34ace70	SESSION-2ba1cfcea34ace70 → pe:syn:SESSION-2ba1cfcea34ace70
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.59:geo_-16.28860_-49.01640	host:177.10.239.59 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87bc9df611d2f97d:host:172.234.197.23	SESSION-87bc9df611d2f97d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-74ad535621338757:host:131.196.30.7	SESSION-74ad535621338757 → host:131.196.30.7
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.175:asn:262880	host:177.10.235.175 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6c83a3382d975674:SESSION-6c83a3382d975674	SESSION-6c83a3382d975674 → pe:tls:SESSION-6c83a3382d975674
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3fa9d5496b14fae:host:172.234.197.23	SESSION-c3fa9d5496b14fae → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8bfe47632c127d09:host:131.196.31.77	SESSION-8bfe47632c127d09 → host:131.196.31.77
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ef9a5d8a17e479b:SESSION-8ef9a5d8a17e479b	SESSION-8ef9a5d8a17e479b → pe:syn:SESSION-8ef9a5d8a17e479b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7558286b16680d35:host:45.173.156.134	SESSION-7558286b16680d35 → host:45.173.156.134
flow_observed5-aryOBS	e:fo:flow:5c6720ec9a7d	flow:5c6720ec9a7d → host:177.10.233.124 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78b6e298ccb2dbce:host:177.10.235.105	SESSION-78b6e298ccb2dbce → host:177.10.235.105
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-76b0da8a82e9902a:flow:3dc8eab660f9	SESSION-76b0da8a82e9902a → flow:3dc8eab660f9
flow_observed5-aryOBS	e:fo:flow:e7c4ea58d513	flow:e7c4ea58d513 → host:177.10.238.110 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c471169f59e284ee:flow:b6a0ced2143f	SESSION-c471169f59e284ee → flow:b6a0ced2143f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f7d282d56df8eba3:flow:ed9c19c178d4	SESSION-f7d282d56df8eba3 → flow:ed9c19c178d4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ca1727d5d29ffb7f:flow:c1ebe2f41b05	SESSION-ca1727d5d29ffb7f → flow:c1ebe2f41b05
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b23254615c6167a0:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-b23254615c6167a0 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db0c4d22fd57aedf:PCAP:capture_20260430160001:9bfa4498506a	SESSION-db0c4d22fd57aedf → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-9df048180bcb59b6:host:172.234.197.23	SESSION-9df048180bcb59b6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-62d5a334e1fc9bd1:host:177.10.237.213	SESSION-62d5a334e1fc9bd1 → host:177.10.237.213
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-107eaa9172a242e7:host:177.10.234.192:host:172.234.197.23	SESSION-107eaa9172a242e7 → host:177.10.234.192 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a288a75f40d03563:host:172.234.197.23	SESSION-a288a75f40d03563 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0aa7cb63cd191443:host:172.234.197.23	SESSION-0aa7cb63cd191443 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fe22df31c35f787d:host:172.234.197.23	SESSION-fe22df31c35f787d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2392c0826d87e845:SESSION-2392c0826d87e845	SESSION-2392c0826d87e845 → pe:tls:SESSION-2392c0826d87e845
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce9bea4cad9ad3a3:host:172.234.197.23	SESSION-ce9bea4cad9ad3a3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4f6d18082a7e4dce:SESSION-4f6d18082a7e4dce	SESSION-4f6d18082a7e4dce → pe:tls:SESSION-4f6d18082a7e4dce
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b4a3756900fa00c:host:131.196.31.237	SESSION-7b4a3756900fa00c → host:131.196.31.237
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6bbf6176d0f5e38d:SESSION-6bbf6176d0f5e38d	SESSION-6bbf6176d0f5e38d → pe:syn:SESSION-6bbf6176d0f5e38d
FLOW_TO_HOSTOBS	e:to:SESSION-dc1a3553c9b143c5:host:172.234.197.23	SESSION-dc1a3553c9b143c5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98544383f10b4583:host:177.10.239.196	SESSION-98544383f10b4583 → host:177.10.239.196
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3c1e38c6e6df43f1:flow:faf417b2cefd	SESSION-3c1e38c6e6df43f1 → flow:faf417b2cefd
FLOW_DST_PORTOBS	e:fp:flow:75bb6d0e28a7:port:tcp:443	flow:75bb6d0e28a7 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-54704a8587620f8b:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-54704a8587620f8b → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-98030dd572a97d39:host:131.196.28.70:host:172.234.197.23	SESSION-98030dd572a97d39 → host:131.196.28.70 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3685b3a1e6c25f1a:host:172.234.197.23	SESSION-3685b3a1e6c25f1a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-30b7709547a366f1:host:172.234.197.23	SESSION-30b7709547a366f1 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.128:asn:203771	host:37.221.79.128 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-27536868d2d29d68:SESSION-27536868d2d29d68	SESSION-27536868d2d29d68 → pe:syn:SESSION-27536868d2d29d68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54530aea57b72d0f:host:177.10.237.35	SESSION-54530aea57b72d0f → host:177.10.237.35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-12879c55e793c987:SESSION-12879c55e793c987	SESSION-12879c55e793c987 → pe:syn:SESSION-12879c55e793c987
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1c315b0bf7f59a30:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1c315b0bf7f59a30 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:1b4e341a7eb5	flow:1b4e341a7eb5 → host:177.10.236.16 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-feb7243d21c3bd2d:host:177.10.235.83:host:172.234.197.23	SESSION-feb7243d21c3bd2d → host:177.10.235.83 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5c83cde1dbe634e7:host:177.10.238.172	SESSION-5c83cde1dbe634e7 → host:177.10.238.172
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-23c159d0ddd6e1cb:host:172.234.197.23:host:172.93.100.236	SESSION-23c159d0ddd6e1cb → host:172.234.197.23 → host:172.93.100.236
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-114b93c0875a1701:host:172.234.197.23:host:131.196.31.32	SESSION-114b93c0875a1701 → host:172.234.197.23 → host:131.196.31.32
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-712d2d82579af730:PCAP:capture_20260430070001:903a0e7a436b	SESSION-712d2d82579af730 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:5232af489f8c:port:tcp:443	flow:5232af489f8c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-baf09a66da0e4962:SESSION-baf09a66da0e4962	SESSION-baf09a66da0e4962 → pe:syn:SESSION-baf09a66da0e4962
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4bc49d07a666c670:host:131.196.31.54:host:172.234.197.23	SESSION-4bc49d07a666c670 → host:131.196.31.54 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b0b067dd86042d0a:SESSION-b0b067dd86042d0a	SESSION-b0b067dd86042d0a → pe:tls:SESSION-b0b067dd86042d0a
FLOW_TO_HOSTOBS	e:to:SESSION-e77d19d6eee479c3:host:177.10.233.95	SESSION-e77d19d6eee479c3 → host:177.10.233.95
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0d11915f1f4e9ef9:flow:28c8d053b614	SESSION-0d11915f1f4e9ef9 → flow:28c8d053b614
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-464502b3105a6b82:PCAP:capture_20260430160001:9bfa4498506a	SESSION-464502b3105a6b82 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:b7e210d67eff	flow:b7e210d67eff → host:131.196.31.75 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b8693b808e1d6b7d:SESSION-b8693b808e1d6b7d	SESSION-b8693b808e1d6b7d → pe:tls:SESSION-b8693b808e1d6b7d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9fba97aa139b6de4:host:131.196.31.16	SESSION-9fba97aa139b6de4 → host:131.196.31.16
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e791e8d702f57f3e:host:172.234.197.23:host:177.10.237.18	SESSION-e791e8d702f57f3e → host:172.234.197.23 → host:177.10.237.18
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.178:geo_-16.28860_-49.01640	host:177.10.232.178 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a1628bbd64c13f5a:SESSION-a1628bbd64c13f5a	SESSION-a1628bbd64c13f5a → pe:syn:SESSION-a1628bbd64c13f5a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-acd63ec8ffcea8e7:host:172.234.197.23	SESSION-acd63ec8ffcea8e7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2b887733bd54:port:tcp:443	flow:2b887733bd54 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-27c94fb85f37f774:host:131.196.29.231:host:172.234.197.23	SESSION-27c94fb85f37f774 → host:131.196.29.231 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6f0fa0972c78e2ef:host:172.234.197.23	SESSION-6f0fa0972c78e2ef → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:18e92ec9b6d5:port:tcp:443	flow:18e92ec9b6d5 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a046afd146222299:flow:578e20cc2601	SESSION-a046afd146222299 → flow:578e20cc2601
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.43:asn:271410	host:131.196.31.43 → asn:271410
flow_observed4-aryOBS	e:fo:flow:cb3e15688521	flow:cb3e15688521 → host:172.234.197.23 → host:177.10.235.14 → port:tcp:6411
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.220:asn:262880	host:177.10.237.220 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9e4489cf6c262aa3:flow:c2b1c487e1ac	SESSION-9e4489cf6c262aa3 → flow:c2b1c487e1ac
FLOW_FROM_HOSTOBS	e:from:SESSION-5fc80192f398e14d:host:131.196.29.161	SESSION-5fc80192f398e14d → host:131.196.29.161
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6081275b2fa04e5c:host:172.234.197.23	SESSION-6081275b2fa04e5c → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:105f5f06ea6e	flow:105f5f06ea6e → host:44.243.2.252 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5381df0c70f3b63:host:172.234.197.23	SESSION-a5381df0c70f3b63 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6c92725f4a9fb4a7:host:185.231.226.255	SESSION-6c92725f4a9fb4a7 → host:185.231.226.255
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a2f802a56d8e0d79:SESSION-a2f802a56d8e0d79	SESSION-a2f802a56d8e0d79 → pe:tls:SESSION-a2f802a56d8e0d79
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b64c855cb393ccc0:PCAP:capture_20260430160001:9bfa4498506a	SESSION-b64c855cb393ccc0 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85ceb858b118c816:PCAP:capture_20260430050001:8868731bf8a4	SESSION-85ceb858b118c816 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d083da2d95669221:host:172.234.197.23	SESSION-d083da2d95669221 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b25c94efbacaf7d7:host:172.234.197.23	SESSION-b25c94efbacaf7d7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9429230c27071ffa:host:177.10.234.132	SESSION-9429230c27071ffa → host:177.10.234.132
FLOW_FROM_HOSTOBS	e:from:SESSION-168c4e3df9119bba:host:172.234.197.23	SESSION-168c4e3df9119bba → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1b3b25682727ca52:host:172.234.197.23	SESSION-1b3b25682727ca52 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a5106b190666c06c:host:131.196.30.125:host:172.234.197.23	SESSION-a5106b190666c06c → host:131.196.30.125 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2479e88ee1ee68c6:SESSION-2479e88ee1ee68c6	SESSION-2479e88ee1ee68c6 → pe:tls:SESSION-2479e88ee1ee68c6
FLOW_DST_PORTOBS	e:fp:flow:d7af59d105eb:port:tcp:443	flow:d7af59d105eb → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:bf711ea5c82f	flow:bf711ea5c82f → host:172.234.197.23 → host:177.10.234.207 → port:tcp:41091
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47f0fc6e11d78716:PCAP:capture_20260428010001:b1b402c7b202	SESSION-47f0fc6e11d78716 → PCAP:capture_20260428010001:b1b402c7b202
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.241:geo_-16.28860_-49.01640	host:177.10.235.241 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.225:geo_-16.28860_-49.01640	host:177.10.232.225 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2f99dd3ca5b14a25:host:177.10.238.50:host:172.234.197.23	SESSION-2f99dd3ca5b14a25 → host:177.10.238.50 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.127:geo_-23.62930_-46.63510	host:131.196.31.127 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-276107f90ab0c118:SESSION-276107f90ab0c118	SESSION-276107f90ab0c118 → pe:syn:SESSION-276107f90ab0c118
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d9e1dffa0e2317c3:SESSION-d9e1dffa0e2317c3	SESSION-d9e1dffa0e2317c3 → pe:tls:SESSION-d9e1dffa0e2317c3
flow_observed4-aryOBS	e:fo:flow:1756a9d5cbe6	flow:1756a9d5cbe6 → host:172.234.197.23 → host:177.10.239.219 → port:tcp:6845
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e7ccd5c552e41a1:host:172.234.197.23	SESSION-7e7ccd5c552e41a1 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:773dd2f1e445:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:773dd2f1e445 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c596c163b79d372:host:172.234.197.23	SESSION-9c596c163b79d372 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f43808d089ea9fde:host:172.234.197.23	SESSION-f43808d089ea9fde → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1df48b404d2bce0:host:172.234.197.23	SESSION-c1df48b404d2bce0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2d8e7a3e879f:port:tcp:443	flow:2d8e7a3e879f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3fa65fdb17829700:SESSION-3fa65fdb17829700	SESSION-3fa65fdb17829700 → pe:syn:SESSION-3fa65fdb17829700
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f776838979623936:flow:53f01b8aa2e8	SESSION-f776838979623936 → flow:53f01b8aa2e8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bd66824284de98ed:flow:39ef05cb6fd5	SESSION-bd66824284de98ed → flow:39ef05cb6fd5
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.79:asn:262880	host:177.10.235.79 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-f3748d9d14aafdb8:host:172.234.197.23	SESSION-f3748d9d14aafdb8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d14117ba89ea:port:tcp:443	flow:d14117ba89ea → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-7549effe520d0229:host:172.234.197.23	SESSION-7549effe520d0229 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c3391332133e:port:tcp:443	flow:c3391332133e → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f6b9574b70ed197:PCAP:capture_20260430060001:919b39a74464	SESSION-4f6b9574b70ed197 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-141e3c6c8d153d1d:flow:b1c5da0364bd	SESSION-141e3c6c8d153d1d → flow:b1c5da0364bd
flow_observed5-aryOBS	e:fo:flow:8cc861ead55e	flow:8cc861ead55e → host:177.10.239.177 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:5f9206fa154d	flow:5f9206fa154d → host:177.10.235.114 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-09e8a1451dd94c84:SESSION-09e8a1451dd94c84	SESSION-09e8a1451dd94c84 → pe:syn:SESSION-09e8a1451dd94c84
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-72786bca04f1b5c7:SESSION-72786bca04f1b5c7	SESSION-72786bca04f1b5c7 → pe:syn:SESSION-72786bca04f1b5c7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-2acb7632e6c37a6f:SESSION-2acb7632e6c37a6f	SESSION-2acb7632e6c37a6f → pe:rst:SESSION-2acb7632e6c37a6f
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.220:asn:271410	host:131.196.29.220 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fbdf1132d9fb1d0d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-fbdf1132d9fb1d0d → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.203:asn:262880	host:177.10.239.203 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-09c382be05e629ee:PCAP:capture_20260430160001:9bfa4498506a	SESSION-09c382be05e629ee → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3930651da0a26cb4:host:172.234.197.23:host:131.196.28.45	SESSION-3930651da0a26cb4 → host:172.234.197.23 → host:131.196.28.45
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-01744e272bba469d:SESSION-01744e272bba469d	SESSION-01744e272bba469d → pe:tls:SESSION-01744e272bba469d
FLOW_FROM_HOSTOBS	e:from:SESSION-11c0fc2d370ea41a:host:172.234.197.23	SESSION-11c0fc2d370ea41a → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.140:asn:262880	host:177.10.235.140 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-db98e45dca973468:host:177.10.237.191	SESSION-db98e45dca973468 → host:177.10.237.191
FLOW_TO_HOSTOBS	e:to:SESSION-193ccf82e1088d1d:host:172.234.197.23	SESSION-193ccf82e1088d1d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e6238265b6cc9ea0:SESSION-e6238265b6cc9ea0	SESSION-e6238265b6cc9ea0 → pe:syn:SESSION-e6238265b6cc9ea0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ddc82f590dd8a411:SESSION-ddc82f590dd8a411	SESSION-ddc82f590dd8a411 → pe:tls:SESSION-ddc82f590dd8a411
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a176047016eec520:flow:94d251e9425d	SESSION-a176047016eec520 → flow:94d251e9425d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a7a354b1ade71f9e:SESSION-a7a354b1ade71f9e	SESSION-a7a354b1ade71f9e → pe:tls:SESSION-a7a354b1ade71f9e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bc9c57ce6bc30045:SESSION-bc9c57ce6bc30045	SESSION-bc9c57ce6bc30045 → pe:syn:SESSION-bc9c57ce6bc30045
FLOW_DST_PORTOBS	e:fp:flow:bf7598ac6715:port:tcp:14105	flow:bf7598ac6715 → port:tcp:14105
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-64abd49ab16af3e3:SESSION-64abd49ab16af3e3	SESSION-64abd49ab16af3e3 → pe:syn:SESSION-64abd49ab16af3e3
FLOW_TO_HOSTOBS	e:to:SESSION-fd437604af995a2a:host:177.10.238.44	SESSION-fd437604af995a2a → host:177.10.238.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dad6cf67ed488f0b:SESSION-dad6cf67ed488f0b	SESSION-dad6cf67ed488f0b → pe:tls:SESSION-dad6cf67ed488f0b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f7bf4f785679ea3b:host:177.10.234.28:host:172.234.197.23	SESSION-f7bf4f785679ea3b → host:177.10.234.28 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8de6c1be9d0210fa:PCAP:capture_20260428010001:b1b402c7b202	SESSION-8de6c1be9d0210fa → PCAP:capture_20260428010001:b1b402c7b202
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.254:geo_-23.62930_-46.63510	host:131.196.29.254 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-937317105ded9efa:host:172.234.197.23:host:177.10.234.93	SESSION-937317105ded9efa → host:172.234.197.23 → host:177.10.234.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7cc58ab2d16fcbf8:SESSION-7cc58ab2d16fcbf8	SESSION-7cc58ab2d16fcbf8 → pe:tls:SESSION-7cc58ab2d16fcbf8
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-c24aca5564d2ae55:BSG-DATA_EXFIL-d0f71354ec7e	SESSION-c24aca5564d2ae55 → BSG-DATA_EXFIL-d0f71354ec7e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-805d717a82cbb042:PCAP:capture_20260430160001:9bfa4498506a	SESSION-805d717a82cbb042 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-1eb9812de4c91c82:host:172.234.197.23	SESSION-1eb9812de4c91c82 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b2b0ee493ee38385:SESSION-b2b0ee493ee38385	SESSION-b2b0ee493ee38385 → pe:syn:SESSION-b2b0ee493ee38385
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5d486009dccd362:host:131.196.28.242	SESSION-d5d486009dccd362 → host:131.196.28.242
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.95:geo_-23.62930_-46.63510	host:131.196.29.95 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5c80786b4900f92c:PCAP:capture_20260430090001:065659c7d314	SESSION-5c80786b4900f92c → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-87edcc7df5436fbe:SESSION-87edcc7df5436fbe	SESSION-87edcc7df5436fbe → pe:tls:SESSION-87edcc7df5436fbe
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-854a13cbd553e198:host:45.173.156.206	SESSION-854a13cbd553e198 → host:45.173.156.206
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e5a346c4f0315a5:host:177.10.235.171	SESSION-3e5a346c4f0315a5 → host:177.10.235.171
flow_observed4-aryOBS	e:fo:flow:1ed102356031	flow:1ed102356031 → host:172.234.197.23 → host:131.196.30.250 → port:tcp:57036
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1980da9de3362b69:host:177.10.239.74:host:172.234.197.23	SESSION-1980da9de3362b69 → host:177.10.239.74 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4066f36b6ded169d:SESSION-4066f36b6ded169d	SESSION-4066f36b6ded169d → pe:syn:SESSION-4066f36b6ded169d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ff9e556bf199706:host:172.234.197.23	SESSION-6ff9e556bf199706 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-38f74251dfc6c10a:host:172.234.197.23	SESSION-38f74251dfc6c10a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8fcd4a12026b870e:SESSION-8fcd4a12026b870e	SESSION-8fcd4a12026b870e → pe:syn:SESSION-8fcd4a12026b870e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9d43b9fecb8f031e:host:172.234.197.23:host:177.10.237.250	SESSION-9d43b9fecb8f031e → host:172.234.197.23 → host:177.10.237.250
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8e743a12f6a9d6a4:SESSION-8e743a12f6a9d6a4	SESSION-8e743a12f6a9d6a4 → pe:syn:SESSION-8e743a12f6a9d6a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b16231fef814b904:PCAP:capture_20260430110001:43611bdf6759	SESSION-b16231fef814b904 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:e02559d3bb27:port:tcp:443	flow:e02559d3bb27 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-380f5751cd3ba7da:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-380f5751cd3ba7da → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64a8af826dc81e59:host:172.234.197.23	SESSION-64a8af826dc81e59 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-af4f3fe4058b61ab:host:177.10.234.189	SESSION-af4f3fe4058b61ab → host:177.10.234.189
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-27f830f77ddb5dd1:SESSION-27f830f77ddb5dd1	SESSION-27f830f77ddb5dd1 → pe:syn:SESSION-27f830f77ddb5dd1
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.234:asn:262880	host:177.10.232.234 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-3efb69df0be27ca4:host:172.234.197.23	SESSION-3efb69df0be27ca4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-996af5414634114f:host:172.234.197.23	SESSION-996af5414634114f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e2b4854b4491f9b7:host:131.196.29.233	SESSION-e2b4854b4491f9b7 → host:131.196.29.233
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a705ce382fec48a:host:131.196.30.128	SESSION-2a705ce382fec48a → host:131.196.30.128
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f0bdeae27fd42a89:host:172.234.197.23:host:177.10.232.243	SESSION-f0bdeae27fd42a89 → host:172.234.197.23 → host:177.10.232.243
FLOW_TO_HOSTOBS	e:to:SESSION-d8b9309f53afd487:host:172.234.197.23	SESSION-d8b9309f53afd487 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.192:asn:203771	host:95.170.25.192 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e4d7008639203d5:host:172.234.197.23	SESSION-3e4d7008639203d5 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f130592ce1f7f0fb:host:172.234.197.23	SESSION-f130592ce1f7f0fb → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4d3ca4dbaf4c9647:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4d3ca4dbaf4c9647 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3186af5a0774c3b5:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-3186af5a0774c3b5 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb6fbeeb95cb61c8:host:172.234.197.23	SESSION-fb6fbeeb95cb61c8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5c562cec43ce89e:host:54.218.65.249	SESSION-c5c562cec43ce89e → host:54.218.65.249
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eb82ec2c88e573dc:flow:2aff54998db0	SESSION-eb82ec2c88e573dc → flow:2aff54998db0
FLOW_FROM_HOSTOBS	e:from:SESSION-19009ef53e5ab2ef:host:195.154.100.87	SESSION-19009ef53e5ab2ef → host:195.154.100.87
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7d1b2f476de49a99:flow:a9465144cfd4	SESSION-7d1b2f476de49a99 → flow:a9465144cfd4
FLOW_TO_HOSTOBS	e:to:SESSION-169e7d2007075619:host:172.234.197.23	SESSION-169e7d2007075619 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:69cea22f1850:port:tcp:35200	flow:69cea22f1850 → port:tcp:35200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b05aeaff4a071503:PCAP:capture_20260430150001:ded20914761d	SESSION-b05aeaff4a071503 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bfbb16ce344dac5c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-bfbb16ce344dac5c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98c12e77f111e64e:host:131.196.28.7	SESSION-98c12e77f111e64e → host:131.196.28.7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a07ffa981e156af1:flow:3580ed766290	SESSION-a07ffa981e156af1 → flow:3580ed766290
FLOW_DST_PORTOBS	e:fp:flow:fc35dfb5ba01:port:tcp:48669	flow:fc35dfb5ba01 → port:tcp:48669
FLOW_FROM_HOSTOBS	e:from:SESSION-cddd8421db4c97d9:host:177.10.237.169	SESSION-cddd8421db4c97d9 → host:177.10.237.169
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1dda0e3344468f76:SESSION-1dda0e3344468f76	SESSION-1dda0e3344468f76 → pe:syn:SESSION-1dda0e3344468f76
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-cc55eac4fb6ef554:BSG-DATA_EXFIL-a2c3ccafe21a	SESSION-cc55eac4fb6ef554 → BSG-DATA_EXFIL-a2c3ccafe21a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6aa2ce807ac3d210:host:172.234.197.23	SESSION-6aa2ce807ac3d210 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d083da2d95669221:host:177.10.237.63	SESSION-d083da2d95669221 → host:177.10.237.63
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.251:asn:262880	host:177.10.235.251 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0f20859a8cab5c7a:SESSION-0f20859a8cab5c7a	SESSION-0f20859a8cab5c7a → pe:tls:SESSION-0f20859a8cab5c7a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-53d75396bd30ce89:SESSION-53d75396bd30ce89	SESSION-53d75396bd30ce89 → pe:syn:SESSION-53d75396bd30ce89
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e57fbe39684f8bc8:host:177.10.236.108	SESSION-e57fbe39684f8bc8 → host:177.10.236.108
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9b95e1310dc4ff34:SESSION-9b95e1310dc4ff34	SESSION-9b95e1310dc4ff34 → pe:syn:SESSION-9b95e1310dc4ff34
FLOW_FROM_HOSTOBS	e:from:SESSION-51257a0fcd8d6a04:host:172.234.197.23	SESSION-51257a0fcd8d6a04 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f3d13cea2cf7dcee:host:177.10.236.195:host:172.234.197.23	SESSION-f3d13cea2cf7dcee → host:177.10.236.195 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a2000a0c75221682:host:172.234.197.23:host:177.10.236.117	SESSION-a2000a0c75221682 → host:172.234.197.23 → host:177.10.236.117
FLOW_FROM_HOSTOBS	e:from:SESSION-555dcb6965008cb6:host:172.234.197.23	SESSION-555dcb6965008cb6 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ae747b0389dd0111:flow:d0de0fae8f2a	SESSION-ae747b0389dd0111 → flow:d0de0fae8f2a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d2e29524ed5dcc05:PCAP:capture_20260430090001:065659c7d314	SESSION-d2e29524ed5dcc05 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-1530091b08a9906d:host:172.234.197.23	SESSION-1530091b08a9906d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e1b90ecadb949fa3:host:131.196.28.237	SESSION-e1b90ecadb949fa3 → host:131.196.28.237
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bcca913f927ee07e:flow:e9b114480d67	SESSION-bcca913f927ee07e → flow:e9b114480d67
FLOW_FROM_HOSTOBS	e:from:SESSION-139ea45d2e45809a:host:177.10.237.234	SESSION-139ea45d2e45809a → host:177.10.237.234
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d52597e88babdbe8:SESSION-d52597e88babdbe8	SESSION-d52597e88babdbe8 → pe:syn:SESSION-d52597e88babdbe8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-28106317c083449d:flow:36a71c0eb0ea	SESSION-28106317c083449d → flow:36a71c0eb0ea
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-576cc11ebde25a50:host:172.234.197.23	SESSION-576cc11ebde25a50 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:62a92a296f67	flow:62a92a296f67 → host:45.173.156.68 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-1d384de4bfeb31c0:host:172.234.197.23	SESSION-1d384de4bfeb31c0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dae67c02b176a3ce:PCAP:capture_20260430050001:8868731bf8a4	SESSION-dae67c02b176a3ce → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ade0b807fe10f93e:SESSION-ade0b807fe10f93e	SESSION-ade0b807fe10f93e → pe:syn:SESSION-ade0b807fe10f93e
flow_observed4-aryOBS	e:fo:flow:e5f6f0f6f709	flow:e5f6f0f6f709 → host:172.234.197.23 → host:131.196.28.12 → port:tcp:39793
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6c4ed0368ffe58f8:flow:5e785a603a1b	SESSION-6c4ed0368ffe58f8 → flow:5e785a603a1b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17fb8dd67040757e:host:177.10.233.63	SESSION-17fb8dd67040757e → host:177.10.233.63
flow_observed5-aryOBS	e:fo:flow:fdc8b0b4727e	flow:fdc8b0b4727e → host:45.145.152.15 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-418ea5f834fbfdc6:host:172.234.197.23:host:177.10.238.221	SESSION-418ea5f834fbfdc6 → host:172.234.197.23 → host:177.10.238.221
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bef335bbd7bd0f49:flow:5905fa7bc47f	SESSION-bef335bbd7bd0f49 → flow:5905fa7bc47f
FLOW_TO_HOSTOBS	e:to:SESSION-4385c2f73c2ee0db:host:172.234.197.23	SESSION-4385c2f73c2ee0db → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4933624db1b9ac84:flow:6c03c0136ad8	SESSION-4933624db1b9ac84 → flow:6c03c0136ad8
FLOW_TO_HOSTOBS	e:to:SESSION-7af80619f13211ba:host:172.234.197.23	SESSION-7af80619f13211ba → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ccc8e09e0181:port:tcp:443	flow:ccc8e09e0181 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3560085925cb3717:host:172.234.197.23	SESSION-3560085925cb3717 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f21759fa00584782:host:172.234.197.23	SESSION-f21759fa00584782 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:80741b638a66	flow:80741b638a66 → host:185.231.226.73 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:9d9c4818e854:port:tcp:443	flow:9d9c4818e854 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.222:geo_19.07480_72.88560	host:45.145.152.222 → geo_19.07480_72.88560
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc77084e1c24867c:host:177.10.234.103:host:172.234.197.23	SESSION-cc77084e1c24867c → host:177.10.234.103 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d618ae22306fa7b9:flow:b5281b6c31b7	SESSION-d618ae22306fa7b9 → flow:b5281b6c31b7
FLOW_TO_HOSTOBS	e:to:SESSION-0f20859a8cab5c7a:host:177.10.232.104	SESSION-0f20859a8cab5c7a → host:177.10.232.104
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ad62b54803b59875:host:45.173.156.85:host:172.234.197.23	SESSION-ad62b54803b59875 → host:45.173.156.85 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e074c277760af7b:host:131.196.29.140:host:172.234.197.23	SESSION-4e074c277760af7b → host:131.196.29.140 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a776552d0ac90a05:host:172.234.197.23	SESSION-a776552d0ac90a05 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:47394acbd284	flow:47394acbd284 → host:172.234.197.23 → host:131.196.28.231 → port:tcp:63083
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d077f88c61181481:host:177.10.238.179	SESSION-d077f88c61181481 → host:177.10.238.179
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7db2d3f3f113e007:host:177.10.238.44	SESSION-7db2d3f3f113e007 → host:177.10.238.44
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b223dcd1f64dfb9:host:131.196.29.235:host:172.234.197.23	SESSION-7b223dcd1f64dfb9 → host:131.196.29.235 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5278b2d1db18e971:host:177.10.233.17	SESSION-5278b2d1db18e971 → host:177.10.233.17
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.110:asn:273470	host:45.173.156.110 → asn:273470
flow_observed4-aryOBS	e:fo:flow:2ae2b6fb588d	flow:2ae2b6fb588d → host:172.234.197.23 → host:177.10.237.70 → port:tcp:63526
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c3cd15ae05af1e0a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c3cd15ae05af1e0a → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f953402fa48addf:host:172.234.197.23	SESSION-3f953402fa48addf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d87ad0ffb58b923c:host:177.10.235.42	SESSION-d87ad0ffb58b923c → host:177.10.235.42
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-333a850c89106bc0:SESSION-333a850c89106bc0	SESSION-333a850c89106bc0 → pe:syn:SESSION-333a850c89106bc0
FLOW_DST_PORTOBS	e:fp:flow:ced56e2b617e:port:tcp:443	flow:ced56e2b617e → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:649c06ee489b:port:tcp:9879	flow:649c06ee489b → port:tcp:9879
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.230:geo_-16.28860_-49.01640	host:177.10.234.230 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ced37932852de9e5:flow:fdf3c5552a29	SESSION-ced37932852de9e5 → flow:fdf3c5552a29
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-73ce8b7b43538e4e:BSG-BEACON-f5e7c8616dbf	SESSION-73ce8b7b43538e4e → BSG-BEACON-f5e7c8616dbf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db5e0e0456a4bec1:SESSION-db5e0e0456a4bec1	SESSION-db5e0e0456a4bec1 → pe:syn:SESSION-db5e0e0456a4bec1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.76:geo_-21.10010_-41.69200	host:45.173.156.76 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-848626bce2ee7b76:SESSION-848626bce2ee7b76	SESSION-848626bce2ee7b76 → pe:tls:SESSION-848626bce2ee7b76
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.130:asn:271410	host:131.196.29.130 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1b3b25682727ca52:host:172.234.197.23:host:45.173.156.18	SESSION-1b3b25682727ca52 → host:172.234.197.23 → host:45.173.156.18
FLOW_FROM_HOSTOBS	e:from:SESSION-f8c973292e4e10a2:host:172.234.197.23	SESSION-f8c973292e4e10a2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1328d27dd48f8a49:host:95.135.228.39	SESSION-1328d27dd48f8a49 → host:95.135.228.39
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-99de4fcd637901fc:host:177.10.239.59:host:172.234.197.23	SESSION-99de4fcd637901fc → host:177.10.239.59 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-877b851a45681e10:host:172.234.197.23	SESSION-877b851a45681e10 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3e63df49f560	flow:3e63df49f560 → host:177.10.235.39 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.143:geo_-16.28860_-49.01640	host:177.10.232.143 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-ea53a00807c951b5:host:172.232.0.17	SESSION-ea53a00807c951b5 → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-605176cb8a71c0f4:SESSION-605176cb8a71c0f4	SESSION-605176cb8a71c0f4 → pe:syn:SESSION-605176cb8a71c0f4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.139:asn:262880	host:177.10.237.139 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.227:geo_-16.28860_-49.01640	host:177.10.238.227 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-b5c7330336192768:host:172.234.197.23	SESSION-b5c7330336192768 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-59e3e2edbc9b18fa:flow:ab35e02bcb20	SESSION-59e3e2edbc9b18fa → flow:ab35e02bcb20
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b578cd49b856e8a0:SESSION-b578cd49b856e8a0	SESSION-b578cd49b856e8a0 → pe:tls:SESSION-b578cd49b856e8a0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6617d8dfad1357d9:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6617d8dfad1357d9 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-403d8f142c86493c:SESSION-403d8f142c86493c	SESSION-403d8f142c86493c → pe:syn:SESSION-403d8f142c86493c
FLOW_DST_PORTOBS	e:fp:flow:cc88089c31a5:port:tcp:33892	flow:cc88089c31a5 → port:tcp:33892
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-25e11e259146e3a2:flow:095f374ac2cc	SESSION-25e11e259146e3a2 → flow:095f374ac2cc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f06d97c7ac4f577b:flow:f8ad8461587d	SESSION-f06d97c7ac4f577b → flow:f8ad8461587d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2bb4f19f005244d2:host:131.196.28.163	SESSION-2bb4f19f005244d2 → host:131.196.28.163
FLOW_DST_PORTOBS	e:fp:flow:f55e3eaa0043:port:tcp:443	flow:f55e3eaa0043 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb0638f1774736d1:SESSION-cb0638f1774736d1	SESSION-cb0638f1774736d1 → pe:tls:SESSION-cb0638f1774736d1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e7ad62492e870e2b:SESSION-e7ad62492e870e2b	SESSION-e7ad62492e870e2b → pe:tls:SESSION-e7ad62492e870e2b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-036bdbf16af23428:host:177.10.237.160	SESSION-036bdbf16af23428 → host:177.10.237.160
FLOW_DST_PORTOBS	e:fp:flow:b5770b374496:port:tcp:443	flow:b5770b374496 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bce308e5c94583d6:flow:3c1aab944236	SESSION-bce308e5c94583d6 → flow:3c1aab944236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6a936b4b3a73fb0c:SESSION-6a936b4b3a73fb0c	SESSION-6a936b4b3a73fb0c → pe:syn:SESSION-6a936b4b3a73fb0c
FLOW_TO_HOSTOBS	e:to:SESSION-0c0cdf691d2bdc12:host:172.234.197.23	SESSION-0c0cdf691d2bdc12 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8fb17d6554827f30:host:172.234.197.23	SESSION-8fb17d6554827f30 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-60281e53e47bfb2b:host:172.234.197.23	SESSION-60281e53e47bfb2b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5b7d005fcddd05eb:host:172.234.197.23	SESSION-5b7d005fcddd05eb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c83cde1dbe634e7:host:177.10.238.172	SESSION-5c83cde1dbe634e7 → host:177.10.238.172
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d811160d7459a4b2:SESSION-d811160d7459a4b2	SESSION-d811160d7459a4b2 → pe:tls:SESSION-d811160d7459a4b2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-74fa9a10a5811b00:host:172.234.197.23:host:177.10.234.22	SESSION-74fa9a10a5811b00 → host:172.234.197.23 → host:177.10.234.22
FLOW_FROM_HOSTOBS	e:from:SESSION-96ad3251c1ecb855:host:172.234.197.23	SESSION-96ad3251c1ecb855 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:305d5fed5670:port:tcp:443	flow:305d5fed5670 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab1dfc7616ca079a:host:177.10.234.32	SESSION-ab1dfc7616ca079a → host:177.10.234.32
FLOW_DST_PORTOBS	e:fp:flow:23a083c73ae6:port:tcp:443	flow:23a083c73ae6 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-69461a2f3e15a448:host:185.231.226.242:host:172.234.197.23	SESSION-69461a2f3e15a448 → host:185.231.226.242 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2b2ef1696b4c4f00:SESSION-2b2ef1696b4c4f00	SESSION-2b2ef1696b4c4f00 → pe:tls:SESSION-2b2ef1696b4c4f00
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3dc32d1b123f77b5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3dc32d1b123f77b5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-609fd31f908d95c5:PCAP:capture_20260430090001:065659c7d314	SESSION-609fd31f908d95c5 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3cd6c8dc824ee14d:host:177.10.234.137:host:172.234.197.23	SESSION-3cd6c8dc824ee14d → host:177.10.234.137 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b07a5e743a2061fa:SESSION-b07a5e743a2061fa	SESSION-b07a5e743a2061fa → pe:syn:SESSION-b07a5e743a2061fa
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-412d8e92812f4ea2:flow:2fb82c7d6bf2	SESSION-412d8e92812f4ea2 → flow:2fb82c7d6bf2
FLOW_DST_PORTOBS	e:fp:flow:497792193906:port:tcp:443	flow:497792193906 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f7b35d3dad632382:SESSION-f7b35d3dad632382	SESSION-f7b35d3dad632382 → pe:tls:SESSION-f7b35d3dad632382
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb9766ebe449a845:host:95.170.25.5	SESSION-bb9766ebe449a845 → host:95.170.25.5
flow_observed4-aryOBS	e:fo:flow:0def00f66cf6	flow:0def00f66cf6 → host:172.234.197.23 → host:45.173.156.56 → port:tcp:15667
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cbb8d1d16f40477:host:172.234.197.23	SESSION-6cbb8d1d16f40477 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a5292197f57e4263:flow:8720474b83a3	SESSION-a5292197f57e4263 → flow:8720474b83a3
flow_observed4-aryOBS	e:fo:flow:8df67b08eebb	flow:8df67b08eebb → host:172.234.197.23 → host:177.10.239.199 → port:tcp:38216
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa372e44ee6fb3e7:PCAP:capture_20260430160001:9bfa4498506a	SESSION-aa372e44ee6fb3e7 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-721df94622c41f42:SESSION-721df94622c41f42	SESSION-721df94622c41f42 → pe:tls:SESSION-721df94622c41f42
flow_observed5-aryOBS	e:fo:flow:36a71c0eb0ea	flow:36a71c0eb0ea → host:131.196.30.184 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-886f0e6ca4ba19c9:host:172.234.197.23	SESSION-886f0e6ca4ba19c9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.125:asn:262880	host:177.10.236.125 → asn:262880
flow_observed5-aryOBS	e:fo:flow:91da1e04ec80	flow:91da1e04ec80 → host:131.196.29.90 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-24bd61df75bf4426:host:172.234.197.23	SESSION-24bd61df75bf4426 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.90:geo_-16.28860_-49.01640	host:177.10.233.90 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4b1418ed7a7a9f3:host:172.234.197.23	SESSION-a4b1418ed7a7a9f3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:faeeb2dca72c:port:tcp:443	flow:faeeb2dca72c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ac2cef9f7dcbf562:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ac2cef9f7dcbf562 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3e1df474445c908f:PCAP:capture_20260430150001:ded20914761d	SESSION-3e1df474445c908f → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.99:geo_-16.28860_-49.01640	host:177.10.234.99 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:60519bb0000c	flow:60519bb0000c → host:45.145.152.245 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_FROM_HOSTOBS	e:from:SESSION-2e85a67565660f7c:host:172.234.197.23	SESSION-2e85a67565660f7c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-807885e153f56a02:host:177.10.238.164	SESSION-807885e153f56a02 → host:177.10.238.164
FLOW_DST_PORTOBS	e:fp:flow:b1c5da0364bd:port:tcp:2604	flow:b1c5da0364bd → port:tcp:2604
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a29ca5d80bc122d0:SESSION-a29ca5d80bc122d0	SESSION-a29ca5d80bc122d0 → pe:tls:SESSION-a29ca5d80bc122d0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d290f0be98eecddb:host:172.234.197.23	SESSION-d290f0be98eecddb → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d1191e0b24f1d121:host:172.234.197.23	SESSION-d1191e0b24f1d121 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4aa43b0ccd10448e:host:172.234.197.23	SESSION-4aa43b0ccd10448e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a20fc4ba13bfca4:host:172.234.197.23	SESSION-8a20fc4ba13bfca4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9beff4b34540729:host:172.234.197.23	SESSION-a9beff4b34540729 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-22f2328c9f1b641e:flow:c39df8f0b3ff	SESSION-22f2328c9f1b641e → flow:c39df8f0b3ff
flow_observed5-aryOBS	e:fo:flow:ae05db972f47	flow:ae05db972f47 → host:45.173.156.162 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc060cc400f18b5d:SESSION-cc060cc400f18b5d	SESSION-cc060cc400f18b5d → pe:syn:SESSION-cc060cc400f18b5d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-099b4106de78317b:SESSION-099b4106de78317b	SESSION-099b4106de78317b → pe:tls:SESSION-099b4106de78317b
flow_observed5-aryOBS	e:fo:flow:4ef16227b924	flow:4ef16227b924 → host:177.10.238.218 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-8f1e08bfeea32aa0:host:177.10.236.27	SESSION-8f1e08bfeea32aa0 → host:177.10.236.27
FLOW_DST_PORTOBS	e:fp:flow:bc6e4eea3acb:port:tcp:39874	flow:bc6e4eea3acb → port:tcp:39874
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e63bd10e327c33f1:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e63bd10e327c33f1 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-07775d37dba558b0:SESSION-07775d37dba558b0	SESSION-07775d37dba558b0 → pe:syn:SESSION-07775d37dba558b0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-997b652ef378c5d4:PCAP:capture_20260430160001:9bfa4498506a	SESSION-997b652ef378c5d4 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1d2ea88f589d3294:SESSION-1d2ea88f589d3294	SESSION-1d2ea88f589d3294 → pe:tls:SESSION-1d2ea88f589d3294
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-791eac8e49df4e5d:PCAP:capture_20260430150001:ded20914761d	SESSION-791eac8e49df4e5d → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-28e21153f6abb648:SESSION-28e21153f6abb648	SESSION-28e21153f6abb648 → pe:syn:SESSION-28e21153f6abb648
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a8694ae6f41e5eb8:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a8694ae6f41e5eb8 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-4c0ceaca72bbee92:host:172.234.197.23	SESSION-4c0ceaca72bbee92 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bee309b4d5047c7d:SESSION-bee309b4d5047c7d	SESSION-bee309b4d5047c7d → pe:tls:SESSION-bee309b4d5047c7d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8b9d154eee5d788:PCAP:capture_20260430150001:ded20914761d	SESSION-c8b9d154eee5d788 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0caa41ae62241956:SESSION-0caa41ae62241956	SESSION-0caa41ae62241956 → pe:syn:SESSION-0caa41ae62241956
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e034fcb399102895:host:172.234.197.23	SESSION-e034fcb399102895 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8417b06622c43718:flow:99660646d967	SESSION-8417b06622c43718 → flow:99660646d967
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c615690895f6d3c9:host:172.234.197.23:host:177.10.239.127	SESSION-c615690895f6d3c9 → host:172.234.197.23 → host:177.10.239.127
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-01716d55cf2099e5:SESSION-01716d55cf2099e5	SESSION-01716d55cf2099e5 → pe:tls:SESSION-01716d55cf2099e5
FLOW_FROM_HOSTOBS	e:from:SESSION-52edfb1e7fe307be:host:177.10.239.99	SESSION-52edfb1e7fe307be → host:177.10.239.99
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fb9800c0b594ef9b:host:177.10.232.124:host:172.234.197.23	SESSION-fb9800c0b594ef9b → host:177.10.232.124 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c36a1f3b5aad9a99:host:177.10.232.247:host:172.234.197.23	SESSION-c36a1f3b5aad9a99 → host:177.10.232.247 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ba981a6eb39461c8:SESSION-ba981a6eb39461c8	SESSION-ba981a6eb39461c8 → pe:syn:SESSION-ba981a6eb39461c8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d5b56d4198adefd3:flow:a4af85982524	SESSION-d5b56d4198adefd3 → flow:a4af85982524
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4002f150bb6dd768:SESSION-4002f150bb6dd768	SESSION-4002f150bb6dd768 → pe:syn:SESSION-4002f150bb6dd768
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1ca1108b3f9fffc:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-d1ca1108b3f9fffc → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed5-aryOBS	e:fo:flow:05d2df524e4e	flow:05d2df524e4e → host:177.10.234.178 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ff9e39cb371b24f:SESSION-1ff9e39cb371b24f	SESSION-1ff9e39cb371b24f → pe:tls:SESSION-1ff9e39cb371b24f
FLOW_FROM_HOSTOBS	e:from:SESSION-5f07a2dad0dfb354:host:177.10.235.43	SESSION-5f07a2dad0dfb354 → host:177.10.235.43
flow_observed5-aryOBS	e:fo:flow:d80cf89ab1c3	flow:d80cf89ab1c3 → host:131.196.29.129 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-9ce76aef4cf62c0f:host:177.10.238.16	SESSION-9ce76aef4cf62c0f → host:177.10.238.16
FLOW_TO_HOSTOBS	e:to:SESSION-9500d9b64493d052:host:172.234.197.23	SESSION-9500d9b64493d052 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e8f7d68f255e7d9c:PCAP:capture_20260430090001:065659c7d314	SESSION-e8f7d68f255e7d9c → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.153:asn:262880	host:177.10.232.153 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-66dcd1fd6d28b07f:host:172.234.197.23:host:177.10.233.231	SESSION-66dcd1fd6d28b07f → host:172.234.197.23 → host:177.10.233.231
FLOW_DST_PORTOBS	e:fp:flow:d23d429ef386:port:tcp:443	flow:d23d429ef386 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-f6588417d002f2ed:host:172.234.197.23	SESSION-f6588417d002f2ed → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-05f783d5d2ea4019:SESSION-05f783d5d2ea4019	SESSION-05f783d5d2ea4019 → pe:tls:SESSION-05f783d5d2ea4019
FLOW_FROM_HOSTOBS	e:from:SESSION-c3d488fa50a25e1f:host:45.173.156.253	SESSION-c3d488fa50a25e1f → host:45.173.156.253
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37451ceb7f45e2a3:host:172.234.197.23	SESSION-37451ceb7f45e2a3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-73ad5b34385541ce:host:172.234.197.23:host:131.196.30.67	SESSION-73ad5b34385541ce → host:172.234.197.23 → host:131.196.30.67
FLOW_TO_HOSTOBS	e:to:SESSION-6372f3e6dae2e87f:host:172.234.197.23	SESSION-6372f3e6dae2e87f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b35aac65e648dac0:SESSION-b35aac65e648dac0	SESSION-b35aac65e648dac0 → pe:syn:SESSION-b35aac65e648dac0
flow_observed5-aryOBS	e:fo:flow:751e2322b01d	flow:751e2322b01d → host:131.196.30.102 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:9609b976f9f0	flow:9609b976f9f0 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-95229bbdec6f8a74:flow:ae9086787421	SESSION-95229bbdec6f8a74 → flow:ae9086787421
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-33916bd4dadd0440:flow:8b5bbd34f82c	SESSION-33916bd4dadd0440 → flow:8b5bbd34f82c
FLOW_TO_HOSTOBS	e:to:SESSION-94f17b7b7397155e:host:172.234.197.23	SESSION-94f17b7b7397155e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:363bdedaf2aa	flow:363bdedaf2aa → host:177.10.238.157 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:19232473d33a:port:tcp:443	flow:19232473d33a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-714dd24b305adb19:host:172.234.197.23	SESSION-714dd24b305adb19 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-23deab886ec517b0:flow:12c80080048e	SESSION-23deab886ec517b0 → flow:12c80080048e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ae017ce34991ed1:flow:a22b3b3a0e3f	SESSION-5ae017ce34991ed1 → flow:a22b3b3a0e3f
FLOW_TO_HOSTOBS	e:to:SESSION-1d2ea88f589d3294:host:172.234.197.23	SESSION-1d2ea88f589d3294 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e47cd7d3b6c5e00d:SESSION-e47cd7d3b6c5e00d	SESSION-e47cd7d3b6c5e00d → pe:tls:SESSION-e47cd7d3b6c5e00d
flow_observed4-aryOBS	e:fo:flow:d599caa8fe55	flow:d599caa8fe55 → host:172.234.197.23 → host:177.10.232.226 → port:tcp:42717
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-14d5e1e17a6f21ad:flow:4832bd407d6b	SESSION-14d5e1e17a6f21ad → flow:4832bd407d6b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eb82ec2c88e573dc:host:172.234.197.23:host:177.10.236.239	SESSION-eb82ec2c88e573dc → host:172.234.197.23 → host:177.10.236.239
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.39:geo_-16.28860_-49.01640	host:177.10.235.39 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:56.155.73.64:geo_34.69300_135.50050	host:56.155.73.64 → geo_34.69300_135.50050
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-969e64e33723c991:host:45.173.156.33	SESSION-969e64e33723c991 → host:45.173.156.33
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8e3933798ce80a4c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8e3933798ce80a4c → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-9501d29cea91bd7b:host:172.234.197.23	SESSION-9501d29cea91bd7b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1870bc27b62a60a2:host:172.234.197.23:host:177.10.234.186	SESSION-1870bc27b62a60a2 → host:172.234.197.23 → host:177.10.234.186
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-efcc1618f79daeb7:SESSION-efcc1618f79daeb7	SESSION-efcc1618f79daeb7 → pe:syn:SESSION-efcc1618f79daeb7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fd8832d374e053cc:SESSION-fd8832d374e053cc	SESSION-fd8832d374e053cc → pe:syn:SESSION-fd8832d374e053cc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa0381bae4f9498b:host:177.10.239.68:host:172.234.197.23	SESSION-aa0381bae4f9498b → host:177.10.239.68 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-06c7d2e525939bdd:SESSION-06c7d2e525939bdd	SESSION-06c7d2e525939bdd → pe:tls:SESSION-06c7d2e525939bdd
FLOW_DST_PORTOBS	e:fp:flow:a54cfd642968:port:tcp:37545	flow:a54cfd642968 → port:tcp:37545
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-16a7442acd9adfae:flow:744c88bd6df1	SESSION-16a7442acd9adfae → flow:744c88bd6df1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f355ffd88e7f5027:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f355ffd88e7f5027 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-971b25349fba9c5b:host:45.173.156.38:host:172.234.197.23	SESSION-971b25349fba9c5b → host:45.173.156.38 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37c1a586e90e7a3b:PCAP:capture_20260430150001:ded20914761d	SESSION-37c1a586e90e7a3b → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-af315627d236ddd5:PCAP:capture_20260430080001:93f47cc296a4	SESSION-af315627d236ddd5 → PCAP:capture_20260430080001:93f47cc296a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.191:geo_-16.28860_-49.01640	host:177.10.232.191 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-8a1214f59f834d98:host:131.196.29.156	SESSION-8a1214f59f834d98 → host:131.196.29.156
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39adf49608796443:host:172.234.197.23	SESSION-39adf49608796443 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-72a654eac2136215:host:172.234.197.23	SESSION-72a654eac2136215 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e2e801b5fdfc:port:tcp:443	flow:e2e801b5fdfc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c1947a05c179b1d2:SESSION-c1947a05c179b1d2	SESSION-c1947a05c179b1d2 → pe:syn:SESSION-c1947a05c179b1d2
FLOW_TO_HOSTOBS	e:to:SESSION-361b290e75b75885:host:177.10.233.63	SESSION-361b290e75b75885 → host:177.10.233.63
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8c18109925f9685a:SESSION-8c18109925f9685a	SESSION-8c18109925f9685a → pe:tls:SESSION-8c18109925f9685a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d77475f82108632b:host:131.196.31.86	SESSION-d77475f82108632b → host:131.196.31.86
flow_observed4-aryOBS	e:fo:flow:477f274d387f	flow:477f274d387f → host:172.234.197.23 → host:177.10.239.189 → port:tcp:41330
FLOW_DST_PORTOBS	e:fp:flow:d1fc1a294ea3:port:tcp:443	flow:d1fc1a294ea3 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:67558caa7d6b	flow:67558caa7d6b → host:177.10.235.251 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:28d075338728	flow:28d075338728 → host:93.119.5.133 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-84a1a640eb0d0e14:flow:e4fb1419a413	SESSION-84a1a640eb0d0e14 → flow:e4fb1419a413
FLOW_TO_HOSTOBS	e:to:SESSION-2df4632ec7c2c624:host:172.234.197.23	SESSION-2df4632ec7c2c624 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8154aa40ebb8:port:tcp:443	flow:8154aa40ebb8 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.191:geo_-16.28860_-49.01640	host:177.10.236.191 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4d673ded8fa5efc5:flow:8a957b04bd86	SESSION-4d673ded8fa5efc5 → flow:8a957b04bd86
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-168a40fae7c0f56d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-168a40fae7c0f56d → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-6af89b3798eaaf52:host:131.196.31.196	SESSION-6af89b3798eaaf52 → host:131.196.31.196
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5a7a08ae566a4a8b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5a7a08ae566a4a8b → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-de1a59c6958513ff:SESSION-de1a59c6958513ff	SESSION-de1a59c6958513ff → pe:syn:SESSION-de1a59c6958513ff
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-381a0e70ba36b75c:PCAP:capture_20260430160001:9bfa4498506a	SESSION-381a0e70ba36b75c → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-94eb707cf5b0b4ef:host:172.234.197.23	SESSION-94eb707cf5b0b4ef → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eaae06fce38c131f:PCAP:capture_20260430070001:903a0e7a436b	SESSION-eaae06fce38c131f → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-230e735532621bd7:host:45.173.156.31:host:172.234.197.23	SESSION-230e735532621bd7 → host:45.173.156.31 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cd1b98a612532c8e:flow:41b84374eed5	SESSION-cd1b98a612532c8e → flow:41b84374eed5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ebb29f0c8a91fe62:host:172.234.197.23	SESSION-ebb29f0c8a91fe62 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-019d89e6bcaa6e4e:SESSION-019d89e6bcaa6e4e	SESSION-019d89e6bcaa6e4e → pe:tls:SESSION-019d89e6bcaa6e4e
FLOW_DST_PORTOBS	e:fp:flow:8da860531fda:port:tcp:443	flow:8da860531fda → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:f1fbed100f42:port:tcp:443	flow:f1fbed100f42 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a88c1288033e7cc:host:45.173.156.48	SESSION-0a88c1288033e7cc → host:45.173.156.48
FLOW_FROM_HOSTOBS	e:from:SESSION-0c01d0fd13ba220b:host:177.10.239.224	SESSION-0c01d0fd13ba220b → host:177.10.239.224
FLOW_TO_HOSTOBS	e:to:SESSION-2625cb17cae199d1:host:177.10.239.71	SESSION-2625cb17cae199d1 → host:177.10.239.71
FLOW_FROM_HOSTOBS	e:from:SESSION-110ce59a2a29ac0c:host:34.231.77.232	SESSION-110ce59a2a29ac0c → host:34.231.77.232
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-198cd8f9bb6f8909:SESSION-198cd8f9bb6f8909	SESSION-198cd8f9bb6f8909 → pe:syn:SESSION-198cd8f9bb6f8909
FLOW_DST_PORTOBS	e:fp:flow:cc6ee1599869:port:tcp:443	flow:cc6ee1599869 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d3ca4dbaf4c9647:host:51.161.119.157	SESSION-4d3ca4dbaf4c9647 → host:51.161.119.157
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68c9571f275cd182:flow:c79982b91957	SESSION-68c9571f275cd182 → flow:c79982b91957
flow_observed5-aryOBS	e:fo:flow:509b2796b80a	flow:509b2796b80a → host:177.10.238.1 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:414b20fd0e30:port:tcp:59207	flow:414b20fd0e30 → port:tcp:59207
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eaf9de21464647a2:SESSION-eaf9de21464647a2	SESSION-eaf9de21464647a2 → pe:tls:SESSION-eaf9de21464647a2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6af0fd134ffb330e:SESSION-6af0fd134ffb330e	SESSION-6af0fd134ffb330e → pe:tls:SESSION-6af0fd134ffb330e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f56538a064e25a46:SESSION-f56538a064e25a46	SESSION-f56538a064e25a46 → pe:tls:SESSION-f56538a064e25a46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5498d903f3b2d41:host:172.234.197.23	SESSION-b5498d903f3b2d41 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b8f12ada0f88f122:flow:07535cfd3b72	SESSION-b8f12ada0f88f122 → flow:07535cfd3b72
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.46:geo_-16.28860_-49.01640	host:177.10.232.46 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5643c60889fe0da:host:172.234.197.23	SESSION-a5643c60889fe0da → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e7e52183ef313b6a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e7e52183ef313b6a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:9c17a698ce22	flow:9c17a698ce22 → host:172.234.197.23 → host:177.10.232.168 → port:tcp:50353
flow_observed5-aryOBS	e:fo:flow:2f76408fd599	flow:2f76408fd599 → host:131.196.31.167 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:26b0ffc32b11	flow:26b0ffc32b11 → host:177.10.239.109 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-06a6b67473c48ddd:SESSION-06a6b67473c48ddd	SESSION-06a6b67473c48ddd → pe:syn:SESSION-06a6b67473c48ddd
FLOW_DST_PORTOBS	e:fp:flow:a81beaceca4d:port:tcp:443	flow:a81beaceca4d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b4af85088cb1b366:SESSION-b4af85088cb1b366	SESSION-b4af85088cb1b366 → pe:syn:SESSION-b4af85088cb1b366
flow_observed5-aryOBS	e:fo:flow:c1343c478a41	flow:c1343c478a41 → host:177.10.235.169 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9ed5696d63c7b154:flow:7c92c15e1e64	SESSION-9ed5696d63c7b154 → flow:7c92c15e1e64
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f951b8fc6e0dd11c:flow:5cf23b9905c6	SESSION-f951b8fc6e0dd11c → flow:5cf23b9905c6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.100:geo_-23.62930_-46.63510	host:131.196.31.100 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b209515fa806d4a:host:172.234.197.23	SESSION-9b209515fa806d4a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51cdac11b30f43cf:host:177.10.235.170	SESSION-51cdac11b30f43cf → host:177.10.235.170
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5a1525d7a099ba42:SESSION-5a1525d7a099ba42	SESSION-5a1525d7a099ba42 → pe:syn:SESSION-5a1525d7a099ba42
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dfde0f74dbe81c3a:host:172.234.197.23	SESSION-dfde0f74dbe81c3a → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.186:asn:271410	host:131.196.30.186 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-079c82b45cfad420:host:177.10.237.169	SESSION-079c82b45cfad420 → host:177.10.237.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff0c6bdae7c0fa78:host:172.234.197.23	SESSION-ff0c6bdae7c0fa78 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4bcb34449111b6ae:host:177.10.235.61	SESSION-4bcb34449111b6ae → host:177.10.235.61
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-375dced119266894:host:172.234.197.23:host:177.10.235.46	SESSION-375dced119266894 → host:172.234.197.23 → host:177.10.235.46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ba642a19e1a643ce:host:177.10.239.70	SESSION-ba642a19e1a643ce → host:177.10.239.70
FLOW_DST_PORTOBS	e:fp:flow:160f1437aa00:port:tcp:80	flow:160f1437aa00 → port:tcp:80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8c1a20baa14a0758:flow:cd42884691eb	SESSION-8c1a20baa14a0758 → flow:cd42884691eb
FLOW_DST_PORTOBS	e:fp:flow:a30010932181:port:tcp:41667	flow:a30010932181 → port:tcp:41667
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-946275ea323f6900:host:131.196.29.123	SESSION-946275ea323f6900 → host:131.196.29.123
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-88c19910e1cb1242:flow:ff650bf65086	SESSION-88c19910e1cb1242 → flow:ff650bf65086
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf00afe8057eb986:flow:32c017fb3195	SESSION-bf00afe8057eb986 → flow:32c017fb3195
FLOW_FROM_HOSTOBS	e:from:SESSION-280b0d78f93705fd:host:93.119.5.133	SESSION-280b0d78f93705fd → host:93.119.5.133
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.10:asn:262880	host:177.10.232.10 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e87421895e57790a:host:177.10.238.237	SESSION-e87421895e57790a → host:177.10.238.237
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9d43b9fecb8f031e:SESSION-9d43b9fecb8f031e	SESSION-9d43b9fecb8f031e → pe:syn:SESSION-9d43b9fecb8f031e
FLOW_DST_PORTOBS	e:fp:flow:e3edff7df072:port:tcp:443	flow:e3edff7df072 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:c7fe82c435bb:port:tcp:16276	flow:c7fe82c435bb → port:tcp:16276
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-40e0d0b129f437fd:SESSION-40e0d0b129f437fd	SESSION-40e0d0b129f437fd → pe:tls:SESSION-40e0d0b129f437fd
FLOW_TO_HOSTOBS	e:to:SESSION-1ca00666a1b5cdae:host:177.10.233.137	SESSION-1ca00666a1b5cdae → host:177.10.233.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a9042bd9c6a81d17:SESSION-a9042bd9c6a81d17	SESSION-a9042bd9c6a81d17 → pe:tls:SESSION-a9042bd9c6a81d17
FLOW_FROM_HOSTOBS	e:from:SESSION-bf8f9827f106db93:host:172.234.197.23	SESSION-bf8f9827f106db93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fdceaf69f291402:host:172.234.197.23	SESSION-3fdceaf69f291402 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.169:asn:262880	host:177.10.236.169 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:747e8242c360:port:tcp:5487	flow:747e8242c360 → port:tcp:5487
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dd58ba429e3d894b:host:172.234.197.23:host:131.196.28.174	SESSION-dd58ba429e3d894b → host:172.234.197.23 → host:131.196.28.174
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a8c913718f2ecd3:host:172.232.0.16	SESSION-9a8c913718f2ecd3 → host:172.232.0.16
flow_observed5-aryOBS	e:fo:flow:0148015f0be7	flow:0148015f0be7 → host:177.10.237.158 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d00c2356d94b56a1:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d00c2356d94b56a1 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-500f03715884566d:host:177.10.233.11:host:172.234.197.23	SESSION-500f03715884566d → host:177.10.233.11 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-71cb82af8f37b35d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-71cb82af8f37b35d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.146:asn:262880	host:177.10.236.146 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-be24a8e57194faf0:host:172.234.197.23	SESSION-be24a8e57194faf0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c15ada1b10271eef:SESSION-c15ada1b10271eef	SESSION-c15ada1b10271eef → pe:syn:SESSION-c15ada1b10271eef
FLOW_FROM_HOSTOBS	e:from:SESSION-838eea3d6dd669fd:host:131.196.30.92	SESSION-838eea3d6dd669fd → host:131.196.30.92
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.220:asn:262880	host:177.10.239.220 → asn:262880
flow_observed5-aryOBS	e:fo:flow:2428c7c3e3d6	flow:2428c7c3e3d6 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-10ba6936b0af1959:host:172.234.197.23:host:131.196.31.238	SESSION-10ba6936b0af1959 → host:172.234.197.23 → host:131.196.31.238
HOST_IN_ASNOBS 85%	e:ha:host:172.93.100.236:asn:23470	host:172.93.100.236 → asn:23470
FLOW_DST_PORTOBS	e:fp:flow:33a86ba2b575:port:tcp:443	flow:33a86ba2b575 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-89c2fe6aad8232be:SESSION-89c2fe6aad8232be	SESSION-89c2fe6aad8232be → pe:syn:SESSION-89c2fe6aad8232be
FLOW_TO_HOSTOBS	e:to:SESSION-8327be02acf872a5:host:172.234.197.23	SESSION-8327be02acf872a5 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8722ec6291f0	flow:8722ec6291f0 → host:177.10.232.165 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-0482212efb1d2581:host:172.234.197.23	SESSION-0482212efb1d2581 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3e583d09be0235fc:PCAP:capture_20260428020001:ce87acd1c162	SESSION-3e583d09be0235fc → PCAP:capture_20260428020001:ce87acd1c162
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b84527735a90d253:host:172.234.197.23	SESSION-b84527735a90d253 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-affea3171060a6d3:host:177.10.239.207	SESSION-affea3171060a6d3 → host:177.10.239.207
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5c3d3f3d87b7f1a0:PCAP:capture_20260430070001:903a0e7a436b	SESSION-5c3d3f3d87b7f1a0 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:a26eb909c0b2:port:tcp:443	flow:a26eb909c0b2 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-27b5dd82e2b65bbd:host:177.10.239.167:host:172.234.197.23	SESSION-27b5dd82e2b65bbd → host:177.10.239.167 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:509ed4d5dc46:port:tcp:8438	flow:509ed4d5dc46 → port:tcp:8438
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e6238265b6cc9ea0:flow:15af48869be8	SESSION-e6238265b6cc9ea0 → flow:15af48869be8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-174e61a8ff8b9c0e:host:172.234.197.23	SESSION-174e61a8ff8b9c0e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad62b54803b59875:host:45.173.156.85	SESSION-ad62b54803b59875 → host:45.173.156.85
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd108cc47984c911:host:172.234.197.23	SESSION-dd108cc47984c911 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a1375745ca86fe64:SESSION-a1375745ca86fe64	SESSION-a1375745ca86fe64 → pe:tls:SESSION-a1375745ca86fe64
flow_observed5-aryOBS	e:fo:flow:8427af739fb5	flow:8427af739fb5 → host:177.10.232.152 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-14b61e43a384fdb4:host:172.234.197.23	SESSION-14b61e43a384fdb4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b51c77a005c8dfc8:host:177.10.233.231:host:172.234.197.23	SESSION-b51c77a005c8dfc8 → host:177.10.233.231 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:93dc34757c1c:port:tcp:443	flow:93dc34757c1c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6667ca1b9f8ba8d1:SESSION-6667ca1b9f8ba8d1	SESSION-6667ca1b9f8ba8d1 → pe:syn:SESSION-6667ca1b9f8ba8d1
flow_observed5-aryOBS	e:fo:flow:61b1a3ff21d8	flow:61b1a3ff21d8 → host:131.196.29.217 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:4b4999df1225:port:tcp:25824	flow:4b4999df1225 → port:tcp:25824
FLOW_FROM_HOSTOBS	e:from:SESSION-3fa41b89da3fc0a6:host:172.234.197.23	SESSION-3fa41b89da3fc0a6 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.163:geo_-23.62930_-46.63510	host:131.196.31.163 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb3e7e97aa8c76e6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cb3e7e97aa8c76e6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:eb26a1b8e4cd	flow:eb26a1b8e4cd → host:172.234.197.23 → host:177.10.236.138 → port:tcp:49643
FLOW_TO_HOSTOBS	e:to:SESSION-0e6517dadbfe4bb3:host:131.196.29.74	SESSION-0e6517dadbfe4bb3 → host:131.196.29.74
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bc57d45d1a1b2f7b:SESSION-bc57d45d1a1b2f7b	SESSION-bc57d45d1a1b2f7b → pe:tls:SESSION-bc57d45d1a1b2f7b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ef002e94e1d9ac81:SESSION-ef002e94e1d9ac81	SESSION-ef002e94e1d9ac81 → pe:tls:SESSION-ef002e94e1d9ac81
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b47e385ca946fd94:host:177.10.236.91	SESSION-b47e385ca946fd94 → host:177.10.236.91
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9a69c63a7b588de:host:131.196.31.151	SESSION-b9a69c63a7b588de → host:131.196.31.151
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bca14afee5df98e9:flow:b5ead2da4aee	SESSION-bca14afee5df98e9 → flow:b5ead2da4aee
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf34c898669d01e7:host:172.234.197.23	SESSION-bf34c898669d01e7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0cb5698f1d5957a:host:31.40.196.151:host:172.234.197.23	SESSION-c0cb5698f1d5957a → host:31.40.196.151 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-217f16055e8d00da:host:172.234.197.23	SESSION-217f16055e8d00da → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1f0a0478f83cd119:SESSION-1f0a0478f83cd119	SESSION-1f0a0478f83cd119 → pe:syn:SESSION-1f0a0478f83cd119
FLOW_DST_PORTOBS	e:fp:flow:6c01028ff404:port:tcp:443	flow:6c01028ff404 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-70ca21a7c0c8fc42:SESSION-70ca21a7c0c8fc42	SESSION-70ca21a7c0c8fc42 → pe:tls:SESSION-70ca21a7c0c8fc42
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9fed3e3a3ac1c6fb:SESSION-9fed3e3a3ac1c6fb	SESSION-9fed3e3a3ac1c6fb → pe:syn:SESSION-9fed3e3a3ac1c6fb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f48cf8f11b8f73e:host:177.10.239.247	SESSION-3f48cf8f11b8f73e → host:177.10.239.247
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f1e9c5398b5e18f4:host:131.196.28.198:host:172.234.197.23	SESSION-f1e9c5398b5e18f4 → host:131.196.28.198 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad03ceeb377f3976:host:45.173.156.185	SESSION-ad03ceeb377f3976 → host:45.173.156.185
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d3eca13f5e50de63:PCAP:capture_20260430090001:065659c7d314	SESSION-d3eca13f5e50de63 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d79f2acd73027b39:flow:eafdc5cc4f89	SESSION-d79f2acd73027b39 → flow:eafdc5cc4f89
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-a4d237675f94d453:SESSION-a4d237675f94d453	SESSION-a4d237675f94d453 → pe:rst:SESSION-a4d237675f94d453
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-500747aefaa736d2:flow:d4ea411ce131	SESSION-500747aefaa736d2 → flow:d4ea411ce131
FLOW_FROM_HOSTOBS	e:from:SESSION-e7a6b146488afb43:host:177.10.238.87	SESSION-e7a6b146488afb43 → host:177.10.238.87
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.84:asn:262880	host:177.10.232.84 → asn:262880
flow_observed4-aryOBS	e:fo:flow:e1acc529e089	flow:e1acc529e089 → host:172.234.197.23 → host:131.196.30.227 → port:tcp:26570
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4741bb1b7e9e5b0:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d4741bb1b7e9e5b0 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:993f3233012e:port:tcp:34229	flow:993f3233012e → port:tcp:34229
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c18109925f9685a:host:177.10.237.122	SESSION-8c18109925f9685a → host:177.10.237.122
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-f8491791342c7cb3:SESSION-f8491791342c7cb3	SESSION-f8491791342c7cb3 → pe:rst:SESSION-f8491791342c7cb3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8b9228625f2ea52e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8b9228625f2ea52e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65c1debe675497c7:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-65c1debe675497c7 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:185e96127559	flow:185e96127559 → host:177.10.237.196 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.49:asn:262880	host:177.10.237.49 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.13:geo_-16.28860_-49.01640	host:177.10.235.13 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:e3df5756ccbc:port:tcp:443	flow:e3df5756ccbc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-6490de849a8e5020:SESSION-6490de849a8e5020	SESSION-6490de849a8e5020 → pe:rst:SESSION-6490de849a8e5020
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ec91eda6d4bd732e:SESSION-ec91eda6d4bd732e	SESSION-ec91eda6d4bd732e → pe:tls:SESSION-ec91eda6d4bd732e
FLOW_DST_PORTOBS	e:fp:flow:e50b4d368dc0:port:tcp:60659	flow:e50b4d368dc0 → port:tcp:60659
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-37c584531b25722b:SESSION-37c584531b25722b	SESSION-37c584531b25722b → pe:tls:SESSION-37c584531b25722b
FLOW_FROM_HOSTOBS	e:from:SESSION-55d5dc737e01c0f7:host:92.112.71.68	SESSION-55d5dc737e01c0f7 → host:92.112.71.68
FLOW_DST_PORTOBS	e:fp:flow:2825022e2692:port:tcp:443	flow:2825022e2692 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5f215cf2f031026d:flow:67e491a55fdc	SESSION-5f215cf2f031026d → flow:67e491a55fdc
flow_observed4-aryOBS	e:fo:flow:bc8c7b2b51da	flow:bc8c7b2b51da → host:172.234.197.23 → host:131.196.29.184 → port:tcp:64495
FLOW_DST_PORTOBS	e:fp:flow:f4c8a98cb929:port:tcp:443	flow:f4c8a98cb929 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5d780f89354efd9:host:131.196.31.158:host:172.234.197.23	SESSION-b5d780f89354efd9 → host:131.196.31.158 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4325a6893dda791:flow:9320ba5c0d1c	SESSION-c4325a6893dda791 → flow:9320ba5c0d1c
FLOW_TO_HOSTOBS	e:to:SESSION-30052afb1f0268ab:host:172.234.197.23	SESSION-30052afb1f0268ab → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e271128847ae06df:host:172.234.197.23:host:177.10.235.111	SESSION-e271128847ae06df → host:172.234.197.23 → host:177.10.235.111
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b792e9866f7563b8:host:177.10.235.95:host:172.234.197.23	SESSION-b792e9866f7563b8 → host:177.10.235.95 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c38263f2f5f96575:host:172.234.197.23	SESSION-c38263f2f5f96575 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-610b47e21d599964:flow:b996ef900842	SESSION-610b47e21d599964 → flow:b996ef900842
flow_observed4-aryOBS	e:fo:flow:ca336f5cf561	flow:ca336f5cf561 → host:172.234.197.23 → host:131.196.30.147 → port:tcp:54231
FLOW_TO_HOSTOBS	e:to:SESSION-c5c562cec43ce89e:host:172.234.197.23	SESSION-c5c562cec43ce89e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-9be6dcd7d7b7ac03:SESSION-9be6dcd7d7b7ac03	SESSION-9be6dcd7d7b7ac03 → pe:rst:SESSION-9be6dcd7d7b7ac03
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db282f95b9cc563d:flow:2ae2b6fb588d	SESSION-db282f95b9cc563d → flow:2ae2b6fb588d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-418ea5f834fbfdc6:SESSION-418ea5f834fbfdc6	SESSION-418ea5f834fbfdc6 → pe:tls:SESSION-418ea5f834fbfdc6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-040c9c1730fd990c:SESSION-040c9c1730fd990c	SESSION-040c9c1730fd990c → pe:syn:SESSION-040c9c1730fd990c
FLOW_TO_HOSTOBS	e:to:SESSION-923fbccf43ed644a:host:172.234.197.23	SESSION-923fbccf43ed644a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f1e2986117d2a1f:host:172.234.197.23	SESSION-3f1e2986117d2a1f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59de2965684be0b6:host:131.196.30.126	SESSION-59de2965684be0b6 → host:131.196.30.126
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.196:asn:271410	host:131.196.29.196 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7cd300d305b207c:host:172.234.197.23	SESSION-a7cd300d305b207c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-aa574f1f11f5b30b:host:131.196.31.22	SESSION-aa574f1f11f5b30b → host:131.196.31.22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8300d990ddd9a21:host:177.10.236.157	SESSION-c8300d990ddd9a21 → host:177.10.236.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4367b2e8a53d74f:SESSION-c4367b2e8a53d74f	SESSION-c4367b2e8a53d74f → pe:syn:SESSION-c4367b2e8a53d74f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-79349287be3864ac:flow:28ab5fc046d9	SESSION-79349287be3864ac → flow:28ab5fc046d9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8c5fe81cc60001f5:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-8c5fe81cc60001f5 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98544383f10b4583:host:172.234.197.23	SESSION-98544383f10b4583 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:59a3a67bd50d	flow:59a3a67bd50d → host:172.234.197.23 → host:177.10.233.208 → port:tcp:22854
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e88e03e6557ce42:SESSION-7e88e03e6557ce42	SESSION-7e88e03e6557ce42 → pe:syn:SESSION-7e88e03e6557ce42
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-010644d8880e6139:SESSION-010644d8880e6139	SESSION-010644d8880e6139 → pe:tls:SESSION-010644d8880e6139
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.98:asn:262880	host:177.10.238.98 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-803b2289978a359c:SESSION-803b2289978a359c	SESSION-803b2289978a359c → pe:rst:SESSION-803b2289978a359c
FLOW_FROM_HOSTOBS	e:from:SESSION-67a710d2531b2faa:host:45.173.156.162	SESSION-67a710d2531b2faa → host:45.173.156.162
FLOW_FROM_HOSTOBS	e:from:SESSION-e6d659d940e075af:host:172.234.197.23	SESSION-e6d659d940e075af → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-295a993db8b4e397:host:177.10.238.5	SESSION-295a993db8b4e397 → host:177.10.238.5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69ca44a412c8d221:host:45.173.156.124	SESSION-69ca44a412c8d221 → host:45.173.156.124
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-86afdd078b90270f:SESSION-86afdd078b90270f	SESSION-86afdd078b90270f → pe:syn:SESSION-86afdd078b90270f
flow_observed5-aryOBS	e:fo:flow:63dc30cb124f	flow:63dc30cb124f → host:80.94.92.182 → host:172.234.197.23 → port:tcp:22 → svc:ssh
flow_observed5-aryOBS	e:fo:flow:935c0ab7e069	flow:935c0ab7e069 → host:91.240.224.238 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a486ebfba002f553:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-a486ebfba002f553 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-9c825a37bb7881b6:host:172.234.197.23	SESSION-9c825a37bb7881b6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ef49ba6d990c029:host:177.10.239.136:host:172.234.197.23	SESSION-5ef49ba6d990c029 → host:177.10.239.136 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bcafed8ac50c:port:tcp:21457	flow:bcafed8ac50c → port:tcp:21457
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-692aeceb01bd702a:host:177.10.239.134	SESSION-692aeceb01bd702a → host:177.10.239.134
flow_observed5-aryOBS	e:fo:flow:4914a5c37230	flow:4914a5c37230 → host:95.135.228.17 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_FROM_HOSTOBS	e:from:SESSION-d5ae6e0246d28b44:host:177.10.234.176	SESSION-d5ae6e0246d28b44 → host:177.10.234.176
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.96:geo_-16.28860_-49.01640	host:177.10.239.96 → geo_-16.28860_-49.01640
flow_observed3-aryOBS	e:fo:flow:a80d12852c21	flow:a80d12852c21 → host:34.216.30.208 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9335dee651513692:SESSION-9335dee651513692	SESSION-9335dee651513692 → pe:syn:SESSION-9335dee651513692
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dc65fb323eff44ce:flow:38454e7c329d	SESSION-dc65fb323eff44ce → flow:38454e7c329d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4eeddeaeae099136:SESSION-4eeddeaeae099136	SESSION-4eeddeaeae099136 → pe:tls:SESSION-4eeddeaeae099136
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6634561e4b2b2821:host:172.234.197.23	SESSION-6634561e4b2b2821 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28599206da4f4816:host:177.10.239.143	SESSION-28599206da4f4816 → host:177.10.239.143
FLOW_TO_HOSTOBS	e:to:SESSION-532708ef58f2707f:host:172.234.197.23	SESSION-532708ef58f2707f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e2ecbcecdc44a459:SESSION-e2ecbcecdc44a459	SESSION-e2ecbcecdc44a459 → pe:syn:SESSION-e2ecbcecdc44a459
flow_observed5-aryOBS	e:fo:flow:e59eeaf15703	flow:e59eeaf15703 → host:177.10.237.180 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.176:asn:262880	host:177.10.239.176 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.4:asn:262880	host:177.10.237.4 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-76bcf8447ee973fd:host:172.234.197.23	SESSION-76bcf8447ee973fd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c977b8f3627ab3c3:host:172.234.197.23	SESSION-c977b8f3627ab3c3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f496191c2c04cb7e:host:172.234.197.23	SESSION-f496191c2c04cb7e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65f6be25ebaee411:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-65f6be25ebaee411 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad4604a15181cb67:host:131.196.31.161	SESSION-ad4604a15181cb67 → host:131.196.31.161
flow_observed5-aryOBS	e:fo:flow:41192bbe866c	flow:41192bbe866c → host:185.231.226.242 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-89e4df8c6f209b00:host:45.173.156.10	SESSION-89e4df8c6f209b00 → host:45.173.156.10
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a24ab62cbf4deb47:host:177.10.232.126	SESSION-a24ab62cbf4deb47 → host:177.10.232.126
HOST_IN_ASNOBS 85%	e:ha:host:46.4.252.37:asn:24940	host:46.4.252.37 → asn:24940
FLOW_DST_PORTOBS	e:fp:flow:e8541a690a9e:port:tcp:31834	flow:e8541a690a9e → port:tcp:31834
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-25fe6bafaa94a84d:flow:3c10724e1713	SESSION-25fe6bafaa94a84d → flow:3c10724e1713
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.239:asn:271410	host:131.196.29.239 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc2cf38876d5e15c:SESSION-cc2cf38876d5e15c	SESSION-cc2cf38876d5e15c → pe:tls:SESSION-cc2cf38876d5e15c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4904f64e7943cb47:host:172.234.197.23	SESSION-4904f64e7943cb47 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a7b3f412ee893afd:SESSION-a7b3f412ee893afd	SESSION-a7b3f412ee893afd → pe:syn:SESSION-a7b3f412ee893afd
flow_observed5-aryOBS	e:fo:flow:6923abe353e1	flow:6923abe353e1 → host:177.10.232.176 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:2aff54998db0:port:tcp:56874	flow:2aff54998db0 → port:tcp:56874
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85419ca5854a5f9c:host:172.234.197.23:host:177.10.236.110	SESSION-85419ca5854a5f9c → host:172.234.197.23 → host:177.10.236.110
FLOW_FROM_HOSTOBS	e:from:SESSION-1057767eda3c24b1:host:177.10.238.122	SESSION-1057767eda3c24b1 → host:177.10.238.122
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1848195311cbff19:SESSION-1848195311cbff19	SESSION-1848195311cbff19 → pe:syn:SESSION-1848195311cbff19
FLOW_DST_PORTOBS	e:fp:flow:7df3f8b64aac:port:tcp:443	flow:7df3f8b64aac → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3645126144628c28:flow:683123e16bef	SESSION-3645126144628c28 → flow:683123e16bef
FLOW_DST_PORTOBS	e:fp:flow:88fcb1cd71e8:port:tcp:443	flow:88fcb1cd71e8 → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-a2add8aa10ab84ed:BSG-BEACON-a8a8c3c8a37f	SESSION-a2add8aa10ab84ed → BSG-BEACON-a8a8c3c8a37f
FLOW_FROM_HOSTOBS	e:from:SESSION-7f799bd198c08bce:host:177.10.232.24	SESSION-7f799bd198c08bce → host:177.10.232.24
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.254:geo_-16.28860_-49.01640	host:177.10.235.254 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:63f3b7f9b67e	flow:63f3b7f9b67e → host:131.196.30.183 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:616dac6316b5	flow:616dac6316b5 → host:131.196.31.133 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89c2fe6aad8232be:host:45.173.156.131	SESSION-89c2fe6aad8232be → host:45.173.156.131
FLOW_TO_HOSTOBS	e:to:SESSION-48cf6591de1d67a3:host:172.234.197.23	SESSION-48cf6591de1d67a3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-da8ba1d6891d9574:PCAP:capture_20260430070001:903a0e7a436b	SESSION-da8ba1d6891d9574 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e4dd8b9d1b64d369:SESSION-e4dd8b9d1b64d369	SESSION-e4dd8b9d1b64d369 → pe:tls:SESSION-e4dd8b9d1b64d369
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a586e6b93cbc00d:SESSION-0a586e6b93cbc00d	SESSION-0a586e6b93cbc00d → pe:tls:SESSION-0a586e6b93cbc00d
FLOW_DST_PORTOBS	e:fp:flow:9325c16f8968:port:tcp:80	flow:9325c16f8968 → port:tcp:80
FLOW_TO_HOSTOBS	e:to:SESSION-744a603206d06e24:host:172.234.197.23	SESSION-744a603206d06e24 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1f44963c65f506a9:host:172.234.197.23:host:131.196.29.170	SESSION-1f44963c65f506a9 → host:172.234.197.23 → host:131.196.29.170
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dad0ff120323eed1:SESSION-dad0ff120323eed1	SESSION-dad0ff120323eed1 → pe:syn:SESSION-dad0ff120323eed1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fb6a6e3ef5fc132c:SESSION-fb6a6e3ef5fc132c	SESSION-fb6a6e3ef5fc132c → pe:tls:SESSION-fb6a6e3ef5fc132c
FLOW_TO_HOSTOBS	e:to:SESSION-693fee7d62fe51b9:host:172.234.197.23	SESSION-693fee7d62fe51b9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b4d5ec492dcde12c:flow:43f0331e10b3	SESSION-b4d5ec492dcde12c → flow:43f0331e10b3
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.157:asn:271410	host:131.196.28.157 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b9ddad698cc7ffe:host:45.173.156.110	SESSION-9b9ddad698cc7ffe → host:45.173.156.110
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f26dae72fe8e9fa0:host:172.234.197.23	SESSION-f26dae72fe8e9fa0 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b35aac65e648dac0:flow:d4446d793930	SESSION-b35aac65e648dac0 → flow:d4446d793930
FLOW_TO_HOSTOBS	e:to:SESSION-c6924fc6c1078bec:host:172.234.197.23	SESSION-c6924fc6c1078bec → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e14e48e38747	flow:e14e48e38747 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e5a933b86812e122:host:177.10.233.192:host:172.234.197.23	SESSION-e5a933b86812e122 → host:177.10.233.192 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ae37c351bfd95cd:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6ae37c351bfd95cd → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fbd574144622ed91:host:172.234.197.23:host:131.196.30.83	SESSION-fbd574144622ed91 → host:172.234.197.23 → host:131.196.30.83
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8982cb545b77cb1a:host:172.234.197.23	SESSION-8982cb545b77cb1a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7edb52a0a7553f53:host:172.234.197.23	SESSION-7edb52a0a7553f53 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f0835af6109bb7c1:host:131.196.30.78:host:172.234.197.23	SESSION-f0835af6109bb7c1 → host:131.196.30.78 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:643c889fdaf8	flow:643c889fdaf8 → host:172.234.197.23 → host:45.173.156.188 → port:tcp:49996
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-91919daf8511716e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-91919daf8511716e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-077a58eb2518fab4:host:177.10.232.253:host:172.234.197.23	SESSION-077a58eb2518fab4 → host:177.10.232.253 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d5b56d4198adefd3:host:131.196.30.128	SESSION-d5b56d4198adefd3 → host:131.196.30.128
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4ce32efb58e1da83:SESSION-4ce32efb58e1da83	SESSION-4ce32efb58e1da83 → pe:tls:SESSION-4ce32efb58e1da83
FLOW_FROM_HOSTOBS	e:from:SESSION-91da8f4807f085e6:host:172.234.197.23	SESSION-91da8f4807f085e6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b858978950d9ddc:host:131.196.31.10	SESSION-8b858978950d9ddc → host:131.196.31.10
FLOW_FROM_HOSTOBS	e:from:SESSION-230e735532621bd7:host:45.173.156.31	SESSION-230e735532621bd7 → host:45.173.156.31
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-16a55bcfd76736b7:host:131.196.28.102:host:172.234.197.23	SESSION-16a55bcfd76736b7 → host:131.196.28.102 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:ea5cad6713a3	flow:ea5cad6713a3 → host:172.234.197.23 → host:177.10.239.109 → port:tcp:55918
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-122c6042cd97886a:flow:8e76dd4a0d11	SESSION-122c6042cd97886a → flow:8e76dd4a0d11
flow_observed5-aryOBS	e:fo:flow:f9683f42cf59	flow:f9683f42cf59 → host:104.28.157.111 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-829966970db58135:host:177.10.236.32	SESSION-829966970db58135 → host:177.10.236.32
FLOW_FROM_HOSTOBS	e:from:SESSION-3baedacad496627d:host:177.10.239.176	SESSION-3baedacad496627d → host:177.10.239.176
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.122:asn:271410	host:131.196.31.122 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bff0487aa2cdf6e6:SESSION-bff0487aa2cdf6e6	SESSION-bff0487aa2cdf6e6 → pe:syn:SESSION-bff0487aa2cdf6e6
FLOW_FROM_HOSTOBS	e:from:SESSION-017fcd2c03e3a5c1:host:172.234.197.23	SESSION-017fcd2c03e3a5c1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f4c8a98cb929	flow:f4c8a98cb929 → host:177.10.239.132 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:377de2a09526:port:tcp:443	flow:377de2a09526 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49ffa8539a7cb217:host:172.234.197.23	SESSION-49ffa8539a7cb217 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d0cd9b8959e0e89e:flow:297c6aefdd3e	SESSION-d0cd9b8959e0e89e → flow:297c6aefdd3e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.15:geo_-16.28860_-49.01640	host:177.10.237.15 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9beaab7062aef373:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9beaab7062aef373 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-55979c68784410e0:SESSION-55979c68784410e0	SESSION-55979c68784410e0 → pe:tls:SESSION-55979c68784410e0
FLOW_DST_PORTOBS	e:fp:flow:f3e0a6fab4e8:port:tcp:443	flow:f3e0a6fab4e8 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-28d97429831b8272:host:78.12.248.31	SESSION-28d97429831b8272 → host:78.12.248.31
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ecb424a0a4d5b0f:host:177.10.238.120	SESSION-3ecb424a0a4d5b0f → host:177.10.238.120
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-745809bcd8ad6979:SESSION-745809bcd8ad6979	SESSION-745809bcd8ad6979 → pe:syn:SESSION-745809bcd8ad6979
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f4bd70bea69fea0d:flow:ba0aa5ef9cb5	SESSION-f4bd70bea69fea0d → flow:ba0aa5ef9cb5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d58c039fa1a1304:host:172.232.0.17	SESSION-8d58c039fa1a1304 → host:172.232.0.17
FLOW_FROM_HOSTOBS	e:from:SESSION-7963f405207d2813:host:172.234.197.23	SESSION-7963f405207d2813 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e0b8f15e6ec3ec0f:host:172.234.197.23	SESSION-e0b8f15e6ec3ec0f → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.117:geo_-21.10010_-41.69200	host:45.173.156.117 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c124aef8e6ea7da5:host:177.10.238.247	SESSION-c124aef8e6ea7da5 → host:177.10.238.247
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fb6fbeeb95cb61c8:SESSION-fb6fbeeb95cb61c8	SESSION-fb6fbeeb95cb61c8 → pe:syn:SESSION-fb6fbeeb95cb61c8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4f8f4fc610e76fd:SESSION-c4f8f4fc610e76fd	SESSION-c4f8f4fc610e76fd → pe:tls:SESSION-c4f8f4fc610e76fd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0667f103db24cb40:SESSION-0667f103db24cb40	SESSION-0667f103db24cb40 → pe:tls:SESSION-0667f103db24cb40
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.62:asn:262880	host:177.10.234.62 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9e13bed2218b0a9f:SESSION-9e13bed2218b0a9f	SESSION-9e13bed2218b0a9f → pe:syn:SESSION-9e13bed2218b0a9f
FLOW_TO_HOSTOBS	e:to:SESSION-f9d01126d5763bf9:host:177.10.239.229	SESSION-f9d01126d5763bf9 → host:177.10.239.229
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a19951f5f7590fa9:host:177.10.232.253	SESSION-a19951f5f7590fa9 → host:177.10.232.253
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2e46bef1b2f6daf0:PCAP:capture_20260430050001:8868731bf8a4	SESSION-2e46bef1b2f6daf0 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-da377d395ffcc3d3:SESSION-da377d395ffcc3d3	SESSION-da377d395ffcc3d3 → pe:tls:SESSION-da377d395ffcc3d3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6e7d46ad1b0c983:host:131.196.30.62	SESSION-d6e7d46ad1b0c983 → host:131.196.30.62
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.64:geo_41.00190_28.96450	host:95.170.25.64 → geo_41.00190_28.96450
FLOW_FROM_HOSTOBS	e:from:SESSION-4bda9924d3f6d619:host:177.10.237.74	SESSION-4bda9924d3f6d619 → host:177.10.237.74
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-04af603e6c9a6691:host:177.10.237.82	SESSION-04af603e6c9a6691 → host:177.10.237.82
FLOW_TO_HOSTOBS	e:to:SESSION-8fbc053aa21c3a10:host:172.234.197.23	SESSION-8fbc053aa21c3a10 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a24676d50b48eccf:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a24676d50b48eccf → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-010644d8880e6139:SESSION-010644d8880e6139	SESSION-010644d8880e6139 → pe:syn:SESSION-010644d8880e6139
flow_observed5-aryOBS	e:fo:flow:32c97d2c0cb3	flow:32c97d2c0cb3 → host:177.10.233.70 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ed5513c22512ddd:host:45.173.156.228:host:172.234.197.23	SESSION-2ed5513c22512ddd → host:45.173.156.228 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:121dc1e70533	flow:121dc1e70533 → host:195.154.100.87 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44e6d66a0a0fb56e:host:131.196.29.140	SESSION-44e6d66a0a0fb56e → host:131.196.29.140
HOST_IN_ASNOBS 85%	e:ha:host:167.235.194.109:asn:24940	host:167.235.194.109 → asn:24940
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f4bd70bea69fea0d:SESSION-f4bd70bea69fea0d	SESSION-f4bd70bea69fea0d → pe:tls:SESSION-f4bd70bea69fea0d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2392c0826d87e845:SESSION-2392c0826d87e845	SESSION-2392c0826d87e845 → pe:syn:SESSION-2392c0826d87e845
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ec50ec61227c5d5c:host:172.234.197.23:host:177.10.236.157	SESSION-ec50ec61227c5d5c → host:172.234.197.23 → host:177.10.236.157
FLOW_DST_PORTOBS	e:fp:flow:7e01232a35e4:port:tcp:56352	flow:7e01232a35e4 → port:tcp:56352
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9fed3e3a3ac1c6fb:host:177.10.234.221	SESSION-9fed3e3a3ac1c6fb → host:177.10.234.221
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b9695896cdce250:host:172.234.197.23	SESSION-9b9695896cdce250 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1fa8a238d1165695:flow:9b30438b62ce	SESSION-1fa8a238d1165695 → flow:9b30438b62ce
FLOW_DST_PORTOBS	e:fp:flow:e773fd80a0e8:port:tcp:443	flow:e773fd80a0e8 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.102:asn:262880	host:177.10.238.102 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36966af2dfd8700b:host:172.234.197.23	SESSION-36966af2dfd8700b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e2eb0c2c4028db16:host:172.234.197.23	SESSION-e2eb0c2c4028db16 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6635e725f15c4a26:host:172.234.197.23	SESSION-6635e725f15c4a26 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2e73cad916b1394:host:172.234.197.23	SESSION-a2e73cad916b1394 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7391507b773a5722:flow:27b67a899243	SESSION-7391507b773a5722 → flow:27b67a899243
FLOW_TO_HOSTOBS	e:to:SESSION-3f4f2e64710996bb:host:172.234.197.23	SESSION-3f4f2e64710996bb → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:337d55bdec10	flow:337d55bdec10 → host:177.10.238.42 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-8dc28b29833676bc:host:172.234.197.23	SESSION-8dc28b29833676bc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b6d920a3cc562b13:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b6d920a3cc562b13 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-066d98dee3275acb:host:172.234.197.23	SESSION-066d98dee3275acb → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-20e3655a208f66c6:host:172.234.197.23:host:177.10.239.99	SESSION-20e3655a208f66c6 → host:172.234.197.23 → host:177.10.239.99
FLOW_DST_PORTOBS	e:fp:flow:cdc6cf409719:port:tcp:443	flow:cdc6cf409719 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-b7e06a830af01410:host:131.196.28.164	SESSION-b7e06a830af01410 → host:131.196.28.164
FLOW_FROM_HOSTOBS	e:from:SESSION-6a19fd3219cd89ed:host:45.145.152.164	SESSION-6a19fd3219cd89ed → host:45.145.152.164
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e26c1de83807ce87:host:177.10.233.182	SESSION-e26c1de83807ce87 → host:177.10.233.182
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1b7e5e87f526ce8d:host:172.234.197.23:host:177.10.232.233	SESSION-1b7e5e87f526ce8d → host:172.234.197.23 → host:177.10.232.233
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a1d147c13acfa404:SESSION-a1d147c13acfa404	SESSION-a1d147c13acfa404 → pe:syn:SESSION-a1d147c13acfa404
FLOW_TO_HOSTOBS	e:to:SESSION-8e9497f317705308:host:172.234.197.23	SESSION-8e9497f317705308 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e49a14deb2e22da:host:80.94.92.186:host:172.234.197.23	SESSION-4e49a14deb2e22da → host:80.94.92.186 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ae2c237b5906e067:flow:56817ae9d85f	SESSION-ae2c237b5906e067 → flow:56817ae9d85f
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-d06d4272bf4950c7:BSG-BEACON-13f5c1fd6ae7	SESSION-d06d4272bf4950c7 → BSG-BEACON-13f5c1fd6ae7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.42:geo_-16.28860_-49.01640	host:177.10.238.42 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ec65811ecc506ca:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2ec65811ecc506ca → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-7e7ccd5c552e41a1:host:172.234.197.23	SESSION-7e7ccd5c552e41a1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-764a731a27d64086:SESSION-764a731a27d64086	SESSION-764a731a27d64086 → pe:syn:SESSION-764a731a27d64086
FLOW_DST_PORTOBS	e:fp:flow:6bbcc7e0b261:port:tcp:443	flow:6bbcc7e0b261 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-eaecff6799ccb464:host:45.173.156.212	SESSION-eaecff6799ccb464 → host:45.173.156.212
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fb520d5460f73062:SESSION-fb520d5460f73062	SESSION-fb520d5460f73062 → pe:syn:SESSION-fb520d5460f73062
FLOW_DST_PORTOBS	e:fp:flow:4a9b5bb3cf88:port:tcp:443	flow:4a9b5bb3cf88 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-90798b7c1b8c7636:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-90798b7c1b8c7636 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-74f51cf412342155:host:131.196.30.223	SESSION-74f51cf412342155 → host:131.196.30.223
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-00968abd3a9eec7e:SESSION-00968abd3a9eec7e	SESSION-00968abd3a9eec7e → pe:syn:SESSION-00968abd3a9eec7e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6713221fe5694a6d:host:131.196.30.162:host:172.234.197.23	SESSION-6713221fe5694a6d → host:131.196.30.162 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c2cb78a800ce3917:SESSION-c2cb78a800ce3917	SESSION-c2cb78a800ce3917 → pe:tls:SESSION-c2cb78a800ce3917
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e06ceb4b0294ceac:flow:047e3c08925c	SESSION-e06ceb4b0294ceac → flow:047e3c08925c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fdfd79cbce8be94:host:177.10.238.236	SESSION-5fdfd79cbce8be94 → host:177.10.238.236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-55d5dc737e01c0f7:SESSION-55d5dc737e01c0f7	SESSION-55d5dc737e01c0f7 → pe:rst:SESSION-55d5dc737e01c0f7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-48cf6591de1d67a3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-48cf6591de1d67a3 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f3651e68c2556a1c:SESSION-f3651e68c2556a1c	SESSION-f3651e68c2556a1c → pe:syn:SESSION-f3651e68c2556a1c
FLOW_FROM_HOSTOBS	e:from:SESSION-a1e631f6e627b67d:host:172.234.197.23	SESSION-a1e631f6e627b67d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb0638f1774736d1:host:177.10.236.120:host:172.234.197.23	SESSION-cb0638f1774736d1 → host:177.10.236.120 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5f3e8e9199df130f:host:177.10.236.237	SESSION-5f3e8e9199df130f → host:177.10.236.237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1ca06073d474c63:host:177.10.236.3	SESSION-b1ca06073d474c63 → host:177.10.236.3
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.115:asn:262880	host:177.10.237.115 → asn:262880
flow_observed5-aryOBS	e:fo:flow:8287af1083ef	flow:8287af1083ef → host:177.10.239.252 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8405fabd9aa330c8:host:172.234.197.23	SESSION-8405fabd9aa330c8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:53b3f0a9de81:port:tcp:443	flow:53b3f0a9de81 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:023ad8b7733d	flow:023ad8b7733d → host:172.234.197.23 → host:131.196.28.221 → port:tcp:40765
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-87843d3af97b013e:SESSION-87843d3af97b013e	SESSION-87843d3af97b013e → pe:tls:SESSION-87843d3af97b013e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5d27f09d7c919692:flow:e4ca9ed534f9	SESSION-5d27f09d7c919692 → flow:e4ca9ed534f9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2db2b0c2312c18a1:host:131.196.30.60	SESSION-2db2b0c2312c18a1 → host:131.196.30.60
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-23fc04533211debf:SESSION-23fc04533211debf	SESSION-23fc04533211debf → pe:tls:SESSION-23fc04533211debf
FLOW_TO_HOSTOBS	e:to:SESSION-57e20c08f6c0c2c9:host:172.234.197.23	SESSION-57e20c08f6c0c2c9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc4f127cbdf1d5a3:host:177.10.235.121	SESSION-bc4f127cbdf1d5a3 → host:177.10.235.121
FLOW_DST_PORTOBS	e:fp:flow:6e55bb86ccd8:port:tcp:7730	flow:6e55bb86ccd8 → port:tcp:7730
FLOW_DST_PORTOBS	e:fp:flow:2fef4a6efd16:port:tcp:443	flow:2fef4a6efd16 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fce590506c76a4f8:SESSION-fce590506c76a4f8	SESSION-fce590506c76a4f8 → pe:tls:SESSION-fce590506c76a4f8
FLOW_TO_HOSTOBS	e:to:SESSION-8e6988ed77a3d110:host:172.234.197.23	SESSION-8e6988ed77a3d110 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c0665b9726687b63:host:172.234.197.23	SESSION-c0665b9726687b63 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3da2bdbc54650cc7:PCAP:capture_20260430110001:43611bdf6759	SESSION-3da2bdbc54650cc7 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6a66568eff025692:flow:77bd6a0eb691	SESSION-6a66568eff025692 → flow:77bd6a0eb691
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3f9c5288639cc167:PCAP:capture_20260430090001:065659c7d314	SESSION-3f9c5288639cc167 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f9479b510131ce6c:SESSION-f9479b510131ce6c	SESSION-f9479b510131ce6c → pe:syn:SESSION-f9479b510131ce6c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7139746cbd677852:SESSION-7139746cbd677852	SESSION-7139746cbd677852 → pe:syn:SESSION-7139746cbd677852
flow_observed5-aryOBS	e:fo:flow:7ef7e61abeff	flow:7ef7e61abeff → host:177.10.232.165 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ab1f168a37fae671:SESSION-ab1f168a37fae671	SESSION-ab1f168a37fae671 → pe:tls:SESSION-ab1f168a37fae671
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-00d1a9c01c6924fe:SESSION-00d1a9c01c6924fe	SESSION-00d1a9c01c6924fe → pe:syn:SESSION-00d1a9c01c6924fe
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca55f398b8ed07e1:host:131.196.31.200	SESSION-ca55f398b8ed07e1 → host:131.196.31.200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2acb7632e6c37a6f:host:88.99.91.59:host:172.234.197.23	SESSION-2acb7632e6c37a6f → host:88.99.91.59 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.105:asn:271410	host:131.196.31.105 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:ba0aa5ef9cb5:port:tcp:443	flow:ba0aa5ef9cb5 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.184:asn:262880	host:177.10.236.184 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.170:asn:273470	host:45.173.156.170 → asn:273470
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9a27c97c4e7ac566:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9a27c97c4e7ac566 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-316a629875744009:host:172.234.197.23	SESSION-316a629875744009 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cd92f1d715637398:PCAP:capture_20260430070001:903a0e7a436b	SESSION-cd92f1d715637398 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-54016b03ecf1701c:flow:bc02f6212fca	SESSION-54016b03ecf1701c → flow:bc02f6212fca
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-44593e1f87cfdd92:SESSION-44593e1f87cfdd92	SESSION-44593e1f87cfdd92 → pe:syn:SESSION-44593e1f87cfdd92
HOST_IN_ASNOBS 85%	e:ha:host:195.154.100.87:asn:12876	host:195.154.100.87 → asn:12876
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.221:geo_41.00190_28.96450	host:92.112.71.221 → geo_41.00190_28.96450
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b30f6f845792a67e:flow:4288b0386576	SESSION-b30f6f845792a67e → flow:4288b0386576
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2634dc5934886659:flow:2c77f1210f93	SESSION-2634dc5934886659 → flow:2c77f1210f93
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b203844c0afbb25:host:177.10.239.201	SESSION-5b203844c0afbb25 → host:177.10.239.201
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f635007151c479b8:host:177.10.239.111:host:172.234.197.23	SESSION-f635007151c479b8 → host:177.10.239.111 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1980da9de3362b69:SESSION-1980da9de3362b69	SESSION-1980da9de3362b69 → pe:tls:SESSION-1980da9de3362b69
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d28501729ed200f7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d28501729ed200f7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3ecb9e93c79a4bef:host:172.234.197.23:host:177.10.233.119	SESSION-3ecb9e93c79a4bef → host:172.234.197.23 → host:177.10.233.119
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-25f56036928a5a45:host:177.10.236.78:host:172.234.197.23	SESSION-25f56036928a5a45 → host:177.10.236.78 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2b1032a47414de8d:SESSION-2b1032a47414de8d	SESSION-2b1032a47414de8d → pe:syn:SESSION-2b1032a47414de8d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e41fa1676c790d65:SESSION-e41fa1676c790d65	SESSION-e41fa1676c790d65 → pe:tls:SESSION-e41fa1676c790d65
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77a13185d72dec11:SESSION-77a13185d72dec11	SESSION-77a13185d72dec11 → pe:tls:SESSION-77a13185d72dec11
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fa1be017e5052d0a:SESSION-fa1be017e5052d0a	SESSION-fa1be017e5052d0a → pe:tls:SESSION-fa1be017e5052d0a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.64:geo_-16.28860_-49.01640	host:177.10.233.64 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2cbf1ff9debe345:host:172.234.197.23	SESSION-f2cbf1ff9debe345 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6b1020087167:port:tcp:39583	flow:6b1020087167 → port:tcp:39583
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4f1cb2d411cdd6d7:SESSION-4f1cb2d411cdd6d7	SESSION-4f1cb2d411cdd6d7 → pe:tls:SESSION-4f1cb2d411cdd6d7
FLOW_TO_HOSTOBS	e:to:SESSION-486ff38c4390c341:host:172.234.197.23	SESSION-486ff38c4390c341 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3675340578297917:PCAP:capture_20260430150001:ded20914761d	SESSION-3675340578297917 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2e8105cbb514d7cf:PCAP:capture_20260430050001:8868731bf8a4	SESSION-2e8105cbb514d7cf → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cb17c89d7425739:host:172.234.197.23	SESSION-6cb17c89d7425739 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc2cf38876d5e15c:host:177.10.234.93:host:172.234.197.23	SESSION-cc2cf38876d5e15c → host:177.10.234.93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ca442589a0a5e5d:host:172.234.197.23	SESSION-3ca442589a0a5e5d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.114:geo_-16.28860_-49.01640	host:177.10.232.114 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6aca8ef237a42da9:PCAP:capture_20260430160001:9bfa4498506a	SESSION-6aca8ef237a42da9 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d44c53e781b5466e:SESSION-d44c53e781b5466e	SESSION-d44c53e781b5466e → pe:tls:SESSION-d44c53e781b5466e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-20552151cee2e1af:flow:b075ef361439	SESSION-20552151cee2e1af → flow:b075ef361439
FLOW_FROM_HOSTOBS	e:from:SESSION-a7aa94b5f9268de0:host:177.10.236.180	SESSION-a7aa94b5f9268de0 → host:177.10.236.180
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.94:asn:271410	host:131.196.31.94 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-37ba5323333f9720:SESSION-37ba5323333f9720	SESSION-37ba5323333f9720 → pe:syn:SESSION-37ba5323333f9720
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55ac8b9837cbe539:host:172.234.197.23	SESSION-55ac8b9837cbe539 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bf12b1de67086909:host:172.234.197.23	SESSION-bf12b1de67086909 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3db1c42fb505a2f9:SESSION-3db1c42fb505a2f9	SESSION-3db1c42fb505a2f9 → pe:syn:SESSION-3db1c42fb505a2f9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c78f1de05120efd8:host:177.10.233.204	SESSION-c78f1de05120efd8 → host:177.10.233.204
FLOW_FROM_HOSTOBS	e:from:SESSION-6c5381aaad8fa568:host:177.10.238.59	SESSION-6c5381aaad8fa568 → host:177.10.238.59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-764a731a27d64086:SESSION-764a731a27d64086	SESSION-764a731a27d64086 → pe:rst:SESSION-764a731a27d64086
FLOW_FROM_HOSTOBS	e:from:SESSION-e791e8d702f57f3e:host:172.234.197.23	SESSION-e791e8d702f57f3e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4879ced74a20729f:host:177.10.233.185	SESSION-4879ced74a20729f → host:177.10.233.185
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.16:geo_-16.28860_-49.01640	host:177.10.236.16 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a6b62b6aad076f58:PCAP:capture_20260430110001:43611bdf6759	SESSION-a6b62b6aad076f58 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ead27f853a5aab01:SESSION-ead27f853a5aab01	SESSION-ead27f853a5aab01 → pe:tls:SESSION-ead27f853a5aab01
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b9523bcd246277dc:flow:2886944b445e	SESSION-b9523bcd246277dc → flow:2886944b445e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f4918b67fbcc63f:host:172.234.197.23	SESSION-2f4918b67fbcc63f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e3ea775b7999:port:tcp:443	flow:e3ea775b7999 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8e0f3c8a35641f7b:SESSION-8e0f3c8a35641f7b	SESSION-8e0f3c8a35641f7b → pe:syn:SESSION-8e0f3c8a35641f7b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.244:geo_-23.62930_-46.63510	host:131.196.31.244 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2c4d285e0a09c2a4:SESSION-2c4d285e0a09c2a4	SESSION-2c4d285e0a09c2a4 → pe:syn:SESSION-2c4d285e0a09c2a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-afb2aada9aae789c:PCAP:capture_20260430160001:9bfa4498506a	SESSION-afb2aada9aae789c → PCAP:capture_20260430160001:9bfa4498506a
flow_observed4-aryOBS	e:fo:flow:0734cf22f874	flow:0734cf22f874 → host:172.234.197.23 → host:131.196.31.111 → port:tcp:25405
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-24ac712a23adf430:SESSION-24ac712a23adf430	SESSION-24ac712a23adf430 → pe:syn:SESSION-24ac712a23adf430
flow_observed5-aryOBS	e:fo:flow:e45fb223a813	flow:e45fb223a813 → host:131.196.29.27 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6a214ec19ba198e7:SESSION-6a214ec19ba198e7	SESSION-6a214ec19ba198e7 → pe:syn:SESSION-6a214ec19ba198e7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-169e7d2007075619:host:54.149.68.137	SESSION-169e7d2007075619 → host:54.149.68.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a2f82c2a85816be:SESSION-4a2f82c2a85816be	SESSION-4a2f82c2a85816be → pe:tls:SESSION-4a2f82c2a85816be
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e9b874351d52a188:host:131.196.31.167	SESSION-e9b874351d52a188 → host:131.196.31.167
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4939a9166796718f:host:177.10.239.255	SESSION-4939a9166796718f → host:177.10.239.255
FLOW_FROM_HOSTOBS	e:from:SESSION-3fe48e08f3f123e2:host:172.234.197.23	SESSION-3fe48e08f3f123e2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2cbbc065f428	flow:2cbbc065f428 → host:177.10.234.61 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.2:geo_-23.62930_-46.63510	host:131.196.28.2 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-8ca707063b726bac:host:131.196.28.95	SESSION-8ca707063b726bac → host:131.196.28.95
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.233:asn:262880	host:177.10.235.233 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-44a6b99289a2f8de:SESSION-44a6b99289a2f8de	SESSION-44a6b99289a2f8de → pe:tls:SESSION-44a6b99289a2f8de
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed610f5ec8b698f6:host:177.10.236.234	SESSION-ed610f5ec8b698f6 → host:177.10.236.234
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0dbdaab1cb35f54:host:172.234.197.23	SESSION-c0dbdaab1cb35f54 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7f971b95dedbfd9a:flow:d2892ce86f73	SESSION-7f971b95dedbfd9a → flow:d2892ce86f73
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d694cf0080c35c2f:flow:9df9d2c1feb9	SESSION-d694cf0080c35c2f → flow:9df9d2c1feb9
FLOW_TO_HOSTOBS	e:to:SESSION-22bb8f06cde321ca:host:172.234.197.23	SESSION-22bb8f06cde321ca → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7440e76ff1d72d2f:host:95.170.25.34	SESSION-7440e76ff1d72d2f → host:95.170.25.34
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ca1727d5d29ffb7f:SESSION-ca1727d5d29ffb7f	SESSION-ca1727d5d29ffb7f → pe:syn:SESSION-ca1727d5d29ffb7f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7b3f412ee893afd:host:172.234.197.23	SESSION-a7b3f412ee893afd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1f0a0478f83cd119:flow:ce31789228b9	SESSION-1f0a0478f83cd119 → flow:ce31789228b9
FLOW_TO_HOSTOBS	e:to:SESSION-9d58dc4e289d6c4c:host:177.10.239.140	SESSION-9d58dc4e289d6c4c → host:177.10.239.140
FLOW_DST_PORTOBS	e:fp:flow:095f374ac2cc:port:tcp:443	flow:095f374ac2cc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-280b0d78f93705fd:SESSION-280b0d78f93705fd	SESSION-280b0d78f93705fd → pe:tls:SESSION-280b0d78f93705fd
FLOW_TO_HOSTOBS	e:to:SESSION-9b95e1310dc4ff34:host:172.234.197.23	SESSION-9b95e1310dc4ff34 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f73d5c81ac41c00:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4f73d5c81ac41c00 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-650f1a0c083a2aeb:host:172.234.197.23	SESSION-650f1a0c083a2aeb → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ce2566c1c98d1aed:SESSION-ce2566c1c98d1aed	SESSION-ce2566c1c98d1aed → pe:syn:SESSION-ce2566c1c98d1aed
FLOW_FROM_HOSTOBS	e:from:SESSION-122c6042cd97886a:host:177.10.235.59	SESSION-122c6042cd97886a → host:177.10.235.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-398d13acd4a88a37:host:172.234.197.23	SESSION-398d13acd4a88a37 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.24:geo_-16.28860_-49.01640	host:177.10.238.24 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:46b2fc5fae22:port:tcp:443	flow:46b2fc5fae22 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-60a71bd7fc87f54e:SESSION-60a71bd7fc87f54e	SESSION-60a71bd7fc87f54e → pe:rst:SESSION-60a71bd7fc87f54e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f07097ffc1d464e5:host:172.234.197.23	SESSION-f07097ffc1d464e5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b35e3cddd5fc2e72:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b35e3cddd5fc2e72 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:e1daaa949a5f	flow:e1daaa949a5f → host:45.173.156.110 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c491b8c96ce6e8c2:SESSION-c491b8c96ce6e8c2	SESSION-c491b8c96ce6e8c2 → pe:rst:SESSION-c491b8c96ce6e8c2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-314a3839bafadb97:PCAP:capture_20260430060001:919b39a74464	SESSION-314a3839bafadb97 → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:4d1d32275cd9	flow:4d1d32275cd9 → host:177.10.233.80 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:f0bd3638e392	flow:f0bd3638e392 → host:172.234.197.23 → host:45.173.156.202 → port:tcp:2614
flow_observed4-aryOBS	e:fo:flow:3c10ce58d99a	flow:3c10ce58d99a → host:172.234.197.23 → host:177.10.238.181 → port:tcp:938
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.98:asn:262880	host:177.10.239.98 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:d8e075f82077:port:tcp:443	flow:d8e075f82077 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e2f1449f3d42ccdf:SESSION-e2f1449f3d42ccdf	SESSION-e2f1449f3d42ccdf → pe:syn:SESSION-e2f1449f3d42ccdf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e8105cbb514d7cf:host:177.10.237.182	SESSION-2e8105cbb514d7cf → host:177.10.237.182
FLOW_DST_PORTOBS	e:fp:flow:0f84ecdb7bf2:port:tcp:60071	flow:0f84ecdb7bf2 → port:tcp:60071
FLOW_TO_HOSTOBS	e:to:SESSION-5c60d99c484411b4:host:172.234.197.23	SESSION-5c60d99c484411b4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ada05a103ba2b64:host:172.234.197.23	SESSION-9ada05a103ba2b64 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7ac209c33b5c7f5:flow:5eb90d6efcf2	SESSION-b7ac209c33b5c7f5 → flow:5eb90d6efcf2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-091d255d08b85143:host:98.130.128.246	SESSION-091d255d08b85143 → host:98.130.128.246
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1e0a6d0f6eee882:flow:0703046ab49b	SESSION-d1e0a6d0f6eee882 → flow:0703046ab49b
flow_observed5-aryOBS	e:fo:flow:00ea2c27d768	flow:00ea2c27d768 → host:177.10.237.39 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:ed9c19c178d4	flow:ed9c19c178d4 → host:131.196.31.231 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5cdb2ff7fda09377:host:54.201.215.37	SESSION-5cdb2ff7fda09377 → host:54.201.215.37
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d17b7bdf4ae9fb2c:host:172.234.197.23:host:177.10.239.77	SESSION-d17b7bdf4ae9fb2c → host:172.234.197.23 → host:177.10.239.77
HOST_IN_ASNOBS 85%	e:ha:host:18.60.59.175:asn:16509	host:18.60.59.175 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-926d10c9776453b9:SESSION-926d10c9776453b9	SESSION-926d10c9776453b9 → pe:tls:SESSION-926d10c9776453b9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6a5d8002765cb7d3:SESSION-6a5d8002765cb7d3	SESSION-6a5d8002765cb7d3 → pe:tls:SESSION-6a5d8002765cb7d3
FLOW_TO_HOSTOBS	e:to:SESSION-23f94e137932a031:host:172.234.197.23	SESSION-23f94e137932a031 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4c33b44718448cc2:host:177.10.233.138:host:172.234.197.23	SESSION-4c33b44718448cc2 → host:177.10.233.138 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d31cb6e546f767b7:host:131.196.31.75:host:172.234.197.23	SESSION-d31cb6e546f767b7 → host:131.196.31.75 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ef2cf125c8c7b83a:host:172.234.197.23	SESSION-ef2cf125c8c7b83a → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:af7bc9759ccd:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:af7bc9759ccd → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b7d412d830baf98:host:177.10.235.214	SESSION-4b7d412d830baf98 → host:177.10.235.214
flow_observed5-aryOBS	e:fo:flow:9ad548b3b589	flow:9ad548b3b589 → host:177.10.235.150 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-174e61a8ff8b9c0e:host:131.196.29.16	SESSION-174e61a8ff8b9c0e → host:131.196.29.16
FLOW_FROM_HOSTOBS	e:from:SESSION-140cb8b81d438202:host:172.234.197.23	SESSION-140cb8b81d438202 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-55d7f3379dec0798:host:177.10.237.70:host:172.234.197.23	SESSION-55d7f3379dec0798 → host:177.10.237.70 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4af1d7a3219c207:host:172.234.197.23	SESSION-d4af1d7a3219c207 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ffbb13e97116fd4:SESSION-6ffbb13e97116fd4	SESSION-6ffbb13e97116fd4 → pe:tls:SESSION-6ffbb13e97116fd4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-160e5a0882acae87:host:172.234.197.23:host:131.196.31.187	SESSION-160e5a0882acae87 → host:172.234.197.23 → host:131.196.31.187
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e6afdb068db09de:host:172.234.197.23	SESSION-6e6afdb068db09de → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a038f6735218c73a:SESSION-a038f6735218c73a	SESSION-a038f6735218c73a → pe:syn:SESSION-a038f6735218c73a
flow_observed5-aryOBS	e:fo:flow:841969c73efe	flow:841969c73efe → host:177.10.239.51 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:de8c7a745d46	flow:de8c7a745d46 → host:177.10.232.97 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_QUERIED_DNSOBS	e:fd:flow:d50ac2c438e5:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:d50ac2c438e5 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b048d8915129480a:SESSION-b048d8915129480a	SESSION-b048d8915129480a → pe:syn:SESSION-b048d8915129480a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b6806cb851ed3b70:host:172.234.197.23:host:45.173.156.220	SESSION-b6806cb851ed3b70 → host:172.234.197.23 → host:45.173.156.220
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.117:geo_-16.28860_-49.01640	host:177.10.235.117 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.248:geo_-16.28860_-49.01640	host:177.10.235.248 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e094b52f54dff79:host:172.234.197.23:host:131.196.28.176	SESSION-4e094b52f54dff79 → host:172.234.197.23 → host:131.196.28.176
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7cc58ab2d16fcbf8:SESSION-7cc58ab2d16fcbf8	SESSION-7cc58ab2d16fcbf8 → pe:syn:SESSION-7cc58ab2d16fcbf8
FLOW_TO_HOSTOBS	e:to:SESSION-1328d27dd48f8a49:host:172.234.197.23	SESSION-1328d27dd48f8a49 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e696cf5f8f6db7e6:flow:4bc72c3e6d72	SESSION-e696cf5f8f6db7e6 → flow:4bc72c3e6d72
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-489ca31c7f776997:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-489ca31c7f776997 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.195:asn:262880	host:177.10.234.195 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-316a629875744009:SESSION-316a629875744009	SESSION-316a629875744009 → pe:syn:SESSION-316a629875744009
FLOW_FROM_HOSTOBS	e:from:SESSION-2b2ef1696b4c4f00:host:172.234.197.23	SESSION-2b2ef1696b4c4f00 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fed96f9f16ada01c:SESSION-fed96f9f16ada01c	SESSION-fed96f9f16ada01c → pe:tls:SESSION-fed96f9f16ada01c
flow_observed5-aryOBS	e:fo:flow:308ea8154f83	flow:308ea8154f83 → host:45.145.152.208 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db5e0e0456a4bec1:host:172.234.197.23	SESSION-db5e0e0456a4bec1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dba7d64f7032fffd:host:177.10.232.207	SESSION-dba7d64f7032fffd → host:177.10.232.207
HOST_IN_ASNOBS 85%	e:ha:host:95.135.228.14:asn:203771	host:95.135.228.14 → asn:203771
FLOW_TO_HOSTOBS	e:to:SESSION-4be71a9ef959f500:host:131.196.31.145	SESSION-4be71a9ef959f500 → host:131.196.31.145
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3930651da0a26cb4:SESSION-3930651da0a26cb4	SESSION-3930651da0a26cb4 → pe:tls:SESSION-3930651da0a26cb4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-393eb1cd54ab212e:host:177.10.232.168	SESSION-393eb1cd54ab212e → host:177.10.232.168
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6d547ed30afcbb9f:host:131.196.30.233:host:172.234.197.23	SESSION-6d547ed30afcbb9f → host:131.196.30.233 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ea19b3bdbd95a16b:host:177.10.234.88:host:172.234.197.23	SESSION-ea19b3bdbd95a16b → host:177.10.234.88 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2c5fc27029770f85:host:172.234.197.23	SESSION-2c5fc27029770f85 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0233a0286136dd2:host:172.234.197.23	SESSION-b0233a0286136dd2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b479aa11234b67ae:host:172.234.197.23	SESSION-b479aa11234b67ae → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-17fb8dd67040757e:SESSION-17fb8dd67040757e	SESSION-17fb8dd67040757e → pe:syn:SESSION-17fb8dd67040757e
flow_observed5-aryOBS	e:fo:flow:915f8dd8e505	flow:915f8dd8e505 → host:131.196.29.41 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:ea3534a0835f	flow:ea3534a0835f → host:172.234.197.23 → host:131.196.29.76 → port:tcp:28935
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e25d600ec07dd53e:SESSION-e25d600ec07dd53e	SESSION-e25d600ec07dd53e → pe:syn:SESSION-e25d600ec07dd53e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35fc4de775269620:host:131.196.28.202	SESSION-35fc4de775269620 → host:131.196.28.202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ee088f254667f6a:SESSION-6ee088f254667f6a	SESSION-6ee088f254667f6a → pe:syn:SESSION-6ee088f254667f6a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d8801f02b141d30:host:131.196.28.134	SESSION-0d8801f02b141d30 → host:131.196.28.134
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-8165f1476121226e:SESSION-8165f1476121226e	SESSION-8165f1476121226e → pe:rst:SESSION-8165f1476121226e
FLOW_TO_HOSTOBS	e:to:SESSION-9c58d6336bd500b5:host:172.234.197.23	SESSION-9c58d6336bd500b5 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.51:geo_-16.28860_-49.01640	host:177.10.239.51 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-de1fc6391256943a:SESSION-de1fc6391256943a	SESSION-de1fc6391256943a → pe:tls:SESSION-de1fc6391256943a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0f8a559c2faf4a64:SESSION-0f8a559c2faf4a64	SESSION-0f8a559c2faf4a64 → pe:tls:SESSION-0f8a559c2faf4a64
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3d0d891734a12161:host:131.196.30.54:host:172.234.197.23	SESSION-3d0d891734a12161 → host:131.196.30.54 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-925ab2a859ac277f:SESSION-925ab2a859ac277f	SESSION-925ab2a859ac277f → pe:tls:SESSION-925ab2a859ac277f
FLOW_TO_HOSTOBS	e:to:SESSION-903738316b123ea7:host:172.234.197.23	SESSION-903738316b123ea7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.113:geo_-16.28860_-49.01640	host:177.10.234.113 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be24a8e57194faf0:host:45.173.156.215:host:172.234.197.23	SESSION-be24a8e57194faf0 → host:45.173.156.215 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8ab658d53a1eebd:host:177.10.238.29:host:172.234.197.23	SESSION-c8ab658d53a1eebd → host:177.10.238.29 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-78704dd999ae95fc:flow:0c3de9856f2c	SESSION-78704dd999ae95fc → flow:0c3de9856f2c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f1de6d316dd7305f:host:131.196.31.173:host:172.234.197.23	SESSION-f1de6d316dd7305f → host:131.196.31.173 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c471169f59e284ee:SESSION-c471169f59e284ee	SESSION-c471169f59e284ee → pe:syn:SESSION-c471169f59e284ee
flow_observed5-aryOBS	e:fo:flow:0f786f54457f	flow:0f786f54457f → host:131.196.28.196 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ac1869edc353761e:SESSION-ac1869edc353761e	SESSION-ac1869edc353761e → pe:syn:SESSION-ac1869edc353761e
FLOW_TO_HOSTOBS	e:to:SESSION-67b1c0091ebc1322:host:172.234.197.23	SESSION-67b1c0091ebc1322 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e3ae4e48a37cfd6:host:172.234.197.23	SESSION-8e3ae4e48a37cfd6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e7caeaef261aefc4:host:172.234.197.23	SESSION-e7caeaef261aefc4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-34913801790eb8e4:flow:d8d6c91ee705	SESSION-34913801790eb8e4 → flow:d8d6c91ee705
flow_observed4-aryOBS	e:fo:flow:1afc26fd0acd	flow:1afc26fd0acd → host:172.234.197.23 → host:177.10.232.132 → port:tcp:45034
FLOW_TO_HOSTOBS	e:to:SESSION-8fb67bf931083b29:host:177.10.238.45	SESSION-8fb67bf931083b29 → host:177.10.238.45
FLOW_FROM_HOSTOBS	e:from:SESSION-35fc4de775269620:host:131.196.28.202	SESSION-35fc4de775269620 → host:131.196.28.202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f0bdeae27fd42a89:SESSION-f0bdeae27fd42a89	SESSION-f0bdeae27fd42a89 → pe:syn:SESSION-f0bdeae27fd42a89
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf6bfb4b9f17f41e:PCAP:capture_20260430150001:ded20914761d	SESSION-bf6bfb4b9f17f41e → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:90f47a433baa:port:tcp:8762	flow:90f47a433baa → port:tcp:8762
flow_observed5-aryOBS	e:fo:flow:e7fb21ef8e25	flow:e7fb21ef8e25 → host:131.196.28.207 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9dcf6e772a239b46:flow:982e28d20ec8	SESSION-9dcf6e772a239b46 → flow:982e28d20ec8
flow_observed5-aryOBS	e:fo:flow:c1436067dd70	flow:c1436067dd70 → host:177.10.239.225 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bff0166abbd0d576:host:140.235.124.200:host:172.234.197.23	SESSION-bff0166abbd0d576 → host:140.235.124.200 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d8c774bbe3f97971:SESSION-d8c774bbe3f97971	SESSION-d8c774bbe3f97971 → pe:tls:SESSION-d8c774bbe3f97971
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.246:asn:271410	host:131.196.28.246 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:871875abac62:port:tcp:45297	flow:871875abac62 → port:tcp:45297
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4fb1f3797e8f19a3:host:172.234.197.23:host:177.10.239.4	SESSION-4fb1f3797e8f19a3 → host:172.234.197.23 → host:177.10.239.4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.51:asn:262880	host:177.10.233.51 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7ac209c33b5c7f5:SESSION-b7ac209c33b5c7f5	SESSION-b7ac209c33b5c7f5 → pe:syn:SESSION-b7ac209c33b5c7f5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-57d2db6c2c177c2e:PCAP:capture_20260430070001:903a0e7a436b	SESSION-57d2db6c2c177c2e → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8d5fc6f7b2bd264:SESSION-c8d5fc6f7b2bd264	SESSION-c8d5fc6f7b2bd264 → pe:syn:SESSION-c8d5fc6f7b2bd264
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5da0813b370b7e29:host:172.234.197.23	SESSION-5da0813b370b7e29 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:83025574d3cc:port:tcp:443	flow:83025574d3cc → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-40c5d05833b5d363:PCAP:capture_20260430090001:065659c7d314	SESSION-40c5d05833b5d363 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-a5c85963c9f133e2:host:172.234.197.23	SESSION-a5c85963c9f133e2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-edf23c7505754934:SESSION-edf23c7505754934	SESSION-edf23c7505754934 → pe:tls:SESSION-edf23c7505754934
FLOW_DST_PORTOBS	e:fp:flow:8611e35c54ed:port:tcp:443	flow:8611e35c54ed → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e938dc96c7665991:SESSION-e938dc96c7665991	SESSION-e938dc96c7665991 → pe:syn:SESSION-e938dc96c7665991
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-da14e554ef56152a:host:172.234.197.23:host:177.10.235.126	SESSION-da14e554ef56152a → host:172.234.197.23 → host:177.10.235.126
FLOW_DST_PORTOBS	e:fp:flow:61ec22b9b7c0:port:tcp:58774	flow:61ec22b9b7c0 → port:tcp:58774
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e115bc688365a9e7:flow:92dd17f54f7f	SESSION-e115bc688365a9e7 → flow:92dd17f54f7f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5fb6fe079446275d:SESSION-5fb6fe079446275d	SESSION-5fb6fe079446275d → pe:syn:SESSION-5fb6fe079446275d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc57a46aa64b7388:host:172.234.197.23	SESSION-cc57a46aa64b7388 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-065b3042ded53057:host:172.234.197.23	SESSION-065b3042ded53057 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:243d6111af24:port:tcp:443	flow:243d6111af24 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8739e7552ccb5cc0:SESSION-8739e7552ccb5cc0	SESSION-8739e7552ccb5cc0 → pe:syn:SESSION-8739e7552ccb5cc0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.70:geo_-16.28860_-49.01640	host:177.10.238.70 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6492f21e062d19aa:host:131.196.28.168	SESSION-6492f21e062d19aa → host:131.196.28.168
FLOW_FROM_HOSTOBS	e:from:SESSION-97d8ab6142f53424:host:177.10.233.8	SESSION-97d8ab6142f53424 → host:177.10.233.8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-660cb7ef624de29d:host:172.234.197.23:host:131.196.28.187	SESSION-660cb7ef624de29d → host:172.234.197.23 → host:131.196.28.187
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-20b9f3feffcc2290:PCAP:capture_20260430160001:9bfa4498506a	SESSION-20b9f3feffcc2290 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-6411f10800cf3ef5:BSG-DATA_EXFIL-58d151b66f77	SESSION-6411f10800cf3ef5 → BSG-DATA_EXFIL-58d151b66f77
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6dadefe349dd79f6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6dadefe349dd79f6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-c2474adee374207e:host:172.234.197.23	SESSION-c2474adee374207e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-330bec399d401574:flow:9a8bda96a1d7	SESSION-330bec399d401574 → flow:9a8bda96a1d7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4387fd9792a7eb8a:flow:aee0a53970e5	SESSION-4387fd9792a7eb8a → flow:aee0a53970e5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97a932b8098f01e0:host:172.234.197.23	SESSION-97a932b8098f01e0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4b1f95fcf0f122c7:host:131.196.31.7	SESSION-4b1f95fcf0f122c7 → host:131.196.31.7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4dc418e4265e72ea:host:172.234.197.23	SESSION-4dc418e4265e72ea → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7c506d9600407809:PCAP:capture_20260430060001:919b39a74464	SESSION-7c506d9600407809 → PCAP:capture_20260430060001:919b39a74464
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:136.243.57.208:geo_50.47770_12.36490	host:136.243.57.208 → geo_50.47770_12.36490
flow_observed4-aryOBS	e:fo:flow:f269f8c627cd	flow:f269f8c627cd → host:172.234.197.23 → host:177.10.234.87 → port:tcp:27626
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-47699582b69b5d99:SESSION-47699582b69b5d99	SESSION-47699582b69b5d99 → pe:syn:SESSION-47699582b69b5d99
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7635cd052466cdd:host:104.28.234.79	SESSION-c7635cd052466cdd → host:104.28.234.79
FLOW_TO_HOSTOBS	e:to:SESSION-77d6ed106817bb5a:host:177.10.236.31	SESSION-77d6ed106817bb5a → host:177.10.236.31
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b3057ab5d68c477:SESSION-5b3057ab5d68c477	SESSION-5b3057ab5d68c477 → pe:syn:SESSION-5b3057ab5d68c477
FLOW_TO_HOSTOBS	e:to:SESSION-bd8363b8ee3ddfde:host:177.10.236.7	SESSION-bd8363b8ee3ddfde → host:177.10.236.7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-045a77174f347205:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-045a77174f347205 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d1e35f842f44326:host:172.234.197.23	SESSION-4d1e35f842f44326 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0510bb60587070dd:host:45.173.156.110	SESSION-0510bb60587070dd → host:45.173.156.110
flow_observed5-aryOBS	e:fo:flow:e8b966037588	flow:e8b966037588 → host:177.10.235.220 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-469f9efa6316e344:host:157.180.84.94	SESSION-469f9efa6316e344 → host:157.180.84.94
FLOW_FROM_HOSTOBS	e:from:SESSION-60aea8c76fce71c9:host:131.196.29.80	SESSION-60aea8c76fce71c9 → host:131.196.29.80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-49ffa8539a7cb217:SESSION-49ffa8539a7cb217	SESSION-49ffa8539a7cb217 → pe:tls:SESSION-49ffa8539a7cb217
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb0638f1774736d1:host:172.234.197.23	SESSION-cb0638f1774736d1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f1777a33d63b	flow:f1777a33d63b → host:140.235.124.200 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4cd4ae8706680eb9:SESSION-4cd4ae8706680eb9	SESSION-4cd4ae8706680eb9 → pe:syn:SESSION-4cd4ae8706680eb9
FLOW_FROM_HOSTOBS	e:from:SESSION-e8070c9158a1a853:host:172.234.197.23	SESSION-e8070c9158a1a853 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.111:asn:203771	host:92.112.71.111 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:1dec1a3b0255:port:tcp:28466	flow:1dec1a3b0255 → port:tcp:28466
FLOW_TO_HOSTOBS	e:to:SESSION-34efc230578c0ec6:host:172.234.197.23	SESSION-34efc230578c0ec6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:73c4fbb68f1e:port:tcp:443	flow:73c4fbb68f1e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6fd2d6a70384f754:host:172.234.197.23	SESSION-6fd2d6a70384f754 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7aaf7c17fdae8be6:host:172.234.197.23	SESSION-7aaf7c17fdae8be6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2d53672361f048e5:SESSION-2d53672361f048e5	SESSION-2d53672361f048e5 → pe:syn:SESSION-2d53672361f048e5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d9b13ac4e6d83a5e:SESSION-d9b13ac4e6d83a5e	SESSION-d9b13ac4e6d83a5e → pe:tls:SESSION-d9b13ac4e6d83a5e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-424fe4b4ecc22e45:SESSION-424fe4b4ecc22e45	SESSION-424fe4b4ecc22e45 → pe:tls:SESSION-424fe4b4ecc22e45
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5e8c587e48bf8617:flow:47c922c3eea5	SESSION-5e8c587e48bf8617 → flow:47c922c3eea5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-17a3924886eb315f:host:172.234.197.23:host:131.196.31.47	SESSION-17a3924886eb315f → host:172.234.197.23 → host:131.196.31.47
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e0a8afad40ce0aa2:PCAP:capture_20260430110001:43611bdf6759	SESSION-e0a8afad40ce0aa2 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8cb5f38c68f62897:flow:854f7b803eaa	SESSION-8cb5f38c68f62897 → flow:854f7b803eaa
FLOW_FROM_HOSTOBS	e:from:SESSION-23aaa31711ea4954:host:177.10.236.196	SESSION-23aaa31711ea4954 → host:177.10.236.196
flow_observed4-aryOBS	e:fo:flow:7d071d66e083	flow:7d071d66e083 → host:172.234.197.23 → host:131.196.28.78 → port:tcp:37162
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7273aea3ec9beab:host:172.234.197.23	SESSION-f7273aea3ec9beab → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9b9695896cdce250:flow:a92b40db2dd8	SESSION-9b9695896cdce250 → flow:a92b40db2dd8
FLOW_TO_HOSTOBS	e:to:SESSION-332b957940cff81b:host:172.234.197.23	SESSION-332b957940cff81b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ac3abc26fe7d2af5:flow:4ef16227b924	SESSION-ac3abc26fe7d2af5 → flow:4ef16227b924
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be24a8e57194faf0:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-be24a8e57194faf0 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3a3baa467b71ba10:SESSION-3a3baa467b71ba10	SESSION-3a3baa467b71ba10 → pe:syn:SESSION-3a3baa467b71ba10
FLOW_FROM_HOSTOBS	e:from:SESSION-6229e1e1c7b389d0:host:172.234.197.23	SESSION-6229e1e1c7b389d0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:bd3840ea5a34	flow:bd3840ea5a34 → host:177.10.239.12 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b836173867007d89:flow:a53e75876912	SESSION-b836173867007d89 → flow:a53e75876912
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-265a2f0fa666e936:host:172.234.197.23	SESSION-265a2f0fa666e936 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a29c9496c44f9fe8:host:172.234.197.23	SESSION-a29c9496c44f9fe8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf34c898669d01e7:flow:4c41cf07253f	SESSION-bf34c898669d01e7 → flow:4c41cf07253f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.48:geo_-16.28860_-49.01640	host:177.10.238.48 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-de23fe28677c4a6e:host:131.196.28.208	SESSION-de23fe28677c4a6e → host:131.196.28.208
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-befd285205c2bf8f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-befd285205c2bf8f → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-95c23d407c86213b:PCAP:capture_20260430150001:ded20914761d	SESSION-95c23d407c86213b → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:a3a569e5aede:port:tcp:61680	flow:a3a569e5aede → port:tcp:61680
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-52c764b77552a86d:SESSION-52c764b77552a86d	SESSION-52c764b77552a86d → pe:tls:SESSION-52c764b77552a86d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fa1be017e5052d0a:PCAP:capture_20260430090001:065659c7d314	SESSION-fa1be017e5052d0a → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74d0e7e40a4e478e:host:172.234.197.23	SESSION-74d0e7e40a4e478e → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:35.95.128.58:asn:16509	host:35.95.128.58 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3d526a62cd76fa97:SESSION-3d526a62cd76fa97	SESSION-3d526a62cd76fa97 → pe:tls:SESSION-3d526a62cd76fa97
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9427f5c2202c5258:flow:0ece5c076886	SESSION-9427f5c2202c5258 → flow:0ece5c076886
FLOW_TO_HOSTOBS	e:to:SESSION-42ed5696c9e60897:host:172.234.197.23	SESSION-42ed5696c9e60897 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-30e9e6bd80ef39ea:host:131.196.30.90	SESSION-30e9e6bd80ef39ea → host:131.196.30.90
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.69:geo_-23.62930_-46.63510	host:131.196.28.69 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cdfe5014ffcf69db:host:177.10.233.35	SESSION-cdfe5014ffcf69db → host:177.10.233.35
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3b376322eb831975:PCAP:capture_20260430070001:903a0e7a436b	SESSION-3b376322eb831975 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-6bfe68f8e20317f4:host:177.10.234.185	SESSION-6bfe68f8e20317f4 → host:177.10.234.185
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-007d1747f3bd10df:host:172.234.197.23:host:177.10.234.113	SESSION-007d1747f3bd10df → host:172.234.197.23 → host:177.10.234.113
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eb7b7dca9012c682:SESSION-eb7b7dca9012c682	SESSION-eb7b7dca9012c682 → pe:tls:SESSION-eb7b7dca9012c682
FLOW_FROM_HOSTOBS	e:from:SESSION-409f2c106c7c54cc:host:131.196.31.78	SESSION-409f2c106c7c54cc → host:131.196.31.78
FLOW_DST_PORTOBS	e:fp:flow:a2e558ecc3f4:port:tcp:443	flow:a2e558ecc3f4 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.158:geo_-16.28860_-49.01640	host:177.10.232.158 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6c0d18b24ee9d3d4:flow:a087623b0a6f	SESSION-6c0d18b24ee9d3d4 → flow:a087623b0a6f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-06b5f759c1748871:flow:9b52713bd4bb	SESSION-06b5f759c1748871 → flow:9b52713bd4bb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11a1cfec66708475:host:177.10.238.221	SESSION-11a1cfec66708475 → host:177.10.238.221
FLOW_FROM_HOSTOBS	e:from:SESSION-bd9436da4a7a552d:host:172.234.197.23	SESSION-bd9436da4a7a552d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f51f16a6829ff61b:host:131.196.29.236	SESSION-f51f16a6829ff61b → host:131.196.29.236
FLOW_TO_HOSTOBS	e:to:SESSION-28765694f1859e38:host:172.234.197.23	SESSION-28765694f1859e38 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-edaec15d65a63fe7:flow:6a526367cd4a	SESSION-edaec15d65a63fe7 → flow:6a526367cd4a
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.221:asn:271410	host:131.196.30.221 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-71340f64d1455f4f:host:16.60.246.31	SESSION-71340f64d1455f4f → host:16.60.246.31
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4eec40051c49c7bf:host:172.234.197.23:host:131.196.30.194	SESSION-4eec40051c49c7bf → host:172.234.197.23 → host:131.196.30.194
flow_observed5-aryOBS	e:fo:flow:9ff212dda63b	flow:9ff212dda63b → host:177.10.237.20 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-784ef99bf699df93:flow:631582c4148b	SESSION-784ef99bf699df93 → flow:631582c4148b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-36a0a9e003021f23:SESSION-36a0a9e003021f23	SESSION-36a0a9e003021f23 → pe:syn:SESSION-36a0a9e003021f23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5c80786b4900f92c:host:172.234.197.23:host:177.10.232.204	SESSION-5c80786b4900f92c → host:172.234.197.23 → host:177.10.232.204
FLOW_DST_PORTOBS	e:fp:flow:9093eff6b816:port:tcp:443	flow:9093eff6b816 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36966af2dfd8700b:host:131.196.30.0	SESSION-36966af2dfd8700b → host:131.196.30.0
FLOW_DST_PORTOBS	e:fp:flow:b72f88a9c0c6:port:tcp:29928	flow:b72f88a9c0c6 → port:tcp:29928
FLOW_TO_HOSTOBS	e:to:SESSION-bf00afe8057eb986:host:131.196.31.229	SESSION-bf00afe8057eb986 → host:131.196.31.229
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8224ed8c82963e52:host:131.196.28.81	SESSION-8224ed8c82963e52 → host:131.196.28.81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9501d29cea91bd7b:SESSION-9501d29cea91bd7b	SESSION-9501d29cea91bd7b → pe:syn:SESSION-9501d29cea91bd7b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.86:geo_-23.62930_-46.63510	host:131.196.31.86 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-396da887f3ac73e5:host:172.234.197.23	SESSION-396da887f3ac73e5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-970263f3772afe71:host:172.234.197.23	SESSION-970263f3772afe71 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-360f4972fec5b7e0:flow:a37ef82274d7	SESSION-360f4972fec5b7e0 → flow:a37ef82274d7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e96c97861c631394:SESSION-e96c97861c631394	SESSION-e96c97861c631394 → pe:tls:SESSION-e96c97861c631394
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-72a654eac2136215:host:177.10.238.125:host:172.234.197.23	SESSION-72a654eac2136215 → host:177.10.238.125 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e61b886c68594d41:host:172.232.0.17	SESSION-e61b886c68594d41 → host:172.232.0.17
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.35:geo_-23.62930_-46.63510	host:131.196.29.35 → geo_-23.62930_-46.63510
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-db3c6ad3393f14ad:BSG-BEACON-9c6d26db7621	SESSION-db3c6ad3393f14ad → BSG-BEACON-9c6d26db7621
FLOW_DST_PORTOBS	e:fp:flow:924a7bf90f20:port:tcp:51647	flow:924a7bf90f20 → port:tcp:51647
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc9c57ce6bc30045:host:177.10.237.164	SESSION-bc9c57ce6bc30045 → host:177.10.237.164
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e8f7d68f255e7d9c:SESSION-e8f7d68f255e7d9c	SESSION-e8f7d68f255e7d9c → pe:tls:SESSION-e8f7d68f255e7d9c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.194:geo_-23.62930_-46.63510	host:131.196.29.194 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-c2b6fa392d99e4e2:host:177.10.232.198	SESSION-c2b6fa392d99e4e2 → host:177.10.232.198
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0feaffd55940508b:SESSION-0feaffd55940508b	SESSION-0feaffd55940508b → pe:tls:SESSION-0feaffd55940508b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-06b5f759c1748871:SESSION-06b5f759c1748871	SESSION-06b5f759c1748871 → pe:tls:SESSION-06b5f759c1748871
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ff9e39cb371b24f:host:131.196.29.249	SESSION-1ff9e39cb371b24f → host:131.196.29.249
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cf85e37468f1ff86:flow:2539e145c2c5	SESSION-cf85e37468f1ff86 → flow:2539e145c2c5
FLOW_DST_PORTOBS	e:fp:flow:9d09283dd3ed:port:tcp:443	flow:9d09283dd3ed → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-912f333ca4ce75c1:host:172.234.197.23	SESSION-912f333ca4ce75c1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-e883c2ce63ee6e05:SESSION-e883c2ce63ee6e05	SESSION-e883c2ce63ee6e05 → pe:dns:SESSION-e883c2ce63ee6e05
FLOW_DST_PORTOBS	e:fp:flow:b214172954f6:port:tcp:443	flow:b214172954f6 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-829f75d99e4943bf:flow:4cb50c25219a	SESSION-829f75d99e4943bf → flow:4cb50c25219a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-29fae5326f4697b4:flow:a6e7268ade32	SESSION-29fae5326f4697b4 → flow:a6e7268ade32
FLOW_FROM_HOSTOBS	e:from:SESSION-4b068e0f016ef609:host:131.196.30.41	SESSION-4b068e0f016ef609 → host:131.196.30.41
FLOW_TO_HOSTOBS	e:to:SESSION-7738f57138403f60:host:45.173.156.7	SESSION-7738f57138403f60 → host:45.173.156.7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3616b79a24490a3:host:172.234.197.23	SESSION-f3616b79a24490a3 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.98:asn:262880	host:177.10.235.98 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1909494739e8c502:host:37.27.162.26	SESSION-1909494739e8c502 → host:37.27.162.26
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4879ced74a20729f:host:172.234.197.23:host:177.10.233.185	SESSION-4879ced74a20729f → host:172.234.197.23 → host:177.10.233.185
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.13:geo_-23.62930_-46.63510	host:131.196.31.13 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-164d60043533ec4c:PCAP:capture_20260430070001:903a0e7a436b	SESSION-164d60043533ec4c → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:f966ec2c5ed6:port:tcp:443	flow:f966ec2c5ed6 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:2fb82c7d6bf2:port:tcp:443	flow:2fb82c7d6bf2 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.136:geo_-21.10010_-41.69200	host:45.173.156.136 → geo_-21.10010_-41.69200
flow_observed4-aryOBS	e:fo:flow:f4c6bf1043ac	flow:f4c6bf1043ac → host:172.234.197.23 → host:45.173.156.7 → port:tcp:37212
flow_observed5-aryOBS	e:fo:flow:67789bf9388e	flow:67789bf9388e → host:45.173.156.137 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9af6eb1ce6cb824f:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-9af6eb1ce6cb824f → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-793bdbe15c87a87a:host:177.10.232.107	SESSION-793bdbe15c87a87a → host:177.10.232.107
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3e2d293cdcc6efc8:flow:9071d3ff9c14	SESSION-3e2d293cdcc6efc8 → flow:9071d3ff9c14
FLOW_DST_PORTOBS	e:fp:flow:2961c6ce61bd:port:tcp:443	flow:2961c6ce61bd → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:03fdc6fabf43:port:tcp:21784	flow:03fdc6fabf43 → port:tcp:21784
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ff0c6bdae7c0fa78:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ff0c6bdae7c0fa78 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:6c01028ff404	flow:6c01028ff404 → host:177.10.236.30 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c7bf6a31f6e2d56:host:172.234.197.23	SESSION-5c7bf6a31f6e2d56 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:15998bf30ce3:port:tcp:443	flow:15998bf30ce3 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-1ce76d6af7b7d93f:host:177.10.234.188	SESSION-1ce76d6af7b7d93f → host:177.10.234.188
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5106b190666c06c:host:172.234.197.23	SESSION-a5106b190666c06c → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.126:geo_-16.28860_-49.01640	host:177.10.239.126 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e8104be0e9171978:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-e8104be0e9171978 → PCAP:capture_20260427230001:ca8bd1ce36e2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fd9b77a0701a4e1b:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-fd9b77a0701a4e1b → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d47d434116add089:host:172.234.197.23	SESSION-d47d434116add089 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2c61460e754c8f6:host:172.234.197.23	SESSION-b2c61460e754c8f6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c89e102c8b8b6c97:host:172.234.197.23	SESSION-c89e102c8b8b6c97 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1624b178b88eb54d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-1624b178b88eb54d → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7ae30acbd5f5fc5:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-b7ae30acbd5f5fc5 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eed6a9b72737e44d:host:45.173.156.39	SESSION-eed6a9b72737e44d → host:45.173.156.39
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a74ec174530f5239:host:44.244.28.93:host:172.234.197.23	SESSION-a74ec174530f5239 → host:44.244.28.93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0a2ec1133f1da31:host:172.234.197.23	SESSION-d0a2ec1133f1da31 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2bf5c26caf57dc4e:flow:7b52e9885df6	SESSION-2bf5c26caf57dc4e → flow:7b52e9885df6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a6ed96bf23ac2f6b:flow:5ff22c5fc613	SESSION-a6ed96bf23ac2f6b → flow:5ff22c5fc613
FLOW_FROM_HOSTOBS	e:from:SESSION-d1e0a6d0f6eee882:host:177.10.235.165	SESSION-d1e0a6d0f6eee882 → host:177.10.235.165
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-578ff4b2beeb08df:host:131.196.29.61	SESSION-578ff4b2beeb08df → host:131.196.29.61
flow_observed5-aryOBS	e:fo:flow:73940bbfeb00	flow:73940bbfeb00 → host:177.10.237.4 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0c0cdf691d2bdc12:flow:23a083c73ae6	SESSION-0c0cdf691d2bdc12 → flow:23a083c73ae6
FLOW_TO_HOSTOBS	e:to:SESSION-074c4a6b1ee06430:host:172.234.197.23	SESSION-074c4a6b1ee06430 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fb0bca31750919c1:SESSION-fb0bca31750919c1	SESSION-fb0bca31750919c1 → pe:tls:SESSION-fb0bca31750919c1
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.182:asn:271410	host:131.196.31.182 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f19ceabce4d2fbb5:flow:7be41fc9ed2d	SESSION-f19ceabce4d2fbb5 → flow:7be41fc9ed2d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.129:geo_-16.28860_-49.01640	host:177.10.235.129 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3553d3f3f842e7ac:host:51.210.99.95	SESSION-3553d3f3f842e7ac → host:51.210.99.95
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4cde7abdf73c6af1:flow:b5d485827129	SESSION-4cde7abdf73c6af1 → flow:b5d485827129
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-32273c66c8bf9656:flow:d78c19afef86	SESSION-32273c66c8bf9656 → flow:d78c19afef86
flow_observed5-aryOBS	e:fo:flow:fc58fb73a310	flow:fc58fb73a310 → host:177.10.236.94 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.106:asn:271410	host:131.196.30.106 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-489ca31c7f776997:SESSION-489ca31c7f776997	SESSION-489ca31c7f776997 → pe:syn:SESSION-489ca31c7f776997
FLOW_TO_HOSTOBS	e:to:SESSION-0dea31b94d7dde57:host:172.234.197.23	SESSION-0dea31b94d7dde57 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a5106b190666c06c:host:172.234.197.23	SESSION-a5106b190666c06c → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:6a46893b400c	flow:6a46893b400c → host:172.234.197.23 → host:131.196.30.36 → port:tcp:18902
flow_observed5-aryOBS	e:fo:flow:35322a654e75	flow:35322a654e75 → host:31.40.196.96 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2161d2ba591330e1:host:177.10.232.61	SESSION-2161d2ba591330e1 → host:177.10.232.61
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-97a932b8098f01e0:PCAP:capture_20260430050001:8868731bf8a4	SESSION-97a932b8098f01e0 → PCAP:capture_20260430050001:8868731bf8a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.39:asn:262880	host:177.10.239.39 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dca77cba3fb011ca:SESSION-dca77cba3fb011ca	SESSION-dca77cba3fb011ca → pe:tls:SESSION-dca77cba3fb011ca
FLOW_TO_HOSTOBS	e:to:SESSION-a10047b74101a9ce:host:172.234.197.23	SESSION-a10047b74101a9ce → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-331f26717743f7bf:host:131.196.28.246	SESSION-331f26717743f7bf → host:131.196.28.246
HOST_IN_ASNOBS 85%	e:ha:host:13.60.168.200:asn:16509	host:13.60.168.200 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a865531d109b7c1:SESSION-4a865531d109b7c1	SESSION-4a865531d109b7c1 → pe:tls:SESSION-4a865531d109b7c1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-11ee8787e5fc7b06:SESSION-11ee8787e5fc7b06	SESSION-11ee8787e5fc7b06 → pe:syn:SESSION-11ee8787e5fc7b06
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.91:geo_-16.28860_-49.01640	host:177.10.238.91 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f51f16a6829ff61b:host:131.196.29.236:host:172.234.197.23	SESSION-f51f16a6829ff61b → host:131.196.29.236 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e77738dbb03f9aec:host:177.10.239.4	SESSION-e77738dbb03f9aec → host:177.10.239.4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-921389e161f019e9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-921389e161f019e9 → PCAP:capture_20260430080001:93f47cc296a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.66:geo_-16.28860_-49.01640	host:177.10.232.66 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4be71a9ef959f500:host:131.196.31.145	SESSION-4be71a9ef959f500 → host:131.196.31.145
FLOW_TO_HOSTOBS	e:to:SESSION-a3417e991c57bd21:host:172.234.197.23	SESSION-a3417e991c57bd21 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-76408b67fb88a4bd:host:177.10.237.17	SESSION-76408b67fb88a4bd → host:177.10.237.17
HOST_IN_ASNOBS 85%	e:ha:host:51.224.135.22:asn:16509	host:51.224.135.22 → asn:16509
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.6:asn:262880	host:177.10.238.6 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65fda4a5b580780a:SESSION-65fda4a5b580780a	SESSION-65fda4a5b580780a → pe:syn:SESSION-65fda4a5b580780a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d00c2356d94b56a1:SESSION-d00c2356d94b56a1	SESSION-d00c2356d94b56a1 → pe:syn:SESSION-d00c2356d94b56a1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52edb7664c060999:host:172.234.197.23	SESSION-52edb7664c060999 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21ced843a950a21a:host:177.10.233.112	SESSION-21ced843a950a21a → host:177.10.233.112
flow_observed5-aryOBS	e:fo:flow:b22610351f52	flow:b22610351f52 → host:177.10.237.162 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-51daf4959db84d02:BSG-BEACON-e07f4250263f	SESSION-51daf4959db84d02 → BSG-BEACON-e07f4250263f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ba981a6eb39461c8:SESSION-ba981a6eb39461c8	SESSION-ba981a6eb39461c8 → pe:tls:SESSION-ba981a6eb39461c8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6bfe68f8e20317f4:SESSION-6bfe68f8e20317f4	SESSION-6bfe68f8e20317f4 → pe:syn:SESSION-6bfe68f8e20317f4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-76408b67fb88a4bd:SESSION-76408b67fb88a4bd	SESSION-76408b67fb88a4bd → pe:syn:SESSION-76408b67fb88a4bd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d31cb6e546f767b7:host:172.234.197.23	SESSION-d31cb6e546f767b7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39adf49608796443:host:177.10.239.177	SESSION-39adf49608796443 → host:177.10.239.177
FLOW_FROM_HOSTOBS	e:from:SESSION-95f80a98e12e105d:host:172.234.197.23	SESSION-95f80a98e12e105d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a9c12f6159b9a7a1:SESSION-a9c12f6159b9a7a1	SESSION-a9c12f6159b9a7a1 → pe:syn:SESSION-a9c12f6159b9a7a1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65e7ac6f998115f7:SESSION-65e7ac6f998115f7	SESSION-65e7ac6f998115f7 → pe:syn:SESSION-65e7ac6f998115f7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.159:geo_-16.28860_-49.01640	host:177.10.232.159 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bef335bbd7bd0f49:host:172.234.197.23	SESSION-bef335bbd7bd0f49 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2edb1208bb0bd400:PCAP:capture_20260430150001:ded20914761d	SESSION-2edb1208bb0bd400 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bd0de62eb0560e2b:flow:41875790e99e	SESSION-bd0de62eb0560e2b → flow:41875790e99e
flow_observed5-aryOBS	e:fo:flow:ffc45234dfd0	flow:ffc45234dfd0 → host:131.196.31.158 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35910be85c736a39:host:177.10.235.11	SESSION-35910be85c736a39 → host:177.10.235.11
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-186abbea6a1cb4f5:host:92.112.71.221:host:172.234.197.23	SESSION-186abbea6a1cb4f5 → host:92.112.71.221 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0482ff4f8e4ec953:host:172.234.197.23	SESSION-0482ff4f8e4ec953 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e577d7cf1b0ace36:host:131.196.29.29	SESSION-e577d7cf1b0ace36 → host:131.196.29.29
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6c4ed0368ffe58f8:SESSION-6c4ed0368ffe58f8	SESSION-6c4ed0368ffe58f8 → pe:syn:SESSION-6c4ed0368ffe58f8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-054885aa6e2323da:SESSION-054885aa6e2323da	SESSION-054885aa6e2323da → pe:tls:SESSION-054885aa6e2323da
flow_observed4-aryOBS	e:fo:flow:8e7f3f4c4f31	flow:8e7f3f4c4f31 → host:172.234.197.23 → host:177.10.232.63 → port:tcp:16800
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-887f47388267b095:flow:b86e2d63795a	SESSION-887f47388267b095 → flow:b86e2d63795a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf6bfb4b9f17f41e:host:172.234.197.23	SESSION-bf6bfb4b9f17f41e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a5d297f882a3348:host:131.196.31.229:host:172.234.197.23	SESSION-4a5d297f882a3348 → host:131.196.31.229 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a98ae7d95e9a62c0:flow:359deaa24329	SESSION-a98ae7d95e9a62c0 → flow:359deaa24329
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-94bbfef7eb27207b:SESSION-94bbfef7eb27207b	SESSION-94bbfef7eb27207b → pe:syn:SESSION-94bbfef7eb27207b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36db005d6a8b5922:host:177.10.238.189	SESSION-36db005d6a8b5922 → host:177.10.238.189
flow_observed4-aryOBS	e:fo:flow:11b885f943ca	flow:11b885f943ca → host:172.234.197.23 → host:131.196.31.74 → port:tcp:30324
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5e8c587e48bf8617:SESSION-5e8c587e48bf8617	SESSION-5e8c587e48bf8617 → pe:tls:SESSION-5e8c587e48bf8617
FLOW_FROM_HOSTOBS	e:from:SESSION-fdee4339c7caabb6:host:172.234.197.23	SESSION-fdee4339c7caabb6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0532a1c12e883894:host:177.10.234.109:host:172.234.197.23	SESSION-0532a1c12e883894 → host:177.10.234.109 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ecb67f73d2142d93:host:177.10.232.142:host:172.234.197.23	SESSION-ecb67f73d2142d93 → host:177.10.232.142 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fa08911a1f564da4:SESSION-fa08911a1f564da4	SESSION-fa08911a1f564da4 → pe:syn:SESSION-fa08911a1f564da4
FLOW_TO_HOSTOBS	e:to:SESSION-cf31506875543a88:host:172.234.197.23	SESSION-cf31506875543a88 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c55eb6f1c0bb6137:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c55eb6f1c0bb6137 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:e4253dfcf9e0	flow:e4253dfcf9e0 → host:177.10.238.151 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ef46e42b79ae57cb:flow:1756a9d5cbe6	SESSION-ef46e42b79ae57cb → flow:1756a9d5cbe6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aaf7ce37564a0317:SESSION-aaf7ce37564a0317	SESSION-aaf7ce37564a0317 → pe:syn:SESSION-aaf7ce37564a0317
FLOW_DST_PORTOBS	e:fp:flow:23c6fe3291b5:port:tcp:18686	flow:23c6fe3291b5 → port:tcp:18686
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f8d6efdf3cd688f1:flow:0080953c1172	SESSION-f8d6efdf3cd688f1 → flow:0080953c1172
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9128704be6a27a1a:host:44.250.172.176:host:172.234.197.23	SESSION-9128704be6a27a1a → host:44.250.172.176 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa51bce6270c7d63:flow:8dabb052ca27	SESSION-aa51bce6270c7d63 → flow:8dabb052ca27
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09a6e49240d11692:host:45.173.156.51	SESSION-09a6e49240d11692 → host:45.173.156.51
FLOW_FROM_HOSTOBS	e:from:SESSION-7ab52a513e5ed877:host:177.10.237.24	SESSION-7ab52a513e5ed877 → host:177.10.237.24
FLOW_FROM_HOSTOBS	e:from:SESSION-424e5c5b03912c3d:host:177.10.238.81	SESSION-424e5c5b03912c3d → host:177.10.238.81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-287f6ffdc6040b27:SESSION-287f6ffdc6040b27	SESSION-287f6ffdc6040b27 → pe:syn:SESSION-287f6ffdc6040b27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8409f84148f471e2:SESSION-8409f84148f471e2	SESSION-8409f84148f471e2 → pe:tls:SESSION-8409f84148f471e2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5d4ae68a057da74d:PCAP:capture_20260430110001:43611bdf6759	SESSION-5d4ae68a057da74d → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-bf9713fb7209fcf9:host:177.10.232.184	SESSION-bf9713fb7209fcf9 → host:177.10.232.184
FLOW_FROM_HOSTOBS	e:from:SESSION-3c17e2540d05f4c2:host:131.196.30.212	SESSION-3c17e2540d05f4c2 → host:131.196.30.212
flow_observed3-aryOBS	e:fo:flow:aa2d87ef9ebe	flow:aa2d87ef9ebe → host:54.222.137.228 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db98e45dca973468:SESSION-db98e45dca973468	SESSION-db98e45dca973468 → pe:syn:SESSION-db98e45dca973468
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ceaacc21db1a34ae:PCAP:capture_20260430110001:43611bdf6759	SESSION-ceaacc21db1a34ae → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8a1214f59f834d98:SESSION-8a1214f59f834d98	SESSION-8a1214f59f834d98 → pe:syn:SESSION-8a1214f59f834d98
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a83b6f19c39d579f:host:131.196.30.23	SESSION-a83b6f19c39d579f → host:131.196.30.23
FLOW_TO_HOSTOBS	e:to:SESSION-cf85a83f91ce2875:host:131.196.30.12	SESSION-cf85a83f91ce2875 → host:131.196.30.12
FLOW_FROM_HOSTOBS	e:from:SESSION-db8bd5551afdaf6c:host:177.10.233.93	SESSION-db8bd5551afdaf6c → host:177.10.233.93
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-442d12ad40b35d12:flow:16db29bc6b3c	SESSION-442d12ad40b35d12 → flow:16db29bc6b3c
FLOW_DST_PORTOBS	e:fp:flow:772dd1b72f41:port:tcp:32212	flow:772dd1b72f41 → port:tcp:32212
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.196:geo_-16.28860_-49.01640	host:177.10.239.196 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-abc64529b37d4840:host:172.234.197.23	SESSION-abc64529b37d4840 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:fe87d643d64f	flow:fe87d643d64f → host:177.10.232.135 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1da9f85a5b3be49b:flow:4c12ac92a068	SESSION-1da9f85a5b3be49b → flow:4c12ac92a068
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db1ee555567b9b22:host:131.196.28.234:host:172.234.197.23	SESSION-db1ee555567b9b22 → host:131.196.28.234 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf07a99306d1414b:host:172.234.197.23	SESSION-cf07a99306d1414b → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:0a7adc7b38b0	flow:0a7adc7b38b0 → host:172.234.197.23 → host:177.10.237.138 → port:tcp:32911
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa6f99be6bce12b0:host:172.234.197.23	SESSION-fa6f99be6bce12b0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7e6f5f35bde9b3d2:SESSION-7e6f5f35bde9b3d2	SESSION-7e6f5f35bde9b3d2 → pe:tls:SESSION-7e6f5f35bde9b3d2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e8f7d68f255e7d9c:flow:829cd549e8bd	SESSION-e8f7d68f255e7d9c → flow:829cd549e8bd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e859a84eb4eaf300:PCAP:capture_20260430080001:93f47cc296a4	SESSION-e859a84eb4eaf300 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51bab49b2715dbc9:host:54.149.68.137:host:172.234.197.23	SESSION-51bab49b2715dbc9 → host:54.149.68.137 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c59147b81bc92a14:host:177.10.234.239	SESSION-c59147b81bc92a14 → host:177.10.234.239
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d3f99262a1bb3592:host:172.234.197.23:host:131.196.30.237	SESSION-d3f99262a1bb3592 → host:172.234.197.23 → host:131.196.30.237
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-89fe4f171fdbfa97:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-89fe4f171fdbfa97 → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed5-aryOBS	e:fo:flow:b36d5e36f32f	flow:b36d5e36f32f → host:177.10.239.108 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1530091b08a9906d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1530091b08a9906d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-07ba7d1d1566dce2:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-07ba7d1d1566dce2 → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed5-aryOBS	e:fo:flow:25a8e2ead68a	flow:25a8e2ead68a → host:95.170.25.215 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85383edd293fa3f5:host:172.234.197.23:host:131.196.30.247	SESSION-85383edd293fa3f5 → host:172.234.197.23 → host:131.196.30.247
FLOW_DST_PORTOBS	e:fp:flow:ed638ee6cce6:port:tcp:443	flow:ed638ee6cce6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e01aa770e4fba49e:host:172.234.197.23	SESSION-e01aa770e4fba49e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-defec876bf358011:host:34.216.30.208:host:172.234.197.23	SESSION-defec876bf358011 → host:34.216.30.208 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b56df08c2f82	flow:b56df08c2f82 → host:172.234.197.23 → host:177.10.236.16 → port:tcp:60477
FLOW_FROM_HOSTOBS	e:from:SESSION-b1dfe7de9432473b:host:172.234.197.23	SESSION-b1dfe7de9432473b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-35561958c0468d3f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-35561958c0468d3f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.152:asn:262880	host:177.10.235.152 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a20fc4ba13bfca4:host:177.10.234.82:host:172.234.197.23	SESSION-8a20fc4ba13bfca4 → host:177.10.234.82 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:51c50c31258a:port:tcp:443	flow:51c50c31258a → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:6a29fa607f6c	flow:6a29fa607f6c → host:177.10.236.236 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-845630b36dc2dead:host:172.234.197.23	SESSION-845630b36dc2dead → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b488d873ad67:port:tcp:443	flow:b488d873ad67 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a5092ccda361ecd:host:177.10.237.226	SESSION-5a5092ccda361ecd → host:177.10.237.226
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.129:geo_-23.62930_-46.63510	host:131.196.29.129 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c873de224cbac149:host:131.196.28.7	SESSION-c873de224cbac149 → host:131.196.28.7
FLOW_DST_PORTOBS	e:fp:flow:e8086fb2a9cb:port:tcp:443	flow:e8086fb2a9cb → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-fbdf1132d9fb1d0d:host:177.10.234.23	SESSION-fbdf1132d9fb1d0d → host:177.10.234.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-23002560e1da6de3:SESSION-23002560e1da6de3	SESSION-23002560e1da6de3 → pe:syn:SESSION-23002560e1da6de3
FLOW_DST_PORTOBS	e:fp:flow:74b4e8a79222:port:tcp:443	flow:74b4e8a79222 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:77cfe94da839	flow:77cfe94da839 → host:131.196.31.150 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9d43b9fecb8f031e:SESSION-9d43b9fecb8f031e	SESSION-9d43b9fecb8f031e → pe:tls:SESSION-9d43b9fecb8f031e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-39cfa534eb7ca418:flow:39906cd67d5b	SESSION-39cfa534eb7ca418 → flow:39906cd67d5b
flow_observed5-aryOBS	e:fo:flow:df53e3b2ee55	flow:df53e3b2ee55 → host:177.10.233.130 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1191ea69c7b9e8e5:host:109.89.117.44	SESSION-1191ea69c7b9e8e5 → host:109.89.117.44
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c651848d98d2f620:host:172.234.197.23	SESSION-c651848d98d2f620 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.141:geo_-23.62930_-46.63510	host:131.196.31.141 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-845fd343ebc60049:host:172.234.197.23	SESSION-845fd343ebc60049 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1a7a1da766d51711:host:177.10.238.94	SESSION-1a7a1da766d51711 → host:177.10.238.94
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da61b01cc679b249:host:172.234.197.23	SESSION-da61b01cc679b249 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c97208f3d5d9be26:PCAP:capture_20260430060001:919b39a74464	SESSION-c97208f3d5d9be26 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2b2ef1696b4c4f00:SESSION-2b2ef1696b4c4f00	SESSION-2b2ef1696b4c4f00 → pe:syn:SESSION-2b2ef1696b4c4f00
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-64a8af826dc81e59:SESSION-64a8af826dc81e59	SESSION-64a8af826dc81e59 → pe:tls:SESSION-64a8af826dc81e59
FLOW_FROM_HOSTOBS	e:from:SESSION-17fce8ea46af65f2:host:172.234.197.23	SESSION-17fce8ea46af65f2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7037fa1e0334ef5:SESSION-b7037fa1e0334ef5	SESSION-b7037fa1e0334ef5 → pe:tls:SESSION-b7037fa1e0334ef5
FLOW_TO_HOSTOBS	e:to:SESSION-c5664e67ab454dc8:host:177.10.232.222	SESSION-c5664e67ab454dc8 → host:177.10.232.222
FLOW_TO_HOSTOBS	e:to:SESSION-4a865531d109b7c1:host:131.196.28.168	SESSION-4a865531d109b7c1 → host:131.196.28.168
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0612d11703a94cf9:SESSION-0612d11703a94cf9	SESSION-0612d11703a94cf9 → pe:syn:SESSION-0612d11703a94cf9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-74f0d8e902dc1bc9:host:172.234.197.23:host:177.10.239.146	SESSION-74f0d8e902dc1bc9 → host:172.234.197.23 → host:177.10.239.146
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ea66afd66f329a0:host:172.234.197.23	SESSION-0ea66afd66f329a0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c825a37bb7881b6:host:172.234.197.23	SESSION-9c825a37bb7881b6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9de698333fa1afcb:host:45.173.156.205:host:172.234.197.23	SESSION-9de698333fa1afcb → host:45.173.156.205 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce6819df966f00de:host:177.10.237.161	SESSION-ce6819df966f00de → host:177.10.237.161
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-52edb7664c060999:SESSION-52edb7664c060999	SESSION-52edb7664c060999 → pe:tls:SESSION-52edb7664c060999
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2f99dd3ca5b14a25:PCAP:capture_20260430090001:065659c7d314	SESSION-2f99dd3ca5b14a25 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-1f082f9fe3332438:host:172.234.197.23	SESSION-1f082f9fe3332438 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ac3b19d6233e6f7:host:172.234.197.23	SESSION-2ac3b19d6233e6f7 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.82:asn:262880	host:177.10.233.82 → asn:262880
flow_observed4-aryOBS	e:fo:flow:6fe180bbb2da	flow:6fe180bbb2da → host:172.234.197.23 → host:177.10.232.1 → port:tcp:33775
FLOW_TO_HOSTOBS	e:to:SESSION-97d8ab6142f53424:host:172.234.197.23	SESSION-97d8ab6142f53424 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e6a07ad54f9ab5f8:SESSION-e6a07ad54f9ab5f8	SESSION-e6a07ad54f9ab5f8 → pe:tls:SESSION-e6a07ad54f9ab5f8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9963b3b3d702eb6e:host:177.10.238.68	SESSION-9963b3b3d702eb6e → host:177.10.238.68
flow_observed5-aryOBS	e:fo:flow:4e425a0bcb01	flow:4e425a0bcb01 → host:177.10.236.192 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-923cb7ae7a40da65:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-923cb7ae7a40da65 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-461eadc2db19418d:host:131.196.31.110	SESSION-461eadc2db19418d → host:131.196.31.110
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-da14e554ef56152a:SESSION-da14e554ef56152a	SESSION-da14e554ef56152a → pe:tls:SESSION-da14e554ef56152a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3bebc5cb41e4621f:PCAP:capture_20260430070001:903a0e7a436b	SESSION-3bebc5cb41e4621f → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-49ddbf605897eb3f:PCAP:capture_20260430070001:903a0e7a436b	SESSION-49ddbf605897eb3f → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b8f135d82b00569:host:172.234.197.23	SESSION-4b8f135d82b00569 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0d1802072f1dd852:flow:7315230a3bb0	SESSION-0d1802072f1dd852 → flow:7315230a3bb0
FLOW_FROM_HOSTOBS	e:from:SESSION-0a586e6b93cbc00d:host:177.10.234.187	SESSION-0a586e6b93cbc00d → host:177.10.234.187
FLOW_TO_HOSTOBS	e:to:SESSION-77abcf8d7f3aee2e:host:172.234.197.23	SESSION-77abcf8d7f3aee2e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e8b8d9a22aa6:port:tcp:11208	flow:e8b8d9a22aa6 → port:tcp:11208
FLOW_DST_PORTOBS	e:fp:flow:e69639bf8de0:port:tcp:29231	flow:e69639bf8de0 → port:tcp:29231
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8977638e8d6c6909:PCAP:capture_20260430060001:919b39a74464	SESSION-8977638e8d6c6909 → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-235be73d0ead16ae:PCAP:capture_20260430150001:ded20914761d	SESSION-235be73d0ead16ae → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b4f4901fb8368e3:PCAP:capture_20260430080001:93f47cc296a4	SESSION-7b4f4901fb8368e3 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-f73bbd477b19c775:host:172.234.197.23	SESSION-f73bbd477b19c775 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-86b498cacf4afadd:SESSION-86b498cacf4afadd	SESSION-86b498cacf4afadd → pe:tls:SESSION-86b498cacf4afadd
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51e02a163c57adb5:flow:17ffd29efdaf	SESSION-51e02a163c57adb5 → flow:17ffd29efdaf
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.221:asn:271410	host:131.196.29.221 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-9d0657eb87257c08:host:172.232.0.17	SESSION-9d0657eb87257c08 → host:172.232.0.17
FLOW_FROM_HOSTOBS	e:from:SESSION-4eec40051c49c7bf:host:172.234.197.23	SESSION-4eec40051c49c7bf → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d678c7d14c2f15db:flow:24e78376d3a5	SESSION-d678c7d14c2f15db → flow:24e78376d3a5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6dcacced517b07e8:flow:d97b7315f434	SESSION-6dcacced517b07e8 → flow:d97b7315f434
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.147:asn:271410	host:131.196.28.147 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fad6b9be10f7d404:host:172.234.197.23	SESSION-fad6b9be10f7d404 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e88e03e6557ce42:host:172.234.197.23	SESSION-7e88e03e6557ce42 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-692dce6abc85c058:host:131.196.31.17	SESSION-692dce6abc85c058 → host:131.196.31.17
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.79:geo_-16.28860_-49.01640	host:177.10.239.79 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b84ff3ecb7ac9c51:SESSION-b84ff3ecb7ac9c51	SESSION-b84ff3ecb7ac9c51 → pe:syn:SESSION-b84ff3ecb7ac9c51
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7792ff6d5e7124a:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b7792ff6d5e7124a → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:1c97f1fb2524	flow:1c97f1fb2524 → host:45.173.156.244 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-4354e5bc798bd13a:host:177.10.234.99	SESSION-4354e5bc798bd13a → host:177.10.234.99
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.211:geo_-23.62930_-46.63510	host:131.196.29.211 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.88:asn:262880	host:177.10.237.88 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9c0ba3366d883914:SESSION-9c0ba3366d883914	SESSION-9c0ba3366d883914 → pe:syn:SESSION-9c0ba3366d883914
flow_observed3-aryOBS	e:fo:flow:7a74743236f4	flow:7a74743236f4 → host:98.130.128.246 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0246a8b70a825de:host:131.196.29.224	SESSION-d0246a8b70a825de → host:131.196.29.224
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2e4cb96e9954f000:SESSION-2e4cb96e9954f000	SESSION-2e4cb96e9954f000 → pe:syn:SESSION-2e4cb96e9954f000
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d73d5fbffa5706a1:flow:64ab56109fb3	SESSION-d73d5fbffa5706a1 → flow:64ab56109fb3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0844998e370f9b20:host:177.10.237.47	SESSION-0844998e370f9b20 → host:177.10.237.47
FLOW_TO_HOSTOBS	e:to:SESSION-e1a13f968b47fc9d:host:177.10.239.63	SESSION-e1a13f968b47fc9d → host:177.10.239.63
FLOW_DST_PORTOBS	e:fp:flow:146c3f6b23cc:port:tcp:443	flow:146c3f6b23cc → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-98d24f4ecefc5585:host:172.234.197.23	SESSION-98d24f4ecefc5585 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0e3916b0aa19b751:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0e3916b0aa19b751 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:d50ac2c438e5	flow:d50ac2c438e5 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.106:asn:271410	host:131.196.28.106 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:d067f06f7951:port:tcp:443	flow:d067f06f7951 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:15bb30ff8217:port:tcp:443	flow:15bb30ff8217 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be622897972653aa:host:172.234.197.23	SESSION-be622897972653aa → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b47539014cc5976c:flow:105f5f06ea6e	SESSION-b47539014cc5976c → flow:105f5f06ea6e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee402158031a28f0:host:172.234.197.23	SESSION-ee402158031a28f0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:33ea2e46c94c	flow:33ea2e46c94c → host:177.10.234.118 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.94:geo_-21.10010_-41.69200	host:45.173.156.94 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3675340578297917:host:172.234.197.23	SESSION-3675340578297917 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-64a8475d206a0785:SESSION-64a8475d206a0785	SESSION-64a8475d206a0785 → pe:tls:SESSION-64a8475d206a0785
FLOW_FROM_HOSTOBS	e:from:SESSION-3df67864d859fde0:host:172.234.197.23	SESSION-3df67864d859fde0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7aa70a6d3547ceb7:SESSION-7aa70a6d3547ceb7	SESSION-7aa70a6d3547ceb7 → pe:syn:SESSION-7aa70a6d3547ceb7
flow_observed5-aryOBS	e:fo:flow:bc43384c18c9	flow:bc43384c18c9 → host:177.10.236.253 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-79b864f146b8f07b:flow:e19d04a9f102	SESSION-79b864f146b8f07b → flow:e19d04a9f102
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f57ffeba62df89fa:host:131.196.28.10:host:172.234.197.23	SESSION-f57ffeba62df89fa → host:131.196.28.10 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-3e4d7008639203d5:SESSION-3e4d7008639203d5	SESSION-3e4d7008639203d5 → pe:dns:SESSION-3e4d7008639203d5
FLOW_TO_HOSTOBS	e:to:SESSION-d12c89e59455016e:host:131.196.28.100	SESSION-d12c89e59455016e → host:131.196.28.100
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1909494739e8c502:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1909494739e8c502 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:d3bbb4017f36	flow:d3bbb4017f36 → host:177.10.238.103 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f2a0bf61df119bc4:host:177.10.234.235	SESSION-f2a0bf61df119bc4 → host:177.10.234.235
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2d93e5dd98af62cc:SESSION-2d93e5dd98af62cc	SESSION-2d93e5dd98af62cc → pe:tls:SESSION-2d93e5dd98af62cc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-98544383f10b4583:SESSION-98544383f10b4583	SESSION-98544383f10b4583 → pe:tls:SESSION-98544383f10b4583
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d0a2ec1133f1da31:PCAP:capture_20260430090001:065659c7d314	SESSION-d0a2ec1133f1da31 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6109906c198ad0ac:flow:ffef85aaa386	SESSION-6109906c198ad0ac → flow:ffef85aaa386
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-212f7b3a9bb90264:SESSION-212f7b3a9bb90264	SESSION-212f7b3a9bb90264 → pe:syn:SESSION-212f7b3a9bb90264
FLOW_FROM_HOSTOBS	e:from:SESSION-c67539e40b0db6c0:host:131.196.31.100	SESSION-c67539e40b0db6c0 → host:131.196.31.100
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-20552151cee2e1af:SESSION-20552151cee2e1af	SESSION-20552151cee2e1af → pe:syn:SESSION-20552151cee2e1af
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-15939dedfcffc5e5:SESSION-15939dedfcffc5e5	SESSION-15939dedfcffc5e5 → pe:syn:SESSION-15939dedfcffc5e5
FLOW_FROM_HOSTOBS	e:from:SESSION-cb7db2afd613f778:host:131.196.29.53	SESSION-cb7db2afd613f778 → host:131.196.29.53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10ed4263d8057f18:host:172.234.197.23	SESSION-10ed4263d8057f18 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7bf74715b11f1486:SESSION-7bf74715b11f1486	SESSION-7bf74715b11f1486 → pe:syn:SESSION-7bf74715b11f1486
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fddb1520b60b4e20:SESSION-fddb1520b60b4e20	SESSION-fddb1520b60b4e20 → pe:tls:SESSION-fddb1520b60b4e20
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa38dbd858d86f82:flow:105430cefef1	SESSION-aa38dbd858d86f82 → flow:105430cefef1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-354d6c0d37a0b016:SESSION-354d6c0d37a0b016	SESSION-354d6c0d37a0b016 → pe:tls:SESSION-354d6c0d37a0b016
FLOW_DST_PORTOBS	e:fp:flow:4206128c166d:port:tcp:443	flow:4206128c166d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc6a5831c46f644f:host:131.196.28.80	SESSION-bc6a5831c46f644f → host:131.196.28.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-386a52b5a647d101:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-386a52b5a647d101 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed4-aryOBS	e:fo:flow:ae90b115280a	flow:ae90b115280a → host:172.234.197.23 → host:177.10.238.211 → port:tcp:779
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8bf059b02e9beec:host:177.10.235.107	SESSION-c8bf059b02e9beec → host:177.10.235.107
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-393d4d02c091bd7e:host:5.182.209.49	SESSION-393d4d02c091bd7e → host:5.182.209.49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-19cb9f6f0c8358bd:SESSION-19cb9f6f0c8358bd	SESSION-19cb9f6f0c8358bd → pe:syn:SESSION-19cb9f6f0c8358bd
flow_observed5-aryOBS	e:fo:flow:ffcab162b11c	flow:ffcab162b11c → host:131.196.30.74 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.168:geo_-23.62930_-46.63510	host:131.196.30.168 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7c96791011a0f6f2:host:172.234.197.23:host:177.10.233.176	SESSION-7c96791011a0f6f2 → host:172.234.197.23 → host:177.10.233.176
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-34b42a1bd1f93900:host:64.237.250.51:host:172.234.197.23	SESSION-34b42a1bd1f93900 → host:64.237.250.51 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-bcca913f927ee07e:SESSION-bcca913f927ee07e	SESSION-bcca913f927ee07e → pe:rst:SESSION-bcca913f927ee07e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b88c76d0206f2960:SESSION-b88c76d0206f2960	SESSION-b88c76d0206f2960 → pe:syn:SESSION-b88c76d0206f2960
FLOW_TO_HOSTOBS	e:to:SESSION-8d0bef7920d84e31:host:131.196.31.13	SESSION-8d0bef7920d84e31 → host:131.196.31.13
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4e9a3a3a63cdb2e:SESSION-c4e9a3a3a63cdb2e	SESSION-c4e9a3a3a63cdb2e → pe:syn:SESSION-c4e9a3a3a63cdb2e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.49:asn:262880	host:177.10.232.49 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1110d6d36f6ebd42:host:172.234.197.23	SESSION-1110d6d36f6ebd42 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76ac71b30f764df7:host:131.196.28.128	SESSION-76ac71b30f764df7 → host:131.196.28.128
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83ce9ba3d421fc3f:host:172.234.197.23	SESSION-83ce9ba3d421fc3f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:020c844cd4d3:port:tcp:443	flow:020c844cd4d3 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.242:geo_-23.62930_-46.63510	host:131.196.28.242 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c7e6be5ba8db3cda:SESSION-c7e6be5ba8db3cda	SESSION-c7e6be5ba8db3cda → pe:tls:SESSION-c7e6be5ba8db3cda
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-424e5c5b03912c3d:flow:9f09d42f07c3	SESSION-424e5c5b03912c3d → flow:9f09d42f07c3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-de8058bfaf7cddb8:host:177.10.237.97:host:172.234.197.23	SESSION-de8058bfaf7cddb8 → host:177.10.237.97 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b792e9866f7563b8:host:172.234.197.23	SESSION-b792e9866f7563b8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bf9e0725ec95e307:host:177.10.232.125	SESSION-bf9e0725ec95e307 → host:177.10.232.125
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0df43d2721e666e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c0df43d2721e666e → PCAP:capture_20260430160001:9bfa4498506a
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.130:asn:271410	host:131.196.31.130 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-75c0f4fa43b2bfb9:SESSION-75c0f4fa43b2bfb9	SESSION-75c0f4fa43b2bfb9 → pe:syn:SESSION-75c0f4fa43b2bfb9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-55794f9e7b1a9e7f:SESSION-55794f9e7b1a9e7f	SESSION-55794f9e7b1a9e7f → pe:tls:SESSION-55794f9e7b1a9e7f
FLOW_FROM_HOSTOBS	e:from:SESSION-091d255d08b85143:host:98.130.128.246	SESSION-091d255d08b85143 → host:98.130.128.246
FLOW_DST_PORTOBS	e:fp:flow:8b934233cfa6:port:tcp:54113	flow:8b934233cfa6 → port:tcp:54113
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bce97f10a4a571f4:SESSION-bce97f10a4a571f4	SESSION-bce97f10a4a571f4 → pe:tls:SESSION-bce97f10a4a571f4
FLOW_TO_HOSTOBS	e:to:SESSION-f44e90059c2f2195:host:172.234.197.23	SESSION-f44e90059c2f2195 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4cc664d616fce9d7:SESSION-4cc664d616fce9d7	SESSION-4cc664d616fce9d7 → pe:syn:SESSION-4cc664d616fce9d7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2d19f64abed8cdcd:flow:3115340ffdee	SESSION-2d19f64abed8cdcd → flow:3115340ffdee
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e7af3e500f20cf8:host:177.10.237.217:host:172.234.197.23	SESSION-4e7af3e500f20cf8 → host:177.10.237.217 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc5634306e23209a:host:172.234.197.23	SESSION-fc5634306e23209a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:140.179.228.29:geo_39.91100_116.39500	host:140.179.228.29 → geo_39.91100_116.39500
FLOW_FROM_HOSTOBS	e:from:SESSION-5f8d7516bed96e97:host:177.10.239.97	SESSION-5f8d7516bed96e97 → host:177.10.239.97
FLOW_TO_HOSTOBS	e:to:SESSION-84d24c52e1f02eee:host:172.234.197.23	SESSION-84d24c52e1f02eee → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cb5c3fce7274dac7:host:172.234.197.23	SESSION-cb5c3fce7274dac7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.128:geo_-16.28860_-49.01640	host:177.10.237.128 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-05f783d5d2ea4019:PCAP:capture_20260430080001:93f47cc296a4	SESSION-05f783d5d2ea4019 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-c491b8c96ce6e8c2:host:78.47.249.154	SESSION-c491b8c96ce6e8c2 → host:78.47.249.154
flow_observed5-aryOBS	e:fo:flow:28d9e57edc1e	flow:28d9e57edc1e → host:45.173.156.223 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:f0f010e38ebe:port:tcp:443	flow:f0f010e38ebe → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-39cfa534eb7ca418:SESSION-39cfa534eb7ca418	SESSION-39cfa534eb7ca418 → pe:syn:SESSION-39cfa534eb7ca418
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8314ac7032421127:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-8314ac7032421127 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:65d3f69449d7:port:udp:53	flow:65d3f69449d7 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f45c3ab8ea783ada:host:172.234.197.23	SESSION-f45c3ab8ea783ada → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-df1edf3c82c78294:SESSION-df1edf3c82c78294	SESSION-df1edf3c82c78294 → pe:syn:SESSION-df1edf3c82c78294
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a4fdea987cb08476:SESSION-a4fdea987cb08476	SESSION-a4fdea987cb08476 → pe:tls:SESSION-a4fdea987cb08476
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6d7eebeca6a52636:flow:fc35dfb5ba01	SESSION-6d7eebeca6a52636 → flow:fc35dfb5ba01
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.2:asn:262880	host:177.10.233.2 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a5c85963c9f133e2:host:45.173.156.247:host:172.234.197.23	SESSION-a5c85963c9f133e2 → host:45.173.156.247 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9183ca0bc5df:port:tcp:443	flow:9183ca0bc5df → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ba4a623ca0c8731:SESSION-6ba4a623ca0c8731	SESSION-6ba4a623ca0c8731 → pe:syn:SESSION-6ba4a623ca0c8731
flow_observed5-aryOBS	e:fo:flow:81af941cebab	flow:81af941cebab → host:131.196.28.16 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb7db2afd613f778:host:131.196.29.53:host:172.234.197.23	SESSION-cb7db2afd613f778 → host:131.196.29.53 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0fa06d2bfceab141:host:131.196.30.224	SESSION-0fa06d2bfceab141 → host:131.196.30.224
FLOW_FROM_HOSTOBS	e:from:SESSION-d59ad8978cc7e8b9:host:172.234.197.23	SESSION-d59ad8978cc7e8b9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ea20601fa7d993b:host:131.196.29.53	SESSION-1ea20601fa7d993b → host:131.196.29.53
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-72e57a99703d053d:PCAP:capture_20260430060001:919b39a74464	SESSION-72e57a99703d053d → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c6fd3205e4a34033:host:172.234.197.23	SESSION-c6fd3205e4a34033 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b84ff3ecb7ac9c51:SESSION-b84ff3ecb7ac9c51	SESSION-b84ff3ecb7ac9c51 → pe:tls:SESSION-b84ff3ecb7ac9c51
FLOW_DST_PORTOBS	e:fp:flow:0734f1162312:port:tcp:443	flow:0734f1162312 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-605176cb8a71c0f4:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-605176cb8a71c0f4 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-a046afd146222299:BSG-BEACON-a8a8c3c8a37f	SESSION-a046afd146222299 → BSG-BEACON-a8a8c3c8a37f
HOST_IN_ASNOBS 85%	e:ha:host:103.97.91.27:asn:8849	host:103.97.91.27 → asn:8849
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3e9c01925d6f4319:flow:473adaf7427d	SESSION-3e9c01925d6f4319 → flow:473adaf7427d
FLOW_DST_PORTOBS	e:fp:flow:b63d48cce5f5:port:tcp:443	flow:b63d48cce5f5 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:51886dfe4b68	flow:51886dfe4b68 → host:172.234.197.23 → host:177.10.239.106 → port:tcp:4692
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5de3ca130be8f6d5:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-5de3ca130be8f6d5 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cff48a7a06adcd8f:SESSION-cff48a7a06adcd8f	SESSION-cff48a7a06adcd8f → pe:tls:SESSION-cff48a7a06adcd8f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77c36ee0b21ed6bb:SESSION-77c36ee0b21ed6bb	SESSION-77c36ee0b21ed6bb → pe:tls:SESSION-77c36ee0b21ed6bb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ca1727d5d29ffb7f:SESSION-ca1727d5d29ffb7f	SESSION-ca1727d5d29ffb7f → pe:tls:SESSION-ca1727d5d29ffb7f
flow_observed4-aryOBS	e:fo:flow:6c48fdd66981	flow:6c48fdd66981 → host:172.234.197.23 → host:45.173.156.204 → port:tcp:56899
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2a2cae37d21287a7:PCAP:capture_20260430110001:43611bdf6759	SESSION-2a2cae37d21287a7 → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.25:asn:271410	host:131.196.29.25 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-74188080b03487af:SESSION-74188080b03487af	SESSION-74188080b03487af → pe:tls:SESSION-74188080b03487af
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dbacd0066146a93a:flow:6c48fdd66981	SESSION-dbacd0066146a93a → flow:6c48fdd66981
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74f0d8e902dc1bc9:host:177.10.239.146	SESSION-74f0d8e902dc1bc9 → host:177.10.239.146
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8f5e9ebe80065c9c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-8f5e9ebe80065c9c → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f3d13cea2cf7dcee:SESSION-f3d13cea2cf7dcee	SESSION-f3d13cea2cf7dcee → pe:syn:SESSION-f3d13cea2cf7dcee
FLOW_TO_HOSTOBS	e:to:SESSION-ff7dac0188fe8fcb:host:172.234.197.23	SESSION-ff7dac0188fe8fcb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-57e647fa0cdcfe5a:host:177.10.239.87	SESSION-57e647fa0cdcfe5a → host:177.10.239.87
FLOW_FROM_HOSTOBS	e:from:SESSION-46f70ffa54883bab:host:195.154.100.87	SESSION-46f70ffa54883bab → host:195.154.100.87
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a5643c60889fe0da:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a5643c60889fe0da → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.250.227.157:geo_35.68930_139.68990	host:54.250.227.157 → geo_35.68930_139.68990
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c82cc9c39e4191e7:SESSION-c82cc9c39e4191e7	SESSION-c82cc9c39e4191e7 → pe:syn:SESSION-c82cc9c39e4191e7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-187a70856b24c84b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-187a70856b24c84b → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf343490b1b7ef49:host:131.196.28.44	SESSION-bf343490b1b7ef49 → host:131.196.28.44
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b479aa11234b67ae:flow:6154ca7be068	SESSION-b479aa11234b67ae → flow:6154ca7be068
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-69ca44a412c8d221:flow:0fd1643ef09f	SESSION-69ca44a412c8d221 → flow:0fd1643ef09f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-48baa2e7639de342:host:131.196.29.208:host:172.234.197.23	SESSION-48baa2e7639de342 → host:131.196.29.208 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e38f46dc000b6625:SESSION-e38f46dc000b6625	SESSION-e38f46dc000b6625 → pe:tls:SESSION-e38f46dc000b6625
FLOW_TO_HOSTOBS	e:to:SESSION-66897d09e7f9757a:host:172.234.197.23	SESSION-66897d09e7f9757a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a70d55aee4fd	flow:a70d55aee4fd → host:177.10.234.250 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6c5381aaad8fa568:flow:b1e49cd1beb0	SESSION-6c5381aaad8fa568 → flow:b1e49cd1beb0
FLOW_FROM_HOSTOBS	e:from:SESSION-49ea8e2d7734ace3:host:177.10.232.122	SESSION-49ea8e2d7734ace3 → host:177.10.232.122
flow_observed4-aryOBS	e:fo:flow:b7a29257b3a9	flow:b7a29257b3a9 → host:172.234.197.23 → host:45.173.156.131 → port:tcp:44241
FLOW_TO_HOSTOBS	e:to:SESSION-fa08911a1f564da4:host:172.234.197.23	SESSION-fa08911a1f564da4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f008aa22e7b680c:host:131.196.29.46	SESSION-7f008aa22e7b680c → host:131.196.29.46
FLOW_DST_PORTOBS	e:fp:flow:2ced477327d5:port:tcp:443	flow:2ced477327d5 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-527af3b786e52b88:host:177.10.237.226	SESSION-527af3b786e52b88 → host:177.10.237.226
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.82:asn:271410	host:131.196.31.82 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-5c60d99c484411b4:host:177.10.236.92	SESSION-5c60d99c484411b4 → host:177.10.236.92
FLOW_DST_PORTOBS	e:fp:flow:0180b80bdbbd:port:tcp:42937	flow:0180b80bdbbd → port:tcp:42937
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-9a207ecea3558884:SESSION-9a207ecea3558884	SESSION-9a207ecea3558884 → pe:dns:SESSION-9a207ecea3558884
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96272a0a54480e7a:flow:a52e56259536	SESSION-96272a0a54480e7a → flow:a52e56259536
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3553d3f3f842e7ac:host:172.234.197.23	SESSION-3553d3f3f842e7ac → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7f8de5150284:port:tcp:443	flow:7f8de5150284 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-474ea5236769f0a3:PCAP:capture_20260430150001:ded20914761d	SESSION-474ea5236769f0a3 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:f9c3289cd9ec:port:tcp:443	flow:f9c3289cd9ec → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d5a74cc524a51e3d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d5a74cc524a51e3d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aae44d6cd669040c:host:172.234.197.23:host:131.196.31.129	SESSION-aae44d6cd669040c → host:172.234.197.23 → host:131.196.31.129
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-433230166b97139a:SESSION-433230166b97139a	SESSION-433230166b97139a → pe:tls:SESSION-433230166b97139a
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.0:asn:271410	host:131.196.30.0 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-03f351fbd88acdc4:host:131.196.31.23	SESSION-03f351fbd88acdc4 → host:131.196.31.23
FLOW_TO_HOSTOBS	e:to:SESSION-b4341cac0cb5b3aa:host:2.57.122.194	SESSION-b4341cac0cb5b3aa → host:2.57.122.194
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-60cd9cc046a23835:SESSION-60cd9cc046a23835	SESSION-60cd9cc046a23835 → pe:tls:SESSION-60cd9cc046a23835
FLOW_FROM_HOSTOBS	e:from:SESSION-81c3f53ebeacb521:host:177.10.234.135	SESSION-81c3f53ebeacb521 → host:177.10.234.135
FLOW_FROM_HOSTOBS	e:from:SESSION-3a899a8160ea28b7:host:177.10.237.188	SESSION-3a899a8160ea28b7 → host:177.10.237.188
FLOW_TO_HOSTOBS	e:to:SESSION-6d95ea715a47abbc:host:172.234.197.23	SESSION-6d95ea715a47abbc → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-46a01539128daee6:flow:4715a1b4db57	SESSION-46a01539128daee6 → flow:4715a1b4db57
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06294e5a27c1af9a:host:177.10.238.180	SESSION-06294e5a27c1af9a → host:177.10.238.180
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-205f7c84653f0fb6:host:131.196.29.4	SESSION-205f7c84653f0fb6 → host:131.196.29.4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c1b9603c0e1ea765:host:172.234.197.23:host:131.196.30.244	SESSION-c1b9603c0e1ea765 → host:172.234.197.23 → host:131.196.30.244
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8b3ab5aeea0af112:host:177.10.234.143:host:172.234.197.23	SESSION-8b3ab5aeea0af112 → host:177.10.234.143 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.214:geo_-16.28860_-49.01640	host:177.10.235.214 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-56d3faf83e1ced7d:host:163.192.126.71:host:172.234.197.23	SESSION-56d3faf83e1ced7d → host:163.192.126.71 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.148:asn:262880	host:177.10.234.148 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e076f857aa349ed0:flow:75ebfafff6d6	SESSION-e076f857aa349ed0 → flow:75ebfafff6d6
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.128:asn:262880	host:177.10.234.128 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4013c9000873101b:flow:2d9131452e31	SESSION-4013c9000873101b → flow:2d9131452e31
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f12e4f5ba81c4d8:host:172.234.197.23	SESSION-3f12e4f5ba81c4d8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e115bc688365a9e7:host:177.10.239.180	SESSION-e115bc688365a9e7 → host:177.10.239.180
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eeeeaab9fc572806:host:185.231.226.199	SESSION-eeeeaab9fc572806 → host:185.231.226.199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6543ef151e834843:host:131.196.29.140	SESSION-6543ef151e834843 → host:131.196.29.140
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7828bb27afafcc71:host:131.196.30.185	SESSION-7828bb27afafcc71 → host:131.196.30.185
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e77d19d6eee479c3:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e77d19d6eee479c3 → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.150:geo_-23.62930_-46.63510	host:131.196.31.150 → geo_-23.62930_-46.63510
flow_observed4-aryOBS	e:fo:flow:ee0e8e42a22e	flow:ee0e8e42a22e → host:172.234.197.23 → host:177.10.235.215 → port:tcp:9901
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-72f157e6b3da81bc:flow:91dee87e0652	SESSION-72f157e6b3da81bc → flow:91dee87e0652
FLOW_FROM_HOSTOBS	e:from:SESSION-6cfabb521c7f73a1:host:172.234.197.23	SESSION-6cfabb521c7f73a1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1057767eda3c24b1:SESSION-1057767eda3c24b1	SESSION-1057767eda3c24b1 → pe:tls:SESSION-1057767eda3c24b1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.3:geo_-16.28860_-49.01640	host:177.10.239.3 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28106317c083449d:host:172.234.197.23	SESSION-28106317c083449d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d5941c68a821530:host:131.196.29.140	SESSION-5d5941c68a821530 → host:131.196.29.140
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-13f8871a9bd8cb8e:flow:8fe8ab751bca	SESSION-13f8871a9bd8cb8e → flow:8fe8ab751bca
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73ac0ee86c608450:host:131.196.31.47	SESSION-73ac0ee86c608450 → host:131.196.31.47
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e6f5f35bde9b3d2:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-7e6f5f35bde9b3d2 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f6c732897c2ca80c:host:172.234.197.23	SESSION-f6c732897c2ca80c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fcb174e83803b1f7:host:172.234.197.23	SESSION-fcb174e83803b1f7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d6c901db44791138:flow:78fc6ae4b8bb	SESSION-d6c901db44791138 → flow:78fc6ae4b8bb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-07e54ca458e8eeab:host:45.173.156.21:host:172.234.197.23	SESSION-07e54ca458e8eeab → host:45.173.156.21 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:57693f469d04	flow:57693f469d04 → host:177.10.234.0 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-69d28aa413742c82:PCAP:capture_20260430110001:43611bdf6759	SESSION-69d28aa413742c82 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:8ce6956833cf	flow:8ce6956833cf → host:177.10.236.176 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dca77cba3fb011ca:SESSION-dca77cba3fb011ca	SESSION-dca77cba3fb011ca → pe:syn:SESSION-dca77cba3fb011ca
FLOW_TO_HOSTOBS	e:to:SESSION-3ba165dc958434de:host:172.234.197.23	SESSION-3ba165dc958434de → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fbe3edafde6a655f:host:80.94.92.182	SESSION-fbe3edafde6a655f → host:80.94.92.182
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a3cdd61760cc277:host:172.234.197.23	SESSION-8a3cdd61760cc277 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f691479e1fc1edf:host:177.10.235.205	SESSION-2f691479e1fc1edf → host:177.10.235.205
FLOW_FROM_HOSTOBS	e:from:SESSION-6682b9978761b80b:host:177.10.239.115	SESSION-6682b9978761b80b → host:177.10.239.115
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4424212d2efd30c8:flow:7c3ca69b9bbe	SESSION-4424212d2efd30c8 → flow:7c3ca69b9bbe
FLOW_DST_PORTOBS	e:fp:flow:0eff10ba49f2:port:tcp:443	flow:0eff10ba49f2 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f06d97c7ac4f577b:SESSION-f06d97c7ac4f577b	SESSION-f06d97c7ac4f577b → pe:tls:SESSION-f06d97c7ac4f577b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37451ceb7f45e2a3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-37451ceb7f45e2a3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-44c3a4d4ec5442f2:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-44c3a4d4ec5442f2 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-48482b2d296d23e2:SESSION-48482b2d296d23e2	SESSION-48482b2d296d23e2 → pe:syn:SESSION-48482b2d296d23e2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.169:geo_-16.28860_-49.01640	host:177.10.234.169 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-7da23a3c779474e1:host:172.234.197.23	SESSION-7da23a3c779474e1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d1cae011c215:port:tcp:80	flow:d1cae011c215 → port:tcp:80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4b91d700ec898758:SESSION-4b91d700ec898758	SESSION-4b91d700ec898758 → pe:syn:SESSION-4b91d700ec898758
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-93c7fae83342c58e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-93c7fae83342c58e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:e658d099a963:port:tcp:443	flow:e658d099a963 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-4f6b9574b70ed197:host:177.10.235.184	SESSION-4f6b9574b70ed197 → host:177.10.235.184
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1129a02e66df3e40:SESSION-1129a02e66df3e40	SESSION-1129a02e66df3e40 → pe:tls:SESSION-1129a02e66df3e40
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.28:asn:262880	host:177.10.238.28 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-755eaab432e9c6a6:host:177.10.233.54:host:172.234.197.23	SESSION-755eaab432e9c6a6 → host:177.10.233.54 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3c787945ac898609:SESSION-3c787945ac898609	SESSION-3c787945ac898609 → pe:tls:SESSION-3c787945ac898609
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b947f5515d64f3f8:flow:79cc06b2667c	SESSION-b947f5515d64f3f8 → flow:79cc06b2667c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cac46254a85b1ec3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cac46254a85b1ec3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4799248f1ba6e544:SESSION-4799248f1ba6e544	SESSION-4799248f1ba6e544 → pe:tls:SESSION-4799248f1ba6e544
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.240:asn:271410	host:131.196.28.240 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-60b46aef513c4722:SESSION-60b46aef513c4722	SESSION-60b46aef513c4722 → pe:syn:SESSION-60b46aef513c4722
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fb20cb96e066d018:SESSION-fb20cb96e066d018	SESSION-fb20cb96e066d018 → pe:syn:SESSION-fb20cb96e066d018
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-50e84f588759fadd:SESSION-50e84f588759fadd	SESSION-50e84f588759fadd → pe:syn:SESSION-50e84f588759fadd
FLOW_TO_HOSTOBS	e:to:SESSION-20a3b697d9e7cdf6:host:172.234.197.23	SESSION-20a3b697d9e7cdf6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e0a8afad40ce0aa2:host:177.10.235.162	SESSION-e0a8afad40ce0aa2 → host:177.10.235.162
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.220:asn:262880	host:177.10.238.220 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-afeab5601fa36440:host:177.10.235.206	SESSION-afeab5601fa36440 → host:177.10.235.206
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5e7f6e07782bad0e:SESSION-5e7f6e07782bad0e	SESSION-5e7f6e07782bad0e → pe:syn:SESSION-5e7f6e07782bad0e
FLOW_FROM_HOSTOBS	e:from:SESSION-23002560e1da6de3:host:131.196.28.200	SESSION-23002560e1da6de3 → host:131.196.28.200
flow_observed5-aryOBS	e:fo:flow:b63263aab3b3	flow:b63263aab3b3 → host:131.196.29.164 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-35fc4de775269620:host:131.196.28.202:host:172.234.197.23	SESSION-35fc4de775269620 → host:131.196.28.202 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d537e467802bc1c1:host:131.196.29.215	SESSION-d537e467802bc1c1 → host:131.196.29.215
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5048c6b31ef60c96:flow:9b95b0cbe709	SESSION-5048c6b31ef60c96 → flow:9b95b0cbe709
FLOW_TO_HOSTOBS	e:to:SESSION-d43ada4a289f704d:host:172.234.197.23	SESSION-d43ada4a289f704d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2d6545f001e19457:flow:fb1eaf6b08b3	SESSION-2d6545f001e19457 → flow:fb1eaf6b08b3
FLOW_DST_PORTOBS	e:fp:flow:02eabff0bc53:port:tcp:443	flow:02eabff0bc53 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:1845bedc5e4a	flow:1845bedc5e4a → host:177.10.236.138 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:2ad668520c4d:port:tcp:443	flow:2ad668520c4d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c77e81e6376168a3:host:52.81.77.92	SESSION-c77e81e6376168a3 → host:52.81.77.92
FLOW_DST_PORTOBS	e:fp:flow:7f88b9c89fd4:port:tcp:443	flow:7f88b9c89fd4 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c8dea047b3a203b:host:131.196.29.164	SESSION-6c8dea047b3a203b → host:131.196.29.164
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b60a9d1a25ff8255:host:131.196.29.122:host:172.234.197.23	SESSION-b60a9d1a25ff8255 → host:131.196.29.122 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dfd5cbc4ed1c485c:host:172.234.197.23	SESSION-dfd5cbc4ed1c485c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fc2888c0eb9bd2ad:host:131.196.29.248:host:172.234.197.23	SESSION-fc2888c0eb9bd2ad → host:131.196.29.248 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8927b6992540:port:tcp:443	flow:8927b6992540 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.120:geo_-23.62930_-46.63510	host:131.196.30.120 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d2d2e0adb85f8f3e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d2d2e0adb85f8f3e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-7d861e0bc561d261:host:131.196.30.220	SESSION-7d861e0bc561d261 → host:131.196.30.220
FLOW_FROM_HOSTOBS	e:from:SESSION-28a7ecee4eeacba6:host:177.10.236.92	SESSION-28a7ecee4eeacba6 → host:177.10.236.92
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-124cb6be20cbe456:flow:7da1874cf98a	SESSION-124cb6be20cbe456 → flow:7da1874cf98a
FLOW_FROM_HOSTOBS	e:from:SESSION-65bd30307946d7be:host:177.10.233.13	SESSION-65bd30307946d7be → host:177.10.233.13
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a55a830d22fea90d:SESSION-a55a830d22fea90d	SESSION-a55a830d22fea90d → pe:syn:SESSION-a55a830d22fea90d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-184aec41cea03479:PCAP:capture_20260430060001:919b39a74464	SESSION-184aec41cea03479 → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68ee3afa191e6305:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-68ee3afa191e6305 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f9c5288639cc167:host:177.10.234.234	SESSION-3f9c5288639cc167 → host:177.10.234.234
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.15:geo_-16.28860_-49.01640	host:177.10.234.15 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-1995c5dc0203e07b:host:177.10.237.169	SESSION-1995c5dc0203e07b → host:177.10.237.169
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-23dcfe77dd45a14a:SESSION-23dcfe77dd45a14a	SESSION-23dcfe77dd45a14a → pe:tls:SESSION-23dcfe77dd45a14a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eadecea9d5615d15:SESSION-eadecea9d5615d15	SESSION-eadecea9d5615d15 → pe:syn:SESSION-eadecea9d5615d15
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eca69a208ab39d5f:host:172.234.197.23:host:177.10.237.159	SESSION-eca69a208ab39d5f → host:172.234.197.23 → host:177.10.237.159
FLOW_DST_PORTOBS	e:fp:flow:8fa1fca8c76a:port:tcp:443	flow:8fa1fca8c76a → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:17ffb9bcca7a:port:tcp:443	flow:17ffb9bcca7a → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.46:geo_-16.28860_-49.01640	host:177.10.235.46 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-5d5941c68a821530:host:172.234.197.23	SESSION-5d5941c68a821530 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c701d534f5ceb273:SESSION-c701d534f5ceb273	SESSION-c701d534f5ceb273 → pe:tls:SESSION-c701d534f5ceb273
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-02270ea748fd3855:host:177.10.232.120:host:172.234.197.23	SESSION-02270ea748fd3855 → host:177.10.232.120 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9962740ce107c36d:host:131.196.29.48	SESSION-9962740ce107c36d → host:131.196.29.48
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-079c82b45cfad420:PCAP:capture_20260430070001:903a0e7a436b	SESSION-079c82b45cfad420 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-09cf18cd582e793d:host:172.234.197.23	SESSION-09cf18cd582e793d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7ac209c33b5c7f5:host:172.234.197.23	SESSION-b7ac209c33b5c7f5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:80741b638a66:port:tcp:443	flow:80741b638a66 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:d75495d61e34:port:tcp:443	flow:d75495d61e34 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a8968fd2a11ede8:host:172.234.197.23	SESSION-1a8968fd2a11ede8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9c4ebc5699ec1c63:flow:b67e2b1b04d4	SESSION-9c4ebc5699ec1c63 → flow:b67e2b1b04d4
FLOW_TO_HOSTOBS	e:to:SESSION-4e703980a48f1e09:host:172.234.197.23	SESSION-4e703980a48f1e09 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a776552d0ac90a05:host:45.173.156.99	SESSION-a776552d0ac90a05 → host:45.173.156.99
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.168:asn:203771	host:92.112.71.168 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ba1793b4e05c9885:SESSION-ba1793b4e05c9885	SESSION-ba1793b4e05c9885 → pe:tls:SESSION-ba1793b4e05c9885
FLOW_DST_PORTOBS	e:fp:flow:e83f49b54561:port:tcp:23614	flow:e83f49b54561 → port:tcp:23614
flow_observed5-aryOBS	e:fo:flow:8c5e40504e89	flow:8c5e40504e89 → host:177.10.237.108 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-49ffa8539a7cb217:host:172.234.197.23:host:131.196.30.57	SESSION-49ffa8539a7cb217 → host:172.234.197.23 → host:131.196.30.57
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.126:asn:273470	host:45.173.156.126 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f0daf10b890c2667:flow:c2712c5339c4	SESSION-f0daf10b890c2667 → flow:c2712c5339c4
FLOW_TO_HOSTOBS	e:to:SESSION-cb9e9108ca8bff14:host:172.234.197.23	SESSION-cb9e9108ca8bff14 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9a9df261a7287913:SESSION-9a9df261a7287913	SESSION-9a9df261a7287913 → pe:syn:SESSION-9a9df261a7287913
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f49d888fd824b97a:host:172.234.197.23	SESSION-f49d888fd824b97a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.232:geo_-16.28860_-49.01640	host:177.10.238.232 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-921486915e849834:host:131.196.29.77	SESSION-921486915e849834 → host:131.196.29.77
FLOW_DST_PORTOBS	e:fp:flow:2981d1088db9:port:tcp:443	flow:2981d1088db9 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-9252fa43a6ca744f:host:172.234.197.23	SESSION-9252fa43a6ca744f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b4dc175dd74a3b00:flow:103321f9936d	SESSION-b4dc175dd74a3b00 → flow:103321f9936d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.187:asn:262880	host:177.10.239.187 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-8417b06622c43718:host:131.196.30.131	SESSION-8417b06622c43718 → host:131.196.30.131
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aad95c97a46f4b66:host:177.10.234.210:host:172.234.197.23	SESSION-aad95c97a46f4b66 → host:177.10.234.210 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.174:asn:262880	host:177.10.236.174 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69ac7334931bf6c1:host:172.234.197.23	SESSION-69ac7334931bf6c1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8fff356c5f0c:port:tcp:443	flow:8fff356c5f0c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-44aa905e757bc471:SESSION-44aa905e757bc471	SESSION-44aa905e757bc471 → pe:tls:SESSION-44aa905e757bc471
FLOW_DST_PORTOBS	e:fp:flow:fc58fb73a310:port:tcp:443	flow:fc58fb73a310 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab1dfc7616ca079a:host:172.234.197.23	SESSION-ab1dfc7616ca079a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:19dfc6870514:port:tcp:23759	flow:19dfc6870514 → port:tcp:23759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-802ccc988b65b38c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-802ccc988b65b38c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d0153bfe1e0550f7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d0153bfe1e0550f7 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ad4b86f4c7bfaae:SESSION-1ad4b86f4c7bfaae	SESSION-1ad4b86f4c7bfaae → pe:syn:SESSION-1ad4b86f4c7bfaae
FLOW_FROM_HOSTOBS	e:from:SESSION-938eb42ac2c00523:host:57.128.95.181	SESSION-938eb42ac2c00523 → host:57.128.95.181
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-07775d37dba558b0:host:199.16.157.181:host:172.234.197.23	SESSION-07775d37dba558b0 → host:199.16.157.181 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c8b9d154eee5d788:host:131.196.28.242	SESSION-c8b9d154eee5d788 → host:131.196.28.242
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3db8610837fd0b8:host:172.234.197.23	SESSION-e3db8610837fd0b8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dd9f2ee14ec6ee20:PCAP:capture_20260430150001:ded20914761d	SESSION-dd9f2ee14ec6ee20 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a11bbc1f12398e3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0a11bbc1f12398e3 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2604bc3e94e22829:host:172.234.197.23:host:172.232.0.16	SESSION-2604bc3e94e22829 → host:172.234.197.23 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8b38e5755a85588:host:177.10.237.108	SESSION-c8b38e5755a85588 → host:177.10.237.108
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5972a3b732445423:SESSION-5972a3b732445423	SESSION-5972a3b732445423 → pe:tls:SESSION-5972a3b732445423
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d610f9ec6aa577ae:host:172.234.197.23	SESSION-d610f9ec6aa577ae → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6da60a47e57e7ba3:SESSION-6da60a47e57e7ba3	SESSION-6da60a47e57e7ba3 → pe:tls:SESSION-6da60a47e57e7ba3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3839adbba9942939:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3839adbba9942939 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.22:geo_-23.62930_-46.63510	host:131.196.28.22 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-6bfe68f8e20317f4:host:172.234.197.23	SESSION-6bfe68f8e20317f4 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.114:geo_-16.28860_-49.01640	host:177.10.235.114 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-5ce88726966df20e:host:172.234.197.23	SESSION-5ce88726966df20e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0f8a559c2faf4a64:flow:11ce700613de	SESSION-0f8a559c2faf4a64 → flow:11ce700613de
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-de82cbdf751e150b:SESSION-de82cbdf751e150b	SESSION-de82cbdf751e150b → pe:syn:SESSION-de82cbdf751e150b
flow_observed5-aryOBS	e:fo:flow:a244accd3081	flow:a244accd3081 → host:177.10.236.110 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77c36ee0b21ed6bb:flow:aad5c10ed15a	SESSION-77c36ee0b21ed6bb → flow:aad5c10ed15a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.52:geo_41.02140_28.99480	host:37.221.79.52 → geo_41.02140_28.99480
FLOW_FROM_HOSTOBS	e:from:SESSION-c58b004ff38abe14:host:177.10.236.60	SESSION-c58b004ff38abe14 → host:177.10.236.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1530091b08a9906d:host:167.235.194.109	SESSION-1530091b08a9906d → host:167.235.194.109
FLOW_FROM_HOSTOBS	e:from:SESSION-0371abab0ef43e73:host:31.40.196.125	SESSION-0371abab0ef43e73 → host:31.40.196.125
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2ae6b0bca9a8c33:host:131.196.31.78	SESSION-f2ae6b0bca9a8c33 → host:131.196.31.78
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c639517e7e5752d7:flow:4914a5c37230	SESSION-c639517e7e5752d7 → flow:4914a5c37230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5c24af053222fbf1:SESSION-5c24af053222fbf1	SESSION-5c24af053222fbf1 → pe:syn:SESSION-5c24af053222fbf1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cac7b08c7fb71f18:host:177.10.232.204:host:172.234.197.23	SESSION-cac7b08c7fb71f18 → host:177.10.232.204 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7558286b16680d35:SESSION-7558286b16680d35	SESSION-7558286b16680d35 → pe:tls:SESSION-7558286b16680d35
FLOW_TO_HOSTOBS	e:to:SESSION-fa9d2876c7b3abea:host:172.234.197.23	SESSION-fa9d2876c7b3abea → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c016235dacd88a4d:SESSION-c016235dacd88a4d	SESSION-c016235dacd88a4d → pe:syn:SESSION-c016235dacd88a4d
FLOW_FROM_HOSTOBS	e:from:SESSION-96f4af5cf9f3425a:host:131.196.31.1	SESSION-96f4af5cf9f3425a → host:131.196.31.1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a4506f2fb402b7f:host:172.234.197.23:host:131.196.30.243	SESSION-0a4506f2fb402b7f → host:172.234.197.23 → host:131.196.30.243
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-46a01539128daee6:SESSION-46a01539128daee6	SESSION-46a01539128daee6 → pe:syn:SESSION-46a01539128daee6
flow_observed4-aryOBS	e:fo:flow:4a07a3724199	flow:4a07a3724199 → host:172.234.197.23 → host:177.10.235.190 → port:tcp:33540
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7d2803f457704e39:flow:347e17470bc2	SESSION-7d2803f457704e39 → flow:347e17470bc2
FLOW_TO_HOSTOBS	e:to:SESSION-06294e5a27c1af9a:host:172.234.197.23	SESSION-06294e5a27c1af9a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e2713dc0653d6ae5:host:172.234.197.23	SESSION-e2713dc0653d6ae5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fc21027b7229:port:tcp:443	flow:fc21027b7229 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bc96f34750660160:SESSION-bc96f34750660160	SESSION-bc96f34750660160 → pe:syn:SESSION-bc96f34750660160
FLOW_DST_PORTOBS	e:fp:flow:a17718402a27:port:tcp:11842	flow:a17718402a27 → port:tcp:11842
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d1a930dc0f03fa17:SESSION-d1a930dc0f03fa17	SESSION-d1a930dc0f03fa17 → pe:tls:SESSION-d1a930dc0f03fa17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3ea330cf59d2a2f8:SESSION-3ea330cf59d2a2f8	SESSION-3ea330cf59d2a2f8 → pe:syn:SESSION-3ea330cf59d2a2f8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f6d18082a7e4dce:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-4f6d18082a7e4dce → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-3a3b1f52ae1679da:host:172.234.197.23	SESSION-3a3b1f52ae1679da → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:9ddcb64ac58c	flow:9ddcb64ac58c → host:172.234.197.23 → host:177.10.237.156 → port:tcp:60499
FLOW_FROM_HOSTOBS	e:from:SESSION-4670d2b8fb3d0344:host:172.234.197.23	SESSION-4670d2b8fb3d0344 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-35561958c0468d3f:SESSION-35561958c0468d3f	SESSION-35561958c0468d3f → pe:syn:SESSION-35561958c0468d3f
flow_observed5-aryOBS	e:fo:flow:67095d6e505a	flow:67095d6e505a → host:131.196.31.122 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-c7b12eb68f09b08a:host:172.234.197.23	SESSION-c7b12eb68f09b08a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6a29fa607f6c:port:tcp:443	flow:6a29fa607f6c → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.197:geo_-23.62930_-46.63510	host:131.196.30.197 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-4a865531d109b7c1:host:172.234.197.23	SESSION-4a865531d109b7c1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-304db5c18798dbb4:host:131.196.29.105	SESSION-304db5c18798dbb4 → host:131.196.29.105
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0b02fe311e9b10a6:PCAP:capture_20260430090001:065659c7d314	SESSION-0b02fe311e9b10a6 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:10c4e8fbc188	flow:10c4e8fbc188 → host:177.10.234.95 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f57871a7505a0a35:host:172.234.197.23	SESSION-f57871a7505a0a35 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2560fc1185e4e3e7:host:172.234.197.23	SESSION-2560fc1185e4e3e7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d957287df88430bb:PCAP:capture_20260430060001:919b39a74464	SESSION-d957287df88430bb → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3c812f2a31a60fc9:SESSION-3c812f2a31a60fc9	SESSION-3c812f2a31a60fc9 → pe:syn:SESSION-3c812f2a31a60fc9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d84fd327ccf4e65:host:172.234.197.23	SESSION-5d84fd327ccf4e65 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f29ae4ea1d6d03ed:SESSION-f29ae4ea1d6d03ed	SESSION-f29ae4ea1d6d03ed → pe:tls:SESSION-f29ae4ea1d6d03ed
FLOW_TO_HOSTOBS	e:to:SESSION-1d77012e48557176:host:172.234.197.23	SESSION-1d77012e48557176 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:6ce2843bcef8	flow:6ce2843bcef8 → host:172.234.197.23 → host:177.10.238.254 → port:tcp:18401
FLOW_FROM_HOSTOBS	e:from:SESSION-80c2fbd298f78f5d:host:177.10.235.109	SESSION-80c2fbd298f78f5d → host:177.10.235.109
FLOW_TO_HOSTOBS	e:to:SESSION-8a70682fed3cc6c8:host:172.234.197.23	SESSION-8a70682fed3cc6c8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-942872364f4f0f53:host:177.10.235.49:host:172.234.197.23	SESSION-942872364f4f0f53 → host:177.10.235.49 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-de1fc6391256943a:flow:63f3b7f9b67e	SESSION-de1fc6391256943a → flow:63f3b7f9b67e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0e56fb95f564a0aa:PCAP:capture_20260430060001:919b39a74464	SESSION-0e56fb95f564a0aa → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5644212eea272a87:host:16.171.255.229	SESSION-5644212eea272a87 → host:16.171.255.229
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77d6ed106817bb5a:flow:82b885fc840d	SESSION-77d6ed106817bb5a → flow:82b885fc840d
FLOW_DST_PORTOBS	e:fp:flow:d26665ca5ede:port:tcp:45330	flow:d26665ca5ede → port:tcp:45330
flow_observed5-aryOBS	e:fo:flow:b63f651026b2	flow:b63f651026b2 → host:92.112.71.250 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d04c60e569cc19ba:flow:5a0cd8781a01	SESSION-d04c60e569cc19ba → flow:5a0cd8781a01
FLOW_TO_HOSTOBS	e:to:SESSION-30ddbb300887e80e:host:172.234.197.23	SESSION-30ddbb300887e80e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7aaf7c17fdae8be6:SESSION-7aaf7c17fdae8be6	SESSION-7aaf7c17fdae8be6 → pe:syn:SESSION-7aaf7c17fdae8be6
FLOW_DST_PORTOBS	e:fp:flow:23feae6e895f:port:tcp:443	flow:23feae6e895f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e7e52183ef313b6a:SESSION-e7e52183ef313b6a	SESSION-e7e52183ef313b6a → pe:tls:SESSION-e7e52183ef313b6a
FLOW_FROM_HOSTOBS	e:from:SESSION-e40cfbe40dbbe2d2:host:172.234.197.23	SESSION-e40cfbe40dbbe2d2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48cf6591de1d67a3:host:172.234.197.23	SESSION-48cf6591de1d67a3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d678c7d14c2f15db:host:177.10.237.146	SESSION-d678c7d14c2f15db → host:177.10.237.146
FLOW_DST_PORTOBS	e:fp:flow:ee2868577a4b:port:tcp:443	flow:ee2868577a4b → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-1eb9812de4c91c82:host:177.10.236.71	SESSION-1eb9812de4c91c82 → host:177.10.236.71
flow_observed5-aryOBS	e:fo:flow:4c859adc1608	flow:4c859adc1608 → host:177.10.235.110 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-fae3464e58310370:host:177.10.234.61	SESSION-fae3464e58310370 → host:177.10.234.61
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e8de37a87806b5e4:SESSION-e8de37a87806b5e4	SESSION-e8de37a87806b5e4 → pe:syn:SESSION-e8de37a87806b5e4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9fed3e3a3ac1c6fb:flow:9211244e0c57	SESSION-9fed3e3a3ac1c6fb → flow:9211244e0c57
FLOW_FROM_HOSTOBS	e:from:SESSION-b84ff3ecb7ac9c51:host:131.196.30.203	SESSION-b84ff3ecb7ac9c51 → host:131.196.30.203
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f9ee22ced6a72efa:host:131.196.30.3:host:172.234.197.23	SESSION-f9ee22ced6a72efa → host:131.196.30.3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6bbf6176d0f5e38d:SESSION-6bbf6176d0f5e38d	SESSION-6bbf6176d0f5e38d → pe:tls:SESSION-6bbf6176d0f5e38d
flow_observed5-aryOBS	e:fo:flow:ba624a808c3c	flow:ba624a808c3c → host:45.173.156.126 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e1aa0d90742fe552:SESSION-e1aa0d90742fe552	SESSION-e1aa0d90742fe552 → pe:syn:SESSION-e1aa0d90742fe552
FLOW_FROM_HOSTOBS	e:from:SESSION-67fb5a3b6b27b953:host:131.196.31.183	SESSION-67fb5a3b6b27b953 → host:131.196.31.183
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ec67d149df3809f6:host:177.10.235.81:host:172.234.197.23	SESSION-ec67d149df3809f6 → host:177.10.235.81 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f4f84053ddcae3c:host:172.234.197.23	SESSION-7f4f84053ddcae3c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6d6666ae3e8c32da:host:172.234.197.23	SESSION-6d6666ae3e8c32da → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-801ebd343e287ece:host:172.234.197.23	SESSION-801ebd343e287ece → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97a932b8098f01e0:host:177.10.239.39	SESSION-97a932b8098f01e0 → host:177.10.239.39
FLOW_TO_HOSTOBS	e:to:SESSION-a971dfbf90734efe:host:172.234.197.23	SESSION-a971dfbf90734efe → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-905738e9b4f08562:SESSION-905738e9b4f08562	SESSION-905738e9b4f08562 → pe:tls:SESSION-905738e9b4f08562
FLOW_TO_HOSTOBS	e:to:SESSION-793bdbe15c87a87a:host:172.234.197.23	SESSION-793bdbe15c87a87a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f355ffd88e7f5027:host:172.234.197.23	SESSION-f355ffd88e7f5027 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-22873a115734b4a8:flow:23c6fe3291b5	SESSION-22873a115734b4a8 → flow:23c6fe3291b5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-658ca3f75d8ef503:SESSION-658ca3f75d8ef503	SESSION-658ca3f75d8ef503 → pe:tls:SESSION-658ca3f75d8ef503
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8749b2c626b3f1be:host:172.234.197.23	SESSION-8749b2c626b3f1be → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-605176cb8a71c0f4:host:45.173.156.80	SESSION-605176cb8a71c0f4 → host:45.173.156.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-99d54d6eadbc1138:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-99d54d6eadbc1138 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-c9136bc11056d23d:host:177.10.237.162	SESSION-c9136bc11056d23d → host:177.10.237.162
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b481f21a133f6fd1:host:172.234.197.23	SESSION-b481f21a133f6fd1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a759d297db5368da:PCAP:capture_20260430090001:065659c7d314	SESSION-a759d297db5368da → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-9b9695896cdce250:host:45.145.152.51	SESSION-9b9695896cdce250 → host:45.145.152.51
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e883c2ce63ee6e05:host:172.234.197.23	SESSION-e883c2ce63ee6e05 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e40cfbe40dbbe2d2:host:131.196.31.220	SESSION-e40cfbe40dbbe2d2 → host:131.196.31.220
FLOW_FROM_HOSTOBS	e:from:SESSION-2eaffc60d664a8c9:host:177.10.235.90	SESSION-2eaffc60d664a8c9 → host:177.10.235.90
FLOW_DST_PORTOBS	e:fp:flow:97e0a8deaaff:port:tcp:443	flow:97e0a8deaaff → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a3baa467b71ba10:host:177.10.232.223	SESSION-3a3baa467b71ba10 → host:177.10.232.223
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fc301fc8fa5220df:PCAP:capture_20260430070001:903a0e7a436b	SESSION-fc301fc8fa5220df → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a27690ff20574d25:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a27690ff20574d25 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:bf4ff6240dc2:port:tcp:64352	flow:bf4ff6240dc2 → port:tcp:64352
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eb9826b2bc40f219:PCAP:capture_20260430080001:93f47cc296a4	SESSION-eb9826b2bc40f219 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-9fd8278b2f1d760d:host:131.196.30.146	SESSION-9fd8278b2f1d760d → host:131.196.30.146
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-34913801790eb8e4:SESSION-34913801790eb8e4	SESSION-34913801790eb8e4 → pe:syn:SESSION-34913801790eb8e4
flow_observed4-aryOBS	e:fo:flow:19f7959faebc	flow:19f7959faebc → host:172.234.197.23 → host:131.196.30.138 → port:tcp:57185
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-21e452657508b689:PCAP:capture_20260430110001:43611bdf6759	SESSION-21e452657508b689 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:f0bd3638e392:port:tcp:2614	flow:f0bd3638e392 → port:tcp:2614
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ff40ca0c390500b:host:34.140.18.6	SESSION-7ff40ca0c390500b → host:34.140.18.6
flow_observed5-aryOBS	e:fo:flow:e550e029e382	flow:e550e029e382 → host:31.40.196.151 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8cc58a61b872e266:SESSION-8cc58a61b872e266	SESSION-8cc58a61b872e266 → pe:tls:SESSION-8cc58a61b872e266
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4898aa8f3840ecd5:PCAP:capture_20260430110001:43611bdf6759	SESSION-4898aa8f3840ecd5 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b578cd49b856e8a0:flow:6f75171cd09c	SESSION-b578cd49b856e8a0 → flow:6f75171cd09c
FLOW_TO_HOSTOBS	e:to:SESSION-68adb943f73c50e9:host:172.234.197.23	SESSION-68adb943f73c50e9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c7239dbaec89ca2f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c7239dbaec89ca2f → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-e867c3054a212916:host:172.234.197.23	SESSION-e867c3054a212916 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:96042be72def	flow:96042be72def → host:177.10.233.166 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b145e081d4e87ab3:PCAP:capture_20260430060001:919b39a74464	SESSION-b145e081d4e87ab3 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0665b9726687b63:SESSION-c0665b9726687b63	SESSION-c0665b9726687b63 → pe:syn:SESSION-c0665b9726687b63
FLOW_DST_PORTOBS	e:fp:flow:0b10262f1f04:port:tcp:443	flow:0b10262f1f04 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc0003e096ddb203:SESSION-cc0003e096ddb203	SESSION-cc0003e096ddb203 → pe:syn:SESSION-cc0003e096ddb203
FLOW_TO_HOSTOBS	e:to:SESSION-b5b79680f4b436a5:host:172.234.197.23	SESSION-b5b79680f4b436a5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c1df48b404d2bce0:host:177.10.235.87	SESSION-c1df48b404d2bce0 → host:177.10.235.87
FLOW_TO_HOSTOBS	e:to:SESSION-1a8968fd2a11ede8:host:177.10.233.17	SESSION-1a8968fd2a11ede8 → host:177.10.233.17
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.222:asn:271410	host:131.196.30.222 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-d9ef85fb3b83fc71:host:172.234.197.23	SESSION-d9ef85fb3b83fc71 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.245:asn:203771	host:95.170.25.245 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-86b61cf52362ae86:SESSION-86b61cf52362ae86	SESSION-86b61cf52362ae86 → pe:tls:SESSION-86b61cf52362ae86
flow_observed5-aryOBS	e:fo:flow:da534c89e93d	flow:da534c89e93d → host:51.161.119.157 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6798e98bad768e0d:SESSION-6798e98bad768e0d	SESSION-6798e98bad768e0d → pe:syn:SESSION-6798e98bad768e0d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.190:geo_-23.62930_-46.63510	host:131.196.28.190 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-09e9de69a12074bb:flow:2b9c751256f3	SESSION-09e9de69a12074bb → flow:2b9c751256f3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8d7cf6e510c352d8:SESSION-8d7cf6e510c352d8	SESSION-8d7cf6e510c352d8 → pe:syn:SESSION-8d7cf6e510c352d8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ae017ce34991ed1:host:172.234.197.23	SESSION-5ae017ce34991ed1 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.3:asn:273470	host:45.173.156.3 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-2d798baf71c597a3:host:43.196.88.244	SESSION-2d798baf71c597a3 → host:43.196.88.244
flow_observed5-aryOBS	e:fo:flow:2009c812f0cc	flow:2009c812f0cc → host:177.10.237.5 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:e23c67b8a8e5	flow:e23c67b8a8e5 → host:172.234.197.23 → host:131.196.29.221 → port:tcp:1777
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-08b271f63f4ccc89:SESSION-08b271f63f4ccc89	SESSION-08b271f63f4ccc89 → pe:syn:SESSION-08b271f63f4ccc89
FLOW_TO_HOSTOBS	e:to:SESSION-84a17a716ed94f5c:host:172.234.197.23	SESSION-84a17a716ed94f5c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e217016f21152908:host:131.196.31.133	SESSION-e217016f21152908 → host:131.196.31.133
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09d8680ca1ab1b1e:host:172.234.197.23	SESSION-09d8680ca1ab1b1e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-86b4956d98680667:host:172.234.197.23:host:177.10.232.55	SESSION-86b4956d98680667 → host:172.234.197.23 → host:177.10.232.55
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c6d8c2f7fc43f382:PCAP:capture_20260430110001:43611bdf6759	SESSION-c6d8c2f7fc43f382 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:41860dd78d25:port:tcp:63977	flow:41860dd78d25 → port:tcp:63977
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-366e271d3ddb3e11:SESSION-366e271d3ddb3e11	SESSION-366e271d3ddb3e11 → pe:tls:SESSION-366e271d3ddb3e11
FLOW_FROM_HOSTOBS	e:from:SESSION-cb3e7e97aa8c76e6:host:131.196.29.116	SESSION-cb3e7e97aa8c76e6 → host:131.196.29.116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ba942f2694f4960:host:172.234.197.23	SESSION-0ba942f2694f4960 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-07ba7d1d1566dce2:host:37.221.79.130	SESSION-07ba7d1d1566dce2 → host:37.221.79.130
FLOW_TO_HOSTOBS	e:to:SESSION-e035a13399d76ad4:host:131.196.31.223	SESSION-e035a13399d76ad4 → host:131.196.31.223
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b9875f767bae73b8:flow:f0bd3638e392	SESSION-b9875f767bae73b8 → flow:f0bd3638e392
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8a70682fed3cc6c8:SESSION-8a70682fed3cc6c8	SESSION-8a70682fed3cc6c8 → pe:tls:SESSION-8a70682fed3cc6c8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f9ddceec57447449:flow:0bd2c530b5f1	SESSION-f9ddceec57447449 → flow:0bd2c530b5f1
FLOW_DST_PORTOBS	e:fp:flow:e19ca5ebb171:port:tcp:443	flow:e19ca5ebb171 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b699e12e3fdc2278:host:172.234.197.23	SESSION-b699e12e3fdc2278 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5c0a8784cda1:port:tcp:443	flow:5c0a8784cda1 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:ca5f31c630e0:port:tcp:443	flow:ca5f31c630e0 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ba1cfcea34ace70:host:172.234.197.23	SESSION-2ba1cfcea34ace70 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-176c7cfb0e699b4d:SESSION-176c7cfb0e699b4d	SESSION-176c7cfb0e699b4d → pe:tls:SESSION-176c7cfb0e699b4d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6dacc3093e29f894:flow:960047891931	SESSION-6dacc3093e29f894 → flow:960047891931
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b4ed0c7009b8f0d4:SESSION-b4ed0c7009b8f0d4	SESSION-b4ed0c7009b8f0d4 → pe:syn:SESSION-b4ed0c7009b8f0d4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b03f12d359ceed54:host:131.196.31.26	SESSION-b03f12d359ceed54 → host:131.196.31.26
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d32b9643240d8a79:host:177.10.239.42:host:172.234.197.23	SESSION-d32b9643240d8a79 → host:177.10.239.42 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d8cc052a984adc75:host:172.234.197.23:host:45.173.156.13	SESSION-d8cc052a984adc75 → host:172.234.197.23 → host:45.173.156.13
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-409f2c106c7c54cc:SESSION-409f2c106c7c54cc	SESSION-409f2c106c7c54cc → pe:syn:SESSION-409f2c106c7c54cc
FLOW_TO_HOSTOBS	e:to:SESSION-a57e7ba0de33dea3:host:172.234.197.23	SESSION-a57e7ba0de33dea3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-913ac926bd708af5:host:172.234.197.23	SESSION-913ac926bd708af5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-364513c2995bfd3b:host:172.234.197.23	SESSION-364513c2995bfd3b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ae5500b1626fa45f:host:177.10.239.186	SESSION-ae5500b1626fa45f → host:177.10.239.186
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-22ef7e58c288a4dd:SESSION-22ef7e58c288a4dd	SESSION-22ef7e58c288a4dd → pe:syn:SESSION-22ef7e58c288a4dd
FLOW_FROM_HOSTOBS	e:from:SESSION-aee71e8cd1625550:host:172.234.197.23	SESSION-aee71e8cd1625550 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:f30fc2973ede	flow:f30fc2973ede → host:172.234.197.23 → host:45.173.156.232 → port:tcp:23628
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.226:asn:271410	host:131.196.31.226 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-577376347fdfe894:PCAP:capture_20260430050001:8868731bf8a4	SESSION-577376347fdfe894 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e99befaea58c8acf:host:131.196.31.244	SESSION-e99befaea58c8acf → host:131.196.31.244
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-89ddb9a3043f63a3:SESSION-89ddb9a3043f63a3	SESSION-89ddb9a3043f63a3 → pe:tls:SESSION-89ddb9a3043f63a3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0b0070ff484a299:PCAP:capture_20260430060001:919b39a74464	SESSION-c0b0070ff484a299 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a0e660e7f8fdd6f:SESSION-4a0e660e7f8fdd6f	SESSION-4a0e660e7f8fdd6f → pe:tls:SESSION-4a0e660e7f8fdd6f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9df048180bcb59b6:flow:457e8ed21eb2	SESSION-9df048180bcb59b6 → flow:457e8ed21eb2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-098ed7054a17b347:host:177.10.235.60	SESSION-098ed7054a17b347 → host:177.10.235.60
FLOW_TO_HOSTOBS	e:to:SESSION-605176cb8a71c0f4:host:172.234.197.23	SESSION-605176cb8a71c0f4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-10bd62a158add0c4:host:177.10.233.183	SESSION-10bd62a158add0c4 → host:177.10.233.183
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a1ec79192d74c7af:host:177.10.237.48:host:172.234.197.23	SESSION-a1ec79192d74c7af → host:177.10.237.48 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fd2e4550d5ebaf09:host:172.234.197.23	SESSION-fd2e4550d5ebaf09 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:9e2338ffc91c	flow:9e2338ffc91c → host:172.234.197.23 → host:177.10.239.255 → port:tcp:18270
FLOW_DST_PORTOBS	e:fp:flow:c2712c5339c4:port:tcp:46955	flow:c2712c5339c4 → port:tcp:46955
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-100c3fd7436ef8f8:host:177.10.234.52	SESSION-100c3fd7436ef8f8 → host:177.10.234.52
FLOW_DST_PORTOBS	e:fp:flow:008ea860cb75:port:tcp:443	flow:008ea860cb75 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.50:geo_-23.62930_-46.63510	host:131.196.28.50 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1191e0b24f1d121:host:92.112.71.250:host:172.234.197.23	SESSION-d1191e0b24f1d121 → host:92.112.71.250 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ac3abc26fe7d2af5:host:177.10.238.218:host:172.234.197.23	SESSION-ac3abc26fe7d2af5 → host:177.10.238.218 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c828adcf318b7963:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-c828adcf318b7963 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a7cd300d305b207c:SESSION-a7cd300d305b207c	SESSION-a7cd300d305b207c → pe:syn:SESSION-a7cd300d305b207c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7c6e69b3f05bcd99:SESSION-7c6e69b3f05bcd99	SESSION-7c6e69b3f05bcd99 → pe:tls:SESSION-7c6e69b3f05bcd99
flow_observed5-aryOBS	e:fo:flow:a057fa3e25d4	flow:a057fa3e25d4 → host:177.10.235.190 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-e1e1ef170279bd06:host:172.234.197.23	SESSION-e1e1ef170279bd06 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6d2d33fef3a69334:host:131.196.28.90	SESSION-6d2d33fef3a69334 → host:131.196.28.90
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b6005e750e5a47f:host:177.10.236.154	SESSION-8b6005e750e5a47f → host:177.10.236.154
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ead4b2d62c5ebfd2:SESSION-ead4b2d62c5ebfd2	SESSION-ead4b2d62c5ebfd2 → pe:syn:SESSION-ead4b2d62c5ebfd2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ee36310db765ff6:host:131.196.31.220:host:172.234.197.23	SESSION-2ee36310db765ff6 → host:131.196.31.220 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3d7339ef5a101ca:host:51.94.180.11	SESSION-e3d7339ef5a101ca → host:51.94.180.11
FLOW_TO_HOSTOBS	e:to:SESSION-eaa23bb51e1c2dee:host:172.234.197.23	SESSION-eaa23bb51e1c2dee → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:22e70f9a44d8	flow:22e70f9a44d8 → host:172.234.197.23 → host:177.10.235.169 → port:tcp:35065
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-31b6c18ffff74955:host:172.234.197.23:host:177.10.236.112	SESSION-31b6c18ffff74955 → host:172.234.197.23 → host:177.10.236.112
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-59d92efe40de2f35:flow:e611585b6a4a	SESSION-59d92efe40de2f35 → flow:e611585b6a4a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c70bd35e108ab91c:host:172.234.197.23	SESSION-c70bd35e108ab91c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a18dc2bb6be0117f:SESSION-a18dc2bb6be0117f	SESSION-a18dc2bb6be0117f → pe:syn:SESSION-a18dc2bb6be0117f
FLOW_FROM_HOSTOBS	e:from:SESSION-9e4489cf6c262aa3:host:177.10.239.93	SESSION-9e4489cf6c262aa3 → host:177.10.239.93
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-414103fa622913fc:host:172.234.197.23:host:213.209.159.159	SESSION-414103fa622913fc → host:172.234.197.23 → host:213.209.159.159
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e921959b541072de:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e921959b541072de → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5e7695ca2cac12f:host:131.196.29.0	SESSION-b5e7695ca2cac12f → host:131.196.29.0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-58a14b9397c116a1:SESSION-58a14b9397c116a1	SESSION-58a14b9397c116a1 → pe:syn:SESSION-58a14b9397c116a1
FLOW_DST_PORTOBS	e:fp:flow:9f294cc57752:port:tcp:443	flow:9f294cc57752 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:094c3d9058e3	flow:094c3d9058e3 → host:131.196.29.230 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ac55ff303c5de83:host:131.196.30.49:host:172.234.197.23	SESSION-1ac55ff303c5de83 → host:131.196.30.49 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-90798b7c1b8c7636:host:172.234.197.23:host:131.196.30.234	SESSION-90798b7c1b8c7636 → host:172.234.197.23 → host:131.196.30.234
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e2a96a3225ff388:host:2.57.122.196	SESSION-7e2a96a3225ff388 → host:2.57.122.196
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-643a90c68c400c64:host:177.10.236.151:host:172.234.197.23	SESSION-643a90c68c400c64 → host:177.10.236.151 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-77e4374445abb63e:host:177.10.233.121	SESSION-77e4374445abb63e → host:177.10.233.121
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78b89cf411e3ebb4:host:131.196.31.190	SESSION-78b89cf411e3ebb4 → host:131.196.31.190
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e3ca473e8fbcab1:host:177.10.239.145:host:172.234.197.23	SESSION-4e3ca473e8fbcab1 → host:177.10.239.145 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-62458b132c4d6b0d:host:172.234.197.23	SESSION-62458b132c4d6b0d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-728f64f1954defae:host:172.234.197.23	SESSION-728f64f1954defae → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b7ae30acbd5f5fc5:host:172.234.197.23	SESSION-b7ae30acbd5f5fc5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9e70132665ab339:host:172.234.197.23	SESSION-f9e70132665ab339 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-06294e5a27c1af9a:SESSION-06294e5a27c1af9a	SESSION-06294e5a27c1af9a → pe:syn:SESSION-06294e5a27c1af9a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.14:asn:262880	host:177.10.237.14 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:683123e16bef:port:tcp:53576	flow:683123e16bef → port:tcp:53576
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a759d297db5368da:host:177.10.235.213:host:172.234.197.23	SESSION-a759d297db5368da → host:177.10.235.213 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-57be4ad64c21b6c4:PCAP:capture_20260430080001:93f47cc296a4	SESSION-57be4ad64c21b6c4 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:75bb6d0e28a7	flow:75bb6d0e28a7 → host:177.10.232.114 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.181:asn:271410	host:131.196.30.181 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.255:asn:271410	host:131.196.28.255 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-a3bb54d95c2cdaff:host:177.10.234.224	SESSION-a3bb54d95c2cdaff → host:177.10.234.224
FLOW_DST_PORTOBS	e:fp:flow:0c6b61bfa335:port:tcp:443	flow:0c6b61bfa335 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:0642687a4af2	flow:0642687a4af2 → host:177.10.232.168 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-301cccab595ff1f6:SESSION-301cccab595ff1f6	SESSION-301cccab595ff1f6 → pe:syn:SESSION-301cccab595ff1f6
FLOW_FROM_HOSTOBS	e:from:SESSION-a2f802a56d8e0d79:host:131.196.31.49	SESSION-a2f802a56d8e0d79 → host:131.196.31.49
flow_observed4-aryOBS	e:fo:flow:d5d20e36d494	flow:d5d20e36d494 → host:172.234.197.23 → host:131.196.30.98 → port:tcp:61039
FLOW_DST_PORTOBS	e:fp:flow:5a300d7140a6:port:tcp:443	flow:5a300d7140a6 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:28ab5fc046d9	flow:28ab5fc046d9 → host:131.196.29.235 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-efd1ddb1a087b877:host:172.234.197.23	SESSION-efd1ddb1a087b877 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:305e0f17973f:port:tcp:443	flow:305e0f17973f → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-deef720c855898df:host:177.10.234.126	SESSION-deef720c855898df → host:177.10.234.126
FLOW_DST_PORTOBS	e:fp:flow:0bd2c530b5f1:port:tcp:443	flow:0bd2c530b5f1 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:32c06546a1b7	flow:32c06546a1b7 → host:95.170.25.200 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b60cd26b4cd717ea:SESSION-b60cd26b4cd717ea	SESSION-b60cd26b4cd717ea → pe:syn:SESSION-b60cd26b4cd717ea
FLOW_DST_PORTOBS	e:fp:flow:4e7ca29ac410:port:tcp:443	flow:4e7ca29ac410 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:dad04616997c:port:tcp:443	flow:dad04616997c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ab980d26fa84a5e:host:172.234.197.23	SESSION-9ab980d26fa84a5e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8132ea082e988f13:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-8132ea082e988f13 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8a77e99309dd6e28:SESSION-8a77e99309dd6e28	SESSION-8a77e99309dd6e28 → pe:syn:SESSION-8a77e99309dd6e28
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb4d3e328cdf4bcd:host:131.196.31.105:host:172.234.197.23	SESSION-cb4d3e328cdf4bcd → host:131.196.31.105 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-01ac49b549a49417:host:172.234.197.23	SESSION-01ac49b549a49417 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8f2626a04e38:port:tcp:443	flow:8f2626a04e38 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-2a81d3c71843f89e:host:172.234.197.23	SESSION-2a81d3c71843f89e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-626902abaec078eb:host:172.234.197.23	SESSION-626902abaec078eb → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:26c3eabc8146	flow:26c3eabc8146 → host:177.10.232.20 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-20e3655a208f66c6:host:172.234.197.23	SESSION-20e3655a208f66c6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:af7db4fb2b51	flow:af7db4fb2b51 → host:177.10.236.115 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eb2fd2ce02add556:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-eb2fd2ce02add556 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a288a75f40d03563:flow:2639caa1e970	SESSION-a288a75f40d03563 → flow:2639caa1e970
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8d2a460a472c4c29:SESSION-8d2a460a472c4c29	SESSION-8d2a460a472c4c29 → pe:syn:SESSION-8d2a460a472c4c29
flow_observed5-aryOBS	e:fo:flow:b57952665021	flow:b57952665021 → host:177.10.239.136 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1624b178b88eb54d:SESSION-1624b178b88eb54d	SESSION-1624b178b88eb54d → pe:tls:SESSION-1624b178b88eb54d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6411f10800cf3ef5:flow:935c0ab7e069	SESSION-6411f10800cf3ef5 → flow:935c0ab7e069
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.246:asn:271410	host:131.196.30.246 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1e0550020c1215cf:SESSION-1e0550020c1215cf	SESSION-1e0550020c1215cf → pe:syn:SESSION-1e0550020c1215cf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-733b7037c38abbcf:host:177.10.235.129	SESSION-733b7037c38abbcf → host:177.10.235.129
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c54e8a5253d053d:host:172.234.197.23	SESSION-8c54e8a5253d053d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-be868fb861e0a1c8:SESSION-be868fb861e0a1c8	SESSION-be868fb861e0a1c8 → pe:syn:SESSION-be868fb861e0a1c8
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.197:geo_-21.10010_-41.69200	host:45.173.156.197 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e1b90ecadb949fa3:flow:eb7039d8cfc1	SESSION-e1b90ecadb949fa3 → flow:eb7039d8cfc1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-625fc1856b5bb87f:host:172.234.197.23	SESSION-625fc1856b5bb87f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c70f7d0fa3cda32b:SESSION-c70f7d0fa3cda32b	SESSION-c70f7d0fa3cda32b → pe:syn:SESSION-c70f7d0fa3cda32b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90e5db50c9887f08:host:172.234.197.23	SESSION-90e5db50c9887f08 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-04ab6357fe1e6c0a:SESSION-04ab6357fe1e6c0a	SESSION-04ab6357fe1e6c0a → pe:tls:SESSION-04ab6357fe1e6c0a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-31f3a24ceae3d348:flow:9ab5572a2446	SESSION-31f3a24ceae3d348 → flow:9ab5572a2446
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b117f2a3fa82af67:flow:fa71e3f65ae1	SESSION-b117f2a3fa82af67 → flow:fa71e3f65ae1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.187:geo_-21.10010_-41.69200	host:45.173.156.187 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c5fc27029770f85:host:177.10.232.165	SESSION-2c5fc27029770f85 → host:177.10.232.165
FLOW_FROM_HOSTOBS	e:from:SESSION-23f94e137932a031:host:177.10.236.61	SESSION-23f94e137932a031 → host:177.10.236.61
flow_observed5-aryOBS	e:fo:flow:54248e81c0ee	flow:54248e81c0ee → host:177.10.233.49 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bb5021014b7af5cb:flow:6b1020087167	SESSION-bb5021014b7af5cb → flow:6b1020087167
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eca69a208ab39d5f:flow:fb256eae480c	SESSION-eca69a208ab39d5f → flow:fb256eae480c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b11ad70426b43374:SESSION-b11ad70426b43374	SESSION-b11ad70426b43374 → pe:syn:SESSION-b11ad70426b43374
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-33fdac1ad6f47ac8:PCAP:capture_20260430080001:93f47cc296a4	SESSION-33fdac1ad6f47ac8 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:a44722bcd1c4	flow:a44722bcd1c4 → host:131.196.31.121 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0586166ee52acb1f:host:172.234.197.23	SESSION-0586166ee52acb1f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9320ba5c0d1c:port:tcp:443	flow:9320ba5c0d1c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c828adcf318b7963:SESSION-c828adcf318b7963	SESSION-c828adcf318b7963 → pe:syn:SESSION-c828adcf318b7963
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-48bb234f8161dc4f:SESSION-48bb234f8161dc4f	SESSION-48bb234f8161dc4f → pe:syn:SESSION-48bb234f8161dc4f
FLOW_TO_HOSTOBS	e:to:SESSION-4a904c233015ef9c:host:177.10.236.166	SESSION-4a904c233015ef9c → host:177.10.236.166
FLOW_TO_HOSTOBS	e:to:SESSION-2f99dd3ca5b14a25:host:172.234.197.23	SESSION-2f99dd3ca5b14a25 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d8d8471d99b0ccf5:host:172.234.197.23	SESSION-d8d8471d99b0ccf5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2ee9ba8cae5cc2ab:host:177.10.239.84	SESSION-2ee9ba8cae5cc2ab → host:177.10.239.84
flow_observed4-aryOBS	e:fo:flow:1c2781325e97	flow:1c2781325e97 → host:172.234.197.23 → host:177.10.237.52 → port:tcp:20796
flow_observed4-aryOBS	e:fo:flow:cd284626d39c	flow:cd284626d39c → host:172.234.197.23 → host:177.10.238.226 → port:tcp:34267
FLOW_DST_PORTOBS	e:fp:flow:2006ea332961:port:tcp:443	flow:2006ea332961 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.111:asn:262880	host:177.10.239.111 → asn:262880
ASN_IN_ORGOBS 80%	e:ao:asn:45102:org:Alibaba US Technology Co., Ltd.	asn:45102 → org:Alibaba US Technology Co., Ltd.
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3759208ef2a99af0:host:177.10.233.1	SESSION-3759208ef2a99af0 → host:177.10.233.1
FLOW_FROM_HOSTOBS	e:from:SESSION-a759d297db5368da:host:177.10.235.213	SESSION-a759d297db5368da → host:177.10.235.213
FLOW_TO_HOSTOBS	e:to:SESSION-9de698333fa1afcb:host:172.234.197.23	SESSION-9de698333fa1afcb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-736a99dd90ae6491:host:131.196.28.216	SESSION-736a99dd90ae6491 → host:131.196.28.216
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-54d23880cad1a846:SESSION-54d23880cad1a846	SESSION-54d23880cad1a846 → pe:tls:SESSION-54d23880cad1a846
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-23aaa31711ea4954:SESSION-23aaa31711ea4954	SESSION-23aaa31711ea4954 → pe:tls:SESSION-23aaa31711ea4954
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.104:asn:262880	host:177.10.234.104 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.218:asn:262880	host:177.10.237.218 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.29:asn:262880	host:177.10.238.29 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9d603c58c5171ed7:SESSION-9d603c58c5171ed7	SESSION-9d603c58c5171ed7 → pe:tls:SESSION-9d603c58c5171ed7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6ddb3deb8cc2873:host:172.234.197.23	SESSION-d6ddb3deb8cc2873 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9b5948254caf12dd:host:177.10.238.216:host:172.234.197.23	SESSION-9b5948254caf12dd → host:177.10.238.216 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8cf04cf372371106:SESSION-8cf04cf372371106	SESSION-8cf04cf372371106 → pe:syn:SESSION-8cf04cf372371106
FLOW_DST_PORTOBS	e:fp:flow:4cf92a078305:port:tcp:60225	flow:4cf92a078305 → port:tcp:60225
FLOW_TO_HOSTOBS	e:to:SESSION-1129a02e66df3e40:host:172.234.197.23	SESSION-1129a02e66df3e40 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:aa0e77b18e64:port:tcp:443	flow:aa0e77b18e64 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:d7fca1740005	flow:d7fca1740005 → host:172.234.197.23 → host:131.196.30.192 → port:tcp:64084
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7dbbf6b8420ecf88:host:172.234.197.23	SESSION-7dbbf6b8420ecf88 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e700dd1746307a02:host:172.234.197.23	SESSION-e700dd1746307a02 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:16d412ae36b6:port:tcp:443	flow:16d412ae36b6 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0d8801f02b141d30:host:172.234.197.23:host:131.196.28.134	SESSION-0d8801f02b141d30 → host:172.234.197.23 → host:131.196.28.134
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa38dbd858d86f82:host:177.10.237.122	SESSION-aa38dbd858d86f82 → host:177.10.237.122
flow_observed4-aryOBS	e:fo:flow:5c339219e6ad	flow:5c339219e6ad → host:172.234.197.23 → host:131.196.31.47 → port:tcp:19002
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-41172116812e3a49:PCAP:capture_20260430110001:43611bdf6759	SESSION-41172116812e3a49 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75ad621f5d402513:host:172.234.197.23	SESSION-75ad621f5d402513 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-21cd302cb5783965:flow:1760fdc53f75	SESSION-21cd302cb5783965 → flow:1760fdc53f75
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e074701a4b6d6566:SESSION-e074701a4b6d6566	SESSION-e074701a4b6d6566 → pe:tls:SESSION-e074701a4b6d6566
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a96ffc9fa12c0c5a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a96ffc9fa12c0c5a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-9eb85eb3deaacc18:host:172.234.197.23	SESSION-9eb85eb3deaacc18 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-07775d37dba558b0:BSG-DATA_EXFIL-c45ebda152e5	SESSION-07775d37dba558b0 → BSG-DATA_EXFIL-c45ebda152e5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1848195311cbff19:SESSION-1848195311cbff19	SESSION-1848195311cbff19 → pe:tls:SESSION-1848195311cbff19
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a776552d0ac90a05:flow:5141ce494628	SESSION-a776552d0ac90a05 → flow:5141ce494628
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0d74f533686cf043:flow:098d80ed7006	SESSION-0d74f533686cf043 → flow:098d80ed7006
FLOW_TO_HOSTOBS	e:to:SESSION-eade11f9b06e449a:host:172.234.197.23	SESSION-eade11f9b06e449a → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:71b70a01dbc1	flow:71b70a01dbc1 → host:172.234.197.23 → host:177.10.232.156 → port:tcp:38173
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd2928203fc01c8b:host:177.10.234.161	SESSION-dd2928203fc01c8b → host:177.10.234.161
FLOW_FROM_HOSTOBS	e:from:SESSION-c1947a05c179b1d2:host:131.196.28.79	SESSION-c1947a05c179b1d2 → host:131.196.28.79
FLOW_FROM_HOSTOBS	e:from:SESSION-b6dd65fa073f3265:host:185.231.226.194	SESSION-b6dd65fa073f3265 → host:185.231.226.194
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2f890b9cda6af294:flow:29edfa6459a1	SESSION-2f890b9cda6af294 → flow:29edfa6459a1
FLOW_TO_HOSTOBS	e:to:SESSION-b2aed99cc8c09f5c:host:172.234.197.23	SESSION-b2aed99cc8c09f5c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0634c65493dd9b22:host:172.234.197.23	SESSION-0634c65493dd9b22 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8fd3b31137a7f5f9:host:172.234.197.23	SESSION-8fd3b31137a7f5f9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:cb68c175ad52	flow:cb68c175ad52 → host:177.10.239.115 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:6d3d14b72c68:port:tcp:443	flow:6d3d14b72c68 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ded52056067d22b2:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-ded52056067d22b2 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.146:geo_-23.62930_-46.63510	host:131.196.30.146 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.129:geo_-23.62930_-46.63510	host:131.196.30.129 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51bc0a4af53b62cc:PCAP:capture_20260430060001:919b39a74464	SESSION-51bc0a4af53b62cc → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:34f88f44358a	flow:34f88f44358a → host:177.10.238.211 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:222d767cea80:port:tcp:14969	flow:222d767cea80 → port:tcp:14969
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e2edb47571c4ed35:SESSION-e2edb47571c4ed35	SESSION-e2edb47571c4ed35 → pe:syn:SESSION-e2edb47571c4ed35
flow_observed5-aryOBS	e:fo:flow:0691a722d6b7	flow:0691a722d6b7 → host:131.196.28.102 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.236:asn:262880	host:177.10.236.236 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fce590506c76a4f8:host:172.234.197.23	SESSION-fce590506c76a4f8 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:64.237.250.51:asn:10396	host:64.237.250.51 → asn:10396
FLOW_TO_HOSTOBS	e:to:SESSION-d55d0fcf91e9ec79:host:172.234.197.23	SESSION-d55d0fcf91e9ec79 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dd4c16dfff279521:SESSION-dd4c16dfff279521	SESSION-dd4c16dfff279521 → pe:tls:SESSION-dd4c16dfff279521
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2b9c1bf42f4683a2:flow:264b0ddf9e69	SESSION-2b9c1bf42f4683a2 → flow:264b0ddf9e69
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cb17c89d7425739:host:177.10.239.177	SESSION-6cb17c89d7425739 → host:177.10.239.177
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b4a3756900fa00c:flow:e15b40b855d0	SESSION-7b4a3756900fa00c → flow:e15b40b855d0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ffc4775cc215b441:host:131.196.29.26	SESSION-ffc4775cc215b441 → host:131.196.29.26
FLOW_TO_HOSTOBS	e:to:SESSION-e921959b541072de:host:172.234.197.23	SESSION-e921959b541072de → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-970263f3772afe71:host:45.173.156.38	SESSION-970263f3772afe71 → host:45.173.156.38
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f718644b6283d05d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-f718644b6283d05d → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-35561958c0468d3f:host:131.196.30.152:host:172.234.197.23	SESSION-35561958c0468d3f → host:131.196.30.152 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a4651c2a8eec0e6f:SESSION-a4651c2a8eec0e6f	SESSION-a4651c2a8eec0e6f → pe:syn:SESSION-a4651c2a8eec0e6f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3f953402fa48addf:SESSION-3f953402fa48addf	SESSION-3f953402fa48addf → pe:tls:SESSION-3f953402fa48addf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-921486915e849834:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-921486915e849834 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:079d8a1faf2e	flow:079d8a1faf2e → host:172.234.197.23 → host:131.196.29.150 → port:tcp:17588
FLOW_FROM_HOSTOBS	e:from:SESSION-d694cf0080c35c2f:host:177.10.234.103	SESSION-d694cf0080c35c2f → host:177.10.234.103
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.213:asn:262880	host:177.10.236.213 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8165f1476121226e:SESSION-8165f1476121226e	SESSION-8165f1476121226e → pe:tls:SESSION-8165f1476121226e
flow_observed4-aryOBS	e:fo:flow:c5aa2acab467	flow:c5aa2acab467 → host:172.234.197.23 → host:177.10.233.88 → port:tcp:50629
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.37:geo_-16.28860_-49.01640	host:177.10.239.37 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-05a7cad64bbe69e6:host:45.173.156.72	SESSION-05a7cad64bbe69e6 → host:45.173.156.72
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2117b91b7562ba94:PCAP:capture_20260430080001:93f47cc296a4	SESSION-2117b91b7562ba94 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-54b62e34296d5c17:host:172.234.197.23	SESSION-54b62e34296d5c17 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-56d3faf83e1ced7d:SESSION-56d3faf83e1ced7d	SESSION-56d3faf83e1ced7d → pe:tls:SESSION-56d3faf83e1ced7d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ade0b807fe10f93e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ade0b807fe10f93e → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b73ad2a19ec53d4:host:131.196.28.69	SESSION-5b73ad2a19ec53d4 → host:131.196.28.69
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a516ba4c4f8948a0:flow:6a29fa607f6c	SESSION-a516ba4c4f8948a0 → flow:6a29fa607f6c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-764219a5db7d50bc:host:131.196.30.189	SESSION-764219a5db7d50bc → host:131.196.30.189
FLOW_TO_HOSTOBS	e:to:SESSION-deb97792675d8a5d:host:172.234.197.23	SESSION-deb97792675d8a5d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c59a88aa03340e00:SESSION-c59a88aa03340e00	SESSION-c59a88aa03340e00 → pe:tls:SESSION-c59a88aa03340e00
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-11723453546179ac:host:131.196.30.148:host:172.234.197.23	SESSION-11723453546179ac → host:131.196.30.148 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7063a4bdff0e259c:host:172.234.197.23	SESSION-7063a4bdff0e259c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9fd8278b2f1d760d:flow:874f2acd2406	SESSION-9fd8278b2f1d760d → flow:874f2acd2406
FLOW_TO_HOSTOBS	e:to:SESSION-bf8660b1b7ea6f50:host:131.196.28.241	SESSION-bf8660b1b7ea6f50 → host:131.196.28.241
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-606a9e702080ed7e:SESSION-606a9e702080ed7e	SESSION-606a9e702080ed7e → pe:syn:SESSION-606a9e702080ed7e
FLOW_TO_HOSTOBS	e:to:SESSION-6e3139069f2c261e:host:177.10.235.75	SESSION-6e3139069f2c261e → host:177.10.235.75
flow_observed5-aryOBS	e:fo:flow:be27ca17f284	flow:be27ca17f284 → host:131.196.30.68 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9912439438040361:host:172.234.197.23	SESSION-9912439438040361 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5a7a08ae566a4a8b:host:172.234.197.23:host:177.10.232.208	SESSION-5a7a08ae566a4a8b → host:172.234.197.23 → host:177.10.232.208
FLOW_FROM_HOSTOBS	e:from:SESSION-90e5db50c9887f08:host:172.234.197.23	SESSION-90e5db50c9887f08 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6bf46c9eec8f990:host:177.10.237.89	SESSION-e6bf46c9eec8f990 → host:177.10.237.89
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b6d920a3cc562b13:SESSION-b6d920a3cc562b13	SESSION-b6d920a3cc562b13 → pe:tls:SESSION-b6d920a3cc562b13
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c35942669d0b12c8:host:95.56.227.200:host:172.234.197.23	SESSION-c35942669d0b12c8 → host:95.56.227.200 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77162e002cdf71b4:host:172.234.197.23	SESSION-77162e002cdf71b4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f042798b154a2bb2:host:172.234.197.23	SESSION-f042798b154a2bb2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5381df0c70f3b63:host:177.10.232.66	SESSION-a5381df0c70f3b63 → host:177.10.232.66
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-30ae225adc0bd1e0:flow:ae46cf6a525d	SESSION-30ae225adc0bd1e0 → flow:ae46cf6a525d
FLOW_DST_PORTOBS	e:fp:flow:a41a049c99f0:port:tcp:443	flow:a41a049c99f0 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-1d45ffa0c695899f:host:131.196.30.160	SESSION-1d45ffa0c695899f → host:131.196.30.160
FLOW_TO_HOSTOBS	e:to:SESSION-11a1cfec66708475:host:172.234.197.23	SESSION-11a1cfec66708475 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7a24ae76392ce429:SESSION-7a24ae76392ce429	SESSION-7a24ae76392ce429 → pe:syn:SESSION-7a24ae76392ce429
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-288c2773d91d95c9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-288c2773d91d95c9 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-6543ef151e834843:host:172.234.197.23	SESSION-6543ef151e834843 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e32df6cc4891bacc:flow:8e63ce94f50a	SESSION-e32df6cc4891bacc → flow:8e63ce94f50a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51bab49b2715dbc9:host:172.234.197.23	SESSION-51bab49b2715dbc9 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e1acc529e089:port:tcp:26570	flow:e1acc529e089 → port:tcp:26570
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.25:asn:262880	host:177.10.237.25 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0709d76f76f731c:host:131.196.31.194	SESSION-c0709d76f76f731c → host:131.196.31.194
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aae7a2cdf7b4e8cc:SESSION-aae7a2cdf7b4e8cc	SESSION-aae7a2cdf7b4e8cc → pe:tls:SESSION-aae7a2cdf7b4e8cc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-73bdc276c5a845ed:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-73bdc276c5a845ed → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:d47ed30c68c9:port:tcp:443	flow:d47ed30c68c9 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3be9919fc6df9ffa:SESSION-3be9919fc6df9ffa	SESSION-3be9919fc6df9ffa → pe:syn:SESSION-3be9919fc6df9ffa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-976978a22e52e06d:SESSION-976978a22e52e06d	SESSION-976978a22e52e06d → pe:syn:SESSION-976978a22e52e06d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc41b76983738bc7:SESSION-cc41b76983738bc7	SESSION-cc41b76983738bc7 → pe:syn:SESSION-cc41b76983738bc7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-39e4fa54be3b3e55:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-39e4fa54be3b3e55 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:d918f8fcd068:port:tcp:80	flow:d918f8fcd068 → port:tcp:80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9d9ed6ae798457b7:PCAP:capture_20260430050001:8868731bf8a4	SESSION-9d9ed6ae798457b7 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-95152bde385a2e89:host:131.196.28.249	SESSION-95152bde385a2e89 → host:131.196.28.249
FLOW_FROM_HOSTOBS	e:from:SESSION-117c00f29ed332ce:host:177.10.238.231	SESSION-117c00f29ed332ce → host:177.10.238.231
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0c4b638117ccca22:SESSION-0c4b638117ccca22	SESSION-0c4b638117ccca22 → pe:tls:SESSION-0c4b638117ccca22
flow_observed4-aryOBS	e:fo:flow:21fbd5ffa598	flow:21fbd5ffa598 → host:172.234.197.23 → host:177.10.237.14 → port:tcp:14940
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.197:asn:271410	host:131.196.30.197 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b9d47d1bafad5ad0:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b9d47d1bafad5ad0 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6585a8f099e9e465:SESSION-6585a8f099e9e465	SESSION-6585a8f099e9e465 → pe:tls:SESSION-6585a8f099e9e465
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d8938c8d43c3c288:SESSION-d8938c8d43c3c288	SESSION-d8938c8d43c3c288 → pe:tls:SESSION-d8938c8d43c3c288
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1af702d2aa4c9d9d:host:172.234.197.23	SESSION-1af702d2aa4c9d9d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c67539e40b0db6c0:host:131.196.31.100	SESSION-c67539e40b0db6c0 → host:131.196.31.100
FLOW_TO_HOSTOBS	e:to:SESSION-b68b7374dcfd0024:host:172.234.197.23	SESSION-b68b7374dcfd0024 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0fb65829cb27:port:tcp:808	flow:0fb65829cb27 → port:tcp:808
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7ab52a513e5ed877:SESSION-7ab52a513e5ed877	SESSION-7ab52a513e5ed877 → pe:tls:SESSION-7ab52a513e5ed877
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-fd2a5925828b8076:BSG-BEACON-c722144663f7	SESSION-fd2a5925828b8076 → BSG-BEACON-c722144663f7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e2676dbc5b99ef14:SESSION-e2676dbc5b99ef14	SESSION-e2676dbc5b99ef14 → pe:syn:SESSION-e2676dbc5b99ef14
FLOW_FROM_HOSTOBS	e:from:SESSION-b699e12e3fdc2278:host:177.10.236.115	SESSION-b699e12e3fdc2278 → host:177.10.236.115
flow_observed4-aryOBS	e:fo:flow:f01139f8d909	flow:f01139f8d909 → host:172.234.197.23 → host:131.196.29.242 → port:tcp:49660
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef7241157e60b5c0:host:172.234.197.23	SESSION-ef7241157e60b5c0 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ce2566c1c98d1aed:flow:dff89fe81332	SESSION-ce2566c1c98d1aed → flow:dff89fe81332
FLOW_TO_HOSTOBS	e:to:SESSION-ca44e56e93546a2c:host:131.196.31.185	SESSION-ca44e56e93546a2c → host:131.196.31.185
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ad7ae70426d3354:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5ad7ae70426d3354 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c9136bc11056d23d:flow:b22610351f52	SESSION-c9136bc11056d23d → flow:b22610351f52
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db0c4d22fd57aedf:SESSION-db0c4d22fd57aedf	SESSION-db0c4d22fd57aedf → pe:tls:SESSION-db0c4d22fd57aedf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9d2d17a1375ada26:host:54.222.137.228:host:172.234.197.23	SESSION-9d2d17a1375ada26 → host:54.222.137.228 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e331ebe372f514c8:flow:0972b3d8e255	SESSION-e331ebe372f514c8 → flow:0972b3d8e255
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.165:asn:262880	host:177.10.236.165 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-608f057a6e6e376d:host:172.234.197.23	SESSION-608f057a6e6e376d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-13b449bea21c4b54:host:177.10.236.22:host:172.234.197.23	SESSION-13b449bea21c4b54 → host:177.10.236.22 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dad6cf67ed488f0b:host:131.196.31.127:host:172.234.197.23	SESSION-dad6cf67ed488f0b → host:131.196.31.127 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e8b91ae2d236	flow:e8b91ae2d236 → host:177.10.233.87 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:3f3bc7b7f0bc:port:tcp:443	flow:3f3bc7b7f0bc → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2d53672361f048e5:host:172.234.197.23:host:177.10.239.153	SESSION-2d53672361f048e5 → host:172.234.197.23 → host:177.10.239.153
FLOW_TO_HOSTOBS	e:to:SESSION-0612d11703a94cf9:host:172.234.197.23	SESSION-0612d11703a94cf9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7fa8e5b00f80216f:PCAP:capture_20260430050001:8868731bf8a4	SESSION-7fa8e5b00f80216f → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:9f6b4e85da26:port:tcp:4584	flow:9f6b4e85da26 → port:tcp:4584
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79760fcdb710bc7a:host:172.234.197.23	SESSION-79760fcdb710bc7a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-687dc6215da3af8c:PCAP:capture_20260430090001:065659c7d314	SESSION-687dc6215da3af8c → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-557aaca226ee6bf8:SESSION-557aaca226ee6bf8	SESSION-557aaca226ee6bf8 → pe:tls:SESSION-557aaca226ee6bf8
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.130:geo_-23.62930_-46.63510	host:131.196.28.130 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5d1f774a6af2df76:flow:e507ba8a6b40	SESSION-5d1f774a6af2df76 → flow:e507ba8a6b40
FLOW_DST_PORTOBS	e:fp:flow:a3fe5d1002fc:port:tcp:443	flow:a3fe5d1002fc → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-862fcc949d847857:flow:0148015f0be7	SESSION-862fcc949d847857 → flow:0148015f0be7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3bedd6d77774b5e6:flow:dd39a1986418	SESSION-3bedd6d77774b5e6 → flow:dd39a1986418
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ae6c5a18819e9434:SESSION-ae6c5a18819e9434	SESSION-ae6c5a18819e9434 → pe:tls:SESSION-ae6c5a18819e9434
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9c4a3ef3072acfd2:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-9c4a3ef3072acfd2 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d84fd327ccf4e65:host:177.10.239.182	SESSION-5d84fd327ccf4e65 → host:177.10.239.182
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.216:asn:262880	host:177.10.238.216 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.148:geo_-23.62930_-46.63510	host:131.196.30.148 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-465906ddd8becee4:host:131.196.30.8:host:172.234.197.23	SESSION-465906ddd8becee4 → host:131.196.30.8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e167d585a8e48501:SESSION-e167d585a8e48501	SESSION-e167d585a8e48501 → pe:tls:SESSION-e167d585a8e48501
FLOW_FROM_HOSTOBS	e:from:SESSION-976978a22e52e06d:host:172.234.197.23	SESSION-976978a22e52e06d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-19279b7c3b267599:host:131.196.29.220	SESSION-19279b7c3b267599 → host:131.196.29.220
FLOW_FROM_HOSTOBS	e:from:SESSION-4d1df89a4cf6f008:host:177.10.237.74	SESSION-4d1df89a4cf6f008 → host:177.10.237.74
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7aec1fe7f0c7787b:host:172.234.197.23	SESSION-7aec1fe7f0c7787b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-996af5414634114f:SESSION-996af5414634114f	SESSION-996af5414634114f → pe:syn:SESSION-996af5414634114f
FLOW_DST_PORTOBS	e:fp:flow:6854fb7aca06:port:tcp:443	flow:6854fb7aca06 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-7dbbf6b8420ecf88:host:131.196.31.146	SESSION-7dbbf6b8420ecf88 → host:131.196.31.146
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-122af33beaf7e9c5:flow:b59aa54799af	SESSION-122af33beaf7e9c5 → flow:b59aa54799af
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.96:asn:262880	host:177.10.239.96 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-97344bc6f8ca22f4:host:131.196.30.103	SESSION-97344bc6f8ca22f4 → host:131.196.30.103
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-a82c7f51b8bc2f4f:BSG-BEACON-38c437a6a592	SESSION-a82c7f51b8bc2f4f → BSG-BEACON-38c437a6a592
FLOW_TO_HOSTOBS	e:to:SESSION-38485db7731deeee:host:177.10.233.53	SESSION-38485db7731deeee → host:177.10.233.53
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5b79680f4b436a5:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b5b79680f4b436a5 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-5dbf12d77f23d3eb:host:131.196.30.176	SESSION-5dbf12d77f23d3eb → host:131.196.30.176
flow_observed5-aryOBS	e:fo:flow:c46fe74e3b56	flow:c46fe74e3b56 → host:177.10.234.243 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-bb20bb92bfdba895:host:131.196.30.168	SESSION-bb20bb92bfdba895 → host:131.196.30.168
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:103.155.16.117:geo_1.29390_103.84610	host:103.155.16.117 → geo_1.29390_103.84610
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ee8a8be73e4592b1:SESSION-ee8a8be73e4592b1	SESSION-ee8a8be73e4592b1 → pe:syn:SESSION-ee8a8be73e4592b1
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.213:asn:262880	host:177.10.232.213 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-136e732c63cf53f4:PCAP:capture_20260430110001:43611bdf6759	SESSION-136e732c63cf53f4 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d58dc4e289d6c4c:host:172.234.197.23	SESSION-9d58dc4e289d6c4c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6944fe230f08618b:host:172.234.197.23	SESSION-6944fe230f08618b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33fdede36596a62f:host:172.234.197.23	SESSION-33fdede36596a62f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d9ef85fb3b83fc71:host:172.234.197.23:host:131.196.28.0	SESSION-d9ef85fb3b83fc71 → host:172.234.197.23 → host:131.196.28.0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-37617ebce6c7f9ac:SESSION-37617ebce6c7f9ac	SESSION-37617ebce6c7f9ac → pe:tls:SESSION-37617ebce6c7f9ac
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68ee3afa191e6305:flow:70d1374f7732	SESSION-68ee3afa191e6305 → flow:70d1374f7732
flow_observed5-aryOBS	e:fo:flow:b0e1058bd513	flow:b0e1058bd513 → host:177.10.235.88 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:0c9bce781e07	flow:0c9bce781e07 → host:177.10.238.90 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-00968abd3a9eec7e:host:177.10.237.76	SESSION-00968abd3a9eec7e → host:177.10.237.76
FLOW_FROM_HOSTOBS	e:from:SESSION-5816b4a8f681ef76:host:177.10.233.192	SESSION-5816b4a8f681ef76 → host:177.10.233.192
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b1f8267b24b78f93:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b1f8267b24b78f93 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.88:geo_-16.28860_-49.01640	host:177.10.235.88 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:6e3867982415:port:tcp:443	flow:6e3867982415 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.179:geo_-23.62930_-46.63510	host:131.196.30.179 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-794cf5b08878bd55:host:131.196.30.220	SESSION-794cf5b08878bd55 → host:131.196.30.220
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f10bf652ebbcd899:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f10bf652ebbcd899 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66f42b3418de6818:host:172.234.197.23	SESSION-66f42b3418de6818 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f302c09f7d22a8d1:host:172.234.197.23	SESSION-f302c09f7d22a8d1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-da64f1d11a78111b:flow:f7eb9287a4ce	SESSION-da64f1d11a78111b → flow:f7eb9287a4ce
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a29c9496c44f9fe8:SESSION-a29c9496c44f9fe8	SESSION-a29c9496c44f9fe8 → pe:tls:SESSION-a29c9496c44f9fe8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ea3a69414cbbc32d:SESSION-ea3a69414cbbc32d	SESSION-ea3a69414cbbc32d → pe:tls:SESSION-ea3a69414cbbc32d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b0c47b1e862acc1:host:131.196.29.165	SESSION-9b0c47b1e862acc1 → host:131.196.29.165
flow_observed5-aryOBS	e:fo:flow:5432e52c0c83	flow:5432e52c0c83 → host:131.196.30.138 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9a6aeb664ff97dbd:flow:c9e8ca0a8147	SESSION-9a6aeb664ff97dbd → flow:c9e8ca0a8147
flow_observed5-aryOBS	e:fo:flow:dfeeec60d377	flow:dfeeec60d377 → host:92.112.71.14 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-3d1337acddb52863:host:177.10.233.184	SESSION-3d1337acddb52863 → host:177.10.233.184
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eca69a208ab39d5f:PCAP:capture_20260430060001:919b39a74464	SESSION-eca69a208ab39d5f → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4c7b4cea62f376fb:SESSION-4c7b4cea62f376fb	SESSION-4c7b4cea62f376fb → pe:tls:SESSION-4c7b4cea62f376fb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-415d7b69c6628cc7:flow:4c33618c52a6	SESSION-415d7b69c6628cc7 → flow:4c33618c52a6
FLOW_TO_HOSTOBS	e:to:SESSION-2def334ee7bae1e1:host:172.234.197.23	SESSION-2def334ee7bae1e1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0228dcfe5eb3ed0e:host:177.10.235.1	SESSION-0228dcfe5eb3ed0e → host:177.10.235.1
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.140:asn:271410	host:131.196.31.140 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-019d89e6bcaa6e4e:host:177.10.236.170:host:172.234.197.23	SESSION-019d89e6bcaa6e4e → host:177.10.236.170 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-89fe4f171fdbfa97:SESSION-89fe4f171fdbfa97	SESSION-89fe4f171fdbfa97 → pe:rst:SESSION-89fe4f171fdbfa97
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-184aec41cea03479:host:177.10.232.253	SESSION-184aec41cea03479 → host:177.10.232.253
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-788920b93ac95b5f:host:172.234.197.23	SESSION-788920b93ac95b5f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cd248be3cf9515b5:PCAP:capture_20260430160001:9bfa4498506a	SESSION-cd248be3cf9515b5 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40d48b3e3ce773b5:host:52.12.196.158	SESSION-40d48b3e3ce773b5 → host:52.12.196.158
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-07775d37dba558b0:SESSION-07775d37dba558b0	SESSION-07775d37dba558b0 → pe:tls:SESSION-07775d37dba558b0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-035e17bf8c36a59b:host:177.10.237.6	SESSION-035e17bf8c36a59b → host:177.10.237.6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8300d990ddd9a21:host:172.234.197.23	SESSION-c8300d990ddd9a21 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a3e5489924b1:port:tcp:8842	flow:a3e5489924b1 → port:tcp:8842
FLOW_FROM_HOSTOBS	e:from:SESSION-94e9de291da3c2c9:host:177.10.236.156	SESSION-94e9de291da3c2c9 → host:177.10.236.156
FLOW_DST_PORTOBS	e:fp:flow:287e33120754:port:tcp:443	flow:287e33120754 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c7d8b58da7be6c5:host:172.234.197.23	SESSION-0c7d8b58da7be6c5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4883770547012399:flow:71fbdd137d18	SESSION-4883770547012399 → flow:71fbdd137d18
FLOW_DST_PORTOBS	e:fp:flow:906cde70820b:port:tcp:16118	flow:906cde70820b → port:tcp:16118
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40d48b3e3ce773b5:host:172.234.197.23	SESSION-40d48b3e3ce773b5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d220051223525d86:host:131.196.28.193	SESSION-d220051223525d86 → host:131.196.28.193
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0481c3a1b2d7b867:host:44.243.2.252	SESSION-0481c3a1b2d7b867 → host:44.243.2.252
FLOW_FROM_HOSTOBS	e:from:SESSION-c766f181ead012ae:host:92.112.71.21	SESSION-c766f181ead012ae → host:92.112.71.21
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-347bad418eab3a6f:SESSION-347bad418eab3a6f	SESSION-347bad418eab3a6f → pe:syn:SESSION-347bad418eab3a6f
FLOW_FROM_HOSTOBS	e:from:SESSION-af55ab527d360ebd:host:131.196.29.46	SESSION-af55ab527d360ebd → host:131.196.29.46
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.93:asn:262880	host:177.10.234.93 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-b578cd49b856e8a0:host:172.234.197.23	SESSION-b578cd49b856e8a0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d220051223525d86:SESSION-d220051223525d86	SESSION-d220051223525d86 → pe:syn:SESSION-d220051223525d86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3e9c01925d6f4319:SESSION-3e9c01925d6f4319	SESSION-3e9c01925d6f4319 → pe:syn:SESSION-3e9c01925d6f4319
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f951b8fc6e0dd11c:host:177.10.232.158:host:172.234.197.23	SESSION-f951b8fc6e0dd11c → host:177.10.232.158 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e26c1de83807ce87:host:177.10.233.182	SESSION-e26c1de83807ce87 → host:177.10.233.182
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-623bfc839a4f3b4e:flow:7d071d66e083	SESSION-623bfc839a4f3b4e → flow:7d071d66e083
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-29f2fc627b4350bb:host:131.196.29.5:host:172.234.197.23	SESSION-29f2fc627b4350bb → host:131.196.29.5 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-098ed7054a17b347:host:177.10.235.60	SESSION-098ed7054a17b347 → host:177.10.235.60
FLOW_TO_HOSTOBS	e:to:SESSION-8e33208793a04fae:host:172.234.197.23	SESSION-8e33208793a04fae → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-33075a11d7099c2b:host:131.196.29.140	SESSION-33075a11d7099c2b → host:131.196.29.140
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-22c25719fd1e6342:flow:b8efb0a2d1e0	SESSION-22c25719fd1e6342 → flow:b8efb0a2d1e0
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.97:asn:271410	host:131.196.30.97 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6d83a9aba23a117e:host:131.196.30.41:host:172.234.197.23	SESSION-6d83a9aba23a117e → host:131.196.30.41 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9e9c761e9ca1eb65:host:177.10.237.71	SESSION-9e9c761e9ca1eb65 → host:177.10.237.71
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-793bdbe15c87a87a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-793bdbe15c87a87a → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-60c160c47311ca12:host:47.129.136.46	SESSION-60c160c47311ca12 → host:47.129.136.46
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be24a8e57194faf0:flow:9764e892a4e4	SESSION-be24a8e57194faf0 → flow:9764e892a4e4
FLOW_FROM_HOSTOBS	e:from:SESSION-ac0f4c4f1d3b1c15:host:177.10.238.48	SESSION-ac0f4c4f1d3b1c15 → host:177.10.238.48
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc7ab250b87b35be:host:177.10.236.142:host:172.234.197.23	SESSION-cc7ab250b87b35be → host:177.10.236.142 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e1b90ecadb949fa3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e1b90ecadb949fa3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d85be3a5c3c244d6:host:172.234.197.23	SESSION-d85be3a5c3c244d6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6109906c198ad0ac:host:177.10.238.15	SESSION-6109906c198ad0ac → host:177.10.238.15
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf8660b1b7ea6f50:SESSION-bf8660b1b7ea6f50	SESSION-bf8660b1b7ea6f50 → pe:syn:SESSION-bf8660b1b7ea6f50
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ab75a0984f628f7a:flow:fd14252bea53	SESSION-ab75a0984f628f7a → flow:fd14252bea53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-33bdca28f4470cd7:SESSION-33bdca28f4470cd7	SESSION-33bdca28f4470cd7 → pe:syn:SESSION-33bdca28f4470cd7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c0e63fa095433d2:host:172.234.197.23	SESSION-4c0e63fa095433d2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4ab838db6e21:port:tcp:443	flow:4ab838db6e21 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:4c12ac92a068:port:tcp:443	flow:4c12ac92a068 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0228dcfe5eb3ed0e:flow:a74ed405a2a2	SESSION-0228dcfe5eb3ed0e → flow:a74ed405a2a2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65aa50b6e4bd0a70:PCAP:capture_20260430080001:93f47cc296a4	SESSION-65aa50b6e4bd0a70 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a5b4d581172cc71c:host:31.40.196.58:host:172.234.197.23	SESSION-a5b4d581172cc71c → host:31.40.196.58 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e44d3b0a0ee22cd6:host:131.196.28.159	SESSION-e44d3b0a0ee22cd6 → host:131.196.28.159
FLOW_FROM_HOSTOBS	e:from:SESSION-698d45df22ea2a48:host:172.234.197.23	SESSION-698d45df22ea2a48 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cf7009921f0152ab:host:131.196.28.148	SESSION-cf7009921f0152ab → host:131.196.28.148
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f2f5812045d2e3b:host:172.234.197.23	SESSION-6f2f5812045d2e3b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:16912badffa5	flow:16912badffa5 → host:95.135.228.14 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-18c88d2b92c30f28:host:172.234.197.23	SESSION-18c88d2b92c30f28 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e332f49c3a5896d2:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e332f49c3a5896d2 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-5cb3d18d192da5f3:host:177.10.235.86	SESSION-5cb3d18d192da5f3 → host:177.10.235.86
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.53:asn:271410	host:131.196.29.53 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7b35d3dad632382:host:177.10.235.212	SESSION-f7b35d3dad632382 → host:177.10.235.212
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ecc0c586896302d2:host:172.234.197.23	SESSION-ecc0c586896302d2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-21ced843a950a21a:host:177.10.233.112	SESSION-21ced843a950a21a → host:177.10.233.112
FLOW_DST_PORTOBS	e:fp:flow:863cf77a74ad:port:tcp:443	flow:863cf77a74ad → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-52ffcd7f81b035e2:SESSION-52ffcd7f81b035e2	SESSION-52ffcd7f81b035e2 → pe:syn:SESSION-52ffcd7f81b035e2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-019d89e6bcaa6e4e:host:177.10.236.170	SESSION-019d89e6bcaa6e4e → host:177.10.236.170
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a207ecea3558884:host:172.232.0.17	SESSION-9a207ecea3558884 → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8b5f689fd50e4895:flow:e9e202723533	SESSION-8b5f689fd50e4895 → flow:e9e202723533
flow_observed4-aryOBS	e:fo:flow:13647d1a55ac	flow:13647d1a55ac → host:172.234.197.23 → host:45.173.156.219 → port:tcp:56668
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-b947f5515d64f3f8:BSG-BEACON-9ff93f2bd63e	SESSION-b947f5515d64f3f8 → BSG-BEACON-9ff93f2bd63e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-75251a40e4bc6a46:host:45.173.156.72:host:172.234.197.23	SESSION-75251a40e4bc6a46 → host:45.173.156.72 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6752f583f7e09519:flow:e0ce7693c786	SESSION-6752f583f7e09519 → flow:e0ce7693c786
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a1ec79192d74c7af:SESSION-a1ec79192d74c7af	SESSION-a1ec79192d74c7af → pe:tls:SESSION-a1ec79192d74c7af
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-02199a3eaa60c28c:flow:444ebb738d2a	SESSION-02199a3eaa60c28c → flow:444ebb738d2a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6f5b8d372cd42441:host:172.234.197.23:host:177.10.237.52	SESSION-6f5b8d372cd42441 → host:172.234.197.23 → host:177.10.237.52
FLOW_DST_PORTOBS	e:fp:flow:c2b8c61368a6:port:tcp:443	flow:c2b8c61368a6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ffc4775cc215b441:host:172.234.197.23	SESSION-ffc4775cc215b441 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-131cbd262c833b9b:host:177.10.235.253	SESSION-131cbd262c833b9b → host:177.10.235.253
flow_observed5-aryOBS	e:fo:flow:3a460404baad	flow:3a460404baad → host:199.16.157.181 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c787945ac898609:host:131.196.28.228	SESSION-3c787945ac898609 → host:131.196.28.228
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-621f2e97c51ae8e1:SESSION-621f2e97c51ae8e1	SESSION-621f2e97c51ae8e1 → pe:rst:SESSION-621f2e97c51ae8e1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2e8105cbb514d7cf:host:172.234.197.23:host:177.10.237.182	SESSION-2e8105cbb514d7cf → host:172.234.197.23 → host:177.10.237.182
FLOW_TO_HOSTOBS	e:to:SESSION-6d2d33fef3a69334:host:172.234.197.23	SESSION-6d2d33fef3a69334 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:80.94.92.182:asn:47890	host:80.94.92.182 → asn:47890
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fd437604af995a2a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-fd437604af995a2a → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-550b52f6103256cd:host:177.10.237.251:host:172.234.197.23	SESSION-550b52f6103256cd → host:177.10.237.251 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-41c82fa43395463b:host:45.173.156.120	SESSION-41c82fa43395463b → host:45.173.156.120
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-745809bcd8ad6979:host:108.217.180.26	SESSION-745809bcd8ad6979 → host:108.217.180.26
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.255:geo_-23.62930_-46.63510	host:131.196.28.255 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.230:asn:273470	host:45.173.156.230 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f0dd74fd8f314e65:SESSION-f0dd74fd8f314e65	SESSION-f0dd74fd8f314e65 → pe:syn:SESSION-f0dd74fd8f314e65
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0df43d2721e666e:SESSION-c0df43d2721e666e	SESSION-c0df43d2721e666e → pe:tls:SESSION-c0df43d2721e666e
FLOW_FROM_HOSTOBS	e:from:SESSION-010644d8880e6139:host:172.234.197.23	SESSION-010644d8880e6139 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d0eed4caabbe	flow:d0eed4caabbe → host:172.234.197.23 → host:131.196.31.86 → port:tcp:27044
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a390ade8fe745ada:flow:4ca6b5fbbb83	SESSION-a390ade8fe745ada → flow:4ca6b5fbbb83
FLOW_TO_HOSTOBS	e:to:SESSION-9886228ef28af254:host:177.10.233.88	SESSION-9886228ef28af254 → host:177.10.233.88
FLOW_FROM_HOSTOBS	e:from:SESSION-7ccf0be9923f197d:host:131.196.30.182	SESSION-7ccf0be9923f197d → host:131.196.30.182
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.177:geo_-16.28860_-49.01640	host:177.10.237.177 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7858b3452cd9a479:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-7858b3452cd9a479 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-92c4be10fc1322be:host:177.10.236.51:host:172.234.197.23	SESSION-92c4be10fc1322be → host:177.10.236.51 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-23deab886ec517b0:PCAP:capture_20260430110001:43611bdf6759	SESSION-23deab886ec517b0 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65274afd8d8bc249:SESSION-65274afd8d8bc249	SESSION-65274afd8d8bc249 → pe:syn:SESSION-65274afd8d8bc249
FLOW_TO_HOSTOBS	e:to:SESSION-d846bfa2b8f8474d:host:172.234.197.23	SESSION-d846bfa2b8f8474d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e4bb5568f0e725a3:host:172.234.197.23	SESSION-e4bb5568f0e725a3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-68f16c2935c85e73:SESSION-68f16c2935c85e73	SESSION-68f16c2935c85e73 → pe:syn:SESSION-68f16c2935c85e73
FLOW_DST_PORTOBS	e:fp:flow:63ccea984296:port:tcp:80	flow:63ccea984296 → port:tcp:80
FLOW_DST_PORTOBS	e:fp:flow:3d555bea47e9:port:tcp:443	flow:3d555bea47e9 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-252ece6cab0420bc:host:172.234.197.23:host:177.10.235.252	SESSION-252ece6cab0420bc → host:172.234.197.23 → host:177.10.235.252
FLOW_FROM_HOSTOBS	e:from:SESSION-97a6ca320e2242f6:host:177.10.237.152	SESSION-97a6ca320e2242f6 → host:177.10.237.152
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1acc74ca4adb622d:SESSION-1acc74ca4adb622d	SESSION-1acc74ca4adb622d → pe:syn:SESSION-1acc74ca4adb622d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.109:geo_-16.28860_-49.01640	host:177.10.238.109 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5cd00671f435cc6:host:177.10.233.254	SESSION-d5cd00671f435cc6 → host:177.10.233.254
FLOW_TO_HOSTOBS	e:to:SESSION-efb63adb0418d7f8:host:172.234.197.23	SESSION-efb63adb0418d7f8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0c2b465240e5:port:tcp:443	flow:0c2b465240e5 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ec91eda6d4bd732e:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ec91eda6d4bd732e → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-625fc1856b5bb87f:SESSION-625fc1856b5bb87f	SESSION-625fc1856b5bb87f → pe:syn:SESSION-625fc1856b5bb87f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e44d3b0a0ee22cd6:SESSION-e44d3b0a0ee22cd6	SESSION-e44d3b0a0ee22cd6 → pe:tls:SESSION-e44d3b0a0ee22cd6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7ab46af96ea11edd:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7ab46af96ea11edd → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.75.171.21:geo_48.85820_2.33870	host:51.75.171.21 → geo_48.85820_2.33870
FLOW_FROM_HOSTOBS	e:from:SESSION-dc085f76ab1a4e2b:host:45.173.156.116	SESSION-dc085f76ab1a4e2b → host:45.173.156.116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81c3f53ebeacb521:host:172.234.197.23	SESSION-81c3f53ebeacb521 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-924bf50c0164bb1b:host:177.10.239.239	SESSION-924bf50c0164bb1b → host:177.10.239.239
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb59d1b27c368873:PCAP:capture_20260430060001:919b39a74464	SESSION-cb59d1b27c368873 → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:31cbf3dba87c	flow:31cbf3dba87c → host:131.196.30.75 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-12b2fb0a733c24b6:PCAP:capture_20260430110001:43611bdf6759	SESSION-12b2fb0a733c24b6 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8cf2e3dd1491b22c:SESSION-8cf2e3dd1491b22c	SESSION-8cf2e3dd1491b22c → pe:tls:SESSION-8cf2e3dd1491b22c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7f859cb03c026fc:host:172.234.197.23	SESSION-a7f859cb03c026fc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb7b7dca9012c682:host:172.234.197.23	SESSION-eb7b7dca9012c682 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d58dc4e289d6c4c:host:177.10.239.140	SESSION-9d58dc4e289d6c4c → host:177.10.239.140
FLOW_TO_HOSTOBS	e:to:SESSION-e271128847ae06df:host:177.10.235.111	SESSION-e271128847ae06df → host:177.10.235.111
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-38fb62728f2b5e64:SESSION-38fb62728f2b5e64	SESSION-38fb62728f2b5e64 → pe:tls:SESSION-38fb62728f2b5e64
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6c8dea047b3a203b:PCAP:capture_20260430150001:ded20914761d	SESSION-6c8dea047b3a203b → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ca442589a0a5e5d:host:177.10.236.115	SESSION-3ca442589a0a5e5d → host:177.10.236.115
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-666cc538c7e1a156:host:172.234.197.23	SESSION-666cc538c7e1a156 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.220:geo_-16.28860_-49.01640	host:177.10.239.220 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-02836b6eb824cc45:PCAP:capture_20260430160001:9bfa4498506a	SESSION-02836b6eb824cc45 → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.4:geo_41.02140_28.99480	host:31.40.196.4 → geo_41.02140_28.99480
FLOW_FROM_HOSTOBS	e:from:SESSION-e77787f9a5bab711:host:172.234.197.23	SESSION-e77787f9a5bab711 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3c787945ac898609:flow:2bd4f5d8a688	SESSION-3c787945ac898609 → flow:2bd4f5d8a688
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-caadff286c632ea0:flow:91f35460d00f	SESSION-caadff286c632ea0 → flow:91f35460d00f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9cd2627e6ddbbad1:host:131.196.31.4	SESSION-9cd2627e6ddbbad1 → host:131.196.31.4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c24af053222fbf1:host:172.234.197.23	SESSION-5c24af053222fbf1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-41808c8c85c3c4d3:PCAP:capture_20260430050001:8868731bf8a4	SESSION-41808c8c85c3c4d3 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-42ed5696c9e60897:SESSION-42ed5696c9e60897	SESSION-42ed5696c9e60897 → pe:tls:SESSION-42ed5696c9e60897
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb0c069bf1f40e5a:host:172.234.197.23	SESSION-bb0c069bf1f40e5a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.139:geo_-16.28860_-49.01640	host:177.10.238.139 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:8afecebd30fc:port:tcp:443	flow:8afecebd30fc → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee8a8be73e4592b1:host:172.234.197.23	SESSION-ee8a8be73e4592b1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8d6efdf3cd688f1:host:131.196.29.125	SESSION-f8d6efdf3cd688f1 → host:131.196.29.125
flow_observed5-aryOBS	e:fo:flow:85ecd73a7e83	flow:85ecd73a7e83 → host:177.10.239.167 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dc3f24e93e3e0fb3:host:172.234.197.23	SESSION-dc3f24e93e3e0fb3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54b62e34296d5c17:host:172.234.197.23	SESSION-54b62e34296d5c17 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:099a35dadd87:port:tcp:35172	flow:099a35dadd87 → port:tcp:35172
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54704a8587620f8b:host:45.173.156.47	SESSION-54704a8587620f8b → host:45.173.156.47
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2754fb6a113c6b7:host:172.234.197.23	SESSION-b2754fb6a113c6b7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96f4af5cf9f3425a:flow:6af774f9a8b1	SESSION-96f4af5cf9f3425a → flow:6af774f9a8b1
FLOW_TO_HOSTOBS	e:to:SESSION-420c45d015462611:host:172.234.197.23	SESSION-420c45d015462611 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fcd4658ed0002284:host:172.234.197.23	SESSION-fcd4658ed0002284 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f5941954cc437ab4:SESSION-f5941954cc437ab4	SESSION-f5941954cc437ab4 → pe:syn:SESSION-f5941954cc437ab4
FLOW_FROM_HOSTOBS	e:from:SESSION-030a81db4532bd3a:host:172.234.197.23	SESSION-030a81db4532bd3a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be0f12df58cf6d46:flow:906538b5397b	SESSION-be0f12df58cf6d46 → flow:906538b5397b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-73436bd95d7b2637:flow:da6a789b8ed7	SESSION-73436bd95d7b2637 → flow:da6a789b8ed7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a19951f5f7590fa9:SESSION-a19951f5f7590fa9	SESSION-a19951f5f7590fa9 → pe:syn:SESSION-a19951f5f7590fa9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.139:geo_-16.28860_-49.01640	host:177.10.237.139 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f776838979623936:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f776838979623936 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-26f197960c59c7f7:host:172.234.197.23	SESSION-26f197960c59c7f7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cdd13464c217a214:flow:867a800da0e4	SESSION-cdd13464c217a214 → flow:867a800da0e4
FLOW_TO_HOSTOBS	e:to:SESSION-7fd72175928a8e59:host:172.234.197.23	SESSION-7fd72175928a8e59 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7ee8538a8ddcb6ee:flow:c06629cf706b	SESSION-7ee8538a8ddcb6ee → flow:c06629cf706b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-84a1a640eb0d0e14:SESSION-84a1a640eb0d0e14	SESSION-84a1a640eb0d0e14 → pe:tls:SESSION-84a1a640eb0d0e14
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.254:asn:271410	host:131.196.28.254 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-489ca31c7f776997:host:131.196.29.177:host:172.234.197.23	SESSION-489ca31c7f776997 → host:131.196.29.177 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a720c7dde0362052:host:177.10.238.220	SESSION-a720c7dde0362052 → host:177.10.238.220
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.230:geo_-16.28860_-49.01640	host:177.10.235.230 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07e54ca458e8eeab:host:45.173.156.21	SESSION-07e54ca458e8eeab → host:45.173.156.21
FLOW_FROM_HOSTOBS	e:from:SESSION-4904f64e7943cb47:host:172.234.197.23	SESSION-4904f64e7943cb47 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7f77535316d56a4c:host:56.155.73.64	SESSION-7f77535316d56a4c → host:56.155.73.64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-932a817ddabc353f:host:177.10.239.122	SESSION-932a817ddabc353f → host:177.10.239.122
FLOW_DST_PORTOBS	e:fp:flow:e09580f25865:port:tcp:443	flow:e09580f25865 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-875fd6bdbe4ae339:host:172.234.197.23	SESSION-875fd6bdbe4ae339 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2f93cb0de4645e47:SESSION-2f93cb0de4645e47	SESSION-2f93cb0de4645e47 → pe:tls:SESSION-2f93cb0de4645e47
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.216:geo_-23.62930_-46.63510	host:131.196.28.216 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-a8694ae6f41e5eb8:host:172.234.197.23	SESSION-a8694ae6f41e5eb8 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.165:asn:262880	host:177.10.239.165 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5e816643ff0559e8:flow:fff8d3de1b9c	SESSION-5e816643ff0559e8 → flow:fff8d3de1b9c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d2c659a567a628e2:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d2c659a567a628e2 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-21640db65210a47d:host:131.196.28.93	SESSION-21640db65210a47d → host:131.196.28.93
FLOW_FROM_HOSTOBS	e:from:SESSION-887f47388267b095:host:177.10.237.61	SESSION-887f47388267b095 → host:177.10.237.61
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5e8c587e48bf8617:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5e8c587e48bf8617 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-16ea01a17fc6b7f7:host:172.234.197.23	SESSION-16ea01a17fc6b7f7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dc82e917a0ac0289:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-dc82e917a0ac0289 → PCAP:capture_20260430100001:55715ebbe6bf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.39:geo_-16.28860_-49.01640	host:177.10.237.39 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:3dee28b4049d:port:tcp:443	flow:3dee28b4049d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d4ae68a057da74d:host:172.234.197.23	SESSION-5d4ae68a057da74d → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:3882f120ecd6	flow:3882f120ecd6 → host:172.234.197.23 → host:45.173.156.188 → port:tcp:11335
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-488c9c462e491ad2:flow:01bad0e68b5f	SESSION-488c9c462e491ad2 → flow:01bad0e68b5f
FLOW_DST_PORTOBS	e:fp:flow:9a9c7e2c78e9:port:tcp:24325	flow:9a9c7e2c78e9 → port:tcp:24325
FLOW_FROM_HOSTOBS	e:from:SESSION-6cbb8d1d16f40477:host:172.234.197.23	SESSION-6cbb8d1d16f40477 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-17e08e972fb579a9:flow:1c5cadac5198	SESSION-17e08e972fb579a9 → flow:1c5cadac5198
flow_observed4-aryOBS	e:fo:flow:318f852456b4	flow:318f852456b4 → host:172.234.197.23 → host:177.10.234.116 → port:tcp:42665
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-305a85099066f209:flow:ead47c2cac82	SESSION-305a85099066f209 → flow:ead47c2cac82
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bfc33587dc4bfad3:host:177.10.234.160:host:172.234.197.23	SESSION-bfc33587dc4bfad3 → host:177.10.234.160 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9868c83546c2d563:flow:41860dd78d25	SESSION-9868c83546c2d563 → flow:41860dd78d25
FLOW_DST_PORTOBS	e:fp:flow:e7c4ea58d513:port:tcp:443	flow:e7c4ea58d513 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-20e3655a208f66c6:SESSION-20e3655a208f66c6	SESSION-20e3655a208f66c6 → pe:tls:SESSION-20e3655a208f66c6
FLOW_DST_PORTOBS	e:fp:flow:15af48869be8:port:tcp:443	flow:15af48869be8 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-f4a86c40e28bf330:host:172.234.197.23	SESSION-f4a86c40e28bf330 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f39fdcb76f4b9f9d:host:177.10.237.63	SESSION-f39fdcb76f4b9f9d → host:177.10.237.63
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6617d8dfad1357d9:SESSION-6617d8dfad1357d9	SESSION-6617d8dfad1357d9 → pe:tls:SESSION-6617d8dfad1357d9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31126205fa7b72e3:host:177.10.239.197	SESSION-31126205fa7b72e3 → host:177.10.239.197
FLOW_FROM_HOSTOBS	e:from:SESSION-01e9e36dd29e3f1f:host:177.10.235.169	SESSION-01e9e36dd29e3f1f → host:177.10.235.169
FLOW_FROM_HOSTOBS	e:from:SESSION-13b449bea21c4b54:host:177.10.236.22	SESSION-13b449bea21c4b54 → host:177.10.236.22
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-40dbede277a2e1b2:flow:d9ed76e0b4a9	SESSION-40dbede277a2e1b2 → flow:d9ed76e0b4a9
flow_observed4-aryOBS	e:fo:flow:f4275370abdd	flow:f4275370abdd → host:172.234.197.23 → host:131.196.28.140 → port:tcp:55939
FLOW_FROM_HOSTOBS	e:from:SESSION-c382f6b8063de44f:host:131.196.30.9	SESSION-c382f6b8063de44f → host:131.196.30.9
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-febabcac2b03c9d1:BSG-BEACON-44d72b66ad6e	SESSION-febabcac2b03c9d1 → BSG-BEACON-44d72b66ad6e
ASN_IN_ORGOBS 80%	e:ao:asn:206406:org:C BEYOND s.a.l	asn:206406 → org:C BEYOND s.a.l
FLOW_TO_HOSTOBS	e:to:SESSION-b7845496c0c03c20:host:172.234.197.23	SESSION-b7845496c0c03c20 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bc308b17bca42662:host:51.75.171.21	SESSION-bc308b17bca42662 → host:51.75.171.21
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-836e4ff4bdb8da04:host:172.234.197.23	SESSION-836e4ff4bdb8da04 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf132b40533c7dcc:SESSION-bf132b40533c7dcc	SESSION-bf132b40533c7dcc → pe:tls:SESSION-bf132b40533c7dcc
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.119:geo_-23.62930_-46.63510	host:131.196.29.119 → geo_-23.62930_-46.63510
flow_observed4-aryOBS	e:fo:flow:91467d68ee29	flow:91467d68ee29 → host:172.234.197.23 → host:177.10.237.60 → port:tcp:1157
FLOW_TO_HOSTOBS	e:to:SESSION-0229340abc854c0d:host:177.10.233.185	SESSION-0229340abc854c0d → host:177.10.233.185
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.7:geo_-21.10010_-41.69200	host:45.173.156.7 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2a34ec08b35e90b0:SESSION-2a34ec08b35e90b0	SESSION-2a34ec08b35e90b0 → pe:tls:SESSION-2a34ec08b35e90b0
FLOW_DST_PORTOBS	e:fp:flow:916363bfbc8d:port:tcp:11628	flow:916363bfbc8d → port:tcp:11628
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dd2928203fc01c8b:SESSION-dd2928203fc01c8b	SESSION-dd2928203fc01c8b → pe:syn:SESSION-dd2928203fc01c8b
FLOW_TO_HOSTOBS	e:to:SESSION-c3bfd44b04badb9b:host:172.234.197.23	SESSION-c3bfd44b04badb9b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8132ea082e988f13:host:172.234.197.23	SESSION-8132ea082e988f13 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:524c0b13b3f7:port:tcp:443	flow:524c0b13b3f7 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-f81fa7919a8c03a8:host:172.234.197.23	SESSION-f81fa7919a8c03a8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-275d804358752875:host:172.234.197.23	SESSION-275d804358752875 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e01d63cbcaad0b90:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e01d63cbcaad0b90 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:f86bd24cbebe:port:tcp:15364	flow:f86bd24cbebe → port:tcp:15364
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5940a5357983452d:host:172.234.197.23:host:177.10.234.114	SESSION-5940a5357983452d → host:172.234.197.23 → host:177.10.234.114
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ce1a5aa06c53f62:host:172.234.197.23	SESSION-8ce1a5aa06c53f62 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.90:asn:271410	host:131.196.31.90 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.158:asn:262880	host:177.10.237.158 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4fb8a50f2916880:host:172.234.197.23	SESSION-d4fb8a50f2916880 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1057767eda3c24b1:PCAP:capture_20260430110001:43611bdf6759	SESSION-1057767eda3c24b1 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-e8f7fc765f54b5ec:host:131.196.29.4	SESSION-e8f7fc765f54b5ec → host:131.196.29.4
flow_observed5-aryOBS	e:fo:flow:3577a02a28d0	flow:3577a02a28d0 → host:45.173.156.219 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-c7ece8090c9a4b7f:host:172.234.197.23	SESSION-c7ece8090c9a4b7f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41eaa3dd80eab155:host:45.173.156.193	SESSION-41eaa3dd80eab155 → host:45.173.156.193
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db3c6ad3393f14ad:PCAP:capture_20260430050001:8868731bf8a4	SESSION-db3c6ad3393f14ad → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-3e9c01925d6f4319:host:172.234.197.23	SESSION-3e9c01925d6f4319 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6b6e18a39fae0db6:flow:9b4ed8f29561	SESSION-6b6e18a39fae0db6 → flow:9b4ed8f29561
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-364513c2995bfd3b:flow:bd9cbeb07997	SESSION-364513c2995bfd3b → flow:bd9cbeb07997
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dd05928698dec5c4:flow:dce69c8399be	SESSION-dd05928698dec5c4 → flow:dce69c8399be
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0e6f218d3e359434:flow:84b115f7b002	SESSION-0e6f218d3e359434 → flow:84b115f7b002
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-91da8f4807f085e6:PCAP:capture_20260430080001:93f47cc296a4	SESSION-91da8f4807f085e6 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d8d89328eefc28d4:SESSION-d8d89328eefc28d4	SESSION-d8d89328eefc28d4 → pe:tls:SESSION-d8d89328eefc28d4
flow_observed5-aryOBS	e:fo:flow:6c8243309e3c	flow:6c8243309e3c → host:177.10.239.84 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77690ed69567f90d:host:131.196.30.33:host:172.234.197.23	SESSION-77690ed69567f90d → host:131.196.30.33 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3831f1a5ed6fd2c0:host:172.234.197.23:host:131.196.28.143	SESSION-3831f1a5ed6fd2c0 → host:172.234.197.23 → host:131.196.28.143
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-656bb895abc59727:host:177.10.237.49:host:172.234.197.23	SESSION-656bb895abc59727 → host:177.10.237.49 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-33db7a85fa9e759a:host:131.196.31.237	SESSION-33db7a85fa9e759a → host:131.196.31.237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ed3c0cac572dff6:host:45.173.156.37	SESSION-9ed3c0cac572dff6 → host:45.173.156.37
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-58f2a638c6bf8581:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-58f2a638c6bf8581 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-95229bbdec6f8a74:PCAP:capture_20260430110001:43611bdf6759	SESSION-95229bbdec6f8a74 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fe84550c6b54c988:SESSION-fe84550c6b54c988	SESSION-fe84550c6b54c988 → pe:syn:SESSION-fe84550c6b54c988
FLOW_FROM_HOSTOBS	e:from:SESSION-58eea5e67f2190af:host:172.234.197.23	SESSION-58eea5e67f2190af → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:cf10ff39f766	flow:cf10ff39f766 → host:131.196.28.246 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:8321c7f9dc7e	flow:8321c7f9dc7e → host:177.10.234.203 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-40ef48225b459fb9:SESSION-40ef48225b459fb9	SESSION-40ef48225b459fb9 → pe:syn:SESSION-40ef48225b459fb9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-49fc7ea897578489:host:45.145.152.169:host:172.234.197.23	SESSION-49fc7ea897578489 → host:45.145.152.169 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d30bf1800064cde2:SESSION-d30bf1800064cde2	SESSION-d30bf1800064cde2 → pe:tls:SESSION-d30bf1800064cde2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9e1cb285535c63d0:flow:82e56c143909	SESSION-9e1cb285535c63d0 → flow:82e56c143909
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f6c80d4cd630a20:host:177.10.233.10	SESSION-5f6c80d4cd630a20 → host:177.10.233.10
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8d2a460a472c4c29:host:131.196.28.254:host:172.234.197.23	SESSION-8d2a460a472c4c29 → host:131.196.28.254 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c716fd204e4ddd99:host:172.234.197.23:host:172.232.0.17	SESSION-c716fd204e4ddd99 → host:172.234.197.23 → host:172.232.0.17
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ce17c1c4b6f006e0:host:177.10.234.249:host:172.234.197.23	SESSION-ce17c1c4b6f006e0 → host:177.10.234.249 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-da7125a184793aeb:host:172.234.197.23	SESSION-da7125a184793aeb → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f3cf945d3d1ddd41:host:172.234.197.23	SESSION-f3cf945d3d1ddd41 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d2bd33124f4a	flow:d2bd33124f4a → host:172.234.197.23 → host:45.173.156.239 → port:tcp:20197
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-633c88960b55f389:flow:9c88e1747080	SESSION-633c88960b55f389 → flow:9c88e1747080
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.185:asn:271410	host:131.196.30.185 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ee625266e5aa068:host:172.234.197.23	SESSION-5ee625266e5aa068 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b951a656f8db:port:tcp:443	flow:b951a656f8db → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8fb17d6554827f30:SESSION-8fb17d6554827f30	SESSION-8fb17d6554827f30 → pe:tls:SESSION-8fb17d6554827f30
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bc4f127cbdf1d5a3:host:177.10.235.121:host:172.234.197.23	SESSION-bc4f127cbdf1d5a3 → host:177.10.235.121 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-07139a9423b3d79f:host:172.234.197.23	SESSION-07139a9423b3d79f → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.89:geo_-16.28860_-49.01640	host:177.10.234.89 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fa0b840fdb1355d3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-fa0b840fdb1355d3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fa0b840fdb1355d3:SESSION-fa0b840fdb1355d3	SESSION-fa0b840fdb1355d3 → pe:tls:SESSION-fa0b840fdb1355d3
FLOW_DST_PORTOBS	e:fp:flow:2111fdd56ba5:port:tcp:443	flow:2111fdd56ba5 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4673fb47ee0c5a9:PCAP:capture_20260430090001:065659c7d314	SESSION-d4673fb47ee0c5a9 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-2e920b338cbbee7b:host:172.234.197.23	SESSION-2e920b338cbbee7b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-14ec4f61373e7262:host:177.10.233.67:host:172.234.197.23	SESSION-14ec4f61373e7262 → host:177.10.233.67 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-97c8a314f3fd1c5a:host:172.234.197.23	SESSION-97c8a314f3fd1c5a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-160e5a0882acae87:flow:32711f82649a	SESSION-160e5a0882acae87 → flow:32711f82649a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-32012e3b5048e415:SESSION-32012e3b5048e415	SESSION-32012e3b5048e415 → pe:tls:SESSION-32012e3b5048e415
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2bb4f19f005244d2:host:172.234.197.23	SESSION-2bb4f19f005244d2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-acae490ef1211ca7:SESSION-acae490ef1211ca7	SESSION-acae490ef1211ca7 → pe:tls:SESSION-acae490ef1211ca7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ed5a5f4d7e8650f:SESSION-6ed5a5f4d7e8650f	SESSION-6ed5a5f4d7e8650f → pe:tls:SESSION-6ed5a5f4d7e8650f
FLOW_FROM_HOSTOBS	e:from:SESSION-47fa70a72a159eed:host:177.10.236.95	SESSION-47fa70a72a159eed → host:177.10.236.95
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-58eea5e67f2190af:flow:92f0c3db5e8f	SESSION-58eea5e67f2190af → flow:92f0c3db5e8f
FLOW_FROM_HOSTOBS	e:from:SESSION-9d2d17a1375ada26:host:54.222.137.228	SESSION-9d2d17a1375ada26 → host:54.222.137.228
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.187:asn:262880	host:177.10.234.187 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8327be02acf872a5:PCAP:capture_20260430070001:903a0e7a436b	SESSION-8327be02acf872a5 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:1f7e322aca34:port:tcp:51620	flow:1f7e322aca34 → port:tcp:51620
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.16:geo_-16.28860_-49.01640	host:177.10.239.16 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:d2892ce86f73:port:tcp:443	flow:d2892ce86f73 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57ceaaaea8de5082:host:172.234.197.23	SESSION-57ceaaaea8de5082 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-34a5ce0f23d7a2a1:host:172.234.197.23:host:177.10.237.166	SESSION-34a5ce0f23d7a2a1 → host:172.234.197.23 → host:177.10.237.166
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.226:asn:262880	host:177.10.237.226 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8de6c1be9d0210fa:host:95.170.25.208	SESSION-8de6c1be9d0210fa → host:95.170.25.208
flow_observed4-aryOBS	e:fo:flow:554ec8997792	flow:554ec8997792 → host:172.234.197.23 → host:177.10.236.139 → port:tcp:64816
flow_observed5-aryOBS	e:fo:flow:1b9bafe320dc	flow:1b9bafe320dc → host:131.196.31.60 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1d806fe7541c4b2:host:131.196.28.115	SESSION-e1d806fe7541c4b2 → host:131.196.28.115
FLOW_TO_HOSTOBS	e:to:SESSION-160e5a0882acae87:host:131.196.31.187	SESSION-160e5a0882acae87 → host:131.196.31.187
FLOW_FROM_HOSTOBS	e:from:SESSION-650fd2b828a7b477:host:172.234.197.23	SESSION-650fd2b828a7b477 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d4f3c3204c65c6f4:host:172.234.197.23	SESSION-d4f3c3204c65c6f4 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fddb1520b60b4e20:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-fddb1520b60b4e20 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.117:geo_41.02140_28.99480	host:185.231.226.117 → geo_41.02140_28.99480
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.119:asn:203771	host:31.40.196.119 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f56538a064e25a46:SESSION-f56538a064e25a46	SESSION-f56538a064e25a46 → pe:syn:SESSION-f56538a064e25a46
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8b1edba75af29ea2:host:131.196.31.228:host:172.234.197.23	SESSION-8b1edba75af29ea2 → host:131.196.31.228 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8631759e2d7ec30:host:177.10.233.185	SESSION-c8631759e2d7ec30 → host:177.10.233.185
FLOW_FROM_HOSTOBS	e:from:SESSION-27f830f77ddb5dd1:host:177.10.236.153	SESSION-27f830f77ddb5dd1 → host:177.10.236.153
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a3414b775ddfde4b:flow:1bfbe4aa0061	SESSION-a3414b775ddfde4b → flow:1bfbe4aa0061
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-195f8b2639df23c4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-195f8b2639df23c4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-8e523425c561e01e:host:172.234.197.23	SESSION-8e523425c561e01e → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.80:geo_-21.10010_-41.69200	host:45.173.156.80 → geo_-21.10010_-41.69200
flow_observed5-aryOBS	e:fo:flow:6c40783bfbe0	flow:6c40783bfbe0 → host:131.196.30.182 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-33348e69a2613db6:host:92.112.71.27	SESSION-33348e69a2613db6 → host:92.112.71.27
FLOW_TO_HOSTOBS	e:to:SESSION-517e17fbfcdc9eaf:host:172.234.197.23	SESSION-517e17fbfcdc9eaf → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:97c43f7faea6	flow:97c43f7faea6 → host:172.234.197.23 → host:177.10.232.49 → port:tcp:38756
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4002f150bb6dd768:PCAP:capture_20260430080001:93f47cc296a4	SESSION-4002f150bb6dd768 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7cd300d305b207c:host:177.10.237.129	SESSION-a7cd300d305b207c → host:177.10.237.129
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f7d282d56df8eba3:host:131.196.31.231:host:172.234.197.23	SESSION-f7d282d56df8eba3 → host:131.196.31.231 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e074701a4b6d6566:host:177.10.236.90	SESSION-e074701a4b6d6566 → host:177.10.236.90
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0f329fce2004d812:host:131.196.29.151:host:172.234.197.23	SESSION-0f329fce2004d812 → host:131.196.29.151 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36db005d6a8b5922:host:172.234.197.23	SESSION-36db005d6a8b5922 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cbc08c1422c92ccf:host:172.234.197.23	SESSION-cbc08c1422c92ccf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf679119291e5246:host:172.234.197.23	SESSION-bf679119291e5246 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-ee8b7e20de209690:SESSION-ee8b7e20de209690	SESSION-ee8b7e20de209690 → pe:dns:SESSION-ee8b7e20de209690
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3560085925cb3717:host:177.10.237.15:host:172.234.197.23	SESSION-3560085925cb3717 → host:177.10.237.15 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c422154c7899227e:host:177.10.234.192	SESSION-c422154c7899227e → host:177.10.234.192
FLOW_FROM_HOSTOBS	e:from:SESSION-596b6c60b11eaa92:host:172.234.197.23	SESSION-596b6c60b11eaa92 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20aee5a5b6e9be41:host:172.234.197.23	SESSION-20aee5a5b6e9be41 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be8cffb783bfde31:host:172.234.197.23:host:177.10.236.100	SESSION-be8cffb783bfde31 → host:172.234.197.23 → host:177.10.236.100
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f718f291e0c401d5:flow:16cd2c37ea7f	SESSION-f718f291e0c401d5 → flow:16cd2c37ea7f
flow_observed4-aryOBS	e:fo:flow:32c017fb3195	flow:32c017fb3195 → host:172.234.197.23 → host:131.196.31.229 → port:tcp:38916
FLOW_DST_PORTOBS	e:fp:flow:18b935d78c07:port:tcp:17824	flow:18b935d78c07 → port:tcp:17824
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d2c659a567a628e2:flow:5fa720d4626d	SESSION-d2c659a567a628e2 → flow:5fa720d4626d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.41:geo_-16.28860_-49.01640	host:177.10.234.41 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-910213045742f7e4:flow:0d1ed77c2d0f	SESSION-910213045742f7e4 → flow:0d1ed77c2d0f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3674a7955b512da1:host:177.10.236.117	SESSION-3674a7955b512da1 → host:177.10.236.117
FLOW_FROM_HOSTOBS	e:from:SESSION-5f56081dde23b5ed:host:131.196.29.167	SESSION-5f56081dde23b5ed → host:131.196.29.167
FLOW_DST_PORTOBS	e:fp:flow:3b4858fab774:port:tcp:443	flow:3b4858fab774 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85a8f577301970a2:PCAP:capture_20260430050001:8868731bf8a4	SESSION-85a8f577301970a2 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-23dcfe77dd45a14a:PCAP:capture_20260430160001:9bfa4498506a	SESSION-23dcfe77dd45a14a → PCAP:capture_20260430160001:9bfa4498506a
flow_observed4-aryOBS	e:fo:flow:ae9e0c134c79	flow:ae9e0c134c79 → host:172.234.197.23 → host:131.196.28.167 → port:tcp:39170
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e26c1de83807ce87:SESSION-e26c1de83807ce87	SESSION-e26c1de83807ce87 → pe:tls:SESSION-e26c1de83807ce87
flow_observed5-aryOBS	e:fo:flow:b48e7c10ecc7	flow:b48e7c10ecc7 → host:177.10.234.140 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6d659d940e075af:host:45.173.156.246	SESSION-e6d659d940e075af → host:45.173.156.246
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.177:asn:271410	host:131.196.28.177 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-314a3839bafadb97:host:172.234.197.23	SESSION-314a3839bafadb97 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-633c88960b55f389:host:172.234.197.23	SESSION-633c88960b55f389 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a5004eb3121e0f98:SESSION-a5004eb3121e0f98	SESSION-a5004eb3121e0f98 → pe:syn:SESSION-a5004eb3121e0f98
FLOW_TO_HOSTOBS	e:to:SESSION-f0b2e3019193f1ba:host:172.234.197.23	SESSION-f0b2e3019193f1ba → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-43ba6051cf9120c0:host:172.234.197.23	SESSION-43ba6051cf9120c0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-14a74b0f0f76c3f9:host:131.196.30.135	SESSION-14a74b0f0f76c3f9 → host:131.196.30.135
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9af401128ecea586:PCAP:capture_20260430070001:903a0e7a436b	SESSION-9af401128ecea586 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-114b93c0875a1701:host:172.234.197.23	SESSION-114b93c0875a1701 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3cce400dbd51	flow:3cce400dbd51 → host:69.222.187.134 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:0595b0579d8a	flow:0595b0579d8a → host:172.234.197.23 → host:131.196.30.223 → port:tcp:24582
FLOW_TO_HOSTOBS	e:to:SESSION-f18f27343d540733:host:172.234.197.23	SESSION-f18f27343d540733 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-896e151c898991bb:flow:dd092bc8f239	SESSION-896e151c898991bb → flow:dd092bc8f239
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9cb4473bd3389dab:flow:00b445dc0021	SESSION-9cb4473bd3389dab → flow:00b445dc0021
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-81a82597e7e06ed6:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-81a82597e7e06ed6 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e63bd10e327c33f1:host:177.10.238.106:host:172.234.197.23	SESSION-e63bd10e327c33f1 → host:177.10.238.106 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.111:geo_-21.10010_-41.69200	host:45.173.156.111 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a776552d0ac90a05:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-a776552d0ac90a05 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd1b98a612532c8e:host:172.234.197.23	SESSION-cd1b98a612532c8e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d0bef7920d84e31:host:172.234.197.23	SESSION-8d0bef7920d84e31 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c178d8ef65578b24:host:131.196.28.227:host:172.234.197.23	SESSION-c178d8ef65578b24 → host:131.196.28.227 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:79cc06b2667c:port:tcp:443	flow:79cc06b2667c → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-90d4f232d3edc1de:flow:9f8b2f6a6213	SESSION-90d4f232d3edc1de → flow:9f8b2f6a6213
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0efcb065a58cc475:host:177.10.235.213	SESSION-0efcb065a58cc475 → host:177.10.235.213
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dca77cba3fb011ca:PCAP:capture_20260430080001:93f47cc296a4	SESSION-dca77cba3fb011ca → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7301756ca24c49ab:SESSION-7301756ca24c49ab	SESSION-7301756ca24c49ab → pe:syn:SESSION-7301756ca24c49ab
FLOW_FROM_HOSTOBS	e:from:SESSION-7738f57138403f60:host:172.234.197.23	SESSION-7738f57138403f60 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:649c06ee489b	flow:649c06ee489b → host:172.234.197.23 → host:131.196.30.0 → port:tcp:9879
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d82ce6b730f5fc6b:host:177.10.232.22	SESSION-d82ce6b730f5fc6b → host:177.10.232.22
FLOW_DST_PORTOBS	e:fp:flow:d73b005dadbd:port:tcp:20213	flow:d73b005dadbd → port:tcp:20213
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dddaf831f2a46242:flow:9e85ef4a5e3b	SESSION-dddaf831f2a46242 → flow:9e85ef4a5e3b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6966225f20017b9e:host:177.10.236.143:host:172.234.197.23	SESSION-6966225f20017b9e → host:177.10.236.143 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1db6dc9c45987f6e:host:177.10.234.166	SESSION-1db6dc9c45987f6e → host:177.10.234.166
FLOW_FROM_HOSTOBS	e:from:SESSION-6fea2a5b83daabbc:host:177.10.232.87	SESSION-6fea2a5b83daabbc → host:177.10.232.87
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-37451ceb7f45e2a3:SESSION-37451ceb7f45e2a3	SESSION-37451ceb7f45e2a3 → pe:rst:SESSION-37451ceb7f45e2a3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e00c0cf74d0af603:host:131.196.30.19	SESSION-e00c0cf74d0af603 → host:131.196.30.19
FLOW_FROM_HOSTOBS	e:from:SESSION-5c7f3c61dd4869fc:host:131.196.31.195	SESSION-5c7f3c61dd4869fc → host:131.196.31.195
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2dd011a07497df56:SESSION-2dd011a07497df56	SESSION-2dd011a07497df56 → pe:syn:SESSION-2dd011a07497df56
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.87:asn:262880	host:177.10.234.87 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-89883827e26a2cf6:flow:85b91edb54d3	SESSION-89883827e26a2cf6 → flow:85b91edb54d3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8de6c1be9d0210fa:SESSION-8de6c1be9d0210fa	SESSION-8de6c1be9d0210fa → pe:syn:SESSION-8de6c1be9d0210fa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-06c7d2e525939bdd:SESSION-06c7d2e525939bdd	SESSION-06c7d2e525939bdd → pe:syn:SESSION-06c7d2e525939bdd
flow_observed5-aryOBS	e:fo:flow:d724b9218f6c	flow:d724b9218f6c → host:45.173.156.243 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96623b45a0a307c2:host:172.234.197.23	SESSION-96623b45a0a307c2 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.28:asn:262880	host:177.10.234.28 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.198:asn:262880	host:177.10.232.198 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:9531066988f0:port:tcp:443	flow:9531066988f0 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-27f108382ab89b5c:host:172.234.197.23:host:2.57.122.192	SESSION-27f108382ab89b5c → host:172.234.197.23 → host:2.57.122.192
flow_observed4-aryOBS	e:fo:flow:3e49d98774e6	flow:3e49d98774e6 → host:172.234.197.23 → host:177.10.236.31 → port:tcp:5125
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17133b7d31116a9e:host:172.234.197.23	SESSION-17133b7d31116a9e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-24ac712a23adf430:host:177.10.232.83	SESSION-24ac712a23adf430 → host:177.10.232.83
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c2bdd821ab6e9acc:SESSION-c2bdd821ab6e9acc	SESSION-c2bdd821ab6e9acc → pe:rst:SESSION-c2bdd821ab6e9acc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2d53672361f048e5:SESSION-2d53672361f048e5	SESSION-2d53672361f048e5 → pe:tls:SESSION-2d53672361f048e5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3cae868156d4440:host:172.234.197.23	SESSION-c3cae868156d4440 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d23179f45fe2	flow:d23179f45fe2 → host:177.10.234.137 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-884df81342ed3b04:host:172.234.197.23	SESSION-884df81342ed3b04 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-472adb1eeb20f880:SESSION-472adb1eeb20f880	SESSION-472adb1eeb20f880 → pe:tls:SESSION-472adb1eeb20f880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f67ce0567774b305:host:177.10.232.208	SESSION-f67ce0567774b305 → host:177.10.232.208
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.81:asn:271410	host:131.196.30.81 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-71d059e3750765d4:host:177.10.233.2	SESSION-71d059e3750765d4 → host:177.10.233.2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5626602f012a6e70:host:172.234.197.23:host:177.10.236.230	SESSION-5626602f012a6e70 → host:172.234.197.23 → host:177.10.236.230
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b1f8267b24b78f93:host:172.234.197.23:host:131.196.30.231	SESSION-b1f8267b24b78f93 → host:172.234.197.23 → host:131.196.30.231
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.248:geo_-21.10010_-41.69200	host:45.173.156.248 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-37a8b94aca0a72fd:SESSION-37a8b94aca0a72fd	SESSION-37a8b94aca0a72fd → pe:syn:SESSION-37a8b94aca0a72fd
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.67:geo_-23.62930_-46.63510	host:131.196.29.67 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:85bddf7d0383:port:tcp:443	flow:85bddf7d0383 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c587e64f570c8df7:host:131.196.30.214	SESSION-c587e64f570c8df7 → host:131.196.30.214
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.74:asn:262880	host:177.10.234.74 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-625fc1856b5bb87f:host:177.10.239.235:host:172.234.197.23	SESSION-625fc1856b5bb87f → host:177.10.239.235 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8982cb545b77cb1a:SESSION-8982cb545b77cb1a	SESSION-8982cb545b77cb1a → pe:syn:SESSION-8982cb545b77cb1a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db8bd5551afdaf6c:host:177.10.233.93:host:172.234.197.23	SESSION-db8bd5551afdaf6c → host:177.10.233.93 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9e2338ffc91c:port:tcp:18270	flow:9e2338ffc91c → port:tcp:18270
FLOW_FROM_HOSTOBS	e:from:SESSION-8dbd1afb05a3a814:host:172.234.197.23	SESSION-8dbd1afb05a3a814 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:34d94ae03fc0	flow:34d94ae03fc0 → host:131.196.30.222 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-9166f313177f7326:host:172.234.197.23	SESSION-9166f313177f7326 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9f7884afbce83d50:flow:06feb1171a7e	SESSION-9f7884afbce83d50 → flow:06feb1171a7e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-da14485ca0be7376:SESSION-da14485ca0be7376	SESSION-da14485ca0be7376 → pe:syn:SESSION-da14485ca0be7376
FLOW_TO_HOSTOBS	e:to:SESSION-910213045742f7e4:host:172.234.197.23	SESSION-910213045742f7e4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-537461a77052bb13:SESSION-537461a77052bb13	SESSION-537461a77052bb13 → pe:syn:SESSION-537461a77052bb13
flow_observed4-aryOBS	e:fo:flow:634f522b6025	flow:634f522b6025 → host:172.234.197.23 → host:131.196.28.176 → port:tcp:37649
FLOW_DST_PORTOBS	e:fp:flow:3915f5099d4a:port:tcp:443	flow:3915f5099d4a → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7172790c1950eaef:SESSION-7172790c1950eaef	SESSION-7172790c1950eaef → pe:tls:SESSION-7172790c1950eaef
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-528b3497658f46ec:host:172.234.197.23:host:45.173.156.116	SESSION-528b3497658f46ec → host:172.234.197.23 → host:45.173.156.116
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2eb24274e849c36c:SESSION-2eb24274e849c36c	SESSION-2eb24274e849c36c → pe:syn:SESSION-2eb24274e849c36c
FLOW_DST_PORTOBS	e:fp:flow:79fb2d904119:port:tcp:443	flow:79fb2d904119 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eecb9eac95f77073:flow:5a8fbee41652	SESSION-eecb9eac95f77073 → flow:5a8fbee41652
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4614700214209776:SESSION-4614700214209776	SESSION-4614700214209776 → pe:tls:SESSION-4614700214209776
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19e0bdfc1305c6ba:host:177.10.239.247	SESSION-19e0bdfc1305c6ba → host:177.10.239.247
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.193:asn:271410	host:131.196.28.193 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc35857ee3808de8:host:131.196.31.37:host:172.234.197.23	SESSION-cc35857ee3808de8 → host:131.196.31.37 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:c39193d67795	flow:c39193d67795 → host:103.155.16.117 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:118a054b5995:port:tcp:443	flow:118a054b5995 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e09e8a3cbea3c18a:PCAP:capture_20260430060001:919b39a74464	SESSION-e09e8a3cbea3c18a → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30052afb1f0268ab:host:95.170.25.181	SESSION-30052afb1f0268ab → host:95.170.25.181
FLOW_FROM_HOSTOBS	e:from:SESSION-38f74251dfc6c10a:host:103.155.16.117	SESSION-38f74251dfc6c10a → host:103.155.16.117
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d31138dfabe85cd6:host:131.196.30.90	SESSION-d31138dfabe85cd6 → host:131.196.30.90
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.15:geo_-16.28860_-49.01640	host:177.10.235.15 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5c9b4c9e225ad1d:host:177.10.239.11	SESSION-f5c9b4c9e225ad1d → host:177.10.239.11
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-699c907c7ac66403:host:172.234.197.23	SESSION-699c907c7ac66403 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2acb7632e6c37a6f:flow:9531066988f0	SESSION-2acb7632e6c37a6f → flow:9531066988f0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-924bf50c0164bb1b:SESSION-924bf50c0164bb1b	SESSION-924bf50c0164bb1b → pe:syn:SESSION-924bf50c0164bb1b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc060cc400f18b5d:SESSION-cc060cc400f18b5d	SESSION-cc060cc400f18b5d → pe:tls:SESSION-cc060cc400f18b5d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.30:geo_-16.28860_-49.01640	host:177.10.238.30 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:41bb63bf5f7d:port:tcp:50002	flow:41bb63bf5f7d → port:tcp:50002
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb7f3482601c970a:SESSION-cb7f3482601c970a	SESSION-cb7f3482601c970a → pe:syn:SESSION-cb7f3482601c970a
FLOW_FROM_HOSTOBS	e:from:SESSION-db0c4d22fd57aedf:host:172.234.197.23	SESSION-db0c4d22fd57aedf → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:abf52d290c72:port:tcp:80	flow:abf52d290c72 → port:tcp:80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b197d648fac856a7:SESSION-b197d648fac856a7	SESSION-b197d648fac856a7 → pe:syn:SESSION-b197d648fac856a7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c5ac08008a4ed5c1:SESSION-c5ac08008a4ed5c1	SESSION-c5ac08008a4ed5c1 → pe:tls:SESSION-c5ac08008a4ed5c1
FLOW_DST_PORTOBS	e:fp:flow:2cc478f595ba:port:tcp:443	flow:2cc478f595ba → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:677c8af1315d	flow:677c8af1315d → host:131.196.30.129 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ae8076186321ef8:flow:e8fd61411634	SESSION-8ae8076186321ef8 → flow:e8fd61411634
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7dbbf6b8420ecf88:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7dbbf6b8420ecf88 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-971b25349fba9c5b:host:172.234.197.23	SESSION-971b25349fba9c5b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-40f1f2214a3951bb:host:177.10.239.84	SESSION-40f1f2214a3951bb → host:177.10.239.84
flow_observed4-aryOBS	e:fo:flow:26e9f149e36d	flow:26e9f149e36d → host:172.234.197.23 → host:131.196.31.1 → port:tcp:48562
FLOW_FROM_HOSTOBS	e:from:SESSION-b475107bbd97ed39:host:177.10.238.250	SESSION-b475107bbd97ed39 → host:177.10.238.250
FLOW_TO_HOSTOBS	e:to:SESSION-342ba7535c6572a7:host:177.10.237.169	SESSION-342ba7535c6572a7 → host:177.10.237.169
FLOW_FROM_HOSTOBS	e:from:SESSION-cb7f3482601c970a:host:177.10.234.40	SESSION-cb7f3482601c970a → host:177.10.234.40
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8806932607856a75:host:177.10.235.190:host:172.234.197.23	SESSION-8806932607856a75 → host:177.10.235.190 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e2d293cdcc6efc8:host:172.234.197.23	SESSION-3e2d293cdcc6efc8 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.107:asn:262880	host:177.10.233.107 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-460a4898e7c07917:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-460a4898e7c07917 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a43b551ff0093c7:host:177.10.237.115	SESSION-8a43b551ff0093c7 → host:177.10.237.115
FLOW_TO_HOSTOBS	e:to:SESSION-7de8e99103378c90:host:172.232.0.16	SESSION-7de8e99103378c90 → host:172.232.0.16
FLOW_TO_HOSTOBS	e:to:SESSION-f377c5e49ededc1c:host:131.196.29.186	SESSION-f377c5e49ededc1c → host:131.196.29.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f278495c163e84d:host:172.234.197.23	SESSION-2f278495c163e84d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2be39705dda1:port:tcp:22346	flow:2be39705dda1 → port:tcp:22346
FLOW_TO_HOSTOBS	e:to:SESSION-f7b35d3dad632382:host:177.10.235.212	SESSION-f7b35d3dad632382 → host:177.10.235.212
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f76d275e2b42c8d0:host:177.10.233.230	SESSION-f76d275e2b42c8d0 → host:177.10.233.230
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c97208f3d5d9be26:flow:74f73b825bc0	SESSION-c97208f3d5d9be26 → flow:74f73b825bc0
flow_observed5-aryOBS	e:fo:flow:f6a804141977	flow:f6a804141977 → host:177.10.237.2 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-c55eb6f1c0bb6137:host:172.234.197.23	SESSION-c55eb6f1c0bb6137 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e7ad62492e870e2b:host:177.10.232.61	SESSION-e7ad62492e870e2b → host:177.10.232.61
flow_observed5-aryOBS	e:fo:flow:e2f110beb46b	flow:e2f110beb46b → host:131.196.29.93 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:f04e06be3862	flow:f04e06be3862 → host:131.196.30.8 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-106a8139a282a728:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-106a8139a282a728 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-749084d26a1fdfcc:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-749084d26a1fdfcc → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.59:asn:271410	host:131.196.28.59 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5ba8512040d3b37b:SESSION-5ba8512040d3b37b	SESSION-5ba8512040d3b37b → pe:tls:SESSION-5ba8512040d3b37b
FLOW_FROM_HOSTOBS	e:from:SESSION-975059a05a34b0ad:host:172.234.197.23	SESSION-975059a05a34b0ad → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.96:geo_-16.28860_-49.01640	host:177.10.236.96 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-698d45df22ea2a48:host:172.234.197.23:host:45.173.156.2	SESSION-698d45df22ea2a48 → host:172.234.197.23 → host:45.173.156.2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d4d0ab62891a0a5c:SESSION-d4d0ab62891a0a5c	SESSION-d4d0ab62891a0a5c → pe:tls:SESSION-d4d0ab62891a0a5c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e816643ff0559e8:host:177.10.236.206	SESSION-5e816643ff0559e8 → host:177.10.236.206
FLOW_TO_HOSTOBS	e:to:SESSION-a4ffce8b6e53dd75:host:177.10.233.67	SESSION-a4ffce8b6e53dd75 → host:177.10.233.67
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6d5e711c3b45ec85:SESSION-6d5e711c3b45ec85	SESSION-6d5e711c3b45ec85 → pe:syn:SESSION-6d5e711c3b45ec85
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-186abbea6a1cb4f5:host:92.112.71.221	SESSION-186abbea6a1cb4f5 → host:92.112.71.221
FLOW_TO_HOSTOBS	e:to:SESSION-3d2c48d2810841c0:host:177.10.234.116	SESSION-3d2c48d2810841c0 → host:177.10.234.116
FLOW_FROM_HOSTOBS	e:from:SESSION-f4d08df9b5b22c8b:host:131.196.28.60	SESSION-f4d08df9b5b22c8b → host:131.196.28.60
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-187a70856b24c84b:SESSION-187a70856b24c84b	SESSION-187a70856b24c84b → pe:syn:SESSION-187a70856b24c84b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-25103b8a97127215:host:172.234.197.23	SESSION-25103b8a97127215 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-991550775dcb0266:host:177.10.237.52:host:172.234.197.23	SESSION-991550775dcb0266 → host:177.10.237.52 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-919ba311fe0cedbc:host:172.234.197.23	SESSION-919ba311fe0cedbc → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4fd6590fe23ccd99:flow:cb2809961fc0	SESSION-4fd6590fe23ccd99 → flow:cb2809961fc0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5218a703d93123a3:host:177.10.234.36:host:172.234.197.23	SESSION-5218a703d93123a3 → host:177.10.234.36 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f21759fa00584782:host:177.10.237.227	SESSION-f21759fa00584782 → host:177.10.237.227
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.224.78.219:geo_52.51960_13.40690	host:51.224.78.219 → geo_52.51960_13.40690
FLOW_DST_PORTOBS	e:fp:flow:559fc8443a60:port:tcp:443	flow:559fc8443a60 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d87ad0ffb58b923c:host:172.234.197.23	SESSION-d87ad0ffb58b923c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d5a74cc524a51e3d:host:172.234.197.23	SESSION-d5a74cc524a51e3d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.14:asn:273470	host:45.173.156.14 → asn:273470
FLOW_DST_PORTOBS	e:fp:flow:f6a804141977:port:tcp:443	flow:f6a804141977 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-877b851a45681e10:flow:91da1e04ec80	SESSION-877b851a45681e10 → flow:91da1e04ec80
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.151:asn:262880	host:177.10.232.151 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-da15c25f39b20c68:host:177.10.234.137:host:172.234.197.23	SESSION-da15c25f39b20c68 → host:177.10.234.137 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-652478bc70a2d711:host:172.234.197.23	SESSION-652478bc70a2d711 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8feeff9d44d6e844:PCAP:capture_20260430090001:065659c7d314	SESSION-8feeff9d44d6e844 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a27e337d4c0b49f3:host:177.10.235.132	SESSION-a27e337d4c0b49f3 → host:177.10.235.132
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-669451aeea441b50:SESSION-669451aeea441b50	SESSION-669451aeea441b50 → pe:syn:SESSION-669451aeea441b50
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6e2683c2a1a03e97:SESSION-6e2683c2a1a03e97	SESSION-6e2683c2a1a03e97 → pe:tls:SESSION-6e2683c2a1a03e97
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4f016f4a38011f9c:SESSION-4f016f4a38011f9c	SESSION-4f016f4a38011f9c → pe:syn:SESSION-4f016f4a38011f9c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e4e6682786f65470:host:177.10.234.176	SESSION-e4e6682786f65470 → host:177.10.234.176
FLOW_FROM_HOSTOBS	e:from:SESSION-a139b1df55cde4d7:host:172.234.197.23	SESSION-a139b1df55cde4d7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d6e3c617395c3b07:host:172.234.197.23	SESSION-d6e3c617395c3b07 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7b7470a9d5ba162:flow:a180cbe63e4a	SESSION-b7b7470a9d5ba162 → flow:a180cbe63e4a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e7341740ccb6f292:SESSION-e7341740ccb6f292	SESSION-e7341740ccb6f292 → pe:syn:SESSION-e7341740ccb6f292
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.124:geo_-16.28860_-49.01640	host:177.10.237.124 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:3f379966fef2:port:tcp:443	flow:3f379966fef2 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:e10a87de0ef0	flow:e10a87de0ef0 → host:177.10.238.235 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:7672d031626b	flow:7672d031626b → host:172.234.197.23 → host:131.196.30.183 → port:tcp:52496
FLOW_DST_PORTOBS	e:fp:flow:1ef21b7a0702:port:tcp:443	flow:1ef21b7a0702 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d0153bfe1e0550f7:SESSION-d0153bfe1e0550f7	SESSION-d0153bfe1e0550f7 → pe:tls:SESSION-d0153bfe1e0550f7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bee41282d03c4eb5:PCAP:capture_20260430060001:919b39a74464	SESSION-bee41282d03c4eb5 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-256da911109eccd4:host:172.234.197.23:host:177.10.235.122	SESSION-256da911109eccd4 → host:172.234.197.23 → host:177.10.235.122
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cd13e266b02b3087:PCAP:capture_20260430090001:065659c7d314	SESSION-cd13e266b02b3087 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e73771addca62c13:SESSION-e73771addca62c13	SESSION-e73771addca62c13 → pe:tls:SESSION-e73771addca62c13
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f997fef874b1b1e:host:172.234.197.23	SESSION-2f997fef874b1b1e → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a0836fcd7bb1	flow:a0836fcd7bb1 → host:172.234.197.23 → host:177.10.234.109 → port:tcp:52981
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86a02a9ab2988acd:host:172.234.197.23	SESSION-86a02a9ab2988acd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0bc55e1159bab546:host:131.196.30.73	SESSION-0bc55e1159bab546 → host:131.196.30.73
FLOW_DST_PORTOBS	e:fp:flow:009306c88cc6:port:tcp:443	flow:009306c88cc6 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-9a9df261a7287913:host:172.234.197.23	SESSION-9a9df261a7287913 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3483d96fbaf632b7:host:172.234.197.23	SESSION-3483d96fbaf632b7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f4e3933219f15471:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f4e3933219f15471 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9a24e91c66cf817:host:177.10.236.218	SESSION-f9a24e91c66cf817 → host:177.10.236.218
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:56.112.16.196:geo_51.05000_-114.08790	host:56.112.16.196 → geo_51.05000_-114.08790
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e2676dbc5b99ef14:flow:8c48fea8e45c	SESSION-e2676dbc5b99ef14 → flow:8c48fea8e45c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7661066332b8e82:flow:24c15ddb7f04	SESSION-b7661066332b8e82 → flow:24c15ddb7f04
FLOW_FROM_HOSTOBS	e:from:SESSION-03f7a565a7cd59d8:host:199.195.254.215	SESSION-03f7a565a7cd59d8 → host:199.195.254.215
flow_observed5-aryOBS	e:fo:flow:6e9481ef537b	flow:6e9481ef537b → host:177.10.237.151 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-60281e53e47bfb2b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-60281e53e47bfb2b → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bcd94ff2cea5ca72:SESSION-bcd94ff2cea5ca72	SESSION-bcd94ff2cea5ca72 → pe:syn:SESSION-bcd94ff2cea5ca72
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.126:asn:271410	host:131.196.29.126 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-049aa291881e8f8b:flow:840025b64f04	SESSION-049aa291881e8f8b → flow:840025b64f04
FLOW_TO_HOSTOBS	e:to:SESSION-c8a52e21a979a3cd:host:172.234.197.23	SESSION-c8a52e21a979a3cd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-996af5414634114f:SESSION-996af5414634114f	SESSION-996af5414634114f → pe:tls:SESSION-996af5414634114f
FLOW_TO_HOSTOBS	e:to:SESSION-07d653be0b30b2f4:host:172.234.197.23	SESSION-07d653be0b30b2f4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:77891346ee5e:port:tcp:32486	flow:77891346ee5e → port:tcp:32486
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-59a5b7880376a89f:PCAP:capture_20260428010001:b1b402c7b202	SESSION-59a5b7880376a89f → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68f16c2935c85e73:flow:615fb32b3639	SESSION-68f16c2935c85e73 → flow:615fb32b3639
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e6bf46c9eec8f990:SESSION-e6bf46c9eec8f990	SESSION-e6bf46c9eec8f990 → pe:syn:SESSION-e6bf46c9eec8f990
FLOW_TO_HOSTOBS	e:to:SESSION-19e0bdfc1305c6ba:host:172.234.197.23	SESSION-19e0bdfc1305c6ba → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-295c5f4e2a8126b8:host:177.10.233.58:host:172.234.197.23	SESSION-295c5f4e2a8126b8 → host:177.10.233.58 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:68f66f8b2561:port:tcp:443	flow:68f66f8b2561 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d5d249db6ec3f34e:flow:8a86df2a5d76	SESSION-d5d249db6ec3f34e → flow:8a86df2a5d76
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-338b64f691539afb:host:172.234.197.23	SESSION-338b64f691539afb → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-117c00f29ed332ce:PCAP:capture_20260430050001:8868731bf8a4	SESSION-117c00f29ed332ce → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9b30dbd402b74df1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9b30dbd402b74df1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8405fabd9aa330c8:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-8405fabd9aa330c8 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-393eb1cd54ab212e:host:177.10.232.168	SESSION-393eb1cd54ab212e → host:177.10.232.168
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.26:asn:203771	host:31.40.196.26 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:c6498c0f7263:port:tcp:443	flow:c6498c0f7263 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a9091855f21b6bb:flow:ed3aea9970ac	SESSION-0a9091855f21b6bb → flow:ed3aea9970ac
flow_observed5-aryOBS	e:fo:flow:a94ed5a3e04e	flow:a94ed5a3e04e → host:177.10.234.96 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-adbb0156eea80d2f:host:37.27.162.26	SESSION-adbb0156eea80d2f → host:37.27.162.26
flow_observed5-aryOBS	e:fo:flow:62b620dd6ffc	flow:62b620dd6ffc → host:195.154.100.87 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d79f2acd73027b39:host:177.10.238.57:host:172.234.197.23	SESSION-d79f2acd73027b39 → host:177.10.238.57 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.3:geo_-16.28860_-49.01640	host:177.10.233.3 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-ef46e42b79ae57cb:host:177.10.239.219	SESSION-ef46e42b79ae57cb → host:177.10.239.219
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7caa5c0db9dc8d4:flow:bc8c7b2b51da	SESSION-b7caa5c0db9dc8d4 → flow:bc8c7b2b51da
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bd728e6d9f0647f9:flow:e8a892fc5820	SESSION-bd728e6d9f0647f9 → flow:e8a892fc5820
flow_observed5-aryOBS	e:fo:flow:0c59e28f7820	flow:0c59e28f7820 → host:51.75.171.21 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:ede30feb887b	flow:ede30feb887b → host:177.10.237.27 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-30195220eb2aa3f5:PCAP:capture_20260430110001:43611bdf6759	SESSION-30195220eb2aa3f5 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:ddf14cd5aa65:port:tcp:443	flow:ddf14cd5aa65 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8189545896e60c84:SESSION-8189545896e60c84	SESSION-8189545896e60c84 → pe:syn:SESSION-8189545896e60c84
FLOW_FROM_HOSTOBS	e:from:SESSION-6d74877df7cdd5d7:host:45.173.156.220	SESSION-6d74877df7cdd5d7 → host:45.173.156.220
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.225:asn:262880	host:177.10.232.225 → asn:262880
flow_observed5-aryOBS	e:fo:flow:405ff612403a	flow:405ff612403a → host:177.10.239.82 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f7bf570ae8905fff:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f7bf570ae8905fff → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d147f8cae941ed80:flow:96df7cf294bd	SESSION-d147f8cae941ed80 → flow:96df7cf294bd
FLOW_DST_PORTOBS	e:fp:flow:84e94b5b7e79:port:tcp:443	flow:84e94b5b7e79 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b0fc61bce823543f:SESSION-b0fc61bce823543f	SESSION-b0fc61bce823543f → pe:tls:SESSION-b0fc61bce823543f
FLOW_TO_HOSTOBS	e:to:SESSION-0553c47d8718786a:host:172.234.197.23	SESSION-0553c47d8718786a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-122c6042cd97886a:SESSION-122c6042cd97886a	SESSION-122c6042cd97886a → pe:tls:SESSION-122c6042cd97886a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ab55f3989857eec:host:172.234.197.23	SESSION-9ab55f3989857eec → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ab81c1372abfe2ce:host:177.10.237.82	SESSION-ab81c1372abfe2ce → host:177.10.237.82
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9f2c14118785728f:host:172.234.197.23:host:131.196.31.156	SESSION-9f2c14118785728f → host:172.234.197.23 → host:131.196.31.156
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8b082affabc66a77:SESSION-8b082affabc66a77	SESSION-8b082affabc66a77 → pe:tls:SESSION-8b082affabc66a77
FLOW_TO_HOSTOBS	e:to:SESSION-4bee67245b0f1ffd:host:172.234.197.23	SESSION-4bee67245b0f1ffd → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-770902b82fea5ce5:host:177.10.235.75:host:172.234.197.23	SESSION-770902b82fea5ce5 → host:177.10.235.75 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e317ac68355a	flow:e317ac68355a → host:177.10.238.29 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96cc205c664fccab:host:172.234.197.23	SESSION-96cc205c664fccab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd7be5606f48437f:host:172.234.197.23	SESSION-dd7be5606f48437f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ac8c6259f880:port:tcp:443	flow:ac8c6259f880 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-63be833bbb100650:SESSION-63be833bbb100650	SESSION-63be833bbb100650 → pe:syn:SESSION-63be833bbb100650
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.62:geo_-16.28860_-49.01640	host:177.10.238.62 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:f1090b78c826	flow:f1090b78c826 → host:177.10.236.27 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-871dd8a53b87e11e:host:177.10.234.121	SESSION-871dd8a53b87e11e → host:177.10.234.121
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e5eab3f22e87eb3f:host:45.173.156.147:host:172.234.197.23	SESSION-e5eab3f22e87eb3f → host:45.173.156.147 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e7ccd5c552e41a1:host:172.234.197.23:host:177.10.239.200	SESSION-7e7ccd5c552e41a1 → host:172.234.197.23 → host:177.10.239.200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7cb141c8461d1a4d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7cb141c8461d1a4d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-da3b2b353303e8e1:SESSION-da3b2b353303e8e1	SESSION-da3b2b353303e8e1 → pe:syn:SESSION-da3b2b353303e8e1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.61:geo_-21.10010_-41.69200	host:45.173.156.61 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d31138dfabe85cd6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d31138dfabe85cd6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55794f9e7b1a9e7f:host:177.10.234.250	SESSION-55794f9e7b1a9e7f → host:177.10.234.250
FLOW_TO_HOSTOBS	e:to:SESSION-3056fcd37df4e63f:host:172.234.197.23	SESSION-3056fcd37df4e63f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c47767899447038:host:172.234.197.23	SESSION-1c47767899447038 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:195.20.104.8:geo_50.85090_4.34470	host:195.20.104.8 → geo_50.85090_4.34470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96eb62897cd314d5:flow:6b27cbf98b5b	SESSION-96eb62897cd314d5 → flow:6b27cbf98b5b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3fb8ed1fbc81e736:SESSION-3fb8ed1fbc81e736	SESSION-3fb8ed1fbc81e736 → pe:syn:SESSION-3fb8ed1fbc81e736
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51cdac11b30f43cf:host:177.10.235.170:host:172.234.197.23	SESSION-51cdac11b30f43cf → host:177.10.235.170 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1a52ffd6f24f0f87:host:172.234.197.23	SESSION-1a52ffd6f24f0f87 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-314616832d67d639:host:172.234.197.23	SESSION-314616832d67d639 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.131:geo_-16.28860_-49.01640	host:177.10.235.131 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:b1606163ab99:port:tcp:443	flow:b1606163ab99 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:611c62356d76	flow:611c62356d76 → host:95.135.228.39 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-794cf5b08878bd55:flow:af2b39367810	SESSION-794cf5b08878bd55 → flow:af2b39367810
FLOW_TO_HOSTOBS	e:to:SESSION-14a60b0039fa135f:host:131.196.30.104	SESSION-14a60b0039fa135f → host:131.196.30.104
FLOW_DST_PORTOBS	e:fp:flow:03f0c9cd6d0d:port:tcp:443	flow:03f0c9cd6d0d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d47b3cf0d6133fea:host:177.10.236.21	SESSION-d47b3cf0d6133fea → host:177.10.236.21
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8417ba17d1562cbc:flow:50ce6e39fbb4	SESSION-8417ba17d1562cbc → flow:50ce6e39fbb4
flow_observed5-aryOBS	e:fo:flow:f939f17e17be	flow:f939f17e17be → host:177.10.236.231 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4d3ca4dbaf4c9647:flow:d7065e22830f	SESSION-4d3ca4dbaf4c9647 → flow:d7065e22830f
FLOW_TO_HOSTOBS	e:to:SESSION-4066f36b6ded169d:host:172.234.197.23	SESSION-4066f36b6ded169d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:389266da0192:port:tcp:443	flow:389266da0192 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-d8cc052a984adc75:host:172.234.197.23	SESSION-d8cc052a984adc75 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f7bf570ae8905fff:host:57.128.95.181	SESSION-f7bf570ae8905fff → host:57.128.95.181
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.69:asn:271410	host:131.196.31.69 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.88:geo_-16.28860_-49.01640	host:177.10.234.88 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-338820b1c26f8211:host:172.234.197.23	SESSION-338820b1c26f8211 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-87bc9df611d2f97d:host:172.234.197.23	SESSION-87bc9df611d2f97d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f580776b9a7f0d25:host:177.10.239.254:host:172.234.197.23	SESSION-f580776b9a7f0d25 → host:177.10.239.254 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-56ec76ae342b7ee6:PCAP:capture_20260430160001:9bfa4498506a	SESSION-56ec76ae342b7ee6 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-28d97429831b8272:flow:38f8530d2430	SESSION-28d97429831b8272 → flow:38f8530d2430
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e6d659d940e075af:host:172.234.197.23:host:45.173.156.246	SESSION-e6d659d940e075af → host:172.234.197.23 → host:45.173.156.246
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c21627d8f6f11a27:host:177.10.235.125	SESSION-c21627d8f6f11a27 → host:177.10.235.125
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f98b72d4ec65d75:host:177.10.234.248	SESSION-8f98b72d4ec65d75 → host:177.10.234.248
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-794cf5b08878bd55:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-794cf5b08878bd55 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.47:geo_-23.62930_-46.63510	host:131.196.31.47 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:41875790e99e:port:tcp:80	flow:41875790e99e → port:tcp:80
FLOW_TO_HOSTOBS	e:to:SESSION-aa26c3a0a6de1666:host:172.234.197.23	SESSION-aa26c3a0a6de1666 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ee9fbb8d7f6cf47b:host:177.10.239.149	SESSION-ee9fbb8d7f6cf47b → host:177.10.239.149
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c9d9495404a53bc0:SESSION-c9d9495404a53bc0	SESSION-c9d9495404a53bc0 → pe:syn:SESSION-c9d9495404a53bc0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-27536868d2d29d68:flow:b247e5ff1470	SESSION-27536868d2d29d68 → flow:b247e5ff1470
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.234:geo_-23.62930_-46.63510	host:131.196.31.234 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-854a13cbd553e198:host:172.234.197.23	SESSION-854a13cbd553e198 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d71b1c3263a1	flow:d71b1c3263a1 → host:131.196.30.162 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf1647bbc272aaf8:flow:5bf9ff58b9e3	SESSION-bf1647bbc272aaf8 → flow:5bf9ff58b9e3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c2bdd821ab6e9acc:SESSION-c2bdd821ab6e9acc	SESSION-c2bdd821ab6e9acc → pe:tls:SESSION-c2bdd821ab6e9acc
FLOW_DST_PORTOBS	e:fp:flow:53d8d2b8abb3:port:tcp:443	flow:53d8d2b8abb3 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed55c24c9ffd87b5:host:172.234.197.23	SESSION-ed55c24c9ffd87b5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1228b317d5ce27b4:flow:f2a3fd514057	SESSION-1228b317d5ce27b4 → flow:f2a3fd514057
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4992d20c4573840:host:94.130.10.221:host:172.234.197.23	SESSION-d4992d20c4573840 → host:94.130.10.221 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6459c4621d226611:flow:450566424628	SESSION-6459c4621d226611 → flow:450566424628
FLOW_FROM_HOSTOBS	e:from:SESSION-b9a69c63a7b588de:host:131.196.31.151	SESSION-b9a69c63a7b588de → host:131.196.31.151
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8f16f611b98ecbfd:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8f16f611b98ecbfd → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-de23fe28677c4a6e:SESSION-de23fe28677c4a6e	SESSION-de23fe28677c4a6e → pe:tls:SESSION-de23fe28677c4a6e
FLOW_TO_HOSTOBS	e:to:SESSION-c54c8f2f9fead0c6:host:177.10.235.161	SESSION-c54c8f2f9fead0c6 → host:177.10.235.161
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e4ae2c6ddba3051:host:177.10.235.158:host:172.234.197.23	SESSION-7e4ae2c6ddba3051 → host:177.10.235.158 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9af401128ecea586:flow:7ec4606e67d3	SESSION-9af401128ecea586 → flow:7ec4606e67d3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c15e0230f45f826:host:177.10.234.113	SESSION-6c15e0230f45f826 → host:177.10.234.113
flow_observed5-aryOBS	e:fo:flow:63ab8c619855	flow:63ab8c619855 → host:177.10.239.205 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-189d055e7be1f56c:host:177.10.234.166:host:172.234.197.23	SESSION-189d055e7be1f56c → host:177.10.234.166 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:32b2fdbd6001	flow:32b2fdbd6001 → host:177.10.233.42 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-05ec7baf0d99b24d:host:177.10.238.122:host:172.234.197.23	SESSION-05ec7baf0d99b24d → host:177.10.238.122 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-662271688fa2b491:flow:e19ca5ebb171	SESSION-662271688fa2b491 → flow:e19ca5ebb171
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8c94fcea26d4cb3:SESSION-c8c94fcea26d4cb3	SESSION-c8c94fcea26d4cb3 → pe:tls:SESSION-c8c94fcea26d4cb3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-292edad33ae38c98:SESSION-292edad33ae38c98	SESSION-292edad33ae38c98 → pe:tls:SESSION-292edad33ae38c98
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c85a65cf2db0ee65:flow:6d6065168bb6	SESSION-c85a65cf2db0ee65 → flow:6d6065168bb6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e5490e36eb363059:host:177.10.234.186:host:172.234.197.23	SESSION-e5490e36eb363059 → host:177.10.234.186 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd13e266b02b3087:host:172.234.197.23	SESSION-cd13e266b02b3087 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ef849695f946a5ec:host:172.234.197.23	SESSION-ef849695f946a5ec → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-381f999774715cfc:SESSION-381f999774715cfc	SESSION-381f999774715cfc → pe:tls:SESSION-381f999774715cfc
FLOW_DST_PORTOBS	e:fp:flow:d91049f8faa7:port:tcp:80	flow:d91049f8faa7 → port:tcp:80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-534aae6aa0ff39bc:SESSION-534aae6aa0ff39bc	SESSION-534aae6aa0ff39bc → pe:syn:SESSION-534aae6aa0ff39bc
FLOW_DST_PORTOBS	e:fp:flow:e761c4d086a3:port:tcp:443	flow:e761c4d086a3 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bb3f1e71e19d60be:SESSION-bb3f1e71e19d60be	SESSION-bb3f1e71e19d60be → pe:syn:SESSION-bb3f1e71e19d60be
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c2bde5ab088d2882:flow:eadceaa402ba	SESSION-c2bde5ab088d2882 → flow:eadceaa402ba
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65316f3920c6d168:flow:982c682e252c	SESSION-65316f3920c6d168 → flow:982c682e252c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a27e337d4c0b49f3:SESSION-a27e337d4c0b49f3	SESSION-a27e337d4c0b49f3 → pe:syn:SESSION-a27e337d4c0b49f3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6fdc52c769919c0f:host:172.234.197.23	SESSION-6fdc52c769919c0f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-81c8b3fdf002e09e:SESSION-81c8b3fdf002e09e	SESSION-81c8b3fdf002e09e → pe:tls:SESSION-81c8b3fdf002e09e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9af6eb1ce6cb824f:SESSION-9af6eb1ce6cb824f	SESSION-9af6eb1ce6cb824f → pe:syn:SESSION-9af6eb1ce6cb824f
FLOW_DST_PORTOBS	e:fp:flow:c01c58d7db69:port:tcp:443	flow:c01c58d7db69 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:594889790177:port:tcp:56567	flow:594889790177 → port:tcp:56567
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b8a147e2e8b42f79:flow:754fbbf1532a	SESSION-b8a147e2e8b42f79 → flow:754fbbf1532a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-461eadc2db19418d:SESSION-461eadc2db19418d	SESSION-461eadc2db19418d → pe:syn:SESSION-461eadc2db19418d
FLOW_DST_PORTOBS	e:fp:flow:d46d851df776:port:tcp:6678	flow:d46d851df776 → port:tcp:6678
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d8432ee5dd236020:host:51.75.171.21:host:172.234.197.23	SESSION-d8432ee5dd236020 → host:51.75.171.21 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6e708c58166944fb:host:131.196.31.2:host:172.234.197.23	SESSION-6e708c58166944fb → host:131.196.31.2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4341cc9426e2382:host:177.10.238.171:host:172.234.197.23	SESSION-d4341cc9426e2382 → host:177.10.238.171 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.22:geo_-16.28860_-49.01640	host:177.10.234.22 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a83465e2bbc20296:host:131.196.28.234:host:172.234.197.23	SESSION-a83465e2bbc20296 → host:131.196.28.234 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0b5f77768a227f3c:host:177.10.237.212:host:172.234.197.23	SESSION-0b5f77768a227f3c → host:177.10.237.212 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6394463f1caee3eb:host:177.10.232.207	SESSION-6394463f1caee3eb → host:177.10.232.207
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.144:asn:262880	host:177.10.234.144 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0f4fd2f0020968b3:host:45.173.156.124:host:172.234.197.23	SESSION-0f4fd2f0020968b3 → host:45.173.156.124 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:00e85a80309b:port:tcp:443	flow:00e85a80309b → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5cf2fdb6c848ac6c:host:131.196.29.91:host:172.234.197.23	SESSION-5cf2fdb6c848ac6c → host:131.196.29.91 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.101:geo_-23.62930_-46.63510	host:131.196.28.101 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4faf0bdb2ec15f7a:flow:b78a88d97420	SESSION-4faf0bdb2ec15f7a → flow:b78a88d97420
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aab351c0be27393b:host:131.196.29.96	SESSION-aab351c0be27393b → host:131.196.29.96
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5712989ddbf4728b:SESSION-5712989ddbf4728b	SESSION-5712989ddbf4728b → pe:syn:SESSION-5712989ddbf4728b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6af366568a421f52:host:172.234.197.23:host:131.196.31.74	SESSION-6af366568a421f52 → host:172.234.197.23 → host:131.196.31.74
FLOW_TO_HOSTOBS	e:to:SESSION-33fdac1ad6f47ac8:host:172.234.197.23	SESSION-33fdac1ad6f47ac8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1f7e754d6e2c	flow:1f7e754d6e2c → host:199.16.157.181 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8fbacc1128a5208:host:177.10.237.118	SESSION-c8fbacc1128a5208 → host:177.10.237.118
FLOW_DST_PORTOBS	e:fp:flow:3882f120ecd6:port:tcp:11335	flow:3882f120ecd6 → port:tcp:11335
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-733b7037c38abbcf:flow:a61ffb582cb9	SESSION-733b7037c38abbcf → flow:a61ffb582cb9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb20cb96e066d018:host:177.10.237.80	SESSION-fb20cb96e066d018 → host:177.10.237.80
FLOW_FROM_HOSTOBS	e:from:SESSION-d678c7d14c2f15db:host:172.234.197.23	SESSION-d678c7d14c2f15db → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.218:geo_-16.28860_-49.01640	host:177.10.235.218 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.246:asn:262880	host:177.10.238.246 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dd9f2ee14ec6ee20:SESSION-dd9f2ee14ec6ee20	SESSION-dd9f2ee14ec6ee20 → pe:tls:SESSION-dd9f2ee14ec6ee20
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f158e3bc319e69c7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f158e3bc319e69c7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2a0d556a7af957b2:host:131.196.30.194:host:172.234.197.23	SESSION-2a0d556a7af957b2 → host:131.196.30.194 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4467f1177f09:port:tcp:443	flow:4467f1177f09 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ab20216cf3eeb0ee:flow:d2dfda47f669	SESSION-ab20216cf3eeb0ee → flow:d2dfda47f669
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:44.247.223.188:geo_45.84010_-119.70500	host:44.247.223.188 → geo_45.84010_-119.70500
FLOW_DST_PORTOBS	e:fp:flow:441c2d4dbbd9:port:tcp:443	flow:441c2d4dbbd9 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-9d0657eb87257c08:host:172.234.197.23	SESSION-9d0657eb87257c08 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b869e54127ed	flow:b869e54127ed → host:172.234.197.23 → host:177.10.239.51 → port:tcp:2781
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8cf04cf372371106:SESSION-8cf04cf372371106	SESSION-8cf04cf372371106 → pe:tls:SESSION-8cf04cf372371106
flow_observed5-aryOBS	e:fo:flow:59800b6629fc	flow:59800b6629fc → host:177.10.238.183 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed3-aryOBS	e:fo:flow:bc4bf615db56	flow:bc4bf615db56 → host:44.243.2.252 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.90:geo_-16.28860_-49.01640	host:177.10.239.90 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f1e9c5398b5e18f4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f1e9c5398b5e18f4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73ad5b34385541ce:host:172.234.197.23	SESSION-73ad5b34385541ce → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-21cca31493e9287d:host:172.234.197.23	SESSION-21cca31493e9287d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f482eb7fd49a3f1b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-f482eb7fd49a3f1b → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:1a0170e3adc5:port:tcp:15097	flow:1a0170e3adc5 → port:tcp:15097
FLOW_DST_PORTOBS	e:fp:flow:1df367a3fbb6:port:tcp:443	flow:1df367a3fbb6 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-352a47a3f8b3882e:host:172.234.197.23	SESSION-352a47a3f8b3882e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-742c2d67dec63a6f:SESSION-742c2d67dec63a6f	SESSION-742c2d67dec63a6f → pe:syn:SESSION-742c2d67dec63a6f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b82d9882ea505987:flow:24a446a92f0d	SESSION-b82d9882ea505987 → flow:24a446a92f0d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-835226e6e5119935:host:45.173.156.60	SESSION-835226e6e5119935 → host:45.173.156.60
FLOW_TO_HOSTOBS	e:to:SESSION-2a0d556a7af957b2:host:172.234.197.23	SESSION-2a0d556a7af957b2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e4f9227bbb6fbbfc:host:131.196.31.5	SESSION-e4f9227bbb6fbbfc → host:131.196.31.5
flow_observed5-aryOBS	e:fo:flow:06b5920360d2	flow:06b5920360d2 → host:37.27.162.26 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b69e4016453478aa:host:172.234.197.23	SESSION-b69e4016453478aa → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.104:geo_-23.62930_-46.63510	host:131.196.31.104 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:1b8121d22a93:port:tcp:40765	flow:1b8121d22a93 → port:tcp:40765
FLOW_TO_HOSTOBS	e:to:SESSION-b7037fa1e0334ef5:host:172.234.197.23	SESSION-b7037fa1e0334ef5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d467c8665ef34f6a:SESSION-d467c8665ef34f6a	SESSION-d467c8665ef34f6a → pe:syn:SESSION-d467c8665ef34f6a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c21445b24cd8699:host:172.234.197.23	SESSION-1c21445b24cd8699 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8d2a460a472c4c29:host:172.234.197.23	SESSION-8d2a460a472c4c29 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7d87083f9dd8844d:host:172.234.197.23	SESSION-7d87083f9dd8844d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f9ee22ced6a72efa:host:131.196.30.3	SESSION-f9ee22ced6a72efa → host:131.196.30.3
FLOW_DST_PORTOBS	e:fp:flow:fda4ef846e29:port:tcp:39993	flow:fda4ef846e29 → port:tcp:39993
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.82:geo_-16.28860_-49.01640	host:177.10.232.82 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:a3391bc3a0b3:port:tcp:41813	flow:a3391bc3a0b3 → port:tcp:41813
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7aa94b5f9268de0:host:177.10.236.180	SESSION-a7aa94b5f9268de0 → host:177.10.236.180
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.78:geo_-16.28860_-49.01640	host:177.10.234.78 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-be8cffb783bfde31:host:177.10.236.100	SESSION-be8cffb783bfde31 → host:177.10.236.100
FLOW_TO_HOSTOBS	e:to:SESSION-b7b7470a9d5ba162:host:177.10.237.127	SESSION-b7b7470a9d5ba162 → host:177.10.237.127
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f2aa671fdac09172:SESSION-f2aa671fdac09172	SESSION-f2aa671fdac09172 → pe:tls:SESSION-f2aa671fdac09172
FLOW_FROM_HOSTOBS	e:from:SESSION-5adf4423481534a6:host:172.234.197.23	SESSION-5adf4423481534a6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0532a1c12e883894:SESSION-0532a1c12e883894	SESSION-0532a1c12e883894 → pe:tls:SESSION-0532a1c12e883894
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b99a2a75b4ae9e98:PCAP:capture_20260430150001:ded20914761d	SESSION-b99a2a75b4ae9e98 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cfdf42e58546762b:host:131.196.31.235	SESSION-cfdf42e58546762b → host:131.196.31.235
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.176:geo_41.00190_28.96450	host:92.112.71.176 → geo_41.00190_28.96450
FLOW_TO_HOSTOBS	e:to:SESSION-003677474853cb22:host:172.234.197.23	SESSION-003677474853cb22 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a810a8703b9c77f1:host:172.234.197.23	SESSION-a810a8703b9c77f1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bc9c57ce6bc30045:PCAP:capture_20260430060001:919b39a74464	SESSION-bc9c57ce6bc30045 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7678ab8e642a5a2a:SESSION-7678ab8e642a5a2a	SESSION-7678ab8e642a5a2a → pe:tls:SESSION-7678ab8e642a5a2a
FLOW_FROM_HOSTOBS	e:from:SESSION-de8058bfaf7cddb8:host:177.10.237.97	SESSION-de8058bfaf7cddb8 → host:177.10.237.97
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-af4f3fe4058b61ab:flow:d8b43bd836a1	SESSION-af4f3fe4058b61ab → flow:d8b43bd836a1
FLOW_FROM_HOSTOBS	e:from:SESSION-5a631db0468c49ef:host:172.234.197.23	SESSION-5a631db0468c49ef → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1c21073699e99172:host:131.196.30.106	SESSION-1c21073699e99172 → host:131.196.30.106
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7601ec92d63a89e6:SESSION-7601ec92d63a89e6	SESSION-7601ec92d63a89e6 → pe:tls:SESSION-7601ec92d63a89e6
FLOW_DST_PORTOBS	e:fp:flow:c06629cf706b:port:tcp:21449	flow:c06629cf706b → port:tcp:21449
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e035a13399d76ad4:flow:afb4988040a5	SESSION-e035a13399d76ad4 → flow:afb4988040a5
FLOW_DST_PORTOBS	e:fp:flow:ffb54c9ed747:port:tcp:23614	flow:ffb54c9ed747 → port:tcp:23614
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-200e4a8806f83581:host:45.145.152.178:host:172.234.197.23	SESSION-200e4a8806f83581 → host:45.145.152.178 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:ee9802fd094f	flow:ee9802fd094f → host:172.234.197.23 → host:177.10.238.70 → port:tcp:12875
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef46e42b79ae57cb:host:177.10.239.219	SESSION-ef46e42b79ae57cb → host:177.10.239.219
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e626c78b08de0a8b:SESSION-e626c78b08de0a8b	SESSION-e626c78b08de0a8b → pe:syn:SESSION-e626c78b08de0a8b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8b61fb09d40ad349:host:172.234.197.23:host:177.10.234.71	SESSION-8b61fb09d40ad349 → host:172.234.197.23 → host:177.10.234.71
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-84186d30322c849e:SESSION-84186d30322c849e	SESSION-84186d30322c849e → pe:syn:SESSION-84186d30322c849e
flow_observed5-aryOBS	e:fo:flow:d62a35c09585	flow:d62a35c09585 → host:131.196.30.224 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-0bf80193393b0fad:host:172.234.197.23	SESSION-0bf80193393b0fad → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.1:geo_-23.62930_-46.63510	host:131.196.31.1 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cbc4338326105aa3:host:172.234.197.23	SESSION-cbc4338326105aa3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-da8ba1d6891d9574:host:172.234.197.23	SESSION-da8ba1d6891d9574 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:67397cae3e03	flow:67397cae3e03 → host:172.234.197.23 → host:177.10.239.102 → port:tcp:65116
FLOW_TO_HOSTOBS	e:to:SESSION-99c8a38ab4cce90e:host:172.234.197.23	SESSION-99c8a38ab4cce90e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-51cc268447a19ae7:SESSION-51cc268447a19ae7	SESSION-51cc268447a19ae7 → pe:syn:SESSION-51cc268447a19ae7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e5c0136d660133a:host:177.10.237.216	SESSION-5e5c0136d660133a → host:177.10.237.216
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.176:geo_-23.62930_-46.63510	host:131.196.28.176 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b25c94efbacaf7d7:SESSION-b25c94efbacaf7d7	SESSION-b25c94efbacaf7d7 → pe:syn:SESSION-b25c94efbacaf7d7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ed610f5ec8b698f6:SESSION-ed610f5ec8b698f6	SESSION-ed610f5ec8b698f6 → pe:syn:SESSION-ed610f5ec8b698f6
flow_observed5-aryOBS	e:fo:flow:7aadf75473fd	flow:7aadf75473fd → host:177.10.236.156 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-23efb1317beab0b3:host:172.234.197.23	SESSION-23efb1317beab0b3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c6cb018cbd8a763:host:172.234.197.23	SESSION-0c6cb018cbd8a763 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-306afa7fa31a1f87:host:172.234.197.23	SESSION-306afa7fa31a1f87 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.55:asn:203771	host:37.221.79.55 → asn:203771
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.219:asn:262880	host:177.10.239.219 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.6:asn:271410	host:131.196.31.6 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.236:asn:273470	host:45.173.156.236 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0caa41ae62241956:flow:32adc553baea	SESSION-0caa41ae62241956 → flow:32adc553baea
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.14:geo_-23.62930_-46.63510	host:131.196.31.14 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4886aa3300be1da9:SESSION-4886aa3300be1da9	SESSION-4886aa3300be1da9 → pe:syn:SESSION-4886aa3300be1da9
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.29:asn:273470	host:45.173.156.29 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3b8a5f0932f0fd6d:host:88.99.91.59:host:172.234.197.23	SESSION-3b8a5f0932f0fd6d → host:88.99.91.59 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.29:geo_-16.28860_-49.01640	host:177.10.236.29 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-255149252f7b9c37:host:177.10.233.66	SESSION-255149252f7b9c37 → host:177.10.233.66
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0ea34ef73cf330d2:SESSION-0ea34ef73cf330d2	SESSION-0ea34ef73cf330d2 → pe:tls:SESSION-0ea34ef73cf330d2
FLOW_TO_HOSTOBS	e:to:SESSION-9e540dbaefa45433:host:177.10.234.96	SESSION-9e540dbaefa45433 → host:177.10.234.96
FLOW_FROM_HOSTOBS	e:from:SESSION-06b5f759c1748871:host:172.234.197.23	SESSION-06b5f759c1748871 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7b8f87145037449c:host:177.10.236.239	SESSION-7b8f87145037449c → host:177.10.236.239
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-affea3171060a6d3:SESSION-affea3171060a6d3	SESSION-affea3171060a6d3 → pe:syn:SESSION-affea3171060a6d3
FLOW_FROM_HOSTOBS	e:from:SESSION-db907559277cbdbb:host:172.234.197.23	SESSION-db907559277cbdbb → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-469f9efa6316e344:SESSION-469f9efa6316e344	SESSION-469f9efa6316e344 → pe:tls:SESSION-469f9efa6316e344
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.17:geo_-16.28860_-49.01640	host:177.10.238.17 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-438fb49dfab0fe81:host:172.234.197.23	SESSION-438fb49dfab0fe81 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b254e83aa241:port:tcp:443	flow:b254e83aa241 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.237:geo_-16.28860_-49.01640	host:177.10.239.237 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-0948a596b6903965:host:172.234.197.23	SESSION-0948a596b6903965 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-066d98dee3275acb:SESSION-066d98dee3275acb	SESSION-066d98dee3275acb → pe:rst:SESSION-066d98dee3275acb
FLOW_TO_HOSTOBS	e:to:SESSION-368729c748b57591:host:172.234.197.23	SESSION-368729c748b57591 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.251:geo_-16.28860_-49.01640	host:177.10.232.251 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a87d3ab31183768a:PCAP:capture_20260428010001:b1b402c7b202	SESSION-a87d3ab31183768a → PCAP:capture_20260428010001:b1b402c7b202
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.84:geo_-16.28860_-49.01640	host:177.10.238.84 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6798e98bad768e0d:host:131.196.28.32:host:172.234.197.23	SESSION-6798e98bad768e0d → host:131.196.28.32 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a81beaceca4d	flow:a81beaceca4d → host:131.196.31.87 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7240be1eb77ed4f4:host:177.10.237.226	SESSION-7240be1eb77ed4f4 → host:177.10.237.226
FLOW_DST_PORTOBS	e:fp:flow:34dbff5e9e02:port:tcp:46965	flow:34dbff5e9e02 → port:tcp:46965
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-ef3fadfeb89ec1c3:SESSION-ef3fadfeb89ec1c3	SESSION-ef3fadfeb89ec1c3 → pe:rst:SESSION-ef3fadfeb89ec1c3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-25e11e259146e3a2:SESSION-25e11e259146e3a2	SESSION-25e11e259146e3a2 → pe:tls:SESSION-25e11e259146e3a2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.74:asn:262880	host:177.10.237.74 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92a69e37100365d0:host:172.234.197.23	SESSION-92a69e37100365d0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-95229c7c61064646:SESSION-95229c7c61064646	SESSION-95229c7c61064646 → pe:syn:SESSION-95229c7c61064646
FLOW_DST_PORTOBS	e:fp:flow:122a0094d863:port:tcp:3007	flow:122a0094d863 → port:tcp:3007
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e576d93486607572:host:172.234.197.23:host:177.10.237.76	SESSION-e576d93486607572 → host:172.234.197.23 → host:177.10.237.76
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0229340abc854c0d:host:172.234.197.23:host:177.10.233.185	SESSION-0229340abc854c0d → host:172.234.197.23 → host:177.10.233.185
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c6924fc6c1078bec:SESSION-c6924fc6c1078bec	SESSION-c6924fc6c1078bec → pe:syn:SESSION-c6924fc6c1078bec
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7937f820efd31935:host:34.216.76.26	SESSION-7937f820efd31935 → host:34.216.76.26
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59417938792198bf:host:177.10.235.179	SESSION-59417938792198bf → host:177.10.235.179
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-065b3042ded53057:host:172.234.197.23	SESSION-065b3042ded53057 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7ae30acbd5f5fc5:flow:3bfc067919a3	SESSION-b7ae30acbd5f5fc5 → flow:3bfc067919a3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-86afdd078b90270f:flow:7fdad1084837	SESSION-86afdd078b90270f → flow:7fdad1084837
FLOW_DST_PORTOBS	e:fp:flow:1e3df4bbc206:port:tcp:443	flow:1e3df4bbc206 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-99af0da0e550d67b:SESSION-99af0da0e550d67b	SESSION-99af0da0e550d67b → pe:tls:SESSION-99af0da0e550d67b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f9d01126d5763bf9:flow:8d2fac406199	SESSION-f9d01126d5763bf9 → flow:8d2fac406199
flow_observed5-aryOBS	e:fo:flow:210140bd7750	flow:210140bd7750 → host:131.196.30.148 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-6411f10800cf3ef5:host:91.240.224.238	SESSION-6411f10800cf3ef5 → host:91.240.224.238
FLOW_DST_PORTOBS	e:fp:flow:a0c1489991a7:port:tcp:9991	flow:a0c1489991a7 → port:tcp:9991
FLOW_TO_HOSTOBS	e:to:SESSION-ed80052f988e41bd:host:131.196.28.28	SESSION-ed80052f988e41bd → host:131.196.28.28
FLOW_FROM_HOSTOBS	e:from:SESSION-ca819812f7c370c2:host:172.234.197.23	SESSION-ca819812f7c370c2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8ea02b6f9852:port:tcp:443	flow:8ea02b6f9852 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:c7bd36073942	flow:c7bd36073942 → host:131.196.30.244 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cd248be3cf9515b5:flow:52a9430d918c	SESSION-cd248be3cf9515b5 → flow:52a9430d918c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9d2d17a1375ada26:PCAP:capture_20260430060001:919b39a74464	SESSION-9d2d17a1375ada26 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-a2e4fb28ad63a51c:host:172.234.197.23	SESSION-a2e4fb28ad63a51c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-329dd162e3e18437:PCAP:capture_20260430080001:93f47cc296a4	SESSION-329dd162e3e18437 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:2aac95e416ec:port:tcp:443	flow:2aac95e416ec → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-76d607ccf9e84136:host:172.234.197.23	SESSION-76d607ccf9e84136 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5f56081dde23b5ed:host:172.234.197.23	SESSION-5f56081dde23b5ed → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-606a9e702080ed7e:SESSION-606a9e702080ed7e	SESSION-606a9e702080ed7e → pe:tls:SESSION-606a9e702080ed7e
FLOW_DST_PORTOBS	e:fp:flow:e5616facb20a:port:tcp:49742	flow:e5616facb20a → port:tcp:49742
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5aeffc2a4b56ba0:host:172.234.197.23	SESSION-d5aeffc2a4b56ba0 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.204:asn:271410	host:131.196.31.204 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:71a54b37ed7c:port:tcp:443	flow:71a54b37ed7c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc308b17bca42662:host:51.75.171.21	SESSION-bc308b17bca42662 → host:51.75.171.21
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-718be43f3a8e9f39:host:172.234.197.23	SESSION-718be43f3a8e9f39 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-54f6eb1f506e4a3a:host:172.234.197.23	SESSION-54f6eb1f506e4a3a → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.71:asn:273470	host:45.173.156.71 → asn:273470
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-94c9082e66baa6b5:PCAP:capture_20260430070001:903a0e7a436b	SESSION-94c9082e66baa6b5 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:91e9ca77788c:port:tcp:443	flow:91e9ca77788c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6a1a522f9ca6e79:host:172.234.197.23	SESSION-d6a1a522f9ca6e79 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-954e70596a40db71:host:172.234.197.23	SESSION-954e70596a40db71 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bf0bb0d03710ab65:host:172.234.197.23	SESSION-bf0bb0d03710ab65 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-49c1d2d9ba1746da:host:172.234.197.23	SESSION-49c1d2d9ba1746da → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7982be2235ba	flow:7982be2235ba → host:37.221.79.130 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-affea3171060a6d3:host:177.10.239.207	SESSION-affea3171060a6d3 → host:177.10.239.207
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-463ebb9b343c8b6a:flow:e27a0dcdc385	SESSION-463ebb9b343c8b6a → flow:e27a0dcdc385
FLOW_TO_HOSTOBS	e:to:SESSION-9c596c163b79d372:host:177.10.235.222	SESSION-9c596c163b79d372 → host:177.10.235.222
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e5490e36eb363059:SESSION-e5490e36eb363059	SESSION-e5490e36eb363059 → pe:tls:SESSION-e5490e36eb363059
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21de16798668b3a8:host:172.234.197.23	SESSION-21de16798668b3a8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8a979a64e0f94d26:SESSION-8a979a64e0f94d26	SESSION-8a979a64e0f94d26 → pe:tls:SESSION-8a979a64e0f94d26
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eaa7799a31d50d65:host:177.10.239.209:host:172.234.197.23	SESSION-eaa7799a31d50d65 → host:177.10.239.209 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:ce00c1120329	flow:ce00c1120329 → host:172.234.197.23 → host:177.10.234.243 → port:tcp:37974
FLOW_FROM_HOSTOBS	e:from:SESSION-b8a147e2e8b42f79:host:172.234.197.23	SESSION-b8a147e2e8b42f79 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a242c68bb3594796:SESSION-a242c68bb3594796	SESSION-a242c68bb3594796 → pe:tls:SESSION-a242c68bb3594796
FLOW_TO_HOSTOBS	e:to:SESSION-3cd6c8dc824ee14d:host:172.234.197.23	SESSION-3cd6c8dc824ee14d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bd657e34d2536dc9:PCAP:capture_20260430110001:43611bdf6759	SESSION-bd657e34d2536dc9 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b8a147e2e8b42f79:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b8a147e2e8b42f79 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c2b6fa392d99e4e2:flow:dc0d769fd5e9	SESSION-c2b6fa392d99e4e2 → flow:dc0d769fd5e9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09db40e08b93496c:host:172.234.197.23	SESSION-09db40e08b93496c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a1241ed8a2f02aa7:SESSION-a1241ed8a2f02aa7	SESSION-a1241ed8a2f02aa7 → pe:tls:SESSION-a1241ed8a2f02aa7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fd524e1c02193f64:flow:ad31982a38b2	SESSION-fd524e1c02193f64 → flow:ad31982a38b2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1d152bdff2d4d10:flow:f078868fa5a3	SESSION-d1d152bdff2d4d10 → flow:f078868fa5a3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-48726e3ec935fccb:flow:2eb51dafeff3	SESSION-48726e3ec935fccb → flow:2eb51dafeff3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e99befaea58c8acf:host:172.234.197.23	SESSION-e99befaea58c8acf → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c178d8ef65578b24:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c178d8ef65578b24 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a5381df0c70f3b63:SESSION-a5381df0c70f3b63	SESSION-a5381df0c70f3b63 → pe:syn:SESSION-a5381df0c70f3b63
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e791e8d702f57f3e:flow:5c9dd4984fbd	SESSION-e791e8d702f57f3e → flow:5c9dd4984fbd
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.148:geo_-16.28860_-49.01640	host:177.10.232.148 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cd0176ca8d9bf386:host:177.10.233.130:host:172.234.197.23	SESSION-cd0176ca8d9bf386 → host:177.10.233.130 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.103:asn:262880	host:177.10.238.103 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.79:asn:262880	host:177.10.236.79 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-cf40158902d38ce6:host:177.10.236.79	SESSION-cf40158902d38ce6 → host:177.10.236.79
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f879597a466f9080:flow:427af3d58fd2	SESSION-f879597a466f9080 → flow:427af3d58fd2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7bea4de6efa859da:host:172.234.197.23	SESSION-7bea4de6efa859da → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d6a1a522f9ca6e79:flow:90a0ab0b2f2b	SESSION-d6a1a522f9ca6e79 → flow:90a0ab0b2f2b
FLOW_FROM_HOSTOBS	e:from:SESSION-fb20cb96e066d018:host:177.10.237.80	SESSION-fb20cb96e066d018 → host:177.10.237.80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b2c924632948936b:SESSION-b2c924632948936b	SESSION-b2c924632948936b → pe:tls:SESSION-b2c924632948936b
flow_observed5-aryOBS	e:fo:flow:78dd53e84e2c	flow:78dd53e84e2c → host:177.10.238.218 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52edfb1e7fe307be:host:172.234.197.23	SESSION-52edfb1e7fe307be → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2eff7ebef8fd9091:host:177.10.239.76	SESSION-2eff7ebef8fd9091 → host:177.10.239.76
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-191997595ec6754e:flow:6c8fb4510aa3	SESSION-191997595ec6754e → flow:6c8fb4510aa3
FLOW_DST_PORTOBS	e:fp:flow:3c8c9cf33ce0:port:tcp:443	flow:3c8c9cf33ce0 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:e10a87de0ef0:port:tcp:443	flow:e10a87de0ef0 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eb9826b2bc40f219:SESSION-eb9826b2bc40f219	SESSION-eb9826b2bc40f219 → pe:tls:SESSION-eb9826b2bc40f219
FLOW_DST_PORTOBS	e:fp:flow:47a0c583b8c2:port:tcp:443	flow:47a0c583b8c2 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-359d98e6d1200746:host:172.234.197.23	SESSION-359d98e6d1200746 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8bce020bb4f5	flow:8bce020bb4f5 → host:131.196.29.186 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:639a81585c5e	flow:639a81585c5e → host:177.10.238.29 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-21cca31493e9287d:host:177.10.238.157:host:172.234.197.23	SESSION-21cca31493e9287d → host:177.10.238.157 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:8edb3b96f7c4	flow:8edb3b96f7c4 → host:172.234.197.23 → host:131.196.29.15 → port:tcp:57019
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-def0cb8d87964dca:SESSION-def0cb8d87964dca	SESSION-def0cb8d87964dca → pe:syn:SESSION-def0cb8d87964dca
FLOW_TO_HOSTOBS	e:to:SESSION-94594005437ae120:host:177.10.237.155	SESSION-94594005437ae120 → host:177.10.237.155
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-171cec02c0effee6:flow:03b1001edb70	SESSION-171cec02c0effee6 → flow:03b1001edb70
flow_observed5-aryOBS	e:fo:flow:00a102725075	flow:00a102725075 → host:131.196.31.26 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ae53b938ea3675b:host:172.234.197.23	SESSION-2ae53b938ea3675b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5dbf12d77f23d3eb:host:172.234.197.23	SESSION-5dbf12d77f23d3eb → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:011b97b6ff41	flow:011b97b6ff41 → host:131.196.30.64 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-66c6d225095e379c:PCAP:capture_20260430150001:ded20914761d	SESSION-66c6d225095e379c → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0046a1ddb04bc0f7:host:172.234.197.23	SESSION-0046a1ddb04bc0f7 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.104:asn:271410	host:131.196.31.104 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de35503b4a9f2ce3:host:45.173.156.210	SESSION-de35503b4a9f2ce3 → host:45.173.156.210
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6c5da4152a907bbd:SESSION-6c5da4152a907bbd	SESSION-6c5da4152a907bbd → pe:syn:SESSION-6c5da4152a907bbd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29bd7d52bed21c18:host:131.196.30.49	SESSION-29bd7d52bed21c18 → host:131.196.30.49
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3674a7955b512da1:host:172.234.197.23	SESSION-3674a7955b512da1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0580c69484a4	flow:0580c69484a4 → host:177.10.235.132 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-179845184e318961:host:131.196.30.74:host:172.234.197.23	SESSION-179845184e318961 → host:131.196.30.74 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:104.28.202.79:asn:13335	host:104.28.202.79 → asn:13335
FLOW_TO_HOSTOBS	e:to:SESSION-79b570e2589cf059:host:131.196.29.90	SESSION-79b570e2589cf059 → host:131.196.29.90
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dc3f24e93e3e0fb3:host:177.10.236.174	SESSION-dc3f24e93e3e0fb3 → host:177.10.236.174
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6cdad751a34344e1:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6cdad751a34344e1 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eb40f64797e3fe16:PCAP:capture_20260430070001:903a0e7a436b	SESSION-eb40f64797e3fe16 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-314616832d67d639:SESSION-314616832d67d639	SESSION-314616832d67d639 → pe:syn:SESSION-314616832d67d639
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30ae225adc0bd1e0:host:172.234.197.23	SESSION-30ae225adc0bd1e0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fae3464e58310370:host:177.10.234.61	SESSION-fae3464e58310370 → host:177.10.234.61
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-985fc991cba9cb9c:host:13.61.34.23:host:172.234.197.23	SESSION-985fc991cba9cb9c → host:13.61.34.23 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f26dae72fe8e9fa0:host:131.196.30.104	SESSION-f26dae72fe8e9fa0 → host:131.196.30.104
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5bba4e0174a1f95d:host:92.112.71.29	SESSION-5bba4e0174a1f95d → host:92.112.71.29
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-38739a517334cf5a:PCAP:capture_20260430080001:93f47cc296a4	SESSION-38739a517334cf5a → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b9574d05ba0801a5:host:95.170.25.192:host:172.234.197.23	SESSION-b9574d05ba0801a5 → host:95.170.25.192 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-998c67ab79f4e23e:SESSION-998c67ab79f4e23e	SESSION-998c67ab79f4e23e → pe:tls:SESSION-998c67ab79f4e23e
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.160:asn:271410	host:131.196.31.160 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7852f400065b4a55:SESSION-7852f400065b4a55	SESSION-7852f400065b4a55 → pe:syn:SESSION-7852f400065b4a55
FLOW_TO_HOSTOBS	e:to:SESSION-206979254a17108f:host:172.234.197.23	SESSION-206979254a17108f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7205a781bd8c8542:host:177.10.235.81:host:172.234.197.23	SESSION-7205a781bd8c8542 → host:177.10.235.81 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1c5a72a6fbc2381d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-1c5a72a6fbc2381d → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-7558286b16680d35:host:172.234.197.23	SESSION-7558286b16680d35 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.176:geo_-16.28860_-49.01640	host:177.10.235.176 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-924a4e21bceaf0d1:host:172.234.197.23:host:177.10.235.120	SESSION-924a4e21bceaf0d1 → host:172.234.197.23 → host:177.10.235.120
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-048f9271a2e27be7:host:177.10.234.51:host:172.234.197.23	SESSION-048f9271a2e27be7 → host:177.10.234.51 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-528b3497658f46ec:host:172.234.197.23	SESSION-528b3497658f46ec → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b91cc7f2039924f2:SESSION-b91cc7f2039924f2	SESSION-b91cc7f2039924f2 → pe:syn:SESSION-b91cc7f2039924f2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-764219a5db7d50bc:PCAP:capture_20260430150001:ded20914761d	SESSION-764219a5db7d50bc → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:62b791bbed2d:port:udp:53	flow:62b791bbed2d → port:udp:53
flow_observed5-aryOBS	e:fo:flow:cc59150a6666	flow:cc59150a6666 → host:177.10.232.204 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8624692ea119f1f3:host:172.234.197.23	SESSION-8624692ea119f1f3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0e515946ec2b2292:host:177.10.232.4:host:172.234.197.23	SESSION-0e515946ec2b2292 → host:177.10.232.4 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.175:geo_-16.28860_-49.01640	host:177.10.237.175 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:ca33735becee:port:tcp:63881	flow:ca33735becee → port:tcp:63881
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-60dab6a51248be22:SESSION-60dab6a51248be22	SESSION-60dab6a51248be22 → pe:tls:SESSION-60dab6a51248be22
FLOW_TO_HOSTOBS	e:to:SESSION-3a286fa1508a759d:host:172.234.197.23	SESSION-3a286fa1508a759d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.78:geo_-23.62930_-46.63510	host:131.196.28.78 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dde31743640b587a:SESSION-dde31743640b587a	SESSION-dde31743640b587a → pe:syn:SESSION-dde31743640b587a
flow_observed4-aryOBS	e:fo:flow:a6e7268ade32	flow:a6e7268ade32 → host:172.234.197.23 → host:131.196.30.142 → port:tcp:62855
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-72e48e4dc313a64d:SESSION-72e48e4dc313a64d	SESSION-72e48e4dc313a64d → pe:tls:SESSION-72e48e4dc313a64d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6455927ff3f8f851:host:177.10.238.117	SESSION-6455927ff3f8f851 → host:177.10.238.117
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f3cf60c38091a57a:host:131.196.28.198:host:172.234.197.23	SESSION-f3cf60c38091a57a → host:131.196.28.198 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-23264de44b7cb73c:host:131.196.29.122:host:172.234.197.23	SESSION-23264de44b7cb73c → host:131.196.29.122 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81679789c998e700:host:172.234.197.23	SESSION-81679789c998e700 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f3567442ac940551:host:172.234.197.23:host:177.10.237.58	SESSION-f3567442ac940551 → host:172.234.197.23 → host:177.10.237.58
flow_observed5-aryOBS	e:fo:flow:17ffb9bcca7a	flow:17ffb9bcca7a → host:131.196.30.203 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0ea66afd66f329a0:PCAP:capture_20260430150001:ded20914761d	SESSION-0ea66afd66f329a0 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-56e8cb1a5e296d06:PCAP:capture_20260430110001:43611bdf6759	SESSION-56e8cb1a5e296d06 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7391507b773a5722:host:131.196.31.92	SESSION-7391507b773a5722 → host:131.196.31.92
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc35857ee3808de8:PCAP:capture_20260430160001:9bfa4498506a	SESSION-cc35857ee3808de8 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-469998d187b1b945:host:177.10.233.78	SESSION-469998d187b1b945 → host:177.10.233.78
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.226:geo_41.02140_28.99480	host:185.231.226.226 → geo_41.02140_28.99480
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1eb9812de4c91c82:host:177.10.236.71	SESSION-1eb9812de4c91c82 → host:177.10.236.71
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-28765694f1859e38:host:177.10.237.139:host:172.234.197.23	SESSION-28765694f1859e38 → host:177.10.237.139 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.6:geo_41.00190_28.96450	host:92.112.71.6 → geo_41.00190_28.96450
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a29c9496c44f9fe8:PCAP:capture_20260430080001:93f47cc296a4	SESSION-a29c9496c44f9fe8 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-409f2c106c7c54cc:host:172.234.197.23	SESSION-409f2c106c7c54cc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-56e8cb1a5e296d06:SESSION-56e8cb1a5e296d06	SESSION-56e8cb1a5e296d06 → pe:syn:SESSION-56e8cb1a5e296d06
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d9b13ac4e6d83a5e:PCAP:capture_20260430110001:43611bdf6759	SESSION-d9b13ac4e6d83a5e → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-498c2476ff0ce5ee:host:172.234.197.23	SESSION-498c2476ff0ce5ee → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.88:asn:262880	host:177.10.235.88 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-660bfab63a10a518:SESSION-660bfab63a10a518	SESSION-660bfab63a10a518 → pe:tls:SESSION-660bfab63a10a518
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f0be9ff1ae53d349:PCAP:capture_20260430080001:93f47cc296a4	SESSION-f0be9ff1ae53d349 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-c977b8f3627ab3c3:host:131.196.28.115	SESSION-c977b8f3627ab3c3 → host:131.196.28.115
FLOW_TO_HOSTOBS	e:to:SESSION-6353435fcd827ef1:host:172.234.197.23	SESSION-6353435fcd827ef1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.13:geo_-23.62930_-46.63510	host:131.196.30.13 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-985c12f522f7e9ff:host:131.196.28.129	SESSION-985c12f522f7e9ff → host:131.196.28.129
flow_observed5-aryOBS	e:fo:flow:ac8a4b797024	flow:ac8a4b797024 → host:177.10.235.85 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51b69a1f49968dce:host:172.234.197.23	SESSION-51b69a1f49968dce → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6430336fded9a803:SESSION-6430336fded9a803	SESSION-6430336fded9a803 → pe:tls:SESSION-6430336fded9a803
flow_observed5-aryOBS	e:fo:flow:dcc7deb4e4c9	flow:dcc7deb4e4c9 → host:177.10.234.120 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.39:asn:271410	host:131.196.28.39 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d13284d1e9c6a901:host:172.234.197.23	SESSION-d13284d1e9c6a901 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e81084c1c2c5:port:tcp:443	flow:e81084c1c2c5 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7601ec92d63a89e6:host:88.99.91.59	SESSION-7601ec92d63a89e6 → host:88.99.91.59
FLOW_FROM_HOSTOBS	e:from:SESSION-d77225c69f4fe117:host:177.10.239.5	SESSION-d77225c69f4fe117 → host:177.10.239.5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-412d8e92812f4ea2:SESSION-412d8e92812f4ea2	SESSION-412d8e92812f4ea2 → pe:tls:SESSION-412d8e92812f4ea2
FLOW_DST_PORTOBS	e:fp:flow:c665b1e8f8cf:port:tcp:37311	flow:c665b1e8f8cf → port:tcp:37311
FLOW_DST_PORTOBS	e:fp:flow:af7db4fb2b51:port:tcp:443	flow:af7db4fb2b51 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-abc64529b37d4840:SESSION-abc64529b37d4840	SESSION-abc64529b37d4840 → pe:tls:SESSION-abc64529b37d4840
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b9875f767bae73b8:host:172.234.197.23:host:45.173.156.202	SESSION-b9875f767bae73b8 → host:172.234.197.23 → host:45.173.156.202
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8327be02acf872a5:flow:577fe2c1120d	SESSION-8327be02acf872a5 → flow:577fe2c1120d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cff1d643020db9d5:host:172.234.197.23	SESSION-cff1d643020db9d5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4f766219ab3f1d4b:SESSION-4f766219ab3f1d4b	SESSION-4f766219ab3f1d4b → pe:syn:SESSION-4f766219ab3f1d4b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c36a1f3b5aad9a99:host:172.234.197.23	SESSION-c36a1f3b5aad9a99 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:b0a84a3195d1	flow:b0a84a3195d1 → host:172.234.197.23 → host:92.118.39.236
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ee8b7e20de209690:flow:9fdd0c4709fb	SESSION-ee8b7e20de209690 → flow:9fdd0c4709fb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e00ced36c846b73a:PCAP:capture_20260430060001:919b39a74464	SESSION-e00ced36c846b73a → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-19ad8f01572b4d12:SESSION-19ad8f01572b4d12	SESSION-19ad8f01572b4d12 → pe:syn:SESSION-19ad8f01572b4d12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0827c1c94491daec:SESSION-0827c1c94491daec	SESSION-0827c1c94491daec → pe:tls:SESSION-0827c1c94491daec
FLOW_FROM_HOSTOBS	e:from:SESSION-4c4adfb3e188a176:host:177.10.236.157	SESSION-4c4adfb3e188a176 → host:177.10.236.157
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.220:asn:262880	host:177.10.232.220 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-643a90c68c400c64:host:172.234.197.23	SESSION-643a90c68c400c64 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2091e87bc96ca173:SESSION-2091e87bc96ca173	SESSION-2091e87bc96ca173 → pe:tls:SESSION-2091e87bc96ca173
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1b3b25682727ca52:flow:a86792050fb6	SESSION-1b3b25682727ca52 → flow:a86792050fb6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3089f893be8ea87:host:172.234.197.23	SESSION-e3089f893be8ea87 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-495677aa294b030b:host:172.234.197.23	SESSION-495677aa294b030b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-acada2cd7035c790:host:177.10.232.212	SESSION-acada2cd7035c790 → host:177.10.232.212
FLOW_TO_HOSTOBS	e:to:SESSION-c6d8c2f7fc43f382:host:177.10.237.25	SESSION-c6d8c2f7fc43f382 → host:177.10.237.25
flow_observed5-aryOBS	e:fo:flow:ecb6aa8c52d6	flow:ecb6aa8c52d6 → host:177.10.239.67 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9d603c58c5171ed7:flow:73ce5e8a95c6	SESSION-9d603c58c5171ed7 → flow:73ce5e8a95c6
flow_observed4-aryOBS	e:fo:flow:54efcc92c2b2	flow:54efcc92c2b2 → host:172.234.197.23 → host:177.10.237.211 → port:tcp:35065
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6dcacced517b07e8:host:177.10.235.197	SESSION-6dcacced517b07e8 → host:177.10.235.197
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ae99c26bd6d2dd56:flow:ae7ce6b2e467	SESSION-ae99c26bd6d2dd56 → flow:ae7ce6b2e467
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6dcacced517b07e8:host:172.234.197.23	SESSION-6dcacced517b07e8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-472adb1eeb20f880:host:177.10.235.218	SESSION-472adb1eeb20f880 → host:177.10.235.218
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7f971b95dedbfd9a:host:131.196.30.213:host:172.234.197.23	SESSION-7f971b95dedbfd9a → host:131.196.30.213 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c3499df4b83e	flow:c3499df4b83e → host:131.196.29.156 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f1b581ea0c38fa14:host:172.234.197.23	SESSION-f1b581ea0c38fa14 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-66dcd1fd6d28b07f:flow:d4fc1e4b458a	SESSION-66dcd1fd6d28b07f → flow:d4fc1e4b458a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7301756ca24c49ab:host:177.10.239.235	SESSION-7301756ca24c49ab → host:177.10.239.235
flow_observed4-aryOBS	e:fo:flow:2df3ee5e9ff6	flow:2df3ee5e9ff6 → host:172.234.197.23 → host:131.196.28.222 → port:tcp:32108
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3f486f528dd93473:host:177.10.239.186:host:172.234.197.23	SESSION-3f486f528dd93473 → host:177.10.239.186 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c78f1de05120efd8:PCAP:capture_20260430090001:065659c7d314	SESSION-c78f1de05120efd8 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.2:geo_-16.28860_-49.01640	host:177.10.237.2 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-a20ec48656879fce:host:172.234.197.23	SESSION-a20ec48656879fce → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37c43e7a9f6dcf12:host:177.10.235.194	SESSION-37c43e7a9f6dcf12 → host:177.10.235.194
flow_observed4-aryOBS	e:fo:flow:2e0ba50458ee	flow:2e0ba50458ee → host:172.234.197.23 → host:177.10.238.56 → port:tcp:27983
FLOW_TO_HOSTOBS	e:to:SESSION-488c9c462e491ad2:host:172.234.197.23	SESSION-488c9c462e491ad2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cbb8d1d16f40477:host:131.196.30.126	SESSION-6cbb8d1d16f40477 → host:131.196.30.126
FLOW_FROM_HOSTOBS	e:from:SESSION-b8dc993a043c8fb1:host:131.196.31.14	SESSION-b8dc993a043c8fb1 → host:131.196.31.14
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db98e45dca973468:SESSION-db98e45dca973468	SESSION-db98e45dca973468 → pe:tls:SESSION-db98e45dca973468
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c83e078f141652ea:host:172.234.197.23:host:131.196.30.107	SESSION-c83e078f141652ea → host:172.234.197.23 → host:131.196.30.107
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-84d24c52e1f02eee:SESSION-84d24c52e1f02eee	SESSION-84d24c52e1f02eee → pe:tls:SESSION-84d24c52e1f02eee
flow_observed4-aryOBS	e:fo:flow:6bf5043c6103	flow:6bf5043c6103 → host:172.234.197.23 → host:177.10.235.126 → port:tcp:43899
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4059a39607153158:host:172.234.197.23	SESSION-4059a39607153158 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a91fe9a6e775a606:host:172.234.197.23	SESSION-a91fe9a6e775a606 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:da5b9ad5f17e:port:tcp:63780	flow:da5b9ad5f17e → port:tcp:63780
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.246:geo_-23.62930_-46.63510	host:131.196.28.246 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65e7ac6f998115f7:host:177.10.232.158	SESSION-65e7ac6f998115f7 → host:177.10.232.158
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:3.112.93.79:geo_35.68930_139.68990	host:3.112.93.79 → geo_35.68930_139.68990
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-58a871785a3878fd:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-58a871785a3878fd → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:327d26f2cec2:port:tcp:15735	flow:327d26f2cec2 → port:tcp:15735
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-753bfef963e546aa:host:177.10.237.249:host:172.234.197.23	SESSION-753bfef963e546aa → host:177.10.237.249 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-049aa291881e8f8b:host:172.234.197.23	SESSION-049aa291881e8f8b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c59a88aa03340e00:host:172.234.197.23	SESSION-c59a88aa03340e00 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ba8512040d3b37b:host:172.234.197.23	SESSION-5ba8512040d3b37b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-46d2f77cc38b38db:host:177.10.234.36:host:172.234.197.23	SESSION-46d2f77cc38b38db → host:177.10.234.36 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19279b7c3b267599:host:172.234.197.23	SESSION-19279b7c3b267599 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ae99c26bd6d2dd56:host:131.196.28.237	SESSION-ae99c26bd6d2dd56 → host:131.196.28.237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8cf04cf372371106:host:177.10.236.47	SESSION-8cf04cf372371106 → host:177.10.236.47
FLOW_DST_PORTOBS	e:fp:flow:a4780ba78b2d:port:tcp:443	flow:a4780ba78b2d → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-a046afd146222299:host:172.234.197.23	SESSION-a046afd146222299 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f277335c7e8c32bb:SESSION-f277335c7e8c32bb	SESSION-f277335c7e8c32bb → pe:syn:SESSION-f277335c7e8c32bb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8b8b9e098330595b:SESSION-8b8b9e098330595b	SESSION-8b8b9e098330595b → pe:syn:SESSION-8b8b9e098330595b
FLOW_FROM_HOSTOBS	e:from:SESSION-45f8302f1d804897:host:109.89.117.44	SESSION-45f8302f1d804897 → host:109.89.117.44
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5048c6b31ef60c96:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5048c6b31ef60c96 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7d8111f65a253e3a:SESSION-7d8111f65a253e3a	SESSION-7d8111f65a253e3a → pe:tls:SESSION-7d8111f65a253e3a
FLOW_FROM_HOSTOBS	e:from:SESSION-aa0381bae4f9498b:host:177.10.239.68	SESSION-aa0381bae4f9498b → host:177.10.239.68
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6c83a3382d975674:host:177.10.234.26:host:172.234.197.23	SESSION-6c83a3382d975674 → host:177.10.234.26 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-784ef99bf699df93:host:172.234.197.23	SESSION-784ef99bf699df93 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:fff476c33f44	flow:fff476c33f44 → host:31.40.196.119 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-91919daf8511716e:host:172.234.197.23:host:131.196.31.98	SESSION-91919daf8511716e → host:172.234.197.23 → host:131.196.31.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-75ac13f212ea06a5:SESSION-75ac13f212ea06a5	SESSION-75ac13f212ea06a5 → pe:tls:SESSION-75ac13f212ea06a5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-364513c2995bfd3b:SESSION-364513c2995bfd3b	SESSION-364513c2995bfd3b → pe:syn:SESSION-364513c2995bfd3b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.159:asn:262880	host:177.10.236.159 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.185:asn:271410	host:131.196.31.185 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d8b07a8bebdede3:host:172.232.0.16	SESSION-1d8b07a8bebdede3 → host:172.232.0.16
FLOW_DST_PORTOBS	e:fp:flow:e15b40b855d0:port:tcp:443	flow:e15b40b855d0 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:ae7ce6b2e467	flow:ae7ce6b2e467 → host:131.196.28.237 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:6cc058096f12	flow:6cc058096f12 → host:172.234.197.23 → host:131.196.30.160 → port:tcp:65051
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31e4a260829c636e:host:177.10.238.29	SESSION-31e4a260829c636e → host:177.10.238.29
FLOW_DST_PORTOBS	e:fp:flow:346a1a3a4e3f:port:tcp:443	flow:346a1a3a4e3f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-44424f48705b3a9d:SESSION-44424f48705b3a9d	SESSION-44424f48705b3a9d → pe:syn:SESSION-44424f48705b3a9d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-16fca057f28c0943:PCAP:capture_20260430090001:065659c7d314	SESSION-16fca057f28c0943 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a17e20e34301cc9:host:172.234.197.23	SESSION-4a17e20e34301cc9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bbc35343aa20f600:SESSION-bbc35343aa20f600	SESSION-bbc35343aa20f600 → pe:tls:SESSION-bbc35343aa20f600
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.28:geo_-16.28860_-49.01640	host:177.10.234.28 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f0be9ff1ae53d349:flow:1d331255738c	SESSION-f0be9ff1ae53d349 → flow:1d331255738c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.183:geo_-23.62930_-46.63510	host:131.196.29.183 → geo_-23.62930_-46.63510
flow_observed4-aryOBS	e:fo:flow:934dce83ff49	flow:934dce83ff49 → host:172.234.197.23 → host:2.57.122.194 → port:tcp:21270
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-23b772dcd58e4ef3:flow:62d12623c93c	SESSION-23b772dcd58e4ef3 → flow:62d12623c93c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-516e4259bbcb51e8:host:177.10.238.31:host:172.234.197.23	SESSION-516e4259bbcb51e8 → host:177.10.238.31 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f3cf60c38091a57a:host:131.196.28.198	SESSION-f3cf60c38091a57a → host:131.196.28.198
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5fd776fee1455ee3:SESSION-5fd776fee1455ee3	SESSION-5fd776fee1455ee3 → pe:tls:SESSION-5fd776fee1455ee3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.231:geo_-21.10010_-41.69200	host:45.173.156.231 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cf286e26fb783f2f:host:172.234.197.23:host:131.196.29.160	SESSION-cf286e26fb783f2f → host:172.234.197.23 → host:131.196.29.160
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d551807307fa9b9:host:172.234.197.23	SESSION-2d551807307fa9b9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-111e536a3f33c549:host:177.10.237.39	SESSION-111e536a3f33c549 → host:177.10.237.39
flow_observed4-aryOBS	e:fo:flow:94be51ec2ae8	flow:94be51ec2ae8 → host:172.234.197.23 → host:177.10.233.123 → port:tcp:5259
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-430caa0514cbc012:host:172.234.197.23	SESSION-430caa0514cbc012 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-33fdede36596a62f:host:97.139.12.85	SESSION-33fdede36596a62f → host:97.139.12.85
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5fbe4987e86bc38:SESSION-b5fbe4987e86bc38	SESSION-b5fbe4987e86bc38 → pe:syn:SESSION-b5fbe4987e86bc38
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-28e21153f6abb648:flow:5c121a47df86	SESSION-28e21153f6abb648 → flow:5c121a47df86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-11ee8787e5fc7b06:SESSION-11ee8787e5fc7b06	SESSION-11ee8787e5fc7b06 → pe:tls:SESSION-11ee8787e5fc7b06
flow_observed4-aryOBS	e:fo:flow:a30010932181	flow:a30010932181 → host:172.234.197.23 → host:131.196.30.255 → port:tcp:41667
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-59a63fae51b24a38:flow:f8b646b92b02	SESSION-59a63fae51b24a38 → flow:f8b646b92b02
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-007d1747f3bd10df:SESSION-007d1747f3bd10df	SESSION-007d1747f3bd10df → pe:syn:SESSION-007d1747f3bd10df
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.78:asn:262880	host:177.10.235.78 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f2a0bf61df119bc4:host:177.10.234.235:host:172.234.197.23	SESSION-f2a0bf61df119bc4 → host:177.10.234.235 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:36f9278deffd:port:tcp:443	flow:36f9278deffd → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ffb3444ca3f5caf:flow:b1dd07e29155	SESSION-1ffb3444ca3f5caf → flow:b1dd07e29155
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16df0786ef84574d:host:177.10.233.22	SESSION-16df0786ef84574d → host:177.10.233.22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9cb4473bd3389dab:SESSION-9cb4473bd3389dab	SESSION-9cb4473bd3389dab → pe:tls:SESSION-9cb4473bd3389dab
FLOW_FROM_HOSTOBS	e:from:SESSION-9f0699d4f0c2d48e:host:103.155.16.117	SESSION-9f0699d4f0c2d48e → host:103.155.16.117
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b16231fef814b904:host:177.10.237.80:host:172.234.197.23	SESSION-b16231fef814b904 → host:177.10.237.80 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-364411d92a5a41bf:host:172.234.197.23	SESSION-364411d92a5a41bf → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-95e8a61a9d5e6397:flow:fa92306a8300	SESSION-95e8a61a9d5e6397 → flow:fa92306a8300
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5634ee3b30a0b6aa:flow:ba77b24e676f	SESSION-5634ee3b30a0b6aa → flow:ba77b24e676f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5206c0f0c9583a29:SESSION-5206c0f0c9583a29	SESSION-5206c0f0c9583a29 → pe:tls:SESSION-5206c0f0c9583a29
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f580776b9a7f0d25:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-f580776b9a7f0d25 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ddfef5208babd34:SESSION-6ddfef5208babd34	SESSION-6ddfef5208babd34 → pe:syn:SESSION-6ddfef5208babd34
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b5b84f652a18f91:SESSION-5b5b84f652a18f91	SESSION-5b5b84f652a18f91 → pe:syn:SESSION-5b5b84f652a18f91
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-674d0a1b38b3c135:flow:0a5c641a04b7	SESSION-674d0a1b38b3c135 → flow:0a5c641a04b7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9804aaba4767b862:SESSION-9804aaba4767b862	SESSION-9804aaba4767b862 → pe:tls:SESSION-9804aaba4767b862
FLOW_FROM_HOSTOBS	e:from:SESSION-971b25349fba9c5b:host:45.173.156.38	SESSION-971b25349fba9c5b → host:45.173.156.38
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3e583d09be0235fc:flow:2a6f4722a3cb	SESSION-3e583d09be0235fc → flow:2a6f4722a3cb
FLOW_TO_HOSTOBS	e:to:SESSION-e26c73b3a0fde5e3:host:172.234.197.23	SESSION-e26c73b3a0fde5e3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0d74f533686cf043:SESSION-0d74f533686cf043	SESSION-0d74f533686cf043 → pe:syn:SESSION-0d74f533686cf043
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-de12aa9c0bf7f485:PCAP:capture_20260430110001:43611bdf6759	SESSION-de12aa9c0bf7f485 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ada1853624679841:host:131.196.29.41	SESSION-ada1853624679841 → host:131.196.29.41
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9d59512d9649ead5:SESSION-9d59512d9649ead5	SESSION-9d59512d9649ead5 → pe:syn:SESSION-9d59512d9649ead5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-937317105ded9efa:host:177.10.234.93	SESSION-937317105ded9efa → host:177.10.234.93
flow_observed4-aryOBS	e:fo:flow:849ba2658df2	flow:849ba2658df2 → host:172.234.197.23 → host:177.10.239.70 → port:tcp:9058
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c9527954f73f19b6:PCAP:capture_20260430110001:43611bdf6759	SESSION-c9527954f73f19b6 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-33fcdd018bdc1a2c:SESSION-33fcdd018bdc1a2c	SESSION-33fcdd018bdc1a2c → pe:syn:SESSION-33fcdd018bdc1a2c
FLOW_TO_HOSTOBS	e:to:SESSION-5da0813b370b7e29:host:172.234.197.23	SESSION-5da0813b370b7e29 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b99a2a75b4ae9e98:host:131.196.30.230	SESSION-b99a2a75b4ae9e98 → host:131.196.30.230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-465906ddd8becee4:SESSION-465906ddd8becee4	SESSION-465906ddd8becee4 → pe:syn:SESSION-465906ddd8becee4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24e3c3c409f2ba92:host:69.235.185.81	SESSION-24e3c3c409f2ba92 → host:69.235.185.81
FLOW_DST_PORTOBS	e:fp:flow:64d6aa7dc384:port:tcp:6061	flow:64d6aa7dc384 → port:tcp:6061
FLOW_FROM_HOSTOBS	e:from:SESSION-570ccd324c759306:host:172.234.197.23	SESSION-570ccd324c759306 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-dae67c02b176a3ce:host:177.10.239.138	SESSION-dae67c02b176a3ce → host:177.10.239.138
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1af702d2aa4c9d9d:SESSION-1af702d2aa4c9d9d	SESSION-1af702d2aa4c9d9d → pe:tls:SESSION-1af702d2aa4c9d9d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bb3f1e71e19d60be:SESSION-bb3f1e71e19d60be	SESSION-bb3f1e71e19d60be → pe:tls:SESSION-bb3f1e71e19d60be
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-910213045742f7e4:host:172.234.197.23	SESSION-910213045742f7e4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e7e52183ef313b6a:flow:976bb746bf02	SESSION-e7e52183ef313b6a → flow:976bb746bf02
flow_observed5-aryOBS	e:fo:flow:2c20c026d21d	flow:2c20c026d21d → host:131.196.31.237 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b0dab8159384d982:SESSION-b0dab8159384d982	SESSION-b0dab8159384d982 → pe:tls:SESSION-b0dab8159384d982
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.188:geo_-16.28860_-49.01640	host:177.10.234.188 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0af842276eef56a1:flow:3e863a59aa1c	SESSION-0af842276eef56a1 → flow:3e863a59aa1c
FLOW_DST_PORTOBS	e:fp:flow:be87ba4036a8:port:tcp:12842	flow:be87ba4036a8 → port:tcp:12842
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.38:geo_-21.10010_-41.69200	host:45.173.156.38 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b1f042103d1727f:host:177.10.239.153	SESSION-5b1f042103d1727f → host:177.10.239.153
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-42d2a5353a30deb6:flow:208d574b04e9	SESSION-42d2a5353a30deb6 → flow:208d574b04e9
FLOW_TO_HOSTOBS	e:to:SESSION-841299f020c7f00d:host:172.234.197.23	SESSION-841299f020c7f00d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-afb2aada9aae789c:SESSION-afb2aada9aae789c	SESSION-afb2aada9aae789c → pe:tls:SESSION-afb2aada9aae789c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fbcf03ac27ad8556:SESSION-fbcf03ac27ad8556	SESSION-fbcf03ac27ad8556 → pe:syn:SESSION-fbcf03ac27ad8556
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0bdeae27fd42a89:host:172.234.197.23	SESSION-f0bdeae27fd42a89 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.209:geo_-16.28860_-49.01640	host:177.10.239.209 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e26c73b3a0fde5e3:host:131.196.29.53	SESSION-e26c73b3a0fde5e3 → host:131.196.29.53
FLOW_TO_HOSTOBS	e:to:SESSION-3be9919fc6df9ffa:host:172.234.197.23	SESSION-3be9919fc6df9ffa → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7f350449fc7d11b3:SESSION-7f350449fc7d11b3	SESSION-7f350449fc7d11b3 → pe:tls:SESSION-7f350449fc7d11b3
FLOW_DST_PORTOBS	e:fp:flow:e6b7da900ca4:port:tcp:9327	flow:e6b7da900ca4 → port:tcp:9327
FLOW_FROM_HOSTOBS	e:from:SESSION-671ee03668a9eda8:host:172.234.197.23	SESSION-671ee03668a9eda8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-038099de878067a0:host:172.234.197.23	SESSION-038099de878067a0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1dab4caf120b	flow:1dab4caf120b → host:177.10.235.224 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-973fc1252d207af1:SESSION-973fc1252d207af1	SESSION-973fc1252d207af1 → pe:tls:SESSION-973fc1252d207af1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ad62b54803b59875:flow:ff968608d852	SESSION-ad62b54803b59875 → flow:ff968608d852
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65e7ac6f998115f7:host:172.234.197.23	SESSION-65e7ac6f998115f7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e2a52b4f9db01a4:host:172.234.197.23	SESSION-0e2a52b4f9db01a4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2a56385e550c:port:tcp:443	flow:2a56385e550c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9f5d8e8d5ecc4e1f:SESSION-9f5d8e8d5ecc4e1f	SESSION-9f5d8e8d5ecc4e1f → pe:syn:SESSION-9f5d8e8d5ecc4e1f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-846d654fbba579ab:host:54.91.240.230:host:172.234.197.23	SESSION-846d654fbba579ab → host:54.91.240.230 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c155b50123efabb5:SESSION-c155b50123efabb5	SESSION-c155b50123efabb5 → pe:tls:SESSION-c155b50123efabb5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-58fb8de1a3a0b1f1:SESSION-58fb8de1a3a0b1f1	SESSION-58fb8de1a3a0b1f1 → pe:tls:SESSION-58fb8de1a3a0b1f1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1995c5dc0203e07b:host:172.234.197.23	SESSION-1995c5dc0203e07b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e204ebd6e9a0	flow:e204ebd6e9a0 → host:177.10.236.86 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-be67080b9ae14b48:SESSION-be67080b9ae14b48	SESSION-be67080b9ae14b48 → pe:syn:SESSION-be67080b9ae14b48
FLOW_TO_HOSTOBS	e:to:SESSION-d4673fb47ee0c5a9:host:172.234.197.23	SESSION-d4673fb47ee0c5a9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8bdafe91f45dd428:SESSION-8bdafe91f45dd428	SESSION-8bdafe91f45dd428 → pe:tls:SESSION-8bdafe91f45dd428
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f5828198604c26af:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-f5828198604c26af → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:f9c08ac7fdde	flow:f9c08ac7fdde → host:177.10.235.147 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:c8f5d59ceecd	flow:c8f5d59ceecd → host:172.234.197.23 → host:131.196.31.240 → port:tcp:8450
FLOW_DST_PORTOBS	e:fp:flow:6df7b8aae1cc:port:tcp:443	flow:6df7b8aae1cc → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c3b9d914716975ab:flow:4f536e99c9cc	SESSION-c3b9d914716975ab → flow:4f536e99c9cc
FLOW_DST_PORTOBS	e:fp:flow:808ab10b9fcf:port:tcp:443	flow:808ab10b9fcf → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:c72b743220d2	flow:c72b743220d2 → host:172.234.197.23 → host:177.10.237.80 → port:tcp:56330
FLOW_TO_HOSTOBS	e:to:SESSION-2f890b9cda6af294:host:172.234.197.23	SESSION-2f890b9cda6af294 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6dc77b6505beb2bc:host:172.234.197.23	SESSION-6dc77b6505beb2bc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fad6b9be10f7d404:host:172.234.197.23	SESSION-fad6b9be10f7d404 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:146c3f6b23cc	flow:146c3f6b23cc → host:177.10.236.230 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8bdafe91f45dd428:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-8bdafe91f45dd428 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7678ab8e642a5a2a:flow:c8b621e12628	SESSION-7678ab8e642a5a2a → flow:c8b621e12628
HOST_IN_ASNOBS 85%	e:ha:host:3.102.9.236:asn:16509	host:3.102.9.236 → asn:16509
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0307b3c9af33eb0:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-c0307b3c9af33eb0 → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed3-aryOBS	e:fo:flow:6ec58d812c3c	flow:6ec58d812c3c → host:172.234.197.23 → host:2.57.122.194
FLOW_DST_PORTOBS	e:fp:flow:f073070a53e3:port:tcp:3203	flow:f073070a53e3 → port:tcp:3203
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bcd779876233a786:host:172.234.197.23	SESSION-bcd779876233a786 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:76a208af53a8	flow:76a208af53a8 → host:172.234.197.23 → host:177.10.232.158 → port:tcp:28569
flow_observed5-aryOBS	e:fo:flow:1a52f3634874	flow:1a52f3634874 → host:131.196.31.84 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fb0bca31750919c1:host:131.196.28.147:host:172.234.197.23	SESSION-fb0bca31750919c1 → host:131.196.28.147 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.114:asn:262880	host:177.10.236.114 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9338ac17b36dc2c1:host:177.10.238.59:host:172.234.197.23	SESSION-9338ac17b36dc2c1 → host:177.10.238.59 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff9ef052366910da:host:172.234.197.23	SESSION-ff9ef052366910da → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f88b9847e7767e00:host:177.10.233.144:host:172.234.197.23	SESSION-f88b9847e7767e00 → host:177.10.233.144 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9d43b9fecb8f031e:host:177.10.237.250	SESSION-9d43b9fecb8f031e → host:177.10.237.250
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a5d297f882a3348:flow:29d5777d97f1	SESSION-4a5d297f882a3348 → flow:29d5777d97f1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b836173867007d89:host:177.10.232.195:host:172.234.197.23	SESSION-b836173867007d89 → host:177.10.232.195 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3526e42e615eba29:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3526e42e615eba29 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-3a899a8160ea28b7:host:172.234.197.23	SESSION-3a899a8160ea28b7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:970629490006:port:tcp:443	flow:970629490006 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6e6d70ae2d31fba9:SESSION-6e6d70ae2d31fba9	SESSION-6e6d70ae2d31fba9 → pe:tls:SESSION-6e6d70ae2d31fba9
flow_observed5-aryOBS	e:fo:flow:690c59565928	flow:690c59565928 → host:177.10.232.35 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.69:geo_-16.28860_-49.01640	host:177.10.239.69 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-40c5d05833b5d363:host:172.234.197.23:host:177.10.232.191	SESSION-40c5d05833b5d363 → host:172.234.197.23 → host:177.10.232.191
flow_observed5-aryOBS	e:fo:flow:1c51f3cc9345	flow:1c51f3cc9345 → host:131.196.31.45 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-230e735532621bd7:SESSION-230e735532621bd7	SESSION-230e735532621bd7 → pe:syn:SESSION-230e735532621bd7
FLOW_FROM_HOSTOBS	e:from:SESSION-202b4507c8c6a688:host:172.234.197.23	SESSION-202b4507c8c6a688 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-84891f6788a8f194:host:172.234.197.23	SESSION-84891f6788a8f194 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e01aa770e4fba49e:flow:42e427b29835	SESSION-e01aa770e4fba49e → flow:42e427b29835
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-512816cd1ae61d60:SESSION-512816cd1ae61d60	SESSION-512816cd1ae61d60 → pe:tls:SESSION-512816cd1ae61d60
FLOW_DST_PORTOBS	e:fp:flow:3406130d707d:port:tcp:29930	flow:3406130d707d → port:tcp:29930
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-07bcf39894ea5ee9:flow:78fc82b301d5	SESSION-07bcf39894ea5ee9 → flow:78fc82b301d5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-230e735532621bd7:host:172.234.197.23	SESSION-230e735532621bd7 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.151:asn:271410	host:131.196.29.151 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc431699568b9daa:PCAP:capture_20260430150001:ded20914761d	SESSION-cc431699568b9daa → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-810f814d66b016e7:flow:0e9003d0c01a	SESSION-810f814d66b016e7 → flow:0e9003d0c01a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-55ac8b9837cbe539:SESSION-55ac8b9837cbe539	SESSION-55ac8b9837cbe539 → pe:tls:SESSION-55ac8b9837cbe539
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-373bf424772e8fef:host:177.10.236.30	SESSION-373bf424772e8fef → host:177.10.236.30
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.68:asn:271410	host:131.196.29.68 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f9bec963f9028f2:host:177.10.235.140	SESSION-7f9bec963f9028f2 → host:177.10.235.140
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ffc4775cc215b441:flow:02bec74f62e0	SESSION-ffc4775cc215b441 → flow:02bec74f62e0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c227f10fbea5d546:host:172.234.197.23	SESSION-c227f10fbea5d546 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99cbc6df23fa1e57:host:172.234.197.23	SESSION-99cbc6df23fa1e57 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8660b7a7acd6:port:tcp:443	flow:8660b7a7acd6 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:5eb90d6efcf2:port:tcp:443	flow:5eb90d6efcf2 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a34bb428906fa48c:host:177.10.239.90	SESSION-a34bb428906fa48c → host:177.10.239.90
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-266bac80b9ef8487:SESSION-266bac80b9ef8487	SESSION-266bac80b9ef8487 → pe:syn:SESSION-266bac80b9ef8487
FLOW_DST_PORTOBS	e:fp:flow:aa18cf0ab97c:port:tcp:443	flow:aa18cf0ab97c → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-96298fdbde5cf19b:host:131.196.29.234	SESSION-96298fdbde5cf19b → host:131.196.29.234
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d0f919734488d0b:host:131.196.29.238	SESSION-5d0f919734488d0b → host:131.196.29.238
FLOW_TO_HOSTOBS	e:to:SESSION-29bd7d52bed21c18:host:172.234.197.23	SESSION-29bd7d52bed21c18 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c6d8c2f7fc43f382:host:172.234.197.23:host:177.10.237.25	SESSION-c6d8c2f7fc43f382 → host:172.234.197.23 → host:177.10.237.25
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0b0070ff484a299:flow:af8b39b89b62	SESSION-c0b0070ff484a299 → flow:af8b39b89b62
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ad9dd4ac6be1fc2:PCAP:capture_20260430150001:ded20914761d	SESSION-1ad9dd4ac6be1fc2 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-cd81cfaee9483060:host:177.10.237.227	SESSION-cd81cfaee9483060 → host:177.10.237.227
FLOW_DST_PORTOBS	e:fp:flow:d1b35c5e32e7:port:tcp:42738	flow:d1b35c5e32e7 → port:tcp:42738
FLOW_DST_PORTOBS	e:fp:flow:d0a4d4e2877a:port:tcp:27725	flow:d0a4d4e2877a → port:tcp:27725
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ead27f853a5aab01:PCAP:capture_20260430110001:43611bdf6759	SESSION-ead27f853a5aab01 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:70352ab28497	flow:70352ab28497 → host:131.196.29.114 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-de12aa9c0bf7f485:SESSION-de12aa9c0bf7f485	SESSION-de12aa9c0bf7f485 → pe:tls:SESSION-de12aa9c0bf7f485
FLOW_TO_HOSTOBS	e:to:SESSION-39e4fa54be3b3e55:host:131.196.31.111	SESSION-39e4fa54be3b3e55 → host:131.196.31.111
FLOW_FROM_HOSTOBS	e:from:SESSION-f2e1e1ea3d3f0587:host:177.10.232.104	SESSION-f2e1e1ea3d3f0587 → host:177.10.232.104
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9726c360f8e7f49c:flow:b2facc8158c8	SESSION-9726c360f8e7f49c → flow:b2facc8158c8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f2ae6b0bca9a8c33:host:131.196.31.78:host:172.234.197.23	SESSION-f2ae6b0bca9a8c33 → host:131.196.31.78 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2bebb61ba81a	flow:2bebb61ba81a → host:177.10.236.62 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60441095965530ae:host:172.234.197.23	SESSION-60441095965530ae → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8277822e9833952:flow:d75495d61e34	SESSION-c8277822e9833952 → flow:d75495d61e34
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-35fc4de775269620:SESSION-35fc4de775269620	SESSION-35fc4de775269620 → pe:tls:SESSION-35fc4de775269620
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ea7d08352653c32:flow:1ebdbf8c87e0	SESSION-2ea7d08352653c32 → flow:1ebdbf8c87e0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fc2888c0eb9bd2ad:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-fc2888c0eb9bd2ad → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f8d6efdf3cd688f1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f8d6efdf3cd688f1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9af401128ecea586:host:172.234.197.23:host:177.10.239.93	SESSION-9af401128ecea586 → host:172.234.197.23 → host:177.10.239.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-91e694161f32570f:SESSION-91e694161f32570f	SESSION-91e694161f32570f → pe:tls:SESSION-91e694161f32570f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eadf7b6ccdd54c7f:host:177.10.236.153:host:172.234.197.23	SESSION-eadf7b6ccdd54c7f → host:177.10.236.153 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b55fe86aa2a31ece:host:172.234.197.23	SESSION-b55fe86aa2a31ece → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3c3e0ded89b78d8d:host:177.10.234.203:host:172.234.197.23	SESSION-3c3e0ded89b78d8d → host:177.10.234.203 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f0cdd1d919af3f4a:host:172.234.197.23	SESSION-f0cdd1d919af3f4a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-191997595ec6754e:host:172.234.197.23	SESSION-191997595ec6754e → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.58:geo_41.02140_28.99480	host:31.40.196.58 → geo_41.02140_28.99480
FLOW_FROM_HOSTOBS	e:from:SESSION-8e3933798ce80a4c:host:172.234.197.23	SESSION-8e3933798ce80a4c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:2.57.122.194:asn:47890	host:2.57.122.194 → asn:47890
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a247b2224692840d:flow:8e49cbd73b6d	SESSION-a247b2224692840d → flow:8e49cbd73b6d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8d12ffa49d0d3231:flow:0eb6f43455bd	SESSION-8d12ffa49d0d3231 → flow:0eb6f43455bd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3168a3173448dd7d:SESSION-3168a3173448dd7d	SESSION-3168a3173448dd7d → pe:syn:SESSION-3168a3173448dd7d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-122a5b909d033cbb:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-122a5b909d033cbb → PCAP:capture_20260427230001:ca8bd1ce36e2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78d87c88323785f9:host:172.234.197.23	SESSION-78d87c88323785f9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4013c9000873101b:host:131.196.28.231:host:172.234.197.23	SESSION-4013c9000873101b → host:131.196.28.231 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-176c7cfb0e699b4d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-176c7cfb0e699b4d → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2842c4c08e29d7d7:SESSION-2842c4c08e29d7d7	SESSION-2842c4c08e29d7d7 → pe:syn:SESSION-2842c4c08e29d7d7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8f3823f20b5aa8c6:host:172.234.197.23:host:45.173.156.26	SESSION-8f3823f20b5aa8c6 → host:172.234.197.23 → host:45.173.156.26
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3e54eb0866acbe21:host:172.234.197.23:host:177.10.237.29	SESSION-3e54eb0866acbe21 → host:172.234.197.23 → host:177.10.237.29
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ca59997a1fd2235:flow:bd771d790628	SESSION-2ca59997a1fd2235 → flow:bd771d790628
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ee9ba8cae5cc2ab:host:177.10.239.84	SESSION-2ee9ba8cae5cc2ab → host:177.10.239.84
FLOW_TO_HOSTOBS	e:to:SESSION-0200d7ef8e83c7c3:host:172.234.197.23	SESSION-0200d7ef8e83c7c3 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.146:asn:262880	host:177.10.234.146 → asn:262880
flow_observed5-aryOBS	e:fo:flow:9889c1ff750a	flow:9889c1ff750a → host:177.10.238.181 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1075bb458d3b18a:flow:32c06546a1b7	SESSION-d1075bb458d3b18a → flow:32c06546a1b7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-81a82597e7e06ed6:SESSION-81a82597e7e06ed6	SESSION-81a82597e7e06ed6 → pe:tls:SESSION-81a82597e7e06ed6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5d45bed796decc2:flow:524c0b13b3f7	SESSION-b5d45bed796decc2 → flow:524c0b13b3f7
flow_observed4-aryOBS	e:fo:flow:0b503a41e3d2	flow:0b503a41e3d2 → host:172.234.197.23 → host:131.196.30.114 → port:tcp:48499
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-14ec4f61373e7262:PCAP:capture_20260430110001:43611bdf6759	SESSION-14ec4f61373e7262 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fda1fcad7dd8a834:host:177.10.238.92	SESSION-fda1fcad7dd8a834 → host:177.10.238.92
flow_observed5-aryOBS	e:fo:flow:d80c3cc4d9c6	flow:d80c3cc4d9c6 → host:45.173.156.149 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.58:geo_-23.62930_-46.63510	host:131.196.31.58 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-bc9c57ce6bc30045:host:177.10.237.164	SESSION-bc9c57ce6bc30045 → host:177.10.237.164
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2a81d3c71843f89e:SESSION-2a81d3c71843f89e	SESSION-2a81d3c71843f89e → pe:syn:SESSION-2a81d3c71843f89e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f0f5313432825fa0:SESSION-f0f5313432825fa0	SESSION-f0f5313432825fa0 → pe:syn:SESSION-f0f5313432825fa0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b60a9d1a25ff8255:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b60a9d1a25ff8255 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-2ab0305ac0c92587:host:172.234.197.23	SESSION-2ab0305ac0c92587 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.8:geo_-23.62930_-46.63510	host:131.196.30.8 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:16.60.106.214:asn:16509	host:16.60.106.214 → asn:16509
FLOW_FROM_HOSTOBS	e:from:SESSION-ff2bd1b9d0923cc1:host:131.196.28.195	SESSION-ff2bd1b9d0923cc1 → host:131.196.28.195
flow_observed5-aryOBS	e:fo:flow:219da1e00ae9	flow:219da1e00ae9 → host:177.10.233.13 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-323caf5dcc039926:SESSION-323caf5dcc039926	SESSION-323caf5dcc039926 → pe:syn:SESSION-323caf5dcc039926
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5d5d721b5ee8bbbc:SESSION-5d5d721b5ee8bbbc	SESSION-5d5d721b5ee8bbbc → pe:tls:SESSION-5d5d721b5ee8bbbc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef354b4063646368:host:172.234.197.23	SESSION-ef354b4063646368 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:08a65ced42d7	flow:08a65ced42d7 → host:177.10.235.174 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1e028dd5dd71b411:SESSION-1e028dd5dd71b411	SESSION-1e028dd5dd71b411 → pe:syn:SESSION-1e028dd5dd71b411
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.122:geo_-16.28860_-49.01640	host:177.10.238.122 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2eaffc60d664a8c9:host:177.10.235.90	SESSION-2eaffc60d664a8c9 → host:177.10.235.90
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-111e536a3f33c549:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-111e536a3f33c549 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e2a4babdc2dc965:host:185.231.226.226	SESSION-9e2a4babdc2dc965 → host:185.231.226.226
FLOW_FROM_HOSTOBS	e:from:SESSION-527acdf0d3ebbbcc:host:131.196.30.56	SESSION-527acdf0d3ebbbcc → host:131.196.30.56
FLOW_TO_HOSTOBS	e:to:SESSION-57be4ad64c21b6c4:host:172.234.197.23	SESSION-57be4ad64c21b6c4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77690ed69567f90d:SESSION-77690ed69567f90d	SESSION-77690ed69567f90d → pe:syn:SESSION-77690ed69567f90d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-736a99dd90ae6491:SESSION-736a99dd90ae6491	SESSION-736a99dd90ae6491 → pe:syn:SESSION-736a99dd90ae6491
flow_observed5-aryOBS	e:fo:flow:76ebf03a3738	flow:76ebf03a3738 → host:131.196.30.107 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.58:asn:262880	host:177.10.237.58 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-d1ec6b7d17caa72c:host:172.234.197.23	SESSION-d1ec6b7d17caa72c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f8ffffed45ee6ab8:SESSION-f8ffffed45ee6ab8	SESSION-f8ffffed45ee6ab8 → pe:syn:SESSION-f8ffffed45ee6ab8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c83c0a366733c9bb:flow:3d135e2bdea1	SESSION-c83c0a366733c9bb → flow:3d135e2bdea1
FLOW_TO_HOSTOBS	e:to:SESSION-68a3766ff3680ecf:host:131.196.31.227	SESSION-68a3766ff3680ecf → host:131.196.31.227
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-28a7ecee4eeacba6:SESSION-28a7ecee4eeacba6	SESSION-28a7ecee4eeacba6 → pe:syn:SESSION-28a7ecee4eeacba6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-403d8f142c86493c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-403d8f142c86493c → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ffa84d5a72af3dab:SESSION-ffa84d5a72af3dab	SESSION-ffa84d5a72af3dab → pe:tls:SESSION-ffa84d5a72af3dab
FLOW_TO_HOSTOBS	e:to:SESSION-b51b74891d2de4c5:host:177.10.234.239	SESSION-b51b74891d2de4c5 → host:177.10.234.239
FLOW_FROM_HOSTOBS	e:from:SESSION-200e4a8806f83581:host:45.145.152.178	SESSION-200e4a8806f83581 → host:45.145.152.178
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6dacc3093e29f894:host:177.10.234.250:host:172.234.197.23	SESSION-6dacc3093e29f894 → host:177.10.234.250 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6459c4621d226611:SESSION-6459c4621d226611	SESSION-6459c4621d226611 → pe:syn:SESSION-6459c4621d226611
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.124:asn:273470	host:45.173.156.124 → asn:273470
FLOW_DST_PORTOBS	e:fp:flow:7155f28d1746:port:tcp:15109	flow:7155f28d1746 → port:tcp:15109
FLOW_DST_PORTOBS	e:fp:flow:96042be72def:port:tcp:443	flow:96042be72def → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a5f9d16efb179df1:SESSION-a5f9d16efb179df1	SESSION-a5f9d16efb179df1 → pe:syn:SESSION-a5f9d16efb179df1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0ea34ef73cf330d2:host:177.10.235.58:host:172.234.197.23	SESSION-0ea34ef73cf330d2 → host:177.10.235.58 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a3e524c73cd89280:host:172.234.197.23	SESSION-a3e524c73cd89280 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.69:geo_-16.28860_-49.01640	host:177.10.238.69 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-27b5dd82e2b65bbd:host:177.10.239.167	SESSION-27b5dd82e2b65bbd → host:177.10.239.167
FLOW_FROM_HOSTOBS	e:from:SESSION-27d66e2c1260cc5f:host:172.234.197.23	SESSION-27d66e2c1260cc5f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4ef734d9bbeb2d12:SESSION-4ef734d9bbeb2d12	SESSION-4ef734d9bbeb2d12 → pe:tls:SESSION-4ef734d9bbeb2d12
FLOW_FROM_HOSTOBS	e:from:SESSION-5f70c7a73cedaabc:host:177.10.232.103	SESSION-5f70c7a73cedaabc → host:177.10.232.103
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:35.95.113.227:geo_45.84010_-119.70500	host:35.95.113.227 → geo_45.84010_-119.70500
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.64:geo_-16.28860_-49.01640	host:177.10.237.64 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fe8896cc58e0f0aa:SESSION-fe8896cc58e0f0aa	SESSION-fe8896cc58e0f0aa → pe:tls:SESSION-fe8896cc58e0f0aa
FLOW_TO_HOSTOBS	e:to:SESSION-3f7e801a59e8e93f:host:177.10.235.81	SESSION-3f7e801a59e8e93f → host:177.10.235.81
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-baf4494100018e3a:BSG-BEACON-25317c1c1545	SESSION-baf4494100018e3a → BSG-BEACON-25317c1c1545
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c5ed9f49ee99549f:flow:da047bc8435b	SESSION-c5ed9f49ee99549f → flow:da047bc8435b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c64ea68345b811b:host:172.234.197.23	SESSION-9c64ea68345b811b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.183:asn:262880	host:177.10.237.183 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:6dc46f3b4845:port:tcp:443	flow:6dc46f3b4845 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f4bcb88049ff8a93:host:37.221.79.111:host:172.234.197.23	SESSION-f4bcb88049ff8a93 → host:37.221.79.111 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-048f9271a2e27be7:flow:5e1b26079177	SESSION-048f9271a2e27be7 → flow:5e1b26079177
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-205f7c84653f0fb6:SESSION-205f7c84653f0fb6	SESSION-205f7c84653f0fb6 → pe:syn:SESSION-205f7c84653f0fb6
flow_observed5-aryOBS	e:fo:flow:de87957d122a	flow:de87957d122a → host:177.10.235.101 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:cba47359eaab:port:tcp:20405	flow:cba47359eaab → port:tcp:20405
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-93c7fae83342c58e:host:131.196.31.79:host:172.234.197.23	SESSION-93c7fae83342c58e → host:131.196.31.79 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-32626bc077790390:host:131.196.30.74	SESSION-32626bc077790390 → host:131.196.30.74
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.12:asn:271410	host:131.196.28.12 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:68526d736736:port:tcp:1604	flow:68526d736736 → port:tcp:1604
FLOW_FROM_HOSTOBS	e:from:SESSION-d06d4272bf4950c7:host:177.10.234.243	SESSION-d06d4272bf4950c7 → host:177.10.234.243
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28d97429831b8272:host:172.234.197.23	SESSION-28d97429831b8272 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-38298ff8ded7155d:host:131.196.29.170	SESSION-38298ff8ded7155d → host:131.196.29.170
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-39452ac6bcbae8d3:SESSION-39452ac6bcbae8d3	SESSION-39452ac6bcbae8d3 → pe:tls:SESSION-39452ac6bcbae8d3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a9343604177341c5:host:177.10.234.251:host:172.234.197.23	SESSION-a9343604177341c5 → host:177.10.234.251 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:13bb72a1cd69:port:tcp:443	flow:13bb72a1cd69 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d603c58c5171ed7:host:131.196.30.37	SESSION-9d603c58c5171ed7 → host:131.196.30.37
FLOW_DST_PORTOBS	e:fp:flow:b4b58943af29:port:tcp:443	flow:b4b58943af29 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.164:asn:262880	host:177.10.234.164 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:a61ffb582cb9:port:tcp:443	flow:a61ffb582cb9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7bea4de6efa859da:host:177.10.238.194	SESSION-7bea4de6efa859da → host:177.10.238.194
FLOW_TO_HOSTOBS	e:to:SESSION-714dd24b305adb19:host:172.234.197.23	SESSION-714dd24b305adb19 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4367b2e8a53d74f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c4367b2e8a53d74f → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:0610a22af30a:port:tcp:443	flow:0610a22af30a → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:3cd15a54c43e:port:tcp:443	flow:3cd15a54c43e → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5bba4e0174a1f95d:host:92.112.71.29:host:172.234.197.23	SESSION-5bba4e0174a1f95d → host:92.112.71.29 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7140a8719778d6c0:host:172.234.197.23	SESSION-7140a8719778d6c0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e49b447cbf9c1ef7:host:172.234.197.23	SESSION-e49b447cbf9c1ef7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-660bfab63a10a518:flow:df87bb415296	SESSION-660bfab63a10a518 → flow:df87bb415296
flow_observed5-aryOBS	e:fo:flow:72d2c02dbed4	flow:72d2c02dbed4 → host:177.10.234.109 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-393eb1cd54ab212e:host:177.10.232.168:host:172.234.197.23	SESSION-393eb1cd54ab212e → host:177.10.232.168 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:75100b39b0ce:port:tcp:443	flow:75100b39b0ce → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-42ed5696c9e60897:flow:f4d24769a7f6	SESSION-42ed5696c9e60897 → flow:f4d24769a7f6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d45c3fc16863e5ef:SESSION-d45c3fc16863e5ef	SESSION-d45c3fc16863e5ef → pe:tls:SESSION-d45c3fc16863e5ef
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.227:geo_-16.28860_-49.01640	host:177.10.237.227 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-d2d2e0adb85f8f3e:host:131.196.28.21	SESSION-d2d2e0adb85f8f3e → host:131.196.28.21
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a03207ab88db82b5:SESSION-a03207ab88db82b5	SESSION-a03207ab88db82b5 → pe:syn:SESSION-a03207ab88db82b5
FLOW_FROM_HOSTOBS	e:from:SESSION-61aa57a35ec0da02:host:172.234.197.23	SESSION-61aa57a35ec0da02 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa26c3a0a6de1666:SESSION-aa26c3a0a6de1666	SESSION-aa26c3a0a6de1666 → pe:tls:SESSION-aa26c3a0a6de1666
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aec01d0deaddfc4b:flow:70352ab28497	SESSION-aec01d0deaddfc4b → flow:70352ab28497
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-413ea94c965ce051:SESSION-413ea94c965ce051	SESSION-413ea94c965ce051 → pe:syn:SESSION-413ea94c965ce051
FLOW_DST_PORTOBS	e:fp:flow:6d6065168bb6:port:tcp:443	flow:6d6065168bb6 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.162:geo_-21.10010_-41.69200	host:45.173.156.162 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2f1e05754e84c30:host:172.234.197.23	SESSION-e2f1e05754e84c30 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:17f351eb2800:dns:172-234-197-23.ip.linodeusercontent.com	flow:17f351eb2800 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cea44595be79fe10:flow:57e2b37c68b2	SESSION-cea44595be79fe10 → flow:57e2b37c68b2
FLOW_FROM_HOSTOBS	e:from:SESSION-c93e86640e8945ad:host:177.10.234.62	SESSION-c93e86640e8945ad → host:177.10.234.62
FLOW_TO_HOSTOBS	e:to:SESSION-16f8bda1e1d11332:host:172.234.197.23	SESSION-16f8bda1e1d11332 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e13bed2218b0a9f:host:172.234.197.23	SESSION-9e13bed2218b0a9f → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:87c0f5d21d31	flow:87c0f5d21d31 → host:172.234.197.23 → host:45.173.156.62 → port:tcp:48960
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.246:geo_-16.28860_-49.01640	host:177.10.233.246 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fe1d6d23886f083a:SESSION-fe1d6d23886f083a	SESSION-fe1d6d23886f083a → pe:tls:SESSION-fe1d6d23886f083a
flow_observed3-aryOBS	e:fo:flow:b7df95edcb5d	flow:b7df95edcb5d → host:18.183.88.164 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:be87ba4036a8	flow:be87ba4036a8 → host:172.234.197.23 → host:177.10.236.73 → port:tcp:12842
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77d6ed106817bb5a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-77d6ed106817bb5a → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2240076057fcee51:host:45.173.156.189	SESSION-2240076057fcee51 → host:45.173.156.189
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce29096c932e7f50:host:172.234.197.23	SESSION-ce29096c932e7f50 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-00d1a9c01c6924fe:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-00d1a9c01c6924fe → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-bcd779876233a786:SESSION-bcd779876233a786	SESSION-bcd779876233a786 → pe:rst:SESSION-bcd779876233a786
flow_observed5-aryOBS	e:fo:flow:7a9e45f4aff9	flow:7a9e45f4aff9 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2d8f5cec7e169b47:host:172.234.197.23:host:131.196.31.65	SESSION-2d8f5cec7e169b47 → host:172.234.197.23 → host:131.196.31.65
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c587e64f570c8df7:host:172.234.197.23:host:131.196.30.214	SESSION-c587e64f570c8df7 → host:172.234.197.23 → host:131.196.30.214
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bd8363b8ee3ddfde:SESSION-bd8363b8ee3ddfde	SESSION-bd8363b8ee3ddfde → pe:syn:SESSION-bd8363b8ee3ddfde
flow_observed4-aryOBS	e:fo:flow:8a637d99c9a5	flow:8a637d99c9a5 → host:172.234.197.23 → host:177.10.235.97 → port:tcp:20863
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-010644d8880e6139:host:177.10.234.85	SESSION-010644d8880e6139 → host:177.10.234.85
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fe22df31c35f787d:SESSION-fe22df31c35f787d	SESSION-fe22df31c35f787d → pe:tls:SESSION-fe22df31c35f787d
FLOW_TO_HOSTOBS	e:to:SESSION-ee4167cf60ac81c3:host:131.196.29.107	SESSION-ee4167cf60ac81c3 → host:131.196.29.107
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7926734d1890078a:SESSION-7926734d1890078a	SESSION-7926734d1890078a → pe:tls:SESSION-7926734d1890078a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4503d5677d79139:flow:395e05a95131	SESSION-c4503d5677d79139 → flow:395e05a95131
FLOW_TO_HOSTOBS	e:to:SESSION-4faf0bdb2ec15f7a:host:172.234.197.23	SESSION-4faf0bdb2ec15f7a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f45c3ab8ea783ada:host:131.196.31.177	SESSION-f45c3ab8ea783ada → host:131.196.31.177
FLOW_FROM_HOSTOBS	e:from:SESSION-921ff5b52f826cc0:host:177.10.237.95	SESSION-921ff5b52f826cc0 → host:177.10.237.95
HOST_IN_ASNOBS 85%	e:ha:host:95.135.228.151:asn:203771	host:95.135.228.151 → asn:203771
FLOW_TO_HOSTOBS	e:to:SESSION-b8fb4f1df9684ff2:host:172.234.197.23	SESSION-b8fb4f1df9684ff2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5a277796632a248:host:172.234.197.23:host:177.10.234.193	SESSION-b5a277796632a248 → host:172.234.197.23 → host:177.10.234.193
FLOW_FROM_HOSTOBS	e:from:SESSION-9d603c58c5171ed7:host:131.196.30.37	SESSION-9d603c58c5171ed7 → host:131.196.30.37
FLOW_FROM_HOSTOBS	e:from:SESSION-27f108382ab89b5c:host:172.234.197.23	SESSION-27f108382ab89b5c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:124937f3939e:port:tcp:80	flow:124937f3939e → port:tcp:80
FLOW_DST_PORTOBS	e:fp:flow:fd1e7c8fc228:port:tcp:443	flow:fd1e7c8fc228 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eac07967aaca78dc:host:172.234.197.23	SESSION-eac07967aaca78dc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e632e9ec3b8d735c:SESSION-e632e9ec3b8d735c	SESSION-e632e9ec3b8d735c → pe:syn:SESSION-e632e9ec3b8d735c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.187:geo_-16.28860_-49.01640	host:177.10.235.187 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f1cb2d411cdd6d7:host:177.10.237.251	SESSION-4f1cb2d411cdd6d7 → host:177.10.237.251
FLOW_TO_HOSTOBS	e:to:SESSION-74ad535621338757:host:172.234.197.23	SESSION-74ad535621338757 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-319dd83e6310ac59:host:45.173.156.37	SESSION-319dd83e6310ac59 → host:45.173.156.37
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76d607ccf9e84136:host:172.234.197.23	SESSION-76d607ccf9e84136 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e5a933b86812e122:PCAP:capture_20260430110001:43611bdf6759	SESSION-e5a933b86812e122 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:c8519290c6a5:port:tcp:443	flow:c8519290c6a5 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-3767fab91283496e:host:172.234.197.23	SESSION-3767fab91283496e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2db2b0c2312c18a1:SESSION-2db2b0c2312c18a1	SESSION-2db2b0c2312c18a1 → pe:tls:SESSION-2db2b0c2312c18a1
FLOW_DST_PORTOBS	e:fp:flow:6f31c7eb2d73:port:tcp:443	flow:6f31c7eb2d73 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5634ee3b30a0b6aa:host:172.234.197.23:host:177.10.239.154	SESSION-5634ee3b30a0b6aa → host:172.234.197.23 → host:177.10.239.154
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8806932607856a75:flow:a057fa3e25d4	SESSION-8806932607856a75 → flow:a057fa3e25d4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-11a1cfec66708475:SESSION-11a1cfec66708475	SESSION-11a1cfec66708475 → pe:syn:SESSION-11a1cfec66708475
FLOW_TO_HOSTOBS	e:to:SESSION-b4751d88925ba5f3:host:131.196.29.170	SESSION-b4751d88925ba5f3 → host:131.196.29.170
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-993efaa98cc6a9ac:SESSION-993efaa98cc6a9ac	SESSION-993efaa98cc6a9ac → pe:tls:SESSION-993efaa98cc6a9ac
flow_observed5-aryOBS	e:fo:flow:ddc78ca2e1d7	flow:ddc78ca2e1d7 → host:177.10.232.207 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-52e1254f2f15b333:SESSION-52e1254f2f15b333	SESSION-52e1254f2f15b333 → pe:syn:SESSION-52e1254f2f15b333
FLOW_DST_PORTOBS	e:fp:flow:3e18bd3fd270:port:tcp:443	flow:3e18bd3fd270 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e8070c9158a1a853:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-e8070c9158a1a853 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-ffc4775cc215b441:host:131.196.29.26	SESSION-ffc4775cc215b441 → host:131.196.29.26
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b8dc993a043c8fb1:SESSION-b8dc993a043c8fb1	SESSION-b8dc993a043c8fb1 → pe:syn:SESSION-b8dc993a043c8fb1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51c7000fcfeb98d4:flow:430c72f6e0da	SESSION-51c7000fcfeb98d4 → flow:430c72f6e0da
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2963f6e37ebf1d0d:host:172.234.197.23:host:177.10.234.203	SESSION-2963f6e37ebf1d0d → host:172.234.197.23 → host:177.10.234.203
FLOW_FROM_HOSTOBS	e:from:SESSION-d6d83b2373dd8cdc:host:177.10.236.237	SESSION-d6d83b2373dd8cdc → host:177.10.236.237
FLOW_DST_PORTOBS	e:fp:flow:509b2796b80a:port:tcp:443	flow:509b2796b80a → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-29bf5bdb9e3850fd:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-29bf5bdb9e3850fd → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a936b4b3a73fb0c:host:177.10.233.35	SESSION-6a936b4b3a73fb0c → host:177.10.233.35
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-319dd83e6310ac59:host:172.234.197.23	SESSION-319dd83e6310ac59 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6ce2843bcef8:port:tcp:18401	flow:6ce2843bcef8 → port:tcp:18401
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f59e3038c71b15e1:SESSION-f59e3038c71b15e1	SESSION-f59e3038c71b15e1 → pe:syn:SESSION-f59e3038c71b15e1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-828db1ebc34fa50a:host:172.234.197.23	SESSION-828db1ebc34fa50a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1705f35e2db46a43:host:172.234.197.23:host:177.10.234.194	SESSION-1705f35e2db46a43 → host:172.234.197.23 → host:177.10.234.194
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-409f2c106c7c54cc:SESSION-409f2c106c7c54cc	SESSION-409f2c106c7c54cc → pe:tls:SESSION-409f2c106c7c54cc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-686bda995aabc86f:host:177.10.234.208	SESSION-686bda995aabc86f → host:177.10.234.208
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fa2f81c8f6798425:SESSION-fa2f81c8f6798425	SESSION-fa2f81c8f6798425 → pe:syn:SESSION-fa2f81c8f6798425
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ac3abc26fe7d2af5:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ac3abc26fe7d2af5 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-749084d26a1fdfcc:host:172.234.197.23:host:45.173.156.55	SESSION-749084d26a1fdfcc → host:172.234.197.23 → host:45.173.156.55
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5d6e49e2849c20f:host:131.196.29.198	SESSION-c5d6e49e2849c20f → host:131.196.29.198
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-46b3e65e40562e00:host:131.196.28.42:host:172.234.197.23	SESSION-46b3e65e40562e00 → host:131.196.28.42 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d467c8665ef34f6a:flow:c0ca51e32a85	SESSION-d467c8665ef34f6a → flow:c0ca51e32a85
FLOW_FROM_HOSTOBS	e:from:SESSION-92c4be10fc1322be:host:177.10.236.51	SESSION-92c4be10fc1322be → host:177.10.236.51
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-329dd162e3e18437:host:172.234.197.23	SESSION-329dd162e3e18437 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3c282c87f3b4a743:host:172.234.197.23	SESSION-3c282c87f3b4a743 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c0307b3c9af33eb0:host:45.145.152.227	SESSION-c0307b3c9af33eb0 → host:45.145.152.227
FLOW_DST_PORTOBS	e:fp:flow:72a4de96eca6:port:tcp:14717	flow:72a4de96eca6 → port:tcp:14717
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ba40ec67b0f6097:host:172.234.197.23	SESSION-0ba40ec67b0f6097 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:edbbfbf82827	flow:edbbfbf82827 → host:131.196.30.62 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ea9e167400c380e9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ea9e167400c380e9 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eaf7cd3e5a2b7709:SESSION-eaf7cd3e5a2b7709	SESSION-eaf7cd3e5a2b7709 → pe:tls:SESSION-eaf7cd3e5a2b7709
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-edeb3dca8d1da30b:host:45.173.156.159:host:172.234.197.23	SESSION-edeb3dca8d1da30b → host:45.173.156.159 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-256da911109eccd4:SESSION-256da911109eccd4	SESSION-256da911109eccd4 → pe:syn:SESSION-256da911109eccd4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0d1e9854752b2176:host:131.196.31.145:host:172.234.197.23	SESSION-0d1e9854752b2176 → host:131.196.31.145 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e8ebb92b3cccc0ee:SESSION-e8ebb92b3cccc0ee	SESSION-e8ebb92b3cccc0ee → pe:syn:SESSION-e8ebb92b3cccc0ee
flow_observed4-aryOBS	e:fo:flow:f8a5a4fdedd5	flow:f8a5a4fdedd5 → host:172.234.197.23 → host:177.10.238.137 → port:tcp:10943
FLOW_FROM_HOSTOBS	e:from:SESSION-38a9f2b2580a8fb5:host:172.234.197.23	SESSION-38a9f2b2580a8fb5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3ecb424a0a4d5b0f:host:172.234.197.23	SESSION-3ecb424a0a4d5b0f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b64c855cb393ccc0:host:131.196.30.186	SESSION-b64c855cb393ccc0 → host:131.196.30.186
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-59aca44477f61d35:flow:447374de8225	SESSION-59aca44477f61d35 → flow:447374de8225
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-edaec15d65a63fe7:host:172.234.197.23	SESSION-edaec15d65a63fe7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bcbb02b2c9a5:port:tcp:443	flow:bcbb02b2c9a5 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-1410d14cf4ff2548:host:172.234.197.23	SESSION-1410d14cf4ff2548 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77c18cfa23ea97ee:SESSION-77c18cfa23ea97ee	SESSION-77c18cfa23ea97ee → pe:tls:SESSION-77c18cfa23ea97ee
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68317c08ea2eebc2:host:172.234.197.23	SESSION-68317c08ea2eebc2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-27536868d2d29d68:host:131.196.31.21:host:172.234.197.23	SESSION-27536868d2d29d68 → host:131.196.31.21 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7558286b16680d35:host:172.234.197.23	SESSION-7558286b16680d35 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-10ba6936b0af1959:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-10ba6936b0af1959 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:b5fc41b8314e:port:tcp:50113	flow:b5fc41b8314e → port:tcp:50113
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dae3e228e98c74e4:host:131.196.30.185:host:172.234.197.23	SESSION-dae3e228e98c74e4 → host:131.196.30.185 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4b8f135d82b00569:host:177.10.238.239	SESSION-4b8f135d82b00569 → host:177.10.238.239
FLOW_FROM_HOSTOBS	e:from:SESSION-521d3d94be94008e:host:131.196.31.10	SESSION-521d3d94be94008e → host:131.196.31.10
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1fa8a238d1165695:SESSION-1fa8a238d1165695	SESSION-1fa8a238d1165695 → pe:syn:SESSION-1fa8a238d1165695
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97c8a314f3fd1c5a:host:172.234.197.23	SESSION-97c8a314f3fd1c5a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3b520e491b5957c0:host:131.196.28.72	SESSION-3b520e491b5957c0 → host:131.196.28.72
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f9e2f07f7ea20074:host:172.234.197.23:host:131.196.28.204	SESSION-f9e2f07f7ea20074 → host:172.234.197.23 → host:131.196.28.204
FLOW_TO_HOSTOBS	e:to:SESSION-8b61fb09d40ad349:host:177.10.234.71	SESSION-8b61fb09d40ad349 → host:177.10.234.71
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1a26d5a4b5eab898:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-1a26d5a4b5eab898 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-efb63adb0418d7f8:SESSION-efb63adb0418d7f8	SESSION-efb63adb0418d7f8 → pe:syn:SESSION-efb63adb0418d7f8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85683c3aa8c095db:host:66.228.53.46:host:172.234.197.23	SESSION-85683c3aa8c095db → host:66.228.53.46 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-353fd641d57f7d93:host:172.234.197.23	SESSION-353fd641d57f7d93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93e5d317492a213b:host:172.234.197.23	SESSION-93e5d317492a213b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.200:geo_-21.10010_-41.69200	host:45.173.156.200 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cbaaa2b8364f7158:flow:a0fbbefeb08f	SESSION-cbaaa2b8364f7158 → flow:a0fbbefeb08f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b9695896cdce250:host:45.145.152.51	SESSION-9b9695896cdce250 → host:45.145.152.51
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0835843463ad3c8:host:172.234.197.23	SESSION-d0835843463ad3c8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aae7a2cdf7b4e8cc:flow:b68288d4d571	SESSION-aae7a2cdf7b4e8cc → flow:b68288d4d571
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bd8e744bc487bcb1:PCAP:capture_20260430060001:919b39a74464	SESSION-bd8e744bc487bcb1 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3685b3a1e6c25f1a:flow:1d9d2a5c7efa	SESSION-3685b3a1e6c25f1a → flow:1d9d2a5c7efa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d82c2d4eaa13efdb:host:131.196.31.80	SESSION-d82c2d4eaa13efdb → host:131.196.31.80
FLOW_FROM_HOSTOBS	e:from:SESSION-1a09dd97dc23cca0:host:172.234.197.23	SESSION-1a09dd97dc23cca0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-698d45df22ea2a48:SESSION-698d45df22ea2a48	SESSION-698d45df22ea2a48 → pe:tls:SESSION-698d45df22ea2a48
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d33ef29909b4f2d5:flow:48fd2710b8bf	SESSION-d33ef29909b4f2d5 → flow:48fd2710b8bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5a9915da62b53f74:SESSION-5a9915da62b53f74	SESSION-5a9915da62b53f74 → pe:syn:SESSION-5a9915da62b53f74
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9d603c58c5171ed7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9d603c58c5171ed7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-d7baf95bca9d9bdc:host:172.234.197.23	SESSION-d7baf95bca9d9bdc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f43808d089ea9fde:SESSION-f43808d089ea9fde	SESSION-f43808d089ea9fde → pe:tls:SESSION-f43808d089ea9fde
FLOW_FROM_HOSTOBS	e:from:SESSION-5ce88726966df20e:host:177.10.235.97	SESSION-5ce88726966df20e → host:177.10.235.97
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ed2dc2be6795ae2:host:172.234.197.23	SESSION-5ed2dc2be6795ae2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-388e36b23caa508f:host:131.196.28.145:host:172.234.197.23	SESSION-388e36b23caa508f → host:131.196.28.145 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-94bbfef7eb27207b:host:177.10.237.4:host:172.234.197.23	SESSION-94bbfef7eb27207b → host:177.10.237.4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a9e0f3ba046c015f:SESSION-a9e0f3ba046c015f	SESSION-a9e0f3ba046c015f → pe:tls:SESSION-a9e0f3ba046c015f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a47ed447671c9b0b:host:131.196.31.68:host:172.234.197.23	SESSION-a47ed447671c9b0b → host:131.196.31.68 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4c0ceaca72bbee92:SESSION-4c0ceaca72bbee92	SESSION-4c0ceaca72bbee92 → pe:syn:SESSION-4c0ceaca72bbee92
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d467c8665ef34f6a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-d467c8665ef34f6a → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b51c77a005c8dfc8:SESSION-b51c77a005c8dfc8	SESSION-b51c77a005c8dfc8 → pe:syn:SESSION-b51c77a005c8dfc8
FLOW_DST_PORTOBS	e:fp:flow:b1fa68ab4545:port:tcp:443	flow:b1fa68ab4545 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d69d721ba9bae694:host:177.10.237.172	SESSION-d69d721ba9bae694 → host:177.10.237.172
FLOW_TO_HOSTOBS	e:to:SESSION-9c4ebc5699ec1c63:host:177.10.238.116	SESSION-9c4ebc5699ec1c63 → host:177.10.238.116
FLOW_DST_PORTOBS	e:fp:flow:22ba5f8db438:port:tcp:443	flow:22ba5f8db438 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2fd944013b60077a:host:131.196.29.22	SESSION-2fd944013b60077a → host:131.196.29.22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0ffcc2d542e7be59:SESSION-0ffcc2d542e7be59	SESSION-0ffcc2d542e7be59 → pe:syn:SESSION-0ffcc2d542e7be59
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-64a8af826dc81e59:PCAP:capture_20260430070001:903a0e7a436b	SESSION-64a8af826dc81e59 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8cf2e3dd1491b22c:flow:05eb72932c3d	SESSION-8cf2e3dd1491b22c → flow:05eb72932c3d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.249:geo_19.07480_72.88560	host:45.145.152.249 → geo_19.07480_72.88560
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-020ce81cb9d50ce5:SESSION-020ce81cb9d50ce5	SESSION-020ce81cb9d50ce5 → pe:syn:SESSION-020ce81cb9d50ce5
FLOW_TO_HOSTOBS	e:to:SESSION-ce17c1c4b6f006e0:host:172.234.197.23	SESSION-ce17c1c4b6f006e0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-97a932b8098f01e0:SESSION-97a932b8098f01e0	SESSION-97a932b8098f01e0 → pe:tls:SESSION-97a932b8098f01e0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.135.228.14:geo_41.00190_28.96450	host:95.135.228.14 → geo_41.00190_28.96450
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b4b9c738c314ebf:host:172.234.197.23	SESSION-6b4b9c738c314ebf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-33b7a287fd9eafc1:SESSION-33b7a287fd9eafc1	SESSION-33b7a287fd9eafc1 → pe:tls:SESSION-33b7a287fd9eafc1
flow_observed5-aryOBS	e:fo:flow:b26b1d0f64e1	flow:b26b1d0f64e1 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
FLOW_FROM_HOSTOBS	e:from:SESSION-c84f2bc6bdec600e:host:172.234.197.23	SESSION-c84f2bc6bdec600e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cb4d3e328cdf4bcd:host:172.234.197.23	SESSION-cb4d3e328cdf4bcd → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1684e8254d6d3165:host:177.10.233.54:host:172.234.197.23	SESSION-1684e8254d6d3165 → host:177.10.233.54 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-206c176870c7b9f2:host:172.234.197.23	SESSION-206c176870c7b9f2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9bc6cdf932a6	flow:9bc6cdf932a6 → host:92.118.39.236 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf00afe8057eb986:host:172.234.197.23	SESSION-bf00afe8057eb986 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd5c7cb019cd55a3:host:177.10.238.46	SESSION-dd5c7cb019cd55a3 → host:177.10.238.46
FLOW_TO_HOSTOBS	e:to:SESSION-64a8475d206a0785:host:177.10.236.115	SESSION-64a8475d206a0785 → host:177.10.236.115
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5b80b4b47f274ca:host:172.234.197.23	SESSION-d5b80b4b47f274ca → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90804beaa6aefbc0:host:177.10.232.10	SESSION-90804beaa6aefbc0 → host:177.10.232.10
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4af9ea8e19c0cf86:flow:5a1d419b7031	SESSION-4af9ea8e19c0cf86 → flow:5a1d419b7031
flow_observed5-aryOBS	e:fo:flow:559550acef46	flow:559550acef46 → host:177.10.238.133 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-2d93e5dd98af62cc:host:172.234.197.23	SESSION-2d93e5dd98af62cc → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3d8c4a263311	flow:3d8c4a263311 → host:131.196.28.156 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.21:geo_-16.28860_-49.01640	host:177.10.236.21 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-4a0e660e7f8fdd6f:host:177.10.236.53	SESSION-4a0e660e7f8fdd6f → host:177.10.236.53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bded37485db78f4a:host:177.10.237.24:host:172.234.197.23	SESSION-bded37485db78f4a → host:177.10.237.24 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:da56df9a8e5c	flow:da56df9a8e5c → host:60.214.180.150 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2d6545f001e19457:host:172.234.197.23:host:131.196.29.157	SESSION-2d6545f001e19457 → host:172.234.197.23 → host:131.196.29.157
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2117b91b7562ba94:flow:6ba1a4d64ddf	SESSION-2117b91b7562ba94 → flow:6ba1a4d64ddf
FLOW_FROM_HOSTOBS	e:from:SESSION-1fc279480f80cfd1:host:172.234.197.23	SESSION-1fc279480f80cfd1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.95:geo_-21.10010_-41.69200	host:45.173.156.95 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-b8a147e2e8b42f79:host:177.10.238.80	SESSION-b8a147e2e8b42f79 → host:177.10.238.80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5cdb2ff7fda09377:flow:a39310d926cc	SESSION-5cdb2ff7fda09377 → flow:a39310d926cc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-80c2fbd298f78f5d:host:177.10.235.109	SESSION-80c2fbd298f78f5d → host:177.10.235.109
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c124aef8e6ea7da5:SESSION-c124aef8e6ea7da5	SESSION-c124aef8e6ea7da5 → pe:syn:SESSION-c124aef8e6ea7da5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-783c4edbafa3c164:host:172.234.197.23	SESSION-783c4edbafa3c164 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f59e3038c71b15e1:host:177.10.234.0	SESSION-f59e3038c71b15e1 → host:177.10.234.0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e7e110cd2632aa64:host:177.10.238.232:host:172.234.197.23	SESSION-e7e110cd2632aa64 → host:177.10.238.232 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-361b290e75b75885:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-361b290e75b75885 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7858b3452cd9a479:host:172.234.197.23	SESSION-7858b3452cd9a479 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7e2811d191c294e0:host:172.234.197.23	SESSION-7e2811d191c294e0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2d49d0a052df:port:tcp:443	flow:2d49d0a052df → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.170:geo_-16.28860_-49.01640	host:177.10.238.170 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-406d5e8256fbfc45:host:131.196.29.41:host:172.234.197.23	SESSION-406d5e8256fbfc45 → host:131.196.29.41 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-40e0d0b129f437fd:host:172.234.197.23	SESSION-40e0d0b129f437fd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-87bc9df611d2f97d:SESSION-87bc9df611d2f97d	SESSION-87bc9df611d2f97d → pe:tls:SESSION-87bc9df611d2f97d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-144e16262f6e2a62:host:131.196.29.65	SESSION-144e16262f6e2a62 → host:131.196.29.65
FLOW_DST_PORTOBS	e:fp:flow:9ea1e6616e07:port:tcp:443	flow:9ea1e6616e07 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-84e5e89f26aa2ca2:host:177.10.239.175:host:172.234.197.23	SESSION-84e5e89f26aa2ca2 → host:177.10.239.175 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:8d2fac406199	flow:8d2fac406199 → host:172.234.197.23 → host:177.10.239.229 → port:tcp:25205
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.126:geo_-23.62930_-46.63510	host:131.196.28.126 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-139ea45d2e45809a:SESSION-139ea45d2e45809a	SESSION-139ea45d2e45809a → pe:syn:SESSION-139ea45d2e45809a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b2e6696cab81646:SESSION-5b2e6696cab81646	SESSION-5b2e6696cab81646 → pe:syn:SESSION-5b2e6696cab81646
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68031782b8336c69:host:172.234.197.23:host:92.118.39.236	SESSION-68031782b8336c69 → host:172.234.197.23 → host:92.118.39.236
FLOW_FROM_HOSTOBS	e:from:SESSION-a148e202465c0b29:host:172.234.197.23	SESSION-a148e202465c0b29 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-20066dd45b76b973:host:172.234.197.23	SESSION-20066dd45b76b973 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:67e55af760db:port:tcp:443	flow:67e55af760db → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6a72e7bc5d973ed2:SESSION-6a72e7bc5d973ed2	SESSION-6a72e7bc5d973ed2 → pe:tls:SESSION-6a72e7bc5d973ed2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-131cbd262c833b9b:SESSION-131cbd262c833b9b	SESSION-131cbd262c833b9b → pe:tls:SESSION-131cbd262c833b9b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3b9d914716975ab:host:177.10.239.58	SESSION-c3b9d914716975ab → host:177.10.239.58
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0957d40de01926ae:SESSION-0957d40de01926ae	SESSION-0957d40de01926ae → pe:tls:SESSION-0957d40de01926ae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eed27da13c534290:SESSION-eed27da13c534290	SESSION-eed27da13c534290 → pe:syn:SESSION-eed27da13c534290
FLOW_DST_PORTOBS	e:fp:flow:ad1d860af0e2:port:tcp:443	flow:ad1d860af0e2 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c9a9ddd86aa762a0:PCAP:capture_20260430090001:065659c7d314	SESSION-c9a9ddd86aa762a0 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3553d3f3f842e7ac:flow:de9a31b6abf8	SESSION-3553d3f3f842e7ac → flow:de9a31b6abf8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ccde81b4fef5a18e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-ccde81b4fef5a18e → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:d9b2312bea71:port:tcp:443	flow:d9b2312bea71 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:5c339219e6ad:port:tcp:19002	flow:5c339219e6ad → port:tcp:19002
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-921389e161f019e9:host:177.10.235.205	SESSION-921389e161f019e9 → host:177.10.235.205
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d5b5151108975cf:host:177.10.239.194	SESSION-4d5b5151108975cf → host:177.10.239.194
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-00f403aeec8e6c17:host:172.234.197.23	SESSION-00f403aeec8e6c17 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.4:geo_-16.28860_-49.01640	host:177.10.237.4 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-18c88d2b92c30f28:PCAP:capture_20260430110001:43611bdf6759	SESSION-18c88d2b92c30f28 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-f3913d4a535b9029:host:172.234.197.23	SESSION-f3913d4a535b9029 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2e5c0c6a1142:port:tcp:443	flow:2e5c0c6a1142 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-82f2c01059fea89b:host:177.10.235.192:host:172.234.197.23	SESSION-82f2c01059fea89b → host:177.10.235.192 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:462902a6a8a1:port:tcp:443	flow:462902a6a8a1 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-674d0a1b38b3c135:SESSION-674d0a1b38b3c135	SESSION-674d0a1b38b3c135 → pe:syn:SESSION-674d0a1b38b3c135
FLOW_FROM_HOSTOBS	e:from:SESSION-6752f583f7e09519:host:45.173.156.161	SESSION-6752f583f7e09519 → host:45.173.156.161
FLOW_DST_PORTOBS	e:fp:flow:658b6a47bbe6:port:tcp:23	flow:658b6a47bbe6 → port:tcp:23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d45c3fc16863e5ef:flow:486b55844e41	SESSION-d45c3fc16863e5ef → flow:486b55844e41
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-415460770952c9a4:host:172.234.197.23	SESSION-415460770952c9a4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ed80052f988e41bd:flow:04f29e1a223e	SESSION-ed80052f988e41bd → flow:04f29e1a223e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-da14485ca0be7376:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-da14485ca0be7376 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-222c821677f323de:host:45.173.156.198	SESSION-222c821677f323de → host:45.173.156.198
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-f750867699c9a944:BSG-BEACON-e07f4250263f	SESSION-f750867699c9a944 → BSG-BEACON-e07f4250263f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cff48a7a06adcd8f:host:45.173.156.92:host:172.234.197.23	SESSION-cff48a7a06adcd8f → host:45.173.156.92 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.47:asn:262880	host:177.10.236.47 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-20cf12e311e55250:flow:03d650cc5418	SESSION-20cf12e311e55250 → flow:03d650cc5418
FLOW_FROM_HOSTOBS	e:from:SESSION-08eebf44a6874d1b:host:177.10.234.204	SESSION-08eebf44a6874d1b → host:177.10.234.204
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.228:geo_-23.62930_-46.63510	host:131.196.31.228 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-f852deb0b74344a0:host:172.234.197.23	SESSION-f852deb0b74344a0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99d54d6eadbc1138:host:45.173.156.41	SESSION-99d54d6eadbc1138 → host:45.173.156.41
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d5d486009dccd362:PCAP:capture_20260430150001:ded20914761d	SESSION-d5d486009dccd362 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6d5e711c3b45ec85:SESSION-6d5e711c3b45ec85	SESSION-6d5e711c3b45ec85 → pe:tls:SESSION-6d5e711c3b45ec85
FLOW_DST_PORTOBS	e:fp:flow:f7005d0541c0:port:tcp:443	flow:f7005d0541c0 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33b7a287fd9eafc1:host:172.234.197.23	SESSION-33b7a287fd9eafc1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d7aef03828b51e64:host:177.10.237.80	SESSION-d7aef03828b51e64 → host:177.10.237.80
FLOW_FROM_HOSTOBS	e:from:SESSION-c5d6e49e2849c20f:host:131.196.29.198	SESSION-c5d6e49e2849c20f → host:131.196.29.198
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c54b7fde1829c775:host:172.234.197.23	SESSION-c54b7fde1829c775 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9875f767bae73b8:host:45.173.156.202	SESSION-b9875f767bae73b8 → host:45.173.156.202
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f8491791342c7cb3:PCAP:capture_20260428010001:b1b402c7b202	SESSION-f8491791342c7cb3 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_FROM_HOSTOBS	e:from:SESSION-cbc349d6e82ad363:host:172.234.197.23	SESSION-cbc349d6e82ad363 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d8cc052a984adc75:SESSION-d8cc052a984adc75	SESSION-d8cc052a984adc75 → pe:tls:SESSION-d8cc052a984adc75
FLOW_FROM_HOSTOBS	e:from:SESSION-923fbccf43ed644a:host:177.10.239.225	SESSION-923fbccf43ed644a → host:177.10.239.225
FLOW_DST_PORTOBS	e:fp:flow:e4d25df52436:port:tcp:443	flow:e4d25df52436 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-25e11e259146e3a2:SESSION-25e11e259146e3a2	SESSION-25e11e259146e3a2 → pe:syn:SESSION-25e11e259146e3a2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0caa41ae62241956:host:177.10.235.93:host:172.234.197.23	SESSION-0caa41ae62241956 → host:177.10.235.93 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8d146c274485:port:tcp:14997	flow:8d146c274485 → port:tcp:14997
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-00968abd3a9eec7e:host:177.10.237.76:host:172.234.197.23	SESSION-00968abd3a9eec7e → host:177.10.237.76 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5167ceabb03264f1:SESSION-5167ceabb03264f1	SESSION-5167ceabb03264f1 → pe:tls:SESSION-5167ceabb03264f1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5c83cde1dbe634e7:SESSION-5c83cde1dbe634e7	SESSION-5c83cde1dbe634e7 → pe:tls:SESSION-5c83cde1dbe634e7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb5c3fce7274dac7:SESSION-cb5c3fce7274dac7	SESSION-cb5c3fce7274dac7 → pe:tls:SESSION-cb5c3fce7274dac7
flow_observed4-aryOBS	e:fo:flow:24e78376d3a5	flow:24e78376d3a5 → host:172.234.197.23 → host:177.10.237.146 → port:tcp:32127
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.61:geo_-23.62930_-46.63510	host:131.196.29.61 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-20dfde969676b329:flow:a860b1a17716	SESSION-20dfde969676b329 → flow:a860b1a17716
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2290de8fcf2817df:host:177.10.232.22:host:172.234.197.23	SESSION-2290de8fcf2817df → host:177.10.232.22 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.148:asn:271410	host:131.196.30.148 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a8ab97210507c98d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a8ab97210507c98d → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f6c732897c2ca80c:host:45.173.156.116	SESSION-f6c732897c2ca80c → host:45.173.156.116
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1433a266c3f7170c:host:177.10.238.24:host:172.234.197.23	SESSION-1433a266c3f7170c → host:177.10.238.24 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-926b7babcf98185f:SESSION-926b7babcf98185f	SESSION-926b7babcf98185f → pe:syn:SESSION-926b7babcf98185f
flow_observed5-aryOBS	e:fo:flow:02eabff0bc53	flow:02eabff0bc53 → host:131.196.31.194 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:eab68470020d:port:tcp:443	flow:eab68470020d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d79f2acd73027b39:host:177.10.238.57	SESSION-d79f2acd73027b39 → host:177.10.238.57
FLOW_TO_HOSTOBS	e:to:SESSION-110ce59a2a29ac0c:host:172.234.197.23	SESSION-110ce59a2a29ac0c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:340449867541:port:tcp:443	flow:340449867541 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2cb296f879c20d45:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-2cb296f879c20d45 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9f2c14118785728f:SESSION-9f2c14118785728f	SESSION-9f2c14118785728f → pe:tls:SESSION-9f2c14118785728f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cefaeddbbade6b50:host:172.234.197.23	SESSION-cefaeddbbade6b50 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9cb6fb6a141a:port:tcp:443	flow:9cb6fb6a141a → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ee36310db765ff6:flow:add213556538	SESSION-2ee36310db765ff6 → flow:add213556538
flow_observed5-aryOBS	e:fo:flow:be4babb82816	flow:be4babb82816 → host:177.10.232.207 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7eecd546334ac489:flow:b9ff0cc35001	SESSION-7eecd546334ac489 → flow:b9ff0cc35001
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bf7bb3dc8319468:host:131.196.30.102	SESSION-3bf7bb3dc8319468 → host:131.196.30.102
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03cee9bc49b35179:host:172.234.197.23	SESSION-03cee9bc49b35179 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5491ebf26b201b1a:flow:9bc6cdf932a6	SESSION-5491ebf26b201b1a → flow:9bc6cdf932a6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-30e9e6bd80ef39ea:SESSION-30e9e6bd80ef39ea	SESSION-30e9e6bd80ef39ea → pe:tls:SESSION-30e9e6bd80ef39ea
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-07dfdeddccca16ee:SESSION-07dfdeddccca16ee	SESSION-07dfdeddccca16ee → pe:syn:SESSION-07dfdeddccca16ee
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14ec4f61373e7262:host:177.10.233.67	SESSION-14ec4f61373e7262 → host:177.10.233.67
FLOW_TO_HOSTOBS	e:to:SESSION-08924e756ead6523:host:172.234.197.23	SESSION-08924e756ead6523 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7af80619f13211ba:flow:f8cf2033ffcb	SESSION-7af80619f13211ba → flow:f8cf2033ffcb
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.4:geo_-16.28860_-49.01640	host:177.10.232.4 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f18f27343d540733:flow:9b350481ac58	SESSION-f18f27343d540733 → flow:9b350481ac58
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-af315627d236ddd5:SESSION-af315627d236ddd5	SESSION-af315627d236ddd5 → pe:syn:SESSION-af315627d236ddd5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-328591b09b0655cf:host:172.234.197.23	SESSION-328591b09b0655cf → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3333aa4b72a0	flow:3333aa4b72a0 → host:131.196.30.150 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b2e6696cab81646:flow:c2108f1fcccc	SESSION-5b2e6696cab81646 → flow:c2108f1fcccc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3a22e38c714d83c7:SESSION-3a22e38c714d83c7	SESSION-3a22e38c714d83c7 → pe:tls:SESSION-3a22e38c714d83c7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db282f95b9cc563d:host:177.10.237.70	SESSION-db282f95b9cc563d → host:177.10.237.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3767fab91283496e:SESSION-3767fab91283496e	SESSION-3767fab91283496e → pe:tls:SESSION-3767fab91283496e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fce80bc522afcc8b:SESSION-fce80bc522afcc8b	SESSION-fce80bc522afcc8b → pe:tls:SESSION-fce80bc522afcc8b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5d8922fd6595a71f:flow:337d55bdec10	SESSION-5d8922fd6595a71f → flow:337d55bdec10
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dcbceebcfa7feba5:host:177.10.235.79	SESSION-dcbceebcfa7feba5 → host:177.10.235.79
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.101:asn:262880	host:177.10.235.101 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2eaffc60d664a8c9:host:177.10.235.90:host:172.234.197.23	SESSION-2eaffc60d664a8c9 → host:177.10.235.90 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f06d97c7ac4f577b:host:172.234.197.23	SESSION-f06d97c7ac4f577b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-131cbd262c833b9b:SESSION-131cbd262c833b9b	SESSION-131cbd262c833b9b → pe:syn:SESSION-131cbd262c833b9b
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.188:asn:271410	host:131.196.30.188 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.25:geo_-16.28860_-49.01640	host:177.10.237.25 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b135329a33dc60c2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b135329a33dc60c2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c9a9ddd86aa762a0:SESSION-c9a9ddd86aa762a0	SESSION-c9a9ddd86aa762a0 → pe:tls:SESSION-c9a9ddd86aa762a0
FLOW_FROM_HOSTOBS	e:from:SESSION-079c82b45cfad420:host:172.234.197.23	SESSION-079c82b45cfad420 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3fa65fdb17829700:host:172.234.197.23:host:177.10.232.34	SESSION-3fa65fdb17829700 → host:172.234.197.23 → host:177.10.232.34
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.176:asn:271410	host:131.196.30.176 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.214:geo_-16.28860_-49.01640	host:177.10.234.214 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:0dfc9b5d1570:port:tcp:443	flow:0dfc9b5d1570 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-fa1be017e5052d0a:host:177.10.239.170	SESSION-fa1be017e5052d0a → host:177.10.239.170
FLOW_DST_PORTOBS	e:fp:flow:cd284626d39c:port:tcp:34267	flow:cd284626d39c → port:tcp:34267
FLOW_TO_HOSTOBS	e:to:SESSION-d75311b4cd1e33ff:host:172.234.197.23	SESSION-d75311b4cd1e33ff → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ca5156d485d150e2:host:2.57.122.194	SESSION-ca5156d485d150e2 → host:2.57.122.194
FLOW_FROM_HOSTOBS	e:from:SESSION-06c7d2e525939bdd:host:177.10.239.205	SESSION-06c7d2e525939bdd → host:177.10.239.205
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57e20c08f6c0c2c9:host:131.196.30.61	SESSION-57e20c08f6c0c2c9 → host:131.196.30.61
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-858a06c2b9abdebe:flow:802362c03be8	SESSION-858a06c2b9abdebe → flow:802362c03be8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dae3e228e98c74e4:host:131.196.30.185	SESSION-dae3e228e98c74e4 → host:131.196.30.185
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f130592ce1f7f0fb:host:177.10.239.16	SESSION-f130592ce1f7f0fb → host:177.10.239.16
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2c5fc27029770f85:flow:b05614546d7d	SESSION-2c5fc27029770f85 → flow:b05614546d7d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-84891f6788a8f194:flow:93db33bc72fc	SESSION-84891f6788a8f194 → flow:93db33bc72fc
FLOW_FROM_HOSTOBS	e:from:SESSION-6490de849a8e5020:host:185.231.226.202	SESSION-6490de849a8e5020 → host:185.231.226.202
FLOW_FROM_HOSTOBS	e:from:SESSION-d274b6d174d04d01:host:131.196.31.100	SESSION-d274b6d174d04d01 → host:131.196.31.100
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.84:asn:262880	host:177.10.238.84 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b50835be4d5bba16:host:172.234.197.23	SESSION-b50835be4d5bba16 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3185739188bf8a1e:host:131.196.30.11	SESSION-3185739188bf8a1e → host:131.196.30.11
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-15939dedfcffc5e5:host:131.196.31.221	SESSION-15939dedfcffc5e5 → host:131.196.31.221
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-33bdca28f4470cd7:host:131.196.30.0:host:172.234.197.23	SESSION-33bdca28f4470cd7 → host:131.196.30.0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bb9766ebe449a845:host:172.234.197.23	SESSION-bb9766ebe449a845 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f0f43f14c846:port:tcp:443	flow:f0f43f14c846 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5de3ca130be8f6d5:SESSION-5de3ca130be8f6d5	SESSION-5de3ca130be8f6d5 → pe:tls:SESSION-5de3ca130be8f6d5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9b2bcd9d2c0b41b4:SESSION-9b2bcd9d2c0b41b4	SESSION-9b2bcd9d2c0b41b4 → pe:tls:SESSION-9b2bcd9d2c0b41b4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e36c77c5ab0d7e92:host:172.234.197.23	SESSION-e36c77c5ab0d7e92 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fd2d57a3e3d90491:PCAP:capture_20260430080001:93f47cc296a4	SESSION-fd2d57a3e3d90491 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-5b37dbc8f4449b96:host:172.234.197.23	SESSION-5b37dbc8f4449b96 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:ff732ace4242	flow:ff732ace4242 → host:172.234.197.23 → host:131.196.28.242 → port:tcp:41209
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f40f233058919cef:SESSION-f40f233058919cef	SESSION-f40f233058919cef → pe:tls:SESSION-f40f233058919cef
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ef74cd6b285b3c9:flow:bcbb02b2c9a5	SESSION-5ef74cd6b285b3c9 → flow:bcbb02b2c9a5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5f3ac5dec394466:host:177.10.232.56	SESSION-f5f3ac5dec394466 → host:177.10.232.56
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8bf059b02e9beec:host:177.10.235.107:host:172.234.197.23	SESSION-c8bf059b02e9beec → host:177.10.235.107 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-288ea97e67f438e3:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-288ea97e67f438e3 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f4e3933219f15471:host:45.173.156.61	SESSION-f4e3933219f15471 → host:45.173.156.61
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e391b214be46ad73:host:172.234.197.23:host:131.196.30.246	SESSION-e391b214be46ad73 → host:172.234.197.23 → host:131.196.30.246
flow_observed4-aryOBS	e:fo:flow:3a5d8774eaca	flow:3a5d8774eaca → host:172.234.197.23 → host:131.196.28.72 → port:tcp:6323
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-992ac29a78433ae4:SESSION-992ac29a78433ae4	SESSION-992ac29a78433ae4 → pe:syn:SESSION-992ac29a78433ae4
FLOW_FROM_HOSTOBS	e:from:SESSION-605acf1f49534e97:host:177.10.233.231	SESSION-605acf1f49534e97 → host:177.10.233.231
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ceaf5a04e9815b11:host:172.234.197.23:host:131.196.30.147	SESSION-ceaf5a04e9815b11 → host:172.234.197.23 → host:131.196.30.147
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6543ef151e834843:host:131.196.29.140:host:172.234.197.23	SESSION-6543ef151e834843 → host:131.196.29.140 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-570ccd324c759306:SESSION-570ccd324c759306	SESSION-570ccd324c759306 → pe:tls:SESSION-570ccd324c759306
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a7a354b1ade71f9e:PCAP:capture_20260430060001:919b39a74464	SESSION-a7a354b1ade71f9e → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:ecbf4329cbae:port:tcp:61144	flow:ecbf4329cbae → port:tcp:61144
flow_observed4-aryOBS	e:fo:flow:30abe7e74963	flow:30abe7e74963 → host:172.234.197.23 → host:131.196.29.43 → port:tcp:12578
FLOW_DST_PORTOBS	e:fp:flow:d81e3896f245:port:tcp:443	flow:d81e3896f245 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cefaeddbbade6b50:host:177.10.237.254	SESSION-cefaeddbbade6b50 → host:177.10.237.254
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-adf46c04c6a07144:host:172.234.197.23	SESSION-adf46c04c6a07144 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:509ed4d5dc46	flow:509ed4d5dc46 → host:172.234.197.23 → host:131.196.28.50 → port:tcp:8438
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7738f57138403f60:host:172.234.197.23:host:45.173.156.7	SESSION-7738f57138403f60 → host:172.234.197.23 → host:45.173.156.7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-de8058bfaf7cddb8:PCAP:capture_20260430070001:903a0e7a436b	SESSION-de8058bfaf7cddb8 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-86f296cd3a39a7c2:SESSION-86f296cd3a39a7c2	SESSION-86f296cd3a39a7c2 → pe:rst:SESSION-86f296cd3a39a7c2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-231f5887ddd9d406:host:172.234.197.23	SESSION-231f5887ddd9d406 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-745809bcd8ad6979:host:108.217.180.26	SESSION-745809bcd8ad6979 → host:108.217.180.26
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d2ed4131e5585f31:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d2ed4131e5585f31 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a148e202465c0b29:SESSION-a148e202465c0b29	SESSION-a148e202465c0b29 → pe:tls:SESSION-a148e202465c0b29
FLOW_TO_HOSTOBS	e:to:SESSION-fd2d57a3e3d90491:host:172.234.197.23	SESSION-fd2d57a3e3d90491 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d847f2e978d6	flow:d847f2e978d6 → host:177.10.234.103 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:d5bb80ec7e3d:port:tcp:443	flow:d5bb80ec7e3d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e280ba6e8e483a35:host:172.234.197.23	SESSION-e280ba6e8e483a35 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-06a6b67473c48ddd:host:172.234.197.23	SESSION-06a6b67473c48ddd → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d93bcf8220d2:port:tcp:21001	flow:d93bcf8220d2 → port:tcp:21001
FLOW_DST_PORTOBS	e:fp:flow:8ab7e6316a87:port:tcp:443	flow:8ab7e6316a87 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e035a13399d76ad4:SESSION-e035a13399d76ad4	SESSION-e035a13399d76ad4 → pe:tls:SESSION-e035a13399d76ad4
FLOW_FROM_HOSTOBS	e:from:SESSION-710b55a9f3a0edd9:host:131.196.28.146	SESSION-710b55a9f3a0edd9 → host:131.196.28.146
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-807885e153f56a02:SESSION-807885e153f56a02	SESSION-807885e153f56a02 → pe:tls:SESSION-807885e153f56a02
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ed473d20582b9e99:flow:178ed12e2cd2	SESSION-ed473d20582b9e99 → flow:178ed12e2cd2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d694cf0080c35c2f:SESSION-d694cf0080c35c2f	SESSION-d694cf0080c35c2f → pe:syn:SESSION-d694cf0080c35c2f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a8ab97210507c98d:SESSION-a8ab97210507c98d	SESSION-a8ab97210507c98d → pe:syn:SESSION-a8ab97210507c98d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.70:geo_-23.62930_-46.63510	host:131.196.31.70 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64639bf8e248f548:host:177.10.239.166	SESSION-64639bf8e248f548 → host:177.10.239.166
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.97:geo_-23.62930_-46.63510	host:131.196.30.97 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:b689e3522dc7:port:tcp:443	flow:b689e3522dc7 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-90972096b6b00a4b:host:177.10.236.240:host:172.234.197.23	SESSION-90972096b6b00a4b → host:177.10.236.240 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.19:asn:203771	host:45.145.152.19 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9726c360f8e7f49c:SESSION-9726c360f8e7f49c	SESSION-9726c360f8e7f49c → pe:tls:SESSION-9726c360f8e7f49c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ef022cf55a10b05:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6ef022cf55a10b05 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:f9683f42cf59:port:tcp:443	flow:f9683f42cf59 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-64e6d0099998fde8:host:172.234.197.23	SESSION-64e6d0099998fde8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-68282fbeb04671d9:SESSION-68282fbeb04671d9	SESSION-68282fbeb04671d9 → pe:syn:SESSION-68282fbeb04671d9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1995c5dc0203e07b:SESSION-1995c5dc0203e07b	SESSION-1995c5dc0203e07b → pe:tls:SESSION-1995c5dc0203e07b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0482ff4f8e4ec953:flow:c06565ad7f6a	SESSION-0482ff4f8e4ec953 → flow:c06565ad7f6a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e791e8d702f57f3e:SESSION-e791e8d702f57f3e	SESSION-e791e8d702f57f3e → pe:syn:SESSION-e791e8d702f57f3e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9e2a4babdc2dc965:SESSION-9e2a4babdc2dc965	SESSION-9e2a4babdc2dc965 → pe:tls:SESSION-9e2a4babdc2dc965
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-886f0e6ca4ba19c9:host:172.234.197.23	SESSION-886f0e6ca4ba19c9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8e3f43d5f5a9	flow:8e3f43d5f5a9 → host:177.10.238.31 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-6d93e05fe8ec7e58:host:172.234.197.23	SESSION-6d93e05fe8ec7e58 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d7baf95bca9d9bdc:SESSION-d7baf95bca9d9bdc	SESSION-d7baf95bca9d9bdc → pe:syn:SESSION-d7baf95bca9d9bdc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d618ae22306fa7b9:SESSION-d618ae22306fa7b9	SESSION-d618ae22306fa7b9 → pe:syn:SESSION-d618ae22306fa7b9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1c315b0bf7f59a30:SESSION-1c315b0bf7f59a30	SESSION-1c315b0bf7f59a30 → pe:syn:SESSION-1c315b0bf7f59a30
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aee37cb69186d910:SESSION-aee37cb69186d910	SESSION-aee37cb69186d910 → pe:syn:SESSION-aee37cb69186d910
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7139746cbd677852:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-7139746cbd677852 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-5080263f1b2fd5b9:host:45.173.156.111	SESSION-5080263f1b2fd5b9 → host:45.173.156.111
flow_observed5-aryOBS	e:fo:flow:a8e38032e2d9	flow:a8e38032e2d9 → host:177.10.233.58 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-5250861d994b3dc2:host:172.234.197.23	SESSION-5250861d994b3dc2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c0aa7b6956faccec:host:172.234.197.23	SESSION-c0aa7b6956faccec → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22873a115734b4a8:host:172.234.197.23	SESSION-22873a115734b4a8 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:460697540e36	flow:460697540e36 → host:172.234.197.23 → host:45.173.156.37 → port:tcp:51204
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e46bef1b2f6daf0:host:177.10.239.209	SESSION-2e46bef1b2f6daf0 → host:177.10.239.209
FLOW_DST_PORTOBS	e:fp:flow:1ace16a3669e:port:tcp:443	flow:1ace16a3669e → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:17eb0e2e292b	flow:17eb0e2e292b → host:131.196.31.129 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:06e6a1ef84ba:port:tcp:443	flow:06e6a1ef84ba → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e04d863bd380e3e5:flow:a7af680f1e31	SESSION-e04d863bd380e3e5 → flow:a7af680f1e31
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-139cf5bd66e27bf0:SESSION-139cf5bd66e27bf0	SESSION-139cf5bd66e27bf0 → pe:tls:SESSION-139cf5bd66e27bf0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7eb43af6b38a5d78:host:172.234.197.23	SESSION-7eb43af6b38a5d78 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:62bd2a061f46	flow:62bd2a061f46 → host:131.196.31.49 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:62d12623c93c:port:tcp:443	flow:62d12623c93c → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5712989ddbf4728b:flow:c11eda38705a	SESSION-5712989ddbf4728b → flow:c11eda38705a
FLOW_DST_PORTOBS	e:fp:flow:74f73b825bc0:port:tcp:443	flow:74f73b825bc0 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-687ff071deb77d90:PCAP:capture_20260430060001:919b39a74464	SESSION-687ff071deb77d90 → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d99d46a236a5e045:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d99d46a236a5e045 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:d1758e353542:port:tcp:4256	flow:d1758e353542 → port:tcp:4256
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64abd49ab16af3e3:host:177.10.234.253	SESSION-64abd49ab16af3e3 → host:177.10.234.253
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f8382ccd890fe862:host:54.186.85.102:host:172.234.197.23	SESSION-f8382ccd890fe862 → host:54.186.85.102 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-025a43ae01804438:host:172.234.197.23	SESSION-025a43ae01804438 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:048fd4fb8e93	flow:048fd4fb8e93 → host:131.196.29.154 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e8651e0c063dc0a:host:177.10.232.212	SESSION-5e8651e0c063dc0a → host:177.10.232.212
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e21e19309bc8d324:flow:b9e2dc825daf	SESSION-e21e19309bc8d324 → flow:b9e2dc825daf
flow_observed4-aryOBS	e:fo:flow:a602b99696cd	flow:a602b99696cd → host:172.234.197.23 → host:177.10.236.56 → port:tcp:11030
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29fae5326f4697b4:host:172.234.197.23	SESSION-29fae5326f4697b4 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.191:geo_-23.62930_-46.63510	host:131.196.29.191 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-e921959b541072de:host:177.10.236.176	SESSION-e921959b541072de → host:177.10.236.176
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-86a02a9ab2988acd:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-86a02a9ab2988acd → PCAP:capture_20260427220001:43a3d6220bc6
flow_observed3-aryOBS	e:fo:flow:fc70cc4dfed6	flow:fc70cc4dfed6 → host:13.61.34.23 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae5500b1626fa45f:host:172.234.197.23	SESSION-ae5500b1626fa45f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d9cfeb1a925e0c3:host:172.234.197.23	SESSION-8d9cfeb1a925e0c3 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 70%	e:bsg:SESSION-5cb36fee7e75b97b:BSG-DATA_EXFIL-9a0276c5ec07	SESSION-5cb36fee7e75b97b → BSG-DATA_EXFIL-9a0276c5ec07
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9b209515fa806d4a:SESSION-9b209515fa806d4a	SESSION-9b209515fa806d4a → pe:syn:SESSION-9b209515fa806d4a
FLOW_TO_HOSTOBS	e:to:SESSION-ef7241157e60b5c0:host:172.234.197.23	SESSION-ef7241157e60b5c0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ff4eb64228a8af88:host:177.10.232.152:host:172.234.197.23	SESSION-ff4eb64228a8af88 → host:177.10.232.152 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1110d6d36f6ebd42:SESSION-1110d6d36f6ebd42	SESSION-1110d6d36f6ebd42 → pe:tls:SESSION-1110d6d36f6ebd42
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e271128847ae06df:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e271128847ae06df → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ec199f8b9a6f389:SESSION-8ec199f8b9a6f389	SESSION-8ec199f8b9a6f389 → pe:syn:SESSION-8ec199f8b9a6f389
flow_observed5-aryOBS	e:fo:flow:bf473035e2d9	flow:bf473035e2d9 → host:131.196.31.226 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0aa7b6956faccec:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-c0aa7b6956faccec → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.135:geo_-16.28860_-49.01640	host:177.10.233.135 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bb7c4827354230c4:SESSION-bb7c4827354230c4	SESSION-bb7c4827354230c4 → pe:tls:SESSION-bb7c4827354230c4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0fe99f41b36441fa:SESSION-0fe99f41b36441fa	SESSION-0fe99f41b36441fa → pe:tls:SESSION-0fe99f41b36441fa
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1129a02e66df3e40:PCAP:capture_20260430160001:9bfa4498506a	SESSION-1129a02e66df3e40 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-99664d33d11b43d2:host:172.234.197.23	SESSION-99664d33d11b43d2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-84a1a640eb0d0e14:SESSION-84a1a640eb0d0e14	SESSION-84a1a640eb0d0e14 → pe:syn:SESSION-84a1a640eb0d0e14
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-87843d3af97b013e:flow:dec8c7b5212e	SESSION-87843d3af97b013e → flow:dec8c7b5212e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4898aa8f3840ecd5:host:177.10.238.98	SESSION-4898aa8f3840ecd5 → host:177.10.238.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bef16d9c79cba2c2:SESSION-bef16d9c79cba2c2	SESSION-bef16d9c79cba2c2 → pe:syn:SESSION-bef16d9c79cba2c2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-87843d3af97b013e:SESSION-87843d3af97b013e	SESSION-87843d3af97b013e → pe:syn:SESSION-87843d3af97b013e
FLOW_TO_HOSTOBS	e:to:SESSION-ddc60a1db971e20b:host:131.196.28.93	SESSION-ddc60a1db971e20b → host:131.196.28.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2aa7e55175462248:SESSION-2aa7e55175462248	SESSION-2aa7e55175462248 → pe:syn:SESSION-2aa7e55175462248
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-30152f28b63d1649:PCAP:capture_20260430090001:065659c7d314	SESSION-30152f28b63d1649 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bc9c57ce6bc30045:flow:9e15ab26c418	SESSION-bc9c57ce6bc30045 → flow:9e15ab26c418
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-87b50db5a64a4926:PCAP:capture_20260430150001:ded20914761d	SESSION-87b50db5a64a4926 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4fb8a50f2916880:flow:ca4f3a212e98	SESSION-d4fb8a50f2916880 → flow:ca4f3a212e98
FLOW_TO_HOSTOBS	e:to:SESSION-6ae64075781208b0:host:177.10.235.177	SESSION-6ae64075781208b0 → host:177.10.235.177
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.150:geo_-16.28860_-49.01640	host:177.10.233.150 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-3fd9b76b5230e873:host:131.196.31.157	SESSION-3fd9b76b5230e873 → host:131.196.31.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eb7b7dca9012c682:SESSION-eb7b7dca9012c682	SESSION-eb7b7dca9012c682 → pe:syn:SESSION-eb7b7dca9012c682
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0f21a1d46f067dc:host:172.234.197.23	SESSION-c0f21a1d46f067dc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-07a7172489c9ad9c:host:177.10.232.103	SESSION-07a7172489c9ad9c → host:177.10.232.103
FLOW_FROM_HOSTOBS	e:from:SESSION-2b0a36bcb50aee6b:host:172.234.197.23	SESSION-2b0a36bcb50aee6b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.12:geo_-16.28860_-49.01640	host:177.10.237.12 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:0ea601f47c8a:port:tcp:443	flow:0ea601f47c8a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37e4af30bda4d3e9:host:172.234.197.23	SESSION-37e4af30bda4d3e9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:96b86482edb7	flow:96b86482edb7 → host:177.10.235.169 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eb40f64797e3fe16:SESSION-eb40f64797e3fe16	SESSION-eb40f64797e3fe16 → pe:syn:SESSION-eb40f64797e3fe16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-efd1ddb1a087b877:SESSION-efd1ddb1a087b877	SESSION-efd1ddb1a087b877 → pe:syn:SESSION-efd1ddb1a087b877
FLOW_DST_PORTOBS	e:fp:flow:7eb0540e2c7f:port:tcp:443	flow:7eb0540e2c7f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f10bf652ebbcd899:SESSION-f10bf652ebbcd899	SESSION-f10bf652ebbcd899 → pe:syn:SESSION-f10bf652ebbcd899
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e96c97861c631394:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e96c97861c631394 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-9af401128ecea586:host:172.234.197.23	SESSION-9af401128ecea586 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6b6e18a39fae0db6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6b6e18a39fae0db6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-6430336fded9a803:host:172.234.197.23	SESSION-6430336fded9a803 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-727af4ad5af6cc01:SESSION-727af4ad5af6cc01	SESSION-727af4ad5af6cc01 → pe:syn:SESSION-727af4ad5af6cc01
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fb2f54f0354a144e:host:177.10.234.164:host:172.234.197.23	SESSION-fb2f54f0354a144e → host:177.10.234.164 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-905738e9b4f08562:BSG-BEACON-5cf613fd15c2	SESSION-905738e9b4f08562 → BSG-BEACON-5cf613fd15c2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dee230b22d739e8a:host:177.10.239.25	SESSION-dee230b22d739e8a → host:177.10.239.25
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4aa43b0ccd10448e:host:172.234.197.23	SESSION-4aa43b0ccd10448e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8e33208793a04fae:host:3.102.9.236:host:172.234.197.23	SESSION-8e33208793a04fae → host:3.102.9.236 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8ab658d53a1eebd:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c8ab658d53a1eebd → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eb17861f5be52c2c:PCAP:capture_20260430110001:43611bdf6759	SESSION-eb17861f5be52c2c → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77c4ff849445b3aa:host:172.234.197.23	SESSION-77c4ff849445b3aa → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7112b92d323c	flow:7112b92d323c → host:177.10.234.23 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7a9739ecc8b00e90:host:172.234.197.23:host:177.10.235.109	SESSION-7a9739ecc8b00e90 → host:172.234.197.23 → host:177.10.235.109
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9d59512d9649ead5:flow:63c9515a3982	SESSION-9d59512d9649ead5 → flow:63c9515a3982
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-853e897de6767cda:PCAP:capture_20260430150001:ded20914761d	SESSION-853e897de6767cda → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-b3948aeec4a52663:host:172.234.197.23	SESSION-b3948aeec4a52663 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f2cbf1ff9debe345:host:177.10.238.77:host:172.234.197.23	SESSION-f2cbf1ff9debe345 → host:177.10.238.77 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b5948254caf12dd:host:177.10.238.216	SESSION-9b5948254caf12dd → host:177.10.238.216
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.137:geo_-21.10010_-41.69200	host:45.173.156.137 → geo_-21.10010_-41.69200
flow_observed5-aryOBS	e:fo:flow:9232c73db8ec	flow:9232c73db8ec → host:131.196.31.185 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-ee237db5b674d6c4:host:172.234.197.23	SESSION-ee237db5b674d6c4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dee230b22d739e8a:host:172.234.197.23:host:177.10.239.25	SESSION-dee230b22d739e8a → host:172.234.197.23 → host:177.10.239.25
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-99a4fe376d3938fb:SESSION-99a4fe376d3938fb	SESSION-99a4fe376d3938fb → pe:tls:SESSION-99a4fe376d3938fb
FLOW_FROM_HOSTOBS	e:from:SESSION-597e69ebdf7ef93f:host:131.196.31.193	SESSION-597e69ebdf7ef93f → host:131.196.31.193
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-59d5bafa56d514c9:SESSION-59d5bafa56d514c9	SESSION-59d5bafa56d514c9 → pe:syn:SESSION-59d5bafa56d514c9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ba1793b4e05c9885:flow:75695113798f	SESSION-ba1793b4e05c9885 → flow:75695113798f
FLOW_TO_HOSTOBS	e:to:SESSION-2b68ed671c67acfd:host:172.234.197.23	SESSION-2b68ed671c67acfd → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8b19fa2241ff:port:tcp:443	flow:8b19fa2241ff → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db8bd5551afdaf6c:SESSION-db8bd5551afdaf6c	SESSION-db8bd5551afdaf6c → pe:tls:SESSION-db8bd5551afdaf6c
FLOW_DST_PORTOBS	e:fp:flow:d1de667db311:port:tcp:14914	flow:d1de667db311 → port:tcp:14914
FLOW_TO_HOSTOBS	e:to:SESSION-4e094b52f54dff79:host:131.196.28.176	SESSION-4e094b52f54dff79 → host:131.196.28.176
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a8c8ed56d6827efd:PCAP:capture_20260430110001:43611bdf6759	SESSION-a8c8ed56d6827efd → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b32f5a9266c1045d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b32f5a9266c1045d → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1530091b08a9906d:flow:794db97b6d69	SESSION-1530091b08a9906d → flow:794db97b6d69
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.230:asn:262880	host:177.10.234.230 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-46aa20776642b201:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-46aa20776642b201 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1620c835b56464d4:host:172.234.197.23:host:177.10.234.248	SESSION-1620c835b56464d4 → host:172.234.197.23 → host:177.10.234.248
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f39c81a37ca9c9d3:host:172.234.197.23:host:177.10.235.215	SESSION-f39c81a37ca9c9d3 → host:172.234.197.23 → host:177.10.235.215
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d12c89e59455016e:SESSION-d12c89e59455016e	SESSION-d12c89e59455016e → pe:tls:SESSION-d12c89e59455016e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-76aff26f067fcb92:flow:ff607ec6923a	SESSION-76aff26f067fcb92 → flow:ff607ec6923a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9479b510131ce6c:host:177.10.236.29	SESSION-f9479b510131ce6c → host:177.10.236.29
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65f6be25ebaee411:host:172.234.197.23	SESSION-65f6be25ebaee411 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e8d490f85079	flow:e8d490f85079 → host:172.234.197.23 → host:131.196.30.143 → port:tcp:27779
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-106d77d887836a65:host:177.10.234.74	SESSION-106d77d887836a65 → host:177.10.234.74
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e63705938a499015:flow:a3fe5d1002fc	SESSION-e63705938a499015 → flow:a3fe5d1002fc
FLOW_TO_HOSTOBS	e:to:SESSION-c8fbacc1128a5208:host:172.234.197.23	SESSION-c8fbacc1128a5208 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf68ee1b1745b1ca:host:172.234.197.23	SESSION-bf68ee1b1745b1ca → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a5381df0c70f3b63:host:172.234.197.23	SESSION-a5381df0c70f3b63 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.169:asn:262880	host:177.10.237.169 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21cd302cb5783965:host:177.10.232.182	SESSION-21cd302cb5783965 → host:177.10.232.182
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-577376347fdfe894:SESSION-577376347fdfe894	SESSION-577376347fdfe894 → pe:tls:SESSION-577376347fdfe894
flow_observed5-aryOBS	e:fo:flow:793550407790	flow:793550407790 → host:131.196.29.236 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-6f0fa0972c78e2ef:host:177.10.239.51	SESSION-6f0fa0972c78e2ef → host:177.10.239.51
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c3fa9d5496b14fae:SESSION-c3fa9d5496b14fae	SESSION-c3fa9d5496b14fae → pe:tls:SESSION-c3fa9d5496b14fae
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e606b3df4d49b4d1:host:131.196.31.38	SESSION-e606b3df4d49b4d1 → host:131.196.31.38
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ac3ac59e74f457a2:host:172.234.197.23:host:177.10.233.240	SESSION-ac3ac59e74f457a2 → host:172.234.197.23 → host:177.10.233.240
FLOW_TO_HOSTOBS	e:to:SESSION-04737cadee3282a6:host:172.234.197.23	SESSION-04737cadee3282a6 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:5edd843e41dc	flow:5edd843e41dc → host:172.234.197.23 → host:131.196.31.237 → port:tcp:31679
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b09cf74640ed889e:host:177.10.235.110:host:172.234.197.23	SESSION-b09cf74640ed889e → host:177.10.235.110 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4b0821df7b169e6a:host:131.196.28.196	SESSION-4b0821df7b169e6a → host:131.196.28.196
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-379e8704803db8ae:host:177.10.237.132:host:172.234.197.23	SESSION-379e8704803db8ae → host:177.10.237.132 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f0be9ff1ae53d349:host:172.234.197.23:host:177.10.232.222	SESSION-f0be9ff1ae53d349 → host:172.234.197.23 → host:177.10.232.222
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.218:geo_-16.28860_-49.01640	host:177.10.239.218 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-91c14db05e009245:SESSION-91c14db05e009245	SESSION-91c14db05e009245 → pe:syn:SESSION-91c14db05e009245
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07ba7d1d1566dce2:host:172.234.197.23	SESSION-07ba7d1d1566dce2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f42dcf2468c4a64f:SESSION-f42dcf2468c4a64f	SESSION-f42dcf2468c4a64f → pe:syn:SESSION-f42dcf2468c4a64f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.250:geo_-16.28860_-49.01640	host:177.10.236.250 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-674d0a1b38b3c135:host:172.234.197.23	SESSION-674d0a1b38b3c135 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f580f0e619786fa7:SESSION-f580f0e619786fa7	SESSION-f580f0e619786fa7 → pe:tls:SESSION-f580f0e619786fa7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f2f7ca9f61df30fd:PCAP:capture_20260430060001:919b39a74464	SESSION-f2f7ca9f61df30fd → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:b004ebd7b4c6:port:tcp:443	flow:b004ebd7b4c6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-744a603206d06e24:host:172.234.197.23	SESSION-744a603206d06e24 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e2713dc0653d6ae5:host:131.196.30.81	SESSION-e2713dc0653d6ae5 → host:131.196.30.81
FLOW_TO_HOSTOBS	e:to:SESSION-810f814d66b016e7:host:172.234.197.23	SESSION-810f814d66b016e7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7af80619f13211ba:host:172.234.197.23	SESSION-7af80619f13211ba → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:2fef4a6efd16:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:2fef4a6efd16 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-24f1ec9c7d379a9b:SESSION-24f1ec9c7d379a9b	SESSION-24f1ec9c7d379a9b → pe:syn:SESSION-24f1ec9c7d379a9b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-48de9f7b9a5a464c:SESSION-48de9f7b9a5a464c	SESSION-48de9f7b9a5a464c → pe:syn:SESSION-48de9f7b9a5a464c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac9ecab386602d8f:host:177.10.236.84	SESSION-ac9ecab386602d8f → host:177.10.236.84
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b10aefef2d5c06b7:host:177.10.233.119:host:172.234.197.23	SESSION-b10aefef2d5c06b7 → host:177.10.233.119 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-33916bd4dadd0440:SESSION-33916bd4dadd0440	SESSION-33916bd4dadd0440 → pe:tls:SESSION-33916bd4dadd0440
FLOW_DST_PORTOBS	e:fp:flow:be0b354de90a:port:tcp:443	flow:be0b354de90a → port:tcp:443
flow_observed3-aryOBS	e:fo:flow:e3887a4e7bdf	flow:e3887a4e7bdf → host:44.244.28.93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39cfa534eb7ca418:host:177.10.234.76	SESSION-39cfa534eb7ca418 → host:177.10.234.76
FLOW_FROM_HOSTOBS	e:from:SESSION-669451aeea441b50:host:177.10.232.152	SESSION-669451aeea441b50 → host:177.10.232.152
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b1f042103d1727f:host:172.234.197.23	SESSION-5b1f042103d1727f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:84c3bc2c7389:port:tcp:443	flow:84c3bc2c7389 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e798ff0c310952a:host:172.234.197.23	SESSION-6e798ff0c310952a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-76fc6cf591b9ed20:SESSION-76fc6cf591b9ed20	SESSION-76fc6cf591b9ed20 → pe:tls:SESSION-76fc6cf591b9ed20
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ce29096c932e7f50:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ce29096c932e7f50 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c93e3b6f6b78357b:SESSION-c93e3b6f6b78357b	SESSION-c93e3b6f6b78357b → pe:tls:SESSION-c93e3b6f6b78357b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b05aeaff4a071503:host:172.234.197.23	SESSION-b05aeaff4a071503 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8f59bcaffd8dcae9:PCAP:capture_20260428010001:b1b402c7b202	SESSION-8f59bcaffd8dcae9 → PCAP:capture_20260428010001:b1b402c7b202
flow_observed4-aryOBS	e:fo:flow:3768c31ca8cd	flow:3768c31ca8cd → host:172.234.197.23 → host:45.173.156.117 → port:tcp:48322
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4b068e0f016ef609:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4b068e0f016ef609 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf1d5c3c8737f760:flow:c51b8507e6fd	SESSION-bf1d5c3c8737f760 → flow:c51b8507e6fd
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.21:geo_-16.28860_-49.01640	host:177.10.234.21 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc301fc8fa5220df:host:177.10.238.166	SESSION-fc301fc8fa5220df → host:177.10.238.166
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a176047016eec520:host:177.10.235.127	SESSION-a176047016eec520 → host:177.10.235.127
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6a5c0858fcd0d09:host:172.234.197.23	SESSION-e6a5c0858fcd0d09 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b481f21a133f6fd1:host:177.10.239.159	SESSION-b481f21a133f6fd1 → host:177.10.239.159
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6299cf50d0e2e558:flow:8037dcc8826c	SESSION-6299cf50d0e2e558 → flow:8037dcc8826c
FLOW_FROM_HOSTOBS	e:from:SESSION-917ad6cf3046e17b:host:172.234.197.23	SESSION-917ad6cf3046e17b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7377b91dd9eda5d9:PCAP:capture_20260430060001:919b39a74464	SESSION-7377b91dd9eda5d9 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77c18cfa23ea97ee:SESSION-77c18cfa23ea97ee	SESSION-77c18cfa23ea97ee → pe:syn:SESSION-77c18cfa23ea97ee
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-24e3c3c409f2ba92:PCAP:capture_20260430080001:93f47cc296a4	SESSION-24e3c3c409f2ba92 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7141588dcb909c75:flow:e773fd80a0e8	SESSION-7141588dcb909c75 → flow:e773fd80a0e8
FLOW_DST_PORTOBS	e:fp:flow:fac57f01f533:port:tcp:443	flow:fac57f01f533 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:094c3d9058e3:port:tcp:443	flow:094c3d9058e3 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a58d8beb20a4c9e1:PCAP:capture_20260430070001:903a0e7a436b	SESSION-a58d8beb20a4c9e1 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-979974e101979ba8:host:194.164.107.6:host:172.234.197.23	SESSION-979974e101979ba8 → host:194.164.107.6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:24b3fe0163fb:port:tcp:54490	flow:24b3fe0163fb → port:tcp:54490
FLOW_DST_PORTOBS	e:fp:flow:19e51d619eb1:port:tcp:443	flow:19e51d619eb1 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68e98907ffe6aa24:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-68e98907ffe6aa24 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ea53a00807c951b5:flow:ed68676a7b84	SESSION-ea53a00807c951b5 → flow:ed68676a7b84
flow_observed4-aryOBS	e:fo:flow:ae8d941664b0	flow:ae8d941664b0 → host:172.234.197.23 → host:177.10.236.14 → port:tcp:35646
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-745809bcd8ad6979:flow:6605cb18f1ab	SESSION-745809bcd8ad6979 → flow:6605cb18f1ab
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-da40d6e9bff8c88d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-da40d6e9bff8c88d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:29e57c1817e3:port:tcp:46750	flow:29e57c1817e3 → port:tcp:46750
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f0f5313432825fa0:flow:ae5a5bc5d983	SESSION-f0f5313432825fa0 → flow:ae5a5bc5d983
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-328e38096bb05d60:host:172.234.197.23:host:177.10.235.236	SESSION-328e38096bb05d60 → host:172.234.197.23 → host:177.10.235.236
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e7f9687dfabd8cdb:host:45.173.156.221:host:172.234.197.23	SESSION-e7f9687dfabd8cdb → host:45.173.156.221 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f8ffffed45ee6ab8:host:177.10.233.253	SESSION-f8ffffed45ee6ab8 → host:177.10.233.253
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b145e081d4e87ab3:host:177.10.239.221	SESSION-b145e081d4e87ab3 → host:177.10.239.221
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4ba3ff89783efd81:host:177.10.238.138:host:172.234.197.23	SESSION-4ba3ff89783efd81 → host:177.10.238.138 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-72f157e6b3da81bc:host:45.173.156.11:host:172.234.197.23	SESSION-72f157e6b3da81bc → host:45.173.156.11 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9886228ef28af254:SESSION-9886228ef28af254	SESSION-9886228ef28af254 → pe:tls:SESSION-9886228ef28af254
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-52e5c47434ed6c74:host:177.10.233.148:host:172.234.197.23	SESSION-52e5c47434ed6c74 → host:177.10.233.148 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-045546313cbf5843:SESSION-045546313cbf5843	SESSION-045546313cbf5843 → pe:syn:SESSION-045546313cbf5843
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-11ee8787e5fc7b06:flow:351a27e379de	SESSION-11ee8787e5fc7b06 → flow:351a27e379de
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4bb4f425427d3bee:SESSION-4bb4f425427d3bee	SESSION-4bb4f425427d3bee → pe:syn:SESSION-4bb4f425427d3bee
FLOW_FROM_HOSTOBS	e:from:SESSION-95229c7c61064646:host:177.10.233.70	SESSION-95229c7c61064646 → host:177.10.233.70
FLOW_FROM_HOSTOBS	e:from:SESSION-7536a33faff5a95d:host:177.10.235.168	SESSION-7536a33faff5a95d → host:177.10.235.168
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e088d2ccbc3966c5:host:172.234.197.23:host:185.72.218.77	SESSION-e088d2ccbc3966c5 → host:172.234.197.23 → host:185.72.218.77
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3d0d891734a12161:SESSION-3d0d891734a12161	SESSION-3d0d891734a12161 → pe:syn:SESSION-3d0d891734a12161
FLOW_FROM_HOSTOBS	e:from:SESSION-75ad621f5d402513:host:177.10.232.114	SESSION-75ad621f5d402513 → host:177.10.232.114
FLOW_DST_PORTOBS	e:fp:flow:df66ab69b89e:port:tcp:443	flow:df66ab69b89e → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.216:asn:262880	host:177.10.237.216 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cea44595be79fe10:host:172.234.197.23	SESSION-cea44595be79fe10 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-2604bc3e94e22829:SESSION-2604bc3e94e22829	SESSION-2604bc3e94e22829 → pe:dns:SESSION-2604bc3e94e22829
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31de31d3c82f498d:host:131.196.31.107	SESSION-31de31d3c82f498d → host:131.196.31.107
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-31f4941ab57ed47b:SESSION-31f4941ab57ed47b	SESSION-31f4941ab57ed47b → pe:tls:SESSION-31f4941ab57ed47b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7bea4de6efa859da:flow:d1769d6cea4e	SESSION-7bea4de6efa859da → flow:d1769d6cea4e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d9e1dffa0e2317c3:PCAP:capture_20260430090001:065659c7d314	SESSION-d9e1dffa0e2317c3 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-9a269382e1e5b425:host:131.196.29.151	SESSION-9a269382e1e5b425 → host:131.196.29.151
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a3df3a26ac38d69:host:172.234.197.23	SESSION-4a3df3a26ac38d69 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4db42491c04de440:host:172.234.197.23	SESSION-4db42491c04de440 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d27008d937f2d8be:flow:dac3294581ff	SESSION-d27008d937f2d8be → flow:dac3294581ff
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27ea3c16306f2f5f:host:172.234.197.23	SESSION-27ea3c16306f2f5f → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.137:geo_-16.28860_-49.01640	host:177.10.236.137 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-07a584f2a7f89f38:host:51.91.243.64	SESSION-07a584f2a7f89f38 → host:51.91.243.64
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ed34bf9fded9d68:flow:b20e48464cae	SESSION-5ed34bf9fded9d68 → flow:b20e48464cae
FLOW_FROM_HOSTOBS	e:from:SESSION-4c0ceaca72bbee92:host:131.196.30.223	SESSION-4c0ceaca72bbee92 → host:131.196.30.223
FLOW_TO_HOSTOBS	e:to:SESSION-753bfef963e546aa:host:172.234.197.23	SESSION-753bfef963e546aa → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-280b0d78f93705fd:host:172.234.197.23	SESSION-280b0d78f93705fd → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d736bf96956c	flow:d736bf96956c → host:131.196.31.133 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-a60100c841341ace:BSG-DATA_EXFIL-a1f720c83276	SESSION-a60100c841341ace → BSG-DATA_EXFIL-a1f720c83276
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b2586028491b4edc:SESSION-b2586028491b4edc	SESSION-b2586028491b4edc → pe:syn:SESSION-b2586028491b4edc
FLOW_DST_PORTOBS	e:fp:flow:07b0ac783a43:port:tcp:443	flow:07b0ac783a43 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c96791011a0f6f2:host:172.234.197.23	SESSION-7c96791011a0f6f2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fb5f5db80365:port:tcp:22333	flow:fb5f5db80365 → port:tcp:22333
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2e0b5328aa075dd2:SESSION-2e0b5328aa075dd2	SESSION-2e0b5328aa075dd2 → pe:tls:SESSION-2e0b5328aa075dd2
FLOW_TO_HOSTOBS	e:to:SESSION-4aa43b0ccd10448e:host:177.10.239.35	SESSION-4aa43b0ccd10448e → host:177.10.239.35
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a40236c67828800b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-a40236c67828800b → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-75251a40e4bc6a46:flow:7e7fec78c1be	SESSION-75251a40e4bc6a46 → flow:7e7fec78c1be
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-555dcb6965008cb6:flow:cb392402663a	SESSION-555dcb6965008cb6 → flow:cb392402663a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ef18db4a9eedd9d:SESSION-2ef18db4a9eedd9d	SESSION-2ef18db4a9eedd9d → pe:tls:SESSION-2ef18db4a9eedd9d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-975059a05a34b0ad:SESSION-975059a05a34b0ad	SESSION-975059a05a34b0ad → pe:tls:SESSION-975059a05a34b0ad
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-217f16055e8d00da:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-217f16055e8d00da → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a57e7ba0de33dea3:PCAP:capture_20260430080001:93f47cc296a4	SESSION-a57e7ba0de33dea3 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-925ab2a859ac277f:host:177.10.232.46	SESSION-925ab2a859ac277f → host:177.10.232.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c828adcf318b7963:SESSION-c828adcf318b7963	SESSION-c828adcf318b7963 → pe:rst:SESSION-c828adcf318b7963
FLOW_TO_HOSTOBS	e:to:SESSION-54da05b162213325:host:177.10.238.30	SESSION-54da05b162213325 → host:177.10.238.30
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4ba3ff89783efd81:SESSION-4ba3ff89783efd81	SESSION-4ba3ff89783efd81 → pe:syn:SESSION-4ba3ff89783efd81
FLOW_FROM_HOSTOBS	e:from:SESSION-5278b2d1db18e971:host:172.234.197.23	SESSION-5278b2d1db18e971 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3988e0c31504	flow:3988e0c31504 → host:177.10.236.40 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52c764b77552a86d:host:172.234.197.23	SESSION-52c764b77552a86d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5a2daebd33ff	flow:5a2daebd33ff → host:177.10.237.64 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-840476c00c988ec7:SESSION-840476c00c988ec7	SESSION-840476c00c988ec7 → pe:syn:SESSION-840476c00c988ec7
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.133:asn:262880	host:177.10.238.133 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85419ca5854a5f9c:host:172.234.197.23	SESSION-85419ca5854a5f9c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-15539e18bbfcb0e8:flow:09e69323670d	SESSION-15539e18bbfcb0e8 → flow:09e69323670d
FLOW_DST_PORTOBS	e:fp:flow:b0f8eace8c77:port:tcp:443	flow:b0f8eace8c77 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-70a92a3cd71eafd5:host:172.234.197.23:host:177.10.235.34	SESSION-70a92a3cd71eafd5 → host:172.234.197.23 → host:177.10.235.34
flow_observed5-aryOBS	e:fo:flow:e0430cbe48d4	flow:e0430cbe48d4 → host:177.10.236.32 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0482ff4f8e4ec953:host:172.234.197.23	SESSION-0482ff4f8e4ec953 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0b228975a6eff356:host:172.234.197.23	SESSION-0b228975a6eff356 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f105059d1ed0a542:SESSION-f105059d1ed0a542	SESSION-f105059d1ed0a542 → pe:syn:SESSION-f105059d1ed0a542
FLOW_TO_HOSTOBS	e:to:SESSION-2842c4c08e29d7d7:host:172.234.197.23	SESSION-2842c4c08e29d7d7 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e7cfd0a388ab	flow:e7cfd0a388ab → host:45.173.156.19 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-39adf49608796443:SESSION-39adf49608796443	SESSION-39adf49608796443 → pe:syn:SESSION-39adf49608796443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e2eb0c2c4028db16:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-e2eb0c2c4028db16 → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed5-aryOBS	e:fo:flow:62f70f17b15f	flow:62f70f17b15f → host:177.10.238.140 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-045546313cbf5843:flow:3c358770241f	SESSION-045546313cbf5843 → flow:3c358770241f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7f3bd7044d582575:PCAP:capture_20260430120001:56630107de80	SESSION-7f3bd7044d582575 → PCAP:capture_20260430120001:56630107de80
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.15:geo_-16.28860_-49.01640	host:177.10.233.15 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b475107bbd97ed39:SESSION-b475107bbd97ed39	SESSION-b475107bbd97ed39 → pe:tls:SESSION-b475107bbd97ed39
FLOW_DST_PORTOBS	e:fp:flow:5dc402cfbc94:port:tcp:443	flow:5dc402cfbc94 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2a19838102931ca6:host:177.10.233.44:host:172.234.197.23	SESSION-2a19838102931ca6 → host:177.10.233.44 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-022fbc52c5dbb7ff:PCAP:capture_20260430070001:903a0e7a436b	SESSION-022fbc52c5dbb7ff → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:fdc8b0b4727e:port:tcp:443	flow:fdc8b0b4727e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-feb3207d55e7c5c5:SESSION-feb3207d55e7c5c5	SESSION-feb3207d55e7c5c5 → pe:syn:SESSION-feb3207d55e7c5c5
FLOW_TO_HOSTOBS	e:to:SESSION-3fa29bafd0740f46:host:131.196.29.126	SESSION-3fa29bafd0740f46 → host:131.196.29.126
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-370545020cd57187:host:177.10.234.215	SESSION-370545020cd57187 → host:177.10.234.215
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-105866a23abaa0d9:host:45.173.156.21:host:172.234.197.23	SESSION-105866a23abaa0d9 → host:45.173.156.21 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1c9303996834523:host:172.234.197.23	SESSION-d1c9303996834523 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:af656b59467f:port:tcp:56393	flow:af656b59467f → port:tcp:56393
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3db1c42fb505a2f9:host:177.10.234.184:host:172.234.197.23	SESSION-3db1c42fb505a2f9 → host:177.10.234.184 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3e3d1aa706f2604d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-3e3d1aa706f2604d → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17fce8ea46af65f2:host:172.234.197.23	SESSION-17fce8ea46af65f2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f277335c7e8c32bb:host:172.234.197.23	SESSION-f277335c7e8c32bb → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ac7bdbcc541a2d8:PCAP:capture_20260430110001:43611bdf6759	SESSION-8ac7bdbcc541a2d8 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f5a08fe68832616d:flow:99625993f9a8	SESSION-f5a08fe68832616d → flow:99625993f9a8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5a4d952075d0ee24:SESSION-5a4d952075d0ee24	SESSION-5a4d952075d0ee24 → pe:syn:SESSION-5a4d952075d0ee24
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-afd30c72829a35a2:host:131.196.28.157:host:172.234.197.23	SESSION-afd30c72829a35a2 → host:131.196.28.157 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b304bd763b72b95f:host:37.221.79.239	SESSION-b304bd763b72b95f → host:37.221.79.239
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c9d4e1b0711d4507:PCAP:capture_20260430150001:ded20914761d	SESSION-c9d4e1b0711d4507 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-406d5e8256fbfc45:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-406d5e8256fbfc45 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.133:geo_-21.10010_-41.69200	host:45.173.156.133 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5e4b6893c364bde:host:177.10.234.56	SESSION-e5e4b6893c364bde → host:177.10.234.56
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38fb62728f2b5e64:host:172.234.197.23	SESSION-38fb62728f2b5e64 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e7caeaef261aefc4:SESSION-e7caeaef261aefc4	SESSION-e7caeaef261aefc4 → pe:syn:SESSION-e7caeaef261aefc4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a286fa1508a759d:host:172.234.197.23	SESSION-3a286fa1508a759d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f55e3eaa0043	flow:f55e3eaa0043 → host:144.76.23.34 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb17861f5be52c2c:host:172.234.197.23	SESSION-eb17861f5be52c2c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.175:asn:271410	host:131.196.31.175 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:b8a5b7dbb39a:port:udp:53	flow:b8a5b7dbb39a → port:udp:53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-54530aea57b72d0f:SESSION-54530aea57b72d0f	SESSION-54530aea57b72d0f → pe:syn:SESSION-54530aea57b72d0f
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.8:asn:273470	host:45.173.156.8 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4da5ddbc1348c177:host:177.10.233.126	SESSION-4da5ddbc1348c177 → host:177.10.233.126
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-82f2c01059fea89b:host:172.234.197.23	SESSION-82f2c01059fea89b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-01c9c3509e882c26:host:172.234.197.23	SESSION-01c9c3509e882c26 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:683123e16bef	flow:683123e16bef → host:172.234.197.23 → host:45.173.156.32 → port:tcp:53576
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f158e3bc319e69c7:host:172.234.197.23	SESSION-f158e3bc319e69c7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-abaf8d71fe47df1c:host:177.10.239.246:host:172.234.197.23	SESSION-abaf8d71fe47df1c → host:177.10.239.246 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6ecadfe6c5ec	flow:6ecadfe6c5ec → host:177.10.235.202 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-8aa4413fe5db5235:host:177.10.232.63	SESSION-8aa4413fe5db5235 → host:177.10.232.63
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-980b61ddea9c5965:host:172.234.197.23:host:172.232.0.16	SESSION-980b61ddea9c5965 → host:172.234.197.23 → host:172.232.0.16
FLOW_DST_PORTOBS	e:fp:flow:7e1d945377ab:port:tcp:443	flow:7e1d945377ab → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f0f5313432825fa0:host:177.10.237.15:host:172.234.197.23	SESSION-f0f5313432825fa0 → host:177.10.237.15 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-56e56d8157575627:host:172.234.197.23	SESSION-56e56d8157575627 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77e4374445abb63e:host:172.234.197.23:host:177.10.233.121	SESSION-77e4374445abb63e → host:172.234.197.23 → host:177.10.233.121
flow_observed5-aryOBS	e:fo:flow:953e707e2c3e	flow:953e707e2c3e → host:177.10.239.99 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57494845d8eca477:host:172.234.197.23	SESSION-57494845d8eca477 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7d9d7757b20ed84d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7d9d7757b20ed84d → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-71917de89d264496:host:45.173.156.172	SESSION-71917de89d264496 → host:45.173.156.172
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0948a596b6903965:SESSION-0948a596b6903965	SESSION-0948a596b6903965 → pe:syn:SESSION-0948a596b6903965
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.192:geo_-16.28860_-49.01640	host:177.10.236.192 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-786e34aed7c64f61:host:131.196.28.0	SESSION-786e34aed7c64f61 → host:131.196.28.0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85a5e7fc435163e0:host:172.234.197.23	SESSION-85a5e7fc435163e0 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:31dd5b8aecb6	flow:31dd5b8aecb6 → host:172.234.197.23 → host:177.10.234.215 → port:tcp:193
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9f9972302e9230d9:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-9f9972302e9230d9 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6455927ff3f8f851:flow:ad5aee9f59a3	SESSION-6455927ff3f8f851 → flow:ad5aee9f59a3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54d5efa8aa8025c4:host:172.234.197.23	SESSION-54d5efa8aa8025c4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d7cbc1377cf9:port:tcp:61766	flow:d7cbc1377cf9 → port:tcp:61766
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e62c7e5ed36c3850:SESSION-e62c7e5ed36c3850	SESSION-e62c7e5ed36c3850 → pe:syn:SESSION-e62c7e5ed36c3850
FLOW_DST_PORTOBS	e:fp:flow:6459e3f91d35:port:tcp:443	flow:6459e3f91d35 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.65:asn:262880	host:177.10.235.65 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-4bd79e02a6b67038:host:172.234.197.23	SESSION-4bd79e02a6b67038 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5d27f09d7c919692:host:172.234.197.23:host:131.196.28.207	SESSION-5d27f09d7c919692 → host:172.234.197.23 → host:131.196.28.207
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1fd73a09d62d6f89:SESSION-1fd73a09d62d6f89	SESSION-1fd73a09d62d6f89 → pe:tls:SESSION-1fd73a09d62d6f89
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8d5fc6f7b2bd264:PCAP:capture_20260430090001:065659c7d314	SESSION-c8d5fc6f7b2bd264 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-c651848d98d2f620:host:172.234.197.23	SESSION-c651848d98d2f620 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d618ae22306fa7b9:host:172.234.197.23	SESSION-d618ae22306fa7b9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-877b851a45681e10:host:172.234.197.23	SESSION-877b851a45681e10 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5d4ae68a057da74d:host:172.234.197.23:host:177.10.233.3	SESSION-5d4ae68a057da74d → host:172.234.197.23 → host:177.10.233.3
FLOW_DST_PORTOBS	e:fp:flow:44762f5cbd02:port:tcp:443	flow:44762f5cbd02 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8fb17d6554827f30:flow:bdad748541b4	SESSION-8fb17d6554827f30 → flow:bdad748541b4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-386a52b5a647d101:SESSION-386a52b5a647d101	SESSION-386a52b5a647d101 → pe:tls:SESSION-386a52b5a647d101
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-54704a8587620f8b:host:45.173.156.47:host:172.234.197.23	SESSION-54704a8587620f8b → host:45.173.156.47 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-314272d88a452691:PCAP:capture_20260430080001:93f47cc296a4	SESSION-314272d88a452691 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-2faf2af9b390693e:host:172.234.197.23	SESSION-2faf2af9b390693e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-97a932b8098f01e0:flow:09496ce57c77	SESSION-97a932b8098f01e0 → flow:09496ce57c77
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7ad6356c5bafa36b:host:172.234.197.23:host:131.196.28.39	SESSION-7ad6356c5bafa36b → host:172.234.197.23 → host:131.196.28.39
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7eeea37688fc574d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-7eeea37688fc574d → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-85f4ab9e3ed21fa2:host:177.10.235.212	SESSION-85f4ab9e3ed21fa2 → host:177.10.235.212
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93c7fae83342c58e:host:172.234.197.23	SESSION-93c7fae83342c58e → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.47:asn:262880	host:177.10.237.47 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4ec222cc1c3a7faf:host:172.234.197.23:host:177.10.232.165	SESSION-4ec222cc1c3a7faf → host:172.234.197.23 → host:177.10.232.165
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b3b2d33602e817e1:host:172.234.197.23:host:131.196.28.100	SESSION-b3b2d33602e817e1 → host:172.234.197.23 → host:131.196.28.100
FLOW_TO_HOSTOBS	e:to:SESSION-7eb452f0b60197b3:host:45.173.156.150	SESSION-7eb452f0b60197b3 → host:45.173.156.150
flow_observed4-aryOBS	e:fo:flow:871875abac62	flow:871875abac62 → host:172.234.197.23 → host:131.196.30.147 → port:tcp:45297
flow_observed4-aryOBS	e:fo:flow:b2d7167908ff	flow:b2d7167908ff → host:172.234.197.23 → host:177.10.233.61 → port:tcp:58393
FLOW_FROM_HOSTOBS	e:from:SESSION-f0d0c8f73043707f:host:172.234.197.23	SESSION-f0d0c8f73043707f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e00ced36c846b73a:flow:b4b58943af29	SESSION-e00ced36c846b73a → flow:b4b58943af29
flow_observed5-aryOBS	e:fo:flow:ff968608d852	flow:ff968608d852 → host:45.173.156.85 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:54248e81c0ee:port:tcp:443	flow:54248e81c0ee → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:7112b92d323c:port:tcp:443	flow:7112b92d323c → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2a9f928f7ece6fbf:flow:b81f7fd27c1a	SESSION-2a9f928f7ece6fbf → flow:b81f7fd27c1a
flow_observed4-aryOBS	e:fo:flow:69755715354d	flow:69755715354d → host:172.234.197.23 → host:131.196.29.107 → port:tcp:52005
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0d1802072f1dd852:PCAP:capture_20260430050001:8868731bf8a4	SESSION-0d1802072f1dd852 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:c0f8ff625ff5:port:tcp:13391	flow:c0f8ff625ff5 → port:tcp:13391
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.187:asn:273470	host:45.173.156.187 → asn:273470
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.175:geo_-23.62930_-46.63510	host:131.196.31.175 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-7c6483e185c23934:host:177.10.236.134	SESSION-7c6483e185c23934 → host:177.10.236.134
FLOW_DST_PORTOBS	e:fp:flow:8ae016b07990:port:tcp:443	flow:8ae016b07990 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bef335bbd7bd0f49:SESSION-bef335bbd7bd0f49	SESSION-bef335bbd7bd0f49 → pe:syn:SESSION-bef335bbd7bd0f49
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce973eb9d12ea742:host:172.234.197.23	SESSION-ce973eb9d12ea742 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-57039b95174af1c3:host:177.10.236.40	SESSION-57039b95174af1c3 → host:177.10.236.40
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.252:geo_-16.28860_-49.01640	host:177.10.239.252 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0ccbf098e115515a:SESSION-0ccbf098e115515a	SESSION-0ccbf098e115515a → pe:syn:SESSION-0ccbf098e115515a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:15.152.35.247:geo_34.69300_135.50050	host:15.152.35.247 → geo_34.69300_135.50050
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b31cf1240fb1e101:SESSION-b31cf1240fb1e101	SESSION-b31cf1240fb1e101 → pe:syn:SESSION-b31cf1240fb1e101
FLOW_FROM_HOSTOBS	e:from:SESSION-a0605f48b345a3ed:host:177.10.235.81	SESSION-a0605f48b345a3ed → host:177.10.235.81
FLOW_FROM_HOSTOBS	e:from:SESSION-b78ee328a5f7ceab:host:31.40.196.119	SESSION-b78ee328a5f7ceab → host:31.40.196.119
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34c02a09bd1ab4d1:host:45.145.152.222	SESSION-34c02a09bd1ab4d1 → host:45.145.152.222
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fad01c8dca4d847:host:172.234.197.23	SESSION-7fad01c8dca4d847 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7d2803f457704e39:host:131.196.29.214:host:172.234.197.23	SESSION-7d2803f457704e39 → host:131.196.29.214 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b881757616a2	flow:b881757616a2 → host:172.234.197.23 → host:177.10.234.250 → port:tcp:21719
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4d7e31822e7386a:host:172.234.197.23	SESSION-c4d7e31822e7386a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3931cb15b35f138a:SESSION-3931cb15b35f138a	SESSION-3931cb15b35f138a → pe:tls:SESSION-3931cb15b35f138a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ce047c01fb54580f:host:172.234.197.23:host:45.173.156.239	SESSION-ce047c01fb54580f → host:172.234.197.23 → host:45.173.156.239
flow_observed5-aryOBS	e:fo:flow:10d37126a494	flow:10d37126a494 → host:131.196.31.140 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.136:geo_-16.28860_-49.01640	host:177.10.239.136 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.106:asn:271410	host:131.196.29.106 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-375dced119266894:host:172.234.197.23	SESSION-375dced119266894 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7e812ffe43c670dc:SESSION-7e812ffe43c670dc	SESSION-7e812ffe43c670dc → pe:tls:SESSION-7e812ffe43c670dc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-149428cb73969f2b:host:177.10.238.35	SESSION-149428cb73969f2b → host:177.10.238.35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-75bc03759038657d:SESSION-75bc03759038657d	SESSION-75bc03759038657d → pe:syn:SESSION-75bc03759038657d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6f2f5812045d2e3b:SESSION-6f2f5812045d2e3b	SESSION-6f2f5812045d2e3b → pe:syn:SESSION-6f2f5812045d2e3b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5a78d91cebd5172f:SESSION-5a78d91cebd5172f	SESSION-5a78d91cebd5172f → pe:syn:SESSION-5a78d91cebd5172f
FLOW_TO_HOSTOBS	e:to:SESSION-96c334cbd5a64077:host:172.234.197.23	SESSION-96c334cbd5a64077 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-22f2328c9f1b641e:host:177.10.234.237:host:172.234.197.23	SESSION-22f2328c9f1b641e → host:177.10.234.237 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-10db7c117acba2ed:SESSION-10db7c117acba2ed	SESSION-10db7c117acba2ed → pe:syn:SESSION-10db7c117acba2ed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9501d29cea91bd7b:host:172.234.197.23	SESSION-9501d29cea91bd7b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-04ab6357fe1e6c0a:host:177.10.232.234	SESSION-04ab6357fe1e6c0a → host:177.10.232.234
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.212:asn:262880	host:177.10.233.212 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-40a7926fcdf458e7:PCAP:capture_20260430160001:9bfa4498506a	SESSION-40a7926fcdf458e7 → PCAP:capture_20260430160001:9bfa4498506a
ASN_IN_ORGOBS 80%	e:ao:asn:152194:org:CTG Server Limited	asn:152194 → org:CTG Server Limited
FLOW_DST_PORTOBS	e:fp:flow:0becdb8f6786:port:tcp:26148	flow:0becdb8f6786 → port:tcp:26148
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49ea8e2d7734ace3:host:177.10.232.122	SESSION-49ea8e2d7734ace3 → host:177.10.232.122
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.207:asn:262880	host:177.10.238.207 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c227f10fbea5d546:host:131.196.29.120	SESSION-c227f10fbea5d546 → host:131.196.29.120
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5bba4e0174a1f95d:flow:ddba3a69e313	SESSION-5bba4e0174a1f95d → flow:ddba3a69e313
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4424212d2efd30c8:PCAP:capture_20260430150001:ded20914761d	SESSION-4424212d2efd30c8 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10f6f623bcce091e:host:177.10.234.199	SESSION-10f6f623bcce091e → host:177.10.234.199
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.227:geo_19.07480_72.88560	host:45.145.152.227 → geo_19.07480_72.88560
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9af350d3c0c51da5:SESSION-9af350d3c0c51da5	SESSION-9af350d3c0c51da5 → pe:syn:SESSION-9af350d3c0c51da5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-78ad99b8772b1e3f:SESSION-78ad99b8772b1e3f	SESSION-78ad99b8772b1e3f → pe:syn:SESSION-78ad99b8772b1e3f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-93cfcdba6a26f550:SESSION-93cfcdba6a26f550	SESSION-93cfcdba6a26f550 → pe:tls:SESSION-93cfcdba6a26f550
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-970263f3772afe71:SESSION-970263f3772afe71	SESSION-970263f3772afe71 → pe:tls:SESSION-970263f3772afe71
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.116:asn:262880	host:177.10.235.116 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9962740ce107c36d:host:172.234.197.23	SESSION-9962740ce107c36d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a5f9d16efb179df1:host:172.234.197.23	SESSION-a5f9d16efb179df1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.135:geo_-16.28860_-49.01640	host:177.10.232.135 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dd8a89b380cdaceb:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-dd8a89b380cdaceb → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed4-aryOBS	e:fo:flow:3c29a1a30005	flow:3c29a1a30005 → host:172.234.197.23 → host:177.10.237.35 → port:tcp:20104
flow_observed5-aryOBS	e:fo:flow:fab5b16eef82	flow:fab5b16eef82 → host:136.243.57.208 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.230:asn:271410	host:131.196.28.230 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df6efecba493c79c:host:177.10.237.38	SESSION-df6efecba493c79c → host:177.10.237.38
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-07d653be0b30b2f4:PCAP:capture_20260428010001:b1b402c7b202	SESSION-07d653be0b30b2f4 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e2f1449f3d42ccdf:SESSION-e2f1449f3d42ccdf	SESSION-e2f1449f3d42ccdf → pe:tls:SESSION-e2f1449f3d42ccdf
FLOW_DST_PORTOBS	e:fp:flow:a53e75876912:port:tcp:443	flow:a53e75876912 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.109:asn:262880	host:177.10.234.109 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-275d804358752875:SESSION-275d804358752875	SESSION-275d804358752875 → pe:tls:SESSION-275d804358752875
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bef335bbd7bd0f49:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-bef335bbd7bd0f49 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1898da4930ba04f2:host:172.234.197.23	SESSION-1898da4930ba04f2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c2c5cb086fef:port:tcp:443	flow:c2c5cb086fef → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.70:geo_-23.62930_-46.63510	host:131.196.28.70 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65029066d9cd1f24:host:45.173.156.10:host:172.234.197.23	SESSION-65029066d9cd1f24 → host:45.173.156.10 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-24ee1f6ef023209d:host:177.10.234.22	SESSION-24ee1f6ef023209d → host:177.10.234.22
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1c9303996834523:flow:aa21f695c888	SESSION-d1c9303996834523 → flow:aa21f695c888
flow_observed5-aryOBS	e:fo:flow:e4fb1419a413	flow:e4fb1419a413 → host:131.196.31.1 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:7ac52bd77a9f	flow:7ac52bd77a9f → host:172.234.197.23 → host:177.10.233.119 → port:tcp:56926
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83f081267b847a58:host:177.10.234.126	SESSION-83f081267b847a58 → host:177.10.234.126
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-43a9f8d54e48850a:host:131.196.31.168:host:172.234.197.23	SESSION-43a9f8d54e48850a → host:131.196.31.168 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f5958a673e968588:host:185.231.226.214	SESSION-f5958a673e968588 → host:185.231.226.214
flow_observed4-aryOBS	e:fo:flow:fff8d3de1b9c	flow:fff8d3de1b9c → host:172.234.197.23 → host:177.10.236.206 → port:tcp:26643
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5a75b8c86281e6b7:PCAP:capture_20260430060001:919b39a74464	SESSION-5a75b8c86281e6b7 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c5ed9f49ee99549f:SESSION-c5ed9f49ee99549f	SESSION-c5ed9f49ee99549f → pe:rst:SESSION-c5ed9f49ee99549f
flow_observed5-aryOBS	e:fo:flow:401c8f0fd65c	flow:401c8f0fd65c → host:131.196.28.249 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-75cb9fe69e287da9:host:177.10.239.203	SESSION-75cb9fe69e287da9 → host:177.10.239.203
FLOW_FROM_HOSTOBS	e:from:SESSION-2d19f64abed8cdcd:host:172.234.197.23	SESSION-2d19f64abed8cdcd → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b197d648fac856a7:host:177.10.236.2:host:172.234.197.23	SESSION-b197d648fac856a7 → host:177.10.236.2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:90f2d84aceea	flow:90f2d84aceea → host:131.196.30.134 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-0d1802072f1dd852:host:172.234.197.23	SESSION-0d1802072f1dd852 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e41fa1676c790d65:host:177.10.235.255:host:172.234.197.23	SESSION-e41fa1676c790d65 → host:177.10.235.255 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c42fa8d9585a:port:tcp:443	flow:c42fa8d9585a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17000fdd70ecbf97:host:172.234.197.23	SESSION-17000fdd70ecbf97 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.177:geo_-23.62930_-46.63510	host:131.196.29.177 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.40:asn:262880	host:177.10.234.40 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9f49b20c8baea20b:host:172.234.197.23:host:177.10.235.1	SESSION-9f49b20c8baea20b → host:172.234.197.23 → host:177.10.235.1
FLOW_TO_HOSTOBS	e:to:SESSION-8bdafe91f45dd428:host:177.10.232.49	SESSION-8bdafe91f45dd428 → host:177.10.232.49
FLOW_TO_HOSTOBS	e:to:SESSION-3075d8276a1a3ff8:host:177.10.237.169	SESSION-3075d8276a1a3ff8 → host:177.10.237.169
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96cc205c664fccab:SESSION-96cc205c664fccab	SESSION-96cc205c664fccab → pe:syn:SESSION-96cc205c664fccab
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3adb88175f99dced:host:177.10.235.155:host:172.234.197.23	SESSION-3adb88175f99dced → host:177.10.235.155 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3685b3a1e6c25f1a:host:185.231.226.68:host:172.234.197.23	SESSION-3685b3a1e6c25f1a → host:185.231.226.68 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fa9d2876c7b3abea:SESSION-fa9d2876c7b3abea	SESSION-fa9d2876c7b3abea → pe:tls:SESSION-fa9d2876c7b3abea
FLOW_DST_PORTOBS	e:fp:flow:dfeeec60d377:port:tcp:443	flow:dfeeec60d377 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-2eaffc60d664a8c9:host:172.234.197.23	SESSION-2eaffc60d664a8c9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6d83a9aba23a117e:host:131.196.30.41	SESSION-6d83a9aba23a117e → host:131.196.30.41
FLOW_TO_HOSTOBS	e:to:SESSION-f776838979623936:host:172.234.197.23	SESSION-f776838979623936 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bbc35343aa20f600:host:177.10.236.149	SESSION-bbc35343aa20f600 → host:177.10.236.149
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-924bf50c0164bb1b:flow:dd936079be3d	SESSION-924bf50c0164bb1b → flow:dd936079be3d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0461902d351b0498:host:172.234.197.23:host:131.196.30.189	SESSION-0461902d351b0498 → host:172.234.197.23 → host:131.196.30.189
FLOW_FROM_HOSTOBS	e:from:SESSION-163f2e33c9f4a8f4:host:172.234.197.23	SESSION-163f2e33c9f4a8f4 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.62:asn:262880	host:177.10.239.62 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-67fe6c66ab1f1fcd:SESSION-67fe6c66ab1f1fcd	SESSION-67fe6c66ab1f1fcd → pe:tls:SESSION-67fe6c66ab1f1fcd
FLOW_DST_PORTOBS	e:fp:flow:53536406705f:port:tcp:443	flow:53536406705f → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:7577abd2e0d4:port:tcp:50423	flow:7577abd2e0d4 → port:tcp:50423
FLOW_DST_PORTOBS	e:fp:flow:3265b036568c:port:tcp:443	flow:3265b036568c → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4db42491c04de440:host:172.234.197.23:host:177.10.236.151	SESSION-4db42491c04de440 → host:172.234.197.23 → host:177.10.236.151
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a77adff1667c3d1:flow:33f7c23f1b8f	SESSION-0a77adff1667c3d1 → flow:33f7c23f1b8f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-accb56e5453b3fbd:SESSION-accb56e5453b3fbd	SESSION-accb56e5453b3fbd → pe:tls:SESSION-accb56e5453b3fbd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1410d14cf4ff2548:SESSION-1410d14cf4ff2548	SESSION-1410d14cf4ff2548 → pe:tls:SESSION-1410d14cf4ff2548
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.167:geo_-16.28860_-49.01640	host:177.10.232.167 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-3f953402fa48addf:host:177.10.232.232	SESSION-3f953402fa48addf → host:177.10.232.232
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8417b06622c43718:SESSION-8417b06622c43718	SESSION-8417b06622c43718 → pe:syn:SESSION-8417b06622c43718
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ae6c5a18819e9434:PCAP:capture_20260430110001:43611bdf6759	SESSION-ae6c5a18819e9434 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-13bd66b79cddeec8:SESSION-13bd66b79cddeec8	SESSION-13bd66b79cddeec8 → pe:tls:SESSION-13bd66b79cddeec8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e8a6e8a4db8ac534:flow:bf3aa5bf62e1	SESSION-e8a6e8a4db8ac534 → flow:bf3aa5bf62e1
flow_observed5-aryOBS	e:fo:flow:35356ce269f5	flow:35356ce269f5 → host:177.10.232.167 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9500d9b64493d052:host:45.173.156.72:host:172.234.197.23	SESSION-9500d9b64493d052 → host:45.173.156.72 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7640c6607dc14992:SESSION-7640c6607dc14992	SESSION-7640c6607dc14992 → pe:tls:SESSION-7640c6607dc14992
FLOW_DST_PORTOBS	e:fp:flow:d284821cdfb8:port:tcp:443	flow:d284821cdfb8 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77d6ed106817bb5a:host:172.234.197.23:host:177.10.236.31	SESSION-77d6ed106817bb5a → host:172.234.197.23 → host:177.10.236.31
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6492f21e062d19aa:host:172.234.197.23	SESSION-6492f21e062d19aa → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d13284d1e9c6a901:SESSION-d13284d1e9c6a901	SESSION-d13284d1e9c6a901 → pe:tls:SESSION-d13284d1e9c6a901
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.177:asn:262880	host:177.10.233.177 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.59:asn:262880	host:177.10.234.59 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:95bdf7b313dd:port:tcp:443	flow:95bdf7b313dd → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ef7fe2bb78158297:SESSION-ef7fe2bb78158297	SESSION-ef7fe2bb78158297 → pe:tls:SESSION-ef7fe2bb78158297
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3767fab91283496e:flow:e7bdccaedf79	SESSION-3767fab91283496e → flow:e7bdccaedf79
FLOW_FROM_HOSTOBS	e:from:SESSION-68c9571f275cd182:host:177.10.239.79	SESSION-68c9571f275cd182 → host:177.10.239.79
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d44c53e781b5466e:host:172.234.197.23:host:131.196.31.253	SESSION-d44c53e781b5466e → host:172.234.197.23 → host:131.196.31.253
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8366f626d6b88fcf:host:172.234.197.23:host:177.10.234.91	SESSION-8366f626d6b88fcf → host:172.234.197.23 → host:177.10.234.91
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0aa7cb63cd191443:SESSION-0aa7cb63cd191443	SESSION-0aa7cb63cd191443 → pe:tls:SESSION-0aa7cb63cd191443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27b2c896335b5c16:host:177.10.233.15	SESSION-27b2c896335b5c16 → host:177.10.233.15
FLOW_TO_HOSTOBS	e:to:SESSION-09a6e49240d11692:host:45.173.156.51	SESSION-09a6e49240d11692 → host:45.173.156.51
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-941b4a1386b7be8f:SESSION-941b4a1386b7be8f	SESSION-941b4a1386b7be8f → pe:tls:SESSION-941b4a1386b7be8f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e1f0a324b14316cd:SESSION-e1f0a324b14316cd	SESSION-e1f0a324b14316cd → pe:tls:SESSION-e1f0a324b14316cd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47e6906e0a27d254:host:177.10.237.179	SESSION-47e6906e0a27d254 → host:177.10.237.179
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65029066d9cd1f24:host:172.234.197.23	SESSION-65029066d9cd1f24 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d226dc6e18df532:host:131.196.29.68	SESSION-2d226dc6e18df532 → host:131.196.29.68
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b42fc656319c5bfc:SESSION-b42fc656319c5bfc	SESSION-b42fc656319c5bfc → pe:tls:SESSION-b42fc656319c5bfc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eab64f08bdc755fb:host:172.234.197.23	SESSION-eab64f08bdc755fb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-82e825a4afeeff6a:host:172.234.197.23	SESSION-82e825a4afeeff6a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22f2328c9f1b641e:host:177.10.234.237	SESSION-22f2328c9f1b641e → host:177.10.234.237
FLOW_TO_HOSTOBS	e:to:SESSION-7e6270bfda958738:host:172.234.197.23	SESSION-7e6270bfda958738 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1627b9df9d2fc920:SESSION-1627b9df9d2fc920	SESSION-1627b9df9d2fc920 → pe:syn:SESSION-1627b9df9d2fc920
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ab81c1372abfe2ce:host:172.234.197.23:host:177.10.237.82	SESSION-ab81c1372abfe2ce → host:172.234.197.23 → host:177.10.237.82
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.52:asn:262880	host:177.10.236.52 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-02999fe2096ad39b:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-02999fe2096ad39b → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fa3e9fc803f342ab:SESSION-fa3e9fc803f342ab	SESSION-fa3e9fc803f342ab → pe:syn:SESSION-fa3e9fc803f342ab
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e10e261831a1079d:host:172.234.197.23	SESSION-e10e261831a1079d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a5b7661178bc9fc6:SESSION-a5b7661178bc9fc6	SESSION-a5b7661178bc9fc6 → pe:tls:SESSION-a5b7661178bc9fc6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68c9571f275cd182:host:172.234.197.23	SESSION-68c9571f275cd182 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-19009ef53e5ab2ef:host:195.154.100.87:host:172.234.197.23	SESSION-19009ef53e5ab2ef → host:195.154.100.87 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:35582a52931d	flow:35582a52931d → host:131.196.31.43 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f18f27343d540733:SESSION-f18f27343d540733	SESSION-f18f27343d540733 → pe:syn:SESSION-f18f27343d540733
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eb8a27373acd6451:flow:94f77a55dba9	SESSION-eb8a27373acd6451 → flow:94f77a55dba9
FLOW_DST_PORTOBS	e:fp:flow:a89327de536a:port:tcp:45643	flow:a89327de536a → port:tcp:45643
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5746e0d81f0d05c1:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-5746e0d81f0d05c1 → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed5-aryOBS	e:fo:flow:f2cb88ffae09	flow:f2cb88ffae09 → host:131.196.30.245 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-1e0550020c1215cf:host:172.234.197.23	SESSION-1e0550020c1215cf → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ff6c08aab12a:port:tcp:443	flow:ff6c08aab12a → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7c35a263dbc41a3d:SESSION-7c35a263dbc41a3d	SESSION-7c35a263dbc41a3d → pe:syn:SESSION-7c35a263dbc41a3d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7d436d9a2a0e2483:PCAP:capture_20260430080001:93f47cc296a4	SESSION-7d436d9a2a0e2483 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5eab3f22e87eb3f:host:172.234.197.23	SESSION-e5eab3f22e87eb3f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ade0b807fe10f93e:host:172.234.197.23	SESSION-ade0b807fe10f93e → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:5cc5d5872470	flow:5cc5d5872470 → host:172.234.197.23 → host:131.196.28.126 → port:tcp:29850
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-133d7db2ccbe04c8:host:172.234.197.23	SESSION-133d7db2ccbe04c8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1110d6d36f6ebd42:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1110d6d36f6ebd42 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:dc0d769fd5e9:port:tcp:443	flow:dc0d769fd5e9 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:f6335468dd94:port:tcp:443	flow:f6335468dd94 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-d47b6311855994f0:host:172.234.197.23	SESSION-d47b6311855994f0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d18b0b138742	flow:d18b0b138742 → host:131.196.28.254 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5eb3b0eaf7de1b7d:host:95.170.25.87	SESSION-5eb3b0eaf7de1b7d → host:95.170.25.87
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-608f6686d64f8e3e:host:172.234.197.23	SESSION-608f6686d64f8e3e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a1d16880e0846180:host:131.196.31.160:host:172.234.197.23	SESSION-a1d16880e0846180 → host:131.196.31.160 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2fc2bfb2b0c4767b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-2fc2bfb2b0c4767b → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e074c277760af7b:flow:feacee804cee	SESSION-4e074c277760af7b → flow:feacee804cee
flow_observed5-aryOBS	e:fo:flow:572a057fddca	flow:572a057fddca → host:177.10.234.128 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.186:asn:262880	host:177.10.234.186 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f344d747ad66bc9c:host:177.10.238.207	SESSION-f344d747ad66bc9c → host:177.10.238.207
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3767fab91283496e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-3767fab91283496e → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c008c2d2b932d4b:host:177.10.235.45	SESSION-7c008c2d2b932d4b → host:177.10.235.45
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b0e4303498e9ae3e:SESSION-b0e4303498e9ae3e	SESSION-b0e4303498e9ae3e → pe:syn:SESSION-b0e4303498e9ae3e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce53b2931ed237cb:host:172.234.197.23	SESSION-ce53b2931ed237cb → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:21fbd5ffa598:port:tcp:14940	flow:21fbd5ffa598 → port:tcp:14940
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bfa418bfe374bf06:host:177.10.235.222	SESSION-bfa418bfe374bf06 → host:177.10.235.222
FLOW_DST_PORTOBS	e:fp:flow:95aa7a0af14a:port:tcp:59995	flow:95aa7a0af14a → port:tcp:59995
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c5d6e49e2849c20f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c5d6e49e2849c20f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-defec876bf358011:host:34.216.30.208	SESSION-defec876bf358011 → host:34.216.30.208
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f7ca91f03ba114f2:flow:99747da9969b	SESSION-f7ca91f03ba114f2 → flow:99747da9969b
FLOW_TO_HOSTOBS	e:to:SESSION-915c694a7f41c8e3:host:172.234.197.23	SESSION-915c694a7f41c8e3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9354322f5192915a:flow:4bd1ced1ed2e	SESSION-9354322f5192915a → flow:4bd1ced1ed2e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0307b3c9af33eb0:flow:2f78094d02f5	SESSION-c0307b3c9af33eb0 → flow:2f78094d02f5
FLOW_FROM_HOSTOBS	e:from:SESSION-1ffb3444ca3f5caf:host:177.10.233.126	SESSION-1ffb3444ca3f5caf → host:177.10.233.126
FLOW_DST_PORTOBS	e:fp:flow:ab0e7633f4fd:port:tcp:443	flow:ab0e7633f4fd → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e167d585a8e48501:host:177.10.232.170	SESSION-e167d585a8e48501 → host:177.10.232.170
flow_observed4-aryOBS	e:fo:flow:2886944b445e	flow:2886944b445e → host:172.234.197.23 → host:45.173.156.8 → port:tcp:43284
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92547fda1a59fab0:host:172.234.197.23	SESSION-92547fda1a59fab0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ea03f5a052cd	flow:ea03f5a052cd → host:104.28.202.77 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e80661c10e8e6e7:host:149.202.187.73	SESSION-5e80661c10e8e6e7 → host:149.202.187.73
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f73bbd477b19c775:SESSION-f73bbd477b19c775	SESSION-f73bbd477b19c775 → pe:syn:SESSION-f73bbd477b19c775
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9e8a9e43c374485d:host:177.10.237.72:host:172.234.197.23	SESSION-9e8a9e43c374485d → host:177.10.237.72 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b03f12d359ceed54:SESSION-b03f12d359ceed54	SESSION-b03f12d359ceed54 → pe:syn:SESSION-b03f12d359ceed54
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-17133b7d31116a9e:flow:1bdb1ce33dbb	SESSION-17133b7d31116a9e → flow:1bdb1ce33dbb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a8c8ed56d6827efd:host:177.10.232.190	SESSION-a8c8ed56d6827efd → host:177.10.232.190
FLOW_FROM_HOSTOBS	e:from:SESSION-3f486f528dd93473:host:177.10.239.186	SESSION-3f486f528dd93473 → host:177.10.239.186
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f0d0c8f73043707f:host:172.234.197.23:host:177.10.232.176	SESSION-f0d0c8f73043707f → host:172.234.197.23 → host:177.10.232.176
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-9b9695896cdce250:SESSION-9b9695896cdce250	SESSION-9b9695896cdce250 → pe:rst:SESSION-9b9695896cdce250
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da377d395ffcc3d3:host:177.10.234.32	SESSION-da377d395ffcc3d3 → host:177.10.234.32
FLOW_DST_PORTOBS	e:fp:flow:38033b53ed44:port:tcp:64945	flow:38033b53ed44 → port:tcp:64945
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4f8f4fc610e76fd:SESSION-c4f8f4fc610e76fd	SESSION-c4f8f4fc610e76fd → pe:syn:SESSION-c4f8f4fc610e76fd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7b2f232bbd4758bf:SESSION-7b2f232bbd4758bf	SESSION-7b2f232bbd4758bf → pe:syn:SESSION-7b2f232bbd4758bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-775ba1157917a355:host:172.234.197.23	SESSION-775ba1157917a355 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:8985c0366690	flow:8985c0366690 → host:172.234.197.23 → host:177.10.233.196 → port:tcp:52817
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ffb3444ca3f5caf:host:172.234.197.23	SESSION-1ffb3444ca3f5caf → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aec4f33b062c0e6b:flow:bf85860c61db	SESSION-aec4f33b062c0e6b → flow:bf85860c61db
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c74fe87f9177e103:PCAP:capture_20260430150001:ded20914761d	SESSION-c74fe87f9177e103 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-d8938c8d43c3c288:host:177.10.234.172	SESSION-d8938c8d43c3c288 → host:177.10.234.172
FLOW_TO_HOSTOBS	e:to:SESSION-dca9298136f0125a:host:177.10.236.46	SESSION-dca9298136f0125a → host:177.10.236.46
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.222:geo_-16.28860_-49.01640	host:177.10.232.222 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8806932607856a75:host:177.10.235.190	SESSION-8806932607856a75 → host:177.10.235.190
FLOW_TO_HOSTOBS	e:to:SESSION-61aa57a35ec0da02:host:177.10.236.22	SESSION-61aa57a35ec0da02 → host:177.10.236.22
flow_observed3-aryOBS	e:fo:flow:c83c1d32e5a0	flow:c83c1d32e5a0 → host:44.250.172.176 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a91fe9a6e775a606:host:172.234.197.23:host:177.10.232.32	SESSION-a91fe9a6e775a606 → host:172.234.197.23 → host:177.10.232.32
FLOW_DST_PORTOBS	e:fp:flow:2f54bb1db205:port:tcp:5405	flow:2f54bb1db205 → port:tcp:5405
flow_observed5-aryOBS	e:fo:flow:30667e1e1d96	flow:30667e1e1d96 → host:177.10.234.93 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.25:geo_-23.62930_-46.63510	host:131.196.29.25 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-da14485ca0be7376:flow:46ce982f7e4b	SESSION-da14485ca0be7376 → flow:46ce982f7e4b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f234671aee206898:host:177.10.238.173	SESSION-f234671aee206898 → host:177.10.238.173
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3bf7bb3dc8319468:SESSION-3bf7bb3dc8319468	SESSION-3bf7bb3dc8319468 → pe:syn:SESSION-3bf7bb3dc8319468
FLOW_DST_PORTOBS	e:fp:flow:21899769e664:port:tcp:443	flow:21899769e664 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-728f64f1954defae:PCAP:capture_20260430080001:93f47cc296a4	SESSION-728f64f1954defae → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1633b12f0e20b97e:SESSION-1633b12f0e20b97e	SESSION-1633b12f0e20b97e → pe:syn:SESSION-1633b12f0e20b97e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5278b2d1db18e971:PCAP:capture_20260430060001:919b39a74464	SESSION-5278b2d1db18e971 → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.77:asn:262880	host:177.10.236.77 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aede3430ffb62e05:PCAP:capture_20260430080001:93f47cc296a4	SESSION-aede3430ffb62e05 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-054885aa6e2323da:flow:0393285963d8	SESSION-054885aa6e2323da → flow:0393285963d8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2f278495c163e84d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2f278495c163e84d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:6879c56cc11a:port:tcp:443	flow:6879c56cc11a → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-84a17a716ed94f5c:SESSION-84a17a716ed94f5c	SESSION-84a17a716ed94f5c → pe:tls:SESSION-84a17a716ed94f5c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-204050056bc27f05:SESSION-204050056bc27f05	SESSION-204050056bc27f05 → pe:tls:SESSION-204050056bc27f05
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e995e7d6e6aa04f6:SESSION-e995e7d6e6aa04f6	SESSION-e995e7d6e6aa04f6 → pe:tls:SESSION-e995e7d6e6aa04f6
FLOW_DST_PORTOBS	e:fp:flow:c71fc06a8217:port:tcp:19051	flow:c71fc06a8217 → port:tcp:19051
FLOW_DST_PORTOBS	e:fp:flow:a62ba4cb8390:port:tcp:443	flow:a62ba4cb8390 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-912ea161e3e6ffdc:SESSION-912ea161e3e6ffdc	SESSION-912ea161e3e6ffdc → pe:syn:SESSION-912ea161e3e6ffdc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-76d607ccf9e84136:PCAP:capture_20260430050001:8868731bf8a4	SESSION-76d607ccf9e84136 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-bfa418bfe374bf06:host:177.10.235.222	SESSION-bfa418bfe374bf06 → host:177.10.235.222
flow_observed5-aryOBS	e:fo:flow:c5a04b88e2dc	flow:c5a04b88e2dc → host:177.10.234.89 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9427f5c2202c5258:PCAP:capture_20260430060001:919b39a74464	SESSION-9427f5c2202c5258 → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.3:asn:262880	host:177.10.236.3 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-354c21b56902e892:host:172.234.197.23	SESSION-354c21b56902e892 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:df01e1d27e72	flow:df01e1d27e72 → host:177.10.236.217 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1e699a2f9558bf8d:host:177.10.237.145:host:172.234.197.23	SESSION-1e699a2f9558bf8d → host:177.10.237.145 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1eb6b92dbb89	flow:1eb6b92dbb89 → host:177.10.235.252 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:49a2db9fef59	flow:49a2db9fef59 → host:172.234.197.23 → host:177.10.236.110 → port:tcp:7230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-623bd72e2e38d66b:SESSION-623bd72e2e38d66b	SESSION-623bd72e2e38d66b → pe:tls:SESSION-623bd72e2e38d66b
flow_observed5-aryOBS	e:fo:flow:094031b5c080	flow:094031b5c080 → host:131.196.29.159 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-ab491f454947df2e:host:177.10.236.32	SESSION-ab491f454947df2e → host:177.10.236.32
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cde6fb5ccac54489:host:172.234.197.23	SESSION-cde6fb5ccac54489 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-623bfc839a4f3b4e:host:131.196.28.78	SESSION-623bfc839a4f3b4e → host:131.196.28.78
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.140:asn:271410	host:131.196.30.140 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e4d63ce34019de3:SESSION-4e4d63ce34019de3	SESSION-4e4d63ce34019de3 → pe:syn:SESSION-4e4d63ce34019de3
flow_observed5-aryOBS	e:fo:flow:4206128c166d	flow:4206128c166d → host:131.196.31.23 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9b3d68511ee3e6e7:SESSION-9b3d68511ee3e6e7	SESSION-9b3d68511ee3e6e7 → pe:syn:SESSION-9b3d68511ee3e6e7
FLOW_TO_HOSTOBS	e:to:SESSION-86e3f0fd63ed2ea3:host:177.10.234.33	SESSION-86e3f0fd63ed2ea3 → host:177.10.234.33
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fc6dd1896fecefa:host:131.196.30.15	SESSION-1fc6dd1896fecefa → host:131.196.30.15
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4d0ab62891a0a5c:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d4d0ab62891a0a5c → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-58209016b963372b:flow:17eb0e2e292b	SESSION-58209016b963372b → flow:17eb0e2e292b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bdbc33b564dc3f1f:SESSION-bdbc33b564dc3f1f	SESSION-bdbc33b564dc3f1f → pe:syn:SESSION-bdbc33b564dc3f1f
FLOW_FROM_HOSTOBS	e:from:SESSION-2c5fc27029770f85:host:177.10.232.165	SESSION-2c5fc27029770f85 → host:177.10.232.165
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-019264e09ceae880:SESSION-019264e09ceae880	SESSION-019264e09ceae880 → pe:syn:SESSION-019264e09ceae880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c977b8f3627ab3c3:flow:3006c4727877	SESSION-c977b8f3627ab3c3 → flow:3006c4727877
FLOW_TO_HOSTOBS	e:to:SESSION-4ecf1376a54312e6:host:172.234.197.23	SESSION-4ecf1376a54312e6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-97e21cf514a48728:SESSION-97e21cf514a48728	SESSION-97e21cf514a48728 → pe:syn:SESSION-97e21cf514a48728
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cac3103b39cc2b1a:host:177.10.238.25:host:172.234.197.23	SESSION-cac3103b39cc2b1a → host:177.10.238.25 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47fbdf6c3cd24fcc:PCAP:capture_20260430090001:065659c7d314	SESSION-47fbdf6c3cd24fcc → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-ab1dfc7616ca079a:host:177.10.234.32	SESSION-ab1dfc7616ca079a → host:177.10.234.32
FLOW_TO_HOSTOBS	e:to:SESSION-8749b2c626b3f1be:host:177.10.236.57	SESSION-8749b2c626b3f1be → host:177.10.236.57
FLOW_DST_PORTOBS	e:fp:flow:acc70308abfc:port:tcp:60621	flow:acc70308abfc → port:tcp:60621
FLOW_DST_PORTOBS	e:fp:flow:69db748baf48:port:tcp:54866	flow:69db748baf48 → port:tcp:54866
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.160:geo_-23.62930_-46.63510	host:131.196.30.160 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-07c97e671e348352:SESSION-07c97e671e348352	SESSION-07c97e671e348352 → pe:tls:SESSION-07c97e671e348352
FLOW_TO_HOSTOBS	e:to:SESSION-30195220eb2aa3f5:host:177.10.234.27	SESSION-30195220eb2aa3f5 → host:177.10.234.27
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7de8e99103378c90:flow:b1dff4ad0695	SESSION-7de8e99103378c90 → flow:b1dff4ad0695
flow_observed5-aryOBS	e:fo:flow:162abe85c66f	flow:162abe85c66f → host:177.10.235.162 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.45:geo_-16.28860_-49.01640	host:177.10.232.45 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-919ba311fe0cedbc:SESSION-919ba311fe0cedbc	SESSION-919ba311fe0cedbc → pe:tls:SESSION-919ba311fe0cedbc
flow_observed5-aryOBS	e:fo:flow:cae9789f6cd2	flow:cae9789f6cd2 → host:131.196.29.211 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-49828b0c1667648d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-49828b0c1667648d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-a8c8ed56d6827efd:host:172.234.197.23	SESSION-a8c8ed56d6827efd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bedf3bb9bf60dde0:host:172.234.197.23	SESSION-bedf3bb9bf60dde0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07675572faa18905:host:45.173.156.100	SESSION-07675572faa18905 → host:45.173.156.100
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1bd78fd10af70dea:SESSION-1bd78fd10af70dea	SESSION-1bd78fd10af70dea → pe:tls:SESSION-1bd78fd10af70dea
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-807885e153f56a02:PCAP:capture_20260430090001:065659c7d314	SESSION-807885e153f56a02 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-df808ed8a09d8e60:flow:1bf759d3ac72	SESSION-df808ed8a09d8e60 → flow:1bf759d3ac72
flow_observed5-aryOBS	e:fo:flow:dca1696aec46	flow:dca1696aec46 → host:177.10.239.75 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:056fa8bf83c9	flow:056fa8bf83c9 → host:172.234.197.23 → host:131.196.28.10 → port:tcp:28564
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.182:geo_-16.28860_-49.01640	host:177.10.237.182 → geo_-16.28860_-49.01640
FLOW_TLS_SNIOBS	e:fs:flow:d0f144e1366b:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:d0f144e1366b → tls_sni:172-234-197-23.ip.linodeusercontent.com
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.143:asn:262880	host:177.10.237.143 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8452ffa75e7fe764:host:177.10.237.115	SESSION-8452ffa75e7fe764 → host:177.10.237.115
ASN_IN_ORGOBS 80%	e:ao:asn:20473:org:The Constant Company, LLC	asn:20473 → org:The Constant Company, LLC
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8feeff9d44d6e844:flow:477f274d387f	SESSION-8feeff9d44d6e844 → flow:477f274d387f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-045a77174f347205:host:45.173.156.154:host:172.234.197.23	SESSION-045a77174f347205 → host:45.173.156.154 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bf1cd7116e24:port:tcp:443	flow:bf1cd7116e24 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7752628607af1d9e:host:172.234.197.23	SESSION-7752628607af1d9e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b5f689fd50e4895:host:44.243.2.252	SESSION-8b5f689fd50e4895 → host:44.243.2.252
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65bd30307946d7be:PCAP:capture_20260430110001:43611bdf6759	SESSION-65bd30307946d7be → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-9cc387e98cb8cb82:host:177.10.234.80	SESSION-9cc387e98cb8cb82 → host:177.10.234.80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-23efb1317beab0b3:SESSION-23efb1317beab0b3	SESSION-23efb1317beab0b3 → pe:tls:SESSION-23efb1317beab0b3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-46aa20776642b201:flow:1f860e8c99a7	SESSION-46aa20776642b201 → flow:1f860e8c99a7
FLOW_TO_HOSTOBS	e:to:SESSION-78e554a3c30f161c:host:172.234.197.23	SESSION-78e554a3c30f161c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1f0cbb1c4183	flow:1f0cbb1c4183 → host:177.10.234.216 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:172bf7588f89	flow:172bf7588f89 → host:172.234.197.23 → host:131.196.29.239 → port:tcp:10161
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3567442ac940551:host:172.234.197.23	SESSION-f3567442ac940551 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-605cf9d10467f8d3:SESSION-605cf9d10467f8d3	SESSION-605cf9d10467f8d3 → pe:syn:SESSION-605cf9d10467f8d3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-11142ad74b2052de:SESSION-11142ad74b2052de	SESSION-11142ad74b2052de → pe:syn:SESSION-11142ad74b2052de
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-373bf424772e8fef:host:177.10.236.30:host:172.234.197.23	SESSION-373bf424772e8fef → host:177.10.236.30 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-67a710d2531b2faa:flow:ae05db972f47	SESSION-67a710d2531b2faa → flow:ae05db972f47
FLOW_FROM_HOSTOBS	e:from:SESSION-0e42d909a57b4903:host:172.234.197.23	SESSION-0e42d909a57b4903 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b236f75d1c6493bc:flow:3cf1107263f9	SESSION-b236f75d1c6493bc → flow:3cf1107263f9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fbe82bcd0d20589:host:177.10.232.157	SESSION-5fbe82bcd0d20589 → host:177.10.232.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bb5021014b7af5cb:SESSION-bb5021014b7af5cb	SESSION-bb5021014b7af5cb → pe:tls:SESSION-bb5021014b7af5cb
FLOW_FROM_HOSTOBS	e:from:SESSION-ab42e00b724a7daa:host:177.10.237.243	SESSION-ab42e00b724a7daa → host:177.10.237.243
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.113:geo_-16.28860_-49.01640	host:177.10.236.113 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eee0288be94ee16a:flow:3f89af1089fc	SESSION-eee0288be94ee16a → flow:3f89af1089fc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77abcf8d7f3aee2e:SESSION-77abcf8d7f3aee2e	SESSION-77abcf8d7f3aee2e → pe:syn:SESSION-77abcf8d7f3aee2e
FLOW_FROM_HOSTOBS	e:from:SESSION-77755e4fda54087c:host:131.196.28.95	SESSION-77755e4fda54087c → host:131.196.28.95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6d95ea715a47abbc:SESSION-6d95ea715a47abbc	SESSION-6d95ea715a47abbc → pe:syn:SESSION-6d95ea715a47abbc
FLOW_DST_PORTOBS	e:fp:flow:d9ed76e0b4a9:port:tcp:443	flow:d9ed76e0b4a9 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:cc5fcd208a7d:port:tcp:443	flow:cc5fcd208a7d → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d8d8471d99b0ccf5:PCAP:capture_20260430090001:065659c7d314	SESSION-d8d8471d99b0ccf5 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4751d88925ba5f3:host:172.234.197.23	SESSION-b4751d88925ba5f3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab42e00b724a7daa:host:172.234.197.23	SESSION-ab42e00b724a7daa → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6966225f20017b9e:flow:52f183052b4c	SESSION-6966225f20017b9e → flow:52f183052b4c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a886511518ded078:host:177.10.236.57:host:172.234.197.23	SESSION-a886511518ded078 → host:177.10.236.57 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d599caa8fe55:port:tcp:42717	flow:d599caa8fe55 → port:tcp:42717
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ac7bdbcc541a2d8:SESSION-8ac7bdbcc541a2d8	SESSION-8ac7bdbcc541a2d8 → pe:syn:SESSION-8ac7bdbcc541a2d8
FLOW_DST_PORTOBS	e:fp:flow:16c98c510c8d:port:tcp:28869	flow:16c98c510c8d → port:tcp:28869
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d4a5a6c818be705f:SESSION-d4a5a6c818be705f	SESSION-d4a5a6c818be705f → pe:syn:SESSION-d4a5a6c818be705f
FLOW_FROM_HOSTOBS	e:from:SESSION-68b7f3c84c5e7661:host:172.234.197.23	SESSION-68b7f3c84c5e7661 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a16085aea35a1403:host:172.234.197.23	SESSION-a16085aea35a1403 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a733fde11cff5d03:host:172.234.197.23:host:131.196.30.189	SESSION-a733fde11cff5d03 → host:172.234.197.23 → host:131.196.30.189
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-596b6c60b11eaa92:PCAP:capture_20260430110001:43611bdf6759	SESSION-596b6c60b11eaa92 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:3a5d21cafa01:port:tcp:443	flow:3a5d21cafa01 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c77e81e6376168a3:host:52.81.77.92:host:172.234.197.23	SESSION-c77e81e6376168a3 → host:52.81.77.92 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:f5e29d2fb7d9:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:f5e29d2fb7d9 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ca027ca401d4d122:SESSION-ca027ca401d4d122	SESSION-ca027ca401d4d122 → pe:syn:SESSION-ca027ca401d4d122
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f11cda502f952e41:host:172.234.197.23:host:131.196.29.27	SESSION-f11cda502f952e41 → host:172.234.197.23 → host:131.196.29.27
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b880a07e89a760de:flow:3ebf6dc4c75b	SESSION-b880a07e89a760de → flow:3ebf6dc4c75b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24763432928200fc:host:172.234.197.23	SESSION-24763432928200fc → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:944985e9d942	flow:944985e9d942 → host:172.234.197.23 → host:177.10.239.108 → port:tcp:20668
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a3643dbad405bac1:SESSION-a3643dbad405bac1	SESSION-a3643dbad405bac1 → pe:syn:SESSION-a3643dbad405bac1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-187a70856b24c84b:host:177.10.234.201	SESSION-187a70856b24c84b → host:177.10.234.201
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-025a43ae01804438:PCAP:capture_20260430070001:903a0e7a436b	SESSION-025a43ae01804438 → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.4:asn:271410	host:131.196.31.4 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9b95e1310dc4ff34:PCAP:capture_20260430150001:ded20914761d	SESSION-9b95e1310dc4ff34 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e6588ddd9fabb341:SESSION-e6588ddd9fabb341	SESSION-e6588ddd9fabb341 → pe:tls:SESSION-e6588ddd9fabb341
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e391b214be46ad73:SESSION-e391b214be46ad73	SESSION-e391b214be46ad73 → pe:tls:SESSION-e391b214be46ad73
FLOW_TO_HOSTOBS	e:to:SESSION-0d59ff2f2672e21c:host:177.10.236.161	SESSION-0d59ff2f2672e21c → host:177.10.236.161
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-042ef885e77347e7:flow:7db70b5ccb55	SESSION-042ef885e77347e7 → flow:7db70b5ccb55
flow_observed5-aryOBS	e:fo:flow:2825022e2692	flow:2825022e2692 → host:177.10.237.52 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:8720474b83a3	flow:8720474b83a3 → host:177.10.235.35 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-189d055e7be1f56c:SESSION-189d055e7be1f56c	SESSION-189d055e7be1f56c → pe:tls:SESSION-189d055e7be1f56c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-521d3d94be94008e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-521d3d94be94008e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:c7924a2c3c9c:port:tcp:443	flow:c7924a2c3c9c → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-1fd73a09d62d6f89:host:172.234.197.23	SESSION-1fd73a09d62d6f89 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-500747aefaa736d2:SESSION-500747aefaa736d2	SESSION-500747aefaa736d2 → pe:tls:SESSION-500747aefaa736d2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-633c88960b55f389:host:131.196.31.71:host:172.234.197.23	SESSION-633c88960b55f389 → host:131.196.31.71 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a22eb4c95bd17b8:host:131.196.29.59	SESSION-7a22eb4c95bd17b8 → host:131.196.29.59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-b854a8a0c04494b2:SESSION-b854a8a0c04494b2	SESSION-b854a8a0c04494b2 → pe:dns:SESSION-b854a8a0c04494b2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.29:asn:262880	host:177.10.234.29 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d4d7fb155f65fdf:host:172.234.197.23	SESSION-4d4d7fb155f65fdf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-958fc48089d68c44:host:172.234.197.23	SESSION-958fc48089d68c44 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-17e71ce1458770d6:host:172.234.197.23	SESSION-17e71ce1458770d6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99cedbc5d14c9ef2:host:131.196.28.125	SESSION-99cedbc5d14c9ef2 → host:131.196.28.125
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.22:geo_-16.28860_-49.01640	host:177.10.236.22 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74d9117e815e4c77:host:172.234.197.23	SESSION-74d9117e815e4c77 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.134:geo_-16.28860_-49.01640	host:177.10.233.134 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dc82e917a0ac0289:SESSION-dc82e917a0ac0289	SESSION-dc82e917a0ac0289 → pe:syn:SESSION-dc82e917a0ac0289
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d0835843463ad3c8:SESSION-d0835843463ad3c8	SESSION-d0835843463ad3c8 → pe:tls:SESSION-d0835843463ad3c8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7c35a263dbc41a3d:host:45.145.152.249:host:172.234.197.23	SESSION-7c35a263dbc41a3d → host:45.145.152.249 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-94eb707cf5b0b4ef:flow:9365c7904909	SESSION-94eb707cf5b0b4ef → flow:9365c7904909
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f9e70132665ab339:flow:034bfee1a8d8	SESSION-f9e70132665ab339 → flow:034bfee1a8d8
flow_observed5-aryOBS	e:fo:flow:597eb4982c4e	flow:597eb4982c4e → host:131.196.28.137 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:98475c8ec4d7:port:tcp:443	flow:98475c8ec4d7 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-adc05f42cd7b2533:host:177.10.233.65	SESSION-adc05f42cd7b2533 → host:177.10.233.65
FLOW_FROM_HOSTOBS	e:from:SESSION-de01d31bf4634055:host:172.234.197.23	SESSION-de01d31bf4634055 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59de2965684be0b6:host:172.234.197.23	SESSION-59de2965684be0b6 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.151:asn:262880	host:177.10.233.151 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fe8896cc58e0f0aa:flow:0be445b3f7e1	SESSION-fe8896cc58e0f0aa → flow:0be445b3f7e1
FLOW_TO_HOSTOBS	e:to:SESSION-f4d08df9b5b22c8b:host:172.234.197.23	SESSION-f4d08df9b5b22c8b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c0cdf691d2bdc12:host:172.234.197.23	SESSION-0c0cdf691d2bdc12 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:23cc248dcadf	flow:23cc248dcadf → host:172.234.197.23 → host:131.196.30.59 → port:tcp:13114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e06ceb4b0294ceac:SESSION-e06ceb4b0294ceac	SESSION-e06ceb4b0294ceac → pe:tls:SESSION-e06ceb4b0294ceac
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c265ba6f34eebd39:host:177.10.233.86	SESSION-c265ba6f34eebd39 → host:177.10.233.86
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f30e546741e354a:flow:cb6541d20503	SESSION-4f30e546741e354a → flow:cb6541d20503
FLOW_DST_PORTOBS	e:fp:flow:4fd8baa1ce1b:port:tcp:443	flow:4fd8baa1ce1b → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c5f8419335024f52:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c5f8419335024f52 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:85d29f3e7626	flow:85d29f3e7626 → host:131.196.31.222 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d43ada4a289f704d:host:131.196.31.197:host:172.234.197.23	SESSION-d43ada4a289f704d → host:131.196.31.197 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4db3abe06a9505c7:host:131.196.31.226	SESSION-4db3abe06a9505c7 → host:131.196.31.226
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-af1aec9a84a08d25:host:131.196.31.73:host:172.234.197.23	SESSION-af1aec9a84a08d25 → host:131.196.31.73 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ba96028c0d9bf0a3:host:177.10.232.114:host:172.234.197.23	SESSION-ba96028c0d9bf0a3 → host:177.10.232.114 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7a354b1ade71f9e:host:177.10.239.35	SESSION-a7a354b1ade71f9e → host:177.10.239.35
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8fb67bf931083b29:host:172.234.197.23:host:177.10.238.45	SESSION-8fb67bf931083b29 → host:172.234.197.23 → host:177.10.238.45
FLOW_TO_HOSTOBS	e:to:SESSION-0f4fd2f0020968b3:host:172.234.197.23	SESSION-0f4fd2f0020968b3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:99cb1af3b415:port:tcp:11396	flow:99cb1af3b415 → port:tcp:11396
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.128:geo_-16.28860_-49.01640	host:177.10.235.128 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8e3ae4e48a37cfd6:flow:19e51d619eb1	SESSION-8e3ae4e48a37cfd6 → flow:19e51d619eb1
FLOW_TO_HOSTOBS	e:to:SESSION-10db7c117acba2ed:host:172.234.197.23	SESSION-10db7c117acba2ed → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.60:asn:262880	host:177.10.235.60 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4af1d7a3219c207:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d4af1d7a3219c207 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed4-aryOBS	e:fo:flow:937bcaa6f995	flow:937bcaa6f995 → host:172.234.197.23 → host:177.10.234.248 → port:tcp:51380
flow_observed4-aryOBS	e:fo:flow:0c49e7844116	flow:0c49e7844116 → host:172.234.197.23 → host:177.10.239.190 → port:tcp:5535
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-64807579ab6c52ee:flow:dd631d17b504	SESSION-64807579ab6c52ee → flow:dd631d17b504
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e0b8f15e6ec3ec0f:host:104.28.202.77:host:172.234.197.23	SESSION-e0b8f15e6ec3ec0f → host:104.28.202.77 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4883770547012399:host:172.234.197.23:host:45.173.156.129	SESSION-4883770547012399 → host:172.234.197.23 → host:45.173.156.129
FLOW_FROM_HOSTOBS	e:from:SESSION-a810a8703b9c77f1:host:131.196.30.254	SESSION-a810a8703b9c77f1 → host:131.196.30.254
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-413ea94c965ce051:flow:d50c6c855668	SESSION-413ea94c965ce051 → flow:d50c6c855668
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5826a910dfa3cb7f:flow:fd663917efb4	SESSION-5826a910dfa3cb7f → flow:fd663917efb4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-53ca21169d5f7469:SESSION-53ca21169d5f7469	SESSION-53ca21169d5f7469 → pe:tls:SESSION-53ca21169d5f7469
FLOW_DST_PORTOBS	e:fp:flow:dd3dc8325244:port:tcp:443	flow:dd3dc8325244 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7c008c2d2b932d4b:flow:d3b7489a7d07	SESSION-7c008c2d2b932d4b → flow:d3b7489a7d07
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.248:asn:262880	host:177.10.234.248 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7ac71f2f2355e0bb:SESSION-7ac71f2f2355e0bb	SESSION-7ac71f2f2355e0bb → pe:syn:SESSION-7ac71f2f2355e0bb
FLOW_FROM_HOSTOBS	e:from:SESSION-779dfe498151f730:host:172.234.197.23	SESSION-779dfe498151f730 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4c33618c52a6:port:tcp:16127	flow:4c33618c52a6 → port:tcp:16127
HOST_IN_ASNOBS 85%	e:ha:host:54.91.240.230:asn:14618	host:54.91.240.230 → asn:14618
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f718f291e0c401d5:host:177.10.234.184	SESSION-f718f291e0c401d5 → host:177.10.234.184
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b9523bcd246277dc:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b9523bcd246277dc → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-58a14b9397c116a1:host:131.196.29.124	SESSION-58a14b9397c116a1 → host:131.196.29.124
flow_observed4-aryOBS	e:fo:flow:a6e0ee7010b9	flow:a6e0ee7010b9 → host:172.234.197.23 → host:177.10.232.136 → port:tcp:57388
FLOW_TO_HOSTOBS	e:to:SESSION-e45220a51eb759d9:host:177.10.238.10	SESSION-e45220a51eb759d9 → host:177.10.238.10
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-958fc48089d68c44:host:177.10.236.245	SESSION-958fc48089d68c44 → host:177.10.236.245
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-15ce8c1431c2e2c7:host:172.234.197.23	SESSION-15ce8c1431c2e2c7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-779f746558d2d979:host:172.234.197.23:host:177.10.235.169	SESSION-779f746558d2d979 → host:172.234.197.23 → host:177.10.235.169
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.13:asn:203771	host:45.145.152.13 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-948ad6eee5512e98:SESSION-948ad6eee5512e98	SESSION-948ad6eee5512e98 → pe:tls:SESSION-948ad6eee5512e98
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-718b3dc95b6876be:host:177.10.239.62:host:172.234.197.23	SESSION-718b3dc95b6876be → host:177.10.239.62 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-189d055e7be1f56c:host:172.234.197.23	SESSION-189d055e7be1f56c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2996f9b3a522abad:host:172.234.197.23	SESSION-2996f9b3a522abad → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b63214403b2d20c7:host:172.234.197.23	SESSION-b63214403b2d20c7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fa9dc0f394726313:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-fa9dc0f394726313 → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-037b6464dda97429:flow:aa18cf0ab97c	SESSION-037b6464dda97429 → flow:aa18cf0ab97c
FLOW_DST_PORTOBS	e:fp:flow:2fa17bc807ba:port:tcp:443	flow:2fa17bc807ba → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02cad694702cb9f1:host:177.10.235.25	SESSION-02cad694702cb9f1 → host:177.10.235.25
FLOW_TO_HOSTOBS	e:to:SESSION-c0cb5698f1d5957a:host:172.234.197.23	SESSION-c0cb5698f1d5957a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e6437ba0c2aceec:host:172.234.197.23	SESSION-1e6437ba0c2aceec → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c774247ce2f7d3db:host:131.196.30.168	SESSION-c774247ce2f7d3db → host:131.196.30.168
FLOW_TO_HOSTOBS	e:to:SESSION-1f78283937123fd5:host:172.234.197.23	SESSION-1f78283937123fd5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-082f90538556b940:SESSION-082f90538556b940	SESSION-082f90538556b940 → pe:tls:SESSION-082f90538556b940
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d5390845b17c572:flow:53536406705f	SESSION-1d5390845b17c572 → flow:53536406705f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ee5756ac65b5ed68:SESSION-ee5756ac65b5ed68	SESSION-ee5756ac65b5ed68 → pe:tls:SESSION-ee5756ac65b5ed68
FLOW_TO_HOSTOBS	e:to:SESSION-464502b3105a6b82:host:131.196.30.8	SESSION-464502b3105a6b82 → host:131.196.30.8
FLOW_DST_PORTOBS	e:fp:flow:e9d8a4501e2b:port:tcp:443	flow:e9d8a4501e2b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5cf2fdb6c848ac6c:host:172.234.197.23	SESSION-5cf2fdb6c848ac6c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.119:asn:273470	host:45.173.156.119 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b55fe86aa2a31ece:host:131.196.29.144:host:172.234.197.23	SESSION-b55fe86aa2a31ece → host:131.196.29.144 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a886511518ded078:SESSION-a886511518ded078	SESSION-a886511518ded078 → pe:tls:SESSION-a886511518ded078
FLOW_FROM_HOSTOBS	e:from:SESSION-082589f81acb7a8f:host:104.28.234.79	SESSION-082589f81acb7a8f → host:104.28.234.79
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-66c6d225095e379c:host:131.196.28.18:host:172.234.197.23	SESSION-66c6d225095e379c → host:131.196.28.18 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b01957630e90	flow:b01957630e90 → host:172.234.197.23 → host:177.10.233.63 → port:tcp:15868
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e9e5b45e575f3797:SESSION-e9e5b45e575f3797	SESSION-e9e5b45e575f3797 → pe:tls:SESSION-e9e5b45e575f3797
flow_observed5-aryOBS	e:fo:flow:bdeee83a5aec	flow:bdeee83a5aec → host:177.10.232.46 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f6d18082a7e4dce:host:172.234.197.23:host:177.10.234.19	SESSION-4f6d18082a7e4dce → host:172.234.197.23 → host:177.10.234.19
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e22ceaf98f82b588:host:172.234.197.23	SESSION-e22ceaf98f82b588 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2005509481f3ca7:host:172.234.197.23	SESSION-a2005509481f3ca7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-692aeceb01bd702a:host:172.234.197.23	SESSION-692aeceb01bd702a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67e118b3ac1b9481:host:177.10.233.196	SESSION-67e118b3ac1b9481 → host:177.10.233.196
FLOW_TO_HOSTOBS	e:to:SESSION-1c21073699e99172:host:172.234.197.23	SESSION-1c21073699e99172 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5816b4a8f681ef76:host:177.10.233.192:host:172.234.197.23	SESSION-5816b4a8f681ef76 → host:177.10.233.192 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2619cb568c6b860e:host:172.234.197.23	SESSION-2619cb568c6b860e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-82c9dbe3cfe7e49f:host:177.10.232.24	SESSION-82c9dbe3cfe7e49f → host:177.10.232.24
FLOW_TO_HOSTOBS	e:to:SESSION-b5d780f89354efd9:host:172.234.197.23	SESSION-b5d780f89354efd9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.188:asn:262880	host:177.10.235.188 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.245:geo_41.02140_28.99480	host:185.231.226.245 → geo_41.02140_28.99480
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.40:geo_-16.28860_-49.01640	host:177.10.234.40 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:3d33c6041d42	flow:3d33c6041d42 → host:172.3.50.214 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a0605f48b345a3ed:host:172.234.197.23	SESSION-a0605f48b345a3ed → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1eb19142561b47ba:host:172.234.197.23	SESSION-1eb19142561b47ba → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f479af38d87d852f:host:177.10.232.45:host:172.234.197.23	SESSION-f479af38d87d852f → host:177.10.232.45 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d9ece39eb531c8b:PCAP:capture_20260430090001:065659c7d314	SESSION-1d9ece39eb531c8b → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46da9b8beaa478c9:host:177.10.239.204	SESSION-46da9b8beaa478c9 → host:177.10.239.204
flow_observed5-aryOBS	e:fo:flow:b427586d6e58	flow:b427586d6e58 → host:177.10.237.16 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-05167940272dd019:PCAP:capture_20260430110001:43611bdf6759	SESSION-05167940272dd019 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1d16880e0846180:host:172.234.197.23	SESSION-a1d16880e0846180 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ced37932852de9e5:SESSION-ced37932852de9e5	SESSION-ced37932852de9e5 → pe:syn:SESSION-ced37932852de9e5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-57d0b948d59d1db4:PCAP:capture_20260430080001:93f47cc296a4	SESSION-57d0b948d59d1db4 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-8ce2f2546c044634:host:172.234.197.23	SESSION-8ce2f2546c044634 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-534aae6aa0ff39bc:host:177.10.235.165	SESSION-534aae6aa0ff39bc → host:177.10.235.165
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ef354b4063646368:flow:f226062110a9	SESSION-ef354b4063646368 → flow:f226062110a9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8f7d68f255e7d9c:host:177.10.239.106	SESSION-e8f7d68f255e7d9c → host:177.10.239.106
FLOW_FROM_HOSTOBS	e:from:SESSION-d5d486009dccd362:host:172.234.197.23	SESSION-d5d486009dccd362 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a89327de536a	flow:a89327de536a → host:172.234.197.23 → host:131.196.29.41 → port:tcp:45643
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0634c65493dd9b22:flow:8728b5b51161	SESSION-0634c65493dd9b22 → flow:8728b5b51161
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a5292197f57e4263:SESSION-a5292197f57e4263	SESSION-a5292197f57e4263 → pe:syn:SESSION-a5292197f57e4263
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.204:geo_-16.28860_-49.01640	host:177.10.234.204 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:eede1b220cc5:port:tcp:35403	flow:eede1b220cc5 → port:tcp:35403
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.158:geo_41.00190_28.96450	host:92.112.71.158 → geo_41.00190_28.96450
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e5496341eed0b869:SESSION-e5496341eed0b869	SESSION-e5496341eed0b869 → pe:syn:SESSION-e5496341eed0b869
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8b14f4f7e9ebbac1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8b14f4f7e9ebbac1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-2eb24274e849c36c:host:177.10.238.133	SESSION-2eb24274e849c36c → host:177.10.238.133
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-609881b75f195530:SESSION-609881b75f195530	SESSION-609881b75f195530 → pe:tls:SESSION-609881b75f195530
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-08463d47d249df1d:PCAP:capture_20260430060001:919b39a74464	SESSION-08463d47d249df1d → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fb2f54f0354a144e:SESSION-fb2f54f0354a144e	SESSION-fb2f54f0354a144e → pe:syn:SESSION-fb2f54f0354a144e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-0612d11703a94cf9:SESSION-0612d11703a94cf9	SESSION-0612d11703a94cf9 → pe:rst:SESSION-0612d11703a94cf9
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-6a9e4c3921500675:BSG-BEACON-858e4f4e4626	SESSION-6a9e4c3921500675 → BSG-BEACON-858e4f4e4626
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.217:geo_-16.28860_-49.01640	host:177.10.235.217 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5d8922fd6595a71f:SESSION-5d8922fd6595a71f	SESSION-5d8922fd6595a71f → pe:syn:SESSION-5d8922fd6595a71f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-75c1b247d58a4094:SESSION-75c1b247d58a4094	SESSION-75c1b247d58a4094 → pe:tls:SESSION-75c1b247d58a4094
FLOW_FROM_HOSTOBS	e:from:SESSION-7fea0326f1ddbdfc:host:172.234.197.23	SESSION-7fea0326f1ddbdfc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fc95fe30edf5706:host:172.234.197.23	SESSION-5fc95fe30edf5706 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fd73a09d62d6f89:host:177.10.237.11	SESSION-1fd73a09d62d6f89 → host:177.10.237.11
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dd7be5606f48437f:flow:7cbdeaf957f0	SESSION-dd7be5606f48437f → flow:7cbdeaf957f0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8165f1476121226e:flow:3f51040d34d3	SESSION-8165f1476121226e → flow:3f51040d34d3
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-e867c3054a212916:BSG-DATA_EXFIL-32b6964d8b2f	SESSION-e867c3054a212916 → BSG-DATA_EXFIL-32b6964d8b2f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-160e5a0882acae87:host:172.234.197.23	SESSION-160e5a0882acae87 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-23deab886ec517b0:SESSION-23deab886ec517b0	SESSION-23deab886ec517b0 → pe:tls:SESSION-23deab886ec517b0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a32c5a0b23fc272:flow:62b73d5bb72f	SESSION-0a32c5a0b23fc272 → flow:62b73d5bb72f
flow_observed5-aryOBS	e:fo:flow:aa4014470102	flow:aa4014470102 → host:131.196.28.219 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-a73f5b0635e28ad4:host:177.10.236.144	SESSION-a73f5b0635e28ad4 → host:177.10.236.144
FLOW_FROM_HOSTOBS	e:from:SESSION-742c2d67dec63a6f:host:131.196.30.128	SESSION-742c2d67dec63a6f → host:131.196.30.128
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-59e3e2edbc9b18fa:SESSION-59e3e2edbc9b18fa	SESSION-59e3e2edbc9b18fa → pe:syn:SESSION-59e3e2edbc9b18fa
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.156:asn:271410	host:131.196.29.156 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.149:asn:262880	host:177.10.238.149 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e3a0847605e0d04e:PCAP:capture_20260430090001:065659c7d314	SESSION-e3a0847605e0d04e → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-917ad6cf3046e17b:SESSION-917ad6cf3046e17b	SESSION-917ad6cf3046e17b → pe:tls:SESSION-917ad6cf3046e17b
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.46:asn:273470	host:45.173.156.46 → asn:273470
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.88:geo_-23.62930_-46.63510	host:131.196.28.88 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e3089f893be8ea87:SESSION-e3089f893be8ea87	SESSION-e3089f893be8ea87 → pe:tls:SESSION-e3089f893be8ea87
flow_observed5-aryOBS	e:fo:flow:cdc6cf409719	flow:cdc6cf409719 → host:177.10.239.239 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-0d1802072f1dd852:host:177.10.233.101	SESSION-0d1802072f1dd852 → host:177.10.233.101
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cf2d710eb7a0f34a:host:131.196.28.43:host:172.234.197.23	SESSION-cf2d710eb7a0f34a → host:131.196.28.43 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0f329fce2004d812:host:131.196.29.151	SESSION-0f329fce2004d812 → host:131.196.29.151
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-acf0f47433b56858:host:131.196.28.19	SESSION-acf0f47433b56858 → host:131.196.28.19
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2d6be65d6480cd7d:host:177.10.237.160:host:172.234.197.23	SESSION-2d6be65d6480cd7d → host:177.10.237.160 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ddc877c0ed3a64ea:host:131.196.29.34	SESSION-ddc877c0ed3a64ea → host:131.196.29.34
FLOW_TO_HOSTOBS	e:to:SESSION-cd4d686620f5fc14:host:172.234.197.23	SESSION-cd4d686620f5fc14 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-51b700d0442eff09:host:131.196.29.196	SESSION-51b700d0442eff09 → host:131.196.29.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58f4b45cf908ad77:host:131.196.30.88	SESSION-58f4b45cf908ad77 → host:131.196.30.88
FLOW_FROM_HOSTOBS	e:from:SESSION-b11ad70426b43374:host:172.234.197.23	SESSION-b11ad70426b43374 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b479aa11234b67ae:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b479aa11234b67ae → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-cb6cea4441256ebd:host:177.10.233.233	SESSION-cb6cea4441256ebd → host:177.10.233.233
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-164cf6eccbbca478:host:172.94.9.253:host:172.234.197.23	SESSION-164cf6eccbbca478 → host:172.94.9.253 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf00afe8057eb986:host:172.234.197.23:host:131.196.31.229	SESSION-bf00afe8057eb986 → host:172.234.197.23 → host:131.196.31.229
FLOW_FROM_HOSTOBS	e:from:SESSION-d0a2ec1133f1da31:host:177.10.239.16	SESSION-d0a2ec1133f1da31 → host:177.10.239.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-41c6e0b91a3149eb:PCAP:capture_20260430070001:903a0e7a436b	SESSION-41c6e0b91a3149eb → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:16db29bc6b3c:port:tcp:443	flow:16db29bc6b3c → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-213b6cb7e75b87f2:host:177.10.236.77:host:172.234.197.23	SESSION-213b6cb7e75b87f2 → host:177.10.236.77 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9a539c485f657b5:host:172.234.197.23	SESSION-d9a539c485f657b5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec00857ef12f8e7e:host:172.234.197.23	SESSION-ec00857ef12f8e7e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4670d2b8fb3d0344:host:172.234.197.23:host:177.10.232.242	SESSION-4670d2b8fb3d0344 → host:172.234.197.23 → host:177.10.232.242
FLOW_DST_PORTOBS	e:fp:flow:91daccc6e701:port:tcp:443	flow:91daccc6e701 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-27b5dd82e2b65bbd:SESSION-27b5dd82e2b65bbd	SESSION-27b5dd82e2b65bbd → pe:syn:SESSION-27b5dd82e2b65bbd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-21ced843a950a21a:PCAP:capture_20260430060001:919b39a74464	SESSION-21ced843a950a21a → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:e2e801b5fdfc	flow:e2e801b5fdfc → host:177.10.237.35 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3f38f9d39dae0e5a:SESSION-3f38f9d39dae0e5a	SESSION-3f38f9d39dae0e5a → pe:tls:SESSION-3f38f9d39dae0e5a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1984f51487784d02:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1984f51487784d02 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:78fc82b301d5:port:tcp:443	flow:78fc82b301d5 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.75:asn:262880	host:177.10.234.75 → asn:262880
ASN_IN_ORGOBS 80%	e:ao:asn:12876:org:Scaleway S.a.s.	asn:12876 → org:Scaleway S.a.s.
FLOW_TO_HOSTOBS	e:to:SESSION-7c3601b8f3a6cf17:host:172.234.197.23	SESSION-7c3601b8f3a6cf17 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9a27c97c4e7ac566:SESSION-9a27c97c4e7ac566	SESSION-9a27c97c4e7ac566 → pe:tls:SESSION-9a27c97c4e7ac566
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e06ceb4b0294ceac:host:172.234.197.23:host:177.10.237.120	SESSION-e06ceb4b0294ceac → host:172.234.197.23 → host:177.10.237.120
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd8832d374e053cc:host:172.234.197.23	SESSION-fd8832d374e053cc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-57be4ad64c21b6c4:host:54.186.85.102	SESSION-57be4ad64c21b6c4 → host:54.186.85.102
FLOW_FROM_HOSTOBS	e:from:SESSION-fe9137916d2eb5d4:host:131.196.29.154	SESSION-fe9137916d2eb5d4 → host:131.196.29.154
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-2604bc3e94e22829:BSG-BEACON-e07f4250263f	SESSION-2604bc3e94e22829 → BSG-BEACON-e07f4250263f
FLOW_TO_HOSTOBS	e:to:SESSION-3e361598c12a1af0:host:172.234.197.23	SESSION-3e361598c12a1af0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-67a9355576766cfe:host:172.234.197.23	SESSION-67a9355576766cfe → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.129:asn:271410	host:131.196.30.129 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-5f416b1590e3cca4:host:177.10.236.247	SESSION-5f416b1590e3cca4 → host:177.10.236.247
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fd6f9b80bb02e0f5:host:131.196.30.39:host:172.234.197.23	SESSION-fd6f9b80bb02e0f5 → host:131.196.30.39 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3168a3173448dd7d:host:172.234.197.23	SESSION-3168a3173448dd7d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-803b2289978a359c:host:172.234.197.23	SESSION-803b2289978a359c → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.100:geo_-23.62930_-46.63510	host:131.196.28.100 → geo_-23.62930_-46.63510
FLOW_TLS_SNIOBS	e:fs:flow:6f91a0bc6116:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:6f91a0bc6116 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d27f09d7c919692:host:131.196.28.207	SESSION-5d27f09d7c919692 → host:131.196.28.207
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-189d055e7be1f56c:host:177.10.234.166	SESSION-189d055e7be1f56c → host:177.10.234.166
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.254:geo_-16.28860_-49.01640	host:177.10.239.254 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-b53b1a2dc18d6354:host:103.155.16.117	SESSION-b53b1a2dc18d6354 → host:103.155.16.117
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-54016b03ecf1701c:SESSION-54016b03ecf1701c	SESSION-54016b03ecf1701c → pe:syn:SESSION-54016b03ecf1701c
FLOW_DST_PORTOBS	e:fp:flow:49a2db9fef59:port:tcp:7230	flow:49a2db9fef59 → port:tcp:7230
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.97:geo_-23.62930_-46.63510	host:131.196.29.97 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a33a5bbd98f17a5b:host:172.234.197.23	SESSION-a33a5bbd98f17a5b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7937f820efd31935:host:34.216.76.26:host:172.234.197.23	SESSION-7937f820efd31935 → host:34.216.76.26 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-38739a517334cf5a:SESSION-38739a517334cf5a	SESSION-38739a517334cf5a → pe:tls:SESSION-38739a517334cf5a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8431b5fa38a73955:host:172.234.197.23	SESSION-8431b5fa38a73955 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f042798b154a2bb2:SESSION-f042798b154a2bb2	SESSION-f042798b154a2bb2 → pe:tls:SESSION-f042798b154a2bb2
flow_observed4-aryOBS	e:fo:flow:8d9fc7278c00	flow:8d9fc7278c00 → host:172.234.197.23 → host:131.196.28.89 → port:tcp:22676
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7c274d9ac0119175:SESSION-7c274d9ac0119175	SESSION-7c274d9ac0119175 → pe:syn:SESSION-7c274d9ac0119175
flow_observed5-aryOBS	e:fo:flow:d04a7b552866	flow:d04a7b552866 → host:131.196.30.168 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-41c6e0b91a3149eb:host:177.10.232.191:host:172.234.197.23	SESSION-41c6e0b91a3149eb → host:177.10.232.191 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7ad2515d1158:port:tcp:443	flow:7ad2515d1158 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-680820c56f27d295:host:131.196.31.33:host:172.234.197.23	SESSION-680820c56f27d295 → host:131.196.31.33 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b330864bc1d39cd9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b330864bc1d39cd9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:d2c3d6be302a	flow:d2c3d6be302a → host:177.10.235.65 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:c7f74b0fa92a:port:tcp:2043	flow:c7f74b0fa92a → port:tcp:2043
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6a936b4b3a73fb0c:SESSION-6a936b4b3a73fb0c	SESSION-6a936b4b3a73fb0c → pe:tls:SESSION-6a936b4b3a73fb0c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd1b98a612532c8e:host:31.40.196.2	SESSION-cd1b98a612532c8e → host:31.40.196.2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3eb6cc7ca453157a:SESSION-3eb6cc7ca453157a	SESSION-3eb6cc7ca453157a → pe:syn:SESSION-3eb6cc7ca453157a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc58620ced71d747:SESSION-cc58620ced71d747	SESSION-cc58620ced71d747 → pe:syn:SESSION-cc58620ced71d747
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23deab886ec517b0:host:177.10.236.63	SESSION-23deab886ec517b0 → host:177.10.236.63
flow_observed4-aryOBS	e:fo:flow:7ae3387e1a5f	flow:7ae3387e1a5f → host:172.234.197.23 → host:131.196.28.87 → port:tcp:56994
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b880a07e89a760de:SESSION-b880a07e89a760de	SESSION-b880a07e89a760de → pe:tls:SESSION-b880a07e89a760de
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.120:geo_-16.28860_-49.01640	host:177.10.237.120 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:eb7039d8cfc1	flow:eb7039d8cfc1 → host:131.196.28.237 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9ab980d26fa84a5e:host:172.234.197.23:host:177.10.234.87	SESSION-9ab980d26fa84a5e → host:172.234.197.23 → host:177.10.234.87
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf68ee1b1745b1ca:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-bf68ee1b1745b1ca → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-354c21b56902e892:flow:9a334e6dc60d	SESSION-354c21b56902e892 → flow:9a334e6dc60d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9b2bcd9d2c0b41b4:SESSION-9b2bcd9d2c0b41b4	SESSION-9b2bcd9d2c0b41b4 → pe:syn:SESSION-9b2bcd9d2c0b41b4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68a3766ff3680ecf:host:131.196.31.227	SESSION-68a3766ff3680ecf → host:131.196.31.227
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2e627b58284e1729:host:177.10.234.72:host:172.234.197.23	SESSION-2e627b58284e1729 → host:177.10.234.72 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8e0f3c8a35641f7b:host:172.234.197.23	SESSION-8e0f3c8a35641f7b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b1dabd85b6a07947:SESSION-b1dabd85b6a07947	SESSION-b1dabd85b6a07947 → pe:syn:SESSION-b1dabd85b6a07947
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-29ee7b0c08ea02ad:SESSION-29ee7b0c08ea02ad	SESSION-29ee7b0c08ea02ad → pe:syn:SESSION-29ee7b0c08ea02ad
FLOW_DST_PORTOBS	e:fp:flow:d9811549b700:port:tcp:443	flow:d9811549b700 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-a60794a5b314271e:host:177.10.235.210	SESSION-a60794a5b314271e → host:177.10.235.210
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-00968abd3a9eec7e:host:177.10.237.76	SESSION-00968abd3a9eec7e → host:177.10.237.76
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-140ad048b49f1a57:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-140ad048b49f1a57 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14b4ac17b4f35bc0:host:172.234.197.23	SESSION-14b4ac17b4f35bc0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-757e5ed1a89f1610:host:131.196.28.93	SESSION-757e5ed1a89f1610 → host:131.196.28.93
FLOW_FROM_HOSTOBS	e:from:SESSION-de23fe28677c4a6e:host:172.234.197.23	SESSION-de23fe28677c4a6e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa7ff8c6e8f0ef9e:SESSION-aa7ff8c6e8f0ef9e	SESSION-aa7ff8c6e8f0ef9e → pe:syn:SESSION-aa7ff8c6e8f0ef9e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6b24715291f7dc36:flow:f80c07f5c415	SESSION-6b24715291f7dc36 → flow:f80c07f5c415
flow_observed5-aryOBS	e:fo:flow:53d8d2b8abb3	flow:53d8d2b8abb3 → host:45.173.156.170 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2348046789aa81fe:host:172.234.197.23	SESSION-2348046789aa81fe → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e612a684f25ac0f:host:172.234.197.23	SESSION-6e612a684f25ac0f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-415d7b69c6628cc7:host:45.173.156.3	SESSION-415d7b69c6628cc7 → host:45.173.156.3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f7287a957cb5e0d9:flow:eede1b220cc5	SESSION-f7287a957cb5e0d9 → flow:eede1b220cc5
FLOW_FROM_HOSTOBS	e:from:SESSION-6e708c58166944fb:host:131.196.31.2	SESSION-6e708c58166944fb → host:131.196.31.2
FLOW_FROM_HOSTOBS	e:from:SESSION-84669169ffdf0c83:host:177.10.232.82	SESSION-84669169ffdf0c83 → host:177.10.232.82
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-180bc1efe2db3897:flow:d9811549b700	SESSION-180bc1efe2db3897 → flow:d9811549b700
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-295c5f4e2a8126b8:SESSION-295c5f4e2a8126b8	SESSION-295c5f4e2a8126b8 → pe:tls:SESSION-295c5f4e2a8126b8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75add779b1a22971:host:172.234.197.23	SESSION-75add779b1a22971 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:54fe7b40f46e	flow:54fe7b40f46e → host:177.10.237.84 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5fbe82bcd0d20589:flow:61aa546ed047	SESSION-5fbe82bcd0d20589 → flow:61aa546ed047
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51cdac11b30f43cf:PCAP:capture_20260430080001:93f47cc296a4	SESSION-51cdac11b30f43cf → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-306afa7fa31a1f87:host:131.196.28.176	SESSION-306afa7fa31a1f87 → host:131.196.28.176
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bc96f34750660160:flow:0f8216fdb548	SESSION-bc96f34750660160 → flow:0f8216fdb548
FLOW_TO_HOSTOBS	e:to:SESSION-4424212d2efd30c8:host:172.234.197.23	SESSION-4424212d2efd30c8 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.208:asn:262880	host:177.10.232.208 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6515500944a7e42e:host:177.10.234.71	SESSION-6515500944a7e42e → host:177.10.234.71
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4b6b757282734812:SESSION-4b6b757282734812	SESSION-4b6b757282734812 → pe:tls:SESSION-4b6b757282734812
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.129:asn:271410	host:131.196.28.129 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ded52056067d22b2:host:45.173.156.61:host:172.234.197.23	SESSION-ded52056067d22b2 → host:45.173.156.61 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e067a71c5ba5	flow:e067a71c5ba5 → host:177.10.236.113 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7dbbf6b8420ecf88:flow:bcec3454bc9d	SESSION-7dbbf6b8420ecf88 → flow:bcec3454bc9d
FLOW_TO_HOSTOBS	e:to:SESSION-c2474adee374207e:host:131.196.31.98	SESSION-c2474adee374207e → host:131.196.31.98
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.87:asn:203771	host:37.221.79.87 → asn:203771
flow_observed5-aryOBS	e:fo:flow:b247e5ff1470	flow:b247e5ff1470 → host:131.196.31.21 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-8f2cb956713b4a7f:host:172.234.197.23	SESSION-8f2cb956713b4a7f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-86b61cf52362ae86:host:177.10.236.247	SESSION-86b61cf52362ae86 → host:177.10.236.247
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5972a3b732445423:flow:7a2eec4103e1	SESSION-5972a3b732445423 → flow:7a2eec4103e1
FLOW_FROM_HOSTOBS	e:from:SESSION-a24a5811642df328:host:172.234.197.23	SESSION-a24a5811642df328 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d5a74cc524a51e3d:SESSION-d5a74cc524a51e3d	SESSION-d5a74cc524a51e3d → pe:syn:SESSION-d5a74cc524a51e3d
flow_observed4-aryOBS	e:fo:flow:6fd31bcc48c3	flow:6fd31bcc48c3 → host:172.234.197.23 → host:177.10.234.78 → port:tcp:19833
flow_observed4-aryOBS	e:fo:flow:924a996c5dd9	flow:924a996c5dd9 → host:172.234.197.23 → host:131.196.29.50 → port:tcp:27649
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-49ddbf605897eb3f:SESSION-49ddbf605897eb3f	SESSION-49ddbf605897eb3f → pe:syn:SESSION-49ddbf605897eb3f
flow_observed3-aryOBS	e:fo:flow:191d5ca6f36d	flow:191d5ca6f36d → host:34.216.30.208 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4799248f1ba6e544:host:172.234.197.23	SESSION-4799248f1ba6e544 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-de12aa9c0bf7f485:host:172.234.197.23	SESSION-de12aa9c0bf7f485 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:52c26668907d:port:tcp:443	flow:52c26668907d → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:47c2f2779cfc	flow:47c2f2779cfc → host:177.10.235.42 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d4fb8a50f2916880:SESSION-d4fb8a50f2916880	SESSION-d4fb8a50f2916880 → pe:syn:SESSION-d4fb8a50f2916880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb40f64797e3fe16:host:172.234.197.23	SESSION-eb40f64797e3fe16 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46aa20776642b201:host:45.173.156.83	SESSION-46aa20776642b201 → host:45.173.156.83
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2eb15df038685c53:flow:d0f144e1366b	SESSION-2eb15df038685c53 → flow:d0f144e1366b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-87ea4b729b5b64e3:SESSION-87ea4b729b5b64e3	SESSION-87ea4b729b5b64e3 → pe:syn:SESSION-87ea4b729b5b64e3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b03f12d359ceed54:host:172.234.197.23:host:131.196.31.26	SESSION-b03f12d359ceed54 → host:172.234.197.23 → host:131.196.31.26
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e4d63ce34019de3:flow:51c50c31258a	SESSION-4e4d63ce34019de3 → flow:51c50c31258a
FLOW_DST_PORTOBS	e:fp:flow:2faea6106d12:port:tcp:443	flow:2faea6106d12 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-680820c56f27d295:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-680820c56f27d295 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:ba77b24e676f	flow:ba77b24e676f → host:172.234.197.23 → host:177.10.239.154 → port:tcp:30509
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bded37485db78f4a:flow:812f40eb0cd0	SESSION-bded37485db78f4a → flow:812f40eb0cd0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-32091c263c5425e7:flow:8c0a36e715f9	SESSION-32091c263c5425e7 → flow:8c0a36e715f9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-3982f1a8e532b400:SESSION-3982f1a8e532b400	SESSION-3982f1a8e532b400 → pe:rst:SESSION-3982f1a8e532b400
FLOW_TO_HOSTOBS	e:to:SESSION-b7ac052262d51e17:host:172.234.197.23	SESSION-b7ac052262d51e17 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.82:geo_-16.28860_-49.01640	host:177.10.239.82 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97a722c9ef92a65e:host:45.173.156.163	SESSION-97a722c9ef92a65e → host:45.173.156.163
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e21e19309bc8d324:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-e21e19309bc8d324 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5d4ae68a057da74d:SESSION-5d4ae68a057da74d	SESSION-5d4ae68a057da74d → pe:syn:SESSION-5d4ae68a057da74d
FLOW_TO_HOSTOBS	e:to:SESSION-8ef9a5d8a17e479b:host:177.10.238.1	SESSION-8ef9a5d8a17e479b → host:177.10.238.1
FLOW_FROM_HOSTOBS	e:from:SESSION-01c9c3509e882c26:host:45.173.156.158	SESSION-01c9c3509e882c26 → host:45.173.156.158
FLOW_FROM_HOSTOBS	e:from:SESSION-de115ad7179345b0:host:131.196.29.76	SESSION-de115ad7179345b0 → host:131.196.29.76
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-01fb4d6a9472c8c7:SESSION-01fb4d6a9472c8c7	SESSION-01fb4d6a9472c8c7 → pe:tls:SESSION-01fb4d6a9472c8c7
FLOW_FROM_HOSTOBS	e:from:SESSION-a6d1acf39452c448:host:172.234.197.23	SESSION-a6d1acf39452c448 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aae42b7cc2993272:host:172.234.197.23	SESSION-aae42b7cc2993272 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-adf46c04c6a07144:host:131.196.29.150	SESSION-adf46c04c6a07144 → host:131.196.29.150
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ffb3444ca3f5caf:SESSION-1ffb3444ca3f5caf	SESSION-1ffb3444ca3f5caf → pe:syn:SESSION-1ffb3444ca3f5caf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5fdb408b0b3dd802:flow:e53d7ed83f31	SESSION-5fdb408b0b3dd802 → flow:e53d7ed83f31
FLOW_TO_HOSTOBS	e:to:SESSION-09c97c2e7f8ca5a6:host:177.10.238.7	SESSION-09c97c2e7f8ca5a6 → host:177.10.238.7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d44d2d34cc029e97:flow:870af0042d8d	SESSION-d44d2d34cc029e97 → flow:870af0042d8d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d59ad8978cc7e8b9:host:177.10.238.62	SESSION-d59ad8978cc7e8b9 → host:177.10.238.62
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-b88c76d0206f2960:SESSION-b88c76d0206f2960	SESSION-b88c76d0206f2960 → pe:rst:SESSION-b88c76d0206f2960
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ad9c0df7a65aa03:host:177.10.236.151	SESSION-0ad9c0df7a65aa03 → host:177.10.236.151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-85683c3aa8c095db:SESSION-85683c3aa8c095db	SESSION-85683c3aa8c095db → pe:tls:SESSION-85683c3aa8c095db
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.144:geo_-16.28860_-49.01640	host:177.10.239.144 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-d5ac91adedbe1ec7:host:131.196.29.215	SESSION-d5ac91adedbe1ec7 → host:131.196.29.215
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2287ae96f90f1374:host:177.10.234.81:host:172.234.197.23	SESSION-2287ae96f90f1374 → host:177.10.234.81 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9c84656a173f6275:host:177.10.238.192:host:172.234.197.23	SESSION-9c84656a173f6275 → host:177.10.238.192 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f3748d9d14aafdb8:flow:d26665ca5ede	SESSION-f3748d9d14aafdb8 → flow:d26665ca5ede
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a4d237675f94d453:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a4d237675f94d453 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-30ae225adc0bd1e0:SESSION-30ae225adc0bd1e0	SESSION-30ae225adc0bd1e0 → pe:syn:SESSION-30ae225adc0bd1e0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bcb34449111b6ae:host:177.10.235.61	SESSION-4bcb34449111b6ae → host:177.10.235.61
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0046a1ddb04bc0f7:flow:7b78e56234f0	SESSION-0046a1ddb04bc0f7 → flow:7b78e56234f0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-64913b40dfec355f:flow:89234f33732b	SESSION-64913b40dfec355f → flow:89234f33732b
FLOW_DST_PORTOBS	e:fp:flow:9b4ed8f29561:port:tcp:443	flow:9b4ed8f29561 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-205f350cdfc6cb9d:host:172.234.197.23	SESSION-205f350cdfc6cb9d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c1a633dafddc79f1:host:45.173.156.98:host:172.234.197.23	SESSION-c1a633dafddc79f1 → host:45.173.156.98 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5bd73118ac3f9f7:flow:5d9ac96edb9e	SESSION-b5bd73118ac3f9f7 → flow:5d9ac96edb9e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.214:asn:262880	host:177.10.233.214 → asn:262880
flow_observed5-aryOBS	e:fo:flow:c39df8f0b3ff	flow:c39df8f0b3ff → host:177.10.234.237 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:a48aaa9e71a4	flow:a48aaa9e71a4 → host:172.234.197.23 → host:131.196.29.192 → port:tcp:5293
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-355b17fab14031de:host:172.234.197.23:host:177.10.233.70	SESSION-355b17fab14031de → host:172.234.197.23 → host:177.10.233.70
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3d0d891734a12161:PCAP:capture_20260430150001:ded20914761d	SESSION-3d0d891734a12161 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-c1429c4885068b09:host:172.234.197.23	SESSION-c1429c4885068b09 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.127:geo_-16.28860_-49.01640	host:177.10.239.127 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:637c13edbf62:port:tcp:443	flow:637c13edbf62 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-9ab55f3989857eec:host:172.234.197.23	SESSION-9ab55f3989857eec → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c73d5dfb4b98c8a4:host:131.196.31.230:host:172.234.197.23	SESSION-c73d5dfb4b98c8a4 → host:131.196.31.230 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b854a8a0c04494b2:host:172.234.197.23:host:172.232.0.17	SESSION-b854a8a0c04494b2 → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f57d963826b0d8cc:flow:b4d8f281c422	SESSION-f57d963826b0d8cc → flow:b4d8f281c422
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6667ca1b9f8ba8d1:host:131.196.28.72:host:172.234.197.23	SESSION-6667ca1b9f8ba8d1 → host:131.196.28.72 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f34baa4b6679:port:tcp:443	flow:f34baa4b6679 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-99c8a38ab4cce90e:host:45.173.156.101	SESSION-99c8a38ab4cce90e → host:45.173.156.101
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5fbe82bcd0d20589:SESSION-5fbe82bcd0d20589	SESSION-5fbe82bcd0d20589 → pe:tls:SESSION-5fbe82bcd0d20589
FLOW_QUERIED_DNSOBS	e:fd:flow:c0f2dd55f138:dns:172-234-197-23.ip.linodeusercontent.com	flow:c0f2dd55f138 → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-f9a24e91c66cf817:host:177.10.236.218	SESSION-f9a24e91c66cf817 → host:177.10.236.218
FLOW_DST_PORTOBS	e:fp:flow:bb2bb642551a:port:tcp:443	flow:bb2bb642551a → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:f4ddb90e507a	flow:f4ddb90e507a → host:177.10.239.149 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d7baf95bca9d9bdc:SESSION-d7baf95bca9d9bdc	SESSION-d7baf95bca9d9bdc → pe:tls:SESSION-d7baf95bca9d9bdc
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.166:geo_-23.62930_-46.63510	host:131.196.29.166 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a7bf37c238cc392:host:131.196.30.135:host:172.234.197.23	SESSION-4a7bf37c238cc392 → host:131.196.30.135 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3676532bb2f3ac59:SESSION-3676532bb2f3ac59	SESSION-3676532bb2f3ac59 → pe:syn:SESSION-3676532bb2f3ac59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98030dd572a97d39:host:172.234.197.23	SESSION-98030dd572a97d39 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7eabead80f81736f:SESSION-7eabead80f81736f	SESSION-7eabead80f81736f → pe:syn:SESSION-7eabead80f81736f
flow_observed5-aryOBS	e:fo:flow:b85d57875d64	flow:b85d57875d64 → host:177.10.237.74 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5fbe4987e86bc38:flow:4be37b1f0cfe	SESSION-b5fbe4987e86bc38 → flow:4be37b1f0cfe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2df5a0c07309bf07:SESSION-2df5a0c07309bf07	SESSION-2df5a0c07309bf07 → pe:syn:SESSION-2df5a0c07309bf07
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.154:geo_-21.10010_-41.69200	host:45.173.156.154 → geo_-21.10010_-41.69200
flow_observed4-aryOBS	e:fo:flow:cc297f1cad64	flow:cc297f1cad64 → host:172.234.197.23 → host:177.10.239.77 → port:tcp:47560
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-692aeceb01bd702a:host:172.234.197.23:host:177.10.239.134	SESSION-692aeceb01bd702a → host:172.234.197.23 → host:177.10.239.134
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-52edb7664c060999:host:31.40.196.41:host:172.234.197.23	SESSION-52edb7664c060999 → host:31.40.196.41 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bbc35343aa20f600:PCAP:capture_20260430090001:065659c7d314	SESSION-bbc35343aa20f600 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-33db7a85fa9e759a:host:172.234.197.23:host:131.196.31.237	SESSION-33db7a85fa9e759a → host:172.234.197.23 → host:131.196.31.237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8247aea4532236dc:host:172.234.197.23	SESSION-8247aea4532236dc → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.32:geo_-23.62930_-46.63510	host:131.196.28.32 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd2a5925828b8076:host:177.10.235.218	SESSION-fd2a5925828b8076 → host:177.10.235.218
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-992ac29a78433ae4:host:177.10.235.56	SESSION-992ac29a78433ae4 → host:177.10.235.56
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.33:asn:262880	host:177.10.234.33 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.143:asn:271410	host:131.196.30.143 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-581b4c1bc6ff5f0b:host:172.234.197.23	SESSION-581b4c1bc6ff5f0b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c58065526050	flow:c58065526050 → host:131.196.28.246 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9a9ddd86aa762a0:host:177.10.238.82	SESSION-c9a9ddd86aa762a0 → host:177.10.238.82
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-23e0f212525e0a86:host:172.234.197.23:host:177.10.232.122	SESSION-23e0f212525e0a86 → host:172.234.197.23 → host:177.10.232.122
flow_observed4-aryOBS	e:fo:flow:bbb0779ee5fc	flow:bbb0779ee5fc → host:172.234.197.23 → host:177.10.235.15 → port:tcp:54305
FLOW_FROM_HOSTOBS	e:from:SESSION-d31cb6e546f767b7:host:131.196.31.75	SESSION-d31cb6e546f767b7 → host:131.196.31.75
HOST_IN_ASNOBS 85%	e:ha:host:2.57.122.192:asn:47890	host:2.57.122.192 → asn:47890
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.237:geo_-21.10010_-41.69200	host:45.173.156.237 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-932a817ddabc353f:host:172.234.197.23:host:177.10.239.122	SESSION-932a817ddabc353f → host:172.234.197.23 → host:177.10.239.122
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4bcb34449111b6ae:PCAP:capture_20260430090001:065659c7d314	SESSION-4bcb34449111b6ae → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.12:asn:262880	host:177.10.232.12 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d58c039fa1a1304:host:172.234.197.23	SESSION-8d58c039fa1a1304 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:097845287463:port:tcp:24204	flow:097845287463 → port:tcp:24204
FLOW_FROM_HOSTOBS	e:from:SESSION-b117f2a3fa82af67:host:177.10.235.118	SESSION-b117f2a3fa82af67 → host:177.10.235.118
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5397b2a7490ae0fb:host:172.234.197.23	SESSION-5397b2a7490ae0fb → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-adc05f42cd7b2533:SESSION-adc05f42cd7b2533	SESSION-adc05f42cd7b2533 → pe:syn:SESSION-adc05f42cd7b2533
FLOW_DST_PORTOBS	e:fp:flow:133dcdd96d63:port:tcp:443	flow:133dcdd96d63 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0427ab07f20fae31:SESSION-0427ab07f20fae31	SESSION-0427ab07f20fae31 → pe:tls:SESSION-0427ab07f20fae31
FLOW_DST_PORTOBS	e:fp:flow:5a19d89647bf:port:tcp:443	flow:5a19d89647bf → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.89:asn:262880	host:177.10.235.89 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-757e5ed1a89f1610:host:172.234.197.23	SESSION-757e5ed1a89f1610 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7912a0e1302b3ba3:flow:490048fe7305	SESSION-7912a0e1302b3ba3 → flow:490048fe7305
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-710eb7de55f51893:SESSION-710eb7de55f51893	SESSION-710eb7de55f51893 → pe:syn:SESSION-710eb7de55f51893
FLOW_DST_PORTOBS	e:fp:flow:8801f7aa7326:port:tcp:39538	flow:8801f7aa7326 → port:tcp:39538
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:3.102.9.236:geo_-36.85040_174.76750	host:3.102.9.236 → geo_-36.85040_174.76750
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f42dcf2468c4a64f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f42dcf2468c4a64f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-93be623985b95b7d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-93be623985b95b7d → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47d7544842406eea:host:177.10.236.11:host:172.234.197.23	SESSION-47d7544842406eea → host:177.10.236.11 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-31e4a260829c636e:SESSION-31e4a260829c636e	SESSION-31e4a260829c636e → pe:syn:SESSION-31e4a260829c636e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4992d20c4573840:flow:3b89477bda88	SESSION-d4992d20c4573840 → flow:3b89477bda88
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f003e7e66ba8f79:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4f003e7e66ba8f79 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ef022cf55a10b05:SESSION-6ef022cf55a10b05	SESSION-6ef022cf55a10b05 → pe:tls:SESSION-6ef022cf55a10b05
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1aa0d90742fe552:host:177.10.233.20	SESSION-e1aa0d90742fe552 → host:177.10.233.20
FLOW_TO_HOSTOBS	e:to:SESSION-5a1525d7a099ba42:host:177.10.238.250	SESSION-5a1525d7a099ba42 → host:177.10.238.250
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-97231868d06ff2ed:PCAP:capture_20260430080001:93f47cc296a4	SESSION-97231868d06ff2ed → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e703980a48f1e09:SESSION-4e703980a48f1e09	SESSION-4e703980a48f1e09 → pe:tls:SESSION-4e703980a48f1e09
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.139:asn:271410	host:131.196.28.139 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bb20bb92bfdba895:PCAP:capture_20260430150001:ded20914761d	SESSION-bb20bb92bfdba895 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:71ab09349ce1:port:tcp:62189	flow:71ab09349ce1 → port:tcp:62189
FLOW_FROM_HOSTOBS	e:from:SESSION-840476c00c988ec7:host:177.10.238.91	SESSION-840476c00c988ec7 → host:177.10.238.91
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.137:asn:262880	host:177.10.239.137 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-63e564f28f734573:SESSION-63e564f28f734573	SESSION-63e564f28f734573 → pe:tls:SESSION-63e564f28f734573
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-27da8f08a1512941:host:172.234.197.23:host:45.173.156.220	SESSION-27da8f08a1512941 → host:172.234.197.23 → host:45.173.156.220
flow_observed4-aryOBS	e:fo:flow:dcc768f94395	flow:dcc768f94395 → host:172.234.197.23 → host:131.196.30.71 → port:tcp:28004
flow_observed3-aryOBS	e:fo:flow:735521efe938	flow:735521efe938 → host:44.248.141.231 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-28ca4d014ad9a35f:host:177.10.234.40	SESSION-28ca4d014ad9a35f → host:177.10.234.40
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f9a24e91c66cf817:flow:ade6d6dd1519	SESSION-f9a24e91c66cf817 → flow:ade6d6dd1519
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c2bde5ab088d2882:PCAP:capture_20260427200001:3ed6eed62060	SESSION-c2bde5ab088d2882 → PCAP:capture_20260427200001:3ed6eed62060
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ced37932852de9e5:host:172.234.197.23:host:177.10.234.195	SESSION-ced37932852de9e5 → host:172.234.197.23 → host:177.10.234.195
flow_observed5-aryOBS	e:fo:flow:01f099eb3637	flow:01f099eb3637 → host:31.40.196.41 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-099b4106de78317b:host:172.234.197.23	SESSION-099b4106de78317b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-353fd641d57f7d93:host:177.10.236.234	SESSION-353fd641d57f7d93 → host:177.10.236.234
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bebd9f8afa50544a:host:172.234.197.23	SESSION-bebd9f8afa50544a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.254:geo_-23.62930_-46.63510	host:131.196.28.254 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2be3bd33b6267f94:PCAP:capture_20260430080001:93f47cc296a4	SESSION-2be3bd33b6267f94 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1624b178b88eb54d:SESSION-1624b178b88eb54d	SESSION-1624b178b88eb54d → pe:syn:SESSION-1624b178b88eb54d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f3823f20b5aa8c6:host:172.234.197.23	SESSION-8f3823f20b5aa8c6 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.194:asn:262880	host:177.10.234.194 → asn:262880
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-06d2ad4243fb8941:BSG-BEACON-bbe881c142fc	SESSION-06d2ad4243fb8941 → BSG-BEACON-bbe881c142fc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd0176ca8d9bf386:host:177.10.233.130	SESSION-cd0176ca8d9bf386 → host:177.10.233.130
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f8e250b2be37e497:host:172.234.197.23:host:177.10.239.29	SESSION-f8e250b2be37e497 → host:172.234.197.23 → host:177.10.239.29
FLOW_FROM_HOSTOBS	e:from:SESSION-ead27f853a5aab01:host:177.10.232.240	SESSION-ead27f853a5aab01 → host:177.10.232.240
FLOW_FROM_HOSTOBS	e:from:SESSION-8417ba17d1562cbc:host:131.196.30.216	SESSION-8417ba17d1562cbc → host:131.196.30.216
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7da23a3c779474e1:flow:002d6a380d86	SESSION-7da23a3c779474e1 → flow:002d6a380d86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-54b62e34296d5c17:SESSION-54b62e34296d5c17	SESSION-54b62e34296d5c17 → pe:syn:SESSION-54b62e34296d5c17
FLOW_TLS_SNIOBS	e:fs:flow:de9a31b6abf8:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:de9a31b6abf8 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-136fe1663b76b4f2:host:177.10.237.49	SESSION-136fe1663b76b4f2 → host:177.10.237.49
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-077a58eb2518fab4:PCAP:capture_20260430110001:43611bdf6759	SESSION-077a58eb2518fab4 → PCAP:capture_20260430110001:43611bdf6759
FLOW_QUERIED_DNSOBS	e:fd:flow:b96ebacbeedc:dns:wpcode.com	flow:b96ebacbeedc → dns:wpcode.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-01b1445b3dd1d2e4:SESSION-01b1445b3dd1d2e4	SESSION-01b1445b3dd1d2e4 → pe:syn:SESSION-01b1445b3dd1d2e4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5da0813b370b7e29:host:13.208.213.50:host:172.234.197.23	SESSION-5da0813b370b7e29 → host:13.208.213.50 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68282fbeb04671d9:host:177.10.237.54	SESSION-68282fbeb04671d9 → host:177.10.237.54
FLOW_DST_PORTOBS	e:fp:flow:11c8071bc639:port:tcp:23628	flow:11c8071bc639 → port:tcp:23628
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6e6afdb068db09de:host:45.173.156.220:host:172.234.197.23	SESSION-6e6afdb068db09de → host:45.173.156.220 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3931cb15b35f138a:host:177.10.236.178:host:172.234.197.23	SESSION-3931cb15b35f138a → host:177.10.236.178 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-66f42b3418de6818:SESSION-66f42b3418de6818	SESSION-66f42b3418de6818 → pe:syn:SESSION-66f42b3418de6818
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-461eadc2db19418d:host:131.196.31.110:host:172.234.197.23	SESSION-461eadc2db19418d → host:131.196.31.110 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.217:geo_-16.28860_-49.01640	host:177.10.237.217 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a24a5811642df328:SESSION-a24a5811642df328	SESSION-a24a5811642df328 → pe:syn:SESSION-a24a5811642df328
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2887c6ee2de14ac9:flow:ae0b1076aadf	SESSION-2887c6ee2de14ac9 → flow:ae0b1076aadf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4673fb47ee0c5a9:host:177.10.239.11	SESSION-d4673fb47ee0c5a9 → host:177.10.239.11
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2997df12bb4a545b:host:172.234.197.23	SESSION-2997df12bb4a545b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-07d653be0b30b2f4:flow:f12f5320da02	SESSION-07d653be0b30b2f4 → flow:f12f5320da02
FLOW_DST_PORTOBS	e:fp:flow:7362a99acee5:port:tcp:13754	flow:7362a99acee5 → port:tcp:13754
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4337995d605bd9f8:SESSION-4337995d605bd9f8	SESSION-4337995d605bd9f8 → pe:syn:SESSION-4337995d605bd9f8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7cf4eefda54138cc:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7cf4eefda54138cc → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ed59d63ff912d69c:PCAP:capture_20260430060001:919b39a74464	SESSION-ed59d63ff912d69c → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-23264de44b7cb73c:flow:5d964dffb085	SESSION-23264de44b7cb73c → flow:5d964dffb085
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3ea6c4aff46dde87:flow:0804229defd8	SESSION-3ea6c4aff46dde87 → flow:0804229defd8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb72c41fb24aaf81:host:131.196.29.203	SESSION-eb72c41fb24aaf81 → host:131.196.29.203
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-597a035229423245:host:45.173.156.240	SESSION-597a035229423245 → host:45.173.156.240
FLOW_FROM_HOSTOBS	e:from:SESSION-9e0dcae8b099ffa5:host:177.10.234.115	SESSION-9e0dcae8b099ffa5 → host:177.10.234.115
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2be3bd33b6267f94:flow:52546135c686	SESSION-2be3bd33b6267f94 → flow:52546135c686
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9c58d6336bd500b5:host:177.10.237.108:host:172.234.197.23	SESSION-9c58d6336bd500b5 → host:177.10.237.108 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c016235dacd88a4d:host:172.234.197.23	SESSION-c016235dacd88a4d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f4f2e64710996bb:host:172.234.197.23	SESSION-3f4f2e64710996bb → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0d2369f69026	flow:0d2369f69026 → host:177.10.235.116 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-46da9b8beaa478c9:flow:4f707b2e8a9b	SESSION-46da9b8beaa478c9 → flow:4f707b2e8a9b
flow_observed5-aryOBS	e:fo:flow:f3f20a5f13f0	flow:f3f20a5f13f0 → host:177.10.238.31 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-21e452657508b689:flow:1dec1a3b0255	SESSION-21e452657508b689 → flow:1dec1a3b0255
FLOW_DST_PORTOBS	e:fp:flow:f99b1b2b978a:port:tcp:443	flow:f99b1b2b978a → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:e8b6d78f5f37:port:tcp:443	flow:e8b6d78f5f37 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-18178a1924ee92a1:host:172.234.197.23:host:177.10.237.237	SESSION-18178a1924ee92a1 → host:172.234.197.23 → host:177.10.237.237
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68010cf4db790ce8:flow:c341b53c6c5d	SESSION-68010cf4db790ce8 → flow:c341b53c6c5d
FLOW_DST_PORTOBS	e:fp:flow:f9c08ac7fdde:port:tcp:443	flow:f9c08ac7fdde → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-643a90c68c400c64:host:177.10.236.151	SESSION-643a90c68c400c64 → host:177.10.236.151
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.71:geo_-16.28860_-49.01640	host:177.10.238.71 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-332b957940cff81b:flow:282a0cc9d92b	SESSION-332b957940cff81b → flow:282a0cc9d92b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9a5aae11508cfd60:host:131.196.29.225:host:172.234.197.23	SESSION-9a5aae11508cfd60 → host:131.196.29.225 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.127:geo_-16.28860_-49.01640	host:177.10.237.127 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.132:geo_-23.62930_-46.63510	host:131.196.29.132 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cbc349d6e82ad363:host:172.234.197.23:host:2.57.122.196	SESSION-cbc349d6e82ad363 → host:172.234.197.23 → host:2.57.122.196
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-91196c5d66e04f5c:SESSION-91196c5d66e04f5c	SESSION-91196c5d66e04f5c → pe:tls:SESSION-91196c5d66e04f5c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8136a084d82536a6:flow:9a41357d15f4	SESSION-8136a084d82536a6 → flow:9a41357d15f4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-17fce8ea46af65f2:SESSION-17fce8ea46af65f2	SESSION-17fce8ea46af65f2 → pe:syn:SESSION-17fce8ea46af65f2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b420826720a06333:PCAP:capture_20260430060001:919b39a74464	SESSION-b420826720a06333 → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.154:asn:262880	host:177.10.238.154 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f32bbf866d49408:host:172.234.197.23	SESSION-2f32bbf866d49408 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-dee230b22d739e8a:host:172.234.197.23	SESSION-dee230b22d739e8a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:870af0042d8d	flow:870af0042d8d → host:131.196.30.152 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88a21eebc91cc549:host:45.173.156.244	SESSION-88a21eebc91cc549 → host:45.173.156.244
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b2b0ee493ee38385:SESSION-b2b0ee493ee38385	SESSION-b2b0ee493ee38385 → pe:tls:SESSION-b2b0ee493ee38385
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb5c3fce7274dac7:PCAP:capture_20260430110001:43611bdf6759	SESSION-cb5c3fce7274dac7 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20e3655a208f66c6:host:172.234.197.23	SESSION-20e3655a208f66c6 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f8c973292e4e10a2:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f8c973292e4e10a2 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a9343604177341c5:SESSION-a9343604177341c5	SESSION-a9343604177341c5 → pe:tls:SESSION-a9343604177341c5
FLOW_FROM_HOSTOBS	e:from:SESSION-a18dc2bb6be0117f:host:131.196.30.68	SESSION-a18dc2bb6be0117f → host:131.196.30.68
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7661066332b8e82:PCAP:capture_20260430090001:065659c7d314	SESSION-b7661066332b8e82 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-5ad7ae70426d3354:host:131.196.28.223	SESSION-5ad7ae70426d3354 → host:131.196.28.223
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9166f313177f7326:host:172.234.197.23	SESSION-9166f313177f7326 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf31506875543a88:host:177.10.239.184	SESSION-cf31506875543a88 → host:177.10.239.184
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3bb818ce2b02135d:flow:aa4014470102	SESSION-3bb818ce2b02135d → flow:aa4014470102
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0b8c772918251267:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-0b8c772918251267 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-674d0a1b38b3c135:host:172.234.197.23:host:45.173.156.44	SESSION-674d0a1b38b3c135 → host:172.234.197.23 → host:45.173.156.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-836e4ff4bdb8da04:SESSION-836e4ff4bdb8da04	SESSION-836e4ff4bdb8da04 → pe:syn:SESSION-836e4ff4bdb8da04
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-a33a5bbd98f17a5b:BSG-BEACON-7e5f57415e56	SESSION-a33a5bbd98f17a5b → BSG-BEACON-7e5f57415e56
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.34:geo_-16.28860_-49.01640	host:177.10.234.34 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4fb1f3797e8f19a3:PCAP:capture_20260430050001:8868731bf8a4	SESSION-4fb1f3797e8f19a3 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c422154c7899227e:flow:ab0e7633f4fd	SESSION-c422154c7899227e → flow:ab0e7633f4fd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-361f1ea86b9f3cf3:PCAP:capture_20260430080001:93f47cc296a4	SESSION-361f1ea86b9f3cf3 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-6353435fcd827ef1:SESSION-6353435fcd827ef1	SESSION-6353435fcd827ef1 → pe:rst:SESSION-6353435fcd827ef1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-792b602eaec629a3:host:177.10.236.120	SESSION-792b602eaec629a3 → host:177.10.236.120
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c58b004ff38abe14:SESSION-c58b004ff38abe14	SESSION-c58b004ff38abe14 → pe:syn:SESSION-c58b004ff38abe14
FLOW_DST_PORTOBS	e:fp:flow:dcc768f94395:port:tcp:28004	flow:dcc768f94395 → port:tcp:28004
FLOW_TO_HOSTOBS	e:to:SESSION-1d7bdeba7c000ea7:host:177.10.234.109	SESSION-1d7bdeba7c000ea7 → host:177.10.234.109
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5a59556c261862d:flow:2cea5d283468	SESSION-b5a59556c261862d → flow:2cea5d283468
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1057767eda3c24b1:host:177.10.238.122	SESSION-1057767eda3c24b1 → host:177.10.238.122
ASN_IN_ORGOBS 80%	e:ao:asn:13335:org:Cloudflare, Inc.	asn:13335 → org:Cloudflare, Inc.
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6459c4621d226611:host:131.196.30.104:host:172.234.197.23	SESSION-6459c4621d226611 → host:131.196.30.104 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0b2d512f3efc35f9:flow:05dc6ac42870	SESSION-0b2d512f3efc35f9 → flow:05dc6ac42870
FLOW_TO_HOSTOBS	e:to:SESSION-8f98b72d4ec65d75:host:172.234.197.23	SESSION-8f98b72d4ec65d75 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.16:asn:271410	host:131.196.31.16 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:daab24d3782e:port:tcp:45634	flow:daab24d3782e → port:tcp:45634
FLOW_TO_HOSTOBS	e:to:SESSION-1e2ace7c21b4da04:host:172.234.197.23	SESSION-1e2ace7c21b4da04 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bc4151fd6a85:port:tcp:443	flow:bc4151fd6a85 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:53a6aa87e901:port:tcp:22949	flow:53a6aa87e901 → port:tcp:22949
FLOW_FROM_HOSTOBS	e:from:SESSION-2354f30fe4af5f56:host:131.196.28.205	SESSION-2354f30fe4af5f56 → host:131.196.28.205
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c59147b81bc92a14:flow:974c9a601f83	SESSION-c59147b81bc92a14 → flow:974c9a601f83
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-73eca1f22df524d3:PCAP:capture_20260430050001:8868731bf8a4	SESSION-73eca1f22df524d3 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eff9d1155e5c571f:PCAP:capture_20260430110001:43611bdf6759	SESSION-eff9d1155e5c571f → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-11723453546179ac:SESSION-11723453546179ac	SESSION-11723453546179ac → pe:syn:SESSION-11723453546179ac
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-66897d09e7f9757a:SESSION-66897d09e7f9757a	SESSION-66897d09e7f9757a → pe:syn:SESSION-66897d09e7f9757a
FLOW_TO_HOSTOBS	e:to:SESSION-72e57a99703d053d:host:172.234.197.23	SESSION-72e57a99703d053d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f81fa7919a8c03a8:host:172.234.197.23:host:177.10.235.40	SESSION-f81fa7919a8c03a8 → host:172.234.197.23 → host:177.10.235.40
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-33348e69a2613db6:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-33348e69a2613db6 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-484d7e89f92d0359:SESSION-484d7e89f92d0359	SESSION-484d7e89f92d0359 → pe:tls:SESSION-484d7e89f92d0359
FLOW_TO_HOSTOBS	e:to:SESSION-d11c29aca82696f2:host:172.234.197.23	SESSION-d11c29aca82696f2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f07097ffc1d464e5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f07097ffc1d464e5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:c10793bfc512	flow:c10793bfc512 → host:172.234.197.23 → host:131.196.30.230 → port:tcp:26232
flow_observed5-aryOBS	e:fo:flow:6386656d45fb	flow:6386656d45fb → host:131.196.29.177 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.133:asn:262880	host:177.10.235.133 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-836e4ff4bdb8da04:SESSION-836e4ff4bdb8da04	SESSION-836e4ff4bdb8da04 → pe:tls:SESSION-836e4ff4bdb8da04
FLOW_FROM_HOSTOBS	e:from:SESSION-b330864bc1d39cd9:host:172.234.197.23	SESSION-b330864bc1d39cd9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bfbb16ce344dac5c:host:172.234.197.23	SESSION-bfbb16ce344dac5c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a918f52003c304f:host:185.231.226.253:host:172.234.197.23	SESSION-0a918f52003c304f → host:185.231.226.253 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7bea4de6efa859da:host:172.234.197.23:host:177.10.238.194	SESSION-7bea4de6efa859da → host:172.234.197.23 → host:177.10.238.194
FLOW_DST_PORTOBS	e:fp:flow:89e22f178cd9:port:tcp:443	flow:89e22f178cd9 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.243:geo_-16.28860_-49.01640	host:177.10.234.243 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:cb293ef68a69:port:tcp:40669	flow:cb293ef68a69 → port:tcp:40669
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e703980a48f1e09:host:172.234.197.23	SESSION-4e703980a48f1e09 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d0cb11649434d08c:SESSION-d0cb11649434d08c	SESSION-d0cb11649434d08c → pe:tls:SESSION-d0cb11649434d08c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d5d721b5ee8bbbc:host:104.28.202.80	SESSION-5d5d721b5ee8bbbc → host:104.28.202.80
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.50:geo_-16.28860_-49.01640	host:177.10.238.50 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-079c82b45cfad420:host:172.234.197.23	SESSION-079c82b45cfad420 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5a78d91cebd5172f:host:172.234.197.23	SESSION-5a78d91cebd5172f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8b61fb09d40ad349:flow:53410f312c06	SESSION-8b61fb09d40ad349 → flow:53410f312c06
FLOW_FROM_HOSTOBS	e:from:SESSION-5c80786b4900f92c:host:172.234.197.23	SESSION-5c80786b4900f92c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b880a07e89a760de:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b880a07e89a760de → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b66b69fe93183378:SESSION-b66b69fe93183378	SESSION-b66b69fe93183378 → pe:tls:SESSION-b66b69fe93183378
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93be623985b95b7d:host:177.10.238.156	SESSION-93be623985b95b7d → host:177.10.238.156
FLOW_FROM_HOSTOBS	e:from:SESSION-ca0d45baeb856677:host:177.10.233.211	SESSION-ca0d45baeb856677 → host:177.10.233.211
FLOW_TO_HOSTOBS	e:to:SESSION-4203cad708a9d562:host:45.173.156.41	SESSION-4203cad708a9d562 → host:45.173.156.41
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a6ca8d988675ead3:SESSION-a6ca8d988675ead3	SESSION-a6ca8d988675ead3 → pe:tls:SESSION-a6ca8d988675ead3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1dda0e3344468f76:SESSION-1dda0e3344468f76	SESSION-1dda0e3344468f76 → pe:tls:SESSION-1dda0e3344468f76
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f8e250b2be37e497:flow:bfd0325eab2c	SESSION-f8e250b2be37e497 → flow:bfd0325eab2c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b8a95576c112cc14:PCAP:capture_20260430160001:9bfa4498506a	SESSION-b8a95576c112cc14 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:bd6abeea0073	flow:bd6abeea0073 → host:177.10.236.108 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-2289078120ff48cc:host:177.10.237.90	SESSION-2289078120ff48cc → host:177.10.237.90
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cfbd2e877e86cd2a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-cfbd2e877e86cd2a → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dca77cba3fb011ca:host:172.234.197.23	SESSION-dca77cba3fb011ca → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4298399acb708ae5:SESSION-4298399acb708ae5	SESSION-4298399acb708ae5 → pe:syn:SESSION-4298399acb708ae5
FLOW_TO_HOSTOBS	e:to:SESSION-1898da4930ba04f2:host:172.234.197.23	SESSION-1898da4930ba04f2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e2d49c8fbcdf:port:tcp:22	flow:e2d49c8fbcdf → port:tcp:22
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9c30e2da5c8abbcf:flow:971244252930	SESSION-9c30e2da5c8abbcf → flow:971244252930
FLOW_FROM_HOSTOBS	e:from:SESSION-cb59d1b27c368873:host:177.10.236.22	SESSION-cb59d1b27c368873 → host:177.10.236.22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-978d4fdbc8d38350:SESSION-978d4fdbc8d38350	SESSION-978d4fdbc8d38350 → pe:tls:SESSION-978d4fdbc8d38350
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03cfd9b1d0f62704:host:177.10.236.255	SESSION-03cfd9b1d0f62704 → host:177.10.236.255
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d42f41260fbe7c09:PCAP:capture_20260430090001:065659c7d314	SESSION-d42f41260fbe7c09 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cf7044e44d29be7c:flow:35d670918235	SESSION-cf7044e44d29be7c → flow:35d670918235
FLOW_DST_PORTOBS	e:fp:flow:8c0a36e715f9:port:tcp:60604	flow:8c0a36e715f9 → port:tcp:60604
FLOW_DST_PORTOBS	e:fp:flow:cb97aa589965:port:tcp:9264	flow:cb97aa589965 → port:tcp:9264
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9a24e91c66cf817:host:172.234.197.23	SESSION-f9a24e91c66cf817 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-13b449bea21c4b54:host:177.10.236.22	SESSION-13b449bea21c4b54 → host:177.10.236.22
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d6ddb3deb8cc2873:flow:9336642b1396	SESSION-d6ddb3deb8cc2873 → flow:9336642b1396
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e626c78b08de0a8b:host:172.234.197.23	SESSION-e626c78b08de0a8b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bcd94ff2cea5ca72:host:177.10.239.10	SESSION-bcd94ff2cea5ca72 → host:177.10.239.10
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-58f4b45cf908ad77:PCAP:capture_20260430150001:ded20914761d	SESSION-58f4b45cf908ad77 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3cf945d3d1ddd41:host:177.10.236.86	SESSION-f3cf945d3d1ddd41 → host:177.10.236.86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9c36bc9032caa64b:SESSION-9c36bc9032caa64b	SESSION-9c36bc9032caa64b → pe:syn:SESSION-9c36bc9032caa64b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ee14fe05044df9df:SESSION-ee14fe05044df9df	SESSION-ee14fe05044df9df → pe:tls:SESSION-ee14fe05044df9df
flow_observed4-aryOBS	e:fo:flow:d48167229286	flow:d48167229286 → host:172.234.197.23 → host:177.10.238.7 → port:tcp:41556
FLOW_TO_HOSTOBS	e:to:SESSION-cb7f3482601c970a:host:172.234.197.23	SESSION-cb7f3482601c970a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ed37285d7356	flow:ed37285d7356 → host:57.128.95.174 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-7c008c2d2b932d4b:host:177.10.235.45	SESSION-7c008c2d2b932d4b → host:177.10.235.45
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-91c3828e0c41fbe7:host:172.234.197.23	SESSION-91c3828e0c41fbe7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7deae72d4bf5:port:tcp:443	flow:7deae72d4bf5 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-67f971eb3e92b8d2:host:172.234.197.23:host:131.196.28.107	SESSION-67f971eb3e92b8d2 → host:172.234.197.23 → host:131.196.28.107
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55187c9d4dc6d2e7:host:177.10.235.90	SESSION-55187c9d4dc6d2e7 → host:177.10.235.90
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d9c211d2931ae713:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d9c211d2931ae713 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:a09dfaa93133:port:tcp:65480	flow:a09dfaa93133 → port:tcp:65480
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ff9ef052366910da:SESSION-ff9ef052366910da	SESSION-ff9ef052366910da → pe:syn:SESSION-ff9ef052366910da
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-098ed7054a17b347:SESSION-098ed7054a17b347	SESSION-098ed7054a17b347 → pe:syn:SESSION-098ed7054a17b347
FLOW_DST_PORTOBS	e:fp:flow:be27ca17f284:port:tcp:443	flow:be27ca17f284 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a79875656e67c68:SESSION-0a79875656e67c68	SESSION-0a79875656e67c68 → pe:syn:SESSION-0a79875656e67c68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f5575c7d9faf65d:host:177.10.232.164	SESSION-5f5575c7d9faf65d → host:177.10.232.164
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-15ce8c1431c2e2c7:SESSION-15ce8c1431c2e2c7	SESSION-15ce8c1431c2e2c7 → pe:tls:SESSION-15ce8c1431c2e2c7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4da5ddbc1348c177:flow:b035af59ec11	SESSION-4da5ddbc1348c177 → flow:b035af59ec11
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c18109925f9685a:host:172.234.197.23	SESSION-8c18109925f9685a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8366f626d6b88fcf:host:177.10.234.91	SESSION-8366f626d6b88fcf → host:177.10.234.91
FLOW_DST_PORTOBS	e:fp:flow:10c4e8fbc188:port:tcp:443	flow:10c4e8fbc188 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.155:asn:262880	host:177.10.237.155 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-ce973eb9d12ea742:host:172.234.197.23	SESSION-ce973eb9d12ea742 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-285399b7803aab9b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-285399b7803aab9b → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-968009a702657adb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-968009a702657adb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6104696c1212e0a0:host:34.216.76.26:host:172.234.197.23	SESSION-6104696c1212e0a0 → host:34.216.76.26 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e28b3ef52579af3b:flow:68285fd309bb	SESSION-e28b3ef52579af3b → flow:68285fd309bb
FLOW_DST_PORTOBS	e:fp:flow:a8e38032e2d9:port:tcp:443	flow:a8e38032e2d9 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:bf734c94e9b1:port:tcp:443	flow:bf734c94e9b1 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb4d3e328cdf4bcd:SESSION-cb4d3e328cdf4bcd	SESSION-cb4d3e328cdf4bcd → pe:syn:SESSION-cb4d3e328cdf4bcd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-117c00f29ed332ce:host:177.10.238.231	SESSION-117c00f29ed332ce → host:177.10.238.231
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.243:geo_-16.28860_-49.01640	host:177.10.232.243 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:4c57767f623d	flow:4c57767f623d → host:177.10.234.37 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd0176ca8d9bf386:host:172.234.197.23	SESSION-cd0176ca8d9bf386 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.133:geo_-23.62930_-46.63510	host:131.196.28.133 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-917ad6cf3046e17b:host:45.173.156.101	SESSION-917ad6cf3046e17b → host:45.173.156.101
flow_observed5-aryOBS	e:fo:flow:3c78e4fa9a53	flow:3c78e4fa9a53 → host:177.10.232.56 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3f275f56cd4e0d64:host:45.173.156.117:host:172.234.197.23	SESSION-3f275f56cd4e0d64 → host:45.173.156.117 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d53928eb39cd6093:host:131.196.31.23	SESSION-d53928eb39cd6093 → host:131.196.31.23
flow_observed5-aryOBS	e:fo:flow:834de8b9babd	flow:834de8b9babd → host:177.10.234.34 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f9e3e5dcd2ccb687:SESSION-f9e3e5dcd2ccb687	SESSION-f9e3e5dcd2ccb687 → pe:syn:SESSION-f9e3e5dcd2ccb687
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d3dc2c705a19d83:host:177.10.236.129	SESSION-6d3dc2c705a19d83 → host:177.10.236.129
FLOW_TLS_SNIOBS	e:fs:flow:93dc34757c1c:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:93dc34757c1c → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a81d3c71843f89e:host:172.234.197.23	SESSION-2a81d3c71843f89e → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:a73661cc047d:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:a73661cc047d → tls_sni:172-234-197-23.ip.linodeusercontent.com
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.95:asn:262880	host:177.10.234.95 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-196ad93208fa5be9:flow:6c39dc1f1460	SESSION-196ad93208fa5be9 → flow:6c39dc1f1460
FLOW_TO_HOSTOBS	e:to:SESSION-cb7db2afd613f778:host:172.234.197.23	SESSION-cb7db2afd613f778 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:98f62f7def50:port:udp:53	flow:98f62f7def50 → port:udp:53
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.138:geo_-16.28860_-49.01640	host:177.10.236.138 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f04e938497dcf32a:host:172.234.197.23:host:177.10.232.206	SESSION-f04e938497dcf32a → host:172.234.197.23 → host:177.10.232.206
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:195.96.138.88:geo_51.49640_-0.12240	host:195.96.138.88 → geo_51.49640_-0.12240
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d0ac7328414c6be9:SESSION-d0ac7328414c6be9	SESSION-d0ac7328414c6be9 → pe:syn:SESSION-d0ac7328414c6be9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8c0a98b52014301:host:177.10.237.230	SESSION-d8c0a98b52014301 → host:177.10.237.230
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f9972302e9230d9:host:45.173.156.163	SESSION-9f9972302e9230d9 → host:45.173.156.163
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-57e647fa0cdcfe5a:PCAP:capture_20260430060001:919b39a74464	SESSION-57e647fa0cdcfe5a → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:44e7caf8cd36:port:udp:53	flow:44e7caf8cd36 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24763432928200fc:host:177.10.238.28	SESSION-24763432928200fc → host:177.10.238.28
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-045a77174f347205:host:45.173.156.154	SESSION-045a77174f347205 → host:45.173.156.154
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-57d2db6c2c177c2e:SESSION-57d2db6c2c177c2e	SESSION-57d2db6c2c177c2e → pe:syn:SESSION-57d2db6c2c177c2e
FLOW_DST_PORTOBS	e:fp:flow:478fb2a48727:port:tcp:443	flow:478fb2a48727 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:6af774f9a8b1:port:tcp:443	flow:6af774f9a8b1 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c80fd68cbbc51442:SESSION-c80fd68cbbc51442	SESSION-c80fd68cbbc51442 → pe:syn:SESSION-c80fd68cbbc51442
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d99d46a236a5e045:host:172.234.197.23	SESSION-d99d46a236a5e045 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9b373f59ff0198ea:SESSION-9b373f59ff0198ea	SESSION-9b373f59ff0198ea → pe:syn:SESSION-9b373f59ff0198ea
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8c774bbe3f97971:host:172.234.197.23	SESSION-d8c774bbe3f97971 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-662271688fa2b491:host:131.196.28.234	SESSION-662271688fa2b491 → host:131.196.28.234
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-608f057a6e6e376d:PCAP:capture_20260428010001:b1b402c7b202	SESSION-608f057a6e6e376d → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-592c559641abdde0:flow:0a7adc7b38b0	SESSION-592c559641abdde0 → flow:0a7adc7b38b0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68a45a74f687a5a4:host:177.10.232.116:host:172.234.197.23	SESSION-68a45a74f687a5a4 → host:177.10.232.116 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-74d9117e815e4c77:host:131.196.28.242	SESSION-74d9117e815e4c77 → host:131.196.28.242
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96623b45a0a307c2:SESSION-96623b45a0a307c2	SESSION-96623b45a0a307c2 → pe:tls:SESSION-96623b45a0a307c2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-feb7243d21c3bd2d:host:172.234.197.23	SESSION-feb7243d21c3bd2d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-486ff38c4390c341:host:172.234.197.23	SESSION-486ff38c4390c341 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-27d1e1e2170d683a:PCAP:capture_20260430160001:9bfa4498506a	SESSION-27d1e1e2170d683a → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f62140848f2b702:host:185.231.226.231	SESSION-8f62140848f2b702 → host:185.231.226.231
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc77084e1c24867c:SESSION-cc77084e1c24867c	SESSION-cc77084e1c24867c → pe:syn:SESSION-cc77084e1c24867c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-662271688fa2b491:SESSION-662271688fa2b491	SESSION-662271688fa2b491 → pe:tls:SESSION-662271688fa2b491
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.1:geo_-16.28860_-49.01640	host:177.10.236.1 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:90a0ab0b2f2b:port:tcp:443	flow:90a0ab0b2f2b → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-39845edf8e8f640a:host:172.234.197.23	SESSION-39845edf8e8f640a → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.22:asn:271410	host:131.196.29.22 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-917ad6cf3046e17b:flow:cb97aa589965	SESSION-917ad6cf3046e17b → flow:cb97aa589965
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e8a6e8a4db8ac534:SESSION-e8a6e8a4db8ac534	SESSION-e8a6e8a4db8ac534 → pe:tls:SESSION-e8a6e8a4db8ac534
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1462f3fe112e9d96:host:172.234.197.23:host:131.196.30.131	SESSION-1462f3fe112e9d96 → host:172.234.197.23 → host:131.196.30.131
FLOW_FROM_HOSTOBS	e:from:SESSION-eb40f64797e3fe16:host:172.234.197.23	SESSION-eb40f64797e3fe16 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5cb3d18d192da5f3:host:177.10.235.86	SESSION-5cb3d18d192da5f3 → host:177.10.235.86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-89e4df8c6f209b00:SESSION-89e4df8c6f209b00	SESSION-89e4df8c6f209b00 → pe:syn:SESSION-89e4df8c6f209b00
flow_observed5-aryOBS	e:fo:flow:390f5665cae1	flow:390f5665cae1 → host:131.196.28.193 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:8a1936a43e9f	flow:8a1936a43e9f → host:172.234.197.23 → host:177.10.239.196 → port:tcp:33508
FLOW_DST_PORTOBS	e:fp:flow:3bafc3163702:port:tcp:39034	flow:3bafc3163702 → port:tcp:39034
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.155:geo_-16.28860_-49.01640	host:177.10.232.155 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc0f694a62c9abc8:SESSION-cc0f694a62c9abc8	SESSION-cc0f694a62c9abc8 → pe:tls:SESSION-cc0f694a62c9abc8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f4bd70bea69fea0d:SESSION-f4bd70bea69fea0d	SESSION-f4bd70bea69fea0d → pe:syn:SESSION-f4bd70bea69fea0d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2632ba515271ea31:flow:a093cc81b878	SESSION-2632ba515271ea31 → flow:a093cc81b878
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7edb52a0a7553f53:flow:15db773386fc	SESSION-7edb52a0a7553f53 → flow:15db773386fc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0caa41ae62241956:host:177.10.235.93	SESSION-0caa41ae62241956 → host:177.10.235.93
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-394efd35512401c0:PCAP:capture_20260430090001:065659c7d314	SESSION-394efd35512401c0 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:34b9193bd10f	flow:34b9193bd10f → host:131.196.28.223 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2625555cac004c06:flow:9b447da23548	SESSION-2625555cac004c06 → flow:9b447da23548
FLOW_TO_HOSTOBS	e:to:SESSION-836e4ff4bdb8da04:host:172.234.197.23	SESSION-836e4ff4bdb8da04 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6115367b739c:port:tcp:443	flow:6115367b739c → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-8f8f919bfd11f34b:host:177.10.237.237	SESSION-8f8f919bfd11f34b → host:177.10.237.237
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d0453327d6800ed:flow:eab2ca047921	SESSION-1d0453327d6800ed → flow:eab2ca047921
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2d8f5cec7e169b47:PCAP:capture_20260430150001:ded20914761d	SESSION-2d8f5cec7e169b47 → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.160:geo_-16.28860_-49.01640	host:177.10.235.160 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-2f997fef874b1b1e:host:172.232.0.16	SESSION-2f997fef874b1b1e → host:172.232.0.16
flow_observed5-aryOBS	e:fo:flow:ee2868577a4b	flow:ee2868577a4b → host:177.10.238.157 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a810a8703b9c77f1:flow:4170fe2e85a7	SESSION-a810a8703b9c77f1 → flow:4170fe2e85a7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-543230bb149abbcc:flow:2f1d9ef885e7	SESSION-543230bb149abbcc → flow:2f1d9ef885e7
FLOW_TO_HOSTOBS	e:to:SESSION-4cd4ae8706680eb9:host:131.196.29.164	SESSION-4cd4ae8706680eb9 → host:131.196.29.164
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9b9ddad698cc7ffe:flow:e1daaa949a5f	SESSION-9b9ddad698cc7ffe → flow:e1daaa949a5f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-364513c2995bfd3b:host:131.196.31.174:host:172.234.197.23	SESSION-364513c2995bfd3b → host:131.196.31.174 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:67e55af760db	flow:67e55af760db → host:177.10.234.201 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:31327b4941f7	flow:31327b4941f7 → host:131.196.29.75 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:d74671e865ef:port:tcp:40440	flow:d74671e865ef → port:tcp:40440
FLOW_DST_PORTOBS	e:fp:flow:f7227496e47f:port:tcp:62365	flow:f7227496e47f → port:tcp:62365
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-113c4b09005431cc:SESSION-113c4b09005431cc	SESSION-113c4b09005431cc → pe:syn:SESSION-113c4b09005431cc
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.36:geo_-16.28860_-49.01640	host:177.10.235.36 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4167334bdfae4b6:host:131.196.28.223	SESSION-a4167334bdfae4b6 → host:131.196.28.223
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a7bf37c238cc392:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4a7bf37c238cc392 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5252ca05229eda25:SESSION-5252ca05229eda25	SESSION-5252ca05229eda25 → pe:syn:SESSION-5252ca05229eda25
flow_observed5-aryOBS	e:fo:flow:db9420429575	flow:db9420429575 → host:131.196.29.41 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-414103fa622913fc:SESSION-414103fa622913fc	SESSION-414103fa622913fc → pe:rst:SESSION-414103fa622913fc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-180bc1efe2db3897:SESSION-180bc1efe2db3897	SESSION-180bc1efe2db3897 → pe:tls:SESSION-180bc1efe2db3897
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ced8040d8221dfbc:flow:6c47df989bb5	SESSION-ced8040d8221dfbc → flow:6c47df989bb5
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.151:asn:262880	host:177.10.238.151 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ef41947f9929862:host:172.234.197.23	SESSION-8ef41947f9929862 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b66b69fe93183378:host:172.234.197.23:host:45.173.156.51	SESSION-b66b69fe93183378 → host:172.234.197.23 → host:45.173.156.51
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.110:geo_-23.62930_-46.63510	host:131.196.28.110 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-25103b8a97127215:PCAP:capture_20260430050001:8868731bf8a4	SESSION-25103b8a97127215 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-01454c90925a3a4f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-01454c90925a3a4f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1909494739e8c502:host:37.27.162.26:host:172.234.197.23	SESSION-1909494739e8c502 → host:37.27.162.26 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0bf5b48d5bcb9503:host:131.196.31.18	SESSION-0bf5b48d5bcb9503 → host:131.196.31.18
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fc518dfa07303a8:host:172.234.197.23	SESSION-1fc518dfa07303a8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f0cdd1d919af3f4a:host:131.196.30.51:host:172.234.197.23	SESSION-f0cdd1d919af3f4a → host:131.196.30.51 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9ab65b5d8a01cf3d:host:177.10.239.208:host:172.234.197.23	SESSION-9ab65b5d8a01cf3d → host:177.10.239.208 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-749084d26a1fdfcc:flow:ebaf2d276c65	SESSION-749084d26a1fdfcc → flow:ebaf2d276c65
FLOW_DST_PORTOBS	e:fp:flow:1d557416deb3:port:tcp:443	flow:1d557416deb3 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-29ee7b0c08ea02ad:host:177.10.233.191:host:172.234.197.23	SESSION-29ee7b0c08ea02ad → host:177.10.233.191 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e6c979070fb893e:host:131.196.28.56	SESSION-9e6c979070fb893e → host:131.196.28.56
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6e8b24d973ac1177:flow:744777def8bc	SESSION-6e8b24d973ac1177 → flow:744777def8bc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ca00666a1b5cdae:PCAP:capture_20260430090001:065659c7d314	SESSION-1ca00666a1b5cdae → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-84669169ffdf0c83:host:177.10.232.82:host:172.234.197.23	SESSION-84669169ffdf0c83 → host:177.10.232.82 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66897d09e7f9757a:host:172.234.197.23	SESSION-66897d09e7f9757a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-59d5bafa56d514c9:host:172.234.197.23	SESSION-59d5bafa56d514c9 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d2a27537cb94:port:tcp:443	flow:d2a27537cb94 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:ec5e5082148e	flow:ec5e5082148e → host:172.234.197.23 → host:177.10.233.32 → port:tcp:40736
FLOW_FROM_HOSTOBS	e:from:SESSION-905738e9b4f08562:host:177.10.235.213	SESSION-905738e9b4f08562 → host:177.10.235.213
flow_observed4-aryOBS	e:fo:flow:ea69cbe21998	flow:ea69cbe21998 → host:172.234.197.23 → host:177.10.237.221 → port:tcp:16317
HOST_IN_ASNOBS 85%	e:ha:host:18.183.88.164:asn:16509	host:18.183.88.164 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-181666d0ed9d45b8:SESSION-181666d0ed9d45b8	SESSION-181666d0ed9d45b8 → pe:tls:SESSION-181666d0ed9d45b8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-365dad18baa46a43:host:95.170.25.190	SESSION-365dad18baa46a43 → host:95.170.25.190
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-805d717a82cbb042:host:131.196.28.140	SESSION-805d717a82cbb042 → host:131.196.28.140
flow_observed5-aryOBS	e:fo:flow:05dd83abcaed	flow:05dd83abcaed → host:45.173.156.68 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-26f197960c59c7f7:host:131.196.28.195	SESSION-26f197960c59c7f7 → host:131.196.28.195
FLOW_TO_HOSTOBS	e:to:SESSION-28ea3e411a2de5c2:host:177.10.239.51	SESSION-28ea3e411a2de5c2 → host:177.10.239.51
FLOW_TO_HOSTOBS	e:to:SESSION-94c9082e66baa6b5:host:177.10.238.10	SESSION-94c9082e66baa6b5 → host:177.10.238.10
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-22873a115734b4a8:host:172.234.197.23:host:177.10.232.24	SESSION-22873a115734b4a8 → host:172.234.197.23 → host:177.10.232.24
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4d7e31822e7386a:SESSION-c4d7e31822e7386a	SESSION-c4d7e31822e7386a → pe:tls:SESSION-c4d7e31822e7386a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37c584531b25722b:host:131.196.30.239:host:172.234.197.23	SESSION-37c584531b25722b → host:131.196.30.239 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e034fcb399102895:SESSION-e034fcb399102895	SESSION-e034fcb399102895 → pe:tls:SESSION-e034fcb399102895
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ac55ff303c5de83:SESSION-1ac55ff303c5de83	SESSION-1ac55ff303c5de83 → pe:syn:SESSION-1ac55ff303c5de83
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-44c3a4d4ec5442f2:SESSION-44c3a4d4ec5442f2	SESSION-44c3a4d4ec5442f2 → pe:tls:SESSION-44c3a4d4ec5442f2
flow_observed4-aryOBS	e:fo:flow:9540f6a4186b	flow:9540f6a4186b → host:172.234.197.23 → host:177.10.238.190 → port:tcp:64987
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5c85963c9f133e2:host:45.173.156.247	SESSION-a5c85963c9f133e2 → host:45.173.156.247
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e512980b1e52beb:PCAP:capture_20260430080001:93f47cc296a4	SESSION-7e512980b1e52beb → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:45.148.10.151:asn:48090	host:45.148.10.151 → asn:48090
FLOW_FROM_HOSTOBS	e:from:SESSION-2ca971b9386eb0b9:host:177.10.239.149	SESSION-2ca971b9386eb0b9 → host:177.10.239.149
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69b211b684a77852:host:172.234.197.23	SESSION-69b211b684a77852 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.78:asn:262880	host:177.10.233.78 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b68b7374dcfd0024:flow:3beae65c4960	SESSION-b68b7374dcfd0024 → flow:3beae65c4960
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6229e1e1c7b389d0:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6229e1e1c7b389d0 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c83e078f141652ea:SESSION-c83e078f141652ea	SESSION-c83e078f141652ea → pe:syn:SESSION-c83e078f141652ea
FLOW_TO_HOSTOBS	e:to:SESSION-51257a0fcd8d6a04:host:131.196.28.240	SESSION-51257a0fcd8d6a04 → host:131.196.28.240
FLOW_DST_PORTOBS	e:fp:flow:5968ff9ca8b3:port:tcp:443	flow:5968ff9ca8b3 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c85a65cf2db0ee65:host:177.10.233.52:host:172.234.197.23	SESSION-c85a65cf2db0ee65 → host:177.10.233.52 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f416b1590e3cca4:host:172.234.197.23	SESSION-5f416b1590e3cca4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7f799bd198c08bce:host:172.234.197.23	SESSION-7f799bd198c08bce → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-394efd35512401c0:host:177.10.238.186	SESSION-394efd35512401c0 → host:177.10.238.186
flow_observed4-aryOBS	e:fo:flow:3b689cdb82ed	flow:3b689cdb82ed → host:172.234.197.23 → host:131.196.28.217 → port:tcp:23211
FLOW_FROM_HOSTOBS	e:from:SESSION-84186d30322c849e:host:131.196.28.107	SESSION-84186d30322c849e → host:131.196.28.107
FLOW_DST_PORTOBS	e:fp:flow:cb62cbda5136:port:tcp:443	flow:cb62cbda5136 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-54016b03ecf1701c:PCAP:capture_20260430070001:903a0e7a436b	SESSION-54016b03ecf1701c → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6b4419d123b2f0e3:SESSION-6b4419d123b2f0e3	SESSION-6b4419d123b2f0e3 → pe:tls:SESSION-6b4419d123b2f0e3
FLOW_TO_HOSTOBS	e:to:SESSION-e872279913929717:host:172.234.197.23	SESSION-e872279913929717 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ce17c1c4b6f006e0:PCAP:capture_20260430050001:8868731bf8a4	SESSION-ce17c1c4b6f006e0 → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.2:geo_-23.62930_-46.63510	host:131.196.31.2 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-fed96f9f16ada01c:host:131.196.28.170	SESSION-fed96f9f16ada01c → host:131.196.28.170
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c9716031ec5470ef:SESSION-c9716031ec5470ef	SESSION-c9716031ec5470ef → pe:tls:SESSION-c9716031ec5470ef
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b670e7c5e0a8e3a1:SESSION-b670e7c5e0a8e3a1	SESSION-b670e7c5e0a8e3a1 → pe:tls:SESSION-b670e7c5e0a8e3a1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9e0d73c88dd83fb6:SESSION-9e0d73c88dd83fb6	SESSION-9e0d73c88dd83fb6 → pe:syn:SESSION-9e0d73c88dd83fb6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3414b775ddfde4b:host:172.234.197.23	SESSION-a3414b775ddfde4b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3a3b20edc3bf85f8:host:172.234.197.23:host:177.10.233.130	SESSION-3a3b20edc3bf85f8 → host:172.234.197.23 → host:177.10.233.130
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2fd071a3b1e728ca:host:177.10.235.184	SESSION-2fd071a3b1e728ca → host:177.10.235.184
FLOW_DST_PORTOBS	e:fp:flow:29836bac5672:port:tcp:80	flow:29836bac5672 → port:tcp:80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6a72e7bc5d973ed2:flow:10d37126a494	SESSION-6a72e7bc5d973ed2 → flow:10d37126a494
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4be6b5471ca196a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c4be6b5471ca196a → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:ac3806b9df7d:port:tcp:443	flow:ac3806b9df7d → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-ae3419cd71fb8b85:host:45.173.156.232	SESSION-ae3419cd71fb8b85 → host:45.173.156.232
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.237:asn:273470	host:45.173.156.237 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b09cf74640ed889e:flow:b0f8eace8c77	SESSION-b09cf74640ed889e → flow:b0f8eace8c77
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b447e1896cf3c7e:host:177.10.238.157	SESSION-4b447e1896cf3c7e → host:177.10.238.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ead5791c5617fb56:SESSION-ead5791c5617fb56	SESSION-ead5791c5617fb56 → pe:syn:SESSION-ead5791c5617fb56
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c93964ffa7e29d50:SESSION-c93964ffa7e29d50	SESSION-c93964ffa7e29d50 → pe:syn:SESSION-c93964ffa7e29d50
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a5bede5fedae88e0:PCAP:capture_20260430050001:8868731bf8a4	SESSION-a5bede5fedae88e0 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d7f8914f0744c0dd:SESSION-d7f8914f0744c0dd	SESSION-d7f8914f0744c0dd → pe:syn:SESSION-d7f8914f0744c0dd
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.248:asn:262880	host:177.10.236.248 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b84ff3ecb7ac9c51:host:131.196.30.203	SESSION-b84ff3ecb7ac9c51 → host:131.196.30.203
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5a74cc524a51e3d:host:131.196.30.141	SESSION-d5a74cc524a51e3d → host:131.196.30.141
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-37c43e7a9f6dcf12:SESSION-37c43e7a9f6dcf12	SESSION-37c43e7a9f6dcf12 → pe:tls:SESSION-37c43e7a9f6dcf12
FLOW_DST_PORTOBS	e:fp:flow:5b1519d94b48:port:tcp:28156	flow:5b1519d94b48 → port:tcp:28156
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ffcf84507219fc2:SESSION-1ffcf84507219fc2	SESSION-1ffcf84507219fc2 → pe:tls:SESSION-1ffcf84507219fc2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3674a7955b512da1:SESSION-3674a7955b512da1	SESSION-3674a7955b512da1 → pe:syn:SESSION-3674a7955b512da1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7db2d3f3f113e007:PCAP:capture_20260430090001:065659c7d314	SESSION-7db2d3f3f113e007 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:287e33120754	flow:287e33120754 → host:177.10.234.60 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:d47ed30c68c9	flow:d47ed30c68c9 → host:131.196.29.186 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a60100c841341ace:host:37.27.162.26:host:172.234.197.23	SESSION-a60100c841341ace → host:37.27.162.26 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:80679ec683ee	flow:80679ec683ee → host:177.10.235.61 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:9b441099c4bf:port:tcp:443	flow:9b441099c4bf → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:1b3159206e19:port:tcp:443	flow:1b3159206e19 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:73c4fbb68f1e	flow:73c4fbb68f1e → host:177.10.235.206 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.233:asn:262880	host:177.10.236.233 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:006a40e5f40d:port:tcp:443	flow:006a40e5f40d → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:6e46b809e37b	flow:6e46b809e37b → host:199.195.254.215 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-86086a72c76b1135:flow:871875abac62	SESSION-86086a72c76b1135 → flow:871875abac62
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6dcc81ef5615b86c:SESSION-6dcc81ef5615b86c	SESSION-6dcc81ef5615b86c → pe:tls:SESSION-6dcc81ef5615b86c
flow_observed5-aryOBS	e:fo:flow:5ccb5bd3660c	flow:5ccb5bd3660c → host:131.196.30.140 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bc3cb32f8be8837a:flow:7ced1b2b5b8c	SESSION-bc3cb32f8be8837a → flow:7ced1b2b5b8c
FLOW_FROM_HOSTOBS	e:from:SESSION-605cf9d10467f8d3:host:177.10.237.2	SESSION-605cf9d10467f8d3 → host:177.10.237.2
FLOW_TO_HOSTOBS	e:to:SESSION-fe9137916d2eb5d4:host:172.234.197.23	SESSION-fe9137916d2eb5d4 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.3:geo_-16.28860_-49.01640	host:177.10.237.3 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a6a106ff5da861ac:flow:1a0170e3adc5	SESSION-a6a106ff5da861ac → flow:1a0170e3adc5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-14b61e43a384fdb4:PCAP:capture_20260430090001:065659c7d314	SESSION-14b61e43a384fdb4 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-4e49a14deb2e22da:host:172.234.197.23	SESSION-4e49a14deb2e22da → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6bb8c928d4ad	flow:6bb8c928d4ad → host:131.196.29.65 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6fd2d6a70384f754:PCAP:capture_20260428010001:b1b402c7b202	SESSION-6fd2d6a70384f754 → PCAP:capture_20260428010001:b1b402c7b202
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.129:geo_-16.28860_-49.01640	host:177.10.237.129 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ce6819df966f00de:SESSION-ce6819df966f00de	SESSION-ce6819df966f00de → pe:tls:SESSION-ce6819df966f00de
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-841299f020c7f00d:host:177.10.238.15	SESSION-841299f020c7f00d → host:177.10.238.15
FLOW_TO_HOSTOBS	e:to:SESSION-65bd30307946d7be:host:172.234.197.23	SESSION-65bd30307946d7be → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:9645bfc7fe4d	flow:9645bfc7fe4d → host:172.234.197.23 → host:177.10.237.155 → port:tcp:38852
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.131:geo_-23.62930_-46.63510	host:131.196.29.131 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7ad6356c5bafa36b:flow:fb19f5ee5964	SESSION-7ad6356c5bafa36b → flow:fb19f5ee5964
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3f077149cc71812a:SESSION-3f077149cc71812a	SESSION-3f077149cc71812a → pe:syn:SESSION-3f077149cc71812a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8366f626d6b88fcf:flow:6caf715a57a5	SESSION-8366f626d6b88fcf → flow:6caf715a57a5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6350f63c148b5b0b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-6350f63c148b5b0b → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6455927ff3f8f851:host:172.234.197.23	SESSION-6455927ff3f8f851 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eead59d5c9e2a3d1:flow:34516a1d625a	SESSION-eead59d5c9e2a3d1 → flow:34516a1d625a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.176:geo_-16.28860_-49.01640	host:177.10.236.176 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa51bce6270c7d63:host:177.10.232.167	SESSION-aa51bce6270c7d63 → host:177.10.232.167
flow_observed5-aryOBS	e:fo:flow:7638fc72224d	flow:7638fc72224d → host:177.10.238.25 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-defec876bf358011:flow:191d5ca6f36d	SESSION-defec876bf358011 → flow:191d5ca6f36d
flow_observed5-aryOBS	e:fo:flow:6a41698ec379	flow:6a41698ec379 → host:177.10.238.231 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e22ceaf98f82b588:host:172.234.197.23:host:177.10.232.131	SESSION-e22ceaf98f82b588 → host:172.234.197.23 → host:177.10.232.131
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4993bcd996008da0:host:131.196.30.195	SESSION-4993bcd996008da0 → host:131.196.30.195
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e8278f913dbee560:flow:15fff6f0df71	SESSION-e8278f913dbee560 → flow:15fff6f0df71
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-acf0f47433b56858:SESSION-acf0f47433b56858	SESSION-acf0f47433b56858 → pe:tls:SESSION-acf0f47433b56858
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1c315b0bf7f59a30:host:172.234.197.23:host:131.196.28.115	SESSION-1c315b0bf7f59a30 → host:172.234.197.23 → host:131.196.28.115
FLOW_FROM_HOSTOBS	e:from:SESSION-96b1ae4f2b433079:host:131.196.31.163	SESSION-96b1ae4f2b433079 → host:131.196.31.163
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a16085aea35a1403:host:172.234.197.23:host:103.230.240.59	SESSION-a16085aea35a1403 → host:172.234.197.23 → host:103.230.240.59
FLOW_DST_PORTOBS	e:fp:flow:5141ce494628:port:tcp:443	flow:5141ce494628 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2db2b0c2312c18a1:flow:af26800f6859	SESSION-2db2b0c2312c18a1 → flow:af26800f6859
flow_observed4-aryOBS	e:fo:flow:3a7aee779f8a	flow:3a7aee779f8a → host:172.234.197.23 → host:177.10.237.73 → port:tcp:37603
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c184642b13b6de27:flow:c702f410ff47	SESSION-c184642b13b6de27 → flow:c702f410ff47
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e921959b541072de:SESSION-e921959b541072de	SESSION-e921959b541072de → pe:tls:SESSION-e921959b541072de
FLOW_TO_HOSTOBS	e:to:SESSION-57494845d8eca477:host:172.234.197.23	SESSION-57494845d8eca477 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0046a1ddb04bc0f7:host:172.234.197.23	SESSION-0046a1ddb04bc0f7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ab55f3989857eec:host:131.196.30.88	SESSION-9ab55f3989857eec → host:131.196.30.88
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5ddc9130fa518dc:host:177.10.236.164:host:172.234.197.23	SESSION-b5ddc9130fa518dc → host:177.10.236.164 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:63c9515a3982:port:tcp:11607	flow:63c9515a3982 → port:tcp:11607
FLOW_FROM_HOSTOBS	e:from:SESSION-c5ed9f49ee99549f:host:91.240.224.238	SESSION-c5ed9f49ee99549f → host:91.240.224.238
FLOW_TO_HOSTOBS	e:to:SESSION-850471f172c9c8e6:host:172.234.197.23	SESSION-850471f172c9c8e6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b5b84f652a18f91:host:177.10.233.246	SESSION-5b5b84f652a18f91 → host:177.10.233.246
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85a8f577301970a2:flow:86c234463be6	SESSION-85a8f577301970a2 → flow:86c234463be6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fe9137916d2eb5d4:SESSION-fe9137916d2eb5d4	SESSION-fe9137916d2eb5d4 → pe:syn:SESSION-fe9137916d2eb5d4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-032a0dfc971c5b00:SESSION-032a0dfc971c5b00	SESSION-032a0dfc971c5b00 → pe:tls:SESSION-032a0dfc971c5b00
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9d9c8489868c7191:host:177.10.239.154:host:172.234.197.23	SESSION-9d9c8489868c7191 → host:177.10.239.154 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:192.99.232.216:geo_45.50630_-73.57940	host:192.99.232.216 → geo_45.50630_-73.57940
flow_observed4-aryOBS	e:fo:flow:032a41dd171b	flow:032a41dd171b → host:172.234.197.23 → host:177.10.234.169 → port:tcp:45776
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6617d8dfad1357d9:host:45.173.156.95:host:172.234.197.23	SESSION-6617d8dfad1357d9 → host:45.173.156.95 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-49ea9885c560f158:host:177.10.238.113	SESSION-49ea9885c560f158 → host:177.10.238.113
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8314ac7032421127:host:177.10.239.217	SESSION-8314ac7032421127 → host:177.10.239.217
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.5:asn:203771	host:95.170.25.5 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a60794a5b314271e:SESSION-a60794a5b314271e	SESSION-a60794a5b314271e → pe:tls:SESSION-a60794a5b314271e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-51603301232db2ce:SESSION-51603301232db2ce	SESSION-51603301232db2ce → pe:syn:SESSION-51603301232db2ce
flow_observed5-aryOBS	e:fo:flow:e4903629ff51	flow:e4903629ff51 → host:177.10.234.143 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8e44af15232c6a53:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-8e44af15232c6a53 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-cc55eac4fb6ef554:host:172.234.197.23	SESSION-cc55eac4fb6ef554 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9e20558c2d4e	flow:9e20558c2d4e → host:185.231.226.113 → host:172.234.197.23 → port:tcp:80 → svc:http
flow_observed5-aryOBS	e:fo:flow:6e5fc5369724	flow:6e5fc5369724 → host:131.196.31.86 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9fad2531a6ee4032:SESSION-9fad2531a6ee4032	SESSION-9fad2531a6ee4032 → pe:tls:SESSION-9fad2531a6ee4032
FLOW_TO_HOSTOBS	e:to:SESSION-711f533390ef220f:host:177.10.239.242	SESSION-711f533390ef220f → host:177.10.239.242
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-26f197960c59c7f7:SESSION-26f197960c59c7f7	SESSION-26f197960c59c7f7 → pe:syn:SESSION-26f197960c59c7f7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7845496c0c03c20:host:131.196.29.93:host:172.234.197.23	SESSION-b7845496c0c03c20 → host:131.196.29.93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1375745ca86fe64:host:45.173.156.37	SESSION-a1375745ca86fe64 → host:45.173.156.37
FLOW_DST_PORTOBS	e:fp:flow:eddc440ccdc9:port:tcp:443	flow:eddc440ccdc9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dad6cf67ed488f0b:host:172.234.197.23	SESSION-dad6cf67ed488f0b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6fda720fc6282204:SESSION-6fda720fc6282204	SESSION-6fda720fc6282204 → pe:syn:SESSION-6fda720fc6282204
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7e06a830af01410:PCAP:capture_20260430150001:ded20914761d	SESSION-b7e06a830af01410 → PCAP:capture_20260430150001:ded20914761d
flow_observed4-aryOBS	e:fo:flow:04128c2b4605	flow:04128c2b4605 → host:172.234.197.23 → host:131.196.30.81 → port:tcp:2070
FLOW_FROM_HOSTOBS	e:from:SESSION-8e9497f317705308:host:131.196.31.250	SESSION-8e9497f317705308 → host:131.196.31.250
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3ad1374907e690a1:SESSION-3ad1374907e690a1	SESSION-3ad1374907e690a1 → pe:syn:SESSION-3ad1374907e690a1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-43ba6051cf9120c0:flow:e8e30e710466	SESSION-43ba6051cf9120c0 → flow:e8e30e710466
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3948aeec4a52663:host:172.234.197.23	SESSION-b3948aeec4a52663 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0e323950505f0871:PCAP:capture_20260430080001:93f47cc296a4	SESSION-0e323950505f0871 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6eb1289c3370840:host:131.196.28.129	SESSION-d6eb1289c3370840 → host:131.196.28.129
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a3c1d53f1688156:host:172.234.197.23	SESSION-8a3c1d53f1688156 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-862fcc949d847857:PCAP:capture_20260430080001:93f47cc296a4	SESSION-862fcc949d847857 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6f6577138d25ad9e:PCAP:capture_20260430060001:919b39a74464	SESSION-6f6577138d25ad9e → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f910dce05c4c16f4:SESSION-f910dce05c4c16f4	SESSION-f910dce05c4c16f4 → pe:syn:SESSION-f910dce05c4c16f4
FLOW_DST_PORTOBS	e:fp:flow:36dbb8569720:port:tcp:60022	flow:36dbb8569720 → port:tcp:60022
flow_observed5-aryOBS	e:fo:flow:2b4a1d206e95	flow:2b4a1d206e95 → host:177.10.236.95 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-912f333ca4ce75c1:host:172.234.197.23	SESSION-912f333ca4ce75c1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b9f43ed2bc91ec43:SESSION-b9f43ed2bc91ec43	SESSION-b9f43ed2bc91ec43 → pe:syn:SESSION-b9f43ed2bc91ec43
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ce047c01fb54580f:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-ce047c01fb54580f → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d5390845b17c572:host:177.10.235.69	SESSION-1d5390845b17c572 → host:177.10.235.69
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b8f87145037449c:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-7b8f87145037449c → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ba642a19e1a643ce:host:172.234.197.23:host:177.10.239.70	SESSION-ba642a19e1a643ce → host:172.234.197.23 → host:177.10.239.70
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b3b10ff846570e8:host:45.173.156.144:host:172.234.197.23	SESSION-5b3b10ff846570e8 → host:45.173.156.144 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b6806cb851ed3b70:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b6806cb851ed3b70 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fb971e48f4a1e66e:PCAP:capture_20260430050001:8868731bf8a4	SESSION-fb971e48f4a1e66e → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:29ba545d482d	flow:29ba545d482d → host:54.91.240.230 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-786e34aed7c64f61:flow:902492c89b6a	SESSION-786e34aed7c64f61 → flow:902492c89b6a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c393069a667f4e79:SESSION-c393069a667f4e79	SESSION-c393069a667f4e79 → pe:tls:SESSION-c393069a667f4e79
FLOW_FROM_HOSTOBS	e:from:SESSION-e25d600ec07dd53e:host:172.234.197.23	SESSION-e25d600ec07dd53e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-57e30ec2e308e552:SESSION-57e30ec2e308e552	SESSION-57e30ec2e308e552 → pe:rst:SESSION-57e30ec2e308e552
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-598f28b8a9577970:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-598f28b8a9577970 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ecb25cc7396151e7:flow:3cb81834e696	SESSION-ecb25cc7396151e7 → flow:3cb81834e696
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b35e3cddd5fc2e72:host:131.196.28.80	SESSION-b35e3cddd5fc2e72 → host:131.196.28.80
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.103:asn:262880	host:177.10.232.103 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.1:geo_-16.28860_-49.01640	host:177.10.233.1 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-93d8ace0d48e8910:SESSION-93d8ace0d48e8910	SESSION-93d8ace0d48e8910 → pe:tls:SESSION-93d8ace0d48e8910
FLOW_TO_HOSTOBS	e:to:SESSION-b9574d05ba0801a5:host:172.234.197.23	SESSION-b9574d05ba0801a5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c6e971723a904aea:host:177.10.235.191	SESSION-c6e971723a904aea → host:177.10.235.191
FLOW_TO_HOSTOBS	e:to:SESSION-314a3839bafadb97:host:172.234.197.23	SESSION-314a3839bafadb97 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d93f22ce77fe	flow:d93f22ce77fe → host:177.10.237.55 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d74d897cd43b428:host:172.234.197.23	SESSION-9d74d897cd43b428 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3d1337acddb52863:host:177.10.233.184	SESSION-3d1337acddb52863 → host:177.10.233.184
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3fa29bafd0740f46:SESSION-3fa29bafd0740f46	SESSION-3fa29bafd0740f46 → pe:tls:SESSION-3fa29bafd0740f46
FLOW_DST_PORTOBS	e:fp:flow:9fa608f3842a:port:tcp:29513	flow:9fa608f3842a → port:tcp:29513
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c37bd5454075ced3:flow:f47343671c29	SESSION-c37bd5454075ced3 → flow:f47343671c29
flow_observed5-aryOBS	e:fo:flow:346a1a3a4e3f	flow:346a1a3a4e3f → host:131.196.31.124 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5e7695ca2cac12f:SESSION-b5e7695ca2cac12f	SESSION-b5e7695ca2cac12f → pe:syn:SESSION-b5e7695ca2cac12f
FLOW_FROM_HOSTOBS	e:from:SESSION-9b209515fa806d4a:host:177.10.238.87	SESSION-9b209515fa806d4a → host:177.10.238.87
FLOW_DST_PORTOBS	e:fp:flow:60b25f2806fd:port:tcp:39038	flow:60b25f2806fd → port:tcp:39038
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d18ddb12cf5478af:host:177.10.233.231	SESSION-d18ddb12cf5478af → host:177.10.233.231
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4be71a9ef959f500:host:172.234.197.23	SESSION-4be71a9ef959f500 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9d74d897cd43b428:host:131.196.30.146	SESSION-9d74d897cd43b428 → host:131.196.30.146
FLOW_FROM_HOSTOBS	e:from:SESSION-20066dd45b76b973:host:131.196.28.45	SESSION-20066dd45b76b973 → host:131.196.28.45
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ba1cfcea34ace70:flow:c08b4e45346e	SESSION-2ba1cfcea34ace70 → flow:c08b4e45346e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14a74b0f0f76c3f9:host:172.234.197.23	SESSION-14a74b0f0f76c3f9 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.22:geo_-23.62930_-46.63510	host:131.196.31.22 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf1877ae18abdd85:flow:cc69fbf2913b	SESSION-bf1877ae18abdd85 → flow:cc69fbf2913b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-570ccd324c759306:host:172.234.197.23:host:131.196.30.43	SESSION-570ccd324c759306 → host:172.234.197.23 → host:131.196.30.43
FLOW_DST_PORTOBS	e:fp:flow:8726f97f7e95:port:tcp:15752	flow:8726f97f7e95 → port:tcp:15752
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c402fe398bbf1491:host:172.234.197.23	SESSION-c402fe398bbf1491 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f49d888fd824b97a:SESSION-f49d888fd824b97a	SESSION-f49d888fd824b97a → pe:syn:SESSION-f49d888fd824b97a
HOST_IN_ASNOBS 85%	e:ha:host:172.232.0.17:asn:63949	host:172.232.0.17 → asn:63949
FLOW_TO_HOSTOBS	e:to:SESSION-bce308e5c94583d6:host:172.234.197.23	SESSION-bce308e5c94583d6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d30bf1800064cde2:host:177.10.234.176	SESSION-d30bf1800064cde2 → host:177.10.234.176
FLOW_FROM_HOSTOBS	e:from:SESSION-911659ba7d4041d9:host:177.10.239.24	SESSION-911659ba7d4041d9 → host:177.10.239.24
FLOW_FROM_HOSTOBS	e:from:SESSION-10ed4263d8057f18:host:177.10.239.115	SESSION-10ed4263d8057f18 → host:177.10.239.115
FLOW_DST_PORTOBS	e:fp:flow:d2dfda47f669:port:tcp:443	flow:d2dfda47f669 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4fb4b7758d99e149:host:172.234.197.23:host:177.10.237.237	SESSION-4fb4b7758d99e149 → host:172.234.197.23 → host:177.10.237.237
flow_observed5-aryOBS	e:fo:flow:4c51681b834b	flow:4c51681b834b → host:45.173.156.228 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0709d76f76f731c:host:131.196.31.194:host:172.234.197.23	SESSION-c0709d76f76f731c → host:131.196.31.194 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0feaffd55940508b:host:177.10.237.238	SESSION-0feaffd55940508b → host:177.10.237.238
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a5c85963c9f133e2:SESSION-a5c85963c9f133e2	SESSION-a5c85963c9f133e2 → pe:tls:SESSION-a5c85963c9f133e2
FLOW_TO_HOSTOBS	e:to:SESSION-92cb25b3a2aea70a:host:177.10.237.249	SESSION-92cb25b3a2aea70a → host:177.10.237.249
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bdc14171c537b7eb:host:177.10.232.93	SESSION-bdc14171c537b7eb → host:177.10.232.93
FLOW_TO_HOSTOBS	e:to:SESSION-365dad18baa46a43:host:172.234.197.23	SESSION-365dad18baa46a43 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fdaf54c444b72c0:host:131.196.30.19	SESSION-1fdaf54c444b72c0 → host:131.196.30.19
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2354f30fe4af5f56:PCAP:capture_20260430150001:ded20914761d	SESSION-2354f30fe4af5f56 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f479af38d87d852f:host:172.234.197.23	SESSION-f479af38d87d852f → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:5a6c292407ac	flow:5a6c292407ac → host:172.234.197.23 → host:177.10.234.32 → port:tcp:62633
FLOW_FROM_HOSTOBS	e:from:SESSION-dd1fe9b471d92d57:host:172.234.197.23	SESSION-dd1fe9b471d92d57 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf8660b1b7ea6f50:host:131.196.28.241	SESSION-bf8660b1b7ea6f50 → host:131.196.28.241
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4af5e0493e3bd78c:host:177.10.239.185:host:172.234.197.23	SESSION-4af5e0493e3bd78c → host:177.10.239.185 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-87462f91a35c5198:host:172.234.197.23:host:177.10.238.57	SESSION-87462f91a35c5198 → host:172.234.197.23 → host:177.10.238.57
FLOW_DST_PORTOBS	e:fp:flow:2746e9118ab2:port:tcp:443	flow:2746e9118ab2 → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-a4d237675f94d453:BSG-DATA_EXFIL-99ad72d3a687	SESSION-a4d237675f94d453 → BSG-DATA_EXFIL-99ad72d3a687
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a40236c67828800b:SESSION-a40236c67828800b	SESSION-a40236c67828800b → pe:tls:SESSION-a40236c67828800b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0827c1c94491daec:host:177.10.235.224	SESSION-0827c1c94491daec → host:177.10.235.224
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.226:geo_-16.28860_-49.01640	host:177.10.238.226 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:ff9a6ac9c657:port:tcp:443	flow:ff9a6ac9c657 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-122c3f68e4c2a7ca:host:172.234.197.23	SESSION-122c3f68e4c2a7ca → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:acc28689c530:port:tcp:32333	flow:acc28689c530 → port:tcp:32333
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4992d20c4573840:host:172.234.197.23	SESSION-d4992d20c4573840 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-73ce8b7b43538e4e:flow:35b89e4ab0ec	SESSION-73ce8b7b43538e4e → flow:35b89e4ab0ec
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f2f7ca9f61df30fd:SESSION-f2f7ca9f61df30fd	SESSION-f2f7ca9f61df30fd → pe:tls:SESSION-f2f7ca9f61df30fd
flow_observed5-aryOBS	e:fo:flow:e9d52fc0a395	flow:e9d52fc0a395 → host:131.196.30.125 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2235ad305872b9c2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2235ad305872b9c2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:2fe8baa33d5c	flow:2fe8baa33d5c → host:172.234.197.23 → host:177.10.239.24 → port:tcp:37173
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8e2f8ae5ea03a25:host:172.234.197.23	SESSION-e8e2f8ae5ea03a25 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-63e564f28f734573:host:131.196.28.27	SESSION-63e564f28f734573 → host:131.196.28.27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-78f6342ed3f64031:SESSION-78f6342ed3f64031	SESSION-78f6342ed3f64031 → pe:syn:SESSION-78f6342ed3f64031
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8fbacc1128a5208:flow:1a1d6645a424	SESSION-c8fbacc1128a5208 → flow:1a1d6645a424
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-28765694f1859e38:SESSION-28765694f1859e38	SESSION-28765694f1859e38 → pe:tls:SESSION-28765694f1859e38
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-065e72b14a827150:host:177.10.237.128:host:172.234.197.23	SESSION-065e72b14a827150 → host:177.10.237.128 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9820f222b36503c3:host:172.234.197.23	SESSION-9820f222b36503c3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-179845184e318961:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-179845184e318961 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3b376322eb831975:host:172.234.197.23	SESSION-3b376322eb831975 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e1f72d732543:port:tcp:62184	flow:e1f72d732543 → port:tcp:62184
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.93:asn:271410	host:131.196.29.93 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1410d14cf4ff2548:host:177.10.233.49:host:172.234.197.23	SESSION-1410d14cf4ff2548 → host:177.10.233.49 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0957d40de01926ae:host:177.10.233.145	SESSION-0957d40de01926ae → host:177.10.233.145
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a4b43b46bbfc9c3:SESSION-0a4b43b46bbfc9c3	SESSION-0a4b43b46bbfc9c3 → pe:syn:SESSION-0a4b43b46bbfc9c3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f105059d1ed0a542:host:177.10.237.201	SESSION-f105059d1ed0a542 → host:177.10.237.201
FLOW_FROM_HOSTOBS	e:from:SESSION-da14485ca0be7376:host:199.16.157.182	SESSION-da14485ca0be7376 → host:199.16.157.182
FLOW_TO_HOSTOBS	e:to:SESSION-64807579ab6c52ee:host:172.234.197.23	SESSION-64807579ab6c52ee → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d3e623b4b6ff	flow:d3e623b4b6ff → host:131.196.31.200 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-2aa7e55175462248:host:172.234.197.23	SESSION-2aa7e55175462248 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.28:asn:262880	host:177.10.233.28 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-5a1525d7a099ba42:host:172.234.197.23	SESSION-5a1525d7a099ba42 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-55187c9d4dc6d2e7:PCAP:capture_20260430050001:8868731bf8a4	SESSION-55187c9d4dc6d2e7 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a91fe9a6e775a606:SESSION-a91fe9a6e775a606	SESSION-a91fe9a6e775a606 → pe:tls:SESSION-a91fe9a6e775a606
flow_observed5-aryOBS	e:fo:flow:e72e68d4fcd0	flow:e72e68d4fcd0 → host:177.10.235.83 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e1fcfb1c4254c4b:host:177.10.234.12	SESSION-8e1fcfb1c4254c4b → host:177.10.234.12
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-9eddb8081d100874:BSG-BEACON-f6c2b3d0e42d	SESSION-9eddb8081d100874 → BSG-BEACON-f6c2b3d0e42d
FLOW_TO_HOSTOBS	e:to:SESSION-9c64ea68345b811b:host:177.10.235.234	SESSION-9c64ea68345b811b → host:177.10.235.234
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-712d2d82579af730:SESSION-712d2d82579af730	SESSION-712d2d82579af730 → pe:syn:SESSION-712d2d82579af730
FLOW_FROM_HOSTOBS	e:from:SESSION-a3417e991c57bd21:host:177.10.234.162	SESSION-a3417e991c57bd21 → host:177.10.234.162
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.253:geo_-16.28860_-49.01640	host:177.10.232.253 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5712989ddbf4728b:host:131.196.31.19:host:172.234.197.23	SESSION-5712989ddbf4728b → host:131.196.31.19 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bce308e5c94583d6:host:131.196.31.113	SESSION-bce308e5c94583d6 → host:131.196.31.113
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-28ca4d014ad9a35f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-28ca4d014ad9a35f → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-01d7e8e7f6d6f55b:flow:9bd03e214ac2	SESSION-01d7e8e7f6d6f55b → flow:9bd03e214ac2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d47b6311855994f0:SESSION-d47b6311855994f0	SESSION-d47b6311855994f0 → pe:tls:SESSION-d47b6311855994f0
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.20:asn:262880	host:177.10.238.20 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ef74cd6b285b3c9:host:45.173.156.189	SESSION-5ef74cd6b285b3c9 → host:45.173.156.189
FLOW_DST_PORTOBS	e:fp:flow:5a8fbee41652:port:tcp:443	flow:5a8fbee41652 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa0d5d025ae2ba4d:SESSION-aa0d5d025ae2ba4d	SESSION-aa0d5d025ae2ba4d → pe:tls:SESSION-aa0d5d025ae2ba4d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.134:asn:262880	host:177.10.236.134 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9ca26e5420bb5bf:host:45.173.156.54	SESSION-b9ca26e5420bb5bf → host:45.173.156.54
FLOW_FROM_HOSTOBS	e:from:SESSION-a1628bbd64c13f5a:host:131.196.28.235	SESSION-a1628bbd64c13f5a → host:131.196.28.235
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f4bcb88049ff8a93:host:172.234.197.23	SESSION-f4bcb88049ff8a93 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3483d96fbaf632b7:host:172.234.197.23	SESSION-3483d96fbaf632b7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ad9dd4ac6be1fc2:SESSION-1ad9dd4ac6be1fc2	SESSION-1ad9dd4ac6be1fc2 → pe:tls:SESSION-1ad9dd4ac6be1fc2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ed610f5ec8b698f6:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ed610f5ec8b698f6 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:0f5c3852bf17:port:tcp:10677	flow:0f5c3852bf17 → port:tcp:10677
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e72c530de39a222:host:172.234.197.23	SESSION-5e72c530de39a222 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9fdfee14b0ac469:host:172.234.197.23	SESSION-d9fdfee14b0ac469 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.160:geo_-16.28860_-49.01640	host:177.10.237.160 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9c84656a173f6275:PCAP:capture_20260430090001:065659c7d314	SESSION-9c84656a173f6275 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:80.94.92.182:geo_45.99680_24.99700	host:80.94.92.182 → geo_45.99680_24.99700
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1e6437ba0c2aceec:SESSION-1e6437ba0c2aceec	SESSION-1e6437ba0c2aceec → pe:syn:SESSION-1e6437ba0c2aceec
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-78dc8874b859c826:SESSION-78dc8874b859c826	SESSION-78dc8874b859c826 → pe:syn:SESSION-78dc8874b859c826
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8139f2a89dd46f4b:host:172.234.197.23	SESSION-8139f2a89dd46f4b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a10047b74101a9ce:flow:03e51e79ea00	SESSION-a10047b74101a9ce → flow:03e51e79ea00
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ff4eb64228a8af88:flow:8427af739fb5	SESSION-ff4eb64228a8af88 → flow:8427af739fb5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7aaaf2932de65e0e:flow:b4507c179ac4	SESSION-7aaaf2932de65e0e → flow:b4507c179ac4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.21.249.220:geo_59.32870_18.07170	host:51.21.249.220 → geo_59.32870_18.07170
flow_observed3-aryOBS	e:fo:flow:6fa4b18c4339	flow:6fa4b18c4339 → host:54.200.68.109 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-310a1cee325ffc65:host:172.234.197.23	SESSION-310a1cee325ffc65 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-500747aefaa736d2:host:172.234.197.23	SESSION-500747aefaa736d2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b0cba2347786f28d:PCAP:capture_20260430110001:43611bdf6759	SESSION-b0cba2347786f28d → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.138:asn:271410	host:131.196.30.138 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1699a282bb5af583:host:172.234.197.23	SESSION-1699a282bb5af583 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69029b06bbd64972:host:172.234.197.23	SESSION-69029b06bbd64972 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-17000fdd70ecbf97:host:172.234.197.23	SESSION-17000fdd70ecbf97 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf679119291e5246:host:177.10.238.24	SESSION-bf679119291e5246 → host:177.10.238.24
FLOW_TO_HOSTOBS	e:to:SESSION-a7401284f40d9f52:host:172.234.197.23	SESSION-a7401284f40d9f52 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e25d600ec07dd53e:host:131.196.31.246	SESSION-e25d600ec07dd53e → host:131.196.31.246
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bb178420802ca16:host:177.10.239.67	SESSION-3bb178420802ca16 → host:177.10.239.67
flow_observed5-aryOBS	e:fo:flow:ffa0d604aa19	flow:ffa0d604aa19 → host:177.10.234.248 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:46adb11afed3	flow:46adb11afed3 → host:172.234.197.23 → host:131.196.31.175 → port:tcp:59439
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-933bde1224d44bcc:PCAP:capture_20260430090001:065659c7d314	SESSION-933bde1224d44bcc → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bce97f10a4a571f4:flow:35a4b2c31d5d	SESSION-bce97f10a4a571f4 → flow:35a4b2c31d5d
flow_observed5-aryOBS	e:fo:flow:b01ee652321d	flow:b01ee652321d → host:177.10.236.129 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9ea69d35daebb9b8:PCAP:capture_20260430060001:919b39a74464	SESSION-9ea69d35daebb9b8 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b523e88f9ec69c3:host:172.234.197.23	SESSION-2b523e88f9ec69c3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6d34e0a13e28	flow:6d34e0a13e28 → host:177.10.238.76 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f1de6d316dd7305f:flow:87482c073df4	SESSION-f1de6d316dd7305f → flow:87482c073df4
FLOW_DST_PORTOBS	e:fp:flow:72830d708a5c:port:tcp:80	flow:72830d708a5c → port:tcp:80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-347bad418eab3a6f:host:177.10.236.144:host:172.234.197.23	SESSION-347bad418eab3a6f → host:177.10.236.144 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0e6800c9c0f40710:flow:e2d49c8fbcdf	SESSION-0e6800c9c0f40710 → flow:e2d49c8fbcdf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.31:geo_-21.10010_-41.69200	host:45.173.156.31 → geo_-21.10010_-41.69200
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.107:asn:262880	host:177.10.235.107 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65f49e29fd3c9157:host:177.10.239.108	SESSION-65f49e29fd3c9157 → host:177.10.239.108
FLOW_FROM_HOSTOBS	e:from:SESSION-409db122b916fc83:host:31.40.196.102	SESSION-409db122b916fc83 → host:31.40.196.102
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-cb88b05b3590e26e:BSG-BEACON-3eb51709f414	SESSION-cb88b05b3590e26e → BSG-BEACON-3eb51709f414
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d2ec4538209fcf12:SESSION-d2ec4538209fcf12	SESSION-d2ec4538209fcf12 → pe:tls:SESSION-d2ec4538209fcf12
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-205f350cdfc6cb9d:host:172.234.197.23:host:45.173.156.203	SESSION-205f350cdfc6cb9d → host:172.234.197.23 → host:45.173.156.203
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ca971b9386eb0b9:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2ca971b9386eb0b9 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0948a596b6903965:flow:b66c105ebde7	SESSION-0948a596b6903965 → flow:b66c105ebde7
FLOW_DST_PORTOBS	e:fp:flow:be8b74ea4667:port:tcp:12733	flow:be8b74ea4667 → port:tcp:12733
FLOW_TO_HOSTOBS	e:to:SESSION-557aaca226ee6bf8:host:172.234.197.23	SESSION-557aaca226ee6bf8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-755eaab432e9c6a6:host:177.10.233.54	SESSION-755eaab432e9c6a6 → host:177.10.233.54
FLOW_DST_PORTOBS	e:fp:flow:27b67a899243:port:tcp:443	flow:27b67a899243 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:ea483d23635f:port:tcp:443	flow:ea483d23635f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6455927ff3f8f851:SESSION-6455927ff3f8f851	SESSION-6455927ff3f8f851 → pe:syn:SESSION-6455927ff3f8f851
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-113354c1b6207940:SESSION-113354c1b6207940	SESSION-113354c1b6207940 → pe:syn:SESSION-113354c1b6207940
flow_observed5-aryOBS	e:fo:flow:e17d73ea5b92	flow:e17d73ea5b92 → host:131.196.29.224 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:834de8b9babd:port:tcp:443	flow:834de8b9babd → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-41172116812e3a49:SESSION-41172116812e3a49	SESSION-41172116812e3a49 → pe:syn:SESSION-41172116812e3a49
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2586028491b4edc:host:177.10.233.195	SESSION-b2586028491b4edc → host:177.10.233.195
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1620c835b56464d4:SESSION-1620c835b56464d4	SESSION-1620c835b56464d4 → pe:tls:SESSION-1620c835b56464d4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-065e72b14a827150:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-065e72b14a827150 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3bebc5cb41e4621f:flow:7272a06da853	SESSION-3bebc5cb41e4621f → flow:7272a06da853
FLOW_TO_HOSTOBS	e:to:SESSION-783c4edbafa3c164:host:172.234.197.23	SESSION-783c4edbafa3c164 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6bbf09456dc7:port:tcp:64251	flow:6bbf09456dc7 → port:tcp:64251
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c876d9731eec34af:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c876d9731eec34af → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-512816cd1ae61d60:host:177.10.233.19	SESSION-512816cd1ae61d60 → host:177.10.233.19
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c47a34d160ec21ba:host:177.10.239.177	SESSION-c47a34d160ec21ba → host:177.10.239.177
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-803b2289978a359c:SESSION-803b2289978a359c	SESSION-803b2289978a359c → pe:syn:SESSION-803b2289978a359c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-205f350cdfc6cb9d:SESSION-205f350cdfc6cb9d	SESSION-205f350cdfc6cb9d → pe:tls:SESSION-205f350cdfc6cb9d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-609881b75f195530:host:177.10.235.101:host:172.234.197.23	SESSION-609881b75f195530 → host:177.10.235.101 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-28765694f1859e38:SESSION-28765694f1859e38	SESSION-28765694f1859e38 → pe:syn:SESSION-28765694f1859e38
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2099dbde4b7ef03:host:172.234.197.23	SESSION-c2099dbde4b7ef03 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a4ffce8b6e53dd75:SESSION-a4ffce8b6e53dd75	SESSION-a4ffce8b6e53dd75 → pe:tls:SESSION-a4ffce8b6e53dd75
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a60c132d3a0c7657:PCAP:capture_20260430060001:919b39a74464	SESSION-a60c132d3a0c7657 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-164d60043533ec4c:flow:60d41579784e	SESSION-164d60043533ec4c → flow:60d41579784e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-07a584f2a7f89f38:host:51.91.243.64:host:172.234.197.23	SESSION-07a584f2a7f89f38 → host:51.91.243.64 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5a631db0468c49ef:SESSION-5a631db0468c49ef	SESSION-5a631db0468c49ef → pe:syn:SESSION-5a631db0468c49ef
flow_observed5-aryOBS	e:fo:flow:0d37e7327420	flow:0d37e7327420 → host:177.10.234.87 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0709d76f76f731c:flow:3be21ea09440	SESSION-c0709d76f76f731c → flow:3be21ea09440
flow_observed5-aryOBS	e:fo:flow:27769fa10d70	flow:27769fa10d70 → host:177.10.232.240 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:350d70420336	flow:350d70420336 → host:45.173.156.163 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-680820c56f27d295:host:131.196.31.33	SESSION-680820c56f27d295 → host:131.196.31.33
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa0d5d025ae2ba4d:SESSION-aa0d5d025ae2ba4d	SESSION-aa0d5d025ae2ba4d → pe:syn:SESSION-aa0d5d025ae2ba4d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b12621bc2223af13:host:172.234.197.23	SESSION-b12621bc2223af13 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b2a890fbb89c:port:tcp:40096	flow:b2a890fbb89c → port:tcp:40096
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40c5d05833b5d363:host:177.10.232.191	SESSION-40c5d05833b5d363 → host:177.10.232.191
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e859a84eb4eaf300:host:177.10.235.144	SESSION-e859a84eb4eaf300 → host:177.10.235.144
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-968009a702657adb:host:172.234.197.23	SESSION-968009a702657adb → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-24763432928200fc:host:177.10.238.28:host:172.234.197.23	SESSION-24763432928200fc → host:177.10.238.28 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1228b317d5ce27b4:SESSION-1228b317d5ce27b4	SESSION-1228b317d5ce27b4 → pe:syn:SESSION-1228b317d5ce27b4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fa9d2876c7b3abea:PCAP:capture_20260430110001:43611bdf6759	SESSION-fa9d2876c7b3abea → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:41875790e99e	flow:41875790e99e → host:35.216.234.82 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_DST_PORTOBS	e:fp:flow:e3eed6582d14:port:tcp:443	flow:e3eed6582d14 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.38:asn:273470	host:45.173.156.38 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-42ac4798d48b113f:SESSION-42ac4798d48b113f	SESSION-42ac4798d48b113f → pe:tls:SESSION-42ac4798d48b113f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-112ed66aeea7c1e0:SESSION-112ed66aeea7c1e0	SESSION-112ed66aeea7c1e0 → pe:syn:SESSION-112ed66aeea7c1e0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-80f68e8f687f2dc5:host:131.196.28.242:host:172.234.197.23	SESSION-80f68e8f687f2dc5 → host:131.196.28.242 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-666cc538c7e1a156:BSG-BEACON-f6c2b3d0e42d	SESSION-666cc538c7e1a156 → BSG-BEACON-f6c2b3d0e42d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fd9b76b5230e873:host:172.234.197.23	SESSION-3fd9b76b5230e873 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a2f82c2a85816be:host:172.234.197.23	SESSION-4a2f82c2a85816be → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-08b271f63f4ccc89:host:172.234.197.23	SESSION-08b271f63f4ccc89 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7cb141c8461d1a4d:host:172.234.197.23	SESSION-7cb141c8461d1a4d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-082589f81acb7a8f:host:172.234.197.23	SESSION-082589f81acb7a8f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c876d9731eec34af:SESSION-c876d9731eec34af	SESSION-c876d9731eec34af → pe:tls:SESSION-c876d9731eec34af
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b63214403b2d20c7:host:177.10.239.237:host:172.234.197.23	SESSION-b63214403b2d20c7 → host:177.10.239.237 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2ecbcecdc44a459:host:172.234.197.23	SESSION-e2ecbcecdc44a459 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b325e5efc54d34b8:SESSION-b325e5efc54d34b8	SESSION-b325e5efc54d34b8 → pe:syn:SESSION-b325e5efc54d34b8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e76f09c0f210884:host:131.196.31.137	SESSION-4e76f09c0f210884 → host:131.196.31.137
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8f3823f20b5aa8c6:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-8f3823f20b5aa8c6 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-f10bf652ebbcd899:host:131.196.28.28	SESSION-f10bf652ebbcd899 → host:131.196.28.28
FLOW_TO_HOSTOBS	e:to:SESSION-bc57d45d1a1b2f7b:host:177.10.239.234	SESSION-bc57d45d1a1b2f7b → host:177.10.239.234
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-62d5a334e1fc9bd1:SESSION-62d5a334e1fc9bd1	SESSION-62d5a334e1fc9bd1 → pe:tls:SESSION-62d5a334e1fc9bd1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c67539e40b0db6c0:host:131.196.31.100:host:172.234.197.23	SESSION-c67539e40b0db6c0 → host:131.196.31.100 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f6588417d002f2ed:host:45.173.156.170:host:172.234.197.23	SESSION-f6588417d002f2ed → host:45.173.156.170 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.208:geo_-16.28860_-49.01640	host:177.10.239.208 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:2be39705dda1	flow:2be39705dda1 → host:172.234.197.23 → host:177.10.238.63 → port:tcp:22346
FLOW_FROM_HOSTOBS	e:from:SESSION-44a6b99289a2f8de:host:177.10.239.227	SESSION-44a6b99289a2f8de → host:177.10.239.227
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-118e26ad77e50cb0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-118e26ad77e50cb0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-6aca8ef237a42da9:host:172.234.197.23	SESSION-6aca8ef237a42da9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-527acdf0d3ebbbcc:SESSION-527acdf0d3ebbbcc	SESSION-527acdf0d3ebbbcc → pe:syn:SESSION-527acdf0d3ebbbcc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a20ec48656879fce:SESSION-a20ec48656879fce	SESSION-a20ec48656879fce → pe:syn:SESSION-a20ec48656879fce
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2f32bbf866d49408:host:172.234.197.23:host:131.196.29.15	SESSION-2f32bbf866d49408 → host:172.234.197.23 → host:131.196.29.15
FLOW_DST_PORTOBS	e:fp:flow:47640395d048:port:tcp:27787	flow:47640395d048 → port:tcp:27787
flow_observed5-aryOBS	e:fo:flow:a12b549bc0a2	flow:a12b549bc0a2 → host:177.10.235.68 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:6f3bfee5bc2d:port:tcp:5273	flow:6f3bfee5bc2d → port:tcp:5273
flow_observed5-aryOBS	e:fo:flow:1ac7571021c2	flow:1ac7571021c2 → host:177.10.238.152 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-75d8d9da58d6d51c:host:177.10.238.64:host:172.234.197.23	SESSION-75d8d9da58d6d51c → host:177.10.238.64 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b117f2a3fa82af67:SESSION-b117f2a3fa82af67	SESSION-b117f2a3fa82af67 → pe:syn:SESSION-b117f2a3fa82af67
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.31:asn:271410	host:131.196.30.31 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f53fdd8a51294c3d:host:45.173.156.71:host:172.234.197.23	SESSION-f53fdd8a51294c3d → host:45.173.156.71 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e66594520e7edee5:host:172.234.197.23	SESSION-e66594520e7edee5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-206c176870c7b9f2:host:177.10.235.112:host:172.234.197.23	SESSION-206c176870c7b9f2 → host:177.10.235.112 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ff90c657a3c2e88:host:177.10.238.86	SESSION-5ff90c657a3c2e88 → host:177.10.238.86
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.73:geo_-16.28860_-49.01640	host:177.10.236.73 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.61:geo_-16.28860_-49.01640	host:177.10.234.61 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.254:asn:273470	host:45.173.156.254 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b58dfbdc72ba0e86:flow:441c2d4dbbd9	SESSION-b58dfbdc72ba0e86 → flow:441c2d4dbbd9
flow_observed5-aryOBS	e:fo:flow:39468f538c38	flow:39468f538c38 → host:131.196.30.158 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69461a2f3e15a448:host:185.231.226.242	SESSION-69461a2f3e15a448 → host:185.231.226.242
FLOW_TO_HOSTOBS	e:to:SESSION-d9fdfee14b0ac469:host:177.10.232.226	SESSION-d9fdfee14b0ac469 → host:177.10.232.226
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0804c956ce93675c:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0804c956ce93675c → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:da656094cd00	flow:da656094cd00 → host:177.10.239.241 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:30a4fb2d35f0	flow:30a4fb2d35f0 → host:177.10.236.24 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-e73771addca62c13:host:177.10.235.255	SESSION-e73771addca62c13 → host:177.10.235.255
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1627b9df9d2fc920:host:172.234.197.23	SESSION-1627b9df9d2fc920 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-212f7b3a9bb90264:SESSION-212f7b3a9bb90264	SESSION-212f7b3a9bb90264 → pe:tls:SESSION-212f7b3a9bb90264
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95b6b17f9a1b89d0:host:172.234.197.23	SESSION-95b6b17f9a1b89d0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f70b0605ff5c8685:SESSION-f70b0605ff5c8685	SESSION-f70b0605ff5c8685 → pe:tls:SESSION-f70b0605ff5c8685
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-799494d5bb605f27:SESSION-799494d5bb605f27	SESSION-799494d5bb605f27 → pe:syn:SESSION-799494d5bb605f27
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8cc58a61b872e266:host:172.234.197.23:host:177.10.237.132	SESSION-8cc58a61b872e266 → host:172.234.197.23 → host:177.10.237.132
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c977b8f3627ab3c3:host:131.196.28.115	SESSION-c977b8f3627ab3c3 → host:131.196.28.115
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-200a4f7a7e5b3996:host:177.10.238.228	SESSION-200a4f7a7e5b3996 → host:177.10.238.228
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fa49f714001a7a70:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-fa49f714001a7a70 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2bdd821ab6e9acc:host:172.234.197.23	SESSION-c2bdd821ab6e9acc → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fc065ce7b22b:port:tcp:443	flow:fc065ce7b22b → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:9a7a7058ae53:port:tcp:48409	flow:9a7a7058ae53 → port:tcp:48409
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-455353f546d0ad3e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-455353f546d0ad3e → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d862dda647c7051:host:172.234.197.23	SESSION-1d862dda647c7051 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-79574872517ba47f:SESSION-79574872517ba47f	SESSION-79574872517ba47f → pe:tls:SESSION-79574872517ba47f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc55eac4fb6ef554:SESSION-cc55eac4fb6ef554	SESSION-cc55eac4fb6ef554 → pe:tls:SESSION-cc55eac4fb6ef554
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.68:asn:262880	host:177.10.235.68 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-065b3042ded53057:PCAP:capture_20260430080001:93f47cc296a4	SESSION-065b3042ded53057 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c0e19c2beda7d84:host:177.10.239.226	SESSION-1c0e19c2beda7d84 → host:177.10.239.226
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77da6a9292c08caa:host:177.10.232.20	SESSION-77da6a9292c08caa → host:177.10.232.20
flow_observed5-aryOBS	e:fo:flow:46ce982f7e4b	flow:46ce982f7e4b → host:199.16.157.182 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f55570dc615df23a:host:172.234.197.23	SESSION-f55570dc615df23a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f0be9ff1ae53d349:host:172.234.197.23	SESSION-f0be9ff1ae53d349 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3e3c230e0a15:port:tcp:14900	flow:3e3c230e0a15 → port:tcp:14900
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.115:asn:262880	host:177.10.233.115 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4341cac0cb5b3aa:host:2.57.122.194	SESSION-b4341cac0cb5b3aa → host:2.57.122.194
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c1a633dafddc79f1:SESSION-c1a633dafddc79f1	SESSION-c1a633dafddc79f1 → pe:tls:SESSION-c1a633dafddc79f1
FLOW_DST_PORTOBS	e:fp:flow:532dba0a48d5:port:tcp:443	flow:532dba0a48d5 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a8968fd2a11ede8:host:177.10.233.17	SESSION-1a8968fd2a11ede8 → host:177.10.233.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-621f42bc5edaa56f:host:131.196.30.37	SESSION-621f42bc5edaa56f → host:131.196.30.37
FLOW_DST_PORTOBS	e:fp:flow:de5310002690:port:tcp:443	flow:de5310002690 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a07ffa981e156af1:SESSION-a07ffa981e156af1	SESSION-a07ffa981e156af1 → pe:tls:SESSION-a07ffa981e156af1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ad62b54803b59875:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-ad62b54803b59875 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eadecea9d5615d15:host:37.221.79.120	SESSION-eadecea9d5615d15 → host:37.221.79.120
FLOW_DST_PORTOBS	e:fp:flow:0c00fe59a661:port:tcp:443	flow:0c00fe59a661 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.112:geo_-16.28860_-49.01640	host:177.10.239.112 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-2a2cae37d21287a7:host:172.234.197.23	SESSION-2a2cae37d21287a7 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.95:asn:271410	host:131.196.29.95 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d4e339b9f879a911:SESSION-d4e339b9f879a911	SESSION-d4e339b9f879a911 → pe:tls:SESSION-d4e339b9f879a911
flow_observed5-aryOBS	e:fo:flow:46e7d0792cb3	flow:46e7d0792cb3 → host:177.10.234.156 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3bedd6d77774b5e6:SESSION-3bedd6d77774b5e6	SESSION-3bedd6d77774b5e6 → pe:tls:SESSION-3bedd6d77774b5e6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3a3b20edc3bf85f8:PCAP:capture_20260430060001:919b39a74464	SESSION-3a3b20edc3bf85f8 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-65f49e29fd3c9157:host:177.10.239.108	SESSION-65f49e29fd3c9157 → host:177.10.239.108
FLOW_DST_PORTOBS	e:fp:flow:b57952665021:port:tcp:443	flow:b57952665021 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:940a647764f1	flow:940a647764f1 → host:172.234.197.23 → host:131.196.30.22 → port:tcp:28335
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f3913d4a535b9029:host:172.234.197.23:host:131.196.28.116	SESSION-f3913d4a535b9029 → host:172.234.197.23 → host:131.196.28.116
flow_observed5-aryOBS	e:fo:flow:967fffb4bafe	flow:967fffb4bafe → host:131.196.29.70 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1c0e460ce34915ff:SESSION-1c0e460ce34915ff	SESSION-1c0e460ce34915ff → pe:tls:SESSION-1c0e460ce34915ff
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d3e80fb3431ec3f4:SESSION-d3e80fb3431ec3f4	SESSION-d3e80fb3431ec3f4 → pe:syn:SESSION-d3e80fb3431ec3f4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1995c5dc0203e07b:host:177.10.237.169	SESSION-1995c5dc0203e07b → host:177.10.237.169
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-49b6ef2582cca14b:SESSION-49b6ef2582cca14b	SESSION-49b6ef2582cca14b → pe:tls:SESSION-49b6ef2582cca14b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5fdfd79cbce8be94:host:177.10.238.236:host:172.234.197.23	SESSION-5fdfd79cbce8be94 → host:177.10.238.236 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.10:geo_-23.62930_-46.63510	host:131.196.28.10 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:3e18bd3fd270	flow:3e18bd3fd270 → host:177.10.233.211 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd38adf08b5d5a9e:host:172.234.197.23	SESSION-cd38adf08b5d5a9e → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.45:asn:262880	host:177.10.232.45 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa4dbd42e40690e9:host:177.10.238.70	SESSION-aa4dbd42e40690e9 → host:177.10.238.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b236f75d1c6493bc:SESSION-b236f75d1c6493bc	SESSION-b236f75d1c6493bc → pe:tls:SESSION-b236f75d1c6493bc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0125cea84e0c02fd:SESSION-0125cea84e0c02fd	SESSION-0125cea84e0c02fd → pe:syn:SESSION-0125cea84e0c02fd
flow_observed4-aryOBS	e:fo:flow:679a0b8a18c3	flow:679a0b8a18c3 → host:172.234.197.23 → host:177.10.238.239 → port:tcp:14059
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4ef734d9bbeb2d12:flow:a5bfd56e390d	SESSION-4ef734d9bbeb2d12 → flow:a5bfd56e390d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a07ffa981e156af1:host:131.196.30.72	SESSION-a07ffa981e156af1 → host:131.196.30.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65d181126b4cfd8f:SESSION-65d181126b4cfd8f	SESSION-65d181126b4cfd8f → pe:syn:SESSION-65d181126b4cfd8f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0fe99f41b36441fa:host:172.234.197.23	SESSION-0fe99f41b36441fa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c84f2bc6bdec600e:host:172.234.197.23	SESSION-c84f2bc6bdec600e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fec8e81be891b7cc:host:172.234.197.23:host:177.10.239.151	SESSION-fec8e81be891b7cc → host:172.234.197.23 → host:177.10.239.151
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d47b3cf0d6133fea:PCAP:capture_20260430110001:43611bdf6759	SESSION-d47b3cf0d6133fea → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:78cc4865bf4c:port:tcp:443	flow:78cc4865bf4c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dfde0f74dbe81c3a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-dfde0f74dbe81c3a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a4506f2fb402b7f:host:172.234.197.23	SESSION-0a4506f2fb402b7f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-835226e6e5119935:host:172.234.197.23:host:45.173.156.60	SESSION-835226e6e5119935 → host:172.234.197.23 → host:45.173.156.60
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ed473d20582b9e99:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ed473d20582b9e99 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eadf7b6ccdd54c7f:PCAP:capture_20260430050001:8868731bf8a4	SESSION-eadf7b6ccdd54c7f → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3baedacad496627d:SESSION-3baedacad496627d	SESSION-3baedacad496627d → pe:syn:SESSION-3baedacad496627d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b203844c0afbb25:PCAP:capture_20260430060001:919b39a74464	SESSION-5b203844c0afbb25 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dc65fb323eff44ce:host:172.234.197.23	SESSION-dc65fb323eff44ce → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e7af3e500f20cf8:host:177.10.237.217	SESSION-4e7af3e500f20cf8 → host:177.10.237.217
FLOW_TO_HOSTOBS	e:to:SESSION-f951b8fc6e0dd11c:host:172.234.197.23	SESSION-f951b8fc6e0dd11c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8b11ab71f223:port:tcp:443	flow:8b11ab71f223 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ffe6ab3345b8c10e:SESSION-ffe6ab3345b8c10e	SESSION-ffe6ab3345b8c10e → pe:syn:SESSION-ffe6ab3345b8c10e
FLOW_FROM_HOSTOBS	e:from:SESSION-2a2cae37d21287a7:host:177.10.239.213	SESSION-2a2cae37d21287a7 → host:177.10.239.213
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-328591b09b0655cf:host:177.10.233.76:host:172.234.197.23	SESSION-328591b09b0655cf → host:177.10.233.76 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.245:geo_41.00190_28.96450	host:95.170.25.245 → geo_41.00190_28.96450
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-13f8871a9bd8cb8e:host:131.196.29.15	SESSION-13f8871a9bd8cb8e → host:131.196.29.15
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ddf07020985eed3:host:177.10.237.151	SESSION-2ddf07020985eed3 → host:177.10.237.151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c178d8ef65578b24:SESSION-c178d8ef65578b24	SESSION-c178d8ef65578b24 → pe:tls:SESSION-c178d8ef65578b24
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-111e536a3f33c549:host:172.234.197.23	SESSION-111e536a3f33c549 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f93cb0de4645e47:host:172.234.197.23	SESSION-2f93cb0de4645e47 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b338c508fb604797:flow:26f7cfa49443	SESSION-b338c508fb604797 → flow:26f7cfa49443
flow_observed5-aryOBS	e:fo:flow:f5ed40a9f1fb	flow:f5ed40a9f1fb → host:131.196.30.69 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:f6c58082ad03	flow:f6c58082ad03 → host:131.196.28.240 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-ac2cef9f7dcbf562:host:172.234.197.23	SESSION-ac2cef9f7dcbf562 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ffcf84507219fc2:flow:d496ebf6562f	SESSION-1ffcf84507219fc2 → flow:d496ebf6562f
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.219:asn:271410	host:131.196.30.219 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd9f2ee14ec6ee20:host:131.196.30.135	SESSION-dd9f2ee14ec6ee20 → host:131.196.30.135
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb9e9108ca8bff14:SESSION-cb9e9108ca8bff14	SESSION-cb9e9108ca8bff14 → pe:syn:SESSION-cb9e9108ca8bff14
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b1f042103d1727f:SESSION-5b1f042103d1727f	SESSION-5b1f042103d1727f → pe:syn:SESSION-5b1f042103d1727f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5e9dc14d87b5185c:host:177.10.237.98:host:172.234.197.23	SESSION-5e9dc14d87b5185c → host:177.10.237.98 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-39452ac6bcbae8d3:host:131.196.31.80:host:172.234.197.23	SESSION-39452ac6bcbae8d3 → host:131.196.31.80 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e94650369669	flow:e94650369669 → host:177.10.233.145 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5405d05650907428:host:172.234.197.23	SESSION-5405d05650907428 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2f35e45e57d830f4:host:172.234.197.23	SESSION-2f35e45e57d830f4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e883c2ce63ee6e05:host:172.234.197.23	SESSION-e883c2ce63ee6e05 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:740f8ab03c92:port:tcp:443	flow:740f8ab03c92 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-ee7b628709e11cd4:host:177.10.234.186	SESSION-ee7b628709e11cd4 → host:177.10.234.186
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-07675572faa18905:host:45.173.156.100:host:172.234.197.23	SESSION-07675572faa18905 → host:45.173.156.100 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b97c402bad8c:port:tcp:443	flow:b97c402bad8c → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:4e885934f3d9	flow:4e885934f3d9 → host:45.173.156.227 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-7b223dcd1f64dfb9:host:172.234.197.23	SESSION-7b223dcd1f64dfb9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4741bb1b7e9e5b0:host:172.234.197.23	SESSION-d4741bb1b7e9e5b0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c69fd5cbb3980413:host:177.10.236.219:host:172.234.197.23	SESSION-c69fd5cbb3980413 → host:177.10.236.219 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1844a866ec523fcf:SESSION-1844a866ec523fcf	SESSION-1844a866ec523fcf → pe:tls:SESSION-1844a866ec523fcf
flow_observed5-aryOBS	e:fo:flow:8037dcc8826c	flow:8037dcc8826c → host:177.10.238.126 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-910213045742f7e4:host:51.225.22.198	SESSION-910213045742f7e4 → host:51.225.22.198
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.29:geo_-16.28860_-49.01640	host:177.10.237.29 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88c7e3106e33eb03:host:172.234.197.23	SESSION-88c7e3106e33eb03 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bee309b4d5047c7d:host:172.234.197.23	SESSION-bee309b4d5047c7d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.177:asn:271410	host:131.196.31.177 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-76d607ccf9e84136:SESSION-76d607ccf9e84136	SESSION-76d607ccf9e84136 → pe:syn:SESSION-76d607ccf9e84136
FLOW_FROM_HOSTOBS	e:from:SESSION-f0fe0e8460d1c75f:host:172.234.197.23	SESSION-f0fe0e8460d1c75f → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-841299f020c7f00d:BSG-BEACON-29500c131ebb	SESSION-841299f020c7f00d → BSG-BEACON-29500c131ebb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-02163c9e3a8cc49d:host:131.196.28.149:host:172.234.197.23	SESSION-02163c9e3a8cc49d → host:131.196.28.149 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a151816abb36:port:tcp:443	flow:a151816abb36 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-39aafc698c61dd93:SESSION-39aafc698c61dd93	SESSION-39aafc698c61dd93 → pe:syn:SESSION-39aafc698c61dd93
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3524905b33baacd0:host:177.10.232.229	SESSION-3524905b33baacd0 → host:177.10.232.229
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.220:geo_-16.28860_-49.01640	host:177.10.238.220 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-ffe6ab3345b8c10e:host:172.234.197.23	SESSION-ffe6ab3345b8c10e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e791e8d702f57f3e:host:172.234.197.23	SESSION-e791e8d702f57f3e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:464ec57300aa:port:tcp:443	flow:464ec57300aa → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-829966970db58135:host:177.10.236.32:host:172.234.197.23	SESSION-829966970db58135 → host:177.10.236.32 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-85f6b1896204af93:host:172.234.197.23	SESSION-85f6b1896204af93 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6054bbc1a24cbf34:SESSION-6054bbc1a24cbf34	SESSION-6054bbc1a24cbf34 → pe:syn:SESSION-6054bbc1a24cbf34
FLOW_FROM_HOSTOBS	e:from:SESSION-ffc31ee499a3f223:host:177.10.232.62	SESSION-ffc31ee499a3f223 → host:177.10.232.62
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cac7b08c7fb71f18:SESSION-cac7b08c7fb71f18	SESSION-cac7b08c7fb71f18 → pe:tls:SESSION-cac7b08c7fb71f18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0c0cdf691d2bdc12:SESSION-0c0cdf691d2bdc12	SESSION-0c0cdf691d2bdc12 → pe:tls:SESSION-0c0cdf691d2bdc12
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7d9ab0e2fb8bff1f:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-7d9ab0e2fb8bff1f → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.164:asn:203771	host:45.145.152.164 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5972a3b732445423:SESSION-5972a3b732445423	SESSION-5972a3b732445423 → pe:syn:SESSION-5972a3b732445423
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0684dbb2a7f8dcaf:host:177.10.236.182	SESSION-0684dbb2a7f8dcaf → host:177.10.236.182
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.240:geo_-21.10010_-41.69200	host:45.173.156.240 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-37c1a586e90e7a3b:host:172.234.197.23	SESSION-37c1a586e90e7a3b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3db1c42fb505a2f9:host:177.10.234.184	SESSION-3db1c42fb505a2f9 → host:177.10.234.184
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2490746063a947f9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2490746063a947f9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:d0a6a80748b6	flow:d0a6a80748b6 → host:131.196.31.79 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db5e0e0456a4bec1:flow:29e983a46063	SESSION-db5e0e0456a4bec1 → flow:29e983a46063
FLOW_FROM_HOSTOBS	e:from:SESSION-e41fa1676c790d65:host:177.10.235.255	SESSION-e41fa1676c790d65 → host:177.10.235.255
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d13284d1e9c6a901:flow:db8ab9c841e9	SESSION-d13284d1e9c6a901 → flow:db8ab9c841e9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-924a4e21bceaf0d1:host:172.234.197.23	SESSION-924a4e21bceaf0d1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f392894730d574f3:PCAP:capture_20260430150001:ded20914761d	SESSION-f392894730d574f3 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6d5e711c3b45ec85:PCAP:capture_20260430150001:ded20914761d	SESSION-6d5e711c3b45ec85 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d32ea7105612ce28:PCAP:capture_20260430150001:ded20914761d	SESSION-d32ea7105612ce28 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c9278fb58fb6165:host:51.224.78.219	SESSION-4c9278fb58fb6165 → host:51.224.78.219
FLOW_FROM_HOSTOBS	e:from:SESSION-ced8040d8221dfbc:host:177.10.232.55	SESSION-ced8040d8221dfbc → host:177.10.232.55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2f96a240aba6afcc:SESSION-2f96a240aba6afcc	SESSION-2f96a240aba6afcc → pe:syn:SESSION-2f96a240aba6afcc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-88c19910e1cb1242:host:172.234.197.23:host:45.173.156.13	SESSION-88c19910e1cb1242 → host:172.234.197.23 → host:45.173.156.13
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8cb528496ded9d11:host:177.10.238.94:host:172.234.197.23	SESSION-8cb528496ded9d11 → host:177.10.238.94 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-42b603b0c5709a24:SESSION-42b603b0c5709a24	SESSION-42b603b0c5709a24 → pe:tls:SESSION-42b603b0c5709a24
FLOW_TO_HOSTOBS	e:to:SESSION-0a586e6b93cbc00d:host:172.234.197.23	SESSION-0a586e6b93cbc00d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-49828b0c1667648d:host:172.234.197.23	SESSION-49828b0c1667648d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ccde81b4fef5a18e:host:172.234.197.23:host:45.173.156.97	SESSION-ccde81b4fef5a18e → host:172.234.197.23 → host:45.173.156.97
FLOW_TO_HOSTOBS	e:to:SESSION-5c9754d7075a4d12:host:131.196.30.36	SESSION-5c9754d7075a4d12 → host:131.196.30.36
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de115ad7179345b0:host:172.234.197.23	SESSION-de115ad7179345b0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-db858a9d0e579c0c:host:177.10.239.94	SESSION-db858a9d0e579c0c → host:177.10.239.94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4bc49d07a666c670:SESSION-4bc49d07a666c670	SESSION-4bc49d07a666c670 → pe:tls:SESSION-4bc49d07a666c670
FLOW_DST_PORTOBS	e:fp:flow:88ed0ede4fa9:port:tcp:443	flow:88ed0ede4fa9 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5634ee3b30a0b6aa:SESSION-5634ee3b30a0b6aa	SESSION-5634ee3b30a0b6aa → pe:syn:SESSION-5634ee3b30a0b6aa
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6315d280130065c8:flow:2d55873e56af	SESSION-6315d280130065c8 → flow:2d55873e56af
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c54bf7ef52fb715c:host:172.234.197.23	SESSION-c54bf7ef52fb715c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d6c92d9b97cea9da:host:131.196.28.160	SESSION-d6c92d9b97cea9da → host:131.196.28.160
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d0bad8110700772:host:131.196.28.243	SESSION-1d0bad8110700772 → host:131.196.28.243
FLOW_DST_PORTOBS	e:fp:flow:662f3d11402c:port:tcp:443	flow:662f3d11402c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9ab980d26fa84a5e:SESSION-9ab980d26fa84a5e	SESSION-9ab980d26fa84a5e → pe:tls:SESSION-9ab980d26fa84a5e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eba362425495480d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-eba362425495480d → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ed5696d63c7b154:host:131.196.30.196	SESSION-9ed5696d63c7b154 → host:131.196.30.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8dbd1afb05a3a814:host:45.173.156.228	SESSION-8dbd1afb05a3a814 → host:45.173.156.228
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6492f21e062d19aa:SESSION-6492f21e062d19aa	SESSION-6492f21e062d19aa → pe:tls:SESSION-6492f21e062d19aa
flow_observed4-aryOBS	e:fo:flow:97158fea544e	flow:97158fea544e → host:194.164.107.6 → host:172.234.197.23 → port:tcp:10022
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d5aeffc2a4b56ba0:flow:02e2964d437d	SESSION-d5aeffc2a4b56ba0 → flow:02e2964d437d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c3f426eb3b5d19b7:flow:3bc307f96255	SESSION-c3f426eb3b5d19b7 → flow:3bc307f96255
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c6e69b3f05bcd99:host:172.234.197.23	SESSION-7c6e69b3f05bcd99 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-588e177edbf40597:host:131.196.28.40	SESSION-588e177edbf40597 → host:131.196.28.40
FLOW_FROM_HOSTOBS	e:from:SESSION-5d1f774a6af2df76:host:177.10.237.159	SESSION-5d1f774a6af2df76 → host:177.10.237.159
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-948ad6eee5512e98:SESSION-948ad6eee5512e98	SESSION-948ad6eee5512e98 → pe:syn:SESSION-948ad6eee5512e98
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8be5aa373d930e54:host:177.10.232.42	SESSION-8be5aa373d930e54 → host:177.10.232.42
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.63:asn:262880	host:177.10.234.63 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5d4cb0f7560af550:flow:342062e36bfc	SESSION-5d4cb0f7560af550 → flow:342062e36bfc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75d6129ea0f7ecdc:host:172.234.197.23	SESSION-75d6129ea0f7ecdc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf12b1de67086909:host:172.234.197.23	SESSION-bf12b1de67086909 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ecc0c586896302d2:SESSION-ecc0c586896302d2	SESSION-ecc0c586896302d2 → pe:syn:SESSION-ecc0c586896302d2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a05a386609def1c:host:177.10.236.110:host:172.234.197.23	SESSION-0a05a386609def1c → host:177.10.236.110 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3a286fa1508a759d:host:177.10.232.59	SESSION-3a286fa1508a759d → host:177.10.232.59
FLOW_TO_HOSTOBS	e:to:SESSION-85683c3aa8c095db:host:172.234.197.23	SESSION-85683c3aa8c095db → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f3567442ac940551:PCAP:capture_20260430090001:065659c7d314	SESSION-f3567442ac940551 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1870bc27b62a60a2:SESSION-1870bc27b62a60a2	SESSION-1870bc27b62a60a2 → pe:syn:SESSION-1870bc27b62a60a2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6635e725f15c4a26:flow:27aad51b6c83	SESSION-6635e725f15c4a26 → flow:27aad51b6c83
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cdf732629d327c4c:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-cdf732629d327c4c → PCAP:capture_20260428000001:7e90c7cb899e
FLOW_DST_PORTOBS	e:fp:flow:03d650cc5418:port:tcp:61025	flow:03d650cc5418 → port:tcp:61025
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-367825c4b1c7c6d4:SESSION-367825c4b1c7c6d4	SESSION-367825c4b1c7c6d4 → pe:tls:SESSION-367825c4b1c7c6d4
FLOW_TO_HOSTOBS	e:to:SESSION-87edcc7df5436fbe:host:172.234.197.23	SESSION-87edcc7df5436fbe → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:9d1deff47539	flow:9d1deff47539 → host:172.234.197.23 → host:131.196.29.4 → port:tcp:40281
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e2f2dfbe9df7c080:flow:09e0a7549032	SESSION-e2f2dfbe9df7c080 → flow:09e0a7549032
flow_observed5-aryOBS	e:fo:flow:a53e75876912	flow:a53e75876912 → host:177.10.232.195 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dd7be5606f48437f:SESSION-dd7be5606f48437f	SESSION-dd7be5606f48437f → pe:tls:SESSION-dd7be5606f48437f
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.55:asn:262880	host:177.10.238.55 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7926734d1890078a:PCAP:capture_20260430080001:93f47cc296a4	SESSION-7926734d1890078a → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-5a7a08ae566a4a8b:host:177.10.232.208	SESSION-5a7a08ae566a4a8b → host:177.10.232.208
FLOW_TO_HOSTOBS	e:to:SESSION-328b0864666a263b:host:172.234.197.23	SESSION-328b0864666a263b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9aaa3d552dfa:port:tcp:443	flow:9aaa3d552dfa → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-288c2773d91d95c9:flow:e7c69120e909	SESSION-288c2773d91d95c9 → flow:e7c69120e909
flow_observed4-aryOBS	e:fo:flow:473adaf7427d	flow:473adaf7427d → host:172.234.197.23 → host:45.173.156.158 → port:tcp:25000
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b4f4901fb8368e3:flow:6629ca831440	SESSION-7b4f4901fb8368e3 → flow:6629ca831440
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ae37191400d64fc:SESSION-2ae37191400d64fc	SESSION-2ae37191400d64fc → pe:tls:SESSION-2ae37191400d64fc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-100c3fd7436ef8f8:host:172.234.197.23	SESSION-100c3fd7436ef8f8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-096419478460628e:SESSION-096419478460628e	SESSION-096419478460628e → pe:dns:SESSION-096419478460628e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-905e7318b3a63042:host:177.10.236.7	SESSION-905e7318b3a63042 → host:177.10.236.7
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.79:asn:262880	host:177.10.238.79 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-84d5ccfdbe119076:SESSION-84d5ccfdbe119076	SESSION-84d5ccfdbe119076 → pe:tls:SESSION-84d5ccfdbe119076
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-38d81f2383b0ad0b:SESSION-38d81f2383b0ad0b	SESSION-38d81f2383b0ad0b → pe:tls:SESSION-38d81f2383b0ad0b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-753bfef963e546aa:PCAP:capture_20260430060001:919b39a74464	SESSION-753bfef963e546aa → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d0cd9b8959e0e89e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-d0cd9b8959e0e89e → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d28501729ed200f7:SESSION-d28501729ed200f7	SESSION-d28501729ed200f7 → pe:tls:SESSION-d28501729ed200f7
flow_observed4-aryOBS	e:fo:flow:4e18f65ce9ef	flow:4e18f65ce9ef → host:172.234.197.23 → host:177.10.233.222 → port:tcp:10447
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b81fa97d99ce77b6:host:131.196.29.199:host:172.234.197.23	SESSION-b81fa97d99ce77b6 → host:131.196.29.199 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1db2a351c3cf	flow:1db2a351c3cf → host:45.173.156.219 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d47d434116add089:host:172.234.197.23:host:131.196.31.105	SESSION-d47d434116add089 → host:172.234.197.23 → host:131.196.31.105
FLOW_DST_PORTOBS	e:fp:flow:8a1936a43e9f:port:tcp:33508	flow:8a1936a43e9f → port:tcp:33508
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.92:asn:262880	host:177.10.236.92 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.192:geo_-21.10010_-41.69200	host:45.173.156.192 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:205fc6d7337e:port:tcp:443	flow:205fc6d7337e → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-74adb0edbcc9dd0a:host:131.196.29.146:host:172.234.197.23	SESSION-74adb0edbcc9dd0a → host:131.196.29.146 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c31bc4788e97db71:host:172.234.197.23	SESSION-c31bc4788e97db71 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5712989ddbf4728b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-5712989ddbf4728b → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8d5fc6f7b2bd264:SESSION-c8d5fc6f7b2bd264	SESSION-c8d5fc6f7b2bd264 → pe:tls:SESSION-c8d5fc6f7b2bd264
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a38bfeac3fad0550:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-a38bfeac3fad0550 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-393d4d02c091bd7e:flow:32d0af406053	SESSION-393d4d02c091bd7e → flow:32d0af406053
FLOW_TO_HOSTOBS	e:to:SESSION-8958b8d9cf24f177:host:172.234.197.23	SESSION-8958b8d9cf24f177 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5adf4423481534a6:host:45.173.156.93	SESSION-5adf4423481534a6 → host:45.173.156.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b07a5e743a2061fa:SESSION-b07a5e743a2061fa	SESSION-b07a5e743a2061fa → pe:tls:SESSION-b07a5e743a2061fa
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e9b874351d52a188:host:131.196.31.167:host:172.234.197.23	SESSION-e9b874351d52a188 → host:131.196.31.167 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4203cad708a9d562:SESSION-4203cad708a9d562	SESSION-4203cad708a9d562 → pe:syn:SESSION-4203cad708a9d562
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f78775658cb84616:PCAP:capture_20260430050001:8868731bf8a4	SESSION-f78775658cb84616 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d0bad8110700772:flow:19232473d33a	SESSION-1d0bad8110700772 → flow:19232473d33a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-90798b7c1b8c7636:SESSION-90798b7c1b8c7636	SESSION-90798b7c1b8c7636 → pe:syn:SESSION-90798b7c1b8c7636
FLOW_FROM_HOSTOBS	e:from:SESSION-dddaf831f2a46242:host:172.234.197.23	SESSION-dddaf831f2a46242 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b73c5a859c05f554:host:172.234.197.23:host:177.10.232.255	SESSION-b73c5a859c05f554 → host:172.234.197.23 → host:177.10.232.255
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d8432ee5dd236020:SESSION-d8432ee5dd236020	SESSION-d8432ee5dd236020 → pe:syn:SESSION-d8432ee5dd236020
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1227c455b771a86:host:172.234.197.23	SESSION-d1227c455b771a86 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ab42e00b724a7daa:SESSION-ab42e00b724a7daa	SESSION-ab42e00b724a7daa → pe:tls:SESSION-ab42e00b724a7daa
FLOW_FROM_HOSTOBS	e:from:SESSION-0c6698f170085be7:host:172.234.197.23	SESSION-0c6698f170085be7 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:483269fa81d1	flow:483269fa81d1 → host:172.234.197.23 → host:177.10.239.239 → port:tcp:25448
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.72:asn:271410	host:131.196.30.72 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8de302c0e306721c:host:177.10.239.102	SESSION-8de302c0e306721c → host:177.10.239.102
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b338c508fb604797:host:131.196.30.73	SESSION-b338c508fb604797 → host:131.196.30.73
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d673ded8fa5efc5:host:172.234.197.23	SESSION-4d673ded8fa5efc5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8224ed8c82963e52:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8224ed8c82963e52 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c24aca5564d2ae55:SESSION-c24aca5564d2ae55	SESSION-c24aca5564d2ae55 → pe:syn:SESSION-c24aca5564d2ae55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d1ca1108b3f9fffc:SESSION-d1ca1108b3f9fffc	SESSION-d1ca1108b3f9fffc → pe:syn:SESSION-d1ca1108b3f9fffc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1f059fe4a40805f2:host:131.196.31.242:host:172.234.197.23	SESSION-1f059fe4a40805f2 → host:131.196.31.242 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:342b74f48771:port:tcp:443	flow:342b74f48771 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-755eaab432e9c6a6:PCAP:capture_20260430080001:93f47cc296a4	SESSION-755eaab432e9c6a6 → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.115:asn:262880	host:177.10.232.115 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:6ad223502988:port:tcp:4615	flow:6ad223502988 → port:tcp:4615
FLOW_DST_PORTOBS	e:fp:flow:88ae630b16fe:port:tcp:443	flow:88ae630b16fe → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:dfe895f305cc:port:tcp:443	flow:dfe895f305cc → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:411cb313d178:port:tcp:443	flow:411cb313d178 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-1f299703bc1b4ff9:host:172.234.197.23	SESSION-1f299703bc1b4ff9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6242cf24a2978d6d:host:45.173.156.48:host:172.234.197.23	SESSION-6242cf24a2978d6d → host:45.173.156.48 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f750867699c9a944:host:172.232.0.16	SESSION-f750867699c9a944 → host:172.232.0.16
flow_observed5-aryOBS	e:fo:flow:c82bccc28482	flow:c82bccc28482 → host:177.10.235.184 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-27d1e1e2170d683a:host:172.234.197.23	SESSION-27d1e1e2170d683a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f9d5c4236faa:port:tcp:443	flow:f9d5c4236faa → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2db29654b7388c8c:host:177.10.237.122	SESSION-2db29654b7388c8c → host:177.10.237.122
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a0605f48b345a3ed:host:177.10.235.81	SESSION-a0605f48b345a3ed → host:177.10.235.81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4799248f1ba6e544:SESSION-4799248f1ba6e544	SESSION-4799248f1ba6e544 → pe:syn:SESSION-4799248f1ba6e544
FLOW_TO_HOSTOBS	e:to:SESSION-35dd0088a1238ab9:host:172.234.197.23	SESSION-35dd0088a1238ab9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eed27da13c534290:host:177.10.236.184	SESSION-eed27da13c534290 → host:177.10.236.184
FLOW_DST_PORTOBS	e:fp:flow:1938fe602d95:port:tcp:17636	flow:1938fe602d95 → port:tcp:17636
FLOW_FROM_HOSTOBS	e:from:SESSION-aad95c97a46f4b66:host:177.10.234.210	SESSION-aad95c97a46f4b66 → host:177.10.234.210
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fda1fcad7dd8a834:flow:b73ff5f41de9	SESSION-fda1fcad7dd8a834 → flow:b73ff5f41de9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ffb355c8f64da05f:host:172.234.197.23:host:45.173.156.201	SESSION-ffb355c8f64da05f → host:172.234.197.23 → host:45.173.156.201
FLOW_FROM_HOSTOBS	e:from:SESSION-c874ff4a201372ef:host:131.196.30.23	SESSION-c874ff4a201372ef → host:131.196.30.23
FLOW_DST_PORTOBS	e:fp:flow:e3dbd0b1c026:port:tcp:443	flow:e3dbd0b1c026 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:2ad543ca6167	flow:2ad543ca6167 → host:177.10.233.1 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-259d89cf1511dc5c:host:172.234.197.23	SESSION-259d89cf1511dc5c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8a147e2e8b42f79:host:172.234.197.23	SESSION-b8a147e2e8b42f79 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-37c43e7a9f6dcf12:host:177.10.235.194	SESSION-37c43e7a9f6dcf12 → host:177.10.235.194
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.120:asn:271410	host:131.196.31.120 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-99752db79d6c830d:SESSION-99752db79d6c830d	SESSION-99752db79d6c830d → pe:syn:SESSION-99752db79d6c830d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f45c3ab8ea783ada:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f45c3ab8ea783ada → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d7aef03828b51e64:flow:851dc7e1352e	SESSION-d7aef03828b51e64 → flow:851dc7e1352e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d9ece39eb531c8b:host:177.10.237.19:host:172.234.197.23	SESSION-1d9ece39eb531c8b → host:177.10.237.19 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bf00afe8057eb986:host:172.234.197.23	SESSION-bf00afe8057eb986 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c38263f2f5f96575:host:131.196.29.3	SESSION-c38263f2f5f96575 → host:131.196.29.3
FLOW_DST_PORTOBS	e:fp:flow:b33a99c12d3a:port:tcp:443	flow:b33a99c12d3a → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.13:geo_-16.28860_-49.01640	host:177.10.233.13 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9af6eb1ce6cb824f:host:45.173.156.84	SESSION-9af6eb1ce6cb824f → host:45.173.156.84
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b63214403b2d20c7:SESSION-b63214403b2d20c7	SESSION-b63214403b2d20c7 → pe:syn:SESSION-b63214403b2d20c7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f750867699c9a944:host:172.234.197.23:host:172.232.0.16	SESSION-f750867699c9a944 → host:172.234.197.23 → host:172.232.0.16
flow_observed5-aryOBS	e:fo:flow:027d214e6f11	flow:027d214e6f11 → host:45.173.156.94 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:1b2072a6894f	flow:1b2072a6894f → host:172.234.197.23 → host:177.10.234.72 → port:tcp:58867
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4886aa3300be1da9:host:177.10.239.70:host:172.234.197.23	SESSION-4886aa3300be1da9 → host:177.10.239.70 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ea3a69414cbbc32d:host:172.234.197.23	SESSION-ea3a69414cbbc32d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-932a817ddabc353f:host:172.234.197.23	SESSION-932a817ddabc353f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-61267dc46edf9a47:SESSION-61267dc46edf9a47	SESSION-61267dc46edf9a47 → pe:tls:SESSION-61267dc46edf9a47
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.164:geo_-23.62930_-46.63510	host:131.196.28.164 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7ac71f2f2355e0bb:host:45.173.156.116:host:172.234.197.23	SESSION-7ac71f2f2355e0bb → host:45.173.156.116 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9028600f4eef977b:flow:0d2369f69026	SESSION-9028600f4eef977b → flow:0d2369f69026
flow_observed4-aryOBS	e:fo:flow:ad3295a67b5a	flow:ad3295a67b5a → host:172.234.197.23 → host:131.196.29.234 → port:tcp:47313
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff331192f9cad8b9:host:172.234.197.23	SESSION-ff331192f9cad8b9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4754bc389b07ad3e:host:172.234.197.23	SESSION-4754bc389b07ad3e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4be71a9ef959f500:SESSION-4be71a9ef959f500	SESSION-4be71a9ef959f500 → pe:syn:SESSION-4be71a9ef959f500
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-16a7442acd9adfae:SESSION-16a7442acd9adfae	SESSION-16a7442acd9adfae → pe:syn:SESSION-16a7442acd9adfae
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ef734d9bbeb2d12:host:172.234.197.23	SESSION-4ef734d9bbeb2d12 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ee12e96d458a4e4:host:177.10.239.200:host:172.234.197.23	SESSION-1ee12e96d458a4e4 → host:177.10.239.200 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-217f16055e8d00da:host:45.173.156.213	SESSION-217f16055e8d00da → host:45.173.156.213
FLOW_FROM_HOSTOBS	e:from:SESSION-37617ebce6c7f9ac:host:172.234.197.23	SESSION-37617ebce6c7f9ac → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:485571b4585c:port:tcp:38639	flow:485571b4585c → port:tcp:38639
FLOW_DST_PORTOBS	e:fp:flow:f379ef231b16:port:tcp:443	flow:f379ef231b16 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b373f59ff0198ea:host:172.234.197.23	SESSION-9b373f59ff0198ea → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f95aea3e66ab57b:host:177.10.235.64	SESSION-4f95aea3e66ab57b → host:177.10.235.64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-abc64529b37d4840:host:97.139.12.85	SESSION-abc64529b37d4840 → host:97.139.12.85
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-78b6e298ccb2dbce:SESSION-78b6e298ccb2dbce	SESSION-78b6e298ccb2dbce → pe:tls:SESSION-78b6e298ccb2dbce
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cfb2466cf35b5342:flow:bba78eddc048	SESSION-cfb2466cf35b5342 → flow:bba78eddc048
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-932a817ddabc353f:SESSION-932a817ddabc353f	SESSION-932a817ddabc353f → pe:syn:SESSION-932a817ddabc353f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f88b9847e7767e00:PCAP:capture_20260430050001:8868731bf8a4	SESSION-f88b9847e7767e00 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:abdf49a61050	flow:abdf49a61050 → host:131.196.29.55 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:bf1d82e08e9f	flow:bf1d82e08e9f → host:177.10.236.115 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:7d9f821e6b63:port:tcp:443	flow:7d9f821e6b63 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-397164cbc5836ff1:host:177.10.232.67	SESSION-397164cbc5836ff1 → host:177.10.232.67
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3db1c42fb505a2f9:flow:1ace16a3669e	SESSION-3db1c42fb505a2f9 → flow:1ace16a3669e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dc085f76ab1a4e2b:SESSION-dc085f76ab1a4e2b	SESSION-dc085f76ab1a4e2b → pe:syn:SESSION-dc085f76ab1a4e2b
FLOW_FROM_HOSTOBS	e:from:SESSION-bf0bb0d03710ab65:host:177.10.236.64	SESSION-bf0bb0d03710ab65 → host:177.10.236.64
FLOW_DST_PORTOBS	e:fp:flow:a244accd3081:port:tcp:443	flow:a244accd3081 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.156:geo_-16.28860_-49.01640	host:177.10.232.156 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:7a2eec4103e1:port:tcp:50841	flow:7a2eec4103e1 → port:tcp:50841
flow_observed5-aryOBS	e:fo:flow:794db97b6d69	flow:794db97b6d69 → host:167.235.194.109 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:0ba7fcd14499:port:tcp:53570	flow:0ba7fcd14499 → port:tcp:53570
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-2a81d3c71843f89e:SESSION-2a81d3c71843f89e	SESSION-2a81d3c71843f89e → pe:rst:SESSION-2a81d3c71843f89e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-456e7eaee9f2720f:flow:ab0e97bd1d29	SESSION-456e7eaee9f2720f → flow:ab0e97bd1d29
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaf7cd3e5a2b7709:host:172.234.197.23	SESSION-eaf7cd3e5a2b7709 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.102:asn:271410	host:131.196.28.102 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:6a41698ec379:port:tcp:443	flow:6a41698ec379 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d077f88c61181481:host:172.234.197.23	SESSION-d077f88c61181481 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c402fe398bbf1491:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-c402fe398bbf1491 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.42:asn:271410	host:131.196.28.42 → asn:271410
flow_observed5-aryOBS	e:fo:flow:5a8bf8d48b0e	flow:5a8bf8d48b0e → host:177.10.237.118 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9b5948254caf12dd:SESSION-9b5948254caf12dd	SESSION-9b5948254caf12dd → pe:syn:SESSION-9b5948254caf12dd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-89fe4f171fdbfa97:host:92.112.71.158:host:172.234.197.23	SESSION-89fe4f171fdbfa97 → host:92.112.71.158 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:05cfa6aaf4d0:port:tcp:443	flow:05cfa6aaf4d0 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.73:asn:203771	host:185.231.226.73 → asn:203771
flow_observed4-aryOBS	e:fo:flow:8eef620e7e16	flow:8eef620e7e16 → host:172.234.197.23 → host:45.173.156.26 → port:tcp:44736
FLOW_FROM_HOSTOBS	e:from:SESSION-5bae596d14ec2741:host:177.10.238.20	SESSION-5bae596d14ec2741 → host:177.10.238.20
flow_observed5-aryOBS	e:fo:flow:d06e75a28da9	flow:d06e75a28da9 → host:131.196.28.0 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-312b2e72c1d2a2ee:host:131.196.30.253:host:172.234.197.23	SESSION-312b2e72c1d2a2ee → host:131.196.30.253 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0153bfe1e0550f7:host:177.10.234.143	SESSION-d0153bfe1e0550f7 → host:177.10.234.143
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.208:geo_-23.62930_-46.63510	host:131.196.29.208 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a979a64e0f94d26:flow:de5310002690	SESSION-8a979a64e0f94d26 → flow:de5310002690
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-179845184e318961:host:131.196.30.74	SESSION-179845184e318961 → host:131.196.30.74
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aee37cb69186d910:SESSION-aee37cb69186d910	SESSION-aee37cb69186d910 → pe:tls:SESSION-aee37cb69186d910
FLOW_DST_PORTOBS	e:fp:flow:7ebd7ee7274f:port:tcp:3533	flow:7ebd7ee7274f → port:tcp:3533
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.212:geo_-16.28860_-49.01640	host:177.10.235.212 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5f215cf2f031026d:SESSION-5f215cf2f031026d	SESSION-5f215cf2f031026d → pe:syn:SESSION-5f215cf2f031026d
FLOW_FROM_HOSTOBS	e:from:SESSION-8f0e5de26982cc62:host:172.234.197.23	SESSION-8f0e5de26982cc62 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0799ff092dfcce41:host:177.10.235.125	SESSION-0799ff092dfcce41 → host:177.10.235.125
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.233:asn:271410	host:131.196.30.233 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-85f6b1896204af93:SESSION-85f6b1896204af93	SESSION-85f6b1896204af93 → pe:syn:SESSION-85f6b1896204af93
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88449fe846038c62:host:172.234.197.23	SESSION-88449fe846038c62 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb3f1e71e19d60be:host:131.196.28.118	SESSION-bb3f1e71e19d60be → host:131.196.28.118
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.145:asn:271410	host:131.196.28.145 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b9d6fb279031158e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-b9d6fb279031158e → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07d653be0b30b2f4:host:31.40.196.235	SESSION-07d653be0b30b2f4 → host:31.40.196.235
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-32091c263c5425e7:SESSION-32091c263c5425e7	SESSION-32091c263c5425e7 → pe:tls:SESSION-32091c263c5425e7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.159:geo_-16.28860_-49.01640	host:177.10.237.159 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:6ba1a4d64ddf	flow:6ba1a4d64ddf → host:172.234.197.23 → host:177.10.236.118 → port:tcp:26659
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.2:geo_-16.28860_-49.01640	host:177.10.236.2 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7498682ecb6877b0:SESSION-7498682ecb6877b0	SESSION-7498682ecb6877b0 → pe:syn:SESSION-7498682ecb6877b0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-14b61e43a384fdb4:SESSION-14b61e43a384fdb4	SESSION-14b61e43a384fdb4 → pe:syn:SESSION-14b61e43a384fdb4
FLOW_DST_PORTOBS	e:fp:flow:9232c73db8ec:port:tcp:443	flow:9232c73db8ec → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-5397b2a7490ae0fb:host:172.234.197.23	SESSION-5397b2a7490ae0fb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-608f057a6e6e376d:flow:d50ac2c438e5	SESSION-608f057a6e6e376d → flow:d50ac2c438e5
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.134:asn:262880	host:177.10.239.134 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-33075a11d7099c2b:host:172.234.197.23	SESSION-33075a11d7099c2b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ef1bfc51ed52e33:host:172.234.197.23	SESSION-8ef1bfc51ed52e33 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e1aa0d90742fe552:host:172.234.197.23	SESSION-e1aa0d90742fe552 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96623b45a0a307c2:host:45.173.156.116	SESSION-96623b45a0a307c2 → host:45.173.156.116
FLOW_TO_HOSTOBS	e:to:SESSION-755eaab432e9c6a6:host:172.234.197.23	SESSION-755eaab432e9c6a6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f70b0605ff5c8685:SESSION-f70b0605ff5c8685	SESSION-f70b0605ff5c8685 → pe:syn:SESSION-f70b0605ff5c8685
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b96b3cde986adfb1:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-b96b3cde986adfb1 → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-7ff9648a7e097bde:BSG-DATA_EXFIL-87055d1091d6	SESSION-7ff9648a7e097bde → BSG-DATA_EXFIL-87055d1091d6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c88d7695016e6fbb:host:177.10.239.164	SESSION-c88d7695016e6fbb → host:177.10.239.164
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a9948d7535bcfa1:host:131.196.30.108	SESSION-1a9948d7535bcfa1 → host:131.196.30.108
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ac21eed532c969e:host:172.234.197.23	SESSION-6ac21eed532c969e → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:f3680fa657a2	flow:f3680fa657a2 → host:172.234.197.23 → host:177.10.232.42 → port:tcp:45978
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb7dd74b64c1f7c7:SESSION-cb7dd74b64c1f7c7	SESSION-cb7dd74b64c1f7c7 → pe:tls:SESSION-cb7dd74b64c1f7c7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bfa1612081e2aa61:flow:b5ace34b2127	SESSION-bfa1612081e2aa61 → flow:b5ace34b2127
FLOW_TO_HOSTOBS	e:to:SESSION-1a46a988dc3d14a3:host:172.234.197.23	SESSION-1a46a988dc3d14a3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-489ca31c7f776997:host:131.196.29.177	SESSION-489ca31c7f776997 → host:131.196.29.177
FLOW_FROM_HOSTOBS	e:from:SESSION-5b3b10ff846570e8:host:45.173.156.144	SESSION-5b3b10ff846570e8 → host:45.173.156.144
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-da14e430733ddeb2:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-da14e430733ddeb2 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cdfe5014ffcf69db:SESSION-cdfe5014ffcf69db	SESSION-cdfe5014ffcf69db → pe:syn:SESSION-cdfe5014ffcf69db
flow_observed4-aryOBS	e:fo:flow:fa2c6f134f69	flow:fa2c6f134f69 → host:172.234.197.23 → host:131.196.30.189 → port:tcp:11224
flow_observed5-aryOBS	e:fo:flow:c664a3f725a3	flow:c664a3f725a3 → host:177.10.232.190 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-bbc35343aa20f600:host:172.234.197.23	SESSION-bbc35343aa20f600 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5bec9c6872f5835:flow:3768c31ca8cd	SESSION-b5bec9c6872f5835 → flow:3768c31ca8cd
FLOW_DST_PORTOBS	e:fp:flow:704a2ea51294:port:tcp:443	flow:704a2ea51294 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a720c7dde0362052:PCAP:capture_20260430070001:903a0e7a436b	SESSION-a720c7dde0362052 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aae44d6cd669040c:SESSION-aae44d6cd669040c	SESSION-aae44d6cd669040c → pe:tls:SESSION-aae44d6cd669040c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.183:geo_-16.28860_-49.01640	host:177.10.237.183 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e327e4197615d5bf:PCAP:capture_20260430150001:ded20914761d	SESSION-e327e4197615d5bf → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.3:geo_-23.62930_-46.63510	host:131.196.29.3 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2f9ea4c8ad78eb8e:SESSION-2f9ea4c8ad78eb8e	SESSION-2f9ea4c8ad78eb8e → pe:tls:SESSION-2f9ea4c8ad78eb8e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0a8fa8ac12ff0c6:host:177.10.233.61	SESSION-f0a8fa8ac12ff0c6 → host:177.10.233.61
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d027fcdf19e82664:flow:4db2284d1be9	SESSION-d027fcdf19e82664 → flow:4db2284d1be9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e5a2ddb999c90e17:PCAP:capture_20260430070001:903a0e7a436b	SESSION-e5a2ddb999c90e17 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ea330cf59d2a2f8:host:177.10.237.218	SESSION-3ea330cf59d2a2f8 → host:177.10.237.218
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7141588dcb909c75:host:172.234.197.23	SESSION-7141588dcb909c75 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-28e949edc1bba418:host:131.196.31.220	SESSION-28e949edc1bba418 → host:131.196.31.220
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4aa43b0ccd10448e:host:172.234.197.23:host:177.10.239.35	SESSION-4aa43b0ccd10448e → host:172.234.197.23 → host:177.10.239.35
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a0913a57a803cab:host:172.234.197.23	SESSION-7a0913a57a803cab → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:7e01232a35e4	flow:7e01232a35e4 → host:172.234.197.23 → host:177.10.238.56 → port:tcp:56352
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.17:asn:262880	host:177.10.238.17 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8d12ffa49d0d3231:SESSION-8d12ffa49d0d3231	SESSION-8d12ffa49d0d3231 → pe:tls:SESSION-8d12ffa49d0d3231
FLOW_DST_PORTOBS	e:fp:flow:139a9503b98e:port:tcp:443	flow:139a9503b98e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3a825e71225466eb:SESSION-3a825e71225466eb	SESSION-3a825e71225466eb → pe:tls:SESSION-3a825e71225466eb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ec86a4c74825774a:flow:dcd3224e0a9d	SESSION-ec86a4c74825774a → flow:dcd3224e0a9d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a88f0b19d496a689:SESSION-a88f0b19d496a689	SESSION-a88f0b19d496a689 → pe:tls:SESSION-a88f0b19d496a689
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-94e95046da2771ab:flow:9d8b8dec8477	SESSION-94e95046da2771ab → flow:9d8b8dec8477
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2634dc5934886659:host:172.234.197.23	SESSION-2634dc5934886659 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0bc55e1159bab546:host:131.196.30.73	SESSION-0bc55e1159bab546 → host:131.196.30.73
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.6:geo_-16.28860_-49.01640	host:177.10.236.6 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-0a498324f9fce7e9:host:172.234.197.23	SESSION-0a498324f9fce7e9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-27da8f08a1512941:host:172.234.197.23	SESSION-27da8f08a1512941 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-285399b7803aab9b:host:177.10.234.81	SESSION-285399b7803aab9b → host:177.10.234.81
FLOW_FROM_HOSTOBS	e:from:SESSION-8ce1a5aa06c53f62:host:172.234.197.23	SESSION-8ce1a5aa06c53f62 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-09cf18cd582e793d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-09cf18cd582e793d → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:fe4ed0e5e9b3	flow:fe4ed0e5e9b3 → host:131.196.28.165 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-80c2fbd298f78f5d:host:177.10.235.109:host:172.234.197.23	SESSION-80c2fbd298f78f5d → host:177.10.235.109 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7f88b9c89fd4	flow:7f88b9c89fd4 → host:131.196.30.220 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ee14fe05044df9df:SESSION-ee14fe05044df9df	SESSION-ee14fe05044df9df → pe:syn:SESSION-ee14fe05044df9df
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9e540dbaefa45433:PCAP:capture_20260430060001:919b39a74464	SESSION-9e540dbaefa45433 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8dc28b29833676bc:host:177.10.239.176:host:172.234.197.23	SESSION-8dc28b29833676bc → host:177.10.239.176 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ec50ec61227c5d5c:host:177.10.236.157	SESSION-ec50ec61227c5d5c → host:177.10.236.157
FLOW_DST_PORTOBS	e:fp:flow:655ce0523929:port:tcp:48781	flow:655ce0523929 → port:tcp:48781
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-528b3497658f46ec:flow:a5dcec87eab7	SESSION-528b3497658f46ec → flow:a5dcec87eab7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c47a34d160ec21ba:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c47a34d160ec21ba → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.8:asn:271410	host:131.196.29.8 → asn:271410
flow_observed5-aryOBS	e:fo:flow:ab35e02bcb20	flow:ab35e02bcb20 → host:177.10.232.132 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-9d0657eb87257c08:BSG-BEACON-f6c2b3d0e42d	SESSION-9d0657eb87257c08 → BSG-BEACON-f6c2b3d0e42d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c47d04961700459f:flow:2435bf05528c	SESSION-c47d04961700459f → flow:2435bf05528c
FLOW_FROM_HOSTOBS	e:from:SESSION-b9523bcd246277dc:host:172.234.197.23	SESSION-b9523bcd246277dc → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:dc26b6b9e94a:port:tcp:443	flow:dc26b6b9e94a → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9b9ddad698cc7ffe:SESSION-9b9ddad698cc7ffe	SESSION-9b9ddad698cc7ffe → pe:tls:SESSION-9b9ddad698cc7ffe
FLOW_DST_PORTOBS	e:fp:flow:62b73d5bb72f:port:tcp:443	flow:62b73d5bb72f → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b8693b808e1d6b7d:flow:e363d697f2b7	SESSION-b8693b808e1d6b7d → flow:e363d697f2b7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d1227c455b771a86:SESSION-d1227c455b771a86	SESSION-d1227c455b771a86 → pe:tls:SESSION-d1227c455b771a86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-171cec02c0effee6:SESSION-171cec02c0effee6	SESSION-171cec02c0effee6 → pe:syn:SESSION-171cec02c0effee6
FLOW_FROM_HOSTOBS	e:from:SESSION-2bcd65d8e62fc5a1:host:172.234.197.23	SESSION-2bcd65d8e62fc5a1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-204050056bc27f05:flow:8c47c9c0c965	SESSION-204050056bc27f05 → flow:8c47c9c0c965
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.73:asn:271410	host:131.196.30.73 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.75:asn:271410	host:131.196.31.75 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-44555c754c6c7558:host:177.10.235.220	SESSION-44555c754c6c7558 → host:177.10.235.220
FLOW_DST_PORTOBS	e:fp:flow:a7e5050c5b2a:port:tcp:443	flow:a7e5050c5b2a → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-576cc11ebde25a50:flow:27a30c1d9498	SESSION-576cc11ebde25a50 → flow:27a30c1d9498
FLOW_DST_PORTOBS	e:fp:flow:f12f5320da02:port:tcp:80	flow:f12f5320da02 → port:tcp:80
FLOW_TO_HOSTOBS	e:to:SESSION-0a11bbc1f12398e3:host:172.234.197.23	SESSION-0a11bbc1f12398e3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9ce76aef4cf62c0f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9ce76aef4cf62c0f → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-993efaa98cc6a9ac:host:177.10.232.190	SESSION-993efaa98cc6a9ac → host:177.10.232.190
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-381f999774715cfc:host:172.234.197.23:host:177.10.232.100	SESSION-381f999774715cfc → host:172.234.197.23 → host:177.10.232.100
FLOW_DST_PORTOBS	e:fp:flow:b173003c6346:port:tcp:58600	flow:b173003c6346 → port:tcp:58600
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3930651da0a26cb4:host:131.196.28.45	SESSION-3930651da0a26cb4 → host:131.196.28.45
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8e6988ed77a3d110:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8e6988ed77a3d110 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-76bcf8447ee973fd:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-76bcf8447ee973fd → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-fc301fc8fa5220df:host:177.10.238.166	SESSION-fc301fc8fa5220df → host:177.10.238.166
FLOW_TO_HOSTOBS	e:to:SESSION-d47b3cf0d6133fea:host:172.234.197.23	SESSION-d47b3cf0d6133fea → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8df47c2606014223:SESSION-8df47c2606014223	SESSION-8df47c2606014223 → pe:tls:SESSION-8df47c2606014223
FLOW_DST_PORTOBS	e:fp:flow:64c0950ebd04:port:tcp:23530	flow:64c0950ebd04 → port:tcp:23530
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01d7e8e7f6d6f55b:host:177.10.233.141	SESSION-01d7e8e7f6d6f55b → host:177.10.233.141
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.211:geo_-16.28860_-49.01640	host:177.10.239.211 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-62d5a334e1fc9bd1:flow:9e171b985e85	SESSION-62d5a334e1fc9bd1 → flow:9e171b985e85
FLOW_TO_HOSTOBS	e:to:SESSION-d4992d20c4573840:host:172.234.197.23	SESSION-d4992d20c4573840 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3fdceaf69f291402:host:172.234.197.23	SESSION-3fdceaf69f291402 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a87d3ab31183768a:SESSION-a87d3ab31183768a	SESSION-a87d3ab31183768a → pe:syn:SESSION-a87d3ab31183768a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.27:asn:262880	host:177.10.237.27 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ddb8ef81f168c6c0:host:131.196.30.176:host:172.234.197.23	SESSION-ddb8ef81f168c6c0 → host:131.196.30.176 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8d2f335c9cd5:port:tcp:443	flow:8d2f335c9cd5 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51cc268447a19ae7:host:172.234.197.23:host:177.10.238.102	SESSION-51cc268447a19ae7 → host:172.234.197.23 → host:177.10.238.102
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b0ca3b8aea25b593:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b0ca3b8aea25b593 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85ceb858b118c816:flow:7112b92d323c	SESSION-85ceb858b118c816 → flow:7112b92d323c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4799248f1ba6e544:host:172.234.197.23	SESSION-4799248f1ba6e544 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37a58b55d4a339c3:flow:e14e48e38747	SESSION-37a58b55d4a339c3 → flow:e14e48e38747
flow_observed3-aryOBS	e:fo:flow:2349cb958fdf	flow:2349cb958fdf → host:172.234.197.23 → host:2.57.121.112
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ccbfb0ac760822d:host:45.173.156.134	SESSION-5ccbfb0ac760822d → host:45.173.156.134
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b9d47d1bafad5ad0:flow:aeda0575aba8	SESSION-b9d47d1bafad5ad0 → flow:aeda0575aba8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81ef982aa5449fd9:host:45.173.156.230	SESSION-81ef982aa5449fd9 → host:45.173.156.230
flow_observed4-aryOBS	e:fo:flow:cc8259921822	flow:cc8259921822 → host:172.234.197.23 → host:177.10.239.220 → port:tcp:36692
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e76f09c0f210884:flow:1175089c845f	SESSION-4e76f09c0f210884 → flow:1175089c845f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-42ac4798d48b113f:flow:164fda188da7	SESSION-42ac4798d48b113f → flow:164fda188da7
FLOW_DST_PORTOBS	e:fp:flow:4bfb1fbb46ab:port:tcp:443	flow:4bfb1fbb46ab → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-42eae260ad8ea663:host:177.10.233.144	SESSION-42eae260ad8ea663 → host:177.10.233.144
FLOW_TO_HOSTOBS	e:to:SESSION-f78268addd9f6ca3:host:172.234.197.23	SESSION-f78268addd9f6ca3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e806a1e4171599f:host:172.234.197.23	SESSION-4e806a1e4171599f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a74ec174530f5239:flow:e3887a4e7bdf	SESSION-a74ec174530f5239 → flow:e3887a4e7bdf
FLOW_TO_HOSTOBS	e:to:SESSION-ebb29f0c8a91fe62:host:172.234.197.23	SESSION-ebb29f0c8a91fe62 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:aad5c10ed15a	flow:aad5c10ed15a → host:45.173.156.244 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-e61eb47c134600b1:host:177.10.232.167	SESSION-e61eb47c134600b1 → host:177.10.232.167
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-29bd7d52bed21c18:host:131.196.30.49:host:172.234.197.23	SESSION-29bd7d52bed21c18 → host:131.196.30.49 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a83b6f19c39d579f:host:172.234.197.23	SESSION-a83b6f19c39d579f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:253dd770fdc9:port:tcp:443	flow:253dd770fdc9 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.31:geo_-23.62930_-46.63510	host:131.196.29.31 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:bf7584aa1a16:port:tcp:443	flow:bf7584aa1a16 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ac21eed532c969e:host:16.60.106.214	SESSION-6ac21eed532c969e → host:16.60.106.214
FLOW_FROM_HOSTOBS	e:from:SESSION-1c47767899447038:host:177.10.232.160	SESSION-1c47767899447038 → host:177.10.232.160
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-39d5adc1c22dd7ee:SESSION-39d5adc1c22dd7ee	SESSION-39d5adc1c22dd7ee → pe:syn:SESSION-39d5adc1c22dd7ee
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b99a2a75b4ae9e98:SESSION-b99a2a75b4ae9e98	SESSION-b99a2a75b4ae9e98 → pe:tls:SESSION-b99a2a75b4ae9e98
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac2cef9f7dcbf562:host:177.10.234.199	SESSION-ac2cef9f7dcbf562 → host:177.10.234.199
FLOW_FROM_HOSTOBS	e:from:SESSION-d4d0ab62891a0a5c:host:131.196.28.246	SESSION-d4d0ab62891a0a5c → host:131.196.28.246
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-783c4edbafa3c164:SESSION-783c4edbafa3c164	SESSION-783c4edbafa3c164 → pe:syn:SESSION-783c4edbafa3c164
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.132:geo_-16.28860_-49.01640	host:177.10.239.132 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.183:asn:262880	host:177.10.233.183 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.110:asn:262880	host:177.10.238.110 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ac71f2f2355e0bb:host:172.234.197.23	SESSION-7ac71f2f2355e0bb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-33fdede36596a62f:flow:9d6923eb9b16	SESSION-33fdede36596a62f → flow:9d6923eb9b16
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ae6c5a18819e9434:flow:64d6aa7dc384	SESSION-ae6c5a18819e9434 → flow:64d6aa7dc384
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.114:asn:262880	host:177.10.239.114 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-47ed07d15aa63df9:host:177.10.234.103	SESSION-47ed07d15aa63df9 → host:177.10.234.103
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.100:asn:262880	host:177.10.232.100 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9e9c761e9ca1eb65:host:177.10.237.71:host:172.234.197.23	SESSION-9e9c761e9ca1eb65 → host:177.10.237.71 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.186:asn:271410	host:131.196.29.186 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-acae490ef1211ca7:host:177.10.237.40	SESSION-acae490ef1211ca7 → host:177.10.237.40
HOST_IN_ASNOBS 85%	e:ha:host:51.92.14.54:asn:16509	host:51.92.14.54 → asn:16509
FLOW_DST_PORTOBS	e:fp:flow:70d1374f7732:port:tcp:443	flow:70d1374f7732 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-0b0b2d167e93bb2e:host:172.234.197.23	SESSION-0b0b2d167e93bb2e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3293ca960e74	flow:3293ca960e74 → host:131.196.31.165 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:b311735bdc68:port:tcp:443	flow:b311735bdc68 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32626bc077790390:host:131.196.30.74	SESSION-32626bc077790390 → host:131.196.30.74
FLOW_DST_PORTOBS	e:fp:flow:e69e318433a6:port:tcp:443	flow:e69e318433a6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f59bcaffd8dcae9:host:92.112.71.255	SESSION-8f59bcaffd8dcae9 → host:92.112.71.255
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85c181ffe8433ff0:flow:6597f6249945	SESSION-85c181ffe8433ff0 → flow:6597f6249945
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-31f4941ab57ed47b:host:177.10.235.117:host:172.234.197.23	SESSION-31f4941ab57ed47b → host:177.10.235.117 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.214:asn:271410	host:131.196.29.214 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:1c77732db387:port:tcp:443	flow:1c77732db387 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:68a63bdf73f4	flow:68a63bdf73f4 → host:172.234.197.23 → host:177.10.234.219 → port:tcp:56152
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1a46a988dc3d14a3:PCAP:capture_20260430060001:919b39a74464	SESSION-1a46a988dc3d14a3 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-33bdca28f4470cd7:SESSION-33bdca28f4470cd7	SESSION-33bdca28f4470cd7 → pe:tls:SESSION-33bdca28f4470cd7
FLOW_TO_HOSTOBS	e:to:SESSION-8be5aa373d930e54:host:177.10.232.42	SESSION-8be5aa373d930e54 → host:177.10.232.42
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5c65a4c12e9ce549:SESSION-5c65a4c12e9ce549	SESSION-5c65a4c12e9ce549 → pe:syn:SESSION-5c65a4c12e9ce549
FLOW_TO_HOSTOBS	e:to:SESSION-e577d7cf1b0ace36:host:172.234.197.23	SESSION-e577d7cf1b0ace36 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e15824f9dd78d2b4:host:177.10.235.217	SESSION-e15824f9dd78d2b4 → host:177.10.235.217
FLOW_DST_PORTOBS	e:fp:flow:2ff53ffc0eae:port:tcp:443	flow:2ff53ffc0eae → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3839adbba9942939:SESSION-3839adbba9942939	SESSION-3839adbba9942939 → pe:tls:SESSION-3839adbba9942939
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0957d40de01926ae:SESSION-0957d40de01926ae	SESSION-0957d40de01926ae → pe:syn:SESSION-0957d40de01926ae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-95229bbdec6f8a74:SESSION-95229bbdec6f8a74	SESSION-95229bbdec6f8a74 → pe:tls:SESSION-95229bbdec6f8a74
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9912439438040361:SESSION-9912439438040361	SESSION-9912439438040361 → pe:syn:SESSION-9912439438040361
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.121:geo_-16.28860_-49.01640	host:177.10.233.121 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f0b6872bf6474c44:host:172.234.197.23:host:131.196.30.98	SESSION-f0b6872bf6474c44 → host:172.234.197.23 → host:131.196.30.98
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6d83b2373dd8cdc:host:177.10.236.237	SESSION-d6d83b2373dd8cdc → host:177.10.236.237
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-007ba64cafd5a15c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-007ba64cafd5a15c → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a148e202465c0b29:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a148e202465c0b29 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-166e94983783f266:host:172.234.197.23	SESSION-166e94983783f266 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a22e38c714d83c7:host:172.234.197.23	SESSION-3a22e38c714d83c7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-60dcadff088f62ae:flow:86b65480c339	SESSION-60dcadff088f62ae → flow:86b65480c339
flow_observed3-aryOBS	e:fo:flow:76b49f6dd75d	flow:76b49f6dd75d → host:43.196.88.244 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:86c234463be6:port:tcp:443	flow:86c234463be6 → port:tcp:443
ASN_IN_ORGOBS 80%	e:ao:asn:3170:org:VeloxServ Communications Ltd	asn:3170 → org:VeloxServ Communications Ltd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be95a34ad4eedb81:host:131.196.31.26	SESSION-be95a34ad4eedb81 → host:131.196.31.26
FLOW_FROM_HOSTOBS	e:from:SESSION-f0b6872bf6474c44:host:172.234.197.23	SESSION-f0b6872bf6474c44 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6aca00d0413062e5:SESSION-6aca00d0413062e5	SESSION-6aca00d0413062e5 → pe:syn:SESSION-6aca00d0413062e5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-42eae260ad8ea663:SESSION-42eae260ad8ea663	SESSION-42eae260ad8ea663 → pe:tls:SESSION-42eae260ad8ea663
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bb70871923a8cd06:SESSION-bb70871923a8cd06	SESSION-bb70871923a8cd06 → pe:tls:SESSION-bb70871923a8cd06
flow_observed5-aryOBS	e:fo:flow:a5ba946b42e4	flow:a5ba946b42e4 → host:131.196.30.65 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf1647bbc272aaf8:SESSION-bf1647bbc272aaf8	SESSION-bf1647bbc272aaf8 → pe:syn:SESSION-bf1647bbc272aaf8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-18af1f65a173a9cf:host:172.234.197.23:host:80.94.92.186	SESSION-18af1f65a173a9cf → host:172.234.197.23 → host:80.94.92.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09a6e49240d11692:host:172.234.197.23	SESSION-09a6e49240d11692 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c85a8771eed4d0f:host:172.234.197.23	SESSION-7c85a8771eed4d0f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:724cce6089de	flow:724cce6089de → host:177.10.238.220 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bb7c4827354230c4:host:172.234.197.23:host:45.173.156.69	SESSION-bb7c4827354230c4 → host:172.234.197.23 → host:45.173.156.69
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-46290f7655d18c8b:flow:0595c92f8649	SESSION-46290f7655d18c8b → flow:0595c92f8649
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cddd8421db4c97d9:SESSION-cddd8421db4c97d9	SESSION-cddd8421db4c97d9 → pe:syn:SESSION-cddd8421db4c97d9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-deb97792675d8a5d:SESSION-deb97792675d8a5d	SESSION-deb97792675d8a5d → pe:syn:SESSION-deb97792675d8a5d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5fdb408b0b3dd802:SESSION-5fdb408b0b3dd802	SESSION-5fdb408b0b3dd802 → pe:syn:SESSION-5fdb408b0b3dd802
FLOW_DST_PORTOBS	e:fp:flow:d685a98a7d85:port:tcp:20557	flow:d685a98a7d85 → port:tcp:20557
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9af401128ecea586:host:172.234.197.23	SESSION-9af401128ecea586 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-43a6565d7143b8ab:SESSION-43a6565d7143b8ab	SESSION-43a6565d7143b8ab → pe:tls:SESSION-43a6565d7143b8ab
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-626902abaec078eb:host:172.234.197.23	SESSION-626902abaec078eb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2def334ee7bae1e1:flow:2002322f6670	SESSION-2def334ee7bae1e1 → flow:2002322f6670
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-169e7d2007075619:flow:40c3645ae1b8	SESSION-169e7d2007075619 → flow:40c3645ae1b8
flow_observed5-aryOBS	e:fo:flow:73ce5e8a95c6	flow:73ce5e8a95c6 → host:131.196.30.37 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ce217831fb6e1103:host:172.234.197.23:host:177.10.234.104	SESSION-ce217831fb6e1103 → host:172.234.197.23 → host:177.10.234.104
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f96a240aba6afcc:host:172.234.197.23	SESSION-2f96a240aba6afcc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dd58ba429e3d894b:SESSION-dd58ba429e3d894b	SESSION-dd58ba429e3d894b → pe:syn:SESSION-dd58ba429e3d894b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cf2d710eb7a0f34a:SESSION-cf2d710eb7a0f34a	SESSION-cf2d710eb7a0f34a → pe:tls:SESSION-cf2d710eb7a0f34a
flow_observed5-aryOBS	e:fo:flow:fe93b65145cc	flow:fe93b65145cc → host:177.10.238.103 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d31cb6e546f767b7:SESSION-d31cb6e546f767b7	SESSION-d31cb6e546f767b7 → pe:tls:SESSION-d31cb6e546f767b7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5cc5078bf4d23558:host:172.234.197.23	SESSION-5cc5078bf4d23558 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-51de65c9ef505a13:host:172.234.197.23	SESSION-51de65c9ef505a13 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.221:asn:262880	host:177.10.234.221 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a4506f2fb402b7f:host:131.196.30.243	SESSION-0a4506f2fb402b7f → host:131.196.30.243
flow_observed5-aryOBS	e:fo:flow:0734f1162312	flow:0734f1162312 → host:177.10.233.141 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1f78283937123fd5:flow:ed30ae43a62a	SESSION-1f78283937123fd5 → flow:ed30ae43a62a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.48:asn:262880	host:177.10.234.48 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-4cc664d616fce9d7:host:45.173.156.232	SESSION-4cc664d616fce9d7 → host:45.173.156.232
flow_observed4-aryOBS	e:fo:flow:d496ebf6562f	flow:d496ebf6562f → host:172.234.197.23 → host:177.10.239.2 → port:tcp:17235
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb4d3e328cdf4bcd:host:131.196.31.105	SESSION-cb4d3e328cdf4bcd → host:131.196.31.105
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-596b6c60b11eaa92:host:172.234.197.23:host:177.10.234.195	SESSION-596b6c60b11eaa92 → host:172.234.197.23 → host:177.10.234.195
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8247aea4532236dc:host:177.10.238.54	SESSION-8247aea4532236dc → host:177.10.238.54
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9df048180bcb59b6:host:172.234.197.23:host:131.196.30.72	SESSION-9df048180bcb59b6 → host:172.234.197.23 → host:131.196.30.72
flow_observed5-aryOBS	e:fo:flow:ca4672e6c9cf	flow:ca4672e6c9cf → host:92.112.71.169 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-cf7044e44d29be7c:host:177.10.233.172	SESSION-cf7044e44d29be7c → host:177.10.233.172
flow_observed5-aryOBS	e:fo:flow:88fcb1cd71e8	flow:88fcb1cd71e8 → host:51.75.171.21 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-35fc4de775269620:host:172.234.197.23	SESSION-35fc4de775269620 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.125:asn:271410	host:131.196.29.125 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e2ecbcecdc44a459:PCAP:capture_20260430070001:903a0e7a436b	SESSION-e2ecbcecdc44a459 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-02270ea748fd3855:host:177.10.232.120	SESSION-02270ea748fd3855 → host:177.10.232.120
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a9948d7535bcfa1:host:172.234.197.23	SESSION-1a9948d7535bcfa1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:47679687883b:port:tcp:443	flow:47679687883b → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:e2dc5be34a26:port:tcp:443	flow:e2dc5be34a26 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-67b1c0091ebc1322:PCAP:capture_20260430160001:9bfa4498506a	SESSION-67b1c0091ebc1322 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6e3c617395c3b07:host:172.234.197.23	SESSION-d6e3c617395c3b07 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f5bb0fb568e127c0:flow:47767f008320	SESSION-f5bb0fb568e127c0 → flow:47767f008320
FLOW_DST_PORTOBS	e:fp:flow:b0c00cda65ca:port:tcp:7551	flow:b0c00cda65ca → port:tcp:7551
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b670e7c5e0a8e3a1:host:172.234.197.23:host:45.173.156.201	SESSION-b670e7c5e0a8e3a1 → host:172.234.197.23 → host:45.173.156.201
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-712d2d82579af730:host:172.234.197.23:host:177.10.232.211	SESSION-712d2d82579af730 → host:172.234.197.23 → host:177.10.232.211
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf997a1aac5d0ef1:host:177.10.235.42:host:172.234.197.23	SESSION-bf997a1aac5d0ef1 → host:177.10.235.42 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-065e72b14a827150:host:177.10.237.128	SESSION-065e72b14a827150 → host:177.10.237.128
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bfbb16ce344dac5c:SESSION-bfbb16ce344dac5c	SESSION-bfbb16ce344dac5c → pe:tls:SESSION-bfbb16ce344dac5c
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.162:asn:262880	host:177.10.234.162 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e7e8f7da56292748:PCAP:capture_20260430080001:93f47cc296a4	SESSION-e7e8f7da56292748 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42d85a7a0d0a6c22:host:172.234.197.23	SESSION-42d85a7a0d0a6c22 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fb9800c0b594ef9b:host:177.10.232.124	SESSION-fb9800c0b594ef9b → host:177.10.232.124
FLOW_TO_HOSTOBS	e:to:SESSION-dc3f24e93e3e0fb3:host:172.234.197.23	SESSION-dc3f24e93e3e0fb3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2287ae96f90f1374:PCAP:capture_20260430080001:93f47cc296a4	SESSION-2287ae96f90f1374 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:329e1f6a0d23:port:tcp:443	flow:329e1f6a0d23 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.155:asn:271410	host:131.196.29.155 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3e583d09be0235fc:host:54.254.24.234:host:172.234.197.23	SESSION-3e583d09be0235fc → host:54.254.24.234 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3fed8b877378	flow:3fed8b877378 → host:131.196.31.242 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:73ec004c322c	flow:73ec004c322c → host:172.234.197.23 → host:131.196.30.61 → port:tcp:5775
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.55:asn:262880	host:177.10.237.55 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-08ccad07eda14042:flow:762ee0d4e964	SESSION-08ccad07eda14042 → flow:762ee0d4e964
FLOW_TO_HOSTOBS	e:to:SESSION-fb0bca31750919c1:host:172.234.197.23	SESSION-fb0bca31750919c1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a288a75f40d03563:host:177.10.239.55:host:172.234.197.23	SESSION-a288a75f40d03563 → host:177.10.239.55 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-991550775dcb0266:flow:2825022e2692	SESSION-991550775dcb0266 → flow:2825022e2692
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-25103b8a97127215:SESSION-25103b8a97127215	SESSION-25103b8a97127215 → pe:syn:SESSION-25103b8a97127215
FLOW_TO_HOSTOBS	e:to:SESSION-1a26d5a4b5eab898:host:172.234.197.23	SESSION-1a26d5a4b5eab898 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7fc1282909254587:SESSION-7fc1282909254587	SESSION-7fc1282909254587 → pe:syn:SESSION-7fc1282909254587
FLOW_DST_PORTOBS	e:fp:flow:cc4fbcad423d:port:tcp:443	flow:cc4fbcad423d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e503c69e36c27590:SESSION-e503c69e36c27590	SESSION-e503c69e36c27590 → pe:tls:SESSION-e503c69e36c27590
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a01362ca7d087a96:SESSION-a01362ca7d087a96	SESSION-a01362ca7d087a96 → pe:syn:SESSION-a01362ca7d087a96
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f6d18082a7e4dce:flow:b8edaf1c817b	SESSION-4f6d18082a7e4dce → flow:b8edaf1c817b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.197:asn:262880	host:177.10.239.197 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0af0d5d1b3f6259:host:172.234.197.23	SESSION-c0af0d5d1b3f6259 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-276107f90ab0c118:host:177.10.236.51	SESSION-276107f90ab0c118 → host:177.10.236.51
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f130592ce1f7f0fb:SESSION-f130592ce1f7f0fb	SESSION-f130592ce1f7f0fb → pe:tls:SESSION-f130592ce1f7f0fb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aab351c0be27393b:PCAP:capture_20260430150001:ded20914761d	SESSION-aab351c0be27393b → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.195:geo_19.07480_72.88560	host:45.145.152.195 → geo_19.07480_72.88560
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-58f2a638c6bf8581:host:104.28.202.79:host:172.234.197.23	SESSION-58f2a638c6bf8581 → host:104.28.202.79 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fecc6fa34e31300b:flow:0479cebeee52	SESSION-fecc6fa34e31300b → flow:0479cebeee52
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ee2f1f025d37aa07:flow:8ea02b6f9852	SESSION-ee2f1f025d37aa07 → flow:8ea02b6f9852
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99de4fcd637901fc:host:172.234.197.23	SESSION-99de4fcd637901fc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f6588417d002f2ed:SESSION-f6588417d002f2ed	SESSION-f6588417d002f2ed → pe:tls:SESSION-f6588417d002f2ed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33fdede36596a62f:host:97.139.12.85	SESSION-33fdede36596a62f → host:97.139.12.85
flow_observed5-aryOBS	e:fo:flow:fa3e2132fc0a	flow:fa3e2132fc0a → host:177.10.234.126 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:b961b57bcd95	flow:b961b57bcd95 → host:177.10.236.191 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:75ebfafff6d6:port:tcp:443	flow:75ebfafff6d6 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-28ca4d014ad9a35f:SESSION-28ca4d014ad9a35f	SESSION-28ca4d014ad9a35f → pe:syn:SESSION-28ca4d014ad9a35f
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.174:asn:262880	host:177.10.239.174 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2fc2bfb2b0c4767b:host:177.10.239.205	SESSION-2fc2bfb2b0c4767b → host:177.10.239.205
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5470436eecf7738e:flow:3c4b26c6586f	SESSION-5470436eecf7738e → flow:3c4b26c6586f
FLOW_DST_PORTOBS	e:fp:flow:82ed4e90b8f2:port:tcp:1321	flow:82ed4e90b8f2 → port:tcp:1321
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.152:geo_-16.28860_-49.01640	host:177.10.237.152 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.126:geo_-16.28860_-49.01640	host:177.10.232.126 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aee71e8cd1625550:PCAP:capture_20260430080001:93f47cc296a4	SESSION-aee71e8cd1625550 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b792e9866f7563b8:host:172.234.197.23	SESSION-b792e9866f7563b8 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.167:geo_-23.62930_-46.63510	host:131.196.31.167 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-3f486f528dd93473:host:172.234.197.23	SESSION-3f486f528dd93473 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-da8ba1d6891d9574:flow:8722ec6291f0	SESSION-da8ba1d6891d9574 → flow:8722ec6291f0
flow_observed5-aryOBS	e:fo:flow:f82606c83b27	flow:f82606c83b27 → host:177.10.234.244 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5d4cb0f7560af550:host:172.234.197.23:host:131.196.30.169	SESSION-5d4cb0f7560af550 → host:172.234.197.23 → host:131.196.30.169
FLOW_DST_PORTOBS	e:fp:flow:e4903629ff51:port:tcp:443	flow:e4903629ff51 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:273d8d2012ce	flow:273d8d2012ce → host:45.173.156.134 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-13bd66b79cddeec8:host:177.10.232.80	SESSION-13bd66b79cddeec8 → host:177.10.232.80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4db42491c04de440:host:177.10.236.151	SESSION-4db42491c04de440 → host:177.10.236.151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-41808c8c85c3c4d3:SESSION-41808c8c85c3c4d3	SESSION-41808c8c85c3c4d3 → pe:tls:SESSION-41808c8c85c3c4d3
FLOW_TO_HOSTOBS	e:to:SESSION-1440a3c9b30a4056:host:172.234.197.23	SESSION-1440a3c9b30a4056 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41f0125815f54041:host:45.173.156.138	SESSION-41f0125815f54041 → host:45.173.156.138
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-422ba54da9c49203:flow:8fd405509a6f	SESSION-422ba54da9c49203 → flow:8fd405509a6f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.185:geo_-23.62930_-46.63510	host:131.196.30.185 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.177:geo_-16.28860_-49.01640	host:177.10.233.177 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9cd2627e6ddbbad1:SESSION-9cd2627e6ddbbad1	SESSION-9cd2627e6ddbbad1 → pe:tls:SESSION-9cd2627e6ddbbad1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3bb818ce2b02135d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3bb818ce2b02135d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-7e812ffe43c670dc:host:172.234.197.23	SESSION-7e812ffe43c670dc → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:c87b6a5476f5	flow:c87b6a5476f5 → host:172.234.197.23 → host:177.10.235.111 → port:tcp:5324
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-27f830f77ddb5dd1:SESSION-27f830f77ddb5dd1	SESSION-27f830f77ddb5dd1 → pe:tls:SESSION-27f830f77ddb5dd1
FLOW_FROM_HOSTOBS	e:from:SESSION-09db40e08b93496c:host:177.10.236.33	SESSION-09db40e08b93496c → host:177.10.236.33
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75251a40e4bc6a46:host:45.173.156.72	SESSION-75251a40e4bc6a46 → host:45.173.156.72
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9136bc11056d23d:host:177.10.237.162	SESSION-c9136bc11056d23d → host:177.10.237.162
FLOW_FROM_HOSTOBS	e:from:SESSION-a96ffc9fa12c0c5a:host:131.196.30.156	SESSION-a96ffc9fa12c0c5a → host:131.196.30.156
FLOW_DST_PORTOBS	e:fp:flow:c7dc5afda64e:port:tcp:443	flow:c7dc5afda64e → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9f7884afbce83d50:host:177.10.238.161:host:172.234.197.23	SESSION-9f7884afbce83d50 → host:177.10.238.161 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0bc55e1159bab546:SESSION-0bc55e1159bab546	SESSION-0bc55e1159bab546 → pe:tls:SESSION-0bc55e1159bab546
FLOW_TO_HOSTOBS	e:to:SESSION-f57d963826b0d8cc:host:172.234.197.23	SESSION-f57d963826b0d8cc → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.83:geo_-21.10010_-41.69200	host:45.173.156.83 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:9854c2bfa6b6:port:tcp:27432	flow:9854c2bfa6b6 → port:tcp:27432
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.83:asn:271410	host:131.196.30.83 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d5ad022ad4096ce5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d5ad022ad4096ce5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-8cf04cf372371106:host:172.234.197.23	SESSION-8cf04cf372371106 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-875fd6bdbe4ae339:host:177.10.236.52	SESSION-875fd6bdbe4ae339 → host:177.10.236.52
FLOW_FROM_HOSTOBS	e:from:SESSION-786e34aed7c64f61:host:172.234.197.23	SESSION-786e34aed7c64f61 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d6af4ef287316d5:host:172.234.197.23	SESSION-7d6af4ef287316d5 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.196:geo_-23.62930_-46.63510	host:131.196.31.196 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4bc305941088d24:flow:c0f2dd55f138	SESSION-d4bc305941088d24 → flow:c0f2dd55f138
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f852deb0b74344a0:SESSION-f852deb0b74344a0	SESSION-f852deb0b74344a0 → pe:syn:SESSION-f852deb0b74344a0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f5f3ac5dec394466:flow:3c78e4fa9a53	SESSION-f5f3ac5dec394466 → flow:3c78e4fa9a53
FLOW_TO_HOSTOBS	e:to:SESSION-67ec60ac13d58093:host:45.173.156.189	SESSION-67ec60ac13d58093 → host:45.173.156.189
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bd728e6d9f0647f9:SESSION-bd728e6d9f0647f9	SESSION-bd728e6d9f0647f9 → pe:syn:SESSION-bd728e6d9f0647f9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65a2e80880ae05c5:SESSION-65a2e80880ae05c5	SESSION-65a2e80880ae05c5 → pe:tls:SESSION-65a2e80880ae05c5
flow_observed5-aryOBS	e:fo:flow:bd9b4d688669	flow:bd9b4d688669 → host:131.196.30.181 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2579d58cc01cbffa:SESSION-2579d58cc01cbffa	SESSION-2579d58cc01cbffa → pe:tls:SESSION-2579d58cc01cbffa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c6924fc6c1078bec:SESSION-c6924fc6c1078bec	SESSION-c6924fc6c1078bec → pe:tls:SESSION-c6924fc6c1078bec
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-592c559641abdde0:SESSION-592c559641abdde0	SESSION-592c559641abdde0 → pe:tls:SESSION-592c559641abdde0
FLOW_DST_PORTOBS	e:fp:flow:2b4a1d206e95:port:tcp:443	flow:2b4a1d206e95 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:54.201.244.199:asn:16509	host:54.201.244.199 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db187e026dbc97b6:SESSION-db187e026dbc97b6	SESSION-db187e026dbc97b6 → pe:syn:SESSION-db187e026dbc97b6
FLOW_FROM_HOSTOBS	e:from:SESSION-2338a143c0830527:host:177.10.236.101	SESSION-2338a143c0830527 → host:177.10.236.101
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d00c2356d94b56a1:host:172.234.197.23:host:177.10.236.204	SESSION-d00c2356d94b56a1 → host:172.234.197.23 → host:177.10.236.204
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-60c160c47311ca12:flow:9b42ce9f0d54	SESSION-60c160c47311ca12 → flow:9b42ce9f0d54
FLOW_FROM_HOSTOBS	e:from:SESSION-b7ac209c33b5c7f5:host:131.196.30.138	SESSION-b7ac209c33b5c7f5 → host:131.196.30.138
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.193:asn:262880	host:177.10.234.193 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7d1c756fff84e2d4:SESSION-7d1c756fff84e2d4	SESSION-7d1c756fff84e2d4 → pe:syn:SESSION-7d1c756fff84e2d4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bac5dc0e18d2349f:host:49.12.170.238:host:172.234.197.23	SESSION-bac5dc0e18d2349f → host:49.12.170.238 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:108.217.180.26:asn:7018	host:108.217.180.26 → asn:7018
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-09c0e42aa6120a11:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-09c0e42aa6120a11 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a3e5e93fe3cda49d:host:45.173.156.63:host:172.234.197.23	SESSION-a3e5e93fe3cda49d → host:45.173.156.63 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6da898acb6c07034:host:177.10.233.192	SESSION-6da898acb6c07034 → host:177.10.233.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-925ab2a859ac277f:SESSION-925ab2a859ac277f	SESSION-925ab2a859ac277f → pe:syn:SESSION-925ab2a859ac277f
FLOW_FROM_HOSTOBS	e:from:SESSION-8409f84148f471e2:host:172.234.197.23	SESSION-8409f84148f471e2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-adc05f42cd7b2533:host:177.10.233.65	SESSION-adc05f42cd7b2533 → host:177.10.233.65
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-61e3533744fe7104:host:172.234.197.23:host:177.10.235.24	SESSION-61e3533744fe7104 → host:172.234.197.23 → host:177.10.235.24
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9a9ddd86aa762a0:host:172.234.197.23	SESSION-c9a9ddd86aa762a0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:32a5ae89b8f4	flow:32a5ae89b8f4 → host:177.10.235.169 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-174ad36923ec98ba:host:172.234.197.23	SESSION-174ad36923ec98ba → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5133340de07cf838:SESSION-5133340de07cf838	SESSION-5133340de07cf838 → pe:tls:SESSION-5133340de07cf838
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-421b35b56ec8b984:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-421b35b56ec8b984 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9ab55f3989857eec:SESSION-9ab55f3989857eec	SESSION-9ab55f3989857eec → pe:syn:SESSION-9ab55f3989857eec
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2579d58cc01cbffa:host:177.10.236.251	SESSION-2579d58cc01cbffa → host:177.10.236.251
FLOW_DST_PORTOBS	e:fp:flow:ed7f77efecef:port:tcp:443	flow:ed7f77efecef → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bc57d45d1a1b2f7b:SESSION-bc57d45d1a1b2f7b	SESSION-bc57d45d1a1b2f7b → pe:syn:SESSION-bc57d45d1a1b2f7b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf31506875543a88:host:172.234.197.23	SESSION-cf31506875543a88 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:dcdb2681bcf7	flow:dcdb2681bcf7 → host:177.10.238.54 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-46290f7655d18c8b:host:177.10.238.87	SESSION-46290f7655d18c8b → host:177.10.238.87
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-20c169d44973b1e9:host:177.10.237.129:host:172.234.197.23	SESSION-20c169d44973b1e9 → host:177.10.237.129 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d77475f82108632b:SESSION-d77475f82108632b	SESSION-d77475f82108632b → pe:syn:SESSION-d77475f82108632b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-111e536a3f33c549:host:177.10.237.39:host:172.234.197.23	SESSION-111e536a3f33c549 → host:177.10.237.39 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0e56fb95f564a0aa:flow:8e45fdb23cc0	SESSION-0e56fb95f564a0aa → flow:8e45fdb23cc0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.136:geo_-23.62930_-46.63510	host:131.196.28.136 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1433a266c3f7170c:SESSION-1433a266c3f7170c	SESSION-1433a266c3f7170c → pe:syn:SESSION-1433a266c3f7170c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eaae06fce38c131f:host:177.10.232.67:host:172.234.197.23	SESSION-eaae06fce38c131f → host:177.10.232.67 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d4862cddc1ddaa50:SESSION-d4862cddc1ddaa50	SESSION-d4862cddc1ddaa50 → pe:syn:SESSION-d4862cddc1ddaa50
FLOW_FROM_HOSTOBS	e:from:SESSION-da14e430733ddeb2:host:172.234.197.23	SESSION-da14e430733ddeb2 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.235:geo_-16.28860_-49.01640	host:177.10.234.235 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e743a12f6a9d6a4:host:172.234.197.23	SESSION-8e743a12f6a9d6a4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da14e430733ddeb2:host:172.234.197.23	SESSION-da14e430733ddeb2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da40d6e9bff8c88d:host:131.196.29.152	SESSION-da40d6e9bff8c88d → host:131.196.29.152
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf6bfb4b9f17f41e:SESSION-bf6bfb4b9f17f41e	SESSION-bf6bfb4b9f17f41e → pe:syn:SESSION-bf6bfb4b9f17f41e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8196f582d24c6a3:host:177.10.235.72	SESSION-b8196f582d24c6a3 → host:177.10.235.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-b9d0d1a45a4e9ec7:SESSION-b9d0d1a45a4e9ec7	SESSION-b9d0d1a45a4e9ec7 → pe:rst:SESSION-b9d0d1a45a4e9ec7
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.248:asn:271410	host:131.196.28.248 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2e3764b25412d87e:host:172.234.197.23:host:177.10.236.1	SESSION-2e3764b25412d87e → host:172.234.197.23 → host:177.10.236.1
flow_observed5-aryOBS	e:fo:flow:f97c8850c8aa	flow:f97c8850c8aa → host:174.202.97.85 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-664631b6c582f1f7:host:172.234.197.23	SESSION-664631b6c582f1f7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66f42b3418de6818:host:45.173.156.47	SESSION-66f42b3418de6818 → host:45.173.156.47
FLOW_TO_HOSTOBS	e:to:SESSION-6752f583f7e09519:host:172.234.197.23	SESSION-6752f583f7e09519 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3cce400dbd51:port:tcp:443	flow:3cce400dbd51 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-714dd24b305adb19:host:131.196.28.46	SESSION-714dd24b305adb19 → host:131.196.28.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-001dbe9c45882aae:SESSION-001dbe9c45882aae	SESSION-001dbe9c45882aae → pe:tls:SESSION-001dbe9c45882aae
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.81:asn:262880	host:177.10.237.81 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d44c53e781b5466e:host:131.196.31.253	SESSION-d44c53e781b5466e → host:131.196.31.253
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-90804beaa6aefbc0:flow:56a8cea9fac6	SESSION-90804beaa6aefbc0 → flow:56a8cea9fac6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7912a0e1302b3ba3:host:131.196.31.79	SESSION-7912a0e1302b3ba3 → host:131.196.31.79
FLOW_DST_PORTOBS	e:fp:flow:eb61038ce25b:port:tcp:443	flow:eb61038ce25b → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5adf4423481534a6:host:172.234.197.23:host:45.173.156.93	SESSION-5adf4423481534a6 → host:172.234.197.23 → host:45.173.156.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e115bc688365a9e7:SESSION-e115bc688365a9e7	SESSION-e115bc688365a9e7 → pe:tls:SESSION-e115bc688365a9e7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-d8432ee5dd236020:SESSION-d8432ee5dd236020	SESSION-d8432ee5dd236020 → pe:rst:SESSION-d8432ee5dd236020
FLOW_TO_HOSTOBS	e:to:SESSION-415d7b69c6628cc7:host:45.173.156.3	SESSION-415d7b69c6628cc7 → host:45.173.156.3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7409e3f74011df2:host:172.234.197.23	SESSION-c7409e3f74011df2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f776838979623936:host:131.196.31.159	SESSION-f776838979623936 → host:131.196.31.159
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7eb43af6b38a5d78:host:157.180.84.94:host:172.234.197.23	SESSION-7eb43af6b38a5d78 → host:157.180.84.94 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d8d89328eefc28d4:host:131.196.28.198	SESSION-d8d89328eefc28d4 → host:131.196.28.198
flow_observed4-aryOBS	e:fo:flow:158fee2de95a	flow:158fee2de95a → host:172.234.197.23 → host:177.10.233.240 → port:tcp:55154
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2df4632ec7c2c624:host:131.196.29.186	SESSION-2df4632ec7c2c624 → host:131.196.29.186
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-275d804358752875:SESSION-275d804358752875	SESSION-275d804358752875 → pe:syn:SESSION-275d804358752875
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7e6be5ba8db3cda:host:172.234.197.23	SESSION-c7e6be5ba8db3cda → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e867c3054a212916:host:195.20.104.8	SESSION-e867c3054a212916 → host:195.20.104.8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-105866a23abaa0d9:SESSION-105866a23abaa0d9	SESSION-105866a23abaa0d9 → pe:tls:SESSION-105866a23abaa0d9
FLOW_DST_PORTOBS	e:fp:flow:c5e8a78849b7:port:tcp:443	flow:c5e8a78849b7 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1705f35e2db46a43:host:177.10.234.194	SESSION-1705f35e2db46a43 → host:177.10.234.194
FLOW_FROM_HOSTOBS	e:from:SESSION-b00134b34a3a387f:host:13.208.161.175	SESSION-b00134b34a3a387f → host:13.208.161.175
FLOW_DST_PORTOBS	e:fp:flow:e550e029e382:port:tcp:80	flow:e550e029e382 → port:tcp:80
FLOW_DST_PORTOBS	e:fp:flow:e4253dfcf9e0:port:tcp:443	flow:e4253dfcf9e0 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-eaed9d07c71d3d80:host:177.10.233.73	SESSION-eaed9d07c71d3d80 → host:177.10.233.73
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.169:asn:271410	host:131.196.28.169 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f18f27343d540733:host:131.196.29.51	SESSION-f18f27343d540733 → host:131.196.29.51
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.231:asn:262880	host:177.10.238.231 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:c71fa0a6ac28:port:tcp:443	flow:c71fa0a6ac28 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-29162d9ed8336732:host:177.10.232.83:host:172.234.197.23	SESSION-29162d9ed8336732 → host:177.10.232.83 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:7c1da452d8d9	flow:7c1da452d8d9 → host:172.234.197.23 → host:177.10.234.100 → port:tcp:6606
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.23:geo_-16.28860_-49.01640	host:177.10.238.23 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c58c12f678d65836:SESSION-c58c12f678d65836	SESSION-c58c12f678d65836 → pe:syn:SESSION-c58c12f678d65836
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.211:geo_41.02140_28.99480	host:31.40.196.211 → geo_41.02140_28.99480
flow_observed4-aryOBS	e:fo:flow:833e3a42ca42	flow:833e3a42ca42 → host:172.234.197.23 → host:131.196.30.164 → port:tcp:31125
FLOW_FROM_HOSTOBS	e:from:SESSION-cce146f15a17b9a1:host:172.234.197.23	SESSION-cce146f15a17b9a1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f86e42aef9b2f482:host:172.234.197.23:host:131.196.30.39	SESSION-f86e42aef9b2f482 → host:172.234.197.23 → host:131.196.30.39
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-140cb8b81d438202:flow:cb549d83e833	SESSION-140cb8b81d438202 → flow:cb549d83e833
FLOW_FROM_HOSTOBS	e:from:SESSION-4ef734d9bbeb2d12:host:45.173.156.92	SESSION-4ef734d9bbeb2d12 → host:45.173.156.92
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b2db5b5e20e8c4e:host:172.234.197.23	SESSION-0b2db5b5e20e8c4e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37e4af30bda4d3e9:PCAP:capture_20260430160001:9bfa4498506a	SESSION-37e4af30bda4d3e9 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-ef354b4063646368:host:177.10.239.250	SESSION-ef354b4063646368 → host:177.10.239.250
FLOW_TO_HOSTOBS	e:to:SESSION-f580776b9a7f0d25:host:172.234.197.23	SESSION-f580776b9a7f0d25 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4f2a561db8449259:host:177.10.236.138	SESSION-4f2a561db8449259 → host:177.10.236.138
FLOW_TO_HOSTOBS	e:to:SESSION-27f830f77ddb5dd1:host:172.234.197.23	SESSION-27f830f77ddb5dd1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:67200c712926:port:tcp:443	flow:67200c712926 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8402a55882de6bd8:host:172.234.197.23	SESSION-8402a55882de6bd8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f44e90059c2f2195:SESSION-f44e90059c2f2195	SESSION-f44e90059c2f2195 → pe:syn:SESSION-f44e90059c2f2195
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-7948a18eeb1cbc0d:SESSION-7948a18eeb1cbc0d	SESSION-7948a18eeb1cbc0d → pe:rst:SESSION-7948a18eeb1cbc0d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-373bf424772e8fef:SESSION-373bf424772e8fef	SESSION-373bf424772e8fef → pe:tls:SESSION-373bf424772e8fef
FLOW_FROM_HOSTOBS	e:from:SESSION-577376347fdfe894:host:172.234.197.23	SESSION-577376347fdfe894 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c70bd35e108ab91c:host:177.10.237.76	SESSION-c70bd35e108ab91c → host:177.10.237.76
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-15d25700bea96717:host:177.10.239.28	SESSION-15d25700bea96717 → host:177.10.239.28
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.156:asn:271410	host:131.196.28.156 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97a722c9ef92a65e:host:172.234.197.23	SESSION-97a722c9ef92a65e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4d295ea72925:port:tcp:58230	flow:4d295ea72925 → port:tcp:58230
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-745ac23dbe7bf2d2:host:177.10.233.53	SESSION-745ac23dbe7bf2d2 → host:177.10.233.53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a4200861230ead3:SESSION-0a4200861230ead3	SESSION-0a4200861230ead3 → pe:tls:SESSION-0a4200861230ead3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3df67864d859fde0:PCAP:capture_20260430160001:9bfa4498506a	SESSION-3df67864d859fde0 → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.115:geo_-16.28860_-49.01640	host:177.10.239.115 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.73:geo_-23.62930_-46.63510	host:131.196.29.73 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.79:asn:271410	host:131.196.29.79 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e99befaea58c8acf:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e99befaea58c8acf → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b8fb4f1df9684ff2:host:131.196.28.59:host:172.234.197.23	SESSION-b8fb4f1df9684ff2 → host:131.196.28.59 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-07124c917c797d63:host:95.170.25.64:host:172.234.197.23	SESSION-07124c917c797d63 → host:95.170.25.64 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:509323a0b1e3	flow:509323a0b1e3 → host:185.231.226.231 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f30e546741e354a:host:172.234.197.23	SESSION-4f30e546741e354a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7d2803f457704e39:SESSION-7d2803f457704e39	SESSION-7d2803f457704e39 → pe:tls:SESSION-7d2803f457704e39
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.202:asn:262880	host:177.10.235.202 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd66824284de98ed:host:172.234.197.23	SESSION-bd66824284de98ed → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9fed3e3a3ac1c6fb:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9fed3e3a3ac1c6fb → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-adc05f42cd7b2533:SESSION-adc05f42cd7b2533	SESSION-adc05f42cd7b2533 → pe:tls:SESSION-adc05f42cd7b2533
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:172.234.197.23:geo_41.88350_-87.63050	host:172.234.197.23 → geo_41.88350_-87.63050
FLOW_DST_PORTOBS	e:fp:flow:f44d8b39227f:port:tcp:17425	flow:f44d8b39227f → port:tcp:17425
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a2a075c2c818644a:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a2a075c2c818644a → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf8f9827f106db93:host:172.234.197.23:host:177.10.237.98	SESSION-bf8f9827f106db93 → host:172.234.197.23 → host:177.10.237.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f04e938497dcf32a:SESSION-f04e938497dcf32a	SESSION-f04e938497dcf32a → pe:tls:SESSION-f04e938497dcf32a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d290f0be98eecddb:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d290f0be98eecddb → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a247b2224692840d:host:177.10.237.156	SESSION-a247b2224692840d → host:177.10.237.156
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-64639bf8e248f548:PCAP:capture_20260430080001:93f47cc296a4	SESSION-64639bf8e248f548 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b4af85088cb1b366:PCAP:capture_20260428010001:b1b402c7b202	SESSION-b4af85088cb1b366 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c587e64f570c8df7:SESSION-c587e64f570c8df7	SESSION-c587e64f570c8df7 → pe:tls:SESSION-c587e64f570c8df7
FLOW_TO_HOSTOBS	e:to:SESSION-5470436eecf7738e:host:172.234.197.23	SESSION-5470436eecf7738e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-08b637759d13ec04:host:172.234.197.23	SESSION-08b637759d13ec04 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-69b211b684a77852:SESSION-69b211b684a77852	SESSION-69b211b684a77852 → pe:tls:SESSION-69b211b684a77852
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.5:geo_-21.10010_-41.69200	host:45.173.156.5 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-de01d31bf4634055:host:177.10.232.222	SESSION-de01d31bf4634055 → host:177.10.232.222
flow_observed4-aryOBS	e:fo:flow:e7b0e66f989e	flow:e7b0e66f989e → host:172.234.197.23 → host:177.10.232.97 → port:tcp:40099
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a5b7661178bc9fc6:SESSION-a5b7661178bc9fc6	SESSION-a5b7661178bc9fc6 → pe:syn:SESSION-a5b7661178bc9fc6
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.201:asn:262880	host:177.10.234.201 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a6e84a9f98e2c60:host:172.234.197.23	SESSION-5a6e84a9f98e2c60 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-42d85a7a0d0a6c22:host:45.173.156.186	SESSION-42d85a7a0d0a6c22 → host:45.173.156.186
FLOW_DST_PORTOBS	e:fp:flow:f0632fcdd97f:port:tcp:443	flow:f0632fcdd97f → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a3cdd61760cc277:flow:71584c32ac7e	SESSION-8a3cdd61760cc277 → flow:71584c32ac7e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ef914cd10270daad:PCAP:capture_20260430050001:8868731bf8a4	SESSION-ef914cd10270daad → PCAP:capture_20260430050001:8868731bf8a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.144:asn:262880	host:177.10.235.144 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-8c1a20baa14a0758:host:172.234.197.23	SESSION-8c1a20baa14a0758 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-df3beb1e5143a102:host:131.196.30.205	SESSION-df3beb1e5143a102 → host:131.196.30.205
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.197:geo_-16.28860_-49.01640	host:177.10.238.197 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.56:asn:262880	host:177.10.234.56 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.238:geo_-23.62930_-46.63510	host:131.196.28.238 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.0:asn:262880	host:177.10.236.0 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-72e48e4dc313a64d:host:131.196.30.44	SESSION-72e48e4dc313a64d → host:131.196.30.44
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d9c8489868c7191:host:177.10.239.154	SESSION-9d9c8489868c7191 → host:177.10.239.154
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1075bb458d3b18a:host:95.170.25.200	SESSION-d1075bb458d3b18a → host:95.170.25.200
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.107:geo_-16.28860_-49.01640	host:177.10.234.107 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e696cf5f8f6db7e6:host:172.234.197.23	SESSION-e696cf5f8f6db7e6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-01454c90925a3a4f:SESSION-01454c90925a3a4f	SESSION-01454c90925a3a4f → pe:tls:SESSION-01454c90925a3a4f
flow_observed5-aryOBS	e:fo:flow:d330bd9c2261	flow:d330bd9c2261 → host:131.196.30.41 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cf2d710eb7a0f34a:PCAP:capture_20260430150001:ded20914761d	SESSION-cf2d710eb7a0f34a → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3526e42e615eba29:host:177.10.238.55	SESSION-3526e42e615eba29 → host:177.10.238.55
flow_observed5-aryOBS	e:fo:flow:7abfe668e6be	flow:7abfe668e6be → host:177.10.232.103 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-c5ea1449320ef78b:host:172.234.197.23	SESSION-c5ea1449320ef78b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:81be4e730893	flow:81be4e730893 → host:177.10.236.122 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4002f150bb6dd768:flow:2fe8baa33d5c	SESSION-4002f150bb6dd768 → flow:2fe8baa33d5c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ee8963275c4b434b:host:45.173.156.245:host:172.234.197.23	SESSION-ee8963275c4b434b → host:45.173.156.245 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99cedbc5d14c9ef2:host:172.234.197.23	SESSION-99cedbc5d14c9ef2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e356e25dcbb8	flow:e356e25dcbb8 → host:131.196.31.64 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:a2c47ad0c791:port:tcp:8088	flow:a2c47ad0c791 → port:tcp:8088
FLOW_DST_PORTOBS	e:fp:flow:5ddcdc0f12fb:port:tcp:443	flow:5ddcdc0f12fb → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.128:asn:273470	host:45.173.156.128 → asn:273470
FLOW_TO_HOSTOBS	e:to:SESSION-d815390d9091f577:host:131.196.30.212	SESSION-d815390d9091f577 → host:131.196.30.212
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-46f70ffa54883bab:SESSION-46f70ffa54883bab	SESSION-46f70ffa54883bab → pe:rst:SESSION-46f70ffa54883bab
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dba7d64f7032fffd:SESSION-dba7d64f7032fffd	SESSION-dba7d64f7032fffd → pe:tls:SESSION-dba7d64f7032fffd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-136e732c63cf53f4:host:177.10.238.55:host:172.234.197.23	SESSION-136e732c63cf53f4 → host:177.10.238.55 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.253:asn:262880	host:177.10.234.253 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-74d0e7e40a4e478e:host:177.10.236.184:host:172.234.197.23	SESSION-74d0e7e40a4e478e → host:177.10.236.184 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5f3a08ecc862	flow:5f3a08ecc862 → host:177.10.234.60 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a7bf37c238cc392:host:172.234.197.23	SESSION-4a7bf37c238cc392 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8b3f73c59938d0a7:host:172.234.197.23	SESSION-8b3f73c59938d0a7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5e816643ff0559e8:PCAP:capture_20260430050001:8868731bf8a4	SESSION-5e816643ff0559e8 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-ada1853624679841:host:172.234.197.23	SESSION-ada1853624679841 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e611585b6a4a	flow:e611585b6a4a → host:177.10.236.124 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.81:geo_-16.28860_-49.01640	host:177.10.239.81 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:c81e53996cf9:port:tcp:65005	flow:c81e53996cf9 → port:tcp:65005
FLOW_FROM_HOSTOBS	e:from:SESSION-30ddbb300887e80e:host:177.10.236.89	SESSION-30ddbb300887e80e → host:177.10.236.89
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8f3823f20b5aa8c6:SESSION-8f3823f20b5aa8c6	SESSION-8f3823f20b5aa8c6 → pe:tls:SESSION-8f3823f20b5aa8c6
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-bb0c069bf1f40e5a:BSG-DATA_EXFIL-07c7d2adce82	SESSION-bb0c069bf1f40e5a → BSG-DATA_EXFIL-07c7d2adce82
flow_observed5-aryOBS	e:fo:flow:933c44fe1b6d	flow:933c44fe1b6d → host:45.173.156.178 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5a3cad014cd3066:SESSION-b5a3cad014cd3066	SESSION-b5a3cad014cd3066 → pe:syn:SESSION-b5a3cad014cd3066
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1311876ef555b88e:host:172.232.0.16	SESSION-1311876ef555b88e → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7558286b16680d35:SESSION-7558286b16680d35	SESSION-7558286b16680d35 → pe:syn:SESSION-7558286b16680d35
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cdd13464c217a214:host:131.196.29.27:host:172.234.197.23	SESSION-cdd13464c217a214 → host:131.196.29.27 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e4145940b979	flow:e4145940b979 → host:177.10.238.222 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-637d01fb7fe8b725:host:172.234.197.23	SESSION-637d01fb7fe8b725 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-97e21cf514a48728:host:172.234.197.23:host:45.173.156.240	SESSION-97e21cf514a48728 → host:172.234.197.23 → host:45.173.156.240
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4defafdd27769097:SESSION-4defafdd27769097	SESSION-4defafdd27769097 → pe:tls:SESSION-4defafdd27769097
FLOW_TO_HOSTOBS	e:to:SESSION-89c3cc1547edab47:host:172.232.0.16	SESSION-89c3cc1547edab47 → host:172.232.0.16
FLOW_TO_HOSTOBS	e:to:SESSION-42d2a5353a30deb6:host:172.234.197.23	SESSION-42d2a5353a30deb6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8247aea4532236dc:host:172.234.197.23:host:177.10.238.54	SESSION-8247aea4532236dc → host:172.234.197.23 → host:177.10.238.54
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-484d7e89f92d0359:host:177.10.234.36	SESSION-484d7e89f92d0359 → host:177.10.234.36
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-25103b8a97127215:host:177.10.235.9	SESSION-25103b8a97127215 → host:177.10.235.9
FLOW_DST_PORTOBS	e:fp:flow:aad5c10ed15a:port:tcp:443	flow:aad5c10ed15a → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5ddc9130fa518dc:flow:6676abf9b718	SESSION-b5ddc9130fa518dc → flow:6676abf9b718
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-44bc098e411317a4:SESSION-44bc098e411317a4	SESSION-44bc098e411317a4 → pe:tls:SESSION-44bc098e411317a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2d53672361f048e5:flow:2edaf935b546	SESSION-2d53672361f048e5 → flow:2edaf935b546
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7e50b84c66ab32ef:SESSION-7e50b84c66ab32ef	SESSION-7e50b84c66ab32ef → pe:tls:SESSION-7e50b84c66ab32ef
flow_observed5-aryOBS	e:fo:flow:5e40b4fa1d5e	flow:5e40b4fa1d5e → host:177.10.234.254 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:5e762bb85ae7:port:tcp:17043	flow:5e762bb85ae7 → port:tcp:17043
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7cf4eefda54138cc:flow:81c6f4e43850	SESSION-7cf4eefda54138cc → flow:81c6f4e43850
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7f44cd8b141a7b5c:SESSION-7f44cd8b141a7b5c	SESSION-7f44cd8b141a7b5c → pe:tls:SESSION-7f44cd8b141a7b5c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.164:geo_-16.28860_-49.01640	host:177.10.234.164 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-81ef982aa5449fd9:SESSION-81ef982aa5449fd9	SESSION-81ef982aa5449fd9 → pe:tls:SESSION-81ef982aa5449fd9
FLOW_FROM_HOSTOBS	e:from:SESSION-602a14335703e220:host:172.234.197.23	SESSION-602a14335703e220 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1f3af12abbb2ff56:flow:d0a4d4e2877a	SESSION-1f3af12abbb2ff56 → flow:d0a4d4e2877a
FLOW_FROM_HOSTOBS	e:from:SESSION-54127ab649dd8e15:host:51.91.243.64	SESSION-54127ab649dd8e15 → host:51.91.243.64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f4a69b65a94c1ea1:host:131.196.31.120	SESSION-f4a69b65a94c1ea1 → host:131.196.31.120
FLOW_TO_HOSTOBS	e:to:SESSION-2d226dc6e18df532:host:172.234.197.23	SESSION-2d226dc6e18df532 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a5b4d581172cc71c:host:31.40.196.58	SESSION-a5b4d581172cc71c → host:31.40.196.58
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6535f7c42f72cb7f:SESSION-6535f7c42f72cb7f	SESSION-6535f7c42f72cb7f → pe:syn:SESSION-6535f7c42f72cb7f
FLOW_FROM_HOSTOBS	e:from:SESSION-5b73ad2a19ec53d4:host:172.234.197.23	SESSION-5b73ad2a19ec53d4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-01716d55cf2099e5:host:177.10.234.179:host:172.234.197.23	SESSION-01716d55cf2099e5 → host:177.10.234.179 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f44e90059c2f2195:flow:fab5b16eef82	SESSION-f44e90059c2f2195 → flow:fab5b16eef82
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.184:geo_-16.28860_-49.01640	host:177.10.236.184 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95b6b17f9a1b89d0:host:52.12.196.158	SESSION-95b6b17f9a1b89d0 → host:52.12.196.158
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2bb4f19f005244d2:SESSION-2bb4f19f005244d2	SESSION-2bb4f19f005244d2 → pe:syn:SESSION-2bb4f19f005244d2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e6f3d2670453324e:flow:af8af020ac61	SESSION-e6f3d2670453324e → flow:af8af020ac61
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fef5e1438bdea640:flow:da2ee44f8963	SESSION-fef5e1438bdea640 → flow:da2ee44f8963
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-303cd1de44c58c29:SESSION-303cd1de44c58c29	SESSION-303cd1de44c58c29 → pe:tls:SESSION-303cd1de44c58c29
flow_observed4-aryOBS	e:fo:flow:a77dc87ab230	flow:a77dc87ab230 → host:172.234.197.23 → host:131.196.28.230 → port:tcp:15354
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-715e4cea63e7cde7:flow:f42480d66c27	SESSION-715e4cea63e7cde7 → flow:f42480d66c27
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fbee5c60d72abd4e:host:177.10.238.36	SESSION-fbee5c60d72abd4e → host:177.10.238.36
FLOW_DST_PORTOBS	e:fp:flow:cb68c175ad52:port:tcp:443	flow:cb68c175ad52 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9433c1773faa9882:host:172.232.0.16	SESSION-9433c1773faa9882 → host:172.232.0.16
flow_observed4-aryOBS	e:fo:flow:0378764a4149	flow:0378764a4149 → host:172.234.197.23 → host:177.10.236.125 → port:tcp:13397
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dde31743640b587a:host:172.234.197.23:host:177.10.236.90	SESSION-dde31743640b587a → host:172.234.197.23 → host:177.10.236.90
FLOW_FROM_HOSTOBS	e:from:SESSION-09cf18cd582e793d:host:177.10.238.152	SESSION-09cf18cd582e793d → host:177.10.238.152
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c382f6b8063de44f:host:172.234.197.23	SESSION-c382f6b8063de44f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38298ff8ded7155d:host:172.234.197.23	SESSION-38298ff8ded7155d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c184642b13b6de27:SESSION-c184642b13b6de27	SESSION-c184642b13b6de27 → pe:tls:SESSION-c184642b13b6de27
flow_observed4-aryOBS	e:fo:flow:dbba3374c650	flow:dbba3374c650 → host:172.234.197.23 → host:177.10.233.35 → port:tcp:884
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b50835be4d5bba16:flow:95aa7a0af14a	SESSION-b50835be4d5bba16 → flow:95aa7a0af14a
FLOW_FROM_HOSTOBS	e:from:SESSION-e8de37a87806b5e4:host:177.10.235.252	SESSION-e8de37a87806b5e4 → host:177.10.235.252
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73f1c8de70c12118:host:177.10.238.76	SESSION-73f1c8de70c12118 → host:177.10.238.76
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3f1e2986117d2a1f:flow:9c0494f4c271	SESSION-3f1e2986117d2a1f → flow:9c0494f4c271
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-36b6bef962351df3:PCAP:capture_20260430110001:43611bdf6759	SESSION-36b6bef962351df3 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9866420dbc5d2da0:SESSION-9866420dbc5d2da0	SESSION-9866420dbc5d2da0 → pe:syn:SESSION-9866420dbc5d2da0
FLOW_DST_PORTOBS	e:fp:flow:e33777f6cc74:port:tcp:443	flow:e33777f6cc74 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:8366f7f5c26b:port:tcp:443	flow:8366f7f5c26b → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96298fdbde5cf19b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-96298fdbde5cf19b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-ab1dfc7616ca079a:host:172.234.197.23	SESSION-ab1dfc7616ca079a → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.42:asn:262880	host:177.10.235.42 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-28e949edc1bba418:flow:d821ae727b8b	SESSION-28e949edc1bba418 → flow:d821ae727b8b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ae33589f66e7ab9:host:172.234.197.23	SESSION-6ae33589f66e7ab9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92c4be10fc1322be:host:172.234.197.23	SESSION-92c4be10fc1322be → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f479797471e82d6b:host:172.234.197.23	SESSION-f479797471e82d6b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d2e20ee2a51f:port:tcp:443	flow:d2e20ee2a51f → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-f86e42aef9b2f482:host:131.196.30.39	SESSION-f86e42aef9b2f482 → host:131.196.30.39
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fdb0bb1f6466838c:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-fdb0bb1f6466838c → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:501aaf2159ed:port:tcp:443	flow:501aaf2159ed → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7141588dcb909c75:PCAP:capture_20260430150001:ded20914761d	SESSION-7141588dcb909c75 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cad98c39a19fe348:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-cad98c39a19fe348 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65c1debe675497c7:SESSION-65c1debe675497c7	SESSION-65c1debe675497c7 → pe:syn:SESSION-65c1debe675497c7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a247b2224692840d:SESSION-a247b2224692840d	SESSION-a247b2224692840d → pe:syn:SESSION-a247b2224692840d
flow_observed5-aryOBS	e:fo:flow:8e560e9a7dcf	flow:8e560e9a7dcf → host:104.28.202.77 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bcd779876233a786:SESSION-bcd779876233a786	SESSION-bcd779876233a786 → pe:syn:SESSION-bcd779876233a786
FLOW_TO_HOSTOBS	e:to:SESSION-ed610f5ec8b698f6:host:172.234.197.23	SESSION-ed610f5ec8b698f6 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d8b07a8bebdede3:flow:c352d0e74b3b	SESSION-1d8b07a8bebdede3 → flow:c352d0e74b3b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b9574d05ba0801a5:SESSION-b9574d05ba0801a5	SESSION-b9574d05ba0801a5 → pe:syn:SESSION-b9574d05ba0801a5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.12:geo_-16.28860_-49.01640	host:177.10.239.12 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:03fdc6fabf43	flow:03fdc6fabf43 → host:172.234.197.23 → host:131.196.28.238 → port:tcp:21784
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8189545896e60c84:SESSION-8189545896e60c84	SESSION-8189545896e60c84 → pe:tls:SESSION-8189545896e60c84
FLOW_DST_PORTOBS	e:fp:flow:83f6df2d4e8a:port:tcp:24975	flow:83f6df2d4e8a → port:tcp:24975
FLOW_FROM_HOSTOBS	e:from:SESSION-e04d863bd380e3e5:host:177.10.235.200	SESSION-e04d863bd380e3e5 → host:177.10.235.200
FLOW_TO_HOSTOBS	e:to:SESSION-5b7ec051587501bc:host:177.10.234.59	SESSION-5b7ec051587501bc → host:177.10.234.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf85e37468f1ff86:host:172.234.197.23	SESSION-cf85e37468f1ff86 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c873de224cbac149:flow:3feb8ae5b20c	SESSION-c873de224cbac149 → flow:3feb8ae5b20c
FLOW_DST_PORTOBS	e:fp:flow:29ed78ca1b4e:port:tcp:49200	flow:29ed78ca1b4e → port:tcp:49200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8fcd4a12026b870e:flow:0572a0ca26a2	SESSION-8fcd4a12026b870e → flow:0572a0ca26a2
FLOW_TO_HOSTOBS	e:to:SESSION-40ef48225b459fb9:host:172.234.197.23	SESSION-40ef48225b459fb9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2a53da8d97d6	flow:2a53da8d97d6 → host:177.10.235.121 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.41:asn:203771	host:37.221.79.41 → asn:203771
FLOW_TO_HOSTOBS	e:to:SESSION-de35503b4a9f2ce3:host:172.234.197.23	SESSION-de35503b4a9f2ce3 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-19e0bdfc1305c6ba:host:177.10.239.247	SESSION-19e0bdfc1305c6ba → host:177.10.239.247
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.66:asn:262880	host:177.10.237.66 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-6411f10800cf3ef5:host:172.234.197.23	SESSION-6411f10800cf3ef5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9c0ba3366d883914:host:131.196.31.92:host:172.234.197.23	SESSION-9c0ba3366d883914 → host:131.196.31.92 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-019264e09ceae880:flow:35a56b105d0d	SESSION-019264e09ceae880 → flow:35a56b105d0d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97957d43d677156c:host:172.234.197.23	SESSION-97957d43d677156c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:47c2f2779cfc:port:tcp:443	flow:47c2f2779cfc → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-9a9df261a7287913:host:131.196.29.78	SESSION-9a9df261a7287913 → host:131.196.29.78
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.21:geo_-23.62930_-46.63510	host:131.196.29.21 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-84e5e89f26aa2ca2:SESSION-84e5e89f26aa2ca2	SESSION-84e5e89f26aa2ca2 → pe:syn:SESSION-84e5e89f26aa2ca2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42d2a5353a30deb6:host:172.234.197.23	SESSION-42d2a5353a30deb6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b996ef900842	flow:b996ef900842 → host:177.10.236.13 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-6cc804a855d1eb7c:host:177.10.238.54	SESSION-6cc804a855d1eb7c → host:177.10.238.54
FLOW_FROM_HOSTOBS	e:from:SESSION-a108f3a8f652bd55:host:95.170.25.156	SESSION-a108f3a8f652bd55 → host:95.170.25.156
FLOW_DST_PORTOBS	e:fp:flow:1a1d6645a424:port:tcp:443	flow:1a1d6645a424 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f57ffeba62df89fa:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f57ffeba62df89fa → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-2faf2af9b390693e:host:69.222.187.134	SESSION-2faf2af9b390693e → host:69.222.187.134
FLOW_FROM_HOSTOBS	e:from:SESSION-3ea63b0a223461f6:host:172.234.197.23	SESSION-3ea63b0a223461f6 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c05cd50533aa04ad:flow:2612f05d73d2	SESSION-c05cd50533aa04ad → flow:2612f05d73d2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b14f4f7e9ebbac1:host:172.234.197.23	SESSION-8b14f4f7e9ebbac1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2be203d892e5c4c6:host:177.10.235.13:host:172.234.197.23	SESSION-2be203d892e5c4c6 → host:177.10.235.13 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c93e3b6f6b78357b:host:172.234.197.23	SESSION-c93e3b6f6b78357b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-21cd302cb5783965:SESSION-21cd302cb5783965	SESSION-21cd302cb5783965 → pe:tls:SESSION-21cd302cb5783965
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-89c3cc1547edab47:flow:0e2a2cd94527	SESSION-89c3cc1547edab47 → flow:0e2a2cd94527
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-66a529d98727e997:flow:6b63ea10f9bb	SESSION-66a529d98727e997 → flow:6b63ea10f9bb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f1e08bfeea32aa0:host:172.234.197.23	SESSION-8f1e08bfeea32aa0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f344d747ad66bc9c:PCAP:capture_20260430060001:919b39a74464	SESSION-f344d747ad66bc9c → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.43:asn:273470	host:45.173.156.43 → asn:273470
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cf07a99306d1414b:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-cf07a99306d1414b → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02cad694702cb9f1:host:172.234.197.23	SESSION-02cad694702cb9f1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9166f313177f7326:host:45.173.156.179	SESSION-9166f313177f7326 → host:45.173.156.179
FLOW_DST_PORTOBS	e:fp:flow:077f96403dc5:port:tcp:443	flow:077f96403dc5 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-4ec222cc1c3a7faf:host:177.10.232.165	SESSION-4ec222cc1c3a7faf → host:177.10.232.165
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a24676d50b48eccf:flow:e7fb21ef8e25	SESSION-a24676d50b48eccf → flow:e7fb21ef8e25
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-80c2fbd298f78f5d:SESSION-80c2fbd298f78f5d	SESSION-80c2fbd298f78f5d → pe:syn:SESSION-80c2fbd298f78f5d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-30e9e6bd80ef39ea:flow:a835b0336810	SESSION-30e9e6bd80ef39ea → flow:a835b0336810
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2811f86b559a674a:SESSION-2811f86b559a674a	SESSION-2811f86b559a674a → pe:syn:SESSION-2811f86b559a674a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-779f746558d2d979:host:172.234.197.23	SESSION-779f746558d2d979 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.53:geo_-16.28860_-49.01640	host:177.10.233.53 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8136a084d82536a6:SESSION-8136a084d82536a6	SESSION-8136a084d82536a6 → pe:tls:SESSION-8136a084d82536a6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e652f52440b112c3:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-e652f52440b112c3 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:0e8f7cea7441:port:tcp:443	flow:0e8f7cea7441 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e63705938a499015:host:172.234.197.23	SESSION-e63705938a499015 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:fe19785c0b66	flow:fe19785c0b66 → host:172.234.197.23 → host:177.10.238.125 → port:tcp:62456
flow_observed5-aryOBS	e:fo:flow:30f3c6e42212	flow:30f3c6e42212 → host:177.10.236.238 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:47b796c27a86:port:tcp:443	flow:47b796c27a86 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-85383edd293fa3f5:host:131.196.30.247	SESSION-85383edd293fa3f5 → host:131.196.30.247
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2f278495c163e84d:SESSION-2f278495c163e84d	SESSION-2f278495c163e84d → pe:tls:SESSION-2f278495c163e84d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4d6f38e3582127c:host:131.196.29.206	SESSION-c4d6f38e3582127c → host:131.196.29.206
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f737e621c51c7ecf:flow:4e885934f3d9	SESSION-f737e621c51c7ecf → flow:4e885934f3d9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3e5a346c4f0315a5:host:177.10.235.171:host:172.234.197.23	SESSION-3e5a346c4f0315a5 → host:177.10.235.171 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e7098e9f09e131f1:flow:327d26f2cec2	SESSION-e7098e9f09e131f1 → flow:327d26f2cec2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:3.103.16.171:geo_-36.85040_174.76750	host:3.103.16.171 → geo_-36.85040_174.76750
FLOW_TO_HOSTOBS	e:to:SESSION-c8631759e2d7ec30:host:172.234.197.23	SESSION-c8631759e2d7ec30 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a074f157090defb0:SESSION-a074f157090defb0	SESSION-a074f157090defb0 → pe:syn:SESSION-a074f157090defb0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65262d33293291dd:flow:a0071da0b04c	SESSION-65262d33293291dd → flow:a0071da0b04c
FLOW_FROM_HOSTOBS	e:from:SESSION-85419ca5854a5f9c:host:172.234.197.23	SESSION-85419ca5854a5f9c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0d8801f02b141d30:SESSION-0d8801f02b141d30	SESSION-0d8801f02b141d30 → pe:tls:SESSION-0d8801f02b141d30
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-02270ea748fd3855:flow:ada631d31ecc	SESSION-02270ea748fd3855 → flow:ada631d31ecc
FLOW_DST_PORTOBS	e:fp:flow:e15db8dd7fed:port:tcp:443	flow:e15db8dd7fed → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-78e554a3c30f161c:flow:c4ad118541b1	SESSION-78e554a3c30f161c → flow:c4ad118541b1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eeeeaab9fc572806:host:185.231.226.199:host:172.234.197.23	SESSION-eeeeaab9fc572806 → host:185.231.226.199 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0ab8c1601f71acf4:host:177.10.234.169:host:172.234.197.23	SESSION-0ab8c1601f71acf4 → host:177.10.234.169 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-32551388ee5c6c20:BSG-BEACON-8837ef5499e4	SESSION-32551388ee5c6c20 → BSG-BEACON-8837ef5499e4
FLOW_DST_PORTOBS	e:fp:flow:100396c47d7a:port:tcp:443	flow:100396c47d7a → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d30c685e20a11d4e:flow:7f8de5150284	SESSION-d30c685e20a11d4e → flow:7f8de5150284
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db946f3602afd068:host:172.234.197.23	SESSION-db946f3602afd068 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2dbb680dd253e19c:SESSION-2dbb680dd253e19c	SESSION-2dbb680dd253e19c → pe:syn:SESSION-2dbb680dd253e19c
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.40:asn:262880	host:177.10.233.40 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-de195b26c1af220a:host:172.234.197.23	SESSION-de195b26c1af220a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c9d4e1b0711d4507:host:131.196.29.192:host:172.234.197.23	SESSION-c9d4e1b0711d4507 → host:131.196.29.192 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dbe0692b3b05f921:flow:5e507f38970c	SESSION-dbe0692b3b05f921 → flow:5e507f38970c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c265ba6f34eebd39:SESSION-c265ba6f34eebd39	SESSION-c265ba6f34eebd39 → pe:tls:SESSION-c265ba6f34eebd39
FLOW_FROM_HOSTOBS	e:from:SESSION-10f6f623bcce091e:host:177.10.234.199	SESSION-10f6f623bcce091e → host:177.10.234.199
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9962740ce107c36d:host:131.196.29.48:host:172.234.197.23	SESSION-9962740ce107c36d → host:131.196.29.48 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-63e207f92d9c898d:SESSION-63e207f92d9c898d	SESSION-63e207f92d9c898d → pe:tls:SESSION-63e207f92d9c898d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5664e67ab454dc8:host:177.10.232.222	SESSION-c5664e67ab454dc8 → host:177.10.232.222
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4c1ac661b3c1fca0:host:177.10.237.220:host:172.234.197.23	SESSION-4c1ac661b3c1fca0 → host:177.10.237.220 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:77755f7476c8	flow:77755f7476c8 → host:177.10.237.43 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-79787964fff3a281:host:177.10.237.124:host:172.234.197.23	SESSION-79787964fff3a281 → host:177.10.237.124 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2b68ed671c67acfd:host:177.10.234.179:host:172.234.197.23	SESSION-2b68ed671c67acfd → host:177.10.234.179 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b3254874520e1dae:SESSION-b3254874520e1dae	SESSION-b3254874520e1dae → pe:tls:SESSION-b3254874520e1dae
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8293f5a95baa645a:host:45.173.156.34	SESSION-8293f5a95baa645a → host:45.173.156.34
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7239dbaec89ca2f:host:172.234.197.23	SESSION-c7239dbaec89ca2f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7a9739ecc8b00e90:flow:b41df686a0f5	SESSION-7a9739ecc8b00e90 → flow:b41df686a0f5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.254:geo_-16.28860_-49.01640	host:177.10.238.254 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e01aa770e4fba49e:host:177.10.233.96	SESSION-e01aa770e4fba49e → host:177.10.233.96
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31f3a24ceae3d348:host:131.196.30.12	SESSION-31f3a24ceae3d348 → host:131.196.30.12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d6ddb3deb8cc2873:SESSION-d6ddb3deb8cc2873	SESSION-d6ddb3deb8cc2873 → pe:syn:SESSION-d6ddb3deb8cc2873
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb4d3e328cdf4bcd:flow:3c63108e4ee7	SESSION-cb4d3e328cdf4bcd → flow:3c63108e4ee7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35dc83e37639d031:host:172.234.197.23	SESSION-35dc83e37639d031 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8c9381f88305d4e9:host:172.234.197.23	SESSION-8c9381f88305d4e9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-86b61cf52362ae86:host:177.10.236.247:host:172.234.197.23	SESSION-86b61cf52362ae86 → host:177.10.236.247 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-682271ad5b560620:host:172.234.197.23	SESSION-682271ad5b560620 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4b456720b757	flow:4b456720b757 → host:131.196.31.2 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a139b1df55cde4d7:host:172.234.197.23	SESSION-a139b1df55cde4d7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5746e0d81f0d05c1:SESSION-5746e0d81f0d05c1	SESSION-5746e0d81f0d05c1 → pe:tls:SESSION-5746e0d81f0d05c1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-14d5e1e17a6f21ad:SESSION-14d5e1e17a6f21ad	SESSION-14d5e1e17a6f21ad → pe:syn:SESSION-14d5e1e17a6f21ad
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.89:geo_-16.28860_-49.01640	host:177.10.236.89 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2958e311eaa51e83:SESSION-2958e311eaa51e83	SESSION-2958e311eaa51e83 → pe:tls:SESSION-2958e311eaa51e83
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f5347add21fd9245:host:177.10.233.255:host:172.234.197.23	SESSION-f5347add21fd9245 → host:177.10.233.255 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb77a42bb02f4581:flow:d35ba3898200	SESSION-cb77a42bb02f4581 → flow:d35ba3898200
FLOW_DST_PORTOBS	e:fp:flow:62bd2a061f46:port:tcp:443	flow:62bd2a061f46 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4a5a6c818be705f:host:172.234.197.23	SESSION-d4a5a6c818be705f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8409f84148f471e2:host:131.196.28.100	SESSION-8409f84148f471e2 → host:131.196.28.100
FLOW_TO_HOSTOBS	e:to:SESSION-31f3a24ceae3d348:host:131.196.30.12	SESSION-31f3a24ceae3d348 → host:131.196.30.12
FLOW_DST_PORTOBS	e:fp:flow:2a765593f423:port:tcp:443	flow:2a765593f423 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2acb7632e6c37a6f:SESSION-2acb7632e6c37a6f	SESSION-2acb7632e6c37a6f → pe:syn:SESSION-2acb7632e6c37a6f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f355ffd88e7f5027:host:131.196.29.55	SESSION-f355ffd88e7f5027 → host:131.196.29.55
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.126:asn:271410	host:131.196.30.126 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-745ac23dbe7bf2d2:host:172.234.197.23	SESSION-745ac23dbe7bf2d2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-03bb88743ccc2c68:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-03bb88743ccc2c68 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-699c907c7ac66403:host:131.196.30.137	SESSION-699c907c7ac66403 → host:131.196.30.137
FLOW_FROM_HOSTOBS	e:from:SESSION-f879597a466f9080:host:177.10.238.154	SESSION-f879597a466f9080 → host:177.10.238.154
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b47e385ca946fd94:SESSION-b47e385ca946fd94	SESSION-b47e385ca946fd94 → pe:tls:SESSION-b47e385ca946fd94
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76aff26f067fcb92:host:177.10.237.72	SESSION-76aff26f067fcb92 → host:177.10.237.72
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5397b2a7490ae0fb:PCAP:capture_20260430060001:919b39a74464	SESSION-5397b2a7490ae0fb → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e5ba4a44df249a00:PCAP:capture_20260430090001:065659c7d314	SESSION-e5ba4a44df249a00 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d8111f65a253e3a:host:177.10.234.254	SESSION-7d8111f65a253e3a → host:177.10.234.254
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9cb4473bd3389dab:host:131.196.28.34	SESSION-9cb4473bd3389dab → host:131.196.28.34
FLOW_FROM_HOSTOBS	e:from:SESSION-0aa7cb63cd191443:host:172.234.197.23	SESSION-0aa7cb63cd191443 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-692dce6abc85c058:flow:78bc828538ef	SESSION-692dce6abc85c058 → flow:78bc828538ef
flow_observed5-aryOBS	e:fo:flow:4572d0b5bdf3	flow:4572d0b5bdf3 → host:131.196.30.135 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ec00857ef12f8e7e:SESSION-ec00857ef12f8e7e	SESSION-ec00857ef12f8e7e → pe:syn:SESSION-ec00857ef12f8e7e
FLOW_FROM_HOSTOBS	e:from:SESSION-687ff071deb77d90:host:177.10.239.250	SESSION-687ff071deb77d90 → host:177.10.239.250
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-946275ea323f6900:SESSION-946275ea323f6900	SESSION-946275ea323f6900 → pe:syn:SESSION-946275ea323f6900
FLOW_TO_HOSTOBS	e:to:SESSION-fbcf03ac27ad8556:host:172.234.197.23	SESSION-fbcf03ac27ad8556 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.120:geo_-23.62930_-46.63510	host:131.196.29.120 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-19f74a6b62d527a5:SESSION-19f74a6b62d527a5	SESSION-19f74a6b62d527a5 → pe:tls:SESSION-19f74a6b62d527a5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c6e971723a904aea:SESSION-c6e971723a904aea	SESSION-c6e971723a904aea → pe:syn:SESSION-c6e971723a904aea
FLOW_FROM_HOSTOBS	e:from:SESSION-da8ba1d6891d9574:host:177.10.232.165	SESSION-da8ba1d6891d9574 → host:177.10.232.165
flow_observed5-aryOBS	e:fo:flow:21e85bbf73fa	flow:21e85bbf73fa → host:131.196.28.42 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a3cdd61760cc277:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-8a3cdd61760cc277 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-355b17fab14031de:host:172.234.197.23	SESSION-355b17fab14031de → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3988a9d0230ebd4d:SESSION-3988a9d0230ebd4d	SESSION-3988a9d0230ebd4d → pe:syn:SESSION-3988a9d0230ebd4d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eb2fd2ce02add556:flow:ffe985a3149f	SESSION-eb2fd2ce02add556 → flow:ffe985a3149f
FLOW_DST_PORTOBS	e:fp:flow:fe87d643d64f:port:tcp:443	flow:fe87d643d64f → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-458faec2c6be4af1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-458faec2c6be4af1 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-94e95046da2771ab:SESSION-94e95046da2771ab	SESSION-94e95046da2771ab → pe:syn:SESSION-94e95046da2771ab
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0634c65493dd9b22:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0634c65493dd9b22 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d43ecb134342fe00:SESSION-d43ecb134342fe00	SESSION-d43ecb134342fe00 → pe:syn:SESSION-d43ecb134342fe00
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3e05f2032b3abac3:SESSION-3e05f2032b3abac3	SESSION-3e05f2032b3abac3 → pe:syn:SESSION-3e05f2032b3abac3
flow_observed5-aryOBS	e:fo:flow:e9f3e4f3cf7e	flow:e9f3e4f3cf7e → host:177.10.232.80 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-518ecd8ebc2250f7:flow:32bab55f8c7a	SESSION-518ecd8ebc2250f7 → flow:32bab55f8c7a
flow_observed5-aryOBS	e:fo:flow:658994ab5ea9	flow:658994ab5ea9 → host:177.10.239.185 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-04ab6357fe1e6c0a:PCAP:capture_20260430080001:93f47cc296a4	SESSION-04ab6357fe1e6c0a → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:a2955e8909e8:port:tcp:443	flow:a2955e8909e8 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-001dbe9c45882aae:host:172.234.197.23	SESSION-001dbe9c45882aae → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f234671aee206898:SESSION-f234671aee206898	SESSION-f234671aee206898 → pe:tls:SESSION-f234671aee206898
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78e554a3c30f161c:host:172.234.197.23	SESSION-78e554a3c30f161c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c6f10f20f24d7ff:host:177.10.234.5	SESSION-3c6f10f20f24d7ff → host:177.10.234.5
FLOW_TO_HOSTOBS	e:to:SESSION-a07ffa981e156af1:host:131.196.30.72	SESSION-a07ffa981e156af1 → host:131.196.30.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-21ae4bade70b1440:SESSION-21ae4bade70b1440	SESSION-21ae4bade70b1440 → pe:syn:SESSION-21ae4bade70b1440
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.133:geo_-16.28860_-49.01640	host:177.10.239.133 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5d780f89354efd9:PCAP:capture_20260430160001:9bfa4498506a	SESSION-b5d780f89354efd9 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1c0e19c2beda7d84:SESSION-1c0e19c2beda7d84	SESSION-1c0e19c2beda7d84 → pe:tls:SESSION-1c0e19c2beda7d84
FLOW_FROM_HOSTOBS	e:from:SESSION-2966a121f8fe86e9:host:177.10.234.215	SESSION-2966a121f8fe86e9 → host:177.10.234.215
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-660cb7ef624de29d:host:131.196.28.187	SESSION-660cb7ef624de29d → host:131.196.28.187
FLOW_DST_PORTOBS	e:fp:flow:5cc817034f10:port:tcp:443	flow:5cc817034f10 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9b30dbd402b74df1:flow:2aa9d961f850	SESSION-9b30dbd402b74df1 → flow:2aa9d961f850
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ddd0457559a3680:flow:15feef3af155	SESSION-1ddd0457559a3680 → flow:15feef3af155
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-04ab6357fe1e6c0a:host:177.10.232.234:host:172.234.197.23	SESSION-04ab6357fe1e6c0a → host:177.10.232.234 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:dd0bd79c32ac:port:tcp:443	flow:dd0bd79c32ac → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.145:geo_-16.28860_-49.01640	host:177.10.237.145 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-774b2bcff77bd614:flow:9ff355e674b2	SESSION-774b2bcff77bd614 → flow:9ff355e674b2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-01716d55cf2099e5:flow:e9d30a67fb9b	SESSION-01716d55cf2099e5 → flow:e9d30a67fb9b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eee2452aad82d1c2:PCAP:capture_20260430060001:919b39a74464	SESSION-eee2452aad82d1c2 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7c008c2d2b932d4b:SESSION-7c008c2d2b932d4b	SESSION-7c008c2d2b932d4b → pe:syn:SESSION-7c008c2d2b932d4b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e6d45a86f046cac8:flow:c180406a2791	SESSION-e6d45a86f046cac8 → flow:c180406a2791
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f6ab7360966186b9:SESSION-f6ab7360966186b9	SESSION-f6ab7360966186b9 → pe:tls:SESSION-f6ab7360966186b9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3b520e491b5957c0:flow:3a5d8774eaca	SESSION-3b520e491b5957c0 → flow:3a5d8774eaca
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-30ae225adc0bd1e0:host:177.10.234.2:host:172.234.197.23	SESSION-30ae225adc0bd1e0 → host:177.10.234.2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-329dd162e3e18437:host:177.10.234.9	SESSION-329dd162e3e18437 → host:177.10.234.9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-04c23b7b96a70798:host:177.10.236.44	SESSION-04c23b7b96a70798 → host:177.10.236.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8cb5f38c68f62897:SESSION-8cb5f38c68f62897	SESSION-8cb5f38c68f62897 → pe:tls:SESSION-8cb5f38c68f62897
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dae67c02b176a3ce:host:172.234.197.23	SESSION-dae67c02b176a3ce → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9ccda023099c	flow:9ccda023099c → host:45.173.156.240 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-744a603206d06e24:host:46.4.252.37	SESSION-744a603206d06e24 → host:46.4.252.37
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8fb67bf931083b29:PCAP:capture_20260430070001:903a0e7a436b	SESSION-8fb67bf931083b29 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd13e266b02b3087:host:177.10.234.207	SESSION-cd13e266b02b3087 → host:177.10.234.207
FLOW_FROM_HOSTOBS	e:from:SESSION-43d9721f29111779:host:89.58.44.225	SESSION-43d9721f29111779 → host:89.58.44.225
FLOW_TO_HOSTOBS	e:to:SESSION-0aa7cb63cd191443:host:177.10.232.150	SESSION-0aa7cb63cd191443 → host:177.10.232.150
flow_observed5-aryOBS	e:fo:flow:d865c9d97541	flow:d865c9d97541 → host:131.196.30.176 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:05faa98018f7:port:tcp:2825	flow:05faa98018f7 → port:tcp:2825
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-555dcb6965008cb6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-555dcb6965008cb6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.93:asn:262880	host:177.10.235.93 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6d5e711c3b45ec85:flow:05d75aa3840a	SESSION-6d5e711c3b45ec85 → flow:05d75aa3840a
FLOW_TO_HOSTOBS	e:to:SESSION-c9c5b30eb4b7e446:host:45.173.156.219	SESSION-c9c5b30eb4b7e446 → host:45.173.156.219
FLOW_FROM_HOSTOBS	e:from:SESSION-e2f2dfbe9df7c080:host:131.196.30.237	SESSION-e2f2dfbe9df7c080 → host:131.196.30.237
FLOW_DST_PORTOBS	e:fp:flow:5a2daebd33ff:port:tcp:443	flow:5a2daebd33ff → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eee2452aad82d1c2:host:172.234.197.23:host:177.10.236.209	SESSION-eee2452aad82d1c2 → host:172.234.197.23 → host:177.10.236.209
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f78268addd9f6ca3:SESSION-f78268addd9f6ca3	SESSION-f78268addd9f6ca3 → pe:tls:SESSION-f78268addd9f6ca3
flow_observed5-aryOBS	e:fo:flow:a130b65a3fb1	flow:a130b65a3fb1 → host:131.196.30.33 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f10bf652ebbcd899:SESSION-f10bf652ebbcd899	SESSION-f10bf652ebbcd899 → pe:tls:SESSION-f10bf652ebbcd899
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a75f9666a4fd8c5:host:172.234.197.23	SESSION-1a75f9666a4fd8c5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4059a39607153158:host:177.10.232.165	SESSION-4059a39607153158 → host:177.10.232.165
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5f9d16efb179df1:host:131.196.29.203	SESSION-a5f9d16efb179df1 → host:131.196.29.203
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-166e94983783f266:host:177.10.232.217	SESSION-166e94983783f266 → host:177.10.232.217
FLOW_TO_HOSTOBS	e:to:SESSION-f0b6872bf6474c44:host:131.196.30.98	SESSION-f0b6872bf6474c44 → host:131.196.30.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-718be43f3a8e9f39:SESSION-718be43f3a8e9f39	SESSION-718be43f3a8e9f39 → pe:tls:SESSION-718be43f3a8e9f39
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.226:asn:262880	host:177.10.239.226 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a3baa467b71ba10:host:172.234.197.23	SESSION-3a3baa467b71ba10 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2479e88ee1ee68c6:SESSION-2479e88ee1ee68c6	SESSION-2479e88ee1ee68c6 → pe:syn:SESSION-2479e88ee1ee68c6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.143:geo_-23.62930_-46.63510	host:131.196.30.143 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.255:geo_-16.28860_-49.01640	host:177.10.239.255 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:edee59eace09	flow:edee59eace09 → host:172.234.197.23 → host:131.196.30.104 → port:tcp:13432
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.192:asn:262880	host:177.10.236.192 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-602a14335703e220:host:172.234.197.23	SESSION-602a14335703e220 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8e1fcfb1c4254c4b:host:177.10.234.12	SESSION-8e1fcfb1c4254c4b → host:177.10.234.12
FLOW_FROM_HOSTOBS	e:from:SESSION-168a40fae7c0f56d:host:177.10.236.77	SESSION-168a40fae7c0f56d → host:177.10.236.77
FLOW_DST_PORTOBS	e:fp:flow:38357cfefc2c:port:tcp:23704	flow:38357cfefc2c → port:tcp:23704
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4117bfae8d393f9c:PCAP:capture_20260430060001:919b39a74464	SESSION-4117bfae8d393f9c → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-680820c56f27d295:flow:8e9b6b8e0548	SESSION-680820c56f27d295 → flow:8e9b6b8e0548
FLOW_TO_HOSTOBS	e:to:SESSION-d1a930dc0f03fa17:host:177.10.236.244	SESSION-d1a930dc0f03fa17 → host:177.10.236.244
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-22bb8f06cde321ca:host:45.173.156.229:host:172.234.197.23	SESSION-22bb8f06cde321ca → host:45.173.156.229 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-00f403aeec8e6c17:PCAP:capture_20260430160001:9bfa4498506a	SESSION-00f403aeec8e6c17 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-7d8111f65a253e3a:host:172.234.197.23	SESSION-7d8111f65a253e3a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-394efd35512401c0:host:172.234.197.23	SESSION-394efd35512401c0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c15ada1b10271eef:host:172.234.197.23	SESSION-c15ada1b10271eef → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8fd3b31137a7f5f9:host:177.10.239.252:host:172.234.197.23	SESSION-8fd3b31137a7f5f9 → host:177.10.239.252 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b373f59ff0198ea:host:177.10.235.78	SESSION-9b373f59ff0198ea → host:177.10.235.78
FLOW_TO_HOSTOBS	e:to:SESSION-b5d45bed796decc2:host:172.234.197.23	SESSION-b5d45bed796decc2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f0835af6109bb7c1:host:131.196.30.78	SESSION-f0835af6109bb7c1 → host:131.196.30.78
FLOW_FROM_HOSTOBS	e:from:SESSION-fbcf03ac27ad8556:host:177.10.239.62	SESSION-fbcf03ac27ad8556 → host:177.10.239.62
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ad4be2ec0ec8e7ca:SESSION-ad4be2ec0ec8e7ca	SESSION-ad4be2ec0ec8e7ca → pe:syn:SESSION-ad4be2ec0ec8e7ca
flow_observed5-aryOBS	e:fo:flow:b8412c71c5ee	flow:b8412c71c5ee → host:177.10.235.43 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0e6517dadbfe4bb3:host:172.234.197.23:host:131.196.29.74	SESSION-0e6517dadbfe4bb3 → host:172.234.197.23 → host:131.196.29.74
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7377b91dd9eda5d9:SESSION-7377b91dd9eda5d9	SESSION-7377b91dd9eda5d9 → pe:syn:SESSION-7377b91dd9eda5d9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.194:geo_-16.28860_-49.01640	host:177.10.239.194 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-8ab61e60544120f5:host:172.234.197.23	SESSION-8ab61e60544120f5 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:205fc6d7337e:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:205fc6d7337e → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ef002e94e1d9ac81:SESSION-ef002e94e1d9ac81	SESSION-ef002e94e1d9ac81 → pe:syn:SESSION-ef002e94e1d9ac81
FLOW_DST_PORTOBS	e:fp:flow:6caf94816bfe:port:tcp:443	flow:6caf94816bfe → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-cc77084e1c24867c:BSG-BEACON-9dd910990e79	SESSION-cc77084e1c24867c → BSG-BEACON-9dd910990e79
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-38a64ba294c5f79f:host:56.112.16.196:host:172.234.197.23	SESSION-38a64ba294c5f79f → host:56.112.16.196 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8977638e8d6c6909:host:172.234.197.23	SESSION-8977638e8d6c6909 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a015ddbfdf91f569:SESSION-a015ddbfdf91f569	SESSION-a015ddbfdf91f569 → pe:syn:SESSION-a015ddbfdf91f569
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-43a6565d7143b8ab:host:131.196.29.50:host:172.234.197.23	SESSION-43a6565d7143b8ab → host:131.196.29.50 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fa29bafd0740f46:host:131.196.29.126	SESSION-3fa29bafd0740f46 → host:131.196.29.126
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-24f1ec9c7d379a9b:PCAP:capture_20260430150001:ded20914761d	SESSION-24f1ec9c7d379a9b → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3f4f2e64710996bb:SESSION-3f4f2e64710996bb	SESSION-3f4f2e64710996bb → pe:tls:SESSION-3f4f2e64710996bb
FLOW_DST_PORTOBS	e:fp:flow:101cbd7b1949:port:tcp:443	flow:101cbd7b1949 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-53fc35cd2bdb80ce:host:177.10.238.30:host:172.234.197.23	SESSION-53fc35cd2bdb80ce → host:177.10.238.30 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c532caa5d41cfcbc:host:5.75.182.251:host:172.234.197.23	SESSION-c532caa5d41cfcbc → host:5.75.182.251 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf68ee1b1745b1ca:host:177.10.236.191	SESSION-bf68ee1b1745b1ca → host:177.10.236.191
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-57ceaaaea8de5082:SESSION-57ceaaaea8de5082	SESSION-57ceaaaea8de5082 → pe:syn:SESSION-57ceaaaea8de5082
flow_observed5-aryOBS	e:fo:flow:1d280cc78648	flow:1d280cc78648 → host:131.196.30.12 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db1ee555567b9b22:host:172.234.197.23	SESSION-db1ee555567b9b22 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f635007151c479b8:flow:14ec9179e9d3	SESSION-f635007151c479b8 → flow:14ec9179e9d3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e70a8d6fd08b895:host:172.234.197.23	SESSION-3e70a8d6fd08b895 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e2a6d6aa009e10c:host:131.196.28.216	SESSION-1e2a6d6aa009e10c → host:131.196.28.216
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.29:geo_-16.28860_-49.01640	host:177.10.239.29 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-959e19b011db2562:host:172.234.197.23	SESSION-959e19b011db2562 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e225557ebe736948:host:131.196.30.28	SESSION-e225557ebe736948 → host:131.196.30.28
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7cb141c8461d1a4d:flow:a317296f8a35	SESSION-7cb141c8461d1a4d → flow:a317296f8a35
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-83267dedfd50dbe7:flow:ef017bf11c12	SESSION-83267dedfd50dbe7 → flow:ef017bf11c12
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-141e3c6c8d153d1d:host:172.234.197.23	SESSION-141e3c6c8d153d1d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-66f42b3418de6818:host:172.234.197.23	SESSION-66f42b3418de6818 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fd663917efb4:port:tcp:443	flow:fd663917efb4 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a24676d50b48eccf:SESSION-a24676d50b48eccf	SESSION-a24676d50b48eccf → pe:tls:SESSION-a24676d50b48eccf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-97957d43d677156c:host:172.234.197.23:host:64.237.250.51	SESSION-97957d43d677156c → host:172.234.197.23 → host:64.237.250.51
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7c9a5d15324e2ea:host:45.173.156.19	SESSION-c7c9a5d15324e2ea → host:45.173.156.19
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7140a8719778d6c0:SESSION-7140a8719778d6c0	SESSION-7140a8719778d6c0 → pe:syn:SESSION-7140a8719778d6c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d59512d9649ead5:host:172.234.197.23	SESSION-9d59512d9649ead5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d508940aefc84528:host:177.10.235.201:host:172.234.197.23	SESSION-d508940aefc84528 → host:177.10.235.201 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8466bbcc058d46c:PCAP:capture_20260430150001:ded20914761d	SESSION-c8466bbcc058d46c → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-17084582559fbd8c:host:131.196.28.176	SESSION-17084582559fbd8c → host:131.196.28.176
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e3ca473e8fbcab1:flow:b4499b53d392	SESSION-4e3ca473e8fbcab1 → flow:b4499b53d392
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eaf7cd3e5a2b7709:PCAP:capture_20260430110001:43611bdf6759	SESSION-eaf7cd3e5a2b7709 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8165f1476121226e:host:147.135.97.222	SESSION-8165f1476121226e → host:147.135.97.222
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d776155c4ea7cbea:host:177.10.232.12	SESSION-d776155c4ea7cbea → host:177.10.232.12
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d846bfa2b8f8474d:host:172.234.197.23	SESSION-d846bfa2b8f8474d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0bf5b48d5bcb9503:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0bf5b48d5bcb9503 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.141:geo_-23.62930_-46.63510	host:131.196.28.141 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:aea828168105:port:tcp:22019	flow:aea828168105 → port:tcp:22019
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b72f7dde05c7e1dd:host:172.234.197.23	SESSION-b72f7dde05c7e1dd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1909494739e8c502:host:37.27.162.26	SESSION-1909494739e8c502 → host:37.27.162.26
FLOW_FROM_HOSTOBS	e:from:SESSION-fd2e4550d5ebaf09:host:177.10.235.197	SESSION-fd2e4550d5ebaf09 → host:177.10.235.197
flow_observed5-aryOBS	e:fo:flow:93c49d69a1fc	flow:93c49d69a1fc → host:131.196.29.132 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-845fd343ebc60049:host:177.10.237.81:host:172.234.197.23	SESSION-845fd343ebc60049 → host:177.10.237.81 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2eff7ebef8fd9091:host:177.10.239.76:host:172.234.197.23	SESSION-2eff7ebef8fd9091 → host:177.10.239.76 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4c9278fb58fb6165:host:172.234.197.23	SESSION-4c9278fb58fb6165 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3cfdba58cb5b:port:tcp:48959	flow:3cfdba58cb5b → port:tcp:48959
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-abc806ef9f1a9dce:host:177.10.234.180	SESSION-abc806ef9f1a9dce → host:177.10.234.180
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e271128847ae06df:host:177.10.235.111	SESSION-e271128847ae06df → host:177.10.235.111
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-330bec399d401574:host:131.196.30.252:host:172.234.197.23	SESSION-330bec399d401574 → host:131.196.30.252 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bda1904aba09:port:tcp:32853	flow:bda1904aba09 → port:tcp:32853
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1129a02e66df3e40:SESSION-1129a02e66df3e40	SESSION-1129a02e66df3e40 → pe:syn:SESSION-1129a02e66df3e40
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-409db122b916fc83:SESSION-409db122b916fc83	SESSION-409db122b916fc83 → pe:rst:SESSION-409db122b916fc83
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-32273c66c8bf9656:SESSION-32273c66c8bf9656	SESSION-32273c66c8bf9656 → pe:tls:SESSION-32273c66c8bf9656
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4d6f38e3582127c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c4d6f38e3582127c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-985fc991cba9cb9c:flow:fc70cc4dfed6	SESSION-985fc991cba9cb9c → flow:fc70cc4dfed6
flow_observed5-aryOBS	e:fo:flow:aa8dff7d28f7	flow:aa8dff7d28f7 → host:131.196.31.81 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:509323a0b1e3:port:tcp:443	flow:509323a0b1e3 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-48cf6591de1d67a3:flow:be1f0d23506c	SESSION-48cf6591de1d67a3 → flow:be1f0d23506c
flow_observed4-aryOBS	e:fo:flow:075d88a58c71	flow:075d88a58c71 → host:172.234.197.23 → host:97.139.12.85 → port:tcp:64543
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d43ada4a289f704d:host:131.196.31.197	SESSION-d43ada4a289f704d → host:131.196.31.197
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-24bd61df75bf4426:host:131.196.31.162:host:172.234.197.23	SESSION-24bd61df75bf4426 → host:131.196.31.162 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2997df12bb4a545b:flow:e8b91ae2d236	SESSION-2997df12bb4a545b → flow:e8b91ae2d236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1909494739e8c502:SESSION-1909494739e8c502	SESSION-1909494739e8c502 → pe:syn:SESSION-1909494739e8c502
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-55aa5069b830c261:host:131.196.28.160:host:172.234.197.23	SESSION-55aa5069b830c261 → host:131.196.28.160 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16a7442acd9adfae:host:177.10.239.94	SESSION-16a7442acd9adfae → host:177.10.239.94
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.22:asn:271410	host:131.196.30.22 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-b9ca26e5420bb5bf:host:45.173.156.54	SESSION-b9ca26e5420bb5bf → host:45.173.156.54
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1be36b841cb9bb38:host:131.196.30.169:host:172.234.197.23	SESSION-1be36b841cb9bb38 → host:131.196.30.169 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:bc301461f31d	flow:bc301461f31d → host:131.196.31.142 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ef90c0e24c7a1c11:SESSION-ef90c0e24c7a1c11	SESSION-ef90c0e24c7a1c11 → pe:tls:SESSION-ef90c0e24c7a1c11
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-add028e8e7760fa2:PCAP:capture_20260430070001:903a0e7a436b	SESSION-add028e8e7760fa2 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aae44d6cd669040c:host:172.234.197.23	SESSION-aae44d6cd669040c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-db638e9136fa3895:host:177.10.236.113	SESSION-db638e9136fa3895 → host:177.10.236.113
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e331ebe372f514c8:host:172.234.197.23:host:2.57.121.112	SESSION-e331ebe372f514c8 → host:172.234.197.23 → host:2.57.121.112
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c9c0456097f35e54:flow:b57ca0dc778e	SESSION-c9c0456097f35e54 → flow:b57ca0dc778e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e12300b6212ab14:host:172.234.197.23	SESSION-7e12300b6212ab14 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eab64f08bdc755fb:host:131.196.28.237	SESSION-eab64f08bdc755fb → host:131.196.28.237
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.187:asn:262880	host:177.10.235.187 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4c0e63fa095433d2:SESSION-4c0e63fa095433d2	SESSION-4c0e63fa095433d2 → pe:syn:SESSION-4c0e63fa095433d2
flow_observed4-aryOBS	e:fo:flow:7a82c850348c	flow:7a82c850348c → host:172.234.197.23 → host:45.173.156.69 → port:tcp:17478
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f35bbd3887f167bf:SESSION-f35bbd3887f167bf	SESSION-f35bbd3887f167bf → pe:syn:SESSION-f35bbd3887f167bf
flow_observed5-aryOBS	e:fo:flow:f77233f9c1d1	flow:f77233f9c1d1 → host:45.173.156.213 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f6ad5e06ec5a3a76:PCAP:capture_20260430050001:8868731bf8a4	SESSION-f6ad5e06ec5a3a76 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-367c844590f11a50:flow:a73174a7c572	SESSION-367c844590f11a50 → flow:a73174a7c572
FLOW_DST_PORTOBS	e:fp:flow:3f94093d8b40:port:udp:53	flow:3f94093d8b40 → port:udp:53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9252fa43a6ca744f:SESSION-9252fa43a6ca744f	SESSION-9252fa43a6ca744f → pe:tls:SESSION-9252fa43a6ca744f
FLOW_FROM_HOSTOBS	e:from:SESSION-007d1747f3bd10df:host:172.234.197.23	SESSION-007d1747f3bd10df → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fbefcaf8b5dd:port:tcp:80	flow:fbefcaf8b5dd → port:tcp:80
FLOW_TO_HOSTOBS	e:to:SESSION-be196df3d425cb31:host:172.234.197.23	SESSION-be196df3d425cb31 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:85aacd5feb03:port:udp:53	flow:85aacd5feb03 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a486ebfba002f553:host:177.10.234.45	SESSION-a486ebfba002f553 → host:177.10.234.45
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e6d659d940e075af:SESSION-e6d659d940e075af	SESSION-e6d659d940e075af → pe:tls:SESSION-e6d659d940e075af
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-60a71bd7fc87f54e:SESSION-60a71bd7fc87f54e	SESSION-60a71bd7fc87f54e → pe:syn:SESSION-60a71bd7fc87f54e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.172:geo_-16.28860_-49.01640	host:177.10.237.172 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ab61e60544120f5:SESSION-8ab61e60544120f5	SESSION-8ab61e60544120f5 → pe:tls:SESSION-8ab61e60544120f5
FLOW_QUERIED_DNSOBS	e:fd:flow:767b7fbc3076:dns:172-234-197-23.ip.linodeusercontent.com	flow:767b7fbc3076 → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-aa372e44ee6fb3e7:host:172.234.197.23	SESSION-aa372e44ee6fb3e7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d9260442e0efbdc6:SESSION-d9260442e0efbdc6	SESSION-d9260442e0efbdc6 → pe:tls:SESSION-d9260442e0efbdc6
FLOW_FROM_HOSTOBS	e:from:SESSION-eb6c1367f6b2a786:host:177.10.237.73	SESSION-eb6c1367f6b2a786 → host:177.10.237.73
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1e2ace7c21b4da04:host:177.10.239.75:host:172.234.197.23	SESSION-1e2ace7c21b4da04 → host:177.10.239.75 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:949d44167acc:port:tcp:443	flow:949d44167acc → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:6c39dc1f1460:port:tcp:443	flow:6c39dc1f1460 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.182:geo_-16.28860_-49.01640	host:177.10.236.182 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:ad8754c61763	flow:ad8754c61763 → host:131.196.30.128 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3393fca13374f4c8:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3393fca13374f4c8 → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.168:geo_-16.28860_-49.01640	host:177.10.232.168 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-44bc098e411317a4:SESSION-44bc098e411317a4	SESSION-44bc098e411317a4 → pe:syn:SESSION-44bc098e411317a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d12c89e59455016e:SESSION-d12c89e59455016e	SESSION-d12c89e59455016e → pe:syn:SESSION-d12c89e59455016e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eaf5b03036efa5c6:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-eaf5b03036efa5c6 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ddfef5208babd34:host:177.10.238.236:host:172.234.197.23	SESSION-6ddfef5208babd34 → host:177.10.238.236 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ec928f375ba591f1:host:172.234.197.23	SESSION-ec928f375ba591f1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cfabb521c7f73a1:host:172.234.197.23	SESSION-6cfabb521c7f73a1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6015041af7e8	flow:6015041af7e8 → host:131.196.28.125 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-06294e5a27c1af9a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-06294e5a27c1af9a → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-e00c0cf74d0af603:host:172.234.197.23	SESSION-e00c0cf74d0af603 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3cf60c38091a57a:host:131.196.28.198	SESSION-f3cf60c38091a57a → host:131.196.28.198
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.91:asn:271410	host:131.196.30.91 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-3e3d1aa706f2604d:host:177.10.236.191	SESSION-3e3d1aa706f2604d → host:177.10.236.191
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.229:asn:273470	host:45.173.156.229 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6a46bc5971af02e3:flow:97fc34a052d0	SESSION-6a46bc5971af02e3 → flow:97fc34a052d0
flow_observed4-aryOBS	e:fo:flow:5ca8afe796b8	flow:5ca8afe796b8 → host:172.234.197.23 → host:177.10.237.250 → port:tcp:24916
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db282f95b9cc563d:host:172.234.197.23:host:177.10.237.70	SESSION-db282f95b9cc563d → host:172.234.197.23 → host:177.10.237.70
FLOW_QUERIED_DNSOBS	e:fd:flow:cb05e49e69ec:dns:172-234-197-23.ip.linodeusercontent.com	flow:cb05e49e69ec → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_DST_PORTOBS	e:fp:flow:e5babc92bbf3:port:tcp:443	flow:e5babc92bbf3 → port:tcp:443
FLOW_TLS_SNIOBS	e:fs:flow:0c59e28f7820:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:0c59e28f7820 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d3e80fb3431ec3f4:SESSION-d3e80fb3431ec3f4	SESSION-d3e80fb3431ec3f4 → pe:tls:SESSION-d3e80fb3431ec3f4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.221:geo_-23.62930_-46.63510	host:131.196.31.221 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c93964ffa7e29d50:SESSION-c93964ffa7e29d50	SESSION-c93964ffa7e29d50 → pe:tls:SESSION-c93964ffa7e29d50
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-12b2fb0a733c24b6:host:177.10.232.153	SESSION-12b2fb0a733c24b6 → host:177.10.232.153
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-534aae6aa0ff39bc:flow:0b2a3a5ae807	SESSION-534aae6aa0ff39bc → flow:0b2a3a5ae807
FLOW_FROM_HOSTOBS	e:from:SESSION-73ad5b34385541ce:host:172.234.197.23	SESSION-73ad5b34385541ce → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e5e4b6893c364bde:flow:ebf3e86f8a9a	SESSION-e5e4b6893c364bde → flow:ebf3e86f8a9a
flow_observed5-aryOBS	e:fo:flow:55a6b1de4d76	flow:55a6b1de4d76 → host:177.10.234.137 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:54dd15c775d4	flow:54dd15c775d4 → host:131.196.30.78 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7bf570ae8905fff:host:57.128.95.181	SESSION-f7bf570ae8905fff → host:57.128.95.181
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.219:geo_-16.28860_-49.01640	host:177.10.234.219 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e28b3ef52579af3b:SESSION-e28b3ef52579af3b	SESSION-e28b3ef52579af3b → pe:tls:SESSION-e28b3ef52579af3b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2d19f64abed8cdcd:SESSION-2d19f64abed8cdcd	SESSION-2d19f64abed8cdcd → pe:tls:SESSION-2d19f64abed8cdcd
FLOW_FROM_HOSTOBS	e:from:SESSION-bf1d5c3c8737f760:host:177.10.235.153	SESSION-bf1d5c3c8737f760 → host:177.10.235.153
FLOW_FROM_HOSTOBS	e:from:SESSION-d8d921ace7c85ce9:host:172.234.197.23	SESSION-d8d921ace7c85ce9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4879ced74a20729f:host:172.234.197.23	SESSION-4879ced74a20729f → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.81:geo_-23.62930_-46.63510	host:131.196.30.81 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9128704be6a27a1a:host:44.250.172.176	SESSION-9128704be6a27a1a → host:44.250.172.176
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c2099dbde4b7ef03:host:177.10.236.92:host:172.234.197.23	SESSION-c2099dbde4b7ef03 → host:177.10.236.92 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e088d2ccbc3966c5:SESSION-e088d2ccbc3966c5	SESSION-e088d2ccbc3966c5 → pe:tls:SESSION-e088d2ccbc3966c5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.63:geo_-16.28860_-49.01640	host:177.10.239.63 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4298399acb708ae5:SESSION-4298399acb708ae5	SESSION-4298399acb708ae5 → pe:tls:SESSION-4298399acb708ae5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bfa418bfe374bf06:flow:695d32c2bdde	SESSION-bfa418bfe374bf06 → flow:695d32c2bdde
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e39b76c4ba6c4cf6:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e39b76c4ba6c4cf6 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:972e46fe73d9	flow:972e46fe73d9 → host:131.196.31.227 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-b5a59556c261862d:host:172.234.197.23	SESSION-b5a59556c261862d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4ba4bb01be574ad6:host:172.234.197.23	SESSION-4ba4bb01be574ad6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cd81cfaee9483060:host:177.10.237.227:host:172.234.197.23	SESSION-cd81cfaee9483060 → host:177.10.237.227 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a34bb428906fa48c:host:177.10.239.90:host:172.234.197.23	SESSION-a34bb428906fa48c → host:177.10.239.90 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-019264e09ceae880:host:45.173.156.187:host:172.234.197.23	SESSION-019264e09ceae880 → host:45.173.156.187 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56e56d8157575627:host:172.234.197.23	SESSION-56e56d8157575627 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:910603e7a361	flow:910603e7a361 → host:51.224.181.45 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db98e45dca973468:host:172.234.197.23:host:177.10.237.191	SESSION-db98e45dca973468 → host:172.234.197.23 → host:177.10.237.191
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6585a8f099e9e465:host:131.196.31.199:host:172.234.197.23	SESSION-6585a8f099e9e465 → host:131.196.31.199 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68a45a74f687a5a4:host:177.10.232.116	SESSION-68a45a74f687a5a4 → host:177.10.232.116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2eb15df038685c53:host:172.234.197.23	SESSION-2eb15df038685c53 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.155:geo_-16.28860_-49.01640	host:177.10.234.155 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6c5da4152a907bbd:host:131.196.31.185:host:172.234.197.23	SESSION-6c5da4152a907bbd → host:131.196.31.185 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3cb81834e696:port:tcp:443	flow:3cb81834e696 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:afc55ad73faf	flow:afc55ad73faf → host:177.10.234.81 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-bdbc4c9f7cbfe0c2:host:172.234.197.23	SESSION-bdbc4c9f7cbfe0c2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-baee22f4fffa81d2:SESSION-baee22f4fffa81d2	SESSION-baee22f4fffa81d2 → pe:tls:SESSION-baee22f4fffa81d2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.72:asn:262880	host:177.10.234.72 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dae67c02b176a3ce:host:177.10.239.138:host:172.234.197.23	SESSION-dae67c02b176a3ce → host:177.10.239.138 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-caf4287e8000c114:SESSION-caf4287e8000c114	SESSION-caf4287e8000c114 → pe:tls:SESSION-caf4287e8000c114
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf997a1aac5d0ef1:host:177.10.235.42	SESSION-bf997a1aac5d0ef1 → host:177.10.235.42
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68f16c2935c85e73:host:131.196.30.220	SESSION-68f16c2935c85e73 → host:131.196.30.220
flow_observed4-aryOBS	e:fo:flow:d3362d5dbe1e	flow:d3362d5dbe1e → host:172.234.197.23 → host:177.10.232.155 → port:tcp:60337
FLOW_FROM_HOSTOBS	e:from:SESSION-1e6437ba0c2aceec:host:172.234.197.23	SESSION-1e6437ba0c2aceec → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e41b633abf5898e8:host:172.234.197.23	SESSION-e41b633abf5898e8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3094c6d527f665e9:host:172.234.197.23	SESSION-3094c6d527f665e9 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:1542bd3463f5	flow:1542bd3463f5 → host:172.234.197.23 → host:177.10.239.57 → port:tcp:42842
FLOW_TO_HOSTOBS	e:to:SESSION-9f2c14118785728f:host:131.196.31.156	SESSION-9f2c14118785728f → host:131.196.31.156
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4aa43b0ccd10448e:host:177.10.239.35	SESSION-4aa43b0ccd10448e → host:177.10.239.35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1d7bdeba7c000ea7:SESSION-1d7bdeba7c000ea7	SESSION-1d7bdeba7c000ea7 → pe:tls:SESSION-1d7bdeba7c000ea7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8452ffa75e7fe764:SESSION-8452ffa75e7fe764	SESSION-8452ffa75e7fe764 → pe:tls:SESSION-8452ffa75e7fe764
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-310c82c2a589a705:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-310c82c2a589a705 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87ea4b729b5b64e3:host:172.234.197.23	SESSION-87ea4b729b5b64e3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cfde024084873f29:host:172.234.197.23	SESSION-cfde024084873f29 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ce31789228b9	flow:ce31789228b9 → host:31.40.196.97 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.240:asn:262880	host:177.10.237.240 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:3c10724e1713:port:tcp:443	flow:3c10724e1713 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0684dbb2a7f8dcaf:flow:0710fc26396d	SESSION-0684dbb2a7f8dcaf → flow:0710fc26396d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-25d670562ff80de0:SESSION-25d670562ff80de0	SESSION-25d670562ff80de0 → pe:syn:SESSION-25d670562ff80de0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5218a703d93123a3:host:172.234.197.23	SESSION-5218a703d93123a3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fd74aeb66a6a85e:host:177.10.234.52	SESSION-3fd74aeb66a6a85e → host:177.10.234.52
FLOW_DST_PORTOBS	e:fp:flow:849ba2658df2:port:tcp:9058	flow:849ba2658df2 → port:tcp:9058
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0debd2a005265c6e:host:172.234.197.23	SESSION-0debd2a005265c6e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58a14b9397c116a1:host:172.234.197.23	SESSION-58a14b9397c116a1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2958e311eaa51e83:host:177.10.233.97	SESSION-2958e311eaa51e83 → host:177.10.233.97
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.200:asn:271410	host:131.196.31.200 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-20cf12e311e55250:host:172.234.197.23:host:177.10.234.91	SESSION-20cf12e311e55250 → host:172.234.197.23 → host:177.10.234.91
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2d407d786bd09817:SESSION-2d407d786bd09817	SESSION-2d407d786bd09817 → pe:tls:SESSION-2d407d786bd09817
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b854a8a0c04494b2:host:172.232.0.17	SESSION-b854a8a0c04494b2 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0f3b543446abe714:host:131.196.29.132	SESSION-0f3b543446abe714 → host:131.196.29.132
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d0485ecaf8e8edab:host:177.10.238.16:host:172.234.197.23	SESSION-d0485ecaf8e8edab → host:177.10.238.16 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:16c57d759bca:port:tcp:443	flow:16c57d759bca → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.131:asn:271410	host:131.196.30.131 → asn:271410
flow_observed5-aryOBS	e:fo:flow:3ea8c55e38e7	flow:3ea8c55e38e7 → host:177.10.239.206 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6bdebc30581f3c5f:PCAP:capture_20260430150001:ded20914761d	SESSION-6bdebc30581f3c5f → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b1f042103d1727f:flow:dce980f09aca	SESSION-5b1f042103d1727f → flow:dce980f09aca
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cd248be3cf9515b5:host:131.196.31.182:host:172.234.197.23	SESSION-cd248be3cf9515b5 → host:131.196.31.182 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee237db5b674d6c4:host:177.10.239.255	SESSION-ee237db5b674d6c4 → host:177.10.239.255
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1933fbedf850967f:SESSION-1933fbedf850967f	SESSION-1933fbedf850967f → pe:tls:SESSION-1933fbedf850967f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5d6622ca4a22ed44:host:177.10.238.9:host:172.234.197.23	SESSION-5d6622ca4a22ed44 → host:177.10.238.9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ec00857ef12f8e7e:host:177.10.235.65	SESSION-ec00857ef12f8e7e → host:177.10.235.65
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-605f000d6a5e20b1:PCAP:capture_20260430150001:ded20914761d	SESSION-605f000d6a5e20b1 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-64e6d0099998fde8:host:131.196.30.162	SESSION-64e6d0099998fde8 → host:131.196.30.162
FLOW_TO_HOSTOBS	e:to:SESSION-a6ed96bf23ac2f6b:host:172.234.197.23	SESSION-a6ed96bf23ac2f6b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-117c00f29ed332ce:SESSION-117c00f29ed332ce	SESSION-117c00f29ed332ce → pe:tls:SESSION-117c00f29ed332ce
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-923cb7ae7a40da65:SESSION-923cb7ae7a40da65	SESSION-923cb7ae7a40da65 → pe:syn:SESSION-923cb7ae7a40da65
FLOW_DST_PORTOBS	e:fp:flow:018ac0da39dd:port:tcp:443	flow:018ac0da39dd → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.106:geo_-23.62930_-46.63510	host:131.196.28.106 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-4e806a1e4171599f:host:131.196.31.130	SESSION-4e806a1e4171599f → host:131.196.31.130
flow_observed4-aryOBS	e:fo:flow:43ebaddd5a7b	flow:43ebaddd5a7b → host:172.234.197.23 → host:177.10.238.83 → port:tcp:17596
FLOW_TO_HOSTOBS	e:to:SESSION-2ddf07020985eed3:host:172.234.197.23	SESSION-2ddf07020985eed3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5e8c587e48bf8617:host:131.196.29.183:host:172.234.197.23	SESSION-5e8c587e48bf8617 → host:131.196.29.183 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-72cd504b232e316e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-72cd504b232e316e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ab1dfc7616ca079a:SESSION-ab1dfc7616ca079a	SESSION-ab1dfc7616ca079a → pe:tls:SESSION-ab1dfc7616ca079a
FLOW_FROM_HOSTOBS	e:from:SESSION-96afec3035986aab:host:195.154.100.87	SESSION-96afec3035986aab → host:195.154.100.87
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1705f35e2db46a43:flow:956357409f9d	SESSION-1705f35e2db46a43 → flow:956357409f9d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3982f1a8e532b400:host:95.170.25.243	SESSION-3982f1a8e532b400 → host:95.170.25.243
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c876d9731eec34af:flow:40e654e83289	SESSION-c876d9731eec34af → flow:40e654e83289
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7d9ab0e2fb8bff1f:SESSION-7d9ab0e2fb8bff1f	SESSION-7d9ab0e2fb8bff1f → pe:tls:SESSION-7d9ab0e2fb8bff1f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fe9137916d2eb5d4:flow:048fd4fb8e93	SESSION-fe9137916d2eb5d4 → flow:048fd4fb8e93
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1cbcb5d52df9d7c9:PCAP:capture_20260430150001:ded20914761d	SESSION-1cbcb5d52df9d7c9 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:282e04bd7969:port:tcp:443	flow:282e04bd7969 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:29e983a46063	flow:29e983a46063 → host:172.234.197.23 → host:177.10.236.72 → port:tcp:36225
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-da3b2b353303e8e1:host:177.10.237.153:host:172.234.197.23	SESSION-da3b2b353303e8e1 → host:177.10.237.153 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2dbb52de45813c9a:host:172.234.197.23	SESSION-2dbb52de45813c9a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8de6c1be9d0210fa:host:95.170.25.208	SESSION-8de6c1be9d0210fa → host:95.170.25.208
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1261f8c6b87cf73:host:45.173.156.70	SESSION-b1261f8c6b87cf73 → host:45.173.156.70
FLOW_DST_PORTOBS	e:fp:flow:297c6aefdd3e:port:tcp:443	flow:297c6aefdd3e → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-4f766219ab3f1d4b:host:177.10.239.203	SESSION-4f766219ab3f1d4b → host:177.10.239.203
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a6edbcdecdf7d835:flow:78fa7f111390	SESSION-a6edbcdecdf7d835 → flow:78fa7f111390
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a8c8ed56d6827efd:SESSION-a8c8ed56d6827efd	SESSION-a8c8ed56d6827efd → pe:syn:SESSION-a8c8ed56d6827efd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-08ee685c4e8cc842:SESSION-08ee685c4e8cc842	SESSION-08ee685c4e8cc842 → pe:tls:SESSION-08ee685c4e8cc842
FLOW_TO_HOSTOBS	e:to:SESSION-905e7318b3a63042:host:172.234.197.23	SESSION-905e7318b3a63042 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ea5a5c8bbfcfd548:host:172.234.197.23	SESSION-ea5a5c8bbfcfd548 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.92:geo_-21.10010_-41.69200	host:45.173.156.92 → geo_-21.10010_-41.69200
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.213:geo_-16.28860_-49.01640	host:177.10.234.213 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-0c01d0fd13ba220b:host:172.234.197.23	SESSION-0c01d0fd13ba220b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.28:asn:271410	host:131.196.30.28 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-07a7172489c9ad9c:host:177.10.232.103:host:172.234.197.23	SESSION-07a7172489c9ad9c → host:177.10.232.103 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2997df12bb4a545b:SESSION-2997df12bb4a545b	SESSION-2997df12bb4a545b → pe:syn:SESSION-2997df12bb4a545b
flow_observed5-aryOBS	e:fo:flow:462902a6a8a1	flow:462902a6a8a1 → host:177.10.235.211 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e987eea1f59290d7:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-e987eea1f59290d7 → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f4a86c40e28bf330:host:45.173.156.48:host:172.234.197.23	SESSION-f4a86c40e28bf330 → host:45.173.156.48 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.209:asn:273470	host:45.173.156.209 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-959e19b011db2562:SESSION-959e19b011db2562	SESSION-959e19b011db2562 → pe:syn:SESSION-959e19b011db2562
FLOW_DST_PORTOBS	e:fp:flow:a523da3aafeb:port:tcp:443	flow:a523da3aafeb → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-da14e554ef56152a:SESSION-da14e554ef56152a	SESSION-da14e554ef56152a → pe:syn:SESSION-da14e554ef56152a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fcf38b0a54673cb:host:172.234.197.23	SESSION-5fcf38b0a54673cb → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fd6ef4118ff649ff:host:172.234.197.23	SESSION-fd6ef4118ff649ff → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a5d8002765cb7d3:host:172.234.197.23	SESSION-6a5d8002765cb7d3 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-141e3c6c8d153d1d:host:172.234.197.23	SESSION-141e3c6c8d153d1d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8739e7552ccb5cc0:flow:2c0e36a618e9	SESSION-8739e7552ccb5cc0 → flow:2c0e36a618e9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a776552d0ac90a05:SESSION-a776552d0ac90a05	SESSION-a776552d0ac90a05 → pe:syn:SESSION-a776552d0ac90a05
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1b3b25682727ca52:SESSION-1b3b25682727ca52	SESSION-1b3b25682727ca52 → pe:syn:SESSION-1b3b25682727ca52
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d147f8cae941ed80:PCAP:capture_20260430150001:ded20914761d	SESSION-d147f8cae941ed80 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-ce29096c932e7f50:host:177.10.236.43	SESSION-ce29096c932e7f50 → host:177.10.236.43
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9eda278d49363b57:SESSION-9eda278d49363b57	SESSION-9eda278d49363b57 → pe:tls:SESSION-9eda278d49363b57
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7ad60f3efcde14b7:flow:5d7ec192c72c	SESSION-7ad60f3efcde14b7 → flow:5d7ec192c72c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-13b449bea21c4b54:flow:f34baa4b6679	SESSION-13b449bea21c4b54 → flow:f34baa4b6679
flow_observed5-aryOBS	e:fo:flow:fac0f539a350	flow:fac0f539a350 → host:177.10.234.147 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f4bd70bea69fea0d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f4bd70bea69fea0d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8139f2a89dd46f4b:flow:b8930a348aad	SESSION-8139f2a89dd46f4b → flow:b8930a348aad
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-01744e272bba469d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-01744e272bba469d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d8d8471d99b0ccf5:SESSION-d8d8471d99b0ccf5	SESSION-d8d8471d99b0ccf5 → pe:tls:SESSION-d8d8471d99b0ccf5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ec65811ecc506ca:SESSION-2ec65811ecc506ca	SESSION-2ec65811ecc506ca → pe:syn:SESSION-2ec65811ecc506ca
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6c5381aaad8fa568:SESSION-6c5381aaad8fa568	SESSION-6c5381aaad8fa568 → pe:tls:SESSION-6c5381aaad8fa568
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-85419ca5854a5f9c:SESSION-85419ca5854a5f9c	SESSION-85419ca5854a5f9c → pe:tls:SESSION-85419ca5854a5f9c
FLOW_TO_HOSTOBS	e:to:SESSION-7498682ecb6877b0:host:131.196.31.127	SESSION-7498682ecb6877b0 → host:131.196.31.127
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3a3baa467b71ba10:host:177.10.232.223:host:172.234.197.23	SESSION-3a3baa467b71ba10 → host:177.10.232.223 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a579d4e5af4d:port:tcp:443	flow:a579d4e5af4d → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-f70b0605ff5c8685:host:131.196.31.146	SESSION-f70b0605ff5c8685 → host:131.196.31.146
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9804aaba4767b862:flow:a3a569e5aede	SESSION-9804aaba4767b862 → flow:a3a569e5aede
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c89e102c8b8b6c97:host:172.234.197.23:host:177.10.233.35	SESSION-c89e102c8b8b6c97 → host:172.234.197.23 → host:177.10.233.35
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.193:asn:262880	host:177.10.235.193 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ee088f254667f6a:flow:73eaad2a4580	SESSION-6ee088f254667f6a → flow:73eaad2a4580
FLOW_TO_HOSTOBS	e:to:SESSION-58eea5e67f2190af:host:177.10.238.0	SESSION-58eea5e67f2190af → host:177.10.238.0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-036bdbf16af23428:SESSION-036bdbf16af23428	SESSION-036bdbf16af23428 → pe:syn:SESSION-036bdbf16af23428
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.86:asn:262880	host:177.10.235.86 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a412381d3ec6112:SESSION-4a412381d3ec6112	SESSION-4a412381d3ec6112 → pe:syn:SESSION-4a412381d3ec6112
FLOW_FROM_HOSTOBS	e:from:SESSION-de46def2c97c3533:host:177.10.236.56	SESSION-de46def2c97c3533 → host:177.10.236.56
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9bd60248a4061d8d:flow:ef76751809b3	SESSION-9bd60248a4061d8d → flow:ef76751809b3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-63e207f92d9c898d:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-63e207f92d9c898d → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9de9d154fbb04a83:host:131.196.28.0	SESSION-9de9d154fbb04a83 → host:131.196.28.0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.219:geo_-16.28860_-49.01640	host:177.10.232.219 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-6430336fded9a803:host:131.196.29.99	SESSION-6430336fded9a803 → host:131.196.29.99
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.148:asn:262880	host:177.10.239.148 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4793a163d681d0d0:host:177.10.239.156:host:172.234.197.23	SESSION-4793a163d681d0d0 → host:177.10.239.156 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b7e210d67eff:port:tcp:443	flow:b7e210d67eff → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-592321b004976459:SESSION-592321b004976459	SESSION-592321b004976459 → pe:syn:SESSION-592321b004976459
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b2b0ee493ee38385:flow:d10d98940d27	SESSION-b2b0ee493ee38385 → flow:d10d98940d27
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f377c5e49ededc1c:host:172.234.197.23	SESSION-f377c5e49ededc1c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.189:asn:262880	host:177.10.237.189 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4387fd9792a7eb8a:SESSION-4387fd9792a7eb8a	SESSION-4387fd9792a7eb8a → pe:tls:SESSION-4387fd9792a7eb8a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ed2dc2be6795ae2:flow:c5897cd2d112	SESSION-5ed2dc2be6795ae2 → flow:c5897cd2d112
FLOW_DST_PORTOBS	e:fp:flow:afa4794a1a01:port:tcp:443	flow:afa4794a1a01 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-40dbede277a2e1b2:SESSION-40dbede277a2e1b2	SESSION-40dbede277a2e1b2 → pe:syn:SESSION-40dbede277a2e1b2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a108f3a8f652bd55:flow:20fb95e03ba6	SESSION-a108f3a8f652bd55 → flow:20fb95e03ba6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bc6a5831c46f644f:host:131.196.28.80:host:172.234.197.23	SESSION-bc6a5831c46f644f → host:131.196.28.80 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6b762e1d0d174fb:host:172.234.197.23	SESSION-a6b762e1d0d174fb → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-99d54d6eadbc1138:SESSION-99d54d6eadbc1138	SESSION-99d54d6eadbc1138 → pe:syn:SESSION-99d54d6eadbc1138
FLOW_TO_HOSTOBS	e:to:SESSION-f45c3ab8ea783ada:host:172.234.197.23	SESSION-f45c3ab8ea783ada → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-83d893adc4ebe669:PCAP:capture_20260430150001:ded20914761d	SESSION-83d893adc4ebe669 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c390a73ee41b4c6d:PCAP:capture_20260430060001:919b39a74464	SESSION-c390a73ee41b4c6d → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e225557ebe736948:SESSION-e225557ebe736948	SESSION-e225557ebe736948 → pe:tls:SESSION-e225557ebe736948
FLOW_TO_HOSTOBS	e:to:SESSION-412d8e92812f4ea2:host:172.234.197.23	SESSION-412d8e92812f4ea2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e47ff6197158625f:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-e47ff6197158625f → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-142a24cb96c02884:host:172.234.197.23:host:131.196.30.138	SESSION-142a24cb96c02884 → host:172.234.197.23 → host:131.196.30.138
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96f4af5cf9f3425a:host:131.196.31.1:host:172.234.197.23	SESSION-96f4af5cf9f3425a → host:131.196.31.1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a22b87d5bf56:port:tcp:443	flow:a22b87d5bf56 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb3e7e97aa8c76e6:SESSION-cb3e7e97aa8c76e6	SESSION-cb3e7e97aa8c76e6 → pe:syn:SESSION-cb3e7e97aa8c76e6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf36cee0aa989ce3:host:177.10.236.141	SESSION-bf36cee0aa989ce3 → host:177.10.236.141
FLOW_FROM_HOSTOBS	e:from:SESSION-89957ac1ec870b87:host:177.10.239.174	SESSION-89957ac1ec870b87 → host:177.10.239.174
FLOW_FROM_HOSTOBS	e:from:SESSION-e271128847ae06df:host:172.234.197.23	SESSION-e271128847ae06df → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01454c90925a3a4f:host:172.234.197.23	SESSION-01454c90925a3a4f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f79e79f663ba44d9:host:131.196.30.20:host:172.234.197.23	SESSION-f79e79f663ba44d9 → host:131.196.30.20 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5527f09aaa715d91:host:131.196.30.132	SESSION-5527f09aaa715d91 → host:131.196.30.132
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f4a69b65a94c1ea1:SESSION-f4a69b65a94c1ea1	SESSION-f4a69b65a94c1ea1 → pe:syn:SESSION-f4a69b65a94c1ea1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6aca00d0413062e5:PCAP:capture_20260430150001:ded20914761d	SESSION-6aca00d0413062e5 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-68a3da1f806283eb:host:172.234.197.23	SESSION-68a3da1f806283eb → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:8c0a36e715f9	flow:8c0a36e715f9 → host:172.234.197.23 → host:177.10.233.108 → port:tcp:60604
FLOW_FROM_HOSTOBS	e:from:SESSION-6713221fe5694a6d:host:131.196.30.162	SESSION-6713221fe5694a6d → host:131.196.30.162
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-09a6e49240d11692:SESSION-09a6e49240d11692	SESSION-09a6e49240d11692 → pe:tls:SESSION-09a6e49240d11692
FLOW_DST_PORTOBS	e:fp:flow:f2d1957f48c3:port:tcp:443	flow:f2d1957f48c3 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6a5d8002765cb7d3:SESSION-6a5d8002765cb7d3	SESSION-6a5d8002765cb7d3 → pe:syn:SESSION-6a5d8002765cb7d3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f7d282d56df8eba3:SESSION-f7d282d56df8eba3	SESSION-f7d282d56df8eba3 → pe:tls:SESSION-f7d282d56df8eba3
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.56:asn:271410	host:131.196.31.56 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-4b5ce2843c92e119:host:177.10.234.140	SESSION-4b5ce2843c92e119 → host:177.10.234.140
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.60:asn:262880	host:177.10.238.60 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ea3a69414cbbc32d:flow:46897113187f	SESSION-ea3a69414cbbc32d → flow:46897113187f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d77225c69f4fe117:flow:05cfa6aaf4d0	SESSION-d77225c69f4fe117 → flow:05cfa6aaf4d0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-89e4df8c6f209b00:host:45.173.156.10:host:172.234.197.23	SESSION-89e4df8c6f209b00 → host:45.173.156.10 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5bae596d14ec2741:PCAP:capture_20260430050001:8868731bf8a4	SESSION-5bae596d14ec2741 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b330864bc1d39cd9:host:172.234.197.23	SESSION-b330864bc1d39cd9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fdee4339c7caabb6:flow:c8895d5095fd	SESSION-fdee4339c7caabb6 → flow:c8895d5095fd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e63705938a499015:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e63705938a499015 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e7ccd5c552e41a1:flow:90f6045852d1	SESSION-7e7ccd5c552e41a1 → flow:90f6045852d1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e8ebb92b3cccc0ee:flow:e7c206687d07	SESSION-e8ebb92b3cccc0ee → flow:e7c206687d07
FLOW_FROM_HOSTOBS	e:from:SESSION-854a13cbd553e198:host:45.173.156.206	SESSION-854a13cbd553e198 → host:45.173.156.206
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-133d7db2ccbe04c8:host:177.10.233.192	SESSION-133d7db2ccbe04c8 → host:177.10.233.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6a10e6ba939684b8:SESSION-6a10e6ba939684b8	SESSION-6a10e6ba939684b8 → pe:syn:SESSION-6a10e6ba939684b8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96f33e27040b9bc9:host:131.196.29.73	SESSION-96f33e27040b9bc9 → host:131.196.29.73
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0612d11703a94cf9:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-0612d11703a94cf9 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3c8bfb1726ad64d7:host:177.10.236.110:host:172.234.197.23	SESSION-3c8bfb1726ad64d7 → host:177.10.236.110 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:89.58.44.225:asn:197540	host:89.58.44.225 → asn:197540
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b4a3756900fa00c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7b4a3756900fa00c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:6c03c0136ad8	flow:6c03c0136ad8 → host:172.234.197.23 → host:177.10.239.93 → port:tcp:23367
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3224b320d23ec0cd:host:177.10.237.60:host:172.234.197.23	SESSION-3224b320d23ec0cd → host:177.10.237.60 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-382b47d73202b6ac:SESSION-382b47d73202b6ac	SESSION-382b47d73202b6ac → pe:syn:SESSION-382b47d73202b6ac
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-30195220eb2aa3f5:SESSION-30195220eb2aa3f5	SESSION-30195220eb2aa3f5 → pe:syn:SESSION-30195220eb2aa3f5
flow_observed5-aryOBS	e:fo:flow:732edc8624c6	flow:732edc8624c6 → host:131.196.30.234 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b8d0e25502f89d2:host:16.112.8.242:host:172.234.197.23	SESSION-7b8d0e25502f89d2 → host:16.112.8.242 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a4f6dd7436745b4:host:172.234.197.23	SESSION-4a4f6dd7436745b4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-52ffcd7f81b035e2:host:131.196.29.75:host:172.234.197.23	SESSION-52ffcd7f81b035e2 → host:131.196.29.75 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be622897972653aa:PCAP:capture_20260428010001:b1b402c7b202	SESSION-be622897972653aa → PCAP:capture_20260428010001:b1b402c7b202
FLOW_TO_HOSTOBS	e:to:SESSION-d9466ee8fbea2465:host:172.234.197.23	SESSION-d9466ee8fbea2465 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e7251f1511c5	flow:e7251f1511c5 → host:172.234.197.23 → host:177.10.239.155 → port:tcp:47941
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.73:asn:262880	host:177.10.232.73 → asn:262880
flow_observed5-aryOBS	e:fo:flow:75b58e38903e	flow:75b58e38903e → host:177.10.239.145 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5d5941c68a821530:SESSION-5d5941c68a821530	SESSION-5d5941c68a821530 → pe:tls:SESSION-5d5941c68a821530
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-66fe61e0e919e0c7:SESSION-66fe61e0e919e0c7	SESSION-66fe61e0e919e0c7 → pe:syn:SESSION-66fe61e0e919e0c7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7b0fec424d0db7c3:SESSION-7b0fec424d0db7c3	SESSION-7b0fec424d0db7c3 → pe:tls:SESSION-7b0fec424d0db7c3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1be36b841cb9bb38:flow:248bb9448096	SESSION-1be36b841cb9bb38 → flow:248bb9448096
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4ddb6310055a59be:flow:dbade0df5981	SESSION-4ddb6310055a59be → flow:dbade0df5981
FLOW_TO_HOSTOBS	e:to:SESSION-37dea09d598a2ad1:host:172.234.197.23	SESSION-37dea09d598a2ad1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9d2d17a1375ada26:host:172.234.197.23	SESSION-9d2d17a1375ada26 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2981d1088db9	flow:2981d1088db9 → host:177.10.235.196 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:98e497135516	flow:98e497135516 → host:177.10.239.86 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-954ce8dcd8b034e5:host:172.234.197.23	SESSION-954ce8dcd8b034e5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-be4f81bef58a140b:host:45.173.156.159	SESSION-be4f81bef58a140b → host:45.173.156.159
FLOW_TO_HOSTOBS	e:to:SESSION-fda5d1d0c89bbfd4:host:172.234.197.23	SESSION-fda5d1d0c89bbfd4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3c5b9cd096d7e31:host:131.196.31.222	SESSION-b3c5b9cd096d7e31 → host:131.196.31.222
flow_observed5-aryOBS	e:fo:flow:b214172954f6	flow:b214172954f6 → host:131.196.29.234 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:51886dfe4b68:port:tcp:4692	flow:51886dfe4b68 → port:tcp:4692
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c32ee209d5d1aa5e:flow:4cbf90c61fa6	SESSION-c32ee209d5d1aa5e → flow:4cbf90c61fa6
FLOW_FROM_HOSTOBS	e:from:SESSION-6c0d18b24ee9d3d4:host:172.234.197.23	SESSION-6c0d18b24ee9d3d4 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7fd0e8f46f0bc660:PCAP:capture_20260430080001:93f47cc296a4	SESSION-7fd0e8f46f0bc660 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4af9ea8e19c0cf86:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4af9ea8e19c0cf86 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47e6906e0a27d254:host:172.234.197.23	SESSION-47e6906e0a27d254 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cddf604912330e1b:host:45.173.156.76:host:172.234.197.23	SESSION-cddf604912330e1b → host:45.173.156.76 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-46290f7655d18c8b:SESSION-46290f7655d18c8b	SESSION-46290f7655d18c8b → pe:tls:SESSION-46290f7655d18c8b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9e13bed2218b0a9f:flow:59a3a67bd50d	SESSION-9e13bed2218b0a9f → flow:59a3a67bd50d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5fcf38b0a54673cb:PCAP:capture_20260430060001:919b39a74464	SESSION-5fcf38b0a54673cb → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f39c81a37ca9c9d3:host:177.10.235.215	SESSION-f39c81a37ca9c9d3 → host:177.10.235.215
FLOW_DST_PORTOBS	e:fp:flow:b5ea336c0629:port:tcp:64973	flow:b5ea336c0629 → port:tcp:64973
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b4751d88925ba5f3:SESSION-b4751d88925ba5f3	SESSION-b4751d88925ba5f3 → pe:tls:SESSION-b4751d88925ba5f3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98030dd572a97d39:host:131.196.28.70	SESSION-98030dd572a97d39 → host:131.196.28.70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3bfd44b04badb9b:host:177.10.237.66	SESSION-c3bfd44b04badb9b → host:177.10.237.66
FLOW_DST_PORTOBS	e:fp:flow:cb3e15688521:port:tcp:6411	flow:cb3e15688521 → port:tcp:6411
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a418060e7d2d204b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-a418060e7d2d204b → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-f8e250b2be37e497:host:177.10.239.29	SESSION-f8e250b2be37e497 → host:177.10.239.29
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-50e84f588759fadd:flow:f379ef231b16	SESSION-50e84f588759fadd → flow:f379ef231b16
FLOW_FROM_HOSTOBS	e:from:SESSION-3b8a5f0932f0fd6d:host:88.99.91.59	SESSION-3b8a5f0932f0fd6d → host:88.99.91.59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-100c3fd7436ef8f8:SESSION-100c3fd7436ef8f8	SESSION-100c3fd7436ef8f8 → pe:syn:SESSION-100c3fd7436ef8f8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6d93e05fe8ec7e58:PCAP:capture_20260430160001:9bfa4498506a	SESSION-6d93e05fe8ec7e58 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:fac57f01f533	flow:fac57f01f533 → host:131.196.30.33 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f0dd74fd8f314e65:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f0dd74fd8f314e65 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c4adfb3e188a176:host:172.234.197.23	SESSION-4c4adfb3e188a176 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b7f75116e650c71:host:172.234.197.23	SESSION-7b7f75116e650c71 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0af0d5d1b3f6259:PCAP:capture_20260430150001:ded20914761d	SESSION-c0af0d5d1b3f6259 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-9b3d68511ee3e6e7:host:172.234.197.23	SESSION-9b3d68511ee3e6e7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d618ae22306fa7b9:host:172.234.197.23	SESSION-d618ae22306fa7b9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7caa5c0db9dc8d4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b7caa5c0db9dc8d4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-54aea84c156a3c18:host:172.234.197.23	SESSION-54aea84c156a3c18 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d8900744845bb6f3:SESSION-d8900744845bb6f3	SESSION-d8900744845bb6f3 → pe:tls:SESSION-d8900744845bb6f3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0feaffd55940508b:host:177.10.237.238:host:172.234.197.23	SESSION-0feaffd55940508b → host:177.10.237.238 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2acb7632e6c37a6f:host:88.99.91.59	SESSION-2acb7632e6c37a6f → host:88.99.91.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d446777121d9b1f8:host:177.10.239.192	SESSION-d446777121d9b1f8 → host:177.10.239.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec00857ef12f8e7e:host:177.10.235.65	SESSION-ec00857ef12f8e7e → host:177.10.235.65
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.255:asn:271410	host:131.196.31.255 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.45:asn:262880	host:177.10.236.45 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e41b633abf5898e8:SESSION-e41b633abf5898e8	SESSION-e41b633abf5898e8 → pe:tls:SESSION-e41b633abf5898e8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7f008aa22e7b680c:SESSION-7f008aa22e7b680c	SESSION-7f008aa22e7b680c → pe:syn:SESSION-7f008aa22e7b680c
FLOW_DST_PORTOBS	e:fp:flow:2a26dc28d5ba:port:tcp:443	flow:2a26dc28d5ba → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-89e4df8c6f209b00:host:172.234.197.23	SESSION-89e4df8c6f209b00 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a55a830d22fea90d:flow:7e8c092f69b8	SESSION-a55a830d22fea90d → flow:7e8c092f69b8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fd2d57a3e3d90491:SESSION-fd2d57a3e3d90491	SESSION-fd2d57a3e3d90491 → pe:tls:SESSION-fd2d57a3e3d90491
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0510bb60587070dd:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-0510bb60587070dd → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-aede3430ffb62e05:host:177.10.236.150	SESSION-aede3430ffb62e05 → host:177.10.236.150
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-75d8d9da58d6d51c:SESSION-75d8d9da58d6d51c	SESSION-75d8d9da58d6d51c → pe:syn:SESSION-75d8d9da58d6d51c
FLOW_TO_HOSTOBS	e:to:SESSION-41b71c4a2ccc13b3:host:172.234.197.23	SESSION-41b71c4a2ccc13b3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2235ad305872b9c2:SESSION-2235ad305872b9c2	SESSION-2235ad305872b9c2 → pe:tls:SESSION-2235ad305872b9c2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-621f42bc5edaa56f:host:131.196.30.37:host:172.234.197.23	SESSION-621f42bc5edaa56f → host:131.196.30.37 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-79787964fff3a281:flow:e6053f3476b8	SESSION-79787964fff3a281 → flow:e6053f3476b8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-deef720c855898df:flow:f5dd5c63cbac	SESSION-deef720c855898df → flow:f5dd5c63cbac
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fa0b840fdb1355d3:flow:562964a4480b	SESSION-fa0b840fdb1355d3 → flow:562964a4480b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.166:asn:262880	host:177.10.238.166 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e332f49c3a5896d2:host:131.196.28.99:host:172.234.197.23	SESSION-e332f49c3a5896d2 → host:131.196.28.99 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-019d89e6bcaa6e4e:host:177.10.236.170	SESSION-019d89e6bcaa6e4e → host:177.10.236.170
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.248:geo_-16.28860_-49.01640	host:177.10.234.248 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-59417938792198bf:SESSION-59417938792198bf	SESSION-59417938792198bf → pe:tls:SESSION-59417938792198bf
FLOW_TO_HOSTOBS	e:to:SESSION-fb9800c0b594ef9b:host:172.234.197.23	SESSION-fb9800c0b594ef9b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c22096904d93	flow:c22096904d93 → host:104.28.234.78 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-5ff90c657a3c2e88:host:177.10.238.86	SESSION-5ff90c657a3c2e88 → host:177.10.238.86
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.196:asn:262880	host:177.10.237.196 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-042ef885e77347e7:host:131.196.28.48	SESSION-042ef885e77347e7 → host:131.196.28.48
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2e920b338cbbee7b:host:172.234.197.23:host:131.196.29.76	SESSION-2e920b338cbbee7b → host:172.234.197.23 → host:131.196.29.76
FLOW_DST_PORTOBS	e:fp:flow:59a3a67bd50d:port:tcp:22854	flow:59a3a67bd50d → port:tcp:22854
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eb7b7dca9012c682:flow:72a4de96eca6	SESSION-eb7b7dca9012c682 → flow:72a4de96eca6
FLOW_DST_PORTOBS	e:fp:flow:e5fed5a187d0:port:tcp:443	flow:e5fed5a187d0 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:f2b7c7be1c86:port:tcp:443	flow:f2b7c7be1c86 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3407d813acebc00f:flow:53c36095e850	SESSION-3407d813acebc00f → flow:53c36095e850
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db8bd5551afdaf6c:flow:a39fcd817f5f	SESSION-db8bd5551afdaf6c → flow:a39fcd817f5f
FLOW_FROM_HOSTOBS	e:from:SESSION-befc987f4c77d80c:host:103.230.240.59	SESSION-befc987f4c77d80c → host:103.230.240.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74f0d8e902dc1bc9:host:172.234.197.23	SESSION-74f0d8e902dc1bc9 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-007d1747f3bd10df:host:177.10.234.113	SESSION-007d1747f3bd10df → host:177.10.234.113
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a87c967af45101a2:host:177.10.234.137:host:172.234.197.23	SESSION-a87c967af45101a2 → host:177.10.234.137 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-616ab8d382244a8d:flow:595ca985adc2	SESSION-616ab8d382244a8d → flow:595ca985adc2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-424e5c5b03912c3d:host:177.10.238.81:host:172.234.197.23	SESSION-424e5c5b03912c3d → host:177.10.238.81 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-110ce59a2a29ac0c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-110ce59a2a29ac0c → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-57092e6ea3a8c881:host:172.234.197.23	SESSION-57092e6ea3a8c881 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6457b3248e0b30fe:host:177.10.232.167:host:172.234.197.23	SESSION-6457b3248e0b30fe → host:177.10.232.167 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a83f7d2591dcabf5:host:172.234.197.23	SESSION-a83f7d2591dcabf5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-decb8c6a12a4d67a:host:177.10.237.64	SESSION-decb8c6a12a4d67a → host:177.10.237.64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68a3da1f806283eb:host:131.196.29.67	SESSION-68a3da1f806283eb → host:131.196.29.67
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3bec1644a83cc4e1:PCAP:capture_20260430060001:919b39a74464	SESSION-3bec1644a83cc4e1 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-44e6d66a0a0fb56e:host:131.196.29.140	SESSION-44e6d66a0a0fb56e → host:131.196.29.140
FLOW_DST_PORTOBS	e:fp:flow:52d611ee4d3f:port:tcp:443	flow:52d611ee4d3f → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-6fd2d6a70384f754:host:172.234.197.23	SESSION-6fd2d6a70384f754 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ee9fbb8d7f6cf47b:host:177.10.239.149:host:172.234.197.23	SESSION-ee9fbb8d7f6cf47b → host:177.10.239.149 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d5b80b4b47f274ca:host:177.10.233.77:host:172.234.197.23	SESSION-d5b80b4b47f274ca → host:177.10.233.77 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ae9e0c134c79:port:tcp:39170	flow:ae9e0c134c79 → port:tcp:39170
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0393cf21271be7e9:flow:ccc8e09e0181	SESSION-0393cf21271be7e9 → flow:ccc8e09e0181
FLOW_FROM_HOSTOBS	e:from:SESSION-ac89834f3c269f55:host:177.10.233.163	SESSION-ac89834f3c269f55 → host:177.10.233.163
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d5390845b17c572:host:172.234.197.23	SESSION-1d5390845b17c572 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f6ab7360966186b9:flow:2ff53ffc0eae	SESSION-f6ab7360966186b9 → flow:2ff53ffc0eae
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.38:asn:271410	host:131.196.31.38 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db282f95b9cc563d:SESSION-db282f95b9cc563d	SESSION-db282f95b9cc563d → pe:tls:SESSION-db282f95b9cc563d
FLOW_DST_PORTOBS	e:fp:flow:e948c653dadd:port:udp:53	flow:e948c653dadd → port:udp:53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5c3d3f3d87b7f1a0:SESSION-5c3d3f3d87b7f1a0	SESSION-5c3d3f3d87b7f1a0 → pe:tls:SESSION-5c3d3f3d87b7f1a0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-100c3fd7436ef8f8:SESSION-100c3fd7436ef8f8	SESSION-100c3fd7436ef8f8 → pe:tls:SESSION-100c3fd7436ef8f8
FLOW_TO_HOSTOBS	e:to:SESSION-e6a5c0858fcd0d09:host:177.10.234.64	SESSION-e6a5c0858fcd0d09 → host:177.10.234.64
ASN_IN_ORGOBS 80%	e:ao:asn:31898:org:Oracle Corporation	asn:31898 → org:Oracle Corporation
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3526e42e615eba29:host:177.10.238.55:host:172.234.197.23	SESSION-3526e42e615eba29 → host:177.10.238.55 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6ddfef5208babd34:host:172.234.197.23	SESSION-6ddfef5208babd34 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f73f713a631f7530:PCAP:capture_20260430060001:919b39a74464	SESSION-f73f713a631f7530 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c84f2bc6bdec600e:host:131.196.28.80	SESSION-c84f2bc6bdec600e → host:131.196.28.80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4b0821df7b169e6a:SESSION-4b0821df7b169e6a	SESSION-4b0821df7b169e6a → pe:syn:SESSION-4b0821df7b169e6a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4e8d87fd06149df:host:131.196.29.232	SESSION-b4e8d87fd06149df → host:131.196.29.232
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c3957034b2fd24e8:SESSION-c3957034b2fd24e8	SESSION-c3957034b2fd24e8 → pe:syn:SESSION-c3957034b2fd24e8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-196ad93208fa5be9:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-196ad93208fa5be9 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b5af66d109a4873:host:172.234.197.23:host:131.196.30.7	SESSION-5b5af66d109a4873 → host:172.234.197.23 → host:131.196.30.7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4081c2e8ed1c2925:SESSION-4081c2e8ed1c2925	SESSION-4081c2e8ed1c2925 → pe:tls:SESSION-4081c2e8ed1c2925
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-73f1c8de70c12118:SESSION-73f1c8de70c12118	SESSION-73f1c8de70c12118 → pe:syn:SESSION-73f1c8de70c12118
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d8432ee5dd236020:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d8432ee5dd236020 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-68c9571f275cd182:host:172.234.197.23	SESSION-68c9571f275cd182 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-41c6e0b91a3149eb:SESSION-41c6e0b91a3149eb	SESSION-41c6e0b91a3149eb → pe:syn:SESSION-41c6e0b91a3149eb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-397164cbc5836ff1:SESSION-397164cbc5836ff1	SESSION-397164cbc5836ff1 → pe:syn:SESSION-397164cbc5836ff1
FLOW_TLS_SNIOBS	e:fs:flow:82fbfa1cfb5d:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:82fbfa1cfb5d → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-186abbea6a1cb4f5:flow:7ccb0d93d5e0	SESSION-186abbea6a1cb4f5 → flow:7ccb0d93d5e0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b3edcc633e4f5b2c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b3edcc633e4f5b2c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c59147b81bc92a14:SESSION-c59147b81bc92a14	SESSION-c59147b81bc92a14 → pe:syn:SESSION-c59147b81bc92a14
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-367c844590f11a50:SESSION-367c844590f11a50	SESSION-367c844590f11a50 → pe:syn:SESSION-367c844590f11a50
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f19ceabce4d2fbb5:host:172.234.197.23	SESSION-f19ceabce4d2fbb5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4a5d297f882a3348:host:131.196.31.229	SESSION-4a5d297f882a3348 → host:131.196.31.229
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c5d6e49e2849c20f:host:131.196.29.198:host:172.234.197.23	SESSION-c5d6e49e2849c20f → host:131.196.29.198 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.158:geo_-16.28860_-49.01640	host:177.10.238.158 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-774b2bcff77bd614:host:172.234.197.23	SESSION-774b2bcff77bd614 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8df47c2606014223:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8df47c2606014223 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-282c3beb2e9d9d39:host:172.234.197.23	SESSION-282c3beb2e9d9d39 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f2c00c77bcbb5602:host:131.196.29.167	SESSION-f2c00c77bcbb5602 → host:131.196.29.167
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f800f90b92d1e01:host:172.234.197.23	SESSION-4f800f90b92d1e01 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0ccbf098e115515a:SESSION-0ccbf098e115515a	SESSION-0ccbf098e115515a → pe:tls:SESSION-0ccbf098e115515a
FLOW_FROM_HOSTOBS	e:from:SESSION-60cd9cc046a23835:host:172.234.197.23	SESSION-60cd9cc046a23835 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c75de00edeed:port:tcp:443	flow:c75de00edeed → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fec8e81be891b7cc:host:177.10.239.151	SESSION-fec8e81be891b7cc → host:177.10.239.151
FLOW_TO_HOSTOBS	e:to:SESSION-77c4ff849445b3aa:host:177.10.235.172	SESSION-77c4ff849445b3aa → host:177.10.235.172
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6c06bd8d9952317f:flow:12c18556932b	SESSION-6c06bd8d9952317f → flow:12c18556932b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b24715291f7dc36:host:172.234.197.23	SESSION-6b24715291f7dc36 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-38d81f2383b0ad0b:flow:0180b80bdbbd	SESSION-38d81f2383b0ad0b → flow:0180b80bdbbd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-df808ed8a09d8e60:SESSION-df808ed8a09d8e60	SESSION-df808ed8a09d8e60 → pe:tls:SESSION-df808ed8a09d8e60
flow_observed4-aryOBS	e:fo:flow:b1110292eacf	flow:b1110292eacf → host:172.234.197.23 → host:177.10.238.57 → port:tcp:8856
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-09d8680ca1ab1b1e:flow:9fdc9457113e	SESSION-09d8680ca1ab1b1e → flow:9fdc9457113e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8196f582d24c6a3:host:172.234.197.23	SESSION-b8196f582d24c6a3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2290de8fcf2817df:SESSION-2290de8fcf2817df	SESSION-2290de8fcf2817df → pe:tls:SESSION-2290de8fcf2817df
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.40:geo_-16.28860_-49.01640	host:177.10.237.40 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:14e7347487d9:port:tcp:443	flow:14e7347487d9 → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-15ce8c1431c2e2c7:BSG-BEACON-9ff93f2bd63e	SESSION-15ce8c1431c2e2c7 → BSG-BEACON-9ff93f2bd63e
flow_observed5-aryOBS	e:fo:flow:15af48869be8	flow:15af48869be8 → host:177.10.234.81 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ce2f2546c044634:flow:04128c2b4605	SESSION-8ce2f2546c044634 → flow:04128c2b4605
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-848626bce2ee7b76:flow:6fe180bbb2da	SESSION-848626bce2ee7b76 → flow:6fe180bbb2da
flow_observed5-aryOBS	e:fo:flow:d44636dbb1ca	flow:d44636dbb1ca → host:177.10.234.192 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b1dfe7de9432473b:host:172.234.197.23:host:131.196.29.201	SESSION-b1dfe7de9432473b → host:172.234.197.23 → host:131.196.29.201
FLOW_TO_HOSTOBS	e:to:SESSION-f49d888fd824b97a:host:172.234.197.23	SESSION-f49d888fd824b97a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-70cb56f6bea3d067:host:172.234.197.23	SESSION-70cb56f6bea3d067 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7fb420f75ffa7d0f:host:131.196.30.81:host:172.234.197.23	SESSION-7fb420f75ffa7d0f → host:131.196.30.81 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-382b47d73202b6ac:SESSION-382b47d73202b6ac	SESSION-382b47d73202b6ac → pe:tls:SESSION-382b47d73202b6ac
FLOW_DST_PORTOBS	e:fp:flow:7272a06da853:port:tcp:443	flow:7272a06da853 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ccf862d3dae518e:SESSION-8ccf862d3dae518e	SESSION-8ccf862d3dae518e → pe:syn:SESSION-8ccf862d3dae518e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6da60a47e57e7ba3:host:45.173.156.243	SESSION-6da60a47e57e7ba3 → host:45.173.156.243
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-140a58b5ab5dfb04:SESSION-140a58b5ab5dfb04	SESSION-140a58b5ab5dfb04 → pe:tls:SESSION-140a58b5ab5dfb04
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59e3e2edbc9b18fa:host:177.10.232.132	SESSION-59e3e2edbc9b18fa → host:177.10.232.132
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fec8e81be891b7cc:flow:85fc1fdd3721	SESSION-fec8e81be891b7cc → flow:85fc1fdd3721
FLOW_TO_HOSTOBS	e:to:SESSION-605acf1f49534e97:host:172.234.197.23	SESSION-605acf1f49534e97 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c876d9731eec34af:host:172.234.197.23:host:177.10.239.232	SESSION-c876d9731eec34af → host:172.234.197.23 → host:177.10.239.232
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-63be833bbb100650:host:172.234.197.23:host:131.196.28.128	SESSION-63be833bbb100650 → host:172.234.197.23 → host:131.196.28.128
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58209016b963372b:host:172.234.197.23	SESSION-58209016b963372b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e41bbf161497:port:tcp:59762	flow:e41bbf161497 → port:tcp:59762
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.222:geo_-23.62930_-46.63510	host:131.196.28.222 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7e6270bfda958738:SESSION-7e6270bfda958738	SESSION-7e6270bfda958738 → pe:tls:SESSION-7e6270bfda958738
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f234671aee206898:SESSION-f234671aee206898	SESSION-f234671aee206898 → pe:syn:SESSION-f234671aee206898
FLOW_FROM_HOSTOBS	e:from:SESSION-3c8bfb1726ad64d7:host:177.10.236.110	SESSION-3c8bfb1726ad64d7 → host:177.10.236.110
FLOW_FROM_HOSTOBS	e:from:SESSION-4f1cb2d411cdd6d7:host:172.234.197.23	SESSION-4f1cb2d411cdd6d7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e938dc96c7665991:SESSION-e938dc96c7665991	SESSION-e938dc96c7665991 → pe:tls:SESSION-e938dc96c7665991
FLOW_TO_HOSTOBS	e:to:SESSION-e3089f893be8ea87:host:131.196.30.222	SESSION-e3089f893be8ea87 → host:131.196.30.222
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.72.218.77:geo_33.89160_35.50240	host:185.72.218.77 → geo_33.89160_35.50240
flow_observed5-aryOBS	e:fo:flow:983413e2d3e3	flow:983413e2d3e3 → host:93.119.5.133 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.111:geo_41.02140_28.99480	host:37.221.79.111 → geo_41.02140_28.99480
flow_observed4-aryOBS	e:fo:flow:8e700218094e	flow:8e700218094e → host:172.234.197.23 → host:177.10.235.205 → port:tcp:33603
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-74d9117e815e4c77:flow:12402f5ea0e3	SESSION-74d9117e815e4c77 → flow:12402f5ea0e3
flow_observed5-aryOBS	e:fo:flow:d3502ef6da0c	flow:d3502ef6da0c → host:131.196.30.124 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:48bf951f542b:port:tcp:443	flow:48bf951f542b → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:9ade9c3210d2:port:tcp:443	flow:9ade9c3210d2 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-54da05b162213325:host:172.234.197.23:host:177.10.238.30	SESSION-54da05b162213325 → host:172.234.197.23 → host:177.10.238.30
FLOW_DST_PORTOBS	e:fp:flow:870af0042d8d:port:tcp:443	flow:870af0042d8d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-de7198c98f7f92ee:SESSION-de7198c98f7f92ee	SESSION-de7198c98f7f92ee → pe:tls:SESSION-de7198c98f7f92ee
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4af1d7a3219c207:flow:041d6c0ffc77	SESSION-d4af1d7a3219c207 → flow:041d6c0ffc77
flow_observed5-aryOBS	e:fo:flow:7d842f33d9ec	flow:7d842f33d9ec → host:37.27.162.26 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.233:asn:262880	host:177.10.237.233 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:63ec30f12b69:port:tcp:443	flow:63ec30f12b69 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-30ddbb300887e80e:flow:cd8eb2888715	SESSION-30ddbb300887e80e → flow:cd8eb2888715
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.137:geo_-16.28860_-49.01640	host:177.10.235.137 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e391b214be46ad73:host:131.196.30.246	SESSION-e391b214be46ad73 → host:131.196.30.246
flow_observed5-aryOBS	e:fo:flow:8b11ab71f223	flow:8b11ab71f223 → host:177.10.236.92 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.227:asn:271410	host:131.196.28.227 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb4d3e328cdf4bcd:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cb4d3e328cdf4bcd → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5252ca05229eda25:host:177.10.238.211	SESSION-5252ca05229eda25 → host:177.10.238.211
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-750eaff924399322:host:45.173.156.70	SESSION-750eaff924399322 → host:45.173.156.70
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.249:asn:262880	host:177.10.234.249 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-7eeea37688fc574d:host:177.10.238.157	SESSION-7eeea37688fc574d → host:177.10.238.157
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-858e7fe3651dc7b6:flow:4779704d8082	SESSION-858e7fe3651dc7b6 → flow:4779704d8082
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e9497f317705308:host:131.196.31.250	SESSION-8e9497f317705308 → host:131.196.31.250
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-712d2d82579af730:host:172.234.197.23	SESSION-712d2d82579af730 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c20a24472712669d:PCAP:capture_20260430150001:ded20914761d	SESSION-c20a24472712669d → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-469f9efa6316e344:flow:2f47b2ba0bf8	SESSION-469f9efa6316e344 → flow:2f47b2ba0bf8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-805fb07d7b5cb44b:flow:f6335468dd94	SESSION-805fb07d7b5cb44b → flow:f6335468dd94
flow_observed5-aryOBS	e:fo:flow:cc6ee1599869	flow:cc6ee1599869 → host:177.10.233.144 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:af7bc9759ccd	flow:af7bc9759ccd → host:195.20.104.8 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1a09dd97dc23cca0:SESSION-1a09dd97dc23cca0	SESSION-1a09dd97dc23cca0 → pe:tls:SESSION-1a09dd97dc23cca0
FLOW_FROM_HOSTOBS	e:from:SESSION-c390a73ee41b4c6d:host:103.230.240.59	SESSION-c390a73ee41b4c6d → host:103.230.240.59
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-67fe6c66ab1f1fcd:host:177.10.236.235:host:172.234.197.23	SESSION-67fe6c66ab1f1fcd → host:177.10.236.235 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4670d2b8fb3d0344:SESSION-4670d2b8fb3d0344	SESSION-4670d2b8fb3d0344 → pe:tls:SESSION-4670d2b8fb3d0344
FLOW_FROM_HOSTOBS	e:from:SESSION-1ec00a834c5afff3:host:172.234.197.23	SESSION-1ec00a834c5afff3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3f48cf8f11b8f73e:SESSION-3f48cf8f11b8f73e	SESSION-3f48cf8f11b8f73e → pe:tls:SESSION-3f48cf8f11b8f73e
FLOW_FROM_HOSTOBS	e:from:SESSION-ec2cd7bdebda0247:host:177.10.237.6	SESSION-ec2cd7bdebda0247 → host:177.10.237.6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b16231fef814b904:flow:d3bfe28004a6	SESSION-b16231fef814b904 → flow:d3bfe28004a6
FLOW_FROM_HOSTOBS	e:from:SESSION-a2a075c2c818644a:host:131.196.30.84	SESSION-a2a075c2c818644a → host:131.196.30.84
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e2a96a3225ff388:flow:0d406dc36797	SESSION-7e2a96a3225ff388 → flow:0d406dc36797
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3988a9d0230ebd4d:host:131.196.29.93:host:172.234.197.23	SESSION-3988a9d0230ebd4d → host:131.196.29.93 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-90972096b6b00a4b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-90972096b6b00a4b → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1440a3c9b30a4056:SESSION-1440a3c9b30a4056	SESSION-1440a3c9b30a4056 → pe:syn:SESSION-1440a3c9b30a4056
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-23deab886ec517b0:SESSION-23deab886ec517b0	SESSION-23deab886ec517b0 → pe:syn:SESSION-23deab886ec517b0
FLOW_FROM_HOSTOBS	e:from:SESSION-cc431699568b9daa:host:131.196.31.48	SESSION-cc431699568b9daa → host:131.196.31.48
FLOW_DST_PORTOBS	e:fp:flow:b2ef26ffc34a:port:tcp:443	flow:b2ef26ffc34a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e2d293cdcc6efc8:host:177.10.236.100	SESSION-3e2d293cdcc6efc8 → host:177.10.236.100
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-41d09b35a7c7bf56:SESSION-41d09b35a7c7bf56	SESSION-41d09b35a7c7bf56 → pe:tls:SESSION-41d09b35a7c7bf56
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-341cb53ffc41c3af:host:131.196.31.150:host:172.234.197.23	SESSION-341cb53ffc41c3af → host:131.196.31.150 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-55d7f3379dec0798:flow:e9a6c21b5639	SESSION-55d7f3379dec0798 → flow:e9a6c21b5639
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.102:asn:262880	host:177.10.236.102 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5fdb408b0b3dd802:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5fdb408b0b3dd802 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:210140bd7750:port:tcp:443	flow:210140bd7750 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-921ff5b52f826cc0:SESSION-921ff5b52f826cc0	SESSION-921ff5b52f826cc0 → pe:tls:SESSION-921ff5b52f826cc0
FLOW_FROM_HOSTOBS	e:from:SESSION-d6bdcd515a2308bd:host:177.10.236.26	SESSION-d6bdcd515a2308bd → host:177.10.236.26
flow_observed5-aryOBS	e:fo:flow:a7ced61ba274	flow:a7ced61ba274 → host:131.196.29.162 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:aeda0575aba8:port:tcp:443	flow:aeda0575aba8 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cfdf430166eb3e5d:host:131.196.31.40	SESSION-cfdf430166eb3e5d → host:131.196.31.40
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-244625927b0e7703:BSG-BEACON-5cf613fd15c2	SESSION-244625927b0e7703 → BSG-BEACON-5cf613fd15c2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3ba165dc958434de:PCAP:capture_20260430070001:903a0e7a436b	SESSION-3ba165dc958434de → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-9726d81acc78b8e7:host:172.234.197.23	SESSION-9726d81acc78b8e7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4dc0a9d4d6e7897:host:177.10.234.37	SESSION-d4dc0a9d4d6e7897 → host:177.10.234.37
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1530091b08a9906d:host:167.235.194.109:host:172.234.197.23	SESSION-1530091b08a9906d → host:167.235.194.109 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3931cb15b35f138a:host:172.234.197.23	SESSION-3931cb15b35f138a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f344d747ad66bc9c:host:172.234.197.23	SESSION-f344d747ad66bc9c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f559965f53cd:port:tcp:443	flow:f559965f53cd → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.132:geo_-23.62930_-46.63510	host:131.196.30.132 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.204:geo_-16.28860_-49.01640	host:177.10.232.204 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a904c233015ef9c:SESSION-4a904c233015ef9c	SESSION-4a904c233015ef9c → pe:syn:SESSION-4a904c233015ef9c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2794803b6e3661a7:host:172.234.197.23:host:177.10.238.156	SESSION-2794803b6e3661a7 → host:172.234.197.23 → host:177.10.238.156
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.84:geo_-16.28860_-49.01640	host:177.10.235.84 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5397b2a7490ae0fb:SESSION-5397b2a7490ae0fb	SESSION-5397b2a7490ae0fb → pe:syn:SESSION-5397b2a7490ae0fb
FLOW_FROM_HOSTOBS	e:from:SESSION-049aa291881e8f8b:host:177.10.232.72	SESSION-049aa291881e8f8b → host:177.10.232.72
FLOW_FROM_HOSTOBS	e:from:SESSION-2240076057fcee51:host:45.173.156.189	SESSION-2240076057fcee51 → host:45.173.156.189
flow_observed5-aryOBS	e:fo:flow:343bb530aa8e	flow:343bb530aa8e → host:131.196.28.71 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f7273aea3ec9beab:flow:074c39686250	SESSION-f7273aea3ec9beab → flow:074c39686250
FLOW_DST_PORTOBS	e:fp:flow:68ab9bebddb0:port:tcp:42316	flow:68ab9bebddb0 → port:tcp:42316
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.207:geo_-23.62930_-46.63510	host:131.196.28.207 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:e3edff7df072	flow:e3edff7df072 → host:177.10.232.196 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cfdf42e58546762b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-cfdf42e58546762b → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b325e5efc54d34b8:SESSION-b325e5efc54d34b8	SESSION-b325e5efc54d34b8 → pe:tls:SESSION-b325e5efc54d34b8
FLOW_DST_PORTOBS	e:fp:flow:3d68dedcff75:port:tcp:241	flow:3d68dedcff75 → port:tcp:241
FLOW_TO_HOSTOBS	e:to:SESSION-15ce8c1431c2e2c7:host:172.234.197.23	SESSION-15ce8c1431c2e2c7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c58b004ff38abe14:host:172.234.197.23	SESSION-c58b004ff38abe14 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2aac95e416ec	flow:2aac95e416ec → host:177.10.236.149 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-69461a2f3e15a448:host:172.234.197.23	SESSION-69461a2f3e15a448 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37dea09d598a2ad1:host:177.10.234.148	SESSION-37dea09d598a2ad1 → host:177.10.234.148
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6b24715291f7dc36:PCAP:capture_20260430060001:919b39a74464	SESSION-6b24715291f7dc36 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f5575c7d9faf65d:host:172.234.197.23	SESSION-5f5575c7d9faf65d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.56:geo_-16.28860_-49.01640	host:177.10.236.56 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fa3e9fc803f342ab:host:45.173.156.123:host:172.234.197.23	SESSION-fa3e9fc803f342ab → host:45.173.156.123 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-12cb447eb42d83b5:host:177.10.236.90	SESSION-12cb447eb42d83b5 → host:177.10.236.90
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-139cf5bd66e27bf0:host:177.10.236.27	SESSION-139cf5bd66e27bf0 → host:177.10.236.27
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.71:asn:262880	host:177.10.236.71 → asn:262880
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-33075a11d7099c2b:BSG-BEACON-2568ae649544	SESSION-33075a11d7099c2b → BSG-BEACON-2568ae649544
FLOW_DST_PORTOBS	e:fp:flow:de87957d122a:port:tcp:443	flow:de87957d122a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-edfeffbce5127655:host:172.234.197.23	SESSION-edfeffbce5127655 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.191:asn:262880	host:177.10.237.191 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.109:asn:262880	host:177.10.239.109 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-51daf4959db84d02:SESSION-51daf4959db84d02	SESSION-51daf4959db84d02 → pe:dns:SESSION-51daf4959db84d02
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3831f1a5ed6fd2c0:PCAP:capture_20260430150001:ded20914761d	SESSION-3831f1a5ed6fd2c0 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e6b70cce2b53886b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e6b70cce2b53886b → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4be6b5471ca196a:host:172.234.197.23:host:177.10.238.83	SESSION-c4be6b5471ca196a → host:172.234.197.23 → host:177.10.238.83
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cac3103b39cc2b1a:host:177.10.238.25	SESSION-cac3103b39cc2b1a → host:177.10.238.25
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7eabead80f81736f:host:172.234.197.23	SESSION-7eabead80f81736f → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.75:asn:271410	host:131.196.30.75 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:5725aeb457d8:port:udp:53	flow:5725aeb457d8 → port:udp:53
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.139:asn:271410	host:131.196.29.139 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-113354c1b6207940:host:131.196.30.196:host:172.234.197.23	SESSION-113354c1b6207940 → host:131.196.30.196 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d147f8cae941ed80:host:172.234.197.23	SESSION-d147f8cae941ed80 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5d964dffb085	flow:5d964dffb085 → host:131.196.29.122 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4e339b9f879a911:flow:472712aef2aa	SESSION-d4e339b9f879a911 → flow:472712aef2aa
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5c7bf6a31f6e2d56:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5c7bf6a31f6e2d56 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-c7201144bad9d462:host:172.234.197.23	SESSION-c7201144bad9d462 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-518ecd8ebc2250f7:host:45.173.156.14	SESSION-518ecd8ebc2250f7 → host:45.173.156.14
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f15dcbaf5ef33ebd:SESSION-f15dcbaf5ef33ebd	SESSION-f15dcbaf5ef33ebd → pe:tls:SESSION-f15dcbaf5ef33ebd
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.47:geo_-16.28860_-49.01640	host:177.10.236.47 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c4ebc5699ec1c63:host:172.234.197.23	SESSION-9c4ebc5699ec1c63 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e7caeaef261aefc4:SESSION-e7caeaef261aefc4	SESSION-e7caeaef261aefc4 → pe:tls:SESSION-e7caeaef261aefc4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.78:asn:271410	host:131.196.30.78 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.1:asn:271410	host:131.196.30.1 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bda9924d3f6d619:host:172.234.197.23	SESSION-4bda9924d3f6d619 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ddbd1238f020bf6b:host:177.10.239.132	SESSION-ddbd1238f020bf6b → host:177.10.239.132
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8e3933798ce80a4c:SESSION-8e3933798ce80a4c	SESSION-8e3933798ce80a4c → pe:syn:SESSION-8e3933798ce80a4c
FLOW_TO_HOSTOBS	e:to:SESSION-86b61cf52362ae86:host:172.234.197.23	SESSION-86b61cf52362ae86 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e22ceaf98f82b588:host:172.234.197.23	SESSION-e22ceaf98f82b588 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4d3f821e6497	flow:4d3f821e6497 → host:177.10.235.14 → host:172.234.197.23 → port:tcp:443 → svc:https
ASN_IN_ORGOBS 80%	e:ao:asn:203771:org:Servervia Bilisim Yazilim Ve Telekomunikasyon Hizmetleri Limited Sirketi	asn:203771 → org:Servervia Bilisim Yazilim Ve Telekomunikasyon Hizmetleri Limited Sirketi
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d33ef29909b4f2d5:SESSION-d33ef29909b4f2d5	SESSION-d33ef29909b4f2d5 → pe:tls:SESSION-d33ef29909b4f2d5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4437969c398261c:flow:841969c73efe	SESSION-c4437969c398261c → flow:841969c73efe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-51cdac11b30f43cf:SESSION-51cdac11b30f43cf	SESSION-51cdac11b30f43cf → pe:tls:SESSION-51cdac11b30f43cf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6c5da4152a907bbd:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6c5da4152a907bbd → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1228b317d5ce27b4:host:45.173.156.194:host:172.234.197.23	SESSION-1228b317d5ce27b4 → host:45.173.156.194 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3e361598c12a1af0:SESSION-3e361598c12a1af0	SESSION-3e361598c12a1af0 → pe:syn:SESSION-3e361598c12a1af0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d9260442e0efbdc6:flow:462902a6a8a1	SESSION-d9260442e0efbdc6 → flow:462902a6a8a1
FLOW_FROM_HOSTOBS	e:from:SESSION-625fc1856b5bb87f:host:177.10.239.235	SESSION-625fc1856b5bb87f → host:177.10.239.235
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3a6f73143abd0c86:PCAP:capture_20260430080001:93f47cc296a4	SESSION-3a6f73143abd0c86 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:14298c15af91:port:tcp:443	flow:14298c15af91 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c21445b24cd8699:host:177.10.235.186	SESSION-1c21445b24cd8699 → host:177.10.235.186
flow_observed5-aryOBS	e:fo:flow:c42148660ed1	flow:c42148660ed1 → host:131.196.30.225 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e1f0a324b14316cd:flow:d880470ab7bc	SESSION-e1f0a324b14316cd → flow:d880470ab7bc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc2cf38876d5e15c:flow:30667e1e1d96	SESSION-cc2cf38876d5e15c → flow:30667e1e1d96
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-98452f7d1a82c494:PCAP:capture_20260430090001:065659c7d314	SESSION-98452f7d1a82c494 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4dcbfb7362ab6402:host:172.234.197.23	SESSION-4dcbfb7362ab6402 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.148:geo_-16.28860_-49.01640	host:177.10.239.148 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-e8b71ac0dda5d9d9:host:177.10.234.126	SESSION-e8b71ac0dda5d9d9 → host:177.10.234.126
FLOW_DST_PORTOBS	e:fp:flow:63c6719f1581:port:tcp:443	flow:63c6719f1581 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ce6819df966f00de:flow:0c6b61bfa335	SESSION-ce6819df966f00de → flow:0c6b61bfa335
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d43ada4a289f704d:SESSION-d43ada4a289f704d	SESSION-d43ada4a289f704d → pe:syn:SESSION-d43ada4a289f704d
FLOW_DST_PORTOBS	e:fp:flow:dd029d64292f:port:tcp:443	flow:dd029d64292f → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f95aea3e66ab57b:host:172.234.197.23	SESSION-4f95aea3e66ab57b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:85d29f3e7626:port:tcp:443	flow:85d29f3e7626 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2aa7e55175462248:flow:9f6b4e85da26	SESSION-2aa7e55175462248 → flow:9f6b4e85da26
FLOW_DST_PORTOBS	e:fp:flow:f77233f9c1d1:port:tcp:443	flow:f77233f9c1d1 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:1f272876d5bf:port:tcp:80	flow:1f272876d5bf → port:tcp:80
FLOW_DST_PORTOBS	e:fp:flow:4390e50ad8b5:port:tcp:443	flow:4390e50ad8b5 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-905e7318b3a63042:host:172.234.197.23	SESSION-905e7318b3a63042 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9af6eb1ce6cb824f:host:172.234.197.23	SESSION-9af6eb1ce6cb824f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-96639b4b4a33e422:host:131.196.28.56	SESSION-96639b4b4a33e422 → host:131.196.28.56
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-38a9f2b2580a8fb5:SESSION-38a9f2b2580a8fb5	SESSION-38a9f2b2580a8fb5 → pe:syn:SESSION-38a9f2b2580a8fb5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-660cb7ef624de29d:flow:d9190055622b	SESSION-660cb7ef624de29d → flow:d9190055622b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f105059d1ed0a542:flow:96f3e0f6ccea	SESSION-f105059d1ed0a542 → flow:96f3e0f6ccea
FLOW_FROM_HOSTOBS	e:from:SESSION-c4367b2e8a53d74f:host:177.10.236.171	SESSION-c4367b2e8a53d74f → host:177.10.236.171
FLOW_DST_PORTOBS	e:fp:flow:aeca5c8fc99c:port:tcp:443	flow:aeca5c8fc99c → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-461eadc2db19418d:flow:84c3bc2c7389	SESSION-461eadc2db19418d → flow:84c3bc2c7389
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bcba548cda079292:SESSION-bcba548cda079292	SESSION-bcba548cda079292 → pe:tls:SESSION-bcba548cda079292
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7948a18eeb1cbc0d:SESSION-7948a18eeb1cbc0d	SESSION-7948a18eeb1cbc0d → pe:syn:SESSION-7948a18eeb1cbc0d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b05f07ed9250ae8e:host:172.234.197.23	SESSION-b05f07ed9250ae8e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:70a16a96af81	flow:70a16a96af81 → host:131.196.28.10 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-c876d9731eec34af:host:177.10.239.232	SESSION-c876d9731eec34af → host:177.10.239.232
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e673f566483c0ed3:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e673f566483c0ed3 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ad4604a15181cb67:SESSION-ad4604a15181cb67	SESSION-ad4604a15181cb67 → pe:syn:SESSION-ad4604a15181cb67
flow_observed4-aryOBS	e:fo:flow:cbaae6c0a7f8	flow:cbaae6c0a7f8 → host:172.234.197.23 → host:177.10.239.164 → port:tcp:57952
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8c60a94331c3e233:flow:739dcc01ed96	SESSION-8c60a94331c3e233 → flow:739dcc01ed96
FLOW_TO_HOSTOBS	e:to:SESSION-b58dfbdc72ba0e86:host:172.234.197.23	SESSION-b58dfbdc72ba0e86 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-192cf58c18726bf1:host:172.234.197.23	SESSION-192cf58c18726bf1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-677c9237241fc75d:SESSION-677c9237241fc75d	SESSION-677c9237241fc75d → pe:tls:SESSION-677c9237241fc75d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:35.216.234.82:geo_47.36430_8.54370	host:35.216.234.82 → geo_47.36430_8.54370
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.31:geo_-16.28860_-49.01640	host:177.10.237.31 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.232:asn:262880	host:177.10.232.232 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-b8f12ada0f88f122:host:199.16.157.181	SESSION-b8f12ada0f88f122 → host:199.16.157.181
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7e6be5ba8db3cda:host:131.196.30.228	SESSION-c7e6be5ba8db3cda → host:131.196.30.228
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb2ab3101d5e046e:PCAP:capture_20260430150001:ded20914761d	SESSION-cb2ab3101d5e046e → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2460b60c939eb75b:SESSION-2460b60c939eb75b	SESSION-2460b60c939eb75b → pe:syn:SESSION-2460b60c939eb75b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0ffe1a7a04c39301:SESSION-0ffe1a7a04c39301	SESSION-0ffe1a7a04c39301 → pe:syn:SESSION-0ffe1a7a04c39301
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9500d9b64493d052:flow:07bf3b36f425	SESSION-9500d9b64493d052 → flow:07bf3b36f425
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-921ff5b52f826cc0:host:172.234.197.23	SESSION-921ff5b52f826cc0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-58f4b45cf908ad77:SESSION-58f4b45cf908ad77	SESSION-58f4b45cf908ad77 → pe:syn:SESSION-58f4b45cf908ad77
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6229e1e1c7b389d0:host:172.234.197.23:host:177.10.235.158	SESSION-6229e1e1c7b389d0 → host:172.234.197.23 → host:177.10.235.158
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7bd472de7dbc823f:host:45.173.156.209	SESSION-7bd472de7dbc823f → host:45.173.156.209
FLOW_TO_HOSTOBS	e:to:SESSION-d776155c4ea7cbea:host:177.10.232.12	SESSION-d776155c4ea7cbea → host:177.10.232.12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-79ceb7ef9cce8d79:SESSION-79ceb7ef9cce8d79	SESSION-79ceb7ef9cce8d79 → pe:tls:SESSION-79ceb7ef9cce8d79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db858a9d0e579c0c:host:172.234.197.23	SESSION-db858a9d0e579c0c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-442d12ad40b35d12:SESSION-442d12ad40b35d12	SESSION-442d12ad40b35d12 → pe:syn:SESSION-442d12ad40b35d12
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-195f8b2639df23c4:host:172.234.197.23:host:131.196.30.92	SESSION-195f8b2639df23c4 → host:172.234.197.23 → host:131.196.30.92
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5ef74cd6b285b3c9:SESSION-5ef74cd6b285b3c9	SESSION-5ef74cd6b285b3c9 → pe:syn:SESSION-5ef74cd6b285b3c9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-01e9e36dd29e3f1f:PCAP:capture_20260430050001:8868731bf8a4	SESSION-01e9e36dd29e3f1f → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4385c2f73c2ee0db:flow:fece39964b22	SESSION-4385c2f73c2ee0db → flow:fece39964b22
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.122:geo_-23.62930_-46.63510	host:131.196.28.122 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c5f8419335024f52:SESSION-c5f8419335024f52	SESSION-c5f8419335024f52 → pe:tls:SESSION-c5f8419335024f52
FLOW_TO_HOSTOBS	e:to:SESSION-e6d45a86f046cac8:host:45.173.156.3	SESSION-e6d45a86f046cac8 → host:45.173.156.3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb70871923a8cd06:host:131.196.29.132	SESSION-bb70871923a8cd06 → host:131.196.29.132
FLOW_FROM_HOSTOBS	e:from:SESSION-10db7c117acba2ed:host:177.10.239.71	SESSION-10db7c117acba2ed → host:177.10.239.71
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7b7470a9d5ba162:PCAP:capture_20260430110001:43611bdf6759	SESSION-b7b7470a9d5ba162 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa4dbd42e40690e9:SESSION-aa4dbd42e40690e9	SESSION-aa4dbd42e40690e9 → pe:syn:SESSION-aa4dbd42e40690e9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.247:geo_-16.28860_-49.01640	host:177.10.232.247 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7f77535316d56a4c:flow:dd0834107db0	SESSION-7f77535316d56a4c → flow:dd0834107db0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32273c66c8bf9656:host:172.234.197.23	SESSION-32273c66c8bf9656 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-72cd504b232e316e:host:131.196.30.184	SESSION-72cd504b232e316e → host:131.196.30.184
FLOW_FROM_HOSTOBS	e:from:SESSION-788920b93ac95b5f:host:172.234.197.23	SESSION-788920b93ac95b5f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0847a7bc7e933771:host:172.234.197.23	SESSION-0847a7bc7e933771 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-81ef982aa5449fd9:host:45.173.156.230	SESSION-81ef982aa5449fd9 → host:45.173.156.230
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7852f400065b4a55:host:131.196.30.143	SESSION-7852f400065b4a55 → host:131.196.30.143
FLOW_FROM_HOSTOBS	e:from:SESSION-b5e7695ca2cac12f:host:172.234.197.23	SESSION-b5e7695ca2cac12f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:023af7fdc649:port:tcp:443	flow:023af7fdc649 → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-bac5dc0e18d2349f:BSG-DATA_EXFIL-ab9b61ce5d61	SESSION-bac5dc0e18d2349f → BSG-DATA_EXFIL-ab9b61ce5d61
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ce217831fb6e1103:SESSION-ce217831fb6e1103	SESSION-ce217831fb6e1103 → pe:syn:SESSION-ce217831fb6e1103
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7792ff6d5e7124a:flow:ffa767bf73be	SESSION-b7792ff6d5e7124a → flow:ffa767bf73be
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-61838f073a9a90b1:host:177.10.236.62	SESSION-61838f073a9a90b1 → host:177.10.236.62
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07bcf39894ea5ee9:host:97.139.12.85	SESSION-07bcf39894ea5ee9 → host:97.139.12.85
FLOW_DST_PORTOBS	e:fp:flow:59c0c7a37f54:port:tcp:443	flow:59c0c7a37f54 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:15b03786a53b	flow:15b03786a53b → host:131.196.28.107 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d32b9643240d8a79:SESSION-d32b9643240d8a79	SESSION-d32b9643240d8a79 → pe:tls:SESSION-d32b9643240d8a79
flow_observed4-aryOBS	e:fo:flow:c1a070eb40ea	flow:c1a070eb40ea → host:172.234.197.23 → host:177.10.232.233 → port:tcp:42342
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e7caeaef261aefc4:PCAP:capture_20260430060001:919b39a74464	SESSION-e7caeaef261aefc4 → PCAP:capture_20260430060001:919b39a74464
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.117:geo_-23.62930_-46.63510	host:131.196.29.117 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1bd78fd10af70dea:host:172.234.197.23	SESSION-1bd78fd10af70dea → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d7065e22830f:port:tcp:443	flow:d7065e22830f → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:10d5d6d2cffc:port:tcp:443	flow:10d5d6d2cffc → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-710b55a9f3a0edd9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-710b55a9f3a0edd9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4b5ce2843c92e119:flow:4ecd8582d753	SESSION-4b5ce2843c92e119 → flow:4ecd8582d753
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3cd6c8dc824ee14d:SESSION-3cd6c8dc824ee14d	SESSION-3cd6c8dc824ee14d → pe:tls:SESSION-3cd6c8dc824ee14d
FLOW_FROM_HOSTOBS	e:from:SESSION-35834184401bcda8:host:54.184.232.115	SESSION-35834184401bcda8 → host:54.184.232.115
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb77a42bb02f4581:host:131.196.29.203	SESSION-cb77a42bb02f4581 → host:131.196.29.203
FLOW_DST_PORTOBS	e:fp:flow:61b1a3ff21d8:port:tcp:443	flow:61b1a3ff21d8 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.245:geo_-16.28860_-49.01640	host:177.10.232.245 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5ac91adedbe1ec7:host:131.196.29.215	SESSION-d5ac91adedbe1ec7 → host:131.196.29.215
FLOW_FROM_HOSTOBS	e:from:SESSION-fd6ef4118ff649ff:host:131.196.30.176	SESSION-fd6ef4118ff649ff → host:131.196.30.176
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f81e7ae5e8e38135:flow:6e3832b2b70d	SESSION-f81e7ae5e8e38135 → flow:6e3832b2b70d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ff331192f9cad8b9:SESSION-ff331192f9cad8b9	SESSION-ff331192f9cad8b9 → pe:tls:SESSION-ff331192f9cad8b9
FLOW_FROM_HOSTOBS	e:from:SESSION-2996f9b3a522abad:host:131.196.30.145	SESSION-2996f9b3a522abad → host:131.196.30.145
FLOW_DST_PORTOBS	e:fp:flow:b2facc8158c8:port:tcp:443	flow:b2facc8158c8 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-394aeca8e13c39b2:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-394aeca8e13c39b2 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-67a9355576766cfe:SESSION-67a9355576766cfe	SESSION-67a9355576766cfe → pe:syn:SESSION-67a9355576766cfe
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cf07a99306d1414b:host:45.173.156.52:host:172.234.197.23	SESSION-cf07a99306d1414b → host:45.173.156.52 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-265fcf20a19ad440:SESSION-265fcf20a19ad440	SESSION-265fcf20a19ad440 → pe:syn:SESSION-265fcf20a19ad440
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e3d7339ef5a101ca:host:51.94.180.11:host:172.234.197.23	SESSION-e3d7339ef5a101ca → host:51.94.180.11 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6050ca7af62c0465:flow:67789bf9388e	SESSION-6050ca7af62c0465 → flow:67789bf9388e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b8107d9388b9d334:SESSION-b8107d9388b9d334	SESSION-b8107d9388b9d334 → pe:tls:SESSION-b8107d9388b9d334
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d0ac7328414c6be9:host:177.10.234.218:host:172.234.197.23	SESSION-d0ac7328414c6be9 → host:177.10.234.218 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-f6ab7360966186b9:BSG-BEACON-2ae80de08661	SESSION-f6ab7360966186b9 → BSG-BEACON-2ae80de08661
FLOW_FROM_HOSTOBS	e:from:SESSION-4d4d7fb155f65fdf:host:177.10.239.82	SESSION-4d4d7fb155f65fdf → host:177.10.239.82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c14806e741c4fd98:SESSION-c14806e741c4fd98	SESSION-c14806e741c4fd98 → pe:tls:SESSION-c14806e741c4fd98
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-18c88d2b92c30f28:host:172.234.197.23:host:177.10.239.227	SESSION-18c88d2b92c30f28 → host:172.234.197.23 → host:177.10.239.227
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cea44595be79fe10:PCAP:capture_20260430160001:9bfa4498506a	SESSION-cea44595be79fe10 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-05b6ffb2a7e9e145:host:172.234.197.23	SESSION-05b6ffb2a7e9e145 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2f5f99625dcfae4:host:3.102.147.184	SESSION-e2f5f99625dcfae4 → host:3.102.147.184
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f910dce05c4c16f4:SESSION-f910dce05c4c16f4	SESSION-f910dce05c4c16f4 → pe:tls:SESSION-f910dce05c4c16f4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4c9278fb58fb6165:PCAP:capture_20260430060001:919b39a74464	SESSION-4c9278fb58fb6165 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-007ba64cafd5a15c:host:172.234.197.23	SESSION-007ba64cafd5a15c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9429230c27071ffa:host:172.234.197.23	SESSION-9429230c27071ffa → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-455353f546d0ad3e:host:177.10.234.250	SESSION-455353f546d0ad3e → host:177.10.234.250
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ef49ba6d990c029:PCAP:capture_20260430070001:903a0e7a436b	SESSION-5ef49ba6d990c029 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a24ab62cbf4deb47:SESSION-a24ab62cbf4deb47	SESSION-a24ab62cbf4deb47 → pe:tls:SESSION-a24ab62cbf4deb47
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-68010cf4db790ce8:SESSION-68010cf4db790ce8	SESSION-68010cf4db790ce8 → pe:syn:SESSION-68010cf4db790ce8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-969e64e33723c991:host:45.173.156.33:host:172.234.197.23	SESSION-969e64e33723c991 → host:45.173.156.33 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fdee4339c7caabb6:host:177.10.234.98	SESSION-fdee4339c7caabb6 → host:177.10.234.98
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.2:geo_-21.10010_-41.69200	host:45.173.156.2 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:7304835f81a0:port:tcp:443	flow:7304835f81a0 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2096050a1fa0221d:SESSION-2096050a1fa0221d	SESSION-2096050a1fa0221d → pe:tls:SESSION-2096050a1fa0221d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5d45bed796decc2:SESSION-b5d45bed796decc2	SESSION-b5d45bed796decc2 → pe:tls:SESSION-b5d45bed796decc2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b10aefef2d5c06b7:PCAP:capture_20260430110001:43611bdf6759	SESSION-b10aefef2d5c06b7 → PCAP:capture_20260430110001:43611bdf6759
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.207:geo_-16.28860_-49.01640	host:177.10.238.207 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-99d54d6eadbc1138:flow:64b719335e9c	SESSION-99d54d6eadbc1138 → flow:64b719335e9c
FLOW_DST_PORTOBS	e:fp:flow:746bb43ffdeb:port:tcp:443	flow:746bb43ffdeb → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:846c12dfcaad:port:tcp:443	flow:846c12dfcaad → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:c0bc3d7637a6	flow:c0bc3d7637a6 → host:45.173.156.164 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c7b20ceba4f49bfd:SESSION-c7b20ceba4f49bfd	SESSION-c7b20ceba4f49bfd → pe:tls:SESSION-c7b20ceba4f49bfd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-21a6fb1ae6879e55:SESSION-21a6fb1ae6879e55	SESSION-21a6fb1ae6879e55 → pe:syn:SESSION-21a6fb1ae6879e55
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-151e53ee3004033b:host:172.234.197.23	SESSION-151e53ee3004033b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bb9766ebe449a845:flow:3b3399fbef03	SESSION-bb9766ebe449a845 → flow:3b3399fbef03
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7d6af4ef287316d5:SESSION-7d6af4ef287316d5	SESSION-7d6af4ef287316d5 → pe:syn:SESSION-7d6af4ef287316d5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-28d0a7763ce2861c:SESSION-28d0a7763ce2861c	SESSION-28d0a7763ce2861c → pe:syn:SESSION-28d0a7763ce2861c
flow_observed5-aryOBS	e:fo:flow:e6d0c733a638	flow:e6d0c733a638 → host:131.196.28.81 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:63fe30a74448	flow:63fe30a74448 → host:177.10.234.80 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:fe36b6a000f8:port:tcp:37794	flow:fe36b6a000f8 → port:tcp:37794
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6315d280130065c8:PCAP:capture_20260430160001:9bfa4498506a	SESSION-6315d280130065c8 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0c6698f170085be7:flow:08ca89fd81e3	SESSION-0c6698f170085be7 → flow:08ca89fd81e3
HOST_IN_ASNOBS 85%	e:ha:host:85.11.167.8:asn:213438	host:85.11.167.8 → asn:213438
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf0bb0d03710ab65:host:177.10.236.64	SESSION-bf0bb0d03710ab65 → host:177.10.236.64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2e615d118f3247e2:SESSION-2e615d118f3247e2	SESSION-2e615d118f3247e2 → pe:tls:SESSION-2e615d118f3247e2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68b7f3c84c5e7661:host:172.234.197.23	SESSION-68b7f3c84c5e7661 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e0a730d87d8b98f3:host:177.10.234.46	SESSION-e0a730d87d8b98f3 → host:177.10.234.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ded52056067d22b2:SESSION-ded52056067d22b2	SESSION-ded52056067d22b2 → pe:syn:SESSION-ded52056067d22b2
FLOW_TO_HOSTOBS	e:to:SESSION-05b6ffb2a7e9e145:host:172.234.197.23	SESSION-05b6ffb2a7e9e145 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3099272ee060	flow:3099272ee060 → host:37.221.79.41 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_FROM_HOSTOBS	e:from:SESSION-5fdfd79cbce8be94:host:177.10.238.236	SESSION-5fdfd79cbce8be94 → host:177.10.238.236
FLOW_FROM_HOSTOBS	e:from:SESSION-728f64f1954defae:host:172.234.197.23	SESSION-728f64f1954defae → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03724996262dbf01:host:177.10.239.148	SESSION-03724996262dbf01 → host:177.10.239.148
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b849b4bd4115608f:host:172.234.197.23	SESSION-b849b4bd4115608f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7b82ba7177f8:port:tcp:1128	flow:7b82ba7177f8 → port:tcp:1128
FLOW_DST_PORTOBS	e:fp:flow:65cc5b5651c1:port:tcp:14074	flow:65cc5b5651c1 → port:tcp:14074
flow_observed5-aryOBS	e:fo:flow:6052a0ac6134	flow:6052a0ac6134 → host:131.196.28.146 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-578ff4b2beeb08df:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-578ff4b2beeb08df → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a4b43b46bbfc9c3:host:172.234.197.23	SESSION-0a4b43b46bbfc9c3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-191c84cbdd981857:flow:36f9278deffd	SESSION-191c84cbdd981857 → flow:36f9278deffd
FLOW_DST_PORTOBS	e:fp:flow:ae90b115280a:port:tcp:779	flow:ae90b115280a → port:tcp:779
FLOW_FROM_HOSTOBS	e:from:SESSION-8a3cdd61760cc277:host:172.234.197.23	SESSION-8a3cdd61760cc277 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-76b86119fe5d0a6f:flow:4ef48c8a3468	SESSION-76b86119fe5d0a6f → flow:4ef48c8a3468
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-777f9d135946568c:host:177.10.232.159	SESSION-777f9d135946568c → host:177.10.232.159
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3056fcd37df4e63f:SESSION-3056fcd37df4e63f	SESSION-3056fcd37df4e63f → pe:tls:SESSION-3056fcd37df4e63f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8a20fc4ba13bfca4:SESSION-8a20fc4ba13bfca4	SESSION-8a20fc4ba13bfca4 → pe:tls:SESSION-8a20fc4ba13bfca4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-55ef1be4460b895e:SESSION-55ef1be4460b895e	SESSION-55ef1be4460b895e → pe:tls:SESSION-55ef1be4460b895e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8e1fcfb1c4254c4b:flow:19537cef41e5	SESSION-8e1fcfb1c4254c4b → flow:19537cef41e5
FLOW_TO_HOSTOBS	e:to:SESSION-4081c2e8ed1c2925:host:131.196.31.27	SESSION-4081c2e8ed1c2925 → host:131.196.31.27
flow_observed5-aryOBS	e:fo:flow:925bccf38367	flow:925bccf38367 → host:177.10.235.85 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d45c3fc16863e5ef:SESSION-d45c3fc16863e5ef	SESSION-d45c3fc16863e5ef → pe:syn:SESSION-d45c3fc16863e5ef
FLOW_DST_PORTOBS	e:fp:flow:4383ccc27ae9:port:tcp:50649	flow:4383ccc27ae9 → port:tcp:50649
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b68b7374dcfd0024:SESSION-b68b7374dcfd0024	SESSION-b68b7374dcfd0024 → pe:tls:SESSION-b68b7374dcfd0024
FLOW_TO_HOSTOBS	e:to:SESSION-b97d7b281ae973a8:host:172.234.197.23	SESSION-b97d7b281ae973a8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e332f49c3a5896d2:host:172.234.197.23	SESSION-e332f49c3a5896d2 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:758a8992fe82	flow:758a8992fe82 → host:172.234.197.23 → host:177.10.236.218 → port:tcp:64088
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6b4752d4afe8ec71:flow:8611e35c54ed	SESSION-6b4752d4afe8ec71 → flow:8611e35c54ed
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7aaf7c17fdae8be6:flow:cf10ff39f766	SESSION-7aaf7c17fdae8be6 → flow:cf10ff39f766
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ee8963275c4b434b:flow:a2e5567adfc2	SESSION-ee8963275c4b434b → flow:a2e5567adfc2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.63:asn:262880	host:177.10.233.63 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9ada05a103ba2b64:SESSION-9ada05a103ba2b64	SESSION-9ada05a103ba2b64 → pe:tls:SESSION-9ada05a103ba2b64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-caaa6bcaac59e7b9:host:177.10.233.158	SESSION-caaa6bcaac59e7b9 → host:177.10.233.158
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.244:asn:271410	host:131.196.31.244 → asn:271410
flow_observed4-aryOBS	e:fo:flow:72b61607d168	flow:72b61607d168 → host:172.234.197.23 → host:177.10.232.24 → port:tcp:30886
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0dab8159384d982:host:131.196.31.19	SESSION-b0dab8159384d982 → host:131.196.31.19
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d5e5bbccd32f2d5:host:172.234.197.23	SESSION-5d5e5bbccd32f2d5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-610b47e21d599964:SESSION-610b47e21d599964	SESSION-610b47e21d599964 → pe:tls:SESSION-610b47e21d599964
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.152:asn:271410	host:131.196.29.152 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-15d25700bea96717:PCAP:capture_20260430080001:93f47cc296a4	SESSION-15d25700bea96717 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-55d5dc737e01c0f7:host:172.234.197.23	SESSION-55d5dc737e01c0f7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f737e621c51c7ecf:host:172.234.197.23	SESSION-f737e621c51c7ecf → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e77738dbb03f9aec:flow:de18500862da	SESSION-e77738dbb03f9aec → flow:de18500862da
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6328c86c978f61df:flow:d0a8864bb9eb	SESSION-6328c86c978f61df → flow:d0a8864bb9eb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-433230166b97139a:flow:b2bccfbb111e	SESSION-433230166b97139a → flow:b2bccfbb111e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eac07967aaca78dc:flow:0f410ff5afe2	SESSION-eac07967aaca78dc → flow:0f410ff5afe2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4b7d412d830baf98:flow:ae37fe3d14c0	SESSION-4b7d412d830baf98 → flow:ae37fe3d14c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-786e34aed7c64f61:host:131.196.28.0	SESSION-786e34aed7c64f61 → host:131.196.28.0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5fbe82bcd0d20589:host:177.10.232.157:host:172.234.197.23	SESSION-5fbe82bcd0d20589 → host:177.10.232.157 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:2f47b2ba0bf8:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:2f47b2ba0bf8 → tls_sni:172-234-197-23.ip.linodeusercontent.com
flow_observed5-aryOBS	e:fo:flow:cc19df9248ba	flow:cc19df9248ba → host:131.196.30.49 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-a3e5e93fe3cda49d:host:172.234.197.23	SESSION-a3e5e93fe3cda49d → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:0ba7fcd14499	flow:0ba7fcd14499 → host:172.234.197.23 → host:131.196.28.100 → port:tcp:53570
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-18178a1924ee92a1:host:172.234.197.23	SESSION-18178a1924ee92a1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c873de224cbac149:SESSION-c873de224cbac149	SESSION-c873de224cbac149 → pe:tls:SESSION-c873de224cbac149
FLOW_DST_PORTOBS	e:fp:flow:631582c4148b:port:tcp:443	flow:631582c4148b → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:3992ce7fa8ec:port:tcp:443	flow:3992ce7fa8ec → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2490746063a947f9:host:131.196.28.10:host:172.234.197.23	SESSION-2490746063a947f9 → host:131.196.28.10 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c701d534f5ceb273:host:172.234.197.23	SESSION-c701d534f5ceb273 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-671ee03668a9eda8:host:172.234.197.23:host:177.10.239.252	SESSION-671ee03668a9eda8 → host:172.234.197.23 → host:177.10.239.252
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5816b4a8f681ef76:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5816b4a8f681ef76 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ab491f454947df2e:flow:df7fa005a388	SESSION-ab491f454947df2e → flow:df7fa005a388
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8dbd1afb05a3a814:flow:b7cec5afb634	SESSION-8dbd1afb05a3a814 → flow:b7cec5afb634
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ccb8c7743352cfdc:host:172.234.197.23	SESSION-ccb8c7743352cfdc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a810a8703b9c77f1:host:172.234.197.23	SESSION-a810a8703b9c77f1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-106d77d887836a65:SESSION-106d77d887836a65	SESSION-106d77d887836a65 → pe:tls:SESSION-106d77d887836a65
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ba3ff89783efd81:host:177.10.238.138	SESSION-4ba3ff89783efd81 → host:177.10.238.138
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e405c5dfa444c3be:host:15.152.35.247:host:172.234.197.23	SESSION-e405c5dfa444c3be → host:15.152.35.247 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6cfabb521c7f73a1:SESSION-6cfabb521c7f73a1	SESSION-6cfabb521c7f73a1 → pe:syn:SESSION-6cfabb521c7f73a1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-88c19910e1cb1242:SESSION-88c19910e1cb1242	SESSION-88c19910e1cb1242 → pe:syn:SESSION-88c19910e1cb1242
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-54da05b162213325:PCAP:capture_20260430110001:43611bdf6759	SESSION-54da05b162213325 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be95a34ad4eedb81:flow:47a0c583b8c2	SESSION-be95a34ad4eedb81 → flow:47a0c583b8c2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-019d89e6bcaa6e4e:flow:41921b7b3887	SESSION-019d89e6bcaa6e4e → flow:41921b7b3887
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bd4f427df690125:host:177.10.237.223	SESSION-4bd4f427df690125 → host:177.10.237.223
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a046afd146222299:host:103.155.16.117	SESSION-a046afd146222299 → host:103.155.16.117
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-27b5dd82e2b65bbd:SESSION-27b5dd82e2b65bbd	SESSION-27b5dd82e2b65bbd → pe:tls:SESSION-27b5dd82e2b65bbd
FLOW_FROM_HOSTOBS	e:from:SESSION-3529b49a7d38dad6:host:177.10.237.211	SESSION-3529b49a7d38dad6 → host:177.10.237.211
FLOW_TO_HOSTOBS	e:to:SESSION-4d1e35f842f44326:host:172.234.197.23	SESSION-4d1e35f842f44326 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9ef36b158fc63267:host:172.234.197.23:host:177.10.234.89	SESSION-9ef36b158fc63267 → host:172.234.197.23 → host:177.10.234.89
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-34a5ce0f23d7a2a1:PCAP:capture_20260430090001:065659c7d314	SESSION-34a5ce0f23d7a2a1 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8104be0e9171978:host:172.232.0.17	SESSION-e8104be0e9171978 → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-97bd7f793ae0ea11:SESSION-97bd7f793ae0ea11	SESSION-97bd7f793ae0ea11 → pe:syn:SESSION-97bd7f793ae0ea11
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-620284e2b3f3a282:PCAP:capture_20260430060001:919b39a74464	SESSION-620284e2b3f3a282 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:6ca74d3a8e5f:port:tcp:443	flow:6ca74d3a8e5f → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.205:asn:203771	host:185.231.226.205 → asn:203771
flow_observed4-aryOBS	e:fo:flow:82ed4e90b8f2	flow:82ed4e90b8f2 → host:172.234.197.23 → host:131.196.29.215 → port:tcp:1321
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cac7b08c7fb71f18:SESSION-cac7b08c7fb71f18	SESSION-cac7b08c7fb71f18 → pe:syn:SESSION-cac7b08c7fb71f18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-596b6c60b11eaa92:SESSION-596b6c60b11eaa92	SESSION-596b6c60b11eaa92 → pe:tls:SESSION-596b6c60b11eaa92
FLOW_FROM_HOSTOBS	e:from:SESSION-2dca77003c0beb45:host:44.248.141.231	SESSION-2dca77003c0beb45 → host:44.248.141.231
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2963f6e37ebf1d0d:SESSION-2963f6e37ebf1d0d	SESSION-2963f6e37ebf1d0d → pe:tls:SESSION-2963f6e37ebf1d0d
FLOW_DST_PORTOBS	e:fp:flow:2bebb61ba81a:port:tcp:443	flow:2bebb61ba81a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-fe84550c6b54c988:host:177.10.239.102	SESSION-fe84550c6b54c988 → host:177.10.239.102
flow_observed5-aryOBS	e:fo:flow:ec60c21c4d5f	flow:ec60c21c4d5f → host:177.10.235.185 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1129a02e66df3e40:host:131.196.30.252:host:172.234.197.23	SESSION-1129a02e66df3e40 → host:131.196.30.252 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c0d18b24ee9d3d4:host:172.234.197.23	SESSION-6c0d18b24ee9d3d4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b3c5b9cd096d7e31:host:131.196.31.222:host:172.234.197.23	SESSION-b3c5b9cd096d7e31 → host:131.196.31.222 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-34da31e596580b61:flow:e48771c0c3dd	SESSION-34da31e596580b61 → flow:e48771c0c3dd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a650ad390b72264d:PCAP:capture_20260430090001:065659c7d314	SESSION-a650ad390b72264d → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-d17b7bdf4ae9fb2c:host:177.10.239.77	SESSION-d17b7bdf4ae9fb2c → host:177.10.239.77
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1f299703bc1b4ff9:PCAP:capture_20260430060001:919b39a74464	SESSION-1f299703bc1b4ff9 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:cadf0893e2ce:port:tcp:443	flow:cadf0893e2ce → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3f12e4f5ba81c4d8:SESSION-3f12e4f5ba81c4d8	SESSION-3f12e4f5ba81c4d8 → pe:tls:SESSION-3f12e4f5ba81c4d8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-029d1f2d00b0343a:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-029d1f2d00b0343a → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1a7a1da766d51711:SESSION-1a7a1da766d51711	SESSION-1a7a1da766d51711 → pe:tls:SESSION-1a7a1da766d51711
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-7de8e99103378c90:SESSION-7de8e99103378c90	SESSION-7de8e99103378c90 → pe:dns:SESSION-7de8e99103378c90
FLOW_TO_HOSTOBS	e:to:SESSION-db638e9136fa3895:host:172.234.197.23	SESSION-db638e9136fa3895 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a33d29db5091f68:host:172.234.197.23	SESSION-2a33d29db5091f68 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51bc0a4af53b62cc:host:177.10.233.136:host:172.234.197.23	SESSION-51bc0a4af53b62cc → host:177.10.233.136 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ef09ac1cb842:port:tcp:443	flow:ef09ac1cb842 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:b85d57875d64:port:tcp:443	flow:b85d57875d64 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b3fd62b1832b0e41:flow:a31746b72125	SESSION-b3fd62b1832b0e41 → flow:a31746b72125
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d2ec4538209fcf12:SESSION-d2ec4538209fcf12	SESSION-d2ec4538209fcf12 → pe:syn:SESSION-d2ec4538209fcf12
FLOW_DST_PORTOBS	e:fp:flow:6262808a9407:port:tcp:443	flow:6262808a9407 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.245:geo_-21.10010_-41.69200	host:45.173.156.245 → geo_-21.10010_-41.69200
FLOW_FROM_HOSTOBS	e:from:SESSION-9433c1773faa9882:host:172.234.197.23	SESSION-9433c1773faa9882 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4424212d2efd30c8:host:131.196.29.55	SESSION-4424212d2efd30c8 → host:131.196.29.55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d73d5fbffa5706a1:SESSION-d73d5fbffa5706a1	SESSION-d73d5fbffa5706a1 → pe:syn:SESSION-d73d5fbffa5706a1
flow_observed3-aryOBS	e:fo:flow:df8afc8fe6e6	flow:df8afc8fe6e6 → host:56.155.73.64 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6b1835ff26c3:port:tcp:443	flow:6b1835ff26c3 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6c15e0230f45f826:host:177.10.234.113:host:172.234.197.23	SESSION-6c15e0230f45f826 → host:177.10.234.113 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ea20601fa7d993b:SESSION-1ea20601fa7d993b	SESSION-1ea20601fa7d993b → pe:syn:SESSION-1ea20601fa7d993b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.60:geo_-16.28860_-49.01640	host:177.10.232.60 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a776552d0ac90a05:host:172.234.197.23	SESSION-a776552d0ac90a05 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:40.177.218.231:asn:16509	host:40.177.218.231 → asn:16509
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.135.228.10:geo_41.00190_28.96450	host:95.135.228.10 → geo_41.00190_28.96450
FLOW_FROM_HOSTOBS	e:from:SESSION-cc2cf38876d5e15c:host:177.10.234.93	SESSION-cc2cf38876d5e15c → host:177.10.234.93
flow_observed5-aryOBS	e:fo:flow:70e6dbadc53e	flow:70e6dbadc53e → host:131.196.31.40 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7d282d56df8eba3:host:131.196.31.231	SESSION-f7d282d56df8eba3 → host:131.196.31.231
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-62151f99a31dc755:SESSION-62151f99a31dc755	SESSION-62151f99a31dc755 → pe:tls:SESSION-62151f99a31dc755
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e2f1e05754e84c30:SESSION-e2f1e05754e84c30	SESSION-e2f1e05754e84c30 → pe:tls:SESSION-e2f1e05754e84c30
FLOW_DST_PORTOBS	e:fp:flow:b4cc404c4942:port:tcp:443	flow:b4cc404c4942 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc399ebe92ddbae6:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-cc399ebe92ddbae6 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.60:geo_41.00190_28.96450	host:95.170.25.60 → geo_41.00190_28.96450
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5739ac8f3bafac6c:PCAP:capture_20260430070001:903a0e7a436b	SESSION-5739ac8f3bafac6c → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:6154ca7be068	flow:6154ca7be068 → host:131.196.30.200 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.200:asn:271410	host:131.196.28.200 → asn:271410
flow_observed4-aryOBS	e:fo:flow:514ff26d4034	flow:514ff26d4034 → host:172.234.197.23 → host:177.10.239.35 → port:tcp:16012
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e7098e9f09e131f1:host:172.234.197.23:host:131.196.29.160	SESSION-e7098e9f09e131f1 → host:172.234.197.23 → host:131.196.29.160
FLOW_TO_HOSTOBS	e:to:SESSION-8f486345fbdf5443:host:131.196.31.2	SESSION-8f486345fbdf5443 → host:131.196.31.2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ac89834f3c269f55:SESSION-ac89834f3c269f55	SESSION-ac89834f3c269f55 → pe:tls:SESSION-ac89834f3c269f55
FLOW_FROM_HOSTOBS	e:from:SESSION-337cf74c19f2631e:host:172.234.197.23	SESSION-337cf74c19f2631e → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.229:geo_-23.62930_-46.63510	host:131.196.29.229 → geo_-23.62930_-46.63510
flow_observed3-aryOBS	e:fo:flow:eadceaa402ba	flow:eadceaa402ba → host:3.112.93.79 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96afec3035986aab:SESSION-96afec3035986aab	SESSION-96afec3035986aab → pe:syn:SESSION-96afec3035986aab
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1075bb458d3b18a:host:95.170.25.200:host:172.234.197.23	SESSION-d1075bb458d3b18a → host:95.170.25.200 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c5c562cec43ce89e:flow:3f70d1b6a98a	SESSION-c5c562cec43ce89e → flow:3f70d1b6a98a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e8a9e43c374485d:host:177.10.237.72	SESSION-9e8a9e43c374485d → host:177.10.237.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa658fe130f71ff5:SESSION-aa658fe130f71ff5	SESSION-aa658fe130f71ff5 → pe:syn:SESSION-aa658fe130f71ff5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-9c36bc9032caa64b:SESSION-9c36bc9032caa64b	SESSION-9c36bc9032caa64b → pe:rst:SESSION-9c36bc9032caa64b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-030b2a260e8012dd:host:172.234.197.23	SESSION-030b2a260e8012dd → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.229:asn:262880	host:177.10.237.229 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da7125a184793aeb:host:172.234.197.23	SESSION-da7125a184793aeb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-15ce8c1431c2e2c7:flow:c0389422a5c0	SESSION-15ce8c1431c2e2c7 → flow:c0389422a5c0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.66:geo_-23.62930_-46.63510	host:131.196.30.66 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.77:asn:273470	host:45.173.156.77 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-049aa291881e8f8b:host:177.10.232.72:host:172.234.197.23	SESSION-049aa291881e8f8b → host:177.10.232.72 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-73ce8b7b43538e4e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-73ce8b7b43538e4e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:c9fbf0ec0b9e	flow:c9fbf0ec0b9e → host:172.234.197.23 → host:172.93.100.236 → port:tcp:42148
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e6511da7c7cd8e1:host:172.234.197.23	SESSION-4e6511da7c7cd8e1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a108f3a8f652bd55:SESSION-a108f3a8f652bd55	SESSION-a108f3a8f652bd55 → pe:tls:SESSION-a108f3a8f652bd55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1627b9df9d2fc920:SESSION-1627b9df9d2fc920	SESSION-1627b9df9d2fc920 → pe:tls:SESSION-1627b9df9d2fc920
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a9273620e0aaedc:PCAP:capture_20260430080001:93f47cc296a4	SESSION-8a9273620e0aaedc → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:7ccb0d93d5e0	flow:7ccb0d93d5e0 → host:92.112.71.221 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d52597e88babdbe8:host:172.234.197.23	SESSION-d52597e88babdbe8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d11cc9a154a777c:host:177.10.233.95	SESSION-8d11cc9a154a777c → host:177.10.233.95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1c21073699e99172:SESSION-1c21073699e99172	SESSION-1c21073699e99172 → pe:tls:SESSION-1c21073699e99172
FLOW_FROM_HOSTOBS	e:from:SESSION-88d03f5c2bc073a8:host:172.234.197.23	SESSION-88d03f5c2bc073a8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ca6e1431913e	flow:ca6e1431913e → host:45.173.156.26 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-3f48cf8f11b8f73e:host:172.234.197.23	SESSION-3f48cf8f11b8f73e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-784ef99bf699df93:host:104.28.202.77	SESSION-784ef99bf699df93 → host:104.28.202.77
flow_observed4-aryOBS	e:fo:flow:1bc0a9c309a5	flow:1bc0a9c309a5 → host:172.234.197.23 → host:45.173.156.142 → port:tcp:16213
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.194:geo_-21.10010_-41.69200	host:45.173.156.194 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b51b74891d2de4c5:flow:bd383841fa2b	SESSION-b51b74891d2de4c5 → flow:bd383841fa2b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db76c4941d3529f6:SESSION-db76c4941d3529f6	SESSION-db76c4941d3529f6 → pe:syn:SESSION-db76c4941d3529f6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-0afc12079a05a1b1:SESSION-0afc12079a05a1b1	SESSION-0afc12079a05a1b1 → pe:rst:SESSION-0afc12079a05a1b1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-430caa0514cbc012:flow:a48aaa9e71a4	SESSION-430caa0514cbc012 → flow:a48aaa9e71a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dd9f2ee14ec6ee20:SESSION-dd9f2ee14ec6ee20	SESSION-dd9f2ee14ec6ee20 → pe:syn:SESSION-dd9f2ee14ec6ee20
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23fc04533211debf:host:172.234.197.23	SESSION-23fc04533211debf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d77475f82108632b:SESSION-d77475f82108632b	SESSION-d77475f82108632b → pe:tls:SESSION-d77475f82108632b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8fd3b31137a7f5f9:host:177.10.239.252	SESSION-8fd3b31137a7f5f9 → host:177.10.239.252
flow_observed5-aryOBS	e:fo:flow:a45d884a7082	flow:a45d884a7082 → host:177.10.232.91 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.213:asn:262880	host:177.10.235.213 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97c8a314f3fd1c5a:host:131.196.30.120	SESSION-97c8a314f3fd1c5a → host:131.196.30.120
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a7401284f40d9f52:host:56.155.73.64:host:172.234.197.23	SESSION-a7401284f40d9f52 → host:56.155.73.64 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3fa29bafd0740f46:SESSION-3fa29bafd0740f46	SESSION-3fa29bafd0740f46 → pe:syn:SESSION-3fa29bafd0740f46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8136a084d82536a6:host:172.234.197.23	SESSION-8136a084d82536a6 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b55fe86aa2a31ece:PCAP:capture_20260430150001:ded20914761d	SESSION-b55fe86aa2a31ece → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e4dd8b9d1b64d369:flow:2743dce9549e	SESSION-e4dd8b9d1b64d369 → flow:2743dce9549e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fbd574144622ed91:SESSION-fbd574144622ed91	SESSION-fbd574144622ed91 → pe:tls:SESSION-fbd574144622ed91
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e7ad62492e870e2b:host:172.234.197.23:host:177.10.232.61	SESSION-e7ad62492e870e2b → host:172.234.197.23 → host:177.10.232.61
flow_observed5-aryOBS	e:fo:flow:8ecf4d1d097b	flow:8ecf4d1d097b → host:131.196.28.200 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0f5313432825fa0:host:177.10.237.15	SESSION-f0f5313432825fa0 → host:177.10.237.15
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bff0166abbd0d576:PCAP:capture_20260430070001:903a0e7a436b	SESSION-bff0166abbd0d576 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34b42a1bd1f93900:host:64.237.250.51	SESSION-34b42a1bd1f93900 → host:64.237.250.51
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.35:geo_-16.28860_-49.01640	host:177.10.239.35 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:5bf9d9774457	flow:5bf9d9774457 → host:177.10.239.218 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.204:asn:273470	host:45.173.156.204 → asn:273470
FLOW_TO_HOSTOBS	e:to:SESSION-946275ea323f6900:host:172.234.197.23	SESSION-946275ea323f6900 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-606a9e702080ed7e:host:172.234.197.23	SESSION-606a9e702080ed7e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d99d46a236a5e045:host:172.234.197.23	SESSION-d99d46a236a5e045 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a34c53113814	flow:a34c53113814 → host:131.196.28.46 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-082589f81acb7a8f:flow:006a40e5f40d	SESSION-082589f81acb7a8f → flow:006a40e5f40d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16f8bda1e1d11332:host:177.10.239.220	SESSION-16f8bda1e1d11332 → host:177.10.239.220
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.140:geo_-23.62930_-46.63510	host:131.196.28.140 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f1b581ea0c38fa14:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f1b581ea0c38fa14 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-3a3b20edc3bf85f8:host:177.10.233.130	SESSION-3a3b20edc3bf85f8 → host:177.10.233.130
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-10314c25bdbc198a:flow:d0366e388dff	SESSION-10314c25bdbc198a → flow:d0366e388dff
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-738a9f5daf478976:PCAP:capture_20260430070001:903a0e7a436b	SESSION-738a9f5daf478976 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c4d285e0a09c2a4:host:177.10.232.168	SESSION-2c4d285e0a09c2a4 → host:177.10.232.168
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-81ef982aa5449fd9:flow:85a454a58451	SESSION-81ef982aa5449fd9 → flow:85a454a58451
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4dda4cfeb9223891:host:172.234.197.23	SESSION-4dda4cfeb9223891 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2d55873e56af:port:tcp:14893	flow:2d55873e56af → port:tcp:14893
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.227:asn:262880	host:177.10.237.227 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f3cf945d3d1ddd41:flow:708852c2e77b	SESSION-f3cf945d3d1ddd41 → flow:708852c2e77b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7ee8538a8ddcb6ee:PCAP:capture_20260430050001:8868731bf8a4	SESSION-7ee8538a8ddcb6ee → PCAP:capture_20260430050001:8868731bf8a4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.65:asn:271410	host:131.196.30.65 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-5b2e6696cab81646:host:172.234.197.23	SESSION-5b2e6696cab81646 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3957034b2fd24e8:host:172.234.197.23	SESSION-c3957034b2fd24e8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6a7aaaa54e7dd63:host:172.234.197.23	SESSION-d6a7aaaa54e7dd63 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4f3c3204c65c6f4:flow:5682fbbbc70d	SESSION-d4f3c3204c65c6f4 → flow:5682fbbbc70d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51e02a163c57adb5:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-51e02a163c57adb5 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bee41282d03c4eb5:SESSION-bee41282d03c4eb5	SESSION-bee41282d03c4eb5 → pe:tls:SESSION-bee41282d03c4eb5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-64e6d0099998fde8:PCAP:capture_20260430160001:9bfa4498506a	SESSION-64e6d0099998fde8 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4904f64e7943cb47:PCAP:capture_20260430070001:903a0e7a436b	SESSION-4904f64e7943cb47 → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.202:asn:262880	host:177.10.237.202 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1a46a988dc3d14a3:flow:d0307c9199dc	SESSION-1a46a988dc3d14a3 → flow:d0307c9199dc
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.26:geo_-16.28860_-49.01640	host:177.10.239.26 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-00ca7ee72922697b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-00ca7ee72922697b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ef8854f2d4650c5:SESSION-2ef8854f2d4650c5	SESSION-2ef8854f2d4650c5 → pe:syn:SESSION-2ef8854f2d4650c5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-21b1ebb6f3d7bd68:PCAP:capture_20260430060001:919b39a74464	SESSION-21b1ebb6f3d7bd68 → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.209:asn:262880	host:177.10.236.209 → asn:262880
flow_observed5-aryOBS	e:fo:flow:7a831aeb3bd8	flow:7a831aeb3bd8 → host:177.10.238.87 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-e11f8c5c1e806073:host:3.102.9.236	SESSION-e11f8c5c1e806073 → host:3.102.9.236
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fd9b77a0701a4e1b:flow:c8a3c785a01c	SESSION-fd9b77a0701a4e1b → flow:c8a3c785a01c
FLOW_FROM_HOSTOBS	e:from:SESSION-9804aaba4767b862:host:172.234.197.23	SESSION-9804aaba4767b862 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-708abc4c81aa7c60:host:172.234.197.23	SESSION-708abc4c81aa7c60 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:cc88089c31a5	flow:cc88089c31a5 → host:172.234.197.23 → host:45.173.156.153 → port:tcp:33892
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07675572faa18905:host:172.234.197.23	SESSION-07675572faa18905 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed59d63ff912d69c:host:172.234.197.23	SESSION-ed59d63ff912d69c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ef7fe2bb78158297:host:177.10.239.185	SESSION-ef7fe2bb78158297 → host:177.10.239.185
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa574f1f11f5b30b:SESSION-aa574f1f11f5b30b	SESSION-aa574f1f11f5b30b → pe:tls:SESSION-aa574f1f11f5b30b
FLOW_FROM_HOSTOBS	e:from:SESSION-e06ceb4b0294ceac:host:172.234.197.23	SESSION-e06ceb4b0294ceac → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-079c82b45cfad420:flow:b13e2d90ae6a	SESSION-079c82b45cfad420 → flow:b13e2d90ae6a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-693fee7d62fe51b9:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-693fee7d62fe51b9 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17084582559fbd8c:host:131.196.28.176	SESSION-17084582559fbd8c → host:131.196.28.176
FLOW_FROM_HOSTOBS	e:from:SESSION-764a731a27d64086:host:31.40.196.4	SESSION-764a731a27d64086 → host:31.40.196.4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4503d5677d79139:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c4503d5677d79139 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2b7cd4519c0a4eb9:SESSION-2b7cd4519c0a4eb9	SESSION-2b7cd4519c0a4eb9 → pe:tls:SESSION-2b7cd4519c0a4eb9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7d282d56df8eba3:host:172.234.197.23	SESSION-f7d282d56df8eba3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2161d2ba591330e1:host:172.234.197.23	SESSION-2161d2ba591330e1 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:5923d50f575e	flow:5923d50f575e → host:172.234.197.23 → host:131.196.31.142 → port:tcp:38850
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d75311b4cd1e33ff:flow:cb4be7a193fc	SESSION-d75311b4cd1e33ff → flow:cb4be7a193fc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-378ead2076355bca:SESSION-378ead2076355bca	SESSION-378ead2076355bca → pe:tls:SESSION-378ead2076355bca
FLOW_DST_PORTOBS	e:fp:flow:ce592ad1e762:port:tcp:443	flow:ce592ad1e762 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-727af4ad5af6cc01:host:172.234.197.23	SESSION-727af4ad5af6cc01 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d36b613f081e74cb:SESSION-d36b613f081e74cb	SESSION-d36b613f081e74cb → pe:syn:SESSION-d36b613f081e74cb
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.193:geo_-23.62930_-46.63510	host:131.196.28.193 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a103d39af7264a48:host:45.173.156.67	SESSION-a103d39af7264a48 → host:45.173.156.67
flow_observed5-aryOBS	e:fo:flow:70ec5629793e	flow:70ec5629793e → host:45.173.156.57 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-e7c834c7664f83e9:host:172.234.197.23	SESSION-e7c834c7664f83e9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f5958a673e968588:PCAP:capture_20260428010001:b1b402c7b202	SESSION-f5958a673e968588 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_FROM_HOSTOBS	e:from:SESSION-5712989ddbf4728b:host:131.196.31.19	SESSION-5712989ddbf4728b → host:131.196.31.19
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d96211015a0fddb9:SESSION-d96211015a0fddb9	SESSION-d96211015a0fddb9 → pe:tls:SESSION-d96211015a0fddb9
FLOW_FROM_HOSTOBS	e:from:SESSION-7f3bd7044d582575:host:85.11.167.8	SESSION-7f3bd7044d582575 → host:85.11.167.8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96b1ae4f2b433079:host:131.196.31.163	SESSION-96b1ae4f2b433079 → host:131.196.31.163
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0b0070ff484a299:SESSION-c0b0070ff484a299	SESSION-c0b0070ff484a299 → pe:tls:SESSION-c0b0070ff484a299
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ce2f2546c044634:SESSION-8ce2f2546c044634	SESSION-8ce2f2546c044634 → pe:tls:SESSION-8ce2f2546c044634
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e9e5b45e575f3797:host:172.234.197.23	SESSION-e9e5b45e575f3797 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3efb69df0be27ca4:flow:5b833fe29bb1	SESSION-3efb69df0be27ca4 → flow:5b833fe29bb1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-354d6c0d37a0b016:host:172.234.197.23	SESSION-354d6c0d37a0b016 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.42:geo_-16.28860_-49.01640	host:177.10.232.42 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:3b689cdb82ed:port:tcp:23211	flow:3b689cdb82ed → port:tcp:23211
FLOW_DST_PORTOBS	e:fp:flow:ede30feb887b:port:tcp:443	flow:ede30feb887b → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5397b2a7490ae0fb:flow:7cceb0b75ef6	SESSION-5397b2a7490ae0fb → flow:7cceb0b75ef6
FLOW_TO_HOSTOBS	e:to:SESSION-0537be800f2fa6cb:host:172.234.197.23	SESSION-0537be800f2fa6cb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a84fec3b32ec885d:flow:47e0cd099035	SESSION-a84fec3b32ec885d → flow:47e0cd099035
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8c60a94331c3e233:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8c60a94331c3e233 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0c6698f170085be7:SESSION-0c6698f170085be7	SESSION-0c6698f170085be7 → pe:syn:SESSION-0c6698f170085be7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8383343898074aaa:flow:df01e1d27e72	SESSION-8383343898074aaa → flow:df01e1d27e72
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f57871a7505a0a35:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-f57871a7505a0a35 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d30bf1800064cde2:host:172.234.197.23:host:177.10.234.176	SESSION-d30bf1800064cde2 → host:172.234.197.23 → host:177.10.234.176
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.255:asn:262880	host:177.10.235.255 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-69a0e56e6767912e:host:131.196.31.146:host:172.234.197.23	SESSION-69a0e56e6767912e → host:131.196.31.146 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7cceb0b75ef6:port:tcp:443	flow:7cceb0b75ef6 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9729058a0ea02937:SESSION-9729058a0ea02937	SESSION-9729058a0ea02937 → pe:tls:SESSION-9729058a0ea02937
FLOW_TO_HOSTOBS	e:to:SESSION-0125cea84e0c02fd:host:172.234.197.23	SESSION-0125cea84e0c02fd → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:51.224.252.115:asn:16509	host:51.224.252.115 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-57e647fa0cdcfe5a:SESSION-57e647fa0cdcfe5a	SESSION-57e647fa0cdcfe5a → pe:syn:SESSION-57e647fa0cdcfe5a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e995e7d6e6aa04f6:SESSION-e995e7d6e6aa04f6	SESSION-e995e7d6e6aa04f6 → pe:syn:SESSION-e995e7d6e6aa04f6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77162e002cdf71b4:host:131.196.30.158	SESSION-77162e002cdf71b4 → host:131.196.30.158
flow_observed4-aryOBS	e:fo:flow:754fbbf1532a	flow:754fbbf1532a → host:172.234.197.23 → host:177.10.238.80 → port:tcp:20516
FLOW_DST_PORTOBS	e:fp:flow:d103874e528f:port:udp:53	flow:d103874e528f → port:udp:53
FLOW_FROM_HOSTOBS	e:from:SESSION-3f4f2e64710996bb:host:177.10.233.134	SESSION-3f4f2e64710996bb → host:177.10.233.134
FLOW_FROM_HOSTOBS	e:from:SESSION-2035a3586bc1f35f:host:177.10.237.87	SESSION-2035a3586bc1f35f → host:177.10.237.87
FLOW_DST_PORTOBS	e:fp:flow:af8b39b89b62:port:tcp:443	flow:af8b39b89b62 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.255:geo_-23.62930_-46.63510	host:131.196.31.255 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b93959f6df3f665b:host:172.234.197.23	SESSION-b93959f6df3f665b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-88ff33eaa18cf09d:flow:a0e0b3e2b742	SESSION-88ff33eaa18cf09d → flow:a0e0b3e2b742
FLOW_DST_PORTOBS	e:fp:flow:44c13df988ff:port:tcp:443	flow:44c13df988ff → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9eddb8081d100874:host:172.234.197.23	SESSION-9eddb8081d100874 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d31cb6e546f767b7:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d31cb6e546f767b7 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:37f76ce330d4	flow:37f76ce330d4 → host:177.10.238.68 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3224b320d23ec0cd:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3224b320d23ec0cd → PCAP:capture_20260430050001:8868731bf8a4
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.246:asn:273470	host:45.173.156.246 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b947f5515d64f3f8:SESSION-b947f5515d64f3f8	SESSION-b947f5515d64f3f8 → pe:syn:SESSION-b947f5515d64f3f8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2460b60c939eb75b:host:172.234.197.23	SESSION-2460b60c939eb75b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a247b2224692840d:host:177.10.237.156:host:172.234.197.23	SESSION-a247b2224692840d → host:177.10.237.156 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-40e0d0b129f437fd:host:147.135.97.222:host:172.234.197.23	SESSION-40e0d0b129f437fd → host:147.135.97.222 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3e386cf1d1a0:port:tcp:443	flow:3e386cf1d1a0 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7937f820efd31935:flow:7b01c5d746c3	SESSION-7937f820efd31935 → flow:7b01c5d746c3
FLOW_DST_PORTOBS	e:fp:flow:bdad748541b4:port:tcp:443	flow:bdad748541b4 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-626902abaec078eb:flow:41359760b1a0	SESSION-626902abaec078eb → flow:41359760b1a0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.146:geo_-23.62930_-46.63510	host:131.196.29.146 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-83168514d84031f4:host:177.10.238.23:host:172.234.197.23	SESSION-83168514d84031f4 → host:177.10.238.23 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b7ec051587501bc:host:177.10.234.59	SESSION-5b7ec051587501bc → host:177.10.234.59
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-87f83ff8260cc70d:flow:e698e5bcd13e	SESSION-87f83ff8260cc70d → flow:e698e5bcd13e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e652f52440b112c3:host:172.234.197.23	SESSION-e652f52440b112c3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-96878fba39db06d8:host:172.234.197.23	SESSION-96878fba39db06d8 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.125:geo_-16.28860_-49.01640	host:177.10.235.125 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-164b17078fceb547:host:172.234.197.23:host:177.10.239.92	SESSION-164b17078fceb547 → host:172.234.197.23 → host:177.10.239.92
FLOW_TO_HOSTOBS	e:to:SESSION-fddb1520b60b4e20:host:45.173.156.138	SESSION-fddb1520b60b4e20 → host:45.173.156.138
FLOW_TLS_SNIOBS	e:fs:flow:06b5920360d2:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:06b5920360d2 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4b0821df7b169e6a:SESSION-4b0821df7b169e6a	SESSION-4b0821df7b169e6a → pe:tls:SESSION-4b0821df7b169e6a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94f17b7b7397155e:host:172.234.197.23	SESSION-94f17b7b7397155e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f5bb0fb568e127c0:SESSION-f5bb0fb568e127c0	SESSION-f5bb0fb568e127c0 → pe:tls:SESSION-f5bb0fb568e127c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40ef48225b459fb9:host:172.234.197.23	SESSION-40ef48225b459fb9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e8b24d973ac1177:host:177.10.237.15	SESSION-6e8b24d973ac1177 → host:177.10.237.15
FLOW_DST_PORTOBS	e:fp:flow:c9b2de003e0c:port:tcp:443	flow:c9b2de003e0c → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-4a904c233015ef9c:host:172.234.197.23	SESSION-4a904c233015ef9c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f49ef9eceb986e78:host:172.234.197.23	SESSION-f49ef9eceb986e78 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3fc91fd95f4bed82:host:177.10.233.208	SESSION-3fc91fd95f4bed82 → host:177.10.233.208
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c35a263dbc41a3d:host:45.145.152.249	SESSION-7c35a263dbc41a3d → host:45.145.152.249
FLOW_FROM_HOSTOBS	e:from:SESSION-11142ad74b2052de:host:172.234.197.23	SESSION-11142ad74b2052de → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:11839f4b0a73	flow:11839f4b0a73 → host:172.234.197.23 → host:131.196.30.0 → port:tcp:51726
flow_observed5-aryOBS	e:fo:flow:66affa9e115f	flow:66affa9e115f → host:177.10.239.102 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed3-aryOBS	e:fo:flow:7e388f522c88	flow:7e388f522c88 → host:52.81.225.63 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d44d2d34cc029e97:PCAP:capture_20260430150001:ded20914761d	SESSION-d44d2d34cc029e97 → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:34.231.77.232:asn:14618	host:34.231.77.232 → asn:14618
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-521d3d94be94008e:host:131.196.31.10	SESSION-521d3d94be94008e → host:131.196.31.10
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-73bdc276c5a845ed:host:131.196.30.104:host:172.234.197.23	SESSION-73bdc276c5a845ed → host:131.196.30.104 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a4af85982524:port:tcp:2095	flow:a4af85982524 → port:tcp:2095
FLOW_TO_HOSTOBS	e:to:SESSION-3854a3544c69d398:host:172.232.0.16	SESSION-3854a3544c69d398 → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f5a08fe68832616d:SESSION-f5a08fe68832616d	SESSION-f5a08fe68832616d → pe:syn:SESSION-f5a08fe68832616d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ee986621b3f988f:host:172.234.197.23	SESSION-1ee986621b3f988f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2619cb568c6b860e:SESSION-2619cb568c6b860e	SESSION-2619cb568c6b860e → pe:tls:SESSION-2619cb568c6b860e
FLOW_TO_HOSTOBS	e:to:SESSION-2958e311eaa51e83:host:172.234.197.23	SESSION-2958e311eaa51e83 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f315e1ec89ae	flow:f315e1ec89ae → host:177.10.236.41 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0929735579c89e2:host:177.10.236.143	SESSION-d0929735579c89e2 → host:177.10.236.143
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-312b2e72c1d2a2ee:SESSION-312b2e72c1d2a2ee	SESSION-312b2e72c1d2a2ee → pe:syn:SESSION-312b2e72c1d2a2ee
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4bcb34449111b6ae:SESSION-4bcb34449111b6ae	SESSION-4bcb34449111b6ae → pe:syn:SESSION-4bcb34449111b6ae
FLOW_DST_PORTOBS	e:fp:flow:0e1e52db08e7:port:tcp:443	flow:0e1e52db08e7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-acf0f47433b56858:SESSION-acf0f47433b56858	SESSION-acf0f47433b56858 → pe:syn:SESSION-acf0f47433b56858
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.207:asn:273470	host:45.173.156.207 → asn:273470
FLOW_DST_PORTOBS	e:fp:flow:563ee580e3fd:port:tcp:39107	flow:563ee580e3fd → port:tcp:39107
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-73ce8b7b43538e4e:host:104.28.202.79:host:172.234.197.23	SESSION-73ce8b7b43538e4e → host:104.28.202.79 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5ed9f49ee99549f:host:91.240.224.238	SESSION-c5ed9f49ee99549f → host:91.240.224.238
flow_observed5-aryOBS	e:fo:flow:eb0a24e43cec	flow:eb0a24e43cec → host:45.145.152.145 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37dea09d598a2ad1:host:177.10.234.148:host:172.234.197.23	SESSION-37dea09d598a2ad1 → host:177.10.234.148 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-858e7fe3651dc7b6:host:177.10.239.64:host:172.234.197.23	SESSION-858e7fe3651dc7b6 → host:177.10.239.64 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-47ac7feaf227c129:host:172.232.0.17	SESSION-47ac7feaf227c129 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6054bbc1a24cbf34:host:172.234.197.23	SESSION-6054bbc1a24cbf34 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3df67864d859fde0:SESSION-3df67864d859fde0	SESSION-3df67864d859fde0 → pe:tls:SESSION-3df67864d859fde0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cea44595be79fe10:host:131.196.30.13	SESSION-cea44595be79fe10 → host:131.196.30.13
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-198cd8f9bb6f8909:host:177.10.234.78	SESSION-198cd8f9bb6f8909 → host:177.10.234.78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-abaf8d71fe47df1c:host:177.10.239.246	SESSION-abaf8d71fe47df1c → host:177.10.239.246
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-587fbc18dc61ddb0:host:177.10.235.189	SESSION-587fbc18dc61ddb0 → host:177.10.235.189
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-95229bbdec6f8a74:SESSION-95229bbdec6f8a74	SESSION-95229bbdec6f8a74 → pe:syn:SESSION-95229bbdec6f8a74
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3056fcd37df4e63f:flow:76dcffdb4705	SESSION-3056fcd37df4e63f → flow:76dcffdb4705
FLOW_TO_HOSTOBS	e:to:SESSION-40a7926fcdf458e7:host:172.234.197.23	SESSION-40a7926fcdf458e7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.197:geo_-16.28860_-49.01640	host:177.10.233.197 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-41957bf4b3a50ded:host:172.234.197.23	SESSION-41957bf4b3a50ded → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3dc32d1b123f77b5:host:172.234.197.23:host:131.196.29.78	SESSION-3dc32d1b123f77b5 → host:172.234.197.23 → host:131.196.29.78
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-331f26717743f7bf:flow:c58065526050	SESSION-331f26717743f7bf → flow:c58065526050
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.196:geo_-23.62930_-46.63510	host:131.196.30.196 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fc3065336ab4dc3e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-fc3065336ab4dc3e → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b51c77a005c8dfc8:host:172.234.197.23	SESSION-b51c77a005c8dfc8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5fdfd79cbce8be94:SESSION-5fdfd79cbce8be94	SESSION-5fdfd79cbce8be94 → pe:syn:SESSION-5fdfd79cbce8be94
FLOW_DST_PORTOBS	e:fp:flow:c15112a97887:port:tcp:443	flow:c15112a97887 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:c4c7444531ea:port:tcp:42254	flow:c4c7444531ea → port:tcp:42254
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c652a29a62d722ea:host:172.234.197.23	SESSION-c652a29a62d722ea → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7569a7ee383f653c:host:177.10.237.169	SESSION-7569a7ee383f653c → host:177.10.237.169
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8fb67bf931083b29:flow:174baaf0ee8b	SESSION-8fb67bf931083b29 → flow:174baaf0ee8b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a2000a0c75221682:PCAP:capture_20260430070001:903a0e7a436b	SESSION-a2000a0c75221682 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:86a13bb5a965	flow:86a13bb5a965 → host:177.10.238.238 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db907559277cbdbb:SESSION-db907559277cbdbb	SESSION-db907559277cbdbb → pe:tls:SESSION-db907559277cbdbb
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.165:geo_-16.28860_-49.01640	host:177.10.239.165 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-0a9091855f21b6bb:host:177.10.236.213	SESSION-0a9091855f21b6bb → host:177.10.236.213
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc41b76983738bc7:PCAP:capture_20260430110001:43611bdf6759	SESSION-cc41b76983738bc7 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2aa7e55175462248:SESSION-2aa7e55175462248	SESSION-2aa7e55175462248 → pe:tls:SESSION-2aa7e55175462248
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.87:asn:262880	host:177.10.232.87 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b8196f582d24c6a3:SESSION-b8196f582d24c6a3	SESSION-b8196f582d24c6a3 → pe:tls:SESSION-b8196f582d24c6a3
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.57:asn:273470	host:45.173.156.57 → asn:273470
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.169:asn:271410	host:131.196.30.169 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-082f90538556b940:host:172.234.197.23	SESSION-082f90538556b940 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-36a0a9e003021f23:SESSION-36a0a9e003021f23	SESSION-36a0a9e003021f23 → pe:rst:SESSION-36a0a9e003021f23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0fe55e7c11d50f79:host:177.10.236.116	SESSION-0fe55e7c11d50f79 → host:177.10.236.116
FLOW_DST_PORTOBS	e:fp:flow:41766cff5d7c:port:tcp:443	flow:41766cff5d7c → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f302c09f7d22a8d1:flow:a8d9f4468145	SESSION-f302c09f7d22a8d1 → flow:a8d9f4468145
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-122d3bc093be76f2:SESSION-122d3bc093be76f2	SESSION-122d3bc093be76f2 → pe:syn:SESSION-122d3bc093be76f2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3748d9d14aafdb8:host:177.10.236.115	SESSION-f3748d9d14aafdb8 → host:177.10.236.115
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fda1fcad7dd8a834:SESSION-fda1fcad7dd8a834	SESSION-fda1fcad7dd8a834 → pe:syn:SESSION-fda1fcad7dd8a834
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e1df474445c908f:host:131.196.30.179	SESSION-3e1df474445c908f → host:131.196.30.179
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.78:asn:271410	host:131.196.28.78 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-80f68e8f687f2dc5:host:172.234.197.23	SESSION-80f68e8f687f2dc5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ead89ade728d357d:host:51.224.181.45	SESSION-ead89ade728d357d → host:51.224.181.45
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6a19fd3219cd89ed:host:45.145.152.164:host:172.234.197.23	SESSION-6a19fd3219cd89ed → host:45.145.152.164 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e4e64fcc9780	flow:e4e64fcc9780 → host:172.234.197.23 → host:177.10.236.166 → port:tcp:6906
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99a4fe376d3938fb:host:172.234.197.23	SESSION-99a4fe376d3938fb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d5cd00671f435cc6:flow:93cfcbc224e1	SESSION-d5cd00671f435cc6 → flow:93cfcbc224e1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0046a1ddb04bc0f7:SESSION-0046a1ddb04bc0f7	SESSION-0046a1ddb04bc0f7 → pe:syn:SESSION-0046a1ddb04bc0f7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ce2516dd8311d56:SESSION-1ce2516dd8311d56	SESSION-1ce2516dd8311d56 → pe:tls:SESSION-1ce2516dd8311d56
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5da0813b370b7e29:flow:1cddd2bd8ddb	SESSION-5da0813b370b7e29 → flow:1cddd2bd8ddb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a412381d3ec6112:host:131.196.28.22:host:172.234.197.23	SESSION-4a412381d3ec6112 → host:131.196.28.22 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5d5d721b5ee8bbbc:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-5d5d721b5ee8bbbc → PCAP:capture_20260427220001:43a3d6220bc6
FLOW_FROM_HOSTOBS	e:from:SESSION-6455927ff3f8f851:host:177.10.238.117	SESSION-6455927ff3f8f851 → host:177.10.238.117
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ab6d0c9e6f54de20:host:174.202.97.85:host:172.234.197.23	SESSION-ab6d0c9e6f54de20 → host:174.202.97.85 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58ff4ad892ea2c04:host:172.234.197.23	SESSION-58ff4ad892ea2c04 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e0ce7693c786	flow:e0ce7693c786 → host:45.173.156.161 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b3a25d201ec7d699:PCAP:capture_20260430160001:9bfa4498506a	SESSION-b3a25d201ec7d699 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:c59557b9d3a6:port:tcp:16376	flow:c59557b9d3a6 → port:tcp:16376
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32ae480396f4c201:host:177.10.236.7	SESSION-32ae480396f4c201 → host:177.10.236.7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4dc418e4265e72ea:SESSION-4dc418e4265e72ea	SESSION-4dc418e4265e72ea → pe:tls:SESSION-4dc418e4265e72ea
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-280b0d78f93705fd:host:172.234.197.23	SESSION-280b0d78f93705fd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-affecc1e92c420cb:host:177.10.234.146	SESSION-affecc1e92c420cb → host:177.10.234.146
flow_observed5-aryOBS	e:fo:flow:cad221a9972e	flow:cad221a9972e → host:131.196.28.59 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a7401284f40d9f52:flow:df8afc8fe6e6	SESSION-a7401284f40d9f52 → flow:df8afc8fe6e6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4bda9924d3f6d619:PCAP:capture_20260430090001:065659c7d314	SESSION-4bda9924d3f6d619 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-228e058fc2527275:host:172.234.197.23	SESSION-228e058fc2527275 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8f932617cc08:port:tcp:443	flow:8f932617cc08 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4cde7abdf73c6af1:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-4cde7abdf73c6af1 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-54da05b162213325:host:172.234.197.23	SESSION-54da05b162213325 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a5769e3e2edd	flow:a5769e3e2edd → host:131.196.29.150 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1d00f55e5db951c5:SESSION-1d00f55e5db951c5	SESSION-1d00f55e5db951c5 → pe:syn:SESSION-1d00f55e5db951c5
flow_observed5-aryOBS	e:fo:flow:50ce6e39fbb4	flow:50ce6e39fbb4 → host:131.196.30.216 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:405ff612403a:port:tcp:443	flow:405ff612403a → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:265e1d074941:port:tcp:62622	flow:265e1d074941 → port:tcp:62622
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-921486915e849834:SESSION-921486915e849834	SESSION-921486915e849834 → pe:tls:SESSION-921486915e849834
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b91cc7f2039924f2:flow:89e22f178cd9	SESSION-b91cc7f2039924f2 → flow:89e22f178cd9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4d7e31822e7386a:flow:2af924a53b3a	SESSION-c4d7e31822e7386a → flow:2af924a53b3a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68a3da1f806283eb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-68a3da1f806283eb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
ASN_IN_ORGOBS 80%	e:ao:asn:23470:org:ReliableSite.Net LLC	asn:23470 → org:ReliableSite.Net LLC
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a32c5a0b23fc272:host:177.10.238.195	SESSION-0a32c5a0b23fc272 → host:177.10.238.195
flow_observed5-aryOBS	e:fo:flow:54355afdc05d	flow:54355afdc05d → host:177.10.232.148 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fad613e75ea639b5:flow:8865861020a3	SESSION-fad613e75ea639b5 → flow:8865861020a3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac87af78ff19f5c9:host:177.10.233.35	SESSION-ac87af78ff19f5c9 → host:177.10.233.35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-47acb5bee39822f1:SESSION-47acb5bee39822f1	SESSION-47acb5bee39822f1 → pe:syn:SESSION-47acb5bee39822f1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7391507b773a5722:SESSION-7391507b773a5722	SESSION-7391507b773a5722 → pe:tls:SESSION-7391507b773a5722
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-75d6129ea0f7ecdc:SESSION-75d6129ea0f7ecdc	SESSION-75d6129ea0f7ecdc → pe:tls:SESSION-75d6129ea0f7ecdc
flow_observed5-aryOBS	e:fo:flow:84c3bc2c7389	flow:84c3bc2c7389 → host:131.196.31.110 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-426c38e34029cb1b:SESSION-426c38e34029cb1b	SESSION-426c38e34029cb1b → pe:tls:SESSION-426c38e34029cb1b
FLOW_TO_HOSTOBS	e:to:SESSION-71340f64d1455f4f:host:172.234.197.23	SESSION-71340f64d1455f4f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-077f434652010402:SESSION-077f434652010402	SESSION-077f434652010402 → pe:syn:SESSION-077f434652010402
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9c58d6336bd500b5:SESSION-9c58d6336bd500b5	SESSION-9c58d6336bd500b5 → pe:tls:SESSION-9c58d6336bd500b5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d290f0be98eecddb:host:177.10.238.56	SESSION-d290f0be98eecddb → host:177.10.238.56
flow_observed4-aryOBS	e:fo:flow:52ff028526f6	flow:52ff028526f6 → host:172.234.197.23 → host:177.10.237.29 → port:tcp:22832
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8cb5f38c68f62897:PCAP:capture_20260430060001:919b39a74464	SESSION-8cb5f38c68f62897 → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0dad0a06445f9e1f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0dad0a06445f9e1f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:f484c8126b6c:port:tcp:15941	flow:f484c8126b6c → port:tcp:15941
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-106a8139a282a728:SESSION-106a8139a282a728	SESSION-106a8139a282a728 → pe:syn:SESSION-106a8139a282a728
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3529b49a7d38dad6:host:172.234.197.23	SESSION-3529b49a7d38dad6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cd8dbb599c016751:host:45.173.156.107	SESSION-cd8dbb599c016751 → host:45.173.156.107
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb2ab3101d5e046e:SESSION-cb2ab3101d5e046e	SESSION-cb2ab3101d5e046e → pe:tls:SESSION-cb2ab3101d5e046e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10017e021bbc0f25:host:177.10.233.24	SESSION-10017e021bbc0f25 → host:177.10.233.24
FLOW_DST_PORTOBS	e:fp:flow:7294e8d9c66f:port:tcp:443	flow:7294e8d9c66f → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d7c23b0aff57d2da:host:177.10.238.251	SESSION-d7c23b0aff57d2da → host:177.10.238.251
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ddc324b0d6a8eb6:flow:f9432a8af193	SESSION-1ddc324b0d6a8eb6 → flow:f9432a8af193
FLOW_FROM_HOSTOBS	e:from:SESSION-465906ddd8becee4:host:131.196.30.8	SESSION-465906ddd8becee4 → host:131.196.30.8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ad42e8c66a89ee5:flow:b881757616a2	SESSION-8ad42e8c66a89ee5 → flow:b881757616a2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e4de8bcb2f0334a:SESSION-4e4de8bcb2f0334a	SESSION-4e4de8bcb2f0334a → pe:syn:SESSION-4e4de8bcb2f0334a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0f3b543446abe714:host:131.196.29.132:host:172.234.197.23	SESSION-0f3b543446abe714 → host:131.196.29.132 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6ef022cf55a10b05:host:172.234.197.23	SESSION-6ef022cf55a10b05 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4898aa8f3840ecd5:host:172.234.197.23	SESSION-4898aa8f3840ecd5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb59d1b27c368873:flow:fc519ecd4501	SESSION-cb59d1b27c368873 → flow:fc519ecd4501
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-29bd7d52bed21c18:SESSION-29bd7d52bed21c18	SESSION-29bd7d52bed21c18 → pe:tls:SESSION-29bd7d52bed21c18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e91394d00b664372:SESSION-e91394d00b664372	SESSION-e91394d00b664372 → pe:tls:SESSION-e91394d00b664372
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96f33e27040b9bc9:SESSION-96f33e27040b9bc9	SESSION-96f33e27040b9bc9 → pe:syn:SESSION-96f33e27040b9bc9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f0a8fa8ac12ff0c6:host:172.234.197.23:host:177.10.233.61	SESSION-f0a8fa8ac12ff0c6 → host:172.234.197.23 → host:177.10.233.61
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-53f84807a0945e6c:PCAP:capture_20260430160001:9bfa4498506a	SESSION-53f84807a0945e6c → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-10ed4263d8057f18:host:177.10.239.115:host:172.234.197.23	SESSION-10ed4263d8057f18 → host:177.10.239.115 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:76916016f7bd	flow:76916016f7bd → host:177.10.232.164 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:0d73374bf7ca:port:tcp:50305	flow:0d73374bf7ca → port:tcp:50305
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6edbcdecdf7d835:host:177.10.238.139	SESSION-a6edbcdecdf7d835 → host:177.10.238.139
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f838b992fed206a8:host:177.10.239.51:host:172.234.197.23	SESSION-f838b992fed206a8 → host:177.10.239.51 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7014b065701d	flow:7014b065701d → host:131.196.29.206 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0796a13a25fe417a:host:177.10.233.93:host:172.234.197.23	SESSION-0796a13a25fe417a → host:177.10.233.93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d42f41260fbe7c09:host:172.234.197.23	SESSION-d42f41260fbe7c09 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5e8c587e48bf8617:host:172.234.197.23	SESSION-5e8c587e48bf8617 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6dcacced517b07e8:SESSION-6dcacced517b07e8	SESSION-6dcacced517b07e8 → pe:syn:SESSION-6dcacced517b07e8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-619cd2820aafdf33:host:172.234.197.23	SESSION-619cd2820aafdf33 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.199:geo_41.00190_28.96450	host:92.112.71.199 → geo_41.00190_28.96450
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f11cda502f952e41:SESSION-f11cda502f952e41	SESSION-f11cda502f952e41 → pe:syn:SESSION-f11cda502f952e41
FLOW_TO_HOSTOBS	e:to:SESSION-0bf80193393b0fad:host:177.10.233.183	SESSION-0bf80193393b0fad → host:177.10.233.183
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4cd4ae8706680eb9:flow:4abd29b514be	SESSION-4cd4ae8706680eb9 → flow:4abd29b514be
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e8b71ac0dda5d9d9:flow:8bff9dd47a10	SESSION-e8b71ac0dda5d9d9 → flow:8bff9dd47a10
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.20:geo_-23.62930_-46.63510	host:131.196.30.20 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-afeab5601fa36440:PCAP:capture_20260430090001:065659c7d314	SESSION-afeab5601fa36440 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1274fc3e3cafac71:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1274fc3e3cafac71 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-91da8f4807f085e6:host:177.10.235.225	SESSION-91da8f4807f085e6 → host:177.10.235.225
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5f9d16efb179df1:host:172.234.197.23	SESSION-a5f9d16efb179df1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f6061b9b172c119c:host:172.234.197.23	SESSION-f6061b9b172c119c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-578d76d32a2c1b81:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-578d76d32a2c1b81 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.146:geo_-16.28860_-49.01640	host:177.10.239.146 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-24ee1f6ef023209d:SESSION-24ee1f6ef023209d	SESSION-24ee1f6ef023209d → pe:tls:SESSION-24ee1f6ef023209d
FLOW_FROM_HOSTOBS	e:from:SESSION-b2c924632948936b:host:172.234.197.23	SESSION-b2c924632948936b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-10ed4263d8057f18:SESSION-10ed4263d8057f18	SESSION-10ed4263d8057f18 → pe:syn:SESSION-10ed4263d8057f18
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-09c382be05e629ee:host:131.196.30.114:host:172.234.197.23	SESSION-09c382be05e629ee → host:131.196.30.114 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-da3b2b353303e8e1:flow:f8430a3f1b8e	SESSION-da3b2b353303e8e1 → flow:f8430a3f1b8e
FLOW_TO_HOSTOBS	e:to:SESSION-d1d152bdff2d4d10:host:172.234.197.23	SESSION-d1d152bdff2d4d10 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f9c9bf4165c6:port:tcp:14034	flow:f9c9bf4165c6 → port:tcp:14034
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.210:asn:262880	host:177.10.235.210 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8984df52681cb36:SESSION-c8984df52681cb36	SESSION-c8984df52681cb36 → pe:tls:SESSION-c8984df52681cb36
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.37:geo_-21.10010_-41.69200	host:45.173.156.37 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc01b506a83e5847:host:131.196.31.47	SESSION-fc01b506a83e5847 → host:131.196.31.47
FLOW_FROM_HOSTOBS	e:from:SESSION-da15c25f39b20c68:host:177.10.234.137	SESSION-da15c25f39b20c68 → host:177.10.234.137
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c639517e7e5752d7:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-c639517e7e5752d7 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f1de6d316dd7305f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f1de6d316dd7305f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-d47d434116add089:host:172.234.197.23	SESSION-d47d434116add089 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f5149586093b	flow:f5149586093b → host:131.196.29.155 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2b0ee493ee38385:host:172.234.197.23	SESSION-b2b0ee493ee38385 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7b35d3dad632382:host:172.234.197.23	SESSION-f7b35d3dad632382 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7bf4f785679ea3b:host:172.234.197.23	SESSION-f7bf4f785679ea3b → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:89dc4d9501c3	flow:89dc4d9501c3 → host:172.234.197.23 → host:177.10.233.102 → port:tcp:7023
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6a10e6ba939684b8:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6a10e6ba939684b8 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-fb6fbeeb95cb61c8:host:172.234.197.23	SESSION-fb6fbeeb95cb61c8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2794803b6e3661a7:SESSION-2794803b6e3661a7	SESSION-2794803b6e3661a7 → pe:syn:SESSION-2794803b6e3661a7
FLOW_FROM_HOSTOBS	e:from:SESSION-979974e101979ba8:host:194.164.107.6	SESSION-979974e101979ba8 → host:194.164.107.6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.107:geo_-16.28860_-49.01640	host:177.10.233.107 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-08df11bd27017e71:SESSION-08df11bd27017e71	SESSION-08df11bd27017e71 → pe:dns:SESSION-08df11bd27017e71
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b22f1be22326dd94:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b22f1be22326dd94 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:1eb29619512d:port:tcp:3835	flow:1eb29619512d → port:tcp:3835
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f30fa3bd65a965fa:flow:0c15eb22a5d3	SESSION-f30fa3bd65a965fa → flow:0c15eb22a5d3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b16231fef814b904:host:177.10.237.80	SESSION-b16231fef814b904 → host:177.10.237.80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-11641f941720f4cf:flow:1afc26fd0acd	SESSION-11641f941720f4cf → flow:1afc26fd0acd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2def334ee7bae1e1:host:177.10.236.96	SESSION-2def334ee7bae1e1 → host:177.10.236.96
FLOW_FROM_HOSTOBS	e:from:SESSION-4619747059efac6f:host:45.173.156.225	SESSION-4619747059efac6f → host:45.173.156.225
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b332774cd544824a:host:177.10.237.127	SESSION-b332774cd544824a → host:177.10.237.127
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a457a833cb01b1f:host:131.196.29.40:host:172.234.197.23	SESSION-4a457a833cb01b1f → host:131.196.29.40 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fe84550c6b54c988:host:177.10.239.102:host:172.234.197.23	SESSION-fe84550c6b54c988 → host:177.10.239.102 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e66594520e7edee5:host:131.196.30.143	SESSION-e66594520e7edee5 → host:131.196.30.143
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9d0d1a45a4e9ec7:host:172.234.197.23	SESSION-b9d0d1a45a4e9ec7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4354e5bc798bd13a:host:172.234.197.23	SESSION-4354e5bc798bd13a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9de698333fa1afcb:SESSION-9de698333fa1afcb	SESSION-9de698333fa1afcb → pe:tls:SESSION-9de698333fa1afcb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f9e2f07f7ea20074:PCAP:capture_20260430150001:ded20914761d	SESSION-f9e2f07f7ea20074 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-64e6d0099998fde8:SESSION-64e6d0099998fde8	SESSION-64e6d0099998fde8 → pe:syn:SESSION-64e6d0099998fde8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95f80a98e12e105d:host:172.234.197.23	SESSION-95f80a98e12e105d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a16442ff0a72733c:SESSION-a16442ff0a72733c	SESSION-a16442ff0a72733c → pe:syn:SESSION-a16442ff0a72733c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ef1bfc51ed52e33:flow:23f7091bd6a9	SESSION-8ef1bfc51ed52e33 → flow:23f7091bd6a9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b81fa97d99ce77b6:host:172.234.197.23	SESSION-b81fa97d99ce77b6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bfd9e24a99b67097:SESSION-bfd9e24a99b67097	SESSION-bfd9e24a99b67097 → pe:tls:SESSION-bfd9e24a99b67097
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-647d0fec9adf08f1:host:172.234.197.23	SESSION-647d0fec9adf08f1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d941eb7985d54eff:host:172.234.197.23:host:177.10.235.248	SESSION-d941eb7985d54eff → host:172.234.197.23 → host:177.10.235.248
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.45:geo_41.02140_28.99480	host:31.40.196.45 → geo_41.02140_28.99480
flow_observed5-aryOBS	e:fo:flow:cbfa9d763d6b	flow:cbfa9d763d6b → host:177.10.238.238 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed3-aryOBS	e:fo:flow:002d6a380d86	flow:002d6a380d86 → host:44.255.175.112 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2bf5c26caf57dc4e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-2bf5c26caf57dc4e → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-75c0f4fa43b2bfb9:flow:ae3a6176a3b5	SESSION-75c0f4fa43b2bfb9 → flow:ae3a6176a3b5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff369745433a15b5:host:177.10.236.176	SESSION-ff369745433a15b5 → host:177.10.236.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e332f49c3a5896d2:host:131.196.28.99	SESSION-e332f49c3a5896d2 → host:131.196.28.99
flow_observed5-aryOBS	e:fo:flow:3bfc067919a3	flow:3bfc067919a3 → host:177.10.235.15 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.130:asn:203771	host:37.221.79.130 → asn:203771
FLOW_TO_HOSTOBS	e:to:SESSION-a22fc187bcc4d705:host:172.234.197.23	SESSION-a22fc187bcc4d705 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a34bb428906fa48c:SESSION-a34bb428906fa48c	SESSION-a34bb428906fa48c → pe:tls:SESSION-a34bb428906fa48c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-779dfe498151f730:SESSION-779dfe498151f730	SESSION-779dfe498151f730 → pe:tls:SESSION-779dfe498151f730
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-efcc1618f79daeb7:SESSION-efcc1618f79daeb7	SESSION-efcc1618f79daeb7 → pe:tls:SESSION-efcc1618f79daeb7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-70a92a3cd71eafd5:SESSION-70a92a3cd71eafd5	SESSION-70a92a3cd71eafd5 → pe:syn:SESSION-70a92a3cd71eafd5
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.88:asn:262880	host:177.10.233.88 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8a52e21a979a3cd:host:172.234.197.23	SESSION-c8a52e21a979a3cd → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bc37b0c14be06192:host:172.234.197.23	SESSION-bc37b0c14be06192 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eb40f64797e3fe16:host:172.234.197.23:host:177.10.238.5	SESSION-eb40f64797e3fe16 → host:172.234.197.23 → host:177.10.238.5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fcbc735dfd8018d:host:172.234.197.23	SESSION-5fcbc735dfd8018d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60aea8c76fce71c9:host:131.196.29.80	SESSION-60aea8c76fce71c9 → host:131.196.29.80
FLOW_FROM_HOSTOBS	e:from:SESSION-f43bb83d69743819:host:177.10.237.77	SESSION-f43bb83d69743819 → host:177.10.237.77
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-744a603206d06e24:SESSION-744a603206d06e24	SESSION-744a603206d06e24 → pe:rst:SESSION-744a603206d06e24
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b3c5b9cd096d7e31:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b3c5b9cd096d7e31 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.150:asn:273470	host:45.173.156.150 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3913d4a535b9029:host:172.234.197.23	SESSION-f3913d4a535b9029 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bebd9f8afa50544a:host:172.234.197.23	SESSION-bebd9f8afa50544a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5ae017ce34991ed1:host:172.234.197.23	SESSION-5ae017ce34991ed1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-67f971eb3e92b8d2:SESSION-67f971eb3e92b8d2	SESSION-67f971eb3e92b8d2 → pe:tls:SESSION-67f971eb3e92b8d2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.172:asn:262880	host:177.10.234.172 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-c3b504551617ec2c:host:172.234.197.23	SESSION-c3b504551617ec2c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-45775bc626dbc608:host:172.234.197.23	SESSION-45775bc626dbc608 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:10f4ed99a8a2	flow:10f4ed99a8a2 → host:172.234.197.23 → host:177.10.235.12 → port:tcp:3061
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49fc7ea897578489:host:45.145.152.169	SESSION-49fc7ea897578489 → host:45.145.152.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8098f7aeb1e3da6f:host:13.60.168.200	SESSION-8098f7aeb1e3da6f → host:13.60.168.200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1d806fe7541c4b2:host:172.234.197.23	SESSION-e1d806fe7541c4b2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c3fb7e9e34f6	flow:c3fb7e9e34f6 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7d861e0bc561d261:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7d861e0bc561d261 → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.203:geo_-16.28860_-49.01640	host:177.10.234.203 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a6c7a2e5cf818d0a:SESSION-a6c7a2e5cf818d0a	SESSION-a6c7a2e5cf818d0a → pe:tls:SESSION-a6c7a2e5cf818d0a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b475107bbd97ed39:host:177.10.238.250	SESSION-b475107bbd97ed39 → host:177.10.238.250
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e41a4ef6cc929c5:host:131.196.29.48	SESSION-7e41a4ef6cc929c5 → host:131.196.29.48
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-182527d04a349453:PCAP:capture_20260430160001:9bfa4498506a	SESSION-182527d04a349453 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ed5513c22512ddd:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-2ed5513c22512ddd → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b31cf1240fb1e101:host:172.234.197.23	SESSION-b31cf1240fb1e101 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9c37952dcebc:port:tcp:443	flow:9c37952dcebc → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:58f1af48c31f:port:tcp:443	flow:58f1af48c31f → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d53928eb39cd6093:host:131.196.31.23:host:172.234.197.23	SESSION-d53928eb39cd6093 → host:131.196.31.23 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6ba4a623ca0c8731:host:172.234.197.23	SESSION-6ba4a623ca0c8731 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c69fd5cbb3980413:SESSION-c69fd5cbb3980413	SESSION-c69fd5cbb3980413 → pe:tls:SESSION-c69fd5cbb3980413
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c6483e185c23934:host:177.10.236.134	SESSION-7c6483e185c23934 → host:177.10.236.134
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f392894730d574f3:host:172.234.197.23:host:131.196.30.0	SESSION-f392894730d574f3 → host:172.234.197.23 → host:131.196.30.0
FLOW_DST_PORTOBS	e:fp:flow:b5cae6f976a7:port:tcp:58018	flow:b5cae6f976a7 → port:tcp:58018
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8f62140848f2b702:PCAP:capture_20260428010001:b1b402c7b202	SESSION-8f62140848f2b702 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7ff40ca0c390500b:flow:ebb0075612c2	SESSION-7ff40ca0c390500b → flow:ebb0075612c2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5a5092ccda361ecd:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5a5092ccda361ecd → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c1a633dafddc79f1:flow:74b4e8a79222	SESSION-c1a633dafddc79f1 → flow:74b4e8a79222
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-777f9d135946568c:flow:2469f0734cea	SESSION-777f9d135946568c → flow:2469f0734cea
FLOW_TO_HOSTOBS	e:to:SESSION-6e8b24d973ac1177:host:172.234.197.23	SESSION-6e8b24d973ac1177 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a087623b0a6f:port:tcp:43708	flow:a087623b0a6f → port:tcp:43708
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.27:asn:262880	host:177.10.234.27 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6d83a9aba23a117e:SESSION-6d83a9aba23a117e	SESSION-6d83a9aba23a117e → pe:syn:SESSION-6d83a9aba23a117e
FLOW_TO_HOSTOBS	e:to:SESSION-25e11e259146e3a2:host:172.234.197.23	SESSION-25e11e259146e3a2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37ce4ecafac50117:host:172.234.197.23:host:177.10.232.220	SESSION-37ce4ecafac50117 → host:172.234.197.23 → host:177.10.232.220
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.91:geo_-16.28860_-49.01640	host:177.10.237.91 → geo_-16.28860_-49.01640
FLOW_TLS_SNIOBS	e:fs:flow:c1e4966ad61f:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:c1e4966ad61f → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a5c85963c9f133e2:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-a5c85963c9f133e2 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.23:asn:262880	host:177.10.234.23 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5eed95be9c1a7022:host:131.196.29.33:host:172.234.197.23	SESSION-5eed95be9c1a7022 → host:131.196.29.33 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:00661a8aa975:port:tcp:443	flow:00661a8aa975 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7205a781bd8c8542:host:172.234.197.23	SESSION-7205a781bd8c8542 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d5d249db6ec3f34e:host:131.196.30.191:host:172.234.197.23	SESSION-d5d249db6ec3f34e → host:131.196.30.191 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:0f5c3852bf17	flow:0f5c3852bf17 → host:172.234.197.23 → host:131.196.28.151 → port:tcp:10677
flow_observed5-aryOBS	e:fo:flow:16586d100b1f	flow:16586d100b1f → host:177.10.232.54 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:78244264240b:port:tcp:59042	flow:78244264240b → port:tcp:59042
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e2a52b4f9db01a4:host:177.10.235.160	SESSION-0e2a52b4f9db01a4 → host:177.10.235.160
FLOW_TO_HOSTOBS	e:to:SESSION-61e3533744fe7104:host:177.10.235.24	SESSION-61e3533744fe7104 → host:177.10.235.24
flow_observed5-aryOBS	e:fo:flow:2e5c0c6a1142	flow:2e5c0c6a1142 → host:177.10.236.250 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-40d48b3e3ce773b5:PCAP:capture_20260430080001:93f47cc296a4	SESSION-40d48b3e3ce773b5 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7ed3cc3ecfbc3d3c:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7ed3cc3ecfbc3d3c → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f08e9fcec07329fb:SESSION-f08e9fcec07329fb	SESSION-f08e9fcec07329fb → pe:tls:SESSION-f08e9fcec07329fb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9260442e0efbdc6:host:172.234.197.23	SESSION-d9260442e0efbdc6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:41f1b68a64df	flow:41f1b68a64df → host:45.173.156.98 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b859feadb239919:host:177.10.237.151	SESSION-4b859feadb239919 → host:177.10.237.151
FLOW_TO_HOSTOBS	e:to:SESSION-95e8a61a9d5e6397:host:177.10.235.166	SESSION-95e8a61a9d5e6397 → host:177.10.235.166
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d52893e766cf8155:flow:035870e58ce4	SESSION-d52893e766cf8155 → flow:035870e58ce4
FLOW_FROM_HOSTOBS	e:from:SESSION-2bf5c26caf57dc4e:host:45.173.156.233	SESSION-2bf5c26caf57dc4e → host:45.173.156.233
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0125cea84e0c02fd:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0125cea84e0c02fd → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.0:geo_-23.62930_-46.63510	host:131.196.29.0 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.225.22.198:geo_52.51960_13.40690	host:51.225.22.198 → geo_52.51960_13.40690
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-43a6565d7143b8ab:host:172.234.197.23	SESSION-43a6565d7143b8ab → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9bc5f3d34b7b8244:PCAP:capture_20260430110001:43611bdf6759	SESSION-9bc5f3d34b7b8244 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a1cda6283fa3945:host:172.234.197.23	SESSION-4a1cda6283fa3945 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-06814c349a39e79e:flow:c5d998052524	SESSION-06814c349a39e79e → flow:c5d998052524
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ee6825b3a9be6d1:SESSION-6ee6825b3a9be6d1	SESSION-6ee6825b3a9be6d1 → pe:tls:SESSION-6ee6825b3a9be6d1
FLOW_TO_HOSTOBS	e:to:SESSION-204050056bc27f05:host:172.234.197.23	SESSION-204050056bc27f05 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9d58dc4e289d6c4c:flow:f8686c85714f	SESSION-9d58dc4e289d6c4c → flow:f8686c85714f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f39c81a37ca9c9d3:SESSION-f39c81a37ca9c9d3	SESSION-f39c81a37ca9c9d3 → pe:tls:SESSION-f39c81a37ca9c9d3
FLOW_FROM_HOSTOBS	e:from:SESSION-1c0e460ce34915ff:host:172.234.197.23	SESSION-1c0e460ce34915ff → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6e5fc5369724:port:tcp:443	flow:6e5fc5369724 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9a8c913718f2ecd3:flow:58c76ba5674f	SESSION-9a8c913718f2ecd3 → flow:58c76ba5674f
FLOW_TO_HOSTOBS	e:to:SESSION-8189545896e60c84:host:172.234.197.23	SESSION-8189545896e60c84 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-07675572faa18905:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-07675572faa18905 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9cd8abbfdfb95d18:SESSION-9cd8abbfdfb95d18	SESSION-9cd8abbfdfb95d18 → pe:syn:SESSION-9cd8abbfdfb95d18
flow_observed5-aryOBS	e:fo:flow:562964a4480b	flow:562964a4480b → host:131.196.30.91 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:e68dc8e4f9d6:port:tcp:443	flow:e68dc8e4f9d6 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-993efaa98cc6a9ac:host:172.234.197.23	SESSION-993efaa98cc6a9ac → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.8:geo_-16.28860_-49.01640	host:177.10.237.8 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-753bfef963e546aa:host:177.10.237.249	SESSION-753bfef963e546aa → host:177.10.237.249
FLOW_TO_HOSTOBS	e:to:SESSION-3db1c42fb505a2f9:host:172.234.197.23	SESSION-3db1c42fb505a2f9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-828db1ebc34fa50a:host:172.234.197.23	SESSION-828db1ebc34fa50a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0014b04a4a7ef99:SESSION-c0014b04a4a7ef99	SESSION-c0014b04a4a7ef99 → pe:syn:SESSION-c0014b04a4a7ef99
FLOW_TO_HOSTOBS	e:to:SESSION-9a4b68b400a3161c:host:172.234.197.23	SESSION-9a4b68b400a3161c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f97c8850c8aa:port:tcp:443	flow:f97c8850c8aa → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-5c24af053222fbf1:host:131.196.29.69	SESSION-5c24af053222fbf1 → host:131.196.29.69
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa574f1f11f5b30b:flow:79a04c011df2	SESSION-aa574f1f11f5b30b → flow:79a04c011df2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-09e8a1451dd94c84:PCAP:capture_20260430050001:8868731bf8a4	SESSION-09e8a1451dd94c84 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99e2981b3b5fa520:host:172.234.197.23	SESSION-99e2981b3b5fa520 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6db73413d50d	flow:6db73413d50d → host:177.10.239.226 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-007ba64cafd5a15c:host:172.234.197.23	SESSION-007ba64cafd5a15c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6667ca1b9f8ba8d1:host:131.196.28.72	SESSION-6667ca1b9f8ba8d1 → host:131.196.28.72
flow_observed4-aryOBS	e:fo:flow:278d5aaa1a79	flow:278d5aaa1a79 → host:172.234.197.23 → host:131.196.31.4 → port:tcp:51229
FLOW_TO_HOSTOBS	e:to:SESSION-1a75f9666a4fd8c5:host:172.234.197.23	SESSION-1a75f9666a4fd8c5 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6c53b2c88ff7f785:host:172.234.197.23	SESSION-6c53b2c88ff7f785 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ddb8ef81f168c6c0:host:131.196.30.176	SESSION-ddb8ef81f168c6c0 → host:131.196.30.176
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.138:geo_41.02140_28.99480	host:185.231.226.138 → geo_41.02140_28.99480
FLOW_FROM_HOSTOBS	e:from:SESSION-f5a08fe68832616d:host:131.196.29.162	SESSION-f5a08fe68832616d → host:131.196.29.162
FLOW_DST_PORTOBS	e:fp:flow:26582ff86251:port:tcp:443	flow:26582ff86251 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-09e9de69a12074bb:host:131.196.29.25:host:172.234.197.23	SESSION-09e9de69a12074bb → host:131.196.29.25 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4437969c398261c:SESSION-c4437969c398261c	SESSION-c4437969c398261c → pe:syn:SESSION-c4437969c398261c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-382b47d73202b6ac:host:172.234.197.23	SESSION-382b47d73202b6ac → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7ccf0be9923f197d:host:172.234.197.23	SESSION-7ccf0be9923f197d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c6f6eb6f56b12c37:host:177.10.238.190	SESSION-c6f6eb6f56b12c37 → host:177.10.238.190
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6631f08e8c06a9b6:host:172.234.197.23	SESSION-6631f08e8c06a9b6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2fd071a3b1e728ca:host:172.234.197.23:host:177.10.235.184	SESSION-2fd071a3b1e728ca → host:172.234.197.23 → host:177.10.235.184
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc96f34750660160:host:172.234.197.23	SESSION-bc96f34750660160 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0665b9726687b63:host:45.173.156.98	SESSION-c0665b9726687b63 → host:45.173.156.98
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6aa2ce807ac3d210:host:131.196.28.19:host:172.234.197.23	SESSION-6aa2ce807ac3d210 → host:131.196.28.19 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-90804beaa6aefbc0:SESSION-90804beaa6aefbc0	SESSION-90804beaa6aefbc0 → pe:syn:SESSION-90804beaa6aefbc0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77b68b84e12bfaab:host:172.234.197.23	SESSION-77b68b84e12bfaab → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c4215030ed58	flow:c4215030ed58 → host:131.196.30.41 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:9e80400e49e1:port:tcp:80	flow:9e80400e49e1 → port:tcp:80
flow_observed4-aryOBS	e:fo:flow:916363bfbc8d	flow:916363bfbc8d → host:172.234.197.23 → host:131.196.28.176 → port:tcp:11628
FLOW_FROM_HOSTOBS	e:from:SESSION-8f98b72d4ec65d75:host:177.10.234.248	SESSION-8f98b72d4ec65d75 → host:177.10.234.248
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8139f2a89dd46f4b:host:131.196.31.126	SESSION-8139f2a89dd46f4b → host:131.196.31.126
flow_observed5-aryOBS	e:fo:flow:e31aa8f495d5	flow:e31aa8f495d5 → host:177.10.237.28 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7301756ca24c49ab:host:172.234.197.23	SESSION-7301756ca24c49ab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-438fb49dfab0fe81:host:172.234.197.23	SESSION-438fb49dfab0fe81 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b7226f297fb9:port:tcp:2282	flow:b7226f297fb9 → port:tcp:2282
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0feaffd55940508b:host:172.234.197.23	SESSION-0feaffd55940508b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2676dbc5b99ef14:host:177.10.234.117	SESSION-e2676dbc5b99ef14 → host:177.10.234.117
FLOW_TO_HOSTOBS	e:to:SESSION-f67ce0567774b305:host:172.234.197.23	SESSION-f67ce0567774b305 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.125:geo_-23.62930_-46.63510	host:131.196.29.125 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9a27c97c4e7ac566:SESSION-9a27c97c4e7ac566	SESSION-9a27c97c4e7ac566 → pe:syn:SESSION-9a27c97c4e7ac566
FLOW_DST_PORTOBS	e:fp:flow:b7b3b773f9b5:port:tcp:5268	flow:b7b3b773f9b5 → port:tcp:5268
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.90:asn:262880	host:177.10.235.90 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-07675572faa18905:host:172.234.197.23	SESSION-07675572faa18905 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3988a9d0230ebd4d:host:172.234.197.23	SESSION-3988a9d0230ebd4d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7498682ecb6877b0:flow:6a8aa8884777	SESSION-7498682ecb6877b0 → flow:6a8aa8884777
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-578d76d32a2c1b81:SESSION-578d76d32a2c1b81	SESSION-578d76d32a2c1b81 → pe:tls:SESSION-578d76d32a2c1b81
flow_observed5-aryOBS	e:fo:flow:03213edca3f5	flow:03213edca3f5 → host:177.10.237.169 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d3eca13f5e50de63:host:177.10.237.54	SESSION-d3eca13f5e50de63 → host:177.10.237.54
flow_observed5-aryOBS	e:fo:flow:35814e59c9a8	flow:35814e59c9a8 → host:177.10.237.152 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-923fbccf43ed644a:host:172.234.197.23	SESSION-923fbccf43ed644a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7ad60f3efcde14b7:host:177.10.236.10:host:172.234.197.23	SESSION-7ad60f3efcde14b7 → host:177.10.236.10 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d6622ca4a22ed44:host:172.234.197.23	SESSION-5d6622ca4a22ed44 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-669a514c7e7ceed8:host:177.10.239.84	SESSION-669a514c7e7ceed8 → host:177.10.239.84
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-759329d52e4cabab:host:172.234.197.23:host:172.232.0.16	SESSION-759329d52e4cabab → host:172.234.197.23 → host:172.232.0.16
FLOW_FROM_HOSTOBS	e:from:SESSION-e48a8daff67bbc71:host:172.234.197.23	SESSION-e48a8daff67bbc71 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5fc80192f398e14d:host:131.196.29.161:host:172.234.197.23	SESSION-5fc80192f398e14d → host:131.196.29.161 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ea2f6118de4330ea:host:131.196.29.60:host:172.234.197.23	SESSION-ea2f6118de4330ea → host:131.196.29.60 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-361b290e75b75885:host:172.234.197.23	SESSION-361b290e75b75885 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-07a7172489c9ad9c:PCAP:capture_20260430070001:903a0e7a436b	SESSION-07a7172489c9ad9c → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e8879d591cbfcd7:host:131.196.30.98	SESSION-9e8879d591cbfcd7 → host:131.196.30.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-712d2d82579af730:SESSION-712d2d82579af730	SESSION-712d2d82579af730 → pe:tls:SESSION-712d2d82579af730
FLOW_FROM_HOSTOBS	e:from:SESSION-1530091b08a9906d:host:167.235.194.109	SESSION-1530091b08a9906d → host:167.235.194.109
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e2b1b7c009dcf05e:SESSION-e2b1b7c009dcf05e	SESSION-e2b1b7c009dcf05e → pe:syn:SESSION-e2b1b7c009dcf05e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6af366568a421f52:SESSION-6af366568a421f52	SESSION-6af366568a421f52 → pe:tls:SESSION-6af366568a421f52
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f45c3ab8ea783ada:SESSION-f45c3ab8ea783ada	SESSION-f45c3ab8ea783ada → pe:syn:SESSION-f45c3ab8ea783ada
flow_observed5-aryOBS	e:fo:flow:16e5cb83f132	flow:16e5cb83f132 → host:177.10.238.195 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0bc55e1159bab546:flow:f9ec3d0cc6bb	SESSION-0bc55e1159bab546 → flow:f9ec3d0cc6bb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-290c9b11e52fd3ba:host:172.234.197.23	SESSION-290c9b11e52fd3ba → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-79b570e2589cf059:host:172.234.197.23	SESSION-79b570e2589cf059 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-78704dd999ae95fc:host:131.196.29.183	SESSION-78704dd999ae95fc → host:131.196.29.183
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de01d31bf4634055:host:172.234.197.23	SESSION-de01d31bf4634055 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6a66cf91ad155464:host:45.173.156.49	SESSION-6a66cf91ad155464 → host:45.173.156.49
FLOW_FROM_HOSTOBS	e:from:SESSION-d60f9952407f0d18:host:213.209.159.159	SESSION-d60f9952407f0d18 → host:213.209.159.159
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a2add8aa10ab84ed:PCAP:capture_20260430060001:919b39a74464	SESSION-a2add8aa10ab84ed → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-6a46bc5971af02e3:host:172.234.197.23	SESSION-6a46bc5971af02e3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-97231868d06ff2ed:host:177.10.234.152:host:172.234.197.23	SESSION-97231868d06ff2ed → host:177.10.234.152 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.16:geo_-23.62930_-46.63510	host:131.196.29.16 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.88:geo_-16.28860_-49.01640	host:177.10.239.88 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:56817ae9d85f	flow:56817ae9d85f → host:177.10.239.127 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ef41947f9929862:SESSION-8ef41947f9929862	SESSION-8ef41947f9929862 → pe:tls:SESSION-8ef41947f9929862
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aec01d0deaddfc4b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-aec01d0deaddfc4b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-91919daf8511716e:SESSION-91919daf8511716e	SESSION-91919daf8511716e → pe:tls:SESSION-91919daf8511716e
FLOW_QUERIED_DNSOBS	e:fd:flow:3108c78e87d1:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:3108c78e87d1 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
flow_observed5-aryOBS	e:fo:flow:d35acae39da6	flow:d35acae39da6 → host:177.10.238.180 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.222:asn:262880	host:177.10.236.222 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d815390d9091f577:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d815390d9091f577 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4d673ded8fa5efc5:SESSION-4d673ded8fa5efc5	SESSION-4d673ded8fa5efc5 → pe:syn:SESSION-4d673ded8fa5efc5
flow_observed5-aryOBS	e:fo:flow:eea467dd73eb	flow:eea467dd73eb → host:131.196.31.90 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-608f057a6e6e376d:host:172.234.197.23:host:172.232.0.17	SESSION-608f057a6e6e376d → host:172.234.197.23 → host:172.232.0.17
flow_observed5-aryOBS	e:fo:flow:71ecf670b095	flow:71ecf670b095 → host:131.196.30.137 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-56d3faf83e1ced7d:flow:86d6a83e2f14	SESSION-56d3faf83e1ced7d → flow:86d6a83e2f14
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a70682fed3cc6c8:host:177.10.233.220:host:172.234.197.23	SESSION-8a70682fed3cc6c8 → host:177.10.233.220 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-175dd6ba51fb3cf7:flow:15b5b8684d8f	SESSION-175dd6ba51fb3cf7 → flow:15b5b8684d8f
FLOW_DST_PORTOBS	e:fp:flow:995deb079eac:port:tcp:443	flow:995deb079eac → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:87482c073df4	flow:87482c073df4 → host:131.196.31.173 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-310a1cee325ffc65:SESSION-310a1cee325ffc65	SESSION-310a1cee325ffc65 → pe:syn:SESSION-310a1cee325ffc65
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e5a933b86812e122:SESSION-e5a933b86812e122	SESSION-e5a933b86812e122 → pe:tls:SESSION-e5a933b86812e122
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-489ca31c7f776997:host:172.234.197.23	SESSION-489ca31c7f776997 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d8d6c91ee705	flow:d8d6c91ee705 → host:131.196.28.238 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-70a92a3cd71eafd5:flow:fe36b6a000f8	SESSION-70a92a3cd71eafd5 → flow:fe36b6a000f8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-deef720c855898df:PCAP:capture_20260430090001:065659c7d314	SESSION-deef720c855898df → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fd6ef4118ff649ff:PCAP:capture_20260430150001:ded20914761d	SESSION-fd6ef4118ff649ff → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b00d7db41be144d:host:177.10.234.29	SESSION-4b00d7db41be144d → host:177.10.234.29
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-042ef885e77347e7:host:172.234.197.23	SESSION-042ef885e77347e7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7a22eb4c95bd17b8:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7a22eb4c95bd17b8 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-afde502531c1ddca:host:45.173.156.183:host:172.234.197.23	SESSION-afde502531c1ddca → host:45.173.156.183 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b145e081d4e87ab3:host:172.234.197.23	SESSION-b145e081d4e87ab3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-164d60043533ec4c:host:177.10.237.143	SESSION-164d60043533ec4c → host:177.10.237.143
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-18af1f65a173a9cf:host:172.234.197.23	SESSION-18af1f65a173a9cf → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.221:asn:271410	host:131.196.28.221 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c70f7d0fa3cda32b:PCAP:capture_20260430060001:919b39a74464	SESSION-c70f7d0fa3cda32b → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a117da50f6c2c30f:host:172.234.197.23	SESSION-a117da50f6c2c30f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1684e8254d6d3165:PCAP:capture_20260430050001:8868731bf8a4	SESSION-1684e8254d6d3165 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-a4fdea987cb08476:host:177.10.234.41	SESSION-a4fdea987cb08476 → host:177.10.234.41
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a5d297f882a3348:SESSION-4a5d297f882a3348	SESSION-4a5d297f882a3348 → pe:syn:SESSION-4a5d297f882a3348
FLOW_FROM_HOSTOBS	e:from:SESSION-75bc03759038657d:host:177.10.232.139	SESSION-75bc03759038657d → host:177.10.232.139
FLOW_TO_HOSTOBS	e:to:SESSION-1684e8254d6d3165:host:172.234.197.23	SESSION-1684e8254d6d3165 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11e7a161068ba48e:host:172.234.197.23	SESSION-11e7a161068ba48e → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.195:asn:262880	host:177.10.232.195 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5e72c530de39a222:PCAP:capture_20260430050001:8868731bf8a4	SESSION-5e72c530de39a222 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-10314c25bdbc198a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-10314c25bdbc198a → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-73eca1f22df524d3:host:104.28.234.78:host:172.234.197.23	SESSION-73eca1f22df524d3 → host:104.28.234.78 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-add028e8e7760fa2:host:177.10.234.111	SESSION-add028e8e7760fa2 → host:177.10.234.111
FLOW_FROM_HOSTOBS	e:from:SESSION-3afd88a73e32b466:host:131.196.28.32	SESSION-3afd88a73e32b466 → host:131.196.28.32
flow_observed5-aryOBS	e:fo:flow:33a86ba2b575	flow:33a86ba2b575 → host:45.173.156.109 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:62e5c7a79f3a	flow:62e5c7a79f3a → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_TO_HOSTOBS	e:to:SESSION-f718644b6283d05d:host:177.10.238.29	SESSION-f718644b6283d05d → host:177.10.238.29
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.160:asn:271410	host:131.196.30.160 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60dab6a51248be22:host:172.234.197.23	SESSION-60dab6a51248be22 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0799ff092dfcce41:host:177.10.235.125	SESSION-0799ff092dfcce41 → host:177.10.235.125
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ac3b19d6233e6f7:SESSION-2ac3b19d6233e6f7	SESSION-2ac3b19d6233e6f7 → pe:syn:SESSION-2ac3b19d6233e6f7
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-783c4edbafa3c164:BSG-DATA_EXFIL-a1ec7dc57c09	SESSION-783c4edbafa3c164 → BSG-DATA_EXFIL-a1ec7dc57c09
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fa5716fea2946da:host:172.234.197.23	SESSION-5fa5716fea2946da → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-11723453546179ac:host:172.234.197.23	SESSION-11723453546179ac → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3e361598c12a1af0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3e361598c12a1af0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65316f3920c6d168:PCAP:capture_20260430090001:065659c7d314	SESSION-65316f3920c6d168 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1f6bbc079dc776bc:flow:299c3cef4094	SESSION-1f6bbc079dc776bc → flow:299c3cef4094
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.82:asn:262880	host:177.10.239.82 → asn:262880
flow_observed4-aryOBS	e:fo:flow:7a2eec4103e1	flow:7a2eec4103e1 → host:172.234.197.23 → host:177.10.236.105 → port:tcp:50841
FLOW_TO_HOSTOBS	e:to:SESSION-96abdd68944f2af2:host:172.234.197.23	SESSION-96abdd68944f2af2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bfc33587dc4bfad3:SESSION-bfc33587dc4bfad3	SESSION-bfc33587dc4bfad3 → pe:tls:SESSION-bfc33587dc4bfad3
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.132:asn:262880	host:177.10.239.132 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3c3e0ded89b78d8d:SESSION-3c3e0ded89b78d8d	SESSION-3c3e0ded89b78d8d → pe:syn:SESSION-3c3e0ded89b78d8d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f709c3d74e04443c:host:131.196.30.83	SESSION-f709c3d74e04443c → host:131.196.30.83
FLOW_DST_PORTOBS	e:fp:flow:b73ed0c140e0:port:tcp:443	flow:b73ed0c140e0 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.176:geo_-16.28860_-49.01640	host:177.10.234.176 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5a17077467e1bba6:flow:04241806c2ac	SESSION-5a17077467e1bba6 → flow:04241806c2ac
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81c8b3fdf002e09e:host:177.10.236.146	SESSION-81c8b3fdf002e09e → host:177.10.236.146
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-43a6565d7143b8ab:SESSION-43a6565d7143b8ab	SESSION-43a6565d7143b8ab → pe:syn:SESSION-43a6565d7143b8ab
FLOW_TO_HOSTOBS	e:to:SESSION-d58e8fad9dafe114:host:172.234.197.23	SESSION-d58e8fad9dafe114 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f47fcccc9f57:port:tcp:30676	flow:f47fcccc9f57 → port:tcp:30676
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55ac8b9837cbe539:host:131.196.29.75	SESSION-55ac8b9837cbe539 → host:131.196.29.75
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-380f5751cd3ba7da:host:172.234.197.23:host:131.196.28.221	SESSION-380f5751cd3ba7da → host:172.234.197.23 → host:131.196.28.221
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cac7b08c7fb71f18:host:172.234.197.23	SESSION-cac7b08c7fb71f18 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d4fb8a50f2916880:SESSION-d4fb8a50f2916880	SESSION-d4fb8a50f2916880 → pe:tls:SESSION-d4fb8a50f2916880
FLOW_FROM_HOSTOBS	e:from:SESSION-518ecd8ebc2250f7:host:172.234.197.23	SESSION-518ecd8ebc2250f7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:26c3eabc8146:port:tcp:443	flow:26c3eabc8146 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-118e26ad77e50cb0:SESSION-118e26ad77e50cb0	SESSION-118e26ad77e50cb0 → pe:syn:SESSION-118e26ad77e50cb0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ddc877c0ed3a64ea:host:172.234.197.23:host:131.196.29.34	SESSION-ddc877c0ed3a64ea → host:172.234.197.23 → host:131.196.29.34
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2091e87bc96ca173:PCAP:capture_20260430150001:ded20914761d	SESSION-2091e87bc96ca173 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-a1d9624273099964:host:131.196.29.229	SESSION-a1d9624273099964 → host:131.196.29.229
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a88f0b19d496a689:host:131.196.30.140	SESSION-a88f0b19d496a689 → host:131.196.30.140
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3567442ac940551:host:177.10.237.58	SESSION-f3567442ac940551 → host:177.10.237.58
HOST_IN_ASNOBS 85%	e:ha:host:199.195.254.215:asn:53667	host:199.195.254.215 → asn:53667
FLOW_TO_HOSTOBS	e:to:SESSION-333a850c89106bc0:host:172.234.197.23	SESSION-333a850c89106bc0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d43ecb134342fe00:host:177.10.237.127:host:172.234.197.23	SESSION-d43ecb134342fe00 → host:177.10.237.127 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3be21ea09440:port:tcp:443	flow:3be21ea09440 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-25d670562ff80de0:PCAP:capture_20260430060001:919b39a74464	SESSION-25d670562ff80de0 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2a2cae37d21287a7:SESSION-2a2cae37d21287a7	SESSION-2a2cae37d21287a7 → pe:syn:SESSION-2a2cae37d21287a7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0014b04a4a7ef99:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c0014b04a4a7ef99 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c178d8ef65578b24:host:131.196.28.227	SESSION-c178d8ef65578b24 → host:131.196.28.227
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d7508894fe5424d7:SESSION-d7508894fe5424d7	SESSION-d7508894fe5424d7 → pe:syn:SESSION-d7508894fe5424d7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8383343898074aaa:host:177.10.236.217:host:172.234.197.23	SESSION-8383343898074aaa → host:177.10.236.217 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-91c14db05e009245:host:45.173.156.153	SESSION-91c14db05e009245 → host:45.173.156.153
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-1fc518dfa07303a8:BSG-BEACON-a63cf4e96a4e	SESSION-1fc518dfa07303a8 → BSG-BEACON-a63cf4e96a4e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c6d8c2f7fc43f382:host:172.234.197.23	SESSION-c6d8c2f7fc43f382 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fef5e1438bdea640:host:172.234.197.23:host:92.118.39.236	SESSION-fef5e1438bdea640 → host:172.234.197.23 → host:92.118.39.236
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d36b613f081e74cb:PCAP:capture_20260430090001:065659c7d314	SESSION-d36b613f081e74cb → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bb70871923a8cd06:host:172.234.197.23:host:131.196.29.132	SESSION-bb70871923a8cd06 → host:172.234.197.23 → host:131.196.29.132
FLOW_DST_PORTOBS	e:fp:flow:f74617d5541f:port:tcp:443	flow:f74617d5541f → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db1b4e286dc089a9:PCAP:capture_20260430150001:ded20914761d	SESSION-db1b4e286dc089a9 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-41b7279875030e7d:host:177.10.234.178	SESSION-41b7279875030e7d → host:177.10.234.178
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.168:asn:262880	host:177.10.232.168 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08463d47d249df1d:host:177.10.233.214	SESSION-08463d47d249df1d → host:177.10.233.214
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-453cfacc8e209f2f:flow:6f3bfee5bc2d	SESSION-453cfacc8e209f2f → flow:6f3bfee5bc2d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7678ab8e642a5a2a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-7678ab8e642a5a2a → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-2def334ee7bae1e1:host:177.10.236.96	SESSION-2def334ee7bae1e1 → host:177.10.236.96
FLOW_DST_PORTOBS	e:fp:flow:a4b42408e8d1:port:tcp:443	flow:a4b42408e8d1 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:15fff6f0df71	flow:15fff6f0df71 → host:177.10.239.45 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-4b91d700ec898758:host:131.196.29.19	SESSION-4b91d700ec898758 → host:131.196.29.19
FLOW_FROM_HOSTOBS	e:from:SESSION-ecb25cc7396151e7:host:177.10.239.139	SESSION-ecb25cc7396151e7 → host:177.10.239.139
flow_observed4-aryOBS	e:fo:flow:90f6045852d1	flow:90f6045852d1 → host:172.234.197.23 → host:177.10.239.200 → port:tcp:27577
flow_observed5-aryOBS	e:fo:flow:5c0a8784cda1	flow:5c0a8784cda1 → host:177.10.238.104 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-27131bb9b9feeb52:flow:c2443289afd9	SESSION-27131bb9b9feeb52 → flow:c2443289afd9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-829966970db58135:host:177.10.236.32	SESSION-829966970db58135 → host:177.10.236.32
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-51cdac11b30f43cf:SESSION-51cdac11b30f43cf	SESSION-51cdac11b30f43cf → pe:syn:SESSION-51cdac11b30f43cf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-10017e021bbc0f25:SESSION-10017e021bbc0f25	SESSION-10017e021bbc0f25 → pe:syn:SESSION-10017e021bbc0f25
FLOW_DST_PORTOBS	e:fp:flow:1b9bafe320dc:port:tcp:443	flow:1b9bafe320dc → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-9128704be6a27a1a:host:172.234.197.23	SESSION-9128704be6a27a1a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ffa310b40a91058:host:172.234.197.23:host:45.173.156.188	SESSION-2ffa310b40a91058 → host:172.234.197.23 → host:45.173.156.188
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.253:asn:271410	host:131.196.30.253 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3168a3173448dd7d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-3168a3173448dd7d → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-55d5dc737e01c0f7:SESSION-55d5dc737e01c0f7	SESSION-55d5dc737e01c0f7 → pe:syn:SESSION-55d5dc737e01c0f7
FLOW_TO_HOSTOBS	e:to:SESSION-e06ceb4b0294ceac:host:177.10.237.120	SESSION-e06ceb4b0294ceac → host:177.10.237.120
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c6e971723a904aea:host:177.10.235.191	SESSION-c6e971723a904aea → host:177.10.235.191
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0b8c772918251267:flow:df66ab69b89e	SESSION-0b8c772918251267 → flow:df66ab69b89e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c9eb08591878d33c:host:172.234.197.23:host:131.196.30.132	SESSION-c9eb08591878d33c → host:172.234.197.23 → host:131.196.30.132
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab83f0ea1c3b60ab:host:131.196.29.103	SESSION-ab83f0ea1c3b60ab → host:131.196.29.103
FLOW_DST_PORTOBS	e:fp:flow:9effe3c58d75:port:tcp:443	flow:9effe3c58d75 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-62458b132c4d6b0d:host:131.196.30.126	SESSION-62458b132c4d6b0d → host:131.196.30.126
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ff4eb64228a8af88:SESSION-ff4eb64228a8af88	SESSION-ff4eb64228a8af88 → pe:syn:SESSION-ff4eb64228a8af88
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1600cc83b8cea24d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1600cc83b8cea24d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-de8058bfaf7cddb8:SESSION-de8058bfaf7cddb8	SESSION-de8058bfaf7cddb8 → pe:tls:SESSION-de8058bfaf7cddb8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-259d89cf1511dc5c:host:172.234.197.23	SESSION-259d89cf1511dc5c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:980518987f5e:port:tcp:443	flow:980518987f5e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2e73cad916b1394:host:177.10.232.215	SESSION-a2e73cad916b1394 → host:177.10.232.215
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f40be42edcf6e8ed:flow:c9008a9987d9	SESSION-f40be42edcf6e8ed → flow:c9008a9987d9
FLOW_DST_PORTOBS	e:fp:flow:4170fe2e85a7:port:tcp:443	flow:4170fe2e85a7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5bfd6f31a89c294d:SESSION-5bfd6f31a89c294d	SESSION-5bfd6f31a89c294d → pe:syn:SESSION-5bfd6f31a89c294d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8e743a12f6a9d6a4:host:177.10.235.187:host:172.234.197.23	SESSION-8e743a12f6a9d6a4 → host:177.10.235.187 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5232af489f8c	flow:5232af489f8c → host:131.196.28.81 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aae44d6cd669040c:flow:ed2ddb316adb	SESSION-aae44d6cd669040c → flow:ed2ddb316adb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-17084582559fbd8c:flow:916363bfbc8d	SESSION-17084582559fbd8c → flow:916363bfbc8d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a208e591aeac31e9:host:177.10.234.203	SESSION-a208e591aeac31e9 → host:177.10.234.203
FLOW_DST_PORTOBS	e:fp:flow:c3ec42c5d25d:port:tcp:443	flow:c3ec42c5d25d → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:8eec8996c56b:port:tcp:443	flow:8eec8996c56b → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.172:geo_-16.28860_-49.01640	host:177.10.234.172 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-053d7bf7ef41d243:flow:a0a925e53e44	SESSION-053d7bf7ef41d243 → flow:a0a925e53e44
flow_observed5-aryOBS	e:fo:flow:6ccb35207b9a	flow:6ccb35207b9a → host:177.10.237.89 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-01e03a84392b1398:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-01e03a84392b1398 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-621f42bc5edaa56f:SESSION-621f42bc5edaa56f	SESSION-621f42bc5edaa56f → pe:syn:SESSION-621f42bc5edaa56f
FLOW_TO_HOSTOBS	e:to:SESSION-b2474eb623db0155:host:131.196.30.9	SESSION-b2474eb623db0155 → host:131.196.30.9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.41:geo_-21.10010_-41.69200	host:45.173.156.41 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7ab46af96ea11edd:host:131.196.30.187:host:172.234.197.23	SESSION-7ab46af96ea11edd → host:131.196.30.187 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0cd9b8959e0e89e:host:172.234.197.23	SESSION-d0cd9b8959e0e89e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:63ab8c619855:port:tcp:443	flow:63ab8c619855 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f6c732897c2ca80c:SESSION-f6c732897c2ca80c	SESSION-f6c732897c2ca80c → pe:tls:SESSION-f6c732897c2ca80c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3f928c0ad9f6130d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3f928c0ad9f6130d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-9e896271e9295df4:BSG-BEACON-918ce26726c0	SESSION-9e896271e9295df4 → BSG-BEACON-918ce26726c0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9dcf6e772a239b46:SESSION-9dcf6e772a239b46	SESSION-9dcf6e772a239b46 → pe:syn:SESSION-9dcf6e772a239b46
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.254:asn:271410	host:131.196.29.254 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28d2d0e8afd37453:host:45.173.156.164	SESSION-28d2d0e8afd37453 → host:45.173.156.164
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8417ba17d1562cbc:host:172.234.197.23	SESSION-8417ba17d1562cbc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4363548d57b1d6df:host:172.234.197.23	SESSION-4363548d57b1d6df → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f16f611b98ecbfd:host:131.196.30.7	SESSION-8f16f611b98ecbfd → host:131.196.30.7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-52e5c47434ed6c74:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-52e5c47434ed6c74 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-c20a24472712669d:host:172.234.197.23	SESSION-c20a24472712669d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-41957bf4b3a50ded:SESSION-41957bf4b3a50ded	SESSION-41957bf4b3a50ded → pe:tls:SESSION-41957bf4b3a50ded
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-e0b8f15e6ec3ec0f:BSG-DATA_EXFIL-178e57e7287e	SESSION-e0b8f15e6ec3ec0f → BSG-DATA_EXFIL-178e57e7287e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-567e9582c6914b15:SESSION-567e9582c6914b15	SESSION-567e9582c6914b15 → pe:tls:SESSION-567e9582c6914b15
FLOW_FROM_HOSTOBS	e:from:SESSION-54530aea57b72d0f:host:172.234.197.23	SESSION-54530aea57b72d0f → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.111:asn:271410	host:131.196.31.111 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.120:asn:262880	host:177.10.236.120 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a5643c60889fe0da:SESSION-a5643c60889fe0da	SESSION-a5643c60889fe0da → pe:syn:SESSION-a5643c60889fe0da
FLOW_TO_HOSTOBS	e:to:SESSION-e076f857aa349ed0:host:172.234.197.23	SESSION-e076f857aa349ed0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0ea34ef73cf330d2:SESSION-0ea34ef73cf330d2	SESSION-0ea34ef73cf330d2 → pe:syn:SESSION-0ea34ef73cf330d2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-de8058bfaf7cddb8:SESSION-de8058bfaf7cddb8	SESSION-de8058bfaf7cddb8 → pe:syn:SESSION-de8058bfaf7cddb8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72411a82d36d6add:host:172.234.197.23	SESSION-72411a82d36d6add → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2e85a67565660f7c:host:172.234.197.23:host:131.196.30.75	SESSION-2e85a67565660f7c → host:172.234.197.23 → host:131.196.30.75
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a759d297db5368da:host:177.10.235.213	SESSION-a759d297db5368da → host:177.10.235.213
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0f21a1d46f067dc:host:177.10.236.213	SESSION-c0f21a1d46f067dc → host:177.10.236.213
FLOW_DST_PORTOBS	e:fp:flow:d724b9218f6c:port:tcp:443	flow:d724b9218f6c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-306afa7fa31a1f87:PCAP:capture_20260430160001:9bfa4498506a	SESSION-306afa7fa31a1f87 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:b28ad62d8000	flow:b28ad62d8000 → host:177.10.234.71 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ba035d2018b1429:PCAP:capture_20260430060001:919b39a74464	SESSION-6ba035d2018b1429 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-6da60a47e57e7ba3:host:172.234.197.23	SESSION-6da60a47e57e7ba3 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:59.24.133.197:geo_36.11350_128.34300	host:59.24.133.197 → geo_36.11350_128.34300
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2c924632948936b:host:131.196.31.26	SESSION-b2c924632948936b → host:131.196.31.26
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f00ab97ef4b401c8:SESSION-f00ab97ef4b401c8	SESSION-f00ab97ef4b401c8 → pe:tls:SESSION-f00ab97ef4b401c8
FLOW_TO_HOSTOBS	e:to:SESSION-b8f2b3515afd502b:host:172.234.197.23	SESSION-b8f2b3515afd502b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.172:asn:262880	host:177.10.232.172 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-ded52056067d22b2:host:172.234.197.23	SESSION-ded52056067d22b2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e3139069f2c261e:host:172.234.197.23	SESSION-6e3139069f2c261e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3fdceaf69f291402:host:131.196.29.172:host:172.234.197.23	SESSION-3fdceaf69f291402 → host:131.196.29.172 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-941b4a1386b7be8f:flow:0c9bce781e07	SESSION-941b4a1386b7be8f → flow:0c9bce781e07
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a3b1f52ae1679da:host:95.135.228.39	SESSION-3a3b1f52ae1679da → host:95.135.228.39
FLOW_FROM_HOSTOBS	e:from:SESSION-afa0e3a30bb0024e:host:172.234.197.23	SESSION-afa0e3a30bb0024e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a139b1df55cde4d7:host:131.196.30.74	SESSION-a139b1df55cde4d7 → host:131.196.30.74
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bfc33587dc4bfad3:PCAP:capture_20260430110001:43611bdf6759	SESSION-bfc33587dc4bfad3 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-866725b3664820db:SESSION-866725b3664820db	SESSION-866725b3664820db → pe:tls:SESSION-866725b3664820db
FLOW_TO_HOSTOBS	e:to:SESSION-360f4972fec5b7e0:host:172.234.197.23	SESSION-360f4972fec5b7e0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d6a1a522f9ca6e79:host:172.234.197.23	SESSION-d6a1a522f9ca6e79 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-36e366306285e270:host:177.10.235.114:host:172.234.197.23	SESSION-36e366306285e270 → host:177.10.235.114 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5a277796632a248:PCAP:capture_20260430110001:43611bdf6759	SESSION-b5a277796632a248 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-e987eea1f59290d7:host:51.92.14.54	SESSION-e987eea1f59290d7 → host:51.92.14.54
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.185:geo_-16.28860_-49.01640	host:177.10.234.185 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a3e524c73cd89280:SESSION-a3e524c73cd89280	SESSION-a3e524c73cd89280 → pe:tls:SESSION-a3e524c73cd89280
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:172.232.0.17:geo_41.88350_-87.63050	host:172.232.0.17 → geo_41.88350_-87.63050
FLOW_DST_PORTOBS	e:fp:flow:a6993633811b:port:tcp:54231	flow:a6993633811b → port:tcp:54231
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54704a8587620f8b:host:172.234.197.23	SESSION-54704a8587620f8b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d2a460a472c4c29:host:172.234.197.23	SESSION-8d2a460a472c4c29 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ebcf7e2690fc:port:tcp:443	flow:ebcf7e2690fc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6966225f20017b9e:SESSION-6966225f20017b9e	SESSION-6966225f20017b9e → pe:syn:SESSION-6966225f20017b9e
FLOW_DST_PORTOBS	e:fp:flow:76dcffdb4705:port:tcp:443	flow:76dcffdb4705 → port:tcp:443
flow_observed3-aryOBS	e:fo:flow:64f60722c2db	flow:64f60722c2db → host:52.12.196.158 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:46e86d702bd9	flow:46e86d702bd9 → host:172.234.197.23 → host:131.196.28.160 → port:tcp:32347
FLOW_FROM_HOSTOBS	e:from:SESSION-2e46bef1b2f6daf0:host:172.234.197.23	SESSION-2e46bef1b2f6daf0 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.201:geo_-16.28860_-49.01640	host:177.10.235.201 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:fae1a9cd01c6:port:tcp:443	flow:fae1a9cd01c6 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2fd944013b60077a:flow:1ad708fe6e05	SESSION-2fd944013b60077a → flow:1ad708fe6e05
FLOW_FROM_HOSTOBS	e:from:SESSION-0f20859a8cab5c7a:host:172.234.197.23	SESSION-0f20859a8cab5c7a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9d864593c28e	flow:9d864593c28e → host:131.196.30.143 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1eb9812de4c91c82:host:172.234.197.23	SESSION-1eb9812de4c91c82 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2e615d118f3247e2:PCAP:capture_20260430090001:065659c7d314	SESSION-2e615d118f3247e2 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-045a77174f347205:flow:bfe599b46934	SESSION-045a77174f347205 → flow:bfe599b46934
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b2aed99cc8c09f5c:flow:8c2c13a662a6	SESSION-b2aed99cc8c09f5c → flow:8c2c13a662a6
FLOW_DST_PORTOBS	e:fp:flow:b414c202d9e1:port:tcp:443	flow:b414c202d9e1 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:c9e3aedcd058	flow:c9e3aedcd058 → host:172.234.197.23 → host:177.10.235.241 → port:tcp:20862
FLOW_TO_HOSTOBS	e:to:SESSION-433230166b97139a:host:172.234.197.23	SESSION-433230166b97139a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e08dddd9edfa5277:host:131.196.31.84	SESSION-e08dddd9edfa5277 → host:131.196.31.84
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-28ea3e411a2de5c2:flow:f7769727a135	SESSION-28ea3e411a2de5c2 → flow:f7769727a135
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5ee9797d15d423e:SESSION-b5ee9797d15d423e	SESSION-b5ee9797d15d423e → pe:tls:SESSION-b5ee9797d15d423e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-82093c184ece9713:flow:b43506a49673	SESSION-82093c184ece9713 → flow:b43506a49673
FLOW_FROM_HOSTOBS	e:from:SESSION-69d41e5348c00130:host:136.243.57.208	SESSION-69d41e5348c00130 → host:136.243.57.208
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7c1c3bc51aa7232b:flow:44e7caf8cd36	SESSION-7c1c3bc51aa7232b → flow:44e7caf8cd36
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.88:geo_-23.62930_-46.63510	host:131.196.30.88 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07e54ca458e8eeab:host:172.234.197.23	SESSION-07e54ca458e8eeab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a8441f04433657ee:host:172.234.197.23	SESSION-a8441f04433657ee → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-40497d6996ef2088:SESSION-40497d6996ef2088	SESSION-40497d6996ef2088 → pe:tls:SESSION-40497d6996ef2088
flow_observed5-aryOBS	e:fo:flow:47adaf8e89df	flow:47adaf8e89df → host:177.10.235.168 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:17ffd29efdaf:port:tcp:443	flow:17ffd29efdaf → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-394aeca8e13c39b2:SESSION-394aeca8e13c39b2	SESSION-394aeca8e13c39b2 → pe:tls:SESSION-394aeca8e13c39b2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.76:asn:262880	host:177.10.238.76 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-026fe63fd4f2486a:host:172.234.197.23	SESSION-026fe63fd4f2486a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:07535cfd3b72	flow:07535cfd3b72 → host:199.16.157.181 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-29162d9ed8336732:SESSION-29162d9ed8336732	SESSION-29162d9ed8336732 → pe:syn:SESSION-29162d9ed8336732
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.145:asn:271410	host:131.196.29.145 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42dd33a8e6552b73:host:34.216.30.208	SESSION-42dd33a8e6552b73 → host:34.216.30.208
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-07a7172489c9ad9c:SESSION-07a7172489c9ad9c	SESSION-07a7172489c9ad9c → pe:syn:SESSION-07a7172489c9ad9c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1f3af12abbb2ff56:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1f3af12abbb2ff56 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ff2c95cfb4d3a4dd:flow:3d1380dea746	SESSION-ff2c95cfb4d3a4dd → flow:3d1380dea746
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d7c23b0aff57d2da:flow:c4b12d61b6c1	SESSION-d7c23b0aff57d2da → flow:c4b12d61b6c1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d58cfad877959bea:SESSION-d58cfad877959bea	SESSION-d58cfad877959bea → pe:syn:SESSION-d58cfad877959bea
FLOW_DST_PORTOBS	e:fp:flow:8a521b090e04:port:tcp:443	flow:8a521b090e04 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e577d7cf1b0ace36:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e577d7cf1b0ace36 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5bd73118ac3f9f7:SESSION-b5bd73118ac3f9f7	SESSION-b5bd73118ac3f9f7 → pe:tls:SESSION-b5bd73118ac3f9f7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3529b49a7d38dad6:flow:1441785bdf43	SESSION-3529b49a7d38dad6 → flow:1441785bdf43
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.33:asn:273470	host:45.173.156.33 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff7dac0188fe8fcb:host:177.10.239.108	SESSION-ff7dac0188fe8fcb → host:177.10.239.108
FLOW_FROM_HOSTOBS	e:from:SESSION-3cd6c8dc824ee14d:host:177.10.234.137	SESSION-3cd6c8dc824ee14d → host:177.10.234.137
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-380f5751cd3ba7da:flow:1b8121d22a93	SESSION-380f5751cd3ba7da → flow:1b8121d22a93
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5d84fd327ccf4e65:PCAP:capture_20260430050001:8868731bf8a4	SESSION-5d84fd327ccf4e65 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-93be623985b95b7d:SESSION-93be623985b95b7d	SESSION-93be623985b95b7d → pe:tls:SESSION-93be623985b95b7d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-736a99dd90ae6491:host:131.196.28.216	SESSION-736a99dd90ae6491 → host:131.196.28.216
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a88c1288033e7cc:SESSION-0a88c1288033e7cc	SESSION-0a88c1288033e7cc → pe:syn:SESSION-0a88c1288033e7cc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98d504bd384337f5:host:177.10.235.147	SESSION-98d504bd384337f5 → host:177.10.235.147
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a9beff4b34540729:SESSION-a9beff4b34540729	SESSION-a9beff4b34540729 → pe:tls:SESSION-a9beff4b34540729
FLOW_FROM_HOSTOBS	e:from:SESSION-1d5390845b17c572:host:177.10.235.69	SESSION-1d5390845b17c572 → host:177.10.235.69
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-af1aec9a84a08d25:SESSION-af1aec9a84a08d25	SESSION-af1aec9a84a08d25 → pe:syn:SESSION-af1aec9a84a08d25
FLOW_DST_PORTOBS	e:fp:flow:359deaa24329:port:tcp:443	flow:359deaa24329 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.235:asn:262880	host:177.10.238.235 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-6c83a3382d975674:host:172.234.197.23	SESSION-6c83a3382d975674 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.63:geo_-23.62930_-46.63510	host:131.196.31.63 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e074c277760af7b:host:131.196.29.140	SESSION-4e074c277760af7b → host:131.196.29.140
flow_observed5-aryOBS	e:fo:flow:e5babc92bbf3	flow:e5babc92bbf3 → host:177.10.235.129 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-461eadc2db19418d:host:172.234.197.23	SESSION-461eadc2db19418d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-014d878748f613f9:host:177.10.235.98:host:172.234.197.23	SESSION-014d878748f613f9 → host:177.10.235.98 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bb3f1e71e19d60be:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-bb3f1e71e19d60be → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f21aae4e1b352568:PCAP:capture_20260428010001:b1b402c7b202	SESSION-f21aae4e1b352568 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8e0f3c8a35641f7b:SESSION-8e0f3c8a35641f7b	SESSION-8e0f3c8a35641f7b → pe:tls:SESSION-8e0f3c8a35641f7b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e8ebb92b3cccc0ee:host:172.234.197.23:host:177.10.239.15	SESSION-e8ebb92b3cccc0ee → host:172.234.197.23 → host:177.10.239.15
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-75ad621f5d402513:host:177.10.232.114:host:172.234.197.23	SESSION-75ad621f5d402513 → host:177.10.232.114 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6d4e81930fa292a8:host:177.10.233.101	SESSION-6d4e81930fa292a8 → host:177.10.233.101
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6c15e0230f45f826:SESSION-6c15e0230f45f826	SESSION-6c15e0230f45f826 → pe:tls:SESSION-6c15e0230f45f826
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fdee4339c7caabb6:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-fdee4339c7caabb6 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31d47da03b5e0774:host:45.173.156.138	SESSION-31d47da03b5e0774 → host:45.173.156.138
FLOW_DST_PORTOBS	e:fp:flow:9d1deff47539:port:tcp:40281	flow:9d1deff47539 → port:tcp:40281
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0dab8159384d982:host:172.234.197.23	SESSION-b0dab8159384d982 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-38a9f2b2580a8fb5:SESSION-38a9f2b2580a8fb5	SESSION-38a9f2b2580a8fb5 → pe:tls:SESSION-38a9f2b2580a8fb5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c55eb6f1c0bb6137:flow:7a9e45f4aff9	SESSION-c55eb6f1c0bb6137 → flow:7a9e45f4aff9
FLOW_TO_HOSTOBS	e:to:SESSION-eb6c1367f6b2a786:host:172.234.197.23	SESSION-eb6c1367f6b2a786 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d9ef85fb3b83fc71:flow:1938fe602d95	SESSION-d9ef85fb3b83fc71 → flow:1938fe602d95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3b8a5f0932f0fd6d:SESSION-3b8a5f0932f0fd6d	SESSION-3b8a5f0932f0fd6d → pe:tls:SESSION-3b8a5f0932f0fd6d
FLOW_TO_HOSTOBS	e:to:SESSION-49d1ccfce5e59a68:host:172.234.197.23	SESSION-49d1ccfce5e59a68 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:86e4868e6941:port:tcp:443	flow:86e4868e6941 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-469f9efa6316e344:host:172.234.197.23	SESSION-469f9efa6316e344 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-67f971eb3e92b8d2:host:172.234.197.23	SESSION-67f971eb3e92b8d2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e0a730d87d8b98f3:SESSION-e0a730d87d8b98f3	SESSION-e0a730d87d8b98f3 → pe:tls:SESSION-e0a730d87d8b98f3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db1ee555567b9b22:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-db1ee555567b9b22 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7ece8090c9a4b7f:host:177.10.234.89	SESSION-c7ece8090c9a4b7f → host:177.10.234.89
FLOW_DST_PORTOBS	e:fp:flow:f20bf7e667e6:port:tcp:443	flow:f20bf7e667e6 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a7bf37c238cc392:flow:4572d0b5bdf3	SESSION-4a7bf37c238cc392 → flow:4572d0b5bdf3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1129a02e66df3e40:flow:9948bfeb9f74	SESSION-1129a02e66df3e40 → flow:9948bfeb9f74
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.5:asn:273470	host:45.173.156.5 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-35910be85c736a39:host:177.10.235.11	SESSION-35910be85c736a39 → host:177.10.235.11
FLOW_DST_PORTOBS	e:fp:flow:dcab33a7f74b:port:tcp:443	flow:dcab33a7f74b → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.123:asn:273470	host:45.173.156.123 → asn:273470
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0e6517dadbfe4bb3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0e6517dadbfe4bb3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:e676589bf44a:port:tcp:443	flow:e676589bf44a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-174e61a8ff8b9c0e:host:172.234.197.23	SESSION-174e61a8ff8b9c0e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c76cb7a55699fff8:host:172.234.197.23:host:131.196.29.145	SESSION-c76cb7a55699fff8 → host:172.234.197.23 → host:131.196.29.145
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-62b0720ae8fecbf5:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-62b0720ae8fecbf5 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-077f434652010402:host:172.234.197.23	SESSION-077f434652010402 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-130c48c57d6ba6f4:host:140.235.124.200:host:172.234.197.23	SESSION-130c48c57d6ba6f4 → host:140.235.124.200 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:39906cd67d5b	flow:39906cd67d5b → host:172.234.197.23 → host:177.10.234.76 → port:tcp:18992
FLOW_TO_HOSTOBS	e:to:SESSION-60281e53e47bfb2b:host:131.196.29.56	SESSION-60281e53e47bfb2b → host:131.196.29.56
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f9ddceec57447449:host:177.10.234.250:host:172.234.197.23	SESSION-f9ddceec57447449 → host:177.10.234.250 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-301cccab595ff1f6:host:45.173.156.41	SESSION-301cccab595ff1f6 → host:45.173.156.41
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.24:asn:262880	host:177.10.237.24 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-97e21cf514a48728:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-97e21cf514a48728 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.208:geo_-16.28860_-49.01640	host:177.10.234.208 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-534aae6aa0ff39bc:host:172.234.197.23	SESSION-534aae6aa0ff39bc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b849b4bd4115608f:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b849b4bd4115608f → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9466cbe9e9dd26aa:host:177.10.233.32	SESSION-9466cbe9e9dd26aa → host:177.10.233.32
FLOW_FROM_HOSTOBS	e:from:SESSION-2dbb680dd253e19c:host:131.196.29.252	SESSION-2dbb680dd253e19c → host:131.196.29.252
HOST_IN_ASNOBS 85%	e:ha:host:54.200.68.109:asn:16509	host:54.200.68.109 → asn:16509
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b977b804ba3f4edd:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b977b804ba3f4edd → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-dfd5cbc4ed1c485c:host:172.234.197.23	SESSION-dfd5cbc4ed1c485c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9d6fb279031158e:host:172.234.197.23	SESSION-b9d6fb279031158e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc1a8a6f7d90953a:host:172.234.197.23	SESSION-bc1a8a6f7d90953a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-555dcb6965008cb6:SESSION-555dcb6965008cb6	SESSION-555dcb6965008cb6 → pe:tls:SESSION-555dcb6965008cb6
flow_observed4-aryOBS	e:fo:flow:d9eaf86df5ae	flow:d9eaf86df5ae → host:172.234.197.23 → host:45.173.156.220 → port:tcp:645
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c2927944fbf9fbe3:SESSION-c2927944fbf9fbe3	SESSION-c2927944fbf9fbe3 → pe:syn:SESSION-c2927944fbf9fbe3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ddfef5208babd34:flow:ef75b0633734	SESSION-6ddfef5208babd34 → flow:ef75b0633734
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2161d2ba591330e1:SESSION-2161d2ba591330e1	SESSION-2161d2ba591330e1 → pe:syn:SESSION-2161d2ba591330e1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86f48b7df98fd466:host:172.234.197.23	SESSION-86f48b7df98fd466 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0a7bf45be75c:port:tcp:443	flow:0a7bf45be75c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-838eea3d6dd669fd:PCAP:capture_20260430160001:9bfa4498506a	SESSION-838eea3d6dd669fd → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-edeb3dca8d1da30b:host:45.173.156.159	SESSION-edeb3dca8d1da30b → host:45.173.156.159
FLOW_DST_PORTOBS	e:fp:flow:5b849e915364:port:tcp:10885	flow:5b849e915364 → port:tcp:10885
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-492b019ad94826ae:host:172.234.197.23:host:131.196.31.136	SESSION-492b019ad94826ae → host:172.234.197.23 → host:131.196.31.136
flow_observed4-aryOBS	e:fo:flow:1759eefacc38	flow:1759eefacc38 → host:172.234.197.23 → host:177.10.239.84 → port:tcp:17374
ASN_IN_ORGOBS 80%	e:ao:asn:24940:org:Hetzner Online GmbH	asn:24940 → org:Hetzner Online GmbH
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e872279913929717:SESSION-e872279913929717	SESSION-e872279913929717 → pe:tls:SESSION-e872279913929717
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-537461a77052bb13:flow:eb46c0750072	SESSION-537461a77052bb13 → flow:eb46c0750072
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.141:geo_-23.62930_-46.63510	host:131.196.29.141 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1c9303996834523:host:177.10.238.217	SESSION-d1c9303996834523 → host:177.10.238.217
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-310c82c2a589a705:flow:274a2e3ab257	SESSION-310c82c2a589a705 → flow:274a2e3ab257
FLOW_FROM_HOSTOBS	e:from:SESSION-7e41a4ef6cc929c5:host:131.196.29.48	SESSION-7e41a4ef6cc929c5 → host:131.196.29.48
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.191:geo_-16.28860_-49.01640	host:177.10.237.191 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ac14845b1a23366d:PCAP:capture_20260430110001:43611bdf6759	SESSION-ac14845b1a23366d → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-e6a5c0858fcd0d09:host:172.234.197.23	SESSION-e6a5c0858fcd0d09 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-189d055e7be1f56c:PCAP:capture_20260430090001:065659c7d314	SESSION-189d055e7be1f56c → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a918f52003c304f:SESSION-0a918f52003c304f	SESSION-0a918f52003c304f → pe:tls:SESSION-0a918f52003c304f
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.53:asn:273470	host:45.173.156.53 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-04737cadee3282a6:host:131.196.31.60:host:172.234.197.23	SESSION-04737cadee3282a6 → host:131.196.31.60 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.11:asn:262880	host:177.10.239.11 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2348046789aa81fe:host:131.196.28.153:host:172.234.197.23	SESSION-2348046789aa81fe → host:131.196.28.153 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-27131bb9b9feeb52:host:172.234.197.23	SESSION-27131bb9b9feeb52 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-19279b7c3b267599:host:172.234.197.23	SESSION-19279b7c3b267599 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-526fa727f8be74e3:flow:8c110534c1df	SESSION-526fa727f8be74e3 → flow:8c110534c1df
FLOW_FROM_HOSTOBS	e:from:SESSION-79349287be3864ac:host:131.196.29.235	SESSION-79349287be3864ac → host:131.196.29.235
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.131:asn:203771	host:92.112.71.131 → asn:203771
FLOW_FROM_HOSTOBS	e:from:SESSION-21bd08fb36aa18e9:host:131.196.30.28	SESSION-21bd08fb36aa18e9 → host:131.196.30.28
flow_observed5-aryOBS	e:fo:flow:f97864e9b884	flow:f97864e9b884 → host:45.173.156.41 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-c402fe398bbf1491:host:172.234.197.23	SESSION-c402fe398bbf1491 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-921ff5b52f826cc0:host:177.10.237.95	SESSION-921ff5b52f826cc0 → host:177.10.237.95
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5a9915da62b53f74:PCAP:capture_20260430150001:ded20914761d	SESSION-5a9915da62b53f74 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f7bf4f785679ea3b:SESSION-f7bf4f785679ea3b	SESSION-f7bf4f785679ea3b → pe:syn:SESSION-f7bf4f785679ea3b
flow_observed5-aryOBS	e:fo:flow:cd8eb2888715	flow:cd8eb2888715 → host:177.10.236.89 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:522b9f036c79	flow:522b9f036c79 → host:45.173.156.3 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:9cb459810b54:port:tcp:443	flow:9cb459810b54 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:cad221a9972e:port:tcp:443	flow:cad221a9972e → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9f05806c7fdedb94:host:177.10.237.46:host:172.234.197.23	SESSION-9f05806c7fdedb94 → host:177.10.237.46 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7c834c7664f83e9:host:172.234.197.23	SESSION-e7c834c7664f83e9 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.170:geo_-23.62930_-46.63510	host:131.196.30.170 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:d95fb9f2e00c:port:tcp:443	flow:d95fb9f2e00c → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.172:geo_-23.62930_-46.63510	host:131.196.28.172 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3ea2e2a37f857a7f:host:172.234.197.23:host:177.10.239.35	SESSION-3ea2e2a37f857a7f → host:172.234.197.23 → host:177.10.239.35
FLOW_DST_PORTOBS	e:fp:flow:33619393bce5:port:tcp:443	flow:33619393bce5 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:01bad0e68b5f:port:tcp:443	flow:01bad0e68b5f → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3e70a8d6fd08b895:host:177.10.234.215:host:172.234.197.23	SESSION-3e70a8d6fd08b895 → host:177.10.234.215 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d537e467802bc1c1:host:172.234.197.23:host:131.196.29.215	SESSION-d537e467802bc1c1 → host:172.234.197.23 → host:131.196.29.215
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ae37c351bfd95cd:SESSION-6ae37c351bfd95cd	SESSION-6ae37c351bfd95cd → pe:syn:SESSION-6ae37c351bfd95cd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e606b3df4d49b4d1:PCAP:capture_20260430150001:ded20914761d	SESSION-e606b3df4d49b4d1 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7a70c074fb73905e:SESSION-7a70c074fb73905e	SESSION-7a70c074fb73905e → pe:syn:SESSION-7a70c074fb73905e
FLOW_DST_PORTOBS	e:fp:flow:f859b2919391:port:tcp:443	flow:f859b2919391 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b57c4e647c9921c9:SESSION-b57c4e647c9921c9	SESSION-b57c4e647c9921c9 → pe:syn:SESSION-b57c4e647c9921c9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-879f882e46cb6c3f:host:172.234.197.23	SESSION-879f882e46cb6c3f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3a25d201ec7d699:host:131.196.30.236	SESSION-b3a25d201ec7d699 → host:131.196.30.236
FLOW_FROM_HOSTOBS	e:from:SESSION-c5664e67ab454dc8:host:172.234.197.23	SESSION-c5664e67ab454dc8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb6a6e3ef5fc132c:host:172.234.197.23	SESSION-fb6a6e3ef5fc132c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2761ffbe76598549:host:172.234.197.23:host:177.10.237.147	SESSION-2761ffbe76598549 → host:172.234.197.23 → host:177.10.237.147
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ddb6310055a59be:host:131.196.31.143	SESSION-4ddb6310055a59be → host:131.196.31.143
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-46a01539128daee6:PCAP:capture_20260430150001:ded20914761d	SESSION-46a01539128daee6 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-2619cb568c6b860e:host:172.234.197.23	SESSION-2619cb568c6b860e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99a4fe376d3938fb:host:131.196.31.226	SESSION-99a4fe376d3938fb → host:131.196.31.226
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.27:asn:203771	host:92.112.71.27 → asn:203771
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-23aaa31711ea4954:host:177.10.236.196:host:172.234.197.23	SESSION-23aaa31711ea4954 → host:177.10.236.196 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab491f454947df2e:host:172.234.197.23	SESSION-ab491f454947df2e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01454c90925a3a4f:host:131.196.31.90	SESSION-01454c90925a3a4f → host:131.196.31.90
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ef914cd10270daad:flow:8df67b08eebb	SESSION-ef914cd10270daad → flow:8df67b08eebb
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.148:geo_-21.10010_-41.69200	host:45.173.156.148 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34913801790eb8e4:host:131.196.28.238	SESSION-34913801790eb8e4 → host:131.196.28.238
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-472112a6b5df57cd:host:172.234.197.23	SESSION-472112a6b5df57cd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2348046789aa81fe:SESSION-2348046789aa81fe	SESSION-2348046789aa81fe → pe:tls:SESSION-2348046789aa81fe
flow_observed5-aryOBS	e:fo:flow:1d87a6e22a1b	flow:1d87a6e22a1b → host:177.10.234.6 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d6d83b2373dd8cdc:flow:4e4dc3612eef	SESSION-d6d83b2373dd8cdc → flow:4e4dc3612eef
flow_observed5-aryOBS	e:fo:flow:31aded4cced4	flow:31aded4cced4 → host:195.154.100.87 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0f21a1d46f067dc:SESSION-c0f21a1d46f067dc	SESSION-c0f21a1d46f067dc → pe:syn:SESSION-c0f21a1d46f067dc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9729058a0ea02937:host:177.10.234.32	SESSION-9729058a0ea02937 → host:177.10.234.32
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4dc418e4265e72ea:host:177.10.238.93:host:172.234.197.23	SESSION-4dc418e4265e72ea → host:177.10.238.93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-739affc996a6fe99:host:172.234.197.23	SESSION-739affc996a6fe99 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:63fe30a74448:port:tcp:443	flow:63fe30a74448 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:104.28.202.77:asn:13335	host:104.28.202.77 → asn:13335
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2e46bef1b2f6daf0:SESSION-2e46bef1b2f6daf0	SESSION-2e46bef1b2f6daf0 → pe:tls:SESSION-2e46bef1b2f6daf0
flow_observed3-aryOBS	e:fo:flow:dd0834107db0	flow:dd0834107db0 → host:56.155.73.64 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fb6a6e3ef5fc132c:host:172.234.197.23:host:177.10.234.95	SESSION-fb6a6e3ef5fc132c → host:172.234.197.23 → host:177.10.234.95
FLOW_FROM_HOSTOBS	e:from:SESSION-2f99dd3ca5b14a25:host:177.10.238.50	SESSION-2f99dd3ca5b14a25 → host:177.10.238.50
FLOW_DST_PORTOBS	e:fp:flow:b65737236159:port:tcp:443	flow:b65737236159 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-030b2a260e8012dd:host:131.196.31.138	SESSION-030b2a260e8012dd → host:131.196.31.138
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bcb514f388fb99c6:PCAP:capture_20260430050001:8868731bf8a4	SESSION-bcb514f388fb99c6 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:98a12a95fc8d:port:tcp:16219	flow:98a12a95fc8d → port:tcp:16219
FLOW_FROM_HOSTOBS	e:from:SESSION-d610f9ec6aa577ae:host:131.196.28.133	SESSION-d610f9ec6aa577ae → host:131.196.28.133
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.93:asn:262880	host:177.10.238.93 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:0e92b5d5b203:port:tcp:31728	flow:0e92b5d5b203 → port:tcp:31728
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d11c29aca82696f2:host:177.10.236.58	SESSION-d11c29aca82696f2 → host:177.10.236.58
flow_observed4-aryOBS	e:fo:flow:4868f6e5b122	flow:4868f6e5b122 → host:172.234.197.23 → host:131.196.31.4 → port:tcp:31203
FLOW_FROM_HOSTOBS	e:from:SESSION-9f2c14118785728f:host:172.234.197.23	SESSION-9f2c14118785728f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cd4d686620f5fc14:flow:72f5ecf251c5	SESSION-cd4d686620f5fc14 → flow:72f5ecf251c5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3f1e2986117d2a1f:SESSION-3f1e2986117d2a1f	SESSION-3f1e2986117d2a1f → pe:tls:SESSION-3f1e2986117d2a1f
flow_observed4-aryOBS	e:fo:flow:bea613e6f5e4	flow:bea613e6f5e4 → host:172.234.197.23 → host:177.10.236.32 → port:tcp:30706
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0e6800c9c0f40710:host:180.167.128.203:host:172.234.197.23	SESSION-0e6800c9c0f40710 → host:180.167.128.203 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-742c2d67dec63a6f:host:131.196.30.128:host:172.234.197.23	SESSION-742c2d67dec63a6f → host:131.196.30.128 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-27f33a2015337a96:host:131.196.28.137:host:172.234.197.23	SESSION-27f33a2015337a96 → host:131.196.28.137 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.84:geo_-16.28860_-49.01640	host:177.10.239.84 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:adc510d649e0	flow:adc510d649e0 → host:172.234.197.23 → host:177.10.238.247 → port:tcp:5942
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d3f8bf2b05f7ab82:SESSION-d3f8bf2b05f7ab82	SESSION-d3f8bf2b05f7ab82 → pe:syn:SESSION-d3f8bf2b05f7ab82
flow_observed5-aryOBS	e:fo:flow:4a2e0a063a42	flow:4a2e0a063a42 → host:177.10.232.208 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-332b957940cff81b:host:45.145.152.156:host:172.234.197.23	SESSION-332b957940cff81b → host:45.145.152.156 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-045b8a3eae800458:SESSION-045b8a3eae800458	SESSION-045b8a3eae800458 → pe:tls:SESSION-045b8a3eae800458
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7912a0e1302b3ba3:SESSION-7912a0e1302b3ba3	SESSION-7912a0e1302b3ba3 → pe:tls:SESSION-7912a0e1302b3ba3
FLOW_DST_PORTOBS	e:fp:flow:5b7a93415de8:port:tcp:34735	flow:5b7a93415de8 → port:tcp:34735
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6aca8ef237a42da9:SESSION-6aca8ef237a42da9	SESSION-6aca8ef237a42da9 → pe:tls:SESSION-6aca8ef237a42da9
FLOW_TO_HOSTOBS	e:to:SESSION-c1a14827dc654457:host:172.234.197.23	SESSION-c1a14827dc654457 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-014d878748f613f9:host:172.234.197.23	SESSION-014d878748f613f9 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ae2c237b5906e067:host:172.234.197.23	SESSION-ae2c237b5906e067 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.199:asn:271410	host:131.196.31.199 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-7c1c3bc51aa7232b:host:172.232.0.17	SESSION-7c1c3bc51aa7232b → host:172.232.0.17
flow_observed5-aryOBS	e:fo:flow:e35eac55d46e	flow:e35eac55d46e → host:177.10.236.64 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:3bbdd44e899d:port:tcp:443	flow:3bbdd44e899d → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-0e515946ec2b2292:host:177.10.232.4	SESSION-0e515946ec2b2292 → host:177.10.232.4
FLOW_DST_PORTOBS	e:fp:flow:8f568a8ff1de:port:tcp:443	flow:8f568a8ff1de → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ead4b2d62c5ebfd2:host:177.10.237.31:host:172.234.197.23	SESSION-ead4b2d62c5ebfd2 → host:177.10.237.31 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7d70f7a84199	flow:7d70f7a84199 → host:131.196.28.1 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c393069a667f4e79:host:131.196.28.238	SESSION-c393069a667f4e79 → host:131.196.28.238
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e6abbbca78e64654:host:172.234.197.23:host:177.10.238.82	SESSION-e6abbbca78e64654 → host:172.234.197.23 → host:177.10.238.82
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-82093c184ece9713:host:172.234.197.23:host:131.196.28.101	SESSION-82093c184ece9713 → host:172.234.197.23 → host:131.196.28.101
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6a5d8002765cb7d3:flow:b57952665021	SESSION-6a5d8002765cb7d3 → flow:b57952665021
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-620284e2b3f3a282:host:177.10.233.134	SESSION-620284e2b3f3a282 → host:177.10.233.134
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c36a1f3b5aad9a99:flow:d0648f3d1bca	SESSION-c36a1f3b5aad9a99 → flow:d0648f3d1bca
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc59b28fe233796a:host:177.10.238.156	SESSION-fc59b28fe233796a → host:177.10.238.156
FLOW_DST_PORTOBS	e:fp:flow:8bff9dd47a10:port:tcp:443	flow:8bff9dd47a10 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-858a06c2b9abdebe:SESSION-858a06c2b9abdebe	SESSION-858a06c2b9abdebe → pe:tls:SESSION-858a06c2b9abdebe
flow_observed4-aryOBS	e:fo:flow:1f7e322aca34	flow:1f7e322aca34 → host:172.234.197.23 → host:131.196.29.206 → port:tcp:51620
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-887f47388267b095:SESSION-887f47388267b095	SESSION-887f47388267b095 → pe:tls:SESSION-887f47388267b095
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c124aef8e6ea7da5:host:177.10.238.247:host:172.234.197.23	SESSION-c124aef8e6ea7da5 → host:177.10.238.247 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d0de0fae8f2a	flow:d0de0fae8f2a → host:177.10.236.187 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:19794999a79b:port:tcp:65386	flow:19794999a79b → port:tcp:65386
FLOW_TO_HOSTOBS	e:to:SESSION-e529f6ef28aca515:host:172.234.197.23	SESSION-e529f6ef28aca515 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b66b69fe93183378:host:172.234.197.23	SESSION-b66b69fe93183378 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9340cb45584a	flow:9340cb45584a → host:177.10.232.2 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:3.112.93.79:asn:16509	host:3.112.93.79 → asn:16509
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.59:asn:262880	host:177.10.239.59 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-9726d81acc78b8e7:host:131.196.30.5	SESSION-9726d81acc78b8e7 → host:131.196.30.5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ac6ab160136e0424:flow:3922a7adf516	SESSION-ac6ab160136e0424 → flow:3922a7adf516
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.90:geo_41.00190_28.96450	host:95.170.25.90 → geo_41.00190_28.96450
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fce80bc522afcc8b:host:177.10.232.63:host:172.234.197.23	SESSION-fce80bc522afcc8b → host:177.10.232.63 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f4a69b65a94c1ea1:SESSION-f4a69b65a94c1ea1	SESSION-f4a69b65a94c1ea1 → pe:tls:SESSION-f4a69b65a94c1ea1
FLOW_DST_PORTOBS	e:fp:flow:618c010170a5:port:tcp:443	flow:618c010170a5 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d7bf020c0439ffaa:host:172.234.197.23:host:2.57.122.192	SESSION-d7bf020c0439ffaa → host:172.234.197.23 → host:2.57.122.192
flow_observed4-aryOBS	e:fo:flow:7c9996f23e8d	flow:7c9996f23e8d → host:172.234.197.23 → host:131.196.30.23 → port:tcp:15960
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b1261f8c6b87cf73:SESSION-b1261f8c6b87cf73	SESSION-b1261f8c6b87cf73 → pe:syn:SESSION-b1261f8c6b87cf73
FLOW_DST_PORTOBS	e:fp:flow:b77838ce36c8:port:tcp:443	flow:b77838ce36c8 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db62c05acb7f0b0b:PCAP:capture_20260430150001:ded20914761d	SESSION-db62c05acb7f0b0b → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ce2516dd8311d56:host:172.234.197.23	SESSION-1ce2516dd8311d56 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-66dcd1fd6d28b07f:host:172.234.197.23	SESSION-66dcd1fd6d28b07f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2117b91b7562ba94:host:172.234.197.23:host:177.10.236.118	SESSION-2117b91b7562ba94 → host:172.234.197.23 → host:177.10.236.118
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c59a88aa03340e00:host:177.10.239.221	SESSION-c59a88aa03340e00 → host:177.10.239.221
flow_observed5-aryOBS	e:fo:flow:c0b92e0ed952	flow:c0b92e0ed952 → host:177.10.237.117 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:15db773386fc:port:tcp:443	flow:15db773386fc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1462f3fe112e9d96:SESSION-1462f3fe112e9d96	SESSION-1462f3fe112e9d96 → pe:syn:SESSION-1462f3fe112e9d96
FLOW_TO_HOSTOBS	e:to:SESSION-af55ab527d360ebd:host:172.234.197.23	SESSION-af55ab527d360ebd → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9b9ddad698cc7ffe:host:45.173.156.110:host:172.234.197.23	SESSION-9b9ddad698cc7ffe → host:45.173.156.110 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-923cb7ae7a40da65:host:177.10.234.249	SESSION-923cb7ae7a40da65 → host:177.10.234.249
FLOW_FROM_HOSTOBS	e:from:SESSION-b35aac65e648dac0:host:185.231.226.144	SESSION-b35aac65e648dac0 → host:185.231.226.144
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-493920f19ab5585b:SESSION-493920f19ab5585b	SESSION-493920f19ab5585b → pe:tls:SESSION-493920f19ab5585b
FLOW_FROM_HOSTOBS	e:from:SESSION-6ef4dd3d9fcb73b5:host:54.250.227.157	SESSION-6ef4dd3d9fcb73b5 → host:54.250.227.157
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c18145c92d838e0:host:131.196.31.26	SESSION-2c18145c92d838e0 → host:131.196.31.26
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf0bb0d03710ab65:SESSION-bf0bb0d03710ab65	SESSION-bf0bb0d03710ab65 → pe:tls:SESSION-bf0bb0d03710ab65
FLOW_DST_PORTOBS	e:fp:flow:94acff5eb08f:port:tcp:80	flow:94acff5eb08f → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed55c24c9ffd87b5:host:177.10.237.127	SESSION-ed55c24c9ffd87b5 → host:177.10.237.127
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bc49d07a666c670:host:172.234.197.23	SESSION-4bc49d07a666c670 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dc65fb323eff44ce:host:172.234.197.23:host:177.10.232.45	SESSION-dc65fb323eff44ce → host:172.234.197.23 → host:177.10.232.45
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a592f97b57bb2999:PCAP:capture_20260430060001:919b39a74464	SESSION-a592f97b57bb2999 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4619747059efac6f:host:45.173.156.225:host:172.234.197.23	SESSION-4619747059efac6f → host:45.173.156.225 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3e9c01925d6f4319:host:172.234.197.23:host:45.173.156.158	SESSION-3e9c01925d6f4319 → host:172.234.197.23 → host:45.173.156.158
HOST_IN_ASNOBS 85%	e:ha:host:13.208.161.175:asn:16509	host:13.208.161.175 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-871dd8a53b87e11e:SESSION-871dd8a53b87e11e	SESSION-871dd8a53b87e11e → pe:syn:SESSION-871dd8a53b87e11e
FLOW_TO_HOSTOBS	e:to:SESSION-b96d3d249635b605:host:172.234.197.23	SESSION-b96d3d249635b605 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6dacc3093e29f894:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6dacc3093e29f894 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4ec917f0e741b647:SESSION-4ec917f0e741b647	SESSION-4ec917f0e741b647 → pe:tls:SESSION-4ec917f0e741b647
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4c7b4cea62f376fb:flow:ad5526ffb021	SESSION-4c7b4cea62f376fb → flow:ad5526ffb021
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.23:asn:271410	host:131.196.29.23 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-e3a0847605e0d04e:host:172.234.197.23	SESSION-e3a0847605e0d04e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-accb56e5453b3fbd:host:45.173.156.3	SESSION-accb56e5453b3fbd → host:45.173.156.3
flow_observed4-aryOBS	e:fo:flow:22d7649bfc2b	flow:22d7649bfc2b → host:172.234.197.23 → host:131.196.28.195 → port:tcp:26757
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-949f3e8f4d37c52a:host:172.234.197.23:host:177.10.239.3	SESSION-949f3e8f4d37c52a → host:172.234.197.23 → host:177.10.239.3
FLOW_FROM_HOSTOBS	e:from:SESSION-ff2c95cfb4d3a4dd:host:44.243.2.252	SESSION-ff2c95cfb4d3a4dd → host:44.243.2.252
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-70cb56f6bea3d067:flow:83813505251a	SESSION-70cb56f6bea3d067 → flow:83813505251a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f77535316d56a4c:host:172.234.197.23	SESSION-7f77535316d56a4c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7ae3387e1a5f:port:tcp:56994	flow:7ae3387e1a5f → port:tcp:56994
flow_observed4-aryOBS	e:fo:flow:fac98caa6a69	flow:fac98caa6a69 → host:172.234.197.23 → host:131.196.28.116 → port:tcp:7813
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f97616f4c907a8c:host:177.10.239.43:host:172.234.197.23	SESSION-4f97616f4c907a8c → host:177.10.239.43 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3bedd6d77774b5e6:host:177.10.232.55	SESSION-3bedd6d77774b5e6 → host:177.10.232.55
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27c94fb85f37f774:host:131.196.29.231	SESSION-27c94fb85f37f774 → host:131.196.29.231
FLOW_FROM_HOSTOBS	e:from:SESSION-78b89cf411e3ebb4:host:172.234.197.23	SESSION-78b89cf411e3ebb4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ecb67f73d2142d93:SESSION-ecb67f73d2142d93	SESSION-ecb67f73d2142d93 → pe:tls:SESSION-ecb67f73d2142d93
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-baee22f4fffa81d2:host:172.234.197.23:host:177.10.235.111	SESSION-baee22f4fffa81d2 → host:172.234.197.23 → host:177.10.235.111
FLOW_TO_HOSTOBS	e:to:SESSION-1fb163f3769ccb67:host:172.234.197.23	SESSION-1fb163f3769ccb67 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7047b0effd77:port:tcp:443	flow:7047b0effd77 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-7c35a263dbc41a3d:host:45.145.152.249	SESSION-7c35a263dbc41a3d → host:45.145.152.249
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e39b76c4ba6c4cf6:SESSION-e39b76c4ba6c4cf6	SESSION-e39b76c4ba6c4cf6 → pe:syn:SESSION-e39b76c4ba6c4cf6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.207:geo_-16.28860_-49.01640	host:177.10.239.207 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf1877ae18abdd85:host:131.196.31.57:host:172.234.197.23	SESSION-bf1877ae18abdd85 → host:131.196.31.57 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-79b570e2589cf059:SESSION-79b570e2589cf059	SESSION-79b570e2589cf059 → pe:syn:SESSION-79b570e2589cf059
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ddfef5208babd34:SESSION-6ddfef5208babd34	SESSION-6ddfef5208babd34 → pe:tls:SESSION-6ddfef5208babd34
FLOW_TO_HOSTOBS	e:to:SESSION-167179e2a869fa22:host:172.234.197.23	SESSION-167179e2a869fa22 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9e3e5dcd2ccb687:host:131.196.31.27	SESSION-f9e3e5dcd2ccb687 → host:131.196.31.27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8d8e16e7f7cb138:SESSION-c8d8e16e7f7cb138	SESSION-c8d8e16e7f7cb138 → pe:tls:SESSION-c8d8e16e7f7cb138
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-97c8a314f3fd1c5a:SESSION-97c8a314f3fd1c5a	SESSION-97c8a314f3fd1c5a → pe:syn:SESSION-97c8a314f3fd1c5a
FLOW_TO_HOSTOBS	e:to:SESSION-228e058fc2527275:host:172.234.197.23	SESSION-228e058fc2527275 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c651848d98d2f620:host:172.234.197.23:host:177.10.235.97	SESSION-c651848d98d2f620 → host:172.234.197.23 → host:177.10.235.97
FLOW_TO_HOSTOBS	e:to:SESSION-e4f9227bbb6fbbfc:host:172.234.197.23	SESSION-e4f9227bbb6fbbfc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9166f313177f7326:SESSION-9166f313177f7326	SESSION-9166f313177f7326 → pe:tls:SESSION-9166f313177f7326
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.117:asn:271410	host:131.196.29.117 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-140a58b5ab5dfb04:flow:8d0575d2f6b8	SESSION-140a58b5ab5dfb04 → flow:8d0575d2f6b8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ddc324b0d6a8eb6:SESSION-1ddc324b0d6a8eb6	SESSION-1ddc324b0d6a8eb6 → pe:syn:SESSION-1ddc324b0d6a8eb6
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.145:asn:262880	host:177.10.234.145 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-47ed07d15aa63df9:host:172.234.197.23	SESSION-47ed07d15aa63df9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc1a8a6f7d90953a:host:172.232.0.16	SESSION-bc1a8a6f7d90953a → host:172.232.0.16
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2384be4238de1707:flow:d7af59d105eb	SESSION-2384be4238de1707 → flow:d7af59d105eb
flow_observed5-aryOBS	e:fo:flow:139d27eec0b8	flow:139d27eec0b8 → host:177.10.238.98 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:9fdc9457113e	flow:9fdc9457113e → host:185.231.226.119 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eaf5b03036efa5c6:SESSION-eaf5b03036efa5c6	SESSION-eaf5b03036efa5c6 → pe:tls:SESSION-eaf5b03036efa5c6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-291dfe079248afc7:flow:e99aac970179	SESSION-291dfe079248afc7 → flow:e99aac970179
FLOW_DST_PORTOBS	e:fp:flow:15b03786a53b:port:tcp:443	flow:15b03786a53b → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-49ffa8539a7cb217:host:131.196.30.57	SESSION-49ffa8539a7cb217 → host:131.196.30.57
flow_observed5-aryOBS	e:fo:flow:a149d042783d	flow:a149d042783d → host:177.10.238.15 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-86afdd078b90270f:host:172.234.197.23	SESSION-86afdd078b90270f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6e708c58166944fb:SESSION-6e708c58166944fb	SESSION-6e708c58166944fb → pe:syn:SESSION-6e708c58166944fb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5bf52bbf16270a2a:flow:ea03f5a052cd	SESSION-5bf52bbf16270a2a → flow:ea03f5a052cd
FLOW_TO_HOSTOBS	e:to:SESSION-45775bc626dbc608:host:177.10.238.56	SESSION-45775bc626dbc608 → host:177.10.238.56
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ec67d149df3809f6:flow:884ce823120d	SESSION-ec67d149df3809f6 → flow:884ce823120d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ff0c6bdae7c0fa78:host:177.10.235.152:host:172.234.197.23	SESSION-ff0c6bdae7c0fa78 → host:177.10.235.152 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.228:geo_-16.28860_-49.01640	host:177.10.233.228 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ad9dd4ac6be1fc2:host:131.196.30.244	SESSION-1ad9dd4ac6be1fc2 → host:131.196.30.244
FLOW_FROM_HOSTOBS	e:from:SESSION-361f1ea86b9f3cf3:host:177.10.236.253	SESSION-361f1ea86b9f3cf3 → host:177.10.236.253
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b3edcc633e4f5b2c:SESSION-b3edcc633e4f5b2c	SESSION-b3edcc633e4f5b2c → pe:syn:SESSION-b3edcc633e4f5b2c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e45220a51eb759d9:host:177.10.238.10	SESSION-e45220a51eb759d9 → host:177.10.238.10
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.166:geo_-16.28860_-49.01640	host:177.10.235.166 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b59030bd39741ab3:SESSION-b59030bd39741ab3	SESSION-b59030bd39741ab3 → pe:syn:SESSION-b59030bd39741ab3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bfa1612081e2aa61:host:16.147.218.115	SESSION-bfa1612081e2aa61 → host:16.147.218.115
FLOW_TO_HOSTOBS	e:to:SESSION-cac3103b39cc2b1a:host:172.234.197.23	SESSION-cac3103b39cc2b1a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-be67080b9ae14b48:SESSION-be67080b9ae14b48	SESSION-be67080b9ae14b48 → pe:tls:SESSION-be67080b9ae14b48
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e529f6ef28aca515:host:131.196.28.125	SESSION-e529f6ef28aca515 → host:131.196.28.125
FLOW_FROM_HOSTOBS	e:from:SESSION-72a654eac2136215:host:177.10.238.125	SESSION-72a654eac2136215 → host:177.10.238.125
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-312b2e72c1d2a2ee:host:131.196.30.253	SESSION-312b2e72c1d2a2ee → host:131.196.30.253
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e6511da7c7cd8e1:host:131.196.30.138:host:172.234.197.23	SESSION-4e6511da7c7cd8e1 → host:131.196.30.138 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2619cb568c6b860e:host:177.10.235.227:host:172.234.197.23	SESSION-2619cb568c6b860e → host:177.10.235.227 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:077349af1ee9:port:tcp:443	flow:077349af1ee9 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:092300811091	flow:092300811091 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f838b992fed206a8:host:172.234.197.23	SESSION-f838b992fed206a8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bf6bfb4b9f17f41e:host:131.196.31.195	SESSION-bf6bfb4b9f17f41e → host:131.196.31.195
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.237:geo_-16.28860_-49.01640	host:177.10.234.237 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.164:asn:271410	host:131.196.30.164 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02270ea748fd3855:host:177.10.232.120	SESSION-02270ea748fd3855 → host:177.10.232.120
FLOW_TO_HOSTOBS	e:to:SESSION-0bc55e1159bab546:host:172.234.197.23	SESSION-0bc55e1159bab546 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c60a94331c3e233:host:172.234.197.23	SESSION-8c60a94331c3e233 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2faf2af9b390693e:host:172.234.197.23	SESSION-2faf2af9b390693e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f7287a957cb5e0d9:SESSION-f7287a957cb5e0d9	SESSION-f7287a957cb5e0d9 → pe:tls:SESSION-f7287a957cb5e0d9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5a933b86812e122:host:172.234.197.23	SESSION-e5a933b86812e122 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.124:asn:262880	host:177.10.236.124 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-c532caa5d41cfcbc:host:172.234.197.23	SESSION-c532caa5d41cfcbc → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:16.147.218.115:geo_45.84010_-119.70500	host:16.147.218.115 → geo_45.84010_-119.70500
flow_observed5-aryOBS	e:fo:flow:d1db3a0fefad	flow:d1db3a0fefad → host:131.196.31.78 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:7f324461981c:port:tcp:443	flow:7f324461981c → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-05ec7baf0d99b24d:host:177.10.238.122	SESSION-05ec7baf0d99b24d → host:177.10.238.122
FLOW_TO_HOSTOBS	e:to:SESSION-5816b4a8f681ef76:host:172.234.197.23	SESSION-5816b4a8f681ef76 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-460a4898e7c07917:flow:877675c63b75	SESSION-460a4898e7c07917 → flow:877675c63b75
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-032a0dfc971c5b00:PCAP:capture_20260430090001:065659c7d314	SESSION-032a0dfc971c5b00 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:b5363f57bd19	flow:b5363f57bd19 → host:45.173.156.210 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eaecff6799ccb464:SESSION-eaecff6799ccb464	SESSION-eaecff6799ccb464 → pe:syn:SESSION-eaecff6799ccb464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6f0fa0972c78e2ef:PCAP:capture_20260430110001:43611bdf6759	SESSION-6f0fa0972c78e2ef → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe8408bb8c62f3c7:host:177.10.236.235	SESSION-fe8408bb8c62f3c7 → host:177.10.236.235
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c74fe87f9177e103:host:172.234.197.23:host:131.196.31.225	SESSION-c74fe87f9177e103 → host:172.234.197.23 → host:131.196.31.225
FLOW_FROM_HOSTOBS	e:from:SESSION-43a6565d7143b8ab:host:131.196.29.50	SESSION-43a6565d7143b8ab → host:131.196.29.50
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ab686f0f0916fec6:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-ab686f0f0916fec6 → PCAP:capture_20260427230001:ca8bd1ce36e2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d446777121d9b1f8:SESSION-d446777121d9b1f8	SESSION-d446777121d9b1f8 → pe:tls:SESSION-d446777121d9b1f8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4933624db1b9ac84:PCAP:capture_20260430110001:43611bdf6759	SESSION-4933624db1b9ac84 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-71340f64d1455f4f:flow:4836147166e2	SESSION-71340f64d1455f4f → flow:4836147166e2
FLOW_FROM_HOSTOBS	e:from:SESSION-69a0e56e6767912e:host:131.196.31.146	SESSION-69a0e56e6767912e → host:131.196.31.146
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6420523769b66d4c:host:177.10.237.43:host:172.234.197.23	SESSION-6420523769b66d4c → host:177.10.237.43 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28106317c083449d:host:131.196.30.184	SESSION-28106317c083449d → host:131.196.30.184
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8fbc053aa21c3a10:host:131.196.31.225:host:172.234.197.23	SESSION-8fbc053aa21c3a10 → host:131.196.31.225 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-58fb8de1a3a0b1f1:host:177.10.239.208	SESSION-58fb8de1a3a0b1f1 → host:177.10.239.208
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-88d03f5c2bc073a8:SESSION-88d03f5c2bc073a8	SESSION-88d03f5c2bc073a8 → pe:syn:SESSION-88d03f5c2bc073a8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0ad9c0df7a65aa03:host:172.234.197.23:host:177.10.236.151	SESSION-0ad9c0df7a65aa03 → host:172.234.197.23 → host:177.10.236.151
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-98083f958ccf36d4:flow:80741b638a66	SESSION-98083f958ccf36d4 → flow:80741b638a66
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4b859feadb239919:SESSION-4b859feadb239919	SESSION-4b859feadb239919 → pe:tls:SESSION-4b859feadb239919
FLOW_DST_PORTOBS	e:fp:flow:967fffb4bafe:port:tcp:443	flow:967fffb4bafe → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:62cee32573c2:port:tcp:443	flow:62cee32573c2 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e4de8bcb2f0334a:host:172.234.197.23	SESSION-4e4de8bcb2f0334a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-20552151cee2e1af:host:45.173.156.78	SESSION-20552151cee2e1af → host:45.173.156.78
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.56:asn:273470	host:45.173.156.56 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1f3af12abbb2ff56:host:172.234.197.23:host:131.196.30.212	SESSION-1f3af12abbb2ff56 → host:172.234.197.23 → host:131.196.30.212
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-62e68b494cd2572d:SESSION-62e68b494cd2572d	SESSION-62e68b494cd2572d → pe:syn:SESSION-62e68b494cd2572d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31b6c18ffff74955:host:177.10.236.112	SESSION-31b6c18ffff74955 → host:177.10.236.112
flow_observed5-aryOBS	e:fo:flow:e1c78128949a	flow:e1c78128949a → host:177.10.235.60 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.238:asn:262880	host:177.10.233.238 → asn:262880
flow_observed4-aryOBS	e:fo:flow:5b7a93415de8	flow:5b7a93415de8 → host:172.234.197.23 → host:177.10.238.146 → port:tcp:34735
FLOW_TO_HOSTOBS	e:to:SESSION-c3a58fc1fb15d0c4:host:172.234.197.23	SESSION-c3a58fc1fb15d0c4 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-80f68e8f687f2dc5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-80f68e8f687f2dc5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-72f157e6b3da81bc:host:172.234.197.23	SESSION-72f157e6b3da81bc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-34c02a09bd1ab4d1:PCAP:capture_20260428010001:b1b402c7b202	SESSION-34c02a09bd1ab4d1 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c421ecd159f7b93a:host:172.234.197.23	SESSION-c421ecd159f7b93a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4793a163d681d0d0:PCAP:capture_20260430090001:065659c7d314	SESSION-4793a163d681d0d0 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d82c2d4eaa13efdb:SESSION-d82c2d4eaa13efdb	SESSION-d82c2d4eaa13efdb → pe:syn:SESSION-d82c2d4eaa13efdb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e87421895e57790a:SESSION-e87421895e57790a	SESSION-e87421895e57790a → pe:tls:SESSION-e87421895e57790a
FLOW_FROM_HOSTOBS	e:from:SESSION-55ac8b9837cbe539:host:131.196.29.75	SESSION-55ac8b9837cbe539 → host:131.196.29.75
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-921ff5b52f826cc0:host:177.10.237.95:host:172.234.197.23	SESSION-921ff5b52f826cc0 → host:177.10.237.95 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8165f1476121226e:SESSION-8165f1476121226e	SESSION-8165f1476121226e → pe:syn:SESSION-8165f1476121226e
FLOW_TO_HOSTOBS	e:to:SESSION-46aa20776642b201:host:45.173.156.83	SESSION-46aa20776642b201 → host:45.173.156.83
flow_observed5-aryOBS	e:fo:flow:8f5d2d82ff5b	flow:8f5d2d82ff5b → host:54.87.95.7 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-2096050a1fa0221d:host:131.196.28.25	SESSION-2096050a1fa0221d → host:131.196.28.25
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27ee7c401cb71f02:host:177.10.234.234	SESSION-27ee7c401cb71f02 → host:177.10.234.234
FLOW_FROM_HOSTOBS	e:from:SESSION-3524905b33baacd0:host:177.10.232.229	SESSION-3524905b33baacd0 → host:177.10.232.229
flow_observed4-aryOBS	e:fo:flow:cb97aa589965	flow:cb97aa589965 → host:172.234.197.23 → host:45.173.156.101 → port:tcp:9264
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-63d746c5afa978f6:host:177.10.232.60	SESSION-63d746c5afa978f6 → host:177.10.232.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a7f0a64436ce2ca:host:177.10.236.189	SESSION-9a7f0a64436ce2ca → host:177.10.236.189
FLOW_TO_HOSTOBS	e:to:SESSION-3529b49a7d38dad6:host:172.234.197.23	SESSION-3529b49a7d38dad6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9eb85eb3deaacc18:host:131.196.28.100	SESSION-9eb85eb3deaacc18 → host:131.196.28.100
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-276035998be5d0c6:host:172.234.197.23:host:131.196.30.56	SESSION-276035998be5d0c6 → host:172.234.197.23 → host:131.196.30.56
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c3fa9d5496b14fae:flow:b4c30fbfab23	SESSION-c3fa9d5496b14fae → flow:b4c30fbfab23
FLOW_DST_PORTOBS	e:fp:flow:654f4f59f24b:port:tcp:443	flow:654f4f59f24b → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-b51ebf4113a5ef49:host:177.10.239.158	SESSION-b51ebf4113a5ef49 → host:177.10.239.158
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0f329fce2004d812:SESSION-0f329fce2004d812	SESSION-0f329fce2004d812 → pe:syn:SESSION-0f329fce2004d812
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0b22fbd69b6831b9:flow:f8a5a4fdedd5	SESSION-0b22fbd69b6831b9 → flow:f8a5a4fdedd5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:193.32.162.28:geo_45.99680_24.99700	host:193.32.162.28 → geo_45.99680_24.99700
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.127:asn:262880	host:177.10.237.127 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ab20216cf3eeb0ee:SESSION-ab20216cf3eeb0ee	SESSION-ab20216cf3eeb0ee → pe:tls:SESSION-ab20216cf3eeb0ee
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0aa7b6956faccec:flow:581696e98cc0	SESSION-c0aa7b6956faccec → flow:581696e98cc0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7b7470a9d5ba162:host:177.10.237.127	SESSION-b7b7470a9d5ba162 → host:177.10.237.127
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-287f6ffdc6040b27:host:172.234.197.23:host:177.10.239.137	SESSION-287f6ffdc6040b27 → host:172.234.197.23 → host:177.10.239.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f3913d4a535b9029:SESSION-f3913d4a535b9029	SESSION-f3913d4a535b9029 → pe:tls:SESSION-f3913d4a535b9029
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-74744b11834c8470:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-74744b11834c8470 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-8132ea082e988f13:host:177.10.239.57	SESSION-8132ea082e988f13 → host:177.10.239.57
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.65:asn:262880	host:177.10.232.65 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7678ab8e642a5a2a:host:177.10.234.94:host:172.234.197.23	SESSION-7678ab8e642a5a2a → host:177.10.234.94 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e074701a4b6d6566:PCAP:capture_20260430110001:43611bdf6759	SESSION-e074701a4b6d6566 → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:194.164.107.6:asn:50219	host:194.164.107.6 → asn:50219
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8aa4413fe5db5235:PCAP:capture_20260430060001:919b39a74464	SESSION-8aa4413fe5db5235 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-136e732c63cf53f4:host:177.10.238.55	SESSION-136e732c63cf53f4 → host:177.10.238.55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b1261f8c6b87cf73:SESSION-b1261f8c6b87cf73	SESSION-b1261f8c6b87cf73 → pe:tls:SESSION-b1261f8c6b87cf73
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.125:geo_41.02140_28.99480	host:31.40.196.125 → geo_41.02140_28.99480
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-54127ab649dd8e15:host:51.91.243.64:host:172.234.197.23	SESSION-54127ab649dd8e15 → host:51.91.243.64 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-11142ad74b2052de:host:172.234.197.23:host:177.10.232.134	SESSION-11142ad74b2052de → host:172.234.197.23 → host:177.10.232.134
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bb818ce2b02135d:host:131.196.28.219	SESSION-3bb818ce2b02135d → host:131.196.28.219
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f6061b9b172c119c:SESSION-f6061b9b172c119c	SESSION-f6061b9b172c119c → pe:tls:SESSION-f6061b9b172c119c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-9d0657eb87257c08:SESSION-9d0657eb87257c08	SESSION-9d0657eb87257c08 → pe:dns:SESSION-9d0657eb87257c08
FLOW_DST_PORTOBS	e:fp:flow:4e425a0bcb01:port:tcp:443	flow:4e425a0bcb01 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-e4e6682786f65470:host:172.234.197.23	SESSION-e4e6682786f65470 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f2ae6b0bca9a8c33:flow:d1db3a0fefad	SESSION-f2ae6b0bca9a8c33 → flow:d1db3a0fefad
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d45ffa0c695899f:flow:6cc058096f12	SESSION-1d45ffa0c695899f → flow:6cc058096f12
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-05f783d5d2ea4019:host:177.10.238.140	SESSION-05f783d5d2ea4019 → host:177.10.238.140
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.232:asn:262880	host:177.10.234.232 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7a8bea4194d810df:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7a8bea4194d810df → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:2e10465cca68	flow:2e10465cca68 → host:131.196.31.180 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-ef7fe2bb78158297:host:172.234.197.23	SESSION-ef7fe2bb78158297 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65bd30307946d7be:SESSION-65bd30307946d7be	SESSION-65bd30307946d7be → pe:syn:SESSION-65bd30307946d7be
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7139746cbd677852:host:172.234.197.23	SESSION-7139746cbd677852 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e529f6ef28aca515:flow:9b9c3f9f208d	SESSION-e529f6ef28aca515 → flow:9b9c3f9f208d
FLOW_DST_PORTOBS	e:fp:flow:bb9a57566950:port:tcp:443	flow:bb9a57566950 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:40.177.170.73:asn:16509	host:40.177.170.73 → asn:16509
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.44:geo_-16.28860_-49.01640	host:177.10.233.44 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-87462f91a35c5198:SESSION-87462f91a35c5198	SESSION-87462f91a35c5198 → pe:tls:SESSION-87462f91a35c5198
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-76408b67fb88a4bd:SESSION-76408b67fb88a4bd	SESSION-76408b67fb88a4bd → pe:tls:SESSION-76408b67fb88a4bd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d96c6feac6dadd94:SESSION-d96c6feac6dadd94	SESSION-d96c6feac6dadd94 → pe:syn:SESSION-d96c6feac6dadd94
FLOW_FROM_HOSTOBS	e:from:SESSION-cd801ce1250407dd:host:131.196.31.244	SESSION-cd801ce1250407dd → host:131.196.31.244
FLOW_FROM_HOSTOBS	e:from:SESSION-09c0e42aa6120a11:host:37.27.162.26	SESSION-09c0e42aa6120a11 → host:37.27.162.26
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27d66e2c1260cc5f:host:172.234.197.23	SESSION-27d66e2c1260cc5f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-230e735532621bd7:host:172.234.197.23	SESSION-230e735532621bd7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54016b03ecf1701c:host:177.10.234.204	SESSION-54016b03ecf1701c → host:177.10.234.204
FLOW_DST_PORTOBS	e:fp:flow:db22ad525c01:port:tcp:17430	flow:db22ad525c01 → port:tcp:17430
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f306c00af6aee0a4:host:177.10.236.239	SESSION-f306c00af6aee0a4 → host:177.10.236.239
FLOW_TO_HOSTOBS	e:to:SESSION-62337f4a23aa4d2d:host:177.10.237.62	SESSION-62337f4a23aa4d2d → host:177.10.237.62
FLOW_DST_PORTOBS	e:fp:flow:82e56c143909:port:tcp:443	flow:82e56c143909 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6756f0bedb2cdb12:SESSION-6756f0bedb2cdb12	SESSION-6756f0bedb2cdb12 → pe:syn:SESSION-6756f0bedb2cdb12
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d610f9ec6aa577ae:flow:a2a89388e09c	SESSION-d610f9ec6aa577ae → flow:a2a89388e09c
FLOW_FROM_HOSTOBS	e:from:SESSION-1d384de4bfeb31c0:host:131.196.29.16	SESSION-1d384de4bfeb31c0 → host:131.196.29.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-78e554a3c30f161c:SESSION-78e554a3c30f161c	SESSION-78e554a3c30f161c → pe:tls:SESSION-78e554a3c30f161c
flow_observed4-aryOBS	e:fo:flow:eaab4ec79949	flow:eaab4ec79949 → host:172.234.197.23 → host:131.196.31.169 → port:tcp:53031
flow_observed5-aryOBS	e:fo:flow:076a56dda6e5	flow:076a56dda6e5 → host:45.173.156.225 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:6ba1a4d64ddf:port:tcp:26659	flow:6ba1a4d64ddf → port:tcp:26659
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4fb8a50f2916880:host:131.196.30.87	SESSION-d4fb8a50f2916880 → host:131.196.30.87
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c5664e67ab454dc8:SESSION-c5664e67ab454dc8	SESSION-c5664e67ab454dc8 → pe:syn:SESSION-c5664e67ab454dc8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-55ef1be4460b895e:SESSION-55ef1be4460b895e	SESSION-55ef1be4460b895e → pe:syn:SESSION-55ef1be4460b895e
FLOW_TO_HOSTOBS	e:to:SESSION-4ddb6310055a59be:host:172.234.197.23	SESSION-4ddb6310055a59be → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-019d89e6bcaa6e4e:host:172.234.197.23	SESSION-019d89e6bcaa6e4e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f2f7ca9f61df30fd:host:177.10.232.216:host:172.234.197.23	SESSION-f2f7ca9f61df30fd → host:177.10.232.216 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1b714ce8916a149:host:172.234.197.23	SESSION-b1b714ce8916a149 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9e8a9e43c374485d:flow:0642648552e6	SESSION-9e8a9e43c374485d → flow:0642648552e6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aee37cb69186d910:flow:8aa829431aa1	SESSION-aee37cb69186d910 → flow:8aa829431aa1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea2f6118de4330ea:host:172.234.197.23	SESSION-ea2f6118de4330ea → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0d37e7327420:port:tcp:443	flow:0d37e7327420 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-775ba1157917a355:host:177.10.237.4	SESSION-775ba1157917a355 → host:177.10.237.4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-caf71fb423b46c4a:PCAP:capture_20260430090001:065659c7d314	SESSION-caf71fb423b46c4a → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fd73a09d62d6f89:host:172.234.197.23	SESSION-1fd73a09d62d6f89 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c7c9a5d15324e2ea:host:45.173.156.19:host:172.234.197.23	SESSION-c7c9a5d15324e2ea → host:45.173.156.19 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8de302c0e306721c:flow:67397cae3e03	SESSION-8de302c0e306721c → flow:67397cae3e03
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eadecea9d5615d15:host:172.234.197.23	SESSION-eadecea9d5615d15 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e398b6f99204:port:tcp:2682	flow:e398b6f99204 → port:tcp:2682
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-18e7a18371a0d1bf:SESSION-18e7a18371a0d1bf	SESSION-18e7a18371a0d1bf → pe:tls:SESSION-18e7a18371a0d1bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8e523425c561e01e:SESSION-8e523425c561e01e	SESSION-8e523425c561e01e → pe:tls:SESSION-8e523425c561e01e
FLOW_DST_PORTOBS	e:fp:flow:fe4ed0e5e9b3:port:tcp:443	flow:fe4ed0e5e9b3 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-ab81c1372abfe2ce:host:172.234.197.23	SESSION-ab81c1372abfe2ce → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-465906ddd8becee4:host:172.234.197.23	SESSION-465906ddd8becee4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0553c47d8718786a:host:177.10.234.244	SESSION-0553c47d8718786a → host:177.10.234.244
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-304db5c18798dbb4:flow:ec23e5b035b6	SESSION-304db5c18798dbb4 → flow:ec23e5b035b6
FLOW_FROM_HOSTOBS	e:from:SESSION-f5c9b4c9e225ad1d:host:172.234.197.23	SESSION-f5c9b4c9e225ad1d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-006e3a8766fa0c7d:host:172.234.197.23	SESSION-006e3a8766fa0c7d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-eec2a7691ff15afc:host:172.234.197.23	SESSION-eec2a7691ff15afc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-44e6d66a0a0fb56e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-44e6d66a0a0fb56e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8fd3b31137a7f5f9:PCAP:capture_20260430110001:43611bdf6759	SESSION-8fd3b31137a7f5f9 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-724515316ace62dc:flow:3a460404baad	SESSION-724515316ace62dc → flow:3a460404baad
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-57039b95174af1c3:host:177.10.236.40:host:172.234.197.23	SESSION-57039b95174af1c3 → host:177.10.236.40 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fdb408b0b3dd802:host:131.196.30.129	SESSION-5fdb408b0b3dd802 → host:131.196.30.129
FLOW_FROM_HOSTOBS	e:from:SESSION-8d587dd5c581936e:host:172.234.197.23	SESSION-8d587dd5c581936e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ff20c5693ea1	flow:ff20c5693ea1 → host:131.196.31.146 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-99d609228b1b32ef:host:172.234.197.23	SESSION-99d609228b1b32ef → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e6afdb068db09de:host:45.173.156.220	SESSION-6e6afdb068db09de → host:45.173.156.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-958fc48089d68c44:SESSION-958fc48089d68c44	SESSION-958fc48089d68c44 → pe:tls:SESSION-958fc48089d68c44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96afec3035986aab:SESSION-96afec3035986aab	SESSION-96afec3035986aab → pe:tls:SESSION-96afec3035986aab
FLOW_FROM_HOSTOBS	e:from:SESSION-484d7e89f92d0359:host:172.234.197.23	SESSION-484d7e89f92d0359 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f39fdcb76f4b9f9d:host:177.10.237.63:host:172.234.197.23	SESSION-f39fdcb76f4b9f9d → host:177.10.237.63 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fb63bd02d584:port:tcp:846	flow:fb63bd02d584 → port:tcp:846
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cbc08c1422c92ccf:host:172.234.197.23	SESSION-cbc08c1422c92ccf → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c9a9ddd86aa762a0:host:172.234.197.23:host:177.10.238.82	SESSION-c9a9ddd86aa762a0 → host:172.234.197.23 → host:177.10.238.82
FLOW_DST_PORTOBS	e:fp:flow:fb1eaf6b08b3:port:tcp:14374	flow:fb1eaf6b08b3 → port:tcp:14374
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6c7a2e5cf818d0a:host:177.10.234.130	SESSION-a6c7a2e5cf818d0a → host:177.10.234.130
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.98:asn:271410	host:131.196.30.98 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:44.250.172.176:geo_45.84010_-119.70500	host:44.250.172.176 → geo_45.84010_-119.70500
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7aa70a6d3547ceb7:flow:0ff7a75e4f64	SESSION-7aa70a6d3547ceb7 → flow:0ff7a75e4f64
FLOW_FROM_HOSTOBS	e:from:SESSION-977a7c6dd83aa424:host:172.234.197.23	SESSION-977a7c6dd83aa424 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-113c4b09005431cc:host:131.196.29.155:host:172.234.197.23	SESSION-113c4b09005431cc → host:131.196.29.155 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b7037fa1e0334ef5:host:177.10.233.222	SESSION-b7037fa1e0334ef5 → host:177.10.233.222
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e632e9ec3b8d735c:host:177.10.239.70	SESSION-e632e9ec3b8d735c → host:177.10.239.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9e4489cf6c262aa3:SESSION-9e4489cf6c262aa3	SESSION-9e4489cf6c262aa3 → pe:tls:SESSION-9e4489cf6c262aa3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1acc74ca4adb622d:host:172.234.197.23	SESSION-1acc74ca4adb622d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8a979a64e0f94d26:host:172.234.197.23	SESSION-8a979a64e0f94d26 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-873a01bbf1ba0d09:SESSION-873a01bbf1ba0d09	SESSION-873a01bbf1ba0d09 → pe:rst:SESSION-873a01bbf1ba0d09
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1863330d3e94cce5:flow:7362a99acee5	SESSION-1863330d3e94cce5 → flow:7362a99acee5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3f25ebe7728e5694:host:172.234.197.23:host:177.10.239.144	SESSION-3f25ebe7728e5694 → host:172.234.197.23 → host:177.10.239.144
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-786e34aed7c64f61:SESSION-786e34aed7c64f61	SESSION-786e34aed7c64f61 → pe:tls:SESSION-786e34aed7c64f61
FLOW_TO_HOSTOBS	e:to:SESSION-39d5adc1c22dd7ee:host:177.10.237.159	SESSION-39d5adc1c22dd7ee → host:177.10.237.159
FLOW_TO_HOSTOBS	e:to:SESSION-8ae580f5c3468d66:host:172.234.197.23	SESSION-8ae580f5c3468d66 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f43808d089ea9fde:host:131.196.28.72	SESSION-f43808d089ea9fde → host:131.196.28.72
flow_observed5-aryOBS	e:fo:flow:478fb2a48727	flow:478fb2a48727 → host:177.10.233.29 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-391d28a36308a996:host:172.234.197.23	SESSION-391d28a36308a996 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-28ea3e411a2de5c2:SESSION-28ea3e411a2de5c2	SESSION-28ea3e411a2de5c2 → pe:tls:SESSION-28ea3e411a2de5c2
flow_observed5-aryOBS	e:fo:flow:1a64cb5832d1	flow:1a64cb5832d1 → host:131.196.31.107 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-7640c6607dc14992:host:172.234.197.23	SESSION-7640c6607dc14992 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b70d9bf346b75217:host:172.234.197.23	SESSION-b70d9bf346b75217 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:041d6c0ffc77:port:tcp:62507	flow:041d6c0ffc77 → port:tcp:62507
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f042798b154a2bb2:SESSION-f042798b154a2bb2	SESSION-f042798b154a2bb2 → pe:syn:SESSION-f042798b154a2bb2
FLOW_FROM_HOSTOBS	e:from:SESSION-e5ba4a44df249a00:host:172.234.197.23	SESSION-e5ba4a44df249a00 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3f7e801a59e8e93f:host:172.234.197.23	SESSION-3f7e801a59e8e93f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7b0fec424d0db7c3:host:45.173.156.57	SESSION-7b0fec424d0db7c3 → host:45.173.156.57
FLOW_TO_HOSTOBS	e:to:SESSION-3839adbba9942939:host:131.196.30.213	SESSION-3839adbba9942939 → host:131.196.30.213
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-625fc1856b5bb87f:flow:7e6d2a7769d6	SESSION-625fc1856b5bb87f → flow:7e6d2a7769d6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-50e84f588759fadd:host:172.234.197.23	SESSION-50e84f588759fadd → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5282a60bb3a6	flow:5282a60bb3a6 → host:131.196.30.45 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.119:geo_-16.28860_-49.01640	host:177.10.238.119 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3fe48e08f3f123e2:flow:fa27f0003580	SESSION-3fe48e08f3f123e2 → flow:fa27f0003580
FLOW_FROM_HOSTOBS	e:from:SESSION-e52ff6e3dab6ecf9:host:177.10.238.83	SESSION-e52ff6e3dab6ecf9 → host:177.10.238.83
flow_observed4-aryOBS	e:fo:flow:15328a444bdb	flow:15328a444bdb → host:172.234.197.23 → host:177.10.236.112 → port:tcp:11510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dd2928203fc01c8b:host:177.10.234.161:host:172.234.197.23	SESSION-dd2928203fc01c8b → host:177.10.234.161 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-406d5e8256fbfc45:flow:915f8dd8e505	SESSION-406d5e8256fbfc45 → flow:915f8dd8e505
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ba12ba5c182aa430:host:177.10.238.209	SESSION-ba12ba5c182aa430 → host:177.10.238.209
FLOW_FROM_HOSTOBS	e:from:SESSION-baf6029a4a920bc4:host:177.10.238.90	SESSION-baf6029a4a920bc4 → host:177.10.238.90
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4fe97044eaa4ff8:PCAP:capture_20260430090001:065659c7d314	SESSION-c4fe97044eaa4ff8 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-60b46aef513c4722:flow:07c3682d867a	SESSION-60b46aef513c4722 → flow:07c3682d867a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3fd62b1832b0e41:host:172.234.197.23	SESSION-b3fd62b1832b0e41 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eee2452aad82d1c2:flow:563ee580e3fd	SESSION-eee2452aad82d1c2 → flow:563ee580e3fd
flow_observed4-aryOBS	e:fo:flow:62c530228f25	flow:62c530228f25 → host:172.234.197.23 → host:131.196.30.65 → port:tcp:33882
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-770902b82fea5ce5:host:172.234.197.23	SESSION-770902b82fea5ce5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8c9381f88305d4e9:host:172.234.197.23:host:131.196.29.79	SESSION-8c9381f88305d4e9 → host:172.234.197.23 → host:131.196.29.79
FLOW_FROM_HOSTOBS	e:from:SESSION-112ed66aeea7c1e0:host:172.234.197.23	SESSION-112ed66aeea7c1e0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-66a529d98727e997:host:131.196.31.82:host:172.234.197.23	SESSION-66a529d98727e997 → host:131.196.31.82 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.185:geo_-16.28860_-49.01640	host:177.10.235.185 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:0751af29d453:port:tcp:443	flow:0751af29d453 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.238:asn:271410	host:131.196.31.238 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-b7ba8377fba710c4:host:131.196.28.177	SESSION-b7ba8377fba710c4 → host:131.196.28.177
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-adf46c04c6a07144:flow:b307b7cec2f0	SESSION-adf46c04c6a07144 → flow:b307b7cec2f0
FLOW_TO_HOSTOBS	e:to:SESSION-51cc268447a19ae7:host:177.10.238.102	SESSION-51cc268447a19ae7 → host:177.10.238.102
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.86:geo_-16.28860_-49.01640	host:177.10.236.86 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:8a712d7c1855	flow:8a712d7c1855 → host:177.10.232.125 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:3f727fda71d2	flow:3f727fda71d2 → host:177.10.239.182 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-b8693b808e1d6b7d:host:177.10.233.135	SESSION-b8693b808e1d6b7d → host:177.10.233.135
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fd0571d5316a48e1:flow:05faa98018f7	SESSION-fd0571d5316a48e1 → flow:05faa98018f7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-29fae5326f4697b4:host:172.234.197.23:host:131.196.30.142	SESSION-29fae5326f4697b4 → host:172.234.197.23 → host:131.196.30.142
flow_observed5-aryOBS	e:fo:flow:844eea514ea2	flow:844eea514ea2 → host:45.173.156.183 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:73940bbfeb00:port:tcp:443	flow:73940bbfeb00 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d58e8fad9dafe114:SESSION-d58e8fad9dafe114	SESSION-d58e8fad9dafe114 → pe:tls:SESSION-d58e8fad9dafe114
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4fd6590fe23ccd99:host:177.10.234.18	SESSION-4fd6590fe23ccd99 → host:177.10.234.18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f1009c3ce0fc23df:SESSION-f1009c3ce0fc23df	SESSION-f1009c3ce0fc23df → pe:tls:SESSION-f1009c3ce0fc23df
FLOW_DST_PORTOBS	e:fp:flow:964813f28710:port:tcp:443	flow:964813f28710 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11c0fc2d370ea41a:host:172.234.197.23	SESSION-11c0fc2d370ea41a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a10047b74101a9ce:host:172.234.197.23	SESSION-a10047b74101a9ce → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e991004bd02372d1:flow:b55125dd0018	SESSION-e991004bd02372d1 → flow:b55125dd0018
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6cbb8d1d16f40477:SESSION-6cbb8d1d16f40477	SESSION-6cbb8d1d16f40477 → pe:syn:SESSION-6cbb8d1d16f40477
FLOW_DST_PORTOBS	e:fp:flow:3c358770241f:port:tcp:443	flow:3c358770241f → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2f93cb0de4645e47:flow:a108354098cf	SESSION-2f93cb0de4645e47 → flow:a108354098cf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-54aea84c156a3c18:PCAP:capture_20260430080001:93f47cc296a4	SESSION-54aea84c156a3c18 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-54704a8587620f8b:host:45.173.156.47	SESSION-54704a8587620f8b → host:45.173.156.47
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b6e18a39fae0db6:host:131.196.28.242	SESSION-6b6e18a39fae0db6 → host:131.196.28.242
FLOW_FROM_HOSTOBS	e:from:SESSION-d1075bb458d3b18a:host:95.170.25.200	SESSION-d1075bb458d3b18a → host:95.170.25.200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-56fe4753b2794494:host:177.10.237.38:host:172.234.197.23	SESSION-56fe4753b2794494 → host:177.10.237.38 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5ae017ce34991ed1:host:131.196.28.39	SESSION-5ae017ce34991ed1 → host:131.196.28.39
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-779f746558d2d979:PCAP:capture_20260430080001:93f47cc296a4	SESSION-779f746558d2d979 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0307b3c9af33eb0:SESSION-c0307b3c9af33eb0	SESSION-c0307b3c9af33eb0 → pe:syn:SESSION-c0307b3c9af33eb0
FLOW_FROM_HOSTOBS	e:from:SESSION-492b019ad94826ae:host:172.234.197.23	SESSION-492b019ad94826ae → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eed6a9b72737e44d:flow:3b613d9758b6	SESSION-eed6a9b72737e44d → flow:3b613d9758b6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4ec917f0e741b647:SESSION-4ec917f0e741b647	SESSION-4ec917f0e741b647 → pe:syn:SESSION-4ec917f0e741b647
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8749b2c626b3f1be:SESSION-8749b2c626b3f1be	SESSION-8749b2c626b3f1be → pe:tls:SESSION-8749b2c626b3f1be
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-37ba5323333f9720:SESSION-37ba5323333f9720	SESSION-37ba5323333f9720 → pe:tls:SESSION-37ba5323333f9720
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-098ed7054a17b347:SESSION-098ed7054a17b347	SESSION-098ed7054a17b347 → pe:tls:SESSION-098ed7054a17b347
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2634dc5934886659:SESSION-2634dc5934886659	SESSION-2634dc5934886659 → pe:tls:SESSION-2634dc5934886659
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5816b4a8f681ef76:host:172.234.197.23	SESSION-5816b4a8f681ef76 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-cac7290643404699:BSG-BEACON-61380c9a629a	SESSION-cac7290643404699 → BSG-BEACON-61380c9a629a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.60:geo_-16.28860_-49.01640	host:177.10.236.60 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a3123a8609bb9fc1:SESSION-a3123a8609bb9fc1	SESSION-a3123a8609bb9fc1 → pe:tls:SESSION-a3123a8609bb9fc1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ac3ac59e74f457a2:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ac3ac59e74f457a2 → PCAP:capture_20260430100001:55715ebbe6bf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.17:geo_-16.28860_-49.01640	host:177.10.236.17 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:874f2acd2406	flow:874f2acd2406 → host:131.196.30.146 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-002a4fad2ef08bcf:host:172.234.197.23	SESSION-002a4fad2ef08bcf → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:60b25f2806fd	flow:60b25f2806fd → host:172.234.197.23 → host:177.10.233.233 → port:tcp:39038
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2e46bef1b2f6daf0:SESSION-2e46bef1b2f6daf0	SESSION-2e46bef1b2f6daf0 → pe:syn:SESSION-2e46bef1b2f6daf0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8466bbcc058d46c:SESSION-c8466bbcc058d46c	SESSION-c8466bbcc058d46c → pe:tls:SESSION-c8466bbcc058d46c
FLOW_FROM_HOSTOBS	e:from:SESSION-341468c084cc4cf3:host:172.234.197.23	SESSION-341468c084cc4cf3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-43ba6051cf9120c0:host:177.10.239.102:host:172.234.197.23	SESSION-43ba6051cf9120c0 → host:177.10.239.102 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9494583da7ce1d88:host:172.234.197.23	SESSION-9494583da7ce1d88 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ec199f8b9a6f389:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8ec199f8b9a6f389 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.80:geo_-16.28860_-49.01640	host:177.10.234.80 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a390ade8fe745ada:SESSION-a390ade8fe745ada	SESSION-a390ade8fe745ada → pe:syn:SESSION-a390ade8fe745ada
FLOW_FROM_HOSTOBS	e:from:SESSION-996af5414634114f:host:177.10.235.151	SESSION-996af5414634114f → host:177.10.235.151
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7b20ceba4f49bfd:host:172.234.197.23	SESSION-c7b20ceba4f49bfd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b332774cd544824a:flow:b2e0fad9a7ba	SESSION-b332774cd544824a → flow:b2e0fad9a7ba
FLOW_DST_PORTOBS	e:fp:flow:9280036d235b:port:tcp:443	flow:9280036d235b → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db76c4941d3529f6:flow:0cf167553f52	SESSION-db76c4941d3529f6 → flow:0cf167553f52
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c05cd50533aa04ad:SESSION-c05cd50533aa04ad	SESSION-c05cd50533aa04ad → pe:tls:SESSION-c05cd50533aa04ad
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-151e53ee3004033b:SESSION-151e53ee3004033b	SESSION-151e53ee3004033b → pe:syn:SESSION-151e53ee3004033b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-54d23880cad1a846:SESSION-54d23880cad1a846	SESSION-54d23880cad1a846 → pe:syn:SESSION-54d23880cad1a846
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-107eaa9172a242e7:SESSION-107eaa9172a242e7	SESSION-107eaa9172a242e7 → pe:tls:SESSION-107eaa9172a242e7
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.87:asn:262880	host:177.10.237.87 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1129a02e66df3e40:host:131.196.30.252	SESSION-1129a02e66df3e40 → host:131.196.30.252
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0af842276eef56a1:host:51.161.119.157:host:172.234.197.23	SESSION-0af842276eef56a1 → host:51.161.119.157 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6229e1e1c7b389d0:SESSION-6229e1e1c7b389d0	SESSION-6229e1e1c7b389d0 → pe:tls:SESSION-6229e1e1c7b389d0
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-650f1a0c083a2aeb:BSG-BEACON-e07f4250263f	SESSION-650f1a0c083a2aeb → BSG-BEACON-e07f4250263f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aae44d6cd669040c:host:131.196.31.129	SESSION-aae44d6cd669040c → host:131.196.31.129
FLOW_DST_PORTOBS	e:fp:flow:24a446a92f0d:port:tcp:40525	flow:24a446a92f0d → port:tcp:40525
FLOW_DST_PORTOBS	e:fp:flow:425d8702e81b:port:tcp:443	flow:425d8702e81b → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8fd3b31137a7f5f9:SESSION-8fd3b31137a7f5f9	SESSION-8fd3b31137a7f5f9 → pe:tls:SESSION-8fd3b31137a7f5f9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a17077467e1bba6:host:172.234.197.23	SESSION-5a17077467e1bba6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c7409e3f74011df2:host:45.173.156.126:host:172.234.197.23	SESSION-c7409e3f74011df2 → host:45.173.156.126 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cb59d1b27c368873:host:172.234.197.23	SESSION-cb59d1b27c368873 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-871dd8a53b87e11e:PCAP:capture_20260430050001:8868731bf8a4	SESSION-871dd8a53b87e11e → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:b1ded13f1046	flow:b1ded13f1046 → host:177.10.237.115 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0e6517dadbfe4bb3:SESSION-0e6517dadbfe4bb3	SESSION-0e6517dadbfe4bb3 → pe:tls:SESSION-0e6517dadbfe4bb3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-602a14335703e220:SESSION-602a14335703e220	SESSION-602a14335703e220 → pe:tls:SESSION-602a14335703e220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eb8a27373acd6451:SESSION-eb8a27373acd6451	SESSION-eb8a27373acd6451 → pe:syn:SESSION-eb8a27373acd6451
FLOW_TO_HOSTOBS	e:to:SESSION-2354f30fe4af5f56:host:172.234.197.23	SESSION-2354f30fe4af5f56 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b3057ab5d68c477:host:177.10.235.80:host:172.234.197.23	SESSION-5b3057ab5d68c477 → host:177.10.235.80 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ac87af78ff19f5c9:host:172.234.197.23	SESSION-ac87af78ff19f5c9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f059fe4a40805f2:host:172.234.197.23	SESSION-1f059fe4a40805f2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a4167334bdfae4b6:host:172.234.197.23	SESSION-a4167334bdfae4b6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-952305350dc386c3:host:131.196.30.102	SESSION-952305350dc386c3 → host:131.196.30.102
FLOW_TO_HOSTOBS	e:to:SESSION-1cbcb5d52df9d7c9:host:172.234.197.23	SESSION-1cbcb5d52df9d7c9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4ba3ff89783efd81:host:177.10.238.138	SESSION-4ba3ff89783efd81 → host:177.10.238.138
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.90:asn:262880	host:177.10.239.90 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cff1d643020db9d5:SESSION-cff1d643020db9d5	SESSION-cff1d643020db9d5 → pe:syn:SESSION-cff1d643020db9d5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4628aedb62e0673e:host:172.234.197.23:host:131.196.31.21	SESSION-4628aedb62e0673e → host:172.234.197.23 → host:131.196.31.21
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.192:geo_-23.62930_-46.63510	host:131.196.30.192 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0bcd74883eff8339:flow:241ea1fbd65f	SESSION-0bcd74883eff8339 → flow:241ea1fbd65f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2bb4f19f005244d2:flow:6bbcc7e0b261	SESSION-2bb4f19f005244d2 → flow:6bbcc7e0b261
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2e4cb96e9954f000:host:177.10.235.87:host:172.234.197.23	SESSION-2e4cb96e9954f000 → host:177.10.235.87 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4bf01cc984d6	flow:4bf01cc984d6 → host:177.10.232.216 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c8dea047b3a203b:host:172.234.197.23	SESSION-6c8dea047b3a203b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7ed3cc3ecfbc3d3c:host:131.196.30.69:host:172.234.197.23	SESSION-7ed3cc3ecfbc3d3c → host:131.196.30.69 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.251:asn:262880	host:177.10.237.251 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3685b3a1e6c25f1a:SESSION-3685b3a1e6c25f1a	SESSION-3685b3a1e6c25f1a → pe:syn:SESSION-3685b3a1e6c25f1a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-de2c7d1c6ad5841e:SESSION-de2c7d1c6ad5841e	SESSION-de2c7d1c6ad5841e → pe:tls:SESSION-de2c7d1c6ad5841e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d45ffa0c695899f:host:131.196.30.160	SESSION-1d45ffa0c695899f → host:131.196.30.160
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5f0044b48e7e1824:SESSION-5f0044b48e7e1824	SESSION-5f0044b48e7e1824 → pe:syn:SESSION-5f0044b48e7e1824
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10db7c117acba2ed:host:177.10.239.71	SESSION-10db7c117acba2ed → host:177.10.239.71
FLOW_DST_PORTOBS	e:fp:flow:9b1232626ced:port:tcp:443	flow:9b1232626ced → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:f315e1ec89ae:port:tcp:443	flow:f315e1ec89ae → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64807579ab6c52ee:host:131.196.28.139	SESSION-64807579ab6c52ee → host:131.196.28.139
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2b2ef1696b4c4f00:flow:bf711ea5c82f	SESSION-2b2ef1696b4c4f00 → flow:bf711ea5c82f
FLOW_DST_PORTOBS	e:fp:flow:5c9dd4984fbd:port:tcp:31935	flow:5c9dd4984fbd → port:tcp:31935
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7a11ee5d378ab4f4:flow:8771a34c54d8	SESSION-7a11ee5d378ab4f4 → flow:8771a34c54d8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-879f882e46cb6c3f:flow:90a4c66aff81	SESSION-879f882e46cb6c3f → flow:90a4c66aff81
FLOW_TO_HOSTOBS	e:to:SESSION-3bebc5cb41e4621f:host:172.234.197.23	SESSION-3bebc5cb41e4621f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7488427d80d09cd9:SESSION-7488427d80d09cd9	SESSION-7488427d80d09cd9 → pe:tls:SESSION-7488427d80d09cd9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e2f5f99625dcfae4:host:3.102.147.184:host:172.234.197.23	SESSION-e2f5f99625dcfae4 → host:3.102.147.184 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dca9298136f0125a:host:172.234.197.23:host:177.10.236.46	SESSION-dca9298136f0125a → host:172.234.197.23 → host:177.10.236.46
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9868c83546c2d563:host:172.234.197.23:host:131.196.31.23	SESSION-9868c83546c2d563 → host:172.234.197.23 → host:131.196.31.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-61edd9328a7eff0d:SESSION-61edd9328a7eff0d	SESSION-61edd9328a7eff0d → pe:syn:SESSION-61edd9328a7eff0d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0ce4962ca3a156ee:SESSION-0ce4962ca3a156ee	SESSION-0ce4962ca3a156ee → pe:syn:SESSION-0ce4962ca3a156ee
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.14:asn:271410	host:131.196.29.14 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d9260442e0efbdc6:SESSION-d9260442e0efbdc6	SESSION-d9260442e0efbdc6 → pe:syn:SESSION-d9260442e0efbdc6
flow_observed5-aryOBS	e:fo:flow:82acf82630a3	flow:82acf82630a3 → host:131.196.31.47 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-7488427d80d09cd9:host:172.234.197.23	SESSION-7488427d80d09cd9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c24aca5564d2ae55:host:54.87.95.7	SESSION-c24aca5564d2ae55 → host:54.87.95.7
FLOW_DST_PORTOBS	e:fp:flow:d0b2adbfad1c:port:tcp:2472	flow:d0b2adbfad1c → port:tcp:2472
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.95:geo_-23.62930_-46.63510	host:131.196.30.95 → geo_-23.62930_-46.63510
flow_observed4-aryOBS	e:fo:flow:7402fc14b309	flow:7402fc14b309 → host:172.234.197.23 → host:177.10.237.237 → port:tcp:42521
FLOW_DST_PORTOBS	e:fp:flow:19e5b730c332:port:tcp:443	flow:19e5b730c332 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c89027ab2a1ddeda:host:172.234.197.23	SESSION-c89027ab2a1ddeda → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a03dc7893b60925b:SESSION-a03dc7893b60925b	SESSION-a03dc7893b60925b → pe:tls:SESSION-a03dc7893b60925b
FLOW_FROM_HOSTOBS	e:from:SESSION-af13e3f1012247aa:host:177.10.235.64	SESSION-af13e3f1012247aa → host:177.10.235.64
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-923fbccf43ed644a:host:177.10.239.225:host:172.234.197.23	SESSION-923fbccf43ed644a → host:177.10.239.225 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.9:asn:262880	host:177.10.238.9 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.63:geo_-16.28860_-49.01640	host:177.10.236.63 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-bf1647bbc272aaf8:host:172.234.197.23	SESSION-bf1647bbc272aaf8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4b2d156f752b:port:tcp:443	flow:4b2d156f752b → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a29ca5d80bc122d0:host:177.10.235.60:host:172.234.197.23	SESSION-a29ca5d80bc122d0 → host:177.10.235.60 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ff369745433a15b5:flow:63f677001d7d	SESSION-ff369745433a15b5 → flow:63f677001d7d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.188:geo_19.07480_72.88560	host:45.145.152.188 → geo_19.07480_72.88560
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bdbc4c9f7cbfe0c2:flow:f6c69868181b	SESSION-bdbc4c9f7cbfe0c2 → flow:f6c69868181b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6ddb3deb8cc2873:host:177.10.235.214	SESSION-d6ddb3deb8cc2873 → host:177.10.235.214
FLOW_FROM_HOSTOBS	e:from:SESSION-0f2cdff3ab49e1a1:host:172.234.197.23	SESSION-0f2cdff3ab49e1a1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a5bede5fedae88e0:SESSION-a5bede5fedae88e0	SESSION-a5bede5fedae88e0 → pe:syn:SESSION-a5bede5fedae88e0
flow_observed5-aryOBS	e:fo:flow:8bfba4698bee	flow:8bfba4698bee → host:131.196.31.244 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df8de933ba817d8f:host:185.231.226.101	SESSION-df8de933ba817d8f → host:185.231.226.101
FLOW_DST_PORTOBS	e:fp:flow:c4216ce52ca9:port:tcp:443	flow:c4216ce52ca9 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e66594520e7edee5:SESSION-e66594520e7edee5	SESSION-e66594520e7edee5 → pe:tls:SESSION-e66594520e7edee5
FLOW_TO_HOSTOBS	e:to:SESSION-83ce9ba3d421fc3f:host:177.10.235.230	SESSION-83ce9ba3d421fc3f → host:177.10.235.230
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7375b1770c27cca2:flow:b2bdb96a74f9	SESSION-7375b1770c27cca2 → flow:b2bdb96a74f9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f1009c3ce0fc23df:flow:8e045676cfe0	SESSION-f1009c3ce0fc23df → flow:8e045676cfe0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2392c0826d87e845:host:172.234.197.23	SESSION-2392c0826d87e845 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:99625993f9a8:port:tcp:443	flow:99625993f9a8 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.254:asn:262880	host:177.10.234.254 → asn:262880
flow_observed4-aryOBS	e:fo:flow:8ac017970638	flow:8ac017970638 → host:172.234.197.23 → host:131.196.30.234 → port:tcp:54071
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-72786bca04f1b5c7:BSG-BEACON-bbe881c142fc	SESSION-72786bca04f1b5c7 → BSG-BEACON-bbe881c142fc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a457a833cb01b1f:SESSION-4a457a833cb01b1f	SESSION-4a457a833cb01b1f → pe:syn:SESSION-4a457a833cb01b1f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-53fb5011e3d13c28:host:131.196.29.107:host:172.234.197.23	SESSION-53fb5011e3d13c28 → host:131.196.29.107 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5f416b1590e3cca4:PCAP:capture_20260430090001:065659c7d314	SESSION-5f416b1590e3cca4 → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:9b565a4c11fe:port:tcp:443	flow:9b565a4c11fe → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d28501729ed200f7:host:131.196.30.160	SESSION-d28501729ed200f7 → host:131.196.30.160
FLOW_TO_HOSTOBS	e:to:SESSION-dfd5cbc4ed1c485c:host:177.10.234.166	SESSION-dfd5cbc4ed1c485c → host:177.10.234.166
FLOW_DST_PORTOBS	e:fp:flow:b08eb85e8c9a:port:tcp:443	flow:b08eb85e8c9a → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-0bf5b48d5bcb9503:host:172.234.197.23	SESSION-0bf5b48d5bcb9503 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a19951f5f7590fa9:host:172.234.197.23:host:177.10.232.253	SESSION-a19951f5f7590fa9 → host:172.234.197.23 → host:177.10.232.253
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b65c6ec30f2c8117:flow:f559965f53cd	SESSION-b65c6ec30f2c8117 → flow:f559965f53cd
flow_observed5-aryOBS	e:fo:flow:a6ca0cab59ea	flow:a6ca0cab59ea → host:177.10.237.60 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2f802a56d8e0d79:host:131.196.31.49	SESSION-a2f802a56d8e0d79 → host:131.196.31.49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3ea33f21558d3ba7:SESSION-3ea33f21558d3ba7	SESSION-3ea33f21558d3ba7 → pe:syn:SESSION-3ea33f21558d3ba7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-14b61e43a384fdb4:SESSION-14b61e43a384fdb4	SESSION-14b61e43a384fdb4 → pe:tls:SESSION-14b61e43a384fdb4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-38c7d1687d10af97:host:172.234.197.23:host:177.10.238.125	SESSION-38c7d1687d10af97 → host:172.234.197.23 → host:177.10.238.125
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4337995d605bd9f8:host:172.234.197.23:host:177.10.232.156	SESSION-4337995d605bd9f8 → host:172.234.197.23 → host:177.10.232.156
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bc96f34750660160:host:177.10.235.83:host:172.234.197.23	SESSION-bc96f34750660160 → host:177.10.235.83 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4d9a4406bd7b3b41:host:177.10.239.145	SESSION-4d9a4406bd7b3b41 → host:177.10.239.145
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b6d920a3cc562b13:SESSION-b6d920a3cc562b13	SESSION-b6d920a3cc562b13 → pe:syn:SESSION-b6d920a3cc562b13
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0aa7b6956faccec:host:45.173.156.14	SESSION-c0aa7b6956faccec → host:45.173.156.14
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-88d03f5c2bc073a8:host:172.234.197.23:host:177.10.232.205	SESSION-88d03f5c2bc073a8 → host:172.234.197.23 → host:177.10.232.205
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-295a993db8b4e397:flow:544b80c3b32c	SESSION-295a993db8b4e397 → flow:544b80c3b32c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3f928c0ad9f6130d:SESSION-3f928c0ad9f6130d	SESSION-3f928c0ad9f6130d → pe:tls:SESSION-3f928c0ad9f6130d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-288ea97e67f438e3:host:45.173.156.230	SESSION-288ea97e67f438e3 → host:45.173.156.230
flow_observed3-aryOBS	e:fo:flow:2860805f4ccd	flow:2860805f4ccd → host:3.103.179.97 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:962b552243c1	flow:962b552243c1 → host:34.231.77.232 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-54b62e34296d5c17:flow:001b9cdbdba1	SESSION-54b62e34296d5c17 → flow:001b9cdbdba1
FLOW_DST_PORTOBS	e:fp:flow:a98344343537:port:tcp:23265	flow:a98344343537 → port:tcp:23265
FLOW_DST_PORTOBS	e:fp:flow:f6aafd0bf44a:port:tcp:443	flow:f6aafd0bf44a → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3f7e801a59e8e93f:host:172.234.197.23:host:177.10.235.81	SESSION-3f7e801a59e8e93f → host:172.234.197.23 → host:177.10.235.81
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d9fdfee14b0ac469:host:172.234.197.23:host:177.10.232.226	SESSION-d9fdfee14b0ac469 → host:172.234.197.23 → host:177.10.232.226
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3efb69df0be27ca4:host:172.234.197.23	SESSION-3efb69df0be27ca4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fa35d0a8fa5d9f77:SESSION-fa35d0a8fa5d9f77	SESSION-fa35d0a8fa5d9f77 → pe:syn:SESSION-fa35d0a8fa5d9f77
FLOW_FROM_HOSTOBS	e:from:SESSION-2a81d3c71843f89e:host:149.210.194.32	SESSION-2a81d3c71843f89e → host:149.210.194.32
FLOW_DST_PORTOBS	e:fp:flow:a9ef69b0237c:port:udp:53	flow:a9ef69b0237c → port:udp:53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d82ce6b730f5fc6b:SESSION-d82ce6b730f5fc6b	SESSION-d82ce6b730f5fc6b → pe:syn:SESSION-d82ce6b730f5fc6b
FLOW_FROM_HOSTOBS	e:from:SESSION-6798e98bad768e0d:host:131.196.28.32	SESSION-6798e98bad768e0d → host:131.196.28.32
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.160:geo_-16.28860_-49.01640	host:177.10.238.160 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7eabead80f81736f:host:177.10.235.205:host:172.234.197.23	SESSION-7eabead80f81736f → host:177.10.235.205 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1845bedc5e4a:port:tcp:443	flow:1845bedc5e4a → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:3006c4727877	flow:3006c4727877 → host:172.234.197.23 → host:131.196.28.115 → port:tcp:28601
FLOW_FROM_HOSTOBS	e:from:SESSION-208c35e6fa834cd1:host:131.196.30.219	SESSION-208c35e6fa834cd1 → host:131.196.30.219
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.118:asn:271410	host:131.196.31.118 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8df47c2606014223:host:131.196.31.196:host:172.234.197.23	SESSION-8df47c2606014223 → host:131.196.31.196 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-87f83ff8260cc70d:host:172.234.197.23	SESSION-87f83ff8260cc70d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bb70871923a8cd06:host:131.196.29.132	SESSION-bb70871923a8cd06 → host:131.196.29.132
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-592c559641abdde0:SESSION-592c559641abdde0	SESSION-592c559641abdde0 → pe:syn:SESSION-592c559641abdde0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b07a5e743a2061fa:host:172.234.197.23	SESSION-b07a5e743a2061fa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21cca31493e9287d:host:177.10.238.157	SESSION-21cca31493e9287d → host:177.10.238.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eaf9de21464647a2:SESSION-eaf9de21464647a2	SESSION-eaf9de21464647a2 → pe:syn:SESSION-eaf9de21464647a2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b048d8915129480a:host:172.234.197.23:host:177.10.232.52	SESSION-b048d8915129480a → host:172.234.197.23 → host:177.10.232.52
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2240076057fcee51:host:45.173.156.189:host:172.234.197.23	SESSION-2240076057fcee51 → host:45.173.156.189 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3ebbfb7f9178:port:tcp:443	flow:3ebbfb7f9178 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0b22fbd69b6831b9:SESSION-0b22fbd69b6831b9	SESSION-0b22fbd69b6831b9 → pe:tls:SESSION-0b22fbd69b6831b9
FLOW_DST_PORTOBS	e:fp:flow:f69e7ff11a0f:port:tcp:443	flow:f69e7ff11a0f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77661c4fb07edf10:SESSION-77661c4fb07edf10	SESSION-77661c4fb07edf10 → pe:syn:SESSION-77661c4fb07edf10
FLOW_FROM_HOSTOBS	e:from:SESSION-19fcdbc3c5b0e100:host:172.234.197.23	SESSION-19fcdbc3c5b0e100 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:dce69c8399be:port:tcp:443	flow:dce69c8399be → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-750fc9f72ee279c6:SESSION-750fc9f72ee279c6	SESSION-750fc9f72ee279c6 → pe:tls:SESSION-750fc9f72ee279c6
flow_observed5-aryOBS	e:fo:flow:297c6aefdd3e	flow:297c6aefdd3e → host:45.173.156.188 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8fbacc1128a5208:SESSION-c8fbacc1128a5208	SESSION-c8fbacc1128a5208 → pe:syn:SESSION-c8fbacc1128a5208
FLOW_DST_PORTOBS	e:fp:flow:6d34e0a13e28:port:tcp:443	flow:6d34e0a13e28 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-cbc08c1422c92ccf:host:177.10.236.94	SESSION-cbc08c1422c92ccf → host:177.10.236.94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1a09dd97dc23cca0:SESSION-1a09dd97dc23cca0	SESSION-1a09dd97dc23cca0 → pe:syn:SESSION-1a09dd97dc23cca0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55ef1be4460b895e:host:131.196.31.3	SESSION-55ef1be4460b895e → host:131.196.31.3
FLOW_DST_PORTOBS	e:fp:flow:fe21c49df113:port:tcp:443	flow:fe21c49df113 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:142.132.190.158:asn:24940	host:142.132.190.158 → asn:24940
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0b3c5797223848b:host:177.10.235.121	SESSION-c0b3c5797223848b → host:177.10.235.121
FLOW_DST_PORTOBS	e:fp:flow:625b35d276e8:port:tcp:443	flow:625b35d276e8 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-8d7cf6e510c352d8:host:172.234.197.23	SESSION-8d7cf6e510c352d8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:dcdb2681bcf7:port:tcp:443	flow:dcdb2681bcf7 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:4b284c0fc595	flow:4b284c0fc595 → host:131.196.30.141 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c7b4cea62f376fb:host:131.196.30.143	SESSION-4c7b4cea62f376fb → host:131.196.30.143
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-efb63adb0418d7f8:host:177.10.233.145	SESSION-efb63adb0418d7f8 → host:177.10.233.145
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2091e87bc96ca173:host:131.196.29.25	SESSION-2091e87bc96ca173 → host:131.196.29.25
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.202:geo_41.02140_28.99480	host:185.231.226.202 → geo_41.02140_28.99480
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-49ffa8539a7cb217:SESSION-49ffa8539a7cb217	SESSION-49ffa8539a7cb217 → pe:syn:SESSION-49ffa8539a7cb217
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ef4dd3d9fcb73b5:PCAP:capture_20260427200001:3ed6eed62060	SESSION-6ef4dd3d9fcb73b5 → PCAP:capture_20260427200001:3ed6eed62060
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.27:geo_-16.28860_-49.01640	host:177.10.234.27 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dc3f24e93e3e0fb3:SESSION-dc3f24e93e3e0fb3	SESSION-dc3f24e93e3e0fb3 → pe:tls:SESSION-dc3f24e93e3e0fb3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ee237db5b674d6c4:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ee237db5b674d6c4 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:4e18f65ce9ef:port:tcp:10447	flow:4e18f65ce9ef → port:tcp:10447
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cff1d643020db9d5:host:131.196.31.132	SESSION-cff1d643020db9d5 → host:131.196.31.132
FLOW_FROM_HOSTOBS	e:from:SESSION-0ce4962ca3a156ee:host:177.10.237.12	SESSION-0ce4962ca3a156ee → host:177.10.237.12
FLOW_TO_HOSTOBS	e:to:SESSION-921486915e849834:host:172.234.197.23	SESSION-921486915e849834 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-35fc4de775269620:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-35fc4de775269620 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-bc37b0c14be06192:SESSION-bc37b0c14be06192	SESSION-bc37b0c14be06192 → pe:rst:SESSION-bc37b0c14be06192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b23254615c6167a0:host:172.234.197.23	SESSION-b23254615c6167a0 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-17dd55091d27669a:BSG-BEACON-e07f4250263f	SESSION-17dd55091d27669a → BSG-BEACON-e07f4250263f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-caadff286c632ea0:host:172.234.197.23	SESSION-caadff286c632ea0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3674a7955b512da1:PCAP:capture_20260430060001:919b39a74464	SESSION-3674a7955b512da1 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:8273b67b89ac:port:tcp:18869	flow:8273b67b89ac → port:tcp:18869
FLOW_DST_PORTOBS	e:fp:flow:0a874088480d:port:tcp:443	flow:0a874088480d → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6aa2ce807ac3d210:PCAP:capture_20260430150001:ded20914761d	SESSION-6aa2ce807ac3d210 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-9de9d154fbb04a83:host:131.196.28.0	SESSION-9de9d154fbb04a83 → host:131.196.28.0
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-0957d40de01926ae:BSG-BEACON-f7f4304ec72f	SESSION-0957d40de01926ae → BSG-BEACON-f7f4304ec72f
FLOW_FROM_HOSTOBS	e:from:SESSION-80f99961f353c40e:host:104.28.202.80	SESSION-80f99961f353c40e → host:104.28.202.80
flow_observed4-aryOBS	e:fo:flow:f7e8645f576f	flow:f7e8645f576f → host:172.234.197.23 → host:177.10.238.221 → port:tcp:4251
FLOW_TO_HOSTOBS	e:to:SESSION-35910be85c736a39:host:172.234.197.23	SESSION-35910be85c736a39 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e27a0dcdc385:port:tcp:443	flow:e27a0dcdc385 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ef354b4063646368:PCAP:capture_20260430060001:919b39a74464	SESSION-ef354b4063646368 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-20cf12e311e55250:host:172.234.197.23	SESSION-20cf12e311e55250 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-456e7eaee9f2720f:host:51.224.252.115	SESSION-456e7eaee9f2720f → host:51.224.252.115
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6328c86c978f61df:host:172.234.197.23	SESSION-6328c86c978f61df → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bb5021014b7af5cb:host:172.234.197.23:host:177.10.234.143	SESSION-bb5021014b7af5cb → host:172.234.197.23 → host:177.10.234.143
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f766219ab3f1d4b:host:177.10.239.203	SESSION-4f766219ab3f1d4b → host:177.10.239.203
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9912439438040361:host:45.173.156.116	SESSION-9912439438040361 → host:45.173.156.116
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.52:geo_-21.10010_-41.69200	host:45.173.156.52 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d87083f9dd8844d:host:177.10.233.70	SESSION-7d87083f9dd8844d → host:177.10.233.70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1191ea69c7b9e8e5:host:172.234.197.23	SESSION-1191ea69c7b9e8e5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3eb6cc7ca453157a:host:156.59.198.136:host:172.234.197.23	SESSION-3eb6cc7ca453157a → host:156.59.198.136 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3759208ef2a99af0:host:172.234.197.23	SESSION-3759208ef2a99af0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3fc91fd95f4bed82:host:172.234.197.23	SESSION-3fc91fd95f4bed82 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ae8076186321ef8:SESSION-8ae8076186321ef8	SESSION-8ae8076186321ef8 → pe:tls:SESSION-8ae8076186321ef8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f0daf10b890c2667:SESSION-f0daf10b890c2667	SESSION-f0daf10b890c2667 → pe:tls:SESSION-f0daf10b890c2667
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f635007151c479b8:SESSION-f635007151c479b8	SESSION-f635007151c479b8 → pe:tls:SESSION-f635007151c479b8
FLOW_FROM_HOSTOBS	e:from:SESSION-8dff22511e3d5727:host:172.234.197.23	SESSION-8dff22511e3d5727 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-472112a6b5df57cd:SESSION-472112a6b5df57cd	SESSION-472112a6b5df57cd → pe:tls:SESSION-472112a6b5df57cd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1f3af12abbb2ff56:SESSION-1f3af12abbb2ff56	SESSION-1f3af12abbb2ff56 → pe:syn:SESSION-1f3af12abbb2ff56
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-7601ec92d63a89e6:BSG-DATA_EXFIL-00e5892dbdcb	SESSION-7601ec92d63a89e6 → BSG-DATA_EXFIL-00e5892dbdcb
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.152:geo_41.00190_28.96450	host:95.170.25.152 → geo_41.00190_28.96450
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-07dfdeddccca16ee:host:177.10.236.64:host:172.234.197.23	SESSION-07dfdeddccca16ee → host:177.10.236.64 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c382f6b8063de44f:SESSION-c382f6b8063de44f	SESSION-c382f6b8063de44f → pe:syn:SESSION-c382f6b8063de44f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-598f28b8a9577970:host:172.234.197.23:host:131.196.31.1	SESSION-598f28b8a9577970 → host:172.234.197.23 → host:131.196.31.1
FLOW_FROM_HOSTOBS	e:from:SESSION-6c15e0230f45f826:host:177.10.234.113	SESSION-6c15e0230f45f826 → host:177.10.234.113
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-88f0aa854ba7cdd7:SESSION-88f0aa854ba7cdd7	SESSION-88f0aa854ba7cdd7 → pe:tls:SESSION-88f0aa854ba7cdd7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7b7470a9d5ba162:host:172.234.197.23:host:177.10.237.127	SESSION-b7b7470a9d5ba162 → host:172.234.197.23 → host:177.10.237.127
FLOW_FROM_HOSTOBS	e:from:SESSION-f53fdd8a51294c3d:host:45.173.156.71	SESSION-f53fdd8a51294c3d → host:45.173.156.71
flow_observed5-aryOBS	e:fo:flow:d6752e166704	flow:d6752e166704 → host:177.10.238.70 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:dcf36065a524:port:tcp:443	flow:dcf36065a524 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-6d4e81930fa292a8:host:172.234.197.23	SESSION-6d4e81930fa292a8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f776838979623936:SESSION-f776838979623936	SESSION-f776838979623936 → pe:tls:SESSION-f776838979623936
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37617ebce6c7f9ac:host:172.234.197.23	SESSION-37617ebce6c7f9ac → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fd5aff6c936b:port:tcp:443	flow:fd5aff6c936b → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.147:geo_-16.28860_-49.01640	host:177.10.235.147 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-347bad418eab3a6f:flow:2a9038dbf01b	SESSION-347bad418eab3a6f → flow:2a9038dbf01b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c9c5b30eb4b7e446:host:172.234.197.23:host:45.173.156.219	SESSION-c9c5b30eb4b7e446 → host:172.234.197.23 → host:45.173.156.219
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4b5ce2843c92e119:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-4b5ce2843c92e119 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5dbf12d77f23d3eb:SESSION-5dbf12d77f23d3eb	SESSION-5dbf12d77f23d3eb → pe:syn:SESSION-5dbf12d77f23d3eb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ccf862d3dae518e:SESSION-8ccf862d3dae518e	SESSION-8ccf862d3dae518e → pe:tls:SESSION-8ccf862d3dae518e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-99a4fe376d3938fb:SESSION-99a4fe376d3938fb	SESSION-99a4fe376d3938fb → pe:syn:SESSION-99a4fe376d3938fb
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.145:geo_-16.28860_-49.01640	host:177.10.239.145 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-7c3601b8f3a6cf17:host:177.10.234.97	SESSION-7c3601b8f3a6cf17 → host:177.10.234.97
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-63fc840f6df40503:host:131.196.29.253:host:172.234.197.23	SESSION-63fc840f6df40503 → host:131.196.29.253 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1bf759d3ac72:port:tcp:52773	flow:1bf759d3ac72 → port:tcp:52773
FLOW_FROM_HOSTOBS	e:from:SESSION-0957d40de01926ae:host:177.10.233.145	SESSION-0957d40de01926ae → host:177.10.233.145
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-788920b93ac95b5f:SESSION-788920b93ac95b5f	SESSION-788920b93ac95b5f → pe:syn:SESSION-788920b93ac95b5f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.163:geo_-21.10010_-41.69200	host:45.173.156.163 → geo_-21.10010_-41.69200
flow_observed5-aryOBS	e:fo:flow:3b4858fab774	flow:3b4858fab774 → host:131.196.28.80 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da14e430733ddeb2:host:177.10.238.76	SESSION-da14e430733ddeb2 → host:177.10.238.76
FLOW_DST_PORTOBS	e:fp:flow:78fc6ae4b8bb:port:tcp:32417	flow:78fc6ae4b8bb → port:tcp:32417
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9820f222b36503c3:flow:9e585f997a3c	SESSION-9820f222b36503c3 → flow:9e585f997a3c
FLOW_DST_PORTOBS	e:fp:flow:4c8f41a5769d:port:tcp:36854	flow:4c8f41a5769d → port:tcp:36854
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5c24af053222fbf1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5c24af053222fbf1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1d147c13acfa404:host:172.234.197.23	SESSION-a1d147c13acfa404 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5746e0d81f0d05c1:host:92.112.71.29:host:172.234.197.23	SESSION-5746e0d81f0d05c1 → host:92.112.71.29 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bff0166abbd0d576:host:172.234.197.23	SESSION-bff0166abbd0d576 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-893e080e65f2ed4f:host:131.196.31.144	SESSION-893e080e65f2ed4f → host:131.196.31.144
FLOW_DST_PORTOBS	e:fp:flow:5773e64f6579:port:tcp:443	flow:5773e64f6579 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6e3139069f2c261e:PCAP:capture_20260430110001:43611bdf6759	SESSION-6e3139069f2c261e → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-bf997a1aac5d0ef1:host:172.234.197.23	SESSION-bf997a1aac5d0ef1 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a31746b72125	flow:a31746b72125 → host:172.234.197.23 → host:131.196.31.45 → port:tcp:19227
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a208e591aeac31e9:host:172.234.197.23	SESSION-a208e591aeac31e9 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:b5d485827129:dns:172-234-197-23.ip.linodeusercontent.com	flow:b5d485827129 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8070c9158a1a853:host:172.234.197.23	SESSION-e8070c9158a1a853 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cfe71d52ef2e928b:flow:d224f76574e0	SESSION-cfe71d52ef2e928b → flow:d224f76574e0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-228e058fc2527275:PCAP:capture_20260430060001:919b39a74464	SESSION-228e058fc2527275 → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a1d147c13acfa404:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-a1d147c13acfa404 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-caaa6bcaac59e7b9:host:172.234.197.23	SESSION-caaa6bcaac59e7b9 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.201:geo_-23.62930_-46.63510	host:131.196.28.201 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:26582ff86251	flow:26582ff86251 → host:177.10.232.63 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.59:geo_-16.28860_-49.01640	host:177.10.234.59 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-992ac29a78433ae4:host:177.10.235.56	SESSION-992ac29a78433ae4 → host:177.10.235.56
FLOW_DST_PORTOBS	e:fp:flow:fc88b4593c6e:port:tcp:9607	flow:fc88b4593c6e → port:tcp:9607
FLOW_DST_PORTOBS	e:fp:flow:c46fe74e3b56:port:tcp:443	flow:c46fe74e3b56 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7cf4eefda54138cc:host:131.196.30.36	SESSION-7cf4eefda54138cc → host:131.196.30.36
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e859a84eb4eaf300:SESSION-e859a84eb4eaf300	SESSION-e859a84eb4eaf300 → pe:syn:SESSION-e859a84eb4eaf300
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-14a32c9f71c15657:PCAP:capture_20260430060001:919b39a74464	SESSION-14a32c9f71c15657 → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.166:asn:262880	host:177.10.237.166 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b10aefef2d5c06b7:SESSION-b10aefef2d5c06b7	SESSION-b10aefef2d5c06b7 → pe:tls:SESSION-b10aefef2d5c06b7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-314a3839bafadb97:host:177.10.237.157	SESSION-314a3839bafadb97 → host:177.10.237.157
FLOW_TO_HOSTOBS	e:to:SESSION-674d0a1b38b3c135:host:45.173.156.44	SESSION-674d0a1b38b3c135 → host:45.173.156.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-36db005d6a8b5922:SESSION-36db005d6a8b5922	SESSION-36db005d6a8b5922 → pe:tls:SESSION-36db005d6a8b5922
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b670e7c5e0a8e3a1:host:172.234.197.23	SESSION-b670e7c5e0a8e3a1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-dbacd0066146a93a:host:45.173.156.204	SESSION-dbacd0066146a93a → host:45.173.156.204
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-05a7cad64bbe69e6:host:45.173.156.72	SESSION-05a7cad64bbe69e6 → host:45.173.156.72
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f2f14bb2a06741aa:host:172.234.197.23:host:177.10.239.135	SESSION-f2f14bb2a06741aa → host:172.234.197.23 → host:177.10.239.135
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.187:geo_-16.28860_-49.01640	host:177.10.239.187 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.48:asn:262880	host:177.10.238.48 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-350febc37b3f152d:host:131.196.28.1	SESSION-350febc37b3f152d → host:131.196.28.1
FLOW_TO_HOSTOBS	e:to:SESSION-73bdc276c5a845ed:host:172.234.197.23	SESSION-73bdc276c5a845ed → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85c181ffe8433ff0:host:177.10.237.15	SESSION-85c181ffe8433ff0 → host:177.10.237.15
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b50835be4d5bba16:host:177.10.237.145	SESSION-b50835be4d5bba16 → host:177.10.237.145
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.157:geo_-23.62930_-46.63510	host:131.196.28.157 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21ced843a950a21a:host:172.234.197.23	SESSION-21ced843a950a21a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c67539e40b0db6c0:PCAP:capture_20260430150001:ded20914761d	SESSION-c67539e40b0db6c0 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-59417938792198bf:flow:45449e47259e	SESSION-59417938792198bf → flow:45449e47259e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9ed5696d63c7b154:SESSION-9ed5696d63c7b154	SESSION-9ed5696d63c7b154 → pe:tls:SESSION-9ed5696d63c7b154
flow_observed4-aryOBS	e:fo:flow:0d2adbd91043	flow:0d2adbd91043 → host:172.234.197.23 → host:131.196.31.182 → port:tcp:56933
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a5106b190666c06c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a5106b190666c06c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:c3e3260e9cc0	flow:c3e3260e9cc0 → host:172.234.197.23 → host:131.196.28.198 → port:tcp:22787
FLOW_TO_HOSTOBS	e:to:SESSION-afd30c72829a35a2:host:172.234.197.23	SESSION-afd30c72829a35a2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4fd8baa1ce1b	flow:4fd8baa1ce1b → host:177.10.233.196 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-4337995d605bd9f8:host:172.234.197.23	SESSION-4337995d605bd9f8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fc18a12b15fb2c84:host:177.10.233.80:host:172.234.197.23	SESSION-fc18a12b15fb2c84 → host:177.10.233.80 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ced37932852de9e5:host:172.234.197.23	SESSION-ced37932852de9e5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-140cb8b81d438202:host:172.234.197.23	SESSION-140cb8b81d438202 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a9ef69b0237c	flow:a9ef69b0237c → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
FLOW_TO_HOSTOBS	e:to:SESSION-02999fe2096ad39b:host:172.234.197.23	SESSION-02999fe2096ad39b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1532b7922e59746:host:172.234.197.23:host:131.196.29.241	SESSION-d1532b7922e59746 → host:172.234.197.23 → host:131.196.29.241
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3afd88a73e32b466:flow:a62ba4cb8390	SESSION-3afd88a73e32b466 → flow:a62ba4cb8390
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-493920f19ab5585b:SESSION-493920f19ab5585b	SESSION-493920f19ab5585b → pe:syn:SESSION-493920f19ab5585b
FLOW_TO_HOSTOBS	e:to:SESSION-548dd69287ac8927:host:172.234.197.23	SESSION-548dd69287ac8927 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9ea1c5ffb1e1:port:tcp:443	flow:9ea1c5ffb1e1 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.124:asn:262880	host:177.10.232.124 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1cbcb5d52df9d7c9:SESSION-1cbcb5d52df9d7c9	SESSION-1cbcb5d52df9d7c9 → pe:tls:SESSION-1cbcb5d52df9d7c9
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.108:asn:262880	host:177.10.239.108 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-13906a0b4b02de94:host:172.234.197.23	SESSION-13906a0b4b02de94 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:87e702e14634	flow:87e702e14634 → host:131.196.31.193 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e4f9227bbb6fbbfc:flow:e81084c1c2c5	SESSION-e4f9227bbb6fbbfc → flow:e81084c1c2c5
FLOW_DST_PORTOBS	e:fp:flow:db8ab9c841e9:port:tcp:34806	flow:db8ab9c841e9 → port:tcp:34806
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79b864f146b8f07b:host:172.234.197.23	SESSION-79b864f146b8f07b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-589f676f16819868:flow:4554b28ee50c	SESSION-589f676f16819868 → flow:4554b28ee50c
flow_observed4-aryOBS	e:fo:flow:001b9cdbdba1	flow:001b9cdbdba1 → host:172.234.197.23 → host:131.196.29.224 → port:tcp:43214
FLOW_TO_HOSTOBS	e:to:SESSION-c67539e40b0db6c0:host:172.234.197.23	SESSION-c67539e40b0db6c0 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b2a447e74eac	flow:b2a447e74eac → host:172.234.197.23 → host:177.10.238.10 → port:tcp:12339
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1c21073699e99172:SESSION-1c21073699e99172	SESSION-1c21073699e99172 → pe:syn:SESSION-1c21073699e99172
FLOW_TO_HOSTOBS	e:to:SESSION-95b6b17f9a1b89d0:host:172.234.197.23	SESSION-95b6b17f9a1b89d0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:070f0d42d41e:port:tcp:45298	flow:070f0d42d41e → port:tcp:45298
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e0284f837155748:flow:00e9278de537	SESSION-7e0284f837155748 → flow:00e9278de537
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77755e4fda54087c:SESSION-77755e4fda54087c	SESSION-77755e4fda54087c → pe:syn:SESSION-77755e4fda54087c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8cf04cf372371106:flow:24d162cf87c1	SESSION-8cf04cf372371106 → flow:24d162cf87c1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.74:geo_-16.28860_-49.01640	host:177.10.235.74 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.235:asn:262880	host:177.10.234.235 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bc57d45d1a1b2f7b:flow:ea0185f782a2	SESSION-bc57d45d1a1b2f7b → flow:ea0185f782a2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e3089f893be8ea87:flow:c427fb98e016	SESSION-e3089f893be8ea87 → flow:c427fb98e016
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-38f74251dfc6c10a:host:103.155.16.117:host:172.234.197.23	SESSION-38f74251dfc6c10a → host:103.155.16.117 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d5ac91adedbe1ec7:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d5ac91adedbe1ec7 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92cb25b3a2aea70a:host:177.10.237.249	SESSION-92cb25b3a2aea70a → host:177.10.237.249
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f49d888fd824b97a:flow:47787a78b223	SESSION-f49d888fd824b97a → flow:47787a78b223
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-136356e88c69bcaa:SESSION-136356e88c69bcaa	SESSION-136356e88c69bcaa → pe:syn:SESSION-136356e88c69bcaa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1eb19142561b47ba:host:172.234.197.23	SESSION-1eb19142561b47ba → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7926734d1890078a:SESSION-7926734d1890078a	SESSION-7926734d1890078a → pe:syn:SESSION-7926734d1890078a
flow_observed4-aryOBS	e:fo:flow:978dc8ba0399	flow:978dc8ba0399 → host:172.234.197.23 → host:177.10.235.193 → port:tcp:43136
HOST_IN_ASNOBS 85%	e:ha:host:56.155.73.64:asn:16509	host:56.155.73.64 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c85a65cf2db0ee65:host:177.10.233.52	SESSION-c85a65cf2db0ee65 → host:177.10.233.52
FLOW_FROM_HOSTOBS	e:from:SESSION-35dc83e37639d031:host:131.196.29.116	SESSION-35dc83e37639d031 → host:131.196.29.116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-04ab6357fe1e6c0a:host:172.234.197.23	SESSION-04ab6357fe1e6c0a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:28d075338728:port:tcp:443	flow:28d075338728 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:90f6045852d1:port:tcp:27577	flow:90f6045852d1 → port:tcp:27577
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6054bbc1a24cbf34:host:131.196.29.164	SESSION-6054bbc1a24cbf34 → host:131.196.29.164
FLOW_FROM_HOSTOBS	e:from:SESSION-51c60ff5c6e820bd:host:172.234.197.23	SESSION-51c60ff5c6e820bd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-baf4494100018e3a:host:131.196.30.8	SESSION-baf4494100018e3a → host:131.196.30.8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-58209016b963372b:SESSION-58209016b963372b	SESSION-58209016b963372b → pe:syn:SESSION-58209016b963372b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f70c7a73cedaabc:host:172.234.197.23	SESSION-5f70c7a73cedaabc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-efb89dcd313d4029:host:131.196.29.43	SESSION-efb89dcd313d4029 → host:131.196.29.43
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-16f8bda1e1d11332:host:177.10.239.220:host:172.234.197.23	SESSION-16f8bda1e1d11332 → host:177.10.239.220 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c1343c478a41:port:tcp:443	flow:c1343c478a41 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:c4028c7b5ec7	flow:c4028c7b5ec7 → host:45.173.156.172 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e034fcb399102895:SESSION-e034fcb399102895	SESSION-e034fcb399102895 → pe:syn:SESSION-e034fcb399102895
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f53fdd8a51294c3d:SESSION-f53fdd8a51294c3d	SESSION-f53fdd8a51294c3d → pe:tls:SESSION-f53fdd8a51294c3d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4d1c4ac80a0d275:host:131.196.30.98:host:172.234.197.23	SESSION-c4d1c4ac80a0d275 → host:131.196.30.98 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a24a5811642df328:host:177.10.232.178	SESSION-a24a5811642df328 → host:177.10.232.178
FLOW_DST_PORTOBS	e:fp:flow:5c121a47df86:port:tcp:8165	flow:5c121a47df86 → port:tcp:8165
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e998b802e74a3139:PCAP:capture_20260430070001:903a0e7a436b	SESSION-e998b802e74a3139 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6dadefe349dd79f6:SESSION-6dadefe349dd79f6	SESSION-6dadefe349dd79f6 → pe:syn:SESSION-6dadefe349dd79f6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1a75f9666a4fd8c5:SESSION-1a75f9666a4fd8c5	SESSION-1a75f9666a4fd8c5 → pe:syn:SESSION-1a75f9666a4fd8c5
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.22:asn:271410	host:131.196.28.22 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.48:asn:271410	host:131.196.28.48 → asn:271410
flow_observed5-aryOBS	e:fo:flow:d36dc6d7eb80	flow:d36dc6d7eb80 → host:131.196.28.25 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:80206823d24b	flow:80206823d24b → host:172.234.197.23 → host:177.10.239.146 → port:tcp:51617
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-803381ec4a55866c:host:172.234.197.23:host:177.10.238.152	SESSION-803381ec4a55866c → host:172.234.197.23 → host:177.10.238.152
flow_observed5-aryOBS	e:fo:flow:f6be814c9910	flow:f6be814c9910 → host:177.10.232.107 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-164cf6eccbbca478:PCAP:capture_20260430090001:065659c7d314	SESSION-164cf6eccbbca478 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:5b3217c4696e	flow:5b3217c4696e → host:177.10.239.182 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f307fcf20a41b5a0:PCAP:capture_20260430060001:919b39a74464	SESSION-f307fcf20a41b5a0 → PCAP:capture_20260430060001:919b39a74464
FLOW_TLS_SNIOBS	e:fs:flow:a8db861f9cc7:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:a8db861f9cc7 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-862fcc949d847857:host:177.10.237.158	SESSION-862fcc949d847857 → host:177.10.237.158
FLOW_DST_PORTOBS	e:fp:flow:5b3217c4696e:port:tcp:443	flow:5b3217c4696e → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8d12ffa49d0d3231:host:131.196.30.255:host:172.234.197.23	SESSION-8d12ffa49d0d3231 → host:131.196.30.255 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-854a13cbd553e198:SESSION-854a13cbd553e198	SESSION-854a13cbd553e198 → pe:tls:SESSION-854a13cbd553e198
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7ab52a513e5ed877:SESSION-7ab52a513e5ed877	SESSION-7ab52a513e5ed877 → pe:syn:SESSION-7ab52a513e5ed877
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e7341740ccb6f292:SESSION-e7341740ccb6f292	SESSION-e7341740ccb6f292 → pe:tls:SESSION-e7341740ccb6f292
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.75:geo_-23.62930_-46.63510	host:131.196.31.75 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fec8e81be891b7cc:PCAP:capture_20260430090001:065659c7d314	SESSION-fec8e81be891b7cc → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:ae5a5bc5d983	flow:ae5a5bc5d983 → host:177.10.237.15 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-c47e89745eb205fd:host:177.10.238.254	SESSION-c47e89745eb205fd → host:177.10.238.254
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ef914cd10270daad:host:172.234.197.23:host:177.10.239.199	SESSION-ef914cd10270daad → host:172.234.197.23 → host:177.10.239.199
FLOW_FROM_HOSTOBS	e:from:SESSION-32551388ee5c6c20:host:177.10.238.195	SESSION-32551388ee5c6c20 → host:177.10.238.195
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da14485ca0be7376:host:172.234.197.23	SESSION-da14485ca0be7376 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d4d0ab62891a0a5c:host:172.234.197.23	SESSION-d4d0ab62891a0a5c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d0835843463ad3c8:flow:549ca914ae37	SESSION-d0835843463ad3c8 → flow:549ca914ae37
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-41d09b35a7c7bf56:host:172.234.197.23:host:177.10.236.91	SESSION-41d09b35a7c7bf56 → host:172.234.197.23 → host:177.10.236.91
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dde31743640b587a:PCAP:capture_20260430090001:065659c7d314	SESSION-dde31743640b587a → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-8431b5fa38a73955:host:103.155.16.117	SESSION-8431b5fa38a73955 → host:103.155.16.117
FLOW_DST_PORTOBS	e:fp:flow:107962b6041b:port:tcp:443	flow:107962b6041b → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-78c74ad080075522:host:31.40.196.247:host:172.234.197.23	SESSION-78c74ad080075522 → host:31.40.196.247 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-41172116812e3a49:flow:3c848c17c142	SESSION-41172116812e3a49 → flow:3c848c17c142
FLOW_FROM_HOSTOBS	e:from:SESSION-1984f51487784d02:host:172.234.197.23	SESSION-1984f51487784d02 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:cdf5f2e2e9eb	flow:cdf5f2e2e9eb → host:45.173.156.90 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5fe8ac015ba2db65:SESSION-5fe8ac015ba2db65	SESSION-5fe8ac015ba2db65 → pe:syn:SESSION-5fe8ac015ba2db65
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d508940aefc84528:host:177.10.235.201	SESSION-d508940aefc84528 → host:177.10.235.201
FLOW_DST_PORTOBS	e:fp:flow:b6a0ced2143f:port:tcp:443	flow:b6a0ced2143f → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:89e22f178cd9	flow:89e22f178cd9 → host:131.196.29.248 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e991004bd02372d1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e991004bd02372d1 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-49828b0c1667648d:SESSION-49828b0c1667648d	SESSION-49828b0c1667648d → pe:tls:SESSION-49828b0c1667648d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2daf8cded5fb19ed:host:172.234.197.23	SESSION-2daf8cded5fb19ed → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-21a6fb1ae6879e55:BSG-BEACON-137dcd60b691	SESSION-21a6fb1ae6879e55 → BSG-BEACON-137dcd60b691
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.6:geo_-16.28860_-49.01640	host:177.10.234.6 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-949f3e8f4d37c52a:host:177.10.239.3	SESSION-949f3e8f4d37c52a → host:177.10.239.3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7963f405207d2813:host:172.234.197.23	SESSION-7963f405207d2813 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c7bf6a31f6e2d56:host:2.57.122.194	SESSION-5c7bf6a31f6e2d56 → host:2.57.122.194
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b93959f6df3f665b:host:172.234.197.23:host:177.10.234.215	SESSION-b93959f6df3f665b → host:172.234.197.23 → host:177.10.234.215
FLOW_TO_HOSTOBS	e:to:SESSION-57ceaaaea8de5082:host:172.234.197.23	SESSION-57ceaaaea8de5082 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e708abec206b:port:tcp:80	flow:e708abec206b → port:tcp:80
FLOW_TO_HOSTOBS	e:to:SESSION-1ddd0457559a3680:host:172.234.197.23	SESSION-1ddd0457559a3680 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7f9cc68ffb76114:SESSION-b7f9cc68ffb76114	SESSION-b7f9cc68ffb76114 → pe:syn:SESSION-b7f9cc68ffb76114
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a074f157090defb0:flow:38033b53ed44	SESSION-a074f157090defb0 → flow:38033b53ed44
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fe3fb5807179bb52:PCAP:capture_20260430160001:9bfa4498506a	SESSION-fe3fb5807179bb52 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-63be833bbb100650:PCAP:capture_20260430160001:9bfa4498506a	SESSION-63be833bbb100650 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:24c15ddb7f04	flow:24c15ddb7f04 → host:177.10.239.186 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-03bb88743ccc2c68:flow:1f0cbb1c4183	SESSION-03bb88743ccc2c68 → flow:1f0cbb1c4183
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8d9cfeb1a925e0c3:PCAP:capture_20260430060001:919b39a74464	SESSION-8d9cfeb1a925e0c3 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f1b581ea0c38fa14:SESSION-f1b581ea0c38fa14	SESSION-f1b581ea0c38fa14 → pe:tls:SESSION-f1b581ea0c38fa14
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2db29654b7388c8c:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2db29654b7388c8c → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.27:asn:271410	host:131.196.28.27 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f7d282d56df8eba3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f7d282d56df8eba3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-51e02a163c57adb5:SESSION-51e02a163c57adb5	SESSION-51e02a163c57adb5 → pe:tls:SESSION-51e02a163c57adb5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e26c1de83807ce87:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e26c1de83807ce87 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-169e7d2007075619:host:54.149.68.137:host:172.234.197.23	SESSION-169e7d2007075619 → host:54.149.68.137 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3956b259f30f	flow:3956b259f30f → host:177.10.238.60 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7f859cb03c026fc:host:177.10.236.43	SESSION-a7f859cb03c026fc → host:177.10.236.43
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-25a3718851106c53:host:131.196.29.126	SESSION-25a3718851106c53 → host:131.196.29.126
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3676532bb2f3ac59:SESSION-3676532bb2f3ac59	SESSION-3676532bb2f3ac59 → pe:tls:SESSION-3676532bb2f3ac59
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.210:asn:262880	host:177.10.238.210 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2e3f5af343ed075a:host:131.196.31.193:host:172.234.197.23	SESSION-2e3f5af343ed075a → host:131.196.31.193 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-67e4e454d5bff348:host:172.234.197.23:host:131.196.28.35	SESSION-67e4e454d5bff348 → host:172.234.197.23 → host:131.196.28.35
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a759d297db5368da:flow:e0b427fe2d6e	SESSION-a759d297db5368da → flow:e0b427fe2d6e
FLOW_FROM_HOSTOBS	e:from:SESSION-3685b3a1e6c25f1a:host:185.231.226.68	SESSION-3685b3a1e6c25f1a → host:185.231.226.68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85483e16d9e2576e:host:172.234.197.23	SESSION-85483e16d9e2576e → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:84cd0bc1a12e	flow:84cd0bc1a12e → host:16.112.8.242 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.112:asn:262880	host:177.10.236.112 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-738e0b0c3dd2dd03:host:177.10.234.243	SESSION-738e0b0c3dd2dd03 → host:177.10.234.243
FLOW_TO_HOSTOBS	e:to:SESSION-76cae08532c4b8eb:host:172.234.197.23	SESSION-76cae08532c4b8eb → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.113:asn:203771	host:185.231.226.113 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7c96791011a0f6f2:SESSION-7c96791011a0f6f2	SESSION-7c96791011a0f6f2 → pe:tls:SESSION-7c96791011a0f6f2
FLOW_FROM_HOSTOBS	e:from:SESSION-1739bca4a014ab7e:host:80.94.92.182	SESSION-1739bca4a014ab7e → host:80.94.92.182
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ce76aef4cf62c0f:host:177.10.238.16	SESSION-9ce76aef4cf62c0f → host:177.10.238.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-373bf424772e8fef:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-373bf424772e8fef → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d9537ea92aed5d6:host:177.10.237.84	SESSION-7d9537ea92aed5d6 → host:177.10.237.84
FLOW_TO_HOSTOBS	e:to:SESSION-81679789c998e700:host:172.234.197.23	SESSION-81679789c998e700 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e217016f21152908:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e217016f21152908 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-7ac71f2f2355e0bb:host:172.234.197.23	SESSION-7ac71f2f2355e0bb → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fd2a5925828b8076:host:177.10.235.218:host:172.234.197.23	SESSION-fd2a5925828b8076 → host:177.10.235.218 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4b8f135d82b00569:SESSION-4b8f135d82b00569	SESSION-4b8f135d82b00569 → pe:tls:SESSION-4b8f135d82b00569
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-26a93711200ab02b:host:172.234.197.23:host:177.10.236.43	SESSION-26a93711200ab02b → host:172.234.197.23 → host:177.10.236.43
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1684e8254d6d3165:host:177.10.233.54	SESSION-1684e8254d6d3165 → host:177.10.233.54
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6fda720fc6282204:host:177.10.238.60:host:172.234.197.23	SESSION-6fda720fc6282204 → host:177.10.238.60 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:890afc9fdb82:port:tcp:443	flow:890afc9fdb82 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2eec6fd9620a1613:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2eec6fd9620a1613 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:4fdc0949fed1:port:tcp:443	flow:4fdc0949fed1 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:7a28d0814faa:port:tcp:443	flow:7a28d0814faa → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ae580f5c3468d66:host:172.234.197.23	SESSION-8ae580f5c3468d66 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.255:geo_-16.28860_-49.01640	host:177.10.232.255 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ab61e60544120f5:host:172.234.197.23	SESSION-8ab61e60544120f5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0f8a559c2faf4a64:host:177.10.234.48	SESSION-0f8a559c2faf4a64 → host:177.10.234.48
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-78c74ad080075522:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-78c74ad080075522 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8fbacc1128a5208:SESSION-c8fbacc1128a5208	SESSION-c8fbacc1128a5208 → pe:tls:SESSION-c8fbacc1128a5208
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cfdf430166eb3e5d:flow:8350e26d0af7	SESSION-cfdf430166eb3e5d → flow:8350e26d0af7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96c13a83414ab25f:host:172.234.197.23	SESSION-96c13a83414ab25f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad62b54803b59875:host:172.234.197.23	SESSION-ad62b54803b59875 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.152:asn:262880	host:177.10.238.152 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:db1b5ef81e78:port:tcp:443	flow:db1b5ef81e78 → port:tcp:443
FLOW_QUERIED_DNSOBS	e:fd:flow:cd08e0bdcb8b:dns:172-234-197-23.ip.linodeusercontent.com	flow:cd08e0bdcb8b → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f21759fa00584782:flow:411cb313d178	SESSION-f21759fa00584782 → flow:411cb313d178
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-030a81db4532bd3a:host:172.234.197.23	SESSION-030a81db4532bd3a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-27c94fb85f37f774:flow:14e7347487d9	SESSION-27c94fb85f37f774 → flow:14e7347487d9
FLOW_FROM_HOSTOBS	e:from:SESSION-c54c8f2f9fead0c6:host:172.234.197.23	SESSION-c54c8f2f9fead0c6 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.138:asn:262880	host:177.10.239.138 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-b5bec9c6872f5835:host:45.173.156.117	SESSION-b5bec9c6872f5835 → host:45.173.156.117
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7752628607af1d9e:PCAP:capture_20260430070001:903a0e7a436b	SESSION-7752628607af1d9e → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d9ca387fd672ab7a:SESSION-d9ca387fd672ab7a	SESSION-d9ca387fd672ab7a → pe:syn:SESSION-d9ca387fd672ab7a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b654d700a53d4a94:flow:1f5cd8297e8c	SESSION-b654d700a53d4a94 → flow:1f5cd8297e8c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-73f1c8de70c12118:host:177.10.238.76:host:172.234.197.23	SESSION-73f1c8de70c12118 → host:177.10.238.76 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b6ebe77d02701b58:SESSION-b6ebe77d02701b58	SESSION-b6ebe77d02701b58 → pe:syn:SESSION-b6ebe77d02701b58
FLOW_TO_HOSTOBS	e:to:SESSION-921caeacc0f03622:host:172.234.197.23	SESSION-921caeacc0f03622 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fb20cb96e066d018:PCAP:capture_20260430060001:919b39a74464	SESSION-fb20cb96e066d018 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-ae94ea8b15b44736:host:172.234.197.23	SESSION-ae94ea8b15b44736 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d3bce88fd7b7:port:tcp:80	flow:d3bce88fd7b7 → port:tcp:80
flow_observed5-aryOBS	e:fo:flow:4288b0386576	flow:4288b0386576 → host:177.10.234.243 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.74:geo_-16.28860_-49.01640	host:177.10.237.74 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.203:asn:262880	host:177.10.236.203 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fd0571d5316a48e1:SESSION-fd0571d5316a48e1	SESSION-fd0571d5316a48e1 → pe:tls:SESSION-fd0571d5316a48e1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-41957bf4b3a50ded:flow:6388ff3a9a78	SESSION-41957bf4b3a50ded → flow:6388ff3a9a78
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.10:geo_-16.28860_-49.01640	host:177.10.238.10 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-666cc538c7e1a156:SESSION-666cc538c7e1a156	SESSION-666cc538c7e1a156 → pe:dns:SESSION-666cc538c7e1a156
FLOW_FROM_HOSTOBS	e:from:SESSION-21ced843a950a21a:host:172.234.197.23	SESSION-21ced843a950a21a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.159:geo_-23.62930_-46.63510	host:131.196.31.159 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-144e16262f6e2a62:SESSION-144e16262f6e2a62	SESSION-144e16262f6e2a62 → pe:syn:SESSION-144e16262f6e2a62
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f42753b09b481d7e:host:131.196.29.215	SESSION-f42753b09b481d7e → host:131.196.29.215
flow_observed5-aryOBS	e:fo:flow:519dfe2ba798	flow:519dfe2ba798 → host:177.10.232.138 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9b13ac4e6d83a5e:host:172.234.197.23	SESSION-d9b13ac4e6d83a5e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-8de6c1be9d0210fa:SESSION-8de6c1be9d0210fa	SESSION-8de6c1be9d0210fa → pe:rst:SESSION-8de6c1be9d0210fa
FLOW_TO_HOSTOBS	e:to:SESSION-68a3da1f806283eb:host:131.196.29.67	SESSION-68a3da1f806283eb → host:131.196.29.67
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c84656a173f6275:host:172.234.197.23	SESSION-9c84656a173f6275 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-803b2289978a359c:flow:ef2f10ea72bc	SESSION-803b2289978a359c → flow:ef2f10ea72bc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-305a85099066f209:SESSION-305a85099066f209	SESSION-305a85099066f209 → pe:tls:SESSION-305a85099066f209
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-51de65c9ef505a13:SESSION-51de65c9ef505a13	SESSION-51de65c9ef505a13 → pe:syn:SESSION-51de65c9ef505a13
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d30bf1800064cde2:SESSION-d30bf1800064cde2	SESSION-d30bf1800064cde2 → pe:syn:SESSION-d30bf1800064cde2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d53928eb39cd6093:SESSION-d53928eb39cd6093	SESSION-d53928eb39cd6093 → pe:syn:SESSION-d53928eb39cd6093
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e2b4854b4491f9b7:SESSION-e2b4854b4491f9b7	SESSION-e2b4854b4491f9b7 → pe:tls:SESSION-e2b4854b4491f9b7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-abff9bfe6a29f0b5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-abff9bfe6a29f0b5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-1a136c944084425c:host:172.234.197.23	SESSION-1a136c944084425c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d0a2ec1133f1da31:flow:b5a1cccd350c	SESSION-d0a2ec1133f1da31 → flow:b5a1cccd350c
flow_observed5-aryOBS	e:fo:flow:b4cc404c4942	flow:b4cc404c4942 → host:45.173.156.32 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-043f15d6badfcd64:host:172.234.197.23	SESSION-043f15d6badfcd64 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7c9cadb68fe1ad17:host:172.234.197.23	SESSION-7c9cadb68fe1ad17 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-686bda995aabc86f:host:172.234.197.23:host:177.10.234.208	SESSION-686bda995aabc86f → host:172.234.197.23 → host:177.10.234.208
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eaa23bb51e1c2dee:flow:3d8c4a263311	SESSION-eaa23bb51e1c2dee → flow:3d8c4a263311
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b05aeaff4a071503:host:131.196.28.71	SESSION-b05aeaff4a071503 → host:131.196.28.71
flow_observed4-aryOBS	e:fo:flow:16c7a0cad34a	flow:16c7a0cad34a → host:172.234.197.23 → host:131.196.29.201 → port:tcp:25199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd3259577d52904f:host:172.234.197.23	SESSION-bd3259577d52904f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-692dce6abc85c058:SESSION-692dce6abc85c058	SESSION-692dce6abc85c058 → pe:tls:SESSION-692dce6abc85c058
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4c1ac661b3c1fca0:PCAP:capture_20260430060001:919b39a74464	SESSION-4c1ac661b3c1fca0 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d87ad0ffb58b923c:SESSION-d87ad0ffb58b923c	SESSION-d87ad0ffb58b923c → pe:syn:SESSION-d87ad0ffb58b923c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1a8968fd2a11ede8:SESSION-1a8968fd2a11ede8	SESSION-1a8968fd2a11ede8 → pe:tls:SESSION-1a8968fd2a11ede8
FLOW_DST_PORTOBS	e:fp:flow:e847f09a3e98:port:tcp:443	flow:e847f09a3e98 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f750867699c9a944:flow:62b791bbed2d	SESSION-f750867699c9a944 → flow:62b791bbed2d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1a9948d7535bcfa1:PCAP:capture_20260430150001:ded20914761d	SESSION-1a9948d7535bcfa1 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0957d40de01926ae:flow:e94650369669	SESSION-0957d40de01926ae → flow:e94650369669
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68c9571f275cd182:host:177.10.239.79:host:172.234.197.23	SESSION-68c9571f275cd182 → host:177.10.239.79 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81de972e9a362700:host:172.234.197.23	SESSION-81de972e9a362700 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08ccad07eda14042:host:177.10.232.192	SESSION-08ccad07eda14042 → host:177.10.232.192
FLOW_DST_PORTOBS	e:fp:flow:75b58e38903e:port:tcp:443	flow:75b58e38903e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-04af603e6c9a6691:host:172.234.197.23	SESSION-04af603e6c9a6691 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-04a75396d111d878:SESSION-04a75396d111d878	SESSION-04a75396d111d878 → pe:syn:SESSION-04a75396d111d878
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5bba4e0174a1f95d:host:172.234.197.23	SESSION-5bba4e0174a1f95d → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d65e2ae92c41	flow:d65e2ae92c41 → host:172.234.197.23 → host:45.173.156.26 → port:tcp:30932
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9b5948254caf12dd:PCAP:capture_20260430060001:919b39a74464	SESSION-9b5948254caf12dd → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-d8900744845bb6f3:host:172.234.197.23	SESSION-d8900744845bb6f3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9af6eb1ce6cb824f:host:172.234.197.23	SESSION-9af6eb1ce6cb824f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a304c3ca72ee3e7:host:172.234.197.23	SESSION-6a304c3ca72ee3e7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-666cc538c7e1a156:host:172.234.197.23:host:172.232.0.17	SESSION-666cc538c7e1a156 → host:172.234.197.23 → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-25d670562ff80de0:SESSION-25d670562ff80de0	SESSION-25d670562ff80de0 → pe:tls:SESSION-25d670562ff80de0
flow_observed4-aryOBS	e:fo:flow:997ec73c2b83	flow:997ec73c2b83 → host:172.234.197.23 → host:177.10.235.218 → port:tcp:8152
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad31d7217a236b09:host:172.234.197.23	SESSION-ad31d7217a236b09 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-578d76d32a2c1b81:flow:9d3b08953582	SESSION-578d76d32a2c1b81 → flow:9d3b08953582
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85714bf39e95506c:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-85714bf39e95506c → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a6ca8d988675ead3:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-a6ca8d988675ead3 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.31:geo_-16.28860_-49.01640	host:177.10.236.31 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a6b762e1d0d174fb:SESSION-a6b762e1d0d174fb	SESSION-a6b762e1d0d174fb → pe:tls:SESSION-a6b762e1d0d174fb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bee309b4d5047c7d:host:131.196.29.103:host:172.234.197.23	SESSION-bee309b4d5047c7d → host:131.196.29.103 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.66:geo_-16.28860_-49.01640	host:177.10.233.66 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cd0176ca8d9bf386:SESSION-cd0176ca8d9bf386	SESSION-cd0176ca8d9bf386 → pe:syn:SESSION-cd0176ca8d9bf386
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.80:asn:271410	host:131.196.28.80 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-87bc9df611d2f97d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-87bc9df611d2f97d → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:805dc51bcb4f	flow:805dc51bcb4f → host:131.196.28.22 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:62b594a026ee	flow:62b594a026ee → host:172.234.197.23 → host:131.196.29.74 → port:tcp:57436
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-687dc6215da3af8c:host:177.10.233.167:host:172.234.197.23	SESSION-687dc6215da3af8c → host:177.10.233.167 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-367c844590f11a50:host:172.234.197.23:host:131.196.28.38	SESSION-367c844590f11a50 → host:172.234.197.23 → host:131.196.28.38
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f55570dc615df23a:host:172.234.197.23:host:177.10.235.190	SESSION-f55570dc615df23a → host:172.234.197.23 → host:177.10.235.190
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.119:asn:262880	host:177.10.234.119 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-e8a6e8a4db8ac534:host:172.234.197.23	SESSION-e8a6e8a4db8ac534 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-68f16c2935c85e73:SESSION-68f16c2935c85e73	SESSION-68f16c2935c85e73 → pe:tls:SESSION-68f16c2935c85e73
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-37dea09d598a2ad1:SESSION-37dea09d598a2ad1	SESSION-37dea09d598a2ad1 → pe:syn:SESSION-37dea09d598a2ad1
FLOW_DST_PORTOBS	e:fp:flow:afc55ad73faf:port:tcp:443	flow:afc55ad73faf → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56d3faf83e1ced7d:host:163.192.126.71	SESSION-56d3faf83e1ced7d → host:163.192.126.71
flow_observed4-aryOBS	e:fo:flow:0d294bd2ee74	flow:0d294bd2ee74 → host:172.234.197.23 → host:131.196.30.145 → port:tcp:30980
flow_observed5-aryOBS	e:fo:flow:4bc72c3e6d72	flow:4bc72c3e6d72 → host:177.10.232.115 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ee6825b3a9be6d1:host:172.234.197.23	SESSION-6ee6825b3a9be6d1 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.190:asn:271410	host:131.196.28.190 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e4d63ce34019de3:host:172.234.197.23	SESSION-4e4d63ce34019de3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-abff9bfe6a29f0b5:host:172.234.197.23	SESSION-abff9bfe6a29f0b5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f9a24e91c66cf817:host:177.10.236.218:host:172.234.197.23	SESSION-f9a24e91c66cf817 → host:177.10.236.218 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dae67c02b176a3ce:SESSION-dae67c02b176a3ce	SESSION-dae67c02b176a3ce → pe:syn:SESSION-dae67c02b176a3ce
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29ee7b0c08ea02ad:host:172.234.197.23	SESSION-29ee7b0c08ea02ad → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-621f42bc5edaa56f:flow:7047b0effd77	SESSION-621f42bc5edaa56f → flow:7047b0effd77
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5f147f2227c6d965:host:172.234.197.23:host:131.196.30.255	SESSION-5f147f2227c6d965 → host:172.234.197.23 → host:131.196.30.255
FLOW_TO_HOSTOBS	e:to:SESSION-70e7a4a5208b1da3:host:172.234.197.23	SESSION-70e7a4a5208b1da3 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:3aa20074c93a	flow:3aa20074c93a → host:172.234.197.23 → host:177.10.239.98 → port:tcp:21910
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aee37cb69186d910:host:172.234.197.23:host:177.10.239.129	SESSION-aee37cb69186d910 → host:172.234.197.23 → host:177.10.239.129
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5a17077467e1bba6:SESSION-5a17077467e1bba6	SESSION-5a17077467e1bba6 → pe:tls:SESSION-5a17077467e1bba6
FLOW_DST_PORTOBS	e:fp:flow:9fb46ecf28f1:port:tcp:443	flow:9fb46ecf28f1 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ffbb13e97116fd4:SESSION-6ffbb13e97116fd4	SESSION-6ffbb13e97116fd4 → pe:syn:SESSION-6ffbb13e97116fd4
FLOW_TO_HOSTOBS	e:to:SESSION-a2000a0c75221682:host:177.10.236.117	SESSION-a2000a0c75221682 → host:177.10.236.117
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-130c48c57d6ba6f4:SESSION-130c48c57d6ba6f4	SESSION-130c48c57d6ba6f4 → pe:syn:SESSION-130c48c57d6ba6f4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f56950d8d19e118b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f56950d8d19e118b → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b10aefef2d5c06b7:flow:0d33aea872dc	SESSION-b10aefef2d5c06b7 → flow:0d33aea872dc
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-6c06bd8d9952317f:BSG-BEACON-f61798c9324d	SESSION-6c06bd8d9952317f → BSG-BEACON-f61798c9324d
FLOW_TO_HOSTOBS	e:to:SESSION-d96211015a0fddb9:host:177.10.239.88	SESSION-d96211015a0fddb9 → host:177.10.239.88
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.28:asn:262880	host:177.10.239.28 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b4e8d87fd06149df:SESSION-b4e8d87fd06149df	SESSION-b4e8d87fd06149df → pe:syn:SESSION-b4e8d87fd06149df
FLOW_FROM_HOSTOBS	e:from:SESSION-95b6b17f9a1b89d0:host:52.12.196.158	SESSION-95b6b17f9a1b89d0 → host:52.12.196.158
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d43da16ef3276f9b:SESSION-d43da16ef3276f9b	SESSION-d43da16ef3276f9b → pe:syn:SESSION-d43da16ef3276f9b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9ee22ced6a72efa:host:172.234.197.23	SESSION-f9ee22ced6a72efa → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c92acfae26c49330:flow:6746fc525fc4	SESSION-c92acfae26c49330 → flow:6746fc525fc4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c3bfd44b04badb9b:host:177.10.237.66:host:172.234.197.23	SESSION-c3bfd44b04badb9b → host:177.10.237.66 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d2f21addcb09	flow:d2f21addcb09 → host:172.234.197.23 → host:177.10.239.35 → port:tcp:21279
FLOW_DST_PORTOBS	e:fp:flow:390f5665cae1:port:tcp:443	flow:390f5665cae1 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8f41d49423a0699:SESSION-c8f41d49423a0699	SESSION-c8f41d49423a0699 → pe:tls:SESSION-c8f41d49423a0699
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2625555cac004c06:SESSION-2625555cac004c06	SESSION-2625555cac004c06 → pe:tls:SESSION-2625555cac004c06
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f9c73da0e6ec113c:flow:d95fb9f2e00c	SESSION-f9c73da0e6ec113c → flow:d95fb9f2e00c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.154:geo_-16.28860_-49.01640	host:177.10.238.154 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-57be4ad64c21b6c4:host:54.186.85.102:host:172.234.197.23	SESSION-57be4ad64c21b6c4 → host:54.186.85.102 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-140a58b5ab5dfb04:SESSION-140a58b5ab5dfb04	SESSION-140a58b5ab5dfb04 → pe:syn:SESSION-140a58b5ab5dfb04
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-691bf265b7044ac7:host:172.234.197.23	SESSION-691bf265b7044ac7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-dc085f76ab1a4e2b:host:172.234.197.23	SESSION-dc085f76ab1a4e2b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f580f0e619786fa7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-f580f0e619786fa7 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cbc08c1422c92ccf:SESSION-cbc08c1422c92ccf	SESSION-cbc08c1422c92ccf → pe:syn:SESSION-cbc08c1422c92ccf
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.132:asn:271410	host:131.196.29.132 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-08b271f63f4ccc89:SESSION-08b271f63f4ccc89	SESSION-08b271f63f4ccc89 → pe:tls:SESSION-08b271f63f4ccc89
FLOW_DST_PORTOBS	e:fp:flow:beb8478974cf:port:tcp:443	flow:beb8478974cf → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d90a5aaa3545c15:host:172.234.197.23:host:131.196.28.169	SESSION-1d90a5aaa3545c15 → host:172.234.197.23 → host:131.196.28.169
flow_observed5-aryOBS	e:fo:flow:3b12551e0bf1	flow:3b12551e0bf1 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
flow_observed5-aryOBS	e:fo:flow:01b74c686b48	flow:01b74c686b48 → host:131.196.31.223 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be0f12df58cf6d46:host:131.196.28.8	SESSION-be0f12df58cf6d46 → host:131.196.28.8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be1454a9d7b7f3ce:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-be1454a9d7b7f3ce → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-eed281d532ce25c6:host:177.10.236.12	SESSION-eed281d532ce25c6 → host:177.10.236.12
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a3c1d53f1688156:host:131.196.28.44	SESSION-8a3c1d53f1688156 → host:131.196.28.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ae580f5c3468d66:SESSION-8ae580f5c3468d66	SESSION-8ae580f5c3468d66 → pe:tls:SESSION-8ae580f5c3468d66
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e77d19d6eee479c3:flow:b19a2dcabdff	SESSION-e77d19d6eee479c3 → flow:b19a2dcabdff
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0709d76f76f731c:SESSION-c0709d76f76f731c	SESSION-c0709d76f76f731c → pe:syn:SESSION-c0709d76f76f731c
flow_observed4-aryOBS	e:fo:flow:64b719335e9c	flow:64b719335e9c → host:172.234.197.23 → host:45.173.156.41 → port:tcp:59912
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b203844c0afbb25:SESSION-5b203844c0afbb25	SESSION-5b203844c0afbb25 → pe:syn:SESSION-5b203844c0afbb25
FLOW_DST_PORTOBS	e:fp:flow:2b2e4340e11b:port:tcp:49113	flow:2b2e4340e11b → port:tcp:49113
FLOW_FROM_HOSTOBS	e:from:SESSION-1ea20601fa7d993b:host:172.234.197.23	SESSION-1ea20601fa7d993b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-838eea3d6dd669fd:host:131.196.30.92	SESSION-838eea3d6dd669fd → host:131.196.30.92
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c14806e741c4fd98:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c14806e741c4fd98 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c32ee209d5d1aa5e:host:172.234.197.23	SESSION-c32ee209d5d1aa5e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5c65a4c12e9ce549:host:177.10.235.88:host:172.234.197.23	SESSION-5c65a4c12e9ce549 → host:177.10.235.88 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-92c4be10fc1322be:flow:197556b63536	SESSION-92c4be10fc1322be → flow:197556b63536
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d00f55e5db951c5:host:131.196.30.43:host:172.234.197.23	SESSION-1d00f55e5db951c5 → host:131.196.30.43 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-11c0fc2d370ea41a:SESSION-11c0fc2d370ea41a	SESSION-11c0fc2d370ea41a → pe:tls:SESSION-11c0fc2d370ea41a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1b7e5e87f526ce8d:SESSION-1b7e5e87f526ce8d	SESSION-1b7e5e87f526ce8d → pe:tls:SESSION-1b7e5e87f526ce8d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4503d5677d79139:host:177.10.237.138:host:172.234.197.23	SESSION-c4503d5677d79139 → host:177.10.237.138 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-be0f12df58cf6d46:host:131.196.28.8	SESSION-be0f12df58cf6d46 → host:131.196.28.8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-082f90538556b940:PCAP:capture_20260430150001:ded20914761d	SESSION-082f90538556b940 → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.106:geo_-16.28860_-49.01640	host:177.10.239.106 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cc804a855d1eb7c:host:172.234.197.23	SESSION-6cc804a855d1eb7c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6f61464efb17d4b1:host:172.234.197.23	SESSION-6f61464efb17d4b1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96639b4b4a33e422:host:131.196.28.56:host:172.234.197.23	SESSION-96639b4b4a33e422 → host:131.196.28.56 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5d5941c68a821530:host:172.234.197.23:host:131.196.29.140	SESSION-5d5941c68a821530 → host:172.234.197.23 → host:131.196.29.140
flow_observed4-aryOBS	e:fo:flow:c0f8ff625ff5	flow:c0f8ff625ff5 → host:172.234.197.23 → host:177.10.236.52 → port:tcp:13391
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb7dd74b64c1f7c7:host:172.234.197.23	SESSION-cb7dd74b64c1f7c7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-305a85099066f209:host:131.196.28.242	SESSION-305a85099066f209 → host:131.196.28.242
ASN_IN_ORGOBS 80%	e:ao:asn:213790:org:Limited Network LTD	asn:213790 → org:Limited Network LTD
FLOW_TO_HOSTOBS	e:to:SESSION-4363548d57b1d6df:host:131.196.31.121	SESSION-4363548d57b1d6df → host:131.196.31.121
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.136:asn:262880	host:177.10.232.136 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-2a705ce382fec48a:host:172.234.197.23	SESSION-2a705ce382fec48a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-626902abaec078eb:host:131.196.29.237	SESSION-626902abaec078eb → host:131.196.29.237
FLOW_DST_PORTOBS	e:fp:flow:b140447e670d:port:tcp:10240	flow:b140447e670d → port:tcp:10240
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.7:asn:271410	host:131.196.31.7 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ffb0d51cd8f7dd7:host:172.234.197.23	SESSION-8ffb0d51cd8f7dd7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c1429c4885068b09:SESSION-c1429c4885068b09	SESSION-c1429c4885068b09 → pe:tls:SESSION-c1429c4885068b09
FLOW_DST_PORTOBS	e:fp:flow:8e63ce94f50a:port:tcp:8696	flow:8e63ce94f50a → port:tcp:8696
FLOW_DST_PORTOBS	e:fp:flow:b48e7c10ecc7:port:tcp:443	flow:b48e7c10ecc7 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2be203d892e5c4c6:host:177.10.235.13	SESSION-2be203d892e5c4c6 → host:177.10.235.13
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ba12ba5c182aa430:SESSION-ba12ba5c182aa430	SESSION-ba12ba5c182aa430 → pe:syn:SESSION-ba12ba5c182aa430
FLOW_TO_HOSTOBS	e:to:SESSION-d446777121d9b1f8:host:177.10.239.192	SESSION-d446777121d9b1f8 → host:177.10.239.192
FLOW_TO_HOSTOBS	e:to:SESSION-4aeecdec5ead7952:host:177.10.238.37	SESSION-4aeecdec5ead7952 → host:177.10.238.37
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.142:geo_-23.62930_-46.63510	host:131.196.28.142 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.42:geo_-23.62930_-46.63510	host:131.196.31.42 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e391b214be46ad73:host:172.234.197.23	SESSION-e391b214be46ad73 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f07097ffc1d464e5:host:131.196.29.161	SESSION-f07097ffc1d464e5 → host:131.196.29.161
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-38298ff8ded7155d:flow:bc0d66ba9370	SESSION-38298ff8ded7155d → flow:bc0d66ba9370
flow_observed5-aryOBS	e:fo:flow:eb61038ce25b	flow:eb61038ce25b → host:131.196.29.168 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-4e6511da7c7cd8e1:host:131.196.30.138	SESSION-4e6511da7c7cd8e1 → host:131.196.30.138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-71cb82af8f37b35d:host:172.234.197.23	SESSION-71cb82af8f37b35d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-779f746558d2d979:host:177.10.235.169	SESSION-779f746558d2d979 → host:177.10.235.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d0c24f0912a7520:host:172.234.197.23	SESSION-9d0c24f0912a7520 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ce53b2931ed237cb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-ce53b2931ed237cb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-b9d6fb279031158e:host:177.10.238.210	SESSION-b9d6fb279031158e → host:177.10.238.210
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d77475f82108632b:host:172.234.197.23:host:131.196.31.86	SESSION-d77475f82108632b → host:172.234.197.23 → host:131.196.31.86
FLOW_DST_PORTOBS	e:fp:flow:ed3aea9970ac:port:tcp:443	flow:ed3aea9970ac → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c393069a667f4e79:host:131.196.28.238:host:172.234.197.23	SESSION-c393069a667f4e79 → host:131.196.28.238 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-174ad36923ec98ba:host:177.10.238.87	SESSION-174ad36923ec98ba → host:177.10.238.87
FLOW_TO_HOSTOBS	e:to:SESSION-5a9915da62b53f74:host:172.234.197.23	SESSION-5a9915da62b53f74 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-919126906ac50297:SESSION-919126906ac50297	SESSION-919126906ac50297 → pe:syn:SESSION-919126906ac50297
flow_observed5-aryOBS	e:fo:flow:337a509c562d	flow:337a509c562d → host:177.10.238.50 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5c439db2cd1990c9:SESSION-5c439db2cd1990c9	SESSION-5c439db2cd1990c9 → pe:syn:SESSION-5c439db2cd1990c9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a247b2224692840d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-a247b2224692840d → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-de46def2c97c3533:host:172.234.197.23	SESSION-de46def2c97c3533 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4628aedb62e0673e:host:172.234.197.23	SESSION-4628aedb62e0673e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c92acfae26c49330:SESSION-c92acfae26c49330	SESSION-c92acfae26c49330 → pe:syn:SESSION-c92acfae26c49330
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cddf604912330e1b:SESSION-cddf604912330e1b	SESSION-cddf604912330e1b → pe:tls:SESSION-cddf604912330e1b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a782bfdef89df980:SESSION-a782bfdef89df980	SESSION-a782bfdef89df980 → pe:tls:SESSION-a782bfdef89df980
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-111e536a3f33c549:SESSION-111e536a3f33c549	SESSION-111e536a3f33c549 → pe:syn:SESSION-111e536a3f33c549
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4dcbfb7362ab6402:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-4dcbfb7362ab6402 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:676488f06f59	flow:676488f06f59 → host:177.10.235.178 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.253:asn:203771	host:185.231.226.253 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df1a511d64dc2d8e:host:172.234.197.23	SESSION-df1a511d64dc2d8e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9886228ef28af254:host:172.234.197.23:host:177.10.233.88	SESSION-9886228ef28af254 → host:172.234.197.23 → host:177.10.233.88
FLOW_FROM_HOSTOBS	e:from:SESSION-2625555cac004c06:host:172.234.197.23	SESSION-2625555cac004c06 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.70:asn:262880	host:177.10.239.70 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-80f99961f353c40e:host:104.28.202.80	SESSION-80f99961f353c40e → host:104.28.202.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2c59cadc4597ab32:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-2c59cadc4597ab32 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.160:asn:262880	host:177.10.232.160 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-86b498cacf4afadd:host:45.173.156.82:host:172.234.197.23	SESSION-86b498cacf4afadd → host:45.173.156.82 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0a248a4219ae:port:tcp:26829	flow:0a248a4219ae → port:tcp:26829
flow_observed4-aryOBS	e:fo:flow:69cea22f1850	flow:69cea22f1850 → host:172.234.197.23 → host:131.196.28.240 → port:tcp:35200
FLOW_TO_HOSTOBS	e:to:SESSION-b05f07ed9250ae8e:host:172.234.197.23	SESSION-b05f07ed9250ae8e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b07a5e743a2061fa:flow:8a0e70692d19	SESSION-b07a5e743a2061fa → flow:8a0e70692d19
FLOW_TO_HOSTOBS	e:to:SESSION-55aa5069b830c261:host:172.234.197.23	SESSION-55aa5069b830c261 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0ea66afd66f329a0:host:172.234.197.23	SESSION-0ea66afd66f329a0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7832d3594ed31e4:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-b7832d3594ed31e4 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-275d804358752875:PCAP:capture_20260430070001:903a0e7a436b	SESSION-275d804358752875 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1a46a988dc3d14a3:SESSION-1a46a988dc3d14a3	SESSION-1a46a988dc3d14a3 → pe:tls:SESSION-1a46a988dc3d14a3
FLOW_TO_HOSTOBS	e:to:SESSION-122c3f68e4c2a7ca:host:172.234.197.23	SESSION-122c3f68e4c2a7ca → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db907559277cbdbb:host:172.234.197.23:host:177.10.234.210	SESSION-db907559277cbdbb → host:172.234.197.23 → host:177.10.234.210
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2bcd65d8e62fc5a1:host:177.10.234.39	SESSION-2bcd65d8e62fc5a1 → host:177.10.234.39
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f57ffeba62df89fa:host:172.234.197.23	SESSION-f57ffeba62df89fa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97b2355356a85562:host:177.10.232.129	SESSION-97b2355356a85562 → host:177.10.232.129
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-388e36b23caa508f:SESSION-388e36b23caa508f	SESSION-388e36b23caa508f → pe:tls:SESSION-388e36b23caa508f
FLOW_FROM_HOSTOBS	e:from:SESSION-df1edf3c82c78294:host:177.10.234.236	SESSION-df1edf3c82c78294 → host:177.10.234.236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bb20bb92bfdba895:SESSION-bb20bb92bfdba895	SESSION-bb20bb92bfdba895 → pe:syn:SESSION-bb20bb92bfdba895
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1bb46c5efd0c0159:host:131.196.28.212	SESSION-1bb46c5efd0c0159 → host:131.196.28.212
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c766f181ead012ae:host:172.234.197.23	SESSION-c766f181ead012ae → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:554b73d85e05	flow:554b73d85e05 → host:131.196.31.183 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b0fec424d0db7c3:flow:b6d722c11701	SESSION-7b0fec424d0db7c3 → flow:b6d722c11701
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2f4918b67fbcc63f:SESSION-2f4918b67fbcc63f	SESSION-2f4918b67fbcc63f → pe:syn:SESSION-2f4918b67fbcc63f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f81fa7919a8c03a8:host:172.234.197.23	SESSION-f81fa7919a8c03a8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1600cc83b8cea24d:host:131.196.31.26:host:172.234.197.23	SESSION-1600cc83b8cea24d → host:131.196.31.26 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c6e69b3f05bcd99:host:177.10.239.84	SESSION-7c6e69b3f05bcd99 → host:177.10.239.84
FLOW_TO_HOSTOBS	e:to:SESSION-afeab5601fa36440:host:172.234.197.23	SESSION-afeab5601fa36440 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:fac7861925ae	flow:fac7861925ae → host:172.234.197.23 → host:177.10.235.60 → port:tcp:30010
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d5b56d4198adefd3:SESSION-d5b56d4198adefd3	SESSION-d5b56d4198adefd3 → pe:syn:SESSION-d5b56d4198adefd3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2e85a67565660f7c:SESSION-2e85a67565660f7c	SESSION-2e85a67565660f7c → pe:tls:SESSION-2e85a67565660f7c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fb163f3769ccb67:host:131.196.31.235	SESSION-1fb163f3769ccb67 → host:131.196.31.235
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8d9cfeb1a925e0c3:host:172.234.197.23:host:177.10.232.133	SESSION-8d9cfeb1a925e0c3 → host:172.234.197.23 → host:177.10.232.133
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e673f566483c0ed3:SESSION-e673f566483c0ed3	SESSION-e673f566483c0ed3 → pe:syn:SESSION-e673f566483c0ed3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c5ed9f49ee99549f:SESSION-c5ed9f49ee99549f	SESSION-c5ed9f49ee99549f → pe:tls:SESSION-c5ed9f49ee99549f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bd66824284de98ed:SESSION-bd66824284de98ed	SESSION-bd66824284de98ed → pe:syn:SESSION-bd66824284de98ed
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5fcbc735dfd8018d:SESSION-5fcbc735dfd8018d	SESSION-5fcbc735dfd8018d → pe:tls:SESSION-5fcbc735dfd8018d
flow_observed4-aryOBS	e:fo:flow:90f47a433baa	flow:90f47a433baa → host:172.234.197.23 → host:177.10.236.101 → port:tcp:8762
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc7ab250b87b35be:SESSION-cc7ab250b87b35be	SESSION-cc7ab250b87b35be → pe:tls:SESSION-cc7ab250b87b35be
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a22e38c714d83c7:host:177.10.233.199	SESSION-3a22e38c714d83c7 → host:177.10.233.199
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8dff22511e3d5727:SESSION-8dff22511e3d5727	SESSION-8dff22511e3d5727 → pe:tls:SESSION-8dff22511e3d5727
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d2d17a1375ada26:host:172.234.197.23	SESSION-9d2d17a1375ada26 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-355b17fab14031de:PCAP:capture_20260430090001:065659c7d314	SESSION-355b17fab14031de → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-7a22eb4c95bd17b8:host:172.234.197.23	SESSION-7a22eb4c95bd17b8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b6b757282734812:host:172.234.197.23	SESSION-4b6b757282734812 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e55b6d94395b:port:tcp:443	flow:e55b6d94395b → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-edebc7da73e26840:flow:089584818b89	SESSION-edebc7da73e26840 → flow:089584818b89
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-13f8871a9bd8cb8e:SESSION-13f8871a9bd8cb8e	SESSION-13f8871a9bd8cb8e → pe:syn:SESSION-13f8871a9bd8cb8e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3d1337acddb52863:SESSION-3d1337acddb52863	SESSION-3d1337acddb52863 → pe:syn:SESSION-3d1337acddb52863
FLOW_TO_HOSTOBS	e:to:SESSION-9f5d8e8d5ecc4e1f:host:131.196.29.225	SESSION-9f5d8e8d5ecc4e1f → host:131.196.29.225
flow_observed4-aryOBS	e:fo:flow:288111f38e5f	flow:288111f38e5f → host:172.234.197.23 → host:131.196.29.167 → port:tcp:49074
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7139746cbd677852:flow:f74617d5541f	SESSION-7139746cbd677852 → flow:f74617d5541f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-753bfef963e546aa:host:172.234.197.23	SESSION-753bfef963e546aa → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:145bd14ae672	flow:145bd14ae672 → host:177.10.235.128 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-2ef18db4a9eedd9d:host:131.196.29.139	SESSION-2ef18db4a9eedd9d → host:131.196.29.139
FLOW_DST_PORTOBS	e:fp:flow:b62b43632213:port:tcp:45378	flow:b62b43632213 → port:tcp:45378
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:94.183.177.120:geo_35.68240_51.41580	host:94.183.177.120 → geo_35.68240_51.41580
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30ddbb300887e80e:host:177.10.236.89	SESSION-30ddbb300887e80e → host:177.10.236.89
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47699582b69b5d99:flow:239159cb0e4e	SESSION-47699582b69b5d99 → flow:239159cb0e4e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-acd63ec8ffcea8e7:host:131.196.29.228:host:172.234.197.23	SESSION-acd63ec8ffcea8e7 → host:131.196.29.228 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-23e0f212525e0a86:host:177.10.232.122	SESSION-23e0f212525e0a86 → host:177.10.232.122
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3bc35cbabc9b015e:SESSION-3bc35cbabc9b015e	SESSION-3bc35cbabc9b015e → pe:syn:SESSION-3bc35cbabc9b015e
FLOW_DST_PORTOBS	e:fp:flow:d39c7cd1ee50:port:tcp:443	flow:d39c7cd1ee50 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-7bea4de6efa859da:host:177.10.238.194	SESSION-7bea4de6efa859da → host:177.10.238.194
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ec91eda6d4bd732e:flow:3ba452c5658f	SESSION-ec91eda6d4bd732e → flow:3ba452c5658f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ae37191400d64fc:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2ae37191400d64fc → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-61e3533744fe7104:host:172.234.197.23	SESSION-61e3533744fe7104 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9429230c27071ffa:host:172.234.197.23	SESSION-9429230c27071ffa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8405fabd9aa330c8:host:177.10.234.128	SESSION-8405fabd9aa330c8 → host:177.10.234.128
FLOW_FROM_HOSTOBS	e:from:SESSION-ee5756ac65b5ed68:host:131.196.30.223	SESSION-ee5756ac65b5ed68 → host:131.196.30.223
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b135329a33dc60c2:host:172.234.197.23	SESSION-b135329a33dc60c2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e6d45a86f046cac8:SESSION-e6d45a86f046cac8	SESSION-e6d45a86f046cac8 → pe:syn:SESSION-e6d45a86f046cac8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7ee8538a8ddcb6ee:SESSION-7ee8538a8ddcb6ee	SESSION-7ee8538a8ddcb6ee → pe:tls:SESSION-7ee8538a8ddcb6ee
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.146:geo_-23.62930_-46.63510	host:131.196.28.146 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-abaf8d71fe47df1c:host:177.10.239.246	SESSION-abaf8d71fe47df1c → host:177.10.239.246
FLOW_FROM_HOSTOBS	e:from:SESSION-f2f7ca9f61df30fd:host:177.10.232.216	SESSION-f2f7ca9f61df30fd → host:177.10.232.216
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e12300b6212ab14:host:131.196.31.124	SESSION-7e12300b6212ab14 → host:131.196.31.124
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-43d9721f29111779:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-43d9721f29111779 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:0d2a7c280705:port:tcp:443	flow:0d2a7c280705 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:bf0d984d5e42:port:tcp:443	flow:bf0d984d5e42 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-8d5b41a2eb16ae40:host:45.173.156.190	SESSION-8d5b41a2eb16ae40 → host:45.173.156.190
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ab42e00b724a7daa:SESSION-ab42e00b724a7daa	SESSION-ab42e00b724a7daa → pe:syn:SESSION-ab42e00b724a7daa
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-33bdca28f4470cd7:PCAP:capture_20260430150001:ded20914761d	SESSION-33bdca28f4470cd7 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-31068e75a101287d:SESSION-31068e75a101287d	SESSION-31068e75a101287d → pe:syn:SESSION-31068e75a101287d
flow_observed4-aryOBS	e:fo:flow:84ed01f64073	flow:84ed01f64073 → host:172.234.197.23 → host:45.173.156.116 → port:tcp:37776
FLOW_TO_HOSTOBS	e:to:SESSION-ce6819df966f00de:host:172.234.197.23	SESSION-ce6819df966f00de → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f34bafe5f2be5770:host:172.234.197.23	SESSION-f34bafe5f2be5770 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-49ea9885c560f158:PCAP:capture_20260430090001:065659c7d314	SESSION-49ea9885c560f158 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-167179e2a869fa22:flow:4b45b8ab033c	SESSION-167179e2a869fa22 → flow:4b45b8ab033c
flow_observed5-aryOBS	e:fo:flow:a853b92280fb	flow:a853b92280fb → host:177.10.232.160 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6dadefe349dd79f6:host:131.196.31.111	SESSION-6dadefe349dd79f6 → host:131.196.31.111
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.191:geo_-16.28860_-49.01640	host:177.10.235.191 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5e93d3fe416fcd95:flow:54efcc92c2b2	SESSION-5e93d3fe416fcd95 → flow:54efcc92c2b2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.15:asn:262880	host:177.10.233.15 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.234:asn:271410	host:131.196.28.234 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-60281e53e47bfb2b:SESSION-60281e53e47bfb2b	SESSION-60281e53e47bfb2b → pe:syn:SESSION-60281e53e47bfb2b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6cfabb521c7f73a1:flow:a47a7c567369	SESSION-6cfabb521c7f73a1 → flow:a47a7c567369
FLOW_TO_HOSTOBS	e:to:SESSION-44a5aa522f98da19:host:172.234.197.23	SESSION-44a5aa522f98da19 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c3a58fc1fb15d0c4:host:131.196.31.8	SESSION-c3a58fc1fb15d0c4 → host:131.196.31.8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a79875656e67c68:host:177.10.233.98	SESSION-0a79875656e67c68 → host:177.10.233.98
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62b0720ae8fecbf5:host:172.234.197.23	SESSION-62b0720ae8fecbf5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1d152bdff2d4d10:host:177.10.232.121:host:172.234.197.23	SESSION-d1d152bdff2d4d10 → host:177.10.232.121 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c49f5291ee3911b4:host:131.196.28.230	SESSION-c49f5291ee3911b4 → host:131.196.28.230
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.4:asn:262880	host:177.10.233.4 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7488427d80d09cd9:flow:967fffb4bafe	SESSION-7488427d80d09cd9 → flow:967fffb4bafe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-99e2981b3b5fa520:SESSION-99e2981b3b5fa520	SESSION-99e2981b3b5fa520 → pe:tls:SESSION-99e2981b3b5fa520
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8c60a94331c3e233:SESSION-8c60a94331c3e233	SESSION-8c60a94331c3e233 → pe:tls:SESSION-8c60a94331c3e233
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9335dee651513692:PCAP:capture_20260430070001:903a0e7a436b	SESSION-9335dee651513692 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-996c7a5f028b9d80:host:177.10.234.73	SESSION-996c7a5f028b9d80 → host:177.10.234.73
flow_observed5-aryOBS	e:fo:flow:48fe1a33ef41	flow:48fe1a33ef41 → host:131.196.29.225 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-576e43142f03a150:SESSION-576e43142f03a150	SESSION-576e43142f03a150 → pe:tls:SESSION-576e43142f03a150
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db60e018ea4d304a:SESSION-db60e018ea4d304a	SESSION-db60e018ea4d304a → pe:syn:SESSION-db60e018ea4d304a
flow_observed4-aryOBS	e:fo:flow:d26665ca5ede	flow:d26665ca5ede → host:172.234.197.23 → host:177.10.236.115 → port:tcp:45330
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8fce0c61e3d0bf9:host:18.183.88.164	SESSION-b8fce0c61e3d0bf9 → host:18.183.88.164
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.65:geo_-16.28860_-49.01640	host:177.10.232.65 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-0fe55e7c11d50f79:host:172.234.197.23	SESSION-0fe55e7c11d50f79 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6c15e0230f45f826:PCAP:capture_20260430090001:065659c7d314	SESSION-6c15e0230f45f826 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-355b17fab14031de:host:177.10.233.70	SESSION-355b17fab14031de → host:177.10.233.70
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-74a0cb408b3fb354:flow:f3f20a5f13f0	SESSION-74a0cb408b3fb354 → flow:f3f20a5f13f0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2c4d285e0a09c2a4:SESSION-2c4d285e0a09c2a4	SESSION-2c4d285e0a09c2a4 → pe:tls:SESSION-2c4d285e0a09c2a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fb9800c0b594ef9b:PCAP:capture_20260430110001:43611bdf6759	SESSION-fb9800c0b594ef9b → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f228c5492216a597:host:172.234.197.23	SESSION-f228c5492216a597 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.225:asn:273470	host:45.173.156.225 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c55eb6f1c0bb6137:host:172.234.197.23	SESSION-c55eb6f1c0bb6137 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d13284d1e9c6a901:host:172.234.197.23:host:177.10.236.170	SESSION-d13284d1e9c6a901 → host:172.234.197.23 → host:177.10.236.170
FLOW_DST_PORTOBS	e:fp:flow:28f3f26a1ea2:port:tcp:443	flow:28f3f26a1ea2 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-465906ddd8becee4:PCAP:capture_20260430160001:9bfa4498506a	SESSION-465906ddd8becee4 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed4-aryOBS	e:fo:flow:df716d9e6ea3	flow:df716d9e6ea3 → host:172.234.197.23 → host:177.10.239.122 → port:tcp:37974
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9af350d3c0c51da5:host:172.234.197.23	SESSION-9af350d3c0c51da5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5dbf12d77f23d3eb:flow:1604b7d7ac07	SESSION-5dbf12d77f23d3eb → flow:1604b7d7ac07
FLOW_TO_HOSTOBS	e:to:SESSION-175dd6ba51fb3cf7:host:172.234.197.23	SESSION-175dd6ba51fb3cf7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bc4f127cbdf1d5a3:host:177.10.235.121	SESSION-bc4f127cbdf1d5a3 → host:177.10.235.121
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4799248f1ba6e544:host:177.10.232.222	SESSION-4799248f1ba6e544 → host:177.10.232.222
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24ee1f6ef023209d:host:172.234.197.23	SESSION-24ee1f6ef023209d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f6dc10e80159	flow:f6dc10e80159 → host:45.173.156.48 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9fad2531a6ee4032:flow:3aa20074c93a	SESSION-9fad2531a6ee4032 → flow:3aa20074c93a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-72411a82d36d6add:PCAP:capture_20260430050001:8868731bf8a4	SESSION-72411a82d36d6add → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:c11eda38705a:port:tcp:443	flow:c11eda38705a → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-2235ad305872b9c2:host:131.196.29.125	SESSION-2235ad305872b9c2 → host:131.196.29.125
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8bd396f5705de0fe:flow:aa5fbcda671d	SESSION-8bd396f5705de0fe → flow:aa5fbcda671d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5bab109b42e3a8d7:SESSION-5bab109b42e3a8d7	SESSION-5bab109b42e3a8d7 → pe:syn:SESSION-5bab109b42e3a8d7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a9b85b89d918f42:host:131.196.30.75	SESSION-8a9b85b89d918f42 → host:131.196.30.75
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-24ac712a23adf430:PCAP:capture_20260430090001:065659c7d314	SESSION-24ac712a23adf430 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20552151cee2e1af:host:45.173.156.78	SESSION-20552151cee2e1af → host:45.173.156.78
flow_observed5-aryOBS	e:fo:flow:d82d84b392c5	flow:d82d84b392c5 → host:131.196.31.180 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ed2dc2be6795ae2:PCAP:capture_20260430110001:43611bdf6759	SESSION-5ed2dc2be6795ae2 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-4fb4b7758d99e149:host:177.10.237.237	SESSION-4fb4b7758d99e149 → host:177.10.237.237
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.240:asn:271410	host:131.196.29.240 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-f2f7ca9f61df30fd:host:172.234.197.23	SESSION-f2f7ca9f61df30fd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c82cc9c39e4191e7:host:172.234.197.23	SESSION-c82cc9c39e4191e7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.22:geo_-23.62930_-46.63510	host:131.196.29.22 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-98d504bd384337f5:flow:f9c08ac7fdde	SESSION-98d504bd384337f5 → flow:f9c08ac7fdde
FLOW_FROM_HOSTOBS	e:from:SESSION-0ccbf098e115515a:host:177.10.232.65	SESSION-0ccbf098e115515a → host:177.10.232.65
FLOW_FROM_HOSTOBS	e:from:SESSION-5ccbfb0ac760822d:host:45.173.156.134	SESSION-5ccbfb0ac760822d → host:45.173.156.134
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a2f82c2a85816be:SESSION-4a2f82c2a85816be	SESSION-4a2f82c2a85816be → pe:syn:SESSION-4a2f82c2a85816be
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bfa302feda190a0:host:131.196.30.142	SESSION-3bfa302feda190a0 → host:131.196.30.142
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7ac71f2f2355e0bb:flow:4e7ca29ac410	SESSION-7ac71f2f2355e0bb → flow:4e7ca29ac410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-97344bc6f8ca22f4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-97344bc6f8ca22f4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-94dde62df04dcb4a:flow:099a35dadd87	SESSION-94dde62df04dcb4a → flow:099a35dadd87
FLOW_FROM_HOSTOBS	e:from:SESSION-44f16a8e9c86ada8:host:177.10.235.158	SESSION-44f16a8e9c86ada8 → host:177.10.235.158
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dde31743640b587a:host:172.234.197.23	SESSION-dde31743640b587a → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:696886d3d3f0	flow:696886d3d3f0 → host:172.234.197.23 → host:177.10.239.99 → port:tcp:39744
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-266bac80b9ef8487:host:172.234.197.23	SESSION-266bac80b9ef8487 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6d93e05fe8ec7e58:host:131.196.29.35	SESSION-6d93e05fe8ec7e58 → host:131.196.29.35
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6aca00d0413062e5:flow:0269809e9208	SESSION-6aca00d0413062e5 → flow:0269809e9208
FLOW_TO_HOSTOBS	e:to:SESSION-f8396d269748cb9c:host:172.234.197.23	SESSION-f8396d269748cb9c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3abeeb1965d0	flow:3abeeb1965d0 → host:94.130.10.221 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.224.181.45:geo_52.51960_13.40690	host:51.224.181.45 → geo_52.51960_13.40690
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.173:asn:262880	host:177.10.234.173 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-16a55bcfd76736b7:host:172.234.197.23	SESSION-16a55bcfd76736b7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.77:geo_-21.10010_-41.69200	host:45.173.156.77 → geo_-21.10010_-41.69200
flow_observed5-aryOBS	e:fo:flow:defe2d99c9e5	flow:defe2d99c9e5 → host:177.10.234.219 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:e424d1b2ba4a	flow:e424d1b2ba4a → host:172.234.197.23 → host:131.196.30.104 → port:tcp:59604
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8cc052a984adc75:host:172.234.197.23	SESSION-d8cc052a984adc75 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-58fb8de1a3a0b1f1:host:172.234.197.23	SESSION-58fb8de1a3a0b1f1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d13284d1e9c6a901:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d13284d1e9c6a901 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c84f2bc6bdec600e:SESSION-c84f2bc6bdec600e	SESSION-c84f2bc6bdec600e → pe:tls:SESSION-c84f2bc6bdec600e
FLOW_FROM_HOSTOBS	e:from:SESSION-f7bf4f785679ea3b:host:177.10.234.28	SESSION-f7bf4f785679ea3b → host:177.10.234.28
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4d1e35f842f44326:SESSION-4d1e35f842f44326	SESSION-4d1e35f842f44326 → pe:tls:SESSION-4d1e35f842f44326
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-13bd66b79cddeec8:SESSION-13bd66b79cddeec8	SESSION-13bd66b79cddeec8 → pe:syn:SESSION-13bd66b79cddeec8
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-c716fd204e4ddd99:BSG-BEACON-f6c2b3d0e42d	SESSION-c716fd204e4ddd99 → BSG-BEACON-f6c2b3d0e42d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f60661a19246ebd9:SESSION-f60661a19246ebd9	SESSION-f60661a19246ebd9 → pe:syn:SESSION-f60661a19246ebd9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-366e271d3ddb3e11:SESSION-366e271d3ddb3e11	SESSION-366e271d3ddb3e11 → pe:syn:SESSION-366e271d3ddb3e11
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a9091855f21b6bb:host:177.10.236.213:host:172.234.197.23	SESSION-0a9091855f21b6bb → host:177.10.236.213 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.235:geo_-23.62930_-46.63510	host:131.196.28.235 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-63e564f28f734573:flow:2d8b8a6b6bad	SESSION-63e564f28f734573 → flow:2d8b8a6b6bad
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96c13a83414ab25f:host:177.10.234.64	SESSION-96c13a83414ab25f → host:177.10.234.64
FLOW_DST_PORTOBS	e:fp:flow:211bfd4012e1:port:tcp:443	flow:211bfd4012e1 → port:tcp:443
FLOW_TLS_SNIOBS	e:fs:flow:64b9edd120d2:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:64b9edd120d2 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_DST_PORTOBS	e:fp:flow:0a1e22c3bd61:port:tcp:443	flow:0a1e22c3bd61 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6315d280130065c8:host:172.234.197.23:host:131.196.31.86	SESSION-6315d280130065c8 → host:172.234.197.23 → host:131.196.31.86
FLOW_DST_PORTOBS	e:fp:flow:d44f21536855:port:tcp:443	flow:d44f21536855 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0482ff4f8e4ec953:SESSION-0482ff4f8e4ec953	SESSION-0482ff4f8e4ec953 → pe:syn:SESSION-0482ff4f8e4ec953
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a24ab62cbf4deb47:PCAP:capture_20260430060001:919b39a74464	SESSION-a24ab62cbf4deb47 → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:f316080d1441	flow:f316080d1441 → host:177.10.237.4 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d24a424002821105:host:131.196.31.136:host:172.234.197.23	SESSION-d24a424002821105 → host:131.196.31.136 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d00f55e5db951c5:PCAP:capture_20260430160001:9bfa4498506a	SESSION-1d00f55e5db951c5 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60f4d0af24f032dd:host:172.234.197.23	SESSION-60f4d0af24f032dd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-779d668625040802:host:172.234.197.23	SESSION-779d668625040802 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ff9e556bf199706:SESSION-6ff9e556bf199706	SESSION-6ff9e556bf199706 → pe:syn:SESSION-6ff9e556bf199706
FLOW_DST_PORTOBS	e:fp:flow:143027392511:port:tcp:443	flow:143027392511 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-14d5e1e17a6f21ad:host:172.234.197.23	SESSION-14d5e1e17a6f21ad → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c7ece8090c9a4b7f:SESSION-c7ece8090c9a4b7f	SESSION-c7ece8090c9a4b7f → pe:syn:SESSION-c7ece8090c9a4b7f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-df6efecba493c79c:SESSION-df6efecba493c79c	SESSION-df6efecba493c79c → pe:tls:SESSION-df6efecba493c79c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a55eb245a4ca8dde:host:131.196.29.127:host:172.234.197.23	SESSION-a55eb245a4ca8dde → host:131.196.29.127 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.175:asn:262880	host:177.10.239.175 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84186d30322c849e:host:172.234.197.23	SESSION-84186d30322c849e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2edb1208bb0bd400:flow:8bd242be2a31	SESSION-2edb1208bb0bd400 → flow:8bd242be2a31
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b2aed99cc8c09f5c:SESSION-b2aed99cc8c09f5c	SESSION-b2aed99cc8c09f5c → pe:syn:SESSION-b2aed99cc8c09f5c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-228e058fc2527275:host:177.10.235.118:host:172.234.197.23	SESSION-228e058fc2527275 → host:177.10.235.118 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-57494845d8eca477:SESSION-57494845d8eca477	SESSION-57494845d8eca477 → pe:syn:SESSION-57494845d8eca477
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.232:geo_-16.28860_-49.01640	host:177.10.236.232 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-693fee7d62fe51b9:host:172.234.197.23	SESSION-693fee7d62fe51b9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6634561e4b2b2821:SESSION-6634561e4b2b2821	SESSION-6634561e4b2b2821 → pe:syn:SESSION-6634561e4b2b2821
FLOW_TO_HOSTOBS	e:to:SESSION-f56950d8d19e118b:host:172.234.197.23	SESSION-f56950d8d19e118b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f9376bb56e1e	flow:f9376bb56e1e → host:177.10.239.166 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-999a3a68382b7707:host:172.234.197.23	SESSION-999a3a68382b7707 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cf07a99306d1414b:host:172.234.197.23	SESSION-cf07a99306d1414b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf988ed4220ca0ac:host:177.10.233.42	SESSION-bf988ed4220ca0ac → host:177.10.233.42
FLOW_DST_PORTOBS	e:fp:flow:3611369f9fee:port:tcp:62665	flow:3611369f9fee → port:tcp:62665
FLOW_DST_PORTOBS	e:fp:flow:edbd06217f28:port:tcp:443	flow:edbd06217f28 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:f9376bb56e1e:port:tcp:443	flow:f9376bb56e1e → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-5a6e84a9f98e2c60:host:172.234.197.23	SESSION-5a6e84a9f98e2c60 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.237:asn:262880	host:177.10.234.237 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b1dabd85b6a07947:PCAP:capture_20260430090001:065659c7d314	SESSION-b1dabd85b6a07947 → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.94:asn:273470	host:45.173.156.94 → asn:273470
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-996af5414634114f:BSG-BEACON-08f229190f12	SESSION-996af5414634114f → BSG-BEACON-08f229190f12
FLOW_FROM_HOSTOBS	e:from:SESSION-1c5a72a6fbc2381d:host:131.196.29.205	SESSION-1c5a72a6fbc2381d → host:131.196.29.205
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-917ad6cf3046e17b:host:172.234.197.23	SESSION-917ad6cf3046e17b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e4dd8b9d1b64d369:host:172.234.197.23	SESSION-e4dd8b9d1b64d369 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-46a01539128daee6:host:131.196.31.201:host:172.234.197.23	SESSION-46a01539128daee6 → host:131.196.31.201 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81a82597e7e06ed6:host:172.234.197.23	SESSION-81a82597e7e06ed6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:dcc75c058cb6	flow:dcc75c058cb6 → host:45.173.156.138 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-8c917f93463d3774:host:172.234.197.23	SESSION-8c917f93463d3774 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8749b2c626b3f1be:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8749b2c626b3f1be → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.16:geo_-16.28860_-49.01640	host:177.10.233.16 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:4cdfd20426a3	flow:4cdfd20426a3 → host:177.10.232.253 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e9dc14d87b5185c:host:177.10.237.98	SESSION-5e9dc14d87b5185c → host:177.10.237.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-122d3bc093be76f2:SESSION-122d3bc093be76f2	SESSION-122d3bc093be76f2 → pe:tls:SESSION-122d3bc093be76f2
flow_observed5-aryOBS	e:fo:flow:2d49d0a052df	flow:2d49d0a052df → host:177.10.235.21 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-98e2e9e1db14446c:SESSION-98e2e9e1db14446c	SESSION-98e2e9e1db14446c → pe:tls:SESSION-98e2e9e1db14446c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-79b864f146b8f07b:PCAP:capture_20260430060001:919b39a74464	SESSION-79b864f146b8f07b → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:f97864e9b884:port:tcp:443	flow:f97864e9b884 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5fe8ac015ba2db65:flow:184a61da04f3	SESSION-5fe8ac015ba2db65 → flow:184a61da04f3
FLOW_FROM_HOSTOBS	e:from:SESSION-d58e8fad9dafe114:host:131.196.28.178	SESSION-d58e8fad9dafe114 → host:131.196.28.178
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e01d63cbcaad0b90:flow:e7be3acac213	SESSION-e01d63cbcaad0b90 → flow:e7be3acac213
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.209:geo_-16.28860_-49.01640	host:177.10.238.209 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7ccf0be9923f197d:SESSION-7ccf0be9923f197d	SESSION-7ccf0be9923f197d → pe:syn:SESSION-7ccf0be9923f197d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6635e725f15c4a26:host:131.196.31.30	SESSION-6635e725f15c4a26 → host:131.196.31.30
flow_observed5-aryOBS	e:fo:flow:f2a3fd514057	flow:f2a3fd514057 → host:45.173.156.194 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:2002322f6670	flow:2002322f6670 → host:177.10.236.96 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-95e8a61a9d5e6397:host:172.234.197.23:host:177.10.235.166	SESSION-95e8a61a9d5e6397 → host:172.234.197.23 → host:177.10.235.166
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-161d2a74a24978d6:host:172.234.197.23	SESSION-161d2a74a24978d6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07a584f2a7f89f38:host:172.234.197.23	SESSION-07a584f2a7f89f38 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.211:asn:273470	host:45.173.156.211 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-b4e7d8d3f995a1a9:host:177.10.237.55	SESSION-b4e7d8d3f995a1a9 → host:177.10.237.55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-07a584f2a7f89f38:SESSION-07a584f2a7f89f38	SESSION-07a584f2a7f89f38 → pe:rst:SESSION-07a584f2a7f89f38
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b16751dae4d82103:host:172.234.197.23	SESSION-b16751dae4d82103 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:83496f8172a2	flow:83496f8172a2 → host:131.196.29.161 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fbcca05a1b3df0cf:host:172.234.197.23	SESSION-fbcca05a1b3df0cf → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-24ee1f6ef023209d:host:177.10.234.22:host:172.234.197.23	SESSION-24ee1f6ef023209d → host:177.10.234.22 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8feeff9d44d6e844:host:172.234.197.23	SESSION-8feeff9d44d6e844 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-14d517e62aef6020:SESSION-14d517e62aef6020	SESSION-14d517e62aef6020 → pe:tls:SESSION-14d517e62aef6020
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6e3139069f2c261e:SESSION-6e3139069f2c261e	SESSION-6e3139069f2c261e → pe:syn:SESSION-6e3139069f2c261e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6f61464efb17d4b1:SESSION-6f61464efb17d4b1	SESSION-6f61464efb17d4b1 → pe:tls:SESSION-6f61464efb17d4b1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31cda31fe1b0dd07:host:172.234.197.23	SESSION-31cda31fe1b0dd07 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1274fc3e3cafac71:SESSION-1274fc3e3cafac71	SESSION-1274fc3e3cafac71 → pe:tls:SESSION-1274fc3e3cafac71
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0b228975a6eff356:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0b228975a6eff356 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e867c3054a212916:host:195.20.104.8	SESSION-e867c3054a212916 → host:195.20.104.8
FLOW_DST_PORTOBS	e:fp:flow:f3381dfc2bf4:port:tcp:443	flow:f3381dfc2bf4 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dd4c16dfff279521:PCAP:capture_20260430080001:93f47cc296a4	SESSION-dd4c16dfff279521 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-62458b132c4d6b0d:host:131.196.30.126:host:172.234.197.23	SESSION-62458b132c4d6b0d → host:131.196.30.126 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0228dcfe5eb3ed0e:host:177.10.235.1	SESSION-0228dcfe5eb3ed0e → host:177.10.235.1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ee6825b3a9be6d1:SESSION-6ee6825b3a9be6d1	SESSION-6ee6825b3a9be6d1 → pe:syn:SESSION-6ee6825b3a9be6d1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a498324f9fce7e9:host:177.10.239.11	SESSION-0a498324f9fce7e9 → host:177.10.239.11
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fef5a77f946ef097:SESSION-fef5a77f946ef097	SESSION-fef5a77f946ef097 → pe:syn:SESSION-fef5a77f946ef097
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a015ddbfdf91f569:host:177.10.236.155	SESSION-a015ddbfdf91f569 → host:177.10.236.155
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9c30e2da5c8abbcf:PCAP:capture_20260430090001:065659c7d314	SESSION-9c30e2da5c8abbcf → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-002a4fad2ef08bcf:PCAP:capture_20260430060001:919b39a74464	SESSION-002a4fad2ef08bcf → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d60298c7dc6ec77f:host:177.10.234.118	SESSION-d60298c7dc6ec77f → host:177.10.234.118
FLOW_TO_HOSTOBS	e:to:SESSION-10017e021bbc0f25:host:177.10.233.24	SESSION-10017e021bbc0f25 → host:177.10.233.24
FLOW_TO_HOSTOBS	e:to:SESSION-a38d88507263cddf:host:45.173.156.173	SESSION-a38d88507263cddf → host:45.173.156.173
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8739e7552ccb5cc0:host:177.10.234.194:host:172.234.197.23	SESSION-8739e7552ccb5cc0 → host:177.10.234.194 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6e7d46ad1b0c983:host:172.234.197.23	SESSION-d6e7d46ad1b0c983 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cef4b415a72da702:flow:8b0b2d1539d6	SESSION-cef4b415a72da702 → flow:8b0b2d1539d6
FLOW_DST_PORTOBS	e:fp:flow:e0d8beafc856:port:tcp:24088	flow:e0d8beafc856 → port:tcp:24088
FLOW_FROM_HOSTOBS	e:from:SESSION-bb9766ebe449a845:host:95.170.25.5	SESSION-bb9766ebe449a845 → host:95.170.25.5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2be48cd916ee7ccc:host:131.196.31.140:host:172.234.197.23	SESSION-2be48cd916ee7ccc → host:131.196.31.140 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-48cf6591de1d67a3:host:177.10.239.24	SESSION-48cf6591de1d67a3 → host:177.10.239.24
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a412381d3ec6112:host:131.196.28.22	SESSION-4a412381d3ec6112 → host:131.196.28.22
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fc01b506a83e5847:PCAP:capture_20260430160001:9bfa4498506a	SESSION-fc01b506a83e5847 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed4-aryOBS	e:fo:flow:0b4dff132ea3	flow:0b4dff132ea3 → host:172.234.197.23 → host:131.196.28.69 → port:tcp:47371
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-295a993db8b4e397:SESSION-295a993db8b4e397	SESSION-295a993db8b4e397 → pe:tls:SESSION-295a993db8b4e397
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a03207ab88db82b5:SESSION-a03207ab88db82b5	SESSION-a03207ab88db82b5 → pe:tls:SESSION-a03207ab88db82b5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.181:geo_-23.62930_-46.63510	host:131.196.30.181 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8958b8d9cf24f177:host:131.196.31.74	SESSION-8958b8d9cf24f177 → host:131.196.31.74
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ba12ba5c182aa430:SESSION-ba12ba5c182aa430	SESSION-ba12ba5c182aa430 → pe:tls:SESSION-ba12ba5c182aa430
FLOW_FROM_HOSTOBS	e:from:SESSION-8293f5a95baa645a:host:45.173.156.34	SESSION-8293f5a95baa645a → host:45.173.156.34
FLOW_FROM_HOSTOBS	e:from:SESSION-ded52056067d22b2:host:45.173.156.61	SESSION-ded52056067d22b2 → host:45.173.156.61
HOST_IN_ASNOBS 85%	e:ha:host:124.198.131.220:asn:210558	host:124.198.131.220 → asn:210558
FLOW_DST_PORTOBS	e:fp:flow:4d4917597a14:port:tcp:443	flow:4d4917597a14 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:8fc42904690b	flow:8fc42904690b → host:172.234.197.23 → host:131.196.29.170 → port:tcp:11030
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6da60a47e57e7ba3:host:45.173.156.243:host:172.234.197.23	SESSION-6da60a47e57e7ba3 → host:45.173.156.243 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-310a1cee325ffc65:host:45.173.156.178	SESSION-310a1cee325ffc65 → host:45.173.156.178
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-310a1cee325ffc65:SESSION-310a1cee325ffc65	SESSION-310a1cee325ffc65 → pe:tls:SESSION-310a1cee325ffc65
flow_observed4-aryOBS	e:fo:flow:6542cea94835	flow:6542cea94835 → host:172.234.197.23 → host:177.10.235.233 → port:tcp:31572
HOST_IN_ASNOBS 85%	e:ha:host:136.243.57.208:asn:24940	host:136.243.57.208 → asn:24940
FLOW_DST_PORTOBS	e:fp:flow:e53d7ed83f31:port:tcp:8751	flow:e53d7ed83f31 → port:tcp:8751
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e77787f9a5bab711:host:177.10.237.72	SESSION-e77787f9a5bab711 → host:177.10.237.72
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c89027ab2a1ddeda:flow:5059e0041202	SESSION-c89027ab2a1ddeda → flow:5059e0041202
FLOW_TO_HOSTOBS	e:to:SESSION-fe2a9708180e5d71:host:172.234.197.23	SESSION-fe2a9708180e5d71 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0fe55e7c11d50f79:SESSION-0fe55e7c11d50f79	SESSION-0fe55e7c11d50f79 → pe:syn:SESSION-0fe55e7c11d50f79
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85683c3aa8c095db:flow:d14117ba89ea	SESSION-85683c3aa8c095db → flow:d14117ba89ea
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dad0ff120323eed1:PCAP:capture_20260430080001:93f47cc296a4	SESSION-dad0ff120323eed1 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-25103b8a97127215:host:172.234.197.23	SESSION-25103b8a97127215 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d9a539c485f657b5:host:177.10.239.20	SESSION-d9a539c485f657b5 → host:177.10.239.20
FLOW_DST_PORTOBS	e:fp:flow:b53c87af663d:port:tcp:41889	flow:b53c87af663d → port:tcp:41889
FLOW_FROM_HOSTOBS	e:from:SESSION-4a4f6dd7436745b4:host:131.196.30.11	SESSION-4a4f6dd7436745b4 → host:131.196.30.11
flow_observed5-aryOBS	e:fo:flow:673591fae970	flow:673591fae970 → host:177.10.237.122 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01ac49b549a49417:host:172.234.197.23	SESSION-01ac49b549a49417 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-312ea7073c45e21c:flow:08e013e88cca	SESSION-312ea7073c45e21c → flow:08e013e88cca
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-206979254a17108f:host:177.10.239.191:host:172.234.197.23	SESSION-206979254a17108f → host:177.10.239.191 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-86f48b7df98fd466:flow:c871dd56570a	SESSION-86f48b7df98fd466 → flow:c871dd56570a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36d925db3c3b2591:host:177.10.235.61	SESSION-36d925db3c3b2591 → host:177.10.235.61
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.227:asn:262880	host:177.10.239.227 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6328c86c978f61df:PCAP:capture_20260430050001:8868731bf8a4	SESSION-6328c86c978f61df → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fb971e48f4a1e66e:host:177.10.235.202:host:172.234.197.23	SESSION-fb971e48f4a1e66e → host:177.10.235.202 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2f32bbf866d49408:PCAP:capture_20260430150001:ded20914761d	SESSION-2f32bbf866d49408 → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.222:geo_-16.28860_-49.01640	host:177.10.238.222 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1433a266c3f7170c:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1433a266c3f7170c → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed4-aryOBS	e:fo:flow:a1fc2ffae35a	flow:a1fc2ffae35a → host:172.234.197.23 → host:131.196.31.100 → port:tcp:25777
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-266bac80b9ef8487:host:45.173.156.219	SESSION-266bac80b9ef8487 → host:45.173.156.219
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1ec6b7d17caa72c:host:172.234.197.23	SESSION-d1ec6b7d17caa72c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ce1a5aa06c53f62:host:131.196.31.4	SESSION-8ce1a5aa06c53f62 → host:131.196.31.4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5f6c80d4cd630a20:flow:8ab7e6316a87	SESSION-5f6c80d4cd630a20 → flow:8ab7e6316a87
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-32ae480396f4c201:flow:5d8fbc6c3c79	SESSION-32ae480396f4c201 → flow:5d8fbc6c3c79
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e08dddd9edfa5277:flow:1a52f3634874	SESSION-e08dddd9edfa5277 → flow:1a52f3634874
FLOW_DST_PORTOBS	e:fp:flow:7a38503de520:port:tcp:443	flow:7a38503de520 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:b264639bb50e	flow:b264639bb50e → host:131.196.30.233 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-33bdca28f4470cd7:host:131.196.30.0	SESSION-33bdca28f4470cd7 → host:131.196.30.0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19e0bdfc1305c6ba:host:172.234.197.23	SESSION-19e0bdfc1305c6ba → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.27:geo_-23.62930_-46.63510	host:131.196.31.27 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-893e080e65f2ed4f:SESSION-893e080e65f2ed4f	SESSION-893e080e65f2ed4f → pe:tls:SESSION-893e080e65f2ed4f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e3933798ce80a4c:host:172.234.197.23	SESSION-8e3933798ce80a4c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a0605f48b345a3ed:host:172.234.197.23	SESSION-a0605f48b345a3ed → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8feacc6abd2fe08c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8feacc6abd2fe08c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8cc052a984adc75:host:45.173.156.13	SESSION-d8cc052a984adc75 → host:45.173.156.13
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89c3cc1547edab47:host:172.232.0.16	SESSION-89c3cc1547edab47 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-216df7510915a954:host:172.234.197.23	SESSION-216df7510915a954 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b792e9866f7563b8:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b792e9866f7563b8 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:f8cf2033ffcb:port:tcp:443	flow:f8cf2033ffcb → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9ed5696d63c7b154:SESSION-9ed5696d63c7b154	SESSION-9ed5696d63c7b154 → pe:syn:SESSION-9ed5696d63c7b154
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ae580f5c3468d66:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8ae580f5c3468d66 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-805fb07d7b5cb44b:BSG-BEACON-c722144663f7	SESSION-805fb07d7b5cb44b → BSG-BEACON-c722144663f7
FLOW_FROM_HOSTOBS	e:from:SESSION-94eb707cf5b0b4ef:host:45.173.156.125	SESSION-94eb707cf5b0b4ef → host:45.173.156.125
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-99752db79d6c830d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-99752db79d6c830d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-406d5e8256fbfc45:SESSION-406d5e8256fbfc45	SESSION-406d5e8256fbfc45 → pe:syn:SESSION-406d5e8256fbfc45
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b3c5b9cd096d7e31:SESSION-b3c5b9cd096d7e31	SESSION-b3c5b9cd096d7e31 → pe:tls:SESSION-b3c5b9cd096d7e31
FLOW_FROM_HOSTOBS	e:from:SESSION-75d8d9da58d6d51c:host:177.10.238.64	SESSION-75d8d9da58d6d51c → host:177.10.238.64
flow_observed5-aryOBS	e:fo:flow:ebcf7e2690fc	flow:ebcf7e2690fc → host:177.10.232.191 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-71cb82af8f37b35d:flow:1f7e754d6e2c	SESSION-71cb82af8f37b35d → flow:1f7e754d6e2c
FLOW_DST_PORTOBS	e:fp:flow:d78c19afef86:port:tcp:443	flow:d78c19afef86 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa0381bae4f9498b:host:172.234.197.23	SESSION-aa0381bae4f9498b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a27c97c4e7ac566:host:172.234.197.23	SESSION-9a27c97c4e7ac566 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-72e57a99703d053d:host:177.10.239.37:host:172.234.197.23	SESSION-72e57a99703d053d → host:177.10.239.37 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0532a1c12e883894:host:172.234.197.23	SESSION-0532a1c12e883894 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7141588dcb909c75:host:172.234.197.23	SESSION-7141588dcb909c75 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eaae06fce38c131f:SESSION-eaae06fce38c131f	SESSION-eaae06fce38c131f → pe:tls:SESSION-eaae06fce38c131f
flow_observed5-aryOBS	e:fo:flow:cdd7f96d14d6	flow:cdd7f96d14d6 → host:131.196.28.19 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:e9c7cc68a121:port:tcp:443	flow:e9c7cc68a121 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:7a0d9894dd82:port:tcp:443	flow:7a0d9894dd82 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-516e4259bbcb51e8:PCAP:capture_20260430080001:93f47cc296a4	SESSION-516e4259bbcb51e8 → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.67:asn:262880	host:177.10.234.67 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4741bb1b7e9e5b0:host:177.10.232.91:host:172.234.197.23	SESSION-d4741bb1b7e9e5b0 → host:177.10.232.91 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-412d8e92812f4ea2:host:177.10.239.129	SESSION-412d8e92812f4ea2 → host:177.10.239.129
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c2b6fa392d99e4e2:SESSION-c2b6fa392d99e4e2	SESSION-c2b6fa392d99e4e2 → pe:tls:SESSION-c2b6fa392d99e4e2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38298ff8ded7155d:host:131.196.29.170	SESSION-38298ff8ded7155d → host:131.196.29.170
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-420c45d015462611:host:177.10.238.84:host:172.234.197.23	SESSION-420c45d015462611 → host:177.10.238.84 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ae8076186321ef8:host:131.196.29.8	SESSION-8ae8076186321ef8 → host:131.196.29.8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0684dbb2a7f8dcaf:host:172.234.197.23	SESSION-0684dbb2a7f8dcaf → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1bc39f4f18cf27f2:host:172.234.197.23	SESSION-1bc39f4f18cf27f2 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.244:geo_-23.62930_-46.63510	host:131.196.29.244 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-01b1445b3dd1d2e4:SESSION-01b1445b3dd1d2e4	SESSION-01b1445b3dd1d2e4 → pe:tls:SESSION-01b1445b3dd1d2e4
flow_observed5-aryOBS	e:fo:flow:5cc5476d95a5	flow:5cc5476d95a5 → host:177.10.239.198 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.209:geo_-21.10010_-41.69200	host:45.173.156.209 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-251fcdeeb3ee3f58:flow:37fd51176c67	SESSION-251fcdeeb3ee3f58 → flow:37fd51176c67
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-20c169d44973b1e9:SESSION-20c169d44973b1e9	SESSION-20c169d44973b1e9 → pe:tls:SESSION-20c169d44973b1e9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7661066332b8e82:SESSION-b7661066332b8e82	SESSION-b7661066332b8e82 → pe:syn:SESSION-b7661066332b8e82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3db1c42fb505a2f9:host:172.234.197.23	SESSION-3db1c42fb505a2f9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f4a86c40e28bf330:host:45.173.156.48	SESSION-f4a86c40e28bf330 → host:45.173.156.48
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-338b64f691539afb:PCAP:capture_20260430050001:8868731bf8a4	SESSION-338b64f691539afb → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3560085925cb3717:SESSION-3560085925cb3717	SESSION-3560085925cb3717 → pe:tls:SESSION-3560085925cb3717
flow_observed5-aryOBS	e:fo:flow:12598bc517fa	flow:12598bc517fa → host:131.196.30.223 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34b8eff946ae371a:host:131.196.28.170	SESSION-34b8eff946ae371a → host:131.196.28.170
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9dc3dafcee87c5f7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9dc3dafcee87c5f7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:38ea61ca398c	flow:38ea61ca398c → host:131.196.30.11 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97b2355356a85562:host:172.234.197.23	SESSION-97b2355356a85562 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e05bb1ac9ff3	flow:e05bb1ac9ff3 → host:172.234.197.23 → host:131.196.30.31 → port:tcp:27690
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bd657e34d2536dc9:SESSION-bd657e34d2536dc9	SESSION-bd657e34d2536dc9 → pe:tls:SESSION-bd657e34d2536dc9
flow_observed5-aryOBS	e:fo:flow:af7d2ecd3525	flow:af7d2ecd3525 → host:177.10.233.182 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-745809bcd8ad6979:host:108.217.180.26:host:172.234.197.23	SESSION-745809bcd8ad6979 → host:108.217.180.26 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69d41e5348c00130:host:136.243.57.208	SESSION-69d41e5348c00130 → host:136.243.57.208
flow_observed5-aryOBS	e:fo:flow:8a0e70692d19	flow:8a0e70692d19 → host:131.196.29.209 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f00ab97ef4b401c8:host:172.234.197.23	SESSION-f00ab97ef4b401c8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4d0ab62891a0a5c:host:131.196.28.246:host:172.234.197.23	SESSION-d4d0ab62891a0a5c → host:131.196.28.246 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.190:asn:262880	host:177.10.237.190 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-588e177edbf40597:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-588e177edbf40597 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1f6bbc079dc776bc:host:172.234.197.23:host:177.10.234.173	SESSION-1f6bbc079dc776bc → host:172.234.197.23 → host:177.10.234.173
flow_observed5-aryOBS	e:fo:flow:7121cc7b6361	flow:7121cc7b6361 → host:45.173.156.63 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-567e9582c6914b15:host:131.196.31.111	SESSION-567e9582c6914b15 → host:131.196.31.111
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-a9c12f6159b9a7a1:BSG-BEACON-25317c1c1545	SESSION-a9c12f6159b9a7a1 → BSG-BEACON-25317c1c1545
FLOW_DST_PORTOBS	e:fp:flow:5682fbbbc70d:port:tcp:443	flow:5682fbbbc70d → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:e762cb0e4cde:port:tcp:443	flow:e762cb0e4cde → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-393eb1cd54ab212e:SESSION-393eb1cd54ab212e	SESSION-393eb1cd54ab212e → pe:syn:SESSION-393eb1cd54ab212e
flow_observed5-aryOBS	e:fo:flow:6629ca831440	flow:6629ca831440 → host:177.10.238.205 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8327be02acf872a5:host:177.10.232.184	SESSION-8327be02acf872a5 → host:177.10.232.184
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9128704be6a27a1a:flow:0244848bbc8a	SESSION-9128704be6a27a1a → flow:0244848bbc8a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.250:asn:262880	host:177.10.238.250 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e9dc14d87b5185c:host:172.234.197.23	SESSION-5e9dc14d87b5185c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79f857f82eac6daa:host:172.234.197.23	SESSION-79f857f82eac6daa → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.250:geo_-16.28860_-49.01640	host:177.10.237.250 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-19cb9f6f0c8358bd:host:31.40.196.45:host:172.234.197.23	SESSION-19cb9f6f0c8358bd → host:31.40.196.45 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-460a4898e7c07917:host:45.173.156.150	SESSION-460a4898e7c07917 → host:45.173.156.150
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ffb0d51cd8f7dd7:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-8ffb0d51cd8f7dd7 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-92fb186a1f8eeacc:PCAP:capture_20260430060001:919b39a74464	SESSION-92fb186a1f8eeacc → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-c873de224cbac149:host:172.234.197.23	SESSION-c873de224cbac149 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-37ce4ecafac50117:SESSION-37ce4ecafac50117	SESSION-37ce4ecafac50117 → pe:tls:SESSION-37ce4ecafac50117
flow_observed5-aryOBS	e:fo:flow:4a24348b282d	flow:4a24348b282d → host:45.173.156.230 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-46f163e73b58987c:flow:f35e8598c21e	SESSION-46f163e73b58987c → flow:f35e8598c21e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.196:geo_-23.62930_-46.63510	host:131.196.28.196 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c9c0456097f35e54:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c9c0456097f35e54 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-5792abf3d18d9356:BSG-BEACON-2ae80de08661	SESSION-5792abf3d18d9356 → BSG-BEACON-2ae80de08661
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4367b2e8a53d74f:host:177.10.236.171	SESSION-c4367b2e8a53d74f → host:177.10.236.171
FLOW_TO_HOSTOBS	e:to:SESSION-24ee1f6ef023209d:host:172.234.197.23	SESSION-24ee1f6ef023209d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-19cb9f6f0c8358bd:host:172.234.197.23	SESSION-19cb9f6f0c8358bd → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.77:geo_-16.28860_-49.01640	host:177.10.238.77 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-67a710d2531b2faa:SESSION-67a710d2531b2faa	SESSION-67a710d2531b2faa → pe:tls:SESSION-67a710d2531b2faa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e4489cf6c262aa3:host:172.234.197.23	SESSION-9e4489cf6c262aa3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-921389e161f019e9:flow:8e700218094e	SESSION-921389e161f019e9 → flow:8e700218094e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bdbc4c9f7cbfe0c2:SESSION-bdbc4c9f7cbfe0c2	SESSION-bdbc4c9f7cbfe0c2 → pe:syn:SESSION-bdbc4c9f7cbfe0c2
FLOW_TO_HOSTOBS	e:to:SESSION-378ead2076355bca:host:131.196.28.94	SESSION-378ead2076355bca → host:131.196.28.94
FLOW_FROM_HOSTOBS	e:from:SESSION-9eddb8081d100874:host:172.234.197.23	SESSION-9eddb8081d100874 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2dca77003c0beb45:host:172.234.197.23	SESSION-2dca77003c0beb45 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c282c87f3b4a743:host:172.234.197.23	SESSION-3c282c87f3b4a743 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7b4f4901fb8368e3:host:177.10.238.205	SESSION-7b4f4901fb8368e3 → host:177.10.238.205
FLOW_DST_PORTOBS	e:fp:flow:3779ddfa8909:port:tcp:35478	flow:3779ddfa8909 → port:tcp:35478
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.12:asn:271410	host:131.196.30.12 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-537461a77052bb13:host:92.112.71.219	SESSION-537461a77052bb13 → host:92.112.71.219
flow_observed5-aryOBS	e:fo:flow:b254e83aa241	flow:b254e83aa241 → host:177.10.236.92 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-5de3ca130be8f6d5:host:172.234.197.23	SESSION-5de3ca130be8f6d5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1100b27fc0e7:port:tcp:443	flow:1100b27fc0e7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d75311b4cd1e33ff:SESSION-d75311b4cd1e33ff	SESSION-d75311b4cd1e33ff → pe:tls:SESSION-d75311b4cd1e33ff
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-47acb5bee39822f1:SESSION-47acb5bee39822f1	SESSION-47acb5bee39822f1 → pe:tls:SESSION-47acb5bee39822f1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-da14e430733ddeb2:host:172.234.197.23:host:177.10.238.76	SESSION-da14e430733ddeb2 → host:172.234.197.23 → host:177.10.238.76
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fbe3edafde6a655f:host:172.234.197.23	SESSION-fbe3edafde6a655f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:32c341ad15e4:port:tcp:17165	flow:32c341ad15e4 → port:tcp:17165
FLOW_FROM_HOSTOBS	e:from:SESSION-6315d280130065c8:host:172.234.197.23	SESSION-6315d280130065c8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e76870e292a86821:flow:027d214e6f11	SESSION-e76870e292a86821 → flow:027d214e6f11
flow_observed5-aryOBS	e:fo:flow:7015af75baa6	flow:7015af75baa6 → host:177.10.239.146 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:f04e06be3862:port:tcp:443	flow:f04e06be3862 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a29ca5d80bc122d0:flow:e1c78128949a	SESSION-a29ca5d80bc122d0 → flow:e1c78128949a
flow_observed3-aryOBS	e:fo:flow:1713850b8627	flow:1713850b8627 → host:52.81.77.92 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3fb8ed1fbc81e736:host:177.10.239.132	SESSION-3fb8ed1fbc81e736 → host:177.10.239.132
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb7f3482601c970a:host:177.10.234.40	SESSION-cb7f3482601c970a → host:177.10.234.40
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-68010cf4db790ce8:SESSION-68010cf4db790ce8	SESSION-68010cf4db790ce8 → pe:tls:SESSION-68010cf4db790ce8
FLOW_TO_HOSTOBS	e:to:SESSION-0ea66afd66f329a0:host:131.196.29.144	SESSION-0ea66afd66f329a0 → host:131.196.29.144
FLOW_FROM_HOSTOBS	e:from:SESSION-2161d2ba591330e1:host:177.10.232.61	SESSION-2161d2ba591330e1 → host:177.10.232.61
flow_observed5-aryOBS	e:fo:flow:30edcb23ec52	flow:30edcb23ec52 → host:177.10.237.157 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-fda1fcad7dd8a834:host:177.10.238.92	SESSION-fda1fcad7dd8a834 → host:177.10.238.92
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7c9cadb68fe1ad17:flow:c59b4943b687	SESSION-7c9cadb68fe1ad17 → flow:c59b4943b687
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.170:geo_-23.62930_-46.63510	host:131.196.29.170 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.195:geo_-23.62930_-46.63510	host:131.196.30.195 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-fa49f714001a7a70:host:131.196.30.140	SESSION-fa49f714001a7a70 → host:131.196.30.140
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cecd25b5e4e4c9c:host:172.234.197.23	SESSION-6cecd25b5e4e4c9c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9c65c9496a84:port:tcp:443	flow:9c65c9496a84 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4691236308c01a5:flow:9e19e3c6f37a	SESSION-d4691236308c01a5 → flow:9e19e3c6f37a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e25d600ec07dd53e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e25d600ec07dd53e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c17e2540d05f4c2:host:172.234.197.23	SESSION-3c17e2540d05f4c2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3224b320d23ec0cd:flow:a6ca0cab59ea	SESSION-3224b320d23ec0cd → flow:a6ca0cab59ea
FLOW_TO_HOSTOBS	e:to:SESSION-b84527735a90d253:host:172.234.197.23	SESSION-b84527735a90d253 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8d7cf6e510c352d8:SESSION-8d7cf6e510c352d8	SESSION-8d7cf6e510c352d8 → pe:tls:SESSION-8d7cf6e510c352d8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b51b74891d2de4c5:host:172.234.197.23	SESSION-b51b74891d2de4c5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6457b3248e0b30fe:SESSION-6457b3248e0b30fe	SESSION-6457b3248e0b30fe → pe:syn:SESSION-6457b3248e0b30fe
FLOW_DST_PORTOBS	e:fp:flow:d3918dc4734c:port:tcp:443	flow:d3918dc4734c → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:5d01015a2df9	flow:5d01015a2df9 → host:45.173.156.225 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed3-aryOBS	e:fo:flow:0972b3d8e255	flow:0972b3d8e255 → host:172.234.197.23 → host:2.57.121.112
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0f21a1d46f067dc:SESSION-c0f21a1d46f067dc	SESSION-c0f21a1d46f067dc → pe:tls:SESSION-c0f21a1d46f067dc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d12c89e59455016e:host:172.234.197.23	SESSION-d12c89e59455016e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f1ac2b056425	flow:f1ac2b056425 → host:177.10.234.111 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.54:geo_-16.28860_-49.01640	host:177.10.237.54 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bc1a8a6f7d90953a:host:172.234.197.23:host:172.232.0.16	SESSION-bc1a8a6f7d90953a → host:172.234.197.23 → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-500f03715884566d:SESSION-500f03715884566d	SESSION-500f03715884566d → pe:tls:SESSION-500f03715884566d
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-e88ec164d738844a:BSG-DATA_EXFIL-053dbfd1b114	SESSION-e88ec164d738844a → BSG-DATA_EXFIL-053dbfd1b114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-05a7cad64bbe69e6:SESSION-05a7cad64bbe69e6	SESSION-05a7cad64bbe69e6 → pe:tls:SESSION-05a7cad64bbe69e6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d90a5aaa3545c15:host:172.234.197.23	SESSION-1d90a5aaa3545c15 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5cc5078bf4d23558:host:172.234.197.23	SESSION-5cc5078bf4d23558 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3094c6d527f665e9:SESSION-3094c6d527f665e9	SESSION-3094c6d527f665e9 → pe:tls:SESSION-3094c6d527f665e9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef914cd10270daad:host:177.10.239.199	SESSION-ef914cd10270daad → host:177.10.239.199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eadf7b6ccdd54c7f:host:172.234.197.23	SESSION-eadf7b6ccdd54c7f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ca819812f7c370c2:host:172.234.197.23:host:177.10.238.103	SESSION-ca819812f7c370c2 → host:172.234.197.23 → host:177.10.238.103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0b067dd86042d0a:host:172.234.197.23	SESSION-b0b067dd86042d0a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-338820b1c26f8211:PCAP:capture_20260430060001:919b39a74464	SESSION-338820b1c26f8211 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:cdd071d1b1b0:port:tcp:443	flow:cdd071d1b1b0 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3e4d7008639203d5:PCAP:capture_20260430120001:56630107de80	SESSION-3e4d7008639203d5 → PCAP:capture_20260430120001:56630107de80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-71d059e3750765d4:host:177.10.233.2:host:172.234.197.23	SESSION-71d059e3750765d4 → host:177.10.233.2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0af842276eef56a1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-0af842276eef56a1 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:31aded4cced4:port:tcp:443	flow:31aded4cced4 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b203844c0afbb25:host:172.234.197.23:host:177.10.239.201	SESSION-5b203844c0afbb25 → host:172.234.197.23 → host:177.10.239.201
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-352588f71ded414b:host:177.10.232.159	SESSION-352588f71ded414b → host:177.10.232.159
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b93959f6df3f665b:flow:747e8242c360	SESSION-b93959f6df3f665b → flow:747e8242c360
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8a20fc4ba13bfca4:SESSION-8a20fc4ba13bfca4	SESSION-8a20fc4ba13bfca4 → pe:syn:SESSION-8a20fc4ba13bfca4
FLOW_TO_HOSTOBS	e:to:SESSION-81dd4006fe67ac3f:host:172.234.197.23	SESSION-81dd4006fe67ac3f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e3eed6582d14	flow:e3eed6582d14 → host:177.10.236.240 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_QUERIED_DNSOBS	e:fd:flow:b8a5b7dbb39a:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:b8a5b7dbb39a → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
flow_observed5-aryOBS	e:fo:flow:36ebab8ca775	flow:36ebab8ca775 → host:177.10.239.43 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-775ba1157917a355:host:177.10.237.4:host:172.234.197.23	SESSION-775ba1157917a355 → host:177.10.237.4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6631f08e8c06a9b6:SESSION-6631f08e8c06a9b6	SESSION-6631f08e8c06a9b6 → pe:syn:SESSION-6631f08e8c06a9b6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0ab8c1601f71acf4:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0ab8c1601f71acf4 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-045546313cbf5843:SESSION-045546313cbf5843	SESSION-045546313cbf5843 → pe:tls:SESSION-045546313cbf5843
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39cfa534eb7ca418:host:172.234.197.23	SESSION-39cfa534eb7ca418 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ef74cd6b285b3c9:host:172.234.197.23	SESSION-5ef74cd6b285b3c9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b1ed5736d80d2991:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-b1ed5736d80d2991 → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5c7f3c61dd4869fc:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5c7f3c61dd4869fc → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:8fa60a20bddb:port:tcp:443	flow:8fa60a20bddb → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e812ffe43c670dc:SESSION-7e812ffe43c670dc	SESSION-7e812ffe43c670dc → pe:syn:SESSION-7e812ffe43c670dc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a3bc2c7dd7e8bd1:host:172.234.197.23:host:177.10.238.16	SESSION-8a3bc2c7dd7e8bd1 → host:172.234.197.23 → host:177.10.238.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-edeb3dca8d1da30b:host:45.173.156.159	SESSION-edeb3dca8d1da30b → host:45.173.156.159
FLOW_DST_PORTOBS	e:fp:flow:e4d75120f5af:port:tcp:443	flow:e4d75120f5af → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-84e5e89f26aa2ca2:PCAP:capture_20260430090001:065659c7d314	SESSION-84e5e89f26aa2ca2 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e5eab3f22e87eb3f:SESSION-e5eab3f22e87eb3f	SESSION-e5eab3f22e87eb3f → pe:syn:SESSION-e5eab3f22e87eb3f
flow_observed4-aryOBS	e:fo:flow:627f220d3e6a	flow:627f220d3e6a → host:172.234.197.23 → host:131.196.31.124 → port:tcp:36572
flow_observed5-aryOBS	e:fo:flow:f74e1adaf7ce	flow:f74e1adaf7ce → host:177.10.233.125 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-7b2f232bbd4758bf:host:131.196.29.236	SESSION-7b2f232bbd4758bf → host:131.196.29.236
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6e708c58166944fb:flow:4b456720b757	SESSION-6e708c58166944fb → flow:4b456720b757
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b35e3cddd5fc2e72:SESSION-b35e3cddd5fc2e72	SESSION-b35e3cddd5fc2e72 → pe:syn:SESSION-b35e3cddd5fc2e72
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b51ebf4113a5ef49:host:172.234.197.23	SESSION-b51ebf4113a5ef49 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-320a5544f819c3b7:host:177.10.233.196	SESSION-320a5544f819c3b7 → host:177.10.233.196
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3ea33f21558d3ba7:flow:d47b5af2568e	SESSION-3ea33f21558d3ba7 → flow:d47b5af2568e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-02cfffe2a1cdb1f3:flow:4362813c4376	SESSION-02cfffe2a1cdb1f3 → flow:4362813c4376
FLOW_DST_PORTOBS	e:fp:flow:97fc34a052d0:port:tcp:41842	flow:97fc34a052d0 → port:tcp:41842
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5e80661c10e8e6e7:SESSION-5e80661c10e8e6e7	SESSION-5e80661c10e8e6e7 → pe:tls:SESSION-5e80661c10e8e6e7
flow_observed4-aryOBS	e:fo:flow:c665b1e8f8cf	flow:c665b1e8f8cf → host:172.234.197.23 → host:177.10.234.114 → port:tcp:37311
FLOW_TO_HOSTOBS	e:to:SESSION-b3254874520e1dae:host:172.234.197.23	SESSION-b3254874520e1dae → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-835226e6e5119935:SESSION-835226e6e5119935	SESSION-835226e6e5119935 → pe:tls:SESSION-835226e6e5119935
flow_observed5-aryOBS	e:fo:flow:c211bfdf4443	flow:c211bfdf4443 → host:31.40.196.79 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2a19838102931ca6:SESSION-2a19838102931ca6	SESSION-2a19838102931ca6 → pe:tls:SESSION-2a19838102931ca6
FLOW_TO_HOSTOBS	e:to:SESSION-dd2928203fc01c8b:host:172.234.197.23	SESSION-dd2928203fc01c8b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-54f6eb1f506e4a3a:SESSION-54f6eb1f506e4a3a	SESSION-54f6eb1f506e4a3a → pe:syn:SESSION-54f6eb1f506e4a3a
FLOW_FROM_HOSTOBS	e:from:SESSION-81679789c998e700:host:177.10.235.169	SESSION-81679789c998e700 → host:177.10.235.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31f3a24ceae3d348:host:172.234.197.23	SESSION-31f3a24ceae3d348 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0684dbb2a7f8dcaf:host:172.234.197.23	SESSION-0684dbb2a7f8dcaf → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8c3d14af1a5eb503:host:177.10.239.76	SESSION-8c3d14af1a5eb503 → host:177.10.239.76
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be4f81bef58a140b:host:45.173.156.159	SESSION-be4f81bef58a140b → host:45.173.156.159
FLOW_FROM_HOSTOBS	e:from:SESSION-2bb4f19f005244d2:host:131.196.28.163	SESSION-2bb4f19f005244d2 → host:131.196.28.163
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65029066d9cd1f24:flow:81fbc880ebf1	SESSION-65029066d9cd1f24 → flow:81fbc880ebf1
FLOW_DST_PORTOBS	e:fp:flow:2eef0c640804:port:tcp:31733	flow:2eef0c640804 → port:tcp:31733
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8984df52681cb36:flow:b48e7c10ecc7	SESSION-c8984df52681cb36 → flow:b48e7c10ecc7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-88f0aa854ba7cdd7:flow:dd35d042edae	SESSION-88f0aa854ba7cdd7 → flow:dd35d042edae
FLOW_FROM_HOSTOBS	e:from:SESSION-fbe3edafde6a655f:host:172.234.197.23	SESSION-fbe3edafde6a655f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:63c6719f1581	flow:63c6719f1581 → host:131.196.30.123 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-47e6906e0a27d254:host:172.234.197.23	SESSION-47e6906e0a27d254 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7ac9bb77fb56e773:host:177.10.234.114:host:172.234.197.23	SESSION-7ac9bb77fb56e773 → host:177.10.234.114 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d6bdcd515a2308bd:SESSION-d6bdcd515a2308bd	SESSION-d6bdcd515a2308bd → pe:tls:SESSION-d6bdcd515a2308bd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fab752fe97090e4a:host:172.234.197.23	SESSION-fab752fe97090e4a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a498324f9fce7e9:SESSION-0a498324f9fce7e9	SESSION-0a498324f9fce7e9 → pe:syn:SESSION-0a498324f9fce7e9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77690ed69567f90d:flow:fac57f01f533	SESSION-77690ed69567f90d → flow:fac57f01f533
FLOW_TO_HOSTOBS	e:to:SESSION-7f44cd8b141a7b5c:host:172.234.197.23	SESSION-7f44cd8b141a7b5c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-22f2328c9f1b641e:host:177.10.234.237	SESSION-22f2328c9f1b641e → host:177.10.234.237
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9429230c27071ffa:SESSION-9429230c27071ffa	SESSION-9429230c27071ffa → pe:tls:SESSION-9429230c27071ffa
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9a269382e1e5b425:host:172.234.197.23:host:131.196.29.151	SESSION-9a269382e1e5b425 → host:172.234.197.23 → host:131.196.29.151
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f800f90b92d1e01:host:44.246.129.80	SESSION-4f800f90b92d1e01 → host:44.246.129.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ab8147bbacef01b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-5ab8147bbacef01b → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-be8cffb783bfde31:SESSION-be8cffb783bfde31	SESSION-be8cffb783bfde31 → pe:syn:SESSION-be8cffb783bfde31
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c54b7fde1829c775:SESSION-c54b7fde1829c775	SESSION-c54b7fde1829c775 → pe:syn:SESSION-c54b7fde1829c775
FLOW_FROM_HOSTOBS	e:from:SESSION-bc2ea3f70e7bccaf:host:172.234.197.23	SESSION-bc2ea3f70e7bccaf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-38485db7731deeee:SESSION-38485db7731deeee	SESSION-38485db7731deeee → pe:tls:SESSION-38485db7731deeee
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-24f08652bbd6b16b:SESSION-24f08652bbd6b16b	SESSION-24f08652bbd6b16b → pe:syn:SESSION-24f08652bbd6b16b
flow_observed5-aryOBS	e:fo:flow:8687f09773c4	flow:8687f09773c4 → host:177.10.232.168 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:11ea1a4ce4fe:port:tcp:443	flow:11ea1a4ce4fe → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-f40be42edcf6e8ed:host:172.234.197.23	SESSION-f40be42edcf6e8ed → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a1570467d4c9a43:host:172.234.197.23:host:131.196.31.133	SESSION-4a1570467d4c9a43 → host:172.234.197.23 → host:131.196.31.133
FLOW_DST_PORTOBS	e:fp:flow:c6b6c34f4d03:port:tcp:443	flow:c6b6c34f4d03 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:89c3e525673a:port:udp:53	flow:89c3e525673a → port:udp:53
FLOW_TO_HOSTOBS	e:to:SESSION-51b69a1f49968dce:host:172.234.197.23	SESSION-51b69a1f49968dce → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a176047016eec520:SESSION-a176047016eec520	SESSION-a176047016eec520 → pe:syn:SESSION-a176047016eec520
FLOW_FROM_HOSTOBS	e:from:SESSION-e4cbb1218941faec:host:131.196.31.87	SESSION-e4cbb1218941faec → host:131.196.31.87
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87462f91a35c5198:host:172.234.197.23	SESSION-87462f91a35c5198 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ce641d36bd3c:port:tcp:443	flow:ce641d36bd3c → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.174:asn:273470	host:45.173.156.174 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c2b6fa392d99e4e2:host:177.10.232.198:host:172.234.197.23	SESSION-c2b6fa392d99e4e2 → host:177.10.232.198 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.206:geo_-16.28860_-49.01640	host:177.10.235.206 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72786bca04f1b5c7:host:131.196.30.12	SESSION-72786bca04f1b5c7 → host:131.196.30.12
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.2:asn:271410	host:131.196.29.2 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-c7409e3f74011df2:host:45.173.156.126	SESSION-c7409e3f74011df2 → host:45.173.156.126
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b0821df7b169e6a:host:172.234.197.23	SESSION-4b0821df7b169e6a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fcb174e83803b1f7:flow:ef6a8df5e96a	SESSION-fcb174e83803b1f7 → flow:ef6a8df5e96a
FLOW_FROM_HOSTOBS	e:from:SESSION-463ebb9b343c8b6a:host:131.196.29.153	SESSION-463ebb9b343c8b6a → host:131.196.29.153
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2aa7e55175462248:host:172.234.197.23:host:177.10.234.250	SESSION-2aa7e55175462248 → host:172.234.197.23 → host:177.10.234.250
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e88e03e6557ce42:host:131.196.29.134	SESSION-7e88e03e6557ce42 → host:131.196.29.134
flow_observed5-aryOBS	e:fo:flow:3020ab7bcafc	flow:3020ab7bcafc → host:51.91.243.64 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-49d1ccfce5e59a68:host:177.10.234.208:host:172.234.197.23	SESSION-49d1ccfce5e59a68 → host:177.10.234.208 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-7440e76ff1d72d2f:SESSION-7440e76ff1d72d2f	SESSION-7440e76ff1d72d2f → pe:rst:SESSION-7440e76ff1d72d2f
FLOW_FROM_HOSTOBS	e:from:SESSION-fd8832d374e053cc:host:172.234.197.23	SESSION-fd8832d374e053cc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ec373193747138e2:host:172.234.197.23	SESSION-ec373193747138e2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5bba4e0174a1f95d:host:172.234.197.23	SESSION-5bba4e0174a1f95d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4c1ac661b3c1fca0:host:172.234.197.23	SESSION-4c1ac661b3c1fca0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:20fcf5f8be30:port:tcp:32238	flow:20fcf5f8be30 → port:tcp:32238
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eed281d532ce25c6:SESSION-eed281d532ce25c6	SESSION-eed281d532ce25c6 → pe:syn:SESSION-eed281d532ce25c6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-077f434652010402:host:172.234.197.23	SESSION-077f434652010402 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1040a37ad4b8:port:tcp:443	flow:1040a37ad4b8 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-0ba40ec67b0f6097:host:177.10.234.32	SESSION-0ba40ec67b0f6097 → host:177.10.234.32
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-18c88d2b92c30f28:SESSION-18c88d2b92c30f28	SESSION-18c88d2b92c30f28 → pe:tls:SESSION-18c88d2b92c30f28
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-93c7fae83342c58e:flow:d0a6a80748b6	SESSION-93c7fae83342c58e → flow:d0a6a80748b6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3e54eb0866acbe21:PCAP:capture_20260430110001:43611bdf6759	SESSION-3e54eb0866acbe21 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e3ba2cf190ed0b5c:SESSION-e3ba2cf190ed0b5c	SESSION-e3ba2cf190ed0b5c → pe:syn:SESSION-e3ba2cf190ed0b5c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-adf46c04c6a07144:host:131.196.29.150:host:172.234.197.23	SESSION-adf46c04c6a07144 → host:131.196.29.150 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9c1dd216af28:port:tcp:443	flow:9c1dd216af28 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-3094c6d527f665e9:host:45.173.156.207	SESSION-3094c6d527f665e9 → host:45.173.156.207
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c506d9600407809:host:177.10.234.236	SESSION-7c506d9600407809 → host:177.10.234.236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-0e6800c9c0f40710:SESSION-0e6800c9c0f40710	SESSION-0e6800c9c0f40710 → pe:rst:SESSION-0e6800c9c0f40710
FLOW_FROM_HOSTOBS	e:from:SESSION-5b01750df014e0bb:host:44.247.223.188	SESSION-5b01750df014e0bb → host:44.247.223.188
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-926d10c9776453b9:flow:b72f88a9c0c6	SESSION-926d10c9776453b9 → flow:b72f88a9c0c6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.69:geo_-23.62930_-46.63510	host:131.196.31.69 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fd8832d374e053cc:flow:3cfdba58cb5b	SESSION-fd8832d374e053cc → flow:3cfdba58cb5b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bef08b3c32a1c401:host:172.234.197.23	SESSION-bef08b3c32a1c401 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e93d3fe416fcd95:host:177.10.237.211	SESSION-5e93d3fe416fcd95 → host:177.10.237.211
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0e52442a00447444:host:172.234.197.23:host:131.196.30.59	SESSION-0e52442a00447444 → host:172.234.197.23 → host:131.196.30.59
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-de8058bfaf7cddb8:flow:91b81cda4b2e	SESSION-de8058bfaf7cddb8 → flow:91b81cda4b2e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a98c5df3fe5e6d6:SESSION-4a98c5df3fe5e6d6	SESSION-4a98c5df3fe5e6d6 → pe:tls:SESSION-4a98c5df3fe5e6d6
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-2f35e45e57d830f4:BSG-BEACON-c5c416645e2f	SESSION-2f35e45e57d830f4 → BSG-BEACON-c5c416645e2f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c80786b4900f92c:host:172.234.197.23	SESSION-5c80786b4900f92c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f838b992fed206a8:host:177.10.239.51	SESSION-f838b992fed206a8 → host:177.10.239.51
FLOW_TO_HOSTOBS	e:to:SESSION-f5c9b4c9e225ad1d:host:177.10.239.11	SESSION-f5c9b4c9e225ad1d → host:177.10.239.11
FLOW_DST_PORTOBS	e:fp:flow:45eb3b22e1f2:port:tcp:45748	flow:45eb3b22e1f2 → port:tcp:45748
FLOW_TO_HOSTOBS	e:to:SESSION-f3e5ef5a453dff40:host:172.234.197.23	SESSION-f3e5ef5a453dff40 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20cf12e311e55250:host:177.10.234.91	SESSION-20cf12e311e55250 → host:177.10.234.91
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db187e026dbc97b6:host:172.234.197.23	SESSION-db187e026dbc97b6 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.69:asn:262880	host:177.10.238.69 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-662271688fa2b491:PCAP:capture_20260430150001:ded20914761d	SESSION-662271688fa2b491 → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7037fa1e0334ef5:host:177.10.233.222:host:172.234.197.23	SESSION-b7037fa1e0334ef5 → host:177.10.233.222 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9ce76aef4cf62c0f:flow:0e8f7cea7441	SESSION-9ce76aef4cf62c0f → flow:0e8f7cea7441
FLOW_DST_PORTOBS	e:fp:flow:6fe180bbb2da:port:tcp:33775	flow:6fe180bbb2da → port:tcp:33775
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-49c1d2d9ba1746da:flow:62f70f17b15f	SESSION-49c1d2d9ba1746da → flow:62f70f17b15f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-825be4419cbefff8:host:177.10.239.81:host:172.234.197.23	SESSION-825be4419cbefff8 → host:177.10.239.81 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d6e76a66edfd:port:tcp:443	flow:d6e76a66edfd → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c59a88aa03340e00:flow:f55cb372d8b9	SESSION-c59a88aa03340e00 → flow:f55cb372d8b9
FLOW_TO_HOSTOBS	e:to:SESSION-6ffbb13e97116fd4:host:172.234.197.23	SESSION-6ffbb13e97116fd4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73ad5b34385541ce:host:131.196.30.67	SESSION-73ad5b34385541ce → host:131.196.30.67
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.227:asn:271410	host:131.196.31.227 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.82:geo_-16.28860_-49.01640	host:177.10.233.82 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.15:asn:262880	host:177.10.239.15 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4c0e63fa095433d2:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-4c0e63fa095433d2 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-44bc098e411317a4:host:177.10.235.174	SESSION-44bc098e411317a4 → host:177.10.235.174
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e04d863bd380e3e5:SESSION-e04d863bd380e3e5	SESSION-e04d863bd380e3e5 → pe:tls:SESSION-e04d863bd380e3e5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-623bfc839a4f3b4e:SESSION-623bfc839a4f3b4e	SESSION-623bfc839a4f3b4e → pe:syn:SESSION-623bfc839a4f3b4e
FLOW_DST_PORTOBS	e:fp:flow:ddba3a69e313:port:tcp:80	flow:ddba3a69e313 → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99c8a38ab4cce90e:host:45.173.156.101	SESSION-99c8a38ab4cce90e → host:45.173.156.101
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.213:asn:262880	host:177.10.234.213 → asn:262880
flow_observed4-aryOBS	e:fo:flow:b9d1ec120f8e	flow:b9d1ec120f8e → host:172.234.197.23 → host:131.196.28.122 → port:tcp:24181
FLOW_FROM_HOSTOBS	e:from:SESSION-34efc230578c0ec6:host:192.99.232.216	SESSION-34efc230578c0ec6 → host:192.99.232.216
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6350f63c148b5b0b:host:177.10.239.146	SESSION-6350f63c148b5b0b → host:177.10.239.146
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-367825c4b1c7c6d4:PCAP:capture_20260430070001:903a0e7a436b	SESSION-367825c4b1c7c6d4 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d43ada4a289f704d:host:172.234.197.23	SESSION-d43ada4a289f704d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6dadefe349dd79f6:host:131.196.31.111:host:172.234.197.23	SESSION-6dadefe349dd79f6 → host:131.196.31.111 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bc9c57ce6bc30045:SESSION-bc9c57ce6bc30045	SESSION-bc9c57ce6bc30045 → pe:tls:SESSION-bc9c57ce6bc30045
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.4:geo_-23.62930_-46.63510	host:131.196.29.4 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-20b594788160c43c:host:172.234.197.23	SESSION-20b594788160c43c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dca9298136f0125a:host:177.10.236.46	SESSION-dca9298136f0125a → host:177.10.236.46
FLOW_FROM_HOSTOBS	e:from:SESSION-0ab8c1601f71acf4:host:177.10.234.169	SESSION-0ab8c1601f71acf4 → host:177.10.234.169
flow_observed5-aryOBS	e:fo:flow:0fc72300ca0f	flow:0fc72300ca0f → host:131.196.29.167 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-671350c0b0fa8f65:host:177.10.234.228	SESSION-671350c0b0fa8f65 → host:177.10.234.228
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-59de2965684be0b6:SESSION-59de2965684be0b6	SESSION-59de2965684be0b6 → pe:tls:SESSION-59de2965684be0b6
FLOW_DST_PORTOBS	e:fp:flow:63f5e67398bb:port:tcp:22681	flow:63f5e67398bb → port:tcp:22681
flow_observed5-aryOBS	e:fo:flow:0ece5c076886	flow:0ece5c076886 → host:177.10.239.148 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9cc387e98cb8cb82:flow:63fe30a74448	SESSION-9cc387e98cb8cb82 → flow:63fe30a74448
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-82c9dbe3cfe7e49f:host:177.10.232.24	SESSION-82c9dbe3cfe7e49f → host:177.10.232.24
FLOW_TO_HOSTOBS	e:to:SESSION-2eb904b60673a30b:host:131.196.28.2	SESSION-2eb904b60673a30b → host:131.196.28.2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f5e9ebe80065c9c:host:172.234.197.23	SESSION-8f5e9ebe80065c9c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0ccbf098e115515a:PCAP:capture_20260430080001:93f47cc296a4	SESSION-0ccbf098e115515a → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-c1a633dafddc79f1:host:45.173.156.98	SESSION-c1a633dafddc79f1 → host:45.173.156.98
flow_observed5-aryOBS	e:fo:flow:81dfa4a594a6	flow:81dfa4a594a6 → host:185.231.226.226 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-46d2f77cc38b38db:flow:97fa7f95a5ba	SESSION-46d2f77cc38b38db → flow:97fa7f95a5ba
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-97b2355356a85562:PCAP:capture_20260430110001:43611bdf6759	SESSION-97b2355356a85562 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ddc60a1db971e20b:SESSION-ddc60a1db971e20b	SESSION-ddc60a1db971e20b → pe:tls:SESSION-ddc60a1db971e20b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-33348e69a2613db6:SESSION-33348e69a2613db6	SESSION-33348e69a2613db6 → pe:rst:SESSION-33348e69a2613db6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1362b7f51908925c:host:172.234.197.23	SESSION-1362b7f51908925c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2794803b6e3661a7:host:172.234.197.23	SESSION-2794803b6e3661a7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7b11513eff2bd1e6:host:172.234.197.23	SESSION-7b11513eff2bd1e6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4d1e35f842f44326:host:177.10.232.34	SESSION-4d1e35f842f44326 → host:177.10.232.34
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-04af603e6c9a6691:SESSION-04af603e6c9a6691	SESSION-04af603e6c9a6691 → pe:tls:SESSION-04af603e6c9a6691
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38a9f2b2580a8fb5:host:172.234.197.23	SESSION-38a9f2b2580a8fb5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:682d61a35e49:port:tcp:443	flow:682d61a35e49 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-181666d0ed9d45b8:SESSION-181666d0ed9d45b8	SESSION-181666d0ed9d45b8 → pe:syn:SESSION-181666d0ed9d45b8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a58d8beb20a4c9e1:host:54.201.215.37	SESSION-a58d8beb20a4c9e1 → host:54.201.215.37
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ba98677b43b4662:host:177.10.237.39:host:172.234.197.23	SESSION-8ba98677b43b4662 → host:177.10.237.39 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ad4b86f4c7bfaae:host:131.196.31.148	SESSION-1ad4b86f4c7bfaae → host:131.196.31.148
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.164:geo_-16.28860_-49.01640	host:177.10.232.164 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-96f4af5cf9f3425a:host:172.234.197.23	SESSION-96f4af5cf9f3425a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.168:geo_41.00190_28.96450	host:92.112.71.168 → geo_41.00190_28.96450
FLOW_FROM_HOSTOBS	e:from:SESSION-c5ac08008a4ed5c1:host:177.10.236.46	SESSION-c5ac08008a4ed5c1 → host:177.10.236.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b048ecd988d76f67:SESSION-b048ecd988d76f67	SESSION-b048ecd988d76f67 → pe:syn:SESSION-b048ecd988d76f67
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a11bbc1f12398e3:host:177.10.235.241	SESSION-0a11bbc1f12398e3 → host:177.10.235.241
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6113f2cc2cfc5017:SESSION-6113f2cc2cfc5017	SESSION-6113f2cc2cfc5017 → pe:tls:SESSION-6113f2cc2cfc5017
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f1009c3ce0fc23df:host:177.10.239.126:host:172.234.197.23	SESSION-f1009c3ce0fc23df → host:177.10.239.126 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:acd01af9e4bf:port:tcp:443	flow:acd01af9e4bf → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ce9448c6704b565d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ce9448c6704b565d → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e47ff6197158625f:host:45.173.156.13	SESSION-e47ff6197158625f → host:45.173.156.13
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.215:asn:262880	host:177.10.232.215 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-99e2981b3b5fa520:host:177.10.239.252	SESSION-99e2981b3b5fa520 → host:177.10.239.252
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ad60f3efcde14b7:host:177.10.236.10	SESSION-7ad60f3efcde14b7 → host:177.10.236.10
flow_observed5-aryOBS	e:fo:flow:5c1235898cd7	flow:5c1235898cd7 → host:177.10.239.191 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-35fc4de775269620:flow:63844be162c6	SESSION-35fc4de775269620 → flow:63844be162c6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e812ffe43c670dc:host:131.196.29.191	SESSION-7e812ffe43c670dc → host:131.196.29.191
FLOW_TO_HOSTOBS	e:to:SESSION-73eae13080f416f8:host:172.234.197.23	SESSION-73eae13080f416f8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e076f857aa349ed0:PCAP:capture_20260430060001:919b39a74464	SESSION-e076f857aa349ed0 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-6350f63c148b5b0b:host:177.10.239.146	SESSION-6350f63c148b5b0b → host:177.10.239.146
FLOW_TO_HOSTOBS	e:to:SESSION-77661c4fb07edf10:host:172.234.197.23	SESSION-77661c4fb07edf10 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0482212efb1d2581:host:177.10.234.212	SESSION-0482212efb1d2581 → host:177.10.234.212
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5a2ddb999c90e17:host:172.234.197.23	SESSION-e5a2ddb999c90e17 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a0f17022a425	flow:a0f17022a425 → host:177.10.235.201 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bc49d07a666c670:host:131.196.31.54	SESSION-4bc49d07a666c670 → host:131.196.31.54
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e38f46dc000b6625:host:177.10.236.235	SESSION-e38f46dc000b6625 → host:177.10.236.235
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68031782b8336c69:host:172.234.197.23	SESSION-68031782b8336c69 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c1aa9055f8e3197b:SESSION-c1aa9055f8e3197b	SESSION-c1aa9055f8e3197b → pe:syn:SESSION-c1aa9055f8e3197b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.200:geo_-16.28860_-49.01640	host:177.10.239.200 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59d92efe40de2f35:host:177.10.236.124	SESSION-59d92efe40de2f35 → host:177.10.236.124
HOST_IN_ASNOBS 85%	e:ha:host:157.180.84.94:asn:24940	host:157.180.84.94 → asn:24940
FLOW_DST_PORTOBS	e:fp:flow:e44cc1cbe9f3:port:tcp:24635	flow:e44cc1cbe9f3 → port:tcp:24635
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3b8a5f0932f0fd6d:host:172.234.197.23	SESSION-3b8a5f0932f0fd6d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb3e7e97aa8c76e6:host:131.196.29.116:host:172.234.197.23	SESSION-cb3e7e97aa8c76e6 → host:131.196.29.116 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0b2a3a5ae807:port:tcp:28871	flow:0b2a3a5ae807 → port:tcp:28871
flow_observed5-aryOBS	e:fo:flow:9f9f6272f7b6	flow:9f9f6272f7b6 → host:177.10.238.156 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-36f4c424d3b5f86e:host:177.10.235.36:host:172.234.197.23	SESSION-36f4c424d3b5f86e → host:177.10.235.36 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0586166ee52acb1f:host:52.81.225.63:host:172.234.197.23	SESSION-0586166ee52acb1f → host:52.81.225.63 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-026fe63fd4f2486a:host:172.234.197.23	SESSION-026fe63fd4f2486a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cf85a83f91ce2875:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cf85a83f91ce2875 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-caf4287e8000c114:SESSION-caf4287e8000c114	SESSION-caf4287e8000c114 → pe:syn:SESSION-caf4287e8000c114
FLOW_FROM_HOSTOBS	e:from:SESSION-ad4604a15181cb67:host:131.196.31.161	SESSION-ad4604a15181cb67 → host:131.196.31.161
FLOW_DST_PORTOBS	e:fp:flow:1d5670e1573a:port:tcp:50499	flow:1d5670e1573a → port:tcp:50499
flow_observed4-aryOBS	e:fo:flow:f86bd24cbebe	flow:f86bd24cbebe → host:172.234.197.23 → host:177.10.239.145 → port:tcp:15364
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e9e9835a2b91f231:SESSION-e9e9835a2b91f231	SESSION-e9e9835a2b91f231 → pe:tls:SESSION-e9e9835a2b91f231
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8900744845bb6f3:host:177.10.232.81	SESSION-d8900744845bb6f3 → host:177.10.232.81
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e08e3213e2e0e28:host:172.234.197.23	SESSION-5e08e3213e2e0e28 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6388ff3a9a78:port:tcp:443	flow:6388ff3a9a78 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-be5c05381a363417:SESSION-be5c05381a363417	SESSION-be5c05381a363417 → pe:tls:SESSION-be5c05381a363417
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fce80bc522afcc8b:host:172.234.197.23	SESSION-fce80bc522afcc8b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2f7ca9f61df30fd:host:172.234.197.23	SESSION-f2f7ca9f61df30fd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ea20601fa7d993b:host:172.234.197.23	SESSION-1ea20601fa7d993b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c265ba6f34eebd39:host:177.10.233.86	SESSION-c265ba6f34eebd39 → host:177.10.233.86
FLOW_TO_HOSTOBS	e:to:SESSION-561fca01c9d6b351:host:172.234.197.23	SESSION-561fca01c9d6b351 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-576e43142f03a150:host:172.234.197.23	SESSION-576e43142f03a150 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cac46254a85b1ec3:flow:35582a52931d	SESSION-cac46254a85b1ec3 → flow:35582a52931d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-871dd8a53b87e11e:flow:47ab6659b5a4	SESSION-871dd8a53b87e11e → flow:47ab6659b5a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2df5a0c07309bf07:SESSION-2df5a0c07309bf07	SESSION-2df5a0c07309bf07 → pe:tls:SESSION-2df5a0c07309bf07
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b69e4016453478aa:host:199.16.157.182:host:172.234.197.23	SESSION-b69e4016453478aa → host:199.16.157.182 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.184:asn:262880	host:177.10.232.184 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:2886944b445e:port:tcp:43284	flow:2886944b445e → port:tcp:43284
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-71d059e3750765d4:PCAP:capture_20260430070001:903a0e7a436b	SESSION-71d059e3750765d4 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7928f63a898f7aac:flow:e41bbf161497	SESSION-7928f63a898f7aac → flow:e41bbf161497
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.128:geo_-21.10010_-41.69200	host:45.173.156.128 → geo_-21.10010_-41.69200
flow_observed5-aryOBS	e:fo:flow:436e93c989c9	flow:436e93c989c9 → host:131.196.29.211 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ae3419cd71fb8b85:host:172.234.197.23:host:45.173.156.232	SESSION-ae3419cd71fb8b85 → host:172.234.197.23 → host:45.173.156.232
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da64f1d11a78111b:host:131.196.28.230	SESSION-da64f1d11a78111b → host:131.196.28.230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7d436d9a2a0e2483:SESSION-7d436d9a2a0e2483	SESSION-7d436d9a2a0e2483 → pe:tls:SESSION-7d436d9a2a0e2483
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b8ee775e10cbe172:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b8ee775e10cbe172 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-f9e70132665ab339:host:177.10.239.137	SESSION-f9e70132665ab339 → host:177.10.239.137
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27ea3c16306f2f5f:host:177.10.232.234	SESSION-27ea3c16306f2f5f → host:177.10.232.234
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-01fb4d6a9472c8c7:SESSION-01fb4d6a9472c8c7	SESSION-01fb4d6a9472c8c7 → pe:rst:SESSION-01fb4d6a9472c8c7
flow_observed4-aryOBS	e:fo:flow:8c37d8569a8d	flow:8c37d8569a8d → host:172.234.197.23 → host:177.10.233.184 → port:tcp:28936
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a3b20edc3bf85f8:host:177.10.233.130	SESSION-3a3b20edc3bf85f8 → host:177.10.233.130
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24ac712a23adf430:host:177.10.232.83	SESSION-24ac712a23adf430 → host:177.10.232.83
FLOW_DST_PORTOBS	e:fp:flow:ae7ce6b2e467:port:tcp:443	flow:ae7ce6b2e467 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cbc08c1422c92ccf:host:177.10.236.94:host:172.234.197.23	SESSION-cbc08c1422c92ccf → host:177.10.236.94 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-10bd62a158add0c4:SESSION-10bd62a158add0c4	SESSION-10bd62a158add0c4 → pe:syn:SESSION-10bd62a158add0c4
FLOW_DST_PORTOBS	e:fp:flow:e9f3e4f3cf7e:port:tcp:443	flow:e9f3e4f3cf7e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2625555cac004c06:host:172.234.197.23	SESSION-2625555cac004c06 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.204:geo_-16.28860_-49.01640	host:177.10.237.204 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-625fc1856b5bb87f:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-625fc1856b5bb87f → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:622120e32052	flow:622120e32052 → host:131.196.30.20 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6c92d9b97cea9da:host:172.234.197.23	SESSION-d6c92d9b97cea9da → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dcbceebcfa7feba5:host:172.234.197.23	SESSION-dcbceebcfa7feba5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-715e4cea63e7cde7:host:177.10.232.27	SESSION-715e4cea63e7cde7 → host:177.10.232.27
flow_observed5-aryOBS	e:fo:flow:ef2f10ea72bc	flow:ef2f10ea72bc → host:37.221.79.87 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-40c5d05833b5d363:SESSION-40c5d05833b5d363	SESSION-40c5d05833b5d363 → pe:tls:SESSION-40c5d05833b5d363
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1db6dc9c45987f6e:host:177.10.234.166	SESSION-1db6dc9c45987f6e → host:177.10.234.166
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.167:asn:271410	host:131.196.29.167 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.221:asn:271410	host:131.196.31.221 → asn:271410
FLOW_QUERIED_DNSOBS	e:fd:flow:15d2a905685b:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:15d2a905685b → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a846b5687af75eeb:flow:aafd37b28fd5	SESSION-a846b5687af75eeb → flow:aafd37b28fd5
FLOW_TO_HOSTOBS	e:to:SESSION-18e7a18371a0d1bf:host:131.196.29.196	SESSION-18e7a18371a0d1bf → host:131.196.29.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10bd62a158add0c4:host:172.234.197.23	SESSION-10bd62a158add0c4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-091ae841df8cdc2c:host:185.231.226.113	SESSION-091ae841df8cdc2c → host:185.231.226.113
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-38485db7731deeee:PCAP:capture_20260430080001:93f47cc296a4	SESSION-38485db7731deeee → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-d1227c455b771a86:host:172.234.197.23	SESSION-d1227c455b771a86 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e225557ebe736948:host:172.234.197.23	SESSION-e225557ebe736948 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d7f8914f0744c0dd:host:172.234.197.23:host:177.10.233.222	SESSION-d7f8914f0744c0dd → host:172.234.197.23 → host:177.10.233.222
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e1aa0d90742fe552:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e1aa0d90742fe552 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-1620c835b56464d4:host:172.234.197.23	SESSION-1620c835b56464d4 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.244:geo_-16.28860_-49.01640	host:177.10.237.244 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:996fce1dce71:port:tcp:443	flow:996fce1dce71 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-699c907c7ac66403:SESSION-699c907c7ac66403	SESSION-699c907c7ac66403 → pe:syn:SESSION-699c907c7ac66403
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9af401128ecea586:host:177.10.239.93	SESSION-9af401128ecea586 → host:177.10.239.93
flow_observed5-aryOBS	e:fo:flow:7dea48a828dd	flow:7dea48a828dd → host:177.10.239.159 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-da6e864635febf48:host:131.196.30.9	SESSION-da6e864635febf48 → host:131.196.30.9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9eb3af12cfff0086:host:172.234.197.23	SESSION-9eb3af12cfff0086 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93e1e76eb6bfe5a3:host:131.196.28.12	SESSION-93e1e76eb6bfe5a3 → host:131.196.28.12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-779f746558d2d979:SESSION-779f746558d2d979	SESSION-779f746558d2d979 → pe:syn:SESSION-779f746558d2d979
FLOW_TO_HOSTOBS	e:to:SESSION-5940a5357983452d:host:177.10.234.114	SESSION-5940a5357983452d → host:177.10.234.114
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb20bb92bfdba895:host:131.196.30.168	SESSION-bb20bb92bfdba895 → host:131.196.30.168
FLOW_DST_PORTOBS	e:fp:flow:12f29ad30879:port:tcp:40358	flow:12f29ad30879 → port:tcp:40358
FLOW_DST_PORTOBS	e:fp:flow:ccb027c8d2a2:port:tcp:443	flow:ccb027c8d2a2 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-317129b18cf7eb6c:flow:6115367b739c	SESSION-317129b18cf7eb6c → flow:6115367b739c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-edfeffbce5127655:SESSION-edfeffbce5127655	SESSION-edfeffbce5127655 → pe:rst:SESSION-edfeffbce5127655
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.16:geo_-16.28860_-49.01640	host:177.10.237.16 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6455927ff3f8f851:PCAP:capture_20260430110001:43611bdf6759	SESSION-6455927ff3f8f851 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:c6db70cfb235	flow:c6db70cfb235 → host:177.10.238.24 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a82c7f51b8bc2f4f:host:131.196.31.140:host:172.234.197.23	SESSION-a82c7f51b8bc2f4f → host:131.196.31.140 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6299cf50d0e2e558:host:177.10.238.126	SESSION-6299cf50d0e2e558 → host:177.10.238.126
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-051bd0ccc4bec756:SESSION-051bd0ccc4bec756	SESSION-051bd0ccc4bec756 → pe:tls:SESSION-051bd0ccc4bec756
FLOW_TO_HOSTOBS	e:to:SESSION-5b5af66d109a4873:host:131.196.30.7	SESSION-5b5af66d109a4873 → host:131.196.30.7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf679119291e5246:SESSION-bf679119291e5246	SESSION-bf679119291e5246 → pe:syn:SESSION-bf679119291e5246
flow_observed4-aryOBS	e:fo:flow:e87d8b46b4b2	flow:e87d8b46b4b2 → host:172.234.197.23 → host:177.10.233.53 → port:tcp:39484
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c6f10f20f24d7ff:host:172.234.197.23	SESSION-3c6f10f20f24d7ff → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7141588dcb909c75:host:131.196.29.117	SESSION-7141588dcb909c75 → host:131.196.29.117
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3fd74aeb66a6a85e:host:177.10.234.52:host:172.234.197.23	SESSION-3fd74aeb66a6a85e → host:177.10.234.52 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:362bd8a9c9ac:port:tcp:443	flow:362bd8a9c9ac → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d6eb1289c3370840:SESSION-d6eb1289c3370840	SESSION-d6eb1289c3370840 → pe:tls:SESSION-d6eb1289c3370840
flow_observed4-aryOBS	e:fo:flow:b19a2dcabdff	flow:b19a2dcabdff → host:172.234.197.23 → host:177.10.233.95 → port:tcp:36107
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08ccad07eda14042:host:172.234.197.23	SESSION-08ccad07eda14042 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-133d7db2ccbe04c8:SESSION-133d7db2ccbe04c8	SESSION-133d7db2ccbe04c8 → pe:syn:SESSION-133d7db2ccbe04c8
FLOW_FROM_HOSTOBS	e:from:SESSION-e872279913929717:host:177.10.232.35	SESSION-e872279913929717 → host:177.10.232.35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-10f6f623bcce091e:SESSION-10f6f623bcce091e	SESSION-10f6f623bcce091e → pe:syn:SESSION-10f6f623bcce091e
FLOW_TO_HOSTOBS	e:to:SESSION-347bad418eab3a6f:host:172.234.197.23	SESSION-347bad418eab3a6f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-46d2f77cc38b38db:host:172.234.197.23	SESSION-46d2f77cc38b38db → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-01716d55cf2099e5:host:172.234.197.23	SESSION-01716d55cf2099e5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-71917de89d264496:host:172.234.197.23	SESSION-71917de89d264496 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.97:geo_41.00190_28.96450	host:95.170.25.97 → geo_41.00190_28.96450
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93be623985b95b7d:host:172.234.197.23	SESSION-93be623985b95b7d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-186abbea6a1cb4f5:PCAP:capture_20260428010001:b1b402c7b202	SESSION-186abbea6a1cb4f5 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_DST_PORTOBS	e:fp:flow:607e5005bcdf:port:tcp:443	flow:607e5005bcdf → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-675cba805cfc6bb8:host:172.234.197.23	SESSION-675cba805cfc6bb8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a5769e3e2edd:port:tcp:443	flow:a5769e3e2edd → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-6b4419d123b2f0e3:host:177.10.232.253	SESSION-6b4419d123b2f0e3 → host:177.10.232.253
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d587dd5c581936e:host:131.196.28.16	SESSION-8d587dd5c581936e → host:131.196.28.16
flow_observed5-aryOBS	e:fo:flow:73d42f446e42	flow:73d42f446e42 → host:177.10.232.234 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:d297a1162663:port:tcp:443	flow:d297a1162663 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-fc2888c0eb9bd2ad:host:131.196.29.248	SESSION-fc2888c0eb9bd2ad → host:131.196.29.248
FLOW_FROM_HOSTOBS	e:from:SESSION-b9f43ed2bc91ec43:host:177.10.235.169	SESSION-b9f43ed2bc91ec43 → host:177.10.235.169
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-16a55bcfd76736b7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-16a55bcfd76736b7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b8693b808e1d6b7d:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b8693b808e1d6b7d → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-938eb42ac2c00523:host:57.128.95.181:host:172.234.197.23	SESSION-938eb42ac2c00523 → host:57.128.95.181 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6328c86c978f61df:host:172.234.197.23	SESSION-6328c86c978f61df → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:38b1bbea26e7	flow:38b1bbea26e7 → host:177.10.234.249 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-07124c917c797d63:SESSION-07124c917c797d63	SESSION-07124c917c797d63 → pe:syn:SESSION-07124c917c797d63
FLOW_FROM_HOSTOBS	e:from:SESSION-d5b80b4b47f274ca:host:177.10.233.77	SESSION-d5b80b4b47f274ca → host:177.10.233.77
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-91c3828e0c41fbe7:flow:53b3f0a9de81	SESSION-91c3828e0c41fbe7 → flow:53b3f0a9de81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b9d0d1a45a4e9ec7:SESSION-b9d0d1a45a4e9ec7	SESSION-b9d0d1a45a4e9ec7 → pe:tls:SESSION-b9d0d1a45a4e9ec7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75ac13f212ea06a5:host:172.234.197.23	SESSION-75ac13f212ea06a5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0ea66afd66f329a0:host:172.234.197.23:host:131.196.29.144	SESSION-0ea66afd66f329a0 → host:172.234.197.23 → host:131.196.29.144
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-95b6b17f9a1b89d0:PCAP:capture_20260430070001:903a0e7a436b	SESSION-95b6b17f9a1b89d0 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:762ee0d4e964:port:tcp:443	flow:762ee0d4e964 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-8a9b85b89d918f42:host:131.196.30.75	SESSION-8a9b85b89d918f42 → host:131.196.30.75
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fdfd79cbce8be94:host:172.234.197.23	SESSION-5fdfd79cbce8be94 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f34bafe5f2be5770:SESSION-f34bafe5f2be5770	SESSION-f34bafe5f2be5770 → pe:syn:SESSION-f34bafe5f2be5770
flow_observed5-aryOBS	e:fo:flow:c8a68707d235	flow:c8a68707d235 → host:177.10.234.210 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.49:geo_-16.28860_-49.01640	host:177.10.235.49 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:bc6649272822:port:tcp:443	flow:bc6649272822 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:28a2bdc6445d	flow:28a2bdc6445d → host:172.234.197.23 → host:177.10.237.55 → port:tcp:11169
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.215:geo_-16.28860_-49.01640	host:177.10.236.215 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eb17861f5be52c2c:SESSION-eb17861f5be52c2c	SESSION-eb17861f5be52c2c → pe:tls:SESSION-eb17861f5be52c2c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1c5a72a6fbc2381d:SESSION-1c5a72a6fbc2381d	SESSION-1c5a72a6fbc2381d → pe:tls:SESSION-1c5a72a6fbc2381d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6f99e1376da42693:SESSION-6f99e1376da42693	SESSION-6f99e1376da42693 → pe:tls:SESSION-6f99e1376da42693
flow_observed5-aryOBS	e:fo:flow:94acff5eb08f	flow:94acff5eb08f → host:185.231.226.50 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29162d9ed8336732:host:172.234.197.23	SESSION-29162d9ed8336732 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ffb0d51cd8f7dd7:host:177.10.236.17:host:172.234.197.23	SESSION-8ffb0d51cd8f7dd7 → host:177.10.236.17 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c716fd204e4ddd99:host:172.232.0.17	SESSION-c716fd204e4ddd99 → host:172.232.0.17
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.122:geo_-16.28860_-49.01640	host:177.10.236.122 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:df3236181306	flow:df3236181306 → host:177.10.237.169 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.32:geo_-16.28860_-49.01640	host:177.10.234.32 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e49f7df60935172:SESSION-4e49f7df60935172	SESSION-4e49f7df60935172 → pe:tls:SESSION-4e49f7df60935172
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e8b24d973ac1177:host:172.234.197.23	SESSION-6e8b24d973ac1177 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-734d97fdd69356a6:SESSION-734d97fdd69356a6	SESSION-734d97fdd69356a6 → pe:tls:SESSION-734d97fdd69356a6
FLOW_DST_PORTOBS	e:fp:flow:9966d446f9da:port:tcp:443	flow:9966d446f9da → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-077636b939c69f3b:host:172.234.197.23	SESSION-077636b939c69f3b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e8b71ac0dda5d9d9:host:177.10.234.126:host:172.234.197.23	SESSION-e8b71ac0dda5d9d9 → host:177.10.234.126 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9ef36b158fc63267:SESSION-9ef36b158fc63267	SESSION-9ef36b158fc63267 → pe:tls:SESSION-9ef36b158fc63267
flow_observed4-aryOBS	e:fo:flow:00e9278de537	flow:00e9278de537 → host:172.234.197.23 → host:177.10.236.63 → port:tcp:46415
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6430336fded9a803:host:172.234.197.23	SESSION-6430336fded9a803 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:53410f312c06:port:tcp:14408	flow:53410f312c06 → port:tcp:14408
FLOW_DST_PORTOBS	e:fp:flow:f4ddb90e507a:port:tcp:443	flow:f4ddb90e507a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f10bcf378efcbb9:host:172.234.197.23	SESSION-9f10bcf378efcbb9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d43b9fecb8f031e:host:172.234.197.23	SESSION-9d43b9fecb8f031e → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.147:asn:262880	host:177.10.235.147 → asn:262880
flow_observed5-aryOBS	e:fo:flow:2d6a9bd007ca	flow:2d6a9bd007ca → host:131.196.28.195 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7845496c0c03c20:PCAP:capture_20260430150001:ded20914761d	SESSION-b7845496c0c03c20 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:544b80c3b32c:port:tcp:443	flow:544b80c3b32c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7db2d3f3f113e007:SESSION-7db2d3f3f113e007	SESSION-7db2d3f3f113e007 → pe:tls:SESSION-7db2d3f3f113e007
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8277822e9833952:host:131.196.31.94:host:172.234.197.23	SESSION-c8277822e9833952 → host:131.196.31.94 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-365dad18baa46a43:host:172.234.197.23	SESSION-365dad18baa46a43 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-287f6ffdc6040b27:PCAP:capture_20260430080001:93f47cc296a4	SESSION-287f6ffdc6040b27 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d0153bfe1e0550f7:SESSION-d0153bfe1e0550f7	SESSION-d0153bfe1e0550f7 → pe:syn:SESSION-d0153bfe1e0550f7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fce590506c76a4f8:flow:fada604550b4	SESSION-fce590506c76a4f8 → flow:fada604550b4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-174ad36923ec98ba:SESSION-174ad36923ec98ba	SESSION-174ad36923ec98ba → pe:syn:SESSION-174ad36923ec98ba
FLOW_FROM_HOSTOBS	e:from:SESSION-dc3f24e93e3e0fb3:host:177.10.236.174	SESSION-dc3f24e93e3e0fb3 → host:177.10.236.174
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51daf4959db84d02:host:172.234.197.23:host:172.232.0.16	SESSION-51daf4959db84d02 → host:172.234.197.23 → host:172.232.0.16
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b2aed99cc8c09f5c:host:177.10.234.145:host:172.234.197.23	SESSION-b2aed99cc8c09f5c → host:177.10.234.145 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6da60a47e57e7ba3:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6da60a47e57e7ba3 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-57e20c08f6c0c2c9:host:131.196.30.61:host:172.234.197.23	SESSION-57e20c08f6c0c2c9 → host:131.196.30.61 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d96211015a0fddb9:host:172.234.197.23	SESSION-d96211015a0fddb9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7f79dab0f087	flow:7f79dab0f087 → host:37.221.79.41 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d4992d20c4573840:SESSION-d4992d20c4573840	SESSION-d4992d20c4573840 → pe:syn:SESSION-d4992d20c4573840
FLOW_DST_PORTOBS	e:fp:flow:248bb9448096:port:tcp:443	flow:248bb9448096 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-a8694ae6f41e5eb8:host:131.196.29.106	SESSION-a8694ae6f41e5eb8 → host:131.196.29.106
flow_observed4-aryOBS	e:fo:flow:f61fd76e10dc	flow:f61fd76e10dc → host:172.234.197.23 → host:177.10.234.9 → port:tcp:21796
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ce17c1c4b6f006e0:flow:38b1bbea26e7	SESSION-ce17c1c4b6f006e0 → flow:38b1bbea26e7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-749084d26a1fdfcc:host:172.234.197.23	SESSION-749084d26a1fdfcc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0b8fd41df39b968c:SESSION-0b8fd41df39b968c	SESSION-0b8fd41df39b968c → pe:tls:SESSION-0b8fd41df39b968c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c88d3e9918500cb2:host:177.10.235.215:host:172.234.197.23	SESSION-c88d3e9918500cb2 → host:177.10.235.215 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-78ad99b8772b1e3f:host:104.28.157.111	SESSION-78ad99b8772b1e3f → host:104.28.157.111
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2f7ca9f61df30fd:host:177.10.232.216	SESSION-f2f7ca9f61df30fd → host:177.10.232.216
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-88449fe846038c62:SESSION-88449fe846038c62	SESSION-88449fe846038c62 → pe:syn:SESSION-88449fe846038c62
FLOW_DST_PORTOBS	e:fp:flow:8532ceaded41:port:tcp:443	flow:8532ceaded41 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-97344bc6f8ca22f4:SESSION-97344bc6f8ca22f4	SESSION-97344bc6f8ca22f4 → pe:syn:SESSION-97344bc6f8ca22f4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c77e81e6376168a3:flow:1713850b8627	SESSION-c77e81e6376168a3 → flow:1713850b8627
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-87b50db5a64a4926:host:131.196.29.167:host:172.234.197.23	SESSION-87b50db5a64a4926 → host:131.196.29.167 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.224:geo_-23.62930_-46.63510	host:131.196.29.224 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-14a32c9f71c15657:host:172.234.197.23	SESSION-14a32c9f71c15657 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d3502ef6da0c:port:tcp:443	flow:d3502ef6da0c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74d0e7e40a4e478e:host:177.10.236.184	SESSION-74d0e7e40a4e478e → host:177.10.236.184
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ec86a4c74825774a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-ec86a4c74825774a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:9540f6a4186b:port:tcp:64987	flow:9540f6a4186b → port:tcp:64987
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c1640005abec031d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c1640005abec031d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-76ac71b30f764df7:SESSION-76ac71b30f764df7	SESSION-76ac71b30f764df7 → pe:tls:SESSION-76ac71b30f764df7
FLOW_TO_HOSTOBS	e:to:SESSION-4013c9000873101b:host:172.234.197.23	SESSION-4013c9000873101b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1980da9de3362b69:host:177.10.239.74	SESSION-1980da9de3362b69 → host:177.10.239.74
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.218:asn:262880	host:177.10.234.218 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc55eac4fb6ef554:host:184.171.210.134	SESSION-cc55eac4fb6ef554 → host:184.171.210.134
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc4f127cbdf1d5a3:host:172.234.197.23	SESSION-bc4f127cbdf1d5a3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9a9df261a7287913:flow:6ad316de0461	SESSION-9a9df261a7287913 → flow:6ad316de0461
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.191:geo_-23.62930_-46.63510	host:131.196.30.191 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-217f16055e8d00da:host:45.173.156.213	SESSION-217f16055e8d00da → host:45.173.156.213
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e66594520e7edee5:SESSION-e66594520e7edee5	SESSION-e66594520e7edee5 → pe:syn:SESSION-e66594520e7edee5
FLOW_FROM_HOSTOBS	e:from:SESSION-4449fca2fd34af5e:host:131.196.28.62	SESSION-4449fca2fd34af5e → host:131.196.28.62
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ac55ff303c5de83:host:131.196.30.49	SESSION-1ac55ff303c5de83 → host:131.196.30.49
flow_observed4-aryOBS	e:fo:flow:6b1020087167	flow:6b1020087167 → host:172.234.197.23 → host:177.10.234.143 → port:tcp:39583
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-06294e5a27c1af9a:SESSION-06294e5a27c1af9a	SESSION-06294e5a27c1af9a → pe:tls:SESSION-06294e5a27c1af9a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.138:geo_-16.28860_-49.01640	host:177.10.232.138 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.255:asn:262880	host:177.10.233.255 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8c54e8a5253d053d:SESSION-8c54e8a5253d053d	SESSION-8c54e8a5253d053d → pe:tls:SESSION-8c54e8a5253d053d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-00f403aeec8e6c17:SESSION-00f403aeec8e6c17	SESSION-00f403aeec8e6c17 → pe:tls:SESSION-00f403aeec8e6c17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6010f1ab3b1ee9c7:PCAP:capture_20260428010001:b1b402c7b202	SESSION-6010f1ab3b1ee9c7 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_TO_HOSTOBS	e:to:SESSION-47f0fc6e11d78716:host:172.234.197.23	SESSION-47f0fc6e11d78716 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e13a35a59d4e8cb3:PCAP:capture_20260430090001:065659c7d314	SESSION-e13a35a59d4e8cb3 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-105ac3e4c69fbe80:host:177.10.237.233:host:172.234.197.23	SESSION-105ac3e4c69fbe80 → host:177.10.237.233 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4af9ea8e19c0cf86:host:131.196.29.61	SESSION-4af9ea8e19c0cf86 → host:131.196.29.61
HOST_IN_ASNOBS 85%	e:ha:host:43.196.88.244:asn:55960	host:43.196.88.244 → asn:55960
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0510bb60587070dd:flow:6c5259300412	SESSION-0510bb60587070dd → flow:6c5259300412
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb9766ebe449a845:host:172.234.197.23	SESSION-bb9766ebe449a845 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a7f859cb03c026fc:host:177.10.236.43	SESSION-a7f859cb03c026fc → host:177.10.236.43
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a8694ae6f41e5eb8:host:172.234.197.23	SESSION-a8694ae6f41e5eb8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60f4d0af24f032dd:host:131.196.28.126	SESSION-60f4d0af24f032dd → host:131.196.28.126
FLOW_TLS_SNIOBS	e:fs:flow:46ce982f7e4b:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:46ce982f7e4b → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-27131bb9b9feeb52:SESSION-27131bb9b9feeb52	SESSION-27131bb9b9feeb52 → pe:tls:SESSION-27131bb9b9feeb52
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e4bb5568f0e725a3:host:177.10.235.84	SESSION-e4bb5568f0e725a3 → host:177.10.235.84
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-531f1f169db2954c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-531f1f169db2954c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a015ddbfdf91f569:SESSION-a015ddbfdf91f569	SESSION-a015ddbfdf91f569 → pe:tls:SESSION-a015ddbfdf91f569
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8938c8d43c3c288:host:172.234.197.23	SESSION-d8938c8d43c3c288 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c6a2d0b31f21	flow:c6a2d0b31f21 → host:177.10.236.233 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:7742b84315b0	flow:7742b84315b0 → host:172.234.197.23 → host:131.196.28.227 → port:tcp:47804
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-89957ac1ec870b87:flow:7b0f0a34a565	SESSION-89957ac1ec870b87 → flow:7b0f0a34a565
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6965561db8b52827:host:131.196.30.8	SESSION-6965561db8b52827 → host:131.196.30.8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4fe97044eaa4ff8:SESSION-c4fe97044eaa4ff8	SESSION-c4fe97044eaa4ff8 → pe:tls:SESSION-c4fe97044eaa4ff8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08d3390238946fda:host:195.154.100.87	SESSION-08d3390238946fda → host:195.154.100.87
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6b6e18a39fae0db6:SESSION-6b6e18a39fae0db6	SESSION-6b6e18a39fae0db6 → pe:syn:SESSION-6b6e18a39fae0db6
FLOW_DST_PORTOBS	e:fp:flow:91da1e04ec80:port:tcp:443	flow:91da1e04ec80 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-757e5ed1a89f1610:PCAP:capture_20260430160001:9bfa4498506a	SESSION-757e5ed1a89f1610 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-24bd61df75bf4426:SESSION-24bd61df75bf4426	SESSION-24bd61df75bf4426 → pe:tls:SESSION-24bd61df75bf4426
FLOW_TO_HOSTOBS	e:to:SESSION-7e2811d191c294e0:host:177.10.236.159	SESSION-7e2811d191c294e0 → host:177.10.236.159
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a7cd300d305b207c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-a7cd300d305b207c → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d5a74cc524a51e3d:SESSION-d5a74cc524a51e3d	SESSION-d5a74cc524a51e3d → pe:tls:SESSION-d5a74cc524a51e3d
flow_observed5-aryOBS	e:fo:flow:ef76751809b3	flow:ef76751809b3 → host:177.10.238.98 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-139ea45d2e45809a:flow:2faea6106d12	SESSION-139ea45d2e45809a → flow:2faea6106d12
flow_observed4-aryOBS	e:fo:flow:11ee47bc8fde	flow:11ee47bc8fde → host:172.234.197.23 → host:177.10.238.62 → port:tcp:60594
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ae8012f8306fedb:flow:1bd45696d21f	SESSION-6ae8012f8306fedb → flow:1bd45696d21f
FLOW_TO_HOSTOBS	e:to:SESSION-a7cfd4f435147ff3:host:177.10.236.236	SESSION-a7cfd4f435147ff3 → host:177.10.236.236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1684e8254d6d3165:SESSION-1684e8254d6d3165	SESSION-1684e8254d6d3165 → pe:tls:SESSION-1684e8254d6d3165
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e1ff5f640d9a1d3a:host:177.10.237.153:host:172.234.197.23	SESSION-e1ff5f640d9a1d3a → host:177.10.237.153 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-df8de933ba817d8f:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-df8de933ba817d8f → PCAP:capture_20260428000001:7e90c7cb899e
FLOW_TO_HOSTOBS	e:to:SESSION-9c0ba3366d883914:host:172.234.197.23	SESSION-9c0ba3366d883914 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f003e7e66ba8f79:host:172.234.197.23	SESSION-4f003e7e66ba8f79 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-352588f71ded414b:host:172.234.197.23:host:177.10.232.159	SESSION-352588f71ded414b → host:172.234.197.23 → host:177.10.232.159
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0ce4962ca3a156ee:flow:0196cbb8b95d	SESSION-0ce4962ca3a156ee → flow:0196cbb8b95d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.53:geo_-16.28860_-49.01640	host:177.10.239.53 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:140ad25dbfdb	flow:140ad25dbfdb → host:45.173.156.99 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-8c07bee6bb583aca:host:67.219.103.9	SESSION-8c07bee6bb583aca → host:67.219.103.9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3524905b33baacd0:flow:f88f22bb8c6d	SESSION-3524905b33baacd0 → flow:f88f22bb8c6d
FLOW_DST_PORTOBS	e:fp:flow:6d9a418c6401:port:tcp:10609	flow:6d9a418c6401 → port:tcp:10609
FLOW_TO_HOSTOBS	e:to:SESSION-7ad6356c5bafa36b:host:131.196.28.39	SESSION-7ad6356c5bafa36b → host:131.196.28.39
FLOW_DST_PORTOBS	e:fp:flow:f3f20a5f13f0:port:tcp:443	flow:f3f20a5f13f0 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6c92d9b97cea9da:host:131.196.28.160	SESSION-d6c92d9b97cea9da → host:131.196.28.160
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5527f09aaa715d91:host:172.234.197.23	SESSION-5527f09aaa715d91 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fe8ac015ba2db65:host:172.234.197.23	SESSION-5fe8ac015ba2db65 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ffe6ab3345b8c10e:host:177.10.235.215	SESSION-ffe6ab3345b8c10e → host:177.10.235.215
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b61a304f889dfad6:host:172.234.197.23	SESSION-b61a304f889dfad6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d3cf98bfbd337a47:host:172.234.197.23	SESSION-d3cf98bfbd337a47 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49652bb4e1e9db35:host:172.234.197.23	SESSION-49652bb4e1e9db35 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:658b6a47bbe6	flow:658b6a47bbe6 → host:37.187.136.36 → host:172.234.197.23 → port:tcp:23
FLOW_DST_PORTOBS	e:fp:flow:563f5b886e49:port:tcp:42802	flow:563f5b886e49 → port:tcp:42802
flow_observed5-aryOBS	e:fo:flow:d3bfe28004a6	flow:d3bfe28004a6 → host:177.10.237.80 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-f9e2f07f7ea20074:host:131.196.28.204	SESSION-f9e2f07f7ea20074 → host:131.196.28.204
flow_observed4-aryOBS	e:fo:flow:86b65480c339	flow:86b65480c339 → host:172.234.197.23 → host:177.10.237.10 → port:tcp:9421
FLOW_TO_HOSTOBS	e:to:SESSION-7f181002c59096f4:host:172.234.197.23	SESSION-7f181002c59096f4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c88d3e9918500cb2:flow:e5fed5a187d0	SESSION-c88d3e9918500cb2 → flow:e5fed5a187d0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-678637d3dc5962bf:host:177.10.232.178	SESSION-678637d3dc5962bf → host:177.10.232.178
FLOW_FROM_HOSTOBS	e:from:SESSION-05a7cad64bbe69e6:host:172.234.197.23	SESSION-05a7cad64bbe69e6 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.207:geo_-16.28860_-49.01640	host:177.10.236.207 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.97:asn:203771	host:95.170.25.97 → asn:203771
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b50835be4d5bba16:host:172.234.197.23:host:177.10.237.145	SESSION-b50835be4d5bba16 → host:172.234.197.23 → host:177.10.237.145
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5940a5357983452d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-5940a5357983452d → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-53fb5011e3d13c28:PCAP:capture_20260430150001:ded20914761d	SESSION-53fb5011e3d13c28 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-49ea8e2d7734ace3:SESSION-49ea8e2d7734ace3	SESSION-49ea8e2d7734ace3 → pe:syn:SESSION-49ea8e2d7734ace3
flow_observed5-aryOBS	e:fo:flow:034bfee1a8d8	flow:034bfee1a8d8 → host:177.10.239.137 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2bf5c26caf57dc4e:host:45.173.156.233:host:172.234.197.23	SESSION-2bf5c26caf57dc4e → host:45.173.156.233 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.171:geo_-16.28860_-49.01640	host:177.10.235.171 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.82:asn:262880	host:177.10.232.82 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-d5d249db6ec3f34e:host:172.234.197.23	SESSION-d5d249db6ec3f34e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:69309691d7b0	flow:69309691d7b0 → host:109.89.117.44 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a046afd146222299:host:103.155.16.117:host:172.234.197.23	SESSION-a046afd146222299 → host:103.155.16.117 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a7cd300d305b207c:host:177.10.237.129	SESSION-a7cd300d305b207c → host:177.10.237.129
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fcd4658ed0002284:SESSION-fcd4658ed0002284	SESSION-fcd4658ed0002284 → pe:tls:SESSION-fcd4658ed0002284
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-854a13cbd553e198:SESSION-854a13cbd553e198	SESSION-854a13cbd553e198 → pe:syn:SESSION-854a13cbd553e198
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.245:geo_19.07480_72.88560	host:45.145.152.245 → geo_19.07480_72.88560
FLOW_DST_PORTOBS	e:fp:flow:ddb64a3861e6:port:tcp:443	flow:ddb64a3861e6 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-449915b4a668f160:host:177.10.234.135	SESSION-449915b4a668f160 → host:177.10.234.135
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a8c8ed56d6827efd:SESSION-a8c8ed56d6827efd	SESSION-a8c8ed56d6827efd → pe:tls:SESSION-a8c8ed56d6827efd
FLOW_TO_HOSTOBS	e:to:SESSION-8a80be6abc21d5bd:host:172.234.197.23	SESSION-8a80be6abc21d5bd → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-55ef1be4460b895e:host:172.234.197.23	SESSION-55ef1be4460b895e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ae5a5bc5d983:port:tcp:443	flow:ae5a5bc5d983 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.59:geo_-16.28860_-49.01640	host:177.10.236.59 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-b47e385ca946fd94:host:177.10.236.91	SESSION-b47e385ca946fd94 → host:177.10.236.91
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e995e7d6e6aa04f6:host:45.173.156.29	SESSION-e995e7d6e6aa04f6 → host:45.173.156.29
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-576e43142f03a150:host:172.234.197.23:host:177.10.234.219	SESSION-576e43142f03a150 → host:172.234.197.23 → host:177.10.234.219
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-72859a91c292f326:SESSION-72859a91c292f326	SESSION-72859a91c292f326 → pe:tls:SESSION-72859a91c292f326
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-69a0e56e6767912e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-69a0e56e6767912e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1db6dc9c45987f6e:host:177.10.234.166:host:172.234.197.23	SESSION-1db6dc9c45987f6e → host:177.10.234.166 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-98b441f54568b58c:PCAP:capture_20260430060001:919b39a74464	SESSION-98b441f54568b58c → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:7db70b5ccb55	flow:7db70b5ccb55 → host:131.196.28.48 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-97b2355356a85562:host:172.234.197.23:host:177.10.232.129	SESSION-97b2355356a85562 → host:172.234.197.23 → host:177.10.232.129
FLOW_TO_HOSTOBS	e:to:SESSION-5ed2dc2be6795ae2:host:172.234.197.23	SESSION-5ed2dc2be6795ae2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-801ebd343e287ece:host:177.10.237.6	SESSION-801ebd343e287ece → host:177.10.237.6
FLOW_FROM_HOSTOBS	e:from:SESSION-933bde1224d44bcc:host:172.234.197.23	SESSION-933bde1224d44bcc → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:664fbef0d9ab	flow:664fbef0d9ab → host:177.10.239.221 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-235be73d0ead16ae:host:172.234.197.23	SESSION-235be73d0ead16ae → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-923cb7ae7a40da65:flow:2250f63b7582	SESSION-923cb7ae7a40da65 → flow:2250f63b7582
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c78f1de05120efd8:SESSION-c78f1de05120efd8	SESSION-c78f1de05120efd8 → pe:syn:SESSION-c78f1de05120efd8
FLOW_DST_PORTOBS	e:fp:flow:8940134437ac:port:tcp:443	flow:8940134437ac → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-21cca31493e9287d:BSG-BEACON-135373721785	SESSION-21cca31493e9287d → BSG-BEACON-135373721785
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7d87083f9dd8844d:SESSION-7d87083f9dd8844d	SESSION-7d87083f9dd8844d → pe:syn:SESSION-7d87083f9dd8844d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0532a1c12e883894:PCAP:capture_20260430090001:065659c7d314	SESSION-0532a1c12e883894 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3cd6c8dc824ee14d:SESSION-3cd6c8dc824ee14d	SESSION-3cd6c8dc824ee14d → pe:syn:SESSION-3cd6c8dc824ee14d
FLOW_FROM_HOSTOBS	e:from:SESSION-60dcadff088f62ae:host:172.234.197.23	SESSION-60dcadff088f62ae → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ac71782250ec9a1:host:172.234.197.23:host:45.173.156.85	SESSION-6ac71782250ec9a1 → host:172.234.197.23 → host:45.173.156.85
FLOW_DST_PORTOBS	e:fp:flow:fc97460ddf77:port:tcp:43491	flow:fc97460ddf77 → port:tcp:43491
FLOW_DST_PORTOBS	e:fp:flow:2eb460b087f2:port:tcp:27110	flow:2eb460b087f2 → port:tcp:27110
FLOW_TO_HOSTOBS	e:to:SESSION-d96c6feac6dadd94:host:172.234.197.23	SESSION-d96c6feac6dadd94 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb7b2ae66396fc75:host:177.10.235.178	SESSION-cb7b2ae66396fc75 → host:177.10.235.178
HOST_IN_ASNOBS 85%	e:ha:host:78.47.249.154:asn:24940	host:78.47.249.154 → asn:24940
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-92cb25b3a2aea70a:host:172.234.197.23:host:177.10.237.249	SESSION-92cb25b3a2aea70a → host:172.234.197.23 → host:177.10.237.249
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7c6e69b3f05bcd99:host:177.10.239.84:host:172.234.197.23	SESSION-7c6e69b3f05bcd99 → host:177.10.239.84 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:82b885fc840d	flow:82b885fc840d → host:172.234.197.23 → host:177.10.236.31 → port:tcp:6641
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-66f42b3418de6818:flow:c9b2de003e0c	SESSION-66f42b3418de6818 → flow:c9b2de003e0c
FLOW_TO_HOSTOBS	e:to:SESSION-9912439438040361:host:45.173.156.116	SESSION-9912439438040361 → host:45.173.156.116
flow_observed5-aryOBS	e:fo:flow:80a6298ed117	flow:80a6298ed117 → host:177.10.235.79 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-d04c60e569cc19ba:host:172.234.197.23	SESSION-d04c60e569cc19ba → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-098ed7054a17b347:host:172.234.197.23:host:177.10.235.60	SESSION-098ed7054a17b347 → host:172.234.197.23 → host:177.10.235.60
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1eb19142561b47ba:SESSION-1eb19142561b47ba	SESSION-1eb19142561b47ba → pe:tls:SESSION-1eb19142561b47ba
FLOW_FROM_HOSTOBS	e:from:SESSION-caaa6bcaac59e7b9:host:177.10.233.158	SESSION-caaa6bcaac59e7b9 → host:177.10.233.158
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e2b4854b4491f9b7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e2b4854b4491f9b7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ddf07020985eed3:flow:482a5bca40e0	SESSION-2ddf07020985eed3 → flow:482a5bca40e0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-28ca4d014ad9a35f:flow:6ab36c178e57	SESSION-28ca4d014ad9a35f → flow:6ab36c178e57
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11d1e958623763ef:host:172.234.197.23	SESSION-11d1e958623763ef → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6a8aa8884777:port:tcp:60638	flow:6a8aa8884777 → port:tcp:60638
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-912ea161e3e6ffdc:host:172.234.197.23	SESSION-912ea161e3e6ffdc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-70cb56f6bea3d067:host:172.234.197.23	SESSION-70cb56f6bea3d067 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ed8e90a0efd647ab:flow:9aaa3d552dfa	SESSION-ed8e90a0efd647ab → flow:9aaa3d552dfa
FLOW_TO_HOSTOBS	e:to:SESSION-858a06c2b9abdebe:host:172.234.197.23	SESSION-858a06c2b9abdebe → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-95c23d407c86213b:host:172.234.197.23:host:131.196.29.119	SESSION-95c23d407c86213b → host:172.234.197.23 → host:131.196.29.119
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf343490b1b7ef49:flow:f0003eb8a676	SESSION-bf343490b1b7ef49 → flow:f0003eb8a676
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-71cb82af8f37b35d:host:199.16.157.181	SESSION-71cb82af8f37b35d → host:199.16.157.181
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5746e0d81f0d05c1:flow:672cf5da582b	SESSION-5746e0d81f0d05c1 → flow:672cf5da582b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-656bb895abc59727:flow:06e6a1ef84ba	SESSION-656bb895abc59727 → flow:06e6a1ef84ba
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-afde502531c1ddca:SESSION-afde502531c1ddca	SESSION-afde502531c1ddca → pe:syn:SESSION-afde502531c1ddca
FLOW_FROM_HOSTOBS	e:from:SESSION-f158e3bc319e69c7:host:199.16.157.182	SESSION-f158e3bc319e69c7 → host:199.16.157.182
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a681df8efb85197d:flow:68526d736736	SESSION-a681df8efb85197d → flow:68526d736736
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-020ce81cb9d50ce5:host:177.10.234.87	SESSION-020ce81cb9d50ce5 → host:177.10.234.87
FLOW_FROM_HOSTOBS	e:from:SESSION-0b5f77768a227f3c:host:177.10.237.212	SESSION-0b5f77768a227f3c → host:177.10.237.212
FLOW_FROM_HOSTOBS	e:from:SESSION-64abd49ab16af3e3:host:177.10.234.253	SESSION-64abd49ab16af3e3 → host:177.10.234.253
FLOW_DST_PORTOBS	e:fp:flow:282a0cc9d92b:port:tcp:443	flow:282a0cc9d92b → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b68b7374dcfd0024:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b68b7374dcfd0024 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:746bb43ffdeb	flow:746bb43ffdeb → host:131.196.30.219 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a5643c60889fe0da:host:172.234.197.23:host:131.196.30.187	SESSION-a5643c60889fe0da → host:172.234.197.23 → host:131.196.30.187
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e44d3b0a0ee22cd6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e44d3b0a0ee22cd6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:1f4f772c7607:port:tcp:6206	flow:1f4f772c7607 → port:tcp:6206
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88ff33eaa18cf09d:host:177.10.235.97	SESSION-88ff33eaa18cf09d → host:177.10.235.97
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.1:asn:262880	host:177.10.232.1 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:b5bdfdede605:port:tcp:443	flow:b5bdfdede605 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98d24f4ecefc5585:host:172.234.197.23	SESSION-98d24f4ecefc5585 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fd2a5925828b8076:host:172.234.197.23	SESSION-fd2a5925828b8076 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.51:asn:271410	host:131.196.29.51 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a3e5e93fe3cda49d:SESSION-a3e5e93fe3cda49d	SESSION-a3e5e93fe3cda49d → pe:tls:SESSION-a3e5e93fe3cda49d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf36cee0aa989ce3:SESSION-bf36cee0aa989ce3	SESSION-bf36cee0aa989ce3 → pe:syn:SESSION-bf36cee0aa989ce3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5218a703d93123a3:host:177.10.234.36	SESSION-5218a703d93123a3 → host:177.10.234.36
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3931cb15b35f138a:flow:bc01e2d2030c	SESSION-3931cb15b35f138a → flow:bc01e2d2030c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9d9ed6ae798457b7:SESSION-9d9ed6ae798457b7	SESSION-9d9ed6ae798457b7 → pe:syn:SESSION-9d9ed6ae798457b7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5fcbc735dfd8018d:host:177.10.239.69:host:172.234.197.23	SESSION-5fcbc735dfd8018d → host:177.10.239.69 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:56a8cea9fac6	flow:56a8cea9fac6 → host:177.10.232.10 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-31b8d1ec0bbdfa48:host:172.234.197.23	SESSION-31b8d1ec0bbdfa48 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:66.228.53.46:geo_32.94730_-96.70280	host:66.228.53.46 → geo_32.94730_-96.70280
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96272a0a54480e7a:host:177.10.234.78	SESSION-96272a0a54480e7a → host:177.10.234.78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6511e777b0d792c1:host:45.173.156.212	SESSION-6511e777b0d792c1 → host:45.173.156.212
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76f517468502eda0:host:177.10.239.113	SESSION-76f517468502eda0 → host:177.10.239.113
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6cc06f30e6c05bb:host:172.234.197.23	SESSION-a6cc06f30e6c05bb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ef90c0e24c7a1c11:flow:fc2d97c28801	SESSION-ef90c0e24c7a1c11 → flow:fc2d97c28801
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb6c1367f6b2a786:host:172.234.197.23	SESSION-eb6c1367f6b2a786 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b9bd67a188ca	flow:b9bd67a188ca → host:172.234.197.23 → host:177.10.237.147 → port:tcp:43729
HOST_IN_ASNOBS 85%	e:ha:host:51.225.22.198:asn:16509	host:51.225.22.198 → asn:16509
FLOW_FROM_HOSTOBS	e:from:SESSION-35e3c61c67455ba8:host:172.234.197.23	SESSION-35e3c61c67455ba8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-05ec7baf0d99b24d:SESSION-05ec7baf0d99b24d	SESSION-05ec7baf0d99b24d → pe:syn:SESSION-05ec7baf0d99b24d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-578d76d32a2c1b81:host:45.173.156.11	SESSION-578d76d32a2c1b81 → host:45.173.156.11
flow_observed5-aryOBS	e:fo:flow:2d9131452e31	flow:2d9131452e31 → host:131.196.28.231 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.73:asn:262880	host:177.10.233.73 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38a64ba294c5f79f:host:172.234.197.23	SESSION-38a64ba294c5f79f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d90a5aaa3545c15:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1d90a5aaa3545c15 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b47539014cc5976c:host:172.234.197.23	SESSION-b47539014cc5976c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-500f03715884566d:host:177.10.233.11	SESSION-500f03715884566d → host:177.10.233.11
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5eb3b0eaf7de1b7d:host:172.234.197.23	SESSION-5eb3b0eaf7de1b7d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9d9c4818e854	flow:9d9c4818e854 → host:177.10.239.28 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f0daf10b890c2667:host:172.234.197.23	SESSION-f0daf10b890c2667 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.244:geo_-16.28860_-49.01640	host:177.10.239.244 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-10314c25bdbc198a:host:177.10.233.126	SESSION-10314c25bdbc198a → host:177.10.233.126
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-53ca21169d5f7469:flow:e63568a80d79	SESSION-53ca21169d5f7469 → flow:e63568a80d79
FLOW_DST_PORTOBS	e:fp:flow:5d98a7142573:port:tcp:443	flow:5d98a7142573 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-40c5d05833b5d363:host:172.234.197.23	SESSION-40c5d05833b5d363 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-324b6311c2d003f7:host:172.234.197.23:host:177.10.238.211	SESSION-324b6311c2d003f7 → host:172.234.197.23 → host:177.10.238.211
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3524905b33baacd0:SESSION-3524905b33baacd0	SESSION-3524905b33baacd0 → pe:tls:SESSION-3524905b33baacd0
FLOW_TO_HOSTOBS	e:to:SESSION-16b33dfc60975324:host:172.234.197.23	SESSION-16b33dfc60975324 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-69ac7334931bf6c1:SESSION-69ac7334931bf6c1	SESSION-69ac7334931bf6c1 → pe:tls:SESSION-69ac7334931bf6c1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dc3f24e93e3e0fb3:host:177.10.236.174:host:172.234.197.23	SESSION-dc3f24e93e3e0fb3 → host:177.10.236.174 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.122:geo_-16.28860_-49.01640	host:177.10.232.122 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-319dd83e6310ac59:host:45.173.156.37	SESSION-319dd83e6310ac59 → host:45.173.156.37
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34b42a1bd1f93900:host:172.234.197.23	SESSION-34b42a1bd1f93900 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-28e21153f6abb648:host:131.196.30.9	SESSION-28e21153f6abb648 → host:131.196.30.9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c38263f2f5f96575:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c38263f2f5f96575 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:34.140.18.6:geo_50.85340_4.34700	host:34.140.18.6 → geo_50.85340_4.34700
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be0f12df58cf6d46:host:172.234.197.23:host:131.196.28.8	SESSION-be0f12df58cf6d46 → host:172.234.197.23 → host:131.196.28.8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-609fd31f908d95c5:host:177.10.239.55:host:172.234.197.23	SESSION-609fd31f908d95c5 → host:177.10.239.55 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9e896271e9295df4:host:177.10.239.166:host:172.234.197.23	SESSION-9e896271e9295df4 → host:177.10.239.166 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9cb79ec77286	flow:9cb79ec77286 → host:131.196.31.230 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e615d118f3247e2:host:172.234.197.23	SESSION-2e615d118f3247e2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db282f95b9cc563d:SESSION-db282f95b9cc563d	SESSION-db282f95b9cc563d → pe:syn:SESSION-db282f95b9cc563d
FLOW_DST_PORTOBS	e:fp:flow:1489565b6fba:port:tcp:443	flow:1489565b6fba → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-669451aeea441b50:host:172.234.197.23	SESSION-669451aeea441b50 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-581b4c1bc6ff5f0b:SESSION-581b4c1bc6ff5f0b	SESSION-581b4c1bc6ff5f0b → pe:syn:SESSION-581b4c1bc6ff5f0b
FLOW_DST_PORTOBS	e:fp:flow:55b8d007960c:port:tcp:39303	flow:55b8d007960c → port:tcp:39303
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b523e88f9ec69c3:host:177.10.233.29	SESSION-2b523e88f9ec69c3 → host:177.10.233.29
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-8897ca7200c8655e:SESSION-8897ca7200c8655e	SESSION-8897ca7200c8655e → pe:rst:SESSION-8897ca7200c8655e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.203:asn:262880	host:177.10.234.203 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c3cd15ae05af1e0a:host:177.10.235.68:host:172.234.197.23	SESSION-c3cd15ae05af1e0a → host:177.10.235.68 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e5496341eed0b869:host:131.196.29.150	SESSION-e5496341eed0b869 → host:131.196.29.150
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-484d7e89f92d0359:SESSION-484d7e89f92d0359	SESSION-484d7e89f92d0359 → pe:syn:SESSION-484d7e89f92d0359
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7d1b2f476de49a99:PCAP:capture_20260430110001:43611bdf6759	SESSION-7d1b2f476de49a99 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cd4f490a373a283b:flow:8ddcd7a85531	SESSION-cd4f490a373a283b → flow:8ddcd7a85531
FLOW_TO_HOSTOBS	e:to:SESSION-985c12f522f7e9ff:host:172.234.197.23	SESSION-985c12f522f7e9ff → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-11d1e958623763ef:SESSION-11d1e958623763ef	SESSION-11d1e958623763ef → pe:tls:SESSION-11d1e958623763ef
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f92c0af2b04d2b16:flow:f4a69c79331f	SESSION-f92c0af2b04d2b16 → flow:f4a69c79331f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b836173867007d89:host:172.234.197.23	SESSION-b836173867007d89 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8ba98677b43b4662:host:172.234.197.23	SESSION-8ba98677b43b4662 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:83813505251a	flow:83813505251a → host:177.10.234.28 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-006e3a8766fa0c7d:PCAP:capture_20260430070001:903a0e7a436b	SESSION-006e3a8766fa0c7d → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b3fd62b1832b0e41:SESSION-b3fd62b1832b0e41	SESSION-b3fd62b1832b0e41 → pe:syn:SESSION-b3fd62b1832b0e41
FLOW_FROM_HOSTOBS	e:from:SESSION-130c48c57d6ba6f4:host:140.235.124.200	SESSION-130c48c57d6ba6f4 → host:140.235.124.200
FLOW_TO_HOSTOBS	e:to:SESSION-91196c5d66e04f5c:host:172.234.197.23	SESSION-91196c5d66e04f5c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d85be3a5c3c244d6:SESSION-d85be3a5c3c244d6	SESSION-d85be3a5c3c244d6 → pe:tls:SESSION-d85be3a5c3c244d6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bd8363b8ee3ddfde:host:172.234.197.23:host:177.10.236.7	SESSION-bd8363b8ee3ddfde → host:172.234.197.23 → host:177.10.236.7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-415460770952c9a4:host:177.10.232.135:host:172.234.197.23	SESSION-415460770952c9a4 → host:177.10.232.135 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:48fd2710b8bf:port:tcp:443	flow:48fd2710b8bf → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-de82cbdf751e150b:SESSION-de82cbdf751e150b	SESSION-de82cbdf751e150b → pe:tls:SESSION-de82cbdf751e150b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bedf3bb9bf60dde0:flow:89f3bc0b68f9	SESSION-bedf3bb9bf60dde0 → flow:89f3bc0b68f9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1228b317d5ce27b4:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-1228b317d5ce27b4 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:6317a0a33a58	flow:6317a0a33a58 → host:177.10.238.237 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6617d8dfad1357d9:host:172.234.197.23	SESSION-6617d8dfad1357d9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dde31743640b587a:host:177.10.236.90	SESSION-dde31743640b587a → host:177.10.236.90
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b1078812f997c85:PCAP:capture_20260430090001:065659c7d314	SESSION-7b1078812f997c85 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-40e0d0b129f437fd:SESSION-40e0d0b129f437fd	SESSION-40e0d0b129f437fd → pe:syn:SESSION-40e0d0b129f437fd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8614773ef8a3b357:PCAP:capture_20260430080001:93f47cc296a4	SESSION-8614773ef8a3b357 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-8bd396f5705de0fe:host:172.234.197.23	SESSION-8bd396f5705de0fe → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.8:asn:262880	host:177.10.233.8 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27b5dd82e2b65bbd:host:177.10.239.167	SESSION-27b5dd82e2b65bbd → host:177.10.239.167
flow_observed5-aryOBS	e:fo:flow:d199e1c484ae	flow:d199e1c484ae → host:131.196.28.16 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-235be73d0ead16ae:host:172.234.197.23:host:131.196.28.193	SESSION-235be73d0ead16ae → host:172.234.197.23 → host:131.196.28.193
FLOW_FROM_HOSTOBS	e:from:SESSION-a3a44f67a1174447:host:95.170.25.97	SESSION-a3a44f67a1174447 → host:95.170.25.97
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9b9ddad698cc7ffe:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-9b9ddad698cc7ffe → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.11:asn:273470	host:45.173.156.11 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a66cf91ad155464:host:172.234.197.23	SESSION-6a66cf91ad155464 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-09db40e08b93496c:host:172.234.197.23	SESSION-09db40e08b93496c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9b0c47b1e862acc1:host:172.234.197.23	SESSION-9b0c47b1e862acc1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:df87bb415296:port:tcp:443	flow:df87bb415296 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-875fd6bdbe4ae339:host:177.10.236.52	SESSION-875fd6bdbe4ae339 → host:177.10.236.52
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.131:geo_-16.28860_-49.01640	host:177.10.232.131 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.153:geo_-16.28860_-49.01640	host:177.10.233.153 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.90:asn:203771	host:95.170.25.90 → asn:203771
flow_observed4-aryOBS	e:fo:flow:ddd8280bfafc	flow:ddd8280bfafc → host:172.234.197.23 → host:131.196.31.69 → port:tcp:47296
FLOW_DST_PORTOBS	e:fp:flow:32f59490ee7f:port:tcp:65115	flow:32f59490ee7f → port:tcp:65115
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8c07bee6bb583aca:flow:5434ce9d30fa	SESSION-8c07bee6bb583aca → flow:5434ce9d30fa
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-79ceb7ef9cce8d79:PCAP:capture_20260430090001:065659c7d314	SESSION-79ceb7ef9cce8d79 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-799494d5bb605f27:host:131.196.30.234	SESSION-799494d5bb605f27 → host:131.196.30.234
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-102bebe502918f62:SESSION-102bebe502918f62	SESSION-102bebe502918f62 → pe:tls:SESSION-102bebe502918f62
FLOW_DST_PORTOBS	e:fp:flow:444ebb738d2a:port:tcp:443	flow:444ebb738d2a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2dec3faf198ca60:host:45.173.156.239	SESSION-b2dec3faf198ca60 → host:45.173.156.239
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b10aefef2d5c06b7:SESSION-b10aefef2d5c06b7	SESSION-b10aefef2d5c06b7 → pe:syn:SESSION-b10aefef2d5c06b7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.177:geo_-16.28860_-49.01640	host:177.10.239.177 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-dcbceebcfa7feba5:host:172.234.197.23	SESSION-dcbceebcfa7feba5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-354d6c0d37a0b016:host:172.234.197.23:host:45.173.156.38	SESSION-354d6c0d37a0b016 → host:172.234.197.23 → host:45.173.156.38
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3b376322eb831975:SESSION-3b376322eb831975	SESSION-3b376322eb831975 → pe:syn:SESSION-3b376322eb831975
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8b858978950d9ddc:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8b858978950d9ddc → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:0b5125f695b7:port:tcp:443	flow:0b5125f695b7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5b7d005fcddd05eb:SESSION-5b7d005fcddd05eb	SESSION-5b7d005fcddd05eb → pe:tls:SESSION-5b7d005fcddd05eb
flow_observed4-aryOBS	e:fo:flow:40e654e83289	flow:40e654e83289 → host:172.234.197.23 → host:177.10.239.232 → port:tcp:18847
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-367a6218c741fe93:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-367a6218c741fe93 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-90972096b6b00a4b:SESSION-90972096b6b00a4b	SESSION-90972096b6b00a4b → pe:syn:SESSION-90972096b6b00a4b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0afc12079a05a1b1:host:172.234.197.23	SESSION-0afc12079a05a1b1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1be36b841cb9bb38:host:172.234.197.23	SESSION-1be36b841cb9bb38 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eac07967aaca78dc:SESSION-eac07967aaca78dc	SESSION-eac07967aaca78dc → pe:syn:SESSION-eac07967aaca78dc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ea2b78fffe48f844:SESSION-ea2b78fffe48f844	SESSION-ea2b78fffe48f844 → pe:tls:SESSION-ea2b78fffe48f844
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65e7ac6f998115f7:flow:76a208af53a8	SESSION-65e7ac6f998115f7 → flow:76a208af53a8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e035a13399d76ad4:host:131.196.31.223	SESSION-e035a13399d76ad4 → host:131.196.31.223
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cfdf430166eb3e5d:SESSION-cfdf430166eb3e5d	SESSION-cfdf430166eb3e5d → pe:tls:SESSION-cfdf430166eb3e5d
FLOW_TO_HOSTOBS	e:to:SESSION-9028600f4eef977b:host:172.234.197.23	SESSION-9028600f4eef977b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-386a52b5a647d101:host:172.234.197.23	SESSION-386a52b5a647d101 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:abf52d290c72	flow:abf52d290c72 → host:92.112.71.109 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_TO_HOSTOBS	e:to:SESSION-784ef99bf699df93:host:172.234.197.23	SESSION-784ef99bf699df93 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:cc8ad11dacf5	flow:cc8ad11dacf5 → host:177.10.232.65 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.162:geo_-16.28860_-49.01640	host:177.10.235.162 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c7635cd052466cdd:host:172.234.197.23:host:104.28.234.79	SESSION-c7635cd052466cdd → host:172.234.197.23 → host:104.28.234.79
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b8dc993a043c8fb1:flow:7936992fc196	SESSION-b8dc993a043c8fb1 → flow:7936992fc196
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0e56fb95f564a0aa:host:172.234.197.23:host:172.232.0.16	SESSION-0e56fb95f564a0aa → host:172.234.197.23 → host:172.232.0.16
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.222:geo_-23.62930_-46.63510	host:131.196.30.222 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:8e35c9743ca0	flow:8e35c9743ca0 → host:45.173.156.37 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-34a5ce0f23d7a2a1:SESSION-34a5ce0f23d7a2a1	SESSION-34a5ce0f23d7a2a1 → pe:syn:SESSION-34a5ce0f23d7a2a1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9af401128ecea586:SESSION-9af401128ecea586	SESSION-9af401128ecea586 → pe:syn:SESSION-9af401128ecea586
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54aea84c156a3c18:host:172.234.197.23	SESSION-54aea84c156a3c18 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0d74f533686cf043:host:172.234.197.23:host:177.10.238.46	SESSION-0d74f533686cf043 → host:172.234.197.23 → host:177.10.238.46
FLOW_FROM_HOSTOBS	e:from:SESSION-8d9cfeb1a925e0c3:host:172.234.197.23	SESSION-8d9cfeb1a925e0c3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8300d990ddd9a21:host:177.10.236.157:host:172.234.197.23	SESSION-c8300d990ddd9a21 → host:177.10.236.157 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0b696ed5e125:port:tcp:41524	flow:0b696ed5e125 → port:tcp:41524
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d55d0fcf91e9ec79:host:172.234.197.23	SESSION-d55d0fcf91e9ec79 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:3faa83c68201	flow:3faa83c68201 → host:172.234.197.23 → host:177.10.234.157 → port:tcp:31935
flow_observed4-aryOBS	e:fo:flow:851dc7e1352e	flow:851dc7e1352e → host:172.234.197.23 → host:177.10.237.80 → port:tcp:56801
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b2f232bbd4758bf:host:172.234.197.23	SESSION-7b2f232bbd4758bf → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:cc69fbf2913b:port:tcp:443	flow:cc69fbf2913b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4741bb1b7e9e5b0:host:177.10.232.91	SESSION-d4741bb1b7e9e5b0 → host:177.10.232.91
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8b9228625f2ea52e:SESSION-8b9228625f2ea52e	SESSION-8b9228625f2ea52e → pe:tls:SESSION-8b9228625f2ea52e
FLOW_TO_HOSTOBS	e:to:SESSION-97c8a314f3fd1c5a:host:131.196.30.120	SESSION-97c8a314f3fd1c5a → host:131.196.30.120
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92fb186a1f8eeacc:host:177.10.232.253	SESSION-92fb186a1f8eeacc → host:177.10.232.253
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-001dbe9c45882aae:PCAP:capture_20260430050001:8868731bf8a4	SESSION-001dbe9c45882aae → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69d28aa413742c82:host:177.10.236.176	SESSION-69d28aa413742c82 → host:177.10.236.176
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-69d41e5348c00130:SESSION-69d41e5348c00130	SESSION-69d41e5348c00130 → pe:rst:SESSION-69d41e5348c00130
flow_observed5-aryOBS	e:fo:flow:f47343671c29	flow:f47343671c29 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
FLOW_FROM_HOSTOBS	e:from:SESSION-6bdebc30581f3c5f:host:131.196.30.55	SESSION-6bdebc30581f3c5f → host:131.196.30.55
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-82f2c01059fea89b:flow:8f932617cc08	SESSION-82f2c01059fea89b → flow:8f932617cc08
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-39adf49608796443:SESSION-39adf49608796443	SESSION-39adf49608796443 → pe:tls:SESSION-39adf49608796443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-34b8eff946ae371a:PCAP:capture_20260430150001:ded20914761d	SESSION-34b8eff946ae371a → PCAP:capture_20260430150001:ded20914761d
flow_observed4-aryOBS	e:fo:flow:aa1d9d5e2b97	flow:aa1d9d5e2b97 → host:172.234.197.23 → host:131.196.29.34 → port:tcp:16540
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8189545896e60c84:host:177.10.234.1:host:172.234.197.23	SESSION-8189545896e60c84 → host:177.10.234.1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6d47e7b31036f28:host:172.234.197.23	SESSION-d6d47e7b31036f28 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf997a1aac5d0ef1:PCAP:capture_20260430050001:8868731bf8a4	SESSION-bf997a1aac5d0ef1 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41b71c4a2ccc13b3:host:172.234.197.23	SESSION-41b71c4a2ccc13b3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf0bb0d03710ab65:PCAP:capture_20260430110001:43611bdf6759	SESSION-bf0bb0d03710ab65 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-35ad9f030d1e8e6d:host:45.173.156.219:host:172.234.197.23	SESSION-35ad9f030d1e8e6d → host:45.173.156.219 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-543230bb149abbcc:host:172.234.197.23	SESSION-543230bb149abbcc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3c6f10f20f24d7ff:PCAP:capture_20260430060001:919b39a74464	SESSION-3c6f10f20f24d7ff → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2d7ac357c55d6f7b:host:177.10.237.240:host:172.234.197.23	SESSION-2d7ac357c55d6f7b → host:177.10.237.240 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ff90c657a3c2e88:flow:78244264240b	SESSION-5ff90c657a3c2e88 → flow:78244264240b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-30f00b6e6078f800:PCAP:capture_20260430050001:8868731bf8a4	SESSION-30f00b6e6078f800 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-845630b36dc2dead:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-845630b36dc2dead → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed3-aryOBS	e:fo:flow:cc3f6535fb07	flow:cc3f6535fb07 → host:51.92.14.54 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6a66568eff025692:SESSION-6a66568eff025692	SESSION-6a66568eff025692 → pe:tls:SESSION-6a66568eff025692
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8bfe47632c127d09:SESSION-8bfe47632c127d09	SESSION-8bfe47632c127d09 → pe:syn:SESSION-8bfe47632c127d09
FLOW_DST_PORTOBS	e:fp:flow:a77dc87ab230:port:tcp:15354	flow:a77dc87ab230 → port:tcp:15354
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c30e2da5c8abbcf:host:177.10.238.50	SESSION-9c30e2da5c8abbcf → host:177.10.238.50
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0ffcc2d542e7be59:flow:2009c812f0cc	SESSION-0ffcc2d542e7be59 → flow:2009c812f0cc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d7c23b0aff57d2da:PCAP:capture_20260430090001:065659c7d314	SESSION-d7c23b0aff57d2da → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:a44722bcd1c4:port:tcp:443	flow:a44722bcd1c4 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37617ebce6c7f9ac:PCAP:capture_20260430050001:8868731bf8a4	SESSION-37617ebce6c7f9ac → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a2e73cad916b1394:SESSION-a2e73cad916b1394	SESSION-a2e73cad916b1394 → pe:syn:SESSION-a2e73cad916b1394
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d33ef29909b4f2d5:host:131.196.29.153	SESSION-d33ef29909b4f2d5 → host:131.196.29.153
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29f2fc627b4350bb:host:131.196.29.5	SESSION-29f2fc627b4350bb → host:131.196.29.5
FLOW_FROM_HOSTOBS	e:from:SESSION-0146df147eb3c3bd:host:172.234.197.23	SESSION-0146df147eb3c3bd → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-154a0a352559b94b:host:172.234.197.23	SESSION-154a0a352559b94b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4f8173edf80e	flow:4f8173edf80e → host:177.10.233.116 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:cb6541d20503	flow:cb6541d20503 → host:172.234.197.23 → host:131.196.29.139 → port:tcp:29698
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bce308e5c94583d6:host:172.234.197.23	SESSION-bce308e5c94583d6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9c5e84c9804a	flow:9c5e84c9804a → host:177.10.237.238 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-57d2db6c2c177c2e:host:172.234.197.23	SESSION-57d2db6c2c177c2e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b37dbc8f4449b96:PCAP:capture_20260430150001:ded20914761d	SESSION-5b37dbc8f4449b96 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9e0f3ba046c015f:host:172.234.197.23	SESSION-a9e0f3ba046c015f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5fdfd79cbce8be94:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-5fdfd79cbce8be94 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-905738e9b4f08562:host:172.234.197.23	SESSION-905738e9b4f08562 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6515500944a7e42e:host:177.10.234.71	SESSION-6515500944a7e42e → host:177.10.234.71
flow_observed5-aryOBS	e:fo:flow:88ed0ede4fa9	flow:88ed0ede4fa9 → host:177.10.232.133 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:3100de296217:port:udp:53	flow:3100de296217 → port:udp:53
flow_observed5-aryOBS	e:fo:flow:53c657412e92	flow:53c657412e92 → host:177.10.233.196 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:daab24d3782e	flow:daab24d3782e → host:172.234.197.23 → host:177.10.232.243 → port:tcp:45634
FLOW_DST_PORTOBS	e:fp:flow:bf3aa5bf62e1:port:tcp:49276	flow:bf3aa5bf62e1 → port:tcp:49276
FLOW_DST_PORTOBS	e:fp:flow:c8b621e12628:port:tcp:443	flow:c8b621e12628 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9335dee651513692:host:177.10.232.207:host:172.234.197.23	SESSION-9335dee651513692 → host:177.10.232.207 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db8bd5551afdaf6c:PCAP:capture_20260430060001:919b39a74464	SESSION-db8bd5551afdaf6c → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84a1a640eb0d0e14:host:172.234.197.23	SESSION-84a1a640eb0d0e14 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75c0f4fa43b2bfb9:host:92.112.71.216	SESSION-75c0f4fa43b2bfb9 → host:92.112.71.216
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56ec76ae342b7ee6:host:172.234.197.23	SESSION-56ec76ae342b7ee6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b7661066332b8e82:host:177.10.239.186	SESSION-b7661066332b8e82 → host:177.10.239.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e4d7008639203d5:host:172.232.0.16	SESSION-3e4d7008639203d5 → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9ffa027db374a629:SESSION-9ffa027db374a629	SESSION-9ffa027db374a629 → pe:tls:SESSION-9ffa027db374a629
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6af366568a421f52:flow:c435d9660e7b	SESSION-6af366568a421f52 → flow:c435d9660e7b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:172.232.0.16:geo_41.88350_-87.63050	host:172.232.0.16 → geo_41.88350_-87.63050
flow_observed5-aryOBS	e:fo:flow:05ba29ffa20b	flow:05ba29ffa20b → host:177.10.236.153 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-8977638e8d6c6909:host:172.234.197.23	SESSION-8977638e8d6c6909 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c3d3f3d87b7f1a0:host:177.10.233.20	SESSION-5c3d3f3d87b7f1a0 → host:177.10.233.20
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:78.47.249.154:geo_50.47770_12.36490	host:78.47.249.154 → geo_50.47770_12.36490
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4ec222cc1c3a7faf:SESSION-4ec222cc1c3a7faf	SESSION-4ec222cc1c3a7faf → pe:tls:SESSION-4ec222cc1c3a7faf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-baf6029a4a920bc4:host:172.234.197.23	SESSION-baf6029a4a920bc4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c766f181ead012ae:flow:009bd5732591	SESSION-c766f181ead012ae → flow:009bd5732591
FLOW_FROM_HOSTOBS	e:from:SESSION-76512232807349be:host:45.173.156.51	SESSION-76512232807349be → host:45.173.156.51
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f377c5e49ededc1c:PCAP:capture_20260430160001:9bfa4498506a	SESSION-f377c5e49ededc1c → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-0f2cdff3ab49e1a1:host:177.10.234.160	SESSION-0f2cdff3ab49e1a1 → host:177.10.234.160
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32551388ee5c6c20:host:177.10.238.195	SESSION-32551388ee5c6c20 → host:177.10.238.195
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d8c0a98b52014301:SESSION-d8c0a98b52014301	SESSION-d8c0a98b52014301 → pe:syn:SESSION-d8c0a98b52014301
FLOW_TO_HOSTOBS	e:to:SESSION-7b679e6887c5a68a:host:172.234.197.23	SESSION-7b679e6887c5a68a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:23d8fe986251:port:tcp:443	flow:23d8fe986251 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:a7f663752ab6:port:tcp:443	flow:a7f663752ab6 → port:tcp:443
ASN_IN_ORGOBS 80%	e:ao:asn:4812:org:China Telecom Group	asn:4812 → org:China Telecom Group
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e182e837f26eb64a:host:172.234.197.23	SESSION-e182e837f26eb64a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52c764b77552a86d:host:177.10.234.3	SESSION-52c764b77552a86d → host:177.10.234.3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5c9754d7075a4d12:flow:6a46893b400c	SESSION-5c9754d7075a4d12 → flow:6a46893b400c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-993efaa98cc6a9ac:PCAP:capture_20260430080001:93f47cc296a4	SESSION-993efaa98cc6a9ac → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:fa2c4d55df00:port:tcp:17434	flow:fa2c4d55df00 → port:tcp:17434
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-baee22f4fffa81d2:PCAP:capture_20260430070001:903a0e7a436b	SESSION-baee22f4fffa81d2 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd1fe9b471d92d57:host:172.234.197.23	SESSION-dd1fe9b471d92d57 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7063a4bdff0e259c:host:131.196.30.230	SESSION-7063a4bdff0e259c → host:131.196.30.230
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0d74f533686cf043:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0d74f533686cf043 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4cde7abdf73c6af1:host:172.234.197.23	SESSION-4cde7abdf73c6af1 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.250:asn:262880	host:177.10.234.250 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.44:geo_-16.28860_-49.01640	host:177.10.234.44 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88c19910e1cb1242:host:45.173.156.13	SESSION-88c19910e1cb1242 → host:45.173.156.13
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-66746867faa9cf3c:host:172.234.197.23:host:177.10.237.117	SESSION-66746867faa9cf3c → host:172.234.197.23 → host:177.10.237.117
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-692aeceb01bd702a:PCAP:capture_20260430080001:93f47cc296a4	SESSION-692aeceb01bd702a → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e034fcb399102895:PCAP:capture_20260430090001:065659c7d314	SESSION-e034fcb399102895 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6dadefe349dd79f6:SESSION-6dadefe349dd79f6	SESSION-6dadefe349dd79f6 → pe:tls:SESSION-6dadefe349dd79f6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0153bfe1e0550f7:host:172.234.197.23	SESSION-d0153bfe1e0550f7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c1b9603c0e1ea765:flow:a6993633811b	SESSION-c1b9603c0e1ea765 → flow:a6993633811b
FLOW_TO_HOSTOBS	e:to:SESSION-fef5e1438bdea640:host:92.118.39.236	SESSION-fef5e1438bdea640 → host:92.118.39.236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-0af842276eef56a1:SESSION-0af842276eef56a1	SESSION-0af842276eef56a1 → pe:rst:SESSION-0af842276eef56a1
flow_observed4-aryOBS	e:fo:flow:32c341ad15e4	flow:32c341ad15e4 → host:172.234.197.23 → host:177.10.232.207 → port:tcp:17165
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-937317105ded9efa:flow:1f7c37615ab5	SESSION-937317105ded9efa → flow:1f7c37615ab5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.20:geo_-16.28860_-49.01640	host:177.10.232.20 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-bc37b0c14be06192:host:88.99.91.59	SESSION-bc37b0c14be06192 → host:88.99.91.59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6c5da4152a907bbd:SESSION-6c5da4152a907bbd	SESSION-6c5da4152a907bbd → pe:tls:SESSION-6c5da4152a907bbd
FLOW_TO_HOSTOBS	e:to:SESSION-c8b38e5755a85588:host:172.234.197.23	SESSION-c8b38e5755a85588 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c6e0f5297a66:port:tcp:443	flow:c6e0f5297a66 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:60fb94c5157b	flow:60fb94c5157b → host:177.10.236.57 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.84:asn:271410	host:131.196.31.84 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-67c350ca0312f6cb:PCAP:capture_20260430060001:919b39a74464	SESSION-67c350ca0312f6cb → PCAP:capture_20260430060001:919b39a74464
flow_observed4-aryOBS	e:fo:flow:26f7cfa49443	flow:26f7cfa49443 → host:172.234.197.23 → host:131.196.30.73 → port:tcp:38008
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db638e9136fa3895:host:172.234.197.23	SESSION-db638e9136fa3895 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a60100c841341ace:host:37.27.162.26	SESSION-a60100c841341ace → host:37.27.162.26
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.119:asn:203771	host:185.231.226.119 → asn:203771
HOST_IN_ASNOBS 85%	e:ha:host:213.209.159.159:asn:208137	host:213.209.159.159 → asn:208137
FLOW_DST_PORTOBS	e:fp:flow:d97b7315f434:port:tcp:443	flow:d97b7315f434 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-db62c05acb7f0b0b:host:131.196.29.53	SESSION-db62c05acb7f0b0b → host:131.196.29.53
flow_observed4-aryOBS	e:fo:flow:12c80080048e	flow:12c80080048e → host:172.234.197.23 → host:177.10.236.63 → port:tcp:55007
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-280b0d78f93705fd:host:93.119.5.133	SESSION-280b0d78f93705fd → host:93.119.5.133
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-3b8a5f0932f0fd6d:SESSION-3b8a5f0932f0fd6d	SESSION-3b8a5f0932f0fd6d → pe:rst:SESSION-3b8a5f0932f0fd6d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa515f25c4c77655:SESSION-aa515f25c4c77655	SESSION-aa515f25c4c77655 → pe:syn:SESSION-aa515f25c4c77655
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de195b26c1af220a:host:172.234.197.23	SESSION-de195b26c1af220a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f42753b09b481d7e:SESSION-f42753b09b481d7e	SESSION-f42753b09b481d7e → pe:syn:SESSION-f42753b09b481d7e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b65436b870ef703a:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b65436b870ef703a → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d28501729ed200f7:host:131.196.30.160:host:172.234.197.23	SESSION-d28501729ed200f7 → host:131.196.30.160 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-977a7c6dd83aa424:host:177.10.239.192	SESSION-977a7c6dd83aa424 → host:177.10.239.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e6988ed77a3d110:host:172.234.197.23	SESSION-8e6988ed77a3d110 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-678637d3dc5962bf:host:177.10.232.178:host:172.234.197.23	SESSION-678637d3dc5962bf → host:177.10.232.178 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3b504551617ec2c:host:131.196.31.188	SESSION-c3b504551617ec2c → host:131.196.31.188
FLOW_FROM_HOSTOBS	e:from:SESSION-1d9ece39eb531c8b:host:177.10.237.19	SESSION-1d9ece39eb531c8b → host:177.10.237.19
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ee12e96d458a4e4:SESSION-1ee12e96d458a4e4	SESSION-1ee12e96d458a4e4 → pe:tls:SESSION-1ee12e96d458a4e4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-738a9f5daf478976:host:172.234.197.23	SESSION-738a9f5daf478976 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ce9bea4cad9ad3a3:host:51.224.135.22:host:172.234.197.23	SESSION-ce9bea4cad9ad3a3 → host:51.224.135.22 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.42:asn:271410	host:131.196.30.42 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31068e75a101287d:host:172.234.197.23	SESSION-31068e75a101287d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-500f03715884566d:SESSION-500f03715884566d	SESSION-500f03715884566d → pe:syn:SESSION-500f03715884566d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9e896271e9295df4:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-9e896271e9295df4 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:6386cb02ad5f:port:tcp:443	flow:6386cb02ad5f → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-3f9c5288639cc167:host:177.10.234.234	SESSION-3f9c5288639cc167 → host:177.10.234.234
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36abdcc0889b5aa2:host:177.10.237.220	SESSION-36abdcc0889b5aa2 → host:177.10.237.220
flow_observed5-aryOBS	e:fo:flow:72a55c97f7f1	flow:72a55c97f7f1 → host:131.196.29.73 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a6b762e1d0d174fb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a6b762e1d0d174fb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.11:geo_-16.28860_-49.01640	host:177.10.239.11 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-635c4a1226b6dd4e:host:131.196.28.130	SESSION-635c4a1226b6dd4e → host:131.196.28.130
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fd0e8f46f0bc660:host:177.10.234.210	SESSION-7fd0e8f46f0bc660 → host:177.10.234.210
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.30:geo_-23.62930_-46.63510	host:131.196.31.30 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-bcca913f927ee07e:host:172.234.197.23	SESSION-bcca913f927ee07e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a2e4fb28ad63a51c:host:177.10.236.10:host:172.234.197.23	SESSION-a2e4fb28ad63a51c → host:177.10.236.10 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-caa2e371708bdf2e:SESSION-caa2e371708bdf2e	SESSION-caa2e371708bdf2e → pe:syn:SESSION-caa2e371708bdf2e
FLOW_FROM_HOSTOBS	e:from:SESSION-01454c90925a3a4f:host:131.196.31.90	SESSION-01454c90925a3a4f → host:131.196.31.90
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6585a8f099e9e465:SESSION-6585a8f099e9e465	SESSION-6585a8f099e9e465 → pe:syn:SESSION-6585a8f099e9e465
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7f181002c59096f4:host:177.10.232.213:host:172.234.197.23	SESSION-7f181002c59096f4 → host:177.10.232.213 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-78704dd999ae95fc:SESSION-78704dd999ae95fc	SESSION-78704dd999ae95fc → pe:syn:SESSION-78704dd999ae95fc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c70bd35e108ab91c:SESSION-c70bd35e108ab91c	SESSION-c70bd35e108ab91c → pe:syn:SESSION-c70bd35e108ab91c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1fc518dfa07303a8:SESSION-1fc518dfa07303a8	SESSION-1fc518dfa07303a8 → pe:tls:SESSION-1fc518dfa07303a8
FLOW_FROM_HOSTOBS	e:from:SESSION-7b4a3756900fa00c:host:131.196.31.237	SESSION-7b4a3756900fa00c → host:131.196.31.237
FLOW_FROM_HOSTOBS	e:from:SESSION-f08e9fcec07329fb:host:177.10.236.8	SESSION-f08e9fcec07329fb → host:177.10.236.8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f1009c3ce0fc23df:host:177.10.239.126	SESSION-f1009c3ce0fc23df → host:177.10.239.126
FLOW_FROM_HOSTOBS	e:from:SESSION-587fbc18dc61ddb0:host:177.10.235.189	SESSION-587fbc18dc61ddb0 → host:177.10.235.189
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9de9d154fbb04a83:SESSION-9de9d154fbb04a83	SESSION-9de9d154fbb04a83 → pe:tls:SESSION-9de9d154fbb04a83
FLOW_FROM_HOSTOBS	e:from:SESSION-dd108cc47984c911:host:172.234.197.23	SESSION-dd108cc47984c911 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3cc71da406a2797a:flow:9e80400e49e1	SESSION-3cc71da406a2797a → flow:9e80400e49e1
FLOW_FROM_HOSTOBS	e:from:SESSION-dde31743640b587a:host:172.234.197.23	SESSION-dde31743640b587a → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.33:asn:271410	host:131.196.30.33 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-5f147f2227c6d965:host:131.196.30.255	SESSION-5f147f2227c6d965 → host:131.196.30.255
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9d9ed6ae798457b7:SESSION-9d9ed6ae798457b7	SESSION-9d9ed6ae798457b7 → pe:tls:SESSION-9d9ed6ae798457b7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-686bda995aabc86f:flow:bb2d5dd241a4	SESSION-686bda995aabc86f → flow:bb2d5dd241a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1c315b0bf7f59a30:SESSION-1c315b0bf7f59a30	SESSION-1c315b0bf7f59a30 → pe:tls:SESSION-1c315b0bf7f59a30
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b8d0e25502f89d2:PCAP:capture_20260427210001:f654efae4e3b	SESSION-7b8d0e25502f89d2 → PCAP:capture_20260427210001:f654efae4e3b
FLOW_FROM_HOSTOBS	e:from:SESSION-76cec71360f7a00a:host:172.234.197.23	SESSION-76cec71360f7a00a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-44424f48705b3a9d:flow:033017b17dce	SESSION-44424f48705b3a9d → flow:033017b17dce
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-47f7d0be3b0e89e2:SESSION-47f7d0be3b0e89e2	SESSION-47f7d0be3b0e89e2 → pe:tls:SESSION-47f7d0be3b0e89e2
flow_observed4-aryOBS	e:fo:flow:33bd4768ba4e	flow:33bd4768ba4e → host:172.234.197.23 → host:92.118.39.236 → port:tcp:55230
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33916bd4dadd0440:host:177.10.239.203	SESSION-33916bd4dadd0440 → host:177.10.239.203
FLOW_FROM_HOSTOBS	e:from:SESSION-bf1877ae18abdd85:host:131.196.31.57	SESSION-bf1877ae18abdd85 → host:131.196.31.57
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5a08fe68832616d:host:131.196.29.162	SESSION-f5a08fe68832616d → host:131.196.29.162
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-34efc230578c0ec6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-34efc230578c0ec6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-57096089299b193e:host:172.234.197.23	SESSION-57096089299b193e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51daf4959db84d02:host:172.234.197.23	SESSION-51daf4959db84d02 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da4440e5d8ead4fe:host:172.234.197.23	SESSION-da4440e5d8ead4fe → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fecc6fa34e31300b:host:172.234.197.23	SESSION-fecc6fa34e31300b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eec2a7691ff15afc:host:131.196.31.197	SESSION-eec2a7691ff15afc → host:131.196.31.197
FLOW_FROM_HOSTOBS	e:from:SESSION-61838f073a9a90b1:host:177.10.236.62	SESSION-61838f073a9a90b1 → host:177.10.236.62
flow_observed4-aryOBS	e:fo:flow:b67d627221f8	flow:b67d627221f8 → host:172.234.197.23 → host:131.196.28.7 → port:tcp:16327
flow_observed5-aryOBS	e:fo:flow:3791da589f61	flow:3791da589f61 → host:131.196.28.165 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3bc35cbabc9b015e:host:131.196.29.153:host:172.234.197.23	SESSION-3bc35cbabc9b015e → host:131.196.29.153 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2eec6fd9620a1613:host:131.196.31.104:host:172.234.197.23	SESSION-2eec6fd9620a1613 → host:131.196.31.104 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd0de62eb0560e2b:host:172.234.197.23	SESSION-bd0de62eb0560e2b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-befd285205c2bf8f:host:44.247.223.188:host:172.234.197.23	SESSION-befd285205c2bf8f → host:44.247.223.188 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b96d3d249635b605:host:45.173.156.70:host:172.234.197.23	SESSION-b96d3d249635b605 → host:45.173.156.70 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-314616832d67d639:PCAP:capture_20260430090001:065659c7d314	SESSION-314616832d67d639 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1e2a14af4b2a82fd:flow:1c8e149ce566	SESSION-1e2a14af4b2a82fd → flow:1c8e149ce566
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b1b714ce8916a149:SESSION-b1b714ce8916a149	SESSION-b1b714ce8916a149 → pe:syn:SESSION-b1b714ce8916a149
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3ea63b0a223461f6:SESSION-3ea63b0a223461f6	SESSION-3ea63b0a223461f6 → pe:syn:SESSION-3ea63b0a223461f6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.22:geo_-16.28860_-49.01640	host:177.10.232.22 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d0d83e3d3d1fc018:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d0d83e3d3d1fc018 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-d44d2d34cc029e97:host:131.196.30.152	SESSION-d44d2d34cc029e97 → host:131.196.30.152
FLOW_FROM_HOSTOBS	e:from:SESSION-99d609228b1b32ef:host:177.10.234.84	SESSION-99d609228b1b32ef → host:177.10.234.84
FLOW_FROM_HOSTOBS	e:from:SESSION-4c9278fb58fb6165:host:51.224.78.219	SESSION-4c9278fb58fb6165 → host:51.224.78.219
FLOW_FROM_HOSTOBS	e:from:SESSION-285399b7803aab9b:host:172.234.197.23	SESSION-285399b7803aab9b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2d8f5cec7e169b47:SESSION-2d8f5cec7e169b47	SESSION-2d8f5cec7e169b47 → pe:tls:SESSION-2d8f5cec7e169b47
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.15:geo_-16.28860_-49.01640	host:177.10.238.15 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b00e597f7260eb50:host:131.196.31.157:host:172.234.197.23	SESSION-b00e597f7260eb50 → host:131.196.31.157 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8df47c2606014223:host:131.196.31.196	SESSION-8df47c2606014223 → host:131.196.31.196
FLOW_FROM_HOSTOBS	e:from:SESSION-ca027ca401d4d122:host:177.10.232.181	SESSION-ca027ca401d4d122 → host:177.10.232.181
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85869808bb7240b3:flow:62e5c7a79f3a	SESSION-85869808bb7240b3 → flow:62e5c7a79f3a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e606b3df4d49b4d1:SESSION-e606b3df4d49b4d1	SESSION-e606b3df4d49b4d1 → pe:syn:SESSION-e606b3df4d49b4d1
FLOW_TO_HOSTOBS	e:to:SESSION-df1edf3c82c78294:host:172.234.197.23	SESSION-df1edf3c82c78294 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:93e9c37360c6	flow:93e9c37360c6 → host:172.234.197.23 → host:131.196.31.156 → port:tcp:38086
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f65d16e06243eafc:host:131.196.28.0:host:172.234.197.23	SESSION-f65d16e06243eafc → host:131.196.28.0 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:7ca8715707a6	flow:7ca8715707a6 → host:172.234.197.23 → host:177.10.233.246 → port:tcp:12197
FLOW_FROM_HOSTOBS	e:from:SESSION-a7b3f412ee893afd:host:172.234.197.23	SESSION-a7b3f412ee893afd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-144e16262f6e2a62:flow:89241512fcc4	SESSION-144e16262f6e2a62 → flow:89241512fcc4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-11142ad74b2052de:SESSION-11142ad74b2052de	SESSION-11142ad74b2052de → pe:tls:SESSION-11142ad74b2052de
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.57:asn:262880	host:177.10.238.57 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-783928d3af0eed6e:SESSION-783928d3af0eed6e	SESSION-783928d3af0eed6e → pe:syn:SESSION-783928d3af0eed6e
FLOW_FROM_HOSTOBS	e:from:SESSION-b4ed0c7009b8f0d4:host:177.10.238.226	SESSION-b4ed0c7009b8f0d4 → host:177.10.238.226
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24ee0ec1cbf12b9d:host:172.234.197.23	SESSION-24ee0ec1cbf12b9d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-10ba6936b0af1959:host:172.234.197.23	SESSION-10ba6936b0af1959 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9e13bed2218b0a9f:host:172.234.197.23	SESSION-9e13bed2218b0a9f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:75ea99f83171:port:tcp:443	flow:75ea99f83171 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d269b4a1c84321cd:host:177.10.238.145	SESSION-d269b4a1c84321cd → host:177.10.238.145
FLOW_TO_HOSTOBS	e:to:SESSION-4e4815ec5b053775:host:131.196.31.251	SESSION-4e4815ec5b053775 → host:131.196.31.251
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f580f0e619786fa7:host:177.10.239.86	SESSION-f580f0e619786fa7 → host:177.10.239.86
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-93446cf6bcbe5afe:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-93446cf6bcbe5afe → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-754d0cc424848140:SESSION-754d0cc424848140	SESSION-754d0cc424848140 → pe:syn:SESSION-754d0cc424848140
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9c4a3ef3072acfd2:SESSION-9c4a3ef3072acfd2	SESSION-9c4a3ef3072acfd2 → pe:tls:SESSION-9c4a3ef3072acfd2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8314ac7032421127:flow:d4a091344584	SESSION-8314ac7032421127 → flow:d4a091344584
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b35aac65e648dac0:host:172.234.197.23	SESSION-b35aac65e648dac0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c1abf974bb89:port:tcp:443	flow:c1abf974bb89 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d60c66268e099206:SESSION-d60c66268e099206	SESSION-d60c66268e099206 → pe:syn:SESSION-d60c66268e099206
FLOW_FROM_HOSTOBS	e:from:SESSION-4a3df3a26ac38d69:host:177.10.238.227	SESSION-4a3df3a26ac38d69 → host:177.10.238.227
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e488bd001486e0ee:host:177.10.237.147	SESSION-e488bd001486e0ee → host:177.10.237.147
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ba4bb01be574ad6:host:131.196.29.168	SESSION-4ba4bb01be574ad6 → host:131.196.29.168
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5fe8ac015ba2db65:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5fe8ac015ba2db65 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-07e54ca458e8eeab:flow:ee90f0835cbc	SESSION-07e54ca458e8eeab → flow:ee90f0835cbc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a437e2422713bf06:SESSION-a437e2422713bf06	SESSION-a437e2422713bf06 → pe:tls:SESSION-a437e2422713bf06
FLOW_FROM_HOSTOBS	e:from:SESSION-5cb36fee7e75b97b:host:104.28.202.79	SESSION-5cb36fee7e75b97b → host:104.28.202.79
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ea2f6118de4330ea:SESSION-ea2f6118de4330ea	SESSION-ea2f6118de4330ea → pe:tls:SESSION-ea2f6118de4330ea
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a27690ff20574d25:SESSION-a27690ff20574d25	SESSION-a27690ff20574d25 → pe:tls:SESSION-a27690ff20574d25
FLOW_TO_HOSTOBS	e:to:SESSION-e2f5f99625dcfae4:host:172.234.197.23	SESSION-e2f5f99625dcfae4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6b4f32c5c51558e8:SESSION-6b4f32c5c51558e8	SESSION-6b4f32c5c51558e8 → pe:tls:SESSION-6b4f32c5c51558e8
FLOW_FROM_HOSTOBS	e:from:SESSION-20a3b697d9e7cdf6:host:131.196.29.94	SESSION-20a3b697d9e7cdf6 → host:131.196.29.94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4bc49d07a666c670:SESSION-4bc49d07a666c670	SESSION-4bc49d07a666c670 → pe:syn:SESSION-4bc49d07a666c670
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1624b178b88eb54d:host:172.234.197.23	SESSION-1624b178b88eb54d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d1d74e40d653f073:host:91.240.224.238	SESSION-d1d74e40d653f073 → host:91.240.224.238
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b1ed5736d80d2991:flow:50b3af19b1ba	SESSION-b1ed5736d80d2991 → flow:50b3af19b1ba
FLOW_DST_PORTOBS	e:fp:flow:4f18ab34c3f5:port:tcp:6170	flow:4f18ab34c3f5 → port:tcp:6170
FLOW_FROM_HOSTOBS	e:from:SESSION-28af2e1f4e778075:host:177.10.234.232	SESSION-28af2e1f4e778075 → host:177.10.234.232
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-99de4fcd637901fc:SESSION-99de4fcd637901fc	SESSION-99de4fcd637901fc → pe:syn:SESSION-99de4fcd637901fc
flow_observed4-aryOBS	e:fo:flow:071f43f6adb4	flow:071f43f6adb4 → host:172.234.197.23 → host:131.196.29.238 → port:tcp:5220
FLOW_FROM_HOSTOBS	e:from:SESSION-2f278495c163e84d:host:172.234.197.23	SESSION-2f278495c163e84d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-d4a5a6c818be705f:SESSION-d4a5a6c818be705f	SESSION-d4a5a6c818be705f → pe:rst:SESSION-d4a5a6c818be705f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2dd1a49fa9f1084b:host:177.10.232.229:host:172.234.197.23	SESSION-2dd1a49fa9f1084b → host:177.10.232.229 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:eeb33d8aed7d	flow:eeb33d8aed7d → host:177.10.234.210 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1065c42d5133f02c:host:172.234.197.23	SESSION-1065c42d5133f02c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9e6c979070fb893e:SESSION-9e6c979070fb893e	SESSION-9e6c979070fb893e → pe:tls:SESSION-9e6c979070fb893e
FLOW_FROM_HOSTOBS	e:from:SESSION-9ea69d35daebb9b8:host:177.10.238.177	SESSION-9ea69d35daebb9b8 → host:177.10.238.177
FLOW_DST_PORTOBS	e:fp:flow:d0a6a80748b6:port:tcp:443	flow:d0a6a80748b6 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0ce4fb974af5131d:flow:28a2bdc6445d	SESSION-0ce4fb974af5131d → flow:28a2bdc6445d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5fc80192f398e14d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5fc80192f398e14d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4dc16adec194cf9c:host:172.234.197.23	SESSION-4dc16adec194cf9c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-baf6029a4a920bc4:host:177.10.238.90:host:172.234.197.23	SESSION-baf6029a4a920bc4 → host:177.10.238.90 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e09e8a3cbea3c18a:host:172.234.197.23	SESSION-e09e8a3cbea3c18a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be868fb861e0a1c8:flow:5f3a08ecc862	SESSION-be868fb861e0a1c8 → flow:5f3a08ecc862
FLOW_FROM_HOSTOBS	e:from:SESSION-2b68ed671c67acfd:host:177.10.234.179	SESSION-2b68ed671c67acfd → host:177.10.234.179
FLOW_FROM_HOSTOBS	e:from:SESSION-a2add8aa10ab84ed:host:103.155.16.117	SESSION-a2add8aa10ab84ed → host:103.155.16.117
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96639b4b4a33e422:host:172.234.197.23	SESSION-96639b4b4a33e422 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.183:asn:273470	host:45.173.156.183 → asn:273470
flow_observed4-aryOBS	e:fo:flow:be8b74ea4667	flow:be8b74ea4667 → host:172.234.197.23 → host:177.10.232.253 → port:tcp:12733
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e40cfbe40dbbe2d2:SESSION-e40cfbe40dbbe2d2	SESSION-e40cfbe40dbbe2d2 → pe:syn:SESSION-e40cfbe40dbbe2d2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-42d2a5353a30deb6:SESSION-42d2a5353a30deb6	SESSION-42d2a5353a30deb6 → pe:syn:SESSION-42d2a5353a30deb6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6459c4621d226611:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6459c4621d226611 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-78c74ad080075522:flow:568b0c6364ac	SESSION-78c74ad080075522 → flow:568b0c6364ac
flow_observed5-aryOBS	e:fo:flow:47ea6f78701e	flow:47ea6f78701e → host:177.10.239.197 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:795d0440d4c2:port:tcp:443	flow:795d0440d4c2 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3c8bfb1726ad64d7:SESSION-3c8bfb1726ad64d7	SESSION-3c8bfb1726ad64d7 → pe:syn:SESSION-3c8bfb1726ad64d7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a8eb3ecb5c5b32a8:host:172.234.197.23:host:177.10.234.72	SESSION-a8eb3ecb5c5b32a8 → host:172.234.197.23 → host:177.10.234.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4b7d412d830baf98:SESSION-4b7d412d830baf98	SESSION-4b7d412d830baf98 → pe:syn:SESSION-4b7d412d830baf98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-af1aec9a84a08d25:SESSION-af1aec9a84a08d25	SESSION-af1aec9a84a08d25 → pe:tls:SESSION-af1aec9a84a08d25
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-41eaa3dd80eab155:flow:ad1d860af0e2	SESSION-41eaa3dd80eab155 → flow:ad1d860af0e2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a55a830d22fea90d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a55a830d22fea90d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:f5149586093b:port:tcp:443	flow:f5149586093b → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:3bc938eaf0e8	flow:3bc938eaf0e8 → host:37.221.79.250 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9d9c8489868c7191:flow:1df7c7c9d3f6	SESSION-9d9c8489868c7191 → flow:1df7c7c9d3f6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-846d654fbba579ab:SESSION-846d654fbba579ab	SESSION-846d654fbba579ab → pe:tls:SESSION-846d654fbba579ab
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5e93d3fe416fcd95:SESSION-5e93d3fe416fcd95	SESSION-5e93d3fe416fcd95 → pe:tls:SESSION-5e93d3fe416fcd95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8f98b72d4ec65d75:SESSION-8f98b72d4ec65d75	SESSION-8f98b72d4ec65d75 → pe:syn:SESSION-8f98b72d4ec65d75
FLOW_TO_HOSTOBS	e:to:SESSION-abf4853d72eba17e:host:172.234.197.23	SESSION-abf4853d72eba17e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-314616832d67d639:SESSION-314616832d67d639	SESSION-314616832d67d639 → pe:tls:SESSION-314616832d67d639
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74a0cb408b3fb354:host:177.10.238.31	SESSION-74a0cb408b3fb354 → host:177.10.238.31
FLOW_DST_PORTOBS	e:fp:flow:b5984a3cb038:port:tcp:20281	flow:b5984a3cb038 → port:tcp:20281
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9e8a9e43c374485d:PCAP:capture_20260430110001:43611bdf6759	SESSION-9e8a9e43c374485d → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d8b9309f53afd487:SESSION-d8b9309f53afd487	SESSION-d8b9309f53afd487 → pe:syn:SESSION-d8b9309f53afd487
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-34b42a1bd1f93900:SESSION-34b42a1bd1f93900	SESSION-34b42a1bd1f93900 → pe:syn:SESSION-34b42a1bd1f93900
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-164cf6eccbbca478:host:172.234.197.23	SESSION-164cf6eccbbca478 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6d027087dbd516e:host:172.234.197.23	SESSION-b6d027087dbd516e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5a6e84a9f98e2c60:host:177.10.237.247:host:172.234.197.23	SESSION-5a6e84a9f98e2c60 → host:177.10.237.247 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7034e2e8b8e3	flow:7034e2e8b8e3 → host:177.10.234.62 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65f6be25ebaee411:host:131.196.30.145	SESSION-65f6be25ebaee411 → host:131.196.30.145
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-86951cb3218963fd:PCAP:capture_20260430110001:43611bdf6759	SESSION-86951cb3218963fd → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5e717c742e2e64ea:SESSION-5e717c742e2e64ea	SESSION-5e717c742e2e64ea → pe:syn:SESSION-5e717c742e2e64ea
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2d8f5cec7e169b47:flow:e03a3f55eb94	SESSION-2d8f5cec7e169b47 → flow:e03a3f55eb94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a074f157090defb0:SESSION-a074f157090defb0	SESSION-a074f157090defb0 → pe:tls:SESSION-a074f157090defb0
flow_observed4-aryOBS	e:fo:flow:2ed2b58f6d06	flow:2ed2b58f6d06 → host:172.234.197.23 → host:131.196.30.253 → port:tcp:63241
flow_observed5-aryOBS	e:fo:flow:055b0031659d	flow:055b0031659d → host:131.196.28.185 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-b68b7374dcfd0024:host:177.10.233.246	SESSION-b68b7374dcfd0024 → host:177.10.233.246
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f2c14118785728f:host:172.234.197.23	SESSION-9f2c14118785728f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ee2f1f025d37aa07:host:177.10.238.97	SESSION-ee2f1f025d37aa07 → host:177.10.238.97
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4fd5cc70e8cf2108:PCAP:capture_20260430090001:065659c7d314	SESSION-4fd5cc70e8cf2108 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-02cad694702cb9f1:host:177.10.235.25	SESSION-02cad694702cb9f1 → host:177.10.235.25
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-964acfd97ca38755:SESSION-964acfd97ca38755	SESSION-964acfd97ca38755 → pe:syn:SESSION-964acfd97ca38755
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.108:asn:262880	host:177.10.237.108 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-2dbb52de45813c9a:host:131.196.28.234	SESSION-2dbb52de45813c9a → host:131.196.28.234
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9e2a4babdc2dc965:PCAP:capture_20260428010001:b1b402c7b202	SESSION-9e2a4babdc2dc965 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_DST_PORTOBS	e:fp:flow:34f10ddde6b1:port:tcp:443	flow:34f10ddde6b1 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-eead3829bc62f23e:host:177.10.236.242	SESSION-eead3829bc62f23e → host:177.10.236.242
flow_observed4-aryOBS	e:fo:flow:fb5f5db80365	flow:fb5f5db80365 → host:172.234.197.23 → host:177.10.232.34 → port:tcp:22333
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-605acf1f49534e97:host:177.10.233.231:host:172.234.197.23	SESSION-605acf1f49534e97 → host:177.10.233.231 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.64:asn:262880	host:177.10.239.64 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aae42b7cc2993272:SESSION-aae42b7cc2993272	SESSION-aae42b7cc2993272 → pe:syn:SESSION-aae42b7cc2993272
FLOW_FROM_HOSTOBS	e:from:SESSION-542567c32b647819:host:131.196.29.129	SESSION-542567c32b647819 → host:131.196.29.129
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-befc987f4c77d80c:flow:c0d86d181231	SESSION-befc987f4c77d80c → flow:c0d86d181231
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1fc518dfa07303a8:host:45.173.156.219:host:172.234.197.23	SESSION-1fc518dfa07303a8 → host:45.173.156.219 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ea0e53107fcd	flow:ea0e53107fcd → host:131.196.31.197 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9e540dbaefa45433:flow:62a872cfe84a	SESSION-9e540dbaefa45433 → flow:62a872cfe84a
FLOW_TO_HOSTOBS	e:to:SESSION-421b35b56ec8b984:host:172.234.197.23	SESSION-421b35b56ec8b984 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30c6bfe2ed3a5bca:host:172.234.197.23	SESSION-30c6bfe2ed3a5bca → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47fbdf6c3cd24fcc:host:172.234.197.23	SESSION-47fbdf6c3cd24fcc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48de9f7b9a5a464c:host:177.10.234.210	SESSION-48de9f7b9a5a464c → host:177.10.234.210
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f580776b9a7f0d25:SESSION-f580776b9a7f0d25	SESSION-f580776b9a7f0d25 → pe:tls:SESSION-f580776b9a7f0d25
FLOW_FROM_HOSTOBS	e:from:SESSION-fef5e1438bdea640:host:172.234.197.23	SESSION-fef5e1438bdea640 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ac0f4c4f1d3b1c15:host:177.10.238.48:host:172.234.197.23	SESSION-ac0f4c4f1d3b1c15 → host:177.10.238.48 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-33fdac1ad6f47ac8:host:177.10.232.130	SESSION-33fdac1ad6f47ac8 → host:177.10.232.130
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.56:geo_-23.62930_-46.63510	host:131.196.31.56 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:dff89fe81332:port:tcp:19046	flow:dff89fe81332 → port:tcp:19046
FLOW_TO_HOSTOBS	e:to:SESSION-73c4b3cbea42a394:host:172.234.197.23	SESSION-73c4b3cbea42a394 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ecf1376a54312e6:host:172.234.197.23	SESSION-4ecf1376a54312e6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f79e79f663ba44d9:host:131.196.30.20	SESSION-f79e79f663ba44d9 → host:131.196.30.20
FLOW_FROM_HOSTOBS	e:from:SESSION-cc57a46aa64b7388:host:177.10.237.53	SESSION-cc57a46aa64b7388 → host:177.10.237.53
FLOW_TO_HOSTOBS	e:to:SESSION-fab752fe97090e4a:host:172.234.197.23	SESSION-fab752fe97090e4a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-317129b18cf7eb6c:PCAP:capture_20260430150001:ded20914761d	SESSION-317129b18cf7eb6c → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e4de8bcb2f0334a:SESSION-4e4de8bcb2f0334a	SESSION-4e4de8bcb2f0334a → pe:tls:SESSION-4e4de8bcb2f0334a
FLOW_FROM_HOSTOBS	e:from:SESSION-5d5e50cd91d4ac54:host:131.196.28.113	SESSION-5d5e50cd91d4ac54 → host:131.196.28.113
FLOW_TO_HOSTOBS	e:to:SESSION-69d41e5348c00130:host:172.234.197.23	SESSION-69d41e5348c00130 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e094b52f54dff79:SESSION-4e094b52f54dff79	SESSION-4e094b52f54dff79 → pe:tls:SESSION-4e094b52f54dff79
FLOW_TO_HOSTOBS	e:to:SESSION-b5498d903f3b2d41:host:172.234.197.23	SESSION-b5498d903f3b2d41 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5fb6fe079446275d:SESSION-5fb6fe079446275d	SESSION-5fb6fe079446275d → pe:tls:SESSION-5fb6fe079446275d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.184:geo_-16.28860_-49.01640	host:177.10.234.184 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:107f0fd4b6e6	flow:107f0fd4b6e6 → host:172.234.197.23 → host:177.10.239.139 → port:tcp:42627
FLOW_DST_PORTOBS	e:fp:flow:2b22278734db:port:tcp:443	flow:2b22278734db → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e331ebe372f514c8:PCAP:capture_20260430080001:93f47cc296a4	SESSION-e331ebe372f514c8 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c274d9ac0119175:host:172.234.197.23	SESSION-7c274d9ac0119175 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:aba14d52f442:port:tcp:10939	flow:aba14d52f442 → port:tcp:10939
FLOW_TO_HOSTOBS	e:to:SESSION-12879c55e793c987:host:172.234.197.23	SESSION-12879c55e793c987 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-71d059e3750765d4:flow:57553c5c5f75	SESSION-71d059e3750765d4 → flow:57553c5c5f75
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b97d7b281ae973a8:SESSION-b97d7b281ae973a8	SESSION-b97d7b281ae973a8 → pe:syn:SESSION-b97d7b281ae973a8
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.135:asn:271410	host:131.196.30.135 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4bc305941088d24:host:172.234.197.23	SESSION-d4bc305941088d24 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1a09dd97dc23cca0:host:177.10.235.70	SESSION-1a09dd97dc23cca0 → host:177.10.235.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-11e7a161068ba48e:SESSION-11e7a161068ba48e	SESSION-11e7a161068ba48e → pe:syn:SESSION-11e7a161068ba48e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66c6d225095e379c:host:172.234.197.23	SESSION-66c6d225095e379c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-01fb4d6a9472c8c7:host:172.234.197.23	SESSION-01fb4d6a9472c8c7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4fd5cc70e8cf2108:host:172.234.197.23	SESSION-4fd5cc70e8cf2108 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9a7f0a64436ce2ca:SESSION-9a7f0a64436ce2ca	SESSION-9a7f0a64436ce2ca → pe:syn:SESSION-9a7f0a64436ce2ca
FLOW_DST_PORTOBS	e:fp:flow:d03f88ab246d:port:tcp:27758	flow:d03f88ab246d → port:tcp:27758
FLOW_FROM_HOSTOBS	e:from:SESSION-21cd302cb5783965:host:172.234.197.23	SESSION-21cd302cb5783965 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84d24c52e1f02eee:host:177.10.234.21	SESSION-84d24c52e1f02eee → host:177.10.234.21
FLOW_TO_HOSTOBS	e:to:SESSION-99e2981b3b5fa520:host:172.234.197.23	SESSION-99e2981b3b5fa520 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db5998ef2bd3405b:host:51.21.249.220	SESSION-db5998ef2bd3405b → host:51.21.249.220
FLOW_TO_HOSTOBS	e:to:SESSION-2ae53b938ea3675b:host:172.234.197.23	SESSION-2ae53b938ea3675b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-848453a25431759d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-848453a25431759d → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dc82e917a0ac0289:flow:910913aa1637	SESSION-dc82e917a0ac0289 → flow:910913aa1637
flow_observed5-aryOBS	e:fo:flow:08cad5f12b06	flow:08cad5f12b06 → host:131.196.30.228 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-72e57a99703d053d:SESSION-72e57a99703d053d	SESSION-72e57a99703d053d → pe:syn:SESSION-72e57a99703d053d
FLOW_FROM_HOSTOBS	e:from:SESSION-304db5c18798dbb4:host:172.234.197.23	SESSION-304db5c18798dbb4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ca59997a1fd2235:host:45.173.156.148	SESSION-2ca59997a1fd2235 → host:45.173.156.148
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c89e102c8b8b6c97:SESSION-c89e102c8b8b6c97	SESSION-c89e102c8b8b6c97 → pe:tls:SESSION-c89e102c8b8b6c97
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cd13e266b02b3087:flow:3d794649c2ef	SESSION-cd13e266b02b3087 → flow:3d794649c2ef
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a03207ab88db82b5:host:45.173.156.3:host:172.234.197.23	SESSION-a03207ab88db82b5 → host:45.173.156.3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0f8a559c2faf4a64:SESSION-0f8a559c2faf4a64	SESSION-0f8a559c2faf4a64 → pe:syn:SESSION-0f8a559c2faf4a64
FLOW_TO_HOSTOBS	e:to:SESSION-cc41b76983738bc7:host:172.234.197.23	SESSION-cc41b76983738bc7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1d975c41b16afdd4:SESSION-1d975c41b16afdd4	SESSION-1d975c41b16afdd4 → pe:syn:SESSION-1d975c41b16afdd4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.5:geo_-16.28860_-49.01640	host:177.10.234.5 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e42d909a57b4903:host:172.234.197.23	SESSION-0e42d909a57b4903 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57e647fa0cdcfe5a:host:172.234.197.23	SESSION-57e647fa0cdcfe5a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c859dd67755d:port:tcp:56635	flow:c859dd67755d → port:tcp:56635
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ae37c351bfd95cd:flow:7121cc7b6361	SESSION-6ae37c351bfd95cd → flow:7121cc7b6361
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4b6b757282734812:host:131.196.29.54:host:172.234.197.23	SESSION-4b6b757282734812 → host:131.196.29.54 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4879ced74a20729f:PCAP:capture_20260430070001:903a0e7a436b	SESSION-4879ced74a20729f → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-8de302c0e306721c:host:177.10.239.102	SESSION-8de302c0e306721c → host:177.10.239.102
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d585afab4eb6ac7e:SESSION-d585afab4eb6ac7e	SESSION-d585afab4eb6ac7e → pe:tls:SESSION-d585afab4eb6ac7e
FLOW_FROM_HOSTOBS	e:from:SESSION-f57ffeba62df89fa:host:131.196.28.10	SESSION-f57ffeba62df89fa → host:131.196.28.10
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c5d6e49e2849c20f:SESSION-c5d6e49e2849c20f	SESSION-c5d6e49e2849c20f → pe:syn:SESSION-c5d6e49e2849c20f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-21ae4bade70b1440:SESSION-21ae4bade70b1440	SESSION-21ae4bade70b1440 → pe:tls:SESSION-21ae4bade70b1440
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23aaa31711ea4954:host:172.234.197.23	SESSION-23aaa31711ea4954 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-72a654eac2136215:SESSION-72a654eac2136215	SESSION-72a654eac2136215 → pe:syn:SESSION-72a654eac2136215
FLOW_FROM_HOSTOBS	e:from:SESSION-040c9c1730fd990c:host:131.196.31.227	SESSION-040c9c1730fd990c → host:131.196.31.227
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a20ec48656879fce:flow:4709033d4574	SESSION-a20ec48656879fce → flow:4709033d4574
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-22873a115734b4a8:PCAP:capture_20260430070001:903a0e7a436b	SESSION-22873a115734b4a8 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-67b1c0091ebc1322:flow:7445acff57dc	SESSION-67b1c0091ebc1322 → flow:7445acff57dc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-19e0bdfc1305c6ba:SESSION-19e0bdfc1305c6ba	SESSION-19e0bdfc1305c6ba → pe:syn:SESSION-19e0bdfc1305c6ba
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.233:geo_-21.10010_-41.69200	host:45.173.156.233 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-6cbb8d1d16f40477:host:131.196.30.126	SESSION-6cbb8d1d16f40477 → host:131.196.30.126
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b420826720a06333:host:177.10.233.185	SESSION-b420826720a06333 → host:177.10.233.185
FLOW_DST_PORTOBS	e:fp:flow:8bd8f63c48f5:port:tcp:443	flow:8bd8f63c48f5 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.139:geo_-23.62930_-46.63510	host:131.196.28.139 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b2e6696cab81646:host:172.234.197.23	SESSION-5b2e6696cab81646 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9886228ef28af254:host:172.234.197.23	SESSION-9886228ef28af254 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.198:geo_-23.62930_-46.63510	host:131.196.29.198 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.59:asn:262880	host:177.10.235.59 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d11cc9a154a777c:host:172.234.197.23	SESSION-8d11cc9a154a777c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-44aa905e757bc471:flow:7ebd7ee7274f	SESSION-44aa905e757bc471 → flow:7ebd7ee7274f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fb420f75ffa7d0f:host:131.196.30.81	SESSION-7fb420f75ffa7d0f → host:131.196.30.81
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3f953402fa48addf:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-3f953402fa48addf → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6dadefe349dd79f6:flow:494513d358c8	SESSION-6dadefe349dd79f6 → flow:494513d358c8
FLOW_DST_PORTOBS	e:fp:flow:53d37a6eb3a2:port:tcp:443	flow:53d37a6eb3a2 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-647d0fec9adf08f1:host:103.97.91.27:host:172.234.197.23	SESSION-647d0fec9adf08f1 → host:103.97.91.27 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62337f4a23aa4d2d:host:177.10.237.62	SESSION-62337f4a23aa4d2d → host:177.10.237.62
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.193:geo_-16.28860_-49.01640	host:177.10.238.193 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.212:asn:262880	host:177.10.232.212 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a148e202465c0b29:SESSION-a148e202465c0b29	SESSION-a148e202465c0b29 → pe:syn:SESSION-a148e202465c0b29
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-99af0da0e550d67b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-99af0da0e550d67b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-60dcadff088f62ae:SESSION-60dcadff088f62ae	SESSION-60dcadff088f62ae → pe:syn:SESSION-60dcadff088f62ae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a4506f2fb402b7f:SESSION-0a4506f2fb402b7f	SESSION-0a4506f2fb402b7f → pe:tls:SESSION-0a4506f2fb402b7f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-140cb8b81d438202:SESSION-140cb8b81d438202	SESSION-140cb8b81d438202 → pe:syn:SESSION-140cb8b81d438202
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2eaffc60d664a8c9:flow:3377862fd32b	SESSION-2eaffc60d664a8c9 → flow:3377862fd32b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-33fdac1ad6f47ac8:flow:dcf514f92a72	SESSION-33fdac1ad6f47ac8 → flow:dcf514f92a72
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e074c277760af7b:host:172.234.197.23	SESSION-4e074c277760af7b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ff9ef052366910da:PCAP:capture_20260430090001:065659c7d314	SESSION-ff9ef052366910da → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.236:asn:271410	host:131.196.30.236 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-2e615d118f3247e2:host:172.234.197.23	SESSION-2e615d118f3247e2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-59417938792198bf:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-59417938792198bf → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:8e49cbd73b6d:port:tcp:443	flow:8e49cbd73b6d → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5644212eea272a87:PCAP:capture_20260428020001:ce87acd1c162	SESSION-5644212eea272a87 → PCAP:capture_20260428020001:ce87acd1c162
flow_observed5-aryOBS	e:fo:flow:5341bdb715fd	flow:5341bdb715fd → host:131.196.29.139 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-391d28a36308a996:PCAP:capture_20260430060001:919b39a74464	SESSION-391d28a36308a996 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b32f5a9266c1045d:host:177.10.238.238	SESSION-b32f5a9266c1045d → host:177.10.238.238
FLOW_TO_HOSTOBS	e:to:SESSION-9bd60248a4061d8d:host:172.234.197.23	SESSION-9bd60248a4061d8d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:156.59.198.136:geo_22.28420_114.17590	host:156.59.198.136 → geo_22.28420_114.17590
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9485d3e307f01514:host:131.196.30.214	SESSION-9485d3e307f01514 → host:131.196.30.214
FLOW_FROM_HOSTOBS	e:from:SESSION-424fe4b4ecc22e45:host:131.196.31.122	SESSION-424fe4b4ecc22e45 → host:131.196.31.122
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-11da84003d7810c4:flow:17231e591100	SESSION-11da84003d7810c4 → flow:17231e591100
FLOW_DST_PORTOBS	e:fp:flow:a305d6c00ad8:port:tcp:80	flow:a305d6c00ad8 → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24ee0ec1cbf12b9d:host:185.231.226.205	SESSION-24ee0ec1cbf12b9d → host:185.231.226.205
FLOW_DST_PORTOBS	e:fp:flow:6ecadfe6c5ec:port:tcp:443	flow:6ecadfe6c5ec → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-37c1a586e90e7a3b:SESSION-37c1a586e90e7a3b	SESSION-37c1a586e90e7a3b → pe:syn:SESSION-37c1a586e90e7a3b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8cb528496ded9d11:PCAP:capture_20260430060001:919b39a74464	SESSION-8cb528496ded9d11 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7dc8a86be27d0230:host:177.10.234.210:host:172.234.197.23	SESSION-7dc8a86be27d0230 → host:177.10.234.210 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.11:geo_-23.62930_-46.63510	host:131.196.30.11 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f8c973292e4e10a2:SESSION-f8c973292e4e10a2	SESSION-f8c973292e4e10a2 → pe:syn:SESSION-f8c973292e4e10a2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-20b9f3feffcc2290:SESSION-20b9f3feffcc2290	SESSION-20b9f3feffcc2290 → pe:syn:SESSION-20b9f3feffcc2290
FLOW_DST_PORTOBS	e:fp:flow:71ecf670b095:port:tcp:443	flow:71ecf670b095 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-53ca21169d5f7469:host:177.10.234.213	SESSION-53ca21169d5f7469 → host:177.10.234.213
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-107eaa9172a242e7:host:177.10.234.192	SESSION-107eaa9172a242e7 → host:177.10.234.192
FLOW_DST_PORTOBS	e:fp:flow:6336053cfda8:port:tcp:443	flow:6336053cfda8 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:b9e2dc825daf:port:tcp:443	flow:b9e2dc825daf → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:9796cc5458b7:port:tcp:80	flow:9796cc5458b7 → port:tcp:80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1f44963c65f506a9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1f44963c65f506a9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-1acc74ca4adb622d:host:45.173.156.85	SESSION-1acc74ca4adb622d → host:45.173.156.85
FLOW_FROM_HOSTOBS	e:from:SESSION-501c474d8a937a90:host:172.234.197.23	SESSION-501c474d8a937a90 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1110d6d36f6ebd42:host:172.234.197.23	SESSION-1110d6d36f6ebd42 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a015ddbfdf91f569:host:177.10.236.155:host:172.234.197.23	SESSION-a015ddbfdf91f569 → host:177.10.236.155 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-85f6b1896204af93:host:177.10.238.122	SESSION-85f6b1896204af93 → host:177.10.238.122
FLOW_FROM_HOSTOBS	e:from:SESSION-6aca8ef237a42da9:host:131.196.30.233	SESSION-6aca8ef237a42da9 → host:131.196.30.233
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-003677474853cb22:flow:ba936f422e0d	SESSION-003677474853cb22 → flow:ba936f422e0d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c421ecd159f7b93a:SESSION-c421ecd159f7b93a	SESSION-c421ecd159f7b93a → pe:tls:SESSION-c421ecd159f7b93a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-825be4419cbefff8:host:177.10.239.81	SESSION-825be4419cbefff8 → host:177.10.239.81
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-131cbd262c833b9b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-131cbd262c833b9b → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8f12ada0f88f122:host:199.16.157.181	SESSION-b8f12ada0f88f122 → host:199.16.157.181
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eb7b7dca9012c682:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-eb7b7dca9012c682 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2def334ee7bae1e1:host:177.10.236.96:host:172.234.197.23	SESSION-2def334ee7bae1e1 → host:177.10.236.96 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-69a0e56e6767912e:flow:e9fe580d9619	SESSION-69a0e56e6767912e → flow:e9fe580d9619
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9d4e1b0711d4507:host:131.196.29.192	SESSION-c9d4e1b0711d4507 → host:131.196.29.192
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e905599dc3c27c65:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e905599dc3c27c65 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-810f814d66b016e7:SESSION-810f814d66b016e7	SESSION-810f814d66b016e7 → pe:syn:SESSION-810f814d66b016e7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a01362ca7d087a96:host:172.234.197.23	SESSION-a01362ca7d087a96 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5133340de07cf838:flow:a5e08dfdbc67	SESSION-5133340de07cf838 → flow:a5e08dfdbc67
FLOW_FROM_HOSTOBS	e:from:SESSION-c3bfd44b04badb9b:host:177.10.237.66	SESSION-c3bfd44b04badb9b → host:177.10.237.66
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06a6b67473c48ddd:host:172.234.197.23	SESSION-06a6b67473c48ddd → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9f597f69b0915b82:host:172.234.197.23	SESSION-9f597f69b0915b82 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0b3c5797223848b:SESSION-c0b3c5797223848b	SESSION-c0b3c5797223848b → pe:tls:SESSION-c0b3c5797223848b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-102bebe502918f62:SESSION-102bebe502918f62	SESSION-102bebe502918f62 → pe:syn:SESSION-102bebe502918f62
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-9a236c6c04af1f19:BSG-DATA_EXFIL-58d151b66f77	SESSION-9a236c6c04af1f19 → BSG-DATA_EXFIL-58d151b66f77
flow_observed5-aryOBS	e:fo:flow:88ea342ab17d	flow:88ea342ab17d → host:177.10.236.72 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.249:asn:262880	host:177.10.235.249 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-c652a29a62d722ea:host:172.234.197.23	SESSION-c652a29a62d722ea → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1a8968fd2a11ede8:PCAP:capture_20260430050001:8868731bf8a4	SESSION-1a8968fd2a11ede8 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-56476ce9df92fd09:SESSION-56476ce9df92fd09	SESSION-56476ce9df92fd09 → pe:syn:SESSION-56476ce9df92fd09
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-112ed66aeea7c1e0:PCAP:capture_20260430110001:43611bdf6759	SESSION-112ed66aeea7c1e0 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fef93e1a24936adf:host:131.196.28.134:host:172.234.197.23	SESSION-fef93e1a24936adf → host:131.196.28.134 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9501d29cea91bd7b:flow:589c2fec1820	SESSION-9501d29cea91bd7b → flow:589c2fec1820
flow_observed5-aryOBS	e:fo:flow:e3e2cf6c78e9	flow:e3e2cf6c78e9 → host:131.196.30.83 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-337cf74c19f2631e:flow:5923d50f575e	SESSION-337cf74c19f2631e → flow:5923d50f575e
FLOW_DST_PORTOBS	e:fp:flow:cd8eb2888715:port:tcp:443	flow:cd8eb2888715 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bedf3bb9bf60dde0:SESSION-bedf3bb9bf60dde0	SESSION-bedf3bb9bf60dde0 → pe:syn:SESSION-bedf3bb9bf60dde0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-025a43ae01804438:host:177.10.237.96	SESSION-025a43ae01804438 → host:177.10.237.96
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5ae6e0246d28b44:host:177.10.234.176	SESSION-d5ae6e0246d28b44 → host:177.10.234.176
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9ab65b5d8a01cf3d:flow:88d7422db9bf	SESSION-9ab65b5d8a01cf3d → flow:88d7422db9bf
FLOW_FROM_HOSTOBS	e:from:SESSION-abff9bfe6a29f0b5:host:172.234.197.23	SESSION-abff9bfe6a29f0b5 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.231:asn:262880	host:177.10.235.231 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fe8408bb8c62f3c7:host:177.10.236.235:host:172.234.197.23	SESSION-fe8408bb8c62f3c7 → host:177.10.236.235 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a4b0ee19d173:port:tcp:52419	flow:a4b0ee19d173 → port:tcp:52419
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.39:geo_-23.62930_-46.63510	host:131.196.30.39 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ce53b2931ed237cb:flow:5cbd1147ed0a	SESSION-ce53b2931ed237cb → flow:5cbd1147ed0a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-793a524af1982647:host:3.102.169.199:host:172.234.197.23	SESSION-793a524af1982647 → host:3.102.169.199 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0844998e370f9b20:host:172.234.197.23	SESSION-0844998e370f9b20 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4ddbe5eae3d3:port:tcp:443	flow:4ddbe5eae3d3 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:609b96815b71	flow:609b96815b71 → host:177.10.239.71 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:a87fcf5ff316	flow:a87fcf5ff316 → host:177.10.239.170 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad468f8fa72444f5:host:172.234.197.23	SESSION-ad468f8fa72444f5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1da9f85a5b3be49b:SESSION-1da9f85a5b3be49b	SESSION-1da9f85a5b3be49b → pe:tls:SESSION-1da9f85a5b3be49b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e96c97861c631394:host:172.234.197.23	SESSION-e96c97861c631394 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c7091281d7e2abc:host:172.234.197.23	SESSION-2c7091281d7e2abc → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a4af85982524	flow:a4af85982524 → host:172.234.197.23 → host:131.196.30.128 → port:tcp:2095
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1f991b6c62555b6c:flow:da97833aae7b	SESSION-1f991b6c62555b6c → flow:da97833aae7b
FLOW_FROM_HOSTOBS	e:from:SESSION-9a5aae11508cfd60:host:131.196.29.225	SESSION-9a5aae11508cfd60 → host:131.196.29.225
FLOW_FROM_HOSTOBS	e:from:SESSION-befd285205c2bf8f:host:44.247.223.188	SESSION-befd285205c2bf8f → host:44.247.223.188
FLOW_DST_PORTOBS	e:fp:flow:af7a09bb9bc0:port:tcp:443	flow:af7a09bb9bc0 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:72cbbda16d03	flow:72cbbda16d03 → host:177.10.237.81 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-5b01750df014e0bb:host:172.234.197.23	SESSION-5b01750df014e0bb → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5fda13ddd80d:port:tcp:443	flow:5fda13ddd80d → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.159:geo_-21.10010_-41.69200	host:45.173.156.159 → geo_-21.10010_-41.69200
flow_observed5-aryOBS	e:fo:flow:089584818b89	flow:089584818b89 → host:131.196.30.245 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:264b0ddf9e69:port:tcp:42118	flow:264b0ddf9e69 → port:tcp:42118
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24f08652bbd6b16b:host:57.128.95.174	SESSION-24f08652bbd6b16b → host:57.128.95.174
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-42d2a5353a30deb6:SESSION-42d2a5353a30deb6	SESSION-42d2a5353a30deb6 → pe:tls:SESSION-42d2a5353a30deb6
FLOW_TO_HOSTOBS	e:to:SESSION-038099de878067a0:host:172.234.197.23	SESSION-038099de878067a0 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2875d034c942a134:flow:71dc89848ccc	SESSION-2875d034c942a134 → flow:71dc89848ccc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bcca913f927ee07e:host:172.3.50.214:host:172.234.197.23	SESSION-bcca913f927ee07e → host:172.3.50.214 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f3b2b5737f36d7ec:SESSION-f3b2b5737f36d7ec	SESSION-f3b2b5737f36d7ec → pe:syn:SESSION-f3b2b5737f36d7ec
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1f8267b24b78f93:host:172.234.197.23	SESSION-b1f8267b24b78f93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5f8419335024f52:host:49.12.170.238	SESSION-c5f8419335024f52 → host:49.12.170.238
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3676532bb2f3ac59:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3676532bb2f3ac59 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-cdcb5008ac7e3b15:host:177.10.237.183	SESSION-cdcb5008ac7e3b15 → host:177.10.237.183
FLOW_FROM_HOSTOBS	e:from:SESSION-7b308d2f7d4fdfaa:host:177.10.237.190	SESSION-7b308d2f7d4fdfaa → host:177.10.237.190
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5bba4e0174a1f95d:SESSION-5bba4e0174a1f95d	SESSION-5bba4e0174a1f95d → pe:syn:SESSION-5bba4e0174a1f95d
flow_observed5-aryOBS	e:fo:flow:cc4fbcad423d	flow:cc4fbcad423d → host:131.196.29.248 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-47d7544842406eea:SESSION-47d7544842406eea	SESSION-47d7544842406eea → pe:syn:SESSION-47d7544842406eea
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab75a0984f628f7a:host:131.196.30.31	SESSION-ab75a0984f628f7a → host:131.196.30.31
FLOW_DST_PORTOBS	e:fp:flow:2109a657de5e:port:tcp:51241	flow:2109a657de5e → port:tcp:51241
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eec2a7691ff15afc:SESSION-eec2a7691ff15afc	SESSION-eec2a7691ff15afc → pe:tls:SESSION-eec2a7691ff15afc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-314616832d67d639:host:177.10.235.64	SESSION-314616832d67d639 → host:177.10.235.64
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.44:asn:271410	host:131.196.30.44 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-578d76d32a2c1b81:host:45.173.156.11	SESSION-578d76d32a2c1b81 → host:45.173.156.11
FLOW_DST_PORTOBS	e:fp:flow:b8efb0a2d1e0:port:tcp:443	flow:b8efb0a2d1e0 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0125cea84e0c02fd:host:172.234.197.23	SESSION-0125cea84e0c02fd → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4b45b8ab033c:port:tcp:443	flow:4b45b8ab033c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1362b7f51908925c:SESSION-1362b7f51908925c	SESSION-1362b7f51908925c → pe:syn:SESSION-1362b7f51908925c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-94eb707cf5b0b4ef:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-94eb707cf5b0b4ef → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.180:asn:262880	host:177.10.234.180 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f78775658cb84616:flow:3a3b86705699	SESSION-f78775658cb84616 → flow:3a3b86705699
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6455927ff3f8f851:SESSION-6455927ff3f8f851	SESSION-6455927ff3f8f851 → pe:tls:SESSION-6455927ff3f8f851
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bc308b17bca42662:SESSION-bc308b17bca42662	SESSION-bc308b17bca42662 → pe:syn:SESSION-bc308b17bca42662
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c874ff4a201372ef:SESSION-c874ff4a201372ef	SESSION-c874ff4a201372ef → pe:syn:SESSION-c874ff4a201372ef
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0b0b2d167e93bb2e:SESSION-0b0b2d167e93bb2e	SESSION-0b0b2d167e93bb2e → pe:syn:SESSION-0b0b2d167e93bb2e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b00e597f7260eb50:flow:d71da652648f	SESSION-b00e597f7260eb50 → flow:d71da652648f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5a9915da62b53f74:SESSION-5a9915da62b53f74	SESSION-5a9915da62b53f74 → pe:tls:SESSION-5a9915da62b53f74
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.153:geo_-16.28860_-49.01640	host:177.10.237.153 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-d8432ee5dd236020:host:51.75.171.21	SESSION-d8432ee5dd236020 → host:51.75.171.21
FLOW_FROM_HOSTOBS	e:from:SESSION-bac5dc0e18d2349f:host:49.12.170.238	SESSION-bac5dc0e18d2349f → host:49.12.170.238
FLOW_TO_HOSTOBS	e:to:SESSION-c8c94fcea26d4cb3:host:172.234.197.23	SESSION-c8c94fcea26d4cb3 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:98.130.128.246:geo_17.38430_78.45830	host:98.130.128.246 → geo_17.38430_78.45830
FLOW_FROM_HOSTOBS	e:from:SESSION-a55a830d22fea90d:host:131.196.29.130	SESSION-a55a830d22fea90d → host:131.196.29.130
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d7bdeba7c000ea7:flow:a0836fcd7bb1	SESSION-1d7bdeba7c000ea7 → flow:a0836fcd7bb1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-69d41e5348c00130:SESSION-69d41e5348c00130	SESSION-69d41e5348c00130 → pe:syn:SESSION-69d41e5348c00130
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5257ce7e592379ae:host:172.234.197.23	SESSION-5257ce7e592379ae → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c8300d990ddd9a21:host:172.234.197.23	SESSION-c8300d990ddd9a21 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5080263f1b2fd5b9:host:172.234.197.23	SESSION-5080263f1b2fd5b9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ebb29f0c8a91fe62:flow:ebc914576482	SESSION-ebb29f0c8a91fe62 → flow:ebc914576482
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.107:asn:273470	host:45.173.156.107 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-6f2f5812045d2e3b:host:177.10.233.216	SESSION-6f2f5812045d2e3b → host:177.10.233.216
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-24aa07f03f2c2273:flow:e8e27ec2424d	SESSION-24aa07f03f2c2273 → flow:e8e27ec2424d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47ed57a240abf6fc:host:177.10.232.80	SESSION-47ed57a240abf6fc → host:177.10.232.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-592c559641abdde0:PCAP:capture_20260430070001:903a0e7a436b	SESSION-592c559641abdde0 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f6b9574b70ed197:host:172.234.197.23	SESSION-4f6b9574b70ed197 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6394463f1caee3eb:flow:32c341ad15e4	SESSION-6394463f1caee3eb → flow:32c341ad15e4
FLOW_DST_PORTOBS	e:fp:flow:28a3cd6fd6a8:port:tcp:23432	flow:28a3cd6fd6a8 → port:tcp:23432
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ad4db4cca9d566af:PCAP:capture_20260430060001:919b39a74464	SESSION-ad4db4cca9d566af → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6b4752d4afe8ec71:SESSION-6b4752d4afe8ec71	SESSION-6b4752d4afe8ec71 → pe:tls:SESSION-6b4752d4afe8ec71
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-accb56e5453b3fbd:SESSION-accb56e5453b3fbd	SESSION-accb56e5453b3fbd → pe:syn:SESSION-accb56e5453b3fbd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6da60a47e57e7ba3:host:172.234.197.23	SESSION-6da60a47e57e7ba3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2f2dfbe9df7c080:host:172.234.197.23	SESSION-e2f2dfbe9df7c080 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75bc03759038657d:host:177.10.232.139	SESSION-75bc03759038657d → host:177.10.232.139
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-915c694a7f41c8e3:host:45.173.156.200:host:172.234.197.23	SESSION-915c694a7f41c8e3 → host:45.173.156.200 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:947ed1ed059c	flow:947ed1ed059c → host:131.196.30.44 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-df808ed8a09d8e60:SESSION-df808ed8a09d8e60	SESSION-df808ed8a09d8e60 → pe:syn:SESSION-df808ed8a09d8e60
flow_observed5-aryOBS	e:fo:flow:88d7422db9bf	flow:88d7422db9bf → host:177.10.239.208 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-589f676f16819868:host:172.234.197.23	SESSION-589f676f16819868 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-651f6fdc4d4e9c59:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-651f6fdc4d4e9c59 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-8897ca7200c8655e:host:45.148.10.151	SESSION-8897ca7200c8655e → host:45.148.10.151
FLOW_TO_HOSTOBS	e:to:SESSION-587cecb9c2d65d84:host:177.10.235.85	SESSION-587cecb9c2d65d84 → host:177.10.235.85
FLOW_TLS_SNIOBS	e:fs:flow:c1f401a82a26:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:c1f401a82a26 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_DST_PORTOBS	e:fp:flow:f42480d66c27:port:tcp:443	flow:f42480d66c27 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:af163fb10b44:port:tcp:443	flow:af163fb10b44 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-191997595ec6754e:SESSION-191997595ec6754e	SESSION-191997595ec6754e → pe:syn:SESSION-191997595ec6754e
FLOW_FROM_HOSTOBS	e:from:SESSION-27131bb9b9feeb52:host:177.10.237.118	SESSION-27131bb9b9feeb52 → host:177.10.237.118
FLOW_DST_PORTOBS	e:fp:flow:9e20558c2d4e:port:tcp:80	flow:9e20558c2d4e → port:tcp:80
flow_observed4-aryOBS	e:fo:flow:178ed12e2cd2	flow:178ed12e2cd2 → host:172.234.197.23 → host:177.10.236.76 → port:tcp:2927
FLOW_DST_PORTOBS	e:fp:flow:3c91b0aebea1:port:tcp:33186	flow:3c91b0aebea1 → port:tcp:33186
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f479af38d87d852f:SESSION-f479af38d87d852f	SESSION-f479af38d87d852f → pe:syn:SESSION-f479af38d87d852f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eee0288be94ee16a:host:45.173.156.253	SESSION-eee0288be94ee16a → host:45.173.156.253
FLOW_DST_PORTOBS	e:fp:flow:a45d884a7082:port:tcp:443	flow:a45d884a7082 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-375dced119266894:flow:453a45a4daa5	SESSION-375dced119266894 → flow:453a45a4daa5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d8938c8d43c3c288:host:177.10.234.172:host:172.234.197.23	SESSION-d8938c8d43c3c288 → host:177.10.234.172 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4ecd8582d753:port:tcp:443	flow:4ecd8582d753 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9886228ef28af254:SESSION-9886228ef28af254	SESSION-9886228ef28af254 → pe:syn:SESSION-9886228ef28af254
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-54127ab649dd8e15:SESSION-54127ab649dd8e15	SESSION-54127ab649dd8e15 → pe:tls:SESSION-54127ab649dd8e15
FLOW_TO_HOSTOBS	e:to:SESSION-0debd2a005265c6e:host:172.234.197.23	SESSION-0debd2a005265c6e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7c92c15e1e64:port:tcp:39371	flow:7c92c15e1e64 → port:tcp:39371
flow_observed5-aryOBS	e:fo:flow:5d9ac96edb9e	flow:5d9ac96edb9e → host:131.196.29.67 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.239:asn:273470	host:45.173.156.239 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-643a90c68c400c64:host:177.10.236.151	SESSION-643a90c68c400c64 → host:177.10.236.151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9fba97aa139b6de4:SESSION-9fba97aa139b6de4	SESSION-9fba97aa139b6de4 → pe:syn:SESSION-9fba97aa139b6de4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-054885aa6e2323da:host:131.196.30.5	SESSION-054885aa6e2323da → host:131.196.30.5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.148:geo_-16.28860_-49.01640	host:177.10.233.148 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:ec60c21c4d5f:port:tcp:443	flow:ec60c21c4d5f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6315d280130065c8:SESSION-6315d280130065c8	SESSION-6315d280130065c8 → pe:tls:SESSION-6315d280130065c8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e034fcb399102895:host:172.234.197.23:host:177.10.234.0	SESSION-e034fcb399102895 → host:172.234.197.23 → host:177.10.234.0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7fea0326f1ddbdfc:PCAP:capture_20260430050001:8868731bf8a4	SESSION-7fea0326f1ddbdfc → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f19cc3e0ef766dd7:host:177.10.237.73	SESSION-f19cc3e0ef766dd7 → host:177.10.237.73
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a7f859cb03c026fc:flow:73447e28b1e9	SESSION-a7f859cb03c026fc → flow:73447e28b1e9
FLOW_TO_HOSTOBS	e:to:SESSION-23002560e1da6de3:host:172.234.197.23	SESSION-23002560e1da6de3 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.91:geo_-23.62930_-46.63510	host:131.196.28.91 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:65c7c6bda9f3:port:tcp:443	flow:65c7c6bda9f3 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-742c2d67dec63a6f:SESSION-742c2d67dec63a6f	SESSION-742c2d67dec63a6f → pe:tls:SESSION-742c2d67dec63a6f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-abff9bfe6a29f0b5:SESSION-abff9bfe6a29f0b5	SESSION-abff9bfe6a29f0b5 → pe:tls:SESSION-abff9bfe6a29f0b5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.144:geo_-23.62930_-46.63510	host:131.196.31.144 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-736a99dd90ae6491:host:172.234.197.23	SESSION-736a99dd90ae6491 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6c48fdd66981:port:tcp:56899	flow:6c48fdd66981 → port:tcp:56899
FLOW_DST_PORTOBS	e:fp:flow:5124aa46fb06:port:tcp:30434	flow:5124aa46fb06 → port:tcp:30434
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9485d3e307f01514:PCAP:capture_20260430150001:ded20914761d	SESSION-9485d3e307f01514 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-488c9c462e491ad2:host:172.234.197.23	SESSION-488c9c462e491ad2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7a800bc67052acb8:host:131.196.31.88:host:172.234.197.23	SESSION-7a800bc67052acb8 → host:131.196.31.88 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9d5d9e92af7a:port:tcp:62217	flow:9d5d9e92af7a → port:tcp:62217
FLOW_FROM_HOSTOBS	e:from:SESSION-2d93e5dd98af62cc:host:131.196.28.216	SESSION-2d93e5dd98af62cc → host:131.196.28.216
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-581b4c1bc6ff5f0b:SESSION-581b4c1bc6ff5f0b	SESSION-581b4c1bc6ff5f0b → pe:tls:SESSION-581b4c1bc6ff5f0b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2a34ec08b35e90b0:SESSION-2a34ec08b35e90b0	SESSION-2a34ec08b35e90b0 → pe:syn:SESSION-2a34ec08b35e90b0
FLOW_TO_HOSTOBS	e:to:SESSION-4a412381d3ec6112:host:172.234.197.23	SESSION-4a412381d3ec6112 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b05f07ed9250ae8e:SESSION-b05f07ed9250ae8e	SESSION-b05f07ed9250ae8e → pe:tls:SESSION-b05f07ed9250ae8e
FLOW_DST_PORTOBS	e:fp:flow:c2b1c487e1ac:port:tcp:443	flow:c2b1c487e1ac → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92a69e37100365d0:host:177.10.239.137	SESSION-92a69e37100365d0 → host:177.10.239.137
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c1aa9055f8e3197b:host:131.196.30.181:host:172.234.197.23	SESSION-c1aa9055f8e3197b → host:131.196.30.181 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-77c18cfa23ea97ee:host:172.234.197.23	SESSION-77c18cfa23ea97ee → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4c4adfb3e188a176:PCAP:capture_20260430050001:8868731bf8a4	SESSION-4c4adfb3e188a176 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3e3d1aa706f2604d:flow:b961b57bcd95	SESSION-3e3d1aa706f2604d → flow:b961b57bcd95
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-42d85a7a0d0a6c22:flow:740f8ab03c92	SESSION-42d85a7a0d0a6c22 → flow:740f8ab03c92
FLOW_DST_PORTOBS	e:fp:flow:d3f853795ebd:port:tcp:443	flow:d3f853795ebd → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-32626bc077790390:host:172.234.197.23	SESSION-32626bc077790390 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:14302fa43c8e	flow:14302fa43c8e → host:45.173.156.84 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1600cc83b8cea24d:host:172.234.197.23	SESSION-1600cc83b8cea24d → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:fe447701d1cd	flow:fe447701d1cd → host:172.234.197.23 → host:177.10.239.71 → port:tcp:34149
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.212:asn:262880	host:177.10.234.212 → asn:262880
flow_observed5-aryOBS	e:fo:flow:74b4e8a79222	flow:74b4e8a79222 → host:45.173.156.98 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b875e262090a3924:host:172.234.197.23	SESSION-b875e262090a3924 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b762e0a8780c	flow:b762e0a8780c → host:172.234.197.23 → host:131.196.31.111 → port:tcp:51496
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a650ad390b72264d:SESSION-a650ad390b72264d	SESSION-a650ad390b72264d → pe:syn:SESSION-a650ad390b72264d
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-6da898acb6c07034:BSG-BEACON-c94af3055994	SESSION-6da898acb6c07034 → BSG-BEACON-c94af3055994
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-24f1ec9c7d379a9b:host:172.234.197.23:host:131.196.29.150	SESSION-24f1ec9c7d379a9b → host:172.234.197.23 → host:131.196.29.150
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a9042bd9c6a81d17:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-a9042bd9c6a81d17 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3109063707c4a5e1:SESSION-3109063707c4a5e1	SESSION-3109063707c4a5e1 → pe:syn:SESSION-3109063707c4a5e1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0bf5b48d5bcb9503:host:131.196.31.18:host:172.234.197.23	SESSION-0bf5b48d5bcb9503 → host:131.196.31.18 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-98e2e9e1db14446c:host:172.234.197.23	SESSION-98e2e9e1db14446c → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.83:geo_-16.28860_-49.01640	host:177.10.235.83 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f39c81a37ca9c9d3:host:172.234.197.23	SESSION-f39c81a37ca9c9d3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-68342cf3c00e7f2e:host:172.234.197.23	SESSION-68342cf3c00e7f2e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6dcc81ef5615b86c:host:172.234.197.23	SESSION-6dcc81ef5615b86c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f81e7ae5e8e38135:host:172.234.197.23	SESSION-f81e7ae5e8e38135 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fd2d57a3e3d90491:host:177.10.234.221	SESSION-fd2d57a3e3d90491 → host:177.10.234.221
flow_observed5-aryOBS	e:fo:flow:5ad3b0f91a3d	flow:5ad3b0f91a3d → host:177.10.232.84 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:1d557416deb3	flow:1d557416deb3 → host:177.10.235.121 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:7a226fbc653a	flow:7a226fbc653a → host:177.10.236.77 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2290de8fcf2817df:SESSION-2290de8fcf2817df	SESSION-2290de8fcf2817df → pe:syn:SESSION-2290de8fcf2817df
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2fd071a3b1e728ca:PCAP:capture_20260430060001:919b39a74464	SESSION-2fd071a3b1e728ca → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-22873a115734b4a8:host:172.234.197.23	SESSION-22873a115734b4a8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-658ca3f75d8ef503:host:172.234.197.23	SESSION-658ca3f75d8ef503 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9494583da7ce1d88:SESSION-9494583da7ce1d88	SESSION-9494583da7ce1d88 → pe:tls:SESSION-9494583da7ce1d88
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37e4af30bda4d3e9:flow:73e988299d2f	SESSION-37e4af30bda4d3e9 → flow:73e988299d2f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7341740ccb6f292:host:177.10.232.109	SESSION-e7341740ccb6f292 → host:177.10.232.109
flow_observed4-aryOBS	e:fo:flow:39ef05cb6fd5	flow:39ef05cb6fd5 → host:172.234.197.23 → host:177.10.233.220 → port:tcp:54688
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.204:geo_-16.28860_-49.01640	host:177.10.236.204 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f51f16a6829ff61b:host:172.234.197.23	SESSION-f51f16a6829ff61b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9e6337f9fc4d	flow:9e6337f9fc4d → host:45.173.156.46 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6f99e1376da42693:SESSION-6f99e1376da42693	SESSION-6f99e1376da42693 → pe:syn:SESSION-6f99e1376da42693
FLOW_FROM_HOSTOBS	e:from:SESSION-a046afd146222299:host:103.155.16.117	SESSION-a046afd146222299 → host:103.155.16.117
FLOW_FROM_HOSTOBS	e:from:SESSION-c37bd5454075ced3:host:172.234.197.23	SESSION-c37bd5454075ced3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e3b214bdb989f663:SESSION-e3b214bdb989f663	SESSION-e3b214bdb989f663 → pe:tls:SESSION-e3b214bdb989f663
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c3db1a0404e21661:host:131.196.29.128:host:172.234.197.23	SESSION-c3db1a0404e21661 → host:131.196.29.128 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bd8e744bc487bcb1:host:172.234.197.23:host:177.10.237.73	SESSION-bd8e744bc487bcb1 → host:172.234.197.23 → host:177.10.237.73
FLOW_FROM_HOSTOBS	e:from:SESSION-37c584531b25722b:host:131.196.30.239	SESSION-37c584531b25722b → host:131.196.30.239
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5c83cde1dbe634e7:PCAP:capture_20260430090001:065659c7d314	SESSION-5c83cde1dbe634e7 → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:3099272ee060:port:tcp:80	flow:3099272ee060 → port:tcp:80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e22ceaf98f82b588:SESSION-e22ceaf98f82b588	SESSION-e22ceaf98f82b588 → pe:tls:SESSION-e22ceaf98f82b588
FLOW_FROM_HOSTOBS	e:from:SESSION-0940876600cf1421:host:172.234.197.23	SESSION-0940876600cf1421 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3c1e38c6e6df43f1:host:172.234.197.23	SESSION-3c1e38c6e6df43f1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-90798b7c1b8c7636:flow:8ac017970638	SESSION-90798b7c1b8c7636 → flow:8ac017970638
flow_observed5-aryOBS	e:fo:flow:0acac59bfefe	flow:0acac59bfefe → host:177.10.234.230 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-957293060df71cd6:host:172.234.197.23	SESSION-957293060df71cd6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6317a0a33a58:port:tcp:443	flow:6317a0a33a58 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eaf7cd3e5a2b7709:flow:f7ad796390a5	SESSION-eaf7cd3e5a2b7709 → flow:f7ad796390a5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-532708ef58f2707f:flow:6a1093ef65dd	SESSION-532708ef58f2707f → flow:6a1093ef65dd
flow_observed5-aryOBS	e:fo:flow:6262808a9407	flow:6262808a9407 → host:177.10.237.169 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa515f25c4c77655:host:172.234.197.23	SESSION-aa515f25c4c77655 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a55eb245a4ca8dde:SESSION-a55eb245a4ca8dde	SESSION-a55eb245a4ca8dde → pe:tls:SESSION-a55eb245a4ca8dde
flow_observed4-aryOBS	e:fo:flow:d46d851df776	flow:d46d851df776 → host:172.234.197.23 → host:177.10.236.236 → port:tcp:6678
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ab185a89adee30ab:host:172.234.197.23:host:131.196.30.250	SESSION-ab185a89adee30ab → host:172.234.197.23 → host:131.196.30.250
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fa5716fea2946da:host:131.196.30.170	SESSION-5fa5716fea2946da → host:131.196.30.170
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a34bb428906fa48c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-a34bb428906fa48c → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.157:asn:262880	host:177.10.234.157 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-7b1078812f997c85:host:177.10.236.1	SESSION-7b1078812f997c85 → host:177.10.236.1
FLOW_TO_HOSTOBS	e:to:SESSION-6535f7c42f72cb7f:host:172.234.197.23	SESSION-6535f7c42f72cb7f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afd30c72829a35a2:host:172.234.197.23	SESSION-afd30c72829a35a2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-57e20c08f6c0c2c9:flow:e4dd419a2453	SESSION-57e20c08f6c0c2c9 → flow:e4dd419a2453
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e77787f9a5bab711:host:172.234.197.23	SESSION-e77787f9a5bab711 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-74d0e7e40a4e478e:PCAP:capture_20260430050001:8868731bf8a4	SESSION-74d0e7e40a4e478e → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-2be48cd916ee7ccc:host:172.234.197.23	SESSION-2be48cd916ee7ccc → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f1ac2b056425:port:tcp:443	flow:f1ac2b056425 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3f38f9d39dae0e5a:SESSION-3f38f9d39dae0e5a	SESSION-3f38f9d39dae0e5a → pe:syn:SESSION-3f38f9d39dae0e5a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-924a4e21bceaf0d1:flow:c7fe82c435bb	SESSION-924a4e21bceaf0d1 → flow:c7fe82c435bb
FLOW_DST_PORTOBS	e:fp:flow:0595b0579d8a:port:tcp:24582	flow:0595b0579d8a → port:tcp:24582
flow_observed4-aryOBS	e:fo:flow:d48fc354fcdd	flow:d48fc354fcdd → host:172.234.197.23 → host:177.10.238.107 → port:tcp:65255
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3b8a8c73a52fb2ca:host:177.10.233.145	SESSION-3b8a8c73a52fb2ca → host:177.10.233.145
flow_observed5-aryOBS	e:fo:flow:5cf23b9905c6	flow:5cf23b9905c6 → host:177.10.232.158 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.98:geo_-16.28860_-49.01640	host:177.10.237.98 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:a4b42408e8d1	flow:a4b42408e8d1 → host:177.10.235.125 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0d83e3d3d1fc018:host:172.234.197.23	SESSION-d0d83e3d3d1fc018 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.101:geo_-16.28860_-49.01640	host:177.10.237.101 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ee402158031a28f0:SESSION-ee402158031a28f0	SESSION-ee402158031a28f0 → pe:tls:SESSION-ee402158031a28f0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8bf7420041ec56c9:SESSION-8bf7420041ec56c9	SESSION-8bf7420041ec56c9 → pe:syn:SESSION-8bf7420041ec56c9
FLOW_TLS_SNIOBS	e:fs:flow:9093eff6b816:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:9093eff6b816 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-36abdcc0889b5aa2:host:172.234.197.23	SESSION-36abdcc0889b5aa2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d98879de1566:port:tcp:443	flow:d98879de1566 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9338ac17b36dc2c1:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9338ac17b36dc2c1 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-2625cb17cae199d1:host:172.234.197.23	SESSION-2625cb17cae199d1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-051bd0ccc4bec756:host:177.10.238.96	SESSION-051bd0ccc4bec756 → host:177.10.238.96
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5adf4423481534a6:SESSION-5adf4423481534a6	SESSION-5adf4423481534a6 → pe:tls:SESSION-5adf4423481534a6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a4167334bdfae4b6:flow:a39ba2240db6	SESSION-a4167334bdfae4b6 → flow:a39ba2240db6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-20aee5a5b6e9be41:SESSION-20aee5a5b6e9be41	SESSION-20aee5a5b6e9be41 → pe:syn:SESSION-20aee5a5b6e9be41
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f2f14bb2a06741aa:PCAP:capture_20260430110001:43611bdf6759	SESSION-f2f14bb2a06741aa → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:2d3fc437f8bf:port:tcp:443	flow:2d3fc437f8bf → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.133:geo_-16.28860_-49.01640	host:177.10.232.133 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19fcdbc3c5b0e100:host:172.234.197.23	SESSION-19fcdbc3c5b0e100 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-af315627d236ddd5:flow:797579358402	SESSION-af315627d236ddd5 → flow:797579358402
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33916bd4dadd0440:host:172.234.197.23	SESSION-33916bd4dadd0440 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ad6356c5bafa36b:host:131.196.28.39	SESSION-7ad6356c5bafa36b → host:131.196.28.39
FLOW_DST_PORTOBS	e:fp:flow:3efa649fed79:port:tcp:14425	flow:3efa649fed79 → port:tcp:14425
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-16df0786ef84574d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-16df0786ef84574d → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3573d87c5a129f8e:flow:8e7f3f4c4f31	SESSION-3573d87c5a129f8e → flow:8e7f3f4c4f31
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4d6f38e3582127c:flow:1f7e322aca34	SESSION-c4d6f38e3582127c → flow:1f7e322aca34
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8a52e21a979a3cd:host:177.10.239.140	SESSION-c8a52e21a979a3cd → host:177.10.239.140
FLOW_DST_PORTOBS	e:fp:flow:3d3570f8986d:port:tcp:443	flow:3d3570f8986d → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8f16f611b98ecbfd:flow:819986960ec3	SESSION-8f16f611b98ecbfd → flow:819986960ec3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-212f7b3a9bb90264:host:172.234.197.23:host:177.10.237.41	SESSION-212f7b3a9bb90264 → host:172.234.197.23 → host:177.10.237.41
FLOW_FROM_HOSTOBS	e:from:SESSION-be196df3d425cb31:host:177.10.234.39	SESSION-be196df3d425cb31 → host:177.10.234.39
flow_observed5-aryOBS	e:fo:flow:9d4afa03dc6f	flow:9d4afa03dc6f → host:177.10.236.84 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a03e1a67bd79b062:SESSION-a03e1a67bd79b062	SESSION-a03e1a67bd79b062 → pe:syn:SESSION-a03e1a67bd79b062
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-35834184401bcda8:flow:371ab4a86a3a	SESSION-35834184401bcda8 → flow:371ab4a86a3a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a79875656e67c68:PCAP:capture_20260430080001:93f47cc296a4	SESSION-0a79875656e67c68 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-ee8a8be73e4592b1:host:45.173.156.62	SESSION-ee8a8be73e4592b1 → host:45.173.156.62
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-58fb8de1a3a0b1f1:SESSION-58fb8de1a3a0b1f1	SESSION-58fb8de1a3a0b1f1 → pe:syn:SESSION-58fb8de1a3a0b1f1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.151:geo_-16.28860_-49.01640	host:177.10.239.151 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9963b3b3d702eb6e:PCAP:capture_20260430060001:919b39a74464	SESSION-9963b3b3d702eb6e → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:4e4dc3612eef:port:tcp:443	flow:4e4dc3612eef → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5cc5078bf4d23558:host:45.145.152.195	SESSION-5cc5078bf4d23558 → host:45.145.152.195
FLOW_FROM_HOSTOBS	e:from:SESSION-b93959f6df3f665b:host:172.234.197.23	SESSION-b93959f6df3f665b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37c584531b25722b:host:172.234.197.23	SESSION-37c584531b25722b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:21bf07083353	flow:21bf07083353 → host:177.10.233.192 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:0b91fe313611:port:tcp:443	flow:0b91fe313611 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-750eaff924399322:host:45.173.156.70	SESSION-750eaff924399322 → host:45.173.156.70
FLOW_FROM_HOSTOBS	e:from:SESSION-dca77cba3fb011ca:host:172.234.197.23	SESSION-dca77cba3fb011ca → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eb82ec2c88e573dc:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-eb82ec2c88e573dc → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-84d24c52e1f02eee:host:177.10.234.21	SESSION-84d24c52e1f02eee → host:177.10.234.21
FLOW_FROM_HOSTOBS	e:from:SESSION-53f84807a0945e6c:host:131.196.28.101	SESSION-53f84807a0945e6c → host:131.196.28.101
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1e699a2f9558bf8d:SESSION-1e699a2f9558bf8d	SESSION-1e699a2f9558bf8d → pe:syn:SESSION-1e699a2f9558bf8d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20e3655a208f66c6:host:177.10.239.99	SESSION-20e3655a208f66c6 → host:177.10.239.99
FLOW_FROM_HOSTOBS	e:from:SESSION-6cc71c07f8c21dc0:host:177.10.233.28	SESSION-6cc71c07f8c21dc0 → host:177.10.233.28
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bc2ea3f70e7bccaf:flow:d501ba0fe92f	SESSION-bc2ea3f70e7bccaf → flow:d501ba0fe92f
FLOW_TO_HOSTOBS	e:to:SESSION-e01d63cbcaad0b90:host:172.234.197.23	SESSION-e01d63cbcaad0b90 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2e29524ed5dcc05:host:172.234.197.23	SESSION-d2e29524ed5dcc05 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6242cf24a2978d6d:host:172.234.197.23	SESSION-6242cf24a2978d6d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf669240db189a71:host:172.234.197.23	SESSION-cf669240db189a71 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7c3ca69b9bbe	flow:7c3ca69b9bbe → host:131.196.29.55 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2d226dc6e18df532:flow:bc6649272822	SESSION-2d226dc6e18df532 → flow:bc6649272822
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7d1c756fff84e2d4:flow:66dbc4502796	SESSION-7d1c756fff84e2d4 → flow:66dbc4502796
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dc085f76ab1a4e2b:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-dc085f76ab1a4e2b → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-230e735532621bd7:flow:e33777f6cc74	SESSION-230e735532621bd7 → flow:e33777f6cc74
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-54704a8587620f8b:flow:1489565b6fba	SESSION-54704a8587620f8b → flow:1489565b6fba
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d12c89e59455016e:flow:4272b5576122	SESSION-d12c89e59455016e → flow:4272b5576122
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94c9082e66baa6b5:host:177.10.238.10	SESSION-94c9082e66baa6b5 → host:177.10.238.10
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b9d6fb279031158e:flow:c55144af88c3	SESSION-b9d6fb279031158e → flow:c55144af88c3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9e2a4babdc2dc965:flow:81dfa4a594a6	SESSION-9e2a4babdc2dc965 → flow:81dfa4a594a6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-27c94fb85f37f774:SESSION-27c94fb85f37f774	SESSION-27c94fb85f37f774 → pe:tls:SESSION-27c94fb85f37f774
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-140cb8b81d438202:SESSION-140cb8b81d438202	SESSION-140cb8b81d438202 → pe:tls:SESSION-140cb8b81d438202
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a74ec174530f5239:PCAP:capture_20260430070001:903a0e7a436b	SESSION-a74ec174530f5239 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-9f49b20c8baea20b:host:177.10.235.1	SESSION-9f49b20c8baea20b → host:177.10.235.1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-213b6cb7e75b87f2:host:177.10.236.77	SESSION-213b6cb7e75b87f2 → host:177.10.236.77
flow_observed5-aryOBS	e:fo:flow:caa84e800b07	flow:caa84e800b07 → host:45.173.156.48 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:7f9f21fabb0b:port:tcp:443	flow:7f9f21fabb0b → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eaae06fce38c131f:SESSION-eaae06fce38c131f	SESSION-eaae06fce38c131f → pe:syn:SESSION-eaae06fce38c131f
FLOW_TO_HOSTOBS	e:to:SESSION-9b9695896cdce250:host:172.234.197.23	SESSION-9b9695896cdce250 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d5969e9f81f277f3:host:177.10.236.244	SESSION-d5969e9f81f277f3 → host:177.10.236.244
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b947f5515d64f3f8:host:172.234.197.23	SESSION-b947f5515d64f3f8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-abc64529b37d4840:host:172.234.197.23	SESSION-abc64529b37d4840 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9a236c6c04af1f19:SESSION-9a236c6c04af1f19	SESSION-9a236c6c04af1f19 → pe:tls:SESSION-9a236c6c04af1f19
FLOW_DST_PORTOBS	e:fp:flow:e35eac55d46e:port:tcp:443	flow:e35eac55d46e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9dc3dafcee87c5f7:SESSION-9dc3dafcee87c5f7	SESSION-9dc3dafcee87c5f7 → pe:syn:SESSION-9dc3dafcee87c5f7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7140a8719778d6c0:host:177.10.236.57	SESSION-7140a8719778d6c0 → host:177.10.236.57
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-08ee685c4e8cc842:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-08ee685c4e8cc842 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1e699a2f9558bf8d:flow:511640d4b71a	SESSION-1e699a2f9558bf8d → flow:511640d4b71a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.59:geo_-23.62930_-46.63510	host:131.196.29.59 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3a3b1f52ae1679da:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-3a3b1f52ae1679da → PCAP:capture_20260428000001:7e90c7cb899e
FLOW_TO_HOSTOBS	e:to:SESSION-0799ff092dfcce41:host:172.234.197.23	SESSION-0799ff092dfcce41 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b869e54127ed:port:tcp:2781	flow:b869e54127ed → port:tcp:2781
FLOW_FROM_HOSTOBS	e:from:SESSION-c8a57b2200e62e75:host:177.10.233.11	SESSION-c8a57b2200e62e75 → host:177.10.233.11
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-92547fda1a59fab0:host:131.196.28.217:host:172.234.197.23	SESSION-92547fda1a59fab0 → host:131.196.28.217 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e9f24a0dad4a	flow:e9f24a0dad4a → host:172.234.197.23 → host:177.10.237.220 → port:tcp:14750
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d027fcdf19e82664:host:172.234.197.23	SESSION-d027fcdf19e82664 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-83f081267b847a58:host:177.10.234.126	SESSION-83f081267b847a58 → host:177.10.234.126
FLOW_DST_PORTOBS	e:fp:flow:be92f25f6322:port:tcp:443	flow:be92f25f6322 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-92547fda1a59fab0:flow:b951a656f8db	SESSION-92547fda1a59fab0 → flow:b951a656f8db
FLOW_TO_HOSTOBS	e:to:SESSION-b7792ff6d5e7124a:host:177.10.239.187	SESSION-b7792ff6d5e7124a → host:177.10.239.187
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7536a33faff5a95d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-7536a33faff5a95d → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-f228c5492216a597:host:172.234.197.23	SESSION-f228c5492216a597 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3ea2e2a37f857a7f:SESSION-3ea2e2a37f857a7f	SESSION-3ea2e2a37f857a7f → pe:tls:SESSION-3ea2e2a37f857a7f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9d9495404a53bc0:host:177.10.239.20	SESSION-c9d9495404a53bc0 → host:177.10.239.20
FLOW_DST_PORTOBS	e:fp:flow:4c51681b834b:port:tcp:443	flow:4c51681b834b → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3cc71da406a2797a:PCAP:capture_20260428010001:b1b402c7b202	SESSION-3cc71da406a2797a → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca6098e1767361a3:host:177.10.235.114	SESSION-ca6098e1767361a3 → host:177.10.235.114
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7f9cc68ffb76114:PCAP:capture_20260430110001:43611bdf6759	SESSION-b7f9cc68ffb76114 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ac742257199be2dd:PCAP:capture_20260430150001:ded20914761d	SESSION-ac742257199be2dd → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b8a147e2e8b42f79:SESSION-b8a147e2e8b42f79	SESSION-b8a147e2e8b42f79 → pe:tls:SESSION-b8a147e2e8b42f79
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d69d721ba9bae694:flow:0a248a4219ae	SESSION-d69d721ba9bae694 → flow:0a248a4219ae
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-216df7510915a954:host:177.10.236.176:host:172.234.197.23	SESSION-216df7510915a954 → host:177.10.236.176 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54f6eb1f506e4a3a:host:177.10.233.85	SESSION-54f6eb1f506e4a3a → host:177.10.233.85
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-158ec8f739ce5586:host:131.196.30.68	SESSION-158ec8f739ce5586 → host:131.196.30.68
flow_observed5-aryOBS	e:fo:flow:306d4674c16a	flow:306d4674c16a → host:131.196.31.16 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:4c205cbdc775:port:tcp:17824	flow:4c205cbdc775 → port:tcp:17824
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09e8a1451dd94c84:host:177.10.234.104	SESSION-09e8a1451dd94c84 → host:177.10.234.104
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3d6a52e82bb8db7f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-3d6a52e82bb8db7f → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7ad6356c5bafa36b:SESSION-7ad6356c5bafa36b	SESSION-7ad6356c5bafa36b → pe:syn:SESSION-7ad6356c5bafa36b
FLOW_FROM_HOSTOBS	e:from:SESSION-3be9919fc6df9ffa:host:45.173.156.248	SESSION-3be9919fc6df9ffa → host:45.173.156.248
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f709c3d74e04443c:SESSION-f709c3d74e04443c	SESSION-f709c3d74e04443c → pe:tls:SESSION-f709c3d74e04443c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.218:geo_-16.28860_-49.01640	host:177.10.234.218 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2dbb52de45813c9a:host:172.234.197.23	SESSION-2dbb52de45813c9a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a5a0c98ce5f67db5:SESSION-a5a0c98ce5f67db5	SESSION-a5a0c98ce5f67db5 → pe:tls:SESSION-a5a0c98ce5f67db5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-942872364f4f0f53:SESSION-942872364f4f0f53	SESSION-942872364f4f0f53 → pe:tls:SESSION-942872364f4f0f53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-72ea8a7fe39a298e:host:45.173.156.126:host:172.234.197.23	SESSION-72ea8a7fe39a298e → host:45.173.156.126 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-63f078b7cf539982:host:131.196.29.51	SESSION-63f078b7cf539982 → host:131.196.29.51
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-30f00b6e6078f800:host:172.234.197.23:host:177.10.234.164	SESSION-30f00b6e6078f800 → host:172.234.197.23 → host:177.10.234.164
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c1a14827dc654457:SESSION-c1a14827dc654457	SESSION-c1a14827dc654457 → pe:tls:SESSION-c1a14827dc654457
flow_observed4-aryOBS	e:fo:flow:d59379eb709f	flow:d59379eb709f → host:172.234.197.23 → host:131.196.30.56 → port:tcp:26585
FLOW_FROM_HOSTOBS	e:from:SESSION-7ee8538a8ddcb6ee:host:172.234.197.23	SESSION-7ee8538a8ddcb6ee → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e5901fc962e8	flow:e5901fc962e8 → host:131.196.28.59 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:bf7124d1d463:port:tcp:443	flow:bf7124d1d463 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-36d925db3c3b2591:host:177.10.235.61:host:172.234.197.23	SESSION-36d925db3c3b2591 → host:177.10.235.61 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.57:geo_-16.28860_-49.01640	host:177.10.238.57 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-8c5fe81cc60001f5:host:45.173.156.56	SESSION-8c5fe81cc60001f5 → host:45.173.156.56
FLOW_DST_PORTOBS	e:fp:flow:d65e2ae92c41:port:tcp:30932	flow:d65e2ae92c41 → port:tcp:30932
FLOW_DST_PORTOBS	e:fp:flow:47767f008320:port:tcp:51957	flow:47767f008320 → port:tcp:51957
FLOW_TO_HOSTOBS	e:to:SESSION-cce146f15a17b9a1:host:131.196.29.235	SESSION-cce146f15a17b9a1 → host:131.196.29.235
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.114:asn:262880	host:177.10.237.114 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7a6b146488afb43:host:172.234.197.23	SESSION-e7a6b146488afb43 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-29cd9f7300aa5893:PCAP:capture_20260430160001:9bfa4498506a	SESSION-29cd9f7300aa5893 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-29162d9ed8336732:flow:306fbd5f32f8	SESSION-29162d9ed8336732 → flow:306fbd5f32f8
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.164:asn:273470	host:45.173.156.164 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28af2e1f4e778075:host:172.234.197.23	SESSION-28af2e1f4e778075 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-527af3b786e52b88:PCAP:capture_20260430090001:065659c7d314	SESSION-527af3b786e52b88 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6cecd25b5e4e4c9c:PCAP:capture_20260430060001:919b39a74464	SESSION-6cecd25b5e4e4c9c → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-7eecd546334ac489:host:172.234.197.23	SESSION-7eecd546334ac489 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-93e5d317492a213b:host:172.234.197.23	SESSION-93e5d317492a213b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-567e9582c6914b15:host:131.196.31.111	SESSION-567e9582c6914b15 → host:131.196.31.111
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-754d0cc424848140:host:172.234.197.23	SESSION-754d0cc424848140 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.230:asn:262880	host:177.10.232.230 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fd8832d374e053cc:PCAP:capture_20260430070001:903a0e7a436b	SESSION-fd8832d374e053cc → PCAP:capture_20260430070001:903a0e7a436b
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-cdfe5014ffcf69db:BSG-BEACON-5d6f1bf04fc0	SESSION-cdfe5014ffcf69db → BSG-BEACON-5d6f1bf04fc0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f105059d1ed0a542:host:172.234.197.23:host:177.10.237.201	SESSION-f105059d1ed0a542 → host:172.234.197.23 → host:177.10.237.201
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a24676d50b48eccf:host:131.196.28.207	SESSION-a24676d50b48eccf → host:131.196.28.207
FLOW_FROM_HOSTOBS	e:from:SESSION-bd728e6d9f0647f9:host:177.10.239.205	SESSION-bd728e6d9f0647f9 → host:177.10.239.205
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b4419d123b2f0e3:host:172.234.197.23	SESSION-6b4419d123b2f0e3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-596b6c60b11eaa92:flow:5837ce3a8058	SESSION-596b6c60b11eaa92 → flow:5837ce3a8058
flow_observed5-aryOBS	e:fo:flow:df9b8944cbe1	flow:df9b8944cbe1 → host:91.240.224.238 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.120:geo_-16.28860_-49.01640	host:177.10.234.120 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ea19b3bdbd95a16b:flow:ce641d36bd3c	SESSION-ea19b3bdbd95a16b → flow:ce641d36bd3c
FLOW_FROM_HOSTOBS	e:from:SESSION-4a412381d3ec6112:host:131.196.28.22	SESSION-4a412381d3ec6112 → host:131.196.28.22
FLOW_TO_HOSTOBS	e:to:SESSION-c4367b2e8a53d74f:host:172.234.197.23	SESSION-c4367b2e8a53d74f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e217016f21152908:host:131.196.31.133	SESSION-e217016f21152908 → host:131.196.31.133
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-537461a77052bb13:PCAP:capture_20260428010001:b1b402c7b202	SESSION-537461a77052bb13 → PCAP:capture_20260428010001:b1b402c7b202
flow_observed4-aryOBS	e:fo:flow:bd015446e72b	flow:bd015446e72b → host:172.234.197.23 → host:177.10.235.151 → port:tcp:24195
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-62151f99a31dc755:flow:bda97b94938d	SESSION-62151f99a31dc755 → flow:bda97b94938d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a9739ecc8b00e90:host:177.10.235.109	SESSION-7a9739ecc8b00e90 → host:177.10.235.109
FLOW_DST_PORTOBS	e:fp:flow:32711f82649a:port:tcp:41641	flow:32711f82649a → port:tcp:41641
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8409f84148f471e2:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8409f84148f471e2 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-23e0f212525e0a86:host:172.234.197.23	SESSION-23e0f212525e0a86 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f5828198604c26af:host:177.10.235.185	SESSION-f5828198604c26af → host:177.10.235.185
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1d74e40d653f073:host:172.234.197.23	SESSION-d1d74e40d653f073 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c7201144bad9d462:SESSION-c7201144bad9d462	SESSION-c7201144bad9d462 → pe:syn:SESSION-c7201144bad9d462
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-718be43f3a8e9f39:PCAP:capture_20260430150001:ded20914761d	SESSION-718be43f3a8e9f39 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-691bf265b7044ac7:SESSION-691bf265b7044ac7	SESSION-691bf265b7044ac7 → pe:tls:SESSION-691bf265b7044ac7
ASN_IN_ORGOBS 80%	e:ao:asn:21859:org:Zenlayer Inc	asn:21859 → org:Zenlayer Inc
FLOW_DST_PORTOBS	e:fp:flow:1afc26fd0acd:port:tcp:45034	flow:1afc26fd0acd → port:tcp:45034
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30152f28b63d1649:host:177.10.236.122	SESSION-30152f28b63d1649 → host:177.10.236.122
FLOW_TO_HOSTOBS	e:to:SESSION-8fd3b31137a7f5f9:host:172.234.197.23	SESSION-8fd3b31137a7f5f9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:43f0331e10b3	flow:43f0331e10b3 → host:131.196.30.74 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44593e1f87cfdd92:host:131.196.31.14	SESSION-44593e1f87cfdd92 → host:131.196.31.14
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.32:asn:262880	host:177.10.232.32 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-d4741bb1b7e9e5b0:host:177.10.232.91	SESSION-d4741bb1b7e9e5b0 → host:177.10.232.91
FLOW_DST_PORTOBS	e:fp:flow:178ed12e2cd2:port:tcp:2927	flow:178ed12e2cd2 → port:tcp:2927
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.242:asn:271410	host:131.196.29.242 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-9d65a28f7cbebfeb:host:172.234.197.23	SESSION-9d65a28f7cbebfeb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-06814c349a39e79e:host:172.234.197.23	SESSION-06814c349a39e79e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aae42b7cc2993272:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-aae42b7cc2993272 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0f2cdff3ab49e1a1:flow:1686e758d44a	SESSION-0f2cdff3ab49e1a1 → flow:1686e758d44a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7b2f232bbd4758bf:SESSION-7b2f232bbd4758bf	SESSION-7b2f232bbd4758bf → pe:tls:SESSION-7b2f232bbd4758bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-25f56036928a5a45:SESSION-25f56036928a5a45	SESSION-25f56036928a5a45 → pe:syn:SESSION-25f56036928a5a45
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d74877df7cdd5d7:host:172.234.197.23	SESSION-6d74877df7cdd5d7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-39e4fa54be3b3e55:SESSION-39e4fa54be3b3e55	SESSION-39e4fa54be3b3e55 → pe:tls:SESSION-39e4fa54be3b3e55
flow_observed4-aryOBS	e:fo:flow:122a0094d863	flow:122a0094d863 → host:172.234.197.23 → host:177.10.232.122 → port:tcp:3007
FLOW_DST_PORTOBS	e:fp:flow:c487525969c2:port:tcp:63655	flow:c487525969c2 → port:tcp:63655
flow_observed4-aryOBS	e:fo:flow:0cf1880561ef	flow:0cf1880561ef → host:172.234.197.23 → host:177.10.237.94 → port:tcp:34520
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.253:geo_-16.28860_-49.01640	host:177.10.239.253 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e6f5f35bde9b3d2:host:172.234.197.23:host:177.10.238.124	SESSION-7e6f5f35bde9b3d2 → host:172.234.197.23 → host:177.10.238.124
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cddf604912330e1b:flow:eeedb1395fff	SESSION-cddf604912330e1b → flow:eeedb1395fff
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-54b62e34296d5c17:host:172.234.197.23:host:131.196.29.224	SESSION-54b62e34296d5c17 → host:172.234.197.23 → host:131.196.29.224
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.79:geo_-16.28860_-49.01640	host:177.10.237.79 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3c282c87f3b4a743:SESSION-3c282c87f3b4a743	SESSION-3c282c87f3b4a743 → pe:syn:SESSION-3c282c87f3b4a743
FLOW_FROM_HOSTOBS	e:from:SESSION-a01362ca7d087a96:host:177.10.237.68	SESSION-a01362ca7d087a96 → host:177.10.237.68
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.194:geo_-16.28860_-49.01640	host:177.10.238.194 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-b4dc175dd74a3b00:host:172.234.197.23	SESSION-b4dc175dd74a3b00 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5d8fbc6c3c79	flow:5d8fbc6c3c79 → host:177.10.236.7 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46082ee63fe36bdf:host:172.234.197.23	SESSION-46082ee63fe36bdf → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5af80fbf2441:port:tcp:80	flow:5af80fbf2441 → port:tcp:80
FLOW_FROM_HOSTOBS	e:from:SESSION-62b98bdaf08d2190:host:131.196.28.122	SESSION-62b98bdaf08d2190 → host:131.196.28.122
FLOW_FROM_HOSTOBS	e:from:SESSION-e62c7e5ed36c3850:host:177.10.236.232	SESSION-e62c7e5ed36c3850 → host:177.10.236.232
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0c9a0f035acc4428:flow:11c8071bc639	SESSION-0c9a0f035acc4428 → flow:11c8071bc639
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.87:geo_-21.10010_-41.69200	host:45.173.156.87 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-460a4898e7c07917:SESSION-460a4898e7c07917	SESSION-460a4898e7c07917 → pe:tls:SESSION-460a4898e7c07917
flow_observed4-aryOBS	e:fo:flow:5fa720d4626d	flow:5fa720d4626d → host:172.234.197.23 → host:177.10.236.41 → port:tcp:38199
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-09c97c2e7f8ca5a6:flow:d48167229286	SESSION-09c97c2e7f8ca5a6 → flow:d48167229286
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6d2d33fef3a69334:flow:a6559ee3f3b7	SESSION-6d2d33fef3a69334 → flow:a6559ee3f3b7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-007ba64cafd5a15c:host:177.10.232.124:host:172.234.197.23	SESSION-007ba64cafd5a15c → host:177.10.232.124 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-09c0e42aa6120a11:SESSION-09c0e42aa6120a11	SESSION-09c0e42aa6120a11 → pe:tls:SESSION-09c0e42aa6120a11
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-78e554a3c30f161c:SESSION-78e554a3c30f161c	SESSION-78e554a3c30f161c → pe:syn:SESSION-78e554a3c30f161c
FLOW_TO_HOSTOBS	e:to:SESSION-feb7243d21c3bd2d:host:172.234.197.23	SESSION-feb7243d21c3bd2d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-eecb9eac95f77073:host:177.10.239.219	SESSION-eecb9eac95f77073 → host:177.10.239.219
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0532a1c12e883894:flow:72d2c02dbed4	SESSION-0532a1c12e883894 → flow:72d2c02dbed4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7678ab8e642a5a2a:host:172.234.197.23	SESSION-7678ab8e642a5a2a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07124c917c797d63:host:95.170.25.64	SESSION-07124c917c797d63 → host:95.170.25.64
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-25e11e259146e3a2:host:177.10.238.137:host:172.234.197.23	SESSION-25e11e259146e3a2 → host:177.10.238.137 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7aec1fe7f0c7787b:host:177.10.232.112:host:172.234.197.23	SESSION-7aec1fe7f0c7787b → host:177.10.232.112 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d4862cddc1ddaa50:SESSION-d4862cddc1ddaa50	SESSION-d4862cddc1ddaa50 → pe:tls:SESSION-d4862cddc1ddaa50
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-581b4c1bc6ff5f0b:host:172.234.197.23	SESSION-581b4c1bc6ff5f0b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-38a436ec3884f938:host:45.173.156.192	SESSION-38a436ec3884f938 → host:45.173.156.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4370d06debc0fcec:SESSION-4370d06debc0fcec	SESSION-4370d06debc0fcec → pe:tls:SESSION-4370d06debc0fcec
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77755e4fda54087c:host:131.196.28.95:host:172.234.197.23	SESSION-77755e4fda54087c → host:131.196.28.95 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8dff22511e3d5727:PCAP:capture_20260430080001:93f47cc296a4	SESSION-8dff22511e3d5727 → PCAP:capture_20260430080001:93f47cc296a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.201:geo_-23.62930_-46.63510	host:131.196.29.201 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.84:asn:262880	host:177.10.236.84 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:b93dd62bf249:port:tcp:443	flow:b93dd62bf249 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:b5984a3cb038	flow:b5984a3cb038 → host:172.234.197.23 → host:131.196.30.135 → port:tcp:20281
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea9e167400c380e9:host:172.234.197.23	SESSION-ea9e167400c380e9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-36d925db3c3b2591:SESSION-36d925db3c3b2591	SESSION-36d925db3c3b2591 → pe:syn:SESSION-36d925db3c3b2591
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a3bc2c7dd7e8bd1:host:177.10.238.16	SESSION-8a3bc2c7dd7e8bd1 → host:177.10.238.16
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1ca1108b3f9fffc:flow:c71fa0a6ac28	SESSION-d1ca1108b3f9fffc → flow:c71fa0a6ac28
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2a705ce382fec48a:flow:b80e056f3e31	SESSION-2a705ce382fec48a → flow:b80e056f3e31
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2be3bd33b6267f94:host:172.234.197.23:host:177.10.232.35	SESSION-2be3bd33b6267f94 → host:172.234.197.23 → host:177.10.232.35
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e905599dc3c27c65:flow:e477027ac4a6	SESSION-e905599dc3c27c65 → flow:e477027ac4a6
FLOW_FROM_HOSTOBS	e:from:SESSION-858e7fe3651dc7b6:host:177.10.239.64	SESSION-858e7fe3651dc7b6 → host:177.10.239.64
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a6cc06f30e6c05bb:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a6cc06f30e6c05bb → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-6c92176ee8d876ba:host:172.234.197.23	SESSION-6c92176ee8d876ba → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:02e2964d437d:port:tcp:443	flow:02e2964d437d → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4059a39607153158:host:177.10.232.165:host:172.234.197.23	SESSION-4059a39607153158 → host:177.10.232.165 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-49652bb4e1e9db35:host:172.234.197.23	SESSION-49652bb4e1e9db35 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a09dfaa93133	flow:a09dfaa93133 → host:172.234.197.23 → host:131.196.30.185 → port:tcp:65480
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.184:geo_-23.62930_-46.63510	host:131.196.29.184 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-23b772dcd58e4ef3:PCAP:capture_20260430060001:919b39a74464	SESSION-23b772dcd58e4ef3 → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.21:asn:271410	host:131.196.31.21 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b37dbc8f4449b96:host:131.196.29.141	SESSION-5b37dbc8f4449b96 → host:131.196.29.141
FLOW_TO_HOSTOBS	e:to:SESSION-b1b714ce8916a149:host:131.196.29.21	SESSION-b1b714ce8916a149 → host:131.196.29.21
flow_observed5-aryOBS	e:fo:flow:31ddd533e1a8	flow:31ddd533e1a8 → host:177.10.235.191 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6bd47d8fd21ead6d:host:172.234.197.23	SESSION-6bd47d8fd21ead6d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-586aad203217304c:SESSION-586aad203217304c	SESSION-586aad203217304c → pe:tls:SESSION-586aad203217304c
flow_observed5-aryOBS	e:fo:flow:5761bb4e0fa0	flow:5761bb4e0fa0 → host:177.10.239.208 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:fda4ef846e29	flow:fda4ef846e29 → host:172.234.197.23 → host:131.196.30.90 → port:tcp:39993
FLOW_FROM_HOSTOBS	e:from:SESSION-1d8b07a8bebdede3:host:172.234.197.23	SESSION-1d8b07a8bebdede3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-30ddbb300887e80e:PCAP:capture_20260430080001:93f47cc296a4	SESSION-30ddbb300887e80e → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9b30dbd402b74df1:SESSION-9b30dbd402b74df1	SESSION-9b30dbd402b74df1 → pe:tls:SESSION-9b30dbd402b74df1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad7e9be9d0a80554:host:177.10.236.125	SESSION-ad7e9be9d0a80554 → host:177.10.236.125
FLOW_TO_HOSTOBS	e:to:SESSION-24e3c3c409f2ba92:host:172.234.197.23	SESSION-24e3c3c409f2ba92 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d33ef29909b4f2d5:host:131.196.29.153:host:172.234.197.23	SESSION-d33ef29909b4f2d5 → host:131.196.29.153 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-838eea3d6dd669fd:host:172.234.197.23	SESSION-838eea3d6dd669fd → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.205:geo_-23.62930_-46.63510	host:131.196.29.205 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3254874520e1dae:host:131.196.31.203	SESSION-b3254874520e1dae → host:131.196.31.203
FLOW_FROM_HOSTOBS	e:from:SESSION-36a0a9e003021f23:host:51.75.171.21	SESSION-36a0a9e003021f23 → host:51.75.171.21
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4dc16adec194cf9c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-4dc16adec194cf9c → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-0200d7ef8e83c7c3:host:45.173.156.109	SESSION-0200d7ef8e83c7c3 → host:45.173.156.109
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb9e9108ca8bff14:SESSION-cb9e9108ca8bff14	SESSION-cb9e9108ca8bff14 → pe:tls:SESSION-cb9e9108ca8bff14
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4d17209bd675d4be:host:131.196.28.143:host:172.234.197.23	SESSION-4d17209bd675d4be → host:131.196.28.143 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-49ddbf605897eb3f:flow:d3bbb4017f36	SESSION-49ddbf605897eb3f → flow:d3bbb4017f36
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ec67d149df3809f6:PCAP:capture_20260430050001:8868731bf8a4	SESSION-ec67d149df3809f6 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ef49ba6d990c029:flow:70df9bee6094	SESSION-5ef49ba6d990c029 → flow:70df9bee6094
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7ab52a513e5ed877:flow:dd029d64292f	SESSION-7ab52a513e5ed877 → flow:dd029d64292f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7f9bec963f9028f2:SESSION-7f9bec963f9028f2	SESSION-7f9bec963f9028f2 → pe:syn:SESSION-7f9bec963f9028f2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b72f7dde05c7e1dd:host:177.10.238.190	SESSION-b72f7dde05c7e1dd → host:177.10.238.190
HOST_IN_ASNOBS 85%	e:ha:host:109.89.117.44:asn:12392	host:109.89.117.44 → asn:12392
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bce308e5c94583d6:SESSION-bce308e5c94583d6	SESSION-bce308e5c94583d6 → pe:syn:SESSION-bce308e5c94583d6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-05f783d5d2ea4019:SESSION-05f783d5d2ea4019	SESSION-05f783d5d2ea4019 → pe:syn:SESSION-05f783d5d2ea4019
FLOW_TO_HOSTOBS	e:to:SESSION-35dc83e37639d031:host:172.234.197.23	SESSION-35dc83e37639d031 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9f556dacd920:port:tcp:443	flow:9f556dacd920 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:a180cbe63e4a:port:tcp:54290	flow:a180cbe63e4a → port:tcp:54290
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db5998ef2bd3405b:host:172.234.197.23	SESSION-db5998ef2bd3405b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be196df3d425cb31:host:177.10.234.39:host:172.234.197.23	SESSION-be196df3d425cb31 → host:177.10.234.39 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23f94e137932a031:host:177.10.236.61	SESSION-23f94e137932a031 → host:177.10.236.61
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.228:geo_-23.62930_-46.63510	host:131.196.30.228 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.86:geo_-16.28860_-49.01640	host:177.10.239.86 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:c2c5cb086fef	flow:c2c5cb086fef → host:177.10.234.11 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e806a1e4171599f:flow:247bd0e3b7f8	SESSION-4e806a1e4171599f → flow:247bd0e3b7f8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e47cd7d3b6c5e00d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e47cd7d3b6c5e00d → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-fd0571d5316a48e1:host:172.234.197.23	SESSION-fd0571d5316a48e1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6aacd35f912a2971:host:177.10.235.202	SESSION-6aacd35f912a2971 → host:177.10.235.202
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-29f6930bb002305c:flow:a561fad76e93	SESSION-29f6930bb002305c → flow:a561fad76e93
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a6edbcdecdf7d835:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-a6edbcdecdf7d835 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-abf4853d72eba17e:host:45.173.156.26:host:172.234.197.23	SESSION-abf4853d72eba17e → host:45.173.156.26 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-08df11bd27017e71:flow:ffb55f14ed31	SESSION-08df11bd27017e71 → flow:ffb55f14ed31
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.201:geo_-23.62930_-46.63510	host:131.196.31.201 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bff0487aa2cdf6e6:flow:f01139f8d909	SESSION-bff0487aa2cdf6e6 → flow:f01139f8d909
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-36abdcc0889b5aa2:SESSION-36abdcc0889b5aa2	SESSION-36abdcc0889b5aa2 → pe:tls:SESSION-36abdcc0889b5aa2
FLOW_FROM_HOSTOBS	e:from:SESSION-cb77a42bb02f4581:host:131.196.29.203	SESSION-cb77a42bb02f4581 → host:131.196.29.203
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-651f6fdc4d4e9c59:SESSION-651f6fdc4d4e9c59	SESSION-651f6fdc4d4e9c59 → pe:syn:SESSION-651f6fdc4d4e9c59
FLOW_FROM_HOSTOBS	e:from:SESSION-c774247ce2f7d3db:host:172.234.197.23	SESSION-c774247ce2f7d3db → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a4b0ee19d173	flow:a4b0ee19d173 → host:172.234.197.23 → host:131.196.29.126 → port:tcp:52419
FLOW_DST_PORTOBS	e:fp:flow:f9c407d7f851:port:tcp:443	flow:f9c407d7f851 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b00e597f7260eb50:PCAP:capture_20260430150001:ded20914761d	SESSION-b00e597f7260eb50 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b7f4612f7527a5d:host:177.10.238.10	SESSION-5b7f4612f7527a5d → host:177.10.238.10
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.224:asn:271410	host:131.196.30.224 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb444db8c099bc0f:SESSION-cb444db8c099bc0f	SESSION-cb444db8c099bc0f → pe:syn:SESSION-cb444db8c099bc0f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d6545f001e19457:host:172.234.197.23	SESSION-2d6545f001e19457 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ead89ade728d357d:host:172.234.197.23	SESSION-ead89ade728d357d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1863330d3e94cce5:SESSION-1863330d3e94cce5	SESSION-1863330d3e94cce5 → pe:syn:SESSION-1863330d3e94cce5
FLOW_DST_PORTOBS	e:fp:flow:42884a63293f:port:tcp:443	flow:42884a63293f → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-29e21c95f9df9427:host:177.10.232.138:host:172.234.197.23	SESSION-29e21c95f9df9427 → host:177.10.232.138 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:67e1fa03f403:port:tcp:443	flow:67e1fa03f403 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4337995d605bd9f8:flow:71b70a01dbc1	SESSION-4337995d605bd9f8 → flow:71b70a01dbc1
FLOW_TO_HOSTOBS	e:to:SESSION-5218a703d93123a3:host:172.234.197.23	SESSION-5218a703d93123a3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-97344bc6f8ca22f4:host:172.234.197.23	SESSION-97344bc6f8ca22f4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d2d33fef3a69334:host:131.196.28.90	SESSION-6d2d33fef3a69334 → host:131.196.28.90
flow_observed4-aryOBS	e:fo:flow:20fcf5f8be30	flow:20fcf5f8be30 → host:172.234.197.23 → host:2.57.122.192 → port:tcp:32238
flow_observed5-aryOBS	e:fo:flow:0256f21cd65f	flow:0256f21cd65f → host:177.10.235.49 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b16751dae4d82103:SESSION-b16751dae4d82103	SESSION-b16751dae4d82103 → pe:tls:SESSION-b16751dae4d82103
flow_observed5-aryOBS	e:fo:flow:20b420a6068e	flow:20b420a6068e → host:177.10.236.104 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-687dc6215da3af8c:host:172.234.197.23	SESSION-687dc6215da3af8c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b8fce0c61e3d0bf9:host:172.234.197.23	SESSION-b8fce0c61e3d0bf9 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-1995c5dc0203e07b:BSG-BEACON-dcf3a82bd112	SESSION-1995c5dc0203e07b → BSG-BEACON-dcf3a82bd112
FLOW_DST_PORTOBS	e:fp:flow:c5c2c07cb426:port:tcp:443	flow:c5c2c07cb426 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-708abc4c81aa7c60:flow:3e49d98774e6	SESSION-708abc4c81aa7c60 → flow:3e49d98774e6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6b4752d4afe8ec71:SESSION-6b4752d4afe8ec71	SESSION-6b4752d4afe8ec71 → pe:syn:SESSION-6b4752d4afe8ec71
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-682271ad5b560620:SESSION-682271ad5b560620	SESSION-682271ad5b560620 → pe:syn:SESSION-682271ad5b560620
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-31b8d1ec0bbdfa48:flow:6946dc6e8d73	SESSION-31b8d1ec0bbdfa48 → flow:6946dc6e8d73
flow_observed5-aryOBS	e:fo:flow:ff8f00a5616f	flow:ff8f00a5616f → host:45.173.156.237 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ddc82f590dd8a411:flow:358a33420eeb	SESSION-ddc82f590dd8a411 → flow:358a33420eeb
FLOW_DST_PORTOBS	e:fp:flow:0eb6f43455bd:port:tcp:443	flow:0eb6f43455bd → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-764219a5db7d50bc:SESSION-764219a5db7d50bc	SESSION-764219a5db7d50bc → pe:syn:SESSION-764219a5db7d50bc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d3eca13f5e50de63:host:177.10.237.54:host:172.234.197.23	SESSION-d3eca13f5e50de63 → host:177.10.237.54 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-954ce8dcd8b034e5:flow:c1e4966ad61f	SESSION-954ce8dcd8b034e5 → flow:c1e4966ad61f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6fda720fc6282204:host:177.10.238.60	SESSION-6fda720fc6282204 → host:177.10.238.60
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-84d5ccfdbe119076:flow:46ae3fb9e627	SESSION-84d5ccfdbe119076 → flow:46ae3fb9e627
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89c2fe6aad8232be:host:172.234.197.23	SESSION-89c2fe6aad8232be → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-139cf5bd66e27bf0:host:172.234.197.23	SESSION-139cf5bd66e27bf0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-17dd55091d27669a:host:172.234.197.23:host:172.232.0.16	SESSION-17dd55091d27669a → host:172.234.197.23 → host:172.232.0.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bd8363b8ee3ddfde:PCAP:capture_20260430050001:8868731bf8a4	SESSION-bd8363b8ee3ddfde → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-065b3042ded53057:SESSION-065b3042ded53057	SESSION-065b3042ded53057 → pe:tls:SESSION-065b3042ded53057
FLOW_FROM_HOSTOBS	e:from:SESSION-5ff90c657a3c2e88:host:172.234.197.23	SESSION-5ff90c657a3c2e88 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-efd1ddb1a087b877:host:177.10.239.129	SESSION-efd1ddb1a087b877 → host:177.10.239.129
flow_observed3-aryOBS	e:fo:flow:93b0ad1bd8d0	flow:93b0ad1bd8d0 → host:13.53.140.247 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ec4c9189aa8273c:SESSION-2ec4c9189aa8273c	SESSION-2ec4c9189aa8273c → pe:tls:SESSION-2ec4c9189aa8273c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-799494d5bb605f27:host:172.234.197.23	SESSION-799494d5bb605f27 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c9f798a7437d:port:tcp:443	flow:c9f798a7437d → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-5ab8147bbacef01b:BSG-DATA_EXFIL-d7434e5e712b	SESSION-5ab8147bbacef01b → BSG-DATA_EXFIL-d7434e5e712b
FLOW_TO_HOSTOBS	e:to:SESSION-6b6e18a39fae0db6:host:172.234.197.23	SESSION-6b6e18a39fae0db6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eed281d532ce25c6:host:177.10.236.12:host:172.234.197.23	SESSION-eed281d532ce25c6 → host:177.10.236.12 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0847a7bc7e933771:PCAP:capture_20260430150001:ded20914761d	SESSION-0847a7bc7e933771 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8a57b2200e62e75:SESSION-c8a57b2200e62e75	SESSION-c8a57b2200e62e75 → pe:tls:SESSION-c8a57b2200e62e75
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-89fe4f171fdbfa97:flow:c9a4f7dc3c5c	SESSION-89fe4f171fdbfa97 → flow:c9a4f7dc3c5c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d58e8fad9dafe114:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d58e8fad9dafe114 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0758ca9101405049:host:172.234.197.23	SESSION-0758ca9101405049 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9a269382e1e5b425:host:172.234.197.23	SESSION-9a269382e1e5b425 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d7bf020c0439ffaa:host:2.57.122.192	SESSION-d7bf020c0439ffaa → host:2.57.122.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3da2bdbc54650cc7:SESSION-3da2bdbc54650cc7	SESSION-3da2bdbc54650cc7 → pe:tls:SESSION-3da2bdbc54650cc7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65f6be25ebaee411:SESSION-65f6be25ebaee411	SESSION-65f6be25ebaee411 → pe:tls:SESSION-65f6be25ebaee411
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.139:asn:262880	host:177.10.239.139 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ac7bdbcc541a2d8:flow:3202d09bb363	SESSION-8ac7bdbcc541a2d8 → flow:3202d09bb363
FLOW_DST_PORTOBS	e:fp:flow:d59379eb709f:port:tcp:26585	flow:d59379eb709f → port:tcp:26585
FLOW_DST_PORTOBS	e:fp:flow:1f275a80e4a1:port:tcp:18124	flow:1f275a80e4a1 → port:tcp:18124
flow_observed4-aryOBS	e:fo:flow:2109a657de5e	flow:2109a657de5e → host:172.234.197.23 → host:177.10.237.216 → port:tcp:51241
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-415460770952c9a4:flow:fe87d643d64f	SESSION-415460770952c9a4 → flow:fe87d643d64f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-63f078b7cf539982:flow:8fa4bbb2f12f	SESSION-63f078b7cf539982 → flow:8fa4bbb2f12f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-775ba1157917a355:PCAP:capture_20260430060001:919b39a74464	SESSION-775ba1157917a355 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed80052f988e41bd:host:172.234.197.23	SESSION-ed80052f988e41bd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ee8963275c4b434b:SESSION-ee8963275c4b434b	SESSION-ee8963275c4b434b → pe:tls:SESSION-ee8963275c4b434b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.250:geo_41.00190_28.96450	host:92.112.71.250 → geo_41.00190_28.96450
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cc71c07f8c21dc0:host:172.234.197.23	SESSION-6cc71c07f8c21dc0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4a1cda6283fa3945:host:172.234.197.23	SESSION-4a1cda6283fa3945 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:2ee4cc406398	flow:2ee4cc406398 → host:172.234.197.23 → host:177.10.238.76 → port:tcp:34577
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-409db122b916fc83:host:31.40.196.102	SESSION-409db122b916fc83 → host:31.40.196.102
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6965561db8b52827:SESSION-6965561db8b52827	SESSION-6965561db8b52827 → pe:tls:SESSION-6965561db8b52827
flow_observed5-aryOBS	e:fo:flow:2435bf05528c	flow:2435bf05528c → host:177.10.232.193 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-a2e4fb28ad63a51c:host:177.10.236.10	SESSION-a2e4fb28ad63a51c → host:177.10.236.10
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-386a52b5a647d101:SESSION-386a52b5a647d101	SESSION-386a52b5a647d101 → pe:syn:SESSION-386a52b5a647d101
FLOW_TO_HOSTOBS	e:to:SESSION-fec8e81be891b7cc:host:177.10.239.151	SESSION-fec8e81be891b7cc → host:177.10.239.151
FLOW_TO_HOSTOBS	e:to:SESSION-e1f0a324b14316cd:host:172.234.197.23	SESSION-e1f0a324b14316cd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7098e9f09e131f1:host:131.196.29.160	SESSION-e7098e9f09e131f1 → host:131.196.29.160
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6411f10800cf3ef5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6411f10800cf3ef5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-797ddf76fc257ebf:SESSION-797ddf76fc257ebf	SESSION-797ddf76fc257ebf → pe:syn:SESSION-797ddf76fc257ebf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7c85a8771eed4d0f:flow:0bc751025b72	SESSION-7c85a8771eed4d0f → flow:0bc751025b72
FLOW_TO_HOSTOBS	e:to:SESSION-cb7b2ae66396fc75:host:172.234.197.23	SESSION-cb7b2ae66396fc75 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d44d2d34cc029e97:SESSION-d44d2d34cc029e97	SESSION-d44d2d34cc029e97 → pe:tls:SESSION-d44d2d34cc029e97
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0c9a0f035acc4428:SESSION-0c9a0f035acc4428	SESSION-0c9a0f035acc4428 → pe:syn:SESSION-0c9a0f035acc4428
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b70d9bf346b75217:SESSION-b70d9bf346b75217	SESSION-b70d9bf346b75217 → pe:syn:SESSION-b70d9bf346b75217
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9af350d3c0c51da5:PCAP:capture_20260430090001:065659c7d314	SESSION-9af350d3c0c51da5 → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:198bd9bc5e38:port:tcp:443	flow:198bd9bc5e38 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-130c48c57d6ba6f4:flow:f1777a33d63b	SESSION-130c48c57d6ba6f4 → flow:f1777a33d63b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.68:geo_-16.28860_-49.01640	host:177.10.237.68 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51c7000fcfeb98d4:host:172.234.197.23:host:80.94.92.186	SESSION-51c7000fcfeb98d4 → host:172.234.197.23 → host:80.94.92.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c6fd3205e4a34033:host:177.10.232.168	SESSION-c6fd3205e4a34033 → host:177.10.232.168
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ee4f55e8adb586c5:host:177.10.233.40:host:172.234.197.23	SESSION-ee4f55e8adb586c5 → host:177.10.233.40 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ea2e2a37f857a7f:host:172.234.197.23	SESSION-3ea2e2a37f857a7f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e7e110cd2632aa64:host:177.10.238.232	SESSION-e7e110cd2632aa64 → host:177.10.238.232
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d3f8bf2b05f7ab82:SESSION-d3f8bf2b05f7ab82	SESSION-d3f8bf2b05f7ab82 → pe:tls:SESSION-d3f8bf2b05f7ab82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8897ca7200c8655e:host:45.148.10.151	SESSION-8897ca7200c8655e → host:45.148.10.151
FLOW_FROM_HOSTOBS	e:from:SESSION-bb70871923a8cd06:host:172.234.197.23	SESSION-bb70871923a8cd06 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-05b6ffb2a7e9e145:PCAP:capture_20260430080001:93f47cc296a4	SESSION-05b6ffb2a7e9e145 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-576e43142f03a150:host:177.10.234.219	SESSION-576e43142f03a150 → host:177.10.234.219
FLOW_DST_PORTOBS	e:fp:flow:6f75171cd09c:port:tcp:443	flow:6f75171cd09c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2c24cbdb3e7b273c:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-2c24cbdb3e7b273c → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed4-aryOBS	e:fo:flow:1eb29619512d	flow:1eb29619512d → host:172.234.197.23 → host:131.196.28.75 → port:tcp:3835
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-befc987f4c77d80c:host:103.230.240.59:host:172.234.197.23	SESSION-befc987f4c77d80c → host:103.230.240.59 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-74fa9a10a5811b00:SESSION-74fa9a10a5811b00	SESSION-74fa9a10a5811b00 → pe:tls:SESSION-74fa9a10a5811b00
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.255:geo_41.02140_28.99480	host:185.231.226.255 → geo_41.02140_28.99480
FLOW_TO_HOSTOBS	e:to:SESSION-1863330d3e94cce5:host:131.196.30.65	SESSION-1863330d3e94cce5 → host:131.196.30.65
flow_observed5-aryOBS	e:fo:flow:0c00fe59a661	flow:0c00fe59a661 → host:45.173.156.211 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ecc0c586896302d2:SESSION-ecc0c586896302d2	SESSION-ecc0c586896302d2 → pe:tls:SESSION-ecc0c586896302d2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-04af603e6c9a6691:host:172.234.197.23:host:177.10.237.82	SESSION-04af603e6c9a6691 → host:172.234.197.23 → host:177.10.237.82
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1624b178b88eb54d:host:131.196.30.245:host:172.234.197.23	SESSION-1624b178b88eb54d → host:131.196.30.245 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e606b3df4d49b4d1:host:131.196.31.38:host:172.234.197.23	SESSION-e606b3df4d49b4d1 → host:131.196.31.38 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4e9a3a3a63cdb2e:SESSION-c4e9a3a3a63cdb2e	SESSION-c4e9a3a3a63cdb2e → pe:tls:SESSION-c4e9a3a3a63cdb2e
FLOW_TO_HOSTOBS	e:to:SESSION-7b308d2f7d4fdfaa:host:172.234.197.23	SESSION-7b308d2f7d4fdfaa → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c211bfdf4443:port:tcp:80	flow:c211bfdf4443 → port:tcp:80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-288c2773d91d95c9:host:177.10.232.229:host:172.234.197.23	SESSION-288c2773d91d95c9 → host:177.10.232.229 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-85a5e7fc435163e0:SESSION-85a5e7fc435163e0	SESSION-85a5e7fc435163e0 → pe:tls:SESSION-85a5e7fc435163e0
FLOW_FROM_HOSTOBS	e:from:SESSION-7e6f5f35bde9b3d2:host:172.234.197.23	SESSION-7e6f5f35bde9b3d2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9868c83546c2d563:SESSION-9868c83546c2d563	SESSION-9868c83546c2d563 → pe:syn:SESSION-9868c83546c2d563
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fd0e8f46f0bc660:host:172.234.197.23	SESSION-7fd0e8f46f0bc660 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0ed5acb768fc	flow:0ed5acb768fc → host:45.173.156.201 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e2f1e05754e84c30:host:172.234.197.23:host:131.196.30.62	SESSION-e2f1e05754e84c30 → host:172.234.197.23 → host:131.196.30.62
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4d6f38e3582127c:host:172.234.197.23:host:131.196.29.206	SESSION-c4d6f38e3582127c → host:172.234.197.23 → host:131.196.29.206
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.221:asn:262880	host:177.10.238.221 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b0cba2347786f28d:flow:925bccf38367	SESSION-b0cba2347786f28d → flow:925bccf38367
FLOW_DST_PORTOBS	e:fp:flow:e8b91ae2d236:port:tcp:443	flow:e8b91ae2d236 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-413ea94c965ce051:host:172.234.197.23	SESSION-413ea94c965ce051 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7eeea37688fc574d:host:172.234.197.23	SESSION-7eeea37688fc574d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-456e7eaee9f2720f:host:51.224.252.115	SESSION-456e7eaee9f2720f → host:51.224.252.115
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-59a5b7880376a89f:flow:abf52d290c72	SESSION-59a5b7880376a89f → flow:abf52d290c72
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a2e73cad916b1394:PCAP:capture_20260430090001:065659c7d314	SESSION-a2e73cad916b1394 → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:3e996645afc3:port:tcp:443	flow:3e996645afc3 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ab81c1372abfe2ce:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ab81c1372abfe2ce → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-57092e6ea3a8c881:host:177.10.236.59:host:172.234.197.23	SESSION-57092e6ea3a8c881 → host:177.10.236.59 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ce88726966df20e:host:177.10.235.97	SESSION-5ce88726966df20e → host:177.10.235.97
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-51e02a163c57adb5:SESSION-51e02a163c57adb5	SESSION-51e02a163c57adb5 → pe:syn:SESSION-51e02a163c57adb5
FLOW_FROM_HOSTOBS	e:from:SESSION-365dad18baa46a43:host:95.170.25.190	SESSION-365dad18baa46a43 → host:95.170.25.190
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a6ed96bf23ac2f6b:SESSION-a6ed96bf23ac2f6b	SESSION-a6ed96bf23ac2f6b → pe:syn:SESSION-a6ed96bf23ac2f6b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2d6be65d6480cd7d:PCAP:capture_20260430060001:919b39a74464	SESSION-2d6be65d6480cd7d → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-defe39665fdb6580:flow:4b85dcad38b9	SESSION-defe39665fdb6580 → flow:4b85dcad38b9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ef8854f2d4650c5:host:177.10.234.60:host:172.234.197.23	SESSION-2ef8854f2d4650c5 → host:177.10.234.60 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-543230bb149abbcc:host:45.173.156.254	SESSION-543230bb149abbcc → host:45.173.156.254
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e1df474445c908f:host:172.234.197.23	SESSION-3e1df474445c908f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e13a35a59d4e8cb3:host:172.234.197.23	SESSION-e13a35a59d4e8cb3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d0d83e3d3d1fc018:SESSION-d0d83e3d3d1fc018	SESSION-d0d83e3d3d1fc018 → pe:syn:SESSION-d0d83e3d3d1fc018
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e87421895e57790a:host:172.234.197.23	SESSION-e87421895e57790a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc57a46aa64b7388:flow:f3de632b07b1	SESSION-cc57a46aa64b7388 → flow:f3de632b07b1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8c1a20baa14a0758:host:172.234.197.23:host:131.196.28.22	SESSION-8c1a20baa14a0758 → host:172.234.197.23 → host:131.196.28.22
FLOW_DST_PORTOBS	e:fp:flow:0e9003d0c01a:port:tcp:443	flow:0e9003d0c01a → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:2291d654d6e8:port:tcp:443	flow:2291d654d6e8 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6635e725f15c4a26:SESSION-6635e725f15c4a26	SESSION-6635e725f15c4a26 → pe:tls:SESSION-6635e725f15c4a26
FLOW_DST_PORTOBS	e:fp:flow:3d7f5e615b32:port:tcp:443	flow:3d7f5e615b32 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a5d297f882a3348:host:172.234.197.23	SESSION-4a5d297f882a3348 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a98ae7d95e9a62c0:host:172.234.197.23	SESSION-a98ae7d95e9a62c0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-704e3a6bbdc29013:SESSION-704e3a6bbdc29013	SESSION-704e3a6bbdc29013 → pe:tls:SESSION-704e3a6bbdc29013
FLOW_FROM_HOSTOBS	e:from:SESSION-6104696c1212e0a0:host:34.216.76.26	SESSION-6104696c1212e0a0 → host:34.216.76.26
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9f05806c7fdedb94:SESSION-9f05806c7fdedb94	SESSION-9f05806c7fdedb94 → pe:syn:SESSION-9f05806c7fdedb94
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b9deb407202a7aa0:flow:435b7b398a65	SESSION-b9deb407202a7aa0 → flow:435b7b398a65
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1d90a5aaa3545c15:SESSION-1d90a5aaa3545c15	SESSION-1d90a5aaa3545c15 → pe:syn:SESSION-1d90a5aaa3545c15
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6aca8ef237a42da9:host:131.196.30.233	SESSION-6aca8ef237a42da9 → host:131.196.30.233
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-39cfa534eb7ca418:PCAP:capture_20260430060001:919b39a74464	SESSION-39cfa534eb7ca418 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ac9ecab386602d8f:host:177.10.236.84:host:172.234.197.23	SESSION-ac9ecab386602d8f → host:177.10.236.84 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4cd4ae8706680eb9:SESSION-4cd4ae8706680eb9	SESSION-4cd4ae8706680eb9 → pe:tls:SESSION-4cd4ae8706680eb9
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.52:asn:273470	host:45.173.156.52 → asn:273470
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.148:asn:273470	host:45.173.156.148 → asn:273470
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b2dec3faf198ca60:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b2dec3faf198ca60 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9963b3b3d702eb6e:host:177.10.238.68:host:172.234.197.23	SESSION-9963b3b3d702eb6e → host:177.10.238.68 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-54d5efa8aa8025c4:host:177.10.232.213:host:172.234.197.23	SESSION-54d5efa8aa8025c4 → host:177.10.232.213 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1dda0e3344468f76:PCAP:capture_20260430060001:919b39a74464	SESSION-1dda0e3344468f76 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-c93e3b6f6b78357b:host:177.10.237.94	SESSION-c93e3b6f6b78357b → host:177.10.237.94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d5ae6e0246d28b44:SESSION-d5ae6e0246d28b44	SESSION-d5ae6e0246d28b44 → pe:tls:SESSION-d5ae6e0246d28b44
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-34b8eff946ae371a:flow:49941ca50d63	SESSION-34b8eff946ae371a → flow:49941ca50d63
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8417ba17d1562cbc:PCAP:capture_20260430150001:ded20914761d	SESSION-8417ba17d1562cbc → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2f691479e1fc1edf:SESSION-2f691479e1fc1edf	SESSION-2f691479e1fc1edf → pe:syn:SESSION-2f691479e1fc1edf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4dda4cfeb9223891:host:45.145.152.245	SESSION-4dda4cfeb9223891 → host:45.145.152.245
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-083cc9a3854de3cd:host:91.240.224.238:host:172.234.197.23	SESSION-083cc9a3854de3cd → host:91.240.224.238 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-98e2e9e1db14446c:host:172.234.197.23:host:177.10.235.169	SESSION-98e2e9e1db14446c → host:172.234.197.23 → host:177.10.235.169
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e5e4b6893c364bde:SESSION-e5e4b6893c364bde	SESSION-e5e4b6893c364bde → pe:syn:SESSION-e5e4b6893c364bde
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fef93e1a24936adf:host:131.196.28.134	SESSION-fef93e1a24936adf → host:131.196.28.134
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed79241b929fab43:host:177.10.239.190	SESSION-ed79241b929fab43 → host:177.10.239.190
FLOW_TO_HOSTOBS	e:to:SESSION-d6d83b2373dd8cdc:host:172.234.197.23	SESSION-d6d83b2373dd8cdc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4f95aea3e66ab57b:SESSION-4f95aea3e66ab57b	SESSION-4f95aea3e66ab57b → pe:syn:SESSION-4f95aea3e66ab57b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-04ab6357fe1e6c0a:flow:73d42f446e42	SESSION-04ab6357fe1e6c0a → flow:73d42f446e42
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-043f15d6badfcd64:SESSION-043f15d6badfcd64	SESSION-043f15d6badfcd64 → pe:tls:SESSION-043f15d6badfcd64
flow_observed5-aryOBS	e:fo:flow:0f65dad4c09c	flow:0f65dad4c09c → host:177.10.238.24 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-c5ed9f49ee99549f:host:172.234.197.23	SESSION-c5ed9f49ee99549f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a4b1418ed7a7a9f3:host:45.173.156.169:host:172.234.197.23	SESSION-a4b1418ed7a7a9f3 → host:45.173.156.169 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-66f42b3418de6818:SESSION-66f42b3418de6818	SESSION-66f42b3418de6818 → pe:tls:SESSION-66f42b3418de6818
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-231f5887ddd9d406:PCAP:capture_20260430090001:065659c7d314	SESSION-231f5887ddd9d406 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e806a1e4171599f:host:131.196.31.130	SESSION-4e806a1e4171599f → host:131.196.31.130
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac3ac59e74f457a2:host:172.234.197.23	SESSION-ac3ac59e74f457a2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d496ebf6562f:port:tcp:17235	flow:d496ebf6562f → port:tcp:17235
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98083f958ccf36d4:host:172.234.197.23	SESSION-98083f958ccf36d4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-014d878748f613f9:host:177.10.235.98	SESSION-014d878748f613f9 → host:177.10.235.98
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.169:asn:203771	host:92.112.71.169 → asn:203771
flow_observed5-aryOBS	e:fo:flow:dbef17f7c5ef	flow:dbef17f7c5ef → host:131.196.31.162 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-60441095965530ae:SESSION-60441095965530ae	SESSION-60441095965530ae → pe:tls:SESSION-60441095965530ae
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b6f4863e4efa4050:flow:84c70ec3a025	SESSION-b6f4863e4efa4050 → flow:84c70ec3a025
FLOW_DST_PORTOBS	e:fp:flow:08c7002b42a3:port:tcp:1129	flow:08c7002b42a3 → port:tcp:1129
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-39aafc698c61dd93:host:172.234.197.23:host:177.10.235.248	SESSION-39aafc698c61dd93 → host:172.234.197.23 → host:177.10.235.248
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cf85a83f91ce2875:SESSION-cf85a83f91ce2875	SESSION-cf85a83f91ce2875 → pe:syn:SESSION-cf85a83f91ce2875
FLOW_DST_PORTOBS	e:fp:flow:572a057fddca:port:tcp:443	flow:572a057fddca → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-164b17078fceb547:SESSION-164b17078fceb547	SESSION-164b17078fceb547 → pe:tls:SESSION-164b17078fceb547
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cfdf42e58546762b:host:172.234.197.23	SESSION-cfdf42e58546762b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7498682ecb6877b0:host:172.234.197.23	SESSION-7498682ecb6877b0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-be374c360242db8a:SESSION-be374c360242db8a	SESSION-be374c360242db8a → pe:syn:SESSION-be374c360242db8a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e8070c9158a1a853:SESSION-e8070c9158a1a853	SESSION-e8070c9158a1a853 → pe:syn:SESSION-e8070c9158a1a853
FLOW_TO_HOSTOBS	e:to:SESSION-cb77a42bb02f4581:host:172.234.197.23	SESSION-cb77a42bb02f4581 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1842fb1b2a9a6572:host:177.10.236.199:host:172.234.197.23	SESSION-1842fb1b2a9a6572 → host:177.10.236.199 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-495677aa294b030b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-495677aa294b030b → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-b2c61460e754c8f6:host:172.234.197.23	SESSION-b2c61460e754c8f6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2625555cac004c06:host:172.234.197.23:host:131.196.31.104	SESSION-2625555cac004c06 → host:172.234.197.23 → host:131.196.31.104
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5792abf3d18d9356:SESSION-5792abf3d18d9356	SESSION-5792abf3d18d9356 → pe:tls:SESSION-5792abf3d18d9356
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-292edad33ae38c98:host:131.196.30.60:host:172.234.197.23	SESSION-292edad33ae38c98 → host:131.196.30.60 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8d0bef7920d84e31:SESSION-8d0bef7920d84e31	SESSION-8d0bef7920d84e31 → pe:tls:SESSION-8d0bef7920d84e31
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ea3a69414cbbc32d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ea3a69414cbbc32d → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7d8111f65a253e3a:host:177.10.234.254:host:172.234.197.23	SESSION-7d8111f65a253e3a → host:177.10.234.254 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a412381d3ec6112:flow:805dc51bcb4f	SESSION-4a412381d3ec6112 → flow:805dc51bcb4f
FLOW_DST_PORTOBS	e:fp:flow:efeaf9943020:port:tcp:16482	flow:efeaf9943020 → port:tcp:16482
flow_observed5-aryOBS	e:fo:flow:239159cb0e4e	flow:239159cb0e4e → host:177.10.239.107 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:3b93b67df890	flow:3b93b67df890 → host:172.234.197.23 → host:131.196.30.243 → port:tcp:14191
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aaa8cebb6aaa8760:host:172.234.197.23	SESSION-aaa8cebb6aaa8760 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2d226dc6e18df532:SESSION-2d226dc6e18df532	SESSION-2d226dc6e18df532 → pe:syn:SESSION-2d226dc6e18df532
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65c3eea3bc378ff0:SESSION-65c3eea3bc378ff0	SESSION-65c3eea3bc378ff0 → pe:syn:SESSION-65c3eea3bc378ff0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a0e660e7f8fdd6f:SESSION-4a0e660e7f8fdd6f	SESSION-4a0e660e7f8fdd6f → pe:syn:SESSION-4a0e660e7f8fdd6f
FLOW_FROM_HOSTOBS	e:from:SESSION-0a88c1288033e7cc:host:45.173.156.48	SESSION-0a88c1288033e7cc → host:45.173.156.48
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d9ece39eb531c8b:flow:b5e5474721fd	SESSION-1d9ece39eb531c8b → flow:b5e5474721fd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38739a517334cf5a:host:177.10.238.195	SESSION-38739a517334cf5a → host:177.10.238.195
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.171:asn:262880	host:177.10.236.171 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-0ffe1a7a04c39301:host:172.234.197.23	SESSION-0ffe1a7a04c39301 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6e798ff0c310952a:SESSION-6e798ff0c310952a	SESSION-6e798ff0c310952a → pe:syn:SESSION-6e798ff0c310952a
FLOW_TO_HOSTOBS	e:to:SESSION-c3d488fa50a25e1f:host:172.234.197.23	SESSION-c3d488fa50a25e1f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:09e0a7549032	flow:09e0a7549032 → host:131.196.30.237 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-27da8f08a1512941:SESSION-27da8f08a1512941	SESSION-27da8f08a1512941 → pe:syn:SESSION-27da8f08a1512941
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bc6a5831c46f644f:SESSION-bc6a5831c46f644f	SESSION-bc6a5831c46f644f → pe:tls:SESSION-bc6a5831c46f644f
FLOW_DST_PORTOBS	e:fp:flow:54efcc92c2b2:port:tcp:35065	flow:54efcc92c2b2 → port:tcp:35065
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-46631c2a8361f405:host:172.234.197.23:host:177.10.233.123	SESSION-46631c2a8361f405 → host:172.234.197.23 → host:177.10.233.123
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ea2b78fffe48f844:host:131.196.28.204:host:172.234.197.23	SESSION-ea2b78fffe48f844 → host:131.196.28.204 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e44d3b0a0ee22cd6:SESSION-e44d3b0a0ee22cd6	SESSION-e44d3b0a0ee22cd6 → pe:syn:SESSION-e44d3b0a0ee22cd6
FLOW_DST_PORTOBS	e:fp:flow:ff607ec6923a:port:tcp:443	flow:ff607ec6923a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf343490b1b7ef49:host:172.234.197.23	SESSION-bf343490b1b7ef49 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3089f893be8ea87:host:131.196.30.222	SESSION-e3089f893be8ea87 → host:131.196.30.222
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.178:asn:271410	host:131.196.28.178 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9582152c6f7e826d:SESSION-9582152c6f7e826d	SESSION-9582152c6f7e826d → pe:tls:SESSION-9582152c6f7e826d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-42d85a7a0d0a6c22:host:45.173.156.186:host:172.234.197.23	SESSION-42d85a7a0d0a6c22 → host:45.173.156.186 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8684436ffb4e26c7:host:172.234.197.23	SESSION-8684436ffb4e26c7 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:99b079c2bd3a	flow:99b079c2bd3a → host:177.10.234.160 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37a50d9fe3e20191:flow:64f60722c2db	SESSION-37a50d9fe3e20191 → flow:64f60722c2db
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e11f8c5c1e806073:host:3.102.9.236:host:172.234.197.23	SESSION-e11f8c5c1e806073 → host:3.102.9.236 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d501ba0fe92f:port:tcp:47084	flow:d501ba0fe92f → port:tcp:47084
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34cbebf9a190be23:host:172.234.197.23	SESSION-34cbebf9a190be23 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9d74d897cd43b428:PCAP:capture_20260430150001:ded20914761d	SESSION-9d74d897cd43b428 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-1191ea69c7b9e8e5:host:109.89.117.44	SESSION-1191ea69c7b9e8e5 → host:109.89.117.44
FLOW_TO_HOSTOBS	e:to:SESSION-4f6b9574b70ed197:host:172.234.197.23	SESSION-4f6b9574b70ed197 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a84fec3b32ec885d:host:172.234.197.23	SESSION-a84fec3b32ec885d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7558286b16680d35:host:45.173.156.134	SESSION-7558286b16680d35 → host:45.173.156.134
FLOW_FROM_HOSTOBS	e:from:SESSION-bfa1612081e2aa61:host:16.147.218.115	SESSION-bfa1612081e2aa61 → host:16.147.218.115
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7498682ecb6877b0:host:131.196.31.127	SESSION-7498682ecb6877b0 → host:131.196.31.127
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.71:geo_-16.28860_-49.01640	host:177.10.234.71 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-22c25719fd1e6342:host:172.234.197.23	SESSION-22c25719fd1e6342 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-836e4ff4bdb8da04:flow:055b0031659d	SESSION-836e4ff4bdb8da04 → flow:055b0031659d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fcdaaf650d72b5bc:flow:e5babc92bbf3	SESSION-fcdaaf650d72b5bc → flow:e5babc92bbf3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ad4db4cca9d566af:SESSION-ad4db4cca9d566af	SESSION-ad4db4cca9d566af → pe:syn:SESSION-ad4db4cca9d566af
flow_observed5-aryOBS	e:fo:flow:ad28e31e7902	flow:ad28e31e7902 → host:177.10.239.98 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-65d310d8fe50c39e:host:172.234.197.23	SESSION-65d310d8fe50c39e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-699c907c7ac66403:host:172.234.197.23	SESSION-699c907c7ac66403 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16df0786ef84574d:host:172.234.197.23	SESSION-16df0786ef84574d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b117f2a3fa82af67:SESSION-b117f2a3fa82af67	SESSION-b117f2a3fa82af67 → pe:tls:SESSION-b117f2a3fa82af67
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6e798ff0c310952a:flow:92d87b4a1082	SESSION-6e798ff0c310952a → flow:92d87b4a1082
FLOW_DST_PORTOBS	e:fp:flow:7ccb0d93d5e0:port:tcp:443	flow:7ccb0d93d5e0 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d694cf0080c35c2f:host:177.10.234.103:host:172.234.197.23	SESSION-d694cf0080c35c2f → host:177.10.234.103 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f62a59cabf6a851:host:177.10.236.104	SESSION-7f62a59cabf6a851 → host:177.10.236.104
FLOW_TO_HOSTOBS	e:to:SESSION-db0c4d22fd57aedf:host:131.196.30.55	SESSION-db0c4d22fd57aedf → host:131.196.30.55
FLOW_TO_HOSTOBS	e:to:SESSION-0e6f218d3e359434:host:172.234.197.23	SESSION-0e6f218d3e359434 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c35942669d0b12c8:host:172.234.197.23	SESSION-c35942669d0b12c8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f737e621c51c7ecf:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f737e621c51c7ecf → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1110d6d36f6ebd42:flow:59f9ac0a020b	SESSION-1110d6d36f6ebd42 → flow:59f9ac0a020b
FLOW_FROM_HOSTOBS	e:from:SESSION-00f403aeec8e6c17:host:131.196.30.167	SESSION-00f403aeec8e6c17 → host:131.196.30.167
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c3957034b2fd24e8:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c3957034b2fd24e8 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-d6c901db44791138:host:172.234.197.23	SESSION-d6c901db44791138 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-455353f546d0ad3e:SESSION-455353f546d0ad3e	SESSION-455353f546d0ad3e → pe:tls:SESSION-455353f546d0ad3e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9ab65b5d8a01cf3d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-9ab65b5d8a01cf3d → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aaf7ce37564a0317:SESSION-aaf7ce37564a0317	SESSION-aaf7ce37564a0317 → pe:tls:SESSION-aaf7ce37564a0317
FLOW_DST_PORTOBS	e:fp:flow:eb26a1b8e4cd:port:tcp:49643	flow:eb26a1b8e4cd → port:tcp:49643
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-09e9de69a12074bb:SESSION-09e9de69a12074bb	SESSION-09e9de69a12074bb → pe:syn:SESSION-09e9de69a12074bb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7e06a830af01410:flow:a7b51cacb28e	SESSION-b7e06a830af01410 → flow:a7b51cacb28e
FLOW_FROM_HOSTOBS	e:from:SESSION-a592f97b57bb2999:host:177.10.237.115	SESSION-a592f97b57bb2999 → host:177.10.237.115
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-72f157e6b3da81bc:SESSION-72f157e6b3da81bc	SESSION-72f157e6b3da81bc → pe:syn:SESSION-72f157e6b3da81bc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b048ecd988d76f67:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b048ecd988d76f67 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57e30ec2e308e552:host:172.234.197.23	SESSION-57e30ec2e308e552 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21b975753a100632:host:172.234.197.23	SESSION-21b975753a100632 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc01b506a83e5847:host:172.234.197.23	SESSION-fc01b506a83e5847 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35228babc2ac6e48:host:177.10.235.185	SESSION-35228babc2ac6e48 → host:177.10.235.185
flow_observed5-aryOBS	e:fo:flow:c0389422a5c0	flow:c0389422a5c0 → host:177.10.239.139 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:482b91ee59c0:port:tcp:29368	flow:482b91ee59c0 → port:tcp:29368
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab20216cf3eeb0ee:host:177.10.236.205	SESSION-ab20216cf3eeb0ee → host:177.10.236.205
flow_observed5-aryOBS	e:fo:flow:6459e3f91d35	flow:6459e3f91d35 → host:131.196.31.42 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-342ba7535c6572a7:host:172.234.197.23	SESSION-342ba7535c6572a7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7928f63a898f7aac:host:172.234.197.23	SESSION-7928f63a898f7aac → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.184.232.115:geo_45.84010_-119.70500	host:54.184.232.115 → geo_45.84010_-119.70500
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f8396d269748cb9c:SESSION-f8396d269748cb9c	SESSION-f8396d269748cb9c → pe:tls:SESSION-f8396d269748cb9c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-352a47a3f8b3882e:host:172.234.197.23	SESSION-352a47a3f8b3882e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d1eb76257bda	flow:d1eb76257bda → host:177.10.235.155 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68317c08ea2eebc2:host:131.196.31.221	SESSION-68317c08ea2eebc2 → host:131.196.31.221
FLOW_TO_HOSTOBS	e:to:SESSION-c4503d5677d79139:host:172.234.197.23	SESSION-c4503d5677d79139 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c652a29a62d722ea:SESSION-c652a29a62d722ea	SESSION-c652a29a62d722ea → pe:syn:SESSION-c652a29a62d722ea
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f2f14bb2a06741aa:SESSION-f2f14bb2a06741aa	SESSION-f2f14bb2a06741aa → pe:syn:SESSION-f2f14bb2a06741aa
FLOW_DST_PORTOBS	e:fp:flow:bd9cbeb07997:port:tcp:443	flow:bd9cbeb07997 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:14fef8c40f5d:port:tcp:443	flow:14fef8c40f5d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4939a9166796718f:host:172.234.197.23	SESSION-4939a9166796718f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-36d925db3c3b2591:SESSION-36d925db3c3b2591	SESSION-36d925db3c3b2591 → pe:tls:SESSION-36d925db3c3b2591
FLOW_DST_PORTOBS	e:fp:flow:6bf9f984b3f5:port:tcp:443	flow:6bf9f984b3f5 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:da47990b0d54:port:tcp:443	flow:da47990b0d54 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c16307b11a026263:SESSION-c16307b11a026263	SESSION-c16307b11a026263 → pe:tls:SESSION-c16307b11a026263
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2eb904b60673a30b:flow:1f275a80e4a1	SESSION-2eb904b60673a30b → flow:1f275a80e4a1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1530091b08a9906d:SESSION-1530091b08a9906d	SESSION-1530091b08a9906d → pe:tls:SESSION-1530091b08a9906d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7832d3594ed31e4:host:92.112.71.6:host:172.234.197.23	SESSION-b7832d3594ed31e4 → host:92.112.71.6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ef5ed6d64625f76:host:131.196.28.242	SESSION-8ef5ed6d64625f76 → host:131.196.28.242
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-caf4287e8000c114:PCAP:capture_20260430160001:9bfa4498506a	SESSION-caf4287e8000c114 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:873011771a03	flow:873011771a03 → host:177.10.235.151 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-e1ff5f640d9a1d3a:host:172.234.197.23	SESSION-e1ff5f640d9a1d3a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.94:geo_-23.62930_-46.63510	host:131.196.31.94 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:329147a28565:port:tcp:443	flow:329147a28565 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7cc58ab2d16fcbf8:flow:b140447e670d	SESSION-7cc58ab2d16fcbf8 → flow:b140447e670d
flow_observed5-aryOBS	e:fo:flow:ed3aea9970ac	flow:ed3aea9970ac → host:177.10.236.213 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f43808d089ea9fde:host:131.196.28.72	SESSION-f43808d089ea9fde → host:131.196.28.72
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4145be500857fbf:flow:953e707e2c3e	SESSION-c4145be500857fbf → flow:953e707e2c3e
flow_observed3-aryOBS	e:fo:flow:50b3af19b1ba	flow:50b3af19b1ba → host:172.234.197.23 → host:213.209.159.159
FLOW_TO_HOSTOBS	e:to:SESSION-ac69dcbefbb93dfd:host:172.234.197.23	SESSION-ac69dcbefbb93dfd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-47d7544842406eea:host:177.10.236.11	SESSION-47d7544842406eea → host:177.10.236.11
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f40f233058919cef:host:172.234.197.23	SESSION-f40f233058919cef → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bff0487aa2cdf6e6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-bff0487aa2cdf6e6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c17e2540d05f4c2:host:131.196.30.212	SESSION-3c17e2540d05f4c2 → host:131.196.30.212
FLOW_TO_HOSTOBS	e:to:SESSION-ce217831fb6e1103:host:177.10.234.104	SESSION-ce217831fb6e1103 → host:177.10.234.104
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78b89cf411e3ebb4:host:172.234.197.23	SESSION-78b89cf411e3ebb4 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.72:geo_-23.62930_-46.63510	host:131.196.28.72 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:a1208b68c508:port:tcp:443	flow:a1208b68c508 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:6c16b3c1d71a:port:tcp:8846	flow:6c16b3c1d71a → port:tcp:8846
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa32b0aa2bffc0b5:host:131.196.28.200:host:172.234.197.23	SESSION-aa32b0aa2bffc0b5 → host:131.196.28.200 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e0a8afad40ce0aa2:host:177.10.235.162:host:172.234.197.23	SESSION-e0a8afad40ce0aa2 → host:177.10.235.162 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-195f8b2639df23c4:host:172.234.197.23	SESSION-195f8b2639df23c4 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-08a40451c9cdc962:BSG-DATA_EXFIL-b340f8c22b59	SESSION-08a40451c9cdc962 → BSG-DATA_EXFIL-b340f8c22b59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8417b06622c43718:host:131.196.30.131	SESSION-8417b06622c43718 → host:131.196.30.131
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-136356e88c69bcaa:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-136356e88c69bcaa → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.198:asn:262880	host:177.10.239.198 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0427ab07f20fae31:host:172.234.197.23	SESSION-0427ab07f20fae31 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2842c4c08e29d7d7:host:37.221.79.41	SESSION-2842c4c08e29d7d7 → host:37.221.79.41
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e094b52f54dff79:host:131.196.28.176	SESSION-4e094b52f54dff79 → host:131.196.28.176
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-140ad048b49f1a57:host:131.196.31.73:host:172.234.197.23	SESSION-140ad048b49f1a57 → host:131.196.31.73 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3ecb424a0a4d5b0f:flow:a503764de615	SESSION-3ecb424a0a4d5b0f → flow:a503764de615
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c491b8c96ce6e8c2:flow:aeca250f29dc	SESSION-c491b8c96ce6e8c2 → flow:aeca250f29dc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-958fc48089d68c44:PCAP:capture_20260430050001:8868731bf8a4	SESSION-958fc48089d68c44 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:c4215030ed58:port:tcp:443	flow:c4215030ed58 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-381a0e70ba36b75c:host:172.234.197.23	SESSION-381a0e70ba36b75c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-17e08e972fb579a9:SESSION-17e08e972fb579a9	SESSION-17e08e972fb579a9 → pe:tls:SESSION-17e08e972fb579a9
FLOW_TO_HOSTOBS	e:to:SESSION-7f008aa22e7b680c:host:131.196.29.46	SESSION-7f008aa22e7b680c → host:131.196.29.46
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.95:asn:262880	host:177.10.237.95 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7de8e99103378c90:PCAP:capture_20260430130001:4249c4e0a4c4	SESSION-7de8e99103378c90 → PCAP:capture_20260430130001:4249c4e0a4c4
FLOW_FROM_HOSTOBS	e:from:SESSION-9af350d3c0c51da5:host:177.10.238.163	SESSION-9af350d3c0c51da5 → host:177.10.238.163
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4b1f95fcf0f122c7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4b1f95fcf0f122c7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.156:geo_-23.62930_-46.63510	host:131.196.31.156 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a137096eda6236d7:host:172.234.197.23:host:177.10.238.107	SESSION-a137096eda6236d7 → host:172.234.197.23 → host:177.10.238.107
FLOW_TO_HOSTOBS	e:to:SESSION-83dd76c193cbd2e0:host:172.234.197.23	SESSION-83dd76c193cbd2e0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7f799bd198c08bce:SESSION-7f799bd198c08bce	SESSION-7f799bd198c08bce → pe:tls:SESSION-7f799bd198c08bce
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f53fdd8a51294c3d:host:172.234.197.23	SESSION-f53fdd8a51294c3d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd573746c1e36a64:host:172.234.197.23	SESSION-fd573746c1e36a64 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5a75b8c86281e6b7:host:172.234.197.23:host:177.10.235.201	SESSION-5a75b8c86281e6b7 → host:172.234.197.23 → host:177.10.235.201
FLOW_DST_PORTOBS	e:fp:flow:af2b39367810:port:tcp:443	flow:af2b39367810 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:90c06adffb70	flow:90c06adffb70 → host:177.10.236.186 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:ed2e3c104301:port:tcp:35049	flow:ed2e3c104301 → port:tcp:35049
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-980b61ddea9c5965:PCAP:capture_20260430160001:9bfa4498506a	SESSION-980b61ddea9c5965 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-913ac926bd708af5:PCAP:capture_20260430060001:919b39a74464	SESSION-913ac926bd708af5 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-9c36bc9032caa64b:host:45.145.152.109	SESSION-9c36bc9032caa64b → host:45.145.152.109
FLOW_DST_PORTOBS	e:fp:flow:ce31789228b9:port:tcp:443	flow:ce31789228b9 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.15:asn:262880	host:177.10.237.15 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-6c06bd8d9952317f:host:172.234.197.23	SESSION-6c06bd8d9952317f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-718b3dc95b6876be:host:172.234.197.23	SESSION-718b3dc95b6876be → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-442d12ad40b35d12:host:45.173.156.124	SESSION-442d12ad40b35d12 → host:45.173.156.124
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-38a9f2b2580a8fb5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-38a9f2b2580a8fb5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:d40d8401ca62:port:tcp:13635	flow:d40d8401ca62 → port:tcp:13635
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3676532bb2f3ac59:flow:eea467dd73eb	SESSION-3676532bb2f3ac59 → flow:eea467dd73eb
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.172:asn:271410	host:131.196.29.172 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be196df3d425cb31:host:172.234.197.23	SESSION-be196df3d425cb31 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9f49b20c8baea20b:host:172.234.197.23	SESSION-9f49b20c8baea20b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ab42e00b724a7daa:flow:1648e82053b1	SESSION-ab42e00b724a7daa → flow:1648e82053b1
HOST_IN_ASNOBS 85%	e:ha:host:51.224.74.176:asn:16509	host:51.224.74.176 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b58dfbdc72ba0e86:host:177.10.237.73	SESSION-b58dfbdc72ba0e86 → host:177.10.237.73
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1db6dc9c45987f6e:SESSION-1db6dc9c45987f6e	SESSION-1db6dc9c45987f6e → pe:tls:SESSION-1db6dc9c45987f6e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-07e54ca458e8eeab:SESSION-07e54ca458e8eeab	SESSION-07e54ca458e8eeab → pe:tls:SESSION-07e54ca458e8eeab
flow_observed5-aryOBS	e:fo:flow:7c9b7348287d	flow:7c9b7348287d → host:177.10.236.171 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7640c6607dc14992:host:131.196.28.240	SESSION-7640c6607dc14992 → host:131.196.28.240
FLOW_TO_HOSTOBS	e:to:SESSION-5fb6fe079446275d:host:131.196.30.185	SESSION-5fb6fe079446275d → host:131.196.30.185
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bd79e02a6b67038:host:78.12.17.95	SESSION-4bd79e02a6b67038 → host:78.12.17.95
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67c350ca0312f6cb:host:177.10.238.238	SESSION-67c350ca0312f6cb → host:177.10.238.238
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.62:asn:271410	host:131.196.29.62 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fbcf03ac27ad8556:PCAP:capture_20260430110001:43611bdf6759	SESSION-fbcf03ac27ad8556 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:b4f400ee5378:port:tcp:443	flow:b4f400ee5378 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-759329d52e4cabab:host:172.232.0.16	SESSION-759329d52e4cabab → host:172.232.0.16
FLOW_TLS_SNIOBS	e:fs:flow:e9b114480d67:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:e9b114480d67 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ddc82f590dd8a411:SESSION-ddc82f590dd8a411	SESSION-ddc82f590dd8a411 → pe:syn:SESSION-ddc82f590dd8a411
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f0a8fa8ac12ff0c6:flow:b2d7167908ff	SESSION-f0a8fa8ac12ff0c6 → flow:b2d7167908ff
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47acb5bee39822f1:host:172.234.197.23:host:177.10.239.18	SESSION-47acb5bee39822f1 → host:172.234.197.23 → host:177.10.239.18
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.0:asn:271410	host:131.196.28.0 → asn:271410
flow_observed5-aryOBS	e:fo:flow:1c5cadac5198	flow:1c5cadac5198 → host:177.10.233.17 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4883770547012399:SESSION-4883770547012399	SESSION-4883770547012399 → pe:tls:SESSION-4883770547012399
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3a3b20edc3bf85f8:SESSION-3a3b20edc3bf85f8	SESSION-3a3b20edc3bf85f8 → pe:syn:SESSION-3a3b20edc3bf85f8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68317c08ea2eebc2:flow:db631979fcd2	SESSION-68317c08ea2eebc2 → flow:db631979fcd2
flow_observed4-aryOBS	e:fo:flow:17231e591100	flow:17231e591100 → host:172.234.197.23 → host:104.28.202.77 → port:tcp:58810
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3094c6d527f665e9:host:172.234.197.23	SESSION-3094c6d527f665e9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4754bc389b07ad3e:host:131.196.29.138	SESSION-4754bc389b07ad3e → host:131.196.29.138
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-981fac77dd79326b:SESSION-981fac77dd79326b	SESSION-981fac77dd79326b → pe:syn:SESSION-981fac77dd79326b
FLOW_FROM_HOSTOBS	e:from:SESSION-0af842276eef56a1:host:51.161.119.157	SESSION-0af842276eef56a1 → host:51.161.119.157
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-31f3a24ceae3d348:host:172.234.197.23:host:131.196.30.12	SESSION-31f3a24ceae3d348 → host:172.234.197.23 → host:131.196.30.12
FLOW_DST_PORTOBS	e:fp:flow:01417a6aeccd:port:tcp:45869	flow:01417a6aeccd → port:tcp:45869
FLOW_FROM_HOSTOBS	e:from:SESSION-baee22f4fffa81d2:host:172.234.197.23	SESSION-baee22f4fffa81d2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fc91fd95f4bed82:host:172.234.197.23	SESSION-3fc91fd95f4bed82 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8d3473ebe422	flow:8d3473ebe422 → host:131.196.28.40 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d0cd9b8959e0e89e:SESSION-d0cd9b8959e0e89e	SESSION-d0cd9b8959e0e89e → pe:tls:SESSION-d0cd9b8959e0e89e
flow_observed5-aryOBS	e:fo:flow:cc7bcd74c035	flow:cc7bcd74c035 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ead5791c5617fb56:flow:e8086fb2a9cb	SESSION-ead5791c5617fb56 → flow:e8086fb2a9cb
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.151:asn:271410	host:131.196.28.151 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5746e0d81f0d05c1:SESSION-5746e0d81f0d05c1	SESSION-5746e0d81f0d05c1 → pe:syn:SESSION-5746e0d81f0d05c1
FLOW_FROM_HOSTOBS	e:from:SESSION-85a8f577301970a2:host:177.10.238.53	SESSION-85a8f577301970a2 → host:177.10.238.53
flow_observed5-aryOBS	e:fo:flow:9e5960016eed	flow:9e5960016eed → host:177.10.239.190 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-ddc82f590dd8a411:host:172.234.197.23	SESSION-ddc82f590dd8a411 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0cb5698f1d5957a:SESSION-c0cb5698f1d5957a	SESSION-c0cb5698f1d5957a → pe:syn:SESSION-c0cb5698f1d5957a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-259d89cf1511dc5c:SESSION-259d89cf1511dc5c	SESSION-259d89cf1511dc5c → pe:syn:SESSION-259d89cf1511dc5c
FLOW_DST_PORTOBS	e:fp:flow:650010dca645:port:tcp:443	flow:650010dca645 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a5381df0c70f3b63:SESSION-a5381df0c70f3b63	SESSION-a5381df0c70f3b63 → pe:tls:SESSION-a5381df0c70f3b63
FLOW_FROM_HOSTOBS	e:from:SESSION-e45220a51eb759d9:host:172.234.197.23	SESSION-e45220a51eb759d9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f003e7e66ba8f79:host:131.196.31.238:host:172.234.197.23	SESSION-4f003e7e66ba8f79 → host:131.196.31.238 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9582152c6f7e826d:host:172.234.197.23:host:177.10.239.108	SESSION-9582152c6f7e826d → host:172.234.197.23 → host:177.10.239.108
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e606b3df4d49b4d1:host:172.234.197.23	SESSION-e606b3df4d49b4d1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9ef36b158fc63267:SESSION-9ef36b158fc63267	SESSION-9ef36b158fc63267 → pe:syn:SESSION-9ef36b158fc63267
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5fcf38b0a54673cb:SESSION-5fcf38b0a54673cb	SESSION-5fcf38b0a54673cb → pe:syn:SESSION-5fcf38b0a54673cb
FLOW_FROM_HOSTOBS	e:from:SESSION-0553c47d8718786a:host:177.10.234.244	SESSION-0553c47d8718786a → host:177.10.234.244
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bee41282d03c4eb5:host:177.10.232.151	SESSION-bee41282d03c4eb5 → host:177.10.232.151
FLOW_TO_HOSTOBS	e:to:SESSION-e99befaea58c8acf:host:172.234.197.23	SESSION-e99befaea58c8acf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c14806e741c4fd98:host:109.89.117.44	SESSION-c14806e741c4fd98 → host:109.89.117.44
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-89ff4b6182efd39b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-89ff4b6182efd39b → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d11580ecaeb7d77b:SESSION-d11580ecaeb7d77b	SESSION-d11580ecaeb7d77b → pe:tls:SESSION-d11580ecaeb7d77b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0510bb60587070dd:SESSION-0510bb60587070dd	SESSION-0510bb60587070dd → pe:tls:SESSION-0510bb60587070dd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d60f9952407f0d18:host:213.209.159.159:host:172.234.197.23	SESSION-d60f9952407f0d18 → host:213.209.159.159 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d4341cc9426e2382:host:172.234.197.23	SESSION-d4341cc9426e2382 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-40f1f2214a3951bb:SESSION-40f1f2214a3951bb	SESSION-40f1f2214a3951bb → pe:tls:SESSION-40f1f2214a3951bb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-074c4a6b1ee06430:SESSION-074c4a6b1ee06430	SESSION-074c4a6b1ee06430 → pe:syn:SESSION-074c4a6b1ee06430
flow_observed5-aryOBS	e:fo:flow:b9b222cba2fe	flow:b9b222cba2fe → host:177.10.237.99 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d8b07a8bebdede3:host:172.234.197.23	SESSION-1d8b07a8bebdede3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:11fff8b667ab	flow:11fff8b667ab → host:45.145.152.248 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd4f490a373a283b:host:5.182.209.49	SESSION-cd4f490a373a283b → host:5.182.209.49
FLOW_TO_HOSTOBS	e:to:SESSION-06c7d2e525939bdd:host:172.234.197.23	SESSION-06c7d2e525939bdd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-b7832d3594ed31e4:SESSION-b7832d3594ed31e4	SESSION-b7832d3594ed31e4 → pe:rst:SESSION-b7832d3594ed31e4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9b5948254caf12dd:SESSION-9b5948254caf12dd	SESSION-9b5948254caf12dd → pe:tls:SESSION-9b5948254caf12dd
FLOW_TO_HOSTOBS	e:to:SESSION-7771c9cc3604c57a:host:172.234.197.23	SESSION-7771c9cc3604c57a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a10403a08caf	flow:a10403a08caf → host:131.196.30.54 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-9c68429e2f7bfcd9:host:172.234.197.23	SESSION-9c68429e2f7bfcd9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ca44e56e93546a2c:SESSION-ca44e56e93546a2c	SESSION-ca44e56e93546a2c → pe:tls:SESSION-ca44e56e93546a2c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e332f49c3a5896d2:flow:cec985d775d4	SESSION-e332f49c3a5896d2 → flow:cec985d775d4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.253:geo_-16.28860_-49.01640	host:177.10.236.253 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-de82cbdf751e150b:host:177.10.234.64:host:172.234.197.23	SESSION-de82cbdf751e150b → host:177.10.234.64 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-184aec41cea03479:host:172.234.197.23	SESSION-184aec41cea03479 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-678637d3dc5962bf:host:172.234.197.23	SESSION-678637d3dc5962bf → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3a082d71203d179a:flow:5227d7443502	SESSION-3a082d71203d179a → flow:5227d7443502
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8e743a12f6a9d6a4:flow:f8953f4eec61	SESSION-8e743a12f6a9d6a4 → flow:f8953f4eec61
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.250:geo_-23.62930_-46.63510	host:131.196.30.250 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-e905599dc3c27c65:host:177.10.236.118	SESSION-e905599dc3c27c65 → host:177.10.236.118
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-671ee03668a9eda8:SESSION-671ee03668a9eda8	SESSION-671ee03668a9eda8 → pe:syn:SESSION-671ee03668a9eda8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c54c8f2f9fead0c6:SESSION-c54c8f2f9fead0c6	SESSION-c54c8f2f9fead0c6 → pe:syn:SESSION-c54c8f2f9fead0c6
FLOW_DST_PORTOBS	e:fp:flow:e204ebd6e9a0:port:tcp:443	flow:e204ebd6e9a0 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1d5390845b17c572:SESSION-1d5390845b17c572	SESSION-1d5390845b17c572 → pe:syn:SESSION-1d5390845b17c572
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-122a5b909d033cbb:flow:0eac9f1304ea	SESSION-122a5b909d033cbb → flow:0eac9f1304ea
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.93:geo_-23.62930_-46.63510	host:131.196.28.93 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:9ff212dda63b:port:tcp:443	flow:9ff212dda63b → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b1078812f997c85:flow:9ade9c3210d2	SESSION-7b1078812f997c85 → flow:9ade9c3210d2
FLOW_FROM_HOSTOBS	e:from:SESSION-dd8a89b380cdaceb:host:177.10.236.116	SESSION-dd8a89b380cdaceb → host:177.10.236.116
flow_observed5-aryOBS	e:fo:flow:c1abf974bb89	flow:c1abf974bb89 → host:131.196.29.126 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-50e84f588759fadd:SESSION-50e84f588759fadd	SESSION-50e84f588759fadd → pe:tls:SESSION-50e84f588759fadd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b59030bd39741ab3:host:131.196.29.114	SESSION-b59030bd39741ab3 → host:131.196.29.114
FLOW_TO_HOSTOBS	e:to:SESSION-af315627d236ddd5:host:172.234.197.23	SESSION-af315627d236ddd5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d8d89328eefc28d4:host:131.196.28.198:host:172.234.197.23	SESSION-d8d89328eefc28d4 → host:131.196.28.198 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-99cedbc5d14c9ef2:host:131.196.28.125:host:172.234.197.23	SESSION-99cedbc5d14c9ef2 → host:131.196.28.125 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ca59b4a9ab5138ce:SESSION-ca59b4a9ab5138ce	SESSION-ca59b4a9ab5138ce → pe:syn:SESSION-ca59b4a9ab5138ce
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.93:asn:262880	host:177.10.237.93 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-409f2c106c7c54cc:PCAP:capture_20260430150001:ded20914761d	SESSION-409f2c106c7c54cc → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-c15ada1b10271eef:host:131.196.31.122	SESSION-c15ada1b10271eef → host:131.196.31.122
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0e6f218d3e359434:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0e6f218d3e359434 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:a4cb28579aef	flow:a4cb28579aef → host:172.234.197.23 → host:2.57.122.196 → port:tcp:54796
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4367b2e8a53d74f:flow:7c9b7348287d	SESSION-c4367b2e8a53d74f → flow:7c9b7348287d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d36b613f081e74cb:host:172.234.197.23	SESSION-d36b613f081e74cb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1af702d2aa4c9d9d:flow:f1fac0476f53	SESSION-1af702d2aa4c9d9d → flow:f1fac0476f53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-73c4b3cbea42a394:host:46.4.252.37:host:172.234.197.23	SESSION-73c4b3cbea42a394 → host:46.4.252.37 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-14a32c9f71c15657:SESSION-14a32c9f71c15657	SESSION-14a32c9f71c15657 → pe:syn:SESSION-14a32c9f71c15657
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-00d1a9c01c6924fe:SESSION-00d1a9c01c6924fe	SESSION-00d1a9c01c6924fe → pe:tls:SESSION-00d1a9c01c6924fe
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cca8cec112e53d8f:host:177.10.235.110:host:172.234.197.23	SESSION-cca8cec112e53d8f → host:177.10.235.110 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b6c8a80798fe:port:tcp:38514	flow:b6c8a80798fe → port:tcp:38514
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e91394d00b664372:host:177.10.234.232	SESSION-e91394d00b664372 → host:177.10.234.232
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a519ad2ae4c53179:host:177.10.233.76	SESSION-a519ad2ae4c53179 → host:177.10.233.76
FLOW_DST_PORTOBS	e:fp:flow:4b284c0fc595:port:tcp:443	flow:4b284c0fc595 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7a65c242582e5e81:SESSION-7a65c242582e5e81	SESSION-7a65c242582e5e81 → pe:tls:SESSION-7a65c242582e5e81
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e673f566483c0ed3:host:131.196.28.7	SESSION-e673f566483c0ed3 → host:131.196.28.7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.113:geo_-16.28860_-49.01640	host:177.10.237.113 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35561958c0468d3f:host:172.234.197.23	SESSION-35561958c0468d3f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4614700214209776:host:177.10.239.98	SESSION-4614700214209776 → host:177.10.239.98
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96ad3251c1ecb855:flow:f7553640b4c3	SESSION-96ad3251c1ecb855 → flow:f7553640b4c3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-72786bca04f1b5c7:host:131.196.30.12:host:172.234.197.23	SESSION-72786bca04f1b5c7 → host:131.196.30.12 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-dd5c7cb019cd55a3:host:177.10.238.46	SESSION-dd5c7cb019cd55a3 → host:177.10.238.46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d508940aefc84528:host:172.234.197.23	SESSION-d508940aefc84528 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5900a1534891:port:tcp:443	flow:5900a1534891 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02836b6eb824cc45:host:172.234.197.23	SESSION-02836b6eb824cc45 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-35ad9f030d1e8e6d:host:172.234.197.23	SESSION-35ad9f030d1e8e6d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1f6bbc079dc776bc:host:177.10.234.173	SESSION-1f6bbc079dc776bc → host:177.10.234.173
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-265a2f0fa666e936:PCAP:capture_20260430150001:ded20914761d	SESSION-265a2f0fa666e936 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c016235dacd88a4d:host:172.234.197.23	SESSION-c016235dacd88a4d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76b0da8a82e9902a:host:172.234.197.23	SESSION-76b0da8a82e9902a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.55:geo_-23.62930_-46.63510	host:131.196.30.55 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-57e20c08f6c0c2c9:SESSION-57e20c08f6c0c2c9	SESSION-57e20c08f6c0c2c9 → pe:syn:SESSION-57e20c08f6c0c2c9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2139588c74105d1b:flow:f4a2312294a2	SESSION-2139588c74105d1b → flow:f4a2312294a2
flow_observed5-aryOBS	e:fo:flow:f12f5320da02	flow:f12f5320da02 → host:31.40.196.235 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08463d47d249df1d:host:172.234.197.23	SESSION-08463d47d249df1d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a865531d109b7c1:host:172.234.197.23:host:131.196.28.168	SESSION-4a865531d109b7c1 → host:172.234.197.23 → host:131.196.28.168
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e09e8a3cbea3c18a:host:177.10.232.210	SESSION-e09e8a3cbea3c18a → host:177.10.232.210
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-96afec3035986aab:SESSION-96afec3035986aab	SESSION-96afec3035986aab → pe:rst:SESSION-96afec3035986aab
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a720c7dde0362052:flow:724cce6089de	SESSION-a720c7dde0362052 → flow:724cce6089de
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a60100c841341ace:host:37.27.162.26	SESSION-a60100c841341ace → host:37.27.162.26
FLOW_TO_HOSTOBS	e:to:SESSION-fc59b28fe233796a:host:172.234.197.23	SESSION-fc59b28fe233796a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f718f291e0c401d5:SESSION-f718f291e0c401d5	SESSION-f718f291e0c401d5 → pe:tls:SESSION-f718f291e0c401d5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8189545896e60c84:host:177.10.234.1	SESSION-8189545896e60c84 → host:177.10.234.1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35ad9f030d1e8e6d:host:172.234.197.23	SESSION-35ad9f030d1e8e6d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-566179d6a12d7e1c:host:172.234.197.23	SESSION-566179d6a12d7e1c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:953873827fa1	flow:953873827fa1 → host:177.10.233.197 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-082589f81acb7a8f:host:104.28.234.79	SESSION-082589f81acb7a8f → host:104.28.234.79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e0b8f15e6ec3ec0f:host:172.234.197.23	SESSION-e0b8f15e6ec3ec0f → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:104.28.234.78:geo_29.75390_-95.35900	host:104.28.234.78 → geo_29.75390_-95.35900
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c80fd68cbbc51442:host:177.10.236.157	SESSION-c80fd68cbbc51442 → host:177.10.236.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-777f9d135946568c:SESSION-777f9d135946568c	SESSION-777f9d135946568c → pe:syn:SESSION-777f9d135946568c
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.247:asn:273470	host:45.173.156.247 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6299cf50d0e2e558:host:177.10.238.126:host:172.234.197.23	SESSION-6299cf50d0e2e558 → host:177.10.238.126 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2f9ea4c8ad78eb8e:PCAP:capture_20260430090001:065659c7d314	SESSION-2f9ea4c8ad78eb8e → PCAP:capture_20260430090001:065659c7d314
flow_observed4-aryOBS	e:fo:flow:0e92b5d5b203	flow:0e92b5d5b203 → host:172.234.197.23 → host:131.196.29.152 → port:tcp:31728
FLOW_DST_PORTOBS	e:fp:flow:5d47d77cbd8d:port:tcp:49426	flow:5d47d77cbd8d → port:tcp:49426
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a604218ad277317:flow:ca5f31c630e0	SESSION-8a604218ad277317 → flow:ca5f31c630e0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-23f94e137932a031:PCAP:capture_20260430070001:903a0e7a436b	SESSION-23f94e137932a031 → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.7:asn:262880	host:177.10.236.7 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:a2e5567adfc2:port:tcp:443	flow:a2e5567adfc2 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e3944d5014504521:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-e3944d5014504521 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-88ff33eaa18cf09d:SESSION-88ff33eaa18cf09d	SESSION-88ff33eaa18cf09d → pe:syn:SESSION-88ff33eaa18cf09d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed610f5ec8b698f6:host:172.234.197.23	SESSION-ed610f5ec8b698f6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0eac9f1304ea	flow:0eac9f1304ea → host:124.198.131.220 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d0929735579c89e2:SESSION-d0929735579c89e2	SESSION-d0929735579c89e2 → pe:tls:SESSION-d0929735579c89e2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5eed95be9c1a7022:SESSION-5eed95be9c1a7022	SESSION-5eed95be9c1a7022 → pe:syn:SESSION-5eed95be9c1a7022
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-166e94983783f266:SESSION-166e94983783f266	SESSION-166e94983783f266 → pe:syn:SESSION-166e94983783f266
FLOW_TO_HOSTOBS	e:to:SESSION-195f8b2639df23c4:host:131.196.30.92	SESSION-195f8b2639df23c4 → host:131.196.30.92
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-91919daf8511716e:SESSION-91919daf8511716e	SESSION-91919daf8511716e → pe:syn:SESSION-91919daf8511716e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c155b50123efabb5:SESSION-c155b50123efabb5	SESSION-c155b50123efabb5 → pe:syn:SESSION-c155b50123efabb5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.255:geo_-16.28860_-49.01640	host:177.10.236.255 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.208:asn:203771	host:95.170.25.208 → asn:203771
FLOW_FROM_HOSTOBS	e:from:SESSION-054885aa6e2323da:host:131.196.30.5	SESSION-054885aa6e2323da → host:131.196.30.5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b654d700a53d4a94:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b654d700a53d4a94 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-a91fe9a6e775a606:host:177.10.232.32	SESSION-a91fe9a6e775a606 → host:177.10.232.32
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ddbd1238f020bf6b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ddbd1238f020bf6b → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-d2ec4538209fcf12:host:131.196.30.192	SESSION-d2ec4538209fcf12 → host:131.196.30.192
FLOW_TO_HOSTOBS	e:to:SESSION-c8d8e16e7f7cb138:host:177.10.237.147	SESSION-c8d8e16e7f7cb138 → host:177.10.237.147
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-985c12f522f7e9ff:flow:b64554ad3d41	SESSION-985c12f522f7e9ff → flow:b64554ad3d41
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-337cf74c19f2631e:host:172.234.197.23:host:131.196.31.142	SESSION-337cf74c19f2631e → host:172.234.197.23 → host:131.196.31.142
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d5390845b17c572:host:177.10.235.69:host:172.234.197.23	SESSION-1d5390845b17c572 → host:177.10.235.69 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2e615d118f3247e2:host:177.10.238.29	SESSION-2e615d118f3247e2 → host:177.10.238.29
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac0f4c4f1d3b1c15:host:172.234.197.23	SESSION-ac0f4c4f1d3b1c15 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-dd7be5606f48437f:host:131.196.29.140	SESSION-dd7be5606f48437f → host:131.196.29.140
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dc3f24e93e3e0fb3:SESSION-dc3f24e93e3e0fb3	SESSION-dc3f24e93e3e0fb3 → pe:syn:SESSION-dc3f24e93e3e0fb3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1a136c944084425c:host:131.196.30.75:host:172.234.197.23	SESSION-1a136c944084425c → host:131.196.30.75 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.91:geo_-23.62930_-46.63510	host:131.196.31.91 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-97c8a314f3fd1c5a:SESSION-97c8a314f3fd1c5a	SESSION-97c8a314f3fd1c5a → pe:tls:SESSION-97c8a314f3fd1c5a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fa8e5b00f80216f:host:177.10.237.1	SESSION-7fa8e5b00f80216f → host:177.10.237.1
flow_observed5-aryOBS	e:fo:flow:9cb6fb6a141a	flow:9cb6fb6a141a → host:177.10.237.54 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee2f1f025d37aa07:host:177.10.238.97	SESSION-ee2f1f025d37aa07 → host:177.10.238.97
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4bcb34449111b6ae:SESSION-4bcb34449111b6ae	SESSION-4bcb34449111b6ae → pe:tls:SESSION-4bcb34449111b6ae
FLOW_FROM_HOSTOBS	e:from:SESSION-e1a13f968b47fc9d:host:172.234.197.23	SESSION-e1a13f968b47fc9d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-749084d26a1fdfcc:host:172.234.197.23	SESSION-749084d26a1fdfcc → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.199:geo_-16.28860_-49.01640	host:177.10.233.199 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be5c05381a363417:flow:affc50b0b638	SESSION-be5c05381a363417 → flow:affc50b0b638
FLOW_FROM_HOSTOBS	e:from:SESSION-0e1f57d75854220c:host:172.234.197.23	SESSION-0e1f57d75854220c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb7db2afd613f778:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cb7db2afd613f778 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7f008aa22e7b680c:SESSION-7f008aa22e7b680c	SESSION-7f008aa22e7b680c → pe:tls:SESSION-7f008aa22e7b680c
FLOW_DST_PORTOBS	e:fp:flow:3bfc067919a3:port:tcp:443	flow:3bfc067919a3 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4c33b44718448cc2:PCAP:capture_20260430110001:43611bdf6759	SESSION-4c33b44718448cc2 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-24bd61df75bf4426:flow:dbef17f7c5ef	SESSION-24bd61df75bf4426 → flow:dbef17f7c5ef
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-86086a72c76b1135:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-86086a72c76b1135 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-50e84f588759fadd:host:131.196.31.48	SESSION-50e84f588759fadd → host:131.196.31.48
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6242cf24a2978d6d:host:172.234.197.23	SESSION-6242cf24a2978d6d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fb9800c0b594ef9b:SESSION-fb9800c0b594ef9b	SESSION-fb9800c0b594ef9b → pe:syn:SESSION-fb9800c0b594ef9b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ee088f254667f6a:SESSION-6ee088f254667f6a	SESSION-6ee088f254667f6a → pe:tls:SESSION-6ee088f254667f6a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9574d05ba0801a5:host:95.170.25.192	SESSION-b9574d05ba0801a5 → host:95.170.25.192
FLOW_TO_HOSTOBS	e:to:SESSION-1ac55ff303c5de83:host:172.234.197.23	SESSION-1ac55ff303c5de83 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5f07a2dad0dfb354:host:177.10.235.43:host:172.234.197.23	SESSION-5f07a2dad0dfb354 → host:177.10.235.43 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9db977289667177f:host:177.10.234.96	SESSION-9db977289667177f → host:177.10.234.96
FLOW_DST_PORTOBS	e:fp:flow:b64d5290bb69:port:tcp:443	flow:b64d5290bb69 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1440a3c9b30a4056:host:177.10.232.84:host:172.234.197.23	SESSION-1440a3c9b30a4056 → host:177.10.232.84 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-586aad203217304c:host:45.173.156.41	SESSION-586aad203217304c → host:45.173.156.41
FLOW_TLS_SNIOBS	e:fs:flow:543bc6e6886f:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:543bc6e6886f → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6752f583f7e09519:SESSION-6752f583f7e09519	SESSION-6752f583f7e09519 → pe:syn:SESSION-6752f583f7e09519
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8366f626d6b88fcf:host:177.10.234.91	SESSION-8366f626d6b88fcf → host:177.10.234.91
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9ec3678e1070a7a4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9ec3678e1070a7a4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-136fe1663b76b4f2:host:172.234.197.23	SESSION-136fe1663b76b4f2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b881757616a2:port:tcp:21719	flow:b881757616a2 → port:tcp:21719
flow_observed4-aryOBS	e:fo:flow:f7769727a135	flow:f7769727a135 → host:172.234.197.23 → host:177.10.239.51 → port:tcp:20710
FLOW_TO_HOSTOBS	e:to:SESSION-d8938c8d43c3c288:host:172.234.197.23	SESSION-d8938c8d43c3c288 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8228d3bdb62e:port:tcp:48581	flow:8228d3bdb62e → port:tcp:48581
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51de65c9ef505a13:flow:d5bb80ec7e3d	SESSION-51de65c9ef505a13 → flow:d5bb80ec7e3d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d6c09b181dae043f:PCAP:capture_20260430120001:56630107de80	SESSION-d6c09b181dae043f → PCAP:capture_20260430120001:56630107de80
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-b34520b38e3fc963:BSG-BEACON-08f229190f12	SESSION-b34520b38e3fc963 → BSG-BEACON-08f229190f12
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e035a13399d76ad4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e035a13399d76ad4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cac7b08c7fb71f18:flow:cc59150a6666	SESSION-cac7b08c7fb71f18 → flow:cc59150a6666
FLOW_FROM_HOSTOBS	e:from:SESSION-edf23c7505754934:host:172.234.197.23	SESSION-edf23c7505754934 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.97:asn:262880	host:177.10.239.97 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-122d3bc093be76f2:host:172.234.197.23	SESSION-122d3bc093be76f2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:268f82879bdd:port:tcp:443	flow:268f82879bdd → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72e57a99703d053d:host:177.10.239.37	SESSION-72e57a99703d053d → host:177.10.239.37
FLOW_FROM_HOSTOBS	e:from:SESSION-1a136c944084425c:host:131.196.30.75	SESSION-1a136c944084425c → host:131.196.30.75
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dbe0692b3b05f921:PCAP:capture_20260430070001:903a0e7a436b	SESSION-dbe0692b3b05f921 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5c7330336192768:SESSION-b5c7330336192768	SESSION-b5c7330336192768 → pe:tls:SESSION-b5c7330336192768
FLOW_FROM_HOSTOBS	e:from:SESSION-6ac21eed532c969e:host:16.60.106.214	SESSION-6ac21eed532c969e → host:16.60.106.214
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.13:asn:262880	host:177.10.233.13 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.139:asn:262880	host:177.10.236.139 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-077a58eb2518fab4:host:177.10.232.253	SESSION-077a58eb2518fab4 → host:177.10.232.253
flow_observed5-aryOBS	e:fo:flow:67e491a55fdc	flow:67e491a55fdc → host:177.10.237.80 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2faf2af9b390693e:host:69.222.187.134:host:172.234.197.23	SESSION-2faf2af9b390693e → host:69.222.187.134 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ee36310db765ff6:host:131.196.31.220	SESSION-2ee36310db765ff6 → host:131.196.31.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b00e597f7260eb50:SESSION-b00e597f7260eb50	SESSION-b00e597f7260eb50 → pe:tls:SESSION-b00e597f7260eb50
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0667f103db24cb40:host:177.10.233.135	SESSION-0667f103db24cb40 → host:177.10.233.135
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6492f21e062d19aa:flow:7a38503de520	SESSION-6492f21e062d19aa → flow:7a38503de520
FLOW_TO_HOSTOBS	e:to:SESSION-f3b2b5737f36d7ec:host:172.234.197.23	SESSION-f3b2b5737f36d7ec → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-21bd08fb36aa18e9:host:131.196.30.28:host:172.234.197.23	SESSION-21bd08fb36aa18e9 → host:131.196.30.28 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a7af680f1e31:port:tcp:443	flow:a7af680f1e31 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-93c7fae83342c58e:host:172.234.197.23	SESSION-93c7fae83342c58e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ff0c6bdae7c0fa78:host:177.10.235.152	SESSION-ff0c6bdae7c0fa78 → host:177.10.235.152
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7536a33faff5a95d:host:177.10.235.168	SESSION-7536a33faff5a95d → host:177.10.235.168
FLOW_TO_HOSTOBS	e:to:SESSION-2c18145c92d838e0:host:172.234.197.23	SESSION-2c18145c92d838e0 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:32d0af406053	flow:32d0af406053 → host:5.182.209.49 → host:172.234.197.23 → port:tcp:23
FLOW_DST_PORTOBS	e:fp:flow:d1db3a0fefad:port:tcp:443	flow:d1db3a0fefad → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b197d648fac856a7:PCAP:capture_20260430110001:43611bdf6759	SESSION-b197d648fac856a7 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:389266da0192	flow:389266da0192 → host:131.196.29.170 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-520789f72dcf866a:flow:aabc1306386d	SESSION-520789f72dcf866a → flow:aabc1306386d
FLOW_TO_HOSTOBS	e:to:SESSION-f6c732897c2ca80c:host:172.234.197.23	SESSION-f6c732897c2ca80c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-83267dedfd50dbe7:SESSION-83267dedfd50dbe7	SESSION-83267dedfd50dbe7 → pe:tls:SESSION-83267dedfd50dbe7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-87ea4b729b5b64e3:SESSION-87ea4b729b5b64e3	SESSION-87ea4b729b5b64e3 → pe:tls:SESSION-87ea4b729b5b64e3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-367825c4b1c7c6d4:SESSION-367825c4b1c7c6d4	SESSION-367825c4b1c7c6d4 → pe:syn:SESSION-367825c4b1c7c6d4
flow_observed4-aryOBS	e:fo:flow:7ee8a4dda8e6	flow:7ee8a4dda8e6 → host:172.234.197.23 → host:177.10.238.87 → port:tcp:23593
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-879f882e46cb6c3f:host:131.196.28.141	SESSION-879f882e46cb6c3f → host:131.196.28.141
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-295c5f4e2a8126b8:host:172.234.197.23	SESSION-295c5f4e2a8126b8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d11580ecaeb7d77b:host:177.10.232.191:host:172.234.197.23	SESSION-d11580ecaeb7d77b → host:177.10.232.191 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3839adbba9942939:host:172.234.197.23	SESSION-3839adbba9942939 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:15b5b8684d8f	flow:15b5b8684d8f → host:131.196.30.70 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-bf9e0725ec95e307:host:172.234.197.23	SESSION-bf9e0725ec95e307 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-333a850c89106bc0:host:177.10.237.70	SESSION-333a850c89106bc0 → host:177.10.237.70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d9ece39eb531c8b:host:177.10.237.19	SESSION-1d9ece39eb531c8b → host:177.10.237.19
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4b8f135d82b00569:host:177.10.238.239:host:172.234.197.23	SESSION-4b8f135d82b00569 → host:177.10.238.239 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9f9972302e9230d9:host:45.173.156.163	SESSION-9f9972302e9230d9 → host:45.173.156.163
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-64913b40dfec355f:SESSION-64913b40dfec355f	SESSION-64913b40dfec355f → pe:tls:SESSION-64913b40dfec355f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-67e118b3ac1b9481:flow:53c657412e92	SESSION-67e118b3ac1b9481 → flow:53c657412e92
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-29fae5326f4697b4:SESSION-29fae5326f4697b4	SESSION-29fae5326f4697b4 → pe:syn:SESSION-29fae5326f4697b4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7eb43af6b38a5d78:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7eb43af6b38a5d78 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e40cfbe40dbbe2d2:host:172.234.197.23	SESSION-e40cfbe40dbbe2d2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ef9a5d8a17e479b:host:172.234.197.23:host:177.10.238.1	SESSION-8ef9a5d8a17e479b → host:172.234.197.23 → host:177.10.238.1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3db1c42fb505a2f9:host:177.10.234.184	SESSION-3db1c42fb505a2f9 → host:177.10.234.184
flow_observed5-aryOBS	e:fo:flow:bf0d984d5e42	flow:bf0d984d5e42 → host:177.10.233.253 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d862dda647c7051:host:44.248.141.231	SESSION-1d862dda647c7051 → host:44.248.141.231
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9a539c485f657b5:host:177.10.239.20	SESSION-d9a539c485f657b5 → host:177.10.239.20
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2490746063a947f9:SESSION-2490746063a947f9	SESSION-2490746063a947f9 → pe:syn:SESSION-2490746063a947f9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-17e71ce1458770d6:SESSION-17e71ce1458770d6	SESSION-17e71ce1458770d6 → pe:syn:SESSION-17e71ce1458770d6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1eb19142561b47ba:PCAP:capture_20260430150001:ded20914761d	SESSION-1eb19142561b47ba → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.111:asn:273470	host:45.173.156.111 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a1628bbd64c13f5a:host:131.196.28.235:host:172.234.197.23	SESSION-a1628bbd64c13f5a → host:131.196.28.235 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-805fb07d7b5cb44b:host:177.10.235.218:host:172.234.197.23	SESSION-805fb07d7b5cb44b → host:177.10.235.218 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0e52442a00447444:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0e52442a00447444 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4b1f95fcf0f122c7:SESSION-4b1f95fcf0f122c7	SESSION-4b1f95fcf0f122c7 → pe:tls:SESSION-4b1f95fcf0f122c7
FLOW_TO_HOSTOBS	e:to:SESSION-6a66cf91ad155464:host:172.234.197.23	SESSION-6a66cf91ad155464 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c7635cd052466cdd:SESSION-c7635cd052466cdd	SESSION-c7635cd052466cdd → pe:tls:SESSION-c7635cd052466cdd
FLOW_DST_PORTOBS	e:fp:flow:f900942fa998:port:tcp:65341	flow:f900942fa998 → port:tcp:65341
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb6cea4441256ebd:SESSION-cb6cea4441256ebd	SESSION-cb6cea4441256ebd → pe:tls:SESSION-cb6cea4441256ebd
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f4e3933219f15471:flow:f6aafd0bf44a	SESSION-f4e3933219f15471 → flow:f6aafd0bf44a
flow_observed5-aryOBS	e:fo:flow:12402f5ea0e3	flow:12402f5ea0e3 → host:131.196.28.242 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f1de6d316dd7305f:SESSION-f1de6d316dd7305f	SESSION-f1de6d316dd7305f → pe:syn:SESSION-f1de6d316dd7305f
flow_observed5-aryOBS	e:fo:flow:6c01e54b2136	flow:6c01e54b2136 → host:131.196.31.126 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.28:asn:262880	host:177.10.237.28 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0709d76f76f731c:host:172.234.197.23	SESSION-c0709d76f76f731c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-931a0ea4dc7054bf:SESSION-931a0ea4dc7054bf	SESSION-931a0ea4dc7054bf → pe:syn:SESSION-931a0ea4dc7054bf
flow_observed5-aryOBS	e:fo:flow:1be9a91b56b4	flow:1be9a91b56b4 → host:177.10.239.221 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:e5e33f836a64	flow:e5e33f836a64 → host:177.10.238.185 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56e8cb1a5e296d06:host:177.10.237.144	SESSION-56e8cb1a5e296d06 → host:177.10.237.144
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6c4ed0368ffe58f8:SESSION-6c4ed0368ffe58f8	SESSION-6c4ed0368ffe58f8 → pe:tls:SESSION-6c4ed0368ffe58f8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1fa31db6279a0e7c:PCAP:capture_20260430150001:ded20914761d	SESSION-1fa31db6279a0e7c → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1350be77996fff9b:SESSION-1350be77996fff9b	SESSION-1350be77996fff9b → pe:tls:SESSION-1350be77996fff9b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc55eac4fb6ef554:SESSION-cc55eac4fb6ef554	SESSION-cc55eac4fb6ef554 → pe:syn:SESSION-cc55eac4fb6ef554
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f9ea4c8ad78eb8e:host:172.234.197.23	SESSION-2f9ea4c8ad78eb8e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5ad7ae70426d3354:host:172.234.197.23	SESSION-5ad7ae70426d3354 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:dd602e0f6666	flow:dd602e0f6666 → host:172.234.197.23 → host:177.10.235.125 → port:tcp:5353
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a1e631f6e627b67d:flow:ff13f598515d	SESSION-a1e631f6e627b67d → flow:ff13f598515d
FLOW_TO_HOSTOBS	e:to:SESSION-5adf4423481534a6:host:45.173.156.93	SESSION-5adf4423481534a6 → host:45.173.156.93
FLOW_TO_HOSTOBS	e:to:SESSION-728f64f1954defae:host:177.10.239.239	SESSION-728f64f1954defae → host:177.10.239.239
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e0550020c1215cf:host:172.234.197.23	SESSION-1e0550020c1215cf → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-4235901c81cb167b:BSG-BEACON-e07f4250263f	SESSION-4235901c81cb167b → BSG-BEACON-e07f4250263f
flow_observed4-aryOBS	e:fo:flow:72d16f1d2a93	flow:72d16f1d2a93 → host:172.234.197.23 → host:177.10.238.187 → port:tcp:21927
FLOW_FROM_HOSTOBS	e:from:SESSION-e7caeaef261aefc4:host:177.10.238.187	SESSION-e7caeaef261aefc4 → host:177.10.238.187
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc308b17bca42662:host:172.234.197.23	SESSION-bc308b17bca42662 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0d9e3720b73bcaea:host:172.234.197.23	SESSION-0d9e3720b73bcaea → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3767fab91283496e:host:177.10.232.143	SESSION-3767fab91283496e → host:177.10.232.143
FLOW_TO_HOSTOBS	e:to:SESSION-149428cb73969f2b:host:172.234.197.23	SESSION-149428cb73969f2b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d0cd9b8959e0e89e:host:45.173.156.188:host:172.234.197.23	SESSION-d0cd9b8959e0e89e → host:45.173.156.188 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2289078120ff48cc:host:172.234.197.23	SESSION-2289078120ff48cc → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:395d02a06476:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:395d02a06476 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-85172baad8a91878:host:172.234.197.23	SESSION-85172baad8a91878 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bee41282d03c4eb5:host:177.10.232.151	SESSION-bee41282d03c4eb5 → host:177.10.232.151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2e615d118f3247e2:SESSION-2e615d118f3247e2	SESSION-2e615d118f3247e2 → pe:syn:SESSION-2e615d118f3247e2
FLOW_DST_PORTOBS	e:fp:flow:50892e912e82:port:tcp:58086	flow:50892e912e82 → port:tcp:58086
FLOW_FROM_HOSTOBS	e:from:SESSION-a6b762e1d0d174fb:host:131.196.30.69	SESSION-a6b762e1d0d174fb → host:131.196.30.69
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-484d7e89f92d0359:flow:16f299dc4ccd	SESSION-484d7e89f92d0359 → flow:16f299dc4ccd
FLOW_DST_PORTOBS	e:fp:flow:90b77d1a7adb:port:tcp:443	flow:90b77d1a7adb → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-75d6129ea0f7ecdc:SESSION-75d6129ea0f7ecdc	SESSION-75d6129ea0f7ecdc → pe:syn:SESSION-75d6129ea0f7ecdc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b23254615c6167a0:SESSION-b23254615c6167a0	SESSION-b23254615c6167a0 → pe:tls:SESSION-b23254615c6167a0
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.3:asn:262880	host:177.10.234.3 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-36abdcc0889b5aa2:host:177.10.237.220	SESSION-36abdcc0889b5aa2 → host:177.10.237.220
FLOW_TO_HOSTOBS	e:to:SESSION-1c0e460ce34915ff:host:131.196.28.231	SESSION-1c0e460ce34915ff → host:131.196.28.231
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e45220a51eb759d9:host:172.234.197.23:host:177.10.238.10	SESSION-e45220a51eb759d9 → host:172.234.197.23 → host:177.10.238.10
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.45:asn:262880	host:177.10.239.45 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.142:asn:271410	host:131.196.30.142 → asn:271410
flow_observed4-aryOBS	e:fo:flow:074ed309c4d9	flow:074ed309c4d9 → host:172.234.197.23 → host:177.10.232.226 → port:tcp:31614
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-352588f71ded414b:host:172.234.197.23	SESSION-352588f71ded414b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-53d75396bd30ce89:flow:4c51681b834b	SESSION-53d75396bd30ce89 → flow:4c51681b834b
FLOW_FROM_HOSTOBS	e:from:SESSION-5252ca05229eda25:host:177.10.238.211	SESSION-5252ca05229eda25 → host:177.10.238.211
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41c82fa43395463b:host:172.234.197.23	SESSION-41c82fa43395463b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-309223c775254000:PCAP:capture_20260430050001:8868731bf8a4	SESSION-309223c775254000 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6d6666ae3e8c32da:PCAP:capture_20260430090001:065659c7d314	SESSION-6d6666ae3e8c32da → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:aefa52022610:port:tcp:443	flow:aefa52022610 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a214ec19ba198e7:host:177.10.233.191	SESSION-6a214ec19ba198e7 → host:177.10.233.191
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.218:asn:262880	host:177.10.238.218 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0cf49defbe006f77:flow:1254a28c0960	SESSION-0cf49defbe006f77 → flow:1254a28c0960
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc41b76983738bc7:host:172.234.197.23	SESSION-cc41b76983738bc7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f86e42aef9b2f482:SESSION-f86e42aef9b2f482	SESSION-f86e42aef9b2f482 → pe:tls:SESSION-f86e42aef9b2f482
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-276035998be5d0c6:SESSION-276035998be5d0c6	SESSION-276035998be5d0c6 → pe:tls:SESSION-276035998be5d0c6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b8f12ada0f88f122:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b8f12ada0f88f122 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:c2108f1fcccc:port:tcp:45520	flow:c2108f1fcccc → port:tcp:45520
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7fb420f75ffa7d0f:flow:704a2ea51294	SESSION-7fb420f75ffa7d0f → flow:704a2ea51294
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ceaf5a04e9815b11:host:172.234.197.23	SESSION-ceaf5a04e9815b11 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-92922842b80104c6:host:177.10.232.37:host:172.234.197.23	SESSION-92922842b80104c6 → host:177.10.232.37 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d54bd183a716274c:host:177.10.239.226	SESSION-d54bd183a716274c → host:177.10.239.226
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a60794a5b314271e:host:172.234.197.23	SESSION-a60794a5b314271e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6a5c452abdbb	flow:6a5c452abdbb → host:177.10.238.71 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aaa8cebb6aaa8760:SESSION-aaa8cebb6aaa8760	SESSION-aaa8cebb6aaa8760 → pe:tls:SESSION-aaa8cebb6aaa8760
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6229e1e1c7b389d0:host:172.234.197.23	SESSION-6229e1e1c7b389d0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-33fcdd018bdc1a2c:host:177.10.233.29	SESSION-33fcdd018bdc1a2c → host:177.10.233.29
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-026fe63fd4f2486a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-026fe63fd4f2486a → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-52e63b8cb0c4a7de:flow:aeca5c8fc99c	SESSION-52e63b8cb0c4a7de → flow:aeca5c8fc99c
FLOW_FROM_HOSTOBS	e:from:SESSION-f302c09f7d22a8d1:host:177.10.236.63	SESSION-f302c09f7d22a8d1 → host:177.10.236.63
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b3c5b9cd096d7e31:SESSION-b3c5b9cd096d7e31	SESSION-b3c5b9cd096d7e31 → pe:syn:SESSION-b3c5b9cd096d7e31
FLOW_FROM_HOSTOBS	e:from:SESSION-da61b01cc679b249:host:131.196.30.213	SESSION-da61b01cc679b249 → host:131.196.30.213
flow_observed5-aryOBS	e:fo:flow:ab409ffcce8b	flow:ab409ffcce8b → host:177.10.232.2 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-57ceaaaea8de5082:PCAP:capture_20260430160001:9bfa4498506a	SESSION-57ceaaaea8de5082 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3407d813acebc00f:SESSION-3407d813acebc00f	SESSION-3407d813acebc00f → pe:tls:SESSION-3407d813acebc00f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5257ce7e592379ae:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-5257ce7e592379ae → PCAP:capture_20260427220001:43a3d6220bc6
FLOW_QUERIED_DNSOBS	e:fd:flow:ffb55f14ed31:dns:172-234-197-23.ip.linodeusercontent.com	flow:ffb55f14ed31 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ab61e60544120f5:SESSION-8ab61e60544120f5	SESSION-8ab61e60544120f5 → pe:syn:SESSION-8ab61e60544120f5
FLOW_TO_HOSTOBS	e:to:SESSION-4fd5cc70e8cf2108:host:172.234.197.23	SESSION-4fd5cc70e8cf2108 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f02a050799431d6e:PCAP:capture_20260430090001:065659c7d314	SESSION-f02a050799431d6e → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37617ebce6c7f9ac:host:172.234.197.23:host:177.10.234.44	SESSION-37617ebce6c7f9ac → host:172.234.197.23 → host:177.10.234.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-38231883b4033aa4:SESSION-38231883b4033aa4	SESSION-38231883b4033aa4 → pe:tls:SESSION-38231883b4033aa4
FLOW_DST_PORTOBS	e:fp:flow:79a04c011df2:port:tcp:443	flow:79a04c011df2 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ed37df036f91c955:SESSION-ed37df036f91c955	SESSION-ed37df036f91c955 → pe:tls:SESSION-ed37df036f91c955
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7c9a5d15324e2ea:host:172.234.197.23	SESSION-c7c9a5d15324e2ea → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d1075bb458d3b18a:SESSION-d1075bb458d3b18a	SESSION-d1075bb458d3b18a → pe:tls:SESSION-d1075bb458d3b18a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.249:geo_-16.28860_-49.01640	host:177.10.233.249 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ef7241157e60b5c0:SESSION-ef7241157e60b5c0	SESSION-ef7241157e60b5c0 → pe:syn:SESSION-ef7241157e60b5c0
flow_observed5-aryOBS	e:fo:flow:0479cebeee52	flow:0479cebeee52 → host:177.10.238.120 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-42b603b0c5709a24:host:177.10.237.93:host:172.234.197.23	SESSION-42b603b0c5709a24 → host:177.10.237.93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6411f10800cf3ef5:host:172.234.197.23	SESSION-6411f10800cf3ef5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1c2ad46b7d62:port:tcp:50787	flow:1c2ad46b7d62 → port:tcp:50787
flow_observed5-aryOBS	e:fo:flow:fd28f4299f57	flow:fd28f4299f57 → host:131.196.29.93 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-88a21eebc91cc549:host:45.173.156.244	SESSION-88a21eebc91cc549 → host:45.173.156.244
FLOW_TO_HOSTOBS	e:to:SESSION-1995c5dc0203e07b:host:172.234.197.23	SESSION-1995c5dc0203e07b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f2f14bb2a06741aa:SESSION-f2f14bb2a06741aa	SESSION-f2f14bb2a06741aa → pe:tls:SESSION-f2f14bb2a06741aa
FLOW_DST_PORTOBS	e:fp:flow:7ee73ad39b9d:port:tcp:443	flow:7ee73ad39b9d → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:4ca6b5fbbb83:port:tcp:443	flow:4ca6b5fbbb83 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6806cb851ed3b70:host:45.173.156.220	SESSION-b6806cb851ed3b70 → host:45.173.156.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ca819812f7c370c2:SESSION-ca819812f7c370c2	SESSION-ca819812f7c370c2 → pe:syn:SESSION-ca819812f7c370c2
flow_observed5-aryOBS	e:fo:flow:0b10262f1f04	flow:0b10262f1f04 → host:131.196.31.151 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:fe447701d1cd:port:tcp:34149	flow:fe447701d1cd → port:tcp:34149
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cf85e37468f1ff86:SESSION-cf85e37468f1ff86	SESSION-cf85e37468f1ff86 → pe:tls:SESSION-cf85e37468f1ff86
FLOW_TO_HOSTOBS	e:to:SESSION-926b7babcf98185f:host:131.196.31.150	SESSION-926b7babcf98185f → host:131.196.31.150
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-28d2d0e8afd37453:SESSION-28d2d0e8afd37453	SESSION-28d2d0e8afd37453 → pe:tls:SESSION-28d2d0e8afd37453
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.208:asn:271410	host:131.196.29.208 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57e20c08f6c0c2c9:host:172.234.197.23	SESSION-57e20c08f6c0c2c9 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:33ecf83e0368:port:tcp:443	flow:33ecf83e0368 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-e1e1ef170279bd06:host:172.232.0.16	SESSION-e1e1ef170279bd06 → host:172.232.0.16
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.215:geo_-21.10010_-41.69200	host:45.173.156.215 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-22ef7e58c288a4dd:host:177.10.235.171:host:172.234.197.23	SESSION-22ef7e58c288a4dd → host:177.10.235.171 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-41c82fa43395463b:SESSION-41c82fa43395463b	SESSION-41c82fa43395463b → pe:syn:SESSION-41c82fa43395463b
FLOW_TO_HOSTOBS	e:to:SESSION-57e647fa0cdcfe5a:host:172.234.197.23	SESSION-57e647fa0cdcfe5a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d43da16ef3276f9b:host:172.234.197.23:host:177.10.236.239	SESSION-d43da16ef3276f9b → host:172.234.197.23 → host:177.10.236.239
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5cf2fdb6c848ac6c:SESSION-5cf2fdb6c848ac6c	SESSION-5cf2fdb6c848ac6c → pe:tls:SESSION-5cf2fdb6c848ac6c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.106:geo_-23.62930_-46.63510	host:131.196.30.106 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f55570dc615df23a:flow:4a07a3724199	SESSION-f55570dc615df23a → flow:4a07a3724199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4e7d8d3f995a1a9:host:172.234.197.23	SESSION-b4e7d8d3f995a1a9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2acb7632e6c37a6f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2acb7632e6c37a6f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:f40ed084376e:port:tcp:25993	flow:f40ed084376e → port:tcp:25993
FLOW_TLS_SNIOBS	e:fs:flow:5434ce9d30fa:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:5434ce9d30fa → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cfb2466cf35b5342:host:177.10.232.35	SESSION-cfb2466cf35b5342 → host:177.10.232.35
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.232:geo_-23.62930_-46.63510	host:131.196.29.232 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a418060e7d2d204b:host:177.10.235.140:host:172.234.197.23	SESSION-a418060e7d2d204b → host:177.10.235.140 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.6:geo_-23.62930_-46.63510	host:131.196.28.6 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-86afdd078b90270f:SESSION-86afdd078b90270f	SESSION-86afdd078b90270f → pe:tls:SESSION-86afdd078b90270f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fcd4658ed0002284:flow:b7226f297fb9	SESSION-fcd4658ed0002284 → flow:b7226f297fb9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a88f0b19d496a689:host:131.196.30.140:host:172.234.197.23	SESSION-a88f0b19d496a689 → host:131.196.30.140 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.153:asn:262880	host:177.10.239.153 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-6a10e6ba939684b8:host:131.196.31.180	SESSION-6a10e6ba939684b8 → host:131.196.31.180
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.247:asn:262880	host:177.10.239.247 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2c4d285e0a09c2a4:host:172.234.197.23:host:177.10.232.168	SESSION-2c4d285e0a09c2a4 → host:172.234.197.23 → host:177.10.232.168
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65c1debe675497c7:host:45.173.156.3	SESSION-65c1debe675497c7 → host:45.173.156.3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.28:geo_-16.28860_-49.01640	host:177.10.238.28 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.37:asn:262880	host:177.10.236.37 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-5f147f2227c6d965:host:172.234.197.23	SESSION-5f147f2227c6d965 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-86afdd078b90270f:host:131.196.30.222	SESSION-86afdd078b90270f → host:131.196.30.222
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-69c66b3db447dca1:PCAP:capture_20260430050001:8868731bf8a4	SESSION-69c66b3db447dca1 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8624692ea119f1f3:host:177.10.238.226	SESSION-8624692ea119f1f3 → host:177.10.238.226
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2df5a0c07309bf07:PCAP:capture_20260430070001:903a0e7a436b	SESSION-2df5a0c07309bf07 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c31bc4788e97db71:flow:dac3528f23e4	SESSION-c31bc4788e97db71 → flow:dac3528f23e4
FLOW_TO_HOSTOBS	e:to:SESSION-fd573746c1e36a64:host:172.234.197.23	SESSION-fd573746c1e36a64 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:8e573b3684b6	flow:8e573b3684b6 → host:172.234.197.23 → host:64.237.250.51 → port:tcp:3185
FLOW_DST_PORTOBS	e:fp:flow:da6a789b8ed7:port:tcp:443	flow:da6a789b8ed7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-89ddb9a3043f63a3:SESSION-89ddb9a3043f63a3	SESSION-89ddb9a3043f63a3 → pe:syn:SESSION-89ddb9a3043f63a3
FLOW_DST_PORTOBS	e:fp:flow:28a2bdc6445d:port:tcp:11169	flow:28a2bdc6445d → port:tcp:11169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8b71ac0dda5d9d9:host:177.10.234.126	SESSION-e8b71ac0dda5d9d9 → host:177.10.234.126
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.70:geo_-16.28860_-49.01640	host:177.10.236.70 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-e3fba4062f618c50:host:172.234.197.23	SESSION-e3fba4062f618c50 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9a6aeb664ff97dbd:host:177.10.237.203:host:172.234.197.23	SESSION-9a6aeb664ff97dbd → host:177.10.237.203 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65fda4a5b580780a:host:177.10.239.139	SESSION-65fda4a5b580780a → host:177.10.239.139
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-699c907c7ac66403:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-699c907c7ac66403 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:11ee47bc8fde:port:tcp:60594	flow:11ee47bc8fde → port:tcp:60594
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-08b271f63f4ccc89:host:177.10.238.49:host:172.234.197.23	SESSION-08b271f63f4ccc89 → host:177.10.238.49 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-93be623985b95b7d:host:177.10.238.156:host:172.234.197.23	SESSION-93be623985b95b7d → host:177.10.238.156 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:81dfa4a594a6:port:tcp:443	flow:81dfa4a594a6 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:264b0ddf9e69	flow:264b0ddf9e69 → host:172.234.197.23 → host:131.196.31.73 → port:tcp:42118
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4bda9924d3f6d619:SESSION-4bda9924d3f6d619	SESSION-4bda9924d3f6d619 → pe:syn:SESSION-4bda9924d3f6d619
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a1cda6283fa3945:flow:7e6cf50ce9e4	SESSION-4a1cda6283fa3945 → flow:7e6cf50ce9e4
flow_observed5-aryOBS	e:fo:flow:15c9711f86b0	flow:15c9711f86b0 → host:177.10.233.146 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96f4af5cf9f3425a:PCAP:capture_20260430150001:ded20914761d	SESSION-96f4af5cf9f3425a → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4437969c398261c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c4437969c398261c → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0b02fe311e9b10a6:SESSION-0b02fe311e9b10a6	SESSION-0b02fe311e9b10a6 → pe:tls:SESSION-0b02fe311e9b10a6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f11cda502f952e41:host:172.234.197.23	SESSION-f11cda502f952e41 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:3c5f6476626b	flow:3c5f6476626b → host:172.234.197.23 → host:177.10.232.72 → port:tcp:64663
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d3ff3dcf229051b:host:172.234.197.23	SESSION-2d3ff3dcf229051b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bc2ea3f70e7bccaf:SESSION-bc2ea3f70e7bccaf	SESSION-bc2ea3f70e7bccaf → pe:tls:SESSION-bc2ea3f70e7bccaf
FLOW_TO_HOSTOBS	e:to:SESSION-1af702d2aa4c9d9d:host:172.234.197.23	SESSION-1af702d2aa4c9d9d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:46897113187f:port:tcp:443	flow:46897113187f → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dd2928203fc01c8b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-dd2928203fc01c8b → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-879f882e46cb6c3f:host:131.196.28.141	SESSION-879f882e46cb6c3f → host:131.196.28.141
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0c9a0f035acc4428:PCAP:capture_20260430160001:9bfa4498506a	SESSION-0c9a0f035acc4428 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a66568eff025692:host:177.10.236.62	SESSION-6a66568eff025692 → host:177.10.236.62
flow_observed5-aryOBS	e:fo:flow:be9255afc4b4	flow:be9255afc4b4 → host:131.196.31.73 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f8e250b2be37e497:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f8e250b2be37e497 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1bb46c5efd0c0159:flow:ef6fcd3714b8	SESSION-1bb46c5efd0c0159 → flow:ef6fcd3714b8
FLOW_TO_HOSTOBS	e:to:SESSION-d290f0be98eecddb:host:177.10.238.56	SESSION-d290f0be98eecddb → host:177.10.238.56
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c184642b13b6de27:PCAP:capture_20260430060001:919b39a74464	SESSION-c184642b13b6de27 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-991550775dcb0266:host:172.234.197.23	SESSION-991550775dcb0266 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d3eca13f5e50de63:SESSION-d3eca13f5e50de63	SESSION-d3eca13f5e50de63 → pe:syn:SESSION-d3eca13f5e50de63
FLOW_DST_PORTOBS	e:fp:flow:33bd4768ba4e:port:tcp:55230	flow:33bd4768ba4e → port:tcp:55230
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc0003e096ddb203:host:131.196.31.34:host:172.234.197.23	SESSION-cc0003e096ddb203 → host:131.196.31.34 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4992d20c4573840:host:94.130.10.221	SESSION-d4992d20c4573840 → host:94.130.10.221
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c88d3e9918500cb2:SESSION-c88d3e9918500cb2	SESSION-c88d3e9918500cb2 → pe:tls:SESSION-c88d3e9918500cb2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.184:geo_-16.28860_-49.01640	host:177.10.239.184 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8dc28b29833676bc:SESSION-8dc28b29833676bc	SESSION-8dc28b29833676bc → pe:syn:SESSION-8dc28b29833676bc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d5b80b4b47f274ca:PCAP:capture_20260430110001:43611bdf6759	SESSION-d5b80b4b47f274ca → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-71cc4f2ac3d57c32:SESSION-71cc4f2ac3d57c32	SESSION-71cc4f2ac3d57c32 → pe:tls:SESSION-71cc4f2ac3d57c32
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-04c23b7b96a70798:SESSION-04c23b7b96a70798	SESSION-04c23b7b96a70798 → pe:tls:SESSION-04c23b7b96a70798
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0d9e3720b73bcaea:SESSION-0d9e3720b73bcaea	SESSION-0d9e3720b73bcaea → pe:tls:SESSION-0d9e3720b73bcaea
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb17861f5be52c2c:host:177.10.235.89	SESSION-eb17861f5be52c2c → host:177.10.235.89
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cf7044e44d29be7c:host:177.10.233.172:host:172.234.197.23	SESSION-cf7044e44d29be7c → host:177.10.233.172 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a0e660e7f8fdd6f:host:177.10.236.53	SESSION-4a0e660e7f8fdd6f → host:177.10.236.53
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.243:asn:203771	host:95.170.25.243 → asn:203771
FLOW_FROM_HOSTOBS	e:from:SESSION-ca1727d5d29ffb7f:host:172.234.197.23	SESSION-ca1727d5d29ffb7f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:cb52c83e2455:port:tcp:443	flow:cb52c83e2455 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6d547ed30afcbb9f:PCAP:capture_20260430150001:ded20914761d	SESSION-6d547ed30afcbb9f → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-8d2a460a472c4c29:host:131.196.28.254	SESSION-8d2a460a472c4c29 → host:131.196.28.254
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0f3b543446abe714:PCAP:capture_20260430160001:9bfa4498506a	SESSION-0f3b543446abe714 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca5156d485d150e2:host:2.57.122.194	SESSION-ca5156d485d150e2 → host:2.57.122.194
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d2ed4131e5585f31:host:131.196.29.225:host:172.234.197.23	SESSION-d2ed4131e5585f31 → host:131.196.29.225 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3ca442589a0a5e5d:host:172.234.197.23	SESSION-3ca442589a0a5e5d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d274b6d174d04d01:SESSION-d274b6d174d04d01	SESSION-d274b6d174d04d01 → pe:tls:SESSION-d274b6d174d04d01
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a9d7ef6e96dbb9c5:SESSION-a9d7ef6e96dbb9c5	SESSION-a9d7ef6e96dbb9c5 → pe:syn:SESSION-a9d7ef6e96dbb9c5
flow_observed4-aryOBS	e:fo:flow:3bafc3163702	flow:3bafc3163702 → host:172.234.197.23 → host:177.10.238.152 → port:tcp:39034
flow_observed4-aryOBS	e:fo:flow:9e0fb934b56e	flow:9e0fb934b56e → host:172.234.197.23 → host:177.10.238.29 → port:tcp:42866
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa574f1f11f5b30b:host:131.196.31.22	SESSION-aa574f1f11f5b30b → host:131.196.31.22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a83f7d2591dcabf5:SESSION-a83f7d2591dcabf5	SESSION-a83f7d2591dcabf5 → pe:tls:SESSION-a83f7d2591dcabf5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4670d2b8fb3d0344:host:177.10.232.242	SESSION-4670d2b8fb3d0344 → host:177.10.232.242
flow_observed5-aryOBS	e:fo:flow:b11a0b13ae5f	flow:b11a0b13ae5f → host:131.196.29.144 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:fe000ddf248e:port:tcp:38634	flow:fe000ddf248e → port:tcp:38634
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-472112a6b5df57cd:PCAP:capture_20260430160001:9bfa4498506a	SESSION-472112a6b5df57cd → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:af163fb10b44	flow:af163fb10b44 → host:131.196.30.182 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.121:asn:262880	host:177.10.232.121 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-25f56036928a5a45:host:177.10.236.78	SESSION-25f56036928a5a45 → host:177.10.236.78
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.29:geo_-16.28860_-49.01640	host:177.10.233.29 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e39b76c4ba6c4cf6:host:172.234.197.23	SESSION-e39b76c4ba6c4cf6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8d12ffa49d0d3231:SESSION-8d12ffa49d0d3231	SESSION-8d12ffa49d0d3231 → pe:syn:SESSION-8d12ffa49d0d3231
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-89ff4b6182efd39b:flow:9f0c432ad89d	SESSION-89ff4b6182efd39b → flow:9f0c432ad89d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-16df0786ef84574d:SESSION-16df0786ef84574d	SESSION-16df0786ef84574d → pe:syn:SESSION-16df0786ef84574d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ad42e8c66a89ee5:host:172.234.197.23	SESSION-8ad42e8c66a89ee5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a971dfbf90734efe:host:45.173.156.110:host:172.234.197.23	SESSION-a971dfbf90734efe → host:45.173.156.110 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.207:asn:271410	host:131.196.28.207 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-baf4494100018e3a:host:172.234.197.23	SESSION-baf4494100018e3a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1c315b0bf7f59a30:host:172.234.197.23	SESSION-1c315b0bf7f59a30 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f306c00af6aee0a4:flow:444d77b86e60	SESSION-f306c00af6aee0a4 → flow:444d77b86e60
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7948a18eeb1cbc0d:host:95.170.25.31:host:172.234.197.23	SESSION-7948a18eeb1cbc0d → host:95.170.25.31 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-420c45d015462611:host:172.234.197.23	SESSION-420c45d015462611 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-75d8d9da58d6d51c:host:172.234.197.23	SESSION-75d8d9da58d6d51c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-430caa0514cbc012:SESSION-430caa0514cbc012	SESSION-430caa0514cbc012 → pe:syn:SESSION-430caa0514cbc012
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0427ab07f20fae31:SESSION-0427ab07f20fae31	SESSION-0427ab07f20fae31 → pe:syn:SESSION-0427ab07f20fae31
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.233:geo_-16.28860_-49.01640	host:177.10.233.233 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-31cda31fe1b0dd07:host:172.234.197.23	SESSION-31cda31fe1b0dd07 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5f4a8961dba27f33:host:103.155.16.117	SESSION-5f4a8961dba27f33 → host:103.155.16.117
flow_observed4-aryOBS	e:fo:flow:c427fb98e016	flow:c427fb98e016 → host:172.234.197.23 → host:131.196.30.222 → port:tcp:9293
FLOW_FROM_HOSTOBS	e:from:SESSION-f6588417d002f2ed:host:45.173.156.170	SESSION-f6588417d002f2ed → host:45.173.156.170
FLOW_DST_PORTOBS	e:fp:flow:494513d358c8:port:tcp:443	flow:494513d358c8 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9633daabdcbaa0c0:SESSION-9633daabdcbaa0c0	SESSION-9633daabdcbaa0c0 → pe:tls:SESSION-9633daabdcbaa0c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2ecbcecdc44a459:host:177.10.237.113	SESSION-e2ecbcecdc44a459 → host:177.10.237.113
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e3ca473e8fbcab1:SESSION-4e3ca473e8fbcab1	SESSION-4e3ca473e8fbcab1 → pe:tls:SESSION-4e3ca473e8fbcab1
FLOW_FROM_HOSTOBS	e:from:SESSION-576cc11ebde25a50:host:172.234.197.23	SESSION-576cc11ebde25a50 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d7f8914f0744c0dd:host:177.10.233.222	SESSION-d7f8914f0744c0dd → host:177.10.233.222
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8958b8d9cf24f177:SESSION-8958b8d9cf24f177	SESSION-8958b8d9cf24f177 → pe:syn:SESSION-8958b8d9cf24f177
flow_observed5-aryOBS	e:fo:flow:6a526367cd4a	flow:6a526367cd4a → host:177.10.239.96 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96623b45a0a307c2:host:172.234.197.23:host:45.173.156.116	SESSION-96623b45a0a307c2 → host:172.234.197.23 → host:45.173.156.116
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c15ada1b10271eef:host:131.196.31.122:host:172.234.197.23	SESSION-c15ada1b10271eef → host:131.196.31.122 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a808f31a4e66	flow:a808f31a4e66 → host:172.234.197.23 → host:131.196.30.186 → port:tcp:36575
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b308d2f7d4fdfaa:flow:1ef21b7a0702	SESSION-7b308d2f7d4fdfaa → flow:1ef21b7a0702
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-31126205fa7b72e3:SESSION-31126205fa7b72e3	SESSION-31126205fa7b72e3 → pe:tls:SESSION-31126205fa7b72e3
FLOW_FROM_HOSTOBS	e:from:SESSION-bcba548cda079292:host:177.10.233.53	SESSION-bcba548cda079292 → host:177.10.233.53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-704e3a6bbdc29013:host:172.234.197.23	SESSION-704e3a6bbdc29013 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e4ca9ed534f9:port:tcp:61506	flow:e4ca9ed534f9 → port:tcp:61506
FLOW_DST_PORTOBS	e:fp:flow:33ec49a7a8bf:port:tcp:443	flow:33ec49a7a8bf → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b03f12d359ceed54:flow:5e5be571de9c	SESSION-b03f12d359ceed54 → flow:5e5be571de9c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eaf5b03036efa5c6:flow:0c531332d334	SESSION-eaf5b03036efa5c6 → flow:0c531332d334
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35dd0088a1238ab9:host:177.10.238.231	SESSION-35dd0088a1238ab9 → host:177.10.238.231
FLOW_FROM_HOSTOBS	e:from:SESSION-6cecd25b5e4e4c9c:host:172.234.197.23	SESSION-6cecd25b5e4e4c9c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:07535cfd3b72:port:tcp:443	flow:07535cfd3b72 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-68317c08ea2eebc2:host:131.196.31.221	SESSION-68317c08ea2eebc2 → host:131.196.31.221
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a8eb3ecb5c5b32a8:flow:1b2072a6894f	SESSION-a8eb3ecb5c5b32a8 → flow:1b2072a6894f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f3748d9d14aafdb8:SESSION-f3748d9d14aafdb8	SESSION-f3748d9d14aafdb8 → pe:tls:SESSION-f3748d9d14aafdb8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f0fe0e8460d1c75f:flow:a34f8aafa3e2	SESSION-f0fe0e8460d1c75f → flow:a34f8aafa3e2
FLOW_DST_PORTOBS	e:fp:flow:dd092bc8f239:port:tcp:14028	flow:dd092bc8f239 → port:tcp:14028
flow_observed4-aryOBS	e:fo:flow:b4923f25a42e	flow:b4923f25a42e → host:172.234.197.23 → host:177.10.236.46 → port:tcp:43708
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d4341cc9426e2382:SESSION-d4341cc9426e2382	SESSION-d4341cc9426e2382 → pe:syn:SESSION-d4341cc9426e2382
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-49828b0c1667648d:flow:cdd7f96d14d6	SESSION-49828b0c1667648d → flow:cdd7f96d14d6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-124cb6be20cbe456:host:172.234.197.23	SESSION-124cb6be20cbe456 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9b22fd3d92fd3016:host:172.234.197.23	SESSION-9b22fd3d92fd3016 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9d9eea4dccd4:port:tcp:443	flow:9d9eea4dccd4 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8c3d14af1a5eb503:PCAP:capture_20260430080001:93f47cc296a4	SESSION-8c3d14af1a5eb503 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bdbc4c9f7cbfe0c2:host:172.234.197.23	SESSION-bdbc4c9f7cbfe0c2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7de8e99103378c90:host:172.234.197.23	SESSION-7de8e99103378c90 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-71cc4f2ac3d57c32:PCAP:capture_20260430080001:93f47cc296a4	SESSION-71cc4f2ac3d57c32 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dad6cf67ed488f0b:host:131.196.31.127	SESSION-dad6cf67ed488f0b → host:131.196.31.127
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4baa6f7cc0122cad:SESSION-4baa6f7cc0122cad	SESSION-4baa6f7cc0122cad → pe:tls:SESSION-4baa6f7cc0122cad
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3674a7955b512da1:SESSION-3674a7955b512da1	SESSION-3674a7955b512da1 → pe:tls:SESSION-3674a7955b512da1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6d74877df7cdd5d7:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6d74877df7cdd5d7 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-396da887f3ac73e5:SESSION-396da887f3ac73e5	SESSION-396da887f3ac73e5 → pe:syn:SESSION-396da887f3ac73e5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a3414b775ddfde4b:host:177.10.238.194:host:172.234.197.23	SESSION-a3414b775ddfde4b → host:177.10.238.194 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2a33d29db5091f68:host:172.234.197.23	SESSION-2a33d29db5091f68 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.151:asn:262880	host:177.10.237.151 → asn:262880
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-a9d7ef6e96dbb9c5:BSG-BEACON-61380c9a629a	SESSION-a9d7ef6e96dbb9c5 → BSG-BEACON-61380c9a629a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.148:geo_-23.62930_-46.63510	host:131.196.29.148 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-a03dc7893b60925b:host:177.10.237.161	SESSION-a03dc7893b60925b → host:177.10.237.161
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eb9826b2bc40f219:SESSION-eb9826b2bc40f219	SESSION-eb9826b2bc40f219 → pe:syn:SESSION-eb9826b2bc40f219
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.166:asn:262880	host:177.10.239.166 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4bb4f425427d3bee:flow:15df16109c4b	SESSION-4bb4f425427d3bee → flow:15df16109c4b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72e57a99703d053d:host:172.234.197.23	SESSION-72e57a99703d053d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-16fca057f28c0943:host:177.10.238.87:host:172.234.197.23	SESSION-16fca057f28c0943 → host:177.10.238.87 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ef449155f969	flow:ef449155f969 → host:177.10.233.185 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-122d3bc093be76f2:PCAP:capture_20260430160001:9bfa4498506a	SESSION-122d3bc093be76f2 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:9b350481ac58	flow:9b350481ac58 → host:131.196.29.51 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-fc01b506a83e5847:host:131.196.31.47	SESSION-fc01b506a83e5847 → host:131.196.31.47
flow_observed5-aryOBS	e:fo:flow:115565aec817	flow:115565aec817 → host:177.10.236.84 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a681df8efb85197d:SESSION-a681df8efb85197d	SESSION-a681df8efb85197d → pe:tls:SESSION-a681df8efb85197d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c874ff4a201372ef:host:172.234.197.23	SESSION-c874ff4a201372ef → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:751d99601d60:port:tcp:18351	flow:751d99601d60 → port:tcp:18351
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fce590506c76a4f8:host:131.196.31.34	SESSION-fce590506c76a4f8 → host:131.196.31.34
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce9bea4cad9ad3a3:host:51.224.135.22	SESSION-ce9bea4cad9ad3a3 → host:51.224.135.22
FLOW_DST_PORTOBS	e:fp:flow:ce3ec0d56928:port:tcp:443	flow:ce3ec0d56928 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b880a07e89a760de:SESSION-b880a07e89a760de	SESSION-b880a07e89a760de → pe:syn:SESSION-b880a07e89a760de
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-60f4d0af24f032dd:host:172.234.197.23:host:131.196.28.126	SESSION-60f4d0af24f032dd → host:172.234.197.23 → host:131.196.28.126
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.9:geo_-23.62930_-46.63510	host:131.196.30.9 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5f5575c7d9faf65d:SESSION-5f5575c7d9faf65d	SESSION-5f5575c7d9faf65d → pe:syn:SESSION-5f5575c7d9faf65d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3efb69df0be27ca4:SESSION-3efb69df0be27ca4	SESSION-3efb69df0be27ca4 → pe:syn:SESSION-3efb69df0be27ca4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-49828b0c1667648d:host:131.196.28.19:host:172.234.197.23	SESSION-49828b0c1667648d → host:131.196.28.19 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a1fc2ffae35a:port:tcp:25777	flow:a1fc2ffae35a → port:tcp:25777
FLOW_DST_PORTOBS	e:fp:flow:d3ddefa260d1:port:tcp:18723	flow:d3ddefa260d1 → port:tcp:18723
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2eff7ebef8fd9091:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2eff7ebef8fd9091 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d8d921ace7c85ce9:SESSION-d8d921ace7c85ce9	SESSION-d8d921ace7c85ce9 → pe:syn:SESSION-d8d921ace7c85ce9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ac6ab160136e0424:SESSION-ac6ab160136e0424	SESSION-ac6ab160136e0424 → pe:syn:SESSION-ac6ab160136e0424
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1633b12f0e20b97e:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-1633b12f0e20b97e → PCAP:capture_20260428000001:7e90c7cb899e
FLOW_FROM_HOSTOBS	e:from:SESSION-316a629875744009:host:177.10.236.46	SESSION-316a629875744009 → host:177.10.236.46
FLOW_TO_HOSTOBS	e:to:SESSION-873a01bbf1ba0d09:host:172.234.197.23	SESSION-873a01bbf1ba0d09 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0bc55e1159bab546:host:131.196.30.73:host:172.234.197.23	SESSION-0bc55e1159bab546 → host:131.196.30.73 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-587cecb9c2d65d84:host:172.234.197.23	SESSION-587cecb9c2d65d84 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a604218ad277317:host:131.196.29.114	SESSION-8a604218ad277317 → host:131.196.29.114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf1647bbc272aaf8:SESSION-bf1647bbc272aaf8	SESSION-bf1647bbc272aaf8 → pe:tls:SESSION-bf1647bbc272aaf8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5080263f1b2fd5b9:SESSION-5080263f1b2fd5b9	SESSION-5080263f1b2fd5b9 → pe:tls:SESSION-5080263f1b2fd5b9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fef5e1438bdea640:PCAP:capture_20260430080001:93f47cc296a4	SESSION-fef5e1438bdea640 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:20799daf6931	flow:20799daf6931 → host:177.10.233.134 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-c3b9d914716975ab:host:172.234.197.23	SESSION-c3b9d914716975ab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e66594520e7edee5:host:131.196.30.143	SESSION-e66594520e7edee5 → host:131.196.30.143
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-94dde62df04dcb4a:SESSION-94dde62df04dcb4a	SESSION-94dde62df04dcb4a → pe:tls:SESSION-94dde62df04dcb4a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-40f1f2214a3951bb:PCAP:capture_20260430110001:43611bdf6759	SESSION-40f1f2214a3951bb → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d8d8471d99b0ccf5:host:177.10.239.28:host:172.234.197.23	SESSION-d8d8471d99b0ccf5 → host:177.10.239.28 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:52d611ee4d3f	flow:52d611ee4d3f → host:177.10.237.4 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e61b886c68594d41:host:172.234.197.23	SESSION-e61b886c68594d41 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7ad6356c5bafa36b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7ad6356c5bafa36b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5c1a2c7dc69870b1:flow:01654e0070e3	SESSION-5c1a2c7dc69870b1 → flow:01654e0070e3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-592f6a5ffad96a3b:host:172.234.197.23	SESSION-592f6a5ffad96a3b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-53fc35cd2bdb80ce:flow:e68dc8e4f9d6	SESSION-53fc35cd2bdb80ce → flow:e68dc8e4f9d6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-456e62c8b4b103dc:host:172.234.197.23	SESSION-456e62c8b4b103dc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ee12e96d458a4e4:PCAP:capture_20260430090001:065659c7d314	SESSION-1ee12e96d458a4e4 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e79bdabe92472fb:host:172.234.197.23	SESSION-4e79bdabe92472fb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32273c66c8bf9656:host:177.10.235.51	SESSION-32273c66c8bf9656 → host:177.10.235.51
FLOW_DST_PORTOBS	e:fp:flow:776d8c0cfcb9:port:tcp:443	flow:776d8c0cfcb9 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-e626c78b08de0a8b:host:172.234.197.23	SESSION-e626c78b08de0a8b → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:cba47359eaab	flow:cba47359eaab → host:172.234.197.23 → host:131.196.28.94 → port:tcp:20405
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d975c41b16afdd4:PCAP:capture_20260430110001:43611bdf6759	SESSION-1d975c41b16afdd4 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0665b9726687b63:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-c0665b9726687b63 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.107:asn:271410	host:131.196.29.107 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2d6be65d6480cd7d:flow:fcae7621099f	SESSION-2d6be65d6480cd7d → flow:fcae7621099f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3685b3a1e6c25f1a:host:172.234.197.23	SESSION-3685b3a1e6c25f1a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-029d1f2d00b0343a:host:172.234.197.23	SESSION-029d1f2d00b0343a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74744b11834c8470:host:45.173.156.52	SESSION-74744b11834c8470 → host:45.173.156.52
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e09f613cd450ebc9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e09f613cd450ebc9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-1d00f55e5db951c5:host:131.196.30.43	SESSION-1d00f55e5db951c5 → host:131.196.30.43
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eaa7799a31d50d65:flow:caf67f36323b	SESSION-eaa7799a31d50d65 → flow:caf67f36323b
FLOW_TO_HOSTOBS	e:to:SESSION-6944fe230f08618b:host:172.234.197.23	SESSION-6944fe230f08618b → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:9b3343130edd	flow:9b3343130edd → host:172.234.197.23 → host:131.196.29.21 → port:tcp:4072
FLOW_DST_PORTOBS	e:fp:flow:3c53acf68acf:port:tcp:443	flow:3c53acf68acf → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9e9c761e9ca1eb65:PCAP:capture_20260430110001:43611bdf6759	SESSION-9e9c761e9ca1eb65 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-2dd011a07497df56:host:177.10.233.125	SESSION-2dd011a07497df56 → host:177.10.233.125
FLOW_DST_PORTOBS	e:fp:flow:56a8cea9fac6:port:tcp:443	flow:56a8cea9fac6 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-83f081267b847a58:PCAP:capture_20260430110001:43611bdf6759	SESSION-83f081267b847a58 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-bc1a8a6f7d90953a:SESSION-bc1a8a6f7d90953a	SESSION-bc1a8a6f7d90953a → pe:dns:SESSION-bc1a8a6f7d90953a
FLOW_DST_PORTOBS	e:fp:flow:f4275370abdd:port:tcp:55939	flow:f4275370abdd → port:tcp:55939
FLOW_TO_HOSTOBS	e:to:SESSION-19ad8f01572b4d12:host:177.10.238.8	SESSION-19ad8f01572b4d12 → host:177.10.238.8
flow_observed4-aryOBS	e:fo:flow:b13e2d90ae6a	flow:b13e2d90ae6a → host:172.234.197.23 → host:177.10.237.169 → port:tcp:55434
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.178:asn:262880	host:177.10.232.178 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0c6cb018cbd8a763:SESSION-0c6cb018cbd8a763	SESSION-0c6cb018cbd8a763 → pe:tls:SESSION-0c6cb018cbd8a763
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-97537ed6358a20d5:host:45.145.152.87:host:172.234.197.23	SESSION-97537ed6358a20d5 → host:45.145.152.87 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cea44595be79fe10:SESSION-cea44595be79fe10	SESSION-cea44595be79fe10 → pe:tls:SESSION-cea44595be79fe10
flow_observed5-aryOBS	e:fo:flow:53d37a6eb3a2	flow:53d37a6eb3a2 → host:177.10.233.109 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:873011771a03:port:tcp:443	flow:873011771a03 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7828bb27afafcc71:flow:138da8759222	SESSION-7828bb27afafcc71 → flow:138da8759222
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-341cb53ffc41c3af:host:172.234.197.23	SESSION-341cb53ffc41c3af → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-693fee7d62fe51b9:host:177.10.232.88:host:172.234.197.23	SESSION-693fee7d62fe51b9 → host:177.10.232.88 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ba4bb01be574ad6:host:172.234.197.23	SESSION-4ba4bb01be574ad6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-21a19991d129ba18:host:177.10.237.35	SESSION-21a19991d129ba18 → host:177.10.237.35
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.111:geo_-23.62930_-46.63510	host:131.196.31.111 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-f879597a466f9080:host:172.234.197.23	SESSION-f879597a466f9080 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9ffa027db374a629:host:177.10.233.233	SESSION-9ffa027db374a629 → host:177.10.233.233
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c36a1f3b5aad9a99:SESSION-c36a1f3b5aad9a99	SESSION-c36a1f3b5aad9a99 → pe:syn:SESSION-c36a1f3b5aad9a99
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c532caa5d41cfcbc:host:5.75.182.251	SESSION-c532caa5d41cfcbc → host:5.75.182.251
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84186d30322c849e:host:131.196.28.107	SESSION-84186d30322c849e → host:131.196.28.107
FLOW_TO_HOSTOBS	e:to:SESSION-36966af2dfd8700b:host:131.196.30.0	SESSION-36966af2dfd8700b → host:131.196.30.0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-282c3beb2e9d9d39:SESSION-282c3beb2e9d9d39	SESSION-282c3beb2e9d9d39 → pe:tls:SESSION-282c3beb2e9d9d39
FLOW_DST_PORTOBS	e:fp:flow:e2597f9b7088:port:tcp:443	flow:e2597f9b7088 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-566179d6a12d7e1c:SESSION-566179d6a12d7e1c	SESSION-566179d6a12d7e1c → pe:tls:SESSION-566179d6a12d7e1c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e632e9ec3b8d735c:host:177.10.239.70:host:172.234.197.23	SESSION-e632e9ec3b8d735c → host:177.10.239.70 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6ed96bf23ac2f6b:host:131.196.29.15	SESSION-a6ed96bf23ac2f6b → host:131.196.29.15
flow_observed5-aryOBS	e:fo:flow:3b3399fbef03	flow:3b3399fbef03 → host:95.170.25.5 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a29c9496c44f9fe8:host:172.234.197.23	SESSION-a29c9496c44f9fe8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7aaf7c17fdae8be6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7aaf7c17fdae8be6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-baf6029a4a920bc4:host:177.10.238.90	SESSION-baf6029a4a920bc4 → host:177.10.238.90
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7771c9cc3604c57a:SESSION-7771c9cc3604c57a	SESSION-7771c9cc3604c57a → pe:tls:SESSION-7771c9cc3604c57a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-36db005d6a8b5922:flow:bd845b73dcef	SESSION-36db005d6a8b5922 → flow:bd845b73dcef
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.157:asn:271410	host:131.196.30.157 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:a5dcec87eab7:port:tcp:56646	flow:a5dcec87eab7 → port:tcp:56646
flow_observed5-aryOBS	e:fo:flow:6cd807157248	flow:6cd807157248 → host:46.4.252.37 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:69755715354d:port:tcp:52005	flow:69755715354d → port:tcp:52005
flow_observed5-aryOBS	e:fo:flow:14ec9179e9d3	flow:14ec9179e9d3 → host:177.10.239.111 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e3ca473e8fbcab1:SESSION-4e3ca473e8fbcab1	SESSION-4e3ca473e8fbcab1 → pe:syn:SESSION-4e3ca473e8fbcab1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6f5b8d372cd42441:flow:1c2781325e97	SESSION-6f5b8d372cd42441 → flow:1c2781325e97
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1fd73a09d62d6f89:flow:29836d882b78	SESSION-1fd73a09d62d6f89 → flow:29836d882b78
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-226dccfda73d96ef:SESSION-226dccfda73d96ef	SESSION-226dccfda73d96ef → pe:tls:SESSION-226dccfda73d96ef
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-acae490ef1211ca7:PCAP:capture_20260430070001:903a0e7a436b	SESSION-acae490ef1211ca7 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-35fc058c4fe240ad:flow:436e93c989c9	SESSION-35fc058c4fe240ad → flow:436e93c989c9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0f4fd2f0020968b3:host:45.173.156.124	SESSION-0f4fd2f0020968b3 → host:45.173.156.124
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a082d71203d179a:host:172.234.197.23	SESSION-3a082d71203d179a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7ced1b2b5b8c	flow:7ced1b2b5b8c → host:177.10.237.204 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b35aac65e648dac0:host:185.231.226.144	SESSION-b35aac65e648dac0 → host:185.231.226.144
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-27f830f77ddb5dd1:BSG-BEACON-ddcd58bdc4dc	SESSION-27f830f77ddb5dd1 → BSG-BEACON-ddcd58bdc4dc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-484d7e89f92d0359:host:172.234.197.23	SESSION-484d7e89f92d0359 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1362b7f51908925c:flow:46ffb306339f	SESSION-1362b7f51908925c → flow:46ffb306339f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e09e8a3cbea3c18a:SESSION-e09e8a3cbea3c18a	SESSION-e09e8a3cbea3c18a → pe:tls:SESSION-e09e8a3cbea3c18a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ad9dd4ac6be1fc2:host:172.234.197.23	SESSION-1ad9dd4ac6be1fc2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aec4f33b062c0e6b:SESSION-aec4f33b062c0e6b	SESSION-aec4f33b062c0e6b → pe:syn:SESSION-aec4f33b062c0e6b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.199:geo_41.02140_28.99480	host:31.40.196.199 → geo_41.02140_28.99480
FLOW_DST_PORTOBS	e:fp:flow:32b2fdbd6001:port:tcp:443	flow:32b2fdbd6001 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4be71a9ef959f500:host:172.234.197.23:host:131.196.31.145	SESSION-4be71a9ef959f500 → host:172.234.197.23 → host:131.196.31.145
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-acada2cd7035c790:flow:a88eed846aeb	SESSION-acada2cd7035c790 → flow:a88eed846aeb
flow_observed5-aryOBS	e:fo:flow:2d81150733e9	flow:2d81150733e9 → host:131.196.28.71 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-079ef1e0e1e74623:host:172.234.197.23	SESSION-079ef1e0e1e74623 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:8a957b04bd86	flow:8a957b04bd86 → host:172.234.197.23 → host:177.10.237.80 → port:tcp:3103
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7f4f84053ddcae3c:SESSION-7f4f84053ddcae3c	SESSION-7f4f84053ddcae3c → pe:syn:SESSION-7f4f84053ddcae3c
FLOW_DST_PORTOBS	e:fp:flow:eb22f21caf3d:port:tcp:29780	flow:eb22f21caf3d → port:tcp:29780
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-433230166b97139a:host:172.234.197.23	SESSION-433230166b97139a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8bf059b02e9beec:SESSION-c8bf059b02e9beec	SESSION-c8bf059b02e9beec → pe:syn:SESSION-c8bf059b02e9beec
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.201:asn:271410	host:131.196.31.201 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-472adb1eeb20f880:SESSION-472adb1eeb20f880	SESSION-472adb1eeb20f880 → pe:syn:SESSION-472adb1eeb20f880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.73:asn:262880	host:177.10.236.73 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ae747b0389dd0111:SESSION-ae747b0389dd0111	SESSION-ae747b0389dd0111 → pe:syn:SESSION-ae747b0389dd0111
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa2f81c8f6798425:host:177.10.233.4	SESSION-fa2f81c8f6798425 → host:177.10.233.4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-32012e3b5048e415:host:131.196.31.83:host:172.234.197.23	SESSION-32012e3b5048e415 → host:131.196.31.83 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:628dc6635430:port:tcp:15556	flow:628dc6635430 → port:tcp:15556
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-328591b09b0655cf:host:177.10.233.76	SESSION-328591b09b0655cf → host:177.10.233.76
flow_observed5-aryOBS	e:fo:flow:3100de296217	flow:3100de296217 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a4200861230ead3:host:131.196.28.69:host:172.234.197.23	SESSION-0a4200861230ead3 → host:131.196.28.69 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.230:geo_-21.10010_-41.69200	host:45.173.156.230 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d446777121d9b1f8:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d446777121d9b1f8 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2b54b11bede7a4d5:PCAP:capture_20260430080001:93f47cc296a4	SESSION-2b54b11bede7a4d5 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bcd779876233a786:SESSION-bcd779876233a786	SESSION-bcd779876233a786 → pe:tls:SESSION-bcd779876233a786
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-82d78308744a8bb2:BSG-BEACON-08f229190f12	SESSION-82d78308744a8bb2 → BSG-BEACON-08f229190f12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-47ed57a240abf6fc:SESSION-47ed57a240abf6fc	SESSION-47ed57a240abf6fc → pe:syn:SESSION-47ed57a240abf6fc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-403d8f142c86493c:host:177.10.236.24:host:172.234.197.23	SESSION-403d8f142c86493c → host:177.10.236.24 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b5f77768a227f3c:host:172.234.197.23	SESSION-0b5f77768a227f3c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:03576699bee3:port:tcp:22869	flow:03576699bee3 → port:tcp:22869
flow_observed4-aryOBS	e:fo:flow:9ecf6a5f2cf7	flow:9ecf6a5f2cf7 → host:172.234.197.23 → host:45.173.156.209 → port:tcp:19359
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5c83cde1dbe634e7:flow:bd73033b18da	SESSION-5c83cde1dbe634e7 → flow:bd73033b18da
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66a529d98727e997:host:131.196.31.82	SESSION-66a529d98727e997 → host:131.196.31.82
FLOW_FROM_HOSTOBS	e:from:SESSION-bca14afee5df98e9:host:131.196.29.60	SESSION-bca14afee5df98e9 → host:131.196.29.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2eb15df038685c53:host:104.28.234.79	SESSION-2eb15df038685c53 → host:104.28.234.79
flow_observed5-aryOBS	e:fo:flow:99460b559763	flow:99460b559763 → host:177.10.237.15 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-8ccf862d3dae518e:host:172.234.197.23	SESSION-8ccf862d3dae518e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-117c00f29ed332ce:host:172.234.197.23	SESSION-117c00f29ed332ce → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2df4632ec7c2c624:host:172.234.197.23	SESSION-2df4632ec7c2c624 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85c181ffe8433ff0:PCAP:capture_20260430070001:903a0e7a436b	SESSION-85c181ffe8433ff0 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:d47b5af2568e	flow:d47b5af2568e → host:177.10.237.211 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-ae747b0389dd0111:host:172.234.197.23	SESSION-ae747b0389dd0111 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-430caa0514cbc012:SESSION-430caa0514cbc012	SESSION-430caa0514cbc012 → pe:tls:SESSION-430caa0514cbc012
flow_observed5-aryOBS	e:fo:flow:c0f2dd55f138	flow:c0f2dd55f138 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.237:asn:271410	host:131.196.31.237 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3b520e491b5957c0:SESSION-3b520e491b5957c0	SESSION-3b520e491b5957c0 → pe:tls:SESSION-3b520e491b5957c0
FLOW_FROM_HOSTOBS	e:from:SESSION-34c02a09bd1ab4d1:host:45.145.152.222	SESSION-34c02a09bd1ab4d1 → host:45.145.152.222
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d43ecb134342fe00:flow:b59b545e522a	SESSION-d43ecb134342fe00 → flow:b59b545e522a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fe8ac015ba2db65:host:131.196.29.208	SESSION-5fe8ac015ba2db65 → host:131.196.29.208
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de46def2c97c3533:host:172.234.197.23	SESSION-de46def2c97c3533 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a9de26895ffb34a3:host:177.10.236.56	SESSION-a9de26895ffb34a3 → host:177.10.236.56
FLOW_DST_PORTOBS	e:fp:flow:a1034dcdd818:port:tcp:46056	flow:a1034dcdd818 → port:tcp:46056
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a3a44f67a1174447:host:95.170.25.97:host:172.234.197.23	SESSION-a3a44f67a1174447 → host:95.170.25.97 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-003677474853cb22:PCAP:capture_20260430060001:919b39a74464	SESSION-003677474853cb22 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-8cb5f38c68f62897:host:177.10.236.215	SESSION-8cb5f38c68f62897 → host:177.10.236.215
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e88ec164d738844a:SESSION-e88ec164d738844a	SESSION-e88ec164d738844a → pe:tls:SESSION-e88ec164d738844a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cac3103b39cc2b1a:SESSION-cac3103b39cc2b1a	SESSION-cac3103b39cc2b1a → pe:tls:SESSION-cac3103b39cc2b1a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-be95a34ad4eedb81:SESSION-be95a34ad4eedb81	SESSION-be95a34ad4eedb81 → pe:tls:SESSION-be95a34ad4eedb81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ffa84d5a72af3dab:SESSION-ffa84d5a72af3dab	SESSION-ffa84d5a72af3dab → pe:syn:SESSION-ffa84d5a72af3dab
FLOW_FROM_HOSTOBS	e:from:SESSION-6457b3248e0b30fe:host:177.10.232.167	SESSION-6457b3248e0b30fe → host:177.10.232.167
FLOW_DST_PORTOBS	e:fp:flow:b0c4f4fc61a3:port:tcp:443	flow:b0c4f4fc61a3 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5e80661c10e8e6e7:host:149.202.187.73:host:172.234.197.23	SESSION-5e80661c10e8e6e7 → host:149.202.187.73 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0b4130b0efbd1505:SESSION-0b4130b0efbd1505	SESSION-0b4130b0efbd1505 → pe:syn:SESSION-0b4130b0efbd1505
FLOW_DST_PORTOBS	e:fp:flow:b20cde943d03:port:tcp:443	flow:b20cde943d03 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7e8f7da56292748:host:177.10.239.137	SESSION-e7e8f7da56292748 → host:177.10.239.137
FLOW_FROM_HOSTOBS	e:from:SESSION-36e366306285e270:host:177.10.235.114	SESSION-36e366306285e270 → host:177.10.235.114
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62b0720ae8fecbf5:host:45.173.156.233	SESSION-62b0720ae8fecbf5 → host:45.173.156.233
FLOW_DST_PORTOBS	e:fp:flow:e4dd419a2453:port:tcp:443	flow:e4dd419a2453 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a38bfeac3fad0550:SESSION-a38bfeac3fad0550	SESSION-a38bfeac3fad0550 → pe:tls:SESSION-a38bfeac3fad0550
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-70ca21a7c0c8fc42:host:177.10.234.26:host:172.234.197.23	SESSION-70ca21a7c0c8fc42 → host:177.10.234.26 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-83f081267b847a58:host:177.10.234.126:host:172.234.197.23	SESSION-83f081267b847a58 → host:177.10.234.126 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:111b323c837f:port:tcp:443	flow:111b323c837f → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e859a84eb4eaf300:host:177.10.235.144:host:172.234.197.23	SESSION-e859a84eb4eaf300 → host:177.10.235.144 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a3df3a26ac38d69:flow:3122f5c62a02	SESSION-4a3df3a26ac38d69 → flow:3122f5c62a02
FLOW_TO_HOSTOBS	e:to:SESSION-85d2db504e73f17a:host:172.234.197.23	SESSION-85d2db504e73f17a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39452ac6bcbae8d3:host:131.196.31.80	SESSION-39452ac6bcbae8d3 → host:131.196.31.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f4bcb88049ff8a93:PCAP:capture_20260428010001:b1b402c7b202	SESSION-f4bcb88049ff8a93 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-baf09a66da0e4962:SESSION-baf09a66da0e4962	SESSION-baf09a66da0e4962 → pe:tls:SESSION-baf09a66da0e4962
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.31:geo_-16.28860_-49.01640	host:177.10.238.31 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-433230166b97139a:host:177.10.238.11:host:172.234.197.23	SESSION-433230166b97139a → host:177.10.238.11 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-91196c5d66e04f5c:host:177.10.237.236	SESSION-91196c5d66e04f5c → host:177.10.237.236
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ffa84d5a72af3dab:flow:8f2626a04e38	SESSION-ffa84d5a72af3dab → flow:8f2626a04e38
flow_observed5-aryOBS	e:fo:flow:444ebb738d2a	flow:444ebb738d2a → host:131.196.29.167 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:1ffefd09c68f	flow:1ffefd09c68f → host:172.234.197.23 → host:177.10.236.230 → port:tcp:57326
flow_observed3-aryOBS	e:fo:flow:9e19e3c6f37a	flow:9e19e3c6f37a → host:54.149.68.137 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4437969c398261c:SESSION-c4437969c398261c	SESSION-c4437969c398261c → pe:tls:SESSION-c4437969c398261c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b51b74891d2de4c5:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b51b74891d2de4c5 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:64143516771f	flow:64143516771f → host:172.234.197.23 → host:131.196.30.64 → port:tcp:10690
flow_observed5-aryOBS	e:fo:flow:fe7e1e129435	flow:fe7e1e129435 → host:177.10.238.107 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3645126144628c28:SESSION-3645126144628c28	SESSION-3645126144628c28 → pe:syn:SESSION-3645126144628c28
FLOW_TO_HOSTOBS	e:to:SESSION-63d746c5afa978f6:host:172.234.197.23	SESSION-63d746c5afa978f6 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b1c5da0364bd	flow:b1c5da0364bd → host:172.234.197.23 → host:131.196.31.17 → port:tcp:2604
flow_observed5-aryOBS	e:fo:flow:98eeeece514c	flow:98eeeece514c → host:103.230.240.59 → host:172.234.197.23 → port:tcp:22 → svc:ssh
FLOW_FROM_HOSTOBS	e:from:SESSION-41c6e0b91a3149eb:host:177.10.232.191	SESSION-41c6e0b91a3149eb → host:177.10.232.191
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-871dd8a53b87e11e:host:177.10.234.121:host:172.234.197.23	SESSION-871dd8a53b87e11e → host:177.10.234.121 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-04af603e6c9a6691:PCAP:capture_20260430080001:93f47cc296a4	SESSION-04af603e6c9a6691 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b699e12e3fdc2278:host:177.10.236.115	SESSION-b699e12e3fdc2278 → host:177.10.236.115
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-333a850c89106bc0:flow:75100b39b0ce	SESSION-333a850c89106bc0 → flow:75100b39b0ce
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-63d746c5afa978f6:host:172.234.197.23	SESSION-63d746c5afa978f6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c59a88aa03340e00:SESSION-c59a88aa03340e00	SESSION-c59a88aa03340e00 → pe:syn:SESSION-c59a88aa03340e00
flow_observed5-aryOBS	e:fo:flow:475c42977672	flow:475c42977672 → host:177.10.237.12 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6e8b24d973ac1177:SESSION-6e8b24d973ac1177	SESSION-6e8b24d973ac1177 → pe:syn:SESSION-6e8b24d973ac1177
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ea6c4aff46dde87:host:172.234.197.23	SESSION-3ea6c4aff46dde87 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6944fe230f08618b:host:131.196.29.29:host:172.234.197.23	SESSION-6944fe230f08618b → host:131.196.29.29 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2ffa310b40a91058:host:172.234.197.23	SESSION-2ffa310b40a91058 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c4325a6893dda791:host:172.234.197.23	SESSION-c4325a6893dda791 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-46cfffaa3fdb7f1d:BSG-BEACON-e07f4250263f	SESSION-46cfffaa3fdb7f1d → BSG-BEACON-e07f4250263f
FLOW_FROM_HOSTOBS	e:from:SESSION-200b6d1dbf438627:host:172.234.197.23	SESSION-200b6d1dbf438627 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40ef48225b459fb9:host:177.10.238.107	SESSION-40ef48225b459fb9 → host:177.10.238.107
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51c60ff5c6e820bd:PCAP:capture_20260430050001:8868731bf8a4	SESSION-51c60ff5c6e820bd → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:13d8c496e757	flow:13d8c496e757 → host:172.234.197.23 → host:177.10.234.107 → port:tcp:7474
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-495677aa294b030b:SESSION-495677aa294b030b	SESSION-495677aa294b030b → pe:tls:SESSION-495677aa294b030b
FLOW_TO_HOSTOBS	e:to:SESSION-6ae33589f66e7ab9:host:172.234.197.23	SESSION-6ae33589f66e7ab9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8221cb92d987	flow:8221cb92d987 → host:177.10.235.56 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7140a8719778d6c0:host:172.234.197.23:host:177.10.236.57	SESSION-7140a8719778d6c0 → host:172.234.197.23 → host:177.10.236.57
FLOW_FROM_HOSTOBS	e:from:SESSION-75add779b1a22971:host:172.234.197.23	SESSION-75add779b1a22971 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d5a74cc524a51e3d:host:131.196.30.141	SESSION-d5a74cc524a51e3d → host:131.196.30.141
flow_observed5-aryOBS	e:fo:flow:42bb404c3b16	flow:42bb404c3b16 → host:177.10.238.207 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-bb512b6db53333ff:host:177.10.238.28	SESSION-bb512b6db53333ff → host:177.10.238.28
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.93:geo_-16.28860_-49.01640	host:177.10.238.93 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2096050a1fa0221d:host:172.234.197.23	SESSION-2096050a1fa0221d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.61:asn:271410	host:131.196.30.61 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-779dfe498151f730:host:177.10.233.211	SESSION-779dfe498151f730 → host:177.10.233.211
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:2.57.122.194:geo_45.99680_24.99700	host:2.57.122.194 → geo_45.99680_24.99700
FLOW_DST_PORTOBS	e:fp:flow:4e9fd19f4a04:port:tcp:18476	flow:4e9fd19f4a04 → port:tcp:18476
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-feb3207d55e7c5c5:host:177.10.238.122	SESSION-feb3207d55e7c5c5 → host:177.10.238.122
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.117:asn:273470	host:45.173.156.117 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db638e9136fa3895:host:177.10.236.113	SESSION-db638e9136fa3895 → host:177.10.236.113
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc3cb32f8be8837a:host:177.10.237.204	SESSION-bc3cb32f8be8837a → host:177.10.237.204
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-46b3e65e40562e00:flow:21e85bbf73fa	SESSION-46b3e65e40562e00 → flow:21e85bbf73fa
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:8.213.192.144:geo_13.74990_100.51700	host:8.213.192.144 → geo_13.74990_100.51700
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5a6e84a9f98e2c60:SESSION-5a6e84a9f98e2c60	SESSION-5a6e84a9f98e2c60 → pe:syn:SESSION-5a6e84a9f98e2c60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f991b6c62555b6c:host:172.234.197.23	SESSION-1f991b6c62555b6c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74188080b03487af:host:172.234.197.23	SESSION-74188080b03487af → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fddb1520b60b4e20:host:172.234.197.23	SESSION-fddb1520b60b4e20 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-091ae841df8cdc2c:host:185.231.226.113:host:172.234.197.23	SESSION-091ae841df8cdc2c → host:185.231.226.113 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:299c3cef4094:port:tcp:44699	flow:299c3cef4094 → port:tcp:44699
FLOW_TO_HOSTOBS	e:to:SESSION-6631f08e8c06a9b6:host:172.234.197.23	SESSION-6631f08e8c06a9b6 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:35f8b65cdfe8	flow:35f8b65cdfe8 → host:172.234.197.23 → host:45.173.156.29 → port:tcp:47861
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.120:asn:273470	host:45.173.156.120 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-92c4be10fc1322be:SESSION-92c4be10fc1322be	SESSION-92c4be10fc1322be → pe:syn:SESSION-92c4be10fc1322be
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d5cd00671f435cc6:SESSION-d5cd00671f435cc6	SESSION-d5cd00671f435cc6 → pe:tls:SESSION-d5cd00671f435cc6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-130c48c57d6ba6f4:PCAP:capture_20260430070001:903a0e7a436b	SESSION-130c48c57d6ba6f4 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:a41a049c99f0	flow:a41a049c99f0 → host:131.196.30.1 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-169e7d2007075619:host:54.149.68.137	SESSION-169e7d2007075619 → host:54.149.68.137
FLOW_TO_HOSTOBS	e:to:SESSION-c16307b11a026263:host:172.234.197.23	SESSION-c16307b11a026263 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1fa31db6279a0e7c:flow:70e8002aa6aa	SESSION-1fa31db6279a0e7c → flow:70e8002aa6aa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-424e5c5b03912c3d:SESSION-424e5c5b03912c3d	SESSION-424e5c5b03912c3d → pe:tls:SESSION-424e5c5b03912c3d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a604218ad277317:host:172.234.197.23	SESSION-8a604218ad277317 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f7bf4f785679ea3b:host:172.234.197.23	SESSION-f7bf4f785679ea3b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-affecc1e92c420cb:SESSION-affecc1e92c420cb	SESSION-affecc1e92c420cb → pe:syn:SESSION-affecc1e92c420cb
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-9c58d6336bd500b5:BSG-BEACON-aca7f2deb21d	SESSION-9c58d6336bd500b5 → BSG-BEACON-aca7f2deb21d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-08b25d9f54ecadf2:host:172.234.197.23:host:177.10.238.186	SESSION-08b25d9f54ecadf2 → host:172.234.197.23 → host:177.10.238.186
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7a70c074fb73905e:host:172.234.197.23:host:131.196.30.47	SESSION-7a70c074fb73905e → host:172.234.197.23 → host:131.196.30.47
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cd1b98a612532c8e:SESSION-cd1b98a612532c8e	SESSION-cd1b98a612532c8e → pe:syn:SESSION-cd1b98a612532c8e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea5a5c8bbfcfd548:host:131.196.29.229	SESSION-ea5a5c8bbfcfd548 → host:131.196.29.229
flow_observed4-aryOBS	e:fo:flow:1942beb7de59	flow:1942beb7de59 → host:172.234.197.23 → host:177.10.232.190 → port:tcp:28381
FLOW_TO_HOSTOBS	e:to:SESSION-7d1b2f476de49a99:host:172.234.197.23	SESSION-7d1b2f476de49a99 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cce146f15a17b9a1:SESSION-cce146f15a17b9a1	SESSION-cce146f15a17b9a1 → pe:tls:SESSION-cce146f15a17b9a1
flow_observed4-aryOBS	e:fo:flow:ba34db124ffc	flow:ba34db124ffc → host:172.234.197.23 → host:177.10.239.24 → port:tcp:239
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-19f74a6b62d527a5:host:172.234.197.23:host:177.10.233.59	SESSION-19f74a6b62d527a5 → host:172.234.197.23 → host:177.10.233.59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-49ea8e2d7734ace3:SESSION-49ea8e2d7734ace3	SESSION-49ea8e2d7734ace3 → pe:tls:SESSION-49ea8e2d7734ace3
FLOW_DST_PORTOBS	e:fp:flow:1bc0a9c309a5:port:tcp:16213	flow:1bc0a9c309a5 → port:tcp:16213
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c2927944fbf9fbe3:flow:e398b6f99204	SESSION-c2927944fbf9fbe3 → flow:e398b6f99204
flow_observed5-aryOBS	e:fo:flow:b8254c8ce12b	flow:b8254c8ce12b → host:177.10.237.96 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-97d8ab6142f53424:host:177.10.233.8:host:172.234.197.23	SESSION-97d8ab6142f53424 → host:177.10.233.8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-00efe759e05a1a39:flow:69db748baf48	SESSION-00efe759e05a1a39 → flow:69db748baf48
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52ffcd7f81b035e2:host:172.234.197.23	SESSION-52ffcd7f81b035e2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fbdf1132d9fb1d0d:SESSION-fbdf1132d9fb1d0d	SESSION-fbdf1132d9fb1d0d → pe:syn:SESSION-fbdf1132d9fb1d0d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-59d92efe40de2f35:PCAP:capture_20260430080001:93f47cc296a4	SESSION-59d92efe40de2f35 → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.18:asn:262880	host:177.10.239.18 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d467c8665ef34f6a:host:177.10.232.196	SESSION-d467c8665ef34f6a → host:177.10.232.196
FLOW_FROM_HOSTOBS	e:from:SESSION-393d4d02c091bd7e:host:5.182.209.49	SESSION-393d4d02c091bd7e → host:5.182.209.49
FLOW_FROM_HOSTOBS	e:from:SESSION-5ed2dc2be6795ae2:host:177.10.232.149	SESSION-5ed2dc2be6795ae2 → host:177.10.232.149
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d2ea88f589d3294:flow:895c616786e2	SESSION-1d2ea88f589d3294 → flow:895c616786e2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa31472460997bf3:flow:99d68b6ab450	SESSION-aa31472460997bf3 → flow:99d68b6ab450
FLOW_TO_HOSTOBS	e:to:SESSION-919ba311fe0cedbc:host:172.234.197.23	SESSION-919ba311fe0cedbc → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9433c1773faa9882:flow:15d2a905685b	SESSION-9433c1773faa9882 → flow:15d2a905685b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.84:geo_-23.62930_-46.63510	host:131.196.31.84 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-841299f020c7f00d:host:172.234.197.23	SESSION-841299f020c7f00d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-53fc35cd2bdb80ce:SESSION-53fc35cd2bdb80ce	SESSION-53fc35cd2bdb80ce → pe:syn:SESSION-53fc35cd2bdb80ce
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.50:geo_41.02140_28.99480	host:185.231.226.50 → geo_41.02140_28.99480
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b9875f767bae73b8:SESSION-b9875f767bae73b8	SESSION-b9875f767bae73b8 → pe:tls:SESSION-b9875f767bae73b8
FLOW_DST_PORTOBS	e:fp:flow:1367069131cb:port:tcp:443	flow:1367069131cb → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c471169f59e284ee:host:131.196.29.124:host:172.234.197.23	SESSION-c471169f59e284ee → host:131.196.29.124 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dbe0692b3b05f921:SESSION-dbe0692b3b05f921	SESSION-dbe0692b3b05f921 → pe:tls:SESSION-dbe0692b3b05f921
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.244:geo_-23.62930_-46.63510	host:131.196.30.244 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-48482b2d296d23e2:host:131.196.29.201	SESSION-48482b2d296d23e2 → host:131.196.29.201
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c54c8f2f9fead0c6:host:172.234.197.23:host:177.10.235.161	SESSION-c54c8f2f9fead0c6 → host:172.234.197.23 → host:177.10.235.161
FLOW_FROM_HOSTOBS	e:from:SESSION-7172790c1950eaef:host:172.234.197.23	SESSION-7172790c1950eaef → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:95e965a44333	flow:95e965a44333 → host:177.10.237.182 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-92484e45d6e7b321:host:185.72.218.77	SESSION-92484e45d6e7b321 → host:185.72.218.77
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a9091855f21b6bb:SESSION-0a9091855f21b6bb	SESSION-0a9091855f21b6bb → pe:syn:SESSION-0a9091855f21b6bb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6353435fcd827ef1:PCAP:capture_20260428010001:b1b402c7b202	SESSION-6353435fcd827ef1 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_FROM_HOSTOBS	e:from:SESSION-3bc35cbabc9b015e:host:131.196.29.153	SESSION-3bc35cbabc9b015e → host:131.196.29.153
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-74744b11834c8470:host:172.234.197.23:host:45.173.156.52	SESSION-74744b11834c8470 → host:172.234.197.23 → host:45.173.156.52
FLOW_DST_PORTOBS	e:fp:flow:cc8259921822:port:tcp:36692	flow:cc8259921822 → port:tcp:36692
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d0657eb87257c08:host:172.232.0.17	SESSION-9d0657eb87257c08 → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-aee37cb69186d910:host:177.10.239.129	SESSION-aee37cb69186d910 → host:177.10.239.129
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f7273aea3ec9beab:SESSION-f7273aea3ec9beab	SESSION-f7273aea3ec9beab → pe:tls:SESSION-f7273aea3ec9beab
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2290de8fcf2817df:host:172.234.197.23	SESSION-2290de8fcf2817df → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-933bde1224d44bcc:SESSION-933bde1224d44bcc	SESSION-933bde1224d44bcc → pe:tls:SESSION-933bde1224d44bcc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4faf0bdb2ec15f7a:host:177.10.237.54	SESSION-4faf0bdb2ec15f7a → host:177.10.237.54
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5d486009dccd362:host:172.234.197.23	SESSION-d5d486009dccd362 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-44a5aa522f98da19:host:92.112.71.248	SESSION-44a5aa522f98da19 → host:92.112.71.248
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-306afa7fa31a1f87:SESSION-306afa7fa31a1f87	SESSION-306afa7fa31a1f87 → pe:tls:SESSION-306afa7fa31a1f87
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-139cf5bd66e27bf0:flow:3e3c230e0a15	SESSION-139cf5bd66e27bf0 → flow:3e3c230e0a15
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-52edfb1e7fe307be:SESSION-52edfb1e7fe307be	SESSION-52edfb1e7fe307be → pe:syn:SESSION-52edfb1e7fe307be
flow_observed3-aryOBS	e:fo:flow:0244848bbc8a	flow:0244848bbc8a → host:44.250.172.176 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77c4ff849445b3aa:host:172.234.197.23:host:177.10.235.172	SESSION-77c4ff849445b3aa → host:172.234.197.23 → host:177.10.235.172
FLOW_TO_HOSTOBS	e:to:SESSION-675cba805cfc6bb8:host:177.10.232.208	SESSION-675cba805cfc6bb8 → host:177.10.232.208
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c59cadc4597ab32:host:172.234.197.23	SESSION-2c59cadc4597ab32 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-087551762f1417e7:host:177.10.238.6	SESSION-087551762f1417e7 → host:177.10.238.6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b4ed0c7009b8f0d4:host:177.10.238.226:host:172.234.197.23	SESSION-b4ed0c7009b8f0d4 → host:177.10.238.226 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-01b1445b3dd1d2e4:host:172.234.197.23:host:131.196.28.44	SESSION-01b1445b3dd1d2e4 → host:172.234.197.23 → host:131.196.28.44
flow_observed4-aryOBS	e:fo:flow:3bf5d6577914	flow:3bf5d6577914 → host:95.56.227.200 → host:172.234.197.23 → port:tcp:23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-86086a72c76b1135:SESSION-86086a72c76b1135	SESSION-86086a72c76b1135 → pe:syn:SESSION-86086a72c76b1135
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-23264de44b7cb73c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-23264de44b7cb73c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6752f583f7e09519:SESSION-6752f583f7e09519	SESSION-6752f583f7e09519 → pe:tls:SESSION-6752f583f7e09519
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a5ceca64359b9f0d:SESSION-a5ceca64359b9f0d	SESSION-a5ceca64359b9f0d → pe:tls:SESSION-a5ceca64359b9f0d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30195220eb2aa3f5:host:177.10.234.27	SESSION-30195220eb2aa3f5 → host:177.10.234.27
FLOW_FROM_HOSTOBS	e:from:SESSION-2af2d979895f4943:host:172.234.197.23	SESSION-2af2d979895f4943 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ccb8c7743352cfdc:host:172.234.197.23:host:131.196.31.84	SESSION-ccb8c7743352cfdc → host:172.234.197.23 → host:131.196.31.84
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77c4b389d95f1453:host:172.234.197.23:host:131.196.31.171	SESSION-77c4b389d95f1453 → host:172.234.197.23 → host:131.196.31.171
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3c282c87f3b4a743:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-3c282c87f3b4a743 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-6e5392ca321cb1ed:host:172.234.197.23	SESSION-6e5392ca321cb1ed → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d75311b4cd1e33ff:host:131.196.28.129	SESSION-d75311b4cd1e33ff → host:131.196.28.129
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eead59d5c9e2a3d1:host:131.196.31.113:host:172.234.197.23	SESSION-eead59d5c9e2a3d1 → host:131.196.31.113 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5bfd6f31a89c294d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5bfd6f31a89c294d → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.164:asn:262880	host:177.10.238.164 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-72ea8a7fe39a298e:SESSION-72ea8a7fe39a298e	SESSION-72ea8a7fe39a298e → pe:tls:SESSION-72ea8a7fe39a298e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.127:geo_-16.28860_-49.01640	host:177.10.235.127 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.233:asn:271410	host:131.196.31.233 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afde502531c1ddca:host:45.173.156.183	SESSION-afde502531c1ddca → host:45.173.156.183
FLOW_DST_PORTOBS	e:fp:flow:9d6923eb9b16:port:tcp:443	flow:9d6923eb9b16 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-4d673ded8fa5efc5:host:177.10.237.80	SESSION-4d673ded8fa5efc5 → host:177.10.237.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e0a730d87d8b98f3:PCAP:capture_20260430060001:919b39a74464	SESSION-e0a730d87d8b98f3 → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:7a0d9894dd82	flow:7a0d9894dd82 → host:177.10.233.11 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6cc71c07f8c21dc0:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6cc71c07f8c21dc0 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-007ba64cafd5a15c:SESSION-007ba64cafd5a15c	SESSION-007ba64cafd5a15c → pe:tls:SESSION-007ba64cafd5a15c
FLOW_TO_HOSTOBS	e:to:SESSION-27c94fb85f37f774:host:172.234.197.23	SESSION-27c94fb85f37f774 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5ddc9130fa518dc:host:177.10.236.164	SESSION-b5ddc9130fa518dc → host:177.10.236.164
FLOW_DST_PORTOBS	e:fp:flow:690c407955d0:port:tcp:443	flow:690c407955d0 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6b4419d123b2f0e3:PCAP:capture_20260430110001:43611bdf6759	SESSION-6b4419d123b2f0e3 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-140a58b5ab5dfb04:host:177.10.238.112	SESSION-140a58b5ab5dfb04 → host:177.10.238.112
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f766219ab3f1d4b:host:177.10.239.203:host:172.234.197.23	SESSION-4f766219ab3f1d4b → host:177.10.239.203 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5626602f012a6e70:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5626602f012a6e70 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:1175089c845f:port:tcp:443	flow:1175089c845f → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-92922842b80104c6:flow:24a6ec1bcc46	SESSION-92922842b80104c6 → flow:24a6ec1bcc46
flow_observed5-aryOBS	e:fo:flow:8d40970d8b7f	flow:8d40970d8b7f → host:95.170.25.190 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:44f3c39a6640:port:tcp:51505	flow:44f3c39a6640 → port:tcp:51505
FLOW_FROM_HOSTOBS	e:from:SESSION-c6d8c2f7fc43f382:host:172.234.197.23	SESSION-c6d8c2f7fc43f382 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46cfffaa3fdb7f1d:host:172.232.0.16	SESSION-46cfffaa3fdb7f1d → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3fd62b1832b0e41:host:131.196.31.45	SESSION-b3fd62b1832b0e41 → host:131.196.31.45
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-845630b36dc2dead:flow:395d02a06476	SESSION-845630b36dc2dead → flow:395d02a06476
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.11:geo_-16.28860_-49.01640	host:177.10.233.11 → geo_-16.28860_-49.01640
flow_observed3-aryOBS	e:fo:flow:fc3f382b5261	flow:fc3f382b5261 → host:35.94.26.156 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d52597e88babdbe8:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d52597e88babdbe8 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a8376f0f57e00ff1:host:177.10.232.234	SESSION-a8376f0f57e00ff1 → host:177.10.232.234
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b22fbd69b6831b9:host:177.10.238.137	SESSION-0b22fbd69b6831b9 → host:177.10.238.137
FLOW_FROM_HOSTOBS	e:from:SESSION-1d90a5aaa3545c15:host:172.234.197.23	SESSION-1d90a5aaa3545c15 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e1f042a5857e:port:tcp:3737	flow:e1f042a5857e → port:tcp:3737
FLOW_FROM_HOSTOBS	e:from:SESSION-5cc5078bf4d23558:host:45.145.152.195	SESSION-5cc5078bf4d23558 → host:45.145.152.195
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2824f9b79e0fb1f1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2824f9b79e0fb1f1 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3529b49a7d38dad6:host:177.10.237.211:host:172.234.197.23	SESSION-3529b49a7d38dad6 → host:177.10.237.211 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3b27b3b8149c:port:tcp:443	flow:3b27b3b8149c → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-a84fec3b32ec885d:host:131.196.30.9	SESSION-a84fec3b32ec885d → host:131.196.30.9
flow_observed5-aryOBS	e:fo:flow:1472db5bfc99	flow:1472db5bfc99 → host:131.196.31.54 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.233:geo_-16.28860_-49.01640	host:177.10.235.233 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b42fc656319c5bfc:flow:cd4675ffc725	SESSION-b42fc656319c5bfc → flow:cd4675ffc725
FLOW_TO_HOSTOBS	e:to:SESSION-97a932b8098f01e0:host:172.234.197.23	SESSION-97a932b8098f01e0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f67ce0567774b305:SESSION-f67ce0567774b305	SESSION-f67ce0567774b305 → pe:syn:SESSION-f67ce0567774b305
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8b14f4f7e9ebbac1:SESSION-8b14f4f7e9ebbac1	SESSION-8b14f4f7e9ebbac1 → pe:tls:SESSION-8b14f4f7e9ebbac1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-669a514c7e7ceed8:host:172.234.197.23	SESSION-669a514c7e7ceed8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b57c4e647c9921c9:host:172.234.197.23	SESSION-b57c4e647c9921c9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.16:asn:262880	host:177.10.232.16 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65e7ac6f998115f7:SESSION-65e7ac6f998115f7	SESSION-65e7ac6f998115f7 → pe:tls:SESSION-65e7ac6f998115f7
flow_observed5-aryOBS	e:fo:flow:ddfb42618eb7	flow:ddfb42618eb7 → host:177.10.238.49 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ba98677b43b4662:host:177.10.237.39	SESSION-8ba98677b43b4662 → host:177.10.237.39
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d2ed4131e5585f31:SESSION-d2ed4131e5585f31	SESSION-d2ed4131e5585f31 → pe:syn:SESSION-d2ed4131e5585f31
FLOW_FROM_HOSTOBS	e:from:SESSION-dfde0f74dbe81c3a:host:131.196.28.80	SESSION-dfde0f74dbe81c3a → host:131.196.28.80
FLOW_TO_HOSTOBS	e:to:SESSION-4e548e1862e666d4:host:172.234.197.23	SESSION-4e548e1862e666d4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0b5f77768a227f3c:SESSION-0b5f77768a227f3c	SESSION-0b5f77768a227f3c → pe:syn:SESSION-0b5f77768a227f3c
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-5fd776fee1455ee3:BSG-DATA_EXFIL-93626c55d22e	SESSION-5fd776fee1455ee3 → BSG-DATA_EXFIL-93626c55d22e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3553d3f3f842e7ac:host:51.210.99.95:host:172.234.197.23	SESSION-3553d3f3f842e7ac → host:51.210.99.95 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:023af7fdc649	flow:023af7fdc649 → host:177.10.233.35 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fe8408bb8c62f3c7:flow:f859b2919391	SESSION-fe8408bb8c62f3c7 → flow:f859b2919391
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-764a731a27d64086:host:172.234.197.23	SESSION-764a731a27d64086 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3da2bdbc54650cc7:host:172.234.197.23	SESSION-3da2bdbc54650cc7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e7c834c7664f83e9:host:177.10.233.146	SESSION-e7c834c7664f83e9 → host:177.10.233.146
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fdb408b0b3dd802:host:172.234.197.23	SESSION-5fdb408b0b3dd802 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-60281e53e47bfb2b:SESSION-60281e53e47bfb2b	SESSION-60281e53e47bfb2b → pe:tls:SESSION-60281e53e47bfb2b
FLOW_TO_HOSTOBS	e:to:SESSION-b09cf74640ed889e:host:172.234.197.23	SESSION-b09cf74640ed889e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-77a13185d72dec11:host:177.10.234.156	SESSION-77a13185d72dec11 → host:177.10.234.156
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f635007151c479b8:host:177.10.239.111	SESSION-f635007151c479b8 → host:177.10.239.111
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a9df261a7287913:host:172.234.197.23	SESSION-9a9df261a7287913 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7aaaf2932de65e0e:SESSION-7aaaf2932de65e0e	SESSION-7aaaf2932de65e0e → pe:tls:SESSION-7aaaf2932de65e0e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c31bc4788e97db71:host:177.10.237.82:host:172.234.197.23	SESSION-c31bc4788e97db71 → host:177.10.237.82 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-99664d33d11b43d2:SESSION-99664d33d11b43d2	SESSION-99664d33d11b43d2 → pe:rst:SESSION-99664d33d11b43d2
FLOW_DST_PORTOBS	e:fp:flow:b67e2b1b04d4:port:tcp:55580	flow:b67e2b1b04d4 → port:tcp:55580
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf988ed4220ca0ac:SESSION-bf988ed4220ca0ac	SESSION-bf988ed4220ca0ac → pe:tls:SESSION-bf988ed4220ca0ac
flow_observed3-aryOBS	e:fo:flow:4836147166e2	flow:4836147166e2 → host:16.60.246.31 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-35834184401bcda8:host:54.184.232.115:host:172.234.197.23	SESSION-35834184401bcda8 → host:54.184.232.115 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-af315627d236ddd5:host:177.10.232.73	SESSION-af315627d236ddd5 → host:177.10.232.73
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-122a5b909d033cbb:host:172.234.197.23	SESSION-122a5b909d033cbb → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5a277796632a248:SESSION-b5a277796632a248	SESSION-b5a277796632a248 → pe:tls:SESSION-b5a277796632a248
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bea10d62e606d6ea:host:45.173.156.231	SESSION-bea10d62e606d6ea → host:45.173.156.231
FLOW_FROM_HOSTOBS	e:from:SESSION-b3b2d33602e817e1:host:172.234.197.23	SESSION-b3b2d33602e817e1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4ba070ea29625f6c:host:172.234.197.23	SESSION-4ba070ea29625f6c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-373bf424772e8fef:host:172.234.197.23	SESSION-373bf424772e8fef → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aec01d0deaddfc4b:host:131.196.29.114:host:172.234.197.23	SESSION-aec01d0deaddfc4b → host:131.196.29.114 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-711f533390ef220f:flow:f9c9bf4165c6	SESSION-711f533390ef220f → flow:f9c9bf4165c6
FLOW_FROM_HOSTOBS	e:from:SESSION-d0ac7328414c6be9:host:177.10.234.218	SESSION-d0ac7328414c6be9 → host:177.10.234.218
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e4d63ce34019de3:SESSION-4e4d63ce34019de3	SESSION-4e4d63ce34019de3 → pe:tls:SESSION-4e4d63ce34019de3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-396a4dd85675ad96:SESSION-396a4dd85675ad96	SESSION-396a4dd85675ad96 → pe:tls:SESSION-396a4dd85675ad96
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-463ebb9b343c8b6a:SESSION-463ebb9b343c8b6a	SESSION-463ebb9b343c8b6a → pe:tls:SESSION-463ebb9b343c8b6a
FLOW_TO_HOSTOBS	e:to:SESSION-0481c3a1b2d7b867:host:172.234.197.23	SESSION-0481c3a1b2d7b867 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.247:geo_41.02140_28.99480	host:31.40.196.247 → geo_41.02140_28.99480
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bb5021014b7af5cb:SESSION-bb5021014b7af5cb	SESSION-bb5021014b7af5cb → pe:syn:SESSION-bb5021014b7af5cb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-312b2e72c1d2a2ee:host:172.234.197.23	SESSION-312b2e72c1d2a2ee → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:98.130.128.246:asn:16509	host:98.130.128.246 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ca00666a1b5cdae:SESSION-1ca00666a1b5cdae	SESSION-1ca00666a1b5cdae → pe:syn:SESSION-1ca00666a1b5cdae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cad98c39a19fe348:SESSION-cad98c39a19fe348	SESSION-cad98c39a19fe348 → pe:syn:SESSION-cad98c39a19fe348
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.28:asn:271410	host:131.196.28.28 → asn:271410
ASN_IN_ORGOBS 80%	e:ao:asn:6167:org:Verizon Business	asn:6167 → org:Verizon Business
flow_observed5-aryOBS	e:fo:flow:a0c382eb3c90	flow:a0c382eb3c90 → host:177.10.232.213 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66a529d98727e997:host:172.234.197.23	SESSION-66a529d98727e997 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-136356e88c69bcaa:flow:dac34675aa7c	SESSION-136356e88c69bcaa → flow:dac34675aa7c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b048d8915129480a:host:172.234.197.23	SESSION-b048d8915129480a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2fe6f9cc04fc	flow:2fe6f9cc04fc → host:45.173.156.247 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27f33a2015337a96:host:131.196.28.137	SESSION-27f33a2015337a96 → host:131.196.28.137
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f852deb0b74344a0:host:177.10.236.134	SESSION-f852deb0b74344a0 → host:177.10.236.134
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ff369745433a15b5:SESSION-ff369745433a15b5	SESSION-ff369745433a15b5 → pe:syn:SESSION-ff369745433a15b5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8a57b2200e62e75:flow:97e08a6b4ec8	SESSION-c8a57b2200e62e75 → flow:97e08a6b4ec8
FLOW_TO_HOSTOBS	e:to:SESSION-0d74f533686cf043:host:177.10.238.46	SESSION-0d74f533686cf043 → host:177.10.238.46
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.88:asn:271410	host:131.196.28.88 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65fda4a5b580780a:PCAP:capture_20260430090001:065659c7d314	SESSION-65fda4a5b580780a → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-25e11e259146e3a2:host:172.234.197.23	SESSION-25e11e259146e3a2 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:34.220.91.24:geo_45.84010_-119.70500	host:34.220.91.24 → geo_45.84010_-119.70500
FLOW_DST_PORTOBS	e:fp:flow:d99324379975:port:tcp:50342	flow:d99324379975 → port:tcp:50342
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f4bcb88049ff8a93:flow:674ef1c9281e	SESSION-f4bcb88049ff8a93 → flow:674ef1c9281e
FLOW_TO_HOSTOBS	e:to:SESSION-fce80bc522afcc8b:host:172.234.197.23	SESSION-fce80bc522afcc8b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9166f313177f7326:SESSION-9166f313177f7326	SESSION-9166f313177f7326 → pe:syn:SESSION-9166f313177f7326
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:154.85.87.65:geo_-4.58330_55.66670	host:154.85.87.65 → geo_-4.58330_55.66670
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0ba40ec67b0f6097:flow:eafb10903b19	SESSION-0ba40ec67b0f6097 → flow:eafb10903b19
FLOW_DST_PORTOBS	e:fp:flow:f5ed40a9f1fb:port:tcp:443	flow:f5ed40a9f1fb → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-f2aa671fdac09172:host:131.196.28.40	SESSION-f2aa671fdac09172 → host:131.196.28.40
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-02cad694702cb9f1:SESSION-02cad694702cb9f1	SESSION-02cad694702cb9f1 → pe:tls:SESSION-02cad694702cb9f1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-86b498cacf4afadd:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-86b498cacf4afadd → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c14806e741c4fd98:host:172.234.197.23	SESSION-c14806e741c4fd98 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.174:asn:271410	host:131.196.31.174 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.145:geo_-16.28860_-49.01640	host:177.10.233.145 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa09fbb5e640ff94:flow:8c301b45be25	SESSION-aa09fbb5e640ff94 → flow:8c301b45be25
FLOW_TO_HOSTOBS	e:to:SESSION-b1cf957f4a121d77:host:131.196.31.6	SESSION-b1cf957f4a121d77 → host:131.196.31.6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-46cfffaa3fdb7f1d:SESSION-46cfffaa3fdb7f1d	SESSION-46cfffaa3fdb7f1d → pe:dns:SESSION-46cfffaa3fdb7f1d
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.70:asn:271410	host:131.196.30.70 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dba7d64f7032fffd:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-dba7d64f7032fffd → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7926734d1890078a:host:172.234.197.23	SESSION-7926734d1890078a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb59d1b27c368873:SESSION-cb59d1b27c368873	SESSION-cb59d1b27c368873 → pe:tls:SESSION-cb59d1b27c368873
FLOW_FROM_HOSTOBS	e:from:SESSION-a8eb3ecb5c5b32a8:host:172.234.197.23	SESSION-a8eb3ecb5c5b32a8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4b6b757282734812:host:172.234.197.23	SESSION-4b6b757282734812 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-88d03f5c2bc073a8:flow:8228d3bdb62e	SESSION-88d03f5c2bc073a8 → flow:8228d3bdb62e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-caaa6bcaac59e7b9:SESSION-caaa6bcaac59e7b9	SESSION-caaa6bcaac59e7b9 → pe:syn:SESSION-caaa6bcaac59e7b9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.71:geo_-23.62930_-46.63510	host:131.196.30.71 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-78d87c88323785f9:host:177.10.235.169	SESSION-78d87c88323785f9 → host:177.10.235.169
FLOW_TO_HOSTOBS	e:to:SESSION-cb0638f1774736d1:host:172.234.197.23	SESSION-cb0638f1774736d1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9466ee8fbea2465:host:131.196.28.7	SESSION-d9466ee8fbea2465 → host:131.196.28.7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8fcd4a12026b870e:host:172.234.197.23	SESSION-8fcd4a12026b870e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aaf7ce37564a0317:flow:86566d19d59b	SESSION-aaf7ce37564a0317 → flow:86566d19d59b
FLOW_DST_PORTOBS	e:fp:flow:ffef85aaa386:port:tcp:443	flow:ffef85aaa386 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-f59e3038c71b15e1:host:172.234.197.23	SESSION-f59e3038c71b15e1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.228:geo_-23.62930_-46.63510	host:131.196.29.228 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4b0821df7b169e6a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4b0821df7b169e6a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-488c9c462e491ad2:host:177.10.232.100:host:172.234.197.23	SESSION-488c9c462e491ad2 → host:177.10.232.100 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e48a8daff67bbc71:host:172.234.197.23	SESSION-e48a8daff67bbc71 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-feb7243d21c3bd2d:SESSION-feb7243d21c3bd2d	SESSION-feb7243d21c3bd2d → pe:tls:SESSION-feb7243d21c3bd2d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.130:geo_-23.62930_-46.63510	host:131.196.29.130 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b43557542c64d676:host:45.173.156.207	SESSION-b43557542c64d676 → host:45.173.156.207
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.239:geo_-16.28860_-49.01640	host:177.10.233.239 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:577fe2c1120d	flow:577fe2c1120d → host:177.10.232.184 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.251:asn:262880	host:177.10.238.251 → asn:262880
flow_observed4-aryOBS	e:fo:flow:e7c206687d07	flow:e7c206687d07 → host:172.234.197.23 → host:177.10.239.15 → port:tcp:63797
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4cc664d616fce9d7:SESSION-4cc664d616fce9d7	SESSION-4cc664d616fce9d7 → pe:tls:SESSION-4cc664d616fce9d7
FLOW_TO_HOSTOBS	e:to:SESSION-0fe99f41b36441fa:host:172.234.197.23	SESSION-0fe99f41b36441fa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f709c3d74e04443c:host:172.234.197.23	SESSION-f709c3d74e04443c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2dd1a49fa9f1084b:host:177.10.232.229	SESSION-2dd1a49fa9f1084b → host:177.10.232.229
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f78268addd9f6ca3:SESSION-f78268addd9f6ca3	SESSION-f78268addd9f6ca3 → pe:syn:SESSION-f78268addd9f6ca3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d2ed4131e5585f31:flow:fe4d1ca292f6	SESSION-d2ed4131e5585f31 → flow:fe4d1ca292f6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a0605f48b345a3ed:host:177.10.235.81:host:172.234.197.23	SESSION-a0605f48b345a3ed → host:177.10.235.81 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-206c176870c7b9f2:flow:b27d5d007118	SESSION-206c176870c7b9f2 → flow:b27d5d007118
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-791eac8e49df4e5d:SESSION-791eac8e49df4e5d	SESSION-791eac8e49df4e5d → pe:tls:SESSION-791eac8e49df4e5d
FLOW_TO_HOSTOBS	e:to:SESSION-ff4eb64228a8af88:host:172.234.197.23	SESSION-ff4eb64228a8af88 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a4200861230ead3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0a4200861230ead3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3cdf0b404a4678c5:SESSION-3cdf0b404a4678c5	SESSION-3cdf0b404a4678c5 → pe:tls:SESSION-3cdf0b404a4678c5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3cc71da406a2797a:host:45.145.152.188:host:172.234.197.23	SESSION-3cc71da406a2797a → host:45.145.152.188 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-660cb7ef624de29d:PCAP:capture_20260430150001:ded20914761d	SESSION-660cb7ef624de29d → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c93e86640e8945ad:host:177.10.234.62	SESSION-c93e86640e8945ad → host:177.10.234.62
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-32ae480396f4c201:SESSION-32ae480396f4c201	SESSION-32ae480396f4c201 → pe:syn:SESSION-32ae480396f4c201
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f228c5492216a597:host:177.10.236.120	SESSION-f228c5492216a597 → host:177.10.236.120
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-829966970db58135:SESSION-829966970db58135	SESSION-829966970db58135 → pe:syn:SESSION-829966970db58135
flow_observed5-aryOBS	e:fo:flow:6b2b23d4f6b2	flow:6b2b23d4f6b2 → host:177.10.239.11 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afbbd778f47cc6c1:host:172.234.197.23	SESSION-afbbd778f47cc6c1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3526e42e615eba29:host:172.234.197.23	SESSION-3526e42e615eba29 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.155:geo_-16.28860_-49.01640	host:177.10.239.155 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:1ed341656f40	flow:1ed341656f40 → host:131.196.31.14 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:b2bdb96a74f9:port:tcp:443	flow:b2bdb96a74f9 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.60:geo_-16.28860_-49.01640	host:177.10.238.60 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c3957034b2fd24e8:flow:a1fc2ffae35a	SESSION-c3957034b2fd24e8 → flow:a1fc2ffae35a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a8bea4194d810df:host:172.234.197.23	SESSION-7a8bea4194d810df → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ee2f1f025d37aa07:host:172.234.197.23	SESSION-ee2f1f025d37aa07 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f6ab7360966186b9:host:177.10.237.35	SESSION-f6ab7360966186b9 → host:177.10.237.35
FLOW_DST_PORTOBS	e:fp:flow:9136a00be2e6:port:tcp:443	flow:9136a00be2e6 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a7cfd4f435147ff3:host:172.234.197.23:host:177.10.236.236	SESSION-a7cfd4f435147ff3 → host:172.234.197.23 → host:177.10.236.236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-724515316ace62dc:SESSION-724515316ace62dc	SESSION-724515316ace62dc → pe:syn:SESSION-724515316ace62dc
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.41:asn:271410	host:131.196.29.41 → asn:271410
flow_observed5-aryOBS	e:fo:flow:0df80c061ea1	flow:0df80c061ea1 → host:177.10.233.35 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5f8d7516bed96e97:host:177.10.239.97:host:172.234.197.23	SESSION-5f8d7516bed96e97 → host:177.10.239.97 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.135:asn:262880	host:177.10.239.135 → asn:262880
flow_observed4-aryOBS	e:fo:flow:b5ea336c0629	flow:b5ea336c0629 → host:172.234.197.23 → host:45.173.156.68 → port:tcp:64973
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.124:geo_-23.62930_-46.63510	host:131.196.31.124 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78b6e298ccb2dbce:host:172.234.197.23	SESSION-78b6e298ccb2dbce → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d99d46a236a5e045:SESSION-d99d46a236a5e045	SESSION-d99d46a236a5e045 → pe:tls:SESSION-d99d46a236a5e045
FLOW_FROM_HOSTOBS	e:from:SESSION-7a24ae76392ce429:host:131.196.29.237	SESSION-7a24ae76392ce429 → host:131.196.29.237
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fe2a9708180e5d71:SESSION-fe2a9708180e5d71	SESSION-fe2a9708180e5d71 → pe:tls:SESSION-fe2a9708180e5d71
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee5756ac65b5ed68:host:172.234.197.23	SESSION-ee5756ac65b5ed68 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f307fcf20a41b5a0:flow:51886dfe4b68	SESSION-f307fcf20a41b5a0 → flow:51886dfe4b68
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-587cecb9c2d65d84:PCAP:capture_20260430060001:919b39a74464	SESSION-587cecb9c2d65d84 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-4cb8ade3138db412:host:172.234.197.23	SESSION-4cb8ade3138db412 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.156:geo_41.00190_28.96450	host:95.170.25.156 → geo_41.00190_28.96450
flow_observed5-aryOBS	e:fo:flow:1b86cb8b1911	flow:1b86cb8b1911 → host:177.10.235.205 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9875f767bae73b8:host:172.234.197.23	SESSION-b9875f767bae73b8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8f16f611b98ecbfd:host:172.234.197.23	SESSION-8f16f611b98ecbfd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f3616b79a24490a3:flow:e0ba91dac47f	SESSION-f3616b79a24490a3 → flow:e0ba91dac47f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b836173867007d89:SESSION-b836173867007d89	SESSION-b836173867007d89 → pe:tls:SESSION-b836173867007d89
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65d181126b4cfd8f:host:172.234.197.23	SESSION-65d181126b4cfd8f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d3f8bf2b05f7ab82:host:131.196.28.42	SESSION-d3f8bf2b05f7ab82 → host:131.196.28.42
FLOW_FROM_HOSTOBS	e:from:SESSION-16a7442acd9adfae:host:177.10.239.94	SESSION-16a7442acd9adfae → host:177.10.239.94
flow_observed5-aryOBS	e:fo:flow:4f707b2e8a9b	flow:4f707b2e8a9b → host:177.10.239.204 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6511e777b0d792c1:SESSION-6511e777b0d792c1	SESSION-6511e777b0d792c1 → pe:tls:SESSION-6511e777b0d792c1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4fa0ca2c10982c45:SESSION-4fa0ca2c10982c45	SESSION-4fa0ca2c10982c45 → pe:tls:SESSION-4fa0ca2c10982c45
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b2d512f3efc35f9:host:172.234.197.23	SESSION-0b2d512f3efc35f9 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ce9e994e23f8:port:tcp:443	flow:ce9e994e23f8 → port:tcp:443
PORT_IMPLIED_SERVICEIMP 70%	e:ps:port:tcp:80:svc:http	port:tcp:80 → svc:http
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ee14fe05044df9df:host:177.10.239.39:host:172.234.197.23	SESSION-ee14fe05044df9df → host:177.10.239.39 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3d135e2bdea1:port:tcp:443	flow:3d135e2bdea1 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-38739a517334cf5a:host:177.10.238.195	SESSION-38739a517334cf5a → host:177.10.238.195
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a75b8c86281e6b7:host:172.234.197.23	SESSION-5a75b8c86281e6b7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9729058a0ea02937:host:172.234.197.23	SESSION-9729058a0ea02937 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8958b8d9cf24f177:flow:3b27b3b8149c	SESSION-8958b8d9cf24f177 → flow:3b27b3b8149c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc399ebe92ddbae6:host:45.173.156.211:host:172.234.197.23	SESSION-cc399ebe92ddbae6 → host:45.173.156.211 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-acada2cd7035c790:host:177.10.232.212:host:172.234.197.23	SESSION-acada2cd7035c790 → host:177.10.232.212 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-469f9efa6316e344:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-469f9efa6316e344 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:66dbc4502796:port:tcp:62386	flow:66dbc4502796 → port:tcp:62386
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1d0453327d6800ed:SESSION-1d0453327d6800ed	SESSION-1d0453327d6800ed → pe:tls:SESSION-1d0453327d6800ed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-364411d92a5a41bf:host:45.173.156.225	SESSION-364411d92a5a41bf → host:45.173.156.225
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-46082ee63fe36bdf:SESSION-46082ee63fe36bdf	SESSION-46082ee63fe36bdf → pe:syn:SESSION-46082ee63fe36bdf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-da61b01cc679b249:SESSION-da61b01cc679b249	SESSION-da61b01cc679b249 → pe:tls:SESSION-da61b01cc679b249
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51bab49b2715dbc9:flow:2b86be5c97f9	SESSION-51bab49b2715dbc9 → flow:2b86be5c97f9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-59aca44477f61d35:SESSION-59aca44477f61d35	SESSION-59aca44477f61d35 → pe:tls:SESSION-59aca44477f61d35
FLOW_FROM_HOSTOBS	e:from:SESSION-6631f08e8c06a9b6:host:177.10.232.253	SESSION-6631f08e8c06a9b6 → host:177.10.232.253
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a137096eda6236d7:host:172.234.197.23	SESSION-a137096eda6236d7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09e72a02b44d9649:host:172.234.197.23	SESSION-09e72a02b44d9649 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4d3ca4dbaf4c9647:host:51.161.119.157	SESSION-4d3ca4dbaf4c9647 → host:51.161.119.157
flow_observed4-aryOBS	e:fo:flow:ca00d71cbdd7	flow:ca00d71cbdd7 → host:172.234.197.23 → host:177.10.238.186 → port:tcp:42339
FLOW_DST_PORTOBS	e:fp:flow:f3f7c601b898:port:tcp:36197	flow:f3f7c601b898 → port:tcp:36197
FLOW_TO_HOSTOBS	e:to:SESSION-760c61036eedf2e4:host:172.234.197.23	SESSION-760c61036eedf2e4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-718be43f3a8e9f39:host:131.196.29.232:host:172.234.197.23	SESSION-718be43f3a8e9f39 → host:131.196.29.232 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.119:geo_41.02140_28.99480	host:31.40.196.119 → geo_41.02140_28.99480
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8be5aa373d930e54:host:172.234.197.23	SESSION-8be5aa373d930e54 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:18b95de0c94f	flow:18b95de0c94f → host:172.234.197.23 → host:131.196.31.105 → port:tcp:18835
FLOW_TO_HOSTOBS	e:to:SESSION-3e54eb0866acbe21:host:177.10.237.29	SESSION-3e54eb0866acbe21 → host:177.10.237.29
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6d83a9aba23a117e:SESSION-6d83a9aba23a117e	SESSION-6d83a9aba23a117e → pe:tls:SESSION-6d83a9aba23a117e
FLOW_TO_HOSTOBS	e:to:SESSION-5d1f774a6af2df76:host:172.234.197.23	SESSION-5d1f774a6af2df76 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-030a81db4532bd3a:PCAP:capture_20260430060001:919b39a74464	SESSION-030a81db4532bd3a → PCAP:capture_20260430060001:919b39a74464
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.230:geo_-16.28860_-49.01640	host:177.10.236.230 → geo_-16.28860_-49.01640
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-6b4419d123b2f0e3:BSG-BEACON-9f226d1d4d6f	SESSION-6b4419d123b2f0e3 → BSG-BEACON-9f226d1d4d6f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89e4df8c6f209b00:host:45.173.156.10	SESSION-89e4df8c6f209b00 → host:45.173.156.10
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.151:asn:271410	host:131.196.31.151 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14d517e62aef6020:host:37.221.79.128	SESSION-14d517e62aef6020 → host:37.221.79.128
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2bdd821ab6e9acc:host:91.240.224.238	SESSION-c2bdd821ab6e9acc → host:91.240.224.238
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c382f6b8063de44f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c382f6b8063de44f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ba96028c0d9bf0a3:host:172.234.197.23	SESSION-ba96028c0d9bf0a3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9ea69d35daebb9b8:host:172.234.197.23	SESSION-9ea69d35daebb9b8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e9e9835a2b91f231:host:172.234.197.23:host:177.10.239.69	SESSION-e9e9835a2b91f231 → host:172.234.197.23 → host:177.10.239.69
FLOW_FROM_HOSTOBS	e:from:SESSION-fe1d6d23886f083a:host:131.196.31.141	SESSION-fe1d6d23886f083a → host:131.196.31.141
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a304c3ca72ee3e7:host:177.10.234.214	SESSION-6a304c3ca72ee3e7 → host:177.10.234.214
FLOW_TO_HOSTOBS	e:to:SESSION-4e806a1e4171599f:host:172.234.197.23	SESSION-4e806a1e4171599f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f5958a673e968588:host:172.234.197.23	SESSION-f5958a673e968588 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5c24af053222fbf1:host:172.234.197.23	SESSION-5c24af053222fbf1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-17dd55091d27669a:host:172.232.0.16	SESSION-17dd55091d27669a → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9d9c8489868c7191:SESSION-9d9c8489868c7191	SESSION-9d9c8489868c7191 → pe:tls:SESSION-9d9c8489868c7191
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d1ec6b7d17caa72c:SESSION-d1ec6b7d17caa72c	SESSION-d1ec6b7d17caa72c → pe:tls:SESSION-d1ec6b7d17caa72c
flow_observed4-aryOBS	e:fo:flow:60f887dc148d	flow:60f887dc148d → host:172.234.197.23 → host:177.10.234.22 → port:tcp:292
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-59417938792198bf:host:172.234.197.23:host:177.10.235.179	SESSION-59417938792198bf → host:172.234.197.23 → host:177.10.235.179
FLOW_FROM_HOSTOBS	e:from:SESSION-4a1570467d4c9a43:host:172.234.197.23	SESSION-4a1570467d4c9a43 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f2c00c77bcbb5602:SESSION-f2c00c77bcbb5602	SESSION-f2c00c77bcbb5602 → pe:tls:SESSION-f2c00c77bcbb5602
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.96:asn:271410	host:131.196.29.96 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-db8bd5551afdaf6c:host:172.234.197.23	SESSION-db8bd5551afdaf6c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a96ffc9fa12c0c5a:SESSION-a96ffc9fa12c0c5a	SESSION-a96ffc9fa12c0c5a → pe:syn:SESSION-a96ffc9fa12c0c5a
FLOW_TO_HOSTOBS	e:to:SESSION-6104696c1212e0a0:host:172.234.197.23	SESSION-6104696c1212e0a0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-383c10f8cce4ec29:PCAP:capture_20260430080001:93f47cc296a4	SESSION-383c10f8cce4ec29 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b53dcb5377a03d44:host:51.21.249.220	SESSION-b53dcb5377a03d44 → host:51.21.249.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6cecd25b5e4e4c9c:SESSION-6cecd25b5e4e4c9c	SESSION-6cecd25b5e4e4c9c → pe:syn:SESSION-6cecd25b5e4e4c9c
FLOW_FROM_HOSTOBS	e:from:SESSION-ea3a69414cbbc32d:host:177.10.236.216	SESSION-ea3a69414cbbc32d → host:177.10.236.216
flow_observed5-aryOBS	e:fo:flow:855d52d5b16c	flow:855d52d5b16c → host:177.10.239.167 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-ac89834f3c269f55:host:172.234.197.23	SESSION-ac89834f3c269f55 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36d925db3c3b2591:host:172.234.197.23	SESSION-36d925db3c3b2591 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4cb8ade3138db412:flow:5282a60bb3a6	SESSION-4cb8ade3138db412 → flow:5282a60bb3a6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ec00a834c5afff3:host:177.10.235.107	SESSION-1ec00a834c5afff3 → host:177.10.235.107
flow_observed5-aryOBS	e:fo:flow:597b383bd45d	flow:597b383bd45d → host:185.231.226.253 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b50835be4d5bba16:SESSION-b50835be4d5bba16	SESSION-b50835be4d5bba16 → pe:syn:SESSION-b50835be4d5bba16
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.82:asn:262880	host:177.10.236.82 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dda196b654200873:host:172.234.197.23	SESSION-dda196b654200873 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:36dbb8569720	flow:36dbb8569720 → host:172.234.197.23 → host:131.196.29.103 → port:tcp:60022
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1328d27dd48f8a49:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-1328d27dd48f8a49 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2927944fbf9fbe3:host:131.196.30.164	SESSION-c2927944fbf9fbe3 → host:131.196.30.164
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a208e591aeac31e9:flow:8321c7f9dc7e	SESSION-a208e591aeac31e9 → flow:8321c7f9dc7e
FLOW_DST_PORTOBS	e:fp:flow:e772ab0d013d:port:tcp:46638	flow:e772ab0d013d → port:tcp:46638
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6f6577138d25ad9e:host:177.10.232.88:host:172.234.197.23	SESSION-6f6577138d25ad9e → host:177.10.232.88 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02e2db787a51689b:host:172.234.197.23	SESSION-02e2db787a51689b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:240bff1f6054	flow:240bff1f6054 → host:177.10.235.46 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-635c4a1226b6dd4e:host:172.234.197.23	SESSION-635c4a1226b6dd4e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49652bb4e1e9db35:host:31.40.196.96	SESSION-49652bb4e1e9db35 → host:31.40.196.96
FLOW_FROM_HOSTOBS	e:from:SESSION-5634ee3b30a0b6aa:host:172.234.197.23	SESSION-5634ee3b30a0b6aa → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8fbc053aa21c3a10:SESSION-8fbc053aa21c3a10	SESSION-8fbc053aa21c3a10 → pe:syn:SESSION-8fbc053aa21c3a10
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-48726e3ec935fccb:SESSION-48726e3ec935fccb	SESSION-48726e3ec935fccb → pe:rst:SESSION-48726e3ec935fccb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b6d44dc6146dcb58:SESSION-b6d44dc6146dcb58	SESSION-b6d44dc6146dcb58 → pe:tls:SESSION-b6d44dc6146dcb58
FLOW_TO_HOSTOBS	e:to:SESSION-5d4ae68a057da74d:host:177.10.233.3	SESSION-5d4ae68a057da74d → host:177.10.233.3
FLOW_FROM_HOSTOBS	e:from:SESSION-fd57eb7fcad3510c:host:172.234.197.23	SESSION-fd57eb7fcad3510c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f5c08654c75b915c:host:172.234.197.23	SESSION-f5c08654c75b915c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:07ac00663499:port:tcp:443	flow:07ac00663499 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d5ad022ad4096ce5:host:131.196.31.10:host:172.234.197.23	SESSION-d5ad022ad4096ce5 → host:131.196.31.10 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33075a11d7099c2b:host:172.234.197.23	SESSION-33075a11d7099c2b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64e6d0099998fde8:host:172.234.197.23	SESSION-64e6d0099998fde8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ff07c644ba1f:port:tcp:443	flow:ff07c644ba1f → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.145:geo_-23.62930_-46.63510	host:131.196.29.145 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-08df11bd27017e71:host:172.234.197.23:host:172.232.0.17	SESSION-08df11bd27017e71 → host:172.234.197.23 → host:172.232.0.17
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-91c3828e0c41fbe7:host:177.10.238.62:host:172.234.197.23	SESSION-91c3828e0c41fbe7 → host:177.10.238.62 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:ed68676a7b84:dns:172-234-197-23.ip.linodeusercontent.com	flow:ed68676a7b84 → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-493920f19ab5585b:host:172.234.197.23	SESSION-493920f19ab5585b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-afbbd778f47cc6c1:host:172.234.197.23:host:131.196.29.41	SESSION-afbbd778f47cc6c1 → host:172.234.197.23 → host:131.196.29.41
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9c68429e2f7bfcd9:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-9c68429e2f7bfcd9 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-380f5751cd3ba7da:host:172.234.197.23	SESSION-380f5751cd3ba7da → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8314ac7032421127:SESSION-8314ac7032421127	SESSION-8314ac7032421127 → pe:tls:SESSION-8314ac7032421127
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.243:asn:262880	host:177.10.234.243 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-637d01fb7fe8b725:SESSION-637d01fb7fe8b725	SESSION-637d01fb7fe8b725 → pe:tls:SESSION-637d01fb7fe8b725
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-658ca3f75d8ef503:host:177.10.238.102	SESSION-658ca3f75d8ef503 → host:177.10.238.102
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-734d97fdd69356a6:flow:965934c253f8	SESSION-734d97fdd69356a6 → flow:965934c253f8
FLOW_FROM_HOSTOBS	e:from:SESSION-ad62b54803b59875:host:45.173.156.85	SESSION-ad62b54803b59875 → host:45.173.156.85
FLOW_DST_PORTOBS	e:fp:flow:70ec5629793e:port:tcp:443	flow:70ec5629793e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aee37cb69186d910:host:172.234.197.23	SESSION-aee37cb69186d910 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85419ca5854a5f9c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-85419ca5854a5f9c → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c3b504551617ec2c:PCAP:capture_20260430150001:ded20914761d	SESSION-c3b504551617ec2c → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:486b55844e41:port:tcp:2396	flow:486b55844e41 → port:tcp:2396
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28a7ecee4eeacba6:host:177.10.236.92	SESSION-28a7ecee4eeacba6 → host:177.10.236.92
FLOW_TLS_SNIOBS	e:fs:flow:22c4bbf97ccb:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:22c4bbf97ccb → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3b520e491b5957c0:PCAP:capture_20260430150001:ded20914761d	SESSION-3b520e491b5957c0 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:cf7618617ae6:port:tcp:443	flow:cf7618617ae6 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-57096089299b193e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-57096089299b193e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:edbd06217f28	flow:edbd06217f28 → host:131.196.28.178 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d96211015a0fddb9:PCAP:capture_20260430060001:919b39a74464	SESSION-d96211015a0fddb9 → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6bfe68f8e20317f4:PCAP:capture_20260430090001:065659c7d314	SESSION-6bfe68f8e20317f4 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6d6666ae3e8c32da:SESSION-6d6666ae3e8c32da	SESSION-6d6666ae3e8c32da → pe:tls:SESSION-6d6666ae3e8c32da
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4f1b980e392c4795:SESSION-4f1b980e392c4795	SESSION-4f1b980e392c4795 → pe:tls:SESSION-4f1b980e392c4795
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ff331192f9cad8b9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-ff331192f9cad8b9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de7198c98f7f92ee:host:177.10.235.251	SESSION-de7198c98f7f92ee → host:177.10.235.251
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5f07a2dad0dfb354:flow:b8412c71c5ee	SESSION-5f07a2dad0dfb354 → flow:b8412c71c5ee
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74fa9a10a5811b00:host:177.10.234.22	SESSION-74fa9a10a5811b00 → host:177.10.234.22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07c97e671e348352:host:177.10.239.191	SESSION-07c97e671e348352 → host:177.10.239.191
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-79b570e2589cf059:host:172.234.197.23:host:131.196.29.90	SESSION-79b570e2589cf059 → host:172.234.197.23 → host:131.196.29.90
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ec00a834c5afff3:SESSION-1ec00a834c5afff3	SESSION-1ec00a834c5afff3 → pe:tls:SESSION-1ec00a834c5afff3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ae747b0389dd0111:host:177.10.236.187:host:172.234.197.23	SESSION-ae747b0389dd0111 → host:177.10.236.187 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-738a9f5daf478976:flow:bf4ff6240dc2	SESSION-738a9f5daf478976 → flow:bf4ff6240dc2
FLOW_DST_PORTOBS	e:fp:flow:9609b976f9f0:port:udp:53	flow:9609b976f9f0 → port:udp:53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eaa23bb51e1c2dee:SESSION-eaa23bb51e1c2dee	SESSION-eaa23bb51e1c2dee → pe:tls:SESSION-eaa23bb51e1c2dee
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb2ab3101d5e046e:flow:11b885f943ca	SESSION-cb2ab3101d5e046e → flow:11b885f943ca
FLOW_FROM_HOSTOBS	e:from:SESSION-77c36ee0b21ed6bb:host:45.173.156.244	SESSION-77c36ee0b21ed6bb → host:45.173.156.244
FLOW_TO_HOSTOBS	e:to:SESSION-e63705938a499015:host:172.234.197.23	SESSION-e63705938a499015 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a6b62b6aad076f58:host:172.234.197.23	SESSION-a6b62b6aad076f58 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4636706714da3434:host:172.234.197.23	SESSION-4636706714da3434 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c83a3382d975674:host:177.10.234.26	SESSION-6c83a3382d975674 → host:177.10.234.26
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce047c01fb54580f:host:172.234.197.23	SESSION-ce047c01fb54580f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dad6cf67ed488f0b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-dad6cf67ed488f0b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:93db33bc72fc	flow:93db33bc72fc → host:172.234.197.23 → host:177.10.237.152 → port:tcp:1748
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-74d0e7e40a4e478e:flow:c75de00edeed	SESSION-74d0e7e40a4e478e → flow:c75de00edeed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-718b3dc95b6876be:host:177.10.239.62	SESSION-718b3dc95b6876be → host:177.10.239.62
FLOW_DST_PORTOBS	e:fp:flow:d6752e166704:port:tcp:443	flow:d6752e166704 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d3f99262a1bb3592:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d3f99262a1bb3592 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4ef3ba231e3ca4d6:SESSION-4ef3ba231e3ca4d6	SESSION-4ef3ba231e3ca4d6 → pe:syn:SESSION-4ef3ba231e3ca4d6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5cf2fdb6c848ac6c:flow:11ea1a4ce4fe	SESSION-5cf2fdb6c848ac6c → flow:11ea1a4ce4fe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f4d08df9b5b22c8b:SESSION-f4d08df9b5b22c8b	SESSION-f4d08df9b5b22c8b → pe:tls:SESSION-f4d08df9b5b22c8b
FLOW_FROM_HOSTOBS	e:from:SESSION-f07097ffc1d464e5:host:172.234.197.23	SESSION-f07097ffc1d464e5 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.148:asn:271410	host:131.196.31.148 → asn:271410
flow_observed4-aryOBS	e:fo:flow:2ac545a7b329	flow:2ac545a7b329 → host:172.234.197.23 → host:177.10.236.43 → port:tcp:54365
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a38bfeac3fad0550:host:172.234.197.23:host:45.173.156.128	SESSION-a38bfeac3fad0550 → host:172.234.197.23 → host:45.173.156.128
FLOW_DST_PORTOBS	e:fp:flow:0ce76c6207ea:port:tcp:11135	flow:0ce76c6207ea → port:tcp:11135
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1b7e5e87f526ce8d:SESSION-1b7e5e87f526ce8d	SESSION-1b7e5e87f526ce8d → pe:syn:SESSION-1b7e5e87f526ce8d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dca9298136f0125a:SESSION-dca9298136f0125a	SESSION-dca9298136f0125a → pe:syn:SESSION-dca9298136f0125a
FLOW_DST_PORTOBS	e:fp:flow:33939d4aeb62:port:tcp:16597	flow:33939d4aeb62 → port:tcp:16597
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0c01d0fd13ba220b:host:177.10.239.224:host:172.234.197.23	SESSION-0c01d0fd13ba220b → host:177.10.239.224 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ef3cd86b38e13880:SESSION-ef3cd86b38e13880	SESSION-ef3cd86b38e13880 → pe:syn:SESSION-ef3cd86b38e13880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eead59d5c9e2a3d1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-eead59d5c9e2a3d1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c7239dbaec89ca2f:SESSION-c7239dbaec89ca2f	SESSION-c7239dbaec89ca2f → pe:syn:SESSION-c7239dbaec89ca2f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b65436b870ef703a:flow:664fbef0d9ab	SESSION-b65436b870ef703a → flow:664fbef0d9ab
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d6bdcd515a2308bd:flow:7294e8d9c66f	SESSION-d6bdcd515a2308bd → flow:7294e8d9c66f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c3fa9d5496b14fae:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c3fa9d5496b14fae → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-5bf52bbf16270a2a:host:172.234.197.23	SESSION-5bf52bbf16270a2a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1848195311cbff19:host:177.10.235.111	SESSION-1848195311cbff19 → host:177.10.235.111
FLOW_TO_HOSTOBS	e:to:SESSION-f7287a957cb5e0d9:host:177.10.239.184	SESSION-f7287a957cb5e0d9 → host:177.10.239.184
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5397b2a7490ae0fb:SESSION-5397b2a7490ae0fb	SESSION-5397b2a7490ae0fb → pe:tls:SESSION-5397b2a7490ae0fb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f2a0bf61df119bc4:SESSION-f2a0bf61df119bc4	SESSION-f2a0bf61df119bc4 → pe:syn:SESSION-f2a0bf61df119bc4
FLOW_FROM_HOSTOBS	e:from:SESSION-3ea330cf59d2a2f8:host:177.10.237.218	SESSION-3ea330cf59d2a2f8 → host:177.10.237.218
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a60794a5b314271e:PCAP:capture_20260430070001:903a0e7a436b	SESSION-a60794a5b314271e → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c49f5291ee3911b4:host:131.196.28.230	SESSION-c49f5291ee3911b4 → host:131.196.28.230
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-72cd504b232e316e:host:131.196.30.184:host:172.234.197.23	SESSION-72cd504b232e316e → host:131.196.30.184 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-006e3a8766fa0c7d:host:172.234.197.23:host:177.10.239.139	SESSION-006e3a8766fa0c7d → host:172.234.197.23 → host:177.10.239.139
flow_observed5-aryOBS	e:fo:flow:c30aca3eb872	flow:c30aca3eb872 → host:177.10.235.196 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d47b6311855994f0:host:172.234.197.23	SESSION-d47b6311855994f0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0586166ee52acb1f:host:52.81.225.63	SESSION-0586166ee52acb1f → host:52.81.225.63
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ce29096c932e7f50:SESSION-ce29096c932e7f50	SESSION-ce29096c932e7f50 → pe:syn:SESSION-ce29096c932e7f50
FLOW_FROM_HOSTOBS	e:from:SESSION-0a498324f9fce7e9:host:177.10.239.11	SESSION-0a498324f9fce7e9 → host:177.10.239.11
FLOW_DST_PORTOBS	e:fp:flow:b157c7895367:port:tcp:443	flow:b157c7895367 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e3ca473e8fbcab1:host:172.234.197.23	SESSION-4e3ca473e8fbcab1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6a5d8002765cb7d3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6a5d8002765cb7d3 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dc755b03d1f3f489:SESSION-dc755b03d1f3f489	SESSION-dc755b03d1f3f489 → pe:tls:SESSION-dc755b03d1f3f489
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0c0cdf691d2bdc12:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0c0cdf691d2bdc12 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c9d4e1b0711d4507:SESSION-c9d4e1b0711d4507	SESSION-c9d4e1b0711d4507 → pe:syn:SESSION-c9d4e1b0711d4507
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.192:asn:271410	host:131.196.30.192 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.70:geo_-21.10010_-41.69200	host:45.173.156.70 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ea2b78fffe48f844:flow:96a000e25c40	SESSION-ea2b78fffe48f844 → flow:96a000e25c40
flow_observed5-aryOBS	e:fo:flow:eeedb1395fff	flow:eeedb1395fff → host:45.173.156.76 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.90:geo_-23.62930_-46.63510	host:131.196.31.90 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-36abdcc0889b5aa2:host:172.234.197.23:host:177.10.237.220	SESSION-36abdcc0889b5aa2 → host:172.234.197.23 → host:177.10.237.220
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9335dee651513692:host:177.10.232.207	SESSION-9335dee651513692 → host:177.10.232.207
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-cc55eac4fb6ef554:SESSION-cc55eac4fb6ef554	SESSION-cc55eac4fb6ef554 → pe:rst:SESSION-cc55eac4fb6ef554
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aab54ece2b0af0b4:PCAP:capture_20260430060001:919b39a74464	SESSION-aab54ece2b0af0b4 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0fa0595b0c8a6ef6:SESSION-0fa0595b0c8a6ef6	SESSION-0fa0595b0c8a6ef6 → pe:tls:SESSION-0fa0595b0c8a6ef6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b3b10ff846570e8:flow:64b15b4effe4	SESSION-5b3b10ff846570e8 → flow:64b15b4effe4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-59a63fae51b24a38:host:131.196.31.46:host:172.234.197.23	SESSION-59a63fae51b24a38 → host:131.196.31.46 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-202b4507c8c6a688:host:177.10.234.57	SESSION-202b4507c8c6a688 → host:177.10.234.57
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-34efc230578c0ec6:BSG-DATA_EXFIL-0b332a4e10b0	SESSION-34efc230578c0ec6 → BSG-DATA_EXFIL-0b332a4e10b0
FLOW_TO_HOSTOBS	e:to:SESSION-7140a8719778d6c0:host:177.10.236.57	SESSION-7140a8719778d6c0 → host:177.10.236.57
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b43557542c64d676:SESSION-b43557542c64d676	SESSION-b43557542c64d676 → pe:syn:SESSION-b43557542c64d676
flow_observed5-aryOBS	e:fo:flow:4ac0de8d3459	flow:4ac0de8d3459 → host:177.10.239.250 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.60:asn:262880	host:177.10.236.60 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.176:asn:203771	host:92.112.71.176 → asn:203771
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-537461a77052bb13:host:92.112.71.219:host:172.234.197.23	SESSION-537461a77052bb13 → host:92.112.71.219 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.82:geo_-16.28860_-49.01640	host:177.10.237.82 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8293f5a95baa645a:SESSION-8293f5a95baa645a	SESSION-8293f5a95baa645a → pe:syn:SESSION-8293f5a95baa645a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad4db4cca9d566af:host:177.10.235.233	SESSION-ad4db4cca9d566af → host:177.10.235.233
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0af0d5d1b3f6259:SESSION-c0af0d5d1b3f6259	SESSION-c0af0d5d1b3f6259 → pe:tls:SESSION-c0af0d5d1b3f6259
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-35fc4de775269620:SESSION-35fc4de775269620	SESSION-35fc4de775269620 → pe:syn:SESSION-35fc4de775269620
flow_observed5-aryOBS	e:fo:flow:ed638ee6cce6	flow:ed638ee6cce6 → host:131.196.31.100 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8383343898074aaa:PCAP:capture_20260430080001:93f47cc296a4	SESSION-8383343898074aaa → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-6492f21e062d19aa:host:131.196.28.168	SESSION-6492f21e062d19aa → host:131.196.28.168
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-91c14db05e009245:host:45.173.156.153	SESSION-91c14db05e009245 → host:45.173.156.153
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77661c4fb07edf10:host:131.196.31.146	SESSION-77661c4fb07edf10 → host:131.196.31.146
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4b859feadb239919:flow:6e9481ef537b	SESSION-4b859feadb239919 → flow:6e9481ef537b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f0daf10b890c2667:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f0daf10b890c2667 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2f93cb0de4645e47:SESSION-2f93cb0de4645e47	SESSION-2f93cb0de4645e47 → pe:syn:SESSION-2f93cb0de4645e47
FLOW_FROM_HOSTOBS	e:from:SESSION-02cfffe2a1cdb1f3:host:177.10.234.84	SESSION-02cfffe2a1cdb1f3 → host:177.10.234.84
FLOW_FROM_HOSTOBS	e:from:SESSION-cddf604912330e1b:host:45.173.156.76	SESSION-cddf604912330e1b → host:45.173.156.76
flow_observed5-aryOBS	e:fo:flow:34516a1d625a	flow:34516a1d625a → host:131.196.31.113 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eed6a9b72737e44d:SESSION-eed6a9b72737e44d	SESSION-eed6a9b72737e44d → pe:syn:SESSION-eed6a9b72737e44d
FLOW_DST_PORTOBS	e:fp:flow:0d841c385d57:port:tcp:4711	flow:0d841c385d57 → port:tcp:4711
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a24a5811642df328:host:172.234.197.23:host:177.10.232.178	SESSION-a24a5811642df328 → host:172.234.197.23 → host:177.10.232.178
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.63:geo_-16.28860_-49.01640	host:177.10.232.63 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-0d59ff2f2672e21c:host:172.234.197.23	SESSION-0d59ff2f2672e21c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-77661c4fb07edf10:host:131.196.31.146	SESSION-77661c4fb07edf10 → host:131.196.31.146
FLOW_FROM_HOSTOBS	e:from:SESSION-0ffcc2d542e7be59:host:177.10.237.5	SESSION-0ffcc2d542e7be59 → host:177.10.237.5
FLOW_DST_PORTOBS	e:fp:flow:afd09763fa29:port:tcp:443	flow:afd09763fa29 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:abef35df2d70	flow:abef35df2d70 → host:177.10.236.220 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:16.112.8.242:geo_17.38430_78.45830	host:16.112.8.242 → geo_17.38430_78.45830
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ed610f5ec8b698f6:host:177.10.236.234:host:172.234.197.23	SESSION-ed610f5ec8b698f6 → host:177.10.236.234 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.157:geo_-16.28860_-49.01640	host:177.10.236.157 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f57ffeba62df89fa:SESSION-f57ffeba62df89fa	SESSION-f57ffeba62df89fa → pe:syn:SESSION-f57ffeba62df89fa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2c59cadc4597ab32:SESSION-2c59cadc4597ab32	SESSION-2c59cadc4597ab32 → pe:tls:SESSION-2c59cadc4597ab32
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1f059fe4a40805f2:SESSION-1f059fe4a40805f2	SESSION-1f059fe4a40805f2 → pe:tls:SESSION-1f059fe4a40805f2
flow_observed4-aryOBS	e:fo:flow:a73174a7c572	flow:a73174a7c572 → host:172.234.197.23 → host:131.196.28.38 → port:tcp:16787
FLOW_FROM_HOSTOBS	e:from:SESSION-2ba1cfcea34ace70:host:177.10.239.244	SESSION-2ba1cfcea34ace70 → host:177.10.239.244
FLOW_FROM_HOSTOBS	e:from:SESSION-6585a8f099e9e465:host:131.196.31.199	SESSION-6585a8f099e9e465 → host:131.196.31.199
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0bf80193393b0fad:flow:e3888ae19e03	SESSION-0bf80193393b0fad → flow:e3888ae19e03
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3bb54d95c2cdaff:host:177.10.234.224	SESSION-a3bb54d95c2cdaff → host:177.10.234.224
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35ad9f030d1e8e6d:host:45.173.156.219	SESSION-35ad9f030d1e8e6d → host:45.173.156.219
FLOW_DST_PORTOBS	e:fp:flow:cbaae6c0a7f8:port:tcp:57952	flow:cbaae6c0a7f8 → port:tcp:57952
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e7f6e07782bad0e:host:45.173.156.99	SESSION-5e7f6e07782bad0e → host:45.173.156.99
FLOW_TO_HOSTOBS	e:to:SESSION-6054bbc1a24cbf34:host:172.234.197.23	SESSION-6054bbc1a24cbf34 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7f0eceff083c:port:tcp:1648	flow:7f0eceff083c → port:tcp:1648
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c89027ab2a1ddeda:host:51.224.144.61	SESSION-c89027ab2a1ddeda → host:51.224.144.61
flow_observed4-aryOBS	e:fo:flow:df7fa005a388	flow:df7fa005a388 → host:172.234.197.23 → host:177.10.236.32 → port:tcp:54560
flow_observed5-aryOBS	e:fo:flow:c7924a2c3c9c	flow:c7924a2c3c9c → host:45.173.156.111 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-35fcdb0ef59afc26:host:172.234.197.23	SESSION-35fcdb0ef59afc26 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:87288ec89f1c	flow:87288ec89f1c → host:172.234.197.23 → host:177.10.237.98 → port:tcp:47900
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-488c9c462e491ad2:SESSION-488c9c462e491ad2	SESSION-488c9c462e491ad2 → pe:tls:SESSION-488c9c462e491ad2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f9972302e9230d9:host:172.234.197.23	SESSION-9f9972302e9230d9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a4d237675f94d453:host:144.76.23.34	SESSION-a4d237675f94d453 → host:144.76.23.34
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-526fa727f8be74e3:host:177.10.239.86:host:172.234.197.23	SESSION-526fa727f8be74e3 → host:177.10.239.86 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f496191c2c04cb7e:SESSION-f496191c2c04cb7e	SESSION-f496191c2c04cb7e → pe:tls:SESSION-f496191c2c04cb7e
FLOW_FROM_HOSTOBS	e:from:SESSION-35228babc2ac6e48:host:177.10.235.185	SESSION-35228babc2ac6e48 → host:177.10.235.185
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.9:geo_-21.10010_-41.69200	host:45.173.156.9 → geo_-21.10010_-41.69200
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.43:geo_-23.62930_-46.63510	host:131.196.30.43 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.97:geo_-16.28860_-49.01640	host:177.10.239.97 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:f305d2c5a739	flow:f305d2c5a739 → host:131.196.30.140 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b325e5efc54d34b8:host:172.234.197.23:host:177.10.236.125	SESSION-b325e5efc54d34b8 → host:172.234.197.23 → host:177.10.236.125
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2f890b9cda6af294:host:177.10.237.175:host:172.234.197.23	SESSION-2f890b9cda6af294 → host:177.10.237.175 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-675cba805cfc6bb8:SESSION-675cba805cfc6bb8	SESSION-675cba805cfc6bb8 → pe:tls:SESSION-675cba805cfc6bb8
flow_observed4-aryOBS	e:fo:flow:bd383841fa2b	flow:bd383841fa2b → host:172.234.197.23 → host:177.10.234.239 → port:tcp:24843
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9af350d3c0c51da5:host:177.10.238.163:host:172.234.197.23	SESSION-9af350d3c0c51da5 → host:177.10.238.163 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.55:geo_-16.28860_-49.01640	host:177.10.237.55 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6490de849a8e5020:flow:b34d3851d524	SESSION-6490de849a8e5020 → flow:b34d3851d524
flow_observed4-aryOBS	e:fo:flow:78bc828538ef	flow:78bc828538ef → host:172.234.197.23 → host:131.196.31.17 → port:tcp:31673
flow_observed5-aryOBS	e:fo:flow:79b777e6f63d	flow:79b777e6f63d → host:177.10.234.152 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6bd47d8fd21ead6d:host:94.130.10.221	SESSION-6bd47d8fd21ead6d → host:94.130.10.221
FLOW_FROM_HOSTOBS	e:from:SESSION-ec67d149df3809f6:host:177.10.235.81	SESSION-ec67d149df3809f6 → host:177.10.235.81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-def0cb8d87964dca:SESSION-def0cb8d87964dca	SESSION-def0cb8d87964dca → pe:tls:SESSION-def0cb8d87964dca
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-49ffa8539a7cb217:PCAP:capture_20260430160001:9bfa4498506a	SESSION-49ffa8539a7cb217 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b34520b38e3fc963:SESSION-b34520b38e3fc963	SESSION-b34520b38e3fc963 → pe:syn:SESSION-b34520b38e3fc963
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69d28aa413742c82:host:172.234.197.23	SESSION-69d28aa413742c82 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-723b8399a0bced6b:SESSION-723b8399a0bced6b	SESSION-723b8399a0bced6b → pe:tls:SESSION-723b8399a0bced6b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d7eebeca6a52636:host:172.234.197.23	SESSION-6d7eebeca6a52636 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8491791342c7cb3:host:172.234.197.23	SESSION-f8491791342c7cb3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-910213045742f7e4:host:51.225.22.198:host:172.234.197.23	SESSION-910213045742f7e4 → host:51.225.22.198 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1e028dd5dd71b411:host:177.10.237.25	SESSION-1e028dd5dd71b411 → host:177.10.237.25
flow_observed5-aryOBS	e:fo:flow:b68288d4d571	flow:b68288d4d571 → host:177.10.233.249 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:e9fe580d9619:port:tcp:443	flow:e9fe580d9619 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ac2cef9f7dcbf562:flow:f48dcc936eed	SESSION-ac2cef9f7dcbf562 → flow:f48dcc936eed
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4fa0ca2c10982c45:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4fa0ca2c10982c45 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1a75f9666a4fd8c5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1a75f9666a4fd8c5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:a4d5024da31b	flow:a4d5024da31b → host:172.234.197.23 → host:177.10.236.204 → port:tcp:28144
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8631759e2d7ec30:SESSION-c8631759e2d7ec30	SESSION-c8631759e2d7ec30 → pe:syn:SESSION-c8631759e2d7ec30
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.37:geo_-16.28860_-49.01640	host:177.10.234.37 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c6e971723a904aea:SESSION-c6e971723a904aea	SESSION-c6e971723a904aea → pe:tls:SESSION-c6e971723a904aea
FLOW_TO_HOSTOBS	e:to:SESSION-d44d2d34cc029e97:host:172.234.197.23	SESSION-d44d2d34cc029e97 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-75c1b247d58a4094:host:45.145.152.145	SESSION-75c1b247d58a4094 → host:45.145.152.145
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f57d963826b0d8cc:SESSION-f57d963826b0d8cc	SESSION-f57d963826b0d8cc → pe:tls:SESSION-f57d963826b0d8cc
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.111:asn:262880	host:177.10.237.111 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-8f3823f20b5aa8c6:host:45.173.156.26	SESSION-8f3823f20b5aa8c6 → host:45.173.156.26
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f57871a7505a0a35:flow:b46fb9b05512	SESSION-f57871a7505a0a35 → flow:b46fb9b05512
flow_observed4-aryOBS	e:fo:flow:f8ad8461587d	flow:f8ad8461587d → host:172.234.197.23 → host:131.196.29.194 → port:tcp:25059
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7da23a3c779474e1:host:44.255.175.112:host:172.234.197.23	SESSION-7da23a3c779474e1 → host:44.255.175.112 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b197d648fac856a7:SESSION-b197d648fac856a7	SESSION-b197d648fac856a7 → pe:tls:SESSION-b197d648fac856a7
flow_observed4-aryOBS	e:fo:flow:7ebd7ee7274f	flow:7ebd7ee7274f → host:172.234.197.23 → host:131.196.28.95 → port:tcp:3533
FLOW_TO_HOSTOBS	e:to:SESSION-04c23b7b96a70798:host:172.234.197.23	SESSION-04c23b7b96a70798 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e7a6b146488afb43:SESSION-e7a6b146488afb43	SESSION-e7a6b146488afb43 → pe:tls:SESSION-e7a6b146488afb43
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf07a99306d1414b:host:45.173.156.52	SESSION-cf07a99306d1414b → host:45.173.156.52
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-30e9e6bd80ef39ea:SESSION-30e9e6bd80ef39ea	SESSION-30e9e6bd80ef39ea → pe:syn:SESSION-30e9e6bd80ef39ea
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5ed34bf9fded9d68:SESSION-5ed34bf9fded9d68	SESSION-5ed34bf9fded9d68 → pe:syn:SESSION-5ed34bf9fded9d68
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9fad2531a6ee4032:host:172.234.197.23:host:177.10.239.98	SESSION-9fad2531a6ee4032 → host:172.234.197.23 → host:177.10.239.98
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46ff0fa4ec42545a:host:172.234.197.23	SESSION-46ff0fa4ec42545a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-180bc1efe2db3897:host:177.10.237.245	SESSION-180bc1efe2db3897 → host:177.10.237.245
FLOW_DST_PORTOBS	e:fp:flow:14e2611523e3:port:tcp:443	flow:14e2611523e3 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d17b7bdf4ae9fb2c:SESSION-d17b7bdf4ae9fb2c	SESSION-d17b7bdf4ae9fb2c → pe:syn:SESSION-d17b7bdf4ae9fb2c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2acb7632e6c37a6f:SESSION-2acb7632e6c37a6f	SESSION-2acb7632e6c37a6f → pe:tls:SESSION-2acb7632e6c37a6f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cca8cec112e53d8f:host:172.234.197.23	SESSION-cca8cec112e53d8f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d098d799c39976fd:host:131.196.31.45:host:172.234.197.23	SESSION-d098d799c39976fd → host:131.196.31.45 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:d3f853795ebd:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:d3f853795ebd → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b53b1a2dc18d6354:PCAP:capture_20260427200001:3ed6eed62060	SESSION-b53b1a2dc18d6354 → PCAP:capture_20260427200001:3ed6eed62060
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51b700d0442eff09:host:131.196.29.196	SESSION-51b700d0442eff09 → host:131.196.29.196
FLOW_TO_HOSTOBS	e:to:SESSION-68e98907ffe6aa24:host:131.196.31.63	SESSION-68e98907ffe6aa24 → host:131.196.31.63
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd4f176877b3d058:host:172.234.197.23	SESSION-fd4f176877b3d058 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c5ea1449320ef78b:flow:16912badffa5	SESSION-c5ea1449320ef78b → flow:16912badffa5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-86f90a53110dcf25:SESSION-86f90a53110dcf25	SESSION-86f90a53110dcf25 → pe:tls:SESSION-86f90a53110dcf25
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-23f94e137932a031:SESSION-23f94e137932a031	SESSION-23f94e137932a031 → pe:tls:SESSION-23f94e137932a031
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.244:asn:262880	host:177.10.239.244 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5a59556c261862d:host:131.196.29.244	SESSION-b5a59556c261862d → host:131.196.29.244
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0d8801f02b141d30:SESSION-0d8801f02b141d30	SESSION-0d8801f02b141d30 → pe:syn:SESSION-0d8801f02b141d30
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e361598c12a1af0:host:131.196.29.95	SESSION-3e361598c12a1af0 → host:131.196.29.95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-73436bd95d7b2637:SESSION-73436bd95d7b2637	SESSION-73436bd95d7b2637 → pe:syn:SESSION-73436bd95d7b2637
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-23002560e1da6de3:PCAP:capture_20260430150001:ded20914761d	SESSION-23002560e1da6de3 → PCAP:capture_20260430150001:ded20914761d
flow_observed5-aryOBS	e:fo:flow:4028dc56aa9d	flow:4028dc56aa9d → host:131.196.29.99 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2d6be65d6480cd7d:SESSION-2d6be65d6480cd7d	SESSION-2d6be65d6480cd7d → pe:syn:SESSION-2d6be65d6480cd7d
flow_observed5-aryOBS	e:fo:flow:8a3c0b7a19d4	flow:8a3c0b7a19d4 → host:109.89.117.44 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-606a9e702080ed7e:host:131.196.31.93	SESSION-606a9e702080ed7e → host:131.196.31.93
flow_observed5-aryOBS	e:fo:flow:2a765593f423	flow:2a765593f423 → host:177.10.234.69 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-38a436ec3884f938:SESSION-38a436ec3884f938	SESSION-38a436ec3884f938 → pe:tls:SESSION-38a436ec3884f938
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ca55f398b8ed07e1:host:131.196.31.200:host:172.234.197.23	SESSION-ca55f398b8ed07e1 → host:131.196.31.200 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c39df8f0b3ff:port:tcp:443	flow:c39df8f0b3ff → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d1f774a6af2df76:host:172.234.197.23	SESSION-5d1f774a6af2df76 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-37fa495f79e351e9:host:172.234.197.23	SESSION-37fa495f79e351e9 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:1938fe602d95	flow:1938fe602d95 → host:172.234.197.23 → host:131.196.28.0 → port:tcp:17636
FLOW_TO_HOSTOBS	e:to:SESSION-1ad4b86f4c7bfaae:host:172.234.197.23	SESSION-1ad4b86f4c7bfaae → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:73d42f446e42:port:tcp:443	flow:73d42f446e42 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-21b1ebb6f3d7bd68:host:172.234.197.23:host:172.232.0.16	SESSION-21b1ebb6f3d7bd68 → host:172.234.197.23 → host:172.232.0.16
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-976978a22e52e06d:flow:73b0432d21f6	SESSION-976978a22e52e06d → flow:73b0432d21f6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-52e1254f2f15b333:PCAP:capture_20260430070001:903a0e7a436b	SESSION-52e1254f2f15b333 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c47d04961700459f:host:177.10.232.193	SESSION-c47d04961700459f → host:177.10.232.193
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0b3c5797223848b:SESSION-c0b3c5797223848b	SESSION-c0b3c5797223848b → pe:syn:SESSION-c0b3c5797223848b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1a75f9666a4fd8c5:host:131.196.31.237:host:172.234.197.23	SESSION-1a75f9666a4fd8c5 → host:131.196.31.237 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef7241157e60b5c0:host:95.170.25.6	SESSION-ef7241157e60b5c0 → host:95.170.25.6
FLOW_DST_PORTOBS	e:fp:flow:ed9c19c178d4:port:tcp:443	flow:ed9c19c178d4 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3e1df474445c908f:flow:1c637a2b8639	SESSION-3e1df474445c908f → flow:1c637a2b8639
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2eaffc60d664a8c9:SESSION-2eaffc60d664a8c9	SESSION-2eaffc60d664a8c9 → pe:syn:SESSION-2eaffc60d664a8c9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-744a603206d06e24:host:46.4.252.37	SESSION-744a603206d06e24 → host:46.4.252.37
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9ada05a103ba2b64:PCAP:capture_20260430160001:9bfa4498506a	SESSION-9ada05a103ba2b64 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47f7d0be3b0e89e2:host:177.10.235.21:host:172.234.197.23	SESSION-47f7d0be3b0e89e2 → host:177.10.235.21 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8ef41947f9929862:host:172.234.197.23	SESSION-8ef41947f9929862 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-739affc996a6fe99:SESSION-739affc996a6fe99	SESSION-739affc996a6fe99 → pe:tls:SESSION-739affc996a6fe99
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2bf5c26caf57dc4e:SESSION-2bf5c26caf57dc4e	SESSION-2bf5c26caf57dc4e → pe:tls:SESSION-2bf5c26caf57dc4e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4b447e1896cf3c7e:SESSION-4b447e1896cf3c7e	SESSION-4b447e1896cf3c7e → pe:tls:SESSION-4b447e1896cf3c7e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a681df8efb85197d:host:172.234.197.23	SESSION-a681df8efb85197d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c6ce7a55e2ab654:host:177.10.236.130	SESSION-4c6ce7a55e2ab654 → host:177.10.236.130
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.114:asn:262880	host:177.10.232.114 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e872279913929717:PCAP:capture_20260430080001:93f47cc296a4	SESSION-e872279913929717 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6cdad751a34344e1:SESSION-6cdad751a34344e1	SESSION-6cdad751a34344e1 → pe:tls:SESSION-6cdad751a34344e1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e49b447cbf9c1ef7:SESSION-e49b447cbf9c1ef7	SESSION-e49b447cbf9c1ef7 → pe:syn:SESSION-e49b447cbf9c1ef7
FLOW_TO_HOSTOBS	e:to:SESSION-d06d4272bf4950c7:host:172.234.197.23	SESSION-d06d4272bf4950c7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d0a2ec1133f1da31:SESSION-d0a2ec1133f1da31	SESSION-d0a2ec1133f1da31 → pe:tls:SESSION-d0a2ec1133f1da31
FLOW_TO_HOSTOBS	e:to:SESSION-ff369745433a15b5:host:172.234.197.23	SESSION-ff369745433a15b5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-34d820c66fac079b:SESSION-34d820c66fac079b	SESSION-34d820c66fac079b → pe:syn:SESSION-34d820c66fac079b
FLOW_DST_PORTOBS	e:fp:flow:6f971cb3d3a9:port:tcp:38626	flow:6f971cb3d3a9 → port:tcp:38626
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8e33208793a04fae:PCAP:capture_20260428020001:ce87acd1c162	SESSION-8e33208793a04fae → PCAP:capture_20260428020001:ce87acd1c162
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d384de4bfeb31c0:host:172.234.197.23	SESSION-1d384de4bfeb31c0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a55a830d22fea90d:host:172.234.197.23	SESSION-a55a830d22fea90d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9427f5c2202c5258:host:172.234.197.23	SESSION-9427f5c2202c5258 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-39d5adc1c22dd7ee:PCAP:capture_20260430060001:919b39a74464	SESSION-39d5adc1c22dd7ee → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-791eac8e49df4e5d:SESSION-791eac8e49df4e5d	SESSION-791eac8e49df4e5d → pe:syn:SESSION-791eac8e49df4e5d
flow_observed4-aryOBS	e:fo:flow:3680ddb78789	flow:3680ddb78789 → host:172.234.197.23 → host:177.10.233.85 → port:tcp:61959
FLOW_TO_HOSTOBS	e:to:SESSION-1bf280e9db7bb994:host:172.234.197.23	SESSION-1bf280e9db7bb994 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7caa5c0db9dc8d4:host:131.196.29.184	SESSION-b7caa5c0db9dc8d4 → host:131.196.29.184
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01ac49b549a49417:host:131.196.28.50	SESSION-01ac49b549a49417 → host:131.196.28.50
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-25f56036928a5a45:PCAP:capture_20260430050001:8868731bf8a4	SESSION-25f56036928a5a45 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-08a40451c9cdc962:host:172.234.197.23	SESSION-08a40451c9cdc962 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9071d3ff9c14	flow:9071d3ff9c14 → host:177.10.236.100 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ba035d2018b1429:host:177.10.232.72	SESSION-6ba035d2018b1429 → host:177.10.232.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ed8e90a0efd647ab:SESSION-ed8e90a0efd647ab	SESSION-ed8e90a0efd647ab → pe:syn:SESSION-ed8e90a0efd647ab
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f7ca91f03ba114f2:PCAP:capture_20260430080001:93f47cc296a4	SESSION-f7ca91f03ba114f2 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ef2cf125c8c7b83a:host:172.234.197.23:host:131.196.28.193	SESSION-ef2cf125c8c7b83a → host:172.234.197.23 → host:131.196.28.193
FLOW_DST_PORTOBS	e:fp:flow:a930bba2e2dc:port:tcp:443	flow:a930bba2e2dc → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-25a3718851106c53:host:172.234.197.23	SESSION-25a3718851106c53 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-724b8ddf902cc285:host:16.171.55.148:host:172.234.197.23	SESSION-724b8ddf902cc285 → host:16.171.55.148 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f278495c163e84d:host:131.196.29.97	SESSION-2f278495c163e84d → host:131.196.29.97
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e01aa770e4fba49e:PCAP:capture_20260430070001:903a0e7a436b	SESSION-e01aa770e4fba49e → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.20:geo_-16.28860_-49.01640	host:177.10.233.20 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b51c77a005c8dfc8:host:177.10.233.231	SESSION-b51c77a005c8dfc8 → host:177.10.233.231
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-453cfacc8e209f2f:SESSION-453cfacc8e209f2f	SESSION-453cfacc8e209f2f → pe:syn:SESSION-453cfacc8e209f2f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb88b05b3590e26e:host:172.234.197.23	SESSION-cb88b05b3590e26e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-686bda995aabc86f:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-686bda995aabc86f → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fcd4658ed0002284:SESSION-fcd4658ed0002284	SESSION-fcd4658ed0002284 → pe:syn:SESSION-fcd4658ed0002284
FLOW_FROM_HOSTOBS	e:from:SESSION-be24a8e57194faf0:host:45.173.156.215	SESSION-be24a8e57194faf0 → host:45.173.156.215
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d54bd183a716274c:SESSION-d54bd183a716274c	SESSION-d54bd183a716274c → pe:tls:SESSION-d54bd183a716274c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ddf07020985eed3:host:177.10.237.151:host:172.234.197.23	SESSION-2ddf07020985eed3 → host:177.10.237.151 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e3a0847605e0d04e:host:177.10.234.66:host:172.234.197.23	SESSION-e3a0847605e0d04e → host:177.10.234.66 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-970263f3772afe71:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-970263f3772afe71 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-574dd53dd07894c0:host:172.234.197.23:host:177.10.237.96	SESSION-574dd53dd07894c0 → host:172.234.197.23 → host:177.10.237.96
FLOW_DST_PORTOBS	e:fp:flow:2520bf4367e5:port:tcp:443	flow:2520bf4367e5 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-54aea84c156a3c18:host:210.156.0.132	SESSION-54aea84c156a3c18 → host:210.156.0.132
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3b8a8c73a52fb2ca:SESSION-3b8a8c73a52fb2ca	SESSION-3b8a8c73a52fb2ca → pe:tls:SESSION-3b8a8c73a52fb2ca
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-388e36b23caa508f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-388e36b23caa508f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:5cd8c64c176c:port:tcp:443	flow:5cd8c64c176c → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4ce89d337c6c28e5:flow:2d81150733e9	SESSION-4ce89d337c6c28e5 → flow:2d81150733e9
FLOW_TO_HOSTOBS	e:to:SESSION-5c7bf6a31f6e2d56:host:2.57.122.194	SESSION-5c7bf6a31f6e2d56 → host:2.57.122.194
FLOW_DST_PORTOBS	e:fp:flow:8fc42904690b:port:tcp:11030	flow:8fc42904690b → port:tcp:11030
FLOW_TO_HOSTOBS	e:to:SESSION-73ac0ee86c608450:host:172.234.197.23	SESSION-73ac0ee86c608450 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2811f86b559a674a:host:131.196.30.119	SESSION-2811f86b559a674a → host:131.196.30.119
FLOW_FROM_HOSTOBS	e:from:SESSION-abf4853d72eba17e:host:45.173.156.26	SESSION-abf4853d72eba17e → host:45.173.156.26
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b05f07ed9250ae8e:host:131.196.30.121	SESSION-b05f07ed9250ae8e → host:131.196.30.121
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9be6dcd7d7b7ac03:host:45.145.152.248	SESSION-9be6dcd7d7b7ac03 → host:45.145.152.248
flow_observed4-aryOBS	e:fo:flow:d33594f9a169	flow:d33594f9a169 → host:172.234.197.23 → host:177.10.239.139 → port:tcp:50380
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a55eb245a4ca8dde:host:131.196.29.127	SESSION-a55eb245a4ca8dde → host:131.196.29.127
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-a87d3ab31183768a:SESSION-a87d3ab31183768a	SESSION-a87d3ab31183768a → pe:rst:SESSION-a87d3ab31183768a
FLOW_DST_PORTOBS	e:fp:flow:28d85fd4eba1:port:tcp:443	flow:28d85fd4eba1 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ced8040d8221dfbc:host:172.234.197.23	SESSION-ced8040d8221dfbc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d8922fd6595a71f:host:172.234.197.23	SESSION-5d8922fd6595a71f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-79574872517ba47f:flow:6d919a662eb6	SESSION-79574872517ba47f → flow:6d919a662eb6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.88:geo_-16.28860_-49.01640	host:177.10.233.88 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:0d406dc36797:port:tcp:22	flow:0d406dc36797 → port:tcp:22
FLOW_TO_HOSTOBS	e:to:SESSION-a6c7a2e5cf818d0a:host:172.234.197.23	SESSION-a6c7a2e5cf818d0a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-036bdbf16af23428:host:177.10.237.160	SESSION-036bdbf16af23428 → host:177.10.237.160
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0cb11649434d08c:host:172.234.197.23	SESSION-d0cb11649434d08c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab83f0ea1c3b60ab:host:172.234.197.23	SESSION-ab83f0ea1c3b60ab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-337cf74c19f2631e:host:172.234.197.23	SESSION-337cf74c19f2631e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c4f8f4fc610e76fd:host:177.10.234.81	SESSION-c4f8f4fc610e76fd → host:177.10.234.81
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a87c967af45101a2:host:177.10.234.137	SESSION-a87c967af45101a2 → host:177.10.234.137
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e512980b1e52beb:host:177.10.233.98	SESSION-7e512980b1e52beb → host:177.10.233.98
FLOW_TO_HOSTOBS	e:to:SESSION-222c821677f323de:host:172.234.197.23	SESSION-222c821677f323de → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d4e339b9f879a911:host:172.234.197.23	SESSION-d4e339b9f879a911 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-82e825a4afeeff6a:host:177.10.237.127	SESSION-82e825a4afeeff6a → host:177.10.237.127
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b51c77a005c8dfc8:SESSION-b51c77a005c8dfc8	SESSION-b51c77a005c8dfc8 → pe:tls:SESSION-b51c77a005c8dfc8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4799248f1ba6e544:host:177.10.232.222:host:172.234.197.23	SESSION-4799248f1ba6e544 → host:177.10.232.222 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.248:asn:203771	host:45.145.152.248 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-980b61ddea9c5965:SESSION-980b61ddea9c5965	SESSION-980b61ddea9c5965 → pe:dns:SESSION-980b61ddea9c5965
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-a759d297db5368da:BSG-BEACON-5cf613fd15c2	SESSION-a759d297db5368da → BSG-BEACON-5cf613fd15c2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5e717c742e2e64ea:SESSION-5e717c742e2e64ea	SESSION-5e717c742e2e64ea → pe:tls:SESSION-5e717c742e2e64ea
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f306c00af6aee0a4:PCAP:capture_20260430090001:065659c7d314	SESSION-f306c00af6aee0a4 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-ec373193747138e2:host:177.10.238.249	SESSION-ec373193747138e2 → host:177.10.238.249
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-102bebe502918f62:host:172.234.197.23	SESSION-102bebe502918f62 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1b90ecadb949fa3:host:172.234.197.23	SESSION-e1b90ecadb949fa3 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.114:geo_-16.28860_-49.01640	host:177.10.234.114 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d30b8cd9cbd48a1:flow:cae9789f6cd2	SESSION-1d30b8cd9cbd48a1 → flow:cae9789f6cd2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0cf49defbe006f77:host:172.234.197.23:host:45.173.156.84	SESSION-0cf49defbe006f77 → host:172.234.197.23 → host:45.173.156.84
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.203:geo_-16.28860_-49.01640	host:177.10.236.203 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-79787964fff3a281:host:177.10.237.124	SESSION-79787964fff3a281 → host:177.10.237.124
FLOW_FROM_HOSTOBS	e:from:SESSION-c8ab658d53a1eebd:host:177.10.238.29	SESSION-c8ab658d53a1eebd → host:177.10.238.29
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ae33589f66e7ab9:SESSION-6ae33589f66e7ab9	SESSION-6ae33589f66e7ab9 → pe:syn:SESSION-6ae33589f66e7ab9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a3e524c73cd89280:flow:e4c0f1f7a266	SESSION-a3e524c73cd89280 → flow:e4c0f1f7a266
FLOW_DST_PORTOBS	e:fp:flow:db9035c128d2:port:tcp:443	flow:db9035c128d2 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-89e4df8c6f209b00:flow:09b6582c8a0e	SESSION-89e4df8c6f209b00 → flow:09b6582c8a0e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-566179d6a12d7e1c:flow:3992ce7fa8ec	SESSION-566179d6a12d7e1c → flow:3992ce7fa8ec
FLOW_FROM_HOSTOBS	e:from:SESSION-3e70a8d6fd08b895:host:177.10.234.215	SESSION-3e70a8d6fd08b895 → host:177.10.234.215
flow_observed4-aryOBS	e:fo:flow:05d0d63bce37	flow:05d0d63bce37 → host:172.234.197.23 → host:177.10.235.201 → port:tcp:35511
FLOW_TO_HOSTOBS	e:to:SESSION-710b55a9f3a0edd9:host:172.234.197.23	SESSION-710b55a9f3a0edd9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5fcf38b0a54673cb:host:177.10.232.34	SESSION-5fcf38b0a54673cb → host:177.10.232.34
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6a214ec19ba198e7:flow:15ff142e4d3b	SESSION-6a214ec19ba198e7 → flow:15ff142e4d3b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d5ae6e0246d28b44:host:177.10.234.176:host:172.234.197.23	SESSION-d5ae6e0246d28b44 → host:177.10.234.176 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.40:asn:262880	host:177.10.236.40 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2586028491b4edc:host:172.234.197.23	SESSION-b2586028491b4edc → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-926b7babcf98185f:flow:d93bcf8220d2	SESSION-926b7babcf98185f → flow:d93bcf8220d2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c32ee209d5d1aa5e:host:131.196.29.95	SESSION-c32ee209d5d1aa5e → host:131.196.29.95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7c6e69b3f05bcd99:SESSION-7c6e69b3f05bcd99	SESSION-7c6e69b3f05bcd99 → pe:syn:SESSION-7c6e69b3f05bcd99
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.42:geo_-16.28860_-49.01640	host:177.10.236.42 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-bd66824284de98ed:host:172.234.197.23	SESSION-bd66824284de98ed → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a4f5157605f3	flow:a4f5157605f3 → host:131.196.31.18 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:239159cb0e4e:port:tcp:443	flow:239159cb0e4e → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:5ec23c1a1f63:port:tcp:15164	flow:5ec23c1a1f63 → port:tcp:15164
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16f8bda1e1d11332:host:172.234.197.23	SESSION-16f8bda1e1d11332 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ea19b3bdbd95a16b:PCAP:capture_20260430060001:919b39a74464	SESSION-ea19b3bdbd95a16b → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e79bdabe92472fb:SESSION-4e79bdabe92472fb	SESSION-4e79bdabe92472fb → pe:tls:SESSION-4e79bdabe92472fb
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.173:geo_-16.28860_-49.01640	host:177.10.234.173 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5e7695ca2cac12f:host:172.234.197.23:host:131.196.29.0	SESSION-b5e7695ca2cac12f → host:172.234.197.23 → host:131.196.29.0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4defafdd27769097:host:172.234.197.23	SESSION-4defafdd27769097 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ef2cf125c8c7b83a:PCAP:capture_20260430150001:ded20914761d	SESSION-ef2cf125c8c7b83a → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d04c60e569cc19ba:host:172.234.197.23	SESSION-d04c60e569cc19ba → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3056fcd37df4e63f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3056fcd37df4e63f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-9d9c8489868c7191:host:172.234.197.23	SESSION-9d9c8489868c7191 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c851c6ec2554:port:tcp:443	flow:c851c6ec2554 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2091e87bc96ca173:SESSION-2091e87bc96ca173	SESSION-2091e87bc96ca173 → pe:syn:SESSION-2091e87bc96ca173
FLOW_TO_HOSTOBS	e:to:SESSION-37c584531b25722b:host:172.234.197.23	SESSION-37c584531b25722b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-73ac0ee86c608450:SESSION-73ac0ee86c608450	SESSION-73ac0ee86c608450 → pe:syn:SESSION-73ac0ee86c608450
flow_observed5-aryOBS	e:fo:flow:c1e4966ad61f	flow:c1e4966ad61f → host:142.132.190.158 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-848453a25431759d:host:172.234.197.23	SESSION-848453a25431759d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1c21445b24cd8699:PCAP:capture_20260430050001:8868731bf8a4	SESSION-1c21445b24cd8699 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:e8aae9c261e5:port:tcp:9078	flow:e8aae9c261e5 → port:tcp:9078
FLOW_FROM_HOSTOBS	e:from:SESSION-f951b8fc6e0dd11c:host:177.10.232.158	SESSION-f951b8fc6e0dd11c → host:177.10.232.158
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5804e26655ff1a06:SESSION-5804e26655ff1a06	SESSION-5804e26655ff1a06 → pe:syn:SESSION-5804e26655ff1a06
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-174ad36923ec98ba:flow:7ee8a4dda8e6	SESSION-174ad36923ec98ba → flow:7ee8a4dda8e6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-88c7e3106e33eb03:SESSION-88c7e3106e33eb03	SESSION-88c7e3106e33eb03 → pe:syn:SESSION-88c7e3106e33eb03
FLOW_FROM_HOSTOBS	e:from:SESSION-e2f1e05754e84c30:host:172.234.197.23	SESSION-e2f1e05754e84c30 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-62d5a334e1fc9bd1:host:172.234.197.23	SESSION-62d5a334e1fc9bd1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4298399acb708ae5:host:131.196.31.138	SESSION-4298399acb708ae5 → host:131.196.31.138
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7549effe520d0229:SESSION-7549effe520d0229	SESSION-7549effe520d0229 → pe:syn:SESSION-7549effe520d0229
FLOW_DST_PORTOBS	e:fp:flow:3d9dc2a57062:port:tcp:443	flow:3d9dc2a57062 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:93cfcbc224e1	flow:93cfcbc224e1 → host:177.10.233.254 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db1b4e286dc089a9:host:172.234.197.23:host:131.196.29.60	SESSION-db1b4e286dc089a9 → host:172.234.197.23 → host:131.196.29.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a11ee5d378ab4f4:host:177.10.236.154	SESSION-7a11ee5d378ab4f4 → host:177.10.236.154
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.43:geo_-16.28860_-49.01640	host:177.10.239.43 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b8dc993a043c8fb1:host:131.196.31.14:host:172.234.197.23	SESSION-b8dc993a043c8fb1 → host:131.196.31.14 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23e0f212525e0a86:host:172.234.197.23	SESSION-23e0f212525e0a86 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ca971b9386eb0b9:SESSION-2ca971b9386eb0b9	SESSION-2ca971b9386eb0b9 → pe:syn:SESSION-2ca971b9386eb0b9
FLOW_DST_PORTOBS	e:fp:flow:3c6a2740e12d:port:tcp:31973	flow:3c6a2740e12d → port:tcp:31973
FLOW_FROM_HOSTOBS	e:from:SESSION-2f9ea4c8ad78eb8e:host:172.234.197.23	SESSION-2f9ea4c8ad78eb8e → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.163:asn:262880	host:177.10.233.163 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d3cf98bfbd337a47:host:172.234.197.23	SESSION-d3cf98bfbd337a47 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-623bd72e2e38d66b:host:131.196.30.72	SESSION-623bd72e2e38d66b → host:131.196.30.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-409db122b916fc83:SESSION-409db122b916fc83	SESSION-409db122b916fc83 → pe:syn:SESSION-409db122b916fc83
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-da4440e5d8ead4fe:SESSION-da4440e5d8ead4fe	SESSION-da4440e5d8ead4fe → pe:tls:SESSION-da4440e5d8ead4fe
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b5af66d109a4873:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5b5af66d109a4873 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-406d5e8256fbfc45:SESSION-406d5e8256fbfc45	SESSION-406d5e8256fbfc45 → pe:tls:SESSION-406d5e8256fbfc45
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f44963c65f506a9:host:131.196.29.170	SESSION-1f44963c65f506a9 → host:131.196.29.170
FLOW_TO_HOSTOBS	e:to:SESSION-c615690895f6d3c9:host:177.10.239.127	SESSION-c615690895f6d3c9 → host:177.10.239.127
HOST_IN_ASNOBS 85%	e:ha:host:51.21.249.220:asn:16509	host:51.21.249.220 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da8ba1d6891d9574:host:172.234.197.23	SESSION-da8ba1d6891d9574 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-6fd2d6a70384f754:SESSION-6fd2d6a70384f754	SESSION-6fd2d6a70384f754 → pe:rst:SESSION-6fd2d6a70384f754
FLOW_DST_PORTOBS	e:fp:flow:b28ee83bee37:port:tcp:6778	flow:b28ee83bee37 → port:tcp:6778
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-1633b12f0e20b97e:SESSION-1633b12f0e20b97e	SESSION-1633b12f0e20b97e → pe:rst:SESSION-1633b12f0e20b97e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.174:geo_-16.28860_-49.01640	host:177.10.236.174 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:e8a892fc5820	flow:e8a892fc5820 → host:177.10.239.205 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44aa905e757bc471:host:131.196.28.95	SESSION-44aa905e757bc471 → host:131.196.28.95
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f997fef874b1b1e:host:172.232.0.16	SESSION-2f997fef874b1b1e → host:172.232.0.16
FLOW_FROM_HOSTOBS	e:from:SESSION-9eb3af12cfff0086:host:177.10.238.88	SESSION-9eb3af12cfff0086 → host:177.10.238.88
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-393d4d02c091bd7e:host:5.182.209.49:host:172.234.197.23	SESSION-393d4d02c091bd7e → host:5.182.209.49 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-660cb7ef624de29d:host:172.234.197.23	SESSION-660cb7ef624de29d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea2b78fffe48f844:host:172.234.197.23	SESSION-ea2b78fffe48f844 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d847f2e978d6:port:tcp:443	flow:d847f2e978d6 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-537378f36f2f8a26:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-537378f36f2f8a26 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e3b214bdb989f663:SESSION-e3b214bdb989f663	SESSION-e3b214bdb989f663 → pe:syn:SESSION-e3b214bdb989f663
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8631759e2d7ec30:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c8631759e2d7ec30 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:095f374ac2cc	flow:095f374ac2cc → host:177.10.238.137 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.97:asn:262880	host:177.10.235.97 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b8196f582d24c6a3:PCAP:capture_20260430090001:065659c7d314	SESSION-b8196f582d24c6a3 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60a71bd7fc87f54e:host:172.234.197.23	SESSION-60a71bd7fc87f54e → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.253:geo_-23.62930_-46.63510	host:131.196.31.253 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-a29c9496c44f9fe8:host:177.10.235.6	SESSION-a29c9496c44f9fe8 → host:177.10.235.6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac1869edc353761e:host:172.234.197.23	SESSION-ac1869edc353761e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb6cea4441256ebd:PCAP:capture_20260430090001:065659c7d314	SESSION-cb6cea4441256ebd → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:1ecc35664d1e:port:tcp:443	flow:1ecc35664d1e → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bedf3bb9bf60dde0:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-bedf3bb9bf60dde0 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:c8f5d59ceecd:port:tcp:8450	flow:c8f5d59ceecd → port:tcp:8450
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-354d6c0d37a0b016:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-354d6c0d37a0b016 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-c83c0a366733c9bb:host:177.10.238.116	SESSION-c83c0a366733c9bb → host:177.10.238.116
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4013c9000873101b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4013c9000873101b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-252ece6cab0420bc:PCAP:capture_20260430080001:93f47cc296a4	SESSION-252ece6cab0420bc → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-98030dd572a97d39:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-98030dd572a97d39 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:3020ab7bcafc:port:tcp:443	flow:3020ab7bcafc → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-424e5c5b03912c3d:PCAP:capture_20260430110001:43611bdf6759	SESSION-424e5c5b03912c3d → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ec373193747138e2:SESSION-ec373193747138e2	SESSION-ec373193747138e2 → pe:tls:SESSION-ec373193747138e2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-843bbb86e5601bd5:SESSION-843bbb86e5601bd5	SESSION-843bbb86e5601bd5 → pe:tls:SESSION-843bbb86e5601bd5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74744b11834c8470:host:172.234.197.23	SESSION-74744b11834c8470 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fcae7621099f:port:tcp:443	flow:fcae7621099f → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-a117da50f6c2c30f:host:172.234.197.23	SESSION-a117da50f6c2c30f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-76b0da8a82e9902a:host:172.234.197.23	SESSION-76b0da8a82e9902a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6756f0bedb2cdb12:host:172.234.197.23	SESSION-6756f0bedb2cdb12 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-526fa727f8be74e3:SESSION-526fa727f8be74e3	SESSION-526fa727f8be74e3 → pe:syn:SESSION-526fa727f8be74e3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a1d16880e0846180:flow:41972dbe52b9	SESSION-a1d16880e0846180 → flow:41972dbe52b9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b51ebf4113a5ef49:host:177.10.239.158	SESSION-b51ebf4113a5ef49 → host:177.10.239.158
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ea2b78fffe48f844:PCAP:capture_20260430150001:ded20914761d	SESSION-ea2b78fffe48f844 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:c6db70cfb235:port:tcp:443	flow:c6db70cfb235 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.84:asn:262880	host:177.10.239.84 → asn:262880
ASN_IN_ORGOBS 80%	e:ao:asn:10396:org:DATACOM CARIBE, INC.	asn:10396 → org:DATACOM CARIBE, INC.
FLOW_TO_HOSTOBS	e:to:SESSION-84e5e89f26aa2ca2:host:172.234.197.23	SESSION-84e5e89f26aa2ca2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44d3fd3ee1d51da1:host:177.10.232.139	SESSION-44d3fd3ee1d51da1 → host:177.10.232.139
FLOW_DST_PORTOBS	e:fp:flow:5466f79125fb:port:tcp:443	flow:5466f79125fb → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-332b957940cff81b:host:172.234.197.23	SESSION-332b957940cff81b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.211:asn:271410	host:131.196.29.211 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4ba4bb01be574ad6:SESSION-4ba4bb01be574ad6	SESSION-4ba4bb01be574ad6 → pe:tls:SESSION-4ba4bb01be574ad6
FLOW_TO_HOSTOBS	e:to:SESSION-fb2f54f0354a144e:host:172.234.197.23	SESSION-fb2f54f0354a144e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c06bd8d9952317f:host:172.234.197.23	SESSION-6c06bd8d9952317f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ee5756ac65b5ed68:host:131.196.30.223:host:172.234.197.23	SESSION-ee5756ac65b5ed68 → host:131.196.30.223 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.223:geo_-16.28860_-49.01640	host:177.10.237.223 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ff331192f9cad8b9:flow:627f220d3e6a	SESSION-ff331192f9cad8b9 → flow:627f220d3e6a
FLOW_DST_PORTOBS	e:fp:flow:efdc052f98d7:port:tcp:443	flow:efdc052f98d7 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:bbbdb4b028c8	flow:bbbdb4b028c8 → host:172.234.197.23 → host:177.10.233.233 → port:tcp:56056
FLOW_TO_HOSTOBS	e:to:SESSION-4f12bb9f5880e55b:host:172.234.197.23	SESSION-4f12bb9f5880e55b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-31836a23201b59b7:host:177.10.237.162	SESSION-31836a23201b59b7 → host:177.10.237.162
FLOW_TO_HOSTOBS	e:to:SESSION-18c88d2b92c30f28:host:177.10.239.227	SESSION-18c88d2b92c30f28 → host:177.10.239.227
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9252fa43a6ca744f:host:45.173.156.169	SESSION-9252fa43a6ca744f → host:45.173.156.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74a0cb408b3fb354:host:172.234.197.23	SESSION-74a0cb408b3fb354 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f57871a7505a0a35:SESSION-f57871a7505a0a35	SESSION-f57871a7505a0a35 → pe:syn:SESSION-f57871a7505a0a35
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-98e2e9e1db14446c:flow:906cde70820b	SESSION-98e2e9e1db14446c → flow:906cde70820b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60b46aef513c4722:host:177.10.235.61	SESSION-60b46aef513c4722 → host:177.10.235.61
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d43ada4a289f704d:SESSION-d43ada4a289f704d	SESSION-d43ada4a289f704d → pe:tls:SESSION-d43ada4a289f704d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f9e2f07f7ea20074:SESSION-f9e2f07f7ea20074	SESSION-f9e2f07f7ea20074 → pe:tls:SESSION-f9e2f07f7ea20074
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.236.240.137:geo_52.23940_21.03620	host:185.236.240.137 → geo_52.23940_21.03620
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2cb296f879c20d45:SESSION-2cb296f879c20d45	SESSION-2cb296f879c20d45 → pe:tls:SESSION-2cb296f879c20d45
FLOW_DST_PORTOBS	e:fp:flow:df53e3b2ee55:port:tcp:443	flow:df53e3b2ee55 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-ac6ab160136e0424:host:177.10.235.129	SESSION-ac6ab160136e0424 → host:177.10.235.129
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b135329a33dc60c2:SESSION-b135329a33dc60c2	SESSION-b135329a33dc60c2 → pe:syn:SESSION-b135329a33dc60c2
FLOW_DST_PORTOBS	e:fp:flow:bd0c0f3ef9a8:port:tcp:15522	flow:bd0c0f3ef9a8 → port:tcp:15522
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7ac9bb77fb56e773:SESSION-7ac9bb77fb56e773	SESSION-7ac9bb77fb56e773 → pe:tls:SESSION-7ac9bb77fb56e773
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-21ced843a950a21a:flow:0b696ed5e125	SESSION-21ced843a950a21a → flow:0b696ed5e125
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf6bfb4b9f17f41e:SESSION-bf6bfb4b9f17f41e	SESSION-bf6bfb4b9f17f41e → pe:tls:SESSION-bf6bfb4b9f17f41e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a8c8ed56d6827efd:host:172.234.197.23	SESSION-a8c8ed56d6827efd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-1909494739e8c502:SESSION-1909494739e8c502	SESSION-1909494739e8c502 → pe:rst:SESSION-1909494739e8c502
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f92c0af2b04d2b16:SESSION-f92c0af2b04d2b16	SESSION-f92c0af2b04d2b16 → pe:syn:SESSION-f92c0af2b04d2b16
FLOW_FROM_HOSTOBS	e:from:SESSION-8c917f93463d3774:host:35.95.128.58	SESSION-8c917f93463d3774 → host:35.95.128.58
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b2db5b5e20e8c4e:host:172.232.0.17	SESSION-0b2db5b5e20e8c4e → host:172.232.0.17
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.69:asn:262880	host:177.10.234.69 → asn:262880
flow_observed5-aryOBS	e:fo:flow:e9fe580d9619	flow:e9fe580d9619 → host:131.196.31.146 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:f0003eb8a676:port:tcp:57968	flow:f0003eb8a676 → port:tcp:57968
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.67:geo_-16.28860_-49.01640	host:177.10.234.67 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9433c1773faa9882:PCAP:capture_20260430070001:903a0e7a436b	SESSION-9433c1773faa9882 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-57e30ec2e308e552:SESSION-57e30ec2e308e552	SESSION-57e30ec2e308e552 → pe:syn:SESSION-57e30ec2e308e552
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-21cd302cb5783965:host:172.234.197.23:host:177.10.232.182	SESSION-21cd302cb5783965 → host:172.234.197.23 → host:177.10.232.182
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5b4d581172cc71c:host:31.40.196.58	SESSION-a5b4d581172cc71c → host:31.40.196.58
flow_observed5-aryOBS	e:fo:flow:fdd3c5ca2c21	flow:fdd3c5ca2c21 → host:177.10.236.184 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-3fd74aeb66a6a85e:host:172.234.197.23	SESSION-3fd74aeb66a6a85e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-85a5e7fc435163e0:SESSION-85a5e7fc435163e0	SESSION-85a5e7fc435163e0 → pe:syn:SESSION-85a5e7fc435163e0
FLOW_FROM_HOSTOBS	e:from:SESSION-3a825e71225466eb:host:131.196.28.92	SESSION-3a825e71225466eb → host:131.196.28.92
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ff9e39cb371b24f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1ff9e39cb371b24f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7eb452f0b60197b3:host:45.173.156.150	SESSION-7eb452f0b60197b3 → host:45.173.156.150
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3cd15ae05af1e0a:host:172.234.197.23	SESSION-c3cd15ae05af1e0a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.170:geo_-16.28860_-49.01640	host:177.10.235.170 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:e52630dccfec:port:tcp:443	flow:e52630dccfec → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.255:asn:262880	host:177.10.237.255 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9ed3c0cac572dff6:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-9ed3c0cac572dff6 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fb645c1b10558a95:SESSION-fb645c1b10558a95	SESSION-fb645c1b10558a95 → pe:tls:SESSION-fb645c1b10558a95
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a516ba4c4f8948a0:host:172.234.197.23	SESSION-a516ba4c4f8948a0 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-60a71bd7fc87f54e:flow:82fbfa1cfb5d	SESSION-60a71bd7fc87f54e → flow:82fbfa1cfb5d
FLOW_FROM_HOSTOBS	e:from:SESSION-fd6f9b80bb02e0f5:host:131.196.30.39	SESSION-fd6f9b80bb02e0f5 → host:131.196.30.39
FLOW_TO_HOSTOBS	e:to:SESSION-ddc877c0ed3a64ea:host:131.196.29.34	SESSION-ddc877c0ed3a64ea → host:131.196.29.34
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6e5392ca321cb1ed:flow:654f4f59f24b	SESSION-6e5392ca321cb1ed → flow:654f4f59f24b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-90426299281da133:SESSION-90426299281da133	SESSION-90426299281da133 → pe:tls:SESSION-90426299281da133
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78704dd999ae95fc:host:172.234.197.23	SESSION-78704dd999ae95fc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a9343604177341c5:PCAP:capture_20260430080001:93f47cc296a4	SESSION-a9343604177341c5 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:3fc5c3c3e3a8:port:tcp:443	flow:3fc5c3c3e3a8 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a1628bbd64c13f5a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a1628bbd64c13f5a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-e8ebb92b3cccc0ee:host:172.234.197.23	SESSION-e8ebb92b3cccc0ee → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6e798ff0c310952a:host:177.10.234.144:host:172.234.197.23	SESSION-6e798ff0c310952a → host:177.10.234.144 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b4e7d8d3f995a1a9:flow:d93f22ce77fe	SESSION-b4e7d8d3f995a1a9 → flow:d93f22ce77fe
FLOW_FROM_HOSTOBS	e:from:SESSION-f0f5313432825fa0:host:177.10.237.15	SESSION-f0f5313432825fa0 → host:177.10.237.15
FLOW_TO_HOSTOBS	e:to:SESSION-f60661a19246ebd9:host:177.10.238.239	SESSION-f60661a19246ebd9 → host:177.10.238.239
FLOW_DST_PORTOBS	e:fp:flow:8c37d8569a8d:port:tcp:28936	flow:8c37d8569a8d → port:tcp:28936
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-41c82fa43395463b:SESSION-41c82fa43395463b	SESSION-41c82fa43395463b → pe:tls:SESSION-41c82fa43395463b
FLOW_FROM_HOSTOBS	e:from:SESSION-083cc9a3854de3cd:host:91.240.224.238	SESSION-083cc9a3854de3cd → host:91.240.224.238
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f479af38d87d852f:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f479af38d87d852f → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-41eaa3dd80eab155:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-41eaa3dd80eab155 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa3e9fc803f342ab:host:172.234.197.23	SESSION-fa3e9fc803f342ab → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc58620ced71d747:PCAP:capture_20260430160001:9bfa4498506a	SESSION-cc58620ced71d747 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:7a226fbc653a:port:tcp:443	flow:7a226fbc653a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51b69a1f49968dce:host:177.10.239.253	SESSION-51b69a1f49968dce → host:177.10.239.253
flow_observed5-aryOBS	e:fo:flow:9e171b985e85	flow:9e171b985e85 → host:177.10.237.213 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-de12aa9c0bf7f485:host:177.10.237.20	SESSION-de12aa9c0bf7f485 → host:177.10.237.20
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6d47e7b31036f28:host:131.196.28.35	SESSION-d6d47e7b31036f28 → host:131.196.28.35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-24aa07f03f2c2273:SESSION-24aa07f03f2c2273	SESSION-24aa07f03f2c2273 → pe:tls:SESSION-24aa07f03f2c2273
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9e0dcae8b099ffa5:SESSION-9e0dcae8b099ffa5	SESSION-9e0dcae8b099ffa5 → pe:syn:SESSION-9e0dcae8b099ffa5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1b9f91f77c860b7c:host:172.234.197.23	SESSION-1b9f91f77c860b7c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f1009c3ce0fc23df:SESSION-f1009c3ce0fc23df	SESSION-f1009c3ce0fc23df → pe:syn:SESSION-f1009c3ce0fc23df
flow_observed4-aryOBS	e:fo:flow:6ad223502988	flow:6ad223502988 → host:172.234.197.23 → host:177.10.236.151 → port:tcp:4615
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07139a9423b3d79f:host:131.196.29.159	SESSION-07139a9423b3d79f → host:131.196.29.159
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f12bb9f5880e55b:host:177.10.236.77	SESSION-4f12bb9f5880e55b → host:177.10.236.77
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27d1e1e2170d683a:host:172.234.197.23	SESSION-27d1e1e2170d683a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3290b6ea40dc:port:tcp:443	flow:3290b6ea40dc → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.238:asn:262880	host:177.10.236.238 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-32551388ee5c6c20:host:172.234.197.23	SESSION-32551388ee5c6c20 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6da898acb6c07034:SESSION-6da898acb6c07034	SESSION-6da898acb6c07034 → pe:tls:SESSION-6da898acb6c07034
FLOW_FROM_HOSTOBS	e:from:SESSION-6010f1ab3b1ee9c7:host:92.112.71.183	SESSION-6010f1ab3b1ee9c7 → host:92.112.71.183
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b4341cac0cb5b3aa:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b4341cac0cb5b3aa → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-2c7091281d7e2abc:host:177.10.234.6	SESSION-2c7091281d7e2abc → host:177.10.234.6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4862cddc1ddaa50:flow:84e94b5b7e79	SESSION-d4862cddc1ddaa50 → flow:84e94b5b7e79
FLOW_DST_PORTOBS	e:fp:flow:a48aaa9e71a4:port:tcp:5293	flow:a48aaa9e71a4 → port:tcp:5293
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d027fcdf19e82664:SESSION-d027fcdf19e82664	SESSION-d027fcdf19e82664 → pe:tls:SESSION-d027fcdf19e82664
flow_observed5-aryOBS	e:fo:flow:abc8f32c87a5	flow:abc8f32c87a5 → host:177.10.233.96 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2c24cbdb3e7b273c:host:92.112.71.199:host:172.234.197.23	SESSION-2c24cbdb3e7b273c → host:92.112.71.199 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.78:asn:273470	host:45.173.156.78 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2be48cd916ee7ccc:host:172.234.197.23	SESSION-2be48cd916ee7ccc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8f486345fbdf5443:SESSION-8f486345fbdf5443	SESSION-8f486345fbdf5443 → pe:tls:SESSION-8f486345fbdf5443
FLOW_TO_HOSTOBS	e:to:SESSION-381a570e386b12a2:host:172.234.197.23	SESSION-381a570e386b12a2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7ab46af96ea11edd:flow:923a547e64db	SESSION-7ab46af96ea11edd → flow:923a547e64db
FLOW_FROM_HOSTOBS	e:from:SESSION-da377d395ffcc3d3:host:172.234.197.23	SESSION-da377d395ffcc3d3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e034fcb399102895:host:177.10.234.0	SESSION-e034fcb399102895 → host:177.10.234.0
FLOW_TO_HOSTOBS	e:to:SESSION-fce590506c76a4f8:host:172.234.197.23	SESSION-fce590506c76a4f8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5712989ddbf4728b:host:131.196.31.19	SESSION-5712989ddbf4728b → host:131.196.31.19
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5d6622ca4a22ed44:flow:76cca1c9d93a	SESSION-5d6622ca4a22ed44 → flow:76cca1c9d93a
FLOW_DST_PORTOBS	e:fp:flow:2e3157698a52:port:tcp:443	flow:2e3157698a52 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4367b2e8a53d74f:host:172.234.197.23	SESSION-c4367b2e8a53d74f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-136356e88c69bcaa:host:177.10.238.97	SESSION-136356e88c69bcaa → host:177.10.238.97
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-79787964fff3a281:PCAP:capture_20260430090001:065659c7d314	SESSION-79787964fff3a281 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:89c3e525673a	flow:89c3e525673a → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-01d7e8e7f6d6f55b:SESSION-01d7e8e7f6d6f55b	SESSION-01d7e8e7f6d6f55b → pe:syn:SESSION-01d7e8e7f6d6f55b
FLOW_DST_PORTOBS	e:fp:flow:337390b0db9e:port:tcp:443	flow:337390b0db9e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d42f41260fbe7c09:host:177.10.234.37	SESSION-d42f41260fbe7c09 → host:177.10.234.37
FLOW_TO_HOSTOBS	e:to:SESSION-02cad694702cb9f1:host:172.234.197.23	SESSION-02cad694702cb9f1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-80f68e8f687f2dc5:host:131.196.28.242	SESSION-80f68e8f687f2dc5 → host:131.196.28.242
FLOW_FROM_HOSTOBS	e:from:SESSION-588e177edbf40597:host:131.196.28.40	SESSION-588e177edbf40597 → host:131.196.28.40
FLOW_DST_PORTOBS	e:fp:flow:639a81585c5e:port:tcp:443	flow:639a81585c5e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f30fa3bd65a965fa:SESSION-f30fa3bd65a965fa	SESSION-f30fa3bd65a965fa → pe:syn:SESSION-f30fa3bd65a965fa
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e38f46dc000b6625:host:172.234.197.23:host:177.10.236.235	SESSION-e38f46dc000b6625 → host:172.234.197.23 → host:177.10.236.235
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fbcca05a1b3df0cf:flow:389266da0192	SESSION-fbcca05a1b3df0cf → flow:389266da0192
FLOW_FROM_HOSTOBS	e:from:SESSION-4bc49d07a666c670:host:131.196.31.54	SESSION-4bc49d07a666c670 → host:131.196.31.54
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-926b7babcf98185f:host:131.196.31.150	SESSION-926b7babcf98185f → host:131.196.31.150
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6c0d18b24ee9d3d4:host:172.234.197.23:host:131.196.30.83	SESSION-6c0d18b24ee9d3d4 → host:172.234.197.23 → host:131.196.30.83
FLOW_TO_HOSTOBS	e:to:SESSION-757e5ed1a89f1610:host:172.234.197.23	SESSION-757e5ed1a89f1610 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.110:geo_-16.28860_-49.01640	host:177.10.235.110 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a2e73cad916b1394:flow:8d6177ca01e3	SESSION-a2e73cad916b1394 → flow:8d6177ca01e3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dc65fb323eff44ce:SESSION-dc65fb323eff44ce	SESSION-dc65fb323eff44ce → pe:tls:SESSION-dc65fb323eff44ce
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-296f629f4229b1a2:host:177.10.238.104:host:172.234.197.23	SESSION-296f629f4229b1a2 → host:177.10.238.104 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e88ec164d738844a:host:185.236.240.137	SESSION-e88ec164d738844a → host:185.236.240.137
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a2add8aa10ab84ed:host:103.155.16.117:host:172.234.197.23	SESSION-a2add8aa10ab84ed → host:103.155.16.117 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:35afae3c4d29	flow:35afae3c4d29 → host:177.10.239.70 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-02e2db787a51689b:flow:e15db8dd7fed	SESSION-02e2db787a51689b → flow:e15db8dd7fed
FLOW_FROM_HOSTOBS	e:from:SESSION-6d3dc2c705a19d83:host:177.10.236.129	SESSION-6d3dc2c705a19d83 → host:177.10.236.129
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.87:asn:262880	host:177.10.235.87 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0b71b9d0133c3b30:SESSION-0b71b9d0133c3b30	SESSION-0b71b9d0133c3b30 → pe:tls:SESSION-0b71b9d0133c3b30
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-76d607ccf9e84136:flow:1d87a6e22a1b	SESSION-76d607ccf9e84136 → flow:1d87a6e22a1b
FLOW_TO_HOSTOBS	e:to:SESSION-98452f7d1a82c494:host:177.10.238.160	SESSION-98452f7d1a82c494 → host:177.10.238.160
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.134:geo_-16.28860_-49.01640	host:177.10.239.134 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:9239765cb326	flow:9239765cb326 → host:172.234.197.23 → host:131.196.30.45 → port:tcp:64581
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a16442ff0a72733c:flow:cbff49bcdc9a	SESSION-a16442ff0a72733c → flow:cbff49bcdc9a
FLOW_TO_HOSTOBS	e:to:SESSION-c382f6b8063de44f:host:172.234.197.23	SESSION-c382f6b8063de44f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-74f0d8e902dc1bc9:SESSION-74f0d8e902dc1bc9	SESSION-74f0d8e902dc1bc9 → pe:syn:SESSION-74f0d8e902dc1bc9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-67fb5a3b6b27b953:PCAP:capture_20260430160001:9bfa4498506a	SESSION-67fb5a3b6b27b953 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ee9ba8cae5cc2ab:flow:6c8243309e3c	SESSION-2ee9ba8cae5cc2ab → flow:6c8243309e3c
FLOW_TO_HOSTOBS	e:to:SESSION-5c3d3f3d87b7f1a0:host:172.234.197.23	SESSION-5c3d3f3d87b7f1a0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-486ff38c4390c341:host:54.201.244.199:host:172.234.197.23	SESSION-486ff38c4390c341 → host:54.201.244.199 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-330bec399d401574:host:131.196.30.252	SESSION-330bec399d401574 → host:131.196.30.252
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-893e080e65f2ed4f:host:172.234.197.23:host:131.196.31.144	SESSION-893e080e65f2ed4f → host:172.234.197.23 → host:131.196.31.144
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8cb528496ded9d11:flow:15a75a81c121	SESSION-8cb528496ded9d11 → flow:15a75a81c121
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e8ef5b0d475390b4:PCAP:capture_20260430150001:ded20914761d	SESSION-e8ef5b0d475390b4 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6abbbca78e64654:host:172.234.197.23	SESSION-e6abbbca78e64654 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb3e7e97aa8c76e6:host:131.196.29.116	SESSION-cb3e7e97aa8c76e6 → host:131.196.29.116
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-41d09b35a7c7bf56:SESSION-41d09b35a7c7bf56	SESSION-41d09b35a7c7bf56 → pe:syn:SESSION-41d09b35a7c7bf56
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.164:geo_-23.62930_-46.63510	host:131.196.29.164 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9485d3e307f01514:host:172.234.197.23:host:131.196.30.214	SESSION-9485d3e307f01514 → host:172.234.197.23 → host:131.196.30.214
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7caeaef261aefc4:host:172.234.197.23	SESSION-e7caeaef261aefc4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d32b9643240d8a79:host:177.10.239.42	SESSION-d32b9643240d8a79 → host:177.10.239.42
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fcb174e83803b1f7:host:172.234.197.23	SESSION-fcb174e83803b1f7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-764219a5db7d50bc:flow:ca9c9c940fe6	SESSION-764219a5db7d50bc → flow:ca9c9c940fe6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8bf7420041ec56c9:host:172.234.197.23	SESSION-8bf7420041ec56c9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fe2a9708180e5d71:flow:0642687a4af2	SESSION-fe2a9708180e5d71 → flow:0642687a4af2
flow_observed5-aryOBS	e:fo:flow:e3df5756ccbc	flow:e3df5756ccbc → host:131.196.31.77 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:e3e2cf6c78e9:port:tcp:443	flow:e3e2cf6c78e9 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:5cbd1147ed0a	flow:5cbd1147ed0a → host:172.234.197.23 → host:131.196.28.88 → port:tcp:28179
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2c7091281d7e2abc:host:177.10.234.6:host:172.234.197.23	SESSION-2c7091281d7e2abc → host:177.10.234.6 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f2f7ca9f61df30fd:flow:4bf01cc984d6	SESSION-f2f7ca9f61df30fd → flow:4bf01cc984d6
flow_observed5-aryOBS	e:fo:flow:910913aa1637	flow:910913aa1637 → host:177.10.236.231 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6bbf6176d0f5e38d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6bbf6176d0f5e38d → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:a4227b203ef7:port:tcp:56530	flow:a4227b203ef7 → port:tcp:56530
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b25c94efbacaf7d7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b25c94efbacaf7d7 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f5f3ac5dec394466:SESSION-f5f3ac5dec394466	SESSION-f5f3ac5dec394466 → pe:syn:SESSION-f5f3ac5dec394466
FLOW_TO_HOSTOBS	e:to:SESSION-9c36bc9032caa64b:host:172.234.197.23	SESSION-9c36bc9032caa64b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaa7799a31d50d65:host:177.10.239.209	SESSION-eaa7799a31d50d65 → host:177.10.239.209
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-957293060df71cd6:host:45.145.152.208	SESSION-957293060df71cd6 → host:45.145.152.208
FLOW_FROM_HOSTOBS	e:from:SESSION-853e897de6767cda:host:131.196.31.75	SESSION-853e897de6767cda → host:131.196.31.75
FLOW_TO_HOSTOBS	e:to:SESSION-ceaf5a04e9815b11:host:131.196.30.147	SESSION-ceaf5a04e9815b11 → host:131.196.30.147
FLOW_TO_HOSTOBS	e:to:SESSION-102bebe502918f62:host:131.196.30.150	SESSION-102bebe502918f62 → host:131.196.30.150
flow_observed5-aryOBS	e:fo:flow:0c2b465240e5	flow:0c2b465240e5 → host:177.10.232.22 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a79875656e67c68:host:177.10.233.98:host:172.234.197.23	SESSION-0a79875656e67c68 → host:177.10.233.98 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-200e4a8806f83581:PCAP:capture_20260428010001:b1b402c7b202	SESSION-200e4a8806f83581 → PCAP:capture_20260428010001:b1b402c7b202
HOST_IN_ASNOBS 85%	e:ha:host:95.135.228.17:asn:203771	host:95.135.228.17 → asn:203771
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-31cda31fe1b0dd07:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-31cda31fe1b0dd07 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4076f0f6734ca69:host:45.173.156.68	SESSION-d4076f0f6734ca69 → host:45.173.156.68
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6f0fa0972c78e2ef:SESSION-6f0fa0972c78e2ef	SESSION-6f0fa0972c78e2ef → pe:tls:SESSION-6f0fa0972c78e2ef
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8900744845bb6f3:host:172.234.197.23	SESSION-d8900744845bb6f3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-df8de933ba817d8f:host:185.231.226.101:host:172.234.197.23	SESSION-df8de933ba817d8f → host:185.231.226.101 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-105866a23abaa0d9:SESSION-105866a23abaa0d9	SESSION-105866a23abaa0d9 → pe:syn:SESSION-105866a23abaa0d9
FLOW_TO_HOSTOBS	e:to:SESSION-abc806ef9f1a9dce:host:177.10.234.180	SESSION-abc806ef9f1a9dce → host:177.10.234.180
FLOW_FROM_HOSTOBS	e:from:SESSION-c4e9a3a3a63cdb2e:host:45.173.156.223	SESSION-c4e9a3a3a63cdb2e → host:45.173.156.223
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ad4b86f4c7bfaae:SESSION-1ad4b86f4c7bfaae	SESSION-1ad4b86f4c7bfaae → pe:tls:SESSION-1ad4b86f4c7bfaae
FLOW_DST_PORTOBS	e:fp:flow:793550407790:port:tcp:443	flow:793550407790 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1bf280e9db7bb994:host:172.234.197.23	SESSION-1bf280e9db7bb994 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e1110b1e3871:port:tcp:11157	flow:e1110b1e3871 → port:tcp:11157
flow_observed5-aryOBS	e:fo:flow:d81e3896f245	flow:d81e3896f245 → host:131.196.29.164 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-46cfffaa3fdb7f1d:host:172.232.0.16	SESSION-46cfffaa3fdb7f1d → host:172.232.0.16
FLOW_DST_PORTOBS	e:fp:flow:be9255afc4b4:port:tcp:443	flow:be9255afc4b4 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:8350e26d0af7	flow:8350e26d0af7 → host:131.196.31.40 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:02fb45737a78	flow:02fb45737a78 → host:131.196.29.53 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-8739e7552ccb5cc0:host:172.234.197.23	SESSION-8739e7552ccb5cc0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bfc33587dc4bfad3:host:172.234.197.23	SESSION-bfc33587dc4bfad3 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.208:asn:203771	host:45.145.152.208 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b32f5a9266c1045d:SESSION-b32f5a9266c1045d	SESSION-b32f5a9266c1045d → pe:syn:SESSION-b32f5a9266c1045d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7caa5c0db9dc8d4:SESSION-b7caa5c0db9dc8d4	SESSION-b7caa5c0db9dc8d4 → pe:tls:SESSION-b7caa5c0db9dc8d4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-16b33dfc60975324:SESSION-16b33dfc60975324	SESSION-16b33dfc60975324 → pe:syn:SESSION-16b33dfc60975324
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-977a7c6dd83aa424:SESSION-977a7c6dd83aa424	SESSION-977a7c6dd83aa424 → pe:syn:SESSION-977a7c6dd83aa424
FLOW_FROM_HOSTOBS	e:from:SESSION-cf286e26fb783f2f:host:172.234.197.23	SESSION-cf286e26fb783f2f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-792b602eaec629a3:host:177.10.236.120	SESSION-792b602eaec629a3 → host:177.10.236.120
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.122:geo_-23.62930_-46.63510	host:131.196.29.122 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-866725b3664820db:flow:fac0f539a350	SESSION-866725b3664820db → flow:fac0f539a350
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.118:asn:262880	host:177.10.235.118 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d2ea88f589d3294:PCAP:capture_20260430070001:903a0e7a436b	SESSION-1d2ea88f589d3294 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e4cb96e9954f000:host:172.234.197.23	SESSION-2e4cb96e9954f000 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-413ea94c965ce051:PCAP:capture_20260430080001:93f47cc296a4	SESSION-413ea94c965ce051 → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.80:asn:262880	host:177.10.233.80 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:99460b559763:port:tcp:443	flow:99460b559763 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f00ab97ef4b401c8:PCAP:capture_20260430080001:93f47cc296a4	SESSION-f00ab97ef4b401c8 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-570ccd324c759306:host:131.196.30.43	SESSION-570ccd324c759306 → host:131.196.30.43
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34da31e596580b61:host:177.10.235.46	SESSION-34da31e596580b61 → host:177.10.235.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-421b35b56ec8b984:SESSION-421b35b56ec8b984	SESSION-421b35b56ec8b984 → pe:syn:SESSION-421b35b56ec8b984
FLOW_DST_PORTOBS	e:fp:flow:86186a8a1700:port:tcp:443	flow:86186a8a1700 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:0d640ebd0e77:port:tcp:58760	flow:0d640ebd0e77 → port:tcp:58760
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-41eaa3dd80eab155:host:45.173.156.193:host:172.234.197.23	SESSION-41eaa3dd80eab155 → host:45.173.156.193 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:51.210.99.95:asn:16276	host:51.210.99.95 → asn:16276
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a9beff4b34540729:flow:f20bf7e667e6	SESSION-a9beff4b34540729 → flow:f20bf7e667e6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b9a69c63a7b588de:host:131.196.31.151:host:172.234.197.23	SESSION-b9a69c63a7b588de → host:131.196.31.151 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a52e56259536:port:tcp:443	flow:a52e56259536 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d1d152bdff2d4d10:SESSION-d1d152bdff2d4d10	SESSION-d1d152bdff2d4d10 → pe:syn:SESSION-d1d152bdff2d4d10
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0485e2f41480d0ab:flow:a7c0fd7040b0	SESSION-0485e2f41480d0ab → flow:a7c0fd7040b0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fdee4339c7caabb6:host:172.234.197.23:host:177.10.234.98	SESSION-fdee4339c7caabb6 → host:172.234.197.23 → host:177.10.234.98
FLOW_FROM_HOSTOBS	e:from:SESSION-660bfab63a10a518:host:177.10.234.68	SESSION-660bfab63a10a518 → host:177.10.234.68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-161d2a74a24978d6:host:37.187.136.36	SESSION-161d2a74a24978d6 → host:37.187.136.36
FLOW_TO_HOSTOBS	e:to:SESSION-23264de44b7cb73c:host:172.234.197.23	SESSION-23264de44b7cb73c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8e3933798ce80a4c:host:172.234.197.23:host:177.10.234.120	SESSION-8e3933798ce80a4c → host:172.234.197.23 → host:177.10.234.120
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-85a8f577301970a2:SESSION-85a8f577301970a2	SESSION-85a8f577301970a2 → pe:syn:SESSION-85a8f577301970a2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-18e7a18371a0d1bf:host:172.234.197.23	SESSION-18e7a18371a0d1bf → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.84:geo_-23.62930_-46.63510	host:131.196.30.84 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-52e1254f2f15b333:host:172.234.197.23	SESSION-52e1254f2f15b333 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-312b2e72c1d2a2ee:flow:9301d7981011	SESSION-312b2e72c1d2a2ee → flow:9301d7981011
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.56:asn:262880	host:177.10.239.56 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.144:asn:271410	host:131.196.29.144 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac69dcbefbb93dfd:host:131.196.28.167	SESSION-ac69dcbefbb93dfd → host:131.196.28.167
FLOW_FROM_HOSTOBS	e:from:SESSION-3d1337acddb52863:host:172.234.197.23	SESSION-3d1337acddb52863 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1624b178b88eb54d:host:131.196.30.245	SESSION-1624b178b88eb54d → host:131.196.30.245
FLOW_DST_PORTOBS	e:fp:flow:2edaf935b546:port:tcp:40321	flow:2edaf935b546 → port:tcp:40321
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-27ea3c16306f2f5f:flow:a2b1476066ca	SESSION-27ea3c16306f2f5f → flow:a2b1476066ca
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e652971bc7c2d2d5:SESSION-e652971bc7c2d2d5	SESSION-e652971bc7c2d2d5 → pe:tls:SESSION-e652971bc7c2d2d5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-01744e272bba469d:SESSION-01744e272bba469d	SESSION-01744e272bba469d → pe:syn:SESSION-01744e272bba469d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77e1145855a55905:host:131.196.31.121:host:172.234.197.23	SESSION-77e1145855a55905 → host:131.196.31.121 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-67e118b3ac1b9481:host:177.10.233.196	SESSION-67e118b3ac1b9481 → host:177.10.233.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-985c12f522f7e9ff:host:131.196.28.129	SESSION-985c12f522f7e9ff → host:131.196.28.129
FLOW_TO_HOSTOBS	e:to:SESSION-6bbf6176d0f5e38d:host:172.234.197.23	SESSION-6bbf6176d0f5e38d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-d4992d20c4573840:SESSION-d4992d20c4573840	SESSION-d4992d20c4573840 → pe:rst:SESSION-d4992d20c4573840
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d8c0a98b52014301:SESSION-d8c0a98b52014301	SESSION-d8c0a98b52014301 → pe:tls:SESSION-d8c0a98b52014301
FLOW_TO_HOSTOBS	e:to:SESSION-e405c5dfa444c3be:host:172.234.197.23	SESSION-e405c5dfa444c3be → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bc57d45d1a1b2f7b:host:172.234.197.23	SESSION-bc57d45d1a1b2f7b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0da9d7ff41780d23:flow:8fa60a20bddb	SESSION-0da9d7ff41780d23 → flow:8fa60a20bddb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0f329fce2004d812:host:172.234.197.23	SESSION-0f329fce2004d812 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a82c7f51b8bc2f4f:host:172.234.197.23	SESSION-a82c7f51b8bc2f4f → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.137:asn:262880	host:177.10.235.137 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.195:asn:271410	host:131.196.30.195 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-208c35e6fa834cd1:host:172.234.197.23	SESSION-208c35e6fa834cd1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ee2f1f025d37aa07:SESSION-ee2f1f025d37aa07	SESSION-ee2f1f025d37aa07 → pe:tls:SESSION-ee2f1f025d37aa07
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8d58c039fa1a1304:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-8d58c039fa1a1304 → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7a9739ecc8b00e90:PCAP:capture_20260430060001:919b39a74464	SESSION-7a9739ecc8b00e90 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-06294e5a27c1af9a:flow:d35acae39da6	SESSION-06294e5a27c1af9a → flow:d35acae39da6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ade0b807fe10f93e:flow:759bd79056de	SESSION-ade0b807fe10f93e → flow:759bd79056de
FLOW_TO_HOSTOBS	e:to:SESSION-21cd302cb5783965:host:177.10.232.182	SESSION-21cd302cb5783965 → host:177.10.232.182
FLOW_DST_PORTOBS	e:fp:flow:a1c10d36ceb1:port:udp:53	flow:a1c10d36ceb1 → port:udp:53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9e87c1bf59f6ff4a:host:172.234.197.23:host:177.10.238.208	SESSION-9e87c1bf59f6ff4a → host:172.234.197.23 → host:177.10.238.208
FLOW_TO_HOSTOBS	e:to:SESSION-418ea5f834fbfdc6:host:177.10.238.221	SESSION-418ea5f834fbfdc6 → host:177.10.238.221
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-03cfd9b1d0f62704:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-03cfd9b1d0f62704 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be95a34ad4eedb81:host:172.234.197.23	SESSION-be95a34ad4eedb81 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:808ab10b9fcf	flow:808ab10b9fcf → host:177.10.239.102 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eba362425495480d:SESSION-eba362425495480d	SESSION-eba362425495480d → pe:tls:SESSION-eba362425495480d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-61838f073a9a90b1:SESSION-61838f073a9a90b1	SESSION-61838f073a9a90b1 → pe:tls:SESSION-61838f073a9a90b1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.175:geo_-16.28860_-49.01640	host:177.10.239.175 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b1b714ce8916a149:PCAP:capture_20260430150001:ded20914761d	SESSION-b1b714ce8916a149 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-61aa57a35ec0da02:host:177.10.236.22	SESSION-61aa57a35ec0da02 → host:177.10.236.22
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8136a084d82536a6:host:95.135.228.10:host:172.234.197.23	SESSION-8136a084d82536a6 → host:95.135.228.10 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3a7aee779f8a:port:tcp:37603	flow:3a7aee779f8a → port:tcp:37603
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.126:geo_-23.62930_-46.63510	host:131.196.30.126 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c2474adee374207e:host:172.234.197.23:host:131.196.31.98	SESSION-c2474adee374207e → host:172.234.197.23 → host:131.196.31.98
FLOW_TO_HOSTOBS	e:to:SESSION-2387fa1f153c5b33:host:172.234.197.23	SESSION-2387fa1f153c5b33 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-81c3f53ebeacb521:host:172.234.197.23	SESSION-81c3f53ebeacb521 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3675340578297917:host:172.234.197.23:host:131.196.28.205	SESSION-3675340578297917 → host:172.234.197.23 → host:131.196.28.205
FLOW_FROM_HOSTOBS	e:from:SESSION-e3944d5014504521:host:37.221.79.250	SESSION-e3944d5014504521 → host:37.221.79.250
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-873a01bbf1ba0d09:SESSION-873a01bbf1ba0d09	SESSION-873a01bbf1ba0d09 → pe:tls:SESSION-873a01bbf1ba0d09
FLOW_TO_HOSTOBS	e:to:SESSION-c78f1de05120efd8:host:172.234.197.23	SESSION-c78f1de05120efd8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8f5b7d4cd5351b11:PCAP:capture_20260430090001:065659c7d314	SESSION-8f5b7d4cd5351b11 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:89e07491d359	flow:89e07491d359 → host:177.10.237.192 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:0dd04f1a7f99:port:tcp:443	flow:0dd04f1a7f99 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-760c61036eedf2e4:host:172.234.197.23	SESSION-760c61036eedf2e4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bdbc33b564dc3f1f:host:172.234.197.23	SESSION-bdbc33b564dc3f1f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dc82e917a0ac0289:SESSION-dc82e917a0ac0289	SESSION-dc82e917a0ac0289 → pe:tls:SESSION-dc82e917a0ac0289
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.240:geo_-23.62930_-46.63510	host:131.196.29.240 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2bcd65d8e62fc5a1:SESSION-2bcd65d8e62fc5a1	SESSION-2bcd65d8e62fc5a1 → pe:tls:SESSION-2bcd65d8e62fc5a1
FLOW_FROM_HOSTOBS	e:from:SESSION-8e3ae4e48a37cfd6:host:131.196.31.183	SESSION-8e3ae4e48a37cfd6 → host:131.196.31.183
flow_observed4-aryOBS	e:fo:flow:d10d98940d27	flow:d10d98940d27 → host:172.234.197.23 → host:177.10.235.210 → port:tcp:58108
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.196:geo_-16.28860_-49.01640	host:177.10.232.196 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1aa9055f8e3197b:host:131.196.30.181	SESSION-c1aa9055f8e3197b → host:131.196.30.181
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.52:asn:262880	host:177.10.234.52 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-1624b178b88eb54d:host:172.234.197.23	SESSION-1624b178b88eb54d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:415a498bc6a3:port:tcp:443	flow:415a498bc6a3 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-721df94622c41f42:host:172.234.197.23	SESSION-721df94622c41f42 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-63f078b7cf539982:host:172.234.197.23	SESSION-63f078b7cf539982 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d83a9aba23a117e:host:131.196.30.41	SESSION-6d83a9aba23a117e → host:131.196.30.41
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ca027ca401d4d122:host:177.10.232.181:host:172.234.197.23	SESSION-ca027ca401d4d122 → host:177.10.232.181 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2091e87bc96ca173:host:131.196.29.25	SESSION-2091e87bc96ca173 → host:131.196.29.25
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6bca989f2c390047:host:172.234.197.23:host:131.196.28.165	SESSION-6bca989f2c390047 → host:172.234.197.23 → host:131.196.28.165
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c54c8f2f9fead0c6:SESSION-c54c8f2f9fead0c6	SESSION-c54c8f2f9fead0c6 → pe:tls:SESSION-c54c8f2f9fead0c6
FLOW_FROM_HOSTOBS	e:from:SESSION-360f4972fec5b7e0:host:95.170.25.152	SESSION-360f4972fec5b7e0 → host:95.170.25.152
flow_observed5-aryOBS	e:fo:flow:fada604550b4	flow:fada604550b4 → host:131.196.31.34 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:ef6fcd3714b8:port:tcp:443	flow:ef6fcd3714b8 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85f4ab9e3ed21fa2:PCAP:capture_20260430080001:93f47cc296a4	SESSION-85f4ab9e3ed21fa2 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-799494d5bb605f27:SESSION-799494d5bb605f27	SESSION-799494d5bb605f27 → pe:tls:SESSION-799494d5bb605f27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e38f46dc000b6625:SESSION-e38f46dc000b6625	SESSION-e38f46dc000b6625 → pe:syn:SESSION-e38f46dc000b6625
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c0ceaca72bbee92:host:172.234.197.23	SESSION-4c0ceaca72bbee92 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-20c0393579af9382:SESSION-20c0393579af9382	SESSION-20c0393579af9382 → pe:syn:SESSION-20c0393579af9382
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2f9ea4c8ad78eb8e:flow:be87ba4036a8	SESSION-2f9ea4c8ad78eb8e → flow:be87ba4036a8
FLOW_DST_PORTOBS	e:fp:flow:13de59122b35:port:tcp:443	flow:13de59122b35 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-424fe4b4ecc22e45:host:131.196.31.122	SESSION-424fe4b4ecc22e45 → host:131.196.31.122
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-09e72a02b44d9649:flow:2fa17bc807ba	SESSION-09e72a02b44d9649 → flow:2fa17bc807ba
FLOW_FROM_HOSTOBS	e:from:SESSION-65fda4a5b580780a:host:172.234.197.23	SESSION-65fda4a5b580780a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-543230bb149abbcc:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-543230bb149abbcc → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-191997595ec6754e:host:172.234.197.23	SESSION-191997595ec6754e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f55570dc615df23a:SESSION-f55570dc615df23a	SESSION-f55570dc615df23a → pe:syn:SESSION-f55570dc615df23a
FLOW_DST_PORTOBS	e:fp:flow:8a0c1a3cc10c:port:tcp:5510	flow:8a0c1a3cc10c → port:tcp:5510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.86:geo_41.02140_28.99480	host:37.221.79.86 → geo_41.02140_28.99480
FLOW_DST_PORTOBS	e:fp:flow:e9d52fc0a395:port:tcp:443	flow:e9d52fc0a395 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-122af33beaf7e9c5:host:131.196.29.114	SESSION-122af33beaf7e9c5 → host:131.196.29.114
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9d2d17a1375ada26:flow:aa2d87ef9ebe	SESSION-9d2d17a1375ada26 → flow:aa2d87ef9ebe
FLOW_DST_PORTOBS	e:fp:flow:1be9a91b56b4:port:tcp:443	flow:1be9a91b56b4 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.186:geo_-16.28860_-49.01640	host:177.10.232.186 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-a22fc187bcc4d705:host:45.173.156.116	SESSION-a22fc187bcc4d705 → host:45.173.156.116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ce2f2546c044634:host:172.234.197.23	SESSION-8ce2f2546c044634 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2fb82c7d6bf2	flow:2fb82c7d6bf2 → host:177.10.239.129 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-040c9c1730fd990c:host:172.234.197.23	SESSION-040c9c1730fd990c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a810a8703b9c77f1:host:131.196.30.254:host:172.234.197.23	SESSION-a810a8703b9c77f1 → host:131.196.30.254 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b22f1be22326dd94:host:54.200.68.109	SESSION-b22f1be22326dd94 → host:54.200.68.109
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.112:geo_-16.28860_-49.01640	host:177.10.236.112 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.202:geo_-21.10010_-41.69200	host:45.173.156.202 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5c439db2cd1990c9:PCAP:capture_20260430110001:43611bdf6759	SESSION-5c439db2cd1990c9 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-664631b6c582f1f7:host:177.10.236.86:host:172.234.197.23	SESSION-664631b6c582f1f7 → host:177.10.236.86 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:710d7a94d133:port:tcp:443	flow:710d7a94d133 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:bfd00da90046	flow:bfd00da90046 → host:172.234.197.23 → host:131.196.30.81 → port:tcp:51942
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-22f2328c9f1b641e:SESSION-22f2328c9f1b641e	SESSION-22f2328c9f1b641e → pe:syn:SESSION-22f2328c9f1b641e
FLOW_TO_HOSTOBS	e:to:SESSION-3a6f73143abd0c86:host:172.234.197.23	SESSION-3a6f73143abd0c86 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73ce8b7b43538e4e:host:172.234.197.23	SESSION-73ce8b7b43538e4e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-79f857f82eac6daa:host:177.10.239.56:host:172.234.197.23	SESSION-79f857f82eac6daa → host:177.10.239.56 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3a99ef89e8b00159:host:172.234.197.23	SESSION-3a99ef89e8b00159 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b41193c920cf:port:tcp:443	flow:b41193c920cf → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-79b570e2589cf059:PCAP:capture_20260430160001:9bfa4498506a	SESSION-79b570e2589cf059 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d2ec4538209fcf12:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d2ec4538209fcf12 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed4-aryOBS	e:fo:flow:099a35dadd87	flow:099a35dadd87 → host:172.234.197.23 → host:177.10.235.227 → port:tcp:35172
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c05cd50533aa04ad:SESSION-c05cd50533aa04ad	SESSION-c05cd50533aa04ad → pe:syn:SESSION-c05cd50533aa04ad
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a7cfd4f435147ff3:SESSION-a7cfd4f435147ff3	SESSION-a7cfd4f435147ff3 → pe:syn:SESSION-a7cfd4f435147ff3
FLOW_TO_HOSTOBS	e:to:SESSION-d82ce6b730f5fc6b:host:172.234.197.23	SESSION-d82ce6b730f5fc6b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cdfe5014ffcf69db:host:172.234.197.23	SESSION-cdfe5014ffcf69db → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.219:asn:262880	host:177.10.234.219 → asn:262880
flow_observed4-aryOBS	e:fo:flow:f58dd69d84b4	flow:f58dd69d84b4 → host:172.234.197.23 → host:177.10.236.7 → port:tcp:22604
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e28b3ef52579af3b:host:172.234.197.23:host:177.10.232.155	SESSION-e28b3ef52579af3b → host:172.234.197.23 → host:177.10.232.155
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-19279b7c3b267599:flow:bf734c94e9b1	SESSION-19279b7c3b267599 → flow:bf734c94e9b1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a33620a262b3196:PCAP:capture_20260430080001:93f47cc296a4	SESSION-4a33620a262b3196 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96eb62897cd314d5:PCAP:capture_20260430050001:8868731bf8a4	SESSION-96eb62897cd314d5 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-f5bb0fb568e127c0:host:172.234.197.23	SESSION-f5bb0fb568e127c0 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-671350c0b0fa8f65:flow:f1d4144b7eed	SESSION-671350c0b0fa8f65 → flow:f1d4144b7eed
FLOW_DST_PORTOBS	e:fp:flow:0d294bd2ee74:port:tcp:30980	flow:0d294bd2ee74 → port:tcp:30980
FLOW_TO_HOSTOBS	e:to:SESSION-23c159d0ddd6e1cb:host:172.93.100.236	SESSION-23c159d0ddd6e1cb → host:172.93.100.236
FLOW_TO_HOSTOBS	e:to:SESSION-e883c2ce63ee6e05:host:172.232.0.16	SESSION-e883c2ce63ee6e05 → host:172.232.0.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-74fa9a10a5811b00:PCAP:capture_20260430070001:903a0e7a436b	SESSION-74fa9a10a5811b00 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-e8e2f8ae5ea03a25:host:177.10.234.187	SESSION-e8e2f8ae5ea03a25 → host:177.10.234.187
FLOW_TO_HOSTOBS	e:to:SESSION-65fda4a5b580780a:host:177.10.239.139	SESSION-65fda4a5b580780a → host:177.10.239.139
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-73c4b3cbea42a394:SESSION-73c4b3cbea42a394	SESSION-73c4b3cbea42a394 → pe:rst:SESSION-73c4b3cbea42a394
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8466bbcc058d46c:host:172.234.197.23	SESSION-c8466bbcc058d46c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ec00857ef12f8e7e:flow:d2c3d6be302a	SESSION-ec00857ef12f8e7e → flow:d2c3d6be302a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2f278495c163e84d:flow:08b78d4a079b	SESSION-2f278495c163e84d → flow:08b78d4a079b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-7ff9648a7e097bde:SESSION-7ff9648a7e097bde	SESSION-7ff9648a7e097bde → pe:rst:SESSION-7ff9648a7e097bde
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8663c7c8fd51be8d:host:177.10.238.146:host:172.234.197.23	SESSION-8663c7c8fd51be8d → host:177.10.238.146 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e331ebe372f514c8:host:172.234.197.23	SESSION-e331ebe372f514c8 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:2.57.121.112:asn:47890	host:2.57.121.112 → asn:47890
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-122d3bc093be76f2:host:172.234.197.23:host:131.196.29.226	SESSION-122d3bc093be76f2 → host:172.234.197.23 → host:131.196.29.226
flow_observed5-aryOBS	e:fo:flow:33b730478383	flow:33b730478383 → host:177.10.237.49 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:975970d47051	flow:975970d47051 → host:177.10.233.53 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-884df81342ed3b04:host:177.10.239.24	SESSION-884df81342ed3b04 → host:177.10.239.24
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-797ddf76fc257ebf:host:172.234.197.23	SESSION-797ddf76fc257ebf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d8938c8d43c3c288:SESSION-d8938c8d43c3c288	SESSION-d8938c8d43c3c288 → pe:syn:SESSION-d8938c8d43c3c288
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-911659ba7d4041d9:SESSION-911659ba7d4041d9	SESSION-911659ba7d4041d9 → pe:tls:SESSION-911659ba7d4041d9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-23b772dcd58e4ef3:host:177.10.234.146:host:172.234.197.23	SESSION-23b772dcd58e4ef3 → host:177.10.234.146 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:fc065ce7b22b	flow:fc065ce7b22b → host:131.196.28.18 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:172.234.197.23:asn:63949	host:172.234.197.23 → asn:63949
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-01ac49b549a49417:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-01ac49b549a49417 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-738e0b0c3dd2dd03:PCAP:capture_20260430080001:93f47cc296a4	SESSION-738e0b0c3dd2dd03 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0ea34ef73cf330d2:flow:a342d49689c0	SESSION-0ea34ef73cf330d2 → flow:a342d49689c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ce2f2546c044634:host:131.196.30.81	SESSION-8ce2f2546c044634 → host:131.196.30.81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b73c5a859c05f554:SESSION-b73c5a859c05f554	SESSION-b73c5a859c05f554 → pe:syn:SESSION-b73c5a859c05f554
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.145:geo_19.07480_72.88560	host:45.145.152.145 → geo_19.07480_72.88560
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.228:geo_-16.28860_-49.01640	host:177.10.238.228 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78d87c88323785f9:host:177.10.235.169	SESSION-78d87c88323785f9 → host:177.10.235.169
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-19f74a6b62d527a5:SESSION-19f74a6b62d527a5	SESSION-19f74a6b62d527a5 → pe:syn:SESSION-19f74a6b62d527a5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c56dcfb05d3a50ba:host:172.234.197.23	SESSION-c56dcfb05d3a50ba → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.142:asn:271410	host:131.196.28.142 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81ef982aa5449fd9:host:172.234.197.23	SESSION-81ef982aa5449fd9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4cc2e8571100ea2b:SESSION-4cc2e8571100ea2b	SESSION-4cc2e8571100ea2b → pe:tls:SESSION-4cc2e8571100ea2b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-85d2db504e73f17a:SESSION-85d2db504e73f17a	SESSION-85d2db504e73f17a → pe:syn:SESSION-85d2db504e73f17a
FLOW_DST_PORTOBS	e:fp:flow:4a2e0a063a42:port:tcp:443	flow:4a2e0a063a42 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-e3944d5014504521:SESSION-e3944d5014504521	SESSION-e3944d5014504521 → pe:rst:SESSION-e3944d5014504521
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84d24c52e1f02eee:host:172.234.197.23	SESSION-84d24c52e1f02eee → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97957d43d677156c:host:64.237.250.51	SESSION-97957d43d677156c → host:64.237.250.51
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a33a5bbd98f17a5b:flow:2ef52da787e3	SESSION-a33a5bbd98f17a5b → flow:2ef52da787e3
FLOW_TO_HOSTOBS	e:to:SESSION-84d5ccfdbe119076:host:172.234.197.23	SESSION-84d5ccfdbe119076 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ad7ae70426d3354:host:131.196.28.223	SESSION-5ad7ae70426d3354 → host:131.196.28.223
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0ad9c0df7a65aa03:SESSION-0ad9c0df7a65aa03	SESSION-0ad9c0df7a65aa03 → pe:tls:SESSION-0ad9c0df7a65aa03
FLOW_DST_PORTOBS	e:fp:flow:aa5d832c70b6:port:tcp:443	flow:aa5d832c70b6 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d4076f0f6734ca69:SESSION-d4076f0f6734ca69	SESSION-d4076f0f6734ca69 → pe:tls:SESSION-d4076f0f6734ca69
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-affea3171060a6d3:PCAP:capture_20260430060001:919b39a74464	SESSION-affea3171060a6d3 → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.116:asn:262880	host:177.10.238.116 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6f0fa0972c78e2ef:flow:b869e54127ed	SESSION-6f0fa0972c78e2ef → flow:b869e54127ed
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fb520d5460f73062:flow:2f7459dc5743	SESSION-fb520d5460f73062 → flow:2f7459dc5743
FLOW_DST_PORTOBS	e:fp:flow:ea0185f782a2:port:tcp:19261	flow:ea0185f782a2 → port:tcp:19261
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.8:asn:271410	host:131.196.30.8 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-71917de89d264496:host:45.173.156.172	SESSION-71917de89d264496 → host:45.173.156.172
FLOW_DST_PORTOBS	e:fp:flow:9bcbacd42ba6:port:tcp:443	flow:9bcbacd42ba6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f1e9c5398b5e18f4:host:131.196.28.198	SESSION-f1e9c5398b5e18f4 → host:131.196.28.198
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb88b05b3590e26e:SESSION-cb88b05b3590e26e	SESSION-cb88b05b3590e26e → pe:syn:SESSION-cb88b05b3590e26e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7a65c242582e5e81:flow:6542cea94835	SESSION-7a65c242582e5e81 → flow:6542cea94835
FLOW_FROM_HOSTOBS	e:from:SESSION-27c94fb85f37f774:host:131.196.29.231	SESSION-27c94fb85f37f774 → host:131.196.29.231
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5a17077467e1bba6:host:177.10.237.111:host:172.234.197.23	SESSION-5a17077467e1bba6 → host:177.10.237.111 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3922a7adf516:port:tcp:30380	flow:3922a7adf516 → port:tcp:30380
flow_observed5-aryOBS	e:fo:flow:09496ce57c77	flow:09496ce57c77 → host:177.10.239.39 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4385c2f73c2ee0db:PCAP:capture_20260430090001:065659c7d314	SESSION-4385c2f73c2ee0db → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9b9695896cdce250:PCAP:capture_20260428010001:b1b402c7b202	SESSION-9b9695896cdce250 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3643dbad405bac1:host:131.196.28.28	SESSION-a3643dbad405bac1 → host:131.196.28.28
FLOW_TO_HOSTOBS	e:to:SESSION-c491b8c96ce6e8c2:host:172.234.197.23	SESSION-c491b8c96ce6e8c2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-06814c349a39e79e:host:172.234.197.23:host:45.173.156.153	SESSION-06814c349a39e79e → host:172.234.197.23 → host:45.173.156.153
flow_observed5-aryOBS	e:fo:flow:8bff9dd47a10	flow:8bff9dd47a10 → host:177.10.234.126 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.34:asn:262880	host:177.10.234.34 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4ddb6310055a59be:SESSION-4ddb6310055a59be	SESSION-4ddb6310055a59be → pe:syn:SESSION-4ddb6310055a59be
FLOW_DST_PORTOBS	e:fp:flow:353f98464a41:port:tcp:443	flow:353f98464a41 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-abc64529b37d4840:host:97.139.12.85:host:172.234.197.23	SESSION-abc64529b37d4840 → host:97.139.12.85 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-875fd6bdbe4ae339:host:172.234.197.23	SESSION-875fd6bdbe4ae339 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0f21a1d46f067dc:host:177.10.236.213:host:172.234.197.23	SESSION-c0f21a1d46f067dc → host:177.10.236.213 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2e316662e5f9d5ce:host:172.234.197.23:host:131.196.30.143	SESSION-2e316662e5f9d5ce → host:172.234.197.23 → host:131.196.30.143
FLOW_TO_HOSTOBS	e:to:SESSION-e6a07ad54f9ab5f8:host:177.10.236.32	SESSION-e6a07ad54f9ab5f8 → host:177.10.236.32
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-28ea3e411a2de5c2:PCAP:capture_20260430080001:93f47cc296a4	SESSION-28ea3e411a2de5c2 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-c766f181ead012ae:host:172.234.197.23	SESSION-c766f181ead012ae → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77c4b389d95f1453:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-77c4b389d95f1453 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65d181126b4cfd8f:host:177.10.236.12	SESSION-65d181126b4cfd8f → host:177.10.236.12
flow_observed5-aryOBS	e:fo:flow:bd73033b18da	flow:bd73033b18da → host:177.10.238.172 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-542567c32b647819:host:131.196.29.129	SESSION-542567c32b647819 → host:131.196.29.129
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb5021014b7af5cb:host:177.10.234.143	SESSION-bb5021014b7af5cb → host:177.10.234.143
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-179845184e318961:SESSION-179845184e318961	SESSION-179845184e318961 → pe:syn:SESSION-179845184e318961
FLOW_DST_PORTOBS	e:fp:flow:554b73d85e05:port:tcp:443	flow:554b73d85e05 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.107:geo_-16.28860_-49.01640	host:177.10.238.107 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f910dce05c4c16f4:PCAP:capture_20260430090001:065659c7d314	SESSION-f910dce05c4c16f4 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4dda4cfeb9223891:host:45.145.152.245:host:172.234.197.23	SESSION-4dda4cfeb9223891 → host:45.145.152.245 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1ac3ec916046:port:tcp:14376	flow:1ac3ec916046 → port:tcp:14376
FLOW_FROM_HOSTOBS	e:from:SESSION-b4020db38e68a457:host:172.234.197.23	SESSION-b4020db38e68a457 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e9b874351d52a188:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e9b874351d52a188 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.56:geo_-16.28860_-49.01640	host:177.10.239.56 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cef4b415a72da702:PCAP:capture_20260430090001:065659c7d314	SESSION-cef4b415a72da702 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-924a4e21bceaf0d1:host:177.10.235.120	SESSION-924a4e21bceaf0d1 → host:177.10.235.120
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77abcf8d7f3aee2e:PCAP:capture_20260430080001:93f47cc296a4	SESSION-77abcf8d7f3aee2e → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-398d13acd4a88a37:host:172.234.197.23:host:172.232.0.17	SESSION-398d13acd4a88a37 → host:172.234.197.23 → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-a5381df0c70f3b63:host:177.10.232.66	SESSION-a5381df0c70f3b63 → host:177.10.232.66
FLOW_DST_PORTOBS	e:fp:flow:5c24a41a15ce:port:tcp:55117	flow:5c24a41a15ce → port:tcp:55117
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5eed95be9c1a7022:host:131.196.29.33	SESSION-5eed95be9c1a7022 → host:131.196.29.33
FLOW_DST_PORTOBS	e:fp:flow:daa25e0a33bc:port:tcp:443	flow:daa25e0a33bc → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96f4af5cf9f3425a:host:172.234.197.23	SESSION-96f4af5cf9f3425a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.111:geo_-16.28860_-49.01640	host:177.10.237.111 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3edcc633e4f5b2c:host:131.196.28.2	SESSION-b3edcc633e4f5b2c → host:131.196.28.2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-574ff4efae76e1f7:host:172.234.197.23	SESSION-574ff4efae76e1f7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-46290f7655d18c8b:host:172.234.197.23	SESSION-46290f7655d18c8b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5227bbafa149:port:tcp:80	flow:5227bbafa149 → port:tcp:80
FLOW_FROM_HOSTOBS	e:from:SESSION-825be4419cbefff8:host:177.10.239.81	SESSION-825be4419cbefff8 → host:177.10.239.81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0dea31b94d7dde57:SESSION-0dea31b94d7dde57	SESSION-0dea31b94d7dde57 → pe:tls:SESSION-0dea31b94d7dde57
FLOW_DST_PORTOBS	e:fp:flow:8ee9465bb257:port:tcp:443	flow:8ee9465bb257 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4defafdd27769097:host:92.112.71.232	SESSION-4defafdd27769097 → host:92.112.71.232
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1fdaf54c444b72c0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1fdaf54c444b72c0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c92acfae26c49330:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c92acfae26c49330 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-69a0e56e6767912e:SESSION-69a0e56e6767912e	SESSION-69a0e56e6767912e → pe:syn:SESSION-69a0e56e6767912e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e0a730d87d8b98f3:host:177.10.234.46	SESSION-e0a730d87d8b98f3 → host:177.10.234.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96d412735d478f25:SESSION-96d412735d478f25	SESSION-96d412735d478f25 → pe:syn:SESSION-96d412735d478f25
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5958a673e968588:host:185.231.226.214	SESSION-f5958a673e968588 → host:185.231.226.214
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c2474adee374207e:flow:fc7297e72fc8	SESSION-c2474adee374207e → flow:fc7297e72fc8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57494845d8eca477:host:177.10.232.255	SESSION-57494845d8eca477 → host:177.10.232.255
FLOW_DST_PORTOBS	e:fp:flow:745dc28faeae:port:tcp:55966	flow:745dc28faeae → port:tcp:55966
FLOW_TO_HOSTOBS	e:to:SESSION-dad0ff120323eed1:host:177.10.237.227	SESSION-dad0ff120323eed1 → host:177.10.237.227
FLOW_FROM_HOSTOBS	e:from:SESSION-d36b613f081e74cb:host:177.10.239.106	SESSION-d36b613f081e74cb → host:177.10.239.106
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-46f70ffa54883bab:PCAP:capture_20260430160001:9bfa4498506a	SESSION-46f70ffa54883bab → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e6a5c0858fcd0d09:flow:5a2ec532c0b9	SESSION-e6a5c0858fcd0d09 → flow:5a2ec532c0b9
flow_observed5-aryOBS	e:fo:flow:b157c7895367	flow:b157c7895367 → host:177.10.239.115 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b53b1a2dc18d6354:host:103.155.16.117:host:172.234.197.23	SESSION-b53b1a2dc18d6354 → host:103.155.16.117 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-11641f941720f4cf:host:172.234.197.23	SESSION-11641f941720f4cf → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1362b7f51908925c:host:172.234.197.23	SESSION-1362b7f51908925c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f718f291e0c401d5:host:172.234.197.23	SESSION-f718f291e0c401d5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-45775bc626dbc608:SESSION-45775bc626dbc608	SESSION-45775bc626dbc608 → pe:syn:SESSION-45775bc626dbc608
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f479797471e82d6b:host:177.10.233.121	SESSION-f479797471e82d6b → host:177.10.233.121
flow_observed4-aryOBS	e:fo:flow:84d4e523a6b1	flow:84d4e523a6b1 → host:172.234.197.23 → host:177.10.235.1 → port:tcp:33682
FLOW_DST_PORTOBS	e:fp:flow:a6559ee3f3b7:port:tcp:443	flow:a6559ee3f3b7 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-dd4c16dfff279521:host:172.234.197.23	SESSION-dd4c16dfff279521 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2035a3586bc1f35f:host:172.234.197.23	SESSION-2035a3586bc1f35f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-074c4a6b1ee06430:host:177.10.235.122	SESSION-074c4a6b1ee06430 → host:177.10.235.122
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-e7a6b146488afb43:BSG-BEACON-d4175b7190c4	SESSION-e7a6b146488afb43 → BSG-BEACON-d4175b7190c4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-256da911109eccd4:flow:c75999244606	SESSION-256da911109eccd4 → flow:c75999244606
flow_observed5-aryOBS	e:fo:flow:e8e30e710466	flow:e8e30e710466 → host:177.10.239.102 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ea34ef73cf330d2:host:177.10.235.58	SESSION-0ea34ef73cf330d2 → host:177.10.235.58
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-306afa7fa31a1f87:host:172.234.197.23:host:131.196.28.176	SESSION-306afa7fa31a1f87 → host:172.234.197.23 → host:131.196.28.176
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a498324f9fce7e9:host:177.10.239.11:host:172.234.197.23	SESSION-0a498324f9fce7e9 → host:177.10.239.11 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2824f9b79e0fb1f1:host:131.196.29.50	SESSION-2824f9b79e0fb1f1 → host:131.196.29.50
FLOW_TO_HOSTOBS	e:to:SESSION-7e6f5f35bde9b3d2:host:177.10.238.124	SESSION-7e6f5f35bde9b3d2 → host:177.10.238.124
flow_observed4-aryOBS	e:fo:flow:327d26f2cec2	flow:327d26f2cec2 → host:172.234.197.23 → host:131.196.29.160 → port:tcp:15735
flow_observed5-aryOBS	e:fo:flow:a0468409f112	flow:a0468409f112 → host:131.196.30.104 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-e5e4b6893c364bde:host:177.10.234.56	SESSION-e5e4b6893c364bde → host:177.10.234.56
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2e627b58284e1729:PCAP:capture_20260430090001:065659c7d314	SESSION-2e627b58284e1729 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ce88726966df20e:host:177.10.235.97:host:172.234.197.23	SESSION-5ce88726966df20e → host:177.10.235.97 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c9716031ec5470ef:SESSION-c9716031ec5470ef	SESSION-c9716031ec5470ef → pe:syn:SESSION-c9716031ec5470ef
FLOW_DST_PORTOBS	e:fp:flow:d36181c32e79:port:tcp:443	flow:d36181c32e79 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.80:geo_-16.28860_-49.01640	host:177.10.233.80 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-938eb42ac2c00523:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-938eb42ac2c00523 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-21b975753a100632:host:45.173.156.201	SESSION-21b975753a100632 → host:45.173.156.201
flow_observed5-aryOBS	e:fo:flow:d50c6c855668	flow:d50c6c855668 → host:177.10.232.122 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b7f4612f7527a5d:host:172.234.197.23	SESSION-5b7f4612f7527a5d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e12e5221262ce88f:host:172.234.197.23	SESSION-e12e5221262ce88f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6e5392ca321cb1ed:PCAP:capture_20260430160001:9bfa4498506a	SESSION-6e5392ca321cb1ed → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6af0fd134ffb330e:host:45.173.156.53:host:172.234.197.23	SESSION-6af0fd134ffb330e → host:45.173.156.53 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7e41a4ef6cc929c5:host:172.234.197.23	SESSION-7e41a4ef6cc929c5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02199a3eaa60c28c:host:172.234.197.23	SESSION-02199a3eaa60c28c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:811923523f71:port:tcp:443	flow:811923523f71 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-31836a23201b59b7:host:172.234.197.23	SESSION-31836a23201b59b7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cf31506875543a88:host:177.10.239.184:host:172.234.197.23	SESSION-cf31506875543a88 → host:177.10.239.184 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d8d6c91ee705:port:tcp:443	flow:d8d6c91ee705 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1410d14cf4ff2548:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1410d14cf4ff2548 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed4-aryOBS	e:fo:flow:e878a7e4044c	flow:e878a7e4044c → host:172.234.197.23 → host:131.196.30.83 → port:tcp:27686
flow_observed5-aryOBS	e:fo:flow:309a8c27afa8	flow:309a8c27afa8 → host:131.196.28.44 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e77bd841354043c4:SESSION-e77bd841354043c4	SESSION-e77bd841354043c4 → pe:syn:SESSION-e77bd841354043c4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-61267dc46edf9a47:host:172.234.197.23:host:131.196.28.87	SESSION-61267dc46edf9a47 → host:172.234.197.23 → host:131.196.28.87
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-928f584a0bc46099:host:177.10.232.65:host:172.234.197.23	SESSION-928f584a0bc46099 → host:177.10.232.65 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:46ffb306339f	flow:46ffb306339f → host:131.196.29.237 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.80:asn:273470	host:45.173.156.80 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2bcd65d8e62fc5a1:SESSION-2bcd65d8e62fc5a1	SESSION-2bcd65d8e62fc5a1 → pe:syn:SESSION-2bcd65d8e62fc5a1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fa2f81c8f6798425:host:177.10.233.4:host:172.234.197.23	SESSION-fa2f81c8f6798425 → host:177.10.233.4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d6eb1289c3370840:host:172.234.197.23:host:131.196.28.129	SESSION-d6eb1289c3370840 → host:172.234.197.23 → host:131.196.28.129
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3109063707c4a5e1:host:131.196.30.188:host:172.234.197.23	SESSION-3109063707c4a5e1 → host:131.196.30.188 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-aa8465f08de511a2:host:177.10.235.237	SESSION-aa8465f08de511a2 → host:177.10.235.237
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bc57d45d1a1b2f7b:host:172.234.197.23:host:177.10.239.234	SESSION-bc57d45d1a1b2f7b → host:172.234.197.23 → host:177.10.239.234
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4939a9166796718f:host:172.234.197.23:host:177.10.239.255	SESSION-4939a9166796718f → host:172.234.197.23 → host:177.10.239.255
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d0246a8b70a825de:SESSION-d0246a8b70a825de	SESSION-d0246a8b70a825de → pe:tls:SESSION-d0246a8b70a825de
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d12c89e59455016e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d12c89e59455016e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b1dabd85b6a07947:SESSION-b1dabd85b6a07947	SESSION-b1dabd85b6a07947 → pe:tls:SESSION-b1dabd85b6a07947
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b304bd763b72b95f:SESSION-b304bd763b72b95f	SESSION-b304bd763b72b95f → pe:syn:SESSION-b304bd763b72b95f
FLOW_DST_PORTOBS	e:fp:flow:2b6a2177ee0d:port:tcp:443	flow:2b6a2177ee0d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40e0d0b129f437fd:host:147.135.97.222	SESSION-40e0d0b129f437fd → host:147.135.97.222
FLOW_DST_PORTOBS	e:fp:flow:43128debff45:port:tcp:20233	flow:43128debff45 → port:tcp:20233
FLOW_FROM_HOSTOBS	e:from:SESSION-b236f75d1c6493bc:host:172.234.197.23	SESSION-b236f75d1c6493bc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ce53b2931ed237cb:SESSION-ce53b2931ed237cb	SESSION-ce53b2931ed237cb → pe:syn:SESSION-ce53b2931ed237cb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a27e337d4c0b49f3:host:177.10.235.132:host:172.234.197.23	SESSION-a27e337d4c0b49f3 → host:177.10.235.132 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-74505beccb017396:host:172.234.197.23	SESSION-74505beccb017396 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10ba6936b0af1959:host:131.196.31.238	SESSION-10ba6936b0af1959 → host:131.196.31.238
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.231:geo_-16.28860_-49.01640	host:177.10.235.231 → geo_-16.28860_-49.01640
flow_observed3-aryOBS	e:fo:flow:ab0e97bd1d29	flow:ab0e97bd1d29 → host:51.224.252.115 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-394efd35512401c0:SESSION-394efd35512401c0	SESSION-394efd35512401c0 → pe:syn:SESSION-394efd35512401c0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d9466ee8fbea2465:flow:b7a5df9fe8d2	SESSION-d9466ee8fbea2465 → flow:b7a5df9fe8d2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-877b851a45681e10:host:131.196.29.90:host:172.234.197.23	SESSION-877b851a45681e10 → host:131.196.29.90 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-54127ab649dd8e15:SESSION-54127ab649dd8e15	SESSION-54127ab649dd8e15 → pe:syn:SESSION-54127ab649dd8e15
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e627b58284e1729:host:172.234.197.23	SESSION-2e627b58284e1729 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cac3103b39cc2b1a:host:177.10.238.25	SESSION-cac3103b39cc2b1a → host:177.10.238.25
flow_observed5-aryOBS	e:fo:flow:d298b81348e9	flow:d298b81348e9 → host:131.196.30.227 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db5998ef2bd3405b:host:51.21.249.220:host:172.234.197.23	SESSION-db5998ef2bd3405b → host:51.21.249.220 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e323950505f0871:host:177.10.235.196	SESSION-0e323950505f0871 → host:177.10.235.196
FLOW_FROM_HOSTOBS	e:from:SESSION-991550775dcb0266:host:177.10.237.52	SESSION-991550775dcb0266 → host:177.10.237.52
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-02999fe2096ad39b:flow:fe94096b0d58	SESSION-02999fe2096ad39b → flow:fe94096b0d58
FLOW_DST_PORTOBS	e:fp:flow:85194d6067d8:port:tcp:443	flow:85194d6067d8 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-b60cd26b4cd717ea:host:172.234.197.23	SESSION-b60cd26b4cd717ea → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2be48cd916ee7ccc:SESSION-2be48cd916ee7ccc	SESSION-2be48cd916ee7ccc → pe:syn:SESSION-2be48cd916ee7ccc
FLOW_FROM_HOSTOBS	e:from:SESSION-ac9ecab386602d8f:host:177.10.236.84	SESSION-ac9ecab386602d8f → host:177.10.236.84
FLOW_FROM_HOSTOBS	e:from:SESSION-d11c29aca82696f2:host:177.10.236.58	SESSION-d11c29aca82696f2 → host:177.10.236.58
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2fd944013b60077a:SESSION-2fd944013b60077a	SESSION-2fd944013b60077a → pe:tls:SESSION-2fd944013b60077a
FLOW_FROM_HOSTOBS	e:from:SESSION-633c88960b55f389:host:131.196.31.71	SESSION-633c88960b55f389 → host:131.196.31.71
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-802ccc988b65b38c:flow:924c6b09c358	SESSION-802ccc988b65b38c → flow:924c6b09c358
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-55e2fb280d3c8e24:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-55e2fb280d3c8e24 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-4cde7abdf73c6af1:host:172.232.0.16	SESSION-4cde7abdf73c6af1 → host:172.232.0.16
FLOW_TO_HOSTOBS	e:to:SESSION-c471169f59e284ee:host:172.234.197.23	SESSION-c471169f59e284ee → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.24:geo_-16.28860_-49.01640	host:177.10.237.24 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-5491ebf26b201b1a:host:172.234.197.23	SESSION-5491ebf26b201b1a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c0657272c618c6d4:host:172.234.197.23	SESSION-c0657272c618c6d4 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.113:asn:262880	host:177.10.238.113 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eca69a208ab39d5f:SESSION-eca69a208ab39d5f	SESSION-eca69a208ab39d5f → pe:syn:SESSION-eca69a208ab39d5f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.168:geo_-23.62930_-46.63510	host:131.196.31.168 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c80786b4900f92c:host:177.10.232.204	SESSION-5c80786b4900f92c → host:177.10.232.204
FLOW_FROM_HOSTOBS	e:from:SESSION-ef7241157e60b5c0:host:95.170.25.6	SESSION-ef7241157e60b5c0 → host:95.170.25.6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c1b9603c0e1ea765:SESSION-c1b9603c0e1ea765	SESSION-c1b9603c0e1ea765 → pe:tls:SESSION-c1b9603c0e1ea765
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0f3b543446abe714:SESSION-0f3b543446abe714	SESSION-0f3b543446abe714 → pe:syn:SESSION-0f3b543446abe714
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-168a40fae7c0f56d:flow:ff3a11bb817b	SESSION-168a40fae7c0f56d → flow:ff3a11bb817b
flow_observed5-aryOBS	e:fo:flow:1dfa5ca65851	flow:1dfa5ca65851 → host:177.10.233.172 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-7cc58ab2d16fcbf8:host:131.196.29.125	SESSION-7cc58ab2d16fcbf8 → host:131.196.29.125
FLOW_FROM_HOSTOBS	e:from:SESSION-11ee8787e5fc7b06:host:131.196.30.233	SESSION-11ee8787e5fc7b06 → host:131.196.30.233
FLOW_TO_HOSTOBS	e:to:SESSION-352588f71ded414b:host:177.10.232.159	SESSION-352588f71ded414b → host:177.10.232.159
FLOW_TO_HOSTOBS	e:to:SESSION-489ca31c7f776997:host:172.234.197.23	SESSION-489ca31c7f776997 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dee230b22d739e8a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-dee230b22d739e8a → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-0ba942f2694f4960:host:177.10.235.72	SESSION-0ba942f2694f4960 → host:177.10.235.72
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-82c9dbe3cfe7e49f:PCAP:capture_20260430070001:903a0e7a436b	SESSION-82c9dbe3cfe7e49f → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:f3e0a6fab4e8	flow:f3e0a6fab4e8 → host:177.10.236.141 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-c9c5b30eb4b7e446:host:172.234.197.23	SESSION-c9c5b30eb4b7e446 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1ad9dd4ac6be1fc2:host:131.196.30.244	SESSION-1ad9dd4ac6be1fc2 → host:131.196.30.244
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-afb2aada9aae789c:BSG-DATA_EXFIL-3b025b84c8ad	SESSION-afb2aada9aae789c → BSG-DATA_EXFIL-3b025b84c8ad
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.61:asn:262880	host:177.10.236.61 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a9739ecc8b00e90:host:172.234.197.23	SESSION-7a9739ecc8b00e90 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ae99c26bd6d2dd56:PCAP:capture_20260430150001:ded20914761d	SESSION-ae99c26bd6d2dd56 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bcb514f388fb99c6:flow:e83a493a000d	SESSION-bcb514f388fb99c6 → flow:e83a493a000d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-61e3533744fe7104:flow:41bb63bf5f7d	SESSION-61e3533744fe7104 → flow:41bb63bf5f7d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-738e0b0c3dd2dd03:SESSION-738e0b0c3dd2dd03	SESSION-738e0b0c3dd2dd03 → pe:tls:SESSION-738e0b0c3dd2dd03
FLOW_FROM_HOSTOBS	e:from:SESSION-19ae824852752386:host:172.234.197.23	SESSION-19ae824852752386 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:9e85ef4a5e3b	flow:9e85ef4a5e3b → host:172.234.197.23 → host:131.196.29.106 → port:tcp:61948
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-25f56036928a5a45:host:177.10.236.78	SESSION-25f56036928a5a45 → host:177.10.236.78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2af0189f90c79b2:host:131.196.31.77	SESSION-d2af0189f90c79b2 → host:131.196.31.77
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-605acf1f49534e97:SESSION-605acf1f49534e97	SESSION-605acf1f49534e97 → pe:tls:SESSION-605acf1f49534e97
FLOW_FROM_HOSTOBS	e:from:SESSION-e12e5221262ce88f:host:172.234.197.23	SESSION-e12e5221262ce88f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6aca8ef237a42da9:host:172.234.197.23	SESSION-6aca8ef237a42da9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cd801ce1250407dd:flow:8bfba4698bee	SESSION-cd801ce1250407dd → flow:8bfba4698bee
FLOW_FROM_HOSTOBS	e:from:SESSION-14b4ac17b4f35bc0:host:177.10.236.41	SESSION-14b4ac17b4f35bc0 → host:177.10.236.41
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3ea2e2a37f857a7f:SESSION-3ea2e2a37f857a7f	SESSION-3ea2e2a37f857a7f → pe:syn:SESSION-3ea2e2a37f857a7f
FLOW_TO_HOSTOBS	e:to:SESSION-1d30b8cd9cbd48a1:host:172.234.197.23	SESSION-1d30b8cd9cbd48a1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23b772dcd58e4ef3:host:172.234.197.23	SESSION-23b772dcd58e4ef3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e62c7e5ed36c3850:host:172.234.197.23	SESSION-e62c7e5ed36c3850 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c0307b3c9af33eb0:SESSION-c0307b3c9af33eb0	SESSION-c0307b3c9af33eb0 → pe:rst:SESSION-c0307b3c9af33eb0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b420826720a06333:SESSION-b420826720a06333	SESSION-b420826720a06333 → pe:tls:SESSION-b420826720a06333
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a17e20e34301cc9:PCAP:capture_20260430050001:8868731bf8a4	SESSION-4a17e20e34301cc9 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b048ecd988d76f67:host:172.234.197.23	SESSION-b048ecd988d76f67 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d48fc354fcdd:port:tcp:65255	flow:d48fc354fcdd → port:tcp:65255
FLOW_FROM_HOSTOBS	e:from:SESSION-b82d9882ea505987:host:172.234.197.23	SESSION-b82d9882ea505987 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6d2d33fef3a69334:host:131.196.28.90:host:172.234.197.23	SESSION-6d2d33fef3a69334 → host:131.196.28.90 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b78a88d97420	flow:b78a88d97420 → host:177.10.237.54 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0657272c618c6d4:host:172.234.197.23	SESSION-c0657272c618c6d4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-be09ba54da571689:host:172.234.197.23	SESSION-be09ba54da571689 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-30f00b6e6078f800:SESSION-30f00b6e6078f800	SESSION-30f00b6e6078f800 → pe:syn:SESSION-30f00b6e6078f800
FLOW_FROM_HOSTOBS	e:from:SESSION-88ff33eaa18cf09d:host:177.10.235.97	SESSION-88ff33eaa18cf09d → host:177.10.235.97
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0ce4fb974af5131d:SESSION-0ce4fb974af5131d	SESSION-0ce4fb974af5131d → pe:syn:SESSION-0ce4fb974af5131d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-49d1ccfce5e59a68:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-49d1ccfce5e59a68 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b8fce0c61e3d0bf9:PCAP:capture_20260427200001:3ed6eed62060	SESSION-b8fce0c61e3d0bf9 → PCAP:capture_20260427200001:3ed6eed62060
FLOW_FROM_HOSTOBS	e:from:SESSION-db5998ef2bd3405b:host:51.21.249.220	SESSION-db5998ef2bd3405b → host:51.21.249.220
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c5ed9f49ee99549f:host:91.240.224.238:host:172.234.197.23	SESSION-c5ed9f49ee99549f → host:91.240.224.238 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa32b0aa2bffc0b5:SESSION-aa32b0aa2bffc0b5	SESSION-aa32b0aa2bffc0b5 → pe:tls:SESSION-aa32b0aa2bffc0b5
FLOW_TO_HOSTOBS	e:to:SESSION-48482b2d296d23e2:host:172.234.197.23	SESSION-48482b2d296d23e2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-73f1c8de70c12118:host:177.10.238.76	SESSION-73f1c8de70c12118 → host:177.10.238.76
FLOW_FROM_HOSTOBS	e:from:SESSION-5a4d952075d0ee24:host:177.10.234.224	SESSION-5a4d952075d0ee24 → host:177.10.234.224
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-035e17bf8c36a59b:host:172.234.197.23:host:177.10.237.6	SESSION-035e17bf8c36a59b → host:172.234.197.23 → host:177.10.237.6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cea44595be79fe10:SESSION-cea44595be79fe10	SESSION-cea44595be79fe10 → pe:syn:SESSION-cea44595be79fe10
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.197:asn:271410	host:131.196.31.197 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c0e460ce34915ff:host:172.234.197.23	SESSION-1c0e460ce34915ff → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-20aee5a5b6e9be41:host:172.234.197.23	SESSION-20aee5a5b6e9be41 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4af5e0493e3bd78c:PCAP:capture_20260430110001:43611bdf6759	SESSION-4af5e0493e3bd78c → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d815390d9091f577:flow:6f971cb3d3a9	SESSION-d815390d9091f577 → flow:6f971cb3d3a9
FLOW_TLS_SNIOBS	e:fs:flow:8f5d2d82ff5b:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:8f5d2d82ff5b → tls_sni:172-234-197-23.ip.linodeusercontent.com
flow_observed5-aryOBS	e:fo:flow:4b85dcad38b9	flow:4b85dcad38b9 → host:177.10.237.83 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.75:asn:262880	host:177.10.235.75 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6f6577138d25ad9e:SESSION-6f6577138d25ad9e	SESSION-6f6577138d25ad9e → pe:tls:SESSION-6f6577138d25ad9e
flow_observed5-aryOBS	e:fo:flow:32513d87e909	flow:32513d87e909 → host:177.10.237.63 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-803381ec4a55866c:host:172.234.197.23	SESSION-803381ec4a55866c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-472adb1eeb20f880:host:172.234.197.23	SESSION-472adb1eeb20f880 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49d1ccfce5e59a68:host:172.234.197.23	SESSION-49d1ccfce5e59a68 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.92:geo_-23.62930_-46.63510	host:131.196.30.92 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a91fe9a6e775a606:SESSION-a91fe9a6e775a606	SESSION-a91fe9a6e775a606 → pe:syn:SESSION-a91fe9a6e775a606
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-da6e864635febf48:SESSION-da6e864635febf48	SESSION-da6e864635febf48 → pe:tls:SESSION-da6e864635febf48
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-e883c2ce63ee6e05:BSG-BEACON-e07f4250263f	SESSION-e883c2ce63ee6e05 → BSG-BEACON-e07f4250263f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-609881b75f195530:SESSION-609881b75f195530	SESSION-609881b75f195530 → pe:syn:SESSION-609881b75f195530
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-678637d3dc5962bf:PCAP:capture_20260430050001:8868731bf8a4	SESSION-678637d3dc5962bf → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d4341cc9426e2382:SESSION-d4341cc9426e2382	SESSION-d4341cc9426e2382 → pe:tls:SESSION-d4341cc9426e2382
FLOW_TO_HOSTOBS	e:to:SESSION-5ef49ba6d990c029:host:172.234.197.23	SESSION-5ef49ba6d990c029 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-da8ba1d6891d9574:BSG-BEACON-f0c7a9a91348	SESSION-da8ba1d6891d9574 → BSG-BEACON-f0c7a9a91348
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cff1d643020db9d5:host:131.196.31.132:host:172.234.197.23	SESSION-cff1d643020db9d5 → host:131.196.31.132 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-15ce8c1431c2e2c7:host:177.10.239.139	SESSION-15ce8c1431c2e2c7 → host:177.10.239.139
FLOW_FROM_HOSTOBS	e:from:SESSION-0afc12079a05a1b1:host:95.170.25.105	SESSION-0afc12079a05a1b1 → host:95.170.25.105
FLOW_DST_PORTOBS	e:fp:flow:9a8bda96a1d7:port:tcp:443	flow:9a8bda96a1d7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-43a9f8d54e48850a:SESSION-43a9f8d54e48850a	SESSION-43a9f8d54e48850a → pe:tls:SESSION-43a9f8d54e48850a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4ba070ea29625f6c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-4ba070ea29625f6c → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-030a81db4532bd3a:SESSION-030a81db4532bd3a	SESSION-030a81db4532bd3a → pe:syn:SESSION-030a81db4532bd3a
flow_observed5-aryOBS	e:fo:flow:c29121159bd5	flow:c29121159bd5 → host:177.10.232.153 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d407d786bd09817:host:172.234.197.23	SESSION-2d407d786bd09817 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d0929735579c89e2:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d0929735579c89e2 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-a4651c2a8eec0e6f:host:131.196.29.201	SESSION-a4651c2a8eec0e6f → host:131.196.29.201
flow_observed5-aryOBS	e:fo:flow:5d5bc8796647	flow:5d5bc8796647 → host:177.10.235.169 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-caadff286c632ea0:host:40.177.170.73	SESSION-caadff286c632ea0 → host:40.177.170.73
FLOW_FROM_HOSTOBS	e:from:SESSION-8bd396f5705de0fe:host:131.196.30.78	SESSION-8bd396f5705de0fe → host:131.196.30.78
flow_observed5-aryOBS	e:fo:flow:6854fb7aca06	flow:6854fb7aca06 → host:177.10.238.10 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-397164cbc5836ff1:flow:d11c40fa264a	SESSION-397164cbc5836ff1 → flow:d11c40fa264a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-da61b01cc679b249:flow:6acf80163cc3	SESSION-da61b01cc679b249 → flow:6acf80163cc3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c016235dacd88a4d:flow:e3df5756ccbc	SESSION-c016235dacd88a4d → flow:e3df5756ccbc
FLOW_FROM_HOSTOBS	e:from:SESSION-51b69a1f49968dce:host:177.10.239.253	SESSION-51b69a1f49968dce → host:177.10.239.253
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-472112a6b5df57cd:flow:78cc4865bf4c	SESSION-472112a6b5df57cd → flow:78cc4865bf4c
flow_observed5-aryOBS	e:fo:flow:e053f58587df	flow:e053f58587df → host:45.173.156.237 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:17ffd29efdaf	flow:17ffd29efdaf → host:177.10.233.249 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-a82c7f51b8bc2f4f:host:131.196.31.140	SESSION-a82c7f51b8bc2f4f → host:131.196.31.140
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1e2a14af4b2a82fd:SESSION-1e2a14af4b2a82fd	SESSION-1e2a14af4b2a82fd → pe:syn:SESSION-1e2a14af4b2a82fd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6d93e05fe8ec7e58:SESSION-6d93e05fe8ec7e58	SESSION-6d93e05fe8ec7e58 → pe:tls:SESSION-6d93e05fe8ec7e58
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.212:asn:273470	host:45.173.156.212 → asn:273470
FLOW_TO_HOSTOBS	e:to:SESSION-978d4fdbc8d38350:host:172.234.197.23	SESSION-978d4fdbc8d38350 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-96878fba39db06d8:host:177.10.236.191	SESSION-96878fba39db06d8 → host:177.10.236.191
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d269b4a1c84321cd:SESSION-d269b4a1c84321cd	SESSION-d269b4a1c84321cd → pe:syn:SESSION-d269b4a1c84321cd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e17435638a41ed24:host:131.196.29.60:host:172.234.197.23	SESSION-e17435638a41ed24 → host:131.196.29.60 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-44f16a8e9c86ada8:host:177.10.235.158:host:172.234.197.23	SESSION-44f16a8e9c86ada8 → host:177.10.235.158 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c4216ce52ca9	flow:c4216ce52ca9 → host:131.196.28.101 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d77225c69f4fe117:host:177.10.239.5	SESSION-d77225c69f4fe117 → host:177.10.239.5
flow_observed5-aryOBS	e:fo:flow:b7a5df9fe8d2	flow:b7a5df9fe8d2 → host:131.196.28.7 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a6f73143abd0c86:host:177.10.232.156	SESSION-3a6f73143abd0c86 → host:177.10.232.156
flow_observed5-aryOBS	e:fo:flow:a173045a2352	flow:a173045a2352 → host:177.10.236.90 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.196:asn:262880	host:177.10.232.196 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:2e0ba50458ee:port:tcp:27983	flow:2e0ba50458ee → port:tcp:27983
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ad7d874b9cd6bce1:host:177.10.239.255:host:172.234.197.23	SESSION-ad7d874b9cd6bce1 → host:177.10.239.255 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8a9b85b89d918f42:host:172.234.197.23	SESSION-8a9b85b89d918f42 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bc308b17bca42662:SESSION-bc308b17bca42662	SESSION-bc308b17bca42662 → pe:tls:SESSION-bc308b17bca42662
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-37dea09d598a2ad1:SESSION-37dea09d598a2ad1	SESSION-37dea09d598a2ad1 → pe:tls:SESSION-37dea09d598a2ad1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c53b2c88ff7f785:host:172.234.197.23	SESSION-6c53b2c88ff7f785 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8e0f3c8a35641f7b:host:177.10.237.57	SESSION-8e0f3c8a35641f7b → host:177.10.237.57
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a70cd7da1062faad:SESSION-a70cd7da1062faad	SESSION-a70cd7da1062faad → pe:syn:SESSION-a70cd7da1062faad
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-54f6eb1f506e4a3a:PCAP:capture_20260430080001:93f47cc296a4	SESSION-54f6eb1f506e4a3a → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:9bd19d03285c	flow:9bd19d03285c → host:177.10.236.11 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:149.202.187.73:asn:16276	host:149.202.187.73 → asn:16276
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90d4f232d3edc1de:host:172.234.197.23	SESSION-90d4f232d3edc1de → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a6ed96bf23ac2f6b:host:131.196.29.15:host:172.234.197.23	SESSION-a6ed96bf23ac2f6b → host:131.196.29.15 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:1f860e8c99a7	flow:1f860e8c99a7 → host:172.234.197.23 → host:45.173.156.83 → port:tcp:53487
flow_observed5-aryOBS	e:fo:flow:3e863a59aa1c	flow:3e863a59aa1c → host:51.161.119.157 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-26e26ae77a5f41e1:host:172.234.197.23	SESSION-26e26ae77a5f41e1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f5731b0b8f40f73a:host:177.10.237.156	SESSION-f5731b0b8f40f73a → host:177.10.237.156
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-47fbdf6c3cd24fcc:SESSION-47fbdf6c3cd24fcc	SESSION-47fbdf6c3cd24fcc → pe:tls:SESSION-47fbdf6c3cd24fcc
FLOW_DST_PORTOBS	e:fp:flow:0642687a4af2:port:tcp:443	flow:0642687a4af2 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-288c2773d91d95c9:SESSION-288c2773d91d95c9	SESSION-288c2773d91d95c9 → pe:tls:SESSION-288c2773d91d95c9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37fa495f79e351e9:flow:e6ceecc84370	SESSION-37fa495f79e351e9 → flow:e6ceecc84370
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a1375745ca86fe64:SESSION-a1375745ca86fe64	SESSION-a1375745ca86fe64 → pe:syn:SESSION-a1375745ca86fe64
flow_observed5-aryOBS	e:fo:flow:f0632fcdd97f	flow:f0632fcdd97f → host:104.28.234.79 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e15824f9dd78d2b4:SESSION-e15824f9dd78d2b4	SESSION-e15824f9dd78d2b4 → pe:syn:SESSION-e15824f9dd78d2b4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-01c9c3509e882c26:SESSION-01c9c3509e882c26	SESSION-01c9c3509e882c26 → pe:tls:SESSION-01c9c3509e882c26
FLOW_TO_HOSTOBS	e:to:SESSION-e7a6b146488afb43:host:172.234.197.23	SESSION-e7a6b146488afb43 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f73f713a631f7530:host:172.234.197.23	SESSION-f73f713a631f7530 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:61851684d751	flow:61851684d751 → host:172.234.197.23 → host:177.10.235.185 → port:tcp:59326
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ce9bea4cad9ad3a3:PCAP:capture_20260430060001:919b39a74464	SESSION-ce9bea4cad9ad3a3 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0940876600cf1421:host:172.234.197.23	SESSION-0940876600cf1421 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-57494845d8eca477:SESSION-57494845d8eca477	SESSION-57494845d8eca477 → pe:tls:SESSION-57494845d8eca477
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55aa5069b830c261:host:172.234.197.23	SESSION-55aa5069b830c261 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d31cb6e546f767b7:SESSION-d31cb6e546f767b7	SESSION-d31cb6e546f767b7 → pe:syn:SESSION-d31cb6e546f767b7
FLOW_FROM_HOSTOBS	e:from:SESSION-e7e52183ef313b6a:host:131.196.28.207	SESSION-e7e52183ef313b6a → host:131.196.28.207
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0758ca9101405049:SESSION-0758ca9101405049	SESSION-0758ca9101405049 → pe:tls:SESSION-0758ca9101405049
FLOW_FROM_HOSTOBS	e:from:SESSION-136356e88c69bcaa:host:172.234.197.23	SESSION-136356e88c69bcaa → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-73bdc276c5a845ed:flow:e8c8116b8c73	SESSION-73bdc276c5a845ed → flow:e8c8116b8c73
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-02cfffe2a1cdb1f3:PCAP:capture_20260430110001:43611bdf6759	SESSION-02cfffe2a1cdb1f3 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f40f233058919cef:host:131.196.29.186	SESSION-f40f233058919cef → host:131.196.29.186
FLOW_TO_HOSTOBS	e:to:SESSION-1fdaf54c444b72c0:host:131.196.30.19	SESSION-1fdaf54c444b72c0 → host:131.196.30.19
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8bd396f5705de0fe:host:131.196.30.78	SESSION-8bd396f5705de0fe → host:131.196.30.78
FLOW_DST_PORTOBS	e:fp:flow:cae9789f6cd2:port:tcp:443	flow:cae9789f6cd2 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d30b8cd9cbd48a1:host:172.234.197.23	SESSION-1d30b8cd9cbd48a1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2dd011a07497df56:host:172.234.197.23	SESSION-2dd011a07497df56 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5c1a2c7dc69870b1:SESSION-5c1a2c7dc69870b1	SESSION-5c1a2c7dc69870b1 → pe:syn:SESSION-5c1a2c7dc69870b1
FLOW_DST_PORTOBS	e:fp:flow:89e07491d359:port:tcp:443	flow:89e07491d359 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2aa671fdac09172:host:131.196.28.40	SESSION-f2aa671fdac09172 → host:131.196.28.40
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-7f3bd7044d582575:SESSION-7f3bd7044d582575	SESSION-7f3bd7044d582575 → pe:rst:SESSION-7f3bd7044d582575
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bfd9e24a99b67097:PCAP:capture_20260430050001:8868731bf8a4	SESSION-bfd9e24a99b67097 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8dc28b29833676bc:PCAP:capture_20260430060001:919b39a74464	SESSION-8dc28b29833676bc → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:17231e591100:port:tcp:58810	flow:17231e591100 → port:tcp:58810
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5e7695ca2cac12f:SESSION-b5e7695ca2cac12f	SESSION-b5e7695ca2cac12f → pe:tls:SESSION-b5e7695ca2cac12f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b68b7374dcfd0024:host:177.10.233.246:host:172.234.197.23	SESSION-b68b7374dcfd0024 → host:177.10.233.246 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:bb9a911fd3e5	flow:bb9a911fd3e5 → host:177.10.232.246 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.143:asn:271410	host:131.196.31.143 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb7b2ae66396fc75:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-cb7b2ae66396fc75 → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.46:asn:262880	host:177.10.235.46 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:6c0273891f97:port:tcp:443	flow:6c0273891f97 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4dc418e4265e72ea:host:177.10.238.93	SESSION-4dc418e4265e72ea → host:177.10.238.93
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.159:asn:262880	host:177.10.237.159 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9a9df261a7287913:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9a9df261a7287913 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.76:asn:262880	host:177.10.234.76 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-7ddcefc7eea69488:host:172.234.197.23	SESSION-7ddcefc7eea69488 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.154:asn:271410	host:131.196.29.154 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:2ad543ca6167:port:tcp:443	flow:2ad543ca6167 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a074f157090defb0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a074f157090defb0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1627b9df9d2fc920:host:177.10.236.231	SESSION-1627b9df9d2fc920 → host:177.10.236.231
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e7e52183ef313b6a:SESSION-e7e52183ef313b6a	SESSION-e7e52183ef313b6a → pe:syn:SESSION-e7e52183ef313b6a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8684436ffb4e26c7:host:131.196.29.60	SESSION-8684436ffb4e26c7 → host:131.196.29.60
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f8491791342c7cb3:host:95.135.228.151:host:172.234.197.23	SESSION-f8491791342c7cb3 → host:95.135.228.151 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4d5b5151108975cf:SESSION-4d5b5151108975cf	SESSION-4d5b5151108975cf → pe:tls:SESSION-4d5b5151108975cf
FLOW_FROM_HOSTOBS	e:from:SESSION-eaf5b03036efa5c6:host:185.231.226.223	SESSION-eaf5b03036efa5c6 → host:185.231.226.223
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.45:geo_-23.62930_-46.63510	host:131.196.30.45 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-a6edbcdecdf7d835:host:172.234.197.23	SESSION-a6edbcdecdf7d835 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7ac052262d51e17:host:131.196.29.27:host:172.234.197.23	SESSION-b7ac052262d51e17 → host:131.196.29.27 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3bb54d95c2cdaff:host:172.234.197.23	SESSION-a3bb54d95c2cdaff → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d0657eb87257c08:host:172.234.197.23	SESSION-9d0657eb87257c08 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-24763432928200fc:host:172.234.197.23	SESSION-24763432928200fc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4c4adfb3e188a176:SESSION-4c4adfb3e188a176	SESSION-4c4adfb3e188a176 → pe:syn:SESSION-4c4adfb3e188a176
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f81fa7919a8c03a8:SESSION-f81fa7919a8c03a8	SESSION-f81fa7919a8c03a8 → pe:syn:SESSION-f81fa7919a8c03a8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8c94fcea26d4cb3:SESSION-c8c94fcea26d4cb3	SESSION-c8c94fcea26d4cb3 → pe:syn:SESSION-c8c94fcea26d4cb3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-096419478460628e:host:172.232.0.16	SESSION-096419478460628e → host:172.232.0.16
FLOW_TO_HOSTOBS	e:to:SESSION-03cfd9b1d0f62704:host:172.234.197.23	SESSION-03cfd9b1d0f62704 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-415d7b69c6628cc7:SESSION-415d7b69c6628cc7	SESSION-415d7b69c6628cc7 → pe:syn:SESSION-415d7b69c6628cc7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-154a0a352559b94b:host:131.196.29.224:host:172.234.197.23	SESSION-154a0a352559b94b → host:131.196.29.224 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-755eaab432e9c6a6:SESSION-755eaab432e9c6a6	SESSION-755eaab432e9c6a6 → pe:syn:SESSION-755eaab432e9c6a6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.158:geo_-21.10010_-41.69200	host:45.173.156.158 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d5b41a2eb16ae40:host:45.173.156.190	SESSION-8d5b41a2eb16ae40 → host:45.173.156.190
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-f306c00af6aee0a4:BSG-BEACON-137dcd60b691	SESSION-f306c00af6aee0a4 → BSG-BEACON-137dcd60b691
FLOW_TO_HOSTOBS	e:to:SESSION-ab6d0c9e6f54de20:host:172.234.197.23	SESSION-ab6d0c9e6f54de20 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1518dad52645fa99:SESSION-1518dad52645fa99	SESSION-1518dad52645fa99 → pe:tls:SESSION-1518dad52645fa99
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-66033cfbc7dd0c2c:flow:44c13df988ff	SESSION-66033cfbc7dd0c2c → flow:44c13df988ff
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ad4db4cca9d566af:SESSION-ad4db4cca9d566af	SESSION-ad4db4cca9d566af → pe:tls:SESSION-ad4db4cca9d566af
FLOW_TO_HOSTOBS	e:to:SESSION-51603301232db2ce:host:172.234.197.23	SESSION-51603301232db2ce → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c1aa9055f8e3197b:host:131.196.30.181	SESSION-c1aa9055f8e3197b → host:131.196.30.181
FLOW_TO_HOSTOBS	e:to:SESSION-afbbd778f47cc6c1:host:131.196.29.41	SESSION-afbbd778f47cc6c1 → host:131.196.29.41
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0ffcc2d542e7be59:SESSION-0ffcc2d542e7be59	SESSION-0ffcc2d542e7be59 → pe:tls:SESSION-0ffcc2d542e7be59
FLOW_TO_HOSTOBS	e:to:SESSION-4d1df89a4cf6f008:host:172.234.197.23	SESSION-4d1df89a4cf6f008 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0be6cf40df30cb93:host:177.10.239.249	SESSION-0be6cf40df30cb93 → host:177.10.239.249
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e3089f893be8ea87:host:172.234.197.23:host:131.196.30.222	SESSION-e3089f893be8ea87 → host:172.234.197.23 → host:131.196.30.222
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b7f75116e650c71:PCAP:capture_20260430050001:8868731bf8a4	SESSION-7b7f75116e650c71 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3bfa302feda190a0:flow:3d371f84b45c	SESSION-3bfa302feda190a0 → flow:3d371f84b45c
FLOW_TO_HOSTOBS	e:to:SESSION-3bc3682173c4cf6b:host:172.234.197.23	SESSION-3bc3682173c4cf6b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b9ca26e5420bb5bf:host:172.234.197.23	SESSION-b9ca26e5420bb5bf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1f44963c65f506a9:SESSION-1f44963c65f506a9	SESSION-1f44963c65f506a9 → pe:tls:SESSION-1f44963c65f506a9
FLOW_TO_HOSTOBS	e:to:SESSION-cc7ab250b87b35be:host:172.234.197.23	SESSION-cc7ab250b87b35be → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4709033d4574:port:tcp:9505	flow:4709033d4574 → port:tcp:9505
FLOW_FROM_HOSTOBS	e:from:SESSION-17a3924886eb315f:host:172.234.197.23	SESSION-17a3924886eb315f → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.234:geo_-16.28860_-49.01640	host:177.10.232.234 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-b2754fb6a113c6b7:host:172.234.197.23	SESSION-b2754fb6a113c6b7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-65262d33293291dd:host:172.234.197.23	SESSION-65262d33293291dd → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-100c3fd7436ef8f8:host:172.234.197.23:host:177.10.234.52	SESSION-100c3fd7436ef8f8 → host:172.234.197.23 → host:177.10.234.52
flow_observed5-aryOBS	e:fo:flow:bc3157f5d3c6	flow:bc3157f5d3c6 → host:177.10.239.138 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-367c844590f11a50:host:131.196.28.38	SESSION-367c844590f11a50 → host:131.196.28.38
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb7b2ae66396fc75:host:177.10.235.178:host:172.234.197.23	SESSION-cb7b2ae66396fc75 → host:177.10.235.178 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.128:geo_-23.62930_-46.63510	host:131.196.28.128 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ced37932852de9e5:PCAP:capture_20260430070001:903a0e7a436b	SESSION-ced37932852de9e5 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-f718f291e0c401d5:host:177.10.234.184	SESSION-f718f291e0c401d5 → host:177.10.234.184
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-87f83ff8260cc70d:SESSION-87f83ff8260cc70d	SESSION-87f83ff8260cc70d → pe:tls:SESSION-87f83ff8260cc70d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-724b8ddf902cc285:flow:b3263c50c98f	SESSION-724b8ddf902cc285 → flow:b3263c50c98f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e220c81ec884c58:host:177.10.235.128	SESSION-5e220c81ec884c58 → host:177.10.235.128
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-102bebe502918f62:host:172.234.197.23:host:131.196.30.150	SESSION-102bebe502918f62 → host:172.234.197.23 → host:131.196.30.150
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fdca441bb1b3810b:host:131.196.28.170	SESSION-fdca441bb1b3810b → host:131.196.28.170
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b66b69fe93183378:SESSION-b66b69fe93183378	SESSION-b66b69fe93183378 → pe:syn:SESSION-b66b69fe93183378
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5e4b6893c364bde:host:172.234.197.23	SESSION-e5e4b6893c364bde → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.2:asn:262880	host:177.10.232.2 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.167:asn:273470	host:45.173.156.167 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8c0a98b52014301:host:172.234.197.23	SESSION-d8c0a98b52014301 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6d74877df7cdd5d7:flow:0751af29d453	SESSION-6d74877df7cdd5d7 → flow:0751af29d453
FLOW_TO_HOSTOBS	e:to:SESSION-e8de37a87806b5e4:host:172.234.197.23	SESSION-e8de37a87806b5e4 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.152:asn:262880	host:177.10.237.152 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-973fc1252d207af1:PCAP:capture_20260430060001:919b39a74464	SESSION-973fc1252d207af1 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:26f60c160f6b:port:tcp:443	flow:26f60c160f6b → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-74fa9a10a5811b00:flow:60f887dc148d	SESSION-74fa9a10a5811b00 → flow:60f887dc148d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.217:geo_-23.62930_-46.63510	host:131.196.28.217 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96cc205c664fccab:flow:056fa8bf83c9	SESSION-96cc205c664fccab → flow:056fa8bf83c9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2117b91b7562ba94:SESSION-2117b91b7562ba94	SESSION-2117b91b7562ba94 → pe:tls:SESSION-2117b91b7562ba94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-64abd49ab16af3e3:SESSION-64abd49ab16af3e3	SESSION-64abd49ab16af3e3 → pe:tls:SESSION-64abd49ab16af3e3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa372e44ee6fb3e7:host:172.234.197.23	SESSION-aa372e44ee6fb3e7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6a9de5a5ca92:port:tcp:443	flow:6a9de5a5ca92 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-424fe4b4ecc22e45:SESSION-424fe4b4ecc22e45	SESSION-424fe4b4ecc22e45 → pe:syn:SESSION-424fe4b4ecc22e45
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-09db40e08b93496c:SESSION-09db40e08b93496c	SESSION-09db40e08b93496c → pe:tls:SESSION-09db40e08b93496c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2d6545f001e19457:PCAP:capture_20260430150001:ded20914761d	SESSION-2d6545f001e19457 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-049aa291881e8f8b:SESSION-049aa291881e8f8b	SESSION-049aa291881e8f8b → pe:syn:SESSION-049aa291881e8f8b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-35fcdb0ef59afc26:flow:bcc72520c021	SESSION-35fcdb0ef59afc26 → flow:bcc72520c021
flow_observed5-aryOBS	e:fo:flow:fc2f9ab2e66c	flow:fc2f9ab2e66c → host:177.10.237.179 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.83:asn:262880	host:177.10.235.83 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-0371abab0ef43e73:SESSION-0371abab0ef43e73	SESSION-0371abab0ef43e73 → pe:rst:SESSION-0371abab0ef43e73
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6420523769b66d4c:SESSION-6420523769b66d4c	SESSION-6420523769b66d4c → pe:syn:SESSION-6420523769b66d4c
FLOW_DST_PORTOBS	e:fp:flow:bbbfe2fd8c5e:port:tcp:443	flow:bbbfe2fd8c5e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3988a9d0230ebd4d:SESSION-3988a9d0230ebd4d	SESSION-3988a9d0230ebd4d → pe:tls:SESSION-3988a9d0230ebd4d
FLOW_FROM_HOSTOBS	e:from:SESSION-578d76d32a2c1b81:host:172.234.197.23	SESSION-578d76d32a2c1b81 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a33a5bbd98f17a5b:host:5.182.209.49:host:172.234.197.23	SESSION-a33a5bbd98f17a5b → host:5.182.209.49 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5ceca64359b9f0d:host:172.234.197.23	SESSION-a5ceca64359b9f0d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86f296cd3a39a7c2:host:172.234.197.23	SESSION-86f296cd3a39a7c2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-099b4106de78317b:host:177.10.234.43	SESSION-099b4106de78317b → host:177.10.234.43
flow_observed4-aryOBS	e:fo:flow:ea1b99f43729	flow:ea1b99f43729 → host:172.234.197.23 → host:131.196.29.79 → port:tcp:3881
flow_observed5-aryOBS	e:fo:flow:b689e3522dc7	flow:b689e3522dc7 → host:131.196.30.74 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-58f4b45cf908ad77:host:131.196.30.88:host:172.234.197.23	SESSION-58f4b45cf908ad77 → host:131.196.30.88 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.209:asn:262880	host:177.10.239.209 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2a9f928f7ece6fbf:PCAP:capture_20260430080001:93f47cc296a4	SESSION-2a9f928f7ece6fbf → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4c9278fb58fb6165:host:51.224.78.219:host:172.234.197.23	SESSION-4c9278fb58fb6165 → host:51.224.78.219 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2161d2ba591330e1:flow:40ddd64a6350	SESSION-2161d2ba591330e1 → flow:40ddd64a6350
flow_observed5-aryOBS	e:fo:flow:987246f3073a	flow:987246f3073a → host:177.10.235.215 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:ffb55f14ed31:port:udp:53	flow:ffb55f14ed31 → port:udp:53
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-603529cff661c41d:flow:e053f58587df	SESSION-603529cff661c41d → flow:e053f58587df
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5218a703d93123a3:flow:6a5ee69048ca	SESSION-5218a703d93123a3 → flow:6a5ee69048ca
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fce590506c76a4f8:SESSION-fce590506c76a4f8	SESSION-fce590506c76a4f8 → pe:syn:SESSION-fce590506c76a4f8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e7c834c7664f83e9:PCAP:capture_20260430090001:065659c7d314	SESSION-e7c834c7664f83e9 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d0a19698769d1246:flow:8cfb704b39ee	SESSION-d0a19698769d1246 → flow:8cfb704b39ee
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a6ca8d988675ead3:SESSION-a6ca8d988675ead3	SESSION-a6ca8d988675ead3 → pe:syn:SESSION-a6ca8d988675ead3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-46d2f77cc38b38db:PCAP:capture_20260430110001:43611bdf6759	SESSION-46d2f77cc38b38db → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-712d2d82579af730:host:177.10.232.211	SESSION-712d2d82579af730 → host:177.10.232.211
FLOW_FROM_HOSTOBS	e:from:SESSION-65316f3920c6d168:host:177.10.235.105	SESSION-65316f3920c6d168 → host:177.10.235.105
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-931a0ea4dc7054bf:SESSION-931a0ea4dc7054bf	SESSION-931a0ea4dc7054bf → pe:tls:SESSION-931a0ea4dc7054bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-52edfb1e7fe307be:PCAP:capture_20260430080001:93f47cc296a4	SESSION-52edfb1e7fe307be → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-cdf732629d327c4c:SESSION-cdf732629d327c4c	SESSION-cdf732629d327c4c → pe:rst:SESSION-cdf732629d327c4c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-07124c917c797d63:SESSION-07124c917c797d63	SESSION-07124c917c797d63 → pe:rst:SESSION-07124c917c797d63
FLOW_DST_PORTOBS	e:fp:flow:bfe599b46934:port:tcp:443	flow:bfe599b46934 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.55:asn:262880	host:177.10.239.55 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb512b6db53333ff:host:172.234.197.23	SESSION-bb512b6db53333ff → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96abdd68944f2af2:flow:11c7bb2f84e7	SESSION-96abdd68944f2af2 → flow:11c7bb2f84e7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-39845edf8e8f640a:SESSION-39845edf8e8f640a	SESSION-39845edf8e8f640a → pe:syn:SESSION-39845edf8e8f640a
FLOW_FROM_HOSTOBS	e:from:SESSION-4cf4d7f5409c1837:host:44.246.129.80	SESSION-4cf4d7f5409c1837 → host:44.246.129.80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73eca1f22df524d3:host:172.234.197.23	SESSION-73eca1f22df524d3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e22ceaf98f82b588:flow:ecbf4329cbae	SESSION-e22ceaf98f82b588 → flow:ecbf4329cbae
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e36c77c5ab0d7e92:flow:efdc052f98d7	SESSION-e36c77c5ab0d7e92 → flow:efdc052f98d7
FLOW_DST_PORTOBS	e:fp:flow:6acf80163cc3:port:tcp:443	flow:6acf80163cc3 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bfa418bfe374bf06:SESSION-bfa418bfe374bf06	SESSION-bfa418bfe374bf06 → pe:syn:SESSION-bfa418bfe374bf06
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-24bd61df75bf4426:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-24bd61df75bf4426 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fc59b28fe233796a:SESSION-fc59b28fe233796a	SESSION-fc59b28fe233796a → pe:syn:SESSION-fc59b28fe233796a
flow_observed5-aryOBS	e:fo:flow:0c6b61bfa335	flow:0c6b61bfa335 → host:177.10.237.161 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2e3764b25412d87e:flow:f2abe0420a48	SESSION-2e3764b25412d87e → flow:f2abe0420a48
flow_observed5-aryOBS	e:fo:flow:7fec8489c584	flow:7fec8489c584 → host:177.10.234.218 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:91c1af006574:port:tcp:443	flow:91c1af006574 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6e2683c2a1a03e97:PCAP:capture_20260430050001:8868731bf8a4	SESSION-6e2683c2a1a03e97 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:122574939bbc	flow:122574939bbc → host:131.196.31.166 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-eb82ec2c88e573dc:host:177.10.236.239	SESSION-eb82ec2c88e573dc → host:177.10.236.239
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9af350d3c0c51da5:host:177.10.238.163	SESSION-9af350d3c0c51da5 → host:177.10.238.163
flow_observed5-aryOBS	e:fo:flow:eb46c0750072	flow:eb46c0750072 → host:92.112.71.219 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f70c7a73cedaabc:host:177.10.232.103	SESSION-5f70c7a73cedaabc → host:177.10.232.103
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8be5aa373d930e54:host:172.234.197.23:host:177.10.232.42	SESSION-8be5aa373d930e54 → host:172.234.197.23 → host:177.10.232.42
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7c834c7664f83e9:host:177.10.233.146	SESSION-e7c834c7664f83e9 → host:177.10.233.146
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.26:geo_-16.28860_-49.01640	host:177.10.235.26 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-5f5575c7d9faf65d:host:172.234.197.23	SESSION-5f5575c7d9faf65d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.125:geo_-16.28860_-49.01640	host:177.10.236.125 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-4bda9924d3f6d619:host:172.234.197.23	SESSION-4bda9924d3f6d619 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f482eb7fd49a3f1b:host:172.234.197.23	SESSION-f482eb7fd49a3f1b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d4076f0f6734ca69:SESSION-d4076f0f6734ca69	SESSION-d4076f0f6734ca69 → pe:syn:SESSION-d4076f0f6734ca69
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cde6fb5ccac54489:SESSION-cde6fb5ccac54489	SESSION-cde6fb5ccac54489 → pe:syn:SESSION-cde6fb5ccac54489
FLOW_DST_PORTOBS	e:fp:flow:3289c02669aa:port:tcp:443	flow:3289c02669aa → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-0e3916b0aa19b751:host:172.234.197.23	SESSION-0e3916b0aa19b751 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dd7be5606f48437f:SESSION-dd7be5606f48437f	SESSION-dd7be5606f48437f → pe:syn:SESSION-dd7be5606f48437f
flow_observed5-aryOBS	e:fo:flow:6d6335a56d67	flow:6d6335a56d67 → host:177.10.232.66 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f07a2dad0dfb354:host:172.234.197.23	SESSION-5f07a2dad0dfb354 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4531330495d6a6b8:host:177.10.232.225:host:172.234.197.23	SESSION-4531330495d6a6b8 → host:177.10.232.225 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31068e75a101287d:host:177.10.234.155	SESSION-31068e75a101287d → host:177.10.234.155
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e41b633abf5898e8:PCAP:capture_20260430070001:903a0e7a436b	SESSION-e41b633abf5898e8 → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.229:asn:262880	host:177.10.232.229 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ca707063b726bac:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8ca707063b726bac → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b61117bf3d91dba8:SESSION-b61117bf3d91dba8	SESSION-b61117bf3d91dba8 → pe:tls:SESSION-b61117bf3d91dba8
FLOW_DST_PORTOBS	e:fp:flow:3e0a57fa3cfd:port:tcp:23851	flow:3e0a57fa3cfd → port:tcp:23851
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a05a386609def1c:host:177.10.236.110	SESSION-0a05a386609def1c → host:177.10.236.110
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5746e0d81f0d05c1:host:172.234.197.23	SESSION-5746e0d81f0d05c1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0d9e3720b73bcaea:host:177.10.234.70	SESSION-0d9e3720b73bcaea → host:177.10.234.70
FLOW_FROM_HOSTOBS	e:from:SESSION-87edcc7df5436fbe:host:131.196.29.14	SESSION-87edcc7df5436fbe → host:131.196.29.14
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-550b52f6103256cd:flow:eaa8659511f0	SESSION-550b52f6103256cd → flow:eaa8659511f0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b5b84f652a18f91:host:172.234.197.23	SESSION-5b5b84f652a18f91 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.60:geo_-16.28860_-49.01640	host:177.10.235.60 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:b122972ee5da	flow:b122972ee5da → host:45.173.156.3 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:83d88592290c	flow:83d88592290c → host:177.10.237.218 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e49b447cbf9c1ef7:host:177.10.235.205	SESSION-e49b447cbf9c1ef7 → host:177.10.235.205
FLOW_TO_HOSTOBS	e:to:SESSION-23aaa31711ea4954:host:172.234.197.23	SESSION-23aaa31711ea4954 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fa2f81c8f6798425:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-fa2f81c8f6798425 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-dd5c7cb019cd55a3:host:172.234.197.23	SESSION-dd5c7cb019cd55a3 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8314ac7032421127:host:177.10.239.217	SESSION-8314ac7032421127 → host:177.10.239.217
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-02270ea748fd3855:SESSION-02270ea748fd3855	SESSION-02270ea748fd3855 → pe:tls:SESSION-02270ea748fd3855
FLOW_TO_HOSTOBS	e:to:SESSION-cb3e7e97aa8c76e6:host:172.234.197.23	SESSION-cb3e7e97aa8c76e6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:329e1f6a0d23	flow:329e1f6a0d23 → host:177.10.232.191 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d3f8bf2b05f7ab82:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d3f8bf2b05f7ab82 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ceaf5a04e9815b11:SESSION-ceaf5a04e9815b11	SESSION-ceaf5a04e9815b11 → pe:tls:SESSION-ceaf5a04e9815b11
FLOW_TO_HOSTOBS	e:to:SESSION-c9d4e1b0711d4507:host:172.234.197.23	SESSION-c9d4e1b0711d4507 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-13b449bea21c4b54:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-13b449bea21c4b54 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed4-aryOBS	e:fo:flow:68526d736736	flow:68526d736736 → host:172.234.197.23 → host:131.196.29.254 → port:tcp:1604
FLOW_FROM_HOSTOBS	e:from:SESSION-ce217831fb6e1103:host:172.234.197.23	SESSION-ce217831fb6e1103 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.230:asn:262880	host:177.10.237.230 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-60281e53e47bfb2b:host:172.234.197.23:host:131.196.29.56	SESSION-60281e53e47bfb2b → host:172.234.197.23 → host:131.196.29.56
FLOW_TO_HOSTOBS	e:to:SESSION-198cd8f9bb6f8909:host:172.234.197.23	SESSION-198cd8f9bb6f8909 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37a50d9fe3e20191:PCAP:capture_20260430080001:93f47cc296a4	SESSION-37a50d9fe3e20191 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-15ce8c1431c2e2c7:SESSION-15ce8c1431c2e2c7	SESSION-15ce8c1431c2e2c7 → pe:syn:SESSION-15ce8c1431c2e2c7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-905738e9b4f08562:PCAP:capture_20260430070001:903a0e7a436b	SESSION-905738e9b4f08562 → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.193:asn:262880	host:177.10.232.193 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-605f000d6a5e20b1:host:172.234.197.23:host:131.196.29.221	SESSION-605f000d6a5e20b1 → host:172.234.197.23 → host:131.196.29.221
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-66033cfbc7dd0c2c:host:131.196.30.155:host:172.234.197.23	SESSION-66033cfbc7dd0c2c → host:131.196.30.155 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:63c9515a3982	flow:63c9515a3982 → host:172.234.197.23 → host:177.10.238.181 → port:tcp:11607
flow_observed5-aryOBS	e:fo:flow:62bdf54a4e6f	flow:62bdf54a4e6f → host:177.10.236.0 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:fa27f0003580:port:tcp:52356	flow:fa27f0003580 → port:tcp:52356
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11641f941720f4cf:host:177.10.232.132	SESSION-11641f941720f4cf → host:177.10.232.132
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f45c3ab8ea783ada:SESSION-f45c3ab8ea783ada	SESSION-f45c3ab8ea783ada → pe:tls:SESSION-f45c3ab8ea783ada
FLOW_TO_HOSTOBS	e:to:SESSION-bf9713fb7209fcf9:host:172.234.197.23	SESSION-bf9713fb7209fcf9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1699a282bb5af583:flow:bbdcfb726e93	SESSION-1699a282bb5af583 → flow:bbdcfb726e93
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-332b957940cff81b:host:45.145.152.156	SESSION-332b957940cff81b → host:45.145.152.156
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.1:geo_-23.62930_-46.63510	host:131.196.30.1 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:c0d2094dfac4	flow:c0d2094dfac4 → host:177.10.237.229 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-a5a0c98ce5f67db5:host:131.196.28.39	SESSION-a5a0c98ce5f67db5 → host:131.196.28.39
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.159:asn:271410	host:131.196.31.159 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-077636b939c69f3b:flow:05808b5dfe4c	SESSION-077636b939c69f3b → flow:05808b5dfe4c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c93e86640e8945ad:host:177.10.234.62:host:172.234.197.23	SESSION-c93e86640e8945ad → host:177.10.234.62 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-495677aa294b030b:host:172.234.197.23	SESSION-495677aa294b030b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89ddb9a3043f63a3:host:177.10.234.120	SESSION-89ddb9a3043f63a3 → host:177.10.234.120
flow_observed4-aryOBS	e:fo:flow:43aef062f8f5	flow:43aef062f8f5 → host:172.234.197.23 → host:177.10.233.66 → port:tcp:8323
FLOW_DST_PORTOBS	e:fp:flow:0f753bb6befc:port:tcp:443	flow:0f753bb6befc → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-5fdfd79cbce8be94:host:172.234.197.23	SESSION-5fdfd79cbce8be94 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3c17e2540d05f4c2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3c17e2540d05f4c2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-78d87c88323785f9:SESSION-78d87c88323785f9	SESSION-78d87c88323785f9 → pe:tls:SESSION-78d87c88323785f9
FLOW_TO_HOSTOBS	e:to:SESSION-bedaa62e135c647a:host:131.196.28.238	SESSION-bedaa62e135c647a → host:131.196.28.238
FLOW_TO_HOSTOBS	e:to:SESSION-6da898acb6c07034:host:172.234.197.23	SESSION-6da898acb6c07034 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6c5381aaad8fa568:host:172.234.197.23	SESSION-6c5381aaad8fa568 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7aaaf2932de65e0e:host:177.10.234.155:host:172.234.197.23	SESSION-7aaaf2932de65e0e → host:177.10.234.155 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef7fe2bb78158297:host:172.234.197.23	SESSION-ef7fe2bb78158297 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8de6c1be9d0210fa:host:95.170.25.208:host:172.234.197.23	SESSION-8de6c1be9d0210fa → host:95.170.25.208 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:ab9b76775656	flow:ab9b76775656 → host:172.234.197.23 → host:177.10.233.3 → port:tcp:4500
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7ac209c33b5c7f5:PCAP:capture_20260430160001:9bfa4498506a	SESSION-b7ac209c33b5c7f5 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-34b42a1bd1f93900:flow:8fec7176e796	SESSION-34b42a1bd1f93900 → flow:8fec7176e796
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f0b6872bf6474c44:SESSION-f0b6872bf6474c44	SESSION-f0b6872bf6474c44 → pe:tls:SESSION-f0b6872bf6474c44
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.90:asn:262880	host:177.10.237.90 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-35e3c61c67455ba8:flow:070f0d42d41e	SESSION-35e3c61c67455ba8 → flow:070f0d42d41e
FLOW_TO_HOSTOBS	e:to:SESSION-1a9948d7535bcfa1:host:131.196.30.108	SESSION-1a9948d7535bcfa1 → host:131.196.30.108
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-46cfffaa3fdb7f1d:host:172.234.197.23:host:172.232.0.16	SESSION-46cfffaa3fdb7f1d → host:172.234.197.23 → host:172.232.0.16
FLOW_FROM_HOSTOBS	e:from:SESSION-6bca989f2c390047:host:172.234.197.23	SESSION-6bca989f2c390047 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-54127ab649dd8e15:flow:543bc6e6886f	SESSION-54127ab649dd8e15 → flow:543bc6e6886f
FLOW_FROM_HOSTOBS	e:from:SESSION-8b1edba75af29ea2:host:131.196.31.228	SESSION-8b1edba75af29ea2 → host:131.196.31.228
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-33fcdd018bdc1a2c:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-33fcdd018bdc1a2c → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.97:asn:262880	host:177.10.237.97 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87b50db5a64a4926:host:131.196.29.167	SESSION-87b50db5a64a4926 → host:131.196.29.167
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-87f83ff8260cc70d:PCAP:capture_20260430060001:919b39a74464	SESSION-87f83ff8260cc70d → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-21a6fb1ae6879e55:host:177.10.236.239:host:172.234.197.23	SESSION-21a6fb1ae6879e55 → host:177.10.236.239 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65f49e29fd3c9157:host:177.10.239.108:host:172.234.197.23	SESSION-65f49e29fd3c9157 → host:177.10.239.108 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:497b82a2345f	flow:497b82a2345f → host:172.234.197.23 → host:131.196.31.65 → port:tcp:167
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6315d280130065c8:host:131.196.31.86	SESSION-6315d280130065c8 → host:131.196.31.86
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9b2bcd9d2c0b41b4:flow:b6ce620286af	SESSION-9b2bcd9d2c0b41b4 → flow:b6ce620286af
FLOW_DST_PORTOBS	e:fp:flow:356dc5b46539:port:tcp:25979	flow:356dc5b46539 → port:tcp:25979
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-69d41e5348c00130:SESSION-69d41e5348c00130	SESSION-69d41e5348c00130 → pe:tls:SESSION-69d41e5348c00130
FLOW_TO_HOSTOBS	e:to:SESSION-52e63b8cb0c4a7de:host:172.234.197.23	SESSION-52e63b8cb0c4a7de → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51c60ff5c6e820bd:host:172.234.197.23:host:177.10.235.85	SESSION-51c60ff5c6e820bd → host:172.234.197.23 → host:177.10.235.85
FLOW_FROM_HOSTOBS	e:from:SESSION-4be71a9ef959f500:host:172.234.197.23	SESSION-4be71a9ef959f500 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.105:asn:262880	host:177.10.232.105 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-805fb07d7b5cb44b:host:177.10.235.218	SESSION-805fb07d7b5cb44b → host:177.10.235.218
FLOW_TO_HOSTOBS	e:to:SESSION-7b89a1b1f5399599:host:172.234.197.23	SESSION-7b89a1b1f5399599 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.134:geo_-16.28860_-49.01640	host:177.10.232.134 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-18af1f65a173a9cf:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-18af1f65a173a9cf → PCAP:capture_20260428000001:7e90c7cb899e
FLOW_FROM_HOSTOBS	e:from:SESSION-8c18109925f9685a:host:177.10.237.122	SESSION-8c18109925f9685a → host:177.10.237.122
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c73d5dfb4b98c8a4:SESSION-c73d5dfb4b98c8a4	SESSION-c73d5dfb4b98c8a4 → pe:tls:SESSION-c73d5dfb4b98c8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f6ab7360966186b9:host:172.234.197.23	SESSION-f6ab7360966186b9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0786c46a404d7589:host:172.234.197.23	SESSION-0786c46a404d7589 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8a9273620e0aaedc:SESSION-8a9273620e0aaedc	SESSION-8a9273620e0aaedc → pe:tls:SESSION-8a9273620e0aaedc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3ea330cf59d2a2f8:PCAP:capture_20260430080001:93f47cc296a4	SESSION-3ea330cf59d2a2f8 → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.93:asn:271410	host:131.196.28.93 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-99a4fe376d3938fb:flow:bf473035e2d9	SESSION-99a4fe376d3938fb → flow:bf473035e2d9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.223:geo_-23.62930_-46.63510	host:131.196.30.223 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:fe720b597bbb	flow:fe720b597bbb → host:177.10.236.113 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:ddb8eea7a241:port:tcp:443	flow:ddb8eea7a241 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:bcec3454bc9d:port:tcp:14271	flow:bcec3454bc9d → port:tcp:14271
FLOW_FROM_HOSTOBS	e:from:SESSION-d027fcdf19e82664:host:177.10.233.47	SESSION-d027fcdf19e82664 → host:177.10.233.47
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7c9cadb68fe1ad17:SESSION-7c9cadb68fe1ad17	SESSION-7c9cadb68fe1ad17 → pe:tls:SESSION-7c9cadb68fe1ad17
flow_observed5-aryOBS	e:fo:flow:9ea1e6616e07	flow:9ea1e6616e07 → host:177.10.239.176 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ef022cf55a10b05:flow:99738992b719	SESSION-6ef022cf55a10b05 → flow:99738992b719
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.77:asn:262880	host:177.10.238.77 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e7098e9f09e131f1:SESSION-e7098e9f09e131f1	SESSION-e7098e9f09e131f1 → pe:tls:SESSION-e7098e9f09e131f1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-866725b3664820db:host:172.234.197.23	SESSION-866725b3664820db → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-420c45d015462611:PCAP:capture_20260430110001:43611bdf6759	SESSION-420c45d015462611 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f56538a064e25a46:host:177.10.235.18:host:172.234.197.23	SESSION-f56538a064e25a46 → host:177.10.235.18 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6a10e6ba939684b8:SESSION-6a10e6ba939684b8	SESSION-6a10e6ba939684b8 → pe:tls:SESSION-6a10e6ba939684b8
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.142:asn:262880	host:177.10.234.142 → asn:262880
flow_observed4-aryOBS	e:fo:flow:1f275a80e4a1	flow:1f275a80e4a1 → host:172.234.197.23 → host:131.196.28.2 → port:tcp:18124
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c2bdd821ab6e9acc:host:91.240.224.238:host:172.234.197.23	SESSION-c2bdd821ab6e9acc → host:91.240.224.238 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2c5fc27029770f85:PCAP:capture_20260430110001:43611bdf6759	SESSION-2c5fc27029770f85 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:2539e145c2c5	flow:2539e145c2c5 → host:177.10.233.59 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-4ec917f0e741b647:host:172.234.197.23	SESSION-4ec917f0e741b647 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ad4b86f4c7bfaae:host:172.234.197.23	SESSION-1ad4b86f4c7bfaae → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0b2d512f3efc35f9:SESSION-0b2d512f3efc35f9	SESSION-0b2d512f3efc35f9 → pe:syn:SESSION-0b2d512f3efc35f9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11d5793dfe2c0097:host:177.10.237.172	SESSION-11d5793dfe2c0097 → host:177.10.237.172
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0e515946ec2b2292:flow:472d13218b35	SESSION-0e515946ec2b2292 → flow:472d13218b35
FLOW_FROM_HOSTOBS	e:from:SESSION-3bb178420802ca16:host:177.10.239.67	SESSION-3bb178420802ca16 → host:177.10.239.67
flow_observed4-aryOBS	e:fo:flow:f805d83e63c0	flow:f805d83e63c0 → host:172.234.197.23 → host:131.196.28.86 → port:tcp:49100
FLOW_DST_PORTOBS	e:fp:flow:e0ce7693c786:port:tcp:443	flow:e0ce7693c786 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f9d01126d5763bf9:PCAP:capture_20260430050001:8868731bf8a4	SESSION-f9d01126d5763bf9 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-0a32c5a0b23fc272:host:177.10.238.195	SESSION-0a32c5a0b23fc272 → host:177.10.238.195
FLOW_FROM_HOSTOBS	e:from:SESSION-c9c8bcacffc7072b:host:172.234.197.23	SESSION-c9c8bcacffc7072b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-381f999774715cfc:flow:3efa649fed79	SESSION-381f999774715cfc → flow:3efa649fed79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a05a386609def1c:host:172.234.197.23	SESSION-0a05a386609def1c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fd2e4550d5ebaf09:host:177.10.235.197:host:172.234.197.23	SESSION-fd2e4550d5ebaf09 → host:177.10.235.197 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6ab36c178e57:port:tcp:443	flow:6ab36c178e57 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:97c43f7faea6:port:tcp:38756	flow:97c43f7faea6 → port:tcp:38756
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-112ed66aeea7c1e0:host:177.10.237.2	SESSION-112ed66aeea7c1e0 → host:177.10.237.2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0827c1c94491daec:host:172.234.197.23	SESSION-0827c1c94491daec → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a29ca5d80bc122d0:host:177.10.235.60	SESSION-a29ca5d80bc122d0 → host:177.10.235.60
flow_observed4-aryOBS	e:fo:flow:b64652804f63	flow:b64652804f63 → host:172.234.197.23 → host:131.196.31.145 → port:tcp:45665
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c6e971723a904aea:flow:31ddd533e1a8	SESSION-c6e971723a904aea → flow:31ddd533e1a8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c766f181ead012ae:SESSION-c766f181ead012ae	SESSION-c766f181ead012ae → pe:rst:SESSION-c766f181ead012ae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0847a7bc7e933771:SESSION-0847a7bc7e933771	SESSION-0847a7bc7e933771 → pe:tls:SESSION-0847a7bc7e933771
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-55187c9d4dc6d2e7:flow:23d8fe986251	SESSION-55187c9d4dc6d2e7 → flow:23d8fe986251
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7a65c242582e5e81:PCAP:capture_20260430110001:43611bdf6759	SESSION-7a65c242582e5e81 → PCAP:capture_20260430110001:43611bdf6759
flow_observed4-aryOBS	e:fo:flow:f47fcccc9f57	flow:f47fcccc9f57 → host:172.234.197.23 → host:131.196.31.220 → port:tcp:30676
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0b2db5b5e20e8c4e:flow:cd08e0bdcb8b	SESSION-0b2db5b5e20e8c4e → flow:cd08e0bdcb8b
flow_observed5-aryOBS	e:fo:flow:29c853a24919	flow:29c853a24919 → host:177.10.234.3 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1f78283937123fd5:SESSION-1f78283937123fd5	SESSION-1f78283937123fd5 → pe:syn:SESSION-1f78283937123fd5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a8ab97210507c98d:host:172.234.197.23:host:131.196.29.227	SESSION-a8ab97210507c98d → host:172.234.197.23 → host:131.196.29.227
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6752f583f7e09519:host:45.173.156.161	SESSION-6752f583f7e09519 → host:45.173.156.161
FLOW_DST_PORTOBS	e:fp:flow:15df16109c4b:port:tcp:443	flow:15df16109c4b → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-e00ced36c846b73a:host:177.10.234.76	SESSION-e00ced36c846b73a → host:177.10.234.76
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e361598c12a1af0:host:172.234.197.23	SESSION-3e361598c12a1af0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e8104be0e9171978:host:172.234.197.23:host:172.232.0.17	SESSION-e8104be0e9171978 → host:172.234.197.23 → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-e17435638a41ed24:host:172.234.197.23	SESSION-e17435638a41ed24 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1ac7571021c2:port:tcp:443	flow:1ac7571021c2 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-006e3a8766fa0c7d:flow:d33594f9a169	SESSION-006e3a8766fa0c7d → flow:d33594f9a169
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2338a143c0830527:SESSION-2338a143c0830527	SESSION-2338a143c0830527 → pe:syn:SESSION-2338a143c0830527
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-43a9f8d54e48850a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-43a9f8d54e48850a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-107eaa9172a242e7:PCAP:capture_20260430050001:8868731bf8a4	SESSION-107eaa9172a242e7 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0b5f77768a227f3c:SESSION-0b5f77768a227f3c	SESSION-0b5f77768a227f3c → pe:tls:SESSION-0b5f77768a227f3c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1bb46c5efd0c0159:SESSION-1bb46c5efd0c0159	SESSION-1bb46c5efd0c0159 → pe:syn:SESSION-1bb46c5efd0c0159
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bee309b4d5047c7d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-bee309b4d5047c7d → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-bf1647bbc272aaf8:host:177.10.239.199	SESSION-bf1647bbc272aaf8 → host:177.10.239.199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d1c756fff84e2d4:host:131.196.28.246	SESSION-7d1c756fff84e2d4 → host:131.196.28.246
flow_observed5-aryOBS	e:fo:flow:16d412ae36b6	flow:16d412ae36b6 → host:131.196.31.118 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.19:asn:271410	host:131.196.28.19 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:732edc8624c6:port:tcp:443	flow:732edc8624c6 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:ef76751809b3:port:tcp:443	flow:ef76751809b3 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-feb7243d21c3bd2d:host:177.10.235.83	SESSION-feb7243d21c3bd2d → host:177.10.235.83
flow_observed5-aryOBS	e:fo:flow:3f499886bc2e	flow:3f499886bc2e → host:131.196.29.153 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:73763aa195b9:port:tcp:443	flow:73763aa195b9 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2625cb17cae199d1:SESSION-2625cb17cae199d1	SESSION-2625cb17cae199d1 → pe:tls:SESSION-2625cb17cae199d1
FLOW_DST_PORTOBS	e:fp:flow:2ed2b58f6d06:port:tcp:63241	flow:2ed2b58f6d06 → port:tcp:63241
FLOW_DST_PORTOBS	e:fp:flow:b8531a25e714:port:tcp:443	flow:b8531a25e714 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-b5bec9c6872f5835:host:172.234.197.23	SESSION-b5bec9c6872f5835 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2676dbc5b99ef14:host:172.234.197.23	SESSION-e2676dbc5b99ef14 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-06b5f759c1748871:host:131.196.29.151	SESSION-06b5f759c1748871 → host:131.196.29.151
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d7f8914f0744c0dd:host:177.10.233.222	SESSION-d7f8914f0744c0dd → host:177.10.233.222
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1f44963c65f506a9:flow:8fc42904690b	SESSION-1f44963c65f506a9 → flow:8fc42904690b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ac3b19d6233e6f7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2ac3b19d6233e6f7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a418060e7d2d204b:flow:a080f56c4457	SESSION-a418060e7d2d204b → flow:a080f56c4457
FLOW_FROM_HOSTOBS	e:from:SESSION-cb6cea4441256ebd:host:172.234.197.23	SESSION-cb6cea4441256ebd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-20a3b697d9e7cdf6:flow:cb8516635eb4	SESSION-20a3b697d9e7cdf6 → flow:cb8516635eb4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.172:asn:262880	host:177.10.237.172 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-d8432ee5dd236020:host:172.234.197.23	SESSION-d8432ee5dd236020 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-588e177edbf40597:flow:8d3473ebe422	SESSION-588e177edbf40597 → flow:8d3473ebe422
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-426c38e34029cb1b:SESSION-426c38e34029cb1b	SESSION-426c38e34029cb1b → pe:syn:SESSION-426c38e34029cb1b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3645126144628c28:host:172.234.197.23:host:45.173.156.32	SESSION-3645126144628c28 → host:172.234.197.23 → host:45.173.156.32
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b4f4901fb8368e3:host:177.10.238.205:host:172.234.197.23	SESSION-7b4f4901fb8368e3 → host:177.10.238.205 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7aec1fe7f0c7787b:host:172.234.197.23	SESSION-7aec1fe7f0c7787b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2006ea332961	flow:2006ea332961 → host:177.10.237.220 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-5c7bf6a31f6e2d56:host:172.234.197.23	SESSION-5c7bf6a31f6e2d56 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:05ef07bcb6b2	flow:05ef07bcb6b2 → host:172.234.197.23 → host:131.196.31.13 → port:tcp:25198
FLOW_TO_HOSTOBS	e:to:SESSION-35fcdb0ef59afc26:host:177.10.234.143	SESSION-35fcdb0ef59afc26 → host:177.10.234.143
FLOW_TO_HOSTOBS	e:to:SESSION-e0a8afad40ce0aa2:host:172.234.197.23	SESSION-e0a8afad40ce0aa2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e47cd7d3b6c5e00d:host:177.10.237.221	SESSION-e47cd7d3b6c5e00d → host:177.10.237.221
FLOW_FROM_HOSTOBS	e:from:SESSION-c7201144bad9d462:host:131.196.30.242	SESSION-c7201144bad9d462 → host:131.196.30.242
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-74505beccb017396:flow:c977f56fc361	SESSION-74505beccb017396 → flow:c977f56fc361
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e2b1b7c009dcf05e:host:172.234.197.23:host:177.10.235.151	SESSION-e2b1b7c009dcf05e → host:172.234.197.23 → host:177.10.235.151
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52edb7664c060999:host:31.40.196.41	SESSION-52edb7664c060999 → host:31.40.196.41
FLOW_TO_HOSTOBS	e:to:SESSION-168c4e3df9119bba:host:177.10.234.51	SESSION-168c4e3df9119bba → host:177.10.234.51
FLOW_TO_HOSTOBS	e:to:SESSION-96b1ae4f2b433079:host:172.234.197.23	SESSION-96b1ae4f2b433079 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9b3d68511ee3e6e7:flow:2ce85ca988e6	SESSION-9b3d68511ee3e6e7 → flow:2ce85ca988e6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2c59cadc4597ab32:host:172.234.197.23:host:45.173.156.217	SESSION-2c59cadc4597ab32 → host:172.234.197.23 → host:45.173.156.217
FLOW_DST_PORTOBS	e:fp:flow:26ac88054b83:port:tcp:30409	flow:26ac88054b83 → port:tcp:30409
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.190:geo_-23.62930_-46.63510	host:131.196.31.190 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:08b00cb520f1:port:tcp:54254	flow:08b00cb520f1 → port:tcp:54254
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e7f9687dfabd8cdb:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-e7f9687dfabd8cdb → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.217:asn:262880	host:177.10.235.217 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-69b211b684a77852:host:177.10.236.72	SESSION-69b211b684a77852 → host:177.10.236.72
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85ceb858b118c816:host:177.10.234.23:host:172.234.197.23	SESSION-85ceb858b118c816 → host:177.10.234.23 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5feb8893f1da:port:tcp:443	flow:5feb8893f1da → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a24a5811642df328:PCAP:capture_20260430050001:8868731bf8a4	SESSION-a24a5811642df328 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5fa5716fea2946da:flow:16c57d759bca	SESSION-5fa5716fea2946da → flow:16c57d759bca
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9a5aae11508cfd60:SESSION-9a5aae11508cfd60	SESSION-9a5aae11508cfd60 → pe:tls:SESSION-9a5aae11508cfd60
FLOW_DST_PORTOBS	e:fp:flow:9b350481ac58:port:tcp:443	flow:9b350481ac58 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cdd13464c217a214:host:131.196.29.27	SESSION-cdd13464c217a214 → host:131.196.29.27
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f910dce05c4c16f4:host:172.234.197.23	SESSION-f910dce05c4c16f4 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.248:asn:273470	host:45.173.156.248 → asn:273470
FLOW_TO_HOSTOBS	e:to:SESSION-fb645c1b10558a95:host:177.10.233.93	SESSION-fb645c1b10558a95 → host:177.10.233.93
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-61edd9328a7eff0d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-61edd9328a7eff0d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:5434ce9d30fa:port:tcp:443	flow:5434ce9d30fa → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-d4691236308c01a5:host:172.234.197.23	SESSION-d4691236308c01a5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed37df036f91c955:host:131.196.31.174	SESSION-ed37df036f91c955 → host:131.196.31.174
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ead5791c5617fb56:SESSION-ead5791c5617fb56	SESSION-ead5791c5617fb56 → pe:tls:SESSION-ead5791c5617fb56
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ead89ade728d357d:host:51.224.181.45:host:172.234.197.23	SESSION-ead89ade728d357d → host:51.224.181.45 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6b24715291f7dc36:host:172.234.197.23:host:177.10.232.56	SESSION-6b24715291f7dc36 → host:172.234.197.23 → host:177.10.232.56
FLOW_TO_HOSTOBS	e:to:SESSION-001dbe9c45882aae:host:172.234.197.23	SESSION-001dbe9c45882aae → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fce80bc522afcc8b:host:177.10.232.63	SESSION-fce80bc522afcc8b → host:177.10.232.63
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b5b84f652a18f91:flow:7ca8715707a6	SESSION-5b5b84f652a18f91 → flow:7ca8715707a6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5bae596d14ec2741:host:177.10.238.20:host:172.234.197.23	SESSION-5bae596d14ec2741 → host:177.10.238.20 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e21e19309bc8d324:host:172.234.197.23	SESSION-e21e19309bc8d324 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-492b019ad94826ae:SESSION-492b019ad94826ae	SESSION-492b019ad94826ae → pe:syn:SESSION-492b019ad94826ae
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b57c4e647c9921c9:flow:c937676c594a	SESSION-b57c4e647c9921c9 → flow:c937676c594a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a0d556a7af957b2:host:131.196.30.194	SESSION-2a0d556a7af957b2 → host:131.196.30.194
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-57d2db6c2c177c2e:flow:01cddae85cf7	SESSION-57d2db6c2c177c2e → flow:01cddae85cf7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c3cd15ae05af1e0a:flow:a12b549bc0a2	SESSION-c3cd15ae05af1e0a → flow:a12b549bc0a2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-62337f4a23aa4d2d:SESSION-62337f4a23aa4d2d	SESSION-62337f4a23aa4d2d → pe:tls:SESSION-62337f4a23aa4d2d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4636706714da3434:host:45.173.156.236:host:172.234.197.23	SESSION-4636706714da3434 → host:45.173.156.236 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a2f802a56d8e0d79:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a2f802a56d8e0d79 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7d9d7757b20ed84d:flow:77c4e561c87b	SESSION-7d9d7757b20ed84d → flow:77c4e561c87b
FLOW_FROM_HOSTOBS	e:from:SESSION-0e3916b0aa19b751:host:131.196.29.167	SESSION-0e3916b0aa19b751 → host:131.196.29.167
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.78:asn:271410	host:131.196.29.78 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-397164cbc5836ff1:host:172.234.197.23	SESSION-397164cbc5836ff1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2cb296f879c20d45:host:172.234.197.23	SESSION-2cb296f879c20d45 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e41bbf161497	flow:e41bbf161497 → host:172.234.197.23 → host:177.10.233.219 → port:tcp:59762
FLOW_TO_HOSTOBS	e:to:SESSION-d269b4a1c84321cd:host:177.10.238.145	SESSION-d269b4a1c84321cd → host:177.10.238.145
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c38263f2f5f96575:SESSION-c38263f2f5f96575	SESSION-c38263f2f5f96575 → pe:syn:SESSION-c38263f2f5f96575
FLOW_FROM_HOSTOBS	e:from:SESSION-7ac9bb77fb56e773:host:177.10.234.114	SESSION-7ac9bb77fb56e773 → host:177.10.234.114
FLOW_DST_PORTOBS	e:fp:flow:2f58c659f6fe:port:tcp:443	flow:2f58c659f6fe → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:34dbff5e9e02	flow:34dbff5e9e02 → host:172.234.197.23 → host:177.10.239.84 → port:tcp:46965
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4f3c3204c65c6f4:host:177.10.235.45:host:172.234.197.23	SESSION-d4f3c3204c65c6f4 → host:177.10.235.45 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a55eb245a4ca8dde:host:131.196.29.127	SESSION-a55eb245a4ca8dde → host:131.196.29.127
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6b24715291f7dc36:SESSION-6b24715291f7dc36	SESSION-6b24715291f7dc36 → pe:tls:SESSION-6b24715291f7dc36
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8feacc6abd2fe08c:SESSION-8feacc6abd2fe08c	SESSION-8feacc6abd2fe08c → pe:tls:SESSION-8feacc6abd2fe08c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-875fd6bdbe4ae339:host:172.234.197.23:host:177.10.236.52	SESSION-875fd6bdbe4ae339 → host:172.234.197.23 → host:177.10.236.52
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d6d47e7b31036f28:host:131.196.28.35:host:172.234.197.23	SESSION-d6d47e7b31036f28 → host:131.196.28.35 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c69fd5cbb3980413:host:172.234.197.23	SESSION-c69fd5cbb3980413 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ffc31ee499a3f223:SESSION-ffc31ee499a3f223	SESSION-ffc31ee499a3f223 → pe:syn:SESSION-ffc31ee499a3f223
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-20a3b697d9e7cdf6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-20a3b697d9e7cdf6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ee8538a8ddcb6ee:host:172.234.197.23	SESSION-7ee8538a8ddcb6ee → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:490048fe7305:port:tcp:50540	flow:490048fe7305 → port:tcp:50540
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aab351c0be27393b:SESSION-aab351c0be27393b	SESSION-aab351c0be27393b → pe:tls:SESSION-aab351c0be27393b
flow_observed4-aryOBS	e:fo:flow:acc70308abfc	flow:acc70308abfc → host:172.234.197.23 → host:131.196.28.248 → port:tcp:60621
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99664d33d11b43d2:host:57.128.95.174	SESSION-99664d33d11b43d2 → host:57.128.95.174
FLOW_FROM_HOSTOBS	e:from:SESSION-980b61ddea9c5965:host:172.234.197.23	SESSION-980b61ddea9c5965 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fb6a6e3ef5fc132c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-fb6a6e3ef5fc132c → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-cddf604912330e1b:host:172.234.197.23	SESSION-cddf604912330e1b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.163:asn:262880	host:177.10.237.163 → asn:262880
flow_observed4-aryOBS	e:fo:flow:8c6f2857ece5	flow:8c6f2857ece5 → host:172.234.197.23 → host:131.196.29.139 → port:tcp:39579
flow_observed4-aryOBS	e:fo:flow:184a61da04f3	flow:184a61da04f3 → host:172.234.197.23 → host:131.196.29.208 → port:tcp:3589
FLOW_FROM_HOSTOBS	e:from:SESSION-319dd83e6310ac59:host:172.234.197.23	SESSION-319dd83e6310ac59 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:987246f3073a:port:tcp:443	flow:987246f3073a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65a2e80880ae05c5:host:172.234.197.23	SESSION-65a2e80880ae05c5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-16ea01a17fc6b7f7:PCAP:capture_20260430110001:43611bdf6759	SESSION-16ea01a17fc6b7f7 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-12096b18b6e78b60:SESSION-12096b18b6e78b60	SESSION-12096b18b6e78b60 → pe:rst:SESSION-12096b18b6e78b60
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0fa06d2bfceab141:SESSION-0fa06d2bfceab141	SESSION-0fa06d2bfceab141 → pe:tls:SESSION-0fa06d2bfceab141
FLOW_DST_PORTOBS	e:fp:flow:abc8f32c87a5:port:tcp:443	flow:abc8f32c87a5 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60b46aef513c4722:host:172.234.197.23	SESSION-60b46aef513c4722 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-56476ce9df92fd09:SESSION-56476ce9df92fd09	SESSION-56476ce9df92fd09 → pe:tls:SESSION-56476ce9df92fd09
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-76512232807349be:SESSION-76512232807349be	SESSION-76512232807349be → pe:tls:SESSION-76512232807349be
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c47e89745eb205fd:SESSION-c47e89745eb205fd	SESSION-c47e89745eb205fd → pe:syn:SESSION-c47e89745eb205fd
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-21b975753a100632:flow:0ed5acb768fc	SESSION-21b975753a100632 → flow:0ed5acb768fc
flow_observed5-aryOBS	e:fo:flow:282e04bd7969	flow:282e04bd7969 → host:177.10.238.96 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.140:geo_-23.62930_-46.63510	host:131.196.31.140 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08b25d9f54ecadf2:host:172.234.197.23	SESSION-08b25d9f54ecadf2 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.250:geo_-16.28860_-49.01640	host:177.10.238.250 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-182527d04a349453:host:131.196.29.4	SESSION-182527d04a349453 → host:131.196.29.4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ca59b4a9ab5138ce:flow:56d377d36570	SESSION-ca59b4a9ab5138ce → flow:56d377d36570
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ee237db5b674d6c4:host:177.10.239.255:host:172.234.197.23	SESSION-ee237db5b674d6c4 → host:177.10.239.255 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-86b61cf52362ae86:PCAP:capture_20260430060001:919b39a74464	SESSION-86b61cf52362ae86 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-c2927944fbf9fbe3:host:172.234.197.23	SESSION-c2927944fbf9fbe3 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a37420066607	flow:a37420066607 → host:172.234.197.23 → host:177.10.234.5 → port:tcp:15007
FLOW_FROM_HOSTOBS	e:from:SESSION-4f30e546741e354a:host:172.234.197.23	SESSION-4f30e546741e354a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d60c66268e099206:flow:c72b743220d2	SESSION-d60c66268e099206 → flow:c72b743220d2
FLOW_DST_PORTOBS	e:fp:flow:7c50ecd71f79:port:tcp:443	flow:7c50ecd71f79 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.157:geo_-16.28860_-49.01640	host:177.10.238.157 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-291dfe079248afc7:PCAP:capture_20260430110001:43611bdf6759	SESSION-291dfe079248afc7 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-11da84003d7810c4:host:104.28.202.77	SESSION-11da84003d7810c4 → host:104.28.202.77
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-328e38096bb05d60:host:172.234.197.23	SESSION-328e38096bb05d60 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.46:geo_-16.28860_-49.01640	host:177.10.237.46 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aaa8cebb6aaa8760:flow:ede30feb887b	SESSION-aaa8cebb6aaa8760 → flow:ede30feb887b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f4a86c40e28bf330:host:172.234.197.23	SESSION-f4a86c40e28bf330 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.11:asn:262880	host:177.10.238.11 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d537e467802bc1c1:SESSION-d537e467802bc1c1	SESSION-d537e467802bc1c1 → pe:syn:SESSION-d537e467802bc1c1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8c07bee6bb583aca:host:67.219.103.9:host:172.234.197.23	SESSION-8c07bee6bb583aca → host:67.219.103.9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-896e151c898991bb:host:172.234.197.23:host:177.10.239.102	SESSION-896e151c898991bb → host:172.234.197.23 → host:177.10.239.102
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1f6bbc079dc776bc:SESSION-1f6bbc079dc776bc	SESSION-1f6bbc079dc776bc → pe:tls:SESSION-1f6bbc079dc776bc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c16307b11a026263:flow:a41a049c99f0	SESSION-c16307b11a026263 → flow:a41a049c99f0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2958e311eaa51e83:PCAP:capture_20260430090001:065659c7d314	SESSION-2958e311eaa51e83 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7f350449fc7d11b3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-7f350449fc7d11b3 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ab75a0984f628f7a:SESSION-ab75a0984f628f7a	SESSION-ab75a0984f628f7a → pe:syn:SESSION-ab75a0984f628f7a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-829f75d99e4943bf:host:177.10.235.5:host:172.234.197.23	SESSION-829f75d99e4943bf → host:177.10.235.5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b54b11bede7a4d5:host:172.234.197.23	SESSION-2b54b11bede7a4d5 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-409db122b916fc83:host:172.234.197.23	SESSION-409db122b916fc83 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bb512b6db53333ff:PCAP:capture_20260430050001:8868731bf8a4	SESSION-bb512b6db53333ff → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:c4cda82c081c	flow:c4cda82c081c → host:177.10.239.186 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2f35e45e57d830f4:host:177.10.235.169:host:172.234.197.23	SESSION-2f35e45e57d830f4 → host:177.10.235.169 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b30dbd402b74df1:host:172.234.197.23	SESSION-9b30dbd402b74df1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5f70c7a73cedaabc:host:172.234.197.23	SESSION-5f70c7a73cedaabc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab491f454947df2e:host:177.10.236.32	SESSION-ab491f454947df2e → host:177.10.236.32
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-86951cb3218963fd:flow:a805c9901252	SESSION-86951cb3218963fd → flow:a805c9901252
flow_observed5-aryOBS	e:fo:flow:71da073f34ae	flow:71da073f34ae → host:177.10.238.228 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-652478bc70a2d711:host:177.10.236.64	SESSION-652478bc70a2d711 → host:177.10.236.64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5f56081dde23b5ed:SESSION-5f56081dde23b5ed	SESSION-5f56081dde23b5ed → pe:tls:SESSION-5f56081dde23b5ed
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47ed57a240abf6fc:host:172.234.197.23:host:177.10.232.80	SESSION-47ed57a240abf6fc → host:172.234.197.23 → host:177.10.232.80
flow_observed4-aryOBS	e:fo:flow:42ae31a76c48	flow:42ae31a76c48 → host:172.234.197.23 → host:131.196.29.144 → port:tcp:19423
FLOW_FROM_HOSTOBS	e:from:SESSION-e17435638a41ed24:host:131.196.29.60	SESSION-e17435638a41ed24 → host:131.196.29.60
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.97:asn:271410	host:131.196.29.97 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-996c7a5f028b9d80:flow:1cb9e3855c9b	SESSION-996c7a5f028b9d80 → flow:1cb9e3855c9b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0f329fce2004d812:SESSION-0f329fce2004d812	SESSION-0f329fce2004d812 → pe:tls:SESSION-0f329fce2004d812
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-998c67ab79f4e23e:SESSION-998c67ab79f4e23e	SESSION-998c67ab79f4e23e → pe:syn:SESSION-998c67ab79f4e23e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eec2a7691ff15afc:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-eec2a7691ff15afc → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e89ccbf4d277fb8:SESSION-7e89ccbf4d277fb8	SESSION-7e89ccbf4d277fb8 → pe:syn:SESSION-7e89ccbf4d277fb8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7063a4bdff0e259c:SESSION-7063a4bdff0e259c	SESSION-7063a4bdff0e259c → pe:syn:SESSION-7063a4bdff0e259c
FLOW_DST_PORTOBS	e:fp:flow:1718a7391604:port:tcp:443	flow:1718a7391604 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-cb444db8c099bc0f:host:131.196.30.227	SESSION-cb444db8c099bc0f → host:131.196.30.227
FLOW_FROM_HOSTOBS	e:from:SESSION-621f2e97c51ae8e1:host:51.161.119.157	SESSION-621f2e97c51ae8e1 → host:51.161.119.157
FLOW_DST_PORTOBS	e:fp:flow:7d9d5519e958:port:tcp:443	flow:7d9d5519e958 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.188:geo_-23.62930_-46.63510	host:131.196.30.188 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c596c163b79d372:host:177.10.235.222	SESSION-9c596c163b79d372 → host:177.10.235.222
FLOW_FROM_HOSTOBS	e:from:SESSION-be868fb861e0a1c8:host:177.10.234.60	SESSION-be868fb861e0a1c8 → host:177.10.234.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f255eba3b0795a16:host:131.196.30.24	SESSION-f255eba3b0795a16 → host:131.196.30.24
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01e9e36dd29e3f1f:host:172.234.197.23	SESSION-01e9e36dd29e3f1f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e2811d191c294e0:flow:3ef5d98ffb33	SESSION-7e2811d191c294e0 → flow:3ef5d98ffb33
flow_observed5-aryOBS	e:fo:flow:75d2f1361fa5	flow:75d2f1361fa5 → host:131.196.29.224 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-698d45df22ea2a48:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-698d45df22ea2a48 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.123:geo_-23.62930_-46.63510	host:131.196.29.123 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ac3ac59e74f457a2:flow:158fee2de95a	SESSION-ac3ac59e74f457a2 → flow:158fee2de95a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b0233a0286136dd2:SESSION-b0233a0286136dd2	SESSION-b0233a0286136dd2 → pe:tls:SESSION-b0233a0286136dd2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4862cddc1ddaa50:host:131.196.28.208	SESSION-d4862cddc1ddaa50 → host:131.196.28.208
FLOW_TO_HOSTOBS	e:to:SESSION-97231868d06ff2ed:host:172.234.197.23	SESSION-97231868d06ff2ed → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e73771addca62c13:flow:3290b6ea40dc	SESSION-e73771addca62c13 → flow:3290b6ea40dc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0014b04a4a7ef99:SESSION-c0014b04a4a7ef99	SESSION-c0014b04a4a7ef99 → pe:tls:SESSION-c0014b04a4a7ef99
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-388e36b23caa508f:SESSION-388e36b23caa508f	SESSION-388e36b23caa508f → pe:syn:SESSION-388e36b23caa508f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24ac712a23adf430:host:172.234.197.23	SESSION-24ac712a23adf430 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-90426299281da133:host:172.234.197.23	SESSION-90426299281da133 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:276ba7d502b9	flow:276ba7d502b9 → host:103.155.16.117 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7402fc14b309:port:tcp:42521	flow:7402fc14b309 → port:tcp:42521
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7f9cc68ffb76114:flow:2e5c0c6a1142	SESSION-b7f9cc68ffb76114 → flow:2e5c0c6a1142
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27f108382ab89b5c:host:2.57.122.192	SESSION-27f108382ab89b5c → host:2.57.122.192
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-60aea8c76fce71c9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-60aea8c76fce71c9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-775ba1157917a355:SESSION-775ba1157917a355	SESSION-775ba1157917a355 → pe:syn:SESSION-775ba1157917a355
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fef93e1a24936adf:SESSION-fef93e1a24936adf	SESSION-fef93e1a24936adf → pe:tls:SESSION-fef93e1a24936adf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.78:geo_-23.62930_-46.63510	host:131.196.31.78 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f19cc3e0ef766dd7:PCAP:capture_20260430060001:919b39a74464	SESSION-f19cc3e0ef766dd7 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-08d3390238946fda:host:172.234.197.23	SESSION-08d3390238946fda → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d7c23b0aff57d2da:host:172.234.197.23	SESSION-d7c23b0aff57d2da → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:46d5bf8a685f:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:46d5bf8a685f → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ce76d6af7b7d93f:host:177.10.234.188:host:172.234.197.23	SESSION-1ce76d6af7b7d93f → host:177.10.234.188 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.110:asn:262880	host:177.10.236.110 → asn:262880
flow_observed4-aryOBS	e:fo:flow:c435d9660e7b	flow:c435d9660e7b → host:172.234.197.23 → host:131.196.31.74 → port:tcp:59087
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7c9cadb68fe1ad17:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7c9cadb68fe1ad17 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9d65a28f7cbebfeb:flow:1a6c098d328f	SESSION-9d65a28f7cbebfeb → flow:1a6c098d328f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d269b4a1c84321cd:flow:8ad9cc7c0c57	SESSION-d269b4a1c84321cd → flow:8ad9cc7c0c57
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85869808bb7240b3:PCAP:capture_20260428020001:ce87acd1c162	SESSION-85869808bb7240b3 → PCAP:capture_20260428020001:ce87acd1c162
FLOW_FROM_HOSTOBS	e:from:SESSION-196ad93208fa5be9:host:177.10.239.211	SESSION-196ad93208fa5be9 → host:177.10.239.211
FLOW_FROM_HOSTOBS	e:from:SESSION-403d8f142c86493c:host:177.10.236.24	SESSION-403d8f142c86493c → host:177.10.236.24
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02270ea748fd3855:host:172.234.197.23	SESSION-02270ea748fd3855 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-e1e1ef170279bd06:BSG-BEACON-e07f4250263f	SESSION-e1e1ef170279bd06 → BSG-BEACON-e07f4250263f
FLOW_TO_HOSTOBS	e:to:SESSION-c93e3b6f6b78357b:host:172.234.197.23	SESSION-c93e3b6f6b78357b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-164d60043533ec4c:SESSION-164d60043533ec4c	SESSION-164d60043533ec4c → pe:syn:SESSION-164d60043533ec4c
FLOW_FROM_HOSTOBS	e:from:SESSION-20aee5a5b6e9be41:host:45.173.156.219	SESSION-20aee5a5b6e9be41 → host:45.173.156.219
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.106:asn:262880	host:177.10.239.106 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:f38ec586facc:port:tcp:443	flow:f38ec586facc → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-8a3c1d53f1688156:host:131.196.28.44	SESSION-8a3c1d53f1688156 → host:131.196.28.44
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.234:asn:262880	host:177.10.235.234 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f0e5de26982cc62:host:131.196.28.207	SESSION-8f0e5de26982cc62 → host:131.196.28.207
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96eb62897cd314d5:host:172.234.197.23	SESSION-96eb62897cd314d5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-993efaa98cc6a9ac:flow:1942beb7de59	SESSION-993efaa98cc6a9ac → flow:1942beb7de59
FLOW_TO_HOSTOBS	e:to:SESSION-7b4f4901fb8368e3:host:172.234.197.23	SESSION-7b4f4901fb8368e3 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-46da9b8beaa478c9:host:177.10.239.204	SESSION-46da9b8beaa478c9 → host:177.10.239.204
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e99befaea58c8acf:host:131.196.31.244:host:172.234.197.23	SESSION-e99befaea58c8acf → host:131.196.31.244 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37dea09d598a2ad1:flow:914f8417aa2d	SESSION-37dea09d598a2ad1 → flow:914f8417aa2d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0d74f533686cf043:SESSION-0d74f533686cf043	SESSION-0d74f533686cf043 → pe:tls:SESSION-0d74f533686cf043
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-98b441f54568b58c:flow:a9fcf5a4600f	SESSION-98b441f54568b58c → flow:a9fcf5a4600f
FLOW_TO_HOSTOBS	e:to:SESSION-a9d7ef6e96dbb9c5:host:172.234.197.23	SESSION-a9d7ef6e96dbb9c5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c88d7695016e6fbb:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c88d7695016e6fbb → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-73436bd95d7b2637:host:172.234.197.23	SESSION-73436bd95d7b2637 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4be71a9ef959f500:PCAP:capture_20260430150001:ded20914761d	SESSION-4be71a9ef959f500 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-08d3390238946fda:SESSION-08d3390238946fda	SESSION-08d3390238946fda → pe:tls:SESSION-08d3390238946fda
FLOW_FROM_HOSTOBS	e:from:SESSION-045a77174f347205:host:45.173.156.154	SESSION-045a77174f347205 → host:45.173.156.154
flow_observed4-aryOBS	e:fo:flow:cb549d83e833	flow:cb549d83e833 → host:172.234.197.23 → host:177.10.237.82 → port:tcp:2183
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-110ce59a2a29ac0c:host:34.231.77.232	SESSION-110ce59a2a29ac0c → host:34.231.77.232
FLOW_DST_PORTOBS	e:fp:flow:cd42884691eb:port:tcp:48067	flow:cd42884691eb → port:tcp:48067
flow_observed5-aryOBS	e:fo:flow:5773e64f6579	flow:5773e64f6579 → host:131.196.28.134 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TLS_SNIOBS	e:fs:flow:235168171731:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:235168171731 → tls_sni:172-234-197-23.ip.linodeusercontent.com
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.166:asn:271410	host:131.196.31.166 → asn:271410
flow_observed4-aryOBS	e:fo:flow:09d75a5531b0	flow:09d75a5531b0 → host:172.234.197.23 → host:177.10.238.181 → port:tcp:55118
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1191ea69c7b9e8e5:flow:93dc34757c1c	SESSION-1191ea69c7b9e8e5 → flow:93dc34757c1c
FLOW_TO_HOSTOBS	e:to:SESSION-5bfd6f31a89c294d:host:172.234.197.23	SESSION-5bfd6f31a89c294d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-29ee7b0c08ea02ad:PCAP:capture_20260430110001:43611bdf6759	SESSION-29ee7b0c08ea02ad → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:c4ad118541b1	flow:c4ad118541b1 → host:177.10.236.137 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-f04e938497dcf32a:host:177.10.232.206	SESSION-f04e938497dcf32a → host:177.10.232.206
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bde2562b2e16b844:flow:cb3e15688521	SESSION-bde2562b2e16b844 → flow:cb3e15688521
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.217:asn:271410	host:131.196.31.217 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.2:geo_-16.28860_-49.01640	host:177.10.234.2 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8b858978950d9ddc:SESSION-8b858978950d9ddc	SESSION-8b858978950d9ddc → pe:syn:SESSION-8b858978950d9ddc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6b4f32c5c51558e8:SESSION-6b4f32c5c51558e8	SESSION-6b4f32c5c51558e8 → pe:syn:SESSION-6b4f32c5c51558e8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2e4fb28ad63a51c:host:177.10.236.10	SESSION-a2e4fb28ad63a51c → host:177.10.236.10
FLOW_TO_HOSTOBS	e:to:SESSION-e57fbe39684f8bc8:host:172.234.197.23	SESSION-e57fbe39684f8bc8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-10f6f623bcce091e:PCAP:capture_20260430050001:8868731bf8a4	SESSION-10f6f623bcce091e → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89fe4f171fdbfa97:host:172.234.197.23	SESSION-89fe4f171fdbfa97 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8d1f402a4c48:port:tcp:443	flow:8d1f402a4c48 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:472c7e82ce31:port:tcp:443	flow:472c7e82ce31 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-010644d8880e6139:host:172.234.197.23:host:177.10.234.85	SESSION-010644d8880e6139 → host:172.234.197.23 → host:177.10.234.85
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-858a06c2b9abdebe:host:172.234.197.23	SESSION-858a06c2b9abdebe → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f59e3038c71b15e1:host:177.10.234.0	SESSION-f59e3038c71b15e1 → host:177.10.234.0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-658ca3f75d8ef503:SESSION-658ca3f75d8ef503	SESSION-658ca3f75d8ef503 → pe:syn:SESSION-658ca3f75d8ef503
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7f56efcee303c963:SESSION-7f56efcee303c963	SESSION-7f56efcee303c963 → pe:tls:SESSION-7f56efcee303c963
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.32:geo_-16.28860_-49.01640	host:177.10.236.32 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-69461a2f3e15a448:SESSION-69461a2f3e15a448	SESSION-69461a2f3e15a448 → pe:tls:SESSION-69461a2f3e15a448
FLOW_DST_PORTOBS	e:fp:flow:0320ce5d32ae:port:tcp:6820	flow:0320ce5d32ae → port:tcp:6820
FLOW_FROM_HOSTOBS	e:from:SESSION-5fcbc735dfd8018d:host:177.10.239.69	SESSION-5fcbc735dfd8018d → host:177.10.239.69
FLOW_DST_PORTOBS	e:fp:flow:6ee3ad6330b5:port:tcp:443	flow:6ee3ad6330b5 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.167:asn:262880	host:177.10.239.167 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-ef2cf125c8c7b83a:host:131.196.28.193	SESSION-ef2cf125c8c7b83a → host:131.196.28.193
flow_observed5-aryOBS	e:fo:flow:3bbdd44e899d	flow:3bbdd44e899d → host:131.196.31.8 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-34b8eff946ae371a:SESSION-34b8eff946ae371a	SESSION-34b8eff946ae371a → pe:tls:SESSION-34b8eff946ae371a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9e87c1bf59f6ff4a:SESSION-9e87c1bf59f6ff4a	SESSION-9e87c1bf59f6ff4a → pe:tls:SESSION-9e87c1bf59f6ff4a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.34:geo_-16.28860_-49.01640	host:177.10.235.34 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-43a6565d7143b8ab:PCAP:capture_20260430150001:ded20914761d	SESSION-43a6565d7143b8ab → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3bb818ce2b02135d:SESSION-3bb818ce2b02135d	SESSION-3bb818ce2b02135d → pe:tls:SESSION-3bb818ce2b02135d
FLOW_TO_HOSTOBS	e:to:SESSION-dd05928698dec5c4:host:172.234.197.23	SESSION-dd05928698dec5c4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:363bdedaf2aa:port:tcp:443	flow:363bdedaf2aa → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-46f70ffa54883bab:SESSION-46f70ffa54883bab	SESSION-46f70ffa54883bab → pe:syn:SESSION-46f70ffa54883bab
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d52893e766cf8155:host:177.10.235.245	SESSION-d52893e766cf8155 → host:177.10.235.245
FLOW_DST_PORTOBS	e:fp:flow:8e7f3f4c4f31:port:tcp:16800	flow:8e7f3f4c4f31 → port:tcp:16800
FLOW_TO_HOSTOBS	e:to:SESSION-5a78d91cebd5172f:host:131.196.30.95	SESSION-5a78d91cebd5172f → host:131.196.30.95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b332774cd544824a:SESSION-b332774cd544824a	SESSION-b332774cd544824a → pe:syn:SESSION-b332774cd544824a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2096050a1fa0221d:host:131.196.28.25:host:172.234.197.23	SESSION-2096050a1fa0221d → host:131.196.28.25 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f55570dc615df23a:host:177.10.235.190	SESSION-f55570dc615df23a → host:177.10.235.190
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e6f3d2670453324e:host:177.10.237.24:host:172.234.197.23	SESSION-e6f3d2670453324e → host:177.10.237.24 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2d3ff3dcf229051b:host:172.234.197.23	SESSION-2d3ff3dcf229051b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-05b6ffb2a7e9e145:flow:d40530d159a1	SESSION-05b6ffb2a7e9e145 → flow:d40530d159a1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-217f16055e8d00da:host:45.173.156.213:host:172.234.197.23	SESSION-217f16055e8d00da → host:45.173.156.213 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ac87af78ff19f5c9:SESSION-ac87af78ff19f5c9	SESSION-ac87af78ff19f5c9 → pe:tls:SESSION-ac87af78ff19f5c9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-276107f90ab0c118:host:172.234.197.23	SESSION-276107f90ab0c118 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6bd47d8fd21ead6d:SESSION-6bd47d8fd21ead6d	SESSION-6bd47d8fd21ead6d → pe:tls:SESSION-6bd47d8fd21ead6d
flow_observed5-aryOBS	e:fo:flow:47ab6659b5a4	flow:47ab6659b5a4 → host:177.10.234.121 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-13bd66b79cddeec8:host:177.10.232.80:host:172.234.197.23	SESSION-13bd66b79cddeec8 → host:177.10.232.80 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4636706714da3434:host:45.173.156.236	SESSION-4636706714da3434 → host:45.173.156.236
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b97d7b281ae973a8:host:177.10.237.196:host:172.234.197.23	SESSION-b97d7b281ae973a8 → host:177.10.237.196 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d3f8bf2b05f7ab82:host:131.196.28.42	SESSION-d3f8bf2b05f7ab82 → host:131.196.28.42
FLOW_DST_PORTOBS	e:fp:flow:eb6036ee9b02:port:tcp:443	flow:eb6036ee9b02 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:f55dc2533c7d	flow:f55dc2533c7d → host:185.231.226.245 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_FROM_HOSTOBS	e:from:SESSION-4cd4ae8706680eb9:host:172.234.197.23	SESSION-4cd4ae8706680eb9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ee7b628709e11cd4:flow:114e2cfb6ecb	SESSION-ee7b628709e11cd4 → flow:114e2cfb6ecb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd9436da4a7a552d:host:172.234.197.23	SESSION-bd9436da4a7a552d → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-3ea33f21558d3ba7:BSG-BEACON-6f180ea665b7	SESSION-3ea33f21558d3ba7 → BSG-BEACON-6f180ea665b7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b60cd26b4cd717ea:SESSION-b60cd26b4cd717ea	SESSION-b60cd26b4cd717ea → pe:tls:SESSION-b60cd26b4cd717ea
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-919ba311fe0cedbc:PCAP:capture_20260430150001:ded20914761d	SESSION-919ba311fe0cedbc → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d24a424002821105:SESSION-d24a424002821105	SESSION-d24a424002821105 → pe:syn:SESSION-d24a424002821105
flow_observed5-aryOBS	e:fo:flow:786b3943f4dd	flow:786b3943f4dd → host:177.10.234.251 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-975059a05a34b0ad:host:172.234.197.23:host:177.10.235.64	SESSION-975059a05a34b0ad → host:172.234.197.23 → host:177.10.235.64
flow_observed5-aryOBS	e:fo:flow:ea7d04d29ddc	flow:ea7d04d29ddc → host:177.10.239.9 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:04f29e1a223e	flow:04f29e1a223e → host:172.234.197.23 → host:131.196.28.28 → port:tcp:17045
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-47f0fc6e11d78716:SESSION-47f0fc6e11d78716	SESSION-47f0fc6e11d78716 → pe:rst:SESSION-47f0fc6e11d78716
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b6d920a3cc562b13:flow:7990febe4bcc	SESSION-b6d920a3cc562b13 → flow:7990febe4bcc
FLOW_DST_PORTOBS	e:fp:flow:d016fb87078e:port:tcp:443	flow:d016fb87078e → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:ddea4b7bd3e9:port:tcp:443	flow:ddea4b7bd3e9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2875d034c942a134:host:131.196.30.183	SESSION-2875d034c942a134 → host:131.196.30.183
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.95:asn:262880	host:177.10.236.95 → asn:262880
flow_observed4-aryOBS	e:fo:flow:95aa7a0af14a	flow:95aa7a0af14a → host:172.234.197.23 → host:177.10.237.145 → port:tcp:59995
FLOW_DST_PORTOBS	e:fp:flow:9690312925a2:port:tcp:443	flow:9690312925a2 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-139cf5bd66e27bf0:host:172.234.197.23:host:177.10.236.27	SESSION-139cf5bd66e27bf0 → host:172.234.197.23 → host:177.10.236.27
FLOW_DST_PORTOBS	e:fp:flow:3115340ffdee:port:tcp:43620	flow:3115340ffdee → port:tcp:43620
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5347add21fd9245:host:172.234.197.23	SESSION-f5347add21fd9245 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4edef4e070ab:port:tcp:443	flow:4edef4e070ab → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d45ffa0c695899f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1d45ffa0c695899f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:a0071da0b04c	flow:a0071da0b04c → host:172.234.197.23 → host:177.10.236.22 → port:tcp:47847
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a17e20e34301cc9:SESSION-4a17e20e34301cc9	SESSION-4a17e20e34301cc9 → pe:syn:SESSION-4a17e20e34301cc9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe1d6d23886f083a:host:172.234.197.23	SESSION-fe1d6d23886f083a → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:0b6a2a1033b9	flow:0b6a2a1033b9 → host:172.234.197.23 → host:131.196.31.246 → port:tcp:10009
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1ec6b7d17caa72c:flow:8d1f402a4c48	SESSION-d1ec6b7d17caa72c → flow:8d1f402a4c48
FLOW_FROM_HOSTOBS	e:from:SESSION-e39b76c4ba6c4cf6:host:177.10.232.69	SESSION-e39b76c4ba6c4cf6 → host:177.10.232.69
FLOW_DST_PORTOBS	e:fp:flow:bb7f3a42b12b:port:tcp:58349	flow:bb7f3a42b12b → port:tcp:58349
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.212:geo_-16.28860_-49.01640	host:177.10.232.212 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2a0bf61df119bc4:host:172.234.197.23	SESSION-f2a0bf61df119bc4 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.248:geo_-23.62930_-46.63510	host:131.196.29.248 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-79b570e2589cf059:SESSION-79b570e2589cf059	SESSION-79b570e2589cf059 → pe:tls:SESSION-79b570e2589cf059
FLOW_DST_PORTOBS	e:fp:flow:cb268bb25b30:port:tcp:53930	flow:cb268bb25b30 → port:tcp:53930
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fb520d5460f73062:host:177.10.234.178:host:172.234.197.23	SESSION-fb520d5460f73062 → host:177.10.234.178 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dae67c02b176a3ce:SESSION-dae67c02b176a3ce	SESSION-dae67c02b176a3ce → pe:tls:SESSION-dae67c02b176a3ce
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.39:asn:262880	host:177.10.235.39 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-de35503b4a9f2ce3:SESSION-de35503b4a9f2ce3	SESSION-de35503b4a9f2ce3 → pe:syn:SESSION-de35503b4a9f2ce3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9f10bcf378efcbb9:host:177.10.239.199:host:172.234.197.23	SESSION-9f10bcf378efcbb9 → host:177.10.239.199 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f53fdd8a51294c3d:flow:90b77d1a7adb	SESSION-f53fdd8a51294c3d → flow:90b77d1a7adb
FLOW_FROM_HOSTOBS	e:from:SESSION-d31138dfabe85cd6:host:172.234.197.23	SESSION-d31138dfabe85cd6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a437e2422713bf06:SESSION-a437e2422713bf06	SESSION-a437e2422713bf06 → pe:syn:SESSION-a437e2422713bf06
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-066d98dee3275acb:host:31.40.196.26:host:172.234.197.23	SESSION-066d98dee3275acb → host:31.40.196.26 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4f97616f4c907a8c:SESSION-4f97616f4c907a8c	SESSION-4f97616f4c907a8c → pe:tls:SESSION-4f97616f4c907a8c
FLOW_TO_HOSTOBS	e:to:SESSION-38c7d1687d10af97:host:177.10.238.125	SESSION-38c7d1687d10af97 → host:177.10.238.125
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ac8ab77b48a8c37:flow:98a069ef4edd	SESSION-6ac8ab77b48a8c37 → flow:98a069ef4edd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3fe48e08f3f123e2:SESSION-3fe48e08f3f123e2	SESSION-3fe48e08f3f123e2 → pe:tls:SESSION-3fe48e08f3f123e2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-122af33beaf7e9c5:host:131.196.29.114:host:172.234.197.23	SESSION-122af33beaf7e9c5 → host:131.196.29.114 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0e4af0a65cfa:port:tcp:80	flow:0e4af0a65cfa → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9494583da7ce1d88:host:131.196.29.105	SESSION-9494583da7ce1d88 → host:131.196.29.105
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aae7a2cdf7b4e8cc:host:177.10.233.249	SESSION-aae7a2cdf7b4e8cc → host:177.10.233.249
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-03cfd9b1d0f62704:SESSION-03cfd9b1d0f62704	SESSION-03cfd9b1d0f62704 → pe:syn:SESSION-03cfd9b1d0f62704
FLOW_TO_HOSTOBS	e:to:SESSION-28a7ecee4eeacba6:host:172.234.197.23	SESSION-28a7ecee4eeacba6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0b228975a6eff356:SESSION-0b228975a6eff356	SESSION-0b228975a6eff356 → pe:tls:SESSION-0b228975a6eff356
flow_observed5-aryOBS	e:fo:flow:f14115578559	flow:f14115578559 → host:95.170.25.97 → host:172.234.197.23 → port:tcp:80 → svc:http
flow_observed4-aryOBS	e:fo:flow:5d6ab0a6bb44	flow:5d6ab0a6bb44 → host:172.234.197.23 → host:177.10.237.1 → port:tcp:48426
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-087551762f1417e7:host:177.10.238.6	SESSION-087551762f1417e7 → host:177.10.238.6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8cc58a61b872e266:PCAP:capture_20260430070001:903a0e7a436b	SESSION-8cc58a61b872e266 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.63:geo_41.02140_28.99480	host:37.221.79.63 → geo_41.02140_28.99480
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-93cfcdba6a26f550:PCAP:capture_20260430070001:903a0e7a436b	SESSION-93cfcdba6a26f550 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e991004bd02372d1:host:131.196.29.130:host:172.234.197.23	SESSION-e991004bd02372d1 → host:131.196.29.130 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:076a56dda6e5:port:tcp:443	flow:076a56dda6e5 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-cd1b98a612532c8e:host:31.40.196.2	SESSION-cd1b98a612532c8e → host:31.40.196.2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b4130b0efbd1505:host:177.10.232.186	SESSION-0b4130b0efbd1505 → host:177.10.232.186
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.32:asn:262880	host:177.10.234.32 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf997a1aac5d0ef1:SESSION-bf997a1aac5d0ef1	SESSION-bf997a1aac5d0ef1 → pe:syn:SESSION-bf997a1aac5d0ef1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e4b14eb8b6ee95ef:host:177.10.235.255	SESSION-e4b14eb8b6ee95ef → host:177.10.235.255
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.146:asn:271410	host:131.196.29.146 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-6dadefe349dd79f6:host:131.196.31.111	SESSION-6dadefe349dd79f6 → host:131.196.31.111
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f21759fa00584782:SESSION-f21759fa00584782	SESSION-f21759fa00584782 → pe:tls:SESSION-f21759fa00584782
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30b7709547a366f1:host:177.10.238.110	SESSION-30b7709547a366f1 → host:177.10.238.110
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-280b0d78f93705fd:flow:983413e2d3e3	SESSION-280b0d78f93705fd → flow:983413e2d3e3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-010644d8880e6139:flow:9a6f5987d666	SESSION-010644d8880e6139 → flow:9a6f5987d666
FLOW_TO_HOSTOBS	e:to:SESSION-3a99ef89e8b00159:host:45.173.156.142	SESSION-3a99ef89e8b00159 → host:45.173.156.142
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0e42d909a57b4903:SESSION-0e42d909a57b4903	SESSION-0e42d909a57b4903 → pe:syn:SESSION-0e42d909a57b4903
FLOW_FROM_HOSTOBS	e:from:SESSION-848453a25431759d:host:172.234.197.23	SESSION-848453a25431759d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3c6f10f20f24d7ff:host:172.234.197.23	SESSION-3c6f10f20f24d7ff → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-306afa7fa31a1f87:host:131.196.28.176	SESSION-306afa7fa31a1f87 → host:131.196.28.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e791e8d702f57f3e:host:177.10.237.18	SESSION-e791e8d702f57f3e → host:177.10.237.18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0d1e9854752b2176:SESSION-0d1e9854752b2176	SESSION-0d1e9854752b2176 → pe:syn:SESSION-0d1e9854752b2176
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-44555c754c6c7558:SESSION-44555c754c6c7558	SESSION-44555c754c6c7558 → pe:tls:SESSION-44555c754c6c7558
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f9a24e91c66cf817:SESSION-f9a24e91c66cf817	SESSION-f9a24e91c66cf817 → pe:tls:SESSION-f9a24e91c66cf817
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.189:geo_-23.62930_-46.63510	host:131.196.30.189 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49b6ef2582cca14b:host:172.234.197.23	SESSION-49b6ef2582cca14b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c6d8c2f7fc43f382:SESSION-c6d8c2f7fc43f382	SESSION-c6d8c2f7fc43f382 → pe:tls:SESSION-c6d8c2f7fc43f382
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-28106317c083449d:SESSION-28106317c083449d	SESSION-28106317c083449d → pe:tls:SESSION-28106317c083449d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35fcdb0ef59afc26:host:177.10.234.143	SESSION-35fcdb0ef59afc26 → host:177.10.234.143
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:60.214.180.150:geo_34.77320_113.72200	host:60.214.180.150 → geo_34.77320_113.72200
FLOW_DST_PORTOBS	e:fp:flow:be316d307c17:port:tcp:443	flow:be316d307c17 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-21cca31493e9287d:host:177.10.238.157	SESSION-21cca31493e9287d → host:177.10.238.157
FLOW_DST_PORTOBS	e:fp:flow:28d1c642fadb:port:tcp:443	flow:28d1c642fadb → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:67.219.103.9:asn:20473	host:67.219.103.9 → asn:20473
FLOW_FROM_HOSTOBS	e:from:SESSION-122c3f68e4c2a7ca:host:177.10.233.95	SESSION-122c3f68e4c2a7ca → host:177.10.233.95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ca0d45baeb856677:SESSION-ca0d45baeb856677	SESSION-ca0d45baeb856677 → pe:syn:SESSION-ca0d45baeb856677
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-64807579ab6c52ee:PCAP:capture_20260430150001:ded20914761d	SESSION-64807579ab6c52ee → PCAP:capture_20260430150001:ded20914761d
flow_observed4-aryOBS	e:fo:flow:9e15ab26c418	flow:9e15ab26c418 → host:172.234.197.23 → host:177.10.237.164 → port:tcp:26480
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ae94ea8b15b44736:SESSION-ae94ea8b15b44736	SESSION-ae94ea8b15b44736 → pe:syn:SESSION-ae94ea8b15b44736
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f496191c2c04cb7e:flow:a0b3ac6a412f	SESSION-f496191c2c04cb7e → flow:a0b3ac6a412f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09c382be05e629ee:host:131.196.30.114	SESSION-09c382be05e629ee → host:131.196.30.114
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-de35503b4a9f2ce3:flow:b5363f57bd19	SESSION-de35503b4a9f2ce3 → flow:b5363f57bd19
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be1454a9d7b7f3ce:flow:075d88a58c71	SESSION-be1454a9d7b7f3ce → flow:075d88a58c71
FLOW_DST_PORTOBS	e:fp:flow:71bd70153854:port:tcp:443	flow:71bd70153854 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-4f1b980e392c4795:host:45.173.156.67	SESSION-4f1b980e392c4795 → host:45.173.156.67
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ac1869edc353761e:flow:db9420429575	SESSION-ac1869edc353761e → flow:db9420429575
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8bd396f5705de0fe:host:172.234.197.23	SESSION-8bd396f5705de0fe → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-915c694a7f41c8e3:host:45.173.156.200	SESSION-915c694a7f41c8e3 → host:45.173.156.200
FLOW_TO_HOSTOBS	e:to:SESSION-3e3d1aa706f2604d:host:172.234.197.23	SESSION-3e3d1aa706f2604d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:51e729dbd815:port:tcp:30431	flow:51e729dbd815 → port:tcp:30431
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85f6b1896204af93:host:172.234.197.23:host:177.10.238.122	SESSION-85f6b1896204af93 → host:172.234.197.23 → host:177.10.238.122
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6054bbc1a24cbf34:flow:8660b7a7acd6	SESSION-6054bbc1a24cbf34 → flow:8660b7a7acd6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cfde024084873f29:SESSION-cfde024084873f29	SESSION-cfde024084873f29 → pe:syn:SESSION-cfde024084873f29
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-df808ed8a09d8e60:host:172.234.197.23:host:131.196.31.165	SESSION-df808ed8a09d8e60 → host:172.234.197.23 → host:131.196.31.165
flow_observed5-aryOBS	e:fo:flow:47b796c27a86	flow:47b796c27a86 → host:177.10.232.172 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:d6d44c6f5200:port:tcp:443	flow:d6d44c6f5200 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2eb904b60673a30b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2eb904b60673a30b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:8e35c9743ca0:port:tcp:443	flow:8e35c9743ca0 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9429230c27071ffa:host:177.10.234.132:host:172.234.197.23	SESSION-9429230c27071ffa → host:177.10.234.132 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.241:geo_-23.62930_-46.63510	host:131.196.29.241 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-d585afab4eb6ac7e:host:177.10.235.187	SESSION-d585afab4eb6ac7e → host:177.10.235.187
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-330bec399d401574:SESSION-330bec399d401574	SESSION-330bec399d401574 → pe:tls:SESSION-330bec399d401574
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.239:geo_-16.28860_-49.01640	host:177.10.238.239 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:7286bcf23af8	flow:7286bcf23af8 → host:177.10.237.255 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da15c25f39b20c68:host:177.10.234.137	SESSION-da15c25f39b20c68 → host:177.10.234.137
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-98d24f4ecefc5585:host:64.237.250.51:host:172.234.197.23	SESSION-98d24f4ecefc5585 → host:64.237.250.51 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54f6eb1f506e4a3a:host:172.234.197.23	SESSION-54f6eb1f506e4a3a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1462f3fe112e9d96:SESSION-1462f3fe112e9d96	SESSION-1462f3fe112e9d96 → pe:tls:SESSION-1462f3fe112e9d96
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:35.94.26.156:geo_45.84010_-119.70500	host:35.94.26.156 → geo_45.84010_-119.70500
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-650f1a0c083a2aeb:host:172.232.0.16	SESSION-650f1a0c083a2aeb → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-25d670562ff80de0:host:172.234.197.23	SESSION-25d670562ff80de0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6334bd55125a	flow:6334bd55125a → host:177.10.236.82 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-777f9d135946568c:host:172.234.197.23	SESSION-777f9d135946568c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-60a71bd7fc87f54e:host:89.58.44.225	SESSION-60a71bd7fc87f54e → host:89.58.44.225
flow_observed4-aryOBS	e:fo:flow:445edf94c548	flow:445edf94c548 → host:172.234.197.23 → host:177.10.237.17 → port:tcp:36821
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0ba40ec67b0f6097:SESSION-0ba40ec67b0f6097	SESSION-0ba40ec67b0f6097 → pe:tls:SESSION-0ba40ec67b0f6097
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.95:geo_-16.28860_-49.01640	host:177.10.235.95 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:b311735bdc68	flow:b311735bdc68 → host:131.196.31.13 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce17c1c4b6f006e0:host:177.10.234.249	SESSION-ce17c1c4b6f006e0 → host:177.10.234.249
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-328e38096bb05d60:SESSION-328e38096bb05d60	SESSION-328e38096bb05d60 → pe:syn:SESSION-328e38096bb05d60
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.2:asn:262880	host:177.10.237.2 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b6ebe77d02701b58:host:92.112.71.14:host:172.234.197.23	SESSION-b6ebe77d02701b58 → host:92.112.71.14 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b858978950d9ddc:host:172.234.197.23	SESSION-8b858978950d9ddc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0461902d351b0498:host:131.196.30.189	SESSION-0461902d351b0498 → host:131.196.30.189
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cefaeddbbade6b50:SESSION-cefaeddbbade6b50	SESSION-cefaeddbbade6b50 → pe:syn:SESSION-cefaeddbbade6b50
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c60d99c484411b4:host:177.10.236.92	SESSION-5c60d99c484411b4 → host:177.10.236.92
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c98a634aa4cfbed2:flow:cb9a4a784bb4	SESSION-c98a634aa4cfbed2 → flow:cb9a4a784bb4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4c1ac661b3c1fca0:SESSION-4c1ac661b3c1fca0	SESSION-4c1ac661b3c1fca0 → pe:syn:SESSION-4c1ac661b3c1fca0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2daf8cded5fb19ed:SESSION-2daf8cded5fb19ed	SESSION-2daf8cded5fb19ed → pe:syn:SESSION-2daf8cded5fb19ed
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a1241ed8a2f02aa7:PCAP:capture_20260430060001:919b39a74464	SESSION-a1241ed8a2f02aa7 → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.59:asn:262880	host:177.10.232.59 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a70682fed3cc6c8:host:172.234.197.23	SESSION-8a70682fed3cc6c8 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.201:geo_-16.28860_-49.01640	host:177.10.233.201 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:afd09763fa29	flow:afd09763fa29 → host:149.210.194.32 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-829966970db58135:host:172.234.197.23	SESSION-829966970db58135 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32091c263c5425e7:host:172.234.197.23	SESSION-32091c263c5425e7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-54d5efa8aa8025c4:host:172.234.197.23	SESSION-54d5efa8aa8025c4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-68f16c2935c85e73:host:131.196.30.220	SESSION-68f16c2935c85e73 → host:131.196.30.220
FLOW_FROM_HOSTOBS	e:from:SESSION-096419478460628e:host:172.234.197.23	SESSION-096419478460628e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fc01b506a83e5847:SESSION-fc01b506a83e5847	SESSION-fc01b506a83e5847 → pe:syn:SESSION-fc01b506a83e5847
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.229:geo_-16.28860_-49.01640	host:177.10.239.229 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-10f6f623bcce091e:SESSION-10f6f623bcce091e	SESSION-10f6f623bcce091e → pe:tls:SESSION-10f6f623bcce091e
FLOW_FROM_HOSTOBS	e:from:SESSION-9a6aeb664ff97dbd:host:177.10.237.203	SESSION-9a6aeb664ff97dbd → host:177.10.237.203
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-46da9b8beaa478c9:PCAP:capture_20260430090001:065659c7d314	SESSION-46da9b8beaa478c9 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21a6fb1ae6879e55:host:177.10.236.239	SESSION-21a6fb1ae6879e55 → host:177.10.236.239
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e49b447cbf9c1ef7:host:177.10.235.205:host:172.234.197.23	SESSION-e49b447cbf9c1ef7 → host:177.10.235.205 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-919ba311fe0cedbc:SESSION-919ba311fe0cedbc	SESSION-919ba311fe0cedbc → pe:syn:SESSION-919ba311fe0cedbc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7fd72175928a8e59:host:177.10.237.163:host:172.234.197.23	SESSION-7fd72175928a8e59 → host:177.10.237.163 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e26c73b3a0fde5e3:SESSION-e26c73b3a0fde5e3	SESSION-e26c73b3a0fde5e3 → pe:syn:SESSION-e26c73b3a0fde5e3
FLOW_DST_PORTOBS	e:fp:flow:b73ff5f41de9:port:tcp:42791	flow:b73ff5f41de9 → port:tcp:42791
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.69:asn:271410	host:131.196.29.69 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f482eb7fd49a3f1b:host:177.10.239.210:host:172.234.197.23	SESSION-f482eb7fd49a3f1b → host:177.10.239.210 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.119:asn:271410	host:131.196.30.119 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-33916bd4dadd0440:host:177.10.239.203	SESSION-33916bd4dadd0440 → host:177.10.239.203
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.247:geo_-21.10010_-41.69200	host:45.173.156.247 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-efd1ddb1a087b877:SESSION-efd1ddb1a087b877	SESSION-efd1ddb1a087b877 → pe:tls:SESSION-efd1ddb1a087b877
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d30bf1800064cde2:PCAP:capture_20260430110001:43611bdf6759	SESSION-d30bf1800064cde2 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a865531d109b7c1:SESSION-4a865531d109b7c1	SESSION-4a865531d109b7c1 → pe:syn:SESSION-4a865531d109b7c1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-678637d3dc5962bf:flow:07c70264eacd	SESSION-678637d3dc5962bf → flow:07c70264eacd
flow_observed5-aryOBS	e:fo:flow:d3918dc4734c	flow:d3918dc4734c → host:177.10.239.194 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:915f8dd8e505:port:tcp:443	flow:915f8dd8e505 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58f4b45cf908ad77:host:172.234.197.23	SESSION-58f4b45cf908ad77 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa0d5d025ae2ba4d:flow:4f8173edf80e	SESSION-aa0d5d025ae2ba4d → flow:4f8173edf80e
FLOW_TO_HOSTOBS	e:to:SESSION-e8104be0e9171978:host:172.232.0.17	SESSION-e8104be0e9171978 → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-2af2d979895f4943:host:177.10.236.101	SESSION-2af2d979895f4943 → host:177.10.236.101
FLOW_DST_PORTOBS	e:fp:flow:91ba6653c68a:port:tcp:443	flow:91ba6653c68a → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:e464be43f527	flow:e464be43f527 → host:177.10.239.149 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-845fd343ebc60049:SESSION-845fd343ebc60049	SESSION-845fd343ebc60049 → pe:syn:SESSION-845fd343ebc60049
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b84ff3ecb7ac9c51:host:131.196.30.203:host:172.234.197.23	SESSION-b84ff3ecb7ac9c51 → host:131.196.30.203 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35fcdb0ef59afc26:host:172.234.197.23	SESSION-35fcdb0ef59afc26 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0119815c01d3319:host:131.196.31.183	SESSION-c0119815c01d3319 → host:131.196.31.183
FLOW_TO_HOSTOBS	e:to:SESSION-ad7e9be9d0a80554:host:177.10.236.125	SESSION-ad7e9be9d0a80554 → host:177.10.236.125
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.86:asn:203771	host:37.221.79.86 → asn:203771
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f08e9fcec07329fb:flow:1e3df4bbc206	SESSION-f08e9fcec07329fb → flow:1e3df4bbc206
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f9bc9a3180c6fb10:host:131.196.30.54:host:172.234.197.23	SESSION-f9bc9a3180c6fb10 → host:131.196.30.54 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e523425c561e01e:host:131.196.28.247	SESSION-8e523425c561e01e → host:131.196.28.247
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ba12ba5c182aa430:host:172.234.197.23:host:177.10.238.209	SESSION-ba12ba5c182aa430 → host:172.234.197.23 → host:177.10.238.209
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5c24af053222fbf1:host:172.234.197.23:host:131.196.29.69	SESSION-5c24af053222fbf1 → host:172.234.197.23 → host:131.196.29.69
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b0e4303498e9ae3e:SESSION-b0e4303498e9ae3e	SESSION-b0e4303498e9ae3e → pe:tls:SESSION-b0e4303498e9ae3e
FLOW_TO_HOSTOBS	e:to:SESSION-cc57a46aa64b7388:host:172.234.197.23	SESSION-cc57a46aa64b7388 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-191997595ec6754e:host:172.234.197.23:host:177.10.234.166	SESSION-191997595ec6754e → host:172.234.197.23 → host:177.10.234.166
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-73bdc276c5a845ed:SESSION-73bdc276c5a845ed	SESSION-73bdc276c5a845ed → pe:syn:SESSION-73bdc276c5a845ed
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-801ebd343e287ece:host:177.10.237.6:host:172.234.197.23	SESSION-801ebd343e287ece → host:177.10.237.6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-abf4853d72eba17e:host:172.234.197.23	SESSION-abf4853d72eba17e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a3643dbad405bac1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a3643dbad405bac1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:b01957630e90:port:tcp:15868	flow:b01957630e90 → port:tcp:15868
FLOW_DST_PORTOBS	e:fp:flow:9a334e6dc60d:port:tcp:56822	flow:9a334e6dc60d → port:tcp:56822
FLOW_FROM_HOSTOBS	e:from:SESSION-f3616b79a24490a3:host:177.10.239.154	SESSION-f3616b79a24490a3 → host:177.10.239.154
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5b3057ab5d68c477:SESSION-5b3057ab5d68c477	SESSION-5b3057ab5d68c477 → pe:tls:SESSION-5b3057ab5d68c477
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b35aac65e648dac0:SESSION-b35aac65e648dac0	SESSION-b35aac65e648dac0 → pe:tls:SESSION-b35aac65e648dac0
FLOW_TO_HOSTOBS	e:to:SESSION-596b6c60b11eaa92:host:177.10.234.195	SESSION-596b6c60b11eaa92 → host:177.10.234.195
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.151:asn:262880	host:177.10.235.151 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-44d3fd3ee1d51da1:SESSION-44d3fd3ee1d51da1	SESSION-44d3fd3ee1d51da1 → pe:syn:SESSION-44d3fd3ee1d51da1
FLOW_FROM_HOSTOBS	e:from:SESSION-d3f99262a1bb3592:host:172.234.197.23	SESSION-d3f99262a1bb3592 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.238:asn:273470	host:45.173.156.238 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68e98907ffe6aa24:flow:48de3dedd1a0	SESSION-68e98907ffe6aa24 → flow:48de3dedd1a0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-843bbb86e5601bd5:SESSION-843bbb86e5601bd5	SESSION-843bbb86e5601bd5 → pe:syn:SESSION-843bbb86e5601bd5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8bf7420041ec56c9:flow:2f3e5c1f74a5	SESSION-8bf7420041ec56c9 → flow:2f3e5c1f74a5
FLOW_FROM_HOSTOBS	e:from:SESSION-da7125a184793aeb:host:131.196.29.192	SESSION-da7125a184793aeb → host:131.196.29.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c73d5dfb4b98c8a4:host:131.196.31.230	SESSION-c73d5dfb4b98c8a4 → host:131.196.31.230
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eed281d532ce25c6:host:172.234.197.23	SESSION-eed281d532ce25c6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-774b2bcff77bd614:host:172.234.197.23	SESSION-774b2bcff77bd614 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-af315627d236ddd5:SESSION-af315627d236ddd5	SESSION-af315627d236ddd5 → pe:tls:SESSION-af315627d236ddd5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6aa2ce807ac3d210:flow:a74c8a5fa052	SESSION-6aa2ce807ac3d210 → flow:a74c8a5fa052
flow_observed4-aryOBS	e:fo:flow:8aa829431aa1	flow:8aa829431aa1 → host:172.234.197.23 → host:177.10.239.129 → port:tcp:46580
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a136c944084425c:host:131.196.30.75	SESSION-1a136c944084425c → host:131.196.30.75
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8982cb545b77cb1a:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8982cb545b77cb1a → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.167:geo_-21.10010_-41.69200	host:45.173.156.167 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:11839f4b0a73:port:tcp:51726	flow:11839f4b0a73 → port:tcp:51726
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d5ec38dc75ef648:host:131.196.29.154	SESSION-7d5ec38dc75ef648 → host:131.196.29.154
FLOW_FROM_HOSTOBS	e:from:SESSION-1b3b25682727ca52:host:172.234.197.23	SESSION-1b3b25682727ca52 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cdd13464c217a214:host:172.234.197.23	SESSION-cdd13464c217a214 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.130:asn:262880	host:177.10.233.130 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:d2c3d6be302a:port:tcp:443	flow:d2c3d6be302a → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.105:geo_41.00190_28.96450	host:95.170.25.105 → geo_41.00190_28.96450
FLOW_TO_HOSTOBS	e:to:SESSION-5f8d7516bed96e97:host:172.234.197.23	SESSION-5f8d7516bed96e97 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.186:asn:273470	host:45.173.156.186 → asn:273470
FLOW_DST_PORTOBS	e:fp:flow:caf67f36323b:port:tcp:443	flow:caf67f36323b → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.205:asn:271410	host:131.196.29.205 → asn:271410
flow_observed5-aryOBS	e:fo:flow:9183ca0bc5df	flow:9183ca0bc5df → host:45.173.156.236 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd81cfaee9483060:host:172.234.197.23	SESSION-cd81cfaee9483060 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:f9c9bf4165c6	flow:f9c9bf4165c6 → host:172.234.197.23 → host:177.10.239.242 → port:tcp:14034
FLOW_FROM_HOSTOBS	e:from:SESSION-81a82597e7e06ed6:host:172.234.197.23	SESSION-81a82597e7e06ed6 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-41c6e0b91a3149eb:flow:329e1f6a0d23	SESSION-41c6e0b91a3149eb → flow:329e1f6a0d23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f15dcbaf5ef33ebd:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f15dcbaf5ef33ebd → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-666cc538c7e1a156:host:172.234.197.23	SESSION-666cc538c7e1a156 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ea63b0a223461f6:host:131.196.29.41	SESSION-3ea63b0a223461f6 → host:131.196.29.41
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1057767eda3c24b1:SESSION-1057767eda3c24b1	SESSION-1057767eda3c24b1 → pe:syn:SESSION-1057767eda3c24b1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-685011adf9d67a1b:flow:094c3d9058e3	SESSION-685011adf9d67a1b → flow:094c3d9058e3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d59ad8978cc7e8b9:host:172.234.197.23	SESSION-d59ad8978cc7e8b9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e5eab3f22e87eb3f:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-e5eab3f22e87eb3f → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d9260442e0efbdc6:host:177.10.235.211:host:172.234.197.23	SESSION-d9260442e0efbdc6 → host:177.10.235.211 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b304bd763b72b95f:host:37.221.79.239	SESSION-b304bd763b72b95f → host:37.221.79.239
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4f6b9574b70ed197:SESSION-4f6b9574b70ed197	SESSION-4f6b9574b70ed197 → pe:syn:SESSION-4f6b9574b70ed197
FLOW_DST_PORTOBS	e:fp:flow:863ca651e2af:port:tcp:443	flow:863ca651e2af → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec373193747138e2:host:177.10.238.249	SESSION-ec373193747138e2 → host:177.10.238.249
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.238:asn:271410	host:131.196.29.238 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7963f405207d2813:host:177.10.234.162	SESSION-7963f405207d2813 → host:177.10.234.162
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-35e3c61c67455ba8:host:172.234.197.23:host:131.196.28.145	SESSION-35e3c61c67455ba8 → host:172.234.197.23 → host:131.196.28.145
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77d6ed106817bb5a:SESSION-77d6ed106817bb5a	SESSION-77d6ed106817bb5a → pe:tls:SESSION-77d6ed106817bb5a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b9d47d1bafad5ad0:host:177.10.237.47:host:172.234.197.23	SESSION-b9d47d1bafad5ad0 → host:177.10.237.47 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ec65811ecc506ca:SESSION-2ec65811ecc506ca	SESSION-2ec65811ecc506ca → pe:tls:SESSION-2ec65811ecc506ca
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-686bda995aabc86f:host:172.234.197.23	SESSION-686bda995aabc86f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0f2cdff3ab49e1a1:SESSION-0f2cdff3ab49e1a1	SESSION-0f2cdff3ab49e1a1 → pe:tls:SESSION-0f2cdff3ab49e1a1
FLOW_FROM_HOSTOBS	e:from:SESSION-6f61464efb17d4b1:host:131.196.28.50	SESSION-6f61464efb17d4b1 → host:131.196.28.50
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.9:asn:273470	host:45.173.156.9 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f55570dc615df23a:SESSION-f55570dc615df23a	SESSION-f55570dc615df23a → pe:tls:SESSION-f55570dc615df23a
FLOW_FROM_HOSTOBS	e:from:SESSION-bedf3bb9bf60dde0:host:45.173.156.156	SESSION-bedf3bb9bf60dde0 → host:45.173.156.156
FLOW_TO_HOSTOBS	e:to:SESSION-366e271d3ddb3e11:host:177.10.234.78	SESSION-366e271d3ddb3e11 → host:177.10.234.78
FLOW_FROM_HOSTOBS	e:from:SESSION-bf68ee1b1745b1ca:host:172.234.197.23	SESSION-bf68ee1b1745b1ca → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.11:asn:262880	host:177.10.235.11 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-231f5887ddd9d406:SESSION-231f5887ddd9d406	SESSION-231f5887ddd9d406 → pe:tls:SESSION-231f5887ddd9d406
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4754bc389b07ad3e:host:131.196.29.138:host:172.234.197.23	SESSION-4754bc389b07ad3e → host:131.196.29.138 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-81c3f53ebeacb521:flow:3f99712a5e3e	SESSION-81c3f53ebeacb521 → flow:3f99712a5e3e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a3643dbad405bac1:flow:78347322cd1b	SESSION-a3643dbad405bac1 → flow:78347322cd1b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.19:geo_-23.62930_-46.63510	host:131.196.30.19 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9726d81acc78b8e7:host:172.234.197.23	SESSION-9726d81acc78b8e7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fb256eae480c:port:tcp:43139	flow:fb256eae480c → port:tcp:43139
FLOW_DST_PORTOBS	e:fp:flow:595ca985adc2:port:tcp:443	flow:595ca985adc2 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-954e70596a40db71:host:177.10.232.219:host:172.234.197.23	SESSION-954e70596a40db71 → host:177.10.232.219 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1745753d6a990e0e:PCAP:capture_20260430050001:8868731bf8a4	SESSION-1745753d6a990e0e → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:e398b6f99204	flow:e398b6f99204 → host:172.234.197.23 → host:131.196.30.164 → port:tcp:2682
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-38298ff8ded7155d:host:131.196.29.170:host:172.234.197.23	SESSION-38298ff8ded7155d → host:131.196.29.170 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4670d2b8fb3d0344:SESSION-4670d2b8fb3d0344	SESSION-4670d2b8fb3d0344 → pe:syn:SESSION-4670d2b8fb3d0344
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9e0d73c88dd83fb6:SESSION-9e0d73c88dd83fb6	SESSION-9e0d73c88dd83fb6 → pe:tls:SESSION-9e0d73c88dd83fb6
flow_observed5-aryOBS	e:fo:flow:5ae4a5a5c662	flow:5ae4a5a5c662 → host:177.10.238.239 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-08ee685c4e8cc842:SESSION-08ee685c4e8cc842	SESSION-08ee685c4e8cc842 → pe:syn:SESSION-08ee685c4e8cc842
flow_observed5-aryOBS	e:fo:flow:9aaa3d552dfa	flow:9aaa3d552dfa → host:177.10.239.242 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-110ce59a2a29ac0c:SESSION-110ce59a2a29ac0c	SESSION-110ce59a2a29ac0c → pe:syn:SESSION-110ce59a2a29ac0c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5491ebf26b201b1a:SESSION-5491ebf26b201b1a	SESSION-5491ebf26b201b1a → pe:syn:SESSION-5491ebf26b201b1a
FLOW_TO_HOSTOBS	e:to:SESSION-7e0284f837155748:host:177.10.236.63	SESSION-7e0284f837155748 → host:177.10.236.63
FLOW_TO_HOSTOBS	e:to:SESSION-f21aae4e1b352568:host:172.234.197.23	SESSION-f21aae4e1b352568 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.74:asn:271410	host:131.196.31.74 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-d85be3a5c3c244d6:host:177.10.239.38	SESSION-d85be3a5c3c244d6 → host:177.10.239.38
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.91:asn:262880	host:177.10.234.91 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fae3464e58310370:host:172.234.197.23	SESSION-fae3464e58310370 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:94f77a55dba9:port:tcp:443	flow:94f77a55dba9 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d7c23b0aff57d2da:SESSION-d7c23b0aff57d2da	SESSION-d7c23b0aff57d2da → pe:syn:SESSION-d7c23b0aff57d2da
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e50198195b1abda9:flow:0d294bd2ee74	SESSION-e50198195b1abda9 → flow:0d294bd2ee74
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-733b7037c38abbcf:host:177.10.235.129:host:172.234.197.23	SESSION-733b7037c38abbcf → host:177.10.235.129 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-78d87c88323785f9:SESSION-78d87c88323785f9	SESSION-78d87c88323785f9 → pe:syn:SESSION-78d87c88323785f9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e3b214bdb989f663:flow:c30aca3eb872	SESSION-e3b214bdb989f663 → flow:c30aca3eb872
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.59:geo_-16.28860_-49.01640	host:177.10.238.59 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be8cffb783bfde31:PCAP:capture_20260430050001:8868731bf8a4	SESSION-be8cffb783bfde31 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2faf2af9b390693e:host:69.222.187.134	SESSION-2faf2af9b390693e → host:69.222.187.134
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-88f0aa854ba7cdd7:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-88f0aa854ba7cdd7 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-adc05f42cd7b2533:host:172.234.197.23	SESSION-adc05f42cd7b2533 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4a98c5df3fe5e6d6:host:172.234.197.23	SESSION-4a98c5df3fe5e6d6 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cac7290643404699:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cac7290643404699 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7fa8e5b00f80216f:flow:5d6ab0a6bb44	SESSION-7fa8e5b00f80216f → flow:5d6ab0a6bb44
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de2c7d1c6ad5841e:host:172.234.197.23	SESSION-de2c7d1c6ad5841e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eb40f64797e3fe16:flow:c71d0ad84949	SESSION-eb40f64797e3fe16 → flow:c71d0ad84949
flow_observed4-aryOBS	e:fo:flow:cb293ef68a69	flow:cb293ef68a69 → host:172.234.197.23 → host:131.196.30.12 → port:tcp:40669
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-04a75396d111d878:host:172.234.197.23	SESSION-04a75396d111d878 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.194:geo_-16.28860_-49.01640	host:177.10.234.194 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68ee3afa191e6305:host:172.234.197.23	SESSION-68ee3afa191e6305 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:91f1c0546e64	flow:91f1c0546e64 → host:131.196.31.255 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d274b6d174d04d01:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d274b6d174d04d01 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed3-aryOBS	e:fo:flow:6455145eb71d	flow:6455145eb71d → host:18.175.215.247 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9beaab7062aef373:SESSION-9beaab7062aef373	SESSION-9beaab7062aef373 → pe:tls:SESSION-9beaab7062aef373
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-78704dd999ae95fc:SESSION-78704dd999ae95fc	SESSION-78704dd999ae95fc → pe:tls:SESSION-78704dd999ae95fc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ccddbdb53d5af45:flow:e878a7e4044c	SESSION-6ccddbdb53d5af45 → flow:e878a7e4044c
FLOW_DST_PORTOBS	e:fp:flow:01d4aa0d71df:port:tcp:26327	flow:01d4aa0d71df → port:tcp:26327
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b9d6fb279031158e:SESSION-b9d6fb279031158e	SESSION-b9d6fb279031158e → pe:tls:SESSION-b9d6fb279031158e
FLOW_TO_HOSTOBS	e:to:SESSION-b0b8b90e300d9c11:host:172.234.197.23	SESSION-b0b8b90e300d9c11 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.31:asn:262880	host:177.10.236.31 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c2474adee374207e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c2474adee374207e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc0f694a62c9abc8:host:177.10.234.169	SESSION-cc0f694a62c9abc8 → host:177.10.234.169
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.131:asn:273470	host:45.173.156.131 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2f96a240aba6afcc:flow:d1fc1a294ea3	SESSION-2f96a240aba6afcc → flow:d1fc1a294ea3
FLOW_FROM_HOSTOBS	e:from:SESSION-d741000864bcf81f:host:172.234.197.23	SESSION-d741000864bcf81f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a19951f5f7590fa9:host:172.234.197.23	SESSION-a19951f5f7590fa9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9a4b68b400a3161c:host:131.196.28.193:host:172.234.197.23	SESSION-9a4b68b400a3161c → host:131.196.28.193 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86951cb3218963fd:host:177.10.235.126	SESSION-86951cb3218963fd → host:177.10.235.126
flow_observed5-aryOBS	e:fo:flow:4bcf39a2cae9	flow:4bcf39a2cae9 → host:177.10.234.41 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.205:asn:262880	host:177.10.236.205 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-61838f073a9a90b1:host:172.234.197.23	SESSION-61838f073a9a90b1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.43:geo_-23.62930_-46.63510	host:131.196.31.43 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:a6f1bedfb399:port:tcp:443	flow:a6f1bedfb399 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.224.53.144:geo_52.51960_13.40690	host:51.224.53.144 → geo_52.51960_13.40690
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-d6c09b181dae043f:SESSION-d6c09b181dae043f	SESSION-d6c09b181dae043f → pe:dns:SESSION-d6c09b181dae043f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-877b851a45681e10:PCAP:capture_20260430160001:9bfa4498506a	SESSION-877b851a45681e10 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:a0e4099057e0	flow:a0e4099057e0 → host:104.28.202.80 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4424212d2efd30c8:SESSION-4424212d2efd30c8	SESSION-4424212d2efd30c8 → pe:syn:SESSION-4424212d2efd30c8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3f928c0ad9f6130d:host:131.196.30.92:host:172.234.197.23	SESSION-3f928c0ad9f6130d → host:131.196.30.92 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a27690ff20574d25:flow:f961c3be1f44	SESSION-a27690ff20574d25 → flow:f961c3be1f44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-74505beccb017396:SESSION-74505beccb017396	SESSION-74505beccb017396 → pe:syn:SESSION-74505beccb017396
FLOW_DST_PORTOBS	e:fp:flow:a081aebbc709:port:tcp:443	flow:a081aebbc709 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d1e35f842f44326:host:177.10.232.34	SESSION-4d1e35f842f44326 → host:177.10.232.34
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac3ac59e74f457a2:host:177.10.233.240	SESSION-ac3ac59e74f457a2 → host:177.10.233.240
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-792b602eaec629a3:SESSION-792b602eaec629a3	SESSION-792b602eaec629a3 → pe:tls:SESSION-792b602eaec629a3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-41c82fa43395463b:flow:d17061662425	SESSION-41c82fa43395463b → flow:d17061662425
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-380f5751cd3ba7da:host:131.196.28.221	SESSION-380f5751cd3ba7da → host:131.196.28.221
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c130f2091984b84c:flow:6eec87534247	SESSION-c130f2091984b84c → flow:6eec87534247
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d60c66268e099206:host:177.10.237.80	SESSION-d60c66268e099206 → host:177.10.237.80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96c334cbd5a64077:host:103.230.240.59	SESSION-96c334cbd5a64077 → host:103.230.240.59
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.35:geo_-16.28860_-49.01640	host:177.10.232.35 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-ee8963275c4b434b:host:45.173.156.245	SESSION-ee8963275c4b434b → host:45.173.156.245
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f11cda502f952e41:host:131.196.29.27	SESSION-f11cda502f952e41 → host:131.196.29.27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5a7a08ae566a4a8b:SESSION-5a7a08ae566a4a8b	SESSION-5a7a08ae566a4a8b → pe:tls:SESSION-5a7a08ae566a4a8b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.98:asn:262880	host:177.10.233.98 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-44cdc048c80875b5:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-44cdc048c80875b5 → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.175:asn:203771	host:95.170.25.175 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-31d47da03b5e0774:SESSION-31d47da03b5e0774	SESSION-31d47da03b5e0774 → pe:syn:SESSION-31d47da03b5e0774
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.169:geo_-23.62930_-46.63510	host:131.196.28.169 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6490de849a8e5020:host:185.231.226.202	SESSION-6490de849a8e5020 → host:185.231.226.202
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a3e5e93fe3cda49d:flow:e4d25df52436	SESSION-a3e5e93fe3cda49d → flow:e4d25df52436
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf00afe8057eb986:host:131.196.31.229	SESSION-bf00afe8057eb986 → host:131.196.31.229
FLOW_DST_PORTOBS	e:fp:flow:aba061fcff4a:port:tcp:31293	flow:aba061fcff4a → port:tcp:31293
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aaa8cebb6aaa8760:SESSION-aaa8cebb6aaa8760	SESSION-aaa8cebb6aaa8760 → pe:syn:SESSION-aaa8cebb6aaa8760
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-854a13cbd553e198:flow:da8162c3336a	SESSION-854a13cbd553e198 → flow:da8162c3336a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.167:asn:262880	host:177.10.233.167 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-e77bd841354043c4:host:177.10.237.155	SESSION-e77bd841354043c4 → host:177.10.237.155
FLOW_TO_HOSTOBS	e:to:SESSION-c8bf059b02e9beec:host:172.234.197.23	SESSION-c8bf059b02e9beec → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:739dcc01ed96	flow:739dcc01ed96 → host:131.196.30.183 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-711f533390ef220f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-711f533390ef220f → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:4520e47e28d0	flow:4520e47e28d0 → host:131.196.31.42 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-47fbdf6c3cd24fcc:SESSION-47fbdf6c3cd24fcc	SESSION-47fbdf6c3cd24fcc → pe:syn:SESSION-47fbdf6c3cd24fcc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-978d4fdbc8d38350:host:172.234.197.23	SESSION-978d4fdbc8d38350 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.88:geo_-23.62930_-46.63510	host:131.196.31.88 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-a1d16880e0846180:host:131.196.31.160	SESSION-a1d16880e0846180 → host:131.196.31.160
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b60a9d1a25ff8255:host:131.196.29.122	SESSION-b60a9d1a25ff8255 → host:131.196.29.122
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-85419ca5854a5f9c:SESSION-85419ca5854a5f9c	SESSION-85419ca5854a5f9c → pe:syn:SESSION-85419ca5854a5f9c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6350f63c148b5b0b:host:177.10.239.146:host:172.234.197.23	SESSION-6350f63c148b5b0b → host:177.10.239.146 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-941b4a1386b7be8f:host:177.10.238.90	SESSION-941b4a1386b7be8f → host:177.10.238.90
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-382b47d73202b6ac:host:177.10.233.166:host:172.234.197.23	SESSION-382b47d73202b6ac → host:177.10.233.166 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5f147f2227c6d965:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5f147f2227c6d965 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5f07a2dad0dfb354:PCAP:capture_20260430060001:919b39a74464	SESSION-5f07a2dad0dfb354 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-964acfd97ca38755:host:172.234.197.23	SESSION-964acfd97ca38755 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c4a3ef3072acfd2:host:177.10.234.199	SESSION-9c4a3ef3072acfd2 → host:177.10.234.199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5940a5357983452d:host:177.10.234.114	SESSION-5940a5357983452d → host:177.10.234.114
FLOW_TO_HOSTOBS	e:to:SESSION-a3e524c73cd89280:host:177.10.234.189	SESSION-a3e524c73cd89280 → host:177.10.234.189
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6b62b6aad076f58:host:177.10.236.31	SESSION-a6b62b6aad076f58 → host:177.10.236.31
FLOW_DST_PORTOBS	e:fp:flow:218b80a18834:port:tcp:443	flow:218b80a18834 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-57e647fa0cdcfe5a:flow:d10569cf24d3	SESSION-57e647fa0cdcfe5a → flow:d10569cf24d3
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-cd4f490a373a283b:BSG-BEACON-7e5f57415e56	SESSION-cd4f490a373a283b → BSG-BEACON-7e5f57415e56
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ca59b4a9ab5138ce:SESSION-ca59b4a9ab5138ce	SESSION-ca59b4a9ab5138ce → pe:tls:SESSION-ca59b4a9ab5138ce
flow_observed4-aryOBS	e:fo:flow:b62b43632213	flow:b62b43632213 → host:172.234.197.23 → host:177.10.232.165 → port:tcp:45378
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56d3b103682c9fbe:host:172.234.197.23	SESSION-56d3b103682c9fbe → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4b1418ed7a7a9f3:host:45.173.156.169	SESSION-a4b1418ed7a7a9f3 → host:45.173.156.169
FLOW_DST_PORTOBS	e:fp:flow:52a9430d918c:port:tcp:443	flow:52a9430d918c → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ddc82f590dd8a411:host:177.10.237.200:host:172.234.197.23	SESSION-ddc82f590dd8a411 → host:177.10.237.200 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:759bd79056de:port:tcp:28278	flow:759bd79056de → port:tcp:28278
flow_observed5-aryOBS	e:fo:flow:0bf2deeeb39a	flow:0bf2deeeb39a → host:88.99.91.59 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-64807579ab6c52ee:host:131.196.28.139:host:172.234.197.23	SESSION-64807579ab6c52ee → host:131.196.28.139 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4059a39607153158:SESSION-4059a39607153158	SESSION-4059a39607153158 → pe:syn:SESSION-4059a39607153158
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cff48a7a06adcd8f:host:45.173.156.92	SESSION-cff48a7a06adcd8f → host:45.173.156.92
FLOW_FROM_HOSTOBS	e:from:SESSION-f04e938497dcf32a:host:172.234.197.23	SESSION-f04e938497dcf32a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd57eb7fcad3510c:host:177.10.234.60	SESSION-fd57eb7fcad3510c → host:177.10.234.60
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-97b2355356a85562:SESSION-97b2355356a85562	SESSION-97b2355356a85562 → pe:tls:SESSION-97b2355356a85562
FLOW_DST_PORTOBS	e:fp:flow:86d6a83e2f14:port:tcp:443	flow:86d6a83e2f14 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a5004eb3121e0f98:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-a5004eb3121e0f98 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-f39c81a37ca9c9d3:host:172.234.197.23	SESSION-f39c81a37ca9c9d3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e9a6c21b5639:port:tcp:443	flow:e9a6c21b5639 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-406d5e8256fbfc45:host:172.234.197.23	SESSION-406d5e8256fbfc45 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ad4b86f4c7bfaae:flow:30a23d21f13c	SESSION-1ad4b86f4c7bfaae → flow:30a23d21f13c
flow_observed5-aryOBS	e:fo:flow:5cc135c6f42c	flow:5cc135c6f42c → host:177.10.237.95 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:4b85dcad38b9:port:tcp:443	flow:4b85dcad38b9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1ff5f640d9a1d3a:host:172.234.197.23	SESSION-e1ff5f640d9a1d3a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fd2e4550d5ebaf09:SESSION-fd2e4550d5ebaf09	SESSION-fd2e4550d5ebaf09 → pe:syn:SESSION-fd2e4550d5ebaf09
FLOW_TO_HOSTOBS	e:to:SESSION-931a0ea4dc7054bf:host:172.234.197.23	SESSION-931a0ea4dc7054bf → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9c90a0ccccb1	flow:9c90a0ccccb1 → host:177.10.236.239 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-38739a517334cf5a:host:172.234.197.23	SESSION-38739a517334cf5a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f59bcaffd8dcae9:host:172.234.197.23	SESSION-8f59bcaffd8dcae9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bcd94ff2cea5ca72:SESSION-bcd94ff2cea5ca72	SESSION-bcd94ff2cea5ca72 → pe:tls:SESSION-bcd94ff2cea5ca72
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5b79680f4b436a5:host:34.216.76.26	SESSION-b5b79680f4b436a5 → host:34.216.76.26
FLOW_FROM_HOSTOBS	e:from:SESSION-a782bfdef89df980:host:177.10.238.50	SESSION-a782bfdef89df980 → host:177.10.238.50
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf988ed4220ca0ac:host:172.234.197.23	SESSION-bf988ed4220ca0ac → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e853a157c23802e1:host:172.234.197.23	SESSION-e853a157c23802e1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7273aea3ec9beab:host:45.173.156.109	SESSION-f7273aea3ec9beab → host:45.173.156.109
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc7ab250b87b35be:PCAP:capture_20260430050001:8868731bf8a4	SESSION-cc7ab250b87b35be → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-338b64f691539afb:host:177.10.232.130	SESSION-338b64f691539afb → host:177.10.232.130
FLOW_FROM_HOSTOBS	e:from:SESSION-d8c0a98b52014301:host:177.10.237.230	SESSION-d8c0a98b52014301 → host:177.10.237.230
FLOW_DST_PORTOBS	e:fp:flow:1760fdc53f75:port:tcp:63768	flow:1760fdc53f75 → port:tcp:63768
FLOW_TO_HOSTOBS	e:to:SESSION-1e2a14af4b2a82fd:host:177.10.236.10	SESSION-1e2a14af4b2a82fd → host:177.10.236.10
FLOW_FROM_HOSTOBS	e:from:SESSION-2a33d29db5091f68:host:177.10.238.173	SESSION-2a33d29db5091f68 → host:177.10.238.173
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.67:asn:271410	host:131.196.30.67 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-373bf424772e8fef:host:172.234.197.23	SESSION-373bf424772e8fef → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a759d297db5368da:SESSION-a759d297db5368da	SESSION-a759d297db5368da → pe:syn:SESSION-a759d297db5368da
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-282c3beb2e9d9d39:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-282c3beb2e9d9d39 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-65f49e29fd3c9157:host:172.234.197.23	SESSION-65f49e29fd3c9157 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-efcc1618f79daeb7:host:172.234.197.23	SESSION-efcc1618f79daeb7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-01c9c3509e882c26:flow:4f46f15c4cff	SESSION-01c9c3509e882c26 → flow:4f46f15c4cff
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-62b98bdaf08d2190:SESSION-62b98bdaf08d2190	SESSION-62b98bdaf08d2190 → pe:tls:SESSION-62b98bdaf08d2190
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-21640db65210a47d:flow:456dd9438c9b	SESSION-21640db65210a47d → flow:456dd9438c9b
flow_observed5-aryOBS	e:fo:flow:b93dd62bf249	flow:b93dd62bf249 → host:177.10.238.87 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:a78c6319ce69	flow:a78c6319ce69 → host:177.10.237.223 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47ed57a240abf6fc:flow:a59865cbe96a	SESSION-47ed57a240abf6fc → flow:a59865cbe96a
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.5:asn:271410	host:131.196.30.5 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-af13e3f1012247aa:host:172.234.197.23	SESSION-af13e3f1012247aa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ccf0be9923f197d:host:172.234.197.23	SESSION-7ccf0be9923f197d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08ee685c4e8cc842:host:131.196.28.219	SESSION-08ee685c4e8cc842 → host:131.196.28.219
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a466e26c77a91e3:host:172.234.197.23	SESSION-9a466e26c77a91e3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f60661a19246ebd9:host:177.10.238.239	SESSION-f60661a19246ebd9 → host:177.10.238.239
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f78268addd9f6ca3:host:177.10.236.164:host:172.234.197.23	SESSION-f78268addd9f6ca3 → host:177.10.236.164 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:759bd79056de	flow:759bd79056de → host:172.234.197.23 → host:177.10.236.114 → port:tcp:28278
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:104.28.202.79:geo_29.75390_-95.35900	host:104.28.202.79 → geo_29.75390_-95.35900
FLOW_TO_HOSTOBS	e:to:SESSION-0634c65493dd9b22:host:172.234.197.23	SESSION-0634c65493dd9b22 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a1d91047073c4c2:host:172.234.197.23	SESSION-4a1d91047073c4c2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e9e5b45e575f3797:flow:e7b0e66f989e	SESSION-e9e5b45e575f3797 → flow:e7b0e66f989e
FLOW_FROM_HOSTOBS	e:from:SESSION-212f7b3a9bb90264:host:172.234.197.23	SESSION-212f7b3a9bb90264 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6dadefe349dd79f6:host:172.234.197.23	SESSION-6dadefe349dd79f6 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e26c1de83807ce87:flow:af7d2ecd3525	SESSION-e26c1de83807ce87 → flow:af7d2ecd3525
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ded52056067d22b2:host:45.173.156.61	SESSION-ded52056067d22b2 → host:45.173.156.61
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a29c9496c44f9fe8:host:177.10.235.6:host:172.234.197.23	SESSION-a29c9496c44f9fe8 → host:177.10.235.6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a108f3a8f652bd55:SESSION-a108f3a8f652bd55	SESSION-a108f3a8f652bd55 → pe:syn:SESSION-a108f3a8f652bd55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a3643dbad405bac1:SESSION-a3643dbad405bac1	SESSION-a3643dbad405bac1 → pe:tls:SESSION-a3643dbad405bac1
FLOW_TO_HOSTOBS	e:to:SESSION-754d0cc424848140:host:172.234.197.23	SESSION-754d0cc424848140 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e883c2ce63ee6e05:host:172.234.197.23:host:172.232.0.16	SESSION-e883c2ce63ee6e05 → host:172.234.197.23 → host:172.232.0.16
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-757e5ed1a89f1610:flow:7d9f821e6b63	SESSION-757e5ed1a89f1610 → flow:7d9f821e6b63
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a01362ca7d087a96:host:177.10.237.68:host:172.234.197.23	SESSION-a01362ca7d087a96 → host:177.10.237.68 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.33:geo_-16.28860_-49.01640	host:177.10.234.33 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-f7bf570ae8905fff:host:172.234.197.23	SESSION-f7bf570ae8905fff → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1fc6dd1896fecefa:host:131.196.30.15:host:172.234.197.23	SESSION-1fc6dd1896fecefa → host:131.196.30.15 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:684f698a3206	flow:684f698a3206 → host:177.10.238.57 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-d2c659a567a628e2:host:177.10.236.41	SESSION-d2c659a567a628e2 → host:177.10.236.41
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.171:geo_-16.28860_-49.01640	host:177.10.236.171 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-02cad694702cb9f1:PCAP:capture_20260430080001:93f47cc296a4	SESSION-02cad694702cb9f1 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-33075a11d7099c2b:SESSION-33075a11d7099c2b	SESSION-33075a11d7099c2b → pe:syn:SESSION-33075a11d7099c2b
flow_observed3-aryOBS	e:fo:flow:29de867ecad0	flow:29de867ecad0 → host:15.152.35.247 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c2099dbde4b7ef03:flow:8b11ab71f223	SESSION-c2099dbde4b7ef03 → flow:8b11ab71f223
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-49d1ccfce5e59a68:SESSION-49d1ccfce5e59a68	SESSION-49d1ccfce5e59a68 → pe:tls:SESSION-49d1ccfce5e59a68
FLOW_FROM_HOSTOBS	e:from:SESSION-430caa0514cbc012:host:172.234.197.23	SESSION-430caa0514cbc012 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:64e8ae830f9a:port:tcp:3106	flow:64e8ae830f9a → port:tcp:3106
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47acb5bee39822f1:flow:185b92a83312	SESSION-47acb5bee39822f1 → flow:185b92a83312
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa1be017e5052d0a:host:172.234.197.23	SESSION-fa1be017e5052d0a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:313e7cddc626	flow:313e7cddc626 → host:177.10.235.253 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-20b594788160c43c:host:177.10.236.11	SESSION-20b594788160c43c → host:177.10.236.11
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-60dab6a51248be22:host:131.196.28.209:host:172.234.197.23	SESSION-60dab6a51248be22 → host:131.196.28.209 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-52edb7664c060999:host:172.234.197.23	SESSION-52edb7664c060999 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1d0bad8110700772:host:172.234.197.23	SESSION-1d0bad8110700772 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-99cedbc5d14c9ef2:flow:6015041af7e8	SESSION-99cedbc5d14c9ef2 → flow:6015041af7e8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-94c9082e66baa6b5:flow:b0ce171daf3a	SESSION-94c9082e66baa6b5 → flow:b0ce171daf3a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c917f93463d3774:host:35.95.128.58	SESSION-8c917f93463d3774 → host:35.95.128.58
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d846bfa2b8f8474d:host:177.10.235.61:host:172.234.197.23	SESSION-d846bfa2b8f8474d → host:177.10.235.61 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:023c06168fdb:port:tcp:443	flow:023c06168fdb → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0fa06d2bfceab141:host:172.234.197.23	SESSION-0fa06d2bfceab141 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb59d1b27c368873:host:172.234.197.23	SESSION-cb59d1b27c368873 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-58a14b9397c116a1:host:172.234.197.23	SESSION-58a14b9397c116a1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8a6e8a4db8ac534:host:177.10.234.67	SESSION-e8a6e8a4db8ac534 → host:177.10.234.67
FLOW_DST_PORTOBS	e:fp:flow:b36d5e36f32f:port:tcp:443	flow:b36d5e36f32f → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb9826b2bc40f219:host:177.10.238.191	SESSION-eb9826b2bc40f219 → host:177.10.238.191
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8982cb545b77cb1a:flow:e92d969363c6	SESSION-8982cb545b77cb1a → flow:e92d969363c6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cd248be3cf9515b5:SESSION-cd248be3cf9515b5	SESSION-cd248be3cf9515b5 → pe:syn:SESSION-cd248be3cf9515b5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e28b3ef52579af3b:SESSION-e28b3ef52579af3b	SESSION-e28b3ef52579af3b → pe:syn:SESSION-e28b3ef52579af3b
FLOW_FROM_HOSTOBS	e:from:SESSION-0d8801f02b141d30:host:172.234.197.23	SESSION-0d8801f02b141d30 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9dc3dafcee87c5f7:flow:9db03b9825bb	SESSION-9dc3dafcee87c5f7 → flow:9db03b9825bb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0a19698769d1246:host:177.10.232.46	SESSION-d0a19698769d1246 → host:177.10.232.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-265fcf20a19ad440:SESSION-265fcf20a19ad440	SESSION-265fcf20a19ad440 → pe:tls:SESSION-265fcf20a19ad440
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4ce32efb58e1da83:SESSION-4ce32efb58e1da83	SESSION-4ce32efb58e1da83 → pe:syn:SESSION-4ce32efb58e1da83
FLOW_DST_PORTOBS	e:fp:flow:74378186d58c:port:tcp:443	flow:74378186d58c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b0ca3b8aea25b593:SESSION-b0ca3b8aea25b593	SESSION-b0ca3b8aea25b593 → pe:tls:SESSION-b0ca3b8aea25b593
flow_observed5-aryOBS	e:fo:flow:b5a1cccd350c	flow:b5a1cccd350c → host:177.10.239.16 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:19794999a79b	flow:19794999a79b → host:172.234.197.23 → host:131.196.29.0 → port:tcp:65386
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-26a93711200ab02b:SESSION-26a93711200ab02b	SESSION-26a93711200ab02b → pe:syn:SESSION-26a93711200ab02b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.135:asn:262880	host:177.10.233.135 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96c13a83414ab25f:SESSION-96c13a83414ab25f	SESSION-96c13a83414ab25f → pe:syn:SESSION-96c13a83414ab25f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f766219ab3f1d4b:flow:1418649c62d3	SESSION-4f766219ab3f1d4b → flow:1418649c62d3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f3d13cea2cf7dcee:SESSION-f3d13cea2cf7dcee	SESSION-f3d13cea2cf7dcee → pe:tls:SESSION-f3d13cea2cf7dcee
FLOW_DST_PORTOBS	e:fp:flow:c180406a2791:port:tcp:646	flow:c180406a2791 → port:tcp:646
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eb7b7dca9012c682:host:172.234.197.23:host:131.196.31.30	SESSION-eb7b7dca9012c682 → host:172.234.197.23 → host:131.196.31.30
FLOW_TO_HOSTOBS	e:to:SESSION-c4289737814dbd64:host:172.234.197.23	SESSION-c4289737814dbd64 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0b0070ff484a299:host:177.10.235.128	SESSION-c0b0070ff484a299 → host:177.10.235.128
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.116:geo_-16.28860_-49.01640	host:177.10.237.116 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7f3bd7044d582575:flow:f2febbd542f8	SESSION-7f3bd7044d582575 → flow:f2febbd542f8
FLOW_FROM_HOSTOBS	e:from:SESSION-b9d0d1a45a4e9ec7:host:144.76.23.34	SESSION-b9d0d1a45a4e9ec7 → host:144.76.23.34
flow_observed5-aryOBS	e:fo:flow:c2b0dcf2b507	flow:c2b0dcf2b507 → host:177.10.234.74 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5527f09aaa715d91:host:172.234.197.23:host:131.196.30.132	SESSION-5527f09aaa715d91 → host:172.234.197.23 → host:131.196.30.132
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fda5d1d0c89bbfd4:SESSION-fda5d1d0c89bbfd4	SESSION-fda5d1d0c89bbfd4 → pe:syn:SESSION-fda5d1d0c89bbfd4
FLOW_FROM_HOSTOBS	e:from:SESSION-8e743a12f6a9d6a4:host:177.10.235.187	SESSION-8e743a12f6a9d6a4 → host:177.10.235.187
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-692dce6abc85c058:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-692dce6abc85c058 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-5b3057ab5d68c477:host:177.10.235.80	SESSION-5b3057ab5d68c477 → host:177.10.235.80
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.53:geo_-16.28860_-49.01640	host:177.10.236.53 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a55eb245a4ca8dde:host:172.234.197.23	SESSION-a55eb245a4ca8dde → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.90:geo_-23.62930_-46.63510	host:131.196.28.90 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-457bc509f900e32f:SESSION-457bc509f900e32f	SESSION-457bc509f900e32f → pe:tls:SESSION-457bc509f900e32f
FLOW_DST_PORTOBS	e:fp:flow:c82bccc28482:port:tcp:443	flow:c82bccc28482 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.8:geo_-16.28860_-49.01640	host:177.10.238.8 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b91cc7f2039924f2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b91cc7f2039924f2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f5b7d4cd5351b11:host:177.10.233.88	SESSION-8f5b7d4cd5351b11 → host:177.10.233.88
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9af79ddb47e5c950:PCAP:capture_20260430160001:9bfa4498506a	SESSION-9af79ddb47e5c950 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b3fd62b1832b0e41:PCAP:capture_20260430160001:9bfa4498506a	SESSION-b3fd62b1832b0e41 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:805dc51bcb4f:port:tcp:443	flow:805dc51bcb4f → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7488427d80d09cd9:host:131.196.29.70:host:172.234.197.23	SESSION-7488427d80d09cd9 → host:131.196.29.70 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-783c4edbafa3c164:SESSION-783c4edbafa3c164	SESSION-783c4edbafa3c164 → pe:rst:SESSION-783c4edbafa3c164
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a38d88507263cddf:host:172.234.197.23	SESSION-a38d88507263cddf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cf40158902d38ce6:SESSION-cf40158902d38ce6	SESSION-cf40158902d38ce6 → pe:tls:SESSION-cf40158902d38ce6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c24aca5564d2ae55:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c24aca5564d2ae55 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:90da32842d78:port:tcp:21	flow:90da32842d78 → port:tcp:21
flow_observed5-aryOBS	e:fo:flow:d39d584292f8	flow:d39d584292f8 → host:131.196.29.229 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7a22eb4c95bd17b8:host:131.196.29.59:host:172.234.197.23	SESSION-7a22eb4c95bd17b8 → host:131.196.29.59 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51603301232db2ce:host:172.234.197.23	SESSION-51603301232db2ce → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-112f4fdeb678f643:host:177.10.238.116	SESSION-112f4fdeb678f643 → host:177.10.238.116
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-68c9571f275cd182:SESSION-68c9571f275cd182	SESSION-68c9571f275cd182 → pe:tls:SESSION-68c9571f275cd182
flow_observed4-aryOBS	e:fo:flow:6a0990d94d28	flow:6a0990d94d28 → host:172.234.197.23 → host:177.10.239.134 → port:tcp:10147
FLOW_FROM_HOSTOBS	e:from:SESSION-1f082f9fe3332438:host:177.10.236.26	SESSION-1f082f9fe3332438 → host:177.10.236.26
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ee9ba8cae5cc2ab:SESSION-2ee9ba8cae5cc2ab	SESSION-2ee9ba8cae5cc2ab → pe:syn:SESSION-2ee9ba8cae5cc2ab
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.134:geo_-23.62930_-46.63510	host:131.196.29.134 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77b68b84e12bfaab:host:177.10.235.196	SESSION-77b68b84e12bfaab → host:177.10.235.196
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.189:asn:273470	host:45.173.156.189 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0aa7cb63cd191443:SESSION-0aa7cb63cd191443	SESSION-0aa7cb63cd191443 → pe:syn:SESSION-0aa7cb63cd191443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fad6b9be10f7d404:host:51.75.171.21:host:172.234.197.23	SESSION-fad6b9be10f7d404 → host:51.75.171.21 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1ffefd09c68f:port:tcp:57326	flow:1ffefd09c68f → port:tcp:57326
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c9d9495404a53bc0:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c9d9495404a53bc0 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-122af33beaf7e9c5:PCAP:capture_20260430150001:ded20914761d	SESSION-122af33beaf7e9c5 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-25f56036928a5a45:host:172.234.197.23	SESSION-25f56036928a5a45 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ad7d874b9cd6bce1:host:177.10.239.255	SESSION-ad7d874b9cd6bce1 → host:177.10.239.255
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f181002c59096f4:host:177.10.232.213	SESSION-7f181002c59096f4 → host:177.10.232.213
flow_observed4-aryOBS	e:fo:flow:2dd366d504c3	flow:2dd366d504c3 → host:172.234.197.23 → host:177.10.239.158 → port:tcp:19571
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-472adb1eeb20f880:PCAP:capture_20260430050001:8868731bf8a4	SESSION-472adb1eeb20f880 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d5ac91adedbe1ec7:SESSION-d5ac91adedbe1ec7	SESSION-d5ac91adedbe1ec7 → pe:tls:SESSION-d5ac91adedbe1ec7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95229bbdec6f8a74:host:172.234.197.23	SESSION-95229bbdec6f8a74 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e55b6d94395b	flow:e55b6d94395b → host:131.196.30.95 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fcb174e83803b1f7:SESSION-fcb174e83803b1f7	SESSION-fcb174e83803b1f7 → pe:tls:SESSION-fcb174e83803b1f7
FLOW_FROM_HOSTOBS	e:from:SESSION-f4bd70bea69fea0d:host:131.196.29.60	SESSION-f4bd70bea69fea0d → host:131.196.29.60
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-50e84f588759fadd:PCAP:capture_20260430150001:ded20914761d	SESSION-50e84f588759fadd → PCAP:capture_20260430150001:ded20914761d
flow_observed5-aryOBS	e:fo:flow:3569a5a521df	flow:3569a5a521df → host:104.28.202.80 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-858e7fe3651dc7b6:SESSION-858e7fe3651dc7b6	SESSION-858e7fe3651dc7b6 → pe:syn:SESSION-858e7fe3651dc7b6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-727af4ad5af6cc01:SESSION-727af4ad5af6cc01	SESSION-727af4ad5af6cc01 → pe:rst:SESSION-727af4ad5af6cc01
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3ea6c4aff46dde87:PCAP:capture_20260430070001:903a0e7a436b	SESSION-3ea6c4aff46dde87 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-911659ba7d4041d9:host:177.10.239.24	SESSION-911659ba7d4041d9 → host:177.10.239.24
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-14a60b0039fa135f:SESSION-14a60b0039fa135f	SESSION-14a60b0039fa135f → pe:tls:SESSION-14a60b0039fa135f
flow_observed5-aryOBS	e:fo:flow:e2597f9b7088	flow:e2597f9b7088 → host:177.10.237.94 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b57c4e647c9921c9:host:177.10.237.28	SESSION-b57c4e647c9921c9 → host:177.10.237.28
FLOW_DST_PORTOBS	e:fp:flow:edee59eace09:port:tcp:13432	flow:edee59eace09 → port:tcp:13432
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a4d952075d0ee24:host:172.234.197.23	SESSION-5a4d952075d0ee24 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0aa7cb63cd191443:flow:3e601c0d8e12	SESSION-0aa7cb63cd191443 → flow:3e601c0d8e12
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e0f3c8a35641f7b:host:177.10.237.57	SESSION-8e0f3c8a35641f7b → host:177.10.237.57
FLOW_DST_PORTOBS	e:fp:flow:7fb6ef520631:port:tcp:53806	flow:7fb6ef520631 → port:tcp:53806
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1440a3c9b30a4056:host:177.10.232.84	SESSION-1440a3c9b30a4056 → host:177.10.232.84
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5dbf12d77f23d3eb:host:172.234.197.23	SESSION-5dbf12d77f23d3eb → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.211:asn:271410	host:131.196.28.211 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-04c23b7b96a70798:flow:a364bf313740	SESSION-04c23b7b96a70798 → flow:a364bf313740
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9eb85eb3deaacc18:host:172.234.197.23	SESSION-9eb85eb3deaacc18 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:26e9f149e36d:port:tcp:48562	flow:26e9f149e36d → port:tcp:48562
FLOW_DST_PORTOBS	e:fp:flow:da534c89e93d:port:tcp:443	flow:da534c89e93d → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-276107f90ab0c118:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-276107f90ab0c118 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-417f532a2a507181:host:177.10.238.158	SESSION-417f532a2a507181 → host:177.10.238.158
FLOW_FROM_HOSTOBS	e:from:SESSION-7cf4eefda54138cc:host:172.234.197.23	SESSION-7cf4eefda54138cc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03f351fbd88acdc4:host:131.196.31.23	SESSION-03f351fbd88acdc4 → host:131.196.31.23
FLOW_TO_HOSTOBS	e:to:SESSION-a83465e2bbc20296:host:172.234.197.23	SESSION-a83465e2bbc20296 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8f59bcaffd8dcae9:host:92.112.71.255:host:172.234.197.23	SESSION-8f59bcaffd8dcae9 → host:92.112.71.255 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:098d80ed7006	flow:098d80ed7006 → host:172.234.197.23 → host:177.10.238.46 → port:tcp:3045
flow_observed5-aryOBS	e:fo:flow:2d58321ba87c	flow:2d58321ba87c → host:45.173.156.54 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0cba2347786f28d:host:172.234.197.23	SESSION-b0cba2347786f28d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ad4be2ec0ec8e7ca:host:131.196.30.161:host:172.234.197.23	SESSION-ad4be2ec0ec8e7ca → host:131.196.30.161 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ddb8ef81f168c6c0:SESSION-ddb8ef81f168c6c0	SESSION-ddb8ef81f168c6c0 → pe:tls:SESSION-ddb8ef81f168c6c0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d52893e766cf8155:SESSION-d52893e766cf8155	SESSION-d52893e766cf8155 → pe:syn:SESSION-d52893e766cf8155
flow_observed5-aryOBS	e:fo:flow:41972dbe52b9	flow:41972dbe52b9 → host:131.196.31.160 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-633c88960b55f389:SESSION-633c88960b55f389	SESSION-633c88960b55f389 → pe:tls:SESSION-633c88960b55f389
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a9e4c3921500675:host:177.10.236.84	SESSION-6a9e4c3921500675 → host:177.10.236.84
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-166e94983783f266:host:172.234.197.23	SESSION-166e94983783f266 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9a466e26c77a91e3:host:172.234.197.23	SESSION-9a466e26c77a91e3 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-2dd1a49fa9f1084b:BSG-BEACON-1f5c19bfbe6f	SESSION-2dd1a49fa9f1084b → BSG-BEACON-1f5c19bfbe6f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b99a2a75b4ae9e98:host:172.234.197.23:host:131.196.30.230	SESSION-b99a2a75b4ae9e98 → host:172.234.197.23 → host:131.196.30.230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-67c350ca0312f6cb:SESSION-67c350ca0312f6cb	SESSION-67c350ca0312f6cb → pe:syn:SESSION-67c350ca0312f6cb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b89a1b1f5399599:host:131.196.29.65:host:172.234.197.23	SESSION-7b89a1b1f5399599 → host:131.196.29.65 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4be6b5471ca196a:host:177.10.238.83	SESSION-c4be6b5471ca196a → host:177.10.238.83
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.94:asn:262880	host:177.10.238.94 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c58c12f678d65836:host:177.10.235.211	SESSION-c58c12f678d65836 → host:177.10.235.211
FLOW_TLS_SNIOBS	e:fs:flow:6605cb18f1ab:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:6605cb18f1ab → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-47d7544842406eea:host:172.234.197.23	SESSION-47d7544842406eea → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.141:asn:271410	host:131.196.31.141 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-97a6ca320e2242f6:PCAP:capture_20260430110001:43611bdf6759	SESSION-97a6ca320e2242f6 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-858e7fe3651dc7b6:host:172.234.197.23	SESSION-858e7fe3651dc7b6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e54eb0866acbe21:host:172.234.197.23	SESSION-3e54eb0866acbe21 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ac89834f3c269f55:host:177.10.233.163:host:172.234.197.23	SESSION-ac89834f3c269f55 → host:177.10.233.163 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7963f405207d2813:SESSION-7963f405207d2813	SESSION-7963f405207d2813 → pe:syn:SESSION-7963f405207d2813
flow_observed5-aryOBS	e:fo:flow:5513de486200	flow:5513de486200 → host:177.10.237.18 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8cb5f38c68f62897:host:177.10.236.215	SESSION-8cb5f38c68f62897 → host:177.10.236.215
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96eb62897cd314d5:SESSION-96eb62897cd314d5	SESSION-96eb62897cd314d5 → pe:syn:SESSION-96eb62897cd314d5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e859a84eb4eaf300:flow:c42fa8d9585a	SESSION-e859a84eb4eaf300 → flow:c42fa8d9585a
FLOW_DST_PORTOBS	e:fp:flow:a84e029681a8:port:tcp:15055	flow:a84e029681a8 → port:tcp:15055
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bde2562b2e16b844:host:177.10.235.14	SESSION-bde2562b2e16b844 → host:177.10.235.14
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.183:geo_41.00190_28.96450	host:92.112.71.183 → geo_41.00190_28.96450
FLOW_TO_HOSTOBS	e:to:SESSION-6f99e1376da42693:host:131.196.30.233	SESSION-6f99e1376da42693 → host:131.196.30.233
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8277822e9833952:host:172.234.197.23	SESSION-c8277822e9833952 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9df048180bcb59b6:host:131.196.30.72	SESSION-9df048180bcb59b6 → host:131.196.30.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-415d7b69c6628cc7:SESSION-415d7b69c6628cc7	SESSION-415d7b69c6628cc7 → pe:tls:SESSION-415d7b69c6628cc7
FLOW_DST_PORTOBS	e:fp:flow:72b61607d168:port:tcp:30886	flow:72b61607d168 → port:tcp:30886
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.107:asn:271410	host:131.196.28.107 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:ae23623ba6a8:port:tcp:443	flow:ae23623ba6a8 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.214:geo_-16.28860_-49.01640	host:177.10.233.214 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65274afd8d8bc249:host:172.234.197.23	SESSION-65274afd8d8bc249 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f74caf722af4b362:host:172.234.197.23	SESSION-f74caf722af4b362 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dfde0f74dbe81c3a:host:131.196.28.80:host:172.234.197.23	SESSION-dfde0f74dbe81c3a → host:131.196.28.80 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db1ee555567b9b22:host:131.196.28.234	SESSION-db1ee555567b9b22 → host:131.196.28.234
FLOW_DST_PORTOBS	e:fp:flow:6a46893b400c:port:tcp:18902	flow:6a46893b400c → port:tcp:18902
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.221:geo_-16.28860_-49.01640	host:177.10.238.221 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:d7cbc1377cf9	flow:d7cbc1377cf9 → host:172.234.197.23 → host:177.10.239.205 → port:tcp:61766
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d30bf1800064cde2:flow:91eaffbcef38	SESSION-d30bf1800064cde2 → flow:91eaffbcef38
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a214ec19ba198e7:host:172.234.197.23	SESSION-6a214ec19ba198e7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-979dfdf677607677:host:172.234.197.23	SESSION-979dfdf677607677 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-db9e8149201eae0f:host:131.196.30.59	SESSION-db9e8149201eae0f → host:131.196.30.59
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1b69502656f28818:flow:33bd4768ba4e	SESSION-1b69502656f28818 → flow:33bd4768ba4e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d12c89e59455016e:host:131.196.28.100	SESSION-d12c89e59455016e → host:131.196.28.100
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-55979c68784410e0:host:177.10.232.81:host:172.234.197.23	SESSION-55979c68784410e0 → host:177.10.232.81 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.205:asn:271410	host:131.196.31.205 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:68930acd3198:port:tcp:52848	flow:68930acd3198 → port:tcp:52848
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-332b957940cff81b:PCAP:capture_20260428010001:b1b402c7b202	SESSION-332b957940cff81b → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48482b2d296d23e2:host:172.234.197.23	SESSION-48482b2d296d23e2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-84a17a716ed94f5c:host:131.196.28.162	SESSION-84a17a716ed94f5c → host:131.196.28.162
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8f98b72d4ec65d75:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-8f98b72d4ec65d75 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-eaf9de21464647a2:host:172.234.197.23	SESSION-eaf9de21464647a2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-793bdbe15c87a87a:host:177.10.232.107:host:172.234.197.23	SESSION-793bdbe15c87a87a → host:177.10.232.107 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:4e9fd19f4a04	flow:4e9fd19f4a04 → host:172.234.197.23 → host:177.10.237.82 → port:tcp:18476
flow_observed5-aryOBS	e:fo:flow:78fa7f111390	flow:78fa7f111390 → host:177.10.238.139 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.230:geo_-23.62930_-46.63510	host:131.196.31.230 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5f5575c7d9faf65d:flow:76916016f7bd	SESSION-5f5575c7d9faf65d → flow:76916016f7bd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3b2d33602e817e1:host:172.234.197.23	SESSION-b3b2d33602e817e1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.16:geo_-23.62930_-46.63510	host:131.196.28.16 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-67e118b3ac1b9481:host:177.10.233.196:host:172.234.197.23	SESSION-67e118b3ac1b9481 → host:177.10.233.196 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68282fbeb04671d9:host:172.234.197.23:host:177.10.237.54	SESSION-68282fbeb04671d9 → host:172.234.197.23 → host:177.10.237.54
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0b0b2d167e93bb2e:flow:3adb4fd2df9b	SESSION-0b0b2d167e93bb2e → flow:3adb4fd2df9b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-677c9237241fc75d:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-677c9237241fc75d → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3f38f9d39dae0e5a:host:177.10.236.192:host:172.234.197.23	SESSION-3f38f9d39dae0e5a → host:177.10.236.192 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7b4a3756900fa00c:SESSION-7b4a3756900fa00c	SESSION-7b4a3756900fa00c → pe:tls:SESSION-7b4a3756900fa00c
FLOW_TO_HOSTOBS	e:to:SESSION-dddaf831f2a46242:host:131.196.29.106	SESSION-dddaf831f2a46242 → host:131.196.29.106
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a418060e7d2d204b:SESSION-a418060e7d2d204b	SESSION-a418060e7d2d204b → pe:syn:SESSION-a418060e7d2d204b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6354b0819147ed1d:flow:497a68fc3b86	SESSION-6354b0819147ed1d → flow:497a68fc3b86
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-98b441f54568b58c:host:172.234.197.23:host:177.10.239.8	SESSION-98b441f54568b58c → host:172.234.197.23 → host:177.10.239.8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85a5e7fc435163e0:host:172.234.197.23:host:177.10.239.158	SESSION-85a5e7fc435163e0 → host:172.234.197.23 → host:177.10.239.158
FLOW_TO_HOSTOBS	e:to:SESSION-b93959f6df3f665b:host:177.10.234.215	SESSION-b93959f6df3f665b → host:177.10.234.215
flow_observed4-aryOBS	e:fo:flow:265e1d074941	flow:265e1d074941 → host:172.234.197.23 → host:177.10.235.78 → port:tcp:62622
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6aacd35f912a2971:flow:a4d296dadd29	SESSION-6aacd35f912a2971 → flow:a4d296dadd29
FLOW_TO_HOSTOBS	e:to:SESSION-98d504bd384337f5:host:172.234.197.23	SESSION-98d504bd384337f5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0b8c772918251267:SESSION-0b8c772918251267	SESSION-0b8c772918251267 → pe:tls:SESSION-0b8c772918251267
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c1429c4885068b09:SESSION-c1429c4885068b09	SESSION-c1429c4885068b09 → pe:syn:SESSION-c1429c4885068b09
FLOW_TLS_SNIOBS	e:fs:flow:5590b431c6bb:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:5590b431c6bb → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-83dd76c193cbd2e0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-83dd76c193cbd2e0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-464502b3105a6b82:host:172.234.197.23	SESSION-464502b3105a6b82 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:249b28ea4cc9	flow:249b28ea4cc9 → host:172.234.197.23 → host:177.10.238.43 → port:tcp:1826
flow_observed5-aryOBS	e:fo:flow:2eb51dafeff3	flow:2eb51dafeff3 → host:2.57.121.112 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a5f9d16efb179df1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a5f9d16efb179df1 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f9e70132665ab339:host:177.10.239.137:host:172.234.197.23	SESSION-f9e70132665ab339 → host:177.10.239.137 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.6:asn:262880	host:177.10.236.6 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3dc32d1b123f77b5:host:131.196.29.78	SESSION-3dc32d1b123f77b5 → host:131.196.29.78
FLOW_DST_PORTOBS	e:fp:flow:7b52e9885df6:port:tcp:443	flow:7b52e9885df6 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1ec6b7d17caa72c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d1ec6b7d17caa72c → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-99cbc6df23fa1e57:host:177.10.239.218:host:172.234.197.23	SESSION-99cbc6df23fa1e57 → host:177.10.239.218 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0c6cb018cbd8a763:host:172.234.197.23	SESSION-0c6cb018cbd8a763 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-534aae6aa0ff39bc:host:177.10.235.165	SESSION-534aae6aa0ff39bc → host:177.10.235.165
FLOW_DST_PORTOBS	e:fp:flow:f7769727a135:port:tcp:20710	flow:f7769727a135 → port:tcp:20710
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f951b8fc6e0dd11c:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-f951b8fc6e0dd11c → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0125cea84e0c02fd:host:131.196.29.254:host:172.234.197.23	SESSION-0125cea84e0c02fd → host:131.196.29.254 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bfe3e48aa982c746:host:172.234.197.23	SESSION-bfe3e48aa982c746 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.44:asn:262880	host:177.10.233.44 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d6a1a522f9ca6e79:host:177.10.237.3:host:172.234.197.23	SESSION-d6a1a522f9ca6e79 → host:177.10.237.3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ec00a834c5afff3:SESSION-1ec00a834c5afff3	SESSION-1ec00a834c5afff3 → pe:syn:SESSION-1ec00a834c5afff3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-151e53ee3004033b:flow:8ee9465bb257	SESSION-151e53ee3004033b → flow:8ee9465bb257
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.184:geo_-16.28860_-49.01640	host:177.10.235.184 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-9a236c6c04af1f19:SESSION-9a236c6c04af1f19	SESSION-9a236c6c04af1f19 → pe:rst:SESSION-9a236c6c04af1f19
FLOW_DST_PORTOBS	e:fp:flow:9decf27e0d9d:port:tcp:443	flow:9decf27e0d9d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-94e95046da2771ab:SESSION-94e95046da2771ab	SESSION-94e95046da2771ab → pe:tls:SESSION-94e95046da2771ab
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.169:geo_-16.28860_-49.01640	host:177.10.237.169 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-36e366306285e270:SESSION-36e366306285e270	SESSION-36e366306285e270 → pe:syn:SESSION-36e366306285e270
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2235ad305872b9c2:host:172.234.197.23	SESSION-2235ad305872b9c2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-788920b93ac95b5f:host:131.196.30.164	SESSION-788920b93ac95b5f → host:131.196.30.164
FLOW_DST_PORTOBS	e:fp:flow:3ecc4430f83a:port:tcp:443	flow:3ecc4430f83a → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b16231fef814b904:SESSION-b16231fef814b904	SESSION-b16231fef814b904 → pe:syn:SESSION-b16231fef814b904
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9beaab7062aef373:host:88.99.91.59	SESSION-9beaab7062aef373 → host:88.99.91.59
FLOW_TO_HOSTOBS	e:to:SESSION-5c80786b4900f92c:host:177.10.232.204	SESSION-5c80786b4900f92c → host:177.10.232.204
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46aa20776642b201:host:172.234.197.23	SESSION-46aa20776642b201 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:78bc828538ef:port:tcp:31673	flow:78bc828538ef → port:tcp:31673
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b9228625f2ea52e:host:172.234.197.23	SESSION-8b9228625f2ea52e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9a4b68b400a3161c:host:131.196.28.193	SESSION-9a4b68b400a3161c → host:131.196.28.193
FLOW_FROM_HOSTOBS	e:from:SESSION-288ea97e67f438e3:host:45.173.156.230	SESSION-288ea97e67f438e3 → host:45.173.156.230
flow_observed4-aryOBS	e:fo:flow:1a1072de1ab1	flow:1a1072de1ab1 → host:172.234.197.23 → host:177.10.237.115 → port:tcp:58482
FLOW_TO_HOSTOBS	e:to:SESSION-bd657e34d2536dc9:host:177.10.233.77	SESSION-bd657e34d2536dc9 → host:177.10.233.77
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.46:geo_-21.10010_-41.69200	host:45.173.156.46 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e57fbe39684f8bc8:SESSION-e57fbe39684f8bc8	SESSION-e57fbe39684f8bc8 → pe:tls:SESSION-e57fbe39684f8bc8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52e63b8cb0c4a7de:host:172.234.197.23	SESSION-52e63b8cb0c4a7de → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d0485ecaf8e8edab:SESSION-d0485ecaf8e8edab	SESSION-d0485ecaf8e8edab → pe:syn:SESSION-d0485ecaf8e8edab
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52e1254f2f15b333:host:177.10.235.87	SESSION-52e1254f2f15b333 → host:177.10.235.87
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-44555c754c6c7558:flow:e8b966037588	SESSION-44555c754c6c7558 → flow:e8b966037588
FLOW_TO_HOSTOBS	e:to:SESSION-7752628607af1d9e:host:172.234.197.23	SESSION-7752628607af1d9e → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.92:asn:262880	host:177.10.239.92 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-38231883b4033aa4:host:172.234.197.23	SESSION-38231883b4033aa4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0234eaac2961:port:tcp:443	flow:0234eaac2961 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-35561958c0468d3f:host:172.234.197.23	SESSION-35561958c0468d3f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c37bd5454075ced3:host:172.234.197.23:host:172.232.0.16	SESSION-c37bd5454075ced3 → host:172.234.197.23 → host:172.232.0.16
flow_observed4-aryOBS	e:fo:flow:5e3e928d9f8f	flow:5e3e928d9f8f → host:172.234.197.23 → host:177.10.235.158 → port:tcp:753
FLOW_FROM_HOSTOBS	e:from:SESSION-5746e0d81f0d05c1:host:92.112.71.29	SESSION-5746e0d81f0d05c1 → host:92.112.71.29
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-da4440e5d8ead4fe:flow:ee4982f68279	SESSION-da4440e5d8ead4fe → flow:ee4982f68279
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaf5b03036efa5c6:host:172.234.197.23	SESSION-eaf5b03036efa5c6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:81fbc880ebf1:port:tcp:443	flow:81fbc880ebf1 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:be0483487448:port:tcp:443	flow:be0483487448 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a1d9624273099964:SESSION-a1d9624273099964	SESSION-a1d9624273099964 → pe:tls:SESSION-a1d9624273099964
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.126:geo_-16.28860_-49.01640	host:177.10.233.126 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:312734cc429c:port:tcp:443	flow:312734cc429c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8fb67bf931083b29:SESSION-8fb67bf931083b29	SESSION-8fb67bf931083b29 → pe:syn:SESSION-8fb67bf931083b29
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-67ec60ac13d58093:host:172.234.197.23:host:45.173.156.189	SESSION-67ec60ac13d58093 → host:172.234.197.23 → host:45.173.156.189
FLOW_FROM_HOSTOBS	e:from:SESSION-2b7cd4519c0a4eb9:host:172.234.197.23	SESSION-2b7cd4519c0a4eb9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a9d7ef6e96dbb9c5:host:103.230.240.59	SESSION-a9d7ef6e96dbb9c5 → host:103.230.240.59
FLOW_DST_PORTOBS	e:fp:flow:0393285963d8:port:tcp:443	flow:0393285963d8 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d274b6d174d04d01:host:172.234.197.23	SESSION-d274b6d174d04d01 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b0cba2347786f28d:SESSION-b0cba2347786f28d	SESSION-b0cba2347786f28d → pe:tls:SESSION-b0cba2347786f28d
flow_observed5-aryOBS	e:fo:flow:19232473d33a	flow:19232473d33a → host:131.196.28.243 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c76cb7a55699fff8:SESSION-c76cb7a55699fff8	SESSION-c76cb7a55699fff8 → pe:syn:SESSION-c76cb7a55699fff8
FLOW_DST_PORTOBS	e:fp:flow:a453e4e4270f:port:tcp:13503	flow:a453e4e4270f → port:tcp:13503
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e074701a4b6d6566:host:177.10.236.90:host:172.234.197.23	SESSION-e074701a4b6d6566 → host:177.10.236.90 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-801ebd343e287ece:host:172.234.197.23	SESSION-801ebd343e287ece → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e50198195b1abda9:host:172.234.197.23	SESSION-e50198195b1abda9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-738a9f5daf478976:SESSION-738a9f5daf478976	SESSION-738a9f5daf478976 → pe:syn:SESSION-738a9f5daf478976
flow_observed5-aryOBS	e:fo:flow:9d8b8dec8477	flow:9d8b8dec8477 → host:131.196.31.45 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0804c956ce93675c:host:177.10.239.234	SESSION-0804c956ce93675c → host:177.10.239.234
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.64:geo_-16.28860_-49.01640	host:177.10.239.64 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-24ee1f6ef023209d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-24ee1f6ef023209d → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2faf2af9b390693e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2faf2af9b390693e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d9fdfee14b0ac469:PCAP:capture_20260430090001:065659c7d314	SESSION-d9fdfee14b0ac469 → PCAP:capture_20260430090001:065659c7d314
flow_observed4-aryOBS	e:fo:flow:174baaf0ee8b	flow:174baaf0ee8b → host:172.234.197.23 → host:177.10.238.45 → port:tcp:29713
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cf31506875543a88:flow:3265b036568c	SESSION-cf31506875543a88 → flow:3265b036568c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7eeea37688fc574d:SESSION-7eeea37688fc574d	SESSION-7eeea37688fc574d → pe:syn:SESSION-7eeea37688fc574d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-791eac8e49df4e5d:host:131.196.30.66	SESSION-791eac8e49df4e5d → host:131.196.30.66
HOST_IN_ASNOBS 85%	e:ha:host:57.128.95.174:asn:16276	host:57.128.95.174 → asn:16276
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7b7f75116e650c71:SESSION-7b7f75116e650c71	SESSION-7b7f75116e650c71 → pe:tls:SESSION-7b7f75116e650c71
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f18f27343d540733:PCAP:capture_20260430150001:ded20914761d	SESSION-f18f27343d540733 → PCAP:capture_20260430150001:ded20914761d
flow_observed5-aryOBS	e:fo:flow:c3353594435e	flow:c3353594435e → host:177.10.236.60 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7bf74715b11f1486:flow:b9d1ec120f8e	SESSION-7bf74715b11f1486 → flow:b9d1ec120f8e
FLOW_TO_HOSTOBS	e:to:SESSION-bf68ee1b1745b1ca:host:177.10.236.191	SESSION-bf68ee1b1745b1ca → host:177.10.236.191
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97537ed6358a20d5:host:45.145.152.87	SESSION-97537ed6358a20d5 → host:45.145.152.87
FLOW_TO_HOSTOBS	e:to:SESSION-3bb178420802ca16:host:172.234.197.23	SESSION-3bb178420802ca16 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c6fd3205e4a34033:host:177.10.232.168:host:172.234.197.23	SESSION-c6fd3205e4a34033 → host:177.10.232.168 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-189d055e7be1f56c:host:172.234.197.23	SESSION-189d055e7be1f56c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-75ad621f5d402513:PCAP:capture_20260430070001:903a0e7a436b	SESSION-75ad621f5d402513 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed4-aryOBS	e:fo:flow:6c16b3c1d71a	flow:6c16b3c1d71a → host:172.234.197.23 → host:131.196.30.47 → port:tcp:8846
flow_observed4-aryOBS	e:fo:flow:07f2fb3e3350	flow:07f2fb3e3350 → host:172.234.197.23 → host:45.173.156.239 → port:tcp:7309
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.1:geo_-16.28860_-49.01640	host:177.10.237.1 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a3414b775ddfde4b:SESSION-a3414b775ddfde4b	SESSION-a3414b775ddfde4b → pe:tls:SESSION-a3414b775ddfde4b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-217f16055e8d00da:SESSION-217f16055e8d00da	SESSION-217f16055e8d00da → pe:syn:SESSION-217f16055e8d00da
FLOW_TO_HOSTOBS	e:to:SESSION-a4b062ac7956d3a5:host:177.10.237.199	SESSION-a4b062ac7956d3a5 → host:177.10.237.199
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2d798baf71c597a3:PCAP:capture_20260430060001:919b39a74464	SESSION-2d798baf71c597a3 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-98d24f4ecefc5585:flow:e708abec206b	SESSION-98d24f4ecefc5585 → flow:e708abec206b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0461902d351b0498:host:172.234.197.23	SESSION-0461902d351b0498 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-36a0a9e003021f23:host:51.75.171.21:host:172.234.197.23	SESSION-36a0a9e003021f23 → host:51.75.171.21 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5d780f89354efd9:host:172.234.197.23	SESSION-b5d780f89354efd9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5634ee3b30a0b6aa:host:177.10.239.154	SESSION-5634ee3b30a0b6aa → host:177.10.239.154
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4dd5260308cf6ea:host:131.196.29.34	SESSION-c4dd5260308cf6ea → host:131.196.29.34
FLOW_FROM_HOSTOBS	e:from:SESSION-fd437604af995a2a:host:172.234.197.23	SESSION-fd437604af995a2a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1dfe7de9432473b:host:131.196.29.201	SESSION-b1dfe7de9432473b → host:131.196.29.201
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-500f03715884566d:host:172.234.197.23	SESSION-500f03715884566d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:47595b71d3ae	flow:47595b71d3ae → host:177.10.236.12 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.48:geo_-23.62930_-46.63510	host:131.196.28.48 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:e7d613fd7a38	flow:e7d613fd7a38 → host:92.112.71.255 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1052ae798d70afda:SESSION-1052ae798d70afda	SESSION-1052ae798d70afda → pe:tls:SESSION-1052ae798d70afda
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-defe39665fdb6580:host:172.234.197.23	SESSION-defe39665fdb6580 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d446777121d9b1f8:host:172.234.197.23	SESSION-d446777121d9b1f8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9fd8278b2f1d760d:host:131.196.30.146	SESSION-9fd8278b2f1d760d → host:131.196.30.146
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ab81c1372abfe2ce:SESSION-ab81c1372abfe2ce	SESSION-ab81c1372abfe2ce → pe:syn:SESSION-ab81c1372abfe2ce
FLOW_DST_PORTOBS	e:fp:flow:0f5278c2bb93:port:tcp:4849	flow:0f5278c2bb93 → port:tcp:4849
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-74ad535621338757:SESSION-74ad535621338757	SESSION-74ad535621338757 → pe:tls:SESSION-74ad535621338757
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-520789f72dcf866a:PCAP:capture_20260430150001:ded20914761d	SESSION-520789f72dcf866a → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fa8a238d1165695:host:131.196.31.91	SESSION-1fa8a238d1165695 → host:131.196.31.91
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a103d39af7264a48:flow:2b77aa54b9b2	SESSION-a103d39af7264a48 → flow:2b77aa54b9b2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.119:geo_-21.10010_-41.69200	host:45.173.156.119 → geo_-21.10010_-41.69200
FLOW_FROM_HOSTOBS	e:from:SESSION-495677aa294b030b:host:177.10.235.147	SESSION-495677aa294b030b → host:177.10.235.147
FLOW_QUERIED_DNSOBS	e:fd:flow:b26b1d0f64e1:dns:duplicator.com	flow:b26b1d0f64e1 → dns:duplicator.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4b8f135d82b00569:flow:5ae4a5a5c662	SESSION-4b8f135d82b00569 → flow:5ae4a5a5c662
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-05a7cad64bbe69e6:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-05a7cad64bbe69e6 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:347e17470bc2:port:tcp:443	flow:347e17470bc2 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5d4cb0f7560af550:SESSION-5d4cb0f7560af550	SESSION-5d4cb0f7560af550 → pe:syn:SESSION-5d4cb0f7560af550
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-09cf18cd582e793d:SESSION-09cf18cd582e793d	SESSION-09cf18cd582e793d → pe:tls:SESSION-09cf18cd582e793d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02999fe2096ad39b:host:45.173.156.78	SESSION-02999fe2096ad39b → host:45.173.156.78
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7845496c0c03c20:SESSION-b7845496c0c03c20	SESSION-b7845496c0c03c20 → pe:tls:SESSION-b7845496c0c03c20
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.113:asn:262880	host:177.10.237.113 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee4167cf60ac81c3:host:131.196.29.107	SESSION-ee4167cf60ac81c3 → host:131.196.29.107
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eaed9d07c71d3d80:SESSION-eaed9d07c71d3d80	SESSION-eaed9d07c71d3d80 → pe:syn:SESSION-eaed9d07c71d3d80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-06d2ad4243fb8941:SESSION-06d2ad4243fb8941	SESSION-06d2ad4243fb8941 → pe:tls:SESSION-06d2ad4243fb8941
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-042b5a6edf64c734:host:172.234.197.23	SESSION-042b5a6edf64c734 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.64:geo_-23.62930_-46.63510	host:131.196.30.64 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1d0bad8110700772:SESSION-1d0bad8110700772	SESSION-1d0bad8110700772 → pe:tls:SESSION-1d0bad8110700772
FLOW_TO_HOSTOBS	e:to:SESSION-6fea2a5b83daabbc:host:172.234.197.23	SESSION-6fea2a5b83daabbc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b068e0f016ef609:host:172.234.197.23	SESSION-4b068e0f016ef609 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5b69a0cfa4b4	flow:5b69a0cfa4b4 → host:177.10.233.101 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fd573746c1e36a64:host:131.196.29.236:host:172.234.197.23	SESSION-fd573746c1e36a64 → host:131.196.29.236 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5a5092ccda361ecd:host:172.234.197.23	SESSION-5a5092ccda361ecd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-727af4ad5af6cc01:host:54.91.240.230	SESSION-727af4ad5af6cc01 → host:54.91.240.230
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8409f84148f471e2:flow:0ba7fcd14499	SESSION-8409f84148f471e2 → flow:0ba7fcd14499
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dd108cc47984c911:host:172.234.197.23:host:177.10.233.145	SESSION-dd108cc47984c911 → host:172.234.197.23 → host:177.10.233.145
flow_observed4-aryOBS	e:fo:flow:171a150e17c9	flow:171a150e17c9 → host:172.234.197.23 → host:177.10.235.121 → port:tcp:7263
flow_observed5-aryOBS	e:fo:flow:0751af29d453	flow:0751af29d453 → host:45.173.156.220 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f306c00af6aee0a4:SESSION-f306c00af6aee0a4	SESSION-f306c00af6aee0a4 → pe:syn:SESSION-f306c00af6aee0a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-df1edf3c82c78294:flow:14fd74da1fdf	SESSION-df1edf3c82c78294 → flow:14fd74da1fdf
flow_observed5-aryOBS	e:fo:flow:b0f8eace8c77	flow:b0f8eace8c77 → host:177.10.235.110 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41c6e0b91a3149eb:host:177.10.232.191	SESSION-41c6e0b91a3149eb → host:177.10.232.191
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-536e36b5c95ee442:host:31.40.196.151:host:172.234.197.23	SESSION-536e36b5c95ee442 → host:31.40.196.151 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-85172baad8a91878:SESSION-85172baad8a91878	SESSION-85172baad8a91878 → pe:syn:SESSION-85172baad8a91878
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ff7dac0188fe8fcb:SESSION-ff7dac0188fe8fcb	SESSION-ff7dac0188fe8fcb → pe:tls:SESSION-ff7dac0188fe8fcb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bc4f127cbdf1d5a3:SESSION-bc4f127cbdf1d5a3	SESSION-bc4f127cbdf1d5a3 → pe:syn:SESSION-bc4f127cbdf1d5a3
FLOW_DST_PORTOBS	e:fp:flow:f961c3be1f44:port:tcp:443	flow:f961c3be1f44 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0046a1ddb04bc0f7:host:131.196.28.217	SESSION-0046a1ddb04bc0f7 → host:131.196.28.217
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99de4fcd637901fc:host:177.10.239.59	SESSION-99de4fcd637901fc → host:177.10.239.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b1032a47414de8d:host:177.10.235.175	SESSION-2b1032a47414de8d → host:177.10.235.175
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-13906a0b4b02de94:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-13906a0b4b02de94 → PCAP:capture_20260428000001:7e90c7cb899e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.18:geo_-16.28860_-49.01640	host:177.10.239.18 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-979974e101979ba8:SESSION-979974e101979ba8	SESSION-979974e101979ba8 → pe:syn:SESSION-979974e101979ba8
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:35.95.128.58:geo_45.84010_-119.70500	host:35.95.128.58 → geo_45.84010_-119.70500
FLOW_TO_HOSTOBS	e:to:SESSION-42ac4798d48b113f:host:131.196.31.204	SESSION-42ac4798d48b113f → host:131.196.31.204
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a3417e991c57bd21:SESSION-a3417e991c57bd21	SESSION-a3417e991c57bd21 → pe:tls:SESSION-a3417e991c57bd21
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-305a85099066f209:SESSION-305a85099066f209	SESSION-305a85099066f209 → pe:syn:SESSION-305a85099066f209
flow_observed4-aryOBS	e:fo:flow:d88e4c33e170	flow:d88e4c33e170 → host:172.234.197.23 → host:131.196.31.133 → port:tcp:39283
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e48a8daff67bbc71:flow:2ed2b58f6d06	SESSION-e48a8daff67bbc71 → flow:2ed2b58f6d06
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65c3eea3bc378ff0:host:131.196.30.81	SESSION-65c3eea3bc378ff0 → host:131.196.30.81
flow_observed5-aryOBS	e:fo:flow:bd845b73dcef	flow:bd845b73dcef → host:177.10.238.189 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:a4a655504923:port:tcp:35098	flow:a4a655504923 → port:tcp:35098
flow_observed5-aryOBS	e:fo:flow:43e026d41eaa	flow:43e026d41eaa → host:131.196.31.235 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3573d87c5a129f8e:SESSION-3573d87c5a129f8e	SESSION-3573d87c5a129f8e → pe:syn:SESSION-3573d87c5a129f8e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-98083f958ccf36d4:SESSION-98083f958ccf36d4	SESSION-98083f958ccf36d4 → pe:rst:SESSION-98083f958ccf36d4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20b594788160c43c:host:172.234.197.23	SESSION-20b594788160c43c → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:69.222.187.134:geo_37.29410_-121.89960	host:69.222.187.134 → geo_37.29410_-121.89960
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0bc704eff4d88e9:host:177.10.236.31:host:172.234.197.23	SESSION-c0bc704eff4d88e9 → host:177.10.236.31 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c851c6ec2554	flow:c851c6ec2554 → host:177.10.233.191 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:edc9ead3961c	flow:edc9ead3961c → host:95.170.25.243 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-02ee946ab454bede:host:131.196.29.161:host:172.234.197.23	SESSION-02ee946ab454bede → host:131.196.29.161 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-42d2a5353a30deb6:host:177.10.238.152	SESSION-42d2a5353a30deb6 → host:177.10.238.152
FLOW_DST_PORTOBS	e:fp:flow:797579358402:port:tcp:443	flow:797579358402 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8d12ffa49d0d3231:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8d12ffa49d0d3231 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.11:geo_-23.62930_-46.63510	host:131.196.28.11 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-60d7d302576d36ac:SESSION-60d7d302576d36ac	SESSION-60d7d302576d36ac → pe:syn:SESSION-60d7d302576d36ac
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cdf732629d327c4c:SESSION-cdf732629d327c4c	SESSION-cdf732629d327c4c → pe:syn:SESSION-cdf732629d327c4c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c70d9a6440c9b19a:SESSION-c70d9a6440c9b19a	SESSION-c70d9a6440c9b19a → pe:tls:SESSION-c70d9a6440c9b19a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-25a3718851106c53:SESSION-25a3718851106c53	SESSION-25a3718851106c53 → pe:syn:SESSION-25a3718851106c53
FLOW_DST_PORTOBS	e:fp:flow:8e922f229389:port:tcp:443	flow:8e922f229389 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-176c7cfb0e699b4d:SESSION-176c7cfb0e699b4d	SESSION-176c7cfb0e699b4d → pe:syn:SESSION-176c7cfb0e699b4d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-750fc9f72ee279c6:host:131.196.29.248	SESSION-750fc9f72ee279c6 → host:131.196.29.248
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0b2d512f3efc35f9:PCAP:capture_20260430050001:8868731bf8a4	SESSION-0b2d512f3efc35f9 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fdb0bb1f6466838c:host:177.10.237.49:host:172.234.197.23	SESSION-fdb0bb1f6466838c → host:177.10.237.49 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f4d08df9b5b22c8b:host:131.196.28.60	SESSION-f4d08df9b5b22c8b → host:131.196.28.60
FLOW_DST_PORTOBS	e:fp:flow:4ba06b514d2b:port:tcp:10892	flow:4ba06b514d2b → port:tcp:10892
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c615690895f6d3c9:flow:f0576135d180	SESSION-c615690895f6d3c9 → flow:f0576135d180
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e67ae3320dee0238:host:177.10.235.65:host:172.234.197.23	SESSION-e67ae3320dee0238 → host:177.10.235.65 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f73f713a631f7530:flow:72d16f1d2a93	SESSION-f73f713a631f7530 → flow:72d16f1d2a93
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9ca387fd672ab7a:host:172.234.197.23	SESSION-d9ca387fd672ab7a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7cc58ab2d16fcbf8:host:172.234.197.23	SESSION-7cc58ab2d16fcbf8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9071d3ff9c14:port:tcp:443	flow:9071d3ff9c14 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3ea330cf59d2a2f8:SESSION-3ea330cf59d2a2f8	SESSION-3ea330cf59d2a2f8 → pe:tls:SESSION-3ea330cf59d2a2f8
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.140:asn:271410	host:131.196.28.140 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3762cafcd0c66be2:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3762cafcd0c66be2 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-60b46aef513c4722:SESSION-60b46aef513c4722	SESSION-60b46aef513c4722 → pe:tls:SESSION-60b46aef513c4722
FLOW_FROM_HOSTOBS	e:from:SESSION-cdd13464c217a214:host:131.196.29.27	SESSION-cdd13464c217a214 → host:131.196.29.27
flow_observed4-aryOBS	e:fo:flow:e03a3f55eb94	flow:e03a3f55eb94 → host:172.234.197.23 → host:131.196.31.65 → port:tcp:37418
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f35bbd3887f167bf:SESSION-f35bbd3887f167bf	SESSION-f35bbd3887f167bf → pe:tls:SESSION-f35bbd3887f167bf
FLOW_DST_PORTOBS	e:fp:flow:80ec3ae98c0c:port:tcp:443	flow:80ec3ae98c0c → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:82fbfa1cfb5d:port:tcp:443	flow:82fbfa1cfb5d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2af2d979895f4943:SESSION-2af2d979895f4943	SESSION-2af2d979895f4943 → pe:tls:SESSION-2af2d979895f4943
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d42f41260fbe7c09:SESSION-d42f41260fbe7c09	SESSION-d42f41260fbe7c09 → pe:tls:SESSION-d42f41260fbe7c09
FLOW_DST_PORTOBS	e:fp:flow:114e2cfb6ecb:port:tcp:60224	flow:114e2cfb6ecb → port:tcp:60224
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4424212d2efd30c8:host:131.196.29.55:host:172.234.197.23	SESSION-4424212d2efd30c8 → host:131.196.29.55 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-53f84807a0945e6c:host:131.196.28.101	SESSION-53f84807a0945e6c → host:131.196.28.101
FLOW_DST_PORTOBS	e:fp:flow:4868f6e5b122:port:tcp:31203	flow:4868f6e5b122 → port:tcp:31203
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-352a47a3f8b3882e:SESSION-352a47a3f8b3882e	SESSION-352a47a3f8b3882e → pe:tls:SESSION-352a47a3f8b3882e
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.50:asn:271410	host:131.196.28.50 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5940a5357983452d:SESSION-5940a5357983452d	SESSION-5940a5357983452d → pe:syn:SESSION-5940a5357983452d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a3c1d53f1688156:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8a3c1d53f1688156 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1699a282bb5af583:host:177.10.234.29	SESSION-1699a282bb5af583 → host:177.10.234.29
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f2aa671fdac09172:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f2aa671fdac09172 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-cefaeddbbade6b50:host:177.10.237.254	SESSION-cefaeddbbade6b50 → host:177.10.237.254
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a242c68bb3594796:host:177.10.234.71:host:172.234.197.23	SESSION-a242c68bb3594796 → host:177.10.234.71 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5bab109b42e3a8d7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5bab109b42e3a8d7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-55aa5069b830c261:SESSION-55aa5069b830c261	SESSION-55aa5069b830c261 → pe:tls:SESSION-55aa5069b830c261
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0657272c618c6d4:host:177.10.237.248	SESSION-c0657272c618c6d4 → host:177.10.237.248
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f9479b510131ce6c:host:177.10.236.29:host:172.234.197.23	SESSION-f9479b510131ce6c → host:177.10.236.29 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7c85a8771eed4d0f:host:177.10.232.33:host:172.234.197.23	SESSION-7c85a8771eed4d0f → host:177.10.232.33 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-01fb4d6a9472c8c7:PCAP:capture_20260428010001:b1b402c7b202	SESSION-01fb4d6a9472c8c7 → PCAP:capture_20260428010001:b1b402c7b202
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.118:geo_-16.28860_-49.01640	host:177.10.234.118 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-d2af0189f90c79b2:host:172.234.197.23	SESSION-d2af0189f90c79b2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a269382e1e5b425:host:172.234.197.23	SESSION-9a269382e1e5b425 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7c3601b8f3a6cf17:flow:077f96403dc5	SESSION-7c3601b8f3a6cf17 → flow:077f96403dc5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1c47767899447038:flow:a853b92280fb	SESSION-1c47767899447038 → flow:a853b92280fb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0ba942f2694f4960:PCAP:capture_20260430090001:065659c7d314	SESSION-0ba942f2694f4960 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-166e94983783f266:host:172.234.197.23:host:177.10.232.217	SESSION-166e94983783f266 → host:172.234.197.23 → host:177.10.232.217
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a390ade8fe745ada:host:131.196.29.233:host:172.234.197.23	SESSION-a390ade8fe745ada → host:131.196.29.233 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5cb3d18d192da5f3:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-5cb3d18d192da5f3 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2387fa1f153c5b33:PCAP:capture_20260430050001:8868731bf8a4	SESSION-2387fa1f153c5b33 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-10bd62a158add0c4:SESSION-10bd62a158add0c4	SESSION-10bd62a158add0c4 → pe:tls:SESSION-10bd62a158add0c4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e853a157c23802e1:SESSION-e853a157c23802e1	SESSION-e853a157c23802e1 → pe:tls:SESSION-e853a157c23802e1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6af89b3798eaaf52:SESSION-6af89b3798eaaf52	SESSION-6af89b3798eaaf52 → pe:tls:SESSION-6af89b3798eaaf52
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-41c82fa43395463b:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-41c82fa43395463b → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a7aa94b5f9268de0:SESSION-a7aa94b5f9268de0	SESSION-a7aa94b5f9268de0 → pe:syn:SESSION-a7aa94b5f9268de0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce92926e8e7d59d2:host:172.234.197.23	SESSION-ce92926e8e7d59d2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aab351c0be27393b:host:131.196.29.96:host:172.234.197.23	SESSION-aab351c0be27393b → host:131.196.29.96 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-25e11e259146e3a2:PCAP:capture_20260430070001:903a0e7a436b	SESSION-25e11e259146e3a2 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-617da6f9980af1b7:host:44.248.141.231:host:172.234.197.23	SESSION-617da6f9980af1b7 → host:44.248.141.231 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8e2a1b696130dd57:host:172.234.197.23	SESSION-8e2a1b696130dd57 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4298399acb708ae5:flow:61ec22b9b7c0	SESSION-4298399acb708ae5 → flow:61ec22b9b7c0
FLOW_DST_PORTOBS	e:fp:flow:ee9802fd094f:port:tcp:12875	flow:ee9802fd094f → port:tcp:12875
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-342ba7535c6572a7:host:177.10.237.169	SESSION-342ba7535c6572a7 → host:177.10.237.169
flow_observed5-aryOBS	e:fo:flow:a6bdf7255a92	flow:a6bdf7255a92 → host:131.196.31.183 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:58f6dfb807f6	flow:58f6dfb807f6 → host:172.234.197.23 → host:177.10.232.212 → port:tcp:18231
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-066d98dee3275acb:flow:559d1906da89	SESSION-066d98dee3275acb → flow:559d1906da89
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e332f49c3a5896d2:SESSION-e332f49c3a5896d2	SESSION-e332f49c3a5896d2 → pe:tls:SESSION-e332f49c3a5896d2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ead4b2d62c5ebfd2:PCAP:capture_20260430110001:43611bdf6759	SESSION-ead4b2d62c5ebfd2 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a2005509481f3ca7:flow:6b18b465640b	SESSION-a2005509481f3ca7 → flow:6b18b465640b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ad468f8fa72444f5:SESSION-ad468f8fa72444f5	SESSION-ad468f8fa72444f5 → pe:syn:SESSION-ad468f8fa72444f5
FLOW_DST_PORTOBS	e:fp:flow:7067571fdb7e:port:tcp:443	flow:7067571fdb7e → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-03f7a565a7cd59d8:host:199.195.254.215:host:172.234.197.23	SESSION-03f7a565a7cd59d8 → host:199.195.254.215 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-905e7318b3a63042:SESSION-905e7318b3a63042	SESSION-905e7318b3a63042 → pe:syn:SESSION-905e7318b3a63042
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fb8ed1fbc81e736:host:177.10.239.132	SESSION-3fb8ed1fbc81e736 → host:177.10.239.132
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f277335c7e8c32bb:host:172.234.197.23	SESSION-f277335c7e8c32bb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-112f4fdeb678f643:host:177.10.238.116	SESSION-112f4fdeb678f643 → host:177.10.238.116
FLOW_FROM_HOSTOBS	e:from:SESSION-14ec4f61373e7262:host:177.10.233.67	SESSION-14ec4f61373e7262 → host:177.10.233.67
FLOW_TO_HOSTOBS	e:to:SESSION-aa38dbd858d86f82:host:177.10.237.122	SESSION-aa38dbd858d86f82 → host:177.10.237.122
FLOW_TO_HOSTOBS	e:to:SESSION-c7e6be5ba8db3cda:host:172.234.197.23	SESSION-c7e6be5ba8db3cda → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c3cae868156d4440:SESSION-c3cae868156d4440	SESSION-c3cae868156d4440 → pe:tls:SESSION-c3cae868156d4440
FLOW_DST_PORTOBS	e:fp:flow:dca1696aec46:port:tcp:443	flow:dca1696aec46 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-829f75d99e4943bf:host:172.234.197.23	SESSION-829f75d99e4943bf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e67ae3320dee0238:host:177.10.235.65	SESSION-e67ae3320dee0238 → host:177.10.235.65
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.135.228.136:geo_41.00190_28.96450	host:95.135.228.136 → geo_41.00190_28.96450
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-365dad18baa46a43:SESSION-365dad18baa46a43	SESSION-365dad18baa46a43 → pe:tls:SESSION-365dad18baa46a43
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2d226dc6e18df532:host:131.196.29.68:host:172.234.197.23	SESSION-2d226dc6e18df532 → host:131.196.29.68 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e7f9687dfabd8cdb:flow:5d97665061b5	SESSION-e7f9687dfabd8cdb → flow:5d97665061b5
FLOW_DST_PORTOBS	e:fp:flow:5edd843e41dc:port:tcp:31679	flow:5edd843e41dc → port:tcp:31679
FLOW_TO_HOSTOBS	e:to:SESSION-07a7172489c9ad9c:host:172.234.197.23	SESSION-07a7172489c9ad9c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85419ca5854a5f9c:host:177.10.236.110	SESSION-85419ca5854a5f9c → host:177.10.236.110
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f0a0478f83cd119:host:31.40.196.97	SESSION-1f0a0478f83cd119 → host:31.40.196.97
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4751d88925ba5f3:host:131.196.29.170	SESSION-b4751d88925ba5f3 → host:131.196.29.170
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8624692ea119f1f3:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8624692ea119f1f3 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd0de62eb0560e2b:host:35.216.234.82	SESSION-bd0de62eb0560e2b → host:35.216.234.82
FLOW_FROM_HOSTOBS	e:from:SESSION-946275ea323f6900:host:131.196.29.123	SESSION-946275ea323f6900 → host:131.196.29.123
flow_observed5-aryOBS	e:fo:flow:a579d4e5af4d	flow:a579d4e5af4d → host:177.10.233.176 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a82c7f51b8bc2f4f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a82c7f51b8bc2f4f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.214:asn:203771	host:185.231.226.214 → asn:203771
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0ad9c0df7a65aa03:flow:6ad223502988	SESSION-0ad9c0df7a65aa03 → flow:6ad223502988
flow_observed5-aryOBS	e:fo:flow:9e4fc69d7f5c	flow:9e4fc69d7f5c → host:31.40.196.102 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8f62140848f2b702:host:185.231.226.231:host:172.234.197.23	SESSION-8f62140848f2b702 → host:185.231.226.231 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-27f33a2015337a96:host:172.234.197.23	SESSION-27f33a2015337a96 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-843bbb86e5601bd5:flow:e9d8a4501e2b	SESSION-843bbb86e5601bd5 → flow:e9d8a4501e2b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b58dfbdc72ba0e86:host:177.10.237.73:host:172.234.197.23	SESSION-b58dfbdc72ba0e86 → host:177.10.237.73 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-924bf50c0164bb1b:host:172.234.197.23:host:177.10.239.239	SESSION-924bf50c0164bb1b → host:172.234.197.23 → host:177.10.239.239
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01716d55cf2099e5:host:172.234.197.23	SESSION-01716d55cf2099e5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9912439438040361:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-9912439438040361 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:eb0a24e43cec:port:tcp:443	flow:eb0a24e43cec → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ca027ca401d4d122:flow:41b26e9c961c	SESSION-ca027ca401d4d122 → flow:41b26e9c961c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ab61e60544120f5:flow:8a521b090e04	SESSION-8ab61e60544120f5 → flow:8a521b090e04
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f158e3bc319e69c7:SESSION-f158e3bc319e69c7	SESSION-f158e3bc319e69c7 → pe:tls:SESSION-f158e3bc319e69c7
FLOW_DST_PORTOBS	e:fp:flow:0c3de9856f2c:port:tcp:443	flow:0c3de9856f2c → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f92c0af2b04d2b16:host:45.173.156.183:host:172.234.197.23	SESSION-f92c0af2b04d2b16 → host:45.173.156.183 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-112f4fdeb678f643:SESSION-112f4fdeb678f643	SESSION-112f4fdeb678f643 → pe:tls:SESSION-112f4fdeb678f643
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5cb3d18d192da5f3:host:172.234.197.23	SESSION-5cb3d18d192da5f3 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2f997fef874b1b1e:host:172.234.197.23	SESSION-2f997fef874b1b1e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2dbb680dd253e19c:host:131.196.29.252	SESSION-2dbb680dd253e19c → host:131.196.29.252
FLOW_TO_HOSTOBS	e:to:SESSION-8d5b41a2eb16ae40:host:172.234.197.23	SESSION-8d5b41a2eb16ae40 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8c94fcea26d4cb3:host:45.173.156.30:host:172.234.197.23	SESSION-c8c94fcea26d4cb3 → host:45.173.156.30 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b61a304f889dfad6:host:177.10.234.78	SESSION-b61a304f889dfad6 → host:177.10.234.78
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d32ea7105612ce28:SESSION-d32ea7105612ce28	SESSION-d32ea7105612ce28 → pe:syn:SESSION-d32ea7105612ce28
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-597a035229423245:SESSION-597a035229423245	SESSION-597a035229423245 → pe:tls:SESSION-597a035229423245
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.5:geo_-16.28860_-49.01640	host:177.10.237.5 → geo_-16.28860_-49.01640
flow_observed3-aryOBS	e:fo:flow:13ac7e60e31f	flow:13ac7e60e31f → host:44.246.129.80 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b47e385ca946fd94:host:177.10.236.91:host:172.234.197.23	SESSION-b47e385ca946fd94 → host:177.10.236.91 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ad4db4cca9d566af:flow:5cd8c64c176c	SESSION-ad4db4cca9d566af → flow:5cd8c64c176c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ba96028c0d9bf0a3:host:177.10.232.114	SESSION-ba96028c0d9bf0a3 → host:177.10.232.114
flow_observed5-aryOBS	e:fo:flow:9decf27e0d9d	flow:9decf27e0d9d → host:131.196.31.250 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dd7be5606f48437f:host:172.234.197.23:host:131.196.29.140	SESSION-dd7be5606f48437f → host:172.234.197.23 → host:131.196.29.140
FLOW_DST_PORTOBS	e:fp:flow:155a3b53d00b:port:tcp:47804	flow:155a3b53d00b → port:tcp:47804
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f04e938497dcf32a:SESSION-f04e938497dcf32a	SESSION-f04e938497dcf32a → pe:syn:SESSION-f04e938497dcf32a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3b214bdb989f663:host:172.234.197.23	SESSION-e3b214bdb989f663 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2139588c74105d1b:host:35.92.48.165:host:172.234.197.23	SESSION-2139588c74105d1b → host:35.92.48.165 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e0ba91dac47f	flow:e0ba91dac47f → host:177.10.239.154 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b09cf74640ed889e:SESSION-b09cf74640ed889e	SESSION-b09cf74640ed889e → pe:syn:SESSION-b09cf74640ed889e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0e323950505f0871:flow:2997bf8e9fc3	SESSION-0e323950505f0871 → flow:2997bf8e9fc3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.111:geo_-16.28860_-49.01640	host:177.10.234.111 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:ccb027c8d2a2	flow:ccb027c8d2a2 → host:177.10.238.124 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5fc80192f398e14d:SESSION-5fc80192f398e14d	SESSION-5fc80192f398e14d → pe:syn:SESSION-5fc80192f398e14d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-671350c0b0fa8f65:host:172.234.197.23	SESSION-671350c0b0fa8f65 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9573429a84e3:port:tcp:25245	flow:9573429a84e3 → port:tcp:25245
flow_observed5-aryOBS	e:fo:flow:62d12623c93c	flow:62d12623c93c → host:177.10.234.146 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-89ff4b6182efd39b:SESSION-89ff4b6182efd39b	SESSION-89ff4b6182efd39b → pe:tls:SESSION-89ff4b6182efd39b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3407d813acebc00f:SESSION-3407d813acebc00f	SESSION-3407d813acebc00f → pe:syn:SESSION-3407d813acebc00f
FLOW_FROM_HOSTOBS	e:from:SESSION-41808c8c85c3c4d3:host:177.10.232.1	SESSION-41808c8c85c3c4d3 → host:177.10.232.1
FLOW_FROM_HOSTOBS	e:from:SESSION-34a5ce0f23d7a2a1:host:172.234.197.23	SESSION-34a5ce0f23d7a2a1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7558286b16680d35:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-7558286b16680d35 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.38:geo_-16.28860_-49.01640	host:177.10.237.38 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:18d89fc4a32d:port:tcp:616	flow:18d89fc4a32d → port:tcp:616
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5d84fd327ccf4e65:host:177.10.239.182:host:172.234.197.23	SESSION-5d84fd327ccf4e65 → host:177.10.239.182 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58f2a638c6bf8581:host:172.234.197.23	SESSION-58f2a638c6bf8581 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-616ab8d382244a8d:host:172.234.197.23	SESSION-616ab8d382244a8d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c32ee209d5d1aa5e:host:131.196.29.95	SESSION-c32ee209d5d1aa5e → host:131.196.29.95
FLOW_DST_PORTOBS	e:fp:flow:719154bccefe:port:tcp:51999	flow:719154bccefe → port:tcp:51999
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8f62140848f2b702:flow:509323a0b1e3	SESSION-8f62140848f2b702 → flow:509323a0b1e3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf40158902d38ce6:host:172.234.197.23	SESSION-cf40158902d38ce6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f9e2f07f7ea20074:host:172.234.197.23	SESSION-f9e2f07f7ea20074 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8a52e21a979a3cd:PCAP:capture_20260430110001:43611bdf6759	SESSION-c8a52e21a979a3cd → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-979dfdf677607677:PCAP:capture_20260430080001:93f47cc296a4	SESSION-979dfdf677607677 → PCAP:capture_20260430080001:93f47cc296a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.105:geo_-23.62930_-46.63510	host:131.196.31.105 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6535f7c42f72cb7f:SESSION-6535f7c42f72cb7f	SESSION-6535f7c42f72cb7f → pe:tls:SESSION-6535f7c42f72cb7f
FLOW_TO_HOSTOBS	e:to:SESSION-ade0b807fe10f93e:host:177.10.236.114	SESSION-ade0b807fe10f93e → host:177.10.236.114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bd8e744bc487bcb1:SESSION-bd8e744bc487bcb1	SESSION-bd8e744bc487bcb1 → pe:syn:SESSION-bd8e744bc487bcb1
FLOW_DST_PORTOBS	e:fp:flow:5e81ca4a36d6:port:tcp:12607	flow:5e81ca4a36d6 → port:tcp:12607
FLOW_DST_PORTOBS	e:fp:flow:c4e5113b28fd:port:tcp:56197	flow:c4e5113b28fd → port:tcp:56197
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-03724996262dbf01:SESSION-03724996262dbf01	SESSION-03724996262dbf01 → pe:syn:SESSION-03724996262dbf01
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.181:geo_41.00190_28.96450	host:95.170.25.181 → geo_41.00190_28.96450
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-06a6b67473c48ddd:host:172.234.197.23:host:131.196.28.201	SESSION-06a6b67473c48ddd → host:172.234.197.23 → host:131.196.28.201
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b3b2d33602e817e1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b3b2d33602e817e1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-557aaca226ee6bf8:host:177.10.234.75	SESSION-557aaca226ee6bf8 → host:177.10.234.75
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9d7ef6e96dbb9c5:host:103.230.240.59	SESSION-a9d7ef6e96dbb9c5 → host:103.230.240.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d741000864bcf81f:host:45.173.156.230	SESSION-d741000864bcf81f → host:45.173.156.230
FLOW_DST_PORTOBS	e:fp:flow:70e8002aa6aa:port:tcp:18594	flow:70e8002aa6aa → port:tcp:18594
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.56.227.200:geo_51.18760_71.44910	host:95.56.227.200 → geo_51.18760_71.44910
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa9d2876c7b3abea:host:177.10.235.64	SESSION-fa9d2876c7b3abea → host:177.10.235.64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b209515fa806d4a:host:177.10.238.87	SESSION-9b209515fa806d4a → host:177.10.238.87
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-44a5aa522f98da19:SESSION-44a5aa522f98da19	SESSION-44a5aa522f98da19 → pe:tls:SESSION-44a5aa522f98da19
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc060cc400f18b5d:flow:d736bf96956c	SESSION-cc060cc400f18b5d → flow:d736bf96956c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da14485ca0be7376:host:199.16.157.182	SESSION-da14485ca0be7376 → host:199.16.157.182
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5fc95fe30edf5706:SESSION-5fc95fe30edf5706	SESSION-5fc95fe30edf5706 → pe:syn:SESSION-5fc95fe30edf5706
FLOW_TO_HOSTOBS	e:to:SESSION-74fa9a10a5811b00:host:177.10.234.22	SESSION-74fa9a10a5811b00 → host:177.10.234.22
flow_observed5-aryOBS	e:fo:flow:7a4e69d85fd3	flow:7a4e69d85fd3 → host:177.10.239.51 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3f38f9d39dae0e5a:PCAP:capture_20260430060001:919b39a74464	SESSION-3f38f9d39dae0e5a → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-dad6cf67ed488f0b:host:172.234.197.23	SESSION-dad6cf67ed488f0b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fe48e08f3f123e2:host:172.234.197.23	SESSION-3fe48e08f3f123e2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:dc40f257c300	flow:dc40f257c300 → host:177.10.236.253 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8f2cb956713b4a7f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8f2cb956713b4a7f → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:b762e0a8780c:port:tcp:51496	flow:b762e0a8780c → port:tcp:51496
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23002560e1da6de3:host:172.234.197.23	SESSION-23002560e1da6de3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e991043fa3bca90d:host:177.10.233.102	SESSION-e991043fa3bca90d → host:177.10.233.102
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a27e337d4c0b49f3:flow:0580c69484a4	SESSION-a27e337d4c0b49f3 → flow:0580c69484a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2794803b6e3661a7:host:177.10.238.156	SESSION-2794803b6e3661a7 → host:177.10.238.156
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b0b067dd86042d0a:SESSION-b0b067dd86042d0a	SESSION-b0b067dd86042d0a → pe:syn:SESSION-b0b067dd86042d0a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0847a7bc7e933771:SESSION-0847a7bc7e933771	SESSION-0847a7bc7e933771 → pe:syn:SESSION-0847a7bc7e933771
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f79e79f663ba44d9:PCAP:capture_20260430150001:ded20914761d	SESSION-f79e79f663ba44d9 → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.12:asn:262880	host:177.10.239.12 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-926d10c9776453b9:host:131.196.30.104	SESSION-926d10c9776453b9 → host:131.196.30.104
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b9a69c63a7b588de:SESSION-b9a69c63a7b588de	SESSION-b9a69c63a7b588de → pe:syn:SESSION-b9a69c63a7b588de
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-46f70ffa54883bab:BSG-DATA_EXFIL-86c3aec70aeb	SESSION-46f70ffa54883bab → BSG-DATA_EXFIL-86c3aec70aeb
flow_observed5-aryOBS	e:fo:flow:4a61bb84d464	flow:4a61bb84d464 → host:177.10.232.219 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:6746fc525fc4:port:tcp:30857	flow:6746fc525fc4 → port:tcp:30857
FLOW_FROM_HOSTOBS	e:from:SESSION-5c3d3f3d87b7f1a0:host:177.10.233.20	SESSION-5c3d3f3d87b7f1a0 → host:177.10.233.20
FLOW_TO_HOSTOBS	e:to:SESSION-d811160d7459a4b2:host:172.234.197.23	SESSION-d811160d7459a4b2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ae33589f66e7ab9:host:184.171.210.134	SESSION-6ae33589f66e7ab9 → host:184.171.210.134
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-baf6029a4a920bc4:PCAP:capture_20260430070001:903a0e7a436b	SESSION-baf6029a4a920bc4 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-198cd8f9bb6f8909:host:172.234.197.23	SESSION-198cd8f9bb6f8909 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a6e84a9f98e2c60:host:177.10.237.247	SESSION-5a6e84a9f98e2c60 → host:177.10.237.247
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ee36310db765ff6:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2ee36310db765ff6 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d6d47e7b31036f28:flow:ecd35dc16e75	SESSION-d6d47e7b31036f28 → flow:ecd35dc16e75
FLOW_FROM_HOSTOBS	e:from:SESSION-24f1ec9c7d379a9b:host:172.234.197.23	SESSION-24f1ec9c7d379a9b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a808f31a4e66:port:tcp:36575	flow:a808f31a4e66 → port:tcp:36575
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-736a99dd90ae6491:flow:9887d287d357	SESSION-736a99dd90ae6491 → flow:9887d287d357
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e76f09c0f210884:SESSION-4e76f09c0f210884	SESSION-4e76f09c0f210884 → pe:tls:SESSION-4e76f09c0f210884
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3db1c42fb505a2f9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-3db1c42fb505a2f9 → PCAP:capture_20260430080001:93f47cc296a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.68:geo_41.02140_28.99480	host:185.231.226.68 → geo_41.02140_28.99480
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0844998e370f9b20:host:177.10.237.47:host:172.234.197.23	SESSION-0844998e370f9b20 → host:177.10.237.47 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-35561958c0468d3f:host:131.196.30.152	SESSION-35561958c0468d3f → host:131.196.30.152
FLOW_DST_PORTOBS	e:fp:flow:48eead35e82a:port:tcp:443	flow:48eead35e82a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-c0dbdaab1cb35f54:host:131.196.30.244	SESSION-c0dbdaab1cb35f54 → host:131.196.30.244
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-73436bd95d7b2637:SESSION-73436bd95d7b2637	SESSION-73436bd95d7b2637 → pe:tls:SESSION-73436bd95d7b2637
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b3948aeec4a52663:SESSION-b3948aeec4a52663	SESSION-b3948aeec4a52663 → pe:syn:SESSION-b3948aeec4a52663
flow_observed5-aryOBS	e:fo:flow:6c751e472afd	flow:6c751e472afd → host:45.173.156.197 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-48bb234f8161dc4f:host:172.234.197.23:host:177.10.237.66	SESSION-48bb234f8161dc4f → host:172.234.197.23 → host:177.10.237.66
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-10db7c117acba2ed:SESSION-10db7c117acba2ed	SESSION-10db7c117acba2ed → pe:tls:SESSION-10db7c117acba2ed
FLOW_TO_HOSTOBS	e:to:SESSION-d59ad8978cc7e8b9:host:177.10.238.62	SESSION-d59ad8978cc7e8b9 → host:177.10.238.62
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10ed4263d8057f18:host:177.10.239.115	SESSION-10ed4263d8057f18 → host:177.10.239.115
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-420c45d015462611:SESSION-420c45d015462611	SESSION-420c45d015462611 → pe:syn:SESSION-420c45d015462611
FLOW_DST_PORTOBS	e:fp:flow:fe6297f71c57:port:tcp:443	flow:fe6297f71c57 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b31cf1240fb1e101:flow:f484c8126b6c	SESSION-b31cf1240fb1e101 → flow:f484c8126b6c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0afc12079a05a1b1:host:95.170.25.105	SESSION-0afc12079a05a1b1 → host:95.170.25.105
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9b95e1310dc4ff34:SESSION-9b95e1310dc4ff34	SESSION-9b95e1310dc4ff34 → pe:tls:SESSION-9b95e1310dc4ff34
FLOW_FROM_HOSTOBS	e:from:SESSION-e673f566483c0ed3:host:172.234.197.23	SESSION-e673f566483c0ed3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a2cae37d21287a7:host:172.234.197.23	SESSION-2a2cae37d21287a7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b84527735a90d253:SESSION-b84527735a90d253	SESSION-b84527735a90d253 → pe:syn:SESSION-b84527735a90d253
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.9:asn:271410	host:131.196.30.9 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-16df0786ef84574d:SESSION-16df0786ef84574d	SESSION-16df0786ef84574d → pe:tls:SESSION-16df0786ef84574d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4673fb47ee0c5a9:host:177.10.239.11:host:172.234.197.23	SESSION-d4673fb47ee0c5a9 → host:177.10.239.11 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a516ba4c4f8948a0:host:177.10.236.236	SESSION-a516ba4c4f8948a0 → host:177.10.236.236
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-192cf58c18726bf1:host:172.234.197.23:host:177.10.233.197	SESSION-192cf58c18726bf1 → host:172.234.197.23 → host:177.10.233.197
flow_observed5-aryOBS	e:fo:flow:8aa8cac023d8	flow:8aa8cac023d8 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
FLOW_FROM_HOSTOBS	e:from:SESSION-226dccfda73d96ef:host:172.234.197.23	SESSION-226dccfda73d96ef → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-531f1f169db2954c:host:172.234.197.23	SESSION-531f1f169db2954c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.64:asn:262880	host:177.10.237.64 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96272a0a54480e7a:host:177.10.234.78:host:172.234.197.23	SESSION-96272a0a54480e7a → host:177.10.234.78 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f635007151c479b8:PCAP:capture_20260430110001:43611bdf6759	SESSION-f635007151c479b8 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-393d4d02c091bd7e:host:172.234.197.23	SESSION-393d4d02c091bd7e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f2ae6b0bca9a8c33:SESSION-f2ae6b0bca9a8c33	SESSION-f2ae6b0bca9a8c33 → pe:syn:SESSION-f2ae6b0bca9a8c33
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-791eac8e49df4e5d:host:172.234.197.23	SESSION-791eac8e49df4e5d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-10bd62a158add0c4:host:172.234.197.23	SESSION-10bd62a158add0c4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eac07967aaca78dc:host:177.10.237.159:host:172.234.197.23	SESSION-eac07967aaca78dc → host:177.10.237.159 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ec373193747138e2:host:177.10.238.249:host:172.234.197.23	SESSION-ec373193747138e2 → host:177.10.238.249 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0da58b5e3634dda2:flow:22b7a9b6a3e4	SESSION-0da58b5e3634dda2 → flow:22b7a9b6a3e4
FLOW_TO_HOSTOBS	e:to:SESSION-e13a35a59d4e8cb3:host:177.10.234.237	SESSION-e13a35a59d4e8cb3 → host:177.10.234.237
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fd2d57a3e3d90491:SESSION-fd2d57a3e3d90491	SESSION-fd2d57a3e3d90491 → pe:syn:SESSION-fd2d57a3e3d90491
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.155:asn:262880	host:177.10.232.155 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e488bd001486e0ee:host:177.10.237.147:host:172.234.197.23	SESSION-e488bd001486e0ee → host:177.10.237.147 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eb6c1367f6b2a786:PCAP:capture_20260430060001:919b39a74464	SESSION-eb6c1367f6b2a786 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d8432ee5dd236020:SESSION-d8432ee5dd236020	SESSION-d8432ee5dd236020 → pe:tls:SESSION-d8432ee5dd236020
FLOW_FROM_HOSTOBS	e:from:SESSION-bf34c898669d01e7:host:131.196.30.242	SESSION-bf34c898669d01e7 → host:131.196.30.242
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-045a77174f347205:host:172.234.197.23	SESSION-045a77174f347205 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d3f99262a1bb3592:host:172.234.197.23	SESSION-d3f99262a1bb3592 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65d181126b4cfd8f:PCAP:capture_20260430110001:43611bdf6759	SESSION-65d181126b4cfd8f → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb512b6db53333ff:host:177.10.238.28	SESSION-bb512b6db53333ff → host:177.10.238.28
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.237:asn:262880	host:177.10.236.237 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9f05806c7fdedb94:PCAP:capture_20260430090001:065659c7d314	SESSION-9f05806c7fdedb94 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc7ab250b87b35be:flow:2e77d5b01871	SESSION-cc7ab250b87b35be → flow:2e77d5b01871
flow_observed5-aryOBS	e:fo:flow:a9d5fe3bfafc	flow:a9d5fe3bfafc → host:177.10.233.93 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8d5b41a2eb16ae40:SESSION-8d5b41a2eb16ae40	SESSION-8d5b41a2eb16ae40 → pe:tls:SESSION-8d5b41a2eb16ae40
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-158ec8f739ce5586:SESSION-158ec8f739ce5586	SESSION-158ec8f739ce5586 → pe:tls:SESSION-158ec8f739ce5586
FLOW_TLS_SNIOBS	e:fs:flow:1b98b9f04daf:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:1b98b9f04daf → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54c75738c2308981:host:172.234.197.23	SESSION-54c75738c2308981 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1eb19142561b47ba:SESSION-1eb19142561b47ba	SESSION-1eb19142561b47ba → pe:syn:SESSION-1eb19142561b47ba
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.160:asn:262880	host:177.10.235.160 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fa8a238d1165695:host:172.234.197.23	SESSION-1fa8a238d1165695 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ffcf84507219fc2:SESSION-1ffcf84507219fc2	SESSION-1ffcf84507219fc2 → pe:syn:SESSION-1ffcf84507219fc2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d6ddb3deb8cc2873:PCAP:capture_20260430060001:919b39a74464	SESSION-d6ddb3deb8cc2873 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-60d7d302576d36ac:flow:100396c47d7a	SESSION-60d7d302576d36ac → flow:100396c47d7a
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.113:asn:271410	host:131.196.28.113 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-424264fd6333414c:SESSION-424264fd6333414c	SESSION-424264fd6333414c → pe:syn:SESSION-424264fd6333414c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f44cd8b141a7b5c:host:177.10.233.238	SESSION-7f44cd8b141a7b5c → host:177.10.233.238
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-382b47d73202b6ac:PCAP:capture_20260430110001:43611bdf6759	SESSION-382b47d73202b6ac → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-ae94ea8b15b44736:host:177.10.232.1	SESSION-ae94ea8b15b44736 → host:177.10.232.1
FLOW_TO_HOSTOBS	e:to:SESSION-2ed5513c22512ddd:host:172.234.197.23	SESSION-2ed5513c22512ddd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-adf46c04c6a07144:host:131.196.29.150	SESSION-adf46c04c6a07144 → host:131.196.29.150
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8c5fe81cc60001f5:SESSION-8c5fe81cc60001f5	SESSION-8c5fe81cc60001f5 → pe:tls:SESSION-8c5fe81cc60001f5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-007ba64cafd5a15c:flow:8db037f16449	SESSION-007ba64cafd5a15c → flow:8db037f16449
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-02e2db787a51689b:SESSION-02e2db787a51689b	SESSION-02e2db787a51689b → pe:syn:SESSION-02e2db787a51689b
flow_observed5-aryOBS	e:fo:flow:411aef50024b	flow:411aef50024b → host:177.10.238.164 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f21aae4e1b352568:SESSION-f21aae4e1b352568	SESSION-f21aae4e1b352568 → pe:syn:SESSION-f21aae4e1b352568
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-845630b36dc2dead:host:195.20.104.8	SESSION-845630b36dc2dead → host:195.20.104.8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-19e0bdfc1305c6ba:PCAP:capture_20260430070001:903a0e7a436b	SESSION-19e0bdfc1305c6ba → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-469998d187b1b945:host:177.10.233.78:host:172.234.197.23	SESSION-469998d187b1b945 → host:177.10.233.78 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-954029bd3fad39c7:host:177.10.237.122	SESSION-954029bd3fad39c7 → host:177.10.237.122
FLOW_DST_PORTOBS	e:fp:flow:e8e27ec2424d:port:tcp:443	flow:e8e27ec2424d → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-47acb5bee39822f1:host:177.10.239.18	SESSION-47acb5bee39822f1 → host:177.10.239.18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8b61fb09d40ad349:SESSION-8b61fb09d40ad349	SESSION-8b61fb09d40ad349 → pe:syn:SESSION-8b61fb09d40ad349
FLOW_TO_HOSTOBS	e:to:SESSION-de2c7d1c6ad5841e:host:172.234.197.23	SESSION-de2c7d1c6ad5841e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-05167940272dd019:host:177.10.236.115	SESSION-05167940272dd019 → host:177.10.236.115
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.117:geo_-16.28860_-49.01640	host:177.10.238.117 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.27:geo_-23.62930_-46.63510	host:131.196.28.27 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.192:asn:262880	host:177.10.238.192 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.177:geo_-23.62930_-46.63510	host:131.196.28.177 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5250861d994b3dc2:SESSION-5250861d994b3dc2	SESSION-5250861d994b3dc2 → pe:tls:SESSION-5250861d994b3dc2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8466bbcc058d46c:flow:ddf14cd5aa65	SESSION-c8466bbcc058d46c → flow:ddf14cd5aa65
FLOW_TO_HOSTOBS	e:to:SESSION-7d2803f457704e39:host:172.234.197.23	SESSION-7d2803f457704e39 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27ee7c401cb71f02:host:172.234.197.23	SESSION-27ee7c401cb71f02 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37c1a586e90e7a3b:host:131.196.28.39	SESSION-37c1a586e90e7a3b → host:131.196.28.39
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6e6d70ae2d31fba9:flow:235158a23b67	SESSION-6e6d70ae2d31fba9 → flow:235158a23b67
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1984f51487784d02:flow:978dc8ba0399	SESSION-1984f51487784d02 → flow:978dc8ba0399
FLOW_FROM_HOSTOBS	e:from:SESSION-6d5e711c3b45ec85:host:131.196.30.50	SESSION-6d5e711c3b45ec85 → host:131.196.30.50
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-29162d9ed8336732:SESSION-29162d9ed8336732	SESSION-29162d9ed8336732 → pe:tls:SESSION-29162d9ed8336732
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e61eb47c134600b1:flow:35356ce269f5	SESSION-e61eb47c134600b1 → flow:35356ce269f5
FLOW_FROM_HOSTOBS	e:from:SESSION-c8277822e9833952:host:131.196.31.94	SESSION-c8277822e9833952 → host:131.196.31.94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-99ffd8e203ea7715:SESSION-99ffd8e203ea7715	SESSION-99ffd8e203ea7715 → pe:syn:SESSION-99ffd8e203ea7715
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5d5e50cd91d4ac54:SESSION-5d5e50cd91d4ac54	SESSION-5d5e50cd91d4ac54 → pe:syn:SESSION-5d5e50cd91d4ac54
FLOW_FROM_HOSTOBS	e:from:SESSION-e9b874351d52a188:host:131.196.31.167	SESSION-e9b874351d52a188 → host:131.196.31.167
flow_observed5-aryOBS	e:fo:flow:5fac4106d582	flow:5fac4106d582 → host:177.10.238.35 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8d7cf6e510c352d8:flow:87d7f7a0051b	SESSION-8d7cf6e510c352d8 → flow:87d7f7a0051b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b43557542c64d676:flow:8503bab0a6df	SESSION-b43557542c64d676 → flow:8503bab0a6df
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84891f6788a8f194:host:177.10.237.152	SESSION-84891f6788a8f194 → host:177.10.237.152
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.93:asn:273470	host:45.173.156.93 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-49828b0c1667648d:SESSION-49828b0c1667648d	SESSION-49828b0c1667648d → pe:syn:SESSION-49828b0c1667648d
FLOW_TO_HOSTOBS	e:to:SESSION-c49f5291ee3911b4:host:172.234.197.23	SESSION-c49f5291ee3911b4 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.107:asn:262880	host:177.10.237.107 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f60661a19246ebd9:flow:679a0b8a18c3	SESSION-f60661a19246ebd9 → flow:679a0b8a18c3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cf669240db189a71:flow:239d4ba05be9	SESSION-cf669240db189a71 → flow:239d4ba05be9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e8ef5b0d475390b4:SESSION-e8ef5b0d475390b4	SESSION-e8ef5b0d475390b4 → pe:tls:SESSION-e8ef5b0d475390b4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-651f6fdc4d4e9c59:flow:c7924a2c3c9c	SESSION-651f6fdc4d4e9c59 → flow:c7924a2c3c9c
FLOW_TO_HOSTOBS	e:to:SESSION-d0a19698769d1246:host:177.10.232.46	SESSION-d0a19698769d1246 → host:177.10.232.46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-493920f19ab5585b:host:131.196.31.253	SESSION-493920f19ab5585b → host:131.196.31.253
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d96c6feac6dadd94:flow:8afecebd30fc	SESSION-d96c6feac6dadd94 → flow:8afecebd30fc
FLOW_FROM_HOSTOBS	e:from:SESSION-dd7be5606f48437f:host:172.234.197.23	SESSION-dd7be5606f48437f → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:55b8d007960c	flow:55b8d007960c → host:172.234.197.23 → host:177.10.235.36 → port:tcp:39303
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.24:geo_-16.28860_-49.01640	host:177.10.239.24 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-3a22e38c714d83c7:host:177.10.233.199	SESSION-3a22e38c714d83c7 → host:177.10.233.199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4b062ac7956d3a5:host:177.10.237.199	SESSION-a4b062ac7956d3a5 → host:177.10.237.199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14d5e1e17a6f21ad:host:177.10.232.242	SESSION-14d5e1e17a6f21ad → host:177.10.232.242
flow_observed5-aryOBS	e:fo:flow:dd46417013ed	flow:dd46417013ed → host:177.10.234.1 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-cea44595be79fe10:host:131.196.30.13	SESSION-cea44595be79fe10 → host:131.196.30.13
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.137:asn:262880	host:177.10.236.137 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17133b7d31116a9e:host:45.173.156.170	SESSION-17133b7d31116a9e → host:45.173.156.170
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ac7bdbcc541a2d8:host:172.234.197.23	SESSION-8ac7bdbcc541a2d8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-54aea84c156a3c18:SESSION-54aea84c156a3c18	SESSION-54aea84c156a3c18 → pe:rst:SESSION-54aea84c156a3c18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0feaffd55940508b:SESSION-0feaffd55940508b	SESSION-0feaffd55940508b → pe:syn:SESSION-0feaffd55940508b
FLOW_DST_PORTOBS	e:fp:flow:627f220d3e6a:port:tcp:36572	flow:627f220d3e6a → port:tcp:36572
flow_observed5-aryOBS	e:fo:flow:41bca09d381c	flow:41bca09d381c → host:177.10.237.127 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-905738e9b4f08562:host:177.10.235.213	SESSION-905738e9b4f08562 → host:177.10.235.213
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-53f84807a0945e6c:SESSION-53f84807a0945e6c	SESSION-53f84807a0945e6c → pe:syn:SESSION-53f84807a0945e6c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-193ccf82e1088d1d:host:177.10.239.18:host:172.234.197.23	SESSION-193ccf82e1088d1d → host:177.10.239.18 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-561fca01c9d6b351:host:131.196.30.72:host:172.234.197.23	SESSION-561fca01c9d6b351 → host:131.196.30.72 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.66:geo_-16.28860_-49.01640	host:177.10.238.66 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a979a64e0f94d26:host:131.196.30.59	SESSION-8a979a64e0f94d26 → host:131.196.30.59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-63fc840f6df40503:SESSION-63fc840f6df40503	SESSION-63fc840f6df40503 → pe:syn:SESSION-63fc840f6df40503
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7e06a830af01410:host:131.196.28.164	SESSION-b7e06a830af01410 → host:131.196.28.164
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-da8ba1d6891d9574:host:177.10.232.165:host:172.234.197.23	SESSION-da8ba1d6891d9574 → host:177.10.232.165 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b670e7c5e0a8e3a1:host:45.173.156.201	SESSION-b670e7c5e0a8e3a1 → host:45.173.156.201
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa0b840fdb1355d3:host:131.196.30.91	SESSION-fa0b840fdb1355d3 → host:131.196.30.91
FLOW_DST_PORTOBS	e:fp:flow:c59b4943b687:port:tcp:443	flow:c59b4943b687 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e4dd8b9d1b64d369:SESSION-e4dd8b9d1b64d369	SESSION-e4dd8b9d1b64d369 → pe:syn:SESSION-e4dd8b9d1b64d369
FLOW_FROM_HOSTOBS	e:from:SESSION-ff331192f9cad8b9:host:172.234.197.23	SESSION-ff331192f9cad8b9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a60c132d3a0c7657:host:177.10.236.33	SESSION-a60c132d3a0c7657 → host:177.10.236.33
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ac6ab160136e0424:PCAP:capture_20260430050001:8868731bf8a4	SESSION-ac6ab160136e0424 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a4ffce8b6e53dd75:host:172.234.197.23:host:177.10.233.67	SESSION-a4ffce8b6e53dd75 → host:172.234.197.23 → host:177.10.233.67
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1705f35e2db46a43:SESSION-1705f35e2db46a43	SESSION-1705f35e2db46a43 → pe:tls:SESSION-1705f35e2db46a43
FLOW_FROM_HOSTOBS	e:from:SESSION-0b2db5b5e20e8c4e:host:172.234.197.23	SESSION-0b2db5b5e20e8c4e → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e122523b9467	flow:e122523b9467 → host:172.234.197.23 → host:131.196.30.28 → port:tcp:63752
FLOW_TO_HOSTOBS	e:to:SESSION-ed29e6defb1050d9:host:177.10.234.152	SESSION-ed29e6defb1050d9 → host:177.10.234.152
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a4b43b46bbfc9c3:SESSION-0a4b43b46bbfc9c3	SESSION-0a4b43b46bbfc9c3 → pe:tls:SESSION-0a4b43b46bbfc9c3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-da14e430733ddeb2:flow:2ee4cc406398	SESSION-da14e430733ddeb2 → flow:2ee4cc406398
FLOW_DST_PORTOBS	e:fp:flow:2dd366d504c3:port:tcp:19571	flow:2dd366d504c3 → port:tcp:19571
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-32ae480396f4c201:SESSION-32ae480396f4c201	SESSION-32ae480396f4c201 → pe:tls:SESSION-32ae480396f4c201
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-92c4be10fc1322be:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-92c4be10fc1322be → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:faf417b2cefd:port:tcp:37712	flow:faf417b2cefd → port:tcp:37712
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bc37b0c14be06192:host:88.99.91.59:host:172.234.197.23	SESSION-bc37b0c14be06192 → host:88.99.91.59 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ce4fb974af5131d:host:177.10.237.55	SESSION-0ce4fb974af5131d → host:177.10.237.55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-9eddb8081d100874:SESSION-9eddb8081d100874	SESSION-9eddb8081d100874 → pe:dns:SESSION-9eddb8081d100874
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b07a5e743a2061fa:host:131.196.29.209:host:172.234.197.23	SESSION-b07a5e743a2061fa → host:131.196.29.209 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:90a4c66aff81:port:tcp:50095	flow:90a4c66aff81 → port:tcp:50095
FLOW_TO_HOSTOBS	e:to:SESSION-d4076f0f6734ca69:host:45.173.156.68	SESSION-d4076f0f6734ca69 → host:45.173.156.68
FLOW_FROM_HOSTOBS	e:from:SESSION-3224b320d23ec0cd:host:177.10.237.60	SESSION-3224b320d23ec0cd → host:177.10.237.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4dc16adec194cf9c:host:177.10.232.4	SESSION-4dc16adec194cf9c → host:177.10.232.4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7eabead80f81736f:host:177.10.235.205	SESSION-7eabead80f81736f → host:177.10.235.205
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd0571d5316a48e1:host:172.234.197.23	SESSION-fd0571d5316a48e1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-704e3a6bbdc29013:SESSION-704e3a6bbdc29013	SESSION-704e3a6bbdc29013 → pe:syn:SESSION-704e3a6bbdc29013
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-54f6eb1f506e4a3a:flow:3680ddb78789	SESSION-54f6eb1f506e4a3a → flow:3680ddb78789
FLOW_FROM_HOSTOBS	e:from:SESSION-9f5d8e8d5ecc4e1f:host:172.234.197.23	SESSION-9f5d8e8d5ecc4e1f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fb163f3769ccb67:host:172.234.197.23	SESSION-1fb163f3769ccb67 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-72e57a99703d053d:host:177.10.239.37	SESSION-72e57a99703d053d → host:177.10.239.37
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fa3e9fc803f342ab:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-fa3e9fc803f342ab → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed4-aryOBS	e:fo:flow:64d6aa7dc384	flow:64d6aa7dc384 → host:172.234.197.23 → host:177.10.236.86 → port:tcp:6061
flow_observed4-aryOBS	e:fo:flow:301bea5aae22	flow:301bea5aae22 → host:172.234.197.23 → host:177.10.233.185 → port:tcp:65018
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c9c8bcacffc7072b:flow:7bfaaabeaf49	SESSION-c9c8bcacffc7072b → flow:7bfaaabeaf49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bbc35343aa20f600:SESSION-bbc35343aa20f600	SESSION-bbc35343aa20f600 → pe:syn:SESSION-bbc35343aa20f600
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b5af66d109a4873:host:172.234.197.23	SESSION-5b5af66d109a4873 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e91394d00b664372:host:177.10.234.232:host:172.234.197.23	SESSION-e91394d00b664372 → host:177.10.234.232 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3afd88a73e32b466:host:172.234.197.23	SESSION-3afd88a73e32b466 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db0c4d22fd57aedf:SESSION-db0c4d22fd57aedf	SESSION-db0c4d22fd57aedf → pe:syn:SESSION-db0c4d22fd57aedf
FLOW_TO_HOSTOBS	e:to:SESSION-dd58ba429e3d894b:host:131.196.28.174	SESSION-dd58ba429e3d894b → host:131.196.28.174
FLOW_DST_PORTOBS	e:fp:flow:2bd9596b678e:port:tcp:42418	flow:2bd9596b678e → port:tcp:42418
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8d2a460a472c4c29:flow:d18b0b138742	SESSION-8d2a460a472c4c29 → flow:d18b0b138742
FLOW_DST_PORTOBS	e:fp:flow:99ab03576013:port:tcp:443	flow:99ab03576013 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7aaf7c17fdae8be6:host:172.234.197.23	SESSION-7aaf7c17fdae8be6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-81dd4006fe67ac3f:host:18.175.215.247:host:172.234.197.23	SESSION-81dd4006fe67ac3f → host:18.175.215.247 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-da7125a184793aeb:SESSION-da7125a184793aeb	SESSION-da7125a184793aeb → pe:syn:SESSION-da7125a184793aeb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8452ffa75e7fe764:host:172.234.197.23:host:177.10.237.115	SESSION-8452ffa75e7fe764 → host:172.234.197.23 → host:177.10.237.115
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ddcefc7eea69488:host:172.234.197.23	SESSION-7ddcefc7eea69488 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-caf71fb423b46c4a:host:172.234.197.23	SESSION-caf71fb423b46c4a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65fda4a5b580780a:SESSION-65fda4a5b580780a	SESSION-65fda4a5b580780a → pe:tls:SESSION-65fda4a5b580780a
FLOW_TO_HOSTOBS	e:to:SESSION-6a214ec19ba198e7:host:177.10.233.191	SESSION-6a214ec19ba198e7 → host:177.10.233.191
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-637d01fb7fe8b725:host:172.234.197.23	SESSION-637d01fb7fe8b725 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e7af3e500f20cf8:PCAP:capture_20260430110001:43611bdf6759	SESSION-4e7af3e500f20cf8 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea19b3bdbd95a16b:host:172.234.197.23	SESSION-ea19b3bdbd95a16b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.129:asn:262880	host:177.10.239.129 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89ff4b6182efd39b:host:57.128.95.174	SESSION-89ff4b6182efd39b → host:57.128.95.174
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3ba165dc958434de:host:54.184.232.115:host:172.234.197.23	SESSION-3ba165dc958434de → host:54.184.232.115 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:40caed145d6b:port:tcp:443	flow:40caed145d6b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad4604a15181cb67:host:172.234.197.23	SESSION-ad4604a15181cb67 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b4020db38e68a457:SESSION-b4020db38e68a457	SESSION-b4020db38e68a457 → pe:tls:SESSION-b4020db38e68a457
flow_observed5-aryOBS	e:fo:flow:fc519ecd4501	flow:fc519ecd4501 → host:177.10.236.22 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0796a13a25fe417a:host:177.10.233.93	SESSION-0796a13a25fe417a → host:177.10.233.93
flow_observed4-aryOBS	e:fo:flow:db8ab9c841e9	flow:db8ab9c841e9 → host:172.234.197.23 → host:177.10.236.170 → port:tcp:34806
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-61e3533744fe7104:SESSION-61e3533744fe7104	SESSION-61e3533744fe7104 → pe:tls:SESSION-61e3533744fe7104
flow_observed5-aryOBS	e:fo:flow:c5e8a78849b7	flow:c5e8a78849b7 → host:131.196.31.222 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c1240df2eec41c5d:SESSION-c1240df2eec41c5d	SESSION-c1240df2eec41c5d → pe:tls:SESSION-c1240df2eec41c5d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ee9ba8cae5cc2ab:host:177.10.239.84:host:172.234.197.23	SESSION-2ee9ba8cae5cc2ab → host:177.10.239.84 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3be9919fc6df9ffa:host:45.173.156.248:host:172.234.197.23	SESSION-3be9919fc6df9ffa → host:45.173.156.248 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fe2a9708180e5d71:host:177.10.232.168	SESSION-fe2a9708180e5d71 → host:177.10.232.168
FLOW_DST_PORTOBS	e:fp:flow:aae931213988:port:tcp:443	flow:aae931213988 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6394463f1caee3eb:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-6394463f1caee3eb → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-feb7243d21c3bd2d:host:177.10.235.83	SESSION-feb7243d21c3bd2d → host:177.10.235.83
flow_observed5-aryOBS	e:fo:flow:2ff1be4df60b	flow:2ff1be4df60b → host:177.10.234.9 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a03207ab88db82b5:flow:b122972ee5da	SESSION-a03207ab88db82b5 → flow:b122972ee5da
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f228c5492216a597:SESSION-f228c5492216a597	SESSION-f228c5492216a597 → pe:tls:SESSION-f228c5492216a597
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7b89a1b1f5399599:SESSION-7b89a1b1f5399599	SESSION-7b89a1b1f5399599 → pe:tls:SESSION-7b89a1b1f5399599
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d11c29aca82696f2:host:172.234.197.23	SESSION-d11c29aca82696f2 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.15:geo_-16.28860_-49.01640	host:177.10.239.15 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-037b6464dda97429:host:172.234.197.23	SESSION-037b6464dda97429 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a05a386609def1c:flow:26f8541df4db	SESSION-0a05a386609def1c → flow:26f8541df4db
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.180:geo_-16.28860_-49.01640	host:177.10.237.180 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:6154ca7be068:port:tcp:443	flow:6154ca7be068 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-6490de849a8e5020:host:172.234.197.23	SESSION-6490de849a8e5020 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.147:asn:262880	host:177.10.233.147 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.226:geo_-16.28860_-49.01640	host:177.10.235.226 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0510bb60587070dd:SESSION-0510bb60587070dd	SESSION-0510bb60587070dd → pe:syn:SESSION-0510bb60587070dd
FLOW_DST_PORTOBS	e:fp:flow:5e1b26079177:port:tcp:443	flow:5e1b26079177 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-7172790c1950eaef:host:131.196.30.184	SESSION-7172790c1950eaef → host:131.196.30.184
FLOW_FROM_HOSTOBS	e:from:SESSION-b16751dae4d82103:host:177.10.236.16	SESSION-b16751dae4d82103 → host:177.10.236.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b223dcd1f64dfb9:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7b223dcd1f64dfb9 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-ef914cd10270daad:host:177.10.239.199	SESSION-ef914cd10270daad → host:177.10.239.199
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4eec40051c49c7bf:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4eec40051c49c7bf → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c21627d8f6f11a27:PCAP:capture_20260430090001:065659c7d314	SESSION-c21627d8f6f11a27 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aede3430ffb62e05:host:177.10.236.150	SESSION-aede3430ffb62e05 → host:177.10.236.150
flow_observed5-aryOBS	e:fo:flow:aabc1306386d	flow:aabc1306386d → host:131.196.29.127 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f158e3bc319e69c7:host:199.16.157.182	SESSION-f158e3bc319e69c7 → host:199.16.157.182
flow_observed4-aryOBS	e:fo:flow:1ef64fa87830	flow:1ef64fa87830 → host:172.234.197.23 → host:177.10.239.3 → port:tcp:15984
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2dd1a49fa9f1084b:PCAP:capture_20260430090001:065659c7d314	SESSION-2dd1a49fa9f1084b → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a6d1acf39452c448:host:172.234.197.23:host:131.196.30.31	SESSION-a6d1acf39452c448 → host:172.234.197.23 → host:131.196.30.31
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-ec67d149df3809f6:BSG-BEACON-0731e82139b7	SESSION-ec67d149df3809f6 → BSG-BEACON-0731e82139b7
FLOW_TO_HOSTOBS	e:to:SESSION-650f1a0c083a2aeb:host:172.232.0.16	SESSION-650f1a0c083a2aeb → host:172.232.0.16
FLOW_TO_HOSTOBS	e:to:SESSION-1c5519b0e5712e1e:host:172.234.197.23	SESSION-1c5519b0e5712e1e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-398d13acd4a88a37:host:172.234.197.23	SESSION-398d13acd4a88a37 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:074c39686250	flow:074c39686250 → host:172.234.197.23 → host:45.173.156.109 → port:tcp:48504
FLOW_DST_PORTOBS	e:fp:flow:460697540e36:port:tcp:51204	flow:460697540e36 → port:tcp:51204
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59d5bafa56d514c9:host:172.234.197.23	SESSION-59d5bafa56d514c9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d8c774bbe3f97971:host:45.173.156.5:host:172.234.197.23	SESSION-d8c774bbe3f97971 → host:45.173.156.5 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0b71b9d0133c3b30:host:172.234.197.23	SESSION-0b71b9d0133c3b30 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6a66568eff025692:host:172.234.197.23:host:177.10.236.62	SESSION-6a66568eff025692 → host:172.234.197.23 → host:177.10.236.62
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.103:geo_-16.28860_-49.01640	host:177.10.234.103 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7063a4bdff0e259c:host:131.196.30.230:host:172.234.197.23	SESSION-7063a4bdff0e259c → host:131.196.30.230 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8a979a64e0f94d26:host:131.196.30.59	SESSION-8a979a64e0f94d26 → host:131.196.30.59
FLOW_DST_PORTOBS	e:fp:flow:83496f8172a2:port:tcp:443	flow:83496f8172a2 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:35.92.48.165:asn:16509	host:35.92.48.165 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b8d0e25502f89d2:host:172.234.197.23	SESSION-7b8d0e25502f89d2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:cb8516635eb4	flow:cb8516635eb4 → host:131.196.29.94 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e76f09c0f210884:host:172.234.197.23	SESSION-4e76f09c0f210884 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-56476ce9df92fd09:host:172.234.197.23	SESSION-56476ce9df92fd09 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f02a050799431d6e:host:177.10.237.166	SESSION-f02a050799431d6e → host:177.10.237.166
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6713221fe5694a6d:flow:ce9e994e23f8	SESSION-6713221fe5694a6d → flow:ce9e994e23f8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1c0e19c2beda7d84:flow:6db73413d50d	SESSION-1c0e19c2beda7d84 → flow:6db73413d50d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5f215cf2f031026d:PCAP:capture_20260430110001:43611bdf6759	SESSION-5f215cf2f031026d → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d5aeffc2a4b56ba0:host:131.196.31.190:host:172.234.197.23	SESSION-d5aeffc2a4b56ba0 → host:131.196.31.190 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e280ba6e8e483a35:flow:73d3c2e14895	SESSION-e280ba6e8e483a35 → flow:73d3c2e14895
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0df43d2721e666e:host:172.234.197.23	SESSION-c0df43d2721e666e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1da9f85a5b3be49b:host:131.196.31.167	SESSION-1da9f85a5b3be49b → host:131.196.31.167
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-86086a72c76b1135:host:172.234.197.23:host:131.196.30.147	SESSION-86086a72c76b1135 → host:172.234.197.23 → host:131.196.30.147
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8984df52681cb36:host:177.10.234.140	SESSION-c8984df52681cb36 → host:177.10.234.140
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a242c68bb3594796:flow:b28ad62d8000	SESSION-a242c68bb3594796 → flow:b28ad62d8000
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8f1e08bfeea32aa0:SESSION-8f1e08bfeea32aa0	SESSION-8f1e08bfeea32aa0 → pe:tls:SESSION-8f1e08bfeea32aa0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-de23fe28677c4a6e:flow:01d4aa0d71df	SESSION-de23fe28677c4a6e → flow:01d4aa0d71df
flow_observed4-aryOBS	e:fo:flow:f55cb372d8b9	flow:f55cb372d8b9 → host:172.234.197.23 → host:177.10.239.221 → port:tcp:65297
flow_observed5-aryOBS	e:fo:flow:fd663917efb4	flow:fd663917efb4 → host:131.196.31.170 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:3ebf35a3b054	flow:3ebf35a3b054 → host:177.10.239.255 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28ea3e411a2de5c2:host:177.10.239.51	SESSION-28ea3e411a2de5c2 → host:177.10.239.51
FLOW_DST_PORTOBS	e:fp:flow:773dd2f1e445:port:udp:53	flow:773dd2f1e445 → port:udp:53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-797ddf76fc257ebf:host:177.10.238.248:host:172.234.197.23	SESSION-797ddf76fc257ebf → host:177.10.238.248 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7a65c242582e5e81:host:177.10.235.233	SESSION-7a65c242582e5e81 → host:177.10.235.233
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d82ce6b730f5fc6b:host:177.10.232.22:host:172.234.197.23	SESSION-d82ce6b730f5fc6b → host:177.10.232.22 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9be6dcd7d7b7ac03:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-9be6dcd7d7b7ac03 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1870bc27b62a60a2:host:172.234.197.23	SESSION-1870bc27b62a60a2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3186af5a0774c3b5:host:45.173.156.117	SESSION-3186af5a0774c3b5 → host:45.173.156.117
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da3b2b353303e8e1:host:177.10.237.153	SESSION-da3b2b353303e8e1 → host:177.10.237.153
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.83:geo_-16.28860_-49.01640	host:177.10.232.83 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c69fd5cbb3980413:PCAP:capture_20260430090001:065659c7d314	SESSION-c69fd5cbb3980413 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75cb9fe69e287da9:host:177.10.239.203	SESSION-75cb9fe69e287da9 → host:177.10.239.203
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0393cf21271be7e9:host:177.10.232.158	SESSION-0393cf21271be7e9 → host:177.10.232.158
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0940876600cf1421:PCAP:capture_20260430080001:93f47cc296a4	SESSION-0940876600cf1421 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4bc305941088d24:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d4bc305941088d24 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa4dbd42e40690e9:host:172.234.197.23	SESSION-aa4dbd42e40690e9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:949d44167acc	flow:949d44167acc → host:45.173.156.33 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-a5ceca64359b9f0d:host:177.10.238.211	SESSION-a5ceca64359b9f0d → host:177.10.238.211
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-35561958c0468d3f:flow:bfe04f563b53	SESSION-35561958c0468d3f → flow:bfe04f563b53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a0efb63412ce5061:SESSION-a0efb63412ce5061	SESSION-a0efb63412ce5061 → pe:syn:SESSION-a0efb63412ce5061
FLOW_TO_HOSTOBS	e:to:SESSION-ca819812f7c370c2:host:177.10.238.103	SESSION-ca819812f7c370c2 → host:177.10.238.103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8fce0c61e3d0bf9:host:172.234.197.23	SESSION-b8fce0c61e3d0bf9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a9f928f7ece6fbf:host:177.10.237.198	SESSION-2a9f928f7ece6fbf → host:177.10.237.198
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6cdad751a34344e1:flow:f1090b78c826	SESSION-6cdad751a34344e1 → flow:f1090b78c826
FLOW_DST_PORTOBS	e:fp:flow:1f860e8c99a7:port:tcp:53487	flow:1f860e8c99a7 → port:tcp:53487
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.236:asn:262880	host:177.10.237.236 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-55d7f3379dec0798:host:177.10.237.70	SESSION-55d7f3379dec0798 → host:177.10.237.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-036bdbf16af23428:SESSION-036bdbf16af23428	SESSION-036bdbf16af23428 → pe:tls:SESSION-036bdbf16af23428
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.13:asn:262880	host:177.10.236.13 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6081275b2fa04e5c:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6081275b2fa04e5c → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-35ad9f030d1e8e6d:host:45.173.156.219	SESSION-35ad9f030d1e8e6d → host:45.173.156.219
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e15824f9dd78d2b4:host:177.10.235.217:host:172.234.197.23	SESSION-e15824f9dd78d2b4 → host:177.10.235.217 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d0cb11649434d08c:host:172.234.197.23	SESSION-d0cb11649434d08c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68ee3afa191e6305:host:177.10.237.88	SESSION-68ee3afa191e6305 → host:177.10.237.88
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a33620a262b3196:flow:cdc6cf409719	SESSION-4a33620a262b3196 → flow:cdc6cf409719
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-01ac49b549a49417:flow:509ed4d5dc46	SESSION-01ac49b549a49417 → flow:509ed4d5dc46
FLOW_DST_PORTOBS	e:fp:flow:ffa0d604aa19:port:tcp:443	flow:ffa0d604aa19 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-00968abd3a9eec7e:flow:0d96e36b5a5a	SESSION-00968abd3a9eec7e → flow:0d96e36b5a5a
flow_observed5-aryOBS	e:fo:flow:3f51040d34d3	flow:3f51040d34d3 → host:147.135.97.222 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:b4e8fe474765:port:tcp:443	flow:b4e8fe474765 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3ea6c4aff46dde87:SESSION-3ea6c4aff46dde87	SESSION-3ea6c4aff46dde87 → pe:tls:SESSION-3ea6c4aff46dde87
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-174ad36923ec98ba:SESSION-174ad36923ec98ba	SESSION-174ad36923ec98ba → pe:tls:SESSION-174ad36923ec98ba
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b3f73c59938d0a7:host:172.234.197.23	SESSION-8b3f73c59938d0a7 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:23d8fe986251	flow:23d8fe986251 → host:177.10.235.90 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-39aafc698c61dd93:PCAP:capture_20260430090001:065659c7d314	SESSION-39aafc698c61dd93 → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:b537df97de95:port:tcp:443	flow:b537df97de95 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:24a6ec1bcc46	flow:24a6ec1bcc46 → host:177.10.232.37 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3a082d71203d179a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-3a082d71203d179a → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.199:asn:262880	host:177.10.234.199 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-a5f9d16efb179df1:host:131.196.29.203	SESSION-a5f9d16efb179df1 → host:131.196.29.203
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-314272d88a452691:SESSION-314272d88a452691	SESSION-314272d88a452691 → pe:syn:SESSION-314272d88a452691
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8cb5baa2c4d67a55:host:172.234.197.23	SESSION-8cb5baa2c4d67a55 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b65c6ec30f2c8117:host:177.10.238.246:host:172.234.197.23	SESSION-b65c6ec30f2c8117 → host:177.10.238.246 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a733fde11cff5d03:host:131.196.30.189	SESSION-a733fde11cff5d03 → host:131.196.30.189
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e2f2dfbe9df7c080:SESSION-e2f2dfbe9df7c080	SESSION-e2f2dfbe9df7c080 → pe:syn:SESSION-e2f2dfbe9df7c080
FLOW_TO_HOSTOBS	e:to:SESSION-096419478460628e:host:172.232.0.16	SESSION-096419478460628e → host:172.232.0.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-206c176870c7b9f2:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-206c176870c7b9f2 → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.70:asn:262880	host:177.10.236.70 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-d4a5a6c818be705f:host:92.112.71.203	SESSION-d4a5a6c818be705f → host:92.112.71.203
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ee6825b3a9be6d1:flow:987246f3073a	SESSION-6ee6825b3a9be6d1 → flow:987246f3073a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-76cae08532c4b8eb:flow:6a5c452abdbb	SESSION-76cae08532c4b8eb → flow:6a5c452abdbb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e626c78b08de0a8b:flow:9340cb45584a	SESSION-e626c78b08de0a8b → flow:9340cb45584a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a6ec641540644ee0:SESSION-a6ec641540644ee0	SESSION-a6ec641540644ee0 → pe:tls:SESSION-a6ec641540644ee0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6cc71c07f8c21dc0:SESSION-6cc71c07f8c21dc0	SESSION-6cc71c07f8c21dc0 → pe:syn:SESSION-6cc71c07f8c21dc0
FLOW_TO_HOSTOBS	e:to:SESSION-6af0fd134ffb330e:host:172.234.197.23	SESSION-6af0fd134ffb330e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9c211d2931ae713:host:172.234.197.23	SESSION-d9c211d2931ae713 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f1b581ea0c38fa14:host:172.234.197.23:host:45.173.156.68	SESSION-f1b581ea0c38fa14 → host:172.234.197.23 → host:45.173.156.68
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-698d45df22ea2a48:SESSION-698d45df22ea2a48	SESSION-698d45df22ea2a48 → pe:syn:SESSION-698d45df22ea2a48
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9500d9b64493d052:host:45.173.156.72	SESSION-9500d9b64493d052 → host:45.173.156.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b4dc175dd74a3b00:SESSION-b4dc175dd74a3b00	SESSION-b4dc175dd74a3b00 → pe:syn:SESSION-b4dc175dd74a3b00
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-03724996262dbf01:host:177.10.239.148:host:172.234.197.23	SESSION-03724996262dbf01 → host:177.10.239.148 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3efb69df0be27ca4:host:131.196.29.137	SESSION-3efb69df0be27ca4 → host:131.196.29.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ff9ef052366910da:SESSION-ff9ef052366910da	SESSION-ff9ef052366910da → pe:tls:SESSION-ff9ef052366910da
flow_observed5-aryOBS	e:fo:flow:1489565b6fba	flow:1489565b6fba → host:45.173.156.47 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:35afae3c4d29:port:tcp:443	flow:35afae3c4d29 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-c0aa7b6956faccec:host:45.173.156.14	SESSION-c0aa7b6956faccec → host:45.173.156.14
FLOW_FROM_HOSTOBS	e:from:SESSION-37a50d9fe3e20191:host:52.12.196.158	SESSION-37a50d9fe3e20191 → host:52.12.196.158
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-12b2fb0a733c24b6:flow:c29121159bd5	SESSION-12b2fb0a733c24b6 → flow:c29121159bd5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-60a71bd7fc87f54e:host:89.58.44.225:host:172.234.197.23	SESSION-60a71bd7fc87f54e → host:89.58.44.225 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-02e2db787a51689b:host:131.196.31.32	SESSION-02e2db787a51689b → host:131.196.31.32
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-84669169ffdf0c83:flow:87e1e650d9d0	SESSION-84669169ffdf0c83 → flow:87e1e650d9d0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb0638f1774736d1:flow:9d09283dd3ed	SESSION-cb0638f1774736d1 → flow:9d09283dd3ed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8749b2c626b3f1be:host:177.10.236.57	SESSION-8749b2c626b3f1be → host:177.10.236.57
FLOW_FROM_HOSTOBS	e:from:SESSION-651f6fdc4d4e9c59:host:45.173.156.111	SESSION-651f6fdc4d4e9c59 → host:45.173.156.111
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.39:asn:273470	host:45.173.156.39 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f4a86c40e28bf330:flow:bc4d6a7d585e	SESSION-f4a86c40e28bf330 → flow:bc4d6a7d585e
FLOW_DST_PORTOBS	e:fp:flow:ffcefb7270a1:port:tcp:443	flow:ffcefb7270a1 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.161:geo_-16.28860_-49.01640	host:177.10.238.161 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-2ae37191400d64fc:host:177.10.239.57	SESSION-2ae37191400d64fc → host:177.10.239.57
flow_observed4-aryOBS	e:fo:flow:ff13f598515d	flow:ff13f598515d → host:172.234.197.23 → host:177.10.239.196 → port:tcp:7103
flow_observed5-aryOBS	e:fo:flow:0572a0ca26a2	flow:0572a0ca26a2 → host:131.196.31.98 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9a69c63a7b588de:host:172.234.197.23	SESSION-b9a69c63a7b588de → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b2dec3faf198ca60:host:172.234.197.23:host:45.173.156.239	SESSION-b2dec3faf198ca60 → host:172.234.197.23 → host:45.173.156.239
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d19f64abed8cdcd:host:172.234.197.23	SESSION-2d19f64abed8cdcd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0657272c618c6d4:SESSION-c0657272c618c6d4	SESSION-c0657272c618c6d4 → pe:syn:SESSION-c0657272c618c6d4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.211:asn:262880	host:177.10.237.211 → asn:262880
flow_observed5-aryOBS	e:fo:flow:b8efb0a2d1e0	flow:b8efb0a2d1e0 → host:131.196.31.134 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b2b0ee493ee38385:host:172.234.197.23:host:177.10.235.210	SESSION-b2b0ee493ee38385 → host:172.234.197.23 → host:177.10.235.210
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-306afa7fa31a1f87:flow:634f522b6025	SESSION-306afa7fa31a1f87 → flow:634f522b6025
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ab1dfc7616ca079a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-ab1dfc7616ca079a → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f5941954cc437ab4:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f5941954cc437ab4 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-323caf5dcc039926:host:131.196.30.20	SESSION-323caf5dcc039926 → host:131.196.30.20
flow_observed4-aryOBS	e:fo:flow:16c98c510c8d	flow:16c98c510c8d → host:172.234.197.23 → host:177.10.234.210 → port:tcp:28869
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e67ae3320dee0238:flow:f11da68f580d	SESSION-e67ae3320dee0238 → flow:f11da68f580d
FLOW_FROM_HOSTOBS	e:from:SESSION-c4d7e31822e7386a:host:131.196.30.0	SESSION-c4d7e31822e7386a → host:131.196.30.0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-711f533390ef220f:host:177.10.239.242	SESSION-711f533390ef220f → host:177.10.239.242
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.172:asn:271410	host:131.196.28.172 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86feda8665cc2010:host:172.234.197.23	SESSION-86feda8665cc2010 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e52630dccfec	flow:e52630dccfec → host:177.10.232.167 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-71cc4f2ac3d57c32:host:177.10.236.82	SESSION-71cc4f2ac3d57c32 → host:177.10.236.82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cdf732629d327c4c:host:172.234.197.23	SESSION-cdf732629d327c4c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.60:asn:271410	host:131.196.28.60 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ef7241157e60b5c0:flow:124937f3939e	SESSION-ef7241157e60b5c0 → flow:124937f3939e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-27f33a2015337a96:flow:597eb4982c4e	SESSION-27f33a2015337a96 → flow:597eb4982c4e
FLOW_DST_PORTOBS	e:fp:flow:6abeeac5086e:port:tcp:443	flow:6abeeac5086e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f42dcf2468c4a64f:host:172.234.197.23	SESSION-f42dcf2468c4a64f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-89957ac1ec870b87:SESSION-89957ac1ec870b87	SESSION-89957ac1ec870b87 → pe:syn:SESSION-89957ac1ec870b87
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1c0e19c2beda7d84:SESSION-1c0e19c2beda7d84	SESSION-1c0e19c2beda7d84 → pe:syn:SESSION-1c0e19c2beda7d84
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c1a2c7dc69870b1:host:131.196.29.0	SESSION-5c1a2c7dc69870b1 → host:131.196.29.0
FLOW_FROM_HOSTOBS	e:from:SESSION-777f9d135946568c:host:172.234.197.23	SESSION-777f9d135946568c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-903738316b123ea7:host:177.10.232.176	SESSION-903738316b123ea7 → host:177.10.232.176
flow_observed5-aryOBS	e:fo:flow:205fc6d7337e	flow:205fc6d7337e → host:167.235.194.109 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:a787ca249a1b:port:tcp:443	flow:a787ca249a1b → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:e78a93729722:port:tcp:28512	flow:e78a93729722 → port:tcp:28512
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6bdebc30581f3c5f:host:131.196.30.55	SESSION-6bdebc30581f3c5f → host:131.196.30.55
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.153:geo_-16.28860_-49.01640	host:177.10.234.153 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a9e0f3ba046c015f:SESSION-a9e0f3ba046c015f	SESSION-a9e0f3ba046c015f → pe:syn:SESSION-a9e0f3ba046c015f
flow_observed5-aryOBS	e:fo:flow:3d196b4085ad	flow:3d196b4085ad → host:177.10.239.137 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ecf1376a54312e6:host:131.196.30.162	SESSION-4ecf1376a54312e6 → host:131.196.30.162
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e4f9227bbb6fbbfc:host:131.196.31.5:host:172.234.197.23	SESSION-e4f9227bbb6fbbfc → host:131.196.31.5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7ba8377fba710c4:SESSION-b7ba8377fba710c4	SESSION-b7ba8377fba710c4 → pe:tls:SESSION-b7ba8377fba710c4
FLOW_DST_PORTOBS	e:fp:flow:9d87fb457f27:port:tcp:443	flow:9d87fb457f27 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7eeea37688fc574d:host:177.10.238.157:host:172.234.197.23	SESSION-7eeea37688fc574d → host:177.10.238.157 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b6d5152a3f3a:port:tcp:443	flow:b6d5152a3f3a → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-516e4259bbcb51e8:flow:8e3f43d5f5a9	SESSION-516e4259bbcb51e8 → flow:8e3f43d5f5a9
FLOW_FROM_HOSTOBS	e:from:SESSION-2ef8854f2d4650c5:host:177.10.234.60	SESSION-2ef8854f2d4650c5 → host:177.10.234.60
FLOW_TO_HOSTOBS	e:to:SESSION-b2dec3faf198ca60:host:45.173.156.239	SESSION-b2dec3faf198ca60 → host:45.173.156.239
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2eff7ebef8fd9091:host:177.10.239.76	SESSION-2eff7ebef8fd9091 → host:177.10.239.76
FLOW_FROM_HOSTOBS	e:from:SESSION-85483e16d9e2576e:host:172.234.197.23	SESSION-85483e16d9e2576e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11d5793dfe2c0097:host:172.234.197.23	SESSION-11d5793dfe2c0097 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0bf923c759cb9e4a:host:172.234.197.23	SESSION-0bf923c759cb9e4a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-88f0aa854ba7cdd7:host:45.173.156.51:host:172.234.197.23	SESSION-88f0aa854ba7cdd7 → host:45.173.156.51 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60d7d302576d36ac:host:172.234.197.23	SESSION-60d7d302576d36ac → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-040c9c1730fd990c:flow:972e46fe73d9	SESSION-040c9c1730fd990c → flow:972e46fe73d9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6ca8d988675ead3:host:45.173.156.26	SESSION-a6ca8d988675ead3 → host:45.173.156.26
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3fd74aeb66a6a85e:SESSION-3fd74aeb66a6a85e	SESSION-3fd74aeb66a6a85e → pe:tls:SESSION-3fd74aeb66a6a85e
flow_observed5-aryOBS	e:fo:flow:dcd3224e0a9d	flow:dcd3224e0a9d → host:131.196.31.63 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.165:asn:262880	host:177.10.232.165 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5bab109b42e3a8d7:host:172.234.197.23:host:131.196.28.167	SESSION-5bab109b42e3a8d7 → host:172.234.197.23 → host:131.196.28.167
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-be8cffb783bfde31:SESSION-be8cffb783bfde31	SESSION-be8cffb783bfde31 → pe:tls:SESSION-be8cffb783bfde31
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c421ecd159f7b93a:PCAP:capture_20260430060001:919b39a74464	SESSION-c421ecd159f7b93a → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-40d48b3e3ce773b5:host:52.12.196.158:host:172.234.197.23	SESSION-40d48b3e3ce773b5 → host:52.12.196.158 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4a1cda6283fa3945:host:177.10.233.239	SESSION-4a1cda6283fa3945 → host:177.10.233.239
FLOW_DST_PORTOBS	e:fp:flow:676488f06f59:port:tcp:443	flow:676488f06f59 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.11:asn:271410	host:131.196.31.11 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aad95c97a46f4b66:SESSION-aad95c97a46f4b66	SESSION-aad95c97a46f4b66 → pe:tls:SESSION-aad95c97a46f4b66
flow_observed5-aryOBS	e:fo:flow:35be8d7fc23e	flow:35be8d7fc23e → host:177.10.238.248 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7f350449fc7d11b3:flow:7612b6de3fd1	SESSION-7f350449fc7d11b3 → flow:7612b6de3fd1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f81fa7919a8c03a8:PCAP:capture_20260430090001:065659c7d314	SESSION-f81fa7919a8c03a8 → PCAP:capture_20260430090001:065659c7d314
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-f39fdcb76f4b9f9d:BSG-BEACON-f61798c9324d	SESSION-f39fdcb76f4b9f9d → BSG-BEACON-f61798c9324d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e331ebe372f514c8:host:172.234.197.23	SESSION-e331ebe372f514c8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:41921b7b3887:port:tcp:443	flow:41921b7b3887 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:a317296f8a35	flow:a317296f8a35 → host:131.196.29.23 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ea69d35daebb9b8:host:172.234.197.23	SESSION-9ea69d35daebb9b8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e77bd841354043c4:host:172.234.197.23	SESSION-e77bd841354043c4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2ed4131e5585f31:host:172.234.197.23	SESSION-d2ed4131e5585f31 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-727af4ad5af6cc01:host:54.91.240.230	SESSION-727af4ad5af6cc01 → host:54.91.240.230
FLOW_FROM_HOSTOBS	e:from:SESSION-7375b1770c27cca2:host:177.10.235.254	SESSION-7375b1770c27cca2 → host:177.10.235.254
FLOW_DST_PORTOBS	e:fp:flow:acc81007f3bf:port:tcp:443	flow:acc81007f3bf → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7f9687dfabd8cdb:host:172.234.197.23	SESSION-e7f9687dfabd8cdb → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:62cdb0ac1510:port:tcp:27032	flow:62cdb0ac1510 → port:tcp:27032
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-609fd31f908d95c5:host:177.10.239.55	SESSION-609fd31f908d95c5 → host:177.10.239.55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c774247ce2f7d3db:SESSION-c774247ce2f7d3db	SESSION-c774247ce2f7d3db → pe:tls:SESSION-c774247ce2f7d3db
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.137:geo_-23.62930_-46.63510	host:131.196.28.137 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-cac7b08c7fb71f18:host:172.234.197.23	SESSION-cac7b08c7fb71f18 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:da7acd6d5ce1	flow:da7acd6d5ce1 → host:172.234.197.23 → host:45.173.156.116 → port:tcp:15372
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.158:geo_-23.62930_-46.63510	host:131.196.29.158 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:0bc751025b72:port:tcp:443	flow:0bc751025b72 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-760c61036eedf2e4:host:177.10.239.9	SESSION-760c61036eedf2e4 → host:177.10.239.9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cd4086b575d9a1c0:PCAP:capture_20260430110001:43611bdf6759	SESSION-cd4086b575d9a1c0 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-a16442ff0a72733c:host:172.234.197.23	SESSION-a16442ff0a72733c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-171cec02c0effee6:host:172.234.197.23:host:177.10.233.255	SESSION-171cec02c0effee6 → host:172.234.197.23 → host:177.10.233.255
flow_observed4-aryOBS	e:fo:flow:3e0a57fa3cfd	flow:3e0a57fa3cfd → host:172.234.197.23 → host:45.173.156.51 → port:tcp:23851
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.5:geo_-23.62930_-46.63510	host:131.196.28.5 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-27d66e2c1260cc5f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-27d66e2c1260cc5f → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-140ad048b49f1a57:SESSION-140ad048b49f1a57	SESSION-140ad048b49f1a57 → pe:tls:SESSION-140ad048b49f1a57
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dc755b03d1f3f489:host:172.234.197.23	SESSION-dc755b03d1f3f489 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b308d2f7d4fdfaa:host:177.10.237.190:host:172.234.197.23	SESSION-7b308d2f7d4fdfaa → host:177.10.237.190 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e4ca9ed534f9	flow:e4ca9ed534f9 → host:172.234.197.23 → host:131.196.28.207 → port:tcp:61506
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-352a47a3f8b3882e:host:177.10.237.60	SESSION-352a47a3f8b3882e → host:177.10.237.60
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8f41d49423a0699:flow:4d5be3acf017	SESSION-c8f41d49423a0699 → flow:4d5be3acf017
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-35dd0088a1238ab9:SESSION-35dd0088a1238ab9	SESSION-35dd0088a1238ab9 → pe:syn:SESSION-35dd0088a1238ab9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57ceaaaea8de5082:host:131.196.28.246	SESSION-57ceaaaea8de5082 → host:131.196.28.246
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-3854a3544c69d398:SESSION-3854a3544c69d398	SESSION-3854a3544c69d398 → pe:dns:SESSION-3854a3544c69d398
flow_observed5-aryOBS	e:fo:flow:64b15b4effe4	flow:64b15b4effe4 → host:45.173.156.144 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-12096b18b6e78b60:host:172.234.197.23	SESSION-12096b18b6e78b60 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a9d7ef6e96dbb9c5:host:103.230.240.59:host:172.234.197.23	SESSION-a9d7ef6e96dbb9c5 → host:103.230.240.59 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a79875656e67c68:flow:c0819e2dfaa1	SESSION-0a79875656e67c68 → flow:c0819e2dfaa1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d384de4bfeb31c0:host:131.196.29.16:host:172.234.197.23	SESSION-1d384de4bfeb31c0 → host:131.196.29.16 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-352588f71ded414b:flow:bfe10a3879ef	SESSION-352588f71ded414b → flow:bfe10a3879ef
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.129:geo_-23.62930_-46.63510	host:131.196.28.129 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7845496c0c03c20:flow:e2f110beb46b	SESSION-b7845496c0c03c20 → flow:e2f110beb46b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dda196b654200873:host:131.196.30.98	SESSION-dda196b654200873 → host:131.196.30.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d4dc0a9d4d6e7897:SESSION-d4dc0a9d4d6e7897	SESSION-d4dc0a9d4d6e7897 → pe:tls:SESSION-d4dc0a9d4d6e7897
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e00ced36c846b73a:SESSION-e00ced36c846b73a	SESSION-e00ced36c846b73a → pe:tls:SESSION-e00ced36c846b73a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a6ca8d988675ead3:flow:8eef620e7e16	SESSION-a6ca8d988675ead3 → flow:8eef620e7e16
FLOW_TO_HOSTOBS	e:to:SESSION-0afc12079a05a1b1:host:172.234.197.23	SESSION-0afc12079a05a1b1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6ab36c178e57	flow:6ab36c178e57 → host:177.10.234.40 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e182e837f26eb64a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e182e837f26eb64a → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bca14afee5df98e9:PCAP:capture_20260430150001:ded20914761d	SESSION-bca14afee5df98e9 → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.157:geo_-16.28860_-49.01640	host:177.10.237.157 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:5.182.209.49:geo_52.37590_4.89750	host:5.182.209.49 → geo_52.37590_4.89750
FLOW_DST_PORTOBS	e:fp:flow:63a1e418478c:port:tcp:443	flow:63a1e418478c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-896e151c898991bb:host:177.10.239.102	SESSION-896e151c898991bb → host:177.10.239.102
FLOW_FROM_HOSTOBS	e:from:SESSION-d27008d937f2d8be:host:177.10.234.142	SESSION-d27008d937f2d8be → host:177.10.234.142
FLOW_TO_HOSTOBS	e:to:SESSION-3ea2e2a37f857a7f:host:177.10.239.35	SESSION-3ea2e2a37f857a7f → host:177.10.239.35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-10d6a2736c7d59d6:SESSION-10d6a2736c7d59d6	SESSION-10d6a2736c7d59d6 → pe:syn:SESSION-10d6a2736c7d59d6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8c058dbfcf0ab82c:host:172.234.197.23:host:177.10.235.78	SESSION-8c058dbfcf0ab82c → host:172.234.197.23 → host:177.10.235.78
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3baedacad496627d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3baedacad496627d → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:7fec8489c584:port:tcp:443	flow:7fec8489c584 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ed473d20582b9e99:SESSION-ed473d20582b9e99	SESSION-ed473d20582b9e99 → pe:tls:SESSION-ed473d20582b9e99
flow_observed5-aryOBS	e:fo:flow:3d555bea47e9	flow:3d555bea47e9 → host:45.173.156.47 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fc301fc8fa5220df:flow:02bc2d91641b	SESSION-fc301fc8fa5220df → flow:02bc2d91641b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fbee5c60d72abd4e:SESSION-fbee5c60d72abd4e	SESSION-fbee5c60d72abd4e → pe:tls:SESSION-fbee5c60d72abd4e
FLOW_TO_HOSTOBS	e:to:SESSION-c393069a667f4e79:host:172.234.197.23	SESSION-c393069a667f4e79 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-58f4b45cf908ad77:host:172.234.197.23	SESSION-58f4b45cf908ad77 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db946f3602afd068:SESSION-db946f3602afd068	SESSION-db946f3602afd068 → pe:tls:SESSION-db946f3602afd068
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ee12e96d458a4e4:host:172.234.197.23	SESSION-1ee12e96d458a4e4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01744e272bba469d:host:172.234.197.23	SESSION-01744e272bba469d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c058dbfcf0ab82c:host:172.234.197.23	SESSION-8c058dbfcf0ab82c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17e71ce1458770d6:host:131.196.28.97	SESSION-17e71ce1458770d6 → host:131.196.28.97
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b2c924632948936b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b2c924632948936b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49828b0c1667648d:host:172.234.197.23	SESSION-49828b0c1667648d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2b22278734db	flow:2b22278734db → host:131.196.28.147 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7205a781bd8c8542:flow:58187d298757	SESSION-7205a781bd8c8542 → flow:58187d298757
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9db977289667177f:host:172.234.197.23	SESSION-9db977289667177f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-710b55a9f3a0edd9:flow:6052a0ac6134	SESSION-710b55a9f3a0edd9 → flow:6052a0ac6134
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97d8ab6142f53424:host:177.10.233.8	SESSION-97d8ab6142f53424 → host:177.10.233.8
FLOW_DST_PORTOBS	e:fp:flow:d54c0bb96a93:port:tcp:18478	flow:d54c0bb96a93 → port:tcp:18478
FLOW_TO_HOSTOBS	e:to:SESSION-f21759fa00584782:host:172.234.197.23	SESSION-f21759fa00584782 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ad6356c5bafa36b:host:172.234.197.23	SESSION-7ad6356c5bafa36b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-06a6b67473c48ddd:flow:06b8e713de3e	SESSION-06a6b67473c48ddd → flow:06b8e713de3e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa0d5d025ae2ba4d:host:177.10.233.116	SESSION-aa0d5d025ae2ba4d → host:177.10.233.116
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.27:geo_-16.28860_-49.01640	host:177.10.236.27 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.127:geo_-16.28860_-49.01640	host:177.10.238.127 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5ddc9130fa518dc:SESSION-b5ddc9130fa518dc	SESSION-b5ddc9130fa518dc → pe:syn:SESSION-b5ddc9130fa518dc
flow_observed4-aryOBS	e:fo:flow:ad7d3e5bff7d	flow:ad7d3e5bff7d → host:172.234.197.23 → host:177.10.238.82 → port:tcp:34257
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-df1edf3c82c78294:PCAP:capture_20260430090001:065659c7d314	SESSION-df1edf3c82c78294 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-191c84cbdd981857:host:131.196.31.2	SESSION-191c84cbdd981857 → host:131.196.31.2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6d027087dbd516e:host:177.10.236.154	SESSION-b6d027087dbd516e → host:177.10.236.154
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e38f46dc000b6625:host:172.234.197.23	SESSION-e38f46dc000b6625 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d02dda6f047e:port:tcp:443	flow:d02dda6f047e → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-30ae225adc0bd1e0:host:172.234.197.23	SESSION-30ae225adc0bd1e0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33db7a85fa9e759a:host:131.196.31.237	SESSION-33db7a85fa9e759a → host:131.196.31.237
FLOW_DST_PORTOBS	e:fp:flow:9bc6cdf932a6:port:tcp:22	flow:9bc6cdf932a6 → port:tcp:22
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.90:geo_-23.62930_-46.63510	host:131.196.30.90 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c6f6eb6f56b12c37:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c6f6eb6f56b12c37 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dddaf831f2a46242:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-dddaf831f2a46242 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-10017e021bbc0f25:SESSION-10017e021bbc0f25	SESSION-10017e021bbc0f25 → pe:tls:SESSION-10017e021bbc0f25
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4799248f1ba6e544:PCAP:capture_20260430080001:93f47cc296a4	SESSION-4799248f1ba6e544 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:70693ccf5e74:port:tcp:443	flow:70693ccf5e74 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-a8441f04433657ee:host:131.196.31.85	SESSION-a8441f04433657ee → host:131.196.31.85
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c6936c129ef58e74:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c6936c129ef58e74 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f99e1376da42693:host:131.196.30.233	SESSION-6f99e1376da42693 → host:131.196.30.233
FLOW_DST_PORTOBS	e:fp:flow:cb536611ed62:port:tcp:49438	flow:cb536611ed62 → port:tcp:49438
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb7b2ae66396fc75:SESSION-cb7b2ae66396fc75	SESSION-cb7b2ae66396fc75 → pe:syn:SESSION-cb7b2ae66396fc75
FLOW_TO_HOSTOBS	e:to:SESSION-6bd47d8fd21ead6d:host:172.234.197.23	SESSION-6bd47d8fd21ead6d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.94:asn:271410	host:131.196.28.94 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.216:asn:271410	host:131.196.28.216 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-367a6218c741fe93:host:172.234.197.23	SESSION-367a6218c741fe93 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fa08911a1f564da4:SESSION-fa08911a1f564da4	SESSION-fa08911a1f564da4 → pe:tls:SESSION-fa08911a1f564da4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cf1b38a91c361f4b:SESSION-cf1b38a91c361f4b	SESSION-cf1b38a91c361f4b → pe:tls:SESSION-cf1b38a91c361f4b
flow_observed4-aryOBS	e:fo:flow:e969f32074de	flow:e969f32074de → host:172.234.197.23 → host:177.10.238.122 → port:tcp:13510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37a58b55d4a339c3:host:172.234.197.23:host:172.232.0.16	SESSION-37a58b55d4a339c3 → host:172.234.197.23 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2bf5c26caf57dc4e:host:172.234.197.23	SESSION-2bf5c26caf57dc4e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a4d5024da31b:port:tcp:28144	flow:a4d5024da31b → port:tcp:28144
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3988a9d0230ebd4d:host:131.196.29.93	SESSION-3988a9d0230ebd4d → host:131.196.29.93
flow_observed5-aryOBS	e:fo:flow:c341b53c6c5d	flow:c341b53c6c5d → host:95.170.25.245 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d42f41260fbe7c09:host:172.234.197.23:host:177.10.234.37	SESSION-d42f41260fbe7c09 → host:172.234.197.23 → host:177.10.234.37
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8e0f3c8a35641f7b:host:172.234.197.23:host:177.10.237.57	SESSION-8e0f3c8a35641f7b → host:172.234.197.23 → host:177.10.237.57
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.250:asn:262880	host:177.10.235.250 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-7d87083f9dd8844d:host:177.10.233.70	SESSION-7d87083f9dd8844d → host:177.10.233.70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77661c4fb07edf10:host:172.234.197.23	SESSION-77661c4fb07edf10 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31e4a260829c636e:host:172.234.197.23	SESSION-31e4a260829c636e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9c4a3ef3072acfd2:host:177.10.234.199	SESSION-9c4a3ef3072acfd2 → host:177.10.234.199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-354c21b56902e892:host:172.234.197.23	SESSION-354c21b56902e892 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-66033cfbc7dd0c2c:host:172.234.197.23	SESSION-66033cfbc7dd0c2c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f16f611b98ecbfd:host:172.234.197.23	SESSION-8f16f611b98ecbfd → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c6498c0f7263	flow:c6498c0f7263 → host:177.10.235.130 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-de1a59c6958513ff:host:177.10.238.181	SESSION-de1a59c6958513ff → host:177.10.238.181
FLOW_FROM_HOSTOBS	e:from:SESSION-9eda278d49363b57:host:131.196.28.187	SESSION-9eda278d49363b57 → host:131.196.28.187
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-500747aefaa736d2:host:177.10.238.177	SESSION-500747aefaa736d2 → host:177.10.238.177
FLOW_DST_PORTOBS	e:fp:flow:af7d2ecd3525:port:tcp:443	flow:af7d2ecd3525 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:62cee32573c2	flow:62cee32573c2 → host:92.112.71.232 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-b0cba2347786f28d:host:172.234.197.23	SESSION-b0cba2347786f28d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:bc2e7a97da0d	flow:bc2e7a97da0d → host:177.10.238.173 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-2c24cbdb3e7b273c:host:92.112.71.199	SESSION-2c24cbdb3e7b273c → host:92.112.71.199
FLOW_DST_PORTOBS	e:fp:flow:73e988299d2f:port:tcp:443	flow:73e988299d2f → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7f9687dfabd8cdb:host:45.173.156.221	SESSION-e7f9687dfabd8cdb → host:45.173.156.221
flow_observed5-aryOBS	e:fo:flow:7ed75b9e1d66	flow:7ed75b9e1d66 → host:103.230.240.59 → host:172.234.197.23 → port:tcp:22 → svc:ssh
FLOW_TO_HOSTOBS	e:to:SESSION-78704dd999ae95fc:host:172.234.197.23	SESSION-78704dd999ae95fc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ec928f375ba591f1:SESSION-ec928f375ba591f1	SESSION-ec928f375ba591f1 → pe:tls:SESSION-ec928f375ba591f1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a77e99309dd6e28:host:177.10.235.14	SESSION-8a77e99309dd6e28 → host:177.10.235.14
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5133340de07cf838:host:131.196.30.226	SESSION-5133340de07cf838 → host:131.196.30.226
flow_observed5-aryOBS	e:fo:flow:1652bba9052d	flow:1652bba9052d → host:131.196.28.151 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3e2d293cdcc6efc8:SESSION-3e2d293cdcc6efc8	SESSION-3e2d293cdcc6efc8 → pe:syn:SESSION-3e2d293cdcc6efc8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d5407005cb310ce8:SESSION-d5407005cb310ce8	SESSION-d5407005cb310ce8 → pe:syn:SESSION-d5407005cb310ce8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-deb97792675d8a5d:host:172.234.197.23	SESSION-deb97792675d8a5d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-59417938792198bf:SESSION-59417938792198bf	SESSION-59417938792198bf → pe:syn:SESSION-59417938792198bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-efb89dcd313d4029:SESSION-efb89dcd313d4029	SESSION-efb89dcd313d4029 → pe:tls:SESSION-efb89dcd313d4029
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ac3b19d6233e6f7:SESSION-2ac3b19d6233e6f7	SESSION-2ac3b19d6233e6f7 → pe:tls:SESSION-2ac3b19d6233e6f7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17a3924886eb315f:host:131.196.31.47	SESSION-17a3924886eb315f → host:131.196.31.47
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79574872517ba47f:host:177.10.234.56	SESSION-79574872517ba47f → host:177.10.234.56
FLOW_FROM_HOSTOBS	e:from:SESSION-d55d0fcf91e9ec79:host:177.10.237.192	SESSION-d55d0fcf91e9ec79 → host:177.10.237.192
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-baf6029a4a920bc4:flow:f2d543abeb28	SESSION-baf6029a4a920bc4 → flow:f2d543abeb28
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf9713fb7209fcf9:SESSION-bf9713fb7209fcf9	SESSION-bf9713fb7209fcf9 → pe:syn:SESSION-bf9713fb7209fcf9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-94594005437ae120:SESSION-94594005437ae120	SESSION-94594005437ae120 → pe:tls:SESSION-94594005437ae120
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.229:geo_-21.10010_-41.69200	host:45.173.156.229 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-46b3e65e40562e00:SESSION-46b3e65e40562e00	SESSION-46b3e65e40562e00 → pe:syn:SESSION-46b3e65e40562e00
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3c6f10f20f24d7ff:flow:a37420066607	SESSION-3c6f10f20f24d7ff → flow:a37420066607
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7301756ca24c49ab:SESSION-7301756ca24c49ab	SESSION-7301756ca24c49ab → pe:tls:SESSION-7301756ca24c49ab
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb29ab40cdae1c01:SESSION-cb29ab40cdae1c01	SESSION-cb29ab40cdae1c01 → pe:syn:SESSION-cb29ab40cdae1c01
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b9d11ee49864a2bc:flow:9cb459810b54	SESSION-b9d11ee49864a2bc → flow:9cb459810b54
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-7eeea37688fc574d:BSG-BEACON-135373721785	SESSION-7eeea37688fc574d → BSG-BEACON-135373721785
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-78b89cf411e3ebb4:SESSION-78b89cf411e3ebb4	SESSION-78b89cf411e3ebb4 → pe:syn:SESSION-78b89cf411e3ebb4
flow_observed3-aryOBS	e:fo:flow:e7be3acac213	flow:e7be3acac213 → host:8.213.192.144 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aaa8cebb6aaa8760:host:177.10.237.27:host:172.234.197.23	SESSION-aaa8cebb6aaa8760 → host:177.10.237.27 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c344393f012a:port:tcp:49563	flow:c344393f012a → port:tcp:49563
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2b1032a47414de8d:flow:23feae6e895f	SESSION-2b1032a47414de8d → flow:23feae6e895f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-20c169d44973b1e9:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-20c169d44973b1e9 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b2c924632948936b:host:172.234.197.23:host:131.196.31.26	SESSION-b2c924632948936b → host:172.234.197.23 → host:131.196.31.26
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-21bd08fb36aa18e9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-21bd08fb36aa18e9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eeeeaab9fc572806:host:172.234.197.23	SESSION-eeeeaab9fc572806 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b074fbdb748702cc:host:177.10.235.195:host:172.234.197.23	SESSION-b074fbdb748702cc → host:177.10.235.195 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47ac7feaf227c129:host:172.232.0.17	SESSION-47ac7feaf227c129 → host:172.232.0.17
flow_observed4-aryOBS	e:fo:flow:d8f7523d5853	flow:d8f7523d5853 → host:172.234.197.23 → host:177.10.239.0 → port:tcp:25067
flow_observed5-aryOBS	e:fo:flow:8c47c9c0c965	flow:8c47c9c0c965 → host:177.10.234.193 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc57d45d1a1b2f7b:host:177.10.239.234	SESSION-bc57d45d1a1b2f7b → host:177.10.239.234
FLOW_TO_HOSTOBS	e:to:SESSION-9a466e26c77a91e3:host:177.10.239.196	SESSION-9a466e26c77a91e3 → host:177.10.239.196
flow_observed4-aryOBS	e:fo:flow:43c799553914	flow:43c799553914 → host:172.234.197.23 → host:177.10.235.118 → port:tcp:38705
FLOW_DST_PORTOBS	e:fp:flow:d71b1c3263a1:port:tcp:443	flow:d71b1c3263a1 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-67f971eb3e92b8d2:SESSION-67f971eb3e92b8d2	SESSION-67f971eb3e92b8d2 → pe:syn:SESSION-67f971eb3e92b8d2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cac7290643404699:host:103.230.240.59	SESSION-cac7290643404699 → host:103.230.240.59
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.118:asn:271410	host:131.196.28.118 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.169:asn:203771	host:45.145.152.169 → asn:203771
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8631759e2d7ec30:flow:ef449155f969	SESSION-c8631759e2d7ec30 → flow:ef449155f969
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9d9ed6ae798457b7:flow:062bcc0009d4	SESSION-9d9ed6ae798457b7 → flow:062bcc0009d4
FLOW_FROM_HOSTOBS	e:from:SESSION-4cb8ade3138db412:host:131.196.30.45	SESSION-4cb8ade3138db412 → host:131.196.30.45
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27da8f08a1512941:host:172.234.197.23	SESSION-27da8f08a1512941 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-95152bde385a2e89:SESSION-95152bde385a2e89	SESSION-95152bde385a2e89 → pe:tls:SESSION-95152bde385a2e89
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9a466e26c77a91e3:host:172.234.197.23:host:177.10.239.196	SESSION-9a466e26c77a91e3 → host:172.234.197.23 → host:177.10.239.196
FLOW_DST_PORTOBS	e:fp:flow:499e2ccaea75:port:tcp:60153	flow:499e2ccaea75 → port:tcp:60153
FLOW_DST_PORTOBS	e:fp:flow:89676a843719:port:tcp:443	flow:89676a843719 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1898da4930ba04f2:flow:78895a78917c	SESSION-1898da4930ba04f2 → flow:78895a78917c
FLOW_DST_PORTOBS	e:fp:flow:36f6bcbb2a92:port:tcp:443	flow:36f6bcbb2a92 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-92f84fab5bd8e0c8:host:177.10.238.235	SESSION-92f84fab5bd8e0c8 → host:177.10.238.235
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ca10b4490797e89:SESSION-8ca10b4490797e89	SESSION-8ca10b4490797e89 → pe:tls:SESSION-8ca10b4490797e89
flow_observed5-aryOBS	e:fo:flow:099252cb5d04	flow:099252cb5d04 → host:177.10.236.247 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae94ea8b15b44736:host:172.234.197.23	SESSION-ae94ea8b15b44736 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1933fbedf850967f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1933fbedf850967f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:441c2d4dbbd9	flow:441c2d4dbbd9 → host:177.10.237.73 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-f0d0c8f73043707f:host:177.10.232.176	SESSION-f0d0c8f73043707f → host:177.10.232.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11142ad74b2052de:host:172.234.197.23	SESSION-11142ad74b2052de → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-020ce81cb9d50ce5:host:172.234.197.23	SESSION-020ce81cb9d50ce5 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8fb17d6554827f30:host:172.234.197.23	SESSION-8fb17d6554827f30 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc2cf38876d5e15c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-cc2cf38876d5e15c → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-86e3f0fd63ed2ea3:SESSION-86e3f0fd63ed2ea3	SESSION-86e3f0fd63ed2ea3 → pe:syn:SESSION-86e3f0fd63ed2ea3
FLOW_TLS_SNIOBS	e:fs:flow:121dc1e70533:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:121dc1e70533 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-23fc04533211debf:host:172.234.197.23	SESSION-23fc04533211debf → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f0835af6109bb7c1:PCAP:capture_20260430150001:ded20914761d	SESSION-f0835af6109bb7c1 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef7fe2bb78158297:host:177.10.239.185	SESSION-ef7fe2bb78158297 → host:177.10.239.185
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e182e837f26eb64a:host:177.10.232.160	SESSION-e182e837f26eb64a → host:177.10.232.160
FLOW_DST_PORTOBS	e:fp:flow:5139d2cd5544:port:tcp:443	flow:5139d2cd5544 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9072e99a39ab8173:SESSION-9072e99a39ab8173	SESSION-9072e99a39ab8173 → pe:syn:SESSION-9072e99a39ab8173
flow_observed5-aryOBS	e:fo:flow:ecd35dc16e75	flow:ecd35dc16e75 → host:131.196.28.35 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-161fb053b15bb516:host:177.10.236.165:host:172.234.197.23	SESSION-161fb053b15bb516 → host:177.10.236.165 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7f4f84053ddcae3c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-7f4f84053ddcae3c → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-017fcd2c03e3a5c1:host:172.234.197.23:host:131.196.28.89	SESSION-017fcd2c03e3a5c1 → host:172.234.197.23 → host:131.196.28.89
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c58c12f678d65836:host:177.10.235.211:host:172.234.197.23	SESSION-c58c12f678d65836 → host:177.10.235.211 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-35fcdb0ef59afc26:host:172.234.197.23:host:177.10.234.143	SESSION-35fcdb0ef59afc26 → host:172.234.197.23 → host:177.10.234.143
FLOW_TO_HOSTOBS	e:to:SESSION-609fd31f908d95c5:host:172.234.197.23	SESSION-609fd31f908d95c5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a176047016eec520:host:172.234.197.23:host:177.10.235.127	SESSION-a176047016eec520 → host:172.234.197.23 → host:177.10.235.127
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1842fb1b2a9a6572:SESSION-1842fb1b2a9a6572	SESSION-1842fb1b2a9a6572 → pe:tls:SESSION-1842fb1b2a9a6572
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23e0f212525e0a86:host:177.10.232.122	SESSION-23e0f212525e0a86 → host:177.10.232.122
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d6c92d9b97cea9da:PCAP:capture_20260430150001:ded20914761d	SESSION-d6c92d9b97cea9da → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc0f694a62c9abc8:SESSION-cc0f694a62c9abc8	SESSION-cc0f694a62c9abc8 → pe:syn:SESSION-cc0f694a62c9abc8
FLOW_FROM_HOSTOBS	e:from:SESSION-6cdad751a34344e1:host:177.10.236.27	SESSION-6cdad751a34344e1 → host:177.10.236.27
flow_observed4-aryOBS	e:fo:flow:fd218fb5fdef	flow:fd218fb5fdef → host:172.234.197.23 → host:131.196.30.194 → port:tcp:20021
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fc5634306e23209a:host:45.173.156.240:host:172.234.197.23	SESSION-fc5634306e23209a → host:45.173.156.240 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fad6b9be10f7d404:host:51.75.171.21	SESSION-fad6b9be10f7d404 → host:51.75.171.21
FLOW_TO_HOSTOBS	e:to:SESSION-3ea63b0a223461f6:host:131.196.29.41	SESSION-3ea63b0a223461f6 → host:131.196.29.41
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96f33e27040b9bc9:SESSION-96f33e27040b9bc9	SESSION-96f33e27040b9bc9 → pe:tls:SESSION-96f33e27040b9bc9
FLOW_DST_PORTOBS	e:fp:flow:c702f410ff47:port:tcp:443	flow:c702f410ff47 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-106d77d887836a65:host:177.10.234.74:host:172.234.197.23	SESSION-106d77d887836a65 → host:177.10.234.74 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8247aea4532236dc:SESSION-8247aea4532236dc	SESSION-8247aea4532236dc → pe:tls:SESSION-8247aea4532236dc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9de9d154fbb04a83:SESSION-9de9d154fbb04a83	SESSION-9de9d154fbb04a83 → pe:syn:SESSION-9de9d154fbb04a83
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e703980a48f1e09:host:177.10.234.107	SESSION-4e703980a48f1e09 → host:177.10.234.107
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.92:geo_-16.28860_-49.01640	host:177.10.239.92 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76cae08532c4b8eb:host:177.10.238.71	SESSION-76cae08532c4b8eb → host:177.10.238.71
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9b0c47b1e862acc1:SESSION-9b0c47b1e862acc1	SESSION-9b0c47b1e862acc1 → pe:syn:SESSION-9b0c47b1e862acc1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-07dfdeddccca16ee:flow:13bb72a1cd69	SESSION-07dfdeddccca16ee → flow:13bb72a1cd69
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-699c907c7ac66403:host:131.196.30.137:host:172.234.197.23	SESSION-699c907c7ac66403 → host:131.196.30.137 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3831f1a5ed6fd2c0:flow:74dcb9f76d20	SESSION-3831f1a5ed6fd2c0 → flow:74dcb9f76d20
FLOW_FROM_HOSTOBS	e:from:SESSION-57096089299b193e:host:131.196.30.104	SESSION-57096089299b193e → host:131.196.30.104
flow_observed5-aryOBS	e:fo:flow:524cb7cd132b	flow:524cb7cd132b → host:177.10.236.157 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-78b6e298ccb2dbce:SESSION-78b6e298ccb2dbce	SESSION-78b6e298ccb2dbce → pe:syn:SESSION-78b6e298ccb2dbce
FLOW_FROM_HOSTOBS	e:from:SESSION-4939a9166796718f:host:172.234.197.23	SESSION-4939a9166796718f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b6dd65fa073f3265:SESSION-b6dd65fa073f3265	SESSION-b6dd65fa073f3265 → pe:syn:SESSION-b6dd65fa073f3265
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-89ddb9a3043f63a3:host:177.10.234.120:host:172.234.197.23	SESSION-89ddb9a3043f63a3 → host:177.10.234.120 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-27b5dd82e2b65bbd:flow:855d52d5b16c	SESSION-27b5dd82e2b65bbd → flow:855d52d5b16c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-24f08652bbd6b16b:SESSION-24f08652bbd6b16b	SESSION-24f08652bbd6b16b → pe:tls:SESSION-24f08652bbd6b16b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b236f75d1c6493bc:host:177.10.232.251	SESSION-b236f75d1c6493bc → host:177.10.232.251
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.58:geo_-23.62930_-46.63510	host:131.196.30.58 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-650fd2b828a7b477:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-650fd2b828a7b477 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:deb8fc46e85e	flow:deb8fc46e85e → host:177.10.232.156 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b73c5a859c05f554:SESSION-b73c5a859c05f554	SESSION-b73c5a859c05f554 → pe:tls:SESSION-b73c5a859c05f554
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.111:asn:262880	host:177.10.234.111 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-95152bde385a2e89:host:172.234.197.23	SESSION-95152bde385a2e89 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-635c4a1226b6dd4e:host:172.234.197.23	SESSION-635c4a1226b6dd4e → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.183:asn:271410	host:131.196.31.183 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a98c5df3fe5e6d6:flow:67200c712926	SESSION-4a98c5df3fe5e6d6 → flow:67200c712926
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.126:geo_-16.28860_-49.01640	host:177.10.235.126 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-409db122b916fc83:host:172.234.197.23	SESSION-409db122b916fc83 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-122c3f68e4c2a7ca:SESSION-122c3f68e4c2a7ca	SESSION-122c3f68e4c2a7ca → pe:tls:SESSION-122c3f68e4c2a7ca
flow_observed5-aryOBS	e:fo:flow:9d3bfcd21805	flow:9d3bfcd21805 → host:17.22.253.177 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0da58b5e3634dda2:host:172.234.197.23	SESSION-0da58b5e3634dda2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3fd9b76b5230e873:host:172.234.197.23	SESSION-3fd9b76b5230e873 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf1877ae18abdd85:SESSION-bf1877ae18abdd85	SESSION-bf1877ae18abdd85 → pe:syn:SESSION-bf1877ae18abdd85
FLOW_TO_HOSTOBS	e:to:SESSION-4af5e0493e3bd78c:host:172.234.197.23	SESSION-4af5e0493e3bd78c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b5e7695ca2cac12f:host:131.196.29.0	SESSION-b5e7695ca2cac12f → host:131.196.29.0
FLOW_DST_PORTOBS	e:fp:flow:04128c2b4605:port:tcp:2070	flow:04128c2b4605 → port:tcp:2070
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1e028dd5dd71b411:PCAP:capture_20260430110001:43611bdf6759	SESSION-1e028dd5dd71b411 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4dc16adec194cf9c:SESSION-4dc16adec194cf9c	SESSION-4dc16adec194cf9c → pe:syn:SESSION-4dc16adec194cf9c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.84:geo_-16.28860_-49.01640	host:177.10.237.84 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c652a29a62d722ea:SESSION-c652a29a62d722ea	SESSION-c652a29a62d722ea → pe:rst:SESSION-c652a29a62d722ea
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7a8bea4194d810df:flow:bd6fe49aac03	SESSION-7a8bea4194d810df → flow:bd6fe49aac03
FLOW_TO_HOSTOBS	e:to:SESSION-c59147b81bc92a14:host:172.234.197.23	SESSION-c59147b81bc92a14 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.153:asn:262880	host:177.10.233.153 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.91:geo_-16.28860_-49.01640	host:177.10.236.91 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.55:geo_-23.62930_-46.63510	host:131.196.29.55 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:9a41357d15f4:port:tcp:443	flow:9a41357d15f4 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-91196c5d66e04f5c:host:177.10.237.236	SESSION-91196c5d66e04f5c → host:177.10.237.236
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d5ac91adedbe1ec7:host:172.234.197.23:host:131.196.29.215	SESSION-d5ac91adedbe1ec7 → host:172.234.197.23 → host:131.196.29.215
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.66:asn:273470	host:45.173.156.66 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9cd8abbfdfb95d18:host:131.196.29.103	SESSION-9cd8abbfdfb95d18 → host:131.196.29.103
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-342ba7535c6572a7:host:172.234.197.23:host:177.10.237.169	SESSION-342ba7535c6572a7 → host:172.234.197.23 → host:177.10.237.169
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4baa6f7cc0122cad:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-4baa6f7cc0122cad → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fad6b9be10f7d404:SESSION-fad6b9be10f7d404	SESSION-fad6b9be10f7d404 → pe:tls:SESSION-fad6b9be10f7d404
flow_observed4-aryOBS	e:fo:flow:94e629f23174	flow:94e629f23174 → host:172.234.197.23 → host:177.10.239.227 → port:tcp:62194
FLOW_TO_HOSTOBS	e:to:SESSION-99cedbc5d14c9ef2:host:172.234.197.23	SESSION-99cedbc5d14c9ef2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d87ad0ffb58b923c:host:172.234.197.23	SESSION-d87ad0ffb58b923c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a98ae7d95e9a62c0:SESSION-a98ae7d95e9a62c0	SESSION-a98ae7d95e9a62c0 → pe:tls:SESSION-a98ae7d95e9a62c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed8e90a0efd647ab:host:177.10.239.242	SESSION-ed8e90a0efd647ab → host:177.10.239.242
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e3b214bdb989f663:host:177.10.235.196:host:172.234.197.23	SESSION-e3b214bdb989f663 → host:177.10.235.196 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dd05928698dec5c4:PCAP:capture_20260430160001:9bfa4498506a	SESSION-dd05928698dec5c4 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:f4d24769a7f6	flow:f4d24769a7f6 → host:131.196.30.132 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd6ef4118ff649ff:host:172.234.197.23	SESSION-fd6ef4118ff649ff → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ae2c237b5906e067:PCAP:capture_20260430110001:43611bdf6759	SESSION-ae2c237b5906e067 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:d0307c9199dc	flow:d0307c9199dc → host:177.10.237.113 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-e626c78b08de0a8b:host:177.10.232.2	SESSION-e626c78b08de0a8b → host:177.10.232.2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0e6800c9c0f40710:PCAP:capture_20260430130001:4249c4e0a4c4	SESSION-0e6800c9c0f40710 → PCAP:capture_20260430130001:4249c4e0a4c4
FLOW_TO_HOSTOBS	e:to:SESSION-98c12e77f111e64e:host:172.234.197.23	SESSION-98c12e77f111e64e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ffb0d51cd8f7dd7:SESSION-8ffb0d51cd8f7dd7	SESSION-8ffb0d51cd8f7dd7 → pe:tls:SESSION-8ffb0d51cd8f7dd7
flow_observed4-aryOBS	e:fo:flow:66f91fbbd552	flow:66f91fbbd552 → host:172.234.197.23 → host:177.10.236.31 → port:tcp:10434
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b81fa97d99ce77b6:flow:8da860531fda	SESSION-b81fa97d99ce77b6 → flow:8da860531fda
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6da898acb6c07034:SESSION-6da898acb6c07034	SESSION-6da898acb6c07034 → pe:syn:SESSION-6da898acb6c07034
FLOW_FROM_HOSTOBS	e:from:SESSION-9c64ea68345b811b:host:172.234.197.23	SESSION-9c64ea68345b811b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9d0c24f0912a7520:PCAP:capture_20260430160001:9bfa4498506a	SESSION-9d0c24f0912a7520 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0bf5b48d5bcb9503:SESSION-0bf5b48d5bcb9503	SESSION-0bf5b48d5bcb9503 → pe:tls:SESSION-0bf5b48d5bcb9503
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a759d297db5368da:SESSION-a759d297db5368da	SESSION-a759d297db5368da → pe:tls:SESSION-a759d297db5368da
flow_observed5-aryOBS	e:fo:flow:062bcc0009d4	flow:062bcc0009d4 → host:177.10.236.239 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.24:geo_-23.62930_-46.63510	host:131.196.30.24 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e9e9835a2b91f231:SESSION-e9e9835a2b91f231	SESSION-e9e9835a2b91f231 → pe:syn:SESSION-e9e9835a2b91f231
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e806a1e4171599f:host:131.196.31.130:host:172.234.197.23	SESSION-4e806a1e4171599f → host:131.196.31.130 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c430ce1d88348c67:flow:59800b6629fc	SESSION-c430ce1d88348c67 → flow:59800b6629fc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3baedacad496627d:host:177.10.239.176	SESSION-3baedacad496627d → host:177.10.239.176
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.162:asn:271410	host:131.196.30.162 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9c0ba3366d883914:flow:2961c6ce61bd	SESSION-9c0ba3366d883914 → flow:2961c6ce61bd
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.232:asn:262880	host:177.10.236.232 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:707d93617716:port:tcp:443	flow:707d93617716 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-2e3f5af343ed075a:host:172.234.197.23	SESSION-2e3f5af343ed075a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eca69a208ab39d5f:SESSION-eca69a208ab39d5f	SESSION-eca69a208ab39d5f → pe:tls:SESSION-eca69a208ab39d5f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44424f48705b3a9d:host:177.10.239.135	SESSION-44424f48705b3a9d → host:177.10.239.135
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bea10d62e606d6ea:host:45.173.156.231:host:172.234.197.23	SESSION-bea10d62e606d6ea → host:45.173.156.231 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ac3b19d6233e6f7:host:131.196.30.107	SESSION-2ac3b19d6233e6f7 → host:131.196.30.107
flow_observed5-aryOBS	e:fo:flow:6e499fdcb6ff	flow:6e499fdcb6ff → host:177.10.235.171 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f70b0605ff5c8685:host:131.196.31.146:host:172.234.197.23	SESSION-f70b0605ff5c8685 → host:131.196.31.146 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2161d2ba591330e1:SESSION-2161d2ba591330e1	SESSION-2161d2ba591330e1 → pe:tls:SESSION-2161d2ba591330e1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-72ea8a7fe39a298e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-72ea8a7fe39a298e → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6a9e4c3921500675:flow:115565aec817	SESSION-6a9e4c3921500675 → flow:115565aec817
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8de302c0e306721c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-8de302c0e306721c → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4fb4b7758d99e149:host:172.234.197.23	SESSION-4fb4b7758d99e149 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-c8b9d154eee5d788:BSG-BEACON-44d72b66ad6e	SESSION-c8b9d154eee5d788 → BSG-BEACON-44d72b66ad6e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.218:asn:262880	host:177.10.239.218 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-512816cd1ae61d60:host:172.234.197.23	SESSION-512816cd1ae61d60 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-63e564f28f734573:PCAP:capture_20260430160001:9bfa4498506a	SESSION-63e564f28f734573 → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.243:geo_-16.28860_-49.01640	host:177.10.237.243 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:a5ba946b42e4:port:tcp:443	flow:a5ba946b42e4 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:0f8216fdb548	flow:0f8216fdb548 → host:177.10.235.83 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.15:asn:262880	host:177.10.235.15 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.230:asn:271410	host:131.196.30.230 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-177c9265a29fe644:host:172.234.197.23	SESSION-177c9265a29fe644 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.249:asn:262880	host:177.10.232.249 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-cddd8421db4c97d9:host:172.234.197.23	SESSION-cddd8421db4c97d9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-112ed66aeea7c1e0:host:172.234.197.23:host:177.10.237.2	SESSION-112ed66aeea7c1e0 → host:172.234.197.23 → host:177.10.237.2
FLOW_FROM_HOSTOBS	e:from:SESSION-0684dbb2a7f8dcaf:host:177.10.236.182	SESSION-0684dbb2a7f8dcaf → host:177.10.236.182
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e41b633abf5898e8:flow:01b815de05a8	SESSION-e41b633abf5898e8 → flow:01b815de05a8
flow_observed5-aryOBS	e:fo:flow:e25cb7cb2181	flow:e25cb7cb2181 → host:104.28.157.111 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-22f2328c9f1b641e:SESSION-22f2328c9f1b641e	SESSION-22f2328c9f1b641e → pe:tls:SESSION-22f2328c9f1b641e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.94:geo_-23.62930_-46.63510	host:131.196.28.94 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:80e3cf1c3f31	flow:80e3cf1c3f31 → host:95.170.25.90 → host:172.234.197.23 → port:tcp:80 → svc:http
flow_observed5-aryOBS	e:fo:flow:ac271c0d298b	flow:ac271c0d298b → host:177.10.238.6 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:e5e33f836a64:port:tcp:443	flow:e5e33f836a64 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:5837ce3a8058	flow:5837ce3a8058 → host:172.234.197.23 → host:177.10.234.195 → port:tcp:34845
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:52.81.77.92:geo_39.91100_116.39500	host:52.81.77.92 → geo_39.91100_116.39500
FLOW_FROM_HOSTOBS	e:from:SESSION-aecaf39909333efc:host:172.234.197.23	SESSION-aecaf39909333efc → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:91daccc6e701	flow:91daccc6e701 → host:177.10.237.94 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c3bfd44b04badb9b:SESSION-c3bfd44b04badb9b	SESSION-c3bfd44b04badb9b → pe:tls:SESSION-c3bfd44b04badb9b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e1a13f968b47fc9d:SESSION-e1a13f968b47fc9d	SESSION-e1a13f968b47fc9d → pe:tls:SESSION-e1a13f968b47fc9d
flow_observed5-aryOBS	e:fo:flow:d1cae011c215	flow:d1cae011c215 → host:95.170.25.60 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_FROM_HOSTOBS	e:from:SESSION-91919daf8511716e:host:172.234.197.23	SESSION-91919daf8511716e → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-9b209515fa806d4a:BSG-BEACON-d4175b7190c4	SESSION-9b209515fa806d4a → BSG-BEACON-d4175b7190c4
FLOW_DST_PORTOBS	e:fp:flow:6334bd55125a:port:tcp:443	flow:6334bd55125a → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b1cf957f4a121d77:SESSION-b1cf957f4a121d77	SESSION-b1cf957f4a121d77 → pe:tls:SESSION-b1cf957f4a121d77
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4f6b9574b70ed197:SESSION-4f6b9574b70ed197	SESSION-4f6b9574b70ed197 → pe:tls:SESSION-4f6b9574b70ed197
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4fd6590fe23ccd99:host:172.234.197.23	SESSION-4fd6590fe23ccd99 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bc35cbabc9b015e:host:172.234.197.23	SESSION-3bc35cbabc9b015e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-be09ba54da571689:SESSION-be09ba54da571689	SESSION-be09ba54da571689 → pe:tls:SESSION-be09ba54da571689
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-605f000d6a5e20b1:host:172.234.197.23	SESSION-605f000d6a5e20b1 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.1:asn:271410	host:131.196.31.1 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.158:asn:273470	host:45.173.156.158 → asn:273470
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.113:geo_41.02140_28.99480	host:185.231.226.113 → geo_41.02140_28.99480
FLOW_TO_HOSTOBS	e:to:SESSION-8bf7420041ec56c9:host:177.10.232.19	SESSION-8bf7420041ec56c9 → host:177.10.232.19
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a18dc2bb6be0117f:SESSION-a18dc2bb6be0117f	SESSION-a18dc2bb6be0117f → pe:tls:SESSION-a18dc2bb6be0117f
FLOW_TO_HOSTOBS	e:to:SESSION-02cfffe2a1cdb1f3:host:172.234.197.23	SESSION-02cfffe2a1cdb1f3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-117c00f29ed332ce:flow:6a41698ec379	SESSION-117c00f29ed332ce → flow:6a41698ec379
FLOW_TLS_SNIOBS	e:fs:flow:794db97b6d69:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:794db97b6d69 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0bcd74883eff8339:host:177.10.232.19	SESSION-0bcd74883eff8339 → host:177.10.232.19
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.218:geo_-23.62930_-46.63510	host:131.196.31.218 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d4e339b9f879a911:SESSION-d4e339b9f879a911	SESSION-d4e339b9f879a911 → pe:syn:SESSION-d4e339b9f879a911
flow_observed5-aryOBS	e:fo:flow:0703046ab49b	flow:0703046ab49b → host:177.10.235.165 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-12096b18b6e78b60:SESSION-12096b18b6e78b60	SESSION-12096b18b6e78b60 → pe:tls:SESSION-12096b18b6e78b60
FLOW_DST_PORTOBS	e:fp:flow:c7bd36073942:port:tcp:443	flow:c7bd36073942 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4cb8ade3138db412:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4cb8ade3138db412 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ae8012f8306fedb:host:172.234.197.23	SESSION-6ae8012f8306fedb → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-21a6fb1ae6879e55:host:172.234.197.23	SESSION-21a6fb1ae6879e55 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c9a4f7dc3c5c:port:tcp:80	flow:c9a4f7dc3c5c → port:tcp:80
FLOW_DST_PORTOBS	e:fp:flow:2700d829f582:port:tcp:443	flow:2700d829f582 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.97:geo_-16.28860_-49.01640	host:177.10.237.97 → geo_-16.28860_-49.01640
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-2c5fc27029770f85:BSG-BEACON-f0c7a9a91348	SESSION-2c5fc27029770f85 → BSG-BEACON-f0c7a9a91348
FLOW_TO_HOSTOBS	e:to:SESSION-923cb7ae7a40da65:host:177.10.234.249	SESSION-923cb7ae7a40da65 → host:177.10.234.249
FLOW_FROM_HOSTOBS	e:from:SESSION-038099de878067a0:host:131.196.29.247	SESSION-038099de878067a0 → host:131.196.29.247
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-33fcdd018bdc1a2c:SESSION-33fcdd018bdc1a2c	SESSION-33fcdd018bdc1a2c → pe:tls:SESSION-33fcdd018bdc1a2c
FLOW_TO_HOSTOBS	e:to:SESSION-6dc77b6505beb2bc:host:45.173.156.43	SESSION-6dc77b6505beb2bc → host:45.173.156.43
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39d5adc1c22dd7ee:host:177.10.237.159	SESSION-39d5adc1c22dd7ee → host:177.10.237.159
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b854a8a0c04494b2:flow:773dd2f1e445	SESSION-b854a8a0c04494b2 → flow:773dd2f1e445
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41eaa3dd80eab155:host:172.234.197.23	SESSION-41eaa3dd80eab155 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bfd9e24a99b67097:host:177.10.239.133	SESSION-bfd9e24a99b67097 → host:177.10.239.133
FLOW_TO_HOSTOBS	e:to:SESSION-eadecea9d5615d15:host:172.234.197.23	SESSION-eadecea9d5615d15 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2969d43ba10a409c:SESSION-2969d43ba10a409c	SESSION-2969d43ba10a409c → pe:syn:SESSION-2969d43ba10a409c
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.132:asn:271410	host:131.196.31.132 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2505ce7e1d614150:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2505ce7e1d614150 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-08b25d9f54ecadf2:PCAP:capture_20260430090001:065659c7d314	SESSION-08b25d9f54ecadf2 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8431b5fa38a73955:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8431b5fa38a73955 → PCAP:capture_20260430160001:9bfa4498506a
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.61:asn:271410	host:131.196.29.61 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-e7ad62492e870e2b:host:172.234.197.23	SESSION-e7ad62492e870e2b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b61117bf3d91dba8:host:172.234.197.23	SESSION-b61117bf3d91dba8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:337a509c562d:port:tcp:443	flow:337a509c562d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2505ce7e1d614150:host:131.196.28.16	SESSION-2505ce7e1d614150 → host:131.196.28.16
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-70e7a4a5208b1da3:flow:5dc402cfbc94	SESSION-70e7a4a5208b1da3 → flow:5dc402cfbc94
FLOW_DST_PORTOBS	e:fp:flow:b1e5035369fe:port:tcp:443	flow:b1e5035369fe → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-534aae6aa0ff39bc:SESSION-534aae6aa0ff39bc	SESSION-534aae6aa0ff39bc → pe:tls:SESSION-534aae6aa0ff39bc
FLOW_DST_PORTOBS	e:fp:flow:0c59e28f7820:port:tcp:443	flow:0c59e28f7820 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-2a9f928f7ece6fbf:host:172.234.197.23	SESSION-2a9f928f7ece6fbf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-88c19910e1cb1242:SESSION-88c19910e1cb1242	SESSION-88c19910e1cb1242 → pe:tls:SESSION-88c19910e1cb1242
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-40497d6996ef2088:host:177.10.236.230:host:172.234.197.23	SESSION-40497d6996ef2088 → host:177.10.236.230 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fc7297e72fc8:port:tcp:64932	flow:fc7297e72fc8 → port:tcp:64932
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-574dd53dd07894c0:PCAP:capture_20260430060001:919b39a74464	SESSION-574dd53dd07894c0 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-200e4a8806f83581:host:45.145.152.178	SESSION-200e4a8806f83581 → host:45.145.152.178
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e529f6ef28aca515:host:172.234.197.23	SESSION-e529f6ef28aca515 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4defafdd27769097:host:92.112.71.232:host:172.234.197.23	SESSION-4defafdd27769097 → host:92.112.71.232 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-78b6e298ccb2dbce:flow:5e742d447609	SESSION-78b6e298ccb2dbce → flow:5e742d447609
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-710eb7de55f51893:host:172.234.197.23:host:177.10.238.56	SESSION-710eb7de55f51893 → host:172.234.197.23 → host:177.10.238.56
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ff4eb64228a8af88:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ff4eb64228a8af88 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-753bfef963e546aa:host:177.10.237.249	SESSION-753bfef963e546aa → host:177.10.237.249
FLOW_TO_HOSTOBS	e:to:SESSION-f73f713a631f7530:host:177.10.238.187	SESSION-f73f713a631f7530 → host:177.10.238.187
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8e250b2be37e497:host:172.234.197.23	SESSION-f8e250b2be37e497 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fa35d0a8fa5d9f77:PCAP:capture_20260430050001:8868731bf8a4	SESSION-fa35d0a8fa5d9f77 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:6dbdcb9c1141:port:tcp:443	flow:6dbdcb9c1141 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:dfe895f305cc	flow:dfe895f305cc → host:131.196.31.68 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-099b4106de78317b:host:172.234.197.23	SESSION-099b4106de78317b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-887f47388267b095:PCAP:capture_20260430110001:43611bdf6759	SESSION-887f47388267b095 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe9137916d2eb5d4:host:172.234.197.23	SESSION-fe9137916d2eb5d4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21de16798668b3a8:host:45.173.156.138	SESSION-21de16798668b3a8 → host:45.173.156.138
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6d95ea715a47abbc:host:177.10.235.169:host:172.234.197.23	SESSION-6d95ea715a47abbc → host:177.10.235.169 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5048c6b31ef60c96:host:172.234.197.23	SESSION-5048c6b31ef60c96 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d88e4c33e170:port:tcp:39283	flow:d88e4c33e170 → port:tcp:39283
FLOW_DST_PORTOBS	e:fp:flow:609b96815b71:port:tcp:443	flow:609b96815b71 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c873de224cbac149:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c873de224cbac149 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7771c9cc3604c57a:host:131.196.29.21	SESSION-7771c9cc3604c57a → host:131.196.29.21
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-969e64e33723c991:host:172.234.197.23	SESSION-969e64e33723c991 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2646f5b9f41a01d2:host:172.234.197.23:host:177.10.236.94	SESSION-2646f5b9f41a01d2 → host:172.234.197.23 → host:177.10.236.94
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9dcf6e772a239b46:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9dcf6e772a239b46 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:d8263b3fe9a6	flow:d8263b3fe9a6 → host:131.196.29.124 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-56e56d8157575627:SESSION-56e56d8157575627	SESSION-56e56d8157575627 → pe:tls:SESSION-56e56d8157575627
FLOW_FROM_HOSTOBS	e:from:SESSION-e8104be0e9171978:host:172.234.197.23	SESSION-e8104be0e9171978 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-32091c263c5425e7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-32091c263c5425e7 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9f5d8e8d5ecc4e1f:flow:ce9079d0e1b1	SESSION-9f5d8e8d5ecc4e1f → flow:ce9079d0e1b1
flow_observed4-aryOBS	e:fo:flow:61ec22b9b7c0	flow:61ec22b9b7c0 → host:172.234.197.23 → host:131.196.31.138 → port:tcp:58774
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da6e864635febf48:host:172.234.197.23	SESSION-da6e864635febf48 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-24f08652bbd6b16b:host:172.234.197.23	SESSION-24f08652bbd6b16b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c7ece8090c9a4b7f:PCAP:capture_20260430060001:919b39a74464	SESSION-c7ece8090c9a4b7f → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0af842276eef56a1:SESSION-0af842276eef56a1	SESSION-0af842276eef56a1 → pe:tls:SESSION-0af842276eef56a1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b9f10142199cea9c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b9f10142199cea9c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-4f12bb9f5880e55b:host:177.10.236.77	SESSION-4f12bb9f5880e55b → host:177.10.236.77
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47d7544842406eea:host:177.10.236.11	SESSION-47d7544842406eea → host:177.10.236.11
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-20b594788160c43c:SESSION-20b594788160c43c	SESSION-20b594788160c43c → pe:syn:SESSION-20b594788160c43c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4d7e31822e7386a:host:131.196.30.0	SESSION-c4d7e31822e7386a → host:131.196.30.0
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.184:asn:271410	host:131.196.29.184 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bff0166abbd0d576:host:172.234.197.23	SESSION-bff0166abbd0d576 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-122d3bc093be76f2:host:172.234.197.23	SESSION-122d3bc093be76f2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3ae59ca72364f9e1:SESSION-3ae59ca72364f9e1	SESSION-3ae59ca72364f9e1 → pe:syn:SESSION-3ae59ca72364f9e1
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.55:asn:271410	host:131.196.30.55 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:f7eb9287a4ce:port:tcp:443	flow:f7eb9287a4ce → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06c7d2e525939bdd:host:177.10.239.205	SESSION-06c7d2e525939bdd → host:177.10.239.205
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4898aa8f3840ecd5:flow:139d27eec0b8	SESSION-4898aa8f3840ecd5 → flow:139d27eec0b8
FLOW_FROM_HOSTOBS	e:from:SESSION-937317105ded9efa:host:172.234.197.23	SESSION-937317105ded9efa → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6d3dc2c705a19d83:SESSION-6d3dc2c705a19d83	SESSION-6d3dc2c705a19d83 → pe:tls:SESSION-6d3dc2c705a19d83
FLOW_FROM_HOSTOBS	e:from:SESSION-ab1f168a37fae671:host:172.234.197.23	SESSION-ab1f168a37fae671 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-baee22f4fffa81d2:host:172.234.197.23	SESSION-baee22f4fffa81d2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d45c3fc16863e5ef:host:172.234.197.23	SESSION-d45c3fc16863e5ef → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae747b0389dd0111:host:172.234.197.23	SESSION-ae747b0389dd0111 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:52.81.225.63:geo_39.91100_116.39500	host:52.81.225.63 → geo_39.91100_116.39500
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.103:geo_-16.28860_-49.01640	host:177.10.237.103 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:a7146439792d	flow:a7146439792d → host:177.10.239.56 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-1909494739e8c502:BSG-DATA_EXFIL-a1f720c83276	SESSION-1909494739e8c502 → BSG-DATA_EXFIL-a1f720c83276
FLOW_DST_PORTOBS	e:fp:flow:00b9bd232140:port:tcp:55105	flow:00b9bd232140 → port:tcp:55105
FLOW_TO_HOSTOBS	e:to:SESSION-266bac80b9ef8487:host:45.173.156.219	SESSION-266bac80b9ef8487 → host:45.173.156.219
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e8070c9158a1a853:flow:94234c463c5b	SESSION-e8070c9158a1a853 → flow:94234c463c5b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-64639bf8e248f548:host:177.10.239.166:host:172.234.197.23	SESSION-64639bf8e248f548 → host:177.10.239.166 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:947ed1ed059c:port:tcp:443	flow:947ed1ed059c → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c7409e3f74011df2:flow:ba624a808c3c	SESSION-c7409e3f74011df2 → flow:ba624a808c3c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe3fb5807179bb52:host:131.196.30.65	SESSION-fe3fb5807179bb52 → host:131.196.30.65
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.60:asn:262880	host:177.10.233.60 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-650fd2b828a7b477:SESSION-650fd2b828a7b477	SESSION-650fd2b828a7b477 → pe:syn:SESSION-650fd2b828a7b477
FLOW_TO_HOSTOBS	e:to:SESSION-07a584f2a7f89f38:host:172.234.197.23	SESSION-07a584f2a7f89f38 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0e8f7cea7441	flow:0e8f7cea7441 → host:177.10.238.16 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-985fc991cba9cb9c:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-985fc991cba9cb9c → PCAP:capture_20260427230001:ca8bd1ce36e2
FLOW_TO_HOSTOBS	e:to:SESSION-181666d0ed9d45b8:host:172.234.197.23	SESSION-181666d0ed9d45b8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3a22e38c714d83c7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-3a22e38c714d83c7 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4e9a3a3a63cdb2e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-c4e9a3a3a63cdb2e → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.15:geo_-16.28860_-49.01640	host:177.10.236.15 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c54bf7ef52fb715c:host:13.212.244.245	SESSION-c54bf7ef52fb715c → host:13.212.244.245
FLOW_TO_HOSTOBS	e:to:SESSION-e115bc688365a9e7:host:172.234.197.23	SESSION-e115bc688365a9e7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b947f5515d64f3f8:host:172.234.197.23	SESSION-b947f5515d64f3f8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ae8012f8306fedb:SESSION-6ae8012f8306fedb	SESSION-6ae8012f8306fedb → pe:tls:SESSION-6ae8012f8306fedb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc301fc8fa5220df:host:172.234.197.23	SESSION-fc301fc8fa5220df → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd524e1c02193f64:host:172.234.197.23	SESSION-fd524e1c02193f64 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-0b2db5b5e20e8c4e:SESSION-0b2db5b5e20e8c4e	SESSION-0b2db5b5e20e8c4e → pe:dns:SESSION-0b2db5b5e20e8c4e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.58:asn:262880	host:177.10.233.58 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6dacc3093e29f894:SESSION-6dacc3093e29f894	SESSION-6dacc3093e29f894 → pe:syn:SESSION-6dacc3093e29f894
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a242c68bb3594796:host:177.10.234.71	SESSION-a242c68bb3594796 → host:177.10.234.71
FLOW_TO_HOSTOBS	e:to:SESSION-980b61ddea9c5965:host:172.232.0.16	SESSION-980b61ddea9c5965 → host:172.232.0.16
flow_observed4-aryOBS	e:fo:flow:a9f0ade491b8	flow:a9f0ade491b8 → host:172.234.197.23 → host:103.230.240.59 → port:tcp:58354
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8a57b2200e62e75:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c8a57b2200e62e75 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2cb78a800ce3917:host:172.234.197.23	SESSION-c2cb78a800ce3917 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77e1145855a55905:flow:a44722bcd1c4	SESSION-77e1145855a55905 → flow:a44722bcd1c4
FLOW_FROM_HOSTOBS	e:from:SESSION-0847a7bc7e933771:host:131.196.29.16	SESSION-0847a7bc7e933771 → host:131.196.29.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77755e4fda54087c:PCAP:capture_20260430150001:ded20914761d	SESSION-77755e4fda54087c → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5826a910dfa3cb7f:host:131.196.31.170	SESSION-5826a910dfa3cb7f → host:131.196.31.170
flow_observed4-aryOBS	e:fo:flow:38033b53ed44	flow:38033b53ed44 → host:172.234.197.23 → host:131.196.30.68 → port:tcp:64945
FLOW_FROM_HOSTOBS	e:from:SESSION-59de2965684be0b6:host:131.196.30.126	SESSION-59de2965684be0b6 → host:131.196.30.126
FLOW_TO_HOSTOBS	e:to:SESSION-f7ca91f03ba114f2:host:172.234.197.23	SESSION-f7ca91f03ba114f2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f26dae72fe8e9fa0:flow:edee59eace09	SESSION-f26dae72fe8e9fa0 → flow:edee59eace09
FLOW_DST_PORTOBS	e:fp:flow:9b3007c5185e:port:tcp:443	flow:9b3007c5185e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-609fd31f908d95c5:host:172.234.197.23	SESSION-609fd31f908d95c5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e3ca473e8fbcab1:PCAP:capture_20260430050001:8868731bf8a4	SESSION-4e3ca473e8fbcab1 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-3cc71da406a2797a:host:172.234.197.23	SESSION-3cc71da406a2797a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-609fd31f908d95c5:SESSION-609fd31f908d95c5	SESSION-609fd31f908d95c5 → pe:syn:SESSION-609fd31f908d95c5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47699582b69b5d99:host:177.10.239.107:host:172.234.197.23	SESSION-47699582b69b5d99 → host:177.10.239.107 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-12096b18b6e78b60:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-12096b18b6e78b60 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c47d04961700459f:SESSION-c47d04961700459f	SESSION-c47d04961700459f → pe:syn:SESSION-c47d04961700459f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1b69502656f28818:host:172.234.197.23	SESSION-1b69502656f28818 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf9e0725ec95e307:host:177.10.232.125	SESSION-bf9e0725ec95e307 → host:177.10.232.125
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.91:asn:271410	host:131.196.29.91 → asn:271410
FLOW_TLS_SNIOBS	e:fs:flow:7ad2515d1158:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:7ad2515d1158 → tls_sni:172-234-197-23.ip.linodeusercontent.com
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.215:geo_-16.28860_-49.01640	host:177.10.238.215 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.16:asn:262880	host:177.10.238.16 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.84:asn:273470	host:45.173.156.84 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cdcb5008ac7e3b15:host:177.10.237.183:host:172.234.197.23	SESSION-cdcb5008ac7e3b15 → host:177.10.237.183 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a80be6abc21d5bd:host:13.208.213.50	SESSION-8a80be6abc21d5bd → host:13.208.213.50
FLOW_FROM_HOSTOBS	e:from:SESSION-9494583da7ce1d88:host:131.196.29.105	SESSION-9494583da7ce1d88 → host:131.196.29.105
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5048c6b31ef60c96:SESSION-5048c6b31ef60c96	SESSION-5048c6b31ef60c96 → pe:syn:SESSION-5048c6b31ef60c96
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6bdebc30581f3c5f:SESSION-6bdebc30581f3c5f	SESSION-6bdebc30581f3c5f → pe:tls:SESSION-6bdebc30581f3c5f
FLOW_TO_HOSTOBS	e:to:SESSION-ab20216cf3eeb0ee:host:172.234.197.23	SESSION-ab20216cf3eeb0ee → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.153:asn:262880	host:177.10.237.153 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-40dbede277a2e1b2:SESSION-40dbede277a2e1b2	SESSION-40dbede277a2e1b2 → pe:tls:SESSION-40dbede277a2e1b2
FLOW_FROM_HOSTOBS	e:from:SESSION-96c13a83414ab25f:host:177.10.234.64	SESSION-96c13a83414ab25f → host:177.10.234.64
FLOW_QUERIED_DNSOBS	e:fd:flow:a1c10d36ceb1:dns:themeisle.com	flow:a1c10d36ceb1 → dns:themeisle.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f1cb2d411cdd6d7:flow:32f59490ee7f	SESSION-4f1cb2d411cdd6d7 → flow:32f59490ee7f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ba981a6eb39461c8:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ba981a6eb39461c8 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-675cba805cfc6bb8:flow:43136ed91747	SESSION-675cba805cfc6bb8 → flow:43136ed91747
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-75d6129ea0f7ecdc:flow:666b02f57941	SESSION-75d6129ea0f7ecdc → flow:666b02f57941
FLOW_FROM_HOSTOBS	e:from:SESSION-86e3f0fd63ed2ea3:host:172.234.197.23	SESSION-86e3f0fd63ed2ea3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-122c3f68e4c2a7ca:PCAP:capture_20260430050001:8868731bf8a4	SESSION-122c3f68e4c2a7ca → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67fb5a3b6b27b953:host:172.234.197.23	SESSION-67fb5a3b6b27b953 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8c058dbfcf0ab82c:SESSION-8c058dbfcf0ab82c	SESSION-8c058dbfcf0ab82c → pe:tls:SESSION-8c058dbfcf0ab82c
FLOW_FROM_HOSTOBS	e:from:SESSION-d4862cddc1ddaa50:host:131.196.28.208	SESSION-d4862cddc1ddaa50 → host:131.196.28.208
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7f971b95dedbfd9a:SESSION-7f971b95dedbfd9a	SESSION-7f971b95dedbfd9a → pe:tls:SESSION-7f971b95dedbfd9a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-74f51cf412342155:flow:0bb22495fed6	SESSION-74f51cf412342155 → flow:0bb22495fed6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.231:geo_-23.62930_-46.63510	host:131.196.30.231 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-017fcd2c03e3a5c1:host:172.234.197.23	SESSION-017fcd2c03e3a5c1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:34a634025f7d	flow:34a634025f7d → host:131.196.30.253 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:1091a77e7aa4:port:tcp:443	flow:1091a77e7aa4 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.223:geo_-16.28860_-49.01640	host:177.10.232.223 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5e7695ca2cac12f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-b5e7695ca2cac12f → PCAP:capture_20260430160001:9bfa4498506a
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-cfde024084873f29:BSG-DATA_EXFIL-c24d7cb3a7e4	SESSION-cfde024084873f29 → BSG-DATA_EXFIL-c24d7cb3a7e4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1355eedcc36803bb:host:45.173.156.188	SESSION-1355eedcc36803bb → host:45.173.156.188
FLOW_TO_HOSTOBS	e:to:SESSION-ee8963275c4b434b:host:172.234.197.23	SESSION-ee8963275c4b434b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-682271ad5b560620:SESSION-682271ad5b560620	SESSION-682271ad5b560620 → pe:tls:SESSION-682271ad5b560620
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c20a24472712669d:SESSION-c20a24472712669d	SESSION-c20a24472712669d → pe:tls:SESSION-c20a24472712669d
FLOW_TO_HOSTOBS	e:to:SESSION-e696cf5f8f6db7e6:host:172.234.197.23	SESSION-e696cf5f8f6db7e6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2aa671fdac09172:host:172.234.197.23	SESSION-f2aa671fdac09172 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9ffa027db374a629:flow:bbbdb4b028c8	SESSION-9ffa027db374a629 → flow:bbbdb4b028c8
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.4:geo_-23.62930_-46.63510	host:131.196.31.4 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f0dd74fd8f314e65:SESSION-f0dd74fd8f314e65	SESSION-f0dd74fd8f314e65 → pe:tls:SESSION-f0dd74fd8f314e65
FLOW_TO_HOSTOBS	e:to:SESSION-85483e16d9e2576e:host:131.196.28.110	SESSION-85483e16d9e2576e → host:131.196.28.110
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7f9cc68ffb76114:host:177.10.236.250:host:172.234.197.23	SESSION-b7f9cc68ffb76114 → host:177.10.236.250 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7fad01c8dca4d847:PCAP:capture_20260430090001:065659c7d314	SESSION-7fad01c8dca4d847 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-265fcf20a19ad440:host:172.234.197.23	SESSION-265fcf20a19ad440 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:16.60.246.31:geo_51.51640_-0.09300	host:16.60.246.31 → geo_51.51640_-0.09300
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4bd4f427df690125:flow:a78c6319ce69	SESSION-4bd4f427df690125 → flow:a78c6319ce69
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c32ee209d5d1aa5e:SESSION-c32ee209d5d1aa5e	SESSION-c32ee209d5d1aa5e → pe:tls:SESSION-c32ee209d5d1aa5e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ceaacc21db1a34ae:flow:a4a655504923	SESSION-ceaacc21db1a34ae → flow:a4a655504923
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0aa7b6956faccec:SESSION-c0aa7b6956faccec	SESSION-c0aa7b6956faccec → pe:syn:SESSION-c0aa7b6956faccec
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0665b9726687b63:host:45.173.156.98:host:172.234.197.23	SESSION-c0665b9726687b63 → host:45.173.156.98 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-34cbebf9a190be23:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-34cbebf9a190be23 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-6ac8ab77b48a8c37:host:172.234.197.23	SESSION-6ac8ab77b48a8c37 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9c1aaa33a089:port:tcp:443	flow:9c1aaa33a089 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ad60f3efcde14b7:host:172.234.197.23	SESSION-7ad60f3efcde14b7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-342ba7535c6572a7:host:172.234.197.23	SESSION-342ba7535c6572a7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3bc3682173c4cf6b:host:177.10.234.130:host:172.234.197.23	SESSION-3bc3682173c4cf6b → host:177.10.234.130 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2af2d979895f4943:flow:90f47a433baa	SESSION-2af2d979895f4943 → flow:90f47a433baa
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.87:geo_-16.28860_-49.01640	host:177.10.238.87 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:b01d2e5ef9a6:port:tcp:36469	flow:b01d2e5ef9a6 → port:tcp:36469
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-17000fdd70ecbf97:SESSION-17000fdd70ecbf97	SESSION-17000fdd70ecbf97 → pe:syn:SESSION-17000fdd70ecbf97
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-76ac71b30f764df7:flow:f56a15af06b9	SESSION-76ac71b30f764df7 → flow:f56a15af06b9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1e6437ba0c2aceec:host:172.234.197.23:host:45.173.156.44	SESSION-1e6437ba0c2aceec → host:172.234.197.23 → host:45.173.156.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-84186d30322c849e:SESSION-84186d30322c849e	SESSION-84186d30322c849e → pe:tls:SESSION-84186d30322c849e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c3b9d914716975ab:SESSION-c3b9d914716975ab	SESSION-c3b9d914716975ab → pe:tls:SESSION-c3b9d914716975ab
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8c1a20baa14a0758:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8c1a20baa14a0758 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-48482b2d296d23e2:host:131.196.29.201:host:172.234.197.23	SESSION-48482b2d296d23e2 → host:131.196.29.201 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4aeecdec5ead7952:host:172.234.197.23	SESSION-4aeecdec5ead7952 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0acd91014f6238ed:host:172.234.197.23	SESSION-0acd91014f6238ed → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:924a7bf90f20	flow:924a7bf90f20 → host:172.234.197.23 → host:177.10.238.124 → port:tcp:51647
flow_observed4-aryOBS	e:fo:flow:c06629cf706b	flow:c06629cf706b → host:172.234.197.23 → host:177.10.239.221 → port:tcp:21449
FLOW_TO_HOSTOBS	e:to:SESSION-b1ca06073d474c63:host:177.10.236.3	SESSION-b1ca06073d474c63 → host:177.10.236.3
flow_observed4-aryOBS	e:fo:flow:5560424714e6	flow:5560424714e6 → host:172.234.197.23 → host:131.196.29.145 → port:tcp:54982
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4bd4f427df690125:SESSION-4bd4f427df690125	SESSION-4bd4f427df690125 → pe:tls:SESSION-4bd4f427df690125
flow_observed5-aryOBS	e:fo:flow:e708abec206b	flow:e708abec206b → host:64.237.250.51 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2632ba515271ea31:SESSION-2632ba515271ea31	SESSION-2632ba515271ea31 → pe:syn:SESSION-2632ba515271ea31
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a5c85963c9f133e2:flow:2fe6f9cc04fc	SESSION-a5c85963c9f133e2 → flow:2fe6f9cc04fc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc399ebe92ddbae6:host:45.173.156.211	SESSION-cc399ebe92ddbae6 → host:45.173.156.211
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0e6800c9c0f40710:SESSION-0e6800c9c0f40710	SESSION-0e6800c9c0f40710 → pe:syn:SESSION-0e6800c9c0f40710
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-40c5d05833b5d363:flow:24b3fe0163fb	SESSION-40c5d05833b5d363 → flow:24b3fe0163fb
flow_observed5-aryOBS	e:fo:flow:924c6b09c358	flow:924c6b09c358 → host:131.196.28.2 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:4274b947f0e0	flow:4274b947f0e0 → host:177.10.236.234 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab42e00b724a7daa:host:177.10.237.243	SESSION-ab42e00b724a7daa → host:177.10.237.243
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b947f5515d64f3f8:SESSION-b947f5515d64f3f8	SESSION-b947f5515d64f3f8 → pe:tls:SESSION-b947f5515d64f3f8
flow_observed4-aryOBS	e:fo:flow:62cdb0ac1510	flow:62cdb0ac1510 → host:172.234.197.23 → host:177.10.235.172 → port:tcp:27032
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-74d0e7e40a4e478e:SESSION-74d0e7e40a4e478e	SESSION-74d0e7e40a4e478e → pe:tls:SESSION-74d0e7e40a4e478e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ec928f375ba591f1:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-ec928f375ba591f1 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.63:asn:262880	host:177.10.236.63 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-55794f9e7b1a9e7f:PCAP:capture_20260430070001:903a0e7a436b	SESSION-55794f9e7b1a9e7f → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ef1bfc51ed52e33:host:177.10.238.17	SESSION-8ef1bfc51ed52e33 → host:177.10.238.17
HOST_IN_ASNOBS 85%	e:ha:host:44.255.175.112:asn:16509	host:44.255.175.112 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa3e9fc803f342ab:host:45.173.156.123	SESSION-fa3e9fc803f342ab → host:45.173.156.123
flow_observed4-aryOBS	e:fo:flow:e4d1d674f42b	flow:e4d1d674f42b → host:172.234.197.23 → host:177.10.239.4 → port:tcp:54769
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db76c4941d3529f6:PCAP:capture_20260430090001:065659c7d314	SESSION-db76c4941d3529f6 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49ddbf605897eb3f:host:172.234.197.23	SESSION-49ddbf605897eb3f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a390ade8fe745ada:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a390ade8fe745ada → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:430858ea5ed8:port:tcp:56794	flow:430858ea5ed8 → port:tcp:56794
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b481f21a133f6fd1:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-b481f21a133f6fd1 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-af13e3f1012247aa:flow:b67c661cd116	SESSION-af13e3f1012247aa → flow:b67c661cd116
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-44e6d66a0a0fb56e:host:172.234.197.23:host:131.196.29.140	SESSION-44e6d66a0a0fb56e → host:172.234.197.23 → host:131.196.29.140
flow_observed5-aryOBS	e:fo:flow:0080953c1172	flow:0080953c1172 → host:131.196.29.125 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5958a673e968588:host:172.234.197.23	SESSION-f5958a673e968588 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f255eba3b0795a16:host:172.234.197.23	SESSION-f255eba3b0795a16 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-699c907c7ac66403:host:131.196.30.137	SESSION-699c907c7ac66403 → host:131.196.30.137
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99664d33d11b43d2:host:172.234.197.23	SESSION-99664d33d11b43d2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f67ce0567774b305:host:177.10.232.208:host:172.234.197.23	SESSION-f67ce0567774b305 → host:177.10.232.208 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5fb6fe079446275d:host:172.234.197.23	SESSION-5fb6fe079446275d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8f2cb956713b4a7f:host:131.196.30.129	SESSION-8f2cb956713b4a7f → host:131.196.30.129
FLOW_FROM_HOSTOBS	e:from:SESSION-6c53b2c88ff7f785:host:44.250.172.176	SESSION-6c53b2c88ff7f785 → host:44.250.172.176
FLOW_DST_PORTOBS	e:fp:flow:b08e9e3f80d1:port:tcp:443	flow:b08e9e3f80d1 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-16a7442acd9adfae:host:177.10.239.94:host:172.234.197.23	SESSION-16a7442acd9adfae → host:177.10.239.94 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51daf4959db84d02:host:172.232.0.16	SESSION-51daf4959db84d02 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49ea9885c560f158:host:172.234.197.23	SESSION-49ea9885c560f158 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c651848d98d2f620:PCAP:capture_20260430060001:919b39a74464	SESSION-c651848d98d2f620 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-192cf58c18726bf1:host:177.10.233.197	SESSION-192cf58c18726bf1 → host:177.10.233.197
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-de2c7d1c6ad5841e:flow:90f2d84aceea	SESSION-de2c7d1c6ad5841e → flow:90f2d84aceea
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d3e80fb3431ec3f4:host:185.231.226.159:host:172.234.197.23	SESSION-d3e80fb3431ec3f4 → host:185.231.226.159 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8e9497f317705308:SESSION-8e9497f317705308	SESSION-8e9497f317705308 → pe:tls:SESSION-8e9497f317705308
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bea10d62e606d6ea:SESSION-bea10d62e606d6ea	SESSION-bea10d62e606d6ea → pe:syn:SESSION-bea10d62e606d6ea
flow_observed5-aryOBS	e:fo:flow:a07aacbe73d0	flow:a07aacbe73d0 → host:177.10.234.28 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:56d377d36570	flow:56d377d36570 → host:177.10.238.10 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fbdf1132d9fb1d0d:host:177.10.234.23:host:172.234.197.23	SESSION-fbdf1132d9fb1d0d → host:177.10.234.23 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-45775bc626dbc608:host:172.234.197.23:host:177.10.238.56	SESSION-45775bc626dbc608 → host:172.234.197.23 → host:177.10.238.56
flow_observed5-aryOBS	e:fo:flow:ea483d23635f	flow:ea483d23635f → host:177.10.239.254 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-6dcacced517b07e8:host:172.234.197.23	SESSION-6dcacced517b07e8 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.105:asn:271410	host:131.196.29.105 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6dcacced517b07e8:host:177.10.235.197:host:172.234.197.23	SESSION-6dcacced517b07e8 → host:177.10.235.197 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.198:geo_-16.28860_-49.01640	host:177.10.236.198 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-f8d6efdf3cd688f1:host:172.234.197.23	SESSION-f8d6efdf3cd688f1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-defec876bf358011:host:34.216.30.208	SESSION-defec876bf358011 → host:34.216.30.208
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6dcc81ef5615b86c:flow:d73bdfc32a0d	SESSION-6dcc81ef5615b86c → flow:d73bdfc32a0d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38a436ec3884f938:host:45.173.156.192	SESSION-38a436ec3884f938 → host:45.173.156.192
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-32551388ee5c6c20:flow:cd6b04abe81f	SESSION-32551388ee5c6c20 → flow:cd6b04abe81f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-280b0d78f93705fd:SESSION-280b0d78f93705fd	SESSION-280b0d78f93705fd → pe:syn:SESSION-280b0d78f93705fd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ec917f0e741b647:host:172.234.197.23	SESSION-4ec917f0e741b647 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f56efcee303c963:host:177.10.233.48	SESSION-7f56efcee303c963 → host:177.10.233.48
flow_observed5-aryOBS	e:fo:flow:5ddcdc0f12fb	flow:5ddcdc0f12fb → host:177.10.234.204 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:c2108f1fcccc	flow:c2108f1fcccc → host:172.234.197.23 → host:177.10.237.95 → port:tcp:45520
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bd66824284de98ed:PCAP:capture_20260430060001:919b39a74464	SESSION-bd66824284de98ed → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0119815c01d3319:PCAP:capture_20260430150001:ded20914761d	SESSION-c0119815c01d3319 → PCAP:capture_20260430150001:ded20914761d
flow_observed5-aryOBS	e:fo:flow:672cf5da582b	flow:672cf5da582b → host:92.112.71.29 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-6a936b4b3a73fb0c:host:177.10.233.35	SESSION-6a936b4b3a73fb0c → host:177.10.233.35
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6edbcdecdf7d835:host:172.234.197.23	SESSION-a6edbcdecdf7d835 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.66:geo_-16.28860_-49.01640	host:177.10.234.66 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-331f26717743f7bf:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-331f26717743f7bf → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-949f3e8f4d37c52a:host:172.234.197.23	SESSION-949f3e8f4d37c52a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a2a075c2c818644a:host:172.234.197.23	SESSION-a2a075c2c818644a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4c33b44718448cc2:host:177.10.233.138	SESSION-4c33b44718448cc2 → host:177.10.233.138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-383c10f8cce4ec29:host:35.92.48.165	SESSION-383c10f8cce4ec29 → host:35.92.48.165
FLOW_TO_HOSTOBS	e:to:SESSION-89883827e26a2cf6:host:172.234.197.23	SESSION-89883827e26a2cf6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-042b5a6edf64c734:host:177.10.233.137:host:172.234.197.23	SESSION-042b5a6edf64c734 → host:177.10.233.137 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-76cec71360f7a00a:flow:624258993193	SESSION-76cec71360f7a00a → flow:624258993193
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-495677aa294b030b:SESSION-495677aa294b030b	SESSION-495677aa294b030b → pe:syn:SESSION-495677aa294b030b
FLOW_TO_HOSTOBS	e:to:SESSION-605f000d6a5e20b1:host:131.196.29.221	SESSION-605f000d6a5e20b1 → host:131.196.29.221
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.203:asn:271410	host:131.196.31.203 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96ad3251c1ecb855:host:172.234.197.23:host:177.10.237.18	SESSION-96ad3251c1ecb855 → host:172.234.197.23 → host:177.10.237.18
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01744e272bba469d:host:131.196.29.215	SESSION-01744e272bba469d → host:131.196.29.215
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e3b214bdb989f663:PCAP:capture_20260430080001:93f47cc296a4	SESSION-e3b214bdb989f663 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f73d5c81ac41c00:flow:594889790177	SESSION-4f73d5c81ac41c00 → flow:594889790177
flow_observed5-aryOBS	e:fo:flow:76d7847b27d9	flow:76d7847b27d9 → host:177.10.237.240 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.92:asn:271410	host:131.196.30.92 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.124:asn:262880	host:177.10.233.124 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-704e3a6bbdc29013:host:177.10.234.246:host:172.234.197.23	SESSION-704e3a6bbdc29013 → host:177.10.234.246 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f718644b6283d05d:host:172.234.197.23	SESSION-f718644b6283d05d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fda5d1d0c89bbfd4:host:45.173.156.110:host:172.234.197.23	SESSION-fda5d1d0c89bbfd4 → host:45.173.156.110 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-74188080b03487af:flow:155a3b53d00b	SESSION-74188080b03487af → flow:155a3b53d00b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e167d585a8e48501:flow:e0879fac4437	SESSION-e167d585a8e48501 → flow:e0879fac4437
FLOW_DST_PORTOBS	e:fp:flow:0cf167553f52:port:tcp:24097	flow:0cf167553f52 → port:tcp:24097
FLOW_DST_PORTOBS	e:fp:flow:5e4ddb5df46c:port:tcp:44979	flow:5e4ddb5df46c → port:tcp:44979
FLOW_FROM_HOSTOBS	e:from:SESSION-8247aea4532236dc:host:172.234.197.23	SESSION-8247aea4532236dc → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.190:geo_-16.28860_-49.01640	host:177.10.238.190 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-86e3f0fd63ed2ea3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-86e3f0fd63ed2ea3 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f26dae72fe8e9fa0:host:172.234.197.23:host:131.196.30.104	SESSION-f26dae72fe8e9fa0 → host:172.234.197.23 → host:131.196.30.104
flow_observed5-aryOBS	e:fo:flow:869e0dc0fb92	flow:869e0dc0fb92 → host:177.10.236.3 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.228:asn:262880	host:177.10.234.228 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b05aeaff4a071503:host:131.196.28.71:host:172.234.197.23	SESSION-b05aeaff4a071503 → host:131.196.28.71 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:33f7c23f1b8f:port:tcp:443	flow:33f7c23f1b8f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-191c84cbdd981857:SESSION-191c84cbdd981857	SESSION-191c84cbdd981857 → pe:tls:SESSION-191c84cbdd981857
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3fd74aeb66a6a85e:PCAP:capture_20260430060001:919b39a74464	SESSION-3fd74aeb66a6a85e → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-30152f28b63d1649:SESSION-30152f28b63d1649	SESSION-30152f28b63d1649 → pe:syn:SESSION-30152f28b63d1649
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bfbb16ce344dac5c:flow:d3f853795ebd	SESSION-bfbb16ce344dac5c → flow:d3f853795ebd
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.61:geo_-16.28860_-49.01640	host:177.10.232.61 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-106a8139a282a728:host:172.234.197.23	SESSION-106a8139a282a728 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-74d9117e815e4c77:SESSION-74d9117e815e4c77	SESSION-74d9117e815e4c77 → pe:syn:SESSION-74d9117e815e4c77
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1be36b841cb9bb38:PCAP:capture_20260430150001:ded20914761d	SESSION-1be36b841cb9bb38 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-276107f90ab0c118:host:172.234.197.23	SESSION-276107f90ab0c118 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d0b2adbfad1c	flow:d0b2adbfad1c → host:172.234.197.23 → host:177.10.236.90 → port:tcp:2472
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-82d78308744a8bb2:flow:32f3ac1593ad	SESSION-82d78308744a8bb2 → flow:32f3ac1593ad
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d384de4bfeb31c0:PCAP:capture_20260430150001:ded20914761d	SESSION-1d384de4bfeb31c0 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-481702f1e56ec074:flow:85ecd73a7e83	SESSION-481702f1e56ec074 → flow:85ecd73a7e83
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46082ee63fe36bdf:host:131.196.28.255	SESSION-46082ee63fe36bdf → host:131.196.28.255
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d6c92d9b97cea9da:SESSION-d6c92d9b97cea9da	SESSION-d6c92d9b97cea9da → pe:tls:SESSION-d6c92d9b97cea9da
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c47a34d160ec21ba:host:172.234.197.23	SESSION-c47a34d160ec21ba → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.26:geo_-23.62930_-46.63510	host:131.196.29.26 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-7b1078812f997c85:host:172.234.197.23	SESSION-7b1078812f997c85 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d612e7f6da31:port:tcp:443	flow:d612e7f6da31 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-36db005d6a8b5922:host:177.10.238.189:host:172.234.197.23	SESSION-36db005d6a8b5922 → host:177.10.238.189 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9f05806c7fdedb94:host:172.234.197.23	SESSION-9f05806c7fdedb94 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c9527954f73f19b6:host:177.10.233.153	SESSION-c9527954f73f19b6 → host:177.10.233.153
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f9ea4c8ad78eb8e:host:177.10.236.73	SESSION-2f9ea4c8ad78eb8e → host:177.10.236.73
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-44d3fd3ee1d51da1:flow:266d570cd855	SESSION-44d3fd3ee1d51da1 → flow:266d570cd855
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.4:asn:203771	host:31.40.196.4 → asn:203771
FLOW_FROM_HOSTOBS	e:from:SESSION-a34bb428906fa48c:host:177.10.239.90	SESSION-a34bb428906fa48c → host:177.10.239.90
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4886aa3300be1da9:flow:35afae3c4d29	SESSION-4886aa3300be1da9 → flow:35afae3c4d29
FLOW_FROM_HOSTOBS	e:from:SESSION-11d5793dfe2c0097:host:177.10.237.172	SESSION-11d5793dfe2c0097 → host:177.10.237.172
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51b69a1f49968dce:host:177.10.239.253:host:172.234.197.23	SESSION-51b69a1f49968dce → host:177.10.239.253 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d32ea7105612ce28:flow:b7b3b773f9b5	SESSION-d32ea7105612ce28 → flow:b7b3b773f9b5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f737e621c51c7ecf:host:45.173.156.227:host:172.234.197.23	SESSION-f737e621c51c7ecf → host:45.173.156.227 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c427fb98e016:port:tcp:9293	flow:c427fb98e016 → port:tcp:9293
FLOW_FROM_HOSTOBS	e:from:SESSION-566179d6a12d7e1c:host:177.10.234.206	SESSION-566179d6a12d7e1c → host:177.10.234.206
FLOW_TO_HOSTOBS	e:to:SESSION-62b0720ae8fecbf5:host:172.234.197.23	SESSION-62b0720ae8fecbf5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3573d87c5a129f8e:host:172.234.197.23:host:177.10.232.63	SESSION-3573d87c5a129f8e → host:172.234.197.23 → host:177.10.232.63
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-98d504bd384337f5:SESSION-98d504bd384337f5	SESSION-98d504bd384337f5 → pe:tls:SESSION-98d504bd384337f5
flow_observed5-aryOBS	e:fo:flow:812f40eb0cd0	flow:812f40eb0cd0 → host:177.10.237.24 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-499399e6896a45f7:host:95.135.228.52:host:172.234.197.23	SESSION-499399e6896a45f7 → host:95.135.228.52 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d75aeae08cca:port:tcp:443	flow:d75aeae08cca → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ee9fbb8d7f6cf47b:flow:f4ddb90e507a	SESSION-ee9fbb8d7f6cf47b → flow:f4ddb90e507a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-46082ee63fe36bdf:SESSION-46082ee63fe36bdf	SESSION-46082ee63fe36bdf → pe:tls:SESSION-46082ee63fe36bdf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.81:asn:262880	host:177.10.235.81 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2b6fa392d99e4e2:host:172.234.197.23	SESSION-c2b6fa392d99e4e2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:30727c4988df	flow:30727c4988df → host:131.196.29.232 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ad62b54803b59875:SESSION-ad62b54803b59875	SESSION-ad62b54803b59875 → pe:tls:SESSION-ad62b54803b59875
FLOW_DST_PORTOBS	e:fp:flow:61aa546ed047:port:tcp:443	flow:61aa546ed047 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.42:geo_-16.28860_-49.01640	host:177.10.239.42 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44f16a8e9c86ada8:host:177.10.235.158	SESSION-44f16a8e9c86ada8 → host:177.10.235.158
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38fb62728f2b5e64:host:177.10.237.255	SESSION-38fb62728f2b5e64 → host:177.10.237.255
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09cf18cd582e793d:host:177.10.238.152	SESSION-09cf18cd582e793d → host:177.10.238.152
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eb82ec2c88e573dc:SESSION-eb82ec2c88e573dc	SESSION-eb82ec2c88e573dc → pe:syn:SESSION-eb82ec2c88e573dc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-74d9117e815e4c77:host:131.196.28.242:host:172.234.197.23	SESSION-74d9117e815e4c77 → host:131.196.28.242 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cd92f1d715637398:flow:d9b840dd9eca	SESSION-cd92f1d715637398 → flow:d9b840dd9eca
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.217:geo_-16.28860_-49.01640	host:177.10.239.217 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-394aeca8e13c39b2:host:45.173.156.133:host:172.234.197.23	SESSION-394aeca8e13c39b2 → host:45.173.156.133 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ff374888c4809584:PCAP:capture_20260430070001:903a0e7a436b	SESSION-ff374888c4809584 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a52ffd6f24f0f87:host:172.234.197.23	SESSION-1a52ffd6f24f0f87 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a1375745ca86fe64:flow:460697540e36	SESSION-a1375745ca86fe64 → flow:460697540e36
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4614700214209776:host:172.234.197.23	SESSION-4614700214209776 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-288ea97e67f438e3:host:172.234.197.23	SESSION-288ea97e67f438e3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fbcf03ac27ad8556:host:177.10.239.62:host:172.234.197.23	SESSION-fbcf03ac27ad8556 → host:177.10.239.62 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7172790c1950eaef:host:131.196.30.184	SESSION-7172790c1950eaef → host:131.196.30.184
FLOW_TO_HOSTOBS	e:to:SESSION-5d84fd327ccf4e65:host:172.234.197.23	SESSION-5d84fd327ccf4e65 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7fad01c8dca4d847:host:177.10.234.74	SESSION-7fad01c8dca4d847 → host:177.10.234.74
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4933624db1b9ac84:host:177.10.239.93	SESSION-4933624db1b9ac84 → host:177.10.239.93
flow_observed4-aryOBS	e:fo:flow:8e63ce94f50a	flow:8e63ce94f50a → host:172.234.197.23 → host:131.196.30.102 → port:tcp:8696
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3a3baa467b71ba10:flow:211bfd4012e1	SESSION-3a3baa467b71ba10 → flow:211bfd4012e1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fd4f176877b3d058:SESSION-fd4f176877b3d058	SESSION-fd4f176877b3d058 → pe:syn:SESSION-fd4f176877b3d058
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3f953402fa48addf:host:177.10.232.232:host:172.234.197.23	SESSION-3f953402fa48addf → host:177.10.232.232 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-12879c55e793c987:host:177.10.236.113:host:172.234.197.23	SESSION-12879c55e793c987 → host:177.10.236.113 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-38d81f2383b0ad0b:host:177.10.232.219	SESSION-38d81f2383b0ad0b → host:177.10.232.219
FLOW_FROM_HOSTOBS	e:from:SESSION-1bf280e9db7bb994:host:44.255.175.112	SESSION-1bf280e9db7bb994 → host:44.255.175.112
FLOW_DST_PORTOBS	e:fp:flow:247bd0e3b7f8:port:tcp:443	flow:247bd0e3b7f8 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.242:asn:203771	host:185.231.226.242 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4dc175dd74a3b00:host:172.234.197.23	SESSION-b4dc175dd74a3b00 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5f70c7a73cedaabc:host:177.10.232.103:host:172.234.197.23	SESSION-5f70c7a73cedaabc → host:177.10.232.103 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-be622897972653aa:host:172.234.197.23	SESSION-be622897972653aa → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-140a58b5ab5dfb04:host:172.234.197.23	SESSION-140a58b5ab5dfb04 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d5b41a2eb16ae40:host:172.234.197.23	SESSION-8d5b41a2eb16ae40 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5fa5716fea2946da:host:172.234.197.23	SESSION-5fa5716fea2946da → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-191c84cbdd981857:host:131.196.31.2:host:172.234.197.23	SESSION-191c84cbdd981857 → host:131.196.31.2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0ce4fb974af5131d:host:177.10.237.55	SESSION-0ce4fb974af5131d → host:177.10.237.55
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-7c1c3bc51aa7232b:BSG-BEACON-f6c2b3d0e42d	SESSION-7c1c3bc51aa7232b → BSG-BEACON-f6c2b3d0e42d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fc01b506a83e5847:SESSION-fc01b506a83e5847	SESSION-fc01b506a83e5847 → pe:tls:SESSION-fc01b506a83e5847
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0ce4962ca3a156ee:SESSION-0ce4962ca3a156ee	SESSION-0ce4962ca3a156ee → pe:tls:SESSION-0ce4962ca3a156ee
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d0835843463ad3c8:SESSION-d0835843463ad3c8	SESSION-d0835843463ad3c8 → pe:syn:SESSION-d0835843463ad3c8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-78b89cf411e3ebb4:host:172.234.197.23:host:131.196.31.190	SESSION-78b89cf411e3ebb4 → host:172.234.197.23 → host:131.196.31.190
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-32ae480396f4c201:host:177.10.236.7:host:172.234.197.23	SESSION-32ae480396f4c201 → host:177.10.236.7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a4651c2a8eec0e6f:host:172.234.197.23:host:131.196.29.201	SESSION-a4651c2a8eec0e6f → host:172.234.197.23 → host:131.196.29.201
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-685011adf9d67a1b:SESSION-685011adf9d67a1b	SESSION-685011adf9d67a1b → pe:tls:SESSION-685011adf9d67a1b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-47ed07d15aa63df9:SESSION-47ed07d15aa63df9	SESSION-47ed07d15aa63df9 → pe:syn:SESSION-47ed07d15aa63df9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37a8b94aca0a72fd:host:69.222.187.134	SESSION-37a8b94aca0a72fd → host:69.222.187.134
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4ecf1376a54312e6:SESSION-4ecf1376a54312e6	SESSION-4ecf1376a54312e6 → pe:syn:SESSION-4ecf1376a54312e6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.11:geo_-16.28860_-49.01640	host:177.10.237.11 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-3b8a8c73a52fb2ca:host:172.234.197.23	SESSION-3b8a8c73a52fb2ca → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0e4af0a65cfa	flow:0e4af0a65cfa → host:92.112.71.168 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0684dbb2a7f8dcaf:host:177.10.236.182:host:172.234.197.23	SESSION-0684dbb2a7f8dcaf → host:177.10.236.182 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fce590506c76a4f8:host:131.196.31.34	SESSION-fce590506c76a4f8 → host:131.196.31.34
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ceaf5a04e9815b11:flow:ca336f5cf561	SESSION-ceaf5a04e9815b11 → flow:ca336f5cf561
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.165:asn:271410	host:131.196.31.165 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-087551762f1417e7:host:172.234.197.23	SESSION-087551762f1417e7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-69c66b3db447dca1:host:172.234.197.23	SESSION-69c66b3db447dca1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f6479625c7774ad:host:177.10.239.118	SESSION-9f6479625c7774ad → host:177.10.239.118
flow_observed4-aryOBS	e:fo:flow:6c65188d7893	flow:6c65188d7893 → host:172.234.197.23 → host:177.10.232.215 → port:tcp:14178
FLOW_FROM_HOSTOBS	e:from:SESSION-845fd343ebc60049:host:177.10.237.81	SESSION-845fd343ebc60049 → host:177.10.237.81
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-919ba311fe0cedbc:flow:e24ee2bfca56	SESSION-919ba311fe0cedbc → flow:e24ee2bfca56
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4faf0bdb2ec15f7a:PCAP:capture_20260430080001:93f47cc296a4	SESSION-4faf0bdb2ec15f7a → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e50198195b1abda9:SESSION-e50198195b1abda9	SESSION-e50198195b1abda9 → pe:tls:SESSION-e50198195b1abda9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-578d76d32a2c1b81:host:172.234.197.23	SESSION-578d76d32a2c1b81 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5e220c81ec884c58:PCAP:capture_20260430090001:065659c7d314	SESSION-5e220c81ec884c58 → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:7c1da452d8d9:port:tcp:6606	flow:7c1da452d8d9 → port:tcp:6606
FLOW_DST_PORTOBS	e:fp:flow:8d09d19297dd:port:tcp:50984	flow:8d09d19297dd → port:tcp:50984
FLOW_FROM_HOSTOBS	e:from:SESSION-739affc996a6fe99:host:172.234.197.23	SESSION-739affc996a6fe99 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a40236c67828800b:host:177.10.239.40	SESSION-a40236c67828800b → host:177.10.239.40
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.218:geo_-16.28860_-49.01640	host:177.10.238.218 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.53:geo_-16.28860_-49.01640	host:177.10.237.53 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.221:geo_-16.28860_-49.01640	host:177.10.234.221 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bea10d62e606d6ea:flow:74378186d58c	SESSION-bea10d62e606d6ea → flow:74378186d58c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.198:geo_-16.28860_-49.01640	host:177.10.237.198 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6ec641540644ee0:host:172.234.197.23	SESSION-a6ec641540644ee0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-979dfdf677607677:host:172.234.197.23	SESSION-979dfdf677607677 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ca7a94bad113:port:tcp:443	flow:ca7a94bad113 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7b308d2f7d4fdfaa:SESSION-7b308d2f7d4fdfaa	SESSION-7b308d2f7d4fdfaa → pe:syn:SESSION-7b308d2f7d4fdfaa
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fb971e48f4a1e66e:flow:6ecadfe6c5ec	SESSION-fb971e48f4a1e66e → flow:6ecadfe6c5ec
flow_observed5-aryOBS	e:fo:flow:6336053cfda8	flow:6336053cfda8 → host:45.173.156.100 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c3cae868156d4440:PCAP:capture_20260430150001:ded20914761d	SESSION-c3cae868156d4440 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0229340abc854c0d:SESSION-0229340abc854c0d	SESSION-0229340abc854c0d → pe:tls:SESSION-0229340abc854c0d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-079ef1e0e1e74623:SESSION-079ef1e0e1e74623	SESSION-079ef1e0e1e74623 → pe:syn:SESSION-079ef1e0e1e74623
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa26c3a0a6de1666:PCAP:capture_20260430090001:065659c7d314	SESSION-aa26c3a0a6de1666 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1a26d5a4b5eab898:host:51.224.74.176:host:172.234.197.23	SESSION-1a26d5a4b5eab898 → host:51.224.74.176 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-14b4ac17b4f35bc0:host:172.234.197.23	SESSION-14b4ac17b4f35bc0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a24ae76392ce429:host:131.196.29.237	SESSION-7a24ae76392ce429 → host:131.196.29.237
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-90e5db50c9887f08:flow:dcc768f94395	SESSION-90e5db50c9887f08 → flow:dcc768f94395
flow_observed5-aryOBS	e:fo:flow:1e0297185954	flow:1e0297185954 → host:177.10.239.122 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.186:geo_-16.28860_-49.01640	host:177.10.234.186 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce29096c932e7f50:host:177.10.236.43	SESSION-ce29096c932e7f50 → host:177.10.236.43
FLOW_TO_HOSTOBS	e:to:SESSION-24f1ec9c7d379a9b:host:131.196.29.150	SESSION-24f1ec9c7d379a9b → host:131.196.29.150
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bff0487aa2cdf6e6:host:172.234.197.23:host:131.196.29.242	SESSION-bff0487aa2cdf6e6 → host:172.234.197.23 → host:131.196.29.242
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-09d8680ca1ab1b1e:host:185.231.226.119:host:172.234.197.23	SESSION-09d8680ca1ab1b1e → host:185.231.226.119 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:38357cfefc2c	flow:38357cfefc2c → host:172.234.197.23 → host:131.196.29.122 → port:tcp:23704
FLOW_FROM_HOSTOBS	e:from:SESSION-4e074c277760af7b:host:131.196.29.140	SESSION-4e074c277760af7b → host:131.196.29.140
FLOW_TO_HOSTOBS	e:to:SESSION-49ddbf605897eb3f:host:172.234.197.23	SESSION-49ddbf605897eb3f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d7aef03828b51e64:host:172.234.197.23:host:177.10.237.80	SESSION-d7aef03828b51e64 → host:172.234.197.23 → host:177.10.237.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9072e99a39ab8173:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-9072e99a39ab8173 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-783928d3af0eed6e:host:172.234.197.23	SESSION-783928d3af0eed6e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ffb0d51cd8f7dd7:flow:497792193906	SESSION-8ffb0d51cd8f7dd7 → flow:497792193906
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6515500944a7e42e:flow:010c8d6bcc21	SESSION-6515500944a7e42e → flow:010c8d6bcc21
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23dcfe77dd45a14a:host:131.196.28.106	SESSION-23dcfe77dd45a14a → host:131.196.28.106
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0bc704eff4d88e9:SESSION-c0bc704eff4d88e9	SESSION-c0bc704eff4d88e9 → pe:syn:SESSION-c0bc704eff4d88e9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8b9d154eee5d788:SESSION-c8b9d154eee5d788	SESSION-c8b9d154eee5d788 → pe:syn:SESSION-c8b9d154eee5d788
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ad03ceeb377f3976:flow:5b849e915364	SESSION-ad03ceeb377f3976 → flow:5b849e915364
FLOW_DST_PORTOBS	e:fp:flow:84cb2f5c2276:port:tcp:443	flow:84cb2f5c2276 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e7e8f7da56292748:SESSION-e7e8f7da56292748	SESSION-e7e8f7da56292748 → pe:tls:SESSION-e7e8f7da56292748
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4cc664d616fce9d7:flow:fce963e430ca	SESSION-4cc664d616fce9d7 → flow:fce963e430ca
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2cbf1ff9debe345:host:177.10.238.77	SESSION-f2cbf1ff9debe345 → host:177.10.238.77
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-87b50db5a64a4926:flow:3dee28b4049d	SESSION-87b50db5a64a4926 → flow:3dee28b4049d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3b13920773df7284:SESSION-3b13920773df7284	SESSION-3b13920773df7284 → pe:syn:SESSION-3b13920773df7284
FLOW_TO_HOSTOBS	e:to:SESSION-bc308b17bca42662:host:172.234.197.23	SESSION-bc308b17bca42662 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94e9de291da3c2c9:host:172.234.197.23	SESSION-94e9de291da3c2c9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8614773ef8a3b357:SESSION-8614773ef8a3b357	SESSION-8614773ef8a3b357 → pe:tls:SESSION-8614773ef8a3b357
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cf40158902d38ce6:PCAP:capture_20260430070001:903a0e7a436b	SESSION-cf40158902d38ce6 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.129:geo_-16.28860_-49.01640	host:177.10.239.129 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-500f03715884566d:host:172.234.197.23	SESSION-500f03715884566d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8f98b72d4ec65d75:host:177.10.234.248:host:172.234.197.23	SESSION-8f98b72d4ec65d75 → host:177.10.234.248 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.209:geo_-16.28860_-49.01640	host:177.10.236.209 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40497d6996ef2088:host:177.10.236.230	SESSION-40497d6996ef2088 → host:177.10.236.230
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-74188080b03487af:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-74188080b03487af → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f016f4a38011f9c:host:172.234.197.23	SESSION-4f016f4a38011f9c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d0666e29955d:port:tcp:20013	flow:d0666e29955d → port:tcp:20013
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-75c1b247d58a4094:flow:eb0a24e43cec	SESSION-75c1b247d58a4094 → flow:eb0a24e43cec
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8a147e2e8b42f79:host:177.10.238.80	SESSION-b8a147e2e8b42f79 → host:177.10.238.80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-412d8e92812f4ea2:host:172.234.197.23	SESSION-412d8e92812f4ea2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-596b6c60b11eaa92:SESSION-596b6c60b11eaa92	SESSION-596b6c60b11eaa92 → pe:syn:SESSION-596b6c60b11eaa92
FLOW_TO_HOSTOBS	e:to:SESSION-8cf2e3dd1491b22c:host:172.234.197.23	SESSION-8cf2e3dd1491b22c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-64913b40dfec355f:host:131.196.29.182	SESSION-64913b40dfec355f → host:131.196.29.182
FLOW_FROM_HOSTOBS	e:from:SESSION-0e2a52b4f9db01a4:host:177.10.235.160	SESSION-0e2a52b4f9db01a4 → host:177.10.235.160
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47ac7feaf227c129:host:172.234.197.23:host:172.232.0.17	SESSION-47ac7feaf227c129 → host:172.234.197.23 → host:172.232.0.17
FLOW_FROM_HOSTOBS	e:from:SESSION-5cf2fdb6c848ac6c:host:131.196.29.91	SESSION-5cf2fdb6c848ac6c → host:131.196.29.91
FLOW_FROM_HOSTOBS	e:from:SESSION-3839adbba9942939:host:172.234.197.23	SESSION-3839adbba9942939 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a971dfbf90734efe:host:45.173.156.110	SESSION-a971dfbf90734efe → host:45.173.156.110
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dee230b22d739e8a:SESSION-dee230b22d739e8a	SESSION-dee230b22d739e8a → pe:tls:SESSION-dee230b22d739e8a
flow_observed4-aryOBS	e:fo:flow:7e0530f5b553	flow:7e0530f5b553 → host:172.234.197.23 → host:177.10.236.201 → port:tcp:21122
FLOW_DST_PORTOBS	e:fp:flow:829cd549e8bd:port:tcp:51302	flow:829cd549e8bd → port:tcp:51302
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-037b6464dda97429:SESSION-037b6464dda97429	SESSION-037b6464dda97429 → pe:tls:SESSION-037b6464dda97429
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0c7d8b58da7be6c5:host:131.196.28.175:host:172.234.197.23	SESSION-0c7d8b58da7be6c5 → host:131.196.28.175 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:81a15ff062a8	flow:81a15ff062a8 → host:177.10.234.171 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-03f7a565a7cd59d8:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-03f7a565a7cd59d8 → PCAP:capture_20260428000001:7e90c7cb899e
FLOW_TO_HOSTOBS	e:to:SESSION-853e897de6767cda:host:172.234.197.23	SESSION-853e897de6767cda → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d3bfe28004a6:port:tcp:443	flow:d3bfe28004a6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c155b50123efabb5:host:177.10.235.147	SESSION-c155b50123efabb5 → host:177.10.235.147
FLOW_TO_HOSTOBS	e:to:SESSION-2761ffbe76598549:host:177.10.237.147	SESSION-2761ffbe76598549 → host:177.10.237.147
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d87ad0ffb58b923c:SESSION-d87ad0ffb58b923c	SESSION-d87ad0ffb58b923c → pe:tls:SESSION-d87ad0ffb58b923c
FLOW_FROM_HOSTOBS	e:from:SESSION-2d7ac357c55d6f7b:host:177.10.237.240	SESSION-2d7ac357c55d6f7b → host:177.10.237.240
FLOW_DST_PORTOBS	e:fp:flow:a87fcf5ff316:port:tcp:443	flow:a87fcf5ff316 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-7bd472de7dbc823f:host:172.234.197.23	SESSION-7bd472de7dbc823f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a650ad390b72264d:host:177.10.237.164	SESSION-a650ad390b72264d → host:177.10.237.164
FLOW_TO_HOSTOBS	e:to:SESSION-ced8040d8221dfbc:host:172.234.197.23	SESSION-ced8040d8221dfbc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-829f75d99e4943bf:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-829f75d99e4943bf → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f62140848f2b702:host:172.234.197.23	SESSION-8f62140848f2b702 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-517e17fbfcdc9eaf:host:177.10.239.165:host:172.234.197.23	SESSION-517e17fbfcdc9eaf → host:177.10.239.165 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.29:asn:203771	host:92.112.71.29 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-949f3e8f4d37c52a:SESSION-949f3e8f4d37c52a	SESSION-949f3e8f4d37c52a → pe:tls:SESSION-949f3e8f4d37c52a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1909494739e8c502:host:172.234.197.23	SESSION-1909494739e8c502 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:16276:org:OVH SAS	asn:16276 → org:OVH SAS
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-354c21b56902e892:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-354c21b56902e892 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b1ca06073d474c63:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b1ca06073d474c63 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-96c334cbd5a64077:BSG-BEACON-61380c9a629a	SESSION-96c334cbd5a64077 → BSG-BEACON-61380c9a629a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e577d7cf1b0ace36:SESSION-e577d7cf1b0ace36	SESSION-e577d7cf1b0ace36 → pe:tls:SESSION-e577d7cf1b0ace36
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c16307b11a026263:host:131.196.30.1:host:172.234.197.23	SESSION-c16307b11a026263 → host:131.196.30.1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-82c9dbe3cfe7e49f:flow:9b23d33d2c76	SESSION-82c9dbe3cfe7e49f → flow:9b23d33d2c76
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb6cea4441256ebd:host:172.234.197.23:host:177.10.233.233	SESSION-cb6cea4441256ebd → host:172.234.197.23 → host:177.10.233.233
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e77d19d6eee479c3:SESSION-e77d19d6eee479c3	SESSION-e77d19d6eee479c3 → pe:syn:SESSION-e77d19d6eee479c3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a10047b74101a9ce:SESSION-a10047b74101a9ce	SESSION-a10047b74101a9ce → pe:tls:SESSION-a10047b74101a9ce
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9962740ce107c36d:flow:f3a7fe5c3c2c	SESSION-9962740ce107c36d → flow:f3a7fe5c3c2c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d585afab4eb6ac7e:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d585afab4eb6ac7e → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8c5fe81cc60001f5:flow:0def00f66cf6	SESSION-8c5fe81cc60001f5 → flow:0def00f66cf6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.243:geo_-23.62930_-46.63510	host:131.196.30.243 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d0a19698769d1246:host:172.234.197.23:host:177.10.232.46	SESSION-d0a19698769d1246 → host:172.234.197.23 → host:177.10.232.46
FLOW_FROM_HOSTOBS	e:from:SESSION-2811f86b559a674a:host:131.196.30.119	SESSION-2811f86b559a674a → host:131.196.30.119
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3f9c5288639cc167:host:177.10.234.234:host:172.234.197.23	SESSION-3f9c5288639cc167 → host:177.10.234.234 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fd2a5925828b8076:host:177.10.235.218	SESSION-fd2a5925828b8076 → host:177.10.235.218
FLOW_DST_PORTOBS	e:fp:flow:9ef2c055debc:port:tcp:443	flow:9ef2c055debc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f49ef9eceb986e78:SESSION-f49ef9eceb986e78	SESSION-f49ef9eceb986e78 → pe:tls:SESSION-f49ef9eceb986e78
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.109:geo_-16.28860_-49.01640	host:177.10.235.109 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6bd47d8fd21ead6d:SESSION-6bd47d8fd21ead6d	SESSION-6bd47d8fd21ead6d → pe:syn:SESSION-6bd47d8fd21ead6d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ef3697a55617fe8:host:177.10.233.24	SESSION-0ef3697a55617fe8 → host:177.10.233.24
FLOW_DST_PORTOBS	e:fp:flow:bcf7cfc90ac1:port:tcp:443	flow:bcf7cfc90ac1 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cd38adf08b5d5a9e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cd38adf08b5d5a9e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:7c6a2a150cfa	flow:7c6a2a150cfa → host:45.173.156.147 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9a207ecea3558884:flow:85aacd5feb03	SESSION-9a207ecea3558884 → flow:85aacd5feb03
FLOW_QUERIED_DNSOBS	e:fd:flow:f47343671c29:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:f47343671c29 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
FLOW_FROM_HOSTOBS	e:from:SESSION-de1fc6391256943a:host:131.196.30.183	SESSION-de1fc6391256943a → host:131.196.30.183
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-666cc538c7e1a156:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-666cc538c7e1a156 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-226dccfda73d96ef:PCAP:capture_20260430090001:065659c7d314	SESSION-226dccfda73d96ef → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:1b4e341a7eb5:port:tcp:443	flow:1b4e341a7eb5 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-b7ae30acbd5f5fc5:host:177.10.235.15	SESSION-b7ae30acbd5f5fc5 → host:177.10.235.15
flow_observed5-aryOBS	e:fo:flow:e948c653dadd	flow:e948c653dadd → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d37583bcd3c19c57:host:172.234.197.23	SESSION-d37583bcd3c19c57 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fef5a77f946ef097:SESSION-fef5a77f946ef097	SESSION-fef5a77f946ef097 → pe:tls:SESSION-fef5a77f946ef097
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.7:geo_-23.62930_-46.63510	host:131.196.31.7 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-85f4ab9e3ed21fa2:SESSION-85f4ab9e3ed21fa2	SESSION-85f4ab9e3ed21fa2 → pe:syn:SESSION-85f4ab9e3ed21fa2
FLOW_DST_PORTOBS	e:fp:flow:a149d042783d:port:tcp:443	flow:a149d042783d → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:155bbe8ed91e	flow:155bbe8ed91e → host:172.234.197.23 → host:131.196.28.142 → port:tcp:33842
FLOW_TO_HOSTOBS	e:to:SESSION-da3b2b353303e8e1:host:172.234.197.23	SESSION-da3b2b353303e8e1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf8660b1b7ea6f50:SESSION-bf8660b1b7ea6f50	SESSION-bf8660b1b7ea6f50 → pe:tls:SESSION-bf8660b1b7ea6f50
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a457a833cb01b1f:SESSION-4a457a833cb01b1f	SESSION-4a457a833cb01b1f → pe:tls:SESSION-4a457a833cb01b1f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d17b7bdf4ae9fb2c:host:177.10.239.77	SESSION-d17b7bdf4ae9fb2c → host:177.10.239.77
FLOW_DST_PORTOBS	e:fp:flow:581696e98cc0:port:tcp:443	flow:581696e98cc0 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fd437604af995a2a:SESSION-fd437604af995a2a	SESSION-fd437604af995a2a → pe:tls:SESSION-fd437604af995a2a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-912f333ca4ce75c1:host:177.10.238.35:host:172.234.197.23	SESSION-912f333ca4ce75c1 → host:177.10.238.35 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0eb6f43455bd	flow:0eb6f43455bd → host:131.196.30.255 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8e44af15232c6a53:host:45.173.156.37:host:172.234.197.23	SESSION-8e44af15232c6a53 → host:45.173.156.37 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9de698333fa1afcb:host:45.173.156.205	SESSION-9de698333fa1afcb → host:45.173.156.205
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5eb3b0eaf7de1b7d:PCAP:capture_20260428010001:b1b402c7b202	SESSION-5eb3b0eaf7de1b7d → PCAP:capture_20260428010001:b1b402c7b202
FLOW_DST_PORTOBS	e:fp:flow:e0da7e51ff4f:port:tcp:443	flow:e0da7e51ff4f → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:717284c6f6ed	flow:717284c6f6ed → host:172.234.197.23 → host:177.10.238.8 → port:tcp:18006
FLOW_DST_PORTOBS	e:fp:flow:b8edaf1c817b:port:tcp:42908	flow:b8edaf1c817b → port:tcp:42908
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-664154a8ce71c549:host:177.10.233.61:host:172.234.197.23	SESSION-664154a8ce71c549 → host:177.10.233.61 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf9713fb7209fcf9:SESSION-bf9713fb7209fcf9	SESSION-bf9713fb7209fcf9 → pe:tls:SESSION-bf9713fb7209fcf9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f49ef9eceb986e78:flow:d75aeae08cca	SESSION-f49ef9eceb986e78 → flow:d75aeae08cca
FLOW_DST_PORTOBS	e:fp:flow:67e491a55fdc:port:tcp:443	flow:67e491a55fdc → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-bd8e744bc487bcb1:host:177.10.237.73	SESSION-bd8e744bc487bcb1 → host:177.10.237.73
flow_observed5-aryOBS	e:fo:flow:67a855142315	flow:67a855142315 → host:131.196.28.0 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3483d96fbaf632b7:flow:21b9c2f46acd	SESSION-3483d96fbaf632b7 → flow:21b9c2f46acd
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-38739a517334cf5a:BSG-BEACON-8837ef5499e4	SESSION-38739a517334cf5a → BSG-BEACON-8837ef5499e4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a6aeb664ff97dbd:host:177.10.237.203	SESSION-9a6aeb664ff97dbd → host:177.10.237.203
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2c2ee5c4e3db47f8:SESSION-2c2ee5c4e3db47f8	SESSION-2c2ee5c4e3db47f8 → pe:tls:SESSION-2c2ee5c4e3db47f8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ab0305ac0c92587:host:54.218.65.249:host:172.234.197.23	SESSION-2ab0305ac0c92587 → host:54.218.65.249 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e69e318433a6	flow:e69e318433a6 → host:131.196.31.188 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-de46def2c97c3533:SESSION-de46def2c97c3533	SESSION-de46def2c97c3533 → pe:syn:SESSION-de46def2c97c3533
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.93:asn:262880	host:177.10.232.93 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eb243e65e2b1808d:host:177.10.237.117:host:172.234.197.23	SESSION-eb243e65e2b1808d → host:177.10.237.117 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95c23d407c86213b:host:131.196.29.119	SESSION-95c23d407c86213b → host:131.196.29.119
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f033dc8b343a68ab:host:45.173.156.31:host:172.234.197.23	SESSION-f033dc8b343a68ab → host:45.173.156.31 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-718b3dc95b6876be:host:177.10.239.62	SESSION-718b3dc95b6876be → host:177.10.239.62
FLOW_DST_PORTOBS	e:fp:flow:c55144af88c3:port:tcp:443	flow:c55144af88c3 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bd728e6d9f0647f9:host:177.10.239.205:host:172.234.197.23	SESSION-bd728e6d9f0647f9 → host:177.10.239.205 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.151:geo_41.02140_28.99480	host:31.40.196.151 → geo_41.02140_28.99480
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e3db8610837fd0b8:SESSION-e3db8610837fd0b8	SESSION-e3db8610837fd0b8 → pe:tls:SESSION-e3db8610837fd0b8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51bc0a4af53b62cc:host:177.10.233.136	SESSION-51bc0a4af53b62cc → host:177.10.233.136
flow_observed5-aryOBS	e:fo:flow:70df9bee6094	flow:70df9bee6094 → host:177.10.239.136 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:e59eeaf15703:port:tcp:443	flow:e59eeaf15703 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-efabffc9197efb23:flow:ad3295a67b5a	SESSION-efabffc9197efb23 → flow:ad3295a67b5a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c54bf7ef52fb715c:PCAP:capture_20260428020001:ce87acd1c162	SESSION-c54bf7ef52fb715c → PCAP:capture_20260428020001:ce87acd1c162
flow_observed5-aryOBS	e:fo:flow:b2bccfbb111e	flow:b2bccfbb111e → host:177.10.238.11 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:519dfe2ba798:port:tcp:443	flow:519dfe2ba798 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bedaa62e135c647a:PCAP:capture_20260430160001:9bfa4498506a	SESSION-bedaa62e135c647a → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3cdf0b404a4678c5:host:172.234.197.23	SESSION-3cdf0b404a4678c5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9fb0652618e8095:host:172.234.197.23	SESSION-b9fb0652618e8095 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9466cbe9e9dd26aa:SESSION-9466cbe9e9dd26aa	SESSION-9466cbe9e9dd26aa → pe:tls:SESSION-9466cbe9e9dd26aa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46631c2a8361f405:host:177.10.233.123	SESSION-46631c2a8361f405 → host:177.10.233.123
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6cfabb521c7f73a1:host:172.234.197.23:host:131.196.31.80	SESSION-6cfabb521c7f73a1 → host:172.234.197.23 → host:131.196.31.80
flow_observed5-aryOBS	e:fo:flow:9c37952dcebc	flow:9c37952dcebc → host:131.196.29.76 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:13.53.140.247:asn:16509	host:13.53.140.247 → asn:16509
flow_observed4-aryOBS	e:fo:flow:98facdade98c	flow:98facdade98c → host:172.234.197.23 → host:131.196.28.35 → port:tcp:12626
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9e540dbaefa45433:host:172.234.197.23:host:177.10.234.96	SESSION-9e540dbaefa45433 → host:172.234.197.23 → host:177.10.234.96
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.198:asn:271410	host:131.196.29.198 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e995e7d6e6aa04f6:host:172.234.197.23:host:45.173.156.29	SESSION-e995e7d6e6aa04f6 → host:172.234.197.23 → host:45.173.156.29
FLOW_TO_HOSTOBS	e:to:SESSION-5ccbfb0ac760822d:host:172.234.197.23	SESSION-5ccbfb0ac760822d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b55fe86aa2a31ece:flow:b11a0b13ae5f	SESSION-b55fe86aa2a31ece → flow:b11a0b13ae5f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2a0d556a7af957b2:SESSION-2a0d556a7af957b2	SESSION-2a0d556a7af957b2 → pe:tls:SESSION-2a0d556a7af957b2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77abcf8d7f3aee2e:host:177.10.237.16	SESSION-77abcf8d7f3aee2e → host:177.10.237.16
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-848453a25431759d:host:172.234.197.23:host:177.10.232.12	SESSION-848453a25431759d → host:172.234.197.23 → host:177.10.232.12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb0638f1774736d1:SESSION-cb0638f1774736d1	SESSION-cb0638f1774736d1 → pe:syn:SESSION-cb0638f1774736d1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96b1ae4f2b433079:host:131.196.31.163:host:172.234.197.23	SESSION-96b1ae4f2b433079 → host:131.196.31.163 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4879ced74a20729f:SESSION-4879ced74a20729f	SESSION-4879ced74a20729f → pe:syn:SESSION-4879ced74a20729f
FLOW_FROM_HOSTOBS	e:from:SESSION-d0246a8b70a825de:host:131.196.29.224	SESSION-d0246a8b70a825de → host:131.196.29.224
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.39:geo_-21.10010_-41.69200	host:45.173.156.39 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-28ea3e411a2de5c2:SESSION-28ea3e411a2de5c2	SESSION-28ea3e411a2de5c2 → pe:syn:SESSION-28ea3e411a2de5c2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-27ee7c401cb71f02:SESSION-27ee7c401cb71f02	SESSION-27ee7c401cb71f02 → pe:tls:SESSION-27ee7c401cb71f02
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-edeb3dca8d1da30b:flow:ae8c060ae852	SESSION-edeb3dca8d1da30b → flow:ae8c060ae852
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa515f25c4c77655:SESSION-aa515f25c4c77655	SESSION-aa515f25c4c77655 → pe:tls:SESSION-aa515f25c4c77655
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-95f80a98e12e105d:SESSION-95f80a98e12e105d	SESSION-95f80a98e12e105d → pe:syn:SESSION-95f80a98e12e105d
FLOW_DST_PORTOBS	e:fp:flow:14ec9179e9d3:port:tcp:443	flow:14ec9179e9d3 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:cf0d2c342abc	flow:cf0d2c342abc → host:172.234.197.23 → host:177.10.237.2 → port:tcp:12919
FLOW_TO_HOSTOBS	e:to:SESSION-28106317c083449d:host:172.234.197.23	SESSION-28106317c083449d → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a34f8aafa3e2	flow:a34f8aafa3e2 → host:172.234.197.23 → host:177.10.234.49 → port:tcp:42990
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b7ec051587501bc:host:172.234.197.23:host:177.10.234.59	SESSION-5b7ec051587501bc → host:172.234.197.23 → host:177.10.234.59
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1410d14cf4ff2548:flow:54248e81c0ee	SESSION-1410d14cf4ff2548 → flow:54248e81c0ee
FLOW_FROM_HOSTOBS	e:from:SESSION-2edb1208bb0bd400:host:172.234.197.23	SESSION-2edb1208bb0bd400 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3ea9485b82ac2233:SESSION-3ea9485b82ac2233	SESSION-3ea9485b82ac2233 → pe:syn:SESSION-3ea9485b82ac2233
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.116:geo_-16.28860_-49.01640	host:177.10.234.116 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:6a91f40678b6:port:tcp:443	flow:6a91f40678b6 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:6b19deea6359:port:tcp:63370	flow:6b19deea6359 → port:tcp:63370
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:170.106.14.53:geo_39.04690_-77.49030	host:170.106.14.53 → geo_39.04690_-77.49030
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b8f87145037449c:flow:9c90a0ccccb1	SESSION-7b8f87145037449c → flow:9c90a0ccccb1
FLOW_TO_HOSTOBS	e:to:SESSION-60b46aef513c4722:host:172.234.197.23	SESSION-60b46aef513c4722 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-969e64e33723c991:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-969e64e33723c991 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-112ed66aeea7c1e0:flow:cf0d2c342abc	SESSION-112ed66aeea7c1e0 → flow:cf0d2c342abc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-886f0e6ca4ba19c9:host:131.196.31.107:host:172.234.197.23	SESSION-886f0e6ca4ba19c9 → host:131.196.31.107 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f8f919bfd11f34b:host:177.10.237.237	SESSION-8f8f919bfd11f34b → host:177.10.237.237
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-09c382be05e629ee:flow:6413836dd819	SESSION-09c382be05e629ee → flow:6413836dd819
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.249:geo_-16.28860_-49.01640	host:177.10.237.249 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0d8801f02b141d30:flow:2fe05b6b50c5	SESSION-0d8801f02b141d30 → flow:2fe05b6b50c5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ac87af78ff19f5c9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ac87af78ff19f5c9 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a8441f04433657ee:SESSION-a8441f04433657ee	SESSION-a8441f04433657ee → pe:tls:SESSION-a8441f04433657ee
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bfe3e48aa982c746:flow:6262808a9407	SESSION-bfe3e48aa982c746 → flow:6262808a9407
FLOW_DST_PORTOBS	e:fp:flow:e424d1b2ba4a:port:tcp:59604	flow:e424d1b2ba4a → port:tcp:59604
FLOW_FROM_HOSTOBS	e:from:SESSION-464502b3105a6b82:host:172.234.197.23	SESSION-464502b3105a6b82 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afeab5601fa36440:host:172.234.197.23	SESSION-afeab5601fa36440 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8ae8076186321ef8:host:172.234.197.23	SESSION-8ae8076186321ef8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ec4c9189aa8273c:SESSION-2ec4c9189aa8273c	SESSION-2ec4c9189aa8273c → pe:syn:SESSION-2ec4c9189aa8273c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-baee22f4fffa81d2:flow:c87b6a5476f5	SESSION-baee22f4fffa81d2 → flow:c87b6a5476f5
FLOW_TO_HOSTOBS	e:to:SESSION-979dfdf677607677:host:177.10.239.196	SESSION-979dfdf677607677 → host:177.10.239.196
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-94e9de291da3c2c9:SESSION-94e9de291da3c2c9	SESSION-94e9de291da3c2c9 → pe:syn:SESSION-94e9de291da3c2c9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c20a24472712669d:host:131.196.29.2:host:172.234.197.23	SESSION-c20a24472712669d → host:131.196.29.2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-216df7510915a954:host:177.10.236.176	SESSION-216df7510915a954 → host:177.10.236.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6a106ff5da861ac:host:172.234.197.23	SESSION-a6a106ff5da861ac → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.44:asn:273470	host:45.173.156.44 → asn:273470
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.79:asn:262880	host:177.10.239.79 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.5:asn:262880	host:177.10.235.5 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6a9e4c3921500675:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6a9e4c3921500675 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d862dda647c7051:flow:735521efe938	SESSION-1d862dda647c7051 → flow:735521efe938
FLOW_TLS_SNIOBS	e:fs:flow:243d6111af24:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:243d6111af24 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d1e9854752b2176:host:172.234.197.23	SESSION-0d1e9854752b2176 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-971b25349fba9c5b:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-971b25349fba9c5b → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-495677aa294b030b:host:177.10.235.147:host:172.234.197.23	SESSION-495677aa294b030b → host:177.10.235.147 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-037b6464dda97429:host:95.170.25.134:host:172.234.197.23	SESSION-037b6464dda97429 → host:95.170.25.134 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e6d659d940e075af:host:45.173.156.246	SESSION-e6d659d940e075af → host:45.173.156.246
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cac7290643404699:host:172.234.197.23	SESSION-cac7290643404699 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6682b9978761b80b:SESSION-6682b9978761b80b	SESSION-6682b9978761b80b → pe:syn:SESSION-6682b9978761b80b
FLOW_DST_PORTOBS	e:fp:flow:1759eefacc38:port:tcp:17374	flow:1759eefacc38 → port:tcp:17374
flow_observed5-aryOBS	e:fo:flow:b1dc75676208	flow:b1dc75676208 → host:131.196.29.125 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-67c350ca0312f6cb:host:177.10.238.238:host:172.234.197.23	SESSION-67c350ca0312f6cb → host:177.10.238.238 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-314272d88a452691:host:172.234.197.23	SESSION-314272d88a452691 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-98d504bd384337f5:PCAP:capture_20260430070001:903a0e7a436b	SESSION-98d504bd384337f5 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b330864bc1d39cd9:SESSION-b330864bc1d39cd9	SESSION-b330864bc1d39cd9 → pe:syn:SESSION-b330864bc1d39cd9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a70cd7da1062faad:host:177.10.233.176	SESSION-a70cd7da1062faad → host:177.10.233.176
flow_observed4-aryOBS	e:fo:flow:0e7e44787360	flow:0e7e44787360 → host:172.234.197.23 → host:177.10.238.250 → port:tcp:43216
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a4b062ac7956d3a5:PCAP:capture_20260430110001:43611bdf6759	SESSION-a4b062ac7956d3a5 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-2560fc1185e4e3e7:host:172.234.197.23	SESSION-2560fc1185e4e3e7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-26f197960c59c7f7:host:131.196.28.195:host:172.234.197.23	SESSION-26f197960c59c7f7 → host:131.196.28.195 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ab1f168a37fae671:flow:6bbf09456dc7	SESSION-ab1f168a37fae671 → flow:6bbf09456dc7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1ca06073d474c63:host:172.234.197.23	SESSION-b1ca06073d474c63 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:40c7e92d4532	flow:40c7e92d4532 → host:131.196.30.42 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0bf80193393b0fad:SESSION-0bf80193393b0fad	SESSION-0bf80193393b0fad → pe:tls:SESSION-0bf80193393b0fad
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.0:asn:262880	host:177.10.234.0 → asn:262880
flow_observed4-aryOBS	e:fo:flow:ffb76f649537	flow:ffb76f649537 → host:172.234.197.23 → host:131.196.30.132 → port:tcp:28417
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c1429c4885068b09:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c1429c4885068b09 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-02270ea748fd3855:host:172.234.197.23	SESSION-02270ea748fd3855 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-31d47da03b5e0774:host:172.234.197.23	SESSION-31d47da03b5e0774 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-b35aac65e648dac0:SESSION-b35aac65e648dac0	SESSION-b35aac65e648dac0 → pe:rst:SESSION-b35aac65e648dac0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.41:geo_41.02140_28.99480	host:37.221.79.41 → geo_41.02140_28.99480
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-179845184e318961:host:172.234.197.23	SESSION-179845184e318961 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad4be2ec0ec8e7ca:host:172.234.197.23	SESSION-ad4be2ec0ec8e7ca → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.87:asn:271410	host:131.196.30.87 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-198cd8f9bb6f8909:host:177.10.234.78	SESSION-198cd8f9bb6f8909 → host:177.10.234.78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b074fbdb748702cc:host:177.10.235.195	SESSION-b074fbdb748702cc → host:177.10.235.195
FLOW_FROM_HOSTOBS	e:from:SESSION-7eecd546334ac489:host:51.224.53.144	SESSION-7eecd546334ac489 → host:51.224.53.144
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec91eda6d4bd732e:host:177.10.237.211	SESSION-ec91eda6d4bd732e → host:177.10.237.211
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.87:asn:203771	host:95.170.25.87 → asn:203771
FLOW_TO_HOSTOBS	e:to:SESSION-576cc11ebde25a50:host:131.196.29.94	SESSION-576cc11ebde25a50 → host:131.196.29.94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-168c4e3df9119bba:SESSION-168c4e3df9119bba	SESSION-168c4e3df9119bba → pe:tls:SESSION-168c4e3df9119bba
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d9466ee8fbea2465:SESSION-d9466ee8fbea2465	SESSION-d9466ee8fbea2465 → pe:tls:SESSION-d9466ee8fbea2465
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e12300b6212ab14:flow:346a1a3a4e3f	SESSION-7e12300b6212ab14 → flow:346a1a3a4e3f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-991550775dcb0266:SESSION-991550775dcb0266	SESSION-991550775dcb0266 → pe:tls:SESSION-991550775dcb0266
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76bcf8447ee973fd:host:172.234.197.23	SESSION-76bcf8447ee973fd → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:dd689462ef51:port:tcp:443	flow:dd689462ef51 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4fb4b7758d99e149:SESSION-4fb4b7758d99e149	SESSION-4fb4b7758d99e149 → pe:syn:SESSION-4fb4b7758d99e149
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7c3601b8f3a6cf17:host:177.10.234.97:host:172.234.197.23	SESSION-7c3601b8f3a6cf17 → host:177.10.234.97 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:8b62a2da5c95	flow:8b62a2da5c95 → host:172.234.197.23 → host:177.10.236.92 → port:tcp:6482
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a29ca5d80bc122d0:PCAP:capture_20260430080001:93f47cc296a4	SESSION-a29ca5d80bc122d0 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1f3af12abbb2ff56:SESSION-1f3af12abbb2ff56	SESSION-1f3af12abbb2ff56 → pe:tls:SESSION-1f3af12abbb2ff56
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ce9448c6704b565d:SESSION-ce9448c6704b565d	SESSION-ce9448c6704b565d → pe:syn:SESSION-ce9448c6704b565d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.155:asn:262880	host:177.10.239.155 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.213:asn:262880	host:177.10.239.213 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a33620a262b3196:host:177.10.239.239:host:172.234.197.23	SESSION-4a33620a262b3196 → host:177.10.239.239 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.246:geo_-16.28860_-49.01640	host:177.10.239.246 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-0f8a559c2faf4a64:host:177.10.234.48	SESSION-0f8a559c2faf4a64 → host:177.10.234.48
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f73d5c81ac41c00:host:131.196.29.248	SESSION-4f73d5c81ac41c00 → host:131.196.29.248
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1a46a988dc3d14a3:host:177.10.237.113:host:172.234.197.23	SESSION-1a46a988dc3d14a3 → host:177.10.237.113 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-521d3d94be94008e:host:172.234.197.23	SESSION-521d3d94be94008e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e998b802e74a3139:host:172.234.197.23	SESSION-e998b802e74a3139 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-98d24f4ecefc5585:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-98d24f4ecefc5585 → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e2676dbc5b99ef14:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e2676dbc5b99ef14 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-610b47e21d599964:host:172.234.197.23	SESSION-610b47e21d599964 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3ea6c4aff46dde87:host:177.10.238.102	SESSION-3ea6c4aff46dde87 → host:177.10.238.102
HOST_IN_ASNOBS 85%	e:ha:host:35.216.234.82:asn:15169	host:35.216.234.82 → asn:15169
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-af13e3f1012247aa:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-af13e3f1012247aa → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8fb67bf931083b29:SESSION-8fb67bf931083b29	SESSION-8fb67bf931083b29 → pe:tls:SESSION-8fb67bf931083b29
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ea6c4aff46dde87:host:177.10.238.102	SESSION-3ea6c4aff46dde87 → host:177.10.238.102
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60441095965530ae:host:177.10.239.72	SESSION-60441095965530ae → host:177.10.239.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8327be02acf872a5:SESSION-8327be02acf872a5	SESSION-8327be02acf872a5 → pe:syn:SESSION-8327be02acf872a5
FLOW_TO_HOSTOBS	e:to:SESSION-4af9ea8e19c0cf86:host:131.196.29.61	SESSION-4af9ea8e19c0cf86 → host:131.196.29.61
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9bd60248a4061d8d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9bd60248a4061d8d → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4db3abe06a9505c7:SESSION-4db3abe06a9505c7	SESSION-4db3abe06a9505c7 → pe:syn:SESSION-4db3abe06a9505c7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9804aaba4767b862:host:172.234.197.23:host:177.10.232.2	SESSION-9804aaba4767b862 → host:172.234.197.23 → host:177.10.232.2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9c36bc9032caa64b:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-9c36bc9032caa64b → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0f329fce2004d812:flow:00b03f759fbf	SESSION-0f329fce2004d812 → flow:00b03f759fbf
FLOW_DST_PORTOBS	e:fp:flow:d06e75a28da9:port:tcp:443	flow:d06e75a28da9 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:83d4b6376697	flow:83d4b6376697 → host:177.10.233.85 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ee088f254667f6a:host:131.196.28.175:host:172.234.197.23	SESSION-6ee088f254667f6a → host:131.196.28.175 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-edebc7da73e26840:SESSION-edebc7da73e26840	SESSION-edebc7da73e26840 → pe:syn:SESSION-edebc7da73e26840
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e2811d191c294e0:PCAP:capture_20260430090001:065659c7d314	SESSION-7e2811d191c294e0 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.38:geo_-23.62930_-46.63510	host:131.196.31.38 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e6bf46c9eec8f990:flow:6ccb35207b9a	SESSION-e6bf46c9eec8f990 → flow:6ccb35207b9a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ea20601fa7d993b:SESSION-1ea20601fa7d993b	SESSION-1ea20601fa7d993b → pe:tls:SESSION-1ea20601fa7d993b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-21640db65210a47d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-21640db65210a47d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.60:geo_-16.28860_-49.01640	host:177.10.237.60 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-74f51cf412342155:SESSION-74f51cf412342155	SESSION-74f51cf412342155 → pe:syn:SESSION-74f51cf412342155
flow_observed4-aryOBS	e:fo:flow:a0c1b75ee432	flow:a0c1b75ee432 → host:172.234.197.23 → host:131.196.28.45 → port:tcp:54539
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-619cd2820aafdf33:host:172.234.197.23:host:131.196.28.246	SESSION-619cd2820aafdf33 → host:172.234.197.23 → host:131.196.28.246
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c701d534f5ceb273:host:131.196.30.147:host:172.234.197.23	SESSION-c701d534f5ceb273 → host:131.196.30.147 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4059a39607153158:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-4059a39607153158 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-791eac8e49df4e5d:host:131.196.30.66	SESSION-791eac8e49df4e5d → host:131.196.30.66
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-23deab886ec517b0:host:172.234.197.23:host:177.10.236.63	SESSION-23deab886ec517b0 → host:172.234.197.23 → host:177.10.236.63
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-afeab5601fa36440:host:177.10.235.206:host:172.234.197.23	SESSION-afeab5601fa36440 → host:177.10.235.206 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.122:geo_-16.28860_-49.01640	host:177.10.235.122 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-5804e26655ff1a06:host:131.196.30.231	SESSION-5804e26655ff1a06 → host:131.196.30.231
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.146:asn:271410	host:131.196.30.146 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-b96b3cde986adfb1:host:172.234.197.23	SESSION-b96b3cde986adfb1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-28d2d0e8afd37453:SESSION-28d2d0e8afd37453	SESSION-28d2d0e8afd37453 → pe:syn:SESSION-28d2d0e8afd37453
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc55eac4fb6ef554:host:184.171.210.134:host:172.234.197.23	SESSION-cc55eac4fb6ef554 → host:184.171.210.134 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4117bfae8d393f9c:SESSION-4117bfae8d393f9c	SESSION-4117bfae8d393f9c → pe:tls:SESSION-4117bfae8d393f9c
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.31:asn:203771	host:95.170.25.31 → asn:203771
FLOW_TO_HOSTOBS	e:to:SESSION-c422154c7899227e:host:172.234.197.23	SESSION-c422154c7899227e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a98ae7d95e9a62c0:host:131.196.30.44	SESSION-a98ae7d95e9a62c0 → host:131.196.30.44
FLOW_FROM_HOSTOBS	e:from:SESSION-a6c7a2e5cf818d0a:host:177.10.234.130	SESSION-a6c7a2e5cf818d0a → host:177.10.234.130
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac89834f3c269f55:host:172.234.197.23	SESSION-ac89834f3c269f55 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:21db64e0f176	flow:21db64e0f176 → host:172.234.197.23 → host:177.10.237.166 → port:tcp:11518
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bdc14171c537b7eb:host:177.10.232.93:host:172.234.197.23	SESSION-bdc14171c537b7eb → host:177.10.232.93 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-977a7c6dd83aa424:host:172.234.197.23	SESSION-977a7c6dd83aa424 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0b067dd86042d0a:host:177.10.236.3	SESSION-b0b067dd86042d0a → host:177.10.236.3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b7ec051587501bc:SESSION-5b7ec051587501bc	SESSION-5b7ec051587501bc → pe:syn:SESSION-5b7ec051587501bc
FLOW_FROM_HOSTOBS	e:from:SESSION-1870bc27b62a60a2:host:172.234.197.23	SESSION-1870bc27b62a60a2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-58ff4ad892ea2c04:flow:ded84b73dcc2	SESSION-58ff4ad892ea2c04 → flow:ded84b73dcc2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65d310d8fe50c39e:host:172.234.197.23	SESSION-65d310d8fe50c39e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2384be4238de1707:host:177.10.232.230:host:172.234.197.23	SESSION-2384be4238de1707 → host:177.10.232.230 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e4dd8b9d1b64d369:host:131.196.29.203	SESSION-e4dd8b9d1b64d369 → host:131.196.29.203
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.185:geo_-21.10010_-41.69200	host:45.173.156.185 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f12bb9f5880e55b:flow:9a89f177ff4c	SESSION-4f12bb9f5880e55b → flow:9a89f177ff4c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c3a58fc1fb15d0c4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c3a58fc1fb15d0c4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:6f971cb3d3a9	flow:6f971cb3d3a9 → host:172.234.197.23 → host:131.196.30.212 → port:tcp:38626
FLOW_TO_HOSTOBS	e:to:SESSION-e9e9835a2b91f231:host:177.10.239.69	SESSION-e9e9835a2b91f231 → host:177.10.239.69
flow_observed4-aryOBS	e:fo:flow:b43506a49673	flow:b43506a49673 → host:172.234.197.23 → host:131.196.28.101 → port:tcp:55844
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.80:geo_-23.62930_-46.63510	host:131.196.29.80 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37c43e7a9f6dcf12:flow:aa5d832c70b6	SESSION-37c43e7a9f6dcf12 → flow:aa5d832c70b6
FLOW_TO_HOSTOBS	e:to:SESSION-685011adf9d67a1b:host:172.234.197.23	SESSION-685011adf9d67a1b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:414c0680932d:port:tcp:45411	flow:414c0680932d → port:tcp:45411
FLOW_DST_PORTOBS	e:fp:flow:3ebf35a3b054:port:tcp:443	flow:3ebf35a3b054 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-85f4ab9e3ed21fa2:SESSION-85f4ab9e3ed21fa2	SESSION-85f4ab9e3ed21fa2 → pe:tls:SESSION-85f4ab9e3ed21fa2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7eecd546334ac489:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-7eecd546334ac489 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1362b7f51908925c:PCAP:capture_20260430150001:ded20914761d	SESSION-1362b7f51908925c → PCAP:capture_20260430150001:ded20914761d
flow_observed5-aryOBS	e:fo:flow:9a053f79f2d6	flow:9a053f79f2d6 → host:177.10.236.129 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3930651da0a26cb4:host:172.234.197.23	SESSION-3930651da0a26cb4 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d862dda647c7051:PCAP:capture_20260430080001:93f47cc296a4	SESSION-1d862dda647c7051 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:07ac00663499	flow:07ac00663499 → host:177.10.234.72 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:08b78d4a079b	flow:08b78d4a079b → host:172.234.197.23 → host:131.196.29.97 → port:tcp:39140
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5278b2d1db18e971:flow:4ca05642840a	SESSION-5278b2d1db18e971 → flow:4ca05642840a
FLOW_DST_PORTOBS	e:fp:flow:c4cda82c081c:port:tcp:443	flow:c4cda82c081c → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-122c3f68e4c2a7ca:host:177.10.233.95:host:172.234.197.23	SESSION-122c3f68e4c2a7ca → host:177.10.233.95 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f479797471e82d6b:flow:c65ffce57077	SESSION-f479797471e82d6b → flow:c65ffce57077
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f99dd3ca5b14a25:host:177.10.238.50	SESSION-2f99dd3ca5b14a25 → host:177.10.238.50
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.240:geo_-16.28860_-49.01640	host:177.10.237.240 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-40ef48225b459fb9:host:177.10.238.107:host:172.234.197.23	SESSION-40ef48225b459fb9 → host:177.10.238.107 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.138:geo_-16.28860_-49.01640	host:177.10.237.138 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:c0018fe69521:port:tcp:59977	flow:c0018fe69521 → port:tcp:59977
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-597e69ebdf7ef93f:host:172.234.197.23	SESSION-597e69ebdf7ef93f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f7b6df677653:port:tcp:699	flow:f7b6df677653 → port:tcp:699
flow_observed4-aryOBS	e:fo:flow:96df7cf294bd	flow:96df7cf294bd → host:172.234.197.23 → host:131.196.31.2 → port:tcp:13023
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5016108ab6552957:flow:9cdd8a130290	SESSION-5016108ab6552957 → flow:9cdd8a130290
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-52e63b8cb0c4a7de:host:177.10.238.135:host:172.234.197.23	SESSION-52e63b8cb0c4a7de → host:177.10.238.135 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9af6eb1ce6cb824f:flow:14302fa43c8e	SESSION-9af6eb1ce6cb824f → flow:14302fa43c8e
FLOW_FROM_HOSTOBS	e:from:SESSION-9dcf6e772a239b46:host:177.10.235.202	SESSION-9dcf6e772a239b46 → host:177.10.235.202
flow_observed5-aryOBS	e:fo:flow:d14117ba89ea	flow:d14117ba89ea → host:66.228.53.46 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.17:geo_-16.28860_-49.01640	host:177.10.233.17 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-54530aea57b72d0f:SESSION-54530aea57b72d0f	SESSION-54530aea57b72d0f → pe:tls:SESSION-54530aea57b72d0f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b4dc175dd74a3b00:SESSION-b4dc175dd74a3b00	SESSION-b4dc175dd74a3b00 → pe:tls:SESSION-b4dc175dd74a3b00
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1a136c944084425c:flow:e4da5ee22f0b	SESSION-1a136c944084425c → flow:e4da5ee22f0b
FLOW_TO_HOSTOBS	e:to:SESSION-6ed5a5f4d7e8650f:host:172.234.197.23	SESSION-6ed5a5f4d7e8650f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:57bb81ff7455	flow:57bb81ff7455 → host:177.10.234.40 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.69:asn:271410	host:131.196.28.69 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d811160d7459a4b2:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-d811160d7459a4b2 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a6b62b6aad076f58:host:172.234.197.23:host:177.10.236.31	SESSION-a6b62b6aad076f58 → host:172.234.197.23 → host:177.10.236.31
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6e5392ca321cb1ed:host:131.196.29.85:host:172.234.197.23	SESSION-6e5392ca321cb1ed → host:131.196.29.85 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:918025e4b0e2	flow:918025e4b0e2 → host:131.196.28.246 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-45f8302f1d804897:host:109.89.117.44	SESSION-45f8302f1d804897 → host:109.89.117.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3f275f56cd4e0d64:SESSION-3f275f56cd4e0d64	SESSION-3f275f56cd4e0d64 → pe:syn:SESSION-3f275f56cd4e0d64
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-098ed7054a17b347:PCAP:capture_20260430080001:93f47cc296a4	SESSION-098ed7054a17b347 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ef5ed6d64625f76:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8ef5ed6d64625f76 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c6f6eb6f56b12c37:host:177.10.238.190:host:172.234.197.23	SESSION-c6f6eb6f56b12c37 → host:177.10.238.190 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-eac07967aaca78dc:host:172.234.197.23	SESSION-eac07967aaca78dc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27f33a2015337a96:host:172.234.197.23	SESSION-27f33a2015337a96 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aae42b7cc2993272:host:17.22.253.177:host:172.234.197.23	SESSION-aae42b7cc2993272 → host:17.22.253.177 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0414bb340c93930b:host:177.10.234.93	SESSION-0414bb340c93930b → host:177.10.234.93
HOST_IN_ASNOBS 85%	e:ha:host:51.224.53.144:asn:16509	host:51.224.53.144 → asn:16509
FLOW_DST_PORTOBS	e:fp:flow:8a3c0b7a19d4:port:tcp:443	flow:8a3c0b7a19d4 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:b427586d6e58:port:tcp:443	flow:b427586d6e58 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ccb8c7743352cfdc:SESSION-ccb8c7743352cfdc	SESSION-ccb8c7743352cfdc → pe:syn:SESSION-ccb8c7743352cfdc
FLOW_DST_PORTOBS	e:fp:flow:1438472b9ed2:port:tcp:443	flow:1438472b9ed2 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-548dd69287ac8927:host:177.10.234.199	SESSION-548dd69287ac8927 → host:177.10.234.199
FLOW_FROM_HOSTOBS	e:from:SESSION-7da23a3c779474e1:host:44.255.175.112	SESSION-7da23a3c779474e1 → host:44.255.175.112
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-63fc840f6df40503:SESSION-63fc840f6df40503	SESSION-63fc840f6df40503 → pe:tls:SESSION-63fc840f6df40503
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bc3682173c4cf6b:host:172.234.197.23	SESSION-3bc3682173c4cf6b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1863330d3e94cce5:host:172.234.197.23	SESSION-1863330d3e94cce5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0f21a1d46f067dc:flow:0f31b5ae1eaf	SESSION-c0f21a1d46f067dc → flow:0f31b5ae1eaf
FLOW_DST_PORTOBS	e:fp:flow:58c3e3a098e4:port:tcp:443	flow:58c3e3a098e4 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a3df3a26ac38d69:SESSION-4a3df3a26ac38d69	SESSION-4a3df3a26ac38d69 → pe:tls:SESSION-4a3df3a26ac38d69
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0bf80193393b0fad:SESSION-0bf80193393b0fad	SESSION-0bf80193393b0fad → pe:syn:SESSION-0bf80193393b0fad
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7cb141c8461d1a4d:SESSION-7cb141c8461d1a4d	SESSION-7cb141c8461d1a4d → pe:tls:SESSION-7cb141c8461d1a4d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.245.183.167:geo_45.84010_-119.70500	host:54.245.183.167 → geo_45.84010_-119.70500
FLOW_TO_HOSTOBS	e:to:SESSION-301cccab595ff1f6:host:172.234.197.23	SESSION-301cccab595ff1f6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ef1bfc51ed52e33:SESSION-8ef1bfc51ed52e33	SESSION-8ef1bfc51ed52e33 → pe:tls:SESSION-8ef1bfc51ed52e33
flow_observed5-aryOBS	e:fo:flow:b62bf8afb52c	flow:b62bf8afb52c → host:177.10.238.122 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-140cb8b81d438202:host:177.10.237.82	SESSION-140cb8b81d438202 → host:177.10.237.82
FLOW_DST_PORTOBS	e:fp:flow:67558caa7d6b:port:tcp:443	flow:67558caa7d6b → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c36a1f3b5aad9a99:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c36a1f3b5aad9a99 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-e2edb47571c4ed35:host:172.234.197.23	SESSION-e2edb47571c4ed35 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.253:geo_-23.62930_-46.63510	host:131.196.30.253 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-30b7709547a366f1:SESSION-30b7709547a366f1	SESSION-30b7709547a366f1 → pe:syn:SESSION-30b7709547a366f1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fa3e9fc803f342ab:flow:8cb7ebd2e1a0	SESSION-fa3e9fc803f342ab → flow:8cb7ebd2e1a0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c7239dbaec89ca2f:flow:0595b0579d8a	SESSION-c7239dbaec89ca2f → flow:0595b0579d8a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2be3bd33b6267f94:host:177.10.232.35	SESSION-2be3bd33b6267f94 → host:177.10.232.35
flow_observed5-aryOBS	e:fo:flow:bb55c33944ff	flow:bb55c33944ff → host:177.10.234.203 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:26ac88054b83	flow:26ac88054b83 → host:172.234.197.23 → host:177.10.238.45 → port:tcp:30409
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fda5d1d0c89bbfd4:host:172.234.197.23	SESSION-fda5d1d0c89bbfd4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8e44af15232c6a53:SESSION-8e44af15232c6a53	SESSION-8e44af15232c6a53 → pe:tls:SESSION-8e44af15232c6a53
flow_observed5-aryOBS	e:fo:flow:10d5d6d2cffc	flow:10d5d6d2cffc → host:177.10.234.186 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a7aa94b5f9268de0:PCAP:capture_20260430060001:919b39a74464	SESSION-a7aa94b5f9268de0 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:925bccf38367:port:tcp:443	flow:925bccf38367 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:f55dc2533c7d:port:tcp:80	flow:f55dc2533c7d → port:tcp:80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6617d8dfad1357d9:flow:0dd04f1a7f99	SESSION-6617d8dfad1357d9 → flow:0dd04f1a7f99
FLOW_FROM_HOSTOBS	e:from:SESSION-51e02a163c57adb5:host:177.10.233.249	SESSION-51e02a163c57adb5 → host:177.10.233.249
flow_observed5-aryOBS	e:fo:flow:0a1e22c3bd61	flow:0a1e22c3bd61 → host:177.10.239.9 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-de1a59c6958513ff:flow:9889c1ff750a	SESSION-de1a59c6958513ff → flow:9889c1ff750a
FLOW_TO_HOSTOBS	e:to:SESSION-7cf4eefda54138cc:host:131.196.30.36	SESSION-7cf4eefda54138cc → host:131.196.30.36
FLOW_DST_PORTOBS	e:fp:flow:49d51b781591:port:tcp:443	flow:49d51b781591 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a886511518ded078:host:172.234.197.23	SESSION-a886511518ded078 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bb7c4827354230c4:host:45.173.156.69	SESSION-bb7c4827354230c4 → host:45.173.156.69
FLOW_FROM_HOSTOBS	e:from:SESSION-7488427d80d09cd9:host:131.196.29.70	SESSION-7488427d80d09cd9 → host:131.196.29.70
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.231:geo_-16.28860_-49.01640	host:177.10.236.231 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:055b0031659d:port:tcp:443	flow:055b0031659d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b338c508fb604797:SESSION-b338c508fb604797	SESSION-b338c508fb604797 → pe:tls:SESSION-b338c508fb604797
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f49b20c8baea20b:host:177.10.235.1	SESSION-9f49b20c8baea20b → host:177.10.235.1
FLOW_DST_PORTOBS	e:fp:flow:7f816c2a0cdd:port:tcp:443	flow:7f816c2a0cdd → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e6a07ad54f9ab5f8:flow:bea613e6f5e4	SESSION-e6a07ad54f9ab5f8 → flow:bea613e6f5e4
FLOW_FROM_HOSTOBS	e:from:SESSION-b8693b808e1d6b7d:host:172.234.197.23	SESSION-b8693b808e1d6b7d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d612e7f6da31	flow:d612e7f6da31 → host:177.10.238.46 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-26e26ae77a5f41e1:flow:6b0f2e0dfbd5	SESSION-26e26ae77a5f41e1 → flow:6b0f2e0dfbd5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5aeffc2a4b56ba0:host:131.196.31.190	SESSION-d5aeffc2a4b56ba0 → host:131.196.31.190
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-75cb9fe69e287da9:SESSION-75cb9fe69e287da9	SESSION-75cb9fe69e287da9 → pe:tls:SESSION-75cb9fe69e287da9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c7201144bad9d462:host:131.196.30.242:host:172.234.197.23	SESSION-c7201144bad9d462 → host:131.196.30.242 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8f0e5de26982cc62:host:172.234.197.23:host:131.196.28.207	SESSION-8f0e5de26982cc62 → host:172.234.197.23 → host:131.196.28.207
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-598f28b8a9577970:host:131.196.31.1	SESSION-598f28b8a9577970 → host:131.196.31.1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb88b05b3590e26e:host:45.173.156.57	SESSION-cb88b05b3590e26e → host:45.173.156.57
FLOW_TO_HOSTOBS	e:to:SESSION-81de972e9a362700:host:172.234.197.23	SESSION-81de972e9a362700 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-029d1f2d00b0343a:host:172.234.197.23:host:45.173.156.153	SESSION-029d1f2d00b0343a → host:172.234.197.23 → host:45.173.156.153
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d54bd183a716274c:flow:ba9d53194809	SESSION-d54bd183a716274c → flow:ba9d53194809
flow_observed5-aryOBS	e:fo:flow:0b5125f695b7	flow:0b5125f695b7 → host:177.10.239.247 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-957293060df71cd6:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-957293060df71cd6 → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed3-aryOBS	e:fo:flow:b296d0de8ba2	flow:b296d0de8ba2 → host:54.184.232.115 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4387fd9792a7eb8a:PCAP:capture_20260430150001:ded20914761d	SESSION-4387fd9792a7eb8a → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e06ceb4b0294ceac:SESSION-e06ceb4b0294ceac	SESSION-e06ceb4b0294ceac → pe:syn:SESSION-e06ceb4b0294ceac
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5d4ae68a057da74d:SESSION-5d4ae68a057da74d	SESSION-5d4ae68a057da74d → pe:tls:SESSION-5d4ae68a057da74d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-014d878748f613f9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-014d878748f613f9 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:34b3e06e1c51	flow:34b3e06e1c51 → host:177.10.237.93 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-39452ac6bcbae8d3:SESSION-39452ac6bcbae8d3	SESSION-39452ac6bcbae8d3 → pe:syn:SESSION-39452ac6bcbae8d3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1065c42d5133f02c:host:131.196.31.235	SESSION-1065c42d5133f02c → host:131.196.31.235
flow_observed4-aryOBS	e:fo:flow:38454e7c329d	flow:38454e7c329d → host:172.234.197.23 → host:177.10.232.45 → port:tcp:49780
flow_observed5-aryOBS	e:fo:flow:03f0c9cd6d0d	flow:03f0c9cd6d0d → host:131.196.29.237 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0427ab07f20fae31:host:131.196.31.46	SESSION-0427ab07f20fae31 → host:131.196.31.46
FLOW_TO_HOSTOBS	e:to:SESSION-2ec65811ecc506ca:host:172.234.197.23	SESSION-2ec65811ecc506ca → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65c1debe675497c7:host:172.234.197.23:host:45.173.156.3	SESSION-65c1debe675497c7 → host:172.234.197.23 → host:45.173.156.3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c7b12eb68f09b08a:flow:1367069131cb	SESSION-c7b12eb68f09b08a → flow:1367069131cb
FLOW_FROM_HOSTOBS	e:from:SESSION-ceaf5a04e9815b11:host:172.234.197.23	SESSION-ceaf5a04e9815b11 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b09cf74640ed889e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-b09cf74640ed889e → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-757e5ed1a89f1610:host:131.196.28.93	SESSION-757e5ed1a89f1610 → host:131.196.28.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-be5c05381a363417:SESSION-be5c05381a363417	SESSION-be5c05381a363417 → pe:syn:SESSION-be5c05381a363417
FLOW_FROM_HOSTOBS	e:from:SESSION-a87d3ab31183768a:host:95.170.25.90	SESSION-a87d3ab31183768a → host:95.170.25.90
FLOW_DST_PORTOBS	e:fp:flow:e4e64fcc9780:port:tcp:6906	flow:e4e64fcc9780 → port:tcp:6906
FLOW_DST_PORTOBS	e:fp:flow:6c18405fe773:port:tcp:443	flow:6c18405fe773 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:1fd0dc7523f1	flow:1fd0dc7523f1 → host:177.10.234.114 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-347229f80efdfaa4:host:172.234.197.23	SESSION-347229f80efdfaa4 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.64:geo_-16.28860_-49.01640	host:177.10.238.64 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.76:geo_-23.62930_-46.63510	host:131.196.29.76 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f56950d8d19e118b:SESSION-f56950d8d19e118b	SESSION-f56950d8d19e118b → pe:tls:SESSION-f56950d8d19e118b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51daf4959db84d02:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-51daf4959db84d02 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16a55bcfd76736b7:host:131.196.28.102	SESSION-16a55bcfd76736b7 → host:131.196.28.102
flow_observed4-aryOBS	e:fo:flow:457e8ed21eb2	flow:457e8ed21eb2 → host:172.234.197.23 → host:131.196.30.72 → port:tcp:65184
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f04e938497dcf32a:flow:8b934233cfa6	SESSION-f04e938497dcf32a → flow:8b934233cfa6
flow_observed4-aryOBS	e:fo:flow:666b02f57941	flow:666b02f57941 → host:172.234.197.23 → host:131.196.28.247 → port:tcp:24667
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.174:asn:262880	host:177.10.235.174 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b02fe311e9b10a6:host:172.234.197.23	SESSION-0b02fe311e9b10a6 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8402a55882de6bd8:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8402a55882de6bd8 → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.188:geo_-16.28860_-49.01640	host:177.10.237.188 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.68:geo_-23.62930_-46.63510	host:131.196.30.68 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f479797471e82d6b:host:177.10.233.121:host:172.234.197.23	SESSION-f479797471e82d6b → host:177.10.233.121 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9bc5f3d34b7b8244:SESSION-9bc5f3d34b7b8244	SESSION-9bc5f3d34b7b8244 → pe:syn:SESSION-9bc5f3d34b7b8244
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e577d7cf1b0ace36:flow:a1208b68c508	SESSION-e577d7cf1b0ace36 → flow:a1208b68c508
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ad9dd4ac6be1fc2:SESSION-1ad9dd4ac6be1fc2	SESSION-1ad9dd4ac6be1fc2 → pe:syn:SESSION-1ad9dd4ac6be1fc2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-04a75396d111d878:host:177.10.238.222	SESSION-04a75396d111d878 → host:177.10.238.222
FLOW_DST_PORTOBS	e:fp:flow:8cfb704b39ee:port:tcp:57787	flow:8cfb704b39ee → port:tcp:57787
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eb2fd2ce02add556:SESSION-eb2fd2ce02add556	SESSION-eb2fd2ce02add556 → pe:syn:SESSION-eb2fd2ce02add556
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-11d5793dfe2c0097:PCAP:capture_20260430050001:8868731bf8a4	SESSION-11d5793dfe2c0097 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:b59aa54799af	flow:b59aa54799af → host:131.196.29.114 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-feb3207d55e7c5c5:PCAP:capture_20260430080001:93f47cc296a4	SESSION-feb3207d55e7c5c5 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f45c3ab8ea783ada:host:131.196.31.177:host:172.234.197.23	SESSION-f45c3ab8ea783ada → host:131.196.31.177 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33348e69a2613db6:host:92.112.71.27	SESSION-33348e69a2613db6 → host:92.112.71.27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2875d034c942a134:SESSION-2875d034c942a134	SESSION-2875d034c942a134 → pe:syn:SESSION-2875d034c942a134
FLOW_FROM_HOSTOBS	e:from:SESSION-718be43f3a8e9f39:host:131.196.29.232	SESSION-718be43f3a8e9f39 → host:131.196.29.232
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-22ef7e58c288a4dd:SESSION-22ef7e58c288a4dd	SESSION-22ef7e58c288a4dd → pe:tls:SESSION-22ef7e58c288a4dd
FLOW_DST_PORTOBS	e:fp:flow:164fda188da7:port:tcp:50493	flow:164fda188da7 → port:tcp:50493
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-007d1747f3bd10df:flow:4f9ba05f8ce7	SESSION-007d1747f3bd10df → flow:4f9ba05f8ce7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f4e3933219f15471:host:45.173.156.61:host:172.234.197.23	SESSION-f4e3933219f15471 → host:45.173.156.61 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93c7fae83342c58e:host:131.196.31.79	SESSION-93c7fae83342c58e → host:131.196.31.79
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c98a634aa4cfbed2:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c98a634aa4cfbed2 → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.239:asn:203771	host:37.221.79.239 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c3d14af1a5eb503:host:172.234.197.23	SESSION-8c3d14af1a5eb503 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-64913b40dfec355f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-64913b40dfec355f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5bae596d14ec2741:SESSION-5bae596d14ec2741	SESSION-5bae596d14ec2741 → pe:syn:SESSION-5bae596d14ec2741
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5c80786b4900f92c:SESSION-5c80786b4900f92c	SESSION-5c80786b4900f92c → pe:tls:SESSION-5c80786b4900f92c
FLOW_TO_HOSTOBS	e:to:SESSION-bc3cb32f8be8837a:host:172.234.197.23	SESSION-bc3cb32f8be8837a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1057767eda3c24b1:host:172.234.197.23	SESSION-1057767eda3c24b1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-58ff4ad892ea2c04:host:172.234.197.23	SESSION-58ff4ad892ea2c04 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d8c774bbe3f97971:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-d8c774bbe3f97971 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-2139588c74105d1b:host:35.92.48.165	SESSION-2139588c74105d1b → host:35.92.48.165
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-94594005437ae120:SESSION-94594005437ae120	SESSION-94594005437ae120 → pe:syn:SESSION-94594005437ae120
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fbcca05a1b3df0cf:SESSION-fbcca05a1b3df0cf	SESSION-fbcca05a1b3df0cf → pe:syn:SESSION-fbcca05a1b3df0cf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-136fe1663b76b4f2:host:177.10.237.49	SESSION-136fe1663b76b4f2 → host:177.10.237.49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c491b8c96ce6e8c2:SESSION-c491b8c96ce6e8c2	SESSION-c491b8c96ce6e8c2 → pe:syn:SESSION-c491b8c96ce6e8c2
FLOW_TO_HOSTOBS	e:to:SESSION-fa9dc0f394726313:host:172.234.197.23	SESSION-fa9dc0f394726313 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2d91021715d1	flow:2d91021715d1 → host:177.10.236.92 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3bc3682173c4cf6b:flow:6302410381b3	SESSION-3bc3682173c4cf6b → flow:6302410381b3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be2d81a12844874f:flow:5ea383d079f2	SESSION-be2d81a12844874f → flow:5ea383d079f2
FLOW_TO_HOSTOBS	e:to:SESSION-0ce4962ca3a156ee:host:172.234.197.23	SESSION-0ce4962ca3a156ee → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a43b551ff0093c7:host:177.10.237.115:host:172.234.197.23	SESSION-8a43b551ff0093c7 → host:177.10.237.115 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d36dc6d7eb80:port:tcp:443	flow:d36dc6d7eb80 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-28af2e1f4e778075:SESSION-28af2e1f4e778075	SESSION-28af2e1f4e778075 → pe:syn:SESSION-28af2e1f4e778075
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-481702f1e56ec074:host:177.10.239.167:host:172.234.197.23	SESSION-481702f1e56ec074 → host:177.10.239.167 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.54:geo_-23.62930_-46.63510	host:131.196.30.54 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f2cbf1ff9debe345:PCAP:capture_20260430080001:93f47cc296a4	SESSION-f2cbf1ff9debe345 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-723b8399a0bced6b:PCAP:capture_20260430060001:919b39a74464	SESSION-723b8399a0bced6b → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-def0cb8d87964dca:host:172.234.197.23	SESSION-def0cb8d87964dca → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-78f6342ed3f64031:SESSION-78f6342ed3f64031	SESSION-78f6342ed3f64031 → pe:tls:SESSION-78f6342ed3f64031
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8314ac7032421127:host:177.10.239.217:host:172.234.197.23	SESSION-8314ac7032421127 → host:177.10.239.217 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5fa5716fea2946da:host:131.196.30.170:host:172.234.197.23	SESSION-5fa5716fea2946da → host:131.196.30.170 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ca6098e1767361a3:host:177.10.235.114	SESSION-ca6098e1767361a3 → host:177.10.235.114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8a57b2200e62e75:SESSION-c8a57b2200e62e75	SESSION-c8a57b2200e62e75 → pe:syn:SESSION-c8a57b2200e62e75
FLOW_TO_HOSTOBS	e:to:SESSION-f07097ffc1d464e5:host:131.196.29.161	SESSION-f07097ffc1d464e5 → host:131.196.29.161
FLOW_TO_HOSTOBS	e:to:SESSION-30c6bfe2ed3a5bca:host:172.234.197.23	SESSION-30c6bfe2ed3a5bca → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:351a27e379de:port:tcp:443	flow:351a27e379de → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-65029066d9cd1f24:host:45.173.156.10	SESSION-65029066d9cd1f24 → host:45.173.156.10
FLOW_FROM_HOSTOBS	e:from:SESSION-807885e153f56a02:host:177.10.238.164	SESSION-807885e153f56a02 → host:177.10.238.164
flow_observed5-aryOBS	e:fo:flow:d2c9dbccf315	flow:d2c9dbccf315 → host:177.10.235.1 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-2f997fef874b1b1e:SESSION-2f997fef874b1b1e	SESSION-2f997fef874b1b1e → pe:dns:SESSION-2f997fef874b1b1e
FLOW_TO_HOSTOBS	e:to:SESSION-bf1877ae18abdd85:host:172.234.197.23	SESSION-bf1877ae18abdd85 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.82:asn:273470	host:45.173.156.82 → asn:273470
FLOW_TO_HOSTOBS	e:to:SESSION-4754bc389b07ad3e:host:172.234.197.23	SESSION-4754bc389b07ad3e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e6a33b2431fb:port:tcp:42045	flow:e6a33b2431fb → port:tcp:42045
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-73c4b3cbea42a394:SESSION-73c4b3cbea42a394	SESSION-73c4b3cbea42a394 → pe:tls:SESSION-73c4b3cbea42a394
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e3916b0aa19b751:host:131.196.29.167	SESSION-0e3916b0aa19b751 → host:131.196.29.167
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7a301fd9da8621bb:PCAP:capture_20260430050001:8868731bf8a4	SESSION-7a301fd9da8621bb → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:ced68eb37f09	flow:ced68eb37f09 → host:172.234.197.23 → host:177.10.234.238 → port:tcp:41102
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a83f7d2591dcabf5:flow:b1dc75676208	SESSION-a83f7d2591dcabf5 → flow:b1dc75676208
FLOW_FROM_HOSTOBS	e:from:SESSION-7c85a8771eed4d0f:host:177.10.232.33	SESSION-7c85a8771eed4d0f → host:177.10.232.33
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6a72e7bc5d973ed2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6a72e7bc5d973ed2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c9136bc11056d23d:host:177.10.237.162:host:172.234.197.23	SESSION-c9136bc11056d23d → host:177.10.237.162 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.249:geo_-23.62930_-46.63510	host:131.196.29.249 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afbbd778f47cc6c1:host:131.196.29.41	SESSION-afbbd778f47cc6c1 → host:131.196.29.41
flow_observed5-aryOBS	e:fo:flow:f5f79f7f7c6a	flow:f5f79f7f7c6a → host:131.196.28.198 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b93959f6df3f665b:SESSION-b93959f6df3f665b	SESSION-b93959f6df3f665b → pe:tls:SESSION-b93959f6df3f665b
FLOW_FROM_HOSTOBS	e:from:SESSION-7771c9cc3604c57a:host:131.196.29.21	SESSION-7771c9cc3604c57a → host:131.196.29.21
flow_observed5-aryOBS	e:fo:flow:d8c2982da4e9	flow:d8c2982da4e9 → host:131.196.28.42 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-31d47da03b5e0774:SESSION-31d47da03b5e0774	SESSION-31d47da03b5e0774 → pe:tls:SESSION-31d47da03b5e0774
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ba642a19e1a643ce:flow:849ba2658df2	SESSION-ba642a19e1a643ce → flow:849ba2658df2
FLOW_TO_HOSTOBS	e:to:SESSION-89ddb9a3043f63a3:host:172.234.197.23	SESSION-89ddb9a3043f63a3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9e80400e49e1	flow:9e80400e49e1 → host:45.145.152.188 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_TO_HOSTOBS	e:to:SESSION-168a40fae7c0f56d:host:172.234.197.23	SESSION-168a40fae7c0f56d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:47394acbd284:port:tcp:63083	flow:47394acbd284 → port:tcp:63083
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-884df81342ed3b04:flow:ba34db124ffc	SESSION-884df81342ed3b04 → flow:ba34db124ffc
flow_observed3-aryOBS	e:fo:flow:4b76490d68cf	flow:4b76490d68cf → host:103.155.16.117 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4076f0f6734ca69:flow:576f60128685	SESSION-d4076f0f6734ca69 → flow:576f60128685
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d77012e48557176:flow:ad0281c16a8a	SESSION-1d77012e48557176 → flow:ad0281c16a8a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-59de2965684be0b6:host:131.196.30.126:host:172.234.197.23	SESSION-59de2965684be0b6 → host:131.196.30.126 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e7caeaef261aefc4:host:177.10.238.187:host:172.234.197.23	SESSION-e7caeaef261aefc4 → host:177.10.238.187 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2a705ce382fec48a:host:131.196.30.128:host:172.234.197.23	SESSION-2a705ce382fec48a → host:131.196.30.128 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e7af3e500f20cf8:SESSION-4e7af3e500f20cf8	SESSION-4e7af3e500f20cf8 → pe:tls:SESSION-4e7af3e500f20cf8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-968009a702657adb:SESSION-968009a702657adb	SESSION-968009a702657adb → pe:syn:SESSION-968009a702657adb
FLOW_DST_PORTOBS	e:fp:flow:940a647764f1:port:tcp:28335	flow:940a647764f1 → port:tcp:28335
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e77bd841354043c4:host:177.10.237.155	SESSION-e77bd841354043c4 → host:177.10.237.155
FLOW_TO_HOSTOBS	e:to:SESSION-71cb82af8f37b35d:host:172.234.197.23	SESSION-71cb82af8f37b35d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1c21445b24cd8699:flow:9e4891f10bc3	SESSION-1c21445b24cd8699 → flow:9e4891f10bc3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9335dee651513692:SESSION-9335dee651513692	SESSION-9335dee651513692 → pe:tls:SESSION-9335dee651513692
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77b68b84e12bfaab:flow:2981d1088db9	SESSION-77b68b84e12bfaab → flow:2981d1088db9
FLOW_DST_PORTOBS	e:fp:flow:0ff7a75e4f64:port:tcp:52073	flow:0ff7a75e4f64 → port:tcp:52073
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eead3829bc62f23e:host:172.234.197.23	SESSION-eead3829bc62f23e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f76d275e2b42c8d0:host:172.234.197.23	SESSION-f76d275e2b42c8d0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d13284d1e9c6a901:host:172.234.197.23	SESSION-d13284d1e9c6a901 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0dbdaab1cb35f54:host:131.196.30.244:host:172.234.197.23	SESSION-c0dbdaab1cb35f54 → host:131.196.30.244 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3f499886bc2e:port:tcp:443	flow:3f499886bc2e → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-03724996262dbf01:host:177.10.239.148	SESSION-03724996262dbf01 → host:177.10.239.148
FLOW_TO_HOSTOBS	e:to:SESSION-2f32bbf866d49408:host:131.196.29.15	SESSION-2f32bbf866d49408 → host:131.196.29.15
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a70cd7da1062faad:PCAP:capture_20260430050001:8868731bf8a4	SESSION-a70cd7da1062faad → PCAP:capture_20260430050001:8868731bf8a4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.179:asn:271410	host:131.196.30.179 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d8f5cec7e169b47:host:172.234.197.23	SESSION-2d8f5cec7e169b47 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-47fa70a72a159eed:host:172.234.197.23	SESSION-47fa70a72a159eed → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b236f75d1c6493bc:host:177.10.232.251	SESSION-b236f75d1c6493bc → host:177.10.232.251
FLOW_FROM_HOSTOBS	e:from:SESSION-102bebe502918f62:host:172.234.197.23	SESSION-102bebe502918f62 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f2f14bb2a06741aa:host:177.10.239.135	SESSION-f2f14bb2a06741aa → host:177.10.239.135
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-581b4c1bc6ff5f0b:flow:a7ced61ba274	SESSION-581b4c1bc6ff5f0b → flow:a7ced61ba274
FLOW_DST_PORTOBS	e:fp:flow:a92b40db2dd8:port:tcp:80	flow:a92b40db2dd8 → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-792b602eaec629a3:host:172.234.197.23	SESSION-792b602eaec629a3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8663c7c8fd51be8d:host:172.234.197.23	SESSION-8663c7c8fd51be8d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-af24c7046d264e7e:SESSION-af24c7046d264e7e	SESSION-af24c7046d264e7e → pe:syn:SESSION-af24c7046d264e7e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b1dfe7de9432473b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-b1dfe7de9432473b → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-a6ed96bf23ac2f6b:host:131.196.29.15	SESSION-a6ed96bf23ac2f6b → host:131.196.29.15
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.37:geo_-16.28860_-49.01640	host:177.10.232.37 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8f98b72d4ec65d75:flow:ffa0d604aa19	SESSION-8f98b72d4ec65d75 → flow:ffa0d604aa19
FLOW_FROM_HOSTOBS	e:from:SESSION-74fa9a10a5811b00:host:172.234.197.23	SESSION-74fa9a10a5811b00 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0cb5698f1d5957a:flow:dd3dc8325244	SESSION-c0cb5698f1d5957a → flow:dd3dc8325244
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-030b2a260e8012dd:flow:08a3c204e87b	SESSION-030b2a260e8012dd → flow:08a3c204e87b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-39d5adc1c22dd7ee:flow:fc97460ddf77	SESSION-39d5adc1c22dd7ee → flow:fc97460ddf77
FLOW_FROM_HOSTOBS	e:from:SESSION-1a75f9666a4fd8c5:host:131.196.31.237	SESSION-1a75f9666a4fd8c5 → host:131.196.31.237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e0f3c8a35641f7b:host:172.234.197.23	SESSION-8e0f3c8a35641f7b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ffe6ab3345b8c10e:flow:e3039f9f3e4f	SESSION-ffe6ab3345b8c10e → flow:e3039f9f3e4f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad7d874b9cd6bce1:host:172.234.197.23	SESSION-ad7d874b9cd6bce1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2ba1cfcea34ace70:host:172.234.197.23	SESSION-2ba1cfcea34ace70 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-53fb5011e3d13c28:SESSION-53fb5011e3d13c28	SESSION-53fb5011e3d13c28 → pe:syn:SESSION-53fb5011e3d13c28
FLOW_DST_PORTOBS	e:fp:flow:cf96beddf3bc:port:tcp:443	flow:cf96beddf3bc → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c56dcfb05d3a50ba:host:177.10.238.146	SESSION-c56dcfb05d3a50ba → host:177.10.238.146
flow_observed5-aryOBS	e:fo:flow:c80293dc61c3	flow:c80293dc61c3 → host:177.10.239.62 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d9ef85fb3b83fc71:SESSION-d9ef85fb3b83fc71	SESSION-d9ef85fb3b83fc71 → pe:tls:SESSION-d9ef85fb3b83fc71
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.96:asn:203771	host:31.40.196.96 → asn:203771
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:78.12.17.95:geo_20.58790_-100.38790	host:78.12.17.95 → geo_20.58790_-100.38790
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1cb1824ec0ef0f8a:host:172.234.197.23:host:177.10.236.14	SESSION-1cb1824ec0ef0f8a → host:172.234.197.23 → host:177.10.236.14
flow_observed4-aryOBS	e:fo:flow:05b7e2fc6f55	flow:05b7e2fc6f55 → host:172.234.197.23 → host:45.173.156.72 → port:tcp:42748
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-56d3b103682c9fbe:flow:ab4ed9ea97af	SESSION-56d3b103682c9fbe → flow:ab4ed9ea97af
FLOW_TO_HOSTOBS	e:to:SESSION-68b7f3c84c5e7661:host:177.10.236.236	SESSION-68b7f3c84c5e7661 → host:177.10.236.236
FLOW_FROM_HOSTOBS	e:from:SESSION-074c4a6b1ee06430:host:177.10.235.122	SESSION-074c4a6b1ee06430 → host:177.10.235.122
FLOW_FROM_HOSTOBS	e:from:SESSION-bb5021014b7af5cb:host:172.234.197.23	SESSION-bb5021014b7af5cb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-10ba6936b0af1959:flow:e7744e976837	SESSION-10ba6936b0af1959 → flow:e7744e976837
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4da5ddbc1348c177:SESSION-4da5ddbc1348c177	SESSION-4da5ddbc1348c177 → pe:syn:SESSION-4da5ddbc1348c177
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.191:asn:271410	host:131.196.29.191 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3d2c48d2810841c0:flow:318f852456b4	SESSION-3d2c48d2810841c0 → flow:318f852456b4
FLOW_DST_PORTOBS	e:fp:flow:ea2fa5e8521f:port:tcp:373	flow:ea2fa5e8521f → port:tcp:373
flow_observed5-aryOBS	e:fo:flow:64dd9e76d75f	flow:64dd9e76d75f → host:177.10.239.20 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-31b6c18ffff74955:flow:15328a444bdb	SESSION-31b6c18ffff74955 → flow:15328a444bdb
FLOW_DST_PORTOBS	e:fp:flow:1366dc593583:port:tcp:443	flow:1366dc593583 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1e0a6d0f6eee882:host:177.10.235.165:host:172.234.197.23	SESSION-d1e0a6d0f6eee882 → host:177.10.235.165 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ba1793b4e05c9885:host:172.234.197.23	SESSION-ba1793b4e05c9885 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb6cea4441256ebd:flow:60b25f2806fd	SESSION-cb6cea4441256ebd → flow:60b25f2806fd
FLOW_TO_HOSTOBS	e:to:SESSION-eb40f64797e3fe16:host:177.10.238.5	SESSION-eb40f64797e3fe16 → host:177.10.238.5
FLOW_DST_PORTOBS	e:fp:flow:8e3f43d5f5a9:port:tcp:443	flow:8e3f43d5f5a9 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:d484f7132ed0:port:tcp:443	flow:d484f7132ed0 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:9d3b08953582:port:tcp:59008	flow:9d3b08953582 → port:tcp:59008
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fa49e5af791c6122:PCAP:capture_20260430150001:ded20914761d	SESSION-fa49e5af791c6122 → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-312ea7073c45e21c:host:92.112.71.33:host:172.234.197.23	SESSION-312ea7073c45e21c → host:92.112.71.33 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ae2c237b5906e067:SESSION-ae2c237b5906e067	SESSION-ae2c237b5906e067 → pe:tls:SESSION-ae2c237b5906e067
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-493920f19ab5585b:host:172.234.197.23	SESSION-493920f19ab5585b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6caf94816bfe	flow:6caf94816bfe → host:131.196.28.235 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eba362425495480d:host:177.10.233.66	SESSION-eba362425495480d → host:177.10.233.66
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f3616b79a24490a3:SESSION-f3616b79a24490a3	SESSION-f3616b79a24490a3 → pe:syn:SESSION-f3616b79a24490a3
FLOW_FROM_HOSTOBS	e:from:SESSION-923cb7ae7a40da65:host:172.234.197.23	SESSION-923cb7ae7a40da65 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-964acfd97ca38755:host:177.10.234.95	SESSION-964acfd97ca38755 → host:177.10.234.95
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.125:geo_-21.10010_-41.69200	host:45.173.156.125 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf1d5c3c8737f760:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-bf1d5c3c8737f760 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2d8f5cec7e169b47:SESSION-2d8f5cec7e169b47	SESSION-2d8f5cec7e169b47 → pe:syn:SESSION-2d8f5cec7e169b47
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c274d9ac0119175:host:177.10.238.119	SESSION-7c274d9ac0119175 → host:177.10.238.119
FLOW_FROM_HOSTOBS	e:from:SESSION-fa6f99be6bce12b0:host:177.10.233.151	SESSION-fa6f99be6bce12b0 → host:177.10.233.151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-30c6bfe2ed3a5bca:SESSION-30c6bfe2ed3a5bca	SESSION-30c6bfe2ed3a5bca → pe:syn:SESSION-30c6bfe2ed3a5bca
flow_observed5-aryOBS	e:fo:flow:c79982b91957	flow:c79982b91957 → host:177.10.239.79 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2b0a36bcb50aee6b:PCAP:capture_20260430090001:065659c7d314	SESSION-2b0a36bcb50aee6b → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02deb29800889c11:host:172.234.197.23	SESSION-02deb29800889c11 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e773fd80a0e8	flow:e773fd80a0e8 → host:131.196.29.117 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ad7e9be9d0a80554:flow:3f1627c07472	SESSION-ad7e9be9d0a80554 → flow:3f1627c07472
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.36:geo_-21.10010_-41.69200	host:45.173.156.36 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-518ecd8ebc2250f7:host:45.173.156.14	SESSION-518ecd8ebc2250f7 → host:45.173.156.14
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8e9497f317705308:host:131.196.31.250:host:172.234.197.23	SESSION-8e9497f317705308 → host:131.196.31.250 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-73eca1f22df524d3:flow:c22096904d93	SESSION-73eca1f22df524d3 → flow:c22096904d93
flow_observed4-aryOBS	e:fo:flow:a0c1489991a7	flow:a0c1489991a7 → host:172.234.197.23 → host:177.10.233.177 → port:tcp:9991
FLOW_DST_PORTOBS	e:fp:flow:1df7c7c9d3f6:port:tcp:443	flow:1df7c7c9d3f6 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-352588f71ded414b:SESSION-352588f71ded414b	SESSION-352588f71ded414b → pe:tls:SESSION-352588f71ded414b
flow_observed5-aryOBS	e:fo:flow:63844be162c6	flow:63844be162c6 → host:131.196.28.202 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:a73661cc047d:port:tcp:443	flow:a73661cc047d → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-2d551807307fa9b9:host:172.234.197.23	SESSION-2d551807307fa9b9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f11cda502f952e41:SESSION-f11cda502f952e41	SESSION-f11cda502f952e41 → pe:tls:SESSION-f11cda502f952e41
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-848ab23bc1105d57:host:172.234.197.23	SESSION-848ab23bc1105d57 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0482ff4f8e4ec953:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0482ff4f8e4ec953 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.196:asn:271410	host:131.196.31.196 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-56fe4753b2794494:host:177.10.237.38	SESSION-56fe4753b2794494 → host:177.10.237.38
FLOW_DST_PORTOBS	e:fp:flow:0df80c061ea1:port:tcp:443	flow:0df80c061ea1 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3adb88175f99dced:flow:d1eb76257bda	SESSION-3adb88175f99dced → flow:d1eb76257bda
FLOW_DST_PORTOBS	e:fp:flow:cd5580a464ec:port:tcp:443	flow:cd5580a464ec → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-195f8b2639df23c4:SESSION-195f8b2639df23c4	SESSION-195f8b2639df23c4 → pe:tls:SESSION-195f8b2639df23c4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-87462f91a35c5198:SESSION-87462f91a35c5198	SESSION-87462f91a35c5198 → pe:syn:SESSION-87462f91a35c5198
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e921959b541072de:flow:8ce6956833cf	SESSION-e921959b541072de → flow:8ce6956833cf
FLOW_DST_PORTOBS	e:fp:flow:5aad3921ba28:port:tcp:443	flow:5aad3921ba28 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c54bf7ef52fb715c:host:13.212.244.245:host:172.234.197.23	SESSION-c54bf7ef52fb715c → host:13.212.244.245 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.222.137.228:geo_39.91100_116.39500	host:54.222.137.228 → geo_39.91100_116.39500
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-ea53a00807c951b5:SESSION-ea53a00807c951b5	SESSION-ea53a00807c951b5 → pe:dns:SESSION-ea53a00807c951b5
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.185:asn:262880	host:177.10.234.185 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:c0b92e0ed952:port:tcp:443	flow:c0b92e0ed952 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-296f629f4229b1a2:host:172.234.197.23	SESSION-296f629f4229b1a2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fa2e9bc8f3da:port:tcp:40892	flow:fa2e9bc8f3da → port:tcp:40892
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-60aea8c76fce71c9:host:131.196.29.80:host:172.234.197.23	SESSION-60aea8c76fce71c9 → host:131.196.29.80 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f2a561db8449259:host:172.234.197.23:host:177.10.236.138	SESSION-4f2a561db8449259 → host:172.234.197.23 → host:177.10.236.138
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-00d1a9c01c6924fe:host:172.234.197.23:host:131.196.29.152	SESSION-00d1a9c01c6924fe → host:172.234.197.23 → host:131.196.29.152
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc1c86e42be942bd:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-cc1c86e42be942bd → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:b7a29257b3a9:port:tcp:44241	flow:b7a29257b3a9 → port:tcp:44241
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d269b4a1c84321cd:host:172.234.197.23:host:177.10.238.145	SESSION-d269b4a1c84321cd → host:172.234.197.23 → host:177.10.238.145
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9466cbe9e9dd26aa:flow:ec5e5082148e	SESSION-9466cbe9e9dd26aa → flow:ec5e5082148e
FLOW_DST_PORTOBS	e:fp:flow:ac143effdb8a:port:tcp:443	flow:ac143effdb8a → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-21a19991d129ba18:flow:3c29a1a30005	SESSION-21a19991d129ba18 → flow:3c29a1a30005
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db282f95b9cc563d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-db282f95b9cc563d → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-498c2476ff0ce5ee:SESSION-498c2476ff0ce5ee	SESSION-498c2476ff0ce5ee → pe:syn:SESSION-498c2476ff0ce5ee
flow_observed4-aryOBS	e:fo:flow:8e3359af75b1	flow:8e3359af75b1 → host:172.234.197.23 → host:131.196.31.92 → port:tcp:10882
FLOW_TO_HOSTOBS	e:to:SESSION-2eec6fd9620a1613:host:172.234.197.23	SESSION-2eec6fd9620a1613 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d6d6cedb2de1ad8d:SESSION-d6d6cedb2de1ad8d	SESSION-d6d6cedb2de1ad8d → pe:tls:SESSION-d6d6cedb2de1ad8d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a2e73cad916b1394:host:177.10.232.215:host:172.234.197.23	SESSION-a2e73cad916b1394 → host:177.10.232.215 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2ea7d08352653c32:host:131.196.29.215	SESSION-2ea7d08352653c32 → host:131.196.29.215
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bd728e6d9f0647f9:SESSION-bd728e6d9f0647f9	SESSION-bd728e6d9f0647f9 → pe:tls:SESSION-bd728e6d9f0647f9
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.89:asn:262880	host:177.10.237.89 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-4e4de8bcb2f0334a:host:131.196.28.69	SESSION-4e4de8bcb2f0334a → host:131.196.28.69
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74ad535621338757:host:131.196.30.7	SESSION-74ad535621338757 → host:131.196.30.7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7852f400065b4a55:flow:9d864593c28e	SESSION-7852f400065b4a55 → flow:9d864593c28e
FLOW_FROM_HOSTOBS	e:from:SESSION-cfe71d52ef2e928b:host:177.10.236.70	SESSION-cfe71d52ef2e928b → host:177.10.236.70
FLOW_DST_PORTOBS	e:fp:flow:cae8d2561dde:port:tcp:57031	flow:cae8d2561dde → port:tcp:57031
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-359d98e6d1200746:host:131.196.30.129	SESSION-359d98e6d1200746 → host:131.196.30.129
FLOW_FROM_HOSTOBS	e:from:SESSION-df4b466e6cf802c5:host:177.10.233.252	SESSION-df4b466e6cf802c5 → host:177.10.233.252
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e035a13399d76ad4:host:172.234.197.23:host:131.196.31.223	SESSION-e035a13399d76ad4 → host:172.234.197.23 → host:131.196.31.223
FLOW_TO_HOSTOBS	e:to:SESSION-b5a277796632a248:host:177.10.234.193	SESSION-b5a277796632a248 → host:177.10.234.193
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-226dccfda73d96ef:host:172.234.197.23	SESSION-226dccfda73d96ef → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-87bc9df611d2f97d:flow:5a8bf8d48b0e	SESSION-87bc9df611d2f97d → flow:5a8bf8d48b0e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f3913d4a535b9029:PCAP:capture_20260430160001:9bfa4498506a	SESSION-f3913d4a535b9029 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a4d237675f94d453:flow:2c788cfe0774	SESSION-a4d237675f94d453 → flow:2c788cfe0774
flow_observed5-aryOBS	e:fo:flow:8e922f229389	flow:8e922f229389 → host:177.10.236.71 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-163f2e33c9f4a8f4:host:131.196.29.94	SESSION-163f2e33c9f4a8f4 → host:131.196.29.94
FLOW_DST_PORTOBS	e:fp:flow:d4a091344584:port:tcp:443	flow:d4a091344584 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-27b2c896335b5c16:host:177.10.233.15:host:172.234.197.23	SESSION-27b2c896335b5c16 → host:177.10.233.15 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-353fd641d57f7d93:host:177.10.236.234	SESSION-353fd641d57f7d93 → host:177.10.236.234
FLOW_FROM_HOSTOBS	e:from:SESSION-b5c7330336192768:host:177.10.239.122	SESSION-b5c7330336192768 → host:177.10.239.122
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e182e837f26eb64a:SESSION-e182e837f26eb64a	SESSION-e182e837f26eb64a → pe:syn:SESSION-e182e837f26eb64a
FLOW_DST_PORTOBS	e:fp:flow:d865c9d97541:port:tcp:443	flow:d865c9d97541 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-f57d963826b0d8cc:host:131.196.31.192	SESSION-f57d963826b0d8cc → host:131.196.31.192
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-381a570e386b12a2:PCAP:capture_20260430060001:919b39a74464	SESSION-381a570e386b12a2 → PCAP:capture_20260430060001:919b39a74464
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-745ac23dbe7bf2d2:BSG-BEACON-feba1b4d0616	SESSION-745ac23dbe7bf2d2 → BSG-BEACON-feba1b4d0616
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8b3ab5aeea0af112:flow:e4903629ff51	SESSION-8b3ab5aeea0af112 → flow:e4903629ff51
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.112:geo_-16.28860_-49.01640	host:177.10.235.112 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-2b0a36bcb50aee6b:host:177.10.237.189	SESSION-2b0a36bcb50aee6b → host:177.10.237.189
FLOW_FROM_HOSTOBS	e:from:SESSION-019264e09ceae880:host:45.173.156.187	SESSION-019264e09ceae880 → host:45.173.156.187
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4bda9924d3f6d619:flow:1896f5231e74	SESSION-4bda9924d3f6d619 → flow:1896f5231e74
FLOW_TO_HOSTOBS	e:to:SESSION-621f2e97c51ae8e1:host:172.234.197.23	SESSION-621f2e97c51ae8e1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-07c97e671e348352:flow:d0666e29955d	SESSION-07c97e671e348352 → flow:d0666e29955d
FLOW_FROM_HOSTOBS	e:from:SESSION-433230166b97139a:host:177.10.238.11	SESSION-433230166b97139a → host:177.10.238.11
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6682b9978761b80b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6682b9978761b80b → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2b0ee493ee38385:host:177.10.235.210	SESSION-b2b0ee493ee38385 → host:177.10.235.210
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-413ea94c965ce051:host:177.10.232.122	SESSION-413ea94c965ce051 → host:177.10.232.122
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b65c6ec30f2c8117:SESSION-b65c6ec30f2c8117	SESSION-b65c6ec30f2c8117 → pe:tls:SESSION-b65c6ec30f2c8117
FLOW_TO_HOSTOBS	e:to:SESSION-3df67864d859fde0:host:131.196.31.182	SESSION-3df67864d859fde0 → host:131.196.31.182
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-065e72b14a827150:flow:0088c7458bb0	SESSION-065e72b14a827150 → flow:0088c7458bb0
FLOW_FROM_HOSTOBS	e:from:SESSION-33916bd4dadd0440:host:172.234.197.23	SESSION-33916bd4dadd0440 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f21aae4e1b352568:host:45.145.152.104	SESSION-f21aae4e1b352568 → host:45.145.152.104
FLOW_DST_PORTOBS	e:fp:flow:1648e82053b1:port:tcp:443	flow:1648e82053b1 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.114:geo_-16.28860_-49.01640	host:177.10.237.114 → geo_-16.28860_-49.01640
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 60%	e:bsg:SESSION-a33a5bbd98f17a5b:BSG-FAILED_HANDSHAKE-a8999c33abbc	SESSION-a33a5bbd98f17a5b → BSG-FAILED_HANDSHAKE-a8999c33abbc
FLOW_FROM_HOSTOBS	e:from:SESSION-3759208ef2a99af0:host:177.10.233.1	SESSION-3759208ef2a99af0 → host:177.10.233.1
FLOW_TO_HOSTOBS	e:to:SESSION-84891f6788a8f194:host:177.10.237.152	SESSION-84891f6788a8f194 → host:177.10.237.152
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-65274afd8d8bc249:SESSION-65274afd8d8bc249	SESSION-65274afd8d8bc249 → pe:rst:SESSION-65274afd8d8bc249
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-93d8ace0d48e8910:SESSION-93d8ace0d48e8910	SESSION-93d8ace0d48e8910 → pe:syn:SESSION-93d8ace0d48e8910
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-119f9a3698c24414:SESSION-119f9a3698c24414	SESSION-119f9a3698c24414 → pe:syn:SESSION-119f9a3698c24414
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-140ad048b49f1a57:host:172.234.197.23	SESSION-140ad048b49f1a57 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:47a0c583b8c2	flow:47a0c583b8c2 → host:131.196.31.26 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20dfde969676b329:host:172.234.197.23	SESSION-20dfde969676b329 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8d9f933822471a5a:host:177.10.236.84	SESSION-8d9f933822471a5a → host:177.10.236.84
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.19:asn:271410	host:131.196.31.19 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-afbbd778f47cc6c1:SESSION-afbbd778f47cc6c1	SESSION-afbbd778f47cc6c1 → pe:tls:SESSION-afbbd778f47cc6c1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dddaf831f2a46242:host:131.196.29.106	SESSION-dddaf831f2a46242 → host:131.196.29.106
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c2b6fa392d99e4e2:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c2b6fa392d99e4e2 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b82d9882ea505987:SESSION-b82d9882ea505987	SESSION-b82d9882ea505987 → pe:syn:SESSION-b82d9882ea505987
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb88b05b3590e26e:SESSION-cb88b05b3590e26e	SESSION-cb88b05b3590e26e → pe:tls:SESSION-cb88b05b3590e26e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7771c9cc3604c57a:flow:6dbdcb9c1141	SESSION-7771c9cc3604c57a → flow:6dbdcb9c1141
FLOW_TO_HOSTOBS	e:to:SESSION-fe8408bb8c62f3c7:host:172.234.197.23	SESSION-fe8408bb8c62f3c7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-09e9de69a12074bb:SESSION-09e9de69a12074bb	SESSION-09e9de69a12074bb → pe:tls:SESSION-09e9de69a12074bb
flow_observed4-aryOBS	e:fo:flow:3e3c230e0a15	flow:3e3c230e0a15 → host:172.234.197.23 → host:177.10.236.27 → port:tcp:14900
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb6fbeeb95cb61c8:host:177.10.238.20	SESSION-fb6fbeeb95cb61c8 → host:177.10.238.20
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d45c3fc16863e5ef:host:131.196.30.78	SESSION-d45c3fc16863e5ef → host:131.196.30.78
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.226:geo_-16.28860_-49.01640	host:177.10.232.226 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd8363b8ee3ddfde:host:177.10.236.7	SESSION-bd8363b8ee3ddfde → host:177.10.236.7
FLOW_FROM_HOSTOBS	e:from:SESSION-14a60b0039fa135f:host:172.234.197.23	SESSION-14a60b0039fa135f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-41c82fa43395463b:host:172.234.197.23	SESSION-41c82fa43395463b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d9ab0e2fb8bff1f:host:172.234.197.23	SESSION-7d9ab0e2fb8bff1f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4235901c81cb167b:host:172.234.197.23	SESSION-4235901c81cb167b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8684436ffb4e26c7:host:172.234.197.23	SESSION-8684436ffb4e26c7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bcd779876233a786:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-bcd779876233a786 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-66033cfbc7dd0c2c:SESSION-66033cfbc7dd0c2c	SESSION-66033cfbc7dd0c2c → pe:tls:SESSION-66033cfbc7dd0c2c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-251fcdeeb3ee3f58:SESSION-251fcdeeb3ee3f58	SESSION-251fcdeeb3ee3f58 → pe:syn:SESSION-251fcdeeb3ee3f58
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.165:asn:262880	host:177.10.235.165 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.209:geo_-23.62930_-46.63510	host:131.196.29.209 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96b1920351aaff79:host:131.196.30.43:host:172.234.197.23	SESSION-96b1920351aaff79 → host:131.196.30.43 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:61e75f6e333e:port:tcp:443	flow:61e75f6e333e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1355eedcc36803bb:SESSION-1355eedcc36803bb	SESSION-1355eedcc36803bb → pe:tls:SESSION-1355eedcc36803bb
FLOW_FROM_HOSTOBS	e:from:SESSION-b1f8267b24b78f93:host:172.234.197.23	SESSION-b1f8267b24b78f93 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bedf3bb9bf60dde0:host:45.173.156.156:host:172.234.197.23	SESSION-bedf3bb9bf60dde0 → host:45.173.156.156 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.72:geo_-16.28860_-49.01640	host:177.10.232.72 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-e8278f913dbee560:host:177.10.239.45	SESSION-e8278f913dbee560 → host:177.10.239.45
FLOW_TO_HOSTOBS	e:to:SESSION-381f999774715cfc:host:177.10.232.100	SESSION-381f999774715cfc → host:177.10.232.100
FLOW_FROM_HOSTOBS	e:from:SESSION-f2aa671fdac09172:host:172.234.197.23	SESSION-f2aa671fdac09172 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd554b279ca00d73:host:172.234.197.23	SESSION-bd554b279ca00d73 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bce97f10a4a571f4:host:177.10.234.82	SESSION-bce97f10a4a571f4 → host:177.10.234.82
FLOW_DST_PORTOBS	e:fp:flow:8aa829431aa1:port:tcp:46580	flow:8aa829431aa1 → port:tcp:46580
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf68ee1b1745b1ca:flow:3aba5c7bc19b	SESSION-bf68ee1b1745b1ca → flow:3aba5c7bc19b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6b4f32c5c51558e8:flow:e9067679f6ca	SESSION-6b4f32c5c51558e8 → flow:e9067679f6ca
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5826a910dfa3cb7f:host:131.196.31.170:host:172.234.197.23	SESSION-5826a910dfa3cb7f → host:131.196.31.170 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-47ac7feaf227c129:BSG-BEACON-f6c2b3d0e42d	SESSION-47ac7feaf227c129 → BSG-BEACON-f6c2b3d0e42d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0fa06d2bfceab141:SESSION-0fa06d2bfceab141	SESSION-0fa06d2bfceab141 → pe:syn:SESSION-0fa06d2bfceab141
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-53d75396bd30ce89:host:172.234.197.23	SESSION-53d75396bd30ce89 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:3.102.169.199:geo_-36.85040_174.76750	host:3.102.169.199 → geo_-36.85040_174.76750
FLOW_TO_HOSTOBS	e:to:SESSION-3ecb9e93c79a4bef:host:177.10.233.119	SESSION-3ecb9e93c79a4bef → host:177.10.233.119
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7aaaf2932de65e0e:host:172.234.197.23	SESSION-7aaaf2932de65e0e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5167ceabb03264f1:host:45.173.156.197:host:172.234.197.23	SESSION-5167ceabb03264f1 → host:45.173.156.197 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f0a8fa8ac12ff0c6:SESSION-f0a8fa8ac12ff0c6	SESSION-f0a8fa8ac12ff0c6 → pe:tls:SESSION-f0a8fa8ac12ff0c6
FLOW_TO_HOSTOBS	e:to:SESSION-be374c360242db8a:host:177.10.235.121	SESSION-be374c360242db8a → host:177.10.235.121
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-200a4f7a7e5b3996:flow:71da073f34ae	SESSION-200a4f7a7e5b3996 → flow:71da073f34ae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ac8ab77b48a8c37:SESSION-6ac8ab77b48a8c37	SESSION-6ac8ab77b48a8c37 → pe:tls:SESSION-6ac8ab77b48a8c37
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-13906a0b4b02de94:SESSION-13906a0b4b02de94	SESSION-13906a0b4b02de94 → pe:syn:SESSION-13906a0b4b02de94
FLOW_TO_HOSTOBS	e:to:SESSION-1fc6dd1896fecefa:host:172.234.197.23	SESSION-1fc6dd1896fecefa → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3a825e71225466eb:host:131.196.28.92:host:172.234.197.23	SESSION-3a825e71225466eb → host:131.196.28.92 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d9466ee8fbea2465:host:131.196.28.7	SESSION-d9466ee8fbea2465 → host:131.196.28.7
FLOW_FROM_HOSTOBS	e:from:SESSION-b0fc61bce823543f:host:177.10.238.11	SESSION-b0fc61bce823543f → host:177.10.238.11
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3168a3173448dd7d:host:177.10.239.77:host:172.234.197.23	SESSION-3168a3173448dd7d → host:177.10.239.77 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.49:geo_-16.28860_-49.01640	host:177.10.238.49 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-cac7b08c7fb71f18:host:177.10.232.204	SESSION-cac7b08c7fb71f18 → host:177.10.232.204
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72cd504b232e316e:host:131.196.30.184	SESSION-72cd504b232e316e → host:131.196.30.184
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaa23bb51e1c2dee:host:131.196.28.156	SESSION-eaa23bb51e1c2dee → host:131.196.28.156
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.26:geo_-16.28860_-49.01640	host:177.10.236.26 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-ae6c5a18819e9434:host:177.10.236.86	SESSION-ae6c5a18819e9434 → host:177.10.236.86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-841299f020c7f00d:SESSION-841299f020c7f00d	SESSION-841299f020c7f00d → pe:tls:SESSION-841299f020c7f00d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.31:asn:262880	host:177.10.239.31 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e2a96a3225ff388:SESSION-7e2a96a3225ff388	SESSION-7e2a96a3225ff388 → pe:syn:SESSION-7e2a96a3225ff388
FLOW_DST_PORTOBS	e:fp:flow:0ae67350c986:port:tcp:443	flow:0ae67350c986 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-077f434652010402:host:177.10.239.67:host:172.234.197.23	SESSION-077f434652010402 → host:177.10.239.67 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6aacd35f912a2971:host:172.234.197.23	SESSION-6aacd35f912a2971 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-458a0c6775d84d5e:host:177.10.232.148	SESSION-458a0c6775d84d5e → host:177.10.232.148
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eab64f08bdc755fb:SESSION-eab64f08bdc755fb	SESSION-eab64f08bdc755fb → pe:syn:SESSION-eab64f08bdc755fb
FLOW_DST_PORTOBS	e:fp:flow:b28ad62d8000:port:tcp:443	flow:b28ad62d8000 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9485d3e307f01514:SESSION-9485d3e307f01514	SESSION-9485d3e307f01514 → pe:tls:SESSION-9485d3e307f01514
flow_observed5-aryOBS	e:fo:flow:8927b6992540	flow:8927b6992540 → host:131.196.28.255 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9d0c24f0912a7520:SESSION-9d0c24f0912a7520	SESSION-9d0c24f0912a7520 → pe:syn:SESSION-9d0c24f0912a7520
FLOW_FROM_HOSTOBS	e:from:SESSION-96f33e27040b9bc9:host:131.196.29.73	SESSION-96f33e27040b9bc9 → host:131.196.29.73
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c3f426eb3b5d19b7:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c3f426eb3b5d19b7 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-5804e26655ff1a06:host:172.234.197.23	SESSION-5804e26655ff1a06 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a1d9624273099964:host:172.234.197.23	SESSION-a1d9624273099964 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3e77f7b0f514:port:tcp:16180	flow:3e77f7b0f514 → port:tcp:16180
FLOW_TO_HOSTOBS	e:to:SESSION-a83b6f19c39d579f:host:131.196.30.23	SESSION-a83b6f19c39d579f → host:131.196.30.23
FLOW_DST_PORTOBS	e:fp:flow:cbff49bcdc9a:port:tcp:23471	flow:cbff49bcdc9a → port:tcp:23471
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.1:geo_-16.28860_-49.01640	host:177.10.232.1 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-949f3e8f4d37c52a:host:177.10.239.3	SESSION-949f3e8f4d37c52a → host:177.10.239.3
flow_observed5-aryOBS	e:fo:flow:3996441ab8c9	flow:3996441ab8c9 → host:177.10.234.70 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f7884afbce83d50:host:177.10.238.161	SESSION-9f7884afbce83d50 → host:177.10.238.161
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.243:asn:271410	host:131.196.30.243 → asn:271410
flow_observed5-aryOBS	e:fo:flow:a0fbbefeb08f	flow:a0fbbefeb08f → host:45.173.156.136 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2f96a240aba6afcc:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2f96a240aba6afcc → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:074ed309c4d9:port:tcp:31614	flow:074ed309c4d9 → port:tcp:31614
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65274afd8d8bc249:host:37.221.79.55:host:172.234.197.23	SESSION-65274afd8d8bc249 → host:37.221.79.55 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fbee5c60d72abd4e:host:172.234.197.23	SESSION-fbee5c60d72abd4e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d9ece39eb531c8b:host:172.234.197.23	SESSION-1d9ece39eb531c8b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9c08b167ed56233b:SESSION-9c08b167ed56233b	SESSION-9c08b167ed56233b → pe:tls:SESSION-9c08b167ed56233b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e05f2032b3abac3:host:177.10.234.171	SESSION-3e05f2032b3abac3 → host:177.10.234.171
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77690ed69567f90d:host:131.196.30.33	SESSION-77690ed69567f90d → host:131.196.30.33
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-521d3d94be94008e:host:172.234.197.23	SESSION-521d3d94be94008e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ce53b2931ed237cb:host:131.196.28.88	SESSION-ce53b2931ed237cb → host:131.196.28.88
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a55eb245a4ca8dde:flow:a301ca4ce719	SESSION-a55eb245a4ca8dde → flow:a301ca4ce719
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0d83e3d3d1fc018:host:131.196.30.158	SESSION-d0d83e3d3d1fc018 → host:131.196.30.158
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.60:asn:203771	host:95.170.25.60 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e2811d191c294e0:host:172.234.197.23	SESSION-7e2811d191c294e0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-84a1a640eb0d0e14:host:131.196.31.1	SESSION-84a1a640eb0d0e14 → host:131.196.31.1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b8f12ada0f88f122:SESSION-b8f12ada0f88f122	SESSION-b8f12ada0f88f122 → pe:tls:SESSION-b8f12ada0f88f122
FLOW_TO_HOSTOBS	e:to:SESSION-ccde81b4fef5a18e:host:45.173.156.97	SESSION-ccde81b4fef5a18e → host:45.173.156.97
FLOW_FROM_HOSTOBS	e:from:SESSION-7aec1fe7f0c7787b:host:177.10.232.112	SESSION-7aec1fe7f0c7787b → host:177.10.232.112
flow_observed5-aryOBS	e:fo:flow:0f31b5ae1eaf	flow:0f31b5ae1eaf → host:177.10.236.213 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-d9ca387fd672ab7a:host:177.10.238.145	SESSION-d9ca387fd672ab7a → host:177.10.238.145
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.207:geo_-16.28860_-49.01640	host:177.10.234.207 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-406d5e8256fbfc45:host:131.196.29.41	SESSION-406d5e8256fbfc45 → host:131.196.29.41
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-592f6a5ffad96a3b:flow:f8cbd06fd16f	SESSION-592f6a5ffad96a3b → flow:f8cbd06fd16f
FLOW_FROM_HOSTOBS	e:from:SESSION-68a45a74f687a5a4:host:177.10.232.116	SESSION-68a45a74f687a5a4 → host:177.10.232.116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2eec6fd9620a1613:host:131.196.31.104	SESSION-2eec6fd9620a1613 → host:131.196.31.104
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-750fc9f72ee279c6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-750fc9f72ee279c6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5c60d99c484411b4:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5c60d99c484411b4 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d1df89a4cf6f008:host:177.10.237.74	SESSION-4d1df89a4cf6f008 → host:177.10.237.74
FLOW_TO_HOSTOBS	e:to:SESSION-8d9f933822471a5a:host:172.234.197.23	SESSION-8d9f933822471a5a → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:82f753dafc19	flow:82f753dafc19 → host:172.234.197.23 → host:45.173.156.240 → port:tcp:42936
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.134:asn:271410	host:131.196.30.134 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.224:geo_-23.62930_-46.63510	host:131.196.30.224 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ced37932852de9e5:host:177.10.234.195	SESSION-ced37932852de9e5 → host:177.10.234.195
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f9e2f07f7ea20074:flow:6443c8802cc9	SESSION-f9e2f07f7ea20074 → flow:6443c8802cc9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7d2803f457704e39:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7d2803f457704e39 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.166:geo_-16.28860_-49.01640	host:177.10.239.166 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:cb2809961fc0	flow:cb2809961fc0 → host:172.234.197.23 → host:177.10.234.18 → port:tcp:2422
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-698d45df22ea2a48:flow:3611369f9fee	SESSION-698d45df22ea2a48 → flow:3611369f9fee
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.0:geo_-16.28860_-49.01640	host:177.10.236.0 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fd9b77a0701a4e1b:host:172.234.197.23:host:80.94.92.186	SESSION-fd9b77a0701a4e1b → host:172.234.197.23 → host:80.94.92.186
FLOW_TO_HOSTOBS	e:to:SESSION-0f3b543446abe714:host:172.234.197.23	SESSION-0f3b543446abe714 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c874ff4a201372ef:host:172.234.197.23	SESSION-c874ff4a201372ef → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56476ce9df92fd09:host:131.196.28.217	SESSION-56476ce9df92fd09 → host:131.196.28.217
FLOW_TO_HOSTOBS	e:to:SESSION-9fd8278b2f1d760d:host:172.234.197.23	SESSION-9fd8278b2f1d760d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0e703d7ee529	flow:0e703d7ee529 → host:131.196.30.135 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-1620c835b56464d4:host:177.10.234.248	SESSION-1620c835b56464d4 → host:177.10.234.248
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ed80052f988e41bd:PCAP:capture_20260430160001:9bfa4498506a	SESSION-ed80052f988e41bd → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-633c88960b55f389:SESSION-633c88960b55f389	SESSION-633c88960b55f389 → pe:syn:SESSION-633c88960b55f389
flow_observed5-aryOBS	e:fo:flow:52a0d88bf6fd	flow:52a0d88bf6fd → host:131.196.29.2 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:877675c63b75	flow:877675c63b75 → host:45.173.156.150 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2287ae96f90f1374:SESSION-2287ae96f90f1374	SESSION-2287ae96f90f1374 → pe:tls:SESSION-2287ae96f90f1374
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7eb452f0b60197b3:flow:670370fbcdf2	SESSION-7eb452f0b60197b3 → flow:670370fbcdf2
flow_observed5-aryOBS	e:fo:flow:78cc4865bf4c	flow:78cc4865bf4c → host:131.196.29.48 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:91b81cda4b2e:port:tcp:443	flow:91b81cda4b2e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37a50d9fe3e20191:host:52.12.196.158	SESSION-37a50d9fe3e20191 → host:52.12.196.158
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4370d06debc0fcec:host:172.234.197.23	SESSION-4370d06debc0fcec → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-72ea8a7fe39a298e:host:172.234.197.23	SESSION-72ea8a7fe39a298e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-46631c2a8361f405:flow:94be51ec2ae8	SESSION-46631c2a8361f405 → flow:94be51ec2ae8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5792abf3d18d9356:PCAP:capture_20260430070001:903a0e7a436b	SESSION-5792abf3d18d9356 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-13906a0b4b02de94:host:172.234.197.23	SESSION-13906a0b4b02de94 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a1d9624273099964:SESSION-a1d9624273099964	SESSION-a1d9624273099964 → pe:syn:SESSION-a1d9624273099964
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9a269382e1e5b425:SESSION-9a269382e1e5b425	SESSION-9a269382e1e5b425 → pe:syn:SESSION-9a269382e1e5b425
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d77225c69f4fe117:SESSION-d77225c69f4fe117	SESSION-d77225c69f4fe117 → pe:syn:SESSION-d77225c69f4fe117
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1e2a14af4b2a82fd:host:172.234.197.23:host:177.10.236.10	SESSION-1e2a14af4b2a82fd → host:172.234.197.23 → host:177.10.236.10
FLOW_FROM_HOSTOBS	e:from:SESSION-605176cb8a71c0f4:host:45.173.156.80	SESSION-605176cb8a71c0f4 → host:45.173.156.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ad4be2ec0ec8e7ca:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-ad4be2ec0ec8e7ca → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-68317c08ea2eebc2:SESSION-68317c08ea2eebc2	SESSION-68317c08ea2eebc2 → pe:tls:SESSION-68317c08ea2eebc2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-917ad6cf3046e17b:SESSION-917ad6cf3046e17b	SESSION-917ad6cf3046e17b → pe:syn:SESSION-917ad6cf3046e17b
FLOW_DST_PORTOBS	e:fp:flow:3afe34ad79e5:port:tcp:443	flow:3afe34ad79e5 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d537e467802bc1c1:flow:e1f042a5857e	SESSION-d537e467802bc1c1 → flow:e1f042a5857e
FLOW_DST_PORTOBS	e:fp:flow:0f31b5ae1eaf:port:tcp:443	flow:0f31b5ae1eaf → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:e19d04a9f102	flow:e19d04a9f102 → host:177.10.238.208 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-6a304c3ca72ee3e7:host:172.234.197.23	SESSION-6a304c3ca72ee3e7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6511e777b0d792c1:host:172.234.197.23	SESSION-6511e777b0d792c1 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-7b8f87145037449c:BSG-BEACON-137dcd60b691	SESSION-7b8f87145037449c → BSG-BEACON-137dcd60b691
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-578ff4b2beeb08df:SESSION-578ff4b2beeb08df	SESSION-578ff4b2beeb08df → pe:syn:SESSION-578ff4b2beeb08df
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a34bb428906fa48c:host:172.234.197.23	SESSION-a34bb428906fa48c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-161d2a74a24978d6:SESSION-161d2a74a24978d6	SESSION-161d2a74a24978d6 → pe:syn:SESSION-161d2a74a24978d6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2035a3586bc1f35f:flow:87a20577fb9f	SESSION-2035a3586bc1f35f → flow:87a20577fb9f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cfdf42e58546762b:SESSION-cfdf42e58546762b	SESSION-cfdf42e58546762b → pe:syn:SESSION-cfdf42e58546762b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.45:geo_-16.28860_-49.01640	host:177.10.238.45 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.34:asn:262880	host:177.10.232.34 → asn:262880
flow_observed5-aryOBS	e:fo:flow:395c5895c32a	flow:395c5895c32a → host:177.10.237.57 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-9128704be6a27a1a:host:44.250.172.176	SESSION-9128704be6a27a1a → host:44.250.172.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19ae824852752386:host:172.234.197.23	SESSION-19ae824852752386 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b6f4863e4efa4050:host:172.234.197.23	SESSION-b6f4863e4efa4050 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ee7b628709e11cd4:SESSION-ee7b628709e11cd4	SESSION-ee7b628709e11cd4 → pe:tls:SESSION-ee7b628709e11cd4
flow_observed5-aryOBS	e:fo:flow:e651a2d530ee	flow:e651a2d530ee → host:131.196.31.205 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3a082d71203d179a:SESSION-3a082d71203d179a	SESSION-3a082d71203d179a → pe:tls:SESSION-3a082d71203d179a
flow_observed4-aryOBS	e:fo:flow:7c1ef5ee9207	flow:7c1ef5ee9207 → host:172.234.197.23 → host:131.196.30.247 → port:tcp:44597
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.193:asn:262880	host:177.10.236.193 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9433c1773faa9882:host:172.234.197.23:host:172.232.0.16	SESSION-9433c1773faa9882 → host:172.234.197.23 → host:172.232.0.16
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.3:geo_-16.28860_-49.01640	host:177.10.234.3 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ecc0c586896302d2:host:177.10.233.124	SESSION-ecc0c586896302d2 → host:177.10.233.124
FLOW_DST_PORTOBS	e:fp:flow:86566d19d59b:port:tcp:443	flow:86566d19d59b → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bcba548cda079292:SESSION-bcba548cda079292	SESSION-bcba548cda079292 → pe:syn:SESSION-bcba548cda079292
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ec2cd7bdebda0247:PCAP:capture_20260430070001:903a0e7a436b	SESSION-ec2cd7bdebda0247 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d8d89328eefc28d4:SESSION-d8d89328eefc28d4	SESSION-d8d89328eefc28d4 → pe:syn:SESSION-d8d89328eefc28d4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1a9948d7535bcfa1:SESSION-1a9948d7535bcfa1	SESSION-1a9948d7535bcfa1 → pe:syn:SESSION-1a9948d7535bcfa1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6543ef151e834843:SESSION-6543ef151e834843	SESSION-6543ef151e834843 → pe:syn:SESSION-6543ef151e834843
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d30c685e20a11d4e:host:172.234.197.23	SESSION-d30c685e20a11d4e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0d8801f02b141d30:host:131.196.28.134	SESSION-0d8801f02b141d30 → host:131.196.28.134
FLOW_TO_HOSTOBS	e:to:SESSION-0e56fb95f564a0aa:host:172.232.0.16	SESSION-0e56fb95f564a0aa → host:172.232.0.16
FLOW_DST_PORTOBS	e:fp:flow:3ea8c55e38e7:port:tcp:443	flow:3ea8c55e38e7 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df3beb1e5143a102:host:172.234.197.23	SESSION-df3beb1e5143a102 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b2dec3faf198ca60:host:172.234.197.23	SESSION-b2dec3faf198ca60 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5e717c742e2e64ea:flow:61b1a3ff21d8	SESSION-5e717c742e2e64ea → flow:61b1a3ff21d8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aecaf39909333efc:host:177.10.237.4	SESSION-aecaf39909333efc → host:177.10.237.4
flow_observed5-aryOBS	e:fo:flow:7bfaaabeaf49	flow:7bfaaabeaf49 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
FLOW_DST_PORTOBS	e:fp:flow:115565aec817:port:tcp:443	flow:115565aec817 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57e30ec2e308e552:host:92.112.71.168	SESSION-57e30ec2e308e552 → host:92.112.71.168
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cd8dbb599c016751:host:45.173.156.107:host:172.234.197.23	SESSION-cd8dbb599c016751 → host:45.173.156.107 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b1f8267b24b78f93:SESSION-b1f8267b24b78f93	SESSION-b1f8267b24b78f93 → pe:syn:SESSION-b1f8267b24b78f93
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8d52381659b8aa3f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-8d52381659b8aa3f → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fd573746c1e36a64:SESSION-fd573746c1e36a64	SESSION-fd573746c1e36a64 → pe:tls:SESSION-fd573746c1e36a64
flow_observed5-aryOBS	e:fo:flow:0f753bb6befc	flow:0f753bb6befc → host:177.10.234.26 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e280ba6e8e483a35:PCAP:capture_20260430060001:919b39a74464	SESSION-e280ba6e8e483a35 → PCAP:capture_20260430060001:919b39a74464
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.97:geo_-16.28860_-49.01640	host:177.10.232.97 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-6682b9978761b80b:host:172.234.197.23	SESSION-6682b9978761b80b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:15572ed67243:port:tcp:443	flow:15572ed67243 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:91.99.124.205:asn:24940	host:91.99.124.205 → asn:24940
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-200b6d1dbf438627:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-200b6d1dbf438627 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0ea66afd66f329a0:SESSION-0ea66afd66f329a0	SESSION-0ea66afd66f329a0 → pe:syn:SESSION-0ea66afd66f329a0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-71cb82af8f37b35d:SESSION-71cb82af8f37b35d	SESSION-71cb82af8f37b35d → pe:tls:SESSION-71cb82af8f37b35d
FLOW_TO_HOSTOBS	e:to:SESSION-64913b40dfec355f:host:172.234.197.23	SESSION-64913b40dfec355f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8d5b41a2eb16ae40:host:45.173.156.190:host:172.234.197.23	SESSION-8d5b41a2eb16ae40 → host:45.173.156.190 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.205:geo_-23.62930_-46.63510	host:131.196.28.205 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8897ca7200c8655e:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-8897ca7200c8655e → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eead3829bc62f23e:SESSION-eead3829bc62f23e	SESSION-eead3829bc62f23e → pe:syn:SESSION-eead3829bc62f23e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5d27f09d7c919692:SESSION-5d27f09d7c919692	SESSION-5d27f09d7c919692 → pe:syn:SESSION-5d27f09d7c919692
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a7b3f412ee893afd:host:172.234.197.23:host:177.10.239.39	SESSION-a7b3f412ee893afd → host:172.234.197.23 → host:177.10.239.39
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.98:geo_-21.10010_-41.69200	host:45.173.156.98 → geo_-21.10010_-41.69200
flow_observed4-aryOBS	e:fo:flow:b41df686a0f5	flow:b41df686a0f5 → host:172.234.197.23 → host:177.10.235.109 → port:tcp:29805
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a2005509481f3ca7:host:131.196.31.234:host:172.234.197.23	SESSION-a2005509481f3ca7 → host:131.196.31.234 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8cba099c11564e8:host:103.230.240.59	SESSION-f8cba099c11564e8 → host:103.230.240.59
flow_observed5-aryOBS	e:fo:flow:99128cc563b7	flow:99128cc563b7 → host:131.196.31.146 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.105:asn:262880	host:177.10.236.105 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-6e6d70ae2d31fba9:host:172.234.197.23	SESSION-6e6d70ae2d31fba9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f65d16e06243eafc:flow:c211def664df	SESSION-f65d16e06243eafc → flow:c211def664df
FLOW_DST_PORTOBS	e:fp:flow:2b9c751256f3:port:tcp:443	flow:2b9c751256f3 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-02836b6eb824cc45:flow:993f3233012e	SESSION-02836b6eb824cc45 → flow:993f3233012e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-976978a22e52e06d:SESSION-976978a22e52e06d	SESSION-976978a22e52e06d → pe:tls:SESSION-976978a22e52e06d
FLOW_TO_HOSTOBS	e:to:SESSION-d5ae6e0246d28b44:host:172.234.197.23	SESSION-d5ae6e0246d28b44 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4cb26e73e001	flow:4cb26e73e001 → host:177.10.237.107 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:71584c32ac7e:port:tcp:63473	flow:71584c32ac7e → port:tcp:63473
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a4651c2a8eec0e6f:PCAP:capture_20260430150001:ded20914761d	SESSION-a4651c2a8eec0e6f → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fc1282909254587:host:172.234.197.23	SESSION-7fc1282909254587 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.9:asn:262880	host:177.10.239.9 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-9c825a37bb7881b6:host:131.196.28.222	SESSION-9c825a37bb7881b6 → host:131.196.28.222
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.242:asn:271410	host:131.196.30.242 → asn:271410
flow_observed5-aryOBS	e:fo:flow:589c2fec1820	flow:589c2fec1820 → host:45.173.156.9 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-39452ac6bcbae8d3:flow:6879c56cc11a	SESSION-39452ac6bcbae8d3 → flow:6879c56cc11a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cbaaa2b8364f7158:host:45.173.156.136	SESSION-cbaaa2b8364f7158 → host:45.173.156.136
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b308d2f7d4fdfaa:PCAP:capture_20260430090001:065659c7d314	SESSION-7b308d2f7d4fdfaa → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58ff4ad892ea2c04:host:131.196.28.87	SESSION-58ff4ad892ea2c04 → host:131.196.28.87
FLOW_FROM_HOSTOBS	e:from:SESSION-5b045e9fec039082:host:177.10.233.196	SESSION-5b045e9fec039082 → host:177.10.233.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bebc5cb41e4621f:host:177.10.239.91	SESSION-3bebc5cb41e4621f → host:177.10.239.91
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-042ef885e77347e7:SESSION-042ef885e77347e7	SESSION-042ef885e77347e7 → pe:syn:SESSION-042ef885e77347e7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-501c474d8a937a90:host:172.232.0.16	SESSION-501c474d8a937a90 → host:172.232.0.16
FLOW_FROM_HOSTOBS	e:from:SESSION-d69d721ba9bae694:host:172.234.197.23	SESSION-d69d721ba9bae694 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-86086a72c76b1135:host:172.234.197.23	SESSION-86086a72c76b1135 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-66c6d225095e379c:flow:fc065ce7b22b	SESSION-66c6d225095e379c → flow:fc065ce7b22b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f4bd70bea69fea0d:host:172.234.197.23	SESSION-f4bd70bea69fea0d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-605f000d6a5e20b1:SESSION-605f000d6a5e20b1	SESSION-605f000d6a5e20b1 → pe:tls:SESSION-605f000d6a5e20b1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc37b0c14be06192:host:172.234.197.23	SESSION-bc37b0c14be06192 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-316231fad61f009e:SESSION-316231fad61f009e	SESSION-316231fad61f009e → pe:syn:SESSION-316231fad61f009e
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.92:asn:271410	host:131.196.28.92 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e2f1e05754e84c30:flow:c4e5113b28fd	SESSION-e2f1e05754e84c30 → flow:c4e5113b28fd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77da6a9292c08caa:SESSION-77da6a9292c08caa	SESSION-77da6a9292c08caa → pe:syn:SESSION-77da6a9292c08caa
FLOW_FROM_HOSTOBS	e:from:SESSION-926d10c9776453b9:host:172.234.197.23	SESSION-926d10c9776453b9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-28599206da4f4816:PCAP:capture_20260430110001:43611bdf6759	SESSION-28599206da4f4816 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a4167334bdfae4b6:SESSION-a4167334bdfae4b6	SESSION-a4167334bdfae4b6 → pe:tls:SESSION-a4167334bdfae4b6
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.80:asn:262880	host:177.10.237.80 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-29cd9f7300aa5893:host:172.234.197.23	SESSION-29cd9f7300aa5893 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b25c94efbacaf7d7:host:177.10.237.173	SESSION-b25c94efbacaf7d7 → host:177.10.237.173
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36f4c424d3b5f86e:host:172.234.197.23	SESSION-36f4c424d3b5f86e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a971dfbf90734efe:host:172.234.197.23	SESSION-a971dfbf90734efe → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-54b62e34296d5c17:host:131.196.29.224	SESSION-54b62e34296d5c17 → host:131.196.29.224
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9574d05ba0801a5:host:172.234.197.23	SESSION-b9574d05ba0801a5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6d45a86f046cac8:host:45.173.156.3	SESSION-e6d45a86f046cac8 → host:45.173.156.3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-750eaff924399322:SESSION-750eaff924399322	SESSION-750eaff924399322 → pe:syn:SESSION-750eaff924399322
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-51257a0fcd8d6a04:SESSION-51257a0fcd8d6a04	SESSION-51257a0fcd8d6a04 → pe:syn:SESSION-51257a0fcd8d6a04
FLOW_DST_PORTOBS	e:fp:flow:eb3db027c028:port:tcp:443	flow:eb3db027c028 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f8c973292e4e10a2:host:172.234.197.23:host:45.173.156.5	SESSION-f8c973292e4e10a2 → host:172.234.197.23 → host:45.173.156.5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-89e4df8c6f209b00:SESSION-89e4df8c6f209b00	SESSION-89e4df8c6f209b00 → pe:tls:SESSION-89e4df8c6f209b00
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fe3fb5807179bb52:SESSION-fe3fb5807179bb52	SESSION-fe3fb5807179bb52 → pe:syn:SESSION-fe3fb5807179bb52
FLOW_TO_HOSTOBS	e:to:SESSION-492b019ad94826ae:host:131.196.31.136	SESSION-492b019ad94826ae → host:131.196.31.136
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.43:geo_-21.10010_-41.69200	host:45.173.156.43 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c3cae868156d4440:host:131.196.29.42:host:172.234.197.23	SESSION-c3cae868156d4440 → host:131.196.29.42 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-424fe4b4ecc22e45:flow:67095d6e505a	SESSION-424fe4b4ecc22e45 → flow:67095d6e505a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bea10d62e606d6ea:SESSION-bea10d62e606d6ea	SESSION-bea10d62e606d6ea → pe:tls:SESSION-bea10d62e606d6ea
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.98:geo_-16.28860_-49.01640	host:177.10.233.98 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-3767fab91283496e:host:177.10.232.143	SESSION-3767fab91283496e → host:177.10.232.143
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.192:geo_41.00190_28.96450	host:95.170.25.192 → geo_41.00190_28.96450
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a7f0a64436ce2ca:host:172.234.197.23	SESSION-9a7f0a64436ce2ca → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5250861d994b3dc2:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5250861d994b3dc2 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed4-aryOBS	e:fo:flow:bda1904aba09	flow:bda1904aba09 → host:172.234.197.23 → host:177.10.237.74 → port:tcp:32853
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c98a634aa4cfbed2:host:177.10.235.133	SESSION-c98a634aa4cfbed2 → host:177.10.235.133
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a2e4fb28ad63a51c:SESSION-a2e4fb28ad63a51c	SESSION-a2e4fb28ad63a51c → pe:tls:SESSION-a2e4fb28ad63a51c
FLOW_FROM_HOSTOBS	e:from:SESSION-fb2f54f0354a144e:host:177.10.234.164	SESSION-fb2f54f0354a144e → host:177.10.234.164
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-6ae33589f66e7ab9:SESSION-6ae33589f66e7ab9	SESSION-6ae33589f66e7ab9 → pe:rst:SESSION-6ae33589f66e7ab9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e66594520e7edee5:host:131.196.30.143:host:172.234.197.23	SESSION-e66594520e7edee5 → host:131.196.30.143 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-998c67ab79f4e23e:flow:81be4e730893	SESSION-998c67ab79f4e23e → flow:81be4e730893
FLOW_FROM_HOSTOBS	e:from:SESSION-e6588ddd9fabb341:host:172.234.197.23	SESSION-e6588ddd9fabb341 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6db8ecd7eb72	flow:6db8ecd7eb72 → host:177.10.232.83 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fc18a12b15fb2c84:PCAP:capture_20260430060001:919b39a74464	SESSION-fc18a12b15fb2c84 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85f6b1896204af93:flow:e969f32074de	SESSION-85f6b1896204af93 → flow:e969f32074de
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-63d746c5afa978f6:SESSION-63d746c5afa978f6	SESSION-63d746c5afa978f6 → pe:syn:SESSION-63d746c5afa978f6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.220:geo_-16.28860_-49.01640	host:177.10.235.220 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a70682fed3cc6c8:flow:2e3157698a52	SESSION-8a70682fed3cc6c8 → flow:2e3157698a52
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.147:asn:271410	host:131.196.30.147 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:7ccb0cb641f4:port:tcp:443	flow:7ccb0cb641f4 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:63a1e418478c	flow:63a1e418478c → host:131.196.28.170 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-abaf8d71fe47df1c:SESSION-abaf8d71fe47df1c	SESSION-abaf8d71fe47df1c → pe:syn:SESSION-abaf8d71fe47df1c
HOST_IN_ASNOBS 85%	e:ha:host:16.147.218.115:asn:16509	host:16.147.218.115 → asn:16509
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e6d45a86f046cac8:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-e6d45a86f046cac8 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-95b6b17f9a1b89d0:flow:304b76c2960d	SESSION-95b6b17f9a1b89d0 → flow:304b76c2960d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6c8dea047b3a203b:SESSION-6c8dea047b3a203b	SESSION-6c8dea047b3a203b → pe:tls:SESSION-6c8dea047b3a203b
flow_observed4-aryOBS	e:fo:flow:3e8e71298b45	flow:3e8e71298b45 → host:172.234.197.23 → host:131.196.31.77 → port:tcp:63875
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.230:asn:271410	host:131.196.29.230 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-caa2e371708bdf2e:host:131.196.31.64:host:172.234.197.23	SESSION-caa2e371708bdf2e → host:131.196.31.64 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e8de37a87806b5e4:flow:1eb6b92dbb89	SESSION-e8de37a87806b5e4 → flow:1eb6b92dbb89
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d11580ecaeb7d77b:SESSION-d11580ecaeb7d77b	SESSION-d11580ecaeb7d77b → pe:syn:SESSION-d11580ecaeb7d77b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b78ee328a5f7ceab:host:31.40.196.119:host:172.234.197.23	SESSION-b78ee328a5f7ceab → host:31.40.196.119 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c7409e3f74011df2:host:172.234.197.23	SESSION-c7409e3f74011df2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3685b3a1e6c25f1a:PCAP:capture_20260428010001:b1b402c7b202	SESSION-3685b3a1e6c25f1a → PCAP:capture_20260428010001:b1b402c7b202
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.102:geo_-16.28860_-49.01640	host:177.10.236.102 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c587e64f570c8df7:PCAP:capture_20260430150001:ded20914761d	SESSION-c587e64f570c8df7 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:e23c67b8a8e5:port:tcp:1777	flow:e23c67b8a8e5 → port:tcp:1777
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-58eea5e67f2190af:PCAP:capture_20260430060001:919b39a74464	SESSION-58eea5e67f2190af → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-518ecd8ebc2250f7:host:172.234.197.23	SESSION-518ecd8ebc2250f7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-19e0bdfc1305c6ba:flow:601dada6eafe	SESSION-19e0bdfc1305c6ba → flow:601dada6eafe
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d11c29aca82696f2:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d11c29aca82696f2 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-337cf74c19f2631e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-337cf74c19f2631e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66033cfbc7dd0c2c:host:131.196.30.155	SESSION-66033cfbc7dd0c2c → host:131.196.30.155
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.87:asn:203771	host:45.145.152.87 → asn:203771
flow_observed5-aryOBS	e:fo:flow:795d0440d4c2	flow:795d0440d4c2 → host:45.173.156.82 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-86a02a9ab2988acd:host:172.234.197.23	SESSION-86a02a9ab2988acd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-074c4a6b1ee06430:SESSION-074c4a6b1ee06430	SESSION-074c4a6b1ee06430 → pe:tls:SESSION-074c4a6b1ee06430
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.249:asn:262880	host:177.10.239.249 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.29:asn:262880	host:177.10.237.29 → asn:262880
flow_observed5-aryOBS	e:fo:flow:52c26668907d	flow:52c26668907d → host:177.10.234.199 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.92:geo_-23.62930_-46.63510	host:131.196.28.92 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bcb514f388fb99c6:host:172.234.197.23	SESSION-bcb514f388fb99c6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:64dd9e76d75f:port:tcp:443	flow:64dd9e76d75f → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0046a1ddb04bc0f7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0046a1ddb04bc0f7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f10bf652ebbcd899:host:131.196.28.28	SESSION-f10bf652ebbcd899 → host:131.196.28.28
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.50:geo_-23.62930_-46.63510	host:131.196.30.50 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1274fc3e3cafac71:SESSION-1274fc3e3cafac71	SESSION-1274fc3e3cafac71 → pe:syn:SESSION-1274fc3e3cafac71
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7752628607af1d9e:host:177.10.238.215:host:172.234.197.23	SESSION-7752628607af1d9e → host:177.10.238.215 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4fa0ca2c10982c45:SESSION-4fa0ca2c10982c45	SESSION-4fa0ca2c10982c45 → pe:syn:SESSION-4fa0ca2c10982c45
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-e8104be0e9171978:BSG-BEACON-f6c2b3d0e42d	SESSION-e8104be0e9171978 → BSG-BEACON-f6c2b3d0e42d
FLOW_FROM_HOSTOBS	e:from:SESSION-0ef3697a55617fe8:host:177.10.233.24	SESSION-0ef3697a55617fe8 → host:177.10.233.24
FLOW_DST_PORTOBS	e:fp:flow:35814e59c9a8:port:tcp:443	flow:35814e59c9a8 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-788920b93ac95b5f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-788920b93ac95b5f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:926143b4e410:port:tcp:443	flow:926143b4e410 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9485d3e307f01514:flow:f794bb54eca4	SESSION-9485d3e307f01514 → flow:f794bb54eca4
FLOW_TO_HOSTOBS	e:to:SESSION-e995e7d6e6aa04f6:host:45.173.156.29	SESSION-e995e7d6e6aa04f6 → host:45.173.156.29
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e6a07ad54f9ab5f8:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e6a07ad54f9ab5f8 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-85869808bb7240b3:SESSION-85869808bb7240b3	SESSION-85869808bb7240b3 → pe:dns:SESSION-85869808bb7240b3
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.204:asn:271410	host:131.196.28.204 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dda196b654200873:host:172.234.197.23:host:131.196.30.98	SESSION-dda196b654200873 → host:172.234.197.23 → host:131.196.30.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b61117bf3d91dba8:SESSION-b61117bf3d91dba8	SESSION-b61117bf3d91dba8 → pe:syn:SESSION-b61117bf3d91dba8
FLOW_FROM_HOSTOBS	e:from:SESSION-866725b3664820db:host:177.10.234.147	SESSION-866725b3664820db → host:177.10.234.147
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3ae59ca72364f9e1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3ae59ca72364f9e1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f02a050799431d6e:flow:ced56e2b617e	SESSION-f02a050799431d6e → flow:ced56e2b617e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1065c42d5133f02c:PCAP:capture_20260430150001:ded20914761d	SESSION-1065c42d5133f02c → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6d547ed30afcbb9f:SESSION-6d547ed30afcbb9f	SESSION-6d547ed30afcbb9f → pe:tls:SESSION-6d547ed30afcbb9f
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-2f997fef874b1b1e:BSG-BEACON-e07f4250263f	SESSION-2f997fef874b1b1e → BSG-BEACON-e07f4250263f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-09c0e42aa6120a11:flow:7d842f33d9ec	SESSION-09c0e42aa6120a11 → flow:7d842f33d9ec
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-be09ba54da571689:SESSION-be09ba54da571689	SESSION-be09ba54da571689 → pe:syn:SESSION-be09ba54da571689
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3944d5014504521:host:172.234.197.23	SESSION-e3944d5014504521 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-161d2a74a24978d6:flow:658b6a47bbe6	SESSION-161d2a74a24978d6 → flow:658b6a47bbe6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-458a0c6775d84d5e:PCAP:capture_20260430080001:93f47cc296a4	SESSION-458a0c6775d84d5e → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-7377b91dd9eda5d9:host:172.234.197.23	SESSION-7377b91dd9eda5d9 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0ea34ef73cf330d2:host:172.234.197.23	SESSION-0ea34ef73cf330d2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c806484b2435	flow:c806484b2435 → host:131.196.31.104 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb6c1367f6b2a786:host:177.10.237.73	SESSION-eb6c1367f6b2a786 → host:177.10.237.73
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4b8f135d82b00569:SESSION-4b8f135d82b00569	SESSION-4b8f135d82b00569 → pe:syn:SESSION-4b8f135d82b00569
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8cb5baa2c4d67a55:host:172.234.197.23:host:131.196.28.248	SESSION-8cb5baa2c4d67a55 → host:172.234.197.23 → host:131.196.28.248
FLOW_FROM_HOSTOBS	e:from:SESSION-a238538ee50c7862:host:131.196.28.10	SESSION-a238538ee50c7862 → host:131.196.28.10
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.173:geo_-23.62930_-46.63510	host:131.196.31.173 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-edf23c7505754934:SESSION-edf23c7505754934	SESSION-edf23c7505754934 → pe:syn:SESSION-edf23c7505754934
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9fed3e3a3ac1c6fb:SESSION-9fed3e3a3ac1c6fb	SESSION-9fed3e3a3ac1c6fb → pe:tls:SESSION-9fed3e3a3ac1c6fb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01b1445b3dd1d2e4:host:131.196.28.44	SESSION-01b1445b3dd1d2e4 → host:131.196.28.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-04737cadee3282a6:SESSION-04737cadee3282a6	SESSION-04737cadee3282a6 → pe:tls:SESSION-04737cadee3282a6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-20b594788160c43c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-20b594788160c43c → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ef354b4063646368:SESSION-ef354b4063646368	SESSION-ef354b4063646368 → pe:syn:SESSION-ef354b4063646368
FLOW_DST_PORTOBS	e:fp:flow:616dac6316b5:port:tcp:443	flow:616dac6316b5 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8382ccd890fe862:host:172.234.197.23	SESSION-f8382ccd890fe862 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-aec4f33b062c0e6b:BSG-DATA_EXFIL-0ab35a46403b	SESSION-aec4f33b062c0e6b → BSG-DATA_EXFIL-0ab35a46403b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de12aa9c0bf7f485:host:177.10.237.20	SESSION-de12aa9c0bf7f485 → host:177.10.237.20
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.35:asn:271410	host:131.196.28.35 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-de195b26c1af220a:host:177.10.232.60	SESSION-de195b26c1af220a → host:177.10.232.60
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5f3e8e9199df130f:flow:cde5bd61460b	SESSION-5f3e8e9199df130f → flow:cde5bd61460b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e791e8d702f57f3e:SESSION-e791e8d702f57f3e	SESSION-e791e8d702f57f3e → pe:tls:SESSION-e791e8d702f57f3e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd9b77a0701a4e1b:host:172.234.197.23	SESSION-fd9b77a0701a4e1b → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:1b8121d22a93	flow:1b8121d22a93 → host:172.234.197.23 → host:131.196.28.221 → port:tcp:40765
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e696cf5f8f6db7e6:host:177.10.232.115	SESSION-e696cf5f8f6db7e6 → host:177.10.232.115
FLOW_TO_HOSTOBS	e:to:SESSION-9433c1773faa9882:host:172.232.0.16	SESSION-9433c1773faa9882 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e405c5dfa444c3be:host:15.152.35.247	SESSION-e405c5dfa444c3be → host:15.152.35.247
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0e2a52b4f9db01a4:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0e2a52b4f9db01a4 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e991043fa3bca90d:host:172.234.197.23:host:177.10.233.102	SESSION-e991043fa3bca90d → host:172.234.197.23 → host:177.10.233.102
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-51257a0fcd8d6a04:SESSION-51257a0fcd8d6a04	SESSION-51257a0fcd8d6a04 → pe:tls:SESSION-51257a0fcd8d6a04
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d93e5dd98af62cc:host:131.196.28.216	SESSION-2d93e5dd98af62cc → host:131.196.28.216
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0948a596b6903965:host:177.10.237.101:host:172.234.197.23	SESSION-0948a596b6903965 → host:177.10.237.101 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-140ad048b49f1a57:host:131.196.31.73	SESSION-140ad048b49f1a57 → host:131.196.31.73
flow_observed5-aryOBS	e:fo:flow:da8162c3336a	flow:da8162c3336a → host:45.173.156.206 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.223:asn:262880	host:177.10.232.223 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a3df3a26ac38d69:SESSION-4a3df3a26ac38d69	SESSION-4a3df3a26ac38d69 → pe:syn:SESSION-4a3df3a26ac38d69
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b00e597f7260eb50:SESSION-b00e597f7260eb50	SESSION-b00e597f7260eb50 → pe:syn:SESSION-b00e597f7260eb50
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1bb46c5efd0c0159:SESSION-1bb46c5efd0c0159	SESSION-1bb46c5efd0c0159 → pe:tls:SESSION-1bb46c5efd0c0159
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1b90ecadb949fa3:host:131.196.28.237	SESSION-e1b90ecadb949fa3 → host:131.196.28.237
FLOW_TO_HOSTOBS	e:to:SESSION-6f2f5812045d2e3b:host:172.234.197.23	SESSION-6f2f5812045d2e3b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e920b338cbbee7b:host:131.196.29.76	SESSION-2e920b338cbbee7b → host:131.196.29.76
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6e2683c2a1a03e97:flow:2ff1be4df60b	SESSION-6e2683c2a1a03e97 → flow:2ff1be4df60b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b9f43ed2bc91ec43:flow:c1343c478a41	SESSION-b9f43ed2bc91ec43 → flow:c1343c478a41
FLOW_FROM_HOSTOBS	e:from:SESSION-8f5b7d4cd5351b11:host:177.10.233.88	SESSION-8f5b7d4cd5351b11 → host:177.10.233.88
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-567e9582c6914b15:host:172.234.197.23	SESSION-567e9582c6914b15 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-58f4b45cf908ad77:flow:3e386cf1d1a0	SESSION-58f4b45cf908ad77 → flow:3e386cf1d1a0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f3af12abbb2ff56:host:131.196.30.212	SESSION-1f3af12abbb2ff56 → host:131.196.30.212
FLOW_FROM_HOSTOBS	e:from:SESSION-b59030bd39741ab3:host:172.234.197.23	SESSION-b59030bd39741ab3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-310c82c2a589a705:host:172.234.197.23	SESSION-310c82c2a589a705 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ddf07020985eed3:SESSION-2ddf07020985eed3	SESSION-2ddf07020985eed3 → pe:tls:SESSION-2ddf07020985eed3
flow_observed5-aryOBS	e:fo:flow:c3ec42c5d25d	flow:c3ec42c5d25d → host:45.173.156.174 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.9:asn:262880	host:177.10.234.9 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-421b35b56ec8b984:SESSION-421b35b56ec8b984	SESSION-421b35b56ec8b984 → pe:tls:SESSION-421b35b56ec8b984
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f9479b510131ce6c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-f9479b510131ce6c → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-409db122b916fc83:host:31.40.196.102:host:172.234.197.23	SESSION-409db122b916fc83 → host:31.40.196.102 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5644212eea272a87:host:172.234.197.23	SESSION-5644212eea272a87 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4baa6f7cc0122cad:host:185.231.226.148	SESSION-4baa6f7cc0122cad → host:185.231.226.148
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.54:asn:262880	host:177.10.237.54 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:fd218fb5fdef:port:tcp:20021	flow:fd218fb5fdef → port:tcp:20021
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-937317105ded9efa:SESSION-937317105ded9efa	SESSION-937317105ded9efa → pe:tls:SESSION-937317105ded9efa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-379e8704803db8ae:host:172.234.197.23	SESSION-379e8704803db8ae → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5049b00b9614:port:tcp:13793	flow:5049b00b9614 → port:tcp:13793
FLOW_TO_HOSTOBS	e:to:SESSION-6b4b9c738c314ebf:host:131.196.28.0	SESSION-6b4b9c738c314ebf → host:131.196.28.0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-21cd302cb5783965:PCAP:capture_20260430070001:903a0e7a436b	SESSION-21cd302cb5783965 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:141481d8aead:port:tcp:3267	flow:141481d8aead → port:tcp:3267
FLOW_TO_HOSTOBS	e:to:SESSION-accb56e5453b3fbd:host:172.234.197.23	SESSION-accb56e5453b3fbd → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b880a07e89a760de:host:172.234.197.23:host:131.196.30.183	SESSION-b880a07e89a760de → host:172.234.197.23 → host:131.196.30.183
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c36eb4dd059a78a3:flow:91c1af006574	SESSION-c36eb4dd059a78a3 → flow:91c1af006574
FLOW_DST_PORTOBS	e:fp:flow:c30c42747916:port:tcp:443	flow:c30c42747916 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7a24ae76392ce429:host:131.196.29.237:host:172.234.197.23	SESSION-7a24ae76392ce429 → host:131.196.29.237 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:7577abd2e0d4	flow:7577abd2e0d4 → host:172.234.197.23 → host:131.196.31.19 → port:tcp:50423
FLOW_DST_PORTOBS	e:fp:flow:fada604550b4:port:tcp:443	flow:fada604550b4 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:b1ded13f1046:port:tcp:443	flow:b1ded13f1046 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-537378f36f2f8a26:flow:140ad25dbfdb	SESSION-537378f36f2f8a26 → flow:140ad25dbfdb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7d5ec38dc75ef648:host:131.196.29.154:host:172.234.197.23	SESSION-7d5ec38dc75ef648 → host:131.196.29.154 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e61b886c68594d41:host:172.234.197.23	SESSION-e61b886c68594d41 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:72d16f1d2a93:port:tcp:21927	flow:72d16f1d2a93 → port:tcp:21927
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b699e12e3fdc2278:host:177.10.236.115:host:172.234.197.23	SESSION-b699e12e3fdc2278 → host:177.10.236.115 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-715e4cea63e7cde7:SESSION-715e4cea63e7cde7	SESSION-715e4cea63e7cde7 → pe:tls:SESSION-715e4cea63e7cde7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa574f1f11f5b30b:host:172.234.197.23	SESSION-aa574f1f11f5b30b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ff2bd1b9d0923cc1:host:131.196.28.195:host:172.234.197.23	SESSION-ff2bd1b9d0923cc1 → host:131.196.28.195 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e28b3ef52579af3b:host:172.234.197.23	SESSION-e28b3ef52579af3b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:16f141b8a376:port:tcp:34746	flow:16f141b8a376 → port:tcp:34746
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-029d1f2d00b0343a:host:45.173.156.153	SESSION-029d1f2d00b0343a → host:45.173.156.153
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b6d44dc6146dcb58:SESSION-b6d44dc6146dcb58	SESSION-b6d44dc6146dcb58 → pe:syn:SESSION-b6d44dc6146dcb58
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-536e36b5c95ee442:host:31.40.196.151	SESSION-536e36b5c95ee442 → host:31.40.196.151
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08b637759d13ec04:host:131.196.30.201	SESSION-08b637759d13ec04 → host:131.196.30.201
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.160:geo_-23.62930_-46.63510	host:131.196.29.160 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b50835be4d5bba16:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-b50835be4d5bba16 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0553c47d8718786a:PCAP:capture_20260430110001:43611bdf6759	SESSION-0553c47d8718786a → PCAP:capture_20260430110001:43611bdf6759
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.84:geo_-16.28860_-49.01640	host:177.10.234.84 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5b3b10ff846570e8:SESSION-5b3b10ff846570e8	SESSION-5b3b10ff846570e8 → pe:tls:SESSION-5b3b10ff846570e8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c977b8f3627ab3c3:host:172.234.197.23:host:131.196.28.115	SESSION-c977b8f3627ab3c3 → host:172.234.197.23 → host:131.196.28.115
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5470436eecf7738e:SESSION-5470436eecf7738e	SESSION-5470436eecf7738e → pe:tls:SESSION-5470436eecf7738e
FLOW_DST_PORTOBS	e:fp:flow:5fa720d4626d:port:tcp:38199	flow:5fa720d4626d → port:tcp:38199
FLOW_DST_PORTOBS	e:fp:flow:ddd8280bfafc:port:tcp:47296	flow:ddd8280bfafc → port:tcp:47296
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-733b7037c38abbcf:SESSION-733b7037c38abbcf	SESSION-733b7037c38abbcf → pe:syn:SESSION-733b7037c38abbcf
FLOW_TO_HOSTOBS	e:to:SESSION-af1aec9a84a08d25:host:172.234.197.23	SESSION-af1aec9a84a08d25 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:26f60c160f6b	flow:26f60c160f6b → host:177.10.238.158 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:b247e5ff1470:port:tcp:443	flow:b247e5ff1470 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-464502b3105a6b82:flow:2f54bb1db205	SESSION-464502b3105a6b82 → flow:2f54bb1db205
flow_observed5-aryOBS	e:fo:flow:2bacf6d156d2	flow:2bacf6d156d2 → host:177.10.239.156 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-05ec7baf0d99b24d:BSG-BEACON-a1a38dfffb73	SESSION-05ec7baf0d99b24d → BSG-BEACON-a1a38dfffb73
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6bca989f2c390047:flow:5521a80044bf	SESSION-6bca989f2c390047 → flow:5521a80044bf
FLOW_FROM_HOSTOBS	e:from:SESSION-609881b75f195530:host:177.10.235.101	SESSION-609881b75f195530 → host:177.10.235.101
flow_observed4-aryOBS	e:fo:flow:5e088d8e5126	flow:5e088d8e5126 → host:172.234.197.23 → host:131.196.30.44 → port:tcp:31653
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1844a866ec523fcf:PCAP:capture_20260430160001:9bfa4498506a	SESSION-1844a866ec523fcf → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b2f232bbd4758bf:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7b2f232bbd4758bf → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-10d6a2736c7d59d6:PCAP:capture_20260430110001:43611bdf6759	SESSION-10d6a2736c7d59d6 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-420c45d015462611:SESSION-420c45d015462611	SESSION-420c45d015462611 → pe:tls:SESSION-420c45d015462611
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-27b2c896335b5c16:PCAP:capture_20260430050001:8868731bf8a4	SESSION-27b2c896335b5c16 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96639b4b4a33e422:SESSION-96639b4b4a33e422	SESSION-96639b4b4a33e422 → pe:syn:SESSION-96639b4b4a33e422
FLOW_FROM_HOSTOBS	e:from:SESSION-845630b36dc2dead:host:195.20.104.8	SESSION-845630b36dc2dead → host:195.20.104.8
FLOW_DST_PORTOBS	e:fp:flow:0975c7f9052d:port:tcp:443	flow:0975c7f9052d → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-704e3a6bbdc29013:flow:a20e1b3cc116	SESSION-704e3a6bbdc29013 → flow:a20e1b3cc116
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1fa8a238d1165695:PCAP:capture_20260430150001:ded20914761d	SESSION-1fa8a238d1165695 → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c58b004ff38abe14:host:177.10.236.60:host:172.234.197.23	SESSION-c58b004ff38abe14 → host:177.10.236.60 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fdca441bb1b3810b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-fdca441bb1b3810b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-28d97429831b8272:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-28d97429831b8272 → PCAP:capture_20260427230001:ca8bd1ce36e2
FLOW_DST_PORTOBS	e:fp:flow:73d3c2e14895:port:tcp:443	flow:73d3c2e14895 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5250861d994b3dc2:host:177.10.232.219:host:172.234.197.23	SESSION-5250861d994b3dc2 → host:177.10.232.219 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bcd94ff2cea5ca72:host:172.234.197.23	SESSION-bcd94ff2cea5ca72 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3f426eb3b5d19b7:host:172.234.197.23	SESSION-c3f426eb3b5d19b7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c0657272c618c6d4:host:177.10.237.248	SESSION-c0657272c618c6d4 → host:177.10.237.248
FLOW_FROM_HOSTOBS	e:from:SESSION-4fd6590fe23ccd99:host:172.234.197.23	SESSION-4fd6590fe23ccd99 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:658994ab5ea9:port:tcp:443	flow:658994ab5ea9 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-ad03ceeb377f3976:host:45.173.156.185	SESSION-ad03ceeb377f3976 → host:45.173.156.185
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8c3d14af1a5eb503:host:177.10.239.76:host:172.234.197.23	SESSION-8c3d14af1a5eb503 → host:177.10.239.76 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f12bb9f5880e55b:host:172.234.197.23	SESSION-4f12bb9f5880e55b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68b7f3c84c5e7661:PCAP:capture_20260430060001:919b39a74464	SESSION-68b7f3c84c5e7661 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-decb8c6a12a4d67a:SESSION-decb8c6a12a4d67a	SESSION-decb8c6a12a4d67a → pe:syn:SESSION-decb8c6a12a4d67a
FLOW_FROM_HOSTOBS	e:from:SESSION-87bc9df611d2f97d:host:177.10.237.118	SESSION-87bc9df611d2f97d → host:177.10.237.118
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.106:geo_-23.62930_-46.63510	host:131.196.29.106 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e6588ddd9fabb341:SESSION-e6588ddd9fabb341	SESSION-e6588ddd9fabb341 → pe:syn:SESSION-e6588ddd9fabb341
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2fc2bfb2b0c4767b:SESSION-2fc2bfb2b0c4767b	SESSION-2fc2bfb2b0c4767b → pe:syn:SESSION-2fc2bfb2b0c4767b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99752db79d6c830d:host:172.234.197.23	SESSION-99752db79d6c830d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fe19785c0b66:port:tcp:62456	flow:fe19785c0b66 → port:tcp:62456
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-97e21cf514a48728:flow:82f753dafc19	SESSION-97e21cf514a48728 → flow:82f753dafc19
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f6479625c7774ad:host:172.234.197.23	SESSION-9f6479625c7774ad → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a074f157090defb0:host:131.196.30.68	SESSION-a074f157090defb0 → host:131.196.30.68
flow_observed5-aryOBS	e:fo:flow:1367069131cb	flow:1367069131cb → host:177.10.239.192 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4ba4bb01be574ad6:host:131.196.29.168:host:172.234.197.23	SESSION-4ba4bb01be574ad6 → host:131.196.29.168 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-158ec8f739ce5586:SESSION-158ec8f739ce5586	SESSION-158ec8f739ce5586 → pe:syn:SESSION-158ec8f739ce5586
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-70cb56f6bea3d067:host:177.10.234.28:host:172.234.197.23	SESSION-70cb56f6bea3d067 → host:177.10.234.28 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6ee088f254667f6a:host:131.196.28.175	SESSION-6ee088f254667f6a → host:131.196.28.175
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-49ea8e2d7734ace3:host:177.10.232.122:host:172.234.197.23	SESSION-49ea8e2d7734ace3 → host:177.10.232.122 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:94d0973c3a82:port:tcp:443	flow:94d0973c3a82 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-310c82c2a589a705:host:177.10.237.108	SESSION-310c82c2a589a705 → host:177.10.237.108
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5d5941c68a821530:SESSION-5d5941c68a821530	SESSION-5d5941c68a821530 → pe:syn:SESSION-5d5941c68a821530
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c9c0456097f35e54:host:177.10.232.159:host:172.234.197.23	SESSION-c9c0456097f35e54 → host:177.10.232.159 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b3b10ff846570e8:SESSION-5b3b10ff846570e8	SESSION-5b3b10ff846570e8 → pe:syn:SESSION-5b3b10ff846570e8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c76cb7a55699fff8:SESSION-c76cb7a55699fff8	SESSION-c76cb7a55699fff8 → pe:tls:SESSION-c76cb7a55699fff8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77690ed69567f90d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-77690ed69567f90d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cf85e37468f1ff86:PCAP:capture_20260430070001:903a0e7a436b	SESSION-cf85e37468f1ff86 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-532708ef58f2707f:host:54.200.68.109	SESSION-532708ef58f2707f → host:54.200.68.109
FLOW_TO_HOSTOBS	e:to:SESSION-78ad99b8772b1e3f:host:172.234.197.23	SESSION-78ad99b8772b1e3f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-592c559641abdde0:host:172.234.197.23	SESSION-592c559641abdde0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-67ec60ac13d58093:SESSION-67ec60ac13d58093	SESSION-67ec60ac13d58093 → pe:syn:SESSION-67ec60ac13d58093
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-33fdede36596a62f:SESSION-33fdede36596a62f	SESSION-33fdede36596a62f → pe:tls:SESSION-33fdede36596a62f
FLOW_DST_PORTOBS	e:fp:flow:f1090b78c826:port:tcp:443	flow:f1090b78c826 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19f74a6b62d527a5:host:172.234.197.23	SESSION-19f74a6b62d527a5 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c42fa8d9585a	flow:c42fa8d9585a → host:177.10.235.144 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:06feb1171a7e	flow:06feb1171a7e → host:177.10.238.161 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:1c77732db387	flow:1c77732db387 → host:45.173.156.198 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-12096b18b6e78b60:host:172.234.197.23	SESSION-12096b18b6e78b60 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-da377d395ffcc3d3:host:177.10.234.32	SESSION-da377d395ffcc3d3 → host:177.10.234.32
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2338a143c0830527:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2338a143c0830527 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-13f8871a9bd8cb8e:SESSION-13f8871a9bd8cb8e	SESSION-13f8871a9bd8cb8e → pe:tls:SESSION-13f8871a9bd8cb8e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.125:asn:262880	host:177.10.235.125 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5972a3b732445423:host:172.234.197.23	SESSION-5972a3b732445423 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ecc0c586896302d2:flow:38ea79073761	SESSION-ecc0c586896302d2 → flow:38ea79073761
FLOW_TO_HOSTOBS	e:to:SESSION-70f9355e024c975b:host:172.234.197.23	SESSION-70f9355e024c975b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-122a5b909d033cbb:host:124.198.131.220:host:172.234.197.23	SESSION-122a5b909d033cbb → host:124.198.131.220 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2edb1208bb0bd400:host:172.234.197.23:host:131.196.30.39	SESSION-2edb1208bb0bd400 → host:172.234.197.23 → host:131.196.30.39
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b63214403b2d20c7:SESSION-b63214403b2d20c7	SESSION-b63214403b2d20c7 → pe:tls:SESSION-b63214403b2d20c7
FLOW_TO_HOSTOBS	e:to:SESSION-c3957034b2fd24e8:host:131.196.31.100	SESSION-c3957034b2fd24e8 → host:131.196.31.100
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-76bcf8447ee973fd:SESSION-76bcf8447ee973fd	SESSION-76bcf8447ee973fd → pe:syn:SESSION-76bcf8447ee973fd
FLOW_DST_PORTOBS	e:fp:flow:7c3ca69b9bbe:port:tcp:443	flow:7c3ca69b9bbe → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-13bd66b79cddeec8:host:177.10.232.80	SESSION-13bd66b79cddeec8 → host:177.10.232.80
FLOW_DST_PORTOBS	e:fp:flow:ea0e53107fcd:port:tcp:443	flow:ea0e53107fcd → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7e7ccd5c552e41a1:SESSION-7e7ccd5c552e41a1	SESSION-7e7ccd5c552e41a1 → pe:tls:SESSION-7e7ccd5c552e41a1
FLOW_DST_PORTOBS	e:fp:flow:956357409f9d:port:tcp:138	flow:956357409f9d → port:tcp:138
flow_observed5-aryOBS	e:fo:flow:0196cbb8b95d	flow:0196cbb8b95d → host:177.10.237.12 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-d5d249db6ec3f34e:host:131.196.30.191	SESSION-d5d249db6ec3f34e → host:131.196.30.191
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ca44e56e93546a2c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-ca44e56e93546a2c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:9f0c432ad89d	flow:9f0c432ad89d → host:57.128.95.174 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f355ffd88e7f5027:SESSION-f355ffd88e7f5027	SESSION-f355ffd88e7f5027 → pe:syn:SESSION-f355ffd88e7f5027
FLOW_TO_HOSTOBS	e:to:SESSION-5252ca05229eda25:host:172.234.197.23	SESSION-5252ca05229eda25 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6302410381b3:port:tcp:443	flow:6302410381b3 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f7b35d3dad632382:PCAP:capture_20260430080001:93f47cc296a4	SESSION-f7b35d3dad632382 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c07bee6bb583aca:host:172.234.197.23	SESSION-8c07bee6bb583aca → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:0064e8629093	flow:0064e8629093 → host:172.234.197.23 → host:177.10.234.27 → port:tcp:54552
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.208:geo_41.00190_28.96450	host:95.170.25.208 → geo_41.00190_28.96450
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-09e72a02b44d9649:host:177.10.236.153:host:172.234.197.23	SESSION-09e72a02b44d9649 → host:177.10.236.153 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bb20bb92bfdba895:host:131.196.30.168:host:172.234.197.23	SESSION-bb20bb92bfdba895 → host:131.196.30.168 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99ffd8e203ea7715:host:131.196.29.232	SESSION-99ffd8e203ea7715 → host:131.196.29.232
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-174ad36923ec98ba:host:172.234.197.23:host:177.10.238.87	SESSION-174ad36923ec98ba → host:172.234.197.23 → host:177.10.238.87
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2df4632ec7c2c624:flow:8bce020bb4f5	SESSION-2df4632ec7c2c624 → flow:8bce020bb4f5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54127ab649dd8e15:host:172.234.197.23	SESSION-54127ab649dd8e15 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7bd472de7dbc823f:SESSION-7bd472de7dbc823f	SESSION-7bd472de7dbc823f → pe:tls:SESSION-7bd472de7dbc823f
flow_observed5-aryOBS	e:fo:flow:c9e8ca0a8147	flow:c9e8ca0a8147 → host:177.10.237.203 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:afe32a0820ec:port:tcp:443	flow:afe32a0820ec → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a9beff4b34540729:host:177.10.235.250:host:172.234.197.23	SESSION-a9beff4b34540729 → host:177.10.235.250 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e2f5f99625dcfae4:host:3.102.147.184	SESSION-e2f5f99625dcfae4 → host:3.102.147.184
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92c4be10fc1322be:host:177.10.236.51	SESSION-92c4be10fc1322be → host:177.10.236.51
FLOW_TO_HOSTOBS	e:to:SESSION-4ef734d9bbeb2d12:host:172.234.197.23	SESSION-4ef734d9bbeb2d12 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-72e48e4dc313a64d:SESSION-72e48e4dc313a64d	SESSION-72e48e4dc313a64d → pe:syn:SESSION-72e48e4dc313a64d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.56:geo_-23.62930_-46.63510	host:131.196.30.56 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-baf09a66da0e4962:PCAP:capture_20260430090001:065659c7d314	SESSION-baf09a66da0e4962 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-08eebf44a6874d1b:SESSION-08eebf44a6874d1b	SESSION-08eebf44a6874d1b → pe:syn:SESSION-08eebf44a6874d1b
flow_observed5-aryOBS	e:fo:flow:d91049f8faa7	flow:d91049f8faa7 → host:95.170.25.87 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab75a0984f628f7a:host:172.234.197.23	SESSION-ab75a0984f628f7a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4c57767f623d:port:tcp:443	flow:4c57767f623d → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:fa03de97d438	flow:fa03de97d438 → host:172.234.197.23 → host:177.10.234.33 → port:tcp:4429
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de23fe28677c4a6e:host:172.234.197.23	SESSION-de23fe28677c4a6e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:550a225d20a6:port:tcp:443	flow:550a225d20a6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9354322f5192915a:host:172.234.197.23	SESSION-9354322f5192915a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-065e72b14a827150:host:172.234.197.23	SESSION-065e72b14a827150 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e1aa0d90742fe552:flow:5900a1534891	SESSION-e1aa0d90742fe552 → flow:5900a1534891
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a6b62b6aad076f58:SESSION-a6b62b6aad076f58	SESSION-a6b62b6aad076f58 → pe:tls:SESSION-a6b62b6aad076f58
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db62c05acb7f0b0b:SESSION-db62c05acb7f0b0b	SESSION-db62c05acb7f0b0b → pe:syn:SESSION-db62c05acb7f0b0b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb7f3482601c970a:SESSION-cb7f3482601c970a	SESSION-cb7f3482601c970a → pe:tls:SESSION-cb7f3482601c970a
flow_observed5-aryOBS	e:fo:flow:6ad316de0461	flow:6ad316de0461 → host:131.196.29.78 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b3a25d201ec7d699:SESSION-b3a25d201ec7d699	SESSION-b3a25d201ec7d699 → pe:tls:SESSION-b3a25d201ec7d699
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4fd5cc70e8cf2108:flow:da47990b0d54	SESSION-4fd5cc70e8cf2108 → flow:da47990b0d54
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dc1a3553c9b143c5:SESSION-dc1a3553c9b143c5	SESSION-dc1a3553c9b143c5 → pe:tls:SESSION-dc1a3553c9b143c5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9963b3b3d702eb6e:flow:37f76ce330d4	SESSION-9963b3b3d702eb6e → flow:37f76ce330d4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1a82d55b52198391:flow:16d412ae36b6	SESSION-1a82d55b52198391 → flow:16d412ae36b6
FLOW_DST_PORTOBS	e:fp:flow:9d3bfcd21805:port:tcp:443	flow:9d3bfcd21805 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3d6a52e82bb8db7f:SESSION-3d6a52e82bb8db7f	SESSION-3d6a52e82bb8db7f → pe:tls:SESSION-3d6a52e82bb8db7f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.68:geo_-21.10010_-41.69200	host:45.173.156.68 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d0c24f0912a7520:host:131.196.29.22	SESSION-9d0c24f0912a7520 → host:131.196.29.22
FLOW_DST_PORTOBS	e:fp:flow:11fff8b667ab:port:tcp:80	flow:11fff8b667ab → port:tcp:80
FLOW_FROM_HOSTOBS	e:from:SESSION-f5f3ac5dec394466:host:177.10.232.56	SESSION-f5f3ac5dec394466 → host:177.10.232.56
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5bd73118ac3f9f7:SESSION-b5bd73118ac3f9f7	SESSION-b5bd73118ac3f9f7 → pe:syn:SESSION-b5bd73118ac3f9f7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29e21c95f9df9427:host:172.234.197.23	SESSION-29e21c95f9df9427 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5491ebf26b201b1a:host:92.118.39.236:host:172.234.197.23	SESSION-5491ebf26b201b1a → host:92.118.39.236 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-364411d92a5a41bf:host:172.234.197.23	SESSION-364411d92a5a41bf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7ac71f2f2355e0bb:SESSION-7ac71f2f2355e0bb	SESSION-7ac71f2f2355e0bb → pe:tls:SESSION-7ac71f2f2355e0bb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ddb6310055a59be:host:172.234.197.23	SESSION-4ddb6310055a59be → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:174.202.97.85:geo_38.95820_-85.88750	host:174.202.97.85 → geo_38.95820_-85.88750
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bedd6d77774b5e6:host:172.234.197.23	SESSION-3bedd6d77774b5e6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8c07bee6bb583aca:SESSION-8c07bee6bb583aca	SESSION-8c07bee6bb583aca → pe:syn:SESSION-8c07bee6bb583aca
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3c6f10f20f24d7ff:host:172.234.197.23:host:177.10.234.5	SESSION-3c6f10f20f24d7ff → host:172.234.197.23 → host:177.10.234.5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dbe0692b3b05f921:host:172.234.197.23	SESSION-dbe0692b3b05f921 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4fb4b7758d99e149:flow:7402fc14b309	SESSION-4fb4b7758d99e149 → flow:7402fc14b309
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.200:geo_-16.28860_-49.01640	host:177.10.235.200 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1f78283937123fd5:host:177.10.239.136:host:172.234.197.23	SESSION-1f78283937123fd5 → host:177.10.239.136 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d4fb8a50f2916880:host:172.234.197.23	SESSION-d4fb8a50f2916880 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa26c3a0a6de1666:host:177.10.233.172	SESSION-aa26c3a0a6de1666 → host:177.10.233.172
flow_observed5-aryOBS	e:fo:flow:95e6c73ff7d7	flow:95e6c73ff7d7 → host:45.173.156.116 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9a5aae11508cfd60:SESSION-9a5aae11508cfd60	SESSION-9a5aae11508cfd60 → pe:syn:SESSION-9a5aae11508cfd60
FLOW_DST_PORTOBS	e:fp:flow:62bdf54a4e6f:port:tcp:443	flow:62bdf54a4e6f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-ef7241157e60b5c0:SESSION-ef7241157e60b5c0	SESSION-ef7241157e60b5c0 → pe:rst:SESSION-ef7241157e60b5c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7ece8090c9a4b7f:host:172.234.197.23	SESSION-c7ece8090c9a4b7f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-760c61036eedf2e4:PCAP:capture_20260430110001:43611bdf6759	SESSION-760c61036eedf2e4 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35e3c61c67455ba8:host:172.234.197.23	SESSION-35e3c61c67455ba8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a29ca5d80bc122d0:host:172.234.197.23	SESSION-a29ca5d80bc122d0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e488bd001486e0ee:host:177.10.237.147	SESSION-e488bd001486e0ee → host:177.10.237.147
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38739a517334cf5a:host:172.234.197.23	SESSION-38739a517334cf5a → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a7a308f001e2	flow:a7a308f001e2 → host:172.234.197.23 → host:45.173.156.219 → port:tcp:46673
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65aa50b6e4bd0a70:host:172.234.197.23	SESSION-65aa50b6e4bd0a70 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-43a9f8d54e48850a:host:131.196.31.168	SESSION-43a9f8d54e48850a → host:131.196.31.168
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5e7f6e07782bad0e:host:45.173.156.99:host:172.234.197.23	SESSION-5e7f6e07782bad0e → host:45.173.156.99 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.86:geo_-16.28860_-49.01640	host:177.10.238.86 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:d196788d241e:port:tcp:60321	flow:d196788d241e → port:tcp:60321
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5a9915da62b53f74:host:131.196.29.138:host:172.234.197.23	SESSION-5a9915da62b53f74 → host:131.196.29.138 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4ffce8b6e53dd75:host:172.234.197.23	SESSION-a4ffce8b6e53dd75 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-083cc9a3854de3cd:host:172.234.197.23	SESSION-083cc9a3854de3cd → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.95:asn:262880	host:177.10.235.95 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:0338b37a2569:port:tcp:443	flow:0338b37a2569 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8984df52681cb36:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c8984df52681cb36 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-35e3c61c67455ba8:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-35e3c61c67455ba8 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b3057ab5d68c477:PCAP:capture_20260430070001:903a0e7a436b	SESSION-5b3057ab5d68c477 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.203:geo_-23.62930_-46.63510	host:131.196.29.203 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-380f5751cd3ba7da:SESSION-380f5751cd3ba7da	SESSION-380f5751cd3ba7da → pe:syn:SESSION-380f5751cd3ba7da
flow_observed5-aryOBS	e:fo:flow:704a2ea51294	flow:704a2ea51294 → host:131.196.30.81 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23efb1317beab0b3:host:172.234.197.23	SESSION-23efb1317beab0b3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee14fe05044df9df:host:177.10.239.39	SESSION-ee14fe05044df9df → host:177.10.239.39
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f1e9c5398b5e18f4:host:172.234.197.23	SESSION-f1e9c5398b5e18f4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b338c508fb604797:host:172.234.197.23	SESSION-b338c508fb604797 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c54e8a5253d053d:host:177.10.235.169	SESSION-8c54e8a5253d053d → host:177.10.235.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f35e45e57d830f4:host:172.234.197.23	SESSION-2f35e45e57d830f4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b14f4f7e9ebbac1:host:131.196.30.67	SESSION-8b14f4f7e9ebbac1 → host:131.196.30.67
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-574ff4efae76e1f7:SESSION-574ff4efae76e1f7	SESSION-574ff4efae76e1f7 → pe:syn:SESSION-574ff4efae76e1f7
FLOW_TO_HOSTOBS	e:to:SESSION-d27008d937f2d8be:host:172.234.197.23	SESSION-d27008d937f2d8be → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-81c8b3fdf002e09e:host:177.10.236.146	SESSION-81c8b3fdf002e09e → host:177.10.236.146
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa0381bae4f9498b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-aa0381bae4f9498b → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed4-aryOBS	e:fo:flow:eede1b220cc5	flow:eede1b220cc5 → host:172.234.197.23 → host:177.10.239.184 → port:tcp:35403
HOST_IN_ASNOBS 85%	e:ha:host:35.94.26.156:asn:16509	host:35.94.26.156 → asn:16509
flow_observed5-aryOBS	e:fo:flow:fd14252bea53	flow:fd14252bea53 → host:131.196.30.31 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-55d7f3379dec0798:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-55d7f3379dec0798 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4af5e0493e3bd78c:host:172.234.197.23	SESSION-4af5e0493e3bd78c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-11a1cfec66708475:host:177.10.238.221	SESSION-11a1cfec66708475 → host:177.10.238.221
FLOW_TO_HOSTOBS	e:to:SESSION-67a710d2531b2faa:host:172.234.197.23	SESSION-67a710d2531b2faa → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0146df147eb3c3bd:host:172.234.197.23:host:131.196.31.92	SESSION-0146df147eb3c3bd → host:172.234.197.23 → host:131.196.31.92
FLOW_FROM_HOSTOBS	e:from:SESSION-74f51cf412342155:host:172.234.197.23	SESSION-74f51cf412342155 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-189d055e7be1f56c:flow:9a29e8344629	SESSION-189d055e7be1f56c → flow:9a29e8344629
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.12:geo_-16.28860_-49.01640	host:177.10.232.12 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.46:asn:262880	host:177.10.237.46 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:104.28.157.111:geo_37.33880_-121.89160	host:104.28.157.111 → geo_37.33880_-121.89160
flow_observed4-aryOBS	e:fo:flow:2efde4485be8	flow:2efde4485be8 → host:172.234.197.23 → host:177.10.235.248 → port:tcp:21693
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4fb1f3797e8f19a3:SESSION-4fb1f3797e8f19a3	SESSION-4fb1f3797e8f19a3 → pe:tls:SESSION-4fb1f3797e8f19a3
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.221:asn:262880	host:177.10.236.221 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0b8b90e300d9c11:host:177.10.234.161	SESSION-b0b8b90e300d9c11 → host:177.10.234.161
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3988a9d0230ebd4d:PCAP:capture_20260430150001:ded20914761d	SESSION-3988a9d0230ebd4d → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.82:geo_-21.10010_-41.69200	host:45.173.156.82 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-512816cd1ae61d60:SESSION-512816cd1ae61d60	SESSION-512816cd1ae61d60 → pe:syn:SESSION-512816cd1ae61d60
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.178:asn:262880	host:177.10.234.178 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-68a45a74f687a5a4:SESSION-68a45a74f687a5a4	SESSION-68a45a74f687a5a4 → pe:tls:SESSION-68a45a74f687a5a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.166:asn:262880	host:177.10.235.166 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b2bcd9d2c0b41b4:host:131.196.30.32	SESSION-9b2bcd9d2c0b41b4 → host:131.196.30.32
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-742c2d67dec63a6f:host:172.234.197.23	SESSION-742c2d67dec63a6f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c2474adee374207e:SESSION-c2474adee374207e	SESSION-c2474adee374207e → pe:tls:SESSION-c2474adee374207e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-56d3b103682c9fbe:SESSION-56d3b103682c9fbe	SESSION-56d3b103682c9fbe → pe:tls:SESSION-56d3b103682c9fbe
FLOW_FROM_HOSTOBS	e:from:SESSION-998c67ab79f4e23e:host:177.10.236.122	SESSION-998c67ab79f4e23e → host:177.10.236.122
flow_observed5-aryOBS	e:fo:flow:a11f7059b6b2	flow:a11f7059b6b2 → host:131.196.31.197 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-07e54ca458e8eeab:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-07e54ca458e8eeab → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6b70cce2b53886b:host:172.234.197.23	SESSION-e6b70cce2b53886b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b4751d88925ba5f3:host:172.234.197.23	SESSION-b4751d88925ba5f3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a3417e991c57bd21:flow:f1fbed100f42	SESSION-a3417e991c57bd21 → flow:f1fbed100f42
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a8376f0f57e00ff1:PCAP:capture_20260430080001:93f47cc296a4	SESSION-a8376f0f57e00ff1 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-805fb07d7b5cb44b:SESSION-805fb07d7b5cb44b	SESSION-805fb07d7b5cb44b → pe:tls:SESSION-805fb07d7b5cb44b
FLOW_TO_HOSTOBS	e:to:SESSION-23deab886ec517b0:host:177.10.236.63	SESSION-23deab886ec517b0 → host:177.10.236.63
FLOW_FROM_HOSTOBS	e:from:SESSION-1af702d2aa4c9d9d:host:177.10.234.153	SESSION-1af702d2aa4c9d9d → host:177.10.234.153
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.115:asn:262880	host:177.10.236.115 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-122a5b909d033cbb:host:124.198.131.220	SESSION-122a5b909d033cbb → host:124.198.131.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-34c02a09bd1ab4d1:SESSION-34c02a09bd1ab4d1	SESSION-34c02a09bd1ab4d1 → pe:syn:SESSION-34c02a09bd1ab4d1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dca9298136f0125a:host:172.234.197.23	SESSION-dca9298136f0125a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ccde81b4fef5a18e:SESSION-ccde81b4fef5a18e	SESSION-ccde81b4fef5a18e → pe:tls:SESSION-ccde81b4fef5a18e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f302c09f7d22a8d1:host:177.10.236.63:host:172.234.197.23	SESSION-f302c09f7d22a8d1 → host:177.10.236.63 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-924bf50c0164bb1b:host:172.234.197.23	SESSION-924bf50c0164bb1b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60d7d302576d36ac:host:131.196.31.233	SESSION-60d7d302576d36ac → host:131.196.31.233
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-85c181ffe8433ff0:SESSION-85c181ffe8433ff0	SESSION-85c181ffe8433ff0 → pe:syn:SESSION-85c181ffe8433ff0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-58209016b963372b:SESSION-58209016b963372b	SESSION-58209016b963372b → pe:tls:SESSION-58209016b963372b
flow_observed5-aryOBS	e:fo:flow:dd0bd79c32ac	flow:dd0bd79c32ac → host:45.173.156.92 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.225:asn:271410	host:131.196.30.225 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-76cae08532c4b8eb:SESSION-76cae08532c4b8eb	SESSION-76cae08532c4b8eb → pe:syn:SESSION-76cae08532c4b8eb
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.54:geo_-23.62930_-46.63510	host:131.196.29.54 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-9c0ba3366d883914:host:131.196.31.92	SESSION-9c0ba3366d883914 → host:131.196.31.92
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-492b019ad94826ae:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-492b019ad94826ae → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:015971f697e9	flow:015971f697e9 → host:172.234.197.23 → host:177.10.234.81 → port:tcp:56782
FLOW_DST_PORTOBS	e:fp:flow:e49717db3c30:port:tcp:443	flow:e49717db3c30 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-d58cfad877959bea:host:172.234.197.23	SESSION-d58cfad877959bea → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-55ef1be4460b895e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-55ef1be4460b895e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1c5519b0e5712e1e:SESSION-1c5519b0e5712e1e	SESSION-1c5519b0e5712e1e → pe:syn:SESSION-1c5519b0e5712e1e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3f25ebe7728e5694:PCAP:capture_20260430070001:903a0e7a436b	SESSION-3f25ebe7728e5694 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-180bc1efe2db3897:host:172.234.197.23	SESSION-180bc1efe2db3897 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:c180406a2791	flow:c180406a2791 → host:172.234.197.23 → host:45.173.156.3 → port:tcp:646
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b7cd4519c0a4eb9:host:177.10.235.12	SESSION-2b7cd4519c0a4eb9 → host:177.10.235.12
FLOW_FROM_HOSTOBS	e:from:SESSION-a0efb63412ce5061:host:172.234.197.23	SESSION-a0efb63412ce5061 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ffb355c8f64da05f:host:45.173.156.201	SESSION-ffb355c8f64da05f → host:45.173.156.201
flow_observed4-aryOBS	e:fo:flow:505ce40fcfde	flow:505ce40fcfde → host:172.234.197.23 → host:177.10.237.122 → port:tcp:16590
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b475107bbd97ed39:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b475107bbd97ed39 → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.135:asn:262880	host:177.10.232.135 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7ac052262d51e17:host:172.234.197.23	SESSION-b7ac052262d51e17 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c124aef8e6ea7da5:SESSION-c124aef8e6ea7da5	SESSION-c124aef8e6ea7da5 → pe:tls:SESSION-c124aef8e6ea7da5
FLOW_TO_HOSTOBS	e:to:SESSION-f0a8fa8ac12ff0c6:host:177.10.233.61	SESSION-f0a8fa8ac12ff0c6 → host:177.10.233.61
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b71b9d0133c3b30:host:131.196.31.142	SESSION-0b71b9d0133c3b30 → host:131.196.31.142
FLOW_FROM_HOSTOBS	e:from:SESSION-ffe6ab3345b8c10e:host:177.10.235.215	SESSION-ffe6ab3345b8c10e → host:177.10.235.215
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4d0ab62891a0a5c:host:131.196.28.246	SESSION-d4d0ab62891a0a5c → host:131.196.28.246
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c16307b11a026263:SESSION-c16307b11a026263	SESSION-c16307b11a026263 → pe:syn:SESSION-c16307b11a026263
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0799ff092dfcce41:flow:a4b42408e8d1	SESSION-0799ff092dfcce41 → flow:a4b42408e8d1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.186.85.102:geo_45.84010_-119.70500	host:54.186.85.102 → geo_45.84010_-119.70500
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-499399e6896a45f7:SESSION-499399e6896a45f7	SESSION-499399e6896a45f7 → pe:syn:SESSION-499399e6896a45f7
FLOW_FROM_HOSTOBS	e:from:SESSION-e7e8f7da56292748:host:177.10.239.137	SESSION-e7e8f7da56292748 → host:177.10.239.137
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.67:asn:262880	host:177.10.232.67 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:16.112.8.242:asn:16509	host:16.112.8.242 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-312ea7073c45e21c:host:172.234.197.23	SESSION-312ea7073c45e21c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-113354c1b6207940:flow:29bfaeba90ca	SESSION-113354c1b6207940 → flow:29bfaeba90ca
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a07ffa981e156af1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a07ffa981e156af1 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-e2f1e05754e84c30:host:131.196.30.62	SESSION-e2f1e05754e84c30 → host:131.196.30.62
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0553c47d8718786a:flow:f82606c83b27	SESSION-0553c47d8718786a → flow:f82606c83b27
FLOW_TO_HOSTOBS	e:to:SESSION-11ee8787e5fc7b06:host:172.234.197.23	SESSION-11ee8787e5fc7b06 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-caf4287e8000c114:host:104.28.157.111	SESSION-caf4287e8000c114 → host:104.28.157.111
flow_observed5-aryOBS	e:fo:flow:15bb30ff8217	flow:15bb30ff8217 → host:45.173.156.138 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-036bdbf16af23428:host:177.10.237.160:host:172.234.197.23	SESSION-036bdbf16af23428 → host:177.10.237.160 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ee2f1f025d37aa07:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ee2f1f025d37aa07 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-923cb7ae7a40da65:host:172.234.197.23	SESSION-923cb7ae7a40da65 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-691bf265b7044ac7:host:177.10.234.6	SESSION-691bf265b7044ac7 → host:177.10.234.6
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.99:asn:262880	host:177.10.237.99 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ed3cc3ecfbc3d3c:host:131.196.30.69	SESSION-7ed3cc3ecfbc3d3c → host:131.196.30.69
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2289078120ff48cc:host:172.234.197.23:host:177.10.237.90	SESSION-2289078120ff48cc → host:172.234.197.23 → host:177.10.237.90
flow_observed5-aryOBS	e:fo:flow:05d75aa3840a	flow:05d75aa3840a → host:131.196.30.50 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c49f5291ee3911b4:flow:7f517bebfe14	SESSION-c49f5291ee3911b4 → flow:7f517bebfe14
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e3fba4062f618c50:flow:80ec3ae98c0c	SESSION-e3fba4062f618c50 → flow:80ec3ae98c0c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-41f0125815f54041:flow:ddce067a4751	SESSION-41f0125815f54041 → flow:ddce067a4751
FLOW_FROM_HOSTOBS	e:from:SESSION-b977b804ba3f4edd:host:104.28.234.79	SESSION-b977b804ba3f4edd → host:104.28.234.79
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d55d0fcf91e9ec79:flow:89e07491d359	SESSION-d55d0fcf91e9ec79 → flow:89e07491d359
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-99d54d6eadbc1138:host:172.234.197.23:host:45.173.156.41	SESSION-99d54d6eadbc1138 → host:172.234.197.23 → host:45.173.156.41
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fc3065336ab4dc3e:SESSION-fc3065336ab4dc3e	SESSION-fc3065336ab4dc3e → pe:tls:SESSION-fc3065336ab4dc3e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-64913b40dfec355f:SESSION-64913b40dfec355f	SESSION-64913b40dfec355f → pe:syn:SESSION-64913b40dfec355f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d6c901db44791138:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-d6c901db44791138 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.95:asn:273470	host:45.173.156.95 → asn:273470
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-9d65a28f7cbebfeb:BSG-BEACON-d4175b7190c4	SESSION-9d65a28f7cbebfeb → BSG-BEACON-d4175b7190c4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9bc5f3d34b7b8244:flow:9ad548b3b589	SESSION-9bc5f3d34b7b8244 → flow:9ad548b3b589
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f3cf945d3d1ddd41:PCAP:capture_20260430090001:065659c7d314	SESSION-f3cf945d3d1ddd41 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1745753d6a990e0e:host:177.10.238.70	SESSION-1745753d6a990e0e → host:177.10.238.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-84891f6788a8f194:SESSION-84891f6788a8f194	SESSION-84891f6788a8f194 → pe:tls:SESSION-84891f6788a8f194
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7d2803f457704e39:SESSION-7d2803f457704e39	SESSION-7d2803f457704e39 → pe:syn:SESSION-7d2803f457704e39
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.167:asn:262880	host:177.10.232.167 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-650f1a0c083a2aeb:host:172.234.197.23	SESSION-650f1a0c083a2aeb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84a17a716ed94f5c:host:131.196.28.162	SESSION-84a17a716ed94f5c → host:131.196.28.162
FLOW_FROM_HOSTOBS	e:from:SESSION-b7b7470a9d5ba162:host:172.234.197.23	SESSION-b7b7470a9d5ba162 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a10047b74101a9ce:host:177.10.238.106	SESSION-a10047b74101a9ce → host:177.10.238.106
FLOW_TO_HOSTOBS	e:to:SESSION-dc82e917a0ac0289:host:172.234.197.23	SESSION-dc82e917a0ac0289 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f1de6d316dd7305f:host:131.196.31.173	SESSION-f1de6d316dd7305f → host:131.196.31.173
flow_observed5-aryOBS	e:fo:flow:a5157ecee7f0	flow:a5157ecee7f0 → host:177.10.236.232 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:a9fcf5a4600f	flow:a9fcf5a4600f → host:172.234.197.23 → host:177.10.239.8 → port:tcp:13804
FLOW_FROM_HOSTOBS	e:from:SESSION-7e812ffe43c670dc:host:131.196.29.191	SESSION-7e812ffe43c670dc → host:131.196.29.191
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a1214f59f834d98:host:131.196.29.156	SESSION-8a1214f59f834d98 → host:131.196.29.156
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f5828198604c26af:flow:61851684d751	SESSION-f5828198604c26af → flow:61851684d751
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-43a9f8d54e48850a:flow:b6b6d1180ef3	SESSION-43a9f8d54e48850a → flow:b6b6d1180ef3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0ad9c0df7a65aa03:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0ad9c0df7a65aa03 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-5fc80192f398e14d:host:172.234.197.23	SESSION-5fc80192f398e14d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99af0da0e550d67b:host:172.234.197.23	SESSION-99af0da0e550d67b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.209:asn:271410	host:131.196.28.209 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.14:geo_-16.28860_-49.01640	host:177.10.237.14 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-f21aae4e1b352568:SESSION-f21aae4e1b352568	SESSION-f21aae4e1b352568 → pe:rst:SESSION-f21aae4e1b352568
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c37bd5454075ced3:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c37bd5454075ced3 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d5a74cc524a51e3d:flow:4b284c0fc595	SESSION-d5a74cc524a51e3d → flow:4b284c0fc595
FLOW_FROM_HOSTOBS	e:from:SESSION-46f163e73b58987c:host:172.234.197.23	SESSION-46f163e73b58987c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-decb8c6a12a4d67a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-decb8c6a12a4d67a → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-eb243e65e2b1808d:host:172.234.197.23	SESSION-eb243e65e2b1808d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-da377d395ffcc3d3:host:172.234.197.23:host:177.10.234.32	SESSION-da377d395ffcc3d3 → host:172.234.197.23 → host:177.10.234.32
FLOW_DST_PORTOBS	e:fp:flow:836aa09f87d5:port:tcp:443	flow:836aa09f87d5 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1842fb1b2a9a6572:flow:cd5580a464ec	SESSION-1842fb1b2a9a6572 → flow:cd5580a464ec
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08eebf44a6874d1b:host:172.234.197.23	SESSION-08eebf44a6874d1b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a16442ff0a72733c:host:172.234.197.23	SESSION-a16442ff0a72733c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.16:asn:271410	host:131.196.28.16 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-d3e80fb3431ec3f4:host:185.231.226.159	SESSION-d3e80fb3431ec3f4 → host:185.231.226.159
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7f56efcee303c963:flow:c08c0a3c73b3	SESSION-7f56efcee303c963 → flow:c08c0a3c73b3
flow_observed4-aryOBS	e:fo:flow:ed94d590967f	flow:ed94d590967f → host:172.234.197.23 → host:131.196.30.148 → port:tcp:23498
flow_observed5-aryOBS	e:fo:flow:a873c288e348	flow:a873c288e348 → host:177.10.239.37 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38d81f2383b0ad0b:host:172.234.197.23	SESSION-38d81f2383b0ad0b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4bd4f427df690125:host:177.10.237.223	SESSION-4bd4f427df690125 → host:177.10.237.223
FLOW_DST_PORTOBS	e:fp:flow:d880470ab7bc:port:tcp:443	flow:d880470ab7bc → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7141588dcb909c75:host:131.196.29.117	SESSION-7141588dcb909c75 → host:131.196.29.117
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-501c474d8a937a90:host:172.234.197.23:host:172.232.0.16	SESSION-501c474d8a937a90 → host:172.234.197.23 → host:172.232.0.16
flow_observed5-aryOBS	e:fo:flow:4ecd8582d753	flow:4ecd8582d753 → host:177.10.234.140 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9338ac17b36dc2c1:SESSION-9338ac17b36dc2c1	SESSION-9338ac17b36dc2c1 → pe:syn:SESSION-9338ac17b36dc2c1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-616ab8d382244a8d:host:131.196.31.70	SESSION-616ab8d382244a8d → host:131.196.31.70
FLOW_FROM_HOSTOBS	e:from:SESSION-dd58ba429e3d894b:host:172.234.197.23	SESSION-dd58ba429e3d894b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c615690895f6d3c9:host:172.234.197.23	SESSION-c615690895f6d3c9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3b214bdb989f663:host:177.10.235.196	SESSION-e3b214bdb989f663 → host:177.10.235.196
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d33ef29909b4f2d5:PCAP:capture_20260430150001:ded20914761d	SESSION-d33ef29909b4f2d5 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2c924632948936b:host:172.234.197.23	SESSION-b2c924632948936b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-296f629f4229b1a2:SESSION-296f629f4229b1a2	SESSION-296f629f4229b1a2 → pe:tls:SESSION-296f629f4229b1a2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b332774cd544824a:PCAP:capture_20260430110001:43611bdf6759	SESSION-b332774cd544824a → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2f1e05754e84c30:host:131.196.30.62	SESSION-e2f1e05754e84c30 → host:131.196.30.62
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3ecb9e93c79a4bef:flow:7ac52bd77a9f	SESSION-3ecb9e93c79a4bef → flow:7ac52bd77a9f
FLOW_DST_PORTOBS	e:fp:flow:8f5d2d82ff5b:port:tcp:443	flow:8f5d2d82ff5b → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c89e102c8b8b6c97:flow:b0c00cda65ca	SESSION-c89e102c8b8b6c97 → flow:b0c00cda65ca
FLOW_TO_HOSTOBS	e:to:SESSION-cb5c3fce7274dac7:host:177.10.235.249	SESSION-cb5c3fce7274dac7 → host:177.10.235.249
FLOW_TO_HOSTOBS	e:to:SESSION-b3a25d201ec7d699:host:131.196.30.236	SESSION-b3a25d201ec7d699 → host:131.196.30.236
flow_observed4-aryOBS	e:fo:flow:63f5e67398bb	flow:63f5e67398bb → host:172.234.197.23 → host:45.173.156.128 → port:tcp:22681
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2632ba515271ea31:SESSION-2632ba515271ea31	SESSION-2632ba515271ea31 → pe:tls:SESSION-2632ba515271ea31
FLOW_DST_PORTOBS	e:fp:flow:8b0b2d1539d6:port:tcp:443	flow:8b0b2d1539d6 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65316f3920c6d168:SESSION-65316f3920c6d168	SESSION-65316f3920c6d168 → pe:tls:SESSION-65316f3920c6d168
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2dbb52de45813c9a:flow:ac143effdb8a	SESSION-2dbb52de45813c9a → flow:ac143effdb8a
FLOW_TO_HOSTOBS	e:to:SESSION-73ad5b34385541ce:host:131.196.30.67	SESSION-73ad5b34385541ce → host:131.196.30.67
FLOW_FROM_HOSTOBS	e:from:SESSION-7498682ecb6877b0:host:172.234.197.23	SESSION-7498682ecb6877b0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3573d87c5a129f8e:host:172.234.197.23	SESSION-3573d87c5a129f8e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8417b06622c43718:host:172.234.197.23	SESSION-8417b06622c43718 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bfbb16ce344dac5c:host:172.234.197.23	SESSION-bfbb16ce344dac5c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:074c39686250:port:tcp:48504	flow:074c39686250 → port:tcp:48504
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2c7091281d7e2abc:SESSION-2c7091281d7e2abc	SESSION-2c7091281d7e2abc → pe:tls:SESSION-2c7091281d7e2abc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-11c0fc2d370ea41a:host:172.234.197.23:host:131.196.31.239	SESSION-11c0fc2d370ea41a → host:172.234.197.23 → host:131.196.31.239
FLOW_TO_HOSTOBS	e:to:SESSION-0485e2f41480d0ab:host:172.234.197.23	SESSION-0485e2f41480d0ab → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a9c12f6159b9a7a1:flow:f04e06be3862	SESSION-a9c12f6159b9a7a1 → flow:f04e06be3862
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9804aaba4767b862:host:172.234.197.23	SESSION-9804aaba4767b862 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fd0571d5316a48e1:host:131.196.29.168	SESSION-fd0571d5316a48e1 → host:131.196.29.168
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9a7f0a64436ce2ca:host:172.234.197.23:host:177.10.236.189	SESSION-9a7f0a64436ce2ca → host:172.234.197.23 → host:177.10.236.189
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-41b71c4a2ccc13b3:PCAP:capture_20260430150001:ded20914761d	SESSION-41b71c4a2ccc13b3 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-a074f157090defb0:host:172.234.197.23	SESSION-a074f157090defb0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c38263f2f5f96575:host:131.196.29.3:host:172.234.197.23	SESSION-c38263f2f5f96575 → host:131.196.29.3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-66897d09e7f9757a:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-66897d09e7f9757a → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-c31bc4788e97db71:host:177.10.237.82	SESSION-c31bc4788e97db71 → host:177.10.237.82
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-28599206da4f4816:flow:b33a99c12d3a	SESSION-28599206da4f4816 → flow:b33a99c12d3a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.157:asn:262880	host:177.10.238.157 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b0fc61bce823543f:host:177.10.238.11:host:172.234.197.23	SESSION-b0fc61bce823543f → host:177.10.238.11 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7498682ecb6877b0:SESSION-7498682ecb6877b0	SESSION-7498682ecb6877b0 → pe:tls:SESSION-7498682ecb6877b0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2f997fef874b1b1e:host:172.234.197.23:host:172.232.0.16	SESSION-2f997fef874b1b1e → host:172.234.197.23 → host:172.232.0.16
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ef002e94e1d9ac81:host:172.234.197.23:host:131.196.29.240	SESSION-ef002e94e1d9ac81 → host:172.234.197.23 → host:131.196.29.240
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ead27f853a5aab01:flow:27769fa10d70	SESSION-ead27f853a5aab01 → flow:27769fa10d70
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9d9ed6ae798457b7:host:177.10.236.239:host:172.234.197.23	SESSION-9d9ed6ae798457b7 → host:177.10.236.239 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-0bf923c759cb9e4a:BSG-BEACON-e07f4250263f	SESSION-0bf923c759cb9e4a → BSG-BEACON-e07f4250263f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6430336fded9a803:host:131.196.29.99:host:172.234.197.23	SESSION-6430336fded9a803 → host:131.196.29.99 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5de3ca130be8f6d5:SESSION-5de3ca130be8f6d5	SESSION-5de3ca130be8f6d5 → pe:syn:SESSION-5de3ca130be8f6d5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf988ed4220ca0ac:host:177.10.233.42:host:172.234.197.23	SESSION-bf988ed4220ca0ac → host:177.10.233.42 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77162e002cdf71b4:SESSION-77162e002cdf71b4	SESSION-77162e002cdf71b4 → pe:syn:SESSION-77162e002cdf71b4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-da15c25f39b20c68:SESSION-da15c25f39b20c68	SESSION-da15c25f39b20c68 → pe:syn:SESSION-da15c25f39b20c68
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96298fdbde5cf19b:host:131.196.29.234:host:172.234.197.23	SESSION-96298fdbde5cf19b → host:131.196.29.234 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5d249db6ec3f34e:host:131.196.30.191	SESSION-d5d249db6ec3f34e → host:131.196.30.191
FLOW_FROM_HOSTOBS	e:from:SESSION-e3089f893be8ea87:host:172.234.197.23	SESSION-e3089f893be8ea87 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-621f2e97c51ae8e1:SESSION-621f2e97c51ae8e1	SESSION-621f2e97c51ae8e1 → pe:syn:SESSION-621f2e97c51ae8e1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3b504551617ec2c:host:172.234.197.23	SESSION-c3b504551617ec2c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7a9739ecc8b00e90:SESSION-7a9739ecc8b00e90	SESSION-7a9739ecc8b00e90 → pe:tls:SESSION-7a9739ecc8b00e90
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.124:asn:271410	host:131.196.31.124 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ccde81b4fef5a18e:host:172.234.197.23	SESSION-ccde81b4fef5a18e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6113f2cc2cfc5017:host:172.234.197.23	SESSION-6113f2cc2cfc5017 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ac69dcbefbb93dfd:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-ac69dcbefbb93dfd → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3d488fa50a25e1f:host:172.234.197.23	SESSION-c3d488fa50a25e1f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f6ad5e06ec5a3a76:SESSION-f6ad5e06ec5a3a76	SESSION-f6ad5e06ec5a3a76 → pe:tls:SESSION-f6ad5e06ec5a3a76
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21a19991d129ba18:host:172.234.197.23	SESSION-21a19991d129ba18 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2849688ffc31:port:tcp:48227	flow:2849688ffc31 → port:tcp:48227
FLOW_TO_HOSTOBS	e:to:SESSION-c1aa9055f8e3197b:host:172.234.197.23	SESSION-c1aa9055f8e3197b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-56ec76ae342b7ee6:SESSION-56ec76ae342b7ee6	SESSION-56ec76ae342b7ee6 → pe:tls:SESSION-56ec76ae342b7ee6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77690ed69567f90d:host:172.234.197.23	SESSION-77690ed69567f90d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d63c1cec9276:port:tcp:443	flow:d63c1cec9276 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-04a75396d111d878:PCAP:capture_20260430070001:903a0e7a436b	SESSION-04a75396d111d878 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c0cdf691d2bdc12:host:177.10.233.39	SESSION-0c0cdf691d2bdc12 → host:177.10.233.39
FLOW_TO_HOSTOBS	e:to:SESSION-aa8465f08de511a2:host:172.234.197.23	SESSION-aa8465f08de511a2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-efcc1618f79daeb7:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-efcc1618f79daeb7 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76408b67fb88a4bd:host:172.234.197.23	SESSION-76408b67fb88a4bd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9e13bed2218b0a9f:SESSION-9e13bed2218b0a9f	SESSION-9e13bed2218b0a9f → pe:tls:SESSION-9e13bed2218b0a9f
FLOW_TO_HOSTOBS	e:to:SESSION-4e074c277760af7b:host:172.234.197.23	SESSION-4e074c277760af7b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-57ceaaaea8de5082:flow:0d4b5be8f725	SESSION-57ceaaaea8de5082 → flow:0d4b5be8f725
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.108:geo_-16.28860_-49.01640	host:177.10.237.108 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4203cad708a9d562:host:172.234.197.23:host:45.173.156.41	SESSION-4203cad708a9d562 → host:172.234.197.23 → host:45.173.156.41
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-50e84f588759fadd:host:131.196.31.48:host:172.234.197.23	SESSION-50e84f588759fadd → host:131.196.31.48 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d58cfad877959bea:SESSION-d58cfad877959bea	SESSION-d58cfad877959bea → pe:tls:SESSION-d58cfad877959bea
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d941eb7985d54eff:host:177.10.235.248	SESSION-d941eb7985d54eff → host:177.10.235.248
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1f0a0478f83cd119:PCAP:capture_20260428010001:b1b402c7b202	SESSION-1f0a0478f83cd119 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0fa06d2bfceab141:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0fa06d2bfceab141 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-328591b09b0655cf:SESSION-328591b09b0655cf	SESSION-328591b09b0655cf → pe:tls:SESSION-328591b09b0655cf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4904f64e7943cb47:host:172.234.197.23:host:177.10.237.24	SESSION-4904f64e7943cb47 → host:172.234.197.23 → host:177.10.237.24
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.79:geo_-16.28860_-49.01640	host:177.10.236.79 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:af8af020ac61	flow:af8af020ac61 → host:177.10.237.24 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6756f0bedb2cdb12:host:177.10.232.254:host:172.234.197.23	SESSION-6756f0bedb2cdb12 → host:177.10.232.254 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fa2f81c8f6798425:host:177.10.233.4	SESSION-fa2f81c8f6798425 → host:177.10.233.4
flow_observed5-aryOBS	e:fo:flow:a7af680f1e31	flow:a7af680f1e31 → host:177.10.235.200 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-979dfdf677607677:host:177.10.239.196	SESSION-979dfdf677607677 → host:177.10.239.196
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a6cc06f30e6c05bb:SESSION-a6cc06f30e6c05bb	SESSION-a6cc06f30e6c05bb → pe:tls:SESSION-a6cc06f30e6c05bb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-671ee03668a9eda8:PCAP:capture_20260430070001:903a0e7a436b	SESSION-671ee03668a9eda8 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ae8076186321ef8:host:131.196.29.8:host:172.234.197.23	SESSION-8ae8076186321ef8 → host:131.196.29.8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:efc0306a2c81:port:tcp:443	flow:efc0306a2c81 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef3cd86b38e13880:host:45.173.156.14	SESSION-ef3cd86b38e13880 → host:45.173.156.14
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be5c05381a363417:PCAP:capture_20260430090001:065659c7d314	SESSION-be5c05381a363417 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8739e7552ccb5cc0:host:172.234.197.23	SESSION-8739e7552ccb5cc0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-47ed57a240abf6fc:host:177.10.232.80	SESSION-47ed57a240abf6fc → host:177.10.232.80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0485e2f41480d0ab:SESSION-0485e2f41480d0ab	SESSION-0485e2f41480d0ab → pe:tls:SESSION-0485e2f41480d0ab
flow_observed4-aryOBS	e:fo:flow:f226062110a9	flow:f226062110a9 → host:172.234.197.23 → host:177.10.239.250 → port:tcp:12720
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7a301fd9da8621bb:flow:47b796c27a86	SESSION-7a301fd9da8621bb → flow:47b796c27a86
FLOW_DST_PORTOBS	e:fp:flow:9a3e7ed89dbc:port:tcp:443	flow:9a3e7ed89dbc → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17e08e972fb579a9:host:172.234.197.23	SESSION-17e08e972fb579a9 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4bd1ced1ed2e:port:tcp:51238	flow:4bd1ced1ed2e → port:tcp:51238
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.67:asn:271410	host:131.196.28.67 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d8cc052a984adc75:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-d8cc052a984adc75 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:20fb95e03ba6:port:tcp:443	flow:20fb95e03ba6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-acae490ef1211ca7:host:172.234.197.23	SESSION-acae490ef1211ca7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c3957034b2fd24e8:SESSION-c3957034b2fd24e8	SESSION-c3957034b2fd24e8 → pe:tls:SESSION-c3957034b2fd24e8
flow_observed5-aryOBS	e:fo:flow:20396b807239	flow:20396b807239 → host:131.196.30.92 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73436bd95d7b2637:host:172.234.197.23	SESSION-73436bd95d7b2637 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3feb8ae5b20c:port:tcp:443	flow:3feb8ae5b20c → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:980518987f5e	flow:980518987f5e → host:177.10.233.135 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-adf46c04c6a07144:SESSION-adf46c04c6a07144	SESSION-adf46c04c6a07144 → pe:tls:SESSION-adf46c04c6a07144
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6dc77b6505beb2bc:SESSION-6dc77b6505beb2bc	SESSION-6dc77b6505beb2bc → pe:syn:SESSION-6dc77b6505beb2bc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e70a8d6fd08b895:host:177.10.234.215	SESSION-3e70a8d6fd08b895 → host:177.10.234.215
ASN_IN_ORGOBS 80%	e:ao:asn:16509:org:Amazon.com, Inc.	asn:16509 → org:Amazon.com, Inc.
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6242cf24a2978d6d:flow:caa84e800b07	SESSION-6242cf24a2978d6d → flow:caa84e800b07
FLOW_TO_HOSTOBS	e:to:SESSION-98b441f54568b58c:host:177.10.239.8	SESSION-98b441f54568b58c → host:177.10.239.8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6bca989f2c390047:host:131.196.28.165	SESSION-6bca989f2c390047 → host:131.196.28.165
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.250:geo_41.02140_28.99480	host:37.221.79.250 → geo_41.02140_28.99480
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b2e6696cab81646:PCAP:capture_20260430110001:43611bdf6759	SESSION-5b2e6696cab81646 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-b654d700a53d4a94:host:177.10.232.225	SESSION-b654d700a53d4a94 → host:177.10.232.225
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b9ca26e5420bb5bf:host:45.173.156.54:host:172.234.197.23	SESSION-b9ca26e5420bb5bf → host:45.173.156.54 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65316f3920c6d168:host:177.10.235.105	SESSION-65316f3920c6d168 → host:177.10.235.105
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-792b602eaec629a3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-792b602eaec629a3 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-22c25719fd1e6342:SESSION-22c25719fd1e6342	SESSION-22c25719fd1e6342 → pe:syn:SESSION-22c25719fd1e6342
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-de1a59c6958513ff:host:177.10.238.181:host:172.234.197.23	SESSION-de1a59c6958513ff → host:177.10.238.181 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-53ca21169d5f7469:SESSION-53ca21169d5f7469	SESSION-53ca21169d5f7469 → pe:syn:SESSION-53ca21169d5f7469
FLOW_FROM_HOSTOBS	e:from:SESSION-d17b7bdf4ae9fb2c:host:172.234.197.23	SESSION-d17b7bdf4ae9fb2c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e5a933b86812e122:host:177.10.233.192	SESSION-e5a933b86812e122 → host:177.10.233.192
FLOW_FROM_HOSTOBS	e:from:SESSION-0da58b5e3634dda2:host:54.245.183.167	SESSION-0da58b5e3634dda2 → host:54.245.183.167
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5c7f3c61dd4869fc:SESSION-5c7f3c61dd4869fc	SESSION-5c7f3c61dd4869fc → pe:tls:SESSION-5c7f3c61dd4869fc
FLOW_FROM_HOSTOBS	e:from:SESSION-7d6af4ef287316d5:host:172.234.197.23	SESSION-7d6af4ef287316d5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b4751d88925ba5f3:host:172.234.197.23:host:131.196.29.170	SESSION-b4751d88925ba5f3 → host:172.234.197.23 → host:131.196.29.170
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.1:geo_-16.28860_-49.01640	host:177.10.238.1 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a2add8aa10ab84ed:flow:4b76490d68cf	SESSION-a2add8aa10ab84ed → flow:4b76490d68cf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dae3e228e98c74e4:SESSION-dae3e228e98c74e4	SESSION-dae3e228e98c74e4 → pe:tls:SESSION-dae3e228e98c74e4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0e42d909a57b4903:flow:e5f6f0f6f709	SESSION-0e42d909a57b4903 → flow:e5f6f0f6f709
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6fea2a5b83daabbc:host:177.10.232.87:host:172.234.197.23	SESSION-6fea2a5b83daabbc → host:177.10.232.87 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b70d9bf346b75217:SESSION-b70d9bf346b75217	SESSION-b70d9bf346b75217 → pe:tls:SESSION-b70d9bf346b75217
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-621f2e97c51ae8e1:BSG-DATA_EXFIL-8b14c7270c05	SESSION-621f2e97c51ae8e1 → BSG-DATA_EXFIL-8b14c7270c05
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b84ff3ecb7ac9c51:PCAP:capture_20260430150001:ded20914761d	SESSION-b84ff3ecb7ac9c51 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-c651848d98d2f620:host:177.10.235.97	SESSION-c651848d98d2f620 → host:177.10.235.97
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7aec1fe7f0c7787b:flow:fd960eced17a	SESSION-7aec1fe7f0c7787b → flow:fd960eced17a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e6a5c0858fcd0d09:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e6a5c0858fcd0d09 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aec4f33b062c0e6b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-aec4f33b062c0e6b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-99af0da0e550d67b:SESSION-99af0da0e550d67b	SESSION-99af0da0e550d67b → pe:syn:SESSION-99af0da0e550d67b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59a63fae51b24a38:host:172.234.197.23	SESSION-59a63fae51b24a38 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1274fc3e3cafac71:host:172.234.197.23	SESSION-1274fc3e3cafac71 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.87:geo_-23.62930_-46.63510	host:131.196.28.87 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-3eb6cc7ca453157a:host:156.59.198.136	SESSION-3eb6cc7ca453157a → host:156.59.198.136
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3b8a8c73a52fb2ca:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3b8a8c73a52fb2ca → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-288c2773d91d95c9:SESSION-288c2773d91d95c9	SESSION-288c2773d91d95c9 → pe:syn:SESSION-288c2773d91d95c9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-206979254a17108f:flow:5c1235898cd7	SESSION-206979254a17108f → flow:5c1235898cd7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6af366568a421f52:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6af366568a421f52 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4883770547012399:SESSION-4883770547012399	SESSION-4883770547012399 → pe:syn:SESSION-4883770547012399
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-71917de89d264496:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-71917de89d264496 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-794cf5b08878bd55:SESSION-794cf5b08878bd55	SESSION-794cf5b08878bd55 → pe:tls:SESSION-794cf5b08878bd55
FLOW_TO_HOSTOBS	e:to:SESSION-a3bb54d95c2cdaff:host:172.234.197.23	SESSION-a3bb54d95c2cdaff → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5ea383d079f2	flow:5ea383d079f2 → host:177.10.234.193 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.201:geo_-23.62930_-46.63510	host:131.196.30.201 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-9d74d897cd43b428:host:172.234.197.23	SESSION-9d74d897cd43b428 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62151f99a31dc755:host:172.234.197.23	SESSION-62151f99a31dc755 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3a899a8160ea28b7:host:177.10.237.188:host:172.234.197.23	SESSION-3a899a8160ea28b7 → host:177.10.237.188 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6629ca831440:port:tcp:443	flow:6629ca831440 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:dd092bc8f239	flow:dd092bc8f239 → host:172.234.197.23 → host:177.10.239.102 → port:tcp:14028
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e652f52440b112c3:host:172.234.197.23:host:45.173.156.248	SESSION-e652f52440b112c3 → host:172.234.197.23 → host:45.173.156.248
flow_observed5-aryOBS	e:fo:flow:9a5df56c59b0	flow:9a5df56c59b0 → host:45.173.156.162 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-88449fe846038c62:host:177.10.238.1:host:172.234.197.23	SESSION-88449fe846038c62 → host:177.10.238.1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0efcb065a58cc475:SESSION-0efcb065a58cc475	SESSION-0efcb065a58cc475 → pe:syn:SESSION-0efcb065a58cc475
FLOW_FROM_HOSTOBS	e:from:SESSION-9485d3e307f01514:host:172.234.197.23	SESSION-9485d3e307f01514 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85d2db504e73f17a:host:131.196.29.139	SESSION-85d2db504e73f17a → host:131.196.29.139
FLOW_DST_PORTOBS	e:fp:flow:fa5ef69cbf53:port:tcp:443	flow:fa5ef69cbf53 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4886aa3300be1da9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-4886aa3300be1da9 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ee4f55e8adb586c5:flow:47c5af296031	SESSION-ee4f55e8adb586c5 → flow:47c5af296031
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4f003e7e66ba8f79:SESSION-4f003e7e66ba8f79	SESSION-4f003e7e66ba8f79 → pe:tls:SESSION-4f003e7e66ba8f79
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-33fcdd018bdc1a2c:host:172.234.197.23:host:177.10.233.29	SESSION-33fcdd018bdc1a2c → host:172.234.197.23 → host:177.10.233.29
flow_observed5-aryOBS	e:fo:flow:08a3c204e87b	flow:08a3c204e87b → host:131.196.31.138 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dd108cc47984c911:SESSION-dd108cc47984c911	SESSION-dd108cc47984c911 → pe:tls:SESSION-dd108cc47984c911
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fcdaaf650d72b5bc:SESSION-fcdaaf650d72b5bc	SESSION-fcdaaf650d72b5bc → pe:syn:SESSION-fcdaaf650d72b5bc
FLOW_TO_HOSTOBS	e:to:SESSION-52e5c47434ed6c74:host:172.234.197.23	SESSION-52e5c47434ed6c74 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:442674fc0644:port:tcp:443	flow:442674fc0644 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.11:geo_-16.28860_-49.01640	host:177.10.234.11 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-252ece6cab0420bc:host:177.10.235.252	SESSION-252ece6cab0420bc → host:177.10.235.252
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-58eea5e67f2190af:host:172.234.197.23:host:177.10.238.0	SESSION-58eea5e67f2190af → host:172.234.197.23 → host:177.10.238.0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a4167334bdfae4b6:SESSION-a4167334bdfae4b6	SESSION-a4167334bdfae4b6 → pe:syn:SESSION-a4167334bdfae4b6
FLOW_FROM_HOSTOBS	e:from:SESSION-8d12ffa49d0d3231:host:131.196.30.255	SESSION-8d12ffa49d0d3231 → host:131.196.30.255
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.144:geo_-23.62930_-46.63510	host:131.196.29.144 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.110:asn:262880	host:177.10.237.110 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-8be5aa373d930e54:host:172.234.197.23	SESSION-8be5aa373d930e54 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bca14afee5df98e9:SESSION-bca14afee5df98e9	SESSION-bca14afee5df98e9 → pe:syn:SESSION-bca14afee5df98e9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-469998d187b1b945:host:172.234.197.23	SESSION-469998d187b1b945 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-23f94e137932a031:flow:139df7a387eb	SESSION-23f94e137932a031 → flow:139df7a387eb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-74d0e7e40a4e478e:SESSION-74d0e7e40a4e478e	SESSION-74d0e7e40a4e478e → pe:syn:SESSION-74d0e7e40a4e478e
FLOW_TO_HOSTOBS	e:to:SESSION-eead59d5c9e2a3d1:host:172.234.197.23	SESSION-eead59d5c9e2a3d1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-136fe1663b76b4f2:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-136fe1663b76b4f2 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ff369745433a15b5:PCAP:capture_20260430110001:43611bdf6759	SESSION-ff369745433a15b5 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d0929735579c89e2:host:172.234.197.23:host:177.10.236.143	SESSION-d0929735579c89e2 → host:172.234.197.23 → host:177.10.236.143
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.69:geo_-16.28860_-49.01640	host:177.10.235.69 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-be2d81a12844874f:SESSION-be2d81a12844874f	SESSION-be2d81a12844874f → pe:tls:SESSION-be2d81a12844874f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90e5db50c9887f08:host:131.196.30.71	SESSION-90e5db50c9887f08 → host:131.196.30.71
flow_observed4-aryOBS	e:fo:flow:222d767cea80	flow:222d767cea80 → host:172.234.197.23 → host:177.10.232.168 → port:tcp:14969
FLOW_TO_HOSTOBS	e:to:SESSION-b9d11ee49864a2bc:host:172.234.197.23	SESSION-b9d11ee49864a2bc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8aa4413fe5db5235:host:177.10.232.63	SESSION-8aa4413fe5db5235 → host:177.10.232.63
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.49:asn:262880	host:177.10.234.49 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-d4af1d7a3219c207:host:172.234.197.23	SESSION-d4af1d7a3219c207 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-13f8871a9bd8cb8e:host:131.196.29.15	SESSION-13f8871a9bd8cb8e → host:131.196.29.15
FLOW_FROM_HOSTOBS	e:from:SESSION-251fcdeeb3ee3f58:host:172.234.197.23	SESSION-251fcdeeb3ee3f58 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77661c4fb07edf10:PCAP:capture_20260430150001:ded20914761d	SESSION-77661c4fb07edf10 → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2a9f928f7ece6fbf:host:177.10.237.198:host:172.234.197.23	SESSION-2a9f928f7ece6fbf → host:177.10.237.198 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-718b3dc95b6876be:SESSION-718b3dc95b6876be	SESSION-718b3dc95b6876be → pe:syn:SESSION-718b3dc95b6876be
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d7bdeba7c000ea7:PCAP:capture_20260430110001:43611bdf6759	SESSION-1d7bdeba7c000ea7 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-ba981a6eb39461c8:host:177.10.237.35	SESSION-ba981a6eb39461c8 → host:177.10.237.35
flow_observed5-aryOBS	e:fo:flow:7445acff57dc	flow:7445acff57dc → host:131.196.28.136 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-396a4dd85675ad96:host:172.234.197.23	SESSION-396a4dd85675ad96 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ecb9e93c79a4bef:host:177.10.233.119	SESSION-3ecb9e93c79a4bef → host:177.10.233.119
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-310a1cee325ffc65:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-310a1cee325ffc65 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.43:asn:262880	host:177.10.235.43 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-0b8fd41df39b968c:host:172.234.197.23	SESSION-0b8fd41df39b968c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-77a13185d72dec11:host:172.234.197.23	SESSION-77a13185d72dec11 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7679fd0fd118c12e:host:172.234.197.23	SESSION-7679fd0fd118c12e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-acd63ec8ffcea8e7:SESSION-acd63ec8ffcea8e7	SESSION-acd63ec8ffcea8e7 → pe:syn:SESSION-acd63ec8ffcea8e7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-924bf50c0164bb1b:host:177.10.239.239	SESSION-924bf50c0164bb1b → host:177.10.239.239
flow_observed5-aryOBS	e:fo:flow:6516de271457	flow:6516de271457 → host:131.196.31.195 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-17a3924886eb315f:host:131.196.31.47	SESSION-17a3924886eb315f → host:131.196.31.47
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-86f48b7df98fd466:SESSION-86f48b7df98fd466	SESSION-86f48b7df98fd466 → pe:tls:SESSION-86f48b7df98fd466
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-73eae13080f416f8:PCAP:capture_20260430150001:ded20914761d	SESSION-73eae13080f416f8 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a412381d3ec6112:SESSION-4a412381d3ec6112	SESSION-4a412381d3ec6112 → pe:tls:SESSION-4a412381d3ec6112
FLOW_FROM_HOSTOBS	e:from:SESSION-f74caf722af4b362:host:177.10.239.102	SESSION-f74caf722af4b362 → host:177.10.239.102
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a6ec641540644ee0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a6ec641540644ee0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-845fd343ebc60049:host:172.234.197.23	SESSION-845fd343ebc60049 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ea9cac00d4f8	flow:ea9cac00d4f8 → host:131.196.29.191 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-9af350d3c0c51da5:host:172.234.197.23	SESSION-9af350d3c0c51da5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ed37df036f91c955:host:172.234.197.23	SESSION-ed37df036f91c955 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-442d12ad40b35d12:host:172.234.197.23	SESSION-442d12ad40b35d12 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b849b4bd4115608f:flow:334395d16888	SESSION-b849b4bd4115608f → flow:334395d16888
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fbee5c60d72abd4e:flow:2291d654d6e8	SESSION-fbee5c60d72abd4e → flow:2291d654d6e8
FLOW_FROM_HOSTOBS	e:from:SESSION-fad613e75ea639b5:host:177.10.233.64	SESSION-fad613e75ea639b5 → host:177.10.233.64
flow_observed5-aryOBS	e:fo:flow:9551b9689f26	flow:9551b9689f26 → host:95.135.228.39 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-01454c90925a3a4f:host:131.196.31.90:host:172.234.197.23	SESSION-01454c90925a3a4f → host:131.196.31.90 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:198bd9bc5e38	flow:198bd9bc5e38 → host:131.196.30.72 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2035a3586bc1f35f:SESSION-2035a3586bc1f35f	SESSION-2035a3586bc1f35f → pe:tls:SESSION-2035a3586bc1f35f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b97d7b281ae973a8:PCAP:capture_20260430060001:919b39a74464	SESSION-b97d7b281ae973a8 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-db282f95b9cc563d:host:177.10.237.70	SESSION-db282f95b9cc563d → host:177.10.237.70
FLOW_TO_HOSTOBS	e:to:SESSION-a55eb245a4ca8dde:host:172.234.197.23	SESSION-a55eb245a4ca8dde → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd4f176877b3d058:host:131.196.31.146	SESSION-fd4f176877b3d058 → host:131.196.31.146
flow_observed4-aryOBS	e:fo:flow:52546135c686	flow:52546135c686 → host:172.234.197.23 → host:177.10.232.35 → port:tcp:12197
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6354b0819147ed1d:host:172.234.197.23:host:177.10.235.113	SESSION-6354b0819147ed1d → host:172.234.197.23 → host:177.10.235.113
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d44c53e781b5466e:host:172.234.197.23	SESSION-d44c53e781b5466e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8491791342c7cb3:host:95.135.228.151	SESSION-f8491791342c7cb3 → host:95.135.228.151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d0cb11649434d08c:SESSION-d0cb11649434d08c	SESSION-d0cb11649434d08c → pe:syn:SESSION-d0cb11649434d08c
FLOW_DST_PORTOBS	e:fp:flow:e03a3f55eb94:port:tcp:37418	flow:e03a3f55eb94 → port:tcp:37418
FLOW_TO_HOSTOBS	e:to:SESSION-77690ed69567f90d:host:172.234.197.23	SESSION-77690ed69567f90d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d73d5fbffa5706a1:SESSION-d73d5fbffa5706a1	SESSION-d73d5fbffa5706a1 → pe:tls:SESSION-d73d5fbffa5706a1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5dbf12d77f23d3eb:host:172.234.197.23:host:131.196.30.176	SESSION-5dbf12d77f23d3eb → host:172.234.197.23 → host:131.196.30.176
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b836173867007d89:SESSION-b836173867007d89	SESSION-b836173867007d89 → pe:syn:SESSION-b836173867007d89
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-042b5a6edf64c734:PCAP:capture_20260430090001:065659c7d314	SESSION-042b5a6edf64c734 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a137096eda6236d7:SESSION-a137096eda6236d7	SESSION-a137096eda6236d7 → pe:tls:SESSION-a137096eda6236d7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-07bcf39894ea5ee9:host:97.139.12.85:host:172.234.197.23	SESSION-07bcf39894ea5ee9 → host:97.139.12.85 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d6d6cedb2de1ad8d:host:172.234.197.23	SESSION-d6d6cedb2de1ad8d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e41fa1676c790d65:flow:3a218ba43b50	SESSION-e41fa1676c790d65 → flow:3a218ba43b50
flow_observed5-aryOBS	e:fo:flow:e9a6c21b5639	flow:e9a6c21b5639 → host:177.10.237.70 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a1cda6283fa3945:PCAP:capture_20260430070001:903a0e7a436b	SESSION-4a1cda6283fa3945 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96ad3251c1ecb855:SESSION-96ad3251c1ecb855	SESSION-96ad3251c1ecb855 → pe:tls:SESSION-96ad3251c1ecb855
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.47:asn:273470	host:45.173.156.47 → asn:273470
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.240:geo_-23.62930_-46.63510	host:131.196.28.240 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f9d01126d5763bf9:host:172.234.197.23:host:177.10.239.229	SESSION-f9d01126d5763bf9 → host:172.234.197.23 → host:177.10.239.229
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-75ad621f5d402513:SESSION-75ad621f5d402513	SESSION-75ad621f5d402513 → pe:syn:SESSION-75ad621f5d402513
flow_observed3-aryOBS	e:fo:flow:2b86be5c97f9	flow:2b86be5c97f9 → host:54.149.68.137 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e53dab5788851a26:host:172.234.197.23	SESSION-e53dab5788851a26 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06814c349a39e79e:host:172.234.197.23	SESSION-06814c349a39e79e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-303cd1de44c58c29:host:131.196.31.175	SESSION-303cd1de44c58c29 → host:131.196.31.175
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ef74cd6b285b3c9:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-5ef74cd6b285b3c9 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a9b85b89d918f42:host:172.234.197.23	SESSION-8a9b85b89d918f42 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.114:asn:262880	host:177.10.235.114 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-8de6c1be9d0210fa:host:172.234.197.23	SESSION-8de6c1be9d0210fa → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9a466e26c77a91e3:flow:8a1936a43e9f	SESSION-9a466e26c77a91e3 → flow:8a1936a43e9f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b236f75d1c6493bc:host:172.234.197.23	SESSION-b236f75d1c6493bc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e6f3d2670453324e:PCAP:capture_20260430090001:065659c7d314	SESSION-e6f3d2670453324e → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-20dfde969676b329:PCAP:capture_20260430110001:43611bdf6759	SESSION-20dfde969676b329 → PCAP:capture_20260430110001:43611bdf6759
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.156:geo_-16.28860_-49.01640	host:177.10.239.156 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0dea31b94d7dde57:flow:ca7a94bad113	SESSION-0dea31b94d7dde57 → flow:ca7a94bad113
FLOW_TO_HOSTOBS	e:to:SESSION-7c35a263dbc41a3d:host:172.234.197.23	SESSION-7c35a263dbc41a3d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1ecc35664d1e	flow:1ecc35664d1e → host:131.196.31.132 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.130:geo_-23.62930_-46.63510	host:131.196.30.130 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-893e080e65f2ed4f:flow:248c942cf479	SESSION-893e080e65f2ed4f → flow:248c942cf479
flow_observed5-aryOBS	e:fo:flow:f859b2919391	flow:f859b2919391 → host:177.10.236.235 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d4cb0f7560af550:host:172.234.197.23	SESSION-5d4cb0f7560af550 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.200:asn:262880	host:177.10.235.200 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4db3abe06a9505c7:host:131.196.31.226	SESSION-4db3abe06a9505c7 → host:131.196.31.226
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3224b320d23ec0cd:SESSION-3224b320d23ec0cd	SESSION-3224b320d23ec0cd → pe:tls:SESSION-3224b320d23ec0cd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0393cf21271be7e9:SESSION-0393cf21271be7e9	SESSION-0393cf21271be7e9 → pe:tls:SESSION-0393cf21271be7e9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-07d653be0b30b2f4:host:31.40.196.235:host:172.234.197.23	SESSION-07d653be0b30b2f4 → host:31.40.196.235 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-276035998be5d0c6:host:131.196.30.56	SESSION-276035998be5d0c6 → host:131.196.30.56
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-605acf1f49534e97:host:172.234.197.23	SESSION-605acf1f49534e97 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-461eadc2db19418d:host:172.234.197.23	SESSION-461eadc2db19418d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8e1fcfb1c4254c4b:SESSION-8e1fcfb1c4254c4b	SESSION-8e1fcfb1c4254c4b → pe:tls:SESSION-8e1fcfb1c4254c4b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-738e0b0c3dd2dd03:host:177.10.234.243:host:172.234.197.23	SESSION-738e0b0c3dd2dd03 → host:177.10.234.243 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-578ff4b2beeb08df:host:172.234.197.23	SESSION-578ff4b2beeb08df → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7a70c074fb73905e:PCAP:capture_20260430150001:ded20914761d	SESSION-7a70c074fb73905e → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-536e36b5c95ee442:host:172.234.197.23	SESSION-536e36b5c95ee442 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78f6342ed3f64031:host:172.234.197.23	SESSION-78f6342ed3f64031 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-59aca44477f61d35:host:177.10.236.57:host:172.234.197.23	SESSION-59aca44477f61d35 → host:177.10.236.57 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9c4ebc5699ec1c63:SESSION-9c4ebc5699ec1c63	SESSION-9c4ebc5699ec1c63 → pe:syn:SESSION-9c4ebc5699ec1c63
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44e6d66a0a0fb56e:host:172.234.197.23	SESSION-44e6d66a0a0fb56e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3eb6cc7ca453157a:host:156.59.198.136	SESSION-3eb6cc7ca453157a → host:156.59.198.136
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-520789f72dcf866a:host:131.196.29.127	SESSION-520789f72dcf866a → host:131.196.29.127
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-976978a22e52e06d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-976978a22e52e06d → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-174ad36923ec98ba:host:172.234.197.23	SESSION-174ad36923ec98ba → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c9a9ddd86aa762a0:SESSION-c9a9ddd86aa762a0	SESSION-c9a9ddd86aa762a0 → pe:syn:SESSION-c9a9ddd86aa762a0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ee5756ac65b5ed68:PCAP:capture_20260430150001:ded20914761d	SESSION-ee5756ac65b5ed68 → PCAP:capture_20260430150001:ded20914761d
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-31e4a260829c636e:BSG-BEACON-88937f81db51	SESSION-31e4a260829c636e → BSG-BEACON-88937f81db51
FLOW_TO_HOSTOBS	e:to:SESSION-8b3ab5aeea0af112:host:172.234.197.23	SESSION-8b3ab5aeea0af112 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.139:geo_-16.28860_-49.01640	host:177.10.232.139 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d6e3c617395c3b07:PCAP:capture_20260428010001:b1b402c7b202	SESSION-d6e3c617395c3b07 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f0fa0972c78e2ef:host:172.234.197.23	SESSION-6f0fa0972c78e2ef → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e3ba2cf190ed0b5c:PCAP:capture_20260430150001:ded20914761d	SESSION-e3ba2cf190ed0b5c → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.203:geo_41.00190_28.96450	host:92.112.71.203 → geo_41.00190_28.96450
FLOW_DST_PORTOBS	e:fp:flow:fe4d1ca292f6:port:tcp:443	flow:fe4d1ca292f6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60281e53e47bfb2b:host:172.234.197.23	SESSION-60281e53e47bfb2b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-dedab35c401db9fa:host:177.10.239.84	SESSION-dedab35c401db9fa → host:177.10.239.84
FLOW_FROM_HOSTOBS	e:from:SESSION-9c58d6336bd500b5:host:177.10.237.108	SESSION-9c58d6336bd500b5 → host:177.10.237.108
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.12:asn:271410	host:131.196.29.12 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:ac7ea035d8f5:port:tcp:13145	flow:ac7ea035d8f5 → port:tcp:13145
FLOW_DST_PORTOBS	e:fp:flow:507431930c66:port:tcp:443	flow:507431930c66 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-1e2a14af4b2a82fd:host:172.234.197.23	SESSION-1e2a14af4b2a82fd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6c5da4152a907bbd:host:131.196.31.185	SESSION-6c5da4152a907bbd → host:131.196.31.185
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8614773ef8a3b357:SESSION-8614773ef8a3b357	SESSION-8614773ef8a3b357 → pe:syn:SESSION-8614773ef8a3b357
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-38ea28f2e42013a7:SESSION-38ea28f2e42013a7	SESSION-38ea28f2e42013a7 → pe:syn:SESSION-38ea28f2e42013a7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a074f157090defb0:host:172.234.197.23:host:131.196.30.68	SESSION-a074f157090defb0 → host:172.234.197.23 → host:131.196.30.68
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b88c76d0206f2960:flow:c6d85d433251	SESSION-b88c76d0206f2960 → flow:c6d85d433251
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0796a13a25fe417a:flow:a9d5fe3bfafc	SESSION-0796a13a25fe417a → flow:a9d5fe3bfafc
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.120:asn:262880	host:177.10.232.120 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.89:geo_-16.28860_-49.01640	host:177.10.237.89 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:67a855142315:port:tcp:443	flow:67a855142315 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae747b0389dd0111:host:177.10.236.187	SESSION-ae747b0389dd0111 → host:177.10.236.187
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-36e366306285e270:SESSION-36e366306285e270	SESSION-36e366306285e270 → pe:tls:SESSION-36e366306285e270
FLOW_DST_PORTOBS	e:fp:flow:8ad20b9f9a0d:port:tcp:443	flow:8ad20b9f9a0d → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 60%	e:bsg:SESSION-cd4f490a373a283b:BSG-FAILED_HANDSHAKE-a8999c33abbc	SESSION-cd4f490a373a283b → BSG-FAILED_HANDSHAKE-a8999c33abbc
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.156:asn:262880	host:177.10.232.156 → asn:262880
flow_observed5-aryOBS	e:fo:flow:f83043602330	flow:f83043602330 → host:177.10.233.67 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.177:asn:262880	host:177.10.237.177 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.116:asn:262880	host:177.10.233.116 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:f2eba56c437c:port:tcp:443	flow:f2eba56c437c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-70a92a3cd71eafd5:host:172.234.197.23	SESSION-70a92a3cd71eafd5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e717c742e2e64ea:host:172.234.197.23	SESSION-5e717c742e2e64ea → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-55ef1be4460b895e:flow:c30c42747916	SESSION-55ef1be4460b895e → flow:c30c42747916
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-52edb7664c060999:SESSION-52edb7664c060999	SESSION-52edb7664c060999 → pe:syn:SESSION-52edb7664c060999
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-72e48e4dc313a64d:PCAP:capture_20260430150001:ded20914761d	SESSION-72e48e4dc313a64d → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-01e9e36dd29e3f1f:host:177.10.235.169:host:172.234.197.23	SESSION-01e9e36dd29e3f1f → host:177.10.235.169 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ed332215381a:port:tcp:443	flow:ed332215381a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-4cde7abdf73c6af1:host:172.234.197.23	SESSION-4cde7abdf73c6af1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c9c0456097f35e54:host:177.10.232.159	SESSION-c9c0456097f35e54 → host:177.10.232.159
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.74:geo_-16.28860_-49.01640	host:177.10.239.74 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-973fc1252d207af1:host:177.10.232.251	SESSION-973fc1252d207af1 → host:177.10.232.251
FLOW_DST_PORTOBS	e:fp:flow:eb7039d8cfc1:port:tcp:443	flow:eb7039d8cfc1 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c1b9603c0e1ea765:PCAP:capture_20260430150001:ded20914761d	SESSION-c1b9603c0e1ea765 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b0233a0286136dd2:flow:0734f1162312	SESSION-b0233a0286136dd2 → flow:0734f1162312
FLOW_FROM_HOSTOBS	e:from:SESSION-a681df8efb85197d:host:172.234.197.23	SESSION-a681df8efb85197d → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:ee7eddf74104	flow:ee7eddf74104 → host:172.234.197.23 → host:80.94.92.186
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-aa0d5d025ae2ba4d:BSG-BEACON-1465e09ba0f3	SESSION-aa0d5d025ae2ba4d → BSG-BEACON-1465e09ba0f3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b4a3756900fa00c:host:131.196.31.237:host:172.234.197.23	SESSION-7b4a3756900fa00c → host:131.196.31.237 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9a5aae11508cfd60:PCAP:capture_20260430150001:ded20914761d	SESSION-9a5aae11508cfd60 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fb8ed1fbc81e736:host:172.234.197.23	SESSION-3fb8ed1fbc81e736 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e40cfbe40dbbe2d2:host:172.234.197.23:host:131.196.31.220	SESSION-e40cfbe40dbbe2d2 → host:172.234.197.23 → host:131.196.31.220
FLOW_TO_HOSTOBS	e:to:SESSION-53f84807a0945e6c:host:172.234.197.23	SESSION-53f84807a0945e6c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-206c176870c7b9f2:SESSION-206c176870c7b9f2	SESSION-206c176870c7b9f2 → pe:syn:SESSION-206c176870c7b9f2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.233:asn:262880	host:177.10.233.233 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-54d5efa8aa8025c4:SESSION-54d5efa8aa8025c4	SESSION-54d5efa8aa8025c4 → pe:syn:SESSION-54d5efa8aa8025c4
FLOW_DST_PORTOBS	e:fp:flow:26f8541df4db:port:tcp:443	flow:26f8541df4db → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b330864bc1d39cd9:flow:58e329a82c5e	SESSION-b330864bc1d39cd9 → flow:58e329a82c5e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-805fb07d7b5cb44b:PCAP:capture_20260430090001:065659c7d314	SESSION-805fb07d7b5cb44b → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8bd396f5705de0fe:SESSION-8bd396f5705de0fe	SESSION-8bd396f5705de0fe → pe:syn:SESSION-8bd396f5705de0fe
flow_observed5-aryOBS	e:fo:flow:6302410381b3	flow:6302410381b3 → host:177.10.234.130 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4619747059efac6f:SESSION-4619747059efac6f	SESSION-4619747059efac6f → pe:tls:SESSION-4619747059efac6f
FLOW_DST_PORTOBS	e:fp:flow:77755f7476c8:port:tcp:443	flow:77755f7476c8 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-64a8af826dc81e59:host:177.10.236.121	SESSION-64a8af826dc81e59 → host:177.10.236.121
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e167d585a8e48501:host:177.10.232.170:host:172.234.197.23	SESSION-e167d585a8e48501 → host:177.10.232.170 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e991043fa3bca90d:host:177.10.233.102	SESSION-e991043fa3bca90d → host:177.10.233.102
FLOW_FROM_HOSTOBS	e:from:SESSION-848ab23bc1105d57:host:131.196.31.166	SESSION-848ab23bc1105d57 → host:131.196.31.166
flow_observed5-aryOBS	e:fo:flow:2639caa1e970	flow:2639caa1e970 → host:177.10.239.55 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd2928203fc01c8b:host:172.234.197.23	SESSION-dd2928203fc01c8b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8e1fcfb1c4254c4b:host:177.10.234.12:host:172.234.197.23	SESSION-8e1fcfb1c4254c4b → host:177.10.234.12 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fef5a77f946ef097:host:131.196.29.206:host:172.234.197.23	SESSION-fef5a77f946ef097 → host:131.196.29.206 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-022fbc52c5dbb7ff:flow:e59eeaf15703	SESSION-022fbc52c5dbb7ff → flow:e59eeaf15703
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-574ff4efae76e1f7:SESSION-574ff4efae76e1f7	SESSION-574ff4efae76e1f7 → pe:tls:SESSION-574ff4efae76e1f7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ac71782250ec9a1:SESSION-6ac71782250ec9a1	SESSION-6ac71782250ec9a1 → pe:tls:SESSION-6ac71782250ec9a1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1213fdeaeb0b4e25:host:45.173.156.44:host:172.234.197.23	SESSION-1213fdeaeb0b4e25 → host:45.173.156.44 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c92acfae26c49330:host:172.234.197.23:host:177.10.236.237	SESSION-c92acfae26c49330 → host:172.234.197.23 → host:177.10.236.237
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ced8040d8221dfbc:host:177.10.232.55:host:172.234.197.23	SESSION-ced8040d8221dfbc → host:177.10.232.55 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:abdcc655bf4a	flow:abdcc655bf4a → host:172.234.197.23 → host:177.10.237.6 → port:tcp:2914
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c701d534f5ceb273:flow:b08e9e3f80d1	SESSION-c701d534f5ceb273 → flow:b08e9e3f80d1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb5021014b7af5cb:host:172.234.197.23	SESSION-bb5021014b7af5cb → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bef08b3c32a1c401:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-bef08b3c32a1c401 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-55187c9d4dc6d2e7:SESSION-55187c9d4dc6d2e7	SESSION-55187c9d4dc6d2e7 → pe:tls:SESSION-55187c9d4dc6d2e7
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.65:asn:203771	host:92.112.71.65 → asn:203771
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2dd011a07497df56:PCAP:capture_20260430050001:8868731bf8a4	SESSION-2dd011a07497df56 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f7273aea3ec9beab:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f7273aea3ec9beab → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:342062e36bfc:port:tcp:25918	flow:342062e36bfc → port:tcp:25918
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7d8111f65a253e3a:PCAP:capture_20260430060001:919b39a74464	SESSION-7d8111f65a253e3a → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ff9e556bf199706:host:172.234.197.23:host:177.10.234.15	SESSION-6ff9e556bf199706 → host:172.234.197.23 → host:177.10.234.15
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b481f21a133f6fd1:host:177.10.239.159	SESSION-b481f21a133f6fd1 → host:177.10.239.159
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7af80619f13211ba:SESSION-7af80619f13211ba	SESSION-7af80619f13211ba → pe:syn:SESSION-7af80619f13211ba
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-53fb5011e3d13c28:host:172.234.197.23	SESSION-53fb5011e3d13c28 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f7e8645f576f:port:tcp:4251	flow:f7e8645f576f → port:tcp:4251
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.147:geo_-21.10010_-41.69200	host:45.173.156.147 → geo_-21.10010_-41.69200
FLOW_FROM_HOSTOBS	e:from:SESSION-b47539014cc5976c:host:44.243.2.252	SESSION-b47539014cc5976c → host:44.243.2.252
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a6c7a2e5cf818d0a:PCAP:capture_20260430060001:919b39a74464	SESSION-a6c7a2e5cf818d0a → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-364411d92a5a41bf:SESSION-364411d92a5a41bf	SESSION-364411d92a5a41bf → pe:syn:SESSION-364411d92a5a41bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-019d89e6bcaa6e4e:PCAP:capture_20260430080001:93f47cc296a4	SESSION-019d89e6bcaa6e4e → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-e632e9ec3b8d735c:host:172.234.197.23	SESSION-e632e9ec3b8d735c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6b18b465640b	flow:6b18b465640b → host:131.196.31.234 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e5eab3f22e87eb3f:flow:7c6a2a150cfa	SESSION-e5eab3f22e87eb3f → flow:7c6a2a150cfa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d9ed6ae798457b7:host:172.234.197.23	SESSION-9d9ed6ae798457b7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-54d5efa8aa8025c4:host:177.10.232.213	SESSION-54d5efa8aa8025c4 → host:177.10.232.213
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ef914cd10270daad:SESSION-ef914cd10270daad	SESSION-ef914cd10270daad → pe:syn:SESSION-ef914cd10270daad
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-edf23c7505754934:host:177.10.233.35	SESSION-edf23c7505754934 → host:177.10.233.35
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-befc987f4c77d80c:host:172.234.197.23	SESSION-befc987f4c77d80c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-95f80a98e12e105d:flow:43128debff45	SESSION-95f80a98e12e105d → flow:43128debff45
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0bf923c759cb9e4a:host:172.234.197.23:host:172.232.0.16	SESSION-0bf923c759cb9e4a → host:172.234.197.23 → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8327be02acf872a5:SESSION-8327be02acf872a5	SESSION-8327be02acf872a5 → pe:tls:SESSION-8327be02acf872a5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e8104be0e9171978:flow:3100de296217	SESSION-e8104be0e9171978 → flow:3100de296217
FLOW_FROM_HOSTOBS	e:from:SESSION-73436bd95d7b2637:host:131.196.28.247	SESSION-73436bd95d7b2637 → host:131.196.28.247
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c6fd3205e4a34033:SESSION-c6fd3205e4a34033	SESSION-c6fd3205e4a34033 → pe:syn:SESSION-c6fd3205e4a34033
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0cdd1d919af3f4a:host:172.234.197.23	SESSION-f0cdd1d919af3f4a → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.33:asn:271410	host:131.196.31.33 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ac71f2f2355e0bb:host:45.173.156.116	SESSION-7ac71f2f2355e0bb → host:45.173.156.116
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.87:geo_-16.28860_-49.01640	host:177.10.239.87 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2958e311eaa51e83:SESSION-2958e311eaa51e83	SESSION-2958e311eaa51e83 → pe:syn:SESSION-2958e311eaa51e83
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0ba942f2694f4960:SESSION-0ba942f2694f4960	SESSION-0ba942f2694f4960 → pe:tls:SESSION-0ba942f2694f4960
FLOW_FROM_HOSTOBS	e:from:SESSION-151e53ee3004033b:host:177.10.234.9	SESSION-151e53ee3004033b → host:177.10.234.9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eb17861f5be52c2c:flow:4183b8da1840	SESSION-eb17861f5be52c2c → flow:4183b8da1840
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.8:asn:262880	host:177.10.238.8 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10d6a2736c7d59d6:host:172.234.197.23	SESSION-10d6a2736c7d59d6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0827c1c94491daec:host:177.10.235.224	SESSION-0827c1c94491daec → host:177.10.235.224
FLOW_DST_PORTOBS	e:fp:flow:ada631d31ecc:port:tcp:443	flow:ada631d31ecc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0e1f57d75854220c:SESSION-0e1f57d75854220c	SESSION-0e1f57d75854220c → pe:tls:SESSION-0e1f57d75854220c
FLOW_DST_PORTOBS	e:fp:flow:5d2a6d8ea810:port:tcp:443	flow:5d2a6d8ea810 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-28d0a7763ce2861c:host:172.234.197.23	SESSION-28d0a7763ce2861c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d30b8cd9cbd48a1:host:131.196.29.211:host:172.234.197.23	SESSION-1d30b8cd9cbd48a1 → host:131.196.29.211 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2c2ee5c4e3db47f8:SESSION-2c2ee5c4e3db47f8	SESSION-2c2ee5c4e3db47f8 → pe:syn:SESSION-2c2ee5c4e3db47f8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d44c53e781b5466e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d44c53e781b5466e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db187e026dbc97b6:host:177.10.234.46	SESSION-db187e026dbc97b6 → host:177.10.234.46
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.235:asn:271410	host:131.196.28.235 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-48de9f7b9a5a464c:flow:ce703d5cfa0d	SESSION-48de9f7b9a5a464c → flow:ce703d5cfa0d
FLOW_FROM_HOSTOBS	e:from:SESSION-b8196f582d24c6a3:host:172.234.197.23	SESSION-b8196f582d24c6a3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8dbba576826a	flow:8dbba576826a → host:177.10.236.56 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:f6c69868181b	flow:f6c69868181b → host:177.10.235.132 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29ee7b0c08ea02ad:host:177.10.233.191	SESSION-29ee7b0c08ea02ad → host:177.10.233.191
FLOW_FROM_HOSTOBS	e:from:SESSION-aa0d5d025ae2ba4d:host:177.10.233.116	SESSION-aa0d5d025ae2ba4d → host:177.10.233.116
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-64807579ab6c52ee:SESSION-64807579ab6c52ee	SESSION-64807579ab6c52ee → pe:syn:SESSION-64807579ab6c52ee
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-923fbccf43ed644a:SESSION-923fbccf43ed644a	SESSION-923fbccf43ed644a → pe:tls:SESSION-923fbccf43ed644a
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.161:asn:271410	host:131.196.29.161 → asn:271410
flow_observed4-aryOBS	e:fo:flow:c3397980d6ec	flow:c3397980d6ec → host:172.234.197.23 → host:177.10.237.144 → port:tcp:14416
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-328b0864666a263b:flow:9b1232626ced	SESSION-328b0864666a263b → flow:9b1232626ced
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-99664d33d11b43d2:SESSION-99664d33d11b43d2	SESSION-99664d33d11b43d2 → pe:syn:SESSION-99664d33d11b43d2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5a3cad014cd3066:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b5a3cad014cd3066 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d2ed4131e5585f31:SESSION-d2ed4131e5585f31	SESSION-d2ed4131e5585f31 → pe:tls:SESSION-d2ed4131e5585f31
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eead3829bc62f23e:host:177.10.236.242	SESSION-eead3829bc62f23e → host:177.10.236.242
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bb3f1e71e19d60be:flow:704270ce5d2a	SESSION-bb3f1e71e19d60be → flow:704270ce5d2a
FLOW_DST_PORTOBS	e:fp:flow:3a5d8774eaca:port:tcp:6323	flow:3a5d8774eaca → port:tcp:6323
FLOW_TO_HOSTOBS	e:to:SESSION-fb971e48f4a1e66e:host:172.234.197.23	SESSION-fb971e48f4a1e66e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3d135e2bdea1	flow:3d135e2bdea1 → host:177.10.238.116 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:d858e5d91e76:port:tcp:49713	flow:d858e5d91e76 → port:tcp:49713
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1518dad52645fa99:host:172.234.197.23	SESSION-1518dad52645fa99 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.193:asn:262880	host:177.10.238.193 → asn:262880
flow_observed5-aryOBS	e:fo:flow:11ce700613de	flow:11ce700613de → host:177.10.234.48 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa38dbd858d86f82:host:172.234.197.23	SESSION-aa38dbd858d86f82 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b70d9bf346b75217:host:172.234.197.23:host:177.10.239.59	SESSION-b70d9bf346b75217 → host:172.234.197.23 → host:177.10.239.59
FLOW_TO_HOSTOBS	e:to:SESSION-cf1b38a91c361f4b:host:172.234.197.23	SESSION-cf1b38a91c361f4b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e3139069f2c261e:host:177.10.235.75	SESSION-6e3139069f2c261e → host:177.10.235.75
flow_observed5-aryOBS	e:fo:flow:305e0f17973f	flow:305e0f17973f → host:177.10.233.24 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:40.177.170.73:geo_51.05000_-114.08790	host:40.177.170.73 → geo_51.05000_-114.08790
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.133:geo_-16.28860_-49.01640	host:177.10.238.133 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:36e2e7eb9558	flow:36e2e7eb9558 → host:177.10.234.187 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3bb178420802ca16:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3bb178420802ca16 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-35ad9f030d1e8e6d:BSG-BEACON-a63cf4e96a4e	SESSION-35ad9f030d1e8e6d → BSG-BEACON-a63cf4e96a4e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.117:asn:262880	host:177.10.237.117 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-424e5c5b03912c3d:host:172.234.197.23	SESSION-424e5c5b03912c3d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6fd2d6a70384f754:host:185.231.226.45	SESSION-6fd2d6a70384f754 → host:185.231.226.45
FLOW_DST_PORTOBS	e:fp:flow:fef75095e66a:port:tcp:443	flow:fef75095e66a → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f30fa3bd65a965fa:PCAP:capture_20260430110001:43611bdf6759	SESSION-f30fa3bd65a965fa → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8a979a64e0f94d26:SESSION-8a979a64e0f94d26	SESSION-8a979a64e0f94d26 → pe:syn:SESSION-8a979a64e0f94d26
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f7e801a59e8e93f:host:177.10.235.81	SESSION-3f7e801a59e8e93f → host:177.10.235.81
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-338820b1c26f8211:flow:eeb87832b420	SESSION-338820b1c26f8211 → flow:eeb87832b420
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a2005509481f3ca7:PCAP:capture_20260430150001:ded20914761d	SESSION-a2005509481f3ca7 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-b9523bcd246277dc:host:45.173.156.8	SESSION-b9523bcd246277dc → host:45.173.156.8
FLOW_FROM_HOSTOBS	e:from:SESSION-18c88d2b92c30f28:host:172.234.197.23	SESSION-18c88d2b92c30f28 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4c405aff0251:port:tcp:443	flow:4c405aff0251 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-288c2773d91d95c9:host:177.10.232.229	SESSION-288c2773d91d95c9 → host:177.10.232.229
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.85:asn:262880	host:177.10.233.85 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8aa4413fe5db5235:SESSION-8aa4413fe5db5235	SESSION-8aa4413fe5db5235 → pe:tls:SESSION-8aa4413fe5db5235
FLOW_FROM_HOSTOBS	e:from:SESSION-c0b0070ff484a299:host:177.10.235.128	SESSION-c0b0070ff484a299 → host:177.10.235.128
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-017fcd2c03e3a5c1:PCAP:capture_20260430150001:ded20914761d	SESSION-017fcd2c03e3a5c1 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1fc279480f80cfd1:SESSION-1fc279480f80cfd1	SESSION-1fc279480f80cfd1 → pe:tls:SESSION-1fc279480f80cfd1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-89e4df8c6f209b00:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-89e4df8c6f209b00 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:12f24c635b1c	flow:12f24c635b1c → host:177.10.239.106 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-486ff38c4390c341:PCAP:capture_20260430080001:93f47cc296a4	SESSION-486ff38c4390c341 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a18dc2bb6be0117f:host:172.234.197.23	SESSION-a18dc2bb6be0117f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ee4f55e8adb586c5:SESSION-ee4f55e8adb586c5	SESSION-ee4f55e8adb586c5 → pe:tls:SESSION-ee4f55e8adb586c5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9726d81acc78b8e7:host:172.234.197.23:host:131.196.30.5	SESSION-9726d81acc78b8e7 → host:172.234.197.23 → host:131.196.30.5
FLOW_DST_PORTOBS	e:fp:flow:8ddcd7a85531:port:tcp:23	flow:8ddcd7a85531 → port:tcp:23
flow_observed5-aryOBS	e:fo:flow:612621241910	flow:612621241910 → host:31.40.196.58 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-853e897de6767cda:host:131.196.31.75:host:172.234.197.23	SESSION-853e897de6767cda → host:131.196.31.75 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0e9003d0c01a	flow:0e9003d0c01a → host:45.173.156.240 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d3cf98bfbd337a47:flow:e8b6d78f5f37	SESSION-d3cf98bfbd337a47 → flow:e8b6d78f5f37
FLOW_FROM_HOSTOBS	e:from:SESSION-af24c7046d264e7e:host:172.234.197.23	SESSION-af24c7046d264e7e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a414d91a7218:port:tcp:443	flow:a414d91a7218 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e7098e9f09e131f1:SESSION-e7098e9f09e131f1	SESSION-e7098e9f09e131f1 → pe:syn:SESSION-e7098e9f09e131f1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2490746063a947f9:SESSION-2490746063a947f9	SESSION-2490746063a947f9 → pe:tls:SESSION-2490746063a947f9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0cdd1d919af3f4a:host:131.196.30.51	SESSION-f0cdd1d919af3f4a → host:131.196.30.51
FLOW_FROM_HOSTOBS	e:from:SESSION-49d1ccfce5e59a68:host:177.10.234.208	SESSION-49d1ccfce5e59a68 → host:177.10.234.208
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-841299f020c7f00d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-841299f020c7f00d → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:185b92a83312:port:tcp:14688	flow:185b92a83312 → port:tcp:14688
FLOW_DST_PORTOBS	e:fp:flow:a805c9901252:port:tcp:443	flow:a805c9901252 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:c80293dc61c3:port:tcp:443	flow:c80293dc61c3 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb3e7e97aa8c76e6:flow:31bb26426caa	SESSION-cb3e7e97aa8c76e6 → flow:31bb26426caa
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-acd63ec8ffcea8e7:flow:b3d6afc82aab	SESSION-acd63ec8ffcea8e7 → flow:b3d6afc82aab
FLOW_FROM_HOSTOBS	e:from:SESSION-981fac77dd79326b:host:172.234.197.23	SESSION-981fac77dd79326b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-828db1ebc34fa50a:flow:123c310400c9	SESSION-828db1ebc34fa50a → flow:123c310400c9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0af0d5d1b3f6259:SESSION-c0af0d5d1b3f6259	SESSION-c0af0d5d1b3f6259 → pe:syn:SESSION-c0af0d5d1b3f6259
flow_observed4-aryOBS	e:fo:flow:8b934233cfa6	flow:8b934233cfa6 → host:172.234.197.23 → host:177.10.232.206 → port:tcp:54113
FLOW_QUERIED_DNSOBS	e:fd:flow:9609b976f9f0:dns:172-234-197-23.ip.linodeusercontent.com	flow:9609b976f9f0 → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-fd8832d374e053cc:host:177.10.235.192	SESSION-fd8832d374e053cc → host:177.10.235.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5a631db0468c49ef:SESSION-5a631db0468c49ef	SESSION-5a631db0468c49ef → pe:tls:SESSION-5a631db0468c49ef
FLOW_DST_PORTOBS	e:fp:flow:6abf6297d34f:port:tcp:443	flow:6abf6297d34f → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ee6825b3a9be6d1:host:177.10.235.215	SESSION-6ee6825b3a9be6d1 → host:177.10.235.215
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.218:geo_-16.28860_-49.01640	host:177.10.236.218 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:16912badffa5:port:tcp:80	flow:16912badffa5 → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08924e756ead6523:host:172.234.197.23	SESSION-08924e756ead6523 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4fe97044eaa4ff8:flow:5d98a7142573	SESSION-c4fe97044eaa4ff8 → flow:5d98a7142573
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a17e20e34301cc9:host:177.10.235.224	SESSION-4a17e20e34301cc9 → host:177.10.235.224
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ed760af2d8fedd4:SESSION-2ed760af2d8fedd4	SESSION-2ed760af2d8fedd4 → pe:tls:SESSION-2ed760af2d8fedd4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-44bc098e411317a4:PCAP:capture_20260430060001:919b39a74464	SESSION-44bc098e411317a4 → PCAP:capture_20260430060001:919b39a74464
FLOW_TLS_SNIOBS	e:fs:flow:fa102252011b:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:fa102252011b → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cfb2466cf35b5342:host:172.234.197.23	SESSION-cfb2466cf35b5342 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-36f959353527c71a:SESSION-36f959353527c71a	SESSION-36f959353527c71a → pe:tls:SESSION-36f959353527c71a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.68:geo_-16.28860_-49.01640	host:177.10.238.68 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24bd61df75bf4426:host:131.196.31.162	SESSION-24bd61df75bf4426 → host:131.196.31.162
FLOW_FROM_HOSTOBS	e:from:SESSION-7a11ee5d378ab4f4:host:172.234.197.23	SESSION-7a11ee5d378ab4f4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f344d747ad66bc9c:SESSION-f344d747ad66bc9c	SESSION-f344d747ad66bc9c → pe:tls:SESSION-f344d747ad66bc9c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9d65a28f7cbebfeb:host:177.10.238.87:host:172.234.197.23	SESSION-9d65a28f7cbebfeb → host:177.10.238.87 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c0a0b196a018:port:tcp:443	flow:c0a0b196a018 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-54da05b162213325:SESSION-54da05b162213325	SESSION-54da05b162213325 → pe:syn:SESSION-54da05b162213325
FLOW_FROM_HOSTOBS	e:from:SESSION-3e2d293cdcc6efc8:host:177.10.236.100	SESSION-3e2d293cdcc6efc8 → host:177.10.236.100
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7c6580975a2d7416:flow:75643401072c	SESSION-7c6580975a2d7416 → flow:75643401072c
FLOW_FROM_HOSTOBS	e:from:SESSION-b670e7c5e0a8e3a1:host:172.234.197.23	SESSION-b670e7c5e0a8e3a1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-783928d3af0eed6e:PCAP:capture_20260430150001:ded20914761d	SESSION-783928d3af0eed6e → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5f3ac5dec394466:host:172.234.197.23	SESSION-f5f3ac5dec394466 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-003677474853cb22:host:172.234.197.23	SESSION-003677474853cb22 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-34913801790eb8e4:SESSION-34913801790eb8e4	SESSION-34913801790eb8e4 → pe:tls:SESSION-34913801790eb8e4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d8f5cec7e169b47:host:131.196.31.65	SESSION-2d8f5cec7e169b47 → host:131.196.31.65
flow_observed5-aryOBS	e:fo:flow:aa21f695c888	flow:aa21f695c888 → host:177.10.238.217 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:6bf63e143c80	flow:6bf63e143c80 → host:67.219.103.9 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.190:geo_-16.28860_-49.01640	host:177.10.237.190 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bcba548cda079292:host:177.10.233.53:host:172.234.197.23	SESSION-bcba548cda079292 → host:177.10.233.53 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0ae67350c986	flow:0ae67350c986 → host:92.112.71.52 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8cf04cf372371106:host:177.10.236.47:host:172.234.197.23	SESSION-8cf04cf372371106 → host:177.10.236.47 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-dbe0692b3b05f921:host:177.10.237.180	SESSION-dbe0692b3b05f921 → host:177.10.237.180
FLOW_FROM_HOSTOBS	e:from:SESSION-3526e42e615eba29:host:177.10.238.55	SESSION-3526e42e615eba29 → host:177.10.238.55
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1c0e460ce34915ff:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1c0e460ce34915ff → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1053aee7675dcd07:SESSION-1053aee7675dcd07	SESSION-1053aee7675dcd07 → pe:tls:SESSION-1053aee7675dcd07
FLOW_TO_HOSTOBS	e:to:SESSION-07ba7d1d1566dce2:host:172.234.197.23	SESSION-07ba7d1d1566dce2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ae01755e2c80	flow:ae01755e2c80 → host:177.10.234.163 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a22fc187bcc4d705:host:45.173.156.116:host:172.234.197.23	SESSION-a22fc187bcc4d705 → host:45.173.156.116 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:543bc6e6886f	flow:543bc6e6886f → host:51.91.243.64 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-56d3b103682c9fbe:PCAP:capture_20260430060001:919b39a74464	SESSION-56d3b103682c9fbe → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b6d027087dbd516e:host:177.10.236.154:host:172.234.197.23	SESSION-b6d027087dbd516e → host:177.10.236.154 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3adb88175f99dced:host:177.10.235.155	SESSION-3adb88175f99dced → host:177.10.235.155
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7aaaf2932de65e0e:host:177.10.234.155	SESSION-7aaaf2932de65e0e → host:177.10.234.155
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-4cde7abdf73c6af1:BSG-BEACON-e07f4250263f	SESSION-4cde7abdf73c6af1 → BSG-BEACON-e07f4250263f
FLOW_QUERIED_DNSOBS	e:fd:flow:44e7caf8cd36:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:44e7caf8cd36 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ae8012f8306fedb:host:177.10.238.251:host:172.234.197.23	SESSION-6ae8012f8306fedb → host:177.10.238.251 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d60298c7dc6ec77f:PCAP:capture_20260430060001:919b39a74464	SESSION-d60298c7dc6ec77f → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-6353435fcd827ef1:host:95.170.25.60	SESSION-6353435fcd827ef1 → host:95.170.25.60
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ea53a00807c951b5:host:172.234.197.23:host:172.232.0.17	SESSION-ea53a00807c951b5 → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-66746867faa9cf3c:flow:f983957c7ddd	SESSION-66746867faa9cf3c → flow:f983957c7ddd
flow_observed5-aryOBS	e:fo:flow:d98879de1566	flow:d98879de1566 → host:177.10.233.54 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e1f0a324b14316cd:PCAP:capture_20260430080001:93f47cc296a4	SESSION-e1f0a324b14316cd → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc59b28fe233796a:host:172.234.197.23	SESSION-fc59b28fe233796a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-be1454a9d7b7f3ce:host:97.139.12.85	SESSION-be1454a9d7b7f3ce → host:97.139.12.85
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4d17209bd675d4be:SESSION-4d17209bd675d4be	SESSION-4d17209bd675d4be → pe:tls:SESSION-4d17209bd675d4be
flow_observed4-aryOBS	e:fo:flow:fc88b4593c6e	flow:fc88b4593c6e → host:172.234.197.23 → host:177.10.234.52 → port:tcp:9607
FLOW_TO_HOSTOBS	e:to:SESSION-8c54e8a5253d053d:host:177.10.235.169	SESSION-8c54e8a5253d053d → host:177.10.235.169
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.144:asn:273470	host:45.173.156.144 → asn:273470
FLOW_DST_PORTOBS	e:fp:flow:1c8e149ce566:port:tcp:2154	flow:1c8e149ce566 → port:tcp:2154
FLOW_FROM_HOSTOBS	e:from:SESSION-d4fb8a50f2916880:host:131.196.30.87	SESSION-d4fb8a50f2916880 → host:131.196.30.87
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a74ec174530f5239:host:44.244.28.93	SESSION-a74ec174530f5239 → host:44.244.28.93
FLOW_DST_PORTOBS	e:fp:flow:dbfebbe7d3ff:port:tcp:443	flow:dbfebbe7d3ff → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68031782b8336c69:host:92.118.39.236	SESSION-68031782b8336c69 → host:92.118.39.236
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8806932607856a75:host:172.234.197.23	SESSION-8806932607856a75 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:81fbc880ebf1	flow:81fbc880ebf1 → host:45.173.156.10 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0229340abc854c0d:SESSION-0229340abc854c0d	SESSION-0229340abc854c0d → pe:syn:SESSION-0229340abc854c0d
FLOW_DST_PORTOBS	e:fp:flow:4d75f253e125:port:tcp:443	flow:4d75f253e125 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27d1e1e2170d683a:host:131.196.28.5	SESSION-27d1e1e2170d683a → host:131.196.28.5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1600cc83b8cea24d:host:131.196.31.26	SESSION-1600cc83b8cea24d → host:131.196.31.26
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6bca989f2c390047:SESSION-6bca989f2c390047	SESSION-6bca989f2c390047 → pe:tls:SESSION-6bca989f2c390047
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-414bf7406e62b7e2:host:172.234.197.23	SESSION-414bf7406e62b7e2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-158ec8f739ce5586:flow:be27ca17f284	SESSION-158ec8f739ce5586 → flow:be27ca17f284
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d58e8fad9dafe114:SESSION-d58e8fad9dafe114	SESSION-d58e8fad9dafe114 → pe:syn:SESSION-d58e8fad9dafe114
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.19:geo_-16.28860_-49.01640	host:177.10.237.19 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3d2c48d2810841c0:PCAP:capture_20260430090001:065659c7d314	SESSION-3d2c48d2810841c0 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-28e949edc1bba418:host:172.234.197.23	SESSION-28e949edc1bba418 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8b6005e750e5a47f:flow:34f10ddde6b1	SESSION-8b6005e750e5a47f → flow:34f10ddde6b1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-597e69ebdf7ef93f:SESSION-597e69ebdf7ef93f	SESSION-597e69ebdf7ef93f → pe:tls:SESSION-597e69ebdf7ef93f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41172116812e3a49:host:177.10.236.39	SESSION-41172116812e3a49 → host:177.10.236.39
FLOW_FROM_HOSTOBS	e:from:SESSION-f60661a19246ebd9:host:172.234.197.23	SESSION-f60661a19246ebd9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.96:asn:262880	host:177.10.236.96 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dae3e228e98c74e4:PCAP:capture_20260430150001:ded20914761d	SESSION-dae3e228e98c74e4 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d43ecb134342fe00:host:177.10.237.127	SESSION-d43ecb134342fe00 → host:177.10.237.127
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60c160c47311ca12:host:172.234.197.23	SESSION-60c160c47311ca12 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4a457a833cb01b1f:host:172.234.197.23	SESSION-4a457a833cb01b1f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e5317dc12631	flow:e5317dc12631 → host:131.196.30.43 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-11641f941720f4cf:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-11641f941720f4cf → PCAP:capture_20260430100001:55715ebbe6bf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.196:geo_-16.28860_-49.01640	host:177.10.237.196 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-791eac8e49df4e5d:flow:bbbfe2fd8c5e	SESSION-791eac8e49df4e5d → flow:bbbfe2fd8c5e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7f9bec963f9028f2:flow:5f03c3122d2b	SESSION-7f9bec963f9028f2 → flow:5f03c3122d2b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e11f8c5c1e806073:host:172.234.197.23	SESSION-e11f8c5c1e806073 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:aab775347fea:port:tcp:443	flow:aab775347fea → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-8d52381659b8aa3f:host:177.10.238.53	SESSION-8d52381659b8aa3f → host:177.10.238.53
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37fa495f79e351e9:PCAP:capture_20260430150001:ded20914761d	SESSION-37fa495f79e351e9 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7e0284f837155748:SESSION-7e0284f837155748	SESSION-7e0284f837155748 → pe:tls:SESSION-7e0284f837155748
flow_observed4-aryOBS	e:fo:flow:e7744e976837	flow:e7744e976837 → host:172.234.197.23 → host:131.196.31.238 → port:tcp:32526
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8fbacc1128a5208:PCAP:capture_20260430110001:43611bdf6759	SESSION-c8fbacc1128a5208 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-37fa495f79e351e9:host:131.196.28.88	SESSION-37fa495f79e351e9 → host:131.196.28.88
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b05f07ed9250ae8e:PCAP:capture_20260430150001:ded20914761d	SESSION-b05f07ed9250ae8e → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-774b2bcff77bd614:SESSION-774b2bcff77bd614	SESSION-774b2bcff77bd614 → pe:syn:SESSION-774b2bcff77bd614
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f3cf60c38091a57a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f3cf60c38091a57a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3a3baa467b71ba10:PCAP:capture_20260430080001:93f47cc296a4	SESSION-3a3baa467b71ba10 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-7af80619f13211ba:SESSION-7af80619f13211ba	SESSION-7af80619f13211ba → pe:rst:SESSION-7af80619f13211ba
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db76c4941d3529f6:SESSION-db76c4941d3529f6	SESSION-db76c4941d3529f6 → pe:tls:SESSION-db76c4941d3529f6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-99eb989e9371b0fb:SESSION-99eb989e9371b0fb	SESSION-99eb989e9371b0fb → pe:tls:SESSION-99eb989e9371b0fb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-51b700d0442eff09:SESSION-51b700d0442eff09	SESSION-51b700d0442eff09 → pe:syn:SESSION-51b700d0442eff09
flow_observed4-aryOBS	e:fo:flow:3ebf6dc4c75b	flow:3ebf6dc4c75b → host:172.234.197.23 → host:131.196.30.183 → port:tcp:38523
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f59e3038c71b15e1:flow:57693f469d04	SESSION-f59e3038c71b15e1 → flow:57693f469d04
FLOW_TO_HOSTOBS	e:to:SESSION-aa372e44ee6fb3e7:host:131.196.30.157	SESSION-aa372e44ee6fb3e7 → host:131.196.30.157
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.62:geo_-16.28860_-49.01640	host:177.10.239.62 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:f11da68f580d	flow:f11da68f580d → host:177.10.235.65 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3b8a8c73a52fb2ca:host:172.234.197.23	SESSION-3b8a8c73a52fb2ca → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:be4babb82816:port:tcp:443	flow:be4babb82816 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a2e4fb28ad63a51c:PCAP:capture_20260430060001:919b39a74464	SESSION-a2e4fb28ad63a51c → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-119f9a3698c24414:SESSION-119f9a3698c24414	SESSION-119f9a3698c24414 → pe:tls:SESSION-119f9a3698c24414
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.77:geo_-23.62930_-46.63510	host:131.196.29.77 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ec199f8b9a6f389:host:167.235.194.109:host:172.234.197.23	SESSION-8ec199f8b9a6f389 → host:167.235.194.109 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1e2ace7c21b4da04:SESSION-1e2ace7c21b4da04	SESSION-1e2ace7c21b4da04 → pe:tls:SESSION-1e2ace7c21b4da04
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f02a050799431d6e:SESSION-f02a050799431d6e	SESSION-f02a050799431d6e → pe:syn:SESSION-f02a050799431d6e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e8f7fc765f54b5ec:PCAP:capture_20260430150001:ded20914761d	SESSION-e8f7fc765f54b5ec → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:15feef3af155:port:tcp:443	flow:15feef3af155 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.101:asn:262880	host:177.10.236.101 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c5d6e49e2849c20f:flow:4e5add2f1c65	SESSION-c5d6e49e2849c20f → flow:4e5add2f1c65
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-59a5b7880376a89f:host:92.112.71.109:host:172.234.197.23	SESSION-59a5b7880376a89f → host:92.112.71.109 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b51c77a005c8dfc8:host:172.234.197.23	SESSION-b51c77a005c8dfc8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-77162e002cdf71b4:host:172.234.197.23	SESSION-77162e002cdf71b4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9f10bcf378efcbb9:host:172.234.197.23	SESSION-9f10bcf378efcbb9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eed6a9b72737e44d:SESSION-eed6a9b72737e44d	SESSION-eed6a9b72737e44d → pe:tls:SESSION-eed6a9b72737e44d
flow_observed5-aryOBS	e:fo:flow:009306c88cc6	flow:009306c88cc6 → host:131.196.29.215 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-07139a9423b3d79f:SESSION-07139a9423b3d79f	SESSION-07139a9423b3d79f → pe:tls:SESSION-07139a9423b3d79f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ce76d6af7b7d93f:SESSION-1ce76d6af7b7d93f	SESSION-1ce76d6af7b7d93f → pe:syn:SESSION-1ce76d6af7b7d93f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f56081dde23b5ed:host:131.196.29.167	SESSION-5f56081dde23b5ed → host:131.196.29.167
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e7341740ccb6f292:flow:c2b8c61368a6	SESSION-e7341740ccb6f292 → flow:c2b8c61368a6
FLOW_FROM_HOSTOBS	e:from:SESSION-2cb296f879c20d45:host:95.170.25.175	SESSION-2cb296f879c20d45 → host:95.170.25.175
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a7cfd4f435147ff3:PCAP:capture_20260430090001:065659c7d314	SESSION-a7cfd4f435147ff3 → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:440525ebabd8:port:tcp:443	flow:440525ebabd8 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f5f3ac5dec394466:host:177.10.232.56:host:172.234.197.23	SESSION-f5f3ac5dec394466 → host:177.10.232.56 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-07ba7d1d1566dce2:SESSION-07ba7d1d1566dce2	SESSION-07ba7d1d1566dce2 → pe:rst:SESSION-07ba7d1d1566dce2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1995c5dc0203e07b:host:177.10.237.169:host:172.234.197.23	SESSION-1995c5dc0203e07b → host:177.10.237.169 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b47e385ca946fd94:host:172.234.197.23	SESSION-b47e385ca946fd94 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e61eb47c134600b1:host:172.234.197.23	SESSION-e61eb47c134600b1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a6ca0cab59ea:port:tcp:443	flow:a6ca0cab59ea → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:f1fac0476f53:port:tcp:443	flow:f1fac0476f53 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-09db40e08b93496c:SESSION-09db40e08b93496c	SESSION-09db40e08b93496c → pe:syn:SESSION-09db40e08b93496c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f4bd70bea69fea0d:host:131.196.29.60	SESSION-f4bd70bea69fea0d → host:131.196.29.60
flow_observed5-aryOBS	e:fo:flow:35d670918235	flow:35d670918235 → host:177.10.233.172 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaed9d07c71d3d80:host:172.234.197.23	SESSION-eaed9d07c71d3d80 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-79574872517ba47f:PCAP:capture_20260430060001:919b39a74464	SESSION-79574872517ba47f → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b55fe86aa2a31ece:host:172.234.197.23	SESSION-b55fe86aa2a31ece → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-481702f1e56ec074:host:172.234.197.23	SESSION-481702f1e56ec074 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:078b14d45d42:port:tcp:443	flow:078b14d45d42 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-46a01539128daee6:host:131.196.31.201	SESSION-46a01539128daee6 → host:131.196.31.201
flow_observed5-aryOBS	e:fo:flow:a0e0b3e2b742	flow:a0e0b3e2b742 → host:177.10.235.97 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-4b91d700ec898758:host:172.234.197.23	SESSION-4b91d700ec898758 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38485db7731deeee:host:172.234.197.23	SESSION-38485db7731deeee → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0df43d2721e666e:host:131.196.31.255	SESSION-c0df43d2721e666e → host:131.196.31.255
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d2d17a1375ada26:host:54.222.137.228	SESSION-9d2d17a1375ada26 → host:54.222.137.228
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bef16d9c79cba2c2:PCAP:capture_20260430070001:903a0e7a436b	SESSION-bef16d9c79cba2c2 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e11f8c5c1e806073:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-e11f8c5c1e806073 → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf2d710eb7a0f34a:host:131.196.28.43	SESSION-cf2d710eb7a0f34a → host:131.196.28.43
flow_observed4-aryOBS	e:fo:flow:bb2d5dd241a4	flow:bb2d5dd241a4 → host:172.234.197.23 → host:177.10.234.208 → port:tcp:36491
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8a52e21a979a3cd:SESSION-c8a52e21a979a3cd	SESSION-c8a52e21a979a3cd → pe:tls:SESSION-c8a52e21a979a3cd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae3419cd71fb8b85:host:172.234.197.23	SESSION-ae3419cd71fb8b85 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.119:geo_41.02140_28.99480	host:185.231.226.119 → geo_41.02140_28.99480
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1a930dc0f03fa17:host:177.10.236.244	SESSION-d1a930dc0f03fa17 → host:177.10.236.244
FLOW_TO_HOSTOBS	e:to:SESSION-d9ca387fd672ab7a:host:172.234.197.23	SESSION-d9ca387fd672ab7a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c82cc9c39e4191e7:flow:9e2338ffc91c	SESSION-c82cc9c39e4191e7 → flow:9e2338ffc91c
flow_observed4-aryOBS	e:fo:flow:71ab09349ce1	flow:71ab09349ce1 → host:172.234.197.23 → host:45.173.156.167 → port:tcp:62189
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5f70c7a73cedaabc:PCAP:capture_20260430110001:43611bdf6759	SESSION-5f70c7a73cedaabc → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6e708c58166944fb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6e708c58166944fb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-845630b36dc2dead:host:172.234.197.23	SESSION-845630b36dc2dead → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:eea467dd73eb:port:tcp:443	flow:eea467dd73eb → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:c1253daa5bfb	flow:c1253daa5bfb → host:131.196.28.18 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a57e7ba0de33dea3:SESSION-a57e7ba0de33dea3	SESSION-a57e7ba0de33dea3 → pe:tls:SESSION-a57e7ba0de33dea3
FLOW_FROM_HOSTOBS	e:from:SESSION-0b4130b0efbd1505:host:172.234.197.23	SESSION-0b4130b0efbd1505 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-93446cf6bcbe5afe:flow:6c01e54b2136	SESSION-93446cf6bcbe5afe → flow:6c01e54b2136
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8ef5b0d475390b4:host:172.234.197.23	SESSION-e8ef5b0d475390b4 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-053d7bf7ef41d243:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-053d7bf7ef41d243 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-bd728e6d9f0647f9:host:172.234.197.23	SESSION-bd728e6d9f0647f9 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f58fa910255a:port:tcp:41936	flow:f58fa910255a → port:tcp:41936
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.16:asn:271410	host:131.196.29.16 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-39adf49608796443:flow:1aca9c39dc4e	SESSION-39adf49608796443 → flow:1aca9c39dc4e
FLOW_TO_HOSTOBS	e:to:SESSION-9af401128ecea586:host:177.10.239.93	SESSION-9af401128ecea586 → host:177.10.239.93
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5a0c98ce5f67db5:host:172.234.197.23	SESSION-a5a0c98ce5f67db5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-02199a3eaa60c28c:host:131.196.29.167:host:172.234.197.23	SESSION-02199a3eaa60c28c → host:131.196.29.167 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-106a8139a282a728:host:131.196.31.144	SESSION-106a8139a282a728 → host:131.196.31.144
FLOW_TO_HOSTOBS	e:to:SESSION-32091c263c5425e7:host:177.10.233.108	SESSION-32091c263c5425e7 → host:177.10.233.108
FLOW_TO_HOSTOBS	e:to:SESSION-0c6cb018cbd8a763:host:177.10.239.217	SESSION-0c6cb018cbd8a763 → host:177.10.239.217
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-338b64f691539afb:host:172.234.197.23:host:177.10.232.130	SESSION-338b64f691539afb → host:172.234.197.23 → host:177.10.232.130
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7cc58ab2d16fcbf8:host:131.196.29.125	SESSION-7cc58ab2d16fcbf8 → host:131.196.29.125
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.156:asn:203771	host:95.170.25.156 → asn:203771
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.160:asn:262880	host:177.10.238.160 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-426c38e34029cb1b:host:177.10.233.76	SESSION-426c38e34029cb1b → host:177.10.233.76
FLOW_DST_PORTOBS	e:fp:flow:4cb50c25219a:port:tcp:443	flow:4cb50c25219a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-a87c967af45101a2:host:177.10.234.137	SESSION-a87c967af45101a2 → host:177.10.234.137
FLOW_FROM_HOSTOBS	e:from:SESSION-a6ca8d988675ead3:host:172.234.197.23	SESSION-a6ca8d988675ead3 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:d415b9a57558:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:d415b9a57558 → tls_sni:172-234-197-23.ip.linodeusercontent.com
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.83:asn:262880	host:177.10.232.83 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac1869edc353761e:host:131.196.29.41	SESSION-ac1869edc353761e → host:131.196.29.41
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4c0ceaca72bbee92:host:131.196.30.223:host:172.234.197.23	SESSION-4c0ceaca72bbee92 → host:131.196.30.223 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:cae8d2561dde	flow:cae8d2561dde → host:172.234.197.23 → host:177.10.234.84 → port:tcp:57031
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.9:asn:262880	host:177.10.235.9 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:30b27dd71f22:port:tcp:4898	flow:30b27dd71f22 → port:tcp:4898
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.21:asn:203771	host:92.112.71.21 → asn:203771
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.128:geo_-23.62930_-46.63510	host:131.196.29.128 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:7a7aec91cffe	flow:7a7aec91cffe → host:177.10.236.58 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-76408b67fb88a4bd:flow:445edf94c548	SESSION-76408b67fb88a4bd → flow:445edf94c548
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7312728f8a99afb:flow:758a8992fe82	SESSION-b7312728f8a99afb → flow:758a8992fe82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2fc2bfb2b0c4767b:SESSION-2fc2bfb2b0c4767b	SESSION-2fc2bfb2b0c4767b → pe:tls:SESSION-2fc2bfb2b0c4767b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-18c88d2b92c30f28:SESSION-18c88d2b92c30f28	SESSION-18c88d2b92c30f28 → pe:syn:SESSION-18c88d2b92c30f28
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-66dcd1fd6d28b07f:SESSION-66dcd1fd6d28b07f	SESSION-66dcd1fd6d28b07f → pe:tls:SESSION-66dcd1fd6d28b07f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.73:geo_-23.62930_-46.63510	host:131.196.31.73 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8136a084d82536a6:SESSION-8136a084d82536a6	SESSION-8136a084d82536a6 → pe:syn:SESSION-8136a084d82536a6
FLOW_TO_HOSTOBS	e:to:SESSION-710eb7de55f51893:host:177.10.238.56	SESSION-710eb7de55f51893 → host:177.10.238.56
flow_observed5-aryOBS	e:fo:flow:6e9f8e4544a3	flow:6e9f8e4544a3 → host:131.196.28.39 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.100:asn:271410	host:131.196.28.100 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e0b8f15e6ec3ec0f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e0b8f15e6ec3ec0f → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eaecff6799ccb464:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-eaecff6799ccb464 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-846d654fbba579ab:host:172.234.197.23	SESSION-846d654fbba579ab → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8405fabd9aa330c8:SESSION-8405fabd9aa330c8	SESSION-8405fabd9aa330c8 → pe:syn:SESSION-8405fabd9aa330c8
FLOW_FROM_HOSTOBS	e:from:SESSION-8b14f4f7e9ebbac1:host:131.196.30.67	SESSION-8b14f4f7e9ebbac1 → host:131.196.30.67
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c265ba6f34eebd39:flow:d51594688c1f	SESSION-c265ba6f34eebd39 → flow:d51594688c1f
flow_observed5-aryOBS	e:fo:flow:cec985d775d4	flow:cec985d775d4 → host:131.196.28.99 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-6372f3e6dae2e87f:host:131.196.30.44	SESSION-6372f3e6dae2e87f → host:131.196.30.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-edfeffbce5127655:SESSION-edfeffbce5127655	SESSION-edfeffbce5127655 → pe:tls:SESSION-edfeffbce5127655
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.169:asn:262880	host:177.10.235.169 → asn:262880
flow_observed4-aryOBS	e:fo:flow:06e8ffaae8d9	flow:06e8ffaae8d9 → host:172.234.197.23 → host:177.10.233.214 → port:tcp:38878
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.193:geo_-16.28860_-49.01640	host:177.10.236.193 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-29f2fc627b4350bb:host:131.196.29.5	SESSION-29f2fc627b4350bb → host:131.196.29.5
FLOW_FROM_HOSTOBS	e:from:SESSION-721df94622c41f42:host:131.196.31.151	SESSION-721df94622c41f42 → host:131.196.31.151
FLOW_DST_PORTOBS	e:fp:flow:7abfe668e6be:port:tcp:443	flow:7abfe668e6be → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-49ffa8539a7cb217:host:172.234.197.23	SESSION-49ffa8539a7cb217 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-750fc9f72ee279c6:host:131.196.29.248	SESSION-750fc9f72ee279c6 → host:131.196.29.248
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-20aee5a5b6e9be41:SESSION-20aee5a5b6e9be41	SESSION-20aee5a5b6e9be41 → pe:tls:SESSION-20aee5a5b6e9be41
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad03ceeb377f3976:host:172.234.197.23	SESSION-ad03ceeb377f3976 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-09e8a1451dd94c84:host:177.10.234.104	SESSION-09e8a1451dd94c84 → host:177.10.234.104
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bb9766ebe449a845:host:95.170.25.5:host:172.234.197.23	SESSION-bb9766ebe449a845 → host:95.170.25.5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-62e68b494cd2572d:flow:2bd9596b678e	SESSION-62e68b494cd2572d → flow:2bd9596b678e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.51:geo_-16.28860_-49.01640	host:177.10.236.51 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ed29e6defb1050d9:SESSION-ed29e6defb1050d9	SESSION-ed29e6defb1050d9 → pe:syn:SESSION-ed29e6defb1050d9
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.7:asn:271410	host:131.196.28.7 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-8f16f611b98ecbfd:host:131.196.30.7	SESSION-8f16f611b98ecbfd → host:131.196.30.7
FLOW_DST_PORTOBS	e:fp:flow:1b2072a6894f:port:tcp:58867	flow:1b2072a6894f → port:tcp:58867
FLOW_DST_PORTOBS	e:fp:flow:ad8754c61763:port:tcp:443	flow:ad8754c61763 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e8a6e8a4db8ac534:host:172.234.197.23:host:177.10.234.67	SESSION-e8a6e8a4db8ac534 → host:172.234.197.23 → host:177.10.234.67
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-175dd6ba51fb3cf7:SESSION-175dd6ba51fb3cf7	SESSION-175dd6ba51fb3cf7 → pe:syn:SESSION-175dd6ba51fb3cf7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-67a710d2531b2faa:SESSION-67a710d2531b2faa	SESSION-67a710d2531b2faa → pe:syn:SESSION-67a710d2531b2faa
FLOW_FROM_HOSTOBS	e:from:SESSION-2be3bd33b6267f94:host:172.234.197.23	SESSION-2be3bd33b6267f94 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:94d251e9425d	flow:94d251e9425d → host:172.234.197.23 → host:177.10.235.127 → port:tcp:29092
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b3fd62b1832b0e41:host:172.234.197.23:host:131.196.31.45	SESSION-b3fd62b1832b0e41 → host:172.234.197.23 → host:131.196.31.45
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.47:geo_-23.62930_-46.63510	host:131.196.30.47 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-adbb0156eea80d2f:SESSION-adbb0156eea80d2f	SESSION-adbb0156eea80d2f → pe:rst:SESSION-adbb0156eea80d2f
FLOW_FROM_HOSTOBS	e:from:SESSION-e2ecbcecdc44a459:host:177.10.237.113	SESSION-e2ecbcecdc44a459 → host:177.10.237.113
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73eae13080f416f8:host:172.234.197.23	SESSION-73eae13080f416f8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c1240df2eec41c5d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c1240df2eec41c5d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fbee5c60d72abd4e:PCAP:capture_20260430090001:065659c7d314	SESSION-fbee5c60d72abd4e → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-27f830f77ddb5dd1:PCAP:capture_20260430110001:43611bdf6759	SESSION-27f830f77ddb5dd1 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2338a143c0830527:host:177.10.236.101	SESSION-2338a143c0830527 → host:177.10.236.101
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c38263f2f5f96575:host:131.196.29.3	SESSION-c38263f2f5f96575 → host:131.196.29.3
FLOW_FROM_HOSTOBS	e:from:SESSION-9b30dbd402b74df1:host:172.234.197.23	SESSION-9b30dbd402b74df1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6543ef151e834843:host:131.196.29.140	SESSION-6543ef151e834843 → host:131.196.29.140
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0799ff092dfcce41:SESSION-0799ff092dfcce41	SESSION-0799ff092dfcce41 → pe:syn:SESSION-0799ff092dfcce41
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.19:asn:271410	host:131.196.30.19 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6631f08e8c06a9b6:host:177.10.232.253	SESSION-6631f08e8c06a9b6 → host:177.10.232.253
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-382b47d73202b6ac:host:177.10.233.166	SESSION-382b47d73202b6ac → host:177.10.233.166
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-659e9e20b25ca2e2:host:172.234.197.23	SESSION-659e9e20b25ca2e2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9d603c58c5171ed7:SESSION-9d603c58c5171ed7	SESSION-9d603c58c5171ed7 → pe:syn:SESSION-9d603c58c5171ed7
FLOW_DST_PORTOBS	e:fp:flow:884ce823120d:port:tcp:443	flow:884ce823120d → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f277335c7e8c32bb:flow:19b5b49ec869	SESSION-f277335c7e8c32bb → flow:19b5b49ec869
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f234671aee206898:host:172.234.197.23:host:177.10.238.173	SESSION-f234671aee206898 → host:172.234.197.23 → host:177.10.238.173
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1842fb1b2a9a6572:host:172.234.197.23	SESSION-1842fb1b2a9a6572 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e15db8dd7fed	flow:e15db8dd7fed → host:131.196.31.32 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cf7009921f0152ab:PCAP:capture_20260430160001:9bfa4498506a	SESSION-cf7009921f0152ab → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2811f86b559a674a:host:172.234.197.23	SESSION-2811f86b559a674a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3ad1374907e690a1:host:177.10.234.16:host:172.234.197.23	SESSION-3ad1374907e690a1 → host:177.10.234.16 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-838eea3d6dd669fd:host:172.234.197.23	SESSION-838eea3d6dd669fd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9ed3c0cac572dff6:flow:10aedd4ec233	SESSION-9ed3c0cac572dff6 → flow:10aedd4ec233
FLOW_DST_PORTOBS	e:fp:flow:7742b84315b0:port:tcp:47804	flow:7742b84315b0 → port:tcp:47804
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b05aeaff4a071503:SESSION-b05aeaff4a071503	SESSION-b05aeaff4a071503 → pe:tls:SESSION-b05aeaff4a071503
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-33db7a85fa9e759a:flow:5edd843e41dc	SESSION-33db7a85fa9e759a → flow:5edd843e41dc
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.48:asn:262880	host:177.10.237.48 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99d609228b1b32ef:host:172.234.197.23	SESSION-99d609228b1b32ef → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f2ae6b0bca9a8c33:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f2ae6b0bca9a8c33 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-bf8f9827f106db93:host:177.10.237.98	SESSION-bf8f9827f106db93 → host:177.10.237.98
FLOW_FROM_HOSTOBS	e:from:SESSION-ce2566c1c98d1aed:host:172.234.197.23	SESSION-ce2566c1c98d1aed → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0b71b9d0133c3b30:SESSION-0b71b9d0133c3b30	SESSION-0b71b9d0133c3b30 → pe:syn:SESSION-0b71b9d0133c3b30
FLOW_DST_PORTOBS	e:fp:flow:9010546a6a57:port:tcp:56163	flow:9010546a6a57 → port:tcp:56163
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-81679789c998e700:flow:5d5bc8796647	SESSION-81679789c998e700 → flow:5d5bc8796647
FLOW_DST_PORTOBS	e:fp:flow:1d8ac3ce6292:port:tcp:443	flow:1d8ac3ce6292 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-df1a511d64dc2d8e:SESSION-df1a511d64dc2d8e	SESSION-df1a511d64dc2d8e → pe:syn:SESSION-df1a511d64dc2d8e
FLOW_DST_PORTOBS	e:fp:flow:f7ac01dd0330:port:tcp:443	flow:f7ac01dd0330 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-364513c2995bfd3b:host:131.196.31.174	SESSION-364513c2995bfd3b → host:131.196.31.174
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b78ee328a5f7ceab:flow:fff476c33f44	SESSION-b78ee328a5f7ceab → flow:fff476c33f44
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e6511da7c7cd8e1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4e6511da7c7cd8e1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-46da9b8beaa478c9:SESSION-46da9b8beaa478c9	SESSION-46da9b8beaa478c9 → pe:tls:SESSION-46da9b8beaa478c9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.40:geo_-23.62930_-46.63510	host:131.196.31.40 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-418ea5f834fbfdc6:SESSION-418ea5f834fbfdc6	SESSION-418ea5f834fbfdc6 → pe:syn:SESSION-418ea5f834fbfdc6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d44d2d34cc029e97:host:131.196.30.152:host:172.234.197.23	SESSION-d44d2d34cc029e97 → host:131.196.30.152 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b58dfbdc72ba0e86:SESSION-b58dfbdc72ba0e86	SESSION-b58dfbdc72ba0e86 → pe:syn:SESSION-b58dfbdc72ba0e86
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.244:geo_-16.28860_-49.01640	host:177.10.234.244 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-921caeacc0f03622:host:177.10.233.100	SESSION-921caeacc0f03622 → host:177.10.233.100
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e4de8bcb2f0334a:PCAP:capture_20260430150001:ded20914761d	SESSION-4e4de8bcb2f0334a → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-db62c05acb7f0b0b:host:172.234.197.23	SESSION-db62c05acb7f0b0b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1f082f9fe3332438:flow:4d75f253e125	SESSION-1f082f9fe3332438 → flow:4d75f253e125
FLOW_TO_HOSTOBS	e:to:SESSION-f06d97c7ac4f577b:host:131.196.29.194	SESSION-f06d97c7ac4f577b → host:131.196.29.194
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ce29096c932e7f50:host:177.10.236.43:host:172.234.197.23	SESSION-ce29096c932e7f50 → host:177.10.236.43 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f30e546741e354a:PCAP:capture_20260430150001:ded20914761d	SESSION-4f30e546741e354a → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.135.228.52:geo_41.00190_28.96450	host:95.135.228.52 → geo_41.00190_28.96450
flow_observed4-aryOBS	e:fo:flow:4231a3cc4c78	flow:4231a3cc4c78 → host:172.234.197.23 → host:131.196.30.120 → port:tcp:61041
FLOW_TO_HOSTOBS	e:to:SESSION-c2b6fa392d99e4e2:host:172.234.197.23	SESSION-c2b6fa392d99e4e2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6d74877df7cdd5d7:host:45.173.156.220:host:172.234.197.23	SESSION-6d74877df7cdd5d7 → host:45.173.156.220 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:58f1af48c31f	flow:58f1af48c31f → host:131.196.30.49 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-85869808bb7240b3:host:172.232.0.17	SESSION-85869808bb7240b3 → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-0ad9c0df7a65aa03:host:177.10.236.151	SESSION-0ad9c0df7a65aa03 → host:177.10.236.151
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ab81c1372abfe2ce:flow:ea95ed004069	SESSION-ab81c1372abfe2ce → flow:ea95ed004069
FLOW_DST_PORTOBS	e:fp:flow:3cfb47e7be4e:port:tcp:24265	flow:3cfb47e7be4e → port:tcp:24265
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ba12ba5c182aa430:flow:f73d7d2f1a01	SESSION-ba12ba5c182aa430 → flow:f73d7d2f1a01
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3674a7955b512da1:flow:b488d873ad67	SESSION-3674a7955b512da1 → flow:b488d873ad67
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.74:geo_-16.28860_-49.01640	host:177.10.234.74 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e08dddd9edfa5277:SESSION-e08dddd9edfa5277	SESSION-e08dddd9edfa5277 → pe:tls:SESSION-e08dddd9edfa5277
HOST_IN_ASNOBS 85%	e:ha:host:15.152.35.247:asn:16509	host:15.152.35.247 → asn:16509
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eff9d1155e5c571f:host:177.10.232.251:host:172.234.197.23	SESSION-eff9d1155e5c571f → host:177.10.232.251 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.52:geo_-23.62930_-46.63510	host:131.196.31.52 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9bc9a3180c6fb10:host:131.196.30.54	SESSION-f9bc9a3180c6fb10 → host:131.196.30.54
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-893e080e65f2ed4f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-893e080e65f2ed4f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8e9497f317705308:SESSION-8e9497f317705308	SESSION-8e9497f317705308 → pe:syn:SESSION-8e9497f317705308
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a2f82c2a85816be:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4a2f82c2a85816be → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4f30e546741e354a:SESSION-4f30e546741e354a	SESSION-4f30e546741e354a → pe:tls:SESSION-4f30e546741e354a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.224:geo_-16.28860_-49.01640	host:177.10.234.224 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-aa38dbd858d86f82:host:172.234.197.23	SESSION-aa38dbd858d86f82 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:01b6880b00f0:dns:172-234-197-23.ip.linodeusercontent.com	flow:01b6880b00f0 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ac8ab77b48a8c37:SESSION-6ac8ab77b48a8c37	SESSION-6ac8ab77b48a8c37 → pe:syn:SESSION-6ac8ab77b48a8c37
flow_observed5-aryOBS	e:fo:flow:7990febe4bcc	flow:7990febe4bcc → host:45.173.156.84 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-30052afb1f0268ab:host:95.170.25.181	SESSION-30052afb1f0268ab → host:95.170.25.181
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cfde024084873f29:host:199.16.157.182:host:172.234.197.23	SESSION-cfde024084873f29 → host:199.16.157.182 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fd573746c1e36a64:host:131.196.29.236	SESSION-fd573746c1e36a64 → host:131.196.29.236
FLOW_FROM_HOSTOBS	e:from:SESSION-3483d96fbaf632b7:host:177.10.234.23	SESSION-3483d96fbaf632b7 → host:177.10.234.23
FLOW_TO_HOSTOBS	e:to:SESSION-20b9f3feffcc2290:host:172.234.197.23	SESSION-20b9f3feffcc2290 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.55:asn:271410	host:131.196.29.55 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c24aca5564d2ae55:SESSION-c24aca5564d2ae55	SESSION-c24aca5564d2ae55 → pe:rst:SESSION-c24aca5564d2ae55
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3f48cf8f11b8f73e:PCAP:capture_20260430060001:919b39a74464	SESSION-3f48cf8f11b8f73e → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:840025b64f04	flow:840025b64f04 → host:177.10.232.72 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f0be9ff1ae53d349:SESSION-f0be9ff1ae53d349	SESSION-f0be9ff1ae53d349 → pe:syn:SESSION-f0be9ff1ae53d349
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4387fd9792a7eb8a:host:172.234.197.23	SESSION-4387fd9792a7eb8a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e77bd841354043c4:host:177.10.237.155:host:172.234.197.23	SESSION-e77bd841354043c4 → host:177.10.237.155 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-87ea4b729b5b64e3:host:131.196.31.48	SESSION-87ea4b729b5b64e3 → host:131.196.31.48
FLOW_FROM_HOSTOBS	e:from:SESSION-ec91eda6d4bd732e:host:177.10.237.211	SESSION-ec91eda6d4bd732e → host:177.10.237.211
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f39fdcb76f4b9f9d:flow:798c9865fb79	SESSION-f39fdcb76f4b9f9d → flow:798c9865fb79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b5ce2843c92e119:host:177.10.234.140	SESSION-4b5ce2843c92e119 → host:177.10.234.140
flow_observed4-aryOBS	e:fo:flow:48de3dedd1a0	flow:48de3dedd1a0 → host:172.234.197.23 → host:131.196.31.63 → port:tcp:13113
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.132:asn:262880	host:177.10.232.132 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-921caeacc0f03622:host:177.10.233.100	SESSION-921caeacc0f03622 → host:177.10.233.100
FLOW_TO_HOSTOBS	e:to:SESSION-d6a7aaaa54e7dd63:host:172.234.197.23	SESSION-d6a7aaaa54e7dd63 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9f5d8e8d5ecc4e1f:SESSION-9f5d8e8d5ecc4e1f	SESSION-9f5d8e8d5ecc4e1f → pe:tls:SESSION-9f5d8e8d5ecc4e1f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a24a5811642df328:host:172.234.197.23	SESSION-a24a5811642df328 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a9de26895ffb34a3:SESSION-a9de26895ffb34a3	SESSION-a9de26895ffb34a3 → pe:tls:SESSION-a9de26895ffb34a3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7e110cd2632aa64:host:172.234.197.23	SESSION-e7e110cd2632aa64 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-139ea45d2e45809a:host:172.234.197.23	SESSION-139ea45d2e45809a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ef41947f9929862:SESSION-8ef41947f9929862	SESSION-8ef41947f9929862 → pe:syn:SESSION-8ef41947f9929862
FLOW_DST_PORTOBS	e:fp:flow:590d1ed51177:port:tcp:15646	flow:590d1ed51177 → port:tcp:15646
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ae59ca72364f9e1:host:172.234.197.23	SESSION-3ae59ca72364f9e1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-453cfacc8e209f2f:host:131.196.30.37	SESSION-453cfacc8e209f2f → host:131.196.30.37
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2d3ff3dcf229051b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2d3ff3dcf229051b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7b7f75116e650c71:SESSION-7b7f75116e650c71	SESSION-7b7f75116e650c71 → pe:syn:SESSION-7b7f75116e650c71
FLOW_DST_PORTOBS	e:fp:flow:76a18fca6382:port:tcp:443	flow:76a18fca6382 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85d2db504e73f17a:PCAP:capture_20260430150001:ded20914761d	SESSION-85d2db504e73f17a → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60cd9cc046a23835:host:172.234.197.23	SESSION-60cd9cc046a23835 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2811f86b559a674a:host:172.234.197.23	SESSION-2811f86b559a674a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7f62a59cabf6a851:PCAP:capture_20260430070001:903a0e7a436b	SESSION-7f62a59cabf6a851 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:8a0e70692d19:port:tcp:443	flow:8a0e70692d19 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3bec1644a83cc4e1:flow:be8b74ea4667	SESSION-3bec1644a83cc4e1 → flow:be8b74ea4667
FLOW_FROM_HOSTOBS	e:from:SESSION-78c74ad080075522:host:31.40.196.247	SESSION-78c74ad080075522 → host:31.40.196.247
FLOW_DST_PORTOBS	e:fp:flow:ba624a808c3c:port:tcp:443	flow:ba624a808c3c → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:47327e57a845:port:tcp:443	flow:47327e57a845 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:ce541888aeb1	flow:ce541888aeb1 → host:177.10.236.206 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:fff476c33f44:port:tcp:80	flow:fff476c33f44 → port:tcp:80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-868abcdaf084ea7c:host:172.234.197.23:host:172.232.0.16	SESSION-868abcdaf084ea7c → host:172.234.197.23 → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3393fca13374f4c8:SESSION-3393fca13374f4c8	SESSION-3393fca13374f4c8 → pe:syn:SESSION-3393fca13374f4c8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa4dbd42e40690e9:flow:ee9802fd094f	SESSION-aa4dbd42e40690e9 → flow:ee9802fd094f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7759d4a46d500e47:host:172.234.197.23	SESSION-7759d4a46d500e47 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.236:asn:262880	host:177.10.234.236 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6fda720fc6282204:PCAP:capture_20260430050001:8868731bf8a4	SESSION-6fda720fc6282204 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7bf74715b11f1486:host:131.196.28.122	SESSION-7bf74715b11f1486 → host:131.196.28.122
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-367825c4b1c7c6d4:host:177.10.236.235:host:172.234.197.23	SESSION-367825c4b1c7c6d4 → host:177.10.236.235 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-845fd343ebc60049:host:177.10.237.81	SESSION-845fd343ebc60049 → host:177.10.237.81
FLOW_FROM_HOSTOBS	e:from:SESSION-44bc098e411317a4:host:172.234.197.23	SESSION-44bc098e411317a4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:37fd51176c67:port:tcp:29010	flow:37fd51176c67 → port:tcp:29010
FLOW_DST_PORTOBS	e:fp:flow:84b115f7b002:port:tcp:443	flow:84b115f7b002 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aec01d0deaddfc4b:host:131.196.29.114	SESSION-aec01d0deaddfc4b → host:131.196.29.114
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:85.11.167.8:geo_42.68260_23.32230	host:85.11.167.8 → geo_42.68260_23.32230
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.65:geo_41.00190_28.96450	host:92.112.71.65 → geo_41.00190_28.96450
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3483d96fbaf632b7:SESSION-3483d96fbaf632b7	SESSION-3483d96fbaf632b7 → pe:syn:SESSION-3483d96fbaf632b7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ff9e39cb371b24f:SESSION-1ff9e39cb371b24f	SESSION-1ff9e39cb371b24f → pe:syn:SESSION-1ff9e39cb371b24f
FLOW_DST_PORTOBS	e:fp:flow:877675c63b75:port:tcp:443	flow:877675c63b75 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.231:geo_-23.62930_-46.63510	host:131.196.29.231 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ccb8c7743352cfdc:flow:6263b85fb722	SESSION-ccb8c7743352cfdc → flow:6263b85fb722
FLOW_DST_PORTOBS	e:fp:flow:a25ac9fa913a:port:tcp:11213	flow:a25ac9fa913a → port:tcp:11213
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6c83a3382d975674:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6c83a3382d975674 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c9a0f035acc4428:host:172.234.197.23	SESSION-0c9a0f035acc4428 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-edf23c7505754934:host:177.10.233.35	SESSION-edf23c7505754934 → host:177.10.233.35
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7bf74715b11f1486:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7bf74715b11f1486 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77abcf8d7f3aee2e:SESSION-77abcf8d7f3aee2e	SESSION-77abcf8d7f3aee2e → pe:tls:SESSION-77abcf8d7f3aee2e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cd4d686620f5fc14:host:13.53.140.247:host:172.234.197.23	SESSION-cd4d686620f5fc14 → host:13.53.140.247 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:d9b840dd9eca	flow:d9b840dd9eca → host:34.216.76.26 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-99c8a38ab4cce90e:flow:811923523f71	SESSION-99c8a38ab4cce90e → flow:811923523f71
flow_observed5-aryOBS	e:fo:flow:f3de632b07b1	flow:f3de632b07b1 → host:177.10.237.53 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-67a9355576766cfe:PCAP:capture_20260430150001:ded20914761d	SESSION-67a9355576766cfe → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.67:asn:273470	host:45.173.156.67 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ed80052f988e41bd:host:172.234.197.23:host:131.196.28.28	SESSION-ed80052f988e41bd → host:172.234.197.23 → host:131.196.28.28
FLOW_FROM_HOSTOBS	e:from:SESSION-da40d6e9bff8c88d:host:131.196.29.152	SESSION-da40d6e9bff8c88d → host:131.196.29.152
flow_observed5-aryOBS	e:fo:flow:e7bdccaedf79	flow:e7bdccaedf79 → host:177.10.232.143 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-11c0fc2d370ea41a:flow:5f95ab8f43b5	SESSION-11c0fc2d370ea41a → flow:5f95ab8f43b5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-13906a0b4b02de94:host:37.221.79.63:host:172.234.197.23	SESSION-13906a0b4b02de94 → host:37.221.79.63 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-605acf1f49534e97:SESSION-605acf1f49534e97	SESSION-605acf1f49534e97 → pe:syn:SESSION-605acf1f49534e97
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eba362425495480d:host:177.10.233.66:host:172.234.197.23	SESSION-eba362425495480d → host:177.10.233.66 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:17775a63eba4:port:tcp:11681	flow:17775a63eba4 → port:tcp:11681
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d6eb1289c3370840:flow:e89e6db9824c	SESSION-d6eb1289c3370840 → flow:e89e6db9824c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f9e3e5dcd2ccb687:SESSION-f9e3e5dcd2ccb687	SESSION-f9e3e5dcd2ccb687 → pe:tls:SESSION-f9e3e5dcd2ccb687
FLOW_FROM_HOSTOBS	e:from:SESSION-00efe759e05a1a39:host:172.234.197.23	SESSION-00efe759e05a1a39 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e44d3b0a0ee22cd6:host:172.234.197.23	SESSION-e44d3b0a0ee22cd6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e998b802e74a3139:SESSION-e998b802e74a3139	SESSION-e998b802e74a3139 → pe:syn:SESSION-e998b802e74a3139
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.243:geo_-21.10010_-41.69200	host:45.173.156.243 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a5a0c98ce5f67db5:host:172.234.197.23:host:131.196.28.39	SESSION-a5a0c98ce5f67db5 → host:172.234.197.23 → host:131.196.28.39
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-92922842b80104c6:SESSION-92922842b80104c6	SESSION-92922842b80104c6 → pe:syn:SESSION-92922842b80104c6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-660bfab63a10a518:host:177.10.234.68	SESSION-660bfab63a10a518 → host:177.10.234.68
flow_observed5-aryOBS	e:fo:flow:143cdd554f2d	flow:143cdd554f2d → host:177.10.237.77 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0c6cb018cbd8a763:host:172.234.197.23:host:177.10.239.217	SESSION-0c6cb018cbd8a763 → host:172.234.197.23 → host:177.10.239.217
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.226:geo_-23.62930_-46.63510	host:131.196.31.226 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-edaec15d65a63fe7:host:177.10.239.96	SESSION-edaec15d65a63fe7 → host:177.10.239.96
FLOW_TO_HOSTOBS	e:to:SESSION-bb0c069bf1f40e5a:host:172.234.197.23	SESSION-bb0c069bf1f40e5a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f2f14bb2a06741aa:flow:0cc88f51dcfd	SESSION-f2f14bb2a06741aa → flow:0cc88f51dcfd
flow_observed5-aryOBS	e:fo:flow:5968ff9ca8b3	flow:5968ff9ca8b3 → host:45.173.156.66 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.9:geo_-16.28860_-49.01640	host:177.10.235.9 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-102bebe502918f62:host:131.196.30.150	SESSION-102bebe502918f62 → host:131.196.30.150
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9a207ecea3558884:host:172.234.197.23:host:172.232.0.17	SESSION-9a207ecea3558884 → host:172.234.197.23 → host:172.232.0.17
flow_observed5-aryOBS	e:fo:flow:29736dfdaa01	flow:29736dfdaa01 → host:45.173.156.142 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:c1253daa5bfb:port:tcp:443	flow:c1253daa5bfb → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d5d249db6ec3f34e:PCAP:capture_20260430150001:ded20914761d	SESSION-d5d249db6ec3f34e → PCAP:capture_20260430150001:ded20914761d
flow_observed5-aryOBS	e:fo:flow:414bfd368f16	flow:414bfd368f16 → host:131.196.30.8 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:1686e758d44a	flow:1686e758d44a → host:172.234.197.23 → host:177.10.234.160 → port:tcp:30755
flow_observed5-aryOBS	e:fo:flow:bbbfe2fd8c5e	flow:bbbfe2fd8c5e → host:131.196.30.66 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b8f2b3515afd502b:flow:4b25e07bf3ac	SESSION-b8f2b3515afd502b → flow:4b25e07bf3ac
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-17fce8ea46af65f2:flow:cbf3d3b9734e	SESSION-17fce8ea46af65f2 → flow:cbf3d3b9734e
flow_observed5-aryOBS	e:fo:flow:72799e7cd136	flow:72799e7cd136 → host:131.196.31.10 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:e928e277e980:port:tcp:43705	flow:e928e277e980 → port:tcp:43705
ASN_IN_ORGOBS 80%	e:ao:asn:55960:org:Beijing Guanghuan Xinwang Digital	asn:55960 → org:Beijing Guanghuan Xinwang Digital
FLOW_TO_HOSTOBS	e:to:SESSION-082589f81acb7a8f:host:172.234.197.23	SESSION-082589f81acb7a8f → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:1cddd2bd8ddb	flow:1cddd2bd8ddb → host:13.208.213.50 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a82c7f51b8bc2f4f:host:172.234.197.23	SESSION-a82c7f51b8bc2f4f → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.88:asn:262880	host:177.10.234.88 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.171:asn:271410	host:131.196.31.171 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be4f81bef58a140b:host:45.173.156.159:host:172.234.197.23	SESSION-be4f81bef58a140b → host:45.173.156.159 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-035e17bf8c36a59b:SESSION-035e17bf8c36a59b	SESSION-035e17bf8c36a59b → pe:syn:SESSION-035e17bf8c36a59b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-0bf923c759cb9e4a:SESSION-0bf923c759cb9e4a	SESSION-0bf923c759cb9e4a → pe:dns:SESSION-0bf923c759cb9e4a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-af24c7046d264e7e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-af24c7046d264e7e → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6cecd25b5e4e4c9c:flow:485571b4585c	SESSION-6cecd25b5e4e4c9c → flow:485571b4585c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a971dfbf90734efe:flow:415a498bc6a3	SESSION-a971dfbf90734efe → flow:415a498bc6a3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-2cb296f879c20d45:SESSION-2cb296f879c20d45	SESSION-2cb296f879c20d45 → pe:rst:SESSION-2cb296f879c20d45
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.33:geo_-21.10010_-41.69200	host:45.173.156.33 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-669a514c7e7ceed8:flow:1759eefacc38	SESSION-669a514c7e7ceed8 → flow:1759eefacc38
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65262d33293291dd:SESSION-65262d33293291dd	SESSION-65262d33293291dd → pe:tls:SESSION-65262d33293291dd
flow_observed5-aryOBS	e:fo:flow:420626ea8769	flow:420626ea8769 → host:131.196.29.103 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:a1f7a3f91181	flow:a1f7a3f91181 → host:177.10.239.112 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4d1c4ac80a0d275:SESSION-c4d1c4ac80a0d275	SESSION-c4d1c4ac80a0d275 → pe:tls:SESSION-c4d1c4ac80a0d275
FLOW_DST_PORTOBS	e:fp:flow:5ca8afe796b8:port:tcp:24916	flow:5ca8afe796b8 → port:tcp:24916
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.181:geo_-16.28860_-49.01640	host:177.10.232.181 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-623bfc839a4f3b4e:host:172.234.197.23	SESSION-623bfc839a4f3b4e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2d8f5cec7e169b47:host:131.196.31.65	SESSION-2d8f5cec7e169b47 → host:131.196.31.65
FLOW_TO_HOSTOBS	e:to:SESSION-94e95046da2771ab:host:172.234.197.23	SESSION-94e95046da2771ab → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-caf4287e8000c114:host:104.28.157.111:host:172.234.197.23	SESSION-caf4287e8000c114 → host:104.28.157.111 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f6577138d25ad9e:host:172.234.197.23	SESSION-6f6577138d25ad9e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c9d9495404a53bc0:host:172.234.197.23	SESSION-c9d9495404a53bc0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-734d97fdd69356a6:SESSION-734d97fdd69356a6	SESSION-734d97fdd69356a6 → pe:syn:SESSION-734d97fdd69356a6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b2754fb6a113c6b7:SESSION-b2754fb6a113c6b7	SESSION-b2754fb6a113c6b7 → pe:tls:SESSION-b2754fb6a113c6b7
FLOW_DST_PORTOBS	e:fp:flow:6a5ee69048ca:port:tcp:443	flow:6a5ee69048ca → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.50:asn:262880	host:177.10.238.50 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-83168514d84031f4:flow:0f0f83dc6341	SESSION-83168514d84031f4 → flow:0f0f83dc6341
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b792e9866f7563b8:flow:ccf81e5a8a06	SESSION-b792e9866f7563b8 → flow:ccf81e5a8a06
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ac87af78ff19f5c9:SESSION-ac87af78ff19f5c9	SESSION-ac87af78ff19f5c9 → pe:syn:SESSION-ac87af78ff19f5c9
FLOW_TO_HOSTOBS	e:to:SESSION-7963f405207d2813:host:177.10.234.162	SESSION-7963f405207d2813 → host:177.10.234.162
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fda1fcad7dd8a834:PCAP:capture_20260430050001:8868731bf8a4	SESSION-fda1fcad7dd8a834 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-7fd0e8f46f0bc660:host:172.234.197.23	SESSION-7fd0e8f46f0bc660 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8247aea4532236dc:flow:7ae497c2b143	SESSION-8247aea4532236dc → flow:7ae497c2b143
FLOW_DST_PORTOBS	e:fp:flow:e1c78128949a:port:tcp:443	flow:e1c78128949a → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.163:asn:271410	host:131.196.28.163 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1f299703bc1b4ff9:host:172.234.197.23:host:177.10.239.148	SESSION-1f299703bc1b4ff9 → host:172.234.197.23 → host:177.10.239.148
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d5b80b4b47f274ca:SESSION-d5b80b4b47f274ca	SESSION-d5b80b4b47f274ca → pe:syn:SESSION-d5b80b4b47f274ca
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e2713dc0653d6ae5:flow:8687e2ada99c	SESSION-e2713dc0653d6ae5 → flow:8687e2ada99c
FLOW_FROM_HOSTOBS	e:from:SESSION-b35e3cddd5fc2e72:host:131.196.28.80	SESSION-b35e3cddd5fc2e72 → host:131.196.28.80
flow_observed5-aryOBS	e:fo:flow:f1b671a57bb4	flow:f1b671a57bb4 → host:177.10.235.147 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f344d747ad66bc9c:flow:42bb404c3b16	SESSION-f344d747ad66bc9c → flow:42bb404c3b16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6585a8f099e9e465:host:172.234.197.23	SESSION-6585a8f099e9e465 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d73ed284b477	flow:d73ed284b477 → host:177.10.238.122 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-8ac7bdbcc541a2d8:host:177.10.238.112	SESSION-8ac7bdbcc541a2d8 → host:177.10.238.112
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.148.10.151:geo_52.37590_4.89750	host:45.148.10.151 → geo_52.37590_4.89750
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e6270bfda958738:host:177.10.236.218:host:172.234.197.23	SESSION-7e6270bfda958738 → host:177.10.236.218 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a20ec48656879fce:host:172.234.197.23:host:131.196.31.58	SESSION-a20ec48656879fce → host:172.234.197.23 → host:131.196.31.58
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f016f4a38011f9c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-4f016f4a38011f9c → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1627b9df9d2fc920:flow:f939f17e17be	SESSION-1627b9df9d2fc920 → flow:f939f17e17be
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9e87c1bf59f6ff4a:SESSION-9e87c1bf59f6ff4a	SESSION-9e87c1bf59f6ff4a → pe:syn:SESSION-9e87c1bf59f6ff4a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e33208793a04fae:host:172.234.197.23	SESSION-8e33208793a04fae → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-af55ab527d360ebd:flow:9b3c44b150c9	SESSION-af55ab527d360ebd → flow:9b3c44b150c9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-660cb7ef624de29d:SESSION-660cb7ef624de29d	SESSION-660cb7ef624de29d → pe:syn:SESSION-660cb7ef624de29d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e96c97861c631394:host:131.196.29.62	SESSION-e96c97861c631394 → host:131.196.29.62
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a77adff1667c3d1:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0a77adff1667c3d1 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5b56d4198adefd3:host:131.196.30.128	SESSION-d5b56d4198adefd3 → host:131.196.30.128
FLOW_FROM_HOSTOBS	e:from:SESSION-3617089369b58aaa:host:172.234.197.23	SESSION-3617089369b58aaa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9f43ed2bc91ec43:host:172.234.197.23	SESSION-b9f43ed2bc91ec43 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-46631c2a8361f405:SESSION-46631c2a8361f405	SESSION-46631c2a8361f405 → pe:tls:SESSION-46631c2a8361f405
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5ad022ad4096ce5:host:172.234.197.23	SESSION-d5ad022ad4096ce5 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:4ca05642840a	flow:4ca05642840a → host:172.234.197.23 → host:177.10.233.17 → port:tcp:7441
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-df1edf3c82c78294:SESSION-df1edf3c82c78294	SESSION-df1edf3c82c78294 → pe:tls:SESSION-df1edf3c82c78294
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c15ada1b10271eef:flow:d19d94f92718	SESSION-c15ada1b10271eef → flow:d19d94f92718
FLOW_DST_PORTOBS	e:fp:flow:543bc6e6886f:port:tcp:443	flow:543bc6e6886f → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62e68b494cd2572d:host:172.234.197.23	SESSION-62e68b494cd2572d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-180bc1efe2db3897:PCAP:capture_20260430050001:8868731bf8a4	SESSION-180bc1efe2db3897 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-afa0e3a30bb0024e:SESSION-afa0e3a30bb0024e	SESSION-afa0e3a30bb0024e → pe:tls:SESSION-afa0e3a30bb0024e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e88ec164d738844a:host:172.234.197.23	SESSION-e88ec164d738844a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8277822e9833952:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c8277822e9833952 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:cde5bd61460b:port:tcp:443	flow:cde5bd61460b → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:3dc8eab660f9	flow:3dc8eab660f9 → host:177.10.235.137 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b3057ab5d68c477:host:172.234.197.23	SESSION-5b3057ab5d68c477 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-02cad694702cb9f1:SESSION-02cad694702cb9f1	SESSION-02cad694702cb9f1 → pe:syn:SESSION-02cad694702cb9f1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d508940aefc84528:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d508940aefc84528 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:e1f72d732543	flow:e1f72d732543 → host:172.234.197.23 → host:177.10.237.54 → port:tcp:62184
FLOW_FROM_HOSTOBS	e:from:SESSION-f4bcb88049ff8a93:host:37.221.79.111	SESSION-f4bcb88049ff8a93 → host:37.221.79.111
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.104:geo_19.07480_72.88560	host:45.145.152.104 → geo_19.07480_72.88560
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-664154a8ce71c549:host:177.10.233.61	SESSION-664154a8ce71c549 → host:177.10.233.61
FLOW_TO_HOSTOBS	e:to:SESSION-75ad621f5d402513:host:172.234.197.23	SESSION-75ad621f5d402513 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a770693a19c2c7c:host:131.196.31.11	SESSION-0a770693a19c2c7c → host:131.196.31.11
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c6924fc6c1078bec:flow:2e2854c2bd3a	SESSION-c6924fc6c1078bec → flow:2e2854c2bd3a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-16a55bcfd76736b7:SESSION-16a55bcfd76736b7	SESSION-16a55bcfd76736b7 → pe:tls:SESSION-16a55bcfd76736b7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf8660b1b7ea6f50:host:172.234.197.23	SESSION-bf8660b1b7ea6f50 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f5941954cc437ab4:host:45.173.156.146	SESSION-f5941954cc437ab4 → host:45.173.156.146
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c70f7d0fa3cda32b:host:172.234.197.23	SESSION-c70f7d0fa3cda32b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-598f28b8a9577970:host:131.196.31.1	SESSION-598f28b8a9577970 → host:131.196.31.1
FLOW_TO_HOSTOBS	e:to:SESSION-cb2ab3101d5e046e:host:131.196.31.74	SESSION-cb2ab3101d5e046e → host:131.196.31.74
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-45f8302f1d804897:SESSION-45f8302f1d804897	SESSION-45f8302f1d804897 → pe:rst:SESSION-45f8302f1d804897
FLOW_TO_HOSTOBS	e:to:SESSION-53fc35cd2bdb80ce:host:172.234.197.23	SESSION-53fc35cd2bdb80ce → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.150:geo_-16.28860_-49.01640	host:177.10.235.150 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0804c956ce93675c:host:177.10.239.234:host:172.234.197.23	SESSION-0804c956ce93675c → host:177.10.239.234 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5828198604c26af:host:172.234.197.23	SESSION-f5828198604c26af → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2646f5b9f41a01d2:host:177.10.236.94	SESSION-2646f5b9f41a01d2 → host:177.10.236.94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5ff90c657a3c2e88:SESSION-5ff90c657a3c2e88	SESSION-5ff90c657a3c2e88 → pe:syn:SESSION-5ff90c657a3c2e88
FLOW_DST_PORTOBS	e:fp:flow:d8f7523d5853:port:tcp:25067	flow:d8f7523d5853 → port:tcp:25067
FLOW_TO_HOSTOBS	e:to:SESSION-25d670562ff80de0:host:172.234.197.23	SESSION-25d670562ff80de0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:caf67f36323b	flow:caf67f36323b → host:177.10.239.209 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-4eeddeaeae099136:host:131.196.31.121	SESSION-4eeddeaeae099136 → host:131.196.31.121
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-69d41e5348c00130:host:136.243.57.208:host:172.234.197.23	SESSION-69d41e5348c00130 → host:136.243.57.208 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.49:geo_-16.28860_-49.01640	host:177.10.234.49 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:cb05e49e69ec	flow:cb05e49e69ec → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e7af3e500f20cf8:flow:dc26b6b9e94a	SESSION-4e7af3e500f20cf8 → flow:dc26b6b9e94a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9ea69d35daebb9b8:SESSION-9ea69d35daebb9b8	SESSION-9ea69d35daebb9b8 → pe:syn:SESSION-9ea69d35daebb9b8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e028dd5dd71b411:host:172.234.197.23	SESSION-1e028dd5dd71b411 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:cb419cbb47c7:port:tcp:443	flow:cb419cbb47c7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7ddcefc7eea69488:SESSION-7ddcefc7eea69488	SESSION-7ddcefc7eea69488 → pe:tls:SESSION-7ddcefc7eea69488
FLOW_FROM_HOSTOBS	e:from:SESSION-d7c23b0aff57d2da:host:177.10.238.251	SESSION-d7c23b0aff57d2da → host:177.10.238.251
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b16751dae4d82103:flow:1b4e341a7eb5	SESSION-b16751dae4d82103 → flow:1b4e341a7eb5
FLOW_DST_PORTOBS	e:fp:flow:7241d561d9f2:port:tcp:443	flow:7241d561d9f2 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7d87083f9dd8844d:host:172.234.197.23:host:177.10.233.70	SESSION-7d87083f9dd8844d → host:172.234.197.23 → host:177.10.233.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-0a918f52003c304f:SESSION-0a918f52003c304f	SESSION-0a918f52003c304f → pe:rst:SESSION-0a918f52003c304f
FLOW_TO_HOSTOBS	e:to:SESSION-320a5544f819c3b7:host:177.10.233.196	SESSION-320a5544f819c3b7 → host:177.10.233.196
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-bc308b17bca42662:BSG-DATA_EXFIL-03d4d486896f	SESSION-bc308b17bca42662 → BSG-DATA_EXFIL-03d4d486896f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d3cf98bfbd337a47:host:177.10.234.126	SESSION-d3cf98bfbd337a47 → host:177.10.234.126
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-396da887f3ac73e5:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-396da887f3ac73e5 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5a1525d7a099ba42:SESSION-5a1525d7a099ba42	SESSION-5a1525d7a099ba42 → pe:tls:SESSION-5a1525d7a099ba42
FLOW_TO_HOSTOBS	e:to:SESSION-b3edcc633e4f5b2c:host:172.234.197.23	SESSION-b3edcc633e4f5b2c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-db1ee555567b9b22:host:172.234.197.23	SESSION-db1ee555567b9b22 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-825be4419cbefff8:host:172.234.197.23	SESSION-825be4419cbefff8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7eabead80f81736f:host:172.234.197.23	SESSION-7eabead80f81736f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37ba5323333f9720:host:172.234.197.23	SESSION-37ba5323333f9720 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f254bfc9cb7d	flow:f254bfc9cb7d → host:177.10.232.52 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-119f9a3698c24414:host:177.10.239.164	SESSION-119f9a3698c24414 → host:177.10.239.164
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3c6f10f20f24d7ff:SESSION-3c6f10f20f24d7ff	SESSION-3c6f10f20f24d7ff → pe:tls:SESSION-3c6f10f20f24d7ff
FLOW_TO_HOSTOBS	e:to:SESSION-f4bcb88049ff8a93:host:172.234.197.23	SESSION-f4bcb88049ff8a93 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4531330495d6a6b8:host:177.10.232.225	SESSION-4531330495d6a6b8 → host:177.10.232.225
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-10d6a2736c7d59d6:SESSION-10d6a2736c7d59d6	SESSION-10d6a2736c7d59d6 → pe:tls:SESSION-10d6a2736c7d59d6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c1a2c7dc69870b1:host:172.234.197.23	SESSION-5c1a2c7dc69870b1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a73aa5e01c5f	flow:a73aa5e01c5f → host:177.10.234.15 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2d6be65d6480cd7d:SESSION-2d6be65d6480cd7d	SESSION-2d6be65d6480cd7d → pe:tls:SESSION-2d6be65d6480cd7d
FLOW_FROM_HOSTOBS	e:from:SESSION-a6cc06f30e6c05bb:host:131.196.28.44	SESSION-a6cc06f30e6c05bb → host:131.196.28.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eee0288be94ee16a:SESSION-eee0288be94ee16a	SESSION-eee0288be94ee16a → pe:tls:SESSION-eee0288be94ee16a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3d1337acddb52863:host:172.234.197.23:host:177.10.233.184	SESSION-3d1337acddb52863 → host:172.234.197.23 → host:177.10.233.184
FLOW_DST_PORTOBS	e:fp:flow:105430cefef1:port:tcp:32565	flow:105430cefef1 → port:tcp:32565
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-464502b3105a6b82:host:131.196.30.8	SESSION-464502b3105a6b82 → host:131.196.30.8
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.126:geo_-23.62930_-46.63510	host:131.196.29.126 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-b05aeaff4a071503:host:172.234.197.23	SESSION-b05aeaff4a071503 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fe3fb5807179bb52:host:172.234.197.23:host:131.196.30.65	SESSION-fe3fb5807179bb52 → host:172.234.197.23 → host:131.196.30.65
flow_observed4-aryOBS	e:fo:flow:78b4b783fded	flow:78b4b783fded → host:172.234.197.23 → host:45.173.156.230 → port:tcp:60576
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8417ba17d1562cbc:SESSION-8417ba17d1562cbc	SESSION-8417ba17d1562cbc → pe:syn:SESSION-8417ba17d1562cbc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d06d4272bf4950c7:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-d06d4272bf4950c7 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96eb62897cd314d5:host:177.10.235.188	SESSION-96eb62897cd314d5 → host:177.10.235.188
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-222c821677f323de:flow:1c77732db387	SESSION-222c821677f323de → flow:1c77732db387
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc431699568b9daa:host:131.196.31.48:host:172.234.197.23	SESSION-cc431699568b9daa → host:131.196.31.48 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c5ac08008a4ed5c1:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c5ac08008a4ed5c1 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-664154a8ce71c549:host:172.234.197.23	SESSION-664154a8ce71c549 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8ebb92b3cccc0ee:host:177.10.239.15	SESSION-e8ebb92b3cccc0ee → host:177.10.239.15
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-58ff4ad892ea2c04:SESSION-58ff4ad892ea2c04	SESSION-58ff4ad892ea2c04 → pe:syn:SESSION-58ff4ad892ea2c04
FLOW_DST_PORTOBS	e:fp:flow:b1cc4a97ab18:port:tcp:443	flow:b1cc4a97ab18 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f042798b154a2bb2:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f042798b154a2bb2 → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.133:asn:262880	host:177.10.239.133 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-61edd9328a7eff0d:host:108.217.180.26	SESSION-61edd9328a7eff0d → host:108.217.180.26
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eb72c41fb24aaf81:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-eb72c41fb24aaf81 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4933624db1b9ac84:host:172.234.197.23:host:177.10.239.93	SESSION-4933624db1b9ac84 → host:172.234.197.23 → host:177.10.239.93
FLOW_FROM_HOSTOBS	e:from:SESSION-c0119815c01d3319:host:131.196.31.183	SESSION-c0119815c01d3319 → host:131.196.31.183
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.89:geo_-16.28860_-49.01640	host:177.10.232.89 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f8c973292e4e10a2:flow:9fa608f3842a	SESSION-f8c973292e4e10a2 → flow:9fa608f3842a
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.146:asn:271410	host:131.196.28.146 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a979a64e0f94d26:PCAP:capture_20260430150001:ded20914761d	SESSION-8a979a64e0f94d26 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0dad0a06445f9e1f:SESSION-0dad0a06445f9e1f	SESSION-0dad0a06445f9e1f → pe:tls:SESSION-0dad0a06445f9e1f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ea19b3bdbd95a16b:SESSION-ea19b3bdbd95a16b	SESSION-ea19b3bdbd95a16b → pe:tls:SESSION-ea19b3bdbd95a16b
flow_observed5-aryOBS	e:fo:flow:bf85860c61db	flow:bf85860c61db → host:136.243.57.208 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-25103b8a97127215:SESSION-25103b8a97127215	SESSION-25103b8a97127215 → pe:tls:SESSION-25103b8a97127215
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fd72175928a8e59:host:172.234.197.23	SESSION-7fd72175928a8e59 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ca55f398b8ed07e1:SESSION-ca55f398b8ed07e1	SESSION-ca55f398b8ed07e1 → pe:syn:SESSION-ca55f398b8ed07e1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6229e1e1c7b389d0:SESSION-6229e1e1c7b389d0	SESSION-6229e1e1c7b389d0 → pe:syn:SESSION-6229e1e1c7b389d0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37a50d9fe3e20191:host:52.12.196.158:host:172.234.197.23	SESSION-37a50d9fe3e20191 → host:52.12.196.158 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9d9c8489868c7191:host:177.10.239.154	SESSION-9d9c8489868c7191 → host:177.10.239.154
FLOW_TO_HOSTOBS	e:to:SESSION-527af3b786e52b88:host:172.234.197.23	SESSION-527af3b786e52b88 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47fbdf6c3cd24fcc:host:177.10.236.203	SESSION-47fbdf6c3cd24fcc → host:177.10.236.203
flow_observed4-aryOBS	e:fo:flow:33efcffa1a2a	flow:33efcffa1a2a → host:172.234.197.23 → host:177.10.234.39 → port:tcp:38323
FLOW_TO_HOSTOBS	e:to:SESSION-3b8a5f0932f0fd6d:host:172.234.197.23	SESSION-3b8a5f0932f0fd6d → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b2a890fbb89c	flow:b2a890fbb89c → host:172.234.197.23 → host:177.10.239.196 → port:tcp:40096
FLOW_DST_PORTOBS	e:fp:flow:6c47df989bb5:port:tcp:443	flow:6c47df989bb5 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8806932607856a75:SESSION-8806932607856a75	SESSION-8806932607856a75 → pe:syn:SESSION-8806932607856a75
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.216:geo_-16.28860_-49.01640	host:177.10.232.216 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39452ac6bcbae8d3:host:172.234.197.23	SESSION-39452ac6bcbae8d3 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.16:geo_-23.62930_-46.63510	host:131.196.31.16 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-53f84807a0945e6c:flow:c4216ce52ca9	SESSION-53f84807a0945e6c → flow:c4216ce52ca9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b64c855cb393ccc0:SESSION-b64c855cb393ccc0	SESSION-b64c855cb393ccc0 → pe:tls:SESSION-b64c855cb393ccc0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42ed5696c9e60897:host:172.234.197.23	SESSION-42ed5696c9e60897 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7eb43af6b38a5d78:host:172.234.197.23	SESSION-7eb43af6b38a5d78 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:5e742d447609	flow:5e742d447609 → host:172.234.197.23 → host:177.10.235.105 → port:tcp:15990
FLOW_FROM_HOSTOBS	e:from:SESSION-69029b06bbd64972:host:177.10.234.51	SESSION-69029b06bbd64972 → host:177.10.234.51
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f496191c2c04cb7e:SESSION-f496191c2c04cb7e	SESSION-f496191c2c04cb7e → pe:syn:SESSION-f496191c2c04cb7e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e06ceb4b0294ceac:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e06ceb4b0294ceac → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ef36b158fc63267:host:172.234.197.23	SESSION-9ef36b158fc63267 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3fdceaf69f291402:flow:b5bdfdede605	SESSION-3fdceaf69f291402 → flow:b5bdfdede605
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ccde81b4fef5a18e:flow:0394f2543852	SESSION-ccde81b4fef5a18e → flow:0394f2543852
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bd8e744bc487bcb1:flow:d0f04f8b9fda	SESSION-bd8e744bc487bcb1 → flow:d0f04f8b9fda
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4879ced74a20729f:host:177.10.233.185	SESSION-4879ced74a20729f → host:177.10.233.185
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6372f3e6dae2e87f:SESSION-6372f3e6dae2e87f	SESSION-6372f3e6dae2e87f → pe:syn:SESSION-6372f3e6dae2e87f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4db3abe06a9505c7:SESSION-4db3abe06a9505c7	SESSION-4db3abe06a9505c7 → pe:tls:SESSION-4db3abe06a9505c7
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.116:asn:273470	host:45.173.156.116 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-231f5887ddd9d406:flow:f86bd24cbebe	SESSION-231f5887ddd9d406 → flow:f86bd24cbebe
FLOW_DST_PORTOBS	e:fp:flow:6eec87534247:port:tcp:41124	flow:6eec87534247 → port:tcp:41124
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a8c8ed56d6827efd:host:177.10.232.190:host:172.234.197.23	SESSION-a8c8ed56d6827efd → host:177.10.232.190 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf34c898669d01e7:SESSION-bf34c898669d01e7	SESSION-bf34c898669d01e7 → pe:syn:SESSION-bf34c898669d01e7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-34d820c66fac079b:host:172.234.197.23:host:177.10.239.255	SESSION-34d820c66fac079b → host:172.234.197.23 → host:177.10.239.255
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51de65c9ef505a13:host:131.196.30.170:host:172.234.197.23	SESSION-51de65c9ef505a13 → host:131.196.30.170 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0c3de9856f2c	flow:0c3de9856f2c → host:131.196.29.183 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa31472460997bf3:SESSION-aa31472460997bf3	SESSION-aa31472460997bf3 → pe:tls:SESSION-aa31472460997bf3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5d6622ca4a22ed44:SESSION-5d6622ca4a22ed44	SESSION-5d6622ca4a22ed44 → pe:syn:SESSION-5d6622ca4a22ed44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d60298c7dc6ec77f:SESSION-d60298c7dc6ec77f	SESSION-d60298c7dc6ec77f → pe:syn:SESSION-d60298c7dc6ec77f
FLOW_DST_PORTOBS	e:fp:flow:208d574b04e9:port:tcp:443	flow:208d574b04e9 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.57:asn:262880	host:177.10.239.57 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bfa302feda190a0:host:172.234.197.23	SESSION-3bfa302feda190a0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-00efe759e05a1a39:SESSION-00efe759e05a1a39	SESSION-00efe759e05a1a39 → pe:syn:SESSION-00efe759e05a1a39
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1532b7922e59746:host:172.234.197.23	SESSION-d1532b7922e59746 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bc57d45d1a1b2f7b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-bc57d45d1a1b2f7b → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-8e523425c561e01e:host:131.196.28.247	SESSION-8e523425c561e01e → host:131.196.28.247
FLOW_TO_HOSTOBS	e:to:SESSION-053d7bf7ef41d243:host:45.173.156.49	SESSION-053d7bf7ef41d243 → host:45.173.156.49
FLOW_DST_PORTOBS	e:fp:flow:ff650bf65086:port:tcp:39555	flow:ff650bf65086 → port:tcp:39555
FLOW_TO_HOSTOBS	e:to:SESSION-79760fcdb710bc7a:host:177.10.237.18	SESSION-79760fcdb710bc7a → host:177.10.237.18
FLOW_TO_HOSTOBS	e:to:SESSION-78dc8874b859c826:host:131.196.28.195	SESSION-78dc8874b859c826 → host:131.196.28.195
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4a5a6c818be705f:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-d4a5a6c818be705f → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed4-aryOBS	e:fo:flow:ed2ddb316adb	flow:ed2ddb316adb → host:172.234.197.23 → host:131.196.31.129 → port:tcp:59999
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-933bde1224d44bcc:SESSION-933bde1224d44bcc	SESSION-933bde1224d44bcc → pe:syn:SESSION-933bde1224d44bcc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4793a163d681d0d0:SESSION-4793a163d681d0d0	SESSION-4793a163d681d0d0 → pe:tls:SESSION-4793a163d681d0d0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-848626bce2ee7b76:host:172.234.197.23:host:177.10.232.1	SESSION-848626bce2ee7b76 → host:172.234.197.23 → host:177.10.232.1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c47e89745eb205fd:host:172.234.197.23	SESSION-c47e89745eb205fd → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-59e3e2edbc9b18fa:host:177.10.232.132:host:172.234.197.23	SESSION-59e3e2edbc9b18fa → host:177.10.232.132 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f15dcbaf5ef33ebd:host:172.234.197.23	SESSION-f15dcbaf5ef33ebd → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d7065e22830f	flow:d7065e22830f → host:51.161.119.157 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:2349df72c6a6	flow:2349df72c6a6 → host:131.196.31.140 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0a19698769d1246:host:172.234.197.23	SESSION-d0a19698769d1246 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a01362ca7d087a96:host:172.234.197.23	SESSION-a01362ca7d087a96 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fa35d0a8fa5d9f77:SESSION-fa35d0a8fa5d9f77	SESSION-fa35d0a8fa5d9f77 → pe:tls:SESSION-fa35d0a8fa5d9f77
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0f3b543446abe714:host:172.234.197.23	SESSION-0f3b543446abe714 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b0fc61bce823543f:SESSION-b0fc61bce823543f	SESSION-b0fc61bce823543f → pe:syn:SESSION-b0fc61bce823543f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75d6129ea0f7ecdc:host:131.196.28.247	SESSION-75d6129ea0f7ecdc → host:131.196.28.247
FLOW_FROM_HOSTOBS	e:from:SESSION-b51c77a005c8dfc8:host:177.10.233.231	SESSION-b51c77a005c8dfc8 → host:177.10.233.231
FLOW_DST_PORTOBS	e:fp:flow:a37ef82274d7:port:tcp:443	flow:a37ef82274d7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-312ea7073c45e21c:SESSION-312ea7073c45e21c	SESSION-312ea7073c45e21c → pe:rst:SESSION-312ea7073c45e21c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-184aec41cea03479:SESSION-184aec41cea03479	SESSION-184aec41cea03479 → pe:tls:SESSION-184aec41cea03479
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4673fb47ee0c5a9:flow:f12450bfc831	SESSION-d4673fb47ee0c5a9 → flow:f12450bfc831
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.136:geo_-16.28860_-49.01640	host:177.10.232.136 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4d1df89a4cf6f008:SESSION-4d1df89a4cf6f008	SESSION-4d1df89a4cf6f008 → pe:tls:SESSION-4d1df89a4cf6f008
FLOW_DST_PORTOBS	e:fp:flow:fdaf9a7bd0da:port:tcp:15037	flow:fdaf9a7bd0da → port:tcp:15037
FLOW_FROM_HOSTOBS	e:from:SESSION-7440e76ff1d72d2f:host:95.170.25.34	SESSION-7440e76ff1d72d2f → host:95.170.25.34
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c6e971723a904aea:PCAP:capture_20260430060001:919b39a74464	SESSION-c6e971723a904aea → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-051bd0ccc4bec756:host:177.10.238.96:host:172.234.197.23	SESSION-051bd0ccc4bec756 → host:177.10.238.96 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f718f291e0c401d5:SESSION-f718f291e0c401d5	SESSION-f718f291e0c401d5 → pe:syn:SESSION-f718f291e0c401d5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-68b7f3c84c5e7661:SESSION-68b7f3c84c5e7661	SESSION-68b7f3c84c5e7661 → pe:tls:SESSION-68b7f3c84c5e7661
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77e1145855a55905:PCAP:capture_20260430150001:ded20914761d	SESSION-77e1145855a55905 → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.197:asn:262880	host:177.10.238.197 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7cf4eefda54138cc:host:172.234.197.23	SESSION-7cf4eefda54138cc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de1fc6391256943a:host:172.234.197.23	SESSION-de1fc6391256943a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65bd30307946d7be:host:177.10.233.13	SESSION-65bd30307946d7be → host:177.10.233.13
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2edb1208bb0bd400:SESSION-2edb1208bb0bd400	SESSION-2edb1208bb0bd400 → pe:tls:SESSION-2edb1208bb0bd400
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b30f6f845792a67e:host:172.234.197.23	SESSION-b30f6f845792a67e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2faea6106d12	flow:2faea6106d12 → host:177.10.237.234 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-979dfdf677607677:flow:b2a890fbb89c	SESSION-979dfdf677607677 → flow:b2a890fbb89c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d861e0bc561d261:host:131.196.30.220	SESSION-7d861e0bc561d261 → host:131.196.30.220
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b51ebf4113a5ef49:host:177.10.239.158:host:172.234.197.23	SESSION-b51ebf4113a5ef49 → host:177.10.239.158 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3224b320d23ec0cd:host:177.10.237.60	SESSION-3224b320d23ec0cd → host:177.10.237.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f299703bc1b4ff9:host:177.10.239.148	SESSION-1f299703bc1b4ff9 → host:177.10.239.148
FLOW_TO_HOSTOBS	e:to:SESSION-1fa8a238d1165695:host:131.196.31.91	SESSION-1fa8a238d1165695 → host:131.196.31.91
FLOW_TO_HOSTOBS	e:to:SESSION-959e19b011db2562:host:172.234.197.23	SESSION-959e19b011db2562 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4dcbfb7362ab6402:host:177.10.238.209	SESSION-4dcbfb7362ab6402 → host:177.10.238.209
flow_observed5-aryOBS	e:fo:flow:dd35d042edae	flow:dd35d042edae → host:45.173.156.51 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d098d799c39976fd:host:172.234.197.23	SESSION-d098d799c39976fd → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cc060cc400f18b5d:host:172.234.197.23	SESSION-cc060cc400f18b5d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f8cba099c11564e8:host:103.230.240.59	SESSION-f8cba099c11564e8 → host:103.230.240.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62337f4a23aa4d2d:host:172.234.197.23	SESSION-62337f4a23aa4d2d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.105:geo_-23.62930_-46.63510	host:131.196.29.105 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-41b71c4a2ccc13b3:host:131.196.30.20:host:172.234.197.23	SESSION-41b71c4a2ccc13b3 → host:131.196.30.20 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2235ad305872b9c2:SESSION-2235ad305872b9c2	SESSION-2235ad305872b9c2 → pe:syn:SESSION-2235ad305872b9c2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f97616f4c907a8c:host:172.234.197.23	SESSION-4f97616f4c907a8c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-35dc83e37639d031:SESSION-35dc83e37639d031	SESSION-35dc83e37639d031 → pe:syn:SESSION-35dc83e37639d031
flow_observed4-aryOBS	e:fo:flow:d99324379975	flow:d99324379975 → host:172.234.197.23 → host:177.10.237.66 → port:tcp:50342
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-204050056bc27f05:host:172.234.197.23	SESSION-204050056bc27f05 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9cb4473bd3389dab:host:131.196.28.34:host:172.234.197.23	SESSION-9cb4473bd3389dab → host:131.196.28.34 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-92f84fab5bd8e0c8:SESSION-92f84fab5bd8e0c8	SESSION-92f84fab5bd8e0c8 → pe:syn:SESSION-92f84fab5bd8e0c8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-74505beccb017396:PCAP:capture_20260430110001:43611bdf6759	SESSION-74505beccb017396 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9f49b20c8baea20b:SESSION-9f49b20c8baea20b	SESSION-9f49b20c8baea20b → pe:tls:SESSION-9f49b20c8baea20b
FLOW_TLS_SNIOBS	e:fs:flow:f9683f42cf59:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:f9683f42cf59 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3c5b9cd096d7e31:host:172.234.197.23	SESSION-b3c5b9cd096d7e31 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bb4f425427d3bee:host:172.234.197.23	SESSION-4bb4f425427d3bee → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ad4604a15181cb67:host:172.234.197.23	SESSION-ad4604a15181cb67 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-46ff0fa4ec42545a:PCAP:capture_20260428010001:b1b402c7b202	SESSION-46ff0fa4ec42545a → PCAP:capture_20260428010001:b1b402c7b202
FLOW_FROM_HOSTOBS	e:from:SESSION-6fdc52c769919c0f:host:172.234.197.23	SESSION-6fdc52c769919c0f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9fd8278b2f1d760d:PCAP:capture_20260430150001:ded20914761d	SESSION-9fd8278b2f1d760d → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7da23a3c779474e1:host:44.255.175.112	SESSION-7da23a3c779474e1 → host:44.255.175.112
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a2f802a56d8e0d79:flow:62bd2a061f46	SESSION-a2f802a56d8e0d79 → flow:62bd2a061f46
FLOW_DST_PORTOBS	e:fp:flow:97fa7f95a5ba:port:tcp:443	flow:97fa7f95a5ba → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a733fde11cff5d03:SESSION-a733fde11cff5d03	SESSION-a733fde11cff5d03 → pe:syn:SESSION-a733fde11cff5d03
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-979dfdf677607677:host:172.234.197.23:host:177.10.239.196	SESSION-979dfdf677607677 → host:172.234.197.23 → host:177.10.239.196
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7375b1770c27cca2:host:177.10.235.254:host:172.234.197.23	SESSION-7375b1770c27cca2 → host:177.10.235.254 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c69fd5cbb3980413:flow:b825d8535e2c	SESSION-c69fd5cbb3980413 → flow:b825d8535e2c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-38c7d1687d10af97:flow:fe19785c0b66	SESSION-38c7d1687d10af97 → flow:fe19785c0b66
FLOW_DST_PORTOBS	e:fp:flow:d0eed4caabbe:port:tcp:27044	flow:d0eed4caabbe → port:tcp:27044
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-49fc7ea897578489:SESSION-49fc7ea897578489	SESSION-49fc7ea897578489 → pe:tls:SESSION-49fc7ea897578489
flow_observed5-aryOBS	e:fo:flow:dd422b411ab1	flow:dd422b411ab1 → host:131.196.30.161 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d8c0a98b52014301:flow:96221e72071d	SESSION-d8c0a98b52014301 → flow:96221e72071d
FLOW_DST_PORTOBS	e:fp:flow:7a7aec91cffe:port:tcp:443	flow:7a7aec91cffe → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b60a9d1a25ff8255:SESSION-b60a9d1a25ff8255	SESSION-b60a9d1a25ff8255 → pe:syn:SESSION-b60a9d1a25ff8255
FLOW_DST_PORTOBS	e:fp:flow:05d75aa3840a:port:tcp:443	flow:05d75aa3840a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-f86e42aef9b2f482:host:172.234.197.23	SESSION-f86e42aef9b2f482 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3baedacad496627d:flow:d5957e7d54a0	SESSION-3baedacad496627d → flow:d5957e7d54a0
FLOW_DST_PORTOBS	e:fp:flow:76916016f7bd:port:tcp:443	flow:76916016f7bd → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:b0a40d55d6f8:port:tcp:443	flow:b0a40d55d6f8 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-925ab2a859ac277f:host:177.10.232.46:host:172.234.197.23	SESSION-925ab2a859ac277f → host:177.10.232.46 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-303cd1de44c58c29:host:172.234.197.23:host:131.196.31.175	SESSION-303cd1de44c58c29 → host:172.234.197.23 → host:131.196.31.175
FLOW_FROM_HOSTOBS	e:from:SESSION-cd13e266b02b3087:host:177.10.234.207	SESSION-cd13e266b02b3087 → host:177.10.234.207
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-84669169ffdf0c83:SESSION-84669169ffdf0c83	SESSION-84669169ffdf0c83 → pe:syn:SESSION-84669169ffdf0c83
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ae5500b1626fa45f:PCAP:capture_20260430090001:065659c7d314	SESSION-ae5500b1626fa45f → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-b1b714ce8916a149:host:172.234.197.23	SESSION-b1b714ce8916a149 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6420523769b66d4c:SESSION-6420523769b66d4c	SESSION-6420523769b66d4c → pe:tls:SESSION-6420523769b66d4c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-79b864f146b8f07b:SESSION-79b864f146b8f07b	SESSION-79b864f146b8f07b → pe:syn:SESSION-79b864f146b8f07b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a4b43b46bbfc9c3:flow:b537df97de95	SESSION-0a4b43b46bbfc9c3 → flow:b537df97de95
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47ac7feaf227c129:host:172.234.197.23	SESSION-47ac7feaf227c129 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4d5b5151108975cf:host:172.234.197.23	SESSION-4d5b5151108975cf → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2ae37191400d64fc:host:172.234.197.23	SESSION-2ae37191400d64fc → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d03f88ab246d	flow:d03f88ab246d → host:172.234.197.23 → host:131.196.29.53 → port:tcp:27758
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b9c1bf42f4683a2:host:131.196.31.73	SESSION-2b9c1bf42f4683a2 → host:131.196.31.73
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ef022cf55a10b05:host:131.196.31.47	SESSION-6ef022cf55a10b05 → host:131.196.31.47
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85a5e7fc435163e0:host:177.10.239.158	SESSION-85a5e7fc435163e0 → host:177.10.239.158
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2eff7ebef8fd9091:flow:d016fb87078e	SESSION-2eff7ebef8fd9091 → flow:d016fb87078e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11da84003d7810c4:host:104.28.202.77	SESSION-11da84003d7810c4 → host:104.28.202.77
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89957ac1ec870b87:host:172.234.197.23	SESSION-89957ac1ec870b87 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0bd2c530b5f1	flow:0bd2c530b5f1 → host:177.10.234.250 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.55:geo_-16.28860_-49.01640	host:177.10.238.55 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-01ac49b549a49417:host:172.234.197.23:host:131.196.28.50	SESSION-01ac49b549a49417 → host:172.234.197.23 → host:131.196.28.50
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97231868d06ff2ed:host:177.10.234.152	SESSION-97231868d06ff2ed → host:177.10.234.152
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-550b52f6103256cd:host:172.234.197.23	SESSION-550b52f6103256cd → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.208:asn:262880	host:177.10.238.208 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-375dced119266894:SESSION-375dced119266894	SESSION-375dced119266894 → pe:syn:SESSION-375dced119266894
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0bcd74883eff8339:SESSION-0bcd74883eff8339	SESSION-0bcd74883eff8339 → pe:tls:SESSION-0bcd74883eff8339
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-27d1e1e2170d683a:host:172.234.197.23:host:131.196.28.5	SESSION-27d1e1e2170d683a → host:172.234.197.23 → host:131.196.28.5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-95229c7c61064646:flow:32c97d2c0cb3	SESSION-95229c7c61064646 → flow:32c97d2c0cb3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1ec79192d74c7af:host:172.234.197.23	SESSION-a1ec79192d74c7af → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.0:geo_-16.28860_-49.01640	host:177.10.234.0 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-baf4494100018e3a:PCAP:capture_20260430160001:9bfa4498506a	SESSION-baf4494100018e3a → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-3e583d09be0235fc:host:54.254.24.234	SESSION-3e583d09be0235fc → host:54.254.24.234
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-af55ab527d360ebd:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-af55ab527d360ebd → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6b62b6aad076f58:host:172.234.197.23	SESSION-a6b62b6aad076f58 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c7409e3f74011df2:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-c7409e3f74011df2 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.180:geo_-23.62930_-46.63510	host:131.196.31.180 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f496191c2c04cb7e:host:131.196.31.19	SESSION-f496191c2c04cb7e → host:131.196.31.19
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e405c5dfa444c3be:flow:29de867ecad0	SESSION-e405c5dfa444c3be → flow:29de867ecad0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6b4b9c738c314ebf:SESSION-6b4b9c738c314ebf	SESSION-6b4b9c738c314ebf → pe:tls:SESSION-6b4b9c738c314ebf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.249:geo_-23.62930_-46.63510	host:131.196.28.249 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b792e9866f7563b8:SESSION-b792e9866f7563b8	SESSION-b792e9866f7563b8 → pe:syn:SESSION-b792e9866f7563b8
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.26:asn:262880	host:177.10.239.26 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:94.130.10.221:geo_50.47770_12.36490	host:94.130.10.221 → geo_50.47770_12.36490
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8d52381659b8aa3f:SESSION-8d52381659b8aa3f	SESSION-8d52381659b8aa3f → pe:tls:SESSION-8d52381659b8aa3f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1acc74ca4adb622d:flow:4edef4e070ab	SESSION-1acc74ca4adb622d → flow:4edef4e070ab
FLOW_TO_HOSTOBS	e:to:SESSION-59d92efe40de2f35:host:172.234.197.23	SESSION-59d92efe40de2f35 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-738e0b0c3dd2dd03:host:177.10.234.243	SESSION-738e0b0c3dd2dd03 → host:177.10.234.243
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d5ae6e0246d28b44:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-d5ae6e0246d28b44 → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.250:asn:262880	host:177.10.236.250 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7aa70a6d3547ceb7:host:172.234.197.23	SESSION-7aa70a6d3547ceb7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5ee9797d15d423e:host:45.173.156.204	SESSION-b5ee9797d15d423e → host:45.173.156.204
flow_observed5-aryOBS	e:fo:flow:fef75095e66a	flow:fef75095e66a → host:177.10.232.19 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-723b8399a0bced6b:host:177.10.236.198	SESSION-723b8399a0bced6b → host:177.10.236.198
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-55ef1be4460b895e:host:131.196.31.3:host:172.234.197.23	SESSION-55ef1be4460b895e → host:131.196.31.3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9729058a0ea02937:host:177.10.234.32:host:172.234.197.23	SESSION-9729058a0ea02937 → host:177.10.234.32 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:01cddae85cf7:port:tcp:443	flow:01cddae85cf7 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-317129b18cf7eb6c:host:131.196.29.31	SESSION-317129b18cf7eb6c → host:131.196.29.31
flow_observed5-aryOBS	e:fo:flow:c2443289afd9	flow:c2443289afd9 → host:177.10.237.118 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-548dd69287ac8927:host:177.10.234.199	SESSION-548dd69287ac8927 → host:177.10.234.199
FLOW_FROM_HOSTOBS	e:from:SESSION-608f6686d64f8e3e:host:172.234.197.23	SESSION-608f6686d64f8e3e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:75e4994a258b:port:tcp:32685	flow:75e4994a258b → port:tcp:32685
FLOW_TO_HOSTOBS	e:to:SESSION-cef4b415a72da702:host:172.234.197.23	SESSION-cef4b415a72da702 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e8ebb92b3cccc0ee:PCAP:capture_20260430110001:43611bdf6759	SESSION-e8ebb92b3cccc0ee → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f79e79f663ba44d9:host:172.234.197.23	SESSION-f79e79f663ba44d9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-86951cb3218963fd:SESSION-86951cb3218963fd	SESSION-86951cb3218963fd → pe:syn:SESSION-86951cb3218963fd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0b4130b0efbd1505:SESSION-0b4130b0efbd1505	SESSION-0b4130b0efbd1505 → pe:tls:SESSION-0b4130b0efbd1505
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5739ac8f3bafac6c:host:177.10.232.182:host:172.234.197.23	SESSION-5739ac8f3bafac6c → host:177.10.232.182 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5f56081dde23b5ed:host:131.196.29.167:host:172.234.197.23	SESSION-5f56081dde23b5ed → host:131.196.29.167 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.48:asn:271410	host:131.196.29.48 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-da3b2b353303e8e1:host:177.10.237.153	SESSION-da3b2b353303e8e1 → host:177.10.237.153
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72ea8a7fe39a298e:host:45.173.156.126	SESSION-72ea8a7fe39a298e → host:45.173.156.126
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-087551762f1417e7:SESSION-087551762f1417e7	SESSION-087551762f1417e7 → pe:syn:SESSION-087551762f1417e7
FLOW_FROM_HOSTOBS	e:from:SESSION-2e8105cbb514d7cf:host:172.234.197.23	SESSION-2e8105cbb514d7cf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a57e7ba0de33dea3:SESSION-a57e7ba0de33dea3	SESSION-a57e7ba0de33dea3 → pe:syn:SESSION-a57e7ba0de33dea3
FLOW_FROM_HOSTOBS	e:from:SESSION-032a0dfc971c5b00:host:177.10.232.180	SESSION-032a0dfc971c5b00 → host:177.10.232.180
FLOW_TO_HOSTOBS	e:to:SESSION-bc96f34750660160:host:172.234.197.23	SESSION-bc96f34750660160 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d4c5cce04e81:port:tcp:443	flow:d4c5cce04e81 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-60b46aef513c4722:PCAP:capture_20260430070001:903a0e7a436b	SESSION-60b46aef513c4722 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d290f0be98eecddb:SESSION-d290f0be98eecddb	SESSION-d290f0be98eecddb → pe:syn:SESSION-d290f0be98eecddb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dd7be5606f48437f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-dd7be5606f48437f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:4ce3ce5880fe	flow:4ce3ce5880fe → host:177.10.239.86 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-07139a9423b3d79f:host:131.196.29.159:host:172.234.197.23	SESSION-07139a9423b3d79f → host:131.196.29.159 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-51cdac11b30f43cf:host:177.10.235.170	SESSION-51cdac11b30f43cf → host:177.10.235.170
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fc0d354223e065ab:PCAP:capture_20260430050001:8868731bf8a4	SESSION-fc0d354223e065ab → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-087551762f1417e7:host:177.10.238.6:host:172.234.197.23	SESSION-087551762f1417e7 → host:177.10.238.6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:cb1ecbcc370c	flow:cb1ecbcc370c → host:45.173.156.26 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ce047c01fb54580f:SESSION-ce047c01fb54580f	SESSION-ce047c01fb54580f → pe:tls:SESSION-ce047c01fb54580f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94eb707cf5b0b4ef:host:45.173.156.125	SESSION-94eb707cf5b0b4ef → host:45.173.156.125
flow_observed4-aryOBS	e:fo:flow:c71d0ad84949	flow:c71d0ad84949 → host:172.234.197.23 → host:177.10.238.5 → port:tcp:51882
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69461a2f3e15a448:host:172.234.197.23	SESSION-69461a2f3e15a448 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:cfc34639b852	flow:cfc34639b852 → host:172.234.197.23 → host:131.196.29.60 → port:tcp:18536
flow_observed4-aryOBS	e:fo:flow:6ae674c519e5	flow:6ae674c519e5 → host:172.234.197.23 → host:131.196.29.69 → port:tcp:51177
FLOW_FROM_HOSTOBS	e:from:SESSION-e47ff6197158625f:host:45.173.156.13	SESSION-e47ff6197158625f → host:45.173.156.13
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a586e6b93cbc00d:host:177.10.234.187	SESSION-0a586e6b93cbc00d → host:177.10.234.187
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-896e151c898991bb:host:172.234.197.23	SESSION-896e151c898991bb → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2073e59d39ae:port:tcp:18862	flow:2073e59d39ae → port:tcp:18862
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6965561db8b52827:PCAP:capture_20260430160001:9bfa4498506a	SESSION-6965561db8b52827 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3645126144628c28:host:172.234.197.23	SESSION-3645126144628c28 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fddb1520b60b4e20:SESSION-fddb1520b60b4e20	SESSION-fddb1520b60b4e20 → pe:syn:SESSION-fddb1520b60b4e20
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.158:geo_-16.28860_-49.01640	host:177.10.233.158 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.84:asn:262880	host:177.10.237.84 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3be9919fc6df9ffa:SESSION-3be9919fc6df9ffa	SESSION-3be9919fc6df9ffa → pe:tls:SESSION-3be9919fc6df9ffa
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-94eb707cf5b0b4ef:host:45.173.156.125:host:172.234.197.23	SESSION-94eb707cf5b0b4ef → host:45.173.156.125 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fd6ef4118ff649ff:SESSION-fd6ef4118ff649ff	SESSION-fd6ef4118ff649ff → pe:tls:SESSION-fd6ef4118ff649ff
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.247:asn:271410	host:131.196.28.247 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10db7c117acba2ed:host:172.234.197.23	SESSION-10db7c117acba2ed → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-38d81f2383b0ad0b:host:172.234.197.23:host:177.10.232.219	SESSION-38d81f2383b0ad0b → host:172.234.197.23 → host:177.10.232.219
flow_observed4-aryOBS	e:fo:flow:576f60128685	flow:576f60128685 → host:172.234.197.23 → host:45.173.156.68 → port:tcp:22886
flow_observed5-aryOBS	e:fo:flow:b27d5d007118	flow:b27d5d007118 → host:177.10.235.112 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:ddfb42618eb7:port:tcp:443	flow:ddfb42618eb7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e074701a4b6d6566:SESSION-e074701a4b6d6566	SESSION-e074701a4b6d6566 → pe:syn:SESSION-e074701a4b6d6566
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-17a3924886eb315f:flow:5c339219e6ad	SESSION-17a3924886eb315f → flow:5c339219e6ad
FLOW_TO_HOSTOBS	e:to:SESSION-7c008c2d2b932d4b:host:172.234.197.23	SESSION-7c008c2d2b932d4b → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:3b12551e0bf1:dns:172-234-197-23.ip.linodeusercontent.com	flow:3b12551e0bf1 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ce76d6af7b7d93f:PCAP:capture_20260430090001:065659c7d314	SESSION-1ce76d6af7b7d93f → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-9b373f59ff0198ea:host:172.234.197.23	SESSION-9b373f59ff0198ea → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6e6d70ae2d31fba9:SESSION-6e6d70ae2d31fba9	SESSION-6e6d70ae2d31fba9 → pe:syn:SESSION-6e6d70ae2d31fba9
FLOW_TO_HOSTOBS	e:to:SESSION-6d7eebeca6a52636:host:177.10.233.16	SESSION-6d7eebeca6a52636 → host:177.10.233.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8c9381f88305d4e9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8c9381f88305d4e9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.255:geo_-16.28860_-49.01640	host:177.10.237.255 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f78775658cb84616:host:177.10.234.57	SESSION-f78775658cb84616 → host:177.10.234.57
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-99cbc6df23fa1e57:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-99cbc6df23fa1e57 → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.125:asn:271410	host:131.196.30.125 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b3fd62b1832b0e41:SESSION-b3fd62b1832b0e41	SESSION-b3fd62b1832b0e41 → pe:tls:SESSION-b3fd62b1832b0e41
FLOW_DST_PORTOBS	e:fp:flow:b13e2d90ae6a:port:tcp:55434	flow:b13e2d90ae6a → port:tcp:55434
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e515946ec2b2292:host:172.234.197.23	SESSION-0e515946ec2b2292 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c35942669d0b12c8:flow:3bf5d6577914	SESSION-c35942669d0b12c8 → flow:3bf5d6577914
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.11:geo_-16.28860_-49.01640	host:177.10.232.11 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.227:geo_-23.62930_-46.63510	host:131.196.30.227 → geo_-23.62930_-46.63510
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-ee8b7e20de209690:BSG-BEACON-e07f4250263f	SESSION-ee8b7e20de209690 → BSG-BEACON-e07f4250263f
flow_observed5-aryOBS	e:fo:flow:7be41fc9ed2d	flow:7be41fc9ed2d → host:177.10.239.53 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-132ae74090c90dac:host:172.234.197.23	SESSION-132ae74090c90dac → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77593e2039f5e18a:host:177.10.233.52	SESSION-77593e2039f5e18a → host:177.10.233.52
FLOW_DST_PORTOBS	e:fp:flow:6564d0aa4b14:port:tcp:443	flow:6564d0aa4b14 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.3:asn:271410	host:131.196.30.3 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-469f9efa6316e344:SESSION-469f9efa6316e344	SESSION-469f9efa6316e344 → pe:syn:SESSION-469f9efa6316e344
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6c5381aaad8fa568:host:177.10.238.59:host:172.234.197.23	SESSION-6c5381aaad8fa568 → host:177.10.238.59 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-478ebcd540b5d0ef:flow:e50b4d368dc0	SESSION-478ebcd540b5d0ef → flow:e50b4d368dc0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7d861e0bc561d261:host:131.196.30.220:host:172.234.197.23	SESSION-7d861e0bc561d261 → host:131.196.30.220 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.77:geo_-23.62930_-46.63510	host:131.196.31.77 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:cde5bd61460b	flow:cde5bd61460b → host:177.10.236.237 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e995e7d6e6aa04f6:host:172.234.197.23	SESSION-e995e7d6e6aa04f6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7792ff6d5e7124a:host:172.234.197.23:host:177.10.239.187	SESSION-b7792ff6d5e7124a → host:172.234.197.23 → host:177.10.239.187
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-610b47e21d599964:host:177.10.236.13:host:172.234.197.23	SESSION-610b47e21d599964 → host:177.10.236.13 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.13:asn:271410	host:131.196.31.13 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f11cda502f952e41:PCAP:capture_20260430160001:9bfa4498506a	SESSION-f11cda502f952e41 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-63e207f92d9c898d:flow:b4cc404c4942	SESSION-63e207f92d9c898d → flow:b4cc404c4942
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-042ef885e77347e7:SESSION-042ef885e77347e7	SESSION-042ef885e77347e7 → pe:tls:SESSION-042ef885e77347e7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-030b2a260e8012dd:SESSION-030b2a260e8012dd	SESSION-030b2a260e8012dd → pe:tls:SESSION-030b2a260e8012dd
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-650f1a0c083a2aeb:flow:a36e5f4c9cca	SESSION-650f1a0c083a2aeb → flow:a36e5f4c9cca
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-61aa57a35ec0da02:SESSION-61aa57a35ec0da02	SESSION-61aa57a35ec0da02 → pe:tls:SESSION-61aa57a35ec0da02
flow_observed5-aryOBS	e:fo:flow:3c8c9cf33ce0	flow:3c8c9cf33ce0 → host:177.10.238.44 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a720c7dde0362052:host:177.10.238.220	SESSION-a720c7dde0362052 → host:177.10.238.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5d27f09d7c919692:SESSION-5d27f09d7c919692	SESSION-5d27f09d7c919692 → pe:tls:SESSION-5d27f09d7c919692
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ed34bf9fded9d68:PCAP:capture_20260430150001:ded20914761d	SESSION-5ed34bf9fded9d68 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ff9e556bf199706:flow:9b3ad5950f0c	SESSION-6ff9e556bf199706 → flow:9b3ad5950f0c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ed5513c22512ddd:SESSION-2ed5513c22512ddd	SESSION-2ed5513c22512ddd → pe:tls:SESSION-2ed5513c22512ddd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2384be4238de1707:host:177.10.232.230	SESSION-2384be4238de1707 → host:177.10.232.230
FLOW_TO_HOSTOBS	e:to:SESSION-862fcc949d847857:host:172.234.197.23	SESSION-862fcc949d847857 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-84d5ccfdbe119076:host:45.173.156.209:host:172.234.197.23	SESSION-84d5ccfdbe119076 → host:45.173.156.209 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:44.244.28.93:asn:16509	host:44.244.28.93 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a73f5b0635e28ad4:host:177.10.236.144	SESSION-a73f5b0635e28ad4 → host:177.10.236.144
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e48a8daff67bbc71:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e48a8daff67bbc71 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bd8e744bc487bcb1:SESSION-bd8e744bc487bcb1	SESSION-bd8e744bc487bcb1 → pe:tls:SESSION-bd8e744bc487bcb1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9f5d8e8d5ecc4e1f:host:172.234.197.23:host:131.196.29.225	SESSION-9f5d8e8d5ecc4e1f → host:172.234.197.23 → host:131.196.29.225
flow_observed5-aryOBS	e:fo:flow:c352d0e74b3b	flow:c352d0e74b3b → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
flow_observed5-aryOBS	e:fo:flow:548c6f416d7f	flow:548c6f416d7f → host:177.10.237.39 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eade11f9b06e449a:host:172.234.197.23	SESSION-eade11f9b06e449a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e859a84eb4eaf300:host:177.10.235.144	SESSION-e859a84eb4eaf300 → host:177.10.235.144
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db8bd5551afdaf6c:SESSION-db8bd5551afdaf6c	SESSION-db8bd5551afdaf6c → pe:syn:SESSION-db8bd5551afdaf6c
FLOW_FROM_HOSTOBS	e:from:SESSION-9354322f5192915a:host:172.234.197.23	SESSION-9354322f5192915a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.92:geo_-16.28860_-49.01640	host:177.10.236.92 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3959c763e6312f1d:SESSION-3959c763e6312f1d	SESSION-3959c763e6312f1d → pe:syn:SESSION-3959c763e6312f1d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0bf923c759cb9e4a:host:172.234.197.23	SESSION-0bf923c759cb9e4a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d00c2356d94b56a1:host:172.234.197.23	SESSION-d00c2356d94b56a1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ae6c5a18819e9434:host:172.234.197.23:host:177.10.236.86	SESSION-ae6c5a18819e9434 → host:172.234.197.23 → host:177.10.236.86
FLOW_TO_HOSTOBS	e:to:SESSION-d1ca1108b3f9fffc:host:172.234.197.23	SESSION-d1ca1108b3f9fffc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5d45bed796decc2:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b5d45bed796decc2 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:d7af59d105eb	flow:d7af59d105eb → host:177.10.232.230 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-28106317c083449d:host:131.196.30.184:host:172.234.197.23	SESSION-28106317c083449d → host:131.196.30.184 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8be5aa373d930e54:SESSION-8be5aa373d930e54	SESSION-8be5aa373d930e54 → pe:syn:SESSION-8be5aa373d930e54
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f306c00af6aee0a4:SESSION-f306c00af6aee0a4	SESSION-f306c00af6aee0a4 → pe:tls:SESSION-f306c00af6aee0a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3f12e4f5ba81c4d8:flow:094d156117d7	SESSION-3f12e4f5ba81c4d8 → flow:094d156117d7
flow_observed4-aryOBS	e:fo:flow:35a4b2c31d5d	flow:35a4b2c31d5d → host:172.234.197.23 → host:177.10.234.82 → port:tcp:64130
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f5c9b4c9e225ad1d:SESSION-f5c9b4c9e225ad1d	SESSION-f5c9b4c9e225ad1d → pe:syn:SESSION-f5c9b4c9e225ad1d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-978d4fdbc8d38350:flow:5cc5476d95a5	SESSION-978d4fdbc8d38350 → flow:5cc5476d95a5
FLOW_TO_HOSTOBS	e:to:SESSION-b8dc993a043c8fb1:host:172.234.197.23	SESSION-b8dc993a043c8fb1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5fbe4987e86bc38:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b5fbe4987e86bc38 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:5a8fbee41652	flow:5a8fbee41652 → host:177.10.239.219 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a9beff4b34540729:PCAP:capture_20260430060001:919b39a74464	SESSION-a9beff4b34540729 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-66033cfbc7dd0c2c:SESSION-66033cfbc7dd0c2c	SESSION-66033cfbc7dd0c2c → pe:syn:SESSION-66033cfbc7dd0c2c
FLOW_DST_PORTOBS	e:fp:flow:786b3943f4dd:port:tcp:443	flow:786b3943f4dd → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0948a596b6903965:SESSION-0948a596b6903965	SESSION-0948a596b6903965 → pe:tls:SESSION-0948a596b6903965
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c73d5dfb4b98c8a4:SESSION-c73d5dfb4b98c8a4	SESSION-c73d5dfb4b98c8a4 → pe:syn:SESSION-c73d5dfb4b98c8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-775ba1157917a355:host:177.10.237.4	SESSION-775ba1157917a355 → host:177.10.237.4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f67ce0567774b305:host:172.234.197.23	SESSION-f67ce0567774b305 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-364411d92a5a41bf:host:45.173.156.225	SESSION-364411d92a5a41bf → host:45.173.156.225
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d585afab4eb6ac7e:host:172.234.197.23	SESSION-d585afab4eb6ac7e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-113354c1b6207940:host:131.196.30.196	SESSION-113354c1b6207940 → host:131.196.30.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-886f0e6ca4ba19c9:host:131.196.31.107	SESSION-886f0e6ca4ba19c9 → host:131.196.31.107
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-051bd0ccc4bec756:host:172.234.197.23	SESSION-051bd0ccc4bec756 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65262d33293291dd:SESSION-65262d33293291dd	SESSION-65262d33293291dd → pe:syn:SESSION-65262d33293291dd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6aa2ce807ac3d210:host:131.196.28.19	SESSION-6aa2ce807ac3d210 → host:131.196.28.19
FLOW_FROM_HOSTOBS	e:from:SESSION-fda5d1d0c89bbfd4:host:45.173.156.110	SESSION-fda5d1d0c89bbfd4 → host:45.173.156.110
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-37fa495f79e351e9:SESSION-37fa495f79e351e9	SESSION-37fa495f79e351e9 → pe:syn:SESSION-37fa495f79e351e9
FLOW_TO_HOSTOBS	e:to:SESSION-0d11915f1f4e9ef9:host:172.234.197.23	SESSION-0d11915f1f4e9ef9 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-60dab6a51248be22:host:172.234.197.23	SESSION-60dab6a51248be22 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ae8c060ae852	flow:ae8c060ae852 → host:45.173.156.159 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.153:geo_-23.62930_-46.63510	host:131.196.28.153 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.48:geo_-16.28860_-49.01640	host:177.10.233.48 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:dd39a1986418	flow:dd39a1986418 → host:172.234.197.23 → host:177.10.232.55 → port:tcp:3851
FLOW_FROM_HOSTOBS	e:from:SESSION-40f1f2214a3951bb:host:172.234.197.23	SESSION-40f1f2214a3951bb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e076f857aa349ed0:host:177.10.239.8	SESSION-e076f857aa349ed0 → host:177.10.239.8
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.240:geo_-16.28860_-49.01640	host:177.10.232.240 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c9136bc11056d23d:SESSION-c9136bc11056d23d	SESSION-c9136bc11056d23d → pe:tls:SESSION-c9136bc11056d23d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-721df94622c41f42:host:131.196.31.151:host:172.234.197.23	SESSION-721df94622c41f42 → host:131.196.31.151 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-418ea5f834fbfdc6:flow:f7e8645f576f	SESSION-418ea5f834fbfdc6 → flow:f7e8645f576f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-14e24a51491967d5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-14e24a51491967d5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-38231883b4033aa4:flow:ed94d590967f	SESSION-38231883b4033aa4 → flow:ed94d590967f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d75311b4cd1e33ff:host:172.234.197.23	SESSION-d75311b4cd1e33ff → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0a770693a19c2c7c:host:131.196.31.11	SESSION-0a770693a19c2c7c → host:131.196.31.11
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1980da9de3362b69:PCAP:capture_20260430070001:903a0e7a436b	SESSION-1980da9de3362b69 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-1052ae798d70afda:host:131.196.31.169	SESSION-1052ae798d70afda → host:131.196.31.169
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-60441095965530ae:host:177.10.239.72:host:172.234.197.23	SESSION-60441095965530ae → host:177.10.239.72 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42ed5696c9e60897:host:131.196.30.132	SESSION-42ed5696c9e60897 → host:131.196.30.132
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0b0b2d167e93bb2e:SESSION-0b0b2d167e93bb2e	SESSION-0b0b2d167e93bb2e → pe:tls:SESSION-0b0b2d167e93bb2e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.232:asn:262880	host:177.10.239.232 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b96d3d249635b605:SESSION-b96d3d249635b605	SESSION-b96d3d249635b605 → pe:syn:SESSION-b96d3d249635b605
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.230:geo_-16.28860_-49.01640	host:177.10.233.230 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-97c8a314f3fd1c5a:host:172.234.197.23:host:131.196.30.120	SESSION-97c8a314f3fd1c5a → host:172.234.197.23 → host:131.196.30.120
FLOW_DST_PORTOBS	e:fp:flow:b2bccfbb111e:port:tcp:443	flow:b2bccfbb111e → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-500747aefaa736d2:PCAP:capture_20260430060001:919b39a74464	SESSION-500747aefaa736d2 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-586cf5bb6d743be1:host:172.234.197.23	SESSION-586cf5bb6d743be1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:208d574b04e9	flow:208d574b04e9 → host:177.10.238.152 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-05167940272dd019:host:172.234.197.23:host:177.10.236.115	SESSION-05167940272dd019 → host:172.234.197.23 → host:177.10.236.115
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-73f1c8de70c12118:flow:6d34e0a13e28	SESSION-73f1c8de70c12118 → flow:6d34e0a13e28
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a9091855f21b6bb:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0a9091855f21b6bb → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f033dc8b343a68ab:host:45.173.156.31	SESSION-f033dc8b343a68ab → host:45.173.156.31
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-17000fdd70ecbf97:flow:91bd8581cefd	SESSION-17000fdd70ecbf97 → flow:91bd8581cefd
FLOW_TO_HOSTOBS	e:to:SESSION-09c382be05e629ee:host:172.234.197.23	SESSION-09c382be05e629ee → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-29ee7b0c08ea02ad:SESSION-29ee7b0c08ea02ad	SESSION-29ee7b0c08ea02ad → pe:tls:SESSION-29ee7b0c08ea02ad
flow_observed4-aryOBS	e:fo:flow:d93bcf8220d2	flow:d93bcf8220d2 → host:172.234.197.23 → host:131.196.31.150 → port:tcp:21001
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.115:geo_-16.28860_-49.01640	host:177.10.234.115 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-17fce8ea46af65f2:SESSION-17fce8ea46af65f2	SESSION-17fce8ea46af65f2 → pe:tls:SESSION-17fce8ea46af65f2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4c33b44718448cc2:flow:2b4699f1971c	SESSION-4c33b44718448cc2 → flow:2b4699f1971c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4be6b5471ca196a:host:172.234.197.23	SESSION-c4be6b5471ca196a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8c54e8a5253d053d:host:172.234.197.23	SESSION-8c54e8a5253d053d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2e2854c2bd3a	flow:2e2854c2bd3a → host:131.196.28.91 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-b475107bbd97ed39:host:172.234.197.23	SESSION-b475107bbd97ed39 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e991043fa3bca90d:flow:89dc4d9501c3	SESSION-e991043fa3bca90d → flow:89dc4d9501c3
flow_observed4-aryOBS	e:fo:flow:e4ae608d5e53	flow:e4ae608d5e53 → host:172.234.197.23 → host:177.10.232.220 → port:tcp:34268
FLOW_DST_PORTOBS	e:fp:flow:a73174a7c572:port:tcp:16787	flow:a73174a7c572 → port:tcp:16787
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.250:asn:203771	host:92.112.71.250 → asn:203771
flow_observed5-aryOBS	e:fo:flow:aab775347fea	flow:aab775347fea → host:131.196.31.177 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb7db2afd613f778:host:172.234.197.23	SESSION-cb7db2afd613f778 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a75b8c86281e6b7:host:177.10.235.201	SESSION-5a75b8c86281e6b7 → host:177.10.235.201
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa574f1f11f5b30b:SESSION-aa574f1f11f5b30b	SESSION-aa574f1f11f5b30b → pe:syn:SESSION-aa574f1f11f5b30b
FLOW_DST_PORTOBS	e:fp:flow:ee3db2b4dc4c:port:tcp:443	flow:ee3db2b4dc4c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4203cad708a9d562:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-4203cad708a9d562 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-cd38adf08b5d5a9e:BSG-DATA_EXFIL-d4f46d1c86b2	SESSION-cd38adf08b5d5a9e → BSG-DATA_EXFIL-d4f46d1c86b2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.194:asn:262880	host:177.10.235.194 → asn:262880
flow_observed5-aryOBS	e:fo:flow:4a9074182f8c	flow:4a9074182f8c → host:177.10.235.169 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bc35cbabc9b015e:host:131.196.29.153	SESSION-3bc35cbabc9b015e → host:131.196.29.153
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-555dcb6965008cb6:host:131.196.29.131	SESSION-555dcb6965008cb6 → host:131.196.29.131
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4ef734d9bbeb2d12:SESSION-4ef734d9bbeb2d12	SESSION-4ef734d9bbeb2d12 → pe:syn:SESSION-4ef734d9bbeb2d12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-680820c56f27d295:SESSION-680820c56f27d295	SESSION-680820c56f27d295 → pe:tls:SESSION-680820c56f27d295
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2969d43ba10a409c:host:172.234.197.23	SESSION-2969d43ba10a409c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:425d8702e81b	flow:425d8702e81b → host:177.10.235.212 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-63fc840f6df40503:host:131.196.29.253	SESSION-63fc840f6df40503 → host:131.196.29.253
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f92c0af2b04d2b16:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f92c0af2b04d2b16 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0461902d351b0498:SESSION-0461902d351b0498	SESSION-0461902d351b0498 → pe:syn:SESSION-0461902d351b0498
FLOW_DST_PORTOBS	e:fp:flow:e5317dc12631:port:tcp:443	flow:e5317dc12631 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a88c1288033e7cc:host:172.234.197.23	SESSION-0a88c1288033e7cc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5634ee3b30a0b6aa:host:172.234.197.23	SESSION-5634ee3b30a0b6aa → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:df01e1d27e72:port:tcp:443	flow:df01e1d27e72 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a19fd3219cd89ed:host:45.145.152.164	SESSION-6a19fd3219cd89ed → host:45.145.152.164
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96b1920351aaff79:host:131.196.30.43	SESSION-96b1920351aaff79 → host:131.196.30.43
FLOW_FROM_HOSTOBS	e:from:SESSION-7034c460bd0f5720:host:131.196.30.36	SESSION-7034c460bd0f5720 → host:131.196.30.36
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bdbc33b564dc3f1f:flow:576b9c0091bc	SESSION-bdbc33b564dc3f1f → flow:576b9c0091bc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-06294e5a27c1af9a:host:177.10.238.180:host:172.234.197.23	SESSION-06294e5a27c1af9a → host:177.10.238.180 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2479e88ee1ee68c6:host:172.234.197.23	SESSION-2479e88ee1ee68c6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9dc3dafcee87c5f7:host:131.196.29.70	SESSION-9dc3dafcee87c5f7 → host:131.196.29.70
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5a3cad014cd3066:flow:86186a8a1700	SESSION-b5a3cad014cd3066 → flow:86186a8a1700
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2997df12bb4a545b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-2997df12bb4a545b → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f8491791342c7cb3:flow:7a9af557142d	SESSION-f8491791342c7cb3 → flow:7a9af557142d
FLOW_TO_HOSTOBS	e:to:SESSION-6222707cbae0e281:host:172.234.197.23	SESSION-6222707cbae0e281 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0f4fd2f0020968b3:host:172.234.197.23	SESSION-0f4fd2f0020968b3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bee41282d03c4eb5:flow:5d95a3b0c9d8	SESSION-bee41282d03c4eb5 → flow:5d95a3b0c9d8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db1b4e286dc089a9:flow:77a62fb7aaf3	SESSION-db1b4e286dc089a9 → flow:77a62fb7aaf3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-da40d6e9bff8c88d:host:131.196.29.152:host:172.234.197.23	SESSION-da40d6e9bff8c88d → host:131.196.29.152 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4b7d412d830baf98:host:172.234.197.23	SESSION-4b7d412d830baf98 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e3ba2cf190ed0b5c:SESSION-e3ba2cf190ed0b5c	SESSION-e3ba2cf190ed0b5c → pe:tls:SESSION-e3ba2cf190ed0b5c
FLOW_FROM_HOSTOBS	e:from:SESSION-7205a781bd8c8542:host:177.10.235.81	SESSION-7205a781bd8c8542 → host:177.10.235.81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7ad6356c5bafa36b:SESSION-7ad6356c5bafa36b	SESSION-7ad6356c5bafa36b → pe:tls:SESSION-7ad6356c5bafa36b
FLOW_FROM_HOSTOBS	e:from:SESSION-7ddcefc7eea69488:host:131.196.31.217	SESSION-7ddcefc7eea69488 → host:131.196.31.217
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3fd9b76b5230e873:PCAP:capture_20260430150001:ded20914761d	SESSION-3fd9b76b5230e873 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d52893e766cf8155:SESSION-d52893e766cf8155	SESSION-d52893e766cf8155 → pe:tls:SESSION-d52893e766cf8155
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.235:geo_41.02140_28.99480	host:31.40.196.235 → geo_41.02140_28.99480
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-412d8e92812f4ea2:SESSION-412d8e92812f4ea2	SESSION-412d8e92812f4ea2 → pe:syn:SESSION-412d8e92812f4ea2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea5a5c8bbfcfd548:host:172.234.197.23	SESSION-ea5a5c8bbfcfd548 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7af80619f13211ba:host:37.221.79.224:host:172.234.197.23	SESSION-7af80619f13211ba → host:37.221.79.224 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e998b802e74a3139:flow:3e63df49f560	SESSION-e998b802e74a3139 → flow:3e63df49f560
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0537be800f2fa6cb:SESSION-0537be800f2fa6cb	SESSION-0537be800f2fa6cb → pe:syn:SESSION-0537be800f2fa6cb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb9e9108ca8bff14:host:45.173.156.43	SESSION-cb9e9108ca8bff14 → host:45.173.156.43
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.188:asn:273470	host:45.173.156.188 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0948a596b6903965:host:177.10.237.101	SESSION-0948a596b6903965 → host:177.10.237.101
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6430336fded9a803:flow:4028dc56aa9d	SESSION-6430336fded9a803 → flow:4028dc56aa9d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-08ccad07eda14042:SESSION-08ccad07eda14042	SESSION-08ccad07eda14042 → pe:syn:SESSION-08ccad07eda14042
flow_observed4-aryOBS	e:fo:flow:fb392a4603a9	flow:fb392a4603a9 → host:172.234.197.23 → host:131.196.29.148 → port:tcp:13109
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96ad3251c1ecb855:host:172.234.197.23	SESSION-96ad3251c1ecb855 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.205:geo_-16.28860_-49.01640	host:177.10.232.205 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.61:geo_-16.28860_-49.01640	host:177.10.233.61 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:4f21000eb399	flow:4f21000eb399 → host:172.234.197.23 → host:177.10.235.85 → port:tcp:12747
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-905738e9b4f08562:flow:fe21c49df113	SESSION-905738e9b4f08562 → flow:fe21c49df113
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e8ebb92b3cccc0ee:SESSION-e8ebb92b3cccc0ee	SESSION-e8ebb92b3cccc0ee → pe:tls:SESSION-e8ebb92b3cccc0ee
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-19ad8f01572b4d12:PCAP:capture_20260430050001:8868731bf8a4	SESSION-19ad8f01572b4d12 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:759b87cb162b	flow:759b87cb162b → host:131.196.29.42 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-e167d585a8e48501:host:172.234.197.23	SESSION-e167d585a8e48501 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:aa5fbcda671d:port:tcp:443	flow:aa5fbcda671d → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6050ca7af62c0465:host:45.173.156.137:host:172.234.197.23	SESSION-6050ca7af62c0465 → host:45.173.156.137 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-05167940272dd019:SESSION-05167940272dd019	SESSION-05167940272dd019 → pe:syn:SESSION-05167940272dd019
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.201:asn:273470	host:45.173.156.201 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51c7000fcfeb98d4:host:80.94.92.186	SESSION-51c7000fcfeb98d4 → host:80.94.92.186
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-626902abaec078eb:PCAP:capture_20260430150001:ded20914761d	SESSION-626902abaec078eb → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7bf570ae8905fff:host:172.234.197.23	SESSION-f7bf570ae8905fff → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:64b9edd120d2	flow:64b9edd120d2 → host:49.12.170.238 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:268f82879bdd	flow:268f82879bdd → host:131.196.29.192 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9d11ee49864a2bc:host:172.234.197.23	SESSION-b9d11ee49864a2bc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b0a36bcb50aee6b:host:172.234.197.23	SESSION-2b0a36bcb50aee6b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ab75a0984f628f7a:SESSION-ab75a0984f628f7a	SESSION-ab75a0984f628f7a → pe:tls:SESSION-ab75a0984f628f7a
FLOW_FROM_HOSTOBS	e:from:SESSION-bee41282d03c4eb5:host:172.234.197.23	SESSION-bee41282d03c4eb5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-858a06c2b9abdebe:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-858a06c2b9abdebe → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51cc268447a19ae7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-51cc268447a19ae7 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dedab35c401db9fa:host:172.234.197.23	SESSION-dedab35c401db9fa → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-60b46aef513c4722:host:177.10.235.61	SESSION-60b46aef513c4722 → host:177.10.235.61
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77593e2039f5e18a:SESSION-77593e2039f5e18a	SESSION-77593e2039f5e18a → pe:syn:SESSION-77593e2039f5e18a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a770693a19c2c7c:flow:4ddbe5eae3d3	SESSION-0a770693a19c2c7c → flow:4ddbe5eae3d3
flow_observed5-aryOBS	e:fo:flow:4067d550a9ce	flow:4067d550a9ce → host:177.10.235.75 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:b67d627221f8:port:tcp:16327	flow:b67d627221f8 → port:tcp:16327
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9a466e26c77a91e3:SESSION-9a466e26c77a91e3	SESSION-9a466e26c77a91e3 → pe:syn:SESSION-9a466e26c77a91e3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0ea66afd66f329a0:flow:42ae31a76c48	SESSION-0ea66afd66f329a0 → flow:42ae31a76c48
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90972096b6b00a4b:host:172.234.197.23	SESSION-90972096b6b00a4b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d9a539c485f657b5:flow:c55582ff0267	SESSION-d9a539c485f657b5 → flow:c55582ff0267
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e9c761e9ca1eb65:host:177.10.237.71	SESSION-9e9c761e9ca1eb65 → host:177.10.237.71
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2db2b0c2312c18a1:SESSION-2db2b0c2312c18a1	SESSION-2db2b0c2312c18a1 → pe:syn:SESSION-2db2b0c2312c18a1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3c3e0ded89b78d8d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3c3e0ded89b78d8d → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-70e7a4a5208b1da3:PCAP:capture_20260430060001:919b39a74464	SESSION-70e7a4a5208b1da3 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7d8111f65a253e3a:flow:5e40b4fa1d5e	SESSION-7d8111f65a253e3a → flow:5e40b4fa1d5e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a1d16880e0846180:SESSION-a1d16880e0846180	SESSION-a1d16880e0846180 → pe:syn:SESSION-a1d16880e0846180
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4020db38e68a457:host:172.234.197.23	SESSION-b4020db38e68a457 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:386ff33f19bb	flow:386ff33f19bb → host:177.10.235.230 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:a1034dcdd818	flow:a1034dcdd818 → host:172.234.197.23 → host:45.173.156.169 → port:tcp:46056
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ffb0d51cd8f7dd7:host:177.10.236.17	SESSION-8ffb0d51cd8f7dd7 → host:177.10.236.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cc804a855d1eb7c:host:177.10.238.54	SESSION-6cc804a855d1eb7c → host:177.10.238.54
FLOW_DST_PORTOBS	e:fp:flow:35582a52931d:port:tcp:443	flow:35582a52931d → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fe84550c6b54c988:PCAP:capture_20260430060001:919b39a74464	SESSION-fe84550c6b54c988 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2d93e5dd98af62cc:host:131.196.28.216:host:172.234.197.23	SESSION-2d93e5dd98af62cc → host:131.196.28.216 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2794803b6e3661a7:flow:0670c67e04ae	SESSION-2794803b6e3661a7 → flow:0670c67e04ae
FLOW_FROM_HOSTOBS	e:from:SESSION-139cf5bd66e27bf0:host:172.234.197.23	SESSION-139cf5bd66e27bf0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-952305350dc386c3:SESSION-952305350dc386c3	SESSION-952305350dc386c3 → pe:tls:SESSION-952305350dc386c3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a733fde11cff5d03:SESSION-a733fde11cff5d03	SESSION-a733fde11cff5d03 → pe:tls:SESSION-a733fde11cff5d03
FLOW_TO_HOSTOBS	e:to:SESSION-14d517e62aef6020:host:172.234.197.23	SESSION-14d517e62aef6020 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb7b2ae66396fc75:host:172.234.197.23	SESSION-cb7b2ae66396fc75 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b0278ad8054c	flow:b0278ad8054c → host:177.10.233.20 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TLS_SNIOBS	e:fs:flow:2e52ef2b8860:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:2e52ef2b8860 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-57d0b948d59d1db4:SESSION-57d0b948d59d1db4	SESSION-57d0b948d59d1db4 → pe:syn:SESSION-57d0b948d59d1db4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.39:asn:271410	host:131.196.30.39 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.74:geo_-23.62930_-46.63510	host:131.196.31.74 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eeeeaab9fc572806:SESSION-eeeeaab9fc572806	SESSION-eeeeaab9fc572806 → pe:tls:SESSION-eeeeaab9fc572806
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ff7dac0188fe8fcb:SESSION-ff7dac0188fe8fcb	SESSION-ff7dac0188fe8fcb → pe:syn:SESSION-ff7dac0188fe8fcb
FLOW_FROM_HOSTOBS	e:from:SESSION-7f9bec963f9028f2:host:177.10.235.140	SESSION-7f9bec963f9028f2 → host:177.10.235.140
FLOW_TO_HOSTOBS	e:to:SESSION-d5cd00671f435cc6:host:172.234.197.23	SESSION-d5cd00671f435cc6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ad1d860af0e2	flow:ad1d860af0e2 → host:45.173.156.193 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-835226e6e5119935:host:172.234.197.23	SESSION-835226e6e5119935 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1844a866ec523fcf:SESSION-1844a866ec523fcf	SESSION-1844a866ec523fcf → pe:syn:SESSION-1844a866ec523fcf
HOST_IN_ASNOBS 85%	e:ha:host:104.28.234.79:asn:13335	host:104.28.234.79 → asn:13335
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-44424f48705b3a9d:PCAP:capture_20260430110001:43611bdf6759	SESSION-44424f48705b3a9d → PCAP:capture_20260430110001:43611bdf6759
flow_observed4-aryOBS	e:fo:flow:37482c18bec6	flow:37482c18bec6 → host:172.234.197.23 → host:177.10.238.218 → port:tcp:51371
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-60dab6a51248be22:PCAP:capture_20260430150001:ded20914761d	SESSION-60dab6a51248be22 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-36966af2dfd8700b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-36966af2dfd8700b → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:3d33c6041d42:port:tcp:443	flow:3d33c6041d42 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:a10403a08caf:port:tcp:443	flow:a10403a08caf → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:28adc96fab59:port:tcp:24028	flow:28adc96fab59 → port:tcp:24028
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-997b652ef378c5d4:host:131.196.29.80	SESSION-997b652ef378c5d4 → host:131.196.29.80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-11e7a161068ba48e:host:177.10.234.69:host:172.234.197.23	SESSION-11e7a161068ba48e → host:177.10.234.69 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f2e1e1ea3d3f0587:host:177.10.232.104:host:172.234.197.23	SESSION-f2e1e1ea3d3f0587 → host:177.10.232.104 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b7845496c0c03c20:host:131.196.29.93	SESSION-b7845496c0c03c20 → host:131.196.29.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-10ed4263d8057f18:SESSION-10ed4263d8057f18	SESSION-10ed4263d8057f18 → pe:tls:SESSION-10ed4263d8057f18
FLOW_FROM_HOSTOBS	e:from:SESSION-231f5887ddd9d406:host:172.234.197.23	SESSION-231f5887ddd9d406 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-320a5544f819c3b7:host:172.234.197.23	SESSION-320a5544f819c3b7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ed94d590967f:port:tcp:23498	flow:ed94d590967f → port:tcp:23498
FLOW_DST_PORTOBS	e:fp:flow:8a02ab7093dd:port:tcp:80	flow:8a02ab7093dd → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f2a561db8449259:host:177.10.236.138	SESSION-4f2a561db8449259 → host:177.10.236.138
flow_observed5-aryOBS	e:fo:flow:ad0281c16a8a	flow:ad0281c16a8a → host:131.196.29.206 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-6e8b24d973ac1177:host:177.10.237.15	SESSION-6e8b24d973ac1177 → host:177.10.237.15
flow_observed5-aryOBS	e:fo:flow:8ad20b9f9a0d	flow:8ad20b9f9a0d → host:131.196.29.60 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a34ec08b35e90b0:host:177.10.234.74	SESSION-2a34ec08b35e90b0 → host:177.10.234.74
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.170:geo_-21.10010_-41.69200	host:45.173.156.170 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-f0daf10b890c2667:host:45.173.156.208	SESSION-f0daf10b890c2667 → host:45.173.156.208
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7a22eb4c95bd17b8:flow:8532ceaded41	SESSION-7a22eb4c95bd17b8 → flow:8532ceaded41
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5d780f89354efd9:flow:ffc45234dfd0	SESSION-b5d780f89354efd9 → flow:ffc45234dfd0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-78b6e298ccb2dbce:host:172.234.197.23:host:177.10.235.105	SESSION-78b6e298ccb2dbce → host:172.234.197.23 → host:177.10.235.105
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-da61b01cc679b249:SESSION-da61b01cc679b249	SESSION-da61b01cc679b249 → pe:syn:SESSION-da61b01cc679b249
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fddb1520b60b4e20:host:172.234.197.23	SESSION-fddb1520b60b4e20 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.181:asn:262880	host:177.10.238.181 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4e339b9f879a911:host:37.221.79.52:host:172.234.197.23	SESSION-d4e339b9f879a911 → host:37.221.79.52 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-20b594788160c43c:SESSION-20b594788160c43c	SESSION-20b594788160c43c → pe:tls:SESSION-20b594788160c43c
flow_observed5-aryOBS	e:fo:flow:48bf951f542b	flow:48bf951f542b → host:177.10.233.52 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:499e2ccaea75	flow:499e2ccaea75 → host:172.234.197.23 → host:177.10.234.95 → port:tcp:60153
FLOW_DST_PORTOBS	e:fp:flow:ebf3e86f8a9a:port:tcp:443	flow:ebf3e86f8a9a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1933fbedf850967f:host:172.234.197.23	SESSION-1933fbedf850967f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d5407005cb310ce8:PCAP:capture_20260430150001:ded20914761d	SESSION-d5407005cb310ce8 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:886d5601dd53:port:tcp:443	flow:886d5601dd53 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77d6ed106817bb5a:host:177.10.236.31	SESSION-77d6ed106817bb5a → host:177.10.236.31
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7205a781bd8c8542:host:177.10.235.81	SESSION-7205a781bd8c8542 → host:177.10.235.81
FLOW_DST_PORTOBS	e:fp:flow:0256f21cd65f:port:tcp:443	flow:0256f21cd65f → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:66dbc4502796	flow:66dbc4502796 → host:172.234.197.23 → host:131.196.28.246 → port:tcp:62386
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22bb8f06cde321ca:host:172.234.197.23	SESSION-22bb8f06cde321ca → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-46f70ffa54883bab:SESSION-46f70ffa54883bab	SESSION-46f70ffa54883bab → pe:tls:SESSION-46f70ffa54883bab
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-576cc11ebde25a50:host:131.196.29.94	SESSION-576cc11ebde25a50 → host:131.196.29.94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b2754fb6a113c6b7:SESSION-b2754fb6a113c6b7	SESSION-b2754fb6a113c6b7 → pe:syn:SESSION-b2754fb6a113c6b7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-17e08e972fb579a9:SESSION-17e08e972fb579a9	SESSION-17e08e972fb579a9 → pe:syn:SESSION-17e08e972fb579a9
FLOW_DST_PORTOBS	e:fp:flow:a5bfd56e390d:port:tcp:443	flow:a5bfd56e390d → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a604218ad277317:host:131.196.29.114:host:172.234.197.23	SESSION-8a604218ad277317 → host:131.196.29.114 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8c07bee6bb583aca:host:172.234.197.23	SESSION-8c07bee6bb583aca → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6ddb0818d575:port:tcp:443	flow:6ddb0818d575 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-47fcc0d7da6d7c1a:SESSION-47fcc0d7da6d7c1a	SESSION-47fcc0d7da6d7c1a → pe:syn:SESSION-47fcc0d7da6d7c1a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e583d09be0235fc:host:172.234.197.23	SESSION-3e583d09be0235fc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37fa495f79e351e9:host:172.234.197.23	SESSION-37fa495f79e351e9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2dd011a07497df56:host:177.10.233.125	SESSION-2dd011a07497df56 → host:177.10.233.125
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b3b2d33602e817e1:SESSION-b3b2d33602e817e1	SESSION-b3b2d33602e817e1 → pe:tls:SESSION-b3b2d33602e817e1
FLOW_DST_PORTOBS	e:fp:flow:b4e10c7cf700:port:tcp:443	flow:b4e10c7cf700 → port:tcp:443
ASN_IN_ORGOBS 80%	e:ao:asn:53667:org:FranTech Solutions	asn:53667 → org:FranTech Solutions
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1980da9de3362b69:flow:190945c4b75d	SESSION-1980da9de3362b69 → flow:190945c4b75d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-361f1ea86b9f3cf3:SESSION-361f1ea86b9f3cf3	SESSION-361f1ea86b9f3cf3 → pe:tls:SESSION-361f1ea86b9f3cf3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e7e52183ef313b6a:host:131.196.28.207:host:172.234.197.23	SESSION-e7e52183ef313b6a → host:131.196.28.207 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2958e311eaa51e83:host:172.234.197.23	SESSION-2958e311eaa51e83 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d73d5fbffa5706a1:host:131.196.28.172	SESSION-d73d5fbffa5706a1 → host:131.196.28.172
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.37:geo_-23.62930_-46.63510	host:131.196.28.37 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56fe4753b2794494:host:172.234.197.23	SESSION-56fe4753b2794494 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-521d3d94be94008e:SESSION-521d3d94be94008e	SESSION-521d3d94be94008e → pe:tls:SESSION-521d3d94be94008e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a825e71225466eb:host:131.196.28.92	SESSION-3a825e71225466eb → host:131.196.28.92
FLOW_FROM_HOSTOBS	e:from:SESSION-ae3419cd71fb8b85:host:172.234.197.23	SESSION-ae3419cd71fb8b85 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-001dbe9c45882aae:host:177.10.236.2:host:172.234.197.23	SESSION-001dbe9c45882aae → host:177.10.236.2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e076f857aa349ed0:SESSION-e076f857aa349ed0	SESSION-e076f857aa349ed0 → pe:tls:SESSION-e076f857aa349ed0
FLOW_DST_PORTOBS	e:fp:flow:cb05e49e69ec:port:udp:53	flow:cb05e49e69ec → port:udp:53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d87ad0ffb58b923c:host:172.234.197.23:host:177.10.235.42	SESSION-d87ad0ffb58b923c → host:172.234.197.23 → host:177.10.235.42
FLOW_FROM_HOSTOBS	e:from:SESSION-9f7884afbce83d50:host:177.10.238.161	SESSION-9f7884afbce83d50 → host:177.10.238.161
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d99d46a236a5e045:SESSION-d99d46a236a5e045	SESSION-d99d46a236a5e045 → pe:syn:SESSION-d99d46a236a5e045
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.25:asn:271410	host:131.196.28.25 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:e24ee2bfca56:port:tcp:443	flow:e24ee2bfca56 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-928f584a0bc46099:host:172.234.197.23	SESSION-928f584a0bc46099 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bef16d9c79cba2c2:flow:abc8f32c87a5	SESSION-bef16d9c79cba2c2 → flow:abc8f32c87a5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf1647bbc272aaf8:host:172.234.197.23:host:177.10.239.199	SESSION-bf1647bbc272aaf8 → host:172.234.197.23 → host:177.10.239.199
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-07ba7d1d1566dce2:SESSION-07ba7d1d1566dce2	SESSION-07ba7d1d1566dce2 → pe:tls:SESSION-07ba7d1d1566dce2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.86:geo_-16.28860_-49.01640	host:177.10.235.86 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:15b5b8684d8f:port:tcp:443	flow:15b5b8684d8f → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4d17209bd675d4be:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4d17209bd675d4be → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:5d2a6d8ea810	flow:5d2a6d8ea810 → host:131.196.29.53 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-99eb989e9371b0fb:host:131.196.31.81:host:172.234.197.23	SESSION-99eb989e9371b0fb → host:131.196.31.81 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-afde502531c1ddca:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-afde502531c1ddca → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-b12621bc2223af13:host:177.10.237.225	SESSION-b12621bc2223af13 → host:177.10.237.225
FLOW_FROM_HOSTOBS	e:from:SESSION-ea2f6118de4330ea:host:131.196.29.60	SESSION-ea2f6118de4330ea → host:131.196.29.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9726d81acc78b8e7:host:131.196.30.5	SESSION-9726d81acc78b8e7 → host:131.196.30.5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51603301232db2ce:host:177.10.235.126	SESSION-51603301232db2ce → host:177.10.235.126
flow_observed5-aryOBS	e:fo:flow:e9067679f6ca	flow:e9067679f6ca → host:177.10.237.24 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-b880a07e89a760de:host:172.234.197.23	SESSION-b880a07e89a760de → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d4cb0f7560af550:host:131.196.30.169	SESSION-5d4cb0f7560af550 → host:131.196.30.169
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-353fd641d57f7d93:host:172.234.197.23:host:177.10.236.234	SESSION-353fd641d57f7d93 → host:172.234.197.23 → host:177.10.236.234
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.194:geo_41.02140_28.99480	host:185.231.226.194 → geo_41.02140_28.99480
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-49ea9885c560f158:host:177.10.238.113:host:172.234.197.23	SESSION-49ea9885c560f158 → host:177.10.238.113 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:23392fb83d00	flow:23392fb83d00 → host:131.196.31.18 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f56538a064e25a46:host:177.10.235.18	SESSION-f56538a064e25a46 → host:177.10.235.18
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3fa29bafd0740f46:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3fa29bafd0740f46 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3526e42e615eba29:flow:8f5f860b3650	SESSION-3526e42e615eba29 → flow:8f5f860b3650
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b09cf74640ed889e:host:172.234.197.23	SESSION-b09cf74640ed889e → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.15:asn:271410	host:131.196.29.15 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4bc49d07a666c670:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4bc49d07a666c670 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-332b957940cff81b:host:45.145.152.156	SESSION-332b957940cff81b → host:45.145.152.156
FLOW_TO_HOSTOBS	e:to:SESSION-65029066d9cd1f24:host:172.234.197.23	SESSION-65029066d9cd1f24 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2c26000380dd	flow:2c26000380dd → host:184.171.210.134 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.246:asn:262880	host:177.10.233.246 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:66a2f39ca69b:port:tcp:7564	flow:66a2f39ca69b → port:tcp:7564
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85714bf39e95506c:host:172.234.197.23	SESSION-85714bf39e95506c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fd437604af995a2a:host:172.234.197.23:host:177.10.238.44	SESSION-fd437604af995a2a → host:172.234.197.23 → host:177.10.238.44
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2560fc1185e4e3e7:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-2560fc1185e4e3e7 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.25:geo_-16.28860_-49.01640	host:177.10.235.25 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-febabcac2b03c9d1:SESSION-febabcac2b03c9d1	SESSION-febabcac2b03c9d1 → pe:syn:SESSION-febabcac2b03c9d1
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.22:asn:271410	host:131.196.31.22 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1d30b8cd9cbd48a1:SESSION-1d30b8cd9cbd48a1	SESSION-1d30b8cd9cbd48a1 → pe:syn:SESSION-1d30b8cd9cbd48a1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41c6e0b91a3149eb:host:172.234.197.23	SESSION-41c6e0b91a3149eb → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-602a14335703e220:host:177.10.235.74	SESSION-602a14335703e220 → host:177.10.235.74
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6bbf6176d0f5e38d:host:172.234.197.23	SESSION-6bbf6176d0f5e38d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5f147f2227c6d965:SESSION-5f147f2227c6d965	SESSION-5f147f2227c6d965 → pe:tls:SESSION-5f147f2227c6d965
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa4dbd42e40690e9:PCAP:capture_20260430050001:8868731bf8a4	SESSION-aa4dbd42e40690e9 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-7d5ec38dc75ef648:host:172.234.197.23	SESSION-7d5ec38dc75ef648 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2354f30fe4af5f56:host:131.196.28.205:host:172.234.197.23	SESSION-2354f30fe4af5f56 → host:131.196.28.205 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-19f4ea615eaf7325:host:177.10.238.79	SESSION-19f4ea615eaf7325 → host:177.10.238.79
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.109:geo_-16.28860_-49.01640	host:177.10.233.109 → geo_-16.28860_-49.01640
flow_observed3-aryOBS	e:fo:flow:2ac6e0e934b2	flow:2ac6e0e934b2 → host:44.244.28.93 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:10baf7420b2a	flow:10baf7420b2a → host:172.234.197.23 → host:177.10.234.104 → port:tcp:35712
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-88d03f5c2bc073a8:PCAP:capture_20260430110001:43611bdf6759	SESSION-88d03f5c2bc073a8 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-205f7c84653f0fb6:host:172.234.197.23	SESSION-205f7c84653f0fb6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9072e99a39ab8173:SESSION-9072e99a39ab8173	SESSION-9072e99a39ab8173 → pe:tls:SESSION-9072e99a39ab8173
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1620c835b56464d4:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1620c835b56464d4 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad7d874b9cd6bce1:host:177.10.239.255	SESSION-ad7d874b9cd6bce1 → host:177.10.239.255
FLOW_TO_HOSTOBS	e:to:SESSION-f26dae72fe8e9fa0:host:131.196.30.104	SESSION-f26dae72fe8e9fa0 → host:131.196.30.104
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-49fc7ea897578489:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-49fc7ea897578489 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-10f6f623bcce091e:flow:107962b6041b	SESSION-10f6f623bcce091e → flow:107962b6041b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7858b3452cd9a479:flow:4bcbdea9ec1c	SESSION-7858b3452cd9a479 → flow:4bcbdea9ec1c
FLOW_FROM_HOSTOBS	e:from:SESSION-2f96a240aba6afcc:host:131.196.30.221	SESSION-2f96a240aba6afcc → host:131.196.30.221
FLOW_FROM_HOSTOBS	e:from:SESSION-86f296cd3a39a7c2:host:95.170.25.215	SESSION-86f296cd3a39a7c2 → host:95.170.25.215
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf34c898669d01e7:SESSION-bf34c898669d01e7	SESSION-bf34c898669d01e7 → pe:tls:SESSION-bf34c898669d01e7
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.37:asn:262880	host:177.10.239.37 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-651f6fdc4d4e9c59:SESSION-651f6fdc4d4e9c59	SESSION-651f6fdc4d4e9c59 → pe:tls:SESSION-651f6fdc4d4e9c59
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.176:geo_-16.28860_-49.01640	host:177.10.233.176 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-136fe1663b76b4f2:SESSION-136fe1663b76b4f2	SESSION-136fe1663b76b4f2 → pe:syn:SESSION-136fe1663b76b4f2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a1214f59f834d98:host:131.196.29.156:host:172.234.197.23	SESSION-8a1214f59f834d98 → host:131.196.29.156 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5804e26655ff1a06:host:172.234.197.23:host:131.196.30.231	SESSION-5804e26655ff1a06 → host:172.234.197.23 → host:131.196.30.231
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32626bc077790390:host:172.234.197.23	SESSION-32626bc077790390 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-903738316b123ea7:host:177.10.232.176	SESSION-903738316b123ea7 → host:177.10.232.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8383343898074aaa:host:177.10.236.217	SESSION-8383343898074aaa → host:177.10.236.217
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5de3ca130be8f6d5:flow:71ab09349ce1	SESSION-5de3ca130be8f6d5 → flow:71ab09349ce1
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.112:asn:262880	host:177.10.238.112 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-1fa31db6279a0e7c:host:131.196.28.37	SESSION-1fa31db6279a0e7c → host:131.196.28.37
flow_observed4-aryOBS	e:fo:flow:6cdd6f90666a	flow:6cdd6f90666a → host:172.234.197.23 → host:131.196.30.39 → port:tcp:38689
flow_observed5-aryOBS	e:fo:flow:d77bd425cc20	flow:d77bd425cc20 → host:131.196.29.206 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.254:geo_-21.10010_-41.69200	host:45.173.156.254 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-7c85a8771eed4d0f:host:172.234.197.23	SESSION-7c85a8771eed4d0f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-354c21b56902e892:host:172.234.197.23:host:131.196.31.10	SESSION-354c21b56902e892 → host:172.234.197.23 → host:131.196.31.10
FLOW_TO_HOSTOBS	e:to:SESSION-ff374888c4809584:host:172.234.197.23	SESSION-ff374888c4809584 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f04e938497dcf32a:host:177.10.232.206	SESSION-f04e938497dcf32a → host:177.10.232.206
FLOW_TO_HOSTOBS	e:to:SESSION-2d798baf71c597a3:host:172.234.197.23	SESSION-2d798baf71c597a3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-035e17bf8c36a59b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-035e17bf8c36a59b → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e54eb0866acbe21:host:177.10.237.29	SESSION-3e54eb0866acbe21 → host:177.10.237.29
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0debd2a005265c6e:SESSION-0debd2a005265c6e	SESSION-0debd2a005265c6e → pe:syn:SESSION-0debd2a005265c6e
FLOW_TO_HOSTOBS	e:to:SESSION-bd554b279ca00d73:host:177.10.236.173	SESSION-bd554b279ca00d73 → host:177.10.236.173
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.88:geo_-16.28860_-49.01640	host:177.10.238.88 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9fd8278b2f1d760d:host:131.196.30.146:host:172.234.197.23	SESSION-9fd8278b2f1d760d → host:131.196.30.146 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-954029bd3fad39c7:host:172.234.197.23	SESSION-954029bd3fad39c7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a7146439792d:port:tcp:443	flow:a7146439792d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8b8b9e098330595b:SESSION-8b8b9e098330595b	SESSION-8b8b9e098330595b → pe:tls:SESSION-8b8b9e098330595b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-75c0f4fa43b2bfb9:SESSION-75c0f4fa43b2bfb9	SESSION-75c0f4fa43b2bfb9 → pe:tls:SESSION-75c0f4fa43b2bfb9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7ba8377fba710c4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b7ba8377fba710c4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.33:geo_-23.62930_-46.63510	host:131.196.31.33 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-2f35e45e57d830f4:host:177.10.235.169	SESSION-2f35e45e57d830f4 → host:177.10.235.169
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9ed3c0cac572dff6:SESSION-9ed3c0cac572dff6	SESSION-9ed3c0cac572dff6 → pe:tls:SESSION-9ed3c0cac572dff6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f392894730d574f3:SESSION-f392894730d574f3	SESSION-f392894730d574f3 → pe:syn:SESSION-f392894730d574f3
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-b9f43ed2bc91ec43:BSG-BEACON-c5c416645e2f	SESSION-b9f43ed2bc91ec43 → BSG-BEACON-c5c416645e2f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aede3430ffb62e05:SESSION-aede3430ffb62e05	SESSION-aede3430ffb62e05 → pe:syn:SESSION-aede3430ffb62e05
FLOW_FROM_HOSTOBS	e:from:SESSION-97a932b8098f01e0:host:177.10.239.39	SESSION-97a932b8098f01e0 → host:177.10.239.39
flow_observed5-aryOBS	e:fo:flow:6ddb0818d575	flow:6ddb0818d575 → host:195.154.100.87 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:4bd1ced1ed2e	flow:4bd1ced1ed2e → host:172.234.197.23 → host:80.94.92.182 → port:tcp:51238
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dd5c7cb019cd55a3:SESSION-dd5c7cb019cd55a3	SESSION-dd5c7cb019cd55a3 → pe:tls:SESSION-dd5c7cb019cd55a3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-501c474d8a937a90:host:172.234.197.23	SESSION-501c474d8a937a90 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-244625927b0e7703:host:177.10.235.213:host:172.234.197.23	SESSION-244625927b0e7703 → host:177.10.235.213 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1c4d193b3400	flow:1c4d193b3400 → host:177.10.238.113 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:8d2f335c9cd5	flow:8d2f335c9cd5 → host:131.196.31.23 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-4670d2b8fb3d0344:host:177.10.232.242	SESSION-4670d2b8fb3d0344 → host:177.10.232.242
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a3417e991c57bd21:PCAP:capture_20260430090001:065659c7d314	SESSION-a3417e991c57bd21 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-352a47a3f8b3882e:flow:91467d68ee29	SESSION-352a47a3f8b3882e → flow:91467d68ee29
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-19279b7c3b267599:PCAP:capture_20260430160001:9bfa4498506a	SESSION-19279b7c3b267599 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-379e8704803db8ae:host:172.234.197.23	SESSION-379e8704803db8ae → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:23f7091bd6a9	flow:23f7091bd6a9 → host:177.10.238.17 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-b481f21a133f6fd1:host:172.234.197.23	SESSION-b481f21a133f6fd1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0efcb065a58cc475:host:177.10.235.213	SESSION-0efcb065a58cc475 → host:177.10.235.213
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a286fa1508a759d:host:177.10.232.59	SESSION-3a286fa1508a759d → host:177.10.232.59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-99664d33d11b43d2:SESSION-99664d33d11b43d2	SESSION-99664d33d11b43d2 → pe:tls:SESSION-99664d33d11b43d2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e577d7cf1b0ace36:SESSION-e577d7cf1b0ace36	SESSION-e577d7cf1b0ace36 → pe:syn:SESSION-e577d7cf1b0ace36
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f479af38d87d852f:host:177.10.232.45	SESSION-f479af38d87d852f → host:177.10.232.45
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1052ae798d70afda:SESSION-1052ae798d70afda	SESSION-1052ae798d70afda → pe:syn:SESSION-1052ae798d70afda
FLOW_DST_PORTOBS	e:fp:flow:09e69323670d:port:tcp:443	flow:09e69323670d → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:8fa60a20bddb	flow:8fa60a20bddb → host:177.10.232.16 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ab1f168a37fae671:SESSION-ab1f168a37fae671	SESSION-ab1f168a37fae671 → pe:syn:SESSION-ab1f168a37fae671
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ad7d874b9cd6bce1:flow:3ebf35a3b054	SESSION-ad7d874b9cd6bce1 → flow:3ebf35a3b054
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-06ad44a538684c23:host:177.10.237.39:host:172.234.197.23	SESSION-06ad44a538684c23 → host:177.10.237.39 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fac4a2f466e4583d:host:177.10.237.10	SESSION-fac4a2f466e4583d → host:177.10.237.10
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.124:geo_-16.28860_-49.01640	host:177.10.232.124 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.32:geo_-16.28860_-49.01640	host:177.10.237.32 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:79fb2d904119	flow:79fb2d904119 → host:177.10.234.78 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8f5b7d4cd5351b11:SESSION-8f5b7d4cd5351b11	SESSION-8f5b7d4cd5351b11 → pe:syn:SESSION-8f5b7d4cd5351b11
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19cb9f6f0c8358bd:host:172.234.197.23	SESSION-19cb9f6f0c8358bd → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f8c2daf7dcef	flow:f8c2daf7dcef → host:177.10.239.246 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:70aa4289986d	flow:70aa4289986d → host:177.10.238.109 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ab52a513e5ed877:host:177.10.237.24	SESSION-7ab52a513e5ed877 → host:177.10.237.24
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-24aa07f03f2c2273:PCAP:capture_20260430080001:93f47cc296a4	SESSION-24aa07f03f2c2273 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-122c6042cd97886a:SESSION-122c6042cd97886a	SESSION-122c6042cd97886a → pe:syn:SESSION-122c6042cd97886a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6b762e1d0d174fb:host:131.196.30.69	SESSION-a6b762e1d0d174fb → host:131.196.30.69
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4066f36b6ded169d:SESSION-4066f36b6ded169d	SESSION-4066f36b6ded169d → pe:tls:SESSION-4066f36b6ded169d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cd8dbb599c016751:SESSION-cd8dbb599c016751	SESSION-cd8dbb599c016751 → pe:syn:SESSION-cd8dbb599c016751
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2dd011a07497df56:host:177.10.233.125:host:172.234.197.23	SESSION-2dd011a07497df56 → host:177.10.233.125 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a8eb3ecb5c5b32a8:host:177.10.234.72	SESSION-a8eb3ecb5c5b32a8 → host:177.10.234.72
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c89e102c8b8b6c97:host:177.10.233.35	SESSION-c89e102c8b8b6c97 → host:177.10.233.35
FLOW_DST_PORTOBS	e:fp:flow:54355afdc05d:port:tcp:443	flow:54355afdc05d → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-97c8a314f3fd1c5a:flow:4231a3cc4c78	SESSION-97c8a314f3fd1c5a → flow:4231a3cc4c78
FLOW_FROM_HOSTOBS	e:from:SESSION-d0cd9b8959e0e89e:host:45.173.156.188	SESSION-d0cd9b8959e0e89e → host:45.173.156.188
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a98c5df3fe5e6d6:host:131.196.31.58:host:172.234.197.23	SESSION-4a98c5df3fe5e6d6 → host:131.196.31.58 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-97b2355356a85562:SESSION-97b2355356a85562	SESSION-97b2355356a85562 → pe:syn:SESSION-97b2355356a85562
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bded37485db78f4a:host:172.234.197.23	SESSION-bded37485db78f4a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7a0913a57a803cab:SESSION-7a0913a57a803cab	SESSION-7a0913a57a803cab → pe:tls:SESSION-7a0913a57a803cab
FLOW_DST_PORTOBS	e:fp:flow:d821ae727b8b:port:tcp:41968	flow:d821ae727b8b → port:tcp:41968
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a5b4d581172cc71c:flow:612621241910	SESSION-a5b4d581172cc71c → flow:612621241910
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-252ece6cab0420bc:host:172.234.197.23	SESSION-252ece6cab0420bc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-be0f12df58cf6d46:SESSION-be0f12df58cf6d46	SESSION-be0f12df58cf6d46 → pe:syn:SESSION-be0f12df58cf6d46
FLOW_DST_PORTOBS	e:fp:flow:89f3bc0b68f9:port:tcp:443	flow:89f3bc0b68f9 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-f02a050799431d6e:host:177.10.237.166	SESSION-f02a050799431d6e → host:177.10.237.166
FLOW_TO_HOSTOBS	e:to:SESSION-6ee6825b3a9be6d1:host:172.234.197.23	SESSION-6ee6825b3a9be6d1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-02deb29800889c11:host:177.10.239.55	SESSION-02deb29800889c11 → host:177.10.239.55
FLOW_FROM_HOSTOBS	e:from:SESSION-f57871a7505a0a35:host:177.10.235.170	SESSION-f57871a7505a0a35 → host:177.10.235.170
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6da898acb6c07034:flow:74ec24f6b294	SESSION-6da898acb6c07034 → flow:74ec24f6b294
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ff2bd1b9d0923cc1:SESSION-ff2bd1b9d0923cc1	SESSION-ff2bd1b9d0923cc1 → pe:tls:SESSION-ff2bd1b9d0923cc1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9912439438040361:host:172.234.197.23:host:45.173.156.116	SESSION-9912439438040361 → host:172.234.197.23 → host:45.173.156.116
flow_observed5-aryOBS	e:fo:flow:85aacd5feb03	flow:85aacd5feb03 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-74a0cb408b3fb354:host:177.10.238.31:host:172.234.197.23	SESSION-74a0cb408b3fb354 → host:177.10.238.31 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b4d5ec492dcde12c:host:131.196.30.74	SESSION-b4d5ec492dcde12c → host:131.196.30.74
FLOW_FROM_HOSTOBS	e:from:SESSION-fb645c1b10558a95:host:172.234.197.23	SESSION-fb645c1b10558a95 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b34520b38e3fc963:host:172.234.197.23	SESSION-b34520b38e3fc963 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f8cba099c11564e8:host:172.234.197.23	SESSION-f8cba099c11564e8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9ce76aef4cf62c0f:SESSION-9ce76aef4cf62c0f	SESSION-9ce76aef4cf62c0f → pe:syn:SESSION-9ce76aef4cf62c0f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-478ebcd540b5d0ef:host:177.10.236.189	SESSION-478ebcd540b5d0ef → host:177.10.236.189
flow_observed5-aryOBS	e:fo:flow:1c25e14dd3be	flow:1c25e14dd3be → host:45.173.156.5 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.8:geo_-23.62930_-46.63510	host:131.196.31.8 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fad613e75ea639b5:host:177.10.233.64:host:172.234.197.23	SESSION-fad613e75ea639b5 → host:177.10.233.64 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db9e8149201eae0f:SESSION-db9e8149201eae0f	SESSION-db9e8149201eae0f → pe:syn:SESSION-db9e8149201eae0f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fac4a2f466e4583d:host:172.234.197.23	SESSION-fac4a2f466e4583d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-598f28b8a9577970:host:172.234.197.23	SESSION-598f28b8a9577970 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-421b35b56ec8b984:host:172.234.197.23	SESSION-421b35b56ec8b984 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fb20cb96e066d018:host:172.234.197.23	SESSION-fb20cb96e066d018 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa09fbb5e640ff94:host:172.234.197.23	SESSION-aa09fbb5e640ff94 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4e7af3e500f20cf8:host:177.10.237.217	SESSION-4e7af3e500f20cf8 → host:177.10.237.217
FLOW_DST_PORTOBS	e:fp:flow:69309691d7b0:port:tcp:443	flow:69309691d7b0 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-f2cbf1ff9debe345:host:172.234.197.23	SESSION-f2cbf1ff9debe345 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cc41b76983738bc7:host:177.10.233.171	SESSION-cc41b76983738bc7 → host:177.10.233.171
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c24aca5564d2ae55:SESSION-c24aca5564d2ae55	SESSION-c24aca5564d2ae55 → pe:tls:SESSION-c24aca5564d2ae55
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-180bc1efe2db3897:host:177.10.237.245:host:172.234.197.23	SESSION-180bc1efe2db3897 → host:177.10.237.245 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f7faa68f85f6:port:tcp:443	flow:f7faa68f85f6 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-979974e101979ba8:flow:97158fea544e	SESSION-979974e101979ba8 → flow:97158fea544e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e853a157c23802e1:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e853a157c23802e1 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4cc664d616fce9d7:host:45.173.156.232	SESSION-4cc664d616fce9d7 → host:45.173.156.232
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.107:asn:271410	host:131.196.31.107 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-200e4a8806f83581:SESSION-200e4a8806f83581	SESSION-200e4a8806f83581 → pe:rst:SESSION-200e4a8806f83581
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9e2f07f7ea20074:host:131.196.28.204	SESSION-f9e2f07f7ea20074 → host:131.196.28.204
FLOW_DST_PORTOBS	e:fp:flow:5f9206fa154d:port:tcp:443	flow:5f9206fa154d → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.58:geo_-16.28860_-49.01640	host:177.10.233.58 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-75ac13f212ea06a5:host:177.10.232.54	SESSION-75ac13f212ea06a5 → host:177.10.232.54
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.222:geo_-16.28860_-49.01640	host:177.10.236.222 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1bc39f4f18cf27f2:host:131.196.30.225:host:172.234.197.23	SESSION-1bc39f4f18cf27f2 → host:131.196.30.225 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5c9754d7075a4d12:host:172.234.197.23	SESSION-5c9754d7075a4d12 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d846bfa2b8f8474d:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d846bfa2b8f8474d → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-106d77d887836a65:PCAP:capture_20260430090001:065659c7d314	SESSION-106d77d887836a65 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.69:geo_-23.62930_-46.63510	host:131.196.29.69 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65c1debe675497c7:SESSION-65c1debe675497c7	SESSION-65c1debe675497c7 → pe:tls:SESSION-65c1debe675497c7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-570ccd324c759306:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-570ccd324c759306 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.62:geo_-16.28860_-49.01640	host:177.10.234.62 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e905599dc3c27c65:SESSION-e905599dc3c27c65	SESSION-e905599dc3c27c65 → pe:syn:SESSION-e905599dc3c27c65
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-74fa9a10a5811b00:SESSION-74fa9a10a5811b00	SESSION-74fa9a10a5811b00 → pe:syn:SESSION-74fa9a10a5811b00
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e36c77c5ab0d7e92:SESSION-e36c77c5ab0d7e92	SESSION-e36c77c5ab0d7e92 → pe:syn:SESSION-e36c77c5ab0d7e92
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-393eb1cd54ab212e:SESSION-393eb1cd54ab212e	SESSION-393eb1cd54ab212e → pe:tls:SESSION-393eb1cd54ab212e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f971b95dedbfd9a:host:172.234.197.23	SESSION-7f971b95dedbfd9a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-aec4f33b062c0e6b:host:136.243.57.208	SESSION-aec4f33b062c0e6b → host:136.243.57.208
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47982c1c81b3c1d7:flow:2ac6e0e934b2	SESSION-47982c1c81b3c1d7 → flow:2ac6e0e934b2
FLOW_TO_HOSTOBS	e:to:SESSION-f53fdd8a51294c3d:host:172.234.197.23	SESSION-f53fdd8a51294c3d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d7f8914f0744c0dd:SESSION-d7f8914f0744c0dd	SESSION-d7f8914f0744c0dd → pe:tls:SESSION-d7f8914f0744c0dd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-66a529d98727e997:SESSION-66a529d98727e997	SESSION-66a529d98727e997 → pe:syn:SESSION-66a529d98727e997
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-56476ce9df92fd09:host:172.234.197.23:host:131.196.28.217	SESSION-56476ce9df92fd09 → host:172.234.197.23 → host:131.196.28.217
flow_observed5-aryOBS	e:fo:flow:b1427df5f2d1	flow:b1427df5f2d1 → host:177.10.235.166 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d4ae68a057da74d:host:177.10.233.3	SESSION-5d4ae68a057da74d → host:177.10.233.3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3b520e491b5957c0:SESSION-3b520e491b5957c0	SESSION-3b520e491b5957c0 → pe:syn:SESSION-3b520e491b5957c0
FLOW_TO_HOSTOBS	e:to:SESSION-295a993db8b4e397:host:172.234.197.23	SESSION-295a993db8b4e397 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f78775658cb84616:host:177.10.234.57	SESSION-f78775658cb84616 → host:177.10.234.57
FLOW_DST_PORTOBS	e:fp:flow:af8af020ac61:port:tcp:443	flow:af8af020ac61 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.210:asn:262880	host:177.10.232.210 → asn:262880
flow_observed5-aryOBS	e:fo:flow:49c4bc3f2b08	flow:49c4bc3f2b08 → host:37.221.79.63 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fbdf1132d9fb1d0d:host:177.10.234.23	SESSION-fbdf1132d9fb1d0d → host:177.10.234.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e8278f913dbee560:PCAP:capture_20260430060001:919b39a74464	SESSION-e8278f913dbee560 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-660cb7ef624de29d:host:131.196.28.187	SESSION-660cb7ef624de29d → host:131.196.28.187
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-979974e101979ba8:host:172.234.197.23	SESSION-979974e101979ba8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:44efce266f3b	flow:44efce266f3b → host:177.10.239.196 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84d5ccfdbe119076:host:45.173.156.209	SESSION-84d5ccfdbe119076 → host:45.173.156.209
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd8e744bc487bcb1:host:172.234.197.23	SESSION-bd8e744bc487bcb1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2f691479e1fc1edf:PCAP:capture_20260430050001:8868731bf8a4	SESSION-2f691479e1fc1edf → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-3c787945ac898609:host:131.196.28.228	SESSION-3c787945ac898609 → host:131.196.28.228
FLOW_FROM_HOSTOBS	e:from:SESSION-1ca00666a1b5cdae:host:172.234.197.23	SESSION-1ca00666a1b5cdae → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a38d88507263cddf:SESSION-a38d88507263cddf	SESSION-a38d88507263cddf → pe:tls:SESSION-a38d88507263cddf
FLOW_TO_HOSTOBS	e:to:SESSION-d1d74e40d653f073:host:172.234.197.23	SESSION-d1d74e40d653f073 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a2afd08744a3	flow:a2afd08744a3 → host:95.135.228.95 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9d0657eb87257c08:flow:5725aeb457d8	SESSION-9d0657eb87257c08 → flow:5725aeb457d8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-73ac0ee86c608450:flow:82acf82630a3	SESSION-73ac0ee86c608450 → flow:82acf82630a3
flow_observed5-aryOBS	e:fo:flow:3d794649c2ef	flow:3d794649c2ef → host:177.10.234.207 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-186abbea6a1cb4f5:SESSION-186abbea6a1cb4f5	SESSION-186abbea6a1cb4f5 → pe:rst:SESSION-186abbea6a1cb4f5
FLOW_TO_HOSTOBS	e:to:SESSION-e991004bd02372d1:host:172.234.197.23	SESSION-e991004bd02372d1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9dcf6e772a239b46:host:172.234.197.23	SESSION-9dcf6e772a239b46 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9352eabb144b:port:tcp:443	flow:9352eabb144b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f077149cc71812a:host:177.10.239.9	SESSION-3f077149cc71812a → host:177.10.239.9
FLOW_TLS_SNIOBS	e:fs:flow:ff9a6ac9c657:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:ff9a6ac9c657 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-33bdca28f4470cd7:host:172.234.197.23	SESSION-33bdca28f4470cd7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5626602f012a6e70:host:172.234.197.23	SESSION-5626602f012a6e70 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-171cec02c0effee6:host:177.10.233.255	SESSION-171cec02c0effee6 → host:177.10.233.255
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-aae42b7cc2993272:BSG-DATA_EXFIL-db0e592b57c5	SESSION-aae42b7cc2993272 → BSG-DATA_EXFIL-db0e592b57c5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-256da911109eccd4:PCAP:capture_20260430060001:919b39a74464	SESSION-256da911109eccd4 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b8f87145037449c:host:177.10.236.239	SESSION-7b8f87145037449c → host:177.10.236.239
FLOW_TO_HOSTOBS	e:to:SESSION-d2d2e0adb85f8f3e:host:172.234.197.23	SESSION-d2d2e0adb85f8f3e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-94f17b7b7397155e:host:177.10.233.60:host:172.234.197.23	SESSION-94f17b7b7397155e → host:177.10.233.60 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e3944d5014504521:flow:3bc938eaf0e8	SESSION-e3944d5014504521 → flow:3bc938eaf0e8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8366f626d6b88fcf:host:172.234.197.23	SESSION-8366f626d6b88fcf → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b1dfe7de9432473b:host:131.196.29.201	SESSION-b1dfe7de9432473b → host:131.196.29.201
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.237:asn:262880	host:177.10.235.237 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7205a781bd8c8542:SESSION-7205a781bd8c8542	SESSION-7205a781bd8c8542 → pe:syn:SESSION-7205a781bd8c8542
FLOW_TO_HOSTOBS	e:to:SESSION-36a0a9e003021f23:host:172.234.197.23	SESSION-36a0a9e003021f23 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.146:geo_-16.28860_-49.01640	host:177.10.233.146 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-1f6bbc079dc776bc:host:172.234.197.23	SESSION-1f6bbc079dc776bc → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5fb6fe079446275d:host:172.234.197.23:host:131.196.30.185	SESSION-5fb6fe079446275d → host:172.234.197.23 → host:131.196.30.185
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1a75f9666a4fd8c5:SESSION-1a75f9666a4fd8c5	SESSION-1a75f9666a4fd8c5 → pe:tls:SESSION-1a75f9666a4fd8c5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b72757303ebc2bde:SESSION-b72757303ebc2bde	SESSION-b72757303ebc2bde → pe:syn:SESSION-b72757303ebc2bde
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27b2c896335b5c16:host:172.234.197.23	SESSION-27b2c896335b5c16 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3765ec9be9d5	flow:3765ec9be9d5 → host:131.196.31.38 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9633daabdcbaa0c0:PCAP:capture_20260430060001:919b39a74464	SESSION-9633daabdcbaa0c0 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9427f5c2202c5258:host:172.234.197.23	SESSION-9427f5c2202c5258 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7640c6607dc14992:host:172.234.197.23	SESSION-7640c6607dc14992 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2e627b58284e1729:SESSION-2e627b58284e1729	SESSION-2e627b58284e1729 → pe:syn:SESSION-2e627b58284e1729
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.54:geo_-21.10010_-41.69200	host:45.173.156.54 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:d8263b3fe9a6:port:tcp:443	flow:d8263b3fe9a6 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:c5d998052524	flow:c5d998052524 → host:172.234.197.23 → host:45.173.156.153 → port:tcp:33313
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bdc14171c537b7eb:SESSION-bdc14171c537b7eb	SESSION-bdc14171c537b7eb → pe:syn:SESSION-bdc14171c537b7eb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-62e68b494cd2572d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-62e68b494cd2572d → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:9ef2c055debc	flow:9ef2c055debc → host:45.173.156.205 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-febabcac2b03c9d1:PCAP:capture_20260430150001:ded20914761d	SESSION-febabcac2b03c9d1 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a24ab62cbf4deb47:flow:c059322f6c89	SESSION-a24ab62cbf4deb47 → flow:c059322f6c89
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eecb9eac95f77073:PCAP:capture_20260430110001:43611bdf6759	SESSION-eecb9eac95f77073 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:37f76ce330d4:port:tcp:443	flow:37f76ce330d4 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-810f814d66b016e7:host:45.173.156.240:host:172.234.197.23	SESSION-810f814d66b016e7 → host:45.173.156.240 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:bd9cbeb07997	flow:bd9cbeb07997 → host:131.196.31.174 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4628aedb62e0673e:SESSION-4628aedb62e0673e	SESSION-4628aedb62e0673e → pe:tls:SESSION-4628aedb62e0673e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-69d28aa413742c82:SESSION-69d28aa413742c82	SESSION-69d28aa413742c82 → pe:syn:SESSION-69d28aa413742c82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eecb9eac95f77073:SESSION-eecb9eac95f77073	SESSION-eecb9eac95f77073 → pe:syn:SESSION-eecb9eac95f77073
FLOW_FROM_HOSTOBS	e:from:SESSION-3c282c87f3b4a743:host:177.10.235.179	SESSION-3c282c87f3b4a743 → host:177.10.235.179
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3fb8ed1fbc81e736:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3fb8ed1fbc81e736 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7dc8a86be27d0230:SESSION-7dc8a86be27d0230	SESSION-7dc8a86be27d0230 → pe:tls:SESSION-7dc8a86be27d0230
FLOW_TO_HOSTOBS	e:to:SESSION-b72f7dde05c7e1dd:host:172.234.197.23	SESSION-b72f7dde05c7e1dd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-64abd49ab16af3e3:flow:53d02928b48f	SESSION-64abd49ab16af3e3 → flow:53d02928b48f
FLOW_DST_PORTOBS	e:fp:flow:7645329c448b:port:tcp:443	flow:7645329c448b → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8c07bee6bb583aca:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8c07bee6bb583aca → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-9b95e1310dc4ff34:host:131.196.30.125	SESSION-9b95e1310dc4ff34 → host:131.196.30.125
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-72e57a99703d053d:SESSION-72e57a99703d053d	SESSION-72e57a99703d053d → pe:tls:SESSION-72e57a99703d053d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-56e56d8157575627:SESSION-56e56d8157575627	SESSION-56e56d8157575627 → pe:syn:SESSION-56e56d8157575627
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-02cfffe2a1cdb1f3:SESSION-02cfffe2a1cdb1f3	SESSION-02cfffe2a1cdb1f3 → pe:syn:SESSION-02cfffe2a1cdb1f3
HOST_IN_ASNOBS 85%	e:ha:host:104.28.157.111:asn:13335	host:104.28.157.111 → asn:13335
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-24f08652bbd6b16b:flow:ed37285d7356	SESSION-24f08652bbd6b16b → flow:ed37285d7356
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36e366306285e270:host:172.234.197.23	SESSION-36e366306285e270 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d18ddb12cf5478af:SESSION-d18ddb12cf5478af	SESSION-d18ddb12cf5478af → pe:syn:SESSION-d18ddb12cf5478af
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.27:asn:262880	host:177.10.232.27 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.70:geo_-16.28860_-49.01640	host:177.10.234.70 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e49a14deb2e22da:host:80.94.92.186	SESSION-4e49a14deb2e22da → host:80.94.92.186
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f2e1e1ea3d3f0587:SESSION-f2e1e1ea3d3f0587	SESSION-f2e1e1ea3d3f0587 → pe:syn:SESSION-f2e1e1ea3d3f0587
FLOW_TO_HOSTOBS	e:to:SESSION-4117bfae8d393f9c:host:177.10.238.189	SESSION-4117bfae8d393f9c → host:177.10.238.189
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6aa2ce807ac3d210:SESSION-6aa2ce807ac3d210	SESSION-6aa2ce807ac3d210 → pe:tls:SESSION-6aa2ce807ac3d210
FLOW_DST_PORTOBS	e:fp:flow:0c4bd7089ed1:port:tcp:48867	flow:0c4bd7089ed1 → port:tcp:48867
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.154:asn:262880	host:177.10.234.154 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c1df48b404d2bce0:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c1df48b404d2bce0 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9cd2627e6ddbbad1:host:172.234.197.23:host:131.196.31.4	SESSION-9cd2627e6ddbbad1 → host:172.234.197.23 → host:131.196.31.4
FLOW_TO_HOSTOBS	e:to:SESSION-e987eea1f59290d7:host:172.234.197.23	SESSION-e987eea1f59290d7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-077f434652010402:host:177.10.239.67	SESSION-077f434652010402 → host:177.10.239.67
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65a2e80880ae05c5:host:177.10.239.113:host:172.234.197.23	SESSION-65a2e80880ae05c5 → host:177.10.239.113 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-17dd55091d27669a:host:172.234.197.23	SESSION-17dd55091d27669a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e488bd001486e0ee:SESSION-e488bd001486e0ee	SESSION-e488bd001486e0ee → pe:tls:SESSION-e488bd001486e0ee
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.79:geo_-23.62930_-46.63510	host:131.196.29.79 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fad7428bd8cc35c5:host:177.10.236.233:host:172.234.197.23	SESSION-fad7428bd8cc35c5 → host:177.10.236.233 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-53f84807a0945e6c:host:131.196.28.101:host:172.234.197.23	SESSION-53f84807a0945e6c → host:131.196.28.101 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3ebbfb7f9178	flow:3ebbfb7f9178 → host:177.10.236.105 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ef1bfc51ed52e33:host:177.10.238.17:host:172.234.197.23	SESSION-8ef1bfc51ed52e33 → host:177.10.238.17 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac2cef9f7dcbf562:host:172.234.197.23	SESSION-ac2cef9f7dcbf562 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4f8f4fc610e76fd:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c4f8f4fc610e76fd → PCAP:capture_20260430100001:55715ebbe6bf
ASN_IN_ORGOBS 80%	e:ao:asn:213438:org:ColocaTel Inc.	asn:213438 → org:ColocaTel Inc.
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6535f7c42f72cb7f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6535f7c42f72cb7f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-921486915e849834:host:131.196.29.77:host:172.234.197.23	SESSION-921486915e849834 → host:131.196.29.77 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06ba851c038c998a:host:177.10.233.255	SESSION-06ba851c038c998a → host:177.10.233.255
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-92547fda1a59fab0:SESSION-92547fda1a59fab0	SESSION-92547fda1a59fab0 → pe:syn:SESSION-92547fda1a59fab0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc77084e1c24867c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-cc77084e1c24867c → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-c70f7d0fa3cda32b:host:172.234.197.23	SESSION-c70f7d0fa3cda32b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4da5ddbc1348c177:PCAP:capture_20260430050001:8868731bf8a4	SESSION-4da5ddbc1348c177 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-711f533390ef220f:host:172.234.197.23:host:177.10.239.242	SESSION-711f533390ef220f → host:172.234.197.23 → host:177.10.239.242
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf12b1de67086909:flow:ae154a35ce42	SESSION-bf12b1de67086909 → flow:ae154a35ce42
FLOW_FROM_HOSTOBS	e:from:SESSION-6756f0bedb2cdb12:host:177.10.232.254	SESSION-6756f0bedb2cdb12 → host:177.10.232.254
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.76:geo_-16.28860_-49.01640	host:177.10.236.76 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21bd08fb36aa18e9:host:131.196.30.28	SESSION-21bd08fb36aa18e9 → host:131.196.30.28
FLOW_DST_PORTOBS	e:fp:flow:91f1c0546e64:port:tcp:443	flow:91f1c0546e64 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-082f90538556b940:host:131.196.29.144:host:172.234.197.23	SESSION-082f90538556b940 → host:131.196.29.144 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e488bd001486e0ee:SESSION-e488bd001486e0ee	SESSION-e488bd001486e0ee → pe:syn:SESSION-e488bd001486e0ee
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e77787f9a5bab711:host:172.234.197.23:host:177.10.237.72	SESSION-e77787f9a5bab711 → host:172.234.197.23 → host:177.10.237.72
flow_observed5-aryOBS	e:fo:flow:2ced477327d5	flow:2ced477327d5 → host:131.196.28.69 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5106b190666c06c:host:131.196.30.125	SESSION-a5106b190666c06c → host:131.196.30.125
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.43:asn:262880	host:177.10.234.43 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-347229f80efdfaa4:host:131.196.30.33:host:172.234.197.23	SESSION-347229f80efdfaa4 → host:131.196.30.33 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5cc817034f10	flow:5cc817034f10 → host:177.10.235.241 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-db5998ef2bd3405b:host:172.234.197.23	SESSION-db5998ef2bd3405b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a971dfbf90734efe:SESSION-a971dfbf90734efe	SESSION-a971dfbf90734efe → pe:tls:SESSION-a971dfbf90734efe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e5a933b86812e122:SESSION-e5a933b86812e122	SESSION-e5a933b86812e122 → pe:syn:SESSION-e5a933b86812e122
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0929735579c89e2:host:172.234.197.23	SESSION-d0929735579c89e2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d54bd183a716274c:host:172.234.197.23	SESSION-d54bd183a716274c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d0453327d6800ed:host:131.196.31.4	SESSION-1d0453327d6800ed → host:131.196.31.4
FLOW_DST_PORTOBS	e:fp:flow:2022b021ddcf:port:tcp:443	flow:2022b021ddcf → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-fad6b9be10f7d404:host:51.75.171.21	SESSION-fad6b9be10f7d404 → host:51.75.171.21
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df808ed8a09d8e60:host:131.196.31.165	SESSION-df808ed8a09d8e60 → host:131.196.31.165
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5d249db6ec3f34e:host:172.234.197.23	SESSION-d5d249db6ec3f34e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cfdf42e58546762b:SESSION-cfdf42e58546762b	SESSION-cfdf42e58546762b → pe:tls:SESSION-cfdf42e58546762b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.151:geo_-16.28860_-49.01640	host:177.10.232.151 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a139b1df55cde4d7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a139b1df55cde4d7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:41359760b1a0	flow:41359760b1a0 → host:131.196.29.237 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-ddbd1238f020bf6b:host:177.10.239.132	SESSION-ddbd1238f020bf6b → host:177.10.239.132
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-841299f020c7f00d:SESSION-841299f020c7f00d	SESSION-841299f020c7f00d → pe:syn:SESSION-841299f020c7f00d
flow_observed5-aryOBS	e:fo:flow:b5ead2da4aee	flow:b5ead2da4aee → host:131.196.29.60 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-58a871785a3878fd:flow:cb268bb25b30	SESSION-58a871785a3878fd → flow:cb268bb25b30
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1e2a14af4b2a82fd:PCAP:capture_20260430050001:8868731bf8a4	SESSION-1e2a14af4b2a82fd → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5da0813b370b7e29:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-5da0813b370b7e29 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-619cd2820aafdf33:host:131.196.28.246	SESSION-619cd2820aafdf33 → host:131.196.28.246
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f43808d089ea9fde:flow:686bd558a135	SESSION-f43808d089ea9fde → flow:686bd558a135
FLOW_TO_HOSTOBS	e:to:SESSION-72786bca04f1b5c7:host:172.234.197.23	SESSION-72786bca04f1b5c7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9716031ec5470ef:host:172.234.197.23	SESSION-c9716031ec5470ef → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d65a28f7cbebfeb:host:172.234.197.23	SESSION-9d65a28f7cbebfeb → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7ae30acbd5f5fc5:SESSION-b7ae30acbd5f5fc5	SESSION-b7ae30acbd5f5fc5 → pe:tls:SESSION-b7ae30acbd5f5fc5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a681df8efb85197d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a681df8efb85197d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd4d686620f5fc14:host:13.53.140.247	SESSION-cd4d686620f5fc14 → host:13.53.140.247
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8b61fb09d40ad349:SESSION-8b61fb09d40ad349	SESSION-8b61fb09d40ad349 → pe:tls:SESSION-8b61fb09d40ad349
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02199a3eaa60c28c:host:131.196.29.167	SESSION-02199a3eaa60c28c → host:131.196.29.167
FLOW_FROM_HOSTOBS	e:from:SESSION-0b8c772918251267:host:45.173.156.56	SESSION-0b8c772918251267 → host:45.173.156.56
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.8:asn:271410	host:131.196.28.8 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-991550775dcb0266:host:172.234.197.23	SESSION-991550775dcb0266 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b16231fef814b904:host:172.234.197.23	SESSION-b16231fef814b904 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac742257199be2dd:host:131.196.28.81	SESSION-ac742257199be2dd → host:131.196.28.81
FLOW_TO_HOSTOBS	e:to:SESSION-7f77535316d56a4c:host:172.234.197.23	SESSION-7f77535316d56a4c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0afc12079a05a1b1:flow:daaebd94ce82	SESSION-0afc12079a05a1b1 → flow:daaebd94ce82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78c74ad080075522:host:172.234.197.23	SESSION-78c74ad080075522 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5626602f012a6e70:SESSION-5626602f012a6e70	SESSION-5626602f012a6e70 → pe:tls:SESSION-5626602f012a6e70
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.2:asn:273470	host:45.173.156.2 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b51ebf4113a5ef49:SESSION-b51ebf4113a5ef49	SESSION-b51ebf4113a5ef49 → pe:tls:SESSION-b51ebf4113a5ef49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-753bfef963e546aa:SESSION-753bfef963e546aa	SESSION-753bfef963e546aa → pe:syn:SESSION-753bfef963e546aa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca5156d485d150e2:host:172.234.197.23	SESSION-ca5156d485d150e2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:215b11605fcc:port:tcp:443	flow:215b11605fcc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-757e5ed1a89f1610:SESSION-757e5ed1a89f1610	SESSION-757e5ed1a89f1610 → pe:tls:SESSION-757e5ed1a89f1610
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a247b2224692840d:host:172.234.197.23	SESSION-a247b2224692840d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:27b67a899243	flow:27b67a899243 → host:131.196.31.92 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:f961c3be1f44	flow:f961c3be1f44 → host:131.196.31.27 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22c25719fd1e6342:host:172.234.197.23	SESSION-22c25719fd1e6342 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b4d8f281c422	flow:b4d8f281c422 → host:131.196.31.192 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-97231868d06ff2ed:SESSION-97231868d06ff2ed	SESSION-97231868d06ff2ed → pe:tls:SESSION-97231868d06ff2ed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40c5d05833b5d363:host:172.234.197.23	SESSION-40c5d05833b5d363 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-099b4106de78317b:flow:6f31c7eb2d73	SESSION-099b4106de78317b → flow:6f31c7eb2d73
FLOW_DST_PORTOBS	e:fp:flow:3df4a18d0a97:port:tcp:443	flow:3df4a18d0a97 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1191ea69c7b9e8e5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1191ea69c7b9e8e5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-68010cf4db790ce8:host:95.170.25.245	SESSION-68010cf4db790ce8 → host:95.170.25.245
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c54b7fde1829c775:flow:1df367a3fbb6	SESSION-c54b7fde1829c775 → flow:1df367a3fbb6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c1429c4885068b09:flow:927dcbb083cd	SESSION-c1429c4885068b09 → flow:927dcbb083cd
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.129:geo_-16.28860_-49.01640	host:177.10.236.129 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2f93cb0de4645e47:host:131.196.31.29:host:172.234.197.23	SESSION-2f93cb0de4645e47 → host:131.196.31.29 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36f4c424d3b5f86e:host:177.10.235.36	SESSION-36f4c424d3b5f86e → host:177.10.235.36
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf0bb0d03710ab65:flow:e35eac55d46e	SESSION-bf0bb0d03710ab65 → flow:e35eac55d46e
FLOW_FROM_HOSTOBS	e:from:SESSION-5b5b84f652a18f91:host:172.234.197.23	SESSION-5b5b84f652a18f91 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7a0913a57a803cab:SESSION-7a0913a57a803cab	SESSION-7a0913a57a803cab → pe:syn:SESSION-7a0913a57a803cab
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-66897d09e7f9757a:flow:5968ff9ca8b3	SESSION-66897d09e7f9757a → flow:5968ff9ca8b3
FLOW_DST_PORTOBS	e:fp:flow:2df3ee5e9ff6:port:tcp:32108	flow:2df3ee5e9ff6 → port:tcp:32108
FLOW_FROM_HOSTOBS	e:from:SESSION-114b93c0875a1701:host:172.234.197.23	SESSION-114b93c0875a1701 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1c47767899447038:SESSION-1c47767899447038	SESSION-1c47767899447038 → pe:syn:SESSION-1c47767899447038
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7852f400065b4a55:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7852f400065b4a55 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-202b4507c8c6a688:host:172.234.197.23	SESSION-202b4507c8c6a688 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9eddb8081d100874:host:172.232.0.17	SESSION-9eddb8081d100874 → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-94e9de291da3c2c9:flow:7aadf75473fd	SESSION-94e9de291da3c2c9 → flow:7aadf75473fd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-803b2289978a359c:PCAP:capture_20260428010001:b1b402c7b202	SESSION-803b2289978a359c → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-656bb895abc59727:host:172.234.197.23	SESSION-656bb895abc59727 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-133d7db2ccbe04c8:SESSION-133d7db2ccbe04c8	SESSION-133d7db2ccbe04c8 → pe:tls:SESSION-133d7db2ccbe04c8
FLOW_TO_HOSTOBS	e:to:SESSION-4b7d412d830baf98:host:177.10.235.214	SESSION-4b7d412d830baf98 → host:177.10.235.214
FLOW_FROM_HOSTOBS	e:from:SESSION-cad98c39a19fe348:host:177.10.236.92	SESSION-cad98c39a19fe348 → host:177.10.236.92
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-08d3390238946fda:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-08d3390238946fda → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d11c29aca82696f2:flow:7a7aec91cffe	SESSION-d11c29aca82696f2 → flow:7a7aec91cffe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f635007151c479b8:SESSION-f635007151c479b8	SESSION-f635007151c479b8 → pe:syn:SESSION-f635007151c479b8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-56d3faf83e1ced7d:SESSION-56d3faf83e1ced7d	SESSION-56d3faf83e1ced7d → pe:rst:SESSION-56d3faf83e1ced7d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3767fab91283496e:host:172.234.197.23	SESSION-3767fab91283496e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e76870e292a86821:host:172.234.197.23	SESSION-e76870e292a86821 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8d9f933822471a5a:PCAP:capture_20260430060001:919b39a74464	SESSION-8d9f933822471a5a → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:594e915dc799	flow:594e915dc799 → host:177.10.239.55 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-633c88960b55f389:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-633c88960b55f389 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3e05f2032b3abac3:flow:81a15ff062a8	SESSION-3e05f2032b3abac3 → flow:81a15ff062a8
FLOW_FROM_HOSTOBS	e:from:SESSION-1440a3c9b30a4056:host:177.10.232.84	SESSION-1440a3c9b30a4056 → host:177.10.232.84
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a1d9624273099964:flow:d39d584292f8	SESSION-a1d9624273099964 → flow:d39d584292f8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dfd5cbc4ed1c485c:SESSION-dfd5cbc4ed1c485c	SESSION-dfd5cbc4ed1c485c → pe:syn:SESSION-dfd5cbc4ed1c485c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e4b14eb8b6ee95ef:flow:c3c4fedf781f	SESSION-e4b14eb8b6ee95ef → flow:c3c4fedf781f
FLOW_TO_HOSTOBS	e:to:SESSION-cb88b05b3590e26e:host:172.234.197.23	SESSION-cb88b05b3590e26e → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.203:geo_-16.28860_-49.01640	host:177.10.239.203 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.95:geo_-23.62930_-46.63510	host:131.196.28.95 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.124:geo_-16.28860_-49.01640	host:177.10.236.124 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.139:asn:262880	host:177.10.238.139 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.195:asn:271410	host:131.196.28.195 → asn:271410
flow_observed4-aryOBS	e:fo:flow:8d146c274485	flow:8d146c274485 → host:172.234.197.23 → host:131.196.28.128 → port:tcp:14997
flow_observed5-aryOBS	e:fo:flow:17af5446ca65	flow:17af5446ca65 → host:131.196.30.212 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5d4ae68a057da74d:flow:ab9b76775656	SESSION-5d4ae68a057da74d → flow:ab9b76775656
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0c6cb018cbd8a763:SESSION-0c6cb018cbd8a763	SESSION-0c6cb018cbd8a763 → pe:syn:SESSION-0c6cb018cbd8a763
flow_observed5-aryOBS	e:fo:flow:ab0e7633f4fd	flow:ab0e7633f4fd → host:177.10.234.192 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0371abab0ef43e73:SESSION-0371abab0ef43e73	SESSION-0371abab0ef43e73 → pe:syn:SESSION-0371abab0ef43e73
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-01e9e36dd29e3f1f:SESSION-01e9e36dd29e3f1f	SESSION-01e9e36dd29e3f1f → pe:syn:SESSION-01e9e36dd29e3f1f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f307fcf20a41b5a0:host:172.234.197.23:host:177.10.239.106	SESSION-f307fcf20a41b5a0 → host:172.234.197.23 → host:177.10.239.106
FLOW_TO_HOSTOBS	e:to:SESSION-eed6a9b72737e44d:host:45.173.156.39	SESSION-eed6a9b72737e44d → host:45.173.156.39
FLOW_DST_PORTOBS	e:fp:flow:4b25e07bf3ac:port:tcp:443	flow:4b25e07bf3ac → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f8362a96ce0b7626:flow:5bdf9bbf4f3e	SESSION-f8362a96ce0b7626 → flow:5bdf9bbf4f3e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8938c8d43c3c288:host:177.10.234.172	SESSION-d8938c8d43c3c288 → host:177.10.234.172
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b699e12e3fdc2278:flow:af7db4fb2b51	SESSION-b699e12e3fdc2278 → flow:af7db4fb2b51
FLOW_DST_PORTOBS	e:fp:flow:06feb1171a7e:port:tcp:443	flow:06feb1171a7e → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-20e3655a208f66c6:PCAP:capture_20260430050001:8868731bf8a4	SESSION-20e3655a208f66c6 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-36966af2dfd8700b:host:172.234.197.23	SESSION-36966af2dfd8700b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6e2683c2a1a03e97:SESSION-6e2683c2a1a03e97	SESSION-6e2683c2a1a03e97 → pe:syn:SESSION-6e2683c2a1a03e97
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0804c956ce93675c:SESSION-0804c956ce93675c	SESSION-0804c956ce93675c → pe:syn:SESSION-0804c956ce93675c
FLOW_FROM_HOSTOBS	e:from:SESSION-422ba54da9c49203:host:172.234.197.23	SESSION-422ba54da9c49203 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4db2284d1be9:port:tcp:443	flow:4db2284d1be9 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-06814c349a39e79e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-06814c349a39e79e → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a18dc2bb6be0117f:host:131.196.30.68:host:172.234.197.23	SESSION-a18dc2bb6be0117f → host:131.196.30.68 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c84f2bc6bdec600e:host:172.234.197.23:host:131.196.28.80	SESSION-c84f2bc6bdec600e → host:172.234.197.23 → host:131.196.28.80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1da9f85a5b3be49b:SESSION-1da9f85a5b3be49b	SESSION-1da9f85a5b3be49b → pe:syn:SESSION-1da9f85a5b3be49b
FLOW_FROM_HOSTOBS	e:from:SESSION-98083f958ccf36d4:host:185.231.226.73	SESSION-98083f958ccf36d4 → host:185.231.226.73
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e991004bd02372d1:host:131.196.29.130	SESSION-e991004bd02372d1 → host:131.196.29.130
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9cd2627e6ddbbad1:flow:4868f6e5b122	SESSION-9cd2627e6ddbbad1 → flow:4868f6e5b122
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:13.212.244.245:geo_1.29390_103.84610	host:13.212.244.245 → geo_1.29390_103.84610
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-030b2a260e8012dd:host:131.196.31.138:host:172.234.197.23	SESSION-030b2a260e8012dd → host:131.196.31.138 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9e3e5dcd2ccb687:host:172.234.197.23	SESSION-f9e3e5dcd2ccb687 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a6cc06f30e6c05bb:host:172.234.197.23	SESSION-a6cc06f30e6c05bb → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6acf80163cc3	flow:6acf80163cc3 → host:131.196.30.213 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:5fda13ddd80d	flow:5fda13ddd80d → host:177.10.237.103 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9eda278d49363b57:SESSION-9eda278d49363b57	SESSION-9eda278d49363b57 → pe:syn:SESSION-9eda278d49363b57
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-49ea8e2d7734ace3:flow:e2840bae4bd6	SESSION-49ea8e2d7734ace3 → flow:e2840bae4bd6
flow_observed4-aryOBS	e:fo:flow:3efa649fed79	flow:3efa649fed79 → host:172.234.197.23 → host:177.10.232.100 → port:tcp:14425
FLOW_FROM_HOSTOBS	e:from:SESSION-d2b55c597efe9edc:host:44.247.223.188	SESSION-d2b55c597efe9edc → host:44.247.223.188
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c2bdd821ab6e9acc:SESSION-c2bdd821ab6e9acc	SESSION-c2bdd821ab6e9acc → pe:syn:SESSION-c2bdd821ab6e9acc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9bd60248a4061d8d:host:177.10.238.98:host:172.234.197.23	SESSION-9bd60248a4061d8d → host:177.10.238.98 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b1cf957f4a121d77:SESSION-b1cf957f4a121d77	SESSION-b1cf957f4a121d77 → pe:syn:SESSION-b1cf957f4a121d77
flow_observed5-aryOBS	e:fo:flow:be316d307c17	flow:be316d307c17 → host:45.173.156.57 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1f29948747ee8d5c:flow:08a65ced42d7	SESSION-1f29948747ee8d5c → flow:08a65ced42d7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-19ae824852752386:host:172.234.197.23:host:131.196.28.221	SESSION-19ae824852752386 → host:172.234.197.23 → host:131.196.28.221
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0414bb340c93930b:SESSION-0414bb340c93930b	SESSION-0414bb340c93930b → pe:tls:SESSION-0414bb340c93930b
FLOW_DST_PORTOBS	e:fp:flow:e3039f9f3e4f:port:tcp:443	flow:e3039f9f3e4f → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d27008d937f2d8be:host:177.10.234.142:host:172.234.197.23	SESSION-d27008d937f2d8be → host:177.10.234.142 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.208:geo_-21.10010_-41.69200	host:45.173.156.208 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-33348e69a2613db6:host:172.234.197.23	SESSION-33348e69a2613db6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a07ffa981e156af1:SESSION-a07ffa981e156af1	SESSION-a07ffa981e156af1 → pe:syn:SESSION-a07ffa981e156af1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.195:geo_-16.28860_-49.01640	host:177.10.234.195 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-4d673ded8fa5efc5:host:172.234.197.23	SESSION-4d673ded8fa5efc5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-64a8475d206a0785:host:172.234.197.23	SESSION-64a8475d206a0785 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e33208793a04fae:host:3.102.9.236	SESSION-8e33208793a04fae → host:3.102.9.236
FLOW_DST_PORTOBS	e:fp:flow:ffc45234dfd0:port:tcp:443	flow:ffc45234dfd0 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3123a8609bb9fc1:host:172.234.197.23	SESSION-a3123a8609bb9fc1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:145bd14ae672:port:tcp:443	flow:145bd14ae672 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-26e26ae77a5f41e1:host:177.10.238.247	SESSION-26e26ae77a5f41e1 → host:177.10.238.247
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.71:asn:262880	host:177.10.239.71 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:95e965a44333:port:tcp:443	flow:95e965a44333 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-b8f2b3515afd502b:host:131.196.28.94	SESSION-b8f2b3515afd502b → host:131.196.28.94
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-df6efecba493c79c:flow:ffbe47ee66cd	SESSION-df6efecba493c79c → flow:ffbe47ee66cd
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.4:asn:262880	host:177.10.232.4 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.206:geo_-16.28860_-49.01640	host:177.10.234.206 → geo_-16.28860_-49.01640
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-edfeffbce5127655:BSG-DATA_EXFIL-0ab35a46403b	SESSION-edfeffbce5127655 → BSG-DATA_EXFIL-0ab35a46403b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f350449fc7d11b3:host:172.234.197.23	SESSION-7f350449fc7d11b3 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.141:asn:271410	host:131.196.28.141 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-75d6129ea0f7ecdc:host:172.234.197.23:host:131.196.28.247	SESSION-75d6129ea0f7ecdc → host:172.234.197.23 → host:131.196.28.247
flow_observed4-aryOBS	e:fo:flow:3b557a8dfb82	flow:3b557a8dfb82 → host:172.234.197.23 → host:177.10.238.56 → port:tcp:43110
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-49ea9885c560f158:SESSION-49ea9885c560f158	SESSION-49ea9885c560f158 → pe:syn:SESSION-49ea9885c560f158
flow_observed4-aryOBS	e:fo:flow:0fb65829cb27	flow:0fb65829cb27 → host:172.234.197.23 → host:177.10.235.81 → port:tcp:808
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20a3b697d9e7cdf6:host:172.234.197.23	SESSION-20a3b697d9e7cdf6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-41eaa3dd80eab155:SESSION-41eaa3dd80eab155	SESSION-41eaa3dd80eab155 → pe:syn:SESSION-41eaa3dd80eab155
FLOW_DST_PORTOBS	e:fp:flow:1ee72008a57f:port:tcp:52767	flow:1ee72008a57f → port:tcp:52767
flow_observed4-aryOBS	e:fo:flow:5e507f38970c	flow:5e507f38970c → host:172.234.197.23 → host:177.10.237.180 → port:tcp:52626
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.77:geo_-16.28860_-49.01640	host:177.10.236.77 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:d9a7a81e01f7	flow:d9a7a81e01f7 → host:45.173.156.212 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.49:asn:271410	host:131.196.30.49 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-8402a55882de6bd8:host:177.10.237.147	SESSION-8402a55882de6bd8 → host:177.10.237.147
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5e8651e0c063dc0a:SESSION-5e8651e0c063dc0a	SESSION-5e8651e0c063dc0a → pe:syn:SESSION-5e8651e0c063dc0a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2a19838102931ca6:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2a19838102931ca6 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37bca0dc2914cafb:PCAP:capture_20260430110001:43611bdf6759	SESSION-37bca0dc2914cafb → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-1ffcf84507219fc2:host:177.10.239.2	SESSION-1ffcf84507219fc2 → host:177.10.239.2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c701d534f5ceb273:host:172.234.197.23	SESSION-c701d534f5ceb273 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:c0ca51e32a85	flow:c0ca51e32a85 → host:172.234.197.23 → host:177.10.232.196 → port:tcp:59058
FLOW_DST_PORTOBS	e:fp:flow:73ec004c322c:port:tcp:5775	flow:73ec004c322c → port:tcp:5775
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cdad751a34344e1:host:177.10.236.27	SESSION-6cdad751a34344e1 → host:177.10.236.27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6e6afdb068db09de:SESSION-6e6afdb068db09de	SESSION-6e6afdb068db09de → pe:syn:SESSION-6e6afdb068db09de
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-647d0fec9adf08f1:host:103.97.91.27	SESSION-647d0fec9adf08f1 → host:103.97.91.27
FLOW_FROM_HOSTOBS	e:from:SESSION-4bd79e02a6b67038:host:78.12.17.95	SESSION-4bd79e02a6b67038 → host:78.12.17.95
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7aec1fe7f0c7787b:host:177.10.232.112	SESSION-7aec1fe7f0c7787b → host:177.10.232.112
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2dbb680dd253e19c:SESSION-2dbb680dd253e19c	SESSION-2dbb680dd253e19c → pe:tls:SESSION-2dbb680dd253e19c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c701d534f5ceb273:SESSION-c701d534f5ceb273	SESSION-c701d534f5ceb273 → pe:syn:SESSION-c701d534f5ceb273
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e271128847ae06df:SESSION-e271128847ae06df	SESSION-e271128847ae06df → pe:syn:SESSION-e271128847ae06df
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.166:asn:271410	host:131.196.29.166 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.54:asn:262880	host:177.10.233.54 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-b8fb4f1df9684ff2:host:131.196.28.59	SESSION-b8fb4f1df9684ff2 → host:131.196.28.59
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.150:asn:262880	host:177.10.233.150 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d79f2acd73027b39:SESSION-d79f2acd73027b39	SESSION-d79f2acd73027b39 → pe:syn:SESSION-d79f2acd73027b39
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-759329d52e4cabab:BSG-BEACON-e07f4250263f	SESSION-759329d52e4cabab → BSG-BEACON-e07f4250263f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.159:geo_41.02140_28.99480	host:185.231.226.159 → geo_41.02140_28.99480
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.168:geo_-23.62930_-46.63510	host:131.196.29.168 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae6c5a18819e9434:host:177.10.236.86	SESSION-ae6c5a18819e9434 → host:177.10.236.86
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e1ff5f640d9a1d3a:flow:d9b2312bea71	SESSION-e1ff5f640d9a1d3a → flow:d9b2312bea71
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.141:geo_-16.28860_-49.01640	host:177.10.233.141 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:e4ec5b91c99f	flow:e4ec5b91c99f → host:131.196.31.46 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-589f676f16819868:host:172.234.197.23	SESSION-589f676f16819868 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9d47d1bafad5ad0:host:172.234.197.23	SESSION-b9d47d1bafad5ad0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-21ae4bade70b1440:host:177.10.235.165:host:172.234.197.23	SESSION-21ae4bade70b1440 → host:177.10.235.165 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-91196c5d66e04f5c:flow:2ca0708230f1	SESSION-91196c5d66e04f5c → flow:2ca0708230f1
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.105:asn:262880	host:177.10.239.105 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-59de2965684be0b6:flow:0a874088480d	SESSION-59de2965684be0b6 → flow:0a874088480d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-415d7b69c6628cc7:host:172.234.197.23	SESSION-415d7b69c6628cc7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9072e99a39ab8173:host:45.173.156.61	SESSION-9072e99a39ab8173 → host:45.173.156.61
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9c596c163b79d372:SESSION-9c596c163b79d372	SESSION-9c596c163b79d372 → pe:tls:SESSION-9c596c163b79d372
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ef3fadfeb89ec1c3:PCAP:capture_20260428010001:b1b402c7b202	SESSION-ef3fadfeb89ec1c3 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c5381aaad8fa568:host:177.10.238.59	SESSION-6c5381aaad8fa568 → host:177.10.238.59
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.217:asn:271410	host:131.196.29.217 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-5fc95fe30edf5706:host:172.234.197.23	SESSION-5fc95fe30edf5706 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c55eb6f1c0bb6137:host:172.232.0.16	SESSION-c55eb6f1c0bb6137 → host:172.232.0.16
FLOW_TO_HOSTOBS	e:to:SESSION-eed27da13c534290:host:172.234.197.23	SESSION-eed27da13c534290 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.199:asn:271410	host:131.196.29.199 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:aa8dff7d28f7:port:tcp:443	flow:aa8dff7d28f7 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:f7faa68f85f6	flow:f7faa68f85f6 → host:177.10.239.58 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.222:asn:262880	host:177.10.238.222 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ef354b4063646368:SESSION-ef354b4063646368	SESSION-ef354b4063646368 → pe:tls:SESSION-ef354b4063646368
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.128:geo_41.02140_28.99480	host:37.221.79.128 → geo_41.02140_28.99480
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.94:geo_-16.28860_-49.01640	host:177.10.236.94 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5c9b4c9e225ad1d:host:172.234.197.23	SESSION-f5c9b4c9e225ad1d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6a72e7bc5d973ed2:host:131.196.31.140	SESSION-6a72e7bc5d973ed2 → host:131.196.31.140
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-42d85a7a0d0a6c22:SESSION-42d85a7a0d0a6c22	SESSION-42d85a7a0d0a6c22 → pe:syn:SESSION-42d85a7a0d0a6c22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a98c5df3fe5e6d6:host:131.196.31.58	SESSION-4a98c5df3fe5e6d6 → host:131.196.31.58
flow_observed5-aryOBS	e:fo:flow:55c81ca43275	flow:55c81ca43275 → host:177.10.239.213 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.170:geo_-23.62930_-46.63510	host:131.196.31.170 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-de46def2c97c3533:SESSION-de46def2c97c3533	SESSION-de46def2c97c3533 → pe:tls:SESSION-de46def2c97c3533
FLOW_TO_HOSTOBS	e:to:SESSION-1d00f55e5db951c5:host:172.234.197.23	SESSION-1d00f55e5db951c5 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.124:asn:262880	host:177.10.237.124 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d5969e9f81f277f3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d5969e9f81f277f3 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-e8104be0e9171978:SESSION-e8104be0e9171978	SESSION-e8104be0e9171978 → pe:dns:SESSION-e8104be0e9171978
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5bfd6f31a89c294d:host:177.10.233.116	SESSION-5bfd6f31a89c294d → host:177.10.233.116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a81d3c71843f89e:host:149.210.194.32	SESSION-2a81d3c71843f89e → host:149.210.194.32
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-09c97c2e7f8ca5a6:host:172.234.197.23:host:177.10.238.7	SESSION-09c97c2e7f8ca5a6 → host:172.234.197.23 → host:177.10.238.7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fa49f714001a7a70:flow:28adc96fab59	SESSION-fa49f714001a7a70 → flow:28adc96fab59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-07139a9423b3d79f:SESSION-07139a9423b3d79f	SESSION-07139a9423b3d79f → pe:syn:SESSION-07139a9423b3d79f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-10ed4263d8057f18:flow:cb68c175ad52	SESSION-10ed4263d8057f18 → flow:cb68c175ad52
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-981fac77dd79326b:host:172.234.197.23:host:177.10.239.57	SESSION-981fac77dd79326b → host:172.234.197.23 → host:177.10.239.57
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a22fc187bcc4d705:host:172.234.197.23	SESSION-a22fc187bcc4d705 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.128:asn:271410	host:131.196.30.128 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:1ef64fa87830:port:tcp:15984	flow:1ef64fa87830 → port:tcp:15984
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d33ef29909b4f2d5:host:172.234.197.23	SESSION-d33ef29909b4f2d5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db76c4941d3529f6:host:172.234.197.23	SESSION-db76c4941d3529f6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4370d06debc0fcec:host:172.234.197.23	SESSION-4370d06debc0fcec → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9bd60248a4061d8d:SESSION-9bd60248a4061d8d	SESSION-9bd60248a4061d8d → pe:tls:SESSION-9bd60248a4061d8d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eee0288be94ee16a:host:45.173.156.253:host:172.234.197.23	SESSION-eee0288be94ee16a → host:45.173.156.253 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-63fc840f6df40503:host:172.234.197.23	SESSION-63fc840f6df40503 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-43d9721f29111779:flow:1b98b9f04daf	SESSION-43d9721f29111779 → flow:1b98b9f04daf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-915c694a7f41c8e3:SESSION-915c694a7f41c8e3	SESSION-915c694a7f41c8e3 → pe:tls:SESSION-915c694a7f41c8e3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-27b5dd82e2b65bbd:PCAP:capture_20260430110001:43611bdf6759	SESSION-27b5dd82e2b65bbd → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:6c39dc1f1460	flow:6c39dc1f1460 → host:177.10.239.211 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-597a035229423245:flow:76a18fca6382	SESSION-597a035229423245 → flow:76a18fca6382
FLOW_FROM_HOSTOBS	e:from:SESSION-0758ca9101405049:host:172.234.197.23	SESSION-0758ca9101405049 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8d8e16e7f7cb138:host:172.234.197.23	SESSION-c8d8e16e7f7cb138 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a73f5b0635e28ad4:host:172.234.197.23	SESSION-a73f5b0635e28ad4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4ecf1376a54312e6:host:131.196.30.162:host:172.234.197.23	SESSION-4ecf1376a54312e6 → host:131.196.30.162 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d269b4a1c84321cd:host:172.234.197.23	SESSION-d269b4a1c84321cd → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fc5634306e23209a:host:172.234.197.23	SESSION-fc5634306e23209a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2d58321ba87c:port:tcp:443	flow:2d58321ba87c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1d16880e0846180:host:131.196.31.160	SESSION-a1d16880e0846180 → host:131.196.31.160
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ef4dd3d9fcb73b5:host:172.234.197.23	SESSION-6ef4dd3d9fcb73b5 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:92515270b68c	flow:92515270b68c → host:131.196.31.77 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-6ee6825b3a9be6d1:host:177.10.235.215	SESSION-6ee6825b3a9be6d1 → host:177.10.235.215
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d220051223525d86:PCAP:capture_20260430150001:ded20914761d	SESSION-d220051223525d86 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-68010cf4db790ce8:host:172.234.197.23	SESSION-68010cf4db790ce8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8f568a8ff1de	flow:8f568a8ff1de → host:177.10.233.144 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ff7dac0188fe8fcb:host:177.10.239.108:host:172.234.197.23	SESSION-ff7dac0188fe8fcb → host:177.10.239.108 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f06d97c7ac4f577b:PCAP:capture_20260430150001:ded20914761d	SESSION-f06d97c7ac4f577b → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6a10e6ba939684b8:flow:d82d84b392c5	SESSION-6a10e6ba939684b8 → flow:d82d84b392c5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-40e0d0b129f437fd:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-40e0d0b129f437fd → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2842c4c08e29d7d7:host:37.221.79.41:host:172.234.197.23	SESSION-2842c4c08e29d7d7 → host:37.221.79.41 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.207:asn:262880	host:177.10.234.207 → asn:262880
flow_observed5-aryOBS	e:fo:flow:5227d7443502	flow:5227d7443502 → host:177.10.233.168 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-1350be77996fff9b:host:172.234.197.23	SESSION-1350be77996fff9b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9a89f177ff4c	flow:9a89f177ff4c → host:177.10.236.77 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f2ae6b0bca9a8c33:host:131.196.31.78	SESSION-f2ae6b0bca9a8c33 → host:131.196.31.78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c6483e185c23934:host:172.234.197.23	SESSION-7c6483e185c23934 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1328d27dd48f8a49:host:172.234.197.23	SESSION-1328d27dd48f8a49 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42eae260ad8ea663:host:172.234.197.23	SESSION-42eae260ad8ea663 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-251fcdeeb3ee3f58:SESSION-251fcdeeb3ee3f58	SESSION-251fcdeeb3ee3f58 → pe:tls:SESSION-251fcdeeb3ee3f58
FLOW_TO_HOSTOBS	e:to:SESSION-8d12ffa49d0d3231:host:172.234.197.23	SESSION-8d12ffa49d0d3231 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-52edb7664c060999:host:31.40.196.41	SESSION-52edb7664c060999 → host:31.40.196.41
FLOW_DST_PORTOBS	e:fp:flow:b4499b53d392:port:tcp:443	flow:b4499b53d392 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6d920a3cc562b13:host:172.234.197.23	SESSION-b6d920a3cc562b13 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4ba3ff89783efd81:PCAP:capture_20260430110001:43611bdf6759	SESSION-4ba3ff89783efd81 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d32b9643240d8a79:host:172.234.197.23	SESSION-d32b9643240d8a79 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bdc14171c537b7eb:flow:9d87fb457f27	SESSION-bdc14171c537b7eb → flow:9d87fb457f27
FLOW_DST_PORTOBS	e:fp:flow:3765ec9be9d5:port:tcp:443	flow:3765ec9be9d5 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:11ea1a4ce4fe	flow:11ea1a4ce4fe → host:131.196.29.91 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.103:asn:262880	host:177.10.237.103 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8c917f93463d3774:host:35.95.128.58:host:172.234.197.23	SESSION-8c917f93463d3774 → host:35.95.128.58 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fad613e75ea639b5:host:172.234.197.23	SESSION-fad613e75ea639b5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-723b8399a0bced6b:host:172.234.197.23	SESSION-723b8399a0bced6b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2e4cb96e9954f000:host:177.10.235.87	SESSION-2e4cb96e9954f000 → host:177.10.235.87
flow_observed4-aryOBS	e:fo:flow:8bd242be2a31	flow:8bd242be2a31 → host:172.234.197.23 → host:131.196.30.39 → port:tcp:10619
FLOW_TLS_SNIOBS	e:fs:flow:3b89477bda88:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:3b89477bda88 → tls_sni:172-234-197-23.ip.linodeusercontent.com
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.55:asn:273470	host:45.173.156.55 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a5aae11508cfd60:host:131.196.29.225	SESSION-9a5aae11508cfd60 → host:131.196.29.225
FLOW_TO_HOSTOBS	e:to:SESSION-eaecff6799ccb464:host:172.234.197.23	SESSION-eaecff6799ccb464 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a60100c841341ace:SESSION-a60100c841341ace	SESSION-a60100c841341ace → pe:tls:SESSION-a60100c841341ace
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e46bef1b2f6daf0:host:172.234.197.23	SESSION-2e46bef1b2f6daf0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:798c9865fb79	flow:798c9865fb79 → host:177.10.237.63 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:db9035c128d2	flow:db9035c128d2 → host:131.196.29.156 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5eed95be9c1a7022:PCAP:capture_20260430160001:9bfa4498506a	SESSION-5eed95be9c1a7022 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-39e4fa54be3b3e55:host:172.234.197.23:host:131.196.31.111	SESSION-39e4fa54be3b3e55 → host:172.234.197.23 → host:131.196.31.111
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-78dc8874b859c826:flow:22d7649bfc2b	SESSION-78dc8874b859c826 → flow:22d7649bfc2b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.204:asn:262880	host:177.10.234.204 → asn:262880
flow_observed4-aryOBS	e:fo:flow:a6b3b8505a68	flow:a6b3b8505a68 → host:172.234.197.23 → host:45.173.156.85 → port:tcp:43407
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f4a86c40e28bf330:SESSION-f4a86c40e28bf330	SESSION-f4a86c40e28bf330 → pe:tls:SESSION-f4a86c40e28bf330
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1c5a72a6fbc2381d:host:131.196.29.205:host:172.234.197.23	SESSION-1c5a72a6fbc2381d → host:131.196.29.205 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f74caf722af4b362:host:177.10.239.102	SESSION-f74caf722af4b362 → host:177.10.239.102
FLOW_TO_HOSTOBS	e:to:SESSION-df1a511d64dc2d8e:host:177.10.232.34	SESSION-df1a511d64dc2d8e → host:177.10.232.34
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27d66e2c1260cc5f:host:177.10.238.43	SESSION-27d66e2c1260cc5f → host:177.10.238.43
flow_observed5-aryOBS	e:fo:flow:e17fa3c43e75	flow:e17fa3c43e75 → host:31.40.196.199 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9633daabdcbaa0c0:host:177.10.234.163:host:172.234.197.23	SESSION-9633daabdcbaa0c0 → host:177.10.234.163 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:85bddf7d0383	flow:85bddf7d0383 → host:177.10.239.140 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-60f4d0af24f032dd:flow:5cc5d5872470	SESSION-60f4d0af24f032dd → flow:5cc5d5872470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bee309b4d5047c7d:host:131.196.29.103	SESSION-bee309b4d5047c7d → host:131.196.29.103
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5cf2fdb6c848ac6c:PCAP:capture_20260430150001:ded20914761d	SESSION-5cf2fdb6c848ac6c → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93d8ace0d48e8910:host:172.234.197.23	SESSION-93d8ace0d48e8910 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:31fdf1497dec	flow:31fdf1497dec → host:172.234.197.23 → host:131.196.30.233 → port:tcp:48470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11d1e958623763ef:host:177.10.234.46	SESSION-11d1e958623763ef → host:177.10.234.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ef46e42b79ae57cb:SESSION-ef46e42b79ae57cb	SESSION-ef46e42b79ae57cb → pe:syn:SESSION-ef46e42b79ae57cb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3529b49a7d38dad6:SESSION-3529b49a7d38dad6	SESSION-3529b49a7d38dad6 → pe:syn:SESSION-3529b49a7d38dad6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f879597a466f9080:SESSION-f879597a466f9080	SESSION-f879597a466f9080 → pe:tls:SESSION-f879597a466f9080
FLOW_TO_HOSTOBS	e:to:SESSION-5eed95be9c1a7022:host:172.234.197.23	SESSION-5eed95be9c1a7022 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ac742257199be2dd:host:172.234.197.23	SESSION-ac742257199be2dd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1d152bdff2d4d10:host:177.10.232.121	SESSION-d1d152bdff2d4d10 → host:177.10.232.121
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-581b4c1bc6ff5f0b:host:131.196.29.162:host:172.234.197.23	SESSION-581b4c1bc6ff5f0b → host:131.196.29.162 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-63e207f92d9c898d:host:172.234.197.23	SESSION-63e207f92d9c898d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ba070ea29625f6c:host:172.234.197.23	SESSION-4ba070ea29625f6c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-091ae841df8cdc2c:SESSION-091ae841df8cdc2c	SESSION-091ae841df8cdc2c → pe:syn:SESSION-091ae841df8cdc2c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a899a8160ea28b7:host:172.234.197.23	SESSION-3a899a8160ea28b7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-091d255d08b85143:host:172.234.197.23	SESSION-091d255d08b85143 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.161:asn:262880	host:177.10.234.161 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:41f1b68a64df:port:tcp:443	flow:41f1b68a64df → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-25103b8a97127215:host:177.10.235.9	SESSION-25103b8a97127215 → host:177.10.235.9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ae8012f8306fedb:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6ae8012f8306fedb → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.189:geo_-16.28860_-49.01640	host:177.10.237.189 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c5ea1449320ef78b:SESSION-c5ea1449320ef78b	SESSION-c5ea1449320ef78b → pe:syn:SESSION-c5ea1449320ef78b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fe3fb5807179bb52:SESSION-fe3fb5807179bb52	SESSION-fe3fb5807179bb52 → pe:tls:SESSION-fe3fb5807179bb52
flow_observed5-aryOBS	e:fo:flow:3feb8ae5b20c	flow:3feb8ae5b20c → host:131.196.28.7 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b0fc61bce823543f:flow:9136a00be2e6	SESSION-b0fc61bce823543f → flow:9136a00be2e6
FLOW_TO_HOSTOBS	e:to:SESSION-bea10d62e606d6ea:host:172.234.197.23	SESSION-bea10d62e606d6ea → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a61ffb582cb9	flow:a61ffb582cb9 → host:177.10.235.129 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:acd01af9e4bf	flow:acd01af9e4bf → host:131.196.29.157 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eac07967aaca78dc:SESSION-eac07967aaca78dc	SESSION-eac07967aaca78dc → pe:tls:SESSION-eac07967aaca78dc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d9466ee8fbea2465:host:131.196.28.7:host:172.234.197.23	SESSION-d9466ee8fbea2465 → host:131.196.28.7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5bede5fedae88e0:host:172.234.197.23	SESSION-a5bede5fedae88e0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-317129b18cf7eb6c:host:172.234.197.23	SESSION-317129b18cf7eb6c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1f299703bc1b4ff9:SESSION-1f299703bc1b4ff9	SESSION-1f299703bc1b4ff9 → pe:tls:SESSION-1f299703bc1b4ff9
flow_observed5-aryOBS	e:fo:flow:1a765a6c1e1b	flow:1a765a6c1e1b → host:177.10.239.235 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5d45bed796decc2:host:45.173.156.208:host:172.234.197.23	SESSION-b5d45bed796decc2 → host:45.173.156.208 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:cc96ecdc8b9f	flow:cc96ecdc8b9f → host:177.10.233.137 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ffcf84507219fc2:host:177.10.239.2	SESSION-1ffcf84507219fc2 → host:177.10.239.2
FLOW_TO_HOSTOBS	e:to:SESSION-f8ffffed45ee6ab8:host:172.234.197.23	SESSION-f8ffffed45ee6ab8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-27b2c896335b5c16:SESSION-27b2c896335b5c16	SESSION-27b2c896335b5c16 → pe:syn:SESSION-27b2c896335b5c16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe8896cc58e0f0aa:host:172.234.197.23	SESSION-fe8896cc58e0f0aa → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.121:geo_-23.62930_-46.63510	host:131.196.31.121 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-592321b004976459:host:172.234.197.23	SESSION-592321b004976459 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bf997a1aac5d0ef1:host:177.10.235.42	SESSION-bf997a1aac5d0ef1 → host:177.10.235.42
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2af0189f90c79b2:host:172.234.197.23	SESSION-d2af0189f90c79b2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2289078120ff48cc:SESSION-2289078120ff48cc	SESSION-2289078120ff48cc → pe:tls:SESSION-2289078120ff48cc
FLOW_DST_PORTOBS	e:fp:flow:29de516052b7:port:tcp:52055	flow:29de516052b7 → port:tcp:52055
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4d1c4ac80a0d275:SESSION-c4d1c4ac80a0d275	SESSION-c4d1c4ac80a0d275 → pe:syn:SESSION-c4d1c4ac80a0d275
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ef022cf55a10b05:SESSION-6ef022cf55a10b05	SESSION-6ef022cf55a10b05 → pe:syn:SESSION-6ef022cf55a10b05
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-685011adf9d67a1b:SESSION-685011adf9d67a1b	SESSION-685011adf9d67a1b → pe:syn:SESSION-685011adf9d67a1b
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.244:asn:271410	host:131.196.30.244 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.217:geo_-16.28860_-49.01640	host:177.10.236.217 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:37fd51176c67	flow:37fd51176c67 → host:172.234.197.23 → host:177.10.235.26 → port:tcp:29010
FLOW_DST_PORTOBS	e:fp:flow:3f1627c07472:port:tcp:2710	flow:3f1627c07472 → port:tcp:2710
FLOW_FROM_HOSTOBS	e:from:SESSION-1fc518dfa07303a8:host:45.173.156.219	SESSION-1fc518dfa07303a8 → host:45.173.156.219
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b7f4612f7527a5d:host:177.10.238.10:host:172.234.197.23	SESSION-5b7f4612f7527a5d → host:177.10.238.10 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.235:geo_-23.62930_-46.63510	host:131.196.29.235 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d8d8471d99b0ccf5:SESSION-d8d8471d99b0ccf5	SESSION-d8d8471d99b0ccf5 → pe:syn:SESSION-d8d8471d99b0ccf5
FLOW_FROM_HOSTOBS	e:from:SESSION-543230bb149abbcc:host:45.173.156.254	SESSION-543230bb149abbcc → host:45.173.156.254
flow_observed5-aryOBS	e:fo:flow:982c682e252c	flow:982c682e252c → host:177.10.235.105 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.57:asn:262880	host:177.10.237.57 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-449915b4a668f160:SESSION-449915b4a668f160	SESSION-449915b4a668f160 → pe:syn:SESSION-449915b4a668f160
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d1d74e40d653f073:SESSION-d1d74e40d653f073	SESSION-d1d74e40d653f073 → pe:tls:SESSION-d1d74e40d653f073
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8b082affabc66a77:host:172.234.197.23:host:131.196.31.71	SESSION-8b082affabc66a77 → host:172.234.197.23 → host:131.196.31.71
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-de35503b4a9f2ce3:host:45.173.156.210:host:172.234.197.23	SESSION-de35503b4a9f2ce3 → host:45.173.156.210 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e47ff6197158625f:SESSION-e47ff6197158625f	SESSION-e47ff6197158625f → pe:tls:SESSION-e47ff6197158625f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0be6cf40df30cb93:SESSION-0be6cf40df30cb93	SESSION-0be6cf40df30cb93 → pe:syn:SESSION-0be6cf40df30cb93
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6bca989f2c390047:host:172.234.197.23	SESSION-6bca989f2c390047 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fcd4658ed0002284:host:131.196.28.106	SESSION-fcd4658ed0002284 → host:131.196.28.106
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a87c967af45101a2:SESSION-a87c967af45101a2	SESSION-a87c967af45101a2 → pe:tls:SESSION-a87c967af45101a2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-da14485ca0be7376:host:199.16.157.182:host:172.234.197.23	SESSION-da14485ca0be7376 → host:199.16.157.182 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e47cd7d3b6c5e00d:host:172.234.197.23	SESSION-e47cd7d3b6c5e00d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3be9919fc6df9ffa:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-3be9919fc6df9ffa → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-efd1ddb1a087b877:host:172.234.197.23:host:177.10.239.129	SESSION-efd1ddb1a087b877 → host:172.234.197.23 → host:177.10.239.129
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09c97c2e7f8ca5a6:host:172.234.197.23	SESSION-09c97c2e7f8ca5a6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5ed34bf9fded9d68:SESSION-5ed34bf9fded9d68	SESSION-5ed34bf9fded9d68 → pe:tls:SESSION-5ed34bf9fded9d68
FLOW_FROM_HOSTOBS	e:from:SESSION-c422154c7899227e:host:177.10.234.192	SESSION-c422154c7899227e → host:177.10.234.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38f74251dfc6c10a:host:103.155.16.117	SESSION-38f74251dfc6c10a → host:103.155.16.117
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a82c7f51b8bc2f4f:SESSION-a82c7f51b8bc2f4f	SESSION-a82c7f51b8bc2f4f → pe:tls:SESSION-a82c7f51b8bc2f4f
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.138:asn:262880	host:177.10.233.138 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46b3e65e40562e00:host:131.196.28.42	SESSION-46b3e65e40562e00 → host:131.196.28.42
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.72:asn:262880	host:177.10.235.72 → asn:262880
flow_observed5-aryOBS	e:fo:flow:329147a28565	flow:329147a28565 → host:131.196.28.12 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:df4d7faedab5:port:tcp:443	flow:df4d7faedab5 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-6fda720fc6282204:host:177.10.238.60	SESSION-6fda720fc6282204 → host:177.10.238.60
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1328d27dd48f8a49:host:95.135.228.39:host:172.234.197.23	SESSION-1328d27dd48f8a49 → host:95.135.228.39 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-484d7e89f92d0359:host:177.10.234.36	SESSION-484d7e89f92d0359 → host:177.10.234.36
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-065e72b14a827150:host:177.10.237.128	SESSION-065e72b14a827150 → host:177.10.237.128
FLOW_FROM_HOSTOBS	e:from:SESSION-79760fcdb710bc7a:host:172.234.197.23	SESSION-79760fcdb710bc7a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a1e631f6e627b67d:host:172.234.197.23:host:177.10.239.196	SESSION-a1e631f6e627b67d → host:172.234.197.23 → host:177.10.239.196
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fd437604af995a2a:flow:2073e59d39ae	SESSION-fd437604af995a2a → flow:2073e59d39ae
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.54:geo_-16.28860_-49.01640	host:177.10.233.54 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7926734d1890078a:host:172.234.197.23:host:177.10.234.221	SESSION-7926734d1890078a → host:172.234.197.23 → host:177.10.234.221
FLOW_FROM_HOSTOBS	e:from:SESSION-63be833bbb100650:host:172.234.197.23	SESSION-63be833bbb100650 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:11668ee1bc9c:port:tcp:443	flow:11668ee1bc9c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-33916bd4dadd0440:SESSION-33916bd4dadd0440	SESSION-33916bd4dadd0440 → pe:syn:SESSION-33916bd4dadd0440
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-970108b06912c1b7:flow:ac199626a1c4	SESSION-970108b06912c1b7 → flow:ac199626a1c4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-412d8e92812f4ea2:PCAP:capture_20260430110001:43611bdf6759	SESSION-412d8e92812f4ea2 → PCAP:capture_20260430110001:43611bdf6759
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:52.12.196.158:geo_45.84010_-119.70500	host:52.12.196.158 → geo_45.84010_-119.70500
FLOW_TO_HOSTOBS	e:to:SESSION-16b002b5a5ba0e61:host:172.234.197.23	SESSION-16b002b5a5ba0e61 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c30aca3eb872:port:tcp:443	flow:c30aca3eb872 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ba96028c0d9bf0a3:SESSION-ba96028c0d9bf0a3	SESSION-ba96028c0d9bf0a3 → pe:tls:SESSION-ba96028c0d9bf0a3
flow_observed4-aryOBS	e:fo:flow:90a4c66aff81	flow:90a4c66aff81 → host:172.234.197.23 → host:131.196.28.141 → port:tcp:50095
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2e46bef1b2f6daf0:flow:33ab980b5e65	SESSION-2e46bef1b2f6daf0 → flow:33ab980b5e65
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35e3c61c67455ba8:host:131.196.28.145	SESSION-35e3c61c67455ba8 → host:131.196.28.145
FLOW_FROM_HOSTOBS	e:from:SESSION-4a2f82c2a85816be:host:131.196.28.15	SESSION-4a2f82c2a85816be → host:131.196.28.15
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03bb88743ccc2c68:host:172.234.197.23	SESSION-03bb88743ccc2c68 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ddb8ef81f168c6c0:host:131.196.30.176	SESSION-ddb8ef81f168c6c0 → host:131.196.30.176
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fd6ef4118ff649ff:flow:1100b27fc0e7	SESSION-fd6ef4118ff649ff → flow:1100b27fc0e7
FLOW_FROM_HOSTOBS	e:from:SESSION-cc2833e8abe7ed0a:host:177.10.235.40	SESSION-cc2833e8abe7ed0a → host:177.10.235.40
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa0d5d025ae2ba4d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-aa0d5d025ae2ba4d → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.144:asn:262880	host:177.10.236.144 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b34520b38e3fc963:PCAP:capture_20260430090001:065659c7d314	SESSION-b34520b38e3fc963 → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:72799e7cd136:port:tcp:443	flow:72799e7cd136 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-938eb42ac2c00523:host:57.128.95.181	SESSION-938eb42ac2c00523 → host:57.128.95.181
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.12:geo_-23.62930_-46.63510	host:131.196.28.12 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e1b90ecadb949fa3:SESSION-e1b90ecadb949fa3	SESSION-e1b90ecadb949fa3 → pe:tls:SESSION-e1b90ecadb949fa3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bc4f127cbdf1d5a3:flow:2a53da8d97d6	SESSION-bc4f127cbdf1d5a3 → flow:2a53da8d97d6
flow_observed5-aryOBS	e:fo:flow:b3d6afc82aab	flow:b3d6afc82aab → host:131.196.29.228 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-5e93d3fe416fcd95:host:172.234.197.23	SESSION-5e93d3fe416fcd95 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cdd13464c217a214:SESSION-cdd13464c217a214	SESSION-cdd13464c217a214 → pe:tls:SESSION-cdd13464c217a214
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-00efe759e05a1a39:host:172.234.197.23:host:177.10.239.93	SESSION-00efe759e05a1a39 → host:172.234.197.23 → host:177.10.239.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5d0f919734488d0b:SESSION-5d0f919734488d0b	SESSION-5d0f919734488d0b → pe:syn:SESSION-5d0f919734488d0b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-797ddf76fc257ebf:host:177.10.238.248	SESSION-797ddf76fc257ebf → host:177.10.238.248
FLOW_DST_PORTOBS	e:fp:flow:a64aac8ff523:port:tcp:55924	flow:a64aac8ff523 → port:tcp:55924
FLOW_FROM_HOSTOBS	e:from:SESSION-c7c9a5d15324e2ea:host:45.173.156.19	SESSION-c7c9a5d15324e2ea → host:45.173.156.19
flow_observed5-aryOBS	e:fo:flow:ad31982a38b2	flow:ad31982a38b2 → host:2.57.122.192 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-958fc48089d68c44:SESSION-958fc48089d68c44	SESSION-958fc48089d68c44 → pe:syn:SESSION-958fc48089d68c44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f718644b6283d05d:SESSION-f718644b6283d05d	SESSION-f718644b6283d05d → pe:syn:SESSION-f718644b6283d05d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-35dd0088a1238ab9:SESSION-35dd0088a1238ab9	SESSION-35dd0088a1238ab9 → pe:tls:SESSION-35dd0088a1238ab9
FLOW_TO_HOSTOBS	e:to:SESSION-478ebcd540b5d0ef:host:177.10.236.189	SESSION-478ebcd540b5d0ef → host:177.10.236.189
FLOW_FROM_HOSTOBS	e:from:SESSION-8f62140848f2b702:host:185.231.226.231	SESSION-8f62140848f2b702 → host:185.231.226.231
FLOW_DST_PORTOBS	e:fp:flow:75643401072c:port:tcp:443	flow:75643401072c → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:78e73b44f51c	flow:78e73b44f51c → host:172.234.197.23 → host:45.173.156.70 → port:tcp:51772
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.3:geo_-23.62930_-46.63510	host:131.196.30.3 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c3cae868156d4440:SESSION-c3cae868156d4440	SESSION-c3cae868156d4440 → pe:syn:SESSION-c3cae868156d4440
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eeeeaab9fc572806:SESSION-eeeeaab9fc572806	SESSION-eeeeaab9fc572806 → pe:syn:SESSION-eeeeaab9fc572806
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0684dbb2a7f8dcaf:SESSION-0684dbb2a7f8dcaf	SESSION-0684dbb2a7f8dcaf → pe:syn:SESSION-0684dbb2a7f8dcaf
FLOW_DST_PORTOBS	e:fp:flow:54dd15c775d4:port:tcp:443	flow:54dd15c775d4 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-08eebf44a6874d1b:SESSION-08eebf44a6874d1b	SESSION-08eebf44a6874d1b → pe:tls:SESSION-08eebf44a6874d1b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86b4956d98680667:host:172.234.197.23	SESSION-86b4956d98680667 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-574ff4efae76e1f7:host:177.10.235.84:host:172.234.197.23	SESSION-574ff4efae76e1f7 → host:177.10.235.84 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d618ae22306fa7b9:host:177.10.234.91	SESSION-d618ae22306fa7b9 → host:177.10.234.91
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.212:geo_-16.28860_-49.01640	host:177.10.233.212 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f04e938497dcf32a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-f04e938497dcf32a → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-affecc1e92c420cb:SESSION-affecc1e92c420cb	SESSION-affecc1e92c420cb → pe:tls:SESSION-affecc1e92c420cb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9c64ea68345b811b:flow:c0018fe69521	SESSION-9c64ea68345b811b → flow:c0018fe69521
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b9d0d1a45a4e9ec7:flow:f55e3eaa0043	SESSION-b9d0d1a45a4e9ec7 → flow:f55e3eaa0043
FLOW_DST_PORTOBS	e:fp:flow:c8a68707d235:port:tcp:443	flow:c8a68707d235 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cd4086b575d9a1c0:SESSION-cd4086b575d9a1c0	SESSION-cd4086b575d9a1c0 → pe:tls:SESSION-cd4086b575d9a1c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d95ea715a47abbc:host:177.10.235.169	SESSION-6d95ea715a47abbc → host:177.10.235.169
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a498324f9fce7e9:SESSION-0a498324f9fce7e9	SESSION-0a498324f9fce7e9 → pe:tls:SESSION-0a498324f9fce7e9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f307fcf20a41b5a0:SESSION-f307fcf20a41b5a0	SESSION-f307fcf20a41b5a0 → pe:tls:SESSION-f307fcf20a41b5a0
FLOW_DST_PORTOBS	e:fp:flow:d451d20656a7:port:tcp:5156	flow:d451d20656a7 → port:tcp:5156
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-486ff38c4390c341:host:54.201.244.199	SESSION-486ff38c4390c341 → host:54.201.244.199
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.144:geo_41.02140_28.99480	host:185.231.226.144 → geo_41.02140_28.99480
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3bb178420802ca16:flow:ecb6aa8c52d6	SESSION-3bb178420802ca16 → flow:ecb6aa8c52d6
FLOW_FROM_HOSTOBS	e:from:SESSION-e035a13399d76ad4:host:172.234.197.23	SESSION-e035a13399d76ad4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77c36ee0b21ed6bb:host:45.173.156.244:host:172.234.197.23	SESSION-77c36ee0b21ed6bb → host:45.173.156.244 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5016108ab6552957:host:172.234.197.23	SESSION-5016108ab6552957 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3ea33f21558d3ba7:host:177.10.237.211:host:172.234.197.23	SESSION-3ea33f21558d3ba7 → host:177.10.237.211 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-430caa0514cbc012:host:131.196.29.192	SESSION-430caa0514cbc012 → host:131.196.29.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d99d46a236a5e045:host:131.196.30.150	SESSION-d99d46a236a5e045 → host:131.196.30.150
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4af9ea8e19c0cf86:SESSION-4af9ea8e19c0cf86	SESSION-4af9ea8e19c0cf86 → pe:syn:SESSION-4af9ea8e19c0cf86
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.183:geo_-16.28860_-49.01640	host:177.10.238.183 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.32:asn:262880	host:177.10.237.32 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-779f746558d2d979:host:177.10.235.169	SESSION-779f746558d2d979 → host:177.10.235.169
flow_observed5-aryOBS	e:fo:flow:98242fdada80	flow:98242fdada80 → host:131.196.28.130 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-30152f28b63d1649:flow:34d8db9f8965	SESSION-30152f28b63d1649 → flow:34d8db9f8965
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7ac052262d51e17:SESSION-b7ac052262d51e17	SESSION-b7ac052262d51e17 → pe:tls:SESSION-b7ac052262d51e17
flow_observed5-aryOBS	e:fo:flow:a4780ba78b2d	flow:a4780ba78b2d → host:177.10.236.215 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-a4167334bdfae4b6:host:131.196.28.223	SESSION-a4167334bdfae4b6 → host:131.196.28.223
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5d5e5bbccd32f2d5:host:172.234.197.23:host:131.196.30.45	SESSION-5d5e5bbccd32f2d5 → host:172.234.197.23 → host:131.196.30.45
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d0a2ec1133f1da31:SESSION-d0a2ec1133f1da31	SESSION-d0a2ec1133f1da31 → pe:syn:SESSION-d0a2ec1133f1da31
FLOW_FROM_HOSTOBS	e:from:SESSION-85c181ffe8433ff0:host:172.234.197.23	SESSION-85c181ffe8433ff0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d0153bfe1e0550f7:host:177.10.234.143	SESSION-d0153bfe1e0550f7 → host:177.10.234.143
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96d412735d478f25:flow:1f34a2a1eb06	SESSION-96d412735d478f25 → flow:1f34a2a1eb06
FLOW_TO_HOSTOBS	e:to:SESSION-a0efb63412ce5061:host:177.10.236.221	SESSION-a0efb63412ce5061 → host:177.10.236.221
flow_observed5-aryOBS	e:fo:flow:68d41f876fc0	flow:68d41f876fc0 → host:177.10.237.38 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f86e42aef9b2f482:host:172.234.197.23	SESSION-f86e42aef9b2f482 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2a34ec08b35e90b0:flow:d21b6b0f101f	SESSION-2a34ec08b35e90b0 → flow:d21b6b0f101f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36f959353527c71a:host:131.196.29.148	SESSION-36f959353527c71a → host:131.196.29.148
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dedab35c401db9fa:host:172.234.197.23:host:177.10.239.84	SESSION-dedab35c401db9fa → host:172.234.197.23 → host:177.10.239.84
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c54bf7ef52fb715c:flow:c3ad4e2cf73f	SESSION-c54bf7ef52fb715c → flow:c3ad4e2cf73f
FLOW_DST_PORTOBS	e:fp:flow:e317ac68355a:port:tcp:443	flow:e317ac68355a → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e2676dbc5b99ef14:host:177.10.234.117:host:172.234.197.23	SESSION-e2676dbc5b99ef14 → host:177.10.234.117 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ac1869edc353761e:host:131.196.29.41	SESSION-ac1869edc353761e → host:131.196.29.41
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a8ab97210507c98d:host:131.196.29.227	SESSION-a8ab97210507c98d → host:131.196.29.227
FLOW_TO_HOSTOBS	e:to:SESSION-4f1b980e392c4795:host:172.234.197.23	SESSION-4f1b980e392c4795 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-26a93711200ab02b:host:172.234.197.23	SESSION-26a93711200ab02b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-27536868d2d29d68:SESSION-27536868d2d29d68	SESSION-27536868d2d29d68 → pe:tls:SESSION-27536868d2d29d68
FLOW_DST_PORTOBS	e:fp:flow:43c901c3f5f5:port:tcp:39061	flow:43c901c3f5f5 → port:tcp:39061
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cad98c39a19fe348:flow:3384d19ad96b	SESSION-cad98c39a19fe348 → flow:3384d19ad96b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b51c77a005c8dfc8:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b51c77a005c8dfc8 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b6d027087dbd516e:SESSION-b6d027087dbd516e	SESSION-b6d027087dbd516e → pe:syn:SESSION-b6d027087dbd516e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.51:geo_-16.28860_-49.01640	host:177.10.235.51 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8958b8d9cf24f177:SESSION-8958b8d9cf24f177	SESSION-8958b8d9cf24f177 → pe:tls:SESSION-8958b8d9cf24f177
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4dcbfb7362ab6402:host:177.10.238.209:host:172.234.197.23	SESSION-4dcbfb7362ab6402 → host:177.10.238.209 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5792abf3d18d9356:host:177.10.237.35:host:172.234.197.23	SESSION-5792abf3d18d9356 → host:177.10.237.35 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-783928d3af0eed6e:host:131.196.31.218	SESSION-783928d3af0eed6e → host:131.196.31.218
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c716fd204e4ddd99:host:172.234.197.23	SESSION-c716fd204e4ddd99 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6df7b8aae1cc	flow:6df7b8aae1cc → host:177.10.237.122 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:ca4672e6c9cf:port:tcp:443	flow:ca4672e6c9cf → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fab752fe97090e4a:SESSION-fab752fe97090e4a	SESSION-fab752fe97090e4a → pe:syn:SESSION-fab752fe97090e4a
FLOW_DST_PORTOBS	e:fp:flow:b1dd07e29155:port:tcp:443	flow:b1dd07e29155 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:f2abe0420a48:port:tcp:51356	flow:f2abe0420a48 → port:tcp:51356
FLOW_TO_HOSTOBS	e:to:SESSION-66dcd1fd6d28b07f:host:177.10.233.231	SESSION-66dcd1fd6d28b07f → host:177.10.233.231
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6713221fe5694a6d:host:172.234.197.23	SESSION-6713221fe5694a6d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-34da31e596580b61:SESSION-34da31e596580b61	SESSION-34da31e596580b61 → pe:tls:SESSION-34da31e596580b61
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ffe6ab3345b8c10e:SESSION-ffe6ab3345b8c10e	SESSION-ffe6ab3345b8c10e → pe:tls:SESSION-ffe6ab3345b8c10e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9cc387e98cb8cb82:PCAP:capture_20260430090001:065659c7d314	SESSION-9cc387e98cb8cb82 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e8e2f8ae5ea03a25:flow:36e2e7eb9558	SESSION-e8e2f8ae5ea03a25 → flow:36e2e7eb9558
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f6ad5e06ec5a3a76:flow:7fac969ccea8	SESSION-f6ad5e06ec5a3a76 → flow:7fac969ccea8
FLOW_TO_HOSTOBS	e:to:SESSION-e48a8daff67bbc71:host:131.196.30.253	SESSION-e48a8daff67bbc71 → host:131.196.30.253
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a207ecea3558884:host:172.234.197.23	SESSION-9a207ecea3558884 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a486ebfba002f553:host:172.234.197.23	SESSION-a486ebfba002f553 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4baa6f7cc0122cad:flow:2591fb04a88d	SESSION-4baa6f7cc0122cad → flow:2591fb04a88d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.41:geo_41.02140_28.99480	host:31.40.196.41 → geo_41.02140_28.99480
FLOW_FROM_HOSTOBS	e:from:SESSION-85ceb858b118c816:host:177.10.234.23	SESSION-85ceb858b118c816 → host:177.10.234.23
flow_observed4-aryOBS	e:fo:flow:b04de7cc8d8a	flow:b04de7cc8d8a → host:172.234.197.23 → host:45.173.156.78 → port:tcp:50472
FLOW_TO_HOSTOBS	e:to:SESSION-90972096b6b00a4b:host:172.234.197.23	SESSION-90972096b6b00a4b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-077f434652010402:PCAP:capture_20260430110001:43611bdf6759	SESSION-077f434652010402 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97537ed6358a20d5:host:172.234.197.23	SESSION-97537ed6358a20d5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-60a71bd7fc87f54e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-60a71bd7fc87f54e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-bfbb16ce344dac5c:host:91.99.124.205	SESSION-bfbb16ce344dac5c → host:91.99.124.205
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-206c176870c7b9f2:host:177.10.235.112	SESSION-206c176870c7b9f2 → host:177.10.235.112
FLOW_DST_PORTOBS	e:fp:flow:4715a1b4db57:port:tcp:443	flow:4715a1b4db57 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d00c2356d94b56a1:host:177.10.236.204	SESSION-d00c2356d94b56a1 → host:177.10.236.204
FLOW_TO_HOSTOBS	e:to:SESSION-34d820c66fac079b:host:177.10.239.255	SESSION-34d820c66fac079b → host:177.10.239.255
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47fa70a72a159eed:flow:2b4a1d206e95	SESSION-47fa70a72a159eed → flow:2b4a1d206e95
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.225:geo_-23.62930_-46.63510	host:131.196.30.225 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.76:asn:262880	host:177.10.237.76 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49fc7ea897578489:host:172.234.197.23	SESSION-49fc7ea897578489 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5b79680f4b436a5:host:34.216.76.26:host:172.234.197.23	SESSION-b5b79680f4b436a5 → host:34.216.76.26 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:096c477c6fa2:port:tcp:11683	flow:096c477c6fa2 → port:tcp:11683
FLOW_TO_HOSTOBS	e:to:SESSION-e2676dbc5b99ef14:host:172.234.197.23	SESSION-e2676dbc5b99ef14 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68c9571f275cd182:host:177.10.239.79	SESSION-68c9571f275cd182 → host:177.10.239.79
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ea5a5c8bbfcfd548:SESSION-ea5a5c8bbfcfd548	SESSION-ea5a5c8bbfcfd548 → pe:syn:SESSION-ea5a5c8bbfcfd548
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6b4f32c5c51558e8:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6b4f32c5c51558e8 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.171:geo_-16.28860_-49.01640	host:177.10.238.171 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4503d5677d79139:host:172.234.197.23	SESSION-c4503d5677d79139 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8383343898074aaa:host:177.10.236.217	SESSION-8383343898074aaa → host:177.10.236.217
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-03f7a565a7cd59d8:SESSION-03f7a565a7cd59d8	SESSION-03f7a565a7cd59d8 → pe:syn:SESSION-03f7a565a7cd59d8
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-c55eb6f1c0bb6137:BSG-BEACON-e07f4250263f	SESSION-c55eb6f1c0bb6137 → BSG-BEACON-e07f4250263f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47fcc0d7da6d7c1a:host:177.10.239.11	SESSION-47fcc0d7da6d7c1a → host:177.10.239.11
FLOW_FROM_HOSTOBS	e:from:SESSION-44593e1f87cfdd92:host:131.196.31.14	SESSION-44593e1f87cfdd92 → host:131.196.31.14
flow_observed5-aryOBS	e:fo:flow:2e52ef2b8860	flow:2e52ef2b8860 → host:54.91.240.230 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-65c1debe675497c7:host:172.234.197.23	SESSION-65c1debe675497c7 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.144:asn:271410	host:131.196.31.144 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db98e45dca973468:host:172.234.197.23	SESSION-db98e45dca973468 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.178:geo_-21.10010_-41.69200	host:45.173.156.178 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3685b3a1e6c25f1a:host:185.231.226.68	SESSION-3685b3a1e6c25f1a → host:185.231.226.68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-051bd0ccc4bec756:host:177.10.238.96	SESSION-051bd0ccc4bec756 → host:177.10.238.96
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0e4303498e9ae3e:host:45.173.156.46	SESSION-b0e4303498e9ae3e → host:45.173.156.46
FLOW_FROM_HOSTOBS	e:from:SESSION-3cdf0b404a4678c5:host:177.10.239.15	SESSION-3cdf0b404a4678c5 → host:177.10.239.15
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0b228975a6eff356:host:172.234.197.23:host:131.196.28.230	SESSION-0b228975a6eff356 → host:172.234.197.23 → host:131.196.28.230
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-026fe63fd4f2486a:host:60.214.180.150	SESSION-026fe63fd4f2486a → host:60.214.180.150
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3a58fc1fb15d0c4:host:172.234.197.23	SESSION-c3a58fc1fb15d0c4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5e816643ff0559e8:host:177.10.236.206	SESSION-5e816643ff0559e8 → host:177.10.236.206
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-426c38e34029cb1b:host:177.10.233.76	SESSION-426c38e34029cb1b → host:177.10.233.76
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2096050a1fa0221d:flow:d36dc6d7eb80	SESSION-2096050a1fa0221d → flow:d36dc6d7eb80
flow_observed5-aryOBS	e:fo:flow:5792429a5c60	flow:5792429a5c60 → host:131.196.31.88 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:a081aebbc709	flow:a081aebbc709 → host:131.196.29.168 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-38ea28f2e42013a7:flow:c8b343e46d14	SESSION-38ea28f2e42013a7 → flow:c8b343e46d14
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ba035d2018b1429:flow:3c5f6476626b	SESSION-6ba035d2018b1429 → flow:3c5f6476626b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49f6aac001a41393:host:177.10.233.109	SESSION-49f6aac001a41393 → host:177.10.233.109
FLOW_FROM_HOSTOBS	e:from:SESSION-f4a69b65a94c1ea1:host:131.196.31.120	SESSION-f4a69b65a94c1ea1 → host:131.196.31.120
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ee986621b3f988f:SESSION-1ee986621b3f988f	SESSION-1ee986621b3f988f → pe:syn:SESSION-1ee986621b3f988f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a301fd9da8621bb:host:177.10.232.172	SESSION-7a301fd9da8621bb → host:177.10.232.172
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86b498cacf4afadd:host:45.173.156.82	SESSION-86b498cacf4afadd → host:45.173.156.82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f99dd3ca5b14a25:host:172.234.197.23	SESSION-2f99dd3ca5b14a25 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:686bd558a135	flow:686bd558a135 → host:131.196.28.72 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4cf4d7f5409c1837:flow:fbadd518a8d4	SESSION-4cf4d7f5409c1837 → flow:fbadd518a8d4
flow_observed4-aryOBS	e:fo:flow:8228d3bdb62e	flow:8228d3bdb62e → host:172.234.197.23 → host:177.10.232.205 → port:tcp:48581
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-353fd641d57f7d93:SESSION-353fd641d57f7d93	SESSION-353fd641d57f7d93 → pe:tls:SESSION-353fd641d57f7d93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c652a29a62d722ea:SESSION-c652a29a62d722ea	SESSION-c652a29a62d722ea → pe:tls:SESSION-c652a29a62d722ea
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ef1bfc51ed52e33:SESSION-8ef1bfc51ed52e33	SESSION-8ef1bfc51ed52e33 → pe:syn:SESSION-8ef1bfc51ed52e33
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-835226e6e5119935:SESSION-835226e6e5119935	SESSION-835226e6e5119935 → pe:syn:SESSION-835226e6e5119935
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7dbbf6b8420ecf88:host:131.196.31.146	SESSION-7dbbf6b8420ecf88 → host:131.196.31.146
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cddf604912330e1b:SESSION-cddf604912330e1b	SESSION-cddf604912330e1b → pe:syn:SESSION-cddf604912330e1b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.10:geo_-21.10010_-41.69200	host:45.173.156.10 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8578034648884afe:SESSION-8578034648884afe	SESSION-8578034648884afe → pe:syn:SESSION-8578034648884afe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a5106b190666c06c:SESSION-a5106b190666c06c	SESSION-a5106b190666c06c → pe:tls:SESSION-a5106b190666c06c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:18.175.215.247:geo_51.51640_-0.09300	host:18.175.215.247 → geo_51.51640_-0.09300
flow_observed4-aryOBS	e:fo:flow:0d640ebd0e77	flow:0d640ebd0e77 → host:172.234.197.23 → host:131.196.29.114 → port:tcp:58760
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0fe55e7c11d50f79:host:172.234.197.23	SESSION-0fe55e7c11d50f79 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ae53b938ea3675b:host:177.10.234.173	SESSION-2ae53b938ea3675b → host:177.10.234.173
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2d7ac357c55d6f7b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2d7ac357c55d6f7b → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce17c1c4b6f006e0:host:172.234.197.23	SESSION-ce17c1c4b6f006e0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5f416b1590e3cca4:SESSION-5f416b1590e3cca4	SESSION-5f416b1590e3cca4 → pe:tls:SESSION-5f416b1590e3cca4
FLOW_FROM_HOSTOBS	e:from:SESSION-a886511518ded078:host:177.10.236.57	SESSION-a886511518ded078 → host:177.10.236.57
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dae3e228e98c74e4:SESSION-dae3e228e98c74e4	SESSION-dae3e228e98c74e4 → pe:syn:SESSION-dae3e228e98c74e4
FLOW_DST_PORTOBS	e:fp:flow:8cc861ead55e:port:tcp:443	flow:8cc861ead55e → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bc308b17bca42662:host:51.75.171.21:host:172.234.197.23	SESSION-bc308b17bca42662 → host:51.75.171.21 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3144878b6b9a:port:tcp:39394	flow:3144878b6b9a → port:tcp:39394
FLOW_TO_HOSTOBS	e:to:SESSION-4f800f90b92d1e01:host:172.234.197.23	SESSION-4f800f90b92d1e01 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-391d28a36308a996:host:177.10.236.105:host:172.234.197.23	SESSION-391d28a36308a996 → host:177.10.236.105 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c0df43d2721e666e:host:131.196.31.255	SESSION-c0df43d2721e666e → host:131.196.31.255
FLOW_FROM_HOSTOBS	e:from:SESSION-4cc2e8571100ea2b:host:177.10.232.136	SESSION-4cc2e8571100ea2b → host:177.10.232.136
FLOW_FROM_HOSTOBS	e:from:SESSION-bef335bbd7bd0f49:host:172.234.197.23	SESSION-bef335bbd7bd0f49 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d5ae6e0246d28b44:SESSION-d5ae6e0246d28b44	SESSION-d5ae6e0246d28b44 → pe:syn:SESSION-d5ae6e0246d28b44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e076f857aa349ed0:SESSION-e076f857aa349ed0	SESSION-e076f857aa349ed0 → pe:syn:SESSION-e076f857aa349ed0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cdfe5014ffcf69db:flow:0df80c061ea1	SESSION-cdfe5014ffcf69db → flow:0df80c061ea1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0efcb065a58cc475:host:172.234.197.23:host:177.10.235.213	SESSION-0efcb065a58cc475 → host:172.234.197.23 → host:177.10.235.213
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f0b2e3019193f1ba:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f0b2e3019193f1ba → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4af1d7a3219c207:host:177.10.239.28	SESSION-d4af1d7a3219c207 → host:177.10.239.28
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-750fc9f72ee279c6:flow:430858ea5ed8	SESSION-750fc9f72ee279c6 → flow:430858ea5ed8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-89c2fe6aad8232be:flow:b7a29257b3a9	SESSION-89c2fe6aad8232be → flow:b7a29257b3a9
FLOW_TO_HOSTOBS	e:to:SESSION-1633b12f0e20b97e:host:172.234.197.23	SESSION-1633b12f0e20b97e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46f163e73b58987c:host:172.234.197.23	SESSION-46f163e73b58987c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-04ab6357fe1e6c0a:SESSION-04ab6357fe1e6c0a	SESSION-04ab6357fe1e6c0a → pe:syn:SESSION-04ab6357fe1e6c0a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-17fb8dd67040757e:PCAP:capture_20260430090001:065659c7d314	SESSION-17fb8dd67040757e → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-53fb5011e3d13c28:host:131.196.29.107	SESSION-53fb5011e3d13c28 → host:131.196.29.107
FLOW_TO_HOSTOBS	e:to:SESSION-7aaaf2932de65e0e:host:172.234.197.23	SESSION-7aaaf2932de65e0e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-414bf7406e62b7e2:host:177.10.239.112	SESSION-414bf7406e62b7e2 → host:177.10.239.112
flow_observed4-aryOBS	e:fo:flow:6bbf09456dc7	flow:6bbf09456dc7 → host:172.234.197.23 → host:177.10.237.82 → port:tcp:64251
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c14806e741c4fd98:host:109.89.117.44:host:172.234.197.23	SESSION-c14806e741c4fd98 → host:109.89.117.44 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:185e96127559:port:tcp:443	flow:185e96127559 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a27e337d4c0b49f3:SESSION-a27e337d4c0b49f3	SESSION-a27e337d4c0b49f3 → pe:tls:SESSION-a27e337d4c0b49f3
FLOW_FROM_HOSTOBS	e:from:SESSION-8624692ea119f1f3:host:172.234.197.23	SESSION-8624692ea119f1f3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-07bcf39894ea5ee9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-07bcf39894ea5ee9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc0003e096ddb203:SESSION-cc0003e096ddb203	SESSION-cc0003e096ddb203 → pe:tls:SESSION-cc0003e096ddb203
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2df4632ec7c2c624:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2df4632ec7c2c624 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:a73aa5e01c5f:port:tcp:443	flow:a73aa5e01c5f → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c227f10fbea5d546:host:172.234.197.23:host:131.196.29.120	SESSION-c227f10fbea5d546 → host:172.234.197.23 → host:131.196.29.120
FLOW_FROM_HOSTOBS	e:from:SESSION-4387fd9792a7eb8a:host:131.196.30.207	SESSION-4387fd9792a7eb8a → host:131.196.30.207
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.118.39.236:geo_45.99680_24.99700	host:92.118.39.236 → geo_45.99680_24.99700
FLOW_DST_PORTOBS	e:fp:flow:2893802bb933:port:tcp:443	flow:2893802bb933 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a10047b74101a9ce:PCAP:capture_20260430070001:903a0e7a436b	SESSION-a10047b74101a9ce → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-74f0d8e902dc1bc9:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-74f0d8e902dc1bc9 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-244625927b0e7703:host:177.10.235.213	SESSION-244625927b0e7703 → host:177.10.235.213
FLOW_TO_HOSTOBS	e:to:SESSION-a681df8efb85197d:host:131.196.29.254	SESSION-a681df8efb85197d → host:131.196.29.254
FLOW_TO_HOSTOBS	e:to:SESSION-f105059d1ed0a542:host:177.10.237.201	SESSION-f105059d1ed0a542 → host:177.10.237.201
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5405d05650907428:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-5405d05650907428 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3529b49a7d38dad6:SESSION-3529b49a7d38dad6	SESSION-3529b49a7d38dad6 → pe:tls:SESSION-3529b49a7d38dad6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-182527d04a349453:host:131.196.29.4:host:172.234.197.23	SESSION-182527d04a349453 → host:131.196.29.4 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:f794bb54eca4	flow:f794bb54eca4 → host:172.234.197.23 → host:131.196.30.214 → port:tcp:22734
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1acc74ca4adb622d:host:45.173.156.85	SESSION-1acc74ca4adb622d → host:45.173.156.85
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ffa310b40a91058:SESSION-2ffa310b40a91058	SESSION-2ffa310b40a91058 → pe:syn:SESSION-2ffa310b40a91058
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.83:asn:262880	host:177.10.237.83 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-8f59bcaffd8dcae9:host:172.234.197.23	SESSION-8f59bcaffd8dcae9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-31d47da03b5e0774:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-31d47da03b5e0774 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-589f676f16819868:host:172.234.197.23:host:177.10.239.139	SESSION-589f676f16819868 → host:172.234.197.23 → host:177.10.239.139
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c82cc9c39e4191e7:host:172.234.197.23:host:177.10.239.255	SESSION-c82cc9c39e4191e7 → host:172.234.197.23 → host:177.10.239.255
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3fa65fdb17829700:flow:cd4fb4934a84	SESSION-3fa65fdb17829700 → flow:cd4fb4934a84
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eaa23bb51e1c2dee:SESSION-eaa23bb51e1c2dee	SESSION-eaa23bb51e1c2dee → pe:syn:SESSION-eaa23bb51e1c2dee
FLOW_DST_PORTOBS	e:fp:flow:2c934e4ce246:port:tcp:48307	flow:2c934e4ce246 → port:tcp:48307
FLOW_FROM_HOSTOBS	e:from:SESSION-3f275f56cd4e0d64:host:45.173.156.117	SESSION-3f275f56cd4e0d64 → host:45.173.156.117
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-23264de44b7cb73c:SESSION-23264de44b7cb73c	SESSION-23264de44b7cb73c → pe:syn:SESSION-23264de44b7cb73c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-368729c748b57591:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-368729c748b57591 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6d659d940e075af:host:172.234.197.23	SESSION-e6d659d940e075af → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2d8f5cec7e169b47:host:172.234.197.23	SESSION-2d8f5cec7e169b47 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5278b2d1db18e971:host:177.10.233.17	SESSION-5278b2d1db18e971 → host:177.10.233.17
flow_observed5-aryOBS	e:fo:flow:054a59fb275e	flow:054a59fb275e → host:177.10.235.224 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7037fa1e0334ef5:flow:340449867541	SESSION-b7037fa1e0334ef5 → flow:340449867541
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d6666ae3e8c32da:host:177.10.237.229	SESSION-6d6666ae3e8c32da → host:177.10.237.229
FLOW_FROM_HOSTOBS	e:from:SESSION-fecc6fa34e31300b:host:177.10.238.120	SESSION-fecc6fa34e31300b → host:177.10.238.120
FLOW_TO_HOSTOBS	e:to:SESSION-113c4b09005431cc:host:172.234.197.23	SESSION-113c4b09005431cc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c178d8ef65578b24:host:131.196.28.227	SESSION-c178d8ef65578b24 → host:131.196.28.227
FLOW_FROM_HOSTOBS	e:from:SESSION-99cbc6df23fa1e57:host:177.10.239.218	SESSION-99cbc6df23fa1e57 → host:177.10.239.218
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6f61464efb17d4b1:SESSION-6f61464efb17d4b1	SESSION-6f61464efb17d4b1 → pe:syn:SESSION-6f61464efb17d4b1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-805d717a82cbb042:host:172.234.197.23:host:131.196.28.140	SESSION-805d717a82cbb042 → host:172.234.197.23 → host:131.196.28.140
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-edfeffbce5127655:host:136.243.57.208	SESSION-edfeffbce5127655 → host:136.243.57.208
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-02163c9e3a8cc49d:SESSION-02163c9e3a8cc49d	SESSION-02163c9e3a8cc49d → pe:syn:SESSION-02163c9e3a8cc49d
FLOW_FROM_HOSTOBS	e:from:SESSION-ba12ba5c182aa430:host:172.234.197.23	SESSION-ba12ba5c182aa430 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5b37dbc8f4449b96:SESSION-5b37dbc8f4449b96	SESSION-5b37dbc8f4449b96 → pe:tls:SESSION-5b37dbc8f4449b96
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2c2ee5c4e3db47f8:flow:243d6111af24	SESSION-2c2ee5c4e3db47f8 → flow:243d6111af24
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.41:asn:262880	host:177.10.238.41 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-252ece6cab0420bc:flow:6e55bb86ccd8	SESSION-252ece6cab0420bc → flow:6e55bb86ccd8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17084582559fbd8c:host:172.234.197.23	SESSION-17084582559fbd8c → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-80f68e8f687f2dc5:BSG-BEACON-44d72b66ad6e	SESSION-80f68e8f687f2dc5 → BSG-BEACON-44d72b66ad6e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.132:asn:262880	host:177.10.235.132 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51257a0fcd8d6a04:host:172.234.197.23	SESSION-51257a0fcd8d6a04 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2963f6e37ebf1d0d:host:172.234.197.23	SESSION-2963f6e37ebf1d0d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f5941954cc437ab4:flow:10f8a32e96a1	SESSION-f5941954cc437ab4 → flow:10f8a32e96a1
FLOW_FROM_HOSTOBS	e:from:SESSION-7fd0e8f46f0bc660:host:177.10.234.210	SESSION-7fd0e8f46f0bc660 → host:177.10.234.210
flow_observed4-aryOBS	e:fo:flow:9b5a8f4835a8	flow:9b5a8f4835a8 → host:172.234.197.23 → host:177.10.239.255 → port:tcp:2204
flow_observed4-aryOBS	e:fo:flow:f797460e505b	flow:f797460e505b → host:172.234.197.23 → host:45.148.10.151 → port:tcp:13868
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2235ad305872b9c2:host:131.196.29.125	SESSION-2235ad305872b9c2 → host:131.196.29.125
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-850471f172c9c8e6:host:172.234.197.23	SESSION-850471f172c9c8e6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b88c76d0206f2960:host:185.231.226.117	SESSION-b88c76d0206f2960 → host:185.231.226.117
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.166:asn:262880	host:177.10.236.166 → asn:262880
flow_observed5-aryOBS	e:fo:flow:194ccbe06af6	flow:194ccbe06af6 → host:177.10.239.94 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-d36b613f081e74cb:host:172.234.197.23	SESSION-d36b613f081e74cb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d7ac357c55d6f7b:host:172.234.197.23	SESSION-2d7ac357c55d6f7b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8982cb545b77cb1a:host:131.196.30.83	SESSION-8982cb545b77cb1a → host:131.196.30.83
FLOW_DST_PORTOBS	e:fp:flow:447374de8225:port:tcp:443	flow:447374de8225 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c83c0a366733c9bb:host:177.10.238.116	SESSION-c83c0a366733c9bb → host:177.10.238.116
flow_observed4-aryOBS	e:fo:flow:92f0c3db5e8f	flow:92f0c3db5e8f → host:172.234.197.23 → host:177.10.238.0 → port:tcp:45203
FLOW_FROM_HOSTOBS	e:from:SESSION-7d436d9a2a0e2483:host:177.10.239.116	SESSION-7d436d9a2a0e2483 → host:177.10.239.116
FLOW_DST_PORTOBS	e:fp:flow:325053d9614b:port:tcp:16940	flow:325053d9614b → port:tcp:16940
flow_observed4-aryOBS	e:fo:flow:d0f04f8b9fda	flow:d0f04f8b9fda → host:172.234.197.23 → host:177.10.237.73 → port:tcp:7797
FLOW_TO_HOSTOBS	e:to:SESSION-54704a8587620f8b:host:172.234.197.23	SESSION-54704a8587620f8b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-85419ca5854a5f9c:host:177.10.236.110	SESSION-85419ca5854a5f9c → host:177.10.236.110
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9d59512d9649ead5:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9d59512d9649ead5 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-526fa727f8be74e3:SESSION-526fa727f8be74e3	SESSION-526fa727f8be74e3 → pe:tls:SESSION-526fa727f8be74e3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c83a3382d975674:host:172.234.197.23	SESSION-6c83a3382d975674 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5016108ab6552957:host:177.10.239.247:host:172.234.197.23	SESSION-5016108ab6552957 → host:177.10.239.247 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ab491f454947df2e:host:172.234.197.23:host:177.10.236.32	SESSION-ab491f454947df2e → host:172.234.197.23 → host:177.10.236.32
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.232:asn:273470	host:45.173.156.232 → asn:273470
FLOW_TO_HOSTOBS	e:to:SESSION-f3567442ac940551:host:177.10.237.58	SESSION-f3567442ac940551 → host:177.10.237.58
FLOW_FROM_HOSTOBS	e:from:SESSION-11723453546179ac:host:131.196.30.148	SESSION-11723453546179ac → host:131.196.30.148
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-80f68e8f687f2dc5:flow:dad04616997c	SESSION-80f68e8f687f2dc5 → flow:dad04616997c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e3fba4062f618c50:SESSION-e3fba4062f618c50	SESSION-e3fba4062f618c50 → pe:tls:SESSION-e3fba4062f618c50
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d32ea7105612ce28:host:172.234.197.23	SESSION-d32ea7105612ce28 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-992ac29a78433ae4:PCAP:capture_20260430090001:065659c7d314	SESSION-992ac29a78433ae4 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:9531066988f0	flow:9531066988f0 → host:88.99.91.59 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-10bd62a158add0c4:host:177.10.233.183:host:172.234.197.23	SESSION-10bd62a158add0c4 → host:177.10.233.183 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ad468f8fa72444f5:host:177.10.236.16	SESSION-ad468f8fa72444f5 → host:177.10.236.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ca59b4a9ab5138ce:PCAP:capture_20260430070001:903a0e7a436b	SESSION-ca59b4a9ab5138ce → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ab185a89adee30ab:PCAP:capture_20260430160001:9bfa4498506a	SESSION-ab185a89adee30ab → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-72859a91c292f326:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-72859a91c292f326 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.20:geo_-16.28860_-49.01640	host:177.10.237.20 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-338820b1c26f8211:host:177.10.237.10:host:172.234.197.23	SESSION-338820b1c26f8211 → host:177.10.237.10 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:fb54a75e6709	flow:fb54a75e6709 → host:177.10.238.106 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-658ca3f75d8ef503:host:172.234.197.23	SESSION-658ca3f75d8ef503 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c0389422a5c0:port:tcp:443	flow:c0389422a5c0 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2161d2ba591330e1:host:172.234.197.23	SESSION-2161d2ba591330e1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aee71e8cd1625550:host:177.10.237.254	SESSION-aee71e8cd1625550 → host:177.10.237.254
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a238538ee50c7862:flow:60334d486293	SESSION-a238538ee50c7862 → flow:60334d486293
flow_observed4-aryOBS	e:fo:flow:d0666e29955d	flow:d0666e29955d → host:172.234.197.23 → host:177.10.239.191 → port:tcp:20013
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-964acfd97ca38755:SESSION-964acfd97ca38755	SESSION-964acfd97ca38755 → pe:tls:SESSION-964acfd97ca38755
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b82d9882ea505987:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-b82d9882ea505987 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:012736c3643c:port:tcp:443	flow:012736c3643c → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:8a637d99c9a5:port:tcp:20863	flow:8a637d99c9a5 → port:tcp:20863
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ea7d08352653c32:SESSION-2ea7d08352653c32	SESSION-2ea7d08352653c32 → pe:tls:SESSION-2ea7d08352653c32
FLOW_DST_PORTOBS	e:fp:flow:86a13bb5a965:port:tcp:443	flow:86a13bb5a965 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-187a70856b24c84b:host:172.234.197.23	SESSION-187a70856b24c84b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed29e6defb1050d9:host:172.234.197.23	SESSION-ed29e6defb1050d9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e2b4854b4491f9b7:SESSION-e2b4854b4491f9b7	SESSION-e2b4854b4491f9b7 → pe:syn:SESSION-e2b4854b4491f9b7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c32ee209d5d1aa5e:SESSION-c32ee209d5d1aa5e	SESSION-c32ee209d5d1aa5e → pe:syn:SESSION-c32ee209d5d1aa5e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eed6a9b72737e44d:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-eed6a9b72737e44d → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.149:asn:262880	host:177.10.236.149 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07c97e671e348352:host:172.234.197.23	SESSION-07c97e671e348352 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.251:asn:262880	host:177.10.232.251 → asn:262880
FLOW_TLS_SNIOBS	e:fs:flow:efdc052f98d7:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:efdc052f98d7 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8132ea082e988f13:host:177.10.239.57:host:172.234.197.23	SESSION-8132ea082e988f13 → host:177.10.239.57 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf1647bbc272aaf8:PCAP:capture_20260430080001:93f47cc296a4	SESSION-bf1647bbc272aaf8 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-603529cff661c41d:host:172.234.197.23	SESSION-603529cff661c41d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-978d4fdbc8d38350:host:177.10.239.198	SESSION-978d4fdbc8d38350 → host:177.10.239.198
FLOW_TO_HOSTOBS	e:to:SESSION-a886511518ded078:host:172.234.197.23	SESSION-a886511518ded078 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-141e3c6c8d153d1d:host:172.234.197.23:host:131.196.31.17	SESSION-141e3c6c8d153d1d → host:172.234.197.23 → host:131.196.31.17
flow_observed4-aryOBS	e:fo:flow:93a88f7b92b9	flow:93a88f7b92b9 → host:172.234.197.23 → host:177.10.239.11 → port:tcp:65054
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-878a5ce24b3ea2a6:host:172.234.197.23	SESSION-878a5ce24b3ea2a6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1dabd85b6a07947:host:172.234.197.23	SESSION-b1dabd85b6a07947 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0228dcfe5eb3ed0e:host:172.234.197.23	SESSION-0228dcfe5eb3ed0e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-923cb7ae7a40da65:SESSION-923cb7ae7a40da65	SESSION-923cb7ae7a40da65 → pe:tls:SESSION-923cb7ae7a40da65
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87b50db5a64a4926:host:172.234.197.23	SESSION-87b50db5a64a4926 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:64ab56109fb3	flow:64ab56109fb3 → host:172.234.197.23 → host:131.196.28.172 → port:tcp:50133
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-11723453546179ac:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-11723453546179ac → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-b6d920a3cc562b13:host:172.234.197.23	SESSION-b6d920a3cc562b13 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c2c88da9287a:port:tcp:443	flow:c2c88da9287a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-3e05f2032b3abac3:host:177.10.234.171	SESSION-3e05f2032b3abac3 → host:177.10.234.171
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9b5948254caf12dd:flow:fb994670cf9b	SESSION-9b5948254caf12dd → flow:fb994670cf9b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8f2cb956713b4a7f:SESSION-8f2cb956713b4a7f	SESSION-8f2cb956713b4a7f → pe:tls:SESSION-8f2cb956713b4a7f
FLOW_FROM_HOSTOBS	e:from:SESSION-b42fc656319c5bfc:host:177.10.233.225	SESSION-b42fc656319c5bfc → host:177.10.233.225
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.235:geo_-23.62930_-46.63510	host:131.196.31.235 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:e92d969363c6	flow:e92d969363c6 → host:131.196.30.83 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c9c5b30eb4b7e446:SESSION-c9c5b30eb4b7e446	SESSION-c9c5b30eb4b7e446 → pe:syn:SESSION-c9c5b30eb4b7e446
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b01750df014e0bb:host:44.247.223.188:host:172.234.197.23	SESSION-5b01750df014e0bb → host:44.247.223.188 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b8a95576c112cc14:host:172.234.197.23	SESSION-b8a95576c112cc14 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.226:asn:262880	host:177.10.238.226 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e035a13399d76ad4:host:172.234.197.23	SESSION-e035a13399d76ad4 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.136:asn:273470	host:45.173.156.136 → asn:273470
flow_observed5-aryOBS	e:fo:flow:fa5ef69cbf53	flow:fa5ef69cbf53 → host:177.10.233.61 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d6bdcd515a2308bd:PCAP:capture_20260430110001:43611bdf6759	SESSION-d6bdcd515a2308bd → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-49ddbf605897eb3f:host:177.10.238.103:host:172.234.197.23	SESSION-49ddbf605897eb3f → host:177.10.238.103 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b0c47b1e862acc1:host:172.234.197.23	SESSION-9b0c47b1e862acc1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e63705938a499015:host:177.10.233.235:host:172.234.197.23	SESSION-e63705938a499015 → host:177.10.233.235 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77e4374445abb63e:host:172.234.197.23	SESSION-77e4374445abb63e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4354e5bc798bd13a:SESSION-4354e5bc798bd13a	SESSION-4354e5bc798bd13a → pe:syn:SESSION-4354e5bc798bd13a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.90:asn:262880	host:177.10.233.90 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6aca8ef237a42da9:flow:b264639bb50e	SESSION-6aca8ef237a42da9 → flow:b264639bb50e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1fa31db6279a0e7c:host:172.234.197.23:host:131.196.28.37	SESSION-1fa31db6279a0e7c → host:172.234.197.23 → host:131.196.28.37
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5f4a8961dba27f33:PCAP:capture_20260428020001:ce87acd1c162	SESSION-5f4a8961dba27f33 → PCAP:capture_20260428020001:ce87acd1c162
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8b14f4f7e9ebbac1:host:131.196.30.67:host:172.234.197.23	SESSION-8b14f4f7e9ebbac1 → host:131.196.30.67 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6944fe230f08618b:PCAP:capture_20260430150001:ded20914761d	SESSION-6944fe230f08618b → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c59147b81bc92a14:host:177.10.234.239:host:172.234.197.23	SESSION-c59147b81bc92a14 → host:177.10.234.239 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2f99dd3ca5b14a25:SESSION-2f99dd3ca5b14a25	SESSION-2f99dd3ca5b14a25 → pe:syn:SESSION-2f99dd3ca5b14a25
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-90426299281da133:PCAP:capture_20260430080001:93f47cc296a4	SESSION-90426299281da133 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54d5efa8aa8025c4:host:177.10.232.213	SESSION-54d5efa8aa8025c4 → host:177.10.232.213
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-161d2a74a24978d6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-161d2a74a24978d6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-99664d33d11b43d2:flow:61e75f6e333e	SESSION-99664d33d11b43d2 → flow:61e75f6e333e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7549effe520d0229:SESSION-7549effe520d0229	SESSION-7549effe520d0229 → pe:tls:SESSION-7549effe520d0229
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c0e460ce34915ff:host:131.196.28.231	SESSION-1c0e460ce34915ff → host:131.196.28.231
FLOW_DST_PORTOBS	e:fp:flow:f573dcd8e564:port:tcp:62133	flow:f573dcd8e564 → port:tcp:62133
FLOW_TO_HOSTOBS	e:to:SESSION-81c8b3fdf002e09e:host:172.234.197.23	SESSION-81c8b3fdf002e09e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84669169ffdf0c83:host:177.10.232.82	SESSION-84669169ffdf0c83 → host:177.10.232.82
FLOW_TO_HOSTOBS	e:to:SESSION-b8f12ada0f88f122:host:172.234.197.23	SESSION-b8f12ada0f88f122 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9466ee8fbea2465:host:172.234.197.23	SESSION-d9466ee8fbea2465 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78f6342ed3f64031:host:131.196.31.18	SESSION-78f6342ed3f64031 → host:131.196.31.18
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-57494845d8eca477:PCAP:capture_20260430080001:93f47cc296a4	SESSION-57494845d8eca477 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-ff331192f9cad8b9:host:131.196.31.124	SESSION-ff331192f9cad8b9 → host:131.196.31.124
FLOW_TO_HOSTOBS	e:to:SESSION-4e6511da7c7cd8e1:host:172.234.197.23	SESSION-4e6511da7c7cd8e1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-122c3f68e4c2a7ca:flow:e0aacc449aaf	SESSION-122c3f68e4c2a7ca → flow:e0aacc449aaf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.208:geo_-16.28860_-49.01640	host:177.10.232.208 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-02deb29800889c11:host:172.234.197.23:host:177.10.239.55	SESSION-02deb29800889c11 → host:172.234.197.23 → host:177.10.239.55
flow_observed4-aryOBS	e:fo:flow:64c0950ebd04	flow:64c0950ebd04 → host:172.234.197.23 → host:177.10.237.35 → port:tcp:23530
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75ac13f212ea06a5:host:177.10.232.54	SESSION-75ac13f212ea06a5 → host:177.10.232.54
FLOW_FROM_HOSTOBS	e:from:SESSION-fad7428bd8cc35c5:host:177.10.236.233	SESSION-fad7428bd8cc35c5 → host:177.10.236.233
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-88a21eebc91cc549:SESSION-88a21eebc91cc549	SESSION-88a21eebc91cc549 → pe:tls:SESSION-88a21eebc91cc549
FLOW_FROM_HOSTOBS	e:from:SESSION-b8fce0c61e3d0bf9:host:18.183.88.164	SESSION-b8fce0c61e3d0bf9 → host:18.183.88.164
FLOW_DST_PORTOBS	e:fp:flow:8321c7f9dc7e:port:tcp:443	flow:8321c7f9dc7e → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:1dfa5ca65851:port:tcp:443	flow:1dfa5ca65851 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-03cfd9b1d0f62704:host:177.10.236.255:host:172.234.197.23	SESSION-03cfd9b1d0f62704 → host:177.10.236.255 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.62:geo_-16.28860_-49.01640	host:177.10.236.62 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-7569a7ee383f653c:host:177.10.237.169	SESSION-7569a7ee383f653c → host:177.10.237.169
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:16.60.106.214:geo_51.51640_-0.09300	host:16.60.106.214 → geo_51.51640_-0.09300
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a83465e2bbc20296:host:172.234.197.23	SESSION-a83465e2bbc20296 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0804c956ce93675c:host:177.10.239.234	SESSION-0804c956ce93675c → host:177.10.239.234
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-26a93711200ab02b:host:172.234.197.23	SESSION-26a93711200ab02b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:35a56b105d0d	flow:35a56b105d0d → host:45.173.156.187 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-151e53ee3004033b:host:177.10.234.9	SESSION-151e53ee3004033b → host:177.10.234.9
FLOW_DST_PORTOBS	e:fp:flow:e4d1d674f42b:port:tcp:54769	flow:e4d1d674f42b → port:tcp:54769
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e8f7d68f255e7d9c:host:172.234.197.23:host:177.10.239.106	SESSION-e8f7d68f255e7d9c → host:172.234.197.23 → host:177.10.239.106
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-94f070a5530c9e09:host:45.173.156.47:host:172.234.197.23	SESSION-94f070a5530c9e09 → host:45.173.156.47 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-20b9f3feffcc2290:flow:02eabff0bc53	SESSION-20b9f3feffcc2290 → flow:02eabff0bc53
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-328b0864666a263b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-328b0864666a263b → PCAP:capture_20260430100001:55715ebbe6bf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.27:geo_-16.28860_-49.01640	host:177.10.232.27 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.139:geo_-23.62930_-46.63510	host:131.196.29.139 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b60a9d1a25ff8255:flow:8366f7f5c26b	SESSION-b60a9d1a25ff8255 → flow:8366f7f5c26b
FLOW_TO_HOSTOBS	e:to:SESSION-a148e202465c0b29:host:131.196.30.22	SESSION-a148e202465c0b29 → host:131.196.30.22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8663c7c8fd51be8d:host:177.10.238.146	SESSION-8663c7c8fd51be8d → host:177.10.238.146
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-30b7709547a366f1:flow:362e866ff083	SESSION-30b7709547a366f1 → flow:362e866ff083
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ff90c657a3c2e88:host:172.234.197.23:host:177.10.238.86	SESSION-5ff90c657a3c2e88 → host:172.234.197.23 → host:177.10.238.86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-557aaca226ee6bf8:SESSION-557aaca226ee6bf8	SESSION-557aaca226ee6bf8 → pe:syn:SESSION-557aaca226ee6bf8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-605176cb8a71c0f4:SESSION-605176cb8a71c0f4	SESSION-605176cb8a71c0f4 → pe:tls:SESSION-605176cb8a71c0f4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ae37191400d64fc:host:172.234.197.23:host:177.10.239.57	SESSION-2ae37191400d64fc → host:172.234.197.23 → host:177.10.239.57
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5a277796632a248:flow:8c498086b468	SESSION-b5a277796632a248 → flow:8c498086b468
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b32f5a9266c1045d:host:177.10.238.238:host:172.234.197.23	SESSION-b32f5a9266c1045d → host:177.10.238.238 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8a20fc4ba13bfca4:host:177.10.234.82	SESSION-8a20fc4ba13bfca4 → host:177.10.234.82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-577376347fdfe894:host:177.10.236.37	SESSION-577376347fdfe894 → host:177.10.236.37
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98c12e77f111e64e:host:172.234.197.23	SESSION-98c12e77f111e64e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9fabf4659f5f	flow:9fabf4659f5f → host:131.196.28.95 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1fa8a238d1165695:host:172.234.197.23:host:131.196.31.91	SESSION-1fa8a238d1165695 → host:172.234.197.23 → host:131.196.31.91
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24f1ec9c7d379a9b:host:131.196.29.150	SESSION-24f1ec9c7d379a9b → host:131.196.29.150
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ee8a8be73e4592b1:SESSION-ee8a8be73e4592b1	SESSION-ee8a8be73e4592b1 → pe:tls:SESSION-ee8a8be73e4592b1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1053aee7675dcd07:flow:dc40f257c300	SESSION-1053aee7675dcd07 → flow:dc40f257c300
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c3cae868156d4440:flow:759b87cb162b	SESSION-c3cae868156d4440 → flow:759b87cb162b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa4dbd42e40690e9:host:172.234.197.23:host:177.10.238.70	SESSION-aa4dbd42e40690e9 → host:172.234.197.23 → host:177.10.238.70
FLOW_FROM_HOSTOBS	e:from:SESSION-7926734d1890078a:host:172.234.197.23	SESSION-7926734d1890078a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:273d8d2012ce:port:tcp:443	flow:273d8d2012ce → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a20fc4ba13bfca4:host:177.10.234.82	SESSION-8a20fc4ba13bfca4 → host:177.10.234.82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-36a0a9e003021f23:SESSION-36a0a9e003021f23	SESSION-36a0a9e003021f23 → pe:tls:SESSION-36a0a9e003021f23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7792ff6d5e7124a:SESSION-b7792ff6d5e7124a	SESSION-b7792ff6d5e7124a → pe:syn:SESSION-b7792ff6d5e7124a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d73d5fbffa5706a1:host:131.196.28.172	SESSION-d73d5fbffa5706a1 → host:131.196.28.172
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7c506d9600407809:SESSION-7c506d9600407809	SESSION-7c506d9600407809 → pe:syn:SESSION-7c506d9600407809
FLOW_DST_PORTOBS	e:fp:flow:07f2fb3e3350:port:tcp:7309	flow:07f2fb3e3350 → port:tcp:7309
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4be6b5471ca196a:flow:43ebaddd5a7b	SESSION-c4be6b5471ca196a → flow:43ebaddd5a7b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9af79ddb47e5c950:flow:6e5fc5369724	SESSION-9af79ddb47e5c950 → flow:6e5fc5369724
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.81:asn:271410	host:131.196.31.81 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e700dd1746307a02:host:177.10.239.78:host:172.234.197.23	SESSION-e700dd1746307a02 → host:177.10.239.78 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79349287be3864ac:host:131.196.29.235	SESSION-79349287be3864ac → host:131.196.29.235
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-94dde62df04dcb4a:host:172.234.197.23:host:177.10.235.227	SESSION-94dde62df04dcb4a → host:172.234.197.23 → host:177.10.235.227
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-903738316b123ea7:host:177.10.232.176:host:172.234.197.23	SESSION-903738316b123ea7 → host:177.10.232.176 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.249:geo_-16.28860_-49.01640	host:177.10.235.249 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-750eaff924399322:host:172.234.197.23	SESSION-750eaff924399322 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:36f8ae69fc1a	flow:36f8ae69fc1a → host:131.196.30.244 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-a8ab97210507c98d:host:131.196.29.227	SESSION-a8ab97210507c98d → host:131.196.29.227
FLOW_FROM_HOSTOBS	e:from:SESSION-d73d5fbffa5706a1:host:172.234.197.23	SESSION-d73d5fbffa5706a1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a5381df0c70f3b63:flow:b187841e7f45	SESSION-a5381df0c70f3b63 → flow:b187841e7f45
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.170:geo_-23.62930_-46.63510	host:131.196.28.170 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-862fcc949d847857:host:172.234.197.23	SESSION-862fcc949d847857 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a09dd97dc23cca0:host:172.234.197.23	SESSION-1a09dd97dc23cca0 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-807885e153f56a02:flow:411aef50024b	SESSION-807885e153f56a02 → flow:411aef50024b
FLOW_DST_PORTOBS	e:fp:flow:706071e3fd0c:port:tcp:443	flow:706071e3fd0c → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:fb392a4603a9:port:tcp:13109	flow:fb392a4603a9 → port:tcp:13109
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8cb5baa2c4d67a55:flow:acc70308abfc	SESSION-8cb5baa2c4d67a55 → flow:acc70308abfc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9d47d1bafad5ad0:host:177.10.237.47	SESSION-b9d47d1bafad5ad0 → host:177.10.237.47
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.9:geo_-16.28860_-49.01640	host:177.10.234.9 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f12e4f5ba81c4d8:host:45.173.156.87	SESSION-3f12e4f5ba81c4d8 → host:45.173.156.87
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c78f1de05120efd8:host:177.10.233.204:host:172.234.197.23	SESSION-c78f1de05120efd8 → host:177.10.233.204 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f19ceabce4d2fbb5:host:177.10.239.53	SESSION-f19ceabce4d2fbb5 → host:177.10.239.53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4e9a3a3a63cdb2e:host:172.234.197.23	SESSION-c4e9a3a3a63cdb2e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ac14845b1a23366d:SESSION-ac14845b1a23366d	SESSION-ac14845b1a23366d → pe:tls:SESSION-ac14845b1a23366d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9726d81acc78b8e7:flow:eeee15d6a3f1	SESSION-9726d81acc78b8e7 → flow:eeee15d6a3f1
FLOW_FROM_HOSTOBS	e:from:SESSION-7e88e03e6557ce42:host:172.234.197.23	SESSION-7e88e03e6557ce42 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4faf0bdb2ec15f7a:SESSION-4faf0bdb2ec15f7a	SESSION-4faf0bdb2ec15f7a → pe:syn:SESSION-4faf0bdb2ec15f7a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b1261f8c6b87cf73:flow:e8a83eb6519a	SESSION-b1261f8c6b87cf73 → flow:e8a83eb6519a
flow_observed5-aryOBS	e:fo:flow:1418649c62d3	flow:1418649c62d3 → host:177.10.239.203 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:227ec883bf24:port:tcp:858	flow:227ec883bf24 → port:tcp:858
flow_observed5-aryOBS	e:fo:flow:179393637920	flow:179393637920 → host:177.10.232.253 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27c94fb85f37f774:host:172.234.197.23	SESSION-27c94fb85f37f774 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f6d18082a7e4dce:host:177.10.234.19	SESSION-4f6d18082a7e4dce → host:177.10.234.19
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e99befaea58c8acf:flow:13de59122b35	SESSION-e99befaea58c8acf → flow:13de59122b35
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.173:geo_-16.28860_-49.01640	host:177.10.237.173 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d5aeffc2a4b56ba0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d5aeffc2a4b56ba0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:7be02e8098b8:port:tcp:443	flow:7be02e8098b8 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:a4d296dadd29:port:tcp:443	flow:a4d296dadd29 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2e3f5af343ed075a:SESSION-2e3f5af343ed075a	SESSION-2e3f5af343ed075a → pe:syn:SESSION-2e3f5af343ed075a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-354c21b56902e892:SESSION-354c21b56902e892	SESSION-354c21b56902e892 → pe:tls:SESSION-354c21b56902e892
FLOW_FROM_HOSTOBS	e:from:SESSION-712d2d82579af730:host:172.234.197.23	SESSION-712d2d82579af730 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d32b9643240d8a79:host:177.10.239.42	SESSION-d32b9643240d8a79 → host:177.10.239.42
FLOW_TO_HOSTOBS	e:to:SESSION-04a75396d111d878:host:172.234.197.23	SESSION-04a75396d111d878 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f1e08bfeea32aa0:host:177.10.236.27	SESSION-8f1e08bfeea32aa0 → host:177.10.236.27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2348046789aa81fe:SESSION-2348046789aa81fe	SESSION-2348046789aa81fe → pe:syn:SESSION-2348046789aa81fe
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e3d7339ef5a101ca:flow:42ee9141dd52	SESSION-e3d7339ef5a101ca → flow:42ee9141dd52
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0532a1c12e883894:SESSION-0532a1c12e883894	SESSION-0532a1c12e883894 → pe:syn:SESSION-0532a1c12e883894
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d3e80fb3431ec3f4:PCAP:capture_20260428010001:b1b402c7b202	SESSION-d3e80fb3431ec3f4 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-75c1b247d58a4094:SESSION-75c1b247d58a4094	SESSION-75c1b247d58a4094 → pe:rst:SESSION-75c1b247d58a4094
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-843bbb86e5601bd5:PCAP:capture_20260430150001:ded20914761d	SESSION-843bbb86e5601bd5 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc58620ced71d747:flow:9644c81b1050	SESSION-cc58620ced71d747 → flow:9644c81b1050
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2fd071a3b1e728ca:SESSION-2fd071a3b1e728ca	SESSION-2fd071a3b1e728ca → pe:syn:SESSION-2fd071a3b1e728ca
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-79760fcdb710bc7a:SESSION-79760fcdb710bc7a	SESSION-79760fcdb710bc7a → pe:tls:SESSION-79760fcdb710bc7a
flow_observed5-aryOBS	e:fo:flow:442674fc0644	flow:442674fc0644 → host:131.196.29.95 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0ab8c1601f71acf4:SESSION-0ab8c1601f71acf4	SESSION-0ab8c1601f71acf4 → pe:syn:SESSION-0ab8c1601f71acf4
FLOW_DST_PORTOBS	e:fp:flow:5e507f38970c:port:tcp:52626	flow:5e507f38970c → port:tcp:52626
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-453cfacc8e209f2f:PCAP:capture_20260430150001:ded20914761d	SESSION-453cfacc8e209f2f → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-375dced119266894:host:177.10.235.46	SESSION-375dced119266894 → host:177.10.235.46
FLOW_FROM_HOSTOBS	e:from:SESSION-ad7e9be9d0a80554:host:172.234.197.23	SESSION-ad7e9be9d0a80554 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2ed5513c22512ddd:host:45.173.156.228	SESSION-2ed5513c22512ddd → host:45.173.156.228
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.140:geo_-23.62930_-46.63510	host:131.196.30.140 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-73f1c8de70c12118:host:172.234.197.23	SESSION-73f1c8de70c12118 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e52ff6e3dab6ecf9:host:172.234.197.23	SESSION-e52ff6e3dab6ecf9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2a705ce382fec48a:host:131.196.30.128	SESSION-2a705ce382fec48a → host:131.196.30.128
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e15824f9dd78d2b4:SESSION-e15824f9dd78d2b4	SESSION-e15824f9dd78d2b4 → pe:tls:SESSION-e15824f9dd78d2b4
FLOW_DST_PORTOBS	e:fp:flow:7ac52bd77a9f:port:tcp:56926	flow:7ac52bd77a9f → port:tcp:56926
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4bd4f427df690125:SESSION-4bd4f427df690125	SESSION-4bd4f427df690125 → pe:syn:SESSION-4bd4f427df690125
FLOW_FROM_HOSTOBS	e:from:SESSION-cf85a83f91ce2875:host:172.234.197.23	SESSION-cf85a83f91ce2875 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-770902b82fea5ce5:SESSION-770902b82fea5ce5	SESSION-770902b82fea5ce5 → pe:tls:SESSION-770902b82fea5ce5
HOST_IN_ASNOBS 85%	e:ha:host:54.201.215.37:asn:16509	host:54.201.215.37 → asn:16509
FLOW_FROM_HOSTOBS	e:from:SESSION-5bba4e0174a1f95d:host:92.112.71.29	SESSION-5bba4e0174a1f95d → host:92.112.71.29
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2db29654b7388c8c:flow:673591fae970	SESSION-2db29654b7388c8c → flow:673591fae970
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f7ca91f03ba114f2:host:44.246.129.80:host:172.234.197.23	SESSION-f7ca91f03ba114f2 → host:44.246.129.80 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-52c764b77552a86d:host:177.10.234.3:host:172.234.197.23	SESSION-52c764b77552a86d → host:177.10.234.3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ff607ec6923a	flow:ff607ec6923a → host:177.10.237.72 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6da898acb6c07034:PCAP:capture_20260430090001:065659c7d314	SESSION-6da898acb6c07034 → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.231:asn:262880	host:177.10.234.231 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:4f8173edf80e:port:tcp:443	flow:4f8173edf80e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07775d37dba558b0:host:172.234.197.23	SESSION-07775d37dba558b0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-037b6464dda97429:host:95.170.25.134	SESSION-037b6464dda97429 → host:95.170.25.134
FLOW_TO_HOSTOBS	e:to:SESSION-3f953402fa48addf:host:172.234.197.23	SESSION-3f953402fa48addf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce2566c1c98d1aed:host:172.234.197.23	SESSION-ce2566c1c98d1aed → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-623bfc839a4f3b4e:SESSION-623bfc839a4f3b4e	SESSION-623bfc839a4f3b4e → pe:tls:SESSION-623bfc839a4f3b4e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f8d6efdf3cd688f1:host:131.196.29.125:host:172.234.197.23	SESSION-f8d6efdf3cd688f1 → host:131.196.29.125 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-efb63adb0418d7f8:SESSION-efb63adb0418d7f8	SESSION-efb63adb0418d7f8 → pe:tls:SESSION-efb63adb0418d7f8
flow_observed5-aryOBS	e:fo:flow:ddea4b7bd3e9	flow:ddea4b7bd3e9 → host:177.10.236.154 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4cc2e8571100ea2b:host:177.10.232.136:host:172.234.197.23	SESSION-4cc2e8571100ea2b → host:177.10.232.136 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e79bdabe92472fb:host:131.196.28.165	SESSION-4e79bdabe92472fb → host:131.196.28.165
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1d975c41b16afdd4:SESSION-1d975c41b16afdd4	SESSION-1d975c41b16afdd4 → pe:tls:SESSION-1d975c41b16afdd4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-113c4b09005431cc:SESSION-113c4b09005431cc	SESSION-113c4b09005431cc → pe:tls:SESSION-113c4b09005431cc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6e2683c2a1a03e97:host:177.10.234.9:host:172.234.197.23	SESSION-6e2683c2a1a03e97 → host:177.10.234.9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-07e54ca458e8eeab:host:45.173.156.21	SESSION-07e54ca458e8eeab → host:45.173.156.21
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a03dc7893b60925b:host:177.10.237.161	SESSION-a03dc7893b60925b → host:177.10.237.161
FLOW_DST_PORTOBS	e:fp:flow:9b3ad5950f0c:port:tcp:48455	flow:9b3ad5950f0c → port:tcp:48455
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-360f4972fec5b7e0:SESSION-360f4972fec5b7e0	SESSION-360f4972fec5b7e0 → pe:tls:SESSION-360f4972fec5b7e0
flow_observed5-aryOBS	e:fo:flow:21899769e664	flow:21899769e664 → host:177.10.238.122 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.102:asn:262880	host:177.10.233.102 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d43ecb134342fe00:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d43ecb134342fe00 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:7a63b1bfd4f1:port:tcp:44277	flow:7a63b1bfd4f1 → port:tcp:44277
FLOW_DST_PORTOBS	e:fp:flow:78dd53e84e2c:port:tcp:443	flow:78dd53e84e2c → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-c4289737814dbd64:host:177.10.239.150	SESSION-c4289737814dbd64 → host:177.10.239.150
FLOW_DST_PORTOBS	e:fp:flow:4784e4b5fa43:port:tcp:64831	flow:4784e4b5fa43 → port:tcp:64831
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1e699a2f9558bf8d:SESSION-1e699a2f9558bf8d	SESSION-1e699a2f9558bf8d → pe:tls:SESSION-1e699a2f9558bf8d
flow_observed5-aryOBS	e:fo:flow:b05614546d7d	flow:b05614546d7d → host:177.10.232.165 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-81dd4006fe67ac3f:flow:6455145eb71d	SESSION-81dd4006fe67ac3f → flow:6455145eb71d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-488c9c462e491ad2:SESSION-488c9c462e491ad2	SESSION-488c9c462e491ad2 → pe:syn:SESSION-488c9c462e491ad2
FLOW_DST_PORTOBS	e:fp:flow:05da84aac06b:port:tcp:443	flow:05da84aac06b → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:a8db861f9cc7:port:tcp:443	flow:a8db861f9cc7 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-2dca77003c0beb45:host:172.234.197.23	SESSION-2dca77003c0beb45 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:30abe7e74963:port:tcp:12578	flow:30abe7e74963 → port:tcp:12578
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4b7d412d830baf98:PCAP:capture_20260430060001:919b39a74464	SESSION-4b7d412d830baf98 → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-941b4a1386b7be8f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-941b4a1386b7be8f → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ca971b9386eb0b9:host:177.10.239.149:host:172.234.197.23	SESSION-2ca971b9386eb0b9 → host:177.10.239.149 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-968009a702657adb:host:172.234.197.23:host:131.196.28.75	SESSION-968009a702657adb → host:172.234.197.23 → host:131.196.28.75
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-31126205fa7b72e3:host:177.10.239.197:host:172.234.197.23	SESSION-31126205fa7b72e3 → host:177.10.239.197 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:219e467789b8	flow:219e467789b8 → host:131.196.28.167 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-117c00f29ed332ce:host:177.10.238.231:host:172.234.197.23	SESSION-117c00f29ed332ce → host:177.10.238.231 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f320997aa88d5819:flow:960a1f66ca09	SESSION-f320997aa88d5819 → flow:960a1f66ca09
FLOW_DST_PORTOBS	e:fp:flow:717284c6f6ed:port:tcp:18006	flow:717284c6f6ed → port:tcp:18006
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-27d1e1e2170d683a:flow:d44b61a87a7b	SESSION-27d1e1e2170d683a → flow:d44b61a87a7b
FLOW_FROM_HOSTOBS	e:from:SESSION-89ff4b6182efd39b:host:57.128.95.174	SESSION-89ff4b6182efd39b → host:57.128.95.174
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.42:geo_-23.62930_-46.63510	host:131.196.29.42 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:3915f5099d4a	flow:3915f5099d4a → host:45.173.156.99 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-adf46c04c6a07144:SESSION-adf46c04c6a07144	SESSION-adf46c04c6a07144 → pe:syn:SESSION-adf46c04c6a07144
FLOW_TO_HOSTOBS	e:to:SESSION-574ff4efae76e1f7:host:172.234.197.23	SESSION-574ff4efae76e1f7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-053d7bf7ef41d243:host:172.234.197.23	SESSION-053d7bf7ef41d243 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:411aef50024b:port:tcp:443	flow:411aef50024b → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e45220a51eb759d9:SESSION-e45220a51eb759d9	SESSION-e45220a51eb759d9 → pe:syn:SESSION-e45220a51eb759d9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8984df52681cb36:host:177.10.234.140:host:172.234.197.23	SESSION-c8984df52681cb36 → host:177.10.234.140 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a4d296dadd29	flow:a4d296dadd29 → host:177.10.235.202 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ec222cc1c3a7faf:host:172.234.197.23	SESSION-4ec222cc1c3a7faf → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.248:geo_-16.28860_-49.01640	host:177.10.233.248 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:9db03b9825bb	flow:9db03b9825bb → host:172.234.197.23 → host:131.196.29.70 → port:tcp:18849
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8417b06622c43718:SESSION-8417b06622c43718	SESSION-8417b06622c43718 → pe:tls:SESSION-8417b06622c43718
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8bdafe91f45dd428:host:172.234.197.23	SESSION-8bdafe91f45dd428 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cbc349d6e82ad363:host:172.234.197.23	SESSION-cbc349d6e82ad363 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e1d835a506a3	flow:e1d835a506a3 → host:177.10.236.33 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:bf7584aa1a16	flow:bf7584aa1a16 → host:177.10.233.78 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0e6517dadbfe4bb3:flow:62b594a026ee	SESSION-0e6517dadbfe4bb3 → flow:62b594a026ee
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c6924fc6c1078bec:host:131.196.28.91	SESSION-c6924fc6c1078bec → host:131.196.28.91
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1eb19142561b47ba:flow:8ac84bfcb797	SESSION-1eb19142561b47ba → flow:8ac84bfcb797
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.213:geo_-16.28860_-49.01640	host:177.10.239.213 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:5c7e706032fa:port:tcp:443	flow:5c7e706032fa → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-99752db79d6c830d:host:131.196.30.184:host:172.234.197.23	SESSION-99752db79d6c830d → host:131.196.30.184 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:ed37285d7356:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:ed37285d7356 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef002e94e1d9ac81:host:172.234.197.23	SESSION-ef002e94e1d9ac81 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-69029b06bbd64972:flow:589804c7c320	SESSION-69029b06bbd64972 → flow:589804c7c320
FLOW_DST_PORTOBS	e:fp:flow:31bb26426caa:port:tcp:443	flow:31bb26426caa → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cac46254a85b1ec3:host:172.234.197.23	SESSION-cac46254a85b1ec3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:559d1906da89	flow:559d1906da89 → host:31.40.196.26 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-12096b18b6e78b60:host:185.236.240.137:host:172.234.197.23	SESSION-12096b18b6e78b60 → host:185.236.240.137 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.205:asn:262880	host:177.10.238.205 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.75:asn:262880	host:177.10.239.75 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-793bdbe15c87a87a:SESSION-793bdbe15c87a87a	SESSION-793bdbe15c87a87a → pe:tls:SESSION-793bdbe15c87a87a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3c17e2540d05f4c2:SESSION-3c17e2540d05f4c2	SESSION-3c17e2540d05f4c2 → pe:syn:SESSION-3c17e2540d05f4c2
FLOW_DST_PORTOBS	e:fp:flow:63844be162c6:port:tcp:443	flow:63844be162c6 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-996c7a5f028b9d80:host:177.10.234.73:host:172.234.197.23	SESSION-996c7a5f028b9d80 → host:177.10.234.73 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-12c594123030dc05:host:54.149.68.137	SESSION-12c594123030dc05 → host:54.149.68.137
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85483e16d9e2576e:flow:a3ddadd26471	SESSION-85483e16d9e2576e → flow:a3ddadd26471
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.161:asn:273470	host:45.173.156.161 → asn:273470
flow_observed5-aryOBS	e:fo:flow:867a800da0e4	flow:867a800da0e4 → host:131.196.29.27 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.13:geo_-21.10010_-41.69200	host:45.173.156.13 → geo_-21.10010_-41.69200
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.87:geo_-16.28860_-49.01640	host:177.10.232.87 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-324907e130151d7d:flow:e09580f25865	SESSION-324907e130151d7d → flow:e09580f25865
FLOW_TO_HOSTOBS	e:to:SESSION-2ffa310b40a91058:host:45.173.156.188	SESSION-2ffa310b40a91058 → host:45.173.156.188
flow_observed4-aryOBS	e:fo:flow:ac7ea035d8f5	flow:ac7ea035d8f5 → host:172.234.197.23 → host:177.10.234.46 → port:tcp:13145
flow_observed5-aryOBS	e:fo:flow:37a8c8cbb511	flow:37a8c8cbb511 → host:177.10.238.84 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c422154c7899227e:PCAP:capture_20260430050001:8868731bf8a4	SESSION-c422154c7899227e → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f082f9fe3332438:host:172.234.197.23	SESSION-1f082f9fe3332438 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8382ccd890fe862:host:54.186.85.102	SESSION-f8382ccd890fe862 → host:54.186.85.102
FLOW_DST_PORTOBS	e:fp:flow:94268ec9e770:port:tcp:443	flow:94268ec9e770 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7679fd0fd118c12e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7679fd0fd118c12e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-75d8d9da58d6d51c:flow:9a3e7ed89dbc	SESSION-75d8d9da58d6d51c → flow:9a3e7ed89dbc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2966a121f8fe86e9:host:177.10.234.215	SESSION-2966a121f8fe86e9 → host:177.10.234.215
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e327e4197615d5bf:SESSION-e327e4197615d5bf	SESSION-e327e4197615d5bf → pe:tls:SESSION-e327e4197615d5bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e548e1862e666d4:host:177.10.236.240:host:172.234.197.23	SESSION-4e548e1862e666d4 → host:177.10.236.240 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d09c26b22168	flow:d09c26b22168 → host:172.234.197.23 → host:131.196.30.141 → port:tcp:7298
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.1:geo_-16.28860_-49.01640	host:177.10.235.1 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:d1758e353542	flow:d1758e353542 → host:172.234.197.23 → host:177.10.236.22 → port:tcp:4256
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ec199f8b9a6f389:SESSION-8ec199f8b9a6f389	SESSION-8ec199f8b9a6f389 → pe:tls:SESSION-8ec199f8b9a6f389
FLOW_TO_HOSTOBS	e:to:SESSION-c4be6b5471ca196a:host:177.10.238.83	SESSION-c4be6b5471ca196a → host:177.10.238.83
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-36abdcc0889b5aa2:SESSION-36abdcc0889b5aa2	SESSION-36abdcc0889b5aa2 → pe:syn:SESSION-36abdcc0889b5aa2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7ac9bb77fb56e773:flow:1fd0dc7523f1	SESSION-7ac9bb77fb56e773 → flow:1fd0dc7523f1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-33bdca28f4470cd7:flow:adce45c519b3	SESSION-33bdca28f4470cd7 → flow:adce45c519b3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8a6e8a4db8ac534:host:172.234.197.23	SESSION-e8a6e8a4db8ac534 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4cf4d7f5409c1837:host:172.234.197.23	SESSION-4cf4d7f5409c1837 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-36d925db3c3b2591:flow:80679ec683ee	SESSION-36d925db3c3b2591 → flow:80679ec683ee
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d6e3c617395c3b07:SESSION-d6e3c617395c3b07	SESSION-d6e3c617395c3b07 → pe:tls:SESSION-d6e3c617395c3b07
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e04d863bd380e3e5:host:172.234.197.23	SESSION-e04d863bd380e3e5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4385c2f73c2ee0db:host:177.10.237.244	SESSION-4385c2f73c2ee0db → host:177.10.237.244
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bb70871923a8cd06:flow:aea828168105	SESSION-bb70871923a8cd06 → flow:aea828168105
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7498682ecb6877b0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7498682ecb6877b0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c3b504551617ec2c:flow:e69e318433a6	SESSION-c3b504551617ec2c → flow:e69e318433a6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5218a703d93123a3:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5218a703d93123a3 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e91394d00b664372:host:172.234.197.23	SESSION-e91394d00b664372 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8f2626a04e38	flow:8f2626a04e38 → host:131.196.29.137 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eed6a9b72737e44d:host:172.234.197.23	SESSION-eed6a9b72737e44d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5bfd6f31a89c294d:host:177.10.233.116	SESSION-5bfd6f31a89c294d → host:177.10.233.116
FLOW_DST_PORTOBS	e:fp:flow:062bcc0009d4:port:tcp:443	flow:062bcc0009d4 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-deb97792675d8a5d:host:131.196.28.169:host:172.234.197.23	SESSION-deb97792675d8a5d → host:131.196.28.169 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e8aae9c261e5	flow:e8aae9c261e5 → host:172.234.197.23 → host:131.196.30.168 → port:tcp:9078
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8f1e08bfeea32aa0:flow:ff39fa820eb8	SESSION-8f1e08bfeea32aa0 → flow:ff39fa820eb8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b2f232bbd4758bf:host:131.196.29.236	SESSION-7b2f232bbd4758bf → host:131.196.29.236
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7601ec92d63a89e6:flow:c2c88da9287a	SESSION-7601ec92d63a89e6 → flow:c2c88da9287a
FLOW_DST_PORTOBS	e:fp:flow:724cce6089de:port:tcp:443	flow:724cce6089de → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:ddb64a3861e6	flow:ddb64a3861e6 → host:45.145.152.204 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4167334bdfae4b6:host:172.234.197.23	SESSION-a4167334bdfae4b6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67a9355576766cfe:host:172.234.197.23	SESSION-67a9355576766cfe → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c56dcfb05d3a50ba:SESSION-c56dcfb05d3a50ba	SESSION-c56dcfb05d3a50ba → pe:tls:SESSION-c56dcfb05d3a50ba
FLOW_DST_PORTOBS	e:fp:flow:2ef52da787e3:port:tcp:23	flow:2ef52da787e3 → port:tcp:23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-037b6464dda97429:SESSION-037b6464dda97429	SESSION-037b6464dda97429 → pe:syn:SESSION-037b6464dda97429
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb7db2afd613f778:host:131.196.29.53	SESSION-cb7db2afd613f778 → host:131.196.29.53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-02199a3eaa60c28c:SESSION-02199a3eaa60c28c	SESSION-02199a3eaa60c28c → pe:tls:SESSION-02199a3eaa60c28c
flow_observed4-aryOBS	e:fo:flow:414b20fd0e30	flow:414b20fd0e30 → host:172.234.197.23 → host:131.196.31.107 → port:tcp:59207
FLOW_FROM_HOSTOBS	e:from:SESSION-4886aa3300be1da9:host:177.10.239.70	SESSION-4886aa3300be1da9 → host:177.10.239.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-73ac0ee86c608450:SESSION-73ac0ee86c608450	SESSION-73ac0ee86c608450 → pe:tls:SESSION-73ac0ee86c608450
flow_observed5-aryOBS	e:fo:flow:89676a843719	flow:89676a843719 → host:45.173.156.52 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-09e9de69a12074bb:host:131.196.29.25	SESSION-09e9de69a12074bb → host:131.196.29.25
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bedaa62e135c647a:host:131.196.28.238	SESSION-bedaa62e135c647a → host:131.196.28.238
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4c7b4cea62f376fb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4c7b4cea62f376fb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-f778ec59760ca534:host:172.234.197.23	SESSION-f778ec59760ca534 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-142a24cb96c02884:host:131.196.30.138	SESSION-142a24cb96c02884 → host:131.196.30.138
FLOW_FROM_HOSTOBS	e:from:SESSION-84d5ccfdbe119076:host:45.173.156.209	SESSION-84d5ccfdbe119076 → host:45.173.156.209
FLOW_TO_HOSTOBS	e:to:SESSION-e652971bc7c2d2d5:host:172.234.197.23	SESSION-e652971bc7c2d2d5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4779704d8082:port:tcp:443	flow:4779704d8082 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bfbb16ce344dac5c:host:91.99.124.205:host:172.234.197.23	SESSION-bfbb16ce344dac5c → host:91.99.124.205 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0461902d351b0498:host:131.196.30.189	SESSION-0461902d351b0498 → host:131.196.30.189
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-937317105ded9efa:SESSION-937317105ded9efa	SESSION-937317105ded9efa → pe:syn:SESSION-937317105ded9efa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65d181126b4cfd8f:SESSION-65d181126b4cfd8f	SESSION-65d181126b4cfd8f → pe:tls:SESSION-65d181126b4cfd8f
FLOW_DST_PORTOBS	e:fp:flow:d33594f9a169:port:tcp:50380	flow:d33594f9a169 → port:tcp:50380
FLOW_TO_HOSTOBS	e:to:SESSION-b61a304f889dfad6:host:177.10.234.78	SESSION-b61a304f889dfad6 → host:177.10.234.78
flow_observed5-aryOBS	e:fo:flow:5d98a7142573	flow:5d98a7142573 → host:177.10.236.124 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-873a01bbf1ba0d09:host:95.135.228.95	SESSION-873a01bbf1ba0d09 → host:95.135.228.95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-37617ebce6c7f9ac:SESSION-37617ebce6c7f9ac	SESSION-37617ebce6c7f9ac → pe:syn:SESSION-37617ebce6c7f9ac
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ddd0457559a3680:PCAP:capture_20260430160001:9bfa4498506a	SESSION-1ddd0457559a3680 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-67fe6c66ab1f1fcd:PCAP:capture_20260430110001:43611bdf6759	SESSION-67fe6c66ab1f1fcd → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:b63d48cce5f5	flow:b63d48cce5f5 → host:45.173.156.70 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-2db2b0c2312c18a1:host:131.196.30.60	SESSION-2db2b0c2312c18a1 → host:131.196.30.60
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65c1debe675497c7:flow:e0d8beafc856	SESSION-65c1debe675497c7 → flow:e0d8beafc856
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-692aeceb01bd702a:SESSION-692aeceb01bd702a	SESSION-692aeceb01bd702a → pe:tls:SESSION-692aeceb01bd702a
FLOW_FROM_HOSTOBS	e:from:SESSION-6e6d70ae2d31fba9:host:131.196.28.190	SESSION-6e6d70ae2d31fba9 → host:131.196.28.190
FLOW_DST_PORTOBS	e:fp:flow:9c17a698ce22:port:tcp:50353	flow:9c17a698ce22 → port:tcp:50353
flow_observed4-aryOBS	e:fo:flow:b7b3b773f9b5	flow:b7b3b773f9b5 → host:172.234.197.23 → host:131.196.30.59 → port:tcp:5268
FLOW_DST_PORTOBS	e:fp:flow:17f351eb2800:port:udp:53	flow:17f351eb2800 → port:udp:53
FLOW_DST_PORTOBS	e:fp:flow:e4ec5b91c99f:port:tcp:443	flow:e4ec5b91c99f → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:78300c522ed5:port:tcp:443	flow:78300c522ed5 → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-6109906c198ad0ac:BSG-BEACON-29500c131ebb	SESSION-6109906c198ad0ac → BSG-BEACON-29500c131ebb
FLOW_FROM_HOSTOBS	e:from:SESSION-921486915e849834:host:131.196.29.77	SESSION-921486915e849834 → host:131.196.29.77
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47fcc0d7da6d7c1a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-47fcc0d7da6d7c1a → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:d7bc32b0bd73	flow:d7bc32b0bd73 → host:131.196.30.84 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-589f676f16819868:SESSION-589f676f16819868	SESSION-589f676f16819868 → pe:syn:SESSION-589f676f16819868
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0786c46a404d7589:host:177.10.238.124:host:172.234.197.23	SESSION-0786c46a404d7589 → host:177.10.238.124 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22ef7e58c288a4dd:host:172.234.197.23	SESSION-22ef7e58c288a4dd → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.63:geo_-16.28860_-49.01640	host:177.10.237.63 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:d09c26b22168:port:tcp:7298	flow:d09c26b22168 → port:tcp:7298
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc1c86e42be942bd:host:172.234.197.23	SESSION-cc1c86e42be942bd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9726c360f8e7f49c:host:172.234.197.23	SESSION-9726c360f8e7f49c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-597a035229423245:host:45.173.156.240:host:172.234.197.23	SESSION-597a035229423245 → host:45.173.156.240 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:99660646d967	flow:99660646d967 → host:131.196.30.131 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b135329a33dc60c2:host:131.196.31.40:host:172.234.197.23	SESSION-b135329a33dc60c2 → host:131.196.31.40 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8139f2a89dd46f4b:host:172.234.197.23	SESSION-8139f2a89dd46f4b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1d9624273099964:host:172.234.197.23	SESSION-a1d9624273099964 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f0daf10b890c2667:host:172.234.197.23:host:45.173.156.208	SESSION-f0daf10b890c2667 → host:172.234.197.23 → host:45.173.156.208
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-28e949edc1bba418:PCAP:capture_20260430160001:9bfa4498506a	SESSION-28e949edc1bba418 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-576e43142f03a150:SESSION-576e43142f03a150	SESSION-576e43142f03a150 → pe:syn:SESSION-576e43142f03a150
FLOW_TO_HOSTOBS	e:to:SESSION-aaf7ce37564a0317:host:172.234.197.23	SESSION-aaf7ce37564a0317 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.5:geo_-16.28860_-49.01640	host:177.10.238.5 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-396a4dd85675ad96:SESSION-396a4dd85675ad96	SESSION-396a4dd85675ad96 → pe:syn:SESSION-396a4dd85675ad96
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d52893e766cf8155:PCAP:capture_20260430090001:065659c7d314	SESSION-d52893e766cf8155 → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.238:asn:262880	host:177.10.237.238 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a03e1a67bd79b062:PCAP:capture_20260430150001:ded20914761d	SESSION-a03e1a67bd79b062 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4013c9000873101b:SESSION-4013c9000873101b	SESSION-4013c9000873101b → pe:syn:SESSION-4013c9000873101b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-174e61a8ff8b9c0e:SESSION-174e61a8ff8b9c0e	SESSION-174e61a8ff8b9c0e → pe:syn:SESSION-174e61a8ff8b9c0e
FLOW_TO_HOSTOBS	e:to:SESSION-d694cf0080c35c2f:host:172.234.197.23	SESSION-d694cf0080c35c2f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-79b570e2589cf059:flow:f984201cd04e	SESSION-79b570e2589cf059 → flow:f984201cd04e
FLOW_TO_HOSTOBS	e:to:SESSION-30e9e6bd80ef39ea:host:172.234.197.23	SESSION-30e9e6bd80ef39ea → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a1241ed8a2f02aa7:SESSION-a1241ed8a2f02aa7	SESSION-a1241ed8a2f02aa7 → pe:syn:SESSION-a1241ed8a2f02aa7
FLOW_TO_HOSTOBS	e:to:SESSION-c0bc704eff4d88e9:host:172.234.197.23	SESSION-c0bc704eff4d88e9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1bb46c5efd0c0159:host:131.196.28.212	SESSION-1bb46c5efd0c0159 → host:131.196.28.212
flow_observed5-aryOBS	e:fo:flow:2a05fafdd2a9	flow:2a05fafdd2a9 → host:177.10.235.211 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3da2bdbc54650cc7:SESSION-3da2bdbc54650cc7	SESSION-3da2bdbc54650cc7 → pe:syn:SESSION-3da2bdbc54650cc7
FLOW_TO_HOSTOBS	e:to:SESSION-f11cda502f952e41:host:131.196.29.27	SESSION-f11cda502f952e41 → host:131.196.29.27
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.6:asn:203771	host:95.170.25.6 → asn:203771
flow_observed5-aryOBS	e:fo:flow:589314d484ec	flow:589314d484ec → host:177.10.237.173 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4f766219ab3f1d4b:SESSION-4f766219ab3f1d4b	SESSION-4f766219ab3f1d4b → pe:tls:SESSION-4f766219ab3f1d4b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9804aaba4767b862:host:177.10.232.2	SESSION-9804aaba4767b862 → host:177.10.232.2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d9c211d2931ae713:SESSION-d9c211d2931ae713	SESSION-d9c211d2931ae713 → pe:tls:SESSION-d9c211d2931ae713
flow_observed5-aryOBS	e:fo:flow:f5e29d2fb7d9	flow:f5e29d2fb7d9 → host:104.28.157.111 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:4ce3ce5880fe:port:tcp:443	flow:4ce3ce5880fe → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d6d6cedb2de1ad8d:flow:5c6720ec9a7d	SESSION-d6d6cedb2de1ad8d → flow:5c6720ec9a7d
FLOW_DST_PORTOBS	e:fp:flow:bc4d6a7d585e:port:tcp:443	flow:bc4d6a7d585e → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-276107f90ab0c118:flow:517307bd400e	SESSION-276107f90ab0c118 → flow:517307bd400e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.73:geo_-23.62930_-46.63510	host:131.196.30.73 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-799494d5bb605f27:flow:c4a20638e830	SESSION-799494d5bb605f27 → flow:c4a20638e830
flow_observed5-aryOBS	e:fo:flow:9345b6af3372	flow:9345b6af3372 → host:177.10.235.13 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7fd72175928a8e59:SESSION-7fd72175928a8e59	SESSION-7fd72175928a8e59 → pe:tls:SESSION-7fd72175928a8e59
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-93e5d317492a213b:PCAP:capture_20260430110001:43611bdf6759	SESSION-93e5d317492a213b → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ee625266e5aa068:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5ee625266e5aa068 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-175dd6ba51fb3cf7:SESSION-175dd6ba51fb3cf7	SESSION-175dd6ba51fb3cf7 → pe:tls:SESSION-175dd6ba51fb3cf7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e652f52440b112c3:host:45.173.156.248	SESSION-e652f52440b112c3 → host:45.173.156.248
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0485ecaf8e8edab:host:172.234.197.23	SESSION-d0485ecaf8e8edab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2edb1208bb0bd400:host:131.196.30.39	SESSION-2edb1208bb0bd400 → host:131.196.30.39
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-04c23b7b96a70798:host:177.10.236.44:host:172.234.197.23	SESSION-04c23b7b96a70798 → host:177.10.236.44 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-44d3fd3ee1d51da1:host:177.10.232.139	SESSION-44d3fd3ee1d51da1 → host:177.10.232.139
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5ad7ae70426d3354:SESSION-5ad7ae70426d3354	SESSION-5ad7ae70426d3354 → pe:tls:SESSION-5ad7ae70426d3354
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-11142ad74b2052de:PCAP:capture_20260430070001:903a0e7a436b	SESSION-11142ad74b2052de → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e63bd10e327c33f1:SESSION-e63bd10e327c33f1	SESSION-e63bd10e327c33f1 → pe:syn:SESSION-e63bd10e327c33f1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d0835843463ad3c8:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d0835843463ad3c8 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-1f0a0478f83cd119:host:172.234.197.23	SESSION-1f0a0478f83cd119 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dc82e917a0ac0289:host:177.10.236.231	SESSION-dc82e917a0ac0289 → host:177.10.236.231
FLOW_FROM_HOSTOBS	e:from:SESSION-e32df6cc4891bacc:host:172.234.197.23	SESSION-e32df6cc4891bacc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c6936c129ef58e74:host:131.196.28.147	SESSION-c6936c129ef58e74 → host:131.196.28.147
FLOW_TO_HOSTOBS	e:to:SESSION-eead3829bc62f23e:host:172.234.197.23	SESSION-eead3829bc62f23e → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.64:asn:262880	host:177.10.233.64 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-5d4cb0f7560af550:host:131.196.30.169	SESSION-5d4cb0f7560af550 → host:131.196.30.169
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.120:asn:262880	host:177.10.235.120 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-35fcdb0ef59afc26:PCAP:capture_20260430080001:93f47cc296a4	SESSION-35fcdb0ef59afc26 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-d8d89328eefc28d4:host:172.234.197.23	SESSION-d8d89328eefc28d4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-030b2a260e8012dd:SESSION-030b2a260e8012dd	SESSION-030b2a260e8012dd → pe:syn:SESSION-030b2a260e8012dd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd524e1c02193f64:host:2.57.122.192	SESSION-fd524e1c02193f64 → host:2.57.122.192
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d0ac7328414c6be9:PCAP:capture_20260430090001:065659c7d314	SESSION-d0ac7328414c6be9 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2a33d29db5091f68:SESSION-2a33d29db5091f68	SESSION-2a33d29db5091f68 → pe:syn:SESSION-2a33d29db5091f68
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0aa7b6956faccec:host:45.173.156.14:host:172.234.197.23	SESSION-c0aa7b6956faccec → host:45.173.156.14 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6e6d70ae2d31fba9:PCAP:capture_20260430160001:9bfa4498506a	SESSION-6e6d70ae2d31fba9 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d9cfeb1a925e0c3:host:177.10.232.133	SESSION-8d9cfeb1a925e0c3 → host:177.10.232.133
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-928f584a0bc46099:host:172.234.197.23	SESSION-928f584a0bc46099 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e094b52f54dff79:host:172.234.197.23	SESSION-4e094b52f54dff79 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5e72c530de39a222:SESSION-5e72c530de39a222	SESSION-5e72c530de39a222 → pe:syn:SESSION-5e72c530de39a222
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cdf732629d327c4c:flow:0ae67350c986	SESSION-cdf732629d327c4c → flow:0ae67350c986
FLOW_TO_HOSTOBS	e:to:SESSION-cb29ab40cdae1c01:host:172.234.197.23	SESSION-cb29ab40cdae1c01 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d9c8489868c7191:host:172.234.197.23	SESSION-9d9c8489868c7191 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-acd63ec8ffcea8e7:host:131.196.29.228	SESSION-acd63ec8ffcea8e7 → host:131.196.29.228
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-95152bde385a2e89:host:131.196.28.249:host:172.234.197.23	SESSION-95152bde385a2e89 → host:131.196.28.249 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:05808b5dfe4c:port:tcp:443	flow:05808b5dfe4c → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-2d6545f001e19457:host:131.196.29.157	SESSION-2d6545f001e19457 → host:131.196.29.157
FLOW_DST_PORTOBS	e:fp:flow:c391a9c3646b:port:tcp:443	flow:c391a9c3646b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c92acfae26c49330:host:177.10.236.237	SESSION-c92acfae26c49330 → host:177.10.236.237
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-00968abd3a9eec7e:SESSION-00968abd3a9eec7e	SESSION-00968abd3a9eec7e → pe:tls:SESSION-00968abd3a9eec7e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d58e8fad9dafe114:host:131.196.28.178	SESSION-d58e8fad9dafe114 → host:131.196.28.178
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6a19fd3219cd89ed:PCAP:capture_20260428010001:b1b402c7b202	SESSION-6a19fd3219cd89ed → PCAP:capture_20260428010001:b1b402c7b202
FLOW_DST_PORTOBS	e:fp:flow:8985c0366690:port:tcp:52817	flow:8985c0366690 → port:tcp:52817
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.14:geo_-16.28860_-49.01640	host:177.10.235.14 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf0bb0d03710ab65:host:172.234.197.23	SESSION-bf0bb0d03710ab65 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.218:asn:262880	host:177.10.235.218 → asn:262880
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-b145e081d4e87ab3:BSG-BEACON-461f216927fb	SESSION-b145e081d4e87ab3 → BSG-BEACON-461f216927fb
FLOW_TO_HOSTOBS	e:to:SESSION-2d6be65d6480cd7d:host:172.234.197.23	SESSION-2d6be65d6480cd7d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b4af85088cb1b366:host:92.112.71.111:host:172.234.197.23	SESSION-b4af85088cb1b366 → host:92.112.71.111 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2505ce7e1d614150:host:172.234.197.23	SESSION-2505ce7e1d614150 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:184.171.210.134:asn:40788	host:184.171.210.134 → asn:40788
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c5a72a6fbc2381d:host:172.234.197.23	SESSION-1c5a72a6fbc2381d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c430ce1d88348c67:host:177.10.238.183	SESSION-c430ce1d88348c67 → host:177.10.238.183
FLOW_TO_HOSTOBS	e:to:SESSION-02836b6eb824cc45:host:131.196.30.98	SESSION-02836b6eb824cc45 → host:131.196.30.98
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4363548d57b1d6df:flow:772dd1b72f41	SESSION-4363548d57b1d6df → flow:772dd1b72f41
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b3ab5aeea0af112:host:172.234.197.23	SESSION-8b3ab5aeea0af112 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f74e1adaf7ce:port:tcp:443	flow:f74e1adaf7ce → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e45220a51eb759d9:PCAP:capture_20260430060001:919b39a74464	SESSION-e45220a51eb759d9 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64807579ab6c52ee:host:172.234.197.23	SESSION-64807579ab6c52ee → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9028600f4eef977b:SESSION-9028600f4eef977b	SESSION-9028600f4eef977b → pe:tls:SESSION-9028600f4eef977b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-44e6d66a0a0fb56e:SESSION-44e6d66a0a0fb56e	SESSION-44e6d66a0a0fb56e → pe:tls:SESSION-44e6d66a0a0fb56e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5fd776fee1455ee3:flow:28d075338728	SESSION-5fd776fee1455ee3 → flow:28d075338728
FLOW_FROM_HOSTOBS	e:from:SESSION-5644212eea272a87:host:16.171.255.229	SESSION-5644212eea272a87 → host:16.171.255.229
FLOW_TO_HOSTOBS	e:to:SESSION-6fda720fc6282204:host:172.234.197.23	SESSION-6fda720fc6282204 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-09e8a1451dd94c84:host:172.234.197.23	SESSION-09e8a1451dd94c84 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3f4f2e64710996bb:SESSION-3f4f2e64710996bb	SESSION-3f4f2e64710996bb → pe:syn:SESSION-3f4f2e64710996bb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8c94fcea26d4cb3:host:172.234.197.23	SESSION-c8c94fcea26d4cb3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1438472b9ed2	flow:1438472b9ed2 → host:131.196.29.138 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-280b0d78f93705fd:host:93.119.5.133:host:172.234.197.23	SESSION-280b0d78f93705fd → host:93.119.5.133 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e66594520e7edee5:flow:b827d514f40a	SESSION-e66594520e7edee5 → flow:b827d514f40a
FLOW_FROM_HOSTOBS	e:from:SESSION-25fe6bafaa94a84d:host:45.145.152.13	SESSION-25fe6bafaa94a84d → host:45.145.152.13
FLOW_DST_PORTOBS	e:fp:flow:2b94ecd8e2fd:port:tcp:443	flow:2b94ecd8e2fd → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-164cf6eccbbca478:SESSION-164cf6eccbbca478	SESSION-164cf6eccbbca478 → pe:syn:SESSION-164cf6eccbbca478
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.64:asn:262880	host:177.10.235.64 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.117:asn:203771	host:185.231.226.117 → asn:203771
flow_observed4-aryOBS	e:fo:flow:f7553640b4c3	flow:f7553640b4c3 → host:172.234.197.23 → host:177.10.237.18 → port:tcp:36879
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3759208ef2a99af0:host:172.234.197.23	SESSION-3759208ef2a99af0 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:fe000ddf248e	flow:fe000ddf248e → host:172.234.197.23 → host:177.10.232.157 → port:tcp:38634
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-54530aea57b72d0f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-54530aea57b72d0f → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-deb97792675d8a5d:SESSION-deb97792675d8a5d	SESSION-deb97792675d8a5d → pe:tls:SESSION-deb97792675d8a5d
FLOW_DST_PORTOBS	e:fp:flow:52d84ef17d07:port:tcp:443	flow:52d84ef17d07 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-921ff5b52f826cc0:flow:5cc135c6f42c	SESSION-921ff5b52f826cc0 → flow:5cc135c6f42c
FLOW_DST_PORTOBS	e:fp:flow:25a8e2ead68a:port:tcp:443	flow:25a8e2ead68a → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a108f3a8f652bd55:host:95.170.25.156:host:172.234.197.23	SESSION-a108f3a8f652bd55 → host:95.170.25.156 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c3db1a0404e21661:SESSION-c3db1a0404e21661	SESSION-c3db1a0404e21661 → pe:syn:SESSION-c3db1a0404e21661
FLOW_TO_HOSTOBS	e:to:SESSION-671ee03668a9eda8:host:177.10.239.252	SESSION-671ee03668a9eda8 → host:177.10.239.252
FLOW_TO_HOSTOBS	e:to:SESSION-44593e1f87cfdd92:host:172.234.197.23	SESSION-44593e1f87cfdd92 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:34b3e06e1c51:port:tcp:443	flow:34b3e06e1c51 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.160:geo_-16.28860_-49.01640	host:177.10.234.160 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3fdceaf69f291402:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3fdceaf69f291402 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:ae0b1076aadf:port:tcp:443	flow:ae0b1076aadf → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-60c160c47311ca12:PCAP:capture_20260428020001:ce87acd1c162	SESSION-60c160c47311ca12 → PCAP:capture_20260428020001:ce87acd1c162
FLOW_DST_PORTOBS	e:fp:flow:334395d16888:port:tcp:443	flow:334395d16888 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ba40ec67b0f6097:host:177.10.234.32	SESSION-0ba40ec67b0f6097 → host:177.10.234.32
FLOW_FROM_HOSTOBS	e:from:SESSION-28765694f1859e38:host:177.10.237.139	SESSION-28765694f1859e38 → host:177.10.237.139
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.206:asn:262880	host:177.10.236.206 → asn:262880
flow_observed5-aryOBS	e:fo:flow:47e0cd099035	flow:47e0cd099035 → host:131.196.30.9 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-9ce76aef4cf62c0f:host:172.234.197.23	SESSION-9ce76aef4cf62c0f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-403d8f142c86493c:host:172.234.197.23	SESSION-403d8f142c86493c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a4b062ac7956d3a5:host:172.234.197.23:host:177.10.237.199	SESSION-a4b062ac7956d3a5 → host:172.234.197.23 → host:177.10.237.199
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2505ce7e1d614150:SESSION-2505ce7e1d614150	SESSION-2505ce7e1d614150 → pe:syn:SESSION-2505ce7e1d614150
FLOW_FROM_HOSTOBS	e:from:SESSION-9be6dcd7d7b7ac03:host:45.145.152.248	SESSION-9be6dcd7d7b7ac03 → host:45.145.152.248
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-d694cf0080c35c2f:BSG-BEACON-9dd910990e79	SESSION-d694cf0080c35c2f → BSG-BEACON-9dd910990e79
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-687ff071deb77d90:SESSION-687ff071deb77d90	SESSION-687ff071deb77d90 → pe:tls:SESSION-687ff071deb77d90
FLOW_DST_PORTOBS	e:fp:flow:522b9f036c79:port:tcp:443	flow:522b9f036c79 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c9eb08591878d33c:flow:ffb76f649537	SESSION-c9eb08591878d33c → flow:ffb76f649537
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-86b4956d98680667:SESSION-86b4956d98680667	SESSION-86b4956d98680667 → pe:syn:SESSION-86b4956d98680667
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cdad751a34344e1:host:172.234.197.23	SESSION-6cdad751a34344e1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c88d7695016e6fbb:flow:cbaae6c0a7f8	SESSION-c88d7695016e6fbb → flow:cbaae6c0a7f8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a2e4fb28ad63a51c:SESSION-a2e4fb28ad63a51c	SESSION-a2e4fb28ad63a51c → pe:syn:SESSION-a2e4fb28ad63a51c
FLOW_FROM_HOSTOBS	e:from:SESSION-bea10d62e606d6ea:host:45.173.156.231	SESSION-bea10d62e606d6ea → host:45.173.156.231
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ae37191400d64fc:host:172.234.197.23	SESSION-2ae37191400d64fc → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.186:asn:262880	host:177.10.238.186 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b55fe86aa2a31ece:host:131.196.29.144	SESSION-b55fe86aa2a31ece → host:131.196.29.144
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e96c97861c631394:flow:b1606163ab99	SESSION-e96c97861c631394 → flow:b1606163ab99
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ae94ea8b15b44736:flow:a26eb909c0b2	SESSION-ae94ea8b15b44736 → flow:a26eb909c0b2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a4b43b46bbfc9c3:PCAP:capture_20260430080001:93f47cc296a4	SESSION-0a4b43b46bbfc9c3 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a87d3ab31183768a:host:95.170.25.90	SESSION-a87d3ab31183768a → host:95.170.25.90
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e48a8daff67bbc71:SESSION-e48a8daff67bbc71	SESSION-e48a8daff67bbc71 → pe:tls:SESSION-e48a8daff67bbc71
FLOW_TO_HOSTOBS	e:to:SESSION-4904f64e7943cb47:host:177.10.237.24	SESSION-4904f64e7943cb47 → host:177.10.237.24
flow_observed4-aryOBS	e:fo:flow:7ae497c2b143	flow:7ae497c2b143 → host:172.234.197.23 → host:177.10.238.54 → port:tcp:41984
FLOW_FROM_HOSTOBS	e:from:SESSION-b69e4016453478aa:host:199.16.157.182	SESSION-b69e4016453478aa → host:199.16.157.182
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eff9d1155e5c571f:SESSION-eff9d1155e5c571f	SESSION-eff9d1155e5c571f → pe:syn:SESSION-eff9d1155e5c571f
HOST_IN_ASNOBS 85%	e:ha:host:78.12.17.95:asn:16509	host:78.12.17.95 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-baee22f4fffa81d2:SESSION-baee22f4fffa81d2	SESSION-baee22f4fffa81d2 → pe:syn:SESSION-baee22f4fffa81d2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-469f9efa6316e344:host:157.180.84.94:host:172.234.197.23	SESSION-469f9efa6316e344 → host:157.180.84.94 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7828bb27afafcc71:host:131.196.30.185:host:172.234.197.23	SESSION-7828bb27afafcc71 → host:131.196.30.185 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:35a4b2c31d5d:port:tcp:64130	flow:35a4b2c31d5d → port:tcp:64130
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaa7799a31d50d65:host:172.234.197.23	SESSION-eaa7799a31d50d65 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f709c3d74e04443c:SESSION-f709c3d74e04443c	SESSION-f709c3d74e04443c → pe:syn:SESSION-f709c3d74e04443c
FLOW_FROM_HOSTOBS	e:from:SESSION-1a7a1da766d51711:host:172.234.197.23	SESSION-1a7a1da766d51711 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c0a0b196a018	flow:c0a0b196a018 → host:177.10.232.24 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:576f60128685:port:tcp:22886	flow:576f60128685 → port:tcp:22886
FLOW_FROM_HOSTOBS	e:from:SESSION-ead5791c5617fb56:host:45.173.156.109	SESSION-ead5791c5617fb56 → host:45.173.156.109
flow_observed5-aryOBS	e:fo:flow:e133ec05acd6	flow:e133ec05acd6 → host:131.196.29.34 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-620284e2b3f3a282:host:172.234.197.23:host:177.10.233.134	SESSION-620284e2b3f3a282 → host:172.234.197.23 → host:177.10.233.134
flow_observed4-aryOBS	e:fo:flow:bcafed8ac50c	flow:bcafed8ac50c → host:172.234.197.23 → host:177.10.234.120 → port:tcp:21457
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.234:geo_-23.62930_-46.63510	host:131.196.30.234 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-27ea3c16306f2f5f:host:177.10.232.234	SESSION-27ea3c16306f2f5f → host:177.10.232.234
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8405fabd9aa330c8:host:177.10.234.128:host:172.234.197.23	SESSION-8405fabd9aa330c8 → host:177.10.234.128 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-28a7ecee4eeacba6:BSG-BEACON-0536ad8c19a0	SESSION-28a7ecee4eeacba6 → BSG-BEACON-0536ad8c19a0
FLOW_FROM_HOSTOBS	e:from:SESSION-eb17861f5be52c2c:host:177.10.235.89	SESSION-eb17861f5be52c2c → host:177.10.235.89
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.140:geo_-23.62930_-46.63510	host:131.196.29.140 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-07a584f2a7f89f38:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-07a584f2a7f89f38 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-2b1032a47414de8d:host:177.10.235.175	SESSION-2b1032a47414de8d → host:177.10.235.175
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2348046789aa81fe:PCAP:capture_20260430150001:ded20914761d	SESSION-2348046789aa81fe → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f49b20c8baea20b:host:172.234.197.23	SESSION-9f49b20c8baea20b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9820f222b36503c3:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-9820f222b36503c3 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a650ad390b72264d:host:172.234.197.23	SESSION-a650ad390b72264d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c2927944fbf9fbe3:host:172.234.197.23:host:131.196.30.164	SESSION-c2927944fbf9fbe3 → host:172.234.197.23 → host:131.196.30.164
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-09d8680ca1ab1b1e:SESSION-09d8680ca1ab1b1e	SESSION-09d8680ca1ab1b1e → pe:rst:SESSION-09d8680ca1ab1b1e
FLOW_DST_PORTOBS	e:fp:flow:f01139f8d909:port:tcp:49660	flow:f01139f8d909 → port:tcp:49660
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-912f333ca4ce75c1:PCAP:capture_20260430070001:903a0e7a436b	SESSION-912f333ca4ce75c1 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ceaacc21db1a34ae:SESSION-ceaacc21db1a34ae	SESSION-ceaacc21db1a34ae → pe:tls:SESSION-ceaacc21db1a34ae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b55fe86aa2a31ece:SESSION-b55fe86aa2a31ece	SESSION-b55fe86aa2a31ece → pe:tls:SESSION-b55fe86aa2a31ece
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a20fc4ba13bfca4:PCAP:capture_20260430110001:43611bdf6759	SESSION-8a20fc4ba13bfca4 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:fe93b65145cc:port:tcp:443	flow:fe93b65145cc → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3417e991c57bd21:host:172.234.197.23	SESSION-a3417e991c57bd21 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0f3b543446abe714:flow:93c49d69a1fc	SESSION-0f3b543446abe714 → flow:93c49d69a1fc
FLOW_TO_HOSTOBS	e:to:SESSION-a6a106ff5da861ac:host:177.10.236.242	SESSION-a6a106ff5da861ac → host:177.10.236.242
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51cc268447a19ae7:host:177.10.238.102	SESSION-51cc268447a19ae7 → host:177.10.238.102
FLOW_DST_PORTOBS	e:fp:flow:ff13f598515d:port:tcp:7103	flow:ff13f598515d → port:tcp:7103
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4d673ded8fa5efc5:SESSION-4d673ded8fa5efc5	SESSION-4d673ded8fa5efc5 → pe:tls:SESSION-4d673ded8fa5efc5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.220:geo_-23.62930_-46.63510	host:131.196.29.220 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-424264fd6333414c:host:131.196.29.186:host:172.234.197.23	SESSION-424264fd6333414c → host:131.196.29.186 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3739e8b613327ce5:host:131.196.31.159	SESSION-3739e8b613327ce5 → host:131.196.31.159
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8d58c039fa1a1304:flow:092300811091	SESSION-8d58c039fa1a1304 → flow:092300811091
FLOW_TO_HOSTOBS	e:to:SESSION-07c97e671e348352:host:177.10.239.191	SESSION-07c97e671e348352 → host:177.10.239.191
flow_observed5-aryOBS	e:fo:flow:e3dbd0b1c026	flow:e3dbd0b1c026 → host:177.10.239.90 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:3202d09bb363:port:tcp:14731	flow:3202d09bb363 → port:tcp:14731
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b47e385ca946fd94:flow:270633e55f2d	SESSION-b47e385ca946fd94 → flow:270633e55f2d
FLOW_TO_HOSTOBS	e:to:SESSION-10d6a2736c7d59d6:host:172.234.197.23	SESSION-10d6a2736c7d59d6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c1436067dd70:port:tcp:443	flow:c1436067dd70 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-635c4a1226b6dd4e:host:131.196.28.130:host:172.234.197.23	SESSION-635c4a1226b6dd4e → host:131.196.28.130 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:688f8270244b	flow:688f8270244b → host:177.10.235.25 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-7679fd0fd118c12e:host:131.196.30.91	SESSION-7679fd0fd118c12e → host:131.196.30.91
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-586cf5bb6d743be1:SESSION-586cf5bb6d743be1	SESSION-586cf5bb6d743be1 → pe:syn:SESSION-586cf5bb6d743be1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f6c732897c2ca80c:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f6c732897c2ca80c → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e00c0cf74d0af603:SESSION-e00c0cf74d0af603	SESSION-e00c0cf74d0af603 → pe:tls:SESSION-e00c0cf74d0af603
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.254:geo_-23.62930_-46.63510	host:131.196.30.254 → geo_-23.62930_-46.63510
flow_observed3-aryOBS	e:fo:flow:3f70d1b6a98a	flow:3f70d1b6a98a → host:54.218.65.249 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f4d08df9b5b22c8b:host:172.234.197.23	SESSION-f4d08df9b5b22c8b → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-184aec41cea03479:BSG-BEACON-9f226d1d4d6f	SESSION-184aec41cea03479 → BSG-BEACON-9f226d1d4d6f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-07e54ca458e8eeab:SESSION-07e54ca458e8eeab	SESSION-07e54ca458e8eeab → pe:syn:SESSION-07e54ca458e8eeab
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d5d486009dccd362:host:172.234.197.23:host:131.196.28.242	SESSION-d5d486009dccd362 → host:172.234.197.23 → host:131.196.28.242
FLOW_TO_HOSTOBS	e:to:SESSION-67e118b3ac1b9481:host:172.234.197.23	SESSION-67e118b3ac1b9481 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c89e102c8b8b6c97:SESSION-c89e102c8b8b6c97	SESSION-c89e102c8b8b6c97 → pe:syn:SESSION-c89e102c8b8b6c97
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6dcc81ef5615b86c:host:177.10.234.104:host:172.234.197.23	SESSION-6dcc81ef5615b86c → host:177.10.234.104 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68b7f3c84c5e7661:host:177.10.236.236	SESSION-68b7f3c84c5e7661 → host:177.10.236.236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c874ff4a201372ef:SESSION-c874ff4a201372ef	SESSION-c874ff4a201372ef → pe:tls:SESSION-c874ff4a201372ef
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fed96f9f16ada01c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-fed96f9f16ada01c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6d3dc2c705a19d83:SESSION-6d3dc2c705a19d83	SESSION-6d3dc2c705a19d83 → pe:syn:SESSION-6d3dc2c705a19d83
FLOW_FROM_HOSTOBS	e:from:SESSION-bef16d9c79cba2c2:host:177.10.233.96	SESSION-bef16d9c79cba2c2 → host:177.10.233.96
FLOW_TO_HOSTOBS	e:to:SESSION-cefaeddbbade6b50:host:172.234.197.23	SESSION-cefaeddbbade6b50 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b32f5a9266c1045d:flow:cbfa9d763d6b	SESSION-b32f5a9266c1045d → flow:cbfa9d763d6b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-91c14db05e009245:host:45.173.156.153:host:172.234.197.23	SESSION-91c14db05e009245 → host:45.173.156.153 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1c21445b24cd8699:SESSION-1c21445b24cd8699	SESSION-1c21445b24cd8699 → pe:tls:SESSION-1c21445b24cd8699
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4fb4b7758d99e149:SESSION-4fb4b7758d99e149	SESSION-4fb4b7758d99e149 → pe:tls:SESSION-4fb4b7758d99e149
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c774247ce2f7d3db:PCAP:capture_20260430150001:ded20914761d	SESSION-c774247ce2f7d3db → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8b38e5755a85588:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c8b38e5755a85588 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-76b0da8a82e9902a:SESSION-76b0da8a82e9902a	SESSION-76b0da8a82e9902a → pe:syn:SESSION-76b0da8a82e9902a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ca819812f7c370c2:SESSION-ca819812f7c370c2	SESSION-ca819812f7c370c2 → pe:tls:SESSION-ca819812f7c370c2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a015ddbfdf91f569:host:172.234.197.23	SESSION-a015ddbfdf91f569 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d6c09b181dae043f:flow:b7489016e282	SESSION-d6c09b181dae043f → flow:b7489016e282
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ecb67f73d2142d93:SESSION-ecb67f73d2142d93	SESSION-ecb67f73d2142d93 → pe:syn:SESSION-ecb67f73d2142d93
FLOW_FROM_HOSTOBS	e:from:SESSION-c9d4e1b0711d4507:host:131.196.29.192	SESSION-c9d4e1b0711d4507 → host:131.196.29.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf8f9827f106db93:SESSION-bf8f9827f106db93	SESSION-bf8f9827f106db93 → pe:syn:SESSION-bf8f9827f106db93
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2634dc5934886659:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2634dc5934886659 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a498324f9fce7e9:flow:6b2b23d4f6b2	SESSION-0a498324f9fce7e9 → flow:6b2b23d4f6b2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e2f1e05754e84c30:SESSION-e2f1e05754e84c30	SESSION-e2f1e05754e84c30 → pe:syn:SESSION-e2f1e05754e84c30
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.97:asn:262880	host:177.10.233.97 → asn:262880
flow_observed4-aryOBS	e:fo:flow:7390756c80d4	flow:7390756c80d4 → host:172.234.197.23 → host:177.10.238.37 → port:tcp:10229
FLOW_DST_PORTOBS	e:fp:flow:c5a04b88e2dc:port:tcp:443	flow:c5a04b88e2dc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ac71782250ec9a1:SESSION-6ac71782250ec9a1	SESSION-6ac71782250ec9a1 → pe:syn:SESSION-6ac71782250ec9a1
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.52:asn:203771	host:37.221.79.52 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f7bf570ae8905fff:SESSION-f7bf570ae8905fff	SESSION-f7bf570ae8905fff → pe:tls:SESSION-f7bf570ae8905fff
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-81679789c998e700:host:177.10.235.169:host:172.234.197.23	SESSION-81679789c998e700 → host:177.10.235.169 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d17b7bdf4ae9fb2c:SESSION-d17b7bdf4ae9fb2c	SESSION-d17b7bdf4ae9fb2c → pe:tls:SESSION-d17b7bdf4ae9fb2c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.213:geo_-21.10010_-41.69200	host:45.173.156.213 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2f32bbf866d49408:flow:8edb3b96f7c4	SESSION-2f32bbf866d49408 → flow:8edb3b96f7c4
FLOW_DST_PORTOBS	e:fp:flow:d19d94f92718:port:tcp:443	flow:d19d94f92718 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2505ce7e1d614150:flow:d199e1c484ae	SESSION-2505ce7e1d614150 → flow:d199e1c484ae
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.231:geo_-16.28860_-49.01640	host:177.10.233.231 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-99a4fe376d3938fb:host:172.234.197.23	SESSION-99a4fe376d3938fb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c7635cd052466cdd:host:172.234.197.23	SESSION-c7635cd052466cdd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-40497d6996ef2088:SESSION-40497d6996ef2088	SESSION-40497d6996ef2088 → pe:syn:SESSION-40497d6996ef2088
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b679e6887c5a68a:PCAP:capture_20260430060001:919b39a74464	SESSION-7b679e6887c5a68a → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-de1a59c6958513ff:SESSION-de1a59c6958513ff	SESSION-de1a59c6958513ff → pe:tls:SESSION-de1a59c6958513ff
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0537be800f2fa6cb:host:45.173.156.110	SESSION-0537be800f2fa6cb → host:45.173.156.110
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0efcb065a58cc475:host:172.234.197.23	SESSION-0efcb065a58cc475 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5b7f4612f7527a5d:SESSION-5b7f4612f7527a5d	SESSION-5b7f4612f7527a5d → pe:tls:SESSION-5b7f4612f7527a5d
FLOW_TO_HOSTOBS	e:to:SESSION-4c0e63fa095433d2:host:177.10.237.82	SESSION-4c0e63fa095433d2 → host:177.10.237.82
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9729058a0ea02937:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9729058a0ea02937 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1bd78fd10af70dea:host:172.234.197.23:host:131.196.29.25	SESSION-1bd78fd10af70dea → host:172.234.197.23 → host:131.196.29.25
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-93e5d317492a213b:SESSION-93e5d317492a213b	SESSION-93e5d317492a213b → pe:tls:SESSION-93e5d317492a213b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be868fb861e0a1c8:PCAP:capture_20260430070001:903a0e7a436b	SESSION-be868fb861e0a1c8 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.159:geo_-16.28860_-49.01640	host:177.10.239.159 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:7baba6975c1f	flow:7baba6975c1f → host:45.173.156.207 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0cd9b8959e0e89e:host:45.173.156.188	SESSION-d0cd9b8959e0e89e → host:45.173.156.188
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ffb3444ca3f5caf:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1ffb3444ca3f5caf → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47982c1c81b3c1d7:host:44.244.28.93	SESSION-47982c1c81b3c1d7 → host:44.244.28.93
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1739bca4a014ab7e:host:80.94.92.182:host:172.234.197.23	SESSION-1739bca4a014ab7e → host:80.94.92.182 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-25fe6bafaa94a84d:SESSION-25fe6bafaa94a84d	SESSION-25fe6bafaa94a84d → pe:rst:SESSION-25fe6bafaa94a84d
FLOW_TO_HOSTOBS	e:to:SESSION-7391507b773a5722:host:172.234.197.23	SESSION-7391507b773a5722 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fd2a5925828b8076:PCAP:capture_20260430070001:903a0e7a436b	SESSION-fd2a5925828b8076 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ccb8c7743352cfdc:SESSION-ccb8c7743352cfdc	SESSION-ccb8c7743352cfdc → pe:tls:SESSION-ccb8c7743352cfdc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9d0c24f0912a7520:SESSION-9d0c24f0912a7520	SESSION-9d0c24f0912a7520 → pe:tls:SESSION-9d0c24f0912a7520
FLOW_FROM_HOSTOBS	e:from:SESSION-28d2d0e8afd37453:host:45.173.156.164	SESSION-28d2d0e8afd37453 → host:45.173.156.164
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.216:geo_-16.28860_-49.01640	host:177.10.234.216 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-dbe0692b3b05f921:host:172.234.197.23	SESSION-dbe0692b3b05f921 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:e1c367b611de:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:e1c367b611de → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85383edd293fa3f5:host:131.196.30.247	SESSION-85383edd293fa3f5 → host:131.196.30.247
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8684436ffb4e26c7:SESSION-8684436ffb4e26c7	SESSION-8684436ffb4e26c7 → pe:tls:SESSION-8684436ffb4e26c7
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.138:asn:273470	host:45.173.156.138 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-6c92176ee8d876ba:host:45.173.156.80	SESSION-6c92176ee8d876ba → host:45.173.156.80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9eb3af12cfff0086:host:177.10.238.88:host:172.234.197.23	SESSION-9eb3af12cfff0086 → host:177.10.238.88 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6a304c3ca72ee3e7:SESSION-6a304c3ca72ee3e7	SESSION-6a304c3ca72ee3e7 → pe:tls:SESSION-6a304c3ca72ee3e7
FLOW_TO_HOSTOBS	e:to:SESSION-0758ca9101405049:host:177.10.239.35	SESSION-0758ca9101405049 → host:177.10.239.35
ASN_IN_ORGOBS 80%	e:ao:asn:63949:org:Akamai Connected Cloud	asn:63949 → org:Akamai Connected Cloud
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-69461a2f3e15a448:flow:41192bbe866c	SESSION-69461a2f3e15a448 → flow:41192bbe866c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-825be4419cbefff8:SESSION-825be4419cbefff8	SESSION-825be4419cbefff8 → pe:syn:SESSION-825be4419cbefff8
flow_observed5-aryOBS	e:fo:flow:c65ffce57077	flow:c65ffce57077 → host:177.10.233.121 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-516e4259bbcb51e8:host:172.234.197.23	SESSION-516e4259bbcb51e8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e79bdabe92472fb:flow:3791da589f61	SESSION-4e79bdabe92472fb → flow:3791da589f61
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0c0cdf691d2bdc12:host:177.10.233.39:host:172.234.197.23	SESSION-0c0cdf691d2bdc12 → host:177.10.233.39 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1af702d2aa4c9d9d:host:177.10.234.153:host:172.234.197.23	SESSION-1af702d2aa4c9d9d → host:177.10.234.153 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:10d37126a494:port:tcp:443	flow:10d37126a494 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-7c6580975a2d7416:host:172.234.197.23	SESSION-7c6580975a2d7416 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ef6a8df5e96a:port:tcp:443	flow:ef6a8df5e96a → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.60:geo_-23.62930_-46.63510	host:131.196.31.60 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:bc02f6212fca:port:tcp:47421	flow:bc02f6212fca → port:tcp:47421
FLOW_TO_HOSTOBS	e:to:SESSION-cd0176ca8d9bf386:host:172.234.197.23	SESSION-cd0176ca8d9bf386 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4dc0a9d4d6e7897:flow:4c57767f623d	SESSION-d4dc0a9d4d6e7897 → flow:4c57767f623d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c97208f3d5d9be26:host:172.234.197.23	SESSION-c97208f3d5d9be26 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4002f150bb6dd768:host:172.234.197.23	SESSION-4002f150bb6dd768 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.253:asn:262880	host:177.10.233.253 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7034c460bd0f5720:flow:c532203a3a00	SESSION-7034c460bd0f5720 → flow:c532203a3a00
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1fb163f3769ccb67:SESSION-1fb163f3769ccb67	SESSION-1fb163f3769ccb67 → pe:tls:SESSION-1fb163f3769ccb67
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-67ec60ac13d58093:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-67ec60ac13d58093 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bef335bbd7bd0f49:SESSION-bef335bbd7bd0f49	SESSION-bef335bbd7bd0f49 → pe:tls:SESSION-bef335bbd7bd0f49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0bc704eff4d88e9:SESSION-c0bc704eff4d88e9	SESSION-c0bc704eff4d88e9 → pe:tls:SESSION-c0bc704eff4d88e9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-164d60043533ec4c:SESSION-164d60043533ec4c	SESSION-164d60043533ec4c → pe:tls:SESSION-164d60043533ec4c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.81:geo_-23.62930_-46.63510	host:131.196.28.81 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-28e21153f6abb648:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-28e21153f6abb648 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:306fbd5f32f8:port:tcp:443	flow:306fbd5f32f8 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e1fcfb1c4254c4b:host:172.234.197.23	SESSION-8e1fcfb1c4254c4b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d5d249db6ec3f34e:SESSION-d5d249db6ec3f34e	SESSION-d5d249db6ec3f34e → pe:syn:SESSION-d5d249db6ec3f34e
FLOW_DST_PORTOBS	e:fp:flow:8d77ac2ddff6:port:tcp:443	flow:8d77ac2ddff6 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-7a9739ecc8b00e90:host:177.10.235.109	SESSION-7a9739ecc8b00e90 → host:177.10.235.109
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d9537ea92aed5d6:host:172.234.197.23	SESSION-7d9537ea92aed5d6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23deab886ec517b0:host:172.234.197.23	SESSION-23deab886ec517b0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-391d28a36308a996:SESSION-391d28a36308a996	SESSION-391d28a36308a996 → pe:tls:SESSION-391d28a36308a996
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b420826720a06333:flow:b6d5152a3f3a	SESSION-b420826720a06333 → flow:b6d5152a3f3a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb2ab3101d5e046e:host:131.196.31.74	SESSION-cb2ab3101d5e046e → host:131.196.31.74
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-999a3a68382b7707:SESSION-999a3a68382b7707	SESSION-999a3a68382b7707 → pe:syn:SESSION-999a3a68382b7707
FLOW_DST_PORTOBS	e:fp:flow:6923abe353e1:port:tcp:443	flow:6923abe353e1 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fce80bc522afcc8b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-fce80bc522afcc8b → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-1c21445b24cd8699:host:177.10.235.186	SESSION-1c21445b24cd8699 → host:177.10.235.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf1647bbc272aaf8:host:172.234.197.23	SESSION-bf1647bbc272aaf8 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.201:geo_-16.28860_-49.01640	host:177.10.238.201 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3fa41b89da3fc0a6:host:172.234.197.23:host:177.10.232.136	SESSION-3fa41b89da3fc0a6 → host:172.234.197.23 → host:177.10.232.136
FLOW_TO_HOSTOBS	e:to:SESSION-e40cfbe40dbbe2d2:host:131.196.31.220	SESSION-e40cfbe40dbbe2d2 → host:131.196.31.220
flow_observed5-aryOBS	e:fo:flow:3ca25dda4ddb	flow:3ca25dda4ddb → host:177.10.232.136 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-29fae5326f4697b4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-29fae5326f4697b4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-b7f9cc68ffb76114:host:177.10.236.250	SESSION-b7f9cc68ffb76114 → host:177.10.236.250
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c430ce1d88348c67:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c430ce1d88348c67 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-71d059e3750765d4:SESSION-71d059e3750765d4	SESSION-71d059e3750765d4 → pe:tls:SESSION-71d059e3750765d4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0be6cf40df30cb93:host:177.10.239.249:host:172.234.197.23	SESSION-0be6cf40df30cb93 → host:177.10.239.249 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be09ba54da571689:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-be09ba54da571689 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-da64f1d11a78111b:host:172.234.197.23	SESSION-da64f1d11a78111b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.153:geo_-23.62930_-46.63510	host:131.196.29.153 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-11da84003d7810c4:SESSION-11da84003d7810c4	SESSION-11da84003d7810c4 → pe:tls:SESSION-11da84003d7810c4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-28e949edc1bba418:SESSION-28e949edc1bba418	SESSION-28e949edc1bba418 → pe:tls:SESSION-28e949edc1bba418
flow_observed5-aryOBS	e:fo:flow:ba936f422e0d	flow:ba936f422e0d → host:177.10.232.148 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ac71782250ec9a1:host:172.234.197.23	SESSION-6ac71782250ec9a1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fa9dc0f394726313:SESSION-fa9dc0f394726313	SESSION-fa9dc0f394726313 → pe:syn:SESSION-fa9dc0f394726313
flow_observed5-aryOBS	e:fo:flow:074dd4a6e3c7	flow:074dd4a6e3c7 → host:45.173.156.179 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:8e045676cfe0	flow:8e045676cfe0 → host:177.10.239.126 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-18af1f65a173a9cf:host:172.234.197.23	SESSION-18af1f65a173a9cf → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0bf5b48d5bcb9503:flow:a4f5157605f3	SESSION-0bf5b48d5bcb9503 → flow:a4f5157605f3
FLOW_TO_HOSTOBS	e:to:SESSION-4b068e0f016ef609:host:172.234.197.23	SESSION-4b068e0f016ef609 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8693b808e1d6b7d:host:172.234.197.23	SESSION-b8693b808e1d6b7d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d96211015a0fddb9:host:172.234.197.23:host:177.10.239.88	SESSION-d96211015a0fddb9 → host:172.234.197.23 → host:177.10.239.88
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.24:asn:271410	host:131.196.30.24 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ecb9e93c79a4bef:host:172.234.197.23	SESSION-3ecb9e93c79a4bef → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0bcd74883eff8339:PCAP:capture_20260430050001:8868731bf8a4	SESSION-0bcd74883eff8339 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ff331192f9cad8b9:SESSION-ff331192f9cad8b9	SESSION-ff331192f9cad8b9 → pe:syn:SESSION-ff331192f9cad8b9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a5bede5fedae88e0:host:177.10.237.32:host:172.234.197.23	SESSION-a5bede5fedae88e0 → host:177.10.237.32 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.21:asn:262880	host:177.10.235.21 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.96:asn:262880	host:177.10.233.96 → asn:262880
flow_observed4-aryOBS	e:fo:flow:902492c89b6a	flow:902492c89b6a → host:172.234.197.23 → host:131.196.28.0 → port:tcp:53519
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-25fe6bafaa94a84d:SESSION-25fe6bafaa94a84d	SESSION-25fe6bafaa94a84d → pe:syn:SESSION-25fe6bafaa94a84d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65f6be25ebaee411:host:131.196.30.145:host:172.234.197.23	SESSION-65f6be25ebaee411 → host:131.196.30.145 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b72f7dde05c7e1dd:host:177.10.238.190:host:172.234.197.23	SESSION-b72f7dde05c7e1dd → host:177.10.238.190 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:122574939bbc:port:tcp:443	flow:122574939bbc → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-9e13bed2218b0a9f:host:177.10.233.208	SESSION-9e13bed2218b0a9f → host:177.10.233.208
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ed760af2d8fedd4:host:131.196.31.187:host:172.234.197.23	SESSION-2ed760af2d8fedd4 → host:131.196.31.187 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.40:geo_-16.28860_-49.01640	host:177.10.235.40 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0bf80193393b0fad:PCAP:capture_20260430080001:93f47cc296a4	SESSION-0bf80193393b0fad → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ad468f8fa72444f5:PCAP:capture_20260430050001:8868731bf8a4	SESSION-ad468f8fa72444f5 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-3fa29bafd0740f46:host:172.234.197.23	SESSION-3fa29bafd0740f46 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:5a1d419b7031	flow:5a1d419b7031 → host:172.234.197.23 → host:131.196.29.61 → port:tcp:56692
flow_observed5-aryOBS	e:fo:flow:d24a1eb66a56	flow:d24a1eb66a56 → host:177.10.236.235 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d5969e9f81f277f3:SESSION-d5969e9f81f277f3	SESSION-d5969e9f81f277f3 → pe:tls:SESSION-d5969e9f81f277f3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ecc0c586896302d2:host:172.234.197.23:host:177.10.233.124	SESSION-ecc0c586896302d2 → host:172.234.197.23 → host:177.10.233.124
FLOW_TO_HOSTOBS	e:to:SESSION-6a9e4c3921500675:host:172.234.197.23	SESSION-6a9e4c3921500675 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-347bad418eab3a6f:host:172.234.197.23	SESSION-347bad418eab3a6f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f70b0605ff5c8685:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f70b0605ff5c8685 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-a5bede5fedae88e0:host:172.234.197.23	SESSION-a5bede5fedae88e0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5da0813b370b7e29:host:13.208.213.50	SESSION-5da0813b370b7e29 → host:13.208.213.50
FLOW_TO_HOSTOBS	e:to:SESSION-9e0dcae8b099ffa5:host:172.234.197.23	SESSION-9e0dcae8b099ffa5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59d5bafa56d514c9:host:45.173.156.31	SESSION-59d5bafa56d514c9 → host:45.173.156.31
flow_observed5-aryOBS	e:fo:flow:96a000e25c40	flow:96a000e25c40 → host:131.196.28.204 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73eca1f22df524d3:host:104.28.234.78	SESSION-73eca1f22df524d3 → host:104.28.234.78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb7c4827354230c4:host:45.173.156.69	SESSION-bb7c4827354230c4 → host:45.173.156.69
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9028600f4eef977b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-9028600f4eef977b → PCAP:capture_20260430100001:55715ebbe6bf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.159:geo_-23.62930_-46.63510	host:131.196.29.159 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0246a8b70a825de:host:172.234.197.23	SESSION-d0246a8b70a825de → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.184:geo_-16.28860_-49.01640	host:177.10.233.184 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ee4167cf60ac81c3:host:172.234.197.23:host:131.196.29.107	SESSION-ee4167cf60ac81c3 → host:172.234.197.23 → host:131.196.29.107
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-692dce6abc85c058:host:172.234.197.23:host:131.196.31.17	SESSION-692dce6abc85c058 → host:172.234.197.23 → host:131.196.31.17
FLOW_FROM_HOSTOBS	e:from:SESSION-97bd7f793ae0ea11:host:45.173.156.159	SESSION-97bd7f793ae0ea11 → host:45.173.156.159
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.206:asn:262880	host:177.10.234.206 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-0e323950505f0871:host:172.234.197.23	SESSION-0e323950505f0871 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4289737814dbd64:flow:94d0973c3a82	SESSION-c4289737814dbd64 → flow:94d0973c3a82
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9f0699d4f0c2d48e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-9f0699d4f0c2d48e → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed4-aryOBS	e:fo:flow:3406130d707d	flow:3406130d707d → host:172.234.197.23 → host:177.10.233.24 → port:tcp:29930
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0d59ff2f2672e21c:host:172.234.197.23:host:177.10.236.161	SESSION-0d59ff2f2672e21c → host:172.234.197.23 → host:177.10.236.161
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c178d8ef65578b24:flow:f67dd3d7a905	SESSION-c178d8ef65578b24 → flow:f67dd3d7a905
FLOW_DST_PORTOBS	e:fp:flow:bf711ea5c82f:port:tcp:41091	flow:bf711ea5c82f → port:tcp:41091
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5c7330336192768:flow:1e0297185954	SESSION-b5c7330336192768 → flow:1e0297185954
flow_observed5-aryOBS	e:fo:flow:8660b7a7acd6	flow:8660b7a7acd6 → host:131.196.29.164 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-662271688fa2b491:SESSION-662271688fa2b491	SESSION-662271688fa2b491 → pe:syn:SESSION-662271688fa2b491
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d436d9a2a0e2483:host:172.234.197.23	SESSION-7d436d9a2a0e2483 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5739ac8f3bafac6c:flow:28f3f26a1ea2	SESSION-5739ac8f3bafac6c → flow:28f3f26a1ea2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b8107d9388b9d334:SESSION-b8107d9388b9d334	SESSION-b8107d9388b9d334 → pe:syn:SESSION-b8107d9388b9d334
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0046a1ddb04bc0f7:SESSION-0046a1ddb04bc0f7	SESSION-0046a1ddb04bc0f7 → pe:tls:SESSION-0046a1ddb04bc0f7
flow_observed4-aryOBS	e:fo:flow:b3d67977a2fe	flow:b3d67977a2fe → host:172.234.197.23 → host:177.10.232.134 → port:tcp:49833
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-41d09b35a7c7bf56:flow:9566befee33d	SESSION-41d09b35a7c7bf56 → flow:9566befee33d
FLOW_FROM_HOSTOBS	e:from:SESSION-e28b3ef52579af3b:host:172.234.197.23	SESSION-e28b3ef52579af3b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0553c47d8718786a:host:172.234.197.23	SESSION-0553c47d8718786a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:098d80ed7006:port:tcp:3045	flow:098d80ed7006 → port:tcp:3045
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de8058bfaf7cddb8:host:172.234.197.23	SESSION-de8058bfaf7cddb8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a74ed405a2a2	flow:a74ed405a2a2 → host:177.10.235.1 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aab54ece2b0af0b4:host:177.10.237.114	SESSION-aab54ece2b0af0b4 → host:177.10.237.114
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f7bf570ae8905fff:flow:6f91a0bc6116	SESSION-f7bf570ae8905fff → flow:6f91a0bc6116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77a13185d72dec11:host:177.10.234.156	SESSION-77a13185d72dec11 → host:177.10.234.156
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a486ebfba002f553:host:177.10.234.45:host:172.234.197.23	SESSION-a486ebfba002f553 → host:177.10.234.45 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.7:asn:262880	host:177.10.238.7 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.24:asn:262880	host:177.10.239.24 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b0fec424d0db7c3:host:45.173.156.57:host:172.234.197.23	SESSION-7b0fec424d0db7c3 → host:45.173.156.57 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7fb420f75ffa7d0f:host:172.234.197.23	SESSION-7fb420f75ffa7d0f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4274b947f0e0:port:tcp:443	flow:4274b947f0e0 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-84d5ccfdbe119076:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-84d5ccfdbe119076 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed4-aryOBS	e:fo:flow:df175b99d66e	flow:df175b99d66e → host:172.234.197.23 → host:177.10.234.60 → port:tcp:2864
FLOW_DST_PORTOBS	e:fp:flow:7936992fc196:port:tcp:443	flow:7936992fc196 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-e6b70cce2b53886b:host:172.234.197.23	SESSION-e6b70cce2b53886b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be4f81bef58a140b:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-be4f81bef58a140b → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-413ea94c965ce051:SESSION-413ea94c965ce051	SESSION-413ea94c965ce051 → pe:tls:SESSION-413ea94c965ce051
FLOW_TO_HOSTOBS	e:to:SESSION-ed55c24c9ffd87b5:host:172.234.197.23	SESSION-ed55c24c9ffd87b5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-112f4fdeb678f643:host:172.234.197.23	SESSION-112f4fdeb678f643 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d3ff3dcf229051b:host:131.196.31.222	SESSION-2d3ff3dcf229051b → host:131.196.31.222
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-26f197960c59c7f7:PCAP:capture_20260430160001:9bfa4498506a	SESSION-26f197960c59c7f7 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-710eb7de55f51893:host:177.10.238.56	SESSION-710eb7de55f51893 → host:177.10.238.56
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-620284e2b3f3a282:host:172.234.197.23	SESSION-620284e2b3f3a282 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-587fbc18dc61ddb0:SESSION-587fbc18dc61ddb0	SESSION-587fbc18dc61ddb0 → pe:tls:SESSION-587fbc18dc61ddb0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-635c4a1226b6dd4e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-635c4a1226b6dd4e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-53fb5011e3d13c28:host:172.234.197.23	SESSION-53fb5011e3d13c28 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a6d1acf39452c448:SESSION-a6d1acf39452c448	SESSION-a6d1acf39452c448 → pe:syn:SESSION-a6d1acf39452c448
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.232:geo_-16.28860_-49.01640	host:177.10.239.232 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6713221fe5694a6d:SESSION-6713221fe5694a6d	SESSION-6713221fe5694a6d → pe:tls:SESSION-6713221fe5694a6d
FLOW_TO_HOSTOBS	e:to:SESSION-69ac7334931bf6c1:host:172.234.197.23	SESSION-69ac7334931bf6c1 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.11:asn:262880	host:177.10.237.11 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-0ea34ef73cf330d2:host:177.10.235.58	SESSION-0ea34ef73cf330d2 → host:177.10.235.58
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4354e5bc798bd13a:host:177.10.234.99:host:172.234.197.23	SESSION-4354e5bc798bd13a → host:177.10.234.99 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8224ed8c82963e52:host:131.196.28.81:host:172.234.197.23	SESSION-8224ed8c82963e52 → host:131.196.28.81 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2479e88ee1ee68c6:host:172.234.197.23:host:177.10.239.84	SESSION-2479e88ee1ee68c6 → host:172.234.197.23 → host:177.10.239.84
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.37:asn:262880	host:177.10.234.37 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-bc6a5831c46f644f:host:172.234.197.23	SESSION-bc6a5831c46f644f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8c3d14af1a5eb503:SESSION-8c3d14af1a5eb503	SESSION-8c3d14af1a5eb503 → pe:tls:SESSION-8c3d14af1a5eb503
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dedab35c401db9fa:host:177.10.239.84	SESSION-dedab35c401db9fa → host:177.10.239.84
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b2474eb623db0155:host:172.234.197.23:host:131.196.30.9	SESSION-b2474eb623db0155 → host:172.234.197.23 → host:131.196.30.9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-862fcc949d847857:host:177.10.237.158:host:172.234.197.23	SESSION-862fcc949d847857 → host:177.10.237.158 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c7dc5afda64e	flow:c7dc5afda64e → host:177.10.235.227 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:c4efba82fdeb:port:tcp:80	flow:c4efba82fdeb → port:tcp:80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-17084582559fbd8c:SESSION-17084582559fbd8c	SESSION-17084582559fbd8c → pe:syn:SESSION-17084582559fbd8c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22ef7e58c288a4dd:host:177.10.235.171	SESSION-22ef7e58c288a4dd → host:177.10.235.171
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-082f90538556b940:host:131.196.29.144	SESSION-082f90538556b940 → host:131.196.29.144
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-526fa727f8be74e3:PCAP:capture_20260430050001:8868731bf8a4	SESSION-526fa727f8be74e3 → PCAP:capture_20260430050001:8868731bf8a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.51:asn:262880	host:177.10.234.51 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a20ec48656879fce:host:131.196.31.58	SESSION-a20ec48656879fce → host:131.196.31.58
FLOW_TO_HOSTOBS	e:to:SESSION-4defafdd27769097:host:172.234.197.23	SESSION-4defafdd27769097 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6299cf50d0e2e558:host:172.234.197.23	SESSION-6299cf50d0e2e558 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5972a3b732445423:host:172.234.197.23	SESSION-5972a3b732445423 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ce2566c1c98d1aed:host:172.234.197.23:host:131.196.31.198	SESSION-ce2566c1c98d1aed → host:172.234.197.23 → host:131.196.31.198
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bd657e34d2536dc9:SESSION-bd657e34d2536dc9	SESSION-bd657e34d2536dc9 → pe:syn:SESSION-bd657e34d2536dc9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-168a40fae7c0f56d:host:177.10.236.77	SESSION-168a40fae7c0f56d → host:177.10.236.77
FLOW_TO_HOSTOBS	e:to:SESSION-0caa41ae62241956:host:172.234.197.23	SESSION-0caa41ae62241956 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b2f4e26cdd4a:port:tcp:443	flow:b2f4e26cdd4a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-67ec60ac13d58093:host:172.234.197.23	SESSION-67ec60ac13d58093 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ebb29f0c8a91fe62:host:177.10.233.82	SESSION-ebb29f0c8a91fe62 → host:177.10.233.82
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-381f999774715cfc:PCAP:capture_20260430110001:43611bdf6759	SESSION-381f999774715cfc → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4385c2f73c2ee0db:host:177.10.237.244:host:172.234.197.23	SESSION-4385c2f73c2ee0db → host:177.10.237.244 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-750eaff924399322:flow:b63d48cce5f5	SESSION-750eaff924399322 → flow:b63d48cce5f5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2d2e0adb85f8f3e:host:172.234.197.23	SESSION-d2d2e0adb85f8f3e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-94e95046da2771ab:PCAP:capture_20260430150001:ded20914761d	SESSION-94e95046da2771ab → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5ba8512040d3b37b:SESSION-5ba8512040d3b37b	SESSION-5ba8512040d3b37b → pe:syn:SESSION-5ba8512040d3b37b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6459c4621d226611:host:172.234.197.23	SESSION-6459c4621d226611 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cf40158902d38ce6:host:177.10.236.79:host:172.234.197.23	SESSION-cf40158902d38ce6 → host:177.10.236.79 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b3b10ff846570e8:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-5b3b10ff846570e8 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.51:asn:262880	host:177.10.235.51 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b875e262090a3924:host:131.196.28.167:host:172.234.197.23	SESSION-b875e262090a3924 → host:131.196.28.167 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e167d585a8e48501:host:177.10.232.170	SESSION-e167d585a8e48501 → host:177.10.232.170
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b0b067dd86042d0a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-b0b067dd86042d0a → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed4-aryOBS	e:fo:flow:f73d7d2f1a01	flow:f73d7d2f1a01 → host:172.234.197.23 → host:177.10.238.209 → port:tcp:50416
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a1214f59f834d98:flow:c3499df4b83e	SESSION-8a1214f59f834d98 → flow:c3499df4b83e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4066f36b6ded169d:host:172.234.197.23	SESSION-4066f36b6ded169d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-97d8ab6142f53424:SESSION-97d8ab6142f53424	SESSION-97d8ab6142f53424 → pe:syn:SESSION-97d8ab6142f53424
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e5a2ddb999c90e17:SESSION-e5a2ddb999c90e17	SESSION-e5a2ddb999c90e17 → pe:tls:SESSION-e5a2ddb999c90e17
FLOW_DST_PORTOBS	e:fp:flow:24b7095746b6:port:tcp:443	flow:24b7095746b6 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.71:asn:262880	host:177.10.234.71 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5b045e9fec039082:SESSION-5b045e9fec039082	SESSION-5b045e9fec039082 → pe:tls:SESSION-5b045e9fec039082
FLOW_FROM_HOSTOBS	e:from:SESSION-d0cb11649434d08c:host:177.10.232.196	SESSION-d0cb11649434d08c → host:177.10.232.196
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ec91eda6d4bd732e:SESSION-ec91eda6d4bd732e	SESSION-ec91eda6d4bd732e → pe:syn:SESSION-ec91eda6d4bd732e
FLOW_DST_PORTOBS	e:fp:flow:caa84e800b07:port:tcp:443	flow:caa84e800b07 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bfd9e24a99b67097:host:172.234.197.23:host:177.10.239.133	SESSION-bfd9e24a99b67097 → host:172.234.197.23 → host:177.10.239.133
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85d2db504e73f17a:host:172.234.197.23	SESSION-85d2db504e73f17a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:953e707e2c3e:port:tcp:443	flow:953e707e2c3e → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:3ba452c5658f	flow:3ba452c5658f → host:177.10.237.211 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2aa7e55175462248:PCAP:capture_20260430070001:903a0e7a436b	SESSION-2aa7e55175462248 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ba1793b4e05c9885:host:131.196.30.28	SESSION-ba1793b4e05c9885 → host:131.196.30.28
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2240076057fcee51:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-2240076057fcee51 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:e4d25df52436	flow:e4d25df52436 → host:45.173.156.63 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-1362b7f51908925c:host:131.196.29.237	SESSION-1362b7f51908925c → host:131.196.29.237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de8058bfaf7cddb8:host:177.10.237.97	SESSION-de8058bfaf7cddb8 → host:177.10.237.97
FLOW_FROM_HOSTOBS	e:from:SESSION-1c21445b24cd8699:host:172.234.197.23	SESSION-1c21445b24cd8699 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d8b43bd836a1:port:tcp:443	flow:d8b43bd836a1 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85172baad8a91878:host:172.234.197.23	SESSION-85172baad8a91878 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.113:geo_-16.28860_-49.01640	host:177.10.235.113 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dd8a89b380cdaceb:flow:8655dfcab066	SESSION-dd8a89b380cdaceb → flow:8655dfcab066
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-478ebcd540b5d0ef:SESSION-478ebcd540b5d0ef	SESSION-478ebcd540b5d0ef → pe:syn:SESSION-478ebcd540b5d0ef
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a886511518ded078:flow:60fb94c5157b	SESSION-a886511518ded078 → flow:60fb94c5157b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-786e34aed7c64f61:host:172.234.197.23:host:131.196.28.0	SESSION-786e34aed7c64f61 → host:172.234.197.23 → host:131.196.28.0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-352588f71ded414b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-352588f71ded414b → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-2139588c74105d1b:host:172.234.197.23	SESSION-2139588c74105d1b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe8896cc58e0f0aa:host:131.196.29.166	SESSION-fe8896cc58e0f0aa → host:131.196.29.166
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-62b0720ae8fecbf5:host:45.173.156.233:host:172.234.197.23	SESSION-62b0720ae8fecbf5 → host:45.173.156.233 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0bc55e1159bab546:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0bc55e1159bab546 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-5f4a8961dba27f33:BSG-BEACON-a8a8c3c8a37f	SESSION-5f4a8961dba27f33 → BSG-BEACON-a8a8c3c8a37f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3676532bb2f3ac59:host:131.196.31.90:host:172.234.197.23	SESSION-3676532bb2f3ac59 → host:131.196.31.90 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aae7a2cdf7b4e8cc:host:172.234.197.23	SESSION-aae7a2cdf7b4e8cc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6634561e4b2b2821:host:177.10.238.122	SESSION-6634561e4b2b2821 → host:177.10.238.122
flow_observed5-aryOBS	e:fo:flow:98a069ef4edd	flow:98a069ef4edd → host:177.10.238.250 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-55794f9e7b1a9e7f:host:172.234.197.23	SESSION-55794f9e7b1a9e7f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-41c6e0b91a3149eb:host:172.234.197.23	SESSION-41c6e0b91a3149eb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5bd73118ac3f9f7:host:172.234.197.23	SESSION-b5bd73118ac3f9f7 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.249:asn:262880	host:177.10.238.249 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:22d7649bfc2b:port:tcp:26757	flow:22d7649bfc2b → port:tcp:26757
FLOW_TLS_SNIOBS	e:fs:flow:d7065e22830f:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:d7065e22830f → tls_sni:172-234-197-23.ip.linodeusercontent.com
flow_observed4-aryOBS	e:fo:flow:eeee15d6a3f1	flow:eeee15d6a3f1 → host:172.234.197.23 → host:131.196.30.5 → port:tcp:6886
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-783c4edbafa3c164:SESSION-783c4edbafa3c164	SESSION-783c4edbafa3c164 → pe:tls:SESSION-783c4edbafa3c164
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b7f75116e650c71:flow:fe4c3c3b22f1	SESSION-7b7f75116e650c71 → flow:fe4c3c3b22f1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe3fb5807179bb52:host:172.234.197.23	SESSION-fe3fb5807179bb52 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9644c81b1050	flow:9644c81b1050 → host:131.196.29.192 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.116:asn:262880	host:177.10.234.116 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-177c9265a29fe644:SESSION-177c9265a29fe644	SESSION-177c9265a29fe644 → pe:tls:SESSION-177c9265a29fe644
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-805d717a82cbb042:SESSION-805d717a82cbb042	SESSION-805d717a82cbb042 → pe:tls:SESSION-805d717a82cbb042
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-378aa47dbf901697:host:172.234.197.23	SESSION-378aa47dbf901697 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1311876ef555b88e:host:172.232.0.16	SESSION-1311876ef555b88e → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d587dd5c581936e:host:172.234.197.23	SESSION-8d587dd5c581936e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5bae596d14ec2741:host:177.10.238.20	SESSION-5bae596d14ec2741 → host:177.10.238.20
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c439db2cd1990c9:host:177.10.233.212	SESSION-5c439db2cd1990c9 → host:177.10.233.212
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ada1853624679841:SESSION-ada1853624679841	SESSION-ada1853624679841 → pe:tls:SESSION-ada1853624679841
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-c9c8bcacffc7072b:SESSION-c9c8bcacffc7072b	SESSION-c9c8bcacffc7072b → pe:dns:SESSION-c9c8bcacffc7072b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.61:geo_-16.28860_-49.01640	host:177.10.236.61 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.14:geo_41.00190_28.96450	host:92.112.71.14 → geo_41.00190_28.96450
flow_observed5-aryOBS	e:fo:flow:7067571fdb7e	flow:7067571fdb7e → host:177.10.236.150 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e77d19d6eee479c3:SESSION-e77d19d6eee479c3	SESSION-e77d19d6eee479c3 → pe:tls:SESSION-e77d19d6eee479c3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-191997595ec6754e:host:177.10.234.166	SESSION-191997595ec6754e → host:177.10.234.166
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-52ffcd7f81b035e2:PCAP:capture_20260430150001:ded20914761d	SESSION-52ffcd7f81b035e2 → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.114:geo_-16.28860_-49.01640	host:177.10.239.114 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-ee14fe05044df9df:host:177.10.239.39	SESSION-ee14fe05044df9df → host:177.10.239.39
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-92fb186a1f8eeacc:BSG-BEACON-9f226d1d4d6f	SESSION-92fb186a1f8eeacc → BSG-BEACON-9f226d1d4d6f
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-64639bf8e248f548:BSG-BEACON-918ce26726c0	SESSION-64639bf8e248f548 → BSG-BEACON-918ce26726c0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f158e3bc319e69c7:flow:f7ac01dd0330	SESSION-f158e3bc319e69c7 → flow:f7ac01dd0330
flow_observed5-aryOBS	e:fo:flow:94d0973c3a82	flow:94d0973c3a82 → host:177.10.239.150 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:2b4878d22749:port:tcp:443	flow:2b4878d22749 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4c6ce7a55e2ab654:PCAP:capture_20260430050001:8868731bf8a4	SESSION-4c6ce7a55e2ab654 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e182e837f26eb64a:flow:7ee73ad39b9d	SESSION-e182e837f26eb64a → flow:7ee73ad39b9d
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-85869808bb7240b3:BSG-BEACON-f6c2b3d0e42d	SESSION-85869808bb7240b3 → BSG-BEACON-f6c2b3d0e42d
flow_observed3-aryOBS	e:fo:flow:72f5ecf251c5	flow:72f5ecf251c5 → host:13.53.140.247 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4b6b757282734812:SESSION-4b6b757282734812	SESSION-4b6b757282734812 → pe:syn:SESSION-4b6b757282734812
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fad7428bd8cc35c5:host:177.10.236.233	SESSION-fad7428bd8cc35c5 → host:177.10.236.233
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.52:asn:262880	host:177.10.232.52 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:982c682e252c:port:tcp:443	flow:982c682e252c → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:c3c4fedf781f:port:tcp:13080	flow:c3c4fedf781f → port:tcp:13080
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d60298c7dc6ec77f:host:172.234.197.23	SESSION-d60298c7dc6ec77f → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.126:asn:262880	host:177.10.235.126 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-2fc2bfb2b0c4767b:host:172.234.197.23	SESSION-2fc2bfb2b0c4767b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-774b2bcff77bd614:SESSION-774b2bcff77bd614	SESSION-774b2bcff77bd614 → pe:tls:SESSION-774b2bcff77bd614
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.215:geo_-16.28860_-49.01640	host:177.10.235.215 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72a654eac2136215:host:177.10.238.125	SESSION-72a654eac2136215 → host:177.10.238.125
flow_observed5-aryOBS	e:fo:flow:83f6e4e64a29	flow:83f6e4e64a29 → host:177.10.234.16 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-919126906ac50297:SESSION-919126906ac50297	SESSION-919126906ac50297 → pe:tls:SESSION-919126906ac50297
FLOW_DST_PORTOBS	e:fp:flow:b1427df5f2d1:port:tcp:443	flow:b1427df5f2d1 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:0f410ff5afe2	flow:0f410ff5afe2 → host:177.10.237.159 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.1:asn:262880	host:177.10.236.1 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.237:asn:262880	host:177.10.237.237 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-05ec7baf0d99b24d:flow:b62bf8afb52c	SESSION-05ec7baf0d99b24d → flow:b62bf8afb52c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2b7cd4519c0a4eb9:flow:10f4ed99a8a2	SESSION-2b7cd4519c0a4eb9 → flow:10f4ed99a8a2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-875fd6bdbe4ae339:flow:c0f8ff625ff5	SESSION-875fd6bdbe4ae339 → flow:c0f8ff625ff5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.18:geo_-16.28860_-49.01640	host:177.10.237.18 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5407005cb310ce8:host:172.234.197.23	SESSION-d5407005cb310ce8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-da4440e5d8ead4fe:host:172.234.197.23	SESSION-da4440e5d8ead4fe → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6a58d3f29dbb:port:tcp:443	flow:6a58d3f29dbb → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:700fed86d816	flow:700fed86d816 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
FLOW_TO_HOSTOBS	e:to:SESSION-7928f63a898f7aac:host:177.10.233.219	SESSION-7928f63a898f7aac → host:177.10.233.219
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-38ea28f2e42013a7:host:177.10.237.8:host:172.234.197.23	SESSION-38ea28f2e42013a7 → host:177.10.237.8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e652f52440b112c3:SESSION-e652f52440b112c3	SESSION-e652f52440b112c3 → pe:syn:SESSION-e652f52440b112c3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-623bd72e2e38d66b:host:172.234.197.23	SESSION-623bd72e2e38d66b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-de01d31bf4634055:SESSION-de01d31bf4634055	SESSION-de01d31bf4634055 → pe:syn:SESSION-de01d31bf4634055
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65aa50b6e4bd0a70:host:177.10.239.102:host:172.234.197.23	SESSION-65aa50b6e4bd0a70 → host:177.10.239.102 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:971244252930:port:tcp:49243	flow:971244252930 → port:tcp:49243
flow_observed5-aryOBS	e:fo:flow:1acbe6be377b	flow:1acbe6be377b → host:177.10.238.232 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-fa35d0a8fa5d9f77:host:177.10.236.101	SESSION-fa35d0a8fa5d9f77 → host:177.10.236.101
FLOW_FROM_HOSTOBS	e:from:SESSION-1e2a6d6aa009e10c:host:172.234.197.23	SESSION-1e2a6d6aa009e10c → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.19:geo_-23.62930_-46.63510	host:131.196.29.19 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1bf280e9db7bb994:PCAP:capture_20260430080001:93f47cc296a4	SESSION-1bf280e9db7bb994 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1a136c944084425c:SESSION-1a136c944084425c	SESSION-1a136c944084425c → pe:tls:SESSION-1a136c944084425c
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.37:asn:273470	host:45.173.156.37 → asn:273470
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.185:asn:271410	host:131.196.28.185 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b849b4bd4115608f:SESSION-b849b4bd4115608f	SESSION-b849b4bd4115608f → pe:syn:SESSION-b849b4bd4115608f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-11d1e958623763ef:PCAP:capture_20260430110001:43611bdf6759	SESSION-11d1e958623763ef → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-8bdafe91f45dd428:host:172.234.197.23	SESSION-8bdafe91f45dd428 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6c06bd8d9952317f:SESSION-6c06bd8d9952317f	SESSION-6c06bd8d9952317f → pe:syn:SESSION-6c06bd8d9952317f
HOST_IN_ASNOBS 85%	e:ha:host:56.112.16.196:asn:16509	host:56.112.16.196 → asn:16509
FLOW_FROM_HOSTOBS	e:from:SESSION-2a34ec08b35e90b0:host:177.10.234.74	SESSION-2a34ec08b35e90b0 → host:177.10.234.74
flow_observed4-aryOBS	e:fo:flow:3c91b0aebea1	flow:3c91b0aebea1 → host:172.234.197.23 → host:177.10.235.107 → port:tcp:33186
FLOW_FROM_HOSTOBS	e:from:SESSION-5fbe82bcd0d20589:host:177.10.232.157	SESSION-5fbe82bcd0d20589 → host:177.10.232.157
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f42dcf2468c4a64f:flow:1dce484c4ff7	SESSION-f42dcf2468c4a64f → flow:1dce484c4ff7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7f62a59cabf6a851:host:177.10.236.104:host:172.234.197.23	SESSION-7f62a59cabf6a851 → host:177.10.236.104 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.253:asn:271410	host:131.196.31.253 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:3cf1107263f9:port:tcp:34298	flow:3cf1107263f9 → port:tcp:34298
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.121:geo_-16.28860_-49.01640	host:177.10.232.121 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6631f08e8c06a9b6:SESSION-6631f08e8c06a9b6	SESSION-6631f08e8c06a9b6 → pe:tls:SESSION-6631f08e8c06a9b6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc2833e8abe7ed0a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-cc2833e8abe7ed0a → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0b3c5797223848b:host:177.10.235.121:host:172.234.197.23	SESSION-c0b3c5797223848b → host:177.10.235.121 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a136c944084425c:host:172.234.197.23	SESSION-1a136c944084425c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:80a6298ed117:port:tcp:443	flow:80a6298ed117 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b836173867007d89:PCAP:capture_20260430090001:065659c7d314	SESSION-b836173867007d89 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-d098d799c39976fd:host:131.196.31.45	SESSION-d098d799c39976fd → host:131.196.31.45
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-303cd1de44c58c29:SESSION-303cd1de44c58c29	SESSION-303cd1de44c58c29 → pe:syn:SESSION-303cd1de44c58c29
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-02199a3eaa60c28c:SESSION-02199a3eaa60c28c	SESSION-02199a3eaa60c28c → pe:syn:SESSION-02199a3eaa60c28c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-912f333ca4ce75c1:SESSION-912f333ca4ce75c1	SESSION-912f333ca4ce75c1 → pe:tls:SESSION-912f333ca4ce75c1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ef849695f946a5ec:host:177.10.239.138:host:172.234.197.23	SESSION-ef849695f946a5ec → host:177.10.239.138 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e15824f9dd78d2b4:host:172.234.197.23	SESSION-e15824f9dd78d2b4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34cbebf9a190be23:host:131.196.30.253	SESSION-34cbebf9a190be23 → host:131.196.30.253
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6f2f5812045d2e3b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-6f2f5812045d2e3b → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:2b4878d22749	flow:2b4878d22749 → host:131.196.29.236 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-fac4a2f466e4583d:host:177.10.237.10	SESSION-fac4a2f466e4583d → host:177.10.237.10
flow_observed5-aryOBS	e:fo:flow:d95fb9f2e00c	flow:d95fb9f2e00c → host:131.196.28.168 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6682b9978761b80b:SESSION-6682b9978761b80b	SESSION-6682b9978761b80b → pe:tls:SESSION-6682b9978761b80b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db5e0e0456a4bec1:SESSION-db5e0e0456a4bec1	SESSION-db5e0e0456a4bec1 → pe:tls:SESSION-db5e0e0456a4bec1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9a236c6c04af1f19:flow:2fef4a6efd16	SESSION-9a236c6c04af1f19 → flow:2fef4a6efd16
FLOW_FROM_HOSTOBS	e:from:SESSION-1933fbedf850967f:host:131.196.30.67	SESSION-1933fbedf850967f → host:131.196.30.67
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c5da4152a907bbd:host:172.234.197.23	SESSION-6c5da4152a907bbd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-30b7709547a366f1:SESSION-30b7709547a366f1	SESSION-30b7709547a366f1 → pe:tls:SESSION-30b7709547a366f1
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.161:asn:271410	host:131.196.30.161 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-29162d9ed8336732:host:172.234.197.23	SESSION-29162d9ed8336732 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5048c6b31ef60c96:host:131.196.31.190	SESSION-5048c6b31ef60c96 → host:131.196.31.190
FLOW_TO_HOSTOBS	e:to:SESSION-b34520b38e3fc963:host:172.234.197.23	SESSION-b34520b38e3fc963 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cd0176ca8d9bf386:flow:df53e3b2ee55	SESSION-cd0176ca8d9bf386 → flow:df53e3b2ee55
FLOW_TO_HOSTOBS	e:to:SESSION-2e46bef1b2f6daf0:host:177.10.239.209	SESSION-2e46bef1b2f6daf0 → host:177.10.239.209
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d77475f82108632b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d77475f82108632b → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2c659a567a628e2:host:172.234.197.23	SESSION-d2c659a567a628e2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a91fe9a6e775a606:host:177.10.232.32	SESSION-a91fe9a6e775a606 → host:177.10.232.32
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.76:asn:262880	host:177.10.239.76 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-380f5751cd3ba7da:host:172.234.197.23	SESSION-380f5751cd3ba7da → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d4d7fb155f65fdf:host:177.10.239.82	SESSION-4d4d7fb155f65fdf → host:177.10.239.82
flow_observed5-aryOBS	e:fo:flow:3be21ea09440	flow:3be21ea09440 → host:131.196.31.194 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-adc05f42cd7b2533:host:177.10.233.65:host:172.234.197.23	SESSION-adc05f42cd7b2533 → host:177.10.233.65 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-56d3b103682c9fbe:host:172.234.197.23:host:177.10.239.148	SESSION-56d3b103682c9fbe → host:172.234.197.23 → host:177.10.239.148
FLOW_DST_PORTOBS	e:fp:flow:11b885f943ca:port:tcp:30324	flow:11b885f943ca → port:tcp:30324
flow_observed5-aryOBS	e:fo:flow:5f03c3122d2b	flow:5f03c3122d2b → host:177.10.235.140 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:f38ec586facc	flow:f38ec586facc → host:45.173.156.109 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b197d648fac856a7:flow:a3f7ff0146b0	SESSION-b197d648fac856a7 → flow:a3f7ff0146b0
FLOW_DST_PORTOBS	e:fp:flow:7e6d2a7769d6:port:tcp:443	flow:7e6d2a7769d6 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ca027ca401d4d122:PCAP:capture_20260430050001:8868731bf8a4	SESSION-ca027ca401d4d122 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-f57871a7505a0a35:host:172.234.197.23	SESSION-f57871a7505a0a35 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:42e427b29835:port:tcp:29432	flow:42e427b29835 → port:tcp:29432
flow_observed5-aryOBS	e:fo:flow:358a33420eeb	flow:358a33420eeb → host:177.10.237.200 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-b4ed0c7009b8f0d4:host:172.234.197.23	SESSION-b4ed0c7009b8f0d4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4f97616f4c907a8c:SESSION-4f97616f4c907a8c	SESSION-4f97616f4c907a8c → pe:syn:SESSION-4f97616f4c907a8c
FLOW_TO_HOSTOBS	e:to:SESSION-609881b75f195530:host:172.234.197.23	SESSION-609881b75f195530 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-136e732c63cf53f4:SESSION-136e732c63cf53f4	SESSION-136e732c63cf53f4 → pe:tls:SESSION-136e732c63cf53f4
FLOW_DST_PORTOBS	e:fp:flow:8e573b3684b6:port:tcp:3185	flow:8e573b3684b6 → port:tcp:3185
FLOW_TO_HOSTOBS	e:to:SESSION-ab185a89adee30ab:host:131.196.30.250	SESSION-ab185a89adee30ab → host:131.196.30.250
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-609fd31f908d95c5:SESSION-609fd31f908d95c5	SESSION-609fd31f908d95c5 → pe:tls:SESSION-609fd31f908d95c5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fa8e5b00f80216f:host:172.234.197.23	SESSION-7fa8e5b00f80216f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5ee9797d15d423e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b5ee9797d15d423e → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e806a1e4171599f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4e806a1e4171599f → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-6f5b8d372cd42441:host:172.234.197.23	SESSION-6f5b8d372cd42441 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f033dc8b343a68ab:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f033dc8b343a68ab → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-2db29654b7388c8c:host:177.10.237.122	SESSION-2db29654b7388c8c → host:177.10.237.122
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.160:asn:262880	host:177.10.237.160 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-bef335bbd7bd0f49:host:45.173.156.31	SESSION-bef335bbd7bd0f49 → host:45.173.156.31
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.95:geo_-16.28860_-49.01640	host:177.10.234.95 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a40236c67828800b:SESSION-a40236c67828800b	SESSION-a40236c67828800b → pe:syn:SESSION-a40236c67828800b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c651848d98d2f620:SESSION-c651848d98d2f620	SESSION-c651848d98d2f620 → pe:tls:SESSION-c651848d98d2f620
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4d4d7fb155f65fdf:flow:405ff612403a	SESSION-4d4d7fb155f65fdf → flow:405ff612403a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a9091855f21b6bb:host:177.10.236.213	SESSION-0a9091855f21b6bb → host:177.10.236.213
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-786e34aed7c64f61:host:172.234.197.23	SESSION-786e34aed7c64f61 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-417f532a2a507181:host:172.234.197.23	SESSION-417f532a2a507181 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d13284d1e9c6a901:host:177.10.236.170	SESSION-d13284d1e9c6a901 → host:177.10.236.170
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.5:asn:262880	host:177.10.237.5 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-23fc04533211debf:host:45.173.156.165:host:172.234.197.23	SESSION-23fc04533211debf → host:45.173.156.165 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a7c0fd7040b0	flow:a7c0fd7040b0 → host:131.196.31.56 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28ca4d014ad9a35f:host:172.234.197.23	SESSION-28ca4d014ad9a35f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ff39fa820eb8	flow:ff39fa820eb8 → host:177.10.236.27 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1e2a6d6aa009e10c:SESSION-1e2a6d6aa009e10c	SESSION-1e2a6d6aa009e10c → pe:syn:SESSION-1e2a6d6aa009e10c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2619cb568c6b860e:host:177.10.235.227	SESSION-2619cb568c6b860e → host:177.10.235.227
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4289737814dbd64:host:172.234.197.23	SESSION-c4289737814dbd64 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ce88726966df20e:flow:20ec45634b2c	SESSION-5ce88726966df20e → flow:20ec45634b2c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.159:geo_-23.62930_-46.63510	host:131.196.28.159 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:63dc30cb124f:port:tcp:22	flow:63dc30cb124f → port:tcp:22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f08e9fcec07329fb:host:177.10.236.8	SESSION-f08e9fcec07329fb → host:177.10.236.8
FLOW_FROM_HOSTOBS	e:from:SESSION-4ce89d337c6c28e5:host:131.196.28.71	SESSION-4ce89d337c6c28e5 → host:131.196.28.71
FLOW_FROM_HOSTOBS	e:from:SESSION-5d84fd327ccf4e65:host:177.10.239.182	SESSION-5d84fd327ccf4e65 → host:177.10.239.182
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2d19f64abed8cdcd:SESSION-2d19f64abed8cdcd	SESSION-2d19f64abed8cdcd → pe:syn:SESSION-2d19f64abed8cdcd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-19ad8f01572b4d12:host:172.234.197.23:host:177.10.238.8	SESSION-19ad8f01572b4d12 → host:172.234.197.23 → host:177.10.238.8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7c008c2d2b932d4b:PCAP:capture_20260430090001:065659c7d314	SESSION-7c008c2d2b932d4b → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:4e274ce7b551	flow:4e274ce7b551 → host:131.196.31.163 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bdc14171c537b7eb:PCAP:capture_20260430090001:065659c7d314	SESSION-bdc14171c537b7eb → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-66a529d98727e997:SESSION-66a529d98727e997	SESSION-66a529d98727e997 → pe:tls:SESSION-66a529d98727e997
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0586166ee52acb1f:host:52.81.225.63	SESSION-0586166ee52acb1f → host:52.81.225.63
FLOW_DST_PORTOBS	e:fp:flow:98a069ef4edd:port:tcp:443	flow:98a069ef4edd → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-383c10f8cce4ec29:host:35.92.48.165	SESSION-383c10f8cce4ec29 → host:35.92.48.165
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-38d81f2383b0ad0b:SESSION-38d81f2383b0ad0b	SESSION-38d81f2383b0ad0b → pe:syn:SESSION-38d81f2383b0ad0b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eaf7cd3e5a2b7709:host:177.10.237.108:host:172.234.197.23	SESSION-eaf7cd3e5a2b7709 → host:177.10.237.108 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:09496ce57c77:port:tcp:443	flow:09496ce57c77 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2887c6ee2de14ac9:SESSION-2887c6ee2de14ac9	SESSION-2887c6ee2de14ac9 → pe:tls:SESSION-2887c6ee2de14ac9
FLOW_TO_HOSTOBS	e:to:SESSION-1518dad52645fa99:host:177.10.232.24	SESSION-1518dad52645fa99 → host:177.10.232.24
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-44bc098e411317a4:host:172.234.197.23:host:177.10.235.174	SESSION-44bc098e411317a4 → host:172.234.197.23 → host:177.10.235.174
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-692aeceb01bd702a:host:172.234.197.23	SESSION-692aeceb01bd702a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-acae490ef1211ca7:flow:33ec49a7a8bf	SESSION-acae490ef1211ca7 → flow:33ec49a7a8bf
flow_observed4-aryOBS	e:fo:flow:7612b6de3fd1	flow:7612b6de3fd1 → host:172.234.197.23 → host:177.10.232.178 → port:tcp:65477
flow_observed5-aryOBS	e:fo:flow:9b008c214ebe	flow:9b008c214ebe → host:45.173.156.205 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9d59512d9649ead5:host:172.234.197.23:host:177.10.238.181	SESSION-9d59512d9649ead5 → host:172.234.197.23 → host:177.10.238.181
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-41b7279875030e7d:SESSION-41b7279875030e7d	SESSION-41b7279875030e7d → pe:syn:SESSION-41b7279875030e7d
FLOW_DST_PORTOBS	e:fp:flow:1bfbe4aa0061:port:tcp:443	flow:1bfbe4aa0061 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ec4c9189aa8273c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-2ec4c9189aa8273c → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:504bc5233da5	flow:504bc5233da5 → host:172.234.197.23 → host:177.10.239.139 → port:tcp:39587
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-53ca21169d5f7469:PCAP:capture_20260430050001:8868731bf8a4	SESSION-53ca21169d5f7469 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec50ec61227c5d5c:host:177.10.236.157	SESSION-ec50ec61227c5d5c → host:177.10.236.157
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c70f7d0fa3cda32b:host:172.234.197.23:host:177.10.235.118	SESSION-c70f7d0fa3cda32b → host:172.234.197.23 → host:177.10.235.118
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-921caeacc0f03622:flow:c391a9c3646b	SESSION-921caeacc0f03622 → flow:c391a9c3646b
FLOW_TO_HOSTOBS	e:to:SESSION-ba12ba5c182aa430:host:177.10.238.209	SESSION-ba12ba5c182aa430 → host:177.10.238.209
FLOW_DST_PORTOBS	e:fp:flow:6d919a662eb6:port:tcp:25197	flow:6d919a662eb6 → port:tcp:25197
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.138:geo_-23.62930_-46.63510	host:131.196.30.138 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:bc8c7b2b51da:port:tcp:64495	flow:bc8c7b2b51da → port:tcp:64495
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4939a9166796718f:flow:9b5a8f4835a8	SESSION-4939a9166796718f → flow:9b5a8f4835a8
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:18.183.88.164:geo_35.68930_139.68990	host:18.183.88.164 → geo_35.68930_139.68990
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-13bd66b79cddeec8:host:172.234.197.23	SESSION-13bd66b79cddeec8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f617ae242ef6	flow:f617ae242ef6 → host:131.196.28.79 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5e7f6e07782bad0e:SESSION-5e7f6e07782bad0e	SESSION-5e7f6e07782bad0e → pe:tls:SESSION-5e7f6e07782bad0e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-94bbfef7eb27207b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-94bbfef7eb27207b → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-396a4dd85675ad96:host:177.10.238.149:host:172.234.197.23	SESSION-396a4dd85675ad96 → host:177.10.238.149 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.167:geo_-23.62930_-46.63510	host:131.196.28.167 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.116:geo_-16.28860_-49.01640	host:177.10.236.116 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e2eb0c2c4028db16:host:92.112.71.169:host:172.234.197.23	SESSION-e2eb0c2c4028db16 → host:92.112.71.169 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:44.246.129.80:asn:16509	host:44.246.129.80 → asn:16509
flow_observed5-aryOBS	e:fo:flow:ed30ae43a62a	flow:ed30ae43a62a → host:177.10.239.136 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-2387fa1f153c5b33:host:177.10.238.9	SESSION-2387fa1f153c5b33 → host:177.10.238.9
FLOW_FROM_HOSTOBS	e:from:SESSION-7b7f75116e650c71:host:177.10.237.101	SESSION-7b7f75116e650c71 → host:177.10.237.101
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-714dd24b305adb19:SESSION-714dd24b305adb19	SESSION-714dd24b305adb19 → pe:syn:SESSION-714dd24b305adb19
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7fea0326f1ddbdfc:host:172.234.197.23:host:177.10.234.115	SESSION-7fea0326f1ddbdfc → host:172.234.197.23 → host:177.10.234.115
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5e220c81ec884c58:SESSION-5e220c81ec884c58	SESSION-5e220c81ec884c58 → pe:syn:SESSION-5e220c81ec884c58
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3a25d201ec7d699:host:172.234.197.23	SESSION-b3a25d201ec7d699 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e1f0a324b14316cd:host:177.10.239.221:host:172.234.197.23	SESSION-e1f0a324b14316cd → host:177.10.239.221 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.29:geo_41.00190_28.96450	host:92.112.71.29 → geo_41.00190_28.96450
FLOW_FROM_HOSTOBS	e:from:SESSION-077a58eb2518fab4:host:177.10.232.253	SESSION-077a58eb2518fab4 → host:177.10.232.253
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fb6fbeeb95cb61c8:SESSION-fb6fbeeb95cb61c8	SESSION-fb6fbeeb95cb61c8 → pe:tls:SESSION-fb6fbeeb95cb61c8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5218a703d93123a3:SESSION-5218a703d93123a3	SESSION-5218a703d93123a3 → pe:syn:SESSION-5218a703d93123a3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b35e3cddd5fc2e72:SESSION-b35e3cddd5fc2e72	SESSION-b35e3cddd5fc2e72 → pe:tls:SESSION-b35e3cddd5fc2e72
FLOW_FROM_HOSTOBS	e:from:SESSION-b09cf74640ed889e:host:177.10.235.110	SESSION-b09cf74640ed889e → host:177.10.235.110
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a8c913718f2ecd3:host:172.234.197.23	SESSION-9a8c913718f2ecd3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3956b259f30f:port:tcp:443	flow:3956b259f30f → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:2c72d32f2cfc:port:tcp:56244	flow:2c72d32f2cfc → port:tcp:56244
FLOW_TO_HOSTOBS	e:to:SESSION-d537e467802bc1c1:host:131.196.29.215	SESSION-d537e467802bc1c1 → host:131.196.29.215
flow_observed4-aryOBS	e:fo:flow:43136ed91747	flow:43136ed91747 → host:172.234.197.23 → host:177.10.232.208 → port:tcp:26674
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f3823f20b5aa8c6:host:45.173.156.26	SESSION-8f3823f20b5aa8c6 → host:45.173.156.26
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2035a3586bc1f35f:host:177.10.237.87:host:172.234.197.23	SESSION-2035a3586bc1f35f → host:177.10.237.87 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c58d6336bd500b5:host:177.10.237.108	SESSION-9c58d6336bd500b5 → host:177.10.237.108
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9252fa43a6ca744f:host:172.234.197.23:host:45.173.156.169	SESSION-9252fa43a6ca744f → host:172.234.197.23 → host:45.173.156.169
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6d4e81930fa292a8:flow:5b69a0cfa4b4	SESSION-6d4e81930fa292a8 → flow:5b69a0cfa4b4
FLOW_FROM_HOSTOBS	e:from:SESSION-ecc0c586896302d2:host:172.234.197.23	SESSION-ecc0c586896302d2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ff9ef052366910da:flow:13d8c496e757	SESSION-ff9ef052366910da → flow:13d8c496e757
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bc3cb32f8be8837a:PCAP:capture_20260430110001:43611bdf6759	SESSION-bc3cb32f8be8837a → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-97a722c9ef92a65e:flow:0e1e52db08e7	SESSION-97a722c9ef92a65e → flow:0e1e52db08e7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-44aa905e757bc471:host:172.234.197.23:host:131.196.28.95	SESSION-44aa905e757bc471 → host:172.234.197.23 → host:131.196.28.95
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de82cbdf751e150b:host:177.10.234.64	SESSION-de82cbdf751e150b → host:177.10.234.64
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-727af4ad5af6cc01:PCAP:capture_20260430160001:9bfa4498506a	SESSION-727af4ad5af6cc01 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7a8bea4194d810df:SESSION-7a8bea4194d810df	SESSION-7a8bea4194d810df → pe:syn:SESSION-7a8bea4194d810df
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-324907e130151d7d:host:172.234.197.23	SESSION-324907e130151d7d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-79b864f146b8f07b:host:177.10.238.208:host:172.234.197.23	SESSION-79b864f146b8f07b → host:177.10.238.208 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0c6698f170085be7:SESSION-0c6698f170085be7	SESSION-0c6698f170085be7 → pe:tls:SESSION-0c6698f170085be7
FLOW_FROM_HOSTOBS	e:from:SESSION-98c12e77f111e64e:host:131.196.28.7	SESSION-98c12e77f111e64e → host:131.196.28.7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6c06bd8d9952317f:SESSION-6c06bd8d9952317f	SESSION-6c06bd8d9952317f → pe:tls:SESSION-6c06bd8d9952317f
FLOW_TO_HOSTOBS	e:to:SESSION-8ca10b4490797e89:host:172.234.197.23	SESSION-8ca10b4490797e89 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-febabcac2b03c9d1:host:131.196.28.242:host:172.234.197.23	SESSION-febabcac2b03c9d1 → host:131.196.28.242 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1355eedcc36803bb:host:172.234.197.23	SESSION-1355eedcc36803bb → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.248:geo_-16.28860_-49.01640	host:177.10.238.248 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-7b89a1b1f5399599:host:131.196.29.65	SESSION-7b89a1b1f5399599 → host:131.196.29.65
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4db42491c04de440:SESSION-4db42491c04de440	SESSION-4db42491c04de440 → pe:tls:SESSION-4db42491c04de440
FLOW_TO_HOSTOBS	e:to:SESSION-cc0f694a62c9abc8:host:177.10.234.169	SESSION-cc0f694a62c9abc8 → host:177.10.234.169
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.189:geo_-16.28860_-49.01640	host:177.10.235.189 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31836a23201b59b7:host:172.234.197.23	SESSION-31836a23201b59b7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e0b8f15e6ec3ec0f:host:104.28.202.77	SESSION-e0b8f15e6ec3ec0f → host:104.28.202.77
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c977b8f3627ab3c3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c977b8f3627ab3c3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-39845edf8e8f640a:flow:9b565a4c11fe	SESSION-39845edf8e8f640a → flow:9b565a4c11fe
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-01744e272bba469d:host:131.196.29.215:host:172.234.197.23	SESSION-01744e272bba469d → host:131.196.29.215 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.65:asn:262880	host:177.10.233.65 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81c8b3fdf002e09e:host:172.234.197.23	SESSION-81c8b3fdf002e09e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c98ee522a60a5600:SESSION-c98ee522a60a5600	SESSION-c98ee522a60a5600 → pe:syn:SESSION-c98ee522a60a5600
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67ad2a69e8a9ea9e:host:131.196.30.36	SESSION-67ad2a69e8a9ea9e → host:131.196.30.36
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88c7e3106e33eb03:host:177.10.239.182	SESSION-88c7e3106e33eb03 → host:177.10.239.182
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1a14827dc654457:host:131.196.28.12	SESSION-c1a14827dc654457 → host:131.196.28.12
FLOW_TO_HOSTOBS	e:to:SESSION-6e612a684f25ac0f:host:172.234.197.23	SESSION-6e612a684f25ac0f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9886228ef28af254:host:177.10.233.88	SESSION-9886228ef28af254 → host:177.10.233.88
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6010f1ab3b1ee9c7:host:92.112.71.183	SESSION-6010f1ab3b1ee9c7 → host:92.112.71.183
flow_observed5-aryOBS	e:fo:flow:e24ee2bfca56	flow:e24ee2bfca56 → host:131.196.30.64 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.227:geo_-16.28860_-49.01640	host:177.10.239.227 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3a22e38c714d83c7:host:172.234.197.23:host:177.10.233.199	SESSION-3a22e38c714d83c7 → host:172.234.197.23 → host:177.10.233.199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-650fd2b828a7b477:host:131.196.30.143	SESSION-650fd2b828a7b477 → host:131.196.30.143
FLOW_TO_HOSTOBS	e:to:SESSION-71cc4f2ac3d57c32:host:172.234.197.23	SESSION-71cc4f2ac3d57c32 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a930bba2e2dc	flow:a930bba2e2dc → host:131.196.31.187 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37c43e7a9f6dcf12:PCAP:capture_20260430060001:919b39a74464	SESSION-37c43e7a9f6dcf12 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-11641f941720f4cf:host:177.10.232.132	SESSION-11641f941720f4cf → host:177.10.232.132
FLOW_FROM_HOSTOBS	e:from:SESSION-7eb452f0b60197b3:host:172.234.197.23	SESSION-7eb452f0b60197b3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6e798ff0c310952a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6e798ff0c310952a → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-948ad6eee5512e98:host:172.234.197.23	SESSION-948ad6eee5512e98 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c6fd3205e4a34033:flow:d6e76a66edfd	SESSION-c6fd3205e4a34033 → flow:d6e76a66edfd
ASN_IN_ORGOBS 80%	e:ao:asn:273470:org:WORK TELECOM INTERNET LTDA	asn:273470 → org:WORK TELECOM INTERNET LTDA
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83267dedfd50dbe7:host:177.10.239.72	SESSION-83267dedfd50dbe7 → host:177.10.239.72
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.45:asn:262880	host:177.10.235.45 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-3e4d7008639203d5:host:172.232.0.16	SESSION-3e4d7008639203d5 → host:172.232.0.16
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e89ccbf4d277fb8:flow:8d77ac2ddff6	SESSION-7e89ccbf4d277fb8 → flow:8d77ac2ddff6
FLOW_FROM_HOSTOBS	e:from:SESSION-f355ffd88e7f5027:host:131.196.29.55	SESSION-f355ffd88e7f5027 → host:131.196.29.55
FLOW_DST_PORTOBS	e:fp:flow:c0d2094dfac4:port:tcp:443	flow:c0d2094dfac4 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-394aeca8e13c39b2:host:45.173.156.133	SESSION-394aeca8e13c39b2 → host:45.173.156.133
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.21:asn:273470	host:45.173.156.21 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6394463f1caee3eb:SESSION-6394463f1caee3eb	SESSION-6394463f1caee3eb → pe:tls:SESSION-6394463f1caee3eb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f10bf652ebbcd899:flow:8848124e5a84	SESSION-f10bf652ebbcd899 → flow:8848124e5a84
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47f0fc6e11d78716:flow:29836bac5672	SESSION-47f0fc6e11d78716 → flow:29836bac5672
flow_observed3-aryOBS	e:fo:flow:b9ff0cc35001	flow:b9ff0cc35001 → host:51.224.53.144 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:89241512fcc4:port:tcp:443	flow:89241512fcc4 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-805d717a82cbb042:flow:f4275370abdd	SESSION-805d717a82cbb042 → flow:f4275370abdd
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f6588417d002f2ed:flow:53d8d2b8abb3	SESSION-f6588417d002f2ed → flow:53d8d2b8abb3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f7bf570ae8905fff:SESSION-f7bf570ae8905fff	SESSION-f7bf570ae8905fff → pe:syn:SESSION-f7bf570ae8905fff
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20066dd45b76b973:host:131.196.28.45	SESSION-20066dd45b76b973 → host:131.196.28.45
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e6517dadbfe4bb3:host:131.196.29.74	SESSION-0e6517dadbfe4bb3 → host:131.196.29.74
FLOW_TO_HOSTOBS	e:to:SESSION-a5b4d581172cc71c:host:172.234.197.23	SESSION-a5b4d581172cc71c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-32626bc077790390:SESSION-32626bc077790390	SESSION-32626bc077790390 → pe:syn:SESSION-32626bc077790390
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2e920b338cbbee7b:SESSION-2e920b338cbbee7b	SESSION-2e920b338cbbee7b → pe:syn:SESSION-2e920b338cbbee7b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aab54ece2b0af0b4:flow:118a054b5995	SESSION-aab54ece2b0af0b4 → flow:118a054b5995
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.239:geo_-23.62930_-46.63510	host:131.196.29.239 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:1bdb1ce33dbb:port:tcp:49269	flow:1bdb1ce33dbb → port:tcp:49269
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-338b64f691539afb:flow:0ce76c6207ea	SESSION-338b64f691539afb → flow:0ce76c6207ea
FLOW_FROM_HOSTOBS	e:from:SESSION-05f783d5d2ea4019:host:172.234.197.23	SESSION-05f783d5d2ea4019 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.210:geo_-16.28860_-49.01640	host:177.10.238.210 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.118:geo_-16.28860_-49.01640	host:177.10.237.118 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3ad1374907e690a1:SESSION-3ad1374907e690a1	SESSION-3ad1374907e690a1 → pe:tls:SESSION-3ad1374907e690a1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8a52e21a979a3cd:host:177.10.239.140:host:172.234.197.23	SESSION-c8a52e21a979a3cd → host:177.10.239.140 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cbc4338326105aa3:host:172.234.197.23:host:177.10.234.84	SESSION-cbc4338326105aa3 → host:172.234.197.23 → host:177.10.234.84
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b01750df014e0bb:PCAP:capture_20260430070001:903a0e7a436b	SESSION-5b01750df014e0bb → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-4d17209bd675d4be:host:172.234.197.23	SESSION-4d17209bd675d4be → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5e0d4c52be74:port:tcp:443	flow:5e0d4c52be74 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55d5dc737e01c0f7:host:92.112.71.68	SESSION-55d5dc737e01c0f7 → host:92.112.71.68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e6f218d3e359434:host:131.196.30.234	SESSION-0e6f218d3e359434 → host:131.196.30.234
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-409f2c106c7c54cc:host:131.196.31.78:host:172.234.197.23	SESSION-409f2c106c7c54cc → host:131.196.31.78 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bd0de62eb0560e2b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-bd0de62eb0560e2b → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b9f43ed2bc91ec43:SESSION-b9f43ed2bc91ec43	SESSION-b9f43ed2bc91ec43 → pe:tls:SESSION-b9f43ed2bc91ec43
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-566179d6a12d7e1c:host:177.10.234.206	SESSION-566179d6a12d7e1c → host:177.10.234.206
flow_observed4-aryOBS	e:fo:flow:bb7f3a42b12b	flow:bb7f3a42b12b → host:172.234.197.23 → host:177.10.233.67 → port:tcp:58349
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a8bea4194d810df:host:131.196.28.67	SESSION-7a8bea4194d810df → host:131.196.28.67
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5da0813b370b7e29:host:13.208.213.50	SESSION-5da0813b370b7e29 → host:13.208.213.50
FLOW_TO_HOSTOBS	e:to:SESSION-b875e262090a3924:host:172.234.197.23	SESSION-b875e262090a3924 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-51daf4959db84d02:host:172.232.0.16	SESSION-51daf4959db84d02 → host:172.232.0.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d6a7aaaa54e7dd63:PCAP:capture_20260430090001:065659c7d314	SESSION-d6a7aaaa54e7dd63 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:c15112a97887	flow:c15112a97887 → host:177.10.234.210 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b42fc656319c5bfc:host:177.10.233.225:host:172.234.197.23	SESSION-b42fc656319c5bfc → host:177.10.233.225 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f67dd3d7a905	flow:f67dd3d7a905 → host:131.196.28.227 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39d5adc1c22dd7ee:host:172.234.197.23	SESSION-39d5adc1c22dd7ee → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:937bcaa6f995:port:tcp:51380	flow:937bcaa6f995 → port:tcp:51380
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ad4b86f4c7bfaae:host:131.196.31.148:host:172.234.197.23	SESSION-1ad4b86f4c7bfaae → host:131.196.31.148 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:758a8992fe82:port:tcp:64088	flow:758a8992fe82 → port:tcp:64088
flow_observed5-aryOBS	e:fo:flow:75643401072c	flow:75643401072c → host:177.10.238.35 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:dac3528f23e4	flow:dac3528f23e4 → host:177.10.237.82 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8c058dbfcf0ab82c:SESSION-8c058dbfcf0ab82c	SESSION-8c058dbfcf0ab82c → pe:syn:SESSION-8c058dbfcf0ab82c
flow_observed4-aryOBS	e:fo:flow:05faa98018f7	flow:05faa98018f7 → host:172.234.197.23 → host:131.196.29.168 → port:tcp:2825
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4fb4b7758d99e149:host:177.10.237.237	SESSION-4fb4b7758d99e149 → host:177.10.237.237
FLOW_FROM_HOSTOBS	e:from:SESSION-4f97616f4c907a8c:host:177.10.239.43	SESSION-4f97616f4c907a8c → host:177.10.239.43
FLOW_FROM_HOSTOBS	e:from:SESSION-b197d648fac856a7:host:177.10.236.2	SESSION-b197d648fac856a7 → host:177.10.236.2
FLOW_FROM_HOSTOBS	e:from:SESSION-6535f7c42f72cb7f:host:131.196.30.95	SESSION-6535f7c42f72cb7f → host:131.196.30.95
FLOW_DST_PORTOBS	e:fp:flow:df175b99d66e:port:tcp:2864	flow:df175b99d66e → port:tcp:2864
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cd4086b575d9a1c0:flow:4cdaf4d1f949	SESSION-cd4086b575d9a1c0 → flow:4cdaf4d1f949
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e4815ec5b053775:SESSION-4e4815ec5b053775	SESSION-4e4815ec5b053775 → pe:syn:SESSION-4e4815ec5b053775
FLOW_TO_HOSTOBS	e:to:SESSION-e5ba4a44df249a00:host:177.10.238.247	SESSION-e5ba4a44df249a00 → host:177.10.238.247
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.167:geo_-16.28860_-49.01640	host:177.10.239.167 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8466bbcc058d46c:host:131.196.31.6:host:172.234.197.23	SESSION-c8466bbcc058d46c → host:131.196.31.6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c8fbacc1128a5208:host:177.10.237.118	SESSION-c8fbacc1128a5208 → host:177.10.237.118
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee8963275c4b434b:host:172.234.197.23	SESSION-ee8963275c4b434b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0a5c641a04b7:port:tcp:61134	flow:0a5c641a04b7 → port:tcp:61134
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-043f15d6badfcd64:SESSION-043f15d6badfcd64	SESSION-043f15d6badfcd64 → pe:syn:SESSION-043f15d6badfcd64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-75c1b247d58a4094:SESSION-75c1b247d58a4094	SESSION-75c1b247d58a4094 → pe:syn:SESSION-75c1b247d58a4094
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-23aaa31711ea4954:SESSION-23aaa31711ea4954	SESSION-23aaa31711ea4954 → pe:syn:SESSION-23aaa31711ea4954
FLOW_DST_PORTOBS	e:fp:flow:e8c8116b8c73:port:tcp:443	flow:e8c8116b8c73 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:d50ac2c438e5:port:udp:53	flow:d50ac2c438e5 → port:udp:53
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77162e002cdf71b4:PCAP:capture_20260430150001:ded20914761d	SESSION-77162e002cdf71b4 → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.164:geo_-16.28860_-49.01640	host:177.10.236.164 → geo_-16.28860_-49.01640
FLOW_TLS_SNIOBS	e:fs:flow:02c86af336eb:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:02c86af336eb → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cdd13464c217a214:PCAP:capture_20260430160001:9bfa4498506a	SESSION-cdd13464c217a214 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6bdebc30581f3c5f:host:172.234.197.23	SESSION-6bdebc30581f3c5f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5fc95fe30edf5706:flow:5a6c292407ac	SESSION-5fc95fe30edf5706 → flow:5a6c292407ac
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3f953402fa48addf:SESSION-3f953402fa48addf	SESSION-3f953402fa48addf → pe:syn:SESSION-3f953402fa48addf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.97:asn:262880	host:177.10.238.97 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-77593e2039f5e18a:host:172.234.197.23	SESSION-77593e2039f5e18a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-99af0da0e550d67b:host:172.234.197.23	SESSION-99af0da0e550d67b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:11ce700613de:port:tcp:443	flow:11ce700613de → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:ff9a6ac9c657	flow:ff9a6ac9c657 → host:157.180.84.94 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:3aba5c7bc19b:port:tcp:33060	flow:3aba5c7bc19b → port:tcp:33060
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6c92725f4a9fb4a7:SESSION-6c92725f4a9fb4a7	SESSION-6c92725f4a9fb4a7 → pe:tls:SESSION-6c92725f4a9fb4a7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a70cd7da1062faad:SESSION-a70cd7da1062faad	SESSION-a70cd7da1062faad → pe:tls:SESSION-a70cd7da1062faad
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d5969e9f81f277f3:host:172.234.197.23:host:177.10.236.244	SESSION-d5969e9f81f277f3 → host:172.234.197.23 → host:177.10.236.244
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6ca8d988675ead3:host:172.234.197.23	SESSION-a6ca8d988675ead3 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c16307b11a026263:host:131.196.30.1	SESSION-c16307b11a026263 → host:131.196.30.1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.242:geo_-16.28860_-49.01640	host:177.10.232.242 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0847a7bc7e933771:host:131.196.29.16:host:172.234.197.23	SESSION-0847a7bc7e933771 → host:131.196.29.16 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9b95b0cbe709:port:tcp:443	flow:9b95b0cbe709 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5a631db0468c49ef:host:172.234.197.23:host:131.196.31.65	SESSION-5a631db0468c49ef → host:172.234.197.23 → host:131.196.31.65
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa51bce6270c7d63:host:177.10.232.167:host:172.234.197.23	SESSION-aa51bce6270c7d63 → host:177.10.232.167 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-d3e80fb3431ec3f4:SESSION-d3e80fb3431ec3f4	SESSION-d3e80fb3431ec3f4 → pe:rst:SESSION-d3e80fb3431ec3f4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01fb4d6a9472c8c7:host:31.40.196.211	SESSION-01fb4d6a9472c8c7 → host:31.40.196.211
flow_observed5-aryOBS	e:fo:flow:47c5af296031	flow:47c5af296031 → host:177.10.233.40 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-97bd7f793ae0ea11:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-97bd7f793ae0ea11 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3ecb424a0a4d5b0f:SESSION-3ecb424a0a4d5b0f	SESSION-3ecb424a0a4d5b0f → pe:syn:SESSION-3ecb424a0a4d5b0f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7912a0e1302b3ba3:SESSION-7912a0e1302b3ba3	SESSION-7912a0e1302b3ba3 → pe:syn:SESSION-7912a0e1302b3ba3
flow_observed5-aryOBS	e:fo:flow:ac8c6259f880	flow:ac8c6259f880 → host:177.10.235.70 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-3ad1374907e690a1:host:177.10.234.16	SESSION-3ad1374907e690a1 → host:177.10.234.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-acada2cd7035c790:host:172.234.197.23	SESSION-acada2cd7035c790 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.132:asn:262880	host:177.10.234.132 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9260442e0efbdc6:host:177.10.235.211	SESSION-d9260442e0efbdc6 → host:177.10.235.211
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cd801ce1250407dd:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cd801ce1250407dd → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb9826b2bc40f219:host:172.234.197.23	SESSION-eb9826b2bc40f219 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.107:asn:262880	host:177.10.239.107 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-b9a69c63a7b588de:host:172.234.197.23	SESSION-b9a69c63a7b588de → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5c562cec43ce89e:host:172.234.197.23	SESSION-c5c562cec43ce89e → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:97fc34a052d0	flow:97fc34a052d0 → host:172.234.197.23 → host:94.183.177.120 → port:tcp:41842
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.237:geo_-23.62930_-46.63510	host:131.196.28.237 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.108:asn:271410	host:131.196.30.108 → asn:271410
flow_observed4-aryOBS	e:fo:flow:0b696ed5e125	flow:0b696ed5e125 → host:172.234.197.23 → host:177.10.233.112 → port:tcp:41524
FLOW_FROM_HOSTOBS	e:from:SESSION-a015ddbfdf91f569:host:177.10.236.155	SESSION-a015ddbfdf91f569 → host:177.10.236.155
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d585afab4eb6ac7e:flow:81504a5f849a	SESSION-d585afab4eb6ac7e → flow:81504a5f849a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77c4ff849445b3aa:host:177.10.235.172	SESSION-77c4ff849445b3aa → host:177.10.235.172
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-083cc9a3854de3cd:flow:f2eba56c437c	SESSION-083cc9a3854de3cd → flow:f2eba56c437c
flow_observed5-aryOBS	e:fo:flow:e9d8a4501e2b	flow:e9d8a4501e2b → host:131.196.31.142 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ae3419cd71fb8b85:SESSION-ae3419cd71fb8b85	SESSION-ae3419cd71fb8b85 → pe:syn:SESSION-ae3419cd71fb8b85
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d9b13ac4e6d83a5e:flow:f9376bb56e1e	SESSION-d9b13ac4e6d83a5e → flow:f9376bb56e1e
FLOW_FROM_HOSTOBS	e:from:SESSION-105ac3e4c69fbe80:host:177.10.237.233	SESSION-105ac3e4c69fbe80 → host:177.10.237.233
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.216:geo_-16.28860_-49.01640	host:177.10.233.216 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.116:asn:262880	host:177.10.232.116 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0844998e370f9b20:SESSION-0844998e370f9b20	SESSION-0844998e370f9b20 → pe:tls:SESSION-0844998e370f9b20
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d6a1a522f9ca6e79:SESSION-d6a1a522f9ca6e79	SESSION-d6a1a522f9ca6e79 → pe:tls:SESSION-d6a1a522f9ca6e79
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a6edbcdecdf7d835:SESSION-a6edbcdecdf7d835	SESSION-a6edbcdecdf7d835 → pe:tls:SESSION-a6edbcdecdf7d835
HOST_IN_ASNOBS 85%	e:ha:host:104.28.234.78:asn:13335	host:104.28.234.78 → asn:13335
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3524905b33baacd0:host:177.10.232.229:host:172.234.197.23	SESSION-3524905b33baacd0 → host:177.10.232.229 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1446b81625870ef0:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-1446b81625870ef0 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-130c48c57d6ba6f4:host:140.235.124.200	SESSION-130c48c57d6ba6f4 → host:140.235.124.200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be5c05381a363417:host:177.10.234.85:host:172.234.197.23	SESSION-be5c05381a363417 → host:177.10.234.85 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-20aee5a5b6e9be41:flow:1db2a351c3cf	SESSION-20aee5a5b6e9be41 → flow:1db2a351c3cf
FLOW_FROM_HOSTOBS	e:from:SESSION-d776155c4ea7cbea:host:172.234.197.23	SESSION-d776155c4ea7cbea → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20552151cee2e1af:host:172.234.197.23	SESSION-20552151cee2e1af → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b1032a47414de8d:host:172.234.197.23	SESSION-2b1032a47414de8d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9633daabdcbaa0c0:host:172.234.197.23	SESSION-9633daabdcbaa0c0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b96ebacbeedc:port:udp:53	flow:b96ebacbeedc → port:udp:53
flow_observed4-aryOBS	e:fo:flow:490048fe7305	flow:490048fe7305 → host:172.234.197.23 → host:131.196.31.79 → port:tcp:50540
FLOW_TO_HOSTOBS	e:to:SESSION-96298fdbde5cf19b:host:172.234.197.23	SESSION-96298fdbde5cf19b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b42fc656319c5bfc:SESSION-b42fc656319c5bfc	SESSION-b42fc656319c5bfc → pe:syn:SESSION-b42fc656319c5bfc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ade0b807fe10f93e:SESSION-ade0b807fe10f93e	SESSION-ade0b807fe10f93e → pe:tls:SESSION-ade0b807fe10f93e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8f0e5de26982cc62:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8f0e5de26982cc62 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f2cbf1ff9debe345:SESSION-f2cbf1ff9debe345	SESSION-f2cbf1ff9debe345 → pe:syn:SESSION-f2cbf1ff9debe345
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1933fbedf850967f:host:131.196.30.67	SESSION-1933fbedf850967f → host:131.196.30.67
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-49ea9885c560f158:SESSION-49ea9885c560f158	SESSION-49ea9885c560f158 → pe:tls:SESSION-49ea9885c560f158
FLOW_TO_HOSTOBS	e:to:SESSION-5a631db0468c49ef:host:131.196.31.65	SESSION-5a631db0468c49ef → host:131.196.31.65
FLOW_DST_PORTOBS	e:fp:flow:34f88f44358a:port:tcp:443	flow:34f88f44358a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-b65c6ec30f2c8117:host:177.10.238.246	SESSION-b65c6ec30f2c8117 → host:177.10.238.246
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eee2452aad82d1c2:host:177.10.236.209	SESSION-eee2452aad82d1c2 → host:177.10.236.209
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-913ac926bd708af5:flow:37482c18bec6	SESSION-913ac926bd708af5 → flow:37482c18bec6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d82c2d4eaa13efdb:flow:5711ff8b5c9f	SESSION-d82c2d4eaa13efdb → flow:5711ff8b5c9f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f377c5e49ededc1c:host:131.196.29.186	SESSION-f377c5e49ededc1c → host:131.196.29.186
FLOW_FROM_HOSTOBS	e:from:SESSION-7a0913a57a803cab:host:172.234.197.23	SESSION-7a0913a57a803cab → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bf1d82e08e9f:port:tcp:443	flow:bf1d82e08e9f → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0b228975a6eff356:flow:a77dc87ab230	SESSION-0b228975a6eff356 → flow:a77dc87ab230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d846bfa2b8f8474d:SESSION-d846bfa2b8f8474d	SESSION-d846bfa2b8f8474d → pe:tls:SESSION-d846bfa2b8f8474d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52e5c47434ed6c74:host:177.10.233.148	SESSION-52e5c47434ed6c74 → host:177.10.233.148
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6511e777b0d792c1:host:172.234.197.23	SESSION-6511e777b0d792c1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6d5104ce4fb1:port:tcp:443	flow:6d5104ce4fb1 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aaf7ce37564a0317:PCAP:capture_20260430150001:ded20914761d	SESSION-aaf7ce37564a0317 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8ab658d53a1eebd:host:172.234.197.23	SESSION-c8ab658d53a1eebd → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3ea6c4aff46dde87:host:172.234.197.23	SESSION-3ea6c4aff46dde87 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0d74f533686cf043:host:172.234.197.23	SESSION-0d74f533686cf043 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-52e5c47434ed6c74:host:177.10.233.148	SESSION-52e5c47434ed6c74 → host:177.10.233.148
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aad95c97a46f4b66:PCAP:capture_20260430110001:43611bdf6759	SESSION-aad95c97a46f4b66 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-95229bbdec6f8a74:host:177.10.233.6:host:172.234.197.23	SESSION-95229bbdec6f8a74 → host:177.10.233.6 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.98:geo_-23.62930_-46.63510	host:131.196.31.98 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-db282f95b9cc563d:host:172.234.197.23	SESSION-db282f95b9cc563d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.158:asn:262880	host:177.10.233.158 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f9bc9a3180c6fb10:PCAP:capture_20260430160001:9bfa4498506a	SESSION-f9bc9a3180c6fb10 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7f008aa22e7b680c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7f008aa22e7b680c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1705f35e2db46a43:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1705f35e2db46a43 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed4-aryOBS	e:fo:flow:99eaae9230cf	flow:99eaae9230cf → host:172.234.197.23 → host:131.196.29.235 → port:tcp:28704
FLOW_DST_PORTOBS	e:fp:flow:c1ebe2f41b05:port:tcp:15037	flow:c1ebe2f41b05 → port:tcp:15037
FLOW_TO_HOSTOBS	e:to:SESSION-5d5e5bbccd32f2d5:host:131.196.30.45	SESSION-5d5e5bbccd32f2d5 → host:131.196.30.45
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.100:asn:271410	host:131.196.31.100 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa515f25c4c77655:host:177.10.239.12:host:172.234.197.23	SESSION-aa515f25c4c77655 → host:177.10.239.12 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2289078120ff48cc:host:172.234.197.23	SESSION-2289078120ff48cc → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:29de516052b7	flow:29de516052b7 → host:172.234.197.23 → host:131.196.29.201 → port:tcp:52055
FLOW_FROM_HOSTOBS	e:from:SESSION-edfeffbce5127655:host:136.243.57.208	SESSION-edfeffbce5127655 → host:136.243.57.208
FLOW_FROM_HOSTOBS	e:from:SESSION-687dc6215da3af8c:host:177.10.233.167	SESSION-687dc6215da3af8c → host:177.10.233.167
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df4b466e6cf802c5:host:172.234.197.23	SESSION-df4b466e6cf802c5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eadecea9d5615d15:flow:a305d6c00ad8	SESSION-eadecea9d5615d15 → flow:a305d6c00ad8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bdbc4c9f7cbfe0c2:SESSION-bdbc4c9f7cbfe0c2	SESSION-bdbc4c9f7cbfe0c2 → pe:tls:SESSION-bdbc4c9f7cbfe0c2
flow_observed5-aryOBS	e:fo:flow:5725aeb457d8	flow:5725aeb457d8 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e3f936e849fecda0:SESSION-e3f936e849fecda0	SESSION-e3f936e849fecda0 → pe:syn:SESSION-e3f936e849fecda0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.101:geo_-16.28860_-49.01640	host:177.10.235.101 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a60c132d3a0c7657:SESSION-a60c132d3a0c7657	SESSION-a60c132d3a0c7657 → pe:syn:SESSION-a60c132d3a0c7657
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e327e4197615d5bf:host:131.196.28.86	SESSION-e327e4197615d5bf → host:131.196.28.86
FLOW_TO_HOSTOBS	e:to:SESSION-d9e1dffa0e2317c3:host:172.234.197.23	SESSION-d9e1dffa0e2317c3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-54d23880cad1a846:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-54d23880cad1a846 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b048ecd988d76f67:host:131.196.28.175	SESSION-b048ecd988d76f67 → host:131.196.28.175
FLOW_DST_PORTOBS	e:fp:flow:d1beb07c9216:port:tcp:443	flow:d1beb07c9216 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bcb514f388fb99c6:host:177.10.235.186:host:172.234.197.23	SESSION-bcb514f388fb99c6 → host:177.10.235.186 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e87c1bf59f6ff4a:host:177.10.238.208	SESSION-9e87c1bf59f6ff4a → host:177.10.238.208
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-edebc7da73e26840:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-edebc7da73e26840 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.105:geo_-16.28860_-49.01640	host:177.10.235.105 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-3fa65fdb17829700:host:172.234.197.23	SESSION-3fa65fdb17829700 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5fb6fe079446275d:flow:a09dfaa93133	SESSION-5fb6fe079446275d → flow:a09dfaa93133
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a2f82c2a85816be:host:131.196.28.15	SESSION-4a2f82c2a85816be → host:131.196.28.15
FLOW_TO_HOSTOBS	e:to:SESSION-8bfe47632c127d09:host:172.234.197.23	SESSION-8bfe47632c127d09 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:03a23d7be674:port:tcp:12694	flow:03a23d7be674 → port:tcp:12694
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4d9a4406bd7b3b41:flow:75b58e38903e	SESSION-4d9a4406bd7b3b41 → flow:75b58e38903e
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.221:asn:273470	host:45.173.156.221 → asn:273470
flow_observed3-aryOBS	e:fo:flow:f4a2312294a2	flow:f4a2312294a2 → host:35.92.48.165 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9b95b0cbe709	flow:9b95b0cbe709 → host:131.196.31.190 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:52a0d88bf6fd:port:tcp:443	flow:52a0d88bf6fd → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-396a4dd85675ad96:flow:33ecf83e0368	SESSION-396a4dd85675ad96 → flow:33ecf83e0368
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eead3829bc62f23e:SESSION-eead3829bc62f23e	SESSION-eead3829bc62f23e → pe:tls:SESSION-eead3829bc62f23e
flow_observed5-aryOBS	e:fo:flow:9690312925a2	flow:9690312925a2 → host:131.196.29.61 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:a17718402a27	flow:a17718402a27 → host:172.234.197.23 → host:131.196.28.39 → port:tcp:11842
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.78:geo_-16.28860_-49.01640	host:177.10.235.78 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1bf280e9db7bb994:host:44.255.175.112	SESSION-1bf280e9db7bb994 → host:44.255.175.112
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c15ada1b10271eef:host:131.196.31.122	SESSION-c15ada1b10271eef → host:131.196.31.122
FLOW_DST_PORTOBS	e:fp:flow:61ede21d1dc4:port:tcp:443	flow:61ede21d1dc4 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:b4d8f281c422:port:tcp:443	flow:b4d8f281c422 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:87288ec89f1c:port:tcp:47900	flow:87288ec89f1c → port:tcp:47900
FLOW_DST_PORTOBS	e:fp:flow:c9008a9987d9:port:tcp:443	flow:c9008a9987d9 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:92c6a8c1353a	flow:92c6a8c1353a → host:172.234.197.23 → host:177.10.237.169 → port:tcp:57256
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-37e4af30bda4d3e9:SESSION-37e4af30bda4d3e9	SESSION-37e4af30bda4d3e9 → pe:syn:SESSION-37e4af30bda4d3e9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-415460770952c9a4:host:177.10.232.135	SESSION-415460770952c9a4 → host:177.10.232.135
FLOW_FROM_HOSTOBS	e:from:SESSION-b0b067dd86042d0a:host:177.10.236.3	SESSION-b0b067dd86042d0a → host:177.10.236.3
FLOW_DST_PORTOBS	e:fp:flow:8e45fdb23cc0:port:udp:53	flow:8e45fdb23cc0 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d93e5dd98af62cc:host:172.234.197.23	SESSION-2d93e5dd98af62cc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a6b762e1d0d174fb:host:172.234.197.23	SESSION-a6b762e1d0d174fb → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b6b6d1180ef3	flow:b6b6d1180ef3 → host:131.196.31.168 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e7a6b146488afb43:host:177.10.238.87:host:172.234.197.23	SESSION-e7a6b146488afb43 → host:177.10.238.87 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bc96f34750660160:PCAP:capture_20260430050001:8868731bf8a4	SESSION-bc96f34750660160 → PCAP:capture_20260430050001:8868731bf8a4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.92:asn:271410	host:131.196.31.92 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e01d63cbcaad0b90:host:8.213.192.144:host:172.234.197.23	SESSION-e01d63cbcaad0b90 → host:8.213.192.144 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.217:asn:271410	host:131.196.28.217 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3ca442589a0a5e5d:host:177.10.236.115:host:172.234.197.23	SESSION-3ca442589a0a5e5d → host:177.10.236.115 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f953402fa48addf:host:177.10.232.232	SESSION-3f953402fa48addf → host:177.10.232.232
FLOW_FROM_HOSTOBS	e:from:SESSION-0debd2a005265c6e:host:45.173.156.35	SESSION-0debd2a005265c6e → host:45.173.156.35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3bebc5cb41e4621f:SESSION-3bebc5cb41e4621f	SESSION-3bebc5cb41e4621f → pe:syn:SESSION-3bebc5cb41e4621f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf286e26fb783f2f:host:131.196.29.160	SESSION-cf286e26fb783f2f → host:131.196.29.160
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a5b7661178bc9fc6:flow:e4d75120f5af	SESSION-a5b7661178bc9fc6 → flow:e4d75120f5af
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d8938c8d43c3c288:PCAP:capture_20260430060001:919b39a74464	SESSION-d8938c8d43c3c288 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1d5390845b17c572:SESSION-1d5390845b17c572	SESSION-1d5390845b17c572 → pe:tls:SESSION-1d5390845b17c572
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa31472460997bf3:host:177.10.238.46:host:172.234.197.23	SESSION-aa31472460997bf3 → host:177.10.238.46 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-527acdf0d3ebbbcc:flow:1718a7391604	SESSION-527acdf0d3ebbbcc → flow:1718a7391604
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4076f0f6734ca69:host:172.234.197.23:host:45.173.156.68	SESSION-d4076f0f6734ca69 → host:172.234.197.23 → host:45.173.156.68
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6cdad751a34344e1:host:177.10.236.27:host:172.234.197.23	SESSION-6cdad751a34344e1 → host:177.10.236.27 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7fdad1084837	flow:7fdad1084837 → host:131.196.30.222 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-835226e6e5119935:host:45.173.156.60	SESSION-835226e6e5119935 → host:45.173.156.60
FLOW_FROM_HOSTOBS	e:from:SESSION-4e49a14deb2e22da:host:80.94.92.186	SESSION-4e49a14deb2e22da → host:80.94.92.186
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db98e45dca973468:flow:5d0dd65fd7cc	SESSION-db98e45dca973468 → flow:5d0dd65fd7cc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4081c2e8ed1c2925:host:131.196.31.27	SESSION-4081c2e8ed1c2925 → host:131.196.31.27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9c596c163b79d372:SESSION-9c596c163b79d372	SESSION-9c596c163b79d372 → pe:syn:SESSION-9c596c163b79d372
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c615690895f6d3c9:SESSION-c615690895f6d3c9	SESSION-c615690895f6d3c9 → pe:tls:SESSION-c615690895f6d3c9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-52edb7664c060999:flow:01f099eb3637	SESSION-52edb7664c060999 → flow:01f099eb3637
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a16085aea35a1403:host:172.234.197.23	SESSION-a16085aea35a1403 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-977a7c6dd83aa424:flow:a252eb165cd5	SESSION-977a7c6dd83aa424 → flow:a252eb165cd5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-917ad6cf3046e17b:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-917ad6cf3046e17b → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28ca4d014ad9a35f:host:177.10.234.40	SESSION-28ca4d014ad9a35f → host:177.10.234.40
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d43da16ef3276f9b:host:177.10.236.239	SESSION-d43da16ef3276f9b → host:177.10.236.239
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:199.16.157.181:geo_33.76970_-84.37540	host:199.16.157.181 → geo_33.76970_-84.37540
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-964acfd97ca38755:host:172.234.197.23	SESSION-964acfd97ca38755 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a437e2422713bf06:host:177.10.236.245	SESSION-a437e2422713bf06 → host:177.10.236.245
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-30ddbb300887e80e:host:177.10.236.89:host:172.234.197.23	SESSION-30ddbb300887e80e → host:177.10.236.89 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0634c65493dd9b22:host:131.196.31.171	SESSION-0634c65493dd9b22 → host:131.196.31.171
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fc59b28fe233796a:PCAP:capture_20260430110001:43611bdf6759	SESSION-fc59b28fe233796a → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-37bca0dc2914cafb:SESSION-37bca0dc2914cafb	SESSION-37bca0dc2914cafb → pe:tls:SESSION-37bca0dc2914cafb
flow_observed5-aryOBS	e:fo:flow:f810268e2b18	flow:f810268e2b18 → host:177.10.235.176 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-5bf52bbf16270a2a:host:104.28.202.77	SESSION-5bf52bbf16270a2a → host:104.28.202.77
FLOW_DST_PORTOBS	e:fp:flow:bf85860c61db:port:tcp:443	flow:bf85860c61db → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:3da5b473a4ca	flow:3da5b473a4ca → host:172.234.197.23 → host:177.10.236.239 → port:tcp:15268
flow_observed5-aryOBS	e:fo:flow:53f01b8aa2e8	flow:53f01b8aa2e8 → host:131.196.31.159 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24f1ec9c7d379a9b:host:172.234.197.23	SESSION-24f1ec9c7d379a9b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d537e467802bc1c1:host:172.234.197.23	SESSION-d537e467802bc1c1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fcdaaf650d72b5bc:host:172.234.197.23	SESSION-fcdaaf650d72b5bc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d74f533686cf043:host:177.10.238.46	SESSION-0d74f533686cf043 → host:177.10.238.46
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ee402158031a28f0:flow:634c06e7731f	SESSION-ee402158031a28f0 → flow:634c06e7731f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ea20601fa7d993b:host:172.234.197.23:host:131.196.29.53	SESSION-1ea20601fa7d993b → host:172.234.197.23 → host:131.196.29.53
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.236:geo_-16.28860_-49.01640	host:177.10.234.236 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-6d6666ae3e8c32da:host:177.10.237.229	SESSION-6d6666ae3e8c32da → host:177.10.237.229
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77690ed69567f90d:SESSION-77690ed69567f90d	SESSION-77690ed69567f90d → pe:tls:SESSION-77690ed69567f90d
FLOW_DST_PORTOBS	e:fp:flow:ad5aee9f59a3:port:tcp:443	flow:ad5aee9f59a3 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:5d260aa3f548:port:tcp:25217	flow:5d260aa3f548 → port:tcp:25217
FLOW_DST_PORTOBS	e:fp:flow:73447e28b1e9:port:tcp:57171	flow:73447e28b1e9 → port:tcp:57171
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ca707063b726bac:host:172.234.197.23	SESSION-8ca707063b726bac → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1f991b6c62555b6c:PCAP:capture_20260430060001:919b39a74464	SESSION-1f991b6c62555b6c → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-88c19910e1cb1242:host:172.234.197.23	SESSION-88c19910e1cb1242 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b048d8915129480a:flow:5604757aa9e4	SESSION-b048d8915129480a → flow:5604757aa9e4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7f181002c59096f4:SESSION-7f181002c59096f4	SESSION-7f181002c59096f4 → pe:syn:SESSION-7f181002c59096f4
FLOW_FROM_HOSTOBS	e:from:SESSION-4dc418e4265e72ea:host:177.10.238.93	SESSION-4dc418e4265e72ea → host:177.10.238.93
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-418ea5f834fbfdc6:PCAP:capture_20260430080001:93f47cc296a4	SESSION-418ea5f834fbfdc6 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:00b445dc0021:port:tcp:443	flow:00b445dc0021 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-92922842b80104c6:host:177.10.232.37	SESSION-92922842b80104c6 → host:177.10.232.37
FLOW_DST_PORTOBS	e:fp:flow:ee984b950533:port:tcp:443	flow:ee984b950533 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-858a06c2b9abdebe:host:45.173.156.192	SESSION-858a06c2b9abdebe → host:45.173.156.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e8278f913dbee560:SESSION-e8278f913dbee560	SESSION-e8278f913dbee560 → pe:syn:SESSION-e8278f913dbee560
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3fc91fd95f4bed82:SESSION-3fc91fd95f4bed82	SESSION-3fc91fd95f4bed82 → pe:tls:SESSION-3fc91fd95f4bed82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-4dda4cfeb9223891:SESSION-4dda4cfeb9223891	SESSION-4dda4cfeb9223891 → pe:rst:SESSION-4dda4cfeb9223891
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9726d81acc78b8e7:SESSION-9726d81acc78b8e7	SESSION-9726d81acc78b8e7 → pe:syn:SESSION-9726d81acc78b8e7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-038099de878067a0:flow:0eff10ba49f2	SESSION-038099de878067a0 → flow:0eff10ba49f2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7928f63a898f7aac:host:172.234.197.23:host:177.10.233.219	SESSION-7928f63a898f7aac → host:172.234.197.23 → host:177.10.233.219
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.199:geo_-23.62930_-46.63510	host:131.196.31.199 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-941b4a1386b7be8f:host:172.234.197.23	SESSION-941b4a1386b7be8f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-829966970db58135:host:172.234.197.23	SESSION-829966970db58135 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6e708c58166944fb:SESSION-6e708c58166944fb	SESSION-6e708c58166944fb → pe:tls:SESSION-6e708c58166944fb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1fc279480f80cfd1:host:172.234.197.23:host:177.10.236.96	SESSION-1fc279480f80cfd1 → host:172.234.197.23 → host:177.10.236.96
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65262d33293291dd:host:172.234.197.23:host:177.10.236.22	SESSION-65262d33293291dd → host:172.234.197.23 → host:177.10.236.22
FLOW_TO_HOSTOBS	e:to:SESSION-d077f88c61181481:host:172.234.197.23	SESSION-d077f88c61181481 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ee36310db765ff6:host:172.234.197.23	SESSION-2ee36310db765ff6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7e6270bfda958738:host:177.10.236.218	SESSION-7e6270bfda958738 → host:177.10.236.218
FLOW_FROM_HOSTOBS	e:from:SESSION-8ac7bdbcc541a2d8:host:172.234.197.23	SESSION-8ac7bdbcc541a2d8 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.93:geo_-16.28860_-49.01640	host:177.10.232.93 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:62a872cfe84a	flow:62a872cfe84a → host:172.234.197.23 → host:177.10.234.96 → port:tcp:5655
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-51c60ff5c6e820bd:SESSION-51c60ff5c6e820bd	SESSION-51c60ff5c6e820bd → pe:tls:SESSION-51c60ff5c6e820bd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2def334ee7bae1e1:host:172.234.197.23	SESSION-2def334ee7bae1e1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c14806e741c4fd98:host:172.234.197.23	SESSION-c14806e741c4fd98 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6c751e472afd:port:tcp:443	flow:6c751e472afd → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-759329d52e4cabab:flow:943d842fa81c	SESSION-759329d52e4cabab → flow:943d842fa81c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e798ff0c310952a:host:177.10.234.144	SESSION-6e798ff0c310952a → host:177.10.234.144
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-102bebe502918f62:PCAP:capture_20260430160001:9bfa4498506a	SESSION-102bebe502918f62 → PCAP:capture_20260430160001:9bfa4498506a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.61:asn:262880	host:177.10.233.61 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a40236c67828800b:host:172.234.197.23:host:177.10.239.40	SESSION-a40236c67828800b → host:172.234.197.23 → host:177.10.239.40
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ce9448c6704b565d:SESSION-ce9448c6704b565d	SESSION-ce9448c6704b565d → pe:tls:SESSION-ce9448c6704b565d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fcb174e83803b1f7:PCAP:capture_20260430150001:ded20914761d	SESSION-fcb174e83803b1f7 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-03cfd9b1d0f62704:SESSION-03cfd9b1d0f62704	SESSION-03cfd9b1d0f62704 → pe:tls:SESSION-03cfd9b1d0f62704
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.149:geo_-16.28860_-49.01640	host:177.10.236.149 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-fef5a77f946ef097:host:172.234.197.23	SESSION-fef5a77f946ef097 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ab83f0ea1c3b60ab:PCAP:capture_20260430160001:9bfa4498506a	SESSION-ab83f0ea1c3b60ab → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaf9de21464647a2:host:177.10.232.97	SESSION-eaf9de21464647a2 → host:177.10.232.97
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a2e4fb28ad63a51c:flow:acc81007f3bf	SESSION-a2e4fb28ad63a51c → flow:acc81007f3bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0b6872bf6474c44:host:131.196.30.98	SESSION-f0b6872bf6474c44 → host:131.196.30.98
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.91.243.64:geo_48.85820_2.33870	host:51.91.243.64 → geo_48.85820_2.33870
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a810a8703b9c77f1:SESSION-a810a8703b9c77f1	SESSION-a810a8703b9c77f1 → pe:tls:SESSION-a810a8703b9c77f1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8d9f933822471a5a:SESSION-8d9f933822471a5a	SESSION-8d9f933822471a5a → pe:tls:SESSION-8d9f933822471a5a
FLOW_FROM_HOSTOBS	e:from:SESSION-1a26d5a4b5eab898:host:51.224.74.176	SESSION-1a26d5a4b5eab898 → host:51.224.74.176
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d741000864bcf81f:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-d741000864bcf81f → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-aae42b7cc2993272:host:172.234.197.23	SESSION-aae42b7cc2993272 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.46:geo_-16.28860_-49.01640	host:177.10.234.46 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-256da911109eccd4:SESSION-256da911109eccd4	SESSION-256da911109eccd4 → pe:tls:SESSION-256da911109eccd4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-97d8ab6142f53424:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-97d8ab6142f53424 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0cf49defbe006f77:SESSION-0cf49defbe006f77	SESSION-0cf49defbe006f77 → pe:tls:SESSION-0cf49defbe006f77
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7dea1c67796075ab:host:172.234.197.23	SESSION-7dea1c67796075ab → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c9a9ddd86aa762a0:flow:0203a7b3c078	SESSION-c9a9ddd86aa762a0 → flow:0203a7b3c078
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2460b60c939eb75b:host:177.10.239.76	SESSION-2460b60c939eb75b → host:177.10.239.76
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d73d5fbffa5706a1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d73d5fbffa5706a1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1b4aebfef6c24ca0:host:172.234.197.23:host:177.10.236.42	SESSION-1b4aebfef6c24ca0 → host:172.234.197.23 → host:177.10.236.42
FLOW_TO_HOSTOBS	e:to:SESSION-5e08e3213e2e0e28:host:172.234.197.23	SESSION-5e08e3213e2e0e28 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96298fdbde5cf19b:SESSION-96298fdbde5cf19b	SESSION-96298fdbde5cf19b → pe:tls:SESSION-96298fdbde5cf19b
flow_observed5-aryOBS	e:fo:flow:1b01833b9299	flow:1b01833b9299 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
FLOW_TO_HOSTOBS	e:to:SESSION-0e1f57d75854220c:host:177.10.236.146	SESSION-0e1f57d75854220c → host:177.10.236.146
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.182:geo_-23.62930_-46.63510	host:131.196.31.182 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2edb47571c4ed35:host:172.234.197.23	SESSION-e2edb47571c4ed35 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9963b3b3d702eb6e:host:172.234.197.23	SESSION-9963b3b3d702eb6e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-038099de878067a0:SESSION-038099de878067a0	SESSION-038099de878067a0 → pe:tls:SESSION-038099de878067a0
FLOW_FROM_HOSTOBS	e:from:SESSION-b00e597f7260eb50:host:131.196.31.157	SESSION-b00e597f7260eb50 → host:131.196.31.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4d4d7fb155f65fdf:SESSION-4d4d7fb155f65fdf	SESSION-4d4d7fb155f65fdf → pe:tls:SESSION-4d4d7fb155f65fdf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37c584531b25722b:host:131.196.30.239	SESSION-37c584531b25722b → host:131.196.30.239
FLOW_FROM_HOSTOBS	e:from:SESSION-89883827e26a2cf6:host:177.10.239.31	SESSION-89883827e26a2cf6 → host:177.10.239.31
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.130:geo_-16.28860_-49.01640	host:177.10.236.130 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8402a55882de6bd8:host:172.234.197.23:host:177.10.237.147	SESSION-8402a55882de6bd8 → host:172.234.197.23 → host:177.10.237.147
FLOW_DST_PORTOBS	e:fp:flow:224adaf0ad90:port:tcp:443	flow:224adaf0ad90 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ae2c237b5906e067:SESSION-ae2c237b5906e067	SESSION-ae2c237b5906e067 → pe:syn:SESSION-ae2c237b5906e067
flow_observed5-aryOBS	e:fo:flow:d3bce88fd7b7	flow:d3bce88fd7b7 → host:45.145.152.222 → host:172.234.197.23 → port:tcp:80 → svc:http
flow_observed5-aryOBS	e:fo:flow:78300c522ed5	flow:78300c522ed5 → host:131.196.28.148 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.32:asn:271410	host:131.196.30.32 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-b479aa11234b67ae:host:131.196.30.200	SESSION-b479aa11234b67ae → host:131.196.30.200
FLOW_TO_HOSTOBS	e:to:SESSION-6d5e711c3b45ec85:host:172.234.197.23	SESSION-6d5e711c3b45ec85 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6b4b9c738c314ebf:host:172.234.197.23	SESSION-6b4b9c738c314ebf → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb5c3fce7274dac7:host:172.234.197.23:host:177.10.235.249	SESSION-cb5c3fce7274dac7 → host:172.234.197.23 → host:177.10.235.249
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c7b20ceba4f49bfd:flow:6bf63e143c80	SESSION-c7b20ceba4f49bfd → flow:6bf63e143c80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d0929735579c89e2:flow:98a12a95fc8d	SESSION-d0929735579c89e2 → flow:98a12a95fc8d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-86b4956d98680667:SESSION-86b4956d98680667	SESSION-86b4956d98680667 → pe:tls:SESSION-86b4956d98680667
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d446777121d9b1f8:host:172.234.197.23:host:177.10.239.192	SESSION-d446777121d9b1f8 → host:172.234.197.23 → host:177.10.239.192
FLOW_DST_PORTOBS	e:fp:flow:559d68ae7b62:port:tcp:443	flow:559d68ae7b62 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-0cf49defbe006f77:host:172.234.197.23	SESSION-0cf49defbe006f77 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-91da8f4807f085e6:host:172.234.197.23	SESSION-91da8f4807f085e6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e7c69120e909:port:tcp:443	flow:e7c69120e909 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-516e4259bbcb51e8:host:177.10.238.31	SESSION-516e4259bbcb51e8 → host:177.10.238.31
FLOW_DST_PORTOBS	e:fp:flow:fc2d97c28801:port:tcp:35049	flow:fc2d97c28801 → port:tcp:35049
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ce047c01fb54580f:flow:07f2fb3e3350	SESSION-ce047c01fb54580f → flow:07f2fb3e3350
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e6f5f35bde9b3d2:host:172.234.197.23	SESSION-7e6f5f35bde9b3d2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-996c7a5f028b9d80:host:172.234.197.23	SESSION-996c7a5f028b9d80 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47fa70a72a159eed:host:177.10.236.95:host:172.234.197.23	SESSION-47fa70a72a159eed → host:177.10.236.95 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:788aa44c6648:port:tcp:443	flow:788aa44c6648 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5fd776fee1455ee3:PCAP:capture_20260430160001:9bfa4498506a	SESSION-5fd776fee1455ee3 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-481702f1e56ec074:SESSION-481702f1e56ec074	SESSION-481702f1e56ec074 → pe:syn:SESSION-481702f1e56ec074
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96abdd68944f2af2:SESSION-96abdd68944f2af2	SESSION-96abdd68944f2af2 → pe:syn:SESSION-96abdd68944f2af2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f43bb83d69743819:host:177.10.237.77	SESSION-f43bb83d69743819 → host:177.10.237.77
FLOW_DST_PORTOBS	e:fp:flow:39906cd67d5b:port:tcp:18992	flow:39906cd67d5b → port:tcp:18992
FLOW_FROM_HOSTOBS	e:from:SESSION-d33ef29909b4f2d5:host:131.196.29.153	SESSION-d33ef29909b4f2d5 → host:131.196.29.153
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5a3cad014cd3066:host:172.234.197.23	SESSION-b5a3cad014cd3066 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ffa84d5a72af3dab:host:172.234.197.23	SESSION-ffa84d5a72af3dab → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2824f9b79e0fb1f1:SESSION-2824f9b79e0fb1f1	SESSION-2824f9b79e0fb1f1 → pe:syn:SESSION-2824f9b79e0fb1f1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ead89ade728d357d:flow:910603e7a361	SESSION-ead89ade728d357d → flow:910603e7a361
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4f8f4fc610e76fd:host:172.234.197.23:host:177.10.234.81	SESSION-c4f8f4fc610e76fd → host:172.234.197.23 → host:177.10.234.81
FLOW_FROM_HOSTOBS	e:from:SESSION-1355eedcc36803bb:host:172.234.197.23	SESSION-1355eedcc36803bb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-07675572faa18905:flow:6336053cfda8	SESSION-07675572faa18905 → flow:6336053cfda8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-739affc996a6fe99:SESSION-739affc996a6fe99	SESSION-739affc996a6fe99 → pe:syn:SESSION-739affc996a6fe99
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5f70c7a73cedaabc:SESSION-5f70c7a73cedaabc	SESSION-5f70c7a73cedaabc → pe:tls:SESSION-5f70c7a73cedaabc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-464502b3105a6b82:SESSION-464502b3105a6b82	SESSION-464502b3105a6b82 → pe:tls:SESSION-464502b3105a6b82
flow_observed5-aryOBS	e:fo:flow:7deae72d4bf5	flow:7deae72d4bf5 → host:131.196.28.247 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:5fac4106d582:port:tcp:443	flow:5fac4106d582 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-df8de933ba817d8f:host:185.231.226.101	SESSION-df8de933ba817d8f → host:185.231.226.101
FLOW_FROM_HOSTOBS	e:from:SESSION-2d226dc6e18df532:host:131.196.29.68	SESSION-2d226dc6e18df532 → host:131.196.29.68
FLOW_FROM_HOSTOBS	e:from:SESSION-68282fbeb04671d9:host:172.234.197.23	SESSION-68282fbeb04671d9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9d6fb279031158e:host:177.10.238.210	SESSION-b9d6fb279031158e → host:177.10.238.210
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-89ff4b6182efd39b:host:57.128.95.174:host:172.234.197.23	SESSION-89ff4b6182efd39b → host:57.128.95.174 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9e0d73c88dd83fb6:flow:4e6607c4638e	SESSION-9e0d73c88dd83fb6 → flow:4e6607c4638e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8bfe47632c127d09:host:131.196.31.77:host:172.234.197.23	SESSION-8bfe47632c127d09 → host:131.196.31.77 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e56fb95f564a0aa:host:172.232.0.16	SESSION-0e56fb95f564a0aa → host:172.232.0.16
FLOW_TO_HOSTOBS	e:to:SESSION-312b2e72c1d2a2ee:host:172.234.197.23	SESSION-312b2e72c1d2a2ee → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e7ad62492e870e2b:SESSION-e7ad62492e870e2b	SESSION-e7ad62492e870e2b → pe:syn:SESSION-e7ad62492e870e2b
flow_observed5-aryOBS	e:fo:flow:bcda614bbb3a	flow:bcda614bbb3a → host:131.196.31.218 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-39452ac6bcbae8d3:host:131.196.31.80	SESSION-39452ac6bcbae8d3 → host:131.196.31.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-07124c917c797d63:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-07124c917c797d63 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5498d903f3b2d41:host:177.10.238.170	SESSION-b5498d903f3b2d41 → host:177.10.238.170
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-30195220eb2aa3f5:host:172.234.197.23:host:177.10.234.27	SESSION-30195220eb2aa3f5 → host:172.234.197.23 → host:177.10.234.27
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37c1a586e90e7a3b:host:172.234.197.23	SESSION-37c1a586e90e7a3b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-19cb9f6f0c8358bd:host:31.40.196.45	SESSION-19cb9f6f0c8358bd → host:31.40.196.45
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d2d33fef3a69334:host:172.234.197.23	SESSION-6d2d33fef3a69334 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-710eb7de55f51893:host:172.234.197.23	SESSION-710eb7de55f51893 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a1d16880e0846180:SESSION-a1d16880e0846180	SESSION-a1d16880e0846180 → pe:tls:SESSION-a1d16880e0846180
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ada1853624679841:SESSION-ada1853624679841	SESSION-ada1853624679841 → pe:syn:SESSION-ada1853624679841
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1e69d77cebc13bf2:flow:de2bca123a5e	SESSION-1e69d77cebc13bf2 → flow:de2bca123a5e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e36c77c5ab0d7e92:host:57.128.95.174:host:172.234.197.23	SESSION-e36c77c5ab0d7e92 → host:57.128.95.174 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-64639bf8e248f548:host:172.234.197.23	SESSION-64639bf8e248f548 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-255149252f7b9c37:host:172.234.197.23:host:177.10.233.66	SESSION-255149252f7b9c37 → host:172.234.197.23 → host:177.10.233.66
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d2c659a567a628e2:SESSION-d2c659a567a628e2	SESSION-d2c659a567a628e2 → pe:syn:SESSION-d2c659a567a628e2
FLOW_TO_HOSTOBS	e:to:SESSION-1844a866ec523fcf:host:172.234.197.23	SESSION-1844a866ec523fcf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c82cc9c39e4191e7:host:172.234.197.23	SESSION-c82cc9c39e4191e7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d1e0a6d0f6eee882:host:172.234.197.23	SESSION-d1e0a6d0f6eee882 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d77012e48557176:host:172.234.197.23	SESSION-1d77012e48557176 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4e4d63ce34019de3:host:177.10.234.239	SESSION-4e4d63ce34019de3 → host:177.10.234.239
FLOW_TO_HOSTOBS	e:to:SESSION-10314c25bdbc198a:host:172.234.197.23	SESSION-10314c25bdbc198a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5d5e50cd91d4ac54:host:131.196.28.113:host:172.234.197.23	SESSION-5d5e50cd91d4ac54 → host:131.196.28.113 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-dee230b22d739e8a:host:177.10.239.25	SESSION-dee230b22d739e8a → host:177.10.239.25
FLOW_FROM_HOSTOBS	e:from:SESSION-421b35b56ec8b984:host:131.196.28.38	SESSION-421b35b56ec8b984 → host:131.196.28.38
flow_observed4-aryOBS	e:fo:flow:08b11684af7a	flow:08b11684af7a → host:172.234.197.23 → host:177.10.235.236 → port:tcp:65124
FLOW_DST_PORTOBS	e:fp:flow:8afefd3a9ee9:port:tcp:443	flow:8afefd3a9ee9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4424212d2efd30c8:host:172.234.197.23	SESSION-4424212d2efd30c8 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.113:asn:262880	host:177.10.235.113 → asn:262880
flow_observed4-aryOBS	e:fo:flow:03a23d7be674	flow:03a23d7be674 → host:172.234.197.23 → host:177.10.238.211 → port:tcp:12694
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a7a08ae566a4a8b:host:177.10.232.208	SESSION-5a7a08ae566a4a8b → host:177.10.232.208
flow_observed5-aryOBS	e:fo:flow:c9f798a7437d	flow:c9f798a7437d → host:177.10.232.253 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-41d09b35a7c7bf56:host:177.10.236.91	SESSION-41d09b35a7c7bf56 → host:177.10.236.91
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-154a0a352559b94b:SESSION-154a0a352559b94b	SESSION-154a0a352559b94b → pe:tls:SESSION-154a0a352559b94b
FLOW_FROM_HOSTOBS	e:from:SESSION-0481c3a1b2d7b867:host:44.243.2.252	SESSION-0481c3a1b2d7b867 → host:44.243.2.252
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28af2e1f4e778075:host:177.10.234.232	SESSION-28af2e1f4e778075 → host:177.10.234.232
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-124cb6be20cbe456:SESSION-124cb6be20cbe456	SESSION-124cb6be20cbe456 → pe:tls:SESSION-124cb6be20cbe456
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0e515946ec2b2292:SESSION-0e515946ec2b2292	SESSION-0e515946ec2b2292 → pe:tls:SESSION-0e515946ec2b2292
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d6be65d6480cd7d:host:172.234.197.23	SESSION-2d6be65d6480cd7d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ae017ce34991ed1:host:131.196.28.39	SESSION-5ae017ce34991ed1 → host:131.196.28.39
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.135:asn:262880	host:177.10.238.135 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:29e983a46063:port:tcp:36225	flow:29e983a46063 → port:tcp:36225
FLOW_FROM_HOSTOBS	e:from:SESSION-bedaa62e135c647a:host:172.234.197.23	SESSION-bedaa62e135c647a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0fa0595b0c8a6ef6:host:172.234.197.23	SESSION-0fa0595b0c8a6ef6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d11580ecaeb7d77b:host:177.10.232.191	SESSION-d11580ecaeb7d77b → host:177.10.232.191
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e7af3e500f20cf8:SESSION-4e7af3e500f20cf8	SESSION-4e7af3e500f20cf8 → pe:syn:SESSION-4e7af3e500f20cf8
FLOW_FROM_HOSTOBS	e:from:SESSION-fec8e81be891b7cc:host:172.234.197.23	SESSION-fec8e81be891b7cc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-1328d27dd48f8a49:SESSION-1328d27dd48f8a49	SESSION-1328d27dd48f8a49 → pe:rst:SESSION-1328d27dd48f8a49
FLOW_DST_PORTOBS	e:fp:flow:7a9e45f4aff9:port:udp:53	flow:7a9e45f4aff9 → port:udp:53
FLOW_FROM_HOSTOBS	e:from:SESSION-e853a157c23802e1:host:177.10.237.252	SESSION-e853a157c23802e1 → host:177.10.237.252
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b9fb0652618e8095:SESSION-b9fb0652618e8095	SESSION-b9fb0652618e8095 → pe:tls:SESSION-b9fb0652618e8095
FLOW_DST_PORTOBS	e:fp:flow:4bd61e2fa10c:port:tcp:35116	flow:4bd61e2fa10c → port:tcp:35116
FLOW_FROM_HOSTOBS	e:from:SESSION-08b637759d13ec04:host:131.196.30.201	SESSION-08b637759d13ec04 → host:131.196.30.201
flow_observed5-aryOBS	e:fo:flow:f379ef231b16	flow:f379ef231b16 → host:131.196.31.48 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-3e1df474445c908f:host:172.234.197.23	SESSION-3e1df474445c908f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41d09b35a7c7bf56:host:177.10.236.91	SESSION-41d09b35a7c7bf56 → host:177.10.236.91
flow_observed4-aryOBS	e:fo:flow:c71fc06a8217	flow:c71fc06a8217 → host:172.234.197.23 → host:131.196.30.214 → port:tcp:19051
FLOW_DST_PORTOBS	e:fp:flow:a252eb165cd5:port:tcp:44639	flow:a252eb165cd5 → port:tcp:44639
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e77d19d6eee479c3:host:172.234.197.23	SESSION-e77d19d6eee479c3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-af13e3f1012247aa:SESSION-af13e3f1012247aa	SESSION-af13e3f1012247aa → pe:tls:SESSION-af13e3f1012247aa
FLOW_FROM_HOSTOBS	e:from:SESSION-002a4fad2ef08bcf:host:177.10.236.207	SESSION-002a4fad2ef08bcf → host:177.10.236.207
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2c5fc27029770f85:SESSION-2c5fc27029770f85	SESSION-2c5fc27029770f85 → pe:tls:SESSION-2c5fc27029770f85
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-47fa70a72a159eed:SESSION-47fa70a72a159eed	SESSION-47fa70a72a159eed → pe:syn:SESSION-47fa70a72a159eed
flow_observed5-aryOBS	e:fo:flow:52814a3d9563	flow:52814a3d9563 → host:131.196.29.12 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-c92acfae26c49330:host:177.10.236.237	SESSION-c92acfae26c49330 → host:177.10.236.237
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a1ec79192d74c7af:SESSION-a1ec79192d74c7af	SESSION-a1ec79192d74c7af → pe:syn:SESSION-a1ec79192d74c7af
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-05b6ffb2a7e9e145:SESSION-05b6ffb2a7e9e145	SESSION-05b6ffb2a7e9e145 → pe:syn:SESSION-05b6ffb2a7e9e145
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf1d5c3c8737f760:SESSION-bf1d5c3c8737f760	SESSION-bf1d5c3c8737f760 → pe:syn:SESSION-bf1d5c3c8737f760
flow_observed4-aryOBS	e:fo:flow:08c7002b42a3	flow:08c7002b42a3 → host:172.234.197.23 → host:177.10.235.213 → port:tcp:1129
FLOW_TO_HOSTOBS	e:to:SESSION-0b4130b0efbd1505:host:177.10.232.186	SESSION-0b4130b0efbd1505 → host:177.10.232.186
FLOW_TO_HOSTOBS	e:to:SESSION-122af33beaf7e9c5:host:172.234.197.23	SESSION-122af33beaf7e9c5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d741000864bcf81f:flow:78b4b783fded	SESSION-d741000864bcf81f → flow:78b4b783fded
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9ddceec57447449:host:172.234.197.23	SESSION-f9ddceec57447449 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b8196f582d24c6a3:host:177.10.235.72	SESSION-b8196f582d24c6a3 → host:177.10.235.72
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-110ce59a2a29ac0c:flow:962b552243c1	SESSION-110ce59a2a29ac0c → flow:962b552243c1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dae67c02b176a3ce:flow:5c96717ce09e	SESSION-dae67c02b176a3ce → flow:5c96717ce09e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-964acfd97ca38755:PCAP:capture_20260430050001:8868731bf8a4	SESSION-964acfd97ca38755 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-de01d31bf4634055:flow:6534d92e5619	SESSION-de01d31bf4634055 → flow:6534d92e5619
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e40cfbe40dbbe2d2:SESSION-e40cfbe40dbbe2d2	SESSION-e40cfbe40dbbe2d2 → pe:tls:SESSION-e40cfbe40dbbe2d2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.86:asn:262880	host:177.10.239.86 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-ab686f0f0916fec6:host:13.53.140.247	SESSION-ab686f0f0916fec6 → host:13.53.140.247
flow_observed5-aryOBS	e:fo:flow:0bf660e47544	flow:0bf660e47544 → host:131.196.30.51 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.198:geo_41.02140_28.99480	host:37.221.79.198 → geo_41.02140_28.99480
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.107:geo_-23.62930_-46.63510	host:131.196.30.107 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:71c66bc2bd72	flow:71c66bc2bd72 → host:177.10.233.201 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f56adc7043a43d99:flow:8ae016b07990	SESSION-f56adc7043a43d99 → flow:8ae016b07990
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6fdc52c769919c0f:host:172.234.197.23:host:177.10.238.60	SESSION-6fdc52c769919c0f → host:172.234.197.23 → host:177.10.238.60
FLOW_FROM_HOSTOBS	e:from:SESSION-c873de224cbac149:host:131.196.28.7	SESSION-c873de224cbac149 → host:131.196.28.7
flow_observed5-aryOBS	e:fo:flow:ae88c957b21b	flow:ae88c957b21b → host:177.10.234.107 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.6:geo_-16.28860_-49.01640	host:177.10.238.6 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:0afb774e9b77	flow:0afb774e9b77 → host:185.231.226.138 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_DST_PORTOBS	e:fp:flow:71dc89848ccc:port:tcp:28702	flow:71dc89848ccc → port:tcp:28702
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d6d6cedb2de1ad8d:SESSION-d6d6cedb2de1ad8d	SESSION-d6d6cedb2de1ad8d → pe:syn:SESSION-d6d6cedb2de1ad8d
FLOW_TO_HOSTOBS	e:to:SESSION-40c5d05833b5d363:host:177.10.232.191	SESSION-40c5d05833b5d363 → host:177.10.232.191
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-868abcdaf084ea7c:flow:01b6880b00f0	SESSION-868abcdaf084ea7c → flow:01b6880b00f0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-139cf5bd66e27bf0:PCAP:capture_20260430110001:43611bdf6759	SESSION-139cf5bd66e27bf0 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:92515270b68c:port:tcp:443	flow:92515270b68c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-69b211b684a77852:SESSION-69b211b684a77852	SESSION-69b211b684a77852 → pe:syn:SESSION-69b211b684a77852
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.202:asn:203771	host:185.231.226.202 → asn:203771
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2a705ce382fec48a:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2a705ce382fec48a → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9e8879d591cbfcd7:SESSION-9e8879d591cbfcd7	SESSION-9e8879d591cbfcd7 → pe:tls:SESSION-9e8879d591cbfcd7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-00f403aeec8e6c17:host:131.196.30.167:host:172.234.197.23	SESSION-00f403aeec8e6c17 → host:131.196.30.167 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a17e20e34301cc9:host:177.10.235.224:host:172.234.197.23	SESSION-4a17e20e34301cc9 → host:177.10.235.224 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4793a163d681d0d0:flow:2bacf6d156d2	SESSION-4793a163d681d0d0 → flow:2bacf6d156d2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0ba942f2694f4960:SESSION-0ba942f2694f4960	SESSION-0ba942f2694f4960 → pe:syn:SESSION-0ba942f2694f4960
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8f1e08bfeea32aa0:SESSION-8f1e08bfeea32aa0	SESSION-8f1e08bfeea32aa0 → pe:syn:SESSION-8f1e08bfeea32aa0
FLOW_DST_PORTOBS	e:fp:flow:64b15b4effe4:port:tcp:443	flow:64b15b4effe4 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44f16a8e9c86ada8:host:172.234.197.23	SESSION-44f16a8e9c86ada8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e2f1449f3d42ccdf:host:131.196.29.157	SESSION-e2f1449f3d42ccdf → host:131.196.29.157
FLOW_TO_HOSTOBS	e:to:SESSION-26f197960c59c7f7:host:172.234.197.23	SESSION-26f197960c59c7f7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2338a143c0830527:host:172.234.197.23	SESSION-2338a143c0830527 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:143cdd554f2d:port:tcp:443	flow:143cdd554f2d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-460a4898e7c07917:SESSION-460a4898e7c07917	SESSION-460a4898e7c07917 → pe:syn:SESSION-460a4898e7c07917
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4d1df89a4cf6f008:PCAP:capture_20260430060001:919b39a74464	SESSION-4d1df89a4cf6f008 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de01d31bf4634055:host:177.10.232.222	SESSION-de01d31bf4634055 → host:177.10.232.222
flow_observed5-aryOBS	e:fo:flow:cb419cbb47c7	flow:cb419cbb47c7 → host:131.196.30.43 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-86feda8665cc2010:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-86feda8665cc2010 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:cf0d2c342abc:port:tcp:12919	flow:cf0d2c342abc → port:tcp:12919
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e2ace7c21b4da04:host:172.234.197.23	SESSION-1e2ace7c21b4da04 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:05ef58c38b72	flow:05ef58c38b72 → host:45.173.156.38 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-453cfacc8e209f2f:host:172.234.197.23	SESSION-453cfacc8e209f2f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2eb0c2c4028db16:host:92.112.71.169	SESSION-e2eb0c2c4028db16 → host:92.112.71.169
FLOW_DST_PORTOBS	e:fp:flow:59800b6629fc:port:tcp:443	flow:59800b6629fc → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-62337f4a23aa4d2d:host:172.234.197.23	SESSION-62337f4a23aa4d2d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1213fdeaeb0b4e25:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-1213fdeaeb0b4e25 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b304bd763b72b95f:host:172.234.197.23	SESSION-b304bd763b72b95f → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:2997bf8e9fc3	flow:2997bf8e9fc3 → host:172.234.197.23 → host:177.10.235.196 → port:tcp:45412
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-53f84807a0945e6c:SESSION-53f84807a0945e6c	SESSION-53f84807a0945e6c → pe:tls:SESSION-53f84807a0945e6c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-81dd4006fe67ac3f:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-81dd4006fe67ac3f → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c774247ce2f7d3db:flow:e8aae9c261e5	SESSION-c774247ce2f7d3db → flow:e8aae9c261e5
FLOW_FROM_HOSTOBS	e:from:SESSION-312b2e72c1d2a2ee:host:131.196.30.253	SESSION-312b2e72c1d2a2ee → host:131.196.30.253
flow_observed5-aryOBS	e:fo:flow:2520bf4367e5	flow:2520bf4367e5 → host:177.10.237.254 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-afeab5601fa36440:SESSION-afeab5601fa36440	SESSION-afeab5601fa36440 → pe:tls:SESSION-afeab5601fa36440
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3d2c48d2810841c0:SESSION-3d2c48d2810841c0	SESSION-3d2c48d2810841c0 → pe:tls:SESSION-3d2c48d2810841c0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-163f2e33c9f4a8f4:SESSION-163f2e33c9f4a8f4	SESSION-163f2e33c9f4a8f4 → pe:tls:SESSION-163f2e33c9f4a8f4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4dc418e4265e72ea:PCAP:capture_20260430070001:903a0e7a436b	SESSION-4dc418e4265e72ea → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9fed3e3a3ac1c6fb:host:177.10.234.221:host:172.234.197.23	SESSION-9fed3e3a3ac1c6fb → host:177.10.234.221 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e122523b9467:port:tcp:63752	flow:e122523b9467 → port:tcp:63752
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-01c9c3509e882c26:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-01c9c3509e882c26 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6aca00d0413062e5:host:131.196.28.114:host:172.234.197.23	SESSION-6aca00d0413062e5 → host:131.196.28.114 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.213:geo_-16.28860_-49.01640	host:177.10.235.213 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:0b503a41e3d2:port:tcp:48499	flow:0b503a41e3d2 → port:tcp:48499
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38a64ba294c5f79f:host:56.112.16.196	SESSION-38a64ba294c5f79f → host:56.112.16.196
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e8b71ac0dda5d9d9:SESSION-e8b71ac0dda5d9d9	SESSION-e8b71ac0dda5d9d9 → pe:tls:SESSION-e8b71ac0dda5d9d9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a0913a57a803cab:host:177.10.232.157	SESSION-7a0913a57a803cab → host:177.10.232.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8f5e9ebe80065c9c:SESSION-8f5e9ebe80065c9c	SESSION-8f5e9ebe80065c9c → pe:tls:SESSION-8f5e9ebe80065c9c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d811160d7459a4b2:SESSION-d811160d7459a4b2	SESSION-d811160d7459a4b2 → pe:syn:SESSION-d811160d7459a4b2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-20552151cee2e1af:SESSION-20552151cee2e1af	SESSION-20552151cee2e1af → pe:tls:SESSION-20552151cee2e1af
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b8d0e25502f89d2:flow:84cd0bc1a12e	SESSION-7b8d0e25502f89d2 → flow:84cd0bc1a12e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ba165dc958434de:host:54.184.232.115	SESSION-3ba165dc958434de → host:54.184.232.115
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.145:asn:262880	host:177.10.237.145 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-c1a633dafddc79f1:host:172.234.197.23	SESSION-c1a633dafddc79f1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6299cf50d0e2e558:host:177.10.238.126	SESSION-6299cf50d0e2e558 → host:177.10.238.126
HOST_IN_ASNOBS 85%	e:ha:host:51.224.78.219:asn:16509	host:51.224.78.219 → asn:16509
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.246:geo_-16.28860_-49.01640	host:177.10.232.246 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c47a34d160ec21ba:flow:8cc861ead55e	SESSION-c47a34d160ec21ba → flow:8cc861ead55e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-5eb3b0eaf7de1b7d:SESSION-5eb3b0eaf7de1b7d	SESSION-5eb3b0eaf7de1b7d → pe:rst:SESSION-5eb3b0eaf7de1b7d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-74744b11834c8470:flow:96b976c06096	SESSION-74744b11834c8470 → flow:96b976c06096
FLOW_FROM_HOSTOBS	e:from:SESSION-4dc16adec194cf9c:host:177.10.232.4	SESSION-4dc16adec194cf9c → host:177.10.232.4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.210.99.95:geo_48.85820_2.33870	host:51.210.99.95 → geo_48.85820_2.33870
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.130:geo_-16.28860_-49.01640	host:177.10.235.130 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e991043fa3bca90d:PCAP:capture_20260430060001:919b39a74464	SESSION-e991043fa3bca90d → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c89027ab2a1ddeda:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-c89027ab2a1ddeda → PCAP:capture_20260427230001:ca8bd1ce36e2
FLOW_FROM_HOSTOBS	e:from:SESSION-f18f27343d540733:host:131.196.29.51	SESSION-f18f27343d540733 → host:131.196.29.51
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.187:asn:271410	host:131.196.30.187 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9ab55f3989857eec:SESSION-9ab55f3989857eec	SESSION-9ab55f3989857eec → pe:tls:SESSION-9ab55f3989857eec
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1311876ef555b88e:PCAP:capture_20260430070001:903a0e7a436b	SESSION-1311876ef555b88e → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-026fe63fd4f2486a:flow:da56df9a8e5c	SESSION-026fe63fd4f2486a → flow:da56df9a8e5c
FLOW_FROM_HOSTOBS	e:from:SESSION-0948a596b6903965:host:177.10.237.101	SESSION-0948a596b6903965 → host:177.10.237.101
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.200:geo_-23.62930_-46.63510	host:131.196.28.200 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:e1d835a506a3:port:tcp:443	flow:e1d835a506a3 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-e3db8610837fd0b8:host:172.234.197.23	SESSION-e3db8610837fd0b8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b0dab8159384d982:host:172.234.197.23	SESSION-b0dab8159384d982 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e48a8daff67bbc71:host:172.234.197.23:host:131.196.30.253	SESSION-e48a8daff67bbc71 → host:172.234.197.23 → host:131.196.30.253
FLOW_FROM_HOSTOBS	e:from:SESSION-949f3e8f4d37c52a:host:172.234.197.23	SESSION-949f3e8f4d37c52a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2e920b338cbbee7b:PCAP:capture_20260430150001:ded20914761d	SESSION-2e920b338cbbee7b → PCAP:capture_20260430150001:ded20914761d
flow_observed5-aryOBS	e:fo:flow:05808b5dfe4c	flow:05808b5dfe4c → host:92.112.71.131 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8dc28b29833676bc:host:177.10.239.176	SESSION-8dc28b29833676bc → host:177.10.239.176
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65e7ac6f998115f7:host:172.234.197.23:host:177.10.232.158	SESSION-65e7ac6f998115f7 → host:172.234.197.23 → host:177.10.232.158
FLOW_DST_PORTOBS	e:fp:flow:83d88592290c:port:tcp:443	flow:83d88592290c → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.69:asn:273470	host:45.173.156.69 → asn:273470
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.94:asn:271410	host:131.196.29.94 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-e63705938a499015:host:177.10.233.235	SESSION-e63705938a499015 → host:177.10.233.235
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-97a932b8098f01e0:SESSION-97a932b8098f01e0	SESSION-97a932b8098f01e0 → pe:syn:SESSION-97a932b8098f01e0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-31de31d3c82f498d:SESSION-31de31d3c82f498d	SESSION-31de31d3c82f498d → pe:tls:SESSION-31de31d3c82f498d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d508940aefc84528:SESSION-d508940aefc84528	SESSION-d508940aefc84528 → pe:tls:SESSION-d508940aefc84528
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f06d97c7ac4f577b:SESSION-f06d97c7ac4f577b	SESSION-f06d97c7ac4f577b → pe:syn:SESSION-f06d97c7ac4f577b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ac8ab77b48a8c37:PCAP:capture_20260430050001:8868731bf8a4	SESSION-6ac8ab77b48a8c37 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-75c1b247d58a4094:host:172.234.197.23	SESSION-75c1b247d58a4094 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.244:asn:262880	host:177.10.234.244 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.125:asn:262880	host:177.10.233.125 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3db1a0404e21661:host:172.234.197.23	SESSION-c3db1a0404e21661 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90804beaa6aefbc0:host:172.234.197.23	SESSION-90804beaa6aefbc0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-28e21153f6abb648:host:172.234.197.23:host:131.196.30.9	SESSION-28e21153f6abb648 → host:172.234.197.23 → host:131.196.30.9
FLOW_FROM_HOSTOBS	e:from:SESSION-93e1e76eb6bfe5a3:host:131.196.28.12	SESSION-93e1e76eb6bfe5a3 → host:131.196.28.12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-46aa20776642b201:SESSION-46aa20776642b201	SESSION-46aa20776642b201 → pe:tls:SESSION-46aa20776642b201
FLOW_FROM_HOSTOBS	e:from:SESSION-59aca44477f61d35:host:177.10.236.57	SESSION-59aca44477f61d35 → host:177.10.236.57
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9500d9b64493d052:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-9500d9b64493d052 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a07ffa981e156af1:host:172.234.197.23:host:131.196.30.72	SESSION-a07ffa981e156af1 → host:172.234.197.23 → host:131.196.30.72
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e9c761e9ca1eb65:host:172.234.197.23	SESSION-9e9c761e9ca1eb65 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54016b03ecf1701c:host:172.234.197.23	SESSION-54016b03ecf1701c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:dbba3374c650:port:tcp:884	flow:dbba3374c650 → port:tcp:884
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1909494739e8c502:SESSION-1909494739e8c502	SESSION-1909494739e8c502 → pe:tls:SESSION-1909494739e8c502
FLOW_FROM_HOSTOBS	e:from:SESSION-b30f6f845792a67e:host:177.10.234.243	SESSION-b30f6f845792a67e → host:177.10.234.243
FLOW_DST_PORTOBS	e:fp:flow:f67dd3d7a905:port:tcp:443	flow:f67dd3d7a905 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ff2bd1b9d0923cc1:SESSION-ff2bd1b9d0923cc1	SESSION-ff2bd1b9d0923cc1 → pe:syn:SESSION-ff2bd1b9d0923cc1
flow_observed5-aryOBS	e:fo:flow:36f6bcbb2a92	flow:36f6bcbb2a92 → host:177.10.233.151 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.35:asn:262880	host:177.10.239.35 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7172790c1950eaef:SESSION-7172790c1950eaef	SESSION-7172790c1950eaef → pe:syn:SESSION-7172790c1950eaef
flow_observed5-aryOBS	e:fo:flow:b1dff4ad0695	flow:b1dff4ad0695 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-44f16a8e9c86ada8:SESSION-44f16a8e9c86ada8	SESSION-44f16a8e9c86ada8 → pe:syn:SESSION-44f16a8e9c86ada8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5ff90c657a3c2e88:SESSION-5ff90c657a3c2e88	SESSION-5ff90c657a3c2e88 → pe:tls:SESSION-5ff90c657a3c2e88
flow_observed5-aryOBS	e:fo:flow:cf56f055e8e4	flow:cf56f055e8e4 → host:177.10.237.169 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-548dd69287ac8927:SESSION-548dd69287ac8927	SESSION-548dd69287ac8927 → pe:tls:SESSION-548dd69287ac8927
FLOW_FROM_HOSTOBS	e:from:SESSION-6bd47d8fd21ead6d:host:94.130.10.221	SESSION-6bd47d8fd21ead6d → host:94.130.10.221
FLOW_TO_HOSTOBS	e:to:SESSION-fdb0bb1f6466838c:host:172.234.197.23	SESSION-fdb0bb1f6466838c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5bab109b42e3a8d7:host:172.234.197.23	SESSION-5bab109b42e3a8d7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b332774cd544824a:SESSION-b332774cd544824a	SESSION-b332774cd544824a → pe:tls:SESSION-b332774cd544824a
FLOW_DST_PORTOBS	e:fp:flow:6ff9de6d0222:port:tcp:31312	flow:6ff9de6d0222 → port:tcp:31312
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2842c4c08e29d7d7:host:172.234.197.23	SESSION-2842c4c08e29d7d7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7a9af557142d:port:tcp:443	flow:7a9af557142d → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-8977638e8d6c6909:host:177.10.239.206	SESSION-8977638e8d6c6909 → host:177.10.239.206
FLOW_FROM_HOSTOBS	e:from:SESSION-5218a703d93123a3:host:177.10.234.36	SESSION-5218a703d93123a3 → host:177.10.234.36
FLOW_DST_PORTOBS	e:fp:flow:47b8c9445e07:port:tcp:64564	flow:47b8c9445e07 → port:tcp:64564
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f3af12abbb2ff56:host:172.234.197.23	SESSION-1f3af12abbb2ff56 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.87:geo_41.00190_28.96450	host:95.170.25.87 → geo_41.00190_28.96450
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff374888c4809584:host:177.10.236.0	SESSION-ff374888c4809584 → host:177.10.236.0
FLOW_DST_PORTOBS	e:fp:flow:b1dc75676208:port:tcp:443	flow:b1dc75676208 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-07139a9423b3d79f:PCAP:capture_20260430150001:ded20914761d	SESSION-07139a9423b3d79f → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2e627b58284e1729:flow:07ac00663499	SESSION-2e627b58284e1729 → flow:07ac00663499
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.71:geo_-16.28860_-49.01640	host:177.10.239.71 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:8e700218094e:port:tcp:33603	flow:8e700218094e → port:tcp:33603
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-06a6b67473c48ddd:SESSION-06a6b67473c48ddd	SESSION-06a6b67473c48ddd → pe:tls:SESSION-06a6b67473c48ddd
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.254:asn:262880	host:177.10.235.254 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ef8854f2d4650c5:host:172.234.197.23	SESSION-2ef8854f2d4650c5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-721df94622c41f42:SESSION-721df94622c41f42	SESSION-721df94622c41f42 → pe:syn:SESSION-721df94622c41f42
FLOW_FROM_HOSTOBS	e:from:SESSION-3959c763e6312f1d:host:172.234.197.23	SESSION-3959c763e6312f1d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bcb514f388fb99c6:SESSION-bcb514f388fb99c6	SESSION-bcb514f388fb99c6 → pe:tls:SESSION-bcb514f388fb99c6
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.124:asn:271410	host:131.196.29.124 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-25a3718851106c53:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-25a3718851106c53 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ae59ca72364f9e1:host:131.196.30.65	SESSION-3ae59ca72364f9e1 → host:131.196.30.65
FLOW_TO_HOSTOBS	e:to:SESSION-4e76f09c0f210884:host:172.234.197.23	SESSION-4e76f09c0f210884 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5cb3d18d192da5f3:host:172.234.197.23	SESSION-5cb3d18d192da5f3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f57871a7505a0a35:host:177.10.235.170:host:172.234.197.23	SESSION-f57871a7505a0a35 → host:177.10.235.170 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c155b50123efabb5:PCAP:capture_20260430060001:919b39a74464	SESSION-c155b50123efabb5 → PCAP:capture_20260430060001:919b39a74464
flow_observed4-aryOBS	e:fo:flow:42e427b29835	flow:42e427b29835 → host:172.234.197.23 → host:177.10.233.96 → port:tcp:29432
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e00ced36c846b73a:host:172.234.197.23	SESSION-e00ced36c846b73a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6752f583f7e09519:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6752f583f7e09519 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9c30e2da5c8abbcf:SESSION-9c30e2da5c8abbcf	SESSION-9c30e2da5c8abbcf → pe:tls:SESSION-9c30e2da5c8abbcf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-320a5544f819c3b7:SESSION-320a5544f819c3b7	SESSION-320a5544f819c3b7 → pe:syn:SESSION-320a5544f819c3b7
FLOW_TO_HOSTOBS	e:to:SESSION-6515500944a7e42e:host:172.234.197.23	SESSION-6515500944a7e42e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-235be73d0ead16ae:host:131.196.28.193	SESSION-235be73d0ead16ae → host:131.196.28.193
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d694cf0080c35c2f:SESSION-d694cf0080c35c2f	SESSION-d694cf0080c35c2f → pe:tls:SESSION-d694cf0080c35c2f
flow_observed5-aryOBS	e:fo:flow:2fe97f13971f	flow:2fe97f13971f → host:131.196.31.221 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-e2676dbc5b99ef14:host:177.10.234.117	SESSION-e2676dbc5b99ef14 → host:177.10.234.117
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5ee9797d15d423e:host:45.173.156.204:host:172.234.197.23	SESSION-b5ee9797d15d423e → host:45.173.156.204 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-28af2e1f4e778075:flow:f9dfce76a0e2	SESSION-28af2e1f4e778075 → flow:f9dfce76a0e2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cde6fb5ccac54489:SESSION-cde6fb5ccac54489	SESSION-cde6fb5ccac54489 → pe:tls:SESSION-cde6fb5ccac54489
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-fa08911a1f564da4:SESSION-fa08911a1f564da4	SESSION-fa08911a1f564da4 → pe:rst:SESSION-fa08911a1f564da4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-608f6686d64f8e3e:host:172.234.197.23:host:177.10.236.92	SESSION-608f6686d64f8e3e → host:172.234.197.23 → host:177.10.236.92
flow_observed5-aryOBS	e:fo:flow:4bcbdea9ec1c	flow:4bcbdea9ec1c → host:45.173.156.134 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:172.3.50.214:asn:7018	host:172.3.50.214 → asn:7018
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a865531d109b7c1:host:172.234.197.23	SESSION-4a865531d109b7c1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-341468c084cc4cf3:host:177.10.239.220	SESSION-341468c084cc4cf3 → host:177.10.239.220
FLOW_TO_HOSTOBS	e:to:SESSION-47fcc0d7da6d7c1a:host:177.10.239.11	SESSION-47fcc0d7da6d7c1a → host:177.10.239.11
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9820f222b36503c3:host:172.234.197.23:host:80.94.92.186	SESSION-9820f222b36503c3 → host:172.234.197.23 → host:80.94.92.186
FLOW_TO_HOSTOBS	e:to:SESSION-b4d5ec492dcde12c:host:172.234.197.23	SESSION-b4d5ec492dcde12c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-71917de89d264496:host:172.234.197.23	SESSION-71917de89d264496 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77c4ff849445b3aa:SESSION-77c4ff849445b3aa	SESSION-77c4ff849445b3aa → pe:syn:SESSION-77c4ff849445b3aa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5d5e50cd91d4ac54:SESSION-5d5e50cd91d4ac54	SESSION-5d5e50cd91d4ac54 → pe:tls:SESSION-5d5e50cd91d4ac54
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.146:asn:271410	host:131.196.31.146 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27b5dd82e2b65bbd:host:172.234.197.23	SESSION-27b5dd82e2b65bbd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-79f857f82eac6daa:SESSION-79f857f82eac6daa	SESSION-79f857f82eac6daa → pe:tls:SESSION-79f857f82eac6daa
FLOW_DST_PORTOBS	e:fp:flow:4572d0b5bdf3:port:tcp:443	flow:4572d0b5bdf3 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.231:asn:262880	host:177.10.233.231 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-bff0487aa2cdf6e6:host:131.196.29.242	SESSION-bff0487aa2cdf6e6 → host:131.196.29.242
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-35fc058c4fe240ad:host:131.196.29.211:host:172.234.197.23	SESSION-35fc058c4fe240ad → host:131.196.29.211 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f7ad796390a5:port:tcp:443	flow:f7ad796390a5 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:0394f2543852	flow:0394f2543852 → host:172.234.197.23 → host:45.173.156.97 → port:tcp:12001
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9e4489cf6c262aa3:host:177.10.239.93:host:172.234.197.23	SESSION-9e4489cf6c262aa3 → host:177.10.239.93 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a904c233015ef9c:SESSION-4a904c233015ef9c	SESSION-4a904c233015ef9c → pe:tls:SESSION-4a904c233015ef9c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b699e12e3fdc2278:SESSION-b699e12e3fdc2278	SESSION-b699e12e3fdc2278 → pe:tls:SESSION-b699e12e3fdc2278
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.250:geo_-16.28860_-49.01640	host:177.10.234.250 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c38263f2f5f96575:host:172.234.197.23	SESSION-c38263f2f5f96575 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:fbadd518a8d4	flow:fbadd518a8d4 → host:44.246.129.80 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0e42d909a57b4903:host:172.234.197.23:host:131.196.28.12	SESSION-0e42d909a57b4903 → host:172.234.197.23 → host:131.196.28.12
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.118:geo_-23.62930_-46.63510	host:131.196.28.118 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37a8b94aca0a72fd:flow:9c1aaa33a089	SESSION-37a8b94aca0a72fd → flow:9c1aaa33a089
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9d74d897cd43b428:flow:a4227b203ef7	SESSION-9d74d897cd43b428 → flow:a4227b203ef7
FLOW_FROM_HOSTOBS	e:from:SESSION-c0f21a1d46f067dc:host:177.10.236.213	SESSION-c0f21a1d46f067dc → host:177.10.236.213
FLOW_TO_HOSTOBS	e:to:SESSION-cea44595be79fe10:host:172.234.197.23	SESSION-cea44595be79fe10 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b4e8d87fd06149df:PCAP:capture_20260430150001:ded20914761d	SESSION-b4e8d87fd06149df → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:16.171.55.148:asn:16509	host:16.171.55.148 → asn:16509
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-38a9f2b2580a8fb5:flow:163c6cea425f	SESSION-38a9f2b2580a8fb5 → flow:163c6cea425f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-290c9b11e52fd3ba:PCAP:capture_20260430070001:903a0e7a436b	SESSION-290c9b11e52fd3ba → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-708abc4c81aa7c60:host:172.234.197.23:host:177.10.236.31	SESSION-708abc4c81aa7c60 → host:172.234.197.23 → host:177.10.236.31
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2f4918b67fbcc63f:PCAP:capture_20260430150001:ded20914761d	SESSION-2f4918b67fbcc63f → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-f307fcf20a41b5a0:host:172.234.197.23	SESSION-f307fcf20a41b5a0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-020ce81cb9d50ce5:PCAP:capture_20260430090001:065659c7d314	SESSION-020ce81cb9d50ce5 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c5664e67ab454dc8:host:172.234.197.23:host:177.10.232.222	SESSION-c5664e67ab454dc8 → host:172.234.197.23 → host:177.10.232.222
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9bd60248a4061d8d:host:172.234.197.23	SESSION-9bd60248a4061d8d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f08e9fcec07329fb:host:172.234.197.23	SESSION-f08e9fcec07329fb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ddc877c0ed3a64ea:flow:aa1d9d5e2b97	SESSION-ddc877c0ed3a64ea → flow:aa1d9d5e2b97
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-19ae824852752386:flow:023ad8b7733d	SESSION-19ae824852752386 → flow:023ad8b7733d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-47ac7feaf227c129:SESSION-47ac7feaf227c129	SESSION-47ac7feaf227c129 → pe:dns:SESSION-47ac7feaf227c129
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e9b874351d52a188:flow:2f76408fd599	SESSION-e9b874351d52a188 → flow:2f76408fd599
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-003677474853cb22:SESSION-003677474853cb22	SESSION-003677474853cb22 → pe:syn:SESSION-003677474853cb22
FLOW_TO_HOSTOBS	e:to:SESSION-981fac77dd79326b:host:177.10.239.57	SESSION-981fac77dd79326b → host:177.10.239.57
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2c5fc27029770f85:host:177.10.232.165:host:172.234.197.23	SESSION-2c5fc27029770f85 → host:177.10.232.165 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ed29e6defb1050d9:host:172.234.197.23:host:177.10.234.152	SESSION-ed29e6defb1050d9 → host:172.234.197.23 → host:177.10.234.152
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ec2cd7bdebda0247:flow:f1ecdce381ef	SESSION-ec2cd7bdebda0247 → flow:f1ecdce381ef
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-316231fad61f009e:host:177.10.235.228:host:172.234.197.23	SESSION-316231fad61f009e → host:177.10.235.228 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4f016f4a38011f9c:host:177.10.239.86	SESSION-4f016f4a38011f9c → host:177.10.239.86
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d04c60e569cc19ba:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d04c60e569cc19ba → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1a633dafddc79f1:host:45.173.156.98	SESSION-c1a633dafddc79f1 → host:45.173.156.98
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef90c0e24c7a1c11:host:172.234.197.23	SESSION-ef90c0e24c7a1c11 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c0d86d181231:port:tcp:22	flow:c0d86d181231 → port:tcp:22
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-576cc11ebde25a50:host:172.234.197.23:host:131.196.29.94	SESSION-576cc11ebde25a50 → host:172.234.197.23 → host:131.196.29.94
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3676532bb2f3ac59:host:131.196.31.90	SESSION-3676532bb2f3ac59 → host:131.196.31.90
FLOW_FROM_HOSTOBS	e:from:SESSION-94594005437ae120:host:172.234.197.23	SESSION-94594005437ae120 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5eed95be9c1a7022:host:172.234.197.23	SESSION-5eed95be9c1a7022 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:76ebf03a3738:port:tcp:443	flow:76ebf03a3738 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-45f8302f1d804897:host:109.89.117.44:host:172.234.197.23	SESSION-45f8302f1d804897 → host:109.89.117.44 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52e63b8cb0c4a7de:host:177.10.238.135	SESSION-52e63b8cb0c4a7de → host:177.10.238.135
FLOW_FROM_HOSTOBS	e:from:SESSION-1fc6dd1896fecefa:host:131.196.30.15	SESSION-1fc6dd1896fecefa → host:131.196.30.15
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a10e6ba939684b8:host:131.196.31.180	SESSION-6a10e6ba939684b8 → host:131.196.31.180
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-97a722c9ef92a65e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-97a722c9ef92a65e → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:9bd19d03285c:port:tcp:443	flow:9bd19d03285c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-97bd7f793ae0ea11:SESSION-97bd7f793ae0ea11	SESSION-97bd7f793ae0ea11 → pe:tls:SESSION-97bd7f793ae0ea11
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dcbceebcfa7feba5:SESSION-dcbceebcfa7feba5	SESSION-dcbceebcfa7feba5 → pe:tls:SESSION-dcbceebcfa7feba5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3a899a8160ea28b7:SESSION-3a899a8160ea28b7	SESSION-3a899a8160ea28b7 → pe:tls:SESSION-3a899a8160ea28b7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-abff9bfe6a29f0b5:host:131.196.28.198	SESSION-abff9bfe6a29f0b5 → host:131.196.28.198
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.121:asn:271410	host:131.196.31.121 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.188:asn:262880	host:177.10.234.188 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.69:geo_-21.10010_-41.69200	host:45.173.156.69 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-48bb234f8161dc4f:SESSION-48bb234f8161dc4f	SESSION-48bb234f8161dc4f → pe:tls:SESSION-48bb234f8161dc4f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0a8fa8ac12ff0c6:host:172.234.197.23	SESSION-f0a8fa8ac12ff0c6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ca336f5cf561:port:tcp:54231	flow:ca336f5cf561 → port:tcp:54231
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b12621bc2223af13:SESSION-b12621bc2223af13	SESSION-b12621bc2223af13 → pe:syn:SESSION-b12621bc2223af13
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.211:geo_-16.28860_-49.01640	host:177.10.238.211 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-d82ce6b730f5fc6b:host:177.10.232.22	SESSION-d82ce6b730f5fc6b → host:177.10.232.22
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ee8b7e20de209690:host:172.234.197.23:host:172.232.0.16	SESSION-ee8b7e20de209690 → host:172.234.197.23 → host:172.232.0.16
flow_observed4-aryOBS	e:fo:flow:ebaf2d276c65	flow:ebaf2d276c65 → host:172.234.197.23 → host:45.173.156.55 → port:tcp:17625
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21b1ebb6f3d7bd68:host:172.234.197.23	SESSION-21b1ebb6f3d7bd68 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c06e3241e73d:port:tcp:443	flow:c06e3241e73d → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f9e70132665ab339:PCAP:capture_20260430080001:93f47cc296a4	SESSION-f9e70132665ab339 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:10aedd4ec233:port:tcp:443	flow:10aedd4ec233 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6ebe77d02701b58:host:172.234.197.23	SESSION-b6ebe77d02701b58 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3617089369b58aaa:SESSION-3617089369b58aaa	SESSION-3617089369b58aaa → pe:tls:SESSION-3617089369b58aaa
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.130:asn:262880	host:177.10.236.130 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-14b61e43a384fdb4:flow:ac8c6259f880	SESSION-14b61e43a384fdb4 → flow:ac8c6259f880
FLOW_DST_PORTOBS	e:fp:flow:a96cebd1119f:port:tcp:42986	flow:a96cebd1119f → port:tcp:42986
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77da6a9292c08caa:SESSION-77da6a9292c08caa	SESSION-77da6a9292c08caa → pe:tls:SESSION-77da6a9292c08caa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-744a603206d06e24:SESSION-744a603206d06e24	SESSION-744a603206d06e24 → pe:tls:SESSION-744a603206d06e24
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f852deb0b74344a0:host:172.234.197.23	SESSION-f852deb0b74344a0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-67ad2a69e8a9ea9e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-67ad2a69e8a9ea9e → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-2761ffbe76598549:host:172.234.197.23	SESSION-2761ffbe76598549 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e5e4b6893c364bde:host:172.234.197.23	SESSION-e5e4b6893c364bde → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b325e5efc54d34b8:host:177.10.236.125	SESSION-b325e5efc54d34b8 → host:177.10.236.125
FLOW_FROM_HOSTOBS	e:from:SESSION-6dcc81ef5615b86c:host:177.10.234.104	SESSION-6dcc81ef5615b86c → host:177.10.234.104
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-739affc996a6fe99:PCAP:capture_20260430080001:93f47cc296a4	SESSION-739affc996a6fe99 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-b0fc61bce823543f:host:172.234.197.23	SESSION-b0fc61bce823543f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-46b3e65e40562e00:host:131.196.28.42	SESSION-46b3e65e40562e00 → host:131.196.28.42
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2117b91b7562ba94:SESSION-2117b91b7562ba94	SESSION-2117b91b7562ba94 → pe:syn:SESSION-2117b91b7562ba94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0b2d512f3efc35f9:SESSION-0b2d512f3efc35f9	SESSION-0b2d512f3efc35f9 → pe:tls:SESSION-0b2d512f3efc35f9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3f953402fa48addf:flow:ed332215381a	SESSION-3f953402fa48addf → flow:ed332215381a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a971dfbf90734efe:SESSION-a971dfbf90734efe	SESSION-a971dfbf90734efe → pe:syn:SESSION-a971dfbf90734efe
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3645126144628c28:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-3645126144628c28 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-93c7fae83342c58e:SESSION-93c7fae83342c58e	SESSION-93c7fae83342c58e → pe:syn:SESSION-93c7fae83342c58e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c1c3bc51aa7232b:host:172.234.197.23	SESSION-7c1c3bc51aa7232b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33b7a287fd9eafc1:host:131.196.28.16	SESSION-33b7a287fd9eafc1 → host:131.196.28.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f580776b9a7f0d25:host:177.10.239.254	SESSION-f580776b9a7f0d25 → host:177.10.239.254
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-00ca7ee72922697b:flow:b63263aab3b3	SESSION-00ca7ee72922697b → flow:b63263aab3b3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-29bf5bdb9e3850fd:SESSION-29bf5bdb9e3850fd	SESSION-29bf5bdb9e3850fd → pe:tls:SESSION-29bf5bdb9e3850fd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-0e56fb95f564a0aa:SESSION-0e56fb95f564a0aa	SESSION-0e56fb95f564a0aa → pe:dns:SESSION-0e56fb95f564a0aa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28765694f1859e38:host:172.234.197.23	SESSION-28765694f1859e38 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6490de849a8e5020:SESSION-6490de849a8e5020	SESSION-6490de849a8e5020 → pe:syn:SESSION-6490de849a8e5020
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-205f7c84653f0fb6:flow:a4dd7b09efb9	SESSION-205f7c84653f0fb6 → flow:a4dd7b09efb9
FLOW_FROM_HOSTOBS	e:from:SESSION-c3957034b2fd24e8:host:172.234.197.23	SESSION-c3957034b2fd24e8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-393eb1cd54ab212e:flow:8687f09773c4	SESSION-393eb1cd54ab212e → flow:8687f09773c4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6f5b8d372cd42441:SESSION-6f5b8d372cd42441	SESSION-6f5b8d372cd42441 → pe:syn:SESSION-6f5b8d372cd42441
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b72757303ebc2bde:host:45.173.156.139	SESSION-b72757303ebc2bde → host:45.173.156.139
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-af55ab527d360ebd:SESSION-af55ab527d360ebd	SESSION-af55ab527d360ebd → pe:syn:SESSION-af55ab527d360ebd
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.234:asn:262880	host:177.10.239.234 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-03cee9bc49b35179:SESSION-03cee9bc49b35179	SESSION-03cee9bc49b35179 → pe:syn:SESSION-03cee9bc49b35179
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c85a65cf2db0ee65:PCAP:capture_20260430090001:065659c7d314	SESSION-c85a65cf2db0ee65 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9af401128ecea586:SESSION-9af401128ecea586	SESSION-9af401128ecea586 → pe:tls:SESSION-9af401128ecea586
FLOW_FROM_HOSTOBS	e:from:SESSION-2f32bbf866d49408:host:172.234.197.23	SESSION-2f32bbf866d49408 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d2b55c597efe9edc:flow:da0c79ec8c91	SESSION-d2b55c597efe9edc → flow:da0c79ec8c91
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-94eb707cf5b0b4ef:SESSION-94eb707cf5b0b4ef	SESSION-94eb707cf5b0b4ef → pe:syn:SESSION-94eb707cf5b0b4ef
flow_observed4-aryOBS	e:fo:flow:3c6a2740e12d	flow:3c6a2740e12d → host:172.234.197.23 → host:177.10.235.213 → port:tcp:31973
FLOW_FROM_HOSTOBS	e:from:SESSION-fa49e5af791c6122:host:131.196.31.140	SESSION-fa49e5af791c6122 → host:131.196.31.140
flow_observed5-aryOBS	e:fo:flow:e535264fff8d	flow:e535264fff8d → host:177.10.237.172 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b4e7d8d3f995a1a9:host:177.10.237.55:host:172.234.197.23	SESSION-b4e7d8d3f995a1a9 → host:177.10.237.55 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.64:geo_-23.62930_-46.63510	host:131.196.31.64 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:90a0ab0b2f2b	flow:90a0ab0b2f2b → host:177.10.237.3 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:fd14252bea53:port:tcp:443	flow:fd14252bea53 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd8dbb599c016751:host:45.173.156.107	SESSION-cd8dbb599c016751 → host:45.173.156.107
FLOW_TO_HOSTOBS	e:to:SESSION-458faec2c6be4af1:host:131.196.30.61	SESSION-458faec2c6be4af1 → host:131.196.30.61
flow_observed4-aryOBS	e:fo:flow:0be445b3f7e1	flow:0be445b3f7e1 → host:172.234.197.23 → host:131.196.29.166 → port:tcp:25196
FLOW_TO_HOSTOBS	e:to:SESSION-2479e88ee1ee68c6:host:177.10.239.84	SESSION-2479e88ee1ee68c6 → host:177.10.239.84
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-edebc7da73e26840:host:131.196.30.245:host:172.234.197.23	SESSION-edebc7da73e26840 → host:131.196.30.245 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f355ffd88e7f5027:flow:abdf49a61050	SESSION-f355ffd88e7f5027 → flow:abdf49a61050
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-291dfe079248afc7:host:172.234.197.23	SESSION-291dfe079248afc7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d44c53e781b5466e:host:131.196.31.253	SESSION-d44c53e781b5466e → host:131.196.31.253
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3759208ef2a99af0:SESSION-3759208ef2a99af0	SESSION-3759208ef2a99af0 → pe:syn:SESSION-3759208ef2a99af0
flow_observed5-aryOBS	e:fo:flow:3a218ba43b50	flow:3a218ba43b50 → host:177.10.235.255 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-e77738dbb03f9aec:host:172.234.197.23	SESSION-e77738dbb03f9aec → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.165:geo_-21.10010_-41.69200	host:45.173.156.165 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66897d09e7f9757a:host:45.173.156.66	SESSION-66897d09e7f9757a → host:45.173.156.66
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c16307b11a026263:PCAP:capture_20260430150001:ded20914761d	SESSION-c16307b11a026263 → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.203:asn:273470	host:45.173.156.203 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fdee4339c7caabb6:host:177.10.234.98	SESSION-fdee4339c7caabb6 → host:177.10.234.98
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be374c360242db8a:host:172.234.197.23:host:177.10.235.121	SESSION-be374c360242db8a → host:172.234.197.23 → host:177.10.235.121
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1909494739e8c502:flow:06b5920360d2	SESSION-1909494739e8c502 → flow:06b5920360d2
FLOW_DST_PORTOBS	e:fp:flow:cc59150a6666:port:tcp:443	flow:cc59150a6666 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8b9228625f2ea52e:SESSION-8b9228625f2ea52e	SESSION-8b9228625f2ea52e → pe:syn:SESSION-8b9228625f2ea52e
FLOW_TO_HOSTOBS	e:to:SESSION-a96ffc9fa12c0c5a:host:172.234.197.23	SESSION-a96ffc9fa12c0c5a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85483e16d9e2576e:host:131.196.28.110	SESSION-85483e16d9e2576e → host:131.196.28.110
FLOW_TO_HOSTOBS	e:to:SESSION-0b228975a6eff356:host:131.196.28.230	SESSION-0b228975a6eff356 → host:131.196.28.230
flow_observed4-aryOBS	e:fo:flow:bf3aa5bf62e1	flow:bf3aa5bf62e1 → host:172.234.197.23 → host:177.10.234.67 → port:tcp:49276
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-378ead2076355bca:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-378ead2076355bca → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.158:asn:262880	host:177.10.232.158 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-c402fe398bbf1491:SESSION-c402fe398bbf1491	SESSION-c402fe398bbf1491 → pe:dns:SESSION-c402fe398bbf1491
FLOW_TO_HOSTOBS	e:to:SESSION-06d2ad4243fb8941:host:172.234.197.23	SESSION-06d2ad4243fb8941 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1933fbedf850967f:host:131.196.30.67:host:172.234.197.23	SESSION-1933fbedf850967f → host:131.196.30.67 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b849b4bd4115608f:host:172.234.197.23	SESSION-b849b4bd4115608f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2c788cfe0774:port:tcp:443	flow:2c788cfe0774 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cac7290643404699:flow:7fd257e9ad8f	SESSION-cac7290643404699 → flow:7fd257e9ad8f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f482eb7fd49a3f1b:host:172.234.197.23	SESSION-f482eb7fd49a3f1b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f53fdd8a51294c3d:SESSION-f53fdd8a51294c3d	SESSION-f53fdd8a51294c3d → pe:syn:SESSION-f53fdd8a51294c3d
FLOW_DST_PORTOBS	e:fp:flow:819986960ec3:port:tcp:44092	flow:819986960ec3 → port:tcp:44092
flow_observed5-aryOBS	e:fo:flow:57553c5c5f75	flow:57553c5c5f75 → host:177.10.233.2 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-d53928eb39cd6093:host:131.196.31.23	SESSION-d53928eb39cd6093 → host:131.196.31.23
flow_observed4-aryOBS	e:fo:flow:4cbf90c61fa6	flow:4cbf90c61fa6 → host:172.234.197.23 → host:131.196.29.95 → port:tcp:9681
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e41a4ef6cc929c5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7e41a4ef6cc929c5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-bcba548cda079292:BSG-BEACON-feba1b4d0616	SESSION-bcba548cda079292 → BSG-BEACON-feba1b4d0616
flow_observed5-aryOBS	e:fo:flow:ce703d5cfa0d	flow:ce703d5cfa0d → host:177.10.234.210 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e63705938a499015:SESSION-e63705938a499015	SESSION-e63705938a499015 → pe:syn:SESSION-e63705938a499015
FLOW_TO_HOSTOBS	e:to:SESSION-65f6be25ebaee411:host:172.234.197.23	SESSION-65f6be25ebaee411 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-92a69e37100365d0:SESSION-92a69e37100365d0	SESSION-92a69e37100365d0 → pe:syn:SESSION-92a69e37100365d0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd66824284de98ed:host:177.10.233.220	SESSION-bd66824284de98ed → host:177.10.233.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-89ff4b6182efd39b:SESSION-89ff4b6182efd39b	SESSION-89ff4b6182efd39b → pe:rst:SESSION-89ff4b6182efd39b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d3eca13f5e50de63:flow:9cb6fb6a141a	SESSION-d3eca13f5e50de63 → flow:9cb6fb6a141a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a60c132d3a0c7657:SESSION-a60c132d3a0c7657	SESSION-a60c132d3a0c7657 → pe:tls:SESSION-a60c132d3a0c7657
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8189545896e60c84:PCAP:capture_20260430090001:065659c7d314	SESSION-8189545896e60c84 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-99c8a38ab4cce90e:SESSION-99c8a38ab4cce90e	SESSION-99c8a38ab4cce90e → pe:tls:SESSION-99c8a38ab4cce90e
FLOW_TO_HOSTOBS	e:to:SESSION-3982f1a8e532b400:host:172.234.197.23	SESSION-3982f1a8e532b400 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4b00d7db41be144d:PCAP:capture_20260430060001:919b39a74464	SESSION-4b00d7db41be144d → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e0a8afad40ce0aa2:host:177.10.235.162	SESSION-e0a8afad40ce0aa2 → host:177.10.235.162
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-31068e75a101287d:host:172.234.197.23:host:177.10.234.155	SESSION-31068e75a101287d → host:172.234.197.23 → host:177.10.234.155
FLOW_FROM_HOSTOBS	e:from:SESSION-40a7926fcdf458e7:host:131.196.31.82	SESSION-40a7926fcdf458e7 → host:131.196.31.82
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5fc95fe30edf5706:host:172.234.197.23:host:177.10.234.32	SESSION-5fc95fe30edf5706 → host:172.234.197.23 → host:177.10.234.32
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-738e0b0c3dd2dd03:host:172.234.197.23	SESSION-738e0b0c3dd2dd03 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.155:geo_-23.62930_-46.63510	host:131.196.30.155 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-15539e18bbfcb0e8:host:172.234.197.23	SESSION-15539e18bbfcb0e8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-303cd1de44c58c29:host:131.196.31.175	SESSION-303cd1de44c58c29 → host:131.196.31.175
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-350febc37b3f152d:host:131.196.28.1:host:172.234.197.23	SESSION-350febc37b3f152d → host:131.196.28.1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-301cccab595ff1f6:SESSION-301cccab595ff1f6	SESSION-301cccab595ff1f6 → pe:tls:SESSION-301cccab595ff1f6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-168c4e3df9119bba:host:172.234.197.23:host:177.10.234.51	SESSION-168c4e3df9119bba → host:172.234.197.23 → host:177.10.234.51
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8897ca7200c8655e:host:172.234.197.23:host:45.148.10.151	SESSION-8897ca7200c8655e → host:172.234.197.23 → host:45.148.10.151
FLOW_TO_HOSTOBS	e:to:SESSION-96cc205c664fccab:host:131.196.28.10	SESSION-96cc205c664fccab → host:131.196.28.10
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.16:asn:262880	host:177.10.234.16 → asn:262880
flow_observed5-aryOBS	e:fo:flow:22e2e56d643a	flow:22e2e56d643a → host:177.10.234.6 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2384be4238de1707:host:172.234.197.23	SESSION-2384be4238de1707 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e0ae4a4ac42f	flow:e0ae4a4ac42f → host:177.10.237.66 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:c391a9c3646b	flow:c391a9c3646b → host:177.10.233.100 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-608f057a6e6e376d:host:172.232.0.17	SESSION-608f057a6e6e376d → host:172.232.0.17
FLOW_FROM_HOSTOBS	e:from:SESSION-456e62c8b4b103dc:host:177.10.235.46	SESSION-456e62c8b4b103dc → host:177.10.235.46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b60cd26b4cd717ea:host:177.10.235.226	SESSION-b60cd26b4cd717ea → host:177.10.235.226
FLOW_DST_PORTOBS	e:fp:flow:fa92306a8300:port:tcp:60871	flow:fa92306a8300 → port:tcp:60871
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.33:geo_-16.28860_-49.01640	host:177.10.236.33 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-130c48c57d6ba6f4:host:172.234.197.23	SESSION-130c48c57d6ba6f4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4c0e63fa095433d2:host:172.234.197.23:host:177.10.237.82	SESSION-4c0e63fa095433d2 → host:172.234.197.23 → host:177.10.237.82
FLOW_FROM_HOSTOBS	e:from:SESSION-c8f41d49423a0699:host:177.10.238.76	SESSION-c8f41d49423a0699 → host:177.10.238.76
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-458faec2c6be4af1:host:172.234.197.23:host:131.196.30.61	SESSION-458faec2c6be4af1 → host:172.234.197.23 → host:131.196.30.61
flow_observed5-aryOBS	e:fo:flow:de9828eb48de	flow:de9828eb48de → host:131.196.31.69 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:3e48eb65a424:port:tcp:443	flow:3e48eb65a424 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a83b6f19c39d579f:host:172.234.197.23	SESSION-a83b6f19c39d579f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86a02a9ab2988acd:host:103.155.16.117	SESSION-86a02a9ab2988acd → host:103.155.16.117
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cdfe5014ffcf69db:SESSION-cdfe5014ffcf69db	SESSION-cdfe5014ffcf69db → pe:tls:SESSION-cdfe5014ffcf69db
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55d7f3379dec0798:host:172.234.197.23	SESSION-55d7f3379dec0798 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-810f814d66b016e7:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-810f814d66b016e7 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2387fa1f153c5b33:SESSION-2387fa1f153c5b33	SESSION-2387fa1f153c5b33 → pe:syn:SESSION-2387fa1f153c5b33
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b82d9882ea505987:host:172.234.197.23	SESSION-b82d9882ea505987 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:79a04c011df2	flow:79a04c011df2 → host:131.196.31.22 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-57096089299b193e:flow:a0468409f112	SESSION-57096089299b193e → flow:a0468409f112
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.199:asn:262880	host:177.10.237.199 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7a65c242582e5e81:host:172.234.197.23:host:177.10.235.233	SESSION-7a65c242582e5e81 → host:172.234.197.23 → host:177.10.235.233
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32012e3b5048e415:host:172.234.197.23	SESSION-32012e3b5048e415 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0481c3a1b2d7b867:flow:bc4bf615db56	SESSION-0481c3a1b2d7b867 → flow:bc4bf615db56
FLOW_TO_HOSTOBS	e:to:SESSION-e41fa1676c790d65:host:172.234.197.23	SESSION-e41fa1676c790d65 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7e4ae2c6ddba3051:host:177.10.235.158	SESSION-7e4ae2c6ddba3051 → host:177.10.235.158
FLOW_DST_PORTOBS	e:fp:flow:1e9c70ccf0e5:port:tcp:443	flow:1e9c70ccf0e5 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-7e512980b1e52beb:host:172.234.197.23	SESSION-7e512980b1e52beb → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-caadff286c632ea0:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-caadff286c632ea0 → PCAP:capture_20260427230001:ca8bd1ce36e2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-368729c748b57591:SESSION-368729c748b57591	SESSION-368729c748b57591 → pe:tls:SESSION-368729c748b57591
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a77adff1667c3d1:SESSION-0a77adff1667c3d1	SESSION-0a77adff1667c3d1 → pe:tls:SESSION-0a77adff1667c3d1
FLOW_DST_PORTOBS	e:fp:flow:248c942cf479:port:tcp:52963	flow:248c942cf479 → port:tcp:52963
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7201144bad9d462:host:131.196.30.242	SESSION-c7201144bad9d462 → host:131.196.30.242
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a46bc5971af02e3:host:172.234.197.23	SESSION-6a46bc5971af02e3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b135329a33dc60c2:SESSION-b135329a33dc60c2	SESSION-b135329a33dc60c2 → pe:tls:SESSION-b135329a33dc60c2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-46ff0fa4ec42545a:host:185.231.226.50:host:172.234.197.23	SESSION-46ff0fa4ec42545a → host:185.231.226.50 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.45:asn:271410	host:131.196.30.45 → asn:271410
flow_observed5-aryOBS	e:fo:flow:b0c4f4fc61a3	flow:b0c4f4fc61a3 → host:177.10.235.195 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b048ecd988d76f67:SESSION-b048ecd988d76f67	SESSION-b048ecd988d76f67 → pe:tls:SESSION-b048ecd988d76f67
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fb2f54f0354a144e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-fb2f54f0354a144e → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c58d6336bd500b5:host:172.234.197.23	SESSION-9c58d6336bd500b5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1699a282bb5af583:SESSION-1699a282bb5af583	SESSION-1699a282bb5af583 → pe:syn:SESSION-1699a282bb5af583
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8dff22511e3d5727:SESSION-8dff22511e3d5727	SESSION-8dff22511e3d5727 → pe:syn:SESSION-8dff22511e3d5727
FLOW_FROM_HOSTOBS	e:from:SESSION-bd554b279ca00d73:host:172.234.197.23	SESSION-bd554b279ca00d73 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9c0ba3366d883914:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9c0ba3366d883914 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:f9c3289cd9ec	flow:f9c3289cd9ec → host:177.10.233.100 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-72411a82d36d6add:SESSION-72411a82d36d6add	SESSION-72411a82d36d6add → pe:syn:SESSION-72411a82d36d6add
FLOW_FROM_HOSTOBS	e:from:SESSION-7c9cadb68fe1ad17:host:131.196.31.100	SESSION-7c9cadb68fe1ad17 → host:131.196.31.100
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.245:asn:273470	host:45.173.156.245 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e7c834c7664f83e9:SESSION-e7c834c7664f83e9	SESSION-e7c834c7664f83e9 → pe:tls:SESSION-e7c834c7664f83e9
flow_observed5-aryOBS	e:fo:flow:1aca9c39dc4e	flow:1aca9c39dc4e → host:177.10.239.177 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:16d8e26d4cd3	flow:16d8e26d4cd3 → host:177.10.232.139 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.183:geo_-23.62930_-46.63510	host:131.196.31.183 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ce17c1c4b6f006e0:SESSION-ce17c1c4b6f006e0	SESSION-ce17c1c4b6f006e0 → pe:syn:SESSION-ce17c1c4b6f006e0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf1b38a91c361f4b:host:177.10.235.64	SESSION-cf1b38a91c361f4b → host:177.10.235.64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-99c8a38ab4cce90e:SESSION-99c8a38ab4cce90e	SESSION-99c8a38ab4cce90e → pe:syn:SESSION-99c8a38ab4cce90e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37a8b94aca0a72fd:host:69.222.187.134:host:172.234.197.23	SESSION-37a8b94aca0a72fd → host:69.222.187.134 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e17435638a41ed24:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e17435638a41ed24 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a83b6f19c39d579f:SESSION-a83b6f19c39d579f	SESSION-a83b6f19c39d579f → pe:syn:SESSION-a83b6f19c39d579f
FLOW_DST_PORTOBS	e:fp:flow:2efde4485be8:port:tcp:21693	flow:2efde4485be8 → port:tcp:21693
flow_observed4-aryOBS	e:fo:flow:2b98ad37e1cb	flow:2b98ad37e1cb → host:172.234.197.23 → host:45.173.156.13 → port:tcp:11066
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7da23a3c779474e1:host:172.234.197.23	SESSION-7da23a3c779474e1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cddd8421db4c97d9:flow:cf56f055e8e4	SESSION-cddd8421db4c97d9 → flow:cf56f055e8e4
FLOW_TO_HOSTOBS	e:to:SESSION-c21627d8f6f11a27:host:177.10.235.125	SESSION-c21627d8f6f11a27 → host:177.10.235.125
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-14a74b0f0f76c3f9:host:172.234.197.23:host:131.196.30.135	SESSION-14a74b0f0f76c3f9 → host:172.234.197.23 → host:131.196.30.135
FLOW_DST_PORTOBS	e:fp:flow:8503bab0a6df:port:tcp:56510	flow:8503bab0a6df → port:tcp:56510
FLOW_DST_PORTOBS	e:fp:flow:7612b6de3fd1:port:tcp:65477	flow:7612b6de3fd1 → port:tcp:65477
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-022fbc52c5dbb7ff:SESSION-022fbc52c5dbb7ff	SESSION-022fbc52c5dbb7ff → pe:tls:SESSION-022fbc52c5dbb7ff
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-949f3e8f4d37c52a:flow:1ef64fa87830	SESSION-949f3e8f4d37c52a → flow:1ef64fa87830
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-117c00f29ed332ce:SESSION-117c00f29ed332ce	SESSION-117c00f29ed332ce → pe:syn:SESSION-117c00f29ed332ce
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6350f63c148b5b0b:host:172.234.197.23	SESSION-6350f63c148b5b0b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ed5696d63c7b154:host:172.234.197.23	SESSION-9ed5696d63c7b154 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2b54b11bede7a4d5:SESSION-2b54b11bede7a4d5	SESSION-2b54b11bede7a4d5 → pe:syn:SESSION-2b54b11bede7a4d5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6104696c1212e0a0:flow:5fb4b7650da7	SESSION-6104696c1212e0a0 → flow:5fb4b7650da7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6242cf24a2978d6d:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6242cf24a2978d6d → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34da31e596580b61:host:172.234.197.23	SESSION-34da31e596580b61 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8c774bbe3f97971:host:45.173.156.5	SESSION-d8c774bbe3f97971 → host:45.173.156.5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-14b4ac17b4f35bc0:host:177.10.236.41:host:172.234.197.23	SESSION-14b4ac17b4f35bc0 → host:177.10.236.41 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aede3430ffb62e05:flow:7067571fdb7e	SESSION-aede3430ffb62e05 → flow:7067571fdb7e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-942872364f4f0f53:PCAP:capture_20260430110001:43611bdf6759	SESSION-942872364f4f0f53 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:2e10465cca68:port:tcp:443	flow:2e10465cca68 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c9527954f73f19b6:SESSION-c9527954f73f19b6	SESSION-c9527954f73f19b6 → pe:syn:SESSION-c9527954f73f19b6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0e515946ec2b2292:SESSION-0e515946ec2b2292	SESSION-0e515946ec2b2292 → pe:syn:SESSION-0e515946ec2b2292
FLOW_TO_HOSTOBS	e:to:SESSION-de8058bfaf7cddb8:host:172.234.197.23	SESSION-de8058bfaf7cddb8 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:5210729a469b	flow:5210729a469b → host:103.155.16.117 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.20:asn:271410	host:131.196.30.20 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3baedacad496627d:SESSION-3baedacad496627d	SESSION-3baedacad496627d → pe:tls:SESSION-3baedacad496627d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-366e271d3ddb3e11:host:172.234.197.23:host:177.10.234.78	SESSION-366e271d3ddb3e11 → host:172.234.197.23 → host:177.10.234.78
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2f691479e1fc1edf:SESSION-2f691479e1fc1edf	SESSION-2f691479e1fc1edf → pe:tls:SESSION-2f691479e1fc1edf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-44d3fd3ee1d51da1:PCAP:capture_20260430090001:065659c7d314	SESSION-44d3fd3ee1d51da1 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-8b9228625f2ea52e:host:172.234.197.23	SESSION-8b9228625f2ea52e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f44e90059c2f2195:host:136.243.57.208	SESSION-f44e90059c2f2195 → host:136.243.57.208
flow_observed5-aryOBS	e:fo:flow:6cb039b7cca8	flow:6cb039b7cca8 → host:177.10.232.233 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-c3f426eb3b5d19b7:host:177.10.234.119	SESSION-c3f426eb3b5d19b7 → host:177.10.234.119
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-793bdbe15c87a87a:host:172.234.197.23	SESSION-793bdbe15c87a87a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5cb36fee7e75b97b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5cb36fee7e75b97b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:84ed01f64073:port:tcp:37776	flow:84ed01f64073 → port:tcp:37776
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e523425c561e01e:host:172.234.197.23	SESSION-8e523425c561e01e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3ad1374907e690a1:flow:83f6e4e64a29	SESSION-3ad1374907e690a1 → flow:83f6e4e64a29
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9eb3af12cfff0086:PCAP:capture_20260430060001:919b39a74464	SESSION-9eb3af12cfff0086 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-6af0fd134ffb330e:host:45.173.156.53	SESSION-6af0fd134ffb330e → host:45.173.156.53
FLOW_DST_PORTOBS	e:fp:flow:b36f9561c530:port:tcp:443	flow:b36f9561c530 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd437604af995a2a:host:177.10.238.44	SESSION-fd437604af995a2a → host:177.10.238.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e8278f913dbee560:SESSION-e8278f913dbee560	SESSION-e8278f913dbee560 → pe:tls:SESSION-e8278f913dbee560
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41b71c4a2ccc13b3:host:131.196.30.20	SESSION-41b71c4a2ccc13b3 → host:131.196.30.20
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ac21eed532c969e:flow:983e7d9866fc	SESSION-6ac21eed532c969e → flow:983e7d9866fc
flow_observed5-aryOBS	e:fo:flow:2b77aa54b9b2	flow:2b77aa54b9b2 → host:45.173.156.67 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eaf9de21464647a2:host:177.10.232.97:host:172.234.197.23	SESSION-eaf9de21464647a2 → host:177.10.232.97 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1191ea69c7b9e8e5:host:172.234.197.23	SESSION-1191ea69c7b9e8e5 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-f8cba099c11564e8:BSG-BEACON-61380c9a629a	SESSION-f8cba099c11564e8 → BSG-BEACON-61380c9a629a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd92f1d715637398:host:172.234.197.23	SESSION-cd92f1d715637398 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:14440a95365b	flow:14440a95365b → host:16.171.255.229 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f29ae4ea1d6d03ed:host:177.10.232.89	SESSION-f29ae4ea1d6d03ed → host:177.10.232.89
FLOW_TO_HOSTOBS	e:to:SESSION-4d3ca4dbaf4c9647:host:172.234.197.23	SESSION-4d3ca4dbaf4c9647 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a733fde11cff5d03:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a733fde11cff5d03 → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.232:geo_-16.28860_-49.01640	host:177.10.234.232 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9a236c6c04af1f19:host:91.240.224.238:host:172.234.197.23	SESSION-9a236c6c04af1f19 → host:91.240.224.238 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.131:asn:271410	host:131.196.29.131 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f215cf2f031026d:host:172.234.197.23	SESSION-5f215cf2f031026d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9d65a28f7cbebfeb:host:177.10.238.87	SESSION-9d65a28f7cbebfeb → host:177.10.238.87
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-671350c0b0fa8f65:SESSION-671350c0b0fa8f65	SESSION-671350c0b0fa8f65 → pe:tls:SESSION-671350c0b0fa8f65
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.8:geo_-23.62930_-46.63510	host:131.196.28.8 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.152:geo_-23.62930_-46.63510	host:131.196.29.152 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:bc4151fd6a85	flow:bc4151fd6a85 → host:131.196.28.169 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-bc1a8a6f7d90953a:host:172.234.197.23	SESSION-bc1a8a6f7d90953a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-be622897972653aa:host:31.40.196.79	SESSION-be622897972653aa → host:31.40.196.79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a176047016eec520:host:172.234.197.23	SESSION-a176047016eec520 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-73c4b3cbea42a394:flow:a8db861f9cc7	SESSION-73c4b3cbea42a394 → flow:a8db861f9cc7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44555c754c6c7558:host:177.10.235.220	SESSION-44555c754c6c7558 → host:177.10.235.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9fd8278b2f1d760d:SESSION-9fd8278b2f1d760d	SESSION-9fd8278b2f1d760d → pe:tls:SESSION-9fd8278b2f1d760d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7d1b2f476de49a99:SESSION-7d1b2f476de49a99	SESSION-7d1b2f476de49a99 → pe:syn:SESSION-7d1b2f476de49a99
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-98b441f54568b58c:SESSION-98b441f54568b58c	SESSION-98b441f54568b58c → pe:syn:SESSION-98b441f54568b58c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6966225f20017b9e:host:177.10.236.143	SESSION-6966225f20017b9e → host:177.10.236.143
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.148:geo_41.02140_28.99480	host:185.231.226.148 → geo_41.02140_28.99480
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-625fc1856b5bb87f:SESSION-625fc1856b5bb87f	SESSION-625fc1856b5bb87f → pe:tls:SESSION-625fc1856b5bb87f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7f44cd8b141a7b5c:flow:e49717db3c30	SESSION-7f44cd8b141a7b5c → flow:e49717db3c30
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec50ec61227c5d5c:host:172.234.197.23	SESSION-ec50ec61227c5d5c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e577d7cf1b0ace36:host:172.234.197.23	SESSION-e577d7cf1b0ace36 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0d4b5be8f725	flow:0d4b5be8f725 → host:131.196.28.246 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.99:asn:271410	host:131.196.29.99 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-693fee7d62fe51b9:host:177.10.232.88	SESSION-693fee7d62fe51b9 → host:177.10.232.88
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-47ed07d15aa63df9:BSG-BEACON-9dd910990e79	SESSION-47ed07d15aa63df9 → BSG-BEACON-9dd910990e79
flow_observed5-aryOBS	e:fo:flow:5fed7e81abee	flow:5fed7e81abee → host:177.10.239.39 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09db40e08b93496c:host:177.10.236.33	SESSION-09db40e08b93496c → host:177.10.236.33
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-59d92efe40de2f35:SESSION-59d92efe40de2f35	SESSION-59d92efe40de2f35 → pe:syn:SESSION-59d92efe40de2f35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0485e2f41480d0ab:SESSION-0485e2f41480d0ab	SESSION-0485e2f41480d0ab → pe:syn:SESSION-0485e2f41480d0ab
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7558286b16680d35:flow:dead05b4c0bc	SESSION-7558286b16680d35 → flow:dead05b4c0bc
FLOW_TO_HOSTOBS	e:to:SESSION-b1261f8c6b87cf73:host:45.173.156.70	SESSION-b1261f8c6b87cf73 → host:45.173.156.70
FLOW_FROM_HOSTOBS	e:from:SESSION-f56950d8d19e118b:host:177.10.238.103	SESSION-f56950d8d19e118b → host:177.10.238.103
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-20552151cee2e1af:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-20552151cee2e1af → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-ed29e6defb1050d9:host:172.234.197.23	SESSION-ed29e6defb1050d9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3a286fa1508a759d:SESSION-3a286fa1508a759d	SESSION-3a286fa1508a759d → pe:tls:SESSION-3a286fa1508a759d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-532708ef58f2707f:host:172.234.197.23	SESSION-532708ef58f2707f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4bb4f425427d3bee:host:172.234.197.23	SESSION-4bb4f425427d3bee → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fc01b506a83e5847:flow:171729e27d1d	SESSION-fc01b506a83e5847 → flow:171729e27d1d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bce97f10a4a571f4:host:172.234.197.23	SESSION-bce97f10a4a571f4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-64639bf8e248f548:host:177.10.239.166	SESSION-64639bf8e248f548 → host:177.10.239.166
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ac14845b1a23366d:host:177.10.232.52:host:172.234.197.23	SESSION-ac14845b1a23366d → host:177.10.232.52 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-07775d37dba558b0:flow:46d5bf8a685f	SESSION-07775d37dba558b0 → flow:46d5bf8a685f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-44e6d66a0a0fb56e:SESSION-44e6d66a0a0fb56e	SESSION-44e6d66a0a0fb56e → pe:syn:SESSION-44e6d66a0a0fb56e
FLOW_FROM_HOSTOBS	e:from:SESSION-d04c60e569cc19ba:host:177.10.237.83	SESSION-d04c60e569cc19ba → host:177.10.237.83
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ad31d7217a236b09:SESSION-ad31d7217a236b09	SESSION-ad31d7217a236b09 → pe:tls:SESSION-ad31d7217a236b09
FLOW_FROM_HOSTOBS	e:from:SESSION-a03dc7893b60925b:host:172.234.197.23	SESSION-a03dc7893b60925b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.142:geo_-21.10010_-41.69200	host:45.173.156.142 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-317129b18cf7eb6c:host:172.234.197.23	SESSION-317129b18cf7eb6c → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.123:geo_-23.62930_-46.63510	host:131.196.30.123 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-78e554a3c30f161c:host:177.10.236.137	SESSION-78e554a3c30f161c → host:177.10.236.137
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-875fd6bdbe4ae339:PCAP:capture_20260430080001:93f47cc296a4	SESSION-875fd6bdbe4ae339 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a8694ae6f41e5eb8:SESSION-a8694ae6f41e5eb8	SESSION-a8694ae6f41e5eb8 → pe:syn:SESSION-a8694ae6f41e5eb8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b0e4303498e9ae3e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b0e4303498e9ae3e → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.214:geo_-23.62930_-46.63510	host:131.196.29.214 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e06ceb4b0294ceac:host:177.10.237.120	SESSION-e06ceb4b0294ceac → host:177.10.237.120
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-48482b2d296d23e2:SESSION-48482b2d296d23e2	SESSION-48482b2d296d23e2 → pe:tls:SESSION-48482b2d296d23e2
FLOW_TO_HOSTOBS	e:to:SESSION-8ef1bfc51ed52e33:host:172.234.197.23	SESSION-8ef1bfc51ed52e33 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b2586028491b4edc:SESSION-b2586028491b4edc	SESSION-b2586028491b4edc → pe:tls:SESSION-b2586028491b4edc
FLOW_TO_HOSTOBS	e:to:SESSION-4c4adfb3e188a176:host:172.234.197.23	SESSION-4c4adfb3e188a176 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3bedd6d77774b5e6:PCAP:capture_20260430090001:065659c7d314	SESSION-3bedd6d77774b5e6 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2eb15df038685c53:PCAP:capture_20260430060001:919b39a74464	SESSION-2eb15df038685c53 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-68e98907ffe6aa24:SESSION-68e98907ffe6aa24	SESSION-68e98907ffe6aa24 → pe:tls:SESSION-68e98907ffe6aa24
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-038099de878067a0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-038099de878067a0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-3c8bfb1726ad64d7:host:172.234.197.23	SESSION-3c8bfb1726ad64d7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-68ee3afa191e6305:SESSION-68ee3afa191e6305	SESSION-68ee3afa191e6305 → pe:tls:SESSION-68ee3afa191e6305
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-007d1747f3bd10df:host:172.234.197.23	SESSION-007d1747f3bd10df → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-07d653be0b30b2f4:SESSION-07d653be0b30b2f4	SESSION-07d653be0b30b2f4 → pe:syn:SESSION-07d653be0b30b2f4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7640c6607dc14992:host:131.196.28.240:host:172.234.197.23	SESSION-7640c6607dc14992 → host:131.196.28.240 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:3adb4fd2df9b	flow:3adb4fd2df9b → host:172.234.197.23 → host:131.196.28.80 → port:tcp:4502
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7569a7ee383f653c:host:177.10.237.169:host:172.234.197.23	SESSION-7569a7ee383f653c → host:177.10.237.169 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3fa41b89da3fc0a6:flow:a6e0ee7010b9	SESSION-3fa41b89da3fc0a6 → flow:a6e0ee7010b9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6328c86c978f61df:host:172.234.197.23:host:177.10.232.27	SESSION-6328c86c978f61df → host:172.234.197.23 → host:177.10.232.27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0cf49defbe006f77:SESSION-0cf49defbe006f77	SESSION-0cf49defbe006f77 → pe:syn:SESSION-0cf49defbe006f77
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.55:geo_-16.28860_-49.01640	host:177.10.235.55 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-68ee3afa191e6305:host:177.10.237.88	SESSION-68ee3afa191e6305 → host:177.10.237.88
FLOW_TO_HOSTOBS	e:to:SESSION-265fcf20a19ad440:host:131.196.30.126	SESSION-265fcf20a19ad440 → host:131.196.30.126
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2958e311eaa51e83:flow:a093af4fd9ab	SESSION-2958e311eaa51e83 → flow:a093af4fd9ab
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f737e621c51c7ecf:host:45.173.156.227	SESSION-f737e621c51c7ecf → host:45.173.156.227
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ffa027db374a629:host:177.10.233.233	SESSION-9ffa027db374a629 → host:177.10.233.233
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-edaec15d65a63fe7:SESSION-edaec15d65a63fe7	SESSION-edaec15d65a63fe7 → pe:syn:SESSION-edaec15d65a63fe7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-803381ec4a55866c:SESSION-803381ec4a55866c	SESSION-803381ec4a55866c → pe:tls:SESSION-803381ec4a55866c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f19cc3e0ef766dd7:SESSION-f19cc3e0ef766dd7	SESSION-f19cc3e0ef766dd7 → pe:syn:SESSION-f19cc3e0ef766dd7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d7508894fe5424d7:host:172.234.197.23:host:131.196.28.137	SESSION-d7508894fe5424d7 → host:172.234.197.23 → host:131.196.28.137
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ddc60a1db971e20b:host:172.234.197.23:host:131.196.28.93	SESSION-ddc60a1db971e20b → host:172.234.197.23 → host:131.196.28.93
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.37:asn:262880	host:177.10.238.37 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1d7bdeba7c000ea7:SESSION-1d7bdeba7c000ea7	SESSION-1d7bdeba7c000ea7 → pe:syn:SESSION-1d7bdeba7c000ea7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.191:geo_-16.28860_-49.01640	host:177.10.239.191 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.33:geo_-23.62930_-46.63510	host:131.196.29.33 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2df5a0c07309bf07:host:172.234.197.23:host:177.10.232.155	SESSION-2df5a0c07309bf07 → host:172.234.197.23 → host:177.10.232.155
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ba96028c0d9bf0a3:PCAP:capture_20260430090001:065659c7d314	SESSION-ba96028c0d9bf0a3 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d694cf0080c35c2f:host:177.10.234.103	SESSION-d694cf0080c35c2f → host:177.10.234.103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c3d3f3d87b7f1a0:host:172.234.197.23	SESSION-5c3d3f3d87b7f1a0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-af4f3fe4058b61ab:host:177.10.234.189	SESSION-af4f3fe4058b61ab → host:177.10.234.189
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.75:asn:271410	host:131.196.29.75 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b54b11bede7a4d5:host:177.10.237.99	SESSION-2b54b11bede7a4d5 → host:177.10.237.99
FLOW_DST_PORTOBS	e:fp:flow:71b70a01dbc1:port:tcp:38173	flow:71b70a01dbc1 → port:tcp:38173
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c390a73ee41b4c6d:SESSION-c390a73ee41b4c6d	SESSION-c390a73ee41b4c6d → pe:syn:SESSION-c390a73ee41b4c6d
FLOW_FROM_HOSTOBS	e:from:SESSION-3d2c48d2810841c0:host:172.234.197.23	SESSION-3d2c48d2810841c0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ce29096c932e7f50:host:172.234.197.23	SESSION-ce29096c932e7f50 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8e045676cfe0:port:tcp:443	flow:8e045676cfe0 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.16:geo_-16.28860_-49.01640	host:177.10.232.16 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5ad022ad4096ce5:host:131.196.31.10	SESSION-d5ad022ad4096ce5 → host:131.196.31.10
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.73:geo_-16.28860_-49.01640	host:177.10.233.73 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6113f2cc2cfc5017:host:177.10.237.12	SESSION-6113f2cc2cfc5017 → host:177.10.237.12
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ca0d45baeb856677:PCAP:capture_20260430070001:903a0e7a436b	SESSION-ca0d45baeb856677 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e21e19309bc8d324:host:45.173.156.51	SESSION-e21e19309bc8d324 → host:45.173.156.51
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9d58dc4e289d6c4c:host:172.234.197.23:host:177.10.239.140	SESSION-9d58dc4e289d6c4c → host:172.234.197.23 → host:177.10.239.140
HOST_IN_ASNOBS 85%	e:ha:host:54.250.227.157:asn:16509	host:54.250.227.157 → asn:16509
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-88a21eebc91cc549:flow:1c97f1fb2524	SESSION-88a21eebc91cc549 → flow:1c97f1fb2524
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7db2d3f3f113e007:SESSION-7db2d3f3f113e007	SESSION-7db2d3f3f113e007 → pe:syn:SESSION-7db2d3f3f113e007
FLOW_FROM_HOSTOBS	e:from:SESSION-bcd779876233a786:host:45.145.152.15	SESSION-bcd779876233a786 → host:45.145.152.15
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b1f042103d1727f:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-5b1f042103d1727f → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cfde024084873f29:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cfde024084873f29 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.76:geo_-16.28860_-49.01640	host:177.10.239.76 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c1a20baa14a0758:host:172.234.197.23	SESSION-8c1a20baa14a0758 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.52:geo_-16.28860_-49.01640	host:177.10.233.52 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-c88d3e9918500cb2:host:172.234.197.23	SESSION-c88d3e9918500cb2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-774b2bcff77bd614:host:177.10.238.235	SESSION-774b2bcff77bd614 → host:177.10.238.235
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8958b8d9cf24f177:host:172.234.197.23	SESSION-8958b8d9cf24f177 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b0b067dd86042d0a:flow:869e0dc0fb92	SESSION-b0b067dd86042d0a → flow:869e0dc0fb92
flow_observed5-aryOBS	e:fo:flow:496fab4372c8	flow:496fab4372c8 → host:177.10.237.129 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-6b4f32c5c51558e8:host:177.10.237.24	SESSION-6b4f32c5c51558e8 → host:177.10.237.24
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4203cad708a9d562:flow:f073070a53e3	SESSION-4203cad708a9d562 → flow:f073070a53e3
FLOW_TO_HOSTOBS	e:to:SESSION-cc77084e1c24867c:host:172.234.197.23	SESSION-cc77084e1c24867c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e673f566483c0ed3:flow:b67d627221f8	SESSION-e673f566483c0ed3 → flow:b67d627221f8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47d7544842406eea:flow:9bd19d03285c	SESSION-47d7544842406eea → flow:9bd19d03285c
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.231:asn:271410	host:131.196.31.231 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:82acf82630a3:port:tcp:443	flow:82acf82630a3 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-367825c4b1c7c6d4:host:177.10.236.235	SESSION-367825c4b1c7c6d4 → host:177.10.236.235
flow_observed4-aryOBS	e:fo:flow:906cde70820b	flow:906cde70820b → host:172.234.197.23 → host:177.10.235.169 → port:tcp:16118
flow_observed5-aryOBS	e:fo:flow:8154aa40ebb8	flow:8154aa40ebb8 → host:177.10.239.255 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-f8c973292e4e10a2:host:45.173.156.5	SESSION-f8c973292e4e10a2 → host:45.173.156.5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7172790c1950eaef:host:172.234.197.23	SESSION-7172790c1950eaef → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-86951cb3218963fd:host:172.234.197.23	SESSION-86951cb3218963fd → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1b72c9d06898	flow:1b72c9d06898 → host:45.173.156.55 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-2c7091281d7e2abc:host:172.234.197.23	SESSION-2c7091281d7e2abc → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c11eda38705a	flow:c11eda38705a → host:131.196.31.19 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-54c75738c2308981:host:35.94.26.156:host:172.234.197.23	SESSION-54c75738c2308981 → host:35.94.26.156 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d17b7bdf4ae9fb2c:flow:cc297f1cad64	SESSION-d17b7bdf4ae9fb2c → flow:cc297f1cad64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74fa9a10a5811b00:host:172.234.197.23	SESSION-74fa9a10a5811b00 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-905e7318b3a63042:host:177.10.236.7	SESSION-905e7318b3a63042 → host:177.10.236.7
FLOW_DST_PORTOBS	e:fp:flow:b57ca0dc778e:port:tcp:443	flow:b57ca0dc778e → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ef46e42b79ae57cb:PCAP:capture_20260430110001:43611bdf6759	SESSION-ef46e42b79ae57cb → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85ceb858b118c816:host:177.10.234.23	SESSION-85ceb858b118c816 → host:177.10.234.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f377c5e49ededc1c:SESSION-f377c5e49ededc1c	SESSION-f377c5e49ededc1c → pe:syn:SESSION-f377c5e49ededc1c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6aca00d0413062e5:SESSION-6aca00d0413062e5	SESSION-6aca00d0413062e5 → pe:tls:SESSION-6aca00d0413062e5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.146:geo_-16.28860_-49.01640	host:177.10.238.146 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-878a5ce24b3ea2a6:host:140.179.228.29:host:172.234.197.23	SESSION-878a5ce24b3ea2a6 → host:140.179.228.29 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f34baa4b6679	flow:f34baa4b6679 → host:177.10.236.22 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-04737cadee3282a6:PCAP:capture_20260430160001:9bfa4498506a	SESSION-04737cadee3282a6 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-282c3beb2e9d9d39:host:172.234.197.23	SESSION-282c3beb2e9d9d39 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66dcd1fd6d28b07f:host:177.10.233.231	SESSION-66dcd1fd6d28b07f → host:177.10.233.231
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6afafa975f8bbed9:PCAP:capture_20260430090001:065659c7d314	SESSION-6afafa975f8bbed9 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-95e8a61a9d5e6397:SESSION-95e8a61a9d5e6397	SESSION-95e8a61a9d5e6397 → pe:tls:SESSION-95e8a61a9d5e6397
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-652478bc70a2d711:flow:45eb3b22e1f2	SESSION-652478bc70a2d711 → flow:45eb3b22e1f2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.79:geo_-23.62930_-46.63510	host:131.196.28.79 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b236f75d1c6493bc:PCAP:capture_20260430110001:43611bdf6759	SESSION-b236f75d1c6493bc → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.145:asn:203771	host:45.145.152.145 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef849695f946a5ec:host:172.234.197.23	SESSION-ef849695f946a5ec → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c532203a3a00	flow:c532203a3a00 → host:131.196.30.36 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc0d354223e065ab:host:172.234.197.23	SESSION-fc0d354223e065ab → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4b91d700ec898758:host:172.234.197.23:host:131.196.29.19	SESSION-4b91d700ec898758 → host:172.234.197.23 → host:131.196.29.19
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ef7fe2bb78158297:flow:89478ea7795e	SESSION-ef7fe2bb78158297 → flow:89478ea7795e
FLOW_TO_HOSTOBS	e:to:SESSION-c1240df2eec41c5d:host:131.196.29.122	SESSION-c1240df2eec41c5d → host:131.196.29.122
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-282c3beb2e9d9d39:host:45.173.156.149	SESSION-282c3beb2e9d9d39 → host:45.173.156.149
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97e21cf514a48728:host:172.234.197.23	SESSION-97e21cf514a48728 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ad7d874b9cd6bce1:host:172.234.197.23	SESSION-ad7d874b9cd6bce1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.137:geo_-16.28860_-49.01640	host:177.10.239.137 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6299cf50d0e2e558:SESSION-6299cf50d0e2e558	SESSION-6299cf50d0e2e558 → pe:tls:SESSION-6299cf50d0e2e558
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1cbcb5d52df9d7c9:SESSION-1cbcb5d52df9d7c9	SESSION-1cbcb5d52df9d7c9 → pe:syn:SESSION-1cbcb5d52df9d7c9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-05a7cad64bbe69e6:host:172.234.197.23	SESSION-05a7cad64bbe69e6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7c008c2d2b932d4b:SESSION-7c008c2d2b932d4b	SESSION-7c008c2d2b932d4b → pe:tls:SESSION-7c008c2d2b932d4b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3959c763e6312f1d:host:172.234.197.23	SESSION-3959c763e6312f1d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0cb11649434d08c:host:177.10.232.196	SESSION-d0cb11649434d08c → host:177.10.232.196
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a88c1288033e7cc:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-0a88c1288033e7cc → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-770902b82fea5ce5:flow:4067d550a9ce	SESSION-770902b82fea5ce5 → flow:4067d550a9ce
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96afec3035986aab:host:172.234.197.23	SESSION-96afec3035986aab → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1a46a988dc3d14a3:SESSION-1a46a988dc3d14a3	SESSION-1a46a988dc3d14a3 → pe:syn:SESSION-1a46a988dc3d14a3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fd0571d5316a48e1:host:172.234.197.23:host:131.196.29.168	SESSION-fd0571d5316a48e1 → host:172.234.197.23 → host:131.196.29.168
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.68:geo_-23.62930_-46.63510	host:131.196.29.68 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:9ea1c5ffb1e1	flow:9ea1c5ffb1e1 → host:177.10.235.205 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:8c301b45be25	flow:8c301b45be25 → host:172.234.197.23 → host:177.10.237.94 → port:tcp:63086
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.101:asn:271410	host:131.196.28.101 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7679fd0fd118c12e:SESSION-7679fd0fd118c12e	SESSION-7679fd0fd118c12e → pe:syn:SESSION-7679fd0fd118c12e
FLOW_DST_PORTOBS	e:fp:flow:33ea2e46c94c:port:tcp:443	flow:33ea2e46c94c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ad3aa4b6b6de70e6:PCAP:capture_20260430050001:8868731bf8a4	SESSION-ad3aa4b6b6de70e6 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7287a957cb5e0d9:host:177.10.239.184	SESSION-f7287a957cb5e0d9 → host:177.10.239.184
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e00c0cf74d0af603:SESSION-e00c0cf74d0af603	SESSION-e00c0cf74d0af603 → pe:syn:SESSION-e00c0cf74d0af603
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be196df3d425cb31:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-be196df3d425cb31 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ddc60a1db971e20b:flow:57ec7a959b8f	SESSION-ddc60a1db971e20b → flow:57ec7a959b8f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-55d5dc737e01c0f7:flow:5af80fbf2441	SESSION-55d5dc737e01c0f7 → flow:5af80fbf2441
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd6f9b80bb02e0f5:host:172.234.197.23	SESSION-fd6f9b80bb02e0f5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f15dcbaf5ef33ebd:host:131.196.29.230:host:172.234.197.23	SESSION-f15dcbaf5ef33ebd → host:131.196.29.230 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41957bf4b3a50ded:host:177.10.234.186	SESSION-41957bf4b3a50ded → host:177.10.234.186
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6a936b4b3a73fb0c:host:177.10.233.35:host:172.234.197.23	SESSION-6a936b4b3a73fb0c → host:177.10.233.35 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-40a7926fcdf458e7:SESSION-40a7926fcdf458e7	SESSION-40a7926fcdf458e7 → pe:tls:SESSION-40a7926fcdf458e7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd4d686620f5fc14:host:172.234.197.23	SESSION-cd4d686620f5fc14 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7391507b773a5722:host:131.196.31.92:host:172.234.197.23	SESSION-7391507b773a5722 → host:131.196.31.92 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fc1282909254587:host:103.230.240.59	SESSION-7fc1282909254587 → host:103.230.240.59
flow_observed5-aryOBS	e:fo:flow:eb6036ee9b02	flow:eb6036ee9b02 → host:177.10.236.242 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:aae2eedc2eb2	flow:aae2eedc2eb2 → host:172.234.197.23 → host:177.10.239.129 → port:tcp:22 → svc:ssh
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8224ed8c82963e52:SESSION-8224ed8c82963e52	SESSION-8224ed8c82963e52 → pe:tls:SESSION-8224ed8c82963e52
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-31de31d3c82f498d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-31de31d3c82f498d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:7247acb14be4	flow:7247acb14be4 → host:131.196.28.113 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-712d2d82579af730:flow:3a0edaf239a2	SESSION-712d2d82579af730 → flow:3a0edaf239a2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-045546313cbf5843:PCAP:capture_20260430060001:919b39a74464	SESSION-045546313cbf5843 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:16d8e26d4cd3:port:tcp:443	flow:16d8e26d4cd3 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5e72c530de39a222:flow:e676589bf44a	SESSION-5e72c530de39a222 → flow:e676589bf44a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-86f48b7df98fd466:host:177.10.234.252:host:172.234.197.23	SESSION-86f48b7df98fd466 → host:177.10.234.252 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e115bc688365a9e7:host:172.234.197.23	SESSION-e115bc688365a9e7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8f8f919bfd11f34b:host:177.10.237.237:host:172.234.197.23	SESSION-8f8f919bfd11f34b → host:177.10.237.237 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b4419d123b2f0e3:host:177.10.232.253	SESSION-6b4419d123b2f0e3 → host:177.10.232.253
FLOW_FROM_HOSTOBS	e:from:SESSION-cb29ab40cdae1c01:host:177.10.237.18	SESSION-cb29ab40cdae1c01 → host:177.10.237.18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ae6c5a18819e9434:SESSION-ae6c5a18819e9434	SESSION-ae6c5a18819e9434 → pe:syn:SESSION-ae6c5a18819e9434
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8fbacc1128a5208:host:177.10.237.118:host:172.234.197.23	SESSION-c8fbacc1128a5208 → host:177.10.237.118 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7b8d0e25502f89d2:host:16.112.8.242	SESSION-7b8d0e25502f89d2 → host:16.112.8.242
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b9a69c63a7b588de:flow:0b10262f1f04	SESSION-b9a69c63a7b588de → flow:0b10262f1f04
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c56dcfb05d3a50ba:flow:5b7a93415de8	SESSION-c56dcfb05d3a50ba → flow:5b7a93415de8
FLOW_DST_PORTOBS	e:fp:flow:3996441ab8c9:port:tcp:443	flow:3996441ab8c9 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:d73bdfc32a0d:port:tcp:443	flow:d73bdfc32a0d → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cbaaa2b8364f7158:host:45.173.156.136:host:172.234.197.23	SESSION-cbaaa2b8364f7158 → host:45.173.156.136 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-30ddbb300887e80e:SESSION-30ddbb300887e80e	SESSION-30ddbb300887e80e → pe:syn:SESSION-30ddbb300887e80e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1898da4930ba04f2:SESSION-1898da4930ba04f2	SESSION-1898da4930ba04f2 → pe:tls:SESSION-1898da4930ba04f2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-74505beccb017396:host:177.10.238.69:host:172.234.197.23	SESSION-74505beccb017396 → host:177.10.238.69 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b8fce0c61e3d0bf9:flow:b7df95edcb5d	SESSION-b8fce0c61e3d0bf9 → flow:b7df95edcb5d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f0dd74fd8f314e65:flow:1b72c9d06898	SESSION-f0dd74fd8f314e65 → flow:1b72c9d06898
FLOW_FROM_HOSTOBS	e:from:SESSION-9d9ed6ae798457b7:host:177.10.236.239	SESSION-9d9ed6ae798457b7 → host:177.10.236.239
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86b61cf52362ae86:host:172.234.197.23	SESSION-86b61cf52362ae86 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9a44c5cb5ea1	flow:9a44c5cb5ea1 → host:177.10.235.228 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-d8b9309f53afd487:host:45.173.156.162	SESSION-d8b9309f53afd487 → host:45.173.156.162
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-04a75396d111d878:flow:e4145940b979	SESSION-04a75396d111d878 → flow:e4145940b979
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-017fcd2c03e3a5c1:SESSION-017fcd2c03e3a5c1	SESSION-017fcd2c03e3a5c1 → pe:syn:SESSION-017fcd2c03e3a5c1
flow_observed4-aryOBS	e:fo:flow:a30bb5948cc0	flow:a30bb5948cc0 → host:172.234.197.23 → host:45.173.156.44 → port:tcp:18088
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-98030dd572a97d39:SESSION-98030dd572a97d39	SESSION-98030dd572a97d39 → pe:syn:SESSION-98030dd572a97d39
FLOW_FROM_HOSTOBS	e:from:SESSION-352588f71ded414b:host:172.234.197.23	SESSION-352588f71ded414b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-07675572faa18905:SESSION-07675572faa18905	SESSION-07675572faa18905 → pe:tls:SESSION-07675572faa18905
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-16b002b5a5ba0e61:SESSION-16b002b5a5ba0e61	SESSION-16b002b5a5ba0e61 → pe:tls:SESSION-16b002b5a5ba0e61
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-420c45d015462611:host:177.10.238.84	SESSION-420c45d015462611 → host:177.10.238.84
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fae3464e58310370:SESSION-fae3464e58310370	SESSION-fae3464e58310370 → pe:syn:SESSION-fae3464e58310370
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-b6ebe77d02701b58:SESSION-b6ebe77d02701b58	SESSION-b6ebe77d02701b58 → pe:rst:SESSION-b6ebe77d02701b58
FLOW_TO_HOSTOBS	e:to:SESSION-474ea5236769f0a3:host:172.234.197.23	SESSION-474ea5236769f0a3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fd57eb7fcad3510c:host:177.10.234.60	SESSION-fd57eb7fcad3510c → host:177.10.234.60
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aecaf39909333efc:flow:78589cc764f0	SESSION-aecaf39909333efc → flow:78589cc764f0
FLOW_DST_PORTOBS	e:fp:flow:d6d0c5309c54:port:tcp:443	flow:d6d0c5309c54 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b8a95576c112cc14:SESSION-b8a95576c112cc14	SESSION-b8a95576c112cc14 → pe:tls:SESSION-b8a95576c112cc14
flow_observed5-aryOBS	e:fo:flow:1bfbe4aa0061	flow:1bfbe4aa0061 → host:177.10.238.194 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ee4167cf60ac81c3:SESSION-ee4167cf60ac81c3	SESSION-ee4167cf60ac81c3 → pe:tls:SESSION-ee4167cf60ac81c3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c6f6eb6f56b12c37:flow:76ee58955fc5	SESSION-c6f6eb6f56b12c37 → flow:76ee58955fc5
FLOW_DST_PORTOBS	e:fp:flow:f1ecdce381ef:port:tcp:443	flow:f1ecdce381ef → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:260ed1123d22:port:tcp:443	flow:260ed1123d22 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e4ae2c6ddba3051:host:172.234.197.23	SESSION-7e4ae2c6ddba3051 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:33f4b3008bff:port:tcp:443	flow:33f4b3008bff → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-206979254a17108f:PCAP:capture_20260430060001:919b39a74464	SESSION-206979254a17108f → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-2db2b0c2312c18a1:host:172.234.197.23	SESSION-2db2b0c2312c18a1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:eec957513426:port:tcp:8043	flow:eec957513426 → port:tcp:8043
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f00ab97ef4b401c8:host:177.10.234.243	SESSION-f00ab97ef4b401c8 → host:177.10.234.243
FLOW_FROM_HOSTOBS	e:from:SESSION-cff48a7a06adcd8f:host:45.173.156.92	SESSION-cff48a7a06adcd8f → host:45.173.156.92
FLOW_TO_HOSTOBS	e:to:SESSION-7b8f87145037449c:host:172.234.197.23	SESSION-7b8f87145037449c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-574ff4efae76e1f7:flow:b64d5290bb69	SESSION-574ff4efae76e1f7 → flow:b64d5290bb69
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ced8040d8221dfbc:host:177.10.232.55	SESSION-ced8040d8221dfbc → host:177.10.232.55
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b97d7b281ae973a8:host:177.10.237.196	SESSION-b97d7b281ae973a8 → host:177.10.237.196
FLOW_FROM_HOSTOBS	e:from:SESSION-bb512b6db53333ff:host:172.234.197.23	SESSION-bb512b6db53333ff → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b8107d9388b9d334:host:131.196.30.227	SESSION-b8107d9388b9d334 → host:131.196.30.227
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-204050056bc27f05:host:177.10.234.193	SESSION-204050056bc27f05 → host:177.10.234.193
FLOW_FROM_HOSTOBS	e:from:SESSION-b792e9866f7563b8:host:177.10.235.95	SESSION-b792e9866f7563b8 → host:177.10.235.95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-75f19254cb816cbd:SESSION-75f19254cb816cbd	SESSION-75f19254cb816cbd → pe:rst:SESSION-75f19254cb816cbd
flow_observed5-aryOBS	e:fo:flow:4f46f15c4cff	flow:4f46f15c4cff → host:45.173.156.158 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.75:asn:271410	host:131.196.28.75 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f255eba3b0795a16:SESSION-f255eba3b0795a16	SESSION-f255eba3b0795a16 → pe:syn:SESSION-f255eba3b0795a16
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d941eb7985d54eff:flow:3e4fd7e6d9e6	SESSION-d941eb7985d54eff → flow:3e4fd7e6d9e6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3f275f56cd4e0d64:flow:ce592ad1e762	SESSION-3f275f56cd4e0d64 → flow:ce592ad1e762
FLOW_DST_PORTOBS	e:fp:flow:49941ca50d63:port:tcp:443	flow:49941ca50d63 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-843bbb86e5601bd5:host:131.196.31.142	SESSION-843bbb86e5601bd5 → host:131.196.31.142
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.242:geo_-16.28860_-49.01640	host:177.10.236.242 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-3553d3f3f842e7ac:host:51.210.99.95	SESSION-3553d3f3f842e7ac → host:51.210.99.95
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.29:geo_-16.28860_-49.01640	host:177.10.234.29 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-9f0699d4f0c2d48e:host:172.234.197.23	SESSION-9f0699d4f0c2d48e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74188080b03487af:host:45.173.156.201	SESSION-74188080b03487af → host:45.173.156.201
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dd9f2ee14ec6ee20:host:131.196.30.135:host:172.234.197.23	SESSION-dd9f2ee14ec6ee20 → host:131.196.30.135 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-be4f81bef58a140b:SESSION-be4f81bef58a140b	SESSION-be4f81bef58a140b → pe:syn:SESSION-be4f81bef58a140b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c9754d7075a4d12:host:131.196.30.36	SESSION-5c9754d7075a4d12 → host:131.196.30.36
flow_observed4-aryOBS	e:fo:flow:3aba5c7bc19b	flow:3aba5c7bc19b → host:172.234.197.23 → host:177.10.236.191 → port:tcp:33060
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-89c2fe6aad8232be:SESSION-89c2fe6aad8232be	SESSION-89c2fe6aad8232be → pe:tls:SESSION-89c2fe6aad8232be
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b9fb0652618e8095:flow:392578212bd8	SESSION-b9fb0652618e8095 → flow:392578212bd8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa372e44ee6fb3e7:SESSION-aa372e44ee6fb3e7	SESSION-aa372e44ee6fb3e7 → pe:syn:SESSION-aa372e44ee6fb3e7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d37583bcd3c19c57:PCAP:capture_20260427210001:f654efae4e3b	SESSION-d37583bcd3c19c57 → PCAP:capture_20260427210001:f654efae4e3b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85683c3aa8c095db:host:172.234.197.23	SESSION-85683c3aa8c095db → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8fcd4a12026b870e:host:131.196.31.98	SESSION-8fcd4a12026b870e → host:131.196.31.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c532caa5d41cfcbc:SESSION-c532caa5d41cfcbc	SESSION-c532caa5d41cfcbc → pe:tls:SESSION-c532caa5d41cfcbc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1f6bbc079dc776bc:PCAP:capture_20260430060001:919b39a74464	SESSION-1f6bbc079dc776bc → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-02ee946ab454bede:host:172.234.197.23	SESSION-02ee946ab454bede → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c24aca5564d2ae55:host:172.234.197.23	SESSION-c24aca5564d2ae55 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-24763432928200fc:flow:71bd70153854	SESSION-24763432928200fc → flow:71bd70153854
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4793a163d681d0d0:host:172.234.197.23	SESSION-4793a163d681d0d0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8bdafe91f45dd428:SESSION-8bdafe91f45dd428	SESSION-8bdafe91f45dd428 → pe:syn:SESSION-8bdafe91f45dd428
FLOW_TO_HOSTOBS	e:to:SESSION-65aa50b6e4bd0a70:host:172.234.197.23	SESSION-65aa50b6e4bd0a70 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.207:geo_-23.62930_-46.63510	host:131.196.30.207 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-01716d55cf2099e5:SESSION-01716d55cf2099e5	SESSION-01716d55cf2099e5 → pe:syn:SESSION-01716d55cf2099e5
flow_observed5-aryOBS	e:fo:flow:bf7124d1d463	flow:bf7124d1d463 → host:177.10.239.118 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7549effe520d0229:host:172.234.197.23	SESSION-7549effe520d0229 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c70bd35e108ab91c:SESSION-c70bd35e108ab91c	SESSION-c70bd35e108ab91c → pe:tls:SESSION-c70bd35e108ab91c
FLOW_TO_HOSTOBS	e:to:SESSION-d6eb1289c3370840:host:131.196.28.129	SESSION-d6eb1289c3370840 → host:131.196.28.129
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-926d10c9776453b9:host:172.234.197.23	SESSION-926d10c9776453b9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3cf945d3d1ddd41:host:172.234.197.23	SESSION-f3cf945d3d1ddd41 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e50b84c66ab32ef:host:177.10.239.105	SESSION-7e50b84c66ab32ef → host:177.10.239.105
FLOW_DST_PORTOBS	e:fp:flow:3f89af1089fc:port:tcp:443	flow:3f89af1089fc → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-80f99961f353c40e:host:172.234.197.23	SESSION-80f99961f353c40e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2bf5c26caf57dc4e:host:172.234.197.23	SESSION-2bf5c26caf57dc4e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ad31d7217a236b09:SESSION-ad31d7217a236b09	SESSION-ad31d7217a236b09 → pe:syn:SESSION-ad31d7217a236b09
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9eddb8081d100874:flow:89c3e525673a	SESSION-9eddb8081d100874 → flow:89c3e525673a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7d9537ea92aed5d6:host:177.10.237.84:host:172.234.197.23	SESSION-7d9537ea92aed5d6 → host:177.10.237.84 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:49f2a7783588	flow:49f2a7783588 → host:177.10.236.120 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.242:asn:262880	host:177.10.232.242 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ac21eed532c969e:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-6ac21eed532c969e → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54c75738c2308981:host:35.94.26.156	SESSION-54c75738c2308981 → host:35.94.26.156
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.23:geo_-23.62930_-46.63510	host:131.196.29.23 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:76cca1c9d93a	flow:76cca1c9d93a → host:177.10.238.9 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4dd5260308cf6ea:SESSION-c4dd5260308cf6ea	SESSION-c4dd5260308cf6ea → pe:tls:SESSION-c4dd5260308cf6ea
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8aa4413fe5db5235:flow:28d85fd4eba1	SESSION-8aa4413fe5db5235 → flow:28d85fd4eba1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-86f296cd3a39a7c2:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-86f296cd3a39a7c2 → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed5-aryOBS	e:fo:flow:863ca651e2af	flow:863ca651e2af → host:177.10.239.113 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.5:geo_-16.28860_-49.01640	host:177.10.235.5 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-b03f12d359ceed54:host:172.234.197.23	SESSION-b03f12d359ceed54 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fed96f9f16ada01c:host:172.234.197.23	SESSION-fed96f9f16ada01c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-40497d6996ef2088:flow:146c3f6b23cc	SESSION-40497d6996ef2088 → flow:146c3f6b23cc
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.44:geo_-16.28860_-49.01640	host:177.10.238.44 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-660bfab63a10a518:SESSION-660bfab63a10a518	SESSION-660bfab63a10a518 → pe:syn:SESSION-660bfab63a10a518
FLOW_FROM_HOSTOBS	e:from:SESSION-c0bc704eff4d88e9:host:177.10.236.31	SESSION-c0bc704eff4d88e9 → host:177.10.236.31
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.202:geo_-16.28860_-49.01640	host:177.10.237.202 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-708abc4c81aa7c60:SESSION-708abc4c81aa7c60	SESSION-708abc4c81aa7c60 → pe:tls:SESSION-708abc4c81aa7c60
FLOW_TO_HOSTOBS	e:to:SESSION-59a5b7880376a89f:host:172.234.197.23	SESSION-59a5b7880376a89f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1d384de4bfeb31c0:SESSION-1d384de4bfeb31c0	SESSION-1d384de4bfeb31c0 → pe:syn:SESSION-1d384de4bfeb31c0
FLOW_DST_PORTOBS	e:fp:flow:bd9b4d688669:port:tcp:443	flow:bd9b4d688669 → port:tcp:443
flow_observed3-aryOBS	e:fo:flow:7b01c5d746c3	flow:7b01c5d746c3 → host:34.216.76.26 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7c6e69b3f05bcd99:host:172.234.197.23	SESSION-7c6e69b3f05bcd99 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-76bcf8447ee973fd:SESSION-76bcf8447ee973fd	SESSION-76bcf8447ee973fd → pe:tls:SESSION-76bcf8447ee973fd
FLOW_FROM_HOSTOBS	e:from:SESSION-5257ce7e592379ae:host:3.103.16.171	SESSION-5257ce7e592379ae → host:3.103.16.171
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eadf7b6ccdd54c7f:host:177.10.236.153	SESSION-eadf7b6ccdd54c7f → host:177.10.236.153
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-998c67ab79f4e23e:host:177.10.236.122:host:172.234.197.23	SESSION-998c67ab79f4e23e → host:177.10.236.122 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5a59556c261862d:host:131.196.29.244:host:172.234.197.23	SESSION-b5a59556c261862d → host:131.196.29.244 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.116:geo_-16.28860_-49.01640	host:177.10.235.116 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f9479b510131ce6c:flow:ff51aea43c4b	SESSION-f9479b510131ce6c → flow:ff51aea43c4b
flow_observed5-aryOBS	e:fo:flow:392578212bd8	flow:392578212bd8 → host:177.10.233.120 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-a390ade8fe745ada:host:172.234.197.23	SESSION-a390ade8fe745ada → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-36d925db3c3b2591:host:177.10.235.61	SESSION-36d925db3c3b2591 → host:177.10.235.61
FLOW_DST_PORTOBS	e:fp:flow:64b9edd120d2:port:tcp:443	flow:64b9edd120d2 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.125:asn:203771	host:31.40.196.125 → asn:203771
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e225557ebe736948:host:172.234.197.23:host:131.196.30.28	SESSION-e225557ebe736948 → host:172.234.197.23 → host:131.196.30.28
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-11a1cfec66708475:PCAP:capture_20260430080001:93f47cc296a4	SESSION-11a1cfec66708475 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-57d2db6c2c177c2e:host:177.10.237.138:host:172.234.197.23	SESSION-57d2db6c2c177c2e → host:177.10.237.138 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8d921ace7c85ce9:host:177.10.238.238	SESSION-d8d921ace7c85ce9 → host:177.10.238.238
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dfd5cbc4ed1c485c:host:177.10.234.166	SESSION-dfd5cbc4ed1c485c → host:177.10.234.166
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c54b7fde1829c775:SESSION-c54b7fde1829c775	SESSION-c54b7fde1829c775 → pe:tls:SESSION-c54b7fde1829c775
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d7eebeca6a52636:host:177.10.233.16	SESSION-6d7eebeca6a52636 → host:177.10.233.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3483d96fbaf632b7:SESSION-3483d96fbaf632b7	SESSION-3483d96fbaf632b7 → pe:tls:SESSION-3483d96fbaf632b7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-029d1f2d00b0343a:SESSION-029d1f2d00b0343a	SESSION-029d1f2d00b0343a → pe:syn:SESSION-029d1f2d00b0343a
FLOW_DST_PORTOBS	e:fp:flow:49c4bc3f2b08:port:tcp:443	flow:49c4bc3f2b08 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:444d77b86e60	flow:444d77b86e60 → host:177.10.236.239 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9ffa027db374a629:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9ffa027db374a629 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8402a55882de6bd8:flow:32d972b9f5d8	SESSION-8402a55882de6bd8 → flow:32d972b9f5d8
FLOW_DST_PORTOBS	e:fp:flow:3768c31ca8cd:port:tcp:48322	flow:3768c31ca8cd → port:tcp:48322
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-924bf50c0164bb1b:SESSION-924bf50c0164bb1b	SESSION-924bf50c0164bb1b → pe:tls:SESSION-924bf50c0164bb1b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37fa495f79e351e9:host:131.196.28.88	SESSION-37fa495f79e351e9 → host:131.196.28.88
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f0d0c8f73043707f:flow:17775a63eba4	SESSION-f0d0c8f73043707f → flow:17775a63eba4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94f070a5530c9e09:host:172.234.197.23	SESSION-94f070a5530c9e09 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:10758d6a819f	flow:10758d6a819f → host:177.10.232.213 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-e39b76c4ba6c4cf6:host:172.234.197.23	SESSION-e39b76c4ba6c4cf6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3bec1644a83cc4e1:SESSION-3bec1644a83cc4e1	SESSION-3bec1644a83cc4e1 → pe:syn:SESSION-3bec1644a83cc4e1
flow_observed4-aryOBS	e:fo:flow:03d650cc5418	flow:03d650cc5418 → host:172.234.197.23 → host:177.10.234.91 → port:tcp:61025
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a11bbc1f12398e3:SESSION-0a11bbc1f12398e3	SESSION-0a11bbc1f12398e3 → pe:syn:SESSION-0a11bbc1f12398e3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ec928f375ba591f1:host:45.173.156.26:host:172.234.197.23	SESSION-ec928f375ba591f1 → host:45.173.156.26 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e5a933b86812e122:flow:21bf07083353	SESSION-e5a933b86812e122 → flow:21bf07083353
FLOW_DST_PORTOBS	e:fp:flow:4af1e8dbb35f:port:tcp:443	flow:4af1e8dbb35f → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-96b1920351aaff79:host:131.196.30.43	SESSION-96b1920351aaff79 → host:131.196.30.43
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9f6479625c7774ad:SESSION-9f6479625c7774ad	SESSION-9f6479625c7774ad → pe:syn:SESSION-9f6479625c7774ad
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.168:asn:271410	host:131.196.30.168 → asn:271410
flow_observed5-aryOBS	e:fo:flow:27c337ce6ac9	flow:27c337ce6ac9 → host:177.10.235.59 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.36:asn:273470	host:45.173.156.36 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f800f90b92d1e01:host:44.246.129.80:host:172.234.197.23	SESSION-4f800f90b92d1e01 → host:44.246.129.80 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:30a23d21f13c:port:tcp:443	flow:30a23d21f13c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aae7a2cdf7b4e8cc:SESSION-aae7a2cdf7b4e8cc	SESSION-aae7a2cdf7b4e8cc → pe:syn:SESSION-aae7a2cdf7b4e8cc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7549effe520d0229:host:177.10.239.25:host:172.234.197.23	SESSION-7549effe520d0229 → host:177.10.239.25 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5b7ec051587501bc:host:172.234.197.23	SESSION-5b7ec051587501bc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9cb4473bd3389dab:host:172.234.197.23	SESSION-9cb4473bd3389dab → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b977b804ba3f4edd:flow:f0632fcdd97f	SESSION-b977b804ba3f4edd → flow:f0632fcdd97f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-31f4941ab57ed47b:SESSION-31f4941ab57ed47b	SESSION-31f4941ab57ed47b → pe:syn:SESSION-31f4941ab57ed47b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f30fa3bd65a965fa:host:172.234.197.23	SESSION-f30fa3bd65a965fa → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-937317105ded9efa:host:177.10.234.93	SESSION-937317105ded9efa → host:177.10.234.93
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3d1337acddb52863:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-3d1337acddb52863 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-d31138dfabe85cd6:host:131.196.30.90	SESSION-d31138dfabe85cd6 → host:131.196.30.90
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.95:asn:262880	host:177.10.233.95 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.225:geo_-16.28860_-49.01640	host:177.10.237.225 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.87:geo_-16.28860_-49.01640	host:177.10.237.87 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1311876ef555b88e:host:172.234.197.23	SESSION-1311876ef555b88e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0c2ade1f884a:port:tcp:443	flow:0c2ade1f884a → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:07b0ac783a43	flow:07b0ac783a43 → host:131.196.28.39 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08b25d9f54ecadf2:host:177.10.238.186	SESSION-08b25d9f54ecadf2 → host:177.10.238.186
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-52e1254f2f15b333:SESSION-52e1254f2f15b333	SESSION-52e1254f2f15b333 → pe:tls:SESSION-52e1254f2f15b333
FLOW_FROM_HOSTOBS	e:from:SESSION-77da6a9292c08caa:host:177.10.232.20	SESSION-77da6a9292c08caa → host:177.10.232.20
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f40f233058919cef:SESSION-f40f233058919cef	SESSION-f40f233058919cef → pe:syn:SESSION-f40f233058919cef
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-17e08e972fb579a9:PCAP:capture_20260430050001:8868731bf8a4	SESSION-17e08e972fb579a9 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-15539e18bbfcb0e8:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-15539e18bbfcb0e8 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2560fc1185e4e3e7:SESSION-2560fc1185e4e3e7	SESSION-2560fc1185e4e3e7 → pe:tls:SESSION-2560fc1185e4e3e7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-12c594123030dc05:host:172.234.197.23	SESSION-12c594123030dc05 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6aa2ce807ac3d210:host:172.234.197.23	SESSION-6aa2ce807ac3d210 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f8382ccd890fe862:host:172.234.197.23	SESSION-f8382ccd890fe862 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bdbc4c9f7cbfe0c2:host:177.10.235.132:host:172.234.197.23	SESSION-bdbc4c9f7cbfe0c2 → host:177.10.235.132 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-14cb036847147428:host:172.234.197.23	SESSION-14cb036847147428 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7ff40ca0c390500b:SESSION-7ff40ca0c390500b	SESSION-7ff40ca0c390500b → pe:syn:SESSION-7ff40ca0c390500b
FLOW_TO_HOSTOBS	e:to:SESSION-8feeff9d44d6e844:host:177.10.239.189	SESSION-8feeff9d44d6e844 → host:177.10.239.189
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f910dce05c4c16f4:host:177.10.235.227	SESSION-f910dce05c4c16f4 → host:177.10.235.227
flow_observed4-aryOBS	e:fo:flow:da5b9ad5f17e	flow:da5b9ad5f17e → host:172.234.197.23 → host:131.196.29.41 → port:tcp:63780
FLOW_FROM_HOSTOBS	e:from:SESSION-755eaab432e9c6a6:host:177.10.233.54	SESSION-755eaab432e9c6a6 → host:177.10.233.54
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c315b0bf7f59a30:host:131.196.28.115	SESSION-1c315b0bf7f59a30 → host:131.196.28.115
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-44cdc048c80875b5:flow:268abe73678d	SESSION-44cdc048c80875b5 → flow:268abe73678d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-20b594788160c43c:flow:edb8df6f40af	SESSION-20b594788160c43c → flow:edb8df6f40af
FLOW_TO_HOSTOBS	e:to:SESSION-745809bcd8ad6979:host:172.234.197.23	SESSION-745809bcd8ad6979 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1e0550020c1215cf:host:172.234.197.23:host:131.196.28.16	SESSION-1e0550020c1215cf → host:172.234.197.23 → host:131.196.28.16
FLOW_TO_HOSTOBS	e:to:SESSION-fa0b840fdb1355d3:host:172.234.197.23	SESSION-fa0b840fdb1355d3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d0153bfe1e0550f7:host:172.234.197.23	SESSION-d0153bfe1e0550f7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3e5a346c4f0315a5:host:172.234.197.23	SESSION-3e5a346c4f0315a5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7af80619f13211ba:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-7af80619f13211ba → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-365dad18baa46a43:flow:8d40970d8b7f	SESSION-365dad18baa46a43 → flow:8d40970d8b7f
FLOW_DST_PORTOBS	e:fp:flow:a7995a0a82ed:port:tcp:443	flow:a7995a0a82ed → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6010f1ab3b1ee9c7:SESSION-6010f1ab3b1ee9c7	SESSION-6010f1ab3b1ee9c7 → pe:syn:SESSION-6010f1ab3b1ee9c7
flow_observed3-aryOBS	e:fo:flow:ee0c18d7903c	flow:ee0c18d7903c → host:54.201.244.199 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40f1f2214a3951bb:host:177.10.239.84	SESSION-40f1f2214a3951bb → host:177.10.239.84
flow_observed5-aryOBS	e:fo:flow:db1b5ef81e78	flow:db1b5ef81e78 → host:131.196.31.78 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ca55f398b8ed07e1:SESSION-ca55f398b8ed07e1	SESSION-ca55f398b8ed07e1 → pe:tls:SESSION-ca55f398b8ed07e1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cf286e26fb783f2f:SESSION-cf286e26fb783f2f	SESSION-cf286e26fb783f2f → pe:syn:SESSION-cf286e26fb783f2f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f6061b9b172c119c:PCAP:capture_20260430110001:43611bdf6759	SESSION-f6061b9b172c119c → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.122:asn:262880	host:177.10.238.122 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-19009ef53e5ab2ef:host:172.234.197.23	SESSION-19009ef53e5ab2ef → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f778ec59760ca534:host:40.177.218.231:host:172.234.197.23	SESSION-f778ec59760ca534 → host:40.177.218.231 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-303cd1de44c58c29:flow:46adb11afed3	SESSION-303cd1de44c58c29 → flow:46adb11afed3
FLOW_TO_HOSTOBS	e:to:SESSION-78b89cf411e3ebb4:host:131.196.31.190	SESSION-78b89cf411e3ebb4 → host:131.196.31.190
FLOW_FROM_HOSTOBS	e:from:SESSION-68e98907ffe6aa24:host:172.234.197.23	SESSION-68e98907ffe6aa24 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.144:geo_-16.28860_-49.01640	host:177.10.235.144 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-7240be1eb77ed4f4:host:177.10.237.226	SESSION-7240be1eb77ed4f4 → host:177.10.237.226
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ec4c9189aa8273c:host:177.10.237.182	SESSION-2ec4c9189aa8273c → host:177.10.237.182
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-33075a11d7099c2b:flow:8eec8996c56b	SESSION-33075a11d7099c2b → flow:8eec8996c56b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eaed9d07c71d3d80:SESSION-eaed9d07c71d3d80	SESSION-eaed9d07c71d3d80 → pe:tls:SESSION-eaed9d07c71d3d80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-414103fa622913fc:host:172.234.197.23	SESSION-414103fa622913fc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ddc82f590dd8a411:host:172.234.197.23	SESSION-ddc82f590dd8a411 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14b61e43a384fdb4:host:177.10.235.70	SESSION-14b61e43a384fdb4 → host:177.10.235.70
flow_observed5-aryOBS	e:fo:flow:976bb746bf02	flow:976bb746bf02 → host:131.196.28.207 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-c24aca5564d2ae55:host:54.87.95.7	SESSION-c24aca5564d2ae55 → host:54.87.95.7
flow_observed4-aryOBS	e:fo:flow:ffb54c9ed747	flow:ffb54c9ed747 → host:172.234.197.23 → host:45.173.156.51 → port:tcp:23614
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fbd574144622ed91:PCAP:capture_20260430160001:9bfa4498506a	SESSION-fbd574144622ed91 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2387fa1f153c5b33:SESSION-2387fa1f153c5b33	SESSION-2387fa1f153c5b33 → pe:tls:SESSION-2387fa1f153c5b33
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ead27f853a5aab01:host:177.10.232.240	SESSION-ead27f853a5aab01 → host:177.10.232.240
FLOW_FROM_HOSTOBS	e:from:SESSION-bc3cb32f8be8837a:host:177.10.237.204	SESSION-bc3cb32f8be8837a → host:177.10.237.204
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6353435fcd827ef1:flow:d1cae011c215	SESSION-6353435fcd827ef1 → flow:d1cae011c215
FLOW_FROM_HOSTOBS	e:from:SESSION-56ec76ae342b7ee6:host:131.196.29.192	SESSION-56ec76ae342b7ee6 → host:131.196.29.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae94ea8b15b44736:host:177.10.232.1	SESSION-ae94ea8b15b44736 → host:177.10.232.1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7fea0326f1ddbdfc:flow:9baedb01cc14	SESSION-7fea0326f1ddbdfc → flow:9baedb01cc14
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1eb9812de4c91c82:host:177.10.236.71:host:172.234.197.23	SESSION-1eb9812de4c91c82 → host:177.10.236.71 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b60cd26b4cd717ea:host:177.10.235.226:host:172.234.197.23	SESSION-b60cd26b4cd717ea → host:177.10.235.226 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.211:geo_-21.10010_-41.69200	host:45.173.156.211 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a78d91cebd5172f:host:131.196.30.95	SESSION-5a78d91cebd5172f → host:131.196.30.95
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0d59ff2f2672e21c:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0d59ff2f2672e21c → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-718b3dc95b6876be:host:172.234.197.23	SESSION-718b3dc95b6876be → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:515c2b7595f3:port:tcp:20807	flow:515c2b7595f3 → port:tcp:20807
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f43bb83d69743819:SESSION-f43bb83d69743819	SESSION-f43bb83d69743819 → pe:syn:SESSION-f43bb83d69743819
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83d893adc4ebe669:host:131.196.28.151	SESSION-83d893adc4ebe669 → host:131.196.28.151
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.189:asn:262880	host:177.10.235.189 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.151:asn:262880	host:177.10.236.151 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e034fcb399102895:flow:d3ddefa260d1	SESSION-e034fcb399102895 → flow:d3ddefa260d1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6394463f1caee3eb:host:172.234.197.23	SESSION-6394463f1caee3eb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ead4b2d62c5ebfd2:host:172.234.197.23	SESSION-ead4b2d62c5ebfd2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-493920f19ab5585b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-493920f19ab5585b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-24ac712a23adf430:host:177.10.232.83:host:172.234.197.23	SESSION-24ac712a23adf430 → host:177.10.232.83 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a093cc81b878:port:tcp:443	flow:a093cc81b878 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-61aa57a35ec0da02:host:172.234.197.23	SESSION-61aa57a35ec0da02 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:532dba0a48d5	flow:532dba0a48d5 → host:177.10.237.10 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-149428cb73969f2b:SESSION-149428cb73969f2b	SESSION-149428cb73969f2b → pe:syn:SESSION-149428cb73969f2b
FLOW_TO_HOSTOBS	e:to:SESSION-f320997aa88d5819:host:172.234.197.23	SESSION-f320997aa88d5819 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f105059d1ed0a542:SESSION-f105059d1ed0a542	SESSION-f105059d1ed0a542 → pe:tls:SESSION-f105059d1ed0a542
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d55d0fcf91e9ec79:SESSION-d55d0fcf91e9ec79	SESSION-d55d0fcf91e9ec79 → pe:tls:SESSION-d55d0fcf91e9ec79
FLOW_FROM_HOSTOBS	e:from:SESSION-d24a424002821105:host:131.196.31.136	SESSION-d24a424002821105 → host:131.196.31.136
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-53fc35cd2bdb80ce:PCAP:capture_20260430090001:065659c7d314	SESSION-53fc35cd2bdb80ce → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bbc35343aa20f600:host:172.234.197.23	SESSION-bbc35343aa20f600 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee402158031a28f0:host:177.10.235.152	SESSION-ee402158031a28f0 → host:177.10.235.152
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fb6fbeeb95cb61c8:flow:7c50ecd71f79	SESSION-fb6fbeeb95cb61c8 → flow:7c50ecd71f79
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cfe71d52ef2e928b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-cfe71d52ef2e928b → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-0bf5b48d5bcb9503:host:131.196.31.18	SESSION-0bf5b48d5bcb9503 → host:131.196.31.18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f9e2f07f7ea20074:SESSION-f9e2f07f7ea20074	SESSION-f9e2f07f7ea20074 → pe:syn:SESSION-f9e2f07f7ea20074
FLOW_FROM_HOSTOBS	e:from:SESSION-5e8651e0c063dc0a:host:172.234.197.23	SESSION-5e8651e0c063dc0a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.35:geo_-16.28860_-49.01640	host:177.10.233.35 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b9d0d1a45a4e9ec7:host:144.76.23.34:host:172.234.197.23	SESSION-b9d0d1a45a4e9ec7 → host:144.76.23.34 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-11c0fc2d370ea41a:SESSION-11c0fc2d370ea41a	SESSION-11c0fc2d370ea41a → pe:syn:SESSION-11c0fc2d370ea41a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.107:asn:262880	host:177.10.238.107 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ddf07020985eed3:PCAP:capture_20260430060001:919b39a74464	SESSION-2ddf07020985eed3 → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4c0ceaca72bbee92:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4c0ceaca72bbee92 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:b955ab4d2cb1:port:tcp:443	flow:b955ab4d2cb1 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6490de849a8e5020:PCAP:capture_20260428010001:b1b402c7b202	SESSION-6490de849a8e5020 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-933bde1224d44bcc:host:177.10.235.205	SESSION-933bde1224d44bcc → host:177.10.235.205
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7edb52a0a7553f53:host:131.196.29.23	SESSION-7edb52a0a7553f53 → host:131.196.29.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1c47767899447038:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1c47767899447038 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-338b64f691539afb:host:177.10.232.130	SESSION-338b64f691539afb → host:177.10.232.130
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-465906ddd8becee4:BSG-BEACON-25317c1c1545	SESSION-465906ddd8becee4 → BSG-BEACON-25317c1c1545
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-835226e6e5119935:flow:782656ad87ac	SESSION-835226e6e5119935 → flow:782656ad87ac
FLOW_DST_PORTOBS	e:fp:flow:482a5bca40e0:port:tcp:443	flow:482a5bca40e0 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-31068e75a101287d:host:172.234.197.23	SESSION-31068e75a101287d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.47:asn:262880	host:177.10.233.47 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30195220eb2aa3f5:host:172.234.197.23	SESSION-30195220eb2aa3f5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-01fb4d6a9472c8c7:SESSION-01fb4d6a9472c8c7	SESSION-01fb4d6a9472c8c7 → pe:syn:SESSION-01fb4d6a9472c8c7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a8eb3ecb5c5b32a8:host:172.234.197.23	SESSION-a8eb3ecb5c5b32a8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc35857ee3808de8:SESSION-cc35857ee3808de8	SESSION-cc35857ee3808de8 → pe:syn:SESSION-cc35857ee3808de8
FLOW_DST_PORTOBS	e:fp:flow:bc2e7a97da0d:port:tcp:443	flow:bc2e7a97da0d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c6d8c2f7fc43f382:host:177.10.237.25	SESSION-c6d8c2f7fc43f382 → host:177.10.237.25
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1b588a91707aaaf:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d1b588a91707aaaf → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77c36ee0b21ed6bb:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-77c36ee0b21ed6bb → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e6238265b6cc9ea0:SESSION-e6238265b6cc9ea0	SESSION-e6238265b6cc9ea0 → pe:tls:SESSION-e6238265b6cc9ea0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6fea2a5b83daabbc:host:177.10.232.87	SESSION-6fea2a5b83daabbc → host:177.10.232.87
FLOW_DST_PORTOBS	e:fp:flow:c5897cd2d112:port:tcp:443	flow:c5897cd2d112 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1eb19142561b47ba:host:172.234.197.23:host:131.196.31.142	SESSION-1eb19142561b47ba → host:172.234.197.23 → host:131.196.31.142
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-13bd66b79cddeec8:flow:e9f3e4f3cf7e	SESSION-13bd66b79cddeec8 → flow:e9f3e4f3cf7e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-341468c084cc4cf3:SESSION-341468c084cc4cf3	SESSION-341468c084cc4cf3 → pe:syn:SESSION-341468c084cc4cf3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3524905b33baacd0:SESSION-3524905b33baacd0	SESSION-3524905b33baacd0 → pe:syn:SESSION-3524905b33baacd0
FLOW_DST_PORTOBS	e:fp:flow:c6fcd772e075:port:tcp:17407	flow:c6fcd772e075 → port:tcp:17407
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7828bb27afafcc71:host:172.234.197.23	SESSION-7828bb27afafcc71 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-befd285205c2bf8f:host:172.234.197.23	SESSION-befd285205c2bf8f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-94c9082e66baa6b5:SESSION-94c9082e66baa6b5	SESSION-94c9082e66baa6b5 → pe:tls:SESSION-94c9082e66baa6b5
FLOW_TO_HOSTOBS	e:to:SESSION-d8cc052a984adc75:host:45.173.156.13	SESSION-d8cc052a984adc75 → host:45.173.156.13
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a9b85b89d918f42:flow:31cbf3dba87c	SESSION-8a9b85b89d918f42 → flow:31cbf3dba87c
flow_observed4-aryOBS	e:fo:flow:c3c4fedf781f	flow:c3c4fedf781f → host:172.234.197.23 → host:177.10.235.255 → port:tcp:13080
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d31138dfabe85cd6:SESSION-d31138dfabe85cd6	SESSION-d31138dfabe85cd6 → pe:syn:SESSION-d31138dfabe85cd6
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.90:asn:271410	host:131.196.30.90 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:239d4ba05be9:port:tcp:32521	flow:239d4ba05be9 → port:tcp:32521
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3a6f73143abd0c86:SESSION-3a6f73143abd0c86	SESSION-3a6f73143abd0c86 → pe:tls:SESSION-3a6f73143abd0c86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9db977289667177f:SESSION-9db977289667177f	SESSION-9db977289667177f → pe:syn:SESSION-9db977289667177f
FLOW_DST_PORTOBS	e:fp:flow:77cfe94da839:port:tcp:443	flow:77cfe94da839 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-07c97e671e348352:SESSION-07c97e671e348352	SESSION-07c97e671e348352 → pe:syn:SESSION-07c97e671e348352
flow_observed5-aryOBS	e:fo:flow:b1e5035369fe	flow:b1e5035369fe → host:131.196.30.242 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8fb4f1df9684ff2:host:172.234.197.23	SESSION-b8fb4f1df9684ff2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e85a67565660f7c:host:131.196.30.75	SESSION-2e85a67565660f7c → host:131.196.30.75
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-711f533390ef220f:SESSION-711f533390ef220f	SESSION-711f533390ef220f → pe:tls:SESSION-711f533390ef220f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7752628607af1d9e:SESSION-7752628607af1d9e	SESSION-7752628607af1d9e → pe:tls:SESSION-7752628607af1d9e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9886228ef28af254:PCAP:capture_20260430110001:43611bdf6759	SESSION-9886228ef28af254 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7aa94b5f9268de0:host:172.234.197.23	SESSION-a7aa94b5f9268de0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d8c774bbe3f97971:host:172.234.197.23	SESSION-d8c774bbe3f97971 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-52ffcd7f81b035e2:SESSION-52ffcd7f81b035e2	SESSION-52ffcd7f81b035e2 → pe:tls:SESSION-52ffcd7f81b035e2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-186abbea6a1cb4f5:SESSION-186abbea6a1cb4f5	SESSION-186abbea6a1cb4f5 → pe:syn:SESSION-186abbea6a1cb4f5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-122a5b909d033cbb:host:124.198.131.220	SESSION-122a5b909d033cbb → host:124.198.131.220
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ba070ea29625f6c:host:177.10.234.251	SESSION-4ba070ea29625f6c → host:177.10.234.251
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6cb17c89d7425739:host:172.234.197.23:host:177.10.239.177	SESSION-6cb17c89d7425739 → host:172.234.197.23 → host:177.10.239.177
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0f4fd2f0020968b3:SESSION-0f4fd2f0020968b3	SESSION-0f4fd2f0020968b3 → pe:tls:SESSION-0f4fd2f0020968b3
flow_observed5-aryOBS	e:fo:flow:e63568a80d79	flow:e63568a80d79 → host:177.10.234.213 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f51f16a6829ff61b:SESSION-f51f16a6829ff61b	SESSION-f51f16a6829ff61b → pe:tls:SESSION-f51f16a6829ff61b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-724515316ace62dc:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-724515316ace62dc → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:434276056bf3:port:tcp:443	flow:434276056bf3 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-f8e250b2be37e497:host:172.234.197.23	SESSION-f8e250b2be37e497 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bfa1612081e2aa61:host:172.234.197.23	SESSION-bfa1612081e2aa61 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-309223c775254000:BSG-BEACON-e07f4250263f	SESSION-309223c775254000 → BSG-BEACON-e07f4250263f
flow_observed5-aryOBS	e:fo:flow:f966ec2c5ed6	flow:f966ec2c5ed6 → host:177.10.239.78 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:60334d486293:port:tcp:443	flow:60334d486293 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-373bf424772e8fef:host:177.10.236.30	SESSION-373bf424772e8fef → host:177.10.236.30
FLOW_FROM_HOSTOBS	e:from:SESSION-9e8879d591cbfcd7:host:131.196.30.98	SESSION-9e8879d591cbfcd7 → host:131.196.30.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ae64075781208b0:SESSION-6ae64075781208b0	SESSION-6ae64075781208b0 → pe:syn:SESSION-6ae64075781208b0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9c825a37bb7881b6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9c825a37bb7881b6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:534064b8a844	flow:534064b8a844 → host:172.234.197.23 → host:177.10.233.199 → port:tcp:65020
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ae37191400d64fc:host:177.10.239.57	SESSION-2ae37191400d64fc → host:177.10.239.57
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99d54d6eadbc1138:host:172.234.197.23	SESSION-99d54d6eadbc1138 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:73ce5e8a95c6:port:tcp:443	flow:73ce5e8a95c6 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-20dfde969676b329:host:172.234.197.23:host:177.10.239.9	SESSION-20dfde969676b329 → host:172.234.197.23 → host:177.10.239.9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f852deb0b74344a0:flow:e6b5909bb3b3	SESSION-f852deb0b74344a0 → flow:e6b5909bb3b3
FLOW_FROM_HOSTOBS	e:from:SESSION-86b4956d98680667:host:172.234.197.23	SESSION-86b4956d98680667 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ffc31ee499a3f223:host:177.10.232.62:host:172.234.197.23	SESSION-ffc31ee499a3f223 → host:177.10.232.62 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ae01755e2c80:port:tcp:443	flow:ae01755e2c80 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-83168514d84031f4:SESSION-83168514d84031f4	SESSION-83168514d84031f4 → pe:syn:SESSION-83168514d84031f4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-181666d0ed9d45b8:host:172.234.197.23	SESSION-181666d0ed9d45b8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-09d8680ca1ab1b1e:host:172.234.197.23	SESSION-09d8680ca1ab1b1e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c1df48b404d2bce0:host:177.10.235.87:host:172.234.197.23	SESSION-c1df48b404d2bce0 → host:177.10.235.87 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-38fb62728f2b5e64:host:172.234.197.23	SESSION-38fb62728f2b5e64 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:576b9c0091bc	flow:576b9c0091bc → host:2.57.121.112 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd9436da4a7a552d:host:172.232.0.17	SESSION-bd9436da4a7a552d → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9bd60248a4061d8d:SESSION-9bd60248a4061d8d	SESSION-9bd60248a4061d8d → pe:syn:SESSION-9bd60248a4061d8d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.218:geo_-16.28860_-49.01640	host:177.10.237.218 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7bf74715b11f1486:host:172.234.197.23:host:131.196.28.122	SESSION-7bf74715b11f1486 → host:172.234.197.23 → host:131.196.28.122
flow_observed4-aryOBS	e:fo:flow:dff89fe81332	flow:dff89fe81332 → host:172.234.197.23 → host:131.196.31.198 → port:tcp:19046
FLOW_DST_PORTOBS	e:fp:flow:a342d49689c0:port:tcp:443	flow:a342d49689c0 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:53f01b8aa2e8:port:tcp:443	flow:53f01b8aa2e8 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-04af603e6c9a6691:host:172.234.197.23	SESSION-04af603e6c9a6691 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f130592ce1f7f0fb:SESSION-f130592ce1f7f0fb	SESSION-f130592ce1f7f0fb → pe:syn:SESSION-f130592ce1f7f0fb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8f12ada0f88f122:host:172.234.197.23	SESSION-b8f12ada0f88f122 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7c6483e185c23934:SESSION-7c6483e185c23934	SESSION-7c6483e185c23934 → pe:syn:SESSION-7c6483e185c23934
FLOW_FROM_HOSTOBS	e:from:SESSION-c828adcf318b7963:host:185.231.226.138	SESSION-c828adcf318b7963 → host:185.231.226.138
flow_observed4-aryOBS	e:fo:flow:e8999195bf53	flow:e8999195bf53 → host:172.234.197.23 → host:177.10.236.146 → port:tcp:39947
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2b0a36bcb50aee6b:SESSION-2b0a36bcb50aee6b	SESSION-2b0a36bcb50aee6b → pe:syn:SESSION-2b0a36bcb50aee6b
FLOW_DST_PORTOBS	e:fp:flow:fc416c033937:port:tcp:443	flow:fc416c033937 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6f61464efb17d4b1:host:131.196.28.50:host:172.234.197.23	SESSION-6f61464efb17d4b1 → host:131.196.28.50 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-efcc1618f79daeb7:host:45.173.156.26	SESSION-efcc1618f79daeb7 → host:45.173.156.26
flow_observed4-aryOBS	e:fo:flow:eb22f21caf3d	flow:eb22f21caf3d → host:172.234.197.23 → host:177.10.238.116 → port:tcp:29780
FLOW_TO_HOSTOBS	e:to:SESSION-38ea28f2e42013a7:host:172.234.197.23	SESSION-38ea28f2e42013a7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ef90c0e24c7a1c11:host:172.234.197.23:host:177.10.233.118	SESSION-ef90c0e24c7a1c11 → host:172.234.197.23 → host:177.10.233.118
FLOW_DST_PORTOBS	e:fp:flow:8f5f860b3650:port:tcp:443	flow:8f5f860b3650 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a288a75f40d03563:SESSION-a288a75f40d03563	SESSION-a288a75f40d03563 → pe:syn:SESSION-a288a75f40d03563
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-de7198c98f7f92ee:flow:67558caa7d6b	SESSION-de7198c98f7f92ee → flow:67558caa7d6b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2969d43ba10a409c:flow:e0be60225842	SESSION-2969d43ba10a409c → flow:e0be60225842
FLOW_TO_HOSTOBS	e:to:SESSION-c37bd5454075ced3:host:172.232.0.16	SESSION-c37bd5454075ced3 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d147f8cae941ed80:host:131.196.31.2	SESSION-d147f8cae941ed80 → host:131.196.31.2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6d6cedb2de1ad8d:host:177.10.233.124	SESSION-d6d6cedb2de1ad8d → host:177.10.233.124
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8f7d68f255e7d9c:host:172.234.197.23	SESSION-e8f7d68f255e7d9c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-62458b132c4d6b0d:flow:216c4b2f40af	SESSION-62458b132c4d6b0d → flow:216c4b2f40af
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0786c46a404d7589:SESSION-0786c46a404d7589	SESSION-0786c46a404d7589 → pe:tls:SESSION-0786c46a404d7589
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5fa5716fea2946da:PCAP:capture_20260430150001:ded20914761d	SESSION-5fa5716fea2946da → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-60dcadff088f62ae:SESSION-60dcadff088f62ae	SESSION-60dcadff088f62ae → pe:tls:SESSION-60dcadff088f62ae
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc37b0c14be06192:host:88.99.91.59	SESSION-bc37b0c14be06192 → host:88.99.91.59
flow_observed5-aryOBS	e:fo:flow:39f026016163	flow:39f026016163 → host:177.10.235.80 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f6061b9b172c119c:host:177.10.236.174	SESSION-f6061b9b172c119c → host:177.10.236.174
FLOW_TO_HOSTOBS	e:to:SESSION-025a43ae01804438:host:172.234.197.23	SESSION-025a43ae01804438 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.62:geo_-23.62930_-46.63510	host:131.196.28.62 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-71d059e3750765d4:host:172.234.197.23	SESSION-71d059e3750765d4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e327e4197615d5bf:SESSION-e327e4197615d5bf	SESSION-e327e4197615d5bf → pe:syn:SESSION-e327e4197615d5bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6f0fa0972c78e2ef:host:172.234.197.23:host:177.10.239.51	SESSION-6f0fa0972c78e2ef → host:172.234.197.23 → host:177.10.239.51
FLOW_FROM_HOSTOBS	e:from:SESSION-ccb8c7743352cfdc:host:172.234.197.23	SESSION-ccb8c7743352cfdc → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ff331192f9cad8b9:host:172.234.197.23:host:131.196.31.124	SESSION-ff331192f9cad8b9 → host:172.234.197.23 → host:131.196.31.124
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ecb25cc7396151e7:SESSION-ecb25cc7396151e7	SESSION-ecb25cc7396151e7 → pe:tls:SESSION-ecb25cc7396151e7
FLOW_TO_HOSTOBS	e:to:SESSION-0ba942f2694f4960:host:172.234.197.23	SESSION-0ba942f2694f4960 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59a5b7880376a89f:host:92.112.71.109	SESSION-59a5b7880376a89f → host:92.112.71.109
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f9e3e5dcd2ccb687:PCAP:capture_20260430150001:ded20914761d	SESSION-f9e3e5dcd2ccb687 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5d5e5bbccd32f2d5:SESSION-5d5e5bbccd32f2d5	SESSION-5d5e5bbccd32f2d5 → pe:syn:SESSION-5d5e5bbccd32f2d5
flow_observed5-aryOBS	e:fo:flow:6676abf9b718	flow:6676abf9b718 → host:177.10.236.164 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0835af6109bb7c1:host:172.234.197.23	SESSION-f0835af6109bb7c1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6f5b8d372cd42441:host:177.10.237.52	SESSION-6f5b8d372cd42441 → host:177.10.237.52
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ca5156d485d150e2:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ca5156d485d150e2 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-d4dc0a9d4d6e7897:host:177.10.234.37	SESSION-d4dc0a9d4d6e7897 → host:177.10.234.37
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db1b4e286dc089a9:SESSION-db1b4e286dc089a9	SESSION-db1b4e286dc089a9 → pe:syn:SESSION-db1b4e286dc089a9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2b55c597efe9edc:host:172.234.197.23	SESSION-d2b55c597efe9edc → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c5d998052524:port:tcp:33313	flow:c5d998052524 → port:tcp:33313
FLOW_TO_HOSTOBS	e:to:SESSION-aa0d5d025ae2ba4d:host:172.234.197.23	SESSION-aa0d5d025ae2ba4d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6299cf50d0e2e558:PCAP:capture_20260430090001:065659c7d314	SESSION-6299cf50d0e2e558 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1191e0b24f1d121:host:172.234.197.23	SESSION-d1191e0b24f1d121 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b9deb407202a7aa0:PCAP:capture_20260430160001:9bfa4498506a	SESSION-b9deb407202a7aa0 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9dc3dafcee87c5f7:host:172.234.197.23	SESSION-9dc3dafcee87c5f7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-526fa727f8be74e3:host:172.234.197.23	SESSION-526fa727f8be74e3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d17d49ee9d80	flow:d17d49ee9d80 → host:177.10.234.235 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-205f350cdfc6cb9d:host:45.173.156.203	SESSION-205f350cdfc6cb9d → host:45.173.156.203
FLOW_TO_HOSTOBS	e:to:SESSION-8c18109925f9685a:host:172.234.197.23	SESSION-8c18109925f9685a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-954ce8dcd8b034e5:SESSION-954ce8dcd8b034e5	SESSION-954ce8dcd8b034e5 → pe:syn:SESSION-954ce8dcd8b034e5
flow_observed4-aryOBS	e:fo:flow:a39ba2240db6	flow:a39ba2240db6 → host:172.234.197.23 → host:131.196.28.223 → port:tcp:41374
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5739ac8f3bafac6c:host:172.234.197.23	SESSION-5739ac8f3bafac6c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:33efcffa1a2a:port:tcp:38323	flow:33efcffa1a2a → port:tcp:38323
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-84186d30322c849e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-84186d30322c849e → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-5b3b10ff846570e8:host:172.234.197.23	SESSION-5b3b10ff846570e8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c6f6eb6f56b12c37:host:172.234.197.23	SESSION-c6f6eb6f56b12c37 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:edb8df6f40af:port:tcp:46520	flow:edb8df6f40af → port:tcp:46520
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-499399e6896a45f7:SESSION-499399e6896a45f7	SESSION-499399e6896a45f7 → pe:tls:SESSION-499399e6896a45f7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-68342cf3c00e7f2e:SESSION-68342cf3c00e7f2e	SESSION-68342cf3c00e7f2e → pe:tls:SESSION-68342cf3c00e7f2e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ce2516dd8311d56:host:172.234.197.23:host:177.10.232.143	SESSION-1ce2516dd8311d56 → host:172.234.197.23 → host:177.10.232.143
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5940a5357983452d:SESSION-5940a5357983452d	SESSION-5940a5357983452d → pe:tls:SESSION-5940a5357983452d
FLOW_FROM_HOSTOBS	e:from:SESSION-66746867faa9cf3c:host:172.234.197.23	SESSION-66746867faa9cf3c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b048ecd988d76f67:host:172.234.197.23	SESSION-b048ecd988d76f67 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7b12eb68f09b08a:host:177.10.239.192	SESSION-c7b12eb68f09b08a → host:177.10.239.192
FLOW_FROM_HOSTOBS	e:from:SESSION-76f517468502eda0:host:177.10.239.113	SESSION-76f517468502eda0 → host:177.10.239.113
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.71:asn:262880	host:177.10.237.71 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68adb943f73c50e9:PCAP:capture_20260430090001:065659c7d314	SESSION-68adb943f73c50e9 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-74adb0edbcc9dd0a:host:172.234.197.23	SESSION-74adb0edbcc9dd0a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f6b9574b70ed197:host:177.10.235.184:host:172.234.197.23	SESSION-4f6b9574b70ed197 → host:177.10.235.184 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.4:geo_-16.28860_-49.01640	host:177.10.233.4 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-71d059e3750765d4:SESSION-71d059e3750765d4	SESSION-71d059e3750765d4 → pe:syn:SESSION-71d059e3750765d4
FLOW_DST_PORTOBS	e:fp:flow:cc284845b732:port:tcp:44772	flow:cc284845b732 → port:tcp:44772
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.191:geo_-16.28860_-49.01640	host:177.10.233.191 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:ffb55f14ed31	flow:ffb55f14ed31 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf12b1de67086909:host:45.173.156.84:host:172.234.197.23	SESSION-bf12b1de67086909 → host:45.173.156.84 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e05383acf388:port:tcp:443	flow:e05383acf388 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b88c76d0206f2960:PCAP:capture_20260428010001:b1b402c7b202	SESSION-b88c76d0206f2960 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-07a584f2a7f89f38:SESSION-07a584f2a7f89f38	SESSION-07a584f2a7f89f38 → pe:syn:SESSION-07a584f2a7f89f38
FLOW_DST_PORTOBS	e:fp:flow:2428c7c3e3d6:port:udp:53	flow:2428c7c3e3d6 → port:udp:53
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f9bc9a3180c6fb10:flow:a10403a08caf	SESSION-f9bc9a3180c6fb10 → flow:a10403a08caf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bbc35343aa20f600:host:177.10.236.149	SESSION-bbc35343aa20f600 → host:177.10.236.149
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5e816643ff0559e8:host:172.234.197.23:host:177.10.236.206	SESSION-5e816643ff0559e8 → host:172.234.197.23 → host:177.10.236.206
flow_observed5-aryOBS	e:fo:flow:3231af7735e8	flow:3231af7735e8 → host:177.10.233.192 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-61838f073a9a90b1:flow:2bebb61ba81a	SESSION-61838f073a9a90b1 → flow:2bebb61ba81a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb7f3482601c970a:host:177.10.234.40:host:172.234.197.23	SESSION-cb7f3482601c970a → host:177.10.234.40 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-47982c1c81b3c1d7:host:172.234.197.23	SESSION-47982c1c81b3c1d7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-691bf265b7044ac7:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-691bf265b7044ac7 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:7f517bebfe14	flow:7f517bebfe14 → host:131.196.28.230 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-074c4a6b1ee06430:PCAP:capture_20260430060001:919b39a74464	SESSION-074c4a6b1ee06430 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-692dce6abc85c058:host:131.196.31.17	SESSION-692dce6abc85c058 → host:131.196.31.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-141e3c6c8d153d1d:SESSION-141e3c6c8d153d1d	SESSION-141e3c6c8d153d1d → pe:tls:SESSION-141e3c6c8d153d1d
FLOW_TO_HOSTOBS	e:to:SESSION-570ccd324c759306:host:131.196.30.43	SESSION-570ccd324c759306 → host:131.196.30.43
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-458a0c6775d84d5e:SESSION-458a0c6775d84d5e	SESSION-458a0c6775d84d5e → pe:syn:SESSION-458a0c6775d84d5e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2996f9b3a522abad:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2996f9b3a522abad → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-581b4c1bc6ff5f0b:host:131.196.29.162	SESSION-581b4c1bc6ff5f0b → host:131.196.29.162
flow_observed5-aryOBS	e:fo:flow:d5a249ab2d27	flow:d5a249ab2d27 → host:45.173.156.212 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:841969c73efe:port:tcp:443	flow:841969c73efe → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:2.57.122.197:asn:47890	host:2.57.122.197 → asn:47890
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c6936c129ef58e74:host:131.196.28.147:host:172.234.197.23	SESSION-c6936c129ef58e74 → host:131.196.28.147 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c59a88aa03340e00:host:177.10.239.221	SESSION-c59a88aa03340e00 → host:177.10.239.221
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ed5a5f4d7e8650f:PCAP:capture_20260430090001:065659c7d314	SESSION-6ed5a5f4d7e8650f → PCAP:capture_20260430090001:065659c7d314
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-d083da2d95669221:BSG-BEACON-f61798c9324d	SESSION-d083da2d95669221 → BSG-BEACON-f61798c9324d
flow_observed5-aryOBS	e:fo:flow:183fec7e62fe	flow:183fec7e62fe → host:177.10.237.233 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ec917f0e741b647:host:131.196.29.196	SESSION-4ec917f0e741b647 → host:131.196.29.196
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-610b47e21d599964:PCAP:capture_20260430080001:93f47cc296a4	SESSION-610b47e21d599964 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d11580ecaeb7d77b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d11580ecaeb7d77b → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f42753b09b481d7e:flow:95bdf7b313dd	SESSION-f42753b09b481d7e → flow:95bdf7b313dd
FLOW_TO_HOSTOBS	e:to:SESSION-46b3e65e40562e00:host:172.234.197.23	SESSION-46b3e65e40562e00 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ba545b1ede58:port:tcp:443	flow:ba545b1ede58 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-779d668625040802:flow:88ed0ede4fa9	SESSION-779d668625040802 → flow:88ed0ede4fa9
FLOW_FROM_HOSTOBS	e:from:SESSION-803b2289978a359c:host:37.221.79.87	SESSION-803b2289978a359c → host:37.221.79.87
FLOW_TO_HOSTOBS	e:to:SESSION-049aa291881e8f8b:host:172.234.197.23	SESSION-049aa291881e8f8b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d741000864bcf81f:host:172.234.197.23:host:45.173.156.230	SESSION-d741000864bcf81f → host:172.234.197.23 → host:45.173.156.230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d4992d20c4573840:SESSION-d4992d20c4573840	SESSION-d4992d20c4573840 → pe:tls:SESSION-d4992d20c4573840
FLOW_FROM_HOSTOBS	e:from:SESSION-0d11915f1f4e9ef9:host:177.10.239.187	SESSION-0d11915f1f4e9ef9 → host:177.10.239.187
FLOW_TLS_SNIOBS	e:fs:flow:3d33c6041d42:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:3d33c6041d42 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7601ec92d63a89e6:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7601ec92d63a89e6 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6238265b6cc9ea0:host:177.10.234.81	SESSION-e6238265b6cc9ea0 → host:177.10.234.81
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-de46def2c97c3533:host:177.10.236.56:host:172.234.197.23	SESSION-de46def2c97c3533 → host:177.10.236.56 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-570ccd324c759306:host:172.234.197.23	SESSION-570ccd324c759306 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8d38782b460d	flow:8d38782b460d → host:177.10.233.255 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ba4a623ca0c8731:host:177.10.237.116	SESSION-6ba4a623ca0c8731 → host:177.10.237.116
FLOW_TO_HOSTOBS	e:to:SESSION-4f73d5c81ac41c00:host:131.196.29.248	SESSION-4f73d5c81ac41c00 → host:131.196.29.248
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6054bbc1a24cbf34:host:131.196.29.164:host:172.234.197.23	SESSION-6054bbc1a24cbf34 → host:131.196.29.164 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4117bfae8d393f9c:host:172.234.197.23	SESSION-4117bfae8d393f9c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8fcd4a12026b870e:host:172.234.197.23	SESSION-8fcd4a12026b870e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-70cb56f6bea3d067:SESSION-70cb56f6bea3d067	SESSION-70cb56f6bea3d067 → pe:syn:SESSION-70cb56f6bea3d067
flow_observed4-aryOBS	e:fo:flow:77bd6a0eb691	flow:77bd6a0eb691 → host:172.234.197.23 → host:177.10.236.62 → port:tcp:41921
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f56950d8d19e118b:host:177.10.238.103:host:172.234.197.23	SESSION-f56950d8d19e118b → host:177.10.238.103 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be374c360242db8a:host:172.234.197.23	SESSION-be374c360242db8a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:276b9ed754b6:port:tcp:443	flow:276b9ed754b6 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-42b603b0c5709a24:SESSION-42b603b0c5709a24	SESSION-42b603b0c5709a24 → pe:syn:SESSION-42b603b0c5709a24
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.228:geo_-21.10010_-41.69200	host:45.173.156.228 → geo_-21.10010_-41.69200
FLOW_FROM_HOSTOBS	e:from:SESSION-59e3e2edbc9b18fa:host:177.10.232.132	SESSION-59e3e2edbc9b18fa → host:177.10.232.132
FLOW_FROM_HOSTOBS	e:from:SESSION-77c4ff849445b3aa:host:172.234.197.23	SESSION-77c4ff849445b3aa → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2a6474e91598:port:tcp:443	flow:2a6474e91598 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:53668eb96100	flow:53668eb96100 → host:172.234.197.23 → host:177.10.233.63 → port:tcp:8952
FLOW_DST_PORTOBS	e:fp:flow:8ac84bfcb797:port:tcp:49033	flow:8ac84bfcb797 → port:tcp:49033
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-b6dd65fa073f3265:SESSION-b6dd65fa073f3265	SESSION-b6dd65fa073f3265 → pe:rst:SESSION-b6dd65fa073f3265
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a782bfdef89df980:SESSION-a782bfdef89df980	SESSION-a782bfdef89df980 → pe:syn:SESSION-a782bfdef89df980
FLOW_FROM_HOSTOBS	e:from:SESSION-f65d16e06243eafc:host:131.196.28.0	SESSION-f65d16e06243eafc → host:131.196.28.0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a11bbc1f12398e3:SESSION-0a11bbc1f12398e3	SESSION-0a11bbc1f12398e3 → pe:tls:SESSION-0a11bbc1f12398e3
FLOW_FROM_HOSTOBS	e:from:SESSION-f7287a957cb5e0d9:host:172.234.197.23	SESSION-f7287a957cb5e0d9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db1b4e286dc089a9:SESSION-db1b4e286dc089a9	SESSION-db1b4e286dc089a9 → pe:tls:SESSION-db1b4e286dc089a9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46d2f77cc38b38db:host:177.10.234.36	SESSION-46d2f77cc38b38db → host:177.10.234.36
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee8963275c4b434b:host:45.173.156.245	SESSION-ee8963275c4b434b → host:45.173.156.245
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-92484e45d6e7b321:PCAP:capture_20260430110001:43611bdf6759	SESSION-92484e45d6e7b321 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55d7f3379dec0798:host:177.10.237.70	SESSION-55d7f3379dec0798 → host:177.10.237.70
FLOW_DST_PORTOBS	e:fp:flow:2639caa1e970:port:tcp:443	flow:2639caa1e970 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5d780f89354efd9:SESSION-b5d780f89354efd9	SESSION-b5d780f89354efd9 → pe:syn:SESSION-b5d780f89354efd9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aee71e8cd1625550:host:172.234.197.23	SESSION-aee71e8cd1625550 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8cc36fa22779:port:tcp:26711	flow:8cc36fa22779 → port:tcp:26711
flow_observed5-aryOBS	e:fo:flow:d79939a9c159	flow:d79939a9c159 → host:177.10.238.157 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35834184401bcda8:host:172.234.197.23	SESSION-35834184401bcda8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7e8f7da56292748:host:172.234.197.23	SESSION-e7e8f7da56292748 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b3edcc633e4f5b2c:host:131.196.28.2	SESSION-b3edcc633e4f5b2c → host:131.196.28.2
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.13:asn:273470	host:45.173.156.13 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eb2fd2ce02add556:SESSION-eb2fd2ce02add556	SESSION-eb2fd2ce02add556 → pe:tls:SESSION-eb2fd2ce02add556
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-20a3b697d9e7cdf6:SESSION-20a3b697d9e7cdf6	SESSION-20a3b697d9e7cdf6 → pe:syn:SESSION-20a3b697d9e7cdf6
FLOW_FROM_HOSTOBS	e:from:SESSION-9729058a0ea02937:host:177.10.234.32	SESSION-9729058a0ea02937 → host:177.10.234.32
FLOW_TO_HOSTOBS	e:to:SESSION-e2ecbcecdc44a459:host:172.234.197.23	SESSION-e2ecbcecdc44a459 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-426c38e34029cb1b:host:172.234.197.23	SESSION-426c38e34029cb1b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-07e54ca458e8eeab:host:172.234.197.23	SESSION-07e54ca458e8eeab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77c18cfa23ea97ee:host:172.234.197.23	SESSION-77c18cfa23ea97ee → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7948a18eeb1cbc0d:PCAP:capture_20260428010001:b1b402c7b202	SESSION-7948a18eeb1cbc0d → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e89ccbf4d277fb8:host:177.10.236.248	SESSION-7e89ccbf4d277fb8 → host:177.10.236.248
FLOW_DST_PORTOBS	e:fp:flow:3377862fd32b:port:tcp:443	flow:3377862fd32b → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-f496191c2c04cb7e:host:131.196.31.19	SESSION-f496191c2c04cb7e → host:131.196.31.19
FLOW_FROM_HOSTOBS	e:from:SESSION-94f17b7b7397155e:host:177.10.233.60	SESSION-94f17b7b7397155e → host:177.10.233.60
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2a33d29db5091f68:SESSION-2a33d29db5091f68	SESSION-2a33d29db5091f68 → pe:tls:SESSION-2a33d29db5091f68
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.36:asn:262880	host:177.10.235.36 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.87:asn:262880	host:177.10.238.87 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:25de7fffdafc:port:tcp:443	flow:25de7fffdafc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6263455e390c054e:SESSION-6263455e390c054e	SESSION-6263455e390c054e → pe:syn:SESSION-6263455e390c054e
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.226:asn:271410	host:131.196.30.226 → asn:271410
flow_observed4-aryOBS	e:fo:flow:2c72d32f2cfc	flow:2c72d32f2cfc → host:172.234.197.23 → host:177.10.239.201 → port:tcp:56244
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-91c14db05e009245:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-91c14db05e009245 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-7fd72175928a8e59:host:177.10.237.163	SESSION-7fd72175928a8e59 → host:177.10.237.163
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.113:asn:271410	host:131.196.29.113 → asn:271410
flow_observed4-aryOBS	e:fo:flow:060fa8c13a73	flow:060fa8c13a73 → host:172.234.197.23 → host:177.10.237.169 → port:tcp:58782
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-43d9721f29111779:host:172.234.197.23	SESSION-43d9721f29111779 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f56adc7043a43d99:host:131.196.29.255:host:172.234.197.23	SESSION-f56adc7043a43d99 → host:131.196.29.255 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:dc77810442c2	flow:dc77810442c2 → host:177.10.239.35 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:6879c56cc11a	flow:6879c56cc11a → host:131.196.31.80 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-367a6218c741fe93:host:177.10.232.11	SESSION-367a6218c741fe93 → host:177.10.232.11
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5278b2d1db18e971:SESSION-5278b2d1db18e971	SESSION-5278b2d1db18e971 → pe:tls:SESSION-5278b2d1db18e971
FLOW_FROM_HOSTOBS	e:from:SESSION-65274afd8d8bc249:host:37.221.79.55	SESSION-65274afd8d8bc249 → host:37.221.79.55
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-669451aeea441b50:host:172.234.197.23	SESSION-669451aeea441b50 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6fea2a5b83daabbc:SESSION-6fea2a5b83daabbc	SESSION-6fea2a5b83daabbc → pe:syn:SESSION-6fea2a5b83daabbc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-edeb3dca8d1da30b:host:172.234.197.23	SESSION-edeb3dca8d1da30b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e761c4d086a3	flow:e761c4d086a3 → host:45.173.156.202 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-6c5da4152a907bbd:host:172.234.197.23	SESSION-6c5da4152a907bbd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6c53b2c88ff7f785:flow:c83c1d32e5a0	SESSION-6c53b2c88ff7f785 → flow:c83c1d32e5a0
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.57:asn:271410	host:131.196.31.57 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c47e89745eb205fd:PCAP:capture_20260430110001:43611bdf6759	SESSION-c47e89745eb205fd → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1684e8254d6d3165:host:172.234.197.23	SESSION-1684e8254d6d3165 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-eadecea9d5615d15:SESSION-eadecea9d5615d15	SESSION-eadecea9d5615d15 → pe:rst:SESSION-eadecea9d5615d15
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e67ae3320dee0238:SESSION-e67ae3320dee0238	SESSION-e67ae3320dee0238 → pe:tls:SESSION-e67ae3320dee0238
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-58209016b963372b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-58209016b963372b → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:e4da5ee22f0b:port:tcp:443	flow:e4da5ee22f0b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0ac7328414c6be9:host:172.234.197.23	SESSION-d0ac7328414c6be9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6fa2b6fe9053	flow:6fa2b6fe9053 → host:177.10.237.225 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-024c55a268626b80:host:131.196.30.42	SESSION-024c55a268626b80 → host:131.196.30.42
FLOW_TO_HOSTOBS	e:to:SESSION-a846b5687af75eeb:host:172.234.197.23	SESSION-a846b5687af75eeb → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-17084582559fbd8c:PCAP:capture_20260430160001:9bfa4498506a	SESSION-17084582559fbd8c → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-e1d806fe7541c4b2:host:131.196.28.115	SESSION-e1d806fe7541c4b2 → host:131.196.28.115
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-46082ee63fe36bdf:host:131.196.28.255:host:172.234.197.23	SESSION-46082ee63fe36bdf → host:131.196.28.255 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f56adc7043a43d99:SESSION-f56adc7043a43d99	SESSION-f56adc7043a43d99 → pe:syn:SESSION-f56adc7043a43d99
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-81c8b3fdf002e09e:SESSION-81c8b3fdf002e09e	SESSION-81c8b3fdf002e09e → pe:syn:SESSION-81c8b3fdf002e09e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c3a58fc1fb15d0c4:SESSION-c3a58fc1fb15d0c4	SESSION-c3a58fc1fb15d0c4 → pe:tls:SESSION-c3a58fc1fb15d0c4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-367a6218c741fe93:SESSION-367a6218c741fe93	SESSION-367a6218c741fe93 → pe:syn:SESSION-367a6218c741fe93
FLOW_TO_HOSTOBS	e:to:SESSION-85ceb858b118c816:host:172.234.197.23	SESSION-85ceb858b118c816 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-16a7442acd9adfae:SESSION-16a7442acd9adfae	SESSION-16a7442acd9adfae → pe:tls:SESSION-16a7442acd9adfae
FLOW_TO_HOSTOBS	e:to:SESSION-b78ee328a5f7ceab:host:172.234.197.23	SESSION-b78ee328a5f7ceab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-048f9271a2e27be7:host:177.10.234.51	SESSION-048f9271a2e27be7 → host:177.10.234.51
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-708abc4c81aa7c60:host:177.10.236.31	SESSION-708abc4c81aa7c60 → host:177.10.236.31
flow_observed5-aryOBS	e:fo:flow:f7ac01dd0330	flow:f7ac01dd0330 → host:199.16.157.182 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:13.60.168.200:geo_59.32870_18.07170	host:13.60.168.200 → geo_59.32870_18.07170
FLOW_TO_HOSTOBS	e:to:SESSION-fc18a12b15fb2c84:host:172.234.197.23	SESSION-fc18a12b15fb2c84 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3bc3682173c4cf6b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-3bc3682173c4cf6b → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e9e9835a2b91f231:flow:cc415382b4b7	SESSION-e9e9835a2b91f231 → flow:cc415382b4b7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86b4956d98680667:host:177.10.232.55	SESSION-86b4956d98680667 → host:177.10.232.55
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a99ef89e8b00159:host:45.173.156.142	SESSION-3a99ef89e8b00159 → host:45.173.156.142
FLOW_TO_HOSTOBS	e:to:SESSION-31f4941ab57ed47b:host:172.234.197.23	SESSION-31f4941ab57ed47b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:934dce83ff49:port:tcp:21270	flow:934dce83ff49 → port:tcp:21270
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.232:asn:271410	host:131.196.29.232 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e615d118f3247e2:host:177.10.238.29	SESSION-2e615d118f3247e2 → host:177.10.238.29
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-365dad18baa46a43:SESSION-365dad18baa46a43	SESSION-365dad18baa46a43 → pe:syn:SESSION-365dad18baa46a43
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8b1edba75af29ea2:flow:3cd15a54c43e	SESSION-8b1edba75af29ea2 → flow:3cd15a54c43e
flow_observed5-aryOBS	e:fo:flow:14fef8c40f5d	flow:14fef8c40f5d → host:177.10.234.26 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7fad01c8dca4d847:flow:c796175077a2	SESSION-7fad01c8dca4d847 → flow:c796175077a2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d36b613f081e74cb:flow:12f24c635b1c	SESSION-d36b613f081e74cb → flow:12f24c635b1c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:46.4.252.37:geo_50.47770_12.36490	host:46.4.252.37 → geo_50.47770_12.36490
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa0d5d025ae2ba4d:host:177.10.233.116:host:172.234.197.23	SESSION-aa0d5d025ae2ba4d → host:177.10.233.116 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:72ecfaac0bcc	flow:72ecfaac0bcc → host:177.10.232.251 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e703980a48f1e09:flow:ae88c957b21b	SESSION-4e703980a48f1e09 → flow:ae88c957b21b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65bd30307946d7be:SESSION-65bd30307946d7be	SESSION-65bd30307946d7be → pe:tls:SESSION-65bd30307946d7be
FLOW_FROM_HOSTOBS	e:from:SESSION-ff4eb64228a8af88:host:177.10.232.152	SESSION-ff4eb64228a8af88 → host:177.10.232.152
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.157:geo_-16.28860_-49.01640	host:177.10.234.157 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.34:asn:271410	host:131.196.31.34 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4b1f95fcf0f122c7:host:131.196.31.7:host:172.234.197.23	SESSION-4b1f95fcf0f122c7 → host:131.196.31.7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ee90f0835cbc:port:tcp:443	flow:ee90f0835cbc → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-75c0f4fa43b2bfb9:host:172.234.197.23	SESSION-75c0f4fa43b2bfb9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7034c460bd0f5720:SESSION-7034c460bd0f5720	SESSION-7034c460bd0f5720 → pe:syn:SESSION-7034c460bd0f5720
FLOW_FROM_HOSTOBS	e:from:SESSION-a5a0c98ce5f67db5:host:172.234.197.23	SESSION-a5a0c98ce5f67db5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-617da6f9980af1b7:host:44.248.141.231	SESSION-617da6f9980af1b7 → host:44.248.141.231
FLOW_TO_HOSTOBS	e:to:SESSION-84186d30322c849e:host:172.234.197.23	SESSION-84186d30322c849e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-90d4f232d3edc1de:PCAP:capture_20260430080001:93f47cc296a4	SESSION-90d4f232d3edc1de → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5f8d7516bed96e97:SESSION-5f8d7516bed96e97	SESSION-5f8d7516bed96e97 → pe:tls:SESSION-5f8d7516bed96e97
FLOW_DST_PORTOBS	e:fp:flow:f0e29cea7891:port:tcp:4510	flow:f0e29cea7891 → port:tcp:4510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-86feda8665cc2010:flow:fe6297f71c57	SESSION-86feda8665cc2010 → flow:fe6297f71c57
FLOW_TO_HOSTOBS	e:to:SESSION-0ef3697a55617fe8:host:172.234.197.23	SESSION-0ef3697a55617fe8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ef3cd86b38e13880:flow:75e4994a258b	SESSION-ef3cd86b38e13880 → flow:75e4994a258b
FLOW_TO_HOSTOBS	e:to:SESSION-191997595ec6754e:host:177.10.234.166	SESSION-191997595ec6754e → host:177.10.234.166
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7cb141c8461d1a4d:host:131.196.29.23	SESSION-7cb141c8461d1a4d → host:131.196.29.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b236f75d1c6493bc:SESSION-b236f75d1c6493bc	SESSION-b236f75d1c6493bc → pe:syn:SESSION-b236f75d1c6493bc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d11915f1f4e9ef9:host:177.10.239.187	SESSION-0d11915f1f4e9ef9 → host:177.10.239.187
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0dad0a06445f9e1f:host:131.196.29.175	SESSION-0dad0a06445f9e1f → host:131.196.29.175
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3075d8276a1a3ff8:SESSION-3075d8276a1a3ff8	SESSION-3075d8276a1a3ff8 → pe:tls:SESSION-3075d8276a1a3ff8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0cb5698f1d5957a:SESSION-c0cb5698f1d5957a	SESSION-c0cb5698f1d5957a → pe:tls:SESSION-c0cb5698f1d5957a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-da377d395ffcc3d3:SESSION-da377d395ffcc3d3	SESSION-da377d395ffcc3d3 → pe:syn:SESSION-da377d395ffcc3d3
FLOW_FROM_HOSTOBS	e:from:SESSION-a486ebfba002f553:host:177.10.234.45	SESSION-a486ebfba002f553 → host:177.10.234.45
FLOW_DST_PORTOBS	e:fp:flow:41b84374eed5:port:tcp:443	flow:41b84374eed5 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-97344bc6f8ca22f4:flow:2214f7d76e31	SESSION-97344bc6f8ca22f4 → flow:2214f7d76e31
FLOW_TO_HOSTOBS	e:to:SESSION-0bf923c759cb9e4a:host:172.232.0.16	SESSION-0bf923c759cb9e4a → host:172.232.0.16
flow_observed5-aryOBS	e:fo:flow:4a6b04783091	flow:4a6b04783091 → host:51.75.171.21 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9b22fd3d92fd3016:SESSION-9b22fd3d92fd3016	SESSION-9b22fd3d92fd3016 → pe:syn:SESSION-9b22fd3d92fd3016
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-317129b18cf7eb6c:SESSION-317129b18cf7eb6c	SESSION-317129b18cf7eb6c → pe:syn:SESSION-317129b18cf7eb6c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5ddc9130fa518dc:host:172.234.197.23	SESSION-b5ddc9130fa518dc → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.32:asn:262880	host:177.10.236.32 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-36d925db3c3b2591:host:172.234.197.23	SESSION-36d925db3c3b2591 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:f094c0b9e79e	flow:f094c0b9e79e → host:172.234.197.23 → host:177.10.237.24 → port:tcp:48800
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1dda0e3344468f76:host:177.10.239.62:host:172.234.197.23	SESSION-1dda0e3344468f76 → host:177.10.239.62 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a17e20e34301cc9:SESSION-4a17e20e34301cc9	SESSION-4a17e20e34301cc9 → pe:tls:SESSION-4a17e20e34301cc9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f56efcee303c963:host:172.234.197.23	SESSION-7f56efcee303c963 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2290de8fcf2817df:host:177.10.232.22	SESSION-2290de8fcf2817df → host:177.10.232.22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-34cbebf9a190be23:SESSION-34cbebf9a190be23	SESSION-34cbebf9a190be23 → pe:tls:SESSION-34cbebf9a190be23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9bc5f3d34b7b8244:host:177.10.235.150	SESSION-9bc5f3d34b7b8244 → host:177.10.235.150
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d694cf0080c35c2f:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d694cf0080c35c2f → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.113:asn:262880	host:177.10.239.113 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3a3baa467b71ba10:SESSION-3a3baa467b71ba10	SESSION-3a3baa467b71ba10 → pe:tls:SESSION-3a3baa467b71ba10
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83f081267b847a58:host:172.234.197.23	SESSION-83f081267b847a58 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8f486345fbdf5443:PCAP:capture_20260430150001:ded20914761d	SESSION-8f486345fbdf5443 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3f9c5288639cc167:flow:b1fa68ab4545	SESSION-3f9c5288639cc167 → flow:b1fa68ab4545
FLOW_TO_HOSTOBS	e:to:SESSION-887f47388267b095:host:172.234.197.23	SESSION-887f47388267b095 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cad98c39a19fe348:SESSION-cad98c39a19fe348	SESSION-cad98c39a19fe348 → pe:tls:SESSION-cad98c39a19fe348
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ac3b19d6233e6f7:flow:76ebf03a3738	SESSION-2ac3b19d6233e6f7 → flow:76ebf03a3738
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1d00f55e5db951c5:SESSION-1d00f55e5db951c5	SESSION-1d00f55e5db951c5 → pe:tls:SESSION-1d00f55e5db951c5
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-608f057a6e6e376d:BSG-BEACON-f6c2b3d0e42d	SESSION-608f057a6e6e376d → BSG-BEACON-f6c2b3d0e42d
FLOW_DST_PORTOBS	e:fp:flow:21b9c2f46acd:port:tcp:443	flow:21b9c2f46acd → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0014b04a4a7ef99:flow:703841dd3320	SESSION-c0014b04a4a7ef99 → flow:703841dd3320
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c130f2091984b84c:host:45.173.156.210	SESSION-c130f2091984b84c → host:45.173.156.210
FLOW_FROM_HOSTOBS	e:from:SESSION-5e7f6e07782bad0e:host:45.173.156.99	SESSION-5e7f6e07782bad0e → host:45.173.156.99
FLOW_DST_PORTOBS	e:fp:flow:17bb9dab59c4:port:tcp:443	flow:17bb9dab59c4 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.60:geo_-21.10010_-41.69200	host:45.173.156.60 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb7b2ae66396fc75:flow:676488f06f59	SESSION-cb7b2ae66396fc75 → flow:676488f06f59
flow_observed5-aryOBS	e:fo:flow:c71fa0a6ac28	flow:c71fa0a6ac28 → host:92.112.71.65 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d147f8cae941ed80:host:172.234.197.23:host:131.196.31.2	SESSION-d147f8cae941ed80 → host:172.234.197.23 → host:131.196.31.2
FLOW_TO_HOSTOBS	e:to:SESSION-d77225c69f4fe117:host:172.234.197.23	SESSION-d77225c69f4fe117 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3e3d1aa706f2604d:SESSION-3e3d1aa706f2604d	SESSION-3e3d1aa706f2604d → pe:syn:SESSION-3e3d1aa706f2604d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-47699582b69b5d99:SESSION-47699582b69b5d99	SESSION-47699582b69b5d99 → pe:tls:SESSION-47699582b69b5d99
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.87.95.7:geo_39.04690_-77.49030	host:54.87.95.7 → geo_39.04690_-77.49030
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e225557ebe736948:flow:e122523b9467	SESSION-e225557ebe736948 → flow:e122523b9467
flow_observed5-aryOBS	e:fo:flow:a6f690ed8e7b	flow:a6f690ed8e7b → host:131.196.29.240 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-49652bb4e1e9db35:host:31.40.196.96	SESSION-49652bb4e1e9db35 → host:31.40.196.96
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f51f16a6829ff61b:SESSION-f51f16a6829ff61b	SESSION-f51f16a6829ff61b → pe:syn:SESSION-f51f16a6829ff61b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f25ebe7728e5694:host:177.10.239.144	SESSION-3f25ebe7728e5694 → host:177.10.239.144
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c421ecd159f7b93a:flow:ab409ffcce8b	SESSION-c421ecd159f7b93a → flow:ab409ffcce8b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ead27f853a5aab01:host:177.10.232.240:host:172.234.197.23	SESSION-ead27f853a5aab01 → host:177.10.232.240 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e04d863bd380e3e5:PCAP:capture_20260430090001:065659c7d314	SESSION-e04d863bd380e3e5 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bb9766ebe449a845:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-bb9766ebe449a845 → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed5-aryOBS	e:fo:flow:2214f7d76e31	flow:2214f7d76e31 → host:131.196.30.103 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1f44963c65f506a9:SESSION-1f44963c65f506a9	SESSION-1f44963c65f506a9 → pe:syn:SESSION-1f44963c65f506a9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-685011adf9d67a1b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-685011adf9d67a1b → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:5ccb5bd3660c:port:tcp:443	flow:5ccb5bd3660c → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68b7f3c84c5e7661:flow:7dddb16f6aa7	SESSION-68b7f3c84c5e7661 → flow:7dddb16f6aa7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3186af5a0774c3b5:SESSION-3186af5a0774c3b5	SESSION-3186af5a0774c3b5 → pe:tls:SESSION-3186af5a0774c3b5
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.64:asn:271410	host:131.196.31.64 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-053d7bf7ef41d243:host:45.173.156.49	SESSION-053d7bf7ef41d243 → host:45.173.156.49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-16f8bda1e1d11332:SESSION-16f8bda1e1d11332	SESSION-16f8bda1e1d11332 → pe:tls:SESSION-16f8bda1e1d11332
FLOW_DST_PORTOBS	e:fp:flow:497b82a2345f:port:tcp:167	flow:497b82a2345f → port:tcp:167
FLOW_TO_HOSTOBS	e:to:SESSION-f92c0af2b04d2b16:host:172.234.197.23	SESSION-f92c0af2b04d2b16 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2242c7b203cd	flow:2242c7b203cd → host:131.196.30.60 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:bd07e448a44e	flow:bd07e448a44e → host:131.196.31.140 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ffb355c8f64da05f:flow:81ec5a0f7e7c	SESSION-ffb355c8f64da05f → flow:81ec5a0f7e7c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad3aa4b6b6de70e6:host:172.234.197.23	SESSION-ad3aa4b6b6de70e6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:75b6c1453f5f	flow:75b6c1453f5f → host:177.10.237.248 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:425a0fcde4d7	flow:425a0fcde4d7 → host:172.234.197.23 → host:177.10.235.85 → port:tcp:32921
FLOW_TO_HOSTOBS	e:to:SESSION-4387fd9792a7eb8a:host:172.234.197.23	SESSION-4387fd9792a7eb8a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f78268addd9f6ca3:host:172.234.197.23	SESSION-f78268addd9f6ca3 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.90:asn:262880	host:177.10.236.90 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:7d9a7cb09d6c:port:tcp:443	flow:7d9a7cb09d6c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-af24c7046d264e7e:host:45.173.156.43	SESSION-af24c7046d264e7e → host:45.173.156.43
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:16.171.55.148:geo_59.32870_18.07170	host:16.171.55.148 → geo_59.32870_18.07170
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bbc35343aa20f600:host:177.10.236.149:host:172.234.197.23	SESSION-bbc35343aa20f600 → host:177.10.236.149 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7ddcefc7eea69488:host:131.196.31.217:host:172.234.197.23	SESSION-7ddcefc7eea69488 → host:131.196.31.217 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:58187d298757	flow:58187d298757 → host:177.10.235.81 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b95e1310dc4ff34:host:131.196.30.125	SESSION-9b95e1310dc4ff34 → host:131.196.30.125
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-27f33a2015337a96:PCAP:capture_20260430160001:9bfa4498506a	SESSION-27f33a2015337a96 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e17435638a41ed24:host:172.234.197.23	SESSION-e17435638a41ed24 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.141:geo_-16.28860_-49.01640	host:177.10.236.141 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c88d3e9918500cb2:SESSION-c88d3e9918500cb2	SESSION-c88d3e9918500cb2 → pe:syn:SESSION-c88d3e9918500cb2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c2cb78a800ce3917:PCAP:capture_20260430060001:919b39a74464	SESSION-c2cb78a800ce3917 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-b8ee775e10cbe172:host:45.173.156.142	SESSION-b8ee775e10cbe172 → host:45.173.156.142
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8136a084d82536a6:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-8136a084d82536a6 → PCAP:capture_20260428000001:7e90c7cb899e
FLOW_TO_HOSTOBS	e:to:SESSION-7601ec92d63a89e6:host:172.234.197.23	SESSION-7601ec92d63a89e6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cddd8421db4c97d9:host:172.234.197.23	SESSION-cddd8421db4c97d9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d7bdeba7c000ea7:host:177.10.234.109	SESSION-1d7bdeba7c000ea7 → host:177.10.234.109
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9cd8abbfdfb95d18:flow:36dbb8569720	SESSION-9cd8abbfdfb95d18 → flow:36dbb8569720
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-67e4e454d5bff348:SESSION-67e4e454d5bff348	SESSION-67e4e454d5bff348 → pe:tls:SESSION-67e4e454d5bff348
FLOW_TO_HOSTOBS	e:to:SESSION-623bfc839a4f3b4e:host:131.196.28.78	SESSION-623bfc839a4f3b4e → host:131.196.28.78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-caf71fb423b46c4a:host:177.10.233.183	SESSION-caf71fb423b46c4a → host:177.10.233.183
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7aa70a6d3547ceb7:host:172.234.197.23:host:45.173.156.92	SESSION-7aa70a6d3547ceb7 → host:172.234.197.23 → host:45.173.156.92
flow_observed4-aryOBS	e:fo:flow:993f3233012e	flow:993f3233012e → host:172.234.197.23 → host:131.196.30.98 → port:tcp:34229
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e700dd1746307a02:host:177.10.239.78	SESSION-e700dd1746307a02 → host:177.10.239.78
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0da9d7ff41780d23:SESSION-0da9d7ff41780d23	SESSION-0da9d7ff41780d23 → pe:tls:SESSION-0da9d7ff41780d23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca59b4a9ab5138ce:host:172.234.197.23	SESSION-ca59b4a9ab5138ce → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96c13a83414ab25f:host:177.10.234.64:host:172.234.197.23	SESSION-96c13a83414ab25f → host:177.10.234.64 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6682b9978761b80b:flow:b157c7895367	SESSION-6682b9978761b80b → flow:b157c7895367
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8ee775e10cbe172:host:45.173.156.142	SESSION-b8ee775e10cbe172 → host:45.173.156.142
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e576d93486607572:host:177.10.237.76	SESSION-e576d93486607572 → host:177.10.237.76
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-652478bc70a2d711:PCAP:capture_20260430080001:93f47cc296a4	SESSION-652478bc70a2d711 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9beaab7062aef373:flow:68f66f8b2561	SESSION-9beaab7062aef373 → flow:68f66f8b2561
FLOW_FROM_HOSTOBS	e:from:SESSION-31b6c18ffff74955:host:172.234.197.23	SESSION-31b6c18ffff74955 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f57871a7505a0a35:host:177.10.235.170	SESSION-f57871a7505a0a35 → host:177.10.235.170
FLOW_DST_PORTOBS	e:fp:flow:98242fdada80:port:tcp:443	flow:98242fdada80 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-316a629875744009:host:177.10.236.46	SESSION-316a629875744009 → host:177.10.236.46
flow_observed5-aryOBS	e:fo:flow:1fd9c482bee8	flow:1fd9c482bee8 → host:131.196.31.73 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c5d6e49e2849c20f:SESSION-c5d6e49e2849c20f	SESSION-c5d6e49e2849c20f → pe:tls:SESSION-c5d6e49e2849c20f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf7044e44d29be7c:host:177.10.233.172	SESSION-cf7044e44d29be7c → host:177.10.233.172
FLOW_FROM_HOSTOBS	e:from:SESSION-d4076f0f6734ca69:host:172.234.197.23	SESSION-d4076f0f6734ca69 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1a930dc0f03fa17:flow:8726f97f7e95	SESSION-d1a930dc0f03fa17 → flow:8726f97f7e95
flow_observed5-aryOBS	e:fo:flow:19dac7843a48	flow:19dac7843a48 → host:131.196.31.90 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:497792193906	flow:497792193906 → host:177.10.236.17 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:29ed78ca1b4e	flow:29ed78ca1b4e → host:172.234.197.23 → host:177.10.233.134 → port:tcp:49200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5470436eecf7738e:host:177.10.237.192:host:172.234.197.23	SESSION-5470436eecf7738e → host:177.10.237.192 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73f1c8de70c12118:host:172.234.197.23	SESSION-73f1c8de70c12118 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29fae5326f4697b4:host:131.196.30.142	SESSION-29fae5326f4697b4 → host:131.196.30.142
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.190:asn:262880	host:177.10.239.190 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-b63214403b2d20c7:host:177.10.239.237	SESSION-b63214403b2d20c7 → host:177.10.239.237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fecc6fa34e31300b:host:177.10.238.120	SESSION-fecc6fa34e31300b → host:177.10.238.120
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2235ad305872b9c2:flow:51e729dbd815	SESSION-2235ad305872b9c2 → flow:51e729dbd815
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9726d81acc78b8e7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9726d81acc78b8e7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-e1f0a324b14316cd:BSG-BEACON-461f216927fb	SESSION-e1f0a324b14316cd → BSG-BEACON-461f216927fb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f5bb0fb568e127c0:SESSION-f5bb0fb568e127c0	SESSION-f5bb0fb568e127c0 → pe:syn:SESSION-f5bb0fb568e127c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93446cf6bcbe5afe:host:172.234.197.23	SESSION-93446cf6bcbe5afe → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e47cd7d3b6c5e00d:SESSION-e47cd7d3b6c5e00d	SESSION-e47cd7d3b6c5e00d → pe:syn:SESSION-e47cd7d3b6c5e00d
FLOW_FROM_HOSTOBS	e:from:SESSION-6511e777b0d792c1:host:45.173.156.212	SESSION-6511e777b0d792c1 → host:45.173.156.212
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8d921ace7c85ce9:host:172.234.197.23	SESSION-d8d921ace7c85ce9 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c0ca51e32a85:port:tcp:59058	flow:c0ca51e32a85 → port:tcp:59058
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f718f291e0c401d5:host:177.10.234.184:host:172.234.197.23	SESSION-f718f291e0c401d5 → host:177.10.234.184 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6e6afdb068db09de:host:172.234.197.23	SESSION-6e6afdb068db09de → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da61b01cc679b249:host:131.196.30.213	SESSION-da61b01cc679b249 → host:131.196.30.213
FLOW_TO_HOSTOBS	e:to:SESSION-caa2e371708bdf2e:host:172.234.197.23	SESSION-caa2e371708bdf2e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6a304c3ca72ee3e7:host:177.10.234.214:host:172.234.197.23	SESSION-6a304c3ca72ee3e7 → host:177.10.234.214 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.91:geo_-23.62930_-46.63510	host:131.196.30.91 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8b8b9e098330595b:host:172.234.197.23:host:177.10.239.210	SESSION-8b8b9e098330595b → host:172.234.197.23 → host:177.10.239.210
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b2aed99cc8c09f5c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b2aed99cc8c09f5c → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-27ee7c401cb71f02:host:177.10.234.234	SESSION-27ee7c401cb71f02 → host:177.10.234.234
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee14fe05044df9df:host:172.234.197.23	SESSION-ee14fe05044df9df → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.93:geo_-16.28860_-49.01640	host:177.10.234.93 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-460a4898e7c07917:host:172.234.197.23	SESSION-460a4898e7c07917 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e13a35a59d4e8cb3:host:177.10.234.237	SESSION-e13a35a59d4e8cb3 → host:177.10.234.237
FLOW_DST_PORTOBS	e:fp:flow:24d162cf87c1:port:tcp:443	flow:24d162cf87c1 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:a7d77fe955ab:port:tcp:443	flow:a7d77fe955ab → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b59030bd39741ab3:SESSION-b59030bd39741ab3	SESSION-b59030bd39741ab3 → pe:tls:SESSION-b59030bd39741ab3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4b5ce2843c92e119:SESSION-4b5ce2843c92e119	SESSION-4b5ce2843c92e119 → pe:syn:SESSION-4b5ce2843c92e119
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-28a7ecee4eeacba6:host:177.10.236.92:host:172.234.197.23	SESSION-28a7ecee4eeacba6 → host:177.10.236.92 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ec65811ecc506ca:host:177.10.235.230:host:172.234.197.23	SESSION-2ec65811ecc506ca → host:177.10.235.230 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9c08b167ed56233b:host:172.234.197.23	SESSION-9c08b167ed56233b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d4f3c3204c65c6f4:host:177.10.235.45	SESSION-d4f3c3204c65c6f4 → host:177.10.235.45
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.135:geo_-23.62930_-46.63510	host:131.196.30.135 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9868c83546c2d563:host:131.196.31.23	SESSION-9868c83546c2d563 → host:131.196.31.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-79574872517ba47f:SESSION-79574872517ba47f	SESSION-79574872517ba47f → pe:syn:SESSION-79574872517ba47f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f43bb83d69743819:host:177.10.237.77:host:172.234.197.23	SESSION-f43bb83d69743819 → host:177.10.237.77 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ad4604a15181cb67:SESSION-ad4604a15181cb67	SESSION-ad4604a15181cb67 → pe:tls:SESSION-ad4604a15181cb67
flow_observed4-aryOBS	e:fo:flow:84d1886e94c2	flow:84d1886e94c2 → host:172.234.197.23 → host:131.196.29.120 → port:tcp:26791
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.199:asn:203771	host:31.40.196.199 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c491b8c96ce6e8c2:SESSION-c491b8c96ce6e8c2	SESSION-c491b8c96ce6e8c2 → pe:tls:SESSION-c491b8c96ce6e8c2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14ec4f61373e7262:host:172.234.197.23	SESSION-14ec4f61373e7262 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:7b60f2dd452b	flow:7b60f2dd452b → host:172.234.197.23 → host:177.10.237.82 → port:tcp:3866
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8e9497f317705308:flow:9decf27e0d9d	SESSION-8e9497f317705308 → flow:9decf27e0d9d
FLOW_TO_HOSTOBS	e:to:SESSION-456e7eaee9f2720f:host:172.234.197.23	SESSION-456e7eaee9f2720f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4ddbe5eae3d3	flow:4ddbe5eae3d3 → host:131.196.31.11 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:d71da652648f	flow:d71da652648f → host:131.196.31.157 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cff1d643020db9d5:SESSION-cff1d643020db9d5	SESSION-cff1d643020db9d5 → pe:tls:SESSION-cff1d643020db9d5
FLOW_FROM_HOSTOBS	e:from:SESSION-754d0cc424848140:host:177.10.236.201	SESSION-754d0cc424848140 → host:177.10.236.201
FLOW_FROM_HOSTOBS	e:from:SESSION-e076f857aa349ed0:host:177.10.239.8	SESSION-e076f857aa349ed0 → host:177.10.239.8
FLOW_FROM_HOSTOBS	e:from:SESSION-b7caa5c0db9dc8d4:host:172.234.197.23	SESSION-b7caa5c0db9dc8d4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e0d57b41a397:port:tcp:443	flow:e0d57b41a397 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aede3430ffb62e05:host:172.234.197.23	SESSION-aede3430ffb62e05 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.217:asn:262880	host:177.10.232.217 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.152:asn:203771	host:95.170.25.152 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b8d0e25502f89d2:host:16.112.8.242	SESSION-7b8d0e25502f89d2 → host:16.112.8.242
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e696cf5f8f6db7e6:SESSION-e696cf5f8f6db7e6	SESSION-e696cf5f8f6db7e6 → pe:syn:SESSION-e696cf5f8f6db7e6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f9e70132665ab339:SESSION-f9e70132665ab339	SESSION-f9e70132665ab339 → pe:tls:SESSION-f9e70132665ab339
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88449fe846038c62:host:177.10.238.1	SESSION-88449fe846038c62 → host:177.10.238.1
FLOW_FROM_HOSTOBS	e:from:SESSION-f9c73da0e6ec113c:host:131.196.28.168	SESSION-f9c73da0e6ec113c → host:131.196.28.168
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf7009921f0152ab:host:131.196.28.148	SESSION-cf7009921f0152ab → host:131.196.28.148
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce217831fb6e1103:host:177.10.234.104	SESSION-ce217831fb6e1103 → host:177.10.234.104
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.38:asn:262880	host:177.10.233.38 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.64:geo_-16.28860_-49.01640	host:177.10.236.64 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:e8e27ec2424d	flow:e8e27ec2424d → host:177.10.233.118 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a1570467d4c9a43:SESSION-4a1570467d4c9a43	SESSION-4a1570467d4c9a43 → pe:syn:SESSION-4a1570467d4c9a43
FLOW_DST_PORTOBS	e:fp:flow:4d5be3acf017:port:tcp:443	flow:4d5be3acf017 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-cbc4338326105aa3:host:177.10.234.84	SESSION-cbc4338326105aa3 → host:177.10.234.84
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-39d5adc1c22dd7ee:host:172.234.197.23:host:177.10.237.159	SESSION-39d5adc1c22dd7ee → host:172.234.197.23 → host:177.10.237.159
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.170:geo_-16.28860_-49.01640	host:177.10.236.170 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-64a8475d206a0785:host:172.234.197.23:host:177.10.236.115	SESSION-64a8475d206a0785 → host:172.234.197.23 → host:177.10.236.115
FLOW_TO_HOSTOBS	e:to:SESSION-9338ac17b36dc2c1:host:172.234.197.23	SESSION-9338ac17b36dc2c1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07a7172489c9ad9c:host:172.234.197.23	SESSION-07a7172489c9ad9c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4d9a4406bd7b3b41:host:177.10.239.145:host:172.234.197.23	SESSION-4d9a4406bd7b3b41 → host:177.10.239.145 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b9d11ee49864a2bc:PCAP:capture_20260430060001:919b39a74464	SESSION-b9d11ee49864a2bc → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-99c8a38ab4cce90e:host:45.173.156.101:host:172.234.197.23	SESSION-99c8a38ab4cce90e → host:45.173.156.101 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4f21000eb399:port:tcp:12747	flow:4f21000eb399 → port:tcp:12747
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a10047b74101a9ce:SESSION-a10047b74101a9ce	SESSION-a10047b74101a9ce → pe:syn:SESSION-a10047b74101a9ce
FLOW_TO_HOSTOBS	e:to:SESSION-589f676f16819868:host:177.10.239.139	SESSION-589f676f16819868 → host:177.10.239.139
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a11bbc1f12398e3:host:172.234.197.23	SESSION-0a11bbc1f12398e3 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-70e7a4a5208b1da3:host:177.10.237.89	SESSION-70e7a4a5208b1da3 → host:177.10.237.89
flow_observed4-aryOBS	e:fo:flow:8c1b2bbd3824	flow:8c1b2bbd3824 → host:172.234.197.23 → host:177.10.234.78 → port:tcp:4233
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-415d7b69c6628cc7:host:172.234.197.23:host:45.173.156.3	SESSION-415d7b69c6628cc7 → host:172.234.197.23 → host:45.173.156.3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-82d78308744a8bb2:host:177.10.235.151	SESSION-82d78308744a8bb2 → host:177.10.235.151
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1b588a91707aaaf:host:172.234.197.23	SESSION-d1b588a91707aaaf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e612a684f25ac0f:host:177.10.238.193	SESSION-6e612a684f25ac0f → host:177.10.238.193
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-41c6e0b91a3149eb:SESSION-41c6e0b91a3149eb	SESSION-41c6e0b91a3149eb → pe:tls:SESSION-41c6e0b91a3149eb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-de12aa9c0bf7f485:host:177.10.237.20:host:172.234.197.23	SESSION-de12aa9c0bf7f485 → host:177.10.237.20 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a96ffc9fa12c0c5a:flow:f5e14a7ff597	SESSION-a96ffc9fa12c0c5a → flow:f5e14a7ff597
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-da14e554ef56152a:flow:6bf5043c6103	SESSION-da14e554ef56152a → flow:6bf5043c6103
FLOW_DST_PORTOBS	e:fp:flow:ba77b24e676f:port:tcp:30509	flow:ba77b24e676f → port:tcp:30509
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0fa0595b0c8a6ef6:flow:0c2b465240e5	SESSION-0fa0595b0c8a6ef6 → flow:0c2b465240e5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-38c7d1687d10af97:SESSION-38c7d1687d10af97	SESSION-38c7d1687d10af97 → pe:syn:SESSION-38c7d1687d10af97
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31de31d3c82f498d:host:172.234.197.23	SESSION-31de31d3c82f498d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ee986621b3f988f:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1ee986621b3f988f → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08a40451c9cdc962:host:172.234.197.23	SESSION-08a40451c9cdc962 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7fad01c8dca4d847:host:172.234.197.23:host:177.10.234.74	SESSION-7fad01c8dca4d847 → host:172.234.197.23 → host:177.10.234.74
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-de1fc6391256943a:host:131.196.30.183:host:172.234.197.23	SESSION-de1fc6391256943a → host:131.196.30.183 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ed473d20582b9e99:host:172.234.197.23:host:177.10.236.76	SESSION-ed473d20582b9e99 → host:172.234.197.23 → host:177.10.236.76
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bdbc33b564dc3f1f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-bdbc33b564dc3f1f → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1e2ace7c21b4da04:flow:dca1696aec46	SESSION-1e2ace7c21b4da04 → flow:dca1696aec46
FLOW_FROM_HOSTOBS	e:from:SESSION-d147f8cae941ed80:host:172.234.197.23	SESSION-d147f8cae941ed80 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d58e8fad9dafe114:flow:edbd06217f28	SESSION-d58e8fad9dafe114 → flow:edbd06217f28
FLOW_TLS_SNIOBS	e:fs:flow:0df55cdf98a4:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:0df55cdf98a4 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_DST_PORTOBS	e:fp:flow:3c10ce58d99a:port:tcp:938	flow:3c10ce58d99a → port:tcp:938
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-499399e6896a45f7:SESSION-499399e6896a45f7	SESSION-499399e6896a45f7 → pe:rst:SESSION-499399e6896a45f7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-63e564f28f734573:host:131.196.28.27	SESSION-63e564f28f734573 → host:131.196.28.27
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-87edcc7df5436fbe:host:131.196.29.14:host:172.234.197.23	SESSION-87edcc7df5436fbe → host:131.196.29.14 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0e2a2cd94527	flow:0e2a2cd94527 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0dea31b94d7dde57:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0dea31b94d7dde57 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-958fc48089d68c44:host:177.10.236.245:host:172.234.197.23	SESSION-958fc48089d68c44 → host:177.10.236.245 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2dd1a49fa9f1084b:host:172.234.197.23	SESSION-2dd1a49fa9f1084b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b96b3cde986adfb1:host:172.234.197.23	SESSION-b96b3cde986adfb1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-370545020cd57187:host:177.10.234.215	SESSION-370545020cd57187 → host:177.10.234.215
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e13a35a59d4e8cb3:SESSION-e13a35a59d4e8cb3	SESSION-e13a35a59d4e8cb3 → pe:tls:SESSION-e13a35a59d4e8cb3
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.193:asn:271410	host:131.196.31.193 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fdb0bb1f6466838c:host:177.10.237.49	SESSION-fdb0bb1f6466838c → host:177.10.237.49
FLOW_DST_PORTOBS	e:fp:flow:c65ffce57077:port:tcp:443	flow:c65ffce57077 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-456e62c8b4b103dc:flow:240bff1f6054	SESSION-456e62c8b4b103dc → flow:240bff1f6054
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d47d434116add089:SESSION-d47d434116add089	SESSION-d47d434116add089 → pe:syn:SESSION-d47d434116add089
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a681df8efb85197d:SESSION-a681df8efb85197d	SESSION-a681df8efb85197d → pe:syn:SESSION-a681df8efb85197d
FLOW_FROM_HOSTOBS	e:from:SESSION-f2cbf1ff9debe345:host:177.10.238.77	SESSION-f2cbf1ff9debe345 → host:177.10.238.77
FLOW_TO_HOSTOBS	e:to:SESSION-a4d237675f94d453:host:172.234.197.23	SESSION-a4d237675f94d453 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa08911a1f564da4:host:172.234.197.23	SESSION-fa08911a1f564da4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-171cec02c0effee6:host:177.10.233.255	SESSION-171cec02c0effee6 → host:177.10.233.255
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ee8963275c4b434b:SESSION-ee8963275c4b434b	SESSION-ee8963275c4b434b → pe:syn:SESSION-ee8963275c4b434b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ffa310b40a91058:SESSION-2ffa310b40a91058	SESSION-2ffa310b40a91058 → pe:tls:SESSION-2ffa310b40a91058
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-292edad33ae38c98:SESSION-292edad33ae38c98	SESSION-292edad33ae38c98 → pe:syn:SESSION-292edad33ae38c98
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29cd9f7300aa5893:host:131.196.30.140	SESSION-29cd9f7300aa5893 → host:131.196.30.140
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.104:asn:203771	host:45.145.152.104 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28ea3e411a2de5c2:host:172.234.197.23	SESSION-28ea3e411a2de5c2 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.205:asn:262880	host:177.10.239.205 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:81c6f4e43850:port:tcp:2911	flow:81c6f4e43850 → port:tcp:2911
flow_observed5-aryOBS	e:fo:flow:a74c8a5fa052	flow:a74c8a5fa052 → host:131.196.28.19 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0481c3a1b2d7b867:host:172.234.197.23	SESSION-0481c3a1b2d7b867 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d862dda647c7051:host:44.248.141.231:host:172.234.197.23	SESSION-1d862dda647c7051 → host:44.248.141.231 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4c7b4cea62f376fb:SESSION-4c7b4cea62f376fb	SESSION-4c7b4cea62f376fb → pe:syn:SESSION-4c7b4cea62f376fb
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-1191ea69c7b9e8e5:BSG-DATA_EXFIL-504c9b3624fc	SESSION-1191ea69c7b9e8e5 → BSG-DATA_EXFIL-504c9b3624fc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a1ec79192d74c7af:PCAP:capture_20260430050001:8868731bf8a4	SESSION-a1ec79192d74c7af → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-13f8871a9bd8cb8e:host:172.234.197.23	SESSION-13f8871a9bd8cb8e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-296f629f4229b1a2:host:177.10.238.104	SESSION-296f629f4229b1a2 → host:177.10.238.104
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-626902abaec078eb:SESSION-626902abaec078eb	SESSION-626902abaec078eb → pe:syn:SESSION-626902abaec078eb
FLOW_DST_PORTOBS	e:fp:flow:6b18b465640b:port:tcp:443	flow:6b18b465640b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6354b0819147ed1d:host:177.10.235.113	SESSION-6354b0819147ed1d → host:177.10.235.113
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-27ee7c401cb71f02:host:177.10.234.234:host:172.234.197.23	SESSION-27ee7c401cb71f02 → host:177.10.234.234 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-99d54d6eadbc1138:host:172.234.197.23	SESSION-99d54d6eadbc1138 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6617d8dfad1357d9:SESSION-6617d8dfad1357d9	SESSION-6617d8dfad1357d9 → pe:syn:SESSION-6617d8dfad1357d9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-799494d5bb605f27:host:131.196.30.234	SESSION-799494d5bb605f27 → host:131.196.30.234
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-303cd1de44c58c29:PCAP:capture_20260430150001:ded20914761d	SESSION-303cd1de44c58c29 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-609fd31f908d95c5:flow:594e915dc799	SESSION-609fd31f908d95c5 → flow:594e915dc799
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5c9754d7075a4d12:SESSION-5c9754d7075a4d12	SESSION-5c9754d7075a4d12 → pe:syn:SESSION-5c9754d7075a4d12
FLOW_FROM_HOSTOBS	e:from:SESSION-23deab886ec517b0:host:172.234.197.23	SESSION-23deab886ec517b0 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2460b60c939eb75b:flow:9f556dacd920	SESSION-2460b60c939eb75b → flow:9f556dacd920
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-78704dd999ae95fc:host:131.196.29.183:host:172.234.197.23	SESSION-78704dd999ae95fc → host:131.196.29.183 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b420826720a06333:host:177.10.233.185	SESSION-b420826720a06333 → host:177.10.233.185
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b197d648fac856a7:host:177.10.236.2	SESSION-b197d648fac856a7 → host:177.10.236.2
FLOW_DST_PORTOBS	e:fp:flow:3c848c17c142:port:tcp:443	flow:3c848c17c142 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51b700d0442eff09:flow:3f379966fef2	SESSION-51b700d0442eff09 → flow:3f379966fef2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eade11f9b06e449a:SESSION-eade11f9b06e449a	SESSION-eade11f9b06e449a → pe:syn:SESSION-eade11f9b06e449a
FLOW_TO_HOSTOBS	e:to:SESSION-cd1b98a612532c8e:host:172.234.197.23	SESSION-cd1b98a612532c8e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c651848d98d2f620:host:177.10.235.97	SESSION-c651848d98d2f620 → host:177.10.235.97
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d1075bb458d3b18a:SESSION-d1075bb458d3b18a	SESSION-d1075bb458d3b18a → pe:syn:SESSION-d1075bb458d3b18a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fbd574144622ed91:host:131.196.30.83	SESSION-fbd574144622ed91 → host:131.196.30.83
ASN_IN_ORGOBS 80%	e:ao:asn:139057:org:Edgenext Legend Dynasty Pte. Ltd.	asn:139057 → org:Edgenext Legend Dynasty Pte. Ltd.
FLOW_TO_HOSTOBS	e:to:SESSION-9beaab7062aef373:host:172.234.197.23	SESSION-9beaab7062aef373 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-542567c32b647819:host:131.196.29.129:host:172.234.197.23	SESSION-542567c32b647819 → host:131.196.29.129 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:8cfb704b39ee	flow:8cfb704b39ee → host:172.234.197.23 → host:177.10.232.46 → port:tcp:57787
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ca10b4490797e89:host:177.10.236.236:host:172.234.197.23	SESSION-8ca10b4490797e89 → host:177.10.236.236 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:517307bd400e:port:tcp:919	flow:517307bd400e → port:tcp:919
flow_observed5-aryOBS	e:fo:flow:4832bd407d6b	flow:4832bd407d6b → host:177.10.232.242 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-76fc6cf591b9ed20:host:172.234.197.23:host:177.10.235.15	SESSION-76fc6cf591b9ed20 → host:172.234.197.23 → host:177.10.235.15
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8b3f73c59938d0a7:flow:bda1904aba09	SESSION-8b3f73c59938d0a7 → flow:bda1904aba09
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-27131bb9b9feeb52:PCAP:capture_20260430060001:919b39a74464	SESSION-27131bb9b9feeb52 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-18178a1924ee92a1:host:172.234.197.23	SESSION-18178a1924ee92a1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.187:geo_-16.28860_-49.01640	host:177.10.234.187 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9485d3e307f01514:host:172.234.197.23	SESSION-9485d3e307f01514 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6515500944a7e42e:host:172.234.197.23	SESSION-6515500944a7e42e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0da9d7ff41780d23:PCAP:capture_20260430110001:43611bdf6759	SESSION-0da9d7ff41780d23 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68342cf3c00e7f2e:flow:51a9b0c0e87e	SESSION-68342cf3c00e7f2e → flow:51a9b0c0e87e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a7a1da766d51711:host:177.10.238.94	SESSION-1a7a1da766d51711 → host:177.10.238.94
FLOW_TO_HOSTOBS	e:to:SESSION-2a34ec08b35e90b0:host:172.234.197.23	SESSION-2a34ec08b35e90b0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fc01b506a83e5847:host:172.234.197.23	SESSION-fc01b506a83e5847 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-122d3bc093be76f2:host:131.196.29.226	SESSION-122d3bc093be76f2 → host:131.196.29.226
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.126:geo_-16.28860_-49.01640	host:177.10.238.126 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.164:geo_-23.62930_-46.63510	host:131.196.30.164 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-58fb8de1a3a0b1f1:host:177.10.239.208:host:172.234.197.23	SESSION-58fb8de1a3a0b1f1 → host:177.10.239.208 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1065c42d5133f02c:host:172.234.197.23:host:131.196.31.235	SESSION-1065c42d5133f02c → host:172.234.197.23 → host:131.196.31.235
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc35857ee3808de8:host:172.234.197.23	SESSION-cc35857ee3808de8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c9c0456097f35e54:SESSION-c9c0456097f35e54	SESSION-c9c0456097f35e54 → pe:syn:SESSION-c9c0456097f35e54
FLOW_TO_HOSTOBS	e:to:SESSION-330bec399d401574:host:172.234.197.23	SESSION-330bec399d401574 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-73bdc276c5a845ed:host:131.196.30.104	SESSION-73bdc276c5a845ed → host:131.196.30.104
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.39:asn:262880	host:177.10.237.39 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bea10d62e606d6ea:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-bea10d62e606d6ea → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-9fad2531a6ee4032:host:172.234.197.23	SESSION-9fad2531a6ee4032 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1db6dc9c45987f6e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1db6dc9c45987f6e → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0786c46a404d7589:SESSION-0786c46a404d7589	SESSION-0786c46a404d7589 → pe:syn:SESSION-0786c46a404d7589
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a70cd7da1062faad:flow:a579d4e5af4d	SESSION-a70cd7da1062faad → flow:a579d4e5af4d
flow_observed5-aryOBS	e:fo:flow:b57ca0dc778e	flow:b57ca0dc778e → host:177.10.232.159 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-8749b2c626b3f1be:host:172.234.197.23	SESSION-8749b2c626b3f1be → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e00ced36c846b73a:host:172.234.197.23	SESSION-e00ced36c846b73a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c74fe87f9177e103:SESSION-c74fe87f9177e103	SESSION-c74fe87f9177e103 → pe:tls:SESSION-c74fe87f9177e103
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.91:asn:262880	host:177.10.239.91 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5d5e5bbccd32f2d5:flow:9239765cb326	SESSION-5d5e5bbccd32f2d5 → flow:9239765cb326
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1e028dd5dd71b411:flow:9fb46ecf28f1	SESSION-1e028dd5dd71b411 → flow:9fb46ecf28f1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-93be623985b95b7d:flow:9bcbacd42ba6	SESSION-93be623985b95b7d → flow:9bcbacd42ba6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76d607ccf9e84136:host:177.10.234.6	SESSION-76d607ccf9e84136 → host:177.10.234.6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-077f434652010402:flow:3e48eb65a424	SESSION-077f434652010402 → flow:3e48eb65a424
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-959e19b011db2562:SESSION-959e19b011db2562	SESSION-959e19b011db2562 → pe:tls:SESSION-959e19b011db2562
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f53fdd8a51294c3d:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f53fdd8a51294c3d → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed4-aryOBS	e:fo:flow:a503764de615	flow:a503764de615 → host:172.234.197.23 → host:177.10.238.120 → port:tcp:29147
FLOW_FROM_HOSTOBS	e:from:SESSION-259d89cf1511dc5c:host:131.196.29.27	SESSION-259d89cf1511dc5c → host:131.196.29.27
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8f41d49423a0699:host:172.234.197.23	SESSION-c8f41d49423a0699 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c14806e741c4fd98:host:109.89.117.44	SESSION-c14806e741c4fd98 → host:109.89.117.44
FLOW_FROM_HOSTOBS	e:from:SESSION-176c7cfb0e699b4d:host:172.234.197.23	SESSION-176c7cfb0e699b4d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d083da2d95669221:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d083da2d95669221 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-dc82e917a0ac0289:host:177.10.236.231	SESSION-dc82e917a0ac0289 → host:177.10.236.231
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e88e03e6557ce42:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7e88e03e6557ce42 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fa29bafd0740f46:host:172.234.197.23	SESSION-3fa29bafd0740f46 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96b1920351aaff79:SESSION-96b1920351aaff79	SESSION-96b1920351aaff79 → pe:syn:SESSION-96b1920351aaff79
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dcbceebcfa7feba5:host:177.10.235.79:host:172.234.197.23	SESSION-dcbceebcfa7feba5 → host:177.10.235.79 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:24b7095746b6	flow:24b7095746b6 → host:131.196.30.201 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:3442e9a21fdf:port:tcp:443	flow:3442e9a21fdf → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-91e694161f32570f:host:172.234.197.23	SESSION-91e694161f32570f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-54530aea57b72d0f:host:177.10.237.35	SESSION-54530aea57b72d0f → host:177.10.237.35
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.197:asn:262880	host:177.10.235.197 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-8e44af15232c6a53:host:172.234.197.23	SESSION-8e44af15232c6a53 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a810a8703b9c77f1:SESSION-a810a8703b9c77f1	SESSION-a810a8703b9c77f1 → pe:syn:SESSION-a810a8703b9c77f1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1640005abec031d:host:172.234.197.23	SESSION-c1640005abec031d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ee8a8be73e4592b1:host:172.234.197.23:host:45.173.156.62	SESSION-ee8a8be73e4592b1 → host:172.234.197.23 → host:45.173.156.62
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-de46def2c97c3533:flow:f6b045a7a943	SESSION-de46def2c97c3533 → flow:f6b045a7a943
FLOW_DST_PORTOBS	e:fp:flow:ec5e5082148e:port:tcp:40736	flow:ec5e5082148e → port:tcp:40736
FLOW_DST_PORTOBS	e:fp:flow:d10d98940d27:port:tcp:58108	flow:d10d98940d27 → port:tcp:58108
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6944fe230f08618b:host:131.196.29.29	SESSION-6944fe230f08618b → host:131.196.29.29
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a82c7f51b8bc2f4f:host:131.196.31.140	SESSION-a82c7f51b8bc2f4f → host:131.196.31.140
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e074c277760af7b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4e074c277760af7b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-498c2476ff0ce5ee:host:172.234.197.23	SESSION-498c2476ff0ce5ee → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-00ca7ee72922697b:host:131.196.29.164:host:172.234.197.23	SESSION-00ca7ee72922697b → host:131.196.29.164 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.204:geo_-23.62930_-46.63510	host:131.196.31.204 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:89b547a4b5d8:port:tcp:443	flow:89b547a4b5d8 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:4d1d32275cd9:port:tcp:443	flow:4d1d32275cd9 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-171cec02c0effee6:SESSION-171cec02c0effee6	SESSION-171cec02c0effee6 → pe:tls:SESSION-171cec02c0effee6
HOST_IN_ASNOBS 85%	e:ha:host:93.119.5.133:asn:20857	host:93.119.5.133 → asn:20857
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ed760af2d8fedd4:host:172.234.197.23	SESSION-2ed760af2d8fedd4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:73eaad2a4580:port:tcp:443	flow:73eaad2a4580 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-78b6e298ccb2dbce:PCAP:capture_20260430090001:065659c7d314	SESSION-78b6e298ccb2dbce → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-6da60a47e57e7ba3:host:45.173.156.243	SESSION-6da60a47e57e7ba3 → host:45.173.156.243
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6c8dea047b3a203b:host:131.196.29.164:host:172.234.197.23	SESSION-6c8dea047b3a203b → host:131.196.29.164 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.162:asn:271410	host:131.196.31.162 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf669240db189a71:host:177.10.237.12	SESSION-cf669240db189a71 → host:177.10.237.12
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4203cad708a9d562:host:172.234.197.23	SESSION-4203cad708a9d562 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0be445b3f7e1:port:tcp:25196	flow:0be445b3f7e1 → port:tcp:25196
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8feacc6abd2fe08c:SESSION-8feacc6abd2fe08c	SESSION-8feacc6abd2fe08c → pe:syn:SESSION-8feacc6abd2fe08c
flow_observed4-aryOBS	e:fo:flow:0d841c385d57	flow:0d841c385d57 → host:172.234.197.23 → host:131.196.30.9 → port:tcp:4711
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-693fee7d62fe51b9:host:177.10.232.88	SESSION-693fee7d62fe51b9 → host:177.10.232.88
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.90:geo_-23.62930_-46.63510	host:131.196.29.90 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1d152bdff2d4d10:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d1d152bdff2d4d10 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e2811d191c294e0:host:172.234.197.23:host:177.10.236.159	SESSION-7e2811d191c294e0 → host:172.234.197.23 → host:177.10.236.159
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-848453a25431759d:flow:b28ee83bee37	SESSION-848453a25431759d → flow:b28ee83bee37
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f7d282d56df8eba3:SESSION-f7d282d56df8eba3	SESSION-f7d282d56df8eba3 → pe:syn:SESSION-f7d282d56df8eba3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.253:geo_-16.28860_-49.01640	host:177.10.234.253 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-7fc1282909254587:host:103.230.240.59	SESSION-7fc1282909254587 → host:103.230.240.59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-784ef99bf699df93:SESSION-784ef99bf699df93	SESSION-784ef99bf699df93 → pe:tls:SESSION-784ef99bf699df93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e6511da7c7cd8e1:SESSION-4e6511da7c7cd8e1	SESSION-4e6511da7c7cd8e1 → pe:syn:SESSION-4e6511da7c7cd8e1
FLOW_TO_HOSTOBS	e:to:SESSION-b0e4303498e9ae3e:host:172.234.197.23	SESSION-b0e4303498e9ae3e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:85d6ec4465fb:port:tcp:443	flow:85d6ec4465fb → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9af79ddb47e5c950:SESSION-9af79ddb47e5c950	SESSION-9af79ddb47e5c950 → pe:tls:SESSION-9af79ddb47e5c950
flow_observed3-aryOBS	e:fo:flow:a7699745f5ad	flow:a7699745f5ad → host:44.247.223.188 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bfd9e24a99b67097:flow:d73b005dadbd	SESSION-bfd9e24a99b67097 → flow:d73b005dadbd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f30e546741e354a:host:131.196.29.139	SESSION-4f30e546741e354a → host:131.196.29.139
FLOW_FROM_HOSTOBS	e:from:SESSION-c5c562cec43ce89e:host:54.218.65.249	SESSION-c5c562cec43ce89e → host:54.218.65.249
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.201:asn:271410	host:131.196.28.201 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-f19ceabce4d2fbb5:host:172.234.197.23	SESSION-f19ceabce4d2fbb5 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:190945c4b75d	flow:190945c4b75d → host:177.10.239.74 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-388e36b23caa508f:host:172.234.197.23	SESSION-388e36b23caa508f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fc0d354223e065ab:host:59.24.133.197	SESSION-fc0d354223e065ab → host:59.24.133.197
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3df67864d859fde0:host:172.234.197.23:host:131.196.31.182	SESSION-3df67864d859fde0 → host:172.234.197.23 → host:131.196.31.182
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c6d8c2f7fc43f382:flow:70cdb8314418	SESSION-c6d8c2f7fc43f382 → flow:70cdb8314418
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c89e102c8b8b6c97:host:172.234.197.23	SESSION-c89e102c8b8b6c97 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-44555c754c6c7558:PCAP:capture_20260430060001:919b39a74464	SESSION-44555c754c6c7558 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:5ea383d079f2:port:tcp:443	flow:5ea383d079f2 → port:tcp:443
FLOW_QUERIED_DNSOBS	e:fd:flow:ce39f2d1d3cb:dns:172-234-197-23.ip.linodeusercontent.com	flow:ce39f2d1d3cb → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fc18a12b15fb2c84:flow:4d1d32275cd9	SESSION-fc18a12b15fb2c84 → flow:4d1d32275cd9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0940876600cf1421:host:172.234.197.23:host:177.10.233.177	SESSION-0940876600cf1421 → host:172.234.197.23 → host:177.10.233.177
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-df808ed8a09d8e60:PCAP:capture_20260430150001:ded20914761d	SESSION-df808ed8a09d8e60 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f3cf945d3d1ddd41:SESSION-f3cf945d3d1ddd41	SESSION-f3cf945d3d1ddd41 → pe:syn:SESSION-f3cf945d3d1ddd41
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-415d7b69c6628cc7:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-415d7b69c6628cc7 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.72:asn:262880	host:177.10.236.72 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-687dc6215da3af8c:host:177.10.233.167	SESSION-687dc6215da3af8c → host:177.10.233.167
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f65d16e06243eafc:host:172.234.197.23	SESSION-f65d16e06243eafc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3a58fc1fb15d0c4:host:131.196.31.8	SESSION-c3a58fc1fb15d0c4 → host:131.196.31.8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-47fa70a72a159eed:SESSION-47fa70a72a159eed	SESSION-47fa70a72a159eed → pe:tls:SESSION-47fa70a72a159eed
FLOW_DST_PORTOBS	e:fp:flow:e14e48e38747:port:udp:53	flow:e14e48e38747 → port:udp:53
FLOW_QUERIED_DNSOBS	e:fd:flow:3f94093d8b40:dns:172-234-197-23.ip.linodeusercontent.com	flow:3f94093d8b40 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-df8de933ba817d8f:SESSION-df8de933ba817d8f	SESSION-df8de933ba817d8f → pe:syn:SESSION-df8de933ba817d8f
FLOW_DST_PORTOBS	e:fp:flow:d17d49ee9d80:port:tcp:443	flow:d17d49ee9d80 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9eda278d49363b57:host:131.196.28.187:host:172.234.197.23	SESSION-9eda278d49363b57 → host:131.196.28.187 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:700fed86d816:dns:172-234-197-23.ip.linodeusercontent.com	flow:700fed86d816 → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-f306c00af6aee0a4:host:177.10.236.239	SESSION-f306c00af6aee0a4 → host:177.10.236.239
FLOW_DST_PORTOBS	e:fp:flow:b8412c71c5ee:port:tcp:443	flow:b8412c71c5ee → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.196:asn:271410	host:131.196.30.196 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d69d721ba9bae694:host:172.234.197.23	SESSION-d69d721ba9bae694 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d5ec38dc75ef648:host:172.234.197.23	SESSION-7d5ec38dc75ef648 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a0c382eb3c90:port:tcp:443	flow:a0c382eb3c90 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fd573746c1e36a64:SESSION-fd573746c1e36a64	SESSION-fd573746c1e36a64 → pe:syn:SESSION-fd573746c1e36a64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-40f1f2214a3951bb:SESSION-40f1f2214a3951bb	SESSION-40f1f2214a3951bb → pe:syn:SESSION-40f1f2214a3951bb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-20066dd45b76b973:host:131.196.28.45:host:172.234.197.23	SESSION-20066dd45b76b973 → host:131.196.28.45 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2bec5cd34a40	flow:2bec5cd34a40 → host:131.196.31.140 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.53:geo_-23.62930_-46.63510	host:131.196.29.53 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:34.216.76.26:geo_45.84010_-119.70500	host:34.216.76.26 → geo_45.84010_-119.70500
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.234:geo_-23.62930_-46.63510	host:131.196.29.234 → geo_-23.62930_-46.63510
ASN_IN_ORGOBS 80%	e:ao:asn:48090:org:Techoff Srv Limited	asn:48090 → org:Techoff Srv Limited
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0c9a0f035acc4428:SESSION-0c9a0f035acc4428	SESSION-0c9a0f035acc4428 → pe:tls:SESSION-0c9a0f035acc4428
FLOW_DST_PORTOBS	e:fp:flow:624258993193:port:tcp:39260	flow:624258993193 → port:tcp:39260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-91da8f4807f085e6:host:172.234.197.23:host:177.10.235.225	SESSION-91da8f4807f085e6 → host:172.234.197.23 → host:177.10.235.225
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.94:geo_-16.28860_-49.01640	host:177.10.237.94 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5bec9c6872f5835:host:172.234.197.23:host:45.173.156.117	SESSION-b5bec9c6872f5835 → host:172.234.197.23 → host:45.173.156.117
FLOW_FROM_HOSTOBS	e:from:SESSION-8897ca7200c8655e:host:172.234.197.23	SESSION-8897ca7200c8655e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ce1a5aa06c53f62:SESSION-8ce1a5aa06c53f62	SESSION-8ce1a5aa06c53f62 → pe:syn:SESSION-8ce1a5aa06c53f62
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-619cd2820aafdf33:SESSION-619cd2820aafdf33	SESSION-619cd2820aafdf33 → pe:tls:SESSION-619cd2820aafdf33
FLOW_DST_PORTOBS	e:fp:flow:31ddd533e1a8:port:tcp:443	flow:31ddd533e1a8 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-72411a82d36d6add:host:177.10.237.107:host:172.234.197.23	SESSION-72411a82d36d6add → host:177.10.237.107 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad468f8fa72444f5:host:177.10.236.16	SESSION-ad468f8fa72444f5 → host:177.10.236.16
FLOW_DST_PORTOBS	e:fp:flow:bcf0ab95c867:port:tcp:23835	flow:bcf0ab95c867 → port:tcp:23835
FLOW_TO_HOSTOBS	e:to:SESSION-c93964ffa7e29d50:host:172.234.197.23	SESSION-c93964ffa7e29d50 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3393fca13374f4c8:host:172.234.197.23	SESSION-3393fca13374f4c8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6af89b3798eaaf52:host:131.196.31.196	SESSION-6af89b3798eaaf52 → host:131.196.31.196
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-68317c08ea2eebc2:SESSION-68317c08ea2eebc2	SESSION-68317c08ea2eebc2 → pe:syn:SESSION-68317c08ea2eebc2
FLOW_FROM_HOSTOBS	e:from:SESSION-f377c5e49ededc1c:host:172.234.197.23	SESSION-f377c5e49ededc1c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0efcb065a58cc475:SESSION-0efcb065a58cc475	SESSION-0efcb065a58cc475 → pe:tls:SESSION-0efcb065a58cc475
FLOW_DST_PORTOBS	e:fp:flow:d5753efef811:port:tcp:63097	flow:d5753efef811 → port:tcp:63097
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d083da2d95669221:SESSION-d083da2d95669221	SESSION-d083da2d95669221 → pe:tls:SESSION-d083da2d95669221
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.11:asn:262880	host:177.10.232.11 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-01e9e36dd29e3f1f:host:172.234.197.23	SESSION-01e9e36dd29e3f1f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cf7009921f0152ab:SESSION-cf7009921f0152ab	SESSION-cf7009921f0152ab → pe:tls:SESSION-cf7009921f0152ab
FLOW_TO_HOSTOBS	e:to:SESSION-58a871785a3878fd:host:45.173.156.126	SESSION-58a871785a3878fd → host:45.173.156.126
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b0dab8159384d982:flow:7577abd2e0d4	SESSION-b0dab8159384d982 → flow:7577abd2e0d4
flow_observed4-aryOBS	e:fo:flow:28adc96fab59	flow:28adc96fab59 → host:172.234.197.23 → host:131.196.30.140 → port:tcp:24028
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-01e03a84392b1398:flow:a3391bc3a0b3	SESSION-01e03a84392b1398 → flow:a3391bc3a0b3
flow_observed4-aryOBS	e:fo:flow:00b9bd232140	flow:00b9bd232140 → host:172.234.197.23 → host:131.196.29.186 → port:tcp:55105
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dbacd0066146a93a:host:172.234.197.23	SESSION-dbacd0066146a93a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4b1f95fcf0f122c7:flow:2f8e534a226c	SESSION-4b1f95fcf0f122c7 → flow:2f8e534a226c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-02e2db787a51689b:SESSION-02e2db787a51689b	SESSION-02e2db787a51689b → pe:tls:SESSION-02e2db787a51689b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-27f33a2015337a96:SESSION-27f33a2015337a96	SESSION-27f33a2015337a96 → pe:tls:SESSION-27f33a2015337a96
FLOW_DST_PORTOBS	e:fp:flow:ace9cb4d5e9d:port:tcp:443	flow:ace9cb4d5e9d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7738f57138403f60:SESSION-7738f57138403f60	SESSION-7738f57138403f60 → pe:tls:SESSION-7738f57138403f60
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96b1920351aaff79:SESSION-96b1920351aaff79	SESSION-96b1920351aaff79 → pe:tls:SESSION-96b1920351aaff79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1bc39f4f18cf27f2:host:131.196.30.225	SESSION-1bc39f4f18cf27f2 → host:131.196.30.225
FLOW_FROM_HOSTOBS	e:from:SESSION-cd4d686620f5fc14:host:13.53.140.247	SESSION-cd4d686620f5fc14 → host:13.53.140.247
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e41b633abf5898e8:host:177.10.233.107:host:172.234.197.23	SESSION-e41b633abf5898e8 → host:177.10.233.107 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.73:geo_-16.28860_-49.01640	host:177.10.234.73 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-991550775dcb0266:SESSION-991550775dcb0266	SESSION-991550775dcb0266 → pe:syn:SESSION-991550775dcb0266
FLOW_TO_HOSTOBS	e:to:SESSION-c15ada1b10271eef:host:172.234.197.23	SESSION-c15ada1b10271eef → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20b9f3feffcc2290:host:172.234.197.23	SESSION-20b9f3feffcc2290 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-93d8ace0d48e8910:host:177.10.232.19:host:172.234.197.23	SESSION-93d8ace0d48e8910 → host:177.10.232.19 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a39fcd817f5f	flow:a39fcd817f5f → host:177.10.233.93 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:29d5777d97f1:port:tcp:443	flow:29d5777d97f1 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:dcf36065a524	flow:dcf36065a524 → host:131.196.31.199 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e673f566483c0ed3:SESSION-e673f566483c0ed3	SESSION-e673f566483c0ed3 → pe:tls:SESSION-e673f566483c0ed3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94dde62df04dcb4a:host:177.10.235.227	SESSION-94dde62df04dcb4a → host:177.10.235.227
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.92:geo_-16.28860_-49.01640	host:177.10.238.92 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:b825d8535e2c:port:tcp:443	flow:b825d8535e2c → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:abdf49a61050:port:tcp:443	flow:abdf49a61050 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5bfd6f31a89c294d:flow:a2e558ecc3f4	SESSION-5bfd6f31a89c294d → flow:a2e558ecc3f4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2faf2af9b390693e:flow:0fbc9a4b7bce	SESSION-2faf2af9b390693e → flow:0fbc9a4b7bce
flow_observed3-aryOBS	e:fo:flow:6a188c0fef4c	flow:6a188c0fef4c → host:51.21.249.220 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.102:asn:271410	host:131.196.30.102 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c532caa5d41cfcbc:SESSION-c532caa5d41cfcbc	SESSION-c532caa5d41cfcbc → pe:syn:SESSION-c532caa5d41cfcbc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-144e16262f6e2a62:SESSION-144e16262f6e2a62	SESSION-144e16262f6e2a62 → pe:tls:SESSION-144e16262f6e2a62
FLOW_FROM_HOSTOBS	e:from:SESSION-19ad8f01572b4d12:host:172.234.197.23	SESSION-19ad8f01572b4d12 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-708abc4c81aa7c60:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-708abc4c81aa7c60 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7fb420f75ffa7d0f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7fb420f75ffa7d0f → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-28599206da4f4816:SESSION-28599206da4f4816	SESSION-28599206da4f4816 → pe:tls:SESSION-28599206da4f4816
FLOW_TO_HOSTOBS	e:to:SESSION-848453a25431759d:host:177.10.232.12	SESSION-848453a25431759d → host:177.10.232.12
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.186:geo_-21.10010_-41.69200	host:45.173.156.186 → geo_-21.10010_-41.69200
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.254:geo_-16.28860_-49.01640	host:177.10.232.254 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2b55c597efe9edc:host:44.247.223.188	SESSION-d2b55c597efe9edc → host:44.247.223.188
FLOW_DST_PORTOBS	e:fp:flow:507197005ee2:port:tcp:443	flow:507197005ee2 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-f88b9847e7767e00:host:172.234.197.23	SESSION-f88b9847e7767e00 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7fd72175928a8e59:SESSION-7fd72175928a8e59	SESSION-7fd72175928a8e59 → pe:syn:SESSION-7fd72175928a8e59
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.101:geo_-16.28860_-49.01640	host:177.10.236.101 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf1877ae18abdd85:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-bf1877ae18abdd85 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17dd55091d27669a:host:172.234.197.23	SESSION-17dd55091d27669a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d1c9303996834523:host:177.10.238.217	SESSION-d1c9303996834523 → host:177.10.238.217
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d2e29524ed5dcc05:SESSION-d2e29524ed5dcc05	SESSION-d2e29524ed5dcc05 → pe:tls:SESSION-d2e29524ed5dcc05
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c47d04961700459f:host:172.234.197.23	SESSION-c47d04961700459f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d3362d5dbe1e:port:tcp:60337	flow:d3362d5dbe1e → port:tcp:60337
FLOW_TO_HOSTOBS	e:to:SESSION-7948a18eeb1cbc0d:host:172.234.197.23	SESSION-7948a18eeb1cbc0d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6f99e1376da42693:host:172.234.197.23	SESSION-6f99e1376da42693 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-00d1a9c01c6924fe:host:172.234.197.23	SESSION-00d1a9c01c6924fe → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:41b26e9c961c	flow:41b26e9c961c → host:177.10.232.181 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ffe6ab3345b8c10e:PCAP:capture_20260430090001:065659c7d314	SESSION-ffe6ab3345b8c10e → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-7a11ee5d378ab4f4:host:177.10.236.154	SESSION-7a11ee5d378ab4f4 → host:177.10.236.154
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.52:asn:262880	host:177.10.233.52 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:17.22.253.177:asn:714	host:17.22.253.177 → asn:714
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-14cb036847147428:SESSION-14cb036847147428	SESSION-14cb036847147428 → pe:tls:SESSION-14cb036847147428
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c7b20ceba4f49bfd:SESSION-c7b20ceba4f49bfd	SESSION-c7b20ceba4f49bfd → pe:syn:SESSION-c7b20ceba4f49bfd
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-3854a3544c69d398:BSG-BEACON-e07f4250263f	SESSION-3854a3544c69d398 → BSG-BEACON-e07f4250263f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e696cf5f8f6db7e6:host:177.10.232.115:host:172.234.197.23	SESSION-e696cf5f8f6db7e6 → host:177.10.232.115 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.5:geo_-23.62930_-46.63510	host:131.196.30.5 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:85f692c6f243:port:tcp:30084	flow:85f692c6f243 → port:tcp:30084
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3ca442589a0a5e5d:SESSION-3ca442589a0a5e5d	SESSION-3ca442589a0a5e5d → pe:syn:SESSION-3ca442589a0a5e5d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7771c9cc3604c57a:SESSION-7771c9cc3604c57a	SESSION-7771c9cc3604c57a → pe:syn:SESSION-7771c9cc3604c57a
FLOW_DST_PORTOBS	e:fp:flow:c45f5a560659:port:tcp:80	flow:c45f5a560659 → port:tcp:80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cfde024084873f29:SESSION-cfde024084873f29	SESSION-cfde024084873f29 → pe:tls:SESSION-cfde024084873f29
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.42:geo_-23.62930_-46.63510	host:131.196.30.42 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-de7198c98f7f92ee:SESSION-de7198c98f7f92ee	SESSION-de7198c98f7f92ee → pe:syn:SESSION-de7198c98f7f92ee
FLOW_FROM_HOSTOBS	e:from:SESSION-aa51bce6270c7d63:host:177.10.232.167	SESSION-aa51bce6270c7d63 → host:177.10.232.167
FLOW_FROM_HOSTOBS	e:from:SESSION-cd38adf08b5d5a9e:host:69.222.187.134	SESSION-cd38adf08b5d5a9e → host:69.222.187.134
flow_observed4-aryOBS	e:fo:flow:baf8cb1ead66	flow:baf8cb1ead66 → host:172.234.197.23 → host:177.10.233.77 → port:tcp:24082
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-915c694a7f41c8e3:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-915c694a7f41c8e3 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b6d44dc6146dcb58:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b6d44dc6146dcb58 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a98ae7d95e9a62c0:host:131.196.30.44	SESSION-a98ae7d95e9a62c0 → host:131.196.30.44
FLOW_FROM_HOSTOBS	e:from:SESSION-d9fdfee14b0ac469:host:172.234.197.23	SESSION-d9fdfee14b0ac469 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9ccda023099c:port:tcp:443	flow:9ccda023099c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95f80a98e12e105d:host:45.173.156.125	SESSION-95f80a98e12e105d → host:45.173.156.125
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c5664e67ab454dc8:flow:0c9e5a5fe931	SESSION-c5664e67ab454dc8 → flow:0c9e5a5fe931
flow_observed5-aryOBS	e:fo:flow:b97c402bad8c	flow:b97c402bad8c → host:97.139.12.85 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4f3c3204c65c6f4:host:177.10.235.45	SESSION-d4f3c3204c65c6f4 → host:177.10.235.45
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e7a6b146488afb43:flow:7a831aeb3bd8	SESSION-e7a6b146488afb43 → flow:7a831aeb3bd8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-37a8b94aca0a72fd:SESSION-37a8b94aca0a72fd	SESSION-37a8b94aca0a72fd → pe:tls:SESSION-37a8b94aca0a72fd
FLOW_DST_PORTOBS	e:fp:flow:511640d4b71a:port:tcp:443	flow:511640d4b71a → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:e94650369669:port:tcp:443	flow:e94650369669 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-295a993db8b4e397:host:172.234.197.23	SESSION-295a993db8b4e397 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-316231fad61f009e:SESSION-316231fad61f009e	SESSION-316231fad61f009e → pe:tls:SESSION-316231fad61f009e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b0b067dd86042d0a:host:177.10.236.3:host:172.234.197.23	SESSION-b0b067dd86042d0a → host:177.10.236.3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-16a55bcfd76736b7:SESSION-16a55bcfd76736b7	SESSION-16a55bcfd76736b7 → pe:syn:SESSION-16a55bcfd76736b7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d60298c7dc6ec77f:host:177.10.234.118:host:172.234.197.23	SESSION-d60298c7dc6ec77f → host:177.10.234.118 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0758ca9101405049:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0758ca9101405049 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-d6c901db44791138:host:45.173.156.36	SESSION-d6c901db44791138 → host:45.173.156.36
FLOW_FROM_HOSTOBS	e:from:SESSION-4081c2e8ed1c2925:host:172.234.197.23	SESSION-4081c2e8ed1c2925 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8c2c13a662a6:port:tcp:443	flow:8c2c13a662a6 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.220:asn:273470	host:45.173.156.220 → asn:273470
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0393cf21271be7e9:PCAP:capture_20260430110001:43611bdf6759	SESSION-0393cf21271be7e9 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-97b2355356a85562:host:172.234.197.23	SESSION-97b2355356a85562 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c1b9603c0e1ea765:host:131.196.30.244	SESSION-c1b9603c0e1ea765 → host:131.196.30.244
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-574dd53dd07894c0:SESSION-574dd53dd07894c0	SESSION-574dd53dd07894c0 → pe:tls:SESSION-574dd53dd07894c0
FLOW_TO_HOSTOBS	e:to:SESSION-adbb0156eea80d2f:host:172.234.197.23	SESSION-adbb0156eea80d2f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f93cb0de4645e47:host:131.196.31.29	SESSION-2f93cb0de4645e47 → host:131.196.31.29
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0f5313432825fa0:host:172.234.197.23	SESSION-f0f5313432825fa0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-838eea3d6dd669fd:SESSION-838eea3d6dd669fd	SESSION-838eea3d6dd669fd → pe:tls:SESSION-838eea3d6dd669fd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95229c7c61064646:host:172.234.197.23	SESSION-95229c7c61064646 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-be24a8e57194faf0:SESSION-be24a8e57194faf0	SESSION-be24a8e57194faf0 → pe:tls:SESSION-be24a8e57194faf0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9a466e26c77a91e3:SESSION-9a466e26c77a91e3	SESSION-9a466e26c77a91e3 → pe:tls:SESSION-9a466e26c77a91e3
FLOW_TO_HOSTOBS	e:to:SESSION-3f38f9d39dae0e5a:host:172.234.197.23	SESSION-3f38f9d39dae0e5a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-609881b75f195530:PCAP:capture_20260430050001:8868731bf8a4	SESSION-609881b75f195530 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:486b55844e41	flow:486b55844e41 → host:172.234.197.23 → host:131.196.30.78 → port:tcp:2396
FLOW_DST_PORTOBS	e:fp:flow:094031b5c080:port:tcp:443	flow:094031b5c080 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a1ec79192d74c7af:flow:39b0cee06cef	SESSION-a1ec79192d74c7af → flow:39b0cee06cef
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bb70871923a8cd06:PCAP:capture_20260430160001:9bfa4498506a	SESSION-bb70871923a8cd06 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9dcf6e772a239b46:host:177.10.235.202	SESSION-9dcf6e772a239b46 → host:177.10.235.202
FLOW_DST_PORTOBS	e:fp:flow:6d30acc95cd3:port:tcp:3444	flow:6d30acc95cd3 → port:tcp:3444
FLOW_DST_PORTOBS	e:fp:flow:3d8c4a263311:port:tcp:443	flow:3d8c4a263311 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.43:geo_-16.28860_-49.01640	host:177.10.234.43 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6f4863e4efa4050:host:177.10.233.248	SESSION-b6f4863e4efa4050 → host:177.10.233.248
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ac058e9f0280088:host:18.100.238.122:host:172.234.197.23	SESSION-2ac058e9f0280088 → host:18.100.238.122 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1fc518dfa07303a8:host:172.234.197.23	SESSION-1fc518dfa07303a8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9af79ddb47e5c950:host:172.234.197.23	SESSION-9af79ddb47e5c950 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8e33208793a04fae:flow:d6349588a2ae	SESSION-8e33208793a04fae → flow:d6349588a2ae
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c93e86640e8945ad:flow:7034e2e8b8e3	SESSION-c93e86640e8945ad → flow:7034e2e8b8e3
FLOW_DST_PORTOBS	e:fp:flow:88a9c99b3785:port:tcp:33932	flow:88a9c99b3785 → port:tcp:33932
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.62:geo_-16.28860_-49.01640	host:177.10.232.62 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3cc71da406a2797a:host:45.145.152.188	SESSION-3cc71da406a2797a → host:45.145.152.188
FLOW_DST_PORTOBS	e:fp:flow:29ba545d482d:port:tcp:443	flow:29ba545d482d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ccde81b4fef5a18e:SESSION-ccde81b4fef5a18e	SESSION-ccde81b4fef5a18e → pe:syn:SESSION-ccde81b4fef5a18e
FLOW_FROM_HOSTOBS	e:from:SESSION-07124c917c797d63:host:95.170.25.64	SESSION-07124c917c797d63 → host:95.170.25.64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6da898acb6c07034:host:172.234.197.23	SESSION-6da898acb6c07034 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-14a74b0f0f76c3f9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-14a74b0f0f76c3f9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a27690ff20574d25:host:172.234.197.23	SESSION-a27690ff20574d25 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-02cad694702cb9f1:host:177.10.235.25:host:172.234.197.23	SESSION-02cad694702cb9f1 → host:177.10.235.25 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0e323950505f0871:SESSION-0e323950505f0871	SESSION-0e323950505f0871 → pe:tls:SESSION-0e323950505f0871
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dee230b22d739e8a:SESSION-dee230b22d739e8a	SESSION-dee230b22d739e8a → pe:syn:SESSION-dee230b22d739e8a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1b7e5e87f526ce8d:flow:c1a070eb40ea	SESSION-1b7e5e87f526ce8d → flow:c1a070eb40ea
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.58:geo_-16.28860_-49.01640	host:177.10.237.58 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-314272d88a452691:host:177.10.238.57	SESSION-314272d88a452691 → host:177.10.238.57
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-12879c55e793c987:PCAP:capture_20260430080001:93f47cc296a4	SESSION-12879c55e793c987 → PCAP:capture_20260430080001:93f47cc296a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.27:geo_-16.28860_-49.01640	host:177.10.237.27 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a9beff4b34540729:SESSION-a9beff4b34540729	SESSION-a9beff4b34540729 → pe:syn:SESSION-a9beff4b34540729
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d0835843463ad3c8:host:131.196.29.225:host:172.234.197.23	SESSION-d0835843463ad3c8 → host:131.196.29.225 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10ba6936b0af1959:host:172.234.197.23	SESSION-10ba6936b0af1959 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a79875656e67c68:host:172.234.197.23	SESSION-0a79875656e67c68 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b9f43ed2bc91ec43:host:177.10.235.169:host:172.234.197.23	SESSION-b9f43ed2bc91ec43 → host:177.10.235.169 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f6061b9b172c119c:host:177.10.236.174	SESSION-f6061b9b172c119c → host:177.10.236.174
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.166:geo_-16.28860_-49.01640	host:177.10.234.166 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-a9e0f3ba046c015f:host:131.196.30.183	SESSION-a9e0f3ba046c015f → host:131.196.30.183
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1d2ea88f589d3294:SESSION-1d2ea88f589d3294	SESSION-1d2ea88f589d3294 → pe:syn:SESSION-1d2ea88f589d3294
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b4a3756900fa00c:host:172.234.197.23	SESSION-7b4a3756900fa00c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2b1b7c009dcf05e:host:177.10.235.151	SESSION-e2b1b7c009dcf05e → host:177.10.235.151
flow_observed5-aryOBS	e:fo:flow:46b2fc5fae22	flow:46b2fc5fae22 → host:45.173.156.190 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6511e777b0d792c1:SESSION-6511e777b0d792c1	SESSION-6511e777b0d792c1 → pe:syn:SESSION-6511e777b0d792c1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2d3ff3dcf229051b:SESSION-2d3ff3dcf229051b	SESSION-2d3ff3dcf229051b → pe:syn:SESSION-2d3ff3dcf229051b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2db2b0c2312c18a1:host:172.234.197.23	SESSION-2db2b0c2312c18a1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3988e0c31504:port:tcp:443	flow:3988e0c31504 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-566179d6a12d7e1c:host:172.234.197.23	SESSION-566179d6a12d7e1c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:df66ab69b89e	flow:df66ab69b89e → host:45.173.156.56 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:ca22a7528306	flow:ca22a7528306 → host:177.10.235.109 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-259d89cf1511dc5c:SESSION-259d89cf1511dc5c	SESSION-259d89cf1511dc5c → pe:tls:SESSION-259d89cf1511dc5c
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.29:asn:262880	host:177.10.233.29 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-669a514c7e7ceed8:host:172.234.197.23:host:177.10.239.84	SESSION-669a514c7e7ceed8 → host:172.234.197.23 → host:177.10.239.84
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b65c6ec30f2c8117:host:177.10.238.246	SESSION-b65c6ec30f2c8117 → host:177.10.238.246
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ff369745433a15b5:host:177.10.236.176:host:172.234.197.23	SESSION-ff369745433a15b5 → host:177.10.236.176 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a1570467d4c9a43:flow:d88e4c33e170	SESSION-4a1570467d4c9a43 → flow:d88e4c33e170
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.179:asn:262880	host:177.10.238.179 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.61:asn:262880	host:177.10.237.61 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-93cfcdba6a26f550:SESSION-93cfcdba6a26f550	SESSION-93cfcdba6a26f550 → pe:syn:SESSION-93cfcdba6a26f550
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f9ee22ced6a72efa:SESSION-f9ee22ced6a72efa	SESSION-f9ee22ced6a72efa → pe:syn:SESSION-f9ee22ced6a72efa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b53b1a2dc18d6354:host:172.234.197.23	SESSION-b53b1a2dc18d6354 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-99cedbc5d14c9ef2:SESSION-99cedbc5d14c9ef2	SESSION-99cedbc5d14c9ef2 → pe:syn:SESSION-99cedbc5d14c9ef2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.254.24.234:geo_1.29390_103.84610	host:54.254.24.234 → geo_1.29390_103.84610
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0e1f57d75854220c:host:172.234.197.23:host:177.10.236.146	SESSION-0e1f57d75854220c → host:172.234.197.23 → host:177.10.236.146
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c874ff4a201372ef:flow:6da1329b00da	SESSION-c874ff4a201372ef → flow:6da1329b00da
FLOW_DST_PORTOBS	e:fp:flow:bea8c9a6d915:port:tcp:443	flow:bea8c9a6d915 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74f51cf412342155:host:172.234.197.23	SESSION-74f51cf412342155 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-01ac49b549a49417:host:131.196.28.50	SESSION-01ac49b549a49417 → host:131.196.28.50
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a720c7dde0362052:SESSION-a720c7dde0362052	SESSION-a720c7dde0362052 → pe:tls:SESSION-a720c7dde0362052
flow_observed5-aryOBS	e:fo:flow:674ef1c9281e	flow:674ef1c9281e → host:37.221.79.111 → host:172.234.197.23 → port:tcp:80 → svc:http
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.27.162.26:geo_60.17190_24.93470	host:37.27.162.26 → geo_60.17190_24.93470
FLOW_FROM_HOSTOBS	e:from:SESSION-47ed57a240abf6fc:host:172.234.197.23	SESSION-47ed57a240abf6fc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-47f0fc6e11d78716:SESSION-47f0fc6e11d78716	SESSION-47f0fc6e11d78716 → pe:syn:SESSION-47f0fc6e11d78716
FLOW_DST_PORTOBS	e:fp:flow:05d2df524e4e:port:tcp:443	flow:05d2df524e4e → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2958e311eaa51e83:host:177.10.233.97:host:172.234.197.23	SESSION-2958e311eaa51e83 → host:177.10.233.97 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e12e5221262ce88f:host:2.57.122.192	SESSION-e12e5221262ce88f → host:2.57.122.192
flow_observed5-aryOBS	e:fo:flow:708852c2e77b	flow:708852c2e77b → host:177.10.236.86 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-e09f613cd450ebc9:host:131.196.30.74	SESSION-e09f613cd450ebc9 → host:131.196.30.74
FLOW_TO_HOSTOBS	e:to:SESSION-b30f6f845792a67e:host:172.234.197.23	SESSION-b30f6f845792a67e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e28b3ef52579af3b:host:177.10.232.155	SESSION-e28b3ef52579af3b → host:177.10.232.155
FLOW_DST_PORTOBS	e:fp:flow:b4923f25a42e:port:tcp:43708	flow:b4923f25a42e → port:tcp:43708
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a40236c67828800b:flow:4c23aa66defb	SESSION-a40236c67828800b → flow:4c23aa66defb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f320997aa88d5819:host:45.173.156.153	SESSION-f320997aa88d5819 → host:45.173.156.153
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e4f9227bbb6fbbfc:SESSION-e4f9227bbb6fbbfc	SESSION-e4f9227bbb6fbbfc → pe:tls:SESSION-e4f9227bbb6fbbfc
FLOW_FROM_HOSTOBS	e:from:SESSION-c47e89745eb205fd:host:172.234.197.23	SESSION-c47e89745eb205fd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1053aee7675dcd07:SESSION-1053aee7675dcd07	SESSION-1053aee7675dcd07 → pe:syn:SESSION-1053aee7675dcd07
FLOW_FROM_HOSTOBS	e:from:SESSION-dd4c16dfff279521:host:177.10.239.105	SESSION-dd4c16dfff279521 → host:177.10.239.105
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24e3c3c409f2ba92:host:172.234.197.23	SESSION-24e3c3c409f2ba92 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2dec3faf198ca60:host:172.234.197.23	SESSION-b2dec3faf198ca60 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-dda196b654200873:host:172.234.197.23	SESSION-dda196b654200873 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.79:asn:271410	host:131.196.31.79 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-35910be85c736a39:host:177.10.235.11:host:172.234.197.23	SESSION-35910be85c736a39 → host:177.10.235.11 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a60c132d3a0c7657:flow:846c12dfcaad	SESSION-a60c132d3a0c7657 → flow:846c12dfcaad
FLOW_DST_PORTOBS	e:fp:flow:a66f17d65208:port:tcp:443	flow:a66f17d65208 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:26daf91e1f0d	flow:26daf91e1f0d → host:177.10.235.175 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d8922fd6595a71f:host:177.10.238.42	SESSION-5d8922fd6595a71f → host:177.10.238.42
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.171:asn:262880	host:177.10.234.171 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6af89b3798eaaf52:host:172.234.197.23:host:131.196.31.196	SESSION-6af89b3798eaaf52 → host:172.234.197.23 → host:131.196.31.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fad613e75ea639b5:host:177.10.233.64	SESSION-fad613e75ea639b5 → host:177.10.233.64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e2ace7c21b4da04:host:177.10.239.75	SESSION-1e2ace7c21b4da04 → host:177.10.239.75
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-18e7a18371a0d1bf:host:131.196.29.196	SESSION-18e7a18371a0d1bf → host:131.196.29.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f4f2e64710996bb:host:177.10.233.134	SESSION-3f4f2e64710996bb → host:177.10.233.134
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.191:asn:271410	host:131.196.30.191 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:9b70d955992c:port:tcp:443	flow:9b70d955992c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6d547ed30afcbb9f:SESSION-6d547ed30afcbb9f	SESSION-6d547ed30afcbb9f → pe:syn:SESSION-6d547ed30afcbb9f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-17e71ce1458770d6:SESSION-17e71ce1458770d6	SESSION-17e71ce1458770d6 → pe:tls:SESSION-17e71ce1458770d6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1bf280e9db7bb994:flow:8ccd28938912	SESSION-1bf280e9db7bb994 → flow:8ccd28938912
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8dbd1afb05a3a814:SESSION-8dbd1afb05a3a814	SESSION-8dbd1afb05a3a814 → pe:tls:SESSION-8dbd1afb05a3a814
FLOW_FROM_HOSTOBS	e:from:SESSION-4c1ac661b3c1fca0:host:177.10.237.220	SESSION-4c1ac661b3c1fca0 → host:177.10.237.220
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-455353f546d0ad3e:host:177.10.234.250	SESSION-455353f546d0ad3e → host:177.10.234.250
FLOW_TO_HOSTOBS	e:to:SESSION-befc987f4c77d80c:host:172.234.197.23	SESSION-befc987f4c77d80c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9a236c6c04af1f19:host:172.234.197.23	SESSION-9a236c6c04af1f19 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ca55f398b8ed07e1:host:172.234.197.23	SESSION-ca55f398b8ed07e1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ed34bf9fded9d68:host:172.234.197.23	SESSION-5ed34bf9fded9d68 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf36cee0aa989ce3:SESSION-bf36cee0aa989ce3	SESSION-bf36cee0aa989ce3 → pe:tls:SESSION-bf36cee0aa989ce3
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.158:asn:203771	host:92.112.71.158 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:4362813c4376:port:tcp:443	flow:4362813c4376 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a1d91047073c4c2:SESSION-4a1d91047073c4c2	SESSION-4a1d91047073c4c2 → pe:tls:SESSION-4a1d91047073c4c2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-31f4941ab57ed47b:flow:59b0b56c7328	SESSION-31f4941ab57ed47b → flow:59b0b56c7328
flow_observed5-aryOBS	e:fo:flow:472c7e82ce31	flow:472c7e82ce31 → host:177.10.232.142 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4dc0a9d4d6e7897:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d4dc0a9d4d6e7897 → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.70:geo_-16.28860_-49.01640	host:177.10.233.70 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-650fd2b828a7b477:host:172.234.197.23:host:131.196.30.143	SESSION-650fd2b828a7b477 → host:172.234.197.23 → host:131.196.30.143
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3efb69df0be27ca4:SESSION-3efb69df0be27ca4	SESSION-3efb69df0be27ca4 → pe:tls:SESSION-3efb69df0be27ca4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8417b06622c43718:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8417b06622c43718 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7301756ca24c49ab:flow:e61430efc09a	SESSION-7301756ca24c49ab → flow:e61430efc09a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.227:geo_-21.10010_-41.69200	host:45.173.156.227 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a24676d50b48eccf:SESSION-a24676d50b48eccf	SESSION-a24676d50b48eccf → pe:syn:SESSION-a24676d50b48eccf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65274afd8d8bc249:flow:a414d91a7218	SESSION-65274afd8d8bc249 → flow:a414d91a7218
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.94:geo_-16.28860_-49.01640	host:177.10.238.94 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.54:asn:271410	host:131.196.29.54 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7a65c242582e5e81:SESSION-7a65c242582e5e81	SESSION-7a65c242582e5e81 → pe:syn:SESSION-7a65c242582e5e81
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.178:geo_19.07480_72.88560	host:45.145.152.178 → geo_19.07480_72.88560
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37c1a586e90e7a3b:flow:07b0ac783a43	SESSION-37c1a586e90e7a3b → flow:07b0ac783a43
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97a6ca320e2242f6:host:177.10.237.152	SESSION-97a6ca320e2242f6 → host:177.10.237.152
FLOW_DST_PORTOBS	e:fp:flow:f1b671a57bb4:port:tcp:443	flow:f1b671a57bb4 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:1542bd3463f5:port:tcp:42842	flow:1542bd3463f5 → port:tcp:42842
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0482212efb1d2581:SESSION-0482212efb1d2581	SESSION-0482212efb1d2581 → pe:syn:SESSION-0482212efb1d2581
FLOW_TO_HOSTOBS	e:to:SESSION-89fe4f171fdbfa97:host:172.234.197.23	SESSION-89fe4f171fdbfa97 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e6238265b6cc9ea0:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e6238265b6cc9ea0 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:0203a7b3c078	flow:0203a7b3c078 → host:172.234.197.23 → host:177.10.238.82 → port:tcp:50844
FLOW_TO_HOSTOBS	e:to:SESSION-eaf7cd3e5a2b7709:host:172.234.197.23	SESSION-eaf7cd3e5a2b7709 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-6bd47d8fd21ead6d:SESSION-6bd47d8fd21ead6d	SESSION-6bd47d8fd21ead6d → pe:rst:SESSION-6bd47d8fd21ead6d
flow_observed5-aryOBS	e:fo:flow:85b91edb54d3	flow:85b91edb54d3 → host:177.10.239.31 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-380f5751cd3ba7da:SESSION-380f5751cd3ba7da	SESSION-380f5751cd3ba7da → pe:tls:SESSION-380f5751cd3ba7da
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5cb36fee7e75b97b:flow:7bd8690a791a	SESSION-5cb36fee7e75b97b → flow:7bd8690a791a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d24a424002821105:PCAP:capture_20260430150001:ded20914761d	SESSION-d24a424002821105 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-e9e5b45e575f3797:host:172.234.197.23	SESSION-e9e5b45e575f3797 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c42148660ed1:port:tcp:443	flow:c42148660ed1 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d87ad0ffb58b923c:flow:dc540a8f719c	SESSION-d87ad0ffb58b923c → flow:dc540a8f719c
flow_observed5-aryOBS	e:fo:flow:510e35c8d36e	flow:510e35c8d36e → host:45.173.156.229 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d7baf95bca9d9bdc:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d7baf95bca9d9bdc → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-60dab6a51248be22:SESSION-60dab6a51248be22	SESSION-60dab6a51248be22 → pe:syn:SESSION-60dab6a51248be22
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.138:geo_-16.28860_-49.01640	host:177.10.238.138 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bfa1612081e2aa61:host:16.147.218.115:host:172.234.197.23	SESSION-bfa1612081e2aa61 → host:16.147.218.115 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0c7d8b58da7be6c5:SESSION-0c7d8b58da7be6c5	SESSION-0c7d8b58da7be6c5 → pe:syn:SESSION-0c7d8b58da7be6c5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1acc74ca4adb622d:SESSION-1acc74ca4adb622d	SESSION-1acc74ca4adb622d → pe:tls:SESSION-1acc74ca4adb622d
flow_observed5-aryOBS	e:fo:flow:20ec45634b2c	flow:20ec45634b2c → host:177.10.235.97 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95229bbdec6f8a74:host:177.10.233.6	SESSION-95229bbdec6f8a74 → host:177.10.233.6
FLOW_FROM_HOSTOBS	e:from:SESSION-15d25700bea96717:host:177.10.239.28	SESSION-15d25700bea96717 → host:177.10.239.28
FLOW_FROM_HOSTOBS	e:from:SESSION-a5004eb3121e0f98:host:172.234.197.23	SESSION-a5004eb3121e0f98 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-69c66b3db447dca1:flow:a73aa5e01c5f	SESSION-69c66b3db447dca1 → flow:a73aa5e01c5f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-89883827e26a2cf6:SESSION-89883827e26a2cf6	SESSION-89883827e26a2cf6 → pe:syn:SESSION-89883827e26a2cf6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fecc6fa34e31300b:SESSION-fecc6fa34e31300b	SESSION-fecc6fa34e31300b → pe:syn:SESSION-fecc6fa34e31300b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5bf52bbf16270a2a:host:104.28.202.77:host:172.234.197.23	SESSION-5bf52bbf16270a2a → host:104.28.202.77 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e812ffe43c670dc:host:131.196.29.191:host:172.234.197.23	SESSION-7e812ffe43c670dc → host:131.196.29.191 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db907559277cbdbb:PCAP:capture_20260430090001:065659c7d314	SESSION-db907559277cbdbb → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-367825c4b1c7c6d4:host:172.234.197.23	SESSION-367825c4b1c7c6d4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0dbdaab1cb35f54:SESSION-c0dbdaab1cb35f54	SESSION-c0dbdaab1cb35f54 → pe:syn:SESSION-c0dbdaab1cb35f54
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-364411d92a5a41bf:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-364411d92a5a41bf → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:ffcefb7270a1	flow:ffcefb7270a1 → host:131.196.28.12 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-26f197960c59c7f7:flow:2d6a9bd007ca	SESSION-26f197960c59c7f7 → flow:2d6a9bd007ca
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.15:geo_19.07480_72.88560	host:45.145.152.15 → geo_19.07480_72.88560
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-083cc9a3854de3cd:PCAP:capture_20260430160001:9bfa4498506a	SESSION-083cc9a3854de3cd → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.32:geo_-21.10010_-41.69200	host:45.173.156.32 → geo_-21.10010_-41.69200
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.19:geo_-16.28860_-49.01640	host:177.10.233.19 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d6eb1289c3370840:SESSION-d6eb1289c3370840	SESSION-d6eb1289c3370840 → pe:syn:SESSION-d6eb1289c3370840
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-19ae824852752386:SESSION-19ae824852752386	SESSION-19ae824852752386 → pe:syn:SESSION-19ae824852752386
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9f05806c7fdedb94:flow:c411afbea564	SESSION-9f05806c7fdedb94 → flow:c411afbea564
FLOW_DST_PORTOBS	e:fp:flow:bd3840ea5a34:port:tcp:443	flow:bd3840ea5a34 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49c1d2d9ba1746da:host:177.10.238.140	SESSION-49c1d2d9ba1746da → host:177.10.238.140
FLOW_DST_PORTOBS	e:fp:flow:6fa2b6fe9053:port:tcp:443	flow:6fa2b6fe9053 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.50:asn:271410	host:131.196.30.50 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-461eadc2db19418d:SESSION-461eadc2db19418d	SESSION-461eadc2db19418d → pe:tls:SESSION-461eadc2db19418d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0786c46a404d7589:flow:ccb027c8d2a2	SESSION-0786c46a404d7589 → flow:ccb027c8d2a2
FLOW_TO_HOSTOBS	e:to:SESSION-b42fc656319c5bfc:host:172.234.197.23	SESSION-b42fc656319c5bfc → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.117:geo_-16.28860_-49.01640	host:177.10.237.117 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-48cf6591de1d67a3:host:177.10.239.24:host:172.234.197.23	SESSION-48cf6591de1d67a3 → host:177.10.239.24 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a6b62b6aad076f58:SESSION-a6b62b6aad076f58	SESSION-a6b62b6aad076f58 → pe:syn:SESSION-a6b62b6aad076f58
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.242:geo_-16.28860_-49.01640	host:177.10.239.242 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-cff1d643020db9d5:host:131.196.31.132	SESSION-cff1d643020db9d5 → host:131.196.31.132
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f0dd74fd8f314e65:host:45.173.156.55:host:172.234.197.23	SESSION-f0dd74fd8f314e65 → host:45.173.156.55 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-848626bce2ee7b76:host:177.10.232.1	SESSION-848626bce2ee7b76 → host:177.10.232.1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7ccf0be9923f197d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7ccf0be9923f197d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-cb7dd74b64c1f7c7:host:131.196.30.114	SESSION-cb7dd74b64c1f7c7 → host:131.196.30.114
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54da05b162213325:host:177.10.238.30	SESSION-54da05b162213325 → host:177.10.238.30
FLOW_DST_PORTOBS	e:fp:flow:9a053f79f2d6:port:tcp:443	flow:9a053f79f2d6 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:0bf2deeeb39a:port:tcp:443	flow:0bf2deeeb39a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67ec60ac13d58093:host:172.234.197.23	SESSION-67ec60ac13d58093 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-28106317c083449d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-28106317c083449d → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:13693a6fdfdc:port:tcp:443	flow:13693a6fdfdc → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a7aa94b5f9268de0:flow:d02dda6f047e	SESSION-a7aa94b5f9268de0 → flow:d02dda6f047e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0ba40ec67b0f6097:host:177.10.234.32:host:172.234.197.23	SESSION-0ba40ec67b0f6097 → host:177.10.234.32 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cfe71d52ef2e928b:host:177.10.236.70	SESSION-cfe71d52ef2e928b → host:177.10.236.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-520789f72dcf866a:SESSION-520789f72dcf866a	SESSION-520789f72dcf866a → pe:syn:SESSION-520789f72dcf866a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-222c821677f323de:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-222c821677f323de → PCAP:capture_20260430140001:aaa9b3fc898b
ASN_IN_ORGOBS 80%	e:ao:asn:210924:org:ssd networks limited	asn:210924 → org:ssd networks limited
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b73c5a859c05f554:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-b73c5a859c05f554 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9c4a3ef3072acfd2:host:177.10.234.199:host:172.234.197.23	SESSION-9c4a3ef3072acfd2 → host:177.10.234.199 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d27008d937f2d8be:host:172.234.197.23	SESSION-d27008d937f2d8be → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.31:asn:262880	host:177.10.238.31 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5a08fe68832616d:host:172.234.197.23	SESSION-f5a08fe68832616d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:878c61c0dd91:port:tcp:56012	flow:878c61c0dd91 → port:tcp:56012
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.198:geo_-16.28860_-49.01640	host:177.10.232.198 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-11142ad74b2052de:host:177.10.232.134	SESSION-11142ad74b2052de → host:177.10.232.134
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.255:geo_-23.62930_-46.63510	host:131.196.30.255 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e696cf5f8f6db7e6:PCAP:capture_20260430090001:065659c7d314	SESSION-e696cf5f8f6db7e6 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fc18a12b15fb2c84:SESSION-fc18a12b15fb2c84	SESSION-fc18a12b15fb2c84 → pe:syn:SESSION-fc18a12b15fb2c84
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7034c460bd0f5720:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7034c460bd0f5720 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.63:asn:262880	host:177.10.232.63 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-de195b26c1af220a:SESSION-de195b26c1af220a	SESSION-de195b26c1af220a → pe:tls:SESSION-de195b26c1af220a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a29c9496c44f9fe8:host:177.10.235.6	SESSION-a29c9496c44f9fe8 → host:177.10.235.6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99af0da0e550d67b:host:131.196.31.18	SESSION-99af0da0e550d67b → host:131.196.31.18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1a52ffd6f24f0f87:SESSION-1a52ffd6f24f0f87	SESSION-1a52ffd6f24f0f87 → pe:tls:SESSION-1a52ffd6f24f0f87
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-08b637759d13ec04:PCAP:capture_20260430150001:ded20914761d	SESSION-08b637759d13ec04 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ab8147bbacef01b:flow:3abeeb1965d0	SESSION-5ab8147bbacef01b → flow:3abeeb1965d0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d9260442e0efbdc6:PCAP:capture_20260430060001:919b39a74464	SESSION-d9260442e0efbdc6 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-afb2aada9aae789c:host:172.234.197.23	SESSION-afb2aada9aae789c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:618c010170a5	flow:618c010170a5 → host:177.10.238.231 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cd801ce1250407dd:SESSION-cd801ce1250407dd	SESSION-cd801ce1250407dd → pe:syn:SESSION-cd801ce1250407dd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4ef734d9bbeb2d12:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-4ef734d9bbeb2d12 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d8c774bbe3f97971:SESSION-d8c774bbe3f97971	SESSION-d8c774bbe3f97971 → pe:syn:SESSION-d8c774bbe3f97971
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.30:asn:262880	host:177.10.238.30 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-946275ea323f6900:host:131.196.29.123:host:172.234.197.23	SESSION-946275ea323f6900 → host:131.196.29.123 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:9f6b4e85da26	flow:9f6b4e85da26 → host:172.234.197.23 → host:177.10.234.250 → port:tcp:4584
FLOW_DST_PORTOBS	e:fp:flow:7f79dab0f087:port:tcp:443	flow:7f79dab0f087 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1cbcb5d52df9d7c9:host:131.196.30.124	SESSION-1cbcb5d52df9d7c9 → host:131.196.30.124
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e6f3d2670453324e:SESSION-e6f3d2670453324e	SESSION-e6f3d2670453324e → pe:tls:SESSION-e6f3d2670453324e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51257a0fcd8d6a04:host:131.196.28.240	SESSION-51257a0fcd8d6a04 → host:131.196.28.240
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.143:geo_-16.28860_-49.01640	host:177.10.237.143 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1bd78fd10af70dea:host:131.196.29.25	SESSION-1bd78fd10af70dea → host:131.196.29.25
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c3b9d914716975ab:host:177.10.239.58:host:172.234.197.23	SESSION-c3b9d914716975ab → host:177.10.239.58 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:88a9c99b3785	flow:88a9c99b3785 → host:172.234.197.23 → host:177.10.238.94 → port:tcp:33932
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2aa7e55175462248:host:177.10.234.250	SESSION-2aa7e55175462248 → host:177.10.234.250
flow_observed5-aryOBS	e:fo:flow:ed68676a7b84	flow:ed68676a7b84 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-36a0a9e003021f23:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-36a0a9e003021f23 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9716031ec5470ef:host:131.196.30.212	SESSION-c9716031ec5470ef → host:131.196.30.212
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e50b84c66ab32ef:flow:a124566784d7	SESSION-7e50b84c66ab32ef → flow:a124566784d7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-76cec71360f7a00a:host:172.234.197.23:host:177.10.235.55	SESSION-76cec71360f7a00a → host:172.234.197.23 → host:177.10.235.55
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3f077149cc71812a:flow:0a1e22c3bd61	SESSION-3f077149cc71812a → flow:0a1e22c3bd61
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98e2e9e1db14446c:host:177.10.235.169	SESSION-98e2e9e1db14446c → host:177.10.235.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc2833e8abe7ed0a:host:177.10.235.40	SESSION-cc2833e8abe7ed0a → host:177.10.235.40
FLOW_FROM_HOSTOBS	e:from:SESSION-87843d3af97b013e:host:177.10.232.55	SESSION-87843d3af97b013e → host:177.10.232.55
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d446777121d9b1f8:host:172.234.197.23	SESSION-d446777121d9b1f8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-708abc4c81aa7c60:host:172.234.197.23	SESSION-708abc4c81aa7c60 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9f10142199cea9c:host:172.234.197.23	SESSION-b9f10142199cea9c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b947f5515d64f3f8:host:177.10.239.139	SESSION-b947f5515d64f3f8 → host:177.10.239.139
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.152:asn:262880	host:177.10.232.152 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-90d4f232d3edc1de:SESSION-90d4f232d3edc1de	SESSION-90d4f232d3edc1de → pe:syn:SESSION-90d4f232d3edc1de
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6457b3248e0b30fe:host:177.10.232.167	SESSION-6457b3248e0b30fe → host:177.10.232.167
FLOW_DST_PORTOBS	e:fp:flow:9400ae221d41:port:tcp:54938	flow:9400ae221d41 → port:tcp:54938
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b670e7c5e0a8e3a1:host:45.173.156.201	SESSION-b670e7c5e0a8e3a1 → host:45.173.156.201
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-179845184e318961:flow:f84489ae8c75	SESSION-179845184e318961 → flow:f84489ae8c75
FLOW_TLS_SNIOBS	e:fs:flow:3e863a59aa1c:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:3e863a59aa1c → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-9166f313177f7326:host:45.173.156.179	SESSION-9166f313177f7326 → host:45.173.156.179
FLOW_FROM_HOSTOBS	e:from:SESSION-8a9273620e0aaedc:host:172.234.197.23	SESSION-8a9273620e0aaedc → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.215:asn:203771	host:95.170.25.215 → asn:203771
flow_observed5-aryOBS	e:fo:flow:7003bc151096	flow:7003bc151096 → host:131.196.30.15 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2dbb52de45813c9a:SESSION-2dbb52de45813c9a	SESSION-2dbb52de45813c9a → pe:tls:SESSION-2dbb52de45813c9a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e9e9835a2b91f231:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e9e9835a2b91f231 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad4be2ec0ec8e7ca:host:131.196.30.161	SESSION-ad4be2ec0ec8e7ca → host:131.196.30.161
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3ca442589a0a5e5d:PCAP:capture_20260430110001:43611bdf6759	SESSION-3ca442589a0a5e5d → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17e71ce1458770d6:host:172.234.197.23	SESSION-17e71ce1458770d6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8dc28b29833676bc:host:172.234.197.23	SESSION-8dc28b29833676bc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4e548e1862e666d4:host:177.10.236.240	SESSION-4e548e1862e666d4 → host:177.10.236.240
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-557aaca226ee6bf8:flow:29ca525d09fc	SESSION-557aaca226ee6bf8 → flow:29ca525d09fc
FLOW_TO_HOSTOBS	e:to:SESSION-66a529d98727e997:host:172.234.197.23	SESSION-66a529d98727e997 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1a82d55b52198391:SESSION-1a82d55b52198391	SESSION-1a82d55b52198391 → pe:syn:SESSION-1a82d55b52198391
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9eb3af12cfff0086:flow:b577caf03caf	SESSION-9eb3af12cfff0086 → flow:b577caf03caf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.31:asn:262880	host:177.10.237.31 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.16:geo_-16.28860_-49.01640	host:177.10.234.16 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:29182df01ffc	flow:29182df01ffc → host:172.234.197.23 → host:131.196.31.21 → port:tcp:4270
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6dc77b6505beb2bc:SESSION-6dc77b6505beb2bc	SESSION-6dc77b6505beb2bc → pe:tls:SESSION-6dc77b6505beb2bc
FLOW_FROM_HOSTOBS	e:from:SESSION-fa08911a1f564da4:host:45.145.152.204	SESSION-fa08911a1f564da4 → host:45.145.152.204
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ff2c95cfb4d3a4dd:PCAP:capture_20260430070001:903a0e7a436b	SESSION-ff2c95cfb4d3a4dd → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c31bc4788e97db71:SESSION-c31bc4788e97db71	SESSION-c31bc4788e97db71 → pe:tls:SESSION-c31bc4788e97db71
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.20:asn:262880	host:177.10.232.20 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-64e6d0099998fde8:host:131.196.30.162:host:172.234.197.23	SESSION-64e6d0099998fde8 → host:131.196.30.162 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ead89ade728d357d:host:172.234.197.23	SESSION-ead89ade728d357d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-34913801790eb8e4:host:131.196.28.238:host:172.234.197.23	SESSION-34913801790eb8e4 → host:131.196.28.238 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b9bd67a188ca:port:tcp:43729	flow:b9bd67a188ca → port:tcp:43729
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3e9c01925d6f4319:SESSION-3e9c01925d6f4319	SESSION-3e9c01925d6f4319 → pe:tls:SESSION-3e9c01925d6f4319
flow_observed5-aryOBS	e:fo:flow:4ae7f98c921b	flow:4ae7f98c921b → host:177.10.239.220 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:97.139.12.85:asn:6167	host:97.139.12.85 → asn:6167
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.114:geo_-23.62930_-46.63510	host:131.196.30.114 → geo_-23.62930_-46.63510
flow_observed4-aryOBS	e:fo:flow:eec957513426	flow:eec957513426 → host:172.234.197.23 → host:177.10.238.1 → port:tcp:8043
FLOW_FROM_HOSTOBS	e:from:SESSION-62151f99a31dc755:host:172.234.197.23	SESSION-62151f99a31dc755 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d9ca387fd672ab7a:flow:83205363fad4	SESSION-d9ca387fd672ab7a → flow:83205363fad4
FLOW_FROM_HOSTOBS	e:from:SESSION-e7f9687dfabd8cdb:host:45.173.156.221	SESSION-e7f9687dfabd8cdb → host:45.173.156.221
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db187e026dbc97b6:flow:ac7ea035d8f5	SESSION-db187e026dbc97b6 → flow:ac7ea035d8f5
FLOW_TO_HOSTOBS	e:to:SESSION-c124aef8e6ea7da5:host:172.234.197.23	SESSION-c124aef8e6ea7da5 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.230:geo_-23.62930_-46.63510	host:131.196.28.230 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.42:asn:271410	host:131.196.29.42 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a4506f2fb402b7f:SESSION-0a4506f2fb402b7f	SESSION-0a4506f2fb402b7f → pe:syn:SESSION-0a4506f2fb402b7f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.255:geo_-16.28860_-49.01640	host:177.10.233.255 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0dbdaab1cb35f54:flow:36f8ae69fc1a	SESSION-c0dbdaab1cb35f54 → flow:36f8ae69fc1a
ASN_IN_ORGOBS 80%	e:ao:asn:396982:org:Google LLC	asn:396982 → org:Google LLC
FLOW_TO_HOSTOBS	e:to:SESSION-b9d6fb279031158e:host:172.234.197.23	SESSION-b9d6fb279031158e → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.137:asn:271410	host:131.196.28.137 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-98b441f54568b58c:SESSION-98b441f54568b58c	SESSION-98b441f54568b58c → pe:tls:SESSION-98b441f54568b58c
FLOW_FROM_HOSTOBS	e:from:SESSION-1b9f91f77c860b7c:host:131.196.28.151	SESSION-1b9f91f77c860b7c → host:131.196.28.151
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b3d68511ee3e6e7:host:177.10.239.136	SESSION-9b3d68511ee3e6e7 → host:177.10.239.136
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7ad60f3efcde14b7:SESSION-7ad60f3efcde14b7	SESSION-7ad60f3efcde14b7 → pe:syn:SESSION-7ad60f3efcde14b7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68a45a74f687a5a4:PCAP:capture_20260430060001:919b39a74464	SESSION-68a45a74f687a5a4 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-f0a8fa8ac12ff0c6:host:172.234.197.23	SESSION-f0a8fa8ac12ff0c6 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a32c5a0b23fc272:PCAP:capture_20260430090001:065659c7d314	SESSION-0a32c5a0b23fc272 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bfc33587dc4bfad3:host:172.234.197.23	SESSION-bfc33587dc4bfad3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8b38e5755a85588:SESSION-c8b38e5755a85588	SESSION-c8b38e5755a85588 → pe:tls:SESSION-c8b38e5755a85588
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.72:geo_-16.28860_-49.01640	host:177.10.236.72 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c98a634aa4cfbed2:SESSION-c98a634aa4cfbed2	SESSION-c98a634aa4cfbed2 → pe:syn:SESSION-c98a634aa4cfbed2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a22eb4c95bd17b8:host:172.234.197.23	SESSION-7a22eb4c95bd17b8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f52ba8ec3146:port:tcp:43442	flow:f52ba8ec3146 → port:tcp:43442
FLOW_FROM_HOSTOBS	e:from:SESSION-74d0e7e40a4e478e:host:177.10.236.184	SESSION-74d0e7e40a4e478e → host:177.10.236.184
FLOW_TO_HOSTOBS	e:to:SESSION-8ffb0d51cd8f7dd7:host:172.234.197.23	SESSION-8ffb0d51cd8f7dd7 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.64:asn:262880	host:177.10.234.64 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-111e536a3f33c549:SESSION-111e536a3f33c549	SESSION-111e536a3f33c549 → pe:tls:SESSION-111e536a3f33c549
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-76d607ccf9e84136:host:177.10.234.6:host:172.234.197.23	SESSION-76d607ccf9e84136 → host:177.10.234.6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5eb90d6efcf2	flow:5eb90d6efcf2 → host:131.196.30.138 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ae99c26bd6d2dd56:host:131.196.28.237:host:172.234.197.23	SESSION-ae99c26bd6d2dd56 → host:131.196.28.237 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:c559408cb1c8	flow:c559408cb1c8 → host:172.234.197.23 → host:177.10.236.117 → port:tcp:59182
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8c54e8a5253d053d:PCAP:capture_20260430110001:43611bdf6759	SESSION-8c54e8a5253d053d → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-367a6218c741fe93:host:172.234.197.23	SESSION-367a6218c741fe93 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc41b76983738bc7:host:177.10.233.171:host:172.234.197.23	SESSION-cc41b76983738bc7 → host:177.10.233.171 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-925ab2a859ac277f:flow:bdeee83a5aec	SESSION-925ab2a859ac277f → flow:bdeee83a5aec
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9c825a37bb7881b6:SESSION-9c825a37bb7881b6	SESSION-9c825a37bb7881b6 → pe:syn:SESSION-9c825a37bb7881b6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.142:geo_-16.28860_-49.01640	host:177.10.234.142 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7ad62492e870e2b:host:177.10.232.61	SESSION-e7ad62492e870e2b → host:177.10.232.61
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.146:geo_-16.28860_-49.01640	host:177.10.234.146 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:89.58.44.225:geo_49.44230_11.01910	host:89.58.44.225 → geo_49.44230_11.01910
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-038099de878067a0:host:131.196.29.247:host:172.234.197.23	SESSION-038099de878067a0 → host:131.196.29.247 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1704308eae32:port:tcp:28719	flow:1704308eae32 → port:tcp:28719
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3e5ef5a453dff40:host:172.234.197.23	SESSION-f3e5ef5a453dff40 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c430ce1d88348c67:host:177.10.238.183	SESSION-c430ce1d88348c67 → host:177.10.238.183
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5e9dc14d87b5185c:SESSION-5e9dc14d87b5185c	SESSION-5e9dc14d87b5185c → pe:tls:SESSION-5e9dc14d87b5185c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-15d25700bea96717:host:177.10.239.28:host:172.234.197.23	SESSION-15d25700bea96717 → host:177.10.239.28 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9c1dd216af28	flow:9c1dd216af28 → host:177.10.239.199 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-09cf18cd582e793d:flow:1ac7571021c2	SESSION-09cf18cd582e793d → flow:1ac7571021c2
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-7205a781bd8c8542:BSG-BEACON-0731e82139b7	SESSION-7205a781bd8c8542 → BSG-BEACON-0731e82139b7
flow_observed5-aryOBS	e:fo:flow:fcae7621099f	flow:fcae7621099f → host:177.10.237.160 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-22bb8f06cde321ca:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-22bb8f06cde321ca → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a519ad2ae4c53179:SESSION-a519ad2ae4c53179	SESSION-a519ad2ae4c53179 → pe:syn:SESSION-a519ad2ae4c53179
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a846b5687af75eeb:SESSION-a846b5687af75eeb	SESSION-a846b5687af75eeb → pe:tls:SESSION-a846b5687af75eeb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96c13a83414ab25f:flow:398ded72c92f	SESSION-96c13a83414ab25f → flow:398ded72c92f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bded37485db78f4a:SESSION-bded37485db78f4a	SESSION-bded37485db78f4a → pe:syn:SESSION-bded37485db78f4a
flow_observed4-aryOBS	e:fo:flow:989a9fc1eb99	flow:989a9fc1eb99 → host:172.234.197.23 → host:177.10.235.169 → port:tcp:3292
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-47ed57a240abf6fc:SESSION-47ed57a240abf6fc	SESSION-47ed57a240abf6fc → pe:tls:SESSION-47ed57a240abf6fc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-29e21c95f9df9427:SESSION-29e21c95f9df9427	SESSION-29e21c95f9df9427 → pe:syn:SESSION-29e21c95f9df9427
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2bcd65d8e62fc5a1:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2bcd65d8e62fc5a1 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a390ade8fe745ada:host:172.234.197.23	SESSION-a390ade8fe745ada → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fc2888c0eb9bd2ad:flow:cc4fbcad423d	SESSION-fc2888c0eb9bd2ad → flow:cc4fbcad423d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fa41b89da3fc0a6:host:172.234.197.23	SESSION-3fa41b89da3fc0a6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d4862cddc1ddaa50:host:172.234.197.23	SESSION-d4862cddc1ddaa50 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-783928d3af0eed6e:flow:bcda614bbb3a	SESSION-783928d3af0eed6e → flow:bcda614bbb3a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1f299703bc1b4ff9:flow:538ae4f9affa	SESSION-1f299703bc1b4ff9 → flow:538ae4f9affa
FLOW_TO_HOSTOBS	e:to:SESSION-20552151cee2e1af:host:172.234.197.23	SESSION-20552151cee2e1af → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87edcc7df5436fbe:host:131.196.29.14	SESSION-87edcc7df5436fbe → host:131.196.29.14
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0c01d0fd13ba220b:flow:fc2a4174f5ea	SESSION-0c01d0fd13ba220b → flow:fc2a4174f5ea
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc0003e096ddb203:PCAP:capture_20260430150001:ded20914761d	SESSION-cc0003e096ddb203 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9b373f59ff0198ea:flow:265e1d074941	SESSION-9b373f59ff0198ea → flow:265e1d074941
FLOW_DST_PORTOBS	e:fp:flow:dcd71f326a6e:port:tcp:443	flow:dcd71f326a6e → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0709d76f76f731c:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c0709d76f76f731c → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-88d03f5c2bc073a8:host:177.10.232.205	SESSION-88d03f5c2bc073a8 → host:177.10.232.205
FLOW_TO_HOSTOBS	e:to:SESSION-8e2a1b696130dd57:host:177.10.235.241	SESSION-8e2a1b696130dd57 → host:177.10.235.241
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2887c6ee2de14ac9:host:131.196.29.175:host:172.234.197.23	SESSION-2887c6ee2de14ac9 → host:131.196.29.175 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-18af1f65a173a9cf:host:80.94.92.186	SESSION-18af1f65a173a9cf → host:80.94.92.186
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.26:asn:262880	host:177.10.235.26 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-89c3cc1547edab47:host:172.234.197.23:host:172.232.0.16	SESSION-89c3cc1547edab47 → host:172.234.197.23 → host:172.232.0.16
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.52:geo_-16.28860_-49.01640	host:177.10.232.52 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:996fce1dce71	flow:996fce1dce71 → host:177.10.233.116 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b0fec424d0db7c3:host:45.173.156.57	SESSION-7b0fec424d0db7c3 → host:45.173.156.57
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.220:asn:271410	host:131.196.30.220 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-04c23b7b96a70798:host:172.234.197.23	SESSION-04c23b7b96a70798 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-44bc098e411317a4:flow:443f40d82641	SESSION-44bc098e411317a4 → flow:443f40d82641
FLOW_FROM_HOSTOBS	e:from:SESSION-afd30c72829a35a2:host:131.196.28.157	SESSION-afd30c72829a35a2 → host:131.196.28.157
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4ce32efb58e1da83:host:177.10.232.226:host:172.234.197.23	SESSION-4ce32efb58e1da83 → host:177.10.232.226 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b66b69fe93183378:host:172.234.197.23	SESSION-b66b69fe93183378 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0c01d0fd13ba220b:SESSION-0c01d0fd13ba220b	SESSION-0c01d0fd13ba220b → pe:syn:SESSION-0c01d0fd13ba220b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.107:asn:262880	host:177.10.234.107 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95e8a61a9d5e6397:host:177.10.235.166	SESSION-95e8a61a9d5e6397 → host:177.10.235.166
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3bc35cbabc9b015e:PCAP:capture_20260430150001:ded20914761d	SESSION-3bc35cbabc9b015e → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-647d0fec9adf08f1:host:172.234.197.23	SESSION-647d0fec9adf08f1 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:42631cfe8686	flow:42631cfe8686 → host:172.234.197.23 → host:80.94.92.182
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a810a8703b9c77f1:host:131.196.30.254	SESSION-a810a8703b9c77f1 → host:131.196.30.254
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f21759fa00584782:PCAP:capture_20260430110001:43611bdf6759	SESSION-f21759fa00584782 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:2250f63b7582:port:tcp:13345	flow:2250f63b7582 → port:tcp:13345
FLOW_DST_PORTOBS	e:fp:flow:5837ce3a8058:port:tcp:34845	flow:5837ce3a8058 → port:tcp:34845
flow_observed4-aryOBS	e:fo:flow:2ef52da787e3	flow:2ef52da787e3 → host:5.182.209.49 → host:172.234.197.23 → port:tcp:23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-971b25349fba9c5b:SESSION-971b25349fba9c5b	SESSION-971b25349fba9c5b → pe:tls:SESSION-971b25349fba9c5b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.166:geo_-16.28860_-49.01640	host:177.10.233.166 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-5cf2fdb6c848ac6c:host:172.234.197.23	SESSION-5cf2fdb6c848ac6c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1191e0b24f1d121:host:92.112.71.250	SESSION-d1191e0b24f1d121 → host:92.112.71.250
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.60:asn:271410	host:131.196.29.60 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c05cd50533aa04ad:host:172.234.197.23	SESSION-c05cd50533aa04ad → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bac5dc0e18d2349f:SESSION-bac5dc0e18d2349f	SESSION-bac5dc0e18d2349f → pe:tls:SESSION-bac5dc0e18d2349f
flow_observed4-aryOBS	e:fo:flow:c4e5113b28fd	flow:c4e5113b28fd → host:172.234.197.23 → host:131.196.30.62 → port:tcp:56197
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-aec4f33b062c0e6b:SESSION-aec4f33b062c0e6b	SESSION-aec4f33b062c0e6b → pe:rst:SESSION-aec4f33b062c0e6b
flow_observed5-aryOBS	e:fo:flow:2c77f1210f93	flow:2c77f1210f93 → host:131.196.31.239 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-91c3828e0c41fbe7:SESSION-91c3828e0c41fbe7	SESSION-91c3828e0c41fbe7 → pe:tls:SESSION-91c3828e0c41fbe7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d4673fb47ee0c5a9:SESSION-d4673fb47ee0c5a9	SESSION-d4673fb47ee0c5a9 → pe:tls:SESSION-d4673fb47ee0c5a9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1fc6dd1896fecefa:SESSION-1fc6dd1896fecefa	SESSION-1fc6dd1896fecefa → pe:tls:SESSION-1fc6dd1896fecefa
flow_observed5-aryOBS	e:fo:flow:87e1e650d9d0	flow:87e1e650d9d0 → host:177.10.232.82 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e10e261831a1079d:host:172.234.197.23:host:177.10.236.186	SESSION-e10e261831a1079d → host:172.234.197.23 → host:177.10.236.186
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-41eaa3dd80eab155:SESSION-41eaa3dd80eab155	SESSION-41eaa3dd80eab155 → pe:tls:SESSION-41eaa3dd80eab155
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-28d0a7763ce2861c:PCAP:capture_20260430110001:43611bdf6759	SESSION-28d0a7763ce2861c → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0ce4fb974af5131d:host:172.234.197.23:host:177.10.237.55	SESSION-0ce4fb974af5131d → host:172.234.197.23 → host:177.10.237.55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d957287df88430bb:SESSION-d957287df88430bb	SESSION-d957287df88430bb → pe:tls:SESSION-d957287df88430bb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b31cf1240fb1e101:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b31cf1240fb1e101 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-cb0638f1774736d1:host:177.10.236.120	SESSION-cb0638f1774736d1 → host:177.10.236.120
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.147:geo_-16.28860_-49.01640	host:177.10.233.147 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a3bb54d95c2cdaff:SESSION-a3bb54d95c2cdaff	SESSION-a3bb54d95c2cdaff → pe:tls:SESSION-a3bb54d95c2cdaff
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-118e26ad77e50cb0:SESSION-118e26ad77e50cb0	SESSION-118e26ad77e50cb0 → pe:tls:SESSION-118e26ad77e50cb0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-47ed07d15aa63df9:SESSION-47ed07d15aa63df9	SESSION-47ed07d15aa63df9 → pe:tls:SESSION-47ed07d15aa63df9
flow_observed4-aryOBS	e:fo:flow:fb1eaf6b08b3	flow:fb1eaf6b08b3 → host:172.234.197.23 → host:131.196.29.157 → port:tcp:14374
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5a75b8c86281e6b7:flow:05d0d63bce37	SESSION-5a75b8c86281e6b7 → flow:05d0d63bce37
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-500747aefaa736d2:host:172.234.197.23:host:177.10.238.177	SESSION-500747aefaa736d2 → host:172.234.197.23 → host:177.10.238.177
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-82fb3096076edb8c:host:172.234.197.23	SESSION-82fb3096076edb8c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-73eae13080f416f8:host:131.196.30.97:host:172.234.197.23	SESSION-73eae13080f416f8 → host:131.196.30.97 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:162abe85c66f:port:tcp:443	flow:162abe85c66f → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:8aa8cac023d8:port:udp:53	flow:8aa8cac023d8 → port:udp:53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2a19838102931ca6:SESSION-2a19838102931ca6	SESSION-2a19838102931ca6 → pe:syn:SESSION-2a19838102931ca6
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-24f08652bbd6b16b:BSG-DATA_EXFIL-d10015628cdd	SESSION-24f08652bbd6b16b → BSG-DATA_EXFIL-d10015628cdd
flow_observed5-aryOBS	e:fo:flow:5c52d18525d9	flow:5c52d18525d9 → host:45.173.156.124 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:b41193c920cf	flow:b41193c920cf → host:131.196.30.72 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1462f3fe112e9d96:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1462f3fe112e9d96 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-b51b74891d2de4c5:host:172.234.197.23	SESSION-b51b74891d2de4c5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c35942669d0b12c8:host:95.56.227.200	SESSION-c35942669d0b12c8 → host:95.56.227.200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68a3da1f806283eb:flow:27138d8d3319	SESSION-68a3da1f806283eb → flow:27138d8d3319
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ef7241157e60b5c0:PCAP:capture_20260428010001:b1b402c7b202	SESSION-ef7241157e60b5c0 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3185739188bf8a1e:host:131.196.30.11	SESSION-3185739188bf8a1e → host:131.196.30.11
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.212:geo_-16.28860_-49.01640	host:177.10.234.212 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b7d005fcddd05eb:flow:3afe34ad79e5	SESSION-5b7d005fcddd05eb → flow:3afe34ad79e5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ed5513c22512ddd:SESSION-2ed5513c22512ddd	SESSION-2ed5513c22512ddd → pe:syn:SESSION-2ed5513c22512ddd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34efc230578c0ec6:host:172.234.197.23	SESSION-34efc230578c0ec6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6da1329b00da:port:tcp:443	flow:6da1329b00da → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b7ec051587501bc:host:172.234.197.23	SESSION-5b7ec051587501bc → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:daaebd94ce82:port:tcp:80	flow:daaebd94ce82 → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe2a9708180e5d71:host:172.234.197.23	SESSION-fe2a9708180e5d71 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6965561db8b52827:host:172.234.197.23	SESSION-6965561db8b52827 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a103d39af7264a48:host:45.173.156.67	SESSION-a103d39af7264a48 → host:45.173.156.67
FLOW_FROM_HOSTOBS	e:from:SESSION-c4be6b5471ca196a:host:172.234.197.23	SESSION-c4be6b5471ca196a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2f2dfbe9df7c080:host:131.196.30.237	SESSION-e2f2dfbe9df7c080 → host:131.196.30.237
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-adc05f42cd7b2533:PCAP:capture_20260430110001:43611bdf6759	SESSION-adc05f42cd7b2533 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a19951f5f7590fa9:host:172.234.197.23	SESSION-a19951f5f7590fa9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc2833e8abe7ed0a:host:177.10.235.40:host:172.234.197.23	SESSION-cc2833e8abe7ed0a → host:177.10.235.40 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b47539014cc5976c:host:44.243.2.252:host:172.234.197.23	SESSION-b47539014cc5976c → host:44.243.2.252 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ce9bea4cad9ad3a3:host:51.224.135.22	SESSION-ce9bea4cad9ad3a3 → host:51.224.135.22
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.31:asn:273470	host:45.173.156.31 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-675cba805cfc6bb8:host:172.234.197.23:host:177.10.232.208	SESSION-675cba805cfc6bb8 → host:172.234.197.23 → host:177.10.232.208
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb77a42bb02f4581:PCAP:capture_20260430150001:ded20914761d	SESSION-cb77a42bb02f4581 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-fbcca05a1b3df0cf:host:131.196.29.170	SESSION-fbcca05a1b3df0cf → host:131.196.29.170
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.41:asn:262880	host:177.10.236.41 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d7cf6e510c352d8:host:172.234.197.23	SESSION-8d7cf6e510c352d8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:378598e76593:port:tcp:32238	flow:378598e76593 → port:tcp:32238
FLOW_FROM_HOSTOBS	e:from:SESSION-c74fe87f9177e103:host:172.234.197.23	SESSION-c74fe87f9177e103 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d2ea88f589d3294:host:177.10.236.248:host:172.234.197.23	SESSION-1d2ea88f589d3294 → host:177.10.236.248 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5080263f1b2fd5b9:host:45.173.156.111:host:172.234.197.23	SESSION-5080263f1b2fd5b9 → host:45.173.156.111 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5fcf38b0a54673cb:host:172.234.197.23	SESSION-5fcf38b0a54673cb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3f48cf8f11b8f73e:host:177.10.239.247	SESSION-3f48cf8f11b8f73e → host:177.10.239.247
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e488bd001486e0ee:flow:1bdfdcdcdcb1	SESSION-e488bd001486e0ee → flow:1bdfdcdcdcb1
flow_observed5-aryOBS	e:fo:flow:41766cff5d7c	flow:41766cff5d7c → host:131.196.29.144 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8f41d49423a0699:SESSION-c8f41d49423a0699	SESSION-c8f41d49423a0699 → pe:syn:SESSION-c8f41d49423a0699
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b869f0759406bd5:host:131.196.31.246	SESSION-4b869f0759406bd5 → host:131.196.31.246
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.94.180.11:geo_41.65790_-0.87770	host:51.94.180.11 → geo_41.65790_-0.87770
FLOW_FROM_HOSTOBS	e:from:SESSION-37bca0dc2914cafb:host:172.234.197.23	SESSION-37bca0dc2914cafb → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-99a4fe376d3938fb:host:131.196.31.226:host:172.234.197.23	SESSION-99a4fe376d3938fb → host:131.196.31.226 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75bc03759038657d:host:172.234.197.23	SESSION-75bc03759038657d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:73d3c2e14895	flow:73d3c2e14895 → host:177.10.238.152 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8f5e9ebe80065c9c:host:177.10.236.206:host:172.234.197.23	SESSION-8f5e9ebe80065c9c → host:177.10.236.206 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2f9ea4c8ad78eb8e:host:177.10.236.73	SESSION-2f9ea4c8ad78eb8e → host:177.10.236.73
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9501d29cea91bd7b:host:45.173.156.9:host:172.234.197.23	SESSION-9501d29cea91bd7b → host:45.173.156.9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cf1b38a91c361f4b:host:177.10.235.64	SESSION-cf1b38a91c361f4b → host:177.10.235.64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9c08b167ed56233b:SESSION-9c08b167ed56233b	SESSION-9c08b167ed56233b → pe:syn:SESSION-9c08b167ed56233b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-35dc83e37639d031:SESSION-35dc83e37639d031	SESSION-35dc83e37639d031 → pe:tls:SESSION-35dc83e37639d031
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.46:geo_-16.28860_-49.01640	host:177.10.238.46 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-06294e5a27c1af9a:host:177.10.238.180	SESSION-06294e5a27c1af9a → host:177.10.238.180
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23c159d0ddd6e1cb:host:172.93.100.236	SESSION-23c159d0ddd6e1cb → host:172.93.100.236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d6d47e7b31036f28:SESSION-d6d47e7b31036f28	SESSION-d6d47e7b31036f28 → pe:tls:SESSION-d6d47e7b31036f28
flow_observed4-aryOBS	e:fo:flow:e44cc1cbe9f3	flow:e44cc1cbe9f3 → host:172.234.197.23 → host:131.196.29.140 → port:tcp:24635
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.13:geo_-16.28860_-49.01640	host:177.10.236.13 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f6ab7360966186b9:host:177.10.237.35	SESSION-f6ab7360966186b9 → host:177.10.237.35
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6535f7c42f72cb7f:host:172.234.197.23	SESSION-6535f7c42f72cb7f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4e7af3e500f20cf8:host:172.234.197.23	SESSION-4e7af3e500f20cf8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:aefa52022610	flow:aefa52022610 → host:131.196.28.234 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7c35a263dbc41a3d:PCAP:capture_20260428010001:b1b402c7b202	SESSION-7c35a263dbc41a3d → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-91e694161f32570f:SESSION-91e694161f32570f	SESSION-91e694161f32570f → pe:syn:SESSION-91e694161f32570f
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.109:asn:262880	host:177.10.238.109 → asn:262880
flow_observed5-aryOBS	e:fo:flow:6ee3ad6330b5	flow:6ee3ad6330b5 → host:131.196.30.68 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-da14e430733ddeb2:host:177.10.238.76	SESSION-da14e430733ddeb2 → host:177.10.238.76
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40497d6996ef2088:host:172.234.197.23	SESSION-40497d6996ef2088 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d846bfa2b8f8474d:SESSION-d846bfa2b8f8474d	SESSION-d846bfa2b8f8474d → pe:syn:SESSION-d846bfa2b8f8474d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4c0e63fa095433d2:flow:4e9fd19f4a04	SESSION-4c0e63fa095433d2 → flow:4e9fd19f4a04
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b3a25d201ec7d699:SESSION-b3a25d201ec7d699	SESSION-b3a25d201ec7d699 → pe:syn:SESSION-b3a25d201ec7d699
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d407d786bd09817:host:177.10.236.176	SESSION-2d407d786bd09817 → host:177.10.236.176
FLOW_TO_HOSTOBS	e:to:SESSION-92922842b80104c6:host:172.234.197.23	SESSION-92922842b80104c6 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.244:asn:262880	host:177.10.237.244 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:210.156.0.132:asn:4718	host:210.156.0.132 → asn:4718
FLOW_DST_PORTOBS	e:fp:flow:adce45c519b3:port:tcp:443	flow:adce45c519b3 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-065b3042ded53057:host:177.10.232.247	SESSION-065b3042ded53057 → host:177.10.232.247
FLOW_TO_HOSTOBS	e:to:SESSION-a34bb428906fa48c:host:172.234.197.23	SESSION-a34bb428906fa48c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f65d16e06243eafc:host:131.196.28.0	SESSION-f65d16e06243eafc → host:131.196.28.0
FLOW_FROM_HOSTOBS	e:from:SESSION-37451ceb7f45e2a3:host:69.222.187.134	SESSION-37451ceb7f45e2a3 → host:69.222.187.134
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c2cb78a800ce3917:SESSION-c2cb78a800ce3917	SESSION-c2cb78a800ce3917 → pe:syn:SESSION-c2cb78a800ce3917
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-de01d31bf4634055:host:172.234.197.23:host:177.10.232.222	SESSION-de01d31bf4634055 → host:172.234.197.23 → host:177.10.232.222
flow_observed5-aryOBS	e:fo:flow:52d84ef17d07	flow:52d84ef17d07 → host:177.10.234.130 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:d74671e865ef	flow:d74671e865ef → host:172.234.197.23 → host:177.10.239.210 → port:tcp:40440
FLOW_FROM_HOSTOBS	e:from:SESSION-83ce9ba3d421fc3f:host:172.234.197.23	SESSION-83ce9ba3d421fc3f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-378aa47dbf901697:host:177.10.232.245	SESSION-378aa47dbf901697 → host:177.10.232.245
flow_observed4-aryOBS	e:fo:flow:34b053eab7a8	flow:34b053eab7a8 → host:172.234.197.23 → host:131.196.31.57 → port:tcp:32511
FLOW_FROM_HOSTOBS	e:from:SESSION-94dde62df04dcb4a:host:172.234.197.23	SESSION-94dde62df04dcb4a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1355eedcc36803bb:host:172.234.197.23:host:45.173.156.188	SESSION-1355eedcc36803bb → host:172.234.197.23 → host:45.173.156.188
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-8ec199f8b9a6f389:SESSION-8ec199f8b9a6f389	SESSION-8ec199f8b9a6f389 → pe:rst:SESSION-8ec199f8b9a6f389
flow_observed5-aryOBS	e:fo:flow:3284f4e4ac94	flow:3284f4e4ac94 → host:199.16.157.182 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.129:geo_-16.28860_-49.01640	host:177.10.232.129 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:b5363f57bd19:port:tcp:443	flow:b5363f57bd19 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.57:geo_-16.28860_-49.01640	host:177.10.234.57 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-55d7f3379dec0798:SESSION-55d7f3379dec0798	SESSION-55d7f3379dec0798 → pe:syn:SESSION-55d7f3379dec0798
flow_observed3-aryOBS	e:fo:flow:a0d8dd44cd02	flow:a0d8dd44cd02 → host:56.112.16.196 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-858e7fe3651dc7b6:host:172.234.197.23	SESSION-858e7fe3651dc7b6 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-912ea161e3e6ffdc:flow:4006f2fdc1f3	SESSION-912ea161e3e6ffdc → flow:4006f2fdc1f3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-379e8704803db8ae:flow:4bfb1fbb46ab	SESSION-379e8704803db8ae → flow:4bfb1fbb46ab
FLOW_DST_PORTOBS	e:fp:flow:0cc88f51dcfd:port:tcp:29322	flow:0cc88f51dcfd → port:tcp:29322
FLOW_TO_HOSTOBS	e:to:SESSION-925ab2a859ac277f:host:172.234.197.23	SESSION-925ab2a859ac277f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eead59d5c9e2a3d1:SESSION-eead59d5c9e2a3d1	SESSION-eead59d5c9e2a3d1 → pe:syn:SESSION-eead59d5c9e2a3d1
FLOW_QUERIED_DNSOBS	e:fd:flow:a36e5f4c9cca:dns:172-234-197-23.ip.linodeusercontent.com	flow:a36e5f4c9cca → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1433a266c3f7170c:SESSION-1433a266c3f7170c	SESSION-1433a266c3f7170c → pe:tls:SESSION-1433a266c3f7170c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0482212efb1d2581:flow:4467f1177f09	SESSION-0482212efb1d2581 → flow:4467f1177f09
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.212:geo_-16.28860_-49.01640	host:177.10.237.212 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-95229bbdec6f8a74:host:177.10.233.6	SESSION-95229bbdec6f8a74 → host:177.10.233.6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.54:geo_-16.28860_-49.01640	host:177.10.238.54 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.145:geo_-16.28860_-49.01640	host:177.10.234.145 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6c92176ee8d876ba:SESSION-6c92176ee8d876ba	SESSION-6c92176ee8d876ba → pe:syn:SESSION-6c92176ee8d876ba
FLOW_DST_PORTOBS	e:fp:flow:affc50b0b638:port:tcp:443	flow:affc50b0b638 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-38a64ba294c5f79f:flow:a0d8dd44cd02	SESSION-38a64ba294c5f79f → flow:a0d8dd44cd02
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.213:geo_-16.28860_-49.01640	host:177.10.232.213 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d5969e9f81f277f3:flow:b45cce3384ef	SESSION-d5969e9f81f277f3 → flow:b45cce3384ef
flow_observed5-aryOBS	e:fo:flow:d224f76574e0	flow:d224f76574e0 → host:177.10.236.70 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.53:asn:262880	host:177.10.237.53 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9ada05a103ba2b64:SESSION-9ada05a103ba2b64	SESSION-9ada05a103ba2b64 → pe:syn:SESSION-9ada05a103ba2b64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3831f1a5ed6fd2c0:host:131.196.28.143	SESSION-3831f1a5ed6fd2c0 → host:131.196.28.143
FLOW_DST_PORTOBS	e:fp:flow:1d331255738c:port:tcp:6949	flow:1d331255738c → port:tcp:6949
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c84f2bc6bdec600e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c84f2bc6bdec600e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-08463d47d249df1d:host:172.234.197.23	SESSION-08463d47d249df1d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20b9f3feffcc2290:host:131.196.31.194	SESSION-20b9f3feffcc2290 → host:131.196.31.194
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ceaacc21db1a34ae:host:172.234.197.23:host:177.10.237.71	SESSION-ceaacc21db1a34ae → host:172.234.197.23 → host:177.10.237.71
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-23c159d0ddd6e1cb:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-23c159d0ddd6e1cb → PCAP:capture_20260427220001:43a3d6220bc6
FLOW_FROM_HOSTOBS	e:from:SESSION-05b6ffb2a7e9e145:host:177.10.235.131	SESSION-05b6ffb2a7e9e145 → host:177.10.235.131
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-912f333ca4ce75c1:host:177.10.238.35	SESSION-912f333ca4ce75c1 → host:177.10.238.35
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.136:asn:262880	host:177.10.239.136 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c49f5291ee3911b4:SESSION-c49f5291ee3911b4	SESSION-c49f5291ee3911b4 → pe:tls:SESSION-c49f5291ee3911b4
FLOW_DST_PORTOBS	e:fp:flow:a70d55aee4fd:port:tcp:443	flow:a70d55aee4fd → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2b68ed671c67acfd:SESSION-2b68ed671c67acfd	SESSION-2b68ed671c67acfd → pe:syn:SESSION-2b68ed671c67acfd
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-35910be85c736a39:flow:2e31b6b97fde	SESSION-35910be85c736a39 → flow:2e31b6b97fde
FLOW_FROM_HOSTOBS	e:from:SESSION-a38bfeac3fad0550:host:172.234.197.23	SESSION-a38bfeac3fad0550 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8fb4f1df9684ff2:host:131.196.28.59	SESSION-b8fb4f1df9684ff2 → host:131.196.28.59
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-31f4941ab57ed47b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-31f4941ab57ed47b → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-d5cd00671f435cc6:host:177.10.233.254	SESSION-d5cd00671f435cc6 → host:177.10.233.254
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4f30e546741e354a:SESSION-4f30e546741e354a	SESSION-4f30e546741e354a → pe:syn:SESSION-4f30e546741e354a
FLOW_DST_PORTOBS	e:fp:flow:392578212bd8:port:tcp:443	flow:392578212bd8 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-204050056bc27f05:SESSION-204050056bc27f05	SESSION-204050056bc27f05 → pe:syn:SESSION-204050056bc27f05
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e3ae4e48a37cfd6:host:131.196.31.183	SESSION-8e3ae4e48a37cfd6 → host:131.196.31.183
FLOW_TO_HOSTOBS	e:to:SESSION-531f1f169db2954c:host:172.234.197.23	SESSION-531f1f169db2954c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-122a5b909d033cbb:SESSION-122a5b909d033cbb	SESSION-122a5b909d033cbb → pe:syn:SESSION-122a5b909d033cbb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6a66cf91ad155464:host:45.173.156.49:host:172.234.197.23	SESSION-6a66cf91ad155464 → host:45.173.156.49 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:31cbf3dba87c:port:tcp:443	flow:31cbf3dba87c → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-e3db8610837fd0b8:host:177.10.238.211	SESSION-e3db8610837fd0b8 → host:177.10.238.211
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f77535316d56a4c:host:56.155.73.64	SESSION-7f77535316d56a4c → host:56.155.73.64
FLOW_FROM_HOSTOBS	e:from:SESSION-0046a1ddb04bc0f7:host:131.196.28.217	SESSION-0046a1ddb04bc0f7 → host:131.196.28.217
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.173:geo_-16.28860_-49.01640	host:177.10.236.173 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:9b441099c4bf	flow:9b441099c4bf → host:131.196.30.160 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-6c4ed0368ffe58f8:host:177.10.239.164	SESSION-6c4ed0368ffe58f8 → host:177.10.239.164
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a5a0c98ce5f67db5:flow:a17718402a27	SESSION-a5a0c98ce5f67db5 → flow:a17718402a27
FLOW_DST_PORTOBS	e:fp:flow:5bf9d9774457:port:tcp:443	flow:5bf9d9774457 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-779d668625040802:host:177.10.232.133	SESSION-779d668625040802 → host:177.10.232.133
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.138:geo_-16.28860_-49.01640	host:177.10.233.138 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-db3c6ad3393f14ad:host:172.234.197.23	SESSION-db3c6ad3393f14ad → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf679119291e5246:PCAP:capture_20260430060001:919b39a74464	SESSION-bf679119291e5246 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c49f5291ee3911b4:SESSION-c49f5291ee3911b4	SESSION-c49f5291ee3911b4 → pe:syn:SESSION-c49f5291ee3911b4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a22fc187bcc4d705:SESSION-a22fc187bcc4d705	SESSION-a22fc187bcc4d705 → pe:tls:SESSION-a22fc187bcc4d705
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.232:geo_-16.28860_-49.01640	host:177.10.232.232 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:ff9febee1674:port:tcp:443	flow:ff9febee1674 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6511e777b0d792c1:flow:d9a7a81e01f7	SESSION-6511e777b0d792c1 → flow:d9a7a81e01f7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8b38e5755a85588:host:177.10.237.108:host:172.234.197.23	SESSION-c8b38e5755a85588 → host:177.10.237.108 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-57ceaaaea8de5082:SESSION-57ceaaaea8de5082	SESSION-57ceaaaea8de5082 → pe:tls:SESSION-57ceaaaea8de5082
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bc6a5831c46f644f:flow:507197005ee2	SESSION-bc6a5831c46f644f → flow:507197005ee2
FLOW_TO_HOSTOBS	e:to:SESSION-4e79bdabe92472fb:host:172.234.197.23	SESSION-4e79bdabe92472fb → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:da8162c3336a:port:tcp:443	flow:da8162c3336a → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-110ce59a2a29ac0c:BSG-DATA_EXFIL-438cd0947988	SESSION-110ce59a2a29ac0c → BSG-DATA_EXFIL-438cd0947988
FLOW_DST_PORTOBS	e:fp:flow:6052a0ac6134:port:tcp:443	flow:6052a0ac6134 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-0ce4fb974af5131d:host:172.234.197.23	SESSION-0ce4fb974af5131d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:53c66bd2b455:port:tcp:443	flow:53c66bd2b455 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:20044e4ee2fa:port:tcp:27326	flow:20044e4ee2fa → port:tcp:27326
FLOW_TO_HOSTOBS	e:to:SESSION-d0d83e3d3d1fc018:host:131.196.30.158	SESSION-d0d83e3d3d1fc018 → host:131.196.30.158
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2875d034c942a134:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2875d034c942a134 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-c8631759e2d7ec30:host:177.10.233.185	SESSION-c8631759e2d7ec30 → host:177.10.233.185
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-86951cb3218963fd:host:177.10.235.126:host:172.234.197.23	SESSION-86951cb3218963fd → host:177.10.235.126 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b91cc7f2039924f2:host:131.196.29.248:host:172.234.197.23	SESSION-b91cc7f2039924f2 → host:131.196.29.248 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-140ad048b49f1a57:host:131.196.31.73	SESSION-140ad048b49f1a57 → host:131.196.31.73
flow_observed5-aryOBS	e:fo:flow:47787a78b223	flow:47787a78b223 → host:177.10.232.204 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-2a9f928f7ece6fbf:host:177.10.237.198	SESSION-2a9f928f7ece6fbf → host:177.10.237.198
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6e5392ca321cb1ed:SESSION-6e5392ca321cb1ed	SESSION-6e5392ca321cb1ed → pe:syn:SESSION-6e5392ca321cb1ed
FLOW_TO_HOSTOBS	e:to:SESSION-5b045e9fec039082:host:172.234.197.23	SESSION-5b045e9fec039082 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f5c9b4c9e225ad1d:flow:f8d302369066	SESSION-f5c9b4c9e225ad1d → flow:f8d302369066
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1f6bbc079dc776bc:SESSION-1f6bbc079dc776bc	SESSION-1f6bbc079dc776bc → pe:syn:SESSION-1f6bbc079dc776bc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bb4f425427d3bee:host:177.10.239.192	SESSION-4bb4f425427d3bee → host:177.10.239.192
FLOW_DST_PORTOBS	e:fp:flow:8c301b45be25:port:tcp:63086	flow:8c301b45be25 → port:tcp:63086
FLOW_FROM_HOSTOBS	e:from:SESSION-a3414b775ddfde4b:host:177.10.238.194	SESSION-a3414b775ddfde4b → host:177.10.238.194
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cddd8421db4c97d9:SESSION-cddd8421db4c97d9	SESSION-cddd8421db4c97d9 → pe:tls:SESSION-cddd8421db4c97d9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-97231868d06ff2ed:flow:79b777e6f63d	SESSION-97231868d06ff2ed → flow:79b777e6f63d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e2b1b7c009dcf05e:SESSION-e2b1b7c009dcf05e	SESSION-e2b1b7c009dcf05e → pe:tls:SESSION-e2b1b7c009dcf05e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e45220a51eb759d9:SESSION-e45220a51eb759d9	SESSION-e45220a51eb759d9 → pe:tls:SESSION-e45220a51eb759d9
flow_observed5-aryOBS	e:fo:flow:9f556dacd920	flow:9f556dacd920 → host:177.10.239.76 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-fa49f714001a7a70:host:172.234.197.23	SESSION-fa49f714001a7a70 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b699e12e3fdc2278:host:172.234.197.23	SESSION-b699e12e3fdc2278 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a074f157090defb0:host:172.234.197.23	SESSION-a074f157090defb0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9f86f8fda089:port:tcp:443	flow:9f86f8fda089 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-a1241ed8a2f02aa7:host:177.10.233.90	SESSION-a1241ed8a2f02aa7 → host:177.10.233.90
FLOW_TO_HOSTOBS	e:to:SESSION-33fdede36596a62f:host:172.234.197.23	SESSION-33fdede36596a62f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-65274afd8d8bc249:host:172.234.197.23	SESSION-65274afd8d8bc249 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58eea5e67f2190af:host:172.234.197.23	SESSION-58eea5e67f2190af → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7c9cadb68fe1ad17:SESSION-7c9cadb68fe1ad17	SESSION-7c9cadb68fe1ad17 → pe:syn:SESSION-7c9cadb68fe1ad17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-61838f073a9a90b1:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-61838f073a9a90b1 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:15fff6f0df71:port:tcp:443	flow:15fff6f0df71 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-775ba1157917a355:SESSION-775ba1157917a355	SESSION-775ba1157917a355 → pe:tls:SESSION-775ba1157917a355
FLOW_DST_PORTOBS	e:fp:flow:2fe6f9cc04fc:port:tcp:443	flow:2fe6f9cc04fc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dde31743640b587a:SESSION-dde31743640b587a	SESSION-dde31743640b587a → pe:tls:SESSION-dde31743640b587a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2be203d892e5c4c6:SESSION-2be203d892e5c4c6	SESSION-2be203d892e5c4c6 → pe:tls:SESSION-2be203d892e5c4c6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8feeff9d44d6e844:host:172.234.197.23	SESSION-8feeff9d44d6e844 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1355eedcc36803bb:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-1355eedcc36803bb → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dd4c16dfff279521:SESSION-dd4c16dfff279521	SESSION-dd4c16dfff279521 → pe:syn:SESSION-dd4c16dfff279521
flow_observed5-aryOBS	e:fo:flow:6a5ee69048ca	flow:6a5ee69048ca → host:177.10.234.36 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-55794f9e7b1a9e7f:flow:a70d55aee4fd	SESSION-55794f9e7b1a9e7f → flow:a70d55aee4fd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40a7926fcdf458e7:host:172.234.197.23	SESSION-40a7926fcdf458e7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-aaa8cebb6aaa8760:host:177.10.237.27	SESSION-aaa8cebb6aaa8760 → host:177.10.237.27
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef90c0e24c7a1c11:host:177.10.233.118	SESSION-ef90c0e24c7a1c11 → host:177.10.233.118
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c876d9731eec34af:host:172.234.197.23	SESSION-c876d9731eec34af → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-193ccf82e1088d1d:SESSION-193ccf82e1088d1d	SESSION-193ccf82e1088d1d → pe:syn:SESSION-193ccf82e1088d1d
FLOW_TO_HOSTOBS	e:to:SESSION-4f6d18082a7e4dce:host:177.10.234.19	SESSION-4f6d18082a7e4dce → host:177.10.234.19
FLOW_TO_HOSTOBS	e:to:SESSION-f9e3e5dcd2ccb687:host:131.196.31.27	SESSION-f9e3e5dcd2ccb687 → host:131.196.31.27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4c0e63fa095433d2:SESSION-4c0e63fa095433d2	SESSION-4c0e63fa095433d2 → pe:tls:SESSION-4c0e63fa095433d2
FLOW_TO_HOSTOBS	e:to:SESSION-35834184401bcda8:host:172.234.197.23	SESSION-35834184401bcda8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54127ab649dd8e15:host:51.91.243.64	SESSION-54127ab649dd8e15 → host:51.91.243.64
FLOW_FROM_HOSTOBS	e:from:SESSION-8a604218ad277317:host:131.196.29.114	SESSION-8a604218ad277317 → host:131.196.29.114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fbcca05a1b3df0cf:SESSION-fbcca05a1b3df0cf	SESSION-fbcca05a1b3df0cf → pe:tls:SESSION-fbcca05a1b3df0cf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b875e262090a3924:flow:bb9ff70d845a	SESSION-b875e262090a3924 → flow:bb9ff70d845a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b2e6696cab81646:host:172.234.197.23:host:177.10.237.95	SESSION-5b2e6696cab81646 → host:172.234.197.23 → host:177.10.237.95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-33db7a85fa9e759a:SESSION-33db7a85fa9e759a	SESSION-33db7a85fa9e759a → pe:syn:SESSION-33db7a85fa9e759a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a4ffce8b6e53dd75:PCAP:capture_20260430110001:43611bdf6759	SESSION-a4ffce8b6e53dd75 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-83dd76c193cbd2e0:SESSION-83dd76c193cbd2e0	SESSION-83dd76c193cbd2e0 → pe:tls:SESSION-83dd76c193cbd2e0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85f4ab9e3ed21fa2:host:172.234.197.23	SESSION-85f4ab9e3ed21fa2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9c58d6336bd500b5:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9c58d6336bd500b5 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66c6d225095e379c:host:131.196.28.18	SESSION-66c6d225095e379c → host:131.196.28.18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-19ae824852752386:SESSION-19ae824852752386	SESSION-19ae824852752386 → pe:tls:SESSION-19ae824852752386
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.172:geo_-16.28860_-49.01640	host:177.10.238.172 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c7f3c61dd4869fc:host:131.196.31.195	SESSION-5c7f3c61dd4869fc → host:131.196.31.195
FLOW_FROM_HOSTOBS	e:from:SESSION-f19ceabce4d2fbb5:host:177.10.239.53	SESSION-f19ceabce4d2fbb5 → host:177.10.239.53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9d74d897cd43b428:host:172.234.197.23:host:131.196.30.146	SESSION-9d74d897cd43b428 → host:172.234.197.23 → host:131.196.30.146
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b34520b38e3fc963:host:177.10.235.151	SESSION-b34520b38e3fc963 → host:177.10.235.151
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a9e0f3ba046c015f:flow:7672d031626b	SESSION-a9e0f3ba046c015f → flow:7672d031626b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0796a13a25fe417a:SESSION-0796a13a25fe417a	SESSION-0796a13a25fe417a → pe:tls:SESSION-0796a13a25fe417a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-72cd504b232e316e:SESSION-72cd504b232e316e	SESSION-72cd504b232e316e → pe:tls:SESSION-72cd504b232e316e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0b2d512f3efc35f9:host:177.10.232.168:host:172.234.197.23	SESSION-0b2d512f3efc35f9 → host:177.10.232.168 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db638e9136fa3895:PCAP:capture_20260430090001:065659c7d314	SESSION-db638e9136fa3895 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8362a96ce0b7626:host:172.234.197.23	SESSION-f8362a96ce0b7626 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d85be3a5c3c244d6:flow:bd0c0f3ef9a8	SESSION-d85be3a5c3c244d6 → flow:bd0c0f3ef9a8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-803381ec4a55866c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-803381ec4a55866c → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-3bebc5cb41e4621f:host:177.10.239.91	SESSION-3bebc5cb41e4621f → host:177.10.239.91
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-53fc35cd2bdb80ce:SESSION-53fc35cd2bdb80ce	SESSION-53fc35cd2bdb80ce → pe:tls:SESSION-53fc35cd2bdb80ce
FLOW_FROM_HOSTOBS	e:from:SESSION-bf988ed4220ca0ac:host:177.10.233.42	SESSION-bf988ed4220ca0ac → host:177.10.233.42
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e217016f21152908:SESSION-e217016f21152908	SESSION-e217016f21152908 → pe:syn:SESSION-e217016f21152908
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a03e1a67bd79b062:host:131.196.29.206:host:172.234.197.23	SESSION-a03e1a67bd79b062 → host:131.196.29.206 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a38bfeac3fad0550:flow:63f5e67398bb	SESSION-a38bfeac3fad0550 → flow:63f5e67398bb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2761ffbe76598549:flow:6654f90df68f	SESSION-2761ffbe76598549 → flow:6654f90df68f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3529b49a7d38dad6:host:177.10.237.211	SESSION-3529b49a7d38dad6 → host:177.10.237.211
flow_observed4-aryOBS	e:fo:flow:299c3cef4094	flow:299c3cef4094 → host:172.234.197.23 → host:177.10.234.173 → port:tcp:44699
FLOW_TO_HOSTOBS	e:to:SESSION-f5941954cc437ab4:host:172.234.197.23	SESSION-f5941954cc437ab4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5250861d994b3dc2:host:172.234.197.23	SESSION-5250861d994b3dc2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-403d8f142c86493c:host:177.10.236.24	SESSION-403d8f142c86493c → host:177.10.236.24
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b9deb407202a7aa0:SESSION-b9deb407202a7aa0	SESSION-b9deb407202a7aa0 → pe:tls:SESSION-b9deb407202a7aa0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9c30e2da5c8abbcf:SESSION-9c30e2da5c8abbcf	SESSION-9c30e2da5c8abbcf → pe:syn:SESSION-9c30e2da5c8abbcf
FLOW_FROM_HOSTOBS	e:from:SESSION-252ece6cab0420bc:host:172.234.197.23	SESSION-252ece6cab0420bc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f228c5492216a597:host:177.10.236.120	SESSION-f228c5492216a597 → host:177.10.236.120
flow_observed5-aryOBS	e:fo:flow:bc01e2d2030c	flow:bc01e2d2030c → host:177.10.236.178 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-d6d47e7b31036f28:host:172.234.197.23	SESSION-d6d47e7b31036f28 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc2ea3f70e7bccaf:host:177.10.233.182	SESSION-bc2ea3f70e7bccaf → host:177.10.233.182
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-175dd6ba51fb3cf7:host:172.234.197.23	SESSION-175dd6ba51fb3cf7 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:443f40d82641	flow:443f40d82641 → host:172.234.197.23 → host:177.10.235.174 → port:tcp:9589
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9beff4b34540729:host:177.10.235.250	SESSION-a9beff4b34540729 → host:177.10.235.250
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6222707cbae0e281:host:37.221.79.41	SESSION-6222707cbae0e281 → host:37.221.79.41
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96f4af5cf9f3425a:SESSION-96f4af5cf9f3425a	SESSION-96f4af5cf9f3425a → pe:tls:SESSION-96f4af5cf9f3425a
FLOW_FROM_HOSTOBS	e:from:SESSION-418ea5f834fbfdc6:host:172.234.197.23	SESSION-418ea5f834fbfdc6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-47699582b69b5d99:host:172.234.197.23	SESSION-47699582b69b5d99 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e921959b541072de:host:177.10.236.176	SESSION-e921959b541072de → host:177.10.236.176
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4b7d412d830baf98:host:172.234.197.23:host:177.10.235.214	SESSION-4b7d412d830baf98 → host:172.234.197.23 → host:177.10.235.214
flow_observed5-aryOBS	e:fo:flow:dfde970711eb	flow:dfde970711eb → host:177.10.233.163 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-7a70c074fb73905e:host:131.196.30.47	SESSION-7a70c074fb73905e → host:131.196.30.47
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b420826720a06333:SESSION-b420826720a06333	SESSION-b420826720a06333 → pe:syn:SESSION-b420826720a06333
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7dc8a86be27d0230:flow:c15112a97887	SESSION-7dc8a86be27d0230 → flow:c15112a97887
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-176c7cfb0e699b4d:host:177.10.237.94	SESSION-176c7cfb0e699b4d → host:177.10.237.94
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-14a60b0039fa135f:host:172.234.197.23:host:131.196.30.104	SESSION-14a60b0039fa135f → host:172.234.197.23 → host:131.196.30.104
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-022fbc52c5dbb7ff:SESSION-022fbc52c5dbb7ff	SESSION-022fbc52c5dbb7ff → pe:syn:SESSION-022fbc52c5dbb7ff
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c84f2bc6bdec600e:SESSION-c84f2bc6bdec600e	SESSION-c84f2bc6bdec600e → pe:syn:SESSION-c84f2bc6bdec600e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85869808bb7240b3:host:172.234.197.23:host:172.232.0.17	SESSION-85869808bb7240b3 → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b223dcd1f64dfb9:host:131.196.29.235	SESSION-7b223dcd1f64dfb9 → host:131.196.29.235
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e09f613cd450ebc9:SESSION-e09f613cd450ebc9	SESSION-e09f613cd450ebc9 → pe:syn:SESSION-e09f613cd450ebc9
FLOW_TO_HOSTOBS	e:to:SESSION-b65c6ec30f2c8117:host:172.234.197.23	SESSION-b65c6ec30f2c8117 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2db29654b7388c8c:host:177.10.237.122:host:172.234.197.23	SESSION-2db29654b7388c8c → host:177.10.237.122 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b9d47d1bafad5ad0:host:172.234.197.23	SESSION-b9d47d1bafad5ad0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-998c67ab79f4e23e:PCAP:capture_20260430060001:919b39a74464	SESSION-998c67ab79f4e23e → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-94e9de291da3c2c9:SESSION-94e9de291da3c2c9	SESSION-94e9de291da3c2c9 → pe:tls:SESSION-94e9de291da3c2c9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ef002e94e1d9ac81:flow:952d15da9419	SESSION-ef002e94e1d9ac81 → flow:952d15da9419
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7b8f87145037449c:SESSION-7b8f87145037449c	SESSION-7b8f87145037449c → pe:syn:SESSION-7b8f87145037449c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-230e735532621bd7:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-230e735532621bd7 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:28c8d053b614	flow:28c8d053b614 → host:177.10.239.187 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9e13bed2218b0a9f:host:172.234.197.23:host:177.10.233.208	SESSION-9e13bed2218b0a9f → host:172.234.197.23 → host:177.10.233.208
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-312ea7073c45e21c:SESSION-312ea7073c45e21c	SESSION-312ea7073c45e21c → pe:syn:SESSION-312ea7073c45e21c
FLOW_DST_PORTOBS	e:fp:flow:548c6f416d7f:port:tcp:443	flow:548c6f416d7f → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-04c23b7b96a70798:host:177.10.236.44	SESSION-04c23b7b96a70798 → host:177.10.236.44
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.211:geo_-16.28860_-49.01640	host:177.10.232.211 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce2566c1c98d1aed:host:131.196.31.198	SESSION-ce2566c1c98d1aed → host:131.196.31.198
FLOW_TO_HOSTOBS	e:to:SESSION-7f3bd7044d582575:host:172.234.197.23	SESSION-7f3bd7044d582575 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-23dcfe77dd45a14a:SESSION-23dcfe77dd45a14a	SESSION-23dcfe77dd45a14a → pe:syn:SESSION-23dcfe77dd45a14a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-10ba6936b0af1959:SESSION-10ba6936b0af1959	SESSION-10ba6936b0af1959 → pe:tls:SESSION-10ba6936b0af1959
FLOW_DST_PORTOBS	e:fp:flow:e19d04a9f102:port:tcp:443	flow:e19d04a9f102 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:9336642b1396	flow:9336642b1396 → host:177.10.235.214 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9b0c47b1e862acc1:flow:547724b76d59	SESSION-9b0c47b1e862acc1 → flow:547724b76d59
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bcd94ff2cea5ca72:flow:94268ec9e770	SESSION-bcd94ff2cea5ca72 → flow:94268ec9e770
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-27131bb9b9feeb52:SESSION-27131bb9b9feeb52	SESSION-27131bb9b9feeb52 → pe:syn:SESSION-27131bb9b9feeb52
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b0233a0286136dd2:host:177.10.233.141:host:172.234.197.23	SESSION-b0233a0286136dd2 → host:177.10.233.141 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-341468c084cc4cf3:host:177.10.239.220	SESSION-341468c084cc4cf3 → host:177.10.239.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2966a121f8fe86e9:SESSION-2966a121f8fe86e9	SESSION-2966a121f8fe86e9 → pe:tls:SESSION-2966a121f8fe86e9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f74caf722af4b362:SESSION-f74caf722af4b362	SESSION-f74caf722af4b362 → pe:tls:SESSION-f74caf722af4b362
FLOW_FROM_HOSTOBS	e:from:SESSION-92a69e37100365d0:host:177.10.239.137	SESSION-92a69e37100365d0 → host:177.10.239.137
FLOW_DST_PORTOBS	e:fp:flow:f8953f4eec61:port:tcp:443	flow:f8953f4eec61 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d9e3720b73bcaea:host:177.10.234.70	SESSION-0d9e3720b73bcaea → host:177.10.234.70
FLOW_TO_HOSTOBS	e:to:SESSION-9ef36b158fc63267:host:177.10.234.89	SESSION-9ef36b158fc63267 → host:177.10.234.89
flow_observed4-aryOBS	e:fo:flow:4cf92a078305	flow:4cf92a078305 → host:172.234.197.23 → host:177.10.234.237 → port:tcp:60225
FLOW_TO_HOSTOBS	e:to:SESSION-4dc16adec194cf9c:host:172.234.197.23	SESSION-4dc16adec194cf9c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e7e110cd2632aa64:flow:1acbe6be377b	SESSION-e7e110cd2632aa64 → flow:1acbe6be377b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d96c6feac6dadd94:PCAP:capture_20260430110001:43611bdf6759	SESSION-d96c6feac6dadd94 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-23e0f212525e0a86:SESSION-23e0f212525e0a86	SESSION-23e0f212525e0a86 → pe:syn:SESSION-23e0f212525e0a86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5e5c0136d660133a:SESSION-5e5c0136d660133a	SESSION-5e5c0136d660133a → pe:syn:SESSION-5e5c0136d660133a
FLOW_DST_PORTOBS	e:fp:flow:0acac59bfefe:port:tcp:443	flow:0acac59bfefe → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1410d14cf4ff2548:host:177.10.233.49	SESSION-1410d14cf4ff2548 → host:177.10.233.49
flow_observed5-aryOBS	e:fo:flow:fa169d87bfaf	flow:fa169d87bfaf → host:177.10.234.208 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76b86119fe5d0a6f:host:131.196.30.167	SESSION-76b86119fe5d0a6f → host:131.196.30.167
FLOW_TLS_SNIOBS	e:fs:flow:3f51040d34d3:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:3f51040d34d3 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a9e0f3ba046c015f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a9e0f3ba046c015f → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TLS_SNIOBS	e:fs:flow:f2eba56c437c:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:f2eba56c437c → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ac3abc26fe7d2af5:SESSION-ac3abc26fe7d2af5	SESSION-ac3abc26fe7d2af5 → pe:syn:SESSION-ac3abc26fe7d2af5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.210:geo_-16.28860_-49.01640	host:177.10.239.210 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ae94ea8b15b44736:PCAP:capture_20260430110001:43611bdf6759	SESSION-ae94ea8b15b44736 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d0246a8b70a825de:SESSION-d0246a8b70a825de	SESSION-d0246a8b70a825de → pe:syn:SESSION-d0246a8b70a825de
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.152:geo_-16.28860_-49.01640	host:177.10.235.152 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6756f0bedb2cdb12:flow:13693a6fdfdc	SESSION-6756f0bedb2cdb12 → flow:13693a6fdfdc
FLOW_DST_PORTOBS	e:fp:flow:52814a3d9563:port:tcp:443	flow:52814a3d9563 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:8771a34c54d8	flow:8771a34c54d8 → host:172.234.197.23 → host:177.10.236.154 → port:tcp:28799
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4337995d605bd9f8:PCAP:capture_20260430060001:919b39a74464	SESSION-4337995d605bd9f8 → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d9466ee8fbea2465:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d9466ee8fbea2465 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-12879c55e793c987:host:177.10.236.113	SESSION-12879c55e793c987 → host:177.10.236.113
FLOW_DST_PORTOBS	e:fp:flow:854f7b803eaa:port:tcp:443	flow:854f7b803eaa → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4fb4b7758d99e149:PCAP:capture_20260430050001:8868731bf8a4	SESSION-4fb4b7758d99e149 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:e89e6db9824c	flow:e89e6db9824c → host:172.234.197.23 → host:131.196.28.129 → port:tcp:38524
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-57494845d8eca477:host:177.10.232.255:host:172.234.197.23	SESSION-57494845d8eca477 → host:177.10.232.255 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:00b03f759fbf:port:tcp:443	flow:00b03f759fbf → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-3fa41b89da3fc0a6:host:177.10.232.136	SESSION-3fa41b89da3fc0a6 → host:177.10.232.136
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-979974e101979ba8:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-979974e101979ba8 → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e0b8f15e6ec3ec0f:flow:a7d103cc9c4d	SESSION-e0b8f15e6ec3ec0f → flow:a7d103cc9c4d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5804e26655ff1a06:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5804e26655ff1a06 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.113:geo_-16.28860_-49.01640	host:177.10.238.113 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-025a43ae01804438:host:177.10.237.96	SESSION-025a43ae01804438 → host:177.10.237.96
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62d5a334e1fc9bd1:host:172.234.197.23	SESSION-62d5a334e1fc9bd1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ffc4775cc215b441:host:172.234.197.23	SESSION-ffc4775cc215b441 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-03724996262dbf01:PCAP:capture_20260430060001:919b39a74464	SESSION-03724996262dbf01 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03cee9bc49b35179:host:45.173.156.57	SESSION-03cee9bc49b35179 → host:45.173.156.57
FLOW_DST_PORTOBS	e:fp:flow:e878a7e4044c:port:tcp:27686	flow:e878a7e4044c → port:tcp:27686
FLOW_TO_HOSTOBS	e:to:SESSION-5b203844c0afbb25:host:177.10.239.201	SESSION-5b203844c0afbb25 → host:177.10.239.201
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e1d806fe7541c4b2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e1d806fe7541c4b2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c0ba3366d883914:host:172.234.197.23	SESSION-9c0ba3366d883914 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-042b5a6edf64c734:host:177.10.233.137	SESSION-042b5a6edf64c734 → host:177.10.233.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e991043fa3bca90d:SESSION-e991043fa3bca90d	SESSION-e991043fa3bca90d → pe:tls:SESSION-e991043fa3bca90d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7ac9bb77fb56e773:PCAP:capture_20260430060001:919b39a74464	SESSION-7ac9bb77fb56e773 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:56d377d36570:port:tcp:443	flow:56d377d36570 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34b8eff946ae371a:host:172.234.197.23	SESSION-34b8eff946ae371a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.245:geo_-23.62930_-46.63510	host:131.196.30.245 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-e38f46dc000b6625:host:177.10.236.235	SESSION-e38f46dc000b6625 → host:177.10.236.235
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc1c86e42be942bd:host:103.155.16.117:host:172.234.197.23	SESSION-cc1c86e42be942bd → host:103.155.16.117 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-87bc9df611d2f97d:SESSION-87bc9df611d2f97d	SESSION-87bc9df611d2f97d → pe:syn:SESSION-87bc9df611d2f97d
FLOW_TO_HOSTOBS	e:to:SESSION-a1241ed8a2f02aa7:host:172.234.197.23	SESSION-a1241ed8a2f02aa7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.151:geo_-23.62930_-46.63510	host:131.196.29.151 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:3c1aab944236:port:tcp:443	flow:3c1aab944236 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:012ae353881c	flow:012ae353881c → host:172.234.197.23 → host:177.10.236.234 → port:tcp:25271
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-46d2f77cc38b38db:SESSION-46d2f77cc38b38db	SESSION-46d2f77cc38b38db → pe:tls:SESSION-46d2f77cc38b38db
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-52ffcd7f81b035e2:flow:31327b4941f7	SESSION-52ffcd7f81b035e2 → flow:31327b4941f7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-79787964fff3a281:SESSION-79787964fff3a281	SESSION-79787964fff3a281 → pe:syn:SESSION-79787964fff3a281
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b91cc7f2039924f2:host:172.234.197.23	SESSION-b91cc7f2039924f2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bd657e34d2536dc9:flow:baf8cb1ead66	SESSION-bd657e34d2536dc9 → flow:baf8cb1ead66
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:213.209.159.159:geo_24.00000_121.00000	host:213.209.159.159 → geo_24.00000_121.00000
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a9273620e0aaedc:host:172.234.197.23	SESSION-8a9273620e0aaedc → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8943c204982c	flow:8943c204982c → host:177.10.233.145 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-70a92a3cd71eafd5:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-70a92a3cd71eafd5 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3931cb15b35f138a:host:177.10.236.178	SESSION-3931cb15b35f138a → host:177.10.236.178
FLOW_DST_PORTOBS	e:fp:flow:f305d2c5a739:port:tcp:443	flow:f305d2c5a739 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:d0124c1ae468:port:tcp:669	flow:d0124c1ae468 → port:tcp:669
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.2:asn:262880	host:177.10.234.2 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.234:asn:271410	host:131.196.29.234 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eb82ec2c88e573dc:SESSION-eb82ec2c88e573dc	SESSION-eb82ec2c88e573dc → pe:tls:SESSION-eb82ec2c88e573dc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7e52183ef313b6a:host:172.234.197.23	SESSION-e7e52183ef313b6a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f042798b154a2bb2:host:177.10.237.2	SESSION-f042798b154a2bb2 → host:177.10.237.2
FLOW_TO_HOSTOBS	e:to:SESSION-34c02a09bd1ab4d1:host:172.234.197.23	SESSION-34c02a09bd1ab4d1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9c88e1747080	flow:9c88e1747080 → host:131.196.31.71 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e1a13f968b47fc9d:SESSION-e1a13f968b47fc9d	SESSION-e1a13f968b47fc9d → pe:syn:SESSION-e1a13f968b47fc9d
FLOW_DST_PORTOBS	e:fp:flow:906538b5397b:port:tcp:8873	flow:906538b5397b → port:tcp:8873
FLOW_FROM_HOSTOBS	e:from:SESSION-d1532b7922e59746:host:172.234.197.23	SESSION-d1532b7922e59746 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab6d0c9e6f54de20:host:172.234.197.23	SESSION-ab6d0c9e6f54de20 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-42b603b0c5709a24:host:172.234.197.23	SESSION-42b603b0c5709a24 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a6a106ff5da861ac:PCAP:capture_20260430070001:903a0e7a436b	SESSION-a6a106ff5da861ac → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:e8b6d78f5f37	flow:e8b6d78f5f37 → host:177.10.234.126 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f74caf722af4b362:host:177.10.239.102:host:172.234.197.23	SESSION-f74caf722af4b362 → host:177.10.239.102 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6e612a684f25ac0f:SESSION-6e612a684f25ac0f	SESSION-6e612a684f25ac0f → pe:syn:SESSION-6e612a684f25ac0f
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.58:asn:203771	host:31.40.196.58 → asn:203771
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1e69d77cebc13bf2:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-1e69d77cebc13bf2 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eba362425495480d:flow:706071e3fd0c	SESSION-eba362425495480d → flow:706071e3fd0c
FLOW_TO_HOSTOBS	e:to:SESSION-4bcb34449111b6ae:host:172.234.197.23	SESSION-4bcb34449111b6ae → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.110:geo_-21.10010_-41.69200	host:45.173.156.110 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:4272b5576122:port:tcp:17043	flow:4272b5576122 → port:tcp:17043
flow_observed3-aryOBS	e:fo:flow:8ccd28938912	flow:8ccd28938912 → host:44.255.175.112 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3ecb9e93c79a4bef:host:172.234.197.23	SESSION-3ecb9e93c79a4bef → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-46290f7655d18c8b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-46290f7655d18c8b → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ffbb13e97116fd4:host:177.10.235.72	SESSION-6ffbb13e97116fd4 → host:177.10.235.72
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.208:asn:262880	host:177.10.234.208 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-449915b4a668f160:host:172.234.197.23	SESSION-449915b4a668f160 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e41fa1676c790d65:SESSION-e41fa1676c790d65	SESSION-e41fa1676c790d65 → pe:syn:SESSION-e41fa1676c790d65
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.54:geo_-23.62930_-46.63510	host:131.196.31.54 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c6936c129ef58e74:host:172.234.197.23	SESSION-c6936c129ef58e74 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.169:asn:262880	host:177.10.234.169 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7fad01c8dca4d847:SESSION-7fad01c8dca4d847	SESSION-7fad01c8dca4d847 → pe:tls:SESSION-7fad01c8dca4d847
FLOW_FROM_HOSTOBS	e:from:SESSION-f8491791342c7cb3:host:95.135.228.151	SESSION-f8491791342c7cb3 → host:95.135.228.151
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2fd071a3b1e728ca:host:172.234.197.23	SESSION-2fd071a3b1e728ca → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-007d1747f3bd10df:host:177.10.234.113	SESSION-007d1747f3bd10df → host:177.10.234.113
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.199:asn:262880	host:177.10.239.199 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.153:asn:273470	host:45.173.156.153 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-a88f0b19d496a689:host:131.196.30.140	SESSION-a88f0b19d496a689 → host:131.196.30.140
flow_observed5-aryOBS	e:fo:flow:73eaad2a4580	flow:73eaad2a4580 → host:131.196.28.175 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-971b25349fba9c5b:host:172.234.197.23	SESSION-971b25349fba9c5b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8df47c2606014223:host:172.234.197.23	SESSION-8df47c2606014223 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-160e5a0882acae87:host:131.196.31.187	SESSION-160e5a0882acae87 → host:131.196.31.187
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5731b0b8f40f73a:host:177.10.237.156	SESSION-f5731b0b8f40f73a → host:177.10.237.156
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5a78d91cebd5172f:host:172.234.197.23:host:131.196.30.95	SESSION-5a78d91cebd5172f → host:172.234.197.23 → host:131.196.30.95
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.41:geo_-23.62930_-46.63510	host:131.196.29.41 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-db946f3602afd068:host:177.10.237.192	SESSION-db946f3602afd068 → host:177.10.237.192
flow_observed5-aryOBS	e:fo:flow:ffef85aaa386	flow:ffef85aaa386 → host:177.10.238.15 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.115:asn:262880	host:177.10.234.115 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-3ea9485b82ac2233:host:177.10.234.144	SESSION-3ea9485b82ac2233 → host:177.10.234.144
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e0a730d87d8b98f3:SESSION-e0a730d87d8b98f3	SESSION-e0a730d87d8b98f3 → pe:syn:SESSION-e0a730d87d8b98f3
FLOW_FROM_HOSTOBS	e:from:SESSION-90426299281da133:host:177.10.233.85	SESSION-90426299281da133 → host:177.10.233.85
flow_observed5-aryOBS	e:fo:flow:9b565a4c11fe	flow:9b565a4c11fe → host:131.196.30.130 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d9f933822471a5a:host:172.234.197.23	SESSION-8d9f933822471a5a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:15ff142e4d3b:port:tcp:20458	flow:15ff142e4d3b → port:tcp:20458
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0c6cb018cbd8a763:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0c6cb018cbd8a763 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed4-aryOBS	e:fo:flow:43c901c3f5f5	flow:43c901c3f5f5 → host:172.234.197.23 → host:177.10.232.104 → port:tcp:39061
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ef3cd86b38e13880:host:172.234.197.23:host:45.173.156.14	SESSION-ef3cd86b38e13880 → host:172.234.197.23 → host:45.173.156.14
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afa0e3a30bb0024e:host:172.234.197.23	SESSION-afa0e3a30bb0024e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-da14e554ef56152a:host:177.10.235.126	SESSION-da14e554ef56152a → host:177.10.235.126
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-acada2cd7035c790:SESSION-acada2cd7035c790	SESSION-acada2cd7035c790 → pe:tls:SESSION-acada2cd7035c790
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee8a8be73e4592b1:host:45.173.156.62	SESSION-ee8a8be73e4592b1 → host:45.173.156.62
flow_observed4-aryOBS	e:fo:flow:e8a83eb6519a	flow:e8a83eb6519a → host:172.234.197.23 → host:45.173.156.70 → port:tcp:57324
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a5a0c98ce5f67db5:SESSION-a5a0c98ce5f67db5	SESSION-a5a0c98ce5f67db5 → pe:syn:SESSION-a5a0c98ce5f67db5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3afd88a73e32b466:host:131.196.28.32	SESSION-3afd88a73e32b466 → host:131.196.28.32
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1440a3c9b30a4056:flow:5ad3b0f91a3d	SESSION-1440a3c9b30a4056 → flow:5ad3b0f91a3d
FLOW_FROM_HOSTOBS	e:from:SESSION-724515316ace62dc:host:199.16.157.181	SESSION-724515316ace62dc → host:199.16.157.181
FLOW_DST_PORTOBS	e:fp:flow:deb8fc46e85e:port:tcp:443	flow:deb8fc46e85e → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.210:asn:273470	host:45.173.156.210 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a3b20edc3bf85f8:host:172.234.197.23	SESSION-3a3b20edc3bf85f8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d4bc305941088d24:host:172.234.197.23	SESSION-d4bc305941088d24 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f320997aa88d5819:host:45.173.156.153:host:172.234.197.23	SESSION-f320997aa88d5819 → host:45.173.156.153 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e91394d00b664372:flow:7429b5a04d93	SESSION-e91394d00b664372 → flow:7429b5a04d93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b9d6fb279031158e:SESSION-b9d6fb279031158e	SESSION-b9d6fb279031158e → pe:syn:SESSION-b9d6fb279031158e
FLOW_DST_PORTOBS	e:fp:flow:c55582ff0267:port:tcp:443	flow:c55582ff0267 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:cdf5f2e2e9eb:port:tcp:443	flow:cdf5f2e2e9eb → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-a720c7dde0362052:host:172.234.197.23	SESSION-a720c7dde0362052 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8293f5a95baa645a:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-8293f5a95baa645a → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c4a3ef3072acfd2:host:172.234.197.23	SESSION-9c4a3ef3072acfd2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:740f8ab03c92	flow:740f8ab03c92 → host:45.173.156.186 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-c97208f3d5d9be26:host:177.10.236.15	SESSION-c97208f3d5d9be26 → host:177.10.236.15
FLOW_TO_HOSTOBS	e:to:SESSION-d87ad0ffb58b923c:host:177.10.235.42	SESSION-d87ad0ffb58b923c → host:177.10.235.42
FLOW_DST_PORTOBS	e:fp:flow:18c30dc84099:port:tcp:443	flow:18c30dc84099 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-140ad048b49f1a57:SESSION-140ad048b49f1a57	SESSION-140ad048b49f1a57 → pe:syn:SESSION-140ad048b49f1a57
FLOW_FROM_HOSTOBS	e:from:SESSION-f7d282d56df8eba3:host:131.196.31.231	SESSION-f7d282d56df8eba3 → host:131.196.31.231
FLOW_DST_PORTOBS	e:fp:flow:3b613d9758b6:port:tcp:3951	flow:3b613d9758b6 → port:tcp:3951
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a88f0b19d496a689:flow:f305d2c5a739	SESSION-a88f0b19d496a689 → flow:f305d2c5a739
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-93446cf6bcbe5afe:SESSION-93446cf6bcbe5afe	SESSION-93446cf6bcbe5afe → pe:syn:SESSION-93446cf6bcbe5afe
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.6:asn:203771	host:92.112.71.6 → asn:203771
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8d7cf6e510c352d8:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8d7cf6e510c352d8 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-912ea161e3e6ffdc:host:172.234.197.23	SESSION-912ea161e3e6ffdc → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a681df8efb85197d:host:172.234.197.23:host:131.196.29.254	SESSION-a681df8efb85197d → host:172.234.197.23 → host:131.196.29.254
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.108:asn:262880	host:177.10.234.108 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47ed57a240abf6fc:PCAP:capture_20260430070001:903a0e7a436b	SESSION-47ed57a240abf6fc → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3a6f73143abd0c86:host:177.10.232.156:host:172.234.197.23	SESSION-3a6f73143abd0c86 → host:177.10.232.156 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-eee2452aad82d1c2:host:177.10.236.209	SESSION-eee2452aad82d1c2 → host:177.10.236.209
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7963f405207d2813:PCAP:capture_20260430060001:919b39a74464	SESSION-7963f405207d2813 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9963b3b3d702eb6e:SESSION-9963b3b3d702eb6e	SESSION-9963b3b3d702eb6e → pe:tls:SESSION-9963b3b3d702eb6e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0537be800f2fa6cb:SESSION-0537be800f2fa6cb	SESSION-0537be800f2fa6cb → pe:tls:SESSION-0537be800f2fa6cb
FLOW_TO_HOSTOBS	e:to:SESSION-dfde0f74dbe81c3a:host:172.234.197.23	SESSION-dfde0f74dbe81c3a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b9f10142199cea9c:SESSION-b9f10142199cea9c	SESSION-b9f10142199cea9c → pe:syn:SESSION-b9f10142199cea9c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fcd4658ed0002284:PCAP:capture_20260430160001:9bfa4498506a	SESSION-fcd4658ed0002284 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cf07a99306d1414b:SESSION-cf07a99306d1414b	SESSION-cf07a99306d1414b → pe:syn:SESSION-cf07a99306d1414b
ASN_IN_ORGOBS 80%	e:ao:asn:9808:org:China Mobile Communications Group Co., Ltd.	asn:9808 → org:China Mobile Communications Group Co., Ltd.
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f6ab7360966186b9:SESSION-f6ab7360966186b9	SESSION-f6ab7360966186b9 → pe:syn:SESSION-f6ab7360966186b9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f3616b79a24490a3:SESSION-f3616b79a24490a3	SESSION-f3616b79a24490a3 → pe:tls:SESSION-f3616b79a24490a3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2dd011a07497df56:SESSION-2dd011a07497df56	SESSION-2dd011a07497df56 → pe:tls:SESSION-2dd011a07497df56
FLOW_DST_PORTOBS	e:fp:flow:cbf3d3b9734e:port:tcp:43994	flow:cbf3d3b9734e → port:tcp:43994
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-11d1e958623763ef:SESSION-11d1e958623763ef	SESSION-11d1e958623763ef → pe:syn:SESSION-11d1e958623763ef
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81679789c998e700:host:177.10.235.169	SESSION-81679789c998e700 → host:177.10.235.169
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3bc35cbabc9b015e:SESSION-3bc35cbabc9b015e	SESSION-3bc35cbabc9b015e → pe:tls:SESSION-3bc35cbabc9b015e
flow_observed4-aryOBS	e:fo:flow:5a2ec532c0b9	flow:5a2ec532c0b9 → host:172.234.197.23 → host:177.10.234.64 → port:tcp:58216
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-205f7c84653f0fb6:SESSION-205f7c84653f0fb6	SESSION-205f7c84653f0fb6 → pe:tls:SESSION-205f7c84653f0fb6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-6222707cbae0e281:SESSION-6222707cbae0e281	SESSION-6222707cbae0e281 → pe:rst:SESSION-6222707cbae0e281
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a516ba4c4f8948a0:PCAP:capture_20260430090001:065659c7d314	SESSION-a516ba4c4f8948a0 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d5b80b4b47f274ca:SESSION-d5b80b4b47f274ca	SESSION-d5b80b4b47f274ca → pe:tls:SESSION-d5b80b4b47f274ca
FLOW_FROM_HOSTOBS	e:from:SESSION-49c1d2d9ba1746da:host:177.10.238.140	SESSION-49c1d2d9ba1746da → host:177.10.238.140
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3fd9b76b5230e873:SESSION-3fd9b76b5230e873	SESSION-3fd9b76b5230e873 → pe:tls:SESSION-3fd9b76b5230e873
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-29cd9f7300aa5893:flow:5ccb5bd3660c	SESSION-29cd9f7300aa5893 → flow:5ccb5bd3660c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d04c60e569cc19ba:SESSION-d04c60e569cc19ba	SESSION-d04c60e569cc19ba → pe:tls:SESSION-d04c60e569cc19ba
FLOW_DST_PORTOBS	e:fp:flow:53c36095e850:port:tcp:443	flow:53c36095e850 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-81de972e9a362700:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-81de972e9a362700 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-21a19991d129ba18:SESSION-21a19991d129ba18	SESSION-21a19991d129ba18 → pe:tls:SESSION-21a19991d129ba18
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9b22fd3d92fd3016:host:131.196.31.27:host:172.234.197.23	SESSION-9b22fd3d92fd3016 → host:131.196.31.27 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fef5a77f946ef097:host:131.196.29.206	SESSION-fef5a77f946ef097 → host:131.196.29.206
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e63bd10e327c33f1:SESSION-e63bd10e327c33f1	SESSION-e63bd10e327c33f1 → pe:tls:SESSION-e63bd10e327c33f1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a91fe9a6e775a606:PCAP:capture_20260430080001:93f47cc296a4	SESSION-a91fe9a6e775a606 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-97d8ab6142f53424:SESSION-97d8ab6142f53424	SESSION-97d8ab6142f53424 → pe:tls:SESSION-97d8ab6142f53424
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1213fdeaeb0b4e25:host:172.234.197.23	SESSION-1213fdeaeb0b4e25 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5d0f919734488d0b:host:172.234.197.23:host:131.196.29.238	SESSION-5d0f919734488d0b → host:172.234.197.23 → host:131.196.29.238
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a776552d0ac90a05:SESSION-a776552d0ac90a05	SESSION-a776552d0ac90a05 → pe:tls:SESSION-a776552d0ac90a05
flow_observed4-aryOBS	e:fo:flow:e3888ae19e03	flow:e3888ae19e03 → host:172.234.197.23 → host:177.10.233.183 → port:tcp:16851
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-14ec4f61373e7262:flow:f83043602330	SESSION-14ec4f61373e7262 → flow:f83043602330
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96639b4b4a33e422:SESSION-96639b4b4a33e422	SESSION-96639b4b4a33e422 → pe:tls:SESSION-96639b4b4a33e422
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-74ad535621338757:host:131.196.30.7:host:172.234.197.23	SESSION-74ad535621338757 → host:131.196.30.7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-884df81342ed3b04:host:177.10.239.24	SESSION-884df81342ed3b04 → host:177.10.239.24
FLOW_TO_HOSTOBS	e:to:SESSION-a88f0b19d496a689:host:172.234.197.23	SESSION-a88f0b19d496a689 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bded37485db78f4a:host:177.10.237.24	SESSION-bded37485db78f4a → host:177.10.237.24
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6543ef151e834843:SESSION-6543ef151e834843	SESSION-6543ef151e834843 → pe:tls:SESSION-6543ef151e834843
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.52:asn:203771	host:92.112.71.52 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:aff142aec191:port:tcp:443	flow:aff142aec191 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a770693a19c2c7c:SESSION-0a770693a19c2c7c	SESSION-0a770693a19c2c7c → pe:syn:SESSION-0a770693a19c2c7c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c130f2091984b84c:SESSION-c130f2091984b84c	SESSION-c130f2091984b84c → pe:syn:SESSION-c130f2091984b84c
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-96afec3035986aab:BSG-DATA_EXFIL-86c3aec70aeb	SESSION-96afec3035986aab → BSG-DATA_EXFIL-86c3aec70aeb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c83cde1dbe634e7:host:172.234.197.23	SESSION-5c83cde1dbe634e7 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.98:asn:271410	host:131.196.31.98 → asn:271410
flow_observed4-aryOBS	e:fo:flow:7c92c15e1e64	flow:7c92c15e1e64 → host:172.234.197.23 → host:131.196.30.196 → port:tcp:39371
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a437e2422713bf06:flow:c59557b9d3a6	SESSION-a437e2422713bf06 → flow:c59557b9d3a6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4385c2f73c2ee0db:host:172.234.197.23	SESSION-4385c2f73c2ee0db → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.49:asn:271410	host:131.196.31.49 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-ea53a00807c951b5:host:172.234.197.23	SESSION-ea53a00807c951b5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e42d909a57b4903:host:131.196.28.12	SESSION-0e42d909a57b4903 → host:131.196.28.12
FLOW_FROM_HOSTOBS	e:from:SESSION-c421ecd159f7b93a:host:177.10.232.2	SESSION-c421ecd159f7b93a → host:177.10.232.2
FLOW_FROM_HOSTOBS	e:from:SESSION-69ca44a412c8d221:host:172.234.197.23	SESSION-69ca44a412c8d221 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5d0dd65fd7cc:port:tcp:60982	flow:5d0dd65fd7cc → port:tcp:60982
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f88b9847e7767e00:host:177.10.233.144	SESSION-f88b9847e7767e00 → host:177.10.233.144
FLOW_TO_HOSTOBS	e:to:SESSION-bf132b40533c7dcc:host:172.234.197.23	SESSION-bf132b40533c7dcc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e5392ca321cb1ed:host:172.234.197.23	SESSION-6e5392ca321cb1ed → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47d7544842406eea:PCAP:capture_20260430050001:8868731bf8a4	SESSION-47d7544842406eea → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-542567c32b647819:SESSION-542567c32b647819	SESSION-542567c32b647819 → pe:tls:SESSION-542567c32b647819
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.56:geo_-16.28860_-49.01640	host:177.10.238.56 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.192:asn:262880	host:177.10.234.192 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-21a19991d129ba18:host:172.234.197.23	SESSION-21a19991d129ba18 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db62c05acb7f0b0b:host:131.196.29.53:host:172.234.197.23	SESSION-db62c05acb7f0b0b → host:131.196.29.53 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:bb2bb642551a	flow:bb2bb642551a → host:177.10.235.72 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-be67080b9ae14b48:host:131.196.31.78	SESSION-be67080b9ae14b48 → host:131.196.31.78
FLOW_TO_HOSTOBS	e:to:SESSION-954029bd3fad39c7:host:177.10.237.122	SESSION-954029bd3fad39c7 → host:177.10.237.122
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57039b95174af1c3:host:172.234.197.23	SESSION-57039b95174af1c3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5a5092ccda361ecd:flow:2111fdd56ba5	SESSION-5a5092ccda361ecd → flow:2111fdd56ba5
FLOW_DST_PORTOBS	e:fp:flow:97fdbda409b9:port:tcp:53376	flow:97fdbda409b9 → port:tcp:53376
FLOW_DST_PORTOBS	e:fp:flow:87a20577fb9f:port:tcp:443	flow:87a20577fb9f → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-02163c9e3a8cc49d:host:172.234.197.23	SESSION-02163c9e3a8cc49d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7601ec92d63a89e6:host:88.99.91.59:host:172.234.197.23	SESSION-7601ec92d63a89e6 → host:88.99.91.59 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ada1853624679841:host:172.234.197.23	SESSION-ada1853624679841 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-603529cff661c41d:host:45.173.156.237:host:172.234.197.23	SESSION-603529cff661c41d → host:45.173.156.237 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-69ac7334931bf6c1:SESSION-69ac7334931bf6c1	SESSION-69ac7334931bf6c1 → pe:syn:SESSION-69ac7334931bf6c1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8a43b551ff0093c7:SESSION-8a43b551ff0093c7	SESSION-8a43b551ff0093c7 → pe:tls:SESSION-8a43b551ff0093c7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eade11f9b06e449a:SESSION-eade11f9b06e449a	SESSION-eade11f9b06e449a → pe:tls:SESSION-eade11f9b06e449a
FLOW_FROM_HOSTOBS	e:from:SESSION-1f0a0478f83cd119:host:31.40.196.97	SESSION-1f0a0478f83cd119 → host:31.40.196.97
FLOW_DST_PORTOBS	e:fp:flow:ef2f10ea72bc:port:tcp:80	flow:ef2f10ea72bc → port:tcp:80
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.245:asn:203771	host:45.145.152.245 → asn:203771
FLOW_TO_HOSTOBS	e:to:SESSION-2e85a67565660f7c:host:131.196.30.75	SESSION-2e85a67565660f7c → host:131.196.30.75
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-21bd08fb36aa18e9:flow:ff6c08aab12a	SESSION-21bd08fb36aa18e9 → flow:ff6c08aab12a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-026fe63fd4f2486a:host:60.214.180.150:host:172.234.197.23	SESSION-026fe63fd4f2486a → host:60.214.180.150 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:94b142bbe9f6:port:tcp:443	flow:94b142bbe9f6 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:cb268bb25b30	flow:cb268bb25b30 → host:172.234.197.23 → host:45.173.156.126 → port:tcp:53930
flow_observed3-aryOBS	e:fo:flow:6946dc6e8d73	flow:6946dc6e8d73 → host:35.95.113.227 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb8a27373acd6451:host:172.234.197.23	SESSION-eb8a27373acd6451 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b48a91345e9a	flow:b48a91345e9a → host:172.234.197.23 → host:131.196.30.92 → port:tcp:31873
FLOW_DST_PORTOBS	e:fp:flow:53c657412e92:port:tcp:443	flow:53c657412e92 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-ef3fadfeb89ec1c3:host:172.234.197.23	SESSION-ef3fadfeb89ec1c3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:978dc8ba0399:port:tcp:43136	flow:978dc8ba0399 → port:tcp:43136
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09e9de69a12074bb:host:172.234.197.23	SESSION-09e9de69a12074bb → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3c29a1a30005:port:tcp:20104	flow:3c29a1a30005 → port:tcp:20104
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4d4d7fb155f65fdf:PCAP:capture_20260430080001:93f47cc296a4	SESSION-4d4d7fb155f65fdf → PCAP:capture_20260430080001:93f47cc296a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.6:geo_41.00190_28.96450	host:95.170.25.6 → geo_41.00190_28.96450
flow_observed5-aryOBS	e:fo:flow:7f816c2a0cdd	flow:7f816c2a0cdd → host:177.10.239.16 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-c5d6e49e2849c20f:host:172.234.197.23	SESSION-c5d6e49e2849c20f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-efb89dcd313d4029:host:172.234.197.23	SESSION-efb89dcd313d4029 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-91196c5d66e04f5c:PCAP:capture_20260430060001:919b39a74464	SESSION-91196c5d66e04f5c → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:78347322cd1b:port:tcp:443	flow:78347322cd1b → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-7eeea37688fc574d:host:172.234.197.23	SESSION-7eeea37688fc574d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:80206823d24b:port:tcp:51617	flow:80206823d24b → port:tcp:51617
FLOW_DST_PORTOBS	e:fp:flow:e9d30a67fb9b:port:tcp:443	flow:e9d30a67fb9b → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6420523769b66d4c:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6420523769b66d4c → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-02deb29800889c11:host:172.234.197.23	SESSION-02deb29800889c11 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8070c9158a1a853:host:45.173.156.148	SESSION-e8070c9158a1a853 → host:45.173.156.148
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-912f333ca4ce75c1:SESSION-912f333ca4ce75c1	SESSION-912f333ca4ce75c1 → pe:syn:SESSION-912f333ca4ce75c1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03f7a565a7cd59d8:host:172.234.197.23	SESSION-03f7a565a7cd59d8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f776838979623936:host:131.196.31.159	SESSION-f776838979623936 → host:131.196.31.159
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.41:geo_-23.62930_-46.63510	host:131.196.30.41 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.150:asn:262880	host:177.10.235.150 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1446b81625870ef0:flow:6b0916189923	SESSION-1446b81625870ef0 → flow:6b0916189923
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4651c2a8eec0e6f:host:172.234.197.23	SESSION-a4651c2a8eec0e6f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-417f532a2a507181:SESSION-417f532a2a507181	SESSION-417f532a2a507181 → pe:tls:SESSION-417f532a2a507181
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5a75b8c86281e6b7:SESSION-5a75b8c86281e6b7	SESSION-5a75b8c86281e6b7 → pe:syn:SESSION-5a75b8c86281e6b7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-030a81db4532bd3a:flow:26f9905a5f90	SESSION-030a81db4532bd3a → flow:26f9905a5f90
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ea7d08352653c32:SESSION-2ea7d08352653c32	SESSION-2ea7d08352653c32 → pe:syn:SESSION-2ea7d08352653c32
FLOW_DST_PORTOBS	e:fp:flow:9c88e1747080:port:tcp:443	flow:9c88e1747080 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-80f99961f353c40e:SESSION-80f99961f353c40e	SESSION-80f99961f353c40e → pe:tls:SESSION-80f99961f353c40e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2761ffbe76598549:SESSION-2761ffbe76598549	SESSION-2761ffbe76598549 → pe:syn:SESSION-2761ffbe76598549
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.170:asn:262880	host:177.10.235.170 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.221:geo_-16.28860_-49.01640	host:177.10.237.221 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:0eff10ba49f2	flow:0eff10ba49f2 → host:131.196.29.247 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8df47c2606014223:flow:8afefd3a9ee9	SESSION-8df47c2606014223 → flow:8afefd3a9ee9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-27ea3c16306f2f5f:SESSION-27ea3c16306f2f5f	SESSION-27ea3c16306f2f5f → pe:tls:SESSION-27ea3c16306f2f5f
FLOW_DST_PORTOBS	e:fp:flow:33b730478383:port:tcp:443	flow:33b730478383 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3a899a8160ea28b7:PCAP:capture_20260430050001:8868731bf8a4	SESSION-3a899a8160ea28b7 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:7ae497c2b143:port:tcp:41984	flow:7ae497c2b143 → port:tcp:41984
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fae3464e58310370:flow:2cbbc065f428	SESSION-fae3464e58310370 → flow:2cbbc065f428
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e4815ec5b053775:host:172.234.197.23	SESSION-4e4815ec5b053775 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.41:asn:203771	host:31.40.196.41 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa658fe130f71ff5:host:172.234.197.23	SESSION-aa658fe130f71ff5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8cb528496ded9d11:SESSION-8cb528496ded9d11	SESSION-8cb528496ded9d11 → pe:syn:SESSION-8cb528496ded9d11
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-54b62e34296d5c17:SESSION-54b62e34296d5c17	SESSION-54b62e34296d5c17 → pe:tls:SESSION-54b62e34296d5c17
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f5a08fe68832616d:host:131.196.29.162:host:172.234.197.23	SESSION-f5a08fe68832616d → host:131.196.29.162 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e3f936e849fecda0:SESSION-e3f936e849fecda0	SESSION-e3f936e849fecda0 → pe:tls:SESSION-e3f936e849fecda0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9a7f0a64436ce2ca:SESSION-9a7f0a64436ce2ca	SESSION-9a7f0a64436ce2ca → pe:tls:SESSION-9a7f0a64436ce2ca
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.133:asn:262880	host:177.10.232.133 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e09f613cd450ebc9:flow:ffcab162b11c	SESSION-e09f613cd450ebc9 → flow:ffcab162b11c
FLOW_FROM_HOSTOBS	e:from:SESSION-df6efecba493c79c:host:177.10.237.38	SESSION-df6efecba493c79c → host:177.10.237.38
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3cc71da406a2797a:SESSION-3cc71da406a2797a	SESSION-3cc71da406a2797a → pe:syn:SESSION-3cc71da406a2797a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2479e88ee1ee68c6:PCAP:capture_20260430060001:919b39a74464	SESSION-2479e88ee1ee68c6 → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-14b4ac17b4f35bc0:PCAP:capture_20260430070001:903a0e7a436b	SESSION-14b4ac17b4f35bc0 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a5b4d581172cc71c:SESSION-a5b4d581172cc71c	SESSION-a5b4d581172cc71c → pe:syn:SESSION-a5b4d581172cc71c
FLOW_TO_HOSTOBS	e:to:SESSION-69ca44a412c8d221:host:45.173.156.124	SESSION-69ca44a412c8d221 → host:45.173.156.124
FLOW_FROM_HOSTOBS	e:from:SESSION-ddc60a1db971e20b:host:172.234.197.23	SESSION-ddc60a1db971e20b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-09c0e42aa6120a11:SESSION-09c0e42aa6120a11	SESSION-09c0e42aa6120a11 → pe:rst:SESSION-09c0e42aa6120a11
FLOW_TO_HOSTOBS	e:to:SESSION-b5bd73118ac3f9f7:host:172.234.197.23	SESSION-b5bd73118ac3f9f7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5bf52bbf16270a2a:host:172.234.197.23	SESSION-5bf52bbf16270a2a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-39aafc698c61dd93:SESSION-39aafc698c61dd93	SESSION-39aafc698c61dd93 → pe:tls:SESSION-39aafc698c61dd93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c5ac08008a4ed5c1:SESSION-c5ac08008a4ed5c1	SESSION-c5ac08008a4ed5c1 → pe:syn:SESSION-c5ac08008a4ed5c1
flow_observed4-aryOBS	e:fo:flow:e2fb5dc0a769	flow:e2fb5dc0a769 → host:172.234.197.23 → host:177.10.238.103 → port:tcp:20055
FLOW_DST_PORTOBS	e:fp:flow:e7bdccaedf79:port:tcp:443	flow:e7bdccaedf79 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2d53672361f048e5:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2d53672361f048e5 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-338b64f691539afb:host:172.234.197.23	SESSION-338b64f691539afb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2f1449f3d42ccdf:host:172.234.197.23	SESSION-e2f1449f3d42ccdf → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c77e81e6376168a3:host:52.81.77.92	SESSION-c77e81e6376168a3 → host:52.81.77.92
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6a1a522f9ca6e79:host:177.10.237.3	SESSION-d6a1a522f9ca6e79 → host:177.10.237.3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.84:geo_-16.28860_-49.01640	host:177.10.232.84 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:8ecf4d1d097b:port:tcp:443	flow:8ecf4d1d097b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a3cdd61760cc277:host:177.10.239.218	SESSION-8a3cdd61760cc277 → host:177.10.239.218
FLOW_FROM_HOSTOBS	e:from:SESSION-fb520d5460f73062:host:177.10.234.178	SESSION-fb520d5460f73062 → host:177.10.234.178
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a1d91047073c4c2:host:177.10.237.103:host:172.234.197.23	SESSION-4a1d91047073c4c2 → host:177.10.237.103 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b84ff3ecb7ac9c51:host:172.234.197.23	SESSION-b84ff3ecb7ac9c51 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3ecb424a0a4d5b0f:host:172.234.197.23:host:177.10.238.120	SESSION-3ecb424a0a4d5b0f → host:172.234.197.23 → host:177.10.238.120
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e991004bd02372d1:host:172.234.197.23	SESSION-e991004bd02372d1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad3aa4b6b6de70e6:host:177.10.232.120	SESSION-ad3aa4b6b6de70e6 → host:177.10.232.120
FLOW_DST_PORTOBS	e:fp:flow:514ff26d4034:port:tcp:16012	flow:514ff26d4034 → port:tcp:16012
FLOW_TO_HOSTOBS	e:to:SESSION-9252fa43a6ca744f:host:45.173.156.169	SESSION-9252fa43a6ca744f → host:45.173.156.169
FLOW_FROM_HOSTOBS	e:from:SESSION-74a0cb408b3fb354:host:177.10.238.31	SESSION-74a0cb408b3fb354 → host:177.10.238.31
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-baf4494100018e3a:SESSION-baf4494100018e3a	SESSION-baf4494100018e3a → pe:syn:SESSION-baf4494100018e3a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.47:geo_-16.28860_-49.01640	host:177.10.237.47 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:de9a31b6abf8	flow:de9a31b6abf8 → host:51.210.99.95 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-91c3828e0c41fbe7:host:177.10.238.62	SESSION-91c3828e0c41fbe7 → host:177.10.238.62
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cff48a7a06adcd8f:host:172.234.197.23	SESSION-cff48a7a06adcd8f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:62f70f17b15f:port:tcp:443	flow:62f70f17b15f → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-76b86119fe5d0a6f:host:172.234.197.23	SESSION-76b86119fe5d0a6f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4367b2e8a53d74f:host:177.10.236.171:host:172.234.197.23	SESSION-c4367b2e8a53d74f → host:177.10.236.171 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:890afc9fdb82	flow:890afc9fdb82 → host:177.10.236.134 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-7ab46af96ea11edd:host:131.196.30.187	SESSION-7ab46af96ea11edd → host:131.196.30.187
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b2c61460e754c8f6:SESSION-b2c61460e754c8f6	SESSION-b2c61460e754c8f6 → pe:syn:SESSION-b2c61460e754c8f6
flow_observed4-aryOBS	e:fo:flow:1791685c818a	flow:1791685c818a → host:172.234.197.23 → host:131.196.30.158 → port:tcp:734
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.180:asn:262880	host:177.10.232.180 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2619cb568c6b860e:SESSION-2619cb568c6b860e	SESSION-2619cb568c6b860e → pe:syn:SESSION-2619cb568c6b860e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b8fce0c61e3d0bf9:host:18.183.88.164:host:172.234.197.23	SESSION-b8fce0c61e3d0bf9 → host:18.183.88.164 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-014d878748f613f9:flow:ce27e65991f6	SESSION-014d878748f613f9 → flow:ce27e65991f6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d0453327d6800ed:host:172.234.197.23	SESSION-1d0453327d6800ed → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-333a850c89106bc0:host:172.234.197.23	SESSION-333a850c89106bc0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-17fb8dd67040757e:SESSION-17fb8dd67040757e	SESSION-17fb8dd67040757e → pe:tls:SESSION-17fb8dd67040757e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d1d74e40d653f073:SESSION-d1d74e40d653f073	SESSION-d1d74e40d653f073 → pe:syn:SESSION-d1d74e40d653f073
FLOW_TO_HOSTOBS	e:to:SESSION-3bf7bb3dc8319468:host:172.234.197.23	SESSION-3bf7bb3dc8319468 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc6a5831c46f644f:host:172.234.197.23	SESSION-bc6a5831c46f644f → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.162:asn:271410	host:131.196.29.162 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37bca0dc2914cafb:host:172.234.197.23:host:177.10.238.45	SESSION-37bca0dc2914cafb → host:172.234.197.23 → host:177.10.238.45
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-edf23c7505754934:flow:dbba3374c650	SESSION-edf23c7505754934 → flow:dbba3374c650
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f7273aea3ec9beab:host:172.234.197.23:host:45.173.156.109	SESSION-f7273aea3ec9beab → host:172.234.197.23 → host:45.173.156.109
flow_observed5-aryOBS	e:fo:flow:5af80fbf2441	flow:5af80fbf2441 → host:92.112.71.68 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a84fec3b32ec885d:SESSION-a84fec3b32ec885d	SESSION-a84fec3b32ec885d → pe:tls:SESSION-a84fec3b32ec885d
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-398d13acd4a88a37:BSG-BEACON-f6c2b3d0e42d	SESSION-398d13acd4a88a37 → BSG-BEACON-f6c2b3d0e42d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-40e0d0b129f437fd:flow:e1c367b611de	SESSION-40e0d0b129f437fd → flow:e1c367b611de
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c53b2c88ff7f785:host:44.250.172.176	SESSION-6c53b2c88ff7f785 → host:44.250.172.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72a654eac2136215:host:172.234.197.23	SESSION-72a654eac2136215 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d8900744845bb6f3:host:177.10.232.81:host:172.234.197.23	SESSION-d8900744845bb6f3 → host:177.10.232.81 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:dca142dce243	flow:dca142dce243 → host:177.10.234.215 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51b69a1f49968dce:flow:507431930c66	SESSION-51b69a1f49968dce → flow:507431930c66
FLOW_TO_HOSTOBS	e:to:SESSION-48baa2e7639de342:host:172.234.197.23	SESSION-48baa2e7639de342 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3b376322eb831975:host:172.234.197.23	SESSION-3b376322eb831975 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e4b14eb8b6ee95ef:SESSION-e4b14eb8b6ee95ef	SESSION-e4b14eb8b6ee95ef → pe:syn:SESSION-e4b14eb8b6ee95ef
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf343490b1b7ef49:host:172.234.197.23:host:131.196.28.44	SESSION-bf343490b1b7ef49 → host:172.234.197.23 → host:131.196.28.44
FLOW_DST_PORTOBS	e:fp:flow:eb9c7ca8e40c:port:tcp:21400	flow:eb9c7ca8e40c → port:tcp:21400
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f0d0c8f73043707f:SESSION-f0d0c8f73043707f	SESSION-f0d0c8f73043707f → pe:tls:SESSION-f0d0c8f73043707f
FLOW_DST_PORTOBS	e:fp:flow:87e702e14634:port:tcp:443	flow:87e702e14634 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-baf6029a4a920bc4:SESSION-baf6029a4a920bc4	SESSION-baf6029a4a920bc4 → pe:tls:SESSION-baf6029a4a920bc4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4fd6590fe23ccd99:host:172.234.197.23:host:177.10.234.18	SESSION-4fd6590fe23ccd99 → host:172.234.197.23 → host:177.10.234.18
FLOW_FROM_HOSTOBS	e:from:SESSION-b43557542c64d676:host:172.234.197.23	SESSION-b43557542c64d676 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8bf059b02e9beec:flow:6a58d3f29dbb	SESSION-c8bf059b02e9beec → flow:6a58d3f29dbb
FLOW_TO_HOSTOBS	e:to:SESSION-54127ab649dd8e15:host:172.234.197.23	SESSION-54127ab649dd8e15 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0200d7ef8e83c7c3:SESSION-0200d7ef8e83c7c3	SESSION-0200d7ef8e83c7c3 → pe:syn:SESSION-0200d7ef8e83c7c3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dbacd0066146a93a:host:45.173.156.204	SESSION-dbacd0066146a93a → host:45.173.156.204
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-02199a3eaa60c28c:PCAP:capture_20260430150001:ded20914761d	SESSION-02199a3eaa60c28c → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-381a570e386b12a2:host:172.234.197.23	SESSION-381a570e386b12a2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-41172116812e3a49:host:177.10.236.39	SESSION-41172116812e3a49 → host:177.10.236.39
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b479aa11234b67ae:host:131.196.30.200	SESSION-b479aa11234b67ae → host:131.196.30.200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a55eb245a4ca8dde:SESSION-a55eb245a4ca8dde	SESSION-a55eb245a4ca8dde → pe:syn:SESSION-a55eb245a4ca8dde
FLOW_TO_HOSTOBS	e:to:SESSION-b1dabd85b6a07947:host:172.234.197.23	SESSION-b1dabd85b6a07947 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d96211015a0fddb9:host:172.234.197.23	SESSION-d96211015a0fddb9 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:7fb6ef520631	flow:7fb6ef520631 → host:172.234.197.23 → host:177.10.235.86 → port:tcp:53806
FLOW_FROM_HOSTOBS	e:from:SESSION-28106317c083449d:host:131.196.30.184	SESSION-28106317c083449d → host:131.196.30.184
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.147:asn:262880	host:177.10.234.147 → asn:262880
flow_observed5-aryOBS	e:fo:flow:99738992b719	flow:99738992b719 → host:131.196.31.47 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-11d1e958623763ef:host:172.234.197.23	SESSION-11d1e958623763ef → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8fd3b31137a7f5f9:host:177.10.239.252	SESSION-8fd3b31137a7f5f9 → host:177.10.239.252
FLOW_DST_PORTOBS	e:fp:flow:3231af7735e8:port:tcp:443	flow:3231af7735e8 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ca707063b726bac:host:131.196.28.95:host:172.234.197.23	SESSION-8ca707063b726bac → host:131.196.28.95 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7ad62492e870e2b:host:172.234.197.23	SESSION-e7ad62492e870e2b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.58:geo_-16.28860_-49.01640	host:177.10.236.58 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-9cd8abbfdfb95d18:host:131.196.29.103	SESSION-9cd8abbfdfb95d18 → host:131.196.29.103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49ddbf605897eb3f:host:177.10.238.103	SESSION-49ddbf605897eb3f → host:177.10.238.103
flow_observed4-aryOBS	e:fo:flow:239d4ba05be9	flow:239d4ba05be9 → host:172.234.197.23 → host:177.10.237.12 → port:tcp:32521
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96272a0a54480e7a:SESSION-96272a0a54480e7a	SESSION-96272a0a54480e7a → pe:tls:SESSION-96272a0a54480e7a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.140:asn:262880	host:177.10.234.140 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b25c94efbacaf7d7:host:177.10.237.173:host:172.234.197.23	SESSION-b25c94efbacaf7d7 → host:177.10.237.173 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-10db7c117acba2ed:PCAP:capture_20260430110001:43611bdf6759	SESSION-10db7c117acba2ed → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-394efd35512401c0:SESSION-394efd35512401c0	SESSION-394efd35512401c0 → pe:tls:SESSION-394efd35512401c0
FLOW_TO_HOSTOBS	e:to:SESSION-f56adc7043a43d99:host:172.234.197.23	SESSION-f56adc7043a43d99 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a9c12f6159b9a7a1:host:131.196.30.8:host:172.234.197.23	SESSION-a9c12f6159b9a7a1 → host:131.196.30.8 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.219:geo_-16.28860_-49.01640	host:177.10.233.219 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:105d6e9d76b0:port:tcp:35101	flow:105d6e9d76b0 → port:tcp:35101
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ecb25cc7396151e7:SESSION-ecb25cc7396151e7	SESSION-ecb25cc7396151e7 → pe:syn:SESSION-ecb25cc7396151e7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d467c8665ef34f6a:host:172.234.197.23:host:177.10.232.196	SESSION-d467c8665ef34f6a → host:172.234.197.23 → host:177.10.232.196
flow_observed5-aryOBS	e:fo:flow:20fb95e03ba6	flow:20fb95e03ba6 → host:95.170.25.156 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-8431b5fa38a73955:BSG-BEACON-a8a8c3c8a37f	SESSION-8431b5fa38a73955 → BSG-BEACON-a8a8c3c8a37f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.248:geo_41.00190_28.96450	host:92.112.71.248 → geo_41.00190_28.96450
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96cc205c664fccab:host:131.196.28.10	SESSION-96cc205c664fccab → host:131.196.28.10
flow_observed5-aryOBS	e:fo:flow:8da860531fda	flow:8da860531fda → host:131.196.29.199 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:74f73b825bc0	flow:74f73b825bc0 → host:177.10.236.15 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:e013fe153b32	flow:e013fe153b32 → host:172.234.197.23 → host:131.196.28.175 → port:tcp:40669
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-043f15d6badfcd64:host:172.234.197.23	SESSION-043f15d6badfcd64 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f320997aa88d5819:SESSION-f320997aa88d5819	SESSION-f320997aa88d5819 → pe:tls:SESSION-f320997aa88d5819
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-623bd72e2e38d66b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-623bd72e2e38d66b → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5e8651e0c063dc0a:SESSION-5e8651e0c063dc0a	SESSION-5e8651e0c063dc0a → pe:tls:SESSION-5e8651e0c063dc0a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-93e5d317492a213b:host:177.10.232.233:host:172.234.197.23	SESSION-93e5d317492a213b → host:177.10.232.233 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7db2d3f3f113e007:flow:3c8c9cf33ce0	SESSION-7db2d3f3f113e007 → flow:3c8c9cf33ce0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-566179d6a12d7e1c:PCAP:capture_20260430060001:919b39a74464	SESSION-566179d6a12d7e1c → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-73ac0ee86c608450:host:131.196.31.47:host:172.234.197.23	SESSION-73ac0ee86c608450 → host:131.196.31.47 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:47ab6659b5a4:port:tcp:443	flow:47ab6659b5a4 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:6bccd1e0d7eb:port:tcp:443	flow:6bccd1e0d7eb → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e4bb5568f0e725a3:host:177.10.235.84:host:172.234.197.23	SESSION-e4bb5568f0e725a3 → host:177.10.235.84 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.46:geo_-23.62930_-46.63510	host:131.196.29.46 → geo_-23.62930_-46.63510
flow_observed4-aryOBS	e:fo:flow:3753f50df565	flow:3753f50df565 → host:172.234.197.23 → host:177.10.239.39 → port:tcp:31438
FLOW_FROM_HOSTOBS	e:from:SESSION-17e71ce1458770d6:host:131.196.28.97	SESSION-17e71ce1458770d6 → host:131.196.28.97
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e4cbb1218941faec:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e4cbb1218941faec → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-21de16798668b3a8:host:45.173.156.138:host:172.234.197.23	SESSION-21de16798668b3a8 → host:45.173.156.138 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:fe6297f71c57	flow:fe6297f71c57 → host:45.173.156.150 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d6c92d9b97cea9da:flow:46e86d702bd9	SESSION-d6c92d9b97cea9da → flow:46e86d702bd9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b60a9d1a25ff8255:SESSION-b60a9d1a25ff8255	SESSION-b60a9d1a25ff8255 → pe:tls:SESSION-b60a9d1a25ff8255
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1a52ffd6f24f0f87:flow:83025574d3cc	SESSION-1a52ffd6f24f0f87 → flow:83025574d3cc
FLOW_TO_HOSTOBS	e:to:SESSION-4002f150bb6dd768:host:177.10.239.24	SESSION-4002f150bb6dd768 → host:177.10.239.24
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b2dec3faf198ca60:flow:d2bd33124f4a	SESSION-b2dec3faf198ca60 → flow:d2bd33124f4a
FLOW_TO_HOSTOBS	e:to:SESSION-8a604218ad277317:host:172.234.197.23	SESSION-8a604218ad277317 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:123c310400c9:port:tcp:19555	flow:123c310400c9 → port:tcp:19555
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5d84fd327ccf4e65:SESSION-5d84fd327ccf4e65	SESSION-5d84fd327ccf4e65 → pe:syn:SESSION-5d84fd327ccf4e65
flow_observed5-aryOBS	e:fo:flow:0393285963d8	flow:0393285963d8 → host:131.196.30.5 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-92484e45d6e7b321:host:172.234.197.23:host:185.72.218.77	SESSION-92484e45d6e7b321 → host:172.234.197.23 → host:185.72.218.77
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a2f82c2a85816be:host:131.196.28.15:host:172.234.197.23	SESSION-4a2f82c2a85816be → host:131.196.28.15 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8b8b9e098330595b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-8b8b9e098330595b → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-b7661066332b8e82:host:172.234.197.23	SESSION-b7661066332b8e82 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1dfe7de9432473b:host:172.234.197.23	SESSION-b1dfe7de9432473b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3a825e71225466eb:PCAP:capture_20260430160001:9bfa4498506a	SESSION-3a825e71225466eb → PCAP:capture_20260430160001:9bfa4498506a
HOST_IN_ASNOBS 85%	e:ha:host:51.91.243.64:asn:16276	host:51.91.243.64 → asn:16276
FLOW_DST_PORTOBS	e:fp:flow:9cb79ec77286:port:tcp:443	flow:9cb79ec77286 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac14845b1a23366d:host:172.234.197.23	SESSION-ac14845b1a23366d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e2edb47571c4ed35:host:172.234.197.23:host:131.196.29.12	SESSION-e2edb47571c4ed35 → host:172.234.197.23 → host:131.196.29.12
FLOW_TO_HOSTOBS	e:to:SESSION-eb17861f5be52c2c:host:172.234.197.23	SESSION-eb17861f5be52c2c → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a4227b203ef7	flow:a4227b203ef7 → host:172.234.197.23 → host:131.196.30.146 → port:tcp:56530
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9b209515fa806d4a:flow:342b74f48771	SESSION-9b209515fa806d4a → flow:342b74f48771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c390a73ee41b4c6d:host:172.234.197.23	SESSION-c390a73ee41b4c6d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:544b80c3b32c	flow:544b80c3b32c → host:177.10.238.5 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-255149252f7b9c37:SESSION-255149252f7b9c37	SESSION-255149252f7b9c37 → pe:syn:SESSION-255149252f7b9c37
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:172.3.50.214:geo_41.64750_-88.08950	host:172.3.50.214 → geo_41.64750_-88.08950
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b64c855cb393ccc0:SESSION-b64c855cb393ccc0	SESSION-b64c855cb393ccc0 → pe:syn:SESSION-b64c855cb393ccc0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f486345fbdf5443:host:131.196.31.2	SESSION-8f486345fbdf5443 → host:131.196.31.2
flow_observed4-aryOBS	e:fo:flow:b0c00cda65ca	flow:b0c00cda65ca → host:172.234.197.23 → host:177.10.233.35 → port:tcp:7551
FLOW_DST_PORTOBS	e:fp:flow:12c80080048e:port:tcp:55007	flow:12c80080048e → port:tcp:55007
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bc1a8a6f7d90953a:flow:2428c7c3e3d6	SESSION-bc1a8a6f7d90953a → flow:2428c7c3e3d6
FLOW_DST_PORTOBS	e:fp:flow:e0ba91dac47f:port:tcp:443	flow:e0ba91dac47f → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-e36c77c5ab0d7e92:BSG-DATA_EXFIL-d10015628cdd	SESSION-e36c77c5ab0d7e92 → BSG-DATA_EXFIL-d10015628cdd
flow_observed4-aryOBS	e:fo:flow:c6fcd772e075	flow:c6fcd772e075 → host:172.234.197.23 → host:131.196.28.177 → port:tcp:17407
FLOW_TO_HOSTOBS	e:to:SESSION-b7ac209c33b5c7f5:host:172.234.197.23	SESSION-b7ac209c33b5c7f5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-177c9265a29fe644:PCAP:capture_20260430080001:93f47cc296a4	SESSION-177c9265a29fe644 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cca8cec112e53d8f:SESSION-cca8cec112e53d8f	SESSION-cca8cec112e53d8f → pe:syn:SESSION-cca8cec112e53d8f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.53:geo_-16.28860_-49.01640	host:177.10.238.53 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a9273620e0aaedc:host:177.10.238.63	SESSION-8a9273620e0aaedc → host:177.10.238.63
FLOW_TO_HOSTOBS	e:to:SESSION-8a3cdd61760cc277:host:177.10.239.218	SESSION-8a3cdd61760cc277 → host:177.10.239.218
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c07bee6bb583aca:host:67.219.103.9	SESSION-8c07bee6bb583aca → host:67.219.103.9
FLOW_TO_HOSTOBS	e:to:SESSION-0da58b5e3634dda2:host:172.234.197.23	SESSION-0da58b5e3634dda2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a5292197f57e4263:host:172.234.197.23	SESSION-a5292197f57e4263 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68342cf3c00e7f2e:host:131.196.28.6:host:172.234.197.23	SESSION-68342cf3c00e7f2e → host:131.196.28.6 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:29836d882b78	flow:29836d882b78 → host:172.234.197.23 → host:177.10.237.11 → port:tcp:12769
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9f7884afbce83d50:SESSION-9f7884afbce83d50	SESSION-9f7884afbce83d50 → pe:syn:SESSION-9f7884afbce83d50
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-68b7f3c84c5e7661:SESSION-68b7f3c84c5e7661	SESSION-68b7f3c84c5e7661 → pe:syn:SESSION-68b7f3c84c5e7661
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fd4f176877b3d058:PCAP:capture_20260430150001:ded20914761d	SESSION-fd4f176877b3d058 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a9de26895ffb34a3:flow:a602b99696cd	SESSION-a9de26895ffb34a3 → flow:a602b99696cd
FLOW_DST_PORTOBS	e:fp:flow:9e171b985e85:port:tcp:443	flow:9e171b985e85 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:e277cf0bccc7	flow:e277cf0bccc7 → host:172.234.197.23 → host:131.196.31.235 → port:tcp:19717
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa2f81c8f6798425:host:172.234.197.23	SESSION-fa2f81c8f6798425 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-783c4edbafa3c164:flow:3d31c04c05c6	SESSION-783c4edbafa3c164 → flow:3d31c04c05c6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f44cd8b141a7b5c:host:172.234.197.23	SESSION-7f44cd8b141a7b5c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-136356e88c69bcaa:host:172.234.197.23:host:177.10.238.97	SESSION-136356e88c69bcaa → host:172.234.197.23 → host:177.10.238.97
FLOW_FROM_HOSTOBS	e:from:SESSION-08ee685c4e8cc842:host:131.196.28.219	SESSION-08ee685c4e8cc842 → host:131.196.28.219
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bd554b279ca00d73:host:172.234.197.23:host:177.10.236.173	SESSION-bd554b279ca00d73 → host:172.234.197.23 → host:177.10.236.173
FLOW_TO_HOSTOBS	e:to:SESSION-542567c32b647819:host:172.234.197.23	SESSION-542567c32b647819 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b66b69fe93183378:flow:ffb54c9ed747	SESSION-b66b69fe93183378 → flow:ffb54c9ed747
FLOW_FROM_HOSTOBS	e:from:SESSION-b4e8d87fd06149df:host:172.234.197.23	SESSION-b4e8d87fd06149df → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.134:asn:271410	host:131.196.31.134 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ef41947f9929862:flow:155bbe8ed91e	SESSION-8ef41947f9929862 → flow:155bbe8ed91e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-09cf18cd582e793d:host:177.10.238.152:host:172.234.197.23	SESSION-09cf18cd582e793d → host:177.10.238.152 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:34.216.30.208:asn:16509	host:34.216.30.208 → asn:16509
FLOW_FROM_HOSTOBS	e:from:SESSION-8189545896e60c84:host:177.10.234.1	SESSION-8189545896e60c84 → host:177.10.234.1
FLOW_FROM_HOSTOBS	e:from:SESSION-86a02a9ab2988acd:host:103.155.16.117	SESSION-86a02a9ab2988acd → host:103.155.16.117
flow_observed4-aryOBS	e:fo:flow:d40d8401ca62	flow:d40d8401ca62 → host:172.234.197.23 → host:131.196.28.237 → port:tcp:13635
FLOW_FROM_HOSTOBS	e:from:SESSION-d8c774bbe3f97971:host:45.173.156.5	SESSION-d8c774bbe3f97971 → host:45.173.156.5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-caf71fb423b46c4a:host:177.10.233.183:host:172.234.197.23	SESSION-caf71fb423b46c4a → host:177.10.233.183 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d0246a8b70a825de:flow:e17d73ea5b92	SESSION-d0246a8b70a825de → flow:e17d73ea5b92
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-941b4a1386b7be8f:SESSION-941b4a1386b7be8f	SESSION-941b4a1386b7be8f → pe:syn:SESSION-941b4a1386b7be8f
FLOW_DST_PORTOBS	e:fp:flow:fb994670cf9b:port:tcp:443	flow:fb994670cf9b → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-dd8a89b380cdaceb:host:172.234.197.23	SESSION-dd8a89b380cdaceb → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ee402158031a28f0:host:172.234.197.23	SESSION-ee402158031a28f0 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-ac87af78ff19f5c9:BSG-BEACON-5d6f1bf04fc0	SESSION-ac87af78ff19f5c9 → BSG-BEACON-5d6f1bf04fc0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-424264fd6333414c:SESSION-424264fd6333414c	SESSION-424264fd6333414c → pe:tls:SESSION-424264fd6333414c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.1:geo_-16.28860_-49.01640	host:177.10.234.1 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d31138dfabe85cd6:flow:fda4ef846e29	SESSION-d31138dfabe85cd6 → flow:fda4ef846e29
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eecb9eac95f77073:host:172.234.197.23	SESSION-eecb9eac95f77073 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-163f2e33c9f4a8f4:SESSION-163f2e33c9f4a8f4	SESSION-163f2e33c9f4a8f4 → pe:syn:SESSION-163f2e33c9f4a8f4
FLOW_DST_PORTOBS	e:fp:flow:91467d68ee29:port:tcp:1157	flow:91467d68ee29 → port:tcp:1157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-58f4b45cf908ad77:SESSION-58f4b45cf908ad77	SESSION-58f4b45cf908ad77 → pe:tls:SESSION-58f4b45cf908ad77
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0c9a0f035acc4428:host:172.234.197.23:host:131.196.29.215	SESSION-0c9a0f035acc4428 → host:172.234.197.23 → host:131.196.29.215
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.156:geo_-16.28860_-49.01640	host:177.10.234.156 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-68ee3afa191e6305:host:172.234.197.23	SESSION-68ee3afa191e6305 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.194:asn:271410	host:131.196.30.194 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-32012e3b5048e415:SESSION-32012e3b5048e415	SESSION-32012e3b5048e415 → pe:syn:SESSION-32012e3b5048e415
flow_observed5-aryOBS	e:fo:flow:524c0b13b3f7	flow:524c0b13b3f7 → host:45.173.156.208 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:2cc478f595ba	flow:2cc478f595ba → host:131.196.31.145 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01e03a84392b1398:host:172.234.197.23	SESSION-01e03a84392b1398 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:3115340ffdee	flow:3115340ffdee → host:172.234.197.23 → host:177.10.234.178 → port:tcp:43620
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a631db0468c49ef:host:131.196.31.65	SESSION-5a631db0468c49ef → host:131.196.31.65
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a26d5a4b5eab898:host:172.234.197.23	SESSION-1a26d5a4b5eab898 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ba1793b4e05c9885:host:131.196.30.28	SESSION-ba1793b4e05c9885 → host:131.196.30.28
FLOW_TO_HOSTOBS	e:to:SESSION-2fd944013b60077a:host:172.234.197.23	SESSION-2fd944013b60077a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-55e2fb280d3c8e24:SESSION-55e2fb280d3c8e24	SESSION-55e2fb280d3c8e24 → pe:syn:SESSION-55e2fb280d3c8e24
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1057767eda3c24b1:host:177.10.238.122:host:172.234.197.23	SESSION-1057767eda3c24b1 → host:177.10.238.122 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-00968abd3a9eec7e:host:172.234.197.23	SESSION-00968abd3a9eec7e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-82fb3096076edb8c:host:45.173.156.70	SESSION-82fb3096076edb8c → host:45.173.156.70
FLOW_TO_HOSTOBS	e:to:SESSION-d6c09b181dae043f:host:172.232.0.16	SESSION-d6c09b181dae043f → host:172.232.0.16
flow_observed5-aryOBS	e:fo:flow:8c48fea8e45c	flow:8c48fea8e45c → host:177.10.234.117 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fd776fee1455ee3:host:172.234.197.23	SESSION-5fd776fee1455ee3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:353f98464a41	flow:353f98464a41 → host:177.10.238.250 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db638e9136fa3895:SESSION-db638e9136fa3895	SESSION-db638e9136fa3895 → pe:syn:SESSION-db638e9136fa3895
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc57a46aa64b7388:host:177.10.237.53	SESSION-cc57a46aa64b7388 → host:177.10.237.53
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-333a850c89106bc0:PCAP:capture_20260430090001:065659c7d314	SESSION-333a850c89106bc0 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.36:geo_-16.28860_-49.01640	host:177.10.234.36 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f9ddceec57447449:PCAP:capture_20260430110001:43611bdf6759	SESSION-f9ddceec57447449 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-49ea9885c560f158:host:172.234.197.23	SESSION-49ea9885c560f158 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d4d7e5e657ae	flow:d4d7e5e657ae → host:172.234.197.23 → host:177.10.232.129 → port:tcp:12473
HOST_IN_ASNOBS 85%	e:ha:host:154.85.87.65:asn:139057	host:154.85.87.65 → asn:139057
FLOW_FROM_HOSTOBS	e:from:SESSION-28599206da4f4816:host:177.10.239.143	SESSION-28599206da4f4816 → host:177.10.239.143
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bef16d9c79cba2c2:SESSION-bef16d9c79cba2c2	SESSION-bef16d9c79cba2c2 → pe:tls:SESSION-bef16d9c79cba2c2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4aa43b0ccd10448e:PCAP:capture_20260430090001:065659c7d314	SESSION-4aa43b0ccd10448e → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-64639bf8e248f548:SESSION-64639bf8e248f548	SESSION-64639bf8e248f548 → pe:syn:SESSION-64639bf8e248f548
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f2cbf1ff9debe345:SESSION-f2cbf1ff9debe345	SESSION-f2cbf1ff9debe345 → pe:tls:SESSION-f2cbf1ff9debe345
FLOW_DST_PORTOBS	e:fp:flow:923a547e64db:port:tcp:443	flow:923a547e64db → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c20a24472712669d:flow:52a0d88bf6fd	SESSION-c20a24472712669d → flow:52a0d88bf6fd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c5c562cec43ce89e:host:54.218.65.249:host:172.234.197.23	SESSION-c5c562cec43ce89e → host:54.218.65.249 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-78d87c88323785f9:flow:22e70f9a44d8	SESSION-78d87c88323785f9 → flow:22e70f9a44d8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a24676d50b48eccf:host:172.234.197.23	SESSION-a24676d50b48eccf → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-04af603e6c9a6691:flow:7b60f2dd452b	SESSION-04af603e6c9a6691 → flow:7b60f2dd452b
flow_observed5-aryOBS	e:fo:flow:be59cc1e99e5	flow:be59cc1e99e5 → host:213.209.159.159 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7cf4eefda54138cc:SESSION-7cf4eefda54138cc	SESSION-7cf4eefda54138cc → pe:tls:SESSION-7cf4eefda54138cc
FLOW_FROM_HOSTOBS	e:from:SESSION-66033cfbc7dd0c2c:host:131.196.30.155	SESSION-66033cfbc7dd0c2c → host:131.196.30.155
FLOW_TO_HOSTOBS	e:to:SESSION-46f70ffa54883bab:host:172.234.197.23	SESSION-46f70ffa54883bab → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0b02fe311e9b10a6:host:177.10.233.98	SESSION-0b02fe311e9b10a6 → host:177.10.233.98
flow_observed4-aryOBS	e:fo:flow:4c8f41a5769d	flow:4c8f41a5769d → host:172.234.197.23 → host:131.196.29.227 → port:tcp:36854
FLOW_DST_PORTOBS	e:fp:flow:4a3b8f47dbcf:port:tcp:7914	flow:4a3b8f47dbcf → port:tcp:7914
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4ec222cc1c3a7faf:flow:b62b43632213	SESSION-4ec222cc1c3a7faf → flow:b62b43632213
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29bd7d52bed21c18:host:172.234.197.23	SESSION-29bd7d52bed21c18 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fce963e430ca:port:tcp:13330	flow:fce963e430ca → port:tcp:13330
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-15ce8c1431c2e2c7:PCAP:capture_20260430070001:903a0e7a436b	SESSION-15ce8c1431c2e2c7 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-28d0a7763ce2861c:flow:7558413065e5	SESSION-28d0a7763ce2861c → flow:7558413065e5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-83d893adc4ebe669:flow:0f5c3852bf17	SESSION-83d893adc4ebe669 → flow:0f5c3852bf17
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.101:asn:262880	host:177.10.237.101 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bb512b6db53333ff:SESSION-bb512b6db53333ff	SESSION-bb512b6db53333ff → pe:syn:SESSION-bb512b6db53333ff
FLOW_FROM_HOSTOBS	e:from:SESSION-09d8680ca1ab1b1e:host:185.231.226.119	SESSION-09d8680ca1ab1b1e → host:185.231.226.119
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-179845184e318961:SESSION-179845184e318961	SESSION-179845184e318961 → pe:tls:SESSION-179845184e318961
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6fea2a5b83daabbc:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-6fea2a5b83daabbc → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a98ae7d95e9a62c0:host:131.196.30.44:host:172.234.197.23	SESSION-a98ae7d95e9a62c0 → host:131.196.30.44 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.119:asn:262880	host:177.10.233.119 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-1600cc83b8cea24d:host:131.196.31.26	SESSION-1600cc83b8cea24d → host:131.196.31.26
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2be48cd916ee7ccc:SESSION-2be48cd916ee7ccc	SESSION-2be48cd916ee7ccc → pe:tls:SESSION-2be48cd916ee7ccc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2646f5b9f41a01d2:SESSION-2646f5b9f41a01d2	SESSION-2646f5b9f41a01d2 → pe:tls:SESSION-2646f5b9f41a01d2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.120:asn:262880	host:177.10.234.120 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-f9e3e5dcd2ccb687:host:172.234.197.23	SESSION-f9e3e5dcd2ccb687 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-29f2fc627b4350bb:flow:836aa09f87d5	SESSION-29f2fc627b4350bb → flow:836aa09f87d5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b1078812f997c85:host:177.10.236.1:host:172.234.197.23	SESSION-7b1078812f997c85 → host:177.10.236.1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-70f9355e024c975b:flow:b311735bdc68	SESSION-70f9355e024c975b → flow:b311735bdc68
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.2:asn:262880	host:177.10.236.2 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-45775bc626dbc608:SESSION-45775bc626dbc608	SESSION-45775bc626dbc608 → pe:tls:SESSION-45775bc626dbc608
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-44a5aa522f98da19:host:92.112.71.248:host:172.234.197.23	SESSION-44a5aa522f98da19 → host:92.112.71.248 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c74fe87f9177e103:host:172.234.197.23	SESSION-c74fe87f9177e103 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a108354098cf:port:tcp:443	flow:a108354098cf → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:0d0398759d8b:port:tcp:443	flow:0d0398759d8b → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6afafa975f8bbed9:SESSION-6afafa975f8bbed9	SESSION-6afafa975f8bbed9 → pe:syn:SESSION-6afafa975f8bbed9
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-e61b886c68594d41:BSG-BEACON-f6c2b3d0e42d	SESSION-e61b886c68594d41 → BSG-BEACON-f6c2b3d0e42d
FLOW_DST_PORTOBS	e:fp:flow:a4a590b26aa1:port:tcp:443	flow:a4a590b26aa1 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-871dd8a53b87e11e:host:172.234.197.23	SESSION-871dd8a53b87e11e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-643a90c68c400c64:SESSION-643a90c68c400c64	SESSION-643a90c68c400c64 → pe:syn:SESSION-643a90c68c400c64
FLOW_FROM_HOSTOBS	e:from:SESSION-99a4fe376d3938fb:host:131.196.31.226	SESSION-99a4fe376d3938fb → host:131.196.31.226
FLOW_TO_HOSTOBS	e:to:SESSION-cd13e266b02b3087:host:172.234.197.23	SESSION-cd13e266b02b3087 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d9ca387fd672ab7a:host:177.10.238.145:host:172.234.197.23	SESSION-d9ca387fd672ab7a → host:177.10.238.145 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dc085f76ab1a4e2b:flow:7942cfe9505f	SESSION-dc085f76ab1a4e2b → flow:7942cfe9505f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7a22eb4c95bd17b8:SESSION-7a22eb4c95bd17b8	SESSION-7a22eb4c95bd17b8 → pe:tls:SESSION-7a22eb4c95bd17b8
FLOW_DST_PORTOBS	e:fp:flow:60d41579784e:port:tcp:58684	flow:60d41579784e → port:tcp:58684
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a58d8beb20a4c9e1:flow:05a5fe972640	SESSION-a58d8beb20a4c9e1 → flow:05a5fe972640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6f6577138d25ad9e:flow:71dc34540c48	SESSION-6f6577138d25ad9e → flow:71dc34540c48
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a73f5b0635e28ad4:SESSION-a73f5b0635e28ad4	SESSION-a73f5b0635e28ad4 → pe:tls:SESSION-a73f5b0635e28ad4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ddc324b0d6a8eb6:host:172.234.197.23	SESSION-1ddc324b0d6a8eb6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-baf09a66da0e4962:host:172.234.197.23	SESSION-baf09a66da0e4962 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:18fe52facc0f	flow:18fe52facc0f → host:172.234.197.23 → host:177.10.239.144 → port:tcp:17854
flow_observed5-aryOBS	e:fo:flow:a154865920f4	flow:a154865920f4 → host:45.173.156.110 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-16ea01a17fc6b7f7:SESSION-16ea01a17fc6b7f7	SESSION-16ea01a17fc6b7f7 → pe:syn:SESSION-16ea01a17fc6b7f7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db0c4d22fd57aedf:host:172.234.197.23:host:131.196.30.55	SESSION-db0c4d22fd57aedf → host:172.234.197.23 → host:131.196.30.55
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-288c2773d91d95c9:host:172.234.197.23	SESSION-288c2773d91d95c9 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:cd08e0bdcb8b:port:udp:53	flow:cd08e0bdcb8b → port:udp:53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb2ab3101d5e046e:host:172.234.197.23:host:131.196.31.74	SESSION-cb2ab3101d5e046e → host:172.234.197.23 → host:131.196.31.74
FLOW_DST_PORTOBS	e:fp:flow:92c68a9e0443:port:tcp:29248	flow:92c68a9e0443 → port:tcp:29248
FLOW_FROM_HOSTOBS	e:from:SESSION-b96b3cde986adfb1:host:3.103.179.97	SESSION-b96b3cde986adfb1 → host:3.103.179.97
FLOW_TO_HOSTOBS	e:to:SESSION-8cb528496ded9d11:host:172.234.197.23	SESSION-8cb528496ded9d11 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f79e79f663ba44d9:SESSION-f79e79f663ba44d9	SESSION-f79e79f663ba44d9 → pe:syn:SESSION-f79e79f663ba44d9
FLOW_TO_HOSTOBS	e:to:SESSION-7fea0326f1ddbdfc:host:177.10.234.115	SESSION-7fea0326f1ddbdfc → host:177.10.234.115
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9726c360f8e7f49c:PCAP:capture_20260430070001:903a0e7a436b	SESSION-9726c360f8e7f49c → PCAP:capture_20260430070001:903a0e7a436b
flow_observed4-aryOBS	e:fo:flow:906538b5397b	flow:906538b5397b → host:172.234.197.23 → host:131.196.28.8 → port:tcp:8873
FLOW_TO_HOSTOBS	e:to:SESSION-2ac058e9f0280088:host:172.234.197.23	SESSION-2ac058e9f0280088 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-ecb25cc7396151e7:BSG-BEACON-9ff93f2bd63e	SESSION-ecb25cc7396151e7 → BSG-BEACON-9ff93f2bd63e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-38739a517334cf5a:flow:16e5cb83f132	SESSION-38739a517334cf5a → flow:16e5cb83f132
FLOW_FROM_HOSTOBS	e:from:SESSION-9963b3b3d702eb6e:host:177.10.238.68	SESSION-9963b3b3d702eb6e → host:177.10.238.68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ee986621b3f988f:host:177.10.237.64	SESSION-1ee986621b3f988f → host:177.10.237.64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a117da50f6c2c30f:SESSION-a117da50f6c2c30f	SESSION-a117da50f6c2c30f → pe:tls:SESSION-a117da50f6c2c30f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5644212eea272a87:flow:14440a95365b	SESSION-5644212eea272a87 → flow:14440a95365b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db858a9d0e579c0c:host:177.10.239.94	SESSION-db858a9d0e579c0c → host:177.10.239.94
FLOW_FROM_HOSTOBS	e:from:SESSION-9ec3678e1070a7a4:host:172.234.197.23	SESSION-9ec3678e1070a7a4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-140a58b5ab5dfb04:host:177.10.238.112	SESSION-140a58b5ab5dfb04 → host:177.10.238.112
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-ea53a00807c951b5:BSG-BEACON-f6c2b3d0e42d	SESSION-ea53a00807c951b5 → BSG-BEACON-f6c2b3d0e42d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-09c0e42aa6120a11:SESSION-09c0e42aa6120a11	SESSION-09c0e42aa6120a11 → pe:syn:SESSION-09c0e42aa6120a11
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-ec91eda6d4bd732e:BSG-BEACON-6f180ea665b7	SESSION-ec91eda6d4bd732e → BSG-BEACON-6f180ea665b7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a5d297f882a3348:PCAP:capture_20260430150001:ded20914761d	SESSION-4a5d297f882a3348 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4dda4cfeb9223891:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-4dda4cfeb9223891 → PCAP:capture_20260428000001:7e90c7cb899e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.143:asn:262880	host:177.10.232.143 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.156:geo_-23.62930_-46.63510	host:131.196.30.156 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.185:asn:262880	host:177.10.238.185 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:a22b3b3a0e3f:port:tcp:19098	flow:a22b3b3a0e3f → port:tcp:19098
FLOW_FROM_HOSTOBS	e:from:SESSION-9d59512d9649ead5:host:172.234.197.23	SESSION-9d59512d9649ead5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7201144bad9d462:host:172.234.197.23	SESSION-c7201144bad9d462 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.186:geo_-16.28860_-49.01640	host:177.10.238.186 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ee14fe05044df9df:PCAP:capture_20260430060001:919b39a74464	SESSION-ee14fe05044df9df → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f234671aee206898:flow:fa2c4d55df00	SESSION-f234671aee206898 → flow:fa2c4d55df00
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:104.28.234.79:geo_29.75390_-95.35900	host:104.28.234.79 → geo_29.75390_-95.35900
flow_observed4-aryOBS	e:fo:flow:f7b6df677653	flow:f7b6df677653 → host:172.234.197.23 → host:177.10.239.92 → port:tcp:699
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.48:geo_-16.28860_-49.01640	host:177.10.234.48 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51603301232db2ce:host:177.10.235.126:host:172.234.197.23	SESSION-51603301232db2ce → host:177.10.235.126 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-61edd9328a7eff0d:SESSION-61edd9328a7eff0d	SESSION-61edd9328a7eff0d → pe:tls:SESSION-61edd9328a7eff0d
flow_observed5-aryOBS	e:fo:flow:c7467d26947e	flow:c7467d26947e → host:131.196.30.69 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-b5ee9797d15d423e:host:172.234.197.23	SESSION-b5ee9797d15d423e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f8c2daf7dcef:port:tcp:443	flow:f8c2daf7dcef → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ab52a513e5ed877:host:172.234.197.23	SESSION-7ab52a513e5ed877 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-36db005d6a8b5922:host:177.10.238.189	SESSION-36db005d6a8b5922 → host:177.10.238.189
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.186:asn:262880	host:177.10.232.186 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1a8968fd2a11ede8:SESSION-1a8968fd2a11ede8	SESSION-1a8968fd2a11ede8 → pe:syn:SESSION-1a8968fd2a11ede8
FLOW_TO_HOSTOBS	e:to:SESSION-500747aefaa736d2:host:177.10.238.177	SESSION-500747aefaa736d2 → host:177.10.238.177
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.165:geo_-16.28860_-49.01640	host:177.10.232.165 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-16a7442acd9adfae:PCAP:capture_20260430070001:903a0e7a436b	SESSION-16a7442acd9adfae → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2625cb17cae199d1:host:172.234.197.23	SESSION-2625cb17cae199d1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-17e08e972fb579a9:host:177.10.233.17:host:172.234.197.23	SESSION-17e08e972fb579a9 → host:177.10.233.17 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ed5513c22512ddd:flow:c3621c90336e	SESSION-2ed5513c22512ddd → flow:c3621c90336e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fc5634306e23209a:flow:9ccda023099c	SESSION-fc5634306e23209a → flow:9ccda023099c
flow_observed4-aryOBS	e:fo:flow:ffa767bf73be	flow:ffa767bf73be → host:172.234.197.23 → host:177.10.239.187 → port:tcp:19502
FLOW_DST_PORTOBS	e:fp:flow:7445acff57dc:port:tcp:443	flow:7445acff57dc → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2f35e45e57d830f4:flow:32a5ae89b8f4	SESSION-2f35e45e57d830f4 → flow:32a5ae89b8f4
FLOW_DST_PORTOBS	e:fp:flow:0080953c1172:port:tcp:443	flow:0080953c1172 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-04a75396d111d878:SESSION-04a75396d111d878	SESSION-04a75396d111d878 → pe:tls:SESSION-04a75396d111d878
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f9ee22ced6a72efa:flow:b0a40d55d6f8	SESSION-f9ee22ced6a72efa → flow:b0a40d55d6f8
flow_observed5-aryOBS	e:fo:flow:8728b5b51161	flow:8728b5b51161 → host:131.196.31.171 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-df4b466e6cf802c5:SESSION-df4b466e6cf802c5	SESSION-df4b466e6cf802c5 → pe:tls:SESSION-df4b466e6cf802c5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.147:geo_-16.28860_-49.01640	host:177.10.234.147 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e548e1862e666d4:SESSION-4e548e1862e666d4	SESSION-4e548e1862e666d4 → pe:tls:SESSION-4e548e1862e666d4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.217:asn:262880	host:177.10.236.217 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51257a0fcd8d6a04:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-51257a0fcd8d6a04 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bcca913f927ee07e:SESSION-bcca913f927ee07e	SESSION-bcca913f927ee07e → pe:tls:SESSION-bcca913f927ee07e
FLOW_FROM_HOSTOBS	e:from:SESSION-a8c8ed56d6827efd:host:177.10.232.190	SESSION-a8c8ed56d6827efd → host:177.10.232.190
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.239:geo_-16.28860_-49.01640	host:177.10.234.239 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-ac87af78ff19f5c9:host:177.10.233.35	SESSION-ac87af78ff19f5c9 → host:177.10.233.35
FLOW_DST_PORTOBS	e:fp:flow:f12450bfc831:port:tcp:443	flow:f12450bfc831 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ffc4775cc215b441:SESSION-ffc4775cc215b441	SESSION-ffc4775cc215b441 → pe:tls:SESSION-ffc4775cc215b441
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-202b4507c8c6a688:SESSION-202b4507c8c6a688	SESSION-202b4507c8c6a688 → pe:tls:SESSION-202b4507c8c6a688
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a5b4d581172cc71c:PCAP:capture_20260428010001:b1b402c7b202	SESSION-a5b4d581172cc71c → PCAP:capture_20260428010001:b1b402c7b202
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eee0288be94ee16a:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-eee0288be94ee16a → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.44:asn:262880	host:177.10.236.44 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-0229340abc854c0d:host:172.234.197.23	SESSION-0229340abc854c0d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f0835af6109bb7c1:flow:54dd15c775d4	SESSION-f0835af6109bb7c1 → flow:54dd15c775d4
FLOW_FROM_HOSTOBS	e:from:SESSION-25e11e259146e3a2:host:177.10.238.137	SESSION-25e11e259146e3a2 → host:177.10.238.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f879597a466f9080:SESSION-f879597a466f9080	SESSION-f879597a466f9080 → pe:syn:SESSION-f879597a466f9080
FLOW_TO_HOSTOBS	e:to:SESSION-d4bc305941088d24:host:172.232.0.16	SESSION-d4bc305941088d24 → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4b91d700ec898758:SESSION-4b91d700ec898758	SESSION-4b91d700ec898758 → pe:tls:SESSION-4b91d700ec898758
FLOW_DST_PORTOBS	e:fp:flow:1c51f3cc9345:port:tcp:443	flow:1c51f3cc9345 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:9ff355e674b2:port:tcp:9161	flow:9ff355e674b2 → port:tcp:9161
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-671ee03668a9eda8:host:172.234.197.23	SESSION-671ee03668a9eda8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db1b4e286dc089a9:host:131.196.29.60	SESSION-db1b4e286dc089a9 → host:131.196.29.60
FLOW_FROM_HOSTOBS	e:from:SESSION-ef3fadfeb89ec1c3:host:37.221.79.198	SESSION-ef3fadfeb89ec1c3 → host:37.221.79.198
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f29948747ee8d5c:host:172.234.197.23	SESSION-1f29948747ee8d5c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37a58b55d4a339c3:host:172.234.197.23	SESSION-37a58b55d4a339c3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e9b114480d67	flow:e9b114480d67 → host:172.3.50.214 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-5fcbc735dfd8018d:host:172.234.197.23	SESSION-5fcbc735dfd8018d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.135.228.1:geo_41.00190_28.96450	host:95.135.228.1 → geo_41.00190_28.96450
flow_observed5-aryOBS	e:fo:flow:e15b40b855d0	flow:e15b40b855d0 → host:131.196.31.237 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-111e536a3f33c549:host:172.234.197.23	SESSION-111e536a3f33c549 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7a9739ecc8b00e90:host:172.234.197.23	SESSION-7a9739ecc8b00e90 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1129a02e66df3e40:host:172.234.197.23	SESSION-1129a02e66df3e40 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a8441f04433657ee:host:131.196.31.85:host:172.234.197.23	SESSION-a8441f04433657ee → host:131.196.31.85 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c31bc4788e97db71:host:172.234.197.23	SESSION-c31bc4788e97db71 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fad613e75ea639b5:host:172.234.197.23	SESSION-fad613e75ea639b5 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.242:geo_-23.62930_-46.63510	host:131.196.31.242 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-22ef7e58c288a4dd:PCAP:capture_20260430050001:8868731bf8a4	SESSION-22ef7e58c288a4dd → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16a55bcfd76736b7:host:172.234.197.23	SESSION-16a55bcfd76736b7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5527f09aaa715d91:host:131.196.30.132	SESSION-5527f09aaa715d91 → host:131.196.30.132
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8df47c2606014223:SESSION-8df47c2606014223	SESSION-8df47c2606014223 → pe:syn:SESSION-8df47c2606014223
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a5381df0c70f3b63:PCAP:capture_20260430110001:43611bdf6759	SESSION-a5381df0c70f3b63 → PCAP:capture_20260430110001:43611bdf6759
flow_observed3-aryOBS	e:fo:flow:dfd7c586d178	flow:dfd7c586d178 → host:44.248.141.231 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d7c23b0aff57d2da:host:177.10.238.251:host:172.234.197.23	SESSION-d7c23b0aff57d2da → host:177.10.238.251 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:89478ea7795e:port:tcp:443	flow:89478ea7795e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89fe4f171fdbfa97:host:92.112.71.158	SESSION-89fe4f171fdbfa97 → host:92.112.71.158
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6b4b9c738c314ebf:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6b4b9c738c314ebf → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a03207ab88db82b5:host:172.234.197.23	SESSION-a03207ab88db82b5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7015af75baa6:port:tcp:443	flow:7015af75baa6 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-1e2ace7c21b4da04:host:177.10.239.75	SESSION-1e2ace7c21b4da04 → host:177.10.239.75
FLOW_DST_PORTOBS	e:fp:flow:0c0e1523deb4:port:tcp:55777	flow:0c0e1523deb4 → port:tcp:55777
FLOW_TO_HOSTOBS	e:to:SESSION-e01aa770e4fba49e:host:177.10.233.96	SESSION-e01aa770e4fba49e → host:177.10.233.96
FLOW_TO_HOSTOBS	e:to:SESSION-212f7b3a9bb90264:host:177.10.237.41	SESSION-212f7b3a9bb90264 → host:177.10.237.41
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a6c7a2e5cf818d0a:host:177.10.234.130:host:172.234.197.23	SESSION-a6c7a2e5cf818d0a → host:177.10.234.130 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0e6f218d3e359434:host:131.196.30.234	SESSION-0e6f218d3e359434 → host:131.196.30.234
FLOW_DST_PORTOBS	e:fp:flow:3da5b473a4ca:port:tcp:15268	flow:3da5b473a4ca → port:tcp:15268
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1355eedcc36803bb:SESSION-1355eedcc36803bb	SESSION-1355eedcc36803bb → pe:syn:SESSION-1355eedcc36803bb
FLOW_TO_HOSTOBS	e:to:SESSION-998c67ab79f4e23e:host:172.234.197.23	SESSION-998c67ab79f4e23e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0cf49defbe006f77:host:45.173.156.84	SESSION-0cf49defbe006f77 → host:45.173.156.84
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d77012e48557176:host:131.196.29.206	SESSION-1d77012e48557176 → host:131.196.29.206
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.53:geo_-21.10010_-41.69200	host:45.173.156.53 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96abdd68944f2af2:SESSION-96abdd68944f2af2	SESSION-96abdd68944f2af2 → pe:tls:SESSION-96abdd68944f2af2
FLOW_FROM_HOSTOBS	e:from:SESSION-b0e4303498e9ae3e:host:45.173.156.46	SESSION-b0e4303498e9ae3e → host:45.173.156.46
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-981fac77dd79326b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-981fac77dd79326b → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f59e3038c71b15e1:SESSION-f59e3038c71b15e1	SESSION-f59e3038c71b15e1 → pe:tls:SESSION-f59e3038c71b15e1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3617089369b58aaa:host:177.10.232.226	SESSION-3617089369b58aaa → host:177.10.232.226
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0daf10b890c2667:host:172.234.197.23	SESSION-f0daf10b890c2667 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-be622897972653aa:SESSION-be622897972653aa	SESSION-be622897972653aa → pe:syn:SESSION-be622897972653aa
FLOW_TO_HOSTOBS	e:to:SESSION-e32df6cc4891bacc:host:131.196.30.102	SESSION-e32df6cc4891bacc → host:131.196.30.102
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-73f1c8de70c12118:SESSION-73f1c8de70c12118	SESSION-73f1c8de70c12118 → pe:tls:SESSION-73f1c8de70c12118
FLOW_FROM_HOSTOBS	e:from:SESSION-5d5d721b5ee8bbbc:host:104.28.202.80	SESSION-5d5d721b5ee8bbbc → host:104.28.202.80
flow_observed5-aryOBS	e:fo:flow:4b25e07bf3ac	flow:4b25e07bf3ac → host:131.196.28.94 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:b6a0ced2143f	flow:b6a0ced2143f → host:131.196.29.124 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-658ca3f75d8ef503:host:177.10.238.102:host:172.234.197.23	SESSION-658ca3f75d8ef503 → host:177.10.238.102 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2dbb680dd253e19c:host:172.234.197.23	SESSION-2dbb680dd253e19c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f277335c7e8c32bb:PCAP:capture_20260428010001:b1b402c7b202	SESSION-f277335c7e8c32bb → PCAP:capture_20260428010001:b1b402c7b202
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.163:asn:273470	host:45.173.156.163 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-94e95046da2771ab:host:131.196.31.45	SESSION-94e95046da2771ab → host:131.196.31.45
FLOW_FROM_HOSTOBS	e:from:SESSION-b25c94efbacaf7d7:host:177.10.237.173	SESSION-b25c94efbacaf7d7 → host:177.10.237.173
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-accb56e5453b3fbd:flow:522b9f036c79	SESSION-accb56e5453b3fbd → flow:522b9f036c79
FLOW_FROM_HOSTOBS	e:from:SESSION-def0cb8d87964dca:host:131.196.30.64	SESSION-def0cb8d87964dca → host:131.196.30.64
FLOW_FROM_HOSTOBS	e:from:SESSION-16a55bcfd76736b7:host:131.196.28.102	SESSION-16a55bcfd76736b7 → host:131.196.28.102
FLOW_TO_HOSTOBS	e:to:SESSION-8b9228625f2ea52e:host:131.196.30.64	SESSION-8b9228625f2ea52e → host:131.196.30.64
FLOW_TO_HOSTOBS	e:to:SESSION-93cfcdba6a26f550:host:172.234.197.23	SESSION-93cfcdba6a26f550 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.109:asn:262880	host:177.10.233.109 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8e743a12f6a9d6a4:PCAP:capture_20260430070001:903a0e7a436b	SESSION-8e743a12f6a9d6a4 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b4020db38e68a457:host:172.234.197.23:host:131.196.31.57	SESSION-b4020db38e68a457 → host:172.234.197.23 → host:131.196.31.57
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a38d88507263cddf:host:45.173.156.173	SESSION-a38d88507263cddf → host:45.173.156.173
flow_observed5-aryOBS	e:fo:flow:3dee28b4049d	flow:3dee28b4049d → host:131.196.29.167 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-67ad2a69e8a9ea9e:SESSION-67ad2a69e8a9ea9e	SESSION-67ad2a69e8a9ea9e → pe:tls:SESSION-67ad2a69e8a9ea9e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6a304c3ca72ee3e7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6a304c3ca72ee3e7 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9028600f4eef977b:host:172.234.197.23	SESSION-9028600f4eef977b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd9f2ee14ec6ee20:host:172.234.197.23	SESSION-dd9f2ee14ec6ee20 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e28b3ef52579af3b:PCAP:capture_20260430090001:065659c7d314	SESSION-e28b3ef52579af3b → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6d7eebeca6a52636:host:172.234.197.23:host:177.10.233.16	SESSION-6d7eebeca6a52636 → host:172.234.197.23 → host:177.10.233.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7dc8a86be27d0230:host:177.10.234.210	SESSION-7dc8a86be27d0230 → host:177.10.234.210
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6bfe68f8e20317f4:host:172.234.197.23	SESSION-6bfe68f8e20317f4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ced8040d8221dfbc:SESSION-ced8040d8221dfbc	SESSION-ced8040d8221dfbc → pe:tls:SESSION-ced8040d8221dfbc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ccddbdb53d5af45:host:172.234.197.23:host:131.196.30.83	SESSION-6ccddbdb53d5af45 → host:172.234.197.23 → host:131.196.30.83
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8c058dbfcf0ab82c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8c058dbfcf0ab82c → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7301756ca24c49ab:host:177.10.239.235:host:172.234.197.23	SESSION-7301756ca24c49ab → host:177.10.239.235 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-63fc840f6df40503:host:172.234.197.23	SESSION-63fc840f6df40503 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f797460e505b:port:tcp:13868	flow:f797460e505b → port:tcp:13868
flow_observed4-aryOBS	e:fo:flow:a5a7f9bf05f6	flow:a5a7f9bf05f6 → host:172.234.197.23 → host:177.10.233.17 → port:tcp:64345
FLOW_DST_PORTOBS	e:fp:flow:3a460404baad:port:tcp:443	flow:3a460404baad → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-5f6c80d4cd630a20:host:177.10.233.10	SESSION-5f6c80d4cd630a20 → host:177.10.233.10
FLOW_TO_HOSTOBS	e:to:SESSION-93e1e76eb6bfe5a3:host:172.234.197.23	SESSION-93e1e76eb6bfe5a3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f5828198604c26af:SESSION-f5828198604c26af	SESSION-f5828198604c26af → pe:syn:SESSION-f5828198604c26af
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7312728f8a99afb:host:177.10.236.218	SESSION-b7312728f8a99afb → host:177.10.236.218
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65e7ac6f998115f7:PCAP:capture_20260430110001:43611bdf6759	SESSION-65e7ac6f998115f7 → PCAP:capture_20260430110001:43611bdf6759
flow_observed3-aryOBS	e:fo:flow:5059e0041202	flow:5059e0041202 → host:51.224.144.61 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9a8c913718f2ecd3:host:172.232.0.16	SESSION-9a8c913718f2ecd3 → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6515500944a7e42e:SESSION-6515500944a7e42e	SESSION-6515500944a7e42e → pe:tls:SESSION-6515500944a7e42e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.240:asn:262880	host:177.10.236.240 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ce9448c6704b565d:host:177.10.237.196:host:172.234.197.23	SESSION-ce9448c6704b565d → host:177.10.237.196 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-82093c184ece9713:host:172.234.197.23	SESSION-82093c184ece9713 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:affc50b0b638	flow:affc50b0b638 → host:177.10.234.85 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:62e5c7a79f3a:port:udp:53	flow:62e5c7a79f3a → port:udp:53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d8d921ace7c85ce9:host:172.234.197.23:host:177.10.238.238	SESSION-d8d921ace7c85ce9 → host:172.234.197.23 → host:177.10.238.238
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-051bd0ccc4bec756:PCAP:capture_20260430060001:919b39a74464	SESSION-051bd0ccc4bec756 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:308ea8154f83:port:tcp:80	flow:308ea8154f83 → port:tcp:80
FLOW_TO_HOSTOBS	e:to:SESSION-2e8105cbb514d7cf:host:177.10.237.182	SESSION-2e8105cbb514d7cf → host:177.10.237.182
FLOW_TLS_SNIOBS	e:fs:flow:da047bc8435b:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:da047bc8435b → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77e1145855a55905:SESSION-77e1145855a55905	SESSION-77e1145855a55905 → pe:syn:SESSION-77e1145855a55905
FLOW_FROM_HOSTOBS	e:from:SESSION-205f7c84653f0fb6:host:131.196.29.4	SESSION-205f7c84653f0fb6 → host:131.196.29.4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c7e6be5ba8db3cda:flow:08cad5f12b06	SESSION-c7e6be5ba8db3cda → flow:08cad5f12b06
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3cc71da406a2797a:host:172.234.197.23	SESSION-3cc71da406a2797a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5fbe82bcd0d20589:PCAP:capture_20260430060001:919b39a74464	SESSION-5fbe82bcd0d20589 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3da2bdbc54650cc7:host:172.234.197.23:host:177.10.233.150	SESSION-3da2bdbc54650cc7 → host:172.234.197.23 → host:177.10.233.150
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-be374c360242db8a:SESSION-be374c360242db8a	SESSION-be374c360242db8a → pe:tls:SESSION-be374c360242db8a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-33fcdd018bdc1a2c:flow:d858e5d91e76	SESSION-33fcdd018bdc1a2c → flow:d858e5d91e76
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ce1a5aa06c53f62:SESSION-8ce1a5aa06c53f62	SESSION-8ce1a5aa06c53f62 → pe:tls:SESSION-8ce1a5aa06c53f62
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c390a73ee41b4c6d:flow:0357935f6477	SESSION-c390a73ee41b4c6d → flow:0357935f6477
FLOW_FROM_HOSTOBS	e:from:SESSION-5e717c742e2e64ea:host:131.196.29.217	SESSION-5e717c742e2e64ea → host:131.196.29.217
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f26dae72fe8e9fa0:SESSION-f26dae72fe8e9fa0	SESSION-f26dae72fe8e9fa0 → pe:tls:SESSION-f26dae72fe8e9fa0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-32551388ee5c6c20:host:177.10.238.195:host:172.234.197.23	SESSION-32551388ee5c6c20 → host:177.10.238.195 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a103d39af7264a48:host:172.234.197.23	SESSION-a103d39af7264a48 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.42:asn:262880	host:177.10.238.42 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:64b719335e9c:port:tcp:59912	flow:64b719335e9c → port:tcp:59912
FLOW_FROM_HOSTOBS	e:from:SESSION-4c0e63fa095433d2:host:172.234.197.23	SESSION-4c0e63fa095433d2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3739e8b613327ce5:host:172.234.197.23	SESSION-3739e8b613327ce5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8224ed8c82963e52:SESSION-8224ed8c82963e52	SESSION-8224ed8c82963e52 → pe:syn:SESSION-8224ed8c82963e52
flow_observed4-aryOBS	e:fo:flow:399167c752fc	flow:399167c752fc → host:172.234.197.23 → host:45.173.156.246 → port:tcp:5598
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf12b1de67086909:SESSION-bf12b1de67086909	SESSION-bf12b1de67086909 → pe:syn:SESSION-bf12b1de67086909
FLOW_TO_HOSTOBS	e:to:SESSION-8247aea4532236dc:host:177.10.238.54	SESSION-8247aea4532236dc → host:177.10.238.54
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.34:asn:271410	host:131.196.28.34 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e652971bc7c2d2d5:flow:a6f690ed8e7b	SESSION-e652971bc7c2d2d5 → flow:a6f690ed8e7b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d6545f001e19457:host:131.196.29.157	SESSION-2d6545f001e19457 → host:131.196.29.157
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7cc58ab2d16fcbf8:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7cc58ab2d16fcbf8 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-2632ba515271ea31:host:177.10.239.185	SESSION-2632ba515271ea31 → host:177.10.239.185
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.70:geo_-23.62930_-46.63510	host:131.196.29.70 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ab686f0f0916fec6:flow:93b0ad1bd8d0	SESSION-ab686f0f0916fec6 → flow:93b0ad1bd8d0
flow_observed5-aryOBS	e:fo:flow:d1beb07c9216	flow:d1beb07c9216 → host:177.10.236.46 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-4879ced74a20729f:host:172.234.197.23	SESSION-4879ced74a20729f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-36b6bef962351df3:host:177.10.237.66:host:172.234.197.23	SESSION-36b6bef962351df3 → host:177.10.237.66 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:cdd071d1b1b0	flow:cdd071d1b1b0 → host:5.75.182.251 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-90d4f232d3edc1de:host:177.10.238.201	SESSION-90d4f232d3edc1de → host:177.10.238.201
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-36f959353527c71a:SESSION-36f959353527c71a	SESSION-36f959353527c71a → pe:syn:SESSION-36f959353527c71a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bedf3bb9bf60dde0:SESSION-bedf3bb9bf60dde0	SESSION-bedf3bb9bf60dde0 → pe:tls:SESSION-bedf3bb9bf60dde0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14cb036847147428:host:131.196.30.182	SESSION-14cb036847147428 → host:131.196.30.182
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-71340f64d1455f4f:host:16.60.246.31:host:172.234.197.23	SESSION-71340f64d1455f4f → host:16.60.246.31 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-415460770952c9a4:host:172.234.197.23	SESSION-415460770952c9a4 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.1:geo_-23.62930_-46.63510	host:131.196.28.1 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-34913801790eb8e4:host:131.196.28.238	SESSION-34913801790eb8e4 → host:131.196.28.238
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2887c6ee2de14ac9:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2887c6ee2de14ac9 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-1b69502656f28818:SESSION-1b69502656f28818	SESSION-1b69502656f28818 → pe:rst:SESSION-1b69502656f28818
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23b772dcd58e4ef3:host:177.10.234.146	SESSION-23b772dcd58e4ef3 → host:177.10.234.146
HOST_IN_ASNOBS 85%	e:ha:host:16.60.246.31:asn:16509	host:16.60.246.31 → asn:16509
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65c3eea3bc378ff0:host:172.234.197.23:host:131.196.30.81	SESSION-65c3eea3bc378ff0 → host:172.234.197.23 → host:131.196.30.81
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e0a8afad40ce0aa2:flow:162abe85c66f	SESSION-e0a8afad40ce0aa2 → flow:162abe85c66f
FLOW_FROM_HOSTOBS	e:from:SESSION-3407d813acebc00f:host:177.10.239.107	SESSION-3407d813acebc00f → host:177.10.239.107
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3b8a5f0932f0fd6d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-3b8a5f0932f0fd6d → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:e81084c1c2c5	flow:e81084c1c2c5 → host:131.196.31.5 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-10017e021bbc0f25:host:172.234.197.23:host:177.10.233.24	SESSION-10017e021bbc0f25 → host:172.234.197.23 → host:177.10.233.24
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b045e9fec039082:host:177.10.233.196:host:172.234.197.23	SESSION-5b045e9fec039082 → host:177.10.233.196 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2625555cac004c06:SESSION-2625555cac004c06	SESSION-2625555cac004c06 → pe:syn:SESSION-2625555cac004c06
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5fdfd79cbce8be94:SESSION-5fdfd79cbce8be94	SESSION-5fdfd79cbce8be94 → pe:tls:SESSION-5fdfd79cbce8be94
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fd2e4550d5ebaf09:PCAP:capture_20260430070001:903a0e7a436b	SESSION-fd2e4550d5ebaf09 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44a5aa522f98da19:host:172.234.197.23	SESSION-44a5aa522f98da19 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-dedab35c401db9fa:host:172.234.197.23	SESSION-dedab35c401db9fa → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.172:geo_-21.10010_-41.69200	host:45.173.156.172 → geo_-21.10010_-41.69200
FLOW_FROM_HOSTOBS	e:from:SESSION-e2b4854b4491f9b7:host:172.234.197.23	SESSION-e2b4854b4491f9b7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4dcbfb7362ab6402:flow:9f86f8fda089	SESSION-4dcbfb7362ab6402 → flow:9f86f8fda089
FLOW_FROM_HOSTOBS	e:from:SESSION-3762cafcd0c66be2:host:177.10.234.222	SESSION-3762cafcd0c66be2 → host:177.10.234.222
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3393fca13374f4c8:flow:ea5cad6713a3	SESSION-3393fca13374f4c8 → flow:ea5cad6713a3
FLOW_FROM_HOSTOBS	e:from:SESSION-7ed3cc3ecfbc3d3c:host:131.196.30.69	SESSION-7ed3cc3ecfbc3d3c → host:131.196.30.69
FLOW_DST_PORTOBS	e:fp:flow:554ec8997792:port:tcp:64816	flow:554ec8997792 → port:tcp:64816
FLOW_FROM_HOSTOBS	e:from:SESSION-28d0a7763ce2861c:host:177.10.233.147	SESSION-28d0a7763ce2861c → host:177.10.233.147
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-05b6ffb2a7e9e145:SESSION-05b6ffb2a7e9e145	SESSION-05b6ffb2a7e9e145 → pe:tls:SESSION-05b6ffb2a7e9e145
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-330bec399d401574:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-330bec399d401574 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eecb9eac95f77073:host:177.10.239.219	SESSION-eecb9eac95f77073 → host:177.10.239.219
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b4341cac0cb5b3aa:host:172.234.197.23:host:2.57.122.194	SESSION-b4341cac0cb5b3aa → host:172.234.197.23 → host:2.57.122.194
flow_observed4-aryOBS	e:fo:flow:0180b80bdbbd	flow:0180b80bdbbd → host:172.234.197.23 → host:177.10.232.219 → port:tcp:42937
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.194:asn:271410	host:131.196.29.194 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:bdd75a10e1d0:port:tcp:443	flow:bdd75a10e1d0 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:bb284da23027	flow:bb284da23027 → host:172.234.197.23 → host:177.10.236.37 → port:tcp:546
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ff374888c4809584:flow:62bdf54a4e6f	SESSION-ff374888c4809584 → flow:62bdf54a4e6f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b3edcc633e4f5b2c:host:131.196.28.2:host:172.234.197.23	SESSION-b3edcc633e4f5b2c → host:131.196.28.2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2eb904b60673a30b:host:172.234.197.23	SESSION-2eb904b60673a30b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6631f08e8c06a9b6:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6631f08e8c06a9b6 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-053d7bf7ef41d243:SESSION-053d7bf7ef41d243	SESSION-053d7bf7ef41d243 → pe:syn:SESSION-053d7bf7ef41d243
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.229:geo_-16.28860_-49.01640	host:177.10.237.229 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-793a524af1982647:host:3.102.169.199	SESSION-793a524af1982647 → host:3.102.169.199
FLOW_DST_PORTOBS	e:fp:flow:f4a69c79331f:port:tcp:443	flow:f4a69c79331f → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-73ce8b7b43538e4e:host:172.234.197.23	SESSION-73ce8b7b43538e4e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0482212efb1d2581:host:172.234.197.23	SESSION-0482212efb1d2581 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-875fd6bdbe4ae339:SESSION-875fd6bdbe4ae339	SESSION-875fd6bdbe4ae339 → pe:syn:SESSION-875fd6bdbe4ae339
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b792e9866f7563b8:SESSION-b792e9866f7563b8	SESSION-b792e9866f7563b8 → pe:tls:SESSION-b792e9866f7563b8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-744a603206d06e24:SESSION-744a603206d06e24	SESSION-744a603206d06e24 → pe:syn:SESSION-744a603206d06e24
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d77225c69f4fe117:SESSION-d77225c69f4fe117	SESSION-d77225c69f4fe117 → pe:tls:SESSION-d77225c69f4fe117
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-287f6ffdc6040b27:flow:acc28689c530	SESSION-287f6ffdc6040b27 → flow:acc28689c530
FLOW_FROM_HOSTOBS	e:from:SESSION-b332774cd544824a:host:177.10.237.127	SESSION-b332774cd544824a → host:177.10.237.127
FLOW_FROM_HOSTOBS	e:from:SESSION-149428cb73969f2b:host:177.10.238.35	SESSION-149428cb73969f2b → host:177.10.238.35
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.49:geo_-21.10010_-41.69200	host:45.173.156.49 → geo_-21.10010_-41.69200
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.225:asn:271410	host:131.196.31.225 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b8f2b3515afd502b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b8f2b3515afd502b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e61eb47c134600b1:host:177.10.232.167	SESSION-e61eb47c134600b1 → host:177.10.232.167
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.77:asn:271410	host:131.196.31.77 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-469f9efa6316e344:host:172.234.197.23	SESSION-469f9efa6316e344 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-456e62c8b4b103dc:SESSION-456e62c8b4b103dc	SESSION-456e62c8b4b103dc → pe:syn:SESSION-456e62c8b4b103dc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5a277796632a248:host:177.10.234.193	SESSION-b5a277796632a248 → host:177.10.234.193
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8d8471d99b0ccf5:host:177.10.239.28	SESSION-d8d8471d99b0ccf5 → host:177.10.239.28
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6a07ad54f9ab5f8:host:172.234.197.23	SESSION-e6a07ad54f9ab5f8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-49652bb4e1e9db35:PCAP:capture_20260428010001:b1b402c7b202	SESSION-49652bb4e1e9db35 → PCAP:capture_20260428010001:b1b402c7b202
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.62:geo_-23.62930_-46.63510	host:131.196.30.62 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-71917de89d264496:SESSION-71917de89d264496	SESSION-71917de89d264496 → pe:tls:SESSION-71917de89d264496
FLOW_TO_HOSTOBS	e:to:SESSION-1d9ece39eb531c8b:host:172.234.197.23	SESSION-1d9ece39eb531c8b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd7be5606f48437f:host:131.196.29.140	SESSION-dd7be5606f48437f → host:131.196.29.140
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d5e711c3b45ec85:host:131.196.30.50	SESSION-6d5e711c3b45ec85 → host:131.196.30.50
FLOW_FROM_HOSTOBS	e:from:SESSION-e5a2ddb999c90e17:host:172.234.197.23	SESSION-e5a2ddb999c90e17 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7eeea37688fc574d:flow:363bdedaf2aa	SESSION-7eeea37688fc574d → flow:363bdedaf2aa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f0d0c8f73043707f:SESSION-f0d0c8f73043707f	SESSION-f0d0c8f73043707f → pe:syn:SESSION-f0d0c8f73043707f
ASN_IN_ORGOBS 80%	e:ao:asn:4837:org:CHINA UNICOM China169 Backbone	asn:4837 → org:CHINA UNICOM China169 Backbone
FLOW_DST_PORTOBS	e:fp:flow:445edf94c548:port:tcp:36821	flow:445edf94c548 → port:tcp:36821
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-3685b3a1e6c25f1a:SESSION-3685b3a1e6c25f1a	SESSION-3685b3a1e6c25f1a → pe:rst:SESSION-3685b3a1e6c25f1a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a60794a5b314271e:host:177.10.235.210	SESSION-a60794a5b314271e → host:177.10.235.210
FLOW_FROM_HOSTOBS	e:from:SESSION-44e6d66a0a0fb56e:host:172.234.197.23	SESSION-44e6d66a0a0fb56e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d43da16ef3276f9b:host:172.234.197.23	SESSION-d43da16ef3276f9b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ef18db4a9eedd9d:SESSION-2ef18db4a9eedd9d	SESSION-2ef18db4a9eedd9d → pe:syn:SESSION-2ef18db4a9eedd9d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-54704a8587620f8b:SESSION-54704a8587620f8b	SESSION-54704a8587620f8b → pe:tls:SESSION-54704a8587620f8b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f4a86c40e28bf330:SESSION-f4a86c40e28bf330	SESSION-f4a86c40e28bf330 → pe:syn:SESSION-f4a86c40e28bf330
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.17:asn:271410	host:131.196.31.17 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b00134b34a3a387f:host:172.234.197.23	SESSION-b00134b34a3a387f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a846b5687af75eeb:host:131.196.29.91	SESSION-a846b5687af75eeb → host:131.196.29.91
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-26e26ae77a5f41e1:SESSION-26e26ae77a5f41e1	SESSION-26e26ae77a5f41e1 → pe:tls:SESSION-26e26ae77a5f41e1
FLOW_FROM_HOSTOBS	e:from:SESSION-2d3ff3dcf229051b:host:131.196.31.222	SESSION-2d3ff3dcf229051b → host:131.196.31.222
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8a9273620e0aaedc:SESSION-8a9273620e0aaedc	SESSION-8a9273620e0aaedc → pe:syn:SESSION-8a9273620e0aaedc
FLOW_TO_HOSTOBS	e:to:SESSION-08eebf44a6874d1b:host:172.234.197.23	SESSION-08eebf44a6874d1b → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a087623b0a6f	flow:a087623b0a6f → host:172.234.197.23 → host:131.196.30.83 → port:tcp:43708
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd4f490a373a283b:host:172.234.197.23	SESSION-cd4f490a373a283b → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:6746fc525fc4	flow:6746fc525fc4 → host:172.234.197.23 → host:177.10.236.237 → port:tcp:30857
FLOW_DST_PORTOBS	e:fp:flow:254a637fa466:port:tcp:443	flow:254a637fa466 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:02fb45737a78:port:tcp:443	flow:02fb45737a78 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:b2d7167908ff:port:tcp:58393	flow:b2d7167908ff → port:tcp:58393
FLOW_TO_HOSTOBS	e:to:SESSION-d6e7d46ad1b0c983:host:172.234.197.23	SESSION-d6e7d46ad1b0c983 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a2f802a56d8e0d79:SESSION-a2f802a56d8e0d79	SESSION-a2f802a56d8e0d79 → pe:syn:SESSION-a2f802a56d8e0d79
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bfe3e48aa982c746:PCAP:capture_20260430060001:919b39a74464	SESSION-bfe3e48aa982c746 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff4eb64228a8af88:host:177.10.232.152	SESSION-ff4eb64228a8af88 → host:177.10.232.152
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-959e19b011db2562:host:57.128.95.174	SESSION-959e19b011db2562 → host:57.128.95.174
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23aaa31711ea4954:host:177.10.236.196	SESSION-23aaa31711ea4954 → host:177.10.236.196
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4904f64e7943cb47:SESSION-4904f64e7943cb47	SESSION-4904f64e7943cb47 → pe:syn:SESSION-4904f64e7943cb47
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d27008d937f2d8be:SESSION-d27008d937f2d8be	SESSION-d27008d937f2d8be → pe:tls:SESSION-d27008d937f2d8be
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-55794f9e7b1a9e7f:host:177.10.234.250:host:172.234.197.23	SESSION-55794f9e7b1a9e7f → host:177.10.234.250 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a79875656e67c68:SESSION-0a79875656e67c68	SESSION-0a79875656e67c68 → pe:tls:SESSION-0a79875656e67c68
FLOW_FROM_HOSTOBS	e:from:SESSION-457bc509f900e32f:host:172.234.197.23	SESSION-457bc509f900e32f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-698d45df22ea2a48:host:45.173.156.2	SESSION-698d45df22ea2a48 → host:45.173.156.2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a650ad390b72264d:flow:4784e4b5fa43	SESSION-a650ad390b72264d → flow:4784e4b5fa43
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a457a833cb01b1f:PCAP:capture_20260430150001:ded20914761d	SESSION-4a457a833cb01b1f → PCAP:capture_20260430150001:ded20914761d
flow_observed4-aryOBS	e:fo:flow:f0e29cea7891	flow:f0e29cea7891 → host:172.234.197.23 → host:131.196.28.242 → port:tcp:4510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eee2452aad82d1c2:SESSION-eee2452aad82d1c2	SESSION-eee2452aad82d1c2 → pe:syn:SESSION-eee2452aad82d1c2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5cb3d18d192da5f3:SESSION-5cb3d18d192da5f3	SESSION-5cb3d18d192da5f3 → pe:tls:SESSION-5cb3d18d192da5f3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1fdaf54c444b72c0:SESSION-1fdaf54c444b72c0	SESSION-1fdaf54c444b72c0 → pe:syn:SESSION-1fdaf54c444b72c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-43ba6051cf9120c0:host:172.234.197.23	SESSION-43ba6051cf9120c0 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.233:geo_-16.28860_-49.01640	host:177.10.236.233 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-28d2d0e8afd37453:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-28d2d0e8afd37453 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:ae05db972f47:port:tcp:443	flow:ae05db972f47 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a2000a0c75221682:SESSION-a2000a0c75221682	SESSION-a2000a0c75221682 → pe:tls:SESSION-a2000a0c75221682
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2af2d979895f4943:host:172.234.197.23:host:177.10.236.101	SESSION-2af2d979895f4943 → host:172.234.197.23 → host:177.10.236.101
flow_observed4-aryOBS	e:fo:flow:9652a15dd0c9	flow:9652a15dd0c9 → host:172.234.197.23 → host:177.10.234.166 → port:tcp:49075
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ad42e8c66a89ee5:host:177.10.234.250	SESSION-8ad42e8c66a89ee5 → host:177.10.234.250
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ec928f375ba591f1:flow:aff142aec191	SESSION-ec928f375ba591f1 → flow:aff142aec191
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0482ff4f8e4ec953:SESSION-0482ff4f8e4ec953	SESSION-0482ff4f8e4ec953 → pe:tls:SESSION-0482ff4f8e4ec953
FLOW_TO_HOSTOBS	e:to:SESSION-76aff26f067fcb92:host:172.234.197.23	SESSION-76aff26f067fcb92 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-048f9271a2e27be7:SESSION-048f9271a2e27be7	SESSION-048f9271a2e27be7 → pe:syn:SESSION-048f9271a2e27be7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8165f1476121226e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8165f1476121226e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:5c96717ce09e	flow:5c96717ce09e → host:177.10.239.138 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-da6e864635febf48:host:131.196.30.9:host:172.234.197.23	SESSION-da6e864635febf48 → host:131.196.30.9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4cc664d616fce9d7:host:172.234.197.23:host:45.173.156.232	SESSION-4cc664d616fce9d7 → host:172.234.197.23 → host:45.173.156.232
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.137:asn:262880	host:177.10.233.137 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-51bc0a4af53b62cc:host:177.10.233.136	SESSION-51bc0a4af53b62cc → host:177.10.233.136
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fbee5c60d72abd4e:host:177.10.238.36:host:172.234.197.23	SESSION-fbee5c60d72abd4e → host:177.10.238.36 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c20c9bc4a385:port:tcp:443	flow:c20c9bc4a385 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-54127ab649dd8e15:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-54127ab649dd8e15 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9b373f59ff0198ea:host:172.234.197.23:host:177.10.235.78	SESSION-9b373f59ff0198ea → host:172.234.197.23 → host:177.10.235.78
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0debd2a005265c6e:SESSION-0debd2a005265c6e	SESSION-0debd2a005265c6e → pe:tls:SESSION-0debd2a005265c6e
flow_observed4-aryOBS	e:fo:flow:5604757aa9e4	flow:5604757aa9e4 → host:172.234.197.23 → host:177.10.232.52 → port:tcp:65032
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-24f08652bbd6b16b:SESSION-24f08652bbd6b16b	SESSION-24f08652bbd6b16b → pe:rst:SESSION-24f08652bbd6b16b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96f33e27040b9bc9:flow:72a55c97f7f1	SESSION-96f33e27040b9bc9 → flow:72a55c97f7f1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2fd944013b60077a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2fd944013b60077a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fe8896cc58e0f0aa:host:172.234.197.23:host:131.196.29.166	SESSION-fe8896cc58e0f0aa → host:172.234.197.23 → host:131.196.29.166
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4993bcd996008da0:host:131.196.30.195:host:172.234.197.23	SESSION-4993bcd996008da0 → host:131.196.30.195 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51cdac11b30f43cf:host:172.234.197.23	SESSION-51cdac11b30f43cf → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b536c20c3fd9	flow:b536c20c3fd9 → host:172.234.197.23 → host:177.10.236.157 → port:tcp:55968
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bedd6d77774b5e6:host:177.10.232.55	SESSION-3bedd6d77774b5e6 → host:177.10.232.55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-884df81342ed3b04:SESSION-884df81342ed3b04	SESSION-884df81342ed3b04 → pe:tls:SESSION-884df81342ed3b04
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.40:geo_-16.28860_-49.01640	host:177.10.239.40 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-eb9826b2bc40f219:host:172.234.197.23	SESSION-eb9826b2bc40f219 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3fdceaf69f291402:SESSION-3fdceaf69f291402	SESSION-3fdceaf69f291402 → pe:syn:SESSION-3fdceaf69f291402
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.233:geo_-23.62930_-46.63510	host:131.196.30.233 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7d6af4ef287316d5:PCAP:capture_20260430070001:903a0e7a436b	SESSION-7d6af4ef287316d5 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:8940134437ac	flow:8940134437ac → host:49.12.170.238 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-44593e1f87cfdd92:host:131.196.31.14:host:172.234.197.23	SESSION-44593e1f87cfdd92 → host:131.196.31.14 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3baedacad496627d:host:172.234.197.23	SESSION-3baedacad496627d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4a4d65023e3f:port:tcp:443	flow:4a4d65023e3f → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf1877ae18abdd85:host:131.196.31.57	SESSION-bf1877ae18abdd85 → host:131.196.31.57
FLOW_DST_PORTOBS	e:fp:flow:22753125df6d:port:tcp:443	flow:22753125df6d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5816b4a8f681ef76:SESSION-5816b4a8f681ef76	SESSION-5816b4a8f681ef76 → pe:tls:SESSION-5816b4a8f681ef76
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-304db5c18798dbb4:host:131.196.29.105	SESSION-304db5c18798dbb4 → host:131.196.29.105
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a05a386609def1c:PCAP:capture_20260430060001:919b39a74464	SESSION-0a05a386609def1c → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68e98907ffe6aa24:host:131.196.31.63	SESSION-68e98907ffe6aa24 → host:131.196.31.63
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-08b637759d13ec04:SESSION-08b637759d13ec04	SESSION-08b637759d13ec04 → pe:syn:SESSION-08b637759d13ec04
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aab54ece2b0af0b4:host:172.234.197.23	SESSION-aab54ece2b0af0b4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d28501729ed200f7:host:172.234.197.23	SESSION-d28501729ed200f7 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.193:asn:273470	host:45.173.156.193 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-035e17bf8c36a59b:flow:abdcc655bf4a	SESSION-035e17bf8c36a59b → flow:abdcc655bf4a
flow_observed4-aryOBS	e:fo:flow:ced9ee95145c	flow:ced9ee95145c → host:172.234.197.23 → host:177.10.236.161 → port:tcp:43464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-381a0e70ba36b75c:flow:de9828eb48de	SESSION-381a0e70ba36b75c → flow:de9828eb48de
flow_observed5-aryOBS	e:fo:flow:c2c88da9287a	flow:c2c88da9287a → host:88.99.91.59 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a98c5df3fe5e6d6:SESSION-4a98c5df3fe5e6d6	SESSION-4a98c5df3fe5e6d6 → pe:syn:SESSION-4a98c5df3fe5e6d6
flow_observed5-aryOBS	e:fo:flow:3cb81834e696	flow:3cb81834e696 → host:177.10.239.139 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa32b0aa2bffc0b5:PCAP:capture_20260430160001:9bfa4498506a	SESSION-aa32b0aa2bffc0b5 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-7205a781bd8c8542:host:172.234.197.23	SESSION-7205a781bd8c8542 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f750867699c9a944:host:172.234.197.23	SESSION-f750867699c9a944 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f1b581ea0c38fa14:SESSION-f1b581ea0c38fa14	SESSION-f1b581ea0c38fa14 → pe:syn:SESSION-f1b581ea0c38fa14
flow_observed5-aryOBS	e:fo:flow:07c70264eacd	flow:07c70264eacd → host:177.10.232.178 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-34a5ce0f23d7a2a1:host:177.10.237.166	SESSION-34a5ce0f23d7a2a1 → host:177.10.237.166
FLOW_TO_HOSTOBS	e:to:SESSION-deef720c855898df:host:172.234.197.23	SESSION-deef720c855898df → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-56e8cb1a5e296d06:host:172.234.197.23	SESSION-56e8cb1a5e296d06 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-182527d04a349453:SESSION-182527d04a349453	SESSION-182527d04a349453 → pe:tls:SESSION-182527d04a349453
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d32ea7105612ce28:SESSION-d32ea7105612ce28	SESSION-d32ea7105612ce28 → pe:tls:SESSION-d32ea7105612ce28
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5347add21fd9245:host:177.10.233.255	SESSION-f5347add21fd9245 → host:177.10.233.255
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-065e72b14a827150:host:172.234.197.23	SESSION-065e72b14a827150 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f344d747ad66bc9c:host:177.10.238.207	SESSION-f344d747ad66bc9c → host:177.10.238.207
FLOW_TO_HOSTOBS	e:to:SESSION-9b30dbd402b74df1:host:131.196.31.83	SESSION-9b30dbd402b74df1 → host:131.196.31.83
FLOW_FROM_HOSTOBS	e:from:SESSION-3056fcd37df4e63f:host:131.196.31.105	SESSION-3056fcd37df4e63f → host:131.196.31.105
FLOW_DST_PORTOBS	e:fp:flow:61851684d751:port:tcp:59326	flow:61851684d751 → port:tcp:59326
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.177:geo_-16.28860_-49.01640	host:177.10.235.177 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-500f03715884566d:flow:7a0d9894dd82	SESSION-500f03715884566d → flow:7a0d9894dd82
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-26a93711200ab02b:flow:2ac545a7b329	SESSION-26a93711200ab02b → flow:2ac545a7b329
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ea2f6118de4330ea:SESSION-ea2f6118de4330ea	SESSION-ea2f6118de4330ea → pe:syn:SESSION-ea2f6118de4330ea
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2db2b0c2312c18a1:PCAP:capture_20260430150001:ded20914761d	SESSION-2db2b0c2312c18a1 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-d6d6cedb2de1ad8d:host:177.10.233.124	SESSION-d6d6cedb2de1ad8d → host:177.10.233.124
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c70f7d0fa3cda32b:host:177.10.235.118	SESSION-c70f7d0fa3cda32b → host:177.10.235.118
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-def0cb8d87964dca:flow:011b97b6ff41	SESSION-def0cb8d87964dca → flow:011b97b6ff41
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4cf4d7f5409c1837:host:44.246.129.80:host:172.234.197.23	SESSION-4cf4d7f5409c1837 → host:44.246.129.80 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8b3f73c59938d0a7:host:172.234.197.23:host:177.10.237.74	SESSION-8b3f73c59938d0a7 → host:172.234.197.23 → host:177.10.237.74
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3e4d7008639203d5:flow:ce39f2d1d3cb	SESSION-3e4d7008639203d5 → flow:ce39f2d1d3cb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-442d12ad40b35d12:host:45.173.156.124	SESSION-442d12ad40b35d12 → host:45.173.156.124
FLOW_TO_HOSTOBS	e:to:SESSION-1ce76d6af7b7d93f:host:172.234.197.23	SESSION-1ce76d6af7b7d93f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89ff4b6182efd39b:host:172.234.197.23	SESSION-89ff4b6182efd39b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e576d93486607572:host:172.234.197.23	SESSION-e576d93486607572 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4da5ddbc1348c177:host:172.234.197.23:host:177.10.233.126	SESSION-4da5ddbc1348c177 → host:172.234.197.23 → host:177.10.233.126
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0efcb065a58cc475:PCAP:capture_20260430090001:065659c7d314	SESSION-0efcb065a58cc475 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1350be77996fff9b:SESSION-1350be77996fff9b	SESSION-1350be77996fff9b → pe:syn:SESSION-1350be77996fff9b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8a9b85b89d918f42:SESSION-8a9b85b89d918f42	SESSION-8a9b85b89d918f42 → pe:syn:SESSION-8a9b85b89d918f42
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-75f19254cb816cbd:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-75f19254cb816cbd → PCAP:capture_20260427230001:ca8bd1ce36e2
FLOW_TO_HOSTOBS	e:to:SESSION-31b6c18ffff74955:host:177.10.236.112	SESSION-31b6c18ffff74955 → host:177.10.236.112
FLOW_TO_HOSTOBS	e:to:SESSION-7b7f75116e650c71:host:172.234.197.23	SESSION-7b7f75116e650c71 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6db73413d50d:port:tcp:443	flow:6db73413d50d → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-456e7eaee9f2720f:host:51.224.252.115:host:172.234.197.23	SESSION-456e7eaee9f2720f → host:51.224.252.115 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:32f3ac1593ad:port:tcp:443	flow:32f3ac1593ad → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:d50c6c855668:port:tcp:443	flow:d50c6c855668 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.216:geo_-16.28860_-49.01640	host:177.10.238.216 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ba1793b4e05c9885:host:131.196.30.28:host:172.234.197.23	SESSION-ba1793b4e05c9885 → host:131.196.30.28 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07124c917c797d63:host:172.234.197.23	SESSION-07124c917c797d63 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-91da8f4807f085e6:SESSION-91da8f4807f085e6	SESSION-91da8f4807f085e6 → pe:tls:SESSION-91da8f4807f085e6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-27f108382ab89b5c:SESSION-27f108382ab89b5c	SESSION-27f108382ab89b5c → pe:rst:SESSION-27f108382ab89b5c
FLOW_DST_PORTOBS	e:fp:flow:2e52ef2b8860:port:tcp:443	flow:2e52ef2b8860 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.10:asn:273470	host:45.173.156.10 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bef16d9c79cba2c2:host:172.234.197.23	SESSION-bef16d9c79cba2c2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d45c3fc16863e5ef:host:172.234.197.23:host:131.196.30.78	SESSION-d45c3fc16863e5ef → host:172.234.197.23 → host:131.196.30.78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99752db79d6c830d:host:131.196.30.184	SESSION-99752db79d6c830d → host:131.196.30.184
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-105ac3e4c69fbe80:host:172.234.197.23	SESSION-105ac3e4c69fbe80 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d06d4272bf4950c7:host:172.234.197.23	SESSION-d06d4272bf4950c7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-def0cb8d87964dca:host:131.196.30.64:host:172.234.197.23	SESSION-def0cb8d87964dca → host:131.196.30.64 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d7f8914f0744c0dd:host:172.234.197.23	SESSION-d7f8914f0744c0dd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-465906ddd8becee4:SESSION-465906ddd8becee4	SESSION-465906ddd8becee4 → pe:tls:SESSION-465906ddd8becee4
FLOW_TO_HOSTOBS	e:to:SESSION-94dde62df04dcb4a:host:177.10.235.227	SESSION-94dde62df04dcb4a → host:177.10.235.227
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.234:geo_-16.28860_-49.01640	host:177.10.237.234 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3b13920773df7284:PCAP:capture_20260430150001:ded20914761d	SESSION-3b13920773df7284 → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6634561e4b2b2821:host:177.10.238.122:host:172.234.197.23	SESSION-6634561e4b2b2821 → host:177.10.238.122 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77593e2039f5e18a:SESSION-77593e2039f5e18a	SESSION-77593e2039f5e18a → pe:tls:SESSION-77593e2039f5e18a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2384be4238de1707:SESSION-2384be4238de1707	SESSION-2384be4238de1707 → pe:tls:SESSION-2384be4238de1707
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-f8362a96ce0b7626:SESSION-f8362a96ce0b7626	SESSION-f8362a96ce0b7626 → pe:rst:SESSION-f8362a96ce0b7626
flow_observed5-aryOBS	e:fo:flow:ade63f4d8dc5	flow:ade63f4d8dc5 → host:177.10.236.2 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:595ca985adc2	flow:595ca985adc2 → host:131.196.31.70 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-985fc991cba9cb9c:host:172.234.197.23	SESSION-985fc991cba9cb9c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d9d7757b20ed84d:host:131.196.28.214	SESSION-7d9d7757b20ed84d → host:131.196.28.214
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.251:asn:271410	host:131.196.31.251 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-779d668625040802:SESSION-779d668625040802	SESSION-779d668625040802 → pe:syn:SESSION-779d668625040802
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6cc71c07f8c21dc0:host:177.10.233.28:host:172.234.197.23	SESSION-6cc71c07f8c21dc0 → host:177.10.233.28 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-58a14b9397c116a1:PCAP:capture_20260430150001:ded20914761d	SESSION-58a14b9397c116a1 → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-17e71ce1458770d6:host:131.196.28.97:host:172.234.197.23	SESSION-17e71ce1458770d6 → host:131.196.28.97 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3930651da0a26cb4:flow:a0c1b75ee432	SESSION-3930651da0a26cb4 → flow:a0c1b75ee432
FLOW_TLS_SNIOBS	e:fs:flow:8940134437ac:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:8940134437ac → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_DST_PORTOBS	e:fp:flow:f54f749b0a4f:port:tcp:443	flow:f54f749b0a4f → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e2a14af4b2a82fd:host:177.10.236.10	SESSION-1e2a14af4b2a82fd → host:177.10.236.10
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3185739188bf8a1e:SESSION-3185739188bf8a1e	SESSION-3185739188bf8a1e → pe:syn:SESSION-3185739188bf8a1e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1b9f91f77c860b7c:host:131.196.28.151:host:172.234.197.23	SESSION-1b9f91f77c860b7c → host:131.196.28.151 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e79bdabe92472fb:host:131.196.28.165:host:172.234.197.23	SESSION-4e79bdabe92472fb → host:131.196.28.165 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.145:geo_-23.62930_-46.63510	host:131.196.28.145 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e79bdabe92472fb:SESSION-4e79bdabe92472fb	SESSION-4e79bdabe92472fb → pe:syn:SESSION-4e79bdabe92472fb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a800bc67052acb8:host:131.196.31.88	SESSION-7a800bc67052acb8 → host:131.196.31.88
HOST_IN_ASNOBS 85%	e:ha:host:16.171.255.229:asn:16509	host:16.171.255.229 → asn:16509
FLOW_TO_HOSTOBS	e:to:SESSION-c587e64f570c8df7:host:131.196.30.214	SESSION-c587e64f570c8df7 → host:131.196.30.214
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4a5a6c818be705f:flow:da1cc2692f9e	SESSION-d4a5a6c818be705f → flow:da1cc2692f9e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3959c763e6312f1d:flow:878d78b455c9	SESSION-3959c763e6312f1d → flow:878d78b455c9
FLOW_TO_HOSTOBS	e:to:SESSION-2875d034c942a134:host:131.196.30.183	SESSION-2875d034c942a134 → host:131.196.30.183
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-393d4d02c091bd7e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-393d4d02c091bd7e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-cca8cec112e53d8f:host:172.234.197.23	SESSION-cca8cec112e53d8f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d269b4a1c84321cd:SESSION-d269b4a1c84321cd	SESSION-d269b4a1c84321cd → pe:tls:SESSION-d269b4a1c84321cd
FLOW_DST_PORTOBS	e:fp:flow:d3bbb4017f36:port:tcp:443	flow:d3bbb4017f36 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-6ffbb13e97116fd4:host:177.10.235.72	SESSION-6ffbb13e97116fd4 → host:177.10.235.72
FLOW_DST_PORTOBS	e:fp:flow:a3f7ff0146b0:port:tcp:443	flow:a3f7ff0146b0 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2bb4f19f005244d2:host:131.196.28.163:host:172.234.197.23	SESSION-2bb4f19f005244d2 → host:131.196.28.163 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f1d4144b7eed	flow:f1d4144b7eed → host:177.10.234.228 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:a6f42ce3a907:port:tcp:443	flow:a6f42ce3a907 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.130:asn:262880	host:177.10.234.130 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d44d2d34cc029e97:host:172.234.197.23	SESSION-d44d2d34cc029e97 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b3a25d201ec7d699:host:172.234.197.23:host:131.196.30.236	SESSION-b3a25d201ec7d699 → host:172.234.197.23 → host:131.196.30.236
FLOW_DST_PORTOBS	e:fp:flow:f8686c85714f:port:tcp:21942	flow:f8686c85714f → port:tcp:21942
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.176:asn:262880	host:177.10.232.176 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3075d8276a1a3ff8:host:172.234.197.23:host:177.10.237.169	SESSION-3075d8276a1a3ff8 → host:172.234.197.23 → host:177.10.237.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83ce9ba3d421fc3f:host:177.10.235.230	SESSION-83ce9ba3d421fc3f → host:177.10.235.230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-82f2c01059fea89b:SESSION-82f2c01059fea89b	SESSION-82f2c01059fea89b → pe:tls:SESSION-82f2c01059fea89b
flow_observed4-aryOBS	e:fo:flow:5b1519d94b48	flow:5b1519d94b48 → host:172.234.197.23 → host:177.10.237.182 → port:tcp:28156
FLOW_DST_PORTOBS	e:fp:flow:bc01e2d2030c:port:tcp:443	flow:bc01e2d2030c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1898da4930ba04f2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1898da4930ba04f2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:b906f6cfbd63	flow:b906f6cfbd63 → host:172.234.197.23 → host:131.196.28.80 → port:tcp:25088
flow_observed5-aryOBS	e:fo:flow:ef6fcd3714b8	flow:ef6fcd3714b8 → host:131.196.28.212 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-adc05f42cd7b2533:host:172.234.197.23	SESSION-adc05f42cd7b2533 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f55570dc615df23a:host:177.10.235.190	SESSION-f55570dc615df23a → host:177.10.235.190
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f800f90b92d1e01:PCAP:capture_20260430070001:903a0e7a436b	SESSION-4f800f90b92d1e01 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-16b33dfc60975324:flow:cdd071d1b1b0	SESSION-16b33dfc60975324 → flow:cdd071d1b1b0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-09e8a1451dd94c84:host:177.10.234.104:host:172.234.197.23	SESSION-09e8a1451dd94c84 → host:177.10.234.104 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2c4d285e0a09c2a4:flow:222d767cea80	SESSION-2c4d285e0a09c2a4 → flow:222d767cea80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6965561db8b52827:SESSION-6965561db8b52827	SESSION-6965561db8b52827 → pe:syn:SESSION-6965561db8b52827
FLOW_FROM_HOSTOBS	e:from:SESSION-aae7a2cdf7b4e8cc:host:177.10.233.249	SESSION-aae7a2cdf7b4e8cc → host:177.10.233.249
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e035a13399d76ad4:SESSION-e035a13399d76ad4	SESSION-e035a13399d76ad4 → pe:syn:SESSION-e035a13399d76ad4
FLOW_TO_HOSTOBS	e:to:SESSION-829f75d99e4943bf:host:172.234.197.23	SESSION-829f75d99e4943bf → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2f691479e1fc1edf:flow:df1118cf58c3	SESSION-2f691479e1fc1edf → flow:df1118cf58c3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2761ffbe76598549:SESSION-2761ffbe76598549	SESSION-2761ffbe76598549 → pe:tls:SESSION-2761ffbe76598549
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-1d8b07a8bebdede3:BSG-BEACON-e07f4250263f	SESSION-1d8b07a8bebdede3 → BSG-BEACON-e07f4250263f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5e08e3213e2e0e28:SESSION-5e08e3213e2e0e28	SESSION-5e08e3213e2e0e28 → pe:tls:SESSION-5e08e3213e2e0e28
FLOW_DST_PORTOBS	e:fp:flow:bb9a911fd3e5:port:tcp:443	flow:bb9a911fd3e5 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.130:asn:262880	host:177.10.232.130 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.94:asn:262880	host:177.10.237.94 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5828198604c26af:host:177.10.235.185	SESSION-f5828198604c26af → host:177.10.235.185
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c491b8c96ce6e8c2:host:78.47.249.154	SESSION-c491b8c96ce6e8c2 → host:78.47.249.154
FLOW_FROM_HOSTOBS	e:from:SESSION-a58d8beb20a4c9e1:host:54.201.215.37	SESSION-a58d8beb20a4c9e1 → host:54.201.215.37
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-105866a23abaa0d9:host:172.234.197.23	SESSION-105866a23abaa0d9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5c83cde1dbe634e7:SESSION-5c83cde1dbe634e7	SESSION-5c83cde1dbe634e7 → pe:syn:SESSION-5c83cde1dbe634e7
FLOW_FROM_HOSTOBS	e:from:SESSION-8ef9a5d8a17e479b:host:172.234.197.23	SESSION-8ef9a5d8a17e479b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a60100c841341ace:host:172.234.197.23	SESSION-a60100c841341ace → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6ed5a5f4d7e8650f:host:177.10.239.135	SESSION-6ed5a5f4d7e8650f → host:177.10.239.135
flow_observed5-aryOBS	e:fo:flow:797579358402	flow:797579358402 → host:177.10.232.73 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bcb514f388fb99c6:host:177.10.235.186	SESSION-bcb514f388fb99c6 → host:177.10.235.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ded52056067d22b2:host:172.234.197.23	SESSION-ded52056067d22b2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9cd8abbfdfb95d18:host:172.234.197.23:host:131.196.29.103	SESSION-9cd8abbfdfb95d18 → host:172.234.197.23 → host:131.196.29.103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5941954cc437ab4:host:45.173.156.146	SESSION-f5941954cc437ab4 → host:45.173.156.146
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8984df52681cb36:SESSION-c8984df52681cb36	SESSION-c8984df52681cb36 → pe:syn:SESSION-c8984df52681cb36
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-28765694f1859e38:PCAP:capture_20260430110001:43611bdf6759	SESSION-28765694f1859e38 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-4eec40051c49c7bf:host:131.196.30.194	SESSION-4eec40051c49c7bf → host:131.196.30.194
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-94c9082e66baa6b5:SESSION-94c9082e66baa6b5	SESSION-94c9082e66baa6b5 → pe:syn:SESSION-94c9082e66baa6b5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-61838f073a9a90b1:host:172.234.197.23	SESSION-61838f073a9a90b1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3b376322eb831975:SESSION-3b376322eb831975	SESSION-3b376322eb831975 → pe:tls:SESSION-3b376322eb831975
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaecff6799ccb464:host:45.173.156.212	SESSION-eaecff6799ccb464 → host:45.173.156.212
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d6a1a522f9ca6e79:SESSION-d6a1a522f9ca6e79	SESSION-d6a1a522f9ca6e79 → pe:syn:SESSION-d6a1a522f9ca6e79
FLOW_FROM_HOSTOBS	e:from:SESSION-6ba035d2018b1429:host:172.234.197.23	SESSION-6ba035d2018b1429 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-23c159d0ddd6e1cb:flow:c9fbf0ec0b9e	SESSION-23c159d0ddd6e1cb → flow:c9fbf0ec0b9e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5a3cad014cd3066:SESSION-b5a3cad014cd3066	SESSION-b5a3cad014cd3066 → pe:tls:SESSION-b5a3cad014cd3066
flow_observed4-aryOBS	e:fo:flow:66a2f39ca69b	flow:66a2f39ca69b → host:172.234.197.23 → host:131.196.29.140 → port:tcp:7564
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-56fe4753b2794494:SESSION-56fe4753b2794494	SESSION-56fe4753b2794494 → pe:syn:SESSION-56fe4753b2794494
FLOW_TO_HOSTOBS	e:to:SESSION-8ca707063b726bac:host:172.234.197.23	SESSION-8ca707063b726bac → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a52e56259536	flow:a52e56259536 → host:177.10.234.78 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.82:geo_-16.28860_-49.01640	host:177.10.238.82 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-5c65a4c12e9ce549:host:177.10.235.88	SESSION-5c65a4c12e9ce549 → host:177.10.235.88
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.78:geo_-23.62930_-46.63510	host:131.196.30.78 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-5d8922fd6595a71f:host:177.10.238.42	SESSION-5d8922fd6595a71f → host:177.10.238.42
FLOW_DST_PORTOBS	e:fp:flow:7ced1b2b5b8c:port:tcp:443	flow:7ced1b2b5b8c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eab64f08bdc755fb:SESSION-eab64f08bdc755fb	SESSION-eab64f08bdc755fb → pe:tls:SESSION-eab64f08bdc755fb
FLOW_FROM_HOSTOBS	e:from:SESSION-b64c855cb393ccc0:host:172.234.197.23	SESSION-b64c855cb393ccc0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2794803b6e3661a7:SESSION-2794803b6e3661a7	SESSION-2794803b6e3661a7 → pe:tls:SESSION-2794803b6e3661a7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ac0f4c4f1d3b1c15:PCAP:capture_20260430070001:903a0e7a436b	SESSION-ac0f4c4f1d3b1c15 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fe2a9708180e5d71:host:177.10.232.168:host:172.234.197.23	SESSION-fe2a9708180e5d71 → host:177.10.232.168 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc57a46aa64b7388:host:177.10.237.53:host:172.234.197.23	SESSION-cc57a46aa64b7388 → host:177.10.237.53 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.43:geo_-16.28860_-49.01640	host:177.10.235.43 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-08ccad07eda14042:host:172.234.197.23	SESSION-08ccad07eda14042 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1870bc27b62a60a2:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1870bc27b62a60a2 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c54b7fde1829c775:host:131.196.28.231:host:172.234.197.23	SESSION-c54b7fde1829c775 → host:131.196.28.231 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-31e4a260829c636e:host:172.234.197.23	SESSION-31e4a260829c636e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-212f7b3a9bb90264:PCAP:capture_20260430070001:903a0e7a436b	SESSION-212f7b3a9bb90264 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4fd6590fe23ccd99:SESSION-4fd6590fe23ccd99	SESSION-4fd6590fe23ccd99 → pe:syn:SESSION-4fd6590fe23ccd99
FLOW_TO_HOSTOBS	e:to:SESSION-ff2c95cfb4d3a4dd:host:172.234.197.23	SESSION-ff2c95cfb4d3a4dd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-164cf6eccbbca478:flow:5a6dc0e99827	SESSION-164cf6eccbbca478 → flow:5a6dc0e99827
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.182:asn:262880	host:177.10.232.182 → asn:262880
flow_observed5-aryOBS	e:fo:flow:0975c7f9052d	flow:0975c7f9052d → host:131.196.28.147 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-537378f36f2f8a26:host:172.234.197.23	SESSION-537378f36f2f8a26 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be2d81a12844874f:host:172.234.197.23	SESSION-be2d81a12844874f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8a70682fed3cc6c8:host:177.10.233.220	SESSION-8a70682fed3cc6c8 → host:177.10.233.220
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4af85088cb1b366:host:172.234.197.23	SESSION-b4af85088cb1b366 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c80fd68cbbc51442:host:177.10.236.157:host:172.234.197.23	SESSION-c80fd68cbbc51442 → host:177.10.236.157 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28599206da4f4816:host:172.234.197.23	SESSION-28599206da4f4816 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2be48cd916ee7ccc:host:131.196.31.140	SESSION-2be48cd916ee7ccc → host:131.196.31.140
FLOW_DST_PORTOBS	e:fp:flow:29edfa6459a1:port:tcp:443	flow:29edfa6459a1 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-31de31d3c82f498d:host:172.234.197.23	SESSION-31de31d3c82f498d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:99877575f993:port:tcp:443	flow:99877575f993 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-38c7d1687d10af97:SESSION-38c7d1687d10af97	SESSION-38c7d1687d10af97 → pe:tls:SESSION-38c7d1687d10af97
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5746e0d81f0d05c1:host:92.112.71.29	SESSION-5746e0d81f0d05c1 → host:92.112.71.29
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8977638e8d6c6909:SESSION-8977638e8d6c6909	SESSION-8977638e8d6c6909 → pe:tls:SESSION-8977638e8d6c6909
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-464502b3105a6b82:host:172.234.197.23:host:131.196.30.8	SESSION-464502b3105a6b82 → host:172.234.197.23 → host:131.196.30.8
FLOW_DST_PORTOBS	e:fp:flow:38ea79073761:port:tcp:33348	flow:38ea79073761 → port:tcp:33348
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f228c5492216a597:host:172.234.197.23:host:177.10.236.120	SESSION-f228c5492216a597 → host:172.234.197.23 → host:177.10.236.120
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1cbcb5d52df9d7c9:host:131.196.30.124:host:172.234.197.23	SESSION-1cbcb5d52df9d7c9 → host:131.196.30.124 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-99de4fcd637901fc:flow:993b2f58d47e	SESSION-99de4fcd637901fc → flow:993b2f58d47e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-877b851a45681e10:host:131.196.29.90	SESSION-877b851a45681e10 → host:131.196.29.90
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38485db7731deeee:host:177.10.233.53	SESSION-38485db7731deeee → host:177.10.233.53
flow_observed5-aryOBS	e:fo:flow:1ad708fe6e05	flow:1ad708fe6e05 → host:131.196.29.22 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-ed79241b929fab43:host:172.234.197.23	SESSION-ed79241b929fab43 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51e02a163c57adb5:host:177.10.233.249	SESSION-51e02a163c57adb5 → host:177.10.233.249
FLOW_TO_HOSTOBS	e:to:SESSION-83168514d84031f4:host:172.234.197.23	SESSION-83168514d84031f4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29e21c95f9df9427:host:177.10.232.138	SESSION-29e21c95f9df9427 → host:177.10.232.138
FLOW_FROM_HOSTOBS	e:from:SESSION-e38f46dc000b6625:host:172.234.197.23	SESSION-e38f46dc000b6625 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f57d963826b0d8cc:PCAP:capture_20260430160001:9bfa4498506a	SESSION-f57d963826b0d8cc → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-478ebcd540b5d0ef:host:172.234.197.23	SESSION-478ebcd540b5d0ef → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:47ea6f78701e:port:tcp:443	flow:47ea6f78701e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-469998d187b1b945:SESSION-469998d187b1b945	SESSION-469998d187b1b945 → pe:syn:SESSION-469998d187b1b945
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-106a8139a282a728:flow:7a28d0814faa	SESSION-106a8139a282a728 → flow:7a28d0814faa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0b2e3019193f1ba:host:177.10.232.91	SESSION-f0b2e3019193f1ba → host:177.10.232.91
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85383edd293fa3f5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-85383edd293fa3f5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-42d85a7a0d0a6c22:host:172.234.197.23	SESSION-42d85a7a0d0a6c22 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85d2db504e73f17a:flow:5341bdb715fd	SESSION-85d2db504e73f17a → flow:5341bdb715fd
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-69d28aa413742c82:flow:434276056bf3	SESSION-69d28aa413742c82 → flow:434276056bf3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-baf4494100018e3a:flow:a1a774e26dd8	SESSION-baf4494100018e3a → flow:a1a774e26dd8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-367c844590f11a50:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-367c844590f11a50 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-498c2476ff0ce5ee:host:172.234.197.23:host:131.196.29.166	SESSION-498c2476ff0ce5ee → host:172.234.197.23 → host:131.196.29.166
FLOW_DST_PORTOBS	e:fp:flow:74dcb9f76d20:port:tcp:21784	flow:74dcb9f76d20 → port:tcp:21784
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fce80bc522afcc8b:flow:26582ff86251	SESSION-fce80bc522afcc8b → flow:26582ff86251
FLOW_TO_HOSTOBS	e:to:SESSION-0786c46a404d7589:host:172.234.197.23	SESSION-0786c46a404d7589 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-eaae06fce38c131f:host:172.234.197.23	SESSION-eaae06fce38c131f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-06c7d2e525939bdd:flow:63ab8c619855	SESSION-06c7d2e525939bdd → flow:63ab8c619855
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f3651e68c2556a1c:SESSION-f3651e68c2556a1c	SESSION-f3651e68c2556a1c → pe:tls:SESSION-f3651e68c2556a1c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fdb0bb1f6466838c:SESSION-fdb0bb1f6466838c	SESSION-fdb0bb1f6466838c → pe:tls:SESSION-fdb0bb1f6466838c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b1078812f997c85:host:172.234.197.23	SESSION-7b1078812f997c85 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:103321f9936d	flow:103321f9936d → host:104.28.157.111 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-defec876bf358011:host:172.234.197.23	SESSION-defec876bf358011 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9e896271e9295df4:host:172.234.197.23	SESSION-9e896271e9295df4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2240076057fcee51:flow:6a9de5a5ca92	SESSION-2240076057fcee51 → flow:6a9de5a5ca92
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09e72a02b44d9649:host:177.10.236.153	SESSION-09e72a02b44d9649 → host:177.10.236.153
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a87c967af45101a2:PCAP:capture_20260430060001:919b39a74464	SESSION-a87c967af45101a2 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d52597e88babdbe8:SESSION-d52597e88babdbe8	SESSION-d52597e88babdbe8 → pe:tls:SESSION-d52597e88babdbe8
flow_observed5-aryOBS	e:fo:flow:eab68470020d	flow:eab68470020d → host:131.196.31.136 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:abbbcfb7d5c1:port:tcp:3500	flow:abbbcfb7d5c1 → port:tcp:3500
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4b5ce2843c92e119:host:177.10.234.140:host:172.234.197.23	SESSION-4b5ce2843c92e119 → host:177.10.234.140 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e4cbb1218941faec:host:172.234.197.23	SESSION-e4cbb1218941faec → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:35.92.48.165:geo_45.84010_-119.70500	host:35.92.48.165 → geo_45.84010_-119.70500
FLOW_DST_PORTOBS	e:fp:flow:e627aad17e4f:port:tcp:443	flow:e627aad17e4f → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.91:geo_-16.28860_-49.01640	host:177.10.232.91 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:8811d2339559	flow:8811d2339559 → host:172.234.197.23 → host:131.196.31.136 → port:tcp:23711
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51bab49b2715dbc9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-51bab49b2715dbc9 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f4bd70bea69fea0d:host:131.196.29.60:host:172.234.197.23	SESSION-f4bd70bea69fea0d → host:131.196.29.60 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.156:asn:262880	host:177.10.237.156 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-a3123a8609bb9fc1:host:177.10.233.197	SESSION-a3123a8609bb9fc1 → host:177.10.233.197
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-543230bb149abbcc:SESSION-543230bb149abbcc	SESSION-543230bb149abbcc → pe:syn:SESSION-543230bb149abbcc
FLOW_TO_HOSTOBS	e:to:SESSION-54016b03ecf1701c:host:177.10.234.204	SESSION-54016b03ecf1701c → host:177.10.234.204
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a5ceca64359b9f0d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-a5ceca64359b9f0d → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3bf7bb3dc8319468:host:131.196.30.102:host:172.234.197.23	SESSION-3bf7bb3dc8319468 → host:131.196.30.102 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e488bd001486e0ee:host:172.234.197.23	SESSION-e488bd001486e0ee → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e9b874351d52a188:SESSION-e9b874351d52a188	SESSION-e9b874351d52a188 → pe:syn:SESSION-e9b874351d52a188
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f57d963826b0d8cc:SESSION-f57d963826b0d8cc	SESSION-f57d963826b0d8cc → pe:syn:SESSION-f57d963826b0d8cc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7488427d80d09cd9:SESSION-7488427d80d09cd9	SESSION-7488427d80d09cd9 → pe:syn:SESSION-7488427d80d09cd9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-37e4af30bda4d3e9:SESSION-37e4af30bda4d3e9	SESSION-37e4af30bda4d3e9 → pe:tls:SESSION-37e4af30bda4d3e9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6457b3248e0b30fe:flow:d9b5c938ec53	SESSION-6457b3248e0b30fe → flow:d9b5c938ec53
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-970108b06912c1b7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-970108b06912c1b7 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-82e825a4afeeff6a:host:177.10.237.127:host:172.234.197.23	SESSION-82e825a4afeeff6a → host:177.10.237.127 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc431699568b9daa:flow:5e254158c026	SESSION-cc431699568b9daa → flow:5e254158c026
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1870bc27b62a60a2:SESSION-1870bc27b62a60a2	SESSION-1870bc27b62a60a2 → pe:tls:SESSION-1870bc27b62a60a2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-98544383f10b4583:host:177.10.239.196:host:172.234.197.23	SESSION-98544383f10b4583 → host:177.10.239.196 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:eb3e9a7dff16:port:tcp:443	flow:eb3e9a7dff16 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:751e2322b01d:port:tcp:443	flow:751e2322b01d → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-03bb88743ccc2c68:host:177.10.234.216	SESSION-03bb88743ccc2c68 → host:177.10.234.216
flow_observed5-aryOBS	e:fo:flow:b4e10c7cf700	flow:b4e10c7cf700 → host:131.196.31.161 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c4b638117ccca22:host:177.10.237.79	SESSION-0c4b638117ccca22 → host:177.10.237.79
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-75d6129ea0f7ecdc:PCAP:capture_20260430160001:9bfa4498506a	SESSION-75d6129ea0f7ecdc → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-14a74b0f0f76c3f9:flow:b5984a3cb038	SESSION-14a74b0f0f76c3f9 → flow:b5984a3cb038
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-919126906ac50297:flow:9cfc56b56021	SESSION-919126906ac50297 → flow:9cfc56b56021
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a0e660e7f8fdd6f:host:172.234.197.23:host:177.10.236.53	SESSION-4a0e660e7f8fdd6f → host:172.234.197.23 → host:177.10.236.53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44c3a4d4ec5442f2:host:172.234.197.23	SESSION-44c3a4d4ec5442f2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bebc5cb41e4621f:host:172.234.197.23	SESSION-3bebc5cb41e4621f → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.255:asn:262880	host:177.10.232.255 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d82c2d4eaa13efdb:SESSION-d82c2d4eaa13efdb	SESSION-d82c2d4eaa13efdb → pe:tls:SESSION-d82c2d4eaa13efdb
FLOW_DST_PORTOBS	e:fp:flow:e0be60225842:port:tcp:49041	flow:e0be60225842 → port:tcp:49041
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b7d005fcddd05eb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5b7d005fcddd05eb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-78f6342ed3f64031:flow:2ae75e6bd8b9	SESSION-78f6342ed3f64031 → flow:2ae75e6bd8b9
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.118:asn:262880	host:177.10.236.118 → asn:262880
flow_observed4-aryOBS	e:fo:flow:772dd1b72f41	flow:772dd1b72f41 → host:172.234.197.23 → host:131.196.31.121 → port:tcp:32212
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7f799bd198c08bce:SESSION-7f799bd198c08bce	SESSION-7f799bd198c08bce → pe:syn:SESSION-7f799bd198c08bce
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ac87af78ff19f5c9:flow:023af7fdc649	SESSION-ac87af78ff19f5c9 → flow:023af7fdc649
flow_observed5-aryOBS	e:fo:flow:aa18cf0ab97c	flow:aa18cf0ab97c → host:95.170.25.134 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-86feda8665cc2010:host:172.234.197.23	SESSION-86feda8665cc2010 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-06d2ad4243fb8941:flow:1d280cc78648	SESSION-06d2ad4243fb8941 → flow:1d280cc78648
FLOW_TO_HOSTOBS	e:to:SESSION-28ca4d014ad9a35f:host:172.234.197.23	SESSION-28ca4d014ad9a35f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d17209bd675d4be:host:172.234.197.23	SESSION-4d17209bd675d4be → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:180.167.128.203:geo_31.22220_121.45810	host:180.167.128.203 → geo_31.22220_121.45810
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7852f400065b4a55:host:131.196.30.143:host:172.234.197.23	SESSION-7852f400065b4a55 → host:131.196.30.143 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7ad60f3efcde14b7:SESSION-7ad60f3efcde14b7	SESSION-7ad60f3efcde14b7 → pe:tls:SESSION-7ad60f3efcde14b7
flow_observed5-aryOBS	e:fo:flow:99d68b6ab450	flow:99d68b6ab450 → host:177.10.238.46 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc55eac4fb6ef554:host:172.234.197.23	SESSION-cc55eac4fb6ef554 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2bf5c26caf57dc4e:host:45.173.156.233	SESSION-2bf5c26caf57dc4e → host:45.173.156.233
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-285399b7803aab9b:host:177.10.234.81	SESSION-285399b7803aab9b → host:177.10.234.81
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.160:geo_-16.28860_-49.01640	host:177.10.232.160 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-78d87c88323785f9:host:172.234.197.23	SESSION-78d87c88323785f9 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:7f0eceff083c	flow:7f0eceff083c → host:172.234.197.23 → host:177.10.237.189 → port:tcp:1648
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a82d55b52198391:host:172.234.197.23	SESSION-1a82d55b52198391 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.203:geo_-21.10010_-41.69200	host:45.173.156.203 → geo_-21.10010_-41.69200
FLOW_FROM_HOSTOBS	e:from:SESSION-a2000a0c75221682:host:172.234.197.23	SESSION-a2000a0c75221682 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:48de3dedd1a0:port:tcp:13113	flow:48de3dedd1a0 → port:tcp:13113
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-354d6c0d37a0b016:flow:5e81ca4a36d6	SESSION-354d6c0d37a0b016 → flow:5e81ca4a36d6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f228c5492216a597:flow:20044e4ee2fa	SESSION-f228c5492216a597 → flow:20044e4ee2fa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f130592ce1f7f0fb:host:172.234.197.23	SESSION-f130592ce1f7f0fb → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-12096b18b6e78b60:SESSION-12096b18b6e78b60	SESSION-12096b18b6e78b60 → pe:syn:SESSION-12096b18b6e78b60
FLOW_TO_HOSTOBS	e:to:SESSION-a418060e7d2d204b:host:172.234.197.23	SESSION-a418060e7d2d204b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.227:geo_-23.62930_-46.63510	host:131.196.28.227 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ae017ce34991ed1:host:172.234.197.23:host:131.196.28.39	SESSION-5ae017ce34991ed1 → host:172.234.197.23 → host:131.196.28.39
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0e52442a00447444:flow:23cc248dcadf	SESSION-0e52442a00447444 → flow:23cc248dcadf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eb243e65e2b1808d:SESSION-eb243e65e2b1808d	SESSION-eb243e65e2b1808d → pe:tls:SESSION-eb243e65e2b1808d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31b8d1ec0bbdfa48:host:35.95.113.227	SESSION-31b8d1ec0bbdfa48 → host:35.95.113.227
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-896e151c898991bb:SESSION-896e151c898991bb	SESSION-896e151c898991bb → pe:syn:SESSION-896e151c898991bb
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.187:geo_-23.62930_-46.63510	host:131.196.31.187 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-eadf7b6ccdd54c7f:host:177.10.236.153	SESSION-eadf7b6ccdd54c7f → host:177.10.236.153
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a6aeb664ff97dbd:host:172.234.197.23	SESSION-9a6aeb664ff97dbd → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b86e2d63795a:port:tcp:443	flow:b86e2d63795a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-f130592ce1f7f0fb:host:177.10.239.16	SESSION-f130592ce1f7f0fb → host:177.10.239.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-37ce4ecafac50117:SESSION-37ce4ecafac50117	SESSION-37ce4ecafac50117 → pe:syn:SESSION-37ce4ecafac50117
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5f6c80d4cd630a20:PCAP:capture_20260430090001:065659c7d314	SESSION-5f6c80d4cd630a20 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8d587dd5c581936e:SESSION-8d587dd5c581936e	SESSION-8d587dd5c581936e → pe:syn:SESSION-8d587dd5c581936e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-29e21c95f9df9427:SESSION-29e21c95f9df9427	SESSION-29e21c95f9df9427 → pe:tls:SESSION-29e21c95f9df9427
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.80:asn:262880	host:177.10.235.80 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38f74251dfc6c10a:host:172.234.197.23	SESSION-38f74251dfc6c10a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88ff33eaa18cf09d:host:172.234.197.23	SESSION-88ff33eaa18cf09d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c393069a667f4e79:host:131.196.28.238	SESSION-c393069a667f4e79 → host:131.196.28.238
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-381a570e386b12a2:SESSION-381a570e386b12a2	SESSION-381a570e386b12a2 → pe:syn:SESSION-381a570e386b12a2
FLOW_DST_PORTOBS	e:fp:flow:f40a64ba9fc2:port:tcp:443	flow:f40a64ba9fc2 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b7d005fcddd05eb:SESSION-5b7d005fcddd05eb	SESSION-5b7d005fcddd05eb → pe:syn:SESSION-5b7d005fcddd05eb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fcd4658ed0002284:host:172.234.197.23:host:131.196.28.106	SESSION-fcd4658ed0002284 → host:172.234.197.23 → host:131.196.28.106
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.146:asn:273470	host:45.173.156.146 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-212f7b3a9bb90264:host:172.234.197.23	SESSION-212f7b3a9bb90264 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.169:geo_-16.28860_-49.01640	host:177.10.235.169 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.50:geo_-23.62930_-46.63510	host:131.196.29.50 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-49f6aac001a41393:SESSION-49f6aac001a41393	SESSION-49f6aac001a41393 → pe:tls:SESSION-49f6aac001a41393
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.127:asn:271410	host:131.196.31.127 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-14a32c9f71c15657:host:177.10.235.130:host:172.234.197.23	SESSION-14a32c9f71c15657 → host:177.10.235.130 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-973fc1252d207af1:host:177.10.232.251:host:172.234.197.23	SESSION-973fc1252d207af1 → host:177.10.232.251 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a5b7661178bc9fc6:host:172.234.197.23	SESSION-a5b7661178bc9fc6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44a6b99289a2f8de:host:172.234.197.23	SESSION-44a6b99289a2f8de → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d815390d9091f577:host:131.196.30.212	SESSION-d815390d9091f577 → host:131.196.30.212
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7dbbf6b8420ecf88:SESSION-7dbbf6b8420ecf88	SESSION-7dbbf6b8420ecf88 → pe:tls:SESSION-7dbbf6b8420ecf88
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f43bb83d69743819:flow:143cdd554f2d	SESSION-f43bb83d69743819 → flow:143cdd554f2d
FLOW_TO_HOSTOBS	e:to:SESSION-968009a702657adb:host:131.196.28.75	SESSION-968009a702657adb → host:131.196.28.75
flow_observed3-aryOBS	e:fo:flow:488dfbbf9ae0	flow:488dfbbf9ae0 → host:54.218.65.249 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2625cb17cae199d1:PCAP:capture_20260430080001:93f47cc296a4	SESSION-2625cb17cae199d1 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9af350d3c0c51da5:SESSION-9af350d3c0c51da5	SESSION-9af350d3c0c51da5 → pe:tls:SESSION-9af350d3c0c51da5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.165:geo_-16.28860_-49.01640	host:177.10.236.165 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f800f90b92d1e01:flow:13ac7e60e31f	SESSION-4f800f90b92d1e01 → flow:13ac7e60e31f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-745ac23dbe7bf2d2:host:172.234.197.23	SESSION-745ac23dbe7bf2d2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e8fd61411634:port:tcp:443	flow:e8fd61411634 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-0e6800c9c0f40710:host:180.167.128.203	SESSION-0e6800c9c0f40710 → host:180.167.128.203
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b3a17f957b1f0153:host:177.10.235.185:host:172.234.197.23	SESSION-b3a17f957b1f0153 → host:177.10.235.185 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06ad44a538684c23:host:177.10.237.39	SESSION-06ad44a538684c23 → host:177.10.237.39
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b16751dae4d82103:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b16751dae4d82103 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b875e262090a3924:SESSION-b875e262090a3924	SESSION-b875e262090a3924 → pe:tls:SESSION-b875e262090a3924
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.154:geo_-16.28860_-49.01640	host:177.10.239.154 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-82c9dbe3cfe7e49f:SESSION-82c9dbe3cfe7e49f	SESSION-82c9dbe3cfe7e49f → pe:tls:SESSION-82c9dbe3cfe7e49f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b8a95576c112cc14:host:131.196.31.220:host:172.234.197.23	SESSION-b8a95576c112cc14 → host:131.196.31.220 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4f12bb9f5880e55b:SESSION-4f12bb9f5880e55b	SESSION-4f12bb9f5880e55b → pe:tls:SESSION-4f12bb9f5880e55b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ea7d08352653c32:PCAP:capture_20260430150001:ded20914761d	SESSION-2ea7d08352653c32 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-469998d187b1b945:host:172.234.197.23	SESSION-469998d187b1b945 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f5731b0b8f40f73a:host:172.234.197.23	SESSION-f5731b0b8f40f73a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2a33d29db5091f68:flow:bc2e7a97da0d	SESSION-2a33d29db5091f68 → flow:bc2e7a97da0d
FLOW_DST_PORTOBS	e:fp:flow:fe4c3c3b22f1:port:tcp:443	flow:fe4c3c3b22f1 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.188:asn:271410	host:131.196.31.188 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-caa2e371708bdf2e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-caa2e371708bdf2e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d274b6d174d04d01:host:131.196.31.100:host:172.234.197.23	SESSION-d274b6d174d04d01 → host:131.196.31.100 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0940876600cf1421:SESSION-0940876600cf1421	SESSION-0940876600cf1421 → pe:syn:SESSION-0940876600cf1421
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7738f57138403f60:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-7738f57138403f60 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-49f6aac001a41393:flow:607e5005bcdf	SESSION-49f6aac001a41393 → flow:607e5005bcdf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-022fbc52c5dbb7ff:host:177.10.237.180:host:172.234.197.23	SESSION-022fbc52c5dbb7ff → host:177.10.237.180 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b00134b34a3a387f:host:172.234.197.23	SESSION-b00134b34a3a387f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3524905b33baacd0:PCAP:capture_20260430060001:919b39a74464	SESSION-3524905b33baacd0 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c93e86640e8945ad:SESSION-c93e86640e8945ad	SESSION-c93e86640e8945ad → pe:tls:SESSION-c93e86640e8945ad
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-84891f6788a8f194:SESSION-84891f6788a8f194	SESSION-84891f6788a8f194 → pe:syn:SESSION-84891f6788a8f194
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c83c0a366733c9bb:SESSION-c83c0a366733c9bb	SESSION-c83c0a366733c9bb → pe:tls:SESSION-c83c0a366733c9bb
FLOW_DST_PORTOBS	e:fp:flow:015971f697e9:port:tcp:56782	flow:015971f697e9 → port:tcp:56782
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-749084d26a1fdfcc:SESSION-749084d26a1fdfcc	SESSION-749084d26a1fdfcc → pe:tls:SESSION-749084d26a1fdfcc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47fcc0d7da6d7c1a:host:172.234.197.23	SESSION-47fcc0d7da6d7c1a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6c18405fe773	flow:6c18405fe773 → host:45.173.156.49 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-7f181002c59096f4:host:177.10.232.213	SESSION-7f181002c59096f4 → host:177.10.232.213
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-16fca057f28c0943:flow:b93dd62bf249	SESSION-16fca057f28c0943 → flow:b93dd62bf249
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0e2a52b4f9db01a4:SESSION-0e2a52b4f9db01a4	SESSION-0e2a52b4f9db01a4 → pe:syn:SESSION-0e2a52b4f9db01a4
flow_observed5-aryOBS	e:fo:flow:9ef022319f6b	flow:9ef022319f6b → host:131.196.31.85 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-164b17078fceb547:host:172.234.197.23	SESSION-164b17078fceb547 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d73bdfc32a0d	flow:d73bdfc32a0d → host:177.10.234.104 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:29edfa6459a1	flow:29edfa6459a1 → host:177.10.237.175 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-39adf49608796443:host:177.10.239.177:host:172.234.197.23	SESSION-39adf49608796443 → host:177.10.239.177 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-18178a1924ee92a1:flow:52094d815370	SESSION-18178a1924ee92a1 → flow:52094d815370
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-779dfe498151f730:flow:cf6d8e640456	SESSION-779dfe498151f730 → flow:cf6d8e640456
flow_observed5-aryOBS	e:fo:flow:139a9503b98e	flow:139a9503b98e → host:177.10.233.8 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:1ed102356031:port:tcp:57036	flow:1ed102356031 → port:tcp:57036
FLOW_DST_PORTOBS	e:fp:flow:93a88f7b92b9:port:tcp:65054	flow:93a88f7b92b9 → port:tcp:65054
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f39c81a37ca9c9d3:PCAP:capture_20260430110001:43611bdf6759	SESSION-f39c81a37ca9c9d3 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-86b4956d98680667:PCAP:capture_20260430090001:065659c7d314	SESSION-86b4956d98680667 → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:a74c8a5fa052:port:tcp:443	flow:a74c8a5fa052 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.110:asn:271410	host:131.196.28.110 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cf669240db189a71:host:172.234.197.23:host:177.10.237.12	SESSION-cf669240db189a71 → host:172.234.197.23 → host:177.10.237.12
FLOW_DST_PORTOBS	e:fp:flow:cec985d775d4:port:tcp:443	flow:cec985d775d4 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-adbb0156eea80d2f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-adbb0156eea80d2f → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:26f2346498f6	flow:26f2346498f6 → host:177.10.238.20 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6492f21e062d19aa:host:131.196.28.168:host:172.234.197.23	SESSION-6492f21e062d19aa → host:131.196.28.168 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-469998d187b1b945:host:177.10.233.78	SESSION-469998d187b1b945 → host:177.10.233.78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3651e68c2556a1c:host:172.234.197.23	SESSION-f3651e68c2556a1c → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.247:geo_-16.28860_-49.01640	host:177.10.236.247 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-81a82597e7e06ed6:flow:356dc5b46539	SESSION-81a82597e7e06ed6 → flow:356dc5b46539
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7fa8e5b00f80216f:host:172.234.197.23:host:177.10.237.1	SESSION-7fa8e5b00f80216f → host:172.234.197.23 → host:177.10.237.1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cd38adf08b5d5a9e:SESSION-cd38adf08b5d5a9e	SESSION-cd38adf08b5d5a9e → pe:tls:SESSION-cd38adf08b5d5a9e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6fdc52c769919c0f:SESSION-6fdc52c769919c0f	SESSION-6fdc52c769919c0f → pe:syn:SESSION-6fdc52c769919c0f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-69b211b684a77852:host:177.10.236.72:host:172.234.197.23	SESSION-69b211b684a77852 → host:177.10.236.72 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-803b2289978a359c:host:37.221.79.87:host:172.234.197.23	SESSION-803b2289978a359c → host:37.221.79.87 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2eec6fd9620a1613:SESSION-2eec6fd9620a1613	SESSION-2eec6fd9620a1613 → pe:syn:SESSION-2eec6fd9620a1613
FLOW_DST_PORTOBS	e:fp:flow:0c49e7844116:port:tcp:5535	flow:0c49e7844116 → port:tcp:5535
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e4d63ce34019de3:host:177.10.234.239	SESSION-4e4d63ce34019de3 → host:177.10.234.239
flow_observed5-aryOBS	e:fo:flow:84c70ec3a025	flow:84c70ec3a025 → host:177.10.233.248 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5a0c98ce5f67db5:host:131.196.28.39	SESSION-a5a0c98ce5f67db5 → host:131.196.28.39
FLOW_FROM_HOSTOBS	e:from:SESSION-7cb141c8461d1a4d:host:131.196.29.23	SESSION-7cb141c8461d1a4d → host:131.196.29.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f033dc8b343a68ab:SESSION-f033dc8b343a68ab	SESSION-f033dc8b343a68ab → pe:tls:SESSION-f033dc8b343a68ab
HOST_IN_ASNOBS 85%	e:ha:host:95.135.228.39:asn:203771	host:95.135.228.39 → asn:203771
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85f6b1896204af93:PCAP:capture_20260430050001:8868731bf8a4	SESSION-85f6b1896204af93 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b0fec424d0db7c3:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-7b0fec424d0db7c3 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0510bb60587070dd:host:172.234.197.23	SESSION-0510bb60587070dd → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e577d7cf1b0ace36:host:131.196.29.29:host:172.234.197.23	SESSION-e577d7cf1b0ace36 → host:131.196.29.29 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e49f7df60935172:flow:9a053f79f2d6	SESSION-4e49f7df60935172 → flow:9a053f79f2d6
FLOW_TO_HOSTOBS	e:to:SESSION-029d1f2d00b0343a:host:45.173.156.153	SESSION-029d1f2d00b0343a → host:45.173.156.153
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-698d45df22ea2a48:host:172.234.197.23	SESSION-698d45df22ea2a48 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb29ab40cdae1c01:host:177.10.237.18:host:172.234.197.23	SESSION-cb29ab40cdae1c01 → host:177.10.237.18 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ff90c657a3c2e88:PCAP:capture_20260430070001:903a0e7a436b	SESSION-5ff90c657a3c2e88 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed4-aryOBS	e:fo:flow:0234d60caf47	flow:0234d60caf47 → host:172.234.197.23 → host:131.196.29.12 → port:tcp:62231
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.200:geo_-23.62930_-46.63510	host:131.196.30.200 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:ff51aea43c4b:port:tcp:443	flow:ff51aea43c4b → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-92f84fab5bd8e0c8:flow:e10a87de0ef0	SESSION-92f84fab5bd8e0c8 → flow:e10a87de0ef0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0b2e3019193f1ba:host:172.234.197.23	SESSION-f0b2e3019193f1ba → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:a552d7b0d5be	flow:a552d7b0d5be → host:43.192.54.92 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fc301fc8fa5220df:SESSION-fc301fc8fa5220df	SESSION-fc301fc8fa5220df → pe:syn:SESSION-fc301fc8fa5220df
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ed2dc2be6795ae2:host:177.10.232.149	SESSION-5ed2dc2be6795ae2 → host:177.10.232.149
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d00f55e5db951c5:flow:e5317dc12631	SESSION-1d00f55e5db951c5 → flow:e5317dc12631
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.185:asn:262880	host:177.10.235.185 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.59:geo_-16.28860_-49.01640	host:177.10.233.59 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:555fbcdc8478:port:tcp:80	flow:555fbcdc8478 → port:tcp:80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4c4adfb3e188a176:SESSION-4c4adfb3e188a176	SESSION-4c4adfb3e188a176 → pe:tls:SESSION-4c4adfb3e188a176
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.255:asn:203771	host:92.112.71.255 → asn:203771
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.246:asn:262880	host:177.10.232.246 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:0710fc26396d:port:tcp:443	flow:0710fc26396d → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:9ca610a28dc3	flow:9ca610a28dc3 → host:172.234.197.23 → host:177.10.239.57 → port:tcp:49382
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.122:asn:271410	host:131.196.29.122 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-4013c9000873101b:host:131.196.28.231	SESSION-4013c9000873101b → host:131.196.28.231
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fcdaaf650d72b5bc:host:177.10.235.129	SESSION-fcdaaf650d72b5bc → host:177.10.235.129
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-54aea84c156a3c18:flow:d0c462915807	SESSION-54aea84c156a3c18 → flow:d0c462915807
FLOW_FROM_HOSTOBS	e:from:SESSION-378ead2076355bca:host:172.234.197.23	SESSION-378ead2076355bca → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c8895d5095fd:port:tcp:17747	flow:c8895d5095fd → port:tcp:17747
FLOW_TO_HOSTOBS	e:to:SESSION-32012e3b5048e415:host:172.234.197.23	SESSION-32012e3b5048e415 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6315d280130065c8:SESSION-6315d280130065c8	SESSION-6315d280130065c8 → pe:syn:SESSION-6315d280130065c8
FLOW_TO_HOSTOBS	e:to:SESSION-5c65a4c12e9ce549:host:172.234.197.23	SESSION-5c65a4c12e9ce549 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e27a0dcdc385	flow:e27a0dcdc385 → host:131.196.29.153 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-d1532b7922e59746:host:131.196.29.241	SESSION-d1532b7922e59746 → host:131.196.29.241
flow_observed5-aryOBS	e:fo:flow:d35ba3898200	flow:d35ba3898200 → host:131.196.29.203 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:0610a22af30a	flow:0610a22af30a → host:177.10.232.1 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f2aa671fdac09172:flow:ce9908fd477e	SESSION-f2aa671fdac09172 → flow:ce9908fd477e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.255:geo_-23.62930_-46.63510	host:131.196.29.255 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-29f6930bb002305c:SESSION-29f6930bb002305c	SESSION-29f6930bb002305c → pe:tls:SESSION-29f6930bb002305c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3f7e801a59e8e93f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-3f7e801a59e8e93f → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:51.224.181.45:asn:16509	host:51.224.181.45 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-915c694a7f41c8e3:SESSION-915c694a7f41c8e3	SESSION-915c694a7f41c8e3 → pe:syn:SESSION-915c694a7f41c8e3
FLOW_FROM_HOSTOBS	e:from:SESSION-1228b317d5ce27b4:host:45.173.156.194	SESSION-1228b317d5ce27b4 → host:45.173.156.194
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.38:geo_-16.28860_-49.01640	host:177.10.239.38 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f39fdcb76f4b9f9d:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f39fdcb76f4b9f9d → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-282c3beb2e9d9d39:host:45.173.156.149	SESSION-282c3beb2e9d9d39 → host:45.173.156.149
FLOW_DST_PORTOBS	e:fp:flow:f3680fa657a2:port:tcp:45978	flow:f3680fa657a2 → port:tcp:45978
flow_observed5-aryOBS	e:fo:flow:a787ca249a1b	flow:a787ca249a1b → host:54.91.240.230 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2cb296f879c20d45:flow:d3569eada1d9	SESSION-2cb296f879c20d45 → flow:d3569eada1d9
FLOW_FROM_HOSTOBS	e:from:SESSION-7dc8a86be27d0230:host:177.10.234.210	SESSION-7dc8a86be27d0230 → host:177.10.234.210
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.60:asn:262880	host:177.10.232.60 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-5ee625266e5aa068:host:172.234.197.23	SESSION-5ee625266e5aa068 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.114:asn:271410	host:131.196.29.114 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2387fa1f153c5b33:host:177.10.238.9	SESSION-2387fa1f153c5b33 → host:177.10.238.9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-75ac13f212ea06a5:PCAP:capture_20260430070001:903a0e7a436b	SESSION-75ac13f212ea06a5 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa09fbb5e640ff94:PCAP:capture_20260430110001:43611bdf6759	SESSION-aa09fbb5e640ff94 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fb645c1b10558a95:host:172.234.197.23:host:177.10.233.93	SESSION-fb645c1b10558a95 → host:172.234.197.23 → host:177.10.233.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-91da8f4807f085e6:SESSION-91da8f4807f085e6	SESSION-91da8f4807f085e6 → pe:syn:SESSION-91da8f4807f085e6
FLOW_DST_PORTOBS	e:fp:flow:2ae75e6bd8b9:port:tcp:43790	flow:2ae75e6bd8b9 → port:tcp:43790
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa7ff8c6e8f0ef9e:flow:6e9f8e4544a3	SESSION-aa7ff8c6e8f0ef9e → flow:6e9f8e4544a3
FLOW_FROM_HOSTOBS	e:from:SESSION-0dea31b94d7dde57:host:131.196.31.195	SESSION-0dea31b94d7dde57 → host:131.196.31.195
FLOW_DST_PORTOBS	e:fp:flow:184a61da04f3:port:tcp:3589	flow:184a61da04f3 → port:tcp:3589
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5bae596d14ec2741:flow:26f2346498f6	SESSION-5bae596d14ec2741 → flow:26f2346498f6
flow_observed4-aryOBS	e:fo:flow:a64aac8ff523	flow:a64aac8ff523 → host:172.234.197.23 → host:131.196.31.253 → port:tcp:55924
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8c18109925f9685a:SESSION-8c18109925f9685a	SESSION-8c18109925f9685a → pe:syn:SESSION-8c18109925f9685a
flow_observed5-aryOBS	e:fo:flow:c47c7aa7a02f	flow:c47c7aa7a02f → host:103.230.240.59 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29bf5bdb9e3850fd:host:172.234.197.23	SESSION-29bf5bdb9e3850fd → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.157:asn:262880	host:177.10.236.157 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0537be800f2fa6cb:host:172.234.197.23	SESSION-0537be800f2fa6cb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-347229f80efdfaa4:host:172.234.197.23	SESSION-347229f80efdfaa4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a83b6f19c39d579f:flow:7c9996f23e8d	SESSION-a83b6f19c39d579f → flow:7c9996f23e8d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-05167940272dd019:host:172.234.197.23	SESSION-05167940272dd019 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4f8f4fc610e76fd:host:177.10.234.81	SESSION-c4f8f4fc610e76fd → host:177.10.234.81
flow_observed4-aryOBS	e:fo:flow:e1110b1e3871	flow:e1110b1e3871 → host:172.234.197.23 → host:131.196.31.225 → port:tcp:11157
FLOW_TO_HOSTOBS	e:to:SESSION-e8070c9158a1a853:host:45.173.156.148	SESSION-e8070c9158a1a853 → host:45.173.156.148
FLOW_DST_PORTOBS	e:fp:flow:f996eec81ce9:port:tcp:443	flow:f996eec81ce9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1aa9055f8e3197b:host:172.234.197.23	SESSION-c1aa9055f8e3197b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35dc83e37639d031:host:131.196.29.116	SESSION-35dc83e37639d031 → host:131.196.29.116
FLOW_DST_PORTOBS	e:fp:flow:3108c78e87d1:port:udp:53	flow:3108c78e87d1 → port:udp:53
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-288c2773d91d95c9:BSG-BEACON-1f5c19bfbe6f	SESSION-288c2773d91d95c9 → BSG-BEACON-1f5c19bfbe6f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-feb7243d21c3bd2d:flow:e72e68d4fcd0	SESSION-feb7243d21c3bd2d → flow:e72e68d4fcd0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a4d952075d0ee24:host:177.10.234.224	SESSION-5a4d952075d0ee24 → host:177.10.234.224
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e225557ebe736948:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e225557ebe736948 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-21cca31493e9287d:SESSION-21cca31493e9287d	SESSION-21cca31493e9287d → pe:syn:SESSION-21cca31493e9287d
FLOW_DST_PORTOBS	e:fp:flow:bd73033b18da:port:tcp:443	flow:bd73033b18da → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-7e7ccd5c552e41a1:host:177.10.239.200	SESSION-7e7ccd5c552e41a1 → host:177.10.239.200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef914cd10270daad:host:172.234.197.23	SESSION-ef914cd10270daad → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3e5e93fe3cda49d:host:45.173.156.63	SESSION-a3e5e93fe3cda49d → host:45.173.156.63
flow_observed5-aryOBS	e:fo:flow:589804c7c320	flow:589804c7c320 → host:177.10.234.51 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed3-aryOBS	e:fo:flow:5fb4b7650da7	flow:5fb4b7650da7 → host:34.216.76.26 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a77e99309dd6e28:host:177.10.235.14:host:172.234.197.23	SESSION-8a77e99309dd6e28 → host:177.10.235.14 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6a304c3ca72ee3e7:flow:c06e3241e73d	SESSION-6a304c3ca72ee3e7 → flow:c06e3241e73d
FLOW_FROM_HOSTOBS	e:from:SESSION-2e3764b25412d87e:host:172.234.197.23	SESSION-2e3764b25412d87e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68ee3afa191e6305:host:177.10.237.88:host:172.234.197.23	SESSION-68ee3afa191e6305 → host:177.10.237.88 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d1802072f1dd852:host:177.10.233.101	SESSION-0d1802072f1dd852 → host:177.10.233.101
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa658fe130f71ff5:SESSION-aa658fe130f71ff5	SESSION-aa658fe130f71ff5 → pe:tls:SESSION-aa658fe130f71ff5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-07bcf39894ea5ee9:SESSION-07bcf39894ea5ee9	SESSION-07bcf39894ea5ee9 → pe:tls:SESSION-07bcf39894ea5ee9
FLOW_FROM_HOSTOBS	e:from:SESSION-cd248be3cf9515b5:host:131.196.31.182	SESSION-cd248be3cf9515b5 → host:131.196.31.182
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8e3ae4e48a37cfd6:SESSION-8e3ae4e48a37cfd6	SESSION-8e3ae4e48a37cfd6 → pe:tls:SESSION-8e3ae4e48a37cfd6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ea9e167400c380e9:host:177.10.236.60:host:172.234.197.23	SESSION-ea9e167400c380e9 → host:177.10.236.60 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eec2a7691ff15afc:host:172.234.197.23	SESSION-eec2a7691ff15afc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac0f4c4f1d3b1c15:host:177.10.238.48	SESSION-ac0f4c4f1d3b1c15 → host:177.10.238.48
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06ba851c038c998a:host:172.234.197.23	SESSION-06ba851c038c998a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7a11ee5d378ab4f4:PCAP:capture_20260430070001:903a0e7a436b	SESSION-7a11ee5d378ab4f4 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.238:geo_-23.62930_-46.63510	host:131.196.31.238 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7ccf0be9923f197d:SESSION-7ccf0be9923f197d	SESSION-7ccf0be9923f197d → pe:tls:SESSION-7ccf0be9923f197d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a0efb63412ce5061:PCAP:capture_20260430110001:43611bdf6759	SESSION-a0efb63412ce5061 → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.15:asn:271410	host:131.196.28.15 → asn:271410
flow_observed5-aryOBS	e:fo:flow:86c234463be6	flow:86c234463be6 → host:177.10.238.53 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d79f2acd73027b39:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d79f2acd73027b39 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0d1802072f1dd852:SESSION-0d1802072f1dd852	SESSION-0d1802072f1dd852 → pe:tls:SESSION-0d1802072f1dd852
flow_observed5-aryOBS	e:fo:flow:89f3bc0b68f9	flow:89f3bc0b68f9 → host:45.173.156.156 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1fc279480f80cfd1:SESSION-1fc279480f80cfd1	SESSION-1fc279480f80cfd1 → pe:syn:SESSION-1fc279480f80cfd1
FLOW_DST_PORTOBS	e:fp:flow:e31aa8f495d5:port:tcp:443	flow:e31aa8f495d5 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d2e29524ed5dcc05:SESSION-d2e29524ed5dcc05	SESSION-d2e29524ed5dcc05 → pe:syn:SESSION-d2e29524ed5dcc05
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.186:asn:262880	host:177.10.235.186 → asn:262880
FLOW_TLS_SNIOBS	e:fs:flow:9c1aaa33a089:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:9c1aaa33a089 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d99d46a236a5e045:flow:3333aa4b72a0	SESSION-d99d46a236a5e045 → flow:3333aa4b72a0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-783928d3af0eed6e:SESSION-783928d3af0eed6e	SESSION-783928d3af0eed6e → pe:tls:SESSION-783928d3af0eed6e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b6806cb851ed3b70:SESSION-b6806cb851ed3b70	SESSION-b6806cb851ed3b70 → pe:tls:SESSION-b6806cb851ed3b70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e2a14af4b2a82fd:host:172.234.197.23	SESSION-1e2a14af4b2a82fd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c1a20baa14a0758:host:131.196.28.22	SESSION-8c1a20baa14a0758 → host:131.196.28.22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-67c350ca0312f6cb:SESSION-67c350ca0312f6cb	SESSION-67c350ca0312f6cb → pe:tls:SESSION-67c350ca0312f6cb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f718f291e0c401d5:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f718f291e0c401d5 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-7e50b84c66ab32ef:host:172.234.197.23	SESSION-7e50b84c66ab32ef → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c0ceaca72bbee92:host:131.196.30.223	SESSION-4c0ceaca72bbee92 → host:131.196.30.223
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65d181126b4cfd8f:host:177.10.236.12:host:172.234.197.23	SESSION-65d181126b4cfd8f → host:177.10.236.12 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f12bb9f5880e55b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-4f12bb9f5880e55b → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-198cd8f9bb6f8909:flow:79fb2d904119	SESSION-198cd8f9bb6f8909 → flow:79fb2d904119
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2add8aa10ab84ed:host:172.234.197.23	SESSION-a2add8aa10ab84ed → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-306afa7fa31a1f87:host:172.234.197.23	SESSION-306afa7fa31a1f87 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.142:asn:262880	host:177.10.232.142 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-14e24a51491967d5:SESSION-14e24a51491967d5	SESSION-14e24a51491967d5 → pe:tls:SESSION-14e24a51491967d5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eed281d532ce25c6:SESSION-eed281d532ce25c6	SESSION-eed281d532ce25c6 → pe:tls:SESSION-eed281d532ce25c6
FLOW_TO_HOSTOBS	e:to:SESSION-9a27c97c4e7ac566:host:172.234.197.23	SESSION-9a27c97c4e7ac566 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aecaf39909333efc:SESSION-aecaf39909333efc	SESSION-aecaf39909333efc → pe:syn:SESSION-aecaf39909333efc
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.208:asn:262880	host:177.10.239.208 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.113:geo_-23.62930_-46.63510	host:131.196.28.113 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2daf8cded5fb19ed:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2daf8cded5fb19ed → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c716fd204e4ddd99:PCAP:capture_20260428020001:ce87acd1c162	SESSION-c716fd204e4ddd99 → PCAP:capture_20260428020001:ce87acd1c162
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d610f9ec6aa577ae:SESSION-d610f9ec6aa577ae	SESSION-d610f9ec6aa577ae → pe:tls:SESSION-d610f9ec6aa577ae
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fec8e81be891b7cc:host:172.234.197.23	SESSION-fec8e81be891b7cc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-426c38e34029cb1b:host:172.234.197.23	SESSION-426c38e34029cb1b → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:7155f28d1746	flow:7155f28d1746 → host:172.234.197.23 → host:131.196.31.157 → port:tcp:15109
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4a5a6c818be705f:host:92.112.71.203	SESSION-d4a5a6c818be705f → host:92.112.71.203
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-59d5bafa56d514c9:SESSION-59d5bafa56d514c9	SESSION-59d5bafa56d514c9 → pe:tls:SESSION-59d5bafa56d514c9
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.156:asn:203771	host:45.145.152.156 → asn:203771
FLOW_TO_HOSTOBS	e:to:SESSION-6cecd25b5e4e4c9c:host:177.10.234.89	SESSION-6cecd25b5e4e4c9c → host:177.10.234.89
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-99eb989e9371b0fb:SESSION-99eb989e9371b0fb	SESSION-99eb989e9371b0fb → pe:syn:SESSION-99eb989e9371b0fb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f0b2e3019193f1ba:SESSION-f0b2e3019193f1ba	SESSION-f0b2e3019193f1ba → pe:tls:SESSION-f0b2e3019193f1ba
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97344bc6f8ca22f4:host:131.196.30.103	SESSION-97344bc6f8ca22f4 → host:131.196.30.103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1a930dc0f03fa17:host:172.234.197.23	SESSION-d1a930dc0f03fa17 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:8aa8cac023d8:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:8aa8cac023d8 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8b9228625f2ea52e:flow:64143516771f	SESSION-8b9228625f2ea52e → flow:64143516771f
FLOW_DST_PORTOBS	e:fp:flow:aa21f695c888:port:tcp:443	flow:aa21f695c888 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-9fed3e3a3ac1c6fb:host:172.234.197.23	SESSION-9fed3e3a3ac1c6fb → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4ef48c8a3468	flow:4ef48c8a3468 → host:131.196.30.167 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7bd472de7dbc823f:host:172.234.197.23	SESSION-7bd472de7dbc823f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-74744b11834c8470:host:45.173.156.52	SESSION-74744b11834c8470 → host:45.173.156.52
FLOW_DST_PORTOBS	e:fp:flow:8d2fac406199:port:tcp:25205	flow:8d2fac406199 → port:tcp:25205
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5fbe4987e86bc38:host:172.234.197.23:host:131.196.29.230	SESSION-b5fbe4987e86bc38 → host:172.234.197.23 → host:131.196.29.230
FLOW_FROM_HOSTOBS	e:from:SESSION-79b864f146b8f07b:host:177.10.238.208	SESSION-79b864f146b8f07b → host:177.10.238.208
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-79787964fff3a281:SESSION-79787964fff3a281	SESSION-79787964fff3a281 → pe:tls:SESSION-79787964fff3a281
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-49b6ef2582cca14b:flow:efc0306a2c81	SESSION-49b6ef2582cca14b → flow:efc0306a2c81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a390ade8fe745ada:SESSION-a390ade8fe745ada	SESSION-a390ade8fe745ada → pe:tls:SESSION-a390ade8fe745ada
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.223:asn:203771	host:185.231.226.223 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:fac98caa6a69:port:tcp:7813	flow:fac98caa6a69 → port:tcp:7813
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.191:asn:262880	host:177.10.233.191 → asn:262880
flow_observed4-aryOBS	e:fo:flow:2ae75e6bd8b9	flow:2ae75e6bd8b9 → host:172.234.197.23 → host:131.196.31.18 → port:tcp:43790
FLOW_FROM_HOSTOBS	e:from:SESSION-290c9b11e52fd3ba:host:177.10.233.51	SESSION-290c9b11e52fd3ba → host:177.10.233.51
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3d13cea2cf7dcee:host:172.234.197.23	SESSION-f3d13cea2cf7dcee → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1c21445b24cd8699:host:172.234.197.23:host:177.10.235.186	SESSION-1c21445b24cd8699 → host:172.234.197.23 → host:177.10.235.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-113c4b09005431cc:host:131.196.29.155	SESSION-113c4b09005431cc → host:131.196.29.155
FLOW_TO_HOSTOBS	e:to:SESSION-077a58eb2518fab4:host:172.234.197.23	SESSION-077a58eb2518fab4 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:3.102.169.199:asn:16509	host:3.102.169.199 → asn:16509
FLOW_DST_PORTOBS	e:fp:flow:d75121ea7e90:port:tcp:14289	flow:d75121ea7e90 → port:tcp:14289
flow_observed3-aryOBS	e:fo:flow:b9e53f112bb2	flow:b9e53f112bb2 → host:103.97.91.27 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6c92725f4a9fb4a7:flow:6d5104ce4fb1	SESSION-6c92725f4a9fb4a7 → flow:6d5104ce4fb1
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-9866420dbc5d2da0:BSG-BEACON-29500c131ebb	SESSION-9866420dbc5d2da0 → BSG-BEACON-29500c131ebb
FLOW_TO_HOSTOBS	e:to:SESSION-30f00b6e6078f800:host:177.10.234.164	SESSION-30f00b6e6078f800 → host:177.10.234.164
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bfd9e24a99b67097:SESSION-bfd9e24a99b67097	SESSION-bfd9e24a99b67097 → pe:syn:SESSION-bfd9e24a99b67097
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b082affabc66a77:host:131.196.31.71	SESSION-8b082affabc66a77 → host:131.196.31.71
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.190:geo_41.00190_28.96450	host:95.170.25.190 → geo_41.00190_28.96450
flow_observed5-aryOBS	e:fo:flow:90755bcc0d94	flow:90755bcc0d94 → host:45.173.156.107 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4670d2b8fb3d0344:PCAP:capture_20260430070001:903a0e7a436b	SESSION-4670d2b8fb3d0344 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e09f613cd450ebc9:host:172.234.197.23	SESSION-e09f613cd450ebc9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ef3ba231e3ca4d6:host:172.234.197.23	SESSION-4ef3ba231e3ca4d6 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4ba3ff89783efd81:flow:9eec284b5d7b	SESSION-4ba3ff89783efd81 → flow:9eec284b5d7b
FLOW_TO_HOSTOBS	e:to:SESSION-c82cc9c39e4191e7:host:177.10.239.255	SESSION-c82cc9c39e4191e7 → host:177.10.239.255
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7d6af4ef287316d5:flow:9540f6a4186b	SESSION-7d6af4ef287316d5 → flow:9540f6a4186b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.69:asn:262880	host:177.10.235.69 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-06ad44a538684c23:host:177.10.237.39	SESSION-06ad44a538684c23 → host:177.10.237.39
FLOW_FROM_HOSTOBS	e:from:SESSION-d8900744845bb6f3:host:177.10.232.81	SESSION-d8900744845bb6f3 → host:177.10.232.81
flow_observed5-aryOBS	e:fo:flow:9cdd8a130290	flow:9cdd8a130290 → host:177.10.239.247 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16fca057f28c0943:host:177.10.238.87	SESSION-16fca057f28c0943 → host:177.10.238.87
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4235901c81cb167b:host:172.234.197.23:host:172.232.0.16	SESSION-4235901c81cb167b → host:172.234.197.23 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4e339b9f879a911:host:172.234.197.23	SESSION-d4e339b9f879a911 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:97fa7f95a5ba	flow:97fa7f95a5ba → host:177.10.234.36 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-f0bdeae27fd42a89:host:177.10.232.243	SESSION-f0bdeae27fd42a89 → host:177.10.232.243
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-370545020cd57187:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-370545020cd57187 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14a32c9f71c15657:host:177.10.235.130	SESSION-14a32c9f71c15657 → host:177.10.235.130
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85d2db504e73f17a:host:131.196.29.139:host:172.234.197.23	SESSION-85d2db504e73f17a → host:131.196.29.139 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1052ae798d70afda:host:131.196.31.169	SESSION-1052ae798d70afda → host:131.196.31.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eed281d532ce25c6:host:177.10.236.12	SESSION-eed281d532ce25c6 → host:177.10.236.12
flow_observed4-aryOBS	e:fo:flow:b5cae6f976a7	flow:b5cae6f976a7 → host:172.234.197.23 → host:177.10.239.252 → port:tcp:58018
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b2bcd9d2c0b41b4:host:172.234.197.23	SESSION-9b2bcd9d2c0b41b4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-8f59bcaffd8dcae9:SESSION-8f59bcaffd8dcae9	SESSION-8f59bcaffd8dcae9 → pe:rst:SESSION-8f59bcaffd8dcae9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ac2cef9f7dcbf562:SESSION-ac2cef9f7dcbf562	SESSION-ac2cef9f7dcbf562 → pe:syn:SESSION-ac2cef9f7dcbf562
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7f77535316d56a4c:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-7f77535316d56a4c → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-715e4cea63e7cde7:host:177.10.232.27:host:172.234.197.23	SESSION-715e4cea63e7cde7 → host:177.10.232.27 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fbe3edafde6a655f:flow:42631cfe8686	SESSION-fbe3edafde6a655f → flow:42631cfe8686
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aee71e8cd1625550:host:172.234.197.23:host:177.10.237.254	SESSION-aee71e8cd1625550 → host:172.234.197.23 → host:177.10.237.254
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92fb186a1f8eeacc:host:172.234.197.23	SESSION-92fb186a1f8eeacc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9c84656a173f6275:host:172.234.197.23	SESSION-9c84656a173f6275 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1518dad52645fa99:PCAP:capture_20260430070001:903a0e7a436b	SESSION-1518dad52645fa99 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:3d31c04c05c6:port:tcp:443	flow:3d31c04c05c6 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-69ac7334931bf6c1:host:131.196.30.83:host:172.234.197.23	SESSION-69ac7334931bf6c1 → host:131.196.30.83 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1fd73a09d62d6f89:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1fd73a09d62d6f89 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-5b5b84f652a18f91:host:177.10.233.246	SESSION-5b5b84f652a18f91 → host:177.10.233.246
FLOW_DST_PORTOBS	e:fp:flow:acc8fbc4722c:port:tcp:443	flow:acc8fbc4722c → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.137:asn:271410	host:131.196.30.137 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6cc71c07f8c21dc0:SESSION-6cc71c07f8c21dc0	SESSION-6cc71c07f8c21dc0 → pe:tls:SESSION-6cc71c07f8c21dc0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1a7a1da766d51711:host:172.234.197.23:host:177.10.238.94	SESSION-1a7a1da766d51711 → host:172.234.197.23 → host:177.10.238.94
flow_observed4-aryOBS	e:fo:flow:06b8e713de3e	flow:06b8e713de3e → host:172.234.197.23 → host:131.196.28.201 → port:tcp:15755
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ae33589f66e7ab9:host:184.171.210.134:host:172.234.197.23	SESSION-6ae33589f66e7ab9 → host:184.171.210.134 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b4af85088cb1b366:flow:63ccea984296	SESSION-b4af85088cb1b366 → flow:63ccea984296
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e717c742e2e64ea:host:131.196.29.217	SESSION-5e717c742e2e64ea → host:131.196.29.217
flow_observed5-aryOBS	e:fo:flow:682d61a35e49	flow:682d61a35e49 → host:177.10.232.152 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f5958a673e968588:SESSION-f5958a673e968588	SESSION-f5958a673e968588 → pe:syn:SESSION-f5958a673e968588
FLOW_FROM_HOSTOBS	e:from:SESSION-1f44963c65f506a9:host:172.234.197.23	SESSION-1f44963c65f506a9 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:df9b8944cbe1:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:df9b8944cbe1 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-39845edf8e8f640a:host:131.196.30.130	SESSION-39845edf8e8f640a → host:131.196.30.130
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-15939dedfcffc5e5:flow:2fe97f13971f	SESSION-15939dedfcffc5e5 → flow:2fe97f13971f
FLOW_TLS_SNIOBS	e:fs:flow:3abeeb1965d0:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:3abeeb1965d0 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-926d10c9776453b9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-926d10c9776453b9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:b307b7cec2f0	flow:b307b7cec2f0 → host:131.196.29.150 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-6543ef151e834843:BSG-BEACON-2568ae649544	SESSION-6543ef151e834843 → BSG-BEACON-2568ae649544
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-92a69e37100365d0:SESSION-92a69e37100365d0	SESSION-92a69e37100365d0 → pe:tls:SESSION-92a69e37100365d0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4ce89d337c6c28e5:SESSION-4ce89d337c6c28e5	SESSION-4ce89d337c6c28e5 → pe:syn:SESSION-4ce89d337c6c28e5
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-7fc1282909254587:BSG-BEACON-61380c9a629a	SESSION-7fc1282909254587 → BSG-BEACON-61380c9a629a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1d384de4bfeb31c0:SESSION-1d384de4bfeb31c0	SESSION-1d384de4bfeb31c0 → pe:tls:SESSION-1d384de4bfeb31c0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2824f9b79e0fb1f1:host:172.234.197.23:host:131.196.29.50	SESSION-2824f9b79e0fb1f1 → host:172.234.197.23 → host:131.196.29.50
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-53fb5011e3d13c28:flow:018ac0da39dd	SESSION-53fb5011e3d13c28 → flow:018ac0da39dd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a074f157090defb0:host:131.196.30.68	SESSION-a074f157090defb0 → host:131.196.30.68
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a519ad2ae4c53179:flow:3fc5c3c3e3a8	SESSION-a519ad2ae4c53179 → flow:3fc5c3c3e3a8
FLOW_DST_PORTOBS	e:fp:flow:a4f5157605f3:port:tcp:443	flow:a4f5157605f3 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf12b1de67086909:SESSION-bf12b1de67086909	SESSION-bf12b1de67086909 → pe:tls:SESSION-bf12b1de67086909
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37ce4ecafac50117:flow:e4ae608d5e53	SESSION-37ce4ecafac50117 → flow:e4ae608d5e53
FLOW_FROM_HOSTOBS	e:from:SESSION-2287ae96f90f1374:host:177.10.234.81	SESSION-2287ae96f90f1374 → host:177.10.234.81
FLOW_FROM_HOSTOBS	e:from:SESSION-255149252f7b9c37:host:172.234.197.23	SESSION-255149252f7b9c37 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-169e7d2007075619:PCAP:capture_20260430070001:903a0e7a436b	SESSION-169e7d2007075619 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-186abbea6a1cb4f5:SESSION-186abbea6a1cb4f5	SESSION-186abbea6a1cb4f5 → pe:tls:SESSION-186abbea6a1cb4f5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cde6fb5ccac54489:flow:eddc440ccdc9	SESSION-cde6fb5ccac54489 → flow:eddc440ccdc9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-95152bde385a2e89:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-95152bde385a2e89 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-065b3042ded53057:flow:655ce0523929	SESSION-065b3042ded53057 → flow:655ce0523929
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-44aa905e757bc471:PCAP:capture_20260430160001:9bfa4498506a	SESSION-44aa905e757bc471 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a846b5687af75eeb:host:172.234.197.23	SESSION-a846b5687af75eeb → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-86feda8665cc2010:host:45.173.156.150:host:172.234.197.23	SESSION-86feda8665cc2010 → host:45.173.156.150 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:81ec5a0f7e7c	flow:81ec5a0f7e7c → host:172.234.197.23 → host:45.173.156.201 → port:tcp:22867
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5c24af053222fbf1:flow:6ae674c519e5	SESSION-5c24af053222fbf1 → flow:6ae674c519e5
FLOW_FROM_HOSTOBS	e:from:SESSION-c8466bbcc058d46c:host:131.196.31.6	SESSION-c8466bbcc058d46c → host:131.196.31.6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-efb89dcd313d4029:PCAP:capture_20260430150001:ded20914761d	SESSION-efb89dcd313d4029 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-69029b06bbd64972:PCAP:capture_20260430080001:93f47cc296a4	SESSION-69029b06bbd64972 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:05d0d63bce37:port:tcp:35511	flow:05d0d63bce37 → port:tcp:35511
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.85:geo_-23.62930_-46.63510	host:131.196.29.85 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-9433c1773faa9882:SESSION-9433c1773faa9882	SESSION-9433c1773faa9882 → pe:dns:SESSION-9433c1773faa9882
flow_observed5-aryOBS	e:fo:flow:f6aafd0bf44a	flow:f6aafd0bf44a → host:45.173.156.61 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-921486915e849834:SESSION-921486915e849834	SESSION-921486915e849834 → pe:syn:SESSION-921486915e849834
HOST_IN_ASNOBS 85%	e:ha:host:185.236.240.137:asn:204880	host:185.236.240.137 → asn:204880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65c3eea3bc378ff0:flow:bfd00da90046	SESSION-65c3eea3bc378ff0 → flow:bfd00da90046
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.83:geo_-16.28860_-49.01640	host:177.10.237.83 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-124cb6be20cbe456:host:177.10.236.222:host:172.234.197.23	SESSION-124cb6be20cbe456 → host:177.10.236.222 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.55:geo_-21.10010_-41.69200	host:45.173.156.55 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:ff39fa820eb8:port:tcp:443	flow:ff39fa820eb8 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:b08eb85e8c9a	flow:b08eb85e8c9a → host:131.196.28.56 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-16f8bda1e1d11332:host:177.10.239.220	SESSION-16f8bda1e1d11332 → host:177.10.239.220
flow_observed5-aryOBS	e:fo:flow:b81f7fd27c1a	flow:b81f7fd27c1a → host:177.10.237.198 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ab75a0984f628f7a:host:131.196.30.31:host:172.234.197.23	SESSION-ab75a0984f628f7a → host:131.196.30.31 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:199.16.157.182:geo_33.76970_-84.37540	host:199.16.157.182 → geo_33.76970_-84.37540
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66746867faa9cf3c:host:177.10.237.117	SESSION-66746867faa9cf3c → host:177.10.237.117
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07a584f2a7f89f38:host:51.91.243.64	SESSION-07a584f2a7f89f38 → host:51.91.243.64
flow_observed4-aryOBS	e:fo:flow:4272b5576122	flow:4272b5576122 → host:172.234.197.23 → host:131.196.28.100 → port:tcp:17043
FLOW_TO_HOSTOBS	e:to:SESSION-46da9b8beaa478c9:host:172.234.197.23	SESSION-46da9b8beaa478c9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-abf4853d72eba17e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-abf4853d72eba17e → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e853a157c23802e1:host:177.10.237.252:host:172.234.197.23	SESSION-e853a157c23802e1 → host:177.10.237.252 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8631759e2d7ec30:SESSION-c8631759e2d7ec30	SESSION-c8631759e2d7ec30 → pe:tls:SESSION-c8631759e2d7ec30
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-55ac8b9837cbe539:flow:7304835f81a0	SESSION-55ac8b9837cbe539 → flow:7304835f81a0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9e8879d591cbfcd7:PCAP:capture_20260430160001:9bfa4498506a	SESSION-9e8879d591cbfcd7 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ebb29f0c8a91fe62:host:177.10.233.82	SESSION-ebb29f0c8a91fe62 → host:177.10.233.82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2e29524ed5dcc05:host:177.10.234.193	SESSION-d2e29524ed5dcc05 → host:177.10.234.193
flow_observed5-aryOBS	e:fo:flow:e8c8116b8c73	flow:e8c8116b8c73 → host:131.196.30.104 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa8465f08de511a2:PCAP:capture_20260430090001:065659c7d314	SESSION-aa8465f08de511a2 → PCAP:capture_20260430090001:065659c7d314
flow_observed4-aryOBS	e:fo:flow:ea2fa5e8521f	flow:ea2fa5e8521f → host:172.234.197.23 → host:177.10.234.155 → port:tcp:373
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f355ffd88e7f5027:host:131.196.29.55:host:172.234.197.23	SESSION-f355ffd88e7f5027 → host:131.196.29.55 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98083f958ccf36d4:host:185.231.226.73	SESSION-98083f958ccf36d4 → host:185.231.226.73
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0af0d5d1b3f6259:host:131.196.31.111	SESSION-c0af0d5d1b3f6259 → host:131.196.31.111
HOST_IN_ASNOBS 85%	e:ha:host:95.135.228.10:asn:203771	host:95.135.228.10 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e49a14deb2e22da:host:172.234.197.23	SESSION-4e49a14deb2e22da → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.87:asn:262880	host:177.10.233.87 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4325a6893dda791:host:131.196.29.254:host:172.234.197.23	SESSION-c4325a6893dda791 → host:131.196.29.254 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:df9b8944cbe1:port:tcp:443	flow:df9b8944cbe1 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.67:geo_-16.28860_-49.01640	host:177.10.239.67 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b3b2d33602e817e1:SESSION-b3b2d33602e817e1	SESSION-b3b2d33602e817e1 → pe:syn:SESSION-b3b2d33602e817e1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f6b9574b70ed197:host:177.10.235.184	SESSION-4f6b9574b70ed197 → host:177.10.235.184
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c008c2d2b932d4b:host:172.234.197.23	SESSION-7c008c2d2b932d4b → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:43128debff45	flow:43128debff45 → host:172.234.197.23 → host:45.173.156.125 → port:tcp:20233
FLOW_FROM_HOSTOBS	e:from:SESSION-cf07a99306d1414b:host:45.173.156.52	SESSION-cf07a99306d1414b → host:45.173.156.52
FLOW_FROM_HOSTOBS	e:from:SESSION-592c559641abdde0:host:172.234.197.23	SESSION-592c559641abdde0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-35910be85c736a39:SESSION-35910be85c736a39	SESSION-35910be85c736a39 → pe:tls:SESSION-35910be85c736a39
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-bc308b17bca42662:SESSION-bc308b17bca42662	SESSION-bc308b17bca42662 → pe:rst:SESSION-bc308b17bca42662
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc5634306e23209a:host:45.173.156.240	SESSION-fc5634306e23209a → host:45.173.156.240
FLOW_FROM_HOSTOBS	e:from:SESSION-d846bfa2b8f8474d:host:177.10.235.61	SESSION-d846bfa2b8f8474d → host:177.10.235.61
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3e70a8d6fd08b895:SESSION-3e70a8d6fd08b895	SESSION-3e70a8d6fd08b895 → pe:tls:SESSION-3e70a8d6fd08b895
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.165:geo_-23.62930_-46.63510	host:131.196.31.165 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.3:asn:262880	host:177.10.239.3 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-9866420dbc5d2da0:host:172.234.197.23	SESSION-9866420dbc5d2da0 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2eb24274e849c36c:flow:559550acef46	SESSION-2eb24274e849c36c → flow:559550acef46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-715e4cea63e7cde7:SESSION-715e4cea63e7cde7	SESSION-715e4cea63e7cde7 → pe:syn:SESSION-715e4cea63e7cde7
flow_observed5-aryOBS	e:fo:flow:1b20de5d296d	flow:1b20de5d296d → host:131.196.31.238 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:09b6582c8a0e:port:tcp:443	flow:09b6582c8a0e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8107d9388b9d334:host:131.196.30.227	SESSION-b8107d9388b9d334 → host:131.196.30.227
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7da23a3c779474e1:PCAP:capture_20260430080001:93f47cc296a4	SESSION-7da23a3c779474e1 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-598f28b8a9577970:SESSION-598f28b8a9577970	SESSION-598f28b8a9577970 → pe:syn:SESSION-598f28b8a9577970
FLOW_DST_PORTOBS	e:fp:flow:57bb81ff7455:port:tcp:443	flow:57bb81ff7455 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:4312a4e24087	flow:4312a4e24087 → host:177.10.237.68 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:6c8fb4510aa3	flow:6c8fb4510aa3 → host:172.234.197.23 → host:177.10.234.166 → port:tcp:29037
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dbacd0066146a93a:host:172.234.197.23:host:45.173.156.204	SESSION-dbacd0066146a93a → host:172.234.197.23 → host:45.173.156.204
FLOW_DST_PORTOBS	e:fp:flow:e7d613fd7a38:port:tcp:80	flow:e7d613fd7a38 → port:tcp:80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-86f48b7df98fd466:PCAP:capture_20260430060001:919b39a74464	SESSION-86f48b7df98fd466 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:8dabb052ca27:port:tcp:443	flow:8dabb052ca27 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.206:asn:262880	host:177.10.239.206 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c3e0ded89b78d8d:host:172.234.197.23	SESSION-3c3e0ded89b78d8d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a457a833cb01b1f:host:131.196.29.40	SESSION-4a457a833cb01b1f → host:131.196.29.40
FLOW_FROM_HOSTOBS	e:from:SESSION-ec50ec61227c5d5c:host:172.234.197.23	SESSION-ec50ec61227c5d5c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee8b7e20de209690:host:172.234.197.23	SESSION-ee8b7e20de209690 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:174baaf0ee8b:port:tcp:29713	flow:174baaf0ee8b → port:tcp:29713
FLOW_FROM_HOSTOBS	e:from:SESSION-e63bd10e327c33f1:host:177.10.238.106	SESSION-e63bd10e327c33f1 → host:177.10.238.106
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.184:asn:262880	host:177.10.239.184 → asn:262880
flow_observed5-aryOBS	e:fo:flow:a57a86bd2d87	flow:a57a86bd2d87 → host:177.10.232.180 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8b6005e750e5a47f:SESSION-8b6005e750e5a47f	SESSION-8b6005e750e5a47f → pe:syn:SESSION-8b6005e750e5a47f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2d551807307fa9b9:flow:fd5aff6c936b	SESSION-2d551807307fa9b9 → flow:fd5aff6c936b
FLOW_TO_HOSTOBS	e:to:SESSION-c80fd68cbbc51442:host:172.234.197.23	SESSION-c80fd68cbbc51442 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:eb41407044c6	flow:eb41407044c6 → host:131.196.31.120 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-310a1cee325ffc65:host:172.234.197.23	SESSION-310a1cee325ffc65 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-16b002b5a5ba0e61:PCAP:capture_20260430050001:8868731bf8a4	SESSION-16b002b5a5ba0e61 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a88c1288033e7cc:flow:f6dc10e80159	SESSION-0a88c1288033e7cc → flow:f6dc10e80159
FLOW_DST_PORTOBS	e:fp:flow:b1dff4ad0695:port:udp:53	flow:b1dff4ad0695 → port:udp:53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a60100c841341ace:SESSION-a60100c841341ace	SESSION-a60100c841341ace → pe:syn:SESSION-a60100c841341ace
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.219:asn:273470	host:45.173.156.219 → asn:273470
FLOW_DST_PORTOBS	e:fp:flow:927dcbb083cd:port:tcp:443	flow:927dcbb083cd → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-91e694161f32570f:flow:7742b84315b0	SESSION-91e694161f32570f → flow:7742b84315b0
FLOW_FROM_HOSTOBS	e:from:SESSION-a6ec641540644ee0:host:172.234.197.23	SESSION-a6ec641540644ee0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f709c3d74e04443c:host:131.196.30.83	SESSION-f709c3d74e04443c → host:131.196.30.83
FLOW_TO_HOSTOBS	e:to:SESSION-ac9ecab386602d8f:host:172.234.197.23	SESSION-ac9ecab386602d8f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1ef21b7a0702	flow:1ef21b7a0702 → host:177.10.237.190 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:77f19b7707e9	flow:77f19b7707e9 → host:172.234.197.23 → host:177.10.235.74 → port:tcp:29446
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5ee9797d15d423e:flow:276b9ed754b6	SESSION-b5ee9797d15d423e → flow:276b9ed754b6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f40be42edcf6e8ed:host:172.234.197.23	SESSION-f40be42edcf6e8ed → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa658fe130f71ff5:flow:30b27dd71f22	SESSION-aa658fe130f71ff5 → flow:30b27dd71f22
FLOW_FROM_HOSTOBS	e:from:SESSION-a03207ab88db82b5:host:45.173.156.3	SESSION-a03207ab88db82b5 → host:45.173.156.3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7caa5c0db9dc8d4:host:172.234.197.23:host:131.196.29.184	SESSION-b7caa5c0db9dc8d4 → host:172.234.197.23 → host:131.196.29.184
flow_observed5-aryOBS	e:fo:flow:6115367b739c	flow:6115367b739c → host:131.196.29.31 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:079d8a1faf2e:port:tcp:17588	flow:079d8a1faf2e → port:tcp:17588
FLOW_FROM_HOSTOBS	e:from:SESSION-cef4b415a72da702:host:177.10.235.14	SESSION-cef4b415a72da702 → host:177.10.235.14
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e4815ec5b053775:flow:5c24a41a15ce	SESSION-4e4815ec5b053775 → flow:5c24a41a15ce
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3a22e38c714d83c7:SESSION-3a22e38c714d83c7	SESSION-3a22e38c714d83c7 → pe:syn:SESSION-3a22e38c714d83c7
FLOW_TO_HOSTOBS	e:to:SESSION-5e80661c10e8e6e7:host:172.234.197.23	SESSION-5e80661c10e8e6e7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6ddfef5208babd34:host:177.10.238.236	SESSION-6ddfef5208babd34 → host:177.10.238.236
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1a09dd97dc23cca0:PCAP:capture_20260430090001:065659c7d314	SESSION-1a09dd97dc23cca0 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-ed59d63ff912d69c:host:177.10.238.50	SESSION-ed59d63ff912d69c → host:177.10.238.50
FLOW_FROM_HOSTOBS	e:from:SESSION-b31cf1240fb1e101:host:172.234.197.23	SESSION-b31cf1240fb1e101 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d9ab0e2fb8bff1f:host:45.173.156.78	SESSION-7d9ab0e2fb8bff1f → host:45.173.156.78
FLOW_FROM_HOSTOBS	e:from:SESSION-8cb528496ded9d11:host:177.10.238.94	SESSION-8cb528496ded9d11 → host:177.10.238.94
FLOW_TO_HOSTOBS	e:to:SESSION-2e3764b25412d87e:host:177.10.236.1	SESSION-2e3764b25412d87e → host:177.10.236.1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.204:geo_-16.28860_-49.01640	host:177.10.233.204 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-118e26ad77e50cb0:host:172.234.197.23	SESSION-118e26ad77e50cb0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60c160c47311ca12:host:47.129.136.46	SESSION-60c160c47311ca12 → host:47.129.136.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7ff9648a7e097bde:SESSION-7ff9648a7e097bde	SESSION-7ff9648a7e097bde → pe:syn:SESSION-7ff9648a7e097bde
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-825be4419cbefff8:SESSION-825be4419cbefff8	SESSION-825be4419cbefff8 → pe:tls:SESSION-825be4419cbefff8
FLOW_TO_HOSTOBS	e:to:SESSION-77755e4fda54087c:host:172.234.197.23	SESSION-77755e4fda54087c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-11641f941720f4cf:SESSION-11641f941720f4cf	SESSION-11641f941720f4cf → pe:syn:SESSION-11641f941720f4cf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-329dd162e3e18437:flow:b53c87af663d	SESSION-329dd162e3e18437 → flow:b53c87af663d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.172:asn:262880	host:177.10.235.172 → asn:262880
flow_observed5-aryOBS	e:fo:flow:15d752012211	flow:15d752012211 → host:131.196.30.102 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-903738316b123ea7:host:172.234.197.23	SESSION-903738316b123ea7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9b373f59ff0198ea:SESSION-9b373f59ff0198ea	SESSION-9b373f59ff0198ea → pe:tls:SESSION-9b373f59ff0198ea
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3cdf0b404a4678c5:host:177.10.239.15:host:172.234.197.23	SESSION-3cdf0b404a4678c5 → host:177.10.239.15 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f07a2dad0dfb354:host:177.10.235.43	SESSION-5f07a2dad0dfb354 → host:177.10.235.43
FLOW_DST_PORTOBS	e:fp:flow:9440bd4080fa:port:tcp:443	flow:9440bd4080fa → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-550b52f6103256cd:host:177.10.237.251	SESSION-550b52f6103256cd → host:177.10.237.251
FLOW_TO_HOSTOBS	e:to:SESSION-136356e88c69bcaa:host:177.10.238.97	SESSION-136356e88c69bcaa → host:177.10.238.97
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8bfe47632c127d09:host:172.234.197.23	SESSION-8bfe47632c127d09 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8f5b7d4cd5351b11:flow:1e9c70ccf0e5	SESSION-8f5b7d4cd5351b11 → flow:1e9c70ccf0e5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2d551807307fa9b9:SESSION-2d551807307fa9b9	SESSION-2d551807307fa9b9 → pe:tls:SESSION-2d551807307fa9b9
FLOW_FROM_HOSTOBS	e:from:SESSION-328b0864666a263b:host:177.10.238.66	SESSION-328b0864666a263b → host:177.10.238.66
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-531f1f169db2954c:SESSION-531f1f169db2954c	SESSION-531f1f169db2954c → pe:tls:SESSION-531f1f169db2954c
FLOW_TO_HOSTOBS	e:to:SESSION-67e4e454d5bff348:host:131.196.28.35	SESSION-67e4e454d5bff348 → host:131.196.28.35
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3df67864d859fde0:host:172.234.197.23	SESSION-3df67864d859fde0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-73ce8b7b43538e4e:host:104.28.202.79	SESSION-73ce8b7b43538e4e → host:104.28.202.79
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.234:geo_-16.28860_-49.01640	host:177.10.236.234 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-c98a634aa4cfbed2:host:177.10.235.133	SESSION-c98a634aa4cfbed2 → host:177.10.235.133
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.187:geo_-16.28860_-49.01640	host:177.10.238.187 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4793a163d681d0d0:host:177.10.239.156	SESSION-4793a163d681d0d0 → host:177.10.239.156
FLOW_FROM_HOSTOBS	e:from:SESSION-d43ecb134342fe00:host:177.10.237.127	SESSION-d43ecb134342fe00 → host:177.10.237.127
FLOW_TO_HOSTOBS	e:to:SESSION-0a918f52003c304f:host:172.234.197.23	SESSION-0a918f52003c304f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-deef720c855898df:host:172.234.197.23	SESSION-deef720c855898df → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4993bcd996008da0:SESSION-4993bcd996008da0	SESSION-4993bcd996008da0 → pe:tls:SESSION-4993bcd996008da0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14a32c9f71c15657:host:172.234.197.23	SESSION-14a32c9f71c15657 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e2a6d6aa009e10c:host:172.234.197.23	SESSION-1e2a6d6aa009e10c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.130:asn:271410	host:131.196.30.130 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-56ec76ae342b7ee6:SESSION-56ec76ae342b7ee6	SESSION-56ec76ae342b7ee6 → pe:syn:SESSION-56ec76ae342b7ee6
FLOW_FROM_HOSTOBS	e:from:SESSION-20b9f3feffcc2290:host:131.196.31.194	SESSION-20b9f3feffcc2290 → host:131.196.31.194
flow_observed4-aryOBS	e:fo:flow:0ff7a75e4f64	flow:0ff7a75e4f64 → host:172.234.197.23 → host:45.173.156.92 → port:tcp:52073
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f35bbd3887f167bf:host:177.10.239.67	SESSION-f35bbd3887f167bf → host:177.10.239.67
FLOW_FROM_HOSTOBS	e:from:SESSION-b338c508fb604797:host:172.234.197.23	SESSION-b338c508fb604797 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc0f694a62c9abc8:host:172.234.197.23:host:177.10.234.169	SESSION-cc0f694a62c9abc8 → host:172.234.197.23 → host:177.10.234.169
FLOW_FROM_HOSTOBS	e:from:SESSION-38fb62728f2b5e64:host:177.10.237.255	SESSION-38fb62728f2b5e64 → host:177.10.237.255
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-28ca4d014ad9a35f:SESSION-28ca4d014ad9a35f	SESSION-28ca4d014ad9a35f → pe:tls:SESSION-28ca4d014ad9a35f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5e93d3fe416fcd95:host:172.234.197.23:host:177.10.237.211	SESSION-5e93d3fe416fcd95 → host:172.234.197.23 → host:177.10.237.211
FLOW_TO_HOSTOBS	e:to:SESSION-e034fcb399102895:host:177.10.234.0	SESSION-e034fcb399102895 → host:177.10.234.0
FLOW_TO_HOSTOBS	e:to:SESSION-0c7d8b58da7be6c5:host:172.234.197.23	SESSION-0c7d8b58da7be6c5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-397164cbc5836ff1:SESSION-397164cbc5836ff1	SESSION-397164cbc5836ff1 → pe:tls:SESSION-397164cbc5836ff1
FLOW_FROM_HOSTOBS	e:from:SESSION-08df11bd27017e71:host:172.234.197.23	SESSION-08df11bd27017e71 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef3cd86b38e13880:host:172.234.197.23	SESSION-ef3cd86b38e13880 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ce88726966df20e:PCAP:capture_20260430060001:919b39a74464	SESSION-5ce88726966df20e → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-1462f3fe112e9d96:host:131.196.30.131	SESSION-1462f3fe112e9d96 → host:131.196.30.131
FLOW_TO_HOSTOBS	e:to:SESSION-b88c76d0206f2960:host:172.234.197.23	SESSION-b88c76d0206f2960 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96eb62897cd314d5:host:177.10.235.188:host:172.234.197.23	SESSION-96eb62897cd314d5 → host:177.10.235.188 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7f181002c59096f4:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-7f181002c59096f4 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-164cf6eccbbca478:host:172.94.9.253	SESSION-164cf6eccbbca478 → host:172.94.9.253
FLOW_TO_HOSTOBS	e:to:SESSION-721df94622c41f42:host:172.234.197.23	SESSION-721df94622c41f42 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-265a2f0fa666e936:SESSION-265a2f0fa666e936	SESSION-265a2f0fa666e936 → pe:tls:SESSION-265a2f0fa666e936
FLOW_TO_HOSTOBS	e:to:SESSION-a16085aea35a1403:host:103.230.240.59	SESSION-a16085aea35a1403 → host:103.230.240.59
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc58620ced71d747:host:131.196.29.192:host:172.234.197.23	SESSION-cc58620ced71d747 → host:131.196.29.192 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6a10e6ba939684b8:host:172.234.197.23	SESSION-6a10e6ba939684b8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ce2516dd8311d56:flow:f6708e611b35	SESSION-1ce2516dd8311d56 → flow:f6708e611b35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7c3601b8f3a6cf17:SESSION-7c3601b8f3a6cf17	SESSION-7c3601b8f3a6cf17 → pe:tls:SESSION-7c3601b8f3a6cf17
FLOW_DST_PORTOBS	e:fp:flow:2743dce9549e:port:tcp:443	flow:2743dce9549e → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ea5a5c8bbfcfd548:host:131.196.29.229:host:172.234.197.23	SESSION-ea5a5c8bbfcfd548 → host:131.196.29.229 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c3b504551617ec2c:SESSION-c3b504551617ec2c	SESSION-c3b504551617ec2c → pe:tls:SESSION-c3b504551617ec2c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ae99c26bd6d2dd56:SESSION-ae99c26bd6d2dd56	SESSION-ae99c26bd6d2dd56 → pe:syn:SESSION-ae99c26bd6d2dd56
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d58cfad877959bea:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-d58cfad877959bea → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a10047b74101a9ce:host:177.10.238.106	SESSION-a10047b74101a9ce → host:177.10.238.106
FLOW_TO_HOSTOBS	e:to:SESSION-c9136bc11056d23d:host:172.234.197.23	SESSION-c9136bc11056d23d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fa49e5af791c6122:host:172.234.197.23	SESSION-fa49e5af791c6122 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6515500944a7e42e:host:177.10.234.71:host:172.234.197.23	SESSION-6515500944a7e42e → host:177.10.234.71 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2091e87bc96ca173:host:172.234.197.23	SESSION-2091e87bc96ca173 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3b2b5737f36d7ec:host:172.234.197.23	SESSION-f3b2b5737f36d7ec → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:0c0e1523deb4	flow:0c0e1523deb4 → host:172.234.197.23 → host:131.196.29.226 → port:tcp:55777
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dbe0692b3b05f921:host:177.10.237.180	SESSION-dbe0692b3b05f921 → host:177.10.237.180
flow_observed5-aryOBS	e:fo:flow:9b1232626ced	flow:9b1232626ced → host:177.10.238.66 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bebd9f8afa50544a:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-bebd9f8afa50544a → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-664631b6c582f1f7:flow:e204ebd6e9a0	SESSION-664631b6c582f1f7 → flow:e204ebd6e9a0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf1b38a91c361f4b:host:172.234.197.23	SESSION-cf1b38a91c361f4b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-396da887f3ac73e5:flow:49d51b781591	SESSION-396da887f3ac73e5 → flow:49d51b781591
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a38bfeac3fad0550:host:45.173.156.128	SESSION-a38bfeac3fad0550 → host:45.173.156.128
flow_observed5-aryOBS	e:fo:flow:f413e7c103a3	flow:f413e7c103a3 → host:177.10.236.191 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d32b9643240d8a79:SESSION-d32b9643240d8a79	SESSION-d32b9643240d8a79 → pe:syn:SESSION-d32b9643240d8a79
FLOW_TO_HOSTOBS	e:to:SESSION-718be43f3a8e9f39:host:172.234.197.23	SESSION-718be43f3a8e9f39 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b89a1b1f5399599:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7b89a1b1f5399599 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b859feadb239919:host:172.234.197.23	SESSION-4b859feadb239919 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d52597e88babdbe8:host:172.234.197.23	SESSION-d52597e88babdbe8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-affecc1e92c420cb:host:172.234.197.23	SESSION-affecc1e92c420cb → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d274b6d174d04d01:SESSION-d274b6d174d04d01	SESSION-d274b6d174d04d01 → pe:syn:SESSION-d274b6d174d04d01
flow_observed4-aryOBS	e:fo:flow:53410f312c06	flow:53410f312c06 → host:172.234.197.23 → host:177.10.234.71 → port:tcp:14408
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90d4f232d3edc1de:host:177.10.238.201	SESSION-90d4f232d3edc1de → host:177.10.238.201
FLOW_DST_PORTOBS	e:fp:flow:5d97665061b5:port:tcp:443	flow:5d97665061b5 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f8491791342c7cb3:SESSION-f8491791342c7cb3	SESSION-f8491791342c7cb3 → pe:tls:SESSION-f8491791342c7cb3
flow_observed5-aryOBS	e:fo:flow:d11d527af6d7	flow:d11d527af6d7 → host:131.196.30.81 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:a1a774e26dd8	flow:a1a774e26dd8 → host:131.196.30.8 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:9b3343130edd:port:tcp:4072	flow:9b3343130edd → port:tcp:4072
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29f6930bb002305c:host:172.234.197.23	SESSION-29f6930bb002305c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f29ae4ea1d6d03ed:host:172.234.197.23	SESSION-f29ae4ea1d6d03ed → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-065e72b14a827150:SESSION-065e72b14a827150	SESSION-065e72b14a827150 → pe:syn:SESSION-065e72b14a827150
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-160e5a0882acae87:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-160e5a0882acae87 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:12598bc517fa:port:tcp:443	flow:12598bc517fa → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-93446cf6bcbe5afe:SESSION-93446cf6bcbe5afe	SESSION-93446cf6bcbe5afe → pe:tls:SESSION-93446cf6bcbe5afe
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92484e45d6e7b321:host:172.234.197.23	SESSION-92484e45d6e7b321 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0efcb065a58cc475:flow:3c6a2740e12d	SESSION-0efcb065a58cc475 → flow:3c6a2740e12d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1a09dd97dc23cca0:flow:66e056753fd5	SESSION-1a09dd97dc23cca0 → flow:66e056753fd5
flow_observed5-aryOBS	e:fo:flow:9280036d235b	flow:9280036d235b → host:177.10.236.62 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-adf46c04c6a07144:PCAP:capture_20260430150001:ded20914761d	SESSION-adf46c04c6a07144 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-1a52ffd6f24f0f87:host:177.10.237.124	SESSION-1a52ffd6f24f0f87 → host:177.10.237.124
FLOW_FROM_HOSTOBS	e:from:SESSION-38a64ba294c5f79f:host:56.112.16.196	SESSION-38a64ba294c5f79f → host:56.112.16.196
FLOW_FROM_HOSTOBS	e:from:SESSION-19f4ea615eaf7325:host:172.234.197.23	SESSION-19f4ea615eaf7325 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1984f51487784d02:host:172.234.197.23	SESSION-1984f51487784d02 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ef3cd86b38e13880:host:172.234.197.23	SESSION-ef3cd86b38e13880 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4370d06debc0fcec:host:45.173.156.219	SESSION-4370d06debc0fcec → host:45.173.156.219
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-014d878748f613f9:host:177.10.235.98	SESSION-014d878748f613f9 → host:177.10.235.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-caaa6bcaac59e7b9:SESSION-caaa6bcaac59e7b9	SESSION-caaa6bcaac59e7b9 → pe:tls:SESSION-caaa6bcaac59e7b9
FLOW_DST_PORTOBS	e:fp:flow:b187841e7f45:port:tcp:45304	flow:b187841e7f45 → port:tcp:45304
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-63d746c5afa978f6:PCAP:capture_20260430070001:903a0e7a436b	SESSION-63d746c5afa978f6 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-328591b09b0655cf:SESSION-328591b09b0655cf	SESSION-328591b09b0655cf → pe:syn:SESSION-328591b09b0655cf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.178:asn:262880	host:177.10.236.178 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6cc804a855d1eb7c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-6cc804a855d1eb7c → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:c08c0a3c73b3	flow:c08c0a3c73b3 → host:172.234.197.23 → host:177.10.233.48 → port:tcp:52961
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b228975a6eff356:host:131.196.28.230	SESSION-0b228975a6eff356 → host:131.196.28.230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d75311b4cd1e33ff:SESSION-d75311b4cd1e33ff	SESSION-d75311b4cd1e33ff → pe:syn:SESSION-d75311b4cd1e33ff
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6d93e05fe8ec7e58:SESSION-6d93e05fe8ec7e58	SESSION-6d93e05fe8ec7e58 → pe:syn:SESSION-6d93e05fe8ec7e58
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cad98c39a19fe348:host:172.234.197.23	SESSION-cad98c39a19fe348 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1518dad52645fa99:SESSION-1518dad52645fa99	SESSION-1518dad52645fa99 → pe:syn:SESSION-1518dad52645fa99
FLOW_DST_PORTOBS	e:fp:flow:997ec73c2b83:port:tcp:8152	flow:997ec73c2b83 → port:tcp:8152
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf0bb0d03710ab65:host:177.10.236.64:host:172.234.197.23	SESSION-bf0bb0d03710ab65 → host:177.10.236.64 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7ae30acbd5f5fc5:host:177.10.235.15:host:172.234.197.23	SESSION-b7ae30acbd5f5fc5 → host:177.10.235.15 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ab8c1601f71acf4:host:172.234.197.23	SESSION-0ab8c1601f71acf4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a390ade8fe745ada:host:131.196.29.233	SESSION-a390ade8fe745ada → host:131.196.29.233
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2490746063a947f9:host:131.196.28.10	SESSION-2490746063a947f9 → host:131.196.28.10
FLOW_QUERIED_DNSOBS	e:fd:flow:e14e48e38747:dns:172-234-197-23.ip.linodeusercontent.com	flow:e14e48e38747 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dbe0692b3b05f921:host:172.234.197.23:host:177.10.237.180	SESSION-dbe0692b3b05f921 → host:172.234.197.23 → host:177.10.237.180
flow_observed5-aryOBS	e:fo:flow:b5e5474721fd	flow:b5e5474721fd → host:177.10.237.19 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-e1b90ecadb949fa3:host:172.234.197.23	SESSION-e1b90ecadb949fa3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9e0fb934b56e:port:tcp:42866	flow:9e0fb934b56e → port:tcp:42866
flow_observed5-aryOBS	e:fo:flow:7645329c448b	flow:7645329c448b → host:177.10.235.118 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a5d297f882a3348:host:131.196.31.229	SESSION-4a5d297f882a3348 → host:131.196.31.229
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-83f081267b847a58:SESSION-83f081267b847a58	SESSION-83f081267b847a58 → pe:tls:SESSION-83f081267b847a58
FLOW_DST_PORTOBS	e:fp:flow:092300811091:port:udp:53	flow:092300811091 → port:udp:53
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.113:geo_-23.62930_-46.63510	host:131.196.31.113 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6515500944a7e42e:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6515500944a7e42e → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-cb9e9108ca8bff14:host:45.173.156.43	SESSION-cb9e9108ca8bff14 → host:45.173.156.43
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c4ebc5699ec1c63:host:177.10.238.116	SESSION-9c4ebc5699ec1c63 → host:177.10.238.116
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.151:geo_-16.28860_-49.01640	host:177.10.233.151 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:032a41dd171b:port:tcp:45776	flow:032a41dd171b → port:tcp:45776
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8f1e08bfeea32aa0:host:177.10.236.27:host:172.234.197.23	SESSION-8f1e08bfeea32aa0 → host:177.10.236.27 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.62:geo_-23.62930_-46.63510	host:131.196.29.62 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-23efb1317beab0b3:host:177.10.239.80:host:172.234.197.23	SESSION-23efb1317beab0b3 → host:177.10.239.80 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ac55ff303c5de83:flow:58f1af48c31f	SESSION-1ac55ff303c5de83 → flow:58f1af48c31f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7678ab8e642a5a2a:host:177.10.234.94	SESSION-7678ab8e642a5a2a → host:177.10.234.94
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b22f1be22326dd94:flow:6fa4b18c4339	SESSION-b22f1be22326dd94 → flow:6fa4b18c4339
FLOW_TO_HOSTOBS	e:to:SESSION-9c4a3ef3072acfd2:host:172.234.197.23	SESSION-9c4a3ef3072acfd2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a046afd146222299:host:172.234.197.23	SESSION-a046afd146222299 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cd38adf08b5d5a9e:SESSION-cd38adf08b5d5a9e	SESSION-cd38adf08b5d5a9e → pe:syn:SESSION-cd38adf08b5d5a9e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8396d269748cb9c:host:131.196.30.37	SESSION-f8396d269748cb9c → host:131.196.30.37
FLOW_TO_HOSTOBS	e:to:SESSION-07124c917c797d63:host:172.234.197.23	SESSION-07124c917c797d63 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-48de9f7b9a5a464c:host:177.10.234.210	SESSION-48de9f7b9a5a464c → host:177.10.234.210
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-474ea5236769f0a3:host:172.234.197.23	SESSION-474ea5236769f0a3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46f163e73b58987c:host:177.10.239.136	SESSION-46f163e73b58987c → host:177.10.239.136
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ed610f5ec8b698f6:SESSION-ed610f5ec8b698f6	SESSION-ed610f5ec8b698f6 → pe:tls:SESSION-ed610f5ec8b698f6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.68:geo_-16.28860_-49.01640	host:177.10.239.68 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-bebd9f8afa50544a:host:45.173.156.68	SESSION-bebd9f8afa50544a → host:45.173.156.68
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ee5756ac65b5ed68:SESSION-ee5756ac65b5ed68	SESSION-ee5756ac65b5ed68 → pe:syn:SESSION-ee5756ac65b5ed68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-421b35b56ec8b984:host:131.196.28.38	SESSION-421b35b56ec8b984 → host:131.196.28.38
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a19fd3219cd89ed:host:172.234.197.23	SESSION-6a19fd3219cd89ed → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9ada05a103ba2b64:host:131.196.29.4	SESSION-9ada05a103ba2b64 → host:131.196.29.4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3a825e71225466eb:SESSION-3a825e71225466eb	SESSION-3a825e71225466eb → pe:syn:SESSION-3a825e71225466eb
flow_observed5-aryOBS	e:fo:flow:2fa17bc807ba	flow:2fa17bc807ba → host:177.10.236.153 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8409f84148f471e2:host:172.234.197.23	SESSION-8409f84148f471e2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-996c7a5f028b9d80:host:177.10.234.73	SESSION-996c7a5f028b9d80 → host:177.10.234.73
FLOW_FROM_HOSTOBS	e:from:SESSION-1ee12e96d458a4e4:host:177.10.239.200	SESSION-1ee12e96d458a4e4 → host:177.10.239.200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ad03ceeb377f3976:SESSION-ad03ceeb377f3976	SESSION-ad03ceeb377f3976 → pe:syn:SESSION-ad03ceeb377f3976
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-31836a23201b59b7:host:172.234.197.23:host:177.10.237.162	SESSION-31836a23201b59b7 → host:172.234.197.23 → host:177.10.237.162
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ea33f21558d3ba7:host:177.10.237.211	SESSION-3ea33f21558d3ba7 → host:177.10.237.211
FLOW_FROM_HOSTOBS	e:from:SESSION-60441095965530ae:host:177.10.239.72	SESSION-60441095965530ae → host:177.10.239.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2b523e88f9ec69c3:SESSION-2b523e88f9ec69c3	SESSION-2b523e88f9ec69c3 → pe:tls:SESSION-2b523e88f9ec69c3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dde31743640b587a:flow:d0b2adbfad1c	SESSION-dde31743640b587a → flow:d0b2adbfad1c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.174:geo_-23.62930_-46.63510	host:131.196.28.174 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37c584531b25722b:PCAP:capture_20260430150001:ded20914761d	SESSION-37c584531b25722b → PCAP:capture_20260430150001:ded20914761d
flow_observed4-aryOBS	e:fo:flow:98a12a95fc8d	flow:98a12a95fc8d → host:172.234.197.23 → host:177.10.236.143 → port:tcp:16219
FLOW_FROM_HOSTOBS	e:from:SESSION-55e2fb280d3c8e24:host:131.196.29.122	SESSION-55e2fb280d3c8e24 → host:131.196.29.122
flow_observed4-aryOBS	e:fo:flow:bcc72520c021	flow:bcc72520c021 → host:172.234.197.23 → host:177.10.234.143 → port:tcp:29021
FLOW_DST_PORTOBS	e:fp:flow:27138d8d3319:port:tcp:25397	flow:27138d8d3319 → port:tcp:25397
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-941b4a1386b7be8f:host:177.10.238.90:host:172.234.197.23	SESSION-941b4a1386b7be8f → host:177.10.238.90 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3ecb9e93c79a4bef:SESSION-3ecb9e93c79a4bef	SESSION-3ecb9e93c79a4bef → pe:tls:SESSION-3ecb9e93c79a4bef
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-afbbd778f47cc6c1:SESSION-afbbd778f47cc6c1	SESSION-afbbd778f47cc6c1 → pe:syn:SESSION-afbbd778f47cc6c1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e2f2dfbe9df7c080:host:131.196.30.237:host:172.234.197.23	SESSION-e2f2dfbe9df7c080 → host:131.196.30.237 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:bb1be86dfa91	flow:bb1be86dfa91 → host:172.234.197.23 → host:131.196.31.185 → port:tcp:10108
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-370545020cd57187:SESSION-370545020cd57187	SESSION-370545020cd57187 → pe:syn:SESSION-370545020cd57187
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5167ceabb03264f1:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-5167ceabb03264f1 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-09e8a1451dd94c84:SESSION-09e8a1451dd94c84	SESSION-09e8a1451dd94c84 → pe:tls:SESSION-09e8a1451dd94c84
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a57e7ba0de33dea3:host:172.234.197.23	SESSION-a57e7ba0de33dea3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b11ad70426b43374:host:172.234.197.23:host:177.10.235.36	SESSION-b11ad70426b43374 → host:172.234.197.23 → host:177.10.235.36
FLOW_TO_HOSTOBS	e:to:SESSION-f42dcf2468c4a64f:host:172.234.197.23	SESSION-f42dcf2468c4a64f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-074c4a6b1ee06430:host:172.234.197.23	SESSION-074c4a6b1ee06430 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f059fe4a40805f2:host:131.196.31.242	SESSION-1f059fe4a40805f2 → host:131.196.31.242
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b074fbdb748702cc:host:172.234.197.23	SESSION-b074fbdb748702cc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b3b2d33602e817e1:host:131.196.28.100	SESSION-b3b2d33602e817e1 → host:131.196.28.100
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b73ad2a19ec53d4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5b73ad2a19ec53d4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c766f181ead012ae:host:92.112.71.21:host:172.234.197.23	SESSION-c766f181ead012ae → host:92.112.71.21 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e39b76c4ba6c4cf6:SESSION-e39b76c4ba6c4cf6	SESSION-e39b76c4ba6c4cf6 → pe:tls:SESSION-e39b76c4ba6c4cf6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f4d08df9b5b22c8b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f4d08df9b5b22c8b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4cb8ade3138db412:host:172.234.197.23	SESSION-4cb8ade3138db412 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.80:asn:262880	host:177.10.239.80 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e77d19d6eee479c3:host:177.10.233.95	SESSION-e77d19d6eee479c3 → host:177.10.233.95
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7f350449fc7d11b3:host:172.234.197.23:host:177.10.232.178	SESSION-7f350449fc7d11b3 → host:172.234.197.23 → host:177.10.232.178
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4ec917f0e741b647:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4ec917f0e741b647 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b8f12ada0f88f122:host:199.16.157.181:host:172.234.197.23	SESSION-b8f12ada0f88f122 → host:199.16.157.181 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6dcc81ef5615b86c:host:172.234.197.23	SESSION-6dcc81ef5615b86c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:be0b354de90a	flow:be0b354de90a → host:177.10.236.157 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.69:geo_-23.62930_-46.63510	host:131.196.30.69 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d3f8bf2b05f7ab82:host:131.196.28.42:host:172.234.197.23	SESSION-d3f8bf2b05f7ab82 → host:131.196.28.42 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-151e53ee3004033b:host:172.234.197.23	SESSION-151e53ee3004033b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-77e1145855a55905:host:131.196.31.121	SESSION-77e1145855a55905 → host:131.196.31.121
HOST_IN_ASNOBS 85%	e:ha:host:57.128.95.181:asn:16276	host:57.128.95.181 → asn:16276
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7401284f40d9f52:host:172.234.197.23	SESSION-a7401284f40d9f52 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ce973eb9d12ea742:host:174.202.97.85:host:172.234.197.23	SESSION-ce973eb9d12ea742 → host:174.202.97.85 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fad6b9be10f7d404:SESSION-fad6b9be10f7d404	SESSION-fad6b9be10f7d404 → pe:syn:SESSION-fad6b9be10f7d404
FLOW_FROM_HOSTOBS	e:from:SESSION-e696cf5f8f6db7e6:host:177.10.232.115	SESSION-e696cf5f8f6db7e6 → host:177.10.232.115
FLOW_FROM_HOSTOBS	e:from:SESSION-abc806ef9f1a9dce:host:172.234.197.23	SESSION-abc806ef9f1a9dce → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2dbb52de45813c9a:host:131.196.28.234:host:172.234.197.23	SESSION-2dbb52de45813c9a → host:131.196.28.234 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:0e2a2cd94527:dns:172-234-197-23.ip.linodeusercontent.com	flow:0e2a2cd94527 → dns:172-234-197-23.ip.linodeusercontent.com
flow_observed5-aryOBS	e:fo:flow:b08e9e3f80d1	flow:b08e9e3f80d1 → host:131.196.30.147 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.154:asn:262880	host:177.10.239.154 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.45:asn:262880	host:177.10.238.45 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-98452f7d1a82c494:SESSION-98452f7d1a82c494	SESSION-98452f7d1a82c494 → pe:tls:SESSION-98452f7d1a82c494
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-212f7b3a9bb90264:host:177.10.237.41	SESSION-212f7b3a9bb90264 → host:177.10.237.41
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8958b8d9cf24f177:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8958b8d9cf24f177 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ef914cd10270daad:SESSION-ef914cd10270daad	SESSION-ef914cd10270daad → pe:tls:SESSION-ef914cd10270daad
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-643a90c68c400c64:SESSION-643a90c68c400c64	SESSION-643a90c68c400c64 → pe:tls:SESSION-643a90c68c400c64
FLOW_FROM_HOSTOBS	e:from:SESSION-37c1a586e90e7a3b:host:131.196.28.39	SESSION-37c1a586e90e7a3b → host:131.196.28.39
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a55a830d22fea90d:host:131.196.29.130:host:172.234.197.23	SESSION-a55a830d22fea90d → host:131.196.29.130 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e331ebe372f514c8:host:2.57.121.112	SESSION-e331ebe372f514c8 → host:2.57.121.112
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dda196b654200873:SESSION-dda196b654200873	SESSION-dda196b654200873 → pe:syn:SESSION-dda196b654200873
FLOW_FROM_HOSTOBS	e:from:SESSION-802ccc988b65b38c:host:131.196.28.2	SESSION-802ccc988b65b38c → host:131.196.28.2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2e8105cbb514d7cf:SESSION-2e8105cbb514d7cf	SESSION-2e8105cbb514d7cf → pe:syn:SESSION-2e8105cbb514d7cf
FLOW_TO_HOSTOBS	e:to:SESSION-2eb15df038685c53:host:172.234.197.23	SESSION-2eb15df038685c53 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c639517e7e5752d7:host:172.234.197.23	SESSION-c639517e7e5752d7 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7b52e9885df6	flow:7b52e9885df6 → host:45.173.156.233 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-825be4419cbefff8:host:172.234.197.23	SESSION-825be4419cbefff8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-605176cb8a71c0f4:flow:6bccd1e0d7eb	SESSION-605176cb8a71c0f4 → flow:6bccd1e0d7eb
FLOW_TO_HOSTOBS	e:to:SESSION-dda196b654200873:host:131.196.30.98	SESSION-dda196b654200873 → host:131.196.30.98
flow_observed5-aryOBS	e:fo:flow:b2e0fad9a7ba	flow:b2e0fad9a7ba → host:177.10.237.127 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.120:geo_-23.62930_-46.63510	host:131.196.31.120 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.255:asn:262880	host:177.10.239.255 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-af4f3fe4058b61ab:host:177.10.234.189:host:172.234.197.23	SESSION-af4f3fe4058b61ab → host:177.10.234.189 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1d0bad8110700772:SESSION-1d0bad8110700772	SESSION-1d0bad8110700772 → pe:syn:SESSION-1d0bad8110700772
FLOW_DST_PORTOBS	e:fp:flow:43aef062f8f5:port:tcp:8323	flow:43aef062f8f5 → port:tcp:8323
FLOW_DST_PORTOBS	e:fp:flow:57693f469d04:port:tcp:443	flow:57693f469d04 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:39685dbf6c4f	flow:39685dbf6c4f → host:172.234.197.23 → host:177.10.236.151 → port:tcp:41324
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d5cd00671f435cc6:SESSION-d5cd00671f435cc6	SESSION-d5cd00671f435cc6 → pe:syn:SESSION-d5cd00671f435cc6
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.80:asn:262880	host:177.10.234.80 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b34520b38e3fc963:flow:b19ab9caf851	SESSION-b34520b38e3fc963 → flow:b19ab9caf851
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4c4adfb3e188a176:flow:524cb7cd132b	SESSION-4c4adfb3e188a176 → flow:524cb7cd132b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-21cd302cb5783965:SESSION-21cd302cb5783965	SESSION-21cd302cb5783965 → pe:syn:SESSION-21cd302cb5783965
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-18178a1924ee92a1:host:177.10.237.237	SESSION-18178a1924ee92a1 → host:177.10.237.237
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-878a5ce24b3ea2a6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-878a5ce24b3ea2a6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:1c82b7b012f1	flow:1c82b7b012f1 → host:177.10.234.251 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4363548d57b1d6df:host:172.234.197.23:host:131.196.31.121	SESSION-4363548d57b1d6df → host:172.234.197.23 → host:131.196.31.121
FLOW_DST_PORTOBS	e:fp:flow:40ddd64a6350:port:tcp:443	flow:40ddd64a6350 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-84d24c52e1f02eee:flow:a7a5a4376bf3	SESSION-84d24c52e1f02eee → flow:a7a5a4376bf3
FLOW_FROM_HOSTOBS	e:from:SESSION-e9e9835a2b91f231:host:172.234.197.23	SESSION-e9e9835a2b91f231 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-77c36ee0b21ed6bb:host:172.234.197.23	SESSION-77c36ee0b21ed6bb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa32b0aa2bffc0b5:flow:8ecf4d1d097b	SESSION-aa32b0aa2bffc0b5 → flow:8ecf4d1d097b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-353fd641d57f7d93:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-353fd641d57f7d93 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d1802072f1dd852:host:172.234.197.23	SESSION-0d1802072f1dd852 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d3eca13f5e50de63:host:172.234.197.23	SESSION-d3eca13f5e50de63 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:840025b64f04:port:tcp:443	flow:840025b64f04 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3df67864d859fde0:flow:0d2adbd91043	SESSION-3df67864d859fde0 → flow:0d2adbd91043
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a84fec3b32ec885d:host:172.234.197.23	SESSION-a84fec3b32ec885d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d0648f3d1bca:port:tcp:443	flow:d0648f3d1bca → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d027fcdf19e82664:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-d027fcdf19e82664 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6411f10800cf3ef5:SESSION-6411f10800cf3ef5	SESSION-6411f10800cf3ef5 → pe:tls:SESSION-6411f10800cf3ef5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-119f9a3698c24414:flow:5c055db31751	SESSION-119f9a3698c24414 → flow:5c055db31751
flow_observed5-aryOBS	e:fo:flow:33619393bce5	flow:33619393bce5 → host:177.10.239.78 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:ed7f77efecef	flow:ed7f77efecef → host:177.10.232.11 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-077a58eb2518fab4:SESSION-077a58eb2518fab4	SESSION-077a58eb2518fab4 → pe:syn:SESSION-077a58eb2518fab4
FLOW_DST_PORTOBS	e:fp:flow:138da8759222:port:tcp:443	flow:138da8759222 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5d780f89354efd9:host:131.196.31.158	SESSION-b5d780f89354efd9 → host:131.196.31.158
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-635c4a1226b6dd4e:SESSION-635c4a1226b6dd4e	SESSION-635c4a1226b6dd4e → pe:syn:SESSION-635c4a1226b6dd4e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-38a64ba294c5f79f:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-38a64ba294c5f79f → PCAP:capture_20260427230001:ca8bd1ce36e2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d9ed6ae798457b7:host:177.10.236.239	SESSION-9d9ed6ae798457b7 → host:177.10.236.239
FLOW_FROM_HOSTOBS	e:from:SESSION-8d7cf6e510c352d8:host:131.196.29.101	SESSION-8d7cf6e510c352d8 → host:131.196.29.101
flow_observed5-aryOBS	e:fo:flow:235168171731	flow:235168171731 → host:54.91.240.230 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-de82cbdf751e150b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-de82cbdf751e150b → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9a27c97c4e7ac566:host:131.196.29.201:host:172.234.197.23	SESSION-9a27c97c4e7ac566 → host:131.196.29.201 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4933624db1b9ac84:host:172.234.197.23	SESSION-4933624db1b9ac84 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2f32bbf866d49408:SESSION-2f32bbf866d49408	SESSION-2f32bbf866d49408 → pe:syn:SESSION-2f32bbf866d49408
FLOW_FROM_HOSTOBS	e:from:SESSION-0a77adff1667c3d1:host:177.10.236.237	SESSION-0a77adff1667c3d1 → host:177.10.236.237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6bdcd515a2308bd:host:177.10.236.26	SESSION-d6bdcd515a2308bd → host:177.10.236.26
FLOW_TO_HOSTOBS	e:to:SESSION-5d6622ca4a22ed44:host:172.234.197.23	SESSION-5d6622ca4a22ed44 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-28765694f1859e38:flow:48d5c490e0d2	SESSION-28765694f1859e38 → flow:48d5c490e0d2
FLOW_DST_PORTOBS	e:fp:flow:15d79a8be621:port:tcp:443	flow:15d79a8be621 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5f07a2dad0dfb354:SESSION-5f07a2dad0dfb354	SESSION-5f07a2dad0dfb354 → pe:syn:SESSION-5f07a2dad0dfb354
FLOW_FROM_HOSTOBS	e:from:SESSION-a9c12f6159b9a7a1:host:131.196.30.8	SESSION-a9c12f6159b9a7a1 → host:131.196.30.8
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.119:geo_-23.62930_-46.63510	host:131.196.30.119 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-90e5db50c9887f08:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-90e5db50c9887f08 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-07139a9423b3d79f:host:131.196.29.159	SESSION-07139a9423b3d79f → host:131.196.29.159
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-caf71fb423b46c4a:SESSION-caf71fb423b46c4a	SESSION-caf71fb423b46c4a → pe:tls:SESSION-caf71fb423b46c4a
flow_observed5-aryOBS	e:fo:flow:808794619d5d	flow:808794619d5d → host:80.94.92.186 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd728e6d9f0647f9:host:172.234.197.23	SESSION-bd728e6d9f0647f9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9c08b167ed56233b:host:177.10.239.241	SESSION-9c08b167ed56233b → host:177.10.239.241
FLOW_TO_HOSTOBS	e:to:SESSION-042ef885e77347e7:host:172.234.197.23	SESSION-042ef885e77347e7 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:395e05a95131	flow:395e05a95131 → host:177.10.237.138 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9b3d68511ee3e6e7:SESSION-9b3d68511ee3e6e7	SESSION-9b3d68511ee3e6e7 → pe:tls:SESSION-9b3d68511ee3e6e7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-16b33dfc60975324:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-16b33dfc60975324 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ef3697a55617fe8:host:172.234.197.23	SESSION-0ef3697a55617fe8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ea3534a0835f:port:tcp:28935	flow:ea3534a0835f → port:tcp:28935
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1699a282bb5af583:SESSION-1699a282bb5af583	SESSION-1699a282bb5af583 → pe:tls:SESSION-1699a282bb5af583
flow_observed5-aryOBS	e:fo:flow:ae23623ba6a8	flow:ae23623ba6a8 → host:177.10.233.148 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:a108354098cf	flow:a108354098cf → host:131.196.31.29 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.128:geo_-16.28860_-49.01640	host:177.10.234.128 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:8d9fc7278c00:port:tcp:22676	flow:8d9fc7278c00 → port:tcp:22676
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5491ebf26b201b1a:host:92.118.39.236	SESSION-5491ebf26b201b1a → host:92.118.39.236
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34d820c66fac079b:host:172.234.197.23	SESSION-34d820c66fac079b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-463ebb9b343c8b6a:SESSION-463ebb9b343c8b6a	SESSION-463ebb9b343c8b6a → pe:syn:SESSION-463ebb9b343c8b6a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-58eea5e67f2190af:SESSION-58eea5e67f2190af	SESSION-58eea5e67f2190af → pe:syn:SESSION-58eea5e67f2190af
flow_observed5-aryOBS	e:fo:flow:21b9c2f46acd	flow:21b9c2f46acd → host:177.10.234.23 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-4dc418e4265e72ea:host:172.234.197.23	SESSION-4dc418e4265e72ea → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.144:geo_-16.28860_-49.01640	host:177.10.236.144 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fe8896cc58e0f0aa:PCAP:capture_20260430160001:9bfa4498506a	SESSION-fe8896cc58e0f0aa → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-154a0a352559b94b:host:172.234.197.23	SESSION-154a0a352559b94b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-00efe759e05a1a39:SESSION-00efe759e05a1a39	SESSION-00efe759e05a1a39 → pe:tls:SESSION-00efe759e05a1a39
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3f486f528dd93473:SESSION-3f486f528dd93473	SESSION-3f486f528dd93473 → pe:syn:SESSION-3f486f528dd93473
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-84d24c52e1f02eee:host:177.10.234.21:host:172.234.197.23	SESSION-84d24c52e1f02eee → host:177.10.234.21 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:14298c15af91	flow:14298c15af91 → host:177.10.235.152 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb444db8c099bc0f:flow:d298b81348e9	SESSION-cb444db8c099bc0f → flow:d298b81348e9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3b13920773df7284:host:172.234.197.23	SESSION-3b13920773df7284 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6b4752d4afe8ec71:host:172.234.197.23	SESSION-6b4752d4afe8ec71 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb5c3fce7274dac7:host:177.10.235.249	SESSION-cb5c3fce7274dac7 → host:177.10.235.249
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ed760af2d8fedd4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2ed760af2d8fedd4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4531330495d6a6b8:SESSION-4531330495d6a6b8	SESSION-4531330495d6a6b8 → pe:tls:SESSION-4531330495d6a6b8
flow_observed4-aryOBS	e:fo:flow:0becdb8f6786	flow:0becdb8f6786 → host:172.234.197.23 → host:177.10.234.81 → port:tcp:26148
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-077f434652010402:SESSION-077f434652010402	SESSION-077f434652010402 → pe:tls:SESSION-077f434652010402
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-af24c7046d264e7e:host:172.234.197.23:host:45.173.156.43	SESSION-af24c7046d264e7e → host:172.234.197.23 → host:45.173.156.43
FLOW_FROM_HOSTOBS	e:from:SESSION-534aae6aa0ff39bc:host:172.234.197.23	SESSION-534aae6aa0ff39bc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-83267dedfd50dbe7:host:172.234.197.23	SESSION-83267dedfd50dbe7 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:c7f74b0fa92a	flow:c7f74b0fa92a → host:172.234.197.23 → host:45.173.156.138 → port:tcp:2043
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cefaeddbbade6b50:host:177.10.237.254:host:172.234.197.23	SESSION-cefaeddbbade6b50 → host:177.10.237.254 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9820f222b36503c3:host:80.94.92.186	SESSION-9820f222b36503c3 → host:80.94.92.186
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-555dcb6965008cb6:host:172.234.197.23:host:131.196.29.131	SESSION-555dcb6965008cb6 → host:172.234.197.23 → host:131.196.29.131
flow_observed5-aryOBS	e:fo:flow:ca5f31c630e0	flow:ca5f31c630e0 → host:131.196.29.114 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b9f43ed2bc91ec43:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b9f43ed2bc91ec43 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21b975753a100632:host:45.173.156.201	SESSION-21b975753a100632 → host:45.173.156.201
FLOW_FROM_HOSTOBS	e:from:SESSION-82f2c01059fea89b:host:177.10.235.192	SESSION-82f2c01059fea89b → host:177.10.235.192
FLOW_FROM_HOSTOBS	e:from:SESSION-27b2c896335b5c16:host:177.10.233.15	SESSION-27b2c896335b5c16 → host:177.10.233.15
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c06bd8d9952317f:host:177.10.237.63	SESSION-6c06bd8d9952317f → host:177.10.237.63
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39e4fa54be3b3e55:host:172.234.197.23	SESSION-39e4fa54be3b3e55 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28a7ecee4eeacba6:host:172.234.197.23	SESSION-28a7ecee4eeacba6 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cbc349d6e82ad363:flow:a4cb28579aef	SESSION-cbc349d6e82ad363 → flow:a4cb28579aef
FLOW_DST_PORTOBS	e:fp:flow:9f09d42f07c3:port:tcp:443	flow:9f09d42f07c3 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dad6cf67ed488f0b:flow:dd689462ef51	SESSION-dad6cf67ed488f0b → flow:dd689462ef51
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-83267dedfd50dbe7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-83267dedfd50dbe7 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-b9875f767bae73b8:host:172.234.197.23	SESSION-b9875f767bae73b8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0d96e36b5a5a	flow:0d96e36b5a5a → host:177.10.237.76 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06294e5a27c1af9a:host:172.234.197.23	SESSION-06294e5a27c1af9a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7edb52a0a7553f53:SESSION-7edb52a0a7553f53	SESSION-7edb52a0a7553f53 → pe:tls:SESSION-7edb52a0a7553f53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52edfb1e7fe307be:host:177.10.239.99	SESSION-52edfb1e7fe307be → host:177.10.239.99
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-25d670562ff80de0:flow:f9c3289cd9ec	SESSION-25d670562ff80de0 → flow:f9c3289cd9ec
FLOW_TO_HOSTOBS	e:to:SESSION-55d7f3379dec0798:host:172.234.197.23	SESSION-55d7f3379dec0798 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-623bd72e2e38d66b:SESSION-623bd72e2e38d66b	SESSION-623bd72e2e38d66b → pe:syn:SESSION-623bd72e2e38d66b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f18f27343d540733:SESSION-f18f27343d540733	SESSION-f18f27343d540733 → pe:tls:SESSION-f18f27343d540733
FLOW_TO_HOSTOBS	e:to:SESSION-cfdf430166eb3e5d:host:172.234.197.23	SESSION-cfdf430166eb3e5d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e182e837f26eb64a:host:177.10.232.160:host:172.234.197.23	SESSION-e182e837f26eb64a → host:177.10.232.160 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27f830f77ddb5dd1:host:172.234.197.23	SESSION-27f830f77ddb5dd1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-664154a8ce71c549:flow:fa5ef69cbf53	SESSION-664154a8ce71c549 → flow:fa5ef69cbf53
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.169:geo_-23.62930_-46.63510	host:131.196.31.169 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d941eb7985d54eff:host:172.234.197.23	SESSION-d941eb7985d54eff → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-597a035229423245:host:45.173.156.240	SESSION-597a035229423245 → host:45.173.156.240
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9252fa43a6ca744f:SESSION-9252fa43a6ca744f	SESSION-9252fa43a6ca744f → pe:syn:SESSION-9252fa43a6ca744f
flow_observed5-aryOBS	e:fo:flow:e8c214b29c0d	flow:e8c214b29c0d → host:177.10.235.81 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:68285fd309bb	flow:68285fd309bb → host:172.234.197.23 → host:177.10.232.155 → port:tcp:41502
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8d11cc9a154a777c:SESSION-8d11cc9a154a777c	SESSION-8d11cc9a154a777c → pe:syn:SESSION-8d11cc9a154a777c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2460b60c939eb75b:SESSION-2460b60c939eb75b	SESSION-2460b60c939eb75b → pe:tls:SESSION-2460b60c939eb75b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99d609228b1b32ef:host:177.10.234.84	SESSION-99d609228b1b32ef → host:177.10.234.84
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c1aa9055f8e3197b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c1aa9055f8e3197b → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-70e7a4a5208b1da3:SESSION-70e7a4a5208b1da3	SESSION-70e7a4a5208b1da3 → pe:syn:SESSION-70e7a4a5208b1da3
FLOW_TO_HOSTOBS	e:to:SESSION-e5496341eed0b869:host:172.234.197.23	SESSION-e5496341eed0b869 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3c6f10f20f24d7ff:SESSION-3c6f10f20f24d7ff	SESSION-3c6f10f20f24d7ff → pe:syn:SESSION-3c6f10f20f24d7ff
flow_observed4-aryOBS	e:fo:flow:3de7f41573d5	flow:3de7f41573d5 → host:172.234.197.23 → host:131.196.29.119 → port:tcp:63550
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc431699568b9daa:host:172.234.197.23	SESSION-cc431699568b9daa → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4367b2e8a53d74f:SESSION-c4367b2e8a53d74f	SESSION-c4367b2e8a53d74f → pe:tls:SESSION-c4367b2e8a53d74f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.10:geo_-16.28860_-49.01640	host:177.10.237.10 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:07c3682d867a	flow:07c3682d867a → host:177.10.235.61 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad4db4cca9d566af:host:172.234.197.23	SESSION-ad4db4cca9d566af → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-84d24c52e1f02eee:SESSION-84d24c52e1f02eee	SESSION-84d24c52e1f02eee → pe:syn:SESSION-84d24c52e1f02eee
FLOW_FROM_HOSTOBS	e:from:SESSION-4b859feadb239919:host:177.10.237.151	SESSION-4b859feadb239919 → host:177.10.237.151
FLOW_FROM_HOSTOBS	e:from:SESSION-d6c09b181dae043f:host:172.234.197.23	SESSION-d6c09b181dae043f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-81a82597e7e06ed6:SESSION-81a82597e7e06ed6	SESSION-81a82597e7e06ed6 → pe:syn:SESSION-81a82597e7e06ed6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07dfdeddccca16ee:host:177.10.236.64	SESSION-07dfdeddccca16ee → host:177.10.236.64
FLOW_TO_HOSTOBS	e:to:SESSION-de1fc6391256943a:host:172.234.197.23	SESSION-de1fc6391256943a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.14:geo_-23.62930_-46.63510	host:131.196.29.14 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9beaab7062aef373:host:88.99.91.59:host:172.234.197.23	SESSION-9beaab7062aef373 → host:88.99.91.59 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-34b42a1bd1f93900:host:172.234.197.23	SESSION-34b42a1bd1f93900 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5bae596d14ec2741:host:172.234.197.23	SESSION-5bae596d14ec2741 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b045e9fec039082:host:177.10.233.196	SESSION-5b045e9fec039082 → host:177.10.233.196
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.59:asn:262880	host:177.10.233.59 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-63e564f28f734573:host:172.234.197.23	SESSION-63e564f28f734573 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ab6d0c9e6f54de20:host:174.202.97.85	SESSION-ab6d0c9e6f54de20 → host:174.202.97.85
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-144e16262f6e2a62:host:172.234.197.23	SESSION-144e16262f6e2a62 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5405d05650907428:SESSION-5405d05650907428	SESSION-5405d05650907428 → pe:syn:SESSION-5405d05650907428
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d47d434116add089:SESSION-d47d434116add089	SESSION-d47d434116add089 → pe:tls:SESSION-d47d434116add089
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2d551807307fa9b9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2d551807307fa9b9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:16db29bc6b3c	flow:16db29bc6b3c → host:45.173.156.124 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fdca441bb1b3810b:SESSION-fdca441bb1b3810b	SESSION-fdca441bb1b3810b → pe:tls:SESSION-fdca441bb1b3810b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a10047b74101a9ce:host:177.10.238.106:host:172.234.197.23	SESSION-a10047b74101a9ce → host:177.10.238.106 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-38298ff8ded7155d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-38298ff8ded7155d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:5a0cd8781a01:port:tcp:443	flow:5a0cd8781a01 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3a082d71203d179a:SESSION-3a082d71203d179a	SESSION-3a082d71203d179a → pe:syn:SESSION-3a082d71203d179a
flow_observed5-aryOBS	e:fo:flow:ac3806b9df7d	flow:ac3806b9df7d → host:45.173.156.41 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-02ee946ab454bede:flow:83496f8172a2	SESSION-02ee946ab454bede → flow:83496f8172a2
FLOW_TO_HOSTOBS	e:to:SESSION-100c3fd7436ef8f8:host:177.10.234.52	SESSION-100c3fd7436ef8f8 → host:177.10.234.52
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.102:geo_-23.62930_-46.63510	host:131.196.28.102 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b4751d88925ba5f3:flow:3d634a6706b3	SESSION-b4751d88925ba5f3 → flow:3d634a6706b3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb7dd74b64c1f7c7:flow:0b503a41e3d2	SESSION-cb7dd74b64c1f7c7 → flow:0b503a41e3d2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d11580ecaeb7d77b:host:172.234.197.23	SESSION-d11580ecaeb7d77b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-933bde1224d44bcc:host:172.234.197.23:host:177.10.235.205	SESSION-933bde1224d44bcc → host:172.234.197.23 → host:177.10.235.205
flow_observed5-aryOBS	e:fo:flow:f7ad796390a5	flow:f7ad796390a5 → host:177.10.237.108 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-b81fa97d99ce77b6:host:172.234.197.23	SESSION-b81fa97d99ce77b6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cddd8421db4c97d9:host:177.10.237.169	SESSION-cddd8421db4c97d9 → host:177.10.237.169
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1d45ffa0c695899f:SESSION-1d45ffa0c695899f	SESSION-1d45ffa0c695899f → pe:tls:SESSION-1d45ffa0c695899f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5b5af66d109a4873:SESSION-5b5af66d109a4873	SESSION-5b5af66d109a4873 → pe:tls:SESSION-5b5af66d109a4873
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24aa07f03f2c2273:host:177.10.233.118	SESSION-24aa07f03f2c2273 → host:177.10.233.118
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7d5ec38dc75ef648:SESSION-7d5ec38dc75ef648	SESSION-7d5ec38dc75ef648 → pe:tls:SESSION-7d5ec38dc75ef648
FLOW_FROM_HOSTOBS	e:from:SESSION-314616832d67d639:host:177.10.235.64	SESSION-314616832d67d639 → host:177.10.235.64
FLOW_TO_HOSTOBS	e:to:SESSION-c35942669d0b12c8:host:172.234.197.23	SESSION-c35942669d0b12c8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-abc806ef9f1a9dce:host:172.234.197.23:host:177.10.234.180	SESSION-abc806ef9f1a9dce → host:172.234.197.23 → host:177.10.234.180
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.255:geo_41.00190_28.96450	host:92.112.71.255 → geo_41.00190_28.96450
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6ccddbdb53d5af45:SESSION-6ccddbdb53d5af45	SESSION-6ccddbdb53d5af45 → pe:syn:SESSION-6ccddbdb53d5af45
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.85:geo_-21.10010_-41.69200	host:45.173.156.85 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:993b2f58d47e:port:tcp:443	flow:993b2f58d47e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c639517e7e5752d7:host:95.135.228.17	SESSION-c639517e7e5752d7 → host:95.135.228.17
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.129:asn:262880	host:177.10.237.129 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-93c7fae83342c58e:host:131.196.31.79	SESSION-93c7fae83342c58e → host:131.196.31.79
FLOW_DST_PORTOBS	e:fp:flow:576b9c0091bc:port:tcp:22	flow:576b9c0091bc → port:tcp:22
FLOW_DST_PORTOBS	e:fp:flow:b34d3851d524:port:tcp:443	flow:b34d3851d524 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2fd071a3b1e728ca:flow:f2c6379e0a88	SESSION-2fd071a3b1e728ca → flow:f2c6379e0a88
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-970108b06912c1b7:SESSION-970108b06912c1b7	SESSION-970108b06912c1b7 → pe:tls:SESSION-970108b06912c1b7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d8b07a8bebdede3:host:172.234.197.23:host:172.232.0.16	SESSION-1d8b07a8bebdede3 → host:172.234.197.23 → host:172.232.0.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-557aaca226ee6bf8:PCAP:capture_20260430060001:919b39a74464	SESSION-557aaca226ee6bf8 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79ceb7ef9cce8d79:host:172.234.197.23	SESSION-79ceb7ef9cce8d79 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4298399acb708ae5:host:172.234.197.23	SESSION-4298399acb708ae5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8d58c039fa1a1304:host:172.234.197.23	SESSION-8d58c039fa1a1304 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-84a17a716ed94f5c:SESSION-84a17a716ed94f5c	SESSION-84a17a716ed94f5c → pe:syn:SESSION-84a17a716ed94f5c
flow_observed4-aryOBS	e:fo:flow:a84e029681a8	flow:a84e029681a8 → host:172.234.197.23 → host:131.196.29.220 → port:tcp:15055
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b304bd763b72b95f:PCAP:capture_20260428010001:b1b402c7b202	SESSION-b304bd763b72b95f → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-635c4a1226b6dd4e:SESSION-635c4a1226b6dd4e	SESSION-635c4a1226b6dd4e → pe:tls:SESSION-635c4a1226b6dd4e
FLOW_TO_HOSTOBS	e:to:SESSION-56d3b103682c9fbe:host:177.10.239.148	SESSION-56d3b103682c9fbe → host:177.10.239.148
FLOW_TO_HOSTOBS	e:to:SESSION-a176047016eec520:host:177.10.235.127	SESSION-a176047016eec520 → host:177.10.235.127
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9ef36b158fc63267:PCAP:capture_20260430060001:919b39a74464	SESSION-9ef36b158fc63267 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-1f003ce3fae962ee:host:177.10.236.12	SESSION-1f003ce3fae962ee → host:177.10.236.12
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30c6bfe2ed3a5bca:host:193.32.162.28	SESSION-30c6bfe2ed3a5bca → host:193.32.162.28
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8bf7420041ec56c9:SESSION-8bf7420041ec56c9	SESSION-8bf7420041ec56c9 → pe:tls:SESSION-8bf7420041ec56c9
FLOW_DST_PORTOBS	e:fp:flow:b075ef361439:port:tcp:443	flow:b075ef361439 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-39aafc698c61dd93:host:172.234.197.23	SESSION-39aafc698c61dd93 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-555dcb6965008cb6:host:131.196.29.131	SESSION-555dcb6965008cb6 → host:131.196.29.131
FLOW_TO_HOSTOBS	e:to:SESSION-93d8ace0d48e8910:host:172.234.197.23	SESSION-93d8ace0d48e8910 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f3651e68c2556a1c:host:172.234.197.23	SESSION-f3651e68c2556a1c → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.115:geo_-16.28860_-49.01640	host:177.10.233.115 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-968009a702657adb:SESSION-968009a702657adb	SESSION-968009a702657adb → pe:tls:SESSION-968009a702657adb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7ff9648a7e097bde:host:149.210.194.32:host:172.234.197.23	SESSION-7ff9648a7e097bde → host:149.210.194.32 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ab65b5d8a01cf3d:host:172.234.197.23	SESSION-9ab65b5d8a01cf3d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3d526a62cd76fa97:PCAP:capture_20260430160001:9bfa4498506a	SESSION-3d526a62cd76fa97 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb6cea4441256ebd:SESSION-cb6cea4441256ebd	SESSION-cb6cea4441256ebd → pe:syn:SESSION-cb6cea4441256ebd
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.228:geo_-23.62930_-46.63510	host:131.196.28.228 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa51bce6270c7d63:SESSION-aa51bce6270c7d63	SESSION-aa51bce6270c7d63 → pe:tls:SESSION-aa51bce6270c7d63
flow_observed4-aryOBS	e:fo:flow:12f29ad30879	flow:12f29ad30879 → host:172.234.197.23 → host:131.196.31.171 → port:tcp:40358
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f40f233058919cef:PCAP:capture_20260430160001:9bfa4498506a	SESSION-f40f233058919cef → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:71dc34540c48	flow:71dc34540c48 → host:177.10.232.88 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:1d87a6e22a1b:port:tcp:443	flow:1d87a6e22a1b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c587e64f570c8df7:host:172.234.197.23	SESSION-c587e64f570c8df7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eab64f08bdc755fb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-eab64f08bdc755fb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:e464be43f527:port:tcp:443	flow:e464be43f527 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77661c4fb07edf10:flow:ff20c5693ea1	SESSION-77661c4fb07edf10 → flow:ff20c5693ea1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7536a33faff5a95d:SESSION-7536a33faff5a95d	SESSION-7536a33faff5a95d → pe:tls:SESSION-7536a33faff5a95d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-89883827e26a2cf6:host:177.10.239.31:host:172.234.197.23	SESSION-89883827e26a2cf6 → host:177.10.239.31 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d52893e766cf8155:host:177.10.235.245:host:172.234.197.23	SESSION-d52893e766cf8155 → host:177.10.235.245 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f62a59cabf6a851:host:172.234.197.23	SESSION-7f62a59cabf6a851 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-db187e026dbc97b6:host:172.234.197.23	SESSION-db187e026dbc97b6 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9e13bed2218b0a9f:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-9e13bed2218b0a9f → PCAP:capture_20260430100001:55715ebbe6bf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.2:geo_-16.28860_-49.01640	host:177.10.233.2 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc2888c0eb9bd2ad:host:172.234.197.23	SESSION-fc2888c0eb9bd2ad → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-33fdede36596a62f:host:97.139.12.85:host:172.234.197.23	SESSION-33fdede36596a62f → host:97.139.12.85 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b880a07e89a760de:host:131.196.30.183	SESSION-b880a07e89a760de → host:131.196.30.183
flow_observed5-aryOBS	e:fo:flow:762ee0d4e964	flow:762ee0d4e964 → host:177.10.232.192 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.194:asn:273470	host:45.173.156.194 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-2ab0305ac0c92587:host:54.218.65.249	SESSION-2ab0305ac0c92587 → host:54.218.65.249
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7738f57138403f60:flow:f4c6bf1043ac	SESSION-7738f57138403f60 → flow:f4c6bf1043ac
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d1191e0b24f1d121:SESSION-d1191e0b24f1d121	SESSION-d1191e0b24f1d121 → pe:syn:SESSION-d1191e0b24f1d121
FLOW_TO_HOSTOBS	e:to:SESSION-97957d43d677156c:host:64.237.250.51	SESSION-97957d43d677156c → host:64.237.250.51
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d5390845b17c572:PCAP:capture_20260430110001:43611bdf6759	SESSION-1d5390845b17c572 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-997b652ef378c5d4:SESSION-997b652ef378c5d4	SESSION-997b652ef378c5d4 → pe:tls:SESSION-997b652ef378c5d4
flow_observed5-aryOBS	e:fo:flow:87cb7bba02bc	flow:87cb7bba02bc → host:131.196.29.253 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:81504a5f849a	flow:81504a5f849a → host:172.234.197.23 → host:177.10.235.187 → port:tcp:27798
FLOW_FROM_HOSTOBS	e:from:SESSION-c587e64f570c8df7:host:172.234.197.23	SESSION-c587e64f570c8df7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-41808c8c85c3c4d3:SESSION-41808c8c85c3c4d3	SESSION-41808c8c85c3c4d3 → pe:syn:SESSION-41808c8c85c3c4d3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dc085f76ab1a4e2b:host:45.173.156.116	SESSION-dc085f76ab1a4e2b → host:45.173.156.116
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5eb3b0eaf7de1b7d:SESSION-5eb3b0eaf7de1b7d	SESSION-5eb3b0eaf7de1b7d → pe:syn:SESSION-5eb3b0eaf7de1b7d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ecc0c586896302d2:PCAP:capture_20260430110001:43611bdf6759	SESSION-ecc0c586896302d2 → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.212:asn:271410	host:131.196.30.212 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68282fbeb04671d9:flow:e1f72d732543	SESSION-68282fbeb04671d9 → flow:e1f72d732543
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3109063707c4a5e1:flow:a2869823e4d7	SESSION-3109063707c4a5e1 → flow:a2869823e4d7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-669451aeea441b50:PCAP:capture_20260430070001:903a0e7a436b	SESSION-669451aeea441b50 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8f8f919bfd11f34b:SESSION-8f8f919bfd11f34b	SESSION-8f8f919bfd11f34b → pe:syn:SESSION-8f8f919bfd11f34b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d4741bb1b7e9e5b0:SESSION-d4741bb1b7e9e5b0	SESSION-d4741bb1b7e9e5b0 → pe:syn:SESSION-d4741bb1b7e9e5b0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3056fcd37df4e63f:host:131.196.31.105	SESSION-3056fcd37df4e63f → host:131.196.31.105
FLOW_DST_PORTOBS	e:fp:flow:155bbe8ed91e:port:tcp:33842	flow:155bbe8ed91e → port:tcp:33842
FLOW_FROM_HOSTOBS	e:from:SESSION-164d60043533ec4c:host:172.234.197.23	SESSION-164d60043533ec4c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f79e79f663ba44d9:SESSION-f79e79f663ba44d9	SESSION-f79e79f663ba44d9 → pe:tls:SESSION-f79e79f663ba44d9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e32df6cc4891bacc:host:172.234.197.23:host:131.196.30.102	SESSION-e32df6cc4891bacc → host:172.234.197.23 → host:131.196.30.102
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0ab8c1601f71acf4:flow:2d3fc437f8bf	SESSION-0ab8c1601f71acf4 → flow:2d3fc437f8bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d098d799c39976fd:SESSION-d098d799c39976fd	SESSION-d098d799c39976fd → pe:tls:SESSION-d098d799c39976fd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ac89834f3c269f55:PCAP:capture_20260430090001:065659c7d314	SESSION-ac89834f3c269f55 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ddb8ef81f168c6c0:SESSION-ddb8ef81f168c6c0	SESSION-ddb8ef81f168c6c0 → pe:syn:SESSION-ddb8ef81f168c6c0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-d1ca1108b3f9fffc:SESSION-d1ca1108b3f9fffc	SESSION-d1ca1108b3f9fffc → pe:rst:SESSION-d1ca1108b3f9fffc
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.179:asn:262880	host:177.10.234.179 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.70:asn:262880	host:177.10.235.70 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-175dd6ba51fb3cf7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-175dd6ba51fb3cf7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:012736c3643c	flow:012736c3643c → host:131.196.28.198 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ffcf84507219fc2:host:172.234.197.23:host:177.10.239.2	SESSION-1ffcf84507219fc2 → host:172.234.197.23 → host:177.10.239.2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9c84656a173f6275:flow:af4d6e2418ef	SESSION-9c84656a173f6275 → flow:af4d6e2418ef
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-99d609228b1b32ef:SESSION-99d609228b1b32ef	SESSION-99d609228b1b32ef → pe:syn:SESSION-99d609228b1b32ef
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e13bed2218b0a9f:host:177.10.233.208	SESSION-9e13bed2218b0a9f → host:177.10.233.208
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad7e9be9d0a80554:host:172.234.197.23	SESSION-ad7e9be9d0a80554 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e87421895e57790a:host:177.10.238.237	SESSION-e87421895e57790a → host:177.10.238.237
FLOW_DST_PORTOBS	e:fp:flow:bf17f6c649c7:port:tcp:443	flow:bf17f6c649c7 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.112:asn:262880	host:177.10.239.112 → asn:262880
ASN_IN_ORGOBS 80%	e:ao:asn:12392:org:VOO S.A.	asn:12392 → org:VOO S.A.
FLOW_FROM_HOSTOBS	e:from:SESSION-8c058dbfcf0ab82c:host:172.234.197.23	SESSION-8c058dbfcf0ab82c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3739e8b613327ce5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-3739e8b613327ce5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-75251a40e4bc6a46:SESSION-75251a40e4bc6a46	SESSION-75251a40e4bc6a46 → pe:tls:SESSION-75251a40e4bc6a46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f4a8961dba27f33:host:103.155.16.117	SESSION-5f4a8961dba27f33 → host:103.155.16.117
FLOW_TO_HOSTOBS	e:to:SESSION-413ea94c965ce051:host:172.234.197.23	SESSION-413ea94c965ce051 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fc5634306e23209a:SESSION-fc5634306e23209a	SESSION-fc5634306e23209a → pe:tls:SESSION-fc5634306e23209a
FLOW_FROM_HOSTOBS	e:from:SESSION-2560fc1185e4e3e7:host:45.173.156.202	SESSION-2560fc1185e4e3e7 → host:45.173.156.202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf1877ae18abdd85:SESSION-bf1877ae18abdd85	SESSION-bf1877ae18abdd85 → pe:tls:SESSION-bf1877ae18abdd85
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-456e62c8b4b103dc:PCAP:capture_20260430090001:065659c7d314	SESSION-456e62c8b4b103dc → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:c31400c1dc74:port:tcp:443	flow:c31400c1dc74 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-959e19b011db2562:host:57.128.95.174:host:172.234.197.23	SESSION-959e19b011db2562 → host:57.128.95.174 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c70d9a6440c9b19a:host:172.234.197.23	SESSION-c70d9a6440c9b19a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-38231883b4033aa4:host:131.196.30.148	SESSION-38231883b4033aa4 → host:131.196.30.148
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b1f95fcf0f122c7:host:131.196.31.7	SESSION-4b1f95fcf0f122c7 → host:131.196.31.7
FLOW_FROM_HOSTOBS	e:from:SESSION-b1ed5736d80d2991:host:172.234.197.23	SESSION-b1ed5736d80d2991 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-86feda8665cc2010:host:45.173.156.150	SESSION-86feda8665cc2010 → host:45.173.156.150
FLOW_TO_HOSTOBS	e:to:SESSION-2cb296f879c20d45:host:172.234.197.23	SESSION-2cb296f879c20d45 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a87d3ab31183768a:host:172.234.197.23	SESSION-a87d3ab31183768a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4363548d57b1d6df:SESSION-4363548d57b1d6df	SESSION-4363548d57b1d6df → pe:syn:SESSION-4363548d57b1d6df
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-42eae260ad8ea663:SESSION-42eae260ad8ea663	SESSION-42eae260ad8ea663 → pe:syn:SESSION-42eae260ad8ea663
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-35e3c61c67455ba8:SESSION-35e3c61c67455ba8	SESSION-35e3c61c67455ba8 → pe:tls:SESSION-35e3c61c67455ba8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d6d6cedb2de1ad8d:PCAP:capture_20260430110001:43611bdf6759	SESSION-d6d6cedb2de1ad8d → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-2490746063a947f9:host:172.234.197.23	SESSION-2490746063a947f9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f97616f4c907a8c:flow:36ebab8ca775	SESSION-4f97616f4c907a8c → flow:36ebab8ca775
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6756f0bedb2cdb12:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-6756f0bedb2cdb12 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4eeddeaeae099136:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4eeddeaeae099136 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a22fc187bcc4d705:host:45.173.156.116	SESSION-a22fc187bcc4d705 → host:45.173.156.116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5b56d4198adefd3:host:172.234.197.23	SESSION-d5b56d4198adefd3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fab5b16eef82:port:tcp:443	flow:fab5b16eef82 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e5ba4a44df249a00:SESSION-e5ba4a44df249a00	SESSION-e5ba4a44df249a00 → pe:tls:SESSION-e5ba4a44df249a00
FLOW_DST_PORTOBS	e:fp:flow:dd39a1986418:port:tcp:3851	flow:dd39a1986418 → port:tcp:3851
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.97:geo_-16.28860_-49.01640	host:177.10.234.97 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b7ec051587501bc:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5b7ec051587501bc → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-182527d04a349453:host:172.234.197.23	SESSION-182527d04a349453 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.97:geo_41.02140_28.99480	host:31.40.196.97 → geo_41.02140_28.99480
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-764219a5db7d50bc:host:131.196.30.189:host:172.234.197.23	SESSION-764219a5db7d50bc → host:131.196.30.189 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7dc8a86be27d0230:SESSION-7dc8a86be27d0230	SESSION-7dc8a86be27d0230 → pe:syn:SESSION-7dc8a86be27d0230
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-745809bcd8ad6979:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-745809bcd8ad6979 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.214:asn:262880	host:177.10.234.214 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a6b762e1d0d174fb:host:131.196.30.69:host:172.234.197.23	SESSION-a6b762e1d0d174fb → host:131.196.30.69 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f2e1e1ea3d3f0587:PCAP:capture_20260430090001:065659c7d314	SESSION-f2e1e1ea3d3f0587 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f8e250b2be37e497:SESSION-f8e250b2be37e497	SESSION-f8e250b2be37e497 → pe:tls:SESSION-f8e250b2be37e497
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-74744b11834c8470:SESSION-74744b11834c8470	SESSION-74744b11834c8470 → pe:tls:SESSION-74744b11834c8470
FLOW_DST_PORTOBS	e:fp:flow:a2b1476066ca:port:tcp:52306	flow:a2b1476066ca → port:tcp:52306
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:2.57.122.196:geo_45.99680_24.99700	host:2.57.122.196 → geo_45.99680_24.99700
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4dc418e4265e72ea:flow:7ccb0cb641f4	SESSION-4dc418e4265e72ea → flow:7ccb0cb641f4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d290f0be98eecddb:flow:7e01232a35e4	SESSION-d290f0be98eecddb → flow:7e01232a35e4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.200:asn:271410	host:131.196.30.200 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e1d806fe7541c4b2:flow:aa1c159fda0e	SESSION-e1d806fe7541c4b2 → flow:aa1c159fda0e
FLOW_TLS_SNIOBS	e:fs:flow:61e75f6e333e:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:61e75f6e333e → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_DST_PORTOBS	e:fp:flow:ae88c957b21b:port:tcp:443	flow:ae88c957b21b → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-09a6e49240d11692:SESSION-09a6e49240d11692	SESSION-09a6e49240d11692 → pe:syn:SESSION-09a6e49240d11692
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7bd472de7dbc823f:SESSION-7bd472de7dbc823f	SESSION-7bd472de7dbc823f → pe:syn:SESSION-7bd472de7dbc823f
HOST_IN_ASNOBS 85%	e:ha:host:172.232.0.16:asn:63949	host:172.232.0.16 → asn:63949
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-95152bde385a2e89:flow:401c8f0fd65c	SESSION-95152bde385a2e89 → flow:401c8f0fd65c
flow_observed5-aryOBS	e:fo:flow:4715a1b4db57	flow:4715a1b4db57 → host:131.196.31.201 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9f6479625c7774ad:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-9f6479625c7774ad → PCAP:capture_20260430100001:55715ebbe6bf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.137:geo_-23.62930_-46.63510	host:131.196.30.137 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-192cf58c18726bf1:PCAP:capture_20260430050001:8868731bf8a4	SESSION-192cf58c18726bf1 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d220051223525d86:SESSION-d220051223525d86	SESSION-d220051223525d86 → pe:tls:SESSION-d220051223525d86
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5016108ab6552957:host:177.10.239.247	SESSION-5016108ab6552957 → host:177.10.239.247
FLOW_FROM_HOSTOBS	e:from:SESSION-24e3c3c409f2ba92:host:69.235.185.81	SESSION-24e3c3c409f2ba92 → host:69.235.185.81
FLOW_DST_PORTOBS	e:fp:flow:e63568a80d79:port:tcp:443	flow:e63568a80d79 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3854a3544c69d398:host:172.234.197.23	SESSION-3854a3544c69d398 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cf85a83f91ce2875:host:172.234.197.23:host:131.196.30.12	SESSION-cf85a83f91ce2875 → host:172.234.197.23 → host:131.196.30.12
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-970263f3772afe71:host:172.234.197.23:host:45.173.156.38	SESSION-970263f3772afe71 → host:172.234.197.23 → host:45.173.156.38
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.252:asn:262880	host:177.10.234.252 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b35e3cddd5fc2e72:flow:254a637fa466	SESSION-b35e3cddd5fc2e72 → flow:254a637fa466
FLOW_FROM_HOSTOBS	e:from:SESSION-7d1c756fff84e2d4:host:172.234.197.23	SESSION-7d1c756fff84e2d4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e12300b6212ab14:SESSION-7e12300b6212ab14	SESSION-7e12300b6212ab14 → pe:syn:SESSION-7e12300b6212ab14
flow_observed4-aryOBS	e:fo:flow:52094d815370	flow:52094d815370 → host:172.234.197.23 → host:177.10.237.237 → port:tcp:27385
flow_observed5-aryOBS	e:fo:flow:11c7bb2f84e7	flow:11c7bb2f84e7 → host:177.10.233.17 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:7cbdeaf957f0:port:tcp:23725	flow:7cbdeaf957f0 → port:tcp:23725
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5e816643ff0559e8:SESSION-5e816643ff0559e8	SESSION-5e816643ff0559e8 → pe:syn:SESSION-5e816643ff0559e8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-202b4507c8c6a688:PCAP:capture_20260430080001:93f47cc296a4	SESSION-202b4507c8c6a688 → PCAP:capture_20260430080001:93f47cc296a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.32:geo_-23.62930_-46.63510	host:131.196.31.32 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d776155c4ea7cbea:SESSION-d776155c4ea7cbea	SESSION-d776155c4ea7cbea → pe:tls:SESSION-d776155c4ea7cbea
FLOW_TO_HOSTOBS	e:to:SESSION-df4b466e6cf802c5:host:172.234.197.23	SESSION-df4b466e6cf802c5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-017fcd2c03e3a5c1:host:131.196.28.89	SESSION-017fcd2c03e3a5c1 → host:131.196.28.89
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f1b980e392c4795:host:45.173.156.67:host:172.234.197.23	SESSION-4f1b980e392c4795 → host:45.173.156.67 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7e06a830af01410:SESSION-b7e06a830af01410	SESSION-b7e06a830af01410 → pe:tls:SESSION-b7e06a830af01410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1f299703bc1b4ff9:SESSION-1f299703bc1b4ff9	SESSION-1f299703bc1b4ff9 → pe:syn:SESSION-1f299703bc1b4ff9
FLOW_FROM_HOSTOBS	e:from:SESSION-d0929735579c89e2:host:172.234.197.23	SESSION-d0929735579c89e2 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:2bd4f5d8a688	flow:2bd4f5d8a688 → host:172.234.197.23 → host:131.196.28.228 → port:tcp:11295
FLOW_FROM_HOSTOBS	e:from:SESSION-184aec41cea03479:host:177.10.232.253	SESSION-184aec41cea03479 → host:177.10.232.253
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c77e81e6376168a3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c77e81e6376168a3 → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.120:asn:203771	host:37.221.79.120 → asn:203771
FLOW_TO_HOSTOBS	e:to:SESSION-8aa4413fe5db5235:host:172.234.197.23	SESSION-8aa4413fe5db5235 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ab491f454947df2e:SESSION-ab491f454947df2e	SESSION-ab491f454947df2e → pe:syn:SESSION-ab491f454947df2e
FLOW_TO_HOSTOBS	e:to:SESSION-4c7b4cea62f376fb:host:172.234.197.23	SESSION-4c7b4cea62f376fb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7de8e99103378c90:host:172.234.197.23	SESSION-7de8e99103378c90 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0786c46a404d7589:host:177.10.238.124	SESSION-0786c46a404d7589 → host:177.10.238.124
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-30052afb1f0268ab:SESSION-30052afb1f0268ab	SESSION-30052afb1f0268ab → pe:tls:SESSION-30052afb1f0268ab
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0ce4fb974af5131d:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0ce4fb974af5131d → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-2eb904b60673a30b:host:172.234.197.23	SESSION-2eb904b60673a30b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.252:asn:262880	host:177.10.239.252 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f8362a96ce0b7626:PCAP:capture_20260428010001:b1b402c7b202	SESSION-f8362a96ce0b7626 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-161fb053b15bb516:host:177.10.236.165	SESSION-161fb053b15bb516 → host:177.10.236.165
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4b869f0759406bd5:SESSION-4b869f0759406bd5	SESSION-4b869f0759406bd5 → pe:syn:SESSION-4b869f0759406bd5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0d1802072f1dd852:host:177.10.233.101:host:172.234.197.23	SESSION-0d1802072f1dd852 → host:177.10.233.101 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9b3c44b150c9	flow:9b3c44b150c9 → host:131.196.29.46 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-81c8b3fdf002e09e:host:177.10.236.146:host:172.234.197.23	SESSION-81c8b3fdf002e09e → host:177.10.236.146 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0d1e9854752b2176:host:131.196.31.145	SESSION-0d1e9854752b2176 → host:131.196.31.145
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-54d23880cad1a846:flow:63c6719f1581	SESSION-54d23880cad1a846 → flow:63c6719f1581
FLOW_DST_PORTOBS	e:fp:flow:1c82b7b012f1:port:tcp:443	flow:1c82b7b012f1 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-49c1d2d9ba1746da:PCAP:capture_20260430080001:93f47cc296a4	SESSION-49c1d2d9ba1746da → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-c4145be500857fbf:host:177.10.239.99	SESSION-c4145be500857fbf → host:177.10.239.99
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f3b2b5737f36d7ec:host:177.10.236.220:host:172.234.197.23	SESSION-f3b2b5737f36d7ec → host:177.10.236.220 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24aa07f03f2c2273:host:172.234.197.23	SESSION-24aa07f03f2c2273 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-78f6342ed3f64031:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-78f6342ed3f64031 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8fbc053aa21c3a10:PCAP:capture_20260430150001:ded20914761d	SESSION-8fbc053aa21c3a10 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-59d92efe40de2f35:SESSION-59d92efe40de2f35	SESSION-59d92efe40de2f35 → pe:tls:SESSION-59d92efe40de2f35
FLOW_TO_HOSTOBS	e:to:SESSION-b9f43ed2bc91ec43:host:172.234.197.23	SESSION-b9f43ed2bc91ec43 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7063a4bdff0e259c:host:131.196.30.230	SESSION-7063a4bdff0e259c → host:131.196.30.230
FLOW_DST_PORTOBS	e:fp:flow:8dbba576826a:port:tcp:443	flow:8dbba576826a → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bde2562b2e16b844:host:172.234.197.23:host:177.10.235.14	SESSION-bde2562b2e16b844 → host:172.234.197.23 → host:177.10.235.14
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ca707063b726bac:host:131.196.28.95	SESSION-8ca707063b726bac → host:131.196.28.95
flow_observed5-aryOBS	e:fo:flow:1d8ac3ce6292	flow:1d8ac3ce6292 → host:177.10.238.187 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ce92926e8e7d59d2:host:177.10.238.68:host:172.234.197.23	SESSION-ce92926e8e7d59d2 → host:177.10.238.68 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.157:asn:262880	host:177.10.232.157 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:52094d815370:port:tcp:27385	flow:52094d815370 → port:tcp:27385
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.33:geo_-16.28860_-49.01640	host:177.10.232.33 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3baedacad496627d:host:177.10.239.176:host:172.234.197.23	SESSION-3baedacad496627d → host:177.10.239.176 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5e8651e0c063dc0a:PCAP:capture_20260430050001:8868731bf8a4	SESSION-5e8651e0c063dc0a → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-e327e4197615d5bf:host:172.234.197.23	SESSION-e327e4197615d5bf → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-40ef48225b459fb9:flow:fe7e1e129435	SESSION-40ef48225b459fb9 → flow:fe7e1e129435
flow_observed4-aryOBS	e:fo:flow:eb9c7ca8e40c	flow:eb9c7ca8e40c → host:172.234.197.23 → host:177.10.237.216 → port:tcp:21400
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac87af78ff19f5c9:host:172.234.197.23	SESSION-ac87af78ff19f5c9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5167ceabb03264f1:host:45.173.156.197	SESSION-5167ceabb03264f1 → host:45.173.156.197
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-36f959353527c71a:flow:fb392a4603a9	SESSION-36f959353527c71a → flow:fb392a4603a9
FLOW_TO_HOSTOBS	e:to:SESSION-54f6eb1f506e4a3a:host:177.10.233.85	SESSION-54f6eb1f506e4a3a → host:177.10.233.85
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e1d806fe7541c4b2:SESSION-e1d806fe7541c4b2	SESSION-e1d806fe7541c4b2 → pe:tls:SESSION-e1d806fe7541c4b2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.77:asn:262880	host:177.10.239.77 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-01716d55cf2099e5:PCAP:capture_20260430110001:43611bdf6759	SESSION-01716d55cf2099e5 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-98030dd572a97d39:SESSION-98030dd572a97d39	SESSION-98030dd572a97d39 → pe:tls:SESSION-98030dd572a97d39
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1f78283937123fd5:PCAP:capture_20260430060001:919b39a74464	SESSION-1f78283937123fd5 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9343604177341c5:host:177.10.234.251	SESSION-a9343604177341c5 → host:177.10.234.251
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.237:asn:271410	host:131.196.28.237 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65029066d9cd1f24:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-65029066d9cd1f24 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d610f9ec6aa577ae:PCAP:capture_20260430150001:ded20914761d	SESSION-d610f9ec6aa577ae → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.12:asn:262880	host:177.10.235.12 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5218a703d93123a3:SESSION-5218a703d93123a3	SESSION-5218a703d93123a3 → pe:tls:SESSION-5218a703d93123a3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-675cba805cfc6bb8:PCAP:capture_20260430090001:065659c7d314	SESSION-675cba805cfc6bb8 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d678c7d14c2f15db:host:172.234.197.23	SESSION-d678c7d14c2f15db → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3e5e93fe3cda49d:host:172.234.197.23	SESSION-a3e5e93fe3cda49d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c124aef8e6ea7da5:host:177.10.238.247	SESSION-c124aef8e6ea7da5 → host:177.10.238.247
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6682b9978761b80b:host:177.10.239.115:host:172.234.197.23	SESSION-6682b9978761b80b → host:177.10.239.115 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68a3da1f806283eb:host:172.234.197.23:host:131.196.29.67	SESSION-68a3da1f806283eb → host:172.234.197.23 → host:131.196.29.67
flow_observed4-aryOBS	e:fo:flow:75e4994a258b	flow:75e4994a258b → host:172.234.197.23 → host:45.173.156.14 → port:tcp:32685
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fd4f176877b3d058:host:172.234.197.23:host:131.196.31.146	SESSION-fd4f176877b3d058 → host:172.234.197.23 → host:131.196.31.146
flow_observed5-aryOBS	e:fo:flow:247bd0e3b7f8	flow:247bd0e3b7f8 → host:131.196.31.130 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-7a800bc67052acb8:host:131.196.31.88	SESSION-7a800bc67052acb8 → host:131.196.31.88
flow_observed4-aryOBS	e:fo:flow:b72f88a9c0c6	flow:b72f88a9c0c6 → host:172.234.197.23 → host:131.196.30.104 → port:tcp:29928
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9494583da7ce1d88:PCAP:capture_20260430160001:9bfa4498506a	SESSION-9494583da7ce1d88 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5a59556c261862d:SESSION-b5a59556c261862d	SESSION-b5a59556c261862d → pe:syn:SESSION-b5a59556c261862d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4d237675f94d453:host:144.76.23.34	SESSION-a4d237675f94d453 → host:144.76.23.34
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6394463f1caee3eb:host:172.234.197.23:host:177.10.232.207	SESSION-6394463f1caee3eb → host:172.234.197.23 → host:177.10.232.207
flow_observed5-aryOBS	e:fo:flow:19537cef41e5	flow:19537cef41e5 → host:177.10.234.12 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-20cf12e311e55250:PCAP:capture_20260430090001:065659c7d314	SESSION-20cf12e311e55250 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.223:geo_-23.62930_-46.63510	host:131.196.28.223 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e995e7d6e6aa04f6:flow:35f8b65cdfe8	SESSION-e995e7d6e6aa04f6 → flow:35f8b65cdfe8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-12cb447eb42d83b5:SESSION-12cb447eb42d83b5	SESSION-12cb447eb42d83b5 → pe:tls:SESSION-12cb447eb42d83b5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6050ca7af62c0465:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6050ca7af62c0465 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:05ef07bcb6b2:port:tcp:25198	flow:05ef07bcb6b2 → port:tcp:25198
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7dea1c67796075ab:host:177.10.238.218:host:172.234.197.23	SESSION-7dea1c67796075ab → host:177.10.238.218 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-deb97792675d8a5d:flow:bc4151fd6a85	SESSION-deb97792675d8a5d → flow:bc4151fd6a85
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-605acf1f49534e97:PCAP:capture_20260430080001:93f47cc296a4	SESSION-605acf1f49534e97 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b8f2b3515afd502b:SESSION-b8f2b3515afd502b	SESSION-b8f2b3515afd502b → pe:syn:SESSION-b8f2b3515afd502b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ce2f2546c044634:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8ce2f2546c044634 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-58a871785a3878fd:SESSION-58a871785a3878fd	SESSION-58a871785a3878fd → pe:tls:SESSION-58a871785a3878fd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6fda720fc6282204:host:172.234.197.23	SESSION-6fda720fc6282204 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b325e5efc54d34b8:host:172.234.197.23	SESSION-b325e5efc54d34b8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ad468f8fa72444f5:host:172.234.197.23:host:177.10.236.16	SESSION-ad468f8fa72444f5 → host:172.234.197.23 → host:177.10.236.16
flow_observed5-aryOBS	e:fo:flow:fece39964b22	flow:fece39964b22 → host:177.10.237.244 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:4a6ab53421e3:port:tcp:1979	flow:4a6ab53421e3 → port:tcp:1979
FLOW_DST_PORTOBS	e:fp:flow:9ddcb64ac58c:port:tcp:60499	flow:9ddcb64ac58c → port:tcp:60499
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c24aca5564d2ae55:flow:8f5d2d82ff5b	SESSION-c24aca5564d2ae55 → flow:8f5d2d82ff5b
FLOW_TO_HOSTOBS	e:to:SESSION-5644212eea272a87:host:172.234.197.23	SESSION-5644212eea272a87 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40f1f2214a3951bb:host:172.234.197.23	SESSION-40f1f2214a3951bb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8b3ab5aeea0af112:host:177.10.234.143	SESSION-8b3ab5aeea0af112 → host:177.10.234.143
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a208e591aeac31e9:SESSION-a208e591aeac31e9	SESSION-a208e591aeac31e9 → pe:tls:SESSION-a208e591aeac31e9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77e4374445abb63e:SESSION-77e4374445abb63e	SESSION-77e4374445abb63e → pe:tls:SESSION-77e4374445abb63e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a7b3f412ee893afd:PCAP:capture_20260430110001:43611bdf6759	SESSION-a7b3f412ee893afd → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68342cf3c00e7f2e:host:172.234.197.23	SESSION-68342cf3c00e7f2e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ae7fdfef3c61	flow:ae7fdfef3c61 → host:131.196.28.177 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8300d990ddd9a21:flow:0ea601f47c8a	SESSION-c8300d990ddd9a21 → flow:0ea601f47c8a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f97616f4c907a8c:PCAP:capture_20260430110001:43611bdf6759	SESSION-4f97616f4c907a8c → PCAP:capture_20260430110001:43611bdf6759
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.86:geo_-16.28860_-49.01640	host:177.10.233.86 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:d1d54af57315	flow:d1d54af57315 → host:177.10.233.216 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2240076057fcee51:host:172.234.197.23	SESSION-2240076057fcee51 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-105866a23abaa0d9:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-105866a23abaa0d9 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.237:geo_-16.28860_-49.01640	host:177.10.236.237 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-d00c2356d94b56a1:host:177.10.236.204	SESSION-d00c2356d94b56a1 → host:177.10.236.204
FLOW_DST_PORTOBS	e:fp:flow:fb4025e95017:port:tcp:443	flow:fb4025e95017 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.176:asn:262880	host:177.10.235.176 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c15e0230f45f826:host:172.234.197.23	SESSION-6c15e0230f45f826 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-de195b26c1af220a:PCAP:capture_20260430110001:43611bdf6759	SESSION-de195b26c1af220a → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2f997fef874b1b1e:flow:1b01833b9299	SESSION-2f997fef874b1b1e → flow:1b01833b9299
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-63fc840f6df40503:flow:87cb7bba02bc	SESSION-63fc840f6df40503 → flow:87cb7bba02bc
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.120:asn:262880	host:177.10.237.120 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-581b4c1bc6ff5f0b:host:131.196.29.162	SESSION-581b4c1bc6ff5f0b → host:131.196.29.162
FLOW_TO_HOSTOBS	e:to:SESSION-d60298c7dc6ec77f:host:172.234.197.23	SESSION-d60298c7dc6ec77f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b81fa97d99ce77b6:SESSION-b81fa97d99ce77b6	SESSION-b81fa97d99ce77b6 → pe:syn:SESSION-b81fa97d99ce77b6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa8465f08de511a2:host:177.10.235.237	SESSION-aa8465f08de511a2 → host:177.10.235.237
FLOW_TO_HOSTOBS	e:to:SESSION-7858b3452cd9a479:host:172.234.197.23	SESSION-7858b3452cd9a479 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a782bfdef89df980:flow:88ae630b16fe	SESSION-a782bfdef89df980 → flow:88ae630b16fe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-49c1d2d9ba1746da:SESSION-49c1d2d9ba1746da	SESSION-49c1d2d9ba1746da → pe:tls:SESSION-49c1d2d9ba1746da
flow_observed4-aryOBS	e:fo:flow:bc02f6212fca	flow:bc02f6212fca → host:172.234.197.23 → host:177.10.234.204 → port:tcp:47421
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-88a21eebc91cc549:SESSION-88a21eebc91cc549	SESSION-88a21eebc91cc549 → pe:syn:SESSION-88a21eebc91cc549
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2811f86b559a674a:host:131.196.30.119:host:172.234.197.23	SESSION-2811f86b559a674a → host:131.196.30.119 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-858e7fe3651dc7b6:host:177.10.239.64	SESSION-858e7fe3651dc7b6 → host:177.10.239.64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3d6a52e82bb8db7f:SESSION-3d6a52e82bb8db7f	SESSION-3d6a52e82bb8db7f → pe:syn:SESSION-3d6a52e82bb8db7f
FLOW_TO_HOSTOBS	e:to:SESSION-d5b80b4b47f274ca:host:172.234.197.23	SESSION-d5b80b4b47f274ca → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b7f75116e650c71:host:177.10.237.101	SESSION-7b7f75116e650c71 → host:177.10.237.101
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-383c10f8cce4ec29:host:35.92.48.165:host:172.234.197.23	SESSION-383c10f8cce4ec29 → host:35.92.48.165 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa372e44ee6fb3e7:flow:6d9a418c6401	SESSION-aa372e44ee6fb3e7 → flow:6d9a418c6401
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9bd60248a4061d8d:host:177.10.238.98	SESSION-9bd60248a4061d8d → host:177.10.238.98
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-abc64529b37d4840:flow:b97c402bad8c	SESSION-abc64529b37d4840 → flow:b97c402bad8c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fdb0bb1f6466838c:flow:33b730478383	SESSION-fdb0bb1f6466838c → flow:33b730478383
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c3bfd44b04badb9b:flow:7e1d945377ab	SESSION-c3bfd44b04badb9b → flow:7e1d945377ab
FLOW_DST_PORTOBS	e:fp:flow:6511290d64f1:port:tcp:443	flow:6511290d64f1 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.21:geo_-16.28860_-49.01640	host:177.10.235.21 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e76f09c0f210884:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4e76f09c0f210884 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-4cde7abdf73c6af1:SESSION-4cde7abdf73c6af1	SESSION-4cde7abdf73c6af1 → pe:dns:SESSION-4cde7abdf73c6af1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.45:geo_-16.28860_-49.01640	host:177.10.239.45 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7ab46af96ea11edd:SESSION-7ab46af96ea11edd	SESSION-7ab46af96ea11edd → pe:tls:SESSION-7ab46af96ea11edd
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-08d3390238946fda:flow:62b620dd6ffc	SESSION-08d3390238946fda → flow:62b620dd6ffc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5ed2dc2be6795ae2:SESSION-5ed2dc2be6795ae2	SESSION-5ed2dc2be6795ae2 → pe:tls:SESSION-5ed2dc2be6795ae2
FLOW_FROM_HOSTOBS	e:from:SESSION-0e52442a00447444:host:172.234.197.23	SESSION-0e52442a00447444 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9fdd0c4709fb:port:udp:53	flow:9fdd0c4709fb → port:udp:53
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4cc2e8571100ea2b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-4cc2e8571100ea2b → PCAP:capture_20260430080001:93f47cc296a4
flow_observed4-aryOBS	e:fo:flow:d0124c1ae468	flow:d0124c1ae468 → host:172.234.197.23 → host:177.10.236.42 → port:tcp:669
FLOW_DST_PORTOBS	e:fp:flow:c29121159bd5:port:tcp:443	flow:c29121159bd5 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a19838102931ca6:host:172.234.197.23	SESSION-2a19838102931ca6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1213fdeaeb0b4e25:host:45.173.156.44	SESSION-1213fdeaeb0b4e25 → host:45.173.156.44
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1745753d6a990e0e:flow:d6752e166704	SESSION-1745753d6a990e0e → flow:d6752e166704
FLOW_TO_HOSTOBS	e:to:SESSION-7a800bc67052acb8:host:172.234.197.23	SESSION-7a800bc67052acb8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-805fb07d7b5cb44b:SESSION-805fb07d7b5cb44b	SESSION-805fb07d7b5cb44b → pe:syn:SESSION-805fb07d7b5cb44b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35561958c0468d3f:host:131.196.30.152	SESSION-35561958c0468d3f → host:131.196.30.152
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2bde5ab088d2882:host:172.234.197.23	SESSION-c2bde5ab088d2882 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e356e25dcbb8:port:tcp:443	flow:e356e25dcbb8 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.81:geo_-23.62930_-46.63510	host:131.196.31.81 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:4d142266c6f4	flow:4d142266c6f4 → host:177.10.239.135 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cff48a7a06adcd8f:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-cff48a7a06adcd8f → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TLS_SNIOBS	e:fs:flow:bb9a57566950:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:bb9a57566950 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce9448c6704b565d:host:172.234.197.23	SESSION-ce9448c6704b565d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85f6b1896204af93:host:177.10.238.122	SESSION-85f6b1896204af93 → host:177.10.238.122
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7d9537ea92aed5d6:PCAP:capture_20260430090001:065659c7d314	SESSION-7d9537ea92aed5d6 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6afafa975f8bbed9:host:172.234.197.23:host:177.10.234.9	SESSION-6afafa975f8bbed9 → host:172.234.197.23 → host:177.10.234.9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6e8b24d973ac1177:host:177.10.237.15:host:172.234.197.23	SESSION-6e8b24d973ac1177 → host:177.10.237.15 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-415460770952c9a4:host:177.10.232.135	SESSION-415460770952c9a4 → host:177.10.232.135
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9f6479625c7774ad:host:177.10.239.118:host:172.234.197.23	SESSION-9f6479625c7774ad → host:177.10.239.118 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7963f405207d2813:host:172.234.197.23:host:177.10.234.162	SESSION-7963f405207d2813 → host:172.234.197.23 → host:177.10.234.162
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf679119291e5246:host:177.10.238.24:host:172.234.197.23	SESSION-bf679119291e5246 → host:177.10.238.24 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.199:asn:262880	host:177.10.233.199 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-7aaf7c17fdae8be6:host:131.196.28.246	SESSION-7aaf7c17fdae8be6 → host:131.196.28.246
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-97a6ca320e2242f6:SESSION-97a6ca320e2242f6	SESSION-97a6ca320e2242f6 → pe:tls:SESSION-97a6ca320e2242f6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0ea34ef73cf330d2:PCAP:capture_20260430060001:919b39a74464	SESSION-0ea34ef73cf330d2 → PCAP:capture_20260430060001:919b39a74464
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.34:geo_41.00190_28.96450	host:95.170.25.34 → geo_41.00190_28.96450
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-682271ad5b560620:flow:ff9febee1674	SESSION-682271ad5b560620 → flow:ff9febee1674
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-afd30c72829a35a2:flow:179a27b6c82f	SESSION-afd30c72829a35a2 → flow:179a27b6c82f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-621f2e97c51ae8e1:SESSION-621f2e97c51ae8e1	SESSION-621f2e97c51ae8e1 → pe:tls:SESSION-621f2e97c51ae8e1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86e3f0fd63ed2ea3:host:172.234.197.23	SESSION-86e3f0fd63ed2ea3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cf85e37468f1ff86:SESSION-cf85e37468f1ff86	SESSION-cf85e37468f1ff86 → pe:syn:SESSION-cf85e37468f1ff86
FLOW_FROM_HOSTOBS	e:from:SESSION-3109063707c4a5e1:host:131.196.30.188	SESSION-3109063707c4a5e1 → host:131.196.30.188
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-045a77174f347205:SESSION-045a77174f347205	SESSION-045a77174f347205 → pe:tls:SESSION-045a77174f347205
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0b6872bf6474c44:host:172.234.197.23	SESSION-f0b6872bf6474c44 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fa1be017e5052d0a:SESSION-fa1be017e5052d0a	SESSION-fa1be017e5052d0a → pe:syn:SESSION-fa1be017e5052d0a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f0b2e3019193f1ba:host:177.10.232.91:host:172.234.197.23	SESSION-f0b2e3019193f1ba → host:177.10.232.91 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.248:geo_-23.62930_-46.63510	host:131.196.28.248 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8982cb545b77cb1a:host:131.196.30.83:host:172.234.197.23	SESSION-8982cb545b77cb1a → host:131.196.30.83 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9be6dcd7d7b7ac03:flow:11fff8b667ab	SESSION-9be6dcd7d7b7ac03 → flow:11fff8b667ab
FLOW_DST_PORTOBS	e:fp:flow:2c0e36a618e9:port:tcp:443	flow:2c0e36a618e9 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-158ec8f739ce5586:host:131.196.30.68	SESSION-158ec8f739ce5586 → host:131.196.30.68
FLOW_DST_PORTOBS	e:fp:flow:b242b62ec151:port:tcp:53188	flow:b242b62ec151 → port:tcp:53188
FLOW_DST_PORTOBS	e:fp:flow:5a18bfe2e6a6:port:tcp:443	flow:5a18bfe2e6a6 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f73bbd477b19c775:PCAP:capture_20260430060001:919b39a74464	SESSION-f73bbd477b19c775 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b61117bf3d91dba8:host:177.10.238.110	SESSION-b61117bf3d91dba8 → host:177.10.238.110
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-19f4ea615eaf7325:flow:a8bcd235a333	SESSION-19f4ea615eaf7325 → flow:a8bcd235a333
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-edebc7da73e26840:SESSION-edebc7da73e26840	SESSION-edebc7da73e26840 → pe:tls:SESSION-edebc7da73e26840
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68282fbeb04671d9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-68282fbeb04671d9 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2a2cae37d21287a7:host:177.10.239.213:host:172.234.197.23	SESSION-2a2cae37d21287a7 → host:177.10.239.213 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8098f7aeb1e3da6f:host:172.234.197.23	SESSION-8098f7aeb1e3da6f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b223dcd1f64dfb9:flow:be92f25f6322	SESSION-7b223dcd1f64dfb9 → flow:be92f25f6322
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8feeff9d44d6e844:host:177.10.239.189	SESSION-8feeff9d44d6e844 → host:177.10.239.189
FLOW_DST_PORTOBS	e:fp:flow:3f727fda71d2:port:tcp:443	flow:3f727fda71d2 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-27da8f08a1512941:flow:fdaf9a7bd0da	SESSION-27da8f08a1512941 → flow:fdaf9a7bd0da
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9deb407202a7aa0:host:131.196.30.37	SESSION-b9deb407202a7aa0 → host:131.196.30.37
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0cf49defbe006f77:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-0cf49defbe006f77 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f40be42edcf6e8ed:SESSION-f40be42edcf6e8ed	SESSION-f40be42edcf6e8ed → pe:tls:SESSION-f40be42edcf6e8ed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21cca31493e9287d:host:172.234.197.23	SESSION-21cca31493e9287d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5206c0f0c9583a29:host:177.10.239.199	SESSION-5206c0f0c9583a29 → host:177.10.239.199
FLOW_FROM_HOSTOBS	e:from:SESSION-0b71b9d0133c3b30:host:131.196.31.142	SESSION-0b71b9d0133c3b30 → host:131.196.31.142
FLOW_TO_HOSTOBS	e:to:SESSION-f3913d4a535b9029:host:131.196.28.116	SESSION-f3913d4a535b9029 → host:131.196.28.116
FLOW_FROM_HOSTOBS	e:from:SESSION-be2d81a12844874f:host:177.10.234.193	SESSION-be2d81a12844874f → host:177.10.234.193
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb29ab40cdae1c01:PCAP:capture_20260430090001:065659c7d314	SESSION-cb29ab40cdae1c01 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f838b992fed206a8:flow:7a4e69d85fd3	SESSION-f838b992fed206a8 → flow:7a4e69d85fd3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-09d8680ca1ab1b1e:PCAP:capture_20260428010001:b1b402c7b202	SESSION-09d8680ca1ab1b1e → PCAP:capture_20260428010001:b1b402c7b202
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.44:geo_-16.28860_-49.01640	host:177.10.236.44 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-56476ce9df92fd09:host:131.196.28.217	SESSION-56476ce9df92fd09 → host:131.196.28.217
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e2eb0c2c4028db16:flow:ca4672e6c9cf	SESSION-e2eb0c2c4028db16 → flow:ca4672e6c9cf
FLOW_FROM_HOSTOBS	e:from:SESSION-88c7e3106e33eb03:host:177.10.239.182	SESSION-88c7e3106e33eb03 → host:177.10.239.182
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9c08b167ed56233b:PCAP:capture_20260430090001:065659c7d314	SESSION-9c08b167ed56233b → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:c9fbf0ec0b9e:port:tcp:42148	flow:c9fbf0ec0b9e → port:tcp:42148
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7f799bd198c08bce:PCAP:capture_20260430070001:903a0e7a436b	SESSION-7f799bd198c08bce → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-512816cd1ae61d60:PCAP:capture_20260430080001:93f47cc296a4	SESSION-512816cd1ae61d60 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa49f714001a7a70:host:131.196.30.140	SESSION-fa49f714001a7a70 → host:131.196.30.140
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.86:asn:271410	host:131.196.28.86 → asn:271410
flow_observed5-aryOBS	e:fo:flow:927dcbb083cd	flow:927dcbb083cd → host:177.10.236.8 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17fb8dd67040757e:host:172.234.197.23	SESSION-17fb8dd67040757e → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b7cec5afb634	flow:b7cec5afb634 → host:172.234.197.23 → host:45.173.156.228 → port:tcp:43259
FLOW_FROM_HOSTOBS	e:from:SESSION-22c25719fd1e6342:host:131.196.31.134	SESSION-22c25719fd1e6342 → host:131.196.31.134
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-174e61a8ff8b9c0e:host:131.196.29.16	SESSION-174e61a8ff8b9c0e → host:131.196.29.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b3a17f957b1f0153:SESSION-b3a17f957b1f0153	SESSION-b3a17f957b1f0153 → pe:tls:SESSION-b3a17f957b1f0153
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f88b9847e7767e00:SESSION-f88b9847e7767e00	SESSION-f88b9847e7767e00 → pe:syn:SESSION-f88b9847e7767e00
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3f928c0ad9f6130d:SESSION-3f928c0ad9f6130d	SESSION-3f928c0ad9f6130d → pe:syn:SESSION-3f928c0ad9f6130d
FLOW_DST_PORTOBS	e:fp:flow:6b0f2e0dfbd5:port:tcp:443	flow:6b0f2e0dfbd5 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-a7a354b1ade71f9e:host:177.10.239.35	SESSION-a7a354b1ade71f9e → host:177.10.239.35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-728f64f1954defae:SESSION-728f64f1954defae	SESSION-728f64f1954defae → pe:syn:SESSION-728f64f1954defae
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d54bd183a716274c:host:177.10.239.226:host:172.234.197.23	SESSION-d54bd183a716274c → host:177.10.239.226 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4235901c81cb167b:host:172.232.0.16	SESSION-4235901c81cb167b → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9be6dcd7d7b7ac03:host:172.234.197.23	SESSION-9be6dcd7d7b7ac03 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3fd9b76b5230e873:flow:7155f28d1746	SESSION-3fd9b76b5230e873 → flow:7155f28d1746
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68f16c2935c85e73:host:131.196.30.220:host:172.234.197.23	SESSION-68f16c2935c85e73 → host:131.196.30.220 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f81e7ae5e8e38135:host:131.196.30.58	SESSION-f81e7ae5e8e38135 → host:131.196.30.58
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1c21445b24cd8699:SESSION-1c21445b24cd8699	SESSION-1c21445b24cd8699 → pe:syn:SESSION-1c21445b24cd8699
FLOW_TO_HOSTOBS	e:to:SESSION-37ba5323333f9720:host:172.234.197.23	SESSION-37ba5323333f9720 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c223b0c1ae63	flow:c223b0c1ae63 → host:185.236.240.137 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.15:asn:262880	host:177.10.238.15 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:140.235.124.200:geo_32.77970_-96.80220	host:140.235.124.200 → geo_32.77970_-96.80220
FLOW_DST_PORTOBS	e:fp:flow:46ae3fb9e627:port:tcp:443	flow:46ae3fb9e627 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-43ba6051cf9120c0:PCAP:capture_20260430080001:93f47cc296a4	SESSION-43ba6051cf9120c0 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85a8f577301970a2:host:177.10.238.53	SESSION-85a8f577301970a2 → host:177.10.238.53
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.142:asn:262880	host:177.10.236.142 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9f9972302e9230d9:SESSION-9f9972302e9230d9	SESSION-9f9972302e9230d9 → pe:syn:SESSION-9f9972302e9230d9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dc1a3553c9b143c5:host:172.234.197.23	SESSION-dc1a3553c9b143c5 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:66e056753fd5	flow:66e056753fd5 → host:172.234.197.23 → host:177.10.235.70 → port:tcp:49553
flow_observed5-aryOBS	e:fo:flow:1ec238a64eb6	flow:1ec238a64eb6 → host:177.10.232.104 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb29ab40cdae1c01:SESSION-cb29ab40cdae1c01	SESSION-cb29ab40cdae1c01 → pe:tls:SESSION-cb29ab40cdae1c01
FLOW_DST_PORTOBS	e:fp:flow:7ed75b9e1d66:port:tcp:22	flow:7ed75b9e1d66 → port:tcp:22
FLOW_TO_HOSTOBS	e:to:SESSION-a20ec48656879fce:host:131.196.31.58	SESSION-a20ec48656879fce → host:131.196.31.58
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bfd9e24a99b67097:host:177.10.239.133	SESSION-bfd9e24a99b67097 → host:177.10.239.133
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3ea2e2a37f857a7f:flow:e78a93729722	SESSION-3ea2e2a37f857a7f → flow:e78a93729722
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.171:geo_-16.28860_-49.01640	host:177.10.233.171 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:c8b343e46d14	flow:c8b343e46d14 → host:177.10.237.8 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:9b23d33d2c76	flow:9b23d33d2c76 → host:177.10.232.24 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:3cf1107263f9	flow:3cf1107263f9 → host:172.234.197.23 → host:177.10.232.251 → port:tcp:34298
FLOW_TO_HOSTOBS	e:to:SESSION-6420523769b66d4c:host:172.234.197.23	SESSION-6420523769b66d4c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4939a9166796718f:SESSION-4939a9166796718f	SESSION-4939a9166796718f → pe:tls:SESSION-4939a9166796718f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f70b0605ff5c8685:flow:99128cc563b7	SESSION-f70b0605ff5c8685 → flow:99128cc563b7
FLOW_TO_HOSTOBS	e:to:SESSION-25a3718851106c53:host:172.234.197.23	SESSION-25a3718851106c53 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8bf059b02e9beec:SESSION-c8bf059b02e9beec	SESSION-c8bf059b02e9beec → pe:tls:SESSION-c8bf059b02e9beec
FLOW_TO_HOSTOBS	e:to:SESSION-794cf5b08878bd55:host:172.234.197.23	SESSION-794cf5b08878bd55 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-557aaca226ee6bf8:host:177.10.234.75:host:172.234.197.23	SESSION-557aaca226ee6bf8 → host:177.10.234.75 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:342062e36bfc	flow:342062e36bfc → host:172.234.197.23 → host:131.196.30.169 → port:tcp:25918
FLOW_DST_PORTOBS	e:fp:flow:07d2e0a26bff:port:tcp:48582	flow:07d2e0a26bff → port:tcp:48582
FLOW_FROM_HOSTOBS	e:from:SESSION-931a0ea4dc7054bf:host:177.10.232.246	SESSION-931a0ea4dc7054bf → host:177.10.232.246
FLOW_DST_PORTOBS	e:fp:flow:12f24c635b1c:port:tcp:443	flow:12f24c635b1c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-316231fad61f009e:host:177.10.235.228	SESSION-316231fad61f009e → host:177.10.235.228
flow_observed5-aryOBS	e:fo:flow:ed345c26d220	flow:ed345c26d220 → host:131.196.29.140 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df808ed8a09d8e60:host:172.234.197.23	SESSION-df808ed8a09d8e60 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-122c3f68e4c2a7ca:SESSION-122c3f68e4c2a7ca	SESSION-122c3f68e4c2a7ca → pe:syn:SESSION-122c3f68e4c2a7ca
FLOW_TO_HOSTOBS	e:to:SESSION-139cf5bd66e27bf0:host:177.10.236.27	SESSION-139cf5bd66e27bf0 → host:177.10.236.27
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-550b52f6103256cd:host:177.10.237.251	SESSION-550b52f6103256cd → host:177.10.237.251
FLOW_DST_PORTOBS	e:fp:flow:64abb5157d6d:port:tcp:443	flow:64abb5157d6d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-edeb3dca8d1da30b:SESSION-edeb3dca8d1da30b	SESSION-edeb3dca8d1da30b → pe:tls:SESSION-edeb3dca8d1da30b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6cc804a855d1eb7c:host:177.10.238.54:host:172.234.197.23	SESSION-6cc804a855d1eb7c → host:177.10.238.54 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cd13e266b02b3087:host:177.10.234.207:host:172.234.197.23	SESSION-cd13e266b02b3087 → host:177.10.234.207 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e6053f3476b8:port:tcp:443	flow:e6053f3476b8 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:5124aa46fb06	flow:5124aa46fb06 → host:172.234.197.23 → host:177.10.237.227 → port:tcp:30434
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2c7091281d7e2abc:SESSION-2c7091281d7e2abc	SESSION-2c7091281d7e2abc → pe:syn:SESSION-2c7091281d7e2abc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0e2a52b4f9db01a4:host:177.10.235.160:host:172.234.197.23	SESSION-0e2a52b4f9db01a4 → host:177.10.235.160 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-122c6042cd97886a:host:172.234.197.23	SESSION-122c6042cd97886a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-39e4fa54be3b3e55:host:172.234.197.23	SESSION-39e4fa54be3b3e55 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7d9d7757b20ed84d:SESSION-7d9d7757b20ed84d	SESSION-7d9d7757b20ed84d → pe:tls:SESSION-7d9d7757b20ed84d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-08d3390238946fda:SESSION-08d3390238946fda	SESSION-08d3390238946fda → pe:syn:SESSION-08d3390238946fda
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.235:geo_-16.28860_-49.01640	host:177.10.233.235 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-4db42491c04de440:host:177.10.236.151	SESSION-4db42491c04de440 → host:177.10.236.151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7752628607af1d9e:SESSION-7752628607af1d9e	SESSION-7752628607af1d9e → pe:syn:SESSION-7752628607af1d9e
flow_observed5-aryOBS	e:fo:flow:993b2f58d47e	flow:993b2f58d47e → host:177.10.239.59 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-41808c8c85c3c4d3:host:172.234.197.23	SESSION-41808c8c85c3c4d3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e87421895e57790a:SESSION-e87421895e57790a	SESSION-e87421895e57790a → pe:syn:SESSION-e87421895e57790a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b4752d4afe8ec71:host:172.234.197.23	SESSION-6b4752d4afe8ec71 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e88ec164d738844a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e88ec164d738844a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.116:geo_-16.28860_-49.01640	host:177.10.238.116 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ebb29f0c8a91fe62:SESSION-ebb29f0c8a91fe62	SESSION-ebb29f0c8a91fe62 → pe:syn:SESSION-ebb29f0c8a91fe62
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-44f16a8e9c86ada8:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-44f16a8e9c86ada8 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7ca91f03ba114f2:host:44.246.129.80	SESSION-f7ca91f03ba114f2 → host:44.246.129.80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-93e5d317492a213b:SESSION-93e5d317492a213b	SESSION-93e5d317492a213b → pe:syn:SESSION-93e5d317492a213b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-09db40e08b93496c:host:177.10.236.33:host:172.234.197.23	SESSION-09db40e08b93496c → host:177.10.236.33 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9c84656a173f6275:host:177.10.238.192	SESSION-9c84656a173f6275 → host:177.10.238.192
flow_observed5-aryOBS	e:fo:flow:a81a0cacd656	flow:a81a0cacd656 → host:177.10.239.158 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:5d6ab0a6bb44:port:tcp:48426	flow:5d6ab0a6bb44 → port:tcp:48426
FLOW_DST_PORTOBS	e:fp:flow:8f460b344d15:port:tcp:443	flow:8f460b344d15 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-00d1a9c01c6924fe:host:131.196.29.152	SESSION-00d1a9c01c6924fe → host:131.196.29.152
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-90804beaa6aefbc0:host:177.10.232.10:host:172.234.197.23	SESSION-90804beaa6aefbc0 → host:177.10.232.10 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ac143effdb8a	flow:ac143effdb8a → host:131.196.28.234 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ecb67f73d2142d93:host:172.234.197.23	SESSION-ecb67f73d2142d93 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c532caa5d41cfcbc:flow:0df55cdf98a4	SESSION-c532caa5d41cfcbc → flow:0df55cdf98a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fa1be017e5052d0a:flow:a87fcf5ff316	SESSION-fa1be017e5052d0a → flow:a87fcf5ff316
flow_observed5-aryOBS	e:fo:flow:83dcab51c9e9	flow:83dcab51c9e9 → host:177.10.236.235 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ccbfb0ac760822d:host:172.234.197.23	SESSION-5ccbfb0ac760822d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.65:geo_-16.28860_-49.01640	host:177.10.233.65 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1240df2eec41c5d:host:172.234.197.23	SESSION-c1240df2eec41c5d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ecb67f73d2142d93:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ecb67f73d2142d93 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-949f3e8f4d37c52a:SESSION-949f3e8f4d37c52a	SESSION-949f3e8f4d37c52a → pe:syn:SESSION-949f3e8f4d37c52a
FLOW_FROM_HOSTOBS	e:from:SESSION-8ba98677b43b4662:host:177.10.237.39	SESSION-8ba98677b43b4662 → host:177.10.237.39
flow_observed5-aryOBS	e:fo:flow:8d6177ca01e3	flow:8d6177ca01e3 → host:177.10.232.215 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-924a4e21bceaf0d1:SESSION-924a4e21bceaf0d1	SESSION-924a4e21bceaf0d1 → pe:syn:SESSION-924a4e21bceaf0d1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-16ea01a17fc6b7f7:SESSION-16ea01a17fc6b7f7	SESSION-16ea01a17fc6b7f7 → pe:tls:SESSION-16ea01a17fc6b7f7
flow_observed4-aryOBS	e:fo:flow:1760fdc53f75	flow:1760fdc53f75 → host:172.234.197.23 → host:177.10.232.182 → port:tcp:63768
FLOW_DST_PORTOBS	e:fp:flow:472d13218b35:port:tcp:443	flow:472d13218b35 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-fe8896cc58e0f0aa:host:172.234.197.23	SESSION-fe8896cc58e0f0aa → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f3913d4a535b9029:SESSION-f3913d4a535b9029	SESSION-f3913d4a535b9029 → pe:syn:SESSION-f3913d4a535b9029
flow_observed5-aryOBS	e:fo:flow:1091a77e7aa4	flow:1091a77e7aa4 → host:131.196.31.193 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-7e4ae2c6ddba3051:host:172.234.197.23	SESSION-7e4ae2c6ddba3051 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9af79ddb47e5c950:SESSION-9af79ddb47e5c950	SESSION-9af79ddb47e5c950 → pe:syn:SESSION-9af79ddb47e5c950
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e77738dbb03f9aec:SESSION-e77738dbb03f9aec	SESSION-e77738dbb03f9aec → pe:tls:SESSION-e77738dbb03f9aec
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7d1c756fff84e2d4:host:172.234.197.23:host:131.196.28.246	SESSION-7d1c756fff84e2d4 → host:172.234.197.23 → host:131.196.28.246
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f49ef9eceb986e78:SESSION-f49ef9eceb986e78	SESSION-f49ef9eceb986e78 → pe:syn:SESSION-f49ef9eceb986e78
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ed79241b929fab43:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ed79241b929fab43 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-1600cc83b8cea24d:host:172.234.197.23	SESSION-1600cc83b8cea24d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cf31506875543a88:PCAP:capture_20260430110001:43611bdf6759	SESSION-cf31506875543a88 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c82cc9c39e4191e7:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c82cc9c39e4191e7 → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.10:asn:262880	host:177.10.236.10 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23002560e1da6de3:host:131.196.28.200	SESSION-23002560e1da6de3 → host:131.196.28.200
FLOW_DST_PORTOBS	e:fp:flow:ad69a09da0dd:port:tcp:443	flow:ad69a09da0dd → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.75:geo_-16.28860_-49.01640	host:177.10.234.75 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a33620a262b3196:host:172.234.197.23	SESSION-4a33620a262b3196 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e8e2f8ae5ea03a25:PCAP:capture_20260430090001:065659c7d314	SESSION-e8e2f8ae5ea03a25 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-7440e76ff1d72d2f:host:172.234.197.23	SESSION-7440e76ff1d72d2f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4b6b757282734812:host:131.196.29.54	SESSION-4b6b757282734812 → host:131.196.29.54
HOST_IN_ASNOBS 85%	e:ha:host:78.12.248.31:asn:16509	host:78.12.248.31 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d04c60e569cc19ba:SESSION-d04c60e569cc19ba	SESSION-d04c60e569cc19ba → pe:syn:SESSION-d04c60e569cc19ba
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6222707cbae0e281:flow:3099272ee060	SESSION-6222707cbae0e281 → flow:3099272ee060
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.43:geo_-16.28860_-49.01640	host:177.10.238.43 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-ead4b2d62c5ebfd2:host:177.10.237.31	SESSION-ead4b2d62c5ebfd2 → host:177.10.237.31
FLOW_FROM_HOSTOBS	e:from:SESSION-7bea4de6efa859da:host:172.234.197.23	SESSION-7bea4de6efa859da → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37c1a586e90e7a3b:host:131.196.28.39:host:172.234.197.23	SESSION-37c1a586e90e7a3b → host:131.196.28.39 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1eb9812de4c91c82:flow:8e922f229389	SESSION-1eb9812de4c91c82 → flow:8e922f229389
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c1240df2eec41c5d:flow:38357cfefc2c	SESSION-c1240df2eec41c5d → flow:38357cfefc2c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-360f4972fec5b7e0:PCAP:capture_20260428010001:b1b402c7b202	SESSION-360f4972fec5b7e0 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47fa70a72a159eed:host:177.10.236.95	SESSION-47fa70a72a159eed → host:177.10.236.95
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96abdd68944f2af2:host:172.234.197.23	SESSION-96abdd68944f2af2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b72757303ebc2bde:flow:a7e5050c5b2a	SESSION-b72757303ebc2bde → flow:a7e5050c5b2a
FLOW_TO_HOSTOBS	e:to:SESSION-1274fc3e3cafac71:host:172.234.197.23	SESSION-1274fc3e3cafac71 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0f8a559c2faf4a64:host:172.234.197.23	SESSION-0f8a559c2faf4a64 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-574dd53dd07894c0:SESSION-574dd53dd07894c0	SESSION-574dd53dd07894c0 → pe:syn:SESSION-574dd53dd07894c0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9ec3678e1070a7a4:SESSION-9ec3678e1070a7a4	SESSION-9ec3678e1070a7a4 → pe:tls:SESSION-9ec3678e1070a7a4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.167:asn:271410	host:131.196.28.167 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-bd8363b8ee3ddfde:host:172.234.197.23	SESSION-bd8363b8ee3ddfde → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:33ec49a7a8bf	flow:33ec49a7a8bf → host:177.10.237.40 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.77:geo_-16.28860_-49.01640	host:177.10.237.77 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-985fc991cba9cb9c:host:13.61.34.23	SESSION-985fc991cba9cb9c → host:13.61.34.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2a0d556a7af957b2:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2a0d556a7af957b2 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:7c50ecd71f79	flow:7c50ecd71f79 → host:177.10.238.20 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-532708ef58f2707f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-532708ef58f2707f → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-189d055e7be1f56c:SESSION-189d055e7be1f56c	SESSION-189d055e7be1f56c → pe:syn:SESSION-189d055e7be1f56c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ef3cd86b38e13880:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-ef3cd86b38e13880 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed4-aryOBS	e:fo:flow:bfd0325eab2c	flow:bfd0325eab2c → host:172.234.197.23 → host:177.10.239.29 → port:tcp:45908
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-291dfe079248afc7:host:177.10.233.127:host:172.234.197.23	SESSION-291dfe079248afc7 → host:177.10.233.127 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2560fc1185e4e3e7:flow:e761c4d086a3	SESSION-2560fc1185e4e3e7 → flow:e761c4d086a3
FLOW_DST_PORTOBS	e:fp:flow:478fb11578dd:port:tcp:443	flow:478fb11578dd → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc41b76983738bc7:SESSION-cc41b76983738bc7	SESSION-cc41b76983738bc7 → pe:tls:SESSION-cc41b76983738bc7
FLOW_FROM_HOSTOBS	e:from:SESSION-ccde81b4fef5a18e:host:172.234.197.23	SESSION-ccde81b4fef5a18e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a208e591aeac31e9:SESSION-a208e591aeac31e9	SESSION-a208e591aeac31e9 → pe:syn:SESSION-a208e591aeac31e9
FLOW_FROM_HOSTOBS	e:from:SESSION-2290de8fcf2817df:host:177.10.232.22	SESSION-2290de8fcf2817df → host:177.10.232.22
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.144:geo_-16.28860_-49.01640	host:177.10.234.144 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5c1a2c7dc69870b1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-5c1a2c7dc69870b1 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ae580f5c3468d66:SESSION-8ae580f5c3468d66	SESSION-8ae580f5c3468d66 → pe:syn:SESSION-8ae580f5c3468d66
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4289737814dbd64:PCAP:capture_20260430110001:43611bdf6759	SESSION-c4289737814dbd64 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-605176cb8a71c0f4:host:172.234.197.23	SESSION-605176cb8a71c0f4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8224ed8c82963e52:host:172.234.197.23	SESSION-8224ed8c82963e52 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6354b0819147ed1d:SESSION-6354b0819147ed1d	SESSION-6354b0819147ed1d → pe:syn:SESSION-6354b0819147ed1d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2646f5b9f41a01d2:SESSION-2646f5b9f41a01d2	SESSION-2646f5b9f41a01d2 → pe:syn:SESSION-2646f5b9f41a01d2
FLOW_TO_HOSTOBS	e:to:SESSION-a6d1acf39452c448:host:131.196.30.31	SESSION-a6d1acf39452c448 → host:131.196.30.31
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28d2d0e8afd37453:host:172.234.197.23	SESSION-28d2d0e8afd37453 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6109906c198ad0ac:SESSION-6109906c198ad0ac	SESSION-6109906c198ad0ac → pe:syn:SESSION-6109906c198ad0ac
FLOW_TO_HOSTOBS	e:to:SESSION-7cb141c8461d1a4d:host:172.234.197.23	SESSION-7cb141c8461d1a4d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e53dab5788851a26:host:103.155.16.117:host:172.234.197.23	SESSION-e53dab5788851a26 → host:103.155.16.117 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3645126144628c28:host:172.234.197.23	SESSION-3645126144628c28 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bd9436da4a7a552d:host:172.234.197.23:host:172.232.0.17	SESSION-bd9436da4a7a552d → host:172.234.197.23 → host:172.232.0.17
flow_observed4-aryOBS	e:fo:flow:e83f49b54561	flow:e83f49b54561 → host:172.234.197.23 → host:177.10.234.37 → port:tcp:23614
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ac69dcbefbb93dfd:SESSION-ac69dcbefbb93dfd	SESSION-ac69dcbefbb93dfd → pe:tls:SESSION-ac69dcbefbb93dfd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1e0a6d0f6eee882:PCAP:capture_20260430060001:919b39a74464	SESSION-d1e0a6d0f6eee882 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-90798b7c1b8c7636:host:172.234.197.23	SESSION-90798b7c1b8c7636 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67b1c0091ebc1322:host:131.196.28.136	SESSION-67b1c0091ebc1322 → host:131.196.28.136
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4337995d605bd9f8:SESSION-4337995d605bd9f8	SESSION-4337995d605bd9f8 → pe:tls:SESSION-4337995d605bd9f8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-64a8475d206a0785:flow:f64e419c560e	SESSION-64a8475d206a0785 → flow:f64e419c560e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7bea4de6efa859da:SESSION-7bea4de6efa859da	SESSION-7bea4de6efa859da → pe:syn:SESSION-7bea4de6efa859da
FLOW_TO_HOSTOBS	e:to:SESSION-324b6311c2d003f7:host:177.10.238.211	SESSION-324b6311c2d003f7 → host:177.10.238.211
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f016f4a38011f9c:host:177.10.239.86:host:172.234.197.23	SESSION-4f016f4a38011f9c → host:177.10.239.86 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3efb69df0be27ca4:host:131.196.29.137	SESSION-3efb69df0be27ca4 → host:131.196.29.137
flow_observed5-aryOBS	e:fo:flow:b825d8535e2c	flow:b825d8535e2c → host:177.10.236.219 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.42:asn:262880	host:177.10.236.42 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-23dcfe77dd45a14a:host:172.234.197.23	SESSION-23dcfe77dd45a14a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:144e359a361b	flow:144e359a361b → host:131.196.28.44 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.206:geo_-21.10010_-41.69200	host:45.173.156.206 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a19951f5f7590fa9:PCAP:capture_20260430110001:43611bdf6759	SESSION-a19951f5f7590fa9 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-01e03a84392b1398:SESSION-01e03a84392b1398	SESSION-01e03a84392b1398 → pe:syn:SESSION-01e03a84392b1398
FLOW_FROM_HOSTOBS	e:from:SESSION-045546313cbf5843:host:177.10.237.86	SESSION-045546313cbf5843 → host:177.10.237.86
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0fe55e7c11d50f79:host:172.234.197.23:host:177.10.236.116	SESSION-0fe55e7c11d50f79 → host:172.234.197.23 → host:177.10.236.116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73436bd95d7b2637:host:131.196.28.247	SESSION-73436bd95d7b2637 → host:131.196.28.247
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8b6005e750e5a47f:host:177.10.236.154:host:172.234.197.23	SESSION-8b6005e750e5a47f → host:177.10.236.154 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c8f41d49423a0699:host:172.234.197.23	SESSION-c8f41d49423a0699 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-512816cd1ae61d60:host:177.10.233.19:host:172.234.197.23	SESSION-512816cd1ae61d60 → host:177.10.233.19 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1a52ffd6f24f0f87:SESSION-1a52ffd6f24f0f87	SESSION-1a52ffd6f24f0f87 → pe:syn:SESSION-1a52ffd6f24f0f87
FLOW_FROM_HOSTOBS	e:from:SESSION-88f0aa854ba7cdd7:host:45.173.156.51	SESSION-88f0aa854ba7cdd7 → host:45.173.156.51
FLOW_FROM_HOSTOBS	e:from:SESSION-ed55c24c9ffd87b5:host:177.10.237.127	SESSION-ed55c24c9ffd87b5 → host:177.10.237.127
FLOW_FROM_HOSTOBS	e:from:SESSION-b6d44dc6146dcb58:host:177.10.239.109	SESSION-b6d44dc6146dcb58 → host:177.10.239.109
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9eda278d49363b57:host:131.196.28.187	SESSION-9eda278d49363b57 → host:131.196.28.187
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.70:asn:262880	host:177.10.234.70 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6081275b2fa04e5c:flow:999c7b980e4b	SESSION-6081275b2fa04e5c → flow:999c7b980e4b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eaecff6799ccb464:host:45.173.156.212:host:172.234.197.23	SESSION-eaecff6799ccb464 → host:45.173.156.212 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.135:geo_-16.28860_-49.01640	host:177.10.239.135 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-6492f21e062d19aa:host:172.234.197.23	SESSION-6492f21e062d19aa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49d1ccfce5e59a68:host:177.10.234.208	SESSION-49d1ccfce5e59a68 → host:177.10.234.208
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67a710d2531b2faa:host:172.234.197.23	SESSION-67a710d2531b2faa → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-848453a25431759d:SESSION-848453a25431759d	SESSION-848453a25431759d → pe:syn:SESSION-848453a25431759d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-803381ec4a55866c:flow:3bafc3163702	SESSION-803381ec4a55866c → flow:3bafc3163702
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f482eb7fd49a3f1b:SESSION-f482eb7fd49a3f1b	SESSION-f482eb7fd49a3f1b → pe:syn:SESSION-f482eb7fd49a3f1b
FLOW_TO_HOSTOBS	e:to:SESSION-aa0381bae4f9498b:host:172.234.197.23	SESSION-aa0381bae4f9498b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19f4ea615eaf7325:host:177.10.238.79	SESSION-19f4ea615eaf7325 → host:177.10.238.79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ab8147bbacef01b:host:94.130.10.221	SESSION-5ab8147bbacef01b → host:94.130.10.221
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6798e98bad768e0d:host:172.234.197.23	SESSION-6798e98bad768e0d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:51.75.171.21:asn:16276	host:51.75.171.21 → asn:16276
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.7:geo_-16.28860_-49.01640	host:177.10.238.7 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be0f12df58cf6d46:host:172.234.197.23	SESSION-be0f12df58cf6d46 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:bdc164be34c9	flow:bdc164be34c9 → host:51.21.249.220 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f228c5492216a597:SESSION-f228c5492216a597	SESSION-f228c5492216a597 → pe:syn:SESSION-f228c5492216a597
FLOW_FROM_HOSTOBS	e:from:SESSION-4614700214209776:host:177.10.239.98	SESSION-4614700214209776 → host:177.10.239.98
FLOW_TO_HOSTOBS	e:to:SESSION-f838b992fed206a8:host:172.234.197.23	SESSION-f838b992fed206a8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dd1fe9b471d92d57:PCAP:capture_20260430080001:93f47cc296a4	SESSION-dd1fe9b471d92d57 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-f00ab97ef4b401c8:host:177.10.234.243	SESSION-f00ab97ef4b401c8 → host:177.10.234.243
FLOW_TO_HOSTOBS	e:to:SESSION-c7c9a5d15324e2ea:host:172.234.197.23	SESSION-c7c9a5d15324e2ea → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5923d50f575e:port:tcp:38850	flow:5923d50f575e → port:tcp:38850
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.212:geo_-23.62930_-46.63510	host:131.196.28.212 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-105ac3e4c69fbe80:PCAP:capture_20260430090001:065659c7d314	SESSION-105ac3e4c69fbe80 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-587cecb9c2d65d84:host:172.234.197.23:host:177.10.235.85	SESSION-587cecb9c2d65d84 → host:172.234.197.23 → host:177.10.235.85
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ce89d337c6c28e5:host:131.196.28.71	SESSION-4ce89d337c6c28e5 → host:131.196.28.71
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3d526a62cd76fa97:host:172.234.197.23	SESSION-3d526a62cd76fa97 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8d89328eefc28d4:host:172.234.197.23	SESSION-d8d89328eefc28d4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7d436d9a2a0e2483:host:177.10.239.116:host:172.234.197.23	SESSION-7d436d9a2a0e2483 → host:177.10.239.116 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-82093c184ece9713:host:131.196.28.101	SESSION-82093c184ece9713 → host:131.196.28.101
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b6d027087dbd516e:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b6d027087dbd516e → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-54016b03ecf1701c:host:172.234.197.23:host:177.10.234.204	SESSION-54016b03ecf1701c → host:172.234.197.23 → host:177.10.234.204
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77c4b389d95f1453:host:131.196.31.171	SESSION-77c4b389d95f1453 → host:131.196.31.171
FLOW_DST_PORTOBS	e:fp:flow:40e654e83289:port:tcp:18847	flow:40e654e83289 → port:tcp:18847
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.145:asn:271410	host:131.196.30.145 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-88c7e3106e33eb03:host:172.234.197.23	SESSION-88c7e3106e33eb03 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-59417938792198bf:host:177.10.235.179	SESSION-59417938792198bf → host:177.10.235.179
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9b9695896cdce250:SESSION-9b9695896cdce250	SESSION-9b9695896cdce250 → pe:syn:SESSION-9b9695896cdce250
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-75c0f4fa43b2bfb9:host:92.112.71.216:host:172.234.197.23	SESSION-75c0f4fa43b2bfb9 → host:92.112.71.216 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-acae490ef1211ca7:SESSION-acae490ef1211ca7	SESSION-acae490ef1211ca7 → pe:syn:SESSION-acae490ef1211ca7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3617089369b58aaa:SESSION-3617089369b58aaa	SESSION-3617089369b58aaa → pe:syn:SESSION-3617089369b58aaa
FLOW_FROM_HOSTOBS	e:from:SESSION-620284e2b3f3a282:host:172.234.197.23	SESSION-620284e2b3f3a282 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ca10b4490797e89:host:172.234.197.23	SESSION-8ca10b4490797e89 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-eed281d532ce25c6:host:172.234.197.23	SESSION-eed281d532ce25c6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d2a27537cb94	flow:d2a27537cb94 → host:177.10.238.35 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7409e3f74011df2:host:45.173.156.126	SESSION-c7409e3f74011df2 → host:45.173.156.126
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2000a0c75221682:host:177.10.236.117	SESSION-a2000a0c75221682 → host:177.10.236.117
flow_observed5-aryOBS	e:fo:flow:8d77ac2ddff6	flow:8d77ac2ddff6 → host:177.10.236.248 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-7fa8e5b00f80216f:host:177.10.237.1	SESSION-7fa8e5b00f80216f → host:177.10.237.1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d44c53e781b5466e:flow:a64aac8ff523	SESSION-d44c53e781b5466e → flow:a64aac8ff523
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b9ca26e5420bb5bf:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b9ca26e5420bb5bf → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:b19a2dcabdff:port:tcp:36107	flow:b19a2dcabdff → port:tcp:36107
flow_observed5-aryOBS	e:fo:flow:6f91a0bc6116	flow:6f91a0bc6116 → host:57.128.95.181 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f8cba099c11564e8:SESSION-f8cba099c11564e8	SESSION-f8cba099c11564e8 → pe:syn:SESSION-f8cba099c11564e8
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.121:asn:262880	host:177.10.234.121 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5278b2d1db18e971:SESSION-5278b2d1db18e971	SESSION-5278b2d1db18e971 → pe:syn:SESSION-5278b2d1db18e971
FLOW_DST_PORTOBS	e:fp:flow:782656ad87ac:port:tcp:48325	flow:782656ad87ac → port:tcp:48325
FLOW_TO_HOSTOBS	e:to:SESSION-20e3655a208f66c6:host:177.10.239.99	SESSION-20e3655a208f66c6 → host:177.10.239.99
FLOW_FROM_HOSTOBS	e:from:SESSION-a83465e2bbc20296:host:131.196.28.234	SESSION-a83465e2bbc20296 → host:131.196.28.234
FLOW_DST_PORTOBS	e:fp:flow:0f0f83dc6341:port:tcp:443	flow:0f0f83dc6341 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ac058e9f0280088:host:18.100.238.122	SESSION-2ac058e9f0280088 → host:18.100.238.122
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f56538a064e25a46:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-f56538a064e25a46 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-35910be85c736a39:PCAP:capture_20260430110001:43611bdf6759	SESSION-35910be85c736a39 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-d5ad022ad4096ce5:host:172.234.197.23	SESSION-d5ad022ad4096ce5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b228975a6eff356:host:172.234.197.23	SESSION-0b228975a6eff356 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6420523769b66d4c:host:177.10.237.43	SESSION-6420523769b66d4c → host:177.10.237.43
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-76fc6cf591b9ed20:flow:bbb0779ee5fc	SESSION-76fc6cf591b9ed20 → flow:bbb0779ee5fc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-06ba851c038c998a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-06ba851c038c998a → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-de115ad7179345b0:SESSION-de115ad7179345b0	SESSION-de115ad7179345b0 → pe:tls:SESSION-de115ad7179345b0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-184aec41cea03479:SESSION-184aec41cea03479	SESSION-184aec41cea03479 → pe:syn:SESSION-184aec41cea03479
flow_observed4-aryOBS	e:fo:flow:17775a63eba4	flow:17775a63eba4 → host:172.234.197.23 → host:177.10.232.176 → port:tcp:11681
flow_observed4-aryOBS	e:fo:flow:87b13a5e20d6	flow:87b13a5e20d6 → host:172.234.197.23 → host:177.10.239.55 → port:tcp:2107
FLOW_DST_PORTOBS	e:fp:flow:21db64e0f176:port:tcp:11518	flow:21db64e0f176 → port:tcp:11518
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db9e8149201eae0f:SESSION-db9e8149201eae0f	SESSION-db9e8149201eae0f → pe:tls:SESSION-db9e8149201eae0f
FLOW_TO_HOSTOBS	e:to:SESSION-3959c763e6312f1d:host:177.10.237.128	SESSION-3959c763e6312f1d → host:177.10.237.128
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3839adbba9942939:SESSION-3839adbba9942939	SESSION-3839adbba9942939 → pe:syn:SESSION-3839adbba9942939
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0c4b638117ccca22:host:172.234.197.23:host:177.10.237.79	SESSION-0c4b638117ccca22 → host:172.234.197.23 → host:177.10.237.79
flow_observed5-aryOBS	e:fo:flow:abe28bc9f048	flow:abe28bc9f048 → host:131.196.29.122 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fb0bca31750919c1:SESSION-fb0bca31750919c1	SESSION-fb0bca31750919c1 → pe:syn:SESSION-fb0bca31750919c1
flow_observed5-aryOBS	e:fo:flow:cfdaf039c06c	flow:cfdaf039c06c → host:131.196.29.27 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-bd657e34d2536dc9:host:172.234.197.23	SESSION-bd657e34d2536dc9 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.81:geo_-16.28860_-49.01640	host:177.10.235.81 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4b1f95fcf0f122c7:SESSION-4b1f95fcf0f122c7	SESSION-4b1f95fcf0f122c7 → pe:syn:SESSION-4b1f95fcf0f122c7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c4ed0368ffe58f8:host:177.10.239.164	SESSION-6c4ed0368ffe58f8 → host:177.10.239.164
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eb72c41fb24aaf81:flow:88d5a4971090	SESSION-eb72c41fb24aaf81 → flow:88d5a4971090
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6752f583f7e09519:host:172.234.197.23	SESSION-6752f583f7e09519 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f1cb2d411cdd6d7:host:172.234.197.23:host:177.10.237.251	SESSION-4f1cb2d411cdd6d7 → host:172.234.197.23 → host:177.10.237.251
FLOW_FROM_HOSTOBS	e:from:SESSION-83168514d84031f4:host:177.10.238.23	SESSION-83168514d84031f4 → host:177.10.238.23
FLOW_TO_HOSTOBS	e:to:SESSION-4b0821df7b169e6a:host:172.234.197.23	SESSION-4b0821df7b169e6a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-099b4106de78317b:host:177.10.234.43:host:172.234.197.23	SESSION-099b4106de78317b → host:177.10.234.43 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5c08654c75b915c:host:177.10.239.0	SESSION-f5c08654c75b915c → host:177.10.239.0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-112f4fdeb678f643:PCAP:capture_20260430070001:903a0e7a436b	SESSION-112f4fdeb678f643 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-48baa2e7639de342:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-48baa2e7639de342 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-382b47d73202b6ac:flow:96042be72def	SESSION-382b47d73202b6ac → flow:96042be72def
FLOW_DST_PORTOBS	e:fp:flow:16586d100b1f:port:tcp:443	flow:16586d100b1f → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-76cae08532c4b8eb:host:177.10.238.71:host:172.234.197.23	SESSION-76cae08532c4b8eb → host:177.10.238.71 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-04a75396d111d878:host:177.10.238.222	SESSION-04a75396d111d878 → host:177.10.238.222
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ab491f454947df2e:PCAP:capture_20260430110001:43611bdf6759	SESSION-ab491f454947df2e → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:f88f22bb8c6d:port:tcp:443	flow:f88f22bb8c6d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e217016f21152908:host:172.234.197.23	SESSION-e217016f21152908 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2824f9b79e0fb1f1:SESSION-2824f9b79e0fb1f1	SESSION-2824f9b79e0fb1f1 → pe:tls:SESSION-2824f9b79e0fb1f1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-453cfacc8e209f2f:SESSION-453cfacc8e209f2f	SESSION-453cfacc8e209f2f → pe:tls:SESSION-453cfacc8e209f2f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0be6cf40df30cb93:flow:b2f4e26cdd4a	SESSION-0be6cf40df30cb93 → flow:b2f4e26cdd4a
FLOW_DST_PORTOBS	e:fp:flow:d0de0fae8f2a:port:tcp:443	flow:d0de0fae8f2a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-87b50db5a64a4926:host:131.196.29.167	SESSION-87b50db5a64a4926 → host:131.196.29.167
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-609881b75f195530:host:177.10.235.101	SESSION-609881b75f195530 → host:177.10.235.101
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3c812f2a31a60fc9:SESSION-3c812f2a31a60fc9	SESSION-3c812f2a31a60fc9 → pe:tls:SESSION-3c812f2a31a60fc9
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.97:asn:262880	host:177.10.232.97 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a7f859cb03c026fc:host:172.234.197.23:host:177.10.236.43	SESSION-a7f859cb03c026fc → host:172.234.197.23 → host:177.10.236.43
FLOW_FROM_HOSTOBS	e:from:SESSION-9e6c979070fb893e:host:131.196.28.56	SESSION-9e6c979070fb893e → host:131.196.28.56
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a486ebfba002f553:flow:71a54b37ed7c	SESSION-a486ebfba002f553 → flow:71a54b37ed7c
FLOW_TO_HOSTOBS	e:to:SESSION-df3beb1e5143a102:host:172.234.197.23	SESSION-df3beb1e5143a102 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5bab109b42e3a8d7:host:131.196.28.167	SESSION-5bab109b42e3a8d7 → host:131.196.28.167
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.239:geo_-16.28860_-49.01640	host:177.10.236.239 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-abc806ef9f1a9dce:SESSION-abc806ef9f1a9dce	SESSION-abc806ef9f1a9dce → pe:tls:SESSION-abc806ef9f1a9dce
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dd2928203fc01c8b:flow:47695757901b	SESSION-dd2928203fc01c8b → flow:47695757901b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8278f913dbee560:host:177.10.239.45	SESSION-e8278f913dbee560 → host:177.10.239.45
FLOW_FROM_HOSTOBS	e:from:SESSION-4203cad708a9d562:host:172.234.197.23	SESSION-4203cad708a9d562 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f9d01126d5763bf9:SESSION-f9d01126d5763bf9	SESSION-f9d01126d5763bf9 → pe:syn:SESSION-f9d01126d5763bf9
FLOW_DST_PORTOBS	e:fp:flow:d44636dbb1ca:port:tcp:443	flow:d44636dbb1ca → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-51c7000fcfeb98d4:host:80.94.92.186	SESSION-51c7000fcfeb98d4 → host:80.94.92.186
FLOW_DST_PORTOBS	e:fp:flow:ae37fe3d14c0:port:tcp:56200	flow:ae37fe3d14c0 → port:tcp:56200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2e4fb28ad63a51c:host:172.234.197.23	SESSION-a2e4fb28ad63a51c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2bb4f19f005244d2:SESSION-2bb4f19f005244d2	SESSION-2bb4f19f005244d2 → pe:tls:SESSION-2bb4f19f005244d2
FLOW_TO_HOSTOBS	e:to:SESSION-048f9271a2e27be7:host:172.234.197.23	SESSION-048f9271a2e27be7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a4b68b400a3161c:host:131.196.28.193	SESSION-9a4b68b400a3161c → host:131.196.28.193
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eecb9eac95f77073:SESSION-eecb9eac95f77073	SESSION-eecb9eac95f77073 → pe:tls:SESSION-eecb9eac95f77073
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.75:geo_-23.62930_-46.63510	host:131.196.28.75 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:3839d01ad8f6	flow:3839d01ad8f6 → host:177.10.236.247 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-91e694161f32570f:host:131.196.28.227	SESSION-91e694161f32570f → host:131.196.28.227
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8f98b72d4ec65d75:SESSION-8f98b72d4ec65d75	SESSION-8f98b72d4ec65d75 → pe:tls:SESSION-8f98b72d4ec65d75
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cbaaa2b8364f7158:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-cbaaa2b8364f7158 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-770902b82fea5ce5:SESSION-770902b82fea5ce5	SESSION-770902b82fea5ce5 → pe:syn:SESSION-770902b82fea5ce5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8c9381f88305d4e9:SESSION-8c9381f88305d4e9	SESSION-8c9381f88305d4e9 → pe:syn:SESSION-8c9381f88305d4e9
FLOW_DST_PORTOBS	e:fp:flow:fece39964b22:port:tcp:443	flow:fece39964b22 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dba7d64f7032fffd:SESSION-dba7d64f7032fffd	SESSION-dba7d64f7032fffd → pe:syn:SESSION-dba7d64f7032fffd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0f4fd2f0020968b3:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-0f4fd2f0020968b3 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-981fac77dd79326b:host:177.10.239.57	SESSION-981fac77dd79326b → host:177.10.239.57
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4933624db1b9ac84:host:172.234.197.23	SESSION-4933624db1b9ac84 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d547ed30afcbb9f:host:172.234.197.23	SESSION-6d547ed30afcbb9f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f6335468dd94	flow:f6335468dd94 → host:177.10.235.218 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e39b76c4ba6c4cf6:flow:f37d154a9190	SESSION-e39b76c4ba6c4cf6 → flow:f37d154a9190
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-948ad6eee5512e98:host:172.234.197.23	SESSION-948ad6eee5512e98 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-24ee0ec1cbf12b9d:host:172.234.197.23	SESSION-24ee0ec1cbf12b9d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e56fb95f564a0aa:host:172.234.197.23	SESSION-0e56fb95f564a0aa → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-02e2db787a51689b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-02e2db787a51689b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-62337f4a23aa4d2d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-62337f4a23aa4d2d → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-996af5414634114f:flow:873011771a03	SESSION-996af5414634114f → flow:873011771a03
FLOW_DST_PORTOBS	e:fp:flow:9e85ef4a5e3b:port:tcp:61948	flow:9e85ef4a5e3b → port:tcp:61948
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb7dd74b64c1f7c7:host:131.196.30.114	SESSION-cb7dd74b64c1f7c7 → host:131.196.30.114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7fea0326f1ddbdfc:SESSION-7fea0326f1ddbdfc	SESSION-7fea0326f1ddbdfc → pe:syn:SESSION-7fea0326f1ddbdfc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d0485ecaf8e8edab:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d0485ecaf8e8edab → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4ec917f0e741b647:host:131.196.29.196:host:172.234.197.23	SESSION-4ec917f0e741b647 → host:131.196.29.196 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-316a629875744009:PCAP:capture_20260430070001:903a0e7a436b	SESSION-316a629875744009 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed473d20582b9e99:host:177.10.236.76	SESSION-ed473d20582b9e99 → host:177.10.236.76
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cac46254a85b1ec3:SESSION-cac46254a85b1ec3	SESSION-cac46254a85b1ec3 → pe:syn:SESSION-cac46254a85b1ec3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9252fa43a6ca744f:flow:a1034dcdd818	SESSION-9252fa43a6ca744f → flow:a1034dcdd818
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.30:asn:262880	host:177.10.236.30 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-879f882e46cb6c3f:host:172.234.197.23	SESSION-879f882e46cb6c3f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f02a050799431d6e:host:172.234.197.23	SESSION-f02a050799431d6e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73ac0ee86c608450:host:172.234.197.23	SESSION-73ac0ee86c608450 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0510bb60587070dd:host:45.173.156.110	SESSION-0510bb60587070dd → host:45.173.156.110
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.70:asn:262880	host:177.10.237.70 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.95:geo_-16.28860_-49.01640	host:177.10.237.95 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86e3f0fd63ed2ea3:host:177.10.234.33	SESSION-86e3f0fd63ed2ea3 → host:177.10.234.33
FLOW_FROM_HOSTOBS	e:from:SESSION-f8396d269748cb9c:host:131.196.30.37	SESSION-f8396d269748cb9c → host:131.196.30.37
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-98083f958ccf36d4:host:185.231.226.73:host:172.234.197.23	SESSION-98083f958ccf36d4 → host:185.231.226.73 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f3616b79a24490a3:host:177.10.239.154:host:172.234.197.23	SESSION-f3616b79a24490a3 → host:177.10.239.154 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9ab5572a2446:port:tcp:14624	flow:9ab5572a2446 → port:tcp:14624
FLOW_DST_PORTOBS	e:fp:flow:ed345c26d220:port:tcp:443	flow:ed345c26d220 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0414bb340c93930b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0414bb340c93930b → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-27ea3c16306f2f5f:SESSION-27ea3c16306f2f5f	SESSION-27ea3c16306f2f5f → pe:syn:SESSION-27ea3c16306f2f5f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c3f426eb3b5d19b7:SESSION-c3f426eb3b5d19b7	SESSION-c3f426eb3b5d19b7 → pe:tls:SESSION-c3f426eb3b5d19b7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c639517e7e5752d7:SESSION-c639517e7e5752d7	SESSION-c639517e7e5752d7 → pe:rst:SESSION-c639517e7e5752d7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e41fa1676c790d65:host:172.234.197.23	SESSION-e41fa1676c790d65 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-01fb4d6a9472c8c7:host:31.40.196.211:host:172.234.197.23	SESSION-01fb4d6a9472c8c7 → host:31.40.196.211 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f7273aea3ec9beab:host:45.173.156.109	SESSION-f7273aea3ec9beab → host:45.173.156.109
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-10f6f623bcce091e:host:177.10.234.199:host:172.234.197.23	SESSION-10f6f623bcce091e → host:177.10.234.199 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a5643c60889fe0da:SESSION-a5643c60889fe0da	SESSION-a5643c60889fe0da → pe:tls:SESSION-a5643c60889fe0da
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db62c05acb7f0b0b:flow:4c405aff0251	SESSION-db62c05acb7f0b0b → flow:4c405aff0251
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d79f2acd73027b39:host:172.234.197.23	SESSION-d79f2acd73027b39 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8641bd54d117:port:tcp:443	flow:8641bd54d117 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-99d609228b1b32ef:PCAP:capture_20260430090001:065659c7d314	SESSION-99d609228b1b32ef → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8d9cfeb1a925e0c3:flow:349f21578dbb	SESSION-8d9cfeb1a925e0c3 → flow:349f21578dbb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a57e7ba0de33dea3:host:177.10.235.166	SESSION-a57e7ba0de33dea3 → host:177.10.235.166
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b51ebf4113a5ef49:PCAP:capture_20260430050001:8868731bf8a4	SESSION-b51ebf4113a5ef49 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2b523e88f9ec69c3:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2b523e88f9ec69c3 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87bc9df611d2f97d:host:177.10.237.118	SESSION-87bc9df611d2f97d → host:177.10.237.118
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8f3823f20b5aa8c6:SESSION-8f3823f20b5aa8c6	SESSION-8f3823f20b5aa8c6 → pe:syn:SESSION-8f3823f20b5aa8c6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d44d2d34cc029e97:SESSION-d44d2d34cc029e97	SESSION-d44d2d34cc029e97 → pe:syn:SESSION-d44d2d34cc029e97
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.96:geo_-16.28860_-49.01640	host:177.10.237.96 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3dc32d1b123f77b5:host:172.234.197.23	SESSION-3dc32d1b123f77b5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0a4b43b46bbfc9c3:host:177.10.233.22	SESSION-0a4b43b46bbfc9c3 → host:177.10.233.22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-118e26ad77e50cb0:host:131.196.29.239	SESSION-118e26ad77e50cb0 → host:131.196.29.239
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.198:asn:262880	host:177.10.237.198 → asn:262880
flow_observed5-aryOBS	e:fo:flow:7d9d5519e958	flow:7d9d5519e958 → host:177.10.238.226 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-498c2476ff0ce5ee:SESSION-498c2476ff0ce5ee	SESSION-498c2476ff0ce5ee → pe:tls:SESSION-498c2476ff0ce5ee
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.17:geo_-16.28860_-49.01640	host:177.10.237.17 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bb7c4827354230c4:SESSION-bb7c4827354230c4	SESSION-bb7c4827354230c4 → pe:syn:SESSION-bb7c4827354230c4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-decb8c6a12a4d67a:host:177.10.237.64:host:172.234.197.23	SESSION-decb8c6a12a4d67a → host:177.10.237.64 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-44a5aa522f98da19:SESSION-44a5aa522f98da19	SESSION-44a5aa522f98da19 → pe:syn:SESSION-44a5aa522f98da19
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-045b8a3eae800458:host:172.234.197.23:host:177.10.235.46	SESSION-045b8a3eae800458 → host:172.234.197.23 → host:177.10.235.46
FLOW_TO_HOSTOBS	e:to:SESSION-a58d8beb20a4c9e1:host:172.234.197.23	SESSION-a58d8beb20a4c9e1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7b3f412ee893afd:host:177.10.239.39	SESSION-a7b3f412ee893afd → host:177.10.239.39
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-845630b36dc2dead:SESSION-845630b36dc2dead	SESSION-845630b36dc2dead → pe:rst:SESSION-845630b36dc2dead
FLOW_FROM_HOSTOBS	e:from:SESSION-7b679e6887c5a68a:host:177.10.235.85	SESSION-7b679e6887c5a68a → host:177.10.235.85
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3fe48e08f3f123e2:host:172.234.197.23:host:131.196.30.114	SESSION-3fe48e08f3f123e2 → host:172.234.197.23 → host:131.196.30.114
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2d551807307fa9b9:host:131.196.29.50:host:172.234.197.23	SESSION-2d551807307fa9b9 → host:131.196.29.50 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ae64075781208b0:SESSION-6ae64075781208b0	SESSION-6ae64075781208b0 → pe:tls:SESSION-6ae64075781208b0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8c5fe81cc60001f5:host:172.234.197.23:host:45.173.156.56	SESSION-8c5fe81cc60001f5 → host:172.234.197.23 → host:45.173.156.56
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ac742257199be2dd:flow:e6d0c733a638	SESSION-ac742257199be2dd → flow:e6d0c733a638
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d2b55c597efe9edc:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d2b55c597efe9edc → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-c4d6f38e3582127c:host:172.234.197.23	SESSION-c4d6f38e3582127c → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:999c7b980e4b	flow:999c7b980e4b → host:116.235.165.166 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a886511518ded078:host:177.10.236.57	SESSION-a886511518ded078 → host:177.10.236.57
flow_observed4-aryOBS	e:fo:flow:b0d8a98e8306	flow:b0d8a98e8306 → host:172.234.197.23 → host:177.10.238.60 → port:tcp:49749
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-517e17fbfcdc9eaf:PCAP:capture_20260430080001:93f47cc296a4	SESSION-517e17fbfcdc9eaf → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.184:asn:262880	host:177.10.234.184 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b6d027087dbd516e:flow:ddea4b7bd3e9	SESSION-b6d027087dbd516e → flow:ddea4b7bd3e9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85c181ffe8433ff0:host:172.234.197.23	SESSION-85c181ffe8433ff0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d74d897cd43b428:host:131.196.30.146	SESSION-9d74d897cd43b428 → host:131.196.30.146
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-40a7926fcdf458e7:SESSION-40a7926fcdf458e7	SESSION-40a7926fcdf458e7 → pe:syn:SESSION-40a7926fcdf458e7
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.120:asn:262880	host:177.10.233.120 → asn:262880
flow_observed4-aryOBS	e:fo:flow:70e8002aa6aa	flow:70e8002aa6aa → host:172.234.197.23 → host:131.196.28.37 → port:tcp:18594
FLOW_TO_HOSTOBS	e:to:SESSION-8b858978950d9ddc:host:172.234.197.23	SESSION-8b858978950d9ddc → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-788920b93ac95b5f:flow:833e3a42ca42	SESSION-788920b93ac95b5f → flow:833e3a42ca42
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-38a436ec3884f938:host:172.234.197.23:host:45.173.156.192	SESSION-38a436ec3884f938 → host:172.234.197.23 → host:45.173.156.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c70d9a6440c9b19a:host:177.10.235.176	SESSION-c70d9a6440c9b19a → host:177.10.235.176
FLOW_DST_PORTOBS	e:fp:flow:32a5ae89b8f4:port:tcp:443	flow:32a5ae89b8f4 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-724b8ddf902cc285:PCAP:capture_20260428020001:ce87acd1c162	SESSION-724b8ddf902cc285 → PCAP:capture_20260428020001:ce87acd1c162
FLOW_FROM_HOSTOBS	e:from:SESSION-be5c05381a363417:host:177.10.234.85	SESSION-be5c05381a363417 → host:177.10.234.85
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-200e4a8806f83581:flow:17bb9dab59c4	SESSION-200e4a8806f83581 → flow:17bb9dab59c4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-19f4ea615eaf7325:PCAP:capture_20260430050001:8868731bf8a4	SESSION-19f4ea615eaf7325 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:674ef1c9281e:port:tcp:80	flow:674ef1c9281e → port:tcp:80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9f597f69b0915b82:host:170.106.14.53:host:172.234.197.23	SESSION-9f597f69b0915b82 → host:170.106.14.53 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-37a58b55d4a339c3:BSG-BEACON-e07f4250263f	SESSION-37a58b55d4a339c3 → BSG-BEACON-e07f4250263f
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.189:asn:262880	host:177.10.236.189 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9cb4473bd3389dab:host:172.234.197.23	SESSION-9cb4473bd3389dab → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1b4aebfef6c24ca0:host:172.234.197.23	SESSION-1b4aebfef6c24ca0 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:37.187.136.36:asn:16276	host:37.187.136.36 → asn:16276
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3b8a5f0932f0fd6d:flow:0bf2deeeb39a	SESSION-3b8a5f0932f0fd6d → flow:0bf2deeeb39a
FLOW_FROM_HOSTOBS	e:from:SESSION-f635007151c479b8:host:177.10.239.111	SESSION-f635007151c479b8 → host:177.10.239.111
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eb6c1367f6b2a786:SESSION-eb6c1367f6b2a786	SESSION-eb6c1367f6b2a786 → pe:tls:SESSION-eb6c1367f6b2a786
FLOW_DST_PORTOBS	e:fp:flow:d224f76574e0:port:tcp:443	flow:d224f76574e0 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ab0305ac0c92587:host:54.218.65.249	SESSION-2ab0305ac0c92587 → host:54.218.65.249
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-42ed5696c9e60897:SESSION-42ed5696c9e60897	SESSION-42ed5696c9e60897 → pe:syn:SESSION-42ed5696c9e60897
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f48cf8f11b8f73e:host:172.234.197.23	SESSION-3f48cf8f11b8f73e → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.13:asn:262880	host:177.10.235.13 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b68b7374dcfd0024:host:177.10.233.246	SESSION-b68b7374dcfd0024 → host:177.10.233.246
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bebd9f8afa50544a:SESSION-bebd9f8afa50544a	SESSION-bebd9f8afa50544a → pe:syn:SESSION-bebd9f8afa50544a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e6270bfda958738:PCAP:capture_20260430060001:919b39a74464	SESSION-7e6270bfda958738 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:4f9ba05f8ce7:port:tcp:24306	flow:4f9ba05f8ce7 → port:tcp:24306
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d8432ee5dd236020:flow:0c59e28f7820	SESSION-d8432ee5dd236020 → flow:0c59e28f7820
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cd4d686620f5fc14:PCAP:capture_20260427200001:3ed6eed62060	SESSION-cd4d686620f5fc14 → PCAP:capture_20260427200001:3ed6eed62060
FLOW_TO_HOSTOBS	e:to:SESSION-89957ac1ec870b87:host:172.234.197.23	SESSION-89957ac1ec870b87 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-79349287be3864ac:SESSION-79349287be3864ac	SESSION-79349287be3864ac → pe:syn:SESSION-79349287be3864ac
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7037fa1e0334ef5:host:177.10.233.222	SESSION-b7037fa1e0334ef5 → host:177.10.233.222
FLOW_FROM_HOSTOBS	e:from:SESSION-954ce8dcd8b034e5:host:142.132.190.158	SESSION-954ce8dcd8b034e5 → host:142.132.190.158
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-802ccc988b65b38c:SESSION-802ccc988b65b38c	SESSION-802ccc988b65b38c → pe:tls:SESSION-802ccc988b65b38c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.163:geo_-16.28860_-49.01640	host:177.10.238.163 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a60100c841341ace:host:172.234.197.23	SESSION-a60100c841341ace → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:dac3294581ff:port:tcp:443	flow:dac3294581ff → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-424264fd6333414c:host:131.196.29.186	SESSION-424264fd6333414c → host:131.196.29.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09e9de69a12074bb:host:131.196.29.25	SESSION-09e9de69a12074bb → host:131.196.29.25
FLOW_FROM_HOSTOBS	e:from:SESSION-d6ddb3deb8cc2873:host:177.10.235.214	SESSION-d6ddb3deb8cc2873 → host:177.10.235.214
FLOW_TO_HOSTOBS	e:to:SESSION-56d3faf83e1ced7d:host:172.234.197.23	SESSION-56d3faf83e1ced7d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.215:asn:262880	host:177.10.234.215 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.88:asn:271410	host:131.196.31.88 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f81e7ae5e8e38135:host:131.196.30.58	SESSION-f81e7ae5e8e38135 → host:131.196.30.58
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5fbe4987e86bc38:host:131.196.29.230	SESSION-b5fbe4987e86bc38 → host:131.196.29.230
FLOW_TO_HOSTOBS	e:to:SESSION-a8eb3ecb5c5b32a8:host:177.10.234.72	SESSION-a8eb3ecb5c5b32a8 → host:177.10.234.72
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-853e897de6767cda:host:131.196.31.75	SESSION-853e897de6767cda → host:131.196.31.75
FLOW_TO_HOSTOBS	e:to:SESSION-a5004eb3121e0f98:host:177.10.239.139	SESSION-a5004eb3121e0f98 → host:177.10.239.139
FLOW_FROM_HOSTOBS	e:from:SESSION-1ee986621b3f988f:host:172.234.197.23	SESSION-1ee986621b3f988f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2b4699f1971c	flow:2b4699f1971c → host:177.10.233.138 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4be6b5471ca196a:SESSION-c4be6b5471ca196a	SESSION-c4be6b5471ca196a → pe:syn:SESSION-c4be6b5471ca196a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e41a4ef6cc929c5:host:172.234.197.23	SESSION-7e41a4ef6cc929c5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4baa6f7cc0122cad:host:185.231.226.148	SESSION-4baa6f7cc0122cad → host:185.231.226.148
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bde2562b2e16b844:PCAP:capture_20260430090001:065659c7d314	SESSION-bde2562b2e16b844 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-606a9e702080ed7e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-606a9e702080ed7e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4db42491c04de440:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-4db42491c04de440 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-bdbc33b564dc3f1f:host:172.234.197.23	SESSION-bdbc33b564dc3f1f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0bc704eff4d88e9:flow:75ea99f83171	SESSION-c0bc704eff4d88e9 → flow:75ea99f83171
FLOW_DST_PORTOBS	e:fp:flow:e3888ae19e03:port:tcp:16851	flow:e3888ae19e03 → port:tcp:16851
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3616b79a24490a3:host:177.10.239.154	SESSION-f3616b79a24490a3 → host:177.10.239.154
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-69d28aa413742c82:host:177.10.236.176:host:172.234.197.23	SESSION-69d28aa413742c82 → host:177.10.236.176 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-aa515f25c4c77655:host:177.10.239.12	SESSION-aa515f25c4c77655 → host:177.10.239.12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-81de972e9a362700:SESSION-81de972e9a362700	SESSION-81de972e9a362700 → pe:syn:SESSION-81de972e9a362700
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e2713dc0653d6ae5:SESSION-e2713dc0653d6ae5	SESSION-e2713dc0653d6ae5 → pe:syn:SESSION-e2713dc0653d6ae5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-90426299281da133:SESSION-90426299281da133	SESSION-90426299281da133 → pe:syn:SESSION-90426299281da133
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ef49ba6d990c029:host:172.234.197.23	SESSION-5ef49ba6d990c029 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cc71c07f8c21dc0:host:177.10.233.28	SESSION-6cc71c07f8c21dc0 → host:177.10.233.28
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.52:asn:271410	host:131.196.31.52 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-b05aeaff4a071503:host:131.196.28.71	SESSION-b05aeaff4a071503 → host:131.196.28.71
flow_observed4-aryOBS	e:fo:flow:ddce067a4751	flow:ddce067a4751 → host:172.234.197.23 → host:45.173.156.138 → port:tcp:48821
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf1647bbc272aaf8:host:177.10.239.199	SESSION-bf1647bbc272aaf8 → host:177.10.239.199
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-85a8f577301970a2:SESSION-85a8f577301970a2	SESSION-85a8f577301970a2 → pe:tls:SESSION-85a8f577301970a2
FLOW_TO_HOSTOBS	e:to:SESSION-7ac9bb77fb56e773:host:172.234.197.23	SESSION-7ac9bb77fb56e773 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.209:asn:262880	host:177.10.238.209 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.26:geo_-21.10010_-41.69200	host:45.173.156.26 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e627b58284e1729:host:177.10.234.72	SESSION-2e627b58284e1729 → host:177.10.234.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c9c0456097f35e54:SESSION-c9c0456097f35e54	SESSION-c9c0456097f35e54 → pe:tls:SESSION-c9c0456097f35e54
FLOW_TO_HOSTOBS	e:to:SESSION-adf46c04c6a07144:host:172.234.197.23	SESSION-adf46c04c6a07144 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-079ef1e0e1e74623:host:177.10.237.94	SESSION-079ef1e0e1e74623 → host:177.10.237.94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-19009ef53e5ab2ef:SESSION-19009ef53e5ab2ef	SESSION-19009ef53e5ab2ef → pe:rst:SESSION-19009ef53e5ab2ef
FLOW_TO_HOSTOBS	e:to:SESSION-a782bfdef89df980:host:172.234.197.23	SESSION-a782bfdef89df980 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e3039f9f3e4f	flow:e3039f9f3e4f → host:177.10.235.215 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-bfd9e24a99b67097:host:172.234.197.23	SESSION-bfd9e24a99b67097 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-57039b95174af1c3:PCAP:capture_20260430080001:93f47cc296a4	SESSION-57039b95174af1c3 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3913d4a535b9029:host:131.196.28.116	SESSION-f3913d4a535b9029 → host:131.196.28.116
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dddaf831f2a46242:SESSION-dddaf831f2a46242	SESSION-dddaf831f2a46242 → pe:tls:SESSION-dddaf831f2a46242
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f879597a466f9080:host:177.10.238.154:host:172.234.197.23	SESSION-f879597a466f9080 → host:177.10.238.154 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ffa84d5a72af3dab:host:131.196.29.137	SESSION-ffa84d5a72af3dab → host:131.196.29.137
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47f7d0be3b0e89e2:host:172.234.197.23	SESSION-47f7d0be3b0e89e2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-301cccab595ff1f6:host:45.173.156.41	SESSION-301cccab595ff1f6 → host:45.173.156.41
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d4f3c3204c65c6f4:SESSION-d4f3c3204c65c6f4	SESSION-d4f3c3204c65c6f4 → pe:tls:SESSION-d4f3c3204c65c6f4
FLOW_FROM_HOSTOBS	e:from:SESSION-fa0b840fdb1355d3:host:131.196.30.91	SESSION-fa0b840fdb1355d3 → host:131.196.30.91
FLOW_TO_HOSTOBS	e:to:SESSION-46ff0fa4ec42545a:host:172.234.197.23	SESSION-46ff0fa4ec42545a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-87ea4b729b5b64e3:flow:a96cebd1119f	SESSION-87ea4b729b5b64e3 → flow:a96cebd1119f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa7ff8c6e8f0ef9e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-aa7ff8c6e8f0ef9e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2754fb6a113c6b7:host:177.10.238.218	SESSION-b2754fb6a113c6b7 → host:177.10.238.218
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f003ce3fae962ee:host:172.234.197.23	SESSION-1f003ce3fae962ee → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68342cf3c00e7f2e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-68342cf3c00e7f2e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-954e70596a40db71:SESSION-954e70596a40db71	SESSION-954e70596a40db71 → pe:tls:SESSION-954e70596a40db71
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.129:asn:271410	host:131.196.29.129 → asn:271410
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-724515316ace62dc:BSG-DATA_EXFIL-c45ebda152e5	SESSION-724515316ace62dc → BSG-DATA_EXFIL-c45ebda152e5
FLOW_DST_PORTOBS	e:fp:flow:77f19b7707e9:port:tcp:29446	flow:77f19b7707e9 → port:tcp:29446
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-55979c68784410e0:SESSION-55979c68784410e0	SESSION-55979c68784410e0 → pe:syn:SESSION-55979c68784410e0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f016f4a38011f9c:host:177.10.239.86	SESSION-4f016f4a38011f9c → host:177.10.239.86
flow_observed5-aryOBS	e:fo:flow:9b0db0782ff3	flow:9b0db0782ff3 → host:131.196.29.123 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-e53dab5788851a26:host:103.155.16.117	SESSION-e53dab5788851a26 → host:103.155.16.117
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3674a7955b512da1:host:177.10.236.117:host:172.234.197.23	SESSION-3674a7955b512da1 → host:177.10.236.117 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f7273aea3ec9beab:SESSION-f7273aea3ec9beab	SESSION-f7273aea3ec9beab → pe:syn:SESSION-f7273aea3ec9beab
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-651f6fdc4d4e9c59:host:172.234.197.23	SESSION-651f6fdc4d4e9c59 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-671350c0b0fa8f65:host:177.10.234.228:host:172.234.197.23	SESSION-671350c0b0fa8f65 → host:177.10.234.228 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1075bb458d3b18a:host:172.234.197.23	SESSION-d1075bb458d3b18a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d6af4ef287316d5:host:177.10.238.190	SESSION-7d6af4ef287316d5 → host:177.10.238.190
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.8:asn:262880	host:177.10.237.8 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2db2b0c2312c18a1:host:172.234.197.23:host:131.196.30.60	SESSION-2db2b0c2312c18a1 → host:172.234.197.23 → host:131.196.30.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e0b8f15e6ec3ec0f:host:104.28.202.77	SESSION-e0b8f15e6ec3ec0f → host:104.28.202.77
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6cfabb521c7f73a1:host:131.196.31.80	SESSION-6cfabb521c7f73a1 → host:131.196.31.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8452ffa75e7fe764:PCAP:capture_20260430110001:43611bdf6759	SESSION-8452ffa75e7fe764 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:15d79a8be621	flow:15d79a8be621 → host:131.196.29.235 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.45:asn:271410	host:131.196.28.45 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:58187d298757:port:tcp:443	flow:58187d298757 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-3c787945ac898609:host:172.234.197.23	SESSION-3c787945ac898609 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0fc72300ca0f:port:tcp:443	flow:0fc72300ca0f → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ce2516dd8311d56:PCAP:capture_20260430070001:903a0e7a436b	SESSION-1ce2516dd8311d56 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-5de3ca130be8f6d5:host:45.173.156.167	SESSION-5de3ca130be8f6d5 → host:45.173.156.167
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-396a4dd85675ad96:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-396a4dd85675ad96 → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:54.149.68.137:asn:16509	host:54.149.68.137 → asn:16509
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.18:geo_-23.62930_-46.63510	host:131.196.28.18 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77abcf8d7f3aee2e:host:177.10.237.16:host:172.234.197.23	SESSION-77abcf8d7f3aee2e → host:177.10.237.16 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e3f5af343ed075a:host:131.196.31.193	SESSION-2e3f5af343ed075a → host:131.196.31.193
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-054885aa6e2323da:host:131.196.30.5:host:172.234.197.23	SESSION-054885aa6e2323da → host:131.196.30.5 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.247:asn:262880	host:177.10.236.247 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e11f8c5c1e806073:host:3.102.9.236	SESSION-e11f8c5c1e806073 → host:3.102.9.236
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ead4b2d62c5ebfd2:flow:998829d1b012	SESSION-ead4b2d62c5ebfd2 → flow:998829d1b012
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3739e8b613327ce5:host:131.196.31.159	SESSION-3739e8b613327ce5 → host:131.196.31.159
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-60f4d0af24f032dd:SESSION-60f4d0af24f032dd	SESSION-60f4d0af24f032dd → pe:syn:SESSION-60f4d0af24f032dd
FLOW_TO_HOSTOBS	e:to:SESSION-3f1e2986117d2a1f:host:177.10.238.163	SESSION-3f1e2986117d2a1f → host:177.10.238.163
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5d45bed796decc2:SESSION-b5d45bed796decc2	SESSION-b5d45bed796decc2 → pe:syn:SESSION-b5d45bed796decc2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c532caa5d41cfcbc:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c532caa5d41cfcbc → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7aaaf2932de65e0e:SESSION-7aaaf2932de65e0e	SESSION-7aaaf2932de65e0e → pe:syn:SESSION-7aaaf2932de65e0e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.210:geo_-16.28860_-49.01640	host:177.10.234.210 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-a74ec174530f5239:host:172.234.197.23	SESSION-a74ec174530f5239 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-60f4d0af24f032dd:PCAP:capture_20260430150001:ded20914761d	SESSION-60f4d0af24f032dd → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0e323950505f0871:host:172.234.197.23:host:177.10.235.196	SESSION-0e323950505f0871 → host:172.234.197.23 → host:177.10.235.196
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77593e2039f5e18a:PCAP:capture_20260430110001:43611bdf6759	SESSION-77593e2039f5e18a → PCAP:capture_20260430110001:43611bdf6759
flow_observed4-aryOBS	e:fo:flow:f484c8126b6c	flow:f484c8126b6c → host:172.234.197.23 → host:177.10.237.129 → port:tcp:15941
flow_observed4-aryOBS	e:fo:flow:a9a71af39f70	flow:a9a71af39f70 → host:172.234.197.23 → host:177.10.237.90 → port:tcp:25966
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b30f6f845792a67e:PCAP:capture_20260430090001:065659c7d314	SESSION-b30f6f845792a67e → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.36:asn:262880	host:177.10.238.36 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-de35503b4a9f2ce3:host:45.173.156.210	SESSION-de35503b4a9f2ce3 → host:45.173.156.210
flow_observed5-aryOBS	e:fo:flow:9e86a2f1ebc9	flow:9e86a2f1ebc9 → host:131.196.28.56 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9335dee651513692:host:172.234.197.23	SESSION-9335dee651513692 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b4507c179ac4:port:tcp:443	flow:b4507c179ac4 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5dccafc7307f6ac:host:45.173.156.205:host:172.234.197.23	SESSION-b5dccafc7307f6ac → host:45.173.156.205 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1057767eda3c24b1:host:172.234.197.23	SESSION-1057767eda3c24b1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-848626bce2ee7b76:host:172.234.197.23	SESSION-848626bce2ee7b76 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-78e554a3c30f161c:PCAP:capture_20260430110001:43611bdf6759	SESSION-78e554a3c30f161c → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1c47767899447038:SESSION-1c47767899447038	SESSION-1c47767899447038 → pe:tls:SESSION-1c47767899447038
flow_observed5-aryOBS	e:fo:flow:703841dd3320	flow:703841dd3320 → host:131.196.28.211 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-840476c00c988ec7:SESSION-840476c00c988ec7	SESSION-840476c00c988ec7 → pe:tls:SESSION-840476c00c988ec7
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.181:asn:262880	host:177.10.232.181 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dfde0f74dbe81c3a:flow:3b4858fab774	SESSION-dfde0f74dbe81c3a → flow:3b4858fab774
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3d2c48d2810841c0:host:177.10.234.116	SESSION-3d2c48d2810841c0 → host:177.10.234.116
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-86f296cd3a39a7c2:host:95.170.25.215:host:172.234.197.23	SESSION-86f296cd3a39a7c2 → host:95.170.25.215 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fa1be017e5052d0a:host:177.10.239.170:host:172.234.197.23	SESSION-fa1be017e5052d0a → host:177.10.239.170 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e8086fb2a9cb	flow:e8086fb2a9cb → host:45.173.156.109 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-40dbede277a2e1b2:host:131.196.29.221	SESSION-40dbede277a2e1b2 → host:131.196.29.221
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c5fc27029770f85:host:172.234.197.23	SESSION-2c5fc27029770f85 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6ac21eed532c969e:host:172.234.197.23	SESSION-6ac21eed532c969e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-08a40451c9cdc962:SESSION-08a40451c9cdc962	SESSION-08a40451c9cdc962 → pe:rst:SESSION-08a40451c9cdc962
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c21073699e99172:host:172.234.197.23	SESSION-1c21073699e99172 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.164:asn:262880	host:177.10.239.164 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-042b5a6edf64c734:SESSION-042b5a6edf64c734	SESSION-042b5a6edf64c734 → pe:syn:SESSION-042b5a6edf64c734
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2bcd65d8e62fc5a1:flow:33efcffa1a2a	SESSION-2bcd65d8e62fc5a1 → flow:33efcffa1a2a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-19ad8f01572b4d12:SESSION-19ad8f01572b4d12	SESSION-19ad8f01572b4d12 → pe:tls:SESSION-19ad8f01572b4d12
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83dd76c193cbd2e0:host:172.234.197.23	SESSION-83dd76c193cbd2e0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:47e0cd099035:port:tcp:443	flow:47e0cd099035 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b22f1be22326dd94:host:54.200.68.109:host:172.234.197.23	SESSION-b22f1be22326dd94 → host:54.200.68.109 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:2a6f4722a3cb	flow:2a6f4722a3cb → host:54.254.24.234 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37e4af30bda4d3e9:host:131.196.29.22	SESSION-37e4af30bda4d3e9 → host:131.196.29.22
flow_observed5-aryOBS	e:fo:flow:4d5be3acf017	flow:4d5be3acf017 → host:177.10.238.76 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9fba97aa139b6de4:SESSION-9fba97aa139b6de4	SESSION-9fba97aa139b6de4 → pe:tls:SESSION-9fba97aa139b6de4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a288a75f40d03563:SESSION-a288a75f40d03563	SESSION-a288a75f40d03563 → pe:tls:SESSION-a288a75f40d03563
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-23e0f212525e0a86:PCAP:capture_20260430080001:93f47cc296a4	SESSION-23e0f212525e0a86 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:f794bb54eca4:port:tcp:22734	flow:f794bb54eca4 → port:tcp:22734
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ffe6ab3345b8c10e:host:177.10.235.215:host:172.234.197.23	SESSION-ffe6ab3345b8c10e → host:177.10.235.215 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be67080b9ae14b48:host:172.234.197.23:host:131.196.31.78	SESSION-be67080b9ae14b48 → host:172.234.197.23 → host:131.196.31.78
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2963f6e37ebf1d0d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-2963f6e37ebf1d0d → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-c88d7695016e6fbb:host:172.234.197.23	SESSION-c88d7695016e6fbb → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-20552151cee2e1af:host:45.173.156.78:host:172.234.197.23	SESSION-20552151cee2e1af → host:45.173.156.78 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-733b7037c38abbcf:SESSION-733b7037c38abbcf	SESSION-733b7037c38abbcf → pe:tls:SESSION-733b7037c38abbcf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-29ee7b0c08ea02ad:flow:c851c6ec2554	SESSION-29ee7b0c08ea02ad → flow:c851c6ec2554
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a9091855f21b6bb:host:172.234.197.23	SESSION-0a9091855f21b6bb → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d52597e88babdbe8:host:172.234.197.23:host:131.196.31.217	SESSION-d52597e88babdbe8 → host:172.234.197.23 → host:131.196.31.217
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a6cc06f30e6c05bb:SESSION-a6cc06f30e6c05bb	SESSION-a6cc06f30e6c05bb → pe:syn:SESSION-a6cc06f30e6c05bb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab686f0f0916fec6:host:172.234.197.23	SESSION-ab686f0f0916fec6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-931a0ea4dc7054bf:host:177.10.232.246	SESSION-931a0ea4dc7054bf → host:177.10.232.246
flow_observed4-aryOBS	e:fo:flow:57ec7a959b8f	flow:57ec7a959b8f → host:172.234.197.23 → host:131.196.28.93 → port:tcp:61552
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ffe6ab3345b8c10e:host:172.234.197.23	SESSION-ffe6ab3345b8c10e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0461902d351b0498:host:172.234.197.23	SESSION-0461902d351b0498 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-954029bd3fad39c7:host:172.234.197.23	SESSION-954029bd3fad39c7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-acae490ef1211ca7:host:177.10.237.40	SESSION-acae490ef1211ca7 → host:177.10.237.40
FLOW_FROM_HOSTOBS	e:from:SESSION-3fdceaf69f291402:host:131.196.29.172	SESSION-3fdceaf69f291402 → host:131.196.29.172
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-29cd9f7300aa5893:SESSION-29cd9f7300aa5893	SESSION-29cd9f7300aa5893 → pe:syn:SESSION-29cd9f7300aa5893
FLOW_FROM_HOSTOBS	e:from:SESSION-b05f07ed9250ae8e:host:131.196.30.121	SESSION-b05f07ed9250ae8e → host:131.196.30.121
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58a871785a3878fd:host:172.234.197.23	SESSION-58a871785a3878fd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7ba8377fba710c4:flow:c6fcd772e075	SESSION-b7ba8377fba710c4 → flow:c6fcd772e075
FLOW_TO_HOSTOBS	e:to:SESSION-95f80a98e12e105d:host:45.173.156.125	SESSION-95f80a98e12e105d → host:45.173.156.125
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8e250b2be37e497:host:177.10.239.29	SESSION-f8e250b2be37e497 → host:177.10.239.29
FLOW_FROM_HOSTOBS	e:from:SESSION-6a5d8002765cb7d3:host:177.10.239.136	SESSION-6a5d8002765cb7d3 → host:177.10.239.136
FLOW_FROM_HOSTOBS	e:from:SESSION-cc7ab250b87b35be:host:177.10.236.142	SESSION-cc7ab250b87b35be → host:177.10.236.142
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c85a8771eed4d0f:host:177.10.232.33	SESSION-7c85a8771eed4d0f → host:177.10.232.33
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d1532b7922e59746:SESSION-d1532b7922e59746	SESSION-d1532b7922e59746 → pe:tls:SESSION-d1532b7922e59746
HOST_IN_ASNOBS 85%	e:ha:host:95.135.228.52:asn:203771	host:95.135.228.52 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-669a514c7e7ceed8:host:177.10.239.84	SESSION-669a514c7e7ceed8 → host:177.10.239.84
FLOW_FROM_HOSTOBS	e:from:SESSION-be8cffb783bfde31:host:172.234.197.23	SESSION-be8cffb783bfde31 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0586166ee52acb1f:host:172.234.197.23	SESSION-0586166ee52acb1f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2560fc1185e4e3e7:SESSION-2560fc1185e4e3e7	SESSION-2560fc1185e4e3e7 → pe:syn:SESSION-2560fc1185e4e3e7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2f278495c163e84d:SESSION-2f278495c163e84d	SESSION-2f278495c163e84d → pe:syn:SESSION-2f278495c163e84d
FLOW_QUERIED_DNSOBS	e:fd:flow:a9ef69b0237c:dns:172-234-197-23.ip.linodeusercontent.com	flow:a9ef69b0237c → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f008aa22e7b680c:host:172.234.197.23	SESSION-7f008aa22e7b680c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f11da68f580d:port:tcp:443	flow:f11da68f580d → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:52.81.225.63:asn:55960	host:52.81.225.63 → asn:55960
FLOW_DST_PORTOBS	e:fp:flow:7315230a3bb0:port:tcp:443	flow:7315230a3bb0 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-0c9a0f035acc4428:host:131.196.29.215	SESSION-0c9a0f035acc4428 → host:131.196.29.215
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bb9766ebe449a845:SESSION-bb9766ebe449a845	SESSION-bb9766ebe449a845 → pe:syn:SESSION-bb9766ebe449a845
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94e95046da2771ab:host:172.234.197.23	SESSION-94e95046da2771ab → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-99e2981b3b5fa520:PCAP:capture_20260430070001:903a0e7a436b	SESSION-99e2981b3b5fa520 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7172790c1950eaef:host:172.234.197.23:host:131.196.30.184	SESSION-7172790c1950eaef → host:172.234.197.23 → host:131.196.30.184
FLOW_FROM_HOSTOBS	e:from:SESSION-623bfc839a4f3b4e:host:172.234.197.23	SESSION-623bfc839a4f3b4e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-33348e69a2613db6:SESSION-33348e69a2613db6	SESSION-33348e69a2613db6 → pe:tls:SESSION-33348e69a2613db6
FLOW_TO_HOSTOBS	e:to:SESSION-db858a9d0e579c0c:host:172.234.197.23	SESSION-db858a9d0e579c0c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc18a12b15fb2c84:host:172.234.197.23	SESSION-fc18a12b15fb2c84 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-58f2a638c6bf8581:flow:119f410fdf98	SESSION-58f2a638c6bf8581 → flow:119f410fdf98
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1b9f91f77c860b7c:PCAP:capture_20260430150001:ded20914761d	SESSION-1b9f91f77c860b7c → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eba362425495480d:host:172.234.197.23	SESSION-eba362425495480d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9166f313177f7326:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-9166f313177f7326 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-9ab55f3989857eec:host:131.196.30.88	SESSION-9ab55f3989857eec → host:131.196.30.88
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.217:asn:273470	host:45.173.156.217 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-213b6cb7e75b87f2:flow:7a226fbc653a	SESSION-213b6cb7e75b87f2 → flow:7a226fbc653a
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-20aee5a5b6e9be41:BSG-BEACON-a63cf4e96a4e	SESSION-20aee5a5b6e9be41 → BSG-BEACON-a63cf4e96a4e
flow_observed5-aryOBS	e:fo:flow:b488d873ad67	flow:b488d873ad67 → host:177.10.236.117 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1cb1824ec0ef0f8a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1cb1824ec0ef0f8a → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bd66824284de98ed:SESSION-bd66824284de98ed	SESSION-bd66824284de98ed → pe:tls:SESSION-bd66824284de98ed
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-35ad9f030d1e8e6d:flow:3577a02a28d0	SESSION-35ad9f030d1e8e6d → flow:3577a02a28d0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf2d710eb7a0f34a:host:172.234.197.23	SESSION-cf2d710eb7a0f34a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a98c5df3fe5e6d6:host:172.234.197.23	SESSION-4a98c5df3fe5e6d6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2b1032a47414de8d:host:172.234.197.23	SESSION-2b1032a47414de8d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4619747059efac6f:host:45.173.156.225	SESSION-4619747059efac6f → host:45.173.156.225
FLOW_DST_PORTOBS	e:fp:flow:fa71e3f65ae1:port:tcp:443	flow:fa71e3f65ae1 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-12cb447eb42d83b5:host:172.234.197.23	SESSION-12cb447eb42d83b5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a592f97b57bb2999:SESSION-a592f97b57bb2999	SESSION-a592f97b57bb2999 → pe:syn:SESSION-a592f97b57bb2999
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0ab8c1601f71acf4:SESSION-0ab8c1601f71acf4	SESSION-0ab8c1601f71acf4 → pe:tls:SESSION-0ab8c1601f71acf4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a236c6c04af1f19:host:172.234.197.23	SESSION-9a236c6c04af1f19 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-122c6042cd97886a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-122c6042cd97886a → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f1009c3ce0fc23df:PCAP:capture_20260430060001:919b39a74464	SESSION-f1009c3ce0fc23df → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d798baf71c597a3:host:172.234.197.23	SESSION-2d798baf71c597a3 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.22:asn:262880	host:177.10.234.22 → asn:262880
flow_observed5-aryOBS	e:fo:flow:89241512fcc4	flow:89241512fcc4 → host:131.196.29.65 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-a5643c60889fe0da:host:172.234.197.23	SESSION-a5643c60889fe0da → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77755e4fda54087c:SESSION-77755e4fda54087c	SESSION-77755e4fda54087c → pe:tls:SESSION-77755e4fda54087c
FLOW_DST_PORTOBS	e:fp:flow:b48a91345e9a:port:tcp:31873	flow:b48a91345e9a → port:tcp:31873
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b2c61460e754c8f6:flow:e7251f1511c5	SESSION-b2c61460e754c8f6 → flow:e7251f1511c5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3f077149cc71812a:host:177.10.239.9:host:172.234.197.23	SESSION-3f077149cc71812a → host:177.10.239.9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf343490b1b7ef49:SESSION-bf343490b1b7ef49	SESSION-bf343490b1b7ef49 → pe:syn:SESSION-bf343490b1b7ef49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-44aa905e757bc471:SESSION-44aa905e757bc471	SESSION-44aa905e757bc471 → pe:syn:SESSION-44aa905e757bc471
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-befd285205c2bf8f:host:44.247.223.188	SESSION-befd285205c2bf8f → host:44.247.223.188
FLOW_FROM_HOSTOBS	e:from:SESSION-81dd4006fe67ac3f:host:18.175.215.247	SESSION-81dd4006fe67ac3f → host:18.175.215.247
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.190:asn:262880	host:177.10.235.190 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eee0288be94ee16a:SESSION-eee0288be94ee16a	SESSION-eee0288be94ee16a → pe:syn:SESSION-eee0288be94ee16a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2bde5ab088d2882:host:3.112.93.79	SESSION-c2bde5ab088d2882 → host:3.112.93.79
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.10:asn:262880	host:177.10.238.10 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-b135329a33dc60c2:host:172.234.197.23	SESSION-b135329a33dc60c2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-779dfe498151f730:host:177.10.233.211	SESSION-779dfe498151f730 → host:177.10.233.211
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79787964fff3a281:host:172.234.197.23	SESSION-79787964fff3a281 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.127:asn:262880	host:177.10.239.127 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4af5e0493e3bd78c:host:177.10.239.185	SESSION-4af5e0493e3bd78c → host:177.10.239.185
FLOW_FROM_HOSTOBS	e:from:SESSION-1699a282bb5af583:host:177.10.234.29	SESSION-1699a282bb5af583 → host:177.10.234.29
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-33075a11d7099c2b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-33075a11d7099c2b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed3-aryOBS	e:fo:flow:05a5fe972640	flow:05a5fe972640 → host:54.201.215.37 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-42eae260ad8ea663:PCAP:capture_20260430050001:8868731bf8a4	SESSION-42eae260ad8ea663 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1e0550020c1215cf:flow:042a169e6320	SESSION-1e0550020c1215cf → flow:042a169e6320
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3c17e2540d05f4c2:host:131.196.30.212:host:172.234.197.23	SESSION-3c17e2540d05f4c2 → host:131.196.30.212 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a4b062ac7956d3a5:SESSION-a4b062ac7956d3a5	SESSION-a4b062ac7956d3a5 → pe:syn:SESSION-a4b062ac7956d3a5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca44e56e93546a2c:host:172.234.197.23	SESSION-ca44e56e93546a2c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-398d13acd4a88a37:host:172.232.0.17	SESSION-398d13acd4a88a37 → host:172.232.0.17
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.190:geo_-16.28860_-49.01640	host:177.10.239.190 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-03cee9bc49b35179:host:172.234.197.23	SESSION-03cee9bc49b35179 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7139746cbd677852:host:45.173.156.34	SESSION-7139746cbd677852 → host:45.173.156.34
FLOW_TO_HOSTOBS	e:to:SESSION-a1375745ca86fe64:host:45.173.156.37	SESSION-a1375745ca86fe64 → host:45.173.156.37
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9e8a9e43c374485d:SESSION-9e8a9e43c374485d	SESSION-9e8a9e43c374485d → pe:syn:SESSION-9e8a9e43c374485d
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-f40be42edcf6e8ed:BSG-BEACON-c01588764f49	SESSION-f40be42edcf6e8ed → BSG-BEACON-c01588764f49
FLOW_TO_HOSTOBS	e:to:SESSION-c8d5fc6f7b2bd264:host:177.10.238.181	SESSION-c8d5fc6f7b2bd264 → host:177.10.238.181
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2eb15df038685c53:SESSION-2eb15df038685c53	SESSION-2eb15df038685c53 → pe:tls:SESSION-2eb15df038685c53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b12621bc2223af13:host:177.10.237.225	SESSION-b12621bc2223af13 → host:177.10.237.225
FLOW_TO_HOSTOBS	e:to:SESSION-c0307b3c9af33eb0:host:172.234.197.23	SESSION-c0307b3c9af33eb0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e3d7339ef5a101ca:host:172.234.197.23	SESSION-e3d7339ef5a101ca → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4117bfae8d393f9c:host:172.234.197.23	SESSION-4117bfae8d393f9c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-82c9dbe3cfe7e49f:host:177.10.232.24:host:172.234.197.23	SESSION-82c9dbe3cfe7e49f → host:177.10.232.24 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9354322f5192915a:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-9354322f5192915a → PCAP:capture_20260427230001:ca8bd1ce36e2
FLOW_FROM_HOSTOBS	e:from:SESSION-ee4167cf60ac81c3:host:172.234.197.23	SESSION-ee4167cf60ac81c3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3bb818ce2b02135d:SESSION-3bb818ce2b02135d	SESSION-3bb818ce2b02135d → pe:syn:SESSION-3bb818ce2b02135d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-252ece6cab0420bc:host:177.10.235.252	SESSION-252ece6cab0420bc → host:177.10.235.252
FLOW_FROM_HOSTOBS	e:from:SESSION-750fc9f72ee279c6:host:172.234.197.23	SESSION-750fc9f72ee279c6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-421b35b56ec8b984:host:131.196.28.38:host:172.234.197.23	SESSION-421b35b56ec8b984 → host:131.196.28.38 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5d8922fd6595a71f:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-5d8922fd6595a71f → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-ecc0c586896302d2:host:177.10.233.124	SESSION-ecc0c586896302d2 → host:177.10.233.124
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44c3a4d4ec5442f2:host:177.10.236.201	SESSION-44c3a4d4ec5442f2 → host:177.10.236.201
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ffcc2d542e7be59:host:172.234.197.23	SESSION-0ffcc2d542e7be59 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4235901c81cb167b:host:172.234.197.23	SESSION-4235901c81cb167b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77e1145855a55905:host:172.234.197.23	SESSION-77e1145855a55905 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d551807307fa9b9:host:131.196.29.50	SESSION-2d551807307fa9b9 → host:131.196.29.50
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7aaf7c17fdae8be6:SESSION-7aaf7c17fdae8be6	SESSION-7aaf7c17fdae8be6 → pe:tls:SESSION-7aaf7c17fdae8be6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a108f3a8f652bd55:host:172.234.197.23	SESSION-a108f3a8f652bd55 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0229340abc854c0d:host:177.10.233.185	SESSION-0229340abc854c0d → host:177.10.233.185
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.118:asn:262880	host:177.10.237.118 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.155:geo_-16.28860_-49.01640	host:177.10.235.155 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-077a58eb2518fab4:SESSION-077a58eb2518fab4	SESSION-077a58eb2518fab4 → pe:tls:SESSION-077a58eb2518fab4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2eaffc60d664a8c9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-2eaffc60d664a8c9 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ed59d63ff912d69c:flow:337a509c562d	SESSION-ed59d63ff912d69c → flow:337a509c562d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06a6b67473c48ddd:host:131.196.28.201	SESSION-06a6b67473c48ddd → host:131.196.28.201
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-98c12e77f111e64e:SESSION-98c12e77f111e64e	SESSION-98c12e77f111e64e → pe:syn:SESSION-98c12e77f111e64e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bdbc4c9f7cbfe0c2:host:177.10.235.132	SESSION-bdbc4c9f7cbfe0c2 → host:177.10.235.132
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1065c42d5133f02c:flow:e277cf0bccc7	SESSION-1065c42d5133f02c → flow:e277cf0bccc7
FLOW_FROM_HOSTOBS	e:from:SESSION-67e4e454d5bff348:host:172.234.197.23	SESSION-67e4e454d5bff348 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.27:asn:271410	host:131.196.31.27 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:e802dd97f0ec:port:tcp:56852	flow:e802dd97f0ec → port:tcp:56852
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16b002b5a5ba0e61:host:172.234.197.23	SESSION-16b002b5a5ba0e61 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d0ac7328414c6be9:SESSION-d0ac7328414c6be9	SESSION-d0ac7328414c6be9 → pe:tls:SESSION-d0ac7328414c6be9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b97d7b281ae973a8:flow:b79e234ad6fb	SESSION-b97d7b281ae973a8 → flow:b79e234ad6fb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c130f2091984b84c:SESSION-c130f2091984b84c	SESSION-c130f2091984b84c → pe:tls:SESSION-c130f2091984b84c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1947a05c179b1d2:host:172.234.197.23	SESSION-c1947a05c179b1d2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:350d70420336:port:tcp:443	flow:350d70420336 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8f5b7d4cd5351b11:SESSION-8f5b7d4cd5351b11	SESSION-8f5b7d4cd5351b11 → pe:tls:SESSION-8f5b7d4cd5351b11
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96c334cbd5a64077:PCAP:capture_20260430060001:919b39a74464	SESSION-96c334cbd5a64077 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-710b55a9f3a0edd9:host:172.234.197.23	SESSION-710b55a9f3a0edd9 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-98e2e9e1db14446c:host:177.10.235.169	SESSION-98e2e9e1db14446c → host:177.10.235.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-742c2d67dec63a6f:host:131.196.30.128	SESSION-742c2d67dec63a6f → host:131.196.30.128
flow_observed4-aryOBS	e:fo:flow:9a7a7058ae53	flow:9a7a7058ae53 → host:172.234.197.23 → host:177.10.236.121 → port:tcp:48409
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fa08911a1f564da4:flow:ddb64a3861e6	SESSION-fa08911a1f564da4 → flow:ddb64a3861e6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cbc349d6e82ad363:host:2.57.122.196	SESSION-cbc349d6e82ad363 → host:2.57.122.196
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.189:geo_-16.28860_-49.01640	host:177.10.238.189 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d2d2e0adb85f8f3e:SESSION-d2d2e0adb85f8f3e	SESSION-d2d2e0adb85f8f3e → pe:tls:SESSION-d2d2e0adb85f8f3e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e4f9227bbb6fbbfc:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e4f9227bbb6fbbfc → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f3bd7044d582575:host:172.234.197.23	SESSION-7f3bd7044d582575 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8293f5a95baa645a:host:172.234.197.23	SESSION-8293f5a95baa645a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6d83a9aba23a117e:host:172.234.197.23	SESSION-6d83a9aba23a117e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-14b61e43a384fdb4:host:177.10.235.70:host:172.234.197.23	SESSION-14b61e43a384fdb4 → host:177.10.235.70 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-361f1ea86b9f3cf3:SESSION-361f1ea86b9f3cf3	SESSION-361f1ea86b9f3cf3 → pe:syn:SESSION-361f1ea86b9f3cf3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-71d059e3750765d4:host:177.10.233.2	SESSION-71d059e3750765d4 → host:177.10.233.2
FLOW_FROM_HOSTOBS	e:from:SESSION-4f003e7e66ba8f79:host:131.196.31.238	SESSION-4f003e7e66ba8f79 → host:131.196.31.238
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.205:geo_-16.28860_-49.01640	host:177.10.235.205 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7e52183ef313b6a:host:131.196.28.207	SESSION-e7e52183ef313b6a → host:131.196.28.207
FLOW_TO_HOSTOBS	e:to:SESSION-eff9d1155e5c571f:host:172.234.197.23	SESSION-eff9d1155e5c571f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-042ef885e77347e7:host:131.196.28.48:host:172.234.197.23	SESSION-042ef885e77347e7 → host:131.196.28.48 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2634dc5934886659:host:172.234.197.23	SESSION-2634dc5934886659 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:637c13edbf62	flow:637c13edbf62 → host:131.196.30.205 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7bd472de7dbc823f:flow:9ecf6a5f2cf7	SESSION-7bd472de7dbc823f → flow:9ecf6a5f2cf7
FLOW_DST_PORTOBS	e:fp:flow:278d5aaa1a79:port:tcp:51229	flow:278d5aaa1a79 → port:tcp:51229
FLOW_TO_HOSTOBS	e:to:SESSION-a1ec79192d74c7af:host:172.234.197.23	SESSION-a1ec79192d74c7af → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0119815c01d3319:SESSION-c0119815c01d3319	SESSION-c0119815c01d3319 → pe:tls:SESSION-c0119815c01d3319
flow_observed4-aryOBS	e:fo:flow:4554b28ee50c	flow:4554b28ee50c → host:172.234.197.23 → host:177.10.239.139 → port:tcp:698
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc1c86e42be942bd:flow:5210729a469b	SESSION-cc1c86e42be942bd → flow:5210729a469b
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.90:asn:271410	host:131.196.29.90 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6113f2cc2cfc5017:host:177.10.237.12:host:172.234.197.23	SESSION-6113f2cc2cfc5017 → host:177.10.237.12 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.220:asn:262880	host:177.10.233.220 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fe84550c6b54c988:SESSION-fe84550c6b54c988	SESSION-fe84550c6b54c988 → pe:tls:SESSION-fe84550c6b54c988
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fd2d57a3e3d90491:flow:550a225d20a6	SESSION-fd2d57a3e3d90491 → flow:550a225d20a6
FLOW_FROM_HOSTOBS	e:from:SESSION-d508940aefc84528:host:177.10.235.201	SESSION-d508940aefc84528 → host:177.10.235.201
flow_observed5-aryOBS	e:fo:flow:cb52c83e2455	flow:cb52c83e2455 → host:131.196.29.4 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:c704f1ae0c68	flow:c704f1ae0c68 → host:177.10.236.245 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.204:geo_-23.62930_-46.63510	host:131.196.28.204 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.220:asn:262880	host:177.10.236.220 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-e074701a4b6d6566:host:172.234.197.23	SESSION-e074701a4b6d6566 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ecb6aa8c52d6:port:tcp:443	flow:ecb6aa8c52d6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc96f34750660160:host:177.10.235.83	SESSION-bc96f34750660160 → host:177.10.235.83
flow_observed4-aryOBS	e:fo:flow:1a0170e3adc5	flow:1a0170e3adc5 → host:172.234.197.23 → host:177.10.236.242 → port:tcp:15097
FLOW_DST_PORTOBS	e:fp:flow:0807ce4d27d1:port:tcp:443	flow:0807ce4d27d1 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-55979c68784410e0:flow:2c5cf90e9824	SESSION-55979c68784410e0 → flow:2c5cf90e9824
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f0835af6109bb7c1:SESSION-f0835af6109bb7c1	SESSION-f0835af6109bb7c1 → pe:tls:SESSION-f0835af6109bb7c1
FLOW_FROM_HOSTOBS	e:from:SESSION-b854a8a0c04494b2:host:172.234.197.23	SESSION-b854a8a0c04494b2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b2c833b1ef62	flow:b2c833b1ef62 → host:131.196.28.38 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-414bf7406e62b7e2:flow:a1f7a3f91181	SESSION-414bf7406e62b7e2 → flow:a1f7a3f91181
FLOW_FROM_HOSTOBS	e:from:SESSION-c4dd5260308cf6ea:host:131.196.29.34	SESSION-c4dd5260308cf6ea → host:131.196.29.34
FLOW_TO_HOSTOBS	e:to:SESSION-7679fd0fd118c12e:host:172.234.197.23	SESSION-7679fd0fd118c12e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e5e4b6893c364bde:PCAP:capture_20260430070001:903a0e7a436b	SESSION-e5e4b6893c364bde → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-d8c0a98b52014301:host:172.234.197.23	SESSION-d8c0a98b52014301 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ce973eb9d12ea742:SESSION-ce973eb9d12ea742	SESSION-ce973eb9d12ea742 → pe:tls:SESSION-ce973eb9d12ea742
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.184:geo_-16.28860_-49.01640	host:177.10.232.184 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.65:asn:271410	host:131.196.29.65 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-85714bf39e95506c:host:172.234.197.23:host:213.209.159.159	SESSION-85714bf39e95506c → host:172.234.197.23 → host:213.209.159.159
flow_observed4-aryOBS	e:fo:flow:fa2c4d55df00	flow:fa2c4d55df00 → host:172.234.197.23 → host:177.10.238.173 → port:tcp:17434
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b9875f767bae73b8:SESSION-b9875f767bae73b8	SESSION-b9875f767bae73b8 → pe:syn:SESSION-b9875f767bae73b8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c37bd5454075ced3:host:172.234.197.23	SESSION-c37bd5454075ced3 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:efeaf9943020	flow:efeaf9943020 → host:172.234.197.23 → host:131.196.29.56 → port:tcp:16482
flow_observed5-aryOBS	e:fo:flow:62b791bbed2d	flow:62b791bbed2d → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4e339b9f879a911:PCAP:capture_20260428010001:b1b402c7b202	SESSION-d4e339b9f879a911 → PCAP:capture_20260428010001:b1b402c7b202
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.100:geo_-16.28860_-49.01640	host:177.10.236.100 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b578cd49b856e8a0:host:172.234.197.23	SESSION-b578cd49b856e8a0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f0f5313432825fa0:SESSION-f0f5313432825fa0	SESSION-f0f5313432825fa0 → pe:tls:SESSION-f0f5313432825fa0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0acd91014f6238ed:flow:90c06adffb70	SESSION-0acd91014f6238ed → flow:90c06adffb70
FLOW_DST_PORTOBS	e:fp:flow:664fbef0d9ab:port:tcp:443	flow:664fbef0d9ab → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:5d21062ad7da:port:tcp:443	flow:5d21062ad7da → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca0d45baeb856677:host:177.10.233.211	SESSION-ca0d45baeb856677 → host:177.10.233.211
FLOW_TO_HOSTOBS	e:to:SESSION-52e1254f2f15b333:host:177.10.235.87	SESSION-52e1254f2f15b333 → host:177.10.235.87
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5cb36fee7e75b97b:host:104.28.202.79	SESSION-5cb36fee7e75b97b → host:104.28.202.79
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.187.136.36:geo_48.85820_2.33870	host:37.187.136.36 → geo_48.85820_2.33870
FLOW_DST_PORTOBS	e:fp:flow:e0879fac4437:port:tcp:443	flow:e0879fac4437 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-985c12f522f7e9ff:SESSION-985c12f522f7e9ff	SESSION-985c12f522f7e9ff → pe:tls:SESSION-985c12f522f7e9ff
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.202:asn:271410	host:131.196.28.202 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-0146df147eb3c3bd:host:131.196.31.92	SESSION-0146df147eb3c3bd → host:131.196.31.92
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-342ba7535c6572a7:SESSION-342ba7535c6572a7	SESSION-342ba7535c6572a7 → pe:syn:SESSION-342ba7535c6572a7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aab351c0be27393b:host:172.234.197.23	SESSION-aab351c0be27393b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.10:asn:262880	host:177.10.233.10 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-eee2452aad82d1c2:host:172.234.197.23	SESSION-eee2452aad82d1c2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3fe48e08f3f123e2:PCAP:capture_20260430150001:ded20914761d	SESSION-3fe48e08f3f123e2 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-1518dad52645fa99:host:172.234.197.23	SESSION-1518dad52645fa99 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-02270ea748fd3855:PCAP:capture_20260430050001:8868731bf8a4	SESSION-02270ea748fd3855 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-09a6e49240d11692:flow:3e0a57fa3cfd	SESSION-09a6e49240d11692 → flow:3e0a57fa3cfd
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9eb85eb3deaacc18:flow:cc4e9257354e	SESSION-9eb85eb3deaacc18 → flow:cc4e9257354e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9427f5c2202c5258:SESSION-9427f5c2202c5258	SESSION-9427f5c2202c5258 → pe:tls:SESSION-9427f5c2202c5258
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2c2ee5c4e3db47f8:host:51.161.119.157:host:172.234.197.23	SESSION-2c2ee5c4e3db47f8 → host:51.161.119.157 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.111:geo_41.00190_28.96450	host:92.112.71.111 → geo_41.00190_28.96450
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.163:geo_-23.62930_-46.63510	host:131.196.28.163 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-77b68b84e12bfaab:host:177.10.235.196	SESSION-77b68b84e12bfaab → host:177.10.235.196
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-208c35e6fa834cd1:flow:746bb43ffdeb	SESSION-208c35e6fa834cd1 → flow:746bb43ffdeb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c76cb7a55699fff8:host:131.196.29.145	SESSION-c76cb7a55699fff8 → host:131.196.29.145
FLOW_DST_PORTOBS	e:fp:flow:4554b28ee50c:port:tcp:698	flow:4554b28ee50c → port:tcp:698
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d11c29aca82696f2:host:177.10.236.58:host:172.234.197.23	SESSION-d11c29aca82696f2 → host:177.10.236.58 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:597eb4982c4e:port:tcp:443	flow:597eb4982c4e → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.81:asn:262880	host:177.10.239.81 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9b209515fa806d4a:PCAP:capture_20260430110001:43611bdf6759	SESSION-9b209515fa806d4a → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-b1261f8c6b87cf73:host:172.234.197.23	SESSION-b1261f8c6b87cf73 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b51b74891d2de4c5:SESSION-b51b74891d2de4c5	SESSION-b51b74891d2de4c5 → pe:syn:SESSION-b51b74891d2de4c5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-164b17078fceb547:host:172.234.197.23	SESSION-164b17078fceb547 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7937f820efd31935:host:172.234.197.23	SESSION-7937f820efd31935 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f29ae4ea1d6d03ed:host:172.234.197.23	SESSION-f29ae4ea1d6d03ed → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-83168514d84031f4:SESSION-83168514d84031f4	SESSION-83168514d84031f4 → pe:tls:SESSION-83168514d84031f4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-992ac29a78433ae4:host:172.234.197.23	SESSION-992ac29a78433ae4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a16442ff0a72733c:host:131.196.31.182	SESSION-a16442ff0a72733c → host:131.196.31.182
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e3d1aa706f2604d:host:177.10.236.191	SESSION-3e3d1aa706f2604d → host:177.10.236.191
FLOW_FROM_HOSTOBS	e:from:SESSION-132ae74090c90dac:host:177.10.234.11	SESSION-132ae74090c90dac → host:177.10.234.11
FLOW_FROM_HOSTOBS	e:from:SESSION-c6f6eb6f56b12c37:host:177.10.238.190	SESSION-c6f6eb6f56b12c37 → host:177.10.238.190
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8f41d49423a0699:host:177.10.238.76:host:172.234.197.23	SESSION-c8f41d49423a0699 → host:177.10.238.76 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7fa8e5b00f80216f:SESSION-7fa8e5b00f80216f	SESSION-7fa8e5b00f80216f → pe:tls:SESSION-7fa8e5b00f80216f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f6ad5e06ec5a3a76:host:177.10.238.41	SESSION-f6ad5e06ec5a3a76 → host:177.10.238.41
FLOW_FROM_HOSTOBS	e:from:SESSION-b5fbe4987e86bc38:host:172.234.197.23	SESSION-b5fbe4987e86bc38 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:0cc88f51dcfd	flow:0cc88f51dcfd → host:172.234.197.23 → host:177.10.239.135 → port:tcp:29322
flow_observed5-aryOBS	e:fo:flow:a9465144cfd4	flow:a9465144cfd4 → host:177.10.238.161 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-da40d6e9bff8c88d:SESSION-da40d6e9bff8c88d	SESSION-da40d6e9bff8c88d → pe:tls:SESSION-da40d6e9bff8c88d
FLOW_DST_PORTOBS	e:fp:flow:4d3f821e6497:port:tcp:443	flow:4d3f821e6497 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db946f3602afd068:SESSION-db946f3602afd068	SESSION-db946f3602afd068 → pe:syn:SESSION-db946f3602afd068
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-14cb036847147428:PCAP:capture_20260430150001:ded20914761d	SESSION-14cb036847147428 → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be2d81a12844874f:host:177.10.234.193:host:172.234.197.23	SESSION-be2d81a12844874f → host:177.10.234.193 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9d9ed6ae798457b7:host:172.234.197.23	SESSION-9d9ed6ae798457b7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e867c3054a212916:SESSION-e867c3054a212916	SESSION-e867c3054a212916 → pe:tls:SESSION-e867c3054a212916
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-99c8a38ab4cce90e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-99c8a38ab4cce90e → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77da6a9292c08caa:host:177.10.232.20:host:172.234.197.23	SESSION-77da6a9292c08caa → host:177.10.232.20 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.252:asn:262880	host:177.10.233.252 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eade11f9b06e449a:host:45.173.156.109:host:172.234.197.23	SESSION-eade11f9b06e449a → host:45.173.156.109 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a22fc187bcc4d705:flow:70dd50a07339	SESSION-a22fc187bcc4d705 → flow:70dd50a07339
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.25:geo_-23.62930_-46.63510	host:131.196.28.25 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-67e118b3ac1b9481:PCAP:capture_20260430110001:43611bdf6759	SESSION-67e118b3ac1b9481 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06814c349a39e79e:host:45.173.156.153	SESSION-06814c349a39e79e → host:45.173.156.153
FLOW_DST_PORTOBS	e:fp:flow:3680ddb78789:port:tcp:61959	flow:3680ddb78789 → port:tcp:61959
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1b69502656f28818:PCAP:capture_20260430080001:93f47cc296a4	SESSION-1b69502656f28818 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:04aa2d3b9485	flow:04aa2d3b9485 → host:177.10.232.255 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.22:geo_-23.62930_-46.63510	host:131.196.30.22 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-81de972e9a362700:SESSION-81de972e9a362700	SESSION-81de972e9a362700 → pe:rst:SESSION-81de972e9a362700
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b89a1b1f5399599:flow:6bb8c928d4ad	SESSION-7b89a1b1f5399599 → flow:6bb8c928d4ad
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0f329fce2004d812:host:131.196.29.151	SESSION-0f329fce2004d812 → host:131.196.29.151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-14e24a51491967d5:SESSION-14e24a51491967d5	SESSION-14e24a51491967d5 → pe:rst:SESSION-14e24a51491967d5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-76b86119fe5d0a6f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-76b86119fe5d0a6f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:138da8759222	flow:138da8759222 → host:131.196.30.185 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8b082affabc66a77:SESSION-8b082affabc66a77	SESSION-8b082affabc66a77 → pe:syn:SESSION-8b082affabc66a77
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2eb904b60673a30b:SESSION-2eb904b60673a30b	SESSION-2eb904b60673a30b → pe:syn:SESSION-2eb904b60673a30b
flow_observed4-aryOBS	e:fo:flow:41bb63bf5f7d	flow:41bb63bf5f7d → host:172.234.197.23 → host:177.10.235.24 → port:tcp:50002
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ef90c0e24c7a1c11:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ef90c0e24c7a1c11 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76cae08532c4b8eb:host:172.234.197.23	SESSION-76cae08532c4b8eb → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1859ed99edad:port:tcp:443	flow:1859ed99edad → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-187a70856b24c84b:host:172.234.197.23	SESSION-187a70856b24c84b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa49e5af791c6122:host:131.196.31.140	SESSION-fa49e5af791c6122 → host:131.196.31.140
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41808c8c85c3c4d3:host:177.10.232.1	SESSION-41808c8c85c3c4d3 → host:177.10.232.1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b61fb09d40ad349:host:177.10.234.71	SESSION-8b61fb09d40ad349 → host:177.10.234.71
FLOW_FROM_HOSTOBS	e:from:SESSION-323caf5dcc039926:host:172.234.197.23	SESSION-323caf5dcc039926 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a148e202465c0b29:host:172.234.197.23	SESSION-a148e202465c0b29 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-29cd9f7300aa5893:host:131.196.30.140	SESSION-29cd9f7300aa5893 → host:131.196.30.140
FLOW_FROM_HOSTOBS	e:from:SESSION-1f3af12abbb2ff56:host:172.234.197.23	SESSION-1f3af12abbb2ff56 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:edb17132cf14	flow:edb17132cf14 → host:177.10.235.213 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-840476c00c988ec7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-840476c00c988ec7 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-937317105ded9efa:host:172.234.197.23	SESSION-937317105ded9efa → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a2869823e4d7	flow:a2869823e4d7 → host:131.196.30.188 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0dd74fd8f314e65:host:45.173.156.55	SESSION-f0dd74fd8f314e65 → host:45.173.156.55
FLOW_DST_PORTOBS	e:fp:flow:5cc5d5872470:port:tcp:29850	flow:5cc5d5872470 → port:tcp:29850
FLOW_FROM_HOSTOBS	e:from:SESSION-55187c9d4dc6d2e7:host:177.10.235.90	SESSION-55187c9d4dc6d2e7 → host:177.10.235.90
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-feb3207d55e7c5c5:host:172.234.197.23	SESSION-feb3207d55e7c5c5 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.182:geo_-23.62930_-46.63510	host:131.196.30.182 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:581696e98cc0	flow:581696e98cc0 → host:45.173.156.14 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.198:geo_-23.62930_-46.63510	host:131.196.31.198 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-80c2fbd298f78f5d:SESSION-80c2fbd298f78f5d	SESSION-80c2fbd298f78f5d → pe:tls:SESSION-80c2fbd298f78f5d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-20066dd45b76b973:PCAP:capture_20260430150001:ded20914761d	SESSION-20066dd45b76b973 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-f718f291e0c401d5:host:172.234.197.23	SESSION-f718f291e0c401d5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-edeb3dca8d1da30b:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-edeb3dca8d1da30b → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-72f157e6b3da81bc:SESSION-72f157e6b3da81bc	SESSION-72f157e6b3da81bc → pe:tls:SESSION-72f157e6b3da81bc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bb0c069bf1f40e5a:flow:2e52ef2b8860	SESSION-bb0c069bf1f40e5a → flow:2e52ef2b8860
HOST_IN_ASNOBS 85%	e:ha:host:78.12.83.235:asn:16509	host:78.12.83.235 → asn:16509
FLOW_FROM_HOSTOBS	e:from:SESSION-c92acfae26c49330:host:172.234.197.23	SESSION-c92acfae26c49330 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:933ff1edd14a	flow:933ff1edd14a → host:172.234.197.23 → host:131.196.29.103 → port:tcp:65318
FLOW_FROM_HOSTOBS	e:from:SESSION-cde6fb5ccac54489:host:177.10.236.169	SESSION-cde6fb5ccac54489 → host:177.10.236.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-00efe759e05a1a39:host:177.10.239.93	SESSION-00efe759e05a1a39 → host:177.10.239.93
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-422ba54da9c49203:host:172.234.197.23	SESSION-422ba54da9c49203 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d30c685e20a11d4e:host:177.10.239.26	SESSION-d30c685e20a11d4e → host:177.10.239.26
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.72:geo_-16.28860_-49.01640	host:177.10.234.72 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.29:asn:271410	host:131.196.29.29 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8cf2e3dd1491b22c:PCAP:capture_20260430060001:919b39a74464	SESSION-8cf2e3dd1491b22c → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8402a55882de6bd8:host:177.10.237.147	SESSION-8402a55882de6bd8 → host:177.10.237.147
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.2:asn:262880	host:177.10.239.2 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b24715291f7dc36:host:177.10.232.56	SESSION-6b24715291f7dc36 → host:177.10.232.56
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b32f5a9266c1045d:host:172.234.197.23	SESSION-b32f5a9266c1045d → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:2ce85ca988e6	flow:2ce85ca988e6 → host:172.234.197.23 → host:177.10.239.136 → port:tcp:50756
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.11:geo_-16.28860_-49.01640	host:177.10.236.11 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:96b976c06096	flow:96b976c06096 → host:172.234.197.23 → host:45.173.156.52 → port:tcp:45167
flow_observed5-aryOBS	e:fo:flow:009bd5732591	flow:009bd5732591 → host:92.112.71.21 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-89883827e26a2cf6:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-89883827e26a2cf6 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-e57fbe39684f8bc8:host:177.10.236.108	SESSION-e57fbe39684f8bc8 → host:177.10.236.108
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2eb15df038685c53:SESSION-2eb15df038685c53	SESSION-2eb15df038685c53 → pe:syn:SESSION-2eb15df038685c53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-17a3924886eb315f:SESSION-17a3924886eb315f	SESSION-17a3924886eb315f → pe:tls:SESSION-17a3924886eb315f
flow_observed4-aryOBS	e:fo:flow:16f141b8a376	flow:16f141b8a376 → host:172.234.197.23 → host:131.196.31.32 → port:tcp:34746
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2be203d892e5c4c6:PCAP:capture_20260430070001:903a0e7a436b	SESSION-2be203d892e5c4c6 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:b7a5df9fe8d2:port:tcp:443	flow:b7a5df9fe8d2 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:94234c463c5b	flow:94234c463c5b → host:172.234.197.23 → host:45.173.156.148 → port:tcp:62553
FLOW_DST_PORTOBS	e:fp:flow:beb643cc4247:port:tcp:443	flow:beb643cc4247 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-56fe4753b2794494:host:172.234.197.23	SESSION-56fe4753b2794494 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d36181c32e79	flow:d36181c32e79 → host:177.10.234.22 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:d234dce1ecac	flow:d234dce1ecac → host:177.10.235.114 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:268abe73678d:port:tcp:443	flow:268abe73678d → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.31:geo_-23.62930_-46.63510	host:131.196.30.31 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-337cf74c19f2631e:host:131.196.31.142	SESSION-337cf74c19f2631e → host:131.196.31.142
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-110ce59a2a29ac0c:SESSION-110ce59a2a29ac0c	SESSION-110ce59a2a29ac0c → pe:rst:SESSION-110ce59a2a29ac0c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-99752db79d6c830d:flow:4390e50ad8b5	SESSION-99752db79d6c830d → flow:4390e50ad8b5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.134:geo_-23.62930_-46.63510	host:131.196.28.134 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-193ccf82e1088d1d:host:172.234.197.23	SESSION-193ccf82e1088d1d → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-21b1ebb6f3d7bd68:BSG-BEACON-e07f4250263f	SESSION-21b1ebb6f3d7bd68 → BSG-BEACON-e07f4250263f
flow_observed4-aryOBS	e:fo:flow:d75121ea7e90	flow:d75121ea7e90 → host:172.234.197.23 → host:131.196.28.107 → port:tcp:14289
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da6e864635febf48:host:131.196.30.9	SESSION-da6e864635febf48 → host:131.196.30.9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11ee8787e5fc7b06:host:131.196.30.233	SESSION-11ee8787e5fc7b06 → host:131.196.30.233
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3f9c5288639cc167:SESSION-3f9c5288639cc167	SESSION-3f9c5288639cc167 → pe:syn:SESSION-3f9c5288639cc167
flow_observed4-aryOBS	e:fo:flow:4a6ab53421e3	flow:4a6ab53421e3 → host:172.234.197.23 → host:177.10.235.64 → port:tcp:1979
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e7ccd5c552e41a1:PCAP:capture_20260430090001:065659c7d314	SESSION-7e7ccd5c552e41a1 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-dba7d64f7032fffd:host:177.10.232.207	SESSION-dba7d64f7032fffd → host:177.10.232.207
FLOW_TO_HOSTOBS	e:to:SESSION-6b4419d123b2f0e3:host:172.234.197.23	SESSION-6b4419d123b2f0e3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8c18109925f9685a:flow:6df7b8aae1cc	SESSION-8c18109925f9685a → flow:6df7b8aae1cc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db1b4e286dc089a9:host:172.234.197.23	SESSION-db1b4e286dc089a9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d2d2e0adb85f8f3e:host:131.196.28.21:host:172.234.197.23	SESSION-d2d2e0adb85f8f3e → host:131.196.28.21 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cfdf42e58546762b:host:172.234.197.23	SESSION-cfdf42e58546762b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-449915b4a668f160:SESSION-449915b4a668f160	SESSION-449915b4a668f160 → pe:tls:SESSION-449915b4a668f160
FLOW_FROM_HOSTOBS	e:from:SESSION-14b61e43a384fdb4:host:177.10.235.70	SESSION-14b61e43a384fdb4 → host:177.10.235.70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4bc305941088d24:host:172.232.0.16	SESSION-d4bc305941088d24 → host:172.232.0.16
FLOW_TO_HOSTOBS	e:to:SESSION-cfdf42e58546762b:host:131.196.31.235	SESSION-cfdf42e58546762b → host:131.196.31.235
flow_observed5-aryOBS	e:fo:flow:1bd45696d21f	flow:1bd45696d21f → host:177.10.238.251 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bb818ce2b02135d:host:172.234.197.23	SESSION-3bb818ce2b02135d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ce973eb9d12ea742:PCAP:capture_20260430070001:903a0e7a436b	SESSION-ce973eb9d12ea742 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e4d63ce34019de3:host:177.10.234.239:host:172.234.197.23	SESSION-4e4d63ce34019de3 → host:177.10.234.239 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e1b90ecadb949fa3:host:131.196.28.237:host:172.234.197.23	SESSION-e1b90ecadb949fa3 → host:131.196.28.237 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0758ca9101405049:flow:d2f21addcb09	SESSION-0758ca9101405049 → flow:d2f21addcb09
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-465906ddd8becee4:host:131.196.30.8	SESSION-465906ddd8becee4 → host:131.196.30.8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6c06bd8d9952317f:PCAP:capture_20260430110001:43611bdf6759	SESSION-6c06bd8d9952317f → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e47ff6197158625f:flow:6d3d14b72c68	SESSION-e47ff6197158625f → flow:6d3d14b72c68
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2579d58cc01cbffa:PCAP:capture_20260430070001:903a0e7a436b	SESSION-2579d58cc01cbffa → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-20dfde969676b329:SESSION-20dfde969676b329	SESSION-20dfde969676b329 → pe:syn:SESSION-20dfde969676b329
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-675cba805cfc6bb8:host:177.10.232.208	SESSION-675cba805cfc6bb8 → host:177.10.232.208
FLOW_DST_PORTOBS	e:fp:flow:cd4fb4934a84:port:tcp:6228	flow:cd4fb4934a84 → port:tcp:6228
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-3529b49a7d38dad6:BSG-BEACON-6f180ea665b7	SESSION-3529b49a7d38dad6 → BSG-BEACON-6f180ea665b7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-208c35e6fa834cd1:SESSION-208c35e6fa834cd1	SESSION-208c35e6fa834cd1 → pe:syn:SESSION-208c35e6fa834cd1
FLOW_FROM_HOSTOBS	e:from:SESSION-e332f49c3a5896d2:host:131.196.28.99	SESSION-e332f49c3a5896d2 → host:131.196.28.99
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7601ec92d63a89e6:host:172.234.197.23	SESSION-7601ec92d63a89e6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b5d45bed796decc2:host:45.173.156.208	SESSION-b5d45bed796decc2 → host:45.173.156.208
flow_observed4-aryOBS	e:fo:flow:9ff355e674b2	flow:9ff355e674b2 → host:172.234.197.23 → host:177.10.238.235 → port:tcp:9161
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-391d28a36308a996:host:177.10.236.105	SESSION-391d28a36308a996 → host:177.10.236.105
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed473d20582b9e99:host:172.234.197.23	SESSION-ed473d20582b9e99 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ad4604a15181cb67:host:131.196.31.161:host:172.234.197.23	SESSION-ad4604a15181cb67 → host:131.196.31.161 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-76cec71360f7a00a:PCAP:capture_20260430090001:065659c7d314	SESSION-76cec71360f7a00a → PCAP:capture_20260430090001:065659c7d314
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-501c474d8a937a90:BSG-BEACON-e07f4250263f	SESSION-501c474d8a937a90 → BSG-BEACON-e07f4250263f
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.168:asn:271410	host:131.196.31.168 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f9e3e5dcd2ccb687:host:172.234.197.23:host:131.196.31.27	SESSION-f9e3e5dcd2ccb687 → host:172.234.197.23 → host:131.196.31.27
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9729058a0ea02937:flow:ef09ac1cb842	SESSION-9729058a0ea02937 → flow:ef09ac1cb842
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-94f070a5530c9e09:SESSION-94f070a5530c9e09	SESSION-94f070a5530c9e09 → pe:tls:SESSION-94f070a5530c9e09
flow_observed5-aryOBS	e:fo:flow:8ae016b07990	flow:8ae016b07990 → host:131.196.29.255 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.159:asn:203771	host:185.231.226.159 → asn:203771
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.222:asn:262880	host:177.10.232.222 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cfde024084873f29:host:172.234.197.23	SESSION-cfde024084873f29 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a8694ae6f41e5eb8:host:131.196.29.106	SESSION-a8694ae6f41e5eb8 → host:131.196.29.106
FLOW_DST_PORTOBS	e:fp:flow:adda313743fa:port:tcp:443	flow:adda313743fa → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-af315627d236ddd5:host:177.10.232.73	SESSION-af315627d236ddd5 → host:177.10.232.73
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-926b7babcf98185f:host:172.234.197.23	SESSION-926b7babcf98185f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-95229bbdec6f8a74:host:172.234.197.23	SESSION-95229bbdec6f8a74 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d067f06f7951	flow:d067f06f7951 → host:177.10.233.15 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-59aca44477f61d35:SESSION-59aca44477f61d35	SESSION-59aca44477f61d35 → pe:syn:SESSION-59aca44477f61d35
FLOW_FROM_HOSTOBS	e:from:SESSION-f42dcf2468c4a64f:host:131.196.31.61	SESSION-f42dcf2468c4a64f → host:131.196.31.61
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d0a2ec1133f1da31:host:177.10.239.16	SESSION-d0a2ec1133f1da31 → host:177.10.239.16
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.138:geo_-16.28860_-49.01640	host:177.10.239.138 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2761ffbe76598549:PCAP:capture_20260430110001:43611bdf6759	SESSION-2761ffbe76598549 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-ab42e00b724a7daa:host:172.234.197.23	SESSION-ab42e00b724a7daa → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:bb3f8d8dd333:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:bb3f8d8dd333 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9e8a9e43c374485d:SESSION-9e8a9e43c374485d	SESSION-9e8a9e43c374485d → pe:tls:SESSION-9e8a9e43c374485d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.151:geo_-23.62930_-46.63510	host:131.196.28.151 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-b5ddc9130fa518dc:host:172.234.197.23	SESSION-b5ddc9130fa518dc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-25d670562ff80de0:host:177.10.233.100	SESSION-25d670562ff80de0 → host:177.10.233.100
FLOW_DST_PORTOBS	e:fp:flow:1604b7d7ac07:port:tcp:28756	flow:1604b7d7ac07 → port:tcp:28756
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c49f5291ee3911b4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c49f5291ee3911b4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dd05928698dec5c4:host:131.196.30.20:host:172.234.197.23	SESSION-dd05928698dec5c4 → host:131.196.30.20 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8bd8f63c48f5	flow:8bd8f63c48f5 → host:45.173.156.153 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:78589cc764f0	flow:78589cc764f0 → host:172.234.197.23 → host:177.10.237.4 → port:tcp:11384
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-26a93711200ab02b:SESSION-26a93711200ab02b	SESSION-26a93711200ab02b → pe:tls:SESSION-26a93711200ab02b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-957293060df71cd6:SESSION-957293060df71cd6	SESSION-957293060df71cd6 → pe:syn:SESSION-957293060df71cd6
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.254:asn:262880	host:177.10.237.254 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b70d9bf346b75217:flow:268b6ae636af	SESSION-b70d9bf346b75217 → flow:268b6ae636af
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b64c855cb393ccc0:flow:a808f31a4e66	SESSION-b64c855cb393ccc0 → flow:a808f31a4e66
FLOW_FROM_HOSTOBS	e:from:SESSION-616ab8d382244a8d:host:131.196.31.70	SESSION-616ab8d382244a8d → host:131.196.31.70
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fb6fbeeb95cb61c8:PCAP:capture_20260430090001:065659c7d314	SESSION-fb6fbeeb95cb61c8 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-70f9355e024c975b:SESSION-70f9355e024c975b	SESSION-70f9355e024c975b → pe:tls:SESSION-70f9355e024c975b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ba1793b4e05c9885:PCAP:capture_20260430150001:ded20914761d	SESSION-ba1793b4e05c9885 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-367825c4b1c7c6d4:flow:d24a1eb66a56	SESSION-367825c4b1c7c6d4 → flow:d24a1eb66a56
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff7dac0188fe8fcb:host:172.234.197.23	SESSION-ff7dac0188fe8fcb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-47fcc0d7da6d7c1a:host:172.234.197.23	SESSION-47fcc0d7da6d7c1a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b045e9fec039082:flow:4fd8baa1ce1b	SESSION-5b045e9fec039082 → flow:4fd8baa1ce1b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ea5a5c8bbfcfd548:SESSION-ea5a5c8bbfcfd548	SESSION-ea5a5c8bbfcfd548 → pe:tls:SESSION-ea5a5c8bbfcfd548
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.12:asn:262880	host:177.10.234.12 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5972a3b732445423:host:177.10.236.105	SESSION-5972a3b732445423 → host:177.10.236.105
FLOW_TO_HOSTOBS	e:to:SESSION-b9fb0652618e8095:host:172.234.197.23	SESSION-b9fb0652618e8095 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.6:asn:262880	host:177.10.237.6 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.157:geo_-23.62930_-46.63510	host:131.196.29.157 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a3bb54d95c2cdaff:host:177.10.234.224:host:172.234.197.23	SESSION-a3bb54d95c2cdaff → host:177.10.234.224 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4af5e0493e3bd78c:flow:658994ab5ea9	SESSION-4af5e0493e3bd78c → flow:658994ab5ea9
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.119:asn:271410	host:131.196.29.119 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b1dfe7de9432473b:SESSION-b1dfe7de9432473b	SESSION-b1dfe7de9432473b → pe:syn:SESSION-b1dfe7de9432473b
FLOW_DST_PORTOBS	e:fp:flow:4ac0de8d3459:port:tcp:443	flow:4ac0de8d3459 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c5fe81cc60001f5:host:45.173.156.56	SESSION-8c5fe81cc60001f5 → host:45.173.156.56
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ca971b9386eb0b9:SESSION-2ca971b9386eb0b9	SESSION-2ca971b9386eb0b9 → pe:tls:SESSION-2ca971b9386eb0b9
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.235:asn:271410	host:131.196.29.235 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.12:asn:262880	host:177.10.237.12 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:47787a78b223:port:tcp:443	flow:47787a78b223 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7ff9648a7e097bde:SESSION-7ff9648a7e097bde	SESSION-7ff9648a7e097bde → pe:tls:SESSION-7ff9648a7e097bde
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-265fcf20a19ad440:flow:878c61c0dd91	SESSION-265fcf20a19ad440 → flow:878c61c0dd91
FLOW_FROM_HOSTOBS	e:from:SESSION-cac7290643404699:host:103.230.240.59	SESSION-cac7290643404699 → host:103.230.240.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a720c7dde0362052:host:172.234.197.23	SESSION-a720c7dde0362052 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-27131bb9b9feeb52:host:177.10.237.118:host:172.234.197.23	SESSION-27131bb9b9feeb52 → host:177.10.237.118 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ea6a04b7906c:port:tcp:443	flow:ea6a04b7906c → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:0d57cdd2a340	flow:0d57cdd2a340 → host:172.234.197.23 → host:177.10.233.22 → port:tcp:38751
FLOW_FROM_HOSTOBS	e:from:SESSION-2ac058e9f0280088:host:18.100.238.122	SESSION-2ac058e9f0280088 → host:18.100.238.122
FLOW_DST_PORTOBS	e:fp:flow:c9e3ada284c1:port:tcp:443	flow:c9e3ada284c1 → port:tcp:443
ASN_IN_ORGOBS 80%	e:ao:asn:197540:org:netcup GmbH	asn:197540 → org:netcup GmbH
flow_observed5-aryOBS	e:fo:flow:b1cc4a97ab18	flow:b1cc4a97ab18 → host:45.173.156.159 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:68a63bdf73f4:port:tcp:56152	flow:68a63bdf73f4 → port:tcp:56152
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-36e366306285e270:PCAP:capture_20260430090001:065659c7d314	SESSION-36e366306285e270 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b10aefef2d5c06b7:host:172.234.197.23	SESSION-b10aefef2d5c06b7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-43a9f8d54e48850a:SESSION-43a9f8d54e48850a	SESSION-43a9f8d54e48850a → pe:syn:SESSION-43a9f8d54e48850a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-95152bde385a2e89:SESSION-95152bde385a2e89	SESSION-95152bde385a2e89 → pe:syn:SESSION-95152bde385a2e89
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0200d7ef8e83c7c3:host:45.173.156.109:host:172.234.197.23	SESSION-0200d7ef8e83c7c3 → host:45.173.156.109 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ebb29f0c8a91fe62:PCAP:capture_20260430090001:065659c7d314	SESSION-ebb29f0c8a91fe62 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b197d648fac856a7:host:172.234.197.23	SESSION-b197d648fac856a7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2daf8cded5fb19ed:host:136.243.57.208	SESSION-2daf8cded5fb19ed → host:136.243.57.208
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.190:asn:262880	host:177.10.232.190 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7ba8377fba710c4:SESSION-b7ba8377fba710c4	SESSION-b7ba8377fba710c4 → pe:syn:SESSION-b7ba8377fba710c4
FLOW_TO_HOSTOBS	e:to:SESSION-d24a424002821105:host:172.234.197.23	SESSION-d24a424002821105 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2b77aa54b9b2:port:tcp:443	flow:2b77aa54b9b2 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:f5dd5c63cbac:port:tcp:443	flow:f5dd5c63cbac → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ef41947f9929862:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8ef41947f9929862 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37451ceb7f45e2a3:host:69.222.187.134	SESSION-37451ceb7f45e2a3 → host:69.222.187.134
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.51:geo_-23.62930_-46.63510	host:131.196.29.51 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-9ed5696d63c7b154:host:131.196.30.196	SESSION-9ed5696d63c7b154 → host:131.196.30.196
FLOW_DST_PORTOBS	e:fp:flow:19537cef41e5:port:tcp:443	flow:19537cef41e5 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ed55c24c9ffd87b5:host:177.10.237.127:host:172.234.197.23	SESSION-ed55c24c9ffd87b5 → host:177.10.237.127 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.205:geo_-16.28860_-49.01640	host:177.10.238.205 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-ec91eda6d4bd732e:host:172.234.197.23	SESSION-ec91eda6d4bd732e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d77bd425cc20:port:tcp:443	flow:d77bd425cc20 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:9b3007c5185e	flow:9b3007c5185e → host:177.10.235.185 → host:172.234.197.23 → port:tcp:443 → svc:https
PORT_IMPLIED_SERVICEIMP 70%	e:ps:port:tcp:443:svc:https	port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-6966225f20017b9e:host:172.234.197.23	SESSION-6966225f20017b9e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-353fd641d57f7d93:SESSION-353fd641d57f7d93	SESSION-353fd641d57f7d93 → pe:syn:SESSION-353fd641d57f7d93
FLOW_DST_PORTOBS	e:fp:flow:0c9bce781e07:port:tcp:443	flow:0c9bce781e07 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-89957ac1ec870b87:SESSION-89957ac1ec870b87	SESSION-89957ac1ec870b87 → pe:tls:SESSION-89957ac1ec870b87
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-74d9117e815e4c77:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-74d9117e815e4c77 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d43da16ef3276f9b:flow:3da5b473a4ca	SESSION-d43da16ef3276f9b → flow:3da5b473a4ca
FLOW_TO_HOSTOBS	e:to:SESSION-7a24ae76392ce429:host:172.234.197.23	SESSION-7a24ae76392ce429 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-75ad621f5d402513:flow:75bb6d0e28a7	SESSION-75ad621f5d402513 → flow:75bb6d0e28a7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9d0c24f0912a7520:host:172.234.197.23:host:131.196.29.22	SESSION-9d0c24f0912a7520 → host:172.234.197.23 → host:131.196.29.22
FLOW_TO_HOSTOBS	e:to:SESSION-7b8d0e25502f89d2:host:172.234.197.23	SESSION-7b8d0e25502f89d2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a8376f0f57e00ff1:SESSION-a8376f0f57e00ff1	SESSION-a8376f0f57e00ff1 → pe:tls:SESSION-a8376f0f57e00ff1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11723453546179ac:host:131.196.30.148	SESSION-11723453546179ac → host:131.196.30.148
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28e21153f6abb648:host:172.234.197.23	SESSION-28e21153f6abb648 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-848ab23bc1105d57:PCAP:capture_20260430150001:ded20914761d	SESSION-848ab23bc1105d57 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-af55ab527d360ebd:host:131.196.29.46	SESSION-af55ab527d360ebd → host:131.196.29.46
FLOW_FROM_HOSTOBS	e:from:SESSION-9500d9b64493d052:host:45.173.156.72	SESSION-9500d9b64493d052 → host:45.173.156.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7440e76ff1d72d2f:SESSION-7440e76ff1d72d2f	SESSION-7440e76ff1d72d2f → pe:syn:SESSION-7440e76ff1d72d2f
flow_observed4-aryOBS	e:fo:flow:6c589b7c75b1	flow:6c589b7c75b1 → host:172.234.197.23 → host:131.196.30.246 → port:tcp:20094
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-82fb3096076edb8c:SESSION-82fb3096076edb8c	SESSION-82fb3096076edb8c → pe:syn:SESSION-82fb3096076edb8c
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.114:asn:271410	host:131.196.28.114 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-d30c685e20a11d4e:host:177.10.239.26	SESSION-d30c685e20a11d4e → host:177.10.239.26
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a1d147c13acfa404:flow:c0bc3d7637a6	SESSION-a1d147c13acfa404 → flow:c0bc3d7637a6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f57ffeba62df89fa:flow:70a16a96af81	SESSION-f57ffeba62df89fa → flow:70a16a96af81
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.229:geo_-16.28860_-49.01640	host:177.10.232.229 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-381a0e70ba36b75c:host:131.196.31.69	SESSION-381a0e70ba36b75c → host:131.196.31.69
flow_observed5-aryOBS	e:fo:flow:bfe04f563b53	flow:bfe04f563b53 → host:131.196.30.152 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ce2566c1c98d1aed:SESSION-ce2566c1c98d1aed	SESSION-ce2566c1c98d1aed → pe:tls:SESSION-ce2566c1c98d1aed
FLOW_TO_HOSTOBS	e:to:SESSION-63e207f92d9c898d:host:172.234.197.23	SESSION-63e207f92d9c898d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.204:geo_-16.28860_-49.01640	host:177.10.239.204 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-99ffd8e203ea7715:host:131.196.29.232:host:172.234.197.23	SESSION-99ffd8e203ea7715 → host:131.196.29.232 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-803b2289978a359c:host:172.234.197.23	SESSION-803b2289978a359c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b8787ac12cda:port:tcp:443	flow:b8787ac12cda → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a01362ca7d087a96:flow:4312a4e24087	SESSION-a01362ca7d087a96 → flow:4312a4e24087
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-087551762f1417e7:SESSION-087551762f1417e7	SESSION-087551762f1417e7 → pe:tls:SESSION-087551762f1417e7
flow_observed3-aryOBS	e:fo:flow:c43288878bab	flow:c43288878bab → host:40.177.218.231 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a72e7bc5d973ed2:host:172.234.197.23	SESSION-6a72e7bc5d973ed2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:524cb7cd132b:port:tcp:443	flow:524cb7cd132b → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1f003ce3fae962ee:host:172.234.197.23:host:177.10.236.12	SESSION-1f003ce3fae962ee → host:172.234.197.23 → host:177.10.236.12
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0b3c5797223848b:flow:1d557416deb3	SESSION-c0b3c5797223848b → flow:1d557416deb3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4298399acb708ae5:host:172.234.197.23:host:131.196.31.138	SESSION-4298399acb708ae5 → host:172.234.197.23 → host:131.196.31.138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c37bd5454075ced3:host:172.232.0.16	SESSION-c37bd5454075ced3 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1df48b404d2bce0:host:177.10.235.87	SESSION-c1df48b404d2bce0 → host:177.10.235.87
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a03e1a67bd79b062:flow:7014b065701d	SESSION-a03e1a67bd79b062 → flow:7014b065701d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c9d9495404a53bc0:flow:64dd9e76d75f	SESSION-c9d9495404a53bc0 → flow:64dd9e76d75f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-714dd24b305adb19:host:131.196.28.46:host:172.234.197.23	SESSION-714dd24b305adb19 → host:131.196.28.46 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bebd9f8afa50544a:SESSION-bebd9f8afa50544a	SESSION-bebd9f8afa50544a → pe:tls:SESSION-bebd9f8afa50544a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-626902abaec078eb:host:131.196.29.237:host:172.234.197.23	SESSION-626902abaec078eb → host:131.196.29.237 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-499399e6896a45f7:host:172.234.197.23	SESSION-499399e6896a45f7 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.195:asn:203771	host:45.145.152.195 → asn:203771
FLOW_FROM_HOSTOBS	e:from:SESSION-b23254615c6167a0:host:177.10.235.59	SESSION-b23254615c6167a0 → host:177.10.235.59
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.63:geo_-21.10010_-41.69200	host:45.173.156.63 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-22ef7e58c288a4dd:flow:6e499fdcb6ff	SESSION-22ef7e58c288a4dd → flow:6e499fdcb6ff
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cfb2466cf35b5342:SESSION-cfb2466cf35b5342	SESSION-cfb2466cf35b5342 → pe:syn:SESSION-cfb2466cf35b5342
FLOW_TO_HOSTOBS	e:to:SESSION-f5f3ac5dec394466:host:172.234.197.23	SESSION-f5f3ac5dec394466 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-46b3e65e40562e00:SESSION-46b3e65e40562e00	SESSION-46b3e65e40562e00 → pe:tls:SESSION-46b3e65e40562e00
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b048d8915129480a:SESSION-b048d8915129480a	SESSION-b048d8915129480a → pe:tls:SESSION-b048d8915129480a
FLOW_TO_HOSTOBS	e:to:SESSION-4c33b44718448cc2:host:172.234.197.23	SESSION-4c33b44718448cc2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7eb452f0b60197b3:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-7eb452f0b60197b3 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-eb72c41fb24aaf81:host:131.196.29.203	SESSION-eb72c41fb24aaf81 → host:131.196.29.203
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b84527735a90d253:PCAP:capture_20260430090001:065659c7d314	SESSION-b84527735a90d253 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5ef74cd6b285b3c9:SESSION-5ef74cd6b285b3c9	SESSION-5ef74cd6b285b3c9 → pe:tls:SESSION-5ef74cd6b285b3c9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c36a1f3b5aad9a99:SESSION-c36a1f3b5aad9a99	SESSION-c36a1f3b5aad9a99 → pe:tls:SESSION-c36a1f3b5aad9a99
FLOW_DST_PORTOBS	e:fp:flow:ade6d6dd1519:port:tcp:443	flow:ade6d6dd1519 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6d2d33fef3a69334:SESSION-6d2d33fef3a69334	SESSION-6d2d33fef3a69334 → pe:syn:SESSION-6d2d33fef3a69334
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9963b3b3d702eb6e:SESSION-9963b3b3d702eb6e	SESSION-9963b3b3d702eb6e → pe:syn:SESSION-9963b3b3d702eb6e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5d27f09d7c919692:PCAP:capture_20260430150001:ded20914761d	SESSION-5d27f09d7c919692 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-c6f6eb6f56b12c37:host:172.234.197.23	SESSION-c6f6eb6f56b12c37 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1620c835b56464d4:flow:937bcaa6f995	SESSION-1620c835b56464d4 → flow:937bcaa6f995
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.234:geo_-23.62930_-46.63510	host:131.196.28.234 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8277822e9833952:SESSION-c8277822e9833952	SESSION-c8277822e9833952 → pe:tls:SESSION-c8277822e9833952
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.151:asn:262880	host:177.10.239.151 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-08ccad07eda14042:PCAP:capture_20260430090001:065659c7d314	SESSION-08ccad07eda14042 → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:a301ca4ce719	flow:a301ca4ce719 → host:131.196.29.127 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-6ba035d2018b1429:host:177.10.232.72	SESSION-6ba035d2018b1429 → host:177.10.232.72
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-928f584a0bc46099:PCAP:capture_20260430110001:43611bdf6759	SESSION-928f584a0bc46099 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9d0657eb87257c08:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-9d0657eb87257c08 → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2969d43ba10a409c:SESSION-2969d43ba10a409c	SESSION-2969d43ba10a409c → pe:tls:SESSION-2969d43ba10a409c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-457bc509f900e32f:flow:a84e029681a8	SESSION-457bc509f900e32f → flow:a84e029681a8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6f3d2670453324e:host:172.234.197.23	SESSION-e6f3d2670453324e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94bbfef7eb27207b:host:172.234.197.23	SESSION-94bbfef7eb27207b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-28a7ecee4eeacba6:SESSION-28a7ecee4eeacba6	SESSION-28a7ecee4eeacba6 → pe:tls:SESSION-28a7ecee4eeacba6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-350febc37b3f152d:SESSION-350febc37b3f152d	SESSION-350febc37b3f152d → pe:tls:SESSION-350febc37b3f152d
flow_observed4-aryOBS	e:fo:flow:cd8bcd725224	flow:cd8bcd725224 → host:193.32.162.28 → host:172.234.197.23 → port:tcp:10004
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e4d63ce34019de3:PCAP:capture_20260430080001:93f47cc296a4	SESSION-4e4d63ce34019de3 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8a604218ad277317:SESSION-8a604218ad277317	SESSION-8a604218ad277317 → pe:tls:SESSION-8a604218ad277317
FLOW_TO_HOSTOBS	e:to:SESSION-066d98dee3275acb:host:172.234.197.23	SESSION-066d98dee3275acb → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7440e76ff1d72d2f:host:95.170.25.34:host:172.234.197.23	SESSION-7440e76ff1d72d2f → host:95.170.25.34 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:20396b807239:port:tcp:443	flow:20396b807239 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2996f9b3a522abad:host:131.196.30.145	SESSION-2996f9b3a522abad → host:131.196.30.145
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc9c57ce6bc30045:host:172.234.197.23	SESSION-bc9c57ce6bc30045 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c9e8ca0a8147:port:tcp:443	flow:c9e8ca0a8147 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-177c9265a29fe644:host:172.234.197.23:host:177.10.232.153	SESSION-177c9265a29fe644 → host:172.234.197.23 → host:177.10.232.153
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96ad3251c1ecb855:host:177.10.237.18	SESSION-96ad3251c1ecb855 → host:177.10.237.18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-364513c2995bfd3b:SESSION-364513c2995bfd3b	SESSION-364513c2995bfd3b → pe:tls:SESSION-364513c2995bfd3b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ef9a5d8a17e479b:host:172.234.197.23	SESSION-8ef9a5d8a17e479b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-537461a77052bb13:host:172.234.197.23	SESSION-537461a77052bb13 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-957293060df71cd6:host:45.145.152.208	SESSION-957293060df71cd6 → host:45.145.152.208
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e52ff6e3dab6ecf9:host:172.234.197.23	SESSION-e52ff6e3dab6ecf9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-381f999774715cfc:host:172.234.197.23	SESSION-381f999774715cfc → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f852deb0b74344a0:host:172.234.197.23:host:177.10.236.134	SESSION-f852deb0b74344a0 → host:172.234.197.23 → host:177.10.236.134
FLOW_DST_PORTOBS	e:fp:flow:411f88e09190:port:tcp:22561	flow:411f88e09190 → port:tcp:22561
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-14a32c9f71c15657:flow:c6498c0f7263	SESSION-14a32c9f71c15657 → flow:c6498c0f7263
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5f3e8e9199df130f:SESSION-5f3e8e9199df130f	SESSION-5f3e8e9199df130f → pe:syn:SESSION-5f3e8e9199df130f
FLOW_TO_HOSTOBS	e:to:SESSION-592c559641abdde0:host:177.10.237.138	SESSION-592c559641abdde0 → host:177.10.237.138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-997b652ef378c5d4:host:172.234.197.23	SESSION-997b652ef378c5d4 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.221:geo_-16.28860_-49.01640	host:177.10.236.221 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-57e20c08f6c0c2c9:SESSION-57e20c08f6c0c2c9	SESSION-57e20c08f6c0c2c9 → pe:tls:SESSION-57e20c08f6c0c2c9
FLOW_FROM_HOSTOBS	e:from:SESSION-e225557ebe736948:host:172.234.197.23	SESSION-e225557ebe736948 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.254:asn:262880	host:177.10.239.254 → asn:262880
flow_observed5-aryOBS	e:fo:flow:91131826770f	flow:91131826770f → host:131.196.29.16 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.70:asn:271410	host:131.196.28.70 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-312ea7073c45e21c:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-312ea7073c45e21c → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-605f000d6a5e20b1:flow:e23c67b8a8e5	SESSION-605f000d6a5e20b1 → flow:e23c67b8a8e5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a7a354b1ade71f9e:flow:dc77810442c2	SESSION-a7a354b1ade71f9e → flow:dc77810442c2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f43bb83d69743819:host:172.234.197.23	SESSION-f43bb83d69743819 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4cd4ae8706680eb9:host:131.196.29.164	SESSION-4cd4ae8706680eb9 → host:131.196.29.164
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-848ab23bc1105d57:flow:122574939bbc	SESSION-848ab23bc1105d57 → flow:122574939bbc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-da7125a184793aeb:SESSION-da7125a184793aeb	SESSION-da7125a184793aeb → pe:tls:SESSION-da7125a184793aeb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3bfa302feda190a0:PCAP:capture_20260430150001:ded20914761d	SESSION-3bfa302feda190a0 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0dad0a06445f9e1f:flow:ebc4720c3766	SESSION-0dad0a06445f9e1f → flow:ebc4720c3766
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-16b002b5a5ba0e61:host:177.10.238.127:host:172.234.197.23	SESSION-16b002b5a5ba0e61 → host:177.10.238.127 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d31cb6e546f767b7:host:172.234.197.23	SESSION-d31cb6e546f767b7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96afec3035986aab:host:195.154.100.87	SESSION-96afec3035986aab → host:195.154.100.87
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f2c00c77bcbb5602:SESSION-f2c00c77bcbb5602	SESSION-f2c00c77bcbb5602 → pe:syn:SESSION-f2c00c77bcbb5602
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30b7709547a366f1:host:172.234.197.23	SESSION-30b7709547a366f1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.51:geo_-16.28860_-49.01640	host:177.10.234.51 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.115:geo_-16.28860_-49.01640	host:177.10.237.115 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-01744e272bba469d:host:172.234.197.23	SESSION-01744e272bba469d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-62e68b494cd2572d:SESSION-62e68b494cd2572d	SESSION-62e68b494cd2572d → pe:tls:SESSION-62e68b494cd2572d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4898aa8f3840ecd5:SESSION-4898aa8f3840ecd5	SESSION-4898aa8f3840ecd5 → pe:syn:SESSION-4898aa8f3840ecd5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7f62a59cabf6a851:SESSION-7f62a59cabf6a851	SESSION-7f62a59cabf6a851 → pe:syn:SESSION-7f62a59cabf6a851
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.87:geo_-16.28860_-49.01640	host:177.10.234.87 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0461902d351b0498:flow:fa2c6f134f69	SESSION-0461902d351b0498 → flow:fa2c6f134f69
flow_observed4-aryOBS	e:fo:flow:8a0c1a3cc10c	flow:8a0c1a3cc10c → host:172.234.197.23 → host:131.196.31.146 → port:tcp:5510
flow_observed5-aryOBS	e:fo:flow:6388ff3a9a78	flow:6388ff3a9a78 → host:177.10.234.186 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e3db8610837fd0b8:SESSION-e3db8610837fd0b8	SESSION-e3db8610837fd0b8 → pe:syn:SESSION-e3db8610837fd0b8
flow_observed5-aryOBS	e:fo:flow:926320651e1b	flow:926320651e1b → host:31.40.196.45 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5004eb3121e0f98:host:177.10.239.139	SESSION-a5004eb3121e0f98 → host:177.10.239.139
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aec4f33b062c0e6b:host:136.243.57.208:host:172.234.197.23	SESSION-aec4f33b062c0e6b → host:136.243.57.208 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7e1d945377ab	flow:7e1d945377ab → host:177.10.237.66 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e3764b25412d87e:host:172.234.197.23	SESSION-2e3764b25412d87e → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.109:geo_-21.10010_-41.69200	host:45.173.156.109 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d6e3c617395c3b07:flow:8e560e9a7dcf	SESSION-d6e3c617395c3b07 → flow:8e560e9a7dcf
FLOW_TO_HOSTOBS	e:to:SESSION-decb8c6a12a4d67a:host:172.234.197.23	SESSION-decb8c6a12a4d67a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9df048180bcb59b6:host:131.196.30.72	SESSION-9df048180bcb59b6 → host:131.196.30.72
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bef16d9c79cba2c2:host:177.10.233.96:host:172.234.197.23	SESSION-bef16d9c79cba2c2 → host:177.10.233.96 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7f56efcee303c963:SESSION-7f56efcee303c963	SESSION-7f56efcee303c963 → pe:syn:SESSION-7f56efcee303c963
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d32ea7105612ce28:host:131.196.30.59	SESSION-d32ea7105612ce28 → host:131.196.30.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a70c074fb73905e:host:131.196.30.47	SESSION-7a70c074fb73905e → host:131.196.30.47
FLOW_DST_PORTOBS	e:fp:flow:c8b343e46d14:port:tcp:443	flow:c8b343e46d14 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06b5f759c1748871:host:131.196.29.151	SESSION-06b5f759c1748871 → host:131.196.29.151
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ac14845b1a23366d:flow:f254bfc9cb7d	SESSION-ac14845b1a23366d → flow:f254bfc9cb7d
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.116:asn:271410	host:131.196.29.116 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b0dab8159384d982:SESSION-b0dab8159384d982	SESSION-b0dab8159384d982 → pe:syn:SESSION-b0dab8159384d982
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bca14afee5df98e9:host:172.234.197.23	SESSION-bca14afee5df98e9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92f84fab5bd8e0c8:host:177.10.238.235	SESSION-92f84fab5bd8e0c8 → host:177.10.238.235
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47ed07d15aa63df9:host:177.10.234.103	SESSION-47ed07d15aa63df9 → host:177.10.234.103
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0e3916b0aa19b751:flow:0fc72300ca0f	SESSION-0e3916b0aa19b751 → flow:0fc72300ca0f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f718644b6283d05d:flow:9e0fb934b56e	SESSION-f718644b6283d05d → flow:9e0fb934b56e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37a58b55d4a339c3:host:172.232.0.16	SESSION-37a58b55d4a339c3 → host:172.232.0.16
flow_observed5-aryOBS	e:fo:flow:fbefcaf8b5dd	flow:fbefcaf8b5dd → host:92.112.71.176 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-24bd61df75bf4426:SESSION-24bd61df75bf4426	SESSION-24bd61df75bf4426 → pe:syn:SESSION-24bd61df75bf4426
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e2a96a3225ff388:host:2.57.122.196:host:172.234.197.23	SESSION-7e2a96a3225ff388 → host:2.57.122.196 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:df4d7faedab5	flow:df4d7faedab5 → host:131.196.28.145 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:7a193ca4e32c:port:tcp:443	flow:7a193ca4e32c → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6c4ed0368ffe58f8:host:177.10.239.164:host:172.234.197.23	SESSION-6c4ed0368ffe58f8 → host:177.10.239.164 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ce9bea4cad9ad3a3:flow:58b0851439a0	SESSION-ce9bea4cad9ad3a3 → flow:58b0851439a0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b1f8267b24b78f93:SESSION-b1f8267b24b78f93	SESSION-b1f8267b24b78f93 → pe:tls:SESSION-b1f8267b24b78f93
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.170:geo_-16.28860_-49.01640	host:177.10.239.170 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aede3430ffb62e05:host:177.10.236.150:host:172.234.197.23	SESSION-aede3430ffb62e05 → host:177.10.236.150 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68a3766ff3680ecf:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-68a3766ff3680ecf → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f8362a96ce0b7626:host:37.221.79.86:host:172.234.197.23	SESSION-f8362a96ce0b7626 → host:37.221.79.86 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ac7bdbcc541a2d8:host:172.234.197.23:host:177.10.238.112	SESSION-8ac7bdbcc541a2d8 → host:172.234.197.23 → host:177.10.238.112
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.64:geo_-16.28860_-49.01640	host:177.10.234.64 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-78f6342ed3f64031:host:172.234.197.23	SESSION-78f6342ed3f64031 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ac71782250ec9a1:host:45.173.156.85	SESSION-6ac71782250ec9a1 → host:45.173.156.85
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb645c1b10558a95:host:172.234.197.23	SESSION-fb645c1b10558a95 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7aa70a6d3547ceb7:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-7aa70a6d3547ceb7 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-f8362a96ce0b7626:host:37.221.79.86	SESSION-f8362a96ce0b7626 → host:37.221.79.86
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-426c38e34029cb1b:flow:cb536611ed62	SESSION-426c38e34029cb1b → flow:cb536611ed62
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9866420dbc5d2da0:flow:be0483487448	SESSION-9866420dbc5d2da0 → flow:be0483487448
FLOW_DST_PORTOBS	e:fp:flow:543ad9915703:port:tcp:443	flow:543ad9915703 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-90798b7c1b8c7636:host:131.196.30.234	SESSION-90798b7c1b8c7636 → host:131.196.30.234
FLOW_TO_HOSTOBS	e:to:SESSION-2ec4c9189aa8273c:host:172.234.197.23	SESSION-2ec4c9189aa8273c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f86e42aef9b2f482:SESSION-f86e42aef9b2f482	SESSION-f86e42aef9b2f482 → pe:syn:SESSION-f86e42aef9b2f482
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-161fb053b15bb516:SESSION-161fb053b15bb516	SESSION-161fb053b15bb516 → pe:tls:SESSION-161fb053b15bb516
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2aed99cc8c09f5c:host:177.10.234.145	SESSION-b2aed99cc8c09f5c → host:177.10.234.145
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.227:asn:262880	host:177.10.238.227 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-035e17bf8c36a59b:host:172.234.197.23	SESSION-035e17bf8c36a59b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8c110534c1df:port:tcp:443	flow:8c110534c1df → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3762cafcd0c66be2:host:177.10.234.222:host:172.234.197.23	SESSION-3762cafcd0c66be2 → host:177.10.234.222 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93446cf6bcbe5afe:host:131.196.31.126	SESSION-93446cf6bcbe5afe → host:131.196.31.126
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6f61464efb17d4b1:flow:c06bd4f04746	SESSION-6f61464efb17d4b1 → flow:c06bd4f04746
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7d9ab0e2fb8bff1f:flow:b04de7cc8d8a	SESSION-7d9ab0e2fb8bff1f → flow:b04de7cc8d8a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c917f93463d3774:host:172.234.197.23	SESSION-8c917f93463d3774 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-576cc11ebde25a50:SESSION-576cc11ebde25a50	SESSION-576cc11ebde25a50 → pe:syn:SESSION-576cc11ebde25a50
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fdca441bb1b3810b:flow:63a1e418478c	SESSION-fdca441bb1b3810b → flow:63a1e418478c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3617089369b58aaa:host:172.234.197.23:host:177.10.232.226	SESSION-3617089369b58aaa → host:172.234.197.23 → host:177.10.232.226
FLOW_FROM_HOSTOBS	e:from:SESSION-2e3f5af343ed075a:host:131.196.31.193	SESSION-2e3f5af343ed075a → host:131.196.31.193
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4628aedb62e0673e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4628aedb62e0673e → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.18:geo_-16.28860_-49.01640	host:177.10.235.18 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:aa1c159fda0e	flow:aa1c159fda0e → host:131.196.28.115 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:fe94096b0d58:port:tcp:443	flow:fe94096b0d58 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7b7470a9d5ba162:SESSION-b7b7470a9d5ba162	SESSION-b7b7470a9d5ba162 → pe:syn:SESSION-b7b7470a9d5ba162
flow_observed5-aryOBS	e:fo:flow:aee0a53970e5	flow:aee0a53970e5 → host:131.196.30.207 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c38263f2f5f96575:flow:302bedee3e70	SESSION-c38263f2f5f96575 → flow:302bedee3e70
FLOW_TO_HOSTOBS	e:to:SESSION-d11580ecaeb7d77b:host:172.234.197.23	SESSION-d11580ecaeb7d77b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-597e69ebdf7ef93f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-597e69ebdf7ef93f → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-da40d6e9bff8c88d:SESSION-da40d6e9bff8c88d	SESSION-da40d6e9bff8c88d → pe:syn:SESSION-da40d6e9bff8c88d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-783c4edbafa3c164:PCAP:capture_20260430160001:9bfa4498506a	SESSION-783c4edbafa3c164 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc7ab250b87b35be:host:172.234.197.23	SESSION-cc7ab250b87b35be → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-74f0d8e902dc1bc9:host:172.234.197.23	SESSION-74f0d8e902dc1bc9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-adbb0156eea80d2f:SESSION-adbb0156eea80d2f	SESSION-adbb0156eea80d2f → pe:syn:SESSION-adbb0156eea80d2f
flow_observed4-aryOBS	e:fo:flow:90da32842d78	flow:90da32842d78 → host:195.96.138.88 → host:172.234.197.23 → port:tcp:21
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ca10b4490797e89:SESSION-8ca10b4490797e89	SESSION-8ca10b4490797e89 → pe:syn:SESSION-8ca10b4490797e89
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fe22df31c35f787d:flow:64e8ae830f9a	SESSION-fe22df31c35f787d → flow:64e8ae830f9a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fa35d0a8fa5d9f77:flow:4dc412940a0d	SESSION-fa35d0a8fa5d9f77 → flow:4dc412940a0d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-680820c56f27d295:SESSION-680820c56f27d295	SESSION-680820c56f27d295 → pe:syn:SESSION-680820c56f27d295
flow_observed4-aryOBS	e:fo:flow:8726f97f7e95	flow:8726f97f7e95 → host:172.234.197.23 → host:177.10.236.244 → port:tcp:15752
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-14d5e1e17a6f21ad:host:177.10.232.242:host:172.234.197.23	SESSION-14d5e1e17a6f21ad → host:177.10.232.242 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4095d9e6e8e6:port:tcp:95	flow:4095d9e6e8e6 → port:tcp:95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f5a08fe68832616d:SESSION-f5a08fe68832616d	SESSION-f5a08fe68832616d → pe:tls:SESSION-f5a08fe68832616d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.70:geo_-16.28860_-49.01640	host:177.10.235.70 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fd0571d5316a48e1:PCAP:capture_20260430150001:ded20914761d	SESSION-fd0571d5316a48e1 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-11da84003d7810c4:PCAP:capture_20260430160001:9bfa4498506a	SESSION-11da84003d7810c4 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6cecd25b5e4e4c9c:host:172.234.197.23:host:177.10.234.89	SESSION-6cecd25b5e4e4c9c → host:172.234.197.23 → host:177.10.234.89
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.197:asn:273470	host:45.173.156.197 → asn:273470
FLOW_DST_PORTOBS	e:fp:flow:5ae4a5a5c662:port:tcp:443	flow:5ae4a5a5c662 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-588e177edbf40597:host:172.234.197.23	SESSION-588e177edbf40597 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:41e89e3f233c	flow:41e89e3f233c → host:177.10.232.229 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9e1dffa0e2317c3:host:172.234.197.23	SESSION-d9e1dffa0e2317c3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0da9d7ff41780d23:host:172.234.197.23	SESSION-0da9d7ff41780d23 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-608f057a6e6e376d:SESSION-608f057a6e6e376d	SESSION-608f057a6e6e376d → pe:dns:SESSION-608f057a6e6e376d
flow_observed5-aryOBS	e:fo:flow:41921b7b3887	flow:41921b7b3887 → host:177.10.236.170 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-08924e756ead6523:host:154.85.87.65	SESSION-08924e756ead6523 → host:154.85.87.65
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0feaffd55940508b:PCAP:capture_20260430060001:919b39a74464	SESSION-0feaffd55940508b → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-adbb0156eea80d2f:host:172.234.197.23	SESSION-adbb0156eea80d2f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea19b3bdbd95a16b:host:177.10.234.88	SESSION-ea19b3bdbd95a16b → host:177.10.234.88
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.152:geo_-16.28860_-49.01640	host:177.10.234.152 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9f0699d4f0c2d48e:flow:f5ca29705dd9	SESSION-9f0699d4f0c2d48e → flow:f5ca29705dd9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7738f57138403f60:host:172.234.197.23	SESSION-7738f57138403f60 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:041259ac1bfc:port:tcp:443	flow:041259ac1bfc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-750eaff924399322:SESSION-750eaff924399322	SESSION-750eaff924399322 → pe:tls:SESSION-750eaff924399322
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1b4aebfef6c24ca0:PCAP:capture_20260430090001:065659c7d314	SESSION-1b4aebfef6c24ca0 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-9729058a0ea02937:host:172.234.197.23	SESSION-9729058a0ea02937 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-23fc04533211debf:flow:b65737236159	SESSION-23fc04533211debf → flow:b65737236159
FLOW_TO_HOSTOBS	e:to:SESSION-7d9d7757b20ed84d:host:172.234.197.23	SESSION-7d9d7757b20ed84d → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e363d697f2b7	flow:e363d697f2b7 → host:172.234.197.23 → host:177.10.233.135 → port:tcp:2469
FLOW_TO_HOSTOBS	e:to:SESSION-704e3a6bbdc29013:host:172.234.197.23	SESSION-704e3a6bbdc29013 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-79ceb7ef9cce8d79:flow:395c5895c32a	SESSION-79ceb7ef9cce8d79 → flow:395c5895c32a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-edaec15d65a63fe7:PCAP:capture_20260430090001:065659c7d314	SESSION-edaec15d65a63fe7 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-1433a266c3f7170c:host:172.234.197.23	SESSION-1433a266c3f7170c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2be48cd916ee7ccc:flow:2bec5cd34a40	SESSION-2be48cd916ee7ccc → flow:2bec5cd34a40
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67ec60ac13d58093:host:45.173.156.189	SESSION-67ec60ac13d58093 → host:45.173.156.189
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-957293060df71cd6:host:45.145.152.208:host:172.234.197.23	SESSION-957293060df71cd6 → host:45.145.152.208 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1fd73a09d62d6f89:SESSION-1fd73a09d62d6f89	SESSION-1fd73a09d62d6f89 → pe:syn:SESSION-1fd73a09d62d6f89
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5397b2a7490ae0fb:host:177.10.237.120:host:172.234.197.23	SESSION-5397b2a7490ae0fb → host:177.10.237.120 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d741000864bcf81f:host:172.234.197.23	SESSION-d741000864bcf81f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fad7428bd8cc35c5:flow:c6a2d0b31f21	SESSION-fad7428bd8cc35c5 → flow:c6a2d0b31f21
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46b3e65e40562e00:host:172.234.197.23	SESSION-46b3e65e40562e00 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d85be3a5c3c244d6:SESSION-d85be3a5c3c244d6	SESSION-d85be3a5c3c244d6 → pe:syn:SESSION-d85be3a5c3c244d6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b8f87145037449c:host:177.10.236.239:host:172.234.197.23	SESSION-7b8f87145037449c → host:177.10.236.239 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-548dd69287ac8927:flow:52c26668907d	SESSION-548dd69287ac8927 → flow:52c26668907d
FLOW_DST_PORTOBS	e:fp:flow:ffbe47ee66cd:port:tcp:443	flow:ffbe47ee66cd → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.188:geo_-21.10010_-41.69200	host:45.173.156.188 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9fdfee14b0ac469:host:177.10.232.226	SESSION-d9fdfee14b0ac469 → host:177.10.232.226
FLOW_FROM_HOSTOBS	e:from:SESSION-21b1ebb6f3d7bd68:host:172.234.197.23	SESSION-21b1ebb6f3d7bd68 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-4baa6f7cc0122cad:SESSION-4baa6f7cc0122cad	SESSION-4baa6f7cc0122cad → pe:rst:SESSION-4baa6f7cc0122cad
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-5048c6b31ef60c96:BSG-BEACON-c01588764f49	SESSION-5048c6b31ef60c96 → BSG-BEACON-c01588764f49
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-893e080e65f2ed4f:host:172.234.197.23	SESSION-893e080e65f2ed4f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-38c7d1687d10af97:host:172.234.197.23	SESSION-38c7d1687d10af97 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a9915da62b53f74:host:172.234.197.23	SESSION-5a9915da62b53f74 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d30c685e20a11d4e:PCAP:capture_20260430060001:919b39a74464	SESSION-d30c685e20a11d4e → PCAP:capture_20260430060001:919b39a74464
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.239:geo_-23.62930_-46.63510	host:131.196.31.239 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3ea9485b82ac2233:flow:9084a8142295	SESSION-3ea9485b82ac2233 → flow:9084a8142295
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f42dcf2468c4a64f:SESSION-f42dcf2468c4a64f	SESSION-f42dcf2468c4a64f → pe:tls:SESSION-f42dcf2468c4a64f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-40dbede277a2e1b2:host:131.196.29.221:host:172.234.197.23	SESSION-40dbede277a2e1b2 → host:131.196.29.221 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-633c88960b55f389:host:131.196.31.71	SESSION-633c88960b55f389 → host:131.196.31.71
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e99befaea58c8acf:SESSION-e99befaea58c8acf	SESSION-e99befaea58c8acf → pe:tls:SESSION-e99befaea58c8acf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa0b840fdb1355d3:host:172.234.197.23	SESSION-fa0b840fdb1355d3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:01f099eb3637:port:tcp:443	flow:01f099eb3637 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-030a81db4532bd3a:host:177.10.238.204	SESSION-030a81db4532bd3a → host:177.10.238.204
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-72786bca04f1b5c7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-72786bca04f1b5c7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:8865861020a3:port:tcp:443	flow:8865861020a3 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d5407005cb310ce8:host:131.196.30.214:host:172.234.197.23	SESSION-d5407005cb310ce8 → host:131.196.30.214 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.150:asn:262880	host:177.10.232.150 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.110:geo_-16.28860_-49.01640	host:177.10.238.110 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d8b9309f53afd487:SESSION-d8b9309f53afd487	SESSION-d8b9309f53afd487 → pe:tls:SESSION-d8b9309f53afd487
FLOW_DST_PORTOBS	e:fp:flow:322c92de5b4d:port:tcp:443	flow:322c92de5b4d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c6d8c2f7fc43f382:SESSION-c6d8c2f7fc43f382	SESSION-c6d8c2f7fc43f382 → pe:syn:SESSION-c6d8c2f7fc43f382
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f1b980e392c4795:flow:180dff40240a	SESSION-4f1b980e392c4795 → flow:180dff40240a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e540dbaefa45433:host:172.234.197.23	SESSION-9e540dbaefa45433 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc060cc400f18b5d:host:172.234.197.23	SESSION-cc060cc400f18b5d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-671350c0b0fa8f65:SESSION-671350c0b0fa8f65	SESSION-671350c0b0fa8f65 → pe:syn:SESSION-671350c0b0fa8f65
FLOW_DST_PORTOBS	e:fp:flow:98facdade98c:port:tcp:12626	flow:98facdade98c → port:tcp:12626
FLOW_DST_PORTOBS	e:fp:flow:f3d64f6abe2d:port:tcp:80	flow:f3d64f6abe2d → port:tcp:80
flow_observed5-aryOBS	e:fo:flow:3e996645afc3	flow:3e996645afc3 → host:45.173.156.107 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ffbb13e97116fd4:host:172.234.197.23	SESSION-6ffbb13e97116fd4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:302afc84d7b6:port:tcp:443	flow:302afc84d7b6 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-0b2d512f3efc35f9:host:172.234.197.23	SESSION-0b2d512f3efc35f9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:22ba5f8db438	flow:22ba5f8db438 → host:45.173.156.233 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-265a2f0fa666e936:host:131.196.30.222:host:172.234.197.23	SESSION-265a2f0fa666e936 → host:131.196.30.222 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a2b1476066ca	flow:a2b1476066ca → host:172.234.197.23 → host:177.10.232.234 → port:tcp:52306
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c60a94331c3e233:host:131.196.30.183	SESSION-8c60a94331c3e233 → host:131.196.30.183
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1d74e40d653f073:host:91.240.224.238	SESSION-d1d74e40d653f073 → host:91.240.224.238
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4aeecdec5ead7952:flow:7390756c80d4	SESSION-4aeecdec5ead7952 → flow:7390756c80d4
FLOW_DST_PORTOBS	e:fp:flow:09e0a7549032:port:tcp:443	flow:09e0a7549032 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-da15c25f39b20c68:SESSION-da15c25f39b20c68	SESSION-da15c25f39b20c68 → pe:tls:SESSION-da15c25f39b20c68
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b2474eb623db0155:SESSION-b2474eb623db0155	SESSION-b2474eb623db0155 → pe:syn:SESSION-b2474eb623db0155
FLOW_FROM_HOSTOBS	e:from:SESSION-111e536a3f33c549:host:177.10.237.39	SESSION-111e536a3f33c549 → host:177.10.237.39
FLOW_FROM_HOSTOBS	e:from:SESSION-8ca10b4490797e89:host:177.10.236.236	SESSION-8ca10b4490797e89 → host:177.10.236.236
FLOW_DST_PORTOBS	e:fp:flow:2f8e534a226c:port:tcp:443	flow:2f8e534a226c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-779dfe498151f730:SESSION-779dfe498151f730	SESSION-779dfe498151f730 → pe:syn:SESSION-779dfe498151f730
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-31cda31fe1b0dd07:flow:f797460e505b	SESSION-31cda31fe1b0dd07 → flow:f797460e505b
flow_observed5-aryOBS	e:fo:flow:51883b5f936b	flow:51883b5f936b → host:177.10.234.224 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97a6ca320e2242f6:host:172.234.197.23	SESSION-97a6ca320e2242f6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5cdb2ff7fda09377:host:172.234.197.23	SESSION-5cdb2ff7fda09377 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fed96f9f16ada01c:host:131.196.28.170	SESSION-fed96f9f16ada01c → host:131.196.28.170
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-71cc4f2ac3d57c32:host:177.10.236.82:host:172.234.197.23	SESSION-71cc4f2ac3d57c32 → host:177.10.236.82 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d5d486009dccd362:host:131.196.28.242	SESSION-d5d486009dccd362 → host:131.196.28.242
FLOW_FROM_HOSTOBS	e:from:SESSION-779f746558d2d979:host:172.234.197.23	SESSION-779f746558d2d979 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2dca77003c0beb45:PCAP:capture_20260430070001:903a0e7a436b	SESSION-2dca77003c0beb45 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0758ca9101405049:host:172.234.197.23:host:177.10.239.35	SESSION-0758ca9101405049 → host:172.234.197.23 → host:177.10.239.35
FLOW_FROM_HOSTOBS	e:from:SESSION-8a3bc2c7dd7e8bd1:host:172.234.197.23	SESSION-8a3bc2c7dd7e8bd1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73eae13080f416f8:host:131.196.30.97	SESSION-73eae13080f416f8 → host:131.196.30.97
FLOW_DST_PORTOBS	e:fp:flow:471482b35982:port:tcp:58985	flow:471482b35982 → port:tcp:58985
flow_observed5-aryOBS	e:fo:flow:7315230a3bb0	flow:7315230a3bb0 → host:177.10.233.101 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8e2a1b696130dd57:PCAP:capture_20260430090001:065659c7d314	SESSION-8e2a1b696130dd57 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3db8610837fd0b8:host:177.10.238.211	SESSION-e3db8610837fd0b8 → host:177.10.238.211
flow_observed5-aryOBS	e:fo:flow:51a9b0c0e87e	flow:51a9b0c0e87e → host:131.196.28.6 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5206c0f0c9583a29:host:177.10.239.199	SESSION-5206c0f0c9583a29 → host:177.10.239.199
FLOW_TO_HOSTOBS	e:to:SESSION-00f403aeec8e6c17:host:172.234.197.23	SESSION-00f403aeec8e6c17 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-757e5ed1a89f1610:host:131.196.28.93:host:172.234.197.23	SESSION-757e5ed1a89f1610 → host:131.196.28.93 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6631f08e8c06a9b6:flow:4cdfd20426a3	SESSION-6631f08e8c06a9b6 → flow:4cdfd20426a3
FLOW_TO_HOSTOBS	e:to:SESSION-36db005d6a8b5922:host:172.234.197.23	SESSION-36db005d6a8b5922 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.78:geo_-23.62930_-46.63510	host:131.196.29.78 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:c742ec3abe7f:port:tcp:54279	flow:c742ec3abe7f → port:tcp:54279
FLOW_FROM_HOSTOBS	e:from:SESSION-999a3a68382b7707:host:172.234.197.23	SESSION-999a3a68382b7707 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8cf2e3dd1491b22c:host:177.10.237.177:host:172.234.197.23	SESSION-8cf2e3dd1491b22c → host:177.10.237.177 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4754bc389b07ad3e:SESSION-4754bc389b07ad3e	SESSION-4754bc389b07ad3e → pe:syn:SESSION-4754bc389b07ad3e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-42dd33a8e6552b73:flow:a80d12852c21	SESSION-42dd33a8e6552b73 → flow:a80d12852c21
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.199:geo_-16.28860_-49.01640	host:177.10.236.199 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-cac46254a85b1ec3:host:131.196.31.43	SESSION-cac46254a85b1ec3 → host:131.196.31.43
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0ef3697a55617fe8:SESSION-0ef3697a55617fe8	SESSION-0ef3697a55617fe8 → pe:tls:SESSION-0ef3697a55617fe8
FLOW_FROM_HOSTOBS	e:from:SESSION-0c9a0f035acc4428:host:172.234.197.23	SESSION-0c9a0f035acc4428 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-38739a517334cf5a:host:177.10.238.195:host:172.234.197.23	SESSION-38739a517334cf5a → host:177.10.238.195 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db3c6ad3393f14ad:host:177.10.234.186:host:172.234.197.23	SESSION-db3c6ad3393f14ad → host:177.10.234.186 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-255149252f7b9c37:host:172.234.197.23	SESSION-255149252f7b9c37 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:08e013e88cca	flow:08e013e88cca → host:92.112.71.33 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bdc14171c537b7eb:host:172.234.197.23	SESSION-bdc14171c537b7eb → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8eef3970e8dd:port:tcp:80	flow:8eef3970e8dd → port:tcp:80
FLOW_TO_HOSTOBS	e:to:SESSION-bb20bb92bfdba895:host:172.234.197.23	SESSION-bb20bb92bfdba895 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f4e3933219f15471:host:172.234.197.23	SESSION-f4e3933219f15471 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6bfe68f8e20317f4:host:172.234.197.23:host:177.10.234.185	SESSION-6bfe68f8e20317f4 → host:172.234.197.23 → host:177.10.234.185
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6a214ec19ba198e7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6a214ec19ba198e7 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c7b20ceba4f49bfd:host:67.219.103.9:host:172.234.197.23	SESSION-c7b20ceba4f49bfd → host:67.219.103.9 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:39685dbf6c4f:port:tcp:41324	flow:39685dbf6c4f → port:tcp:41324
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-5c60d99c484411b4:BSG-BEACON-0536ad8c19a0	SESSION-5c60d99c484411b4 → BSG-BEACON-0536ad8c19a0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-099b4106de78317b:SESSION-099b4106de78317b	SESSION-099b4106de78317b → pe:syn:SESSION-099b4106de78317b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7771c9cc3604c57a:host:172.234.197.23	SESSION-7771c9cc3604c57a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8cb5f38c68f62897:SESSION-8cb5f38c68f62897	SESSION-8cb5f38c68f62897 → pe:syn:SESSION-8cb5f38c68f62897
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3bebc5cb41e4621f:SESSION-3bebc5cb41e4621f	SESSION-3bebc5cb41e4621f → pe:tls:SESSION-3bebc5cb41e4621f
FLOW_TO_HOSTOBS	e:to:SESSION-be868fb861e0a1c8:host:172.234.197.23	SESSION-be868fb861e0a1c8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d74877df7cdd5d7:host:45.173.156.220	SESSION-6d74877df7cdd5d7 → host:45.173.156.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cca8cec112e53d8f:SESSION-cca8cec112e53d8f	SESSION-cca8cec112e53d8f → pe:tls:SESSION-cca8cec112e53d8f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2761ffbe76598549:host:177.10.237.147	SESSION-2761ffbe76598549 → host:177.10.237.147
FLOW_FROM_HOSTOBS	e:from:SESSION-100c3fd7436ef8f8:host:172.234.197.23	SESSION-100c3fd7436ef8f8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ede82bb3f685	flow:ede82bb3f685 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21a6fb1ae6879e55:host:172.234.197.23	SESSION-21a6fb1ae6879e55 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5d0f919734488d0b:host:131.196.29.238	SESSION-5d0f919734488d0b → host:131.196.29.238
FLOW_TO_HOSTOBS	e:to:SESSION-c9eb08591878d33c:host:131.196.30.132	SESSION-c9eb08591878d33c → host:131.196.30.132
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.16:asn:262880	host:177.10.233.16 → asn:262880
flow_observed3-aryOBS	e:fo:flow:42ee9141dd52	flow:42ee9141dd52 → host:51.94.180.11 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96298fdbde5cf19b:host:172.234.197.23	SESSION-96298fdbde5cf19b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-97bd7f793ae0ea11:flow:b1cc4a97ab18	SESSION-97bd7f793ae0ea11 → flow:b1cc4a97ab18
FLOW_DST_PORTOBS	e:fp:flow:a5a7f9bf05f6:port:tcp:64345	flow:a5a7f9bf05f6 → port:tcp:64345
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f18f27343d540733:host:172.234.197.23	SESSION-f18f27343d540733 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0479cebeee52:port:tcp:443	flow:0479cebeee52 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eec2a7691ff15afc:flow:a11f7059b6b2	SESSION-eec2a7691ff15afc → flow:a11f7059b6b2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ed760af2d8fedd4:host:131.196.31.187	SESSION-2ed760af2d8fedd4 → host:131.196.31.187
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-200e4a8806f83581:SESSION-200e4a8806f83581	SESSION-200e4a8806f83581 → pe:syn:SESSION-200e4a8806f83581
flow_observed4-aryOBS	e:fo:flow:2ff80900d1bb	flow:2ff80900d1bb → host:172.234.197.23 → host:131.196.31.190 → port:tcp:28362
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72f157e6b3da81bc:host:172.234.197.23	SESSION-72f157e6b3da81bc → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:56b16aab94d2:port:tcp:443	flow:56b16aab94d2 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-cfbd2e877e86cd2a:host:177.10.234.238	SESSION-cfbd2e877e86cd2a → host:177.10.234.238
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-122a5b909d033cbb:SESSION-122a5b909d033cbb	SESSION-122a5b909d033cbb → pe:rst:SESSION-122a5b909d033cbb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5f70c7a73cedaabc:flow:5972bd93e84b	SESSION-5f70c7a73cedaabc → flow:5972bd93e84b
FLOW_FROM_HOSTOBS	e:from:SESSION-142a24cb96c02884:host:172.234.197.23	SESSION-142a24cb96c02884 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:43ebaddd5a7b:port:tcp:17596	flow:43ebaddd5a7b → port:tcp:17596
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56e56d8157575627:host:177.10.236.56	SESSION-56e56d8157575627 → host:177.10.236.56
FLOW_TO_HOSTOBS	e:to:SESSION-0b0b2d167e93bb2e:host:131.196.28.80	SESSION-0b0b2d167e93bb2e → host:131.196.28.80
FLOW_TO_HOSTOBS	e:to:SESSION-7d861e0bc561d261:host:172.234.197.23	SESSION-7d861e0bc561d261 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f74caf722af4b362:SESSION-f74caf722af4b362	SESSION-f74caf722af4b362 → pe:syn:SESSION-f74caf722af4b362
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-597a035229423245:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-597a035229423245 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ed79241b929fab43:host:177.10.239.190:host:172.234.197.23	SESSION-ed79241b929fab43 → host:177.10.239.190 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-30c6bfe2ed3a5bca:host:193.32.162.28	SESSION-30c6bfe2ed3a5bca → host:193.32.162.28
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-656bb895abc59727:SESSION-656bb895abc59727	SESSION-656bb895abc59727 → pe:tls:SESSION-656bb895abc59727
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6bf46c9eec8f990:host:172.234.197.23	SESSION-e6bf46c9eec8f990 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5e717c742e2e64ea:host:172.234.197.23	SESSION-5e717c742e2e64ea → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a886511518ded078:PCAP:capture_20260430050001:8868731bf8a4	SESSION-a886511518ded078 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:df3236181306:port:tcp:443	flow:df3236181306 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.174:geo_-23.62930_-46.63510	host:131.196.31.174 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cac46254a85b1ec3:SESSION-cac46254a85b1ec3	SESSION-cac46254a85b1ec3 → pe:tls:SESSION-cac46254a85b1ec3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-76bcf8447ee973fd:host:45.173.156.237:host:172.234.197.23	SESSION-76bcf8447ee973fd → host:45.173.156.237 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-94dde62df04dcb4a:SESSION-94dde62df04dcb4a	SESSION-94dde62df04dcb4a → pe:syn:SESSION-94dde62df04dcb4a
FLOW_DST_PORTOBS	e:fp:flow:5d95a3b0c9d8:port:tcp:8645	flow:5d95a3b0c9d8 → port:tcp:8645
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fcb174e83803b1f7:SESSION-fcb174e83803b1f7	SESSION-fcb174e83803b1f7 → pe:syn:SESSION-fcb174e83803b1f7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54530aea57b72d0f:host:172.234.197.23	SESSION-54530aea57b72d0f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ba942f2694f4960:host:177.10.235.72	SESSION-0ba942f2694f4960 → host:177.10.235.72
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-597e69ebdf7ef93f:flow:1091a77e7aa4	SESSION-597e69ebdf7ef93f → flow:1091a77e7aa4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0957d40de01926ae:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0957d40de01926ae → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-301cccab595ff1f6:host:45.173.156.41:host:172.234.197.23	SESSION-301cccab595ff1f6 → host:45.173.156.41 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0046a1ddb04bc0f7:host:131.196.28.217:host:172.234.197.23	SESSION-0046a1ddb04bc0f7 → host:131.196.28.217 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2a05fafdd2a9:port:tcp:443	flow:2a05fafdd2a9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8d8471d99b0ccf5:host:172.234.197.23	SESSION-d8d8471d99b0ccf5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7aadf75473fd:port:tcp:443	flow:7aadf75473fd → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ef9a5d8a17e479b:SESSION-8ef9a5d8a17e479b	SESSION-8ef9a5d8a17e479b → pe:tls:SESSION-8ef9a5d8a17e479b
flow_observed5-aryOBS	e:fo:flow:dc93c0b0eb29	flow:dc93c0b0eb29 → host:131.196.31.34 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-235be73d0ead16ae:SESSION-235be73d0ead16ae	SESSION-235be73d0ead16ae → pe:syn:SESSION-235be73d0ead16ae
FLOW_TO_HOSTOBS	e:to:SESSION-c130f2091984b84c:host:45.173.156.210	SESSION-c130f2091984b84c → host:45.173.156.210
FLOW_TO_HOSTOBS	e:to:SESSION-6394463f1caee3eb:host:177.10.232.207	SESSION-6394463f1caee3eb → host:177.10.232.207
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-978d4fdbc8d38350:SESSION-978d4fdbc8d38350	SESSION-978d4fdbc8d38350 → pe:syn:SESSION-978d4fdbc8d38350
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.231:geo_-23.62930_-46.63510	host:131.196.28.231 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-142a24cb96c02884:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-142a24cb96c02884 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:a12b549bc0a2:port:tcp:443	flow:a12b549bc0a2 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f5c9b4c9e225ad1d:SESSION-f5c9b4c9e225ad1d	SESSION-f5c9b4c9e225ad1d → pe:tls:SESSION-f5c9b4c9e225ad1d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-54704a8587620f8b:SESSION-54704a8587620f8b	SESSION-54704a8587620f8b → pe:syn:SESSION-54704a8587620f8b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee7b628709e11cd4:host:172.234.197.23	SESSION-ee7b628709e11cd4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa372e44ee6fb3e7:SESSION-aa372e44ee6fb3e7	SESSION-aa372e44ee6fb3e7 → pe:tls:SESSION-aa372e44ee6fb3e7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2fc2bfb2b0c4767b:host:172.234.197.23	SESSION-2fc2bfb2b0c4767b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4faf0bdb2ec15f7a:SESSION-4faf0bdb2ec15f7a	SESSION-4faf0bdb2ec15f7a → pe:tls:SESSION-4faf0bdb2ec15f7a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b4e7d8d3f995a1a9:PCAP:capture_20260430060001:919b39a74464	SESSION-b4e7d8d3f995a1a9 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3c3e0ded89b78d8d:SESSION-3c3e0ded89b78d8d	SESSION-3c3e0ded89b78d8d → pe:tls:SESSION-3c3e0ded89b78d8d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.4:asn:262880	host:177.10.239.4 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-4b869f0759406bd5:host:172.234.197.23	SESSION-4b869f0759406bd5 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-08b25d9f54ecadf2:host:177.10.238.186	SESSION-08b25d9f54ecadf2 → host:177.10.238.186
FLOW_FROM_HOSTOBS	e:from:SESSION-febabcac2b03c9d1:host:131.196.28.242	SESSION-febabcac2b03c9d1 → host:131.196.28.242
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-319dd83e6310ac59:flow:3b8b26a46ac2	SESSION-319dd83e6310ac59 → flow:3b8b26a46ac2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.56:asn:262880	host:177.10.238.56 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-88c7e3106e33eb03:PCAP:capture_20260430050001:8868731bf8a4	SESSION-88c7e3106e33eb03 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:cfc34639b852:port:tcp:18536	flow:cfc34639b852 → port:tcp:18536
FLOW_TO_HOSTOBS	e:to:SESSION-07775d37dba558b0:host:172.234.197.23	SESSION-07775d37dba558b0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3407d813acebc00f:host:177.10.239.107:host:172.234.197.23	SESSION-3407d813acebc00f → host:177.10.239.107 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ff369745433a15b5:host:177.10.236.176	SESSION-ff369745433a15b5 → host:177.10.236.176
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fe8408bb8c62f3c7:SESSION-fe8408bb8c62f3c7	SESSION-fe8408bb8c62f3c7 → pe:tls:SESSION-fe8408bb8c62f3c7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9e1cb285535c63d0:SESSION-9e1cb285535c63d0	SESSION-9e1cb285535c63d0 → pe:tls:SESSION-9e1cb285535c63d0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-45775bc626dbc608:host:177.10.238.56	SESSION-45775bc626dbc608 → host:177.10.238.56
HOST_IN_ASNOBS 85%	e:ha:host:51.161.119.157:asn:16276	host:51.161.119.157 → asn:16276
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-86e3f0fd63ed2ea3:SESSION-86e3f0fd63ed2ea3	SESSION-86e3f0fd63ed2ea3 → pe:tls:SESSION-86e3f0fd63ed2ea3
FLOW_FROM_HOSTOBS	e:from:SESSION-f033dc8b343a68ab:host:45.173.156.31	SESSION-f033dc8b343a68ab → host:45.173.156.31
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51daf4959db84d02:flow:b26b1d0f64e1	SESSION-51daf4959db84d02 → flow:b26b1d0f64e1
flow_observed5-aryOBS	e:fo:flow:0c531332d334	flow:0c531332d334 → host:185.231.226.223 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-abf4853d72eba17e:SESSION-abf4853d72eba17e	SESSION-abf4853d72eba17e → pe:tls:SESSION-abf4853d72eba17e
FLOW_TO_HOSTOBS	e:to:SESSION-191c84cbdd981857:host:172.234.197.23	SESSION-191c84cbdd981857 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-76aff26f067fcb92:PCAP:capture_20260430070001:903a0e7a436b	SESSION-76aff26f067fcb92 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed4-aryOBS	e:fo:flow:3e601c0d8e12	flow:3e601c0d8e12 → host:172.234.197.23 → host:177.10.232.150 → port:tcp:51901
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83168514d84031f4:host:172.234.197.23	SESSION-83168514d84031f4 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.98:geo_-23.62930_-46.63510	host:131.196.30.98 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-c0dbdaab1cb35f54:host:172.234.197.23	SESSION-c0dbdaab1cb35f54 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-90804beaa6aefbc0:PCAP:capture_20260430050001:8868731bf8a4	SESSION-90804beaa6aefbc0 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19fcdbc3c5b0e100:host:177.10.233.185	SESSION-19fcdbc3c5b0e100 → host:177.10.233.185
FLOW_TO_HOSTOBS	e:to:SESSION-9b5948254caf12dd:host:172.234.197.23	SESSION-9b5948254caf12dd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b00d7db41be144d:host:172.234.197.23	SESSION-4b00d7db41be144d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5167ceabb03264f1:host:172.234.197.23	SESSION-5167ceabb03264f1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77e4374445abb63e:host:177.10.233.121	SESSION-77e4374445abb63e → host:177.10.233.121
HOST_IN_ASNOBS 85%	e:ha:host:52.12.196.158:asn:16509	host:52.12.196.158 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3eb6cc7ca453157a:SESSION-3eb6cc7ca453157a	SESSION-3eb6cc7ca453157a → pe:tls:SESSION-3eb6cc7ca453157a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f40be42edcf6e8ed:SESSION-f40be42edcf6e8ed	SESSION-f40be42edcf6e8ed → pe:syn:SESSION-f40be42edcf6e8ed
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e8e2f8ae5ea03a25:SESSION-e8e2f8ae5ea03a25	SESSION-e8e2f8ae5ea03a25 → pe:syn:SESSION-e8e2f8ae5ea03a25
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c64ea68345b811b:host:177.10.235.234	SESSION-9c64ea68345b811b → host:177.10.235.234
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b3d68511ee3e6e7:host:172.234.197.23	SESSION-9b3d68511ee3e6e7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55aa5069b830c261:host:131.196.28.160	SESSION-55aa5069b830c261 → host:131.196.28.160
FLOW_DST_PORTOBS	e:fp:flow:1441785bdf43:port:tcp:443	flow:1441785bdf43 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-c73d5dfb4b98c8a4:host:131.196.31.230	SESSION-c73d5dfb4b98c8a4 → host:131.196.31.230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dfd5cbc4ed1c485c:SESSION-dfd5cbc4ed1c485c	SESSION-dfd5cbc4ed1c485c → pe:tls:SESSION-dfd5cbc4ed1c485c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a650ad390b72264d:host:177.10.237.164	SESSION-a650ad390b72264d → host:177.10.237.164
FLOW_TO_HOSTOBS	e:to:SESSION-a103d39af7264a48:host:172.234.197.23	SESSION-a103d39af7264a48 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3831f1a5ed6fd2c0:SESSION-3831f1a5ed6fd2c0	SESSION-3831f1a5ed6fd2c0 → pe:tls:SESSION-3831f1a5ed6fd2c0
flow_observed5-aryOBS	e:fo:flow:c0d86d181231	flow:c0d86d181231 → host:103.230.240.59 → host:172.234.197.23 → port:tcp:22 → svc:ssh
FLOW_FROM_HOSTOBS	e:from:SESSION-5a17077467e1bba6:host:177.10.237.111	SESSION-5a17077467e1bba6 → host:177.10.237.111
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.24:asn:262880	host:177.10.236.24 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14b4ac17b4f35bc0:host:177.10.236.41	SESSION-14b4ac17b4f35bc0 → host:177.10.236.41
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-64a8af826dc81e59:host:172.234.197.23:host:177.10.236.121	SESSION-64a8af826dc81e59 → host:172.234.197.23 → host:177.10.236.121
FLOW_DST_PORTOBS	e:fp:flow:4b35d99dad77:port:tcp:443	flow:4b35d99dad77 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-54f6eb1f506e4a3a:host:172.234.197.23:host:177.10.233.85	SESSION-54f6eb1f506e4a3a → host:172.234.197.23 → host:177.10.233.85
flow_observed4-aryOBS	e:fo:flow:ed2e3c104301	flow:ed2e3c104301 → host:172.234.197.23 → host:177.10.239.177 → port:tcp:35049
flow_observed4-aryOBS	e:fo:flow:c06565ad7f6a	flow:c06565ad7f6a → host:172.234.197.23 → host:131.196.31.21 → port:tcp:42972
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5405d05650907428:host:45.173.156.107:host:172.234.197.23	SESSION-5405d05650907428 → host:45.173.156.107 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f928c0ad9f6130d:host:172.234.197.23	SESSION-3f928c0ad9f6130d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3854a3544c69d398:flow:767b7fbc3076	SESSION-3854a3544c69d398 → flow:767b7fbc3076
FLOW_DST_PORTOBS	e:fp:flow:e8c214b29c0d:port:tcp:443	flow:e8c214b29c0d → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:a926b88006fe:port:tcp:443	flow:a926b88006fe → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:956357409f9d	flow:956357409f9d → host:172.234.197.23 → host:177.10.234.194 → port:tcp:138
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a8376f0f57e00ff1:flow:9b2064ecb7b8	SESSION-a8376f0f57e00ff1 → flow:9b2064ecb7b8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32091c263c5425e7:host:177.10.233.108	SESSION-32091c263c5425e7 → host:177.10.233.108
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-973fc1252d207af1:flow:8b19fa2241ff	SESSION-973fc1252d207af1 → flow:8b19fa2241ff
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6634561e4b2b2821:host:177.10.238.122	SESSION-6634561e4b2b2821 → host:177.10.238.122
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a19951f5f7590fa9:flow:5c7c371a697d	SESSION-a19951f5f7590fa9 → flow:5c7c371a697d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a9e4c3921500675:host:172.234.197.23	SESSION-6a9e4c3921500675 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cbaaa2b8364f7158:host:172.234.197.23	SESSION-cbaaa2b8364f7158 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-304db5c18798dbb4:SESSION-304db5c18798dbb4	SESSION-304db5c18798dbb4 → pe:tls:SESSION-304db5c18798dbb4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.209:asn:271410	host:131.196.29.209 → asn:271410
flow_observed5-aryOBS	e:fo:flow:65c7c6bda9f3	flow:65c7c6bda9f3 → host:131.196.28.32 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-5746e0d81f0d05c1:host:172.234.197.23	SESSION-5746e0d81f0d05c1 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-b53b1a2dc18d6354:BSG-BEACON-a8a8c3c8a37f	SESSION-b53b1a2dc18d6354 → BSG-BEACON-a8a8c3c8a37f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ca971b9386eb0b9:host:177.10.239.149	SESSION-2ca971b9386eb0b9 → host:177.10.239.149
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6354b0819147ed1d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6354b0819147ed1d → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-56476ce9df92fd09:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-56476ce9df92fd09 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:3fd84d52a8b0	flow:3fd84d52a8b0 → host:131.196.28.159 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d098d799c39976fd:PCAP:capture_20260430150001:ded20914761d	SESSION-d098d799c39976fd → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-d77475f82108632b:host:131.196.31.86	SESSION-d77475f82108632b → host:131.196.31.86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-160e5a0882acae87:SESSION-160e5a0882acae87	SESSION-160e5a0882acae87 → pe:syn:SESSION-160e5a0882acae87
FLOW_FROM_HOSTOBS	e:from:SESSION-3e4d7008639203d5:host:172.234.197.23	SESSION-3e4d7008639203d5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7ad6356c5bafa36b:host:172.234.197.23	SESSION-7ad6356c5bafa36b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3db1a0404e21661:host:131.196.29.128	SESSION-c3db1a0404e21661 → host:131.196.29.128
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-398d13acd4a88a37:flow:3108c78e87d1	SESSION-398d13acd4a88a37 → flow:3108c78e87d1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a918f52003c304f:flow:597b383bd45d	SESSION-0a918f52003c304f → flow:597b383bd45d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d3cf98bfbd337a47:SESSION-d3cf98bfbd337a47	SESSION-d3cf98bfbd337a47 → pe:tls:SESSION-d3cf98bfbd337a47
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff2bd1b9d0923cc1:host:131.196.28.195	SESSION-ff2bd1b9d0923cc1 → host:131.196.28.195
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:67.219.103.9:geo_-37.81590_144.96690	host:67.219.103.9 → geo_-37.81590_144.96690
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf8f9827f106db93:PCAP:capture_20260430090001:065659c7d314	SESSION-bf8f9827f106db93 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7926734d1890078a:host:177.10.234.221	SESSION-7926734d1890078a → host:177.10.234.221
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d8b9309f53afd487:flow:9a5df56c59b0	SESSION-d8b9309f53afd487 → flow:9a5df56c59b0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2b523e88f9ec69c3:host:177.10.233.29:host:172.234.197.23	SESSION-2b523e88f9ec69c3 → host:177.10.233.29 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-96272a0a54480e7a:host:177.10.234.78	SESSION-96272a0a54480e7a → host:177.10.234.78
flow_observed5-aryOBS	e:fo:flow:8f5f860b3650	flow:8f5f860b3650 → host:177.10.238.55 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d537e467802bc1c1:host:172.234.197.23	SESSION-d537e467802bc1c1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bcd94ff2cea5ca72:PCAP:capture_20260430090001:065659c7d314	SESSION-bcd94ff2cea5ca72 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-9b9ddad698cc7ffe:host:45.173.156.110	SESSION-9b9ddad698cc7ffe → host:45.173.156.110
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ec199f8b9a6f389:host:167.235.194.109	SESSION-8ec199f8b9a6f389 → host:167.235.194.109
flow_observed5-aryOBS	e:fo:flow:bc6649272822	flow:bc6649272822 → host:131.196.29.68 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2eb904b60673a30b:host:172.234.197.23:host:131.196.28.2	SESSION-2eb904b60673a30b → host:172.234.197.23 → host:131.196.28.2
FLOW_TO_HOSTOBS	e:to:SESSION-6b4f32c5c51558e8:host:172.234.197.23	SESSION-6b4f32c5c51558e8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8bd242be2a31:port:tcp:10619	flow:8bd242be2a31 → port:tcp:10619
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-31836a23201b59b7:PCAP:capture_20260430090001:065659c7d314	SESSION-31836a23201b59b7 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-139ea45d2e45809a:PCAP:capture_20260430110001:43611bdf6759	SESSION-139ea45d2e45809a → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6e8b24d973ac1177:SESSION-6e8b24d973ac1177	SESSION-6e8b24d973ac1177 → pe:tls:SESSION-6e8b24d973ac1177
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a5b4d581172cc71c:SESSION-a5b4d581172cc71c	SESSION-a5b4d581172cc71c → pe:tls:SESSION-a5b4d581172cc71c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-54aea84c156a3c18:host:172.234.197.23:host:210.156.0.132	SESSION-54aea84c156a3c18 → host:172.234.197.23 → host:210.156.0.132
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c77e81e6376168a3:host:172.234.197.23	SESSION-c77e81e6376168a3 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.118:asn:262880	host:177.10.233.118 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.43:geo_-23.62930_-46.63510	host:131.196.29.43 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-ce92926e8e7d59d2:host:172.234.197.23	SESSION-ce92926e8e7d59d2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e271128847ae06df:host:172.234.197.23	SESSION-e271128847ae06df → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6e6afdb068db09de:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6e6afdb068db09de → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6b70cce2b53886b:host:177.10.239.224	SESSION-e6b70cce2b53886b → host:177.10.239.224
FLOW_DST_PORTOBS	e:fp:flow:4be37b1f0cfe:port:tcp:16447	flow:4be37b1f0cfe → port:tcp:16447
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7391507b773a5722:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7391507b773a5722 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:9eff1d4678ce	flow:9eff1d4678ce → host:57.128.95.174 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:13bb72a1cd69	flow:13bb72a1cd69 → host:177.10.236.64 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:152516e88773:port:tcp:20418	flow:152516e88773 → port:tcp:20418
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.201:asn:262880	host:177.10.236.201 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-7a301fd9da8621bb:host:172.234.197.23	SESSION-7a301fd9da8621bb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-793bdbe15c87a87a:host:177.10.232.107	SESSION-793bdbe15c87a87a → host:177.10.232.107
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-574ff4efae76e1f7:PCAP:capture_20260430050001:8868731bf8a4	SESSION-574ff4efae76e1f7 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-6f6577138d25ad9e:host:177.10.232.88	SESSION-6f6577138d25ad9e → host:177.10.232.88
FLOW_FROM_HOSTOBS	e:from:SESSION-1ddc324b0d6a8eb6:host:131.196.29.203	SESSION-1ddc324b0d6a8eb6 → host:131.196.29.203
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ec50ec61227c5d5c:SESSION-ec50ec61227c5d5c	SESSION-ec50ec61227c5d5c → pe:tls:SESSION-ec50ec61227c5d5c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7bd472de7dbc823f:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-7bd472de7dbc823f → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:3006c4727877:port:tcp:28601	flow:3006c4727877 → port:tcp:28601
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.120:asn:271410	host:131.196.29.120 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-89883827e26a2cf6:SESSION-89883827e26a2cf6	SESSION-89883827e26a2cf6 → pe:tls:SESSION-89883827e26a2cf6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7f799bd198c08bce:flow:c0a0b196a018	SESSION-7f799bd198c08bce → flow:c0a0b196a018
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.93:asn:262880	host:177.10.239.93 → asn:262880
flow_observed5-aryOBS	e:fo:flow:3b27b3b8149c	flow:3b27b3b8149c → host:131.196.31.74 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d9ef85fb3b83fc71:SESSION-d9ef85fb3b83fc71	SESSION-d9ef85fb3b83fc71 → pe:syn:SESSION-d9ef85fb3b83fc71
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7f62a59cabf6a851:SESSION-7f62a59cabf6a851	SESSION-7f62a59cabf6a851 → pe:tls:SESSION-7f62a59cabf6a851
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2e3f5af343ed075a:flow:87e702e14634	SESSION-2e3f5af343ed075a → flow:87e702e14634
flow_observed4-aryOBS	e:fo:flow:3e4fd7e6d9e6	flow:3e4fd7e6d9e6 → host:172.234.197.23 → host:177.10.235.248 → port:tcp:17417
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30f00b6e6078f800:host:177.10.234.164	SESSION-30f00b6e6078f800 → host:177.10.234.164
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5ac08008a4ed5c1:host:172.234.197.23	SESSION-c5ac08008a4ed5c1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-323caf5dcc039926:SESSION-323caf5dcc039926	SESSION-323caf5dcc039926 → pe:tls:SESSION-323caf5dcc039926
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e6d659d940e075af:flow:399167c752fc	SESSION-e6d659d940e075af → flow:399167c752fc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-275d804358752875:host:177.10.237.143:host:172.234.197.23	SESSION-275d804358752875 → host:177.10.237.143 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-001dbe9c45882aae:SESSION-001dbe9c45882aae	SESSION-001dbe9c45882aae → pe:syn:SESSION-001dbe9c45882aae
flow_observed5-aryOBS	e:fo:flow:3fc5c3c3e3a8	flow:3fc5c3c3e3a8 → host:177.10.233.76 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-38a64ba294c5f79f:host:172.234.197.23	SESSION-38a64ba294c5f79f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-64913b40dfec355f:host:131.196.29.182:host:172.234.197.23	SESSION-64913b40dfec355f → host:131.196.29.182 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-e53dab5788851a26:BSG-BEACON-a8a8c3c8a37f	SESSION-e53dab5788851a26 → BSG-BEACON-a8a8c3c8a37f
FLOW_FROM_HOSTOBS	e:from:SESSION-aec01d0deaddfc4b:host:131.196.29.114	SESSION-aec01d0deaddfc4b → host:131.196.29.114
FLOW_TO_HOSTOBS	e:to:SESSION-9582152c6f7e826d:host:177.10.239.108	SESSION-9582152c6f7e826d → host:177.10.239.108
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.93:geo_-16.28860_-49.01640	host:177.10.239.93 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0371abab0ef43e73:host:31.40.196.125	SESSION-0371abab0ef43e73 → host:31.40.196.125
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa658fe130f71ff5:host:172.234.197.23:host:131.196.30.253	SESSION-aa658fe130f71ff5 → host:172.234.197.23 → host:131.196.30.253
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3d526a62cd76fa97:flow:15d79a8be621	SESSION-3d526a62cd76fa97 → flow:15d79a8be621
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.130:geo_-16.28860_-49.01640	host:177.10.234.130 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:f0a67aad54e3:port:tcp:443	flow:f0a67aad54e3 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d975c41b16afdd4:host:177.10.234.27	SESSION-1d975c41b16afdd4 → host:177.10.234.27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f43808d089ea9fde:SESSION-f43808d089ea9fde	SESSION-f43808d089ea9fde → pe:syn:SESSION-f43808d089ea9fde
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4066f36b6ded169d:host:177.10.236.138:host:172.234.197.23	SESSION-4066f36b6ded169d → host:177.10.236.138 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.253:geo_-16.28860_-49.01640	host:177.10.235.253 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da7125a184793aeb:host:131.196.29.192	SESSION-da7125a184793aeb → host:131.196.29.192
flow_observed5-aryOBS	e:fo:flow:81873425f8e1	flow:81873425f8e1 → host:131.196.30.98 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:a124566784d7:port:tcp:443	flow:a124566784d7 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5bec9c6872f5835:host:172.234.197.23	SESSION-b5bec9c6872f5835 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-24ee0ec1cbf12b9d:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-24ee0ec1cbf12b9d → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb77a42bb02f4581:SESSION-cb77a42bb02f4581	SESSION-cb77a42bb02f4581 → pe:syn:SESSION-cb77a42bb02f4581
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-029d1f2d00b0343a:SESSION-029d1f2d00b0343a	SESSION-029d1f2d00b0343a → pe:tls:SESSION-029d1f2d00b0343a
flow_observed5-aryOBS	e:fo:flow:4af1e8dbb35f	flow:4af1e8dbb35f → host:177.10.232.67 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42ac4798d48b113f:host:131.196.31.204	SESSION-42ac4798d48b113f → host:131.196.31.204
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2eb24274e849c36c:host:177.10.238.133	SESSION-2eb24274e849c36c → host:177.10.238.133
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-938eb42ac2c00523:SESSION-938eb42ac2c00523	SESSION-938eb42ac2c00523 → pe:syn:SESSION-938eb42ac2c00523
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42dd33a8e6552b73:host:172.234.197.23	SESSION-42dd33a8e6552b73 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07d653be0b30b2f4:host:172.234.197.23	SESSION-07d653be0b30b2f4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-aa09fbb5e640ff94:host:172.234.197.23	SESSION-aa09fbb5e640ff94 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f5347add21fd9245:PCAP:capture_20260430050001:8868731bf8a4	SESSION-f5347add21fd9245 → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.131:geo_-23.62930_-46.63510	host:131.196.30.131 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:9e585f997a3c:port:tcp:42888	flow:9e585f997a3c → port:tcp:42888
FLOW_FROM_HOSTOBS	e:from:SESSION-6b4752d4afe8ec71:host:177.10.232.105	SESSION-6b4752d4afe8ec71 → host:177.10.232.105
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bcb514f388fb99c6:SESSION-bcb514f388fb99c6	SESSION-bcb514f388fb99c6 → pe:syn:SESSION-bcb514f388fb99c6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-20aee5a5b6e9be41:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-20aee5a5b6e9be41 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2df4632ec7c2c624:SESSION-2df4632ec7c2c624	SESSION-2df4632ec7c2c624 → pe:tls:SESSION-2df4632ec7c2c624
flow_observed4-aryOBS	e:fo:flow:6d30acc95cd3	flow:6d30acc95cd3 → host:172.234.197.23 → host:177.10.238.205 → port:tcp:3444
FLOW_FROM_HOSTOBS	e:from:SESSION-106d77d887836a65:host:177.10.234.74	SESSION-106d77d887836a65 → host:177.10.234.74
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.55:geo_-16.28860_-49.01640	host:177.10.239.55 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-b849b4bd4115608f:host:177.10.239.150	SESSION-b849b4bd4115608f → host:177.10.239.150
FLOW_FROM_HOSTOBS	e:from:SESSION-191c84cbdd981857:host:131.196.31.2	SESSION-191c84cbdd981857 → host:131.196.31.2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d59512d9649ead5:host:177.10.238.181	SESSION-9d59512d9649ead5 → host:177.10.238.181
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-43a9f8d54e48850a:host:172.234.197.23	SESSION-43a9f8d54e48850a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-760c61036eedf2e4:SESSION-760c61036eedf2e4	SESSION-760c61036eedf2e4 → pe:syn:SESSION-760c61036eedf2e4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-12cb447eb42d83b5:host:172.234.197.23:host:177.10.236.90	SESSION-12cb447eb42d83b5 → host:172.234.197.23 → host:177.10.236.90
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ec2cd7bdebda0247:SESSION-ec2cd7bdebda0247	SESSION-ec2cd7bdebda0247 → pe:syn:SESSION-ec2cd7bdebda0247
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.109:geo_-16.28860_-49.01640	host:177.10.234.109 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-586cf5bb6d743be1:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-586cf5bb6d743be1 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6aacd35f912a2971:host:177.10.235.202:host:172.234.197.23	SESSION-6aacd35f912a2971 → host:177.10.235.202 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:aa4014470102:port:tcp:443	flow:aa4014470102 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a32c5a0b23fc272:host:172.234.197.23	SESSION-0a32c5a0b23fc272 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-12c594123030dc05:host:54.149.68.137	SESSION-12c594123030dc05 → host:54.149.68.137
flow_observed5-aryOBS	e:fo:flow:7e7fec78c1be	flow:7e7fec78c1be → host:45.173.156.72 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:e7251f1511c5:port:tcp:47941	flow:e7251f1511c5 → port:tcp:47941
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e2a96a3225ff388:PCAP:capture_20260428010001:b1b402c7b202	SESSION-7e2a96a3225ff388 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bff0487aa2cdf6e6:host:172.234.197.23	SESSION-bff0487aa2cdf6e6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc2888c0eb9bd2ad:host:131.196.29.248	SESSION-fc2888c0eb9bd2ad → host:131.196.29.248
FLOW_DST_PORTOBS	e:fp:flow:6443c8802cc9:port:tcp:27532	flow:6443c8802cc9 → port:tcp:27532
FLOW_TO_HOSTOBS	e:to:SESSION-5b2e6696cab81646:host:177.10.237.95	SESSION-5b2e6696cab81646 → host:177.10.237.95
FLOW_FROM_HOSTOBS	e:from:SESSION-f2c00c77bcbb5602:host:172.234.197.23	SESSION-f2c00c77bcbb5602 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4372f6da63a9	flow:4372f6da63a9 → host:131.196.31.225 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-edebc7da73e26840:host:172.234.197.23	SESSION-edebc7da73e26840 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4dda4cfeb9223891:SESSION-4dda4cfeb9223891	SESSION-4dda4cfeb9223891 → pe:syn:SESSION-4dda4cfeb9223891
flow_observed5-aryOBS	e:fo:flow:ccc8e09e0181	flow:ccc8e09e0181 → host:177.10.232.158 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d0ac7328414c6be9:flow:7fec8489c584	SESSION-d0ac7328414c6be9 → flow:7fec8489c584
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca819812f7c370c2:host:177.10.238.103	SESSION-ca819812f7c370c2 → host:177.10.238.103
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-95e8a61a9d5e6397:SESSION-95e8a61a9d5e6397	SESSION-95e8a61a9d5e6397 → pe:syn:SESSION-95e8a61a9d5e6397
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.127:asn:262880	host:177.10.238.127 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb971e48f4a1e66e:host:177.10.235.202	SESSION-fb971e48f4a1e66e → host:177.10.235.202
FLOW_TO_HOSTOBS	e:to:SESSION-0796a13a25fe417a:host:172.234.197.23	SESSION-0796a13a25fe417a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cd4086b575d9a1c0:host:172.234.197.23:host:177.10.232.164	SESSION-cd4086b575d9a1c0 → host:172.234.197.23 → host:177.10.232.164
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75c0f4fa43b2bfb9:host:172.234.197.23	SESSION-75c0f4fa43b2bfb9 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.57:geo_-21.10010_-41.69200	host:45.173.156.57 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-783928d3af0eed6e:host:131.196.31.218:host:172.234.197.23	SESSION-783928d3af0eed6e → host:131.196.31.218 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a288a75f40d03563:PCAP:capture_20260430080001:93f47cc296a4	SESSION-a288a75f40d03563 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed4-aryOBS	e:fo:flow:3f1627c07472	flow:3f1627c07472 → host:172.234.197.23 → host:177.10.236.125 → port:tcp:2710
flow_observed5-aryOBS	e:fo:flow:8a521b090e04	flow:8a521b090e04 → host:177.10.236.45 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d54bd183a716274c:host:177.10.239.226	SESSION-d54bd183a716274c → host:177.10.239.226
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-969e64e33723c991:SESSION-969e64e33723c991	SESSION-969e64e33723c991 → pe:tls:SESSION-969e64e33723c991
FLOW_FROM_HOSTOBS	e:from:SESSION-e2eb0c2c4028db16:host:92.112.71.169	SESSION-e2eb0c2c4028db16 → host:92.112.71.169
FLOW_FROM_HOSTOBS	e:from:SESSION-d82c2d4eaa13efdb:host:172.234.197.23	SESSION-d82c2d4eaa13efdb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9e8a9e43c374485d:host:177.10.237.72	SESSION-9e8a9e43c374485d → host:177.10.237.72
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e76870e292a86821:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-e76870e292a86821 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:9211244e0c57	flow:9211244e0c57 → host:177.10.234.221 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-72859a91c292f326:SESSION-72859a91c292f326	SESSION-72859a91c292f326 → pe:syn:SESSION-72859a91c292f326
FLOW_FROM_HOSTOBS	e:from:SESSION-1a46a988dc3d14a3:host:177.10.237.113	SESSION-1a46a988dc3d14a3 → host:177.10.237.113
FLOW_FROM_HOSTOBS	e:from:SESSION-659e9e20b25ca2e2:host:172.234.197.23	SESSION-659e9e20b25ca2e2 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:15ff142e4d3b	flow:15ff142e4d3b → host:172.234.197.23 → host:177.10.233.191 → port:tcp:20458
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-46631c2a8361f405:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-46631c2a8361f405 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d5407005cb310ce8:flow:87fdc9f515c4	SESSION-d5407005cb310ce8 → flow:87fdc9f515c4
FLOW_DST_PORTOBS	e:fp:flow:c08c0a3c73b3:port:tcp:52961	flow:c08c0a3c73b3 → port:tcp:52961
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-793a524af1982647:flow:3906c12188c3	SESSION-793a524af1982647 → flow:3906c12188c3
FLOW_FROM_HOSTOBS	e:from:SESSION-68a3766ff3680ecf:host:172.234.197.23	SESSION-68a3766ff3680ecf → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:5d260aa3f548	flow:5d260aa3f548 → host:172.234.197.23 → host:177.10.235.169 → port:tcp:25217
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.236:geo_-23.62930_-46.63510	host:131.196.29.236 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:fa102252011b:port:tcp:443	flow:fa102252011b → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:8532ceaded41	flow:8532ceaded41 → host:131.196.29.59 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:447374de8225	flow:447374de8225 → host:177.10.236.57 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6bdebc30581f3c5f:host:131.196.30.55:host:172.234.197.23	SESSION-6bdebc30581f3c5f → host:131.196.30.55 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e991004bd02372d1:SESSION-e991004bd02372d1	SESSION-e991004bd02372d1 → pe:tls:SESSION-e991004bd02372d1
FLOW_DST_PORTOBS	e:fp:flow:d3825fb81dc5:port:tcp:443	flow:d3825fb81dc5 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:98e497135516:port:tcp:443	flow:98e497135516 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:185.72.218.77:asn:206406	host:185.72.218.77 → asn:206406
FLOW_DST_PORTOBS	e:fp:flow:42ae31a76c48:port:tcp:19423	flow:42ae31a76c48 → port:tcp:19423
FLOW_TO_HOSTOBS	e:to:SESSION-95c23d407c86213b:host:131.196.29.119	SESSION-95c23d407c86213b → host:131.196.29.119
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a60794a5b314271e:host:177.10.235.210:host:172.234.197.23	SESSION-a60794a5b314271e → host:177.10.235.210 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bedaa62e135c647a:SESSION-bedaa62e135c647a	SESSION-bedaa62e135c647a → pe:syn:SESSION-bedaa62e135c647a
FLOW_DST_PORTOBS	e:fp:flow:5b29f7395281:port:tcp:29603	flow:5b29f7395281 → port:tcp:29603
FLOW_DST_PORTOBS	e:fp:flow:f6c58082ad03:port:tcp:443	flow:f6c58082ad03 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a32c5a0b23fc272:SESSION-0a32c5a0b23fc272	SESSION-0a32c5a0b23fc272 → pe:tls:SESSION-0a32c5a0b23fc272
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-191997595ec6754e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-191997595ec6754e → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:1c25e14dd3be:port:tcp:443	flow:1c25e14dd3be → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a486ebfba002f553:SESSION-a486ebfba002f553	SESSION-a486ebfba002f553 → pe:syn:SESSION-a486ebfba002f553
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-265fcf20a19ad440:host:172.234.197.23:host:131.196.30.126	SESSION-265fcf20a19ad440 → host:172.234.197.23 → host:131.196.30.126
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aae44d6cd669040c:PCAP:capture_20260430160001:9bfa4498506a	SESSION-aae44d6cd669040c → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cfbd2e877e86cd2a:host:172.234.197.23	SESSION-cfbd2e877e86cd2a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-587fbc18dc61ddb0:flow:16d1fe4b54fe	SESSION-587fbc18dc61ddb0 → flow:16d1fe4b54fe
FLOW_TO_HOSTOBS	e:to:SESSION-fd4f176877b3d058:host:131.196.31.146	SESSION-fd4f176877b3d058 → host:131.196.31.146
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9b9695896cdce250:host:45.145.152.51:host:172.234.197.23	SESSION-9b9695896cdce250 → host:45.145.152.51 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d776155c4ea7cbea:host:172.234.197.23	SESSION-d776155c4ea7cbea → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5f6c80d4cd630a20:host:172.234.197.23	SESSION-5f6c80d4cd630a20 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ffb355c8f64da05f:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-ffb355c8f64da05f → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6420523769b66d4c:flow:77755f7476c8	SESSION-6420523769b66d4c → flow:77755f7476c8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-391d28a36308a996:host:172.234.197.23	SESSION-391d28a36308a996 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77e4374445abb63e:flow:f4e1ee04b48d	SESSION-77e4374445abb63e → flow:f4e1ee04b48d
FLOW_FROM_HOSTOBS	e:from:SESSION-997b652ef378c5d4:host:172.234.197.23	SESSION-997b652ef378c5d4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8c94fcea26d4cb3:host:45.173.156.30	SESSION-c8c94fcea26d4cb3 → host:45.173.156.30
FLOW_FROM_HOSTOBS	e:from:SESSION-30b7709547a366f1:host:177.10.238.110	SESSION-30b7709547a366f1 → host:177.10.238.110
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be5c05381a363417:host:172.234.197.23	SESSION-be5c05381a363417 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a0efb63412ce5061:host:177.10.236.221	SESSION-a0efb63412ce5061 → host:177.10.236.221
FLOW_DST_PORTOBS	e:fp:flow:e7662d06a0dc:port:tcp:443	flow:e7662d06a0dc → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-140cb8b81d438202:PCAP:capture_20260430110001:43611bdf6759	SESSION-140cb8b81d438202 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db9e8149201eae0f:host:131.196.30.59:host:172.234.197.23	SESSION-db9e8149201eae0f → host:131.196.30.59 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a6edbcdecdf7d835:host:177.10.238.139	SESSION-a6edbcdecdf7d835 → host:177.10.238.139
FLOW_DST_PORTOBS	e:fp:flow:4a9074182f8c:port:tcp:443	flow:4a9074182f8c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d17b7bdf4ae9fb2c:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-d17b7bdf4ae9fb2c → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.83:asn:262880	host:177.10.238.83 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-9ffa027db374a629:host:172.234.197.23	SESSION-9ffa027db374a629 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ed68676a7b84:port:udp:53	flow:ed68676a7b84 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68010cf4db790ce8:host:172.234.197.23	SESSION-68010cf4db790ce8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44bc098e411317a4:host:172.234.197.23	SESSION-44bc098e411317a4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-970263f3772afe71:flow:f40ed084376e	SESSION-970263f3772afe71 → flow:f40ed084376e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4933624db1b9ac84:SESSION-4933624db1b9ac84	SESSION-4933624db1b9ac84 → pe:tls:SESSION-4933624db1b9ac84
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fcb174e83803b1f7:host:131.196.29.85	SESSION-fcb174e83803b1f7 → host:131.196.29.85
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-14e24a51491967d5:SESSION-14e24a51491967d5	SESSION-14e24a51491967d5 → pe:syn:SESSION-14e24a51491967d5
flow_observed4-aryOBS	e:fo:flow:268b6ae636af	flow:268b6ae636af → host:172.234.197.23 → host:177.10.239.59 → port:tcp:3608
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d957287df88430bb:host:177.10.239.58:host:172.234.197.23	SESSION-d957287df88430bb → host:177.10.239.58 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a20e1b3cc116	flow:a20e1b3cc116 → host:177.10.234.246 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-88ff33eaa18cf09d:host:172.234.197.23	SESSION-88ff33eaa18cf09d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e1d806fe7541c4b2:host:172.234.197.23	SESSION-e1d806fe7541c4b2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-323caf5dcc039926:flow:e772ab0d013d	SESSION-323caf5dcc039926 → flow:e772ab0d013d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6238265b6cc9ea0:host:172.234.197.23	SESSION-e6238265b6cc9ea0 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:123c310400c9	flow:123c310400c9 → host:172.234.197.23 → host:177.10.233.249 → port:tcp:19555
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-198cd8f9bb6f8909:PCAP:capture_20260430080001:93f47cc296a4	SESSION-198cd8f9bb6f8909 → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.206:asn:271410	host:131.196.29.206 → asn:271410
flow_observed5-aryOBS	e:fo:flow:4fc6b8b9e911	flow:4fc6b8b9e911 → host:131.196.30.145 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-054885aa6e2323da:PCAP:capture_20260430160001:9bfa4498506a	SESSION-054885aa6e2323da → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-5ee625266e5aa068:host:54.201.244.199	SESSION-5ee625266e5aa068 → host:54.201.244.199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-355b17fab14031de:host:177.10.233.70	SESSION-355b17fab14031de → host:177.10.233.70
FLOW_TO_HOSTOBS	e:to:SESSION-7ab46af96ea11edd:host:172.234.197.23	SESSION-7ab46af96ea11edd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6c92176ee8d876ba:flow:b8787ac12cda	SESSION-6c92176ee8d876ba → flow:b8787ac12cda
flow_observed5-aryOBS	e:fo:flow:2e3157698a52	flow:2e3157698a52 → host:177.10.233.220 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-042b5a6edf64c734:SESSION-042b5a6edf64c734	SESSION-042b5a6edf64c734 → pe:tls:SESSION-042b5a6edf64c734
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa31472460997bf3:SESSION-aa31472460997bf3	SESSION-aa31472460997bf3 → pe:syn:SESSION-aa31472460997bf3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-192cf58c18726bf1:SESSION-192cf58c18726bf1	SESSION-192cf58c18726bf1 → pe:tls:SESSION-192cf58c18726bf1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-afb2aada9aae789c:SESSION-afb2aada9aae789c	SESSION-afb2aada9aae789c → pe:syn:SESSION-afb2aada9aae789c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6f5b8d372cd42441:SESSION-6f5b8d372cd42441	SESSION-6f5b8d372cd42441 → pe:tls:SESSION-6f5b8d372cd42441
FLOW_TO_HOSTOBS	e:to:SESSION-c69fd5cbb3980413:host:172.234.197.23	SESSION-c69fd5cbb3980413 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a80be6abc21d5bd:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-8a80be6abc21d5bd → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5ab8147bbacef01b:SESSION-5ab8147bbacef01b	SESSION-5ab8147bbacef01b → pe:tls:SESSION-5ab8147bbacef01b
flow_observed4-aryOBS	e:fo:flow:c859dd67755d	flow:c859dd67755d → host:172.234.197.23 → host:131.196.31.26 → port:tcp:56635
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-11e7a161068ba48e:PCAP:capture_20260430080001:93f47cc296a4	SESSION-11e7a161068ba48e → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:7558413065e5	flow:7558413065e5 → host:177.10.233.147 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.127:geo_-16.28860_-49.01640	host:177.10.233.127 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:ad69a09da0dd	flow:ad69a09da0dd → host:177.10.235.64 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d7aef03828b51e64:host:172.234.197.23	SESSION-d7aef03828b51e64 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bd657e34d2536dc9:host:172.234.197.23:host:177.10.233.77	SESSION-bd657e34d2536dc9 → host:172.234.197.23 → host:177.10.233.77
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4cf4d7f5409c1837:PCAP:capture_20260430070001:903a0e7a436b	SESSION-4cf4d7f5409c1837 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:af7bc9759ccd:port:tcp:443	flow:af7bc9759ccd → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-ee8b7e20de209690:host:172.234.197.23	SESSION-ee8b7e20de209690 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d6d47e7b31036f28:SESSION-d6d47e7b31036f28	SESSION-d6d47e7b31036f28 → pe:syn:SESSION-d6d47e7b31036f28
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-44593e1f87cfdd92:flow:1ed341656f40	SESSION-44593e1f87cfdd92 → flow:1ed341656f40
FLOW_DST_PORTOBS	e:fp:flow:5015886c6c7c:port:tcp:46059	flow:5015886c6c7c → port:tcp:46059
FLOW_DST_PORTOBS	e:fp:flow:5e785a603a1b:port:tcp:443	flow:5e785a603a1b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d9a4406bd7b3b41:host:177.10.239.145	SESSION-4d9a4406bd7b3b41 → host:177.10.239.145
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-226dccfda73d96ef:host:177.10.237.161	SESSION-226dccfda73d96ef → host:177.10.237.161
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3959c763e6312f1d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-3959c763e6312f1d → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.138:asn:271410	host:131.196.31.138 → asn:271410
flow_observed4-aryOBS	e:fo:flow:2fe05b6b50c5	flow:2fe05b6b50c5 → host:172.234.197.23 → host:131.196.28.134 → port:tcp:22523
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d618ae22306fa7b9:PCAP:capture_20260430090001:065659c7d314	SESSION-d618ae22306fa7b9 → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:44ae2f180ff5:port:tcp:443	flow:44ae2f180ff5 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ffc31ee499a3f223:host:172.234.197.23	SESSION-ffc31ee499a3f223 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-28d2d0e8afd37453:host:172.234.197.23	SESSION-28d2d0e8afd37453 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-200a4f7a7e5b3996:host:172.234.197.23	SESSION-200a4f7a7e5b3996 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:99877575f993	flow:99877575f993 → host:177.10.235.171 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:9eec284b5d7b:port:tcp:443	flow:9eec284b5d7b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8165f1476121226e:host:172.234.197.23	SESSION-8165f1476121226e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-723b8399a0bced6b:flow:53d4a5b90646	SESSION-723b8399a0bced6b → flow:53d4a5b90646
FLOW_FROM_HOSTOBS	e:from:SESSION-98b441f54568b58c:host:172.234.197.23	SESSION-98b441f54568b58c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f2d543abeb28	flow:f2d543abeb28 → host:177.10.238.90 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-290c9b11e52fd3ba:host:177.10.233.51	SESSION-290c9b11e52fd3ba → host:177.10.233.51
FLOW_FROM_HOSTOBS	e:from:SESSION-1684e8254d6d3165:host:177.10.233.54	SESSION-1684e8254d6d3165 → host:177.10.233.54
FLOW_TO_HOSTOBS	e:to:SESSION-2acb7632e6c37a6f:host:172.234.197.23	SESSION-2acb7632e6c37a6f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c93e3b6f6b78357b:host:177.10.237.94	SESSION-c93e3b6f6b78357b → host:177.10.237.94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4d5b5151108975cf:SESSION-4d5b5151108975cf	SESSION-4d5b5151108975cf → pe:syn:SESSION-4d5b5151108975cf
FLOW_FROM_HOSTOBS	e:from:SESSION-e4b14eb8b6ee95ef:host:172.234.197.23	SESSION-e4b14eb8b6ee95ef → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a592f97b57bb2999:host:172.234.197.23	SESSION-a592f97b57bb2999 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0234eaac2961	flow:0234eaac2961 → host:131.196.28.200 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-42eae260ad8ea663:host:177.10.233.144:host:172.234.197.23	SESSION-42eae260ad8ea663 → host:177.10.233.144 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3e3d1aa706f2604d:SESSION-3e3d1aa706f2604d	SESSION-3e3d1aa706f2604d → pe:tls:SESSION-3e3d1aa706f2604d
flow_observed5-aryOBS	e:fo:flow:ada631d31ecc	flow:ada631d31ecc → host:177.10.232.120 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-208c35e6fa834cd1:host:131.196.30.219:host:172.234.197.23	SESSION-208c35e6fa834cd1 → host:131.196.30.219 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0dfc9b5d1570	flow:0dfc9b5d1570 → host:131.196.30.167 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-5d4cb0f7560af550:host:172.234.197.23	SESSION-5d4cb0f7560af550 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d0246a8b70a825de:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d0246a8b70a825de → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.82:geo_-23.62930_-46.63510	host:131.196.31.82 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:67789bf9388e:port:tcp:443	flow:67789bf9388e → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:c75999244606:port:tcp:49886	flow:c75999244606 → port:tcp:49886
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-32626bc077790390:flow:b689e3522dc7	SESSION-32626bc077790390 → flow:b689e3522dc7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-723b8399a0bced6b:SESSION-723b8399a0bced6b	SESSION-723b8399a0bced6b → pe:syn:SESSION-723b8399a0bced6b
FLOW_FROM_HOSTOBS	e:from:SESSION-73eae13080f416f8:host:131.196.30.97	SESSION-73eae13080f416f8 → host:131.196.30.97
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1b588a91707aaaf:host:172.234.197.23:host:131.196.31.143	SESSION-d1b588a91707aaaf → host:172.234.197.23 → host:131.196.31.143
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-73ad5b34385541ce:flow:f58fa910255a	SESSION-73ad5b34385541ce → flow:f58fa910255a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-163f2e33c9f4a8f4:host:131.196.29.94	SESSION-163f2e33c9f4a8f4 → host:131.196.29.94
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.115:asn:262880	host:177.10.239.115 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dfde0f74dbe81c3a:host:131.196.28.80	SESSION-dfde0f74dbe81c3a → host:131.196.28.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-959e19b011db2562:PCAP:capture_20260430160001:9bfa4498506a	SESSION-959e19b011db2562 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7f9cc68ffb76114:host:177.10.236.250	SESSION-b7f9cc68ffb76114 → host:177.10.236.250
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b332774cd544824a:host:177.10.237.127:host:172.234.197.23	SESSION-b332774cd544824a → host:177.10.237.127 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-024c55a268626b80:host:172.234.197.23	SESSION-024c55a268626b80 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dd58ba429e3d894b:PCAP:capture_20260430150001:ded20914761d	SESSION-dd58ba429e3d894b → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.200:asn:262880	host:177.10.237.200 → asn:262880
flow_observed5-aryOBS	e:fo:flow:3d3570f8986d	flow:3d3570f8986d → host:177.10.239.102 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:7952e1e20910:port:tcp:443	flow:7952e1e20910 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-7139746cbd677852:host:45.173.156.34	SESSION-7139746cbd677852 → host:45.173.156.34
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8f486345fbdf5443:flow:8273b67b89ac	SESSION-8f486345fbdf5443 → flow:8273b67b89ac
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9cc387e98cb8cb82:SESSION-9cc387e98cb8cb82	SESSION-9cc387e98cb8cb82 → pe:syn:SESSION-9cc387e98cb8cb82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d60f9952407f0d18:host:172.234.197.23	SESSION-d60f9952407f0d18 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a9beff4b34540729:host:177.10.235.250	SESSION-a9beff4b34540729 → host:177.10.235.250
FLOW_FROM_HOSTOBS	e:from:SESSION-6af89b3798eaaf52:host:172.234.197.23	SESSION-6af89b3798eaaf52 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6798e98bad768e0d:SESSION-6798e98bad768e0d	SESSION-6798e98bad768e0d → pe:tls:SESSION-6798e98bad768e0d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6798e98bad768e0d:flow:65c7c6bda9f3	SESSION-6798e98bad768e0d → flow:65c7c6bda9f3
flow_observed5-aryOBS	e:fo:flow:74ec24f6b294	flow:74ec24f6b294 → host:177.10.233.192 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a0efb63412ce5061:host:172.234.197.23:host:177.10.236.221	SESSION-a0efb63412ce5061 → host:172.234.197.23 → host:177.10.236.221
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fa65fdb17829700:host:177.10.232.34	SESSION-3fa65fdb17829700 → host:177.10.232.34
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fbdf1132d9fb1d0d:SESSION-fbdf1132d9fb1d0d	SESSION-fbdf1132d9fb1d0d → pe:tls:SESSION-fbdf1132d9fb1d0d
FLOW_TO_HOSTOBS	e:to:SESSION-69a0e56e6767912e:host:172.234.197.23	SESSION-69a0e56e6767912e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:de8975ee43cf:port:tcp:443	flow:de8975ee43cf → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:9b5a8f4835a8:port:tcp:2204	flow:9b5a8f4835a8 → port:tcp:2204
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-020ce81cb9d50ce5:host:177.10.234.87:host:172.234.197.23	SESSION-020ce81cb9d50ce5 → host:177.10.234.87 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:59b0b56c7328:port:tcp:443	flow:59b0b56c7328 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:149.210.194.32:geo_52.38240_4.89950	host:149.210.194.32 → geo_52.38240_4.89950
flow_observed4-aryOBS	e:fo:flow:a0a925e53e44	flow:a0a925e53e44 → host:172.234.197.23 → host:45.173.156.49 → port:tcp:13236
FLOW_DST_PORTOBS	e:fp:flow:d24a1eb66a56:port:tcp:443	flow:d24a1eb66a56 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3762cafcd0c66be2:host:177.10.234.222	SESSION-3762cafcd0c66be2 → host:177.10.234.222
FLOW_DST_PORTOBS	e:fp:flow:e7fb21ef8e25:port:tcp:443	flow:e7fb21ef8e25 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.63:geo_-16.28860_-49.01640	host:177.10.238.63 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-efabffc9197efb23:host:131.196.29.234	SESSION-efabffc9197efb23 → host:131.196.29.234
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-08d3390238946fda:SESSION-08d3390238946fda	SESSION-08d3390238946fda → pe:rst:SESSION-08d3390238946fda
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-926d10c9776453b9:host:172.234.197.23:host:131.196.30.104	SESSION-926d10c9776453b9 → host:172.234.197.23 → host:131.196.30.104
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6965561db8b52827:host:172.234.197.23:host:131.196.30.8	SESSION-6965561db8b52827 → host:172.234.197.23 → host:131.196.30.8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2a075c2c818644a:host:131.196.30.84	SESSION-a2a075c2c818644a → host:131.196.30.84
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.16:asn:262880	host:177.10.239.16 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e08e3213e2e0e28:host:177.10.234.219	SESSION-5e08e3213e2e0e28 → host:177.10.234.219
FLOW_TO_HOSTOBS	e:to:SESSION-cf286e26fb783f2f:host:131.196.29.160	SESSION-cf286e26fb783f2f → host:131.196.29.160
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ec199f8b9a6f389:host:172.234.197.23	SESSION-8ec199f8b9a6f389 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c65a4c12e9ce549:host:177.10.235.88	SESSION-5c65a4c12e9ce549 → host:177.10.235.88
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.222:asn:203771	host:45.145.152.222 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-347229f80efdfaa4:host:131.196.30.33	SESSION-347229f80efdfaa4 → host:131.196.30.33
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a5004eb3121e0f98:flow:107f0fd4b6e6	SESSION-a5004eb3121e0f98 → flow:107f0fd4b6e6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-df3beb1e5143a102:host:131.196.30.205:host:172.234.197.23	SESSION-df3beb1e5143a102 → host:131.196.30.205 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-933bde1224d44bcc:flow:a4311327b5d4	SESSION-933bde1224d44bcc → flow:a4311327b5d4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bd9436da4a7a552d:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-bd9436da4a7a552d → PCAP:capture_20260427230001:ca8bd1ce36e2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-73436bd95d7b2637:host:131.196.28.247:host:172.234.197.23	SESSION-73436bd95d7b2637 → host:131.196.28.247 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6222707cbae0e281:PCAP:capture_20260428010001:b1b402c7b202	SESSION-6222707cbae0e281 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-acd63ec8ffcea8e7:SESSION-acd63ec8ffcea8e7	SESSION-acd63ec8ffcea8e7 → pe:tls:SESSION-acd63ec8ffcea8e7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.76:geo_-16.28860_-49.01640	host:177.10.237.76 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.100:geo_-16.28860_-49.01640	host:177.10.232.100 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:4be37b1f0cfe	flow:4be37b1f0cfe → host:172.234.197.23 → host:131.196.29.230 → port:tcp:16447
FLOW_DST_PORTOBS	e:fp:flow:cc415382b4b7:port:tcp:9122	flow:cc415382b4b7 → port:tcp:9122
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b1261f8c6b87cf73:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b1261f8c6b87cf73 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:c871dd56570a:port:tcp:443	flow:c871dd56570a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d7baf95bca9d9bdc:host:172.234.197.23	SESSION-d7baf95bca9d9bdc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2b1032a47414de8d:SESSION-2b1032a47414de8d	SESSION-2b1032a47414de8d → pe:tls:SESSION-2b1032a47414de8d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-80c2fbd298f78f5d:PCAP:capture_20260430060001:919b39a74464	SESSION-80c2fbd298f78f5d → PCAP:capture_20260430060001:919b39a74464
flow_observed4-aryOBS	e:fo:flow:0c9e5a5fe931	flow:0c9e5a5fe931 → host:172.234.197.23 → host:177.10.232.222 → port:tcp:27896
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9e9c761e9ca1eb65:flow:5e70f5bd0100	SESSION-9e9c761e9ca1eb65 → flow:5e70f5bd0100
FLOW_DST_PORTOBS	e:fp:flow:8427af739fb5:port:tcp:443	flow:8427af739fb5 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-2619cb568c6b860e:host:177.10.235.227	SESSION-2619cb568c6b860e → host:177.10.235.227
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.128:asn:271410	host:131.196.28.128 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:b5e5474721fd:port:tcp:443	flow:b5e5474721fd → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:60f887dc148d:port:tcp:292	flow:60f887dc148d → port:tcp:292
flow_observed4-aryOBS	e:fo:flow:764c895d5614	flow:764c895d5614 → host:172.234.197.23 → host:177.10.232.55 → port:tcp:878
FLOW_TLS_SNIOBS	e:fs:flow:962b552243c1:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:962b552243c1 → tls_sni:172-234-197-23.ip.linodeusercontent.com
flow_observed5-aryOBS	e:fo:flow:7fac969ccea8	flow:7fac969ccea8 → host:177.10.238.41 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8d2a460a472c4c29:SESSION-8d2a460a472c4c29	SESSION-8d2a460a472c4c29 → pe:tls:SESSION-8d2a460a472c4c29
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e6a07ad54f9ab5f8:SESSION-e6a07ad54f9ab5f8	SESSION-e6a07ad54f9ab5f8 → pe:syn:SESSION-e6a07ad54f9ab5f8
flow_observed5-aryOBS	e:fo:flow:7df3f8b64aac	flow:7df3f8b64aac → host:177.10.234.243 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:104.28.202.80:asn:13335	host:104.28.202.80 → asn:13335
FLOW_TO_HOSTOBS	e:to:SESSION-a3414b775ddfde4b:host:172.234.197.23	SESSION-a3414b775ddfde4b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-be95a34ad4eedb81:host:131.196.31.26	SESSION-be95a34ad4eedb81 → host:131.196.31.26
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2b1032a47414de8d:PCAP:capture_20260430090001:065659c7d314	SESSION-2b1032a47414de8d → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.110:asn:262880	host:177.10.235.110 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23efb1317beab0b3:host:177.10.239.80	SESSION-23efb1317beab0b3 → host:177.10.239.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8cf04cf372371106:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-8cf04cf372371106 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:b414c202d9e1	flow:b414c202d9e1 → host:177.10.235.158 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.224:asn:262880	host:177.10.239.224 → asn:262880
FLOW_QUERIED_DNSOBS	e:fd:flow:943d842fa81c:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:943d842fa81c → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
FLOW_TO_HOSTOBS	e:to:SESSION-dd108cc47984c911:host:177.10.233.145	SESSION-dd108cc47984c911 → host:177.10.233.145
FLOW_DST_PORTOBS	e:fp:flow:e5f6f0f6f709:port:tcp:39793	flow:e5f6f0f6f709 → port:tcp:39793
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-997b652ef378c5d4:SESSION-997b652ef378c5d4	SESSION-997b652ef378c5d4 → pe:syn:SESSION-997b652ef378c5d4
flow_observed5-aryOBS	e:fo:flow:c6d85d433251	flow:c6d85d433251 → host:185.231.226.117 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_FROM_HOSTOBS	e:from:SESSION-c5ea1449320ef78b:host:95.135.228.14	SESSION-c5ea1449320ef78b → host:95.135.228.14
FLOW_FROM_HOSTOBS	e:from:SESSION-136e732c63cf53f4:host:177.10.238.55	SESSION-136e732c63cf53f4 → host:177.10.238.55
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bcd779876233a786:host:45.145.152.15:host:172.234.197.23	SESSION-bcd779876233a786 → host:45.145.152.15 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2ce85ca988e6:port:tcp:50756	flow:2ce85ca988e6 → port:tcp:50756
FLOW_DST_PORTOBS	e:fp:flow:56fb0bb7a878:port:tcp:39377	flow:56fb0bb7a878 → port:tcp:39377
FLOW_DST_PORTOBS	e:fp:flow:2539e145c2c5:port:tcp:443	flow:2539e145c2c5 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-252ece6cab0420bc:SESSION-252ece6cab0420bc	SESSION-252ece6cab0420bc → pe:syn:SESSION-252ece6cab0420bc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4059a39607153158:flow:7ef7e61abeff	SESSION-4059a39607153158 → flow:7ef7e61abeff
FLOW_TO_HOSTOBS	e:to:SESSION-4cc2e8571100ea2b:host:172.234.197.23	SESSION-4cc2e8571100ea2b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f983957c7ddd:port:tcp:63218	flow:f983957c7ddd → port:tcp:63218
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-28e21153f6abb648:SESSION-28e21153f6abb648	SESSION-28e21153f6abb648 → pe:tls:SESSION-28e21153f6abb648
FLOW_FROM_HOSTOBS	e:from:SESSION-f9ddceec57447449:host:177.10.234.250	SESSION-f9ddceec57447449 → host:177.10.234.250
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.134:asn:273470	host:45.173.156.134 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-b1ca06073d474c63:host:172.234.197.23	SESSION-b1ca06073d474c63 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9128704be6a27a1a:host:172.234.197.23	SESSION-9128704be6a27a1a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5016108ab6552957:PCAP:capture_20260430110001:43611bdf6759	SESSION-5016108ab6552957 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-969e64e33723c991:SESSION-969e64e33723c991	SESSION-969e64e33723c991 → pe:syn:SESSION-969e64e33723c991
FLOW_FROM_HOSTOBS	e:from:SESSION-39adf49608796443:host:177.10.239.177	SESSION-39adf49608796443 → host:177.10.239.177
FLOW_TO_HOSTOBS	e:to:SESSION-958fc48089d68c44:host:172.234.197.23	SESSION-958fc48089d68c44 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:879448d3de89	flow:879448d3de89 → host:37.221.79.128 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-3bec1644a83cc4e1:host:172.234.197.23	SESSION-3bec1644a83cc4e1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a8376f0f57e00ff1:host:172.234.197.23:host:177.10.232.234	SESSION-a8376f0f57e00ff1 → host:172.234.197.23 → host:177.10.232.234
flow_observed5-aryOBS	e:fo:flow:5c055db31751	flow:5c055db31751 → host:177.10.239.164 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:751d99601d60	flow:751d99601d60 → host:172.234.197.23 → host:177.10.235.40 → port:tcp:18351
FLOW_DST_PORTOBS	e:fp:flow:5972bd93e84b:port:tcp:443	flow:5972bd93e84b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01c9c3509e882c26:host:45.173.156.158	SESSION-01c9c3509e882c26 → host:45.173.156.158
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f486f528dd93473:host:177.10.239.186	SESSION-3f486f528dd93473 → host:177.10.239.186
flow_observed5-aryOBS	e:fo:flow:be0483487448	flow:be0483487448 → host:177.10.238.15 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:119f410fdf98:port:tcp:443	flow:119f410fdf98 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:f5c1b7b44120:port:tcp:49312	flow:f5c1b7b44120 → port:tcp:49312
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bfa418bfe374bf06:PCAP:capture_20260430050001:8868731bf8a4	SESSION-bfa418bfe374bf06 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-715e4cea63e7cde7:PCAP:capture_20260430050001:8868731bf8a4	SESSION-715e4cea63e7cde7 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-73ad5b34385541ce:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-73ad5b34385541ce → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-492b019ad94826ae:host:172.234.197.23	SESSION-492b019ad94826ae → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75251a40e4bc6a46:host:172.234.197.23	SESSION-75251a40e4bc6a46 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8132ea082e988f13:flow:6a91f40678b6	SESSION-8132ea082e988f13 → flow:6a91f40678b6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ab83f0ea1c3b60ab:SESSION-ab83f0ea1c3b60ab	SESSION-ab83f0ea1c3b60ab → pe:tls:SESSION-ab83f0ea1c3b60ab
flow_observed5-aryOBS	e:fo:flow:da47990b0d54	flow:da47990b0d54 → host:177.10.233.230 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e5a2ddb999c90e17:flow:7c1da452d8d9	SESSION-e5a2ddb999c90e17 → flow:7c1da452d8d9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6cb17c89d7425739:flow:ed2e3c104301	SESSION-6cb17c89d7425739 → flow:ed2e3c104301
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a7b3f412ee893afd:flow:3753f50df565	SESSION-a7b3f412ee893afd → flow:3753f50df565
FLOW_DST_PORTOBS	e:fp:flow:dc77810442c2:port:tcp:443	flow:dc77810442c2 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-76cec71360f7a00a:SESSION-76cec71360f7a00a	SESSION-76cec71360f7a00a → pe:tls:SESSION-76cec71360f7a00a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58a14b9397c116a1:host:131.196.29.124	SESSION-58a14b9397c116a1 → host:131.196.29.124
FLOW_DST_PORTOBS	e:fp:flow:6c589b7c75b1:port:tcp:20094	flow:6c589b7c75b1 → port:tcp:20094
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d59ad8978cc7e8b9:SESSION-d59ad8978cc7e8b9	SESSION-d59ad8978cc7e8b9 → pe:syn:SESSION-d59ad8978cc7e8b9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c70d9a6440c9b19a:host:177.10.235.176:host:172.234.197.23	SESSION-c70d9a6440c9b19a → host:177.10.235.176 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ed5a5f4d7e8650f:host:177.10.239.135:host:172.234.197.23	SESSION-6ed5a5f4d7e8650f → host:177.10.239.135 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e2edb47571c4ed35:SESSION-e2edb47571c4ed35	SESSION-e2edb47571c4ed35 → pe:tls:SESSION-e2edb47571c4ed35
FLOW_TO_HOSTOBS	e:to:SESSION-5e9dc14d87b5185c:host:172.234.197.23	SESSION-5e9dc14d87b5185c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-89ddb9a3043f63a3:PCAP:capture_20260430110001:43611bdf6759	SESSION-89ddb9a3043f63a3 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d5ae6e0246d28b44:flow:3639fff40dd8	SESSION-d5ae6e0246d28b44 → flow:3639fff40dd8
FLOW_DST_PORTOBS	e:fp:flow:9211244e0c57:port:tcp:443	flow:9211244e0c57 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d30b8cd9cbd48a1:host:131.196.29.211	SESSION-1d30b8cd9cbd48a1 → host:131.196.29.211
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1191e0b24f1d121:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-d1191e0b24f1d121 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65aa50b6e4bd0a70:flow:808ab10b9fcf	SESSION-65aa50b6e4bd0a70 → flow:808ab10b9fcf
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.227:asn:273470	host:45.173.156.227 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4af9ea8e19c0cf86:host:172.234.197.23	SESSION-4af9ea8e19c0cf86 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-61aa57a35ec0da02:PCAP:capture_20260430060001:919b39a74464	SESSION-61aa57a35ec0da02 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e2676dbc5b99ef14:SESSION-e2676dbc5b99ef14	SESSION-e2676dbc5b99ef14 → pe:tls:SESSION-e2676dbc5b99ef14
FLOW_TO_HOSTOBS	e:to:SESSION-75d6129ea0f7ecdc:host:131.196.28.247	SESSION-75d6129ea0f7ecdc → host:131.196.28.247
FLOW_FROM_HOSTOBS	e:from:SESSION-ecb67f73d2142d93:host:177.10.232.142	SESSION-ecb67f73d2142d93 → host:177.10.232.142
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e50b84c66ab32ef:host:172.234.197.23	SESSION-7e50b84c66ab32ef → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.94:asn:262880	host:177.10.239.94 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0482212efb1d2581:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0482212efb1d2581 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-72a654eac2136215:flow:05fb2af39457	SESSION-72a654eac2136215 → flow:05fb2af39457
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1f0a324b14316cd:host:172.234.197.23	SESSION-e1f0a324b14316cd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1745753d6a990e0e:host:177.10.238.70	SESSION-1745753d6a990e0e → host:177.10.238.70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-938eb42ac2c00523:host:172.234.197.23	SESSION-938eb42ac2c00523 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4dc16adec194cf9c:flow:a125a071d169	SESSION-4dc16adec194cf9c → flow:a125a071d169
flow_observed5-aryOBS	e:fo:flow:35b89e4ab0ec	flow:35b89e4ab0ec → host:104.28.202.79 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-0612d11703a94cf9:host:92.112.71.176	SESSION-0612d11703a94cf9 → host:92.112.71.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ed5513c22512ddd:host:45.173.156.228	SESSION-2ed5513c22512ddd → host:45.173.156.228
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.132:asn:262880	host:177.10.237.132 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7440e76ff1d72d2f:host:172.234.197.23	SESSION-7440e76ff1d72d2f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-35e3c61c67455ba8:SESSION-35e3c61c67455ba8	SESSION-35e3c61c67455ba8 → pe:syn:SESSION-35e3c61c67455ba8
FLOW_TO_HOSTOBS	e:to:SESSION-db187e026dbc97b6:host:177.10.234.46	SESSION-db187e026dbc97b6 → host:177.10.234.46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4ed0c7009b8f0d4:host:177.10.238.226	SESSION-b4ed0c7009b8f0d4 → host:177.10.238.226
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.49:geo_-23.62930_-46.63510	host:131.196.30.49 → geo_-23.62930_-46.63510
flow_observed4-aryOBS	e:fo:flow:03b1001edb70	flow:03b1001edb70 → host:172.234.197.23 → host:177.10.233.255 → port:tcp:42706
FLOW_TO_HOSTOBS	e:to:SESSION-f34bafe5f2be5770:host:172.234.197.23	SESSION-f34bafe5f2be5770 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-78b89cf411e3ebb4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-78b89cf411e3ebb4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e25d600ec07dd53e:flow:0b6a2a1033b9	SESSION-e25d600ec07dd53e → flow:0b6a2a1033b9
FLOW_DST_PORTOBS	e:fp:flow:8d0575d2f6b8:port:tcp:443	flow:8d0575d2f6b8 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:349f21578dbb	flow:349f21578dbb → host:172.234.197.23 → host:177.10.232.133 → port:tcp:46178
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f299703bc1b4ff9:host:172.234.197.23	SESSION-1f299703bc1b4ff9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-083cc9a3854de3cd:SESSION-083cc9a3854de3cd	SESSION-083cc9a3854de3cd → pe:rst:SESSION-083cc9a3854de3cd
FLOW_FROM_HOSTOBS	e:from:SESSION-7d2803f457704e39:host:131.196.29.214	SESSION-7d2803f457704e39 → host:131.196.29.214
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-105ac3e4c69fbe80:SESSION-105ac3e4c69fbe80	SESSION-105ac3e4c69fbe80 → pe:syn:SESSION-105ac3e4c69fbe80
FLOW_FROM_HOSTOBS	e:from:SESSION-85a5e7fc435163e0:host:172.234.197.23	SESSION-85a5e7fc435163e0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d3e80fb3431ec3f4:host:172.234.197.23	SESSION-d3e80fb3431ec3f4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-06d2ad4243fb8941:SESSION-06d2ad4243fb8941	SESSION-06d2ad4243fb8941 → pe:syn:SESSION-06d2ad4243fb8941
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-764a731a27d64086:host:31.40.196.4:host:172.234.197.23	SESSION-764a731a27d64086 → host:31.40.196.4 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.66:asn:262880	host:177.10.232.66 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a6ec641540644ee0:SESSION-a6ec641540644ee0	SESSION-a6ec641540644ee0 → pe:syn:SESSION-a6ec641540644ee0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e6d70ae2d31fba9:host:131.196.28.190	SESSION-6e6d70ae2d31fba9 → host:131.196.28.190
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.135.228.39:geo_41.00190_28.96450	host:95.135.228.39 → geo_41.00190_28.96450
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4363548d57b1d6df:host:172.234.197.23	SESSION-4363548d57b1d6df → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:171729e27d1d:port:tcp:443	flow:171729e27d1d → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-de2c7d1c6ad5841e:host:131.196.30.134	SESSION-de2c7d1c6ad5841e → host:131.196.30.134
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2354f30fe4af5f56:SESSION-2354f30fe4af5f56	SESSION-2354f30fe4af5f56 → pe:syn:SESSION-2354f30fe4af5f56
FLOW_DST_PORTOBS	e:fp:flow:3b557a8dfb82:port:tcp:43110	flow:3b557a8dfb82 → port:tcp:43110
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-08924e756ead6523:flow:19fa174b1ad7	SESSION-08924e756ead6523 → flow:19fa174b1ad7
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.251:asn:262880	host:177.10.236.251 → asn:262880
flow_observed3-aryOBS	e:fo:flow:da2ee44f8963	flow:da2ee44f8963 → host:172.234.197.23 → host:92.118.39.236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e606b3df4d49b4d1:SESSION-e606b3df4d49b4d1	SESSION-e606b3df4d49b4d1 → pe:tls:SESSION-e606b3df4d49b4d1
FLOW_TO_HOSTOBS	e:to:SESSION-c7635cd052466cdd:host:104.28.234.79	SESSION-c7635cd052466cdd → host:104.28.234.79
FLOW_TO_HOSTOBS	e:to:SESSION-44cdc048c80875b5:host:172.234.197.23	SESSION-44cdc048c80875b5 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5d97665061b5	flow:5d97665061b5 → host:45.173.156.221 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41d09b35a7c7bf56:host:172.234.197.23	SESSION-41d09b35a7c7bf56 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bb284da23027:port:tcp:546	flow:bb284da23027 → port:tcp:546
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e4cbb1218941faec:flow:a81beaceca4d	SESSION-e4cbb1218941faec → flow:a81beaceca4d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9072e99a39ab8173:host:45.173.156.61	SESSION-9072e99a39ab8173 → host:45.173.156.61
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-205f350cdfc6cb9d:SESSION-205f350cdfc6cb9d	SESSION-205f350cdfc6cb9d → pe:syn:SESSION-205f350cdfc6cb9d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ad9dd4ac6be1fc2:host:131.196.30.244:host:172.234.197.23	SESSION-1ad9dd4ac6be1fc2 → host:131.196.30.244 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b64c855cb393ccc0:host:172.234.197.23:host:131.196.30.186	SESSION-b64c855cb393ccc0 → host:172.234.197.23 → host:131.196.30.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9633daabdcbaa0c0:host:172.234.197.23	SESSION-9633daabdcbaa0c0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-70f9355e024c975b:host:172.234.197.23	SESSION-70f9355e024c975b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a3c1d53f1688156:host:131.196.28.44:host:172.234.197.23	SESSION-8a3c1d53f1688156 → host:131.196.28.44 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f105059d1ed0a542:host:172.234.197.23	SESSION-f105059d1ed0a542 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4531330495d6a6b8:host:172.234.197.23	SESSION-4531330495d6a6b8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-652478bc70a2d711:SESSION-652478bc70a2d711	SESSION-652478bc70a2d711 → pe:syn:SESSION-652478bc70a2d711
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6a66568eff025692:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6a66568eff025692 → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:156.59.198.136:asn:21859	host:156.59.198.136 → asn:21859
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef002e94e1d9ac81:host:131.196.29.240	SESSION-ef002e94e1d9ac81 → host:131.196.29.240
FLOW_FROM_HOSTOBS	e:from:SESSION-4e3ca473e8fbcab1:host:177.10.239.145	SESSION-4e3ca473e8fbcab1 → host:177.10.239.145
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-619cd2820aafdf33:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-619cd2820aafdf33 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:87fdc9f515c4	flow:87fdc9f515c4 → host:131.196.30.214 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c652a29a62d722ea:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c652a29a62d722ea → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.91.240.230:geo_39.04690_-77.49030	host:54.91.240.230 → geo_39.04690_-77.49030
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef849695f946a5ec:host:177.10.239.138	SESSION-ef849695f946a5ec → host:177.10.239.138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-985fc991cba9cb9c:host:172.234.197.23	SESSION-985fc991cba9cb9c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3393fca13374f4c8:SESSION-3393fca13374f4c8	SESSION-3393fca13374f4c8 → pe:tls:SESSION-3393fca13374f4c8
flow_observed4-aryOBS	e:fo:flow:639cb22fe98d	flow:639cb22fe98d → host:172.234.197.23 → host:131.196.30.237 → port:tcp:16394
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-132ae74090c90dac:SESSION-132ae74090c90dac	SESSION-132ae74090c90dac → pe:tls:SESSION-132ae74090c90dac
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-424fe4b4ecc22e45:host:131.196.31.122:host:172.234.197.23	SESSION-424fe4b4ecc22e45 → host:131.196.31.122 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73ce8b7b43538e4e:host:104.28.202.79	SESSION-73ce8b7b43538e4e → host:104.28.202.79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e9c01925d6f4319:host:45.173.156.158	SESSION-3e9c01925d6f4319 → host:45.173.156.158
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85a5e7fc435163e0:PCAP:capture_20260430050001:8868731bf8a4	SESSION-85a5e7fc435163e0 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ac0f4c4f1d3b1c15:SESSION-ac0f4c4f1d3b1c15	SESSION-ac0f4c4f1d3b1c15 → pe:tls:SESSION-ac0f4c4f1d3b1c15
FLOW_DST_PORTOBS	e:fp:flow:c0bc3d7637a6:port:tcp:443	flow:c0bc3d7637a6 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5e72c530de39a222:SESSION-5e72c530de39a222	SESSION-5e72c530de39a222 → pe:tls:SESSION-5e72c530de39a222
FLOW_DST_PORTOBS	e:fp:flow:f8430a3f1b8e:port:tcp:443	flow:f8430a3f1b8e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-a3a44f67a1174447:SESSION-a3a44f67a1174447	SESSION-a3a44f67a1174447 → pe:rst:SESSION-a3a44f67a1174447
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c9716031ec5470ef:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c9716031ec5470ef → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3fa41b89da3fc0a6:PCAP:capture_20260430080001:93f47cc296a4	SESSION-3fa41b89da3fc0a6 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f4f84053ddcae3c:host:177.10.233.201	SESSION-7f4f84053ddcae3c → host:177.10.233.201
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ed59d63ff912d69c:SESSION-ed59d63ff912d69c	SESSION-ed59d63ff912d69c → pe:tls:SESSION-ed59d63ff912d69c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-285399b7803aab9b:host:172.234.197.23	SESSION-285399b7803aab9b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-39aafc698c61dd93:host:177.10.235.248	SESSION-39aafc698c61dd93 → host:177.10.235.248
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-840476c00c988ec7:host:177.10.238.91:host:172.234.197.23	SESSION-840476c00c988ec7 → host:177.10.238.91 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7fd72175928a8e59:flow:a4a590b26aa1	SESSION-7fd72175928a8e59 → flow:a4a590b26aa1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ae99c26bd6d2dd56:SESSION-ae99c26bd6d2dd56	SESSION-ae99c26bd6d2dd56 → pe:tls:SESSION-ae99c26bd6d2dd56
FLOW_FROM_HOSTOBS	e:from:SESSION-5e5c0136d660133a:host:172.234.197.23	SESSION-5e5c0136d660133a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-456e7eaee9f2720f:host:172.234.197.23	SESSION-456e7eaee9f2720f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf8f9827f106db93:host:177.10.237.98	SESSION-bf8f9827f106db93 → host:177.10.237.98
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0debd2a005265c6e:flow:91ba6653c68a	SESSION-0debd2a005265c6e → flow:91ba6653c68a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ca59997a1fd2235:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-2ca59997a1fd2235 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-06c7d2e525939bdd:host:172.234.197.23	SESSION-06c7d2e525939bdd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e67ae3320dee0238:SESSION-e67ae3320dee0238	SESSION-e67ae3320dee0238 → pe:syn:SESSION-e67ae3320dee0238
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-587cecb9c2d65d84:SESSION-587cecb9c2d65d84	SESSION-587cecb9c2d65d84 → pe:syn:SESSION-587cecb9c2d65d84
FLOW_FROM_HOSTOBS	e:from:SESSION-20c169d44973b1e9:host:177.10.237.129	SESSION-20c169d44973b1e9 → host:177.10.237.129
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-469998d187b1b945:PCAP:capture_20260430080001:93f47cc296a4	SESSION-469998d187b1b945 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a208e591aeac31e9:host:177.10.234.203:host:172.234.197.23	SESSION-a208e591aeac31e9 → host:177.10.234.203 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-cd1b98a612532c8e:SESSION-cd1b98a612532c8e	SESSION-cd1b98a612532c8e → pe:rst:SESSION-cd1b98a612532c8e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6f6577138d25ad9e:SESSION-6f6577138d25ad9e	SESSION-6f6577138d25ad9e → pe:syn:SESSION-6f6577138d25ad9e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e8070c9158a1a853:host:172.234.197.23:host:45.173.156.148	SESSION-e8070c9158a1a853 → host:172.234.197.23 → host:45.173.156.148
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0f329fce2004d812:PCAP:capture_20260430150001:ded20914761d	SESSION-0f329fce2004d812 → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.108:geo_-16.28860_-49.01640	host:177.10.233.108 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-79f857f82eac6daa:host:177.10.239.56	SESSION-79f857f82eac6daa → host:177.10.239.56
FLOW_FROM_HOSTOBS	e:from:SESSION-d1191e0b24f1d121:host:92.112.71.250	SESSION-d1191e0b24f1d121 → host:92.112.71.250
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d2b55c597efe9edc:host:44.247.223.188:host:172.234.197.23	SESSION-d2b55c597efe9edc → host:44.247.223.188 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3d526a62cd76fa97:host:131.196.29.235	SESSION-3d526a62cd76fa97 → host:131.196.29.235
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c7239dbaec89ca2f:host:172.234.197.23:host:131.196.30.223	SESSION-c7239dbaec89ca2f → host:172.234.197.23 → host:131.196.30.223
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-142a24cb96c02884:SESSION-142a24cb96c02884	SESSION-142a24cb96c02884 → pe:tls:SESSION-142a24cb96c02884
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-27d66e2c1260cc5f:SESSION-27d66e2c1260cc5f	SESSION-27d66e2c1260cc5f → pe:syn:SESSION-27d66e2c1260cc5f
FLOW_TO_HOSTOBS	e:to:SESSION-724b8ddf902cc285:host:172.234.197.23	SESSION-724b8ddf902cc285 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-609881b75f195530:host:172.234.197.23	SESSION-609881b75f195530 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-21a6fb1ae6879e55:host:177.10.236.239	SESSION-21a6fb1ae6879e55 → host:177.10.236.239
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c36a1f3b5aad9a99:host:177.10.232.247	SESSION-c36a1f3b5aad9a99 → host:177.10.232.247
FLOW_FROM_HOSTOBS	e:from:SESSION-3ea33f21558d3ba7:host:177.10.237.211	SESSION-3ea33f21558d3ba7 → host:177.10.237.211
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ffb3444ca3f5caf:host:177.10.233.126	SESSION-1ffb3444ca3f5caf → host:177.10.233.126
FLOW_TLS_SNIOBS	e:fs:flow:9531066988f0:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:9531066988f0 → tls_sni:172-234-197-23.ip.linodeusercontent.com
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.72:geo_-16.28860_-49.01640	host:177.10.235.72 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f29ae4ea1d6d03ed:flow:25de7fffdafc	SESSION-f29ae4ea1d6d03ed → flow:25de7fffdafc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-54c75738c2308981:flow:fc3f382b5261	SESSION-54c75738c2308981 → flow:fc3f382b5261
FLOW_FROM_HOSTOBS	e:from:SESSION-f3e5ef5a453dff40:host:177.10.238.151	SESSION-f3e5ef5a453dff40 → host:177.10.238.151
FLOW_FROM_HOSTOBS	e:from:SESSION-912f333ca4ce75c1:host:177.10.238.35	SESSION-912f333ca4ce75c1 → host:177.10.238.35
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-42d2a5353a30deb6:PCAP:capture_20260430060001:919b39a74464	SESSION-42d2a5353a30deb6 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4f003e7e66ba8f79:SESSION-4f003e7e66ba8f79	SESSION-4f003e7e66ba8f79 → pe:syn:SESSION-4f003e7e66ba8f79
FLOW_FROM_HOSTOBS	e:from:SESSION-ddc82f590dd8a411:host:177.10.237.200	SESSION-ddc82f590dd8a411 → host:177.10.237.200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7963f405207d2813:SESSION-7963f405207d2813	SESSION-7963f405207d2813 → pe:tls:SESSION-7963f405207d2813
FLOW_FROM_HOSTOBS	e:from:SESSION-9028600f4eef977b:host:177.10.235.116	SESSION-9028600f4eef977b → host:177.10.235.116
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.76:asn:273470	host:45.173.156.76 → asn:273470
ASN_IN_ORGOBS 80%	e:ao:asn:15169:org:Google LLC	asn:15169 → org:Google LLC
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.212:geo_-23.62930_-46.63510	host:131.196.30.212 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0586166ee52acb1f:flow:7e388f522c88	SESSION-0586166ee52acb1f → flow:7e388f522c88
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-4235901c81cb167b:SESSION-4235901c81cb167b	SESSION-4235901c81cb167b → pe:dns:SESSION-4235901c81cb167b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-7601ec92d63a89e6:SESSION-7601ec92d63a89e6	SESSION-7601ec92d63a89e6 → pe:rst:SESSION-7601ec92d63a89e6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-98c12e77f111e64e:PCAP:capture_20260430150001:ded20914761d	SESSION-98c12e77f111e64e → PCAP:capture_20260430150001:ded20914761d
flow_observed5-aryOBS	e:fo:flow:d297a1162663	flow:d297a1162663 → host:45.173.156.51 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-b2474eb623db0155:host:172.234.197.23	SESSION-b2474eb623db0155 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96ad3251c1ecb855:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-96ad3251c1ecb855 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c7635cd052466cdd:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c7635cd052466cdd → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-23002560e1da6de3:SESSION-23002560e1da6de3	SESSION-23002560e1da6de3 → pe:tls:SESSION-23002560e1da6de3
flow_observed5-aryOBS	e:fo:flow:b4e15c624c90	flow:b4e15c624c90 → host:103.230.240.59 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10017e021bbc0f25:host:172.234.197.23	SESSION-10017e021bbc0f25 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-89c3cc1547edab47:host:172.234.197.23	SESSION-89c3cc1547edab47 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.173:asn:262880	host:177.10.238.173 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4f8f4fc610e76fd:flow:0becdb8f6786	SESSION-c4f8f4fc610e76fd → flow:0becdb8f6786
flow_observed5-aryOBS	e:fo:flow:94268ec9e770	flow:94268ec9e770 → host:177.10.239.10 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c49f5291ee3911b4:host:172.234.197.23	SESSION-c49f5291ee3911b4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fbcca05a1b3df0cf:host:131.196.29.170:host:172.234.197.23	SESSION-fbcca05a1b3df0cf → host:131.196.29.170 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9252fa43a6ca744f:host:172.234.197.23	SESSION-9252fa43a6ca744f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-181666d0ed9d45b8:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-181666d0ed9d45b8 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed4-aryOBS	e:fo:flow:9baedb01cc14	flow:9baedb01cc14 → host:172.234.197.23 → host:177.10.234.115 → port:tcp:6278
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.166:geo_-16.28860_-49.01640	host:177.10.237.166 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b338c508fb604797:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b338c508fb604797 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8139f2a89dd46f4b:host:131.196.31.126:host:172.234.197.23	SESSION-8139f2a89dd46f4b → host:131.196.31.126 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-996af5414634114f:host:177.10.235.151	SESSION-996af5414634114f → host:177.10.235.151
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.189:asn:271410	host:131.196.30.189 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:38ea61ca398c:port:tcp:443	flow:38ea61ca398c → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-86b498cacf4afadd:host:45.173.156.82	SESSION-86b498cacf4afadd → host:45.173.156.82
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c47a34d160ec21ba:host:177.10.239.177:host:172.234.197.23	SESSION-c47a34d160ec21ba → host:177.10.239.177 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:218b80a18834	flow:218b80a18834 → host:131.196.28.122 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-08ee685c4e8cc842:host:172.234.197.23	SESSION-08ee685c4e8cc842 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb645c1b10558a95:host:177.10.233.93	SESSION-fb645c1b10558a95 → host:177.10.233.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0758ca9101405049:SESSION-0758ca9101405049	SESSION-0758ca9101405049 → pe:syn:SESSION-0758ca9101405049
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c15ada1b10271eef:PCAP:capture_20260430150001:ded20914761d	SESSION-c15ada1b10271eef → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5dccafc7307f6ac:flow:9ef2c055debc	SESSION-b5dccafc7307f6ac → flow:9ef2c055debc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a1d91047073c4c2:host:177.10.237.103	SESSION-4a1d91047073c4c2 → host:177.10.237.103
FLOW_DST_PORTOBS	e:fp:flow:d35acae39da6:port:tcp:443	flow:d35acae39da6 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-b5498d903f3b2d41:host:177.10.238.170	SESSION-b5498d903f3b2d41 → host:177.10.238.170
FLOW_TO_HOSTOBS	e:to:SESSION-b0ca3b8aea25b593:host:45.173.156.221	SESSION-b0ca3b8aea25b593 → host:45.173.156.221
FLOW_FROM_HOSTOBS	e:from:SESSION-59a63fae51b24a38:host:131.196.31.46	SESSION-59a63fae51b24a38 → host:131.196.31.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf679119291e5246:SESSION-bf679119291e5246	SESSION-bf679119291e5246 → pe:tls:SESSION-bf679119291e5246
FLOW_TO_HOSTOBS	e:to:SESSION-fa3e9fc803f342ab:host:172.234.197.23	SESSION-fa3e9fc803f342ab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc58620ced71d747:host:172.234.197.23	SESSION-cc58620ced71d747 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f3381dfc2bf4	flow:f3381dfc2bf4 → host:177.10.236.7 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f1b581ea0c38fa14:host:45.173.156.68	SESSION-f1b581ea0c38fa14 → host:45.173.156.68
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aede3430ffb62e05:SESSION-aede3430ffb62e05	SESSION-aede3430ffb62e05 → pe:tls:SESSION-aede3430ffb62e05
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0ea66afd66f329a0:SESSION-0ea66afd66f329a0	SESSION-0ea66afd66f329a0 → pe:tls:SESSION-0ea66afd66f329a0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-501c474d8a937a90:flow:b96ebacbeedc	SESSION-501c474d8a937a90 → flow:b96ebacbeedc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-46ff0fa4ec42545a:flow:94acff5eb08f	SESSION-46ff0fa4ec42545a → flow:94acff5eb08f
flow_observed5-aryOBS	e:fo:flow:ce27e65991f6	flow:ce27e65991f6 → host:177.10.235.98 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fbdf1132d9fb1d0d:host:172.234.197.23	SESSION-fbdf1132d9fb1d0d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6966225f20017b9e:SESSION-6966225f20017b9e	SESSION-6966225f20017b9e → pe:tls:SESSION-6966225f20017b9e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65316f3920c6d168:host:177.10.235.105:host:172.234.197.23	SESSION-65316f3920c6d168 → host:177.10.235.105 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ee5756ac65b5ed68:flow:12598bc517fa	SESSION-ee5756ac65b5ed68 → flow:12598bc517fa
FLOW_FROM_HOSTOBS	e:from:SESSION-bf343490b1b7ef49:host:172.234.197.23	SESSION-bf343490b1b7ef49 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7679fd0fd118c12e:host:131.196.30.91:host:172.234.197.23	SESSION-7679fd0fd118c12e → host:131.196.30.91 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d9190055622b:port:tcp:23492	flow:d9190055622b → port:tcp:23492
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-69ac7334931bf6c1:flow:a7c8e382dfaf	SESSION-69ac7334931bf6c1 → flow:a7c8e382dfaf
flow_observed4-aryOBS	e:fo:flow:5c121a47df86	flow:5c121a47df86 → host:172.234.197.23 → host:131.196.30.9 → port:tcp:8165
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fb20cb96e066d018:host:177.10.237.80:host:172.234.197.23	SESSION-fb20cb96e066d018 → host:177.10.237.80 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e4cbb1218941faec:SESSION-e4cbb1218941faec	SESSION-e4cbb1218941faec → pe:tls:SESSION-e4cbb1218941faec
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.225:asn:262880	host:177.10.239.225 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a8441f04433657ee:flow:9ef022319f6b	SESSION-a8441f04433657ee → flow:9ef022319f6b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ec50ec61227c5d5c:flow:b536c20c3fd9	SESSION-ec50ec61227c5d5c → flow:b536c20c3fd9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-954ce8dcd8b034e5:PCAP:capture_20260430160001:9bfa4498506a	SESSION-954ce8dcd8b034e5 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:3122f5c62a02	flow:3122f5c62a02 → host:177.10.238.227 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9252fa43a6ca744f:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-9252fa43a6ca744f → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22873a115734b4a8:host:177.10.232.24	SESSION-22873a115734b4a8 → host:177.10.232.24
FLOW_TO_HOSTOBS	e:to:SESSION-fae3464e58310370:host:172.234.197.23	SESSION-fae3464e58310370 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dddaf831f2a46242:host:172.234.197.23:host:131.196.29.106	SESSION-dddaf831f2a46242 → host:172.234.197.23 → host:131.196.29.106
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c652a29a62d722ea:host:54.91.240.230:host:172.234.197.23	SESSION-c652a29a62d722ea → host:54.91.240.230 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-61e3533744fe7104:host:172.234.197.23	SESSION-61e3533744fe7104 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.248:asn:262880	host:177.10.237.248 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c6698f170085be7:host:177.10.237.248	SESSION-0c6698f170085be7 → host:177.10.237.248
FLOW_FROM_HOSTOBS	e:from:SESSION-1ddd0457559a3680:host:131.196.31.226	SESSION-1ddd0457559a3680 → host:131.196.31.226
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a1570467d4c9a43:PCAP:capture_20260430150001:ded20914761d	SESSION-4a1570467d4c9a43 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-386a52b5a647d101:host:177.10.234.157	SESSION-386a52b5a647d101 → host:177.10.234.157
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1b9f91f77c860b7c:flow:1652bba9052d	SESSION-1b9f91f77c860b7c → flow:1652bba9052d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-01e9e36dd29e3f1f:SESSION-01e9e36dd29e3f1f	SESSION-01e9e36dd29e3f1f → pe:tls:SESSION-01e9e36dd29e3f1f
FLOW_TO_HOSTOBS	e:to:SESSION-65c1debe675497c7:host:45.173.156.3	SESSION-65c1debe675497c7 → host:45.173.156.3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4f12bb9f5880e55b:SESSION-4f12bb9f5880e55b	SESSION-4f12bb9f5880e55b → pe:syn:SESSION-4f12bb9f5880e55b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-106d77d887836a65:host:172.234.197.23	SESSION-106d77d887836a65 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e2f2dfbe9df7c080:host:172.234.197.23	SESSION-e2f2dfbe9df7c080 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dc755b03d1f3f489:flow:db9035c128d2	SESSION-dc755b03d1f3f489 → flow:db9035c128d2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-998c67ab79f4e23e:host:172.234.197.23	SESSION-998c67ab79f4e23e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2117b91b7562ba94:host:177.10.236.118	SESSION-2117b91b7562ba94 → host:177.10.236.118
FLOW_TO_HOSTOBS	e:to:SESSION-c3db1a0404e21661:host:172.234.197.23	SESSION-c3db1a0404e21661 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d5ad022ad4096ce5:host:131.196.31.10	SESSION-d5ad022ad4096ce5 → host:131.196.31.10
FLOW_DST_PORTOBS	e:fp:flow:f6c69868181b:port:tcp:443	flow:f6c69868181b → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-742c2d67dec63a6f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-742c2d67dec63a6f → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a16442ff0a72733c:host:172.234.197.23:host:131.196.31.182	SESSION-a16442ff0a72733c → host:172.234.197.23 → host:131.196.31.182
FLOW_FROM_HOSTOBS	e:from:SESSION-e4e6682786f65470:host:177.10.234.176	SESSION-e4e6682786f65470 → host:177.10.234.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e01d63cbcaad0b90:host:172.234.197.23	SESSION-e01d63cbcaad0b90 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4076f0f6734ca69:host:172.234.197.23	SESSION-d4076f0f6734ca69 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ffa310b40a91058:host:172.234.197.23	SESSION-2ffa310b40a91058 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-02199a3eaa60c28c:host:172.234.197.23	SESSION-02199a3eaa60c28c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9c0456097f35e54:host:177.10.232.159	SESSION-c9c0456097f35e54 → host:177.10.232.159
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.130:geo_-16.28860_-49.01640	host:177.10.232.130 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.204:geo_-16.28860_-49.01640	host:177.10.238.204 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-616ab8d382244a8d:host:172.234.197.23	SESSION-616ab8d382244a8d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-27da8f08a1512941:host:45.173.156.220	SESSION-27da8f08a1512941 → host:45.173.156.220
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-251fcdeeb3ee3f58:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-251fcdeeb3ee3f58 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e41b633abf5898e8:SESSION-e41b633abf5898e8	SESSION-e41b633abf5898e8 → pe:syn:SESSION-e41b633abf5898e8
flow_observed4-aryOBS	e:fo:flow:33ab980b5e65	flow:33ab980b5e65 → host:172.234.197.23 → host:177.10.239.209 → port:tcp:41190
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3bc35cbabc9b015e:flow:3f499886bc2e	SESSION-3bc35cbabc9b015e → flow:3f499886bc2e
flow_observed4-aryOBS	e:fo:flow:5b29f7395281	flow:5b29f7395281 → host:172.234.197.23 → host:177.10.235.225 → port:tcp:29603
FLOW_FROM_HOSTOBS	e:from:SESSION-c716fd204e4ddd99:host:172.234.197.23	SESSION-c716fd204e4ddd99 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3a899a8160ea28b7:SESSION-3a899a8160ea28b7	SESSION-3a899a8160ea28b7 → pe:syn:SESSION-3a899a8160ea28b7
FLOW_FROM_HOSTOBS	e:from:SESSION-bf132b40533c7dcc:host:177.10.235.114	SESSION-bf132b40533c7dcc → host:177.10.235.114
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94f070a5530c9e09:host:45.173.156.47	SESSION-94f070a5530c9e09 → host:45.173.156.47
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-46ff0fa4ec42545a:SESSION-46ff0fa4ec42545a	SESSION-46ff0fa4ec42545a → pe:syn:SESSION-46ff0fa4ec42545a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a592f97b57bb2999:host:177.10.237.115:host:172.234.197.23	SESSION-a592f97b57bb2999 → host:177.10.237.115 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc77084e1c24867c:SESSION-cc77084e1c24867c	SESSION-cc77084e1c24867c → pe:tls:SESSION-cc77084e1c24867c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ab65b5d8a01cf3d:host:177.10.239.208	SESSION-9ab65b5d8a01cf3d → host:177.10.239.208
FLOW_TO_HOSTOBS	e:to:SESSION-0e2a52b4f9db01a4:host:172.234.197.23	SESSION-0e2a52b4f9db01a4 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c9c5b30eb4b7e446:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-c9c5b30eb4b7e446 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51603301232db2ce:PCAP:capture_20260430110001:43611bdf6759	SESSION-51603301232db2ce → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-66fe61e0e919e0c7:PCAP:capture_20260430150001:ded20914761d	SESSION-66fe61e0e919e0c7 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-72411a82d36d6add:SESSION-72411a82d36d6add	SESSION-72411a82d36d6add → pe:tls:SESSION-72411a82d36d6add
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3982f1a8e532b400:host:172.234.197.23	SESSION-3982f1a8e532b400 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:93e9d451b334:port:tcp:8229	flow:93e9d451b334 → port:tcp:8229
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-39845edf8e8f640a:SESSION-39845edf8e8f640a	SESSION-39845edf8e8f640a → pe:tls:SESSION-39845edf8e8f640a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1984f51487784d02:SESSION-1984f51487784d02	SESSION-1984f51487784d02 → pe:syn:SESSION-1984f51487784d02
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6c53b2c88ff7f785:host:44.250.172.176:host:172.234.197.23	SESSION-6c53b2c88ff7f785 → host:44.250.172.176 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:048a9b4699ef	flow:048a9b4699ef → host:177.10.234.143 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:477f274d387f:port:tcp:41330	flow:477f274d387f → port:tcp:41330
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b8fb4f1df9684ff2:SESSION-b8fb4f1df9684ff2	SESSION-b8fb4f1df9684ff2 → pe:tls:SESSION-b8fb4f1df9684ff2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e3a0847605e0d04e:SESSION-e3a0847605e0d04e	SESSION-e3a0847605e0d04e → pe:syn:SESSION-e3a0847605e0d04e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.226:geo_-23.62930_-46.63510	host:131.196.30.226 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6af366568a421f52:SESSION-6af366568a421f52	SESSION-6af366568a421f52 → pe:syn:SESSION-6af366568a421f52
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9a7f0a64436ce2ca:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9a7f0a64436ce2ca → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-196ad93208fa5be9:host:177.10.239.211	SESSION-196ad93208fa5be9 → host:177.10.239.211
flow_observed5-aryOBS	e:fo:flow:33f7c23f1b8f	flow:33f7c23f1b8f → host:177.10.236.237 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ea9e167400c380e9:SESSION-ea9e167400c380e9	SESSION-ea9e167400c380e9 → pe:tls:SESSION-ea9e167400c380e9
FLOW_DST_PORTOBS	e:fp:flow:64143516771f:port:tcp:10690	flow:64143516771f → port:tcp:10690
FLOW_TO_HOSTOBS	e:to:SESSION-b338c508fb604797:host:131.196.30.73	SESSION-b338c508fb604797 → host:131.196.30.73
FLOW_DST_PORTOBS	e:fp:flow:1837740c68b6:port:tcp:443	flow:1837740c68b6 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:46e7d0792cb3:port:tcp:443	flow:46e7d0792cb3 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9501d29cea91bd7b:host:45.173.156.9	SESSION-9501d29cea91bd7b → host:45.173.156.9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8bdafe91f45dd428:host:172.234.197.23:host:177.10.232.49	SESSION-8bdafe91f45dd428 → host:172.234.197.23 → host:177.10.232.49
FLOW_DST_PORTOBS	e:fp:flow:a4311327b5d4:port:tcp:24701	flow:a4311327b5d4 → port:tcp:24701
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-113354c1b6207940:host:172.234.197.23	SESSION-113354c1b6207940 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3185739188bf8a1e:SESSION-3185739188bf8a1e	SESSION-3185739188bf8a1e → pe:tls:SESSION-3185739188bf8a1e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8132ea082e988f13:host:172.234.197.23	SESSION-8132ea082e988f13 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6526fd742d74	flow:6526fd742d74 → host:177.10.237.237 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.95:asn:271410	host:131.196.28.95 → asn:271410
flow_observed5-aryOBS	e:fo:flow:f1ecdce381ef	flow:f1ecdce381ef → host:177.10.237.6 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:054340c43d7f:port:tcp:51880	flow:054340c43d7f → port:tcp:51880
flow_observed4-aryOBS	e:fo:flow:3779ddfa8909	flow:3779ddfa8909 → host:172.234.197.23 → host:2.57.122.194 → port:tcp:35478
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.54:asn:273470	host:45.173.156.54 → asn:273470
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c6924fc6c1078bec:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c6924fc6c1078bec → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.150:geo_-21.10010_-41.69200	host:45.173.156.150 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8f41d49423a0699:PCAP:capture_20260430050001:8868731bf8a4	SESSION-c8f41d49423a0699 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:5d21062ad7da	flow:5d21062ad7da → host:177.10.235.18 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:8e49cbd73b6d	flow:8e49cbd73b6d → host:177.10.237.156 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.59:geo_-23.62930_-46.63510	host:131.196.30.59 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-afbbd778f47cc6c1:PCAP:capture_20260430150001:ded20914761d	SESSION-afbbd778f47cc6c1 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-40d48b3e3ce773b5:host:52.12.196.158	SESSION-40d48b3e3ce773b5 → host:52.12.196.158
FLOW_FROM_HOSTOBS	e:from:SESSION-78b6e298ccb2dbce:host:172.234.197.23	SESSION-78b6e298ccb2dbce → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a759d297db5368da:host:172.234.197.23	SESSION-a759d297db5368da → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8ccf862d3dae518e:host:131.196.28.177	SESSION-8ccf862d3dae518e → host:131.196.28.177
flow_observed4-aryOBS	e:fo:flow:fce963e430ca	flow:fce963e430ca → host:172.234.197.23 → host:45.173.156.232 → port:tcp:13330
FLOW_FROM_HOSTOBS	e:from:SESSION-4883770547012399:host:172.234.197.23	SESSION-4883770547012399 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5470436eecf7738e:host:172.234.197.23	SESSION-5470436eecf7738e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:74e0e0e1df06	flow:74e0e0e1df06 → host:131.196.29.152 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-da4440e5d8ead4fe:SESSION-da4440e5d8ead4fe	SESSION-da4440e5d8ead4fe → pe:syn:SESSION-da4440e5d8ead4fe
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eee0288be94ee16a:host:172.234.197.23	SESSION-eee0288be94ee16a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-eade11f9b06e449a:host:45.173.156.109	SESSION-eade11f9b06e449a → host:45.173.156.109
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-adbb0156eea80d2f:flow:2ba008c1adde	SESSION-adbb0156eea80d2f → flow:2ba008c1adde
FLOW_TO_HOSTOBS	e:to:SESSION-b23254615c6167a0:host:172.234.197.23	SESSION-b23254615c6167a0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8dc28b29833676bc:SESSION-8dc28b29833676bc	SESSION-8dc28b29833676bc → pe:tls:SESSION-8dc28b29833676bc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a592f97b57bb2999:flow:6709de98ca6d	SESSION-a592f97b57bb2999 → flow:6709de98ca6d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b00134b34a3a387f:host:13.208.161.175	SESSION-b00134b34a3a387f → host:13.208.161.175
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-970263f3772afe71:host:172.234.197.23	SESSION-970263f3772afe71 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b075ef361439	flow:b075ef361439 → host:45.173.156.78 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-b836173867007d89:host:172.234.197.23	SESSION-b836173867007d89 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c4fe97044eaa4ff8:host:177.10.236.124	SESSION-c4fe97044eaa4ff8 → host:177.10.236.124
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.87:asn:262880	host:177.10.239.87 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-af315627d236ddd5:host:172.234.197.23	SESSION-af315627d236ddd5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-94dde62df04dcb4a:PCAP:capture_20260430090001:065659c7d314	SESSION-94dde62df04dcb4a → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:816aac7e5fac:port:tcp:49672	flow:816aac7e5fac → port:tcp:49672
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-19cb9f6f0c8358bd:SESSION-19cb9f6f0c8358bd	SESSION-19cb9f6f0c8358bd → pe:rst:SESSION-19cb9f6f0c8358bd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-be2d81a12844874f:SESSION-be2d81a12844874f	SESSION-be2d81a12844874f → pe:syn:SESSION-be2d81a12844874f
FLOW_DST_PORTOBS	e:fp:flow:fc2a4174f5ea:port:tcp:443	flow:fc2a4174f5ea → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.137:asn:273470	host:45.173.156.137 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-082589f81acb7a8f:SESSION-082589f81acb7a8f	SESSION-082589f81acb7a8f → pe:syn:SESSION-082589f81acb7a8f
FLOW_FROM_HOSTOBS	e:from:SESSION-6aa2ce807ac3d210:host:131.196.28.19	SESSION-6aa2ce807ac3d210 → host:131.196.28.19
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b9c1bf42f4683a2:host:172.234.197.23	SESSION-2b9c1bf42f4683a2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ccf862d3dae518e:host:131.196.28.177	SESSION-8ccf862d3dae518e → host:131.196.28.177
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85683c3aa8c095db:PCAP:capture_20260430080001:93f47cc296a4	SESSION-85683c3aa8c095db → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dc085f76ab1a4e2b:host:45.173.156.116:host:172.234.197.23	SESSION-dc085f76ab1a4e2b → host:45.173.156.116 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c8a52e21a979a3cd:host:177.10.239.140	SESSION-c8a52e21a979a3cd → host:177.10.239.140
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51bc0a4af53b62cc:host:172.234.197.23	SESSION-51bc0a4af53b62cc → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6a72c1d938dd:port:tcp:443	flow:6a72c1d938dd → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cde6fb5ccac54489:PCAP:capture_20260430090001:065659c7d314	SESSION-cde6fb5ccac54489 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4fb1f3797e8f19a3:host:172.234.197.23	SESSION-4fb1f3797e8f19a3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cfdf430166eb3e5d:host:172.234.197.23	SESSION-cfdf430166eb3e5d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:62a872cfe84a:port:tcp:5655	flow:62a872cfe84a → port:tcp:5655
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e503c69e36c27590:SESSION-e503c69e36c27590	SESSION-e503c69e36c27590 → pe:syn:SESSION-e503c69e36c27590
FLOW_TO_HOSTOBS	e:to:SESSION-90e5db50c9887f08:host:131.196.30.71	SESSION-90e5db50c9887f08 → host:131.196.30.71
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f07097ffc1d464e5:host:172.234.197.23:host:131.196.29.161	SESSION-f07097ffc1d464e5 → host:172.234.197.23 → host:131.196.29.161
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-75cb9fe69e287da9:SESSION-75cb9fe69e287da9	SESSION-75cb9fe69e287da9 → pe:syn:SESSION-75cb9fe69e287da9
FLOW_DST_PORTOBS	e:fp:flow:f5f79f7f7c6a:port:tcp:443	flow:f5f79f7f7c6a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-68031782b8336c69:host:172.234.197.23	SESSION-68031782b8336c69 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-461eadc2db19418d:host:131.196.31.110	SESSION-461eadc2db19418d → host:131.196.31.110
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2a34ec08b35e90b0:host:177.10.234.74:host:172.234.197.23	SESSION-2a34ec08b35e90b0 → host:177.10.234.74 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6263455e390c054e:host:177.10.237.216	SESSION-6263455e390c054e → host:177.10.237.216
FLOW_TO_HOSTOBS	e:to:SESSION-f1de6d316dd7305f:host:172.234.197.23	SESSION-f1de6d316dd7305f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20c169d44973b1e9:host:172.234.197.23	SESSION-20c169d44973b1e9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.45:asn:271410	host:131.196.31.45 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e61eb47c134600b1:SESSION-e61eb47c134600b1	SESSION-e61eb47c134600b1 → pe:tls:SESSION-e61eb47c134600b1
FLOW_DST_PORTOBS	e:fp:flow:83813505251a:port:tcp:443	flow:83813505251a → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1745753d6a990e0e:SESSION-1745753d6a990e0e	SESSION-1745753d6a990e0e → pe:tls:SESSION-1745753d6a990e0e
FLOW_DST_PORTOBS	e:fp:flow:0804229defd8:port:tcp:443	flow:0804229defd8 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:23392fb83d00:port:tcp:443	flow:23392fb83d00 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b0e4303498e9ae3e:flow:9e6337f9fc4d	SESSION-b0e4303498e9ae3e → flow:9e6337f9fc4d
flow_observed5-aryOBS	e:fo:flow:d9b5c938ec53	flow:d9b5c938ec53 → host:177.10.232.167 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-eaf9de21464647a2:host:177.10.232.97	SESSION-eaf9de21464647a2 → host:177.10.232.97
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2794803b6e3661a7:PCAP:capture_20260430060001:919b39a74464	SESSION-2794803b6e3661a7 → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:b36f9561c530	flow:b36f9561c530 → host:45.173.156.61 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-f0be9ff1ae53d349:host:177.10.232.222	SESSION-f0be9ff1ae53d349 → host:177.10.232.222
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e5e4b6893c364bde:SESSION-e5e4b6893c364bde	SESSION-e5e4b6893c364bde → pe:tls:SESSION-e5e4b6893c364bde
flow_observed4-aryOBS	e:fo:flow:670370fbcdf2	flow:670370fbcdf2 → host:172.234.197.23 → host:45.173.156.150 → port:tcp:15482
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ec4c9189aa8273c:host:177.10.237.182:host:172.234.197.23	SESSION-2ec4c9189aa8273c → host:177.10.237.182 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8d58c039fa1a1304:host:172.234.197.23:host:172.232.0.17	SESSION-8d58c039fa1a1304 → host:172.234.197.23 → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e332f49c3a5896d2:SESSION-e332f49c3a5896d2	SESSION-e332f49c3a5896d2 → pe:syn:SESSION-e332f49c3a5896d2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-09c382be05e629ee:SESSION-09c382be05e629ee	SESSION-09c382be05e629ee → pe:syn:SESSION-09c382be05e629ee
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-48de9f7b9a5a464c:PCAP:capture_20260430060001:919b39a74464	SESSION-48de9f7b9a5a464c → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa574f1f11f5b30b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-aa574f1f11f5b30b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.112:asn:262880	host:177.10.235.112 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17dd55091d27669a:host:172.232.0.16	SESSION-17dd55091d27669a → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f302c09f7d22a8d1:SESSION-f302c09f7d22a8d1	SESSION-f302c09f7d22a8d1 → pe:tls:SESSION-f302c09f7d22a8d1
FLOW_FROM_HOSTOBS	e:from:SESSION-eca69a208ab39d5f:host:172.234.197.23	SESSION-eca69a208ab39d5f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f29ae4ea1d6d03ed:host:177.10.232.89:host:172.234.197.23	SESSION-f29ae4ea1d6d03ed → host:177.10.232.89 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e6abbbca78e64654:PCAP:capture_20260430090001:065659c7d314	SESSION-e6abbbca78e64654 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-329dd162e3e18437:host:172.234.197.23:host:177.10.234.9	SESSION-329dd162e3e18437 → host:172.234.197.23 → host:177.10.234.9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.246:geo_-23.62930_-46.63510	host:131.196.30.246 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0485e2f41480d0ab:host:131.196.31.56	SESSION-0485e2f41480d0ab → host:131.196.31.56
FLOW_DST_PORTOBS	e:fp:flow:d17061662425:port:tcp:43763	flow:d17061662425 → port:tcp:43763
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-045546313cbf5843:host:177.10.237.86:host:172.234.197.23	SESSION-045546313cbf5843 → host:177.10.237.86 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a1241ed8a2f02aa7:flow:64abb5157d6d	SESSION-a1241ed8a2f02aa7 → flow:64abb5157d6d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41808c8c85c3c4d3:host:172.234.197.23	SESSION-41808c8c85c3c4d3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c435d9660e7b:port:tcp:59087	flow:c435d9660e7b → port:tcp:59087
FLOW_TO_HOSTOBS	e:to:SESSION-97537ed6358a20d5:host:172.234.197.23	SESSION-97537ed6358a20d5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c93e3b6f6b78357b:PCAP:capture_20260430110001:43611bdf6759	SESSION-c93e3b6f6b78357b → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9df048180bcb59b6:SESSION-9df048180bcb59b6	SESSION-9df048180bcb59b6 → pe:syn:SESSION-9df048180bcb59b6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7cf4eefda54138cc:host:172.234.197.23:host:131.196.30.36	SESSION-7cf4eefda54138cc → host:172.234.197.23 → host:131.196.30.36
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.210:asn:262880	host:177.10.234.210 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d6e7d46ad1b0c983:SESSION-d6e7d46ad1b0c983	SESSION-d6e7d46ad1b0c983 → pe:syn:SESSION-d6e7d46ad1b0c983
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c825a37bb7881b6:host:131.196.28.222	SESSION-9c825a37bb7881b6 → host:131.196.28.222
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a8eb3ecb5c5b32a8:SESSION-a8eb3ecb5c5b32a8	SESSION-a8eb3ecb5c5b32a8 → pe:syn:SESSION-a8eb3ecb5c5b32a8
FLOW_TO_HOSTOBS	e:to:SESSION-666cc538c7e1a156:host:172.232.0.17	SESSION-666cc538c7e1a156 → host:172.232.0.17
FLOW_DST_PORTOBS	e:fp:flow:054a59fb275e:port:tcp:443	flow:054a59fb275e → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1a82d55b52198391:PCAP:capture_20260430150001:ded20914761d	SESSION-1a82d55b52198391 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-61267dc46edf9a47:host:131.196.28.87	SESSION-61267dc46edf9a47 → host:131.196.28.87
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.201:geo_-21.10010_-41.69200	host:45.173.156.201 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f73bbd477b19c775:SESSION-f73bbd477b19c775	SESSION-f73bbd477b19c775 → pe:tls:SESSION-f73bbd477b19c775
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75c1b247d58a4094:host:172.234.197.23	SESSION-75c1b247d58a4094 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c47d04961700459f:host:172.234.197.23	SESSION-c47d04961700459f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7341740ccb6f292:host:172.234.197.23	SESSION-e7341740ccb6f292 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98452f7d1a82c494:host:172.234.197.23	SESSION-98452f7d1a82c494 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ff4eb64228a8af88:SESSION-ff4eb64228a8af88	SESSION-ff4eb64228a8af88 → pe:tls:SESSION-ff4eb64228a8af88
FLOW_FROM_HOSTOBS	e:from:SESSION-cc0f694a62c9abc8:host:172.234.197.23	SESSION-cc0f694a62c9abc8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:50ce6e39fbb4:port:tcp:443	flow:50ce6e39fbb4 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d8b9309f53afd487:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-d8b9309f53afd487 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2daf8cded5fb19ed:host:136.243.57.208	SESSION-2daf8cded5fb19ed → host:136.243.57.208
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0acd91014f6238ed:host:177.10.236.186:host:172.234.197.23	SESSION-0acd91014f6238ed → host:177.10.236.186 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a498324f9fce7e9:host:172.234.197.23	SESSION-0a498324f9fce7e9 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.156:geo_-23.62930_-46.63510	host:131.196.28.156 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e503c69e36c27590:host:172.234.197.23:host:177.10.233.54	SESSION-e503c69e36c27590 → host:172.234.197.23 → host:177.10.233.54
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-421b35b56ec8b984:flow:b2c833b1ef62	SESSION-421b35b56ec8b984 → flow:b2c833b1ef62
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-721df94622c41f42:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-721df94622c41f42 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e327e4197615d5bf:host:172.234.197.23:host:131.196.28.86	SESSION-e327e4197615d5bf → host:172.234.197.23 → host:131.196.28.86
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-03cfd9b1d0f62704:flow:f7005d0541c0	SESSION-03cfd9b1d0f62704 → flow:f7005d0541c0
FLOW_DST_PORTOBS	e:fp:flow:1686e758d44a:port:tcp:30755	flow:1686e758d44a → port:tcp:30755
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5f6c80d4cd630a20:host:177.10.233.10:host:172.234.197.23	SESSION-5f6c80d4cd630a20 → host:177.10.233.10 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a57e7ba0de33dea3:host:177.10.235.166:host:172.234.197.23	SESSION-a57e7ba0de33dea3 → host:177.10.235.166 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a733fde11cff5d03:host:131.196.30.189	SESSION-a733fde11cff5d03 → host:131.196.30.189
FLOW_FROM_HOSTOBS	e:from:SESSION-6ef022cf55a10b05:host:131.196.31.47	SESSION-6ef022cf55a10b05 → host:131.196.31.47
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d9e1dffa0e2317c3:flow:a4780ba78b2d	SESSION-d9e1dffa0e2317c3 → flow:a4780ba78b2d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8b3ab5aeea0af112:SESSION-8b3ab5aeea0af112	SESSION-8b3ab5aeea0af112 → pe:tls:SESSION-8b3ab5aeea0af112
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ad7e9be9d0a80554:SESSION-ad7e9be9d0a80554	SESSION-ad7e9be9d0a80554 → pe:tls:SESSION-ad7e9be9d0a80554
FLOW_FROM_HOSTOBS	e:from:SESSION-77e4374445abb63e:host:172.234.197.23	SESSION-77e4374445abb63e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f0fe0e8460d1c75f:host:172.234.197.23:host:177.10.234.49	SESSION-f0fe0e8460d1c75f → host:172.234.197.23 → host:177.10.234.49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-b78ee328a5f7ceab:SESSION-b78ee328a5f7ceab	SESSION-b78ee328a5f7ceab → pe:rst:SESSION-b78ee328a5f7ceab
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe8408bb8c62f3c7:host:172.234.197.23	SESSION-fe8408bb8c62f3c7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0fe0e8460d1c75f:host:177.10.234.49	SESSION-f0fe0e8460d1c75f → host:177.10.234.49
flow_observed5-aryOBS	e:fo:flow:3ecc4430f83a	flow:3ecc4430f83a → host:131.196.29.35 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-caa2e371708bdf2e:host:172.234.197.23	SESSION-caa2e371708bdf2e → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.200:geo_-23.62930_-46.63510	host:131.196.31.200 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-1b7e5e87f526ce8d:host:177.10.232.233	SESSION-1b7e5e87f526ce8d → host:177.10.232.233
FLOW_DST_PORTOBS	e:fp:flow:a6e7268ade32:port:tcp:62855	flow:a6e7268ade32 → port:tcp:62855
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cce146f15a17b9a1:host:172.234.197.23:host:131.196.29.235	SESSION-cce146f15a17b9a1 → host:172.234.197.23 → host:131.196.29.235
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f2aa671fdac09172:host:172.234.197.23:host:131.196.28.40	SESSION-f2aa671fdac09172 → host:172.234.197.23 → host:131.196.28.40
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7a301fd9da8621bb:host:177.10.232.172:host:172.234.197.23	SESSION-7a301fd9da8621bb → host:177.10.232.172 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ee9fbb8d7f6cf47b:host:172.234.197.23	SESSION-ee9fbb8d7f6cf47b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1c5a72a6fbc2381d:SESSION-1c5a72a6fbc2381d	SESSION-1c5a72a6fbc2381d → pe:syn:SESSION-1c5a72a6fbc2381d
FLOW_TO_HOSTOBS	e:to:SESSION-574dd53dd07894c0:host:177.10.237.96	SESSION-574dd53dd07894c0 → host:177.10.237.96
FLOW_DST_PORTOBS	e:fp:flow:8b119f6991a9:port:tcp:41079	flow:8b119f6991a9 → port:tcp:41079
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-00d1a9c01c6924fe:flow:0e92b5d5b203	SESSION-00d1a9c01c6924fe → flow:0e92b5d5b203
flow_observed4-aryOBS	e:fo:flow:5e5be571de9c	flow:5e5be571de9c → host:172.234.197.23 → host:131.196.31.26 → port:tcp:60057
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ee237db5b674d6c4:SESSION-ee237db5b674d6c4	SESSION-ee237db5b674d6c4 → pe:tls:SESSION-ee237db5b674d6c4
FLOW_FROM_HOSTOBS	e:from:SESSION-f88b9847e7767e00:host:177.10.233.144	SESSION-f88b9847e7767e00 → host:177.10.233.144
FLOW_FROM_HOSTOBS	e:from:SESSION-ea2b78fffe48f844:host:131.196.28.204	SESSION-ea2b78fffe48f844 → host:131.196.28.204
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-499399e6896a45f7:host:95.135.228.52	SESSION-499399e6896a45f7 → host:95.135.228.52
flow_observed5-aryOBS	e:fo:flow:601dada6eafe	flow:601dada6eafe → host:177.10.239.247 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:c08b4e45346e:port:tcp:443	flow:c08b4e45346e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0caa41ae62241956:SESSION-0caa41ae62241956	SESSION-0caa41ae62241956 → pe:tls:SESSION-0caa41ae62241956
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96cc205c664fccab:host:172.234.197.23:host:131.196.28.10	SESSION-96cc205c664fccab → host:172.234.197.23 → host:131.196.28.10
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa38dbd858d86f82:SESSION-aa38dbd858d86f82	SESSION-aa38dbd858d86f82 → pe:tls:SESSION-aa38dbd858d86f82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-76d607ccf9e84136:SESSION-76d607ccf9e84136	SESSION-76d607ccf9e84136 → pe:tls:SESSION-76d607ccf9e84136
FLOW_DST_PORTOBS	e:fp:flow:fdab01a2611a:port:tcp:443	flow:fdab01a2611a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fdceaf69f291402:host:131.196.29.172	SESSION-3fdceaf69f291402 → host:131.196.29.172
FLOW_FROM_HOSTOBS	e:from:SESSION-4636706714da3434:host:45.173.156.236	SESSION-4636706714da3434 → host:45.173.156.236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-da14e430733ddeb2:SESSION-da14e430733ddeb2	SESSION-da14e430733ddeb2 → pe:syn:SESSION-da14e430733ddeb2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-161d2a74a24978d6:host:37.187.136.36:host:172.234.197.23	SESSION-161d2a74a24978d6 → host:37.187.136.36 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6c83a3382d975674:flow:0f753bb6befc	SESSION-6c83a3382d975674 → flow:0f753bb6befc
FLOW_FROM_HOSTOBS	e:from:SESSION-1d2ea88f589d3294:host:177.10.236.248	SESSION-1d2ea88f589d3294 → host:177.10.236.248
FLOW_FROM_HOSTOBS	e:from:SESSION-f40f233058919cef:host:172.234.197.23	SESSION-f40f233058919cef → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.88:asn:262880	host:177.10.238.88 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ea330cf59d2a2f8:host:172.234.197.23	SESSION-3ea330cf59d2a2f8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6ec641540644ee0:host:131.196.29.3	SESSION-a6ec641540644ee0 → host:131.196.29.3
FLOW_TO_HOSTOBS	e:to:SESSION-28599206da4f4816:host:172.234.197.23	SESSION-28599206da4f4816 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9af6eb1ce6cb824f:host:45.173.156.84	SESSION-9af6eb1ce6cb824f → host:45.173.156.84
FLOW_FROM_HOSTOBS	e:from:SESSION-33db7a85fa9e759a:host:172.234.197.23	SESSION-33db7a85fa9e759a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4bcb34449111b6ae:flow:32215df6c1e9	SESSION-4bcb34449111b6ae → flow:32215df6c1e9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fb6a6e3ef5fc132c:flow:499e2ccaea75	SESSION-fb6a6e3ef5fc132c → flow:499e2ccaea75
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-669451aeea441b50:SESSION-669451aeea441b50	SESSION-669451aeea441b50 → pe:tls:SESSION-669451aeea441b50
FLOW_DST_PORTOBS	e:fp:flow:56162d06b962:port:tcp:443	flow:56162d06b962 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:b43506a49673:port:tcp:55844	flow:b43506a49673 → port:tcp:55844
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4081c2e8ed1c2925:host:172.234.197.23	SESSION-4081c2e8ed1c2925 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e6d659d940e075af:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-e6d659d940e075af → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.235:geo_-16.28860_-49.01640	host:177.10.236.235 → geo_-16.28860_-49.01640
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-feb3207d55e7c5c5:BSG-BEACON-a1a38dfffb73	SESSION-feb3207d55e7c5c5 → BSG-BEACON-a1a38dfffb73
flow_observed5-aryOBS	e:fo:flow:305d5fed5670	flow:305d5fed5670 → host:177.10.238.59 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-7e12300b6212ab14:host:131.196.31.124	SESSION-7e12300b6212ab14 → host:131.196.31.124
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d5b80b4b47f274ca:flow:309e31a0a9a9	SESSION-d5b80b4b47f274ca → flow:309e31a0a9a9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-30ae225adc0bd1e0:PCAP:capture_20260430060001:919b39a74464	SESSION-30ae225adc0bd1e0 → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:9777e38d6ca3	flow:9777e38d6ca3 → host:177.10.236.153 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27536868d2d29d68:host:131.196.31.21	SESSION-27536868d2d29d68 → host:131.196.31.21
FLOW_FROM_HOSTOBS	e:from:SESSION-fdca441bb1b3810b:host:131.196.28.170	SESSION-fdca441bb1b3810b → host:131.196.28.170
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6dc77b6505beb2bc:flow:a453e4e4270f	SESSION-6dc77b6505beb2bc → flow:a453e4e4270f
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.173:asn:262880	host:177.10.237.173 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-25fe6bafaa94a84d:host:172.234.197.23	SESSION-25fe6bafaa94a84d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1f8267b24b78f93:host:131.196.30.231	SESSION-b1f8267b24b78f93 → host:131.196.30.231
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-932a817ddabc353f:flow:df716d9e6ea3	SESSION-932a817ddabc353f → flow:df716d9e6ea3
flow_observed5-aryOBS	e:fo:flow:8641bd54d117	flow:8641bd54d117 → host:177.10.234.32 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:98f62f7def50	flow:98f62f7def50 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
FLOW_DST_PORTOBS	e:fp:flow:425a0fcde4d7:port:tcp:32921	flow:425a0fcde4d7 → port:tcp:32921
FLOW_DST_PORTOBS	e:fp:flow:d767a7e82616:port:tcp:443	flow:d767a7e82616 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.56:geo_-23.62930_-46.63510	host:131.196.28.56 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:4fdc0949fed1	flow:4fdc0949fed1 → host:131.196.28.228 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.130:geo_-16.28860_-49.01640	host:177.10.233.130 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8224ed8c82963e52:host:172.234.197.23	SESSION-8224ed8c82963e52 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3bb818ce2b02135d:host:172.234.197.23	SESSION-3bb818ce2b02135d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6709de98ca6d	flow:6709de98ca6d → host:177.10.237.115 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-626902abaec078eb:host:131.196.29.237	SESSION-626902abaec078eb → host:131.196.29.237
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-14b4ac17b4f35bc0:flow:f315e1ec89ae	SESSION-14b4ac17b4f35bc0 → flow:f315e1ec89ae
FLOW_DST_PORTOBS	e:fp:flow:d99b71d3b5fd:port:tcp:443	flow:d99b71d3b5fd → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bedaa62e135c647a:SESSION-bedaa62e135c647a	SESSION-bedaa62e135c647a → pe:tls:SESSION-bedaa62e135c647a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.115:geo_-16.28860_-49.01640	host:177.10.232.115 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eadf7b6ccdd54c7f:flow:9777e38d6ca3	SESSION-eadf7b6ccdd54c7f → flow:9777e38d6ca3
FLOW_DST_PORTOBS	e:fp:flow:e2f110beb46b:port:tcp:443	flow:e2f110beb46b → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-f234671aee206898:host:177.10.238.173	SESSION-f234671aee206898 → host:177.10.238.173
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7240be1eb77ed4f4:flow:152516e88773	SESSION-7240be1eb77ed4f4 → flow:152516e88773
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.118:geo_-16.28860_-49.01640	host:177.10.236.118 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f486345fbdf5443:host:172.234.197.23	SESSION-8f486345fbdf5443 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a5ceca64359b9f0d:host:172.234.197.23	SESSION-a5ceca64359b9f0d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-55187c9d4dc6d2e7:SESSION-55187c9d4dc6d2e7	SESSION-55187c9d4dc6d2e7 → pe:syn:SESSION-55187c9d4dc6d2e7
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.76:asn:262880	host:177.10.233.76 → asn:262880
flow_observed4-aryOBS	e:fo:flow:9ab5572a2446	flow:9ab5572a2446 → host:172.234.197.23 → host:131.196.30.12 → port:tcp:14624
FLOW_FROM_HOSTOBS	e:from:SESSION-25d670562ff80de0:host:177.10.233.100	SESSION-25d670562ff80de0 → host:177.10.233.100
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ada1853624679841:PCAP:capture_20260430160001:9bfa4498506a	SESSION-ada1853624679841 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b61a304f889dfad6:host:172.234.197.23:host:177.10.234.78	SESSION-b61a304f889dfad6 → host:172.234.197.23 → host:177.10.234.78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f6c80d4cd630a20:host:172.234.197.23	SESSION-5f6c80d4cd630a20 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f580f0e619786fa7:SESSION-f580f0e619786fa7	SESSION-f580f0e619786fa7 → pe:syn:SESSION-f580f0e619786fa7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d8c0a98b52014301:host:177.10.237.230:host:172.234.197.23	SESSION-d8c0a98b52014301 → host:177.10.237.230 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cc2833e8abe7ed0a:host:172.234.197.23	SESSION-cc2833e8abe7ed0a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b00e597f7260eb50:host:172.234.197.23	SESSION-b00e597f7260eb50 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c93964ffa7e29d50:PCAP:capture_20260430050001:8868731bf8a4	SESSION-c93964ffa7e29d50 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8dbd1afb05a3a814:SESSION-8dbd1afb05a3a814	SESSION-8dbd1afb05a3a814 → pe:syn:SESSION-8dbd1afb05a3a814
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ced8040d8221dfbc:SESSION-ced8040d8221dfbc	SESSION-ced8040d8221dfbc → pe:syn:SESSION-ced8040d8221dfbc
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:3.103.179.97:geo_-36.85040_174.76750	host:3.103.179.97 → geo_-36.85040_174.76750
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a4fdea987cb08476:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-a4fdea987cb08476 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-9ab980d26fa84a5e:host:172.234.197.23	SESSION-9ab980d26fa84a5e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-586cf5bb6d743be1:flow:bbe9e2d3420e	SESSION-586cf5bb6d743be1 → flow:bbe9e2d3420e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.60:geo_-16.28860_-49.01640	host:177.10.233.60 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab185a89adee30ab:host:131.196.30.250	SESSION-ab185a89adee30ab → host:131.196.30.250
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.220:geo_-16.28860_-49.01640	host:177.10.233.220 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:5a18bfe2e6a6	flow:5a18bfe2e6a6 → host:177.10.236.164 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-cf31506875543a88:host:177.10.239.184	SESSION-cf31506875543a88 → host:177.10.239.184
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.24:geo_-16.28860_-49.01640	host:177.10.233.24 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:d4fdcb61394f:port:tcp:47712	flow:d4fdcb61394f → port:tcp:47712
flow_observed5-aryOBS	e:fo:flow:2c788cfe0774	flow:2c788cfe0774 → host:144.76.23.34 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-5a75b8c86281e6b7:host:177.10.235.201	SESSION-5a75b8c86281e6b7 → host:177.10.235.201
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b68ed671c67acfd:host:177.10.234.179	SESSION-2b68ed671c67acfd → host:177.10.234.179
FLOW_TO_HOSTOBS	e:to:SESSION-abff9bfe6a29f0b5:host:131.196.28.198	SESSION-abff9bfe6a29f0b5 → host:131.196.28.198
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db60e018ea4d304a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-db60e018ea4d304a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9b30dbd402b74df1:SESSION-9b30dbd402b74df1	SESSION-9b30dbd402b74df1 → pe:syn:SESSION-9b30dbd402b74df1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9f0699d4f0c2d48e:host:103.155.16.117:host:172.234.197.23	SESSION-9f0699d4f0c2d48e → host:103.155.16.117 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-dc755b03d1f3f489:host:131.196.29.156	SESSION-dc755b03d1f3f489 → host:131.196.29.156
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8cb528496ded9d11:SESSION-8cb528496ded9d11	SESSION-8cb528496ded9d11 → pe:tls:SESSION-8cb528496ded9d11
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.61:asn:262880	host:177.10.232.61 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2579d58cc01cbffa:flow:e0d57b41a397	SESSION-2579d58cc01cbffa → flow:e0d57b41a397
flow_observed5-aryOBS	e:fo:flow:39c25f60b4e5	flow:39c25f60b4e5 → host:131.196.28.7 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66033cfbc7dd0c2c:host:172.234.197.23	SESSION-66033cfbc7dd0c2c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-424e5c5b03912c3d:host:177.10.238.81	SESSION-424e5c5b03912c3d → host:177.10.238.81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f76d275e2b42c8d0:SESSION-f76d275e2b42c8d0	SESSION-f76d275e2b42c8d0 → pe:tls:SESSION-f76d275e2b42c8d0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a3e5e93fe3cda49d:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-a3e5e93fe3cda49d → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-cfbd2e877e86cd2a:host:172.234.197.23	SESSION-cfbd2e877e86cd2a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b31cf1240fb1e101:host:172.234.197.23:host:177.10.237.129	SESSION-b31cf1240fb1e101 → host:172.234.197.23 → host:177.10.237.129
FLOW_FROM_HOSTOBS	e:from:SESSION-1446b81625870ef0:host:13.208.161.175	SESSION-1446b81625870ef0 → host:13.208.161.175
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e08dddd9edfa5277:PCAP:capture_20260430150001:ded20914761d	SESSION-e08dddd9edfa5277 → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.88:asn:262880	host:177.10.232.88 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9e0d73c88dd83fb6:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9e0d73c88dd83fb6 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b2b0ee493ee38385:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b2b0ee493ee38385 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-94e95046da2771ab:host:131.196.31.45:host:172.234.197.23	SESSION-94e95046da2771ab → host:131.196.31.45 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5b7661178bc9fc6:host:131.196.29.184	SESSION-a5b7661178bc9fc6 → host:131.196.29.184
FLOW_TO_HOSTOBS	e:to:SESSION-8165f1476121226e:host:172.234.197.23	SESSION-8165f1476121226e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-517e17fbfcdc9eaf:host:177.10.239.165	SESSION-517e17fbfcdc9eaf → host:177.10.239.165
FLOW_DST_PORTOBS	e:fp:flow:e535264fff8d:port:tcp:443	flow:e535264fff8d → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:3aa20074c93a:port:tcp:21910	flow:3aa20074c93a → port:tcp:21910
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-09e72a02b44d9649:BSG-BEACON-ddcd58bdc4dc	SESSION-09e72a02b44d9649 → BSG-BEACON-ddcd58bdc4dc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ffe1a7a04c39301:host:172.234.197.23	SESSION-0ffe1a7a04c39301 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d941eb7985d54eff:SESSION-d941eb7985d54eff	SESSION-d941eb7985d54eff → pe:tls:SESSION-d941eb7985d54eff
flow_observed4-aryOBS	e:fo:flow:878c61c0dd91	flow:878c61c0dd91 → host:172.234.197.23 → host:131.196.30.126 → port:tcp:56012
FLOW_TO_HOSTOBS	e:to:SESSION-e503c69e36c27590:host:177.10.233.54	SESSION-e503c69e36c27590 → host:177.10.233.54
FLOW_TO_HOSTOBS	e:to:SESSION-c97208f3d5d9be26:host:172.234.197.23	SESSION-c97208f3d5d9be26 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8383343898074aaa:host:172.234.197.23	SESSION-8383343898074aaa → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.38:asn:262880	host:177.10.237.38 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:8fd405509a6f:port:tcp:2605	flow:8fd405509a6f → port:tcp:2605
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2963f6e37ebf1d0d:SESSION-2963f6e37ebf1d0d	SESSION-2963f6e37ebf1d0d → pe:syn:SESSION-2963f6e37ebf1d0d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-47f7d0be3b0e89e2:SESSION-47f7d0be3b0e89e2	SESSION-47f7d0be3b0e89e2 → pe:syn:SESSION-47f7d0be3b0e89e2
FLOW_TO_HOSTOBS	e:to:SESSION-9e1cb285535c63d0:host:172.234.197.23	SESSION-9e1cb285535c63d0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92922842b80104c6:host:177.10.232.37	SESSION-92922842b80104c6 → host:177.10.232.37
FLOW_DST_PORTOBS	e:fp:flow:bfe04f563b53:port:tcp:443	flow:bfe04f563b53 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-4ba070ea29625f6c:host:177.10.234.251	SESSION-4ba070ea29625f6c → host:177.10.234.251
FLOW_FROM_HOSTOBS	e:from:SESSION-5d4ae68a057da74d:host:172.234.197.23	SESSION-5d4ae68a057da74d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de115ad7179345b0:host:131.196.29.76	SESSION-de115ad7179345b0 → host:131.196.29.76
FLOW_DST_PORTOBS	e:fp:flow:9ecf6a5f2cf7:port:tcp:19359	flow:9ecf6a5f2cf7 → port:tcp:19359
flow_observed5-aryOBS	e:fo:flow:01cddae85cf7	flow:01cddae85cf7 → host:177.10.237.138 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8d9cfeb1a925e0c3:SESSION-8d9cfeb1a925e0c3	SESSION-8d9cfeb1a925e0c3 → pe:syn:SESSION-8d9cfeb1a925e0c3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7a0913a57a803cab:PCAP:capture_20260430090001:065659c7d314	SESSION-7a0913a57a803cab → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cac46254a85b1ec3:host:131.196.31.43:host:172.234.197.23	SESSION-cac46254a85b1ec3 → host:131.196.31.43 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bcc72520c021:port:tcp:29021	flow:bcc72520c021 → port:tcp:29021
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fe3fb5807179bb52:flow:62c530228f25	SESSION-fe3fb5807179bb52 → flow:62c530228f25
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a108f3a8f652bd55:host:95.170.25.156	SESSION-a108f3a8f652bd55 → host:95.170.25.156
flow_observed3-aryOBS	e:fo:flow:b5ace34b2127	flow:b5ace34b2127 → host:16.147.218.115 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:dc540a8f719c:port:tcp:31793	flow:dc540a8f719c → port:tcp:31793
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c471169f59e284ee:SESSION-c471169f59e284ee	SESSION-c471169f59e284ee → pe:tls:SESSION-c471169f59e284ee
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f597f69b0915b82:host:170.106.14.53	SESSION-9f597f69b0915b82 → host:170.106.14.53
flow_observed5-aryOBS	e:fo:flow:a342d49689c0	flow:a342d49689c0 → host:177.10.235.58 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-255149252f7b9c37:SESSION-255149252f7b9c37	SESSION-255149252f7b9c37 → pe:tls:SESSION-255149252f7b9c37
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.8:geo_-23.62930_-46.63510	host:131.196.29.8 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-01b1445b3dd1d2e4:host:131.196.28.44	SESSION-01b1445b3dd1d2e4 → host:131.196.28.44
FLOW_DST_PORTOBS	e:fp:flow:b7b083ee0603:port:tcp:80	flow:b7b083ee0603 → port:tcp:80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c3db1a0404e21661:flow:c8d339210a8b	SESSION-c3db1a0404e21661 → flow:c8d339210a8b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e2713dc0653d6ae5:host:131.196.30.81:host:172.234.197.23	SESSION-e2713dc0653d6ae5 → host:131.196.30.81 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0e6517dadbfe4bb3:host:172.234.197.23	SESSION-0e6517dadbfe4bb3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-001dbe9c45882aae:flow:ade63f4d8dc5	SESSION-001dbe9c45882aae → flow:ade63f4d8dc5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.240:geo_-23.62930_-46.63510	host:131.196.31.240 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5fdb408b0b3dd802:SESSION-5fdb408b0b3dd802	SESSION-5fdb408b0b3dd802 → pe:tls:SESSION-5fdb408b0b3dd802
FLOW_FROM_HOSTOBS	e:from:SESSION-3e5a346c4f0315a5:host:177.10.235.171	SESSION-3e5a346c4f0315a5 → host:177.10.235.171
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5fcbc735dfd8018d:flow:e1dc74fab400	SESSION-5fcbc735dfd8018d → flow:e1dc74fab400
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-866725b3664820db:SESSION-866725b3664820db	SESSION-866725b3664820db → pe:syn:SESSION-866725b3664820db
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e703980a48f1e09:SESSION-4e703980a48f1e09	SESSION-4e703980a48f1e09 → pe:syn:SESSION-4e703980a48f1e09
flow_observed3-aryOBS	e:fo:flow:0d1ed77c2d0f	flow:0d1ed77c2d0f → host:51.225.22.198 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ed473d20582b9e99:host:172.234.197.23	SESSION-ed473d20582b9e99 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.88:asn:271410	host:131.196.30.88 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-396a4dd85675ad96:host:177.10.238.149	SESSION-396a4dd85675ad96 → host:177.10.238.149
FLOW_TO_HOSTOBS	e:to:SESSION-bc1a8a6f7d90953a:host:172.232.0.16	SESSION-bc1a8a6f7d90953a → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e21e19309bc8d324:SESSION-e21e19309bc8d324	SESSION-e21e19309bc8d324 → pe:tls:SESSION-e21e19309bc8d324
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.243:geo_41.00190_28.96450	host:95.170.25.243 → geo_41.00190_28.96450
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2035a3586bc1f35f:SESSION-2035a3586bc1f35f	SESSION-2035a3586bc1f35f → pe:syn:SESSION-2035a3586bc1f35f
FLOW_DST_PORTOBS	e:fp:flow:7fac969ccea8:port:tcp:443	flow:7fac969ccea8 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-5bba4e0174a1f95d:SESSION-5bba4e0174a1f95d	SESSION-5bba4e0174a1f95d → pe:rst:SESSION-5bba4e0174a1f95d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-677c9237241fc75d:flow:62a92a296f67	SESSION-677c9237241fc75d → flow:62a92a296f67
FLOW_TO_HOSTOBS	e:to:SESSION-d1b588a91707aaaf:host:131.196.31.143	SESSION-d1b588a91707aaaf → host:131.196.31.143
FLOW_DST_PORTOBS	e:fp:flow:3ebf6dc4c75b:port:tcp:38523	flow:3ebf6dc4c75b → port:tcp:38523
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4862cddc1ddaa50:PCAP:capture_20260430150001:ded20914761d	SESSION-d4862cddc1ddaa50 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4886aa3300be1da9:SESSION-4886aa3300be1da9	SESSION-4886aa3300be1da9 → pe:tls:SESSION-4886aa3300be1da9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e632e9ec3b8d735c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e632e9ec3b8d735c → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9deb407202a7aa0:host:172.234.197.23	SESSION-b9deb407202a7aa0 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:4c23aa66defb	flow:4c23aa66defb → host:172.234.197.23 → host:177.10.239.40 → port:tcp:16548
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe22df31c35f787d:host:45.173.156.110	SESSION-fe22df31c35f787d → host:45.173.156.110
FLOW_TO_HOSTOBS	e:to:SESSION-c227f10fbea5d546:host:131.196.29.120	SESSION-c227f10fbea5d546 → host:131.196.29.120
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.119:geo_-16.28860_-49.01640	host:177.10.234.119 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-d7508894fe5424d7:host:131.196.28.137	SESSION-d7508894fe5424d7 → host:131.196.28.137
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.148:asn:262880	host:177.10.233.148 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.161:geo_-16.28860_-49.01640	host:177.10.236.161 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-2c2ee5c4e3db47f8:SESSION-2c2ee5c4e3db47f8	SESSION-2c2ee5c4e3db47f8 → pe:rst:SESSION-2c2ee5c4e3db47f8
FLOW_TO_HOSTOBS	e:to:SESSION-b5dccafc7307f6ac:host:172.234.197.23	SESSION-b5dccafc7307f6ac → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a26d5a4b5eab898:host:51.224.74.176	SESSION-1a26d5a4b5eab898 → host:51.224.74.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9633daabdcbaa0c0:host:177.10.234.163	SESSION-9633daabdcbaa0c0 → host:177.10.234.163
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.195:geo_-16.28860_-49.01640	host:177.10.236.195 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-082f90538556b940:host:131.196.29.144	SESSION-082f90538556b940 → host:131.196.29.144
FLOW_FROM_HOSTOBS	e:from:SESSION-704e3a6bbdc29013:host:177.10.234.246	SESSION-704e3a6bbdc29013 → host:177.10.234.246
FLOW_DST_PORTOBS	e:fp:flow:4810b7b3c231:port:tcp:443	flow:4810b7b3c231 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e8ef5b0d475390b4:host:131.196.29.168:host:172.234.197.23	SESSION-e8ef5b0d475390b4 → host:131.196.29.168 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6a07ad54f9ab5f8:host:177.10.236.32	SESSION-e6a07ad54f9ab5f8 → host:177.10.236.32
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da14e554ef56152a:host:177.10.235.126	SESSION-da14e554ef56152a → host:177.10.235.126
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fc59b28fe233796a:SESSION-fc59b28fe233796a	SESSION-fc59b28fe233796a → pe:tls:SESSION-fc59b28fe233796a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-38c7d1687d10af97:PCAP:capture_20260430060001:919b39a74464	SESSION-38c7d1687d10af97 → PCAP:capture_20260430060001:919b39a74464
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-775ba1157917a355:BSG-BEACON-def22c405546	SESSION-775ba1157917a355 → BSG-BEACON-def22c405546
FLOW_DST_PORTOBS	e:fp:flow:93db33bc72fc:port:tcp:1748	flow:93db33bc72fc → port:tcp:1748
FLOW_DST_PORTOBS	e:fp:flow:fac0f539a350:port:tcp:443	flow:fac0f539a350 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:260ed1123d22	flow:260ed1123d22 → host:177.10.238.190 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e9e5b45e575f3797:SESSION-e9e5b45e575f3797	SESSION-e9e5b45e575f3797 → pe:syn:SESSION-e9e5b45e575f3797
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f991b6c62555b6c:host:177.10.236.193	SESSION-1f991b6c62555b6c → host:177.10.236.193
FLOW_TO_HOSTOBS	e:to:SESSION-309223c775254000:host:172.232.0.16	SESSION-309223c775254000 → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-efabffc9197efb23:SESSION-efabffc9197efb23	SESSION-efabffc9197efb23 → pe:tls:SESSION-efabffc9197efb23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b35aac65e648dac0:PCAP:capture_20260428010001:b1b402c7b202	SESSION-b35aac65e648dac0 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_DST_PORTOBS	e:fp:flow:f37d154a9190:port:tcp:443	flow:f37d154a9190 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-946275ea323f6900:flow:9b0db0782ff3	SESSION-946275ea323f6900 → flow:9b0db0782ff3
FLOW_FROM_HOSTOBS	e:from:SESSION-026fe63fd4f2486a:host:60.214.180.150	SESSION-026fe63fd4f2486a → host:60.214.180.150
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d43da16ef3276f9b:PCAP:capture_20260430090001:065659c7d314	SESSION-d43da16ef3276f9b → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6222707cbae0e281:SESSION-6222707cbae0e281	SESSION-6222707cbae0e281 → pe:syn:SESSION-6222707cbae0e281
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-07a7172489c9ad9c:flow:7abfe668e6be	SESSION-07a7172489c9ad9c → flow:7abfe668e6be
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ec00a834c5afff3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-1ec00a834c5afff3 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:29bfaeba90ca	flow:29bfaeba90ca → host:131.196.30.196 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-3adb88175f99dced:host:172.234.197.23	SESSION-3adb88175f99dced → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6cdd6f90666a:port:tcp:38689	flow:6cdd6f90666a → port:tcp:38689
flow_observed5-aryOBS	e:fo:flow:7936992fc196	flow:7936992fc196 → host:131.196.31.14 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7a24ae76392ce429:flow:03f0c9cd6d0d	SESSION-7a24ae76392ce429 → flow:03f0c9cd6d0d
FLOW_FROM_HOSTOBS	e:from:SESSION-5e72c530de39a222:host:177.10.234.164	SESSION-5e72c530de39a222 → host:177.10.234.164
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4fa0ca2c10982c45:host:131.196.31.2:host:172.234.197.23	SESSION-4fa0ca2c10982c45 → host:131.196.31.2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eaae06fce38c131f:flow:4af1e8dbb35f	SESSION-eaae06fce38c131f → flow:4af1e8dbb35f
FLOW_TO_HOSTOBS	e:to:SESSION-ca0d45baeb856677:host:172.234.197.23	SESSION-ca0d45baeb856677 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:124cc7b94ae6	flow:124cc7b94ae6 → host:177.10.234.222 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:7e7fec78c1be:port:tcp:443	flow:7e7fec78c1be → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d5d486009dccd362:SESSION-d5d486009dccd362	SESSION-d5d486009dccd362 → pe:tls:SESSION-d5d486009dccd362
FLOW_TO_HOSTOBS	e:to:SESSION-f3cf60c38091a57a:host:172.234.197.23	SESSION-f3cf60c38091a57a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-924bf50c0164bb1b:host:172.234.197.23	SESSION-924bf50c0164bb1b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.242:geo_41.02140_28.99480	host:185.231.226.242 → geo_41.02140_28.99480
FLOW_TO_HOSTOBS	e:to:SESSION-96639b4b4a33e422:host:172.234.197.23	SESSION-96639b4b4a33e422 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:144e359a361b:port:tcp:443	flow:144e359a361b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20b594788160c43c:host:177.10.236.11	SESSION-20b594788160c43c → host:177.10.236.11
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b068e0f016ef609:host:131.196.30.41	SESSION-4b068e0f016ef609 → host:131.196.30.41
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-718b3dc95b6876be:flow:18e92ec9b6d5	SESSION-718b3dc95b6876be → flow:18e92ec9b6d5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-28a7ecee4eeacba6:PCAP:capture_20260430050001:8868731bf8a4	SESSION-28a7ecee4eeacba6 → PCAP:capture_20260430050001:8868731bf8a4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.252:asn:271410	host:131.196.29.252 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c3d488fa50a25e1f:SESSION-c3d488fa50a25e1f	SESSION-c3d488fa50a25e1f → pe:tls:SESSION-c3d488fa50a25e1f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a80be6abc21d5bd:flow:38be2a81132c	SESSION-8a80be6abc21d5bd → flow:38be2a81132c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2632ba515271ea31:host:177.10.239.185	SESSION-2632ba515271ea31 → host:177.10.239.185
flow_observed5-aryOBS	e:fo:flow:7429b5a04d93	flow:7429b5a04d93 → host:177.10.234.232 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-01454c90925a3a4f:SESSION-01454c90925a3a4f	SESSION-01454c90925a3a4f → pe:syn:SESSION-01454c90925a3a4f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c1e38c6e6df43f1:host:172.234.197.23	SESSION-3c1e38c6e6df43f1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-035e17bf8c36a59b:host:177.10.237.6	SESSION-035e17bf8c36a59b → host:177.10.237.6
flow_observed5-aryOBS	e:fo:flow:501aaf2159ed	flow:501aaf2159ed → host:131.196.31.246 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5ba4a44df249a00:host:177.10.238.247	SESSION-e5ba4a44df249a00 → host:177.10.238.247
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-602a14335703e220:flow:77f19b7707e9	SESSION-602a14335703e220 → flow:77f19b7707e9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0667f103db24cb40:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0667f103db24cb40 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-da6e864635febf48:host:172.234.197.23	SESSION-da6e864635febf48 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-22c25719fd1e6342:SESSION-22c25719fd1e6342	SESSION-22c25719fd1e6342 → pe:tls:SESSION-22c25719fd1e6342
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb3e7e97aa8c76e6:SESSION-cb3e7e97aa8c76e6	SESSION-cb3e7e97aa8c76e6 → pe:tls:SESSION-cb3e7e97aa8c76e6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fbd574144622ed91:flow:590d1ed51177	SESSION-fbd574144622ed91 → flow:590d1ed51177
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a60c132d3a0c7657:host:172.234.197.23	SESSION-a60c132d3a0c7657 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9bf9cf9055b9:port:tcp:443	flow:9bf9cf9055b9 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b4751d88925ba5f3:SESSION-b4751d88925ba5f3	SESSION-b4751d88925ba5f3 → pe:syn:SESSION-b4751d88925ba5f3
FLOW_FROM_HOSTOBS	e:from:SESSION-f49d888fd824b97a:host:177.10.232.204	SESSION-f49d888fd824b97a → host:177.10.232.204
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c3a58fc1fb15d0c4:flow:3bbdd44e899d	SESSION-c3a58fc1fb15d0c4 → flow:3bbdd44e899d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94c9082e66baa6b5:host:172.234.197.23	SESSION-94c9082e66baa6b5 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-91c3828e0c41fbe7:host:172.234.197.23	SESSION-91c3828e0c41fbe7 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:da19865bc885	flow:da19865bc885 → host:172.234.197.23 → host:131.196.31.71 → port:tcp:76
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-383c10f8cce4ec29:flow:7aa69b7f39c1	SESSION-383c10f8cce4ec29 → flow:7aa69b7f39c1
FLOW_FROM_HOSTOBS	e:from:SESSION-204050056bc27f05:host:177.10.234.193	SESSION-204050056bc27f05 → host:177.10.234.193
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-43d9721f29111779:SESSION-43d9721f29111779	SESSION-43d9721f29111779 → pe:rst:SESSION-43d9721f29111779
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79b570e2589cf059:host:172.234.197.23	SESSION-79b570e2589cf059 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c7635cd052466cdd:flow:90fb23778ba2	SESSION-c7635cd052466cdd → flow:90fb23778ba2
FLOW_FROM_HOSTOBS	e:from:SESSION-31d47da03b5e0774:host:45.173.156.138	SESSION-31d47da03b5e0774 → host:45.173.156.138
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5804e26655ff1a06:SESSION-5804e26655ff1a06	SESSION-5804e26655ff1a06 → pe:tls:SESSION-5804e26655ff1a06
FLOW_TO_HOSTOBS	e:to:SESSION-3fb8ed1fbc81e736:host:172.234.197.23	SESSION-3fb8ed1fbc81e736 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c873de224cbac149:host:131.196.28.7:host:172.234.197.23	SESSION-c873de224cbac149 → host:131.196.28.7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1a82d55b52198391:host:131.196.31.118	SESSION-1a82d55b52198391 → host:131.196.31.118
flow_observed5-aryOBS	e:fo:flow:119f410fdf98	flow:119f410fdf98 → host:104.28.202.79 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:012ae353881c:port:tcp:25271	flow:012ae353881c → port:tcp:25271
FLOW_DST_PORTOBS	e:fp:flow:1f0cbb1c4183:port:tcp:443	flow:1f0cbb1c4183 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c3cd15ae05af1e0a:SESSION-c3cd15ae05af1e0a	SESSION-c3cd15ae05af1e0a → pe:syn:SESSION-c3cd15ae05af1e0a
FLOW_FROM_HOSTOBS	e:from:SESSION-4f800f90b92d1e01:host:44.246.129.80	SESSION-4f800f90b92d1e01 → host:44.246.129.80
FLOW_FROM_HOSTOBS	e:from:SESSION-db1b4e286dc089a9:host:172.234.197.23	SESSION-db1b4e286dc089a9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-97957d43d677156c:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-97957d43d677156c → PCAP:capture_20260427220001:43a3d6220bc6
flow_observed5-aryOBS	e:fo:flow:568b0c6364ac	flow:568b0c6364ac → host:31.40.196.247 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76512232807349be:host:45.173.156.51	SESSION-76512232807349be → host:45.173.156.51
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fc59b28fe233796a:host:177.10.238.156:host:172.234.197.23	SESSION-fc59b28fe233796a → host:177.10.238.156 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.2:asn:271410	host:131.196.31.2 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:f5e29d2fb7d9:port:tcp:443	flow:f5e29d2fb7d9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f147f2227c6d965:host:131.196.30.255	SESSION-5f147f2227c6d965 → host:131.196.30.255
FLOW_DST_PORTOBS	e:fp:flow:f2c6379e0a88:port:tcp:32499	flow:f2c6379e0a88 → port:tcp:32499
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-54530aea57b72d0f:host:172.234.197.23:host:177.10.237.35	SESSION-54530aea57b72d0f → host:172.234.197.23 → host:177.10.237.35
FLOW_DST_PORTOBS	e:fp:flow:7db70b5ccb55:port:tcp:443	flow:7db70b5ccb55 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e04d863bd380e3e5:SESSION-e04d863bd380e3e5	SESSION-e04d863bd380e3e5 → pe:syn:SESSION-e04d863bd380e3e5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0532a1c12e883894:host:177.10.234.109	SESSION-0532a1c12e883894 → host:177.10.234.109
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47f7d0be3b0e89e2:host:177.10.235.21	SESSION-47f7d0be3b0e89e2 → host:177.10.235.21
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0be6cf40df30cb93:PCAP:capture_20260430110001:43611bdf6759	SESSION-0be6cf40df30cb93 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-619cd2820aafdf33:host:131.196.28.246	SESSION-619cd2820aafdf33 → host:131.196.28.246
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3186af5a0774c3b5:host:45.173.156.117:host:172.234.197.23	SESSION-3186af5a0774c3b5 → host:45.173.156.117 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-295c5f4e2a8126b8:flow:a8e38032e2d9	SESSION-295c5f4e2a8126b8 → flow:a8e38032e2d9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a4b1418ed7a7a9f3:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-a4b1418ed7a7a9f3 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-2fd071a3b1e728ca:host:172.234.197.23	SESSION-2fd071a3b1e728ca → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7a800bc67052acb8:SESSION-7a800bc67052acb8	SESSION-7a800bc67052acb8 → pe:tls:SESSION-7a800bc67052acb8
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.227:geo_-16.28860_-49.01640	host:177.10.235.227 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:0724a1e4ffed	flow:0724a1e4ffed → host:172.234.197.23 → host:177.10.237.91 → port:tcp:28523
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aec01d0deaddfc4b:SESSION-aec01d0deaddfc4b	SESSION-aec01d0deaddfc4b → pe:tls:SESSION-aec01d0deaddfc4b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.217:geo_-23.62930_-46.63510	host:131.196.31.217 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-64abd49ab16af3e3:host:172.234.197.23	SESSION-64abd49ab16af3e3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-144e16262f6e2a62:host:131.196.29.65:host:172.234.197.23	SESSION-144e16262f6e2a62 → host:131.196.29.65 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f57ffeba62df89fa:SESSION-f57ffeba62df89fa	SESSION-f57ffeba62df89fa → pe:tls:SESSION-f57ffeba62df89fa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-381a0e70ba36b75c:SESSION-381a0e70ba36b75c	SESSION-381a0e70ba36b75c → pe:tls:SESSION-381a0e70ba36b75c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1a13f968b47fc9d:host:172.234.197.23	SESSION-e1a13f968b47fc9d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0fa0595b0c8a6ef6:host:177.10.232.22	SESSION-0fa0595b0c8a6ef6 → host:177.10.232.22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-09d8680ca1ab1b1e:SESSION-09d8680ca1ab1b1e	SESSION-09d8680ca1ab1b1e → pe:syn:SESSION-09d8680ca1ab1b1e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-167179e2a869fa22:SESSION-167179e2a869fa22	SESSION-167179e2a869fa22 → pe:tls:SESSION-167179e2a869fa22
flow_observed5-aryOBS	e:fo:flow:0dd04f1a7f99	flow:0dd04f1a7f99 → host:45.173.156.95 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-eed6a9b72737e44d:host:172.234.197.23	SESSION-eed6a9b72737e44d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-52e5c47434ed6c74:flow:8fff356c5f0c	SESSION-52e5c47434ed6c74 → flow:8fff356c5f0c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.236:geo_-16.28860_-49.01640	host:177.10.238.236 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:f6468a8c8ce9	flow:f6468a8c8ce9 → host:131.196.30.253 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd8363b8ee3ddfde:host:172.234.197.23	SESSION-bd8363b8ee3ddfde → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d65a28f7cbebfeb:host:177.10.238.87	SESSION-9d65a28f7cbebfeb → host:177.10.238.87
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-609881b75f195530:flow:de87957d122a	SESSION-609881b75f195530 → flow:de87957d122a
HOST_IN_ASNOBS 85%	e:ha:host:35.95.113.227:asn:16509	host:35.95.113.227 → asn:16509
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a87c967af45101a2:flow:d23179f45fe2	SESSION-a87c967af45101a2 → flow:d23179f45fe2
FLOW_FROM_HOSTOBS	e:from:SESSION-e1ff5f640d9a1d3a:host:177.10.237.153	SESSION-e1ff5f640d9a1d3a → host:177.10.237.153
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0229340abc854c0d:flow:301bea5aae22	SESSION-0229340abc854c0d → flow:301bea5aae22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-44cdc048c80875b5:SESSION-44cdc048c80875b5	SESSION-44cdc048c80875b5 → pe:syn:SESSION-44cdc048c80875b5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-76bcf8447ee973fd:flow:ff8f00a5616f	SESSION-76bcf8447ee973fd → flow:ff8f00a5616f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a1214f59f834d98:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8a1214f59f834d98 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:f6dc10e80159:port:tcp:443	flow:f6dc10e80159 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-528b3497658f46ec:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-528b3497658f46ec → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d6666ae3e8c32da:host:172.234.197.23	SESSION-6d6666ae3e8c32da → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 70%	e:bsg:SESSION-784ef99bf699df93:BSG-DATA_EXFIL-178e57e7287e	SESSION-784ef99bf699df93 → BSG-DATA_EXFIL-178e57e7287e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-18e7a18371a0d1bf:flow:5468bb482602	SESSION-18e7a18371a0d1bf → flow:5468bb482602
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.178:geo_-23.62930_-46.63510	host:131.196.28.178 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-b0cba2347786f28d:host:177.10.235.85	SESSION-b0cba2347786f28d → host:177.10.235.85
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fc301fc8fa5220df:SESSION-fc301fc8fa5220df	SESSION-fc301fc8fa5220df → pe:tls:SESSION-fc301fc8fa5220df
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-040c9c1730fd990c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-040c9c1730fd990c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e529f6ef28aca515:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e529f6ef28aca515 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7d8111f65a253e3a:SESSION-7d8111f65a253e3a	SESSION-7d8111f65a253e3a → pe:syn:SESSION-7d8111f65a253e3a
FLOW_DST_PORTOBS	e:fp:flow:a835b0336810:port:tcp:443	flow:a835b0336810 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-5972a3b732445423:host:177.10.236.105	SESSION-5972a3b732445423 → host:177.10.236.105
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-518ecd8ebc2250f7:SESSION-518ecd8ebc2250f7	SESSION-518ecd8ebc2250f7 → pe:syn:SESSION-518ecd8ebc2250f7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1f991b6c62555b6c:SESSION-1f991b6c62555b6c	SESSION-1f991b6c62555b6c → pe:tls:SESSION-1f991b6c62555b6c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77a13185d72dec11:PCAP:capture_20260430080001:93f47cc296a4	SESSION-77a13185d72dec11 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-95c23d407c86213b:SESSION-95c23d407c86213b	SESSION-95c23d407c86213b → pe:tls:SESSION-95c23d407c86213b
FLOW_FROM_HOSTOBS	e:from:SESSION-aaf7ce37564a0317:host:131.196.30.201	SESSION-aaf7ce37564a0317 → host:131.196.30.201
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dc1a3553c9b143c5:host:131.196.31.205	SESSION-dc1a3553c9b143c5 → host:131.196.31.205
flow_observed4-aryOBS	e:fo:flow:cbff49bcdc9a	flow:cbff49bcdc9a → host:172.234.197.23 → host:131.196.31.182 → port:tcp:23471
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8bfe47632c127d09:host:131.196.31.77	SESSION-8bfe47632c127d09 → host:131.196.31.77
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-29fae5326f4697b4:SESSION-29fae5326f4697b4	SESSION-29fae5326f4697b4 → pe:tls:SESSION-29fae5326f4697b4
FLOW_DST_PORTOBS	e:fp:flow:ad5526ffb021:port:tcp:443	flow:ad5526ffb021 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-31068e75a101287d:SESSION-31068e75a101287d	SESSION-31068e75a101287d → pe:tls:SESSION-31068e75a101287d
FLOW_DST_PORTOBS	e:fp:flow:29ca525d09fc:port:tcp:443	flow:29ca525d09fc → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-616ab8d382244a8d:host:131.196.31.70:host:172.234.197.23	SESSION-616ab8d382244a8d → host:131.196.31.70 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:73e5710b1731	flow:73e5710b1731 → host:172.234.197.23 → host:177.10.233.150 → port:tcp:32540
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ead5791c5617fb56:host:45.173.156.109	SESSION-ead5791c5617fb56 → host:45.173.156.109
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb0bca31750919c1:host:131.196.28.147	SESSION-fb0bca31750919c1 → host:131.196.28.147
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.103:geo_-16.28860_-49.01640	host:177.10.232.103 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30ddbb300887e80e:host:172.234.197.23	SESSION-30ddbb300887e80e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3a99ef89e8b00159:host:172.234.197.23:host:45.173.156.142	SESSION-3a99ef89e8b00159 → host:172.234.197.23 → host:45.173.156.142
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf8f9827f106db93:flow:87288ec89f1c	SESSION-bf8f9827f106db93 → flow:87288ec89f1c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b51ebf4113a5ef49:SESSION-b51ebf4113a5ef49	SESSION-b51ebf4113a5ef49 → pe:syn:SESSION-b51ebf4113a5ef49
FLOW_DST_PORTOBS	e:fp:flow:d73ed284b477:port:tcp:443	flow:d73ed284b477 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-35228babc2ac6e48:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-35228babc2ac6e48 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-b4020db38e68a457:host:131.196.31.57	SESSION-b4020db38e68a457 → host:131.196.31.57
flow_observed4-aryOBS	e:fo:flow:96f3e0f6ccea	flow:96f3e0f6ccea → host:172.234.197.23 → host:177.10.237.201 → port:tcp:45193
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-764a731a27d64086:PCAP:capture_20260428010001:b1b402c7b202	SESSION-764a731a27d64086 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-409f2c106c7c54cc:flow:db1b5ef81e78	SESSION-409f2c106c7c54cc → flow:db1b5ef81e78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56d3b103682c9fbe:host:177.10.239.148	SESSION-56d3b103682c9fbe → host:177.10.239.148
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-21bd08fb36aa18e9:SESSION-21bd08fb36aa18e9	SESSION-21bd08fb36aa18e9 → pe:tls:SESSION-21bd08fb36aa18e9
FLOW_DST_PORTOBS	e:fp:flow:57ec7a959b8f:port:tcp:61552	flow:57ec7a959b8f → port:tcp:61552
FLOW_FROM_HOSTOBS	e:from:SESSION-5b5af66d109a4873:host:172.234.197.23	SESSION-5b5af66d109a4873 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a84fec3b32ec885d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a84fec3b32ec885d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:32d0af406053:port:tcp:23	flow:32d0af406053 → port:tcp:23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf132b40533c7dcc:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-bf132b40533c7dcc → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e6bf46c9eec8f990:host:177.10.237.89:host:172.234.197.23	SESSION-e6bf46c9eec8f990 → host:177.10.237.89 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:aea828168105	flow:aea828168105 → host:172.234.197.23 → host:131.196.29.132 → port:tcp:22019
FLOW_DST_PORTOBS	e:fp:flow:1b01833b9299:port:udp:53	flow:1b01833b9299 → port:udp:53
FLOW_DST_PORTOBS	e:fp:flow:8fec7176e796:port:tcp:80	flow:8fec7176e796 → port:tcp:80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7ddcefc7eea69488:flow:6dc46f3b4845	SESSION-7ddcefc7eea69488 → flow:6dc46f3b4845
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5f07a2dad0dfb354:SESSION-5f07a2dad0dfb354	SESSION-5f07a2dad0dfb354 → pe:tls:SESSION-5f07a2dad0dfb354
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8b6005e750e5a47f:SESSION-8b6005e750e5a47f	SESSION-8b6005e750e5a47f → pe:tls:SESSION-8b6005e750e5a47f
FLOW_TO_HOSTOBS	e:to:SESSION-770902b82fea5ce5:host:172.234.197.23	SESSION-770902b82fea5ce5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34913801790eb8e4:host:172.234.197.23	SESSION-34913801790eb8e4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9e87c1bf59f6ff4a:host:172.234.197.23	SESSION-9e87c1bf59f6ff4a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:562964a4480b:port:tcp:443	flow:562964a4480b → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3fa65fdb17829700:SESSION-3fa65fdb17829700	SESSION-3fa65fdb17829700 → pe:tls:SESSION-3fa65fdb17829700
FLOW_FROM_HOSTOBS	e:from:SESSION-be0f12df58cf6d46:host:172.234.197.23	SESSION-be0f12df58cf6d46 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d9eaf0aaa345	flow:d9eaf0aaa345 → host:177.10.233.76 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e998b802e74a3139:host:177.10.235.39	SESSION-e998b802e74a3139 → host:177.10.235.39
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ff2bd1b9d0923cc1:PCAP:capture_20260430150001:ded20914761d	SESSION-ff2bd1b9d0923cc1 → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:80.94.92.186:geo_45.99680_24.99700	host:80.94.92.186 → geo_45.99680_24.99700
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6aca00d0413062e5:host:131.196.28.114	SESSION-6aca00d0413062e5 → host:131.196.28.114
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-99ffd8e203ea7715:flow:9fa066ff97a0	SESSION-99ffd8e203ea7715 → flow:9fa066ff97a0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5ddc9130fa518dc:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b5ddc9130fa518dc → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-911659ba7d4041d9:SESSION-911659ba7d4041d9	SESSION-911659ba7d4041d9 → pe:syn:SESSION-911659ba7d4041d9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.251:geo_-23.62930_-46.63510	host:131.196.31.251 → geo_-23.62930_-46.63510
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-b65436b870ef703a:BSG-BEACON-461f216927fb	SESSION-b65436b870ef703a → BSG-BEACON-461f216927fb
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-82e825a4afeeff6a:BSG-BEACON-d0e3cf456f12	SESSION-82e825a4afeeff6a → BSG-BEACON-d0e3cf456f12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-35fcdb0ef59afc26:SESSION-35fcdb0ef59afc26	SESSION-35fcdb0ef59afc26 → pe:syn:SESSION-35fcdb0ef59afc26
FLOW_FROM_HOSTOBS	e:from:SESSION-0510bb60587070dd:host:172.234.197.23	SESSION-0510bb60587070dd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2875d034c942a134:host:172.234.197.23	SESSION-2875d034c942a134 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3b376322eb831975:host:177.10.236.193	SESSION-3b376322eb831975 → host:177.10.236.193
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-48726e3ec935fccb:host:2.57.121.112:host:172.234.197.23	SESSION-48726e3ec935fccb → host:2.57.121.112 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7312728f8a99afb:PCAP:capture_20260430060001:919b39a74464	SESSION-b7312728f8a99afb → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-783c4edbafa3c164:host:142.132.190.158:host:172.234.197.23	SESSION-783c4edbafa3c164 → host:142.132.190.158 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0acd91014f6238ed:PCAP:capture_20260430090001:065659c7d314	SESSION-0acd91014f6238ed → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a73f5b0635e28ad4:host:177.10.236.144:host:172.234.197.23	SESSION-a73f5b0635e28ad4 → host:177.10.236.144 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c92725f4a9fb4a7:host:172.234.197.23	SESSION-6c92725f4a9fb4a7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2f691479e1fc1edf:host:177.10.235.205	SESSION-2f691479e1fc1edf → host:177.10.235.205
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b53dcb5377a03d44:host:51.21.249.220:host:172.234.197.23	SESSION-b53dcb5377a03d44 → host:51.21.249.220 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:288111f38e5f:port:tcp:49074	flow:288111f38e5f → port:tcp:49074
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0da9d7ff41780d23:host:177.10.232.16:host:172.234.197.23	SESSION-0da9d7ff41780d23 → host:177.10.232.16 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f737e621c51c7ecf:SESSION-f737e621c51c7ecf	SESSION-f737e621c51c7ecf → pe:syn:SESSION-f737e621c51c7ecf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.90:geo_-16.28860_-49.01640	host:177.10.238.90 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9ef85fb3b83fc71:host:131.196.28.0	SESSION-d9ef85fb3b83fc71 → host:131.196.28.0
FLOW_DST_PORTOBS	e:fp:flow:034bfee1a8d8:port:tcp:443	flow:034bfee1a8d8 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c3b9d914716975ab:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c3b9d914716975ab → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.186:geo_-16.28860_-49.01640	host:177.10.236.186 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3df67864d859fde0:host:131.196.31.182	SESSION-3df67864d859fde0 → host:131.196.31.182
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e91394d00b664372:PCAP:capture_20260430090001:065659c7d314	SESSION-e91394d00b664372 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-d610f9ec6aa577ae:host:172.234.197.23	SESSION-d610f9ec6aa577ae → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5fbe4987e86bc38:host:172.234.197.23	SESSION-b5fbe4987e86bc38 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c9716031ec5470ef:host:172.234.197.23	SESSION-c9716031ec5470ef → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62d5a334e1fc9bd1:host:177.10.237.213	SESSION-62d5a334e1fc9bd1 → host:177.10.237.213
FLOW_DST_PORTOBS	e:fp:flow:a2afd08744a3:port:tcp:443	flow:a2afd08744a3 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5d6622ca4a22ed44:PCAP:capture_20260430050001:8868731bf8a4	SESSION-5d6622ca4a22ed44 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-9433c1773faa9882:BSG-BEACON-e07f4250263f	SESSION-9433c1773faa9882 → BSG-BEACON-e07f4250263f
flow_observed4-aryOBS	e:fo:flow:d0a4d4e2877a	flow:d0a4d4e2877a → host:172.234.197.23 → host:131.196.30.212 → port:tcp:27725
flow_observed4-aryOBS	e:fo:flow:ab4ed9ea97af	flow:ab4ed9ea97af → host:172.234.197.23 → host:177.10.239.148 → port:tcp:7698
HOST_IN_ASNOBS 85%	e:ha:host:95.135.228.95:asn:203771	host:95.135.228.95 → asn:203771
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.195:geo_-23.62930_-46.63510	host:131.196.28.195 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d9ca387fd672ab7a:PCAP:capture_20260430090001:065659c7d314	SESSION-d9ca387fd672ab7a → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-745ac23dbe7bf2d2:SESSION-745ac23dbe7bf2d2	SESSION-745ac23dbe7bf2d2 → pe:syn:SESSION-745ac23dbe7bf2d2
FLOW_FROM_HOSTOBS	e:from:SESSION-94bbfef7eb27207b:host:177.10.237.4	SESSION-94bbfef7eb27207b → host:177.10.237.4
FLOW_TO_HOSTOBS	e:to:SESSION-d508940aefc84528:host:172.234.197.23	SESSION-d508940aefc84528 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-df808ed8a09d8e60:host:172.234.197.23	SESSION-df808ed8a09d8e60 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-49f6aac001a41393:host:177.10.233.109:host:172.234.197.23	SESSION-49f6aac001a41393 → host:177.10.233.109 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c0709d76f76f731c:host:172.234.197.23	SESSION-c0709d76f76f731c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c2927944fbf9fbe3:host:131.196.30.164	SESSION-c2927944fbf9fbe3 → host:131.196.30.164
flow_observed5-aryOBS	e:fo:flow:a8d9f4468145	flow:a8d9f4468145 → host:177.10.236.63 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-9db977289667177f:host:172.234.197.23	SESSION-9db977289667177f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f2ae6b0bca9a8c33:SESSION-f2ae6b0bca9a8c33	SESSION-f2ae6b0bca9a8c33 → pe:tls:SESSION-f2ae6b0bca9a8c33
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db5998ef2bd3405b:flow:6a188c0fef4c	SESSION-db5998ef2bd3405b → flow:6a188c0fef4c
FLOW_TLS_SNIOBS	e:fs:flow:da534c89e93d:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:da534c89e93d → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-08b271f63f4ccc89:host:177.10.238.49	SESSION-08b271f63f4ccc89 → host:177.10.238.49
FLOW_TO_HOSTOBS	e:to:SESSION-96f33e27040b9bc9:host:172.234.197.23	SESSION-96f33e27040b9bc9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.163:asn:262880	host:177.10.238.163 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fda1fcad7dd8a834:host:172.234.197.23	SESSION-fda1fcad7dd8a834 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-174ad36923ec98ba:host:177.10.238.87	SESSION-174ad36923ec98ba → host:177.10.238.87
FLOW_DST_PORTOBS	e:fp:flow:d9eaf86df5ae:port:tcp:645	flow:d9eaf86df5ae → port:tcp:645
FLOW_DST_PORTOBS	e:fp:flow:9bd03e214ac2:port:tcp:443	flow:9bd03e214ac2 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab1f168a37fae671:host:177.10.237.82	SESSION-ab1f168a37fae671 → host:177.10.237.82
FLOW_FROM_HOSTOBS	e:from:SESSION-8ef1bfc51ed52e33:host:177.10.238.17	SESSION-8ef1bfc51ed52e33 → host:177.10.238.17
FLOW_FROM_HOSTOBS	e:from:SESSION-048f9271a2e27be7:host:177.10.234.51	SESSION-048f9271a2e27be7 → host:177.10.234.51
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a27690ff20574d25:host:131.196.31.27:host:172.234.197.23	SESSION-a27690ff20574d25 → host:131.196.31.27 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2d6545f001e19457:host:172.234.197.23	SESSION-2d6545f001e19457 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:141481d8aead	flow:141481d8aead → host:172.234.197.23 → host:177.10.238.208 → port:tcp:3267
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e5a2ddb999c90e17:SESSION-e5a2ddb999c90e17	SESSION-e5a2ddb999c90e17 → pe:syn:SESSION-e5a2ddb999c90e17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-317129b18cf7eb6c:host:131.196.29.31	SESSION-317129b18cf7eb6c → host:131.196.29.31
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-850471f172c9c8e6:host:131.196.31.165:host:172.234.197.23	SESSION-850471f172c9c8e6 → host:131.196.31.165 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5826a910dfa3cb7f:host:172.234.197.23	SESSION-5826a910dfa3cb7f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dc1a3553c9b143c5:SESSION-dc1a3553c9b143c5	SESSION-dc1a3553c9b143c5 → pe:syn:SESSION-dc1a3553c9b143c5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a3417e991c57bd21:SESSION-a3417e991c57bd21	SESSION-a3417e991c57bd21 → pe:syn:SESSION-a3417e991c57bd21
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fda1fcad7dd8a834:host:172.234.197.23:host:177.10.238.92	SESSION-fda1fcad7dd8a834 → host:172.234.197.23 → host:177.10.238.92
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-074c4a6b1ee06430:host:177.10.235.122:host:172.234.197.23	SESSION-074c4a6b1ee06430 → host:177.10.235.122 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ccbfb0ac760822d:host:45.173.156.134:host:172.234.197.23	SESSION-5ccbfb0ac760822d → host:45.173.156.134 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:c2c88da9287a:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:c2c88da9287a → tls_sni:172-234-197-23.ip.linodeusercontent.com
flow_observed5-aryOBS	e:fo:flow:7272a06da853	flow:7272a06da853 → host:177.10.239.91 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c876d9731eec34af:host:177.10.239.232	SESSION-c876d9731eec34af → host:177.10.239.232
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-29e21c95f9df9427:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-29e21c95f9df9427 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4d1df89a4cf6f008:flow:b85d57875d64	SESSION-4d1df89a4cf6f008 → flow:b85d57875d64
FLOW_TO_HOSTOBS	e:to:SESSION-ea2b78fffe48f844:host:172.234.197.23	SESSION-ea2b78fffe48f844 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aecaf39909333efc:host:172.234.197.23:host:177.10.237.4	SESSION-aecaf39909333efc → host:172.234.197.23 → host:177.10.237.4
FLOW_DST_PORTOBS	e:fp:flow:cb1ecbcc370c:port:tcp:443	flow:cb1ecbcc370c → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-d220051223525d86:host:131.196.28.193	SESSION-d220051223525d86 → host:131.196.28.193
flow_observed5-aryOBS	e:fo:flow:2d3fc437f8bf	flow:2d3fc437f8bf → host:177.10.234.169 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:a860b1a17716	flow:a860b1a17716 → host:172.234.197.23 → host:177.10.239.9 → port:tcp:213
FLOW_DST_PORTOBS	e:fp:flow:5432e52c0c83:port:tcp:443	flow:5432e52c0c83 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-1213fdeaeb0b4e25:host:172.234.197.23	SESSION-1213fdeaeb0b4e25 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-40497d6996ef2088:host:177.10.236.230	SESSION-40497d6996ef2088 → host:177.10.236.230
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2dbb680dd253e19c:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2dbb680dd253e19c → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-2f278495c163e84d:host:131.196.29.97	SESSION-2f278495c163e84d → host:131.196.29.97
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e26c73b3a0fde5e3:flow:02fb45737a78	SESSION-e26c73b3a0fde5e3 → flow:02fb45737a78
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-99d54d6eadbc1138:SESSION-99d54d6eadbc1138	SESSION-99d54d6eadbc1138 → pe:tls:SESSION-99d54d6eadbc1138
FLOW_FROM_HOSTOBS	e:from:SESSION-3988a9d0230ebd4d:host:131.196.29.93	SESSION-3988a9d0230ebd4d → host:131.196.29.93
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-255149252f7b9c37:flow:43aef062f8f5	SESSION-255149252f7b9c37 → flow:43aef062f8f5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-35fcdb0ef59afc26:SESSION-35fcdb0ef59afc26	SESSION-35fcdb0ef59afc26 → pe:tls:SESSION-35fcdb0ef59afc26
FLOW_DST_PORTOBS	e:fp:flow:add213556538:port:tcp:443	flow:add213556538 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:1eb6b92dbb89:port:tcp:443	flow:1eb6b92dbb89 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3185739188bf8a1e:host:172.234.197.23	SESSION-3185739188bf8a1e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-176c7cfb0e699b4d:host:172.234.197.23:host:177.10.237.94	SESSION-176c7cfb0e699b4d → host:172.234.197.23 → host:177.10.237.94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-37c584531b25722b:SESSION-37c584531b25722b	SESSION-37c584531b25722b → pe:syn:SESSION-37c584531b25722b
FLOW_DST_PORTOBS	e:fp:flow:190945c4b75d:port:tcp:443	flow:190945c4b75d → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-d0246a8b70a825de:host:172.234.197.23	SESSION-d0246a8b70a825de → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a70c074fb73905e:host:172.234.197.23	SESSION-7a70c074fb73905e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c83e078f141652ea:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c83e078f141652ea → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d47b3cf0d6133fea:host:172.234.197.23	SESSION-d47b3cf0d6133fea → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.195:geo_-16.28860_-49.01640	host:177.10.233.195 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4370d06debc0fcec:host:172.234.197.23:host:45.173.156.219	SESSION-4370d06debc0fcec → host:172.234.197.23 → host:45.173.156.219
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8739e7552ccb5cc0:host:177.10.234.194	SESSION-8739e7552ccb5cc0 → host:177.10.234.194
flow_observed5-aryOBS	e:fo:flow:2b887733bd54	flow:2b887733bd54 → host:131.196.29.230 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e89ccbf4d277fb8:host:177.10.236.248:host:172.234.197.23	SESSION-7e89ccbf4d277fb8 → host:177.10.236.248 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d52ad61ff8bd	flow:d52ad61ff8bd → host:177.10.236.155 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:7dadcd6ecb3a	flow:7dadcd6ecb3a → host:172.234.197.23 → host:131.196.29.241 → port:tcp:19561
FLOW_FROM_HOSTOBS	e:from:SESSION-0f4fd2f0020968b3:host:45.173.156.124	SESSION-0f4fd2f0020968b3 → host:45.173.156.124
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6e612a684f25ac0f:host:177.10.238.193:host:172.234.197.23	SESSION-6e612a684f25ac0f → host:177.10.238.193 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fad613e75ea639b5:SESSION-fad613e75ea639b5	SESSION-fad613e75ea639b5 → pe:syn:SESSION-fad613e75ea639b5
FLOW_DST_PORTOBS	e:fp:flow:99738992b719:port:tcp:443	flow:99738992b719 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4387fd9792a7eb8a:host:131.196.30.207:host:172.234.197.23	SESSION-4387fd9792a7eb8a → host:131.196.30.207 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0d0398759d8b	flow:0d0398759d8b → host:177.10.234.164 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-33fcdd018bdc1a2c:host:172.234.197.23	SESSION-33fcdd018bdc1a2c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:34d8db9f8965:port:tcp:443	flow:34d8db9f8965 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e00ced36c846b73a:SESSION-e00ced36c846b73a	SESSION-e00ced36c846b73a → pe:syn:SESSION-e00ced36c846b73a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77c4ff849445b3aa:flow:62cdb0ac1510	SESSION-77c4ff849445b3aa → flow:62cdb0ac1510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e182e837f26eb64a:SESSION-e182e837f26eb64a	SESSION-e182e837f26eb64a → pe:tls:SESSION-e182e837f26eb64a
HOST_IN_ASNOBS 85%	e:ha:host:94.130.10.221:asn:24940	host:94.130.10.221 → asn:24940
FLOW_TO_HOSTOBS	e:to:SESSION-52ffcd7f81b035e2:host:172.234.197.23	SESSION-52ffcd7f81b035e2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fd2a5925828b8076:SESSION-fd2a5925828b8076	SESSION-fd2a5925828b8076 → pe:tls:SESSION-fd2a5925828b8076
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ada05a103ba2b64:host:131.196.29.4	SESSION-9ada05a103ba2b64 → host:131.196.29.4
flow_observed5-aryOBS	e:fo:flow:31bb26426caa	flow:31bb26426caa → host:131.196.29.116 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-54127ab649dd8e15:BSG-DATA_EXFIL-88a04fd5c87b	SESSION-54127ab649dd8e15 → BSG-DATA_EXFIL-88a04fd5c87b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.192:asn:262880	host:177.10.237.192 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac6ab160136e0424:host:172.234.197.23	SESSION-ac6ab160136e0424 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2c24cbdb3e7b273c:flow:4cb6c8af98e7	SESSION-2c24cbdb3e7b273c → flow:4cb6c8af98e7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-74adb0edbcc9dd0a:flow:5c7e706032fa	SESSION-74adb0edbcc9dd0a → flow:5c7e706032fa
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b00134b34a3a387f:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-b00134b34a3a387f → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8cc58a61b872e266:host:172.234.197.23	SESSION-8cc58a61b872e266 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c430ce1d88348c67:SESSION-c430ce1d88348c67	SESSION-c430ce1d88348c67 → pe:tls:SESSION-c430ce1d88348c67
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-276107f90ab0c118:SESSION-276107f90ab0c118	SESSION-276107f90ab0c118 → pe:tls:SESSION-276107f90ab0c118
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.254:geo_-16.28860_-49.01640	host:177.10.233.254 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ab185a89adee30ab:SESSION-ab185a89adee30ab	SESSION-ab185a89adee30ab → pe:syn:SESSION-ab185a89adee30ab
FLOW_FROM_HOSTOBS	e:from:SESSION-a208e591aeac31e9:host:177.10.234.203	SESSION-a208e591aeac31e9 → host:177.10.234.203
FLOW_DST_PORTOBS	e:fp:flow:e969f32074de:port:tcp:13510	flow:e969f32074de → port:tcp:13510
FLOW_DST_PORTOBS	e:fp:flow:4bc72c3e6d72:port:tcp:443	flow:4bc72c3e6d72 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dcbceebcfa7feba5:SESSION-dcbceebcfa7feba5	SESSION-dcbceebcfa7feba5 → pe:syn:SESSION-dcbceebcfa7feba5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6a936b4b3a73fb0c:flow:bf1cd7116e24	SESSION-6a936b4b3a73fb0c → flow:bf1cd7116e24
FLOW_DST_PORTOBS	e:fp:flow:24c15ddb7f04:port:tcp:443	flow:24c15ddb7f04 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bcca913f927ee07e:SESSION-bcca913f927ee07e	SESSION-bcca913f927ee07e → pe:syn:SESSION-bcca913f927ee07e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dc755b03d1f3f489:SESSION-dc755b03d1f3f489	SESSION-dc755b03d1f3f489 → pe:syn:SESSION-dc755b03d1f3f489
FLOW_DST_PORTOBS	e:fp:flow:17dcf413c382:port:tcp:443	flow:17dcf413c382 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e87c1bf59f6ff4a:host:172.234.197.23	SESSION-9e87c1bf59f6ff4a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c9c5b30eb4b7e446:SESSION-c9c5b30eb4b7e446	SESSION-c9c5b30eb4b7e446 → pe:tls:SESSION-c9c5b30eb4b7e446
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d467c8665ef34f6a:SESSION-d467c8665ef34f6a	SESSION-d467c8665ef34f6a → pe:tls:SESSION-d467c8665ef34f6a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-537461a77052bb13:SESSION-537461a77052bb13	SESSION-537461a77052bb13 → pe:rst:SESSION-537461a77052bb13
FLOW_TO_HOSTOBS	e:to:SESSION-16df0786ef84574d:host:177.10.233.22	SESSION-16df0786ef84574d → host:177.10.233.22
flow_observed4-aryOBS	e:fo:flow:3d371f84b45c	flow:3d371f84b45c → host:172.234.197.23 → host:131.196.30.142 → port:tcp:51462
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b00134b34a3a387f:host:13.208.161.175:host:172.234.197.23	SESSION-b00134b34a3a387f → host:13.208.161.175 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:016756b273f6:port:tcp:443	flow:016756b273f6 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-07675572faa18905:host:45.173.156.100	SESSION-07675572faa18905 → host:45.173.156.100
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e6d659d940e075af:SESSION-e6d659d940e075af	SESSION-e6d659d940e075af → pe:syn:SESSION-e6d659d940e075af
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f306c00af6aee0a4:host:177.10.236.239:host:172.234.197.23	SESSION-f306c00af6aee0a4 → host:177.10.236.239 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-df1a511d64dc2d8e:host:172.234.197.23	SESSION-df1a511d64dc2d8e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c615690895f6d3c9:host:172.234.197.23	SESSION-c615690895f6d3c9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.39:asn:262880	host:177.10.234.39 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3f275f56cd4e0d64:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-3f275f56cd4e0d64 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d1d152bdff2d4d10:SESSION-d1d152bdff2d4d10	SESSION-d1d152bdff2d4d10 → pe:tls:SESSION-d1d152bdff2d4d10
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3ea63b0a223461f6:host:172.234.197.23:host:131.196.29.41	SESSION-3ea63b0a223461f6 → host:172.234.197.23 → host:131.196.29.41
flow_observed5-aryOBS	e:fo:flow:25de7fffdafc	flow:25de7fffdafc → host:177.10.232.89 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-11da84003d7810c4:BSG-DATA_EXFIL-fdfb7ad914b5	SESSION-11da84003d7810c4 → BSG-DATA_EXFIL-fdfb7ad914b5
FLOW_DST_PORTOBS	e:fp:flow:6654f90df68f:port:tcp:7782	flow:6654f90df68f → port:tcp:7782
FLOW_TO_HOSTOBS	e:to:SESSION-0da9d7ff41780d23:host:172.234.197.23	SESSION-0da9d7ff41780d23 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-656bb895abc59727:SESSION-656bb895abc59727	SESSION-656bb895abc59727 → pe:syn:SESSION-656bb895abc59727
flow_observed5-aryOBS	e:fo:flow:75ceec3cd86b	flow:75ceec3cd86b → host:177.10.235.64 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77c18cfa23ea97ee:host:177.10.232.251	SESSION-77c18cfa23ea97ee → host:177.10.232.251
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e853a157c23802e1:host:172.234.197.23	SESSION-e853a157c23802e1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b61117bf3d91dba8:host:177.10.238.110	SESSION-b61117bf3d91dba8 → host:177.10.238.110
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8409f84148f471e2:host:172.234.197.23:host:131.196.28.100	SESSION-8409f84148f471e2 → host:172.234.197.23 → host:131.196.28.100
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ed37df036f91c955:flow:64d50f2445dd	SESSION-ed37df036f91c955 → flow:64d50f2445dd
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.110:geo_-16.28860_-49.01640	host:177.10.236.110 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-406d5e8256fbfc45:host:131.196.29.41	SESSION-406d5e8256fbfc45 → host:131.196.29.41
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7937f820efd31935:PCAP:capture_20260430080001:93f47cc296a4	SESSION-7937f820efd31935 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-394aeca8e13c39b2:flow:1040a37ad4b8	SESSION-394aeca8e13c39b2 → flow:1040a37ad4b8
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.240:asn:273470	host:45.173.156.240 → asn:273470
flow_observed5-aryOBS	e:fo:flow:8f460b344d15	flow:8f460b344d15 → host:177.10.234.23 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6af0fd134ffb330e:flow:821c1d151be5	SESSION-6af0fd134ffb330e → flow:821c1d151be5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5816b4a8f681ef76:SESSION-5816b4a8f681ef76	SESSION-5816b4a8f681ef76 → pe:syn:SESSION-5816b4a8f681ef76
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.151:geo_-16.28860_-49.01640	host:177.10.237.151 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bc6a5831c46f644f:SESSION-bc6a5831c46f644f	SESSION-bc6a5831c46f644f → pe:syn:SESSION-bc6a5831c46f644f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.140:geo_-16.28860_-49.01640	host:177.10.239.140 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-34c02a09bd1ab4d1:host:45.145.152.222:host:172.234.197.23	SESSION-34c02a09bd1ab4d1 → host:45.145.152.222 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-381a0e70ba36b75c:SESSION-381a0e70ba36b75c	SESSION-381a0e70ba36b75c → pe:syn:SESSION-381a0e70ba36b75c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-30c6bfe2ed3a5bca:SESSION-30c6bfe2ed3a5bca	SESSION-30c6bfe2ed3a5bca → pe:rst:SESSION-30c6bfe2ed3a5bca
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09c0e42aa6120a11:host:172.234.197.23	SESSION-09c0e42aa6120a11 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bd383841fa2b:port:tcp:24843	flow:bd383841fa2b → port:tcp:24843
FLOW_DST_PORTOBS	e:fp:flow:8bfba4698bee:port:tcp:443	flow:8bfba4698bee → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-0a11bbc1f12398e3:host:177.10.235.241	SESSION-0a11bbc1f12398e3 → host:177.10.235.241
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b4341cac0cb5b3aa:flow:6ec58d812c3c	SESSION-b4341cac0cb5b3aa → flow:6ec58d812c3c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f81e7ae5e8e38135:SESSION-f81e7ae5e8e38135	SESSION-f81e7ae5e8e38135 → pe:syn:SESSION-f81e7ae5e8e38135
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42d85a7a0d0a6c22:host:45.173.156.186	SESSION-42d85a7a0d0a6c22 → host:45.173.156.186
FLOW_FROM_HOSTOBS	e:from:SESSION-5792abf3d18d9356:host:177.10.237.35	SESSION-5792abf3d18d9356 → host:177.10.237.35
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0fe55e7c11d50f79:PCAP:capture_20260430090001:065659c7d314	SESSION-0fe55e7c11d50f79 → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c421ecd159f7b93a:host:177.10.232.2:host:172.234.197.23	SESSION-c421ecd159f7b93a → host:177.10.232.2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2f99dd3ca5b14a25:flow:98496b0aeabc	SESSION-2f99dd3ca5b14a25 → flow:98496b0aeabc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eaa7799a31d50d65:PCAP:capture_20260430050001:8868731bf8a4	SESSION-eaa7799a31d50d65 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0b71b9d0133c3b30:host:131.196.31.142:host:172.234.197.23	SESSION-0b71b9d0133c3b30 → host:131.196.31.142 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fda5d1d0c89bbfd4:SESSION-fda5d1d0c89bbfd4	SESSION-fda5d1d0c89bbfd4 → pe:tls:SESSION-fda5d1d0c89bbfd4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-38a436ec3884f938:flow:6ff9de6d0222	SESSION-38a436ec3884f938 → flow:6ff9de6d0222
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68010cf4db790ce8:host:95.170.25.245:host:172.234.197.23	SESSION-68010cf4db790ce8 → host:95.170.25.245 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cf85a83f91ce2875:flow:cb293ef68a69	SESSION-cf85a83f91ce2875 → flow:cb293ef68a69
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bcd94ff2cea5ca72:host:177.10.239.10:host:172.234.197.23	SESSION-bcd94ff2cea5ca72 → host:177.10.239.10 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.185:asn:273470	host:45.173.156.185 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44bc098e411317a4:host:177.10.235.174	SESSION-44bc098e411317a4 → host:177.10.235.174
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 60%	e:bsg:SESSION-393d4d02c091bd7e:BSG-FAILED_HANDSHAKE-a8999c33abbc	SESSION-393d4d02c091bd7e → BSG-FAILED_HANDSHAKE-a8999c33abbc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1bc39f4f18cf27f2:SESSION-1bc39f4f18cf27f2	SESSION-1bc39f4f18cf27f2 → pe:tls:SESSION-1bc39f4f18cf27f2
FLOW_DST_PORTOBS	e:fp:flow:5b69a0cfa4b4:port:tcp:443	flow:5b69a0cfa4b4 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-341468c084cc4cf3:flow:cc8259921822	SESSION-341468c084cc4cf3 → flow:cc8259921822
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-802ccc988b65b38c:host:131.196.28.2	SESSION-802ccc988b65b38c → host:131.196.28.2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3a825e71225466eb:flow:ddb8eea7a241	SESSION-3a825e71225466eb → flow:ddb8eea7a241
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e26c73b3a0fde5e3:host:172.234.197.23	SESSION-e26c73b3a0fde5e3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-67ad2a69e8a9ea9e:host:131.196.30.36:host:172.234.197.23	SESSION-67ad2a69e8a9ea9e → host:131.196.30.36 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:943d842fa81c:port:udp:53	flow:943d842fa81c → port:udp:53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c74fe87f9177e103:SESSION-c74fe87f9177e103	SESSION-c74fe87f9177e103 → pe:syn:SESSION-c74fe87f9177e103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3393fca13374f4c8:host:172.234.197.23	SESSION-3393fca13374f4c8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3e5ef5a453dff40:host:177.10.238.151	SESSION-f3e5ef5a453dff40 → host:177.10.238.151
FLOW_TO_HOSTOBS	e:to:SESSION-338820b1c26f8211:host:172.234.197.23	SESSION-338820b1c26f8211 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.215:geo_-23.62930_-46.63510	host:131.196.29.215 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bb20bb92bfdba895:flow:d04a7b552866	SESSION-bb20bb92bfdba895 → flow:d04a7b552866
FLOW_FROM_HOSTOBS	e:from:SESSION-b7e06a830af01410:host:172.234.197.23	SESSION-b7e06a830af01410 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e743a12f6a9d6a4:host:177.10.235.187	SESSION-8e743a12f6a9d6a4 → host:177.10.235.187
FLOW_DST_PORTOBS	e:fp:flow:f617ae242ef6:port:tcp:443	flow:f617ae242ef6 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-59d92efe40de2f35:host:177.10.236.124:host:172.234.197.23	SESSION-59d92efe40de2f35 → host:177.10.236.124 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8edb3b96f7c4:port:tcp:57019	flow:8edb3b96f7c4 → port:tcp:57019
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-60aea8c76fce71c9:SESSION-60aea8c76fce71c9	SESSION-60aea8c76fce71c9 → pe:tls:SESSION-60aea8c76fce71c9
FLOW_FROM_HOSTOBS	e:from:SESSION-2235ad305872b9c2:host:172.234.197.23	SESSION-2235ad305872b9c2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8402a55882de6bd8:host:172.234.197.23	SESSION-8402a55882de6bd8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6f014e747003	flow:6f014e747003 → host:177.10.237.143 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e48a8daff67bbc71:host:131.196.30.253	SESSION-e48a8daff67bbc71 → host:131.196.30.253
FLOW_DST_PORTOBS	e:fp:flow:39468f538c38:port:tcp:443	flow:39468f538c38 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-dc755b03d1f3f489:host:172.234.197.23	SESSION-dc755b03d1f3f489 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3e2d293cdcc6efc8:host:177.10.236.100:host:172.234.197.23	SESSION-3e2d293cdcc6efc8 → host:177.10.236.100 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-12cb447eb42d83b5:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-12cb447eb42d83b5 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-44a6b99289a2f8de:flow:fc21027b7229	SESSION-44a6b99289a2f8de → flow:fc21027b7229
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.230:asn:262880	host:177.10.233.230 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-133d7db2ccbe04c8:host:172.234.197.23:host:177.10.233.192	SESSION-133d7db2ccbe04c8 → host:172.234.197.23 → host:177.10.233.192
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-025a43ae01804438:flow:b8254c8ce12b	SESSION-025a43ae01804438 → flow:b8254c8ce12b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-54b62e34296d5c17:PCAP:capture_20260430160001:9bfa4498506a	SESSION-54b62e34296d5c17 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4ef3ba231e3ca4d6:host:31.40.196.199:host:172.234.197.23	SESSION-4ef3ba231e3ca4d6 → host:31.40.196.199 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c766f181ead012ae:SESSION-c766f181ead012ae	SESSION-c766f181ead012ae → pe:syn:SESSION-c766f181ead012ae
FLOW_FROM_HOSTOBS	e:from:SESSION-74188080b03487af:host:172.234.197.23	SESSION-74188080b03487af → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.210:asn:262880	host:177.10.239.210 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b59030bd39741ab3:PCAP:capture_20260430150001:ded20914761d	SESSION-b59030bd39741ab3 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ddfef5208babd34:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6ddfef5208babd34 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-84d24c52e1f02eee:PCAP:capture_20260430110001:43611bdf6759	SESSION-84d24c52e1f02eee → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6bfe68f8e20317f4:flow:d2632cff07c3	SESSION-6bfe68f8e20317f4 → flow:d2632cff07c3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.0:geo_-23.62930_-46.63510	host:131.196.30.0 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6fdc52c769919c0f:host:177.10.238.60	SESSION-6fdc52c769919c0f → host:177.10.238.60
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-52e63b8cb0c4a7de:PCAP:capture_20260430110001:43611bdf6759	SESSION-52e63b8cb0c4a7de → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-76512232807349be:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-76512232807349be → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30152f28b63d1649:host:172.234.197.23	SESSION-30152f28b63d1649 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-82fb3096076edb8c:host:45.173.156.70	SESSION-82fb3096076edb8c → host:45.173.156.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c2927944fbf9fbe3:SESSION-c2927944fbf9fbe3	SESSION-c2927944fbf9fbe3 → pe:tls:SESSION-c2927944fbf9fbe3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b7ac052262d51e17:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b7ac052262d51e17 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2824f9b79e0fb1f1:flow:924a996c5dd9	SESSION-2824f9b79e0fb1f1 → flow:924a996c5dd9
flow_observed5-aryOBS	e:fo:flow:19b5b49ec869	flow:19b5b49ec869 → host:45.145.152.19 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_TO_HOSTOBS	e:to:SESSION-3eb6cc7ca453157a:host:172.234.197.23	SESSION-3eb6cc7ca453157a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:47327e57a845	flow:47327e57a845 → host:177.10.239.24 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f479af38d87d852f:SESSION-f479af38d87d852f	SESSION-f479af38d87d852f → pe:tls:SESSION-f479af38d87d852f
FLOW_FROM_HOSTOBS	e:from:SESSION-ef46e42b79ae57cb:host:172.234.197.23	SESSION-ef46e42b79ae57cb → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3739e8b613327ce5:SESSION-3739e8b613327ce5	SESSION-3739e8b613327ce5 → pe:syn:SESSION-3739e8b613327ce5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0da58b5e3634dda2:host:54.245.183.167:host:172.234.197.23	SESSION-0da58b5e3634dda2 → host:54.245.183.167 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.199:asn:203771	host:185.231.226.199 → asn:203771
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-964acfd97ca38755:host:177.10.234.95:host:172.234.197.23	SESSION-964acfd97ca38755 → host:177.10.234.95 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:fa27f0003580	flow:fa27f0003580 → host:172.234.197.23 → host:131.196.30.114 → port:tcp:52356
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.126:asn:271410	host:131.196.31.126 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e62c7e5ed36c3850:host:177.10.236.232	SESSION-e62c7e5ed36c3850 → host:177.10.236.232
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e77787f9a5bab711:flow:2c934e4ce246	SESSION-e77787f9a5bab711 → flow:2c934e4ce246
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ee9ba8cae5cc2ab:SESSION-2ee9ba8cae5cc2ab	SESSION-2ee9ba8cae5cc2ab → pe:tls:SESSION-2ee9ba8cae5cc2ab
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-727af4ad5af6cc01:flow:a787ca249a1b	SESSION-727af4ad5af6cc01 → flow:a787ca249a1b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-46f70ffa54883bab:host:195.154.100.87:host:172.234.197.23	SESSION-46f70ffa54883bab → host:195.154.100.87 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-154a0a352559b94b:host:131.196.29.224	SESSION-154a0a352559b94b → host:131.196.29.224
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e21e19309bc8d324:host:172.234.197.23	SESSION-e21e19309bc8d324 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-288ea97e67f438e3:SESSION-288ea97e67f438e3	SESSION-288ea97e67f438e3 → pe:syn:SESSION-288ea97e67f438e3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3ae59ca72364f9e1:host:131.196.30.65:host:172.234.197.23	SESSION-3ae59ca72364f9e1 → host:131.196.30.65 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ab6d0c9e6f54de20:PCAP:capture_20260430070001:903a0e7a436b	SESSION-ab6d0c9e6f54de20 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-734d97fdd69356a6:host:172.234.197.23	SESSION-734d97fdd69356a6 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:68666ee32d2b	flow:68666ee32d2b → host:18.100.238.122 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c1b9603c0e1ea765:SESSION-c1b9603c0e1ea765	SESSION-c1b9603c0e1ea765 → pe:syn:SESSION-c1b9603c0e1ea765
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.142:geo_-23.62930_-46.63510	host:131.196.31.142 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5fc95fe30edf5706:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5fc95fe30edf5706 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-779d668625040802:PCAP:capture_20260430060001:919b39a74464	SESSION-779d668625040802 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-d6c92d9b97cea9da:host:172.234.197.23	SESSION-d6c92d9b97cea9da → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7240be1eb77ed4f4:PCAP:capture_20260430090001:065659c7d314	SESSION-7240be1eb77ed4f4 → PCAP:capture_20260430090001:065659c7d314
FLOW_TLS_SNIOBS	e:fs:flow:88fcb1cd71e8:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:88fcb1cd71e8 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-312ea7073c45e21c:host:172.234.197.23	SESSION-312ea7073c45e21c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-70ca21a7c0c8fc42:SESSION-70ca21a7c0c8fc42	SESSION-70ca21a7c0c8fc42 → pe:syn:SESSION-70ca21a7c0c8fc42
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-117c00f29ed332ce:host:172.234.197.23	SESSION-117c00f29ed332ce → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-62151f99a31dc755:PCAP:capture_20260430080001:93f47cc296a4	SESSION-62151f99a31dc755 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2a9f928f7ece6fbf:SESSION-2a9f928f7ece6fbf	SESSION-2a9f928f7ece6fbf → pe:syn:SESSION-2a9f928f7ece6fbf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ca6098e1767361a3:flow:d234dce1ecac	SESSION-ca6098e1767361a3 → flow:d234dce1ecac
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a8694ae6f41e5eb8:host:131.196.29.106:host:172.234.197.23	SESSION-a8694ae6f41e5eb8 → host:131.196.29.106 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-671ee03668a9eda8:SESSION-671ee03668a9eda8	SESSION-671ee03668a9eda8 → pe:tls:SESSION-671ee03668a9eda8
FLOW_FROM_HOSTOBS	e:from:SESSION-d2c659a567a628e2:host:172.234.197.23	SESSION-d2c659a567a628e2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d19d94f92718	flow:d19d94f92718 → host:131.196.31.122 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d47d434116add089:flow:18b95de0c94f	SESSION-d47d434116add089 → flow:18b95de0c94f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6dacc3093e29f894:SESSION-6dacc3093e29f894	SESSION-6dacc3093e29f894 → pe:tls:SESSION-6dacc3093e29f894
flow_observed5-aryOBS	e:fo:flow:2eafb8abd862	flow:2eafb8abd862 → host:177.10.234.154 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e45220a51eb759d9:flow:b2a447e74eac	SESSION-e45220a51eb759d9 → flow:b2a447e74eac
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.108:geo_-16.28860_-49.01640	host:177.10.239.108 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-ac14845b1a23366d:host:177.10.232.52	SESSION-ac14845b1a23366d → host:177.10.232.52
flow_observed5-aryOBS	e:fo:flow:fe4d1ca292f6	flow:fe4d1ca292f6 → host:131.196.29.225 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8d11cc9a154a777c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8d11cc9a154a777c → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e405c5dfa444c3be:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-e405c5dfa444c3be → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-19e0bdfc1305c6ba:host:177.10.239.247:host:172.234.197.23	SESSION-19e0bdfc1305c6ba → host:177.10.239.247 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-feb3207d55e7c5c5:host:172.234.197.23	SESSION-feb3207d55e7c5c5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-119f9a3698c24414:host:177.10.239.164	SESSION-119f9a3698c24414 → host:177.10.239.164
FLOW_DST_PORTOBS	e:fp:flow:1896f5231e74:port:tcp:443	flow:1896f5231e74 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65bd30307946d7be:flow:3d7f5e615b32	SESSION-65bd30307946d7be → flow:3d7f5e615b32
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad31d7217a236b09:host:177.10.237.14	SESSION-ad31d7217a236b09 → host:177.10.237.14
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9ab55f3989857eec:flow:acbb8fcdb057	SESSION-9ab55f3989857eec → flow:acbb8fcdb057
FLOW_TO_HOSTOBS	e:to:SESSION-926d10c9776453b9:host:131.196.30.104	SESSION-926d10c9776453b9 → host:131.196.30.104
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55187c9d4dc6d2e7:host:172.234.197.23	SESSION-55187c9d4dc6d2e7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-592321b004976459:host:177.10.239.190	SESSION-592321b004976459 → host:177.10.239.190
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-55979c68784410e0:PCAP:capture_20260430080001:93f47cc296a4	SESSION-55979c68784410e0 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-187a70856b24c84b:host:177.10.234.201	SESSION-187a70856b24c84b → host:177.10.234.201
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bee41282d03c4eb5:host:172.234.197.23:host:177.10.232.151	SESSION-bee41282d03c4eb5 → host:172.234.197.23 → host:177.10.232.151
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-efb89dcd313d4029:flow:30abe7e74963	SESSION-efb89dcd313d4029 → flow:30abe7e74963
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c1a14827dc654457:flow:329147a28565	SESSION-c1a14827dc654457 → flow:329147a28565
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc060cc400f18b5d:host:131.196.31.133:host:172.234.197.23	SESSION-cc060cc400f18b5d → host:131.196.31.133 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02163c9e3a8cc49d:host:131.196.28.149	SESSION-02163c9e3a8cc49d → host:131.196.28.149
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.236:asn:271410	host:131.196.29.236 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8b6005e750e5a47f:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8b6005e750e5a47f → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b1078812f997c85:host:177.10.236.1	SESSION-7b1078812f997c85 → host:177.10.236.1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.74:geo_-23.62930_-46.63510	host:131.196.30.74 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-836e4ff4bdb8da04:host:131.196.28.185	SESSION-836e4ff4bdb8da04 → host:131.196.28.185
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-623bd72e2e38d66b:host:131.196.30.72	SESSION-623bd72e2e38d66b → host:131.196.30.72
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96b1ae4f2b433079:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-96b1ae4f2b433079 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:5282a60bb3a6:port:tcp:443	flow:5282a60bb3a6 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-30e9e6bd80ef39ea:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-30e9e6bd80ef39ea → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6b4419d123b2f0e3:SESSION-6b4419d123b2f0e3	SESSION-6b4419d123b2f0e3 → pe:syn:SESSION-6b4419d123b2f0e3
FLOW_DST_PORTOBS	e:fp:flow:274a2e3ab257:port:tcp:35315	flow:274a2e3ab257 → port:tcp:35315
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8b3ab5aeea0af112:SESSION-8b3ab5aeea0af112	SESSION-8b3ab5aeea0af112 → pe:syn:SESSION-8b3ab5aeea0af112
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ce047c01fb54580f:SESSION-ce047c01fb54580f	SESSION-ce047c01fb54580f → pe:syn:SESSION-ce047c01fb54580f
FLOW_DST_PORTOBS	e:fp:flow:171a150e17c9:port:tcp:7263	flow:171a150e17c9 → port:tcp:7263
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3be9919fc6df9ffa:flow:bad9568a8243	SESSION-3be9919fc6df9ffa → flow:bad9568a8243
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b78ee328a5f7ceab:SESSION-b78ee328a5f7ceab	SESSION-b78ee328a5f7ceab → pe:syn:SESSION-b78ee328a5f7ceab
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2392c0826d87e845:host:45.173.156.238:host:172.234.197.23	SESSION-2392c0826d87e845 → host:45.173.156.238 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b70d9bf346b75217:host:177.10.239.59	SESSION-b70d9bf346b75217 → host:177.10.239.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-932a817ddabc353f:host:172.234.197.23	SESSION-932a817ddabc353f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-de35503b4a9f2ce3:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-de35503b4a9f2ce3 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed4-aryOBS	e:fo:flow:de846744fe67	flow:de846744fe67 → host:172.234.197.23 → host:177.10.234.152 → port:tcp:28313
FLOW_FROM_HOSTOBS	e:from:SESSION-f0b2e3019193f1ba:host:177.10.232.91	SESSION-f0b2e3019193f1ba → host:177.10.232.91
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4da5ddbc1348c177:SESSION-4da5ddbc1348c177	SESSION-4da5ddbc1348c177 → pe:tls:SESSION-4da5ddbc1348c177
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8958b8d9cf24f177:host:131.196.31.74:host:172.234.197.23	SESSION-8958b8d9cf24f177 → host:131.196.31.74 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ed3c0cac572dff6:host:172.234.197.23	SESSION-9ed3c0cac572dff6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-defe39665fdb6580:host:177.10.237.83	SESSION-defe39665fdb6580 → host:177.10.237.83
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-597e69ebdf7ef93f:SESSION-597e69ebdf7ef93f	SESSION-597e69ebdf7ef93f → pe:syn:SESSION-597e69ebdf7ef93f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-62458b132c4d6b0d:SESSION-62458b132c4d6b0d	SESSION-62458b132c4d6b0d → pe:syn:SESSION-62458b132c4d6b0d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b8fb4f1df9684ff2:SESSION-b8fb4f1df9684ff2	SESSION-b8fb4f1df9684ff2 → pe:syn:SESSION-b8fb4f1df9684ff2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-140a58b5ab5dfb04:host:172.234.197.23	SESSION-140a58b5ab5dfb04 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f56950d8d19e118b:flow:fe93b65145cc	SESSION-f56950d8d19e118b → flow:fe93b65145cc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-27d66e2c1260cc5f:flow:249b28ea4cc9	SESSION-27d66e2c1260cc5f → flow:249b28ea4cc9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2579d58cc01cbffa:host:172.234.197.23	SESSION-2579d58cc01cbffa → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ca44e56e93546a2c:host:172.234.197.23:host:131.196.31.185	SESSION-ca44e56e93546a2c → host:172.234.197.23 → host:131.196.31.185
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3b376322eb831975:host:177.10.236.193	SESSION-3b376322eb831975 → host:177.10.236.193
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-235be73d0ead16ae:host:131.196.28.193	SESSION-235be73d0ead16ae → host:131.196.28.193
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-98452f7d1a82c494:host:172.234.197.23:host:177.10.238.160	SESSION-98452f7d1a82c494 → host:172.234.197.23 → host:177.10.238.160
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-82f2c01059fea89b:host:177.10.235.192	SESSION-82f2c01059fea89b → host:177.10.235.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9db977289667177f:SESSION-9db977289667177f	SESSION-9db977289667177f → pe:tls:SESSION-9db977289667177f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2e3764b25412d87e:SESSION-2e3764b25412d87e	SESSION-2e3764b25412d87e → pe:tls:SESSION-2e3764b25412d87e
flow_observed5-aryOBS	e:fo:flow:9fdd0c4709fb	flow:9fdd0c4709fb → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f15dcbaf5ef33ebd:host:172.234.197.23	SESSION-f15dcbaf5ef33ebd → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b3948aeec4a52663:host:131.196.31.80:host:172.234.197.23	SESSION-b3948aeec4a52663 → host:131.196.31.80 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-55794f9e7b1a9e7f:host:177.10.234.250	SESSION-55794f9e7b1a9e7f → host:177.10.234.250
flow_observed5-aryOBS	e:fo:flow:398ded72c92f	flow:398ded72c92f → host:177.10.234.64 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9af6eb1ce6cb824f:host:45.173.156.84:host:172.234.197.23	SESSION-9af6eb1ce6cb824f → host:45.173.156.84 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.161:geo_-21.10010_-41.69200	host:45.173.156.161 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-687ff071deb77d90:host:172.234.197.23	SESSION-687ff071deb77d90 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:da0c79ec8c91	flow:da0c79ec8c91 → host:44.247.223.188 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.46:geo_-23.62930_-46.63510	host:131.196.31.46 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.164:asn:262880	host:177.10.236.164 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3d6a52e82bb8db7f:host:172.234.197.23	SESSION-3d6a52e82bb8db7f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bfe3e48aa982c746:SESSION-bfe3e48aa982c746	SESSION-bfe3e48aa982c746 → pe:tls:SESSION-bfe3e48aa982c746
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02ee946ab454bede:host:172.234.197.23	SESSION-02ee946ab454bede → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d9eaf0aaa345:port:tcp:443	flow:d9eaf0aaa345 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-805d717a82cbb042:host:131.196.28.140	SESSION-805d717a82cbb042 → host:131.196.28.140
flow_observed5-aryOBS	e:fo:flow:57e2b37c68b2	flow:57e2b37c68b2 → host:131.196.30.13 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b1ca06073d474c63:SESSION-b1ca06073d474c63	SESSION-b1ca06073d474c63 → pe:tls:SESSION-b1ca06073d474c63
FLOW_FROM_HOSTOBS	e:from:SESSION-2be203d892e5c4c6:host:177.10.235.13	SESSION-2be203d892e5c4c6 → host:177.10.235.13
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77a13185d72dec11:SESSION-77a13185d72dec11	SESSION-77a13185d72dec11 → pe:syn:SESSION-77a13185d72dec11
FLOW_DST_PORTOBS	e:fp:flow:d9b5c938ec53:port:tcp:443	flow:d9b5c938ec53 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d77225c69f4fe117:host:172.234.197.23	SESSION-d77225c69f4fe117 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64e6d0099998fde8:host:131.196.30.162	SESSION-64e6d0099998fde8 → host:131.196.30.162
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-132ae74090c90dac:host:172.234.197.23	SESSION-132ae74090c90dac → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.201:asn:262880	host:177.10.233.201 → asn:262880
flow_observed5-aryOBS	e:fo:flow:71a54b37ed7c	flow:71a54b37ed7c → host:177.10.234.45 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-458faec2c6be4af1:host:131.196.30.61	SESSION-458faec2c6be4af1 → host:131.196.30.61
FLOW_DST_PORTOBS	e:fp:flow:03213edca3f5:port:tcp:443	flow:03213edca3f5 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.173:asn:262880	host:177.10.236.173 → asn:262880
flow_observed5-aryOBS	e:fo:flow:a7998d580970	flow:a7998d580970 → host:177.10.234.176 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5d45bed796decc2:host:45.173.156.208	SESSION-b5d45bed796decc2 → host:45.173.156.208
FLOW_FROM_HOSTOBS	e:from:SESSION-4a1d91047073c4c2:host:177.10.237.103	SESSION-4a1d91047073c4c2 → host:177.10.237.103
flow_observed5-aryOBS	e:fo:flow:3b89477bda88	flow:3b89477bda88 → host:94.130.10.221 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c9c8bcacffc7072b:host:172.234.197.23:host:172.232.0.16	SESSION-c9c8bcacffc7072b → host:172.234.197.23 → host:172.232.0.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-69ac7334931bf6c1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-69ac7334931bf6c1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.249:asn:262880	host:177.10.233.249 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2338a143c0830527:host:177.10.236.101:host:172.234.197.23	SESSION-2338a143c0830527 → host:177.10.236.101 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b65436b870ef703a:host:172.234.197.23	SESSION-b65436b870ef703a → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:5d47d77cbd8d	flow:5d47d77cbd8d → host:172.234.197.23 → host:131.196.28.137 → port:tcp:49426
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.35:geo_-23.62930_-46.63510	host:131.196.28.35 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:510e35c8d36e:port:tcp:443	flow:510e35c8d36e → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-b0233a0286136dd2:host:177.10.233.141	SESSION-b0233a0286136dd2 → host:177.10.233.141
FLOW_FROM_HOSTOBS	e:from:SESSION-e77738dbb03f9aec:host:177.10.239.4	SESSION-e77738dbb03f9aec → host:177.10.239.4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-280b0d78f93705fd:PCAP:capture_20260430160001:9bfa4498506a	SESSION-280b0d78f93705fd → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.247:geo_-16.28860_-49.01640	host:177.10.239.247 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-464502b3105a6b82:SESSION-464502b3105a6b82	SESSION-464502b3105a6b82 → pe:syn:SESSION-464502b3105a6b82
flow_observed4-aryOBS	e:fo:flow:414c0680932d	flow:414c0680932d → host:172.234.197.23 → host:131.196.30.95 → port:tcp:45411
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-838eea3d6dd669fd:host:131.196.30.92:host:172.234.197.23	SESSION-838eea3d6dd669fd → host:131.196.30.92 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-975059a05a34b0ad:host:172.234.197.23	SESSION-975059a05a34b0ad → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4449fca2fd34af5e:host:172.234.197.23	SESSION-4449fca2fd34af5e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-68031782b8336c69:host:92.118.39.236	SESSION-68031782b8336c69 → host:92.118.39.236
FLOW_DST_PORTOBS	e:fp:flow:332f4fe52ebe:port:tcp:443	flow:332f4fe52ebe → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-e391b214be46ad73:host:172.234.197.23	SESSION-e391b214be46ad73 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96b1ae4f2b433079:host:172.234.197.23	SESSION-96b1ae4f2b433079 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-86b498cacf4afadd:host:172.234.197.23	SESSION-86b498cacf4afadd → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b35aac65e648dac0:host:185.231.226.144:host:172.234.197.23	SESSION-b35aac65e648dac0 → host:185.231.226.144 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5fdb408b0b3dd802:host:172.234.197.23:host:131.196.30.129	SESSION-5fdb408b0b3dd802 → host:172.234.197.23 → host:131.196.30.129
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-16df0786ef84574d:host:172.234.197.23:host:177.10.233.22	SESSION-16df0786ef84574d → host:172.234.197.23 → host:177.10.233.22
FLOW_DST_PORTOBS	e:fp:flow:8a86df2a5d76:port:tcp:443	flow:8a86df2a5d76 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e515946ec2b2292:host:177.10.232.4	SESSION-0e515946ec2b2292 → host:177.10.232.4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.231:asn:271410	host:131.196.28.231 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37c584531b25722b:flow:302afc84d7b6	SESSION-37c584531b25722b → flow:302afc84d7b6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-396da887f3ac73e5:host:177.10.234.171	SESSION-396da887f3ac73e5 → host:177.10.234.171
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.238:asn:262880	host:177.10.238.238 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-265fcf20a19ad440:host:131.196.30.126	SESSION-265fcf20a19ad440 → host:131.196.30.126
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd2e4550d5ebaf09:host:172.234.197.23	SESSION-fd2e4550d5ebaf09 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0229340abc854c0d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0229340abc854c0d → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-711f533390ef220f:SESSION-711f533390ef220f	SESSION-711f533390ef220f → pe:syn:SESSION-711f533390ef220f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dad0ff120323eed1:flow:5124aa46fb06	SESSION-dad0ff120323eed1 → flow:5124aa46fb06
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2a33d29db5091f68:PCAP:capture_20260430090001:065659c7d314	SESSION-2a33d29db5091f68 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aaa8cebb6aaa8760:PCAP:capture_20260430050001:8868731bf8a4	SESSION-aaa8cebb6aaa8760 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b91d700ec898758:host:172.234.197.23	SESSION-4b91d700ec898758 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2996f9b3a522abad:SESSION-2996f9b3a522abad	SESSION-2996f9b3a522abad → pe:syn:SESSION-2996f9b3a522abad
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c7b20ceba4f49bfd:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c7b20ceba4f49bfd → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-051bd0ccc4bec756:SESSION-051bd0ccc4bec756	SESSION-051bd0ccc4bec756 → pe:syn:SESSION-051bd0ccc4bec756
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a865531d109b7c1:host:131.196.28.168	SESSION-4a865531d109b7c1 → host:131.196.28.168
flow_observed5-aryOBS	e:fo:flow:5dc402cfbc94	flow:5dc402cfbc94 → host:177.10.237.89 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-981fac77dd79326b:SESSION-981fac77dd79326b	SESSION-981fac77dd79326b → pe:tls:SESSION-981fac77dd79326b
FLOW_TO_HOSTOBS	e:to:SESSION-10ed4263d8057f18:host:172.234.197.23	SESSION-10ed4263d8057f18 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fecc6fa34e31300b:host:177.10.238.120:host:172.234.197.23	SESSION-fecc6fa34e31300b → host:177.10.238.120 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce53b2931ed237cb:host:131.196.28.88	SESSION-ce53b2931ed237cb → host:131.196.28.88
FLOW_DST_PORTOBS	e:fp:flow:7e6cf50ce9e4:port:tcp:443	flow:7e6cf50ce9e4 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.246:geo_-23.62930_-46.63510	host:131.196.31.246 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:538ae4f9affa:port:tcp:34422	flow:538ae4f9affa → port:tcp:34422
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b679e6887c5a68a:host:172.234.197.23	SESSION-7b679e6887c5a68a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1c0e19c2beda7d84:host:177.10.239.226:host:172.234.197.23	SESSION-1c0e19c2beda7d84 → host:177.10.239.226 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c058dbfcf0ab82c:host:177.10.235.78	SESSION-8c058dbfcf0ab82c → host:177.10.235.78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-378ead2076355bca:host:131.196.28.94	SESSION-378ead2076355bca → host:131.196.28.94
flow_observed5-aryOBS	e:fo:flow:a125a071d169	flow:a125a071d169 → host:177.10.232.4 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-30052afb1f0268ab:flow:61ede21d1dc4	SESSION-30052afb1f0268ab → flow:61ede21d1dc4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-200a4f7a7e5b3996:host:177.10.238.228:host:172.234.197.23	SESSION-200a4f7a7e5b3996 → host:177.10.238.228 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc0003e096ddb203:host:131.196.31.34	SESSION-cc0003e096ddb203 → host:131.196.31.34
FLOW_TO_HOSTOBS	e:to:SESSION-329dd162e3e18437:host:177.10.234.9	SESSION-329dd162e3e18437 → host:177.10.234.9
FLOW_TO_HOSTOBS	e:to:SESSION-6315d280130065c8:host:131.196.31.86	SESSION-6315d280130065c8 → host:131.196.31.86
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-efb89dcd313d4029:host:172.234.197.23:host:131.196.29.43	SESSION-efb89dcd313d4029 → host:172.234.197.23 → host:131.196.29.43
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-92cb25b3a2aea70a:flow:47b8c9445e07	SESSION-92cb25b3a2aea70a → flow:47b8c9445e07
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-83d893adc4ebe669:SESSION-83d893adc4ebe669	SESSION-83d893adc4ebe669 → pe:tls:SESSION-83d893adc4ebe669
flow_observed4-aryOBS	e:fo:flow:38ea79073761	flow:38ea79073761 → host:172.234.197.23 → host:177.10.233.124 → port:tcp:33348
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60dcadff088f62ae:host:177.10.237.10	SESSION-60dcadff088f62ae → host:177.10.237.10
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-c390a73ee41b4c6d:BSG-BEACON-61380c9a629a	SESSION-c390a73ee41b4c6d → BSG-BEACON-61380c9a629a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-86b498cacf4afadd:SESSION-86b498cacf4afadd	SESSION-86b498cacf4afadd → pe:syn:SESSION-86b498cacf4afadd
FLOW_TO_HOSTOBS	e:to:SESSION-cf85e37468f1ff86:host:172.234.197.23	SESSION-cf85e37468f1ff86 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33348e69a2613db6:host:172.234.197.23	SESSION-33348e69a2613db6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-e867c3054a212916:SESSION-e867c3054a212916	SESSION-e867c3054a212916 → pe:rst:SESSION-e867c3054a212916
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9af79ddb47e5c950:host:131.196.31.86:host:172.234.197.23	SESSION-9af79ddb47e5c950 → host:131.196.31.86 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f26dae72fe8e9fa0:SESSION-f26dae72fe8e9fa0	SESSION-f26dae72fe8e9fa0 → pe:syn:SESSION-f26dae72fe8e9fa0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-079c82b45cfad420:SESSION-079c82b45cfad420	SESSION-079c82b45cfad420 → pe:syn:SESSION-079c82b45cfad420
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e39b76c4ba6c4cf6:host:177.10.232.69	SESSION-e39b76c4ba6c4cf6 → host:177.10.232.69
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.119:geo_-16.28860_-49.01640	host:177.10.233.119 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-605cf9d10467f8d3:SESSION-605cf9d10467f8d3	SESSION-605cf9d10467f8d3 → pe:tls:SESSION-605cf9d10467f8d3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ab980d26fa84a5e:host:177.10.234.87	SESSION-9ab980d26fa84a5e → host:177.10.234.87
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8c94fcea26d4cb3:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-c8c94fcea26d4cb3 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cac3103b39cc2b1a:host:172.234.197.23	SESSION-cac3103b39cc2b1a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a418060e7d2d204b:SESSION-a418060e7d2d204b	SESSION-a418060e7d2d204b → pe:tls:SESSION-a418060e7d2d204b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9e0f3ba046c015f:host:131.196.30.183	SESSION-a9e0f3ba046c015f → host:131.196.30.183
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-691bf265b7044ac7:host:172.234.197.23:host:177.10.234.6	SESSION-691bf265b7044ac7 → host:172.234.197.23 → host:177.10.234.6
flow_observed5-aryOBS	e:fo:flow:6ffd15e339d9	flow:6ffd15e339d9 → host:177.10.236.218 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:13647d1a55ac:port:tcp:56668	flow:13647d1a55ac → port:tcp:56668
HOST_IN_ASNOBS 85%	e:ha:host:54.87.95.7:asn:14618	host:54.87.95.7 → asn:14618
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b3b10ff846570e8:host:172.234.197.23	SESSION-5b3b10ff846570e8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c83e078f141652ea:host:131.196.30.107	SESSION-c83e078f141652ea → host:131.196.30.107
FLOW_TO_HOSTOBS	e:to:SESSION-75cb9fe69e287da9:host:172.234.197.23	SESSION-75cb9fe69e287da9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-21b975753a100632:SESSION-21b975753a100632	SESSION-21b975753a100632 → pe:syn:SESSION-21b975753a100632
FLOW_DST_PORTOBS	e:fp:flow:69043b5c7039:port:tcp:443	flow:69043b5c7039 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.145:geo_-16.28860_-49.01640	host:177.10.238.145 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3a0847605e0d04e:host:172.234.197.23	SESSION-e3a0847605e0d04e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-09c97c2e7f8ca5a6:SESSION-09c97c2e7f8ca5a6	SESSION-09c97c2e7f8ca5a6 → pe:syn:SESSION-09c97c2e7f8ca5a6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-63d746c5afa978f6:host:177.10.232.60:host:172.234.197.23	SESSION-63d746c5afa978f6 → host:177.10.232.60 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-61edd9328a7eff0d:flow:c1f401a82a26	SESSION-61edd9328a7eff0d → flow:c1f401a82a26
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.223:geo_-21.10010_-41.69200	host:45.173.156.223 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a519ad2ae4c53179:SESSION-a519ad2ae4c53179	SESSION-a519ad2ae4c53179 → pe:tls:SESSION-a519ad2ae4c53179
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.154:asn:262880	host:177.10.236.154 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-848626bce2ee7b76:SESSION-848626bce2ee7b76	SESSION-848626bce2ee7b76 → pe:syn:SESSION-848626bce2ee7b76
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-81a82597e7e06ed6:host:172.234.197.23:host:177.10.234.140	SESSION-81a82597e7e06ed6 → host:172.234.197.23 → host:177.10.234.140
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3afd88a73e32b466:SESSION-3afd88a73e32b466	SESSION-3afd88a73e32b466 → pe:tls:SESSION-3afd88a73e32b466
FLOW_TO_HOSTOBS	e:to:SESSION-0dad0a06445f9e1f:host:172.234.197.23	SESSION-0dad0a06445f9e1f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c70bd35e108ab91c:PCAP:capture_20260430110001:43611bdf6759	SESSION-c70bd35e108ab91c → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5dccafc7307f6ac:SESSION-b5dccafc7307f6ac	SESSION-b5dccafc7307f6ac → pe:syn:SESSION-b5dccafc7307f6ac
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.32:geo_-16.28860_-49.01640	host:177.10.232.32 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:b4e15c624c90:port:tcp:22	flow:b4e15c624c90 → port:tcp:22
FLOW_TO_HOSTOBS	e:to:SESSION-4f003e7e66ba8f79:host:172.234.197.23	SESSION-4f003e7e66ba8f79 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1f003ce3fae962ee:SESSION-1f003ce3fae962ee	SESSION-1f003ce3fae962ee → pe:tls:SESSION-1f003ce3fae962ee
FLOW_DST_PORTOBS	e:fp:flow:d52ad61ff8bd:port:tcp:443	flow:d52ad61ff8bd → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-a1d16880e0846180:host:172.234.197.23	SESSION-a1d16880e0846180 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4cc664d616fce9d7:host:172.234.197.23	SESSION-4cc664d616fce9d7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bfe3e48aa982c746:host:177.10.237.169	SESSION-bfe3e48aa982c746 → host:177.10.237.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ae8076186321ef8:host:172.234.197.23	SESSION-8ae8076186321ef8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f033dc8b343a68ab:host:172.234.197.23	SESSION-f033dc8b343a68ab → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-56e8cb1a5e296d06:flow:c3397980d6ec	SESSION-56e8cb1a5e296d06 → flow:c3397980d6ec
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-61aa57a35ec0da02:host:172.234.197.23:host:177.10.236.22	SESSION-61aa57a35ec0da02 → host:172.234.197.23 → host:177.10.236.22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e4e6682786f65470:host:172.234.197.23	SESSION-e4e6682786f65470 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76fc6cf591b9ed20:host:177.10.235.15	SESSION-76fc6cf591b9ed20 → host:177.10.235.15
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2a34ec08b35e90b0:PCAP:capture_20260430110001:43611bdf6759	SESSION-2a34ec08b35e90b0 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b9f10142199cea9c:host:131.196.31.42:host:172.234.197.23	SESSION-b9f10142199cea9c → host:131.196.31.42 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-82fb3096076edb8c:SESSION-82fb3096076edb8c	SESSION-82fb3096076edb8c → pe:tls:SESSION-82fb3096076edb8c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.108:geo_-16.28860_-49.01640	host:177.10.236.108 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.90:geo_-21.10010_-41.69200	host:45.173.156.90 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dc755b03d1f3f489:host:131.196.29.156:host:172.234.197.23	SESSION-dc755b03d1f3f489 → host:131.196.29.156 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-878a5ce24b3ea2a6:host:140.179.228.29	SESSION-878a5ce24b3ea2a6 → host:140.179.228.29
flow_observed5-aryOBS	e:fo:flow:555248b9d27b	flow:555248b9d27b → host:131.196.29.16 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7640c6607dc14992:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7640c6607dc14992 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:794db97b6d69:port:tcp:443	flow:794db97b6d69 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:c1e4966ad61f:port:tcp:443	flow:c1e4966ad61f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f8ffffed45ee6ab8:SESSION-f8ffffed45ee6ab8	SESSION-f8ffffed45ee6ab8 → pe:tls:SESSION-f8ffffed45ee6ab8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7c506d9600407809:flow:4cb1cab3440e	SESSION-7c506d9600407809 → flow:4cb1cab3440e
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.14:asn:271410	host:131.196.31.14 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-97a6ca320e2242f6:flow:35814e59c9a8	SESSION-97a6ca320e2242f6 → flow:35814e59c9a8
FLOW_DST_PORTOBS	e:fp:flow:ba9d53194809:port:tcp:443	flow:ba9d53194809 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aecaf39909333efc:host:172.234.197.23	SESSION-aecaf39909333efc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8b3f73c59938d0a7:host:177.10.237.74	SESSION-8b3f73c59938d0a7 → host:177.10.237.74
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-49c1d2d9ba1746da:SESSION-49c1d2d9ba1746da	SESSION-49c1d2d9ba1746da → pe:syn:SESSION-49c1d2d9ba1746da
FLOW_DST_PORTOBS	e:fp:flow:666b02f57941:port:tcp:24667	flow:666b02f57941 → port:tcp:24667
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4dd5260308cf6ea:host:172.234.197.23	SESSION-c4dd5260308cf6ea → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f26dae72fe8e9fa0:PCAP:capture_20260430150001:ded20914761d	SESSION-f26dae72fe8e9fa0 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b81fa97d99ce77b6:SESSION-b81fa97d99ce77b6	SESSION-b81fa97d99ce77b6 → pe:tls:SESSION-b81fa97d99ce77b6
FLOW_DST_PORTOBS	e:fp:flow:94234c463c5b:port:tcp:62553	flow:94234c463c5b → port:tcp:62553
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f3651e68c2556a1c:flow:1a765a6c1e1b	SESSION-f3651e68c2556a1c → flow:1a765a6c1e1b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb243e65e2b1808d:host:172.234.197.23	SESSION-eb243e65e2b1808d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d9b13ac4e6d83a5e:SESSION-d9b13ac4e6d83a5e	SESSION-d9b13ac4e6d83a5e → pe:syn:SESSION-d9b13ac4e6d83a5e
FLOW_TO_HOSTOBS	e:to:SESSION-164cf6eccbbca478:host:172.234.197.23	SESSION-164cf6eccbbca478 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f3d13cea2cf7dcee:flow:15998bf30ce3	SESSION-f3d13cea2cf7dcee → flow:15998bf30ce3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.195:geo_-16.28860_-49.01640	host:177.10.238.195 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:f48dcc936eed	flow:f48dcc936eed → host:177.10.234.199 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a4f6dd7436745b4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4a4f6dd7436745b4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-846d654fbba579ab:flow:29ba545d482d	SESSION-846d654fbba579ab → flow:29ba545d482d
FLOW_TO_HOSTOBS	e:to:SESSION-98083f958ccf36d4:host:172.234.197.23	SESSION-98083f958ccf36d4 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5cd8c64c176c	flow:5cd8c64c176c → host:177.10.235.233 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dc085f76ab1a4e2b:SESSION-dc085f76ab1a4e2b	SESSION-dc085f76ab1a4e2b → pe:tls:SESSION-dc085f76ab1a4e2b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-619cd2820aafdf33:SESSION-619cd2820aafdf33	SESSION-619cd2820aafdf33 → pe:syn:SESSION-619cd2820aafdf33
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b47e385ca946fd94:PCAP:capture_20260430090001:065659c7d314	SESSION-b47e385ca946fd94 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-b2b0ee493ee38385:host:172.234.197.23	SESSION-b2b0ee493ee38385 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ffbb13e97116fd4:PCAP:capture_20260430060001:919b39a74464	SESSION-6ffbb13e97116fd4 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0414bb340c93930b:host:177.10.234.93:host:172.234.197.23	SESSION-0414bb340c93930b → host:177.10.234.93 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-610b47e21d599964:SESSION-610b47e21d599964	SESSION-610b47e21d599964 → pe:syn:SESSION-610b47e21d599964
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1110d6d36f6ebd42:host:131.196.31.180	SESSION-1110d6d36f6ebd42 → host:131.196.31.180
FLOW_DST_PORTOBS	e:fp:flow:e4fb1419a413:port:tcp:443	flow:e4fb1419a413 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e2edb47571c4ed35:flow:0234d60caf47	SESSION-e2edb47571c4ed35 → flow:0234d60caf47
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dca9298136f0125a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-dca9298136f0125a → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-aa7ff8c6e8f0ef9e:host:131.196.28.39	SESSION-aa7ff8c6e8f0ef9e → host:131.196.28.39
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8684436ffb4e26c7:SESSION-8684436ffb4e26c7	SESSION-8684436ffb4e26c7 → pe:syn:SESSION-8684436ffb4e26c7
FLOW_DST_PORTOBS	e:fp:flow:6bb8c928d4ad:port:tcp:443	flow:6bb8c928d4ad → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4c33b44718448cc2:SESSION-4c33b44718448cc2	SESSION-4c33b44718448cc2 → pe:syn:SESSION-4c33b44718448cc2
flow_observed5-aryOBS	e:fo:flow:846c12dfcaad	flow:846c12dfcaad → host:177.10.236.33 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cf2d710eb7a0f34a:SESSION-cf2d710eb7a0f34a	SESSION-cf2d710eb7a0f34a → pe:syn:SESSION-cf2d710eb7a0f34a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.255:asn:262880	host:177.10.236.255 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3094c6d527f665e9:host:45.173.156.207:host:172.234.197.23	SESSION-3094c6d527f665e9 → host:45.173.156.207 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-608f057a6e6e376d:host:172.234.197.23	SESSION-608f057a6e6e376d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4f536e99c9cc:port:tcp:443	flow:4f536e99c9cc → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.232:asn:262880	host:177.10.238.232 → asn:262880
flow_observed5-aryOBS	e:fo:flow:85d6ec4465fb	flow:85d6ec4465fb → host:177.10.234.46 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:3beae65c4960	flow:3beae65c4960 → host:177.10.233.246 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-e0a730d87d8b98f3:host:172.234.197.23	SESSION-e0a730d87d8b98f3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1699a282bb5af583:host:177.10.234.29:host:172.234.197.23	SESSION-1699a282bb5af583 → host:177.10.234.29 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:194.164.107.6:geo_37.75100_-97.82200	host:194.164.107.6 → geo_37.75100_-97.82200
FLOW_FROM_HOSTOBS	e:from:SESSION-381a570e386b12a2:host:177.10.235.1	SESSION-381a570e386b12a2 → host:177.10.235.1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c89e102c8b8b6c97:PCAP:capture_20260430060001:919b39a74464	SESSION-c89e102c8b8b6c97 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf8660b1b7ea6f50:flow:df5a8f8b6956	SESSION-bf8660b1b7ea6f50 → flow:df5a8f8b6956
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5498d903f3b2d41:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b5498d903f3b2d41 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1fc279480f80cfd1:flow:2b1ca5b244f0	SESSION-1fc279480f80cfd1 → flow:2b1ca5b244f0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-037b6464dda97429:host:172.234.197.23	SESSION-037b6464dda97429 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7ad60f3efcde14b7:host:177.10.236.10	SESSION-7ad60f3efcde14b7 → host:177.10.236.10
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a16442ff0a72733c:PCAP:capture_20260430150001:ded20914761d	SESSION-a16442ff0a72733c → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e220c81ec884c58:host:172.234.197.23	SESSION-5e220c81ec884c58 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d4992d20c4573840:host:94.130.10.221	SESSION-d4992d20c4573840 → host:94.130.10.221
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3f9c5288639cc167:SESSION-3f9c5288639cc167	SESSION-3f9c5288639cc167 → pe:tls:SESSION-3f9c5288639cc167
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8dff22511e3d5727:flow:554ec8997792	SESSION-8dff22511e3d5727 → flow:554ec8997792
FLOW_DST_PORTOBS	e:fp:flow:16cd2c37ea7f:port:tcp:443	flow:16cd2c37ea7f → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:a9f0ade491b8:port:tcp:58354	flow:a9f0ade491b8 → port:tcp:58354
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2b9c1bf42f4683a2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2b9c1bf42f4683a2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:9f86f8fda089	flow:9f86f8fda089 → host:177.10.238.209 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.8:geo_-21.10010_-41.69200	host:45.173.156.8 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:5604757aa9e4:port:tcp:65032	flow:5604757aa9e4 → port:tcp:65032
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-256da911109eccd4:host:172.234.197.23	SESSION-256da911109eccd4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-34efc230578c0ec6:SESSION-34efc230578c0ec6	SESSION-34efc230578c0ec6 → pe:syn:SESSION-34efc230578c0ec6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.203:geo_-23.62930_-46.63510	host:131.196.30.203 → geo_-23.62930_-46.63510
flow_observed4-aryOBS	e:fo:flow:cd4fb4934a84	flow:cd4fb4934a84 → host:172.234.197.23 → host:177.10.232.34 → port:tcp:6228
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-316a629875744009:flow:d1beb07c9216	SESSION-316a629875744009 → flow:d1beb07c9216
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0f2cdff3ab49e1a1:host:172.234.197.23:host:177.10.234.160	SESSION-0f2cdff3ab49e1a1 → host:172.234.197.23 → host:177.10.234.160
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.39:asn:262880	host:177.10.233.39 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-51bab49b2715dbc9:host:172.234.197.23	SESSION-51bab49b2715dbc9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-531f1f169db2954c:host:131.196.31.180	SESSION-531f1f169db2954c → host:131.196.31.180
FLOW_TO_HOSTOBS	e:to:SESSION-8a1214f59f834d98:host:172.234.197.23	SESSION-8a1214f59f834d98 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-77d6ed106817bb5a:host:172.234.197.23	SESSION-77d6ed106817bb5a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.25:geo_-16.28860_-49.01640	host:177.10.238.25 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:d78c19afef86	flow:d78c19afef86 → host:177.10.235.51 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:a6bdf7255a92:port:tcp:443	flow:a6bdf7255a92 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83dd76c193cbd2e0:host:51.210.99.95	SESSION-83dd76c193cbd2e0 → host:51.210.99.95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cbc08c1422c92ccf:SESSION-cbc08c1422c92ccf	SESSION-cbc08c1422c92ccf → pe:tls:SESSION-cbc08c1422c92ccf
FLOW_FROM_HOSTOBS	e:from:SESSION-38a436ec3884f938:host:172.234.197.23	SESSION-38a436ec3884f938 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-788920b93ac95b5f:host:131.196.30.164	SESSION-788920b93ac95b5f → host:131.196.30.164
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-88ff33eaa18cf09d:PCAP:capture_20260430110001:43611bdf6759	SESSION-88ff33eaa18cf09d → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd8a89b380cdaceb:host:177.10.236.116	SESSION-dd8a89b380cdaceb → host:177.10.236.116
flow_observed5-aryOBS	e:fo:flow:143027392511	flow:143027392511 → host:177.10.238.193 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-56fe4753b2794494:PCAP:capture_20260430110001:43611bdf6759	SESSION-56fe4753b2794494 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-02deb29800889c11:SESSION-02deb29800889c11	SESSION-02deb29800889c11 → pe:syn:SESSION-02deb29800889c11
FLOW_TO_HOSTOBS	e:to:SESSION-c0b0070ff484a299:host:172.234.197.23	SESSION-c0b0070ff484a299 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e62c7e5ed36c3850:host:177.10.236.232:host:172.234.197.23	SESSION-e62c7e5ed36c3850 → host:177.10.236.232 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-181666d0ed9d45b8:host:45.173.156.38	SESSION-181666d0ed9d45b8 → host:45.173.156.38
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77b68b84e12bfaab:SESSION-77b68b84e12bfaab	SESSION-77b68b84e12bfaab → pe:syn:SESSION-77b68b84e12bfaab
FLOW_FROM_HOSTOBS	e:from:SESSION-ea9e167400c380e9:host:177.10.236.60	SESSION-ea9e167400c380e9 → host:177.10.236.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2289078120ff48cc:host:177.10.237.90	SESSION-2289078120ff48cc → host:177.10.237.90
FLOW_FROM_HOSTOBS	e:from:SESSION-328591b09b0655cf:host:177.10.233.76	SESSION-328591b09b0655cf → host:177.10.233.76
flow_observed5-aryOBS	e:fo:flow:c977f56fc361	flow:c977f56fc361 → host:177.10.238.69 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1bd78fd10af70dea:SESSION-1bd78fd10af70dea	SESSION-1bd78fd10af70dea → pe:syn:SESSION-1bd78fd10af70dea
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-edebc7da73e26840:host:131.196.30.245	SESSION-edebc7da73e26840 → host:131.196.30.245
FLOW_DST_PORTOBS	e:fp:flow:8720474b83a3:port:tcp:443	flow:8720474b83a3 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-915c694a7f41c8e3:host:45.173.156.200	SESSION-915c694a7f41c8e3 → host:45.173.156.200
FLOW_DST_PORTOBS	e:fp:flow:fdd3c5ca2c21:port:tcp:443	flow:fdd3c5ca2c21 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.238:asn:271410	host:131.196.28.238 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96d412735d478f25:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-96d412735d478f25 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db946f3602afd068:host:172.234.197.23:host:177.10.237.192	SESSION-db946f3602afd068 → host:172.234.197.23 → host:177.10.237.192
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:64.237.250.51:geo_18.40380_-66.14930	host:64.237.250.51 → geo_18.40380_-66.14930
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.98:asn:262880	host:177.10.234.98 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff9ef052366910da:host:177.10.234.107	SESSION-ff9ef052366910da → host:177.10.234.107
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ded52056067d22b2:flow:3f8c718ef8ea	SESSION-ded52056067d22b2 → flow:3f8c718ef8ea
flow_observed5-aryOBS	e:fo:flow:b73ed0c140e0	flow:b73ed0c140e0 → host:177.10.232.22 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1b69502656f28818:host:172.234.197.23:host:92.118.39.236	SESSION-1b69502656f28818 → host:172.234.197.23 → host:92.118.39.236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eb40f64797e3fe16:SESSION-eb40f64797e3fe16	SESSION-eb40f64797e3fe16 → pe:tls:SESSION-eb40f64797e3fe16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5adf4423481534a6:SESSION-5adf4423481534a6	SESSION-5adf4423481534a6 → pe:syn:SESSION-5adf4423481534a6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40dbede277a2e1b2:host:172.234.197.23	SESSION-40dbede277a2e1b2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-d4e339b9f879a911:SESSION-d4e339b9f879a911	SESSION-d4e339b9f879a911 → pe:rst:SESSION-d4e339b9f879a911
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-669a514c7e7ceed8:SESSION-669a514c7e7ceed8	SESSION-669a514c7e7ceed8 → pe:syn:SESSION-669a514c7e7ceed8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-597a035229423245:SESSION-597a035229423245	SESSION-597a035229423245 → pe:syn:SESSION-597a035229423245
FLOW_FROM_HOSTOBS	e:from:SESSION-6354b0819147ed1d:host:172.234.197.23	SESSION-6354b0819147ed1d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bef08b3c32a1c401:host:177.10.234.108	SESSION-bef08b3c32a1c401 → host:177.10.234.108
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1446b81625870ef0:host:13.208.161.175	SESSION-1446b81625870ef0 → host:13.208.161.175
flow_observed5-aryOBS	e:fo:flow:00b03f759fbf	flow:00b03f759fbf → host:131.196.29.151 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:bdeee83a5aec:port:tcp:443	flow:bdeee83a5aec → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1d45ffa0c695899f:SESSION-1d45ffa0c695899f	SESSION-1d45ffa0c695899f → pe:syn:SESSION-1d45ffa0c695899f
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.85:asn:271410	host:131.196.29.85 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27131bb9b9feeb52:host:172.234.197.23	SESSION-27131bb9b9feeb52 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:960047891931	flow:960047891931 → host:177.10.234.250 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:02e2964d437d	flow:02e2964d437d → host:131.196.31.190 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3c812f2a31a60fc9:host:177.10.237.202:host:172.234.197.23	SESSION-3c812f2a31a60fc9 → host:177.10.237.202 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.74:asn:271410	host:131.196.29.74 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:e2840bae4bd6:port:tcp:443	flow:e2840bae4bd6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4fdea987cb08476:host:172.234.197.23	SESSION-a4fdea987cb08476 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a9c12f6159b9a7a1:host:172.234.197.23	SESSION-a9c12f6159b9a7a1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-797ddf76fc257ebf:PCAP:capture_20260430110001:43611bdf6759	SESSION-797ddf76fc257ebf → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cdf732629d327c4c:host:92.112.71.52	SESSION-cdf732629d327c4c → host:92.112.71.52
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d96c6feac6dadd94:host:177.10.233.115	SESSION-d96c6feac6dadd94 → host:177.10.233.115
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-098ed7054a17b347:flow:fac7861925ae	SESSION-098ed7054a17b347 → flow:fac7861925ae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c9eb08591878d33c:SESSION-c9eb08591878d33c	SESSION-c9eb08591878d33c → pe:syn:SESSION-c9eb08591878d33c
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-c8ab658d53a1eebd:BSG-BEACON-88937f81db51	SESSION-c8ab658d53a1eebd → BSG-BEACON-88937f81db51
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6965561db8b52827:flow:a922f04f1e60	SESSION-6965561db8b52827 → flow:a922f04f1e60
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e5490e36eb363059:flow:10d5d6d2cffc	SESSION-e5490e36eb363059 → flow:10d5d6d2cffc
flow_observed4-aryOBS	e:fo:flow:9e585f997a3c	flow:9e585f997a3c → host:172.234.197.23 → host:80.94.92.186 → port:tcp:42888
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4117bfae8d393f9c:host:172.234.197.23:host:177.10.238.189	SESSION-4117bfae8d393f9c → host:172.234.197.23 → host:177.10.238.189
FLOW_TO_HOSTOBS	e:to:SESSION-2604bc3e94e22829:host:172.232.0.16	SESSION-2604bc3e94e22829 → host:172.232.0.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-32551388ee5c6c20:PCAP:capture_20260430070001:903a0e7a436b	SESSION-32551388ee5c6c20 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5d8922fd6595a71f:host:177.10.238.42:host:172.234.197.23	SESSION-5d8922fd6595a71f → host:177.10.238.42 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d484f7132ed0	flow:d484f7132ed0 → host:177.10.234.66 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6d1acf39452c448:host:131.196.30.31	SESSION-a6d1acf39452c448 → host:131.196.30.31
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-27d1e1e2170d683a:SESSION-27d1e1e2170d683a	SESSION-27d1e1e2170d683a → pe:syn:SESSION-27d1e1e2170d683a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.29:geo_-23.62930_-46.63510	host:131.196.29.29 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:472d13218b35	flow:472d13218b35 → host:177.10.232.4 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc58620ced71d747:host:131.196.29.192	SESSION-cc58620ced71d747 → host:131.196.29.192
FLOW_FROM_HOSTOBS	e:from:SESSION-d42f41260fbe7c09:host:172.234.197.23	SESSION-d42f41260fbe7c09 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38a9f2b2580a8fb5:host:131.196.30.12	SESSION-38a9f2b2580a8fb5 → host:131.196.30.12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1191ea69c7b9e8e5:SESSION-1191ea69c7b9e8e5	SESSION-1191ea69c7b9e8e5 → pe:syn:SESSION-1191ea69c7b9e8e5
FLOW_DST_PORTOBS	e:fp:flow:933c44fe1b6d:port:tcp:443	flow:933c44fe1b6d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3ea9485b82ac2233:SESSION-3ea9485b82ac2233	SESSION-3ea9485b82ac2233 → pe:tls:SESSION-3ea9485b82ac2233
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e4bb5568f0e725a3:flow:ea6dafd9e19b	SESSION-e4bb5568f0e725a3 → flow:ea6dafd9e19b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fa65fdb17829700:host:172.234.197.23	SESSION-3fa65fdb17829700 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa7ff8c6e8f0ef9e:host:172.234.197.23	SESSION-aa7ff8c6e8f0ef9e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94594005437ae120:host:177.10.237.155	SESSION-94594005437ae120 → host:177.10.237.155
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b58dfbdc72ba0e86:SESSION-b58dfbdc72ba0e86	SESSION-b58dfbdc72ba0e86 → pe:tls:SESSION-b58dfbdc72ba0e86
flow_observed5-aryOBS	e:fo:flow:3a5d21cafa01	flow:3a5d21cafa01 → host:131.196.28.60 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.130:asn:271410	host:131.196.28.130 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e076f857aa349ed0:host:177.10.239.8:host:172.234.197.23	SESSION-e076f857aa349ed0 → host:177.10.239.8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-017fcd2c03e3a5c1:host:131.196.28.89	SESSION-017fcd2c03e3a5c1 → host:131.196.28.89
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-16f8bda1e1d11332:SESSION-16f8bda1e1d11332	SESSION-16f8bda1e1d11332 → pe:syn:SESSION-16f8bda1e1d11332
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.12:geo_-23.62930_-46.63510	host:131.196.29.12 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-da15c25f39b20c68:flow:215b11605fcc	SESSION-da15c25f39b20c68 → flow:215b11605fcc
FLOW_TO_HOSTOBS	e:to:SESSION-380f5751cd3ba7da:host:131.196.28.221	SESSION-380f5751cd3ba7da → host:131.196.28.221
FLOW_TO_HOSTOBS	e:to:SESSION-7aa70a6d3547ceb7:host:45.173.156.92	SESSION-7aa70a6d3547ceb7 → host:45.173.156.92
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f1de6d316dd7305f:host:172.234.197.23	SESSION-f1de6d316dd7305f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e09e8a3cbea3c18a:host:177.10.232.210	SESSION-e09e8a3cbea3c18a → host:177.10.232.210
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-662271688fa2b491:host:172.234.197.23	SESSION-662271688fa2b491 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7047b0effd77	flow:7047b0effd77 → host:131.196.30.37 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:39b0cee06cef:port:tcp:443	flow:39b0cee06cef → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.202:geo_-23.62930_-46.63510	host:131.196.28.202 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c83c0a366733c9bb:host:177.10.238.116:host:172.234.197.23	SESSION-c83c0a366733c9bb → host:177.10.238.116 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5e80661c10e8e6e7:flow:53c66bd2b455	SESSION-5e80661c10e8e6e7 → flow:53c66bd2b455
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e529f6ef28aca515:SESSION-e529f6ef28aca515	SESSION-e529f6ef28aca515 → pe:syn:SESSION-e529f6ef28aca515
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec86a4c74825774a:host:131.196.31.63	SESSION-ec86a4c74825774a → host:131.196.31.63
FLOW_DST_PORTOBS	e:fp:flow:acbb8fcdb057:port:tcp:443	flow:acbb8fcdb057 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b30f6f845792a67e:SESSION-b30f6f845792a67e	SESSION-b30f6f845792a67e → pe:tls:SESSION-b30f6f845792a67e
flow_observed5-aryOBS	e:fo:flow:70d1374f7732	flow:70d1374f7732 → host:177.10.237.88 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-14d517e62aef6020:SESSION-14d517e62aef6020	SESSION-14d517e62aef6020 → pe:rst:SESSION-14d517e62aef6020
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3edcc633e4f5b2c:host:172.234.197.23	SESSION-b3edcc633e4f5b2c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bf36cee0aa989ce3:host:177.10.236.141	SESSION-bf36cee0aa989ce3 → host:177.10.236.141
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d9fdfee14b0ac469:flow:d599caa8fe55	SESSION-d9fdfee14b0ac469 → flow:d599caa8fe55
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0bc55e1159bab546:host:172.234.197.23	SESSION-0bc55e1159bab546 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bc308b17bca42662:PCAP:capture_20260430160001:9bfa4498506a	SESSION-bc308b17bca42662 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-08b25d9f54ecadf2:SESSION-08b25d9f54ecadf2	SESSION-08b25d9f54ecadf2 → pe:tls:SESSION-08b25d9f54ecadf2
FLOW_TO_HOSTOBS	e:to:SESSION-e673f566483c0ed3:host:131.196.28.7	SESSION-e673f566483c0ed3 → host:131.196.28.7
FLOW_TO_HOSTOBS	e:to:SESSION-ae5500b1626fa45f:host:172.234.197.23	SESSION-ae5500b1626fa45f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a9343604177341c5:host:177.10.234.251	SESSION-a9343604177341c5 → host:177.10.234.251
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-420c45d015462611:flow:37a8c8cbb511	SESSION-420c45d015462611 → flow:37a8c8cbb511
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-79f857f82eac6daa:PCAP:capture_20260430060001:919b39a74464	SESSION-79f857f82eac6daa → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-456e62c8b4b103dc:host:177.10.235.46	SESSION-456e62c8b4b103dc → host:177.10.235.46
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-091d255d08b85143:PCAP:capture_20260427210001:f654efae4e3b	SESSION-091d255d08b85143 → PCAP:capture_20260427210001:f654efae4e3b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.208:geo_-23.62930_-46.63510	host:131.196.28.208 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-835226e6e5119935:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-835226e6e5119935 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f718644b6283d05d:SESSION-f718644b6283d05d	SESSION-f718644b6283d05d → pe:tls:SESSION-f718644b6283d05d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4c9278fb58fb6165:flow:475a10e825a7	SESSION-4c9278fb58fb6165 → flow:475a10e825a7
FLOW_DST_PORTOBS	e:fp:flow:eafdc5cc4f89:port:tcp:443	flow:eafdc5cc4f89 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-ead4b2d62c5ebfd2:host:172.234.197.23	SESSION-ead4b2d62c5ebfd2 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.85:asn:262880	host:177.10.235.85 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85172baad8a91878:flow:29fb0c6ad658	SESSION-85172baad8a91878 → flow:29fb0c6ad658
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9866420dbc5d2da0:PCAP:capture_20260430060001:919b39a74464	SESSION-9866420dbc5d2da0 → PCAP:capture_20260430060001:919b39a74464
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.228:geo_-16.28860_-49.01640	host:177.10.235.228 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4289737814dbd64:SESSION-c4289737814dbd64	SESSION-c4289737814dbd64 → pe:syn:SESSION-c4289737814dbd64
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6010f1ab3b1ee9c7:flow:72830d708a5c	SESSION-6010f1ab3b1ee9c7 → flow:72830d708a5c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9e896271e9295df4:SESSION-9e896271e9295df4	SESSION-9e896271e9295df4 → pe:syn:SESSION-9e896271e9295df4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e6b70cce2b53886b:host:172.234.197.23:host:177.10.239.224	SESSION-e6b70cce2b53886b → host:172.234.197.23 → host:177.10.239.224
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-022fbc52c5dbb7ff:host:177.10.237.180	SESSION-022fbc52c5dbb7ff → host:177.10.237.180
flow_observed5-aryOBS	e:fo:flow:b4c30fbfab23	flow:b4c30fbfab23 → host:131.196.29.113 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:9a60b6d3f633	flow:9a60b6d3f633 → host:172.234.197.23 → host:177.10.234.38 → port:tcp:47356
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4cd4ae8706680eb9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4cd4ae8706680eb9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a47ed447671c9b0b:host:131.196.31.68	SESSION-a47ed447671c9b0b → host:131.196.31.68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ea9485b82ac2233:host:172.234.197.23	SESSION-3ea9485b82ac2233 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.208:geo_-16.28860_-49.01640	host:177.10.233.208 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6f3d2670453324e:host:177.10.237.24	SESSION-e6f3d2670453324e → host:177.10.237.24
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be1454a9d7b7f3ce:host:172.234.197.23	SESSION-be1454a9d7b7f3ce → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fce80bc522afcc8b:host:177.10.232.63	SESSION-fce80bc522afcc8b → host:177.10.232.63
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7f350449fc7d11b3:SESSION-7f350449fc7d11b3	SESSION-7f350449fc7d11b3 → pe:syn:SESSION-7f350449fc7d11b3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-83168514d84031f4:PCAP:capture_20260430060001:919b39a74464	SESSION-83168514d84031f4 → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:87d7f7a0051b	flow:87d7f7a0051b → host:131.196.29.101 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:670370fbcdf2:port:tcp:15482	flow:670370fbcdf2 → port:tcp:15482
FLOW_DST_PORTOBS	e:fp:flow:342afbe20bfa:port:udp:53	flow:342afbe20bfa → port:udp:53
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-43a6565d7143b8ab:flow:6a72c1d938dd	SESSION-43a6565d7143b8ab → flow:6a72c1d938dd
FLOW_DST_PORTOBS	e:fp:flow:562b1afc797f:port:tcp:17317	flow:562b1afc797f → port:tcp:17317
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.34:geo_-23.62930_-46.63510	host:131.196.28.34 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a2e73cad916b1394:SESSION-a2e73cad916b1394	SESSION-a2e73cad916b1394 → pe:tls:SESSION-a2e73cad916b1394
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b947f5515d64f3f8:host:177.10.239.139:host:172.234.197.23	SESSION-b947f5515d64f3f8 → host:177.10.239.139 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7d9537ea92aed5d6:host:172.234.197.23	SESSION-7d9537ea92aed5d6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e7c834c7664f83e9:host:177.10.233.146:host:172.234.197.23	SESSION-e7c834c7664f83e9 → host:177.10.233.146 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-dd9f2ee14ec6ee20:host:172.234.197.23	SESSION-dd9f2ee14ec6ee20 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dfde0f74dbe81c3a:SESSION-dfde0f74dbe81c3a	SESSION-dfde0f74dbe81c3a → pe:syn:SESSION-dfde0f74dbe81c3a
FLOW_DST_PORTOBS	e:fp:flow:7c9b7348287d:port:tcp:443	flow:7c9b7348287d → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-970108b06912c1b7:host:177.10.234.231	SESSION-970108b06912c1b7 → host:177.10.234.231
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-17dd55091d27669a:SESSION-17dd55091d27669a	SESSION-17dd55091d27669a → pe:dns:SESSION-17dd55091d27669a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3a99ef89e8b00159:flow:1bc0a9c309a5	SESSION-3a99ef89e8b00159 → flow:1bc0a9c309a5
FLOW_FROM_HOSTOBS	e:from:SESSION-331f26717743f7bf:host:131.196.28.246	SESSION-331f26717743f7bf → host:131.196.28.246
FLOW_DST_PORTOBS	e:fp:flow:88d7422db9bf:port:tcp:443	flow:88d7422db9bf → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7b89a1b1f5399599:SESSION-7b89a1b1f5399599	SESSION-7b89a1b1f5399599 → pe:syn:SESSION-7b89a1b1f5399599
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b4ed0c7009b8f0d4:flow:7d9d5519e958	SESSION-b4ed0c7009b8f0d4 → flow:7d9d5519e958
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-937317105ded9efa:PCAP:capture_20260430050001:8868731bf8a4	SESSION-937317105ded9efa → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4af9ea8e19c0cf86:SESSION-4af9ea8e19c0cf86	SESSION-4af9ea8e19c0cf86 → pe:tls:SESSION-4af9ea8e19c0cf86
FLOW_DST_PORTOBS	e:fp:flow:28c8d053b614:port:tcp:443	flow:28c8d053b614 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e50198195b1abda9:host:172.234.197.23:host:131.196.30.145	SESSION-e50198195b1abda9 → host:172.234.197.23 → host:131.196.30.145
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28e949edc1bba418:host:131.196.31.220	SESSION-28e949edc1bba418 → host:131.196.31.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c3bfd44b04badb9b:SESSION-c3bfd44b04badb9b	SESSION-c3bfd44b04badb9b → pe:syn:SESSION-c3bfd44b04badb9b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-019264e09ceae880:host:45.173.156.187	SESSION-019264e09ceae880 → host:45.173.156.187
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e0284f837155748:host:177.10.236.63	SESSION-7e0284f837155748 → host:177.10.236.63
FLOW_FROM_HOSTOBS	e:from:SESSION-7ff40ca0c390500b:host:34.140.18.6	SESSION-7ff40ca0c390500b → host:34.140.18.6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-feb7243d21c3bd2d:PCAP:capture_20260430060001:919b39a74464	SESSION-feb7243d21c3bd2d → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-c6fd3205e4a34033:host:177.10.232.168	SESSION-c6fd3205e4a34033 → host:177.10.232.168
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a592f97b57bb2999:host:177.10.237.115	SESSION-a592f97b57bb2999 → host:177.10.237.115
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62458b132c4d6b0d:host:131.196.30.126	SESSION-62458b132c4d6b0d → host:131.196.30.126
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58eea5e67f2190af:host:177.10.238.0	SESSION-58eea5e67f2190af → host:177.10.238.0
FLOW_DST_PORTOBS	e:fp:flow:4cdaf4d1f949:port:tcp:45219	flow:4cdaf4d1f949 → port:tcp:45219
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-512816cd1ae61d60:flow:1859ed99edad	SESSION-512816cd1ae61d60 → flow:1859ed99edad
flow_observed5-aryOBS	e:fo:flow:7ad2515d1158	flow:7ad2515d1158 → host:163.192.126.71 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-288ea97e67f438e3:host:172.234.197.23	SESSION-288ea97e67f438e3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8d5b41a2eb16ae40:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-8d5b41a2eb16ae40 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fd8832d374e053cc:SESSION-fd8832d374e053cc	SESSION-fd8832d374e053cc → pe:tls:SESSION-fd8832d374e053cc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-41957bf4b3a50ded:PCAP:capture_20260430110001:43611bdf6759	SESSION-41957bf4b3a50ded → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a2000a0c75221682:flow:c559408cb1c8	SESSION-a2000a0c75221682 → flow:c559408cb1c8
FLOW_TO_HOSTOBS	e:to:SESSION-e6abbbca78e64654:host:177.10.238.82	SESSION-e6abbbca78e64654 → host:177.10.238.82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fdb0bb1f6466838c:host:172.234.197.23	SESSION-fdb0bb1f6466838c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-51e02a163c57adb5:host:172.234.197.23	SESSION-51e02a163c57adb5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-621f2e97c51ae8e1:host:51.161.119.157:host:172.234.197.23	SESSION-621f2e97c51ae8e1 → host:51.161.119.157 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.253:geo_41.02140_28.99480	host:185.231.226.253 → geo_41.02140_28.99480
FLOW_DST_PORTOBS	e:fp:flow:5a1d419b7031:port:tcp:56692	flow:5a1d419b7031 → port:tcp:56692
FLOW_TO_HOSTOBS	e:to:SESSION-fc301fc8fa5220df:host:172.234.197.23	SESSION-fc301fc8fa5220df → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8a43b551ff0093c7:host:177.10.237.115	SESSION-8a43b551ff0093c7 → host:177.10.237.115
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fce590506c76a4f8:host:131.196.31.34:host:172.234.197.23	SESSION-fce590506c76a4f8 → host:131.196.31.34 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-20cf12e311e55250:SESSION-20cf12e311e55250	SESSION-20cf12e311e55250 → pe:tls:SESSION-20cf12e311e55250
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c227f10fbea5d546:SESSION-c227f10fbea5d546	SESSION-c227f10fbea5d546 → pe:tls:SESSION-c227f10fbea5d546
flow_observed5-aryOBS	e:fo:flow:d6d44c6f5200	flow:d6d44c6f5200 → host:177.10.233.136 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.53:asn:262880	host:177.10.233.53 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-28ca4d014ad9a35f:host:177.10.234.40:host:172.234.197.23	SESSION-28ca4d014ad9a35f → host:177.10.234.40 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f43808d089ea9fde:host:172.234.197.23	SESSION-f43808d089ea9fde → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-88449fe846038c62:host:172.234.197.23	SESSION-88449fe846038c62 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2dd1a49fa9f1084b:host:177.10.232.229	SESSION-2dd1a49fa9f1084b → host:177.10.232.229
flow_observed5-aryOBS	e:fo:flow:4422749e5514	flow:4422749e5514 → host:177.10.239.18 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6cc804a855d1eb7c:SESSION-6cc804a855d1eb7c	SESSION-6cc804a855d1eb7c → pe:syn:SESSION-6cc804a855d1eb7c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d446777121d9b1f8:flow:515c2b7595f3	SESSION-d446777121d9b1f8 → flow:515c2b7595f3
FLOW_TO_HOSTOBS	e:to:SESSION-244625927b0e7703:host:172.234.197.23	SESSION-244625927b0e7703 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e4815ec5b053775:PCAP:capture_20260430150001:ded20914761d	SESSION-4e4815ec5b053775 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-27ee7c401cb71f02:SESSION-27ee7c401cb71f02	SESSION-27ee7c401cb71f02 → pe:syn:SESSION-27ee7c401cb71f02
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e853a157c23802e1:host:177.10.237.252	SESSION-e853a157c23802e1 → host:177.10.237.252
FLOW_DST_PORTOBS	e:fp:flow:8fa4bbb2f12f:port:tcp:443	flow:8fa4bbb2f12f → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-391d28a36308a996:host:177.10.236.105	SESSION-391d28a36308a996 → host:177.10.236.105
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-658ca3f75d8ef503:PCAP:capture_20260430080001:93f47cc296a4	SESSION-658ca3f75d8ef503 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:982e28d20ec8:port:tcp:443	flow:982e28d20ec8 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.122:asn:262880	host:177.10.235.122 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8f486345fbdf5443:SESSION-8f486345fbdf5443	SESSION-8f486345fbdf5443 → pe:syn:SESSION-8f486345fbdf5443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f73bbd477b19c775:host:172.234.197.23:host:177.10.237.153	SESSION-f73bbd477b19c775 → host:172.234.197.23 → host:177.10.237.153
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8d9f933822471a5a:host:177.10.236.84:host:172.234.197.23	SESSION-8d9f933822471a5a → host:177.10.236.84 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ce39f2d1d3cb:port:udp:53	flow:ce39f2d1d3cb → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ec65811ecc506ca:host:172.234.197.23	SESSION-2ec65811ecc506ca → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.251:geo_-16.28860_-49.01640	host:177.10.235.251 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1fc6dd1896fecefa:PCAP:capture_20260430150001:ded20914761d	SESSION-1fc6dd1896fecefa → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e09f613cd450ebc9:host:131.196.30.74	SESSION-e09f613cd450ebc9 → host:131.196.30.74
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eed281d532ce25c6:PCAP:capture_20260430050001:8868731bf8a4	SESSION-eed281d532ce25c6 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dd5c7cb019cd55a3:SESSION-dd5c7cb019cd55a3	SESSION-dd5c7cb019cd55a3 → pe:syn:SESSION-dd5c7cb019cd55a3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-045b8a3eae800458:host:177.10.235.46	SESSION-045b8a3eae800458 → host:177.10.235.46
flow_observed4-aryOBS	e:fo:flow:878d78b455c9	flow:878d78b455c9 → host:172.234.197.23 → host:177.10.237.128 → port:tcp:16612
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1053aee7675dcd07:host:172.234.197.23	SESSION-1053aee7675dcd07 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:1dec1a3b0255	flow:1dec1a3b0255 → host:172.234.197.23 → host:177.10.236.153 → port:tcp:28466
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-200b6d1dbf438627:flow:e69639bf8de0	SESSION-200b6d1dbf438627 → flow:e69639bf8de0
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.62:asn:262880	host:177.10.236.62 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-472112a6b5df57cd:host:172.234.197.23	SESSION-472112a6b5df57cd → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2d53672361f048e5:host:177.10.239.153	SESSION-2d53672361f048e5 → host:177.10.239.153
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.27:asn:262880	host:177.10.236.27 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ac058e9f0280088:host:172.234.197.23	SESSION-2ac058e9f0280088 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.7:geo_-16.28860_-49.01640	host:177.10.236.7 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fcf38b0a54673cb:host:177.10.232.34	SESSION-5fcf38b0a54673cb → host:177.10.232.34
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.38:geo_-16.28860_-49.01640	host:177.10.234.38 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-ba642a19e1a643ce:host:172.234.197.23	SESSION-ba642a19e1a643ce → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fac4a2f466e4583d:flow:532dba0a48d5	SESSION-fac4a2f466e4583d → flow:532dba0a48d5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5644212eea272a87:host:16.171.255.229:host:172.234.197.23	SESSION-5644212eea272a87 → host:16.171.255.229 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-17e08e972fb579a9:host:177.10.233.17	SESSION-17e08e972fb579a9 → host:177.10.233.17
FLOW_DST_PORTOBS	e:fp:flow:76ee58955fc5:port:tcp:443	flow:76ee58955fc5 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-367a6218c741fe93:SESSION-367a6218c741fe93	SESSION-367a6218c741fe93 → pe:tls:SESSION-367a6218c741fe93
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96b1ae4f2b433079:flow:4e274ce7b551	SESSION-96b1ae4f2b433079 → flow:4e274ce7b551
FLOW_TO_HOSTOBS	e:to:SESSION-84669169ffdf0c83:host:172.234.197.23	SESSION-84669169ffdf0c83 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:39ef05cb6fd5:port:tcp:54688	flow:39ef05cb6fd5 → port:tcp:54688
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e63bd10e327c33f1:flow:fb54a75e6709	SESSION-e63bd10e327c33f1 → flow:fb54a75e6709
FLOW_FROM_HOSTOBS	e:from:SESSION-355b17fab14031de:host:172.234.197.23	SESSION-355b17fab14031de → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8fcd4a12026b870e:host:131.196.31.98	SESSION-8fcd4a12026b870e → host:131.196.31.98
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-44a5aa522f98da19:flow:7f24ac272d2b	SESSION-44a5aa522f98da19 → flow:7f24ac272d2b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e08dddd9edfa5277:host:131.196.31.84:host:172.234.197.23	SESSION-e08dddd9edfa5277 → host:131.196.31.84 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.37:geo_-16.28860_-49.01640	host:177.10.238.37 → geo_-16.28860_-49.01640
flow_observed3-aryOBS	e:fo:flow:a39310d926cc	flow:a39310d926cc → host:54.201.215.37 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:3e77f7b0f514	flow:3e77f7b0f514 → host:172.234.197.23 → host:177.10.237.62 → port:tcp:16180
flow_observed5-aryOBS	e:fo:flow:c6b6c34f4d03	flow:c6b6c34f4d03 → host:45.173.156.21 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e0dcae8b099ffa5:host:177.10.234.115	SESSION-9e0dcae8b099ffa5 → host:177.10.234.115
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8bfe47632c127d09:SESSION-8bfe47632c127d09	SESSION-8bfe47632c127d09 → pe:tls:SESSION-8bfe47632c127d09
FLOW_DST_PORTOBS	e:fp:flow:a1f7a3f91181:port:tcp:443	flow:a1f7a3f91181 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7488427d80d09cd9:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7488427d80d09cd9 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7ac71f2f2355e0bb:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-7ac71f2f2355e0bb → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0ffe1a7a04c39301:PCAP:capture_20260430060001:919b39a74464	SESSION-0ffe1a7a04c39301 → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f8ffffed45ee6ab8:PCAP:capture_20260430110001:43611bdf6759	SESSION-f8ffffed45ee6ab8 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf00afe8057eb986:PCAP:capture_20260430150001:ded20914761d	SESSION-bf00afe8057eb986 → PCAP:capture_20260430150001:ded20914761d
flow_observed5-aryOBS	e:fo:flow:4ab838db6e21	flow:4ab838db6e21 → host:177.10.233.167 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-32ae480396f4c201:host:177.10.236.7	SESSION-32ae480396f4c201 → host:177.10.236.7
FLOW_TO_HOSTOBS	e:to:SESSION-8614773ef8a3b357:host:172.234.197.23	SESSION-8614773ef8a3b357 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-626902abaec078eb:SESSION-626902abaec078eb	SESSION-626902abaec078eb → pe:tls:SESSION-626902abaec078eb
FLOW_DST_PORTOBS	e:fp:flow:f254bfc9cb7d:port:tcp:443	flow:f254bfc9cb7d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe84550c6b54c988:host:177.10.239.102	SESSION-fe84550c6b54c988 → host:177.10.239.102
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dc1a3553c9b143c5:host:131.196.31.205:host:172.234.197.23	SESSION-dc1a3553c9b143c5 → host:131.196.31.205 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-721df94622c41f42:flow:e0da7e51ff4f	SESSION-721df94622c41f42 → flow:e0da7e51ff4f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4437969c398261c:host:172.234.197.23	SESSION-c4437969c398261c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-537461a77052bb13:SESSION-537461a77052bb13	SESSION-537461a77052bb13 → pe:tls:SESSION-537461a77052bb13
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5292197f57e4263:host:172.234.197.23	SESSION-a5292197f57e4263 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cad98c39a19fe348:host:177.10.236.92:host:172.234.197.23	SESSION-cad98c39a19fe348 → host:177.10.236.92 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-724515316ace62dc:host:172.234.197.23	SESSION-724515316ace62dc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8a3cdd61760cc277:SESSION-8a3cdd61760cc277	SESSION-8a3cdd61760cc277 → pe:tls:SESSION-8a3cdd61760cc277
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c47e89745eb205fd:host:177.10.238.254	SESSION-c47e89745eb205fd → host:177.10.238.254
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aae42b7cc2993272:SESSION-aae42b7cc2993272	SESSION-aae42b7cc2993272 → pe:tls:SESSION-aae42b7cc2993272
FLOW_TO_HOSTOBS	e:to:SESSION-8a3bc2c7dd7e8bd1:host:177.10.238.16	SESSION-8a3bc2c7dd7e8bd1 → host:177.10.238.16
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.5:geo_-16.28860_-49.01640	host:177.10.239.5 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-845630b36dc2dead:SESSION-845630b36dc2dead	SESSION-845630b36dc2dead → pe:tls:SESSION-845630b36dc2dead
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bd554b279ca00d73:flow:b0ea91d62d64	SESSION-bd554b279ca00d73 → flow:b0ea91d62d64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fc3065336ab4dc3e:SESSION-fc3065336ab4dc3e	SESSION-fc3065336ab4dc3e → pe:syn:SESSION-fc3065336ab4dc3e
FLOW_FROM_HOSTOBS	e:from:SESSION-b73c5a859c05f554:host:172.234.197.23	SESSION-b73c5a859c05f554 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9f6479625c7774ad:SESSION-9f6479625c7774ad	SESSION-9f6479625c7774ad → pe:tls:SESSION-9f6479625c7774ad
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff374888c4809584:host:172.234.197.23	SESSION-ff374888c4809584 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2842c4c08e29d7d7:flow:7f79dab0f087	SESSION-2842c4c08e29d7d7 → flow:7f79dab0f087
FLOW_FROM_HOSTOBS	e:from:SESSION-57494845d8eca477:host:177.10.232.255	SESSION-57494845d8eca477 → host:177.10.232.255
flow_observed5-aryOBS	e:fo:flow:97e0a8deaaff	flow:97e0a8deaaff → host:177.10.235.72 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ff374888c4809584:host:177.10.236.0:host:172.234.197.23	SESSION-ff374888c4809584 → host:177.10.236.0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:54db2b5d922b	flow:54db2b5d922b → host:45.173.156.159 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-438fb49dfab0fe81:SESSION-438fb49dfab0fe81	SESSION-438fb49dfab0fe81 → pe:syn:SESSION-438fb49dfab0fe81
FLOW_DST_PORTOBS	e:fp:flow:0196cbb8b95d:port:tcp:443	flow:0196cbb8b95d → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-72411a82d36d6add:host:172.234.197.23	SESSION-72411a82d36d6add → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6d95ea715a47abbc:SESSION-6d95ea715a47abbc	SESSION-6d95ea715a47abbc → pe:tls:SESSION-6d95ea715a47abbc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9e896271e9295df4:flow:c54afd12c1fc	SESSION-9e896271e9295df4 → flow:c54afd12c1fc
flow_observed4-aryOBS	e:fo:flow:45eb3b22e1f2	flow:45eb3b22e1f2 → host:172.234.197.23 → host:177.10.236.64 → port:tcp:45748
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73c4b3cbea42a394:host:172.234.197.23	SESSION-73c4b3cbea42a394 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11723453546179ac:host:172.234.197.23	SESSION-11723453546179ac → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4a7bf37c238cc392:host:172.234.197.23	SESSION-4a7bf37c238cc392 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.197:geo_-16.28860_-49.01640	host:177.10.235.197 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-03cee9bc49b35179:host:45.173.156.57	SESSION-03cee9bc49b35179 → host:45.173.156.57
FLOW_FROM_HOSTOBS	e:from:SESSION-e01d63cbcaad0b90:host:8.213.192.144	SESSION-e01d63cbcaad0b90 → host:8.213.192.144
flow_observed5-aryOBS	e:fo:flow:d99b71d3b5fd	flow:d99b71d3b5fd → host:131.196.31.253 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:fa71e3f65ae1	flow:fa71e3f65ae1 → host:177.10.235.118 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d274b6d174d04d01:flow:970629490006	SESSION-d274b6d174d04d01 → flow:970629490006
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-57494845d8eca477:flow:04aa2d3b9485	SESSION-57494845d8eca477 → flow:04aa2d3b9485
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3b8a5f0932f0fd6d:SESSION-3b8a5f0932f0fd6d	SESSION-3b8a5f0932f0fd6d → pe:syn:SESSION-3b8a5f0932f0fd6d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-78f6342ed3f64031:host:172.234.197.23:host:131.196.31.18	SESSION-78f6342ed3f64031 → host:172.234.197.23 → host:131.196.31.18
flow_observed5-aryOBS	e:fo:flow:02bc2d91641b	flow:02bc2d91641b → host:177.10.238.166 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2d551807307fa9b9:SESSION-2d551807307fa9b9	SESSION-2d551807307fa9b9 → pe:syn:SESSION-2d551807307fa9b9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a0efb63412ce5061:flow:13e7e383a869	SESSION-a0efb63412ce5061 → flow:13e7e383a869
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f042798b154a2bb2:host:177.10.237.2	SESSION-f042798b154a2bb2 → host:177.10.237.2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-160e5a0882acae87:SESSION-160e5a0882acae87	SESSION-160e5a0882acae87 → pe:tls:SESSION-160e5a0882acae87
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-136356e88c69bcaa:SESSION-136356e88c69bcaa	SESSION-136356e88c69bcaa → pe:tls:SESSION-136356e88c69bcaa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-74adb0edbcc9dd0a:SESSION-74adb0edbcc9dd0a	SESSION-74adb0edbcc9dd0a → pe:syn:SESSION-74adb0edbcc9dd0a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-04c23b7b96a70798:SESSION-04c23b7b96a70798	SESSION-04c23b7b96a70798 → pe:syn:SESSION-04c23b7b96a70798
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e13a35a59d4e8cb3:host:172.234.197.23:host:177.10.234.237	SESSION-e13a35a59d4e8cb3 → host:172.234.197.23 → host:177.10.234.237
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc2cf38876d5e15c:SESSION-cc2cf38876d5e15c	SESSION-cc2cf38876d5e15c → pe:syn:SESSION-cc2cf38876d5e15c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ae5500b1626fa45f:flow:faeeb2dca72c	SESSION-ae5500b1626fa45f → flow:faeeb2dca72c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8314ac7032421127:host:172.234.197.23	SESSION-8314ac7032421127 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8f59bcaffd8dcae9:SESSION-8f59bcaffd8dcae9	SESSION-8f59bcaffd8dcae9 → pe:syn:SESSION-8f59bcaffd8dcae9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c3d14af1a5eb503:host:177.10.239.76	SESSION-8c3d14af1a5eb503 → host:177.10.239.76
FLOW_FROM_HOSTOBS	e:from:SESSION-f479797471e82d6b:host:177.10.233.121	SESSION-f479797471e82d6b → host:177.10.233.121
FLOW_FROM_HOSTOBS	e:from:SESSION-d7508894fe5424d7:host:172.234.197.23	SESSION-d7508894fe5424d7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ce9bea4cad9ad3a3:host:172.234.197.23	SESSION-ce9bea4cad9ad3a3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:048a9b4699ef:port:tcp:443	flow:048a9b4699ef → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-7f4f84053ddcae3c:host:172.234.197.23	SESSION-7f4f84053ddcae3c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f0be9ff1ae53d349:SESSION-f0be9ff1ae53d349	SESSION-f0be9ff1ae53d349 → pe:tls:SESSION-f0be9ff1ae53d349
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7792ff6d5e7124a:host:177.10.239.187	SESSION-b7792ff6d5e7124a → host:177.10.239.187
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e22ceaf98f82b588:PCAP:capture_20260430110001:43611bdf6759	SESSION-e22ceaf98f82b588 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b70d9bf346b75217:host:172.234.197.23	SESSION-b70d9bf346b75217 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-eecb9eac95f77073:host:172.234.197.23	SESSION-eecb9eac95f77073 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0bc704eff4d88e9:PCAP:capture_20260430110001:43611bdf6759	SESSION-c0bc704eff4d88e9 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3988a9d0230ebd4d:flow:fd28f4299f57	SESSION-3988a9d0230ebd4d → flow:fd28f4299f57
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-72ea8a7fe39a298e:SESSION-72ea8a7fe39a298e	SESSION-72ea8a7fe39a298e → pe:syn:SESSION-72ea8a7fe39a298e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-12cb447eb42d83b5:host:177.10.236.90	SESSION-12cb447eb42d83b5 → host:177.10.236.90
FLOW_TO_HOSTOBS	e:to:SESSION-2bb4f19f005244d2:host:172.234.197.23	SESSION-2bb4f19f005244d2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-11641f941720f4cf:host:172.234.197.23:host:177.10.232.132	SESSION-11641f941720f4cf → host:172.234.197.23 → host:177.10.232.132
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.246:asn:271410	host:131.196.31.246 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ef2cf125c8c7b83a:SESSION-ef2cf125c8c7b83a	SESSION-ef2cf125c8c7b83a → pe:syn:SESSION-ef2cf125c8c7b83a
flow_observed4-aryOBS	e:fo:flow:71dc89848ccc	flow:71dc89848ccc → host:172.234.197.23 → host:131.196.30.183 → port:tcp:28702
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eaed9d07c71d3d80:flow:9c65c9496a84	SESSION-eaed9d07c71d3d80 → flow:9c65c9496a84
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-195f8b2639df23c4:SESSION-195f8b2639df23c4	SESSION-195f8b2639df23c4 → pe:syn:SESSION-195f8b2639df23c4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2d7ac357c55d6f7b:SESSION-2d7ac357c55d6f7b	SESSION-2d7ac357c55d6f7b → pe:tls:SESSION-2d7ac357c55d6f7b
FLOW_TO_HOSTOBS	e:to:SESSION-fe3fb5807179bb52:host:131.196.30.65	SESSION-fe3fb5807179bb52 → host:131.196.30.65
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a5bede5fedae88e0:SESSION-a5bede5fedae88e0	SESSION-a5bede5fedae88e0 → pe:tls:SESSION-a5bede5fedae88e0
FLOW_FROM_HOSTOBS	e:from:SESSION-dd2928203fc01c8b:host:177.10.234.161	SESSION-dd2928203fc01c8b → host:177.10.234.161
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-52edfb1e7fe307be:SESSION-52edfb1e7fe307be	SESSION-52edfb1e7fe307be → pe:tls:SESSION-52edfb1e7fe307be
FLOW_FROM_HOSTOBS	e:from:SESSION-56d3b103682c9fbe:host:172.234.197.23	SESSION-56d3b103682c9fbe → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.105:asn:203771	host:95.170.25.105 → asn:203771
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2fd944013b60077a:host:131.196.29.22:host:172.234.197.23	SESSION-2fd944013b60077a → host:131.196.29.22 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1ca1108b3f9fffc:host:172.234.197.23	SESSION-d1ca1108b3f9fffc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-aa4dbd42e40690e9:host:172.234.197.23	SESSION-aa4dbd42e40690e9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3186af5a0774c3b5:host:172.234.197.23	SESSION-3186af5a0774c3b5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-19f4ea615eaf7325:host:172.234.197.23:host:177.10.238.79	SESSION-19f4ea615eaf7325 → host:172.234.197.23 → host:177.10.238.79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1844a866ec523fcf:host:172.234.197.23	SESSION-1844a866ec523fcf → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ce9079d0e1b1:port:tcp:16414	flow:ce9079d0e1b1 → port:tcp:16414
FLOW_DST_PORTOBS	e:fp:flow:172bf7588f89:port:tcp:10161	flow:172bf7588f89 → port:tcp:10161
FLOW_TO_HOSTOBS	e:to:SESSION-54c75738c2308981:host:172.234.197.23	SESSION-54c75738c2308981 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c873de224cbac149:host:172.234.197.23	SESSION-c873de224cbac149 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c4b12d61b6c1	flow:c4b12d61b6c1 → host:177.10.238.251 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.131:asn:262880	host:177.10.232.131 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:497a68fc3b86:port:tcp:59922	flow:497a68fc3b86 → port:tcp:59922
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-592f6a5ffad96a3b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-592f6a5ffad96a3b → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-2579d58cc01cbffa:host:177.10.236.251	SESSION-2579d58cc01cbffa → host:177.10.236.251
FLOW_DST_PORTOBS	e:fp:flow:e72e68d4fcd0:port:tcp:443	flow:e72e68d4fcd0 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-083cc9a3854de3cd:SESSION-083cc9a3854de3cd	SESSION-083cc9a3854de3cd → pe:tls:SESSION-083cc9a3854de3cd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1eb9812de4c91c82:PCAP:capture_20260430050001:8868731bf8a4	SESSION-1eb9812de4c91c82 → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.167:geo_-16.28860_-49.01640	host:177.10.233.167 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eab64f08bdc755fb:flow:d40d8401ca62	SESSION-eab64f08bdc755fb → flow:d40d8401ca62
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bce97f10a4a571f4:host:172.234.197.23:host:177.10.234.82	SESSION-bce97f10a4a571f4 → host:172.234.197.23 → host:177.10.234.82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c67539e40b0db6c0:host:172.234.197.23	SESSION-c67539e40b0db6c0 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8ab658d53a1eebd:flow:d4c5cce04e81	SESSION-c8ab658d53a1eebd → flow:d4c5cce04e81
FLOW_FROM_HOSTOBS	e:from:SESSION-c56dcfb05d3a50ba:host:172.234.197.23	SESSION-c56dcfb05d3a50ba → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9d74d897cd43b428:SESSION-9d74d897cd43b428	SESSION-9d74d897cd43b428 → pe:syn:SESSION-9d74d897cd43b428
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9f10142199cea9c:host:131.196.31.42	SESSION-b9f10142199cea9c → host:131.196.31.42
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.113:asn:262880	host:177.10.236.113 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-977a7c6dd83aa424:host:172.234.197.23:host:177.10.239.192	SESSION-977a7c6dd83aa424 → host:172.234.197.23 → host:177.10.239.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7caeaef261aefc4:host:177.10.238.187	SESSION-e7caeaef261aefc4 → host:177.10.238.187
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9a269382e1e5b425:flow:4ba06b514d2b	SESSION-9a269382e1e5b425 → flow:4ba06b514d2b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d31138dfabe85cd6:host:172.234.197.23	SESSION-d31138dfabe85cd6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-394aeca8e13c39b2:host:172.234.197.23	SESSION-394aeca8e13c39b2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9cd2627e6ddbbad1:host:172.234.197.23	SESSION-9cd2627e6ddbbad1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e6d45a86f046cac8:host:172.234.197.23	SESSION-e6d45a86f046cac8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:17b4483c0fea:port:tcp:38305	flow:17b4483c0fea → port:tcp:38305
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d7f8914f0744c0dd:PCAP:capture_20260430110001:43611bdf6759	SESSION-d7f8914f0744c0dd → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f15dcbaf5ef33ebd:SESSION-f15dcbaf5ef33ebd	SESSION-f15dcbaf5ef33ebd → pe:syn:SESSION-f15dcbaf5ef33ebd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ceaacc21db1a34ae:host:177.10.237.71	SESSION-ceaacc21db1a34ae → host:177.10.237.71
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.199:geo_-16.28860_-49.01640	host:177.10.239.199 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4c0ceaca72bbee92:flow:67e1fa03f403	SESSION-4c0ceaca72bbee92 → flow:67e1fa03f403
FLOW_FROM_HOSTOBS	e:from:SESSION-1848195311cbff19:host:177.10.235.111	SESSION-1848195311cbff19 → host:177.10.235.111
FLOW_DST_PORTOBS	e:fp:flow:46d5bf8a685f:port:tcp:443	flow:46d5bf8a685f → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.24:geo_-16.28860_-49.01640	host:177.10.232.24 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.87:geo_-23.62930_-46.63510	host:131.196.30.87 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.185:geo_-23.62930_-46.63510	host:131.196.28.185 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-75cb9fe69e287da9:PCAP:capture_20260430050001:8868731bf8a4	SESSION-75cb9fe69e287da9 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a3bb54d95c2cdaff:SESSION-a3bb54d95c2cdaff	SESSION-a3bb54d95c2cdaff → pe:syn:SESSION-a3bb54d95c2cdaff
FLOW_DST_PORTOBS	e:fp:flow:ab409ffcce8b:port:tcp:443	flow:ab409ffcce8b → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.158:asn:271410	host:131.196.30.158 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92547fda1a59fab0:host:131.196.28.217	SESSION-92547fda1a59fab0 → host:131.196.28.217
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-361b290e75b75885:host:177.10.233.63	SESSION-361b290e75b75885 → host:177.10.233.63
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b9deb407202a7aa0:host:172.234.197.23:host:131.196.30.37	SESSION-b9deb407202a7aa0 → host:172.234.197.23 → host:131.196.30.37
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e36c77c5ab0d7e92:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e36c77c5ab0d7e92 → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.3:geo_-23.62930_-46.63510	host:131.196.31.3 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-132ae74090c90dac:host:177.10.234.11:host:172.234.197.23	SESSION-132ae74090c90dac → host:177.10.234.11 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b11513eff2bd1e6:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7b11513eff2bd1e6 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-659e9e20b25ca2e2:host:172.234.197.23:host:177.10.237.218	SESSION-659e9e20b25ca2e2 → host:172.234.197.23 → host:177.10.237.218
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86afdd078b90270f:host:172.234.197.23	SESSION-86afdd078b90270f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-587cecb9c2d65d84:SESSION-587cecb9c2d65d84	SESSION-587cecb9c2d65d84 → pe:tls:SESSION-587cecb9c2d65d84
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.223:asn:271410	host:131.196.28.223 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2f96a240aba6afcc:host:131.196.30.221:host:172.234.197.23	SESSION-2f96a240aba6afcc → host:131.196.30.221 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3333aa4b72a0:port:tcp:443	flow:3333aa4b72a0 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5a4d952075d0ee24:SESSION-5a4d952075d0ee24	SESSION-5a4d952075d0ee24 → pe:tls:SESSION-5a4d952075d0ee24
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-28d0a7763ce2861c:host:177.10.233.147:host:172.234.197.23	SESSION-28d0a7763ce2861c → host:177.10.233.147 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f1b980e392c4795:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-4f1b980e392c4795 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.138:geo_-23.62930_-46.63510	host:131.196.29.138 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4cde7abdf73c6af1:host:172.234.197.23:host:172.232.0.16	SESSION-4cde7abdf73c6af1 → host:172.234.197.23 → host:172.232.0.16
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.44:asn:271410	host:131.196.28.44 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b2e6696cab81646:host:177.10.237.95	SESSION-5b2e6696cab81646 → host:177.10.237.95
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.141:asn:271410	host:131.196.30.141 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:ea95ed004069:port:tcp:44302	flow:ea95ed004069 → port:tcp:44302
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5a6e84a9f98e2c60:flow:d0d81899cf28	SESSION-5a6e84a9f98e2c60 → flow:d0d81899cf28
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f691479e1fc1edf:host:172.234.197.23	SESSION-2f691479e1fc1edf → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-aa26c3a0a6de1666:host:177.10.233.172	SESSION-aa26c3a0a6de1666 → host:177.10.233.172
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-91e694161f32570f:host:172.234.197.23	SESSION-91e694161f32570f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:475c42977672:port:tcp:443	flow:475c42977672 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ba981a6eb39461c8:host:177.10.237.35	SESSION-ba981a6eb39461c8 → host:177.10.237.35
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fef5a77f946ef097:flow:d77bd425cc20	SESSION-fef5a77f946ef097 → flow:d77bd425cc20
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-131cbd262c833b9b:host:172.234.197.23	SESSION-131cbd262c833b9b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d9c211d2931ae713:host:131.196.30.11:host:172.234.197.23	SESSION-d9c211d2931ae713 → host:131.196.30.11 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.146:geo_-23.62930_-46.63510	host:131.196.31.146 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-438fb49dfab0fe81:SESSION-438fb49dfab0fe81	SESSION-438fb49dfab0fe81 → pe:tls:SESSION-438fb49dfab0fe81
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02163c9e3a8cc49d:host:172.234.197.23	SESSION-02163c9e3a8cc49d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-33348e69a2613db6:host:92.112.71.27:host:172.234.197.23	SESSION-33348e69a2613db6 → host:92.112.71.27 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4db42491c04de440:host:172.234.197.23	SESSION-4db42491c04de440 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-316a629875744009:host:172.234.197.23	SESSION-316a629875744009 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:914f8417aa2d:port:tcp:443	flow:914f8417aa2d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ce4fb974af5131d:host:172.234.197.23	SESSION-0ce4fb974af5131d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-206979254a17108f:SESSION-206979254a17108f	SESSION-206979254a17108f → pe:syn:SESSION-206979254a17108f
FLOW_TO_HOSTOBS	e:to:SESSION-2b7cd4519c0a4eb9:host:177.10.235.12	SESSION-2b7cd4519c0a4eb9 → host:177.10.235.12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ae53b938ea3675b:SESSION-2ae53b938ea3675b	SESSION-2ae53b938ea3675b → pe:syn:SESSION-2ae53b938ea3675b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-368729c748b57591:host:45.173.156.174	SESSION-368729c748b57591 → host:45.173.156.174
FLOW_TO_HOSTOBS	e:to:SESSION-5fbe82bcd0d20589:host:172.234.197.23	SESSION-5fbe82bcd0d20589 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1213fdeaeb0b4e25:host:45.173.156.44	SESSION-1213fdeaeb0b4e25 → host:45.173.156.44
FLOW_FROM_HOSTOBS	e:from:SESSION-4defafdd27769097:host:92.112.71.232	SESSION-4defafdd27769097 → host:92.112.71.232
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ee7b628709e11cd4:SESSION-ee7b628709e11cd4	SESSION-ee7b628709e11cd4 → pe:syn:SESSION-ee7b628709e11cd4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc2833e8abe7ed0a:flow:b201d08003c8	SESSION-cc2833e8abe7ed0a → flow:b201d08003c8
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:34.216.30.208:geo_45.84010_-119.70500	host:34.216.30.208 → geo_45.84010_-119.70500
flow_observed5-aryOBS	e:fo:flow:86d6a83e2f14	flow:86d6a83e2f14 → host:163.192.126.71 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2d798baf71c597a3:host:43.196.88.244:host:172.234.197.23	SESSION-2d798baf71c597a3 → host:43.196.88.244 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d5b56d4198adefd3:host:172.234.197.23	SESSION-d5b56d4198adefd3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-985c12f522f7e9ff:PCAP:capture_20260430160001:9bfa4498506a	SESSION-985c12f522f7e9ff → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7948a18eeb1cbc0d:SESSION-7948a18eeb1cbc0d	SESSION-7948a18eeb1cbc0d → pe:tls:SESSION-7948a18eeb1cbc0d
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.223:asn:273470	host:45.173.156.223 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5ac91adedbe1ec7:host:172.234.197.23	SESSION-d5ac91adedbe1ec7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:31fdf1497dec:port:tcp:48470	flow:31fdf1497dec → port:tcp:48470
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-46290f7655d18c8b:BSG-BEACON-d4175b7190c4	SESSION-46290f7655d18c8b → BSG-BEACON-d4175b7190c4
FLOW_DST_PORTOBS	e:fp:flow:0d57cdd2a340:port:tcp:38751	flow:0d57cdd2a340 → port:tcp:38751
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b082affabc66a77:host:172.234.197.23	SESSION-8b082affabc66a77 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5c6720ec9a7d:port:tcp:443	flow:5c6720ec9a7d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33bdca28f4470cd7:host:131.196.30.0	SESSION-33bdca28f4470cd7 → host:131.196.30.0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-68a3da1f806283eb:SESSION-68a3da1f806283eb	SESSION-68a3da1f806283eb → pe:tls:SESSION-68a3da1f806283eb
FLOW_FROM_HOSTOBS	e:from:SESSION-ba96028c0d9bf0a3:host:177.10.232.114	SESSION-ba96028c0d9bf0a3 → host:177.10.232.114
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.211:geo_-16.28860_-49.01640	host:177.10.237.211 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:1859ed99edad	flow:1859ed99edad → host:177.10.233.19 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:71fbdd137d18:port:tcp:50837	flow:71fbdd137d18 → port:tcp:50837
FLOW_FROM_HOSTOBS	e:from:SESSION-70f9355e024c975b:host:131.196.31.13	SESSION-70f9355e024c975b → host:131.196.31.13
FLOW_TO_HOSTOBS	e:to:SESSION-917ad6cf3046e17b:host:45.173.156.101	SESSION-917ad6cf3046e17b → host:45.173.156.101
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0be6cf40df30cb93:SESSION-0be6cf40df30cb93	SESSION-0be6cf40df30cb93 → pe:tls:SESSION-0be6cf40df30cb93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d13284d1e9c6a901:SESSION-d13284d1e9c6a901	SESSION-d13284d1e9c6a901 → pe:syn:SESSION-d13284d1e9c6a901
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4f1b980e392c4795:SESSION-4f1b980e392c4795	SESSION-4f1b980e392c4795 → pe:syn:SESSION-4f1b980e392c4795
flow_observed5-aryOBS	e:fo:flow:362bd8a9c9ac	flow:362bd8a9c9ac → host:177.10.232.164 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:b5281b6c31b7	flow:b5281b6c31b7 → host:177.10.234.91 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d99d46a236a5e045:host:131.196.30.150:host:172.234.197.23	SESSION-d99d46a236a5e045 → host:131.196.30.150 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-43a6565d7143b8ab:host:172.234.197.23	SESSION-43a6565d7143b8ab → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:975970d47051:port:tcp:443	flow:975970d47051 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-08a40451c9cdc962:flow:3d33c6041d42	SESSION-08a40451c9cdc962 → flow:3d33c6041d42
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fef5a77f946ef097:host:131.196.29.206	SESSION-fef5a77f946ef097 → host:131.196.29.206
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96272a0a54480e7a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-96272a0a54480e7a → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9479b510131ce6c:host:172.234.197.23	SESSION-f9479b510131ce6c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:bcbb02b2c9a5	flow:bcbb02b2c9a5 → host:45.173.156.189 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c36bc9032caa64b:host:172.234.197.23	SESSION-9c36bc9032caa64b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-723b8399a0bced6b:host:177.10.236.198	SESSION-723b8399a0bced6b → host:177.10.236.198
FLOW_DST_PORTOBS	e:fp:flow:2f76408fd599:port:tcp:443	flow:2f76408fd599 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ead4b2d62c5ebfd2:SESSION-ead4b2d62c5ebfd2	SESSION-ead4b2d62c5ebfd2 → pe:tls:SESSION-ead4b2d62c5ebfd2
flow_observed5-aryOBS	e:fo:flow:7b78e56234f0	flow:7b78e56234f0 → host:131.196.28.217 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-066d98dee3275acb:SESSION-066d98dee3275acb	SESSION-066d98dee3275acb → pe:tls:SESSION-066d98dee3275acb
FLOW_DST_PORTOBS	e:fp:flow:36e2e7eb9558:port:tcp:443	flow:36e2e7eb9558 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94eb707cf5b0b4ef:host:172.234.197.23	SESSION-94eb707cf5b0b4ef → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cc35857ee3808de8:host:131.196.31.37	SESSION-cc35857ee3808de8 → host:131.196.31.37
flow_observed5-aryOBS	e:fo:flow:4b45b8ab033c	flow:4b45b8ab033c → host:177.10.239.184 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-e998b802e74a3139:host:177.10.235.39	SESSION-e998b802e74a3139 → host:177.10.235.39
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-01b1445b3dd1d2e4:PCAP:capture_20260430160001:9bfa4498506a	SESSION-01b1445b3dd1d2e4 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5a933b86812e122:host:177.10.233.192	SESSION-e5a933b86812e122 → host:177.10.233.192
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9d0c24f0912a7520:flow:dd71ff03f3cb	SESSION-9d0c24f0912a7520 → flow:dd71ff03f3cb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2daf8cded5fb19ed:flow:a6f1bedfb399	SESSION-2daf8cded5fb19ed → flow:a6f1bedfb399
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-314272d88a452691:SESSION-314272d88a452691	SESSION-314272d88a452691 → pe:tls:SESSION-314272d88a452691
FLOW_FROM_HOSTOBS	e:from:SESSION-65d181126b4cfd8f:host:177.10.236.12	SESSION-65d181126b4cfd8f → host:177.10.236.12
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a33620a262b3196:host:177.10.239.239	SESSION-4a33620a262b3196 → host:177.10.239.239
FLOW_DST_PORTOBS	e:fp:flow:e48771c0c3dd:port:tcp:30858	flow:e48771c0c3dd → port:tcp:30858
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34a5ce0f23d7a2a1:host:172.234.197.23	SESSION-34a5ce0f23d7a2a1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4b0821df7b169e6a:flow:0f786f54457f	SESSION-4b0821df7b169e6a → flow:0f786f54457f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e503c69e36c27590:flow:411f88e09190	SESSION-e503c69e36c27590 → flow:411f88e09190
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e8b71ac0dda5d9d9:SESSION-e8b71ac0dda5d9d9	SESSION-e8b71ac0dda5d9d9 → pe:syn:SESSION-e8b71ac0dda5d9d9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-417f532a2a507181:flow:26f60c160f6b	SESSION-417f532a2a507181 → flow:26f60c160f6b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4b5ce2843c92e119:SESSION-4b5ce2843c92e119	SESSION-4b5ce2843c92e119 → pe:tls:SESSION-4b5ce2843c92e119
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-13b449bea21c4b54:SESSION-13b449bea21c4b54	SESSION-13b449bea21c4b54 → pe:syn:SESSION-13b449bea21c4b54
flow_observed4-aryOBS	e:fo:flow:c59557b9d3a6	flow:c59557b9d3a6 → host:172.234.197.23 → host:177.10.236.245 → port:tcp:16376
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-06ba851c038c998a:host:177.10.233.255:host:172.234.197.23	SESSION-06ba851c038c998a → host:177.10.233.255 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1e69d77cebc13bf2:host:172.234.197.23	SESSION-1e69d77cebc13bf2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-381a0e70ba36b75c:host:131.196.31.69	SESSION-381a0e70ba36b75c → host:131.196.31.69
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4db3abe06a9505c7:flow:c6a015f3a684	SESSION-4db3abe06a9505c7 → flow:c6a015f3a684
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e6511da7c7cd8e1:host:131.196.30.138	SESSION-4e6511da7c7cd8e1 → host:131.196.30.138
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c5664e67ab454dc8:SESSION-c5664e67ab454dc8	SESSION-c5664e67ab454dc8 → pe:tls:SESSION-c5664e67ab454dc8
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.162:asn:273470	host:45.173.156.162 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ee4167cf60ac81c3:SESSION-ee4167cf60ac81c3	SESSION-ee4167cf60ac81c3 → pe:syn:SESSION-ee4167cf60ac81c3
flow_observed5-aryOBS	e:fo:flow:9093eff6b816	flow:9093eff6b816 → host:136.243.57.208 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db98e45dca973468:PCAP:capture_20260430050001:8868731bf8a4	SESSION-db98e45dca973468 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-244625927b0e7703:SESSION-244625927b0e7703	SESSION-244625927b0e7703 → pe:tls:SESSION-244625927b0e7703
FLOW_TO_HOSTOBS	e:to:SESSION-d52893e766cf8155:host:172.234.197.23	SESSION-d52893e766cf8155 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:03b1001edb70:port:tcp:42706	flow:03b1001edb70 → port:tcp:42706
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fe8408bb8c62f3c7:SESSION-fe8408bb8c62f3c7	SESSION-fe8408bb8c62f3c7 → pe:syn:SESSION-fe8408bb8c62f3c7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f7287a957cb5e0d9:PCAP:capture_20260430110001:43611bdf6759	SESSION-f7287a957cb5e0d9 → PCAP:capture_20260430110001:43611bdf6759
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.99:geo_-21.10010_-41.69200	host:45.173.156.99 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5048c6b31ef60c96:host:131.196.31.190:host:172.234.197.23	SESSION-5048c6b31ef60c96 → host:131.196.31.190 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6e6afdb068db09de:flow:8fa1fca8c76a	SESSION-6e6afdb068db09de → flow:8fa1fca8c76a
FLOW_FROM_HOSTOBS	e:from:SESSION-aa658fe130f71ff5:host:172.234.197.23	SESSION-aa658fe130f71ff5 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.219:asn:262880	host:177.10.236.219 → asn:262880
flow_observed3-aryOBS	e:fo:flow:c8a3c785a01c	flow:c8a3c785a01c → host:172.234.197.23 → host:80.94.92.186
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9b3d68511ee3e6e7:host:172.234.197.23:host:177.10.239.136	SESSION-9b3d68511ee3e6e7 → host:172.234.197.23 → host:177.10.239.136
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c14806e741c4fd98:flow:8a3c0b7a19d4	SESSION-c14806e741c4fd98 → flow:8a3c0b7a19d4
FLOW_FROM_HOSTOBS	e:from:SESSION-958fc48089d68c44:host:177.10.236.245	SESSION-958fc48089d68c44 → host:177.10.236.245
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e73771addca62c13:host:172.234.197.23	SESSION-e73771addca62c13 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cd92f1d715637398:host:34.216.76.26	SESSION-cd92f1d715637398 → host:34.216.76.26
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.99:geo_-16.28860_-49.01640	host:177.10.237.99 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-799494d5bb605f27:PCAP:capture_20260430160001:9bfa4498506a	SESSION-799494d5bb605f27 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:836aa09f87d5	flow:836aa09f87d5 → host:131.196.29.5 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7f9bec963f9028f2:PCAP:capture_20260430090001:065659c7d314	SESSION-7f9bec963f9028f2 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b65436b870ef703a:SESSION-b65436b870ef703a	SESSION-b65436b870ef703a → pe:tls:SESSION-b65436b870ef703a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab20216cf3eeb0ee:host:172.234.197.23	SESSION-ab20216cf3eeb0ee → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.165:asn:271410	host:131.196.29.165 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8bf059b02e9beec:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c8bf059b02e9beec → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:209d675128aa	flow:209d675128aa → host:131.196.31.203 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86b61cf52362ae86:host:177.10.236.247	SESSION-86b61cf52362ae86 → host:177.10.236.247
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e0284f837155748:SESSION-7e0284f837155748	SESSION-7e0284f837155748 → pe:syn:SESSION-7e0284f837155748
flow_observed5-aryOBS	e:fo:flow:c8519290c6a5	flow:c8519290c6a5 → host:177.10.234.93 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-d1a930dc0f03fa17:host:172.234.197.23	SESSION-d1a930dc0f03fa17 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.214:asn:262880	host:177.10.235.214 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7ac052262d51e17:host:131.196.29.27	SESSION-b7ac052262d51e17 → host:131.196.29.27
flow_observed5-aryOBS	e:fo:flow:6386cb02ad5f	flow:6386cb02ad5f → host:177.10.232.60 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.190:asn:203771	host:95.170.25.190 → asn:203771
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.168:geo_-16.28860_-49.01640	host:177.10.235.168 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0e42d909a57b4903:SESSION-0e42d909a57b4903	SESSION-0e42d909a57b4903 → pe:tls:SESSION-0e42d909a57b4903
FLOW_TO_HOSTOBS	e:to:SESSION-21bd08fb36aa18e9:host:172.234.197.23	SESSION-21bd08fb36aa18e9 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-41eaa3dd80eab155:host:172.234.197.23	SESSION-41eaa3dd80eab155 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-be1454a9d7b7f3ce:host:172.234.197.23	SESSION-be1454a9d7b7f3ce → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-37451ceb7f45e2a3:flow:3cce400dbd51	SESSION-37451ceb7f45e2a3 → flow:3cce400dbd51
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-567e9582c6914b15:host:172.234.197.23:host:131.196.31.111	SESSION-567e9582c6914b15 → host:172.234.197.23 → host:131.196.31.111
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-06814c349a39e79e:SESSION-06814c349a39e79e	SESSION-06814c349a39e79e → pe:syn:SESSION-06814c349a39e79e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cff48a7a06adcd8f:SESSION-cff48a7a06adcd8f	SESSION-cff48a7a06adcd8f → pe:syn:SESSION-cff48a7a06adcd8f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-213b6cb7e75b87f2:host:172.234.197.23	SESSION-213b6cb7e75b87f2 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.21:geo_-21.10010_-41.69200	host:45.173.156.21 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-46082ee63fe36bdf:PCAP:capture_20260430150001:ded20914761d	SESSION-46082ee63fe36bdf → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e920b338cbbee7b:host:172.234.197.23	SESSION-2e920b338cbbee7b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5e93d3fe416fcd95:SESSION-5e93d3fe416fcd95	SESSION-5e93d3fe416fcd95 → pe:syn:SESSION-5e93d3fe416fcd95
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.69:geo_-16.28860_-49.01640	host:177.10.234.69 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:819986960ec3	flow:819986960ec3 → host:172.234.197.23 → host:131.196.30.7 → port:tcp:44092
FLOW_TO_HOSTOBS	e:to:SESSION-82c9dbe3cfe7e49f:host:172.234.197.23	SESSION-82c9dbe3cfe7e49f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9a466e26c77a91e3:PCAP:capture_20260430110001:43611bdf6759	SESSION-9a466e26c77a91e3 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-c8300d990ddd9a21:host:177.10.236.157	SESSION-c8300d990ddd9a21 → host:177.10.236.157
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f83bf77e11c8adb3:host:172.234.197.23	SESSION-f83bf77e11c8adb3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d0f144e1366b	flow:d0f144e1366b → host:104.28.234.79 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ca707063b726bac:flow:2746e9118ab2	SESSION-8ca707063b726bac → flow:2746e9118ab2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-181666d0ed9d45b8:host:45.173.156.38	SESSION-181666d0ed9d45b8 → host:45.173.156.38
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a29ca5d80bc122d0:host:172.234.197.23	SESSION-a29ca5d80bc122d0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-48baa2e7639de342:SESSION-48baa2e7639de342	SESSION-48baa2e7639de342 → pe:syn:SESSION-48baa2e7639de342
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-18e7a18371a0d1bf:PCAP:capture_20260430150001:ded20914761d	SESSION-18e7a18371a0d1bf → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-edeb3dca8d1da30b:SESSION-edeb3dca8d1da30b	SESSION-edeb3dca8d1da30b → pe:syn:SESSION-edeb3dca8d1da30b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ef5ed6d64625f76:SESSION-8ef5ed6d64625f76	SESSION-8ef5ed6d64625f76 → pe:syn:SESSION-8ef5ed6d64625f76
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-41b71c4a2ccc13b3:SESSION-41b71c4a2ccc13b3	SESSION-41b71c4a2ccc13b3 → pe:tls:SESSION-41b71c4a2ccc13b3
FLOW_TO_HOSTOBS	e:to:SESSION-620284e2b3f3a282:host:177.10.233.134	SESSION-620284e2b3f3a282 → host:177.10.233.134
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b0dab8159384d982:PCAP:capture_20260430160001:9bfa4498506a	SESSION-b0dab8159384d982 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-cc060cc400f18b5d:host:131.196.31.133	SESSION-cc060cc400f18b5d → host:131.196.31.133
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2338a143c0830527:host:172.234.197.23	SESSION-2338a143c0830527 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e698e5bcd13e	flow:e698e5bcd13e → host:177.10.238.197 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-474ea5236769f0a3:flow:41bc1e553486	SESSION-474ea5236769f0a3 → flow:41bc1e553486
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-41b71c4a2ccc13b3:SESSION-41b71c4a2ccc13b3	SESSION-41b71c4a2ccc13b3 → pe:syn:SESSION-41b71c4a2ccc13b3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f8396d269748cb9c:host:131.196.30.37:host:172.234.197.23	SESSION-f8396d269748cb9c → host:131.196.30.37 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:df1118cf58c3	flow:df1118cf58c3 → host:177.10.235.205 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db5e0e0456a4bec1:host:172.234.197.23:host:177.10.236.72	SESSION-db5e0e0456a4bec1 → host:172.234.197.23 → host:177.10.236.72
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-41b7279875030e7d:PCAP:capture_20260430060001:919b39a74464	SESSION-41b7279875030e7d → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:f2b7c7be1c86	flow:f2b7c7be1c86 → host:177.10.237.98 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:41e89e3f233c:port:tcp:443	flow:41e89e3f233c → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:9e2efcab33d5:port:tcp:50004	flow:9e2efcab33d5 → port:tcp:50004
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7926734d1890078a:flow:d54c0bb96a93	SESSION-7926734d1890078a → flow:d54c0bb96a93
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94bbfef7eb27207b:host:177.10.237.4	SESSION-94bbfef7eb27207b → host:177.10.237.4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-31f3a24ceae3d348:SESSION-31f3a24ceae3d348	SESSION-31f3a24ceae3d348 → pe:tls:SESSION-31f3a24ceae3d348
FLOW_FROM_HOSTOBS	e:from:SESSION-96abdd68944f2af2:host:177.10.233.17	SESSION-96abdd68944f2af2 → host:177.10.233.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-02836b6eb824cc45:SESSION-02836b6eb824cc45	SESSION-02836b6eb824cc45 → pe:tls:SESSION-02836b6eb824cc45
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c54c8f2f9fead0c6:host:177.10.235.161	SESSION-c54c8f2f9fead0c6 → host:177.10.235.161
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9527954f73f19b6:host:177.10.233.153	SESSION-c9527954f73f19b6 → host:177.10.233.153
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-948ad6eee5512e98:host:131.196.28.22:host:172.234.197.23	SESSION-948ad6eee5512e98 → host:131.196.28.22 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.161:geo_-23.62930_-46.63510	host:131.196.30.161 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6aa2ce807ac3d210:SESSION-6aa2ce807ac3d210	SESSION-6aa2ce807ac3d210 → pe:syn:SESSION-6aa2ce807ac3d210
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4531330495d6a6b8:SESSION-4531330495d6a6b8	SESSION-4531330495d6a6b8 → pe:syn:SESSION-4531330495d6a6b8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3bedd6d77774b5e6:SESSION-3bedd6d77774b5e6	SESSION-3bedd6d77774b5e6 → pe:syn:SESSION-3bedd6d77774b5e6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49ea8e2d7734ace3:host:172.234.197.23	SESSION-49ea8e2d7734ace3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5c7f3c61dd4869fc:host:131.196.31.195:host:172.234.197.23	SESSION-5c7f3c61dd4869fc → host:131.196.31.195 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.92:asn:273470	host:45.173.156.92 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e867c3054a212916:flow:af7bc9759ccd	SESSION-e867c3054a212916 → flow:af7bc9759ccd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e5ba4a44df249a00:host:172.234.197.23:host:177.10.238.247	SESSION-e5ba4a44df249a00 → host:172.234.197.23 → host:177.10.238.247
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e15824f9dd78d2b4:host:172.234.197.23	SESSION-e15824f9dd78d2b4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b0ca3b8aea25b593:host:172.234.197.23	SESSION-b0ca3b8aea25b593 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77e4374445abb63e:SESSION-77e4374445abb63e	SESSION-77e4374445abb63e → pe:syn:SESSION-77e4374445abb63e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-5c7bf6a31f6e2d56:SESSION-5c7bf6a31f6e2d56	SESSION-5c7bf6a31f6e2d56 → pe:rst:SESSION-5c7bf6a31f6e2d56
flow_observed4-aryOBS	e:fo:flow:bda97b94938d	flow:bda97b94938d → host:172.234.197.23 → host:177.10.239.137 → port:tcp:52029
FLOW_TO_HOSTOBS	e:to:SESSION-9e6c979070fb893e:host:172.234.197.23	SESSION-9e6c979070fb893e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65f49e29fd3c9157:SESSION-65f49e29fd3c9157	SESSION-65f49e29fd3c9157 → pe:syn:SESSION-65f49e29fd3c9157
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46cfffaa3fdb7f1d:host:172.234.197.23	SESSION-46cfffaa3fdb7f1d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f7bf4f785679ea3b:PCAP:capture_20260430090001:065659c7d314	SESSION-f7bf4f785679ea3b → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d3f99262a1bb3592:SESSION-d3f99262a1bb3592	SESSION-d3f99262a1bb3592 → pe:syn:SESSION-d3f99262a1bb3592
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77162e002cdf71b4:SESSION-77162e002cdf71b4	SESSION-77162e002cdf71b4 → pe:tls:SESSION-77162e002cdf71b4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dad6cf67ed488f0b:SESSION-dad6cf67ed488f0b	SESSION-dad6cf67ed488f0b → pe:syn:SESSION-dad6cf67ed488f0b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c265ba6f34eebd39:SESSION-c265ba6f34eebd39	SESSION-c265ba6f34eebd39 → pe:syn:SESSION-c265ba6f34eebd39
FLOW_FROM_HOSTOBS	e:from:SESSION-d18ddb12cf5478af:host:172.234.197.23	SESSION-d18ddb12cf5478af → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-23efb1317beab0b3:flow:c7709144102c	SESSION-23efb1317beab0b3 → flow:c7709144102c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f042798b154a2bb2:host:172.234.197.23:host:177.10.237.2	SESSION-f042798b154a2bb2 → host:172.234.197.23 → host:177.10.237.2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c184642b13b6de27:SESSION-c184642b13b6de27	SESSION-c184642b13b6de27 → pe:syn:SESSION-c184642b13b6de27
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-691bf265b7044ac7:flow:929493d04888	SESSION-691bf265b7044ac7 → flow:929493d04888
FLOW_DST_PORTOBS	e:fp:flow:fac7861925ae:port:tcp:30010	flow:fac7861925ae → port:tcp:30010
flow_observed4-aryOBS	e:fo:flow:db22ad525c01	flow:db22ad525c01 → host:172.234.197.23 → host:2.57.122.197 → port:tcp:17430
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-da8ba1d6891d9574:SESSION-da8ba1d6891d9574	SESSION-da8ba1d6891d9574 → pe:syn:SESSION-da8ba1d6891d9574
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7a8bea4194d810df:SESSION-7a8bea4194d810df	SESSION-7a8bea4194d810df → pe:tls:SESSION-7a8bea4194d810df
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-7569a7ee383f653c:BSG-BEACON-dcf3a82bd112	SESSION-7569a7ee383f653c → BSG-BEACON-dcf3a82bd112
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1518dad52645fa99:flow:72b61607d168	SESSION-1518dad52645fa99 → flow:72b61607d168
flow_observed4-aryOBS	e:fo:flow:dead05b4c0bc	flow:dead05b4c0bc → host:172.234.197.23 → host:45.173.156.134 → port:tcp:12644
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-921caeacc0f03622:host:172.234.197.23	SESSION-921caeacc0f03622 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d9d7757b20ed84d:host:172.234.197.23	SESSION-7d9d7757b20ed84d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b447e1896cf3c7e:host:172.234.197.23	SESSION-4b447e1896cf3c7e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-193ccf82e1088d1d:flow:4422749e5514	SESSION-193ccf82e1088d1d → flow:4422749e5514
FLOW_DST_PORTOBS	e:fp:flow:edbbfbf82827:port:tcp:443	flow:edbbfbf82827 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.245:asn:262880	host:177.10.232.245 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-64a8af826dc81e59:flow:9a7a7058ae53	SESSION-64a8af826dc81e59 → flow:9a7a7058ae53
flow_observed4-aryOBS	e:fo:flow:bcf0ab95c867	flow:bcf0ab95c867 → host:172.234.197.23 → host:45.173.156.201 → port:tcp:23835
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0612d11703a94cf9:flow:fbefcaf8b5dd	SESSION-0612d11703a94cf9 → flow:fbefcaf8b5dd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c36eb4dd059a78a3:host:177.10.233.183:host:172.234.197.23	SESSION-c36eb4dd059a78a3 → host:177.10.233.183 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1532b7922e59746:PCAP:capture_20260430150001:ded20914761d	SESSION-d1532b7922e59746 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4dcbfb7362ab6402:SESSION-4dcbfb7362ab6402	SESSION-4dcbfb7362ab6402 → pe:tls:SESSION-4dcbfb7362ab6402
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.0:geo_-23.62930_-46.63510	host:131.196.28.0 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf679119291e5246:flow:c6db70cfb235	SESSION-bf679119291e5246 → flow:c6db70cfb235
FLOW_DST_PORTOBS	e:fp:flow:023ad8b7733d:port:tcp:40765	flow:023ad8b7733d → port:tcp:40765
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2604bc3e94e22829:flow:65d3f69449d7	SESSION-2604bc3e94e22829 → flow:65d3f69449d7
FLOW_DST_PORTOBS	e:fp:flow:f4d24769a7f6:port:tcp:443	flow:f4d24769a7f6 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-a40236c67828800b:host:172.234.197.23	SESSION-a40236c67828800b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1e0a32bc1765:port:tcp:51496	flow:1e0a32bc1765 → port:tcp:51496
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b71b9d0133c3b30:host:172.234.197.23	SESSION-0b71b9d0133c3b30 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ef4dd3d9fcb73b5:host:54.250.227.157	SESSION-6ef4dd3d9fcb73b5 → host:54.250.227.157
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5252ca05229eda25:flow:34f88f44358a	SESSION-5252ca05229eda25 → flow:34f88f44358a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ddc324b0d6a8eb6:SESSION-1ddc324b0d6a8eb6	SESSION-1ddc324b0d6a8eb6 → pe:tls:SESSION-1ddc324b0d6a8eb6
FLOW_TO_HOSTOBS	e:to:SESSION-bd0de62eb0560e2b:host:172.234.197.23	SESSION-bd0de62eb0560e2b → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:816aac7e5fac	flow:816aac7e5fac → host:172.234.197.23 → host:177.10.235.46 → port:tcp:49672
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ca6098e1767361a3:SESSION-ca6098e1767361a3	SESSION-ca6098e1767361a3 → pe:tls:SESSION-ca6098e1767361a3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d957287df88430bb:flow:f7faa68f85f6	SESSION-d957287df88430bb → flow:f7faa68f85f6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c14806e741c4fd98:SESSION-c14806e741c4fd98	SESSION-c14806e741c4fd98 → pe:syn:SESSION-c14806e741c4fd98
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f350449fc7d11b3:host:177.10.232.178	SESSION-7f350449fc7d11b3 → host:177.10.232.178
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-711f533390ef220f:host:172.234.197.23	SESSION-711f533390ef220f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b84527735a90d253:host:177.10.235.175	SESSION-b84527735a90d253 → host:177.10.235.175
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f0a8fa8ac12ff0c6:PCAP:capture_20260430110001:43611bdf6759	SESSION-f0a8fa8ac12ff0c6 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6b6e18a39fae0db6:SESSION-6b6e18a39fae0db6	SESSION-6b6e18a39fae0db6 → pe:tls:SESSION-6b6e18a39fae0db6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f4a69b65a94c1ea1:flow:eb41407044c6	SESSION-f4a69b65a94c1ea1 → flow:eb41407044c6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe2a9708180e5d71:host:177.10.232.168	SESSION-fe2a9708180e5d71 → host:177.10.232.168
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55d5dc737e01c0f7:host:172.234.197.23	SESSION-55d5dc737e01c0f7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-43d9721f29111779:SESSION-43d9721f29111779	SESSION-43d9721f29111779 → pe:tls:SESSION-43d9721f29111779
flow_observed5-aryOBS	e:fo:flow:776d8c0cfcb9	flow:776d8c0cfcb9 → host:177.10.237.35 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.171:geo_-23.62930_-46.63510	host:131.196.31.171 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:c30067362e47:port:tcp:443	flow:c30067362e47 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-ec86a4c74825774a:host:172.234.197.23	SESSION-ec86a4c74825774a → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e48771c0c3dd	flow:e48771c0c3dd → host:172.234.197.23 → host:177.10.235.46 → port:tcp:30858
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-18c88d2b92c30f28:host:177.10.239.227	SESSION-18c88d2b92c30f28 → host:177.10.239.227
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d5407005cb310ce8:SESSION-d5407005cb310ce8	SESSION-d5407005cb310ce8 → pe:tls:SESSION-d5407005cb310ce8
FLOW_DST_PORTOBS	e:fp:flow:589804c7c320:port:tcp:443	flow:589804c7c320 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:d47b5af2568e:port:tcp:443	flow:d47b5af2568e → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:559d68ae7b62	flow:559d68ae7b62 → host:131.196.29.25 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-fbd574144622ed91:host:172.234.197.23	SESSION-fbd574144622ed91 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db858a9d0e579c0c:SESSION-db858a9d0e579c0c	SESSION-db858a9d0e579c0c → pe:syn:SESSION-db858a9d0e579c0c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-803381ec4a55866c:host:177.10.238.152	SESSION-803381ec4a55866c → host:177.10.238.152
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.190:asn:262880	host:177.10.238.190 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-ac6ab160136e0424:host:172.234.197.23	SESSION-ac6ab160136e0424 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a904c233015ef9c:flow:e4e64fcc9780	SESSION-4a904c233015ef9c → flow:e4e64fcc9780
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9f597f69b0915b82:PCAP:capture_20260430090001:065659c7d314	SESSION-9f597f69b0915b82 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2240076057fcee51:SESSION-2240076057fcee51	SESSION-2240076057fcee51 → pe:tls:SESSION-2240076057fcee51
flow_observed5-aryOBS	e:fo:flow:211bfd4012e1	flow:211bfd4012e1 → host:177.10.232.223 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-4e074c277760af7b:BSG-BEACON-2568ae649544	SESSION-4e074c277760af7b → BSG-BEACON-2568ae649544
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.80:asn:262880	host:177.10.232.80 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.169:geo_-21.10010_-41.69200	host:45.173.156.169 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cad98c39a19fe348:host:177.10.236.92	SESSION-cad98c39a19fe348 → host:177.10.236.92
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-687dc6215da3af8c:SESSION-687dc6215da3af8c	SESSION-687dc6215da3af8c → pe:syn:SESSION-687dc6215da3af8c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-396a4dd85675ad96:host:172.234.197.23	SESSION-396a4dd85675ad96 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b82d9882ea505987:host:177.10.235.174	SESSION-b82d9882ea505987 → host:177.10.235.174
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a4200861230ead3:host:172.234.197.23	SESSION-0a4200861230ead3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0c9e5a5fe931:port:tcp:27896	flow:0c9e5a5fe931 → port:tcp:27896
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09cf18cd582e793d:host:172.234.197.23	SESSION-09cf18cd582e793d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9028600f4eef977b:SESSION-9028600f4eef977b	SESSION-9028600f4eef977b → pe:syn:SESSION-9028600f4eef977b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-baf4494100018e3a:host:131.196.30.8:host:172.234.197.23	SESSION-baf4494100018e3a → host:131.196.30.8 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:29fb0c6ad658	flow:29fb0c6ad658 → host:172.234.197.23 → host:177.10.232.193 → port:tcp:34138
FLOW_FROM_HOSTOBS	e:from:SESSION-e8f7fc765f54b5ec:host:172.234.197.23	SESSION-e8f7fc765f54b5ec → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.126:geo_-16.28860_-49.01640	host:177.10.234.126 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-bff0166abbd0d576:host:140.235.124.200	SESSION-bff0166abbd0d576 → host:140.235.124.200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-5746e0d81f0d05c1:SESSION-5746e0d81f0d05c1	SESSION-5746e0d81f0d05c1 → pe:rst:SESSION-5746e0d81f0d05c1
FLOW_TO_HOSTOBS	e:to:SESSION-92a69e37100365d0:host:172.234.197.23	SESSION-92a69e37100365d0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ea69d35daebb9b8:host:177.10.238.177	SESSION-9ea69d35daebb9b8 → host:177.10.238.177
FLOW_TO_HOSTOBS	e:to:SESSION-659e9e20b25ca2e2:host:177.10.237.218	SESSION-659e9e20b25ca2e2 → host:177.10.237.218
flow_observed3-aryOBS	e:fo:flow:1814da59fb61	flow:1814da59fb61 → host:103.155.16.117 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f8382ccd890fe862:host:54.186.85.102	SESSION-f8382ccd890fe862 → host:54.186.85.102
flow_observed5-aryOBS	e:fo:flow:ca7a94bad113	flow:ca7a94bad113 → host:131.196.31.195 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-287f6ffdc6040b27:host:172.234.197.23	SESSION-287f6ffdc6040b27 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1699a282bb5af583:host:172.234.197.23	SESSION-1699a282bb5af583 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7312728f8a99afb:host:172.234.197.23	SESSION-b7312728f8a99afb → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.213:geo_-16.28860_-49.01640	host:177.10.237.213 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e8f7fc765f54b5ec:SESSION-e8f7fc765f54b5ec	SESSION-e8f7fc765f54b5ec → pe:tls:SESSION-e8f7fc765f54b5ec
FLOW_TO_HOSTOBS	e:to:SESSION-ba96028c0d9bf0a3:host:172.234.197.23	SESSION-ba96028c0d9bf0a3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dd1fe9b471d92d57:SESSION-dd1fe9b471d92d57	SESSION-dd1fe9b471d92d57 → pe:syn:SESSION-dd1fe9b471d92d57
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3a3b20edc3bf85f8:flow:af656b59467f	SESSION-3a3b20edc3bf85f8 → flow:af656b59467f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4ec222cc1c3a7faf:SESSION-4ec222cc1c3a7faf	SESSION-4ec222cc1c3a7faf → pe:syn:SESSION-4ec222cc1c3a7faf
FLOW_TO_HOSTOBS	e:to:SESSION-b332774cd544824a:host:172.234.197.23	SESSION-b332774cd544824a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7a301fd9da8621bb:host:177.10.232.172	SESSION-7a301fd9da8621bb → host:177.10.232.172
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.142:geo_-16.28860_-49.01640	host:177.10.232.142 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-60cd9cc046a23835:host:172.234.197.23:host:177.10.237.91	SESSION-60cd9cc046a23835 → host:172.234.197.23 → host:177.10.237.91
FLOW_TO_HOSTOBS	e:to:SESSION-b1ed5736d80d2991:host:213.209.159.159	SESSION-b1ed5736d80d2991 → host:213.209.159.159
FLOW_TO_HOSTOBS	e:to:SESSION-e652f52440b112c3:host:45.173.156.248	SESSION-e652f52440b112c3 → host:45.173.156.248
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e12300b6212ab14:host:131.196.31.124:host:172.234.197.23	SESSION-7e12300b6212ab14 → host:131.196.31.124 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.169:geo_19.07480_72.88560	host:45.145.152.169 → geo_19.07480_72.88560
FLOW_TO_HOSTOBS	e:to:SESSION-d2e29524ed5dcc05:host:177.10.234.193	SESSION-d2e29524ed5dcc05 → host:177.10.234.193
FLOW_FROM_HOSTOBS	e:from:SESSION-312ea7073c45e21c:host:92.112.71.33	SESSION-312ea7073c45e21c → host:92.112.71.33
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c82cc9c39e4191e7:host:177.10.239.255	SESSION-c82cc9c39e4191e7 → host:177.10.239.255
FLOW_FROM_HOSTOBS	e:from:SESSION-1bc39f4f18cf27f2:host:131.196.30.225	SESSION-1bc39f4f18cf27f2 → host:131.196.30.225
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e4ae2c6ddba3051:flow:b414c202d9e1	SESSION-7e4ae2c6ddba3051 → flow:b414c202d9e1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a3123a8609bb9fc1:host:177.10.233.197:host:172.234.197.23	SESSION-a3123a8609bb9fc1 → host:177.10.233.197 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-38a9f2b2580a8fb5:host:172.234.197.23:host:131.196.30.12	SESSION-38a9f2b2580a8fb5 → host:172.234.197.23 → host:131.196.30.12
flow_observed5-aryOBS	e:fo:flow:ac199626a1c4	flow:ac199626a1c4 → host:177.10.234.231 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a73f5b0635e28ad4:SESSION-a73f5b0635e28ad4	SESSION-a73f5b0635e28ad4 → pe:syn:SESSION-a73f5b0635e28ad4
flow_observed4-aryOBS	e:fo:flow:0b2a3a5ae807	flow:0b2a3a5ae807 → host:172.234.197.23 → host:177.10.235.165 → port:tcp:28871
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7759d4a46d500e47:host:34.220.91.24	SESSION-7759d4a46d500e47 → host:34.220.91.24
flow_observed5-aryOBS	e:fo:flow:b8787ac12cda	flow:b8787ac12cda → host:45.173.156.80 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7dbbf6b8420ecf88:SESSION-7dbbf6b8420ecf88	SESSION-7dbbf6b8420ecf88 → pe:syn:SESSION-7dbbf6b8420ecf88
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5969e9f81f277f3:host:177.10.236.244	SESSION-d5969e9f81f277f3 → host:177.10.236.244
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.254:geo_-16.28860_-49.01640	host:177.10.237.254 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9f10bcf378efcbb9:SESSION-9f10bcf378efcbb9	SESSION-9f10bcf378efcbb9 → pe:syn:SESSION-9f10bcf378efcbb9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-83ce9ba3d421fc3f:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-83ce9ba3d421fc3f → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:174.202.97.85:asn:6167	host:174.202.97.85 → asn:6167
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa32b0aa2bffc0b5:host:131.196.28.200	SESSION-aa32b0aa2bffc0b5 → host:131.196.28.200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bb0c069bf1f40e5a:SESSION-bb0c069bf1f40e5a	SESSION-bb0c069bf1f40e5a → pe:syn:SESSION-bb0c069bf1f40e5a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b10aefef2d5c06b7:host:177.10.233.119	SESSION-b10aefef2d5c06b7 → host:177.10.233.119
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a9343604177341c5:SESSION-a9343604177341c5	SESSION-a9343604177341c5 → pe:syn:SESSION-a9343604177341c5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c98a634aa4cfbed2:SESSION-c98a634aa4cfbed2	SESSION-c98a634aa4cfbed2 → pe:tls:SESSION-c98a634aa4cfbed2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6dd65fa073f3265:host:185.231.226.194	SESSION-b6dd65fa073f3265 → host:185.231.226.194
FLOW_FROM_HOSTOBS	e:from:SESSION-77690ed69567f90d:host:131.196.30.33	SESSION-77690ed69567f90d → host:131.196.30.33
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.170:geo_-16.28860_-49.01640	host:177.10.232.170 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-868abcdaf084ea7c:SESSION-868abcdaf084ea7c	SESSION-868abcdaf084ea7c → pe:dns:SESSION-868abcdaf084ea7c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de1a59c6958513ff:host:172.234.197.23	SESSION-de1a59c6958513ff → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28765694f1859e38:host:177.10.237.139	SESSION-28765694f1859e38 → host:177.10.237.139
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9dcf6e772a239b46:host:177.10.235.202:host:172.234.197.23	SESSION-9dcf6e772a239b46 → host:177.10.235.202 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-330bec399d401574:host:131.196.30.252	SESSION-330bec399d401574 → host:131.196.30.252
flow_observed4-aryOBS	e:fo:flow:f073070a53e3	flow:f073070a53e3 → host:172.234.197.23 → host:45.173.156.41 → port:tcp:3203
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b1ed5736d80d2991:host:172.234.197.23:host:213.209.159.159	SESSION-b1ed5736d80d2991 → host:172.234.197.23 → host:213.209.159.159
FLOW_DST_PORTOBS	e:fp:flow:cd4675ffc725:port:tcp:443	flow:cd4675ffc725 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ce17c1c4b6f006e0:SESSION-ce17c1c4b6f006e0	SESSION-ce17c1c4b6f006e0 → pe:tls:SESSION-ce17c1c4b6f006e0
FLOW_DST_PORTOBS	e:fp:flow:0def00f66cf6:port:tcp:15667	flow:0def00f66cf6 → port:tcp:15667
FLOW_FROM_HOSTOBS	e:from:SESSION-8ffb0d51cd8f7dd7:host:177.10.236.17	SESSION-8ffb0d51cd8f7dd7 → host:177.10.236.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c0d18b24ee9d3d4:host:131.196.30.83	SESSION-6c0d18b24ee9d3d4 → host:131.196.30.83
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-66dcd1fd6d28b07f:host:172.234.197.23	SESSION-66dcd1fd6d28b07f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3cae868156d4440:host:131.196.29.42	SESSION-c3cae868156d4440 → host:131.196.29.42
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d1f774a6af2df76:host:177.10.237.159	SESSION-5d1f774a6af2df76 → host:177.10.237.159
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-03cee9bc49b35179:BSG-BEACON-3eb51709f414	SESSION-03cee9bc49b35179 → BSG-BEACON-3eb51709f414
flow_observed5-aryOBS	e:fo:flow:a6559ee3f3b7	flow:a6559ee3f3b7 → host:131.196.28.90 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:40.177.218.231:geo_51.05000_-114.08790	host:40.177.218.231 → geo_51.05000_-114.08790
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ce29096c932e7f50:flow:14e2611523e3	SESSION-ce29096c932e7f50 → flow:14e2611523e3
FLOW_TO_HOSTOBS	e:to:SESSION-ab1f168a37fae671:host:177.10.237.82	SESSION-ab1f168a37fae671 → host:177.10.237.82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f9a24e91c66cf817:SESSION-f9a24e91c66cf817	SESSION-f9a24e91c66cf817 → pe:syn:SESSION-f9a24e91c66cf817
FLOW_FROM_HOSTOBS	e:from:SESSION-ad31d7217a236b09:host:172.234.197.23	SESSION-ad31d7217a236b09 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1984f51487784d02:SESSION-1984f51487784d02	SESSION-1984f51487784d02 → pe:tls:SESSION-1984f51487784d02
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f6ad5e06ec5a3a76:SESSION-f6ad5e06ec5a3a76	SESSION-f6ad5e06ec5a3a76 → pe:syn:SESSION-f6ad5e06ec5a3a76
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-75c1b247d58a4094:host:45.145.152.145:host:172.234.197.23	SESSION-75c1b247d58a4094 → host:45.145.152.145 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2f93cb0de4645e47:host:172.234.197.23	SESSION-2f93cb0de4645e47 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c4325a6893dda791:SESSION-c4325a6893dda791	SESSION-c4325a6893dda791 → pe:tls:SESSION-c4325a6893dda791
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-938eb42ac2c00523:SESSION-938eb42ac2c00523	SESSION-938eb42ac2c00523 → pe:tls:SESSION-938eb42ac2c00523
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f486f528dd93473:host:172.234.197.23	SESSION-3f486f528dd93473 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-105866a23abaa0d9:host:45.173.156.21	SESSION-105866a23abaa0d9 → host:45.173.156.21
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.219:asn:203771	host:92.112.71.219 → asn:203771
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b6dd65fa073f3265:PCAP:capture_20260428010001:b1b402c7b202	SESSION-b6dd65fa073f3265 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-73ad5b34385541ce:SESSION-73ad5b34385541ce	SESSION-73ad5b34385541ce → pe:syn:SESSION-73ad5b34385541ce
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-75c0f4fa43b2bfb9:SESSION-75c0f4fa43b2bfb9	SESSION-75c0f4fa43b2bfb9 → pe:rst:SESSION-75c0f4fa43b2bfb9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.187:geo_-23.62930_-46.63510	host:131.196.28.187 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2997df12bb4a545b:SESSION-2997df12bb4a545b	SESSION-2997df12bb4a545b → pe:tls:SESSION-2997df12bb4a545b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-84669169ffdf0c83:PCAP:capture_20260430110001:43611bdf6759	SESSION-84669169ffdf0c83 → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:170.106.14.53:asn:132203	host:170.106.14.53 → asn:132203
FLOW_FROM_HOSTOBS	e:from:SESSION-a3e5e93fe3cda49d:host:45.173.156.63	SESSION-a3e5e93fe3cda49d → host:45.173.156.63
FLOW_FROM_HOSTOBS	e:from:SESSION-656bb895abc59727:host:177.10.237.49	SESSION-656bb895abc59727 → host:177.10.237.49
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf9713fb7209fcf9:host:172.234.197.23	SESSION-bf9713fb7209fcf9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f776838979623936:host:131.196.31.159:host:172.234.197.23	SESSION-f776838979623936 → host:131.196.31.159 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b330864bc1d39cd9:SESSION-b330864bc1d39cd9	SESSION-b330864bc1d39cd9 → pe:tls:SESSION-b330864bc1d39cd9
FLOW_TO_HOSTOBS	e:to:SESSION-1f059fe4a40805f2:host:172.234.197.23	SESSION-1f059fe4a40805f2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8c3d14af1a5eb503:host:172.234.197.23	SESSION-8c3d14af1a5eb503 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-08a40451c9cdc962:host:172.3.50.214:host:172.234.197.23	SESSION-08a40451c9cdc962 → host:172.3.50.214 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2ca0708230f1	flow:2ca0708230f1 → host:177.10.237.236 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:3de7f41573d5:port:tcp:63550	flow:3de7f41573d5 → port:tcp:63550
FLOW_TO_HOSTOBS	e:to:SESSION-424fe4b4ecc22e45:host:172.234.197.23	SESSION-424fe4b4ecc22e45 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a650ad390b72264d:host:172.234.197.23	SESSION-a650ad390b72264d → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:5641975097c1	flow:5641975097c1 → host:172.234.197.23 → host:131.196.29.141 → port:tcp:17410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1328d27dd48f8a49:SESSION-1328d27dd48f8a49	SESSION-1328d27dd48f8a49 → pe:syn:SESSION-1328d27dd48f8a49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-396da887f3ac73e5:SESSION-396da887f3ac73e5	SESSION-396da887f3ac73e5 → pe:tls:SESSION-396da887f3ac73e5
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-d43ecb134342fe00:BSG-BEACON-d0e3cf456f12	SESSION-d43ecb134342fe00 → BSG-BEACON-d0e3cf456f12
flow_observed5-aryOBS	e:fo:flow:e48740498ad9	flow:e48740498ad9 → host:177.10.233.183 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ddc877c0ed3a64ea:SESSION-ddc877c0ed3a64ea	SESSION-ddc877c0ed3a64ea → pe:syn:SESSION-ddc877c0ed3a64ea
FLOW_DST_PORTOBS	e:fp:flow:6cc058096f12:port:tcp:65051	flow:6cc058096f12 → port:tcp:65051
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-887f47388267b095:SESSION-887f47388267b095	SESSION-887f47388267b095 → pe:syn:SESSION-887f47388267b095
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db60e018ea4d304a:host:172.234.197.23	SESSION-db60e018ea4d304a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-dae67c02b176a3ce:host:172.234.197.23	SESSION-dae67c02b176a3ce → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d6d83b2373dd8cdc:host:177.10.236.237:host:172.234.197.23	SESSION-d6d83b2373dd8cdc → host:177.10.236.237 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db638e9136fa3895:host:177.10.236.113:host:172.234.197.23	SESSION-db638e9136fa3895 → host:177.10.236.113 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-570ccd324c759306:flow:1c2ad46b7d62	SESSION-570ccd324c759306 → flow:1c2ad46b7d62
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6350f63c148b5b0b:SESSION-6350f63c148b5b0b	SESSION-6350f63c148b5b0b → pe:tls:SESSION-6350f63c148b5b0b
FLOW_DST_PORTOBS	e:fp:flow:39f026016163:port:tcp:443	flow:39f026016163 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90426299281da133:host:177.10.233.85	SESSION-90426299281da133 → host:177.10.233.85
flow_observed5-aryOBS	e:fo:flow:0429471effef	flow:0429471effef → host:177.10.232.87 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-add028e8e7760fa2:host:177.10.234.111	SESSION-add028e8e7760fa2 → host:177.10.234.111
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ec67d149df3809f6:SESSION-ec67d149df3809f6	SESSION-ec67d149df3809f6 → pe:syn:SESSION-ec67d149df3809f6
FLOW_FROM_HOSTOBS	e:from:SESSION-47acb5bee39822f1:host:172.234.197.23	SESSION-47acb5bee39822f1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a82c7f51b8bc2f4f:flow:bd07e448a44e	SESSION-a82c7f51b8bc2f4f → flow:bd07e448a44e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1af702d2aa4c9d9d:host:177.10.234.153	SESSION-1af702d2aa4c9d9d → host:177.10.234.153
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ae017ce34991ed1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-5ae017ce34991ed1 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1a7a1da766d51711:flow:88a9c99b3785	SESSION-1a7a1da766d51711 → flow:88a9c99b3785
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd4086b575d9a1c0:host:177.10.232.164	SESSION-cd4086b575d9a1c0 → host:177.10.232.164
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ca819812f7c370c2:flow:e2fb5dc0a769	SESSION-ca819812f7c370c2 → flow:e2fb5dc0a769
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c9136bc11056d23d:PCAP:capture_20260430090001:065659c7d314	SESSION-c9136bc11056d23d → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93cfcdba6a26f550:host:177.10.238.185	SESSION-93cfcdba6a26f550 → host:177.10.238.185
flow_observed4-aryOBS	e:fo:flow:6f77ba0efd14	flow:6f77ba0efd14 → host:172.234.197.23 → host:177.10.233.93 → port:tcp:43536
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9527954f73f19b6:host:172.234.197.23	SESSION-c9527954f73f19b6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c68429e2f7bfcd9:host:177.10.232.164	SESSION-9c68429e2f7bfcd9 → host:177.10.232.164
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e6d45a86f046cac8:SESSION-e6d45a86f046cac8	SESSION-e6d45a86f046cac8 → pe:tls:SESSION-e6d45a86f046cac8
FLOW_TO_HOSTOBS	e:to:SESSION-b117f2a3fa82af67:host:172.234.197.23	SESSION-b117f2a3fa82af67 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-94bbfef7eb27207b:BSG-BEACON-def22c405546	SESSION-94bbfef7eb27207b → BSG-BEACON-def22c405546
FLOW_FROM_HOSTOBS	e:from:SESSION-ec928f375ba591f1:host:45.173.156.26	SESSION-ec928f375ba591f1 → host:45.173.156.26
FLOW_TO_HOSTOBS	e:to:SESSION-5cb36fee7e75b97b:host:172.234.197.23	SESSION-5cb36fee7e75b97b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1c315b0bf7f59a30:flow:2ed28a4071d9	SESSION-1c315b0bf7f59a30 → flow:2ed28a4071d9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14a60b0039fa135f:host:172.234.197.23	SESSION-14a60b0039fa135f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9e0d73c88dd83fb6:host:177.10.233.53:host:172.234.197.23	SESSION-9e0d73c88dd83fb6 → host:177.10.233.53 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ea03f5a052cd:port:tcp:443	flow:ea03f5a052cd → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c80fd68cbbc51442:SESSION-c80fd68cbbc51442	SESSION-c80fd68cbbc51442 → pe:tls:SESSION-c80fd68cbbc51442
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d610f9ec6aa577ae:host:131.196.28.133:host:172.234.197.23	SESSION-d610f9ec6aa577ae → host:131.196.28.133 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-deb97792675d8a5d:host:131.196.28.169	SESSION-deb97792675d8a5d → host:131.196.28.169
FLOW_DST_PORTOBS	e:fp:flow:601dada6eafe:port:tcp:443	flow:601dada6eafe → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c2cb78a800ce3917:flow:9c17a698ce22	SESSION-c2cb78a800ce3917 → flow:9c17a698ce22
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a4f6dd7436745b4:host:131.196.30.11:host:172.234.197.23	SESSION-4a4f6dd7436745b4 → host:131.196.30.11 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ac89834f3c269f55:flow:dfde970711eb	SESSION-ac89834f3c269f55 → flow:dfde970711eb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f19cc3e0ef766dd7:flow:3a7aee779f8a	SESSION-f19cc3e0ef766dd7 → flow:3a7aee779f8a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-62b98bdaf08d2190:host:131.196.28.122:host:172.234.197.23	SESSION-62b98bdaf08d2190 → host:131.196.28.122 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7aa70a6d3547ceb7:host:45.173.156.92	SESSION-7aa70a6d3547ceb7 → host:45.173.156.92
FLOW_TLS_SNIOBS	e:fs:flow:4a6b04783091:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:4a6b04783091 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6457b3248e0b30fe:PCAP:capture_20260430110001:43611bdf6759	SESSION-6457b3248e0b30fe → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f320997aa88d5819:SESSION-f320997aa88d5819	SESSION-f320997aa88d5819 → pe:syn:SESSION-f320997aa88d5819
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.24:asn:262880	host:177.10.233.24 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a98ae7d95e9a62c0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a98ae7d95e9a62c0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.150:geo_-23.62930_-46.63510	host:131.196.30.150 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-d60c66268e099206:host:172.234.197.23	SESSION-d60c66268e099206 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2625cb17cae199d1:host:172.234.197.23:host:177.10.239.71	SESSION-2625cb17cae199d1 → host:172.234.197.23 → host:177.10.239.71
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-40a7926fcdf458e7:host:131.196.31.82:host:172.234.197.23	SESSION-40a7926fcdf458e7 → host:131.196.31.82 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bc96f34750660160:SESSION-bc96f34750660160	SESSION-bc96f34750660160 → pe:tls:SESSION-bc96f34750660160
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.238:geo_-16.28860_-49.01640	host:177.10.234.238 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8663c7c8fd51be8d:PCAP:capture_20260430060001:919b39a74464	SESSION-8663c7c8fd51be8d → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f3913d4a535b9029:flow:fac98caa6a69	SESSION-f3913d4a535b9029 → flow:fac98caa6a69
FLOW_TO_HOSTOBS	e:to:SESSION-878a5ce24b3ea2a6:host:172.234.197.23	SESSION-878a5ce24b3ea2a6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95e8a61a9d5e6397:host:172.234.197.23	SESSION-95e8a61a9d5e6397 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f838b992fed206a8:host:177.10.239.51	SESSION-f838b992fed206a8 → host:177.10.239.51
FLOW_DST_PORTOBS	e:fp:flow:8a712d7c1855:port:tcp:443	flow:8a712d7c1855 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dd9f2ee14ec6ee20:flow:0e703d7ee529	SESSION-dd9f2ee14ec6ee20 → flow:0e703d7ee529
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d45c3fc16863e5ef:host:172.234.197.23	SESSION-d45c3fc16863e5ef → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7aaf7c17fdae8be6:host:131.196.28.246:host:172.234.197.23	SESSION-7aaf7c17fdae8be6 → host:131.196.28.246 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b3209d10aa76:port:tcp:357	flow:b3209d10aa76 → port:tcp:357
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e872279913929717:host:177.10.232.35:host:172.234.197.23	SESSION-e872279913929717 → host:177.10.232.35 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fc279480f80cfd1:host:177.10.236.96	SESSION-1fc279480f80cfd1 → host:177.10.236.96
FLOW_TO_HOSTOBS	e:to:SESSION-6229e1e1c7b389d0:host:177.10.235.158	SESSION-6229e1e1c7b389d0 → host:177.10.235.158
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-886f0e6ca4ba19c9:flow:1a64cb5832d1	SESSION-886f0e6ca4ba19c9 → flow:1a64cb5832d1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be09ba54da571689:host:172.234.197.23	SESSION-be09ba54da571689 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9c12f6159b9a7a1:host:172.234.197.23	SESSION-a9c12f6159b9a7a1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.134:geo_41.00190_28.96450	host:95.170.25.134 → geo_41.00190_28.96450
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b2754fb6a113c6b7:host:172.234.197.23:host:177.10.238.218	SESSION-b2754fb6a113c6b7 → host:172.234.197.23 → host:177.10.238.218
FLOW_TO_HOSTOBS	e:to:SESSION-f8491791342c7cb3:host:172.234.197.23	SESSION-f8491791342c7cb3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:427af3d58fd2:port:tcp:443	flow:427af3d58fd2 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.178:asn:203771	host:45.145.152.178 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:505ce40fcfde:port:tcp:16590	flow:505ce40fcfde → port:tcp:16590
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cce146f15a17b9a1:flow:99eaae9230cf	SESSION-cce146f15a17b9a1 → flow:99eaae9230cf
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.244:asn:271410	host:131.196.29.244 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8e523425c561e01e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8e523425c561e01e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4993bcd996008da0:host:172.234.197.23	SESSION-4993bcd996008da0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6b4b9c738c314ebf:host:172.234.197.23:host:131.196.28.0	SESSION-6b4b9c738c314ebf → host:172.234.197.23 → host:131.196.28.0
FLOW_FROM_HOSTOBS	e:from:SESSION-1b7e5e87f526ce8d:host:172.234.197.23	SESSION-1b7e5e87f526ce8d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9b9ddad698cc7ffe:SESSION-9b9ddad698cc7ffe	SESSION-9b9ddad698cc7ffe → pe:syn:SESSION-9b9ddad698cc7ffe
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68a3766ff3680ecf:host:172.234.197.23	SESSION-68a3766ff3680ecf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-164b17078fceb547:host:177.10.239.92	SESSION-164b17078fceb547 → host:177.10.239.92
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.220:asn:262880	host:177.10.235.220 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dd8a89b380cdaceb:SESSION-dd8a89b380cdaceb	SESSION-dd8a89b380cdaceb → pe:tls:SESSION-dd8a89b380cdaceb
FLOW_DST_PORTOBS	e:fp:flow:249b28ea4cc9:port:tcp:1826	flow:249b28ea4cc9 → port:tcp:1826
FLOW_DST_PORTOBS	e:fp:flow:924c6b09c358:port:tcp:443	flow:924c6b09c358 → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-3e4d7008639203d5:BSG-BEACON-e07f4250263f	SESSION-3e4d7008639203d5 → BSG-BEACON-e07f4250263f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-378ead2076355bca:SESSION-378ead2076355bca	SESSION-378ead2076355bca → pe:syn:SESSION-378ead2076355bca
flow_observed5-aryOBS	e:fo:flow:0338b37a2569	flow:0338b37a2569 → host:177.10.239.132 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2958e311eaa51e83:host:177.10.233.97	SESSION-2958e311eaa51e83 → host:177.10.233.97
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5fc80192f398e14d:flow:d63c1cec9276	SESSION-5fc80192f398e14d → flow:d63c1cec9276
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e391b214be46ad73:SESSION-e391b214be46ad73	SESSION-e391b214be46ad73 → pe:syn:SESSION-e391b214be46ad73
flow_observed3-aryOBS	e:fo:flow:19fa174b1ad7	flow:19fa174b1ad7 → host:154.85.87.65 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c1240df2eec41c5d:host:172.234.197.23:host:131.196.29.122	SESSION-c1240df2eec41c5d → host:172.234.197.23 → host:131.196.29.122
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-312b2e72c1d2a2ee:SESSION-312b2e72c1d2a2ee	SESSION-312b2e72c1d2a2ee → pe:tls:SESSION-312b2e72c1d2a2ee
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b1ca06073d474c63:flow:e928e277e980	SESSION-b1ca06073d474c63 → flow:e928e277e980
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-235be73d0ead16ae:flow:aba061fcff4a	SESSION-235be73d0ead16ae → flow:aba061fcff4a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d537e467802bc1c1:SESSION-d537e467802bc1c1	SESSION-d537e467802bc1c1 → pe:tls:SESSION-d537e467802bc1c1
FLOW_DST_PORTOBS	e:fp:flow:4bcf39a2cae9:port:tcp:443	flow:4bcf39a2cae9 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-10017e021bbc0f25:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-10017e021bbc0f25 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-970108b06912c1b7:host:177.10.234.231:host:172.234.197.23	SESSION-970108b06912c1b7 → host:177.10.234.231 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.72:asn:262880	host:177.10.239.72 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-76d607ccf9e84136:host:177.10.234.6	SESSION-76d607ccf9e84136 → host:177.10.234.6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92cb25b3a2aea70a:host:172.234.197.23	SESSION-92cb25b3a2aea70a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afb2aada9aae789c:host:172.234.197.23	SESSION-afb2aada9aae789c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07139a9423b3d79f:host:172.234.197.23	SESSION-07139a9423b3d79f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d87ad0ffb58b923c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d87ad0ffb58b923c → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:c1ebe2f41b05	flow:c1ebe2f41b05 → host:172.234.197.23 → host:45.173.156.92 → port:tcp:15037
FLOW_FROM_HOSTOBS	e:from:SESSION-3f38f9d39dae0e5a:host:177.10.236.192	SESSION-3f38f9d39dae0e5a → host:177.10.236.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e17435638a41ed24:host:131.196.29.60	SESSION-e17435638a41ed24 → host:131.196.29.60
FLOW_TO_HOSTOBS	e:to:SESSION-291dfe079248afc7:host:172.234.197.23	SESSION-291dfe079248afc7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.154:geo_-16.28860_-49.01640	host:177.10.234.154 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-305a85099066f209:host:172.234.197.23	SESSION-305a85099066f209 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-759329d52e4cabab:host:172.234.197.23	SESSION-759329d52e4cabab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-381a570e386b12a2:host:177.10.235.1	SESSION-381a570e386b12a2 → host:177.10.235.1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2acb7632e6c37a6f:host:88.99.91.59	SESSION-2acb7632e6c37a6f → host:88.99.91.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-163f2e33c9f4a8f4:host:172.234.197.23	SESSION-163f2e33c9f4a8f4 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.225:asn:262880	host:177.10.235.225 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:4f46f15c4cff:port:tcp:443	flow:4f46f15c4cff → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2be3bd33b6267f94:SESSION-2be3bd33b6267f94	SESSION-2be3bd33b6267f94 → pe:tls:SESSION-2be3bd33b6267f94
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-04737cadee3282a6:host:172.234.197.23	SESSION-04737cadee3282a6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b4dc175dd74a3b00:host:104.28.157.111	SESSION-b4dc175dd74a3b00 → host:104.28.157.111
FLOW_DST_PORTOBS	e:fp:flow:d1d54af57315:port:tcp:443	flow:d1d54af57315 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:47595b71d3ae:port:tcp:443	flow:47595b71d3ae → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.43:asn:262880	host:177.10.239.43 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:f56a15af06b9:port:tcp:443	flow:f56a15af06b9 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:29736dfdaa01:port:tcp:443	flow:29736dfdaa01 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5bba4e0174a1f95d:PCAP:capture_20260428010001:b1b402c7b202	SESSION-5bba4e0174a1f95d → PCAP:capture_20260428010001:b1b402c7b202
FLOW_TO_HOSTOBS	e:to:SESSION-a1628bbd64c13f5a:host:172.234.197.23	SESSION-a1628bbd64c13f5a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f778ec59760ca534:host:40.177.218.231	SESSION-f778ec59760ca534 → host:40.177.218.231
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9f10bcf378efcbb9:SESSION-9f10bcf378efcbb9	SESSION-9f10bcf378efcbb9 → pe:tls:SESSION-9f10bcf378efcbb9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa0381bae4f9498b:SESSION-aa0381bae4f9498b	SESSION-aa0381bae4f9498b → pe:tls:SESSION-aa0381bae4f9498b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b30f6f845792a67e:SESSION-b30f6f845792a67e	SESSION-b30f6f845792a67e → pe:syn:SESSION-b30f6f845792a67e
FLOW_DST_PORTOBS	e:fp:flow:d4ea411ce131:port:tcp:37279	flow:d4ea411ce131 → port:tcp:37279
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bec1644a83cc4e1:host:172.234.197.23	SESSION-3bec1644a83cc4e1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-413ea94c965ce051:host:177.10.232.122	SESSION-413ea94c965ce051 → host:177.10.232.122
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-df4b466e6cf802c5:flow:33f4b3008bff	SESSION-df4b466e6cf802c5 → flow:33f4b3008bff
flow_observed5-aryOBS	e:fo:flow:3290b6ea40dc	flow:3290b6ea40dc → host:177.10.235.255 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb7db2afd613f778:flow:5d2a6d8ea810	SESSION-cb7db2afd613f778 → flow:5d2a6d8ea810
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7a354b1ade71f9e:host:172.234.197.23	SESSION-a7a354b1ade71f9e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-1f0a0478f83cd119:SESSION-1f0a0478f83cd119	SESSION-1f0a0478f83cd119 → pe:rst:SESSION-1f0a0478f83cd119
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd0571d5316a48e1:host:131.196.29.168	SESSION-fd0571d5316a48e1 → host:131.196.29.168
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-465906ddd8becee4:flow:414bfd368f16	SESSION-465906ddd8becee4 → flow:414bfd368f16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-006e3a8766fa0c7d:SESSION-006e3a8766fa0c7d	SESSION-006e3a8766fa0c7d → pe:syn:SESSION-006e3a8766fa0c7d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0200d7ef8e83c7c3:SESSION-0200d7ef8e83c7c3	SESSION-0200d7ef8e83c7c3 → pe:tls:SESSION-0200d7ef8e83c7c3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9eb85eb3deaacc18:host:131.196.28.100	SESSION-9eb85eb3deaacc18 → host:131.196.28.100
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7d87083f9dd8844d:SESSION-7d87083f9dd8844d	SESSION-7d87083f9dd8844d → pe:tls:SESSION-7d87083f9dd8844d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.17:asn:262880	host:177.10.233.17 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4b00d7db41be144d:SESSION-4b00d7db41be144d	SESSION-4b00d7db41be144d → pe:tls:SESSION-4b00d7db41be144d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff331192f9cad8b9:host:131.196.31.124	SESSION-ff331192f9cad8b9 → host:131.196.31.124
flow_observed5-aryOBS	e:fo:flow:0595c92f8649	flow:0595c92f8649 → host:177.10.238.87 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f44e90059c2f2195:SESSION-f44e90059c2f2195	SESSION-f44e90059c2f2195 → pe:tls:SESSION-f44e90059c2f2195
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-92922842b80104c6:SESSION-92922842b80104c6	SESSION-92922842b80104c6 → pe:tls:SESSION-92922842b80104c6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10f6f623bcce091e:host:172.234.197.23	SESSION-10f6f623bcce091e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85869808bb7240b3:host:172.234.197.23	SESSION-85869808bb7240b3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:cc5fcd208a7d	flow:cc5fcd208a7d → host:177.10.238.135 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6c92176ee8d876ba:host:45.173.156.80:host:172.234.197.23	SESSION-6c92176ee8d876ba → host:45.173.156.80 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:016756b273f6	flow:016756b273f6 → host:131.196.28.45 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:53d4a5b90646:port:tcp:59690	flow:53d4a5b90646 → port:tcp:59690
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7558286b16680d35:host:172.234.197.23:host:45.173.156.134	SESSION-7558286b16680d35 → host:172.234.197.23 → host:45.173.156.134
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e9b874351d52a188:host:172.234.197.23	SESSION-e9b874351d52a188 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-205f350cdfc6cb9d:host:45.173.156.203	SESSION-205f350cdfc6cb9d → host:45.173.156.203
FLOW_DST_PORTOBS	e:fp:flow:f5e14a7ff597:port:tcp:443	flow:f5e14a7ff597 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-34da31e596580b61:PCAP:capture_20260430090001:065659c7d314	SESSION-34da31e596580b61 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e2f1449f3d42ccdf:PCAP:capture_20260430150001:ded20914761d	SESSION-e2f1449f3d42ccdf → PCAP:capture_20260430150001:ded20914761d
flow_observed5-aryOBS	e:fo:flow:fd4c9b42e462	flow:fd4c9b42e462 → host:177.10.236.207 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.22:geo_-16.28860_-49.01640	host:177.10.233.22 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:bd771d790628:port:tcp:443	flow:bd771d790628 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:0d5c880f1cb7	flow:0d5c880f1cb7 → host:177.10.236.193 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1640005abec031d:host:43.196.122.133	SESSION-c1640005abec031d → host:43.196.122.133
flow_observed5-aryOBS	e:fo:flow:b1fa68ab4545	flow:b1fa68ab4545 → host:177.10.234.234 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:269699bbdb62:port:tcp:443	flow:269699bbdb62 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-54d5efa8aa8025c4:SESSION-54d5efa8aa8025c4	SESSION-54d5efa8aa8025c4 → pe:tls:SESSION-54d5efa8aa8025c4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.179:geo_-16.28860_-49.01640	host:177.10.234.179 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:8cb7ebd2e1a0:port:tcp:443	flow:8cb7ebd2e1a0 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.96:geo_-23.62930_-46.63510	host:131.196.29.96 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:d9b2312bea71	flow:d9b2312bea71 → host:177.10.237.153 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-783c4edbafa3c164:host:142.132.190.158	SESSION-783c4edbafa3c164 → host:142.132.190.158
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96afec3035986aab:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-96afec3035986aab → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6457b3248e0b30fe:host:172.234.197.23	SESSION-6457b3248e0b30fe → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-337cf74c19f2631e:host:131.196.31.142	SESSION-337cf74c19f2631e → host:131.196.31.142
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f40f233058919cef:host:172.234.197.23:host:131.196.29.186	SESSION-f40f233058919cef → host:172.234.197.23 → host:131.196.29.186
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa38dbd858d86f82:SESSION-aa38dbd858d86f82	SESSION-aa38dbd858d86f82 → pe:syn:SESSION-aa38dbd858d86f82
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-01d7e8e7f6d6f55b:host:177.10.233.141:host:172.234.197.23	SESSION-01d7e8e7f6d6f55b → host:177.10.233.141 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6b24715291f7dc36:host:177.10.232.56	SESSION-6b24715291f7dc36 → host:177.10.232.56
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eed27da13c534290:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-eed27da13c534290 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-24bd61df75bf4426:host:172.234.197.23	SESSION-24bd61df75bf4426 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:d685a98a7d85	flow:d685a98a7d85 → host:172.234.197.23 → host:177.10.235.177 → port:tcp:20557
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-457bc509f900e32f:host:172.234.197.23:host:131.196.29.220	SESSION-457bc509f900e32f → host:172.234.197.23 → host:131.196.29.220
FLOW_DST_PORTOBS	e:fp:flow:9db03b9825bb:port:tcp:18849	flow:9db03b9825bb → port:tcp:18849
FLOW_FROM_HOSTOBS	e:from:SESSION-fd9b77a0701a4e1b:host:172.234.197.23	SESSION-fd9b77a0701a4e1b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8417ba17d1562cbc:host:131.196.30.216	SESSION-8417ba17d1562cbc → host:131.196.30.216
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-164b17078fceb547:flow:f7b6df677653	SESSION-164b17078fceb547 → flow:f7b6df677653
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0e6f218d3e359434:host:131.196.30.234:host:172.234.197.23	SESSION-0e6f218d3e359434 → host:131.196.30.234 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:6c5259300412	flow:6c5259300412 → host:172.234.197.23 → host:45.173.156.110 → port:tcp:55270
FLOW_TO_HOSTOBS	e:to:SESSION-ced37932852de9e5:host:177.10.234.195	SESSION-ced37932852de9e5 → host:177.10.234.195
FLOW_FROM_HOSTOBS	e:from:SESSION-5a9915da62b53f74:host:131.196.29.138	SESSION-5a9915da62b53f74 → host:131.196.29.138
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-bd9436da4a7a552d:BSG-BEACON-f6c2b3d0e42d	SESSION-bd9436da4a7a552d → BSG-BEACON-f6c2b3d0e42d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59a63fae51b24a38:host:131.196.31.46	SESSION-59a63fae51b24a38 → host:131.196.31.46
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e905599dc3c27c65:host:177.10.236.118:host:172.234.197.23	SESSION-e905599dc3c27c65 → host:177.10.236.118 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-295c5f4e2a8126b8:host:172.234.197.23	SESSION-295c5f4e2a8126b8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-02163c9e3a8cc49d:PCAP:capture_20260430150001:ded20914761d	SESSION-02163c9e3a8cc49d → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-c55eb6f1c0bb6137:SESSION-c55eb6f1c0bb6137	SESSION-c55eb6f1c0bb6137 → pe:dns:SESSION-c55eb6f1c0bb6137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7eb43af6b38a5d78:SESSION-7eb43af6b38a5d78	SESSION-7eb43af6b38a5d78 → pe:syn:SESSION-7eb43af6b38a5d78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef3fadfeb89ec1c3:host:172.234.197.23	SESSION-ef3fadfeb89ec1c3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-28ea3e411a2de5c2:host:172.234.197.23:host:177.10.239.51	SESSION-28ea3e411a2de5c2 → host:172.234.197.23 → host:177.10.239.51
flow_observed5-aryOBS	e:fo:flow:a9c2935fca0c	flow:a9c2935fca0c → host:95.135.228.1 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-167179e2a869fa22:host:177.10.239.184:host:172.234.197.23	SESSION-167179e2a869fa22 → host:177.10.239.184 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68adb943f73c50e9:host:177.10.237.110:host:172.234.197.23	SESSION-68adb943f73c50e9 → host:177.10.237.110 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f6c732897c2ca80c:host:45.173.156.116:host:172.234.197.23	SESSION-f6c732897c2ca80c → host:45.173.156.116 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c83e078f141652ea:host:172.234.197.23	SESSION-c83e078f141652ea → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf9e0725ec95e307:host:177.10.232.125:host:172.234.197.23	SESSION-bf9e0725ec95e307 → host:177.10.232.125 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-85714bf39e95506c:host:213.209.159.159	SESSION-85714bf39e95506c → host:213.209.159.159
FLOW_FROM_HOSTOBS	e:from:SESSION-30195220eb2aa3f5:host:172.234.197.23	SESSION-30195220eb2aa3f5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8b3f73c59938d0a7:PCAP:capture_20260430090001:065659c7d314	SESSION-8b3f73c59938d0a7 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8684436ffb4e26c7:flow:6cd7e8b30000	SESSION-8684436ffb4e26c7 → flow:6cd7e8b30000
FLOW_DST_PORTOBS	e:fp:flow:1a52f3634874:port:tcp:443	flow:1a52f3634874 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-635c4a1226b6dd4e:flow:98242fdada80	SESSION-635c4a1226b6dd4e → flow:98242fdada80
flow_observed4-aryOBS	e:fo:flow:f983957c7ddd	flow:f983957c7ddd → host:172.234.197.23 → host:177.10.237.117 → port:tcp:63218
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fd74aeb66a6a85e:host:172.234.197.23	SESSION-3fd74aeb66a6a85e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ee14fe05044df9df:host:172.234.197.23	SESSION-ee14fe05044df9df → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-5fd776fee1455ee3:SESSION-5fd776fee1455ee3	SESSION-5fd776fee1455ee3 → pe:rst:SESSION-5fd776fee1455ee3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-93d8ace0d48e8910:flow:fef75095e66a	SESSION-93d8ace0d48e8910 → flow:fef75095e66a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-11c0fc2d370ea41a:PCAP:capture_20260430160001:9bfa4498506a	SESSION-11c0fc2d370ea41a → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-76f517468502eda0:SESSION-76f517468502eda0	SESSION-76f517468502eda0 → pe:tls:SESSION-76f517468502eda0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96d412735d478f25:host:172.234.197.23	SESSION-96d412735d478f25 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4ce32efb58e1da83:flow:b955ab4d2cb1	SESSION-4ce32efb58e1da83 → flow:b955ab4d2cb1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-969e64e33723c991:flow:949d44167acc	SESSION-969e64e33723c991 → flow:949d44167acc
flow_observed5-aryOBS	e:fo:flow:b6d722c11701	flow:b6d722c11701 → host:45.173.156.57 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-9354322f5192915a:host:80.94.92.182	SESSION-9354322f5192915a → host:80.94.92.182
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-24f1ec9c7d379a9b:SESSION-24f1ec9c7d379a9b	SESSION-24f1ec9c7d379a9b → pe:tls:SESSION-24f1ec9c7d379a9b
flow_observed5-aryOBS	e:fo:flow:cd08e0bdcb8b	flow:cd08e0bdcb8b → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3c8bfb1726ad64d7:SESSION-3c8bfb1726ad64d7	SESSION-3c8bfb1726ad64d7 → pe:tls:SESSION-3c8bfb1726ad64d7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c78f1de05120efd8:host:172.234.197.23	SESSION-c78f1de05120efd8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db282f95b9cc563d:host:172.234.197.23	SESSION-db282f95b9cc563d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3e601c0d8e12:port:tcp:51901	flow:3e601c0d8e12 → port:tcp:51901
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4203cad708a9d562:host:45.173.156.41	SESSION-4203cad708a9d562 → host:45.173.156.41
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9335dee651513692:flow:be4babb82816	SESSION-9335dee651513692 → flow:be4babb82816
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.177:asn:262880	host:177.10.235.177 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b2dec3faf198ca60:SESSION-b2dec3faf198ca60	SESSION-b2dec3faf198ca60 → pe:syn:SESSION-b2dec3faf198ca60
flow_observed3-aryOBS	e:fo:flow:4ef3722f4d43	flow:4ef3722f4d43 → host:172.234.197.23 → host:2.57.122.192
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.73:asn:271410	host:131.196.31.73 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-fbee5c60d72abd4e:host:177.10.238.36	SESSION-fbee5c60d72abd4e → host:177.10.238.36
FLOW_DST_PORTOBS	e:fp:flow:eaa8659511f0:port:tcp:443	flow:eaa8659511f0 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:f078868fa5a3:port:tcp:443	flow:f078868fa5a3 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5496341eed0b869:host:172.234.197.23	SESSION-e5496341eed0b869 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ce29096c932e7f50:SESSION-ce29096c932e7f50	SESSION-ce29096c932e7f50 → pe:tls:SESSION-ce29096c932e7f50
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.161.119.157:geo_43.63190_-79.37160	host:51.161.119.157 → geo_43.63190_-79.37160
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa9d2876c7b3abea:host:172.234.197.23	SESSION-fa9d2876c7b3abea → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.179:geo_-16.28860_-49.01640	host:177.10.237.179 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-13f8871a9bd8cb8e:host:172.234.197.23	SESSION-13f8871a9bd8cb8e → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-eaf7cd3e5a2b7709:BSG-BEACON-aca7f2deb21d	SESSION-eaf7cd3e5a2b7709 → BSG-BEACON-aca7f2deb21d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8de302c0e306721c:host:172.234.197.23	SESSION-8de302c0e306721c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b475107bbd97ed39:host:177.10.238.250:host:172.234.197.23	SESSION-b475107bbd97ed39 → host:177.10.238.250 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fc2888c0eb9bd2ad:SESSION-fc2888c0eb9bd2ad	SESSION-fc2888c0eb9bd2ad → pe:tls:SESSION-fc2888c0eb9bd2ad
FLOW_FROM_HOSTOBS	e:from:SESSION-b7ba8377fba710c4:host:172.234.197.23	SESSION-b7ba8377fba710c4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7c506d9600407809:host:177.10.234.236	SESSION-7c506d9600407809 → host:177.10.234.236
FLOW_FROM_HOSTOBS	e:from:SESSION-32273c66c8bf9656:host:177.10.235.51	SESSION-32273c66c8bf9656 → host:177.10.235.51
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2966a121f8fe86e9:host:177.10.234.215:host:172.234.197.23	SESSION-2966a121f8fe86e9 → host:177.10.234.215 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02deb29800889c11:host:177.10.239.55	SESSION-02deb29800889c11 → host:177.10.239.55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-4defafdd27769097:SESSION-4defafdd27769097	SESSION-4defafdd27769097 → pe:rst:SESSION-4defafdd27769097
FLOW_FROM_HOSTOBS	e:from:SESSION-c7b20ceba4f49bfd:host:67.219.103.9	SESSION-c7b20ceba4f49bfd → host:67.219.103.9
FLOW_FROM_HOSTOBS	e:from:SESSION-7dea1c67796075ab:host:177.10.238.218	SESSION-7dea1c67796075ab → host:177.10.238.218
FLOW_DST_PORTOBS	e:fp:flow:05fb2af39457:port:tcp:443	flow:05fb2af39457 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-838eea3d6dd669fd:flow:20396b807239	SESSION-838eea3d6dd669fd → flow:20396b807239
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-67fb5a3b6b27b953:flow:554b73d85e05	SESSION-67fb5a3b6b27b953 → flow:554b73d85e05
flow_observed5-aryOBS	e:fo:flow:d016fb87078e	flow:d016fb87078e → host:177.10.239.76 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf9713fb7209fcf9:PCAP:capture_20260430090001:065659c7d314	SESSION-bf9713fb7209fcf9 → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.189:asn:262880	host:177.10.239.189 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0796a13a25fe417a:host:172.234.197.23	SESSION-0796a13a25fe417a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-71917de89d264496:flow:c4028c7b5ec7	SESSION-71917de89d264496 → flow:c4028c7b5ec7
flow_observed5-aryOBS	e:fo:flow:03a779e7b01d	flow:03a779e7b01d → host:185.231.226.214 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_TO_HOSTOBS	e:to:SESSION-394aeca8e13c39b2:host:172.234.197.23	SESSION-394aeca8e13c39b2 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.162:geo_-23.62930_-46.63510	host:131.196.30.162 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-26e26ae77a5f41e1:PCAP:capture_20260430090001:065659c7d314	SESSION-26e26ae77a5f41e1 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f951b8fc6e0dd11c:host:172.234.197.23	SESSION-f951b8fc6e0dd11c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc55eac4fb6ef554:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cc55eac4fb6ef554 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85383edd293fa3f5:flow:7c1ef5ee9207	SESSION-85383edd293fa3f5 → flow:7c1ef5ee9207
FLOW_FROM_HOSTOBS	e:from:SESSION-29e21c95f9df9427:host:177.10.232.138	SESSION-29e21c95f9df9427 → host:177.10.232.138
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3d1337acddb52863:SESSION-3d1337acddb52863	SESSION-3d1337acddb52863 → pe:tls:SESSION-3d1337acddb52863
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-03cee9bc49b35179:flow:be316d307c17	SESSION-03cee9bc49b35179 → flow:be316d307c17
FLOW_FROM_HOSTOBS	e:from:SESSION-c93964ffa7e29d50:host:177.10.232.193	SESSION-c93964ffa7e29d50 → host:177.10.232.193
FLOW_TO_HOSTOBS	e:to:SESSION-74a0cb408b3fb354:host:172.234.197.23	SESSION-74a0cb408b3fb354 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.178:geo_-16.28860_-49.01640	host:177.10.236.178 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:74378186d58c	flow:74378186d58c → host:45.173.156.231 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:4cb6c8af98e7	flow:4cb6c8af98e7 → host:92.112.71.199 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:91bd8581cefd	flow:91bd8581cefd → host:131.196.31.98 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d436d9a2a0e2483:host:177.10.239.116	SESSION-7d436d9a2a0e2483 → host:177.10.239.116
FLOW_DST_PORTOBS	e:fp:flow:802362c03be8:port:tcp:443	flow:802362c03be8 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-a4ffce8b6e53dd75:host:172.234.197.23	SESSION-a4ffce8b6e53dd75 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.57:geo_-23.62930_-46.63510	host:131.196.30.57 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-043f15d6badfcd64:host:177.10.235.36:host:172.234.197.23	SESSION-043f15d6badfcd64 → host:177.10.235.36 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ec50ec61227c5d5c:SESSION-ec50ec61227c5d5c	SESSION-ec50ec61227c5d5c → pe:syn:SESSION-ec50ec61227c5d5c
FLOW_DST_PORTOBS	e:fp:flow:e4c0f1f7a266:port:tcp:34813	flow:e4c0f1f7a266 → port:tcp:34813
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-187a70856b24c84b:flow:67e55af760db	SESSION-187a70856b24c84b → flow:67e55af760db
FLOW_TO_HOSTOBS	e:to:SESSION-4ba3ff89783efd81:host:172.234.197.23	SESSION-4ba3ff89783efd81 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dad0ff120323eed1:host:172.234.197.23	SESSION-dad0ff120323eed1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4ba4bb01be574ad6:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4ba4bb01be574ad6 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-08b637759d13ec04:flow:24b7095746b6	SESSION-08b637759d13ec04 → flow:24b7095746b6
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.19:asn:262880	host:177.10.234.19 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-95229c7c61064646:PCAP:capture_20260430080001:93f47cc296a4	SESSION-95229c7c61064646 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:700fed86d816:port:udp:53	flow:700fed86d816 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d2a460a472c4c29:host:131.196.28.254	SESSION-8d2a460a472c4c29 → host:131.196.28.254
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.78:geo_-16.28860_-49.01640	host:177.10.236.78 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c69fd5cbb3980413:SESSION-c69fd5cbb3980413	SESSION-c69fd5cbb3980413 → pe:syn:SESSION-c69fd5cbb3980413
FLOW_FROM_HOSTOBS	e:from:SESSION-592321b004976459:host:172.234.197.23	SESSION-592321b004976459 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-caf4287e8000c114:host:172.234.197.23	SESSION-caf4287e8000c114 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f56adc7043a43d99:SESSION-f56adc7043a43d99	SESSION-f56adc7043a43d99 → pe:tls:SESSION-f56adc7043a43d99
FLOW_DST_PORTOBS	e:fp:flow:dac3528f23e4:port:tcp:443	flow:dac3528f23e4 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-9222c19da42c0aaa:host:172.234.197.23	SESSION-9222c19da42c0aaa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cfde024084873f29:host:199.16.157.182	SESSION-cfde024084873f29 → host:199.16.157.182
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a33d29db5091f68:host:177.10.238.173	SESSION-2a33d29db5091f68 → host:177.10.238.173
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e3f936e849fecda0:flow:996fce1dce71	SESSION-e3f936e849fecda0 → flow:996fce1dce71
FLOW_FROM_HOSTOBS	e:from:SESSION-98d504bd384337f5:host:177.10.235.147	SESSION-98d504bd384337f5 → host:177.10.235.147
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-accb56e5453b3fbd:host:45.173.156.3	SESSION-accb56e5453b3fbd → host:45.173.156.3
flow_observed5-aryOBS	e:fo:flow:59b0b56c7328	flow:59b0b56c7328 → host:177.10.235.117 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-adbb0156eea80d2f:SESSION-adbb0156eea80d2f	SESSION-adbb0156eea80d2f → pe:tls:SESSION-adbb0156eea80d2f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-275d804358752875:host:177.10.237.143	SESSION-275d804358752875 → host:177.10.237.143
FLOW_QUERIED_DNSOBS	e:fd:flow:62e5c7a79f3a:dns:172-234-197-23.ip.linodeusercontent.com	flow:62e5c7a79f3a → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-2d19f64abed8cdcd:host:177.10.234.178	SESSION-2d19f64abed8cdcd → host:177.10.234.178
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d79f2acd73027b39:SESSION-d79f2acd73027b39	SESSION-d79f2acd73027b39 → pe:tls:SESSION-d79f2acd73027b39
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2a0bf61df119bc4:host:177.10.234.235	SESSION-f2a0bf61df119bc4 → host:177.10.234.235
FLOW_TO_HOSTOBS	e:to:SESSION-a27e337d4c0b49f3:host:172.234.197.23	SESSION-a27e337d4c0b49f3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:83dcab51c9e9:port:tcp:443	flow:83dcab51c9e9 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-5f4a8961dba27f33:host:172.234.197.23	SESSION-5f4a8961dba27f33 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-734d97fdd69356a6:PCAP:capture_20260430150001:ded20914761d	SESSION-734d97fdd69356a6 → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c47e89745eb205fd:host:172.234.197.23:host:177.10.238.254	SESSION-c47e89745eb205fd → host:172.234.197.23 → host:177.10.238.254
FLOW_FROM_HOSTOBS	e:from:SESSION-bf679119291e5246:host:177.10.238.24	SESSION-bf679119291e5246 → host:177.10.238.24
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a117da50f6c2c30f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a117da50f6c2c30f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fecc6fa34e31300b:SESSION-fecc6fa34e31300b	SESSION-fecc6fa34e31300b → pe:tls:SESSION-fecc6fa34e31300b
FLOW_FROM_HOSTOBS	e:from:SESSION-6bbf6176d0f5e38d:host:177.10.234.154	SESSION-6bbf6176d0f5e38d → host:177.10.234.154
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5c65a4c12e9ce549:flow:b0e1058bd513	SESSION-5c65a4c12e9ce549 → flow:b0e1058bd513
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-55187c9d4dc6d2e7:host:177.10.235.90:host:172.234.197.23	SESSION-55187c9d4dc6d2e7 → host:177.10.235.90 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:332f4fe52ebe	flow:332f4fe52ebe → host:131.196.28.187 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ccddbdb53d5af45:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6ccddbdb53d5af45 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b074fbdb748702cc:SESSION-b074fbdb748702cc	SESSION-b074fbdb748702cc → pe:syn:SESSION-b074fbdb748702cc
FLOW_FROM_HOSTOBS	e:from:SESSION-d60298c7dc6ec77f:host:177.10.234.118	SESSION-d60298c7dc6ec77f → host:177.10.234.118
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ef4dd3d9fcb73b5:host:54.250.227.157:host:172.234.197.23	SESSION-6ef4dd3d9fcb73b5 → host:54.250.227.157 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c774247ce2f7d3db:host:172.234.197.23:host:131.196.30.168	SESSION-c774247ce2f7d3db → host:172.234.197.23 → host:131.196.30.168
flow_observed4-aryOBS	e:fo:flow:f8686c85714f	flow:f8686c85714f → host:172.234.197.23 → host:177.10.239.140 → port:tcp:21942
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.92:asn:262880	host:177.10.238.92 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a57e7ba0de33dea3:flow:b1427df5f2d1	SESSION-a57e7ba0de33dea3 → flow:b1427df5f2d1
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.198:asn:273470	host:45.173.156.198 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-786e34aed7c64f61:SESSION-786e34aed7c64f61	SESSION-786e34aed7c64f61 → pe:syn:SESSION-786e34aed7c64f61
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3483d96fbaf632b7:host:177.10.234.23	SESSION-3483d96fbaf632b7 → host:177.10.234.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e0d73c88dd83fb6:host:172.234.197.23	SESSION-9e0d73c88dd83fb6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6e708c58166944fb:host:172.234.197.23	SESSION-6e708c58166944fb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-eaae06fce38c131f:host:177.10.232.67	SESSION-eaae06fce38c131f → host:177.10.232.67
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-164b17078fceb547:PCAP:capture_20260430070001:903a0e7a436b	SESSION-164b17078fceb547 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-00968abd3a9eec7e:PCAP:capture_20260430050001:8868731bf8a4	SESSION-00968abd3a9eec7e → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.207:geo_-21.10010_-41.69200	host:45.173.156.207 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-4e49f7df60935172:host:172.234.197.23	SESSION-4e49f7df60935172 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-460a4898e7c07917:host:45.173.156.150:host:172.234.197.23	SESSION-460a4898e7c07917 → host:45.173.156.150 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a9e0f3ba046c015f:host:172.234.197.23:host:131.196.30.183	SESSION-a9e0f3ba046c015f → host:172.234.197.23 → host:131.196.30.183
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.240:asn:262880	host:177.10.233.240 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-26f197960c59c7f7:SESSION-26f197960c59c7f7	SESSION-26f197960c59c7f7 → pe:tls:SESSION-26f197960c59c7f7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d226dc6e18df532:host:172.234.197.23	SESSION-2d226dc6e18df532 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.206:geo_-23.62930_-46.63510	host:131.196.29.206 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-2ef18db4a9eedd9d:host:172.234.197.23	SESSION-2ef18db4a9eedd9d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b977b804ba3f4edd:host:104.28.234.79	SESSION-b977b804ba3f4edd → host:104.28.234.79
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c016235dacd88a4d:SESSION-c016235dacd88a4d	SESSION-c016235dacd88a4d → pe:tls:SESSION-c016235dacd88a4d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e700dd1746307a02:SESSION-e700dd1746307a02	SESSION-e700dd1746307a02 → pe:tls:SESSION-e700dd1746307a02
flow_observed3-aryOBS	e:fo:flow:72abfe4f3945	flow:72abfe4f3945 → host:34.220.91.24 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-602a14335703e220:host:177.10.235.74	SESSION-602a14335703e220 → host:177.10.235.74
HOST_IN_ASNOBS 85%	e:ha:host:172.94.9.253:asn:213790	host:172.94.9.253 → asn:213790
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c58c12f678d65836:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c58c12f678d65836 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-4f1cb2d411cdd6d7:host:177.10.237.251	SESSION-4f1cb2d411cdd6d7 → host:177.10.237.251
FLOW_DST_PORTOBS	e:fp:flow:c1f401a82a26:port:tcp:443	flow:c1f401a82a26 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-678637d3dc5962bf:SESSION-678637d3dc5962bf	SESSION-678637d3dc5962bf → pe:syn:SESSION-678637d3dc5962bf
flow_observed5-aryOBS	e:fo:flow:40caed145d6b	flow:40caed145d6b → host:177.10.237.113 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-28e949edc1bba418:SESSION-28e949edc1bba418	SESSION-28e949edc1bba418 → pe:syn:SESSION-28e949edc1bba418
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44a6b99289a2f8de:host:177.10.239.227	SESSION-44a6b99289a2f8de → host:177.10.239.227
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5731b0b8f40f73a:host:172.234.197.23	SESSION-f5731b0b8f40f73a → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.89:asn:262880	host:177.10.232.89 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-71340f64d1455f4f:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-71340f64d1455f4f → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d43ecb134342fe00:SESSION-d43ecb134342fe00	SESSION-d43ecb134342fe00 → pe:tls:SESSION-d43ecb134342fe00
FLOW_DST_PORTOBS	e:fp:flow:63f677001d7d:port:tcp:443	flow:63f677001d7d → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fa49e5af791c6122:flow:2349df72c6a6	SESSION-fa49e5af791c6122 → flow:2349df72c6a6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-664631b6c582f1f7:SESSION-664631b6c582f1f7	SESSION-664631b6c582f1f7 → pe:syn:SESSION-664631b6c582f1f7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.156:geo_-16.28860_-49.01640	host:177.10.237.156 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:829f537dafee	flow:829f537dafee → host:131.196.28.2 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3075d8276a1a3ff8:PCAP:capture_20260430060001:919b39a74464	SESSION-3075d8276a1a3ff8 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:f8d302369066:port:tcp:43515	flow:f8d302369066 → port:tcp:43515
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7141588dcb909c75:SESSION-7141588dcb909c75	SESSION-7141588dcb909c75 → pe:syn:SESSION-7141588dcb909c75
FLOW_DST_PORTOBS	e:fp:flow:0ece5c076886:port:tcp:443	flow:0ece5c076886 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d77475f82108632b:host:172.234.197.23	SESSION-d77475f82108632b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-14d5e1e17a6f21ad:PCAP:capture_20260430110001:43611bdf6759	SESSION-14d5e1e17a6f21ad → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1fb163f3769ccb67:host:131.196.31.235:host:172.234.197.23	SESSION-1fb163f3769ccb67 → host:131.196.31.235 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b88c76d0206f2960:host:185.231.226.117:host:172.234.197.23	SESSION-b88c76d0206f2960 → host:185.231.226.117 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e512980b1e52beb:flow:77891346ee5e	SESSION-7e512980b1e52beb → flow:77891346ee5e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.155:geo_-23.62930_-46.63510	host:131.196.29.155 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ba98677b43b4662:flow:5741256ce11e	SESSION-8ba98677b43b4662 → flow:5741256ce11e
FLOW_TO_HOSTOBS	e:to:SESSION-c58b004ff38abe14:host:172.234.197.23	SESSION-c58b004ff38abe14 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.231:geo_-16.28860_-49.01640	host:177.10.234.231 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f928c0ad9f6130d:host:131.196.30.92	SESSION-3f928c0ad9f6130d → host:131.196.30.92
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-186abbea6a1cb4f5:host:172.234.197.23	SESSION-186abbea6a1cb4f5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4a0e33124638:port:tcp:443	flow:4a0e33124638 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3d7339ef5a101ca:host:172.234.197.23	SESSION-e3d7339ef5a101ca → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cd92f1d715637398:host:34.216.76.26:host:172.234.197.23	SESSION-cd92f1d715637398 → host:34.216.76.26 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ae580f5c3468d66:host:177.10.233.13	SESSION-8ae580f5c3468d66 → host:177.10.233.13
FLOW_DST_PORTOBS	e:fp:flow:53d02928b48f:port:tcp:443	flow:53d02928b48f → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7f971b95dedbfd9a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7f971b95dedbfd9a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0014b04a4a7ef99:host:131.196.28.211:host:172.234.197.23	SESSION-c0014b04a4a7ef99 → host:131.196.28.211 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c3b504551617ec2c:SESSION-c3b504551617ec2c	SESSION-c3b504551617ec2c → pe:syn:SESSION-c3b504551617ec2c
FLOW_FROM_HOSTOBS	e:from:SESSION-96c334cbd5a64077:host:103.230.240.59	SESSION-96c334cbd5a64077 → host:103.230.240.59
flow_observed5-aryOBS	e:fo:flow:f8cf2033ffcb	flow:f8cf2033ffcb → host:37.221.79.224 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3c812f2a31a60fc9:PCAP:capture_20260430070001:903a0e7a436b	SESSION-3c812f2a31a60fc9 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:2ac545a7b329:port:tcp:54365	flow:2ac545a7b329 → port:tcp:54365
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-992ac29a78433ae4:flow:8221cb92d987	SESSION-992ac29a78433ae4 → flow:8221cb92d987
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6f0fa0972c78e2ef:SESSION-6f0fa0972c78e2ef	SESSION-6f0fa0972c78e2ef → pe:syn:SESSION-6f0fa0972c78e2ef
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-171cec02c0effee6:host:172.234.197.23	SESSION-171cec02c0effee6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-919126906ac50297:host:172.234.197.23	SESSION-919126906ac50297 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3bf7bb3dc8319468:PCAP:capture_20260430160001:9bfa4498506a	SESSION-3bf7bb3dc8319468 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-c8b9d154eee5d788:host:172.234.197.23	SESSION-c8b9d154eee5d788 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-222c821677f323de:SESSION-222c821677f323de	SESSION-222c821677f323de → pe:syn:SESSION-222c821677f323de
FLOW_TO_HOSTOBS	e:to:SESSION-c0119815c01d3319:host:172.234.197.23	SESSION-c0119815c01d3319 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2f802a56d8e0d79:host:172.234.197.23	SESSION-a2f802a56d8e0d79 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a5e08dfdbc67:port:tcp:443	flow:a5e08dfdbc67 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-478ebcd540b5d0ef:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-478ebcd540b5d0ef → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5470436eecf7738e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-5470436eecf7738e → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ae580f5c3468d66:flow:219da1e00ae9	SESSION-8ae580f5c3468d66 → flow:219da1e00ae9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-46f163e73b58987c:SESSION-46f163e73b58987c	SESSION-46f163e73b58987c → pe:syn:SESSION-46f163e73b58987c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-44555c754c6c7558:host:177.10.235.220:host:172.234.197.23	SESSION-44555c754c6c7558 → host:177.10.235.220 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:29ba545d482d:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:29ba545d482d → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-cd4086b575d9a1c0:host:177.10.232.164	SESSION-cd4086b575d9a1c0 → host:177.10.232.164
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a1375745ca86fe64:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-a1375745ca86fe64 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f0a8fa8ac12ff0c6:SESSION-f0a8fa8ac12ff0c6	SESSION-f0a8fa8ac12ff0c6 → pe:syn:SESSION-f0a8fa8ac12ff0c6
FLOW_DST_PORTOBS	e:fp:flow:b307b7cec2f0:port:tcp:443	flow:b307b7cec2f0 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:4f707b2e8a9b:port:tcp:443	flow:4f707b2e8a9b → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-4a1d91047073c4c2:host:172.234.197.23	SESSION-4a1d91047073c4c2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9ed3c0cac572dff6:host:172.234.197.23	SESSION-9ed3c0cac572dff6 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:ead47c2cac82	flow:ead47c2cac82 → host:172.234.197.23 → host:131.196.28.242 → port:tcp:19673
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb0638f1774736d1:PCAP:capture_20260430070001:903a0e7a436b	SESSION-cb0638f1774736d1 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-a03207ab88db82b5:host:172.234.197.23	SESSION-a03207ab88db82b5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4fdea987cb08476:host:177.10.234.41	SESSION-a4fdea987cb08476 → host:177.10.234.41
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.36:geo_-23.62930_-46.63510	host:131.196.30.36 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-5b1f042103d1727f:host:177.10.239.153	SESSION-5b1f042103d1727f → host:177.10.239.153
flow_observed5-aryOBS	e:fo:flow:322c92de5b4d	flow:322c92de5b4d → host:177.10.233.231 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-81ef982aa5449fd9:host:172.234.197.23:host:45.173.156.230	SESSION-81ef982aa5449fd9 → host:172.234.197.23 → host:45.173.156.230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bdc14171c537b7eb:SESSION-bdc14171c537b7eb	SESSION-bdc14171c537b7eb → pe:tls:SESSION-bdc14171c537b7eb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-919126906ac50297:host:177.10.233.38	SESSION-919126906ac50297 → host:177.10.233.38
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2f5f99625dcfae4:host:172.234.197.23	SESSION-e2f5f99625dcfae4 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:22c4bbf97ccb	flow:22c4bbf97ccb → host:149.210.194.32 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-3e361598c12a1af0:host:131.196.29.95	SESSION-3e361598c12a1af0 → host:131.196.29.95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e806a1e4171599f:SESSION-4e806a1e4171599f	SESSION-4e806a1e4171599f → pe:tls:SESSION-4e806a1e4171599f
flow_observed4-aryOBS	e:fo:flow:d0c462915807	flow:d0c462915807 → host:172.234.197.23 → host:210.156.0.132 → port:tcp:59636
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0657272c618c6d4:host:177.10.237.248:host:172.234.197.23	SESSION-c0657272c618c6d4 → host:177.10.237.248 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0ef3697a55617fe8:SESSION-0ef3697a55617fe8	SESSION-0ef3697a55617fe8 → pe:syn:SESSION-0ef3697a55617fe8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c5f8419335024f52:host:49.12.170.238:host:172.234.197.23	SESSION-c5f8419335024f52 → host:49.12.170.238 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5ed9f49ee99549f:host:172.234.197.23	SESSION-c5ed9f49ee99549f → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.184:geo_-23.62930_-46.63510	host:131.196.30.184 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ce1a5aa06c53f62:host:172.234.197.23:host:131.196.31.4	SESSION-8ce1a5aa06c53f62 → host:172.234.197.23 → host:131.196.31.4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67e118b3ac1b9481:host:172.234.197.23	SESSION-67e118b3ac1b9481 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1ec6b7d17caa72c:host:177.10.234.15:host:172.234.197.23	SESSION-d1ec6b7d17caa72c → host:177.10.234.15 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:85a454a58451	flow:85a454a58451 → host:172.234.197.23 → host:45.173.156.230 → port:tcp:47115
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3168a3173448dd7d:flow:18c30dc84099	SESSION-3168a3173448dd7d → flow:18c30dc84099
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.24:asn:262880	host:177.10.235.24 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6cc804a855d1eb7c:SESSION-6cc804a855d1eb7c	SESSION-6cc804a855d1eb7c → pe:tls:SESSION-6cc804a855d1eb7c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1e2a6d6aa009e10c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1e2a6d6aa009e10c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5b4d581172cc71c:host:172.234.197.23	SESSION-a5b4d581172cc71c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4f97616f4c907a8c:host:172.234.197.23	SESSION-4f97616f4c907a8c → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.149.68.137:geo_45.84010_-119.70500	host:54.149.68.137 → geo_45.84010_-119.70500
flow_observed5-aryOBS	e:fo:flow:48b5e51b7b0b	flow:48b5e51b7b0b → host:177.10.233.134 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.230:geo_-16.28860_-49.01640	host:177.10.237.230 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf34c898669d01e7:host:131.196.30.242	SESSION-bf34c898669d01e7 → host:131.196.30.242
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-21ae4bade70b1440:PCAP:capture_20260430070001:903a0e7a436b	SESSION-21ae4bade70b1440 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-a6ca8d988675ead3:host:45.173.156.26	SESSION-a6ca8d988675ead3 → host:45.173.156.26
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0d11915f1f4e9ef9:host:177.10.239.187:host:172.234.197.23	SESSION-0d11915f1f4e9ef9 → host:177.10.239.187 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e995e7d6e6aa04f6:host:172.234.197.23	SESSION-e995e7d6e6aa04f6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f35e45e57d830f4:host:177.10.235.169	SESSION-2f35e45e57d830f4 → host:177.10.235.169
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-24763432928200fc:SESSION-24763432928200fc	SESSION-24763432928200fc → pe:tls:SESSION-24763432928200fc
FLOW_FROM_HOSTOBS	e:from:SESSION-6050ca7af62c0465:host:45.173.156.137	SESSION-6050ca7af62c0465 → host:45.173.156.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7845496c0c03c20:SESSION-b7845496c0c03c20	SESSION-b7845496c0c03c20 → pe:syn:SESSION-b7845496c0c03c20
FLOW_TO_HOSTOBS	e:to:SESSION-3674a7955b512da1:host:172.234.197.23	SESSION-3674a7955b512da1 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9d09283dd3ed	flow:9d09283dd3ed → host:177.10.236.120 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:b45cce3384ef	flow:b45cce3384ef → host:172.234.197.23 → host:177.10.236.244 → port:tcp:18922
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee8b7e20de209690:host:172.232.0.16	SESSION-ee8b7e20de209690 → host:172.232.0.16
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8d587dd5c581936e:host:172.234.197.23:host:131.196.28.16	SESSION-8d587dd5c581936e → host:172.234.197.23 → host:131.196.28.16
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ef9a5d8a17e479b:flow:eec957513426	SESSION-8ef9a5d8a17e479b → flow:eec957513426
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-57039b95174af1c3:flow:3988e0c31504	SESSION-57039b95174af1c3 → flow:3988e0c31504
FLOW_FROM_HOSTOBS	e:from:SESSION-e01aa770e4fba49e:host:172.234.197.23	SESSION-e01aa770e4fba49e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9338ac17b36dc2c1:host:177.10.238.59	SESSION-9338ac17b36dc2c1 → host:177.10.238.59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0ad9c0df7a65aa03:SESSION-0ad9c0df7a65aa03	SESSION-0ad9c0df7a65aa03 → pe:syn:SESSION-0ad9c0df7a65aa03
FLOW_TO_HOSTOBS	e:to:SESSION-aa7ff8c6e8f0ef9e:host:172.234.197.23	SESSION-aa7ff8c6e8f0ef9e → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.67:geo_-16.28860_-49.01640	host:177.10.232.67 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:78fc6ae4b8bb	flow:78fc6ae4b8bb → host:172.234.197.23 → host:45.173.156.36 → port:tcp:32417
FLOW_FROM_HOSTOBS	e:from:SESSION-75c0f4fa43b2bfb9:host:92.112.71.216	SESSION-75c0f4fa43b2bfb9 → host:92.112.71.216
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2099dbde4b7ef03:host:177.10.236.92	SESSION-c2099dbde4b7ef03 → host:177.10.236.92
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-38d81f2383b0ad0b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-38d81f2383b0ad0b → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bda9924d3f6d619:host:177.10.237.74	SESSION-4bda9924d3f6d619 → host:177.10.237.74
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.228:asn:271410	host:131.196.31.228 → asn:271410
flow_observed5-aryOBS	e:fo:flow:de18500862da	flow:de18500862da → host:177.10.239.4 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed3-aryOBS	e:fo:flow:b4bab380b24a	flow:b4bab380b24a → host:44.247.223.188 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-749084d26a1fdfcc:host:45.173.156.55	SESSION-749084d26a1fdfcc → host:45.173.156.55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7852f400065b4a55:SESSION-7852f400065b4a55	SESSION-7852f400065b4a55 → pe:tls:SESSION-7852f400065b4a55
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-11d5793dfe2c0097:flow:e535264fff8d	SESSION-11d5793dfe2c0097 → flow:e535264fff8d
flow_observed5-aryOBS	e:fo:flow:4d4917597a14	flow:4d4917597a14 → host:45.173.156.253 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3d1337acddb52863:host:172.234.197.23	SESSION-3d1337acddb52863 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-794cf5b08878bd55:host:172.234.197.23	SESSION-794cf5b08878bd55 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-94f17b7b7397155e:PCAP:capture_20260430080001:93f47cc296a4	SESSION-94f17b7b7397155e → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:a2e6aeb28c67:port:tcp:443	flow:a2e6aeb28c67 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-e2f1449f3d42ccdf:host:172.234.197.23	SESSION-e2f1449f3d42ccdf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84891f6788a8f194:host:172.234.197.23	SESSION-84891f6788a8f194 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-47982c1c81b3c1d7:host:44.244.28.93	SESSION-47982c1c81b3c1d7 → host:44.244.28.93
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.128:asn:262880	host:177.10.237.128 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2474adee374207e:host:172.234.197.23	SESSION-c2474adee374207e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:dc26b6b9e94a	flow:dc26b6b9e94a → host:177.10.237.217 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f320997aa88d5819:host:45.173.156.153	SESSION-f320997aa88d5819 → host:45.173.156.153
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-df3beb1e5143a102:flow:637c13edbf62	SESSION-df3beb1e5143a102 → flow:637c13edbf62
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-14d517e62aef6020:SESSION-14d517e62aef6020	SESSION-14d517e62aef6020 → pe:syn:SESSION-14d517e62aef6020
FLOW_TO_HOSTOBS	e:to:SESSION-b0233a0286136dd2:host:172.234.197.23	SESSION-b0233a0286136dd2 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:cb77aa2dacf9	flow:cb77aa2dacf9 → host:172.234.197.23 → host:131.196.29.134 → port:tcp:15013
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-029d1f2d00b0343a:flow:cc88089c31a5	SESSION-029d1f2d00b0343a → flow:cc88089c31a5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7b7470a9d5ba162:SESSION-b7b7470a9d5ba162	SESSION-b7b7470a9d5ba162 → pe:tls:SESSION-b7b7470a9d5ba162
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f3567442ac940551:SESSION-f3567442ac940551	SESSION-f3567442ac940551 → pe:syn:SESSION-f3567442ac940551
FLOW_FROM_HOSTOBS	e:from:SESSION-61edd9328a7eff0d:host:108.217.180.26	SESSION-61edd9328a7eff0d → host:108.217.180.26
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-42dd33a8e6552b73:PCAP:capture_20260430080001:93f47cc296a4	SESSION-42dd33a8e6552b73 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4fd5cc70e8cf2108:SESSION-4fd5cc70e8cf2108	SESSION-4fd5cc70e8cf2108 → pe:syn:SESSION-4fd5cc70e8cf2108
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4e9a3a3a63cdb2e:host:45.173.156.223:host:172.234.197.23	SESSION-c4e9a3a3a63cdb2e → host:45.173.156.223 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cf85e37468f1ff86:host:177.10.233.59:host:172.234.197.23	SESSION-cf85e37468f1ff86 → host:177.10.233.59 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b64652804f63:port:tcp:45665	flow:b64652804f63 → port:tcp:45665
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.249:asn:271410	host:131.196.28.249 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.209:geo_-23.62930_-46.63510	host:131.196.28.209 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-365dad18baa46a43:PCAP:capture_20260428010001:b1b402c7b202	SESSION-365dad18baa46a43 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_FROM_HOSTOBS	e:from:SESSION-1052ae798d70afda:host:172.234.197.23	SESSION-1052ae798d70afda → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2969d43ba10a409c:host:45.173.156.119	SESSION-2969d43ba10a409c → host:45.173.156.119
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1db6dc9c45987f6e:flow:6e3867982415	SESSION-1db6dc9c45987f6e → flow:6e3867982415
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.150:asn:262880	host:177.10.236.150 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.228:geo_-16.28860_-49.01640	host:177.10.234.228 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-0a05a386609def1c:host:177.10.236.110	SESSION-0a05a386609def1c → host:177.10.236.110
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fc518dfa07303a8:host:45.173.156.219	SESSION-1fc518dfa07303a8 → host:45.173.156.219
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2f4918b67fbcc63f:flow:6ca74d3a8e5f	SESSION-2f4918b67fbcc63f → flow:6ca74d3a8e5f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f482eb7fd49a3f1b:SESSION-f482eb7fd49a3f1b	SESSION-f482eb7fd49a3f1b → pe:tls:SESSION-f482eb7fd49a3f1b
FLOW_TO_HOSTOBS	e:to:SESSION-38298ff8ded7155d:host:172.234.197.23	SESSION-38298ff8ded7155d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c701d534f5ceb273:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c701d534f5ceb273 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:2af924a53b3a	flow:2af924a53b3a → host:131.196.30.0 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:7dadcd6ecb3a:port:tcp:19561	flow:7dadcd6ecb3a → port:tcp:19561
flow_observed5-aryOBS	e:fo:flow:706071e3fd0c	flow:706071e3fd0c → host:177.10.233.66 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-414103fa622913fc:host:213.209.159.159	SESSION-414103fa622913fc → host:213.209.159.159
FLOW_FROM_HOSTOBS	e:from:SESSION-07bcf39894ea5ee9:host:97.139.12.85	SESSION-07bcf39894ea5ee9 → host:97.139.12.85
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5f70c7a73cedaabc:SESSION-5f70c7a73cedaabc	SESSION-5f70c7a73cedaabc → pe:syn:SESSION-5f70c7a73cedaabc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5405d05650907428:SESSION-5405d05650907428	SESSION-5405d05650907428 → pe:tls:SESSION-5405d05650907428
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0fd6726780ee8778:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0fd6726780ee8778 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fac4a2f466e4583d:SESSION-fac4a2f466e4583d	SESSION-fac4a2f466e4583d → pe:tls:SESSION-fac4a2f466e4583d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0fd6726780ee8778:host:131.196.30.234:host:172.234.197.23	SESSION-0fd6726780ee8778 → host:131.196.30.234 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df1edf3c82c78294:host:177.10.234.236	SESSION-df1edf3c82c78294 → host:177.10.234.236
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-03f351fbd88acdc4:flow:4206128c166d	SESSION-03f351fbd88acdc4 → flow:4206128c166d
FLOW_TO_HOSTOBS	e:to:SESSION-105866a23abaa0d9:host:172.234.197.23	SESSION-105866a23abaa0d9 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a873c288e348:port:tcp:443	flow:a873c288e348 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-ffb355c8f64da05f:host:45.173.156.201	SESSION-ffb355c8f64da05f → host:45.173.156.201
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bfc33587dc4bfad3:SESSION-bfc33587dc4bfad3	SESSION-bfc33587dc4bfad3 → pe:syn:SESSION-bfc33587dc4bfad3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec373193747138e2:host:172.234.197.23	SESSION-ec373193747138e2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:bfe599b46934	flow:bfe599b46934 → host:45.173.156.154 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a70cd7da1062faad:host:172.234.197.23	SESSION-a70cd7da1062faad → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-82d78308744a8bb2:host:172.234.197.23	SESSION-82d78308744a8bb2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-70ca21a7c0c8fc42:host:172.234.197.23	SESSION-70ca21a7c0c8fc42 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bca14afee5df98e9:SESSION-bca14afee5df98e9	SESSION-bca14afee5df98e9 → pe:tls:SESSION-bca14afee5df98e9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-879f882e46cb6c3f:SESSION-879f882e46cb6c3f	SESSION-879f882e46cb6c3f → pe:tls:SESSION-879f882e46cb6c3f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ac1869edc353761e:SESSION-ac1869edc353761e	SESSION-ac1869edc353761e → pe:tls:SESSION-ac1869edc353761e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf9e0725ec95e307:SESSION-bf9e0725ec95e307	SESSION-bf9e0725ec95e307 → pe:syn:SESSION-bf9e0725ec95e307
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-62337f4a23aa4d2d:flow:3e77f7b0f514	SESSION-62337f4a23aa4d2d → flow:3e77f7b0f514
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.122:asn:262880	host:177.10.239.122 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7141588dcb909c75:host:131.196.29.117:host:172.234.197.23	SESSION-7141588dcb909c75 → host:131.196.29.117 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d3e80fb3431ec3f4:flow:e05383acf388	SESSION-d3e80fb3431ec3f4 → flow:e05383acf388
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0bf5b48d5bcb9503:SESSION-0bf5b48d5bcb9503	SESSION-0bf5b48d5bcb9503 → pe:syn:SESSION-0bf5b48d5bcb9503
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ecb25cc7396151e7:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ecb25cc7396151e7 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-c0709d76f76f731c:host:131.196.31.194	SESSION-c0709d76f76f731c → host:131.196.31.194
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1745753d6a990e0e:SESSION-1745753d6a990e0e	SESSION-1745753d6a990e0e → pe:syn:SESSION-1745753d6a990e0e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2e615d118f3247e2:host:177.10.238.29:host:172.234.197.23	SESSION-2e615d118f3247e2 → host:177.10.238.29 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7d9d7757b20ed84d:host:131.196.28.214:host:172.234.197.23	SESSION-7d9d7757b20ed84d → host:131.196.28.214 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:9b447da23548	flow:9b447da23548 → host:172.234.197.23 → host:131.196.31.104 → port:tcp:25089
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8b1edba75af29ea2:SESSION-8b1edba75af29ea2	SESSION-8b1edba75af29ea2 → pe:syn:SESSION-8b1edba75af29ea2
FLOW_DST_PORTOBS	e:fp:flow:209d675128aa:port:tcp:443	flow:209d675128aa → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.188:geo_-16.28860_-49.01640	host:177.10.235.188 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-381f999774715cfc:SESSION-381f999774715cfc	SESSION-381f999774715cfc → pe:syn:SESSION-381f999774715cfc
flow_observed5-aryOBS	e:fo:flow:8cb7ebd2e1a0	flow:8cb7ebd2e1a0 → host:45.173.156.123 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:cedcf4e5a862	flow:cedcf4e5a862 → host:131.196.28.219 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:8728b5b51161:port:tcp:443	flow:8728b5b51161 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:4925c1a24954	flow:4925c1a24954 → host:172.234.197.23 → host:177.10.238.238 → port:tcp:6304
FLOW_FROM_HOSTOBS	e:from:SESSION-72411a82d36d6add:host:177.10.237.107	SESSION-72411a82d36d6add → host:177.10.237.107
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a6d1acf39452c448:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a6d1acf39452c448 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db5e0e0456a4bec1:PCAP:capture_20260430050001:8868731bf8a4	SESSION-db5e0e0456a4bec1 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0bc704eff4d88e9:host:172.234.197.23	SESSION-c0bc704eff4d88e9 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.172:geo_-16.28860_-49.01640	host:177.10.235.172 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-70f9355e024c975b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-70f9355e024c975b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e4b14eb8b6ee95ef:PCAP:capture_20260430070001:903a0e7a436b	SESSION-e4b14eb8b6ee95ef → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b145e081d4e87ab3:SESSION-b145e081d4e87ab3	SESSION-b145e081d4e87ab3 → pe:syn:SESSION-b145e081d4e87ab3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c615690895f6d3c9:PCAP:capture_20260430110001:43611bdf6759	SESSION-c615690895f6d3c9 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-802ccc988b65b38c:host:172.234.197.23	SESSION-802ccc988b65b38c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9866420dbc5d2da0:SESSION-9866420dbc5d2da0	SESSION-9866420dbc5d2da0 → pe:tls:SESSION-9866420dbc5d2da0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1191ea69c7b9e8e5:SESSION-1191ea69c7b9e8e5	SESSION-1191ea69c7b9e8e5 → pe:tls:SESSION-1191ea69c7b9e8e5
FLOW_DST_PORTOBS	e:fp:flow:d9a7a81e01f7:port:tcp:443	flow:d9a7a81e01f7 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.144:asn:262880	host:177.10.237.144 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-499399e6896a45f7:flow:c01c58d7db69	SESSION-499399e6896a45f7 → flow:c01c58d7db69
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3fa41b89da3fc0a6:SESSION-3fa41b89da3fc0a6	SESSION-3fa41b89da3fc0a6 → pe:tls:SESSION-3fa41b89da3fc0a6
flow_observed5-aryOBS	e:fo:flow:d9ed76e0b4a9	flow:d9ed76e0b4a9 → host:131.196.29.221 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1ca1108b3f9fffc:host:92.112.71.65:host:172.234.197.23	SESSION-d1ca1108b3f9fffc → host:92.112.71.65 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e49b447cbf9c1ef7:host:172.234.197.23	SESSION-e49b447cbf9c1ef7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-119f9a3698c24414:host:177.10.239.164:host:172.234.197.23	SESSION-119f9a3698c24414 → host:177.10.239.164 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b8c772918251267:host:45.173.156.56	SESSION-0b8c772918251267 → host:45.173.156.56
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1274fc3e3cafac71:host:131.196.29.12:host:172.234.197.23	SESSION-1274fc3e3cafac71 → host:131.196.29.12 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4f016f4a38011f9c:host:172.234.197.23	SESSION-4f016f4a38011f9c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-83d893adc4ebe669:host:172.234.197.23:host:131.196.28.151	SESSION-83d893adc4ebe669 → host:172.234.197.23 → host:131.196.28.151
FLOW_DST_PORTOBS	e:fp:flow:3641ab71d6be:port:tcp:43059	flow:3641ab71d6be → port:tcp:43059
FLOW_TO_HOSTOBS	e:to:SESSION-1d90a5aaa3545c15:host:131.196.28.169	SESSION-1d90a5aaa3545c15 → host:131.196.28.169
FLOW_DST_PORTOBS	e:fp:flow:4a24348b282d:port:tcp:443	flow:4a24348b282d → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2bcd65d8e62fc5a1:host:172.234.197.23:host:177.10.234.39	SESSION-2bcd65d8e62fc5a1 → host:172.234.197.23 → host:177.10.234.39
FLOW_FROM_HOSTOBS	e:from:SESSION-2b523e88f9ec69c3:host:177.10.233.29	SESSION-2b523e88f9ec69c3 → host:177.10.233.29
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-836e4ff4bdb8da04:host:131.196.28.185:host:172.234.197.23	SESSION-836e4ff4bdb8da04 → host:131.196.28.185 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0427ab07f20fae31:flow:e4ec5b91c99f	SESSION-0427ab07f20fae31 → flow:e4ec5b91c99f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a865531d109b7c1:flow:263550df47f0	SESSION-4a865531d109b7c1 → flow:263550df47f0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a5aae11508cfd60:host:172.234.197.23	SESSION-9a5aae11508cfd60 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-57ceaaaea8de5082:host:131.196.28.246:host:172.234.197.23	SESSION-57ceaaaea8de5082 → host:131.196.28.246 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9a269382e1e5b425:PCAP:capture_20260430160001:9bfa4498506a	SESSION-9a269382e1e5b425 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-426c38e34029cb1b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-426c38e34029cb1b → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d69d721ba9bae694:SESSION-d69d721ba9bae694	SESSION-d69d721ba9bae694 → pe:syn:SESSION-d69d721ba9bae694
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e41b633abf5898e8:host:177.10.233.107	SESSION-e41b633abf5898e8 → host:177.10.233.107
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7eabead80f81736f:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-7eabead80f81736f → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-9a27c97c4e7ac566:host:131.196.29.201	SESSION-9a27c97c4e7ac566 → host:131.196.29.201
FLOW_FROM_HOSTOBS	e:from:SESSION-2ee36310db765ff6:host:131.196.31.220	SESSION-2ee36310db765ff6 → host:131.196.31.220
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-948ad6eee5512e98:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-948ad6eee5512e98 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f56950d8d19e118b:host:177.10.238.103	SESSION-f56950d8d19e118b → host:177.10.238.103
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4fa0ca2c10982c45:host:131.196.31.2	SESSION-4fa0ca2c10982c45 → host:131.196.31.2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8409f84148f471e2:SESSION-8409f84148f471e2	SESSION-8409f84148f471e2 → pe:syn:SESSION-8409f84148f471e2
FLOW_FROM_HOSTOBS	e:from:SESSION-c155b50123efabb5:host:172.234.197.23	SESSION-c155b50123efabb5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-928f584a0bc46099:host:177.10.232.65	SESSION-928f584a0bc46099 → host:177.10.232.65
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0228dcfe5eb3ed0e:PCAP:capture_20260430090001:065659c7d314	SESSION-0228dcfe5eb3ed0e → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b69e4016453478aa:SESSION-b69e4016453478aa	SESSION-b69e4016453478aa → pe:tls:SESSION-b69e4016453478aa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e548e1862e666d4:SESSION-4e548e1862e666d4	SESSION-4e548e1862e666d4 → pe:syn:SESSION-4e548e1862e666d4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-542567c32b647819:host:172.234.197.23	SESSION-542567c32b647819 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51cc268447a19ae7:host:172.234.197.23	SESSION-51cc268447a19ae7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d384de4bfeb31c0:host:131.196.29.16	SESSION-1d384de4bfeb31c0 → host:131.196.29.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-c716fd204e4ddd99:SESSION-c716fd204e4ddd99	SESSION-c716fd204e4ddd99 → pe:dns:SESSION-c716fd204e4ddd99
FLOW_TO_HOSTOBS	e:to:SESSION-231f5887ddd9d406:host:177.10.239.145	SESSION-231f5887ddd9d406 → host:177.10.239.145
FLOW_DST_PORTOBS	e:fp:flow:ca4954cc6e7b:port:tcp:443	flow:ca4954cc6e7b → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.83:geo_-16.28860_-49.01640	host:177.10.238.83 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a8694ae6f41e5eb8:SESSION-a8694ae6f41e5eb8	SESSION-a8694ae6f41e5eb8 → pe:tls:SESSION-a8694ae6f41e5eb8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d3f99262a1bb3592:SESSION-d3f99262a1bb3592	SESSION-d3f99262a1bb3592 → pe:tls:SESSION-d3f99262a1bb3592
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b8ee775e10cbe172:flow:29736dfdaa01	SESSION-b8ee775e10cbe172 → flow:29736dfdaa01
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-91c14db05e009245:SESSION-91c14db05e009245	SESSION-91c14db05e009245 → pe:tls:SESSION-91c14db05e009245
FLOW_FROM_HOSTOBS	e:from:SESSION-32091c263c5425e7:host:172.234.197.23	SESSION-32091c263c5425e7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0844998e370f9b20:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0844998e370f9b20 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b57c4e647c9921c9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b57c4e647c9921c9 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed4-aryOBS	e:fo:flow:747e8242c360	flow:747e8242c360 → host:172.234.197.23 → host:177.10.234.215 → port:tcp:5487
flow_observed5-aryOBS	e:fo:flow:f40a64ba9fc2	flow:f40a64ba9fc2 → host:177.10.237.226 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.91:asn:271410	host:131.196.28.91 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:54fe7b40f46e:port:tcp:443	flow:54fe7b40f46e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ef8854f2d4650c5:host:177.10.234.60	SESSION-2ef8854f2d4650c5 → host:177.10.234.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1b588a91707aaaf:host:131.196.31.143	SESSION-d1b588a91707aaaf → host:131.196.31.143
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1d30b8cd9cbd48a1:SESSION-1d30b8cd9cbd48a1	SESSION-1d30b8cd9cbd48a1 → pe:tls:SESSION-1d30b8cd9cbd48a1
FLOW_FROM_HOSTOBS	e:from:SESSION-67fe6c66ab1f1fcd:host:177.10.236.235	SESSION-67fe6c66ab1f1fcd → host:177.10.236.235
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-463ebb9b343c8b6a:host:131.196.29.153	SESSION-463ebb9b343c8b6a → host:131.196.29.153
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.221:asn:262880	host:177.10.237.221 → asn:262880
flow_observed5-aryOBS	e:fo:flow:f9dfce76a0e2	flow:f9dfce76a0e2 → host:177.10.234.232 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-94f17b7b7397155e:SESSION-94f17b7b7397155e	SESSION-94f17b7b7397155e → pe:syn:SESSION-94f17b7b7397155e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6c8dea047b3a203b:flow:d81e3896f245	SESSION-6c8dea047b3a203b → flow:d81e3896f245
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-25103b8a97127215:flow:1638449ddab5	SESSION-25103b8a97127215 → flow:1638449ddab5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5470436eecf7738e:host:177.10.237.192	SESSION-5470436eecf7738e → host:177.10.237.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9de26895ffb34a3:host:172.234.197.23	SESSION-a9de26895ffb34a3 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7a8bea4194d810df:host:131.196.28.67	SESSION-7a8bea4194d810df → host:131.196.28.67
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a247b2224692840d:SESSION-a247b2224692840d	SESSION-a247b2224692840d → pe:tls:SESSION-a247b2224692840d
flow_observed5-aryOBS	e:fo:flow:b9a8ec600f68	flow:b9a8ec600f68 → host:177.10.234.27 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-47f7d0be3b0e89e2:host:172.234.197.23	SESSION-47f7d0be3b0e89e2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb2f54f0354a144e:host:172.234.197.23	SESSION-fb2f54f0354a144e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f8953f4eec61	flow:f8953f4eec61 → host:177.10.235.187 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.227:asn:271410	host:131.196.29.227 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-113c4b09005431cc:flow:f5149586093b	SESSION-113c4b09005431cc → flow:f5149586093b
FLOW_FROM_HOSTOBS	e:from:SESSION-c36a1f3b5aad9a99:host:177.10.232.247	SESSION-c36a1f3b5aad9a99 → host:177.10.232.247
FLOW_DST_PORTOBS	e:fp:flow:1756a9d5cbe6:port:tcp:6845	flow:1756a9d5cbe6 → port:tcp:6845
FLOW_FROM_HOSTOBS	e:from:SESSION-b578cd49b856e8a0:host:45.173.156.77	SESSION-b578cd49b856e8a0 → host:45.173.156.77
FLOW_DST_PORTOBS	e:fp:flow:94d251e9425d:port:tcp:29092	flow:94d251e9425d → port:tcp:29092
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-38f74251dfc6c10a:flow:1814da59fb61	SESSION-38f74251dfc6c10a → flow:1814da59fb61
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c30e2da5c8abbcf:host:172.234.197.23	SESSION-9c30e2da5c8abbcf → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.67:geo_-16.28860_-49.01640	host:177.10.233.67 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-6c92725f4a9fb4a7:host:172.234.197.23	SESSION-6c92725f4a9fb4a7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e50198195b1abda9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e50198195b1abda9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-948ad6eee5512e98:host:131.196.28.22	SESSION-948ad6eee5512e98 → host:131.196.28.22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-373bf424772e8fef:SESSION-373bf424772e8fef	SESSION-373bf424772e8fef → pe:syn:SESSION-373bf424772e8fef
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.49:geo_-16.28860_-49.01640	host:177.10.237.49 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-ec00857ef12f8e7e:host:172.234.197.23	SESSION-ec00857ef12f8e7e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6459c4621d226611:host:172.234.197.23	SESSION-6459c4621d226611 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ec50ec61227c5d5c:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ec50ec61227c5d5c → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:53321ee7cdbc	flow:53321ee7cdbc → host:131.196.31.121 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-266bac80b9ef8487:SESSION-266bac80b9ef8487	SESSION-266bac80b9ef8487 → pe:tls:SESSION-266bac80b9ef8487
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17fce8ea46af65f2:host:177.10.232.249	SESSION-17fce8ea46af65f2 → host:177.10.232.249
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eb6c1367f6b2a786:SESSION-eb6c1367f6b2a786	SESSION-eb6c1367f6b2a786 → pe:syn:SESSION-eb6c1367f6b2a786
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.185:geo_-23.62930_-46.63510	host:131.196.31.185 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-63f078b7cf539982:PCAP:capture_20260430160001:9bfa4498506a	SESSION-63f078b7cf539982 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fa0b840fdb1355d3:SESSION-fa0b840fdb1355d3	SESSION-fa0b840fdb1355d3 → pe:syn:SESSION-fa0b840fdb1355d3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ee12e96d458a4e4:flow:078b14d45d42	SESSION-1ee12e96d458a4e4 → flow:078b14d45d42
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.15:asn:271410	host:131.196.30.15 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d8d89328eefc28d4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d8d89328eefc28d4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-651f6fdc4d4e9c59:host:172.234.197.23	SESSION-651f6fdc4d4e9c59 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51257a0fcd8d6a04:flow:69cea22f1850	SESSION-51257a0fcd8d6a04 → flow:69cea22f1850
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1db6dc9c45987f6e:host:172.234.197.23	SESSION-1db6dc9c45987f6e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c0ba3366d883914:host:131.196.31.92	SESSION-9c0ba3366d883914 → host:131.196.31.92
FLOW_TO_HOSTOBS	e:to:SESSION-0c4b638117ccca22:host:177.10.237.79	SESSION-0c4b638117ccca22 → host:177.10.237.79
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2eff7ebef8fd9091:SESSION-2eff7ebef8fd9091	SESSION-2eff7ebef8fd9091 → pe:syn:SESSION-2eff7ebef8fd9091
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96878fba39db06d8:SESSION-96878fba39db06d8	SESSION-96878fba39db06d8 → pe:tls:SESSION-96878fba39db06d8
FLOW_TO_HOSTOBS	e:to:SESSION-cff1d643020db9d5:host:172.234.197.23	SESSION-cff1d643020db9d5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08d3390238946fda:host:172.234.197.23	SESSION-08d3390238946fda → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1cbcb5d52df9d7c9:host:172.234.197.23	SESSION-1cbcb5d52df9d7c9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2612f05d73d2	flow:2612f05d73d2 → host:131.196.31.52 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a5106b190666c06c:SESSION-a5106b190666c06c	SESSION-a5106b190666c06c → pe:syn:SESSION-a5106b190666c06c
FLOW_TO_HOSTOBS	e:to:SESSION-131cbd262c833b9b:host:172.234.197.23	SESSION-131cbd262c833b9b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e507ba8a6b40	flow:e507ba8a6b40 → host:177.10.237.159 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6798e98bad768e0d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-6798e98bad768e0d → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-34cbebf9a190be23:host:131.196.30.253:host:172.234.197.23	SESSION-34cbebf9a190be23 → host:131.196.30.253 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a418060e7d2d204b:host:177.10.235.140	SESSION-a418060e7d2d204b → host:177.10.235.140
flow_observed4-aryOBS	e:fo:flow:096c477c6fa2	flow:096c477c6fa2 → host:172.234.197.23 → host:131.196.29.161 → port:tcp:11683
flow_observed5-aryOBS	e:fo:flow:cadf0893e2ce	flow:cadf0893e2ce → host:177.10.235.158 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-8f62140848f2b702:SESSION-8f62140848f2b702	SESSION-8f62140848f2b702 → pe:rst:SESSION-8f62140848f2b702
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d7c23b0aff57d2da:SESSION-d7c23b0aff57d2da	SESSION-d7c23b0aff57d2da → pe:tls:SESSION-d7c23b0aff57d2da
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-217f16055e8d00da:SESSION-217f16055e8d00da	SESSION-217f16055e8d00da → pe:tls:SESSION-217f16055e8d00da
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2091e87bc96ca173:flow:559d68ae7b62	SESSION-2091e87bc96ca173 → flow:559d68ae7b62
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9eb08591878d33c:host:172.234.197.23	SESSION-c9eb08591878d33c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:87a20577fb9f	flow:87a20577fb9f → host:177.10.237.87 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.109:geo_19.07480_72.88560	host:45.145.152.109 → geo_19.07480_72.88560
FLOW_TO_HOSTOBS	e:to:SESSION-e28b3ef52579af3b:host:177.10.232.155	SESSION-e28b3ef52579af3b → host:177.10.232.155
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0f2cdff3ab49e1a1:SESSION-0f2cdff3ab49e1a1	SESSION-0f2cdff3ab49e1a1 → pe:syn:SESSION-0f2cdff3ab49e1a1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4fb1f3797e8f19a3:SESSION-4fb1f3797e8f19a3	SESSION-4fb1f3797e8f19a3 → pe:syn:SESSION-4fb1f3797e8f19a3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a437e2422713bf06:PCAP:capture_20260430050001:8868731bf8a4	SESSION-a437e2422713bf06 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa26c3a0a6de1666:SESSION-aa26c3a0a6de1666	SESSION-aa26c3a0a6de1666 → pe:syn:SESSION-aa26c3a0a6de1666
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ccb8c7743352cfdc:host:131.196.31.84	SESSION-ccb8c7743352cfdc → host:131.196.31.84
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4fe97044eaa4ff8:host:177.10.236.124	SESSION-c4fe97044eaa4ff8 → host:177.10.236.124
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a516ba4c4f8948a0:SESSION-a516ba4c4f8948a0	SESSION-a516ba4c4f8948a0 → pe:syn:SESSION-a516ba4c4f8948a0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-52e1254f2f15b333:host:172.234.197.23:host:177.10.235.87	SESSION-52e1254f2f15b333 → host:172.234.197.23 → host:177.10.235.87
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96c334cbd5a64077:flow:c47c7aa7a02f	SESSION-96c334cbd5a64077 → flow:c47c7aa7a02f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-191c84cbdd981857:SESSION-191c84cbdd981857	SESSION-191c84cbdd981857 → pe:syn:SESSION-191c84cbdd981857
FLOW_DST_PORTOBS	e:fp:flow:929493d04888:port:tcp:23912	flow:929493d04888 → port:tcp:23912
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b1edba75af29ea2:host:131.196.31.228	SESSION-8b1edba75af29ea2 → host:131.196.31.228
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2fc2bfb2b0c4767b:flow:d7cbc1377cf9	SESSION-2fc2bfb2b0c4767b → flow:d7cbc1377cf9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dd4c16dfff279521:flow:85194d6067d8	SESSION-dd4c16dfff279521 → flow:85194d6067d8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-67ad2a69e8a9ea9e:flow:2700d829f582	SESSION-67ad2a69e8a9ea9e → flow:2700d829f582
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.107:geo_-23.62930_-46.63510	host:131.196.28.107 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.125:geo_-16.28860_-49.01640	host:177.10.238.125 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1d77012e48557176:SESSION-1d77012e48557176	SESSION-1d77012e48557176 → pe:tls:SESSION-1d77012e48557176
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f0b6872bf6474c44:SESSION-f0b6872bf6474c44	SESSION-f0b6872bf6474c44 → pe:syn:SESSION-f0b6872bf6474c44
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51b700d0442eff09:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-51b700d0442eff09 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0fd6726780ee8778:host:172.234.197.23	SESSION-0fd6726780ee8778 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:639cb22fe98d:port:tcp:16394	flow:639cb22fe98d → port:tcp:16394
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6050ca7af62c0465:host:172.234.197.23	SESSION-6050ca7af62c0465 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:358a33420eeb:port:tcp:443	flow:358a33420eeb → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-e7e8f7da56292748:host:172.234.197.23	SESSION-e7e8f7da56292748 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-bc1a8a6f7d90953a:BSG-BEACON-e07f4250263f	SESSION-bc1a8a6f7d90953a → BSG-BEACON-e07f4250263f
FLOW_FROM_HOSTOBS	e:from:SESSION-24763432928200fc:host:177.10.238.28	SESSION-24763432928200fc → host:177.10.238.28
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-905e7318b3a63042:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-905e7318b3a63042 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:aa1c159fda0e:port:tcp:443	flow:aa1c159fda0e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-66fe61e0e919e0c7:SESSION-66fe61e0e919e0c7	SESSION-66fe61e0e919e0c7 → pe:tls:SESSION-66fe61e0e919e0c7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a6edbcdecdf7d835:SESSION-a6edbcdecdf7d835	SESSION-a6edbcdecdf7d835 → pe:syn:SESSION-a6edbcdecdf7d835
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f5958a673e968588:flow:03a779e7b01d	SESSION-f5958a673e968588 → flow:03a779e7b01d
flow_observed4-aryOBS	e:fo:flow:471482b35982	flow:471482b35982 → host:172.234.197.23 → host:177.10.237.116 → port:tcp:58985
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9de698333fa1afcb:host:172.234.197.23	SESSION-9de698333fa1afcb → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8d52381659b8aa3f:host:177.10.238.53:host:172.234.197.23	SESSION-8d52381659b8aa3f → host:177.10.238.53 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-abaf8d71fe47df1c:host:172.234.197.23	SESSION-abaf8d71fe47df1c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.133:asn:271410	host:131.196.28.133 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f2a561db8449259:flow:eb26a1b8e4cd	SESSION-4f2a561db8449259 → flow:eb26a1b8e4cd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7de8e99103378c90:host:172.232.0.16	SESSION-7de8e99103378c90 → host:172.232.0.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5a59556c261862d:PCAP:capture_20260430150001:ded20914761d	SESSION-b5a59556c261862d → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.124:geo_-16.28860_-49.01640	host:177.10.233.124 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9e87c1bf59f6ff4a:flow:141481d8aead	SESSION-9e87c1bf59f6ff4a → flow:141481d8aead
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e69d77cebc13bf2:host:185.231.226.20	SESSION-1e69d77cebc13bf2 → host:185.231.226.20
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6104696c1212e0a0:host:172.234.197.23	SESSION-6104696c1212e0a0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-60aea8c76fce71c9:host:172.234.197.23	SESSION-60aea8c76fce71c9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a6d1acf39452c448:flow:e05bb1ac9ff3	SESSION-a6d1acf39452c448 → flow:e05bb1ac9ff3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96298fdbde5cf19b:SESSION-96298fdbde5cf19b	SESSION-96298fdbde5cf19b → pe:syn:SESSION-96298fdbde5cf19b
flow_observed5-aryOBS	e:fo:flow:c211def664df	flow:c211def664df → host:131.196.28.0 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:32d972b9f5d8	flow:32d972b9f5d8 → host:172.234.197.23 → host:177.10.237.147 → port:tcp:59963
FLOW_FROM_HOSTOBS	e:from:SESSION-e3fba4062f618c50:host:131.196.29.12	SESSION-e3fba4062f618c50 → host:131.196.29.12
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5940a5357983452d:host:172.234.197.23	SESSION-5940a5357983452d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d1b588a91707aaaf:SESSION-d1b588a91707aaaf	SESSION-d1b588a91707aaaf → pe:syn:SESSION-d1b588a91707aaaf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ff0c6bdae7c0fa78:flow:14298c15af91	SESSION-ff0c6bdae7c0fa78 → flow:14298c15af91
FLOW_TO_HOSTOBS	e:to:SESSION-045546313cbf5843:host:172.234.197.23	SESSION-045546313cbf5843 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.173:geo_-21.10010_-41.69200	host:45.173.156.173 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8d8e16e7f7cb138:PCAP:capture_20260430090001:065659c7d314	SESSION-c8d8e16e7f7cb138 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-25e11e259146e3a2:host:177.10.238.137	SESSION-25e11e259146e3a2 → host:177.10.238.137
FLOW_TO_HOSTOBS	e:to:SESSION-5e72c530de39a222:host:172.234.197.23	SESSION-5e72c530de39a222 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.219:geo_-16.28860_-49.01640	host:177.10.239.219 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:395e05a95131:port:tcp:443	flow:395e05a95131 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:88ea342ab17d:port:tcp:443	flow:88ea342ab17d → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.202:asn:273470	host:45.173.156.202 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4449fca2fd34af5e:host:131.196.28.62:host:172.234.197.23	SESSION-4449fca2fd34af5e → host:131.196.28.62 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-52e63b8cb0c4a7de:host:177.10.238.135	SESSION-52e63b8cb0c4a7de → host:177.10.238.135
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8a52e21a979a3cd:flow:85bddf7d0383	SESSION-c8a52e21a979a3cd → flow:85bddf7d0383
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a01362ca7d087a96:SESSION-a01362ca7d087a96	SESSION-a01362ca7d087a96 → pe:tls:SESSION-a01362ca7d087a96
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-58209016b963372b:host:131.196.31.129:host:172.234.197.23	SESSION-58209016b963372b → host:131.196.31.129 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.18:geo_-23.62930_-46.63510	host:131.196.31.18 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.40:asn:262880	host:177.10.235.40 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-605f000d6a5e20b1:host:131.196.29.221	SESSION-605f000d6a5e20b1 → host:131.196.29.221
flow_observed5-aryOBS	e:fo:flow:fe4c3c3b22f1	flow:fe4c3c3b22f1 → host:177.10.237.101 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e0550020c1215cf:host:131.196.28.16	SESSION-1e0550020c1215cf → host:131.196.28.16
flow_observed4-aryOBS	e:fo:flow:ce9079d0e1b1	flow:ce9079d0e1b1 → host:172.234.197.23 → host:131.196.29.225 → port:tcp:16414
FLOW_FROM_HOSTOBS	e:from:SESSION-a9e0f3ba046c015f:host:172.234.197.23	SESSION-a9e0f3ba046c015f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:71bd70153854	flow:71bd70153854 → host:177.10.238.28 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f951b8fc6e0dd11c:SESSION-f951b8fc6e0dd11c	SESSION-f951b8fc6e0dd11c → pe:tls:SESSION-f951b8fc6e0dd11c
FLOW_TO_HOSTOBS	e:to:SESSION-b35aac65e648dac0:host:172.234.197.23	SESSION-b35aac65e648dac0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5712989ddbf4728b:SESSION-5712989ddbf4728b	SESSION-5712989ddbf4728b → pe:tls:SESSION-5712989ddbf4728b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-415460770952c9a4:PCAP:capture_20260430090001:065659c7d314	SESSION-415460770952c9a4 → PCAP:capture_20260430090001:065659c7d314
FLOW_TLS_SNIOBS	e:fs:flow:0bf2deeeb39a:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:0bf2deeeb39a → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-166e94983783f266:PCAP:capture_20260430090001:065659c7d314	SESSION-166e94983783f266 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d77012e48557176:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1d77012e48557176 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96d412735d478f25:SESSION-96d412735d478f25	SESSION-96d412735d478f25 → pe:tls:SESSION-96d412735d478f25
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-d1075bb458d3b18a:SESSION-d1075bb458d3b18a	SESSION-d1075bb458d3b18a → pe:rst:SESSION-d1075bb458d3b18a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f00ab97ef4b401c8:SESSION-f00ab97ef4b401c8	SESSION-f00ab97ef4b401c8 → pe:syn:SESSION-f00ab97ef4b401c8
FLOW_FROM_HOSTOBS	e:from:SESSION-d43ada4a289f704d:host:131.196.31.197	SESSION-d43ada4a289f704d → host:131.196.31.197
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e53dab5788851a26:host:172.234.197.23	SESSION-e53dab5788851a26 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.248:asn:271410	host:131.196.29.248 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-75add779b1a22971:PCAP:capture_20260430080001:93f47cc296a4	SESSION-75add779b1a22971 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-9c596c163b79d372:host:172.234.197.23	SESSION-9c596c163b79d372 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:32711f82649a	flow:32711f82649a → host:172.234.197.23 → host:131.196.31.187 → port:tcp:41641
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-777f9d135946568c:host:172.234.197.23:host:177.10.232.159	SESSION-777f9d135946568c → host:172.234.197.23 → host:177.10.232.159
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bfc33587dc4bfad3:flow:99b079c2bd3a	SESSION-bfc33587dc4bfad3 → flow:99b079c2bd3a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.104:geo_-23.62930_-46.63510	host:131.196.30.104 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:2fe05b6b50c5:port:tcp:22523	flow:2fe05b6b50c5 → port:tcp:22523
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5c7330336192768:host:177.10.239.122	SESSION-b5c7330336192768 → host:177.10.239.122
FLOW_TO_HOSTOBS	e:to:SESSION-27f108382ab89b5c:host:2.57.122.192	SESSION-27f108382ab89b5c → host:2.57.122.192
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-010644d8880e6139:PCAP:capture_20260430090001:065659c7d314	SESSION-010644d8880e6139 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b977b804ba3f4edd:SESSION-b977b804ba3f4edd	SESSION-b977b804ba3f4edd → pe:tls:SESSION-b977b804ba3f4edd
FLOW_TO_HOSTOBS	e:to:SESSION-393eb1cd54ab212e:host:172.234.197.23	SESSION-393eb1cd54ab212e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-738e0b0c3dd2dd03:SESSION-738e0b0c3dd2dd03	SESSION-738e0b0c3dd2dd03 → pe:syn:SESSION-738e0b0c3dd2dd03
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a77adff1667c3d1:SESSION-0a77adff1667c3d1	SESSION-0a77adff1667c3d1 → pe:syn:SESSION-0a77adff1667c3d1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.120:geo_-16.28860_-49.01640	host:177.10.233.120 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65fda4a5b580780a:host:172.234.197.23	SESSION-65fda4a5b580780a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8dff22511e3d5727:host:177.10.236.139	SESSION-8dff22511e3d5727 → host:177.10.236.139
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.116:asn:262880	host:177.10.239.116 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8fb67bf931083b29:host:177.10.238.45	SESSION-8fb67bf931083b29 → host:177.10.238.45
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.101:geo_41.02140_28.99480	host:185.231.226.101 → geo_41.02140_28.99480
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-328e38096bb05d60:SESSION-328e38096bb05d60	SESSION-328e38096bb05d60 → pe:tls:SESSION-328e38096bb05d60
FLOW_DST_PORTOBS	e:fp:flow:690c59565928:port:tcp:443	flow:690c59565928 → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-738e0b0c3dd2dd03:BSG-BEACON-13f5c1fd6ae7	SESSION-738e0b0c3dd2dd03 → BSG-BEACON-13f5c1fd6ae7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df1a511d64dc2d8e:host:177.10.232.34	SESSION-df1a511d64dc2d8e → host:177.10.232.34
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ab83f0ea1c3b60ab:flow:933ff1edd14a	SESSION-ab83f0ea1c3b60ab → flow:933ff1edd14a
flow_observed3-aryOBS	e:fo:flow:6b0916189923	flow:6b0916189923 → host:13.208.161.175 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cefaeddbbade6b50:PCAP:capture_20260430080001:93f47cc296a4	SESSION-cefaeddbbade6b50 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-19f74a6b62d527a5:PCAP:capture_20260430070001:903a0e7a436b	SESSION-19f74a6b62d527a5 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bb0c069bf1f40e5a:SESSION-bb0c069bf1f40e5a	SESSION-bb0c069bf1f40e5a → pe:tls:SESSION-bb0c069bf1f40e5a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-31b8d1ec0bbdfa48:host:35.95.113.227:host:172.234.197.23	SESSION-31b8d1ec0bbdfa48 → host:35.95.113.227 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a242c68bb3594796:host:172.234.197.23	SESSION-a242c68bb3594796 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ed8e90a0efd647ab:SESSION-ed8e90a0efd647ab	SESSION-ed8e90a0efd647ab → pe:tls:SESSION-ed8e90a0efd647ab
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8f1e08bfeea32aa0:PCAP:capture_20260430110001:43611bdf6759	SESSION-8f1e08bfeea32aa0 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-b048d8915129480a:host:177.10.232.52	SESSION-b048d8915129480a → host:177.10.232.52
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-122af33beaf7e9c5:SESSION-122af33beaf7e9c5	SESSION-122af33beaf7e9c5 → pe:syn:SESSION-122af33beaf7e9c5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7377b91dd9eda5d9:host:172.234.197.23	SESSION-7377b91dd9eda5d9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-650f1a0c083a2aeb:host:172.234.197.23:host:172.232.0.16	SESSION-650f1a0c083a2aeb → host:172.234.197.23 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97bd7f793ae0ea11:host:172.234.197.23	SESSION-97bd7f793ae0ea11 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5d27f09d7c919692:host:131.196.28.207	SESSION-5d27f09d7c919692 → host:131.196.28.207
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-12879c55e793c987:host:172.234.197.23	SESSION-12879c55e793c987 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7a301fd9da8621bb:SESSION-7a301fd9da8621bb	SESSION-7a301fd9da8621bb → pe:syn:SESSION-7a301fd9da8621bb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2ec4538209fcf12:host:131.196.30.192	SESSION-d2ec4538209fcf12 → host:131.196.30.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b117f2a3fa82af67:host:177.10.235.118	SESSION-b117f2a3fa82af67 → host:177.10.235.118
FLOW_TO_HOSTOBS	e:to:SESSION-107eaa9172a242e7:host:172.234.197.23	SESSION-107eaa9172a242e7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c7c9a5d15324e2ea:SESSION-c7c9a5d15324e2ea	SESSION-c7c9a5d15324e2ea → pe:tls:SESSION-c7c9a5d15324e2ea
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2505ce7e1d614150:SESSION-2505ce7e1d614150	SESSION-2505ce7e1d614150 → pe:tls:SESSION-2505ce7e1d614150
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.231:geo_41.02140_28.99480	host:185.231.226.231 → geo_41.02140_28.99480
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-81ef982aa5449fd9:SESSION-81ef982aa5449fd9	SESSION-81ef982aa5449fd9 → pe:syn:SESSION-81ef982aa5449fd9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a4651c2a8eec0e6f:SESSION-a4651c2a8eec0e6f	SESSION-a4651c2a8eec0e6f → pe:tls:SESSION-a4651c2a8eec0e6f
FLOW_FROM_HOSTOBS	e:from:SESSION-835226e6e5119935:host:172.234.197.23	SESSION-835226e6e5119935 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-71917de89d264496:SESSION-71917de89d264496	SESSION-71917de89d264496 → pe:syn:SESSION-71917de89d264496
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.32:asn:271410	host:131.196.28.32 → asn:271410
flow_observed5-aryOBS	e:fo:flow:91b81cda4b2e	flow:91b81cda4b2e → host:177.10.237.97 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:ce213669da36:port:tcp:14321	flow:ce213669da36 → port:tcp:14321
FLOW_TO_HOSTOBS	e:to:SESSION-ea19b3bdbd95a16b:host:172.234.197.23	SESSION-ea19b3bdbd95a16b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-92484e45d6e7b321:flow:79f8753e726b	SESSION-92484e45d6e7b321 → flow:79f8753e726b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-779d668625040802:host:177.10.232.133	SESSION-779d668625040802 → host:177.10.232.133
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5ddc9130fa518dc:SESSION-b5ddc9130fa518dc	SESSION-b5ddc9130fa518dc → pe:tls:SESSION-b5ddc9130fa518dc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-36b6bef962351df3:SESSION-36b6bef962351df3	SESSION-36b6bef962351df3 → pe:tls:SESSION-36b6bef962351df3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-577376347fdfe894:host:172.234.197.23	SESSION-577376347fdfe894 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1eb19142561b47ba:host:131.196.31.142	SESSION-1eb19142561b47ba → host:131.196.31.142
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d5b5151108975cf:host:172.234.197.23	SESSION-4d5b5151108975cf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd57eb7fcad3510c:host:172.234.197.23	SESSION-fd57eb7fcad3510c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9d87fb457f27	flow:9d87fb457f27 → host:177.10.232.93 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-cad98c39a19fe348:host:172.234.197.23	SESSION-cad98c39a19fe348 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6f99e1376da42693:flow:31fdf1497dec	SESSION-6f99e1376da42693 → flow:31fdf1497dec
FLOW_DST_PORTOBS	e:fp:flow:454a5a5ddf6b:port:tcp:443	flow:454a5a5ddf6b → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-13bd66b79cddeec8:host:172.234.197.23	SESSION-13bd66b79cddeec8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b481f21a133f6fd1:flow:7dea48a828dd	SESSION-b481f21a133f6fd1 → flow:7dea48a828dd
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-72786bca04f1b5c7:flow:0e3ea2ef1c63	SESSION-72786bca04f1b5c7 → flow:0e3ea2ef1c63
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a27c97c4e7ac566:host:131.196.29.201	SESSION-9a27c97c4e7ac566 → host:131.196.29.201
flow_observed5-aryOBS	e:fo:flow:43a1a1f1a713	flow:43a1a1f1a713 → host:45.173.156.126 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e4cbb1218941faec:host:131.196.31.87	SESSION-e4cbb1218941faec → host:131.196.31.87
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ca00666a1b5cdae:host:172.234.197.23	SESSION-1ca00666a1b5cdae → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fbcf03ac27ad8556:SESSION-fbcf03ac27ad8556	SESSION-fbcf03ac27ad8556 → pe:tls:SESSION-fbcf03ac27ad8556
FLOW_DST_PORTOBS	e:fp:flow:3284f4e4ac94:port:tcp:443	flow:3284f4e4ac94 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-f78775658cb84616:host:172.234.197.23	SESSION-f78775658cb84616 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65bd30307946d7be:host:172.234.197.23	SESSION-65bd30307946d7be → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:cd8bcd725224:port:tcp:10004	flow:cd8bcd725224 → port:tcp:10004
FLOW_DST_PORTOBS	e:fp:flow:5521a80044bf:port:tcp:50229	flow:5521a80044bf → port:tcp:50229
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-378aa47dbf901697:host:177.10.232.245	SESSION-378aa47dbf901697 → host:177.10.232.245
FLOW_DST_PORTOBS	e:fp:flow:87482c073df4:port:tcp:443	flow:87482c073df4 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.33:asn:262880	host:177.10.236.33 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:43f0331e10b3:port:tcp:443	flow:43f0331e10b3 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-256da911109eccd4:host:177.10.235.122	SESSION-256da911109eccd4 → host:177.10.235.122
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-60dcadff088f62ae:host:172.234.197.23:host:177.10.237.10	SESSION-60dcadff088f62ae → host:172.234.197.23 → host:177.10.237.10
FLOW_FROM_HOSTOBS	e:from:SESSION-fb6a6e3ef5fc132c:host:172.234.197.23	SESSION-fb6a6e3ef5fc132c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-6c92725f4a9fb4a7:SESSION-6c92725f4a9fb4a7	SESSION-6c92725f4a9fb4a7 → pe:rst:SESSION-6c92725f4a9fb4a7
FLOW_DST_PORTOBS	e:fp:flow:6cd7e8b30000:port:tcp:23027	flow:6cd7e8b30000 → port:tcp:23027
FLOW_DST_PORTOBS	e:fp:flow:26b0ffc32b11:port:tcp:443	flow:26b0ffc32b11 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-abaf8d71fe47df1c:PCAP:capture_20260430090001:065659c7d314	SESSION-abaf8d71fe47df1c → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-ab83f0ea1c3b60ab:host:172.234.197.23	SESSION-ab83f0ea1c3b60ab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-291dfe079248afc7:host:177.10.233.127	SESSION-291dfe079248afc7 → host:177.10.233.127
FLOW_DST_PORTOBS	e:fp:flow:55b0d3b78c4c:port:tcp:16574	flow:55b0d3b78c4c → port:tcp:16574
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a3bc2c7dd7e8bd1:flow:c742ec3abe7f	SESSION-8a3bc2c7dd7e8bd1 → flow:c742ec3abe7f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86b498cacf4afadd:host:172.234.197.23	SESSION-86b498cacf4afadd → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.249:geo_-16.28860_-49.01640	host:177.10.234.249 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:c66f85b789a3	flow:c66f85b789a3 → host:172.234.197.23 → host:177.10.237.199 → port:tcp:47087
FLOW_DST_PORTOBS	e:fp:flow:011b97b6ff41:port:tcp:443	flow:011b97b6ff41 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ceaf5a04e9815b11:host:131.196.30.147	SESSION-ceaf5a04e9815b11 → host:131.196.30.147
flow_observed5-aryOBS	e:fo:flow:411cb313d178	flow:411cb313d178 → host:177.10.237.227 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3c282c87f3b4a743:host:177.10.235.179:host:172.234.197.23	SESSION-3c282c87f3b4a743 → host:177.10.235.179 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.51:asn:273470	host:45.173.156.51 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf1d5c3c8737f760:host:177.10.235.153:host:172.234.197.23	SESSION-bf1d5c3c8737f760 → host:177.10.235.153 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.123:asn:262880	host:177.10.233.123 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-85714bf39e95506c:host:172.234.197.23	SESSION-85714bf39e95506c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb444db8c099bc0f:host:172.234.197.23	SESSION-cb444db8c099bc0f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ab4ab2abbcf9:port:tcp:52813	flow:ab4ab2abbcf9 → port:tcp:52813
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f7e801a59e8e93f:host:172.234.197.23	SESSION-3f7e801a59e8e93f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bedaa62e135c647a:host:172.234.197.23:host:131.196.28.238	SESSION-bedaa62e135c647a → host:172.234.197.23 → host:131.196.28.238
FLOW_FROM_HOSTOBS	e:from:SESSION-516e4259bbcb51e8:host:177.10.238.31	SESSION-516e4259bbcb51e8 → host:177.10.238.31
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7f77535316d56a4c:host:56.155.73.64:host:172.234.197.23	SESSION-7f77535316d56a4c → host:56.155.73.64 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-c2099dbde4b7ef03:BSG-BEACON-0536ad8c19a0	SESSION-c2099dbde4b7ef03 → BSG-BEACON-0536ad8c19a0
FLOW_DST_PORTOBS	e:fp:flow:972e46fe73d9:port:tcp:443	flow:972e46fe73d9 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2d93e5dd98af62cc:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2d93e5dd98af62cc → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7a70c074fb73905e:SESSION-7a70c074fb73905e	SESSION-7a70c074fb73905e → pe:tls:SESSION-7a70c074fb73905e
FLOW_DST_PORTOBS	e:fp:flow:34b9193bd10f:port:tcp:443	flow:34b9193bd10f → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:788aa44c6648	flow:788aa44c6648 → host:131.196.29.40 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6328c86c978f61df:SESSION-6328c86c978f61df	SESSION-6328c86c978f61df → pe:tls:SESSION-6328c86c978f61df
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f3e8e9199df130f:host:172.234.197.23	SESSION-5f3e8e9199df130f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c9c5b30eb4b7e446:flow:13647d1a55ac	SESSION-c9c5b30eb4b7e446 → flow:13647d1a55ac
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.175:asn:271410	host:131.196.29.175 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:16.171.255.229:geo_59.32870_18.07170	host:16.171.255.229 → geo_59.32870_18.07170
flow_observed4-aryOBS	e:fo:flow:4481ce0e345c	flow:4481ce0e345c → host:172.234.197.23 → host:131.196.28.44 → port:tcp:56850
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-42b603b0c5709a24:PCAP:capture_20260430060001:919b39a74464	SESSION-42b603b0c5709a24 → PCAP:capture_20260430060001:919b39a74464
flow_observed4-aryOBS	e:fo:flow:9fa608f3842a	flow:9fa608f3842a → host:172.234.197.23 → host:45.173.156.5 → port:tcp:29513
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9128704be6a27a1a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-9128704be6a27a1a → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d58e8fad9dafe114:host:131.196.28.178:host:172.234.197.23	SESSION-d58e8fad9dafe114 → host:131.196.28.178 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ae8012f8306fedb:host:177.10.238.251	SESSION-6ae8012f8306fedb → host:177.10.238.251
FLOW_DST_PORTOBS	e:fp:flow:dbef17f7c5ef:port:tcp:443	flow:dbef17f7c5ef → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:4383ccc27ae9	flow:4383ccc27ae9 → host:172.234.197.23 → host:177.10.232.204 → port:tcp:50649
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8b9d154eee5d788:host:131.196.28.242:host:172.234.197.23	SESSION-c8b9d154eee5d788 → host:131.196.28.242 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4dda4cfeb9223891:host:45.145.152.245	SESSION-4dda4cfeb9223891 → host:45.145.152.245
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2387fa1f153c5b33:host:177.10.238.9:host:172.234.197.23	SESSION-2387fa1f153c5b33 → host:177.10.238.9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c1df48b404d2bce0:flow:2ad668520c4d	SESSION-c1df48b404d2bce0 → flow:2ad668520c4d
FLOW_FROM_HOSTOBS	e:from:SESSION-8a77e99309dd6e28:host:177.10.235.14	SESSION-8a77e99309dd6e28 → host:177.10.235.14
FLOW_TO_HOSTOBS	e:to:SESSION-7c506d9600407809:host:172.234.197.23	SESSION-7c506d9600407809 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:576c55007fd6:port:tcp:443	flow:576c55007fd6 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5e220c81ec884c58:host:177.10.235.128:host:172.234.197.23	SESSION-5e220c81ec884c58 → host:177.10.235.128 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:91eaffbcef38	flow:91eaffbcef38 → host:172.234.197.23 → host:177.10.234.176 → port:tcp:37323
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf132b40533c7dcc:host:172.234.197.23	SESSION-bf132b40533c7dcc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-67ad2a69e8a9ea9e:host:172.234.197.23	SESSION-67ad2a69e8a9ea9e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-1d8b07a8bebdede3:SESSION-1d8b07a8bebdede3	SESSION-1d8b07a8bebdede3 → pe:dns:SESSION-1d8b07a8bebdede3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be4f81bef58a140b:flow:54db2b5d922b	SESSION-be4f81bef58a140b → flow:54db2b5d922b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-493920f19ab5585b:flow:d99b71d3b5fd	SESSION-493920f19ab5585b → flow:d99b71d3b5fd
FLOW_FROM_HOSTOBS	e:from:SESSION-4298399acb708ae5:host:172.234.197.23	SESSION-4298399acb708ae5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1a13868d230b:port:tcp:24472	flow:1a13868d230b → port:tcp:24472
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a3123a8609bb9fc1:PCAP:capture_20260430060001:919b39a74464	SESSION-a3123a8609bb9fc1 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-036bdbf16af23428:flow:5b3d50f7cdb9	SESSION-036bdbf16af23428 → flow:5b3d50f7cdb9
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.91:asn:262880	host:177.10.232.91 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ba3ff89783efd81:host:172.234.197.23	SESSION-4ba3ff89783efd81 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d53928eb39cd6093:host:172.234.197.23	SESSION-d53928eb39cd6093 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36f959353527c71a:host:172.234.197.23	SESSION-36f959353527c71a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cc58620ced71d747:host:131.196.29.192	SESSION-cc58620ced71d747 → host:131.196.29.192
FLOW_DST_PORTOBS	e:fp:flow:cb392402663a:port:tcp:40509	flow:cb392402663a → port:tcp:40509
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.116:asn:262880	host:177.10.237.116 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4ecf1376a54312e6:SESSION-4ecf1376a54312e6	SESSION-4ecf1376a54312e6 → pe:tls:SESSION-4ecf1376a54312e6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a8c8ed56d6827efd:flow:c664a3f725a3	SESSION-a8c8ed56d6827efd → flow:c664a3f725a3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.60:geo_-23.62930_-46.63510	host:131.196.29.60 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-ed8e90a0efd647ab:host:172.234.197.23	SESSION-ed8e90a0efd647ab → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.40:geo_-16.28860_-49.01640	host:177.10.236.40 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-60441095965530ae:flow:e627aad17e4f	SESSION-60441095965530ae → flow:e627aad17e4f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9ada05a103ba2b64:flow:9d1deff47539	SESSION-9ada05a103ba2b64 → flow:9d1deff47539
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-08924e756ead6523:PCAP:capture_20260430080001:93f47cc296a4	SESSION-08924e756ead6523 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-51b700d0442eff09:host:172.234.197.23	SESSION-51b700d0442eff09 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f95aea3e66ab57b:host:172.234.197.23:host:177.10.235.64	SESSION-4f95aea3e66ab57b → host:172.234.197.23 → host:177.10.235.64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d5969e9f81f277f3:SESSION-d5969e9f81f277f3	SESSION-d5969e9f81f277f3 → pe:syn:SESSION-d5969e9f81f277f3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ed5a5f4d7e8650f:flow:4d142266c6f4	SESSION-6ed5a5f4d7e8650f → flow:4d142266c6f4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-03cee9bc49b35179:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-03cee9bc49b35179 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-69ca44a412c8d221:SESSION-69ca44a412c8d221	SESSION-69ca44a412c8d221 → pe:tls:SESSION-69ca44a412c8d221
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-537461a77052bb13:host:92.112.71.219	SESSION-537461a77052bb13 → host:92.112.71.219
flow_observed4-aryOBS	e:fo:flow:d9190055622b	flow:d9190055622b → host:172.234.197.23 → host:131.196.28.187 → port:tcp:23492
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57096089299b193e:host:131.196.30.104	SESSION-57096089299b193e → host:131.196.30.104
FLOW_DST_PORTOBS	e:fp:flow:c9e3aedcd058:port:tcp:20862	flow:c9e3aedcd058 → port:tcp:20862
FLOW_FROM_HOSTOBS	e:from:SESSION-cd4f490a373a283b:host:5.182.209.49	SESSION-cd4f490a373a283b → host:5.182.209.49
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98d24f4ecefc5585:host:64.237.250.51	SESSION-98d24f4ecefc5585 → host:64.237.250.51
flow_observed5-aryOBS	e:fo:flow:1e6d3fc93a23	flow:1e6d3fc93a23 → host:131.196.29.14 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-07ba7d1d1566dce2:SESSION-07ba7d1d1566dce2	SESSION-07ba7d1d1566dce2 → pe:syn:SESSION-07ba7d1d1566dce2
flow_observed5-aryOBS	e:fo:flow:6d5104ce4fb1	flow:6d5104ce4fb1 → host:185.231.226.255 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-d4a5a6c818be705f:host:172.234.197.23	SESSION-d4a5a6c818be705f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:32fced2fce95	flow:32fced2fce95 → host:131.196.30.55 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-976978a22e52e06d:host:177.10.235.231	SESSION-976978a22e52e06d → host:177.10.235.231
FLOW_FROM_HOSTOBS	e:from:SESSION-0a79875656e67c68:host:177.10.233.98	SESSION-0a79875656e67c68 → host:177.10.233.98
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65029066d9cd1f24:host:45.173.156.10	SESSION-65029066d9cd1f24 → host:45.173.156.10
FLOW_FROM_HOSTOBS	e:from:SESSION-0537be800f2fa6cb:host:45.173.156.110	SESSION-0537be800f2fa6cb → host:45.173.156.110
FLOW_TO_HOSTOBS	e:to:SESSION-296f629f4229b1a2:host:172.234.197.23	SESSION-296f629f4229b1a2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8f8f919bfd11f34b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8f8f919bfd11f34b → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b05aeaff4a071503:flow:343bb530aa8e	SESSION-b05aeaff4a071503 → flow:343bb530aa8e
flow_observed5-aryOBS	e:fo:flow:482a5bca40e0	flow:482a5bca40e0 → host:177.10.237.151 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-381f999774715cfc:host:172.234.197.23	SESSION-381f999774715cfc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a904c233015ef9c:host:172.234.197.23	SESSION-4a904c233015ef9c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-de115ad7179345b0:SESSION-de115ad7179345b0	SESSION-de115ad7179345b0 → pe:syn:SESSION-de115ad7179345b0
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.14:asn:262880	host:177.10.235.14 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-65f6be25ebaee411:host:131.196.30.145	SESSION-65f6be25ebaee411 → host:131.196.30.145
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d5ad022ad4096ce5:flow:51011bc622ec	SESSION-d5ad022ad4096ce5 → flow:51011bc622ec
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e5490e36eb363059:SESSION-e5490e36eb363059	SESSION-e5490e36eb363059 → pe:syn:SESSION-e5490e36eb363059
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ad42e8c66a89ee5:SESSION-8ad42e8c66a89ee5	SESSION-8ad42e8c66a89ee5 → pe:syn:SESSION-8ad42e8c66a89ee5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-32012e3b5048e415:flow:7be02e8098b8	SESSION-32012e3b5048e415 → flow:7be02e8098b8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7b4a3756900fa00c:SESSION-7b4a3756900fa00c	SESSION-7b4a3756900fa00c → pe:syn:SESSION-7b4a3756900fa00c
FLOW_TO_HOSTOBS	e:to:SESSION-0b5f77768a227f3c:host:172.234.197.23	SESSION-0b5f77768a227f3c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-99cbc6df23fa1e57:SESSION-99cbc6df23fa1e57	SESSION-99cbc6df23fa1e57 → pe:tls:SESSION-99cbc6df23fa1e57
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f81e7ae5e8e38135:host:131.196.30.58:host:172.234.197.23	SESSION-f81e7ae5e8e38135 → host:131.196.30.58 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ee986621b3f988f:flow:69177a9aac9e	SESSION-1ee986621b3f988f → flow:69177a9aac9e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-353fd641d57f7d93:flow:012ae353881c	SESSION-353fd641d57f7d93 → flow:012ae353881c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-be24a8e57194faf0:SESSION-be24a8e57194faf0	SESSION-be24a8e57194faf0 → pe:syn:SESSION-be24a8e57194faf0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88d03f5c2bc073a8:host:172.234.197.23	SESSION-88d03f5c2bc073a8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:549ca914ae37	flow:549ca914ae37 → host:131.196.29.225 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-7e512980b1e52beb:host:177.10.233.98	SESSION-7e512980b1e52beb → host:177.10.233.98
flow_observed5-aryOBS	e:fo:flow:fe94096b0d58	flow:fe94096b0d58 → host:45.173.156.78 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d083da2d95669221:host:177.10.237.63:host:172.234.197.23	SESSION-d083da2d95669221 → host:177.10.237.63 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19ad8f01572b4d12:host:177.10.238.8	SESSION-19ad8f01572b4d12 → host:177.10.238.8
FLOW_FROM_HOSTOBS	e:from:SESSION-1e69d77cebc13bf2:host:185.231.226.20	SESSION-1e69d77cebc13bf2 → host:185.231.226.20
FLOW_DST_PORTOBS	e:fp:flow:6f014e747003:port:tcp:443	flow:6f014e747003 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.182:asn:262880	host:177.10.233.182 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-16df0786ef84574d:flow:0d57cdd2a340	SESSION-16df0786ef84574d → flow:0d57cdd2a340
FLOW_FROM_HOSTOBS	e:from:SESSION-4a457a833cb01b1f:host:131.196.29.40	SESSION-4a457a833cb01b1f → host:131.196.29.40
FLOW_TO_HOSTOBS	e:to:SESSION-f6ab7360966186b9:host:172.234.197.23	SESSION-f6ab7360966186b9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-86b61cf52362ae86:SESSION-86b61cf52362ae86	SESSION-86b61cf52362ae86 → pe:syn:SESSION-86b61cf52362ae86
FLOW_DST_PORTOBS	e:fp:flow:14302fa43c8e:port:tcp:443	flow:14302fa43c8e → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-3bfa302feda190a0:host:172.234.197.23	SESSION-3bfa302feda190a0 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3d1337acddb52863:flow:8c37d8569a8d	SESSION-3d1337acddb52863 → flow:8c37d8569a8d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55e2fb280d3c8e24:host:172.234.197.23	SESSION-55e2fb280d3c8e24 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4d5b5151108975cf:host:177.10.239.194	SESSION-4d5b5151108975cf → host:177.10.239.194
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-53f84807a0945e6c:host:172.234.197.23	SESSION-53f84807a0945e6c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4f73d5c81ac41c00:SESSION-4f73d5c81ac41c00	SESSION-4f73d5c81ac41c00 → pe:tls:SESSION-4f73d5c81ac41c00
flow_observed5-aryOBS	e:fo:flow:7be02e8098b8	flow:7be02e8098b8 → host:131.196.31.83 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ce92926e8e7d59d2:PCAP:capture_20260430090001:065659c7d314	SESSION-ce92926e8e7d59d2 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20aee5a5b6e9be41:host:45.173.156.219	SESSION-20aee5a5b6e9be41 → host:45.173.156.219
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed79241b929fab43:host:172.234.197.23	SESSION-ed79241b929fab43 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d741000864bcf81f:host:45.173.156.230	SESSION-d741000864bcf81f → host:45.173.156.230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-616ab8d382244a8d:SESSION-616ab8d382244a8d	SESSION-616ab8d382244a8d → pe:tls:SESSION-616ab8d382244a8d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-664154a8ce71c549:SESSION-664154a8ce71c549	SESSION-664154a8ce71c549 → pe:syn:SESSION-664154a8ce71c549
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-51b700d0442eff09:SESSION-51b700d0442eff09	SESSION-51b700d0442eff09 → pe:tls:SESSION-51b700d0442eff09
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-231f5887ddd9d406:host:177.10.239.145	SESSION-231f5887ddd9d406 → host:177.10.239.145
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-be95a34ad4eedb81:SESSION-be95a34ad4eedb81	SESSION-be95a34ad4eedb81 → pe:syn:SESSION-be95a34ad4eedb81
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0bf923c759cb9e4a:PCAP:capture_20260430060001:919b39a74464	SESSION-0bf923c759cb9e4a → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-6ae37c351bfd95cd:host:45.173.156.63	SESSION-6ae37c351bfd95cd → host:45.173.156.63
flow_observed5-aryOBS	e:fo:flow:bd6fe49aac03	flow:bd6fe49aac03 → host:131.196.28.67 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:155a3b53d00b	flow:155a3b53d00b → host:172.234.197.23 → host:45.173.156.201 → port:tcp:47804
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7eecd546334ac489:host:51.224.53.144	SESSION-7eecd546334ac489 → host:51.224.53.144
FLOW_DST_PORTOBS	e:fp:flow:ae46cf6a525d:port:tcp:443	flow:ae46cf6a525d → port:tcp:443
flow_observed3-aryOBS	e:fo:flow:d6349588a2ae	flow:d6349588a2ae → host:3.102.9.236 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3645126144628c28:SESSION-3645126144628c28	SESSION-3645126144628c28 → pe:tls:SESSION-3645126144628c28
FLOW_FROM_HOSTOBS	e:from:SESSION-5250861d994b3dc2:host:177.10.232.219	SESSION-5250861d994b3dc2 → host:177.10.232.219
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4066f36b6ded169d:host:177.10.236.138	SESSION-4066f36b6ded169d → host:177.10.236.138
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cf07a99306d1414b:flow:89676a843719	SESSION-cf07a99306d1414b → flow:89676a843719
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-01e03a84392b1398:SESSION-01e03a84392b1398	SESSION-01e03a84392b1398 → pe:tls:SESSION-01e03a84392b1398
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:116.235.165.166:geo_31.22220_121.45810	host:116.235.165.166 → geo_31.22220_121.45810
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f43bb83d69743819:SESSION-f43bb83d69743819	SESSION-f43bb83d69743819 → pe:tls:SESSION-f43bb83d69743819
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e4b14eb8b6ee95ef:host:172.234.197.23:host:177.10.235.255	SESSION-e4b14eb8b6ee95ef → host:172.234.197.23 → host:177.10.235.255
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b338c508fb604797:host:172.234.197.23:host:131.196.30.73	SESSION-b338c508fb604797 → host:172.234.197.23 → host:131.196.30.73
FLOW_FROM_HOSTOBS	e:from:SESSION-97537ed6358a20d5:host:45.145.152.87	SESSION-97537ed6358a20d5 → host:45.145.152.87
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cbc349d6e82ad363:PCAP:capture_20260428010001:b1b402c7b202	SESSION-cbc349d6e82ad363 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a1d91047073c4c2:flow:5fda13ddd80d	SESSION-4a1d91047073c4c2 → flow:5fda13ddd80d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7c6483e185c23934:flow:890afc9fdb82	SESSION-7c6483e185c23934 → flow:890afc9fdb82
flow_observed5-aryOBS	e:fo:flow:32215df6c1e9	flow:32215df6c1e9 → host:177.10.235.61 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:58c76ba5674f:port:udp:53	flow:58c76ba5674f → port:udp:53
flow_observed5-aryOBS	e:fo:flow:0804229defd8	flow:0804229defd8 → host:177.10.238.102 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-550b52f6103256cd:SESSION-550b52f6103256cd	SESSION-550b52f6103256cd → pe:syn:SESSION-550b52f6103256cd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9ca387fd672ab7a:host:177.10.238.145	SESSION-d9ca387fd672ab7a → host:177.10.238.145
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-01d7e8e7f6d6f55b:SESSION-01d7e8e7f6d6f55b	SESSION-01d7e8e7f6d6f55b → pe:tls:SESSION-01d7e8e7f6d6f55b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c422154c7899227e:SESSION-c422154c7899227e	SESSION-c422154c7899227e → pe:syn:SESSION-c422154c7899227e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0804c956ce93675c:SESSION-0804c956ce93675c	SESSION-0804c956ce93675c → pe:tls:SESSION-0804c956ce93675c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.198:geo_-16.28860_-49.01640	host:177.10.239.198 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-fbee5c60d72abd4e:host:172.234.197.23	SESSION-fbee5c60d72abd4e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1863330d3e94cce5:host:172.234.197.23:host:131.196.30.65	SESSION-1863330d3e94cce5 → host:172.234.197.23 → host:131.196.30.65
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.235:geo_-16.28860_-49.01640	host:177.10.238.235 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-848626bce2ee7b76:host:177.10.232.1	SESSION-848626bce2ee7b76 → host:177.10.232.1
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.72:asn:273470	host:45.173.156.72 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-592f6a5ffad96a3b:host:35.95.128.58	SESSION-592f6a5ffad96a3b → host:35.95.128.58
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.203:geo_-16.28860_-49.01640	host:177.10.237.203 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e700dd1746307a02:flow:33619393bce5	SESSION-e700dd1746307a02 → flow:33619393bce5
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.158:asn:262880	host:177.10.235.158 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-bcba548cda079292:host:172.234.197.23	SESSION-bcba548cda079292 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f02a050799431d6e:host:177.10.237.166:host:172.234.197.23	SESSION-f02a050799431d6e → host:177.10.237.166 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-287f6ffdc6040b27:host:172.234.197.23	SESSION-287f6ffdc6040b27 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4437969c398261c:host:177.10.239.51	SESSION-c4437969c398261c → host:177.10.239.51
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce9448c6704b565d:host:177.10.237.196	SESSION-ce9448c6704b565d → host:177.10.237.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2b4854b4491f9b7:host:131.196.29.233	SESSION-e2b4854b4491f9b7 → host:131.196.29.233
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a24676d50b48eccf:host:131.196.28.207:host:172.234.197.23	SESSION-a24676d50b48eccf → host:131.196.28.207 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ae5500b1626fa45f:SESSION-ae5500b1626fa45f	SESSION-ae5500b1626fa45f → pe:syn:SESSION-ae5500b1626fa45f
FLOW_FROM_HOSTOBS	e:from:SESSION-520789f72dcf866a:host:131.196.29.127	SESSION-520789f72dcf866a → host:131.196.29.127
flow_observed4-aryOBS	e:fo:flow:f984201cd04e	flow:f984201cd04e → host:172.234.197.23 → host:131.196.29.90 → port:tcp:37129
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-20066dd45b76b973:SESSION-20066dd45b76b973	SESSION-20066dd45b76b973 → pe:syn:SESSION-20066dd45b76b973
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-93e1e76eb6bfe5a3:SESSION-93e1e76eb6bfe5a3	SESSION-93e1e76eb6bfe5a3 → pe:tls:SESSION-93e1e76eb6bfe5a3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.134:geo_-21.10010_-41.69200	host:45.173.156.134 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-a2f802a56d8e0d79:host:172.234.197.23	SESSION-a2f802a56d8e0d79 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db187e026dbc97b6:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-db187e026dbc97b6 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e548e1862e666d4:PCAP:capture_20260430070001:903a0e7a436b	SESSION-4e548e1862e666d4 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-6d95ea715a47abbc:host:177.10.235.169	SESSION-6d95ea715a47abbc → host:177.10.235.169
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.145:asn:262880	host:177.10.239.145 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-de115ad7179345b0:host:131.196.29.76:host:172.234.197.23	SESSION-de115ad7179345b0 → host:131.196.29.76 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1e6437ba0c2aceec:host:45.173.156.44	SESSION-1e6437ba0c2aceec → host:45.173.156.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2811f86b559a674a:SESSION-2811f86b559a674a	SESSION-2811f86b559a674a → pe:tls:SESSION-2811f86b559a674a
FLOW_TO_HOSTOBS	e:to:SESSION-993efaa98cc6a9ac:host:177.10.232.190	SESSION-993efaa98cc6a9ac → host:177.10.232.190
FLOW_DST_PORTOBS	e:fp:flow:49f2a7783588:port:tcp:443	flow:49f2a7783588 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:d6068bac240a	flow:d6068bac240a → host:177.10.236.130 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-22bb8f06cde321ca:host:45.173.156.229	SESSION-22bb8f06cde321ca → host:45.173.156.229
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2b523e88f9ec69c3:SESSION-2b523e88f9ec69c3	SESSION-2b523e88f9ec69c3 → pe:syn:SESSION-2b523e88f9ec69c3
FLOW_TO_HOSTOBS	e:to:SESSION-0d1e9854752b2176:host:172.234.197.23	SESSION-0d1e9854752b2176 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0fa06d2bfceab141:host:131.196.30.224:host:172.234.197.23	SESSION-0fa06d2bfceab141 → host:131.196.30.224 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:84e94b5b7e79	flow:84e94b5b7e79 → host:131.196.28.208 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b96b3cde986adfb1:host:3.103.179.97	SESSION-b96b3cde986adfb1 → host:3.103.179.97
flow_observed5-aryOBS	e:fo:flow:14e7347487d9	flow:14e7347487d9 → host:131.196.29.231 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-69c66b3db447dca1:host:177.10.234.15	SESSION-69c66b3db447dca1 → host:177.10.234.15
FLOW_TO_HOSTOBS	e:to:SESSION-4fd6590fe23ccd99:host:177.10.234.18	SESSION-4fd6590fe23ccd99 → host:177.10.234.18
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-287f6ffdc6040b27:SESSION-287f6ffdc6040b27	SESSION-287f6ffdc6040b27 → pe:tls:SESSION-287f6ffdc6040b27
FLOW_FROM_HOSTOBS	e:from:SESSION-9501d29cea91bd7b:host:45.173.156.9	SESSION-9501d29cea91bd7b → host:45.173.156.9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8a95576c112cc14:host:131.196.31.220	SESSION-b8a95576c112cc14 → host:131.196.31.220
FLOW_TO_HOSTOBS	e:to:SESSION-b5fbe4987e86bc38:host:131.196.29.230	SESSION-b5fbe4987e86bc38 → host:131.196.29.230
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-938eb42ac2c00523:SESSION-938eb42ac2c00523	SESSION-938eb42ac2c00523 → pe:rst:SESSION-938eb42ac2c00523
FLOW_FROM_HOSTOBS	e:from:SESSION-6394463f1caee3eb:host:172.234.197.23	SESSION-6394463f1caee3eb → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3fed8b877378:port:tcp:443	flow:3fed8b877378 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e49f7df60935172:host:172.234.197.23	SESSION-4e49f7df60935172 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0393cf21271be7e9:host:177.10.232.158:host:172.234.197.23	SESSION-0393cf21271be7e9 → host:177.10.232.158 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b236f75d1c6493bc:host:172.234.197.23:host:177.10.232.251	SESSION-b236f75d1c6493bc → host:172.234.197.23 → host:177.10.232.251
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fdaf54c444b72c0:host:172.234.197.23	SESSION-1fdaf54c444b72c0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3651e68c2556a1c:host:177.10.239.235	SESSION-f3651e68c2556a1c → host:177.10.239.235
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee4f55e8adb586c5:host:172.234.197.23	SESSION-ee4f55e8adb586c5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac69dcbefbb93dfd:host:172.234.197.23	SESSION-ac69dcbefbb93dfd → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-58f2a638c6bf8581:BSG-BEACON-f5e7c8616dbf	SESSION-58f2a638c6bf8581 → BSG-BEACON-f5e7c8616dbf
FLOW_FROM_HOSTOBS	e:from:SESSION-4e4815ec5b053775:host:172.234.197.23	SESSION-4e4815ec5b053775 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2354f30fe4af5f56:host:131.196.28.205	SESSION-2354f30fe4af5f56 → host:131.196.28.205
FLOW_TO_HOSTOBS	e:to:SESSION-1e2a6d6aa009e10c:host:131.196.28.216	SESSION-1e2a6d6aa009e10c → host:131.196.28.216
FLOW_DST_PORTOBS	e:fp:flow:eafb10903b19:port:tcp:443	flow:eafb10903b19 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-18e7a18371a0d1bf:host:172.234.197.23	SESSION-18e7a18371a0d1bf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3831f1a5ed6fd2c0:host:172.234.197.23	SESSION-3831f1a5ed6fd2c0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-954e70596a40db71:host:177.10.232.219	SESSION-954e70596a40db71 → host:177.10.232.219
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d60c66268e099206:SESSION-d60c66268e099206	SESSION-d60c66268e099206 → pe:tls:SESSION-d60c66268e099206
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55e2fb280d3c8e24:host:131.196.29.122	SESSION-55e2fb280d3c8e24 → host:131.196.29.122
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3e5a346c4f0315a5:SESSION-3e5a346c4f0315a5	SESSION-3e5a346c4f0315a5 → pe:tls:SESSION-3e5a346c4f0315a5
FLOW_DST_PORTOBS	e:fp:flow:450566424628:port:tcp:443	flow:450566424628 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-05ec7baf0d99b24d:host:172.234.197.23	SESSION-05ec7baf0d99b24d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.67:asn:262880	host:177.10.239.67 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ac7bdbcc541a2d8:host:177.10.238.112	SESSION-8ac7bdbcc541a2d8 → host:177.10.238.112
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-107eaa9172a242e7:host:172.234.197.23	SESSION-107eaa9172a242e7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b4130b0efbd1505:host:172.234.197.23	SESSION-0b4130b0efbd1505 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-70ca21a7c0c8fc42:flow:14fef8c40f5d	SESSION-70ca21a7c0c8fc42 → flow:14fef8c40f5d
flow_observed3-aryOBS	e:fo:flow:f5ca29705dd9	flow:f5ca29705dd9 → host:103.155.16.117 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9ed3c0cac572dff6:host:45.173.156.37:host:172.234.197.23	SESSION-9ed3c0cac572dff6 → host:45.173.156.37 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cf286e26fb783f2f:flow:719154bccefe	SESSION-cf286e26fb783f2f → flow:719154bccefe
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.150:asn:262880	host:177.10.239.150 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.151:geo_-16.28860_-49.01640	host:177.10.235.151 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8f16f611b98ecbfd:host:172.234.197.23:host:131.196.30.7	SESSION-8f16f611b98ecbfd → host:172.234.197.23 → host:131.196.30.7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47ed57a240abf6fc:host:172.234.197.23	SESSION-47ed57a240abf6fc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5292197f57e4263:host:177.10.235.35	SESSION-a5292197f57e4263 → host:177.10.235.35
FLOW_FROM_HOSTOBS	e:from:SESSION-4a98c5df3fe5e6d6:host:131.196.31.58	SESSION-4a98c5df3fe5e6d6 → host:131.196.31.58
FLOW_FROM_HOSTOBS	e:from:SESSION-8b6005e750e5a47f:host:177.10.236.154	SESSION-8b6005e750e5a47f → host:177.10.236.154
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f56950d8d19e118b:host:172.234.197.23	SESSION-f56950d8d19e118b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e280ba6e8e483a35:SESSION-e280ba6e8e483a35	SESSION-e280ba6e8e483a35 → pe:syn:SESSION-e280ba6e8e483a35
FLOW_FROM_HOSTOBS	e:from:SESSION-691bf265b7044ac7:host:172.234.197.23	SESSION-691bf265b7044ac7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a03207ab88db82b5:host:45.173.156.3	SESSION-a03207ab88db82b5 → host:45.173.156.3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de35503b4a9f2ce3:host:172.234.197.23	SESSION-de35503b4a9f2ce3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:08ca89fd81e3:port:tcp:28661	flow:08ca89fd81e3 → port:tcp:28661
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e7e8f7da56292748:host:177.10.239.137:host:172.234.197.23	SESSION-e7e8f7da56292748 → host:177.10.239.137 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-99752db79d6c830d:host:172.234.197.23	SESSION-99752db79d6c830d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-850471f172c9c8e6:flow:3293ca960e74	SESSION-850471f172c9c8e6 → flow:3293ca960e74
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cfe71d52ef2e928b:host:177.10.236.70:host:172.234.197.23	SESSION-cfe71d52ef2e928b → host:177.10.236.70 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-463ebb9b343c8b6a:host:172.234.197.23	SESSION-463ebb9b343c8b6a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8d40970d8b7f:port:tcp:443	flow:8d40970d8b7f → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-682271ad5b560620:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-682271ad5b560620 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:f4e1ee04b48d:port:tcp:37130	flow:f4e1ee04b48d → port:tcp:37130
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f44963c65f506a9:host:172.234.197.23	SESSION-1f44963c65f506a9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-422ba54da9c49203:host:172.234.197.23:host:131.196.31.23	SESSION-422ba54da9c49203 → host:172.234.197.23 → host:131.196.31.23
FLOW_TO_HOSTOBS	e:to:SESSION-c402fe398bbf1491:host:172.232.0.16	SESSION-c402fe398bbf1491 → host:172.232.0.16
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-6634561e4b2b2821:BSG-BEACON-a1a38dfffb73	SESSION-6634561e4b2b2821 → BSG-BEACON-a1a38dfffb73
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-328b0864666a263b:SESSION-328b0864666a263b	SESSION-328b0864666a263b → pe:syn:SESSION-328b0864666a263b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b1cf957f4a121d77:host:172.234.197.23:host:131.196.31.6	SESSION-b1cf957f4a121d77 → host:172.234.197.23 → host:131.196.31.6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77c36ee0b21ed6bb:host:45.173.156.244	SESSION-77c36ee0b21ed6bb → host:45.173.156.244
FLOW_FROM_HOSTOBS	e:from:SESSION-24ee0ec1cbf12b9d:host:185.231.226.205	SESSION-24ee0ec1cbf12b9d → host:185.231.226.205
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0cb5698f1d5957a:host:31.40.196.151	SESSION-c0cb5698f1d5957a → host:31.40.196.151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-79b864f146b8f07b:SESSION-79b864f146b8f07b	SESSION-79b864f146b8f07b → pe:tls:SESSION-79b864f146b8f07b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6242cf24a2978d6d:SESSION-6242cf24a2978d6d	SESSION-6242cf24a2978d6d → pe:syn:SESSION-6242cf24a2978d6d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.192:geo_-23.62930_-46.63510	host:131.196.31.192 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-eb2fd2ce02add556:host:172.234.197.23	SESSION-eb2fd2ce02add556 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-36966af2dfd8700b:SESSION-36966af2dfd8700b	SESSION-36966af2dfd8700b → pe:tls:SESSION-36966af2dfd8700b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3f48cf8f11b8f73e:host:177.10.239.247:host:172.234.197.23	SESSION-3f48cf8f11b8f73e → host:177.10.239.247 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9e2f07f7ea20074:host:172.234.197.23	SESSION-f9e2f07f7ea20074 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8e1fcfb1c4254c4b:host:172.234.197.23	SESSION-8e1fcfb1c4254c4b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bca14afee5df98e9:host:131.196.29.60	SESSION-bca14afee5df98e9 → host:131.196.29.60
flow_observed5-aryOBS	e:fo:flow:4db2284d1be9	flow:4db2284d1be9 → host:177.10.233.47 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d53928eb39cd6093:host:172.234.197.23	SESSION-d53928eb39cd6093 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-caa2e371708bdf2e:flow:e356e25dcbb8	SESSION-caa2e371708bdf2e → flow:e356e25dcbb8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f5c08654c75b915c:host:172.234.197.23:host:177.10.239.0	SESSION-f5c08654c75b915c → host:172.234.197.23 → host:177.10.239.0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77a13185d72dec11:flow:46e7d0792cb3	SESSION-77a13185d72dec11 → flow:46e7d0792cb3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e1e1ef170279bd06:PCAP:capture_20260430110001:43611bdf6759	SESSION-e1e1ef170279bd06 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2887c6ee2de14ac9:host:131.196.29.175	SESSION-2887c6ee2de14ac9 → host:131.196.29.175
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.242:asn:262880	host:177.10.236.242 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-de12aa9c0bf7f485:SESSION-de12aa9c0bf7f485	SESSION-de12aa9c0bf7f485 → pe:syn:SESSION-de12aa9c0bf7f485
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51b700d0442eff09:host:172.234.197.23	SESSION-51b700d0442eff09 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:7cbdeaf957f0	flow:7cbdeaf957f0 → host:172.234.197.23 → host:131.196.29.140 → port:tcp:23725
FLOW_DST_PORTOBS	e:fp:flow:e9067679f6ca:port:tcp:443	flow:e9067679f6ca → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f88b9847e7767e00:SESSION-f88b9847e7767e00	SESSION-f88b9847e7767e00 → pe:tls:SESSION-f88b9847e7767e00
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fd72175928a8e59:host:177.10.237.163	SESSION-7fd72175928a8e59 → host:177.10.237.163
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-31f3a24ceae3d348:SESSION-31f3a24ceae3d348	SESSION-31f3a24ceae3d348 → pe:syn:SESSION-31f3a24ceae3d348
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e3db8610837fd0b8:flow:56162d06b962	SESSION-e3db8610837fd0b8 → flow:56162d06b962
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.163:geo_-16.28860_-49.01640	host:177.10.234.163 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f003ce3fae962ee:host:177.10.236.12	SESSION-1f003ce3fae962ee → host:177.10.236.12
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9c4ebc5699ec1c63:PCAP:capture_20260430110001:43611bdf6759	SESSION-9c4ebc5699ec1c63 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5e7f6e07782bad0e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-5e7f6e07782bad0e → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed4-aryOBS	e:fo:flow:8d09d19297dd	flow:8d09d19297dd → host:172.234.197.23 → host:131.196.31.159 → port:tcp:50984
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5dccafc7307f6ac:SESSION-b5dccafc7307f6ac	SESSION-b5dccafc7307f6ac → pe:tls:SESSION-b5dccafc7307f6ac
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2dbb52de45813c9a:SESSION-2dbb52de45813c9a	SESSION-2dbb52de45813c9a → pe:syn:SESSION-2dbb52de45813c9a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-72859a91c292f326:host:131.196.28.11:host:172.234.197.23	SESSION-72859a91c292f326 → host:131.196.28.11 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4636706714da3434:host:172.234.197.23	SESSION-4636706714da3434 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ee237db5b674d6c4:flow:8154aa40ebb8	SESSION-ee237db5b674d6c4 → flow:8154aa40ebb8
FLOW_DST_PORTOBS	e:fp:flow:c51b8507e6fd:port:tcp:443	flow:c51b8507e6fd → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:bea8c9a6d915	flow:bea8c9a6d915 → host:131.196.29.54 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:a057fa3e25d4:port:tcp:443	flow:a057fa3e25d4 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b875e262090a3924:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b875e262090a3924 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9912439438040361:flow:da7acd6d5ce1	SESSION-9912439438040361 → flow:da7acd6d5ce1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fac4a2f466e4583d:SESSION-fac4a2f466e4583d	SESSION-fac4a2f466e4583d → pe:syn:SESSION-fac4a2f466e4583d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e11f8c5c1e806073:flow:a2d0d15e106e	SESSION-e11f8c5c1e806073 → flow:a2d0d15e106e
flow_observed5-aryOBS	e:fo:flow:cf96beddf3bc	flow:cf96beddf3bc → host:131.196.29.60 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:ed332215381a	flow:ed332215381a → host:177.10.232.232 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db60e018ea4d304a:host:131.196.28.0:host:172.234.197.23	SESSION-db60e018ea4d304a → host:131.196.28.0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-456e62c8b4b103dc:SESSION-456e62c8b4b103dc	SESSION-456e62c8b4b103dc → pe:tls:SESSION-456e62c8b4b103dc
FLOW_DST_PORTOBS	e:fp:flow:cfdaf039c06c:port:tcp:443	flow:cfdaf039c06c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77e1145855a55905:host:131.196.31.121	SESSION-77e1145855a55905 → host:131.196.31.121
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-87ea4b729b5b64e3:PCAP:capture_20260430150001:ded20914761d	SESSION-87ea4b729b5b64e3 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-c016235dacd88a4d:host:131.196.31.77	SESSION-c016235dacd88a4d → host:131.196.31.77
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.21:asn:262880	host:177.10.236.21 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-29f6930bb002305c:host:177.10.233.254	SESSION-29f6930bb002305c → host:177.10.233.254
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8a9b85b89d918f42:SESSION-8a9b85b89d918f42	SESSION-8a9b85b89d918f42 → pe:tls:SESSION-8a9b85b89d918f42
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6b4419d123b2f0e3:flow:c9f798a7437d	SESSION-6b4419d123b2f0e3 → flow:c9f798a7437d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.98:asn:262880	host:177.10.237.98 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8e523425c561e01e:host:131.196.28.247:host:172.234.197.23	SESSION-8e523425c561e01e → host:131.196.28.247 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2ed4131e5585f31:host:131.196.29.225	SESSION-d2ed4131e5585f31 → host:131.196.29.225
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6aca8ef237a42da9:host:131.196.30.233:host:172.234.197.23	SESSION-6aca8ef237a42da9 → host:131.196.30.233 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-75d8d9da58d6d51c:PCAP:capture_20260430060001:919b39a74464	SESSION-75d8d9da58d6d51c → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-996af5414634114f:host:177.10.235.151:host:172.234.197.23	SESSION-996af5414634114f → host:177.10.235.151 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.252:asn:271410	host:131.196.30.252 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4bee67245b0f1ffd:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-4bee67245b0f1ffd → PCAP:capture_20260427230001:ca8bd1ce36e2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ef3cd86b38e13880:SESSION-ef3cd86b38e13880	SESSION-ef3cd86b38e13880 → pe:tls:SESSION-ef3cd86b38e13880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.11:geo_-16.28860_-49.01640	host:177.10.238.11 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be24a8e57194faf0:host:172.234.197.23	SESSION-be24a8e57194faf0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-489ca31c7f776997:SESSION-489ca31c7f776997	SESSION-489ca31c7f776997 → pe:tls:SESSION-489ca31c7f776997
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3d13cea2cf7dcee:host:177.10.236.195	SESSION-f3d13cea2cf7dcee → host:177.10.236.195
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b72f7dde05c7e1dd:SESSION-b72f7dde05c7e1dd	SESSION-b72f7dde05c7e1dd → pe:tls:SESSION-b72f7dde05c7e1dd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-defec876bf358011:PCAP:capture_20260430080001:93f47cc296a4	SESSION-defec876bf358011 → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.194:asn:262880	host:177.10.238.194 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:0bf660e47544:port:tcp:443	flow:0bf660e47544 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:4dc412940a0d:port:tcp:443	flow:4dc412940a0d → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6dc77b6505beb2bc:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6dc77b6505beb2bc → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-d5969e9f81f277f3:host:172.234.197.23	SESSION-d5969e9f81f277f3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d547ed30afcbb9f:host:131.196.30.233	SESSION-6d547ed30afcbb9f → host:131.196.30.233
FLOW_FROM_HOSTOBS	e:from:SESSION-61267dc46edf9a47:host:172.234.197.23	SESSION-61267dc46edf9a47 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.11:asn:262880	host:177.10.236.11 → asn:262880
flow_observed5-aryOBS	e:fo:flow:cbd950fb1800	flow:cbd950fb1800 → host:177.10.232.22 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-4b447e1896cf3c7e:host:172.234.197.23	SESSION-4b447e1896cf3c7e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:615fb32b3639:port:tcp:443	flow:615fb32b3639 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19f74a6b62d527a5:host:177.10.233.59	SESSION-19f74a6b62d527a5 → host:177.10.233.59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c70f7d0fa3cda32b:SESSION-c70f7d0fa3cda32b	SESSION-c70f7d0fa3cda32b → pe:tls:SESSION-c70f7d0fa3cda32b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fbe3edafde6a655f:host:172.234.197.23:host:80.94.92.182	SESSION-fbe3edafde6a655f → host:172.234.197.23 → host:80.94.92.182
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2474eb623db0155:host:172.234.197.23	SESSION-b2474eb623db0155 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-54d23880cad1a846:host:131.196.30.123:host:172.234.197.23	SESSION-54d23880cad1a846 → host:131.196.30.123 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-979974e101979ba8:host:194.164.107.6	SESSION-979974e101979ba8 → host:194.164.107.6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e812ffe43c670dc:host:172.234.197.23	SESSION-7e812ffe43c670dc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd8a89b380cdaceb:host:172.234.197.23	SESSION-dd8a89b380cdaceb → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-12b2fb0a733c24b6:host:177.10.232.153:host:172.234.197.23	SESSION-12b2fb0a733c24b6 → host:177.10.232.153 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.46:geo_-16.28860_-49.01640	host:177.10.236.46 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:e7744e976837:port:tcp:32526	flow:e7744e976837 → port:tcp:32526
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3254874520e1dae:host:172.234.197.23	SESSION-b3254874520e1dae → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b8ee775e10cbe172:host:45.173.156.142:host:172.234.197.23	SESSION-b8ee775e10cbe172 → host:45.173.156.142 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6cc71c07f8c21dc0:flow:9effe3c58d75	SESSION-6cc71c07f8c21dc0 → flow:9effe3c58d75
FLOW_TO_HOSTOBS	e:to:SESSION-9b209515fa806d4a:host:172.234.197.23	SESSION-9b209515fa806d4a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9c30e2da5c8abbcf:host:172.234.197.23:host:177.10.238.50	SESSION-9c30e2da5c8abbcf → host:172.234.197.23 → host:177.10.238.50
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-20c0393579af9382:SESSION-20c0393579af9382	SESSION-20c0393579af9382 → pe:tls:SESSION-20c0393579af9382
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85ceb858b118c816:host:172.234.197.23	SESSION-85ceb858b118c816 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7e4ae2c6ddba3051:SESSION-7e4ae2c6ddba3051	SESSION-7e4ae2c6ddba3051 → pe:tls:SESSION-7e4ae2c6ddba3051
FLOW_DST_PORTOBS	e:fp:flow:5cf23b9905c6:port:tcp:443	flow:5cf23b9905c6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1518dad52645fa99:host:177.10.232.24	SESSION-1518dad52645fa99 → host:177.10.232.24
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eeeeaab9fc572806:flow:269699bbdb62	SESSION-eeeeaab9fc572806 → flow:269699bbdb62
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ffbb13e97116fd4:flow:bb2bb642551a	SESSION-6ffbb13e97116fd4 → flow:bb2bb642551a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-779dfe498151f730:PCAP:capture_20260430050001:8868731bf8a4	SESSION-779dfe498151f730 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-d0835843463ad3c8:host:131.196.29.225	SESSION-d0835843463ad3c8 → host:131.196.29.225
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f56adc7043a43d99:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f56adc7043a43d99 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-664154a8ce71c549:SESSION-664154a8ce71c549	SESSION-664154a8ce71c549 → pe:tls:SESSION-664154a8ce71c549
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7375b1770c27cca2:SESSION-7375b1770c27cca2	SESSION-7375b1770c27cca2 → pe:tls:SESSION-7375b1770c27cca2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-879f882e46cb6c3f:PCAP:capture_20260430150001:ded20914761d	SESSION-879f882e46cb6c3f → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-63d746c5afa978f6:flow:6386cb02ad5f	SESSION-63d746c5afa978f6 → flow:6386cb02ad5f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d7bf020c0439ffaa:host:172.234.197.23	SESSION-d7bf020c0439ffaa → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0fd6726780ee8778:flow:732edc8624c6	SESSION-0fd6726780ee8778 → flow:732edc8624c6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b1b714ce8916a149:flow:9b3343130edd	SESSION-b1b714ce8916a149 → flow:9b3343130edd
flow_observed5-aryOBS	e:fo:flow:afa4794a1a01	flow:afa4794a1a01 → host:131.196.29.138 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-4fb1f3797e8f19a3:host:177.10.239.4	SESSION-4fb1f3797e8f19a3 → host:177.10.239.4
FLOW_TO_HOSTOBS	e:to:SESSION-0be6cf40df30cb93:host:172.234.197.23	SESSION-0be6cf40df30cb93 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.205:asn:262880	host:177.10.235.205 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bc37b0c14be06192:flow:4810b7b3c231	SESSION-bc37b0c14be06192 → flow:4810b7b3c231
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-921486915e849834:host:172.234.197.23	SESSION-921486915e849834 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-712d2d82579af730:host:177.10.232.211	SESSION-712d2d82579af730 → host:177.10.232.211
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.228:asn:271410	host:131.196.28.228 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ddbd1238f020bf6b:host:172.234.197.23	SESSION-ddbd1238f020bf6b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6cc06f30e6c05bb:host:131.196.28.44	SESSION-a6cc06f30e6c05bb → host:131.196.28.44
flow_observed4-aryOBS	e:fo:flow:185b92a83312	flow:185b92a83312 → host:172.234.197.23 → host:177.10.239.18 → port:tcp:14688
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8d11cc9a154a777c:host:172.234.197.23:host:177.10.233.95	SESSION-8d11cc9a154a777c → host:172.234.197.23 → host:177.10.233.95
FLOW_TO_HOSTOBS	e:to:SESSION-c3cae868156d4440:host:172.234.197.23	SESSION-c3cae868156d4440 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-139ea45d2e45809a:host:172.234.197.23	SESSION-139ea45d2e45809a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ded84b73dcc2:port:tcp:443	flow:ded84b73dcc2 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-55979c68784410e0:host:172.234.197.23	SESSION-55979c68784410e0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c88d7695016e6fbb:host:172.234.197.23:host:177.10.239.164	SESSION-c88d7695016e6fbb → host:172.234.197.23 → host:177.10.239.164
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-985c12f522f7e9ff:host:131.196.28.129:host:172.234.197.23	SESSION-985c12f522f7e9ff → host:131.196.28.129 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ccddbdb53d5af45:host:131.196.30.83	SESSION-6ccddbdb53d5af45 → host:131.196.30.83
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9de698333fa1afcb:flow:9b008c214ebe	SESSION-9de698333fa1afcb → flow:9b008c214ebe
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-316231fad61f009e:flow:9a44c5cb5ea1	SESSION-316231fad61f009e → flow:9a44c5cb5ea1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b8693b808e1d6b7d:SESSION-b8693b808e1d6b7d	SESSION-b8693b808e1d6b7d → pe:syn:SESSION-b8693b808e1d6b7d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e41a4ef6cc929c5:SESSION-7e41a4ef6cc929c5	SESSION-7e41a4ef6cc929c5 → pe:syn:SESSION-7e41a4ef6cc929c5
FLOW_FROM_HOSTOBS	e:from:SESSION-a4b062ac7956d3a5:host:172.234.197.23	SESSION-a4b062ac7956d3a5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6c901db44791138:host:45.173.156.36	SESSION-d6c901db44791138 → host:45.173.156.36
FLOW_TO_HOSTOBS	e:to:SESSION-8f5b7d4cd5351b11:host:172.234.197.23	SESSION-8f5b7d4cd5351b11 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b84ff3ecb7ac9c51:flow:17ffb9bcca7a	SESSION-b84ff3ecb7ac9c51 → flow:17ffb9bcca7a
FLOW_TO_HOSTOBS	e:to:SESSION-85a5e7fc435163e0:host:177.10.239.158	SESSION-85a5e7fc435163e0 → host:177.10.239.158
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-86afdd078b90270f:host:131.196.30.222:host:172.234.197.23	SESSION-86afdd078b90270f → host:131.196.30.222 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9a9df261a7287913:SESSION-9a9df261a7287913	SESSION-9a9df261a7287913 → pe:tls:SESSION-9a9df261a7287913
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d861e0bc561d261:host:172.234.197.23	SESSION-7d861e0bc561d261 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:192.99.232.216:asn:16276	host:192.99.232.216 → asn:16276
FLOW_TO_HOSTOBS	e:to:SESSION-79574872517ba47f:host:177.10.234.56	SESSION-79574872517ba47f → host:177.10.234.56
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.45:geo_-16.28860_-49.01640	host:177.10.234.45 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:0dfe7cae9b59	flow:0dfe7cae9b59 → host:177.10.235.64 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3a17f957b1f0153:host:172.234.197.23	SESSION-b3a17f957b1f0153 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.121:asn:262880	host:177.10.235.121 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1ed5736d80d2991:host:213.209.159.159	SESSION-b1ed5736d80d2991 → host:213.209.159.159
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.196:asn:262880	host:177.10.233.196 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.164:asn:271410	host:131.196.28.164 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2c2ee5c4e3db47f8:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2c2ee5c4e3db47f8 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-85f4ab9e3ed21fa2:host:172.234.197.23	SESSION-85f4ab9e3ed21fa2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2def334ee7bae1e1:SESSION-2def334ee7bae1e1	SESSION-2def334ee7bae1e1 → pe:tls:SESSION-2def334ee7bae1e1
flow_observed5-aryOBS	e:fo:flow:1441785bdf43	flow:1441785bdf43 → host:177.10.237.211 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4f6d18082a7e4dce:SESSION-4f6d18082a7e4dce	SESSION-4f6d18082a7e4dce → pe:syn:SESSION-4f6d18082a7e4dce
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-455353f546d0ad3e:SESSION-455353f546d0ad3e	SESSION-455353f546d0ad3e → pe:syn:SESSION-455353f546d0ad3e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.195:geo_-23.62930_-46.63510	host:131.196.31.195 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-275d804358752875:host:172.234.197.23	SESSION-275d804358752875 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e4e6682786f65470:host:177.10.234.176:host:172.234.197.23	SESSION-e4e6682786f65470 → host:177.10.234.176 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4defafdd27769097:PCAP:capture_20260428010001:b1b402c7b202	SESSION-4defafdd27769097 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ec373193747138e2:PCAP:capture_20260430060001:919b39a74464	SESSION-ec373193747138e2 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:9365c7904909:port:tcp:443	flow:9365c7904909 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7375b1770c27cca2:host:177.10.235.254	SESSION-7375b1770c27cca2 → host:177.10.235.254
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.45:geo_-23.62930_-46.63510	host:131.196.28.45 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be95a34ad4eedb81:host:131.196.31.26:host:172.234.197.23	SESSION-be95a34ad4eedb81 → host:131.196.31.26 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-403d8f142c86493c:flow:30a4fb2d35f0	SESSION-403d8f142c86493c → flow:30a4fb2d35f0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4385c2f73c2ee0db:SESSION-4385c2f73c2ee0db	SESSION-4385c2f73c2ee0db → pe:tls:SESSION-4385c2f73c2ee0db
FLOW_TO_HOSTOBS	e:to:SESSION-65c3eea3bc378ff0:host:131.196.30.81	SESSION-65c3eea3bc378ff0 → host:131.196.30.81
FLOW_FROM_HOSTOBS	e:from:SESSION-49b6ef2582cca14b:host:177.10.234.147	SESSION-49b6ef2582cca14b → host:177.10.234.147
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-750fc9f72ee279c6:host:172.234.197.23	SESSION-750fc9f72ee279c6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:612621241910:port:tcp:443	flow:612621241910 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7d861e0bc561d261:flow:7f88b9c89fd4	SESSION-7d861e0bc561d261 → flow:7f88b9c89fd4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d1b588a91707aaaf:SESSION-d1b588a91707aaaf	SESSION-d1b588a91707aaaf → pe:tls:SESSION-d1b588a91707aaaf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5c65a4c12e9ce549:PCAP:capture_20260430110001:43611bdf6759	SESSION-5c65a4c12e9ce549 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2161d2ba591330e1:PCAP:capture_20260430060001:919b39a74464	SESSION-2161d2ba591330e1 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-251fcdeeb3ee3f58:host:177.10.235.26	SESSION-251fcdeeb3ee3f58 → host:177.10.235.26
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ffbb13e97116fd4:host:177.10.235.72:host:172.234.197.23	SESSION-6ffbb13e97116fd4 → host:177.10.235.72 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d18ddb12cf5478af:host:172.234.197.23:host:177.10.233.231	SESSION-d18ddb12cf5478af → host:172.234.197.23 → host:177.10.233.231
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-623bd72e2e38d66b:host:131.196.30.72:host:172.234.197.23	SESSION-623bd72e2e38d66b → host:131.196.30.72 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-70a92a3cd71eafd5:host:172.234.197.23	SESSION-70a92a3cd71eafd5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0482212efb1d2581:SESSION-0482212efb1d2581	SESSION-0482212efb1d2581 → pe:tls:SESSION-0482212efb1d2581
FLOW_DST_PORTOBS	e:fp:flow:e17fa3c43e75:port:tcp:443	flow:e17fa3c43e75 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:ca33735becee	flow:ca33735becee → host:172.234.197.23 → host:177.10.233.231 → port:tcp:63881
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8de6c1be9d0210fa:host:172.234.197.23	SESSION-8de6c1be9d0210fa → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a30bb5948cc0:port:tcp:18088	flow:a30bb5948cc0 → port:tcp:18088
FLOW_DST_PORTOBS	e:fp:flow:e1daaa949a5f:port:tcp:443	flow:e1daaa949a5f → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-457bc509f900e32f:host:131.196.29.220	SESSION-457bc509f900e32f → host:131.196.29.220
flow_observed4-aryOBS	e:fo:flow:d4fdcb61394f	flow:d4fdcb61394f → host:172.234.197.23 → host:177.10.239.84 → port:tcp:47712
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e1f57d75854220c:host:172.234.197.23	SESSION-0e1f57d75854220c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0a77adff1667c3d1:host:172.234.197.23	SESSION-0a77adff1667c3d1 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2646f5b9f41a01d2:flow:e5616facb20a	SESSION-2646f5b9f41a01d2 → flow:e5616facb20a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-290c9b11e52fd3ba:flow:6c0273891f97	SESSION-290c9b11e52fd3ba → flow:6c0273891f97
FLOW_FROM_HOSTOBS	e:from:SESSION-90972096b6b00a4b:host:177.10.236.240	SESSION-90972096b6b00a4b → host:177.10.236.240
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e812ffe43c670dc:flow:ea9cac00d4f8	SESSION-7e812ffe43c670dc → flow:ea9cac00d4f8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a586e6b93cbc00d:flow:2bb494efc59c	SESSION-0a586e6b93cbc00d → flow:2bb494efc59c
FLOW_DST_PORTOBS	e:fp:flow:7c87f156575d:port:tcp:443	flow:7c87f156575d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8bdafe91f45dd428:host:177.10.232.49	SESSION-8bdafe91f45dd428 → host:177.10.232.49
flow_observed4-aryOBS	e:fo:flow:163c6cea425f	flow:163c6cea425f → host:172.234.197.23 → host:131.196.30.12 → port:tcp:42182
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-077636b939c69f3b:SESSION-077636b939c69f3b	SESSION-077636b939c69f3b → pe:rst:SESSION-077636b939c69f3b
FLOW_DST_PORTOBS	e:fp:flow:f30fc2973ede:port:tcp:23628	flow:f30fc2973ede → port:tcp:23628
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb0638f1774736d1:host:177.10.236.120	SESSION-cb0638f1774736d1 → host:177.10.236.120
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.245:asn:262880	host:177.10.235.245 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-512816cd1ae61d60:host:177.10.233.19	SESSION-512816cd1ae61d60 → host:177.10.233.19
FLOW_TO_HOSTOBS	e:to:SESSION-df808ed8a09d8e60:host:131.196.31.165	SESSION-df808ed8a09d8e60 → host:131.196.31.165
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78dc8874b859c826:host:172.234.197.23	SESSION-78dc8874b859c826 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6dcc81ef5615b86c:SESSION-6dcc81ef5615b86c	SESSION-6dcc81ef5615b86c → pe:syn:SESSION-6dcc81ef5615b86c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-78c74ad080075522:SESSION-78c74ad080075522	SESSION-78c74ad080075522 → pe:rst:SESSION-78c74ad080075522
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c471169f59e284ee:host:131.196.29.124	SESSION-c471169f59e284ee → host:131.196.29.124
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb2fd2ce02add556:host:172.234.197.23	SESSION-eb2fd2ce02add556 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa32b0aa2bffc0b5:host:172.234.197.23	SESSION-aa32b0aa2bffc0b5 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:454a5a5ddf6b	flow:454a5a5ddf6b → host:177.10.233.4 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-a27690ff20574d25:host:172.234.197.23	SESSION-a27690ff20574d25 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e47ff6197158625f:host:45.173.156.13:host:172.234.197.23	SESSION-e47ff6197158625f → host:45.173.156.13 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e47ff6197158625f:SESSION-e47ff6197158625f	SESSION-e47ff6197158625f → pe:syn:SESSION-e47ff6197158625f
FLOW_DST_PORTOBS	e:fp:flow:e48740498ad9:port:tcp:443	flow:e48740498ad9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-472adb1eeb20f880:host:172.234.197.23	SESSION-472adb1eeb20f880 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ed34bf9fded9d68:host:131.196.30.207:host:172.234.197.23	SESSION-5ed34bf9fded9d68 → host:131.196.30.207 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e2ecbcecdc44a459:SESSION-e2ecbcecdc44a459	SESSION-e2ecbcecdc44a459 → pe:tls:SESSION-e2ecbcecdc44a459
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-66c6d225095e379c:SESSION-66c6d225095e379c	SESSION-66c6d225095e379c → pe:syn:SESSION-66c6d225095e379c
FLOW_DST_PORTOBS	e:fp:flow:744c88bd6df1:port:tcp:443	flow:744c88bd6df1 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:02c86af336eb:port:tcp:443	flow:02c86af336eb → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:5227d7443502:port:tcp:443	flow:5227d7443502 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be622897972653aa:host:31.40.196.79	SESSION-be622897972653aa → host:31.40.196.79
FLOW_TO_HOSTOBS	e:to:SESSION-7852f400065b4a55:host:172.234.197.23	SESSION-7852f400065b4a55 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6d3d14b72c68	flow:6d3d14b72c68 → host:45.173.156.13 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27131bb9b9feeb52:host:177.10.237.118	SESSION-27131bb9b9feeb52 → host:177.10.237.118
FLOW_DST_PORTOBS	e:fp:flow:c4028c7b5ec7:port:tcp:443	flow:c4028c7b5ec7 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-1a82d55b52198391:host:172.234.197.23	SESSION-1a82d55b52198391 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c9a9ddd86aa762a0:host:177.10.238.82	SESSION-c9a9ddd86aa762a0 → host:177.10.238.82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-324b6311c2d003f7:SESSION-324b6311c2d003f7	SESSION-324b6311c2d003f7 → pe:syn:SESSION-324b6311c2d003f7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-deef720c855898df:SESSION-deef720c855898df	SESSION-deef720c855898df → pe:tls:SESSION-deef720c855898df
FLOW_TO_HOSTOBS	e:to:SESSION-992ac29a78433ae4:host:172.234.197.23	SESSION-992ac29a78433ae4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bd0de62eb0560e2b:host:35.216.234.82:host:172.234.197.23	SESSION-bd0de62eb0560e2b → host:35.216.234.82 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7ff9648a7e097bde:host:149.210.194.32	SESSION-7ff9648a7e097bde → host:149.210.194.32
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.182:geo_-23.62930_-46.63510	host:131.196.29.182 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-affecc1e92c420cb:PCAP:capture_20260430060001:919b39a74464	SESSION-affecc1e92c420cb → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9fed3e3a3ac1c6fb:host:172.234.197.23	SESSION-9fed3e3a3ac1c6fb → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:44e7caf8cd36	flow:44e7caf8cd36 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_TO_HOSTOBS	e:to:SESSION-5b37dbc8f4449b96:host:131.196.29.141	SESSION-5b37dbc8f4449b96 → host:131.196.29.141
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1c9303996834523:host:177.10.238.217:host:172.234.197.23	SESSION-d1c9303996834523 → host:177.10.238.217 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-306afa7fa31a1f87:SESSION-306afa7fa31a1f87	SESSION-306afa7fa31a1f87 → pe:syn:SESSION-306afa7fa31a1f87
FLOW_FROM_HOSTOBS	e:from:SESSION-0fd6726780ee8778:host:131.196.30.234	SESSION-0fd6726780ee8778 → host:131.196.30.234
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f3e5ef5a453dff40:flow:e4253dfcf9e0	SESSION-f3e5ef5a453dff40 → flow:e4253dfcf9e0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e21e19309bc8d324:host:45.173.156.51:host:172.234.197.23	SESSION-e21e19309bc8d324 → host:45.173.156.51 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8366f7f5c26b	flow:8366f7f5c26b → host:131.196.29.122 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:1ac3ec916046	flow:1ac3ec916046 → host:172.234.197.23 → host:131.196.29.4 → port:tcp:14376
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-754d0cc424848140:host:177.10.236.201	SESSION-754d0cc424848140 → host:177.10.236.201
FLOW_DST_PORTOBS	e:fp:flow:21bf07083353:port:tcp:443	flow:21bf07083353 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-caaa6bcaac59e7b9:host:177.10.233.158:host:172.234.197.23	SESSION-caaa6bcaac59e7b9 → host:177.10.233.158 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db0c4d22fd57aedf:host:131.196.30.55	SESSION-db0c4d22fd57aedf → host:131.196.30.55
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f838b992fed206a8:PCAP:capture_20260430110001:43611bdf6759	SESSION-f838b992fed206a8 → PCAP:capture_20260430110001:43611bdf6759
flow_observed4-aryOBS	e:fo:flow:24b3fe0163fb	flow:24b3fe0163fb → host:172.234.197.23 → host:177.10.232.191 → port:tcp:54490
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e12300b6212ab14:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7e12300b6212ab14 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1628bbd64c13f5a:host:172.234.197.23	SESSION-a1628bbd64c13f5a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-75ac13f212ea06a5:host:172.234.197.23	SESSION-75ac13f212ea06a5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e3d1aa706f2604d:host:172.234.197.23	SESSION-3e3d1aa706f2604d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1350be77996fff9b:host:177.10.232.66:host:172.234.197.23	SESSION-1350be77996fff9b → host:177.10.232.66 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.108:asn:262880	host:177.10.236.108 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c6698f170085be7:host:172.234.197.23	SESSION-0c6698f170085be7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4437969c398261c:host:177.10.239.51:host:172.234.197.23	SESSION-c4437969c398261c → host:177.10.239.51 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-886f0e6ca4ba19c9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-886f0e6ca4ba19c9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d7bf020c0439ffaa:flow:378598e76593	SESSION-d7bf020c0439ffaa → flow:378598e76593
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6635e725f15c4a26:host:131.196.31.30:host:172.234.197.23	SESSION-6635e725f15c4a26 → host:131.196.31.30 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-da40d6e9bff8c88d:host:172.234.197.23	SESSION-da40d6e9bff8c88d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.252:geo_-23.62930_-46.63510	host:131.196.30.252 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.49:asn:262880	host:177.10.238.49 → asn:262880
flow_observed5-aryOBS	e:fo:flow:2d1cf2749b3f	flow:2d1cf2749b3f → host:177.10.239.28 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:e7cfd0a388ab:port:tcp:443	flow:e7cfd0a388ab → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.120:geo_-16.28860_-49.01640	host:177.10.232.120 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7640c6607dc14992:flow:f6c58082ad03	SESSION-7640c6607dc14992 → flow:f6c58082ad03
flow_observed5-aryOBS	e:fo:flow:52f183052b4c	flow:52f183052b4c → host:177.10.236.143 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:75695113798f	flow:75695113798f → host:131.196.30.28 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e867c3054a212916:host:195.20.104.8:host:172.234.197.23	SESSION-e867c3054a212916 → host:195.20.104.8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a922f04f1e60:port:tcp:37193	flow:a922f04f1e60 → port:tcp:37193
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f910dce05c4c16f4:flow:0d2a7c280705	SESSION-f910dce05c4c16f4 → flow:0d2a7c280705
FLOW_DST_PORTOBS	e:fp:flow:e77c47e6f503:port:tcp:443	flow:e77c47e6f503 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.78:asn:262880	host:177.10.236.78 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0537be800f2fa6cb:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-0537be800f2fa6cb → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-738a9f5daf478976:host:177.10.235.61	SESSION-738a9f5daf478976 → host:177.10.235.61
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4993bcd996008da0:flow:19e5b730c332	SESSION-4993bcd996008da0 → flow:19e5b730c332
FLOW_FROM_HOSTOBS	e:from:SESSION-24bd61df75bf4426:host:131.196.31.162	SESSION-24bd61df75bf4426 → host:131.196.31.162
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16ea01a17fc6b7f7:host:177.10.232.167	SESSION-16ea01a17fc6b7f7 → host:177.10.232.167
flow_observed5-aryOBS	e:fo:flow:1e9c70ccf0e5	flow:1e9c70ccf0e5 → host:177.10.233.88 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-76f517468502eda0:host:177.10.239.113:host:172.234.197.23	SESSION-76f517468502eda0 → host:177.10.239.113 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ca6098e1767361a3:host:177.10.235.114:host:172.234.197.23	SESSION-ca6098e1767361a3 → host:177.10.235.114 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.210:geo_-16.28860_-49.01640	host:177.10.232.210 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-c0b3c5797223848b:host:172.234.197.23	SESSION-c0b3c5797223848b → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:65fd82ba3983	flow:65fd82ba3983 → host:172.234.197.23 → host:177.10.239.67 → port:tcp:46038
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-886f0e6ca4ba19c9:SESSION-886f0e6ca4ba19c9	SESSION-886f0e6ca4ba19c9 → pe:syn:SESSION-886f0e6ca4ba19c9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0371abab0ef43e73:host:172.234.197.23	SESSION-0371abab0ef43e73 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76512232807349be:host:172.234.197.23	SESSION-76512232807349be → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-affecc1e92c420cb:host:172.234.197.23	SESSION-affecc1e92c420cb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0014b04a4a7ef99:host:172.234.197.23	SESSION-c0014b04a4a7ef99 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4422749e5514:port:tcp:443	flow:4422749e5514 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c3d488fa50a25e1f:SESSION-c3d488fa50a25e1f	SESSION-c3d488fa50a25e1f → pe:syn:SESSION-c3d488fa50a25e1f
FLOW_FROM_HOSTOBS	e:from:SESSION-65e7ac6f998115f7:host:172.234.197.23	SESSION-65e7ac6f998115f7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-feb7243d21c3bd2d:SESSION-feb7243d21c3bd2d	SESSION-feb7243d21c3bd2d → pe:syn:SESSION-feb7243d21c3bd2d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.251:geo_-16.28860_-49.01640	host:177.10.236.251 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2e316662e5f9d5ce:SESSION-2e316662e5f9d5ce	SESSION-2e316662e5f9d5ce → pe:tls:SESSION-2e316662e5f9d5ce
FLOW_TO_HOSTOBS	e:to:SESSION-2bcd65d8e62fc5a1:host:177.10.234.39	SESSION-2bcd65d8e62fc5a1 → host:177.10.234.39
FLOW_TO_HOSTOBS	e:to:SESSION-b2754fb6a113c6b7:host:177.10.238.218	SESSION-b2754fb6a113c6b7 → host:177.10.238.218
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d0453327d6800ed:host:172.234.197.23:host:131.196.31.4	SESSION-1d0453327d6800ed → host:172.234.197.23 → host:131.196.31.4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a457a833cb01b1f:host:172.234.197.23	SESSION-4a457a833cb01b1f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9c64ea68345b811b:SESSION-9c64ea68345b811b	SESSION-9c64ea68345b811b → pe:tls:SESSION-9c64ea68345b811b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9be6dcd7d7b7ac03:host:45.145.152.248:host:172.234.197.23	SESSION-9be6dcd7d7b7ac03 → host:45.145.152.248 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.246:asn:262880	host:177.10.234.246 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-e4bb5568f0e725a3:host:177.10.235.84	SESSION-e4bb5568f0e725a3 → host:177.10.235.84
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-be1454a9d7b7f3ce:BSG-DATA_EXFIL-6e4361b4e239	SESSION-be1454a9d7b7f3ce → BSG-DATA_EXFIL-6e4361b4e239
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3cd6c8dc824ee14d:host:172.234.197.23	SESSION-3cd6c8dc824ee14d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4c41cf07253f:port:tcp:443	flow:4c41cf07253f → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a6cc06f30e6c05bb:flow:144e359a361b	SESSION-a6cc06f30e6c05bb → flow:144e359a361b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-61267dc46edf9a47:SESSION-61267dc46edf9a47	SESSION-61267dc46edf9a47 → pe:syn:SESSION-61267dc46edf9a47
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eb6c1367f6b2a786:host:177.10.237.73:host:172.234.197.23	SESSION-eb6c1367f6b2a786 → host:177.10.237.73 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:fa2e9bc8f3da	flow:fa2e9bc8f3da → host:172.234.197.23 → host:177.10.234.89 → port:tcp:40892
FLOW_FROM_HOSTOBS	e:from:SESSION-65aa50b6e4bd0a70:host:177.10.239.102	SESSION-65aa50b6e4bd0a70 → host:177.10.239.102
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-449915b4a668f160:host:177.10.234.135	SESSION-449915b4a668f160 → host:177.10.234.135
FLOW_FROM_HOSTOBS	e:from:SESSION-5f5575c7d9faf65d:host:177.10.232.164	SESSION-5f5575c7d9faf65d → host:177.10.232.164
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:69.235.185.81:geo_37.25340_105.99760	host:69.235.185.81 → geo_37.25340_105.99760
flow_observed5-aryOBS	e:fo:flow:c8d339210a8b	flow:c8d339210a8b → host:131.196.29.128 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-44e6d66a0a0fb56e:flow:66a2f39ca69b	SESSION-44e6d66a0a0fb56e → flow:66a2f39ca69b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-82d78308744a8bb2:host:172.234.197.23	SESSION-82d78308744a8bb2 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.1:asn:262880	host:177.10.238.1 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.146:geo_-16.28860_-49.01640	host:177.10.236.146 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:20963c4b5f0e:port:tcp:443	flow:20963c4b5f0e → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c1947a05c179b1d2:host:131.196.28.79:host:172.234.197.23	SESSION-c1947a05c179b1d2 → host:131.196.28.79 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:acc81007f3bf	flow:acc81007f3bf → host:177.10.236.10 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-21b975753a100632:host:45.173.156.201:host:172.234.197.23	SESSION-21b975753a100632 → host:45.173.156.201 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3e361598c12a1af0:flow:442674fc0644	SESSION-3e361598c12a1af0 → flow:442674fc0644
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23fc04533211debf:host:45.173.156.165	SESSION-23fc04533211debf → host:45.173.156.165
FLOW_FROM_HOSTOBS	e:from:SESSION-37e4af30bda4d3e9:host:131.196.29.22	SESSION-37e4af30bda4d3e9 → host:131.196.29.22
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2d407d786bd09817:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2d407d786bd09817 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-02deb29800889c11:PCAP:capture_20260430090001:065659c7d314	SESSION-02deb29800889c11 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c3a58fc1fb15d0c4:SESSION-c3a58fc1fb15d0c4	SESSION-c3a58fc1fb15d0c4 → pe:syn:SESSION-c3a58fc1fb15d0c4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3b376322eb831975:flow:0d5c880f1cb7	SESSION-3b376322eb831975 → flow:0d5c880f1cb7
flow_observed5-aryOBS	e:fo:flow:302bedee3e70	flow:302bedee3e70 → host:131.196.29.3 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9e8879d591cbfcd7:flow:81873425f8e1	SESSION-9e8879d591cbfcd7 → flow:81873425f8e1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-364411d92a5a41bf:flow:076a56dda6e5	SESSION-364411d92a5a41bf → flow:076a56dda6e5
flow_observed4-aryOBS	e:fo:flow:a4a655504923	flow:a4a655504923 → host:172.234.197.23 → host:177.10.237.71 → port:tcp:35098
flow_observed5-aryOBS	e:fo:flow:572d4b8f9c4a	flow:572d4b8f9c4a → host:131.196.31.10 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6e3139069f2c261e:SESSION-6e3139069f2c261e	SESSION-6e3139069f2c261e → pe:tls:SESSION-6e3139069f2c261e
FLOW_DST_PORTOBS	e:fp:flow:9a44c5cb5ea1:port:tcp:443	flow:9a44c5cb5ea1 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-7678ab8e642a5a2a:host:172.234.197.23	SESSION-7678ab8e642a5a2a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4614700214209776:SESSION-4614700214209776	SESSION-4614700214209776 → pe:syn:SESSION-4614700214209776
FLOW_DST_PORTOBS	e:fp:flow:9551b9689f26:port:tcp:443	flow:9551b9689f26 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-328e38096bb05d60:host:177.10.235.236	SESSION-328e38096bb05d60 → host:177.10.235.236
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.106:geo_-16.28860_-49.01640	host:177.10.238.106 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:e87d8b46b4b2:port:tcp:39484	flow:e87d8b46b4b2 → port:tcp:39484
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.30:geo_-16.28860_-49.01640	host:177.10.236.30 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4b00d7db41be144d:flow:b2ef26ffc34a	SESSION-4b00d7db41be144d → flow:b2ef26ffc34a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f890b9cda6af294:host:177.10.237.175	SESSION-2f890b9cda6af294 → host:177.10.237.175
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dedab35c401db9fa:SESSION-dedab35c401db9fa	SESSION-dedab35c401db9fa → pe:tls:SESSION-dedab35c401db9fa
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.2:geo_-16.28860_-49.01640	host:177.10.239.2 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3afd88a73e32b466:host:172.234.197.23	SESSION-3afd88a73e32b466 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-98544383f10b4583:host:172.234.197.23	SESSION-98544383f10b4583 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8fb17d6554827f30:SESSION-8fb17d6554827f30	SESSION-8fb17d6554827f30 → pe:syn:SESSION-8fb17d6554827f30
flow_observed4-aryOBS	e:fo:flow:d821ae727b8b	flow:d821ae727b8b → host:172.234.197.23 → host:131.196.31.220 → port:tcp:41968
HOST_IN_ASNOBS 85%	e:ha:host:54.184.232.115:asn:16509	host:54.184.232.115 → asn:16509
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7912a0e1302b3ba3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7912a0e1302b3ba3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-99d54d6eadbc1138:host:45.173.156.41	SESSION-99d54d6eadbc1138 → host:45.173.156.41
FLOW_TO_HOSTOBS	e:to:SESSION-5133340de07cf838:host:172.234.197.23	SESSION-5133340de07cf838 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2b9c1bf42f4683a2:SESSION-2b9c1bf42f4683a2	SESSION-2b9c1bf42f4683a2 → pe:syn:SESSION-2b9c1bf42f4683a2
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-393d4d02c091bd7e:BSG-BEACON-7e5f57415e56	SESSION-393d4d02c091bd7e → BSG-BEACON-7e5f57415e56
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ad03ceeb377f3976:SESSION-ad03ceeb377f3976	SESSION-ad03ceeb377f3976 → pe:tls:SESSION-ad03ceeb377f3976
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cfbd2e877e86cd2a:SESSION-cfbd2e877e86cd2a	SESSION-cfbd2e877e86cd2a → pe:tls:SESSION-cfbd2e877e86cd2a
flow_observed5-aryOBS	e:fo:flow:926143b4e410	flow:926143b4e410 → host:177.10.235.87 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b72757303ebc2bde:host:172.234.197.23	SESSION-b72757303ebc2bde → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b3b10ff846570e8:host:45.173.156.144	SESSION-5b3b10ff846570e8 → host:45.173.156.144
FLOW_FROM_HOSTOBS	e:from:SESSION-11d1e958623763ef:host:177.10.234.46	SESSION-11d1e958623763ef → host:177.10.234.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-05a7cad64bbe69e6:SESSION-05a7cad64bbe69e6	SESSION-05a7cad64bbe69e6 → pe:syn:SESSION-05a7cad64bbe69e6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9de9d154fbb04a83:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9de9d154fbb04a83 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed3-aryOBS	e:fo:flow:22b7a9b6a3e4	flow:22b7a9b6a3e4 → host:54.245.183.167 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab81c1372abfe2ce:host:172.234.197.23	SESSION-ab81c1372abfe2ce → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3f38f9d39dae0e5a:flow:4e425a0bcb01	SESSION-3f38f9d39dae0e5a → flow:4e425a0bcb01
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37ce4ecafac50117:host:172.234.197.23	SESSION-37ce4ecafac50117 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b7489016e282:port:udp:53	flow:b7489016e282 → port:udp:53
FLOW_FROM_HOSTOBS	e:from:SESSION-0c0cdf691d2bdc12:host:177.10.233.39	SESSION-0c0cdf691d2bdc12 → host:177.10.233.39
flow_observed5-aryOBS	e:fo:flow:b86e2d63795a	flow:b86e2d63795a → host:177.10.237.61 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4c0ceaca72bbee92:SESSION-4c0ceaca72bbee92	SESSION-4c0ceaca72bbee92 → pe:tls:SESSION-4c0ceaca72bbee92
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0827c1c94491daec:host:177.10.235.224:host:172.234.197.23	SESSION-0827c1c94491daec → host:177.10.235.224 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-608f6686d64f8e3e:host:177.10.236.92	SESSION-608f6686d64f8e3e → host:177.10.236.92
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-797ddf76fc257ebf:SESSION-797ddf76fc257ebf	SESSION-797ddf76fc257ebf → pe:tls:SESSION-797ddf76fc257ebf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e652971bc7c2d2d5:host:131.196.29.240	SESSION-e652971bc7c2d2d5 → host:131.196.29.240
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-21bd08fb36aa18e9:SESSION-21bd08fb36aa18e9	SESSION-21bd08fb36aa18e9 → pe:syn:SESSION-21bd08fb36aa18e9
flow_observed4-aryOBS	e:fo:flow:a4311327b5d4	flow:a4311327b5d4 → host:172.234.197.23 → host:177.10.235.205 → port:tcp:24701
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8e44af15232c6a53:SESSION-8e44af15232c6a53	SESSION-8e44af15232c6a53 → pe:syn:SESSION-8e44af15232c6a53
flow_observed4-aryOBS	e:fo:flow:ce213669da36	flow:ce213669da36 → host:172.234.197.23 → host:131.196.30.132 → port:tcp:14321
FLOW_TO_HOSTOBS	e:to:SESSION-37c43e7a9f6dcf12:host:172.234.197.23	SESSION-37c43e7a9f6dcf12 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-5bfd6f31a89c294d:BSG-BEACON-1465e09ba0f3	SESSION-5bfd6f31a89c294d → BSG-BEACON-1465e09ba0f3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e09e8a3cbea3c18a:flow:077349af1ee9	SESSION-e09e8a3cbea3c18a → flow:077349af1ee9
FLOW_DST_PORTOBS	e:fp:flow:f64e419c560e:port:tcp:17825	flow:f64e419c560e → port:tcp:17825
FLOW_FROM_HOSTOBS	e:from:SESSION-70ca21a7c0c8fc42:host:177.10.234.26	SESSION-70ca21a7c0c8fc42 → host:177.10.234.26
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7d436d9a2a0e2483:flow:c30067362e47	SESSION-7d436d9a2a0e2483 → flow:c30067362e47
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b7d005fcddd05eb:host:131.196.31.95:host:172.234.197.23	SESSION-5b7d005fcddd05eb → host:131.196.31.95 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3e524c73cd89280:host:177.10.234.189	SESSION-a3e524c73cd89280 → host:177.10.234.189
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.190:asn:273470	host:45.173.156.190 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f08e9fcec07329fb:SESSION-f08e9fcec07329fb	SESSION-f08e9fcec07329fb → pe:syn:SESSION-f08e9fcec07329fb
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.99:asn:262880	host:177.10.239.99 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-388e36b23caa508f:host:131.196.28.145	SESSION-388e36b23caa508f → host:131.196.28.145
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5fcbc735dfd8018d:SESSION-5fcbc735dfd8018d	SESSION-5fcbc735dfd8018d → pe:syn:SESSION-5fcbc735dfd8018d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-360f4972fec5b7e0:host:95.170.25.152:host:172.234.197.23	SESSION-360f4972fec5b7e0 → host:95.170.25.152 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:83025574d3cc	flow:83025574d3cc → host:177.10.237.124 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5e9dc14d87b5185c:PCAP:capture_20260430090001:065659c7d314	SESSION-5e9dc14d87b5185c → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c227f10fbea5d546:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c227f10fbea5d546 → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.201:geo_-16.28860_-49.01640	host:177.10.234.201 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fecc6fa34e31300b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-fecc6fa34e31300b → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-a4b1418ed7a7a9f3:host:172.234.197.23	SESSION-a4b1418ed7a7a9f3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4b869f0759406bd5:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4b869f0759406bd5 → PCAP:capture_20260430160001:9bfa4498506a
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.115:asn:271410	host:131.196.28.115 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-1d5390845b17c572:host:172.234.197.23	SESSION-1d5390845b17c572 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e1ff5f640d9a1d3a:PCAP:capture_20260430060001:919b39a74464	SESSION-e1ff5f640d9a1d3a → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e987eea1f59290d7:host:172.234.197.23	SESSION-e987eea1f59290d7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b3948aeec4a52663:SESSION-b3948aeec4a52663	SESSION-b3948aeec4a52663 → pe:tls:SESSION-b3948aeec4a52663
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-398d13acd4a88a37:SESSION-398d13acd4a88a37	SESSION-398d13acd4a88a37 → pe:dns:SESSION-398d13acd4a88a37
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1440a3c9b30a4056:PCAP:capture_20260430080001:93f47cc296a4	SESSION-1440a3c9b30a4056 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:395c5895c32a:port:tcp:443	flow:395c5895c32a → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fab752fe97090e4a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-fab752fe97090e4a → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c532caa5d41cfcbc:SESSION-c532caa5d41cfcbc	SESSION-c532caa5d41cfcbc → pe:rst:SESSION-c532caa5d41cfcbc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-58f2a638c6bf8581:SESSION-58f2a638c6bf8581	SESSION-58f2a638c6bf8581 → pe:tls:SESSION-58f2a638c6bf8581
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.189:geo_-21.10010_-41.69200	host:45.173.156.189 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3b8a8c73a52fb2ca:host:177.10.233.145:host:172.234.197.23	SESSION-3b8a8c73a52fb2ca → host:177.10.233.145 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-72e48e4dc313a64d:host:172.234.197.23:host:131.196.30.44	SESSION-72e48e4dc313a64d → host:172.234.197.23 → host:131.196.30.44
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d610f9ec6aa577ae:SESSION-d610f9ec6aa577ae	SESSION-d610f9ec6aa577ae → pe:syn:SESSION-d610f9ec6aa577ae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-18178a1924ee92a1:SESSION-18178a1924ee92a1	SESSION-18178a1924ee92a1 → pe:syn:SESSION-18178a1924ee92a1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2a33d29db5091f68:host:177.10.238.173:host:172.234.197.23	SESSION-2a33d29db5091f68 → host:177.10.238.173 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-95c23d407c86213b:host:172.234.197.23	SESSION-95c23d407c86213b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3b8a8c73a52fb2ca:flow:d2b58a19713b	SESSION-3b8a8c73a52fb2ca → flow:d2b58a19713b
FLOW_TO_HOSTOBS	e:to:SESSION-affea3171060a6d3:host:172.234.197.23	SESSION-affea3171060a6d3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-31d47da03b5e0774:host:45.173.156.138:host:172.234.197.23	SESSION-31d47da03b5e0774 → host:45.173.156.138 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2fd071a3b1e728ca:host:177.10.235.184	SESSION-2fd071a3b1e728ca → host:177.10.235.184
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f76d275e2b42c8d0:PCAP:capture_20260430090001:065659c7d314	SESSION-f76d275e2b42c8d0 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8466bbcc058d46c:host:131.196.31.6	SESSION-c8466bbcc058d46c → host:131.196.31.6
flow_observed5-aryOBS	e:fo:flow:50c8e81c7bbb	flow:50c8e81c7bbb → host:131.196.28.198 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4ba070ea29625f6c:flow:786b3943f4dd	SESSION-4ba070ea29625f6c → flow:786b3943f4dd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-00d1a9c01c6924fe:host:172.234.197.23	SESSION-00d1a9c01c6924fe → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f78775658cb84616:SESSION-f78775658cb84616	SESSION-f78775658cb84616 → pe:syn:SESSION-f78775658cb84616
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d941eb7985d54eff:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d941eb7985d54eff → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1da9f85a5b3be49b:host:172.234.197.23	SESSION-1da9f85a5b3be49b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02cfffe2a1cdb1f3:host:177.10.234.84	SESSION-02cfffe2a1cdb1f3 → host:177.10.234.84
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f0b6872bf6474c44:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f0b6872bf6474c44 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-ad3aa4b6b6de70e6:host:172.234.197.23	SESSION-ad3aa4b6b6de70e6 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.51:asn:262880	host:177.10.236.51 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.124:geo_-23.62930_-46.63510	host:131.196.29.124 → geo_-23.62930_-46.63510
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-fad6b9be10f7d404:BSG-DATA_EXFIL-03d4d486896f	SESSION-fad6b9be10f7d404 → BSG-DATA_EXFIL-03d4d486896f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a05a386609def1c:SESSION-0a05a386609def1c	SESSION-0a05a386609def1c → pe:syn:SESSION-0a05a386609def1c
FLOW_DST_PORTOBS	e:fp:flow:96f3e0f6ccea:port:tcp:45193	flow:96f3e0f6ccea → port:tcp:45193
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-da7125a184793aeb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-da7125a184793aeb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:8771a34c54d8:port:tcp:28799	flow:8771a34c54d8 → port:tcp:28799
FLOW_FROM_HOSTOBS	e:from:SESSION-66c6d225095e379c:host:131.196.28.18	SESSION-66c6d225095e379c → host:131.196.28.18
FLOW_TO_HOSTOBS	e:to:SESSION-a33a5bbd98f17a5b:host:172.234.197.23	SESSION-a33a5bbd98f17a5b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7b78e56234f0:port:tcp:443	flow:7b78e56234f0 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-f55570dc615df23a:host:172.234.197.23	SESSION-f55570dc615df23a → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.174:asn:271410	host:131.196.28.174 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1b4aebfef6c24ca0:SESSION-1b4aebfef6c24ca0	SESSION-1b4aebfef6c24ca0 → pe:syn:SESSION-1b4aebfef6c24ca0
FLOW_DST_PORTOBS	e:fp:flow:976bb746bf02:port:tcp:443	flow:976bb746bf02 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1b7e5e87f526ce8d:PCAP:capture_20260430110001:43611bdf6759	SESSION-1b7e5e87f526ce8d → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-25f56036928a5a45:SESSION-25f56036928a5a45	SESSION-25f56036928a5a45 → pe:tls:SESSION-25f56036928a5a45
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8b082affabc66a77:flow:da19865bc885	SESSION-8b082affabc66a77 → flow:da19865bc885
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-621f42bc5edaa56f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-621f42bc5edaa56f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:d35ba3898200:port:tcp:443	flow:d35ba3898200 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fdee4339c7caabb6:host:172.234.197.23	SESSION-fdee4339c7caabb6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2a9038dbf01b	flow:2a9038dbf01b → host:177.10.236.144 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:48d5c490e0d2	flow:48d5c490e0d2 → host:177.10.237.139 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:78.12.83.235:geo_20.58790_-100.38790	host:78.12.83.235 → geo_20.58790_-100.38790
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4cc2e8571100ea2b:flow:3ca25dda4ddb	SESSION-4cc2e8571100ea2b → flow:3ca25dda4ddb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8806932607856a75:SESSION-8806932607856a75	SESSION-8806932607856a75 → pe:tls:SESSION-8806932607856a75
FLOW_TO_HOSTOBS	e:to:SESSION-6a5d8002765cb7d3:host:172.234.197.23	SESSION-6a5d8002765cb7d3 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.76:asn:271410	host:131.196.29.76 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0dbdaab1cb35f54:SESSION-c0dbdaab1cb35f54	SESSION-c0dbdaab1cb35f54 → pe:tls:SESSION-c0dbdaab1cb35f54
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6c15e0230f45f826:flow:28d1c642fadb	SESSION-6c15e0230f45f826 → flow:28d1c642fadb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bc3682173c4cf6b:host:177.10.234.130	SESSION-3bc3682173c4cf6b → host:177.10.234.130
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-669451aeea441b50:host:177.10.232.152	SESSION-669451aeea441b50 → host:177.10.232.152
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-20aee5a5b6e9be41:host:45.173.156.219:host:172.234.197.23	SESSION-20aee5a5b6e9be41 → host:45.173.156.219 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-588e177edbf40597:SESSION-588e177edbf40597	SESSION-588e177edbf40597 → pe:syn:SESSION-588e177edbf40597
FLOW_TO_HOSTOBS	e:to:SESSION-d9260442e0efbdc6:host:172.234.197.23	SESSION-d9260442e0efbdc6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-014d878748f613f9:host:172.234.197.23	SESSION-014d878748f613f9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bcca913f927ee07e:host:172.3.50.214	SESSION-bcca913f927ee07e → host:172.3.50.214
FLOW_FROM_HOSTOBS	e:from:SESSION-d9e1dffa0e2317c3:host:177.10.236.215	SESSION-d9e1dffa0e2317c3 → host:177.10.236.215
FLOW_DST_PORTOBS	e:fp:flow:107f0fd4b6e6:port:tcp:42627	flow:107f0fd4b6e6 → port:tcp:42627
flow_observed4-aryOBS	e:fo:flow:73b0432d21f6	flow:73b0432d21f6 → host:172.234.197.23 → host:177.10.235.231 → port:tcp:49028
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1ec79192d74c7af:host:177.10.237.48	SESSION-a1ec79192d74c7af → host:177.10.237.48
FLOW_DST_PORTOBS	e:fp:flow:e92d969363c6:port:tcp:443	flow:e92d969363c6 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2dbb52de45813c9a:host:131.196.28.234	SESSION-2dbb52de45813c9a → host:131.196.28.234
FLOW_FROM_HOSTOBS	e:from:SESSION-bb3f1e71e19d60be:host:131.196.28.118	SESSION-bb3f1e71e19d60be → host:131.196.28.118
flow_observed5-aryOBS	e:fo:flow:dac3294581ff	flow:dac3294581ff → host:177.10.234.142 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a015ddbfdf91f569:flow:d52ad61ff8bd	SESSION-a015ddbfdf91f569 → flow:d52ad61ff8bd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b72757303ebc2bde:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b72757303ebc2bde → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-457bc509f900e32f:SESSION-457bc509f900e32f	SESSION-457bc509f900e32f → pe:syn:SESSION-457bc509f900e32f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db9e8149201eae0f:host:131.196.30.59	SESSION-db9e8149201eae0f → host:131.196.30.59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bfe3e48aa982c746:SESSION-bfe3e48aa982c746	SESSION-bfe3e48aa982c746 → pe:syn:SESSION-bfe3e48aa982c746
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b4020db38e68a457:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b4020db38e68a457 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-da61b01cc679b249:host:131.196.30.213:host:172.234.197.23	SESSION-da61b01cc679b249 → host:131.196.30.213 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b670e7c5e0a8e3a1:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b670e7c5e0a8e3a1 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8431b5fa38a73955:host:103.155.16.117:host:172.234.197.23	SESSION-8431b5fa38a73955 → host:103.155.16.117 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0d2adbd91043:port:tcp:56933	flow:0d2adbd91043 → port:tcp:56933
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.217:asn:262880	host:177.10.239.217 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e8b71ac0dda5d9d9:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e8b71ac0dda5d9d9 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed4-aryOBS	e:fo:flow:fdaf9a7bd0da	flow:fdaf9a7bd0da → host:172.234.197.23 → host:45.173.156.220 → port:tcp:15037
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e9e5b45e575f3797:host:177.10.232.97	SESSION-e9e5b45e575f3797 → host:177.10.232.97
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.182:geo_-16.28860_-49.01640	host:177.10.239.182 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-338b64f691539afb:SESSION-338b64f691539afb	SESSION-338b64f691539afb → pe:syn:SESSION-338b64f691539afb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eac07967aaca78dc:host:177.10.237.159	SESSION-eac07967aaca78dc → host:177.10.237.159
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e4ae2c6ddba3051:SESSION-7e4ae2c6ddba3051	SESSION-7e4ae2c6ddba3051 → pe:syn:SESSION-7e4ae2c6ddba3051
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b37dbc8f4449b96:host:172.234.197.23	SESSION-5b37dbc8f4449b96 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-164b17078fceb547:host:177.10.239.92	SESSION-164b17078fceb547 → host:177.10.239.92
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2eec6fd9620a1613:host:172.234.197.23	SESSION-2eec6fd9620a1613 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-98544383f10b4583:PCAP:capture_20260430050001:8868731bf8a4	SESSION-98544383f10b4583 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:eafb10903b19	flow:eafb10903b19 → host:177.10.234.32 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-9f9972302e9230d9:host:172.234.197.23	SESSION-9f9972302e9230d9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97d8ab6142f53424:host:172.234.197.23	SESSION-97d8ab6142f53424 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b9ddad698cc7ffe:host:172.234.197.23	SESSION-9b9ddad698cc7ffe → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4145be500857fbf:host:177.10.239.99	SESSION-c4145be500857fbf → host:177.10.239.99
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fbd574144622ed91:host:172.234.197.23	SESSION-fbd574144622ed91 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.222:asn:262880	host:177.10.233.222 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b6b757282734812:host:131.196.29.54	SESSION-4b6b757282734812 → host:131.196.29.54
FLOW_DST_PORTOBS	e:fp:flow:6e46b809e37b:port:tcp:22	flow:6e46b809e37b → port:tcp:22
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.198:geo_-23.62930_-46.63510	host:131.196.28.198 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a103d39af7264a48:SESSION-a103d39af7264a48	SESSION-a103d39af7264a48 → pe:tls:SESSION-a103d39af7264a48
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c5c562cec43ce89e:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c5c562cec43ce89e → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-5a7a08ae566a4a8b:host:172.234.197.23	SESSION-5a7a08ae566a4a8b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ea19b3bdbd95a16b:host:177.10.234.88	SESSION-ea19b3bdbd95a16b → host:177.10.234.88
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-82d78308744a8bb2:host:177.10.235.151:host:172.234.197.23	SESSION-82d78308744a8bb2 → host:177.10.235.151 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-09e72a02b44d9649:host:177.10.236.153	SESSION-09e72a02b44d9649 → host:177.10.236.153
FLOW_DST_PORTOBS	e:fp:flow:c3499df4b83e:port:tcp:443	flow:c3499df4b83e → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.61:geo_-16.28860_-49.01640	host:177.10.235.61 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-592321b004976459:flow:0c49e7844116	SESSION-592321b004976459 → flow:0c49e7844116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03bb88743ccc2c68:host:177.10.234.216	SESSION-03bb88743ccc2c68 → host:177.10.234.216
flow_observed5-aryOBS	e:fo:flow:ff51aea43c4b	flow:ff51aea43c4b → host:177.10.236.29 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7bf74715b11f1486:host:172.234.197.23	SESSION-7bf74715b11f1486 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:62a92a296f67:port:tcp:443	flow:62a92a296f67 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:107962b6041b	flow:107962b6041b → host:177.10.234.199 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:378598e76593	flow:378598e76593 → host:172.234.197.23 → host:2.57.122.192 → port:tcp:32238
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a5643c60889fe0da:flow:a3e5489924b1	SESSION-a5643c60889fe0da → flow:a3e5489924b1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1530091b08a9906d:SESSION-1530091b08a9906d	SESSION-1530091b08a9906d → pe:syn:SESSION-1530091b08a9906d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5a5092ccda361ecd:SESSION-5a5092ccda361ecd	SESSION-5a5092ccda361ecd → pe:syn:SESSION-5a5092ccda361ecd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ed8e90a0efd647ab:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ed8e90a0efd647ab → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:3e8e71298b45:port:tcp:63875	flow:3e8e71298b45 → port:tcp:63875
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8e6988ed77a3d110:SESSION-8e6988ed77a3d110	SESSION-8e6988ed77a3d110 → pe:tls:SESSION-8e6988ed77a3d110
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e09e8a3cbea3c18a:host:177.10.232.210:host:172.234.197.23	SESSION-e09e8a3cbea3c18a → host:177.10.232.210 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.247:asn:271410	host:131.196.30.247 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:b536c20c3fd9:port:tcp:55968	flow:b536c20c3fd9 → port:tcp:55968
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a1570467d4c9a43:host:172.234.197.23	SESSION-4a1570467d4c9a43 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-74f51cf412342155:SESSION-74f51cf412342155	SESSION-74f51cf412342155 → pe:tls:SESSION-74f51cf412342155
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c98ee522a60a5600:SESSION-c98ee522a60a5600	SESSION-c98ee522a60a5600 → pe:tls:SESSION-c98ee522a60a5600
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d3ca4dbaf4c9647:host:172.234.197.23	SESSION-4d3ca4dbaf4c9647 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3831f1a5ed6fd2c0:host:131.196.28.143	SESSION-3831f1a5ed6fd2c0 → host:131.196.28.143
FLOW_DST_PORTOBS	e:fp:flow:7e0530f5b553:port:tcp:21122	flow:7e0530f5b553 → port:tcp:21122
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.109:asn:262880	host:177.10.232.109 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3988a9d0230ebd4d:host:172.234.197.23	SESSION-3988a9d0230ebd4d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8578034648884afe:host:172.234.197.23	SESSION-8578034648884afe → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3982f1a8e532b400:flow:edc9ead3961c	SESSION-3982f1a8e532b400 → flow:edc9ead3961c
FLOW_TO_HOSTOBS	e:to:SESSION-921ff5b52f826cc0:host:172.234.197.23	SESSION-921ff5b52f826cc0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-55979c68784410e0:host:172.234.197.23	SESSION-55979c68784410e0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:414bfd368f16:port:tcp:443	flow:414bfd368f16 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-3f9c5288639cc167:host:172.234.197.23	SESSION-3f9c5288639cc167 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:38f8530d2430	flow:38f8530d2430 → host:78.12.248.31 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a9b85b89d918f42:host:131.196.30.75:host:172.234.197.23	SESSION-8a9b85b89d918f42 → host:131.196.30.75 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc55eac4fb6ef554:flow:2c26000380dd	SESSION-cc55eac4fb6ef554 → flow:2c26000380dd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-bb0c069bf1f40e5a:SESSION-bb0c069bf1f40e5a	SESSION-bb0c069bf1f40e5a → pe:rst:SESSION-bb0c069bf1f40e5a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.212:asn:262880	host:177.10.237.212 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ac3abc26fe7d2af5:SESSION-ac3abc26fe7d2af5	SESSION-ac3abc26fe7d2af5 → pe:tls:SESSION-ac3abc26fe7d2af5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:93.119.5.133:geo_52.38240_4.89950	host:93.119.5.133 → geo_52.38240_4.89950
FLOW_TO_HOSTOBS	e:to:SESSION-715e4cea63e7cde7:host:172.234.197.23	SESSION-715e4cea63e7cde7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d678c7d14c2f15db:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d678c7d14c2f15db → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf1d5c3c8737f760:SESSION-bf1d5c3c8737f760	SESSION-bf1d5c3c8737f760 → pe:tls:SESSION-bf1d5c3c8737f760
flow_observed5-aryOBS	e:fo:flow:d2892ce86f73	flow:d2892ce86f73 → host:131.196.30.213 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-58a871785a3878fd:host:172.234.197.23	SESSION-58a871785a3878fd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b5498d903f3b2d41:SESSION-b5498d903f3b2d41	SESSION-b5498d903f3b2d41 → pe:syn:SESSION-b5498d903f3b2d41
FLOW_TO_HOSTOBS	e:to:SESSION-8c9381f88305d4e9:host:131.196.29.79	SESSION-8c9381f88305d4e9 → host:131.196.29.79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14e24a51491967d5:host:163.192.126.71	SESSION-14e24a51491967d5 → host:163.192.126.71
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5adf4423481534a6:flow:510487093d98	SESSION-5adf4423481534a6 → flow:510487093d98
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99c8a38ab4cce90e:host:172.234.197.23	SESSION-99c8a38ab4cce90e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fad6b9be10f7d404:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-fad6b9be10f7d404 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3f12e4f5ba81c4d8:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-3f12e4f5ba81c4d8 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4387fd9792a7eb8a:SESSION-4387fd9792a7eb8a	SESSION-4387fd9792a7eb8a → pe:syn:SESSION-4387fd9792a7eb8a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fb645c1b10558a95:SESSION-fb645c1b10558a95	SESSION-fb645c1b10558a95 → pe:syn:SESSION-fb645c1b10558a95
flow_observed5-aryOBS	e:fo:flow:9effe3c58d75	flow:9effe3c58d75 → host:177.10.233.28 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:94.183.177.120:asn:62442	host:94.183.177.120 → asn:62442
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3e4d7008639203d5:host:172.234.197.23:host:172.232.0.16	SESSION-3e4d7008639203d5 → host:172.234.197.23 → host:172.232.0.16
flow_observed5-aryOBS	e:fo:flow:61aa546ed047	flow:61aa546ed047 → host:177.10.232.157 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa658fe130f71ff5:PCAP:capture_20260430160001:9bfa4498506a	SESSION-aa658fe130f71ff5 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-866725b3664820db:PCAP:capture_20260430050001:8868731bf8a4	SESSION-866725b3664820db → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5a7a08ae566a4a8b:SESSION-5a7a08ae566a4a8b	SESSION-5a7a08ae566a4a8b → pe:syn:SESSION-5a7a08ae566a4a8b
FLOW_FROM_HOSTOBS	e:from:SESSION-c1b9603c0e1ea765:host:172.234.197.23	SESSION-c1b9603c0e1ea765 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7e2811d191c294e0:SESSION-7e2811d191c294e0	SESSION-7e2811d191c294e0 → pe:tls:SESSION-7e2811d191c294e0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.90:geo_-16.28860_-49.01640	host:177.10.236.90 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:c4c7444531ea	flow:c4c7444531ea → host:172.234.197.23 → host:177.10.235.147 → port:tcp:42254
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-62b98bdaf08d2190:flow:218b80a18834	SESSION-62b98bdaf08d2190 → flow:218b80a18834
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fe22df31c35f787d:SESSION-fe22df31c35f787d	SESSION-fe22df31c35f787d → pe:syn:SESSION-fe22df31c35f787d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5dbf12d77f23d3eb:host:131.196.30.176	SESSION-5dbf12d77f23d3eb → host:131.196.30.176
FLOW_TO_HOSTOBS	e:to:SESSION-9e8a9e43c374485d:host:172.234.197.23	SESSION-9e8a9e43c374485d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d6622ca4a22ed44:host:177.10.238.9	SESSION-5d6622ca4a22ed44 → host:177.10.238.9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-605176cb8a71c0f4:host:45.173.156.80:host:172.234.197.23	SESSION-605176cb8a71c0f4 → host:45.173.156.80 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1446b81625870ef0:host:172.234.197.23	SESSION-1446b81625870ef0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-292edad33ae38c98:PCAP:capture_20260430150001:ded20914761d	SESSION-292edad33ae38c98 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc1c86e42be942bd:host:103.155.16.117	SESSION-cc1c86e42be942bd → host:103.155.16.117
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a936b4b3a73fb0c:host:172.234.197.23	SESSION-6a936b4b3a73fb0c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:543ad9915703	flow:543ad9915703 → host:131.196.31.93 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:8221cb92d987:port:tcp:443	flow:8221cb92d987 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.76:geo_-16.28860_-49.01640	host:177.10.234.76 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6515500944a7e42e:SESSION-6515500944a7e42e	SESSION-6515500944a7e42e → pe:syn:SESSION-6515500944a7e42e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2be203d892e5c4c6:flow:9345b6af3372	SESSION-2be203d892e5c4c6 → flow:9345b6af3372
FLOW_FROM_HOSTOBS	e:from:SESSION-b10aefef2d5c06b7:host:177.10.233.119	SESSION-b10aefef2d5c06b7 → host:177.10.233.119
FLOW_TO_HOSTOBS	e:to:SESSION-1446b81625870ef0:host:172.234.197.23	SESSION-1446b81625870ef0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a3414b775ddfde4b:SESSION-a3414b775ddfde4b	SESSION-a3414b775ddfde4b → pe:syn:SESSION-a3414b775ddfde4b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0fd6726780ee8778:host:131.196.30.234	SESSION-0fd6726780ee8778 → host:131.196.30.234
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a2cae37d21287a7:host:177.10.239.213	SESSION-2a2cae37d21287a7 → host:177.10.239.213
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5fcbc735dfd8018d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-5fcbc735dfd8018d → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0dbdaab1cb35f54:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c0dbdaab1cb35f54 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f5731b0b8f40f73a:flow:9ddcb64ac58c	SESSION-f5731b0b8f40f73a → flow:9ddcb64ac58c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8b9309f53afd487:host:45.173.156.162	SESSION-d8b9309f53afd487 → host:45.173.156.162
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37a58b55d4a339c3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-37a58b55d4a339c3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f2cb956713b4a7f:host:131.196.30.129	SESSION-8f2cb956713b4a7f → host:131.196.30.129
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c787945ac898609:host:172.234.197.23	SESSION-3c787945ac898609 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c24cbdb3e7b273c:host:92.112.71.199	SESSION-2c24cbdb3e7b273c → host:92.112.71.199
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.195:asn:262880	host:177.10.238.195 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-e4b14eb8b6ee95ef:host:177.10.235.255	SESSION-e4b14eb8b6ee95ef → host:177.10.235.255
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-23002560e1da6de3:host:131.196.28.200:host:172.234.197.23	SESSION-23002560e1da6de3 → host:131.196.28.200 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9b0db0782ff3:port:tcp:443	flow:9b0db0782ff3 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1a09dd97dc23cca0:host:172.234.197.23:host:177.10.235.70	SESSION-1a09dd97dc23cca0 → host:172.234.197.23 → host:177.10.235.70
flow_observed5-aryOBS	e:fo:flow:9764e892a4e4	flow:9764e892a4e4 → host:45.173.156.215 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ffa84d5a72af3dab:host:172.234.197.23	SESSION-ffa84d5a72af3dab → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ed29e6defb1050d9:flow:de846744fe67	SESSION-ed29e6defb1050d9 → flow:de846744fe67
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.61:asn:262880	host:177.10.235.61 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-850471f172c9c8e6:host:131.196.31.165	SESSION-850471f172c9c8e6 → host:131.196.31.165
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.72:asn:262880	host:177.10.232.72 → asn:262880
flow_observed5-aryOBS	e:fo:flow:801bbf52a78d	flow:801bbf52a78d → host:177.10.232.34 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-398d13acd4a88a37:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-398d13acd4a88a37 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa35d0a8fa5d9f77:host:172.234.197.23	SESSION-fa35d0a8fa5d9f77 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3d0d891734a12161:host:172.234.197.23	SESSION-3d0d891734a12161 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2c5cf90e9824	flow:2c5cf90e9824 → host:177.10.232.81 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65aa50b6e4bd0a70:SESSION-65aa50b6e4bd0a70	SESSION-65aa50b6e4bd0a70 → pe:tls:SESSION-65aa50b6e4bd0a70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-287f6ffdc6040b27:host:177.10.239.137	SESSION-287f6ffdc6040b27 → host:177.10.239.137
FLOW_DST_PORTOBS	e:fp:flow:337d55bdec10:port:tcp:443	flow:337d55bdec10 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.177:geo_-23.62930_-46.63510	host:131.196.31.177 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0233a0286136dd2:host:177.10.233.141	SESSION-b0233a0286136dd2 → host:177.10.233.141
FLOW_TO_HOSTOBS	e:to:SESSION-aa31472460997bf3:host:172.234.197.23	SESSION-aa31472460997bf3 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:27a30c1d9498	flow:27a30c1d9498 → host:172.234.197.23 → host:131.196.29.94 → port:tcp:64001
flow_observed5-aryOBS	e:fo:flow:00b445dc0021	flow:00b445dc0021 → host:131.196.28.34 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-49828b0c1667648d:host:131.196.28.19	SESSION-49828b0c1667648d → host:131.196.28.19
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.246:geo_-16.28860_-49.01640	host:177.10.234.246 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-fa2f81c8f6798425:host:172.234.197.23	SESSION-fa2f81c8f6798425 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d098d799c39976fd:flow:1c51f3cc9345	SESSION-d098d799c39976fd → flow:1c51f3cc9345
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3a3b1f52ae1679da:host:95.135.228.39:host:172.234.197.23	SESSION-3a3b1f52ae1679da → host:95.135.228.39 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2969d43ba10a409c:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-2969d43ba10a409c → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-324907e130151d7d:host:131.196.29.134	SESSION-324907e130151d7d → host:131.196.29.134
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2b68ed671c67acfd:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2b68ed671c67acfd → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:49941ca50d63	flow:49941ca50d63 → host:131.196.28.170 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-b7832d3594ed31e4:host:92.112.71.6	SESSION-b7832d3594ed31e4 → host:92.112.71.6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2634dc5934886659:SESSION-2634dc5934886659	SESSION-2634dc5934886659 → pe:syn:SESSION-2634dc5934886659
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9a7f0a64436ce2ca:flow:f52ba8ec3146	SESSION-9a7f0a64436ce2ca → flow:f52ba8ec3146
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.143:geo_-16.28860_-49.01640	host:177.10.236.143 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d06d4272bf4950c7:flow:7df3f8b64aac	SESSION-d06d4272bf4950c7 → flow:7df3f8b64aac
flow_observed5-aryOBS	e:fo:flow:a7d77fe955ab	flow:a7d77fe955ab → host:177.10.239.237 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bd3259577d52904f:flow:a552d7b0d5be	SESSION-bd3259577d52904f → flow:a552d7b0d5be
FLOW_DST_PORTOBS	e:fp:flow:b201d08003c8:port:tcp:443	flow:b201d08003c8 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6490de849a8e5020:SESSION-6490de849a8e5020	SESSION-6490de849a8e5020 → pe:tls:SESSION-6490de849a8e5020
FLOW_FROM_HOSTOBS	e:from:SESSION-57092e6ea3a8c881:host:177.10.236.59	SESSION-57092e6ea3a8c881 → host:177.10.236.59
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e094b52f54dff79:flow:780934a9be2c	SESSION-4e094b52f54dff79 → flow:780934a9be2c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ff9e39cb371b24f:flow:628dc6635430	SESSION-1ff9e39cb371b24f → flow:628dc6635430
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.17:asn:262880	host:177.10.236.17 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8300d990ddd9a21:SESSION-c8300d990ddd9a21	SESSION-c8300d990ddd9a21 → pe:tls:SESSION-c8300d990ddd9a21
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-86b4956d98680667:flow:764c895d5614	SESSION-86b4956d98680667 → flow:764c895d5614
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e991004bd02372d1:SESSION-e991004bd02372d1	SESSION-e991004bd02372d1 → pe:syn:SESSION-e991004bd02372d1
FLOW_FROM_HOSTOBS	e:from:SESSION-4ddb6310055a59be:host:131.196.31.143	SESSION-4ddb6310055a59be → host:131.196.31.143
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7fd0e8f46f0bc660:host:177.10.234.210:host:172.234.197.23	SESSION-7fd0e8f46f0bc660 → host:177.10.234.210 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-afbbd778f47cc6c1:host:172.234.197.23	SESSION-afbbd778f47cc6c1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-86f90a53110dcf25:host:177.10.237.28	SESSION-86f90a53110dcf25 → host:177.10.237.28
FLOW_DST_PORTOBS	e:fp:flow:10baf7420b2a:port:tcp:35712	flow:10baf7420b2a → port:tcp:35712
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.242:geo_-23.62930_-46.63510	host:131.196.29.242 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-567e9582c6914b15:host:172.234.197.23	SESSION-567e9582c6914b15 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5c83cde1dbe634e7:host:177.10.238.172:host:172.234.197.23	SESSION-5c83cde1dbe634e7 → host:177.10.238.172 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-37ba5323333f9720:host:177.10.233.130	SESSION-37ba5323333f9720 → host:177.10.233.130
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-34b8eff946ae371a:SESSION-34b8eff946ae371a	SESSION-34b8eff946ae371a → pe:syn:SESSION-34b8eff946ae371a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-779d668625040802:SESSION-779d668625040802	SESSION-779d668625040802 → pe:tls:SESSION-779d668625040802
FLOW_TO_HOSTOBS	e:to:SESSION-07bcf39894ea5ee9:host:172.234.197.23	SESSION-07bcf39894ea5ee9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b32f5a9266c1045d:SESSION-b32f5a9266c1045d	SESSION-b32f5a9266c1045d → pe:tls:SESSION-b32f5a9266c1045d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-71cc4f2ac3d57c32:flow:6334bd55125a	SESSION-71cc4f2ac3d57c32 → flow:6334bd55125a
FLOW_DST_PORTOBS	e:fp:flow:9b30438b62ce:port:tcp:14033	flow:9b30438b62ce → port:tcp:14033
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93e5d317492a213b:host:177.10.232.233	SESSION-93e5d317492a213b → host:177.10.232.233
FLOW_TO_HOSTOBS	e:to:SESSION-161d2a74a24978d6:host:172.234.197.23	SESSION-161d2a74a24978d6 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.96:geo_-16.28860_-49.01640	host:177.10.233.96 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.221:asn:203771	host:92.112.71.221 → asn:203771
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d9e1dffa0e2317c3:host:177.10.236.215:host:172.234.197.23	SESSION-d9e1dffa0e2317c3 → host:177.10.236.215 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:27769fa10d70:port:tcp:443	flow:27769fa10d70 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b5af66d109a4873:flow:28a3cd6fd6a8	SESSION-5b5af66d109a4873 → flow:28a3cd6fd6a8
FLOW_FROM_HOSTOBS	e:from:SESSION-89c2fe6aad8232be:host:172.234.197.23	SESSION-89c2fe6aad8232be → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-67b1c0091ebc1322:host:131.196.28.136:host:172.234.197.23	SESSION-67b1c0091ebc1322 → host:131.196.28.136 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eb72c41fb24aaf81:SESSION-eb72c41fb24aaf81	SESSION-eb72c41fb24aaf81 → pe:syn:SESSION-eb72c41fb24aaf81
FLOW_DST_PORTOBS	e:fp:flow:e8a83eb6519a:port:tcp:57324	flow:e8a83eb6519a → port:tcp:57324
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-60dab6a51248be22:flow:0950ef508a6b	SESSION-60dab6a51248be22 → flow:0950ef508a6b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d2803f457704e39:host:172.234.197.23	SESSION-7d2803f457704e39 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.187:asn:262880	host:177.10.238.187 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-16a55bcfd76736b7:flow:0691a722d6b7	SESSION-16a55bcfd76736b7 → flow:0691a722d6b7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a139b1df55cde4d7:host:172.234.197.23:host:131.196.30.74	SESSION-a139b1df55cde4d7 → host:172.234.197.23 → host:131.196.30.74
FLOW_FROM_HOSTOBS	e:from:SESSION-f718644b6283d05d:host:172.234.197.23	SESSION-f718644b6283d05d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:91dee87e0652	flow:91dee87e0652 → host:45.173.156.11 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:c0d5ddcdc1fc:port:tcp:443	flow:c0d5ddcdc1fc → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-3bedd6d77774b5e6:host:172.234.197.23	SESSION-3bedd6d77774b5e6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-375dced119266894:host:172.234.197.23	SESSION-375dced119266894 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cd13e266b02b3087:SESSION-cd13e266b02b3087	SESSION-cd13e266b02b3087 → pe:syn:SESSION-cd13e266b02b3087
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a96ffc9fa12c0c5a:SESSION-a96ffc9fa12c0c5a	SESSION-a96ffc9fa12c0c5a → pe:tls:SESSION-a96ffc9fa12c0c5a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.199:geo_41.02140_28.99480	host:185.231.226.199 → geo_41.02140_28.99480
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fda5d1d0c89bbfd4:flow:a154865920f4	SESSION-fda5d1d0c89bbfd4 → flow:a154865920f4
FLOW_TO_HOSTOBS	e:to:SESSION-660bfab63a10a518:host:172.234.197.23	SESSION-660bfab63a10a518 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e5a933b86812e122:host:172.234.197.23	SESSION-e5a933b86812e122 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b145e081d4e87ab3:SESSION-b145e081d4e87ab3	SESSION-b145e081d4e87ab3 → pe:tls:SESSION-b145e081d4e87ab3
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.71:asn:271410	host:131.196.30.71 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4341cc9426e2382:host:177.10.238.171	SESSION-d4341cc9426e2382 → host:177.10.238.171
flow_observed4-aryOBS	e:fo:flow:515c2b7595f3	flow:515c2b7595f3 → host:172.234.197.23 → host:177.10.239.192 → port:tcp:20807
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3f4f2e64710996bb:flow:20799daf6931	SESSION-3f4f2e64710996bb → flow:20799daf6931
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-86951cb3218963fd:SESSION-86951cb3218963fd	SESSION-86951cb3218963fd → pe:tls:SESSION-86951cb3218963fd
FLOW_FROM_HOSTOBS	e:from:SESSION-d811160d7459a4b2:host:177.10.238.113	SESSION-d811160d7459a4b2 → host:177.10.238.113
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5490e36eb363059:host:177.10.234.186	SESSION-e5490e36eb363059 → host:177.10.234.186
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-386a52b5a647d101:host:172.234.197.23:host:177.10.234.157	SESSION-386a52b5a647d101 → host:172.234.197.23 → host:177.10.234.157
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1213fdeaeb0b4e25:flow:57c5a1bd2723	SESSION-1213fdeaeb0b4e25 → flow:57c5a1bd2723
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-931a0ea4dc7054bf:host:177.10.232.246:host:172.234.197.23	SESSION-931a0ea4dc7054bf → host:177.10.232.246 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44d3fd3ee1d51da1:host:172.234.197.23	SESSION-44d3fd3ee1d51da1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a918f52003c304f:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-0a918f52003c304f → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-38231883b4033aa4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-38231883b4033aa4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e7e8f7da56292748:SESSION-e7e8f7da56292748	SESSION-e7e8f7da56292748 → pe:syn:SESSION-e7e8f7da56292748
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-89957ac1ec870b87:PCAP:capture_20260430070001:903a0e7a436b	SESSION-89957ac1ec870b87 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7792ff6d5e7124a:SESSION-b7792ff6d5e7124a	SESSION-b7792ff6d5e7124a → pe:tls:SESSION-b7792ff6d5e7124a
FLOW_FROM_HOSTOBS	e:from:SESSION-9bd60248a4061d8d:host:177.10.238.98	SESSION-9bd60248a4061d8d → host:177.10.238.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ca6098e1767361a3:SESSION-ca6098e1767361a3	SESSION-ca6098e1767361a3 → pe:syn:SESSION-ca6098e1767361a3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7828bb27afafcc71:SESSION-7828bb27afafcc71	SESSION-7828bb27afafcc71 → pe:syn:SESSION-7828bb27afafcc71
FLOW_DST_PORTOBS	e:fp:flow:f77ce7a71f03:port:tcp:443	flow:f77ce7a71f03 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd801ce1250407dd:host:131.196.31.244	SESSION-cd801ce1250407dd → host:131.196.31.244
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2e85a67565660f7c:flow:19dfc6870514	SESSION-2e85a67565660f7c → flow:19dfc6870514
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-91e694161f32570f:host:172.234.197.23:host:131.196.28.227	SESSION-91e694161f32570f → host:172.234.197.23 → host:131.196.28.227
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d96c6feac6dadd94:host:177.10.233.115:host:172.234.197.23	SESSION-d96c6feac6dadd94 → host:177.10.233.115 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6229e1e1c7b389d0:host:177.10.235.158	SESSION-6229e1e1c7b389d0 → host:177.10.235.158
FLOW_TO_HOSTOBS	e:to:SESSION-8f8f919bfd11f34b:host:172.234.197.23	SESSION-8f8f919bfd11f34b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c8d5fc6f7b2bd264:host:172.234.197.23	SESSION-c8d5fc6f7b2bd264 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8df67b08eebb:port:tcp:38216	flow:8df67b08eebb → port:tcp:38216
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2db29654b7388c8c:SESSION-2db29654b7388c8c	SESSION-2db29654b7388c8c → pe:syn:SESSION-2db29654b7388c8c
FLOW_DST_PORTOBS	e:fp:flow:79f8753e726b:port:tcp:34035	flow:79f8753e726b → port:tcp:34035
FLOW_DST_PORTOBS	e:fp:flow:3faa83c68201:port:tcp:31935	flow:3faa83c68201 → port:tcp:31935
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f709c3d74e04443c:flow:e3e2cf6c78e9	SESSION-f709c3d74e04443c → flow:e3e2cf6c78e9
FLOW_FROM_HOSTOBS	e:from:SESSION-e3ba2cf190ed0b5c:host:131.196.28.18	SESSION-e3ba2cf190ed0b5c → host:131.196.28.18
FLOW_TO_HOSTOBS	e:to:SESSION-fd9b77a0701a4e1b:host:80.94.92.186	SESSION-fd9b77a0701a4e1b → host:80.94.92.186
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9e2a4babdc2dc965:SESSION-9e2a4babdc2dc965	SESSION-9e2a4babdc2dc965 → pe:syn:SESSION-9e2a4babdc2dc965
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01c9c3509e882c26:host:172.234.197.23	SESSION-01c9c3509e882c26 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1c21073699e99172:PCAP:capture_20260430150001:ded20914761d	SESSION-1c21073699e99172 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-6667ca1b9f8ba8d1:host:131.196.28.72	SESSION-6667ca1b9f8ba8d1 → host:131.196.28.72
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.88:geo_-16.28860_-49.01640	host:177.10.232.88 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65262d33293291dd:host:172.234.197.23	SESSION-65262d33293291dd → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e80b8abc3477	flow:e80b8abc3477 → host:177.10.233.255 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d0153bfe1e0550f7:host:177.10.234.143:host:172.234.197.23	SESSION-d0153bfe1e0550f7 → host:177.10.234.143 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.61:asn:273470	host:45.173.156.61 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd1fe9b471d92d57:host:177.10.234.51	SESSION-dd1fe9b471d92d57 → host:177.10.234.51
FLOW_DST_PORTOBS	e:fp:flow:cf56f055e8e4:port:tcp:443	flow:cf56f055e8e4 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.85:geo_-23.62930_-46.63510	host:131.196.31.85 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-1da9f85a5b3be49b:host:172.234.197.23	SESSION-1da9f85a5b3be49b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1705f35e2db46a43:host:172.234.197.23	SESSION-1705f35e2db46a43 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e93d3fe416fcd95:host:172.234.197.23	SESSION-5e93d3fe416fcd95 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4b00d7db41be144d:host:172.234.197.23	SESSION-4b00d7db41be144d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8b71ac0dda5d9d9:host:172.234.197.23	SESSION-e8b71ac0dda5d9d9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-92547fda1a59fab0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-92547fda1a59fab0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e512980b1e52beb:host:172.234.197.23:host:177.10.233.98	SESSION-7e512980b1e52beb → host:172.234.197.23 → host:177.10.233.98
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7391507b773a5722:host:172.234.197.23	SESSION-7391507b773a5722 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7858b3452cd9a479:host:45.173.156.134	SESSION-7858b3452cd9a479 → host:45.173.156.134
FLOW_DST_PORTOBS	e:fp:flow:965934c253f8:port:tcp:64830	flow:965934c253f8 → port:tcp:64830
FLOW_TO_HOSTOBS	e:to:SESSION-8b082affabc66a77:host:131.196.31.71	SESSION-8b082affabc66a77 → host:131.196.31.71
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-93be623985b95b7d:SESSION-93be623985b95b7d	SESSION-93be623985b95b7d → pe:syn:SESSION-93be623985b95b7d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7759d4a46d500e47:PCAP:capture_20260430080001:93f47cc296a4	SESSION-7759d4a46d500e47 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4eeddeaeae099136:host:131.196.31.121:host:172.234.197.23	SESSION-4eeddeaeae099136 → host:131.196.31.121 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8611e35c54ed	flow:8611e35c54ed → host:177.10.232.105 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.200:asn:273470	host:45.173.156.200 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ca44e56e93546a2c:SESSION-ca44e56e93546a2c	SESSION-ca44e56e93546a2c → pe:syn:SESSION-ca44e56e93546a2c
FLOW_TO_HOSTOBS	e:to:SESSION-ef3cd86b38e13880:host:45.173.156.14	SESSION-ef3cd86b38e13880 → host:45.173.156.14
flow_observed4-aryOBS	e:fo:flow:248c942cf479	flow:248c942cf479 → host:172.234.197.23 → host:131.196.31.144 → port:tcp:52963
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3739e8b613327ce5:host:172.234.197.23	SESSION-3739e8b613327ce5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-53fc35cd2bdb80ce:host:172.234.197.23	SESSION-53fc35cd2bdb80ce → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-669451aeea441b50:flow:682d61a35e49	SESSION-669451aeea441b50 → flow:682d61a35e49
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.102:geo_41.02140_28.99480	host:31.40.196.102 → geo_41.02140_28.99480
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8aa4413fe5db5235:host:172.234.197.23	SESSION-8aa4413fe5db5235 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa7ff8c6e8f0ef9e:host:131.196.28.39	SESSION-aa7ff8c6e8f0ef9e → host:131.196.28.39
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.175:geo_41.00190_28.96450	host:95.170.25.175 → geo_41.00190_28.96450
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7a9739ecc8b00e90:SESSION-7a9739ecc8b00e90	SESSION-7a9739ecc8b00e90 → pe:syn:SESSION-7a9739ecc8b00e90
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f83bf77e11c8adb3:host:177.10.239.78	SESSION-f83bf77e11c8adb3 → host:177.10.239.78
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa09fbb5e640ff94:SESSION-aa09fbb5e640ff94	SESSION-aa09fbb5e640ff94 → pe:syn:SESSION-aa09fbb5e640ff94
flow_observed5-aryOBS	e:fo:flow:b1dd07e29155	flow:b1dd07e29155 → host:177.10.233.126 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-1ad9dd4ac6be1fc2:host:172.234.197.23	SESSION-1ad9dd4ac6be1fc2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-03f351fbd88acdc4:host:131.196.31.23:host:172.234.197.23	SESSION-03f351fbd88acdc4 → host:131.196.31.23 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c828adcf318b7963:host:185.231.226.138:host:172.234.197.23	SESSION-c828adcf318b7963 → host:185.231.226.138 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8087a35b1573:port:tcp:443	flow:8087a35b1573 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-a83f7d2591dcabf5:host:172.234.197.23	SESSION-a83f7d2591dcabf5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-228e058fc2527275:flow:7645329c448b	SESSION-228e058fc2527275 → flow:7645329c448b
flow_observed4-aryOBS	e:fo:flow:590d1ed51177	flow:590d1ed51177 → host:172.234.197.23 → host:131.196.30.83 → port:tcp:15646
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-73eca1f22df524d3:SESSION-73eca1f22df524d3	SESSION-73eca1f22df524d3 → pe:tls:SESSION-73eca1f22df524d3
FLOW_TO_HOSTOBS	e:to:SESSION-ff2bd1b9d0923cc1:host:172.234.197.23	SESSION-ff2bd1b9d0923cc1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f3748d9d14aafdb8:host:172.234.197.23:host:177.10.236.115	SESSION-f3748d9d14aafdb8 → host:172.234.197.23 → host:177.10.236.115
flow_observed5-aryOBS	e:fo:flow:cb4be7a193fc	flow:cb4be7a193fc → host:131.196.28.129 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c36eb4dd059a78a3:SESSION-c36eb4dd059a78a3	SESSION-c36eb4dd059a78a3 → pe:tls:SESSION-c36eb4dd059a78a3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3957034b2fd24e8:host:131.196.31.100	SESSION-c3957034b2fd24e8 → host:131.196.31.100
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ccf862d3dae518e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8ccf862d3dae518e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35228babc2ac6e48:host:172.234.197.23	SESSION-35228babc2ac6e48 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:68285fd309bb:port:tcp:41502	flow:68285fd309bb → port:tcp:41502
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0fe55e7c11d50f79:flow:9010546a6a57	SESSION-0fe55e7c11d50f79 → flow:9010546a6a57
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0dea31b94d7dde57:SESSION-0dea31b94d7dde57	SESSION-0dea31b94d7dde57 → pe:syn:SESSION-0dea31b94d7dde57
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.198:asn:271410	host:131.196.31.198 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-764219a5db7d50bc:host:172.234.197.23	SESSION-764219a5db7d50bc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4325a6893dda791:host:131.196.29.254	SESSION-c4325a6893dda791 → host:131.196.29.254
FLOW_TO_HOSTOBS	e:to:SESSION-0a32c5a0b23fc272:host:172.234.197.23	SESSION-0a32c5a0b23fc272 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8b5f689fd50e4895:host:44.243.2.252:host:172.234.197.23	SESSION-8b5f689fd50e4895 → host:44.243.2.252 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9072e99a39ab8173:host:172.234.197.23	SESSION-9072e99a39ab8173 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-50e84f588759fadd:host:172.234.197.23	SESSION-50e84f588759fadd → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-132ae74090c90dac:PCAP:capture_20260430090001:065659c7d314	SESSION-132ae74090c90dac → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6c92176ee8d876ba:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6c92176ee8d876ba → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-85683c3aa8c095db:SESSION-85683c3aa8c095db	SESSION-85683c3aa8c095db → pe:syn:SESSION-85683c3aa8c095db
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.107:geo_-16.28860_-49.01640	host:177.10.239.107 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d1e9854752b2176:host:131.196.31.145	SESSION-0d1e9854752b2176 → host:131.196.31.145
FLOW_DST_PORTOBS	e:fp:flow:dec8c7b5212e:port:tcp:443	flow:dec8c7b5212e → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:184.171.210.134:geo_42.98670_-81.18080	host:184.171.210.134 → geo_42.98670_-81.18080
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c88d7695016e6fbb:SESSION-c88d7695016e6fbb	SESSION-c88d7695016e6fbb → pe:syn:SESSION-c88d7695016e6fbb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f496191c2c04cb7e:host:131.196.31.19:host:172.234.197.23	SESSION-f496191c2c04cb7e → host:131.196.31.19 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bef08b3c32a1c401:SESSION-bef08b3c32a1c401	SESSION-bef08b3c32a1c401 → pe:tls:SESSION-bef08b3c32a1c401
FLOW_DST_PORTOBS	e:fp:flow:a74fab2c698c:port:tcp:443	flow:a74fab2c698c → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:56fb0bb7a878	flow:56fb0bb7a878 → host:172.234.197.23 → host:177.10.234.135 → port:tcp:39377
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e9c01925d6f4319:host:172.234.197.23	SESSION-3e9c01925d6f4319 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.185:asn:262880	host:177.10.233.185 → asn:262880
flow_observed4-aryOBS	e:fo:flow:e772ab0d013d	flow:e772ab0d013d → host:172.234.197.23 → host:131.196.30.20 → port:tcp:46638
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.211:geo_-23.62930_-46.63510	host:131.196.28.211 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ccbfb0ac760822d:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-5ccbfb0ac760822d → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2fd944013b60077a:SESSION-2fd944013b60077a	SESSION-2fd944013b60077a → pe:syn:SESSION-2fd944013b60077a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.189:geo_-16.28860_-49.01640	host:177.10.239.189 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-08b25d9f54ecadf2:SESSION-08b25d9f54ecadf2	SESSION-08b25d9f54ecadf2 → pe:syn:SESSION-08b25d9f54ecadf2
FLOW_FROM_HOSTOBS	e:from:SESSION-c3fa9d5496b14fae:host:131.196.29.113	SESSION-c3fa9d5496b14fae → host:131.196.29.113
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-829966970db58135:SESSION-829966970db58135	SESSION-829966970db58135 → pe:tls:SESSION-829966970db58135
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-05167940272dd019:SESSION-05167940272dd019	SESSION-05167940272dd019 → pe:tls:SESSION-05167940272dd019
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5ae017ce34991ed1:SESSION-5ae017ce34991ed1	SESSION-5ae017ce34991ed1 → pe:tls:SESSION-5ae017ce34991ed1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3d6a52e82bb8db7f:flow:ddd8280bfafc	SESSION-3d6a52e82bb8db7f → flow:ddd8280bfafc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0be6cf40df30cb93:host:177.10.239.249	SESSION-0be6cf40df30cb93 → host:177.10.239.249
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.253:asn:271410	host:131.196.29.253 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-317129b18cf7eb6c:host:131.196.29.31:host:172.234.197.23	SESSION-317129b18cf7eb6c → host:131.196.29.31 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:faadb4fd5bdf:port:tcp:40508	flow:faadb4fd5bdf → port:tcp:40508
FLOW_DST_PORTOBS	e:fp:flow:0b4dff132ea3:port:tcp:47371	flow:0b4dff132ea3 → port:tcp:47371
FLOW_FROM_HOSTOBS	e:from:SESSION-ad4be2ec0ec8e7ca:host:131.196.30.161	SESSION-ad4be2ec0ec8e7ca → host:131.196.30.161
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-97d8ab6142f53424:flow:139a9503b98e	SESSION-97d8ab6142f53424 → flow:139a9503b98e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0aa7b6956faccec:host:172.234.197.23	SESSION-c0aa7b6956faccec → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4cb50c25219a	flow:4cb50c25219a → host:177.10.235.5 → host:172.234.197.23 → port:tcp:443 → svc:https
ASN_IN_ORGOBS 80%	e:ao:asn:262880:org:RADAR WISP LTDA	asn:262880 → org:RADAR WISP LTDA
FLOW_FROM_HOSTOBS	e:from:SESSION-e99befaea58c8acf:host:131.196.31.244	SESSION-e99befaea58c8acf → host:131.196.31.244
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-19fcdbc3c5b0e100:host:172.234.197.23:host:177.10.233.185	SESSION-19fcdbc3c5b0e100 → host:172.234.197.23 → host:177.10.233.185
FLOW_TO_HOSTOBS	e:to:SESSION-5e7f6e07782bad0e:host:172.234.197.23	SESSION-5e7f6e07782bad0e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a782bfdef89df980:host:177.10.238.50	SESSION-a782bfdef89df980 → host:177.10.238.50
FLOW_DST_PORTOBS	e:fp:flow:a9a71af39f70:port:tcp:25966	flow:a9a71af39f70 → port:tcp:25966
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3bc3682173c4cf6b:SESSION-3bc3682173c4cf6b	SESSION-3bc3682173c4cf6b → pe:syn:SESSION-3bc3682173c4cf6b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b9f10142199cea9c:flow:6459e3f91d35	SESSION-b9f10142199cea9c → flow:6459e3f91d35
flow_observed5-aryOBS	e:fo:flow:bf17f6c649c7	flow:bf17f6c649c7 → host:177.10.233.158 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cfe71d52ef2e928b:SESSION-cfe71d52ef2e928b	SESSION-cfe71d52ef2e928b → pe:syn:SESSION-cfe71d52ef2e928b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-620284e2b3f3a282:SESSION-620284e2b3f3a282	SESSION-620284e2b3f3a282 → pe:syn:SESSION-620284e2b3f3a282
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.117:asn:262880	host:177.10.236.117 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:d7fca1740005:port:tcp:64084	flow:d7fca1740005 → port:tcp:64084
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d82ce6b730f5fc6b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d82ce6b730f5fc6b → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cd4086b575d9a1c0:SESSION-cd4086b575d9a1c0	SESSION-cd4086b575d9a1c0 → pe:syn:SESSION-cd4086b575d9a1c0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8e44af15232c6a53:flow:8e35c9743ca0	SESSION-8e44af15232c6a53 → flow:8e35c9743ca0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-88d03f5c2bc073a8:SESSION-88d03f5c2bc073a8	SESSION-88d03f5c2bc073a8 → pe:tls:SESSION-88d03f5c2bc073a8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ead27f853a5aab01:SESSION-ead27f853a5aab01	SESSION-ead27f853a5aab01 → pe:syn:SESSION-ead27f853a5aab01
FLOW_FROM_HOSTOBS	e:from:SESSION-8224ed8c82963e52:host:131.196.28.81	SESSION-8224ed8c82963e52 → host:131.196.28.81
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8fb17d6554827f30:host:177.10.233.167	SESSION-8fb17d6554827f30 → host:177.10.233.167
FLOW_FROM_HOSTOBS	e:from:SESSION-c32ee209d5d1aa5e:host:172.234.197.23	SESSION-c32ee209d5d1aa5e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-19fcdbc3c5b0e100:SESSION-19fcdbc3c5b0e100	SESSION-19fcdbc3c5b0e100 → pe:tls:SESSION-19fcdbc3c5b0e100
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-28d97429831b8272:host:78.12.248.31:host:172.234.197.23	SESSION-28d97429831b8272 → host:78.12.248.31 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f5c08654c75b915c:flow:d8f7523d5853	SESSION-f5c08654c75b915c → flow:d8f7523d5853
FLOW_DST_PORTOBS	e:fp:flow:d8c2982da4e9:port:tcp:443	flow:d8c2982da4e9 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:497a68fc3b86	flow:497a68fc3b86 → host:172.234.197.23 → host:177.10.235.113 → port:tcp:59922
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-561fca01c9d6b351:SESSION-561fca01c9d6b351	SESSION-561fca01c9d6b351 → pe:tls:SESSION-561fca01c9d6b351
FLOW_DST_PORTOBS	e:fp:flow:d5957e7d54a0:port:tcp:443	flow:d5957e7d54a0 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-41f0125815f54041:SESSION-41f0125815f54041	SESSION-41f0125815f54041 → pe:tls:SESSION-41f0125815f54041
FLOW_FROM_HOSTOBS	e:from:SESSION-dcbceebcfa7feba5:host:177.10.235.79	SESSION-dcbceebcfa7feba5 → host:177.10.235.79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e6270bfda958738:host:172.234.197.23	SESSION-7e6270bfda958738 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9072e99a39ab8173:flow:b36f9561c530	SESSION-9072e99a39ab8173 → flow:b36f9561c530
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b50835be4d5bba16:SESSION-b50835be4d5bba16	SESSION-b50835be4d5bba16 → pe:tls:SESSION-b50835be4d5bba16
FLOW_FROM_HOSTOBS	e:from:SESSION-a9de26895ffb34a3:host:172.234.197.23	SESSION-a9de26895ffb34a3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4aa43b0ccd10448e:SESSION-4aa43b0ccd10448e	SESSION-4aa43b0ccd10448e → pe:tls:SESSION-4aa43b0ccd10448e
FLOW_FROM_HOSTOBS	e:from:SESSION-d3eca13f5e50de63:host:177.10.237.54	SESSION-d3eca13f5e50de63 → host:177.10.237.54
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c6924fc6c1078bec:host:131.196.28.91:host:172.234.197.23	SESSION-c6924fc6c1078bec → host:131.196.28.91 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cd81cfaee9483060:SESSION-cd81cfaee9483060	SESSION-cd81cfaee9483060 → pe:syn:SESSION-cd81cfaee9483060
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-99de4fcd637901fc:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-99de4fcd637901fc → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6dc77b6505beb2bc:host:45.173.156.43	SESSION-6dc77b6505beb2bc → host:45.173.156.43
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b05f07ed9250ae8e:flow:008ea860cb75	SESSION-b05f07ed9250ae8e → flow:008ea860cb75
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-077636b939c69f3b:host:92.112.71.131:host:172.234.197.23	SESSION-077636b939c69f3b → host:92.112.71.131 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-da64f1d11a78111b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-da64f1d11a78111b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:f078868fa5a3	flow:f078868fa5a3 → host:177.10.232.121 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1213fdeaeb0b4e25:SESSION-1213fdeaeb0b4e25	SESSION-1213fdeaeb0b4e25 → pe:tls:SESSION-1213fdeaeb0b4e25
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a55eb245a4ca8dde:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a55eb245a4ca8dde → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51de65c9ef505a13:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-51de65c9ef505a13 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4d4d7fb155f65fdf:host:177.10.239.82:host:172.234.197.23	SESSION-4d4d7fb155f65fdf → host:177.10.239.82 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.220:geo_-23.62930_-46.63510	host:131.196.30.220 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2000a0c75221682:host:172.234.197.23	SESSION-a2000a0c75221682 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e708c58166944fb:host:172.234.197.23	SESSION-6e708c58166944fb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f2e1e1ea3d3f0587:host:177.10.232.104	SESSION-f2e1e1ea3d3f0587 → host:177.10.232.104
flow_observed5-aryOBS	e:fo:flow:6a58d3f29dbb	flow:6a58d3f29dbb → host:177.10.235.107 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-a516ba4c4f8948a0:host:172.234.197.23	SESSION-a516ba4c4f8948a0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-82f2c01059fea89b:SESSION-82f2c01059fea89b	SESSION-82f2c01059fea89b → pe:syn:SESSION-82f2c01059fea89b
FLOW_TO_HOSTOBS	e:to:SESSION-5f3e8e9199df130f:host:172.234.197.23	SESSION-5f3e8e9199df130f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:46e86d702bd9:port:tcp:32347	flow:46e86d702bd9 → port:tcp:32347
FLOW_TO_HOSTOBS	e:to:SESSION-0b2db5b5e20e8c4e:host:172.232.0.17	SESSION-0b2db5b5e20e8c4e → host:172.232.0.17
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1c5519b0e5712e1e:host:177.10.236.62:host:172.234.197.23	SESSION-1c5519b0e5712e1e → host:177.10.236.62 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de1a59c6958513ff:host:177.10.238.181	SESSION-de1a59c6958513ff → host:177.10.238.181
flow_observed5-aryOBS	e:fo:flow:bb9a57566950	flow:bb9a57566950 → host:185.236.240.137 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6d74877df7cdd5d7:SESSION-6d74877df7cdd5d7	SESSION-6d74877df7cdd5d7 → pe:tls:SESSION-6d74877df7cdd5d7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-200e4a8806f83581:SESSION-200e4a8806f83581	SESSION-200e4a8806f83581 → pe:tls:SESSION-200e4a8806f83581
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f39fdcb76f4b9f9d:SESSION-f39fdcb76f4b9f9d	SESSION-f39fdcb76f4b9f9d → pe:syn:SESSION-f39fdcb76f4b9f9d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2add8aa10ab84ed:host:103.155.16.117	SESSION-a2add8aa10ab84ed → host:103.155.16.117
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7549effe520d0229:flow:bdd75a10e1d0	SESSION-7549effe520d0229 → flow:bdd75a10e1d0
FLOW_DST_PORTOBS	e:fp:flow:94be51ec2ae8:port:tcp:5259	flow:94be51ec2ae8 → port:tcp:5259
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f43808d089ea9fde:PCAP:capture_20260430160001:9bfa4498506a	SESSION-f43808d089ea9fde → PCAP:capture_20260430160001:9bfa4498506a
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.40:asn:271410	host:131.196.29.40 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.54:asn:271410	host:131.196.30.54 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5f3e8e9199df130f:host:177.10.236.237:host:172.234.197.23	SESSION-5f3e8e9199df130f → host:177.10.236.237 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2e920b338cbbee7b:host:131.196.29.76	SESSION-2e920b338cbbee7b → host:131.196.29.76
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cd0176ca8d9bf386:SESSION-cd0176ca8d9bf386	SESSION-cd0176ca8d9bf386 → pe:tls:SESSION-cd0176ca8d9bf386
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.146:geo_-16.28860_-49.01640	host:177.10.237.146 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3afd88a73e32b466:host:131.196.28.32:host:172.234.197.23	SESSION-3afd88a73e32b466 → host:131.196.28.32 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-11a1cfec66708475:SESSION-11a1cfec66708475	SESSION-11a1cfec66708475 → pe:tls:SESSION-11a1cfec66708475
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d811160d7459a4b2:host:177.10.238.113:host:172.234.197.23	SESSION-d811160d7459a4b2 → host:177.10.238.113 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1b3b25682727ca52:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-1b3b25682727ca52 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-99eb989e9371b0fb:host:131.196.31.81	SESSION-99eb989e9371b0fb → host:131.196.31.81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-794cf5b08878bd55:SESSION-794cf5b08878bd55	SESSION-794cf5b08878bd55 → pe:syn:SESSION-794cf5b08878bd55
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9e70132665ab339:host:177.10.239.137	SESSION-f9e70132665ab339 → host:177.10.239.137
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2a2cae37d21287a7:flow:2e98db8cda75	SESSION-2a2cae37d21287a7 → flow:2e98db8cda75
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9af350d3c0c51da5:flow:c0880772c3a5	SESSION-9af350d3c0c51da5 → flow:c0880772c3a5
FLOW_TO_HOSTOBS	e:to:SESSION-6cc71c07f8c21dc0:host:172.234.197.23	SESSION-6cc71c07f8c21dc0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97e21cf514a48728:host:45.173.156.240	SESSION-97e21cf514a48728 → host:45.173.156.240
FLOW_FROM_HOSTOBS	e:from:SESSION-4a33620a262b3196:host:177.10.239.239	SESSION-4a33620a262b3196 → host:177.10.239.239
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.142:asn:271410	host:131.196.31.142 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.147:geo_-16.28860_-49.01640	host:177.10.237.147 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:4f7e976f3d68	flow:4f7e976f3d68 → host:172.234.197.23 → host:45.173.156.248 → port:tcp:53997
FLOW_DST_PORTOBS	e:fp:flow:7429b5a04d93:port:tcp:443	flow:7429b5a04d93 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:32f59490ee7f	flow:32f59490ee7f → host:172.234.197.23 → host:177.10.237.251 → port:tcp:65115
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.73:geo_41.02140_28.99480	host:185.231.226.73 → geo_41.02140_28.99480
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.30:asn:273470	host:45.173.156.30 → asn:273470
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.81:asn:262880	host:177.10.238.81 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-ff7dac0188fe8fcb:host:177.10.239.108	SESSION-ff7dac0188fe8fcb → host:177.10.239.108
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc3065336ab4dc3e:host:177.10.235.213	SESSION-fc3065336ab4dc3e → host:177.10.235.213
FLOW_DST_PORTOBS	e:fp:flow:e363d697f2b7:port:tcp:2469	flow:e363d697f2b7 → port:tcp:2469
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3675340578297917:SESSION-3675340578297917	SESSION-3675340578297917 → pe:tls:SESSION-3675340578297917
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8d8e16e7f7cb138:flow:b9bd67a188ca	SESSION-c8d8e16e7f7cb138 → flow:b9bd67a188ca
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ccf0be9923f197d:host:131.196.30.182	SESSION-7ccf0be9923f197d → host:131.196.30.182
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a32c5a0b23fc272:host:177.10.238.195:host:172.234.197.23	SESSION-0a32c5a0b23fc272 → host:177.10.238.195 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-48baa2e7639de342:flow:559fc8443a60	SESSION-48baa2e7639de342 → flow:559fc8443a60
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9c84656a173f6275:SESSION-9c84656a173f6275	SESSION-9c84656a173f6275 → pe:syn:SESSION-9c84656a173f6275
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-84a17a716ed94f5c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-84a17a716ed94f5c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-430caa0514cbc012:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-430caa0514cbc012 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b43557542c64d676:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b43557542c64d676 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-68adb943f73c50e9:flow:4b2d156f752b	SESSION-68adb943f73c50e9 → flow:4b2d156f752b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e6abbbca78e64654:SESSION-e6abbbca78e64654	SESSION-e6abbbca78e64654 → pe:syn:SESSION-e6abbbca78e64654
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.205:asn:271410	host:131.196.28.205 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2eb904b60673a30b:host:131.196.28.2	SESSION-2eb904b60673a30b → host:131.196.28.2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4d7e31822e7386a:PCAP:capture_20260430150001:ded20914761d	SESSION-c4d7e31822e7386a → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:9a29e8344629:port:tcp:443	flow:9a29e8344629 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f42753b09b481d7e:host:172.234.197.23	SESSION-f42753b09b481d7e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2dca77003c0beb45:host:44.248.141.231	SESSION-2dca77003c0beb45 → host:44.248.141.231
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-41172116812e3a49:SESSION-41172116812e3a49	SESSION-41172116812e3a49 → pe:tls:SESSION-41172116812e3a49
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.51:geo_-23.62930_-46.63510	host:131.196.30.51 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b05f07ed9250ae8e:SESSION-b05f07ed9250ae8e	SESSION-b05f07ed9250ae8e → pe:syn:SESSION-b05f07ed9250ae8e
FLOW_FROM_HOSTOBS	e:from:SESSION-810f814d66b016e7:host:45.173.156.240	SESSION-810f814d66b016e7 → host:45.173.156.240
FLOW_DST_PORTOBS	e:fp:flow:7f24ac272d2b:port:tcp:443	flow:7f24ac272d2b → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fd57eb7fcad3510c:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-fd57eb7fcad3510c → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-de23fe28677c4a6e:SESSION-de23fe28677c4a6e	SESSION-de23fe28677c4a6e → pe:syn:SESSION-de23fe28677c4a6e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7c6580975a2d7416:SESSION-7c6580975a2d7416	SESSION-7c6580975a2d7416 → pe:tls:SESSION-7c6580975a2d7416
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.247:geo_-23.62930_-46.63510	host:131.196.29.247 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-8e6988ed77a3d110:host:131.196.30.13	SESSION-8e6988ed77a3d110 → host:131.196.30.13
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4670d2b8fb3d0344:host:172.234.197.23	SESSION-4670d2b8fb3d0344 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f559965f53cd	flow:f559965f53cd → host:177.10.238.246 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2f278495c163e84d:host:172.234.197.23:host:131.196.29.97	SESSION-2f278495c163e84d → host:172.234.197.23 → host:131.196.29.97
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.186:geo_-23.62930_-46.63510	host:131.196.30.186 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ab8147bbacef01b:host:172.234.197.23	SESSION-5ab8147bbacef01b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d3569eada1d9:port:tcp:443	flow:d3569eada1d9 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-deef720c855898df:host:177.10.234.126:host:172.234.197.23	SESSION-deef720c855898df → host:177.10.234.126 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f392894730d574f3:SESSION-f392894730d574f3	SESSION-f392894730d574f3 → pe:tls:SESSION-f392894730d574f3
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.181:geo_-16.28860_-49.01640	host:177.10.238.181 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-e9b874351d52a188:host:172.234.197.23	SESSION-e9b874351d52a188 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a800bc67052acb8:host:172.234.197.23	SESSION-7a800bc67052acb8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ded52056067d22b2:SESSION-ded52056067d22b2	SESSION-ded52056067d22b2 → pe:tls:SESSION-ded52056067d22b2
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.231:asn:271410	host:131.196.29.231 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9820f222b36503c3:host:80.94.92.186	SESSION-9820f222b36503c3 → host:80.94.92.186
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cd8dbb599c016751:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-cd8dbb599c016751 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-096419478460628e:BSG-BEACON-e07f4250263f	SESSION-096419478460628e → BSG-BEACON-e07f4250263f
FLOW_DST_PORTOBS	e:fp:flow:0fd68f9b352a:port:tcp:5408	flow:0fd68f9b352a → port:tcp:5408
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.143:geo_-23.62930_-46.63510	host:131.196.31.143 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7e89ccbf4d277fb8:SESSION-7e89ccbf4d277fb8	SESSION-7e89ccbf4d277fb8 → pe:tls:SESSION-7e89ccbf4d277fb8
FLOW_TO_HOSTOBS	e:to:SESSION-aede3430ffb62e05:host:172.234.197.23	SESSION-aede3430ffb62e05 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9ce76aef4cf62c0f:host:177.10.238.16:host:172.234.197.23	SESSION-9ce76aef4cf62c0f → host:177.10.238.16 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:9a6f5987d666	flow:9a6f5987d666 → host:172.234.197.23 → host:177.10.234.85 → port:tcp:17369
FLOW_TO_HOSTOBS	e:to:SESSION-6328c86c978f61df:host:177.10.232.27	SESSION-6328c86c978f61df → host:177.10.232.27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-48cf6591de1d67a3:SESSION-48cf6591de1d67a3	SESSION-48cf6591de1d67a3 → pe:tls:SESSION-48cf6591de1d67a3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f890b9cda6af294:host:172.234.197.23	SESSION-2f890b9cda6af294 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2e2854c2bd3a:port:tcp:443	flow:2e2854c2bd3a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-001dbe9c45882aae:host:177.10.236.2	SESSION-001dbe9c45882aae → host:177.10.236.2
FLOW_FROM_HOSTOBS	e:from:SESSION-72786bca04f1b5c7:host:131.196.30.12	SESSION-72786bca04f1b5c7 → host:131.196.30.12
FLOW_DST_PORTOBS	e:fp:flow:b27d5d007118:port:tcp:443	flow:b27d5d007118 → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-01e9e36dd29e3f1f:BSG-BEACON-c5c416645e2f	SESSION-01e9e36dd29e3f1f → BSG-BEACON-c5c416645e2f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ef5ed6d64625f76:host:172.234.197.23	SESSION-8ef5ed6d64625f76 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3a899a8160ea28b7:flow:764b0b5581af	SESSION-3a899a8160ea28b7 → flow:764b0b5581af
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a236c6c04af1f19:host:91.240.224.238	SESSION-9a236c6c04af1f19 → host:91.240.224.238
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6492f21e062d19aa:SESSION-6492f21e062d19aa	SESSION-6492f21e062d19aa → pe:syn:SESSION-6492f21e062d19aa
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.149:geo_-16.28860_-49.01640	host:177.10.239.149 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83168514d84031f4:host:177.10.238.23	SESSION-83168514d84031f4 → host:177.10.238.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-378ead2076355bca:flow:cba47359eaab	SESSION-378ead2076355bca → flow:cba47359eaab
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd657e34d2536dc9:host:172.234.197.23	SESSION-bd657e34d2536dc9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b1cf957f4a121d77:flow:227ec883bf24	SESSION-b1cf957f4a121d77 → flow:227ec883bf24
FLOW_DST_PORTOBS	e:fp:flow:dc93c0b0eb29:port:tcp:443	flow:dc93c0b0eb29 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-8fb67bf931083b29:host:172.234.197.23	SESSION-8fb67bf931083b29 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ad4db4cca9d566af:host:177.10.235.233	SESSION-ad4db4cca9d566af → host:177.10.235.233
FLOW_FROM_HOSTOBS	e:from:SESSION-fcdaaf650d72b5bc:host:177.10.235.129	SESSION-fcdaaf650d72b5bc → host:177.10.235.129
flow_observed5-aryOBS	e:fo:flow:e90c527361e6	flow:e90c527361e6 → host:156.59.198.136 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:20799daf6931:port:tcp:443	flow:20799daf6931 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ffcf84507219fc2:PCAP:capture_20260430060001:919b39a74464	SESSION-1ffcf84507219fc2 → PCAP:capture_20260430060001:919b39a74464
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.18:geo_-21.10010_-41.69200	host:45.173.156.18 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:51a9b0c0e87e:port:tcp:443	flow:51a9b0c0e87e → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:94e629f23174:port:tcp:62194	flow:94e629f23174 → port:tcp:62194
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.104:geo_-16.28860_-49.01640	host:177.10.238.104 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:9b3ad5950f0c	flow:9b3ad5950f0c → host:172.234.197.23 → host:177.10.234.15 → port:tcp:48455
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fbcca05a1b3df0cf:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-fbcca05a1b3df0cf → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.86:asn:271410	host:131.196.31.86 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6dcc81ef5615b86c:host:177.10.234.104	SESSION-6dcc81ef5615b86c → host:177.10.234.104
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d5d486009dccd362:flow:f0e29cea7891	SESSION-d5d486009dccd362 → flow:f0e29cea7891
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-30195220eb2aa3f5:flow:0064e8629093	SESSION-30195220eb2aa3f5 → flow:0064e8629093
FLOW_DST_PORTOBS	e:fp:flow:8d38782b460d:port:tcp:443	flow:8d38782b460d → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3c812f2a31a60fc9:flow:2a56385e550c	SESSION-3c812f2a31a60fc9 → flow:2a56385e550c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-222c821677f323de:host:172.234.197.23	SESSION-222c821677f323de → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7375b1770c27cca2:PCAP:capture_20260430110001:43611bdf6759	SESSION-7375b1770c27cca2 → PCAP:capture_20260430110001:43611bdf6759
ASN_IN_ORGOBS 80%	e:ao:asn:4766:org:Korea Telecom	asn:4766 → org:Korea Telecom
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-868abcdaf084ea7c:host:172.232.0.16	SESSION-868abcdaf084ea7c → host:172.232.0.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9962740ce107c36d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9962740ce107c36d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96abdd68944f2af2:PCAP:capture_20260430060001:919b39a74464	SESSION-96abdd68944f2af2 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4af5e0493e3bd78c:SESSION-4af5e0493e3bd78c	SESSION-4af5e0493e3bd78c → pe:syn:SESSION-4af5e0493e3bd78c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.45:geo_-16.28860_-49.01640	host:177.10.236.45 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90798b7c1b8c7636:host:172.234.197.23	SESSION-90798b7c1b8c7636 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7eb684f9875e:port:tcp:443	flow:7eb684f9875e → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.155:asn:271410	host:131.196.30.155 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f8d7516bed96e97:host:177.10.239.97	SESSION-5f8d7516bed96e97 → host:177.10.239.97
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a770693a19c2c7c:SESSION-0a770693a19c2c7c	SESSION-0a770693a19c2c7c → pe:tls:SESSION-0a770693a19c2c7c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.237:geo_-16.28860_-49.01640	host:177.10.235.237 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-34913801790eb8e4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-34913801790eb8e4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-55e2fb280d3c8e24:SESSION-55e2fb280d3c8e24	SESSION-55e2fb280d3c8e24 → pe:tls:SESSION-55e2fb280d3c8e24
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0b8b90e300d9c11:host:172.234.197.23	SESSION-b0b8b90e300d9c11 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.248:asn:262880	host:177.10.235.248 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c155b50123efabb5:flow:c4c7444531ea	SESSION-c155b50123efabb5 → flow:c4c7444531ea
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bd4f427df690125:host:172.234.197.23	SESSION-4bd4f427df690125 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2349df72c6a6:port:tcp:443	flow:2349df72c6a6 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:199.195.254.215:geo_40.60630_-74.17740	host:199.195.254.215 → geo_40.60630_-74.17740
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-de2c7d1c6ad5841e:host:131.196.30.134:host:172.234.197.23	SESSION-de2c7d1c6ad5841e → host:131.196.30.134 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-176c7cfb0e699b4d:host:172.234.197.23	SESSION-176c7cfb0e699b4d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.245:asn:271410	host:131.196.30.245 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4619747059efac6f:SESSION-4619747059efac6f	SESSION-4619747059efac6f → pe:syn:SESSION-4619747059efac6f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-00ca7ee72922697b:host:131.196.29.164	SESSION-00ca7ee72922697b → host:131.196.29.164
FLOW_FROM_HOSTOBS	e:from:SESSION-7a65c242582e5e81:host:172.234.197.23	SESSION-7a65c242582e5e81 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:11668ee1bc9c	flow:11668ee1bc9c → host:177.10.236.60 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69d41e5348c00130:host:172.234.197.23	SESSION-69d41e5348c00130 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:7362a99acee5	flow:7362a99acee5 → host:172.234.197.23 → host:131.196.30.65 → port:tcp:13754
FLOW_TO_HOSTOBS	e:to:SESSION-21ae4bade70b1440:host:172.234.197.23	SESSION-21ae4bade70b1440 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a29ca5d80bc122d0:SESSION-a29ca5d80bc122d0	SESSION-a29ca5d80bc122d0 → pe:syn:SESSION-a29ca5d80bc122d0
FLOW_FROM_HOSTOBS	e:from:SESSION-eba362425495480d:host:177.10.233.66	SESSION-eba362425495480d → host:177.10.233.66
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d7ac357c55d6f7b:host:177.10.237.240	SESSION-2d7ac357c55d6f7b → host:177.10.237.240
FLOW_TO_HOSTOBS	e:to:SESSION-b9875f767bae73b8:host:45.173.156.202	SESSION-b9875f767bae73b8 → host:45.173.156.202
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.132:asn:271410	host:131.196.30.132 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.37:geo_-23.62930_-46.63510	host:131.196.30.37 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:3d31c04c05c6	flow:3d31c04c05c6 → host:142.132.190.158 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:28d9e57edc1e:port:tcp:443	flow:28d9e57edc1e → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cfbd2e877e86cd2a:flow:ced68eb37f09	SESSION-cfbd2e877e86cd2a → flow:ced68eb37f09
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-78dc8874b859c826:host:172.234.197.23:host:131.196.28.195	SESSION-78dc8874b859c826 → host:172.234.197.23 → host:131.196.28.195
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e6800c9c0f40710:host:180.167.128.203	SESSION-0e6800c9c0f40710 → host:180.167.128.203
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e626c78b08de0a8b:SESSION-e626c78b08de0a8b	SESSION-e626c78b08de0a8b → pe:tls:SESSION-e626c78b08de0a8b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.221:geo_-16.28860_-49.01640	host:177.10.239.221 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-873a01bbf1ba0d09:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-873a01bbf1ba0d09 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e4815ec5b053775:host:172.234.197.23:host:131.196.31.251	SESSION-4e4815ec5b053775 → host:172.234.197.23 → host:131.196.31.251
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-710b55a9f3a0edd9:host:131.196.28.146:host:172.234.197.23	SESSION-710b55a9f3a0edd9 → host:131.196.28.146 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0667f103db24cb40:SESSION-0667f103db24cb40	SESSION-0667f103db24cb40 → pe:syn:SESSION-0667f103db24cb40
FLOW_TO_HOSTOBS	e:to:SESSION-a038f6735218c73a:host:172.234.197.23	SESSION-a038f6735218c73a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-200b6d1dbf438627:host:172.234.197.23	SESSION-200b6d1dbf438627 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:18.100.238.122:asn:16509	host:18.100.238.122 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-14a32c9f71c15657:SESSION-14a32c9f71c15657	SESSION-14a32c9f71c15657 → pe:tls:SESSION-14a32c9f71c15657
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-75bc03759038657d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-75bc03759038657d → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:7294e8d9c66f	flow:7294e8d9c66f → host:177.10.236.26 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f73d5c81ac41c00:host:172.234.197.23:host:131.196.29.248	SESSION-4f73d5c81ac41c00 → host:172.234.197.23 → host:131.196.29.248
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d5cd00671f435cc6:host:172.234.197.23	SESSION-d5cd00671f435cc6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-61edd9328a7eff0d:host:172.234.197.23	SESSION-61edd9328a7eff0d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-35fc058c4fe240ad:host:172.234.197.23	SESSION-35fc058c4fe240ad → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cdf732629d327c4c:SESSION-cdf732629d327c4c	SESSION-cdf732629d327c4c → pe:tls:SESSION-cdf732629d327c4c
FLOW_FROM_HOSTOBS	e:from:SESSION-15939dedfcffc5e5:host:131.196.31.221	SESSION-15939dedfcffc5e5 → host:131.196.31.221
FLOW_TO_HOSTOBS	e:to:SESSION-08463d47d249df1d:host:177.10.233.214	SESSION-08463d47d249df1d → host:177.10.233.214
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1870bc27b62a60a2:host:177.10.234.186	SESSION-1870bc27b62a60a2 → host:177.10.234.186
FLOW_FROM_HOSTOBS	e:from:SESSION-2ac3b19d6233e6f7:host:131.196.30.107	SESSION-2ac3b19d6233e6f7 → host:131.196.30.107
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fb0bca31750919c1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-fb0bca31750919c1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-978d4fdbc8d38350:PCAP:capture_20260430080001:93f47cc296a4	SESSION-978d4fdbc8d38350 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-fd524e1c02193f64:host:172.234.197.23	SESSION-fd524e1c02193f64 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b60cd26b4cd717ea:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b60cd26b4cd717ea → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7b679e6887c5a68a:SESSION-7b679e6887c5a68a	SESSION-7b679e6887c5a68a → pe:tls:SESSION-7b679e6887c5a68a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e4815ec5b053775:host:131.196.31.251	SESSION-4e4815ec5b053775 → host:131.196.31.251
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f0fe0e8460d1c75f:SESSION-f0fe0e8460d1c75f	SESSION-f0fe0e8460d1c75f → pe:syn:SESSION-f0fe0e8460d1c75f
FLOW_FROM_HOSTOBS	e:from:SESSION-c1240df2eec41c5d:host:172.234.197.23	SESSION-c1240df2eec41c5d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-177c9265a29fe644:host:172.234.197.23	SESSION-177c9265a29fe644 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d18ddb12cf5478af:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d18ddb12cf5478af → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:0e1e52db08e7	flow:0e1e52db08e7 → host:45.173.156.163 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-db5e0e0456a4bec1:host:172.234.197.23	SESSION-db5e0e0456a4bec1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca1727d5d29ffb7f:host:45.173.156.92	SESSION-ca1727d5d29ffb7f → host:45.173.156.92
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1240df2eec41c5d:host:131.196.29.122	SESSION-c1240df2eec41c5d → host:131.196.29.122
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.152:asn:262880	host:177.10.234.152 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-0393cf21271be7e9:host:172.234.197.23	SESSION-0393cf21271be7e9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67fe6c66ab1f1fcd:host:177.10.236.235	SESSION-67fe6c66ab1f1fcd → host:177.10.236.235
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7fc1282909254587:flow:98eeeece514c	SESSION-7fc1282909254587 → flow:98eeeece514c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.42:geo_-23.62930_-46.63510	host:131.196.28.42 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:453a45a4daa5:port:tcp:32365	flow:453a45a4daa5 → port:tcp:32365
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b3057ab5d68c477:flow:39f026016163	SESSION-5b3057ab5d68c477 → flow:39f026016163
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-527acdf0d3ebbbcc:host:172.234.197.23	SESSION-527acdf0d3ebbbcc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c33b44718448cc2:host:172.234.197.23	SESSION-4c33b44718448cc2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5016108ab6552957:SESSION-5016108ab6552957	SESSION-5016108ab6552957 → pe:tls:SESSION-5016108ab6552957
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23c159d0ddd6e1cb:host:172.234.197.23	SESSION-23c159d0ddd6e1cb → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6d32e46c8f2d:port:tcp:443	flow:6d32e46c8f2d → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-f4bd70bea69fea0d:host:172.234.197.23	SESSION-f4bd70bea69fea0d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fbdf1132d9fb1d0d:flow:8f460b344d15	SESSION-fbdf1132d9fb1d0d → flow:8f460b344d15
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c85a65cf2db0ee65:SESSION-c85a65cf2db0ee65	SESSION-c85a65cf2db0ee65 → pe:tls:SESSION-c85a65cf2db0ee65
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ed37df036f91c955:SESSION-ed37df036f91c955	SESSION-ed37df036f91c955 → pe:syn:SESSION-ed37df036f91c955
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.198:asn:203771	host:37.221.79.198 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5a75b8c86281e6b7:SESSION-5a75b8c86281e6b7	SESSION-5a75b8c86281e6b7 → pe:tls:SESSION-5a75b8c86281e6b7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-291dfe079248afc7:SESSION-291dfe079248afc7	SESSION-291dfe079248afc7 → pe:tls:SESSION-291dfe079248afc7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-de2c7d1c6ad5841e:SESSION-de2c7d1c6ad5841e	SESSION-de2c7d1c6ad5841e → pe:syn:SESSION-de2c7d1c6ad5841e
flow_observed4-aryOBS	e:fo:flow:d80b0058aa80	flow:d80b0058aa80 → host:172.234.197.23 → host:177.10.239.217 → port:tcp:4202
FLOW_FROM_HOSTOBS	e:from:SESSION-f1009c3ce0fc23df:host:177.10.239.126	SESSION-f1009c3ce0fc23df → host:177.10.239.126
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8224ed8c82963e52:flow:5232af489f8c	SESSION-8224ed8c82963e52 → flow:5232af489f8c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7edb52a0a7553f53:host:131.196.29.23:host:172.234.197.23	SESSION-7edb52a0a7553f53 → host:131.196.29.23 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:274a2e3ab257	flow:274a2e3ab257 → host:172.234.197.23 → host:177.10.237.108 → port:tcp:35315
FLOW_TO_HOSTOBS	e:to:SESSION-0b02fe311e9b10a6:host:172.234.197.23	SESSION-0b02fe311e9b10a6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fcdaaf650d72b5bc:host:172.234.197.23	SESSION-fcdaaf650d72b5bc → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.216:asn:262880	host:177.10.233.216 → asn:262880
flow_observed5-aryOBS	e:fo:flow:cd4675ffc725	flow:cd4675ffc725 → host:177.10.233.225 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-20c0393579af9382:host:172.234.197.23	SESSION-20c0393579af9382 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b074fbdb748702cc:host:172.234.197.23	SESSION-b074fbdb748702cc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0bf5b48d5bcb9503:host:172.234.197.23	SESSION-0bf5b48d5bcb9503 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:af020dea481e	flow:af020dea481e → host:43.196.122.133 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ef4dd3d9fcb73b5:flow:ea09b1425fd1	SESSION-6ef4dd3d9fcb73b5 → flow:ea09b1425fd1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-21de16798668b3a8:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-21de16798668b3a8 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-536e36b5c95ee442:SESSION-536e36b5c95ee442	SESSION-536e36b5c95ee442 → pe:syn:SESSION-536e36b5c95ee442
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6c92176ee8d876ba:SESSION-6c92176ee8d876ba	SESSION-6c92176ee8d876ba → pe:tls:SESSION-6c92176ee8d876ba
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-33b7a287fd9eafc1:host:131.196.28.16:host:172.234.197.23	SESSION-33b7a287fd9eafc1 → host:131.196.28.16 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4d0ab62891a0a5c:flow:918025e4b0e2	SESSION-d4d0ab62891a0a5c → flow:918025e4b0e2
FLOW_DST_PORTOBS	e:fp:flow:a2a89388e09c:port:tcp:443	flow:a2a89388e09c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-359d98e6d1200746:SESSION-359d98e6d1200746	SESSION-359d98e6d1200746 → pe:tls:SESSION-359d98e6d1200746
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6e3c617395c3b07:host:104.28.202.77	SESSION-d6e3c617395c3b07 → host:104.28.202.77
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-f277335c7e8c32bb:SESSION-f277335c7e8c32bb	SESSION-f277335c7e8c32bb → pe:rst:SESSION-f277335c7e8c32bb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e67ae3320dee0238:PCAP:capture_20260430050001:8868731bf8a4	SESSION-e67ae3320dee0238 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-727af4ad5af6cc01:SESSION-727af4ad5af6cc01	SESSION-727af4ad5af6cc01 → pe:tls:SESSION-727af4ad5af6cc01
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d6d83b2373dd8cdc:SESSION-d6d83b2373dd8cdc	SESSION-d6d83b2373dd8cdc → pe:syn:SESSION-d6d83b2373dd8cdc
FLOW_TLS_SNIOBS	e:fs:flow:3020ab7bcafc:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:3020ab7bcafc → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8b858978950d9ddc:SESSION-8b858978950d9ddc	SESSION-8b858978950d9ddc → pe:tls:SESSION-8b858978950d9ddc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9dc3dafcee87c5f7:host:172.234.197.23:host:131.196.29.70	SESSION-9dc3dafcee87c5f7 → host:172.234.197.23 → host:131.196.29.70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b53b1a2dc18d6354:host:103.155.16.117	SESSION-b53b1a2dc18d6354 → host:103.155.16.117
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.86:asn:262880	host:177.10.233.86 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dddaf831f2a46242:SESSION-dddaf831f2a46242	SESSION-dddaf831f2a46242 → pe:syn:SESSION-dddaf831f2a46242
HOST_IN_ASNOBS 85%	e:ha:host:3.102.147.184:asn:16509	host:3.102.147.184 → asn:16509
FLOW_FROM_HOSTOBS	e:from:SESSION-329dd162e3e18437:host:172.234.197.23	SESSION-329dd162e3e18437 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d96211015a0fddb9:flow:18d89fc4a32d	SESSION-d96211015a0fddb9 → flow:18d89fc4a32d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5fb6fe079446275d:PCAP:capture_20260430150001:ded20914761d	SESSION-5fb6fe079446275d → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:41972dbe52b9:port:tcp:443	flow:41972dbe52b9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3075d8276a1a3ff8:host:177.10.237.169	SESSION-3075d8276a1a3ff8 → host:177.10.237.169
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d37583bcd3c19c57:flow:73b49dd6ca85	SESSION-d37583bcd3c19c57 → flow:73b49dd6ca85
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ee7b628709e11cd4:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ee7b628709e11cd4 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dad0ff120323eed1:host:172.234.197.23:host:177.10.237.227	SESSION-dad0ff120323eed1 → host:172.234.197.23 → host:177.10.237.227
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1057767eda3c24b1:flow:21899769e664	SESSION-1057767eda3c24b1 → flow:21899769e664
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0d8801f02b141d30:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0d8801f02b141d30 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-341cb53ffc41c3af:host:131.196.31.150	SESSION-341cb53ffc41c3af → host:131.196.31.150
FLOW_TO_HOSTOBS	e:to:SESSION-942872364f4f0f53:host:172.234.197.23	SESSION-942872364f4f0f53 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:de846744fe67:port:tcp:28313	flow:de846744fe67 → port:tcp:28313
FLOW_TO_HOSTOBS	e:to:SESSION-ed59d63ff912d69c:host:172.234.197.23	SESSION-ed59d63ff912d69c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f9ec3d0cc6bb:port:tcp:443	flow:f9ec3d0cc6bb → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.60:asn:273470	host:45.173.156.60 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9b22fd3d92fd3016:flow:0b91fe313611	SESSION-9b22fd3d92fd3016 → flow:0b91fe313611
FLOW_TO_HOSTOBS	e:to:SESSION-032a0dfc971c5b00:host:172.234.197.23	SESSION-032a0dfc971c5b00 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4ef16227b924:port:tcp:443	flow:4ef16227b924 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0b8fd41df39b968c:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-0b8fd41df39b968c → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed4-aryOBS	e:fo:flow:d51594688c1f	flow:d51594688c1f → host:172.234.197.23 → host:177.10.233.86 → port:tcp:52263
FLOW_TO_HOSTOBS	e:to:SESSION-4fa0ca2c10982c45:host:172.234.197.23	SESSION-4fa0ca2c10982c45 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c0af0d5d1b3f6259:host:131.196.31.111	SESSION-c0af0d5d1b3f6259 → host:131.196.31.111
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b2586028491b4edc:flow:60035740abc7	SESSION-b2586028491b4edc → flow:60035740abc7
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.168:asn:271410	host:131.196.28.168 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf8f9827f106db93:host:172.234.197.23	SESSION-bf8f9827f106db93 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3e3d1aa706f2604d:host:177.10.236.191:host:172.234.197.23	SESSION-3e3d1aa706f2604d → host:177.10.236.191 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c3f426eb3b5d19b7:host:172.234.197.23	SESSION-c3f426eb3b5d19b7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1c9303996834523:PCAP:capture_20260430060001:919b39a74464	SESSION-d1c9303996834523 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9523bcd246277dc:host:172.234.197.23	SESSION-b9523bcd246277dc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-07775d37dba558b0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-07775d37dba558b0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-328e38096bb05d60:PCAP:capture_20260430050001:8868731bf8a4	SESSION-328e38096bb05d60 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:24d162cf87c1	flow:24d162cf87c1 → host:177.10.236.47 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7f4f84053ddcae3c:host:177.10.233.201:host:172.234.197.23	SESSION-7f4f84053ddcae3c → host:177.10.233.201 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e8b8d9a22aa6	flow:e8b8d9a22aa6 → host:172.234.197.23 → host:177.10.237.58 → port:tcp:11208
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-67b1c0091ebc1322:SESSION-67b1c0091ebc1322	SESSION-67b1c0091ebc1322 → pe:syn:SESSION-67b1c0091ebc1322
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-91c3828e0c41fbe7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-91c3828e0c41fbe7 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f30e546741e354a:host:172.234.197.23:host:131.196.29.139	SESSION-4f30e546741e354a → host:172.234.197.23 → host:131.196.29.139
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6afafa975f8bbed9:host:177.10.234.9	SESSION-6afafa975f8bbed9 → host:177.10.234.9
FLOW_DST_PORTOBS	e:fp:flow:6709de98ca6d:port:tcp:443	flow:6709de98ca6d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f88b9847e7767e00:host:172.234.197.23	SESSION-f88b9847e7767e00 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7928f63a898f7aac:PCAP:capture_20260430090001:065659c7d314	SESSION-7928f63a898f7aac → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.121:asn:262880	host:177.10.233.121 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-59e3e2edbc9b18fa:SESSION-59e3e2edbc9b18fa	SESSION-59e3e2edbc9b18fa → pe:tls:SESSION-59e3e2edbc9b18fa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-805d717a82cbb042:host:172.234.197.23	SESSION-805d717a82cbb042 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-304db5c18798dbb4:SESSION-304db5c18798dbb4	SESSION-304db5c18798dbb4 → pe:syn:SESSION-304db5c18798dbb4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7aaf7c17fdae8be6:host:131.196.28.246	SESSION-7aaf7c17fdae8be6 → host:131.196.28.246
FLOW_TO_HOSTOBS	e:to:SESSION-d7baf95bca9d9bdc:host:177.10.235.218	SESSION-d7baf95bca9d9bdc → host:177.10.235.218
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-167179e2a869fa22:host:177.10.239.184	SESSION-167179e2a869fa22 → host:177.10.239.184
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-846d654fbba579ab:host:172.234.197.23	SESSION-846d654fbba579ab → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7661066332b8e82:SESSION-b7661066332b8e82	SESSION-b7661066332b8e82 → pe:tls:SESSION-b7661066332b8e82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8cb5baa2c4d67a55:SESSION-8cb5baa2c4d67a55	SESSION-8cb5baa2c4d67a55 → pe:syn:SESSION-8cb5baa2c4d67a55
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-177c9265a29fe644:flow:c7a78933e8b2	SESSION-177c9265a29fe644 → flow:c7a78933e8b2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.18:asn:262880	host:177.10.237.18 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:bcda614bbb3a:port:tcp:443	flow:bcda614bbb3a → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d12c89e59455016e:host:172.234.197.23:host:131.196.28.100	SESSION-d12c89e59455016e → host:172.234.197.23 → host:131.196.28.100
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-acada2cd7035c790:PCAP:capture_20260430050001:8868731bf8a4	SESSION-acada2cd7035c790 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:5468bb482602	flow:5468bb482602 → host:172.234.197.23 → host:131.196.29.196 → port:tcp:49512
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-91c14db05e009245:host:172.234.197.23	SESSION-91c14db05e009245 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3ecb424a0a4d5b0f:host:177.10.238.120	SESSION-3ecb424a0a4d5b0f → host:177.10.238.120
FLOW_FROM_HOSTOBS	e:from:SESSION-ef914cd10270daad:host:172.234.197.23	SESSION-ef914cd10270daad → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-174e61a8ff8b9c0e:flow:c487525969c2	SESSION-174e61a8ff8b9c0e → flow:c487525969c2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3fd74aeb66a6a85e:SESSION-3fd74aeb66a6a85e	SESSION-3fd74aeb66a6a85e → pe:syn:SESSION-3fd74aeb66a6a85e
FLOW_FROM_HOSTOBS	e:from:SESSION-5c1a2c7dc69870b1:host:131.196.29.0	SESSION-5c1a2c7dc69870b1 → host:131.196.29.0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c651848d98d2f620:flow:8a637d99c9a5	SESSION-c651848d98d2f620 → flow:8a637d99c9a5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ca55f398b8ed07e1:PCAP:capture_20260430150001:ded20914761d	SESSION-ca55f398b8ed07e1 → PCAP:capture_20260430150001:ded20914761d
flow_observed5-aryOBS	e:fo:flow:254a637fa466	flow:254a637fa466 → host:131.196.28.80 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75add779b1a22971:host:2.57.121.112	SESSION-75add779b1a22971 → host:2.57.121.112
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-21cca31493e9287d:SESSION-21cca31493e9287d	SESSION-21cca31493e9287d → pe:tls:SESSION-21cca31493e9287d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-15539e18bbfcb0e8:SESSION-15539e18bbfcb0e8	SESSION-15539e18bbfcb0e8 → pe:tls:SESSION-15539e18bbfcb0e8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-01454c90925a3a4f:flow:19dac7843a48	SESSION-01454c90925a3a4f → flow:19dac7843a48
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b68b7374dcfd0024:SESSION-b68b7374dcfd0024	SESSION-b68b7374dcfd0024 → pe:syn:SESSION-b68b7374dcfd0024
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b9228625f2ea52e:host:131.196.30.64	SESSION-8b9228625f2ea52e → host:131.196.30.64
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0ef3697a55617fe8:flow:305e0f17973f	SESSION-0ef3697a55617fe8 → flow:305e0f17973f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b479aa11234b67ae:SESSION-b479aa11234b67ae	SESSION-b479aa11234b67ae → pe:syn:SESSION-b479aa11234b67ae
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0200d7ef8e83c7c3:host:45.173.156.109	SESSION-0200d7ef8e83c7c3 → host:45.173.156.109
FLOW_DST_PORTOBS	e:fp:flow:0670c67e04ae:port:tcp:18047	flow:0670c67e04ae → port:tcp:18047
FLOW_FROM_HOSTOBS	e:from:SESSION-88449fe846038c62:host:177.10.238.1	SESSION-88449fe846038c62 → host:177.10.238.1
flow_observed4-aryOBS	e:fo:flow:4cdaf4d1f949	flow:4cdaf4d1f949 → host:172.234.197.23 → host:177.10.232.164 → port:tcp:45219
HOST_IN_ASNOBS 85%	e:ha:host:180.167.128.203:asn:4812	host:180.167.128.203 → asn:4812
flow_observed5-aryOBS	e:fo:flow:9325c16f8968	flow:9325c16f8968 → host:185.231.226.205 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37dea09d598a2ad1:host:172.234.197.23	SESSION-37dea09d598a2ad1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d1191e0b24f1d121:SESSION-d1191e0b24f1d121	SESSION-d1191e0b24f1d121 → pe:tls:SESSION-d1191e0b24f1d121
FLOW_FROM_HOSTOBS	e:from:SESSION-5fe8ac015ba2db65:host:172.234.197.23	SESSION-5fe8ac015ba2db65 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2ea7d08352653c32:host:172.234.197.23	SESSION-2ea7d08352653c32 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c0880772c3a5:port:tcp:443	flow:c0880772c3a5 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42b603b0c5709a24:host:172.234.197.23	SESSION-42b603b0c5709a24 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-49d1ccfce5e59a68:SESSION-49d1ccfce5e59a68	SESSION-49d1ccfce5e59a68 → pe:syn:SESSION-49d1ccfce5e59a68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-586aad203217304c:host:45.173.156.41	SESSION-586aad203217304c → host:45.173.156.41
FLOW_TO_HOSTOBS	e:to:SESSION-52edfb1e7fe307be:host:172.234.197.23	SESSION-52edfb1e7fe307be → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e2edb47571c4ed35:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e2edb47571c4ed35 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.185:geo_-16.28860_-49.01640	host:177.10.233.185 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a418060e7d2d204b:host:172.234.197.23	SESSION-a418060e7d2d204b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9fa066ff97a0	flow:9fa066ff97a0 → host:131.196.29.232 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b11ad70426b43374:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b11ad70426b43374 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-09e72a02b44d9649:host:172.234.197.23	SESSION-09e72a02b44d9649 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf68ee1b1745b1ca:SESSION-bf68ee1b1745b1ca	SESSION-bf68ee1b1745b1ca → pe:tls:SESSION-bf68ee1b1745b1ca
FLOW_DST_PORTOBS	e:fp:flow:6597f6249945:port:tcp:54100	flow:6597f6249945 → port:tcp:54100
FLOW_TO_HOSTOBS	e:to:SESSION-bb3f1e71e19d60be:host:172.234.197.23	SESSION-bb3f1e71e19d60be → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-216df7510915a954:SESSION-216df7510915a954	SESSION-216df7510915a954 → pe:tls:SESSION-216df7510915a954
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dc65fb323eff44ce:SESSION-dc65fb323eff44ce	SESSION-dc65fb323eff44ce → pe:syn:SESSION-dc65fb323eff44ce
FLOW_FROM_HOSTOBS	e:from:SESSION-eaa23bb51e1c2dee:host:131.196.28.156	SESSION-eaa23bb51e1c2dee → host:131.196.28.156
FLOW_FROM_HOSTOBS	e:from:SESSION-9ef36b158fc63267:host:172.234.197.23	SESSION-9ef36b158fc63267 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e576d93486607572:host:172.234.197.23	SESSION-e576d93486607572 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a83465e2bbc20296:SESSION-a83465e2bbc20296	SESSION-a83465e2bbc20296 → pe:syn:SESSION-a83465e2bbc20296
FLOW_TO_HOSTOBS	e:to:SESSION-a6b62b6aad076f58:host:177.10.236.31	SESSION-a6b62b6aad076f58 → host:177.10.236.31
FLOW_TLS_SNIOBS	e:fs:flow:28d075338728:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:28d075338728 → tls_sni:172-234-197-23.ip.linodeusercontent.com
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.72:asn:271410	host:131.196.28.72 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-179845184e318961:host:172.234.197.23	SESSION-179845184e318961 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7037fa1e0334ef5:host:172.234.197.23	SESSION-b7037fa1e0334ef5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b947f5515d64f3f8:PCAP:capture_20260430090001:065659c7d314	SESSION-b947f5515d64f3f8 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.132:geo_-16.28860_-49.01640	host:177.10.232.132 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3d0d891734a12161:SESSION-3d0d891734a12161	SESSION-3d0d891734a12161 → pe:tls:SESSION-3d0d891734a12161
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.20:geo_-16.28860_-49.01640	host:177.10.239.20 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-aa09fbb5e640ff94:host:177.10.237.94	SESSION-aa09fbb5e640ff94 → host:177.10.237.94
FLOW_DST_PORTOBS	e:fp:flow:5bf9ff58b9e3:port:tcp:26923	flow:5bf9ff58b9e3 → port:tcp:26923
FLOW_TO_HOSTOBS	e:to:SESSION-e6bf46c9eec8f990:host:172.234.197.23	SESSION-e6bf46c9eec8f990 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eade11f9b06e449a:flow:f38ec586facc	SESSION-eade11f9b06e449a → flow:f38ec586facc
FLOW_DST_PORTOBS	e:fp:flow:ae8d941664b0:port:tcp:35646	flow:ae8d941664b0 → port:tcp:35646
FLOW_FROM_HOSTOBS	e:from:SESSION-c54bf7ef52fb715c:host:13.212.244.245	SESSION-c54bf7ef52fb715c → host:13.212.244.245
flow_observed3-aryOBS	e:fo:flow:99747da9969b	flow:99747da9969b → host:44.246.129.80 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d199e1c484ae:port:tcp:443	flow:d199e1c484ae → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:dcc75c058cb6:port:tcp:443	flow:dcc75c058cb6 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dd5c7cb019cd55a3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-dd5c7cb019cd55a3 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-1d30b8cd9cbd48a1:host:131.196.29.211	SESSION-1d30b8cd9cbd48a1 → host:131.196.29.211
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ac9ecab386602d8f:SESSION-ac9ecab386602d8f	SESSION-ac9ecab386602d8f → pe:syn:SESSION-ac9ecab386602d8f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8c9381f88305d4e9:flow:ea1b99f43729	SESSION-8c9381f88305d4e9 → flow:ea1b99f43729
flow_observed4-aryOBS	e:fo:flow:ea0185f782a2	flow:ea0185f782a2 → host:172.234.197.23 → host:177.10.239.234 → port:tcp:19261
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ba8512040d3b37b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-5ba8512040d3b37b → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:ca00d71cbdd7:port:tcp:42339	flow:ca00d71cbdd7 → port:tcp:42339
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1a9948d7535bcfa1:host:172.234.197.23:host:131.196.30.108	SESSION-1a9948d7535bcfa1 → host:172.234.197.23 → host:131.196.30.108
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58f2a638c6bf8581:host:104.28.202.79	SESSION-58f2a638c6bf8581 → host:104.28.202.79
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-213b6cb7e75b87f2:SESSION-213b6cb7e75b87f2	SESSION-213b6cb7e75b87f2 → pe:tls:SESSION-213b6cb7e75b87f2
FLOW_DST_PORTOBS	e:fp:flow:27aad51b6c83:port:tcp:443	flow:27aad51b6c83 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-d28501729ed200f7:host:131.196.30.160	SESSION-d28501729ed200f7 → host:131.196.30.160
FLOW_TO_HOSTOBS	e:to:SESSION-2e627b58284e1729:host:172.234.197.23	SESSION-2e627b58284e1729 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-81ef982aa5449fd9:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-81ef982aa5449fd9 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-33916bd4dadd0440:host:172.234.197.23:host:177.10.239.203	SESSION-33916bd4dadd0440 → host:172.234.197.23 → host:177.10.239.203
FLOW_DST_PORTOBS	e:fp:flow:1ebdbf8c87e0:port:tcp:443	flow:1ebdbf8c87e0 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.182:asn:271410	host:131.196.29.182 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:1638449ddab5:port:tcp:443	flow:1638449ddab5 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:d2b58a19713b	flow:d2b58a19713b → host:177.10.233.145 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-3ea9485b82ac2233:host:172.234.197.23	SESSION-3ea9485b82ac2233 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8452ffa75e7fe764:host:172.234.197.23	SESSION-8452ffa75e7fe764 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1620c835b56464d4:SESSION-1620c835b56464d4	SESSION-1620c835b56464d4 → pe:syn:SESSION-1620c835b56464d4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.72:geo_-23.62930_-46.63510	host:131.196.30.72 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9429230c27071ffa:PCAP:capture_20260430090001:065659c7d314	SESSION-9429230c27071ffa → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-af24c7046d264e7e:flow:0d73374bf7ca	SESSION-af24c7046d264e7e → flow:0d73374bf7ca
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-968009a702657adb:host:131.196.28.75	SESSION-968009a702657adb → host:131.196.28.75
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1e6437ba0c2aceec:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-1e6437ba0c2aceec → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-cac7290643404699:host:172.234.197.23	SESSION-cac7290643404699 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-46f163e73b58987c:host:172.234.197.23:host:177.10.239.136	SESSION-46f163e73b58987c → host:172.234.197.23 → host:177.10.239.136
FLOW_TO_HOSTOBS	e:to:SESSION-ca027ca401d4d122:host:172.234.197.23	SESSION-ca027ca401d4d122 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6dcc81ef5615b86c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6dcc81ef5615b86c → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5d5e50cd91d4ac54:flow:7247acb14be4	SESSION-5d5e50cd91d4ac54 → flow:7247acb14be4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a3123a8609bb9fc1:flow:953873827fa1	SESSION-a3123a8609bb9fc1 → flow:953873827fa1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-574dd53dd07894c0:host:177.10.237.96	SESSION-574dd53dd07894c0 → host:177.10.237.96
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-739affc996a6fe99:host:172.234.197.23:host:177.10.239.253	SESSION-739affc996a6fe99 → host:172.234.197.23 → host:177.10.239.253
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f255eba3b0795a16:host:172.234.197.23	SESSION-f255eba3b0795a16 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b3a17f957b1f0153:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-b3a17f957b1f0153 → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:e4d75120f5af	flow:e4d75120f5af → host:131.196.29.184 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6a66cf91ad155464:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6a66cf91ad155464 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1cf957f4a121d77:host:131.196.31.6	SESSION-b1cf957f4a121d77 → host:131.196.31.6
FLOW_DST_PORTOBS	e:fp:flow:4e5add2f1c65:port:tcp:443	flow:4e5add2f1c65 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8ab658d53a1eebd:host:177.10.238.29	SESSION-c8ab658d53a1eebd → host:177.10.238.29
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a681df8efb85197d:host:131.196.29.254	SESSION-a681df8efb85197d → host:131.196.29.254
FLOW_DST_PORTOBS	e:fp:flow:01b6880b00f0:port:udp:53	flow:01b6880b00f0 → port:udp:53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ed760af2d8fedd4:SESSION-2ed760af2d8fedd4	SESSION-2ed760af2d8fedd4 → pe:syn:SESSION-2ed760af2d8fedd4
FLOW_TO_HOSTOBS	e:to:SESSION-a55a830d22fea90d:host:172.234.197.23	SESSION-a55a830d22fea90d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-598f28b8a9577970:host:172.234.197.23	SESSION-598f28b8a9577970 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9d603c58c5171ed7:host:172.234.197.23	SESSION-9d603c58c5171ed7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-534aae6aa0ff39bc:host:172.234.197.23:host:177.10.235.165	SESSION-534aae6aa0ff39bc → host:172.234.197.23 → host:177.10.235.165
FLOW_FROM_HOSTOBS	e:from:SESSION-47f0fc6e11d78716:host:95.135.228.136	SESSION-47f0fc6e11d78716 → host:95.135.228.136
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d6ddb3deb8cc2873:SESSION-d6ddb3deb8cc2873	SESSION-d6ddb3deb8cc2873 → pe:tls:SESSION-d6ddb3deb8cc2873
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.224:geo_-16.28860_-49.01640	host:177.10.239.224 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-957293060df71cd6:host:172.234.197.23	SESSION-957293060df71cd6 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7ac052262d51e17:flow:cfdaf039c06c	SESSION-b7ac052262d51e17 → flow:cfdaf039c06c
FLOW_TO_HOSTOBS	e:to:SESSION-805fb07d7b5cb44b:host:172.234.197.23	SESSION-805fb07d7b5cb44b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a7cd300d305b207c:flow:496fab4372c8	SESSION-a7cd300d305b207c → flow:496fab4372c8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7661066332b8e82:host:177.10.239.186	SESSION-b7661066332b8e82 → host:177.10.239.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ac8ab77b48a8c37:host:177.10.238.250	SESSION-6ac8ab77b48a8c37 → host:177.10.238.250
FLOW_TO_HOSTOBS	e:to:SESSION-973fc1252d207af1:host:172.234.197.23	SESSION-973fc1252d207af1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:24e78376d3a5:port:tcp:32127	flow:24e78376d3a5 → port:tcp:32127
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-836e4ff4bdb8da04:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-836e4ff4bdb8da04 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d83a9aba23a117e:host:172.234.197.23	SESSION-6d83a9aba23a117e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-680820c56f27d295:host:172.234.197.23	SESSION-680820c56f27d295 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-10d6a2736c7d59d6:flow:b1ded13f1046	SESSION-10d6a2736c7d59d6 → flow:b1ded13f1046
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62151f99a31dc755:host:177.10.239.137	SESSION-62151f99a31dc755 → host:177.10.239.137
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c491b8c96ce6e8c2:host:78.47.249.154:host:172.234.197.23	SESSION-c491b8c96ce6e8c2 → host:78.47.249.154 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6cfabb521c7f73a1:host:131.196.31.80	SESSION-6cfabb521c7f73a1 → host:131.196.31.80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7752628607af1d9e:flow:5aad3921ba28	SESSION-7752628607af1d9e → flow:5aad3921ba28
flow_observed5-aryOBS	e:fo:flow:a26eb909c0b2	flow:a26eb909c0b2 → host:177.10.232.1 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1d74e40d653f073:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d1d74e40d653f073 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db946f3602afd068:flow:83f6df2d4e8a	SESSION-db946f3602afd068 → flow:83f6df2d4e8a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-714dd24b305adb19:SESSION-714dd24b305adb19	SESSION-714dd24b305adb19 → pe:tls:SESSION-714dd24b305adb19
FLOW_DST_PORTOBS	e:fp:flow:a07aacbe73d0:port:tcp:443	flow:a07aacbe73d0 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1d77012e48557176:SESSION-1d77012e48557176	SESSION-1d77012e48557176 → pe:syn:SESSION-1d77012e48557176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42ac4798d48b113f:host:172.234.197.23	SESSION-42ac4798d48b113f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d776155c4ea7cbea:SESSION-d776155c4ea7cbea	SESSION-d776155c4ea7cbea → pe:syn:SESSION-d776155c4ea7cbea
FLOW_DST_PORTOBS	e:fp:flow:2997bf8e9fc3:port:tcp:45412	flow:2997bf8e9fc3 → port:tcp:45412
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.80:geo_-16.28860_-49.01640	host:177.10.237.80 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-76408b67fb88a4bd:host:172.234.197.23:host:177.10.237.17	SESSION-76408b67fb88a4bd → host:172.234.197.23 → host:177.10.237.17
FLOW_TO_HOSTOBS	e:to:SESSION-d3eca13f5e50de63:host:172.234.197.23	SESSION-d3eca13f5e50de63 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.1:asn:262880	host:177.10.237.1 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-34b42a1bd1f93900:host:64.237.250.51	SESSION-34b42a1bd1f93900 → host:64.237.250.51
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-df4b466e6cf802c5:host:177.10.233.252:host:172.234.197.23	SESSION-df4b466e6cf802c5 → host:177.10.233.252 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.146:asn:262880	host:177.10.239.146 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-2ca59997a1fd2235:host:172.234.197.23	SESSION-2ca59997a1fd2235 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19ae824852752386:host:131.196.28.221	SESSION-19ae824852752386 → host:131.196.28.221
FLOW_TO_HOSTOBS	e:to:SESSION-2392c0826d87e845:host:172.234.197.23	SESSION-2392c0826d87e845 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:47695757901b	flow:47695757901b → host:177.10.234.161 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:ac5114e8861b:port:tcp:27708	flow:ac5114e8861b → port:tcp:27708
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.26:geo_-16.28860_-49.01640	host:177.10.234.26 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ae53b938ea3675b:flow:ea6a04b7906c	SESSION-2ae53b938ea3675b → flow:ea6a04b7906c
FLOW_FROM_HOSTOBS	e:from:SESSION-2df5a0c07309bf07:host:172.234.197.23	SESSION-2df5a0c07309bf07 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.192:geo_-23.62930_-46.63510	host:131.196.29.192 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e1e1ef170279bd06:host:172.234.197.23:host:172.232.0.16	SESSION-e1e1ef170279bd06 → host:172.234.197.23 → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0f3b543446abe714:SESSION-0f3b543446abe714	SESSION-0f3b543446abe714 → pe:tls:SESSION-0f3b543446abe714
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-499399e6896a45f7:PCAP:capture_20260428010001:b1b402c7b202	SESSION-499399e6896a45f7 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fd6f9b80bb02e0f5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-fd6f9b80bb02e0f5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-d2ed4131e5585f31:host:131.196.29.225	SESSION-d2ed4131e5585f31 → host:131.196.29.225
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0b3c5797223848b:host:172.234.197.23	SESSION-c0b3c5797223848b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d60f9952407f0d18:host:213.209.159.159	SESSION-d60f9952407f0d18 → host:213.209.159.159
FLOW_FROM_HOSTOBS	e:from:SESSION-5016108ab6552957:host:177.10.239.247	SESSION-5016108ab6552957 → host:177.10.239.247
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5ae017ce34991ed1:SESSION-5ae017ce34991ed1	SESSION-5ae017ce34991ed1 → pe:syn:SESSION-5ae017ce34991ed1
FLOW_TO_HOSTOBS	e:to:SESSION-802ccc988b65b38c:host:172.234.197.23	SESSION-802ccc988b65b38c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-550b52f6103256cd:host:172.234.197.23	SESSION-550b52f6103256cd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-469998d187b1b945:flow:bf7584aa1a16	SESSION-469998d187b1b945 → flow:bf7584aa1a16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-130c48c57d6ba6f4:host:172.234.197.23	SESSION-130c48c57d6ba6f4 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:de5310002690	flow:de5310002690 → host:131.196.30.59 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f5731b0b8f40f73a:host:172.234.197.23:host:177.10.237.156	SESSION-f5731b0b8f40f73a → host:172.234.197.23 → host:177.10.237.156
flow_observed5-aryOBS	e:fo:flow:2f58c659f6fe	flow:2f58c659f6fe → host:177.10.238.236 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fddb1520b60b4e20:host:172.234.197.23:host:45.173.156.138	SESSION-fddb1520b60b4e20 → host:172.234.197.23 → host:45.173.156.138
flow_observed4-aryOBS	e:fo:flow:cf6d8e640456	flow:cf6d8e640456 → host:172.234.197.23 → host:177.10.233.211 → port:tcp:52480
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1410d14cf4ff2548:host:172.234.197.23	SESSION-1410d14cf4ff2548 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.150:geo_-16.28860_-49.01640	host:177.10.239.150 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f042798b154a2bb2:flow:44f3c39a6640	SESSION-f042798b154a2bb2 → flow:44f3c39a6640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1a9948d7535bcfa1:flow:8cacf1a45ce9	SESSION-1a9948d7535bcfa1 → flow:8cacf1a45ce9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d47b6311855994f0:SESSION-d47b6311855994f0	SESSION-d47b6311855994f0 → pe:syn:SESSION-d47b6311855994f0
FLOW_FROM_HOSTOBS	e:from:SESSION-3a6f73143abd0c86:host:177.10.232.156	SESSION-3a6f73143abd0c86 → host:177.10.232.156
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65c1debe675497c7:host:172.234.197.23	SESSION-65c1debe675497c7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4eec40051c49c7bf:host:172.234.197.23	SESSION-4eec40051c49c7bf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9dc3dafcee87c5f7:host:131.196.29.70	SESSION-9dc3dafcee87c5f7 → host:131.196.29.70
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e6511da7c7cd8e1:flow:5432e52c0c83	SESSION-4e6511da7c7cd8e1 → flow:5432e52c0c83
FLOW_TO_HOSTOBS	e:to:SESSION-8b8b9e098330595b:host:177.10.239.210	SESSION-8b8b9e098330595b → host:177.10.239.210
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-efb63adb0418d7f8:host:177.10.233.145:host:172.234.197.23	SESSION-efb63adb0418d7f8 → host:177.10.233.145 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.63:asn:203771	host:37.221.79.63 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:f58dd69d84b4:port:tcp:22604	flow:f58dd69d84b4 → port:tcp:22604
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-32551388ee5c6c20:SESSION-32551388ee5c6c20	SESSION-32551388ee5c6c20 → pe:tls:SESSION-32551388ee5c6c20
flow_observed4-aryOBS	e:fo:flow:70cdb8314418	flow:70cdb8314418 → host:172.234.197.23 → host:177.10.237.25 → port:tcp:3819
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2035a3586bc1f35f:host:177.10.237.87	SESSION-2035a3586bc1f35f → host:177.10.237.87
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b9875f767bae73b8:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b9875f767bae73b8 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.126:asn:262880	host:177.10.232.126 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.59:geo_-23.62930_-46.63510	host:131.196.28.59 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0657272c618c6d4:SESSION-c0657272c618c6d4	SESSION-c0657272c618c6d4 → pe:tls:SESSION-c0657272c618c6d4
flow_observed5-aryOBS	e:fo:flow:d23d429ef386	flow:d23d429ef386 → host:131.196.28.70 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.192:asn:262880	host:177.10.239.192 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-650fd2b828a7b477:host:131.196.30.143	SESSION-650fd2b828a7b477 → host:131.196.30.143
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b8ee775e10cbe172:SESSION-b8ee775e10cbe172	SESSION-b8ee775e10cbe172 → pe:syn:SESSION-b8ee775e10cbe172
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db3c6ad3393f14ad:SESSION-db3c6ad3393f14ad	SESSION-db3c6ad3393f14ad → pe:syn:SESSION-db3c6ad3393f14ad
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16ea01a17fc6b7f7:host:172.234.197.23	SESSION-16ea01a17fc6b7f7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f08e9fcec07329fb:PCAP:capture_20260430050001:8868731bf8a4	SESSION-f08e9fcec07329fb → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6af0fd134ffb330e:host:45.173.156.53	SESSION-6af0fd134ffb330e → host:45.173.156.53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-296f629f4229b1a2:SESSION-296f629f4229b1a2	SESSION-296f629f4229b1a2 → pe:syn:SESSION-296f629f4229b1a2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5e7695ca2cac12f:flow:19794999a79b	SESSION-b5e7695ca2cac12f → flow:19794999a79b
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.70:asn:273470	host:45.173.156.70 → asn:273470
FLOW_FROM_HOSTOBS	e:from:SESSION-ab75a0984f628f7a:host:131.196.30.31	SESSION-ab75a0984f628f7a → host:131.196.30.31
FLOW_TO_HOSTOBS	e:to:SESSION-0ba40ec67b0f6097:host:172.234.197.23	SESSION-0ba40ec67b0f6097 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-07ba7d1d1566dce2:flow:7982be2235ba	SESSION-07ba7d1d1566dce2 → flow:7982be2235ba
FLOW_FROM_HOSTOBS	e:from:SESSION-c265ba6f34eebd39:host:172.234.197.23	SESSION-c265ba6f34eebd39 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:50892e912e82	flow:50892e912e82 → host:172.234.197.23 → host:177.10.239.63 → port:tcp:58086
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1c21073699e99172:flow:8087a35b1573	SESSION-1c21073699e99172 → flow:8087a35b1573
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-324b6311c2d003f7:SESSION-324b6311c2d003f7	SESSION-324b6311c2d003f7 → pe:tls:SESSION-324b6311c2d003f7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cac3103b39cc2b1a:PCAP:capture_20260430080001:93f47cc296a4	SESSION-cac3103b39cc2b1a → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-1980da9de3362b69:host:172.234.197.23	SESSION-1980da9de3362b69 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.86:asn:262880	host:177.10.236.86 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-b6d920a3cc562b13:host:45.173.156.84	SESSION-b6d920a3cc562b13 → host:45.173.156.84
flow_observed5-aryOBS	e:fo:flow:d39c7cd1ee50	flow:d39c7cd1ee50 → host:131.196.30.119 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f0f5313432825fa0:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f0f5313432825fa0 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:0a7bf45be75c	flow:0a7bf45be75c → host:177.10.238.122 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.207:asn:262880	host:177.10.239.207 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-c70d9a6440c9b19a:host:172.234.197.23	SESSION-c70d9a6440c9b19a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-15939dedfcffc5e5:host:131.196.31.221:host:172.234.197.23	SESSION-15939dedfcffc5e5 → host:131.196.31.221 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ec4c9189aa8273c:flow:95e965a44333	SESSION-2ec4c9189aa8273c → flow:95e965a44333
FLOW_TO_HOSTOBS	e:to:SESSION-c05cd50533aa04ad:host:172.234.197.23	SESSION-c05cd50533aa04ad → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.2:geo_41.02140_28.99480	host:31.40.196.2 → geo_41.02140_28.99480
FLOW_DST_PORTOBS	e:fp:flow:71dc34540c48:port:tcp:443	flow:71dc34540c48 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.77:asn:262880	host:177.10.237.77 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-014d878748f613f9:SESSION-014d878748f613f9	SESSION-014d878748f613f9 → pe:tls:SESSION-014d878748f613f9
FLOW_TO_HOSTOBS	e:to:SESSION-7f350449fc7d11b3:host:177.10.232.178	SESSION-7f350449fc7d11b3 → host:177.10.232.178
FLOW_TO_HOSTOBS	e:to:SESSION-b35e3cddd5fc2e72:host:172.234.197.23	SESSION-b35e3cddd5fc2e72 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2f1d9ef885e7:port:tcp:443	flow:2f1d9ef885e7 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaecff6799ccb464:host:172.234.197.23	SESSION-eaecff6799ccb464 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68b7f3c84c5e7661:host:172.234.197.23:host:177.10.236.236	SESSION-68b7f3c84c5e7661 → host:172.234.197.23 → host:177.10.236.236
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b0b2d167e93bb2e:host:172.234.197.23	SESSION-0b0b2d167e93bb2e → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.127:geo_-23.62930_-46.63510	host:131.196.29.127 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f105059d1ed0a542:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-f105059d1ed0a542 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e57fbe39684f8bc8:PCAP:capture_20260430080001:93f47cc296a4	SESSION-e57fbe39684f8bc8 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:ce641d36bd3c	flow:ce641d36bd3c → host:177.10.234.88 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:a1a774e26dd8:port:tcp:443	flow:a1a774e26dd8 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5167ceabb03264f1:flow:6c751e472afd	SESSION-5167ceabb03264f1 → flow:6c751e472afd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ac742257199be2dd:SESSION-ac742257199be2dd	SESSION-ac742257199be2dd → pe:tls:SESSION-ac742257199be2dd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6d920a3cc562b13:host:45.173.156.84	SESSION-b6d920a3cc562b13 → host:45.173.156.84
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e987eea1f59290d7:host:51.92.14.54:host:172.234.197.23	SESSION-e987eea1f59290d7 → host:51.92.14.54 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-8c07bee6bb583aca:BSG-DATA_EXFIL-e89652415aa3	SESSION-8c07bee6bb583aca → BSG-DATA_EXFIL-e89652415aa3
FLOW_DST_PORTOBS	e:fp:flow:ad3295a67b5a:port:tcp:47313	flow:ad3295a67b5a → port:tcp:47313
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8cc58a61b872e266:host:177.10.237.132	SESSION-8cc58a61b872e266 → host:177.10.237.132
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3ea2e2a37f857a7f:PCAP:capture_20260430110001:43611bdf6759	SESSION-3ea2e2a37f857a7f → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-1984f51487784d02:host:177.10.235.193	SESSION-1984f51487784d02 → host:177.10.235.193
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-06ba851c038c998a:SESSION-06ba851c038c998a	SESSION-06ba851c038c998a → pe:syn:SESSION-06ba851c038c998a
flow_observed5-aryOBS	e:fo:flow:8fa1fca8c76a	flow:8fa1fca8c76a → host:45.173.156.220 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-94bbfef7eb27207b:SESSION-94bbfef7eb27207b	SESSION-94bbfef7eb27207b → pe:tls:SESSION-94bbfef7eb27207b
FLOW_TO_HOSTOBS	e:to:SESSION-82e825a4afeeff6a:host:172.234.197.23	SESSION-82e825a4afeeff6a → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:dc540a8f719c	flow:dc540a8f719c → host:172.234.197.23 → host:177.10.235.42 → port:tcp:31793
FLOW_FROM_HOSTOBS	e:from:SESSION-b5ee9797d15d423e:host:45.173.156.204	SESSION-b5ee9797d15d423e → host:45.173.156.204
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4b068e0f016ef609:SESSION-4b068e0f016ef609	SESSION-4b068e0f016ef609 → pe:syn:SESSION-4b068e0f016ef609
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.241:asn:271410	host:131.196.28.241 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0e3916b0aa19b751:host:131.196.29.167:host:172.234.197.23	SESSION-0e3916b0aa19b751 → host:131.196.29.167 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.221:geo_-21.10010_-41.69200	host:45.173.156.221 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-88f0aa854ba7cdd7:host:172.234.197.23	SESSION-88f0aa854ba7cdd7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48bb234f8161dc4f:host:177.10.237.66	SESSION-48bb234f8161dc4f → host:177.10.237.66
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ed55c24c9ffd87b5:SESSION-ed55c24c9ffd87b5	SESSION-ed55c24c9ffd87b5 → pe:syn:SESSION-ed55c24c9ffd87b5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-81c8b3fdf002e09e:flow:2b6a2177ee0d	SESSION-81c8b3fdf002e09e → flow:2b6a2177ee0d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a5004eb3121e0f98:host:172.234.197.23:host:177.10.239.139	SESSION-a5004eb3121e0f98 → host:172.234.197.23 → host:177.10.239.139
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.161:geo_-23.62930_-46.63510	host:131.196.29.161 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9338ac17b36dc2c1:host:172.234.197.23	SESSION-9338ac17b36dc2c1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:db631979fcd2:port:tcp:443	flow:db631979fcd2 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-b947f5515d64f3f8:host:177.10.239.139	SESSION-b947f5515d64f3f8 → host:177.10.239.139
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-68a3766ff3680ecf:SESSION-68a3766ff3680ecf	SESSION-68a3766ff3680ecf → pe:syn:SESSION-68a3766ff3680ecf
FLOW_FROM_HOSTOBS	e:from:SESSION-c471169f59e284ee:host:131.196.29.124	SESSION-c471169f59e284ee → host:131.196.29.124
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-605f000d6a5e20b1:SESSION-605f000d6a5e20b1	SESSION-605f000d6a5e20b1 → pe:syn:SESSION-605f000d6a5e20b1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-184aec41cea03479:host:177.10.232.253:host:172.234.197.23	SESSION-184aec41cea03479 → host:177.10.232.253 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-12879c55e793c987:SESSION-12879c55e793c987	SESSION-12879c55e793c987 → pe:tls:SESSION-12879c55e793c987
FLOW_TO_HOSTOBS	e:to:SESSION-e63bd10e327c33f1:host:172.234.197.23	SESSION-e63bd10e327c33f1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10bd62a158add0c4:host:177.10.233.183	SESSION-10bd62a158add0c4 → host:177.10.233.183
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3adb88175f99dced:host:172.234.197.23	SESSION-3adb88175f99dced → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4ef3ba231e3ca4d6:SESSION-4ef3ba231e3ca4d6	SESSION-4ef3ba231e3ca4d6 → pe:tls:SESSION-4ef3ba231e3ca4d6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d2af0189f90c79b2:SESSION-d2af0189f90c79b2	SESSION-d2af0189f90c79b2 → pe:tls:SESSION-d2af0189f90c79b2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c016235dacd88a4d:host:131.196.31.77	SESSION-c016235dacd88a4d → host:131.196.31.77
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.180:asn:262880	host:177.10.239.180 → asn:262880
flow_observed5-aryOBS	e:fo:flow:d97b7315f434	flow:d97b7315f434 → host:177.10.235.197 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-414bf7406e62b7e2:host:177.10.239.112:host:172.234.197.23	SESSION-414bf7406e62b7e2 → host:177.10.239.112 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4325a6893dda791:host:172.234.197.23	SESSION-c4325a6893dda791 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a22b87d5bf56	flow:a22b87d5bf56 → host:177.10.238.127 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:01b6880b00f0	flow:01b6880b00f0 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ae3419cd71fb8b85:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-ae3419cd71fb8b85 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:7c1ef5ee9207:port:tcp:44597	flow:7c1ef5ee9207 → port:tcp:44597
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a412381d3ec6112:PCAP:capture_20260430150001:ded20914761d	SESSION-4a412381d3ec6112 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-9fba97aa139b6de4:host:172.234.197.23	SESSION-9fba97aa139b6de4 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-40dbede277a2e1b2:PCAP:capture_20260430160001:9bfa4498506a	SESSION-40dbede277a2e1b2 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-adbb0156eea80d2f:host:37.27.162.26	SESSION-adbb0156eea80d2f → host:37.27.162.26
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.170:asn:271410	host:131.196.30.170 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5c1a2c7dc69870b1:host:131.196.29.0:host:172.234.197.23	SESSION-5c1a2c7dc69870b1 → host:131.196.29.0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd38adf08b5d5a9e:host:69.222.187.134	SESSION-cd38adf08b5d5a9e → host:69.222.187.134
FLOW_DST_PORTOBS	e:fp:flow:6cd807157248:port:tcp:443	flow:6cd807157248 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0fa0595b0c8a6ef6:SESSION-0fa0595b0c8a6ef6	SESSION-0fa0595b0c8a6ef6 → pe:syn:SESSION-0fa0595b0c8a6ef6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0b3c5797223848b:PCAP:capture_20260430060001:919b39a74464	SESSION-c0b3c5797223848b → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3c8bfb1726ad64d7:flow:a244accd3081	SESSION-3c8bfb1726ad64d7 → flow:a244accd3081
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b875e262090a3924:SESSION-b875e262090a3924	SESSION-b875e262090a3924 → pe:syn:SESSION-b875e262090a3924
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ab8147bbacef01b:host:94.130.10.221:host:172.234.197.23	SESSION-5ab8147bbacef01b → host:94.130.10.221 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.72:geo_-21.10010_-41.69200	host:45.173.156.72 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fe1d6d23886f083a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-fe1d6d23886f083a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:5e9fbc6cb5f2	flow:5e9fbc6cb5f2 → host:172.234.197.23 → host:177.10.234.180 → port:tcp:30402
flow_observed4-aryOBS	e:fo:flow:01d4aa0d71df	flow:01d4aa0d71df → host:172.234.197.23 → host:131.196.28.208 → port:tcp:26327
flow_observed5-aryOBS	e:fo:flow:20963c4b5f0e	flow:20963c4b5f0e → host:45.145.152.109 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a4ffce8b6e53dd75:flow:bb7f3a42b12b	SESSION-a4ffce8b6e53dd75 → flow:bb7f3a42b12b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86afdd078b90270f:host:131.196.30.222	SESSION-86afdd078b90270f → host:131.196.30.222
flow_observed5-aryOBS	e:fo:flow:c45f5a560659	flow:c45f5a560659 → host:95.170.25.34 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_FROM_HOSTOBS	e:from:SESSION-29fae5326f4697b4:host:172.234.197.23	SESSION-29fae5326f4697b4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1bb46c5efd0c0159:host:131.196.28.212:host:172.234.197.23	SESSION-1bb46c5efd0c0159 → host:131.196.28.212 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b51ebf4113a5ef49:host:172.234.197.23	SESSION-b51ebf4113a5ef49 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-140a58b5ab5dfb04:PCAP:capture_20260430110001:43611bdf6759	SESSION-140a58b5ab5dfb04 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-07dfdeddccca16ee:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-07dfdeddccca16ee → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-5ab8147bbacef01b:host:94.130.10.221	SESSION-5ab8147bbacef01b → host:94.130.10.221
FLOW_DST_PORTOBS	e:fp:flow:3beae65c4960:port:tcp:443	flow:3beae65c4960 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.226:asn:262880	host:177.10.232.226 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-67fb5a3b6b27b953:SESSION-67fb5a3b6b27b953	SESSION-67fb5a3b6b27b953 → pe:tls:SESSION-67fb5a3b6b27b953
FLOW_TO_HOSTOBS	e:to:SESSION-79b864f146b8f07b:host:172.234.197.23	SESSION-79b864f146b8f07b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d7baf95bca9d9bdc:host:172.234.197.23:host:177.10.235.218	SESSION-d7baf95bca9d9bdc → host:172.234.197.23 → host:177.10.235.218
FLOW_DST_PORTOBS	e:fp:flow:b66c105ebde7:port:tcp:443	flow:b66c105ebde7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4d3ca4dbaf4c9647:SESSION-4d3ca4dbaf4c9647	SESSION-4d3ca4dbaf4c9647 → pe:tls:SESSION-4d3ca4dbaf4c9647
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-603529cff661c41d:SESSION-603529cff661c41d	SESSION-603529cff661c41d → pe:syn:SESSION-603529cff661c41d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-38a436ec3884f938:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-38a436ec3884f938 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-af55ab527d360ebd:SESSION-af55ab527d360ebd	SESSION-af55ab527d360ebd → pe:tls:SESSION-af55ab527d360ebd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6e612a684f25ac0f:SESSION-6e612a684f25ac0f	SESSION-6e612a684f25ac0f → pe:tls:SESSION-6e612a684f25ac0f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5739ac8f3bafac6c:host:177.10.232.182	SESSION-5739ac8f3bafac6c → host:177.10.232.182
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c5519b0e5712e1e:host:172.234.197.23	SESSION-1c5519b0e5712e1e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a24676d50b48eccf:host:172.234.197.23	SESSION-a24676d50b48eccf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8107d9388b9d334:host:172.234.197.23	SESSION-b8107d9388b9d334 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3a825e71225466eb:host:172.234.197.23	SESSION-3a825e71225466eb → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b654d700a53d4a94:host:172.234.197.23	SESSION-b654d700a53d4a94 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2eafb8abd862:port:tcp:443	flow:2eafb8abd862 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.219:geo_-21.10010_-41.69200	host:45.173.156.219 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4eec40051c49c7bf:SESSION-4eec40051c49c7bf	SESSION-4eec40051c49c7bf → pe:syn:SESSION-4eec40051c49c7bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-72a654eac2136215:PCAP:capture_20260430060001:919b39a74464	SESSION-72a654eac2136215 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:8c498086b468:port:tcp:32777	flow:8c498086b468 → port:tcp:32777
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-805fb07d7b5cb44b:host:177.10.235.218	SESSION-805fb07d7b5cb44b → host:177.10.235.218
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.19:geo_-16.28860_-49.01640	host:177.10.232.19 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3ea6c4aff46dde87:host:177.10.238.102:host:172.234.197.23	SESSION-3ea6c4aff46dde87 → host:177.10.238.102 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.80:asn:262880	host:177.10.238.80 → asn:262880
flow_observed5-aryOBS	e:fo:flow:78347322cd1b	flow:78347322cd1b → host:131.196.28.28 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:41359760b1a0:port:tcp:443	flow:41359760b1a0 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f2c00c77bcbb5602:host:172.234.197.23:host:131.196.29.167	SESSION-f2c00c77bcbb5602 → host:172.234.197.23 → host:131.196.29.167
FLOW_DST_PORTOBS	e:fp:flow:7990febe4bcc:port:tcp:443	flow:7990febe4bcc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-577376347fdfe894:SESSION-577376347fdfe894	SESSION-577376347fdfe894 → pe:syn:SESSION-577376347fdfe894
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.5:asn:271410	host:131.196.29.5 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a66568eff025692:host:172.234.197.23	SESSION-6a66568eff025692 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6299cf50d0e2e558:SESSION-6299cf50d0e2e558	SESSION-6299cf50d0e2e558 → pe:syn:SESSION-6299cf50d0e2e558
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3931cb15b35f138a:PCAP:capture_20260430110001:43611bdf6759	SESSION-3931cb15b35f138a → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:f2a3fd514057:port:tcp:443	flow:f2a3fd514057 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d7f8914f0744c0dd:host:172.234.197.23	SESSION-d7f8914f0744c0dd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-54d23880cad1a846:host:131.196.30.123	SESSION-54d23880cad1a846 → host:131.196.30.123
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.6:asn:271410	host:131.196.28.6 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:76cca1c9d93a:port:tcp:443	flow:76cca1c9d93a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7ca91f03ba114f2:host:172.234.197.23	SESSION-f7ca91f03ba114f2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1848195311cbff19:PCAP:capture_20260430050001:8868731bf8a4	SESSION-1848195311cbff19 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:a22b3b3a0e3f	flow:a22b3b3a0e3f → host:172.234.197.23 → host:131.196.28.39 → port:tcp:19098
FLOW_TO_HOSTOBS	e:to:SESSION-f0dd74fd8f314e65:host:172.234.197.23	SESSION-f0dd74fd8f314e65 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0734cf22f874:port:tcp:25405	flow:0734cf22f874 → port:tcp:25405
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-59d5bafa56d514c9:flow:5ec23c1a1f63	SESSION-59d5bafa56d514c9 → flow:5ec23c1a1f63
flow_observed4-aryOBS	e:fo:flow:2c934e4ce246	flow:2c934e4ce246 → host:172.234.197.23 → host:177.10.237.72 → port:tcp:48307
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d58cfad877959bea:host:45.173.156.90:host:172.234.197.23	SESSION-d58cfad877959bea → host:45.173.156.90 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9a9df261a7287913:host:131.196.29.78	SESSION-9a9df261a7287913 → host:131.196.29.78
FLOW_TO_HOSTOBS	e:to:SESSION-c430ce1d88348c67:host:172.234.197.23	SESSION-c430ce1d88348c67 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2eb15df038685c53:host:104.28.234.79:host:172.234.197.23	SESSION-2eb15df038685c53 → host:104.28.234.79 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cfdf42e58546762b:flow:4a3b8f47dbcf	SESSION-cfdf42e58546762b → flow:4a3b8f47dbcf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3e05f2032b3abac3:SESSION-3e05f2032b3abac3	SESSION-3e05f2032b3abac3 → pe:tls:SESSION-3e05f2032b3abac3
flow_observed5-aryOBS	e:fo:flow:312734cc429c	flow:312734cc429c → host:131.196.28.22 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8977638e8d6c6909:flow:3ea8c55e38e7	SESSION-8977638e8d6c6909 → flow:3ea8c55e38e7
FLOW_DST_PORTOBS	e:fp:flow:cd6b04abe81f:port:tcp:443	flow:cd6b04abe81f → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:0595c92f8649:port:tcp:443	flow:0595c92f8649 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-23264de44b7cb73c:host:131.196.29.122	SESSION-23264de44b7cb73c → host:131.196.29.122
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be196df3d425cb31:flow:7c87f156575d	SESSION-be196df3d425cb31 → flow:7c87f156575d
FLOW_FROM_HOSTOBS	e:from:SESSION-2b54b11bede7a4d5:host:177.10.237.99	SESSION-2b54b11bede7a4d5 → host:177.10.237.99
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-05b6ffb2a7e9e145:host:177.10.235.131:host:172.234.197.23	SESSION-05b6ffb2a7e9e145 → host:177.10.235.131 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:4bd61e2fa10c	flow:4bd61e2fa10c → host:172.234.197.23 → host:177.10.232.255 → port:tcp:35116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e06ceb4b0294ceac:host:172.234.197.23	SESSION-e06ceb4b0294ceac → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a5292197f57e4263:PCAP:capture_20260430060001:919b39a74464	SESSION-a5292197f57e4263 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e88ec164d738844a:SESSION-e88ec164d738844a	SESSION-e88ec164d738844a → pe:syn:SESSION-e88ec164d738844a
FLOW_DST_PORTOBS	e:fp:flow:24a6ec1bcc46:port:tcp:443	flow:24a6ec1bcc46 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-045b8a3eae800458:host:172.234.197.23	SESSION-045b8a3eae800458 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2a19838102931ca6:host:177.10.233.44	SESSION-2a19838102931ca6 → host:177.10.233.44
FLOW_FROM_HOSTOBS	e:from:SESSION-f4e3933219f15471:host:45.173.156.61	SESSION-f4e3933219f15471 → host:45.173.156.61
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d43b9fecb8f031e:host:177.10.237.250	SESSION-9d43b9fecb8f031e → host:177.10.237.250
FLOW_FROM_HOSTOBS	e:from:SESSION-93be623985b95b7d:host:177.10.238.156	SESSION-93be623985b95b7d → host:177.10.238.156
FLOW_FROM_HOSTOBS	e:from:SESSION-d6a1a522f9ca6e79:host:177.10.237.3	SESSION-d6a1a522f9ca6e79 → host:177.10.237.3
FLOW_TO_HOSTOBS	e:to:SESSION-457bc509f900e32f:host:131.196.29.220	SESSION-457bc509f900e32f → host:131.196.29.220
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5d84fd327ccf4e65:flow:3f727fda71d2	SESSION-5d84fd327ccf4e65 → flow:3f727fda71d2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1fc518dfa07303a8:flow:fdab01a2611a	SESSION-1fc518dfa07303a8 → flow:fdab01a2611a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84e5e89f26aa2ca2:host:172.234.197.23	SESSION-84e5e89f26aa2ca2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59d92efe40de2f35:host:172.234.197.23	SESSION-59d92efe40de2f35 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8f2cb956713b4a7f:flow:677c8af1315d	SESSION-8f2cb956713b4a7f → flow:677c8af1315d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-afa0e3a30bb0024e:flow:c8f5d59ceecd	SESSION-afa0e3a30bb0024e → flow:c8f5d59ceecd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5dccafc7307f6ac:host:172.234.197.23	SESSION-b5dccafc7307f6ac → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14d5e1e17a6f21ad:host:172.234.197.23	SESSION-14d5e1e17a6f21ad → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.93:geo_-23.62930_-46.63510	host:131.196.29.93 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:91bd8581cefd:port:tcp:443	flow:91bd8581cefd → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-87462f91a35c5198:flow:b1110292eacf	SESSION-87462f91a35c5198 → flow:b1110292eacf
FLOW_TO_HOSTOBS	e:to:SESSION-37a58b55d4a339c3:host:172.232.0.16	SESSION-37a58b55d4a339c3 → host:172.232.0.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d8b07a8bebdede3:PCAP:capture_20260430160001:9bfa4498506a	SESSION-1d8b07a8bebdede3 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4a865531d109b7c1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4a865531d109b7c1 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46290f7655d18c8b:host:177.10.238.87	SESSION-46290f7655d18c8b → host:177.10.238.87
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5a17077467e1bba6:PCAP:capture_20260430110001:43611bdf6759	SESSION-5a17077467e1bba6 → PCAP:capture_20260430110001:43611bdf6759
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.77:geo_-16.28860_-49.01640	host:177.10.239.77 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:821c1d151be5	flow:821c1d151be5 → host:45.173.156.53 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.161:geo_-16.28860_-49.01640	host:177.10.235.161 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:39c25f60b4e5:port:tcp:443	flow:39c25f60b4e5 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:d71da652648f:port:tcp:443	flow:d71da652648f → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2df4632ec7c2c624:host:131.196.29.186:host:172.234.197.23	SESSION-2df4632ec7c2c624 → host:131.196.29.186 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f78268addd9f6ca3:host:177.10.236.164	SESSION-f78268addd9f6ca3 → host:177.10.236.164
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-16b33dfc60975324:SESSION-16b33dfc60975324	SESSION-16b33dfc60975324 → pe:tls:SESSION-16b33dfc60975324
flow_observed5-aryOBS	e:fo:flow:9ac58cc69d5e	flow:9ac58cc69d5e → host:131.196.30.13 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:c2b0dcf2b507:port:tcp:443	flow:c2b0dcf2b507 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e2683c2a1a03e97:host:172.234.197.23	SESSION-6e2683c2a1a03e97 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7cfd4f435147ff3:host:172.234.197.23	SESSION-a7cfd4f435147ff3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-687dc6215da3af8c:host:172.234.197.23	SESSION-687dc6215da3af8c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-af13e3f1012247aa:host:172.234.197.23	SESSION-af13e3f1012247aa → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eb72c41fb24aaf81:SESSION-eb72c41fb24aaf81	SESSION-eb72c41fb24aaf81 → pe:tls:SESSION-eb72c41fb24aaf81
FLOW_FROM_HOSTOBS	e:from:SESSION-2be48cd916ee7ccc:host:131.196.31.140	SESSION-2be48cd916ee7ccc → host:131.196.31.140
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cefaeddbbade6b50:SESSION-cefaeddbbade6b50	SESSION-cefaeddbbade6b50 → pe:tls:SESSION-cefaeddbbade6b50
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ce6819df966f00de:host:177.10.237.161:host:172.234.197.23	SESSION-ce6819df966f00de → host:177.10.237.161 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b8ee775e10cbe172:host:172.234.197.23	SESSION-b8ee775e10cbe172 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.56:asn:262880	host:177.10.236.56 → asn:262880
flow_observed5-aryOBS	e:fo:flow:42884a63293f	flow:42884a63293f → host:131.196.30.185 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-c2099dbde4b7ef03:host:172.234.197.23	SESSION-c2099dbde4b7ef03 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4170fe2e85a7	flow:4170fe2e85a7 → host:131.196.30.254 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-608f6686d64f8e3e:flow:8b62a2da5c95	SESSION-608f6686d64f8e3e → flow:8b62a2da5c95
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.0:asn:271410	host:131.196.29.0 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-422ba54da9c49203:host:131.196.31.23	SESSION-422ba54da9c49203 → host:131.196.31.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ad03ceeb377f3976:host:172.234.197.23:host:45.173.156.185	SESSION-ad03ceeb377f3976 → host:172.234.197.23 → host:45.173.156.185
FLOW_DST_PORTOBS	e:fp:flow:3d794649c2ef:port:tcp:443	flow:3d794649c2ef → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92f84fab5bd8e0c8:host:172.234.197.23	SESSION-92f84fab5bd8e0c8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8feacc6abd2fe08c:host:172.234.197.23	SESSION-8feacc6abd2fe08c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f49ef9eceb986e78:host:177.10.232.88:host:172.234.197.23	SESSION-f49ef9eceb986e78 → host:177.10.232.88 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4628aedb62e0673e:host:172.234.197.23	SESSION-4628aedb62e0673e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-32626bc077790390:SESSION-32626bc077790390	SESSION-32626bc077790390 → pe:tls:SESSION-32626bc077790390
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cd4f490a373a283b:SESSION-cd4f490a373a283b	SESSION-cd4f490a373a283b → pe:syn:SESSION-cd4f490a373a283b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57096089299b193e:host:172.234.197.23	SESSION-57096089299b193e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7fdad1084837:port:tcp:443	flow:7fdad1084837 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-79760fcdb710bc7a:flow:e6a33b2431fb	SESSION-79760fcdb710bc7a → flow:e6a33b2431fb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f580f0e619786fa7:flow:98e497135516	SESSION-f580f0e619786fa7 → flow:98e497135516
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a1d147c13acfa404:host:45.173.156.164:host:172.234.197.23	SESSION-a1d147c13acfa404 → host:45.173.156.164 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0786c46a404d7589:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0786c46a404d7589 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-d4691236308c01a5:host:54.149.68.137	SESSION-d4691236308c01a5 → host:54.149.68.137
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f277335c7e8c32bb:host:45.145.152.19	SESSION-f277335c7e8c32bb → host:45.145.152.19
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db76c4941d3529f6:host:177.10.236.92	SESSION-db76c4941d3529f6 → host:177.10.236.92
flow_observed4-aryOBS	e:fo:flow:aec2e3d6fdc5	flow:aec2e3d6fdc5 → host:172.234.197.23 → host:177.10.233.185 → port:tcp:684
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f2a0bf61df119bc4:SESSION-f2a0bf61df119bc4	SESSION-f2a0bf61df119bc4 → pe:tls:SESSION-f2a0bf61df119bc4
FLOW_DST_PORTOBS	e:fp:flow:82b885fc840d:port:tcp:6641	flow:82b885fc840d → port:tcp:6641
FLOW_TO_HOSTOBS	e:to:SESSION-4a1570467d4c9a43:host:131.196.31.133	SESSION-4a1570467d4c9a43 → host:131.196.31.133
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7a11ee5d378ab4f4:host:172.234.197.23:host:177.10.236.154	SESSION-7a11ee5d378ab4f4 → host:172.234.197.23 → host:177.10.236.154
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ce4962ca3a156ee:host:172.234.197.23	SESSION-0ce4962ca3a156ee → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4793a163d681d0d0:SESSION-4793a163d681d0d0	SESSION-4793a163d681d0d0 → pe:syn:SESSION-4793a163d681d0d0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.240:geo_-16.28860_-49.01640	host:177.10.233.240 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-424264fd6333414c:PCAP:capture_20260430150001:ded20914761d	SESSION-424264fd6333414c → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.190:asn:271410	host:131.196.31.190 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.38:asn:262880	host:177.10.234.38 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:d11c40fa264a:port:tcp:443	flow:d11c40fa264a → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.68:asn:271410	host:131.196.30.68 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cca8cec112e53d8f:PCAP:capture_20260430060001:919b39a74464	SESSION-cca8cec112e53d8f → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-952305350dc386c3:SESSION-952305350dc386c3	SESSION-952305350dc386c3 → pe:syn:SESSION-952305350dc386c3
FLOW_DST_PORTOBS	e:fp:flow:b122972ee5da:port:tcp:443	flow:b122972ee5da → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88f0aa854ba7cdd7:host:172.234.197.23	SESSION-88f0aa854ba7cdd7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-23e0f212525e0a86:SESSION-23e0f212525e0a86	SESSION-23e0f212525e0a86 → pe:tls:SESSION-23e0f212525e0a86
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.81:geo_-16.28860_-49.01640	host:177.10.234.81 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c7409e3f74011df2:SESSION-c7409e3f74011df2	SESSION-c7409e3f74011df2 → pe:syn:SESSION-c7409e3f74011df2
flow_observed5-aryOBS	e:fo:flow:f6b045a7a943	flow:f6b045a7a943 → host:177.10.236.56 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4dc418e4265e72ea:SESSION-4dc418e4265e72ea	SESSION-4dc418e4265e72ea → pe:syn:SESSION-4dc418e4265e72ea
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7fa8e5b00f80216f:SESSION-7fa8e5b00f80216f	SESSION-7fa8e5b00f80216f → pe:syn:SESSION-7fa8e5b00f80216f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9500d9b64493d052:host:172.234.197.23	SESSION-9500d9b64493d052 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d3f853795ebd	flow:d3f853795ebd → host:91.99.124.205 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7b20ceba4f49bfd:host:67.219.103.9	SESSION-c7b20ceba4f49bfd → host:67.219.103.9
FLOW_DST_PORTOBS	e:fp:flow:10f4ed99a8a2:port:tcp:3061	flow:10f4ed99a8a2 → port:tcp:3061
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.93:asn:271410	host:131.196.31.93 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0fe99f41b36441fa:SESSION-0fe99f41b36441fa	SESSION-0fe99f41b36441fa → pe:syn:SESSION-0fe99f41b36441fa
flow_observed4-aryOBS	e:fo:flow:b8edaf1c817b	flow:b8edaf1c817b → host:172.234.197.23 → host:177.10.234.19 → port:tcp:42908
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.68:asn:203771	host:185.231.226.68 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b9d47d1bafad5ad0:SESSION-b9d47d1bafad5ad0	SESSION-b9d47d1bafad5ad0 → pe:syn:SESSION-b9d47d1bafad5ad0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8d9f933822471a5a:SESSION-8d9f933822471a5a	SESSION-8d9f933822471a5a → pe:syn:SESSION-8d9f933822471a5a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e57fbe39684f8bc8:host:172.234.197.23	SESSION-e57fbe39684f8bc8 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.254:asn:271410	host:131.196.30.254 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2e316662e5f9d5ce:flow:e8d490f85079	SESSION-2e316662e5f9d5ce → flow:e8d490f85079
FLOW_FROM_HOSTOBS	e:from:SESSION-44c3a4d4ec5442f2:host:172.234.197.23	SESSION-44c3a4d4ec5442f2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-370545020cd57187:host:172.234.197.23	SESSION-370545020cd57187 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6dcacced517b07e8:host:177.10.235.197	SESSION-6dcacced517b07e8 → host:177.10.235.197
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8f0e5de26982cc62:SESSION-8f0e5de26982cc62	SESSION-8f0e5de26982cc62 → pe:syn:SESSION-8f0e5de26982cc62
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-e3f936e849fecda0:BSG-BEACON-1465e09ba0f3	SESSION-e3f936e849fecda0 → BSG-BEACON-1465e09ba0f3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2460b60c939eb75b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-2460b60c939eb75b → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.192:asn:273470	host:45.173.156.192 → asn:273470
FLOW_TO_HOSTOBS	e:to:SESSION-e41b633abf5898e8:host:172.234.197.23	SESSION-e41b633abf5898e8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e57fbe39684f8bc8:SESSION-e57fbe39684f8bc8	SESSION-e57fbe39684f8bc8 → pe:syn:SESSION-e57fbe39684f8bc8
FLOW_DST_PORTOBS	e:fp:flow:c72b743220d2:port:tcp:56330	flow:c72b743220d2 → port:tcp:56330
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8139f2a89dd46f4b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8139f2a89dd46f4b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1842fb1b2a9a6572:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-1842fb1b2a9a6572 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-cb7b2ae66396fc75:host:177.10.235.178	SESSION-cb7b2ae66396fc75 → host:177.10.235.178
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f8396d269748cb9c:SESSION-f8396d269748cb9c	SESSION-f8396d269748cb9c → pe:syn:SESSION-f8396d269748cb9c
FLOW_DST_PORTOBS	e:fp:flow:ced68eb37f09:port:tcp:41102	flow:ced68eb37f09 → port:tcp:41102
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.89:asn:262880	host:177.10.236.89 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2b68ed671c67acfd:SESSION-2b68ed671c67acfd	SESSION-2b68ed671c67acfd → pe:tls:SESSION-2b68ed671c67acfd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-370545020cd57187:host:172.234.197.23:host:177.10.234.215	SESSION-370545020cd57187 → host:172.234.197.23 → host:177.10.234.215
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-182527d04a349453:flow:a2aa611e0372	SESSION-182527d04a349453 → flow:a2aa611e0372
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9de9d154fbb04a83:host:172.234.197.23	SESSION-9de9d154fbb04a83 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.49:asn:262880	host:177.10.235.49 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-14a32c9f71c15657:host:177.10.235.130	SESSION-14a32c9f71c15657 → host:177.10.235.130
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a38d88507263cddf:host:172.234.197.23:host:45.173.156.173	SESSION-a38d88507263cddf → host:172.234.197.23 → host:45.173.156.173
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.7:geo_-23.62930_-46.63510	host:131.196.30.7 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a19951f5f7590fa9:SESSION-a19951f5f7590fa9	SESSION-a19951f5f7590fa9 → pe:tls:SESSION-a19951f5f7590fa9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a7f859cb03c026fc:SESSION-a7f859cb03c026fc	SESSION-a7f859cb03c026fc → pe:tls:SESSION-a7f859cb03c026fc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d098d799c39976fd:SESSION-d098d799c39976fd	SESSION-d098d799c39976fd → pe:syn:SESSION-d098d799c39976fd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c9381f88305d4e9:host:172.234.197.23	SESSION-8c9381f88305d4e9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09d8680ca1ab1b1e:host:185.231.226.119	SESSION-09d8680ca1ab1b1e → host:185.231.226.119
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-49b6ef2582cca14b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-49b6ef2582cca14b → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ffcf84507219fc2:host:172.234.197.23	SESSION-1ffcf84507219fc2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-add028e8e7760fa2:host:172.234.197.23	SESSION-add028e8e7760fa2 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.151:asn:203771	host:31.40.196.151 → asn:203771
flow_observed4-aryOBS	e:fo:flow:453a45a4daa5	flow:453a45a4daa5 → host:172.234.197.23 → host:177.10.235.46 → port:tcp:32365
HOST_IN_ASNOBS 85%	e:ha:host:3.103.179.97:asn:16509	host:3.103.179.97 → asn:16509
flow_observed5-aryOBS	e:fo:flow:54f02f05c06a	flow:54f02f05c06a → host:131.196.30.54 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-413ea94c965ce051:host:177.10.232.122:host:172.234.197.23	SESSION-413ea94c965ce051 → host:177.10.232.122 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1627b9df9d2fc920:host:172.234.197.23	SESSION-1627b9df9d2fc920 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:780934a9be2c:port:tcp:39361	flow:780934a9be2c → port:tcp:39361
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6d95ea715a47abbc:PCAP:capture_20260430050001:8868731bf8a4	SESSION-6d95ea715a47abbc → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-873a01bbf1ba0d09:SESSION-873a01bbf1ba0d09	SESSION-873a01bbf1ba0d09 → pe:syn:SESSION-873a01bbf1ba0d09
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-46da9b8beaa478c9:SESSION-46da9b8beaa478c9	SESSION-46da9b8beaa478c9 → pe:syn:SESSION-46da9b8beaa478c9
FLOW_FROM_HOSTOBS	e:from:SESSION-c89027ab2a1ddeda:host:51.224.144.61	SESSION-c89027ab2a1ddeda → host:51.224.144.61
FLOW_FROM_HOSTOBS	e:from:SESSION-2634dc5934886659:host:131.196.31.239	SESSION-2634dc5934886659 → host:131.196.31.239
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a24a5811642df328:SESSION-a24a5811642df328	SESSION-a24a5811642df328 → pe:tls:SESSION-a24a5811642df328
flow_observed5-aryOBS	e:fo:flow:c5897cd2d112	flow:c5897cd2d112 → host:177.10.232.149 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:c796175077a2:port:tcp:7663	flow:c796175077a2 → port:tcp:7663
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be868fb861e0a1c8:host:177.10.234.60	SESSION-be868fb861e0a1c8 → host:177.10.234.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a1214f59f834d98:host:172.234.197.23	SESSION-8a1214f59f834d98 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c016235dacd88a4d:host:131.196.31.77:host:172.234.197.23	SESSION-c016235dacd88a4d → host:131.196.31.77 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-603529cff661c41d:host:45.173.156.237	SESSION-603529cff661c41d → host:45.173.156.237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11c0fc2d370ea41a:host:131.196.31.239	SESSION-11c0fc2d370ea41a → host:131.196.31.239
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fd2a5925828b8076:flow:6564d0aa4b14	SESSION-fd2a5925828b8076 → flow:6564d0aa4b14
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c21073699e99172:host:131.196.30.106	SESSION-1c21073699e99172 → host:131.196.30.106
FLOW_DST_PORTOBS	e:fp:flow:ae3a6176a3b5:port:tcp:443	flow:ae3a6176a3b5 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-bff0487aa2cdf6e6:host:172.234.197.23	SESSION-bff0487aa2cdf6e6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9962740ce107c36d:SESSION-9962740ce107c36d	SESSION-9962740ce107c36d → pe:syn:SESSION-9962740ce107c36d
FLOW_DST_PORTOBS	e:fp:flow:8bce020bb4f5:port:tcp:443	flow:8bce020bb4f5 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:80679ec683ee:port:tcp:443	flow:80679ec683ee → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:ae37fe3d14c0	flow:ae37fe3d14c0 → host:172.234.197.23 → host:177.10.235.214 → port:tcp:56200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb9800c0b594ef9b:host:172.234.197.23	SESSION-fb9800c0b594ef9b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-53fb5011e3d13c28:SESSION-53fb5011e3d13c28	SESSION-53fb5011e3d13c28 → pe:tls:SESSION-53fb5011e3d13c28
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9c68429e2f7bfcd9:host:177.10.232.164:host:172.234.197.23	SESSION-9c68429e2f7bfcd9 → host:177.10.232.164 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bd554b279ca00d73:SESSION-bd554b279ca00d73	SESSION-bd554b279ca00d73 → pe:syn:SESSION-bd554b279ca00d73
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.157:asn:262880	host:177.10.237.157 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf1877ae18abdd85:host:172.234.197.23	SESSION-bf1877ae18abdd85 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.1:asn:262880	host:177.10.234.1 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-193ccf82e1088d1d:SESSION-193ccf82e1088d1d	SESSION-193ccf82e1088d1d → pe:tls:SESSION-193ccf82e1088d1d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c56dcfb05d3a50ba:SESSION-c56dcfb05d3a50ba	SESSION-c56dcfb05d3a50ba → pe:syn:SESSION-c56dcfb05d3a50ba
FLOW_FROM_HOSTOBS	e:from:SESSION-5491ebf26b201b1a:host:92.118.39.236	SESSION-5491ebf26b201b1a → host:92.118.39.236
FLOW_FROM_HOSTOBS	e:from:SESSION-382b47d73202b6ac:host:177.10.233.166	SESSION-382b47d73202b6ac → host:177.10.233.166
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-66746867faa9cf3c:SESSION-66746867faa9cf3c	SESSION-66746867faa9cf3c → pe:tls:SESSION-66746867faa9cf3c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14d517e62aef6020:host:172.234.197.23	SESSION-14d517e62aef6020 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c93e3b6f6b78357b:host:177.10.237.94:host:172.234.197.23	SESSION-c93e3b6f6b78357b → host:177.10.237.94 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.234:asn:262880	host:177.10.234.234 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.123:asn:271410	host:131.196.30.123 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-c4d6f38e3582127c:host:131.196.29.206	SESSION-c4d6f38e3582127c → host:131.196.29.206
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-22f2328c9f1b641e:PCAP:capture_20260430090001:065659c7d314	SESSION-22f2328c9f1b641e → PCAP:capture_20260430090001:065659c7d314
flow_observed5-aryOBS	e:fo:flow:e02559d3bb27	flow:e02559d3bb27 → host:131.196.29.201 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7d436d9a2a0e2483:SESSION-7d436d9a2a0e2483	SESSION-7d436d9a2a0e2483 → pe:syn:SESSION-7d436d9a2a0e2483
FLOW_DST_PORTOBS	e:fp:flow:695d32c2bdde:port:tcp:443	flow:695d32c2bdde → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fab752fe97090e4a:host:177.10.238.135:host:172.234.197.23	SESSION-fab752fe97090e4a → host:177.10.238.135 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d6c901db44791138:SESSION-d6c901db44791138	SESSION-d6c901db44791138 → pe:syn:SESSION-d6c901db44791138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1e0a6d0f6eee882:host:177.10.235.165	SESSION-d1e0a6d0f6eee882 → host:177.10.235.165
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-305a85099066f209:host:172.234.197.23:host:131.196.28.242	SESSION-305a85099066f209 → host:172.234.197.23 → host:131.196.28.242
FLOW_DST_PORTOBS	e:fp:flow:f8ad8461587d:port:tcp:25059	flow:f8ad8461587d → port:tcp:25059
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:5.75.182.251:geo_49.45270_11.07830	host:5.75.182.251 → geo_49.45270_11.07830
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-314616832d67d639:host:172.234.197.23	SESSION-314616832d67d639 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5941954cc437ab4:host:172.234.197.23	SESSION-f5941954cc437ab4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:071f43f6adb4:port:tcp:5220	flow:071f43f6adb4 → port:tcp:5220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-69c66b3db447dca1:SESSION-69c66b3db447dca1	SESSION-69c66b3db447dca1 → pe:syn:SESSION-69c66b3db447dca1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1227c455b771a86:flow:98475c8ec4d7	SESSION-d1227c455b771a86 → flow:98475c8ec4d7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4799248f1ba6e544:flow:6d32e46c8f2d	SESSION-4799248f1ba6e544 → flow:6d32e46c8f2d
FLOW_DST_PORTOBS	e:fp:flow:0e7e44787360:port:tcp:43216	flow:0e7e44787360 → port:tcp:43216
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ce4962ca3a156ee:host:177.10.237.12	SESSION-0ce4962ca3a156ee → host:177.10.237.12
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5c439db2cd1990c9:host:177.10.233.212:host:172.234.197.23	SESSION-5c439db2cd1990c9 → host:177.10.233.212 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7ff9648a7e097bde:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7ff9648a7e097bde → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b8196f582d24c6a3:host:172.234.197.23:host:177.10.235.72	SESSION-b8196f582d24c6a3 → host:172.234.197.23 → host:177.10.235.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8a52e21a979a3cd:SESSION-c8a52e21a979a3cd	SESSION-c8a52e21a979a3cd → pe:syn:SESSION-c8a52e21a979a3cd
FLOW_FROM_HOSTOBS	e:from:SESSION-4ec222cc1c3a7faf:host:172.234.197.23	SESSION-4ec222cc1c3a7faf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58a871785a3878fd:host:45.173.156.126	SESSION-58a871785a3878fd → host:45.173.156.126
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d59ad8978cc7e8b9:SESSION-d59ad8978cc7e8b9	SESSION-d59ad8978cc7e8b9 → pe:tls:SESSION-d59ad8978cc7e8b9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65aa50b6e4bd0a70:SESSION-65aa50b6e4bd0a70	SESSION-65aa50b6e4bd0a70 → pe:syn:SESSION-65aa50b6e4bd0a70
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6bd47d8fd21ead6d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6bd47d8fd21ead6d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-48bb234f8161dc4f:PCAP:capture_20260430080001:93f47cc296a4	SESSION-48bb234f8161dc4f → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-010644d8880e6139:host:177.10.234.85	SESSION-010644d8880e6139 → host:177.10.234.85
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d59ad8978cc7e8b9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d59ad8978cc7e8b9 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-6b6e18a39fae0db6:BSG-BEACON-44d72b66ad6e	SESSION-6b6e18a39fae0db6 → BSG-BEACON-44d72b66ad6e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-296f629f4229b1a2:host:177.10.238.104	SESSION-296f629f4229b1a2 → host:177.10.238.104
FLOW_TO_HOSTOBS	e:to:SESSION-ddbd1238f020bf6b:host:172.234.197.23	SESSION-ddbd1238f020bf6b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.14:geo_-21.10010_-41.69200	host:45.173.156.14 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1fdaf54c444b72c0:flow:c550b9d61da6	SESSION-1fdaf54c444b72c0 → flow:c550b9d61da6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-946275ea323f6900:host:172.234.197.23	SESSION-946275ea323f6900 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5712989ddbf4728b:host:172.234.197.23	SESSION-5712989ddbf4728b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b84527735a90d253:host:177.10.235.175	SESSION-b84527735a90d253 → host:177.10.235.175
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b88c76d0206f2960:host:185.231.226.117	SESSION-b88c76d0206f2960 → host:185.231.226.117
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1e699a2f9558bf8d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-1e699a2f9558bf8d → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:a5e08dfdbc67	flow:a5e08dfdbc67 → host:131.196.30.226 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-042ef885e77347e7:host:131.196.28.48	SESSION-042ef885e77347e7 → host:131.196.28.48
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-f0f5313432825fa0:BSG-BEACON-5c9176894196	SESSION-f0f5313432825fa0 → BSG-BEACON-5c9176894196
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a4fdea987cb08476:SESSION-a4fdea987cb08476	SESSION-a4fdea987cb08476 → pe:syn:SESSION-a4fdea987cb08476
flow_observed5-aryOBS	e:fo:flow:91e9ca77788c	flow:91e9ca77788c → host:177.10.236.46 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c265ba6f34eebd39:host:172.234.197.23:host:177.10.233.86	SESSION-c265ba6f34eebd39 → host:172.234.197.23 → host:177.10.233.86
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-174e61a8ff8b9c0e:SESSION-174e61a8ff8b9c0e	SESSION-174e61a8ff8b9c0e → pe:tls:SESSION-174e61a8ff8b9c0e
flow_observed5-aryOBS	e:fo:flow:268abe73678d	flow:268abe73678d → host:177.10.238.20 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10d6a2736c7d59d6:host:177.10.237.115	SESSION-10d6a2736c7d59d6 → host:177.10.237.115
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf00afe8057eb986:SESSION-bf00afe8057eb986	SESSION-bf00afe8057eb986 → pe:tls:SESSION-bf00afe8057eb986
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3762cafcd0c66be2:SESSION-3762cafcd0c66be2	SESSION-3762cafcd0c66be2 → pe:syn:SESSION-3762cafcd0c66be2
FLOW_FROM_HOSTOBS	e:from:SESSION-b99a2a75b4ae9e98:host:172.234.197.23	SESSION-b99a2a75b4ae9e98 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b0ca3b8aea25b593:host:172.234.197.23:host:45.173.156.221	SESSION-b0ca3b8aea25b593 → host:172.234.197.23 → host:45.173.156.221
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.193:geo_-21.10010_-41.69200	host:45.173.156.193 → geo_-21.10010_-41.69200
flow_observed5-aryOBS	e:fo:flow:767b7fbc3076	flow:767b7fbc3076 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4d1df89a4cf6f008:SESSION-4d1df89a4cf6f008	SESSION-4d1df89a4cf6f008 → pe:syn:SESSION-4d1df89a4cf6f008
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b9a69c63a7b588de:SESSION-b9a69c63a7b588de	SESSION-b9a69c63a7b588de → pe:tls:SESSION-b9a69c63a7b588de
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77162e002cdf71b4:flow:39468f538c38	SESSION-77162e002cdf71b4 → flow:39468f538c38
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-923fbccf43ed644a:PCAP:capture_20260430060001:919b39a74464	SESSION-923fbccf43ed644a → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-c93e86640e8945ad:host:172.234.197.23	SESSION-c93e86640e8945ad → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1053aee7675dcd07:PCAP:capture_20260430090001:065659c7d314	SESSION-1053aee7675dcd07 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9c825a37bb7881b6:flow:2df3ee5e9ff6	SESSION-9c825a37bb7881b6 → flow:2df3ee5e9ff6
flow_observed5-aryOBS	e:fo:flow:895c616786e2	flow:895c616786e2 → host:177.10.236.248 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:0f5278c2bb93	flow:0f5278c2bb93 → host:172.234.197.23 → host:131.196.29.233 → port:tcp:4849
FLOW_DST_PORTOBS	e:fp:flow:16f299dc4ccd:port:tcp:31347	flow:16f299dc4ccd → port:tcp:31347
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e2713dc0653d6ae5:SESSION-e2713dc0653d6ae5	SESSION-e2713dc0653d6ae5 → pe:tls:SESSION-e2713dc0653d6ae5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ae53b938ea3675b:SESSION-2ae53b938ea3675b	SESSION-2ae53b938ea3675b → pe:tls:SESSION-2ae53b938ea3675b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c70f7d0fa3cda32b:flow:43c799553914	SESSION-c70f7d0fa3cda32b → flow:43c799553914
FLOW_TO_HOSTOBS	e:to:SESSION-d0ac7328414c6be9:host:172.234.197.23	SESSION-d0ac7328414c6be9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-30052afb1f0268ab:SESSION-30052afb1f0268ab	SESSION-30052afb1f0268ab → pe:syn:SESSION-30052afb1f0268ab
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-309223c775254000:host:172.234.197.23	SESSION-309223c775254000 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b2ef26ffc34a	flow:b2ef26ffc34a → host:177.10.234.29 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-13b449bea21c4b54:host:172.234.197.23	SESSION-13b449bea21c4b54 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.192:asn:271410	host:131.196.29.192 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-29f6930bb002305c:host:172.234.197.23	SESSION-29f6930bb002305c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a9465144cfd4:port:tcp:443	flow:a9465144cfd4 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:3.103.16.171:asn:16509	host:3.103.16.171 → asn:16509
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4b6b757282734812:flow:bea8c9a6d915	SESSION-4b6b757282734812 → flow:bea8c9a6d915
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3573d87c5a129f8e:SESSION-3573d87c5a129f8e	SESSION-3573d87c5a129f8e → pe:tls:SESSION-3573d87c5a129f8e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37ba5323333f9720:PCAP:capture_20260430060001:919b39a74464	SESSION-37ba5323333f9720 → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:fd960eced17a	flow:fd960eced17a → host:177.10.232.112 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-bded37485db78f4a:host:172.234.197.23	SESSION-bded37485db78f4a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57be4ad64c21b6c4:host:54.186.85.102	SESSION-57be4ad64c21b6c4 → host:54.186.85.102
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a1d147c13acfa404:SESSION-a1d147c13acfa404	SESSION-a1d147c13acfa404 → pe:tls:SESSION-a1d147c13acfa404
FLOW_TO_HOSTOBS	e:to:SESSION-397164cbc5836ff1:host:172.234.197.23	SESSION-397164cbc5836ff1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a88c1288033e7cc:SESSION-0a88c1288033e7cc	SESSION-0a88c1288033e7cc → pe:tls:SESSION-0a88c1288033e7cc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2eaffc60d664a8c9:SESSION-2eaffc60d664a8c9	SESSION-2eaffc60d664a8c9 → pe:tls:SESSION-2eaffc60d664a8c9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-62b98bdaf08d2190:host:172.234.197.23	SESSION-62b98bdaf08d2190 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ab83f0ea1c3b60ab:host:172.234.197.23:host:131.196.29.103	SESSION-ab83f0ea1c3b60ab → host:172.234.197.23 → host:131.196.29.103
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-361b290e75b75885:SESSION-361b290e75b75885	SESSION-361b290e75b75885 → pe:syn:SESSION-361b290e75b75885
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9354322f5192915a:host:172.234.197.23:host:80.94.92.182	SESSION-9354322f5192915a → host:172.234.197.23 → host:80.94.92.182
FLOW_TO_HOSTOBS	e:to:SESSION-8c058dbfcf0ab82c:host:177.10.235.78	SESSION-8c058dbfcf0ab82c → host:177.10.235.78
flow_observed4-aryOBS	e:fo:flow:a180cbe63e4a	flow:a180cbe63e4a → host:172.234.197.23 → host:177.10.237.127 → port:tcp:54290
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2dd1a49fa9f1084b:SESSION-2dd1a49fa9f1084b	SESSION-2dd1a49fa9f1084b → pe:tls:SESSION-2dd1a49fa9f1084b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f4d08df9b5b22c8b:flow:3a5d21cafa01	SESSION-f4d08df9b5b22c8b → flow:3a5d21cafa01
flow_observed5-aryOBS	e:fo:flow:05cfa6aaf4d0	flow:05cfa6aaf4d0 → host:177.10.239.5 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-52e5c47434ed6c74:SESSION-52e5c47434ed6c74	SESSION-52e5c47434ed6c74 → pe:syn:SESSION-52e5c47434ed6c74
flow_observed5-aryOBS	e:fo:flow:7a193ca4e32c	flow:7a193ca4e32c → host:177.10.236.201 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-40dbede277a2e1b2:host:131.196.29.221	SESSION-40dbede277a2e1b2 → host:131.196.29.221
FLOW_DST_PORTOBS	e:fp:flow:33ab980b5e65:port:tcp:41190	flow:33ab980b5e65 → port:tcp:41190
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-415460770952c9a4:SESSION-415460770952c9a4	SESSION-415460770952c9a4 → pe:syn:SESSION-415460770952c9a4
flow_observed5-aryOBS	e:fo:flow:c01c58d7db69	flow:c01c58d7db69 → host:95.135.228.52 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1844a866ec523fcf:host:131.196.30.132:host:172.234.197.23	SESSION-1844a866ec523fcf → host:131.196.30.132 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.35:asn:262880	host:177.10.232.35 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ea9485b82ac2233:host:177.10.234.144	SESSION-3ea9485b82ac2233 → host:177.10.234.144
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7d9537ea92aed5d6:flow:54fe7b40f46e	SESSION-7d9537ea92aed5d6 → flow:54fe7b40f46e
FLOW_DST_PORTOBS	e:fp:flow:263550df47f0:port:tcp:64164	flow:263550df47f0 → port:tcp:64164
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f56adc7043a43d99:host:131.196.29.255	SESSION-f56adc7043a43d99 → host:131.196.29.255
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-350febc37b3f152d:SESSION-350febc37b3f152d	SESSION-350febc37b3f152d → pe:syn:SESSION-350febc37b3f152d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ad3aa4b6b6de70e6:SESSION-ad3aa4b6b6de70e6	SESSION-ad3aa4b6b6de70e6 → pe:syn:SESSION-ad3aa4b6b6de70e6
FLOW_FROM_HOSTOBS	e:from:SESSION-9e2a4babdc2dc965:host:185.231.226.226	SESSION-9e2a4babdc2dc965 → host:185.231.226.226
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0caa41ae62241956:host:172.234.197.23	SESSION-0caa41ae62241956 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-091d255d08b85143:host:172.234.197.23	SESSION-091d255d08b85143 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a457a833cb01b1f:flow:788aa44c6648	SESSION-4a457a833cb01b1f → flow:788aa44c6648
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2290de8fcf2817df:PCAP:capture_20260430050001:8868731bf8a4	SESSION-2290de8fcf2817df → PCAP:capture_20260430050001:8868731bf8a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-032a0dfc971c5b00:host:177.10.232.180:host:172.234.197.23	SESSION-032a0dfc971c5b00 → host:177.10.232.180 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:46ffb306339f:port:tcp:443	flow:46ffb306339f → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.245:asn:203771	host:185.231.226.245 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:43e026d41eaa:port:tcp:443	flow:43e026d41eaa → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:4c205cbdc775	flow:4c205cbdc775 → host:172.234.197.23 → host:45.173.156.189 → port:tcp:17824
flow_observed5-aryOBS	e:fo:flow:5227bbafa149	flow:5227bbafa149 → host:185.231.226.45 → host:172.234.197.23 → port:tcp:80 → svc:http
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.32:asn:271410	host:131.196.31.32 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1863330d3e94cce5:SESSION-1863330d3e94cce5	SESSION-1863330d3e94cce5 → pe:tls:SESSION-1863330d3e94cce5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37c43e7a9f6dcf12:host:177.10.235.194:host:172.234.197.23	SESSION-37c43e7a9f6dcf12 → host:177.10.235.194 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1274fc3e3cafac71:flow:52814a3d9563	SESSION-1274fc3e3cafac71 → flow:52814a3d9563
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4fd6590fe23ccd99:SESSION-4fd6590fe23ccd99	SESSION-4fd6590fe23ccd99 → pe:tls:SESSION-4fd6590fe23ccd99
flow_observed5-aryOBS	e:fo:flow:fdac8cc665b7	flow:fdac8cc665b7 → host:177.10.237.127 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-8cb5baa2c4d67a55:host:131.196.28.248	SESSION-8cb5baa2c4d67a55 → host:131.196.28.248
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db1ee555567b9b22:SESSION-db1ee555567b9b22	SESSION-db1ee555567b9b22 → pe:tls:SESSION-db1ee555567b9b22
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e987eea1f59290d7:flow:cc3f6535fb07	SESSION-e987eea1f59290d7 → flow:cc3f6535fb07
FLOW_FROM_HOSTOBS	e:from:SESSION-eec2a7691ff15afc:host:131.196.31.197	SESSION-eec2a7691ff15afc → host:131.196.31.197
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-38ea28f2e42013a7:SESSION-38ea28f2e42013a7	SESSION-38ea28f2e42013a7 → pe:tls:SESSION-38ea28f2e42013a7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74505beccb017396:host:172.234.197.23	SESSION-74505beccb017396 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da4440e5d8ead4fe:host:177.10.239.2	SESSION-da4440e5d8ead4fe → host:177.10.239.2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e8651e0c063dc0a:host:172.234.197.23	SESSION-5e8651e0c063dc0a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1f44963c65f506a9:host:131.196.29.170	SESSION-1f44963c65f506a9 → host:131.196.29.170
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.250:geo_-23.62930_-46.63510	host:131.196.31.250 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-97bd7f793ae0ea11:host:172.234.197.23	SESSION-97bd7f793ae0ea11 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:04241806c2ac:port:tcp:443	flow:04241806c2ac → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.186:geo_-16.28860_-49.01640	host:177.10.235.186 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ab1dfc7616ca079a:flow:8641bd54d117	SESSION-ab1dfc7616ca079a → flow:8641bd54d117
FLOW_FROM_HOSTOBS	e:from:SESSION-030b2a260e8012dd:host:131.196.31.138	SESSION-030b2a260e8012dd → host:131.196.31.138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84669169ffdf0c83:host:172.234.197.23	SESSION-84669169ffdf0c83 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96b1920351aaff79:host:172.234.197.23	SESSION-96b1920351aaff79 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-687ff071deb77d90:host:177.10.239.250:host:172.234.197.23	SESSION-687ff071deb77d90 → host:177.10.239.250 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0537be800f2fa6cb:host:45.173.156.110:host:172.234.197.23	SESSION-0537be800f2fa6cb → host:45.173.156.110 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.67:asn:271410	host:131.196.29.67 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:140.179.228.29:asn:9808	host:140.179.228.29 → asn:9808
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-200a4f7a7e5b3996:SESSION-200a4f7a7e5b3996	SESSION-200a4f7a7e5b3996 → pe:syn:SESSION-200a4f7a7e5b3996
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1f0a0478f83cd119:SESSION-1f0a0478f83cd119	SESSION-1f0a0478f83cd119 → pe:tls:SESSION-1f0a0478f83cd119
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-98544383f10b4583:SESSION-98544383f10b4583	SESSION-98544383f10b4583 → pe:syn:SESSION-98544383f10b4583
FLOW_FROM_HOSTOBS	e:from:SESSION-843bbb86e5601bd5:host:131.196.31.142	SESSION-843bbb86e5601bd5 → host:131.196.31.142
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-08463d47d249df1d:SESSION-08463d47d249df1d	SESSION-08463d47d249df1d → pe:tls:SESSION-08463d47d249df1d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b481f21a133f6fd1:SESSION-b481f21a133f6fd1	SESSION-b481f21a133f6fd1 → pe:tls:SESSION-b481f21a133f6fd1
FLOW_TO_HOSTOBS	e:to:SESSION-a40236c67828800b:host:177.10.239.40	SESSION-a40236c67828800b → host:177.10.239.40
FLOW_TO_HOSTOBS	e:to:SESSION-2ee9ba8cae5cc2ab:host:172.234.197.23	SESSION-2ee9ba8cae5cc2ab → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6afafa975f8bbed9:flow:f61fd76e10dc	SESSION-6afafa975f8bbed9 → flow:f61fd76e10dc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb444db8c099bc0f:host:131.196.30.227	SESSION-cb444db8c099bc0f → host:131.196.30.227
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-23aaa31711ea4954:flow:e762cb0e4cde	SESSION-23aaa31711ea4954 → flow:e762cb0e4cde
HOST_IN_ASNOBS 85%	e:ha:host:51.94.180.11:asn:16509	host:51.94.180.11 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d220051223525d86:host:172.234.197.23	SESSION-d220051223525d86 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b12621bc2223af13:host:172.234.197.23	SESSION-b12621bc2223af13 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1bc39f4f18cf27f2:flow:c42148660ed1	SESSION-1bc39f4f18cf27f2 → flow:c42148660ed1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.73:geo_-16.28860_-49.01640	host:177.10.232.73 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:a11f7059b6b2:port:tcp:443	flow:a11f7059b6b2 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-92cb25b3a2aea70a:SESSION-92cb25b3a2aea70a	SESSION-92cb25b3a2aea70a → pe:tls:SESSION-92cb25b3a2aea70a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7b11513eff2bd1e6:SESSION-7b11513eff2bd1e6	SESSION-7b11513eff2bd1e6 → pe:syn:SESSION-7b11513eff2bd1e6
FLOW_TO_HOSTOBS	e:to:SESSION-59e3e2edbc9b18fa:host:172.234.197.23	SESSION-59e3e2edbc9b18fa → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fbd574144622ed91:host:131.196.30.83	SESSION-fbd574144622ed91 → host:131.196.30.83
FLOW_DST_PORTOBS	e:fp:flow:34a634025f7d:port:tcp:443	flow:34a634025f7d → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6b4752d4afe8ec71:host:177.10.232.105:host:172.234.197.23	SESSION-6b4752d4afe8ec71 → host:177.10.232.105 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd05928698dec5c4:host:172.234.197.23	SESSION-dd05928698dec5c4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fa2c6f134f69:port:tcp:11224	flow:fa2c6f134f69 → port:tcp:11224
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65029066d9cd1f24:SESSION-65029066d9cd1f24	SESSION-65029066d9cd1f24 → pe:syn:SESSION-65029066d9cd1f24
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-75c0f4fa43b2bfb9:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-75c0f4fa43b2bfb9 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d0bad8110700772:PCAP:capture_20260430160001:9bfa4498506a	SESSION-1d0bad8110700772 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed4-aryOBS	e:fo:flow:563f5b886e49	flow:563f5b886e49 → host:172.234.197.23 → host:177.10.233.197 → port:tcp:42802
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96639b4b4a33e422:host:131.196.28.56	SESSION-96639b4b4a33e422 → host:131.196.28.56
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-602a14335703e220:SESSION-602a14335703e220	SESSION-602a14335703e220 → pe:syn:SESSION-602a14335703e220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8e6988ed77a3d110:SESSION-8e6988ed77a3d110	SESSION-8e6988ed77a3d110 → pe:syn:SESSION-8e6988ed77a3d110
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.120:asn:271410	host:131.196.30.120 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-82e825a4afeeff6a:SESSION-82e825a4afeeff6a	SESSION-82e825a4afeeff6a → pe:syn:SESSION-82e825a4afeeff6a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d04c60e569cc19ba:host:177.10.237.83:host:172.234.197.23	SESSION-d04c60e569cc19ba → host:177.10.237.83 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b20cde943d03	flow:b20cde943d03 → host:177.10.239.210 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-4059a39607153158:host:172.234.197.23	SESSION-4059a39607153158 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8c5fe81cc60001f5:host:172.234.197.23	SESSION-8c5fe81cc60001f5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2f7459dc5743:port:tcp:443	flow:2f7459dc5743 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c92176ee8d876ba:host:172.234.197.23	SESSION-6c92176ee8d876ba → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-82093c184ece9713:host:172.234.197.23	SESSION-82093c184ece9713 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-276107f90ab0c118:host:172.234.197.23:host:177.10.236.51	SESSION-276107f90ab0c118 → host:172.234.197.23 → host:177.10.236.51
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.110:geo_-23.62930_-46.63510	host:131.196.31.110 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60dab6a51248be22:host:131.196.28.209	SESSION-60dab6a51248be22 → host:131.196.28.209
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-36a0a9e003021f23:flow:88fcb1cd71e8	SESSION-36a0a9e003021f23 → flow:88fcb1cd71e8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b670e7c5e0a8e3a1:flow:bcf0ab95c867	SESSION-b670e7c5e0a8e3a1 → flow:bcf0ab95c867
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c58b004ff38abe14:PCAP:capture_20260430090001:065659c7d314	SESSION-c58b004ff38abe14 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-8f0e5de26982cc62:host:131.196.28.207	SESSION-8f0e5de26982cc62 → host:131.196.28.207
FLOW_TO_HOSTOBS	e:to:SESSION-75bc03759038657d:host:172.234.197.23	SESSION-75bc03759038657d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5d5d721b5ee8bbbc:host:172.234.197.23	SESSION-5d5d721b5ee8bbbc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b2c61460e754c8f6:host:177.10.239.155	SESSION-b2c61460e754c8f6 → host:177.10.239.155
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.216:asn:262880	host:177.10.236.216 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b23254615c6167a0:SESSION-b23254615c6167a0	SESSION-b23254615c6167a0 → pe:syn:SESSION-b23254615c6167a0
FLOW_FROM_HOSTOBS	e:from:SESSION-893e080e65f2ed4f:host:172.234.197.23	SESSION-893e080e65f2ed4f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4f12bb9f5880e55b:host:177.10.236.77:host:172.234.197.23	SESSION-4f12bb9f5880e55b → host:177.10.236.77 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4cc2e8571100ea2b:host:172.234.197.23	SESSION-4cc2e8571100ea2b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a40236c67828800b:host:172.234.197.23	SESSION-a40236c67828800b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-498c2476ff0ce5ee:host:131.196.29.166	SESSION-498c2476ff0ce5ee → host:131.196.29.166
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-548dd69287ac8927:host:177.10.234.199:host:172.234.197.23	SESSION-548dd69287ac8927 → host:177.10.234.199 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-abf4853d72eba17e:flow:cb1ecbcc370c	SESSION-abf4853d72eba17e → flow:cb1ecbcc370c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e5490e36eb363059:PCAP:capture_20260430080001:93f47cc296a4	SESSION-e5490e36eb363059 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa32b0aa2bffc0b5:SESSION-aa32b0aa2bffc0b5	SESSION-aa32b0aa2bffc0b5 → pe:syn:SESSION-aa32b0aa2bffc0b5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e7f6e07782bad0e:host:172.234.197.23	SESSION-5e7f6e07782bad0e → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-16b33dfc60975324:BSG-DATA_EXFIL-d6bcad8adb94	SESSION-16b33dfc60975324 → BSG-DATA_EXFIL-d6bcad8adb94
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.39:geo_-16.28860_-49.01640	host:177.10.233.39 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:bdad748541b4	flow:bdad748541b4 → host:177.10.233.167 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f21aae4e1b352568:flow:f3d64f6abe2d	SESSION-f21aae4e1b352568 → flow:f3d64f6abe2d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-51de65c9ef505a13:SESSION-51de65c9ef505a13	SESSION-51de65c9ef505a13 → pe:tls:SESSION-51de65c9ef505a13
FLOW_DST_PORTOBS	e:fp:flow:76a208af53a8:port:tcp:28569	flow:76a208af53a8 → port:tcp:28569
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e5ba4a44df249a00:flow:adc510d649e0	SESSION-e5ba4a44df249a00 → flow:adc510d649e0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.85:geo_-16.28860_-49.01640	host:177.10.233.85 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6050ca7af62c0465:host:45.173.156.137	SESSION-6050ca7af62c0465 → host:45.173.156.137
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.254:asn:262880	host:177.10.238.254 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-324907e130151d7d:SESSION-324907e130151d7d	SESSION-324907e130151d7d → pe:tls:SESSION-324907e130151d7d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa372e44ee6fb3e7:host:172.234.197.23:host:131.196.30.157	SESSION-aa372e44ee6fb3e7 → host:172.234.197.23 → host:131.196.30.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3f7e801a59e8e93f:SESSION-3f7e801a59e8e93f	SESSION-3f7e801a59e8e93f → pe:tls:SESSION-3f7e801a59e8e93f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-79760fcdb710bc7a:SESSION-79760fcdb710bc7a	SESSION-79760fcdb710bc7a → pe:syn:SESSION-79760fcdb710bc7a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:163.192.126.71:geo_41.84860_-87.62880	host:163.192.126.71 → geo_41.84860_-87.62880
FLOW_TO_HOSTOBS	e:to:SESSION-37451ceb7f45e2a3:host:172.234.197.23	SESSION-37451ceb7f45e2a3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fa3e9fc803f342ab:SESSION-fa3e9fc803f342ab	SESSION-fa3e9fc803f342ab → pe:tls:SESSION-fa3e9fc803f342ab
FLOW_FROM_HOSTOBS	e:from:SESSION-ef90c0e24c7a1c11:host:172.234.197.23	SESSION-ef90c0e24c7a1c11 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4614700214209776:host:177.10.239.98:host:172.234.197.23	SESSION-4614700214209776 → host:177.10.239.98 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f016f4a38011f9c:flow:4ce3ce5880fe	SESSION-4f016f4a38011f9c → flow:4ce3ce5880fe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c6fd3205e4a34033:SESSION-c6fd3205e4a34033	SESSION-c6fd3205e4a34033 → pe:tls:SESSION-c6fd3205e4a34033
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e703980a48f1e09:PCAP:capture_20260430070001:903a0e7a436b	SESSION-4e703980a48f1e09 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9c4ebc5699ec1c63:SESSION-9c4ebc5699ec1c63	SESSION-9c4ebc5699ec1c63 → pe:tls:SESSION-9c4ebc5699ec1c63
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-48482b2d296d23e2:flow:f77ce7a71f03	SESSION-48482b2d296d23e2 → flow:f77ce7a71f03
FLOW_FROM_HOSTOBS	e:from:SESSION-4e094b52f54dff79:host:172.234.197.23	SESSION-4e094b52f54dff79 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.176:geo_-23.62930_-46.63510	host:131.196.30.176 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1e2a6d6aa009e10c:host:172.234.197.23:host:131.196.28.216	SESSION-1e2a6d6aa009e10c → host:172.234.197.23 → host:131.196.28.216
FLOW_TO_HOSTOBS	e:to:SESSION-a73f5b0635e28ad4:host:172.234.197.23	SESSION-a73f5b0635e28ad4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1532b7922e59746:flow:7dadcd6ecb3a	SESSION-d1532b7922e59746 → flow:7dadcd6ecb3a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f2cbf1ff9debe345:flow:9966d446f9da	SESSION-f2cbf1ff9debe345 → flow:9966d446f9da
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aab54ece2b0af0b4:SESSION-aab54ece2b0af0b4	SESSION-aab54ece2b0af0b4 → pe:tls:SESSION-aab54ece2b0af0b4
FLOW_FROM_HOSTOBS	e:from:SESSION-be374c360242db8a:host:172.234.197.23	SESSION-be374c360242db8a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:89234f33732b:port:tcp:443	flow:89234f33732b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27536868d2d29d68:host:172.234.197.23	SESSION-27536868d2d29d68 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-eb2fd2ce02add556:host:45.173.156.13	SESSION-eb2fd2ce02add556 → host:45.173.156.13
FLOW_TO_HOSTOBS	e:to:SESSION-e08dddd9edfa5277:host:172.234.197.23	SESSION-e08dddd9edfa5277 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2344215c9738:port:tcp:443	flow:2344215c9738 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-382b47d73202b6ac:host:172.234.197.23	SESSION-382b47d73202b6ac → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6a526367cd4a:port:tcp:443	flow:6a526367cd4a → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-28ea3e411a2de5c2:host:172.234.197.23	SESSION-28ea3e411a2de5c2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ade0b807fe10f93e:host:172.234.197.23	SESSION-ade0b807fe10f93e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b869f0759406bd5:host:172.234.197.23	SESSION-4b869f0759406bd5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-82e825a4afeeff6a:host:177.10.237.127	SESSION-82e825a4afeeff6a → host:177.10.237.127
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-848626bce2ee7b76:PCAP:capture_20260430110001:43611bdf6759	SESSION-848626bce2ee7b76 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4dda4cfeb9223891:flow:60519bb0000c	SESSION-4dda4cfeb9223891 → flow:60519bb0000c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.44:geo_-23.62930_-46.63510	host:131.196.30.44 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-cfe71d52ef2e928b:host:172.234.197.23	SESSION-cfe71d52ef2e928b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42eae260ad8ea663:host:177.10.233.144	SESSION-42eae260ad8ea663 → host:177.10.233.144
FLOW_DST_PORTOBS	e:fp:flow:cc19df9248ba:port:tcp:443	flow:cc19df9248ba → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-4939a9166796718f:host:177.10.239.255	SESSION-4939a9166796718f → host:177.10.239.255
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2e316662e5f9d5ce:SESSION-2e316662e5f9d5ce	SESSION-2e316662e5f9d5ce → pe:syn:SESSION-2e316662e5f9d5ce
FLOW_DST_PORTOBS	e:fp:flow:92c6a8c1353a:port:tcp:57256	flow:92c6a8c1353a → port:tcp:57256
FLOW_FROM_HOSTOBS	e:from:SESSION-7828bb27afafcc71:host:131.196.30.185	SESSION-7828bb27afafcc71 → host:131.196.30.185
FLOW_FROM_HOSTOBS	e:from:SESSION-a519ad2ae4c53179:host:177.10.233.76	SESSION-a519ad2ae4c53179 → host:177.10.233.76
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-85c181ffe8433ff0:SESSION-85c181ffe8433ff0	SESSION-85c181ffe8433ff0 → pe:tls:SESSION-85c181ffe8433ff0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-295c5f4e2a8126b8:host:177.10.233.58	SESSION-295c5f4e2a8126b8 → host:177.10.233.58
FLOW_FROM_HOSTOBS	e:from:SESSION-55979c68784410e0:host:177.10.232.81	SESSION-55979c68784410e0 → host:177.10.232.81
FLOW_DST_PORTOBS	e:fp:flow:c532203a3a00:port:tcp:443	flow:c532203a3a00 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-9cb4473bd3389dab:host:131.196.28.34	SESSION-9cb4473bd3389dab → host:131.196.28.34
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-49ea8e2d7734ace3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-49ea8e2d7734ace3 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed4-aryOBS	e:fo:flow:e78a93729722	flow:e78a93729722 → host:172.234.197.23 → host:177.10.239.35 → port:tcp:28512
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-cc1c86e42be942bd:BSG-BEACON-a8a8c3c8a37f	SESSION-cc1c86e42be942bd → BSG-BEACON-a8a8c3c8a37f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fd9b76b5230e873:host:131.196.31.157	SESSION-3fd9b76b5230e873 → host:131.196.31.157
flow_observed5-aryOBS	e:fo:flow:3c53acf68acf	flow:3c53acf68acf → host:177.10.239.70 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-b1cf957f4a121d77:host:172.234.197.23	SESSION-b1cf957f4a121d77 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ccf862d3dae518e:flow:ae7fdfef3c61	SESSION-8ccf862d3dae518e → flow:ae7fdfef3c61
FLOW_FROM_HOSTOBS	e:from:SESSION-a9042bd9c6a81d17:host:177.10.237.4	SESSION-a9042bd9c6a81d17 → host:177.10.237.4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-52edb7664c060999:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-52edb7664c060999 → PCAP:capture_20260428000001:7e90c7cb899e
FLOW_FROM_HOSTOBS	e:from:SESSION-fdb0bb1f6466838c:host:177.10.237.49	SESSION-fdb0bb1f6466838c → host:177.10.237.49
FLOW_FROM_HOSTOBS	e:from:SESSION-63fc840f6df40503:host:131.196.29.253	SESSION-63fc840f6df40503 → host:131.196.29.253
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5bfd6f31a89c294d:SESSION-5bfd6f31a89c294d	SESSION-5bfd6f31a89c294d → pe:tls:SESSION-5bfd6f31a89c294d
flow_observed4-aryOBS	e:fo:flow:d1de667db311	flow:d1de667db311 → host:172.234.197.23 → host:45.173.156.217 → port:tcp:14914
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3afd88a73e32b466:SESSION-3afd88a73e32b466	SESSION-3afd88a73e32b466 → pe:syn:SESSION-3afd88a73e32b466
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.34:geo_-23.62930_-46.63510	host:131.196.29.34 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-b9574d05ba0801a5:SESSION-b9574d05ba0801a5	SESSION-b9574d05ba0801a5 → pe:rst:SESSION-b9574d05ba0801a5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-86f296cd3a39a7c2:SESSION-86f296cd3a39a7c2	SESSION-86f296cd3a39a7c2 → pe:tls:SESSION-86f296cd3a39a7c2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1e0a6d0f6eee882:host:172.234.197.23	SESSION-d1e0a6d0f6eee882 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4449fca2fd34af5e:SESSION-4449fca2fd34af5e	SESSION-4449fca2fd34af5e → pe:tls:SESSION-4449fca2fd34af5e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0119815c01d3319:SESSION-c0119815c01d3319	SESSION-c0119815c01d3319 → pe:syn:SESSION-c0119815c01d3319
FLOW_DST_PORTOBS	e:fp:flow:02bc2d91641b:port:tcp:443	flow:02bc2d91641b → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65d310d8fe50c39e:PCAP:capture_20260430090001:065659c7d314	SESSION-65d310d8fe50c39e → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c7409e3f74011df2:SESSION-c7409e3f74011df2	SESSION-c7409e3f74011df2 → pe:tls:SESSION-c7409e3f74011df2
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.243:asn:273470	host:45.173.156.243 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7bea4de6efa859da:SESSION-7bea4de6efa859da	SESSION-7bea4de6efa859da → pe:tls:SESSION-7bea4de6efa859da
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-19009ef53e5ab2ef:SESSION-19009ef53e5ab2ef	SESSION-19009ef53e5ab2ef → pe:syn:SESSION-19009ef53e5ab2ef
FLOW_FROM_HOSTOBS	e:from:SESSION-67ad2a69e8a9ea9e:host:131.196.30.36	SESSION-67ad2a69e8a9ea9e → host:131.196.30.36
FLOW_DST_PORTOBS	e:fp:flow:630633a4892c:port:tcp:17116	flow:630633a4892c → port:tcp:17116
flow_observed5-aryOBS	e:fo:flow:6f75171cd09c	flow:6f75171cd09c → host:45.173.156.77 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2235ad305872b9c2:host:172.234.197.23:host:131.196.29.125	SESSION-2235ad305872b9c2 → host:172.234.197.23 → host:131.196.29.125
flow_observed5-aryOBS	e:fo:flow:9136a00be2e6	flow:9136a00be2e6 → host:177.10.238.11 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-836e4ff4bdb8da04:host:131.196.28.185	SESSION-836e4ff4bdb8da04 → host:131.196.28.185
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.26:geo_41.02140_28.99480	host:31.40.196.26 → geo_41.02140_28.99480
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-07139a9423b3d79f:flow:094031b5c080	SESSION-07139a9423b3d79f → flow:094031b5c080
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-517e17fbfcdc9eaf:host:177.10.239.165	SESSION-517e17fbfcdc9eaf → host:177.10.239.165
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-6a19fd3219cd89ed:SESSION-6a19fd3219cd89ed	SESSION-6a19fd3219cd89ed → pe:rst:SESSION-6a19fd3219cd89ed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99e2981b3b5fa520:host:177.10.239.252	SESSION-99e2981b3b5fa520 → host:177.10.239.252
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ab491f454947df2e:SESSION-ab491f454947df2e	SESSION-ab491f454947df2e → pe:tls:SESSION-ab491f454947df2e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f8396d269748cb9c:PCAP:capture_20260430160001:9bfa4498506a	SESSION-f8396d269748cb9c → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:eb46c0750072:port:tcp:443	flow:eb46c0750072 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:a34c53113814:port:tcp:443	flow:a34c53113814 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aa8465f08de511a2:SESSION-aa8465f08de511a2	SESSION-aa8465f08de511a2 → pe:syn:SESSION-aa8465f08de511a2
flow_observed4-aryOBS	e:fo:flow:047e3c08925c	flow:047e3c08925c → host:172.234.197.23 → host:177.10.237.120 → port:tcp:41027
FLOW_TO_HOSTOBS	e:to:SESSION-a7a354b1ade71f9e:host:172.234.197.23	SESSION-a7a354b1ade71f9e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a810a8703b9c77f1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a810a8703b9c77f1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21640db65210a47d:host:131.196.28.93	SESSION-21640db65210a47d → host:131.196.28.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a60794a5b314271e:SESSION-a60794a5b314271e	SESSION-a60794a5b314271e → pe:syn:SESSION-a60794a5b314271e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f29ae4ea1d6d03ed:PCAP:capture_20260430110001:43611bdf6759	SESSION-f29ae4ea1d6d03ed → PCAP:capture_20260430110001:43611bdf6759
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.84:geo_-16.28860_-49.01640	host:177.10.236.84 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d36b613f081e74cb:host:177.10.239.106	SESSION-d36b613f081e74cb → host:177.10.239.106
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-438fb49dfab0fe81:host:177.10.236.238:host:172.234.197.23	SESSION-438fb49dfab0fe81 → host:177.10.236.238 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6fea2a5b83daabbc:SESSION-6fea2a5b83daabbc	SESSION-6fea2a5b83daabbc → pe:tls:SESSION-6fea2a5b83daabbc
FLOW_DST_PORTOBS	e:fp:flow:e17d73ea5b92:port:tcp:443	flow:e17d73ea5b92 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.12:geo_-16.28860_-49.01640	host:177.10.235.12 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-3f928c0ad9f6130d:host:131.196.30.92	SESSION-3f928c0ad9f6130d → host:131.196.30.92
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7679fd0fd118c12e:SESSION-7679fd0fd118c12e	SESSION-7679fd0fd118c12e → pe:tls:SESSION-7679fd0fd118c12e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1e2a6d6aa009e10c:flow:18b935d78c07	SESSION-1e2a6d6aa009e10c → flow:18b935d78c07
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.74:asn:262880	host:177.10.235.74 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f8f919bfd11f34b:host:172.234.197.23	SESSION-8f8f919bfd11f34b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:dce69c8399be	flow:dce69c8399be → host:131.196.30.20 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9b95e1310dc4ff34:host:172.234.197.23	SESSION-9b95e1310dc4ff34 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-79ceb7ef9cce8d79:SESSION-79ceb7ef9cce8d79	SESSION-79ceb7ef9cce8d79 → pe:syn:SESSION-79ceb7ef9cce8d79
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.110:geo_-16.28860_-49.01640	host:177.10.237.110 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-11723453546179ac:SESSION-11723453546179ac	SESSION-11723453546179ac → pe:tls:SESSION-11723453546179ac
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3944d5014504521:host:37.221.79.250	SESSION-e3944d5014504521 → host:37.221.79.250
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cbc08c1422c92ccf:flow:fc58fb73a310	SESSION-cbc08c1422c92ccf → flow:fc58fb73a310
FLOW_FROM_HOSTOBS	e:from:SESSION-b7792ff6d5e7124a:host:172.234.197.23	SESSION-b7792ff6d5e7124a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-259d89cf1511dc5c:flow:e45fb223a813	SESSION-259d89cf1511dc5c → flow:e45fb223a813
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f0699d4f0c2d48e:host:103.155.16.117	SESSION-9f0699d4f0c2d48e → host:103.155.16.117
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d077f88c61181481:host:177.10.238.179:host:172.234.197.23	SESSION-d077f88c61181481 → host:177.10.238.179 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77abcf8d7f3aee2e:host:172.234.197.23	SESSION-77abcf8d7f3aee2e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aa51bce6270c7d63:PCAP:capture_20260430070001:903a0e7a436b	SESSION-aa51bce6270c7d63 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed4-aryOBS	e:fo:flow:2ed28a4071d9	flow:2ed28a4071d9 → host:172.234.197.23 → host:131.196.28.115 → port:tcp:1727
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bee309b4d5047c7d:host:172.234.197.23	SESSION-bee309b4d5047c7d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-581b4c1bc6ff5f0b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-581b4c1bc6ff5f0b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.221:geo_-23.62930_-46.63510	host:131.196.28.221 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-07d653be0b30b2f4:SESSION-07d653be0b30b2f4	SESSION-07d653be0b30b2f4 → pe:rst:SESSION-07d653be0b30b2f4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.176:asn:262880	host:177.10.234.176 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7d6af4ef287316d5:host:172.234.197.23:host:177.10.238.190	SESSION-7d6af4ef287316d5 → host:172.234.197.23 → host:177.10.238.190
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-57092e6ea3a8c881:flow:d8e075f82077	SESSION-57092e6ea3a8c881 → flow:d8e075f82077
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-91919daf8511716e:host:172.234.197.23	SESSION-91919daf8511716e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:767b7fbc3076:port:udp:53	flow:767b7fbc3076 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-359d98e6d1200746:host:172.234.197.23	SESSION-359d98e6d1200746 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0afc12079a05a1b1:host:95.170.25.105:host:172.234.197.23	SESSION-0afc12079a05a1b1 → host:95.170.25.105 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6944fe230f08618b:flow:a3872eabdf69	SESSION-6944fe230f08618b → flow:a3872eabdf69
FLOW_DST_PORTOBS	e:fp:flow:6b63ea10f9bb:port:tcp:443	flow:6b63ea10f9bb → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-84a1a640eb0d0e14:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-84a1a640eb0d0e14 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-5ed34bf9fded9d68:host:131.196.30.207	SESSION-5ed34bf9fded9d68 → host:131.196.30.207
flow_observed4-aryOBS	e:fo:flow:e41cd30fc843	flow:e41cd30fc843 → host:172.234.197.23 → host:131.196.29.166 → port:tcp:5426
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-67e118b3ac1b9481:SESSION-67e118b3ac1b9481	SESSION-67e118b3ac1b9481 → pe:syn:SESSION-67e118b3ac1b9481
FLOW_TLS_SNIOBS	e:fs:flow:2c26000380dd:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:2c26000380dd → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-a137096eda6236d7:host:177.10.238.107	SESSION-a137096eda6236d7 → host:177.10.238.107
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a137096eda6236d7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-a137096eda6236d7 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ad7d874b9cd6bce1:SESSION-ad7d874b9cd6bce1	SESSION-ad7d874b9cd6bce1 → pe:syn:SESSION-ad7d874b9cd6bce1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-394efd35512401c0:host:177.10.238.186	SESSION-394efd35512401c0 → host:177.10.238.186
flow_observed5-aryOBS	e:fo:flow:0f0f83dc6341	flow:0f0f83dc6341 → host:177.10.238.23 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b045e9fec039082:PCAP:capture_20260430110001:43611bdf6759	SESSION-5b045e9fec039082 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:f0a67aad54e3	flow:f0a67aad54e3 → host:177.10.234.172 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-e5490e36eb363059:BSG-BEACON-9c6d26db7621	SESSION-e5490e36eb363059 → BSG-BEACON-9c6d26db7621
FLOW_FROM_HOSTOBS	e:from:SESSION-ce047c01fb54580f:host:172.234.197.23	SESSION-ce047c01fb54580f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2384be4238de1707:SESSION-2384be4238de1707	SESSION-2384be4238de1707 → pe:syn:SESSION-2384be4238de1707
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1aa0d90742fe552:host:172.234.197.23	SESSION-e1aa0d90742fe552 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6a72e7bc5d973ed2:SESSION-6a72e7bc5d973ed2	SESSION-6a72e7bc5d973ed2 → pe:syn:SESSION-6a72e7bc5d973ed2
FLOW_DST_PORTOBS	e:fp:flow:98c03e37a107:port:tcp:628	flow:98c03e37a107 → port:tcp:628
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-83f081267b847a58:SESSION-83f081267b847a58	SESSION-83f081267b847a58 → pe:syn:SESSION-83f081267b847a58
FLOW_TO_HOSTOBS	e:to:SESSION-a87c967af45101a2:host:172.234.197.23	SESSION-a87c967af45101a2 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:65cc5b5651c1	flow:65cc5b5651c1 → host:172.234.197.23 → host:177.10.236.12 → port:tcp:14074
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1362b7f51908925c:host:131.196.29.237	SESSION-1362b7f51908925c → host:131.196.29.237
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-786e34aed7c64f61:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-786e34aed7c64f61 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1052ae798d70afda:host:172.234.197.23	SESSION-1052ae798d70afda → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-775ba1157917a355:host:172.234.197.23	SESSION-775ba1157917a355 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19009ef53e5ab2ef:host:172.234.197.23	SESSION-19009ef53e5ab2ef → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-02836b6eb824cc45:host:172.234.197.23	SESSION-02836b6eb824cc45 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-70cb56f6bea3d067:PCAP:capture_20260430070001:903a0e7a436b	SESSION-70cb56f6bea3d067 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-5816b4a8f681ef76:BSG-BEACON-c94af3055994	SESSION-5816b4a8f681ef76 → BSG-BEACON-c94af3055994
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.231:asn:203771	host:185.231.226.231 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:22aa90f0cf17:port:tcp:443	flow:22aa90f0cf17 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.225:geo_-23.62930_-46.63510	host:131.196.31.225 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-912ea161e3e6ffdc:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-912ea161e3e6ffdc → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1739bca4a014ab7e:flow:63dc30cb124f	SESSION-1739bca4a014ab7e → flow:63dc30cb124f
FLOW_DST_PORTOBS	e:fp:flow:edb17132cf14:port:tcp:443	flow:edb17132cf14 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f55570dc615df23a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f55570dc615df23a → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-35dc83e37639d031:flow:f0f010e38ebe	SESSION-35dc83e37639d031 → flow:f0f010e38ebe
FLOW_DST_PORTOBS	e:fp:flow:550413e8132d:port:tcp:443	flow:550413e8132d → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-de7198c98f7f92ee:host:172.234.197.23	SESSION-de7198c98f7f92ee → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d1075bb458d3b18a:host:172.234.197.23	SESSION-d1075bb458d3b18a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.163:geo_-16.28860_-49.01640	host:177.10.237.163 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f1e9c5398b5e18f4:SESSION-f1e9c5398b5e18f4	SESSION-f1e9c5398b5e18f4 → pe:tls:SESSION-f1e9c5398b5e18f4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-192cf58c18726bf1:SESSION-192cf58c18726bf1	SESSION-192cf58c18726bf1 → pe:syn:SESSION-192cf58c18726bf1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-417f532a2a507181:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-417f532a2a507181 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d69d721ba9bae694:host:172.234.197.23:host:177.10.237.172	SESSION-d69d721ba9bae694 → host:172.234.197.23 → host:177.10.237.172
flow_observed5-aryOBS	e:fo:flow:e49717db3c30	flow:e49717db3c30 → host:177.10.233.238 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-72a654eac2136215:SESSION-72a654eac2136215	SESSION-72a654eac2136215 → pe:tls:SESSION-72a654eac2136215
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-f7bf570ae8905fff:BSG-DATA_EXFIL-285b6c55c60f	SESSION-f7bf570ae8905fff → BSG-DATA_EXFIL-285b6c55c60f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.153:geo_-16.28860_-49.01640	host:177.10.239.153 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-fe22df31c35f787d:host:45.173.156.110	SESSION-fe22df31c35f787d → host:45.173.156.110
flow_observed4-aryOBS	e:fo:flow:07d8a2b430bf	flow:07d8a2b430bf → host:172.234.197.23 → host:45.148.10.151 → port:tcp:13868
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ae747b0389dd0111:SESSION-ae747b0389dd0111	SESSION-ae747b0389dd0111 → pe:tls:SESSION-ae747b0389dd0111
FLOW_DST_PORTOBS	e:fp:flow:1b72c9d06898:port:tcp:443	flow:1b72c9d06898 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-96c13a83414ab25f:host:172.234.197.23	SESSION-96c13a83414ab25f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4d75f253e125	flow:4d75f253e125 → host:177.10.236.26 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ed8e90a0efd647ab:host:177.10.239.242:host:172.234.197.23	SESSION-ed8e90a0efd647ab → host:177.10.239.242 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5e816643ff0559e8:host:172.234.197.23	SESSION-5e816643ff0559e8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:af7a09bb9bc0	flow:af7a09bb9bc0 → host:131.196.29.229 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5c3d3f3d87b7f1a0:flow:b0278ad8054c	SESSION-5c3d3f3d87b7f1a0 → flow:b0278ad8054c
flow_observed4-aryOBS	e:fo:flow:041d6c0ffc77	flow:041d6c0ffc77 → host:172.234.197.23 → host:177.10.239.28 → port:tcp:62507
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-685011adf9d67a1b:host:131.196.29.230:host:172.234.197.23	SESSION-685011adf9d67a1b → host:131.196.29.230 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-919ba311fe0cedbc:host:131.196.30.64	SESSION-919ba311fe0cedbc → host:131.196.30.64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4883770547012399:host:45.173.156.129	SESSION-4883770547012399 → host:45.173.156.129
flow_observed5-aryOBS	e:fo:flow:76a18fca6382	flow:76a18fca6382 → host:45.173.156.240 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-175dd6ba51fb3cf7:host:131.196.30.70	SESSION-175dd6ba51fb3cf7 → host:131.196.30.70
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8d8e16e7f7cb138:host:172.234.197.23:host:177.10.237.147	SESSION-c8d8e16e7f7cb138 → host:172.234.197.23 → host:177.10.237.147
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa09fbb5e640ff94:SESSION-aa09fbb5e640ff94	SESSION-aa09fbb5e640ff94 → pe:tls:SESSION-aa09fbb5e640ff94
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.75:geo_-23.62930_-46.63510	host:131.196.30.75 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-469f9efa6316e344:SESSION-469f9efa6316e344	SESSION-469f9efa6316e344 → pe:rst:SESSION-469f9efa6316e344
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.156:asn:262880	host:177.10.238.156 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e8a6e8a4db8ac534:PCAP:capture_20260430080001:93f47cc296a4	SESSION-e8a6e8a4db8ac534 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed4-aryOBS	e:fo:flow:c75999244606	flow:c75999244606 → host:172.234.197.23 → host:177.10.235.122 → port:tcp:49886
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f32bbf866d49408:host:131.196.29.15	SESSION-2f32bbf866d49408 → host:131.196.29.15
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f07097ffc1d464e5:SESSION-f07097ffc1d464e5	SESSION-f07097ffc1d464e5 → pe:syn:SESSION-f07097ffc1d464e5
flow_observed5-aryOBS	e:fo:flow:ab0c50a1d4b1	flow:ab0c50a1d4b1 → host:45.173.156.117 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:01b815de05a8:port:tcp:443	flow:01b815de05a8 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:07c3682d867a:port:tcp:443	flow:07c3682d867a → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:37482c18bec6:port:tcp:51371	flow:37482c18bec6 → port:tcp:51371
FLOW_DST_PORTOBS	e:fp:flow:bf0c197d9e2b:port:tcp:443	flow:bf0c197d9e2b → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.149:geo_-21.10010_-41.69200	host:45.173.156.149 → geo_-21.10010_-41.69200
FLOW_FROM_HOSTOBS	e:from:SESSION-d5ac91adedbe1ec7:host:172.234.197.23	SESSION-d5ac91adedbe1ec7 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:58f5f0dbd944	flow:58f5f0dbd944 → host:177.10.234.199 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aad95c97a46f4b66:flow:eeb33d8aed7d	SESSION-aad95c97a46f4b66 → flow:eeb33d8aed7d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d2ec4538209fcf12:flow:d7fca1740005	SESSION-d2ec4538209fcf12 → flow:d7fca1740005
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44cdc048c80875b5:host:177.10.238.20	SESSION-44cdc048c80875b5 → host:177.10.238.20
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1848195311cbff19:host:177.10.235.111:host:172.234.197.23	SESSION-1848195311cbff19 → host:177.10.235.111 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-41f0125815f54041:SESSION-41f0125815f54041	SESSION-41f0125815f54041 → pe:syn:SESSION-41f0125815f54041
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9ea69d35daebb9b8:host:177.10.238.177:host:172.234.197.23	SESSION-9ea69d35daebb9b8 → host:177.10.238.177 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d384de4bfeb31c0:flow:91131826770f	SESSION-1d384de4bfeb31c0 → flow:91131826770f
flow_observed5-aryOBS	e:fo:flow:216c4b2f40af	flow:216c4b2f40af → host:131.196.30.126 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TLS_SNIOBS	e:fs:flow:9eff1d4678ce:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:9eff1d4678ce → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b99a2a75b4ae9e98:SESSION-b99a2a75b4ae9e98	SESSION-b99a2a75b4ae9e98 → pe:syn:SESSION-b99a2a75b4ae9e98
FLOW_DST_PORTOBS	e:fp:flow:68d41f876fc0:port:tcp:443	flow:68d41f876fc0 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-168c4e3df9119bba:flow:01417a6aeccd	SESSION-168c4e3df9119bba → flow:01417a6aeccd
FLOW_TO_HOSTOBS	e:to:SESSION-ad4db4cca9d566af:host:172.234.197.23	SESSION-ad4db4cca9d566af → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8fbc053aa21c3a10:host:131.196.31.225	SESSION-8fbc053aa21c3a10 → host:131.196.31.225
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e8a9e43c374485d:host:172.234.197.23	SESSION-9e8a9e43c374485d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-68ee3afa191e6305:SESSION-68ee3afa191e6305	SESSION-68ee3afa191e6305 → pe:syn:SESSION-68ee3afa191e6305
FLOW_TO_HOSTOBS	e:to:SESSION-e73771addca62c13:host:172.234.197.23	SESSION-e73771addca62c13 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ea2b78fffe48f844:SESSION-ea2b78fffe48f844	SESSION-ea2b78fffe48f844 → pe:syn:SESSION-ea2b78fffe48f844
FLOW_DST_PORTOBS	e:fp:flow:869e0dc0fb92:port:tcp:443	flow:869e0dc0fb92 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d27008d937f2d8be:PCAP:capture_20260430060001:919b39a74464	SESSION-d27008d937f2d8be → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fe1d6d23886f083a:SESSION-fe1d6d23886f083a	SESSION-fe1d6d23886f083a → pe:syn:SESSION-fe1d6d23886f083a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e77787f9a5bab711:SESSION-e77787f9a5bab711	SESSION-e77787f9a5bab711 → pe:tls:SESSION-e77787f9a5bab711
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4af5e0493e3bd78c:SESSION-4af5e0493e3bd78c	SESSION-4af5e0493e3bd78c → pe:tls:SESSION-4af5e0493e3bd78c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-24763432928200fc:SESSION-24763432928200fc	SESSION-24763432928200fc → pe:syn:SESSION-24763432928200fc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be67080b9ae14b48:host:172.234.197.23	SESSION-be67080b9ae14b48 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7569a7ee383f653c:host:172.234.197.23	SESSION-7569a7ee383f653c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-301cccab595ff1f6:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-301cccab595ff1f6 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1848195311cbff19:host:172.234.197.23	SESSION-1848195311cbff19 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-23264de44b7cb73c:SESSION-23264de44b7cb73c	SESSION-23264de44b7cb73c → pe:tls:SESSION-23264de44b7cb73c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ef849695f946a5ec:flow:bc3157f5d3c6	SESSION-ef849695f946a5ec → flow:bc3157f5d3c6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.207:geo_-16.28860_-49.01640	host:177.10.232.207 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2def334ee7bae1e1:PCAP:capture_20260430070001:903a0e7a436b	SESSION-2def334ee7bae1e1 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-141e3c6c8d153d1d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-141e3c6c8d153d1d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:e7662d06a0dc	flow:e7662d06a0dc → host:177.10.233.65 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-e1f0a324b14316cd:host:177.10.239.221	SESSION-e1f0a324b14316cd → host:177.10.239.221
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-828db1ebc34fa50a:host:172.234.197.23:host:177.10.233.249	SESSION-828db1ebc34fa50a → host:172.234.197.23 → host:177.10.233.249
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f879597a466f9080:host:172.234.197.23	SESSION-f879597a466f9080 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8cb5f38c68f62897:host:172.234.197.23	SESSION-8cb5f38c68f62897 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-587cecb9c2d65d84:flow:425a0fcde4d7	SESSION-587cecb9c2d65d84 → flow:425a0fcde4d7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b31cf1240fb1e101:host:177.10.237.129	SESSION-b31cf1240fb1e101 → host:177.10.237.129
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fc5634306e23209a:SESSION-fc5634306e23209a	SESSION-fc5634306e23209a → pe:syn:SESSION-fc5634306e23209a
FLOW_DST_PORTOBS	e:fp:flow:bba78eddc048:port:tcp:443	flow:bba78eddc048 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.68:asn:203771	host:92.112.71.68 → asn:203771
FLOW_TO_HOSTOBS	e:to:SESSION-4d4d7fb155f65fdf:host:172.234.197.23	SESSION-4d4d7fb155f65fdf → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e13a35a59d4e8cb3:flow:4cf92a078305	SESSION-e13a35a59d4e8cb3 → flow:4cf92a078305
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9cb4473bd3389dab:SESSION-9cb4473bd3389dab	SESSION-9cb4473bd3389dab → pe:syn:SESSION-9cb4473bd3389dab
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e0d73c88dd83fb6:host:177.10.233.53	SESSION-9e0d73c88dd83fb6 → host:177.10.233.53
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f879597a466f9080:PCAP:capture_20260430060001:919b39a74464	SESSION-f879597a466f9080 → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:171729e27d1d	flow:171729e27d1d → host:131.196.31.47 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d0a19698769d1246:SESSION-d0a19698769d1246	SESSION-d0a19698769d1246 → pe:tls:SESSION-d0a19698769d1246
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-33fdac1ad6f47ac8:SESSION-33fdac1ad6f47ac8	SESSION-33fdac1ad6f47ac8 → pe:syn:SESSION-33fdac1ad6f47ac8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1c5519b0e5712e1e:PCAP:capture_20260430070001:903a0e7a436b	SESSION-1c5519b0e5712e1e → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e88ec164d738844a:host:185.236.240.137:host:172.234.197.23	SESSION-e88ec164d738844a → host:185.236.240.137 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-489ca31c7f776997:host:131.196.29.177	SESSION-489ca31c7f776997 → host:131.196.29.177
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b2dec3faf198ca60:SESSION-b2dec3faf198ca60	SESSION-b2dec3faf198ca60 → pe:tls:SESSION-b2dec3faf198ca60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4341cc9426e2382:host:172.234.197.23	SESSION-d4341cc9426e2382 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-216df7510915a954:host:177.10.236.176	SESSION-216df7510915a954 → host:177.10.236.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14cb036847147428:host:172.234.197.23	SESSION-14cb036847147428 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e25cb7cb2181:port:tcp:443	flow:e25cb7cb2181 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fb971e48f4a1e66e:SESSION-fb971e48f4a1e66e	SESSION-fb971e48f4a1e66e → pe:syn:SESSION-fb971e48f4a1e66e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a18dc2bb6be0117f:flow:6ee3ad6330b5	SESSION-a18dc2bb6be0117f → flow:6ee3ad6330b5
FLOW_DST_PORTOBS	e:fp:flow:97e08a6b4ec8:port:tcp:443	flow:97e08a6b4ec8 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-d42f41260fbe7c09:host:177.10.234.37	SESSION-d42f41260fbe7c09 → host:177.10.234.37
FLOW_TO_HOSTOBS	e:to:SESSION-140ad048b49f1a57:host:172.234.197.23	SESSION-140ad048b49f1a57 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8b082affabc66a77:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8b082affabc66a77 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:32a84ee85b0b	flow:32a84ee85b0b → host:177.10.238.146 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-c73d5dfb4b98c8a4:host:172.234.197.23	SESSION-c73d5dfb4b98c8a4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fab752fe97090e4a:host:177.10.238.135	SESSION-fab752fe97090e4a → host:177.10.238.135
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eec2a7691ff15afc:host:131.196.31.197:host:172.234.197.23	SESSION-eec2a7691ff15afc → host:131.196.31.197 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c98a634aa4cfbed2:host:172.234.197.23	SESSION-c98a634aa4cfbed2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e2ecbcecdc44a459:flow:40caed145d6b	SESSION-e2ecbcecdc44a459 → flow:40caed145d6b
FLOW_TO_HOSTOBS	e:to:SESSION-8dbd1afb05a3a814:host:45.173.156.228	SESSION-8dbd1afb05a3a814 → host:45.173.156.228
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6081275b2fa04e5c:host:116.235.165.166	SESSION-6081275b2fa04e5c → host:116.235.165.166
FLOW_FROM_HOSTOBS	e:from:SESSION-20dfde969676b329:host:172.234.197.23	SESSION-20dfde969676b329 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1628bbd64c13f5a:host:131.196.28.235	SESSION-a1628bbd64c13f5a → host:131.196.28.235
FLOW_TO_HOSTOBS	e:to:SESSION-b53dcb5377a03d44:host:172.234.197.23	SESSION-b53dcb5377a03d44 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01fb4d6a9472c8c7:host:172.234.197.23	SESSION-01fb4d6a9472c8c7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0f20859a8cab5c7a:host:172.234.197.23:host:177.10.232.104	SESSION-0f20859a8cab5c7a → host:172.234.197.23 → host:177.10.232.104
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-88ff33eaa18cf09d:host:177.10.235.97:host:172.234.197.23	SESSION-88ff33eaa18cf09d → host:177.10.235.97 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-26a93711200ab02b:host:177.10.236.43	SESSION-26a93711200ab02b → host:177.10.236.43
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b4d5ec492dcde12c:SESSION-b4d5ec492dcde12c	SESSION-b4d5ec492dcde12c → pe:syn:SESSION-b4d5ec492dcde12c
FLOW_TO_HOSTOBS	e:to:SESSION-6081275b2fa04e5c:host:172.234.197.23	SESSION-6081275b2fa04e5c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b996ef900842:port:tcp:443	flow:b996ef900842 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:e4145940b979:port:tcp:443	flow:e4145940b979 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-10ba6936b0af1959:host:131.196.31.238	SESSION-10ba6936b0af1959 → host:131.196.31.238
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.136:geo_-23.62930_-46.63510	host:131.196.31.136 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-1065c42d5133f02c:host:131.196.31.235	SESSION-1065c42d5133f02c → host:131.196.31.235
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-361b290e75b75885:host:172.234.197.23	SESSION-361b290e75b75885 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-079ef1e0e1e74623:host:177.10.237.94:host:172.234.197.23	SESSION-079ef1e0e1e74623 → host:177.10.237.94 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d0f919734488d0b:host:172.234.197.23	SESSION-5d0f919734488d0b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b304bd763b72b95f:flow:5ad2ff1940be	SESSION-b304bd763b72b95f → flow:5ad2ff1940be
HOST_IN_ASNOBS 85%	e:ha:host:54.218.65.249:asn:16509	host:54.218.65.249 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9eda278d49363b57:host:172.234.197.23	SESSION-9eda278d49363b57 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-92fb186a1f8eeacc:host:177.10.232.253	SESSION-92fb186a1f8eeacc → host:177.10.232.253
FLOW_DST_PORTOBS	e:fp:flow:5ba485b7e96f:port:tcp:443	flow:5ba485b7e96f → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dfd5cbc4ed1c485c:host:172.234.197.23:host:177.10.234.166	SESSION-dfd5cbc4ed1c485c → host:172.234.197.23 → host:177.10.234.166
FLOW_FROM_HOSTOBS	e:from:SESSION-c1429c4885068b09:host:177.10.236.8	SESSION-c1429c4885068b09 → host:177.10.236.8
FLOW_FROM_HOSTOBS	e:from:SESSION-8982cb545b77cb1a:host:131.196.30.83	SESSION-8982cb545b77cb1a → host:131.196.30.83
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1ed5736d80d2991:host:172.234.197.23	SESSION-b1ed5736d80d2991 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eadf7b6ccdd54c7f:SESSION-eadf7b6ccdd54c7f	SESSION-eadf7b6ccdd54c7f → pe:syn:SESSION-eadf7b6ccdd54c7f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-21de16798668b3a8:SESSION-21de16798668b3a8	SESSION-21de16798668b3a8 → pe:syn:SESSION-21de16798668b3a8
FLOW_FROM_HOSTOBS	e:from:SESSION-db60e018ea4d304a:host:131.196.28.0	SESSION-db60e018ea4d304a → host:131.196.28.0
flow_observed4-aryOBS	e:fo:flow:e6b5909bb3b3	flow:e6b5909bb3b3 → host:172.234.197.23 → host:177.10.236.134 → port:tcp:44183
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-49b6ef2582cca14b:SESSION-49b6ef2582cca14b	SESSION-49b6ef2582cca14b → pe:syn:SESSION-49b6ef2582cca14b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-30c6bfe2ed3a5bca:flow:cd8bcd725224	SESSION-30c6bfe2ed3a5bca → flow:cd8bcd725224
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b308d2f7d4fdfaa:host:177.10.237.190	SESSION-7b308d2f7d4fdfaa → host:177.10.237.190
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1462f3fe112e9d96:host:131.196.30.131	SESSION-1462f3fe112e9d96 → host:131.196.30.131
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ed37df036f91c955:PCAP:capture_20260430160001:9bfa4498506a	SESSION-ed37df036f91c955 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3560085925cb3717:PCAP:capture_20260430080001:93f47cc296a4	SESSION-3560085925cb3717 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:3c2314f862f2:port:tcp:80	flow:3c2314f862f2 → port:tcp:80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5d1f774a6af2df76:host:177.10.237.159:host:172.234.197.23	SESSION-5d1f774a6af2df76 → host:177.10.237.159 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-66746867faa9cf3c:host:177.10.237.117	SESSION-66746867faa9cf3c → host:177.10.237.117
FLOW_TO_HOSTOBS	e:to:SESSION-c54bf7ef52fb715c:host:172.234.197.23	SESSION-c54bf7ef52fb715c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8247aea4532236dc:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8247aea4532236dc → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-7926734d1890078a:host:177.10.234.221	SESSION-7926734d1890078a → host:177.10.234.221
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2d93e5dd98af62cc:flow:17dcf413c382	SESSION-2d93e5dd98af62cc → flow:17dcf413c382
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:104.28.202.80:geo_29.75390_-95.35900	host:104.28.202.80 → geo_29.75390_-95.35900
flow_observed5-aryOBS	e:fo:flow:b4499b53d392	flow:b4499b53d392 → host:177.10.239.145 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.254:asn:262880	host:177.10.232.254 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ce92926e8e7d59d2:SESSION-ce92926e8e7d59d2	SESSION-ce92926e8e7d59d2 → pe:syn:SESSION-ce92926e8e7d59d2
FLOW_FROM_HOSTOBS	e:from:SESSION-ce6819df966f00de:host:177.10.237.161	SESSION-ce6819df966f00de → host:177.10.237.161
HOST_IN_ASNOBS 85%	e:ha:host:43.196.122.133:asn:55960	host:43.196.122.133 → asn:55960
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-077a58eb2518fab4:flow:576c55007fd6	SESSION-077a58eb2518fab4 → flow:576c55007fd6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-acf0f47433b56858:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-acf0f47433b56858 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a3e5e93fe3cda49d:SESSION-a3e5e93fe3cda49d	SESSION-a3e5e93fe3cda49d → pe:syn:SESSION-a3e5e93fe3cda49d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7377b91dd9eda5d9:SESSION-7377b91dd9eda5d9	SESSION-7377b91dd9eda5d9 → pe:tls:SESSION-7377b91dd9eda5d9
FLOW_DST_PORTOBS	e:fp:flow:483269fa81d1:port:tcp:25448	flow:483269fa81d1 → port:tcp:25448
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47acb5bee39822f1:host:177.10.239.18	SESSION-47acb5bee39822f1 → host:177.10.239.18
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.207:asn:262880	host:177.10.236.207 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3573d87c5a129f8e:host:177.10.232.63	SESSION-3573d87c5a129f8e → host:177.10.232.63
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-136356e88c69bcaa:host:172.234.197.23	SESSION-136356e88c69bcaa → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-92f84fab5bd8e0c8:host:177.10.238.235:host:172.234.197.23	SESSION-92f84fab5bd8e0c8 → host:177.10.238.235 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0014b04a4a7ef99:host:131.196.28.211	SESSION-c0014b04a4a7ef99 → host:131.196.28.211
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9582152c6f7e826d:SESSION-9582152c6f7e826d	SESSION-9582152c6f7e826d → pe:syn:SESSION-9582152c6f7e826d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-27d66e2c1260cc5f:SESSION-27d66e2c1260cc5f	SESSION-27d66e2c1260cc5f → pe:tls:SESSION-27d66e2c1260cc5f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-205f7c84653f0fb6:host:131.196.29.4:host:172.234.197.23	SESSION-205f7c84653f0fb6 → host:131.196.29.4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-44a6b99289a2f8de:host:177.10.239.227:host:172.234.197.23	SESSION-44a6b99289a2f8de → host:177.10.239.227 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c76cb7a55699fff8:host:131.196.29.145	SESSION-c76cb7a55699fff8 → host:131.196.29.145
FLOW_TO_HOSTOBS	e:to:SESSION-122a5b909d033cbb:host:172.234.197.23	SESSION-122a5b909d033cbb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7792ff6d5e7124a:host:172.234.197.23	SESSION-b7792ff6d5e7124a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e6bf46c9eec8f990:host:177.10.237.89	SESSION-e6bf46c9eec8f990 → host:177.10.237.89
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f1e2986117d2a1f:host:177.10.238.163	SESSION-3f1e2986117d2a1f → host:177.10.238.163
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-07dfdeddccca16ee:SESSION-07dfdeddccca16ee	SESSION-07dfdeddccca16ee → pe:tls:SESSION-07dfdeddccca16ee
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-394efd35512401c0:host:177.10.238.186:host:172.234.197.23	SESSION-394efd35512401c0 → host:177.10.238.186 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.41:geo_-16.28860_-49.01640	host:177.10.236.41 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b792e9866f7563b8:host:177.10.235.95	SESSION-b792e9866f7563b8 → host:177.10.235.95
flow_observed5-aryOBS	e:fo:flow:0d33aea872dc	flow:0d33aea872dc → host:177.10.233.119 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:cc297f1cad64:port:tcp:47560	flow:cc297f1cad64 → port:tcp:47560
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ac0f4c4f1d3b1c15:flow:bf0c197d9e2b	SESSION-ac0f4c4f1d3b1c15 → flow:bf0c197d9e2b
FLOW_FROM_HOSTOBS	e:from:SESSION-4ef3ba231e3ca4d6:host:31.40.196.199	SESSION-4ef3ba231e3ca4d6 → host:31.40.196.199
flow_observed5-aryOBS	e:fo:flow:631582c4148b	flow:631582c4148b → host:104.28.202.77 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ce9448c6704b565d:flow:185e96127559	SESSION-ce9448c6704b565d → flow:185e96127559
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.200:asn:262880	host:177.10.239.200 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.161:asn:271410	host:131.196.31.161 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-35fc058c4fe240ad:SESSION-35fc058c4fe240ad	SESSION-35fc058c4fe240ad → pe:syn:SESSION-35fc058c4fe240ad
FLOW_TO_HOSTOBS	e:to:SESSION-6aca00d0413062e5:host:172.234.197.23	SESSION-6aca00d0413062e5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0414bb340c93930b:SESSION-0414bb340c93930b	SESSION-0414bb340c93930b → pe:syn:SESSION-0414bb340c93930b
FLOW_FROM_HOSTOBS	e:from:SESSION-1863330d3e94cce5:host:172.234.197.23	SESSION-1863330d3e94cce5 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5271c61bb9ad	flow:5271c61bb9ad → host:177.10.238.102 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49f6aac001a41393:host:172.234.197.23	SESSION-49f6aac001a41393 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-019d89e6bcaa6e4e:SESSION-019d89e6bcaa6e4e	SESSION-019d89e6bcaa6e4e → pe:syn:SESSION-019d89e6bcaa6e4e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.253:asn:262880	host:177.10.235.253 → asn:262880
flow_observed4-aryOBS	e:fo:flow:67bdaa37076f	flow:67bdaa37076f → host:172.234.197.23 → host:177.10.237.254 → port:tcp:52831
FLOW_TO_HOSTOBS	e:to:SESSION-9962740ce107c36d:host:172.234.197.23	SESSION-9962740ce107c36d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.58:asn:262880	host:177.10.235.58 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-91196c5d66e04f5c:host:177.10.237.236:host:172.234.197.23	SESSION-91196c5d66e04f5c → host:177.10.237.236 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2e4cb96e9954f000:flow:926143b4e410	SESSION-2e4cb96e9954f000 → flow:926143b4e410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-54c75738c2308981:PCAP:capture_20260430070001:903a0e7a436b	SESSION-54c75738c2308981 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:70dd50a07339:port:tcp:443	flow:70dd50a07339 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-620284e2b3f3a282:SESSION-620284e2b3f3a282	SESSION-620284e2b3f3a282 → pe:tls:SESSION-620284e2b3f3a282
FLOW_FROM_HOSTOBS	e:from:SESSION-59a5b7880376a89f:host:92.112.71.109	SESSION-59a5b7880376a89f → host:92.112.71.109
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f5bb0fb568e127c0:host:172.234.197.23:host:177.10.238.102	SESSION-f5bb0fb568e127c0 → host:172.234.197.23 → host:177.10.238.102
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5cc5078bf4d23558:host:45.145.152.195:host:172.234.197.23	SESSION-5cc5078bf4d23558 → host:45.145.152.195 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:1a13868d230b	flow:1a13868d230b → host:172.234.197.23 → host:177.10.232.60 → port:tcp:24472
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.48:asn:271410	host:131.196.31.48 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cfbd2e877e86cd2a:SESSION-cfbd2e877e86cd2a	SESSION-cfbd2e877e86cd2a → pe:syn:SESSION-cfbd2e877e86cd2a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96cc205c664fccab:PCAP:capture_20260430150001:ded20914761d	SESSION-96cc205c664fccab → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.205:geo_-16.28860_-49.01640	host:177.10.239.205 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f53fdd8a51294c3d:host:45.173.156.71	SESSION-f53fdd8a51294c3d → host:45.173.156.71
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3839adbba9942939:host:172.234.197.23:host:131.196.30.213	SESSION-3839adbba9942939 → host:172.234.197.23 → host:131.196.30.213
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.35:asn:271410	host:131.196.29.35 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f2f7ca9f61df30fd:SESSION-f2f7ca9f61df30fd	SESSION-f2f7ca9f61df30fd → pe:syn:SESSION-f2f7ca9f61df30fd
FLOW_FROM_HOSTOBS	e:from:SESSION-97a722c9ef92a65e:host:45.173.156.163	SESSION-97a722c9ef92a65e → host:45.173.156.163
FLOW_FROM_HOSTOBS	e:from:SESSION-8e33208793a04fae:host:3.102.9.236	SESSION-8e33208793a04fae → host:3.102.9.236
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4bb4f425427d3bee:host:177.10.239.192:host:172.234.197.23	SESSION-4bb4f425427d3bee → host:177.10.239.192 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0d9e3720b73bcaea:flow:3996441ab8c9	SESSION-0d9e3720b73bcaea → flow:3996441ab8c9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68adb943f73c50e9:host:177.10.237.110	SESSION-68adb943f73c50e9 → host:177.10.237.110
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eb8a27373acd6451:PCAP:capture_20260430150001:ded20914761d	SESSION-eb8a27373acd6451 → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.93:geo_-16.28860_-49.01640	host:177.10.233.93 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-07ba7d1d1566dce2:host:37.221.79.130:host:172.234.197.23	SESSION-07ba7d1d1566dce2 → host:37.221.79.130 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:75695113798f:port:tcp:443	flow:75695113798f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a918f52003c304f:SESSION-0a918f52003c304f	SESSION-0a918f52003c304f → pe:syn:SESSION-0a918f52003c304f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e3f936e849fecda0:PCAP:capture_20260430080001:93f47cc296a4	SESSION-e3f936e849fecda0 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65262d33293291dd:PCAP:capture_20260430050001:8868731bf8a4	SESSION-65262d33293291dd → PCAP:capture_20260430050001:8868731bf8a4
flow_observed4-aryOBS	e:fo:flow:c742ec3abe7f	flow:c742ec3abe7f → host:172.234.197.23 → host:177.10.238.16 → port:tcp:54279
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69a0e56e6767912e:host:172.234.197.23	SESSION-69a0e56e6767912e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ab46af96ea11edd:host:131.196.30.187	SESSION-7ab46af96ea11edd → host:131.196.30.187
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.68:asn:273470	host:45.173.156.68 → asn:273470
flow_observed5-aryOBS	e:fo:flow:bc4d6a7d585e	flow:bc4d6a7d585e → host:45.173.156.48 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:943d842fa81c	flow:943d842fa81c → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c124aef8e6ea7da5:host:172.234.197.23	SESSION-c124aef8e6ea7da5 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.154:asn:273470	host:45.173.156.154 → asn:273470
FLOW_DST_PORTOBS	e:fp:flow:cdd7f96d14d6:port:tcp:443	flow:cdd7f96d14d6 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-6bca989f2c390047:host:131.196.28.165	SESSION-6bca989f2c390047 → host:131.196.28.165
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a117da50f6c2c30f:host:131.196.31.42	SESSION-a117da50f6c2c30f → host:131.196.31.42
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6cbb8d1d16f40477:host:172.234.197.23:host:131.196.30.126	SESSION-6cbb8d1d16f40477 → host:172.234.197.23 → host:131.196.30.126
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7759d4a46d500e47:flow:72abfe4f3945	SESSION-7759d4a46d500e47 → flow:72abfe4f3945
FLOW_TO_HOSTOBS	e:to:SESSION-60441095965530ae:host:172.234.197.23	SESSION-60441095965530ae → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-226dccfda73d96ef:flow:b242b62ec151	SESSION-226dccfda73d96ef → flow:b242b62ec151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3f7e801a59e8e93f:SESSION-3f7e801a59e8e93f	SESSION-3f7e801a59e8e93f → pe:syn:SESSION-3f7e801a59e8e93f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-862fcc949d847857:SESSION-862fcc949d847857	SESSION-862fcc949d847857 → pe:syn:SESSION-862fcc949d847857
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f7bf570ae8905fff:host:57.128.95.181:host:172.234.197.23	SESSION-f7bf570ae8905fff → host:57.128.95.181 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d1ca1108b3f9fffc:host:92.112.71.65	SESSION-d1ca1108b3f9fffc → host:92.112.71.65
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.58:geo_-16.28860_-49.01640	host:177.10.235.58 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:3c4b26c6586f	flow:3c4b26c6586f → host:177.10.237.192 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:dce980f09aca	flow:dce980f09aca → host:177.10.239.153 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-418ea5f834fbfdc6:host:177.10.238.221	SESSION-418ea5f834fbfdc6 → host:177.10.238.221
flow_observed5-aryOBS	e:fo:flow:764b0b5581af	flow:764b0b5581af → host:177.10.237.188 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de82cbdf751e150b:host:172.234.197.23	SESSION-de82cbdf751e150b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8189545896e60c84:host:172.234.197.23	SESSION-8189545896e60c84 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cddd8421db4c97d9:PCAP:capture_20260430070001:903a0e7a436b	SESSION-cddd8421db4c97d9 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0af842276eef56a1:host:172.234.197.23	SESSION-0af842276eef56a1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fd2a5925828b8076:SESSION-fd2a5925828b8076	SESSION-fd2a5925828b8076 → pe:syn:SESSION-fd2a5925828b8076
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-200b6d1dbf438627:host:172.234.197.23:host:177.10.239.226	SESSION-200b6d1dbf438627 → host:172.234.197.23 → host:177.10.239.226
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f21759fa00584782:SESSION-f21759fa00584782	SESSION-f21759fa00584782 → pe:syn:SESSION-f21759fa00584782
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6c5381aaad8fa568:SESSION-6c5381aaad8fa568	SESSION-6c5381aaad8fa568 → pe:syn:SESSION-6c5381aaad8fa568
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-01e9e36dd29e3f1f:flow:4a9074182f8c	SESSION-01e9e36dd29e3f1f → flow:4a9074182f8c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ccbf098e115515a:host:177.10.232.65	SESSION-0ccbf098e115515a → host:177.10.232.65
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ba8512040d3b37b:host:177.10.233.148	SESSION-5ba8512040d3b37b → host:177.10.233.148
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-35fc4de775269620:host:172.234.197.23	SESSION-35fc4de775269620 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9866420dbc5d2da0:host:177.10.238.15	SESSION-9866420dbc5d2da0 → host:177.10.238.15
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-51b69a1f49968dce:SESSION-51b69a1f49968dce	SESSION-51b69a1f49968dce → pe:tls:SESSION-51b69a1f49968dce
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e696cf5f8f6db7e6:SESSION-e696cf5f8f6db7e6	SESSION-e696cf5f8f6db7e6 → pe:tls:SESSION-e696cf5f8f6db7e6
flow_observed4-aryOBS	e:fo:flow:b6ce620286af	flow:b6ce620286af → host:172.234.197.23 → host:131.196.30.32 → port:tcp:17088
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3fe48e08f3f123e2:host:131.196.30.114	SESSION-3fe48e08f3f123e2 → host:131.196.30.114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-49fc7ea897578489:SESSION-49fc7ea897578489	SESSION-49fc7ea897578489 → pe:rst:SESSION-49fc7ea897578489
FLOW_FROM_HOSTOBS	e:from:SESSION-f3d13cea2cf7dcee:host:177.10.236.195	SESSION-f3d13cea2cf7dcee → host:177.10.236.195
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.138:asn:262880	host:177.10.236.138 → asn:262880
flow_observed5-aryOBS	e:fo:flow:6af774f9a8b1	flow:6af774f9a8b1 → host:131.196.31.1 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-66fe61e0e919e0c7:host:172.234.197.23	SESSION-66fe61e0e919e0c7 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:75ea99f83171	flow:75ea99f83171 → host:177.10.236.31 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6109906c198ad0ac:SESSION-6109906c198ad0ac	SESSION-6109906c198ad0ac → pe:tls:SESSION-6109906c198ad0ac
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9ec3678e1070a7a4:flow:cfc34639b852	SESSION-9ec3678e1070a7a4 → flow:cfc34639b852
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b03f12d359ceed54:SESSION-b03f12d359ceed54	SESSION-b03f12d359ceed54 → pe:tls:SESSION-b03f12d359ceed54
FLOW_DST_PORTOBS	e:fp:flow:042a169e6320:port:tcp:29010	flow:042a169e6320 → port:tcp:29010
FLOW_FROM_HOSTOBS	e:from:SESSION-58f2a638c6bf8581:host:104.28.202.79	SESSION-58f2a638c6bf8581 → host:104.28.202.79
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-704e3a6bbdc29013:PCAP:capture_20260430080001:93f47cc296a4	SESSION-704e3a6bbdc29013 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-27da8f08a1512941:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-27da8f08a1512941 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b2c924632948936b:flow:c859dd67755d	SESSION-b2c924632948936b → flow:c859dd67755d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a77e99309dd6e28:PCAP:capture_20260430110001:43611bdf6759	SESSION-8a77e99309dd6e28 → PCAP:capture_20260430110001:43611bdf6759
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.151:geo_-23.62930_-46.63510	host:131.196.31.151 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16a7442acd9adfae:host:172.234.197.23	SESSION-16a7442acd9adfae → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8b38e5755a85588:SESSION-c8b38e5755a85588	SESSION-c8b38e5755a85588 → pe:syn:SESSION-c8b38e5755a85588
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f35bbd3887f167bf:host:172.234.197.23	SESSION-f35bbd3887f167bf → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c9c8bcacffc7072b:host:172.232.0.16	SESSION-c9c8bcacffc7072b → host:172.232.0.16
FLOW_TO_HOSTOBS	e:to:SESSION-d7bf020c0439ffaa:host:2.57.122.192	SESSION-d7bf020c0439ffaa → host:2.57.122.192
flow_observed5-aryOBS	e:fo:flow:00661a8aa975	flow:00661a8aa975 → host:177.10.235.61 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-f39c81a37ca9c9d3:host:177.10.235.215	SESSION-f39c81a37ca9c9d3 → host:177.10.235.215
FLOW_DST_PORTOBS	e:fp:flow:e8b966037588:port:tcp:443	flow:e8b966037588 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:f82606c83b27:port:tcp:443	flow:f82606c83b27 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-887f47388267b095:host:172.234.197.23	SESSION-887f47388267b095 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8cb528496ded9d11:host:172.234.197.23	SESSION-8cb528496ded9d11 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3109063707c4a5e1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-3109063707c4a5e1 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4d7e31822e7386a:host:131.196.30.0:host:172.234.197.23	SESSION-c4d7e31822e7386a → host:131.196.30.0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-cd38adf08b5d5a9e:SESSION-cd38adf08b5d5a9e	SESSION-cd38adf08b5d5a9e → pe:rst:SESSION-cd38adf08b5d5a9e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0dad0a06445f9e1f:SESSION-0dad0a06445f9e1f	SESSION-0dad0a06445f9e1f → pe:syn:SESSION-0dad0a06445f9e1f
FLOW_FROM_HOSTOBS	e:from:SESSION-ee4f55e8adb586c5:host:177.10.233.40	SESSION-ee4f55e8adb586c5 → host:177.10.233.40
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f05806c7fdedb94:host:177.10.237.46	SESSION-9f05806c7fdedb94 → host:177.10.237.46
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ddc877c0ed3a64ea:PCAP:capture_20260430150001:ded20914761d	SESSION-ddc877c0ed3a64ea → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2db29654b7388c8c:host:172.234.197.23	SESSION-2db29654b7388c8c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c9716031ec5470ef:flow:17af5446ca65	SESSION-c9716031ec5470ef → flow:17af5446ca65
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b9d11ee49864a2bc:SESSION-b9d11ee49864a2bc	SESSION-b9d11ee49864a2bc → pe:tls:SESSION-b9d11ee49864a2bc
FLOW_TO_HOSTOBS	e:to:SESSION-6dadefe349dd79f6:host:172.234.197.23	SESSION-6dadefe349dd79f6 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:18.175.215.247:asn:16509	host:18.175.215.247 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ec373193747138e2:SESSION-ec373193747138e2	SESSION-ec373193747138e2 → pe:syn:SESSION-ec373193747138e2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65d310d8fe50c39e:host:177.10.234.230	SESSION-65d310d8fe50c39e → host:177.10.234.230
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2e316662e5f9d5ce:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2e316662e5f9d5ce → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-602a14335703e220:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-602a14335703e220 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a3643dbad405bac1:host:131.196.28.28:host:172.234.197.23	SESSION-a3643dbad405bac1 → host:131.196.28.28 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c35a263dbc41a3d:host:172.234.197.23	SESSION-7c35a263dbc41a3d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1a8968fd2a11ede8:host:172.234.197.23:host:177.10.233.17	SESSION-1a8968fd2a11ede8 → host:172.234.197.23 → host:177.10.233.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-af1aec9a84a08d25:host:131.196.31.73	SESSION-af1aec9a84a08d25 → host:131.196.31.73
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4d1c4ac80a0d275:flow:f9be4f44f5ed	SESSION-c4d1c4ac80a0d275 → flow:f9be4f44f5ed
flow_observed5-aryOBS	e:fo:flow:e61430efc09a	flow:e61430efc09a → host:177.10.239.235 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-0532a1c12e883894:host:172.234.197.23	SESSION-0532a1c12e883894 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e53dab5788851a26:flow:e7d1e5021626	SESSION-e53dab5788851a26 → flow:e7d1e5021626
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-942872364f4f0f53:SESSION-942872364f4f0f53	SESSION-942872364f4f0f53 → pe:syn:SESSION-942872364f4f0f53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76bcf8447ee973fd:host:45.173.156.237	SESSION-76bcf8447ee973fd → host:45.173.156.237
FLOW_FROM_HOSTOBS	e:from:SESSION-4bb4f425427d3bee:host:177.10.239.192	SESSION-4bb4f425427d3bee → host:177.10.239.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ce92926e8e7d59d2:SESSION-ce92926e8e7d59d2	SESSION-ce92926e8e7d59d2 → pe:tls:SESSION-ce92926e8e7d59d2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-84891f6788a8f194:PCAP:capture_20260430110001:43611bdf6759	SESSION-84891f6788a8f194 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-68adb943f73c50e9:host:177.10.237.110	SESSION-68adb943f73c50e9 → host:177.10.237.110
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d2ea88f589d3294:host:177.10.236.248	SESSION-1d2ea88f589d3294 → host:177.10.236.248
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6a46bc5971af02e3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6a46bc5971af02e3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bcca913f927ee07e:host:172.234.197.23	SESSION-bcca913f927ee07e → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:71fbdd137d18	flow:71fbdd137d18 → host:172.234.197.23 → host:45.173.156.129 → port:tcp:50837
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e77738dbb03f9aec:SESSION-e77738dbb03f9aec	SESSION-e77738dbb03f9aec → pe:syn:SESSION-e77738dbb03f9aec
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-55794f9e7b1a9e7f:SESSION-55794f9e7b1a9e7f	SESSION-55794f9e7b1a9e7f → pe:syn:SESSION-55794f9e7b1a9e7f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-31b8d1ec0bbdfa48:PCAP:capture_20260430080001:93f47cc296a4	SESSION-31b8d1ec0bbdfa48 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:974c9a601f83	flow:974c9a601f83 → host:177.10.234.239 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51603301232db2ce:flow:daa25e0a33bc	SESSION-51603301232db2ce → flow:daa25e0a33bc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb82ec2c88e573dc:host:172.234.197.23	SESSION-eb82ec2c88e573dc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e1ff5f640d9a1d3a:SESSION-e1ff5f640d9a1d3a	SESSION-e1ff5f640d9a1d3a → pe:tls:SESSION-e1ff5f640d9a1d3a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f4918b67fbcc63f:host:131.196.31.27	SESSION-2f4918b67fbcc63f → host:131.196.31.27
FLOW_DST_PORTOBS	e:fp:flow:e9f24a0dad4a:port:tcp:14750	flow:e9f24a0dad4a → port:tcp:14750
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-48de9f7b9a5a464c:SESSION-48de9f7b9a5a464c	SESSION-48de9f7b9a5a464c → pe:tls:SESSION-48de9f7b9a5a464c
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.187:asn:271410	host:131.196.28.187 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ecb25cc7396151e7:host:172.234.197.23	SESSION-ecb25cc7396151e7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0f786f54457f:port:tcp:443	flow:0f786f54457f → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:ef449155f969:port:tcp:443	flow:ef449155f969 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-09c97c2e7f8ca5a6:SESSION-09c97c2e7f8ca5a6	SESSION-09c97c2e7f8ca5a6 → pe:tls:SESSION-09c97c2e7f8ca5a6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-afa0e3a30bb0024e:PCAP:capture_20260430150001:ded20914761d	SESSION-afa0e3a30bb0024e → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-36b6bef962351df3:host:177.10.237.66	SESSION-36b6bef962351df3 → host:177.10.237.66
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ead4b2d62c5ebfd2:host:177.10.237.31	SESSION-ead4b2d62c5ebfd2 → host:177.10.237.31
FLOW_TO_HOSTOBS	e:to:SESSION-7e88e03e6557ce42:host:131.196.29.134	SESSION-7e88e03e6557ce42 → host:131.196.29.134
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-24aa07f03f2c2273:SESSION-24aa07f03f2c2273	SESSION-24aa07f03f2c2273 → pe:syn:SESSION-24aa07f03f2c2273
FLOW_TO_HOSTOBS	e:to:SESSION-05ec7baf0d99b24d:host:172.234.197.23	SESSION-05ec7baf0d99b24d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1433a266c3f7170c:host:177.10.238.24	SESSION-1433a266c3f7170c → host:177.10.238.24
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7ed3cc3ecfbc3d3c:flow:f5ed40a9f1fb	SESSION-7ed3cc3ecfbc3d3c → flow:f5ed40a9f1fb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8466bbcc058d46c:SESSION-c8466bbcc058d46c	SESSION-c8466bbcc058d46c → pe:syn:SESSION-c8466bbcc058d46c
FLOW_DST_PORTOBS	e:fp:flow:bbdcfb726e93:port:tcp:443	flow:bbdcfb726e93 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-521d3d94be94008e:host:131.196.31.10:host:172.234.197.23	SESSION-521d3d94be94008e → host:131.196.31.10 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-745ac23dbe7bf2d2:flow:262704d151c7	SESSION-745ac23dbe7bf2d2 → flow:262704d151c7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ddd0457559a3680:host:172.234.197.23	SESSION-1ddd0457559a3680 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-34d820c66fac079b:host:172.234.197.23	SESSION-34d820c66fac079b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d7508894fe5424d7:SESSION-d7508894fe5424d7	SESSION-d7508894fe5424d7 → pe:tls:SESSION-d7508894fe5424d7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.31:geo_-16.28860_-49.01640	host:177.10.239.31 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-8958b8d9cf24f177:host:131.196.31.74	SESSION-8958b8d9cf24f177 → host:131.196.31.74
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5fd776fee1455ee3:SESSION-5fd776fee1455ee3	SESSION-5fd776fee1455ee3 → pe:syn:SESSION-5fd776fee1455ee3
FLOW_TO_HOSTOBS	e:to:SESSION-22873a115734b4a8:host:177.10.232.24	SESSION-22873a115734b4a8 → host:177.10.232.24
FLOW_DST_PORTOBS	e:fp:flow:84c70ec3a025:port:tcp:443	flow:84c70ec3a025 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:7304835f81a0	flow:7304835f81a0 → host:131.196.29.75 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0fe99f41b36441fa:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0fe99f41b36441fa → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4363548d57b1d6df:SESSION-4363548d57b1d6df	SESSION-4363548d57b1d6df → pe:tls:SESSION-4363548d57b1d6df
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8982cb545b77cb1a:SESSION-8982cb545b77cb1a	SESSION-8982cb545b77cb1a → pe:tls:SESSION-8982cb545b77cb1a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1350be77996fff9b:host:177.10.232.66	SESSION-1350be77996fff9b → host:177.10.232.66
flow_observed5-aryOBS	e:fo:flow:98496b0aeabc	flow:98496b0aeabc → host:177.10.238.50 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-88449fe846038c62:PCAP:capture_20260430050001:8868731bf8a4	SESSION-88449fe846038c62 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f7287a957cb5e0d9:SESSION-f7287a957cb5e0d9	SESSION-f7287a957cb5e0d9 → pe:syn:SESSION-f7287a957cb5e0d9
flow_observed5-aryOBS	e:fo:flow:2743dce9549e	flow:2743dce9549e → host:131.196.29.203 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-8dc28b29833676bc:host:177.10.239.176	SESSION-8dc28b29833676bc → host:177.10.239.176
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a84fec3b32ec885d:host:131.196.30.9:host:172.234.197.23	SESSION-a84fec3b32ec885d → host:131.196.30.9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-de195b26c1af220a:host:172.234.197.23:host:177.10.232.60	SESSION-de195b26c1af220a → host:172.234.197.23 → host:177.10.232.60
FLOW_FROM_HOSTOBS	e:from:SESSION-87ea4b729b5b64e3:host:172.234.197.23	SESSION-87ea4b729b5b64e3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e8b5b6c6f846:port:tcp:37507	flow:e8b5b6c6f846 → port:tcp:37507
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-62b98bdaf08d2190:PCAP:capture_20260430150001:ded20914761d	SESSION-62b98bdaf08d2190 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-47d7544842406eea:SESSION-47d7544842406eea	SESSION-47d7544842406eea → pe:tls:SESSION-47d7544842406eea
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.28:geo_-23.62930_-46.63510	host:131.196.30.28 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-112f4fdeb678f643:SESSION-112f4fdeb678f643	SESSION-112f4fdeb678f643 → pe:syn:SESSION-112f4fdeb678f643
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-141e3c6c8d153d1d:host:131.196.31.17	SESSION-141e3c6c8d153d1d → host:131.196.31.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ab81c1372abfe2ce:SESSION-ab81c1372abfe2ce	SESSION-ab81c1372abfe2ce → pe:tls:SESSION-ab81c1372abfe2ce
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-a5b4d581172cc71c:SESSION-a5b4d581172cc71c	SESSION-a5b4d581172cc71c → pe:rst:SESSION-a5b4d581172cc71c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-586cf5bb6d743be1:host:177.10.239.114	SESSION-586cf5bb6d743be1 → host:177.10.239.114
FLOW_TO_HOSTOBS	e:to:SESSION-16fca057f28c0943:host:172.234.197.23	SESSION-16fca057f28c0943 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7678ab8e642a5a2a:host:177.10.234.94	SESSION-7678ab8e642a5a2a → host:177.10.234.94
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.194:asn:203771	host:185.231.226.194 → asn:203771
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-98c12e77f111e64e:host:131.196.28.7:host:172.234.197.23	SESSION-98c12e77f111e64e → host:131.196.28.7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-46d2f77cc38b38db:host:177.10.234.36	SESSION-46d2f77cc38b38db → host:177.10.234.36
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c74fe87f9177e103:host:131.196.31.225	SESSION-c74fe87f9177e103 → host:131.196.31.225
FLOW_FROM_HOSTOBS	e:from:SESSION-c7e6be5ba8db3cda:host:131.196.30.228	SESSION-c7e6be5ba8db3cda → host:131.196.30.228
FLOW_TO_HOSTOBS	e:to:SESSION-e327e4197615d5bf:host:131.196.28.86	SESSION-e327e4197615d5bf → host:131.196.28.86
FLOW_FROM_HOSTOBS	e:from:SESSION-d3cf98bfbd337a47:host:177.10.234.126	SESSION-d3cf98bfbd337a47 → host:177.10.234.126
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-845630b36dc2dead:host:195.20.104.8:host:172.234.197.23	SESSION-845630b36dc2dead → host:195.20.104.8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9d9eea4dccd4	flow:9d9eea4dccd4 → host:177.10.235.226 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ad4b86f4c7bfaae:PCAP:capture_20260430150001:ded20914761d	SESSION-1ad4b86f4c7bfaae → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.42:geo_-16.28860_-49.01640	host:177.10.235.42 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2eb904b60673a30b:SESSION-2eb904b60673a30b	SESSION-2eb904b60673a30b → pe:tls:SESSION-2eb904b60673a30b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b81fa97d99ce77b6:host:131.196.29.199	SESSION-b81fa97d99ce77b6 → host:131.196.29.199
FLOW_FROM_HOSTOBS	e:from:SESSION-265a2f0fa666e936:host:131.196.30.222	SESSION-265a2f0fa666e936 → host:131.196.30.222
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.135.228.17:geo_41.00190_28.96450	host:95.135.228.17 → geo_41.00190_28.96450
FLOW_DST_PORTOBS	e:fp:flow:4e274ce7b551:port:tcp:443	flow:4e274ce7b551 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-baf09a66da0e4962:host:177.10.239.213	SESSION-baf09a66da0e4962 → host:177.10.239.213
FLOW_DST_PORTOBS	e:fp:flow:5e40b4fa1d5e:port:tcp:443	flow:5e40b4fa1d5e → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3959c763e6312f1d:host:172.234.197.23:host:177.10.237.128	SESSION-3959c763e6312f1d → host:172.234.197.23 → host:177.10.237.128
FLOW_FROM_HOSTOBS	e:from:SESSION-7e50b84c66ab32ef:host:177.10.239.105	SESSION-7e50b84c66ab32ef → host:177.10.239.105
FLOW_FROM_HOSTOBS	e:from:SESSION-574ff4efae76e1f7:host:177.10.235.84	SESSION-574ff4efae76e1f7 → host:177.10.235.84
FLOW_FROM_HOSTOBS	e:from:SESSION-cd4086b575d9a1c0:host:172.234.197.23	SESSION-cd4086b575d9a1c0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:444d77b86e60:port:tcp:443	flow:444d77b86e60 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-64639bf8e248f548:SESSION-64639bf8e248f548	SESSION-64639bf8e248f548 → pe:tls:SESSION-64639bf8e248f548
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2df5a0c07309bf07:host:172.234.197.23	SESSION-2df5a0c07309bf07 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fef93e1a24936adf:flow:5773e64f6579	SESSION-fef93e1a24936adf → flow:5773e64f6579
FLOW_DST_PORTOBS	e:fp:flow:1f92222490cc:port:tcp:7618	flow:1f92222490cc → port:tcp:7618
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-24e3c3c409f2ba92:host:69.235.185.81:host:172.234.197.23	SESSION-24e3c3c409f2ba92 → host:69.235.185.81 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ad3aa4b6b6de70e6:host:177.10.232.120	SESSION-ad3aa4b6b6de70e6 → host:177.10.232.120
FLOW_DST_PORTOBS	e:fp:flow:a0f17022a425:port:tcp:443	flow:a0f17022a425 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:1813f51dfd27:port:tcp:443	flow:1813f51dfd27 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.195:asn:262880	host:177.10.236.195 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fec8e81be891b7cc:SESSION-fec8e81be891b7cc	SESSION-fec8e81be891b7cc → pe:syn:SESSION-fec8e81be891b7cc
flow_observed5-aryOBS	e:fo:flow:9bcbacd42ba6	flow:9bcbacd42ba6 → host:177.10.238.156 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-01e03a84392b1398:host:172.234.197.23:host:177.10.237.10	SESSION-01e03a84392b1398 → host:172.234.197.23 → host:177.10.237.10
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1c47767899447038:host:177.10.232.160:host:172.234.197.23	SESSION-1c47767899447038 → host:177.10.232.160 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.35:asn:262880	host:177.10.235.35 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-75ad621f5d402513:SESSION-75ad621f5d402513	SESSION-75ad621f5d402513 → pe:tls:SESSION-75ad621f5d402513
FLOW_FROM_HOSTOBS	e:from:SESSION-6afafa975f8bbed9:host:172.234.197.23	SESSION-6afafa975f8bbed9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-692dce6abc85c058:SESSION-692dce6abc85c058	SESSION-692dce6abc85c058 → pe:syn:SESSION-692dce6abc85c058
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b65436b870ef703a:host:177.10.239.221:host:172.234.197.23	SESSION-b65436b870ef703a → host:177.10.239.221 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9c84656a173f6275:SESSION-9c84656a173f6275	SESSION-9c84656a173f6275 → pe:tls:SESSION-9c84656a173f6275
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7569a7ee383f653c:host:172.234.197.23	SESSION-7569a7ee383f653c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:aa5fbcda671d	flow:aa5fbcda671d → host:131.196.30.78 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-31068e75a101287d:flow:ea2fa5e8521f	SESSION-31068e75a101287d → flow:ea2fa5e8521f
flow_observed4-aryOBS	e:fo:flow:e8541a690a9e	flow:e8541a690a9e → host:172.234.197.23 → host:177.10.234.59 → port:tcp:31834
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8e523425c561e01e:flow:7deae72d4bf5	SESSION-8e523425c561e01e → flow:7deae72d4bf5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a78d91cebd5172f:host:172.234.197.23	SESSION-5a78d91cebd5172f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a3cdd61760cc277:host:172.234.197.23:host:177.10.239.218	SESSION-8a3cdd61760cc277 → host:172.234.197.23 → host:177.10.239.218
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-94594005437ae120:flow:9645bfc7fe4d	SESSION-94594005437ae120 → flow:9645bfc7fe4d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ab1dfc7616ca079a:host:177.10.234.32:host:172.234.197.23	SESSION-ab1dfc7616ca079a → host:177.10.234.32 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07775d37dba558b0:host:199.16.157.181	SESSION-07775d37dba558b0 → host:199.16.157.181
FLOW_TO_HOSTOBS	e:to:SESSION-59a63fae51b24a38:host:172.234.197.23	SESSION-59a63fae51b24a38 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-728f64f1954defae:host:172.234.197.23:host:177.10.239.239	SESSION-728f64f1954defae → host:172.234.197.23 → host:177.10.239.239
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2287ae96f90f1374:flow:afc55ad73faf	SESSION-2287ae96f90f1374 → flow:afc55ad73faf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2646f5b9f41a01d2:PCAP:capture_20260430090001:065659c7d314	SESSION-2646f5b9f41a01d2 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.71:geo_-23.62930_-46.63510	host:131.196.28.71 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65c3eea3bc378ff0:PCAP:capture_20260430160001:9bfa4498506a	SESSION-65c3eea3bc378ff0 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e540dbaefa45433:host:177.10.234.96	SESSION-9e540dbaefa45433 → host:177.10.234.96
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5e72c530de39a222:host:177.10.234.164:host:172.234.197.23	SESSION-5e72c530de39a222 → host:177.10.234.164 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c2cb78a800ce3917:host:172.234.197.23	SESSION-c2cb78a800ce3917 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-55e2fb280d3c8e24:flow:abe28bc9f048	SESSION-55e2fb280d3c8e24 → flow:abe28bc9f048
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.112:geo_-16.28860_-49.01640	host:177.10.232.112 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-00ca7ee72922697b:host:131.196.29.164	SESSION-00ca7ee72922697b → host:131.196.29.164
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a1570467d4c9a43:host:131.196.31.133	SESSION-4a1570467d4c9a43 → host:131.196.31.133
flow_observed5-aryOBS	e:fo:flow:f35a1591b089	flow:f35a1591b089 → host:177.10.233.125 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-669a514c7e7ceed8:host:172.234.197.23	SESSION-669a514c7e7ceed8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c3cd15ae05af1e0a:SESSION-c3cd15ae05af1e0a	SESSION-c3cd15ae05af1e0a → pe:tls:SESSION-c3cd15ae05af1e0a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6d3dc2c705a19d83:host:177.10.236.129:host:172.234.197.23	SESSION-6d3dc2c705a19d83 → host:177.10.236.129 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2dbb680dd253e19c:host:131.196.29.252:host:172.234.197.23	SESSION-2dbb680dd253e19c → host:131.196.29.252 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:52f183052b4c:port:tcp:443	flow:52f183052b4c → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:933ff1edd14a:port:tcp:65318	flow:933ff1edd14a → port:tcp:65318
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ae2c237b5906e067:host:177.10.239.127:host:172.234.197.23	SESSION-ae2c237b5906e067 → host:177.10.239.127 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-341468c084cc4cf3:SESSION-341468c084cc4cf3	SESSION-341468c084cc4cf3 → pe:tls:SESSION-341468c084cc4cf3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cbc08c1422c92ccf:host:177.10.236.94	SESSION-cbc08c1422c92ccf → host:177.10.236.94
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b3a17f957b1f0153:flow:ec60c21c4d5f	SESSION-b3a17f957b1f0153 → flow:ec60c21c4d5f
FLOW_DST_PORTOBS	e:fp:flow:b11a0b13ae5f:port:tcp:443	flow:b11a0b13ae5f → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cddf604912330e1b:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-cddf604912330e1b → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:aa5d832c70b6	flow:aa5d832c70b6 → host:177.10.235.194 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-afd30c72829a35a2:SESSION-afd30c72829a35a2	SESSION-afd30c72829a35a2 → pe:tls:SESSION-afd30c72829a35a2
FLOW_TO_HOSTOBS	e:to:SESSION-1db6dc9c45987f6e:host:172.234.197.23	SESSION-1db6dc9c45987f6e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ae580f5c3468d66:host:177.10.233.13:host:172.234.197.23	SESSION-8ae580f5c3468d66 → host:177.10.233.13 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8cb5f38c68f62897:host:172.234.197.23	SESSION-8cb5f38c68f62897 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4dda4cfeb9223891:host:172.234.197.23	SESSION-4dda4cfeb9223891 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9df048180bcb59b6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9df048180bcb59b6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-048f9271a2e27be7:SESSION-048f9271a2e27be7	SESSION-048f9271a2e27be7 → pe:tls:SESSION-048f9271a2e27be7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc3cb32f8be8837a:host:172.234.197.23	SESSION-bc3cb32f8be8837a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be1454a9d7b7f3ce:host:172.234.197.23:host:97.139.12.85	SESSION-be1454a9d7b7f3ce → host:172.234.197.23 → host:97.139.12.85
flow_observed4-aryOBS	e:fo:flow:cff9dae844c6	flow:cff9dae844c6 → host:172.234.197.23 → host:131.196.29.80 → port:tcp:44109
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e626c78b08de0a8b:host:177.10.232.2:host:172.234.197.23	SESSION-e626c78b08de0a8b → host:177.10.232.2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5bec9c6872f5835:host:45.173.156.117	SESSION-b5bec9c6872f5835 → host:45.173.156.117
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be67080b9ae14b48:flow:c8ea7a8a3a9a	SESSION-be67080b9ae14b48 → flow:c8ea7a8a3a9a
FLOW_TO_HOSTOBS	e:to:SESSION-f5a08fe68832616d:host:172.234.197.23	SESSION-f5a08fe68832616d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.106:asn:262880	host:177.10.238.106 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9dc3dafcee87c5f7:SESSION-9dc3dafcee87c5f7	SESSION-9dc3dafcee87c5f7 → pe:tls:SESSION-9dc3dafcee87c5f7
FLOW_TO_HOSTOBS	e:to:SESSION-32ae480396f4c201:host:172.234.197.23	SESSION-32ae480396f4c201 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-652478bc70a2d711:host:177.10.236.64	SESSION-652478bc70a2d711 → host:177.10.236.64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4cb8ade3138db412:SESSION-4cb8ade3138db412	SESSION-4cb8ade3138db412 → pe:syn:SESSION-4cb8ade3138db412
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-397164cbc5836ff1:host:177.10.232.67:host:172.234.197.23	SESSION-397164cbc5836ff1 → host:177.10.232.67 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.148:geo_-23.62930_-46.63510	host:131.196.28.148 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31f4941ab57ed47b:host:177.10.235.117	SESSION-31f4941ab57ed47b → host:177.10.235.117
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e867c3054a212916:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e867c3054a212916 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-58a871785a3878fd:host:172.234.197.23:host:45.173.156.126	SESSION-58a871785a3878fd → host:172.234.197.23 → host:45.173.156.126
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9fd8278b2f1d760d:SESSION-9fd8278b2f1d760d	SESSION-9fd8278b2f1d760d → pe:syn:SESSION-9fd8278b2f1d760d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b01750df014e0bb:host:172.234.197.23	SESSION-5b01750df014e0bb → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:5d95a3b0c9d8	flow:5d95a3b0c9d8 → host:172.234.197.23 → host:177.10.232.151 → port:tcp:8645
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e1d806fe7541c4b2:host:131.196.28.115:host:172.234.197.23	SESSION-e1d806fe7541c4b2 → host:131.196.28.115 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-87ea4b729b5b64e3:host:172.234.197.23:host:131.196.31.48	SESSION-87ea4b729b5b64e3 → host:172.234.197.23 → host:131.196.31.48
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.109:asn:262880	host:177.10.235.109 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:759b87cb162b:port:tcp:443	flow:759b87cb162b → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-49c1d2d9ba1746da:host:177.10.238.140:host:172.234.197.23	SESSION-49c1d2d9ba1746da → host:177.10.238.140 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f34bafe5f2be5770:SESSION-f34bafe5f2be5770	SESSION-f34bafe5f2be5770 → pe:tls:SESSION-f34bafe5f2be5770
flow_observed4-aryOBS	e:fo:flow:325053d9614b	flow:325053d9614b → host:172.234.197.23 → host:177.10.232.32 → port:tcp:16940
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0af0d5d1b3f6259:host:172.234.197.23:host:131.196.31.111	SESSION-c0af0d5d1b3f6259 → host:172.234.197.23 → host:131.196.31.111
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.85:geo_-16.28860_-49.01640	host:177.10.234.85 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:bc301461f31d:port:tcp:443	flow:bc301461f31d → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7fd0e8f46f0bc660:flow:c8a68707d235	SESSION-7fd0e8f46f0bc660 → flow:c8a68707d235
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d6e7d46ad1b0c983:flow:edbbfbf82827	SESSION-d6e7d46ad1b0c983 → flow:edbbfbf82827
FLOW_TO_HOSTOBS	e:to:SESSION-8ef5ed6d64625f76:host:131.196.28.242	SESSION-8ef5ed6d64625f76 → host:131.196.28.242
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.183:geo_-16.28860_-49.01640	host:177.10.233.183 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0aa7cb63cd191443:host:177.10.232.150	SESSION-0aa7cb63cd191443 → host:177.10.232.150
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-01744e272bba469d:flow:009306c88cc6	SESSION-01744e272bba469d → flow:009306c88cc6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8663c7c8fd51be8d:SESSION-8663c7c8fd51be8d	SESSION-8663c7c8fd51be8d → pe:tls:SESSION-8663c7c8fd51be8d
flow_observed5-aryOBS	e:fo:flow:0699a99fcbbc	flow:0699a99fcbbc → host:177.10.238.186 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0709d76f76f731c:SESSION-c0709d76f76f731c	SESSION-c0709d76f76f731c → pe:tls:SESSION-c0709d76f76f731c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-605cf9d10467f8d3:host:177.10.237.2:host:172.234.197.23	SESSION-605cf9d10467f8d3 → host:177.10.237.2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ab61e60544120f5:host:177.10.236.45	SESSION-8ab61e60544120f5 → host:177.10.236.45
FLOW_DST_PORTOBS	e:fp:flow:d44b61a87a7b:port:tcp:45649	flow:d44b61a87a7b → port:tcp:45649
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0b02fe311e9b10a6:SESSION-0b02fe311e9b10a6	SESSION-0b02fe311e9b10a6 → pe:syn:SESSION-0b02fe311e9b10a6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fed96f9f16ada01c:SESSION-fed96f9f16ada01c	SESSION-fed96f9f16ada01c → pe:syn:SESSION-fed96f9f16ada01c
FLOW_FROM_HOSTOBS	e:from:SESSION-d0485ecaf8e8edab:host:177.10.238.16	SESSION-d0485ecaf8e8edab → host:177.10.238.16
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-57e30ec2e308e552:host:92.112.71.168:host:172.234.197.23	SESSION-57e30ec2e308e552 → host:92.112.71.168 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9a4b68b400a3161c:PCAP:capture_20260430150001:ded20914761d	SESSION-9a4b68b400a3161c → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.126:asn:262880	host:177.10.238.126 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-5167ceabb03264f1:host:45.173.156.197	SESSION-5167ceabb03264f1 → host:45.173.156.197
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.82:geo_-16.28860_-49.01640	host:177.10.234.82 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:e4ae608d5e53:port:tcp:34268	flow:e4ae608d5e53 → port:tcp:34268
FLOW_FROM_HOSTOBS	e:from:SESSION-5470436eecf7738e:host:177.10.237.192	SESSION-5470436eecf7738e → host:177.10.237.192
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-da7125a184793aeb:flow:268f82879bdd	SESSION-da7125a184793aeb → flow:268f82879bdd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fddb1520b60b4e20:host:45.173.156.138	SESSION-fddb1520b60b4e20 → host:45.173.156.138
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-728f64f1954defae:flow:483269fa81d1	SESSION-728f64f1954defae → flow:483269fa81d1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0612d11703a94cf9:host:92.112.71.176	SESSION-0612d11703a94cf9 → host:92.112.71.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-460a4898e7c07917:host:172.234.197.23	SESSION-460a4898e7c07917 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-85383edd293fa3f5:SESSION-85383edd293fa3f5	SESSION-85383edd293fa3f5 → pe:syn:SESSION-85383edd293fa3f5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ddd0457559a3680:SESSION-1ddd0457559a3680	SESSION-1ddd0457559a3680 → pe:tls:SESSION-1ddd0457559a3680
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1f003ce3fae962ee:SESSION-1f003ce3fae962ee	SESSION-1f003ce3fae962ee → pe:syn:SESSION-1f003ce3fae962ee
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9804aaba4767b862:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9804aaba4767b862 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-07dfdeddccca16ee:host:177.10.236.64	SESSION-07dfdeddccca16ee → host:177.10.236.64
FLOW_TO_HOSTOBS	e:to:SESSION-750eaff924399322:host:172.234.197.23	SESSION-750eaff924399322 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f6061b9b172c119c:host:177.10.236.174:host:172.234.197.23	SESSION-f6061b9b172c119c → host:177.10.236.174 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ed37285d7356:port:tcp:443	flow:ed37285d7356 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b1edba75af29ea2:host:172.234.197.23	SESSION-8b1edba75af29ea2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a586e6b93cbc00d:host:177.10.234.187:host:172.234.197.23	SESSION-0a586e6b93cbc00d → host:177.10.234.187 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a7cfd4f435147ff3:host:172.234.197.23	SESSION-a7cfd4f435147ff3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3ab5e62334de:port:tcp:443	flow:3ab5e62334de → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e22ceaf98f82b588:SESSION-e22ceaf98f82b588	SESSION-e22ceaf98f82b588 → pe:syn:SESSION-e22ceaf98f82b588
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-61e3533744fe7104:SESSION-61e3533744fe7104	SESSION-61e3533744fe7104 → pe:syn:SESSION-61e3533744fe7104
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc77084e1c24867c:host:177.10.234.103	SESSION-cc77084e1c24867c → host:177.10.234.103
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96878fba39db06d8:SESSION-96878fba39db06d8	SESSION-96878fba39db06d8 → pe:syn:SESSION-96878fba39db06d8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6d7eebeca6a52636:SESSION-6d7eebeca6a52636	SESSION-6d7eebeca6a52636 → pe:tls:SESSION-6d7eebeca6a52636
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e998b802e74a3139:host:177.10.235.39:host:172.234.197.23	SESSION-e998b802e74a3139 → host:177.10.235.39 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4b869f0759406bd5:host:131.196.31.246:host:172.234.197.23	SESSION-4b869f0759406bd5 → host:131.196.31.246 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea3a69414cbbc32d:host:177.10.236.216	SESSION-ea3a69414cbbc32d → host:177.10.236.216
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e6abbbca78e64654:SESSION-e6abbbca78e64654	SESSION-e6abbbca78e64654 → pe:tls:SESSION-e6abbbca78e64654
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9cd2627e6ddbbad1:SESSION-9cd2627e6ddbbad1	SESSION-9cd2627e6ddbbad1 → pe:syn:SESSION-9cd2627e6ddbbad1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2fd071a3b1e728ca:SESSION-2fd071a3b1e728ca	SESSION-2fd071a3b1e728ca → pe:tls:SESSION-2fd071a3b1e728ca
FLOW_DST_PORTOBS	e:fp:flow:bd015446e72b:port:tcp:24195	flow:bd015446e72b → port:tcp:24195
flow_observed4-aryOBS	e:fo:flow:263550df47f0	flow:263550df47f0 → host:172.234.197.23 → host:131.196.28.168 → port:tcp:64164
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea3a69414cbbc32d:host:172.234.197.23	SESSION-ea3a69414cbbc32d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d776155c4ea7cbea:host:172.234.197.23:host:177.10.232.12	SESSION-d776155c4ea7cbea → host:172.234.197.23 → host:177.10.232.12
FLOW_FROM_HOSTOBS	e:from:SESSION-83dd76c193cbd2e0:host:51.210.99.95	SESSION-83dd76c193cbd2e0 → host:51.210.99.95
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-259d89cf1511dc5c:host:131.196.29.27:host:172.234.197.23	SESSION-259d89cf1511dc5c → host:131.196.29.27 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b11ad70426b43374:host:172.234.197.23	SESSION-b11ad70426b43374 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.74:geo_-23.62930_-46.63510	host:131.196.29.74 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ffa310b40a91058:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-2ffa310b40a91058 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e6f5f35bde9b3d2:host:177.10.238.124	SESSION-7e6f5f35bde9b3d2 → host:177.10.238.124
FLOW_FROM_HOSTOBS	e:from:SESSION-9ab65b5d8a01cf3d:host:177.10.239.208	SESSION-9ab65b5d8a01cf3d → host:177.10.239.208
FLOW_FROM_HOSTOBS	e:from:SESSION-33b7a287fd9eafc1:host:131.196.28.16	SESSION-33b7a287fd9eafc1 → host:131.196.28.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-52c764b77552a86d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-52c764b77552a86d → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-11723453546179ac:flow:210140bd7750	SESSION-11723453546179ac → flow:210140bd7750
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9e6c979070fb893e:SESSION-9e6c979070fb893e	SESSION-9e6c979070fb893e → pe:syn:SESSION-9e6c979070fb893e
FLOW_TLS_SNIOBS	e:fs:flow:a787ca249a1b:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:a787ca249a1b → tls_sni:172-234-197-23.ip.linodeusercontent.com
flow_observed4-aryOBS	e:fo:flow:a96cebd1119f	flow:a96cebd1119f → host:172.234.197.23 → host:131.196.31.48 → port:tcp:42986
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f35bbd3887f167bf:host:172.234.197.23:host:177.10.239.67	SESSION-f35bbd3887f167bf → host:172.234.197.23 → host:177.10.239.67
FLOW_TO_HOSTOBS	e:to:SESSION-62151f99a31dc755:host:177.10.239.137	SESSION-62151f99a31dc755 → host:177.10.239.137
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.138:asn:262880	host:177.10.237.138 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:a3ddadd26471:port:tcp:13628	flow:a3ddadd26471 → port:tcp:13628
FLOW_FROM_HOSTOBS	e:from:SESSION-9fba97aa139b6de4:host:131.196.31.16	SESSION-9fba97aa139b6de4 → host:131.196.31.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47f0fc6e11d78716:host:172.234.197.23	SESSION-47f0fc6e11d78716 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a32c5a0b23fc272:SESSION-0a32c5a0b23fc272	SESSION-0a32c5a0b23fc272 → pe:syn:SESSION-0a32c5a0b23fc272
FLOW_FROM_HOSTOBS	e:from:SESSION-8b082affabc66a77:host:172.234.197.23	SESSION-8b082affabc66a77 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7c6580975a2d7416:host:177.10.238.35	SESSION-7c6580975a2d7416 → host:177.10.238.35
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.153:geo_-16.28860_-49.01640	host:177.10.232.153 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-03f7a565a7cd59d8:SESSION-03f7a565a7cd59d8	SESSION-03f7a565a7cd59d8 → pe:rst:SESSION-03f7a565a7cd59d8
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:2.57.121.112:geo_45.99680_24.99700	host:2.57.121.112 → geo_45.99680_24.99700
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3fc91fd95f4bed82:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-3fc91fd95f4bed82 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-4e79bdabe92472fb:host:131.196.28.165	SESSION-4e79bdabe92472fb → host:131.196.28.165
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ec00a834c5afff3:host:172.234.197.23	SESSION-1ec00a834c5afff3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:703841dd3320:port:tcp:443	flow:703841dd3320 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b73ad2a19ec53d4:host:172.234.197.23:host:131.196.28.69	SESSION-5b73ad2a19ec53d4 → host:172.234.197.23 → host:131.196.28.69
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e5496341eed0b869:host:131.196.29.150:host:172.234.197.23	SESSION-e5496341eed0b869 → host:131.196.29.150 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.61:geo_-23.62930_-46.63510	host:131.196.30.61 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28d0a7763ce2861c:host:177.10.233.147	SESSION-28d0a7763ce2861c → host:177.10.233.147
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-03f351fbd88acdc4:SESSION-03f351fbd88acdc4	SESSION-03f351fbd88acdc4 → pe:syn:SESSION-03f351fbd88acdc4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2a9f928f7ece6fbf:SESSION-2a9f928f7ece6fbf	SESSION-2a9f928f7ece6fbf → pe:tls:SESSION-2a9f928f7ece6fbf
flow_observed4-aryOBS	e:fo:flow:5e81ca4a36d6	flow:5e81ca4a36d6 → host:172.234.197.23 → host:45.173.156.38 → port:tcp:12607
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eeeeaab9fc572806:PCAP:capture_20260428010001:b1b402c7b202	SESSION-eeeeaab9fc572806 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_TO_HOSTOBS	e:to:SESSION-1b69502656f28818:host:92.118.39.236	SESSION-1b69502656f28818 → host:92.118.39.236
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1db6dc9c45987f6e:SESSION-1db6dc9c45987f6e	SESSION-1db6dc9c45987f6e → pe:syn:SESSION-1db6dc9c45987f6e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c2ee5c4e3db47f8:host:51.161.119.157	SESSION-2c2ee5c4e3db47f8 → host:51.161.119.157
FLOW_FROM_HOSTOBS	e:from:SESSION-603529cff661c41d:host:45.173.156.237	SESSION-603529cff661c41d → host:45.173.156.237
FLOW_FROM_HOSTOBS	e:from:SESSION-328e38096bb05d60:host:172.234.197.23	SESSION-328e38096bb05d60 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2f78094d02f5:port:tcp:80	flow:2f78094d02f5 → port:tcp:80
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:104.28.202.77:geo_29.75390_-95.35900	host:104.28.202.77 → geo_29.75390_-95.35900
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:172.93.100.236:geo_40.55110_-74.46060	host:172.93.100.236 → geo_40.55110_-74.46060
flow_observed5-aryOBS	e:fo:flow:33ecf83e0368	flow:33ecf83e0368 → host:177.10.238.149 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d3e80fb3431ec3f4:host:172.234.197.23	SESSION-d3e80fb3431ec3f4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7828bb27afafcc71:SESSION-7828bb27afafcc71	SESSION-7828bb27afafcc71 → pe:tls:SESSION-7828bb27afafcc71
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-866725b3664820db:host:177.10.234.147	SESSION-866725b3664820db → host:177.10.234.147
FLOW_TO_HOSTOBS	e:to:SESSION-00d1a9c01c6924fe:host:131.196.29.152	SESSION-00d1a9c01c6924fe → host:131.196.29.152
FLOW_TO_HOSTOBS	e:to:SESSION-a19951f5f7590fa9:host:177.10.232.253	SESSION-a19951f5f7590fa9 → host:177.10.232.253
flow_observed5-aryOBS	e:fo:flow:199e722fa4e3	flow:199e722fa4e3 → host:131.196.28.15 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99cbc6df23fa1e57:host:177.10.239.218	SESSION-99cbc6df23fa1e57 → host:177.10.239.218
flow_observed5-aryOBS	e:fo:flow:28d1c642fadb	flow:28d1c642fadb → host:177.10.234.113 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.23:geo_-23.62930_-46.63510	host:131.196.31.23 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eaa23bb51e1c2dee:PCAP:capture_20260430150001:ded20914761d	SESSION-eaa23bb51e1c2dee → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-8e3ae4e48a37cfd6:host:172.234.197.23	SESSION-8e3ae4e48a37cfd6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e61eb47c134600b1:SESSION-e61eb47c134600b1	SESSION-e61eb47c134600b1 → pe:syn:SESSION-e61eb47c134600b1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.182:geo_-16.28860_-49.01640	host:177.10.233.182 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2eb24274e849c36c:host:177.10.238.133:host:172.234.197.23	SESSION-2eb24274e849c36c → host:177.10.238.133 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d52893e766cf8155:host:172.234.197.23	SESSION-d52893e766cf8155 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-47e6906e0a27d254:SESSION-47e6906e0a27d254	SESSION-47e6906e0a27d254 → pe:syn:SESSION-47e6906e0a27d254
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.179:geo_-16.28860_-49.01640	host:177.10.235.179 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-7601ec92d63a89e6:host:88.99.91.59	SESSION-7601ec92d63a89e6 → host:88.99.91.59
FLOW_TO_HOSTOBS	e:to:SESSION-e5490e36eb363059:host:172.234.197.23	SESSION-e5490e36eb363059 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-0e56fb95f564a0aa:BSG-BEACON-e07f4250263f	SESSION-0e56fb95f564a0aa → BSG-BEACON-e07f4250263f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4e49a14deb2e22da:flow:808794619d5d	SESSION-4e49a14deb2e22da → flow:808794619d5d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-06b5f759c1748871:host:172.234.197.23:host:131.196.29.151	SESSION-06b5f759c1748871 → host:172.234.197.23 → host:131.196.29.151
FLOW_TO_HOSTOBS	e:to:SESSION-2be203d892e5c4c6:host:172.234.197.23	SESSION-2be203d892e5c4c6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ed80052f988e41bd:SESSION-ed80052f988e41bd	SESSION-ed80052f988e41bd → pe:tls:SESSION-ed80052f988e41bd
FLOW_TO_HOSTOBS	e:to:SESSION-cb444db8c099bc0f:host:172.234.197.23	SESSION-cb444db8c099bc0f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaa23bb51e1c2dee:host:172.234.197.23	SESSION-eaa23bb51e1c2dee → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2505ce7e1d614150:host:131.196.28.16	SESSION-2505ce7e1d614150 → host:131.196.28.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4fa0ca2c10982c45:host:172.234.197.23	SESSION-4fa0ca2c10982c45 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9bc5f3d34b7b8244:host:177.10.235.150:host:172.234.197.23	SESSION-9bc5f3d34b7b8244 → host:177.10.235.150 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c21627d8f6f11a27:SESSION-c21627d8f6f11a27	SESSION-c21627d8f6f11a27 → pe:tls:SESSION-c21627d8f6f11a27
FLOW_FROM_HOSTOBS	e:from:SESSION-472adb1eeb20f880:host:177.10.235.218	SESSION-472adb1eeb20f880 → host:177.10.235.218
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fd6f9b80bb02e0f5:SESSION-fd6f9b80bb02e0f5	SESSION-fd6f9b80bb02e0f5 → pe:tls:SESSION-fd6f9b80bb02e0f5
FLOW_TLS_SNIOBS	e:fs:flow:86d6a83e2f14:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:86d6a83e2f14 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b53dcb5377a03d44:flow:bdc164be34c9	SESSION-b53dcb5377a03d44 → flow:bdc164be34c9
FLOW_FROM_HOSTOBS	e:from:SESSION-66a529d98727e997:host:131.196.31.82	SESSION-66a529d98727e997 → host:131.196.31.82
FLOW_FROM_HOSTOBS	e:from:SESSION-420c45d015462611:host:177.10.238.84	SESSION-420c45d015462611 → host:177.10.238.84
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-60c160c47311ca12:host:47.129.136.46:host:172.234.197.23	SESSION-60c160c47311ca12 → host:47.129.136.46 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4d5b5151108975cf:flow:d3918dc4734c	SESSION-4d5b5151108975cf → flow:d3918dc4734c
FLOW_TO_HOSTOBS	e:to:SESSION-8b6005e750e5a47f:host:172.234.197.23	SESSION-8b6005e750e5a47f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e50b84c66ab32ef:host:177.10.239.105:host:172.234.197.23	SESSION-7e50b84c66ab32ef → host:177.10.239.105 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a4fdea987cb08476:host:172.234.197.23	SESSION-a4fdea987cb08476 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ae37c351bfd95cd:host:172.234.197.23	SESSION-6ae37c351bfd95cd → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-025a43ae01804438:host:177.10.237.96:host:172.234.197.23	SESSION-025a43ae01804438 → host:177.10.237.96 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.129:asn:271410	host:131.196.31.129 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-83d893adc4ebe669:host:131.196.28.151	SESSION-83d893adc4ebe669 → host:131.196.28.151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c83e078f141652ea:SESSION-c83e078f141652ea	SESSION-c83e078f141652ea → pe:tls:SESSION-c83e078f141652ea
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff2c95cfb4d3a4dd:host:172.234.197.23	SESSION-ff2c95cfb4d3a4dd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ff7dac0188fe8fcb:flow:21a048a11bf5	SESSION-ff7dac0188fe8fcb → flow:21a048a11bf5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-13906a0b4b02de94:SESSION-13906a0b4b02de94	SESSION-13906a0b4b02de94 → pe:tls:SESSION-13906a0b4b02de94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf0bb0d03710ab65:SESSION-bf0bb0d03710ab65	SESSION-bf0bb0d03710ab65 → pe:syn:SESSION-bf0bb0d03710ab65
FLOW_FROM_HOSTOBS	e:from:SESSION-af1aec9a84a08d25:host:131.196.31.73	SESSION-af1aec9a84a08d25 → host:131.196.31.73
HOST_IN_ASNOBS 85%	e:ha:host:88.99.91.59:asn:24940	host:88.99.91.59 → asn:24940
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.227:asn:203771	host:45.145.152.227 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b96d3d249635b605:host:45.173.156.70	SESSION-b96d3d249635b605 → host:45.173.156.70
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.235:asn:262880	host:177.10.233.235 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c70d9a6440c9b19a:SESSION-c70d9a6440c9b19a	SESSION-c70d9a6440c9b19a → pe:syn:SESSION-c70d9a6440c9b19a
flow_observed5-aryOBS	e:fo:flow:d40530d159a1	flow:d40530d159a1 → host:177.10.235.131 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:8e45fdb23cc0	flow:8e45fdb23cc0 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96f4af5cf9f3425a:host:131.196.31.1	SESSION-96f4af5cf9f3425a → host:131.196.31.1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c65a4c12e9ce549:host:172.234.197.23	SESSION-5c65a4c12e9ce549 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d6eb1289c3370840:host:172.234.197.23	SESSION-d6eb1289c3370840 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.235:asn:262880	host:177.10.236.235 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e01d63cbcaad0b90:host:8.213.192.144	SESSION-e01d63cbcaad0b90 → host:8.213.192.144
flow_observed4-aryOBS	e:fo:flow:8848124e5a84	flow:8848124e5a84 → host:172.234.197.23 → host:131.196.28.28 → port:tcp:60331
FLOW_FROM_HOSTOBS	e:from:SESSION-6263455e390c054e:host:172.234.197.23	SESSION-6263455e390c054e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:15db773386fc	flow:15db773386fc → host:131.196.29.23 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-858a06c2b9abdebe:host:45.173.156.192:host:172.234.197.23	SESSION-858a06c2b9abdebe → host:45.173.156.192 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-33db7a85fa9e759a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-33db7a85fa9e759a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:5fed7e81abee:port:tcp:443	flow:5fed7e81abee → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-61edd9328a7eff0d:host:108.217.180.26:host:172.234.197.23	SESSION-61edd9328a7eff0d → host:108.217.180.26 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8278f913dbee560:host:172.234.197.23	SESSION-e8278f913dbee560 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.15:geo_-23.62930_-46.63510	host:131.196.29.15 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-12879c55e793c987:host:177.10.236.113	SESSION-12879c55e793c987 → host:177.10.236.113
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f1e9c5398b5e18f4:flow:f5f79f7f7c6a	SESSION-f1e9c5398b5e18f4 → flow:f5f79f7f7c6a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fd776fee1455ee3:host:93.119.5.133	SESSION-5fd776fee1455ee3 → host:93.119.5.133
FLOW_DST_PORTOBS	e:fp:flow:1d280cc78648:port:tcp:443	flow:1d280cc78648 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-56e56d8157575627:host:177.10.236.56	SESSION-56e56d8157575627 → host:177.10.236.56
FLOW_TLS_SNIOBS	e:fs:flow:aa0e77b18e64:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:aa0e77b18e64 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-87edcc7df5436fbe:SESSION-87edcc7df5436fbe	SESSION-87edcc7df5436fbe → pe:syn:SESSION-87edcc7df5436fbe
FLOW_FROM_HOSTOBS	e:from:SESSION-1274fc3e3cafac71:host:131.196.29.12	SESSION-1274fc3e3cafac71 → host:131.196.29.12
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c1e38c6e6df43f1:host:177.10.232.251	SESSION-3c1e38c6e6df43f1 → host:177.10.232.251
FLOW_FROM_HOSTOBS	e:from:SESSION-7a22eb4c95bd17b8:host:131.196.29.59	SESSION-7a22eb4c95bd17b8 → host:131.196.29.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85869808bb7240b3:host:172.232.0.17	SESSION-85869808bb7240b3 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0fc61bce823543f:host:177.10.238.11	SESSION-b0fc61bce823543f → host:177.10.238.11
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5ef49ba6d990c029:SESSION-5ef49ba6d990c029	SESSION-5ef49ba6d990c029 → pe:syn:SESSION-5ef49ba6d990c029
FLOW_TO_HOSTOBS	e:to:SESSION-b16751dae4d82103:host:172.234.197.23	SESSION-b16751dae4d82103 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7752628607af1d9e:host:177.10.238.215	SESSION-7752628607af1d9e → host:177.10.238.215
FLOW_QUERIED_DNSOBS	e:fd:flow:65d3f69449d7:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:65d3f69449d7 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
FLOW_FROM_HOSTOBS	e:from:SESSION-0ad9c0df7a65aa03:host:172.234.197.23	SESSION-0ad9c0df7a65aa03 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0957d40de01926ae:host:172.234.197.23	SESSION-0957d40de01926ae → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7e88e03e6557ce42:SESSION-7e88e03e6557ce42	SESSION-7e88e03e6557ce42 → pe:tls:SESSION-7e88e03e6557ce42
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fc80192f398e14d:host:131.196.29.161	SESSION-5fc80192f398e14d → host:131.196.29.161
flow_observed3-aryOBS	e:fo:flow:58b0851439a0	flow:58b0851439a0 → host:51.224.135.22 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a0b3ac6a412f	flow:a0b3ac6a412f → host:131.196.31.19 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67f971eb3e92b8d2:host:131.196.28.107	SESSION-67f971eb3e92b8d2 → host:131.196.28.107
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7aaaf2932de65e0e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-7aaaf2932de65e0e → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:589314d484ec:port:tcp:443	flow:589314d484ec → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:0bc751025b72	flow:0bc751025b72 → host:177.10.232.33 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-2997df12bb4a545b:host:172.234.197.23	SESSION-2997df12bb4a545b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-56ec76ae342b7ee6:host:131.196.29.192:host:172.234.197.23	SESSION-56ec76ae342b7ee6 → host:131.196.29.192 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-69461a2f3e15a448:host:185.231.226.242	SESSION-69461a2f3e15a448 → host:185.231.226.242
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f5d8e8d5ecc4e1f:host:131.196.29.225	SESSION-9f5d8e8d5ecc4e1f → host:131.196.29.225
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7569a7ee383f653c:PCAP:capture_20260430090001:065659c7d314	SESSION-7569a7ee383f653c → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-924a4e21bceaf0d1:host:172.234.197.23	SESSION-924a4e21bceaf0d1 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:699fc01b6874	flow:699fc01b6874 → host:172.234.197.23 → host:177.10.232.186 → port:tcp:47236
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.196:asn:262880	host:177.10.235.196 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.237:geo_-23.62930_-46.63510	host:131.196.30.237 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2dbb52de45813c9a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2dbb52de45813c9a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4013c9000873101b:host:131.196.28.231	SESSION-4013c9000873101b → host:131.196.28.231
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6104696c1212e0a0:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6104696c1212e0a0 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-61267dc46edf9a47:host:131.196.28.87	SESSION-61267dc46edf9a47 → host:131.196.28.87
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a9c12f6159b9a7a1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a9c12f6159b9a7a1 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed5-aryOBS	e:fo:flow:b34d3851d524	flow:b34d3851d524 → host:185.231.226.202 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-4f6d18082a7e4dce:host:172.234.197.23	SESSION-4f6d18082a7e4dce → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d467c8665ef34f6a:host:172.234.197.23	SESSION-d467c8665ef34f6a → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%	e:bsg:SESSION-abc64529b37d4840:BSG-DATA_EXFIL-58becbf84c75	SESSION-abc64529b37d4840 → BSG-DATA_EXFIL-58becbf84c75
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-118e26ad77e50cb0:flow:172bf7588f89	SESSION-118e26ad77e50cb0 → flow:172bf7588f89
FLOW_DST_PORTOBS	e:fp:flow:e053f58587df:port:tcp:443	flow:e053f58587df → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.140:asn:262880	host:177.10.239.140 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-98030dd572a97d39:host:172.234.197.23	SESSION-98030dd572a97d39 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0957d40de01926ae:host:172.234.197.23	SESSION-0957d40de01926ae → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-692aeceb01bd702a:flow:6a0990d94d28	SESSION-692aeceb01bd702a → flow:6a0990d94d28
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ffb355c8f64da05f:host:172.234.197.23	SESSION-ffb355c8f64da05f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-55aa5069b830c261:flow:111b323c837f	SESSION-55aa5069b830c261 → flow:111b323c837f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5b73ad2a19ec53d4:SESSION-5b73ad2a19ec53d4	SESSION-5b73ad2a19ec53d4 → pe:tls:SESSION-5b73ad2a19ec53d4
FLOW_FROM_HOSTOBS	e:from:SESSION-b5a277796632a248:host:172.234.197.23	SESSION-b5a277796632a248 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6354b0819147ed1d:host:177.10.235.113	SESSION-6354b0819147ed1d → host:177.10.235.113
FLOW_FROM_HOSTOBS	e:from:SESSION-7948a18eeb1cbc0d:host:95.170.25.31	SESSION-7948a18eeb1cbc0d → host:95.170.25.31
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4fa0ca2c10982c45:flow:a0fae993b285	SESSION-4fa0ca2c10982c45 → flow:a0fae993b285
FLOW_FROM_HOSTOBS	e:from:SESSION-4fa0ca2c10982c45:host:131.196.31.2	SESSION-4fa0ca2c10982c45 → host:131.196.31.2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5f8419335024f52:host:172.234.197.23	SESSION-c5f8419335024f52 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d80b0058aa80:port:tcp:4202	flow:d80b0058aa80 → port:tcp:4202
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-576cc11ebde25a50:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-576cc11ebde25a50 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:0357935f6477	flow:0357935f6477 → host:103.230.240.59 → host:172.234.197.23 → port:tcp:22 → svc:ssh
FLOW_DST_PORTOBS	e:fp:flow:30727c4988df:port:tcp:443	flow:30727c4988df → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd573746c1e36a64:host:131.196.29.236	SESSION-fd573746c1e36a64 → host:131.196.29.236
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bcba548cda079292:host:172.234.197.23	SESSION-bcba548cda079292 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ad7d874b9cd6bce1:PCAP:capture_20260430080001:93f47cc296a4	SESSION-ad7d874b9cd6bce1 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-cc1c86e42be942bd:host:172.234.197.23	SESSION-cc1c86e42be942bd → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-784ef99bf699df93:PCAP:capture_20260428010001:b1b402c7b202	SESSION-784ef99bf699df93 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_TO_HOSTOBS	e:to:SESSION-efd1ddb1a087b877:host:177.10.239.129	SESSION-efd1ddb1a087b877 → host:177.10.239.129
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.40:geo_-23.62930_-46.63510	host:131.196.29.40 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:bc3157f5d3c6:port:tcp:443	flow:bc3157f5d3c6 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-379e8704803db8ae:SESSION-379e8704803db8ae	SESSION-379e8704803db8ae → pe:tls:SESSION-379e8704803db8ae
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.68:asn:262880	host:177.10.238.68 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-424e5c5b03912c3d:SESSION-424e5c5b03912c3d	SESSION-424e5c5b03912c3d → pe:syn:SESSION-424e5c5b03912c3d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-76f517468502eda0:SESSION-76f517468502eda0	SESSION-76f517468502eda0 → pe:syn:SESSION-76f517468502eda0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.19:geo_-21.10010_-41.69200	host:45.173.156.19 → geo_-21.10010_-41.69200
FLOW_FROM_HOSTOBS	e:from:SESSION-eadecea9d5615d15:host:37.221.79.120	SESSION-eadecea9d5615d15 → host:37.221.79.120
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32012e3b5048e415:host:131.196.31.83	SESSION-32012e3b5048e415 → host:131.196.31.83
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.20:asn:262880	host:177.10.239.20 → asn:262880
flow_observed5-aryOBS	e:fo:flow:9352eabb144b	flow:9352eabb144b → host:177.10.236.21 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-6965561db8b52827:host:131.196.30.8	SESSION-6965561db8b52827 → host:131.196.30.8
FLOW_DST_PORTOBS	e:fp:flow:8ce6956833cf:port:tcp:443	flow:8ce6956833cf → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-01744e272bba469d:host:131.196.29.215	SESSION-01744e272bba469d → host:131.196.29.215
flow_observed4-aryOBS	e:fo:flow:78244264240b	flow:78244264240b → host:172.234.197.23 → host:177.10.238.86 → port:tcp:59042
FLOW_TO_HOSTOBS	e:to:SESSION-3c17e2540d05f4c2:host:172.234.197.23	SESSION-3c17e2540d05f4c2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-76aff26f067fcb92:host:177.10.237.72:host:172.234.197.23	SESSION-76aff26f067fcb92 → host:177.10.237.72 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-079c82b45cfad420:host:177.10.237.169	SESSION-079c82b45cfad420 → host:177.10.237.169
FLOW_FROM_HOSTOBS	e:from:SESSION-16b002b5a5ba0e61:host:177.10.238.127	SESSION-16b002b5a5ba0e61 → host:177.10.238.127
FLOW_TO_HOSTOBS	e:to:SESSION-0fa0595b0c8a6ef6:host:172.234.197.23	SESSION-0fa0595b0c8a6ef6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8bf7420041ec56c9:host:177.10.232.19	SESSION-8bf7420041ec56c9 → host:177.10.232.19
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.208:asn:273470	host:45.173.156.208 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8feacc6abd2fe08c:host:131.196.28.228	SESSION-8feacc6abd2fe08c → host:131.196.28.228
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-44593e1f87cfdd92:SESSION-44593e1f87cfdd92	SESSION-44593e1f87cfdd92 → pe:tls:SESSION-44593e1f87cfdd92
FLOW_DST_PORTOBS	e:fp:flow:9e4fc69d7f5c:port:tcp:80	flow:9e4fc69d7f5c → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae2c237b5906e067:host:177.10.239.127	SESSION-ae2c237b5906e067 → host:177.10.239.127
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ec00a834c5afff3:flow:3c91b0aebea1	SESSION-1ec00a834c5afff3 → flow:3c91b0aebea1
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.150:asn:271410	host:131.196.29.150 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.56:geo_-16.28860_-49.01640	host:177.10.232.56 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.59:asn:262880	host:177.10.236.59 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-85ceb858b118c816:SESSION-85ceb858b118c816	SESSION-85ceb858b118c816 → pe:syn:SESSION-85ceb858b118c816
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-1e69d77cebc13bf2:SESSION-1e69d77cebc13bf2	SESSION-1e69d77cebc13bf2 → pe:rst:SESSION-1e69d77cebc13bf2
FLOW_FROM_HOSTOBS	e:from:SESSION-d618ae22306fa7b9:host:177.10.234.91	SESSION-d618ae22306fa7b9 → host:177.10.234.91
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cd4f490a373a283b:host:5.182.209.49:host:172.234.197.23	SESSION-cd4f490a373a283b → host:5.182.209.49 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0e42d909a57b4903:PCAP:capture_20260430160001:9bfa4498506a	SESSION-0e42d909a57b4903 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-75d6129ea0f7ecdc:host:172.234.197.23	SESSION-75d6129ea0f7ecdc → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cfbd2e877e86cd2a:host:172.234.197.23:host:177.10.234.238	SESSION-cfbd2e877e86cd2a → host:172.234.197.23 → host:177.10.234.238
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f3748d9d14aafdb8:PCAP:capture_20260430110001:43611bdf6759	SESSION-f3748d9d14aafdb8 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-23e0f212525e0a86:flow:122a0094d863	SESSION-23e0f212525e0a86 → flow:122a0094d863
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b58dfbdc72ba0e86:host:172.234.197.23	SESSION-b58dfbdc72ba0e86 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-df3beb1e5143a102:SESSION-df3beb1e5143a102	SESSION-df3beb1e5143a102 → pe:syn:SESSION-df3beb1e5143a102
FLOW_DST_PORTOBS	e:fp:flow:a503764de615:port:tcp:29147	flow:a503764de615 → port:tcp:29147
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c7ece8090c9a4b7f:host:177.10.234.89:host:172.234.197.23	SESSION-c7ece8090c9a4b7f → host:177.10.234.89 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e673f566483c0ed3:host:172.234.197.23	SESSION-e673f566483c0ed3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8383343898074aaa:host:172.234.197.23	SESSION-8383343898074aaa → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9e896271e9295df4:host:177.10.239.166	SESSION-9e896271e9295df4 → host:177.10.239.166
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-975059a05a34b0ad:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-975059a05a34b0ad → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-07c97e671e348352:PCAP:capture_20260430060001:919b39a74464	SESSION-07c97e671e348352 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-09c97c2e7f8ca5a6:host:172.234.197.23	SESSION-09c97c2e7f8ca5a6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7c3601b8f3a6cf17:SESSION-7c3601b8f3a6cf17	SESSION-7c3601b8f3a6cf17 → pe:syn:SESSION-7c3601b8f3a6cf17
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.133:asn:271410	host:131.196.31.133 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e32df6cc4891bacc:host:131.196.30.102	SESSION-e32df6cc4891bacc → host:131.196.30.102
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e8de37a87806b5e4:SESSION-e8de37a87806b5e4	SESSION-e8de37a87806b5e4 → pe:tls:SESSION-e8de37a87806b5e4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60cd9cc046a23835:host:177.10.237.91	SESSION-60cd9cc046a23835 → host:177.10.237.91
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3617089369b58aaa:flow:074ed309c4d9	SESSION-3617089369b58aaa → flow:074ed309c4d9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c8d5fc6f7b2bd264:host:172.234.197.23:host:177.10.238.181	SESSION-c8d5fc6f7b2bd264 → host:172.234.197.23 → host:177.10.238.181
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-73eae13080f416f8:SESSION-73eae13080f416f8	SESSION-73eae13080f416f8 → pe:tls:SESSION-73eae13080f416f8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cef4b415a72da702:SESSION-cef4b415a72da702	SESSION-cef4b415a72da702 → pe:tls:SESSION-cef4b415a72da702
flow_observed5-aryOBS	e:fo:flow:118a054b5995	flow:118a054b5995 → host:177.10.237.114 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-9bc5f3d34b7b8244:host:172.234.197.23	SESSION-9bc5f3d34b7b8244 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cf85a83f91ce2875:SESSION-cf85a83f91ce2875	SESSION-cf85a83f91ce2875 → pe:tls:SESSION-cf85a83f91ce2875
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f003e7e66ba8f79:host:131.196.31.238	SESSION-4f003e7e66ba8f79 → host:131.196.31.238
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9f2c14118785728f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-9f2c14118785728f → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2e0b5328aa075dd2:host:131.196.29.69:host:172.234.197.23	SESSION-2e0b5328aa075dd2 → host:131.196.29.69 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3cd6c8dc824ee14d:host:177.10.234.137	SESSION-3cd6c8dc824ee14d → host:177.10.234.137
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.24:asn:262880	host:177.10.232.24 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-27f33a2015337a96:host:131.196.28.137	SESSION-27f33a2015337a96 → host:131.196.28.137
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f277335c7e8c32bb:host:45.145.152.19:host:172.234.197.23	SESSION-f277335c7e8c32bb → host:45.145.152.19 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f78775658cb84616:host:177.10.234.57:host:172.234.197.23	SESSION-f78775658cb84616 → host:177.10.234.57 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-21ae4bade70b1440:flow:951f2fdaa1bf	SESSION-21ae4bade70b1440 → flow:951f2fdaa1bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e61b886c68594d41:PCAP:capture_20260427210001:f654efae4e3b	SESSION-e61b886c68594d41 → PCAP:capture_20260427210001:f654efae4e3b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db638e9136fa3895:flow:e067a71c5ba5	SESSION-db638e9136fa3895 → flow:e067a71c5ba5
FLOW_DST_PORTOBS	e:fp:flow:cc8ad11dacf5:port:tcp:443	flow:cc8ad11dacf5 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-035e17bf8c36a59b:host:172.234.197.23	SESSION-035e17bf8c36a59b → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:18fe52facc0f:port:tcp:17854	flow:18fe52facc0f → port:tcp:17854
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6430336fded9a803:SESSION-6430336fded9a803	SESSION-6430336fded9a803 → pe:syn:SESSION-6430336fded9a803
FLOW_FROM_HOSTOBS	e:from:SESSION-0acd91014f6238ed:host:177.10.236.186	SESSION-0acd91014f6238ed → host:177.10.236.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-954e70596a40db71:host:177.10.232.219	SESSION-954e70596a40db71 → host:177.10.232.219
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b57c4e647c9921c9:host:172.234.197.23:host:177.10.237.28	SESSION-b57c4e647c9921c9 → host:172.234.197.23 → host:177.10.237.28
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-58a14b9397c116a1:host:131.196.29.124:host:172.234.197.23	SESSION-58a14b9397c116a1 → host:131.196.29.124 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-18178a1924ee92a1:SESSION-18178a1924ee92a1	SESSION-18178a1924ee92a1 → pe:tls:SESSION-18178a1924ee92a1
flow_observed5-aryOBS	e:fo:flow:27aad51b6c83	flow:27aad51b6c83 → host:131.196.31.30 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e816643ff0559e8:host:172.234.197.23	SESSION-5e816643ff0559e8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5ccbfb0ac760822d:SESSION-5ccbfb0ac760822d	SESSION-5ccbfb0ac760822d → pe:syn:SESSION-5ccbfb0ac760822d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b05aeaff4a071503:SESSION-b05aeaff4a071503	SESSION-b05aeaff4a071503 → pe:syn:SESSION-b05aeaff4a071503
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b58dfbdc72ba0e86:PCAP:capture_20260430060001:919b39a74464	SESSION-b58dfbdc72ba0e86 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-035e17bf8c36a59b:SESSION-035e17bf8c36a59b	SESSION-035e17bf8c36a59b → pe:tls:SESSION-035e17bf8c36a59b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.82:asn:262880	host:177.10.238.82 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-07a584f2a7f89f38:SESSION-07a584f2a7f89f38	SESSION-07a584f2a7f89f38 → pe:tls:SESSION-07a584f2a7f89f38
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bef335bbd7bd0f49:host:172.234.197.23:host:45.173.156.31	SESSION-bef335bbd7bd0f49 → host:172.234.197.23 → host:45.173.156.31
flow_observed5-aryOBS	e:fo:flow:09b6582c8a0e	flow:09b6582c8a0e → host:45.173.156.10 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b8107d9388b9d334:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b8107d9388b9d334 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-193ccf82e1088d1d:PCAP:capture_20260430070001:903a0e7a436b	SESSION-193ccf82e1088d1d → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0b5f77768a227f3c:PCAP:capture_20260430110001:43611bdf6759	SESSION-0b5f77768a227f3c → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:395d02a06476	flow:395d02a06476 → host:195.20.104.8 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-bac5dc0e18d2349f:host:172.234.197.23	SESSION-bac5dc0e18d2349f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9a6aeb664ff97dbd:SESSION-9a6aeb664ff97dbd	SESSION-9a6aeb664ff97dbd → pe:tls:SESSION-9a6aeb664ff97dbd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bcba548cda079292:host:177.10.233.53	SESSION-bcba548cda079292 → host:177.10.233.53
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-82f2c01059fea89b:PCAP:capture_20260430110001:43611bdf6759	SESSION-82f2c01059fea89b → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3d488fa50a25e1f:host:45.173.156.253	SESSION-c3d488fa50a25e1f → host:45.173.156.253
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-74f0d8e902dc1bc9:SESSION-74f0d8e902dc1bc9	SESSION-74f0d8e902dc1bc9 → pe:tls:SESSION-74f0d8e902dc1bc9
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.129:asn:262880	host:177.10.236.129 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37451ceb7f45e2a3:host:69.222.187.134:host:172.234.197.23	SESSION-37451ceb7f45e2a3 → host:69.222.187.134 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-7eb43af6b38a5d78:SESSION-7eb43af6b38a5d78	SESSION-7eb43af6b38a5d78 → pe:rst:SESSION-7eb43af6b38a5d78
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-c402fe398bbf1491:BSG-BEACON-e07f4250263f	SESSION-c402fe398bbf1491 → BSG-BEACON-e07f4250263f
FLOW_TO_HOSTOBS	e:to:SESSION-b048ecd988d76f67:host:131.196.28.175	SESSION-b048ecd988d76f67 → host:131.196.28.175
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f40be42edcf6e8ed:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f40be42edcf6e8ed → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:1704308eae32	flow:1704308eae32 → host:172.234.197.23 → host:131.196.28.169 → port:tcp:28719
FLOW_FROM_HOSTOBS	e:from:SESSION-a176047016eec520:host:172.234.197.23	SESSION-a176047016eec520 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-946275ea323f6900:PCAP:capture_20260430160001:9bfa4498506a	SESSION-946275ea323f6900 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_FROM_HOSTOBS	e:from:SESSION-47fbdf6c3cd24fcc:host:177.10.236.203	SESSION-47fbdf6c3cd24fcc → host:177.10.236.203
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fb645c1b10558a95:flow:6f77ba0efd14	SESSION-fb645c1b10558a95 → flow:6f77ba0efd14
FLOW_TO_HOSTOBS	e:to:SESSION-e8ebb92b3cccc0ee:host:177.10.239.15	SESSION-e8ebb92b3cccc0ee → host:177.10.239.15
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea2f6118de4330ea:host:131.196.29.60	SESSION-ea2f6118de4330ea → host:131.196.29.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2963f6e37ebf1d0d:host:177.10.234.203	SESSION-2963f6e37ebf1d0d → host:177.10.234.203
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-038099de878067a0:SESSION-038099de878067a0	SESSION-038099de878067a0 → pe:syn:SESSION-038099de878067a0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e40cfbe40dbbe2d2:flow:f47fcccc9f57	SESSION-e40cfbe40dbbe2d2 → flow:f47fcccc9f57
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3c1e38c6e6df43f1:PCAP:capture_20260430060001:919b39a74464	SESSION-3c1e38c6e6df43f1 → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d7aef03828b51e64:PCAP:capture_20260430050001:8868731bf8a4	SESSION-d7aef03828b51e64 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:216c4b2f40af:port:tcp:443	flow:216c4b2f40af → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:d2632cff07c3	flow:d2632cff07c3 → host:172.234.197.23 → host:177.10.234.185 → port:tcp:23865
FLOW_FROM_HOSTOBS	e:from:SESSION-d30bf1800064cde2:host:172.234.197.23	SESSION-d30bf1800064cde2 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a54cfd642968	flow:a54cfd642968 → host:172.234.197.23 → host:45.173.156.158 → port:tcp:37545
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6113f2cc2cfc5017:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-6113f2cc2cfc5017 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-e11f8c5c1e806073:host:172.234.197.23	SESSION-e11f8c5c1e806073 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47fcc0d7da6d7c1a:flow:93a88f7b92b9	SESSION-47fcc0d7da6d7c1a → flow:93a88f7b92b9
FLOW_FROM_HOSTOBS	e:from:SESSION-47ac7feaf227c129:host:172.234.197.23	SESSION-47ac7feaf227c129 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-393d4d02c091bd7e:SESSION-393d4d02c091bd7e	SESSION-393d4d02c091bd7e → pe:syn:SESSION-393d4d02c091bd7e
FLOW_FROM_HOSTOBS	e:from:SESSION-b3a17f957b1f0153:host:177.10.235.185	SESSION-b3a17f957b1f0153 → host:177.10.235.185
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eaa7799a31d50d65:SESSION-eaa7799a31d50d65	SESSION-eaa7799a31d50d65 → pe:syn:SESSION-eaa7799a31d50d65
FLOW_DST_PORTOBS	e:fp:flow:2612f05d73d2:port:tcp:443	flow:2612f05d73d2 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-500747aefaa736d2:SESSION-500747aefaa736d2	SESSION-500747aefaa736d2 → pe:syn:SESSION-500747aefaa736d2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bef08b3c32a1c401:flow:af12d296b9cb	SESSION-bef08b3c32a1c401 → flow:af12d296b9cb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-040c9c1730fd990c:host:131.196.31.227	SESSION-040c9c1730fd990c → host:131.196.31.227
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a7a354b1ade71f9e:host:177.10.239.35:host:172.234.197.23	SESSION-a7a354b1ade71f9e → host:177.10.239.35 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3f936e849fecda0:host:177.10.233.116	SESSION-e3f936e849fecda0 → host:177.10.233.116
FLOW_DST_PORTOBS	e:fp:flow:92dd17f54f7f:port:tcp:443	flow:92dd17f54f7f → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7dc8a86be27d0230:host:172.234.197.23	SESSION-7dc8a86be27d0230 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe1d6d23886f083a:host:131.196.31.141	SESSION-fe1d6d23886f083a → host:131.196.31.141
FLOW_DST_PORTOBS	e:fp:flow:8e560e9a7dcf:port:tcp:443	flow:8e560e9a7dcf → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:d82d84b392c5:port:tcp:443	flow:d82d84b392c5 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-186abbea6a1cb4f5:host:92.112.71.221	SESSION-186abbea6a1cb4f5 → host:92.112.71.221
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ec86a4c74825774a:host:131.196.31.63:host:172.234.197.23	SESSION-ec86a4c74825774a → host:131.196.31.63 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:430c72f6e0da	flow:430c72f6e0da → host:172.234.197.23 → host:80.94.92.186 → port:tcp:42888
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-919126906ac50297:host:172.234.197.23	SESSION-919126906ac50297 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-14d517e62aef6020:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-14d517e62aef6020 → PCAP:capture_20260428000001:7e90c7cb899e
flow_observed5-aryOBS	e:fo:flow:4b35d99dad77	flow:4b35d99dad77 → host:177.10.233.130 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2eec6fd9620a1613:flow:c806484b2435	SESSION-2eec6fd9620a1613 → flow:c806484b2435
FLOW_TO_HOSTOBS	e:to:SESSION-3f275f56cd4e0d64:host:172.234.197.23	SESSION-3f275f56cd4e0d64 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-61aa57a35ec0da02:flow:d1758e353542	SESSION-61aa57a35ec0da02 → flow:d1758e353542
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e327e4197615d5bf:flow:f805d83e63c0	SESSION-e327e4197615d5bf → flow:f805d83e63c0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b5a59556c261862d:SESSION-b5a59556c261862d	SESSION-b5a59556c261862d → pe:tls:SESSION-b5a59556c261862d
FLOW_TO_HOSTOBS	e:to:SESSION-b420826720a06333:host:172.234.197.23	SESSION-b420826720a06333 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f10bf652ebbcd899:host:172.234.197.23	SESSION-f10bf652ebbcd899 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1f974a8deb0f	flow:1f974a8deb0f → host:177.10.232.116 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6aca00d0413062e5:host:172.234.197.23	SESSION-6aca00d0413062e5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ab1f168a37fae671:host:172.234.197.23:host:177.10.237.82	SESSION-ab1f168a37fae671 → host:172.234.197.23 → host:177.10.237.82
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0fa06d2bfceab141:flow:d62a35c09585	SESSION-0fa06d2bfceab141 → flow:d62a35c09585
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-df1a511d64dc2d8e:PCAP:capture_20260430110001:43611bdf6759	SESSION-df1a511d64dc2d8e → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-2d7ac357c55d6f7b:host:172.234.197.23	SESSION-2d7ac357c55d6f7b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0fa0595b0c8a6ef6:PCAP:capture_20260430090001:065659c7d314	SESSION-0fa0595b0c8a6ef6 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f73d5c81ac41c00:host:172.234.197.23	SESSION-4f73d5c81ac41c00 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0ffcc2d542e7be59:host:172.234.197.23	SESSION-0ffcc2d542e7be59 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.87:geo_-23.62930_-46.63510	host:131.196.31.87 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.20:asn:203771	host:185.231.226.20 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f60661a19246ebd9:SESSION-f60661a19246ebd9	SESSION-f60661a19246ebd9 → pe:tls:SESSION-f60661a19246ebd9
FLOW_FROM_HOSTOBS	e:from:SESSION-7fa8e5b00f80216f:host:172.234.197.23	SESSION-7fa8e5b00f80216f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aecaf39909333efc:SESSION-aecaf39909333efc	SESSION-aecaf39909333efc → pe:tls:SESSION-aecaf39909333efc
flow_observed5-aryOBS	e:fo:flow:160f1437aa00	flow:160f1437aa00 → host:185.231.226.194 → host:172.234.197.23 → port:tcp:80 → svc:http
flow_observed5-aryOBS	e:fo:flow:53c66bd2b455	flow:53c66bd2b455 → host:149.202.187.73 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e074701a4b6d6566:host:177.10.236.90	SESSION-e074701a4b6d6566 → host:177.10.236.90
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-35dc83e37639d031:host:131.196.29.116:host:172.234.197.23	SESSION-35dc83e37639d031 → host:131.196.29.116 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-eba362425495480d:host:172.234.197.23	SESSION-eba362425495480d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5c439db2cd1990c9:flow:a523da3aafeb	SESSION-5c439db2cd1990c9 → flow:a523da3aafeb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a03dc7893b60925b:host:172.234.197.23	SESSION-a03dc7893b60925b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:47.129.136.46:geo_1.29390_103.84610	host:47.129.136.46 → geo_1.29390_103.84610
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bcd779876233a786:flow:fdc8b0b4727e	SESSION-bcd779876233a786 → flow:fdc8b0b4727e
FLOW_DST_PORTOBS	e:fp:flow:a8bcd235a333:port:tcp:44651	flow:a8bcd235a333 → port:tcp:44651
FLOW_DST_PORTOBS	e:fp:flow:85a454a58451:port:tcp:47115	flow:85a454a58451 → port:tcp:47115
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f70b0605ff5c8685:host:172.234.197.23	SESSION-f70b0605ff5c8685 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-779d668625040802:host:177.10.232.133:host:172.234.197.23	SESSION-779d668625040802 → host:177.10.232.133 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bc308b17bca42662:flow:4a6b04783091	SESSION-bc308b17bca42662 → flow:4a6b04783091
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0510bb60587070dd:host:172.234.197.23:host:45.173.156.110	SESSION-0510bb60587070dd → host:172.234.197.23 → host:45.173.156.110
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf9e0725ec95e307:SESSION-bf9e0725ec95e307	SESSION-bf9e0725ec95e307 → pe:tls:SESSION-bf9e0725ec95e307
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-81c3f53ebeacb521:host:177.10.234.135	SESSION-81c3f53ebeacb521 → host:177.10.234.135
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-31e4a260829c636e:SESSION-31e4a260829c636e	SESSION-31e4a260829c636e → pe:tls:SESSION-31e4a260829c636e
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.195:asn:271410	host:131.196.31.195 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1984f51487784d02:host:177.10.235.193	SESSION-1984f51487784d02 → host:177.10.235.193
flow_observed4-aryOBS	e:fo:flow:e1f042a5857e	flow:e1f042a5857e → host:172.234.197.23 → host:131.196.29.215 → port:tcp:3737
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7ae30acbd5f5fc5:host:172.234.197.23	SESSION-b7ae30acbd5f5fc5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-235be73d0ead16ae:host:172.234.197.23	SESSION-235be73d0ead16ae → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7f44cd8b141a7b5c:host:177.10.233.238:host:172.234.197.23	SESSION-7f44cd8b141a7b5c → host:177.10.233.238 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0e56fb95f564a0aa:host:172.234.197.23	SESSION-0e56fb95f564a0aa → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:91.240.224.238:asn:3170	host:91.240.224.238 → asn:3170
flow_observed5-aryOBS	e:fo:flow:e2dc5be34a26	flow:e2dc5be34a26 → host:177.10.238.53 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.29:asn:262880	host:177.10.239.29 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b96d3d249635b605:flow:dbfebbe7d3ff	SESSION-b96d3d249635b605 → flow:dbfebbe7d3ff
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ab0305ac0c92587:flow:488dfbbf9ae0	SESSION-2ab0305ac0c92587 → flow:488dfbbf9ae0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1a52ffd6f24f0f87:host:177.10.237.124:host:172.234.197.23	SESSION-1a52ffd6f24f0f87 → host:177.10.237.124 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ae9086787421:port:tcp:443	flow:ae9086787421 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-ef002e94e1d9ac81:host:131.196.29.240	SESSION-ef002e94e1d9ac81 → host:131.196.29.240
FLOW_FROM_HOSTOBS	e:from:SESSION-cb7dd74b64c1f7c7:host:172.234.197.23	SESSION-cb7dd74b64c1f7c7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bb178420802ca16:host:172.234.197.23	SESSION-3bb178420802ca16 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5972a3b732445423:host:172.234.197.23:host:177.10.236.105	SESSION-5972a3b732445423 → host:172.234.197.23 → host:177.10.236.105
FLOW_TO_HOSTOBS	e:to:SESSION-e606b3df4d49b4d1:host:172.234.197.23	SESSION-e606b3df4d49b4d1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3bfa302feda190a0:SESSION-3bfa302feda190a0	SESSION-3bfa302feda190a0 → pe:syn:SESSION-3bfa302feda190a0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-97537ed6358a20d5:PCAP:capture_20260428010001:b1b402c7b202	SESSION-97537ed6358a20d5 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_TO_HOSTOBS	e:to:SESSION-0e515946ec2b2292:host:172.234.197.23	SESSION-0e515946ec2b2292 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:210.156.0.132:geo_35.69000_139.69000	host:210.156.0.132 → geo_35.69000_139.69000
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7c3601b8f3a6cf17:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-7c3601b8f3a6cf17 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-801ebd343e287ece:flow:cb7e1163ea09	SESSION-801ebd343e287ece → flow:cb7e1163ea09
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96878fba39db06d8:host:177.10.236.191:host:172.234.197.23	SESSION-96878fba39db06d8 → host:177.10.236.191 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7f4f84053ddcae3c:host:177.10.233.201	SESSION-7f4f84053ddcae3c → host:177.10.233.201
flow_observed5-aryOBS	e:fo:flow:359deaa24329	flow:359deaa24329 → host:131.196.30.44 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-46631c2a8361f405:SESSION-46631c2a8361f405	SESSION-46631c2a8361f405 → pe:syn:SESSION-46631c2a8361f405
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-64e6d0099998fde8:SESSION-64e6d0099998fde8	SESSION-64e6d0099998fde8 → pe:tls:SESSION-64e6d0099998fde8
FLOW_DST_PORTOBS	e:fp:flow:99128cc563b7:port:tcp:443	flow:99128cc563b7 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-2df4632ec7c2c624:host:131.196.29.186	SESSION-2df4632ec7c2c624 → host:131.196.29.186
FLOW_TO_HOSTOBS	e:to:SESSION-aae44d6cd669040c:host:131.196.31.129	SESSION-aae44d6cd669040c → host:131.196.31.129
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eead3829bc62f23e:flow:eb6036ee9b02	SESSION-eead3829bc62f23e → flow:eb6036ee9b02
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3ea330cf59d2a2f8:flow:83d88592290c	SESSION-3ea330cf59d2a2f8 → flow:83d88592290c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ef9a5d8a17e479b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-8ef9a5d8a17e479b → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6d74877df7cdd5d7:SESSION-6d74877df7cdd5d7	SESSION-6d74877df7cdd5d7 → pe:syn:SESSION-6d74877df7cdd5d7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.12:geo_-16.28860_-49.01640	host:177.10.234.12 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3407d813acebc00f:PCAP:capture_20260430110001:43611bdf6759	SESSION-3407d813acebc00f → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:351a27e379de	flow:351a27e379de → host:131.196.30.233 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:140.235.124.200:asn:216030	host:140.235.124.200 → asn:216030
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-efb63adb0418d7f8:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-efb63adb0418d7f8 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:3b3399fbef03:port:tcp:443	flow:3b3399fbef03 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-92a69e37100365d0:host:177.10.239.137:host:172.234.197.23	SESSION-92a69e37100365d0 → host:177.10.239.137 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:99d68b6ab450:port:tcp:443	flow:99d68b6ab450 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:4abd29b514be	flow:4abd29b514be → host:172.234.197.23 → host:131.196.29.164 → port:tcp:13351
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.17:geo_-23.62930_-46.63510	host:131.196.31.17 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-e8e2f8ae5ea03a25:host:172.234.197.23	SESSION-e8e2f8ae5ea03a25 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa26c3a0a6de1666:host:177.10.233.172:host:172.234.197.23	SESSION-aa26c3a0a6de1666 → host:177.10.233.172 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ac71782250ec9a1:flow:a6b3b8505a68	SESSION-6ac71782250ec9a1 → flow:a6b3b8505a68
FLOW_TO_HOSTOBS	e:to:SESSION-f73bbd477b19c775:host:177.10.237.153	SESSION-f73bbd477b19c775 → host:177.10.237.153
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6aacd35f912a2971:SESSION-6aacd35f912a2971	SESSION-6aacd35f912a2971 → pe:syn:SESSION-6aacd35f912a2971
FLOW_DST_PORTOBS	e:fp:flow:2aa9d961f850:port:tcp:32943	flow:2aa9d961f850 → port:tcp:32943
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.95:geo_-16.28860_-49.01640	host:177.10.233.95 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c16307b11a026263:host:131.196.30.1	SESSION-c16307b11a026263 → host:131.196.30.1
FLOW_DST_PORTOBS	e:fp:flow:a0e0b3e2b742:port:tcp:443	flow:a0e0b3e2b742 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.60:asn:262880	host:177.10.234.60 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a7aa94b5f9268de0:host:177.10.236.180:host:172.234.197.23	SESSION-a7aa94b5f9268de0 → host:177.10.236.180 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c78f1de05120efd8:host:177.10.233.204	SESSION-c78f1de05120efd8 → host:177.10.233.204
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-59a5b7880376a89f:SESSION-59a5b7880376a89f	SESSION-59a5b7880376a89f → pe:syn:SESSION-59a5b7880376a89f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-21b975753a100632:SESSION-21b975753a100632	SESSION-21b975753a100632 → pe:tls:SESSION-21b975753a100632
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee237db5b674d6c4:host:172.234.197.23	SESSION-ee237db5b674d6c4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c67539e40b0db6c0:flow:ed638ee6cce6	SESSION-c67539e40b0db6c0 → flow:ed638ee6cce6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.168:geo_-16.28860_-49.01640	host:177.10.233.168 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.117:asn:262880	host:177.10.234.117 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf40158902d38ce6:host:177.10.236.79	SESSION-cf40158902d38ce6 → host:177.10.236.79
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e4ae2c6ddba3051:PCAP:capture_20260430080001:93f47cc296a4	SESSION-7e4ae2c6ddba3051 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38231883b4033aa4:host:131.196.30.148	SESSION-38231883b4033aa4 → host:131.196.30.148
FLOW_FROM_HOSTOBS	e:from:SESSION-44aa905e757bc471:host:172.234.197.23	SESSION-44aa905e757bc471 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51cdac11b30f43cf:flow:972221c19bc6	SESSION-51cdac11b30f43cf → flow:972221c19bc6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc0f694a62c9abc8:host:172.234.197.23	SESSION-cc0f694a62c9abc8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d234dce1ecac:port:tcp:443	flow:d234dce1ecac → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-110ce59a2a29ac0c:host:34.231.77.232:host:172.234.197.23	SESSION-110ce59a2a29ac0c → host:34.231.77.232 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c5f8419335024f52:host:49.12.170.238	SESSION-c5f8419335024f52 → host:49.12.170.238
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-999a3a68382b7707:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-999a3a68382b7707 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-360f4972fec5b7e0:SESSION-360f4972fec5b7e0	SESSION-360f4972fec5b7e0 → pe:syn:SESSION-360f4972fec5b7e0
FLOW_DST_PORTOBS	e:fp:flow:7d071d66e083:port:tcp:37162	flow:7d071d66e083 → port:tcp:37162
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6459c4621d226611:SESSION-6459c4621d226611	SESSION-6459c4621d226611 → pe:tls:SESSION-6459c4621d226611
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-738a9f5daf478976:host:172.234.197.23:host:177.10.235.61	SESSION-738a9f5daf478976 → host:172.234.197.23 → host:177.10.235.61
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.61:asn:271410	host:131.196.31.61 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b679e6887c5a68a:flow:ac8a4b797024	SESSION-7b679e6887c5a68a → flow:ac8a4b797024
FLOW_DST_PORTOBS	e:fp:flow:5560424714e6:port:tcp:54982	flow:5560424714e6 → port:tcp:54982
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa08911a1f564da4:host:45.145.152.204	SESSION-fa08911a1f564da4 → host:45.145.152.204
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b1f8267b24b78f93:flow:62208a88cbc7	SESSION-b1f8267b24b78f93 → flow:62208a88cbc7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1f082f9fe3332438:SESSION-1f082f9fe3332438	SESSION-1f082f9fe3332438 → pe:syn:SESSION-1f082f9fe3332438
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.252:geo_-16.28860_-49.01640	host:177.10.234.252 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8c54e8a5253d053d:SESSION-8c54e8a5253d053d	SESSION-8c54e8a5253d053d → pe:syn:SESSION-8c54e8a5253d053d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.253:asn:262880	host:177.10.236.253 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-848ab23bc1105d57:SESSION-848ab23bc1105d57	SESSION-848ab23bc1105d57 → pe:tls:SESSION-848ab23bc1105d57
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9eb85eb3deaacc18:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9eb85eb3deaacc18 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3e2d293cdcc6efc8:SESSION-3e2d293cdcc6efc8	SESSION-3e2d293cdcc6efc8 → pe:tls:SESSION-3e2d293cdcc6efc8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-af315627d236ddd5:host:177.10.232.73:host:172.234.197.23	SESSION-af315627d236ddd5 → host:177.10.232.73 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2344215c9738	flow:2344215c9738 → host:177.10.234.82 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-478ebcd540b5d0ef:SESSION-478ebcd540b5d0ef	SESSION-478ebcd540b5d0ef → pe:tls:SESSION-478ebcd540b5d0ef
FLOW_DST_PORTOBS	e:fp:flow:90c06adffb70:port:tcp:443	flow:90c06adffb70 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1ca1108b3f9fffc:host:92.112.71.65	SESSION-d1ca1108b3f9fffc → host:92.112.71.65
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a2a075c2c818644a:SESSION-a2a075c2c818644a	SESSION-a2a075c2c818644a → pe:syn:SESSION-a2a075c2c818644a
FLOW_TO_HOSTOBS	e:to:SESSION-b6dd65fa073f3265:host:172.234.197.23	SESSION-b6dd65fa073f3265 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e8d490f85079:port:tcp:27779	flow:e8d490f85079 → port:tcp:27779
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7948a18eeb1cbc0d:flow:c0d5ddcdc1fc	SESSION-7948a18eeb1cbc0d → flow:c0d5ddcdc1fc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4ba4bb01be574ad6:flow:eb61038ce25b	SESSION-4ba4bb01be574ad6 → flow:eb61038ce25b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-96623b45a0a307c2:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-96623b45a0a307c2 → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:2022b021ddcf	flow:2022b021ddcf → host:177.10.233.208 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-d1d152bdff2d4d10:host:177.10.232.121	SESSION-d1d152bdff2d4d10 → host:177.10.232.121
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a87d3ab31183768a:host:95.170.25.90:host:172.234.197.23	SESSION-a87d3ab31183768a → host:95.170.25.90 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-692dce6abc85c058:host:172.234.197.23	SESSION-692dce6abc85c058 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-9f0699d4f0c2d48e:BSG-BEACON-a8a8c3c8a37f	SESSION-9f0699d4f0c2d48e → BSG-BEACON-a8a8c3c8a37f
flow_observed5-aryOBS	e:fo:flow:da1cc2692f9e	flow:da1cc2692f9e → host:92.112.71.203 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b1cf957f4a121d77:PCAP:capture_20260430150001:ded20914761d	SESSION-b1cf957f4a121d77 → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3e1df474445c908f:host:131.196.30.179:host:172.234.197.23	SESSION-3e1df474445c908f → host:131.196.30.179 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:398ded72c92f:port:tcp:443	flow:398ded72c92f → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:3384d19ad96b:port:tcp:443	flow:3384d19ad96b → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-43ba6051cf9120c0:SESSION-43ba6051cf9120c0	SESSION-43ba6051cf9120c0 → pe:tls:SESSION-43ba6051cf9120c0
FLOW_DST_PORTOBS	e:fp:flow:2ca0708230f1:port:tcp:443	flow:2ca0708230f1 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-481702f1e56ec074:SESSION-481702f1e56ec074	SESSION-481702f1e56ec074 → pe:tls:SESSION-481702f1e56ec074
flow_observed5-aryOBS	e:fo:flow:8eec8996c56b	flow:8eec8996c56b → host:131.196.29.140 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:c352d0e74b3b:port:udp:53	flow:c352d0e74b3b → port:udp:53
FLOW_TO_HOSTOBS	e:to:SESSION-72cd504b232e316e:host:172.234.197.23	SESSION-72cd504b232e316e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-079ef1e0e1e74623:SESSION-079ef1e0e1e74623	SESSION-079ef1e0e1e74623 → pe:tls:SESSION-079ef1e0e1e74623
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.43:geo_-23.62930_-46.63510	host:131.196.28.43 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-64807579ab6c52ee:host:131.196.28.139	SESSION-64807579ab6c52ee → host:131.196.28.139
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ef354b4063646368:host:172.234.197.23:host:177.10.239.250	SESSION-ef354b4063646368 → host:172.234.197.23 → host:177.10.239.250
FLOW_FROM_HOSTOBS	e:from:SESSION-a38d88507263cddf:host:172.234.197.23	SESSION-a38d88507263cddf → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f1e9c5398b5e18f4:host:131.196.28.198	SESSION-f1e9c5398b5e18f4 → host:131.196.28.198
FLOW_DST_PORTOBS	e:fp:flow:86b65480c339:port:tcp:9421	flow:86b65480c339 → port:tcp:9421
flow_observed5-aryOBS	e:fo:flow:e627aad17e4f	flow:e627aad17e4f → host:177.10.239.72 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a60100c841341ace:PCAP:capture_20260430160001:9bfa4498506a	SESSION-a60100c841341ace → PCAP:capture_20260430160001:9bfa4498506a
flow_observed4-aryOBS	e:fo:flow:17b4483c0fea	flow:17b4483c0fea → host:172.234.197.23 → host:177.10.237.153 → port:tcp:38305
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3854a3544c69d398:host:172.232.0.16	SESSION-3854a3544c69d398 → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aee71e8cd1625550:SESSION-aee71e8cd1625550	SESSION-aee71e8cd1625550 → pe:tls:SESSION-aee71e8cd1625550
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bac5dc0e18d2349f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-bac5dc0e18d2349f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b91d700ec898758:host:131.196.29.19	SESSION-4b91d700ec898758 → host:131.196.29.19
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2392c0826d87e845:flow:c20c9bc4a385	SESSION-2392c0826d87e845 → flow:c20c9bc4a385
FLOW_DST_PORTOBS	e:fp:flow:496fab4372c8:port:tcp:443	flow:496fab4372c8 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-d957287df88430bb:host:177.10.239.58	SESSION-d957287df88430bb → host:177.10.239.58
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b89a1b1f5399599:host:131.196.29.65	SESSION-7b89a1b1f5399599 → host:131.196.29.65
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-755eaab432e9c6a6:SESSION-755eaab432e9c6a6	SESSION-755eaab432e9c6a6 → pe:tls:SESSION-755eaab432e9c6a6
flow_observed5-aryOBS	e:fo:flow:aeca5c8fc99c	flow:aeca5c8fc99c → host:177.10.238.135 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ef74cd6b285b3c9:host:45.173.156.189:host:172.234.197.23	SESSION-5ef74cd6b285b3c9 → host:45.173.156.189 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5f215cf2f031026d:host:177.10.237.80:host:172.234.197.23	SESSION-5f215cf2f031026d → host:177.10.237.80 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-066d98dee3275acb:SESSION-066d98dee3275acb	SESSION-066d98dee3275acb → pe:syn:SESSION-066d98dee3275acb
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.180:geo_-16.28860_-49.01640	host:177.10.236.180 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9de9d154fbb04a83:flow:67a855142315	SESSION-9de9d154fbb04a83 → flow:67a855142315
FLOW_TO_HOSTOBS	e:to:SESSION-6c0d18b24ee9d3d4:host:131.196.30.83	SESSION-6c0d18b24ee9d3d4 → host:131.196.30.83
FLOW_DST_PORTOBS	e:fp:flow:5c52d18525d9:port:tcp:443	flow:5c52d18525d9 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e17435638a41ed24:flow:8ad20b9f9a0d	SESSION-e17435638a41ed24 → flow:8ad20b9f9a0d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0799ff092dfcce41:SESSION-0799ff092dfcce41	SESSION-0799ff092dfcce41 → pe:tls:SESSION-0799ff092dfcce41
FLOW_DST_PORTOBS	e:fp:flow:d51594688c1f:port:tcp:52263	flow:d51594688c1f → port:tcp:52263
FLOW_DST_PORTOBS	e:fp:flow:eb41407044c6:port:tcp:443	flow:eb41407044c6 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-41f0125815f54041:host:172.234.197.23:host:45.173.156.138	SESSION-41f0125815f54041 → host:172.234.197.23 → host:45.173.156.138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d7aef03828b51e64:host:177.10.237.80	SESSION-d7aef03828b51e64 → host:177.10.237.80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77c4b389d95f1453:SESSION-77c4b389d95f1453	SESSION-77c4b389d95f1453 → pe:tls:SESSION-77c4b389d95f1453
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-48726e3ec935fccb:PCAP:capture_20260430080001:93f47cc296a4	SESSION-48726e3ec935fccb → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1518dad52645fa99:host:172.234.197.23:host:177.10.232.24	SESSION-1518dad52645fa99 → host:172.234.197.23 → host:177.10.232.24
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7a0913a57a803cab:flow:fe000ddf248e	SESSION-7a0913a57a803cab → flow:fe000ddf248e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e50198195b1abda9:host:131.196.30.145	SESSION-e50198195b1abda9 → host:131.196.30.145
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-28d2d0e8afd37453:flow:5961da0e448a	SESSION-28d2d0e8afd37453 → flow:5961da0e448a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-912f333ca4ce75c1:flow:5fac4106d582	SESSION-912f333ca4ce75c1 → flow:5fac4106d582
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eed27da13c534290:flow:fdd3c5ca2c21	SESSION-eed27da13c534290 → flow:fdd3c5ca2c21
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a33a5bbd98f17a5b:SESSION-a33a5bbd98f17a5b	SESSION-a33a5bbd98f17a5b → pe:syn:SESSION-a33a5bbd98f17a5b
flow_observed4-aryOBS	e:fo:flow:a922f04f1e60	flow:a922f04f1e60 → host:172.234.197.23 → host:131.196.30.8 → port:tcp:37193
FLOW_TO_HOSTOBS	e:to:SESSION-d941eb7985d54eff:host:177.10.235.248	SESSION-d941eb7985d54eff → host:177.10.235.248
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f479af38d87d852f:flow:24c19681bc1b	SESSION-f479af38d87d852f → flow:24c19681bc1b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-177c9265a29fe644:SESSION-177c9265a29fe644	SESSION-177c9265a29fe644 → pe:syn:SESSION-177c9265a29fe644
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.214:geo_41.02140_28.99480	host:185.231.226.214 → geo_41.02140_28.99480
FLOW_FROM_HOSTOBS	e:from:SESSION-86951cb3218963fd:host:177.10.235.126	SESSION-86951cb3218963fd → host:177.10.235.126
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-848453a25431759d:SESSION-848453a25431759d	SESSION-848453a25431759d → pe:tls:SESSION-848453a25431759d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-45775bc626dbc608:PCAP:capture_20260430070001:903a0e7a436b	SESSION-45775bc626dbc608 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da64f1d11a78111b:host:172.234.197.23	SESSION-da64f1d11a78111b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2ed760af2d8fedd4:host:131.196.31.187	SESSION-2ed760af2d8fedd4 → host:131.196.31.187
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d5e5bbccd32f2d5:host:131.196.30.45	SESSION-5d5e5bbccd32f2d5 → host:131.196.30.45
FLOW_TO_HOSTOBS	e:to:SESSION-76cec71360f7a00a:host:177.10.235.55	SESSION-76cec71360f7a00a → host:177.10.235.55
flow_observed5-aryOBS	e:fo:flow:9d6923eb9b16	flow:9d6923eb9b16 → host:97.139.12.85 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-cdcb5008ac7e3b15:host:172.234.197.23	SESSION-cdcb5008ac7e3b15 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e3fba4062f618c50:host:131.196.29.12:host:172.234.197.23	SESSION-e3fba4062f618c50 → host:131.196.29.12 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-498c2476ff0ce5ee:flow:e41cd30fc843	SESSION-498c2476ff0ce5ee → flow:e41cd30fc843
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-879f882e46cb6c3f:host:172.234.197.23:host:131.196.28.141	SESSION-879f882e46cb6c3f → host:172.234.197.23 → host:131.196.28.141
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2e0b5328aa075dd2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2e0b5328aa075dd2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.155:asn:262880	host:177.10.234.155 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-6fdc52c769919c0f:host:177.10.238.60	SESSION-6fdc52c769919c0f → host:177.10.238.60
FLOW_DST_PORTOBS	e:fp:flow:ab0c50a1d4b1:port:tcp:443	flow:ab0c50a1d4b1 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:349f21578dbb:port:tcp:46178	flow:349f21578dbb → port:tcp:46178
flow_observed4-aryOBS	e:fo:flow:594889790177	flow:594889790177 → host:172.234.197.23 → host:131.196.29.248 → port:tcp:56567
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7d1b2f476de49a99:SESSION-7d1b2f476de49a99	SESSION-7d1b2f476de49a99 → pe:tls:SESSION-7d1b2f476de49a99
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bfa418bfe374bf06:SESSION-bfa418bfe374bf06	SESSION-bfa418bfe374bf06 → pe:tls:SESSION-bfa418bfe374bf06
FLOW_FROM_HOSTOBS	e:from:SESSION-5eb3b0eaf7de1b7d:host:95.170.25.87	SESSION-5eb3b0eaf7de1b7d → host:95.170.25.87
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9f10bcf378efcbb9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9f10bcf378efcbb9 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2eb24274e849c36c:SESSION-2eb24274e849c36c	SESSION-2eb24274e849c36c → pe:tls:SESSION-2eb24274e849c36c
FLOW_TO_HOSTOBS	e:to:SESSION-bcd779876233a786:host:172.234.197.23	SESSION-bcd779876233a786 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e034fcb399102895:host:172.234.197.23	SESSION-e034fcb399102895 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9ab65b5d8a01cf3d:SESSION-9ab65b5d8a01cf3d	SESSION-9ab65b5d8a01cf3d → pe:syn:SESSION-9ab65b5d8a01cf3d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88d03f5c2bc073a8:host:177.10.232.205	SESSION-88d03f5c2bc073a8 → host:177.10.232.205
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d811160d7459a4b2:host:172.234.197.23	SESSION-d811160d7459a4b2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3fb8ed1fbc81e736:host:177.10.239.132:host:172.234.197.23	SESSION-3fb8ed1fbc81e736 → host:177.10.239.132 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-14cb036847147428:SESSION-14cb036847147428	SESSION-14cb036847147428 → pe:syn:SESSION-14cb036847147428
FLOW_TO_HOSTOBS	e:to:SESSION-5ef74cd6b285b3c9:host:172.234.197.23	SESSION-5ef74cd6b285b3c9 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7536a33faff5a95d:host:172.234.197.23	SESSION-7536a33faff5a95d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:fb994670cf9b	flow:fb994670cf9b → host:177.10.238.216 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-691bf265b7044ac7:SESSION-691bf265b7044ac7	SESSION-691bf265b7044ac7 → pe:syn:SESSION-691bf265b7044ac7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-324907e130151d7d:host:131.196.29.134:host:172.234.197.23	SESSION-324907e130151d7d → host:131.196.29.134 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2fc2bfb2b0c4767b:host:172.234.197.23:host:177.10.239.205	SESSION-2fc2bfb2b0c4767b → host:172.234.197.23 → host:177.10.239.205
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-122c6042cd97886a:host:177.10.235.59:host:172.234.197.23	SESSION-122c6042cd97886a → host:177.10.235.59 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bce308e5c94583d6:host:131.196.31.113	SESSION-bce308e5c94583d6 → host:131.196.31.113
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-6e8b24d973ac1177:BSG-BEACON-5c9176894196	SESSION-6e8b24d973ac1177 → BSG-BEACON-5c9176894196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84e5e89f26aa2ca2:host:177.10.239.175	SESSION-84e5e89f26aa2ca2 → host:177.10.239.175
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-93e1e76eb6bfe5a3:flow:ffcefb7270a1	SESSION-93e1e76eb6bfe5a3 → flow:ffcefb7270a1
FLOW_DST_PORTOBS	e:fp:flow:9ac58cc69d5e:port:tcp:443	flow:9ac58cc69d5e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74ad535621338757:host:172.234.197.23	SESSION-74ad535621338757 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-91919daf8511716e:host:131.196.31.98	SESSION-91919daf8511716e → host:131.196.31.98
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aae42b7cc2993272:flow:9d3bfcd21805	SESSION-aae42b7cc2993272 → flow:9d3bfcd21805
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9d4e1b0711d4507:host:172.234.197.23	SESSION-c9d4e1b0711d4507 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-574dd53dd07894c0:host:172.234.197.23	SESSION-574dd53dd07894c0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3407d813acebc00f:host:172.234.197.23	SESSION-3407d813acebc00f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-11e7a161068ba48e:host:172.234.197.23	SESSION-11e7a161068ba48e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-37a50d9fe3e20191:host:172.234.197.23	SESSION-37a50d9fe3e20191 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3580ed766290:port:tcp:45022	flow:3580ed766290 → port:tcp:45022
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f0bdeae27fd42a89:PCAP:capture_20260430050001:8868731bf8a4	SESSION-f0bdeae27fd42a89 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:b55125dd0018	flow:b55125dd0018 → host:131.196.29.130 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fd2e4550d5ebaf09:SESSION-fd2e4550d5ebaf09	SESSION-fd2e4550d5ebaf09 → pe:tls:SESSION-fd2e4550d5ebaf09
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.52:geo_-16.28860_-49.01640	host:177.10.236.52 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:31dd5b8aecb6:port:tcp:193	flow:31dd5b8aecb6 → port:tcp:193
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6c06bd8d9952317f:host:177.10.237.63:host:172.234.197.23	SESSION-6c06bd8d9952317f → host:177.10.237.63 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-56d3faf83e1ced7d:SESSION-56d3faf83e1ced7d	SESSION-56d3faf83e1ced7d → pe:syn:SESSION-56d3faf83e1ced7d
FLOW_TO_HOSTOBS	e:to:SESSION-74188080b03487af:host:45.173.156.201	SESSION-74188080b03487af → host:45.173.156.201
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c7201144bad9d462:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c7201144bad9d462 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d0a19698769d1246:PCAP:capture_20260430110001:43611bdf6759	SESSION-d0a19698769d1246 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-09e8a1451dd94c84:host:172.234.197.23	SESSION-09e8a1451dd94c84 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bedaa62e135c647a:host:172.234.197.23	SESSION-bedaa62e135c647a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-34cbebf9a190be23:host:131.196.30.253	SESSION-34cbebf9a190be23 → host:131.196.30.253
FLOW_DST_PORTOBS	e:fp:flow:c54afd12c1fc:port:tcp:443	flow:c54afd12c1fc → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-35dd0088a1238ab9:PCAP:capture_20260430080001:93f47cc296a4	SESSION-35dd0088a1238ab9 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-c1a14827dc654457:host:131.196.28.12	SESSION-c1a14827dc654457 → host:131.196.28.12
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.205:geo_-23.62930_-46.63510	host:131.196.30.205 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d52597e88babdbe8:host:131.196.31.217	SESSION-d52597e88babdbe8 → host:131.196.31.217
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f34bafe5f2be5770:host:131.196.29.16	SESSION-f34bafe5f2be5770 → host:131.196.29.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9222c19da42c0aaa:PCAP:capture_20260430160001:9bfa4498506a	SESSION-9222c19da42c0aaa → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f355ffd88e7f5027:SESSION-f355ffd88e7f5027	SESSION-f355ffd88e7f5027 → pe:tls:SESSION-f355ffd88e7f5027
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ef46e42b79ae57cb:SESSION-ef46e42b79ae57cb	SESSION-ef46e42b79ae57cb → pe:tls:SESSION-ef46e42b79ae57cb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-954e70596a40db71:flow:4a61bb84d464	SESSION-954e70596a40db71 → flow:4a61bb84d464
FLOW_TO_HOSTOBS	e:to:SESSION-23b772dcd58e4ef3:host:172.234.197.23	SESSION-23b772dcd58e4ef3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:41192bbe866c:port:tcp:443	flow:41192bbe866c → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:193.32.162.28:asn:47890	host:193.32.162.28 → asn:47890
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e52ff6e3dab6ecf9:SESSION-e52ff6e3dab6ecf9	SESSION-e52ff6e3dab6ecf9 → pe:tls:SESSION-e52ff6e3dab6ecf9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a91fe9a6e775a606:flow:325053d9614b	SESSION-a91fe9a6e775a606 → flow:325053d9614b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.237:asn:262880	host:177.10.239.237 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7498682ecb6877b0:host:172.234.197.23:host:131.196.31.127	SESSION-7498682ecb6877b0 → host:172.234.197.23 → host:131.196.31.127
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3cdf0b404a4678c5:PCAP:capture_20260430110001:43611bdf6759	SESSION-3cdf0b404a4678c5 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-27f830f77ddb5dd1:flow:05ba29ffa20b	SESSION-27f830f77ddb5dd1 → flow:05ba29ffa20b
flow_observed5-aryOBS	e:fo:flow:b20e48464cae	flow:b20e48464cae → host:131.196.30.207 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47ed07d15aa63df9:host:172.234.197.23	SESSION-47ed07d15aa63df9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0a11bbc1f12398e3:flow:5cc817034f10	SESSION-0a11bbc1f12398e3 → flow:5cc817034f10
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-921389e161f019e9:SESSION-921389e161f019e9	SESSION-921389e161f019e9 → pe:syn:SESSION-921389e161f019e9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02999fe2096ad39b:host:172.234.197.23	SESSION-02999fe2096ad39b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-04af603e6c9a6691:SESSION-04af603e6c9a6691	SESSION-04af603e6c9a6691 → pe:syn:SESSION-04af603e6c9a6691
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-996c7a5f028b9d80:SESSION-996c7a5f028b9d80	SESSION-996c7a5f028b9d80 → pe:tls:SESSION-996c7a5f028b9d80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ca00666a1b5cdae:flow:d5753efef811	SESSION-1ca00666a1b5cdae → flow:d5753efef811
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b05f07ed9250ae8e:host:131.196.30.121:host:172.234.197.23	SESSION-b05f07ed9250ae8e → host:131.196.30.121 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cfde024084873f29:host:199.16.157.182	SESSION-cfde024084873f29 → host:199.16.157.182
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.96:asn:262880	host:177.10.234.96 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f1b980e392c4795:host:45.173.156.67	SESSION-4f1b980e392c4795 → host:45.173.156.67
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-69c66b3db447dca1:SESSION-69c66b3db447dca1	SESSION-69c66b3db447dca1 → pe:tls:SESSION-69c66b3db447dca1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7858b3452cd9a479:SESSION-7858b3452cd9a479	SESSION-7858b3452cd9a479 → pe:syn:SESSION-7858b3452cd9a479
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b332774cd544824a:host:172.234.197.23	SESSION-b332774cd544824a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-913ac926bd708af5:host:172.234.197.23:host:177.10.238.218	SESSION-913ac926bd708af5 → host:172.234.197.23 → host:177.10.238.218
FLOW_FROM_HOSTOBS	e:from:SESSION-0dad0a06445f9e1f:host:131.196.29.175	SESSION-0dad0a06445f9e1f → host:131.196.29.175
FLOW_FROM_HOSTOBS	e:from:SESSION-41b71c4a2ccc13b3:host:131.196.30.20	SESSION-41b71c4a2ccc13b3 → host:131.196.30.20
flow_observed5-aryOBS	e:fo:flow:5139d2cd5544	flow:5139d2cd5544 → host:177.10.237.183 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-079ef1e0e1e74623:host:177.10.237.94	SESSION-079ef1e0e1e74623 → host:177.10.237.94
FLOW_TO_HOSTOBS	e:to:SESSION-c77e81e6376168a3:host:172.234.197.23	SESSION-c77e81e6376168a3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5c1235898cd7:port:tcp:443	flow:5c1235898cd7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cdd13464c217a214:SESSION-cdd13464c217a214	SESSION-cdd13464c217a214 → pe:syn:SESSION-cdd13464c217a214
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4c1ac661b3c1fca0:SESSION-4c1ac661b3c1fca0	SESSION-4c1ac661b3c1fca0 → pe:tls:SESSION-4c1ac661b3c1fca0
FLOW_TLS_SNIOBS	e:fs:flow:fab5b16eef82:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:fab5b16eef82 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-9a236c6c04af1f19:host:91.240.224.238	SESSION-9a236c6c04af1f19 → host:91.240.224.238
flow_observed5-aryOBS	e:fo:flow:4f536e99c9cc	flow:4f536e99c9cc → host:177.10.239.58 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8e0f3c8a35641f7b:flow:be505aff798a	SESSION-8e0f3c8a35641f7b → flow:be505aff798a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-05a7cad64bbe69e6:host:172.234.197.23:host:45.173.156.72	SESSION-05a7cad64bbe69e6 → host:172.234.197.23 → host:45.173.156.72
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4cc664d616fce9d7:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-4cc664d616fce9d7 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-10017e021bbc0f25:host:172.234.197.23	SESSION-10017e021bbc0f25 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65274afd8d8bc249:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-65274afd8d8bc249 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3739e8b613327ce5:flow:8d09d19297dd	SESSION-3739e8b613327ce5 → flow:8d09d19297dd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-3553d3f3f842e7ac:SESSION-3553d3f3f842e7ac	SESSION-3553d3f3f842e7ac → pe:rst:SESSION-3553d3f3f842e7ac
FLOW_FROM_HOSTOBS	e:from:SESSION-d1ec6b7d17caa72c:host:177.10.234.15	SESSION-d1ec6b7d17caa72c → host:177.10.234.15
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f718644b6283d05d:host:172.234.197.23:host:177.10.238.29	SESSION-f718644b6283d05d → host:172.234.197.23 → host:177.10.238.29
flow_observed4-aryOBS	e:fo:flow:a5dcec87eab7	flow:a5dcec87eab7 → host:172.234.197.23 → host:45.173.156.116 → port:tcp:56646
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-62337f4a23aa4d2d:SESSION-62337f4a23aa4d2d	SESSION-62337f4a23aa4d2d → pe:syn:SESSION-62337f4a23aa4d2d
FLOW_TO_HOSTOBS	e:to:SESSION-954ce8dcd8b034e5:host:172.234.197.23	SESSION-954ce8dcd8b034e5 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:8ddcd7a85531	flow:8ddcd7a85531 → host:5.182.209.49 → host:172.234.197.23 → port:tcp:23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0b228975a6eff356:SESSION-0b228975a6eff356	SESSION-0b228975a6eff356 → pe:syn:SESSION-0b228975a6eff356
flow_observed5-aryOBS	e:fo:flow:4c12ac92a068	flow:4c12ac92a068 → host:131.196.31.167 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.102:geo_-16.28860_-49.01640	host:177.10.233.102 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d9fdfee14b0ac469:SESSION-d9fdfee14b0ac469	SESSION-d9fdfee14b0ac469 → pe:tls:SESSION-d9fdfee14b0ac469
FLOW_DST_PORTOBS	e:fp:flow:219da1e00ae9:port:tcp:443	flow:219da1e00ae9 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-20e3655a208f66c6:flow:696886d3d3f0	SESSION-20e3655a208f66c6 → flow:696886d3d3f0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8293f5a95baa645a:SESSION-8293f5a95baa645a	SESSION-8293f5a95baa645a → pe:tls:SESSION-8293f5a95baa645a
FLOW_FROM_HOSTOBS	e:from:SESSION-3931cb15b35f138a:host:177.10.236.178	SESSION-3931cb15b35f138a → host:177.10.236.178
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d027fcdf19e82664:SESSION-d027fcdf19e82664	SESSION-d027fcdf19e82664 → pe:syn:SESSION-d027fcdf19e82664
flow_observed5-aryOBS	e:fo:flow:9cfc56b56021	flow:9cfc56b56021 → host:177.10.233.38 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:c739bac7578a	flow:c739bac7578a → host:177.10.237.212 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7e88e03e6557ce42:host:172.234.197.23:host:131.196.29.134	SESSION-7e88e03e6557ce42 → host:172.234.197.23 → host:131.196.29.134
FLOW_FROM_HOSTOBS	e:from:SESSION-3675340578297917:host:172.234.197.23	SESSION-3675340578297917 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-add028e8e7760fa2:SESSION-add028e8e7760fa2	SESSION-add028e8e7760fa2 → pe:tls:SESSION-add028e8e7760fa2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9f05806c7fdedb94:host:172.234.197.23	SESSION-9f05806c7fdedb94 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65fda4a5b580780a:host:172.234.197.23:host:177.10.239.139	SESSION-65fda4a5b580780a → host:172.234.197.23 → host:177.10.239.139
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b59030bd39741ab3:flow:0d640ebd0e77	SESSION-b59030bd39741ab3 → flow:0d640ebd0e77
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37a8b94aca0a72fd:PCAP:capture_20260430160001:9bfa4498506a	SESSION-37a8b94aca0a72fd → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-414bf7406e62b7e2:PCAP:capture_20260430060001:919b39a74464	SESSION-414bf7406e62b7e2 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4e9a3a3a63cdb2e:host:45.173.156.223	SESSION-c4e9a3a3a63cdb2e → host:45.173.156.223
FLOW_DST_PORTOBS	e:fp:flow:1b20de5d296d:port:tcp:443	flow:1b20de5d296d → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:5f03c3122d2b:port:tcp:443	flow:5f03c3122d2b → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:e90c527361e6:port:tcp:443	flow:e90c527361e6 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-9cd8abbfdfb95d18:host:172.234.197.23	SESSION-9cd8abbfdfb95d18 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f1009c3ce0fc23df:host:172.234.197.23	SESSION-f1009c3ce0fc23df → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-42ac4798d48b113f:host:172.234.197.23	SESSION-42ac4798d48b113f → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.91:asn:262880	host:177.10.236.91 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-01716d55cf2099e5:host:177.10.234.179	SESSION-01716d55cf2099e5 → host:177.10.234.179
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0feaffd55940508b:host:177.10.237.238	SESSION-0feaffd55940508b → host:177.10.237.238
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.83:asn:271410	host:131.196.31.83 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ff9e556bf199706:PCAP:capture_20260430050001:8868731bf8a4	SESSION-6ff9e556bf199706 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-202b4507c8c6a688:host:177.10.234.57	SESSION-202b4507c8c6a688 → host:177.10.234.57
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2dd1a49fa9f1084b:host:172.234.197.23	SESSION-2dd1a49fa9f1084b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d9a4406bd7b3b41:host:172.234.197.23	SESSION-4d9a4406bd7b3b41 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d4d0ab62891a0a5c:SESSION-d4d0ab62891a0a5c	SESSION-d4d0ab62891a0a5c → pe:syn:SESSION-d4d0ab62891a0a5c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1a8968fd2a11ede8:flow:a5a7f9bf05f6	SESSION-1a8968fd2a11ede8 → flow:a5a7f9bf05f6
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.76:asn:262880	host:177.10.236.76 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:e9b114480d67:port:tcp:443	flow:e9b114480d67 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-79760fcdb710bc7a:host:172.234.197.23:host:177.10.237.18	SESSION-79760fcdb710bc7a → host:172.234.197.23 → host:177.10.237.18
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f8cba099c11564e8:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f8cba099c11564e8 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85f4ab9e3ed21fa2:flow:425d8702e81b	SESSION-85f4ab9e3ed21fa2 → flow:425d8702e81b
FLOW_TO_HOSTOBS	e:to:SESSION-828db1ebc34fa50a:host:177.10.233.249	SESSION-828db1ebc34fa50a → host:177.10.233.249
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-63f078b7cf539982:host:131.196.29.51:host:172.234.197.23	SESSION-63f078b7cf539982 → host:131.196.29.51 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f6ab7360966186b9:host:177.10.237.35:host:172.234.197.23	SESSION-f6ab7360966186b9 → host:177.10.237.35 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9bc5f3d34b7b8244:host:172.234.197.23	SESSION-9bc5f3d34b7b8244 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b19ab9caf851	flow:b19ab9caf851 → host:177.10.235.151 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9e1cb285535c63d0:SESSION-9e1cb285535c63d0	SESSION-9e1cb285535c63d0 → pe:syn:SESSION-9e1cb285535c63d0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ac1869edc353761e:host:131.196.29.41:host:172.234.197.23	SESSION-ac1869edc353761e → host:131.196.29.41 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9d01126d5763bf9:host:172.234.197.23	SESSION-f9d01126d5763bf9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9ade9c3210d2	flow:9ade9c3210d2 → host:177.10.236.1 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:64e8ae830f9a	flow:64e8ae830f9a → host:172.234.197.23 → host:45.173.156.110 → port:tcp:3106
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb5c3fce7274dac7:host:172.234.197.23	SESSION-cb5c3fce7274dac7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e0a8afad40ce0aa2:host:172.234.197.23	SESSION-e0a8afad40ce0aa2 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1362b7f51908925c:SESSION-1362b7f51908925c	SESSION-1362b7f51908925c → pe:tls:SESSION-1362b7f51908925c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96cc205c664fccab:SESSION-96cc205c664fccab	SESSION-96cc205c664fccab → pe:tls:SESSION-96cc205c664fccab
FLOW_DST_PORTOBS	e:fp:flow:2b4699f1971c:port:tcp:443	flow:2b4699f1971c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-56d3faf83e1ced7d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-56d3faf83e1ced7d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2505ce7e1d614150:host:131.196.28.16:host:172.234.197.23	SESSION-2505ce7e1d614150 → host:131.196.28.16 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-341cb53ffc41c3af:SESSION-341cb53ffc41c3af	SESSION-341cb53ffc41c3af → pe:syn:SESSION-341cb53ffc41c3af
flow_observed4-aryOBS	e:fo:flow:69db748baf48	flow:69db748baf48 → host:172.234.197.23 → host:177.10.239.93 → port:tcp:54866
FLOW_TO_HOSTOBS	e:to:SESSION-463ebb9b343c8b6a:host:172.234.197.23	SESSION-463ebb9b343c8b6a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4dd5260308cf6ea:PCAP:capture_20260430150001:ded20914761d	SESSION-c4dd5260308cf6ea → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:4481ce0e345c:port:tcp:56850	flow:4481ce0e345c → port:tcp:56850
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-99af0da0e550d67b:host:131.196.31.18:host:172.234.197.23	SESSION-99af0da0e550d67b → host:131.196.31.18 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bb0c069bf1f40e5a:host:54.91.240.230:host:172.234.197.23	SESSION-bb0c069bf1f40e5a → host:54.91.240.230 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-803381ec4a55866c:host:172.234.197.23	SESSION-803381ec4a55866c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c390a73ee41b4c6d:host:172.234.197.23	SESSION-c390a73ee41b4c6d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7c85a8771eed4d0f:SESSION-7c85a8771eed4d0f	SESSION-7c85a8771eed4d0f → pe:syn:SESSION-7c85a8771eed4d0f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.88:geo_-16.28860_-49.01640	host:177.10.237.88 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-915c694a7f41c8e3:flow:f99b1b2b978a	SESSION-915c694a7f41c8e3 → flow:f99b1b2b978a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e6a5c0858fcd0d09:host:172.234.197.23:host:177.10.234.64	SESSION-e6a5c0858fcd0d09 → host:172.234.197.23 → host:177.10.234.64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11641f941720f4cf:host:172.234.197.23	SESSION-11641f941720f4cf → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-733b7037c38abbcf:host:172.234.197.23	SESSION-733b7037c38abbcf → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-970108b06912c1b7:host:172.234.197.23	SESSION-970108b06912c1b7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-20a3b697d9e7cdf6:host:131.196.29.94:host:172.234.197.23	SESSION-20a3b697d9e7cdf6 → host:131.196.29.94 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:51011bc622ec:port:tcp:443	flow:51011bc622ec → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-18178a1924ee92a1:PCAP:capture_20260430110001:43611bdf6759	SESSION-18178a1924ee92a1 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:aec2e3d6fdc5:port:tcp:684	flow:aec2e3d6fdc5 → port:tcp:684
FLOW_DST_PORTOBS	e:fp:flow:43c799553914:port:tcp:38705	flow:43c799553914 → port:tcp:38705
FLOW_FROM_HOSTOBS	e:from:SESSION-b4341cac0cb5b3aa:host:172.234.197.23	SESSION-b4341cac0cb5b3aa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8dc993a043c8fb1:host:172.234.197.23	SESSION-b8dc993a043c8fb1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.143:geo_-23.62930_-46.63510	host:131.196.28.143 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6bbf6176d0f5e38d:flow:2eafb8abd862	SESSION-6bbf6176d0f5e38d → flow:2eafb8abd862
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-67ec60ac13d58093:SESSION-67ec60ac13d58093	SESSION-67ec60ac13d58093 → pe:tls:SESSION-67ec60ac13d58093
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9c58d6336bd500b5:flow:8c5e40504e89	SESSION-9c58d6336bd500b5 → flow:8c5e40504e89
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3f25ebe7728e5694:SESSION-3f25ebe7728e5694	SESSION-3f25ebe7728e5694 → pe:syn:SESSION-3f25ebe7728e5694
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6da60a47e57e7ba3:SESSION-6da60a47e57e7ba3	SESSION-6da60a47e57e7ba3 → pe:syn:SESSION-6da60a47e57e7ba3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d59ad8978cc7e8b9:host:172.234.197.23:host:177.10.238.62	SESSION-d59ad8978cc7e8b9 → host:172.234.197.23 → host:177.10.238.62
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-67b1c0091ebc1322:SESSION-67b1c0091ebc1322	SESSION-67b1c0091ebc1322 → pe:tls:SESSION-67b1c0091ebc1322
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-17dd55091d27669a:flow:98f62f7def50	SESSION-17dd55091d27669a → flow:98f62f7def50
FLOW_DST_PORTOBS	e:fp:flow:268b6ae636af:port:tcp:3608	flow:268b6ae636af → port:tcp:3608
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.46:asn:271410	host:131.196.31.46 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3e1df474445c908f:SESSION-3e1df474445c908f	SESSION-3e1df474445c908f → pe:tls:SESSION-3e1df474445c908f
FLOW_TO_HOSTOBS	e:to:SESSION-04ab6357fe1e6c0a:host:172.234.197.23	SESSION-04ab6357fe1e6c0a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7eabead80f81736f:host:177.10.235.205	SESSION-7eabead80f81736f → host:177.10.235.205
FLOW_FROM_HOSTOBS	e:from:SESSION-2ec4c9189aa8273c:host:177.10.237.182	SESSION-2ec4c9189aa8273c → host:177.10.237.182
FLOW_DST_PORTOBS	e:fp:flow:a0e4099057e0:port:tcp:443	flow:a0e4099057e0 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6eb1289c3370840:host:172.234.197.23	SESSION-d6eb1289c3370840 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5711ff8b5c9f:port:tcp:55913	flow:5711ff8b5c9f → port:tcp:55913
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a5106b190666c06c:flow:e9d52fc0a395	SESSION-a5106b190666c06c → flow:e9d52fc0a395
FLOW_TO_HOSTOBS	e:to:SESSION-6634561e4b2b2821:host:172.234.197.23	SESSION-6634561e4b2b2821 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9eb3af12cfff0086:host:177.10.238.88	SESSION-9eb3af12cfff0086 → host:177.10.238.88
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db187e026dbc97b6:SESSION-db187e026dbc97b6	SESSION-db187e026dbc97b6 → pe:tls:SESSION-db187e026dbc97b6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0f20859a8cab5c7a:flow:43c901c3f5f5	SESSION-0f20859a8cab5c7a → flow:43c901c3f5f5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a1628bbd64c13f5a:flow:6caf94816bfe	SESSION-a1628bbd64c13f5a → flow:6caf94816bfe
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ca59997a1fd2235:host:45.173.156.148:host:172.234.197.23	SESSION-2ca59997a1fd2235 → host:45.173.156.148 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d62a35c09585:port:tcp:443	flow:d62a35c09585 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-73ac0ee86c608450:host:131.196.31.47	SESSION-73ac0ee86c608450 → host:131.196.31.47
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76cec71360f7a00a:host:177.10.235.55	SESSION-76cec71360f7a00a → host:177.10.235.55
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.57:geo_-23.62930_-46.63510	host:131.196.31.57 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cca8cec112e53d8f:host:177.10.235.110	SESSION-cca8cec112e53d8f → host:177.10.235.110
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-19fcdbc3c5b0e100:flow:aec2e3d6fdc5	SESSION-19fcdbc3c5b0e100 → flow:aec2e3d6fdc5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-952305350dc386c3:host:172.234.197.23	SESSION-952305350dc386c3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-456e7eaee9f2720f:PCAP:capture_20260430130001:4249c4e0a4c4	SESSION-456e7eaee9f2720f → PCAP:capture_20260430130001:4249c4e0a4c4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4b068e0f016ef609:flow:c4215030ed58	SESSION-4b068e0f016ef609 → flow:c4215030ed58
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.180:geo_-16.28860_-49.01640	host:177.10.239.180 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-049aa291881e8f8b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-049aa291881e8f8b → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-678637d3dc5962bf:host:177.10.232.178	SESSION-678637d3dc5962bf → host:177.10.232.178
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-320a5544f819c3b7:SESSION-320a5544f819c3b7	SESSION-320a5544f819c3b7 → pe:tls:SESSION-320a5544f819c3b7
flow_observed5-aryOBS	e:fo:flow:dd3dc8325244	flow:dd3dc8325244 → host:31.40.196.151 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-76f517468502eda0:host:172.234.197.23	SESSION-76f517468502eda0 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-750eaff924399322:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-750eaff924399322 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-96ad3251c1ecb855:host:177.10.237.18	SESSION-96ad3251c1ecb855 → host:177.10.237.18
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47acb5bee39822f1:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-47acb5bee39822f1 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cf669240db189a71:PCAP:capture_20260430110001:43611bdf6759	SESSION-cf669240db189a71 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:342b74f48771	flow:342b74f48771 → host:177.10.238.87 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b02fe311e9b10a6:host:177.10.233.98	SESSION-0b02fe311e9b10a6 → host:177.10.233.98
FLOW_FROM_HOSTOBS	e:from:SESSION-98030dd572a97d39:host:131.196.28.70	SESSION-98030dd572a97d39 → host:131.196.28.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9f9972302e9230d9:SESSION-9f9972302e9230d9	SESSION-9f9972302e9230d9 → pe:tls:SESSION-9f9972302e9230d9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.99:geo_-23.62930_-46.63510	host:131.196.29.99 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a7a354b1ade71f9e:SESSION-a7a354b1ade71f9e	SESSION-a7a354b1ade71f9e → pe:syn:SESSION-a7a354b1ade71f9e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-049aa291881e8f8b:host:177.10.232.72	SESSION-049aa291881e8f8b → host:177.10.232.72
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-67a710d2531b2faa:host:45.173.156.162:host:172.234.197.23	SESSION-67a710d2531b2faa → host:45.173.156.162 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:101cbd7b1949	flow:101cbd7b1949 → host:177.10.232.88 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-981fac77dd79326b:host:172.234.197.23	SESSION-981fac77dd79326b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5940a5357983452d:flow:c665b1e8f8cf	SESSION-5940a5357983452d → flow:c665b1e8f8cf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.11:geo_-21.10010_-41.69200	host:45.173.156.11 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-eeeeaab9fc572806:SESSION-eeeeaab9fc572806	SESSION-eeeeaab9fc572806 → pe:rst:SESSION-eeeeaab9fc572806
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.143:asn:262880	host:177.10.234.143 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:1791685c818a:port:tcp:734	flow:1791685c818a → port:tcp:734
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bd9436da4a7a552d:flow:c3fb7e9e34f6	SESSION-bd9436da4a7a552d → flow:c3fb7e9e34f6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c874ff4a201372ef:host:131.196.30.23:host:172.234.197.23	SESSION-c874ff4a201372ef → host:131.196.30.23 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-14a60b0039fa135f:flow:e424d1b2ba4a	SESSION-14a60b0039fa135f → flow:e424d1b2ba4a
FLOW_FROM_HOSTOBS	e:from:SESSION-6dacc3093e29f894:host:177.10.234.250	SESSION-6dacc3093e29f894 → host:177.10.234.250
FLOW_DST_PORTOBS	e:fp:flow:2e31b6b97fde:port:tcp:443	flow:2e31b6b97fde → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-86f48b7df98fd466:SESSION-86f48b7df98fd466	SESSION-86f48b7df98fd466 → pe:syn:SESSION-86f48b7df98fd466
flow_observed5-aryOBS	e:fo:flow:5ff22c5fc613	flow:5ff22c5fc613 → host:131.196.29.15 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-ff0c6bdae7c0fa78:host:172.234.197.23	SESSION-ff0c6bdae7c0fa78 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c9527954f73f19b6:host:172.234.197.23	SESSION-c9527954f73f19b6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-02163c9e3a8cc49d:SESSION-02163c9e3a8cc49d	SESSION-02163c9e3a8cc49d → pe:tls:SESSION-02163c9e3a8cc49d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.20:asn:262880	host:177.10.237.20 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e0284f837155748:host:172.234.197.23	SESSION-7e0284f837155748 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.91:geo_-16.28860_-49.01640	host:177.10.239.91 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-b50835be4d5bba16:host:172.234.197.23	SESSION-b50835be4d5bba16 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8383343898074aaa:SESSION-8383343898074aaa	SESSION-8383343898074aaa → pe:syn:SESSION-8383343898074aaa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-926b7babcf98185f:SESSION-926b7babcf98185f	SESSION-926b7babcf98185f → pe:tls:SESSION-926b7babcf98185f
FLOW_FROM_HOSTOBS	e:from:SESSION-647d0fec9adf08f1:host:103.97.91.27	SESSION-647d0fec9adf08f1 → host:103.97.91.27
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c3e0ded89b78d8d:host:177.10.234.203	SESSION-3c3e0ded89b78d8d → host:177.10.234.203
FLOW_TO_HOSTOBS	e:to:SESSION-00968abd3a9eec7e:host:172.234.197.23	SESSION-00968abd3a9eec7e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-20c0393579af9382:PCAP:capture_20260430160001:9bfa4498506a	SESSION-20c0393579af9382 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-92a69e37100365d0:flow:ee984b950533	SESSION-92a69e37100365d0 → flow:ee984b950533
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ef8854f2d4650c5:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-2ef8854f2d4650c5 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-90d4f232d3edc1de:SESSION-90d4f232d3edc1de	SESSION-90d4f232d3edc1de → pe:tls:SESSION-90d4f232d3edc1de
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-980b61ddea9c5965:host:172.234.197.23	SESSION-980b61ddea9c5965 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6f61464efb17d4b1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6f61464efb17d4b1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e62c7e5ed36c3850:PCAP:capture_20260430090001:065659c7d314	SESSION-e62c7e5ed36c3850 → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.253:asn:262880	host:177.10.239.253 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68f16c2935c85e73:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-68f16c2935c85e73 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.160:geo_-23.62930_-46.63510	host:131.196.28.160 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ddfef5208babd34:host:172.234.197.23	SESSION-6ddfef5208babd34 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.225:geo_-16.28860_-49.01640	host:177.10.233.225 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-71cc4f2ac3d57c32:SESSION-71cc4f2ac3d57c32	SESSION-71cc4f2ac3d57c32 → pe:syn:SESSION-71cc4f2ac3d57c32
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0b4130b0efbd1505:host:172.234.197.23:host:177.10.232.186	SESSION-0b4130b0efbd1505 → host:172.234.197.23 → host:177.10.232.186
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6a66cf91ad155464:SESSION-6a66cf91ad155464	SESSION-6a66cf91ad155464 → pe:syn:SESSION-6a66cf91ad155464
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.108:geo_-23.62930_-46.63510	host:131.196.30.108 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77661c4fb07edf10:host:131.196.31.146:host:172.234.197.23	SESSION-77661c4fb07edf10 → host:131.196.31.146 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:66d3f8b0f2a7:port:tcp:29298	flow:66d3f8b0f2a7 → port:tcp:29298
FLOW_FROM_HOSTOBS	e:from:SESSION-6242cf24a2978d6d:host:45.173.156.48	SESSION-6242cf24a2978d6d → host:45.173.156.48
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-006e3a8766fa0c7d:SESSION-006e3a8766fa0c7d	SESSION-006e3a8766fa0c7d → pe:tls:SESSION-006e3a8766fa0c7d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4ce89d337c6c28e5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4ce89d337c6c28e5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ddc60a1db971e20b:host:131.196.28.93	SESSION-ddc60a1db971e20b → host:131.196.28.93
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fe2a9708180e5d71:SESSION-fe2a9708180e5d71	SESSION-fe2a9708180e5d71 → pe:syn:SESSION-fe2a9708180e5d71
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-561fca01c9d6b351:flow:b41193c920cf	SESSION-561fca01c9d6b351 → flow:b41193c920cf
FLOW_DST_PORTOBS	e:fp:flow:e7c206687d07:port:tcp:63797	flow:e7c206687d07 → port:tcp:63797
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-da14485ca0be7376:SESSION-da14485ca0be7376	SESSION-da14485ca0be7376 → pe:tls:SESSION-da14485ca0be7376
FLOW_DST_PORTOBS	e:fp:flow:22c4bbf97ccb:port:tcp:443	flow:22c4bbf97ccb → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-520789f72dcf866a:host:172.234.197.23	SESSION-520789f72dcf866a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b63214403b2d20c7:host:172.234.197.23	SESSION-b63214403b2d20c7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4b068e0f016ef609:SESSION-4b068e0f016ef609	SESSION-4b068e0f016ef609 → pe:tls:SESSION-4b068e0f016ef609
FLOW_TO_HOSTOBS	e:to:SESSION-1ce2516dd8311d56:host:177.10.232.143	SESSION-1ce2516dd8311d56 → host:177.10.232.143
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.56:asn:262880	host:177.10.232.56 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-11142ad74b2052de:flow:b3d67977a2fe	SESSION-11142ad74b2052de → flow:b3d67977a2fe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b4e8d87fd06149df:SESSION-b4e8d87fd06149df	SESSION-b4e8d87fd06149df → pe:tls:SESSION-b4e8d87fd06149df
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b2ef1696b4c4f00:host:172.234.197.23	SESSION-2b2ef1696b4c4f00 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.63:asn:262880	host:177.10.239.63 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0827c1c94491daec:SESSION-0827c1c94491daec	SESSION-0827c1c94491daec → pe:syn:SESSION-0827c1c94491daec
FLOW_TO_HOSTOBS	e:to:SESSION-baee22f4fffa81d2:host:177.10.235.111	SESSION-baee22f4fffa81d2 → host:177.10.235.111
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cd1b98a612532c8e:host:31.40.196.2:host:172.234.197.23	SESSION-cd1b98a612532c8e → host:31.40.196.2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-33916bd4dadd0440:PCAP:capture_20260430090001:065659c7d314	SESSION-33916bd4dadd0440 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b9d47d1bafad5ad0:SESSION-b9d47d1bafad5ad0	SESSION-b9d47d1bafad5ad0 → pe:tls:SESSION-b9d47d1bafad5ad0
FLOW_DST_PORTOBS	e:fp:flow:16d1fe4b54fe:port:tcp:443	flow:16d1fe4b54fe → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-33b7a287fd9eafc1:host:172.234.197.23	SESSION-33b7a287fd9eafc1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3bc3682173c4cf6b:SESSION-3bc3682173c4cf6b	SESSION-3bc3682173c4cf6b → pe:tls:SESSION-3bc3682173c4cf6b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4aeecdec5ead7952:SESSION-4aeecdec5ead7952	SESSION-4aeecdec5ead7952 → pe:syn:SESSION-4aeecdec5ead7952
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0b71b9d0133c3b30:PCAP:capture_20260430160001:9bfa4498506a	SESSION-0b71b9d0133c3b30 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f392894730d574f3:host:131.196.30.0	SESSION-f392894730d574f3 → host:131.196.30.0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-da40d6e9bff8c88d:flow:74e0e0e1df06	SESSION-da40d6e9bff8c88d → flow:74e0e0e1df06
FLOW_FROM_HOSTOBS	e:from:SESSION-e21e19309bc8d324:host:45.173.156.51	SESSION-e21e19309bc8d324 → host:45.173.156.51
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b117f2a3fa82af67:host:177.10.235.118:host:172.234.197.23	SESSION-b117f2a3fa82af67 → host:177.10.235.118 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ff40ca0c390500b:host:172.234.197.23	SESSION-7ff40ca0c390500b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.219:geo_-23.62930_-46.63510	host:131.196.28.219 → geo_-23.62930_-46.63510
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.102:asn:203771	host:31.40.196.102 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:7fd257e9ad8f:port:tcp:22	flow:7fd257e9ad8f → port:tcp:22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a301fd9da8621bb:host:172.234.197.23	SESSION-7a301fd9da8621bb → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c341b53c6c5d:port:tcp:443	flow:c341b53c6c5d → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.240:geo_-16.28860_-49.01640	host:177.10.236.240 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7d5ec38dc75ef648:SESSION-7d5ec38dc75ef648	SESSION-7d5ec38dc75ef648 → pe:syn:SESSION-7d5ec38dc75ef648
flow_observed5-aryOBS	e:fo:flow:ebc914576482	flow:ebc914576482 → host:177.10.233.82 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:b7b083ee0603	flow:b7b083ee0603 → host:45.145.152.249 → host:172.234.197.23 → port:tcp:80 → svc:http
flow_observed5-aryOBS	e:fo:flow:a7a5a4376bf3	flow:a7a5a4376bf3 → host:177.10.234.21 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:bad9568a8243:port:tcp:443	flow:bad9568a8243 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-952305350dc386c3:host:131.196.30.102	SESSION-952305350dc386c3 → host:131.196.30.102
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-091ae841df8cdc2c:host:185.231.226.113	SESSION-091ae841df8cdc2c → host:185.231.226.113
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f35bbd3887f167bf:PCAP:capture_20260430050001:8868731bf8a4	SESSION-f35bbd3887f167bf → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.248:geo_19.07480_72.88560	host:45.145.152.248 → geo_19.07480_72.88560
flow_observed3-aryOBS	e:fo:flow:4a5a098691d5	flow:4a5a098691d5 → host:52.12.196.158 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f4a69b65a94c1ea1:host:172.234.197.23	SESSION-f4a69b65a94c1ea1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-977a7c6dd83aa424:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-977a7c6dd83aa424 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-78c74ad080075522:SESSION-78c74ad080075522	SESSION-78c74ad080075522 → pe:syn:SESSION-78c74ad080075522
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-605acf1f49534e97:host:177.10.233.231	SESSION-605acf1f49534e97 → host:177.10.233.231
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2619cb568c6b860e:PCAP:capture_20260430080001:93f47cc296a4	SESSION-2619cb568c6b860e → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f2a561db8449259:host:172.234.197.23	SESSION-4f2a561db8449259 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9eda278d49363b57:host:172.234.197.23	SESSION-9eda278d49363b57 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-22c25719fd1e6342:host:131.196.31.134:host:172.234.197.23	SESSION-22c25719fd1e6342 → host:131.196.31.134 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b65c6ec30f2c8117:SESSION-b65c6ec30f2c8117	SESSION-b65c6ec30f2c8117 → pe:syn:SESSION-b65c6ec30f2c8117
flow_observed5-aryOBS	e:fo:flow:75100b39b0ce	flow:75100b39b0ce → host:177.10.237.70 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ffb355c8f64da05f:SESSION-ffb355c8f64da05f	SESSION-ffb355c8f64da05f → pe:tls:SESSION-ffb355c8f64da05f
FLOW_DST_PORTOBS	e:fp:flow:000fd5deac60:port:tcp:443	flow:000fd5deac60 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:5682fbbbc70d	flow:5682fbbbc70d → host:177.10.235.45 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f19ceabce4d2fbb5:host:177.10.239.53:host:172.234.197.23	SESSION-f19ceabce4d2fbb5 → host:177.10.239.53 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1b3b25682727ca52:host:45.173.156.18	SESSION-1b3b25682727ca52 → host:45.173.156.18
FLOW_TO_HOSTOBS	e:to:SESSION-2f691479e1fc1edf:host:172.234.197.23	SESSION-2f691479e1fc1edf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf85e37468f1ff86:host:177.10.233.59	SESSION-cf85e37468f1ff86 → host:177.10.233.59
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.121:asn:262880	host:177.10.236.121 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8b38e5755a85588:host:172.234.197.23	SESSION-c8b38e5755a85588 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-053d7bf7ef41d243:host:172.234.197.23:host:45.173.156.49	SESSION-053d7bf7ef41d243 → host:172.234.197.23 → host:45.173.156.49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5527f09aaa715d91:SESSION-5527f09aaa715d91	SESSION-5527f09aaa715d91 → pe:tls:SESSION-5527f09aaa715d91
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-38fb62728f2b5e64:flow:7286bcf23af8	SESSION-38fb62728f2b5e64 → flow:7286bcf23af8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8098f7aeb1e3da6f:PCAP:capture_20260427200001:3ed6eed62060	SESSION-8098f7aeb1e3da6f → PCAP:capture_20260427200001:3ed6eed62060
FLOW_DST_PORTOBS	e:fp:flow:fc519ecd4501:port:tcp:443	flow:fc519ecd4501 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e7e110cd2632aa64:PCAP:capture_20260430080001:93f47cc296a4	SESSION-e7e110cd2632aa64 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:951f2fdaa1bf	flow:951f2fdaa1bf → host:177.10.235.165 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-3c812f2a31a60fc9:host:172.234.197.23	SESSION-3c812f2a31a60fc9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-29bf5bdb9e3850fd:host:172.234.197.23:host:131.196.30.141	SESSION-29bf5bdb9e3850fd → host:172.234.197.23 → host:131.196.30.141
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-114b93c0875a1701:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-114b93c0875a1701 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-17e08e972fb579a9:host:172.234.197.23	SESSION-17e08e972fb579a9 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f805d83e63c0:port:tcp:49100	flow:f805d83e63c0 → port:tcp:49100
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c69fd5cbb3980413:host:177.10.236.219	SESSION-c69fd5cbb3980413 → host:177.10.236.219
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c97208f3d5d9be26:host:177.10.236.15:host:172.234.197.23	SESSION-c97208f3d5d9be26 → host:177.10.236.15 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe9137916d2eb5d4:host:131.196.29.154	SESSION-fe9137916d2eb5d4 → host:131.196.29.154
FLOW_DST_PORTOBS	e:fp:flow:0950ef508a6b:port:tcp:443	flow:0950ef508a6b → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-589f676f16819868:PCAP:capture_20260430090001:065659c7d314	SESSION-589f676f16819868 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.6:geo_-16.28860_-49.01640	host:177.10.235.6 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-6222707cbae0e281:host:37.221.79.41	SESSION-6222707cbae0e281 → host:37.221.79.41
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-495677aa294b030b:flow:f1b671a57bb4	SESSION-495677aa294b030b → flow:f1b671a57bb4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-430caa0514cbc012:host:172.234.197.23:host:131.196.29.192	SESSION-430caa0514cbc012 → host:172.234.197.23 → host:131.196.29.192
FLOW_FROM_HOSTOBS	e:from:SESSION-47f7d0be3b0e89e2:host:177.10.235.21	SESSION-47f7d0be3b0e89e2 → host:177.10.235.21
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2490746063a947f9:flow:9b70d955992c	SESSION-2490746063a947f9 → flow:9b70d955992c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ac058e9f0280088:flow:68666ee32d2b	SESSION-2ac058e9f0280088 → flow:68666ee32d2b
FLOW_DST_PORTOBS	e:fp:flow:9a745d03101e:port:tcp:443	flow:9a745d03101e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39845edf8e8f640a:host:131.196.30.130	SESSION-39845edf8e8f640a → host:131.196.30.130
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-799494d5bb605f27:host:131.196.30.234:host:172.234.197.23	SESSION-799494d5bb605f27 → host:131.196.30.234 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9a7f0a64436ce2ca:host:172.234.197.23	SESSION-9a7f0a64436ce2ca → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3762cafcd0c66be2:SESSION-3762cafcd0c66be2	SESSION-3762cafcd0c66be2 → pe:tls:SESSION-3762cafcd0c66be2
FLOW_TO_HOSTOBS	e:to:SESSION-6e798ff0c310952a:host:172.234.197.23	SESSION-6e798ff0c310952a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6585a8f099e9e465:flow:dcf36065a524	SESSION-6585a8f099e9e465 → flow:dcf36065a524
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.67:geo_-23.62930_-46.63510	host:131.196.28.67 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:6534d92e5619:port:tcp:7986	flow:6534d92e5619 → port:tcp:7986
FLOW_FROM_HOSTOBS	e:from:SESSION-3d0d891734a12161:host:131.196.30.54	SESSION-3d0d891734a12161 → host:131.196.30.54
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.239:asn:271410	host:131.196.31.239 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9501d29cea91bd7b:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-9501d29cea91bd7b → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9c64ea68345b811b:SESSION-9c64ea68345b811b	SESSION-9c64ea68345b811b → pe:syn:SESSION-9c64ea68345b811b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d0485ecaf8e8edab:flow:e9c7cc68a121	SESSION-d0485ecaf8e8edab → flow:e9c7cc68a121
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8e9497f317705308:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8e9497f317705308 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-87843d3af97b013e:PCAP:capture_20260430090001:065659c7d314	SESSION-87843d3af97b013e → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa31472460997bf3:host:172.234.197.23	SESSION-aa31472460997bf3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dd108cc47984c911:PCAP:capture_20260430070001:903a0e7a436b	SESSION-dd108cc47984c911 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a4200861230ead3:SESSION-0a4200861230ead3	SESSION-0a4200861230ead3 → pe:syn:SESSION-0a4200861230ead3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6d83b2373dd8cdc:host:172.234.197.23	SESSION-d6d83b2373dd8cdc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01d7e8e7f6d6f55b:host:172.234.197.23	SESSION-01d7e8e7f6d6f55b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a01362ca7d087a96:PCAP:capture_20260430050001:8868731bf8a4	SESSION-a01362ca7d087a96 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-6cc804a855d1eb7c:host:172.234.197.23	SESSION-6cc804a855d1eb7c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90798b7c1b8c7636:host:131.196.30.234	SESSION-90798b7c1b8c7636 → host:131.196.30.234
FLOW_FROM_HOSTOBS	e:from:SESSION-1350be77996fff9b:host:177.10.232.66	SESSION-1350be77996fff9b → host:177.10.232.66
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-92547fda1a59fab0:SESSION-92547fda1a59fab0	SESSION-92547fda1a59fab0 → pe:tls:SESSION-92547fda1a59fab0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f5c9b4c9e225ad1d:PCAP:capture_20260430090001:065659c7d314	SESSION-f5c9b4c9e225ad1d → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-200b6d1dbf438627:SESSION-200b6d1dbf438627	SESSION-200b6d1dbf438627 → pe:syn:SESSION-200b6d1dbf438627
FLOW_QUERIED_DNSOBS	e:fd:flow:2428c7c3e3d6:dns:172-234-197-23.ip.linodeusercontent.com	flow:2428c7c3e3d6 → dns:172-234-197-23.ip.linodeusercontent.com
flow_observed5-aryOBS	e:fo:flow:f7005d0541c0	flow:f7005d0541c0 → host:177.10.236.255 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-710b55a9f3a0edd9:SESSION-710b55a9f3a0edd9	SESSION-710b55a9f3a0edd9 → pe:syn:SESSION-710b55a9f3a0edd9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c7635cd052466cdd:host:172.234.197.23	SESSION-c7635cd052466cdd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4691236308c01a5:host:172.234.197.23	SESSION-d4691236308c01a5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93e1e76eb6bfe5a3:host:172.234.197.23	SESSION-93e1e76eb6bfe5a3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-478ebcd540b5d0ef:host:172.234.197.23:host:177.10.236.189	SESSION-478ebcd540b5d0ef → host:172.234.197.23 → host:177.10.236.189
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc431699568b9daa:SESSION-cc431699568b9daa	SESSION-cc431699568b9daa → pe:tls:SESSION-cc431699568b9daa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36a0a9e003021f23:host:172.234.197.23	SESSION-36a0a9e003021f23 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fcdaaf650d72b5bc:host:177.10.235.129:host:172.234.197.23	SESSION-fcdaaf650d72b5bc → host:177.10.235.129 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7ad60f3efcde14b7:host:172.234.197.23	SESSION-7ad60f3efcde14b7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd8832d374e053cc:host:177.10.235.192	SESSION-fd8832d374e053cc → host:177.10.235.192
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-742c2d67dec63a6f:flow:ad8754c61763	SESSION-742c2d67dec63a6f → flow:ad8754c61763
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-46082ee63fe36bdf:flow:8927b6992540	SESSION-46082ee63fe36bdf → flow:8927b6992540
FLOW_FROM_HOSTOBS	e:from:SESSION-79ceb7ef9cce8d79:host:177.10.237.57	SESSION-79ceb7ef9cce8d79 → host:177.10.237.57
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.252:asn:262880	host:177.10.235.252 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.183:geo_-21.10010_-41.69200	host:45.173.156.183 → geo_-21.10010_-41.69200
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.161:asn:262880	host:177.10.236.161 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a47ed447671c9b0b:PCAP:capture_20260430150001:ded20914761d	SESSION-a47ed447671c9b0b → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-999a3a68382b7707:host:131.196.28.90	SESSION-999a3a68382b7707 → host:131.196.28.90
flow_observed5-aryOBS	e:fo:flow:adce45c519b3	flow:adce45c519b3 → host:131.196.30.0 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-75cb9fe69e287da9:host:177.10.239.203:host:172.234.197.23	SESSION-75cb9fe69e287da9 → host:177.10.239.203 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b34520b38e3fc963:SESSION-b34520b38e3fc963	SESSION-b34520b38e3fc963 → pe:tls:SESSION-b34520b38e3fc963
FLOW_TO_HOSTOBS	e:to:SESSION-8a3c1d53f1688156:host:172.234.197.23	SESSION-8a3c1d53f1688156 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e859a84eb4eaf300:SESSION-e859a84eb4eaf300	SESSION-e859a84eb4eaf300 → pe:tls:SESSION-e859a84eb4eaf300
FLOW_DST_PORTOBS	e:fp:flow:9c0494f4c271:port:tcp:60679	flow:9c0494f4c271 → port:tcp:60679
FLOW_DST_PORTOBS	e:fp:flow:f2febbd542f8:port:tcp:80	flow:f2febbd542f8 → port:tcp:80
FLOW_FROM_HOSTOBS	e:from:SESSION-bd3259577d52904f:host:43.192.54.92	SESSION-bd3259577d52904f → host:43.192.54.92
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-f4bcb88049ff8a93:SESSION-f4bcb88049ff8a93	SESSION-f4bcb88049ff8a93 → pe:rst:SESSION-f4bcb88049ff8a93
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e4cbb1218941faec:host:131.196.31.87:host:172.234.197.23	SESSION-e4cbb1218941faec → host:131.196.31.87 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.123:geo_-16.28860_-49.01640	host:177.10.233.123 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e529f6ef28aca515:SESSION-e529f6ef28aca515	SESSION-e529f6ef28aca515 → pe:tls:SESSION-e529f6ef28aca515
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5d1f774a6af2df76:SESSION-5d1f774a6af2df76	SESSION-5d1f774a6af2df76 → pe:tls:SESSION-5d1f774a6af2df76
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5ccbfb0ac760822d:SESSION-5ccbfb0ac760822d	SESSION-5ccbfb0ac760822d → pe:tls:SESSION-5ccbfb0ac760822d
FLOW_FROM_HOSTOBS	e:from:SESSION-f8d6efdf3cd688f1:host:131.196.29.125	SESSION-f8d6efdf3cd688f1 → host:131.196.29.125
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4c6ce7a55e2ab654:SESSION-4c6ce7a55e2ab654	SESSION-4c6ce7a55e2ab654 → pe:tls:SESSION-4c6ce7a55e2ab654
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3a99ef89e8b00159:SESSION-3a99ef89e8b00159	SESSION-3a99ef89e8b00159 → pe:syn:SESSION-3a99ef89e8b00159
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6af89b3798eaaf52:SESSION-6af89b3798eaaf52	SESSION-6af89b3798eaaf52 → pe:syn:SESSION-6af89b3798eaaf52
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3529b49a7d38dad6:PCAP:capture_20260430060001:919b39a74464	SESSION-3529b49a7d38dad6 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d31138dfabe85cd6:SESSION-d31138dfabe85cd6	SESSION-d31138dfabe85cd6 → pe:tls:SESSION-d31138dfabe85cd6
flow_observed4-aryOBS	e:fo:flow:563ee580e3fd	flow:563ee580e3fd → host:172.234.197.23 → host:177.10.236.209 → port:tcp:39107
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-34efc230578c0ec6:SESSION-34efc230578c0ec6	SESSION-34efc230578c0ec6 → pe:tls:SESSION-34efc230578c0ec6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0ffcc2d542e7be59:host:177.10.237.5:host:172.234.197.23	SESSION-0ffcc2d542e7be59 → host:177.10.237.5 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6af366568a421f52:host:131.196.31.74	SESSION-6af366568a421f52 → host:131.196.31.74
FLOW_FROM_HOSTOBS	e:from:SESSION-8feacc6abd2fe08c:host:131.196.28.228	SESSION-8feacc6abd2fe08c → host:131.196.28.228
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dd05928698dec5c4:SESSION-dd05928698dec5c4	SESSION-dd05928698dec5c4 → pe:tls:SESSION-dd05928698dec5c4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb4d3e328cdf4bcd:host:172.234.197.23	SESSION-cb4d3e328cdf4bcd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-21de16798668b3a8:host:45.173.156.138	SESSION-21de16798668b3a8 → host:45.173.156.138
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.122:asn:271410	host:131.196.28.122 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f1cb2d411cdd6d7:host:172.234.197.23	SESSION-4f1cb2d411cdd6d7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-793a524af1982647:host:172.234.197.23	SESSION-793a524af1982647 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c30067362e47	flow:c30067362e47 → host:177.10.239.116 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:7a831aeb3bd8:port:tcp:443	flow:7a831aeb3bd8 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0da58b5e3634dda2:host:54.245.183.167	SESSION-0da58b5e3634dda2 → host:54.245.183.167
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.89:asn:271410	host:131.196.28.89 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f5f3ac5dec394466:PCAP:capture_20260430060001:919b39a74464	SESSION-f5f3ac5dec394466 → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-e36c77c5ab0d7e92:host:172.234.197.23	SESSION-e36c77c5ab0d7e92 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8d9cfeb1a925e0c3:host:177.10.232.133	SESSION-8d9cfeb1a925e0c3 → host:177.10.232.133
FLOW_TO_HOSTOBS	e:to:SESSION-05f783d5d2ea4019:host:177.10.238.140	SESSION-05f783d5d2ea4019 → host:177.10.238.140
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-337cf74c19f2631e:SESSION-337cf74c19f2631e	SESSION-337cf74c19f2631e → pe:syn:SESSION-337cf74c19f2631e
FLOW_DST_PORTOBS	e:fp:flow:3e863a59aa1c:port:tcp:443	flow:3e863a59aa1c → port:tcp:443
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-41957bf4b3a50ded:BSG-BEACON-9c6d26db7621	SESSION-41957bf4b3a50ded → BSG-BEACON-9c6d26db7621
FLOW_FROM_HOSTOBS	e:from:SESSION-29162d9ed8336732:host:177.10.232.83	SESSION-29162d9ed8336732 → host:177.10.232.83
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.1:asn:262880	host:177.10.235.1 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b3c5b9cd096d7e31:flow:c5e8a78849b7	SESSION-b3c5b9cd096d7e31 → flow:c5e8a78849b7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5d6e49e2849c20f:host:172.234.197.23	SESSION-c5d6e49e2849c20f → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:e948c653dadd:dns:172-234-197-23.ip.linodeusercontent.com	flow:e948c653dadd → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c6ce7a55e2ab654:host:172.234.197.23	SESSION-4c6ce7a55e2ab654 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3839adbba9942939:flow:47640395d048	SESSION-3839adbba9942939 → flow:47640395d048
flow_observed5-aryOBS	e:fo:flow:82fbfa1cfb5d	flow:82fbfa1cfb5d → host:89.58.44.225 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db3c6ad3393f14ad:host:177.10.234.186	SESSION-db3c6ad3393f14ad → host:177.10.234.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd05928698dec5c4:host:131.196.30.20	SESSION-dd05928698dec5c4 → host:131.196.30.20
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-912ea161e3e6ffdc:SESSION-912ea161e3e6ffdc	SESSION-912ea161e3e6ffdc → pe:tls:SESSION-912ea161e3e6ffdc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1228b317d5ce27b4:SESSION-1228b317d5ce27b4	SESSION-1228b317d5ce27b4 → pe:tls:SESSION-1228b317d5ce27b4
flow_observed4-aryOBS	e:fo:flow:3b8b26a46ac2	flow:3b8b26a46ac2 → host:172.234.197.23 → host:45.173.156.37 → port:tcp:55282
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.87:geo_-16.28860_-49.01640	host:177.10.235.87 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47699582b69b5d99:PCAP:capture_20260430050001:8868731bf8a4	SESSION-47699582b69b5d99 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:572d4b8f9c4a:port:tcp:443	flow:572d4b8f9c4a → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4fd5cc70e8cf2108:host:177.10.233.230:host:172.234.197.23	SESSION-4fd5cc70e8cf2108 → host:177.10.233.230 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b330864bc1d39cd9:host:172.234.197.23:host:131.196.29.29	SESSION-b330864bc1d39cd9 → host:172.234.197.23 → host:131.196.29.29
flow_observed5-aryOBS	e:fo:flow:e6ceecc84370	flow:e6ceecc84370 → host:131.196.28.88 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c58c12f678d65836:SESSION-c58c12f678d65836	SESSION-c58c12f678d65836 → pe:tls:SESSION-c58c12f678d65836
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-87b50db5a64a4926:SESSION-87b50db5a64a4926	SESSION-87b50db5a64a4926 → pe:tls:SESSION-87b50db5a64a4926
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f56950d8d19e118b:SESSION-f56950d8d19e118b	SESSION-f56950d8d19e118b → pe:syn:SESSION-f56950d8d19e118b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6535f7c42f72cb7f:host:131.196.30.95:host:172.234.197.23	SESSION-6535f7c42f72cb7f → host:131.196.30.95 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:6d919a662eb6	flow:6d919a662eb6 → host:172.234.197.23 → host:177.10.234.56 → port:tcp:25197
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79ceb7ef9cce8d79:host:177.10.237.57	SESSION-79ceb7ef9cce8d79 → host:177.10.237.57
FLOW_DST_PORTOBS	e:fp:flow:4028dc56aa9d:port:tcp:443	flow:4028dc56aa9d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f302c09f7d22a8d1:host:177.10.236.63	SESSION-f302c09f7d22a8d1 → host:177.10.236.63
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.158:geo_-16.28860_-49.01640	host:177.10.235.158 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ced37932852de9e5:host:172.234.197.23	SESSION-ced37932852de9e5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9ca26e5420bb5bf:host:172.234.197.23	SESSION-b9ca26e5420bb5bf → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:162cd2226747:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:162cd2226747 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7ee8538a8ddcb6ee:SESSION-7ee8538a8ddcb6ee	SESSION-7ee8538a8ddcb6ee → pe:syn:SESSION-7ee8538a8ddcb6ee
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aaf7ce37564a0317:host:172.234.197.23	SESSION-aaf7ce37564a0317 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e7341740ccb6f292:host:172.234.197.23	SESSION-e7341740ccb6f292 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:960a1f66ca09	flow:960a1f66ca09 → host:45.173.156.153 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:bdb442638fa0	flow:bdb442638fa0 → host:172.234.197.23 → host:45.173.156.203 → port:tcp:38420
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-57092e6ea3a8c881:SESSION-57092e6ea3a8c881	SESSION-57092e6ea3a8c881 → pe:tls:SESSION-57092e6ea3a8c881
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:124.198.131.220:geo_40.71260_-74.00660	host:124.198.131.220 → geo_40.71260_-74.00660
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-566179d6a12d7e1c:SESSION-566179d6a12d7e1c	SESSION-566179d6a12d7e1c → pe:syn:SESSION-566179d6a12d7e1c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-9a8c913718f2ecd3:SESSION-9a8c913718f2ecd3	SESSION-9a8c913718f2ecd3 → pe:dns:SESSION-9a8c913718f2ecd3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9d603c58c5171ed7:host:131.196.30.37:host:172.234.197.23	SESSION-9d603c58c5171ed7 → host:131.196.30.37 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-03f351fbd88acdc4:PCAP:capture_20260430160001:9bfa4498506a	SESSION-03f351fbd88acdc4 → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.238:geo_-16.28860_-49.01640	host:177.10.238.238 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:d5a249ab2d27:port:tcp:443	flow:d5a249ab2d27 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:c7709144102c	flow:c7709144102c → host:177.10.239.80 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9a8c913718f2ecd3:host:172.234.197.23:host:172.232.0.16	SESSION-9a8c913718f2ecd3 → host:172.234.197.23 → host:172.232.0.16
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fd524e1c02193f64:host:2.57.122.192:host:172.234.197.23	SESSION-fd524e1c02193f64 → host:2.57.122.192 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6667ca1b9f8ba8d1:PCAP:capture_20260430150001:ded20914761d	SESSION-6667ca1b9f8ba8d1 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-924a4e21bceaf0d1:PCAP:capture_20260430070001:903a0e7a436b	SESSION-924a4e21bceaf0d1 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-096419478460628e:host:172.234.197.23:host:172.232.0.16	SESSION-096419478460628e → host:172.234.197.23 → host:172.232.0.16
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-f1e9c5398b5e18f4:BSG-BEACON-cac69090d49b	SESSION-f1e9c5398b5e18f4 → BSG-BEACON-cac69090d49b
FLOW_TO_HOSTOBS	e:to:SESSION-0ffe1a7a04c39301:host:177.10.234.38	SESSION-0ffe1a7a04c39301 → host:177.10.234.38
FLOW_DST_PORTOBS	e:fp:flow:4f7e976f3d68:port:tcp:53997	flow:4f7e976f3d68 → port:tcp:53997
flow_observed3-aryOBS	e:fo:flow:fafbc5eb93bd	flow:fafbc5eb93bd → host:103.155.16.117 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f73f713a631f7530:host:172.234.197.23:host:177.10.238.187	SESSION-f73f713a631f7530 → host:172.234.197.23 → host:177.10.238.187
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22f2328c9f1b641e:host:172.234.197.23	SESSION-22f2328c9f1b641e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4449fca2fd34af5e:host:131.196.28.62	SESSION-4449fca2fd34af5e → host:131.196.28.62
FLOW_TO_HOSTOBS	e:to:SESSION-cbc349d6e82ad363:host:2.57.122.196	SESSION-cbc349d6e82ad363 → host:2.57.122.196
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5e717c742e2e64ea:host:131.196.29.217:host:172.234.197.23	SESSION-5e717c742e2e64ea → host:131.196.29.217 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bfd9e24a99b67097:host:172.234.197.23	SESSION-bfd9e24a99b67097 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.198:asn:262880	host:177.10.236.198 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:eeedb1395fff:port:tcp:443	flow:eeedb1395fff → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a038f6735218c73a:PCAP:capture_20260430090001:065659c7d314	SESSION-a038f6735218c73a → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-42ed5696c9e60897:host:131.196.30.132:host:172.234.197.23	SESSION-42ed5696c9e60897 → host:131.196.30.132 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b5a1cccd350c:port:tcp:443	flow:b5a1cccd350c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ddc60a1db971e20b:host:172.234.197.23	SESSION-ddc60a1db971e20b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c5f8419335024f52:host:172.234.197.23	SESSION-c5f8419335024f52 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-befd285205c2bf8f:host:172.234.197.23	SESSION-befd285205c2bf8f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d27f09d7c919692:host:172.234.197.23	SESSION-5d27f09d7c919692 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6c8dea047b3a203b:host:172.234.197.23	SESSION-6c8dea047b3a203b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-09a6e49240d11692:host:172.234.197.23	SESSION-09a6e49240d11692 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eba362425495480d:SESSION-eba362425495480d	SESSION-eba362425495480d → pe:syn:SESSION-eba362425495480d
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.180:asn:271410	host:131.196.31.180 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:b1110292eacf:port:tcp:8856	flow:b1110292eacf → port:tcp:8856
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-893e080e65f2ed4f:SESSION-893e080e65f2ed4f	SESSION-893e080e65f2ed4f → pe:syn:SESSION-893e080e65f2ed4f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20a3b697d9e7cdf6:host:131.196.29.94	SESSION-20a3b697d9e7cdf6 → host:131.196.29.94
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9494583da7ce1d88:flow:c6e0f5297a66	SESSION-9494583da7ce1d88 → flow:c6e0f5297a66
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-20a3b697d9e7cdf6:SESSION-20a3b697d9e7cdf6	SESSION-20a3b697d9e7cdf6 → pe:tls:SESSION-20a3b697d9e7cdf6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cd801ce1250407dd:host:131.196.31.244:host:172.234.197.23	SESSION-cd801ce1250407dd → host:131.196.31.244 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:686bd558a135:port:tcp:443	flow:686bd558a135 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-c2bdd821ab6e9acc:host:172.234.197.23	SESSION-c2bdd821ab6e9acc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-34d820c66fac079b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-34d820c66fac079b → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-275d804358752875:host:177.10.237.143	SESSION-275d804358752875 → host:177.10.237.143
flow_observed5-aryOBS	e:fo:flow:78895a78917c	flow:78895a78917c → host:131.196.31.30 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5de3ca130be8f6d5:host:172.234.197.23:host:45.173.156.167	SESSION-5de3ca130be8f6d5 → host:172.234.197.23 → host:45.173.156.167
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-56e8cb1a5e296d06:host:172.234.197.23:host:177.10.237.144	SESSION-56e8cb1a5e296d06 → host:172.234.197.23 → host:177.10.237.144
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c7b4cea62f376fb:host:172.234.197.23	SESSION-4c7b4cea62f376fb → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:73e5710b1731:port:tcp:32540	flow:73e5710b1731 → port:tcp:32540
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77593e2039f5e18a:host:172.234.197.23	SESSION-77593e2039f5e18a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9e3b10c8440c	flow:9e3b10c8440c → host:131.196.31.75 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-666cc538c7e1a156:host:172.232.0.17	SESSION-666cc538c7e1a156 → host:172.232.0.17
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.2:geo_-23.62930_-46.63510	host:131.196.29.2 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-202b4507c8c6a688:host:172.234.197.23:host:177.10.234.57	SESSION-202b4507c8c6a688 → host:172.234.197.23 → host:177.10.234.57
FLOW_TO_HOSTOBS	e:to:SESSION-a6ec641540644ee0:host:131.196.29.3	SESSION-a6ec641540644ee0 → host:131.196.29.3
FLOW_DST_PORTOBS	e:fp:flow:2efd98f3e78d:port:tcp:443	flow:2efd98f3e78d → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5a3cad014cd3066:host:177.10.233.185:host:172.234.197.23	SESSION-b5a3cad014cd3066 → host:177.10.233.185 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3675340578297917:SESSION-3675340578297917	SESSION-3675340578297917 → pe:syn:SESSION-3675340578297917
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5d1f774a6af2df76:SESSION-5d1f774a6af2df76	SESSION-5d1f774a6af2df76 → pe:syn:SESSION-5d1f774a6af2df76
flow_observed4-aryOBS	e:fo:flow:4a3b8f47dbcf	flow:4a3b8f47dbcf → host:172.234.197.23 → host:131.196.31.235 → port:tcp:7914
FLOW_DST_PORTOBS	e:fp:flow:3b12551e0bf1:port:udp:53	flow:3b12551e0bf1 → port:udp:53
flow_observed5-aryOBS	e:fo:flow:89dfb84bffe8	flow:89dfb84bffe8 → host:131.196.30.11 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.153:geo_-16.28860_-49.01640	host:177.10.235.153 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ee4167cf60ac81c3:flow:69755715354d	SESSION-ee4167cf60ac81c3 → flow:69755715354d
FLOW_DST_PORTOBS	e:fp:flow:26f2346498f6:port:tcp:443	flow:26f2346498f6 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:e847f09a3e98	flow:e847f09a3e98 → host:131.196.30.125 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:0e703d7ee529:port:tcp:443	flow:0e703d7ee529 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:9b3c44b150c9:port:tcp:443	flow:9b3c44b150c9 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fe22df31c35f787d:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-fe22df31c35f787d → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c59cadc4597ab32:host:45.173.156.217	SESSION-2c59cadc4597ab32 → host:45.173.156.217
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-169e7d2007075619:host:172.234.197.23	SESSION-169e7d2007075619 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8ef5ed6d64625f76:host:172.234.197.23	SESSION-8ef5ed6d64625f76 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-08463d47d249df1d:host:172.234.197.23:host:177.10.233.214	SESSION-08463d47d249df1d → host:172.234.197.23 → host:177.10.233.214
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f81e7ae5e8e38135:PCAP:capture_20260430150001:ded20914761d	SESSION-f81e7ae5e8e38135 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77da6a9292c08caa:flow:26c3eabc8146	SESSION-77da6a9292c08caa → flow:26c3eabc8146
flow_observed5-aryOBS	e:fo:flow:ae0b1076aadf	flow:ae0b1076aadf → host:131.196.29.175 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-2604bc3e94e22829:host:172.234.197.23	SESSION-2604bc3e94e22829 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.201.244.199:geo_45.84010_-119.70500	host:54.201.244.199 → geo_45.84010_-119.70500
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3ca442589a0a5e5d:flow:bf1d82e08e9f	SESSION-3ca442589a0a5e5d → flow:bf1d82e08e9f
FLOW_DST_PORTOBS	e:fp:flow:0148015f0be7:port:tcp:443	flow:0148015f0be7 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e73771addca62c13:host:177.10.235.255:host:172.234.197.23	SESSION-e73771addca62c13 → host:177.10.235.255 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5e9dc14d87b5185c:host:177.10.237.98	SESSION-5e9dc14d87b5185c → host:177.10.237.98
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1fdaf54c444b72c0:SESSION-1fdaf54c444b72c0	SESSION-1fdaf54c444b72c0 → pe:tls:SESSION-1fdaf54c444b72c0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eaf5b03036efa5c6:SESSION-eaf5b03036efa5c6	SESSION-eaf5b03036efa5c6 → pe:syn:SESSION-eaf5b03036efa5c6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c155b50123efabb5:host:172.234.197.23	SESSION-c155b50123efabb5 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3930651da0a26cb4:host:131.196.28.45	SESSION-3930651da0a26cb4 → host:131.196.28.45
FLOW_TO_HOSTOBS	e:to:SESSION-180bc1efe2db3897:host:172.234.197.23	SESSION-180bc1efe2db3897 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-030a81db4532bd3a:SESSION-030a81db4532bd3a	SESSION-030a81db4532bd3a → pe:tls:SESSION-030a81db4532bd3a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-82fb3096076edb8c:flow:78e73b44f51c	SESSION-82fb3096076edb8c → flow:78e73b44f51c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-996af5414634114f:PCAP:capture_20260430110001:43611bdf6759	SESSION-996af5414634114f → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86086a72c76b1135:host:131.196.30.147	SESSION-86086a72c76b1135 → host:131.196.30.147
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0d9e3720b73bcaea:host:177.10.234.70:host:172.234.197.23	SESSION-0d9e3720b73bcaea → host:177.10.234.70 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef354b4063646368:host:177.10.239.250	SESSION-ef354b4063646368 → host:177.10.239.250
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d0cb11649434d08c:flow:e3edff7df072	SESSION-d0cb11649434d08c → flow:e3edff7df072
FLOW_DST_PORTOBS	e:fp:flow:1b98b9f04daf:port:tcp:443	flow:1b98b9f04daf → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-276035998be5d0c6:host:172.234.197.23	SESSION-276035998be5d0c6 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c93964ffa7e29d50:flow:2893802bb933	SESSION-c93964ffa7e29d50 → flow:2893802bb933
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a720c7dde0362052:host:177.10.238.220:host:172.234.197.23	SESSION-a720c7dde0362052 → host:177.10.238.220 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-33b7a287fd9eafc1:SESSION-33b7a287fd9eafc1	SESSION-33b7a287fd9eafc1 → pe:syn:SESSION-33b7a287fd9eafc1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eb72c41fb24aaf81:host:172.234.197.23:host:131.196.29.203	SESSION-eb72c41fb24aaf81 → host:172.234.197.23 → host:131.196.29.203
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-99664d33d11b43d2:host:57.128.95.174:host:172.234.197.23	SESSION-99664d33d11b43d2 → host:57.128.95.174 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:89c3e525673a:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:89c3e525673a → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-02cfffe2a1cdb1f3:host:172.234.197.23	SESSION-02cfffe2a1cdb1f3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2c59cadc4597ab32:host:45.173.156.217	SESSION-2c59cadc4597ab32 → host:45.173.156.217
FLOW_FROM_HOSTOBS	e:from:SESSION-ee402158031a28f0:host:177.10.235.152	SESSION-ee402158031a28f0 → host:177.10.235.152
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8749b2c626b3f1be:flow:105d6e9d76b0	SESSION-8749b2c626b3f1be → flow:105d6e9d76b0
FLOW_FROM_HOSTOBS	e:from:SESSION-d6e3c617395c3b07:host:104.28.202.77	SESSION-d6e3c617395c3b07 → host:104.28.202.77
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36b6bef962351df3:host:177.10.237.66	SESSION-36b6bef962351df3 → host:177.10.237.66
FLOW_TO_HOSTOBS	e:to:SESSION-664631b6c582f1f7:host:172.234.197.23	SESSION-664631b6c582f1f7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b51b74891d2de4c5:host:177.10.234.239	SESSION-b51b74891d2de4c5 → host:177.10.234.239
flow_observed5-aryOBS	e:fo:flow:dd689462ef51	flow:dd689462ef51 → host:131.196.31.127 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:6c9e69924488:port:tcp:443	flow:6c9e69924488 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-cb88b05b3590e26e:host:45.173.156.57	SESSION-cb88b05b3590e26e → host:45.173.156.57
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ced37932852de9e5:SESSION-ced37932852de9e5	SESSION-ced37932852de9e5 → pe:tls:SESSION-ced37932852de9e5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6682b9978761b80b:host:177.10.239.115	SESSION-6682b9978761b80b → host:177.10.239.115
FLOW_DST_PORTOBS	e:fp:flow:9e6337f9fc4d:port:tcp:443	flow:9e6337f9fc4d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e577d7cf1b0ace36:host:131.196.29.29	SESSION-e577d7cf1b0ace36 → host:131.196.29.29
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d5b56d4198adefd3:host:172.234.197.23:host:131.196.30.128	SESSION-d5b56d4198adefd3 → host:172.234.197.23 → host:131.196.30.128
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:44.255.175.112:geo_45.84010_-119.70500	host:44.255.175.112 → geo_45.84010_-119.70500
flow_observed5-aryOBS	e:fo:flow:46897113187f	flow:46897113187f → host:177.10.236.216 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-3a082d71203d179a:host:172.234.197.23	SESSION-3a082d71203d179a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5b7f4612f7527a5d:host:172.234.197.23	SESSION-5b7f4612f7527a5d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:df716d9e6ea3:port:tcp:37974	flow:df716d9e6ea3 → port:tcp:37974
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8739e7552ccb5cc0:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-8739e7552ccb5cc0 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-af1aec9a84a08d25:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-af1aec9a84a08d25 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a75f9666a4fd8c5:host:131.196.31.237	SESSION-1a75f9666a4fd8c5 → host:131.196.31.237
flow_observed4-aryOBS	e:fo:flow:f35e8598c21e	flow:f35e8598c21e → host:172.234.197.23 → host:177.10.239.136 → port:tcp:61056
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-affecc1e92c420cb:flow:beb643cc4247	SESSION-affecc1e92c420cb → flow:beb643cc4247
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a33a5bbd98f17a5b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a33a5bbd98f17a5b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-da7125a184793aeb:host:131.196.29.192:host:172.234.197.23	SESSION-da7125a184793aeb → host:131.196.29.192 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb6a6e3ef5fc132c:host:177.10.234.95	SESSION-fb6a6e3ef5fc132c → host:177.10.234.95
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.29:geo_-16.28860_-49.01640	host:177.10.238.29 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:32c06546a1b7:port:tcp:443	flow:32c06546a1b7 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.160:geo_-23.62930_-46.63510	host:131.196.31.160 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e271128847ae06df:SESSION-e271128847ae06df	SESSION-e271128847ae06df → pe:tls:SESSION-e271128847ae06df
flow_observed5-aryOBS	e:fo:flow:1f5cd8297e8c	flow:1f5cd8297e8c → host:177.10.232.225 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d43da16ef3276f9b:host:172.234.197.23	SESSION-d43da16ef3276f9b → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.61:asn:262880	host:177.10.234.61 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a604218ad277317:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8a604218ad277317 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-54127ab649dd8e15:SESSION-54127ab649dd8e15	SESSION-54127ab649dd8e15 → pe:rst:SESSION-54127ab649dd8e15
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9886228ef28af254:flow:c5aa2acab467	SESSION-9886228ef28af254 → flow:c5aa2acab467
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-53fb5011e3d13c28:host:131.196.29.107	SESSION-53fb5011e3d13c28 → host:131.196.29.107
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6713221fe5694a6d:PCAP:capture_20260430150001:ded20914761d	SESSION-6713221fe5694a6d → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f56538a064e25a46:host:177.10.235.18	SESSION-f56538a064e25a46 → host:177.10.235.18
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dc65fb323eff44ce:host:177.10.232.45	SESSION-dc65fb323eff44ce → host:177.10.232.45
flow_observed5-aryOBS	e:fo:flow:a8db861f9cc7	flow:a8db861f9cc7 → host:46.4.252.37 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f6ad5e06ec5a3a76:host:177.10.238.41:host:172.234.197.23	SESSION-f6ad5e06ec5a3a76 → host:177.10.238.41 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:b0ce171daf3a	flow:b0ce171daf3a → host:172.234.197.23 → host:177.10.238.10 → port:tcp:15339
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf12b1de67086909:host:45.173.156.84	SESSION-bf12b1de67086909 → host:45.173.156.84
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-de115ad7179345b0:PCAP:capture_20260430150001:ded20914761d	SESSION-de115ad7179345b0 → PCAP:capture_20260430150001:ded20914761d
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.234:asn:271410	host:131.196.31.234 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-32012e3b5048e415:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-32012e3b5048e415 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2387fa1f153c5b33:flow:f678dba79a31	SESSION-2387fa1f153c5b33 → flow:f678dba79a31
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-62458b132c4d6b0d:PCAP:capture_20260430150001:ded20914761d	SESSION-62458b132c4d6b0d → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6d7eebeca6a52636:SESSION-6d7eebeca6a52636	SESSION-6d7eebeca6a52636 → pe:syn:SESSION-6d7eebeca6a52636
FLOW_TO_HOSTOBS	e:to:SESSION-5e5c0136d660133a:host:177.10.237.216	SESSION-5e5c0136d660133a → host:177.10.237.216
FLOW_FROM_HOSTOBS	e:from:SESSION-2e316662e5f9d5ce:host:172.234.197.23	SESSION-2e316662e5f9d5ce → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-19f4ea615eaf7325:SESSION-19f4ea615eaf7325	SESSION-19f4ea615eaf7325 → pe:tls:SESSION-19f4ea615eaf7325
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.111:asn:262880	host:177.10.235.111 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.13:asn:271410	host:131.196.30.13 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73c4b3cbea42a394:host:46.4.252.37	SESSION-73c4b3cbea42a394 → host:46.4.252.37
flow_observed3-aryOBS	e:fo:flow:40c3645ae1b8	flow:40c3645ae1b8 → host:54.149.68.137 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49b6ef2582cca14b:host:177.10.234.147	SESSION-49b6ef2582cca14b → host:177.10.234.147
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-08ee685c4e8cc842:host:131.196.28.219:host:172.234.197.23	SESSION-08ee685c4e8cc842 → host:131.196.28.219 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-39e4fa54be3b3e55:flow:b762e0a8780c	SESSION-39e4fa54be3b3e55 → flow:b762e0a8780c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0ffe1a7a04c39301:SESSION-0ffe1a7a04c39301	SESSION-0ffe1a7a04c39301 → pe:tls:SESSION-0ffe1a7a04c39301
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-94594005437ae120:host:172.234.197.23:host:177.10.237.155	SESSION-94594005437ae120 → host:172.234.197.23 → host:177.10.237.155
FLOW_FROM_HOSTOBS	e:from:SESSION-c3b504551617ec2c:host:131.196.31.188	SESSION-c3b504551617ec2c → host:131.196.31.188
FLOW_DST_PORTOBS	e:fp:flow:1f7c37615ab5:port:tcp:5173	flow:1f7c37615ab5 → port:tcp:5173
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95152bde385a2e89:host:131.196.28.249	SESSION-95152bde385a2e89 → host:131.196.28.249
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.61:geo_-23.62930_-46.63510	host:131.196.31.61 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:32bab55f8c7a:port:tcp:28449	flow:32bab55f8c7a → port:tcp:28449
flow_observed4-aryOBS	e:fo:flow:0bb22495fed6	flow:0bb22495fed6 → host:172.234.197.23 → host:131.196.30.223 → port:tcp:24622
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-659e9e20b25ca2e2:host:177.10.237.218	SESSION-659e9e20b25ca2e2 → host:177.10.237.218
FLOW_TO_HOSTOBS	e:to:SESSION-fa35d0a8fa5d9f77:host:172.234.197.23	SESSION-fa35d0a8fa5d9f77 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-637d01fb7fe8b725:host:172.234.197.23:host:177.10.238.181	SESSION-637d01fb7fe8b725 → host:172.234.197.23 → host:177.10.238.181
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-010644d8880e6139:host:172.234.197.23	SESSION-010644d8880e6139 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.92.14.54:geo_41.65790_-0.87770	host:51.92.14.54 → geo_41.65790_-0.87770
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3adb88175f99dced:SESSION-3adb88175f99dced	SESSION-3adb88175f99dced → pe:tls:SESSION-3adb88175f99dced
flow_observed5-aryOBS	e:fo:flow:80ec3ae98c0c	flow:80ec3ae98c0c → host:131.196.29.12 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-206979254a17108f:host:177.10.239.191	SESSION-206979254a17108f → host:177.10.239.191
FLOW_TO_HOSTOBS	e:to:SESSION-58209016b963372b:host:172.234.197.23	SESSION-58209016b963372b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d220051223525d86:host:131.196.28.193:host:172.234.197.23	SESSION-d220051223525d86 → host:131.196.28.193 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-043f15d6badfcd64:host:177.10.235.36	SESSION-043f15d6badfcd64 → host:177.10.235.36
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a4b1418ed7a7a9f3:flow:58c3e3a098e4	SESSION-a4b1418ed7a7a9f3 → flow:58c3e3a098e4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a733fde11cff5d03:host:172.234.197.23	SESSION-a733fde11cff5d03 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2d798baf71c597a3:flow:76b49f6dd75d	SESSION-2d798baf71c597a3 → flow:76b49f6dd75d
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-d9b13ac4e6d83a5e:BSG-BEACON-918ce26726c0	SESSION-d9b13ac4e6d83a5e → BSG-BEACON-918ce26726c0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2e615d118f3247e2:flow:639a81585c5e	SESSION-2e615d118f3247e2 → flow:639a81585c5e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-136e732c63cf53f4:flow:fd1e7c8fc228	SESSION-136e732c63cf53f4 → flow:fd1e7c8fc228
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bebd9f8afa50544a:host:45.173.156.68	SESSION-bebd9f8afa50544a → host:45.173.156.68
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.237:geo_-16.28860_-49.01640	host:177.10.238.237 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c1429c4885068b09:host:177.10.236.8:host:172.234.197.23	SESSION-c1429c4885068b09 → host:177.10.236.8 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.68:geo_-23.62930_-46.63510	host:131.196.31.68 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f709c3d74e04443c:host:131.196.30.83:host:172.234.197.23	SESSION-f709c3d74e04443c → host:131.196.30.83 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c1a14827dc654457:host:131.196.28.12:host:172.234.197.23	SESSION-c1a14827dc654457 → host:131.196.28.12 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6588ddd9fabb341:host:177.10.235.214	SESSION-e6588ddd9fabb341 → host:177.10.235.214
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c59147b81bc92a14:host:172.234.197.23	SESSION-c59147b81bc92a14 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac6ab160136e0424:host:177.10.235.129	SESSION-ac6ab160136e0424 → host:177.10.235.129
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2c59cadc4597ab32:SESSION-2c59cadc4597ab32	SESSION-2c59cadc4597ab32 → pe:syn:SESSION-2c59cadc4597ab32
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7172790c1950eaef:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7172790c1950eaef → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4879ced74a20729f:flow:8b119f6991a9	SESSION-4879ced74a20729f → flow:8b119f6991a9
FLOW_TO_HOSTOBS	e:to:SESSION-eb7b7dca9012c682:host:131.196.31.30	SESSION-eb7b7dca9012c682 → host:131.196.31.30
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.56:asn:271410	host:131.196.28.56 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:e45fb223a813:port:tcp:443	flow:e45fb223a813 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.225:asn:262880	host:177.10.233.225 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-6a9e4c3921500675:host:177.10.236.84	SESSION-6a9e4c3921500675 → host:177.10.236.84
FLOW_TO_HOSTOBS	e:to:SESSION-2579d58cc01cbffa:host:172.234.197.23	SESSION-2579d58cc01cbffa → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51e02a163c57adb5:host:177.10.233.249:host:172.234.197.23	SESSION-51e02a163c57adb5 → host:177.10.233.249 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f2cb956713b4a7f:host:172.234.197.23	SESSION-8f2cb956713b4a7f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c9527954f73f19b6:SESSION-c9527954f73f19b6	SESSION-c9527954f73f19b6 → pe:tls:SESSION-c9527954f73f19b6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eed27da13c534290:host:172.234.197.23	SESSION-eed27da13c534290 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-92f84fab5bd8e0c8:SESSION-92f84fab5bd8e0c8	SESSION-92f84fab5bd8e0c8 → pe:tls:SESSION-92f84fab5bd8e0c8
flow_observed5-aryOBS	e:fo:flow:4779704d8082	flow:4779704d8082 → host:177.10.239.64 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-b72757303ebc2bde:host:45.173.156.139	SESSION-b72757303ebc2bde → host:45.173.156.139
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.175:geo_-23.62930_-46.63510	host:131.196.28.175 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fe8408bb8c62f3c7:PCAP:capture_20260430110001:43611bdf6759	SESSION-fe8408bb8c62f3c7 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4baa6f7cc0122cad:SESSION-4baa6f7cc0122cad	SESSION-4baa6f7cc0122cad → pe:syn:SESSION-4baa6f7cc0122cad
FLOW_TO_HOSTOBS	e:to:SESSION-7ee8538a8ddcb6ee:host:177.10.239.221	SESSION-7ee8538a8ddcb6ee → host:177.10.239.221
FLOW_FROM_HOSTOBS	e:from:SESSION-ddc877c0ed3a64ea:host:172.234.197.23	SESSION-ddc877c0ed3a64ea → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.164:asn:271410	host:131.196.29.164 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ca44e56e93546a2c:flow:bb1be86dfa91	SESSION-ca44e56e93546a2c → flow:bb1be86dfa91
FLOW_FROM_HOSTOBS	e:from:SESSION-368729c748b57591:host:45.173.156.174	SESSION-368729c748b57591 → host:45.173.156.174
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-82c9dbe3cfe7e49f:SESSION-82c9dbe3cfe7e49f	SESSION-82c9dbe3cfe7e49f → pe:syn:SESSION-82c9dbe3cfe7e49f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f910dce05c4c16f4:host:177.10.235.227:host:172.234.197.23	SESSION-f910dce05c4c16f4 → host:177.10.235.227 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fef93e1a24936adf:SESSION-fef93e1a24936adf	SESSION-fef93e1a24936adf → pe:syn:SESSION-fef93e1a24936adf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.192:geo_-16.28860_-49.01640	host:177.10.234.192 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:118567956373	flow:118567956373 → host:172.234.197.23 → host:177.10.235.64 → port:tcp:11778
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2354f30fe4af5f56:host:172.234.197.23	SESSION-2354f30fe4af5f56 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b8ee775e10cbe172:SESSION-b8ee775e10cbe172	SESSION-b8ee775e10cbe172 → pe:tls:SESSION-b8ee775e10cbe172
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-829966970db58135:PCAP:capture_20260430110001:43611bdf6759	SESSION-829966970db58135 → PCAP:capture_20260430110001:43611bdf6759
FLOW_DST_PORTOBS	e:fp:flow:d2bd33124f4a:port:tcp:20197	flow:d2bd33124f4a → port:tcp:20197
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ee36310db765ff6:SESSION-2ee36310db765ff6	SESSION-2ee36310db765ff6 → pe:tls:SESSION-2ee36310db765ff6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.6:geo_-16.28860_-49.01640	host:177.10.233.6 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:58e329a82c5e:port:tcp:41399	flow:58e329a82c5e → port:tcp:41399
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72ea8a7fe39a298e:host:172.234.197.23	SESSION-72ea8a7fe39a298e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a2e73cad916b1394:host:177.10.232.215	SESSION-a2e73cad916b1394 → host:177.10.232.215
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-85483e16d9e2576e:SESSION-85483e16d9e2576e	SESSION-85483e16d9e2576e → pe:syn:SESSION-85483e16d9e2576e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-98d24f4ecefc5585:SESSION-98d24f4ecefc5585	SESSION-98d24f4ecefc5585 → pe:syn:SESSION-98d24f4ecefc5585
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-08ccad07eda14042:host:177.10.232.192:host:172.234.197.23	SESSION-08ccad07eda14042 → host:177.10.232.192 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a825e71225466eb:host:172.234.197.23	SESSION-3a825e71225466eb → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:4d7367284527	flow:4d7367284527 → host:131.196.30.37 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:ebc914576482:port:tcp:443	flow:ebc914576482 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.79:geo_-16.28860_-49.01640	host:177.10.235.79 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ce76d6af7b7d93f:SESSION-1ce76d6af7b7d93f	SESSION-1ce76d6af7b7d93f → pe:tls:SESSION-1ce76d6af7b7d93f
FLOW_DST_PORTOBS	e:fp:flow:0e2ef251883e:port:tcp:443	flow:0e2ef251883e → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fe1d6d23886f083a:flow:2a6474e91598	SESSION-fe1d6d23886f083a → flow:2a6474e91598
flow_observed5-aryOBS	e:fo:flow:ade6d6dd1519	flow:ade6d6dd1519 → host:177.10.236.218 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-b9fb0652618e8095:host:177.10.233.120	SESSION-b9fb0652618e8095 → host:177.10.233.120
FLOW_DST_PORTOBS	e:fp:flow:2ae2b6fb588d:port:tcp:63526	flow:2ae2b6fb588d → port:tcp:63526
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1350be77996fff9b:flow:6d6335a56d67	SESSION-1350be77996fff9b → flow:6d6335a56d67
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0f2cdff3ab49e1a1:PCAP:capture_20260430110001:43611bdf6759	SESSION-0f2cdff3ab49e1a1 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bff0487aa2cdf6e6:host:131.196.29.242	SESSION-bff0487aa2cdf6e6 → host:131.196.29.242
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8d5fc6f7b2bd264:host:172.234.197.23	SESSION-c8d5fc6f7b2bd264 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-88c19910e1cb1242:host:172.234.197.23	SESSION-88c19910e1cb1242 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0307b3c9af33eb0:host:45.145.152.227	SESSION-c0307b3c9af33eb0 → host:45.145.152.227
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0b0070ff484a299:SESSION-c0b0070ff484a299	SESSION-c0b0070ff484a299 → pe:syn:SESSION-c0b0070ff484a299
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-265fcf20a19ad440:PCAP:capture_20260430150001:ded20914761d	SESSION-265fcf20a19ad440 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ccddbdb53d5af45:SESSION-6ccddbdb53d5af45	SESSION-6ccddbdb53d5af45 → pe:tls:SESSION-6ccddbdb53d5af45
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-191c84cbdd981857:PCAP:capture_20260430150001:ded20914761d	SESSION-191c84cbdd981857 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56476ce9df92fd09:host:172.234.197.23	SESSION-56476ce9df92fd09 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46f70ffa54883bab:host:195.154.100.87	SESSION-46f70ffa54883bab → host:195.154.100.87
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c68429e2f7bfcd9:host:172.234.197.23	SESSION-9c68429e2f7bfcd9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:aff142aec191	flow:aff142aec191 → host:45.173.156.26 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1dda0e3344468f76:flow:d44f21536855	SESSION-1dda0e3344468f76 → flow:d44f21536855
flow_observed4-aryOBS	e:fo:flow:628dc6635430	flow:628dc6635430 → host:172.234.197.23 → host:131.196.29.249 → port:tcp:15556
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e38f46dc000b6625:flow:7ebe5ea3bba9	SESSION-e38f46dc000b6625 → flow:7ebe5ea3bba9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4b00d7db41be144d:SESSION-4b00d7db41be144d	SESSION-4b00d7db41be144d → pe:syn:SESSION-4b00d7db41be144d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.45:asn:262880	host:177.10.234.45 → asn:262880
flow_observed5-aryOBS	e:fo:flow:9bd03e214ac2	flow:9bd03e214ac2 → host:177.10.233.141 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-341468c084cc4cf3:host:172.234.197.23	SESSION-341468c084cc4cf3 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:49.12.170.238:geo_50.47770_12.36490	host:49.12.170.238 → geo_50.47770_12.36490
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77b68b84e12bfaab:PCAP:capture_20260430090001:065659c7d314	SESSION-77b68b84e12bfaab → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e47cd7d3b6c5e00d:flow:ea69cbe21998	SESSION-e47cd7d3b6c5e00d → flow:ea69cbe21998
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-55e2fb280d3c8e24:BSG-BEACON-85bd2bc80aee	SESSION-55e2fb280d3c8e24 → BSG-BEACON-85bd2bc80aee
FLOW_DST_PORTOBS	e:fp:flow:ab35e02bcb20:port:tcp:443	flow:ab35e02bcb20 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-516e4259bbcb51e8:SESSION-516e4259bbcb51e8	SESSION-516e4259bbcb51e8 → pe:syn:SESSION-516e4259bbcb51e8
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.228:asn:262880	host:177.10.233.228 → asn:262880
flow_observed5-aryOBS	e:fo:flow:1040a37ad4b8	flow:1040a37ad4b8 → host:45.173.156.133 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.26:geo_-23.62930_-46.63510	host:131.196.31.26 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-4b859feadb239919:host:172.234.197.23	SESSION-4b859feadb239919 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8132ea082e988f13:SESSION-8132ea082e988f13	SESSION-8132ea082e988f13 → pe:syn:SESSION-8132ea082e988f13
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.126:asn:262880	host:177.10.239.126 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-67b1c0091ebc1322:host:131.196.28.136	SESSION-67b1c0091ebc1322 → host:131.196.28.136
flow_observed5-aryOBS	e:fo:flow:3a3b86705699	flow:3a3b86705699 → host:177.10.234.57 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-a288a75f40d03563:host:177.10.239.55	SESSION-a288a75f40d03563 → host:177.10.239.55
FLOW_FROM_HOSTOBS	e:from:SESSION-1053aee7675dcd07:host:177.10.236.253	SESSION-1053aee7675dcd07 → host:177.10.236.253
FLOW_DST_PORTOBS	e:fp:flow:306d4674c16a:port:tcp:443	flow:306d4674c16a → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f130592ce1f7f0fb:PCAP:capture_20260430110001:43611bdf6759	SESSION-f130592ce1f7f0fb → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6588ddd9fabb341:host:172.234.197.23	SESSION-e6588ddd9fabb341 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-16b002b5a5ba0e61:SESSION-16b002b5a5ba0e61	SESSION-16b002b5a5ba0e61 → pe:syn:SESSION-16b002b5a5ba0e61
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa7ff8c6e8f0ef9e:SESSION-aa7ff8c6e8f0ef9e	SESSION-aa7ff8c6e8f0ef9e → pe:tls:SESSION-aa7ff8c6e8f0ef9e
FLOW_TO_HOSTOBS	e:to:SESSION-b82d9882ea505987:host:177.10.235.174	SESSION-b82d9882ea505987 → host:177.10.235.174
flow_observed5-aryOBS	e:fo:flow:10f8a32e96a1	flow:10f8a32e96a1 → host:45.173.156.146 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:09d75a5531b0:port:tcp:55118	flow:09d75a5531b0 → port:tcp:55118
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-efabffc9197efb23:host:131.196.29.234	SESSION-efabffc9197efb23 → host:131.196.29.234
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6dc77b6505beb2bc:host:172.234.197.23:host:45.173.156.43	SESSION-6dc77b6505beb2bc → host:172.234.197.23 → host:45.173.156.43
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-06d2ad4243fb8941:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-06d2ad4243fb8941 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.205:asn:271410	host:131.196.30.205 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-921ff5b52f826cc0:SESSION-921ff5b52f826cc0	SESSION-921ff5b52f826cc0 → pe:syn:SESSION-921ff5b52f826cc0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c5f8419335024f52:flow:64b9edd120d2	SESSION-c5f8419335024f52 → flow:64b9edd120d2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-92f84fab5bd8e0c8:PCAP:capture_20260430070001:903a0e7a436b	SESSION-92f84fab5bd8e0c8 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-328591b09b0655cf:flow:d9eaf0aaa345	SESSION-328591b09b0655cf → flow:d9eaf0aaa345
FLOW_DST_PORTOBS	e:fp:flow:a36e5f4c9cca:port:udp:53	flow:a36e5f4c9cca → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c421ecd159f7b93a:host:177.10.232.2	SESSION-c421ecd159f7b93a → host:177.10.232.2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-164cf6eccbbca478:SESSION-164cf6eccbbca478	SESSION-164cf6eccbbca478 → pe:rst:SESSION-164cf6eccbbca478
FLOW_FROM_HOSTOBS	e:from:SESSION-15539e18bbfcb0e8:host:131.196.30.12	SESSION-15539e18bbfcb0e8 → host:131.196.30.12
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-458faec2c6be4af1:SESSION-458faec2c6be4af1	SESSION-458faec2c6be4af1 → pe:tls:SESSION-458faec2c6be4af1
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.76:geo_-16.28860_-49.01640	host:177.10.233.76 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-85683c3aa8c095db:host:66.228.53.46	SESSION-85683c3aa8c095db → host:66.228.53.46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5490e36eb363059:host:172.234.197.23	SESSION-e5490e36eb363059 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:67bdaa37076f:port:tcp:52831	flow:67bdaa37076f → port:tcp:52831
FLOW_FROM_HOSTOBS	e:from:SESSION-7b223dcd1f64dfb9:host:131.196.29.235	SESSION-7b223dcd1f64dfb9 → host:131.196.29.235
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e0a730d87d8b98f3:host:177.10.234.46:host:172.234.197.23	SESSION-e0a730d87d8b98f3 → host:177.10.234.46 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c55144af88c3	flow:c55144af88c3 → host:177.10.238.210 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-106d77d887836a65:flow:c2b0dcf2b507	SESSION-106d77d887836a65 → flow:c2b0dcf2b507
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd4086b575d9a1c0:host:172.234.197.23	SESSION-cd4086b575d9a1c0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bfa1612081e2aa61:host:172.234.197.23	SESSION-bfa1612081e2aa61 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-386a52b5a647d101:host:177.10.234.157	SESSION-386a52b5a647d101 → host:177.10.234.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4f73d5c81ac41c00:SESSION-4f73d5c81ac41c00	SESSION-4f73d5c81ac41c00 → pe:syn:SESSION-4f73d5c81ac41c00
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bce97f10a4a571f4:PCAP:capture_20260430110001:43611bdf6759	SESSION-bce97f10a4a571f4 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5f4a8961dba27f33:host:103.155.16.117:host:172.234.197.23	SESSION-5f4a8961dba27f33 → host:103.155.16.117 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7d9d7757b20ed84d:SESSION-7d9d7757b20ed84d	SESSION-7d9d7757b20ed84d → pe:syn:SESSION-7d9d7757b20ed84d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fb2f54f0354a144e:SESSION-fb2f54f0354a144e	SESSION-fb2f54f0354a144e → pe:tls:SESSION-fb2f54f0354a144e
flow_observed5-aryOBS	e:fo:flow:2e77d5b01871	flow:2e77d5b01871 → host:177.10.236.142 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-b32f5a9266c1045d:host:172.234.197.23	SESSION-b32f5a9266c1045d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2efd98f3e78d	flow:2efd98f3e78d → host:131.196.30.212 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:68930acd3198	flow:68930acd3198 → host:172.234.197.23 → host:131.196.29.19 → port:tcp:52848
FLOW_TO_HOSTOBS	e:to:SESSION-200e4a8806f83581:host:172.234.197.23	SESSION-200e4a8806f83581 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.139:geo_-21.10010_-41.69200	host:45.173.156.139 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-424e5c5b03912c3d:host:172.234.197.23	SESSION-424e5c5b03912c3d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-753bfef963e546aa:flow:69043b5c7039	SESSION-753bfef963e546aa → flow:69043b5c7039
FLOW_TO_HOSTOBS	e:to:SESSION-cc399ebe92ddbae6:host:172.234.197.23	SESSION-cc399ebe92ddbae6 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0fbc9a4b7bce	flow:0fbc9a4b7bce → host:69.222.187.134 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.219:asn:271410	host:131.196.28.219 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:dd602e0f6666:port:tcp:5353	flow:dd602e0f6666 → port:tcp:5353
FLOW_TO_HOSTOBS	e:to:SESSION-45f8302f1d804897:host:172.234.197.23	SESSION-45f8302f1d804897 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:699fc01b6874:port:tcp:47236	flow:699fc01b6874 → port:tcp:47236
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d7508894fe5424d7:host:131.196.28.137	SESSION-d7508894fe5424d7 → host:131.196.28.137
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.113:geo_-23.62930_-46.63510	host:131.196.29.113 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-316231fad61f009e:host:172.234.197.23	SESSION-316231fad61f009e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c30c42747916	flow:c30c42747916 → host:131.196.31.3 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-b58dfbdc72ba0e86:host:177.10.237.73	SESSION-b58dfbdc72ba0e86 → host:177.10.237.73
FLOW_TO_HOSTOBS	e:to:SESSION-409f2c106c7c54cc:host:172.234.197.23	SESSION-409f2c106c7c54cc → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-81c3f53ebeacb521:host:177.10.234.135:host:172.234.197.23	SESSION-81c3f53ebeacb521 → host:177.10.234.135 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d585afab4eb6ac7e:host:177.10.235.187	SESSION-d585afab4eb6ac7e → host:177.10.235.187
FLOW_TLS_SNIOBS	e:fs:flow:e25cb7cb2181:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:e25cb7cb2181 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-37a8b94aca0a72fd:BSG-DATA_EXFIL-d4f46d1c86b2	SESSION-37a8b94aca0a72fd → BSG-DATA_EXFIL-d4f46d1c86b2
flow_observed4-aryOBS	e:fo:flow:5049b00b9614	flow:5049b00b9614 → host:172.234.197.23 → host:177.10.233.70 → port:tcp:13793
FLOW_TO_HOSTOBS	e:to:SESSION-cde6fb5ccac54489:host:172.234.197.23	SESSION-cde6fb5ccac54489 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:dcd3224e0a9d:port:tcp:443	flow:dcd3224e0a9d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3adb88175f99dced:SESSION-3adb88175f99dced	SESSION-3adb88175f99dced → pe:syn:SESSION-3adb88175f99dced
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-542567c32b647819:SESSION-542567c32b647819	SESSION-542567c32b647819 → pe:syn:SESSION-542567c32b647819
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-006e3a8766fa0c7d:host:177.10.239.139	SESSION-006e3a8766fa0c7d → host:177.10.239.139
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ec2cd7bdebda0247:SESSION-ec2cd7bdebda0247	SESSION-ec2cd7bdebda0247 → pe:tls:SESSION-ec2cd7bdebda0247
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e7341740ccb6f292:host:177.10.232.109:host:172.234.197.23	SESSION-e7341740ccb6f292 → host:177.10.232.109 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.25:asn:262880	host:177.10.239.25 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:5d5bc8796647:port:tcp:443	flow:5d5bc8796647 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9d58dc4e289d6c4c:SESSION-9d58dc4e289d6c4c	SESSION-9d58dc4e289d6c4c → pe:tls:SESSION-9d58dc4e289d6c4c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-27d66e2c1260cc5f:host:172.234.197.23:host:177.10.238.43	SESSION-27d66e2c1260cc5f → host:172.234.197.23 → host:177.10.238.43
flow_observed5-aryOBS	e:fo:flow:3e386cf1d1a0	flow:3e386cf1d1a0 → host:131.196.30.88 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-af13e3f1012247aa:host:177.10.235.64:host:172.234.197.23	SESSION-af13e3f1012247aa → host:177.10.235.64 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c6f6eb6f56b12c37:SESSION-c6f6eb6f56b12c37	SESSION-c6f6eb6f56b12c37 → pe:syn:SESSION-c6f6eb6f56b12c37
flow_observed5-aryOBS	e:fo:flow:077349af1ee9	flow:077349af1ee9 → host:177.10.232.210 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-01e03a84392b1398:host:172.234.197.23	SESSION-01e03a84392b1398 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6490de849a8e5020:host:172.234.197.23	SESSION-6490de849a8e5020 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51bab49b2715dbc9:host:54.149.68.137	SESSION-51bab49b2715dbc9 → host:54.149.68.137
FLOW_FROM_HOSTOBS	e:from:SESSION-0485e2f41480d0ab:host:131.196.31.56	SESSION-0485e2f41480d0ab → host:131.196.31.56
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cbc4338326105aa3:SESSION-cbc4338326105aa3	SESSION-cbc4338326105aa3 → pe:tls:SESSION-cbc4338326105aa3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-17a3924886eb315f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-17a3924886eb315f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65c3eea3bc378ff0:SESSION-65c3eea3bc378ff0	SESSION-65c3eea3bc378ff0 → pe:tls:SESSION-65c3eea3bc378ff0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-81de972e9a362700:flow:a9c2935fca0c	SESSION-81de972e9a362700 → flow:a9c2935fca0c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-699c907c7ac66403:SESSION-699c907c7ac66403	SESSION-699c907c7ac66403 → pe:tls:SESSION-699c907c7ac66403
FLOW_FROM_HOSTOBS	e:from:SESSION-f0bdeae27fd42a89:host:172.234.197.23	SESSION-f0bdeae27fd42a89 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:650010dca645	flow:650010dca645 → host:131.196.30.9 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:0e3ea2ef1c63	flow:0e3ea2ef1c63 → host:131.196.30.12 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b4d5ec492dcde12c:SESSION-b4d5ec492dcde12c	SESSION-b4d5ec492dcde12c → pe:tls:SESSION-b4d5ec492dcde12c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78ad99b8772b1e3f:host:172.234.197.23	SESSION-78ad99b8772b1e3f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9d58dc4e289d6c4c:SESSION-9d58dc4e289d6c4c	SESSION-9d58dc4e289d6c4c → pe:syn:SESSION-9d58dc4e289d6c4c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eaed9d07c71d3d80:host:177.10.233.73:host:172.234.197.23	SESSION-eaed9d07c71d3d80 → host:177.10.233.73 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-76ac71b30f764df7:host:131.196.28.128	SESSION-76ac71b30f764df7 → host:131.196.28.128
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dc82e917a0ac0289:host:172.234.197.23	SESSION-dc82e917a0ac0289 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-20c0393579af9382:host:131.196.28.59:host:172.234.197.23	SESSION-20c0393579af9382 → host:131.196.28.59 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.80:geo_-16.28860_-49.01640	host:177.10.235.80 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-77c4b389d95f1453:SESSION-77c4b389d95f1453	SESSION-77c4b389d95f1453 → pe:syn:SESSION-77c4b389d95f1453
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-caf4287e8000c114:flow:e25cb7cb2181	SESSION-caf4287e8000c114 → flow:e25cb7cb2181
FLOW_DST_PORTOBS	e:fp:flow:ebc4720c3766:port:tcp:443	flow:ebc4720c3766 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:57.128.95.174:geo_48.85820_2.33870	host:57.128.95.174 → geo_48.85820_2.33870
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8624692ea119f1f3:host:172.234.197.23:host:177.10.238.226	SESSION-8624692ea119f1f3 → host:172.234.197.23 → host:177.10.238.226
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.77:geo_-16.28860_-49.01640	host:177.10.233.77 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eca69a208ab39d5f:host:177.10.237.159	SESSION-eca69a208ab39d5f → host:177.10.237.159
FLOW_FROM_HOSTOBS	e:from:SESSION-3dc32d1b123f77b5:host:172.234.197.23	SESSION-3dc32d1b123f77b5 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.233:asn:271410	host:131.196.29.233 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8feeff9d44d6e844:host:172.234.197.23:host:177.10.239.189	SESSION-8feeff9d44d6e844 → host:172.234.197.23 → host:177.10.239.189
FLOW_TO_HOSTOBS	e:to:SESSION-c828adcf318b7963:host:172.234.197.23	SESSION-c828adcf318b7963 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e6f218d3e359434:host:172.234.197.23	SESSION-0e6f218d3e359434 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f6ad5e06ec5a3a76:host:172.234.197.23	SESSION-f6ad5e06ec5a3a76 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fa9d2876c7b3abea:SESSION-fa9d2876c7b3abea	SESSION-fa9d2876c7b3abea → pe:syn:SESSION-fa9d2876c7b3abea
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e62c7e5ed36c3850:SESSION-e62c7e5ed36c3850	SESSION-e62c7e5ed36c3850 → pe:tls:SESSION-e62c7e5ed36c3850
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.102:geo_-16.28860_-49.01640	host:177.10.239.102 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4059a39607153158:SESSION-4059a39607153158	SESSION-4059a39607153158 → pe:tls:SESSION-4059a39607153158
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-976978a22e52e06d:host:172.234.197.23	SESSION-976978a22e52e06d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10314c25bdbc198a:host:172.234.197.23	SESSION-10314c25bdbc198a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dba7d64f7032fffd:flow:ddc78ca2e1d7	SESSION-dba7d64f7032fffd → flow:ddc78ca2e1d7
FLOW_DST_PORTOBS	e:fp:flow:bc43384c18c9:port:tcp:443	flow:bc43384c18c9 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b09cf74640ed889e:SESSION-b09cf74640ed889e	SESSION-b09cf74640ed889e → pe:tls:SESSION-b09cf74640ed889e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ed79241b929fab43:flow:9e5960016eed	SESSION-ed79241b929fab43 → flow:9e5960016eed
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-567e9582c6914b15:SESSION-567e9582c6914b15	SESSION-567e9582c6914b15 → pe:syn:SESSION-567e9582c6914b15
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c3fa9d5496b14fae:host:131.196.29.113:host:172.234.197.23	SESSION-c3fa9d5496b14fae → host:131.196.29.113 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a29c9496c44f9fe8:flow:7f324461981c	SESSION-a29c9496c44f9fe8 → flow:7f324461981c
FLOW_FROM_HOSTOBS	e:from:SESSION-f49ef9eceb986e78:host:177.10.232.88	SESSION-f49ef9eceb986e78 → host:177.10.232.88
FLOW_FROM_HOSTOBS	e:from:SESSION-74505beccb017396:host:177.10.238.69	SESSION-74505beccb017396 → host:177.10.238.69
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-550b52f6103256cd:SESSION-550b52f6103256cd	SESSION-550b52f6103256cd → pe:tls:SESSION-550b52f6103256cd
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-74f0d8e902dc1bc9:flow:80206823d24b	SESSION-74f0d8e902dc1bc9 → flow:80206823d24b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd6ef4118ff649ff:host:131.196.30.176	SESSION-fd6ef4118ff649ff → host:131.196.30.176
FLOW_TO_HOSTOBS	e:to:SESSION-ee4f55e8adb586c5:host:172.234.197.23	SESSION-ee4f55e8adb586c5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4c6ce7a55e2ab654:SESSION-4c6ce7a55e2ab654	SESSION-4c6ce7a55e2ab654 → pe:syn:SESSION-4c6ce7a55e2ab654
FLOW_FROM_HOSTOBS	e:from:SESSION-3f12e4f5ba81c4d8:host:45.173.156.87	SESSION-3f12e4f5ba81c4d8 → host:45.173.156.87
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-63d746c5afa978f6:SESSION-63d746c5afa978f6	SESSION-63d746c5afa978f6 → pe:tls:SESSION-63d746c5afa978f6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.101:geo_-23.62930_-46.63510	host:131.196.29.101 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-179845184e318961:host:131.196.30.74	SESSION-179845184e318961 → host:131.196.30.74
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-caadff286c632ea0:host:40.177.170.73:host:172.234.197.23	SESSION-caadff286c632ea0 → host:40.177.170.73 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-394aeca8e13c39b2:SESSION-394aeca8e13c39b2	SESSION-394aeca8e13c39b2 → pe:syn:SESSION-394aeca8e13c39b2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b654d700a53d4a94:host:172.234.197.23	SESSION-b654d700a53d4a94 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e76870e292a86821:host:45.173.156.94	SESSION-e76870e292a86821 → host:45.173.156.94
FLOW_DST_PORTOBS	e:fp:flow:5d964dffb085:port:tcp:443	flow:5d964dffb085 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:6b2b23d4f6b2:port:tcp:443	flow:6b2b23d4f6b2 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-a5bede5fedae88e0:host:177.10.237.32	SESSION-a5bede5fedae88e0 → host:177.10.237.32
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e576d93486607572:PCAP:capture_20260430110001:43611bdf6759	SESSION-e576d93486607572 → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.41:asn:262880	host:177.10.237.41 → asn:262880
flow_observed4-aryOBS	e:fo:flow:2bd9596b678e	flow:2bd9596b678e → host:172.234.197.23 → host:177.10.236.92 → port:tcp:42418
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-afb2aada9aae789c:flow:f9683f42cf59	SESSION-afb2aada9aae789c → flow:f9683f42cf59
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9485d3e307f01514:SESSION-9485d3e307f01514	SESSION-9485d3e307f01514 → pe:syn:SESSION-9485d3e307f01514
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb3f1e71e19d60be:host:172.234.197.23	SESSION-bb3f1e71e19d60be → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1b3b25682727ca52:SESSION-1b3b25682727ca52	SESSION-1b3b25682727ca52 → pe:tls:SESSION-1b3b25682727ca52
FLOW_DST_PORTOBS	e:fp:flow:ff968608d852:port:tcp:443	flow:ff968608d852 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4dcbfb7362ab6402:SESSION-4dcbfb7362ab6402	SESSION-4dcbfb7362ab6402 → pe:syn:SESSION-4dcbfb7362ab6402
FLOW_FROM_HOSTOBS	e:from:SESSION-0b2d512f3efc35f9:host:177.10.232.168	SESSION-0b2d512f3efc35f9 → host:177.10.232.168
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2e3f5af343ed075a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2e3f5af343ed075a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:3580ed766290	flow:3580ed766290 → host:172.234.197.23 → host:131.196.30.72 → port:tcp:45022
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b074fbdb748702cc:PCAP:capture_20260430060001:919b39a74464	SESSION-b074fbdb748702cc → PCAP:capture_20260430060001:919b39a74464
flow_observed3-aryOBS	e:fo:flow:b054a34ebbee	flow:b054a34ebbee → host:44.248.141.231 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b117f2a3fa82af67:PCAP:capture_20260430110001:43611bdf6759	SESSION-b117f2a3fa82af67 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-eff9d1155e5c571f:host:177.10.232.251	SESSION-eff9d1155e5c571f → host:177.10.232.251
FLOW_FROM_HOSTOBS	e:from:SESSION-58209016b963372b:host:131.196.31.129	SESSION-58209016b963372b → host:131.196.31.129
FLOW_FROM_HOSTOBS	e:from:SESSION-aab351c0be27393b:host:131.196.29.96	SESSION-aab351c0be27393b → host:131.196.29.96
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-35dc83e37639d031:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-35dc83e37639d031 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-affea3171060a6d3:host:172.234.197.23	SESSION-affea3171060a6d3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0724a1e4ffed:port:tcp:28523	flow:0724a1e4ffed → port:tcp:28523
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-23efb1317beab0b3:SESSION-23efb1317beab0b3	SESSION-23efb1317beab0b3 → pe:syn:SESSION-23efb1317beab0b3
FLOW_DST_PORTOBS	e:fp:flow:fb54a75e6709:port:tcp:443	flow:fb54a75e6709 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2f9ea4c8ad78eb8e:host:172.234.197.23:host:177.10.236.73	SESSION-2f9ea4c8ad78eb8e → host:172.234.197.23 → host:177.10.236.73
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0acd91014f6238ed:host:177.10.236.186	SESSION-0acd91014f6238ed → host:177.10.236.186
flow_observed4-aryOBS	e:fo:flow:13e7e383a869	flow:13e7e383a869 → host:172.234.197.23 → host:177.10.236.221 → port:tcp:30471
FLOW_DST_PORTOBS	e:fp:flow:3577a02a28d0:port:tcp:443	flow:3577a02a28d0 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-bc6a5831c46f644f:host:131.196.28.80	SESSION-bc6a5831c46f644f → host:131.196.28.80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9c211d2931ae713:host:131.196.30.11	SESSION-d9c211d2931ae713 → host:131.196.30.11
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ef7fe2bb78158297:PCAP:capture_20260430060001:919b39a74464	SESSION-ef7fe2bb78158297 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e867c3054a212916:host:172.234.197.23	SESSION-e867c3054a212916 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:fdab01a2611a	flow:fdab01a2611a → host:45.173.156.219 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9d43b9fecb8f031e:PCAP:capture_20260430090001:065659c7d314	SESSION-9d43b9fecb8f031e → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.204:asn:262880	host:177.10.236.204 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c615690895f6d3c9:host:177.10.239.127	SESSION-c615690895f6d3c9 → host:177.10.239.127
FLOW_DST_PORTOBS	e:fp:flow:8687e2ada99c:port:tcp:443	flow:8687e2ada99c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4b447e1896cf3c7e:PCAP:capture_20260430060001:919b39a74464	SESSION-4b447e1896cf3c7e → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ae94ea8b15b44736:host:177.10.232.1:host:172.234.197.23	SESSION-ae94ea8b15b44736 → host:177.10.232.1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-97bd7f793ae0ea11:host:45.173.156.159	SESSION-97bd7f793ae0ea11 → host:45.173.156.159
flow_observed5-aryOBS	e:fo:flow:a926b88006fe	flow:a926b88006fe → host:177.10.232.253 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:b201d08003c8	flow:b201d08003c8 → host:177.10.235.40 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-71340f64d1455f4f:host:16.60.246.31	SESSION-71340f64d1455f4f → host:16.60.246.31
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6457b3248e0b30fe:SESSION-6457b3248e0b30fe	SESSION-6457b3248e0b30fe → pe:tls:SESSION-6457b3248e0b30fe
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3ea63b0a223461f6:flow:da5b9ad5f17e	SESSION-3ea63b0a223461f6 → flow:da5b9ad5f17e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.80:geo_-23.62930_-46.63510	host:131.196.31.80 → geo_-23.62930_-46.63510
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:18.60.59.175:geo_17.38430_78.45830	host:18.60.59.175 → geo_17.38430_78.45830
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-196ad93208fa5be9:host:172.234.197.23	SESSION-196ad93208fa5be9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b7ac209c33b5c7f5:SESSION-b7ac209c33b5c7f5	SESSION-b7ac209c33b5c7f5 → pe:tls:SESSION-b7ac209c33b5c7f5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2dbb680dd253e19c:host:172.234.197.23	SESSION-2dbb680dd253e19c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57d0b948d59d1db4:host:177.10.238.109	SESSION-57d0b948d59d1db4 → host:177.10.238.109
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11e7a161068ba48e:host:177.10.234.69	SESSION-11e7a161068ba48e → host:177.10.234.69
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c1947a05c179b1d2:SESSION-c1947a05c179b1d2	SESSION-c1947a05c179b1d2 → pe:tls:SESSION-c1947a05c179b1d2
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.46:asn:271410	host:131.196.28.46 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1f003ce3fae962ee:flow:65cc5b5651c1	SESSION-1f003ce3fae962ee → flow:65cc5b5651c1
FLOW_FROM_HOSTOBS	e:from:SESSION-9b0c47b1e862acc1:host:131.196.29.165	SESSION-9b0c47b1e862acc1 → host:131.196.29.165
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c6f6eb6f56b12c37:SESSION-c6f6eb6f56b12c37	SESSION-c6f6eb6f56b12c37 → pe:tls:SESSION-c6f6eb6f56b12c37
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab1f168a37fae671:host:172.234.197.23	SESSION-ab1f168a37fae671 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:144.76.23.34:geo_50.47770_12.36490	host:144.76.23.34 → geo_50.47770_12.36490
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8df47c2606014223:host:172.234.197.23	SESSION-8df47c2606014223 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-62d5a334e1fc9bd1:host:177.10.237.213:host:172.234.197.23	SESSION-62d5a334e1fc9bd1 → host:177.10.237.213 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d610f9ec6aa577ae:host:131.196.28.133	SESSION-d610f9ec6aa577ae → host:131.196.28.133
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f6bbc079dc776bc:host:177.10.234.173	SESSION-1f6bbc079dc776bc → host:177.10.234.173
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c439db2cd1990c9:host:172.234.197.23	SESSION-5c439db2cd1990c9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b51fdfa1efbb	flow:b51fdfa1efbb → host:177.10.235.237 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d537e467802bc1c1:PCAP:capture_20260430150001:ded20914761d	SESSION-d537e467802bc1c1 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-b53b1a2dc18d6354:host:172.234.197.23	SESSION-b53b1a2dc18d6354 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b9523bcd246277dc:host:172.234.197.23:host:45.173.156.8	SESSION-b9523bcd246277dc → host:172.234.197.23 → host:45.173.156.8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-31d47da03b5e0774:flow:15bb30ff8217	SESSION-31d47da03b5e0774 → flow:15bb30ff8217
FLOW_FROM_HOSTOBS	e:from:SESSION-3674a7955b512da1:host:177.10.236.117	SESSION-3674a7955b512da1 → host:177.10.236.117
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a1241ed8a2f02aa7:host:177.10.233.90:host:172.234.197.23	SESSION-a1241ed8a2f02aa7 → host:177.10.233.90 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ec00a834c5afff3:host:172.234.197.23:host:177.10.235.107	SESSION-1ec00a834c5afff3 → host:172.234.197.23 → host:177.10.235.107
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8d0bef7920d84e31:flow:05ef07bcb6b2	SESSION-8d0bef7920d84e31 → flow:05ef07bcb6b2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e6d70ae2d31fba9:host:172.234.197.23	SESSION-6e6d70ae2d31fba9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.60:asn:262880	host:177.10.237.60 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-617da6f9980af1b7:host:44.248.141.231	SESSION-617da6f9980af1b7 → host:44.248.141.231
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a498324f9fce7e9:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-0a498324f9fce7e9 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc399ebe92ddbae6:SESSION-cc399ebe92ddbae6	SESSION-cc399ebe92ddbae6 → pe:tls:SESSION-cc399ebe92ddbae6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0b4130b0efbd1505:PCAP:capture_20260430110001:43611bdf6759	SESSION-0b4130b0efbd1505 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-92fb186a1f8eeacc:SESSION-92fb186a1f8eeacc	SESSION-92fb186a1f8eeacc → pe:tls:SESSION-92fb186a1f8eeacc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-570ccd324c759306:SESSION-570ccd324c759306	SESSION-570ccd324c759306 → pe:syn:SESSION-570ccd324c759306
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e652971bc7c2d2d5:host:172.234.197.23	SESSION-e652971bc7c2d2d5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-01c9c3509e882c26:SESSION-01c9c3509e882c26	SESSION-01c9c3509e882c26 → pe:syn:SESSION-01c9c3509e882c26
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b2474eb623db0155:SESSION-b2474eb623db0155	SESSION-b2474eb623db0155 → pe:tls:SESSION-b2474eb623db0155
flow_observed5-aryOBS	e:fo:flow:d284821cdfb8	flow:d284821cdfb8 → host:177.10.235.111 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-7928f63a898f7aac:host:172.234.197.23	SESSION-7928f63a898f7aac → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-eab64f08bdc755fb:host:131.196.28.237	SESSION-eab64f08bdc755fb → host:131.196.28.237
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-367c844590f11a50:SESSION-367c844590f11a50	SESSION-367c844590f11a50 → pe:tls:SESSION-367c844590f11a50
FLOW_FROM_HOSTOBS	e:from:SESSION-c1640005abec031d:host:43.196.122.133	SESSION-c1640005abec031d → host:43.196.122.133
FLOW_DST_PORTOBS	e:fp:flow:960047891931:port:tcp:443	flow:960047891931 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-99752db79d6c830d:SESSION-99752db79d6c830d	SESSION-99752db79d6c830d → pe:tls:SESSION-99752db79d6c830d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-617da6f9980af1b7:flow:dfd7c586d178	SESSION-617da6f9980af1b7 → flow:dfd7c586d178
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f56081dde23b5ed:host:172.234.197.23	SESSION-5f56081dde23b5ed → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60a71bd7fc87f54e:host:89.58.44.225	SESSION-60a71bd7fc87f54e → host:89.58.44.225
flow_observed5-aryOBS	e:fo:flow:1f272876d5bf	flow:1f272876d5bf → host:140.235.124.200 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4b869f0759406bd5:SESSION-4b869f0759406bd5	SESSION-4b869f0759406bd5 → pe:tls:SESSION-4b869f0759406bd5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1af702d2aa4c9d9d:SESSION-1af702d2aa4c9d9d	SESSION-1af702d2aa4c9d9d → pe:syn:SESSION-1af702d2aa4c9d9d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.100:asn:262880	host:177.10.236.100 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.11:asn:262880	host:177.10.233.11 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2387fa1f153c5b33:host:172.234.197.23	SESSION-2387fa1f153c5b33 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.222:geo_-16.28860_-49.01640	host:177.10.234.222 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-98452f7d1a82c494:SESSION-98452f7d1a82c494	SESSION-98452f7d1a82c494 → pe:syn:SESSION-98452f7d1a82c494
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37ba5323333f9720:host:177.10.233.130:host:172.234.197.23	SESSION-37ba5323333f9720 → host:177.10.233.130 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-34cbebf9a190be23:flow:34a634025f7d	SESSION-34cbebf9a190be23 → flow:34a634025f7d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.249:asn:262880	host:177.10.237.249 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-3e05f2032b3abac3:host:172.234.197.23	SESSION-3e05f2032b3abac3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5a6dc0e99827	flow:5a6dc0e99827 → host:172.94.9.253 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-99d609228b1b32ef:SESSION-99d609228b1b32ef	SESSION-99d609228b1b32ef → pe:tls:SESSION-99d609228b1b32ef
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.13:geo_19.07480_72.88560	host:45.145.152.13 → geo_19.07480_72.88560
FLOW_TO_HOSTOBS	e:to:SESSION-5b73ad2a19ec53d4:host:131.196.28.69	SESSION-5b73ad2a19ec53d4 → host:131.196.28.69
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.248:geo_-16.28860_-49.01640	host:177.10.237.248 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f255eba3b0795a16:host:131.196.30.24:host:172.234.197.23	SESSION-f255eba3b0795a16 → host:131.196.30.24 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cdcb5008ac7e3b15:SESSION-cdcb5008ac7e3b15	SESSION-cdcb5008ac7e3b15 → pe:syn:SESSION-cdcb5008ac7e3b15
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-56fe4753b2794494:SESSION-56fe4753b2794494	SESSION-56fe4753b2794494 → pe:tls:SESSION-56fe4753b2794494
FLOW_DST_PORTOBS	e:fp:flow:e7b0e66f989e:port:tcp:40099	flow:e7b0e66f989e → port:tcp:40099
FLOW_TO_HOSTOBS	e:to:SESSION-b330864bc1d39cd9:host:131.196.29.29	SESSION-b330864bc1d39cd9 → host:131.196.29.29
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.122:asn:262880	host:177.10.236.122 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.185:asn:262880	host:177.10.239.185 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47fa70a72a159eed:PCAP:capture_20260430090001:065659c7d314	SESSION-47fa70a72a159eed → PCAP:capture_20260430090001:065659c7d314
flow_observed4-aryOBS	e:fo:flow:24a446a92f0d	flow:24a446a92f0d → host:172.234.197.23 → host:177.10.235.174 → port:tcp:40525
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-35dd0088a1238ab9:host:177.10.238.231:host:172.234.197.23	SESSION-35dd0088a1238ab9 → host:177.10.238.231 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-84669169ffdf0c83:SESSION-84669169ffdf0c83	SESSION-84669169ffdf0c83 → pe:tls:SESSION-84669169ffdf0c83
FLOW_TO_HOSTOBS	e:to:SESSION-0667f103db24cb40:host:172.234.197.23	SESSION-0667f103db24cb40 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.218:asn:262880	host:177.10.236.218 → asn:262880
flow_observed5-aryOBS	e:fo:flow:347e17470bc2	flow:347e17470bc2 → host:131.196.29.214 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:199.16.157.182:asn:13414	host:199.16.157.182 → asn:13414
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3075d8276a1a3ff8:host:172.234.197.23	SESSION-3075d8276a1a3ff8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c4b638117ccca22:host:172.234.197.23	SESSION-0c4b638117ccca22 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c70bd35e108ab91c:host:172.234.197.23	SESSION-c70bd35e108ab91c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:377de2a09526	flow:377de2a09526 → host:45.173.156.111 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.35:geo_-16.28860_-49.01640	host:177.10.238.35 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4341cac0cb5b3aa:host:172.234.197.23	SESSION-b4341cac0cb5b3aa → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-94f17b7b7397155e:SESSION-94f17b7b7397155e	SESSION-94f17b7b7397155e → pe:tls:SESSION-94f17b7b7397155e
FLOW_DST_PORTOBS	e:fp:flow:af26800f6859:port:tcp:35946	flow:af26800f6859 → port:tcp:35946
FLOW_FROM_HOSTOBS	e:from:SESSION-3831f1a5ed6fd2c0:host:172.234.197.23	SESSION-3831f1a5ed6fd2c0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d96c6feac6dadd94:host:177.10.233.115	SESSION-d96c6feac6dadd94 → host:177.10.233.115
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.62:geo_-16.28860_-49.01640	host:177.10.237.62 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46631c2a8361f405:host:172.234.197.23	SESSION-46631c2a8361f405 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5b7ec051587501bc:SESSION-5b7ec051587501bc	SESSION-5b7ec051587501bc → pe:tls:SESSION-5b7ec051587501bc
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:31.40.196.79:geo_41.02140_28.99480	host:31.40.196.79 → geo_41.02140_28.99480
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-31126205fa7b72e3:PCAP:capture_20260430060001:919b39a74464	SESSION-31126205fa7b72e3 → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:51.224.144.61:asn:16509	host:51.224.144.61 → asn:16509
FLOW_TO_HOSTOBS	e:to:SESSION-f40f233058919cef:host:131.196.29.186	SESSION-f40f233058919cef → host:131.196.29.186
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-48482b2d296d23e2:PCAP:capture_20260430160001:9bfa4498506a	SESSION-48482b2d296d23e2 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-2db29654b7388c8c:host:172.234.197.23	SESSION-2db29654b7388c8c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb70871923a8cd06:host:172.234.197.23	SESSION-bb70871923a8cd06 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:435b7b398a65	flow:435b7b398a65 → host:172.234.197.23 → host:131.196.30.37 → port:tcp:19550
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.5:geo_-23.62930_-46.63510	host:131.196.29.5 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ac2cef9f7dcbf562:SESSION-ac2cef9f7dcbf562	SESSION-ac2cef9f7dcbf562 → pe:tls:SESSION-ac2cef9f7dcbf562
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7d9537ea92aed5d6:SESSION-7d9537ea92aed5d6	SESSION-7d9537ea92aed5d6 → pe:syn:SESSION-7d9537ea92aed5d6
flow_observed4-aryOBS	e:fo:flow:79f8753e726b	flow:79f8753e726b → host:172.234.197.23 → host:185.72.218.77 → port:tcp:34035
flow_observed5-aryOBS	e:fo:flow:302afc84d7b6	flow:302afc84d7b6 → host:131.196.30.239 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b43557542c64d676:SESSION-b43557542c64d676	SESSION-b43557542c64d676 → pe:tls:SESSION-b43557542c64d676
FLOW_FROM_HOSTOBS	e:from:SESSION-481702f1e56ec074:host:177.10.239.167	SESSION-481702f1e56ec074 → host:177.10.239.167
FLOW_FROM_HOSTOBS	e:from:SESSION-a437e2422713bf06:host:172.234.197.23	SESSION-a437e2422713bf06 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:4fedbb5ad08e	flow:4fedbb5ad08e → host:172.234.197.23 → host:177.10.237.41 → port:tcp:13408
flow_observed5-aryOBS	e:fo:flow:020c844cd4d3	flow:020c844cd4d3 → host:131.196.30.7 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3b9d914716975ab:host:172.234.197.23	SESSION-c3b9d914716975ab → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d06d4272bf4950c7:host:177.10.234.243:host:172.234.197.23	SESSION-d06d4272bf4950c7 → host:177.10.234.243 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.230:geo_-16.28860_-49.01640	host:177.10.232.230 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-06b5f759c1748871:SESSION-06b5f759c1748871	SESSION-06b5f759c1748871 → pe:syn:SESSION-06b5f759c1748871
HOST_IN_ASNOBS 85%	e:ha:host:54.254.24.234:asn:16509	host:54.254.24.234 → asn:16509
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b1dabd85b6a07947:flow:eb3e9a7dff16	SESSION-b1dabd85b6a07947 → flow:eb3e9a7dff16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1bb46c5efd0c0159:host:172.234.197.23	SESSION-1bb46c5efd0c0159 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2faf2af9b390693e:SESSION-2faf2af9b390693e	SESSION-2faf2af9b390693e → pe:tls:SESSION-2faf2af9b390693e
FLOW_TO_HOSTOBS	e:to:SESSION-1909494739e8c502:host:172.234.197.23	SESSION-1909494739e8c502 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1f991b6c62555b6c:SESSION-1f991b6c62555b6c	SESSION-1f991b6c62555b6c → pe:syn:SESSION-1f991b6c62555b6c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ff9648a7e097bde:host:172.234.197.23	SESSION-7ff9648a7e097bde → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:44.243.2.252:geo_45.84010_-119.70500	host:44.243.2.252 → geo_45.84010_-119.70500
flow_observed4-aryOBS	e:fo:flow:8fd405509a6f	flow:8fd405509a6f → host:172.234.197.23 → host:131.196.31.23 → port:tcp:2605
flow_observed5-aryOBS	e:fo:flow:6bbcc7e0b261	flow:6bbcc7e0b261 → host:131.196.28.163 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:04f29e1a223e:port:tcp:17045	flow:04f29e1a223e → port:tcp:17045
FLOW_TO_HOSTOBS	e:to:SESSION-8578034648884afe:host:172.234.197.23	SESSION-8578034648884afe → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e1ff5f640d9a1d3a:SESSION-e1ff5f640d9a1d3a	SESSION-e1ff5f640d9a1d3a → pe:syn:SESSION-e1ff5f640d9a1d3a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-3cc71da406a2797a:SESSION-3cc71da406a2797a	SESSION-3cc71da406a2797a → pe:rst:SESSION-3cc71da406a2797a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc2cf38876d5e15c:host:177.10.234.93	SESSION-cc2cf38876d5e15c → host:177.10.234.93
FLOW_DST_PORTOBS	e:fp:flow:1d160c4828b5:port:tcp:14382	flow:1d160c4828b5 → port:tcp:14382
FLOW_TO_HOSTOBS	e:to:SESSION-8624692ea119f1f3:host:177.10.238.226	SESSION-8624692ea119f1f3 → host:177.10.238.226
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f49d888fd824b97a:host:177.10.232.204:host:172.234.197.23	SESSION-f49d888fd824b97a → host:177.10.232.204 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:708852c2e77b:port:tcp:443	flow:708852c2e77b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f56538a064e25a46:host:172.234.197.23	SESSION-f56538a064e25a46 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b2a447e74eac:port:tcp:12339	flow:b2a447e74eac → port:tcp:12339
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0796a13a25fe417a:SESSION-0796a13a25fe417a	SESSION-0796a13a25fe417a → pe:syn:SESSION-0796a13a25fe417a
FLOW_FROM_HOSTOBS	e:from:SESSION-bc9c57ce6bc30045:host:172.234.197.23	SESSION-bc9c57ce6bc30045 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.126:geo_-21.10010_-41.69200	host:45.173.156.126 → geo_-21.10010_-41.69200
FLOW_FROM_HOSTOBS	e:from:SESSION-4754bc389b07ad3e:host:131.196.29.138	SESSION-4754bc389b07ad3e → host:131.196.29.138
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2f32bbf866d49408:SESSION-2f32bbf866d49408	SESSION-2f32bbf866d49408 → pe:tls:SESSION-2f32bbf866d49408
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3056fcd37df4e63f:host:131.196.31.105:host:172.234.197.23	SESSION-3056fcd37df4e63f → host:131.196.31.105 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46f70ffa54883bab:host:172.234.197.23	SESSION-46f70ffa54883bab → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-da14485ca0be7376:BSG-DATA_EXFIL-c24d7cb3a7e4	SESSION-da14485ca0be7376 → BSG-DATA_EXFIL-c24d7cb3a7e4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5f6c80d4cd630a20:SESSION-5f6c80d4cd630a20	SESSION-5f6c80d4cd630a20 → pe:syn:SESSION-5f6c80d4cd630a20
FLOW_FROM_HOSTOBS	e:from:SESSION-256da911109eccd4:host:172.234.197.23	SESSION-256da911109eccd4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ba4a623ca0c8731:flow:471482b35982	SESSION-6ba4a623ca0c8731 → flow:471482b35982
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-486ff38c4390c341:flow:ee0c18d7903c	SESSION-486ff38c4390c341 → flow:ee0c18d7903c
FLOW_TO_HOSTOBS	e:to:SESSION-e6f3d2670453324e:host:172.234.197.23	SESSION-e6f3d2670453324e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6c83a3382d975674:SESSION-6c83a3382d975674	SESSION-6c83a3382d975674 → pe:syn:SESSION-6c83a3382d975674
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ffe1a7a04c39301:host:177.10.234.38	SESSION-0ffe1a7a04c39301 → host:177.10.234.38
FLOW_FROM_HOSTOBS	e:from:SESSION-96d412735d478f25:host:131.196.30.183	SESSION-96d412735d478f25 → host:131.196.30.183
flow_observed5-aryOBS	e:fo:flow:b7489016e282	flow:b7489016e282 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
FLOW_TO_HOSTOBS	e:to:SESSION-b145e081d4e87ab3:host:172.234.197.23	SESSION-b145e081d4e87ab3 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.167:geo_-23.62930_-46.63510	host:131.196.29.167 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e44af15232c6a53:host:172.234.197.23	SESSION-8e44af15232c6a53 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51b69a1f49968dce:PCAP:capture_20260430080001:93f47cc296a4	SESSION-51b69a1f49968dce → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:0d96e36b5a5a:port:tcp:443	flow:0d96e36b5a5a → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a770693a19c2c7c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0a770693a19c2c7c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-87462f91a35c5198:host:177.10.238.57	SESSION-87462f91a35c5198 → host:177.10.238.57
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-846d654fbba579ab:PCAP:capture_20260430160001:9bfa4498506a	SESSION-846d654fbba579ab → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-0a88c1288033e7cc:host:172.234.197.23	SESSION-0a88c1288033e7cc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-30ae225adc0bd1e0:SESSION-30ae225adc0bd1e0	SESSION-30ae225adc0bd1e0 → pe:tls:SESSION-30ae225adc0bd1e0
FLOW_DST_PORTOBS	e:fp:flow:009bd5732591:port:tcp:80	flow:009bd5732591 → port:tcp:80
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.56:geo_-16.28860_-49.01640	host:177.10.234.56 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-75251a40e4bc6a46:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-75251a40e4bc6a46 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75f19254cb816cbd:host:172.234.197.23	SESSION-75f19254cb816cbd → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9868c83546c2d563:host:131.196.31.23	SESSION-9868c83546c2d563 → host:131.196.31.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-45f8302f1d804897:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-45f8302f1d804897 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bff0166abbd0d576:host:140.235.124.200	SESSION-bff0166abbd0d576 → host:140.235.124.200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-3a3b1f52ae1679da:SESSION-3a3b1f52ae1679da	SESSION-3a3b1f52ae1679da → pe:rst:SESSION-3a3b1f52ae1679da
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc7ab250b87b35be:host:177.10.236.142	SESSION-cc7ab250b87b35be → host:177.10.236.142
flow_observed5-aryOBS	e:fo:flow:abc8fc2a68c4	flow:abc8fc2a68c4 → host:177.10.234.63 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca59b4a9ab5138ce:host:177.10.238.10	SESSION-ca59b4a9ab5138ce → host:177.10.238.10
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7d6af4ef287316d5:SESSION-7d6af4ef287316d5	SESSION-7d6af4ef287316d5 → pe:tls:SESSION-7d6af4ef287316d5
flow_observed5-aryOBS	e:fo:flow:3c848c17c142	flow:3c848c17c142 → host:177.10.236.39 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:defe2d99c9e5:port:tcp:443	flow:defe2d99c9e5 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:44f3c39a6640	flow:44f3c39a6640 → host:172.234.197.23 → host:177.10.237.2 → port:tcp:51505
FLOW_TO_HOSTOBS	e:to:SESSION-a3a44f67a1174447:host:172.234.197.23	SESSION-a3a44f67a1174447 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ed37df036f91c955:host:172.234.197.23:host:131.196.31.174	SESSION-ed37df036f91c955 → host:172.234.197.23 → host:131.196.31.174
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.116:geo_-23.62930_-46.63510	host:131.196.29.116 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a33620a262b3196:SESSION-4a33620a262b3196	SESSION-4a33620a262b3196 → pe:syn:SESSION-4a33620a262b3196
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7440e76ff1d72d2f:PCAP:capture_20260428010001:b1b402c7b202	SESSION-7440e76ff1d72d2f → PCAP:capture_20260428010001:b1b402c7b202
FLOW_TO_HOSTOBS	e:to:SESSION-158ec8f739ce5586:host:172.234.197.23	SESSION-158ec8f739ce5586 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9ab65b5d8a01cf3d:host:172.234.197.23	SESSION-9ab65b5d8a01cf3d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-38485db7731deeee:host:172.234.197.23:host:177.10.233.53	SESSION-38485db7731deeee → host:172.234.197.23 → host:177.10.233.53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5b7661178bc9fc6:host:172.234.197.23	SESSION-a5b7661178bc9fc6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2c26000380dd:port:tcp:443	flow:2c26000380dd → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72e48e4dc313a64d:host:172.234.197.23	SESSION-72e48e4dc313a64d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.247:geo_-23.62930_-46.63510	host:131.196.28.247 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a904c233015ef9c:host:172.234.197.23:host:177.10.236.166	SESSION-4a904c233015ef9c → host:172.234.197.23 → host:177.10.236.166
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dc085f76ab1a4e2b:host:172.234.197.23	SESSION-dc085f76ab1a4e2b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9c596c163b79d372:flow:3cfb47e7be4e	SESSION-9c596c163b79d372 → flow:3cfb47e7be4e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.67:geo_-21.10010_-41.69200	host:45.173.156.67 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ec373193747138e2:flow:05da84aac06b	SESSION-ec373193747138e2 → flow:05da84aac06b
FLOW_TO_HOSTOBS	e:to:SESSION-e3b214bdb989f663:host:172.234.197.23	SESSION-e3b214bdb989f663 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6682b9978761b80b:host:172.234.197.23	SESSION-6682b9978761b80b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-110ce59a2a29ac0c:SESSION-110ce59a2a29ac0c	SESSION-110ce59a2a29ac0c → pe:tls:SESSION-110ce59a2a29ac0c
flow_observed4-aryOBS	e:fo:flow:16f299dc4ccd	flow:16f299dc4ccd → host:172.234.197.23 → host:177.10.234.36 → port:tcp:31347
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0393cf21271be7e9:SESSION-0393cf21271be7e9	SESSION-0393cf21271be7e9 → pe:syn:SESSION-0393cf21271be7e9
FLOW_TO_HOSTOBS	e:to:SESSION-c4145be500857fbf:host:172.234.197.23	SESSION-c4145be500857fbf → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-dae3e228e98c74e4:host:172.234.197.23	SESSION-dae3e228e98c74e4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:58f5f0dbd944:port:tcp:443	flow:58f5f0dbd944 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:342afbe20bfa	flow:342afbe20bfa → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
flow_observed4-aryOBS	e:fo:flow:0d73374bf7ca	flow:0d73374bf7ca → host:172.234.197.23 → host:45.173.156.43 → port:tcp:50305
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-829f75d99e4943bf:SESSION-829f75d99e4943bf	SESSION-829f75d99e4943bf → pe:tls:SESSION-829f75d99e4943bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d6e7d46ad1b0c983:host:131.196.30.62:host:172.234.197.23	SESSION-d6e7d46ad1b0c983 → host:131.196.30.62 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6d44dc6146dcb58:host:177.10.239.109	SESSION-b6d44dc6146dcb58 → host:177.10.239.109
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.26:asn:271410	host:131.196.29.26 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-924bf50c0164bb1b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-924bf50c0164bb1b → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9ada05a103ba2b64:host:172.234.197.23:host:131.196.29.4	SESSION-9ada05a103ba2b64 → host:172.234.197.23 → host:131.196.29.4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47fcc0d7da6d7c1a:host:172.234.197.23:host:177.10.239.11	SESSION-47fcc0d7da6d7c1a → host:172.234.197.23 → host:177.10.239.11
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.79:geo_-23.62930_-46.63510	host:131.196.31.79 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:7c9996f23e8d:port:tcp:15960	flow:7c9996f23e8d → port:tcp:15960
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-320a5544f819c3b7:flow:8985c0366690	SESSION-320a5544f819c3b7 → flow:8985c0366690
FLOW_DST_PORTOBS	e:fp:flow:07c70264eacd:port:tcp:443	flow:07c70264eacd → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-54da05b162213325:SESSION-54da05b162213325	SESSION-54da05b162213325 → pe:tls:SESSION-54da05b162213325
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-95152bde385a2e89:host:172.234.197.23	SESSION-95152bde385a2e89 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa515f25c4c77655:host:177.10.239.12	SESSION-aa515f25c4c77655 → host:177.10.239.12
FLOW_DST_PORTOBS	e:fp:flow:a4cb28579aef:port:tcp:54796	flow:a4cb28579aef → port:tcp:54796
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.201:geo_-16.28860_-49.01640	host:177.10.236.201 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-414103fa622913fc:host:172.234.197.23	SESSION-414103fa622913fc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-586aad203217304c:host:172.234.197.23	SESSION-586aad203217304c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8b14f4f7e9ebbac1:flow:99ab03576013	SESSION-8b14f4f7e9ebbac1 → flow:99ab03576013
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.131:geo_41.00190_28.96450	host:92.112.71.131 → geo_41.00190_28.96450
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.81:asn:271410	host:131.196.28.81 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21a19991d129ba18:host:177.10.237.35	SESSION-21a19991d129ba18 → host:177.10.237.35
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.77:asn:262880	host:177.10.233.77 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-edfeffbce5127655:PCAP:capture_20260430160001:9bfa4498506a	SESSION-edfeffbce5127655 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5a5092ccda361ecd:host:177.10.237.226:host:172.234.197.23	SESSION-5a5092ccda361ecd → host:177.10.237.226 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9f597f69b0915b82:host:170.106.14.53	SESSION-9f597f69b0915b82 → host:170.106.14.53
FLOW_FROM_HOSTOBS	e:from:SESSION-29bd7d52bed21c18:host:131.196.30.49	SESSION-29bd7d52bed21c18 → host:131.196.30.49
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6bdebc30581f3c5f:flow:32fced2fce95	SESSION-6bdebc30581f3c5f → flow:32fced2fce95
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.180:asn:262880	host:177.10.238.180 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-854a13cbd553e198:host:45.173.156.206:host:172.234.197.23	SESSION-854a13cbd553e198 → host:45.173.156.206 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5cdb2ff7fda09377:host:54.201.215.37:host:172.234.197.23	SESSION-5cdb2ff7fda09377 → host:54.201.215.37 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5e220c81ec884c58:host:172.234.197.23	SESSION-5e220c81ec884c58 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1a52ffd6f24f0f87:PCAP:capture_20260430090001:065659c7d314	SESSION-1a52ffd6f24f0f87 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b7ec051587501bc:flow:e8541a690a9e	SESSION-5b7ec051587501bc → flow:e8541a690a9e
FLOW_TO_HOSTOBS	e:to:SESSION-80f68e8f687f2dc5:host:172.234.197.23	SESSION-80f68e8f687f2dc5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf36cee0aa989ce3:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-bf36cee0aa989ce3 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b8f2b3515afd502b:SESSION-b8f2b3515afd502b	SESSION-b8f2b3515afd502b → pe:tls:SESSION-b8f2b3515afd502b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d47b6311855994f0:host:131.196.28.165:host:172.234.197.23	SESSION-d47b6311855994f0 → host:131.196.28.165 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:224adaf0ad90	flow:224adaf0ad90 → host:131.196.29.254 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.144:asn:203771	host:185.231.226.144 → asn:203771
flow_observed4-aryOBS	e:fo:flow:2d55873e56af	flow:2d55873e56af → host:172.234.197.23 → host:131.196.31.86 → port:tcp:14893
FLOW_FROM_HOSTOBS	e:from:SESSION-133d7db2ccbe04c8:host:172.234.197.23	SESSION-133d7db2ccbe04c8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:253dd770fdc9	flow:253dd770fdc9 → host:199.16.157.182 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:85fc1fdd3721:port:tcp:45105	flow:85fc1fdd3721 → port:tcp:45105
HOST_IN_ASNOBS 85%	e:ha:host:44.243.2.252:asn:16509	host:44.243.2.252 → asn:16509
FLOW_DST_PORTOBS	e:fp:flow:3a218ba43b50:port:tcp:443	flow:3a218ba43b50 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7139746cbd677852:SESSION-7139746cbd677852	SESSION-7139746cbd677852 → pe:tls:SESSION-7139746cbd677852
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b135329a33dc60c2:flow:70e6dbadc53e	SESSION-b135329a33dc60c2 → flow:70e6dbadc53e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1d152bdff2d4d10:host:172.234.197.23	SESSION-d1d152bdff2d4d10 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c59b4943b687	flow:c59b4943b687 → host:131.196.31.100 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6667ca1b9f8ba8d1:flow:5ba485b7e96f	SESSION-6667ca1b9f8ba8d1 → flow:5ba485b7e96f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d0cd9b8959e0e89e:SESSION-d0cd9b8959e0e89e	SESSION-d0cd9b8959e0e89e → pe:syn:SESSION-d0cd9b8959e0e89e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca44e56e93546a2c:host:131.196.31.185	SESSION-ca44e56e93546a2c → host:131.196.31.185
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5a6e84a9f98e2c60:PCAP:capture_20260430090001:065659c7d314	SESSION-5a6e84a9f98e2c60 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3393fca13374f4c8:host:177.10.239.109	SESSION-3393fca13374f4c8 → host:177.10.239.109
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3839adbba9942939:host:131.196.30.213	SESSION-3839adbba9942939 → host:131.196.30.213
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-333a850c89106bc0:SESSION-333a850c89106bc0	SESSION-333a850c89106bc0 → pe:tls:SESSION-333a850c89106bc0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-36b6bef962351df3:flow:e0ae4a4ac42f	SESSION-36b6bef962351df3 → flow:e0ae4a4ac42f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-67fb5a3b6b27b953:SESSION-67fb5a3b6b27b953	SESSION-67fb5a3b6b27b953 → pe:syn:SESSION-67fb5a3b6b27b953
flow_observed5-aryOBS	e:fo:flow:d75495d61e34	flow:d75495d61e34 → host:131.196.31.94 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bd554b279ca00d73:PCAP:capture_20260430050001:8868731bf8a4	SESSION-bd554b279ca00d73 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-72859a91c292f326:host:172.234.197.23	SESSION-72859a91c292f326 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-da61b01cc679b249:PCAP:capture_20260430160001:9bfa4498506a	SESSION-da61b01cc679b249 → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.109:geo_41.00190_28.96450	host:92.112.71.109 → geo_41.00190_28.96450
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f81fa7919a8c03a8:flow:751d99601d60	SESSION-f81fa7919a8c03a8 → flow:751d99601d60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72786bca04f1b5c7:host:172.234.197.23	SESSION-72786bca04f1b5c7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-57e30ec2e308e552:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-57e30ec2e308e552 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-70f9355e024c975b:host:131.196.31.13	SESSION-70f9355e024c975b → host:131.196.31.13
FLOW_DST_PORTOBS	e:fp:flow:b62bf8afb52c:port:tcp:443	flow:b62bf8afb52c → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-98083f958ccf36d4:SESSION-98083f958ccf36d4	SESSION-98083f958ccf36d4 → pe:syn:SESSION-98083f958ccf36d4
FLOW_DST_PORTOBS	e:fp:flow:ef75b0633734:port:tcp:443	flow:ef75b0633734 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:38454e7c329d:port:tcp:49780	flow:38454e7c329d → port:tcp:49780
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3fa9d5496b14fae:host:131.196.29.113	SESSION-c3fa9d5496b14fae → host:131.196.29.113
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a5b7661178bc9fc6:host:131.196.29.184:host:172.234.197.23	SESSION-a5b7661178bc9fc6 → host:131.196.29.184 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-af4f3fe4058b61ab:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-af4f3fe4058b61ab → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-164d60043533ec4c:host:172.234.197.23	SESSION-164d60043533ec4c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a523da3aafeb	flow:a523da3aafeb → host:177.10.233.212 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a782bfdef89df980:PCAP:capture_20260430090001:065659c7d314	SESSION-a782bfdef89df980 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-295c5f4e2a8126b8:PCAP:capture_20260430070001:903a0e7a436b	SESSION-295c5f4e2a8126b8 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-366e271d3ddb3e11:host:172.234.197.23	SESSION-366e271d3ddb3e11 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-728f64f1954defae:SESSION-728f64f1954defae	SESSION-728f64f1954defae → pe:tls:SESSION-728f64f1954defae
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f9ddceec57447449:SESSION-f9ddceec57447449	SESSION-f9ddceec57447449 → pe:tls:SESSION-f9ddceec57447449
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.179:asn:262880	host:177.10.235.179 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.54:asn:262880	host:177.10.238.54 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.201:geo_-16.28860_-49.01640	host:177.10.237.201 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:2f78094d02f5	flow:2f78094d02f5 → host:45.145.152.227 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_TO_HOSTOBS	e:to:SESSION-37617ebce6c7f9ac:host:177.10.234.44	SESSION-37617ebce6c7f9ac → host:177.10.234.44
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-608f6686d64f8e3e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-608f6686d64f8e3e → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-ed80052f988e41bd:host:172.234.197.23	SESSION-ed80052f988e41bd → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.202:geo_-16.28860_-49.01640	host:177.10.235.202 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:73763aa195b9	flow:73763aa195b9 → host:177.10.234.224 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a98ae7d95e9a62c0:SESSION-a98ae7d95e9a62c0	SESSION-a98ae7d95e9a62c0 → pe:syn:SESSION-a98ae7d95e9a62c0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1995c5dc0203e07b:flow:df3236181306	SESSION-1995c5dc0203e07b → flow:df3236181306
flow_observed5-aryOBS	e:fo:flow:d103874e528f	flow:d103874e528f → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-828db1ebc34fa50a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-828db1ebc34fa50a → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6aacd35f912a2971:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6aacd35f912a2971 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-12cb447eb42d83b5:SESSION-12cb447eb42d83b5	SESSION-12cb447eb42d83b5 → pe:syn:SESSION-12cb447eb42d83b5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-113354c1b6207940:host:131.196.30.196	SESSION-113354c1b6207940 → host:131.196.30.196
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1b4aebfef6c24ca0:SESSION-1b4aebfef6c24ca0	SESSION-1b4aebfef6c24ca0 → pe:tls:SESSION-1b4aebfef6c24ca0
FLOW_TO_HOSTOBS	e:to:SESSION-5739ac8f3bafac6c:host:172.234.197.23	SESSION-5739ac8f3bafac6c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bfd0325eab2c:port:tcp:45908	flow:bfd0325eab2c → port:tcp:45908
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07bcf39894ea5ee9:host:172.234.197.23	SESSION-07bcf39894ea5ee9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.231:asn:273470	host:45.173.156.231 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5ba4a44df249a00:host:172.234.197.23	SESSION-e5ba4a44df249a00 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:7a63b1bfd4f1	flow:7a63b1bfd4f1 → host:172.234.197.23 → host:131.196.29.3 → port:tcp:44277
FLOW_DST_PORTOBS	e:fp:flow:5bdf9bbf4f3e:port:tcp:80	flow:5bdf9bbf4f3e → port:tcp:80
FLOW_TO_HOSTOBS	e:to:SESSION-47fbdf6c3cd24fcc:host:172.234.197.23	SESSION-47fbdf6c3cd24fcc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-1311876ef555b88e:SESSION-1311876ef555b88e	SESSION-1311876ef555b88e → pe:dns:SESSION-1311876ef555b88e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f44e90059c2f2195:host:136.243.57.208:host:172.234.197.23	SESSION-f44e90059c2f2195 → host:136.243.57.208 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b57c4e647c9921c9:SESSION-b57c4e647c9921c9	SESSION-b57c4e647c9921c9 → pe:tls:SESSION-b57c4e647c9921c9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-84d5ccfdbe119076:SESSION-84d5ccfdbe119076	SESSION-84d5ccfdbe119076 → pe:syn:SESSION-84d5ccfdbe119076
FLOW_FROM_HOSTOBS	e:from:SESSION-745ac23dbe7bf2d2:host:177.10.233.53	SESSION-745ac23dbe7bf2d2 → host:177.10.233.53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3930651da0a26cb4:SESSION-3930651da0a26cb4	SESSION-3930651da0a26cb4 → pe:syn:SESSION-3930651da0a26cb4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b9fb0652618e8095:host:177.10.233.120:host:172.234.197.23	SESSION-b9fb0652618e8095 → host:177.10.233.120 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:51011bc622ec	flow:51011bc622ec → host:131.196.31.10 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:12c18556932b	flow:12c18556932b → host:177.10.237.63 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TLS_SNIOBS	e:fs:flow:afd09763fa29:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:afd09763fa29 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a0d556a7af957b2:host:172.234.197.23	SESSION-2a0d556a7af957b2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c0f21a1d46f067dc:host:172.234.197.23	SESSION-c0f21a1d46f067dc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-042ef885e77347e7:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-042ef885e77347e7 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:2d8b8a6b6bad	flow:2d8b8a6b6bad → host:131.196.28.27 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:7672d031626b:port:tcp:52496	flow:7672d031626b → port:tcp:52496
flow_observed4-aryOBS	e:fo:flow:517307bd400e	flow:517307bd400e → host:172.234.197.23 → host:177.10.236.51 → port:tcp:919
flow_observed5-aryOBS	e:fo:flow:b827d514f40a	flow:b827d514f40a → host:131.196.30.143 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3f936e849fecda0:host:172.234.197.23	SESSION-e3f936e849fecda0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5d45bed796decc2:host:172.234.197.23	SESSION-b5d45bed796decc2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-968009a702657adb:flow:1eb29619512d	SESSION-968009a702657adb → flow:1eb29619512d
FLOW_DST_PORTOBS	e:fp:flow:6cb039b7cca8:port:tcp:443	flow:6cb039b7cca8 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d2c659a567a628e2:SESSION-d2c659a567a628e2	SESSION-d2c659a567a628e2 → pe:tls:SESSION-d2c659a567a628e2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a2f802a56d8e0d79:host:131.196.31.49:host:172.234.197.23	SESSION-a2f802a56d8e0d79 → host:131.196.31.49 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3a99ef89e8b00159:SESSION-3a99ef89e8b00159	SESSION-3a99ef89e8b00159 → pe:tls:SESSION-3a99ef89e8b00159
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a8376f0f57e00ff1:host:172.234.197.23	SESSION-a8376f0f57e00ff1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-78b89cf411e3ebb4:SESSION-78b89cf411e3ebb4	SESSION-78b89cf411e3ebb4 → pe:tls:SESSION-78b89cf411e3ebb4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1b9f91f77c860b7c:host:131.196.28.151	SESSION-1b9f91f77c860b7c → host:131.196.28.151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-065b3042ded53057:SESSION-065b3042ded53057	SESSION-065b3042ded53057 → pe:syn:SESSION-065b3042ded53057
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.238:asn:262880	host:177.10.234.238 → asn:262880
flow_observed5-aryOBS	e:fo:flow:ad5526ffb021	flow:ad5526ffb021 → host:131.196.30.143 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5eed95be9c1a7022:SESSION-5eed95be9c1a7022	SESSION-5eed95be9c1a7022 → pe:tls:SESSION-5eed95be9c1a7022
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5826a910dfa3cb7f:host:172.234.197.23	SESSION-5826a910dfa3cb7f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b8dc993a043c8fb1:PCAP:capture_20260430150001:ded20914761d	SESSION-b8dc993a043c8fb1 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3a286fa1508a759d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-3a286fa1508a759d → PCAP:capture_20260430080001:93f47cc296a4
flow_observed4-aryOBS	e:fo:flow:27138d8d3319	flow:27138d8d3319 → host:172.234.197.23 → host:131.196.29.67 → port:tcp:25397
flow_observed5-aryOBS	e:fo:flow:ef6a8df5e96a	flow:ef6a8df5e96a → host:131.196.29.85 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eade11f9b06e449a:host:45.173.156.109	SESSION-eade11f9b06e449a → host:45.173.156.109
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-78b89cf411e3ebb4:flow:2ff80900d1bb	SESSION-78b89cf411e3ebb4 → flow:2ff80900d1bb
flow_observed4-aryOBS	e:fo:flow:971244252930	flow:971244252930 → host:172.234.197.23 → host:177.10.238.50 → port:tcp:49243
FLOW_TO_HOSTOBS	e:to:SESSION-09e9de69a12074bb:host:172.234.197.23	SESSION-09e9de69a12074bb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-561fca01c9d6b351:host:131.196.30.72	SESSION-561fca01c9d6b351 → host:131.196.30.72
FLOW_FROM_HOSTOBS	e:from:SESSION-fe8408bb8c62f3c7:host:177.10.236.235	SESSION-fe8408bb8c62f3c7 → host:177.10.236.235
FLOW_FROM_HOSTOBS	e:from:SESSION-23dcfe77dd45a14a:host:131.196.28.106	SESSION-23dcfe77dd45a14a → host:131.196.28.106
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b96b3cde986adfb1:host:3.103.179.97:host:172.234.197.23	SESSION-b96b3cde986adfb1 → host:3.103.179.97 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d0d81899cf28:port:tcp:443	flow:d0d81899cf28 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96298fdbde5cf19b:host:131.196.29.234	SESSION-96298fdbde5cf19b → host:131.196.29.234
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7d1c756fff84e2d4:SESSION-7d1c756fff84e2d4	SESSION-7d1c756fff84e2d4 → pe:tls:SESSION-7d1c756fff84e2d4
flow_observed5-aryOBS	e:fo:flow:a2e558ecc3f4	flow:a2e558ecc3f4 → host:177.10.233.116 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4f766219ab3f1d4b:PCAP:capture_20260430090001:065659c7d314	SESSION-4f766219ab3f1d4b → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ac3b19d6233e6f7:host:131.196.30.107:host:172.234.197.23	SESSION-2ac3b19d6233e6f7 → host:131.196.30.107 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9582152c6f7e826d:host:177.10.239.108	SESSION-9582152c6f7e826d → host:177.10.239.108
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b01750df014e0bb:host:44.247.223.188	SESSION-5b01750df014e0bb → host:44.247.223.188
FLOW_TO_HOSTOBS	e:to:SESSION-c83e078f141652ea:host:131.196.30.107	SESSION-c83e078f141652ea → host:131.196.30.107
FLOW_FROM_HOSTOBS	e:from:SESSION-2c2ee5c4e3db47f8:host:51.161.119.157	SESSION-2c2ee5c4e3db47f8 → host:51.161.119.157
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.224:asn:271410	host:131.196.29.224 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ead89ade728d357d:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-ead89ade728d357d → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2d2e0adb85f8f3e:host:131.196.28.21	SESSION-d2d2e0adb85f8f3e → host:131.196.28.21
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9b0c47b1e862acc1:SESSION-9b0c47b1e862acc1	SESSION-9b0c47b1e862acc1 → pe:tls:SESSION-9b0c47b1e862acc1
flow_observed5-aryOBS	e:fo:flow:863cf77a74ad	flow:863cf77a74ad → host:177.10.233.204 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4076f0f6734ca69:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-d4076f0f6734ca69 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-378aa47dbf901697:SESSION-378aa47dbf901697	SESSION-378aa47dbf901697 → pe:syn:SESSION-378aa47dbf901697
FLOW_TO_HOSTOBS	e:to:SESSION-99eb989e9371b0fb:host:172.234.197.23	SESSION-99eb989e9371b0fb → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-aa8465f08de511a2:SESSION-aa8465f08de511a2	SESSION-aa8465f08de511a2 → pe:tls:SESSION-aa8465f08de511a2
FLOW_DST_PORTOBS	e:fp:flow:ffb76f649537:port:tcp:28417	flow:ffb76f649537 → port:tcp:28417
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f86e42aef9b2f482:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f86e42aef9b2f482 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-aa4dbd42e40690e9:host:177.10.238.70	SESSION-aa4dbd42e40690e9 → host:177.10.238.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-848ab23bc1105d57:SESSION-848ab23bc1105d57	SESSION-848ab23bc1105d57 → pe:syn:SESSION-848ab23bc1105d57
FLOW_TO_HOSTOBS	e:to:SESSION-ba981a6eb39461c8:host:172.234.197.23	SESSION-ba981a6eb39461c8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5b1f042103d1727f:SESSION-5b1f042103d1727f	SESSION-5b1f042103d1727f → pe:tls:SESSION-5b1f042103d1727f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4298399acb708ae5:PCAP:capture_20260430150001:ded20914761d	SESSION-4298399acb708ae5 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-e3944d5014504521:host:172.234.197.23	SESSION-e3944d5014504521 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:13de59122b35	flow:13de59122b35 → host:131.196.31.244 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:30a23d21f13c	flow:30a23d21f13c → host:131.196.31.148 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-589f676f16819868:SESSION-589f676f16819868	SESSION-589f676f16819868 → pe:tls:SESSION-589f676f16819868
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8c917f93463d3774:flow:cb47bc720a0a	SESSION-8c917f93463d3774 → flow:cb47bc720a0a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a038f6735218c73a:host:172.234.197.23	SESSION-a038f6735218c73a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-97a722c9ef92a65e:host:45.173.156.163:host:172.234.197.23	SESSION-97a722c9ef92a65e → host:45.173.156.163 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db1ee555567b9b22:flow:938135b0a0a2	SESSION-db1ee555567b9b22 → flow:938135b0a0a2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-759329d52e4cabab:SESSION-759329d52e4cabab	SESSION-759329d52e4cabab → pe:dns:SESSION-759329d52e4cabab
FLOW_DST_PORTOBS	e:fp:flow:2d5bc9418602:port:tcp:443	flow:2d5bc9418602 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8bf7420041ec56c9:host:172.234.197.23:host:177.10.232.19	SESSION-8bf7420041ec56c9 → host:172.234.197.23 → host:177.10.232.19
FLOW_FROM_HOSTOBS	e:from:SESSION-d4673fb47ee0c5a9:host:177.10.239.11	SESSION-d4673fb47ee0c5a9 → host:177.10.239.11
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-82fb3096076edb8c:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-82fb3096076edb8c → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ef849695f946a5ec:SESSION-ef849695f946a5ec	SESSION-ef849695f946a5ec → pe:syn:SESSION-ef849695f946a5ec
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0d59ff2f2672e21c:flow:ced9ee95145c	SESSION-0d59ff2f2672e21c → flow:ced9ee95145c
FLOW_TO_HOSTOBS	e:to:SESSION-002a4fad2ef08bcf:host:172.234.197.23	SESSION-002a4fad2ef08bcf → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4bf01cc984d6:port:tcp:443	flow:4bf01cc984d6 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1c0e460ce34915ff:host:172.234.197.23:host:131.196.28.231	SESSION-1c0e460ce34915ff → host:172.234.197.23 → host:131.196.28.231
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4619747059efac6f:host:172.234.197.23	SESSION-4619747059efac6f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f377c5e49ededc1c:host:172.234.197.23:host:131.196.29.186	SESSION-f377c5e49ededc1c → host:172.234.197.23 → host:131.196.29.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5080263f1b2fd5b9:host:45.173.156.111	SESSION-5080263f1b2fd5b9 → host:45.173.156.111
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd2e4550d5ebaf09:host:177.10.235.197	SESSION-fd2e4550d5ebaf09 → host:177.10.235.197
FLOW_TO_HOSTOBS	e:to:SESSION-8c1a20baa14a0758:host:131.196.28.22	SESSION-8c1a20baa14a0758 → host:131.196.28.22
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3094c6d527f665e9:SESSION-3094c6d527f665e9	SESSION-3094c6d527f665e9 → pe:syn:SESSION-3094c6d527f665e9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5e5c0136d660133a:host:172.234.197.23:host:177.10.237.216	SESSION-5e5c0136d660133a → host:172.234.197.23 → host:177.10.237.216
FLOW_TO_HOSTOBS	e:to:SESSION-94e9de291da3c2c9:host:172.234.197.23	SESSION-94e9de291da3c2c9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-091ae841df8cdc2c:flow:9e20558c2d4e	SESSION-091ae841df8cdc2c → flow:9e20558c2d4e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.122:asn:262880	host:177.10.232.122 → asn:262880
flow_observed3-aryOBS	e:fo:flow:7aa69b7f39c1	flow:7aa69b7f39c1 → host:35.92.48.165 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f81fa7919a8c03a8:host:177.10.235.40	SESSION-f81fa7919a8c03a8 → host:177.10.235.40
FLOW_TO_HOSTOBS	e:to:SESSION-3fe48e08f3f123e2:host:131.196.30.114	SESSION-3fe48e08f3f123e2 → host:131.196.30.114
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-78ad99b8772b1e3f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-78ad99b8772b1e3f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fc6dd1896fecefa:host:172.234.197.23	SESSION-1fc6dd1896fecefa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dee230b22d739e8a:host:172.234.197.23	SESSION-dee230b22d739e8a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-36d925db3c3b2591:PCAP:capture_20260430060001:919b39a74464	SESSION-36d925db3c3b2591 → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:7f24ac272d2b	flow:7f24ac272d2b → host:92.112.71.248 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.161:geo_-16.28860_-49.01640	host:177.10.234.161 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-106a8139a282a728:host:131.196.31.144:host:172.234.197.23	SESSION-106a8139a282a728 → host:131.196.31.144 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6a9e4c3921500675:host:177.10.236.84:host:172.234.197.23	SESSION-6a9e4c3921500675 → host:177.10.236.84 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4898aa8f3840ecd5:host:172.234.197.23	SESSION-4898aa8f3840ecd5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cef4b415a72da702:host:172.234.197.23	SESSION-cef4b415a72da702 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bcd94ff2cea5ca72:host:172.234.197.23	SESSION-bcd94ff2cea5ca72 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:f8b646b92b02	flow:f8b646b92b02 → host:131.196.31.46 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56fe4753b2794494:host:177.10.237.38	SESSION-56fe4753b2794494 → host:177.10.237.38
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f580776b9a7f0d25:host:172.234.197.23	SESSION-f580776b9a7f0d25 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9222c19da42c0aaa:SESSION-9222c19da42c0aaa	SESSION-9222c19da42c0aaa → pe:tls:SESSION-9222c19da42c0aaa
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.242:asn:262880	host:177.10.239.242 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-59a63fae51b24a38:SESSION-59a63fae51b24a38	SESSION-59a63fae51b24a38 → pe:tls:SESSION-59a63fae51b24a38
FLOW_DST_PORTOBS	e:fp:flow:f35e8598c21e:port:tcp:61056	flow:f35e8598c21e → port:tcp:61056
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8feeff9d44d6e844:SESSION-8feeff9d44d6e844	SESSION-8feeff9d44d6e844 → pe:tls:SESSION-8feeff9d44d6e844
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-88a21eebc91cc549:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-88a21eebc91cc549 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4387fd9792a7eb8a:host:131.196.30.207	SESSION-4387fd9792a7eb8a → host:131.196.30.207
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-35dd0088a1238ab9:flow:618c010170a5	SESSION-35dd0088a1238ab9 → flow:618c010170a5
FLOW_DST_PORTOBS	e:fp:flow:547724b76d59:port:tcp:443	flow:547724b76d59 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-6e612a684f25ac0f:host:177.10.238.193	SESSION-6e612a684f25ac0f → host:177.10.238.193
FLOW_FROM_HOSTOBS	e:from:SESSION-30f00b6e6078f800:host:172.234.197.23	SESSION-30f00b6e6078f800 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-954ce8dcd8b034e5:host:142.132.190.158:host:172.234.197.23	SESSION-954ce8dcd8b034e5 → host:142.132.190.158 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b3b2d33602e817e1:flow:5e762bb85ae7	SESSION-b3b2d33602e817e1 → flow:5e762bb85ae7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.109:geo_-16.28860_-49.01640	host:177.10.232.109 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.73:asn:271410	host:131.196.29.73 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9d9c8489868c7191:PCAP:capture_20260430070001:903a0e7a436b	SESSION-9d9c8489868c7191 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.28:geo_-23.62930_-46.63510	host:131.196.28.28 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-96272a0a54480e7a:host:172.234.197.23	SESSION-96272a0a54480e7a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0827c1c94491daec:flow:054a59fb275e	SESSION-0827c1c94491daec → flow:054a59fb275e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.140:geo_-16.28860_-49.01640	host:177.10.234.140 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b849b4bd4115608f:host:177.10.239.150:host:172.234.197.23	SESSION-b849b4bd4115608f → host:177.10.239.150 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cef4b415a72da702:host:177.10.235.14	SESSION-cef4b415a72da702 → host:177.10.235.14
FLOW_TO_HOSTOBS	e:to:SESSION-f0f5313432825fa0:host:172.234.197.23	SESSION-f0f5313432825fa0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-133d7db2ccbe04c8:host:177.10.233.192	SESSION-133d7db2ccbe04c8 → host:177.10.233.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-96b1ae4f2b433079:SESSION-96b1ae4f2b433079	SESSION-96b1ae4f2b433079 → pe:tls:SESSION-96b1ae4f2b433079
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ca0d45baeb856677:host:177.10.233.211:host:172.234.197.23	SESSION-ca0d45baeb856677 → host:177.10.233.211 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e7098e9f09e131f1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e7098e9f09e131f1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb444db8c099bc0f:host:131.196.30.227:host:172.234.197.23	SESSION-cb444db8c099bc0f → host:131.196.30.227 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:68f66f8b2561	flow:68f66f8b2561 → host:88.99.91.59 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:662f3d11402c	flow:662f3d11402c → host:177.10.238.247 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-9cd2627e6ddbbad1:host:131.196.31.4	SESSION-9cd2627e6ddbbad1 → host:131.196.31.4
FLOW_DST_PORTOBS	e:fp:flow:35356ce269f5:port:tcp:443	flow:35356ce269f5 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:427af3d58fd2	flow:427af3d58fd2 → host:177.10.238.154 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-08eebf44a6874d1b:host:177.10.234.204:host:172.234.197.23	SESSION-08eebf44a6874d1b → host:177.10.234.204 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d8111f65a253e3a:host:172.234.197.23	SESSION-7d8111f65a253e3a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6a5c452abdbb:port:tcp:443	flow:6a5c452abdbb → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e04d863bd380e3e5:host:177.10.235.200	SESSION-e04d863bd380e3e5 → host:177.10.235.200
FLOW_FROM_HOSTOBS	e:from:SESSION-0532a1c12e883894:host:177.10.234.109	SESSION-0532a1c12e883894 → host:177.10.234.109
HOST_IN_ASNOBS 85%	e:ha:host:147.135.97.222:asn:16276	host:147.135.97.222 → asn:16276
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6353435fcd827ef1:host:95.170.25.60:host:172.234.197.23	SESSION-6353435fcd827ef1 → host:95.170.25.60 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4f766219ab3f1d4b:host:172.234.197.23	SESSION-4f766219ab3f1d4b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-287f6ffdc6040b27:host:177.10.239.137	SESSION-287f6ffdc6040b27 → host:177.10.239.137
FLOW_TO_HOSTOBS	e:to:SESSION-3b13920773df7284:host:172.234.197.23	SESSION-3b13920773df7284 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b4507c179ac4	flow:b4507c179ac4 → host:177.10.234.155 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-a247b2224692840d:host:177.10.237.156	SESSION-a247b2224692840d → host:177.10.237.156
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.196:geo_-23.62930_-46.63510	host:131.196.29.196 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0b22fbd69b6831b9:host:172.234.197.23:host:177.10.238.137	SESSION-0b22fbd69b6831b9 → host:172.234.197.23 → host:177.10.238.137
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e503c69e36c27590:PCAP:capture_20260430060001:919b39a74464	SESSION-e503c69e36c27590 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-74188080b03487af:SESSION-74188080b03487af	SESSION-74188080b03487af → pe:syn:SESSION-74188080b03487af
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-180bc1efe2db3897:SESSION-180bc1efe2db3897	SESSION-180bc1efe2db3897 → pe:syn:SESSION-180bc1efe2db3897
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dd05928698dec5c4:SESSION-dd05928698dec5c4	SESSION-dd05928698dec5c4 → pe:syn:SESSION-dd05928698dec5c4
FLOW_DST_PORTOBS	e:fp:flow:1942beb7de59:port:tcp:28381	flow:1942beb7de59 → port:tcp:28381
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.165:asn:271410	host:131.196.28.165 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cf286e26fb783f2f:SESSION-cf286e26fb783f2f	SESSION-cf286e26fb783f2f → pe:tls:SESSION-cf286e26fb783f2f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec67d149df3809f6:host:177.10.235.81	SESSION-ec67d149df3809f6 → host:177.10.235.81
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4d5b5151108975cf:host:177.10.239.194:host:172.234.197.23	SESSION-4d5b5151108975cf → host:177.10.239.194 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-21b975753a100632:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-21b975753a100632 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa8465f08de511a2:flow:b51fdfa1efbb	SESSION-aa8465f08de511a2 → flow:b51fdfa1efbb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8fd3b31137a7f5f9:flow:8287af1083ef	SESSION-8fd3b31137a7f5f9 → flow:8287af1083ef
FLOW_DST_PORTOBS	e:fp:flow:812f40eb0cd0:port:tcp:443	flow:812f40eb0cd0 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a98ae7d95e9a62c0:host:172.234.197.23	SESSION-a98ae7d95e9a62c0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f78775658cb84616:host:172.234.197.23	SESSION-f78775658cb84616 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1fb163f3769ccb67:SESSION-1fb163f3769ccb67	SESSION-1fb163f3769ccb67 → pe:syn:SESSION-1fb163f3769ccb67
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7db2d3f3f113e007:host:172.234.197.23	SESSION-7db2d3f3f113e007 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9ec3678e1070a7a4:host:172.234.197.23:host:131.196.29.60	SESSION-9ec3678e1070a7a4 → host:172.234.197.23 → host:131.196.29.60
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc399ebe92ddbae6:flow:0c00fe59a661	SESSION-cc399ebe92ddbae6 → flow:0c00fe59a661
FLOW_TO_HOSTOBS	e:to:SESSION-40dbede277a2e1b2:host:172.234.197.23	SESSION-40dbede277a2e1b2 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.25:geo_-16.28860_-49.01640	host:177.10.239.25 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0f2cdff3ab49e1a1:host:172.234.197.23	SESSION-0f2cdff3ab49e1a1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6a19fd3219cd89ed:host:172.234.197.23	SESSION-6a19fd3219cd89ed → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2117b91b7562ba94:host:177.10.236.118	SESSION-2117b91b7562ba94 → host:177.10.236.118
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-31836a23201b59b7:SESSION-31836a23201b59b7	SESSION-31836a23201b59b7 → pe:tls:SESSION-31836a23201b59b7
FLOW_DST_PORTOBS	e:fp:flow:3b93b67df890:port:tcp:14191	flow:3b93b67df890 → port:tcp:14191
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4145be500857fbf:SESSION-c4145be500857fbf	SESSION-c4145be500857fbf → pe:syn:SESSION-c4145be500857fbf
HOST_IN_ASNOBS 85%	e:ha:host:37.27.162.26:asn:24940	host:37.27.162.26 → asn:24940
FLOW_TO_HOSTOBS	e:to:SESSION-bf679119291e5246:host:172.234.197.23	SESSION-bf679119291e5246 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-200b6d1dbf438627:host:177.10.239.226	SESSION-200b6d1dbf438627 → host:177.10.239.226
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.172:asn:262880	host:177.10.233.172 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7ab52a513e5ed877:PCAP:capture_20260430070001:903a0e7a436b	SESSION-7ab52a513e5ed877 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b60a9d1a25ff8255:host:172.234.197.23	SESSION-b60a9d1a25ff8255 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a6ec641540644ee0:host:172.234.197.23:host:131.196.29.3	SESSION-a6ec641540644ee0 → host:172.234.197.23 → host:131.196.29.3
FLOW_TO_HOSTOBS	e:to:SESSION-5206c0f0c9583a29:host:172.234.197.23	SESSION-5206c0f0c9583a29 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b57c4e647c9921c9:host:177.10.237.28	SESSION-b57c4e647c9921c9 → host:177.10.237.28
FLOW_DST_PORTOBS	e:fp:flow:cc7bcd74c035:port:udp:53	flow:cc7bcd74c035 → port:udp:53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-36966af2dfd8700b:host:172.234.197.23:host:131.196.30.0	SESSION-36966af2dfd8700b → host:172.234.197.23 → host:131.196.30.0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bd8363b8ee3ddfde:SESSION-bd8363b8ee3ddfde	SESSION-bd8363b8ee3ddfde → pe:tls:SESSION-bd8363b8ee3ddfde
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-57d0b948d59d1db4:flow:70aa4289986d	SESSION-57d0b948d59d1db4 → flow:70aa4289986d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9a8c913718f2ecd3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-9a8c913718f2ecd3 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f3cf60c38091a57a:SESSION-f3cf60c38091a57a	SESSION-f3cf60c38091a57a → pe:syn:SESSION-f3cf60c38091a57a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-25fe6bafaa94a84d:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-25fe6bafaa94a84d → PCAP:capture_20260428000001:7e90c7cb899e
FLOW_FROM_HOSTOBS	e:from:SESSION-21ae4bade70b1440:host:177.10.235.165	SESSION-21ae4bade70b1440 → host:177.10.235.165
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-347229f80efdfaa4:SESSION-347229f80efdfaa4	SESSION-347229f80efdfaa4 → pe:syn:SESSION-347229f80efdfaa4
FLOW_DST_PORTOBS	e:fp:flow:bdb442638fa0:port:tcp:38420	flow:bdb442638fa0 → port:tcp:38420
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dc755b03d1f3f489:host:131.196.29.156	SESSION-dc755b03d1f3f489 → host:131.196.29.156
FLOW_FROM_HOSTOBS	e:from:SESSION-10d6a2736c7d59d6:host:177.10.237.115	SESSION-10d6a2736c7d59d6 → host:177.10.237.115
FLOW_DST_PORTOBS	e:fp:flow:8e76dd4a0d11:port:tcp:443	flow:8e76dd4a0d11 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e8ef5b0d475390b4:flow:a081aebbc709	SESSION-e8ef5b0d475390b4 → flow:a081aebbc709
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-75251a40e4bc6a46:SESSION-75251a40e4bc6a46	SESSION-75251a40e4bc6a46 → pe:syn:SESSION-75251a40e4bc6a46
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0d11915f1f4e9ef9:PCAP:capture_20260430050001:8868731bf8a4	SESSION-0d11915f1f4e9ef9 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-1848195311cbff19:host:172.234.197.23	SESSION-1848195311cbff19 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f08e9fcec07329fb:host:177.10.236.8:host:172.234.197.23	SESSION-f08e9fcec07329fb → host:177.10.236.8 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:13.208.161.175:geo_34.69300_135.50050	host:13.208.161.175 → geo_34.69300_135.50050
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be5c05381a363417:host:177.10.234.85	SESSION-be5c05381a363417 → host:177.10.234.85
FLOW_TO_HOSTOBS	e:to:SESSION-3dc32d1b123f77b5:host:131.196.29.78	SESSION-3dc32d1b123f77b5 → host:131.196.29.78
FLOW_TO_HOSTOBS	e:to:SESSION-26e26ae77a5f41e1:host:172.234.197.23	SESSION-26e26ae77a5f41e1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-438fb49dfab0fe81:host:177.10.236.238	SESSION-438fb49dfab0fe81 → host:177.10.236.238
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7d5ec38dc75ef648:PCAP:capture_20260430160001:9bfa4498506a	SESSION-7d5ec38dc75ef648 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7c9cadb68fe1ad17:host:131.196.31.100	SESSION-7c9cadb68fe1ad17 → host:131.196.31.100
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d60c66268e099206:host:172.234.197.23	SESSION-d60c66268e099206 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ca59997a1fd2235:SESSION-2ca59997a1fd2235	SESSION-2ca59997a1fd2235 → pe:tls:SESSION-2ca59997a1fd2235
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe22df31c35f787d:host:172.234.197.23	SESSION-fe22df31c35f787d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6ac71782250ec9a1:host:172.234.197.23	SESSION-6ac71782250ec9a1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-db76c4941d3529f6:host:177.10.236.92	SESSION-db76c4941d3529f6 → host:177.10.236.92
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6a7aaaa54e7dd63:host:177.10.233.125	SESSION-d6a7aaaa54e7dd63 → host:177.10.233.125
FLOW_FROM_HOSTOBS	e:from:SESSION-161d2a74a24978d6:host:37.187.136.36	SESSION-161d2a74a24978d6 → host:37.187.136.36
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-687dc6215da3af8c:flow:4ab838db6e21	SESSION-687dc6215da3af8c → flow:4ab838db6e21
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1e6437ba0c2aceec:SESSION-1e6437ba0c2aceec	SESSION-1e6437ba0c2aceec → pe:tls:SESSION-1e6437ba0c2aceec
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-29bf5bdb9e3850fd:SESSION-29bf5bdb9e3850fd	SESSION-29bf5bdb9e3850fd → pe:syn:SESSION-29bf5bdb9e3850fd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3407d813acebc00f:host:172.234.197.23	SESSION-3407d813acebc00f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7c6483e185c23934:PCAP:capture_20260430070001:903a0e7a436b	SESSION-7c6483e185c23934 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.155:geo_-16.28860_-49.01640	host:177.10.236.155 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-53ca21169d5f7469:host:177.10.234.213:host:172.234.197.23	SESSION-53ca21169d5f7469 → host:177.10.234.213 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-11d5793dfe2c0097:SESSION-11d5793dfe2c0097	SESSION-11d5793dfe2c0097 → pe:tls:SESSION-11d5793dfe2c0097
flow_observed5-aryOBS	e:fo:flow:744777def8bc	flow:744777def8bc → host:177.10.237.15 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-31836a23201b59b7:SESSION-31836a23201b59b7	SESSION-31836a23201b59b7 → pe:syn:SESSION-31836a23201b59b7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-00f403aeec8e6c17:host:131.196.30.167	SESSION-00f403aeec8e6c17 → host:131.196.30.167
FLOW_FROM_HOSTOBS	e:from:SESSION-9338ac17b36dc2c1:host:177.10.238.59	SESSION-9338ac17b36dc2c1 → host:177.10.238.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-208c35e6fa834cd1:host:131.196.30.219	SESSION-208c35e6fa834cd1 → host:131.196.30.219
FLOW_TO_HOSTOBS	e:to:SESSION-60dcadff088f62ae:host:177.10.237.10	SESSION-60dcadff088f62ae → host:177.10.237.10
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.137:asn:271410	host:131.196.29.137 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-733b7037c38abbcf:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-733b7037c38abbcf → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:ff9febee1674	flow:ff9febee1674 → host:131.196.28.176 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c18145c92d838e0:host:172.234.197.23	SESSION-2c18145c92d838e0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4af9ea8e19c0cf86:host:172.234.197.23	SESSION-4af9ea8e19c0cf86 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c7467d26947e:port:tcp:443	flow:c7467d26947e → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-829966970db58135:flow:e0430cbe48d4	SESSION-829966970db58135 → flow:e0430cbe48d4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44424f48705b3a9d:host:172.234.197.23	SESSION-44424f48705b3a9d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:52a9430d918c	flow:52a9430d918c → host:131.196.31.182 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-51b69a1f49968dce:SESSION-51b69a1f49968dce	SESSION-51b69a1f49968dce → pe:syn:SESSION-51b69a1f49968dce
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-848453a25431759d:host:177.10.232.12	SESSION-848453a25431759d → host:177.10.232.12
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6d2d33fef3a69334:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6d2d33fef3a69334 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-5fdb408b0b3dd802:host:131.196.30.129	SESSION-5fdb408b0b3dd802 → host:131.196.30.129
FLOW_FROM_HOSTOBS	e:from:SESSION-4e76f09c0f210884:host:131.196.31.137	SESSION-4e76f09c0f210884 → host:131.196.31.137
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-619cd2820aafdf33:flow:2eb460b087f2	SESSION-619cd2820aafdf33 → flow:2eb460b087f2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8fd3b31137a7f5f9:SESSION-8fd3b31137a7f5f9	SESSION-8fd3b31137a7f5f9 → pe:syn:SESSION-8fd3b31137a7f5f9
flow_observed5-aryOBS	e:fo:flow:3c2314f862f2	flow:3c2314f862f2 → host:31.40.196.125 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_DST_PORTOBS	e:fp:flow:2a9038dbf01b:port:tcp:443	flow:2a9038dbf01b → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-6a66568eff025692:host:172.234.197.23	SESSION-6a66568eff025692 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:30667e1e1d96:port:tcp:443	flow:30667e1e1d96 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:48fe1a33ef41:port:tcp:443	flow:48fe1a33ef41 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb8a27373acd6451:host:131.196.30.197	SESSION-eb8a27373acd6451 → host:131.196.30.197
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6543ef151e834843:host:172.234.197.23	SESSION-6543ef151e834843 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f776838979623936:SESSION-f776838979623936	SESSION-f776838979623936 → pe:syn:SESSION-f776838979623936
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-24ee0ec1cbf12b9d:flow:9325c16f8968	SESSION-24ee0ec1cbf12b9d → flow:9325c16f8968
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1fc6dd1896fecefa:flow:7003bc151096	SESSION-1fc6dd1896fecefa → flow:7003bc151096
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1863330d3e94cce5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1863330d3e94cce5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-60a71bd7fc87f54e:host:172.234.197.23	SESSION-60a71bd7fc87f54e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-347229f80efdfaa4:flow:a130b65a3fb1	SESSION-347229f80efdfaa4 → flow:a130b65a3fb1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-361b290e75b75885:SESSION-361b290e75b75885	SESSION-361b290e75b75885 → pe:tls:SESSION-361b290e75b75885
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa31472460997bf3:host:177.10.238.46	SESSION-aa31472460997bf3 → host:177.10.238.46
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-442d12ad40b35d12:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-442d12ad40b35d12 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.159:geo_-16.28860_-49.01640	host:177.10.236.159 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aa0381bae4f9498b:flow:86e4868e6941	SESSION-aa0381bae4f9498b → flow:86e4868e6941
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4651c2a8eec0e6f:host:131.196.29.201	SESSION-a4651c2a8eec0e6f → host:131.196.29.201
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ae8076186321ef8:SESSION-8ae8076186321ef8	SESSION-8ae8076186321ef8 → pe:syn:SESSION-8ae8076186321ef8
FLOW_TO_HOSTOBS	e:to:SESSION-3393fca13374f4c8:host:177.10.239.109	SESSION-3393fca13374f4c8 → host:177.10.239.109
FLOW_FROM_HOSTOBS	e:from:SESSION-b0b8b90e300d9c11:host:177.10.234.161	SESSION-b0b8b90e300d9c11 → host:177.10.234.161
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7e512980b1e52beb:SESSION-7e512980b1e52beb	SESSION-7e512980b1e52beb → pe:tls:SESSION-7e512980b1e52beb
FLOW_FROM_HOSTOBS	e:from:SESSION-e96c97861c631394:host:131.196.29.62	SESSION-e96c97861c631394 → host:131.196.29.62
FLOW_FROM_HOSTOBS	e:from:SESSION-09c382be05e629ee:host:131.196.30.114	SESSION-09c382be05e629ee → host:131.196.30.114
flow_observed5-aryOBS	e:fo:flow:5e1b26079177	flow:5e1b26079177 → host:177.10.234.51 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-21ced843a950a21a:SESSION-21ced843a950a21a	SESSION-21ced843a950a21a → pe:syn:SESSION-21ced843a950a21a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c20a24472712669d:SESSION-c20a24472712669d	SESSION-c20a24472712669d → pe:syn:SESSION-c20a24472712669d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4081c2e8ed1c2925:SESSION-4081c2e8ed1c2925	SESSION-4081c2e8ed1c2925 → pe:syn:SESSION-4081c2e8ed1c2925
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2c5fc27029770f85:SESSION-2c5fc27029770f85	SESSION-2c5fc27029770f85 → pe:syn:SESSION-2c5fc27029770f85
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e88e03e6557ce42:flow:cb77aa2dacf9	SESSION-7e88e03e6557ce42 → flow:cb77aa2dacf9
flow_observed5-aryOBS	e:fo:flow:8a02ab7093dd	flow:8a02ab7093dd → host:45.145.152.195 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd4c16dfff279521:host:172.234.197.23	SESSION-dd4c16dfff279521 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.165:asn:273470	host:45.173.156.165 → asn:273470
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c6e971723a904aea:host:177.10.235.191:host:172.234.197.23	SESSION-c6e971723a904aea → host:177.10.235.191 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0146df147eb3c3bd:host:172.234.197.23	SESSION-0146df147eb3c3bd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5080263f1b2fd5b9:SESSION-5080263f1b2fd5b9	SESSION-5080263f1b2fd5b9 → pe:syn:SESSION-5080263f1b2fd5b9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ab8c1601f71acf4:host:177.10.234.169	SESSION-0ab8c1601f71acf4 → host:177.10.234.169
flow_observed5-aryOBS	e:fo:flow:94f77a55dba9	flow:94f77a55dba9 → host:131.196.30.197 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-c70d9a6440c9b19a:host:177.10.235.176	SESSION-c70d9a6440c9b19a → host:177.10.235.176
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c1240df2eec41c5d:SESSION-c1240df2eec41c5d	SESSION-c1240df2eec41c5d → pe:syn:SESSION-c1240df2eec41c5d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-29f2fc627b4350bb:SESSION-29f2fc627b4350bb	SESSION-29f2fc627b4350bb → pe:syn:SESSION-29f2fc627b4350bb
FLOW_TO_HOSTOBS	e:to:SESSION-35228babc2ac6e48:host:172.234.197.23	SESSION-35228babc2ac6e48 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-23264de44b7cb73c:BSG-BEACON-85bd2bc80aee	SESSION-23264de44b7cb73c → BSG-BEACON-85bd2bc80aee
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb520d5460f73062:host:177.10.234.178	SESSION-fb520d5460f73062 → host:177.10.234.178
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cef4b415a72da702:host:177.10.235.14:host:172.234.197.23	SESSION-cef4b415a72da702 → host:177.10.235.14 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4ef734d9bbeb2d12:host:45.173.156.92:host:172.234.197.23	SESSION-4ef734d9bbeb2d12 → host:45.173.156.92 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be8cffb783bfde31:host:177.10.236.100	SESSION-be8cffb783bfde31 → host:177.10.236.100
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b4e8d87fd06149df:host:172.234.197.23:host:131.196.29.232	SESSION-b4e8d87fd06149df → host:172.234.197.23 → host:131.196.29.232
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3a3b1f52ae1679da:SESSION-3a3b1f52ae1679da	SESSION-3a3b1f52ae1679da → pe:syn:SESSION-3a3b1f52ae1679da
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a46a988dc3d14a3:host:172.234.197.23	SESSION-1a46a988dc3d14a3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d736bf96956c:port:tcp:443	flow:d736bf96956c → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-e859a84eb4eaf300:host:172.234.197.23	SESSION-e859a84eb4eaf300 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c0e63fa095433d2:host:177.10.237.82	SESSION-4c0e63fa095433d2 → host:177.10.237.82
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e3d7339ef5a101ca:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-e3d7339ef5a101ca → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f15dcbaf5ef33ebd:host:131.196.29.230	SESSION-f15dcbaf5ef33ebd → host:131.196.29.230
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9523bcd246277dc:host:45.173.156.8	SESSION-b9523bcd246277dc → host:45.173.156.8
flow_observed4-aryOBS	e:fo:flow:fc97460ddf77	flow:fc97460ddf77 → host:172.234.197.23 → host:177.10.237.159 → port:tcp:43491
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84a1a640eb0d0e14:host:131.196.31.1	SESSION-84a1a640eb0d0e14 → host:131.196.31.1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1627b9df9d2fc920:PCAP:capture_20260430090001:065659c7d314	SESSION-1627b9df9d2fc920 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e41fa1676c790d65:host:177.10.235.255	SESSION-e41fa1676c790d65 → host:177.10.235.255
flow_observed5-aryOBS	e:fo:flow:547724b76d59	flow:547724b76d59 → host:131.196.29.165 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-10f6f623bcce091e:host:172.234.197.23	SESSION-10f6f623bcce091e → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.99:asn:271410	host:131.196.28.99 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-140a58b5ab5dfb04:host:177.10.238.112:host:172.234.197.23	SESSION-140a58b5ab5dfb04 → host:177.10.238.112 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f778ec59760ca534:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-f778ec59760ca534 → PCAP:capture_20260427230001:ca8bd1ce36e2
flow_observed4-aryOBS	e:fo:flow:e6b7da900ca4	flow:e6b7da900ca4 → host:172.234.197.23 → host:131.196.28.0 → port:tcp:9327
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-30c6bfe2ed3a5bca:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-30c6bfe2ed3a5bca → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9b373f59ff0198ea:PCAP:capture_20260430060001:919b39a74464	SESSION-9b373f59ff0198ea → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-65d310d8fe50c39e:host:177.10.234.230:host:172.234.197.23	SESSION-65d310d8fe50c39e → host:177.10.234.230 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4145be500857fbf:host:172.234.197.23	SESSION-c4145be500857fbf → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1a1d6645a424	flow:1a1d6645a424 → host:177.10.237.118 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-5e93d3fe416fcd95:host:177.10.237.211	SESSION-5e93d3fe416fcd95 → host:177.10.237.211
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0e52442a00447444:SESSION-0e52442a00447444	SESSION-0e52442a00447444 → pe:syn:SESSION-0e52442a00447444
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f2a0bf61df119bc4:flow:d17d49ee9d80	SESSION-f2a0bf61df119bc4 → flow:d17d49ee9d80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9b95e1310dc4ff34:flow:e847f09a3e98	SESSION-9b95e1310dc4ff34 → flow:e847f09a3e98
FLOW_TO_HOSTOBS	e:to:SESSION-e7e52183ef313b6a:host:172.234.197.23	SESSION-e7e52183ef313b6a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-31126205fa7b72e3:SESSION-31126205fa7b72e3	SESSION-31126205fa7b72e3 → pe:syn:SESSION-31126205fa7b72e3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-feb3207d55e7c5c5:SESSION-feb3207d55e7c5c5	SESSION-feb3207d55e7c5c5 → pe:tls:SESSION-feb3207d55e7c5c5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8fb17d6554827f30:host:177.10.233.167:host:172.234.197.23	SESSION-8fb17d6554827f30 → host:177.10.233.167 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0dad0a06445f9e1f:host:131.196.29.175:host:172.234.197.23	SESSION-0dad0a06445f9e1f → host:131.196.29.175 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e2d49c8fbcdf	flow:e2d49c8fbcdf → host:180.167.128.203 → host:172.234.197.23 → port:tcp:22 → svc:ssh
FLOW_FROM_HOSTOBS	e:from:SESSION-045b8a3eae800458:host:172.234.197.23	SESSION-045b8a3eae800458 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69029b06bbd64972:host:177.10.234.51	SESSION-69029b06bbd64972 → host:177.10.234.51
flow_observed4-aryOBS	e:fo:flow:1bdb1ce33dbb	flow:1bdb1ce33dbb → host:172.234.197.23 → host:45.173.156.170 → port:tcp:49269
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ca0d45baeb856677:SESSION-ca0d45baeb856677	SESSION-ca0d45baeb856677 → pe:tls:SESSION-ca0d45baeb856677
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ade0b807fe10f93e:host:177.10.236.114	SESSION-ade0b807fe10f93e → host:177.10.236.114
FLOW_TO_HOSTOBS	e:to:SESSION-4ce32efb58e1da83:host:172.234.197.23	SESSION-4ce32efb58e1da83 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0d0c8f73043707f:host:177.10.232.176	SESSION-f0d0c8f73043707f → host:177.10.232.176
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e44d3b0a0ee22cd6:host:131.196.28.159:host:172.234.197.23	SESSION-e44d3b0a0ee22cd6 → host:131.196.28.159 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9912439438040361:host:172.234.197.23	SESSION-9912439438040361 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-660bfab63a10a518:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-660bfab63a10a518 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-09c0e42aa6120a11:host:172.234.197.23	SESSION-09c0e42aa6120a11 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d54bd183a716274c:host:172.234.197.23	SESSION-d54bd183a716274c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1f5cd8297e8c:port:tcp:443	flow:1f5cd8297e8c → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a2a075c2c818644a:host:172.234.197.23	SESSION-a2a075c2c818644a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f9bc9a3180c6fb10:host:131.196.30.54	SESSION-f9bc9a3180c6fb10 → host:131.196.30.54
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9a6aeb664ff97dbd:SESSION-9a6aeb664ff97dbd	SESSION-9a6aeb664ff97dbd → pe:syn:SESSION-9a6aeb664ff97dbd
FLOW_FROM_HOSTOBS	e:from:SESSION-9ada05a103ba2b64:host:172.234.197.23	SESSION-9ada05a103ba2b64 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.85:asn:262880	host:177.10.234.85 → asn:262880
flow_observed5-aryOBS	e:fo:flow:9c65c9496a84	flow:9c65c9496a84 → host:177.10.233.73 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-d4741bb1b7e9e5b0:host:172.234.197.23	SESSION-d4741bb1b7e9e5b0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fda5d1d0c89bbfd4:host:45.173.156.110	SESSION-fda5d1d0c89bbfd4 → host:45.173.156.110
FLOW_TO_HOSTOBS	e:to:SESSION-a24a5811642df328:host:177.10.232.178	SESSION-a24a5811642df328 → host:177.10.232.178
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b8a147e2e8b42f79:host:172.234.197.23:host:177.10.238.80	SESSION-b8a147e2e8b42f79 → host:172.234.197.23 → host:177.10.238.80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-954ce8dcd8b034e5:host:142.132.190.158	SESSION-954ce8dcd8b034e5 → host:142.132.190.158
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6cc804a855d1eb7c:flow:dcdb2681bcf7	SESSION-6cc804a855d1eb7c → flow:dcdb2681bcf7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d82c2d4eaa13efdb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d82c2d4eaa13efdb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.101:asn:273470	host:45.173.156.101 → asn:273470
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7bea4de6efa859da:PCAP:capture_20260430060001:919b39a74464	SESSION-7bea4de6efa859da → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-d8d921ace7c85ce9:host:177.10.238.238	SESSION-d8d921ace7c85ce9 → host:177.10.238.238
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-05f783d5d2ea4019:flow:e8b5b6c6f846	SESSION-05f783d5d2ea4019 → flow:e8b5b6c6f846
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b1261f8c6b87cf73:host:172.234.197.23:host:45.173.156.70	SESSION-b1261f8c6b87cf73 → host:172.234.197.23 → host:45.173.156.70
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.51:asn:271410	host:131.196.30.51 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b99a2a75b4ae9e98:host:172.234.197.23	SESSION-b99a2a75b4ae9e98 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0657272c618c6d4:PCAP:capture_20260430090001:065659c7d314	SESSION-c0657272c618c6d4 → PCAP:capture_20260430090001:065659c7d314
flow_observed4-aryOBS	e:fo:flow:d54c0bb96a93	flow:d54c0bb96a93 → host:172.234.197.23 → host:177.10.234.221 → port:tcp:18478
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-befd285205c2bf8f:flow:b4bab380b24a	SESSION-befd285205c2bf8f → flow:b4bab380b24a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:13.53.140.247:geo_59.32870_18.07170	host:13.53.140.247 → geo_59.32870_18.07170
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3d526a62cd76fa97:host:131.196.29.235:host:172.234.197.23	SESSION-3d526a62cd76fa97 → host:131.196.29.235 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-efb63adb0418d7f8:host:172.234.197.23	SESSION-efb63adb0418d7f8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc399ebe92ddbae6:host:172.234.197.23	SESSION-cc399ebe92ddbae6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a0e660e7f8fdd6f:host:172.234.197.23	SESSION-4a0e660e7f8fdd6f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-10db7c117acba2ed:flow:609b96815b71	SESSION-10db7c117acba2ed → flow:609b96815b71
FLOW_DST_PORTOBS	e:fp:flow:eaab4ec79949:port:tcp:53031	flow:eaab4ec79949 → port:tcp:53031
FLOW_DST_PORTOBS	e:fp:flow:9a6f5987d666:port:tcp:17369	flow:9a6f5987d666 → port:tcp:17369
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6222707cbae0e281:host:172.234.197.23	SESSION-6222707cbae0e281 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4bc49d07a666c670:host:172.234.197.23	SESSION-4bc49d07a666c670 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ef017bf11c12:port:tcp:443	flow:ef017bf11c12 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4ddb6310055a59be:SESSION-4ddb6310055a59be	SESSION-4ddb6310055a59be → pe:tls:SESSION-4ddb6310055a59be
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3f4f2e64710996bb:PCAP:capture_20260430060001:919b39a74464	SESSION-3f4f2e64710996bb → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-142a24cb96c02884:host:172.234.197.23	SESSION-142a24cb96c02884 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-913ac926bd708af5:host:172.234.197.23	SESSION-913ac926bd708af5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fb2f54f0354a144e:flow:0d0398759d8b	SESSION-fb2f54f0354a144e → flow:0d0398759d8b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c5da4152a907bbd:host:131.196.31.185	SESSION-6c5da4152a907bbd → host:131.196.31.185
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a18dc2bb6be0117f:host:131.196.30.68	SESSION-a18dc2bb6be0117f → host:131.196.30.68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1462f3fe112e9d96:host:172.234.197.23	SESSION-1462f3fe112e9d96 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-543230bb149abbcc:host:172.234.197.23	SESSION-543230bb149abbcc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0dad0a06445f9e1f:host:172.234.197.23	SESSION-0dad0a06445f9e1f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b64c855cb393ccc0:host:131.196.30.186	SESSION-b64c855cb393ccc0 → host:131.196.30.186
FLOW_DST_PORTOBS	e:fp:flow:420626ea8769:port:tcp:443	flow:420626ea8769 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-64abd49ab16af3e3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-64abd49ab16af3e3 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-d1227c455b771a86:host:177.10.238.160	SESSION-d1227c455b771a86 → host:177.10.238.160
FLOW_FROM_HOSTOBS	e:from:SESSION-ad468f8fa72444f5:host:172.234.197.23	SESSION-ad468f8fa72444f5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:98854a4693d7:port:tcp:443	flow:98854a4693d7 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:ce9908fd477e	flow:ce9908fd477e → host:172.234.197.23 → host:131.196.28.40 → port:tcp:63179
FLOW_DST_PORTOBS	e:fp:flow:e507ba8a6b40:port:tcp:443	flow:e507ba8a6b40 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:37.221.79.87:geo_41.02140_28.99480	host:37.221.79.87 → geo_41.02140_28.99480
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c9eb08591878d33c:SESSION-c9eb08591878d33c	SESSION-c9eb08591878d33c → pe:tls:SESSION-c9eb08591878d33c
flow_observed5-aryOBS	e:fo:flow:9301d7981011	flow:9301d7981011 → host:131.196.30.253 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-0844998e370f9b20:host:172.234.197.23	SESSION-0844998e370f9b20 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-347229f80efdfaa4:host:131.196.30.33	SESSION-347229f80efdfaa4 → host:131.196.30.33
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d36b613f081e74cb:host:177.10.239.106:host:172.234.197.23	SESSION-d36b613f081e74cb → host:177.10.239.106 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4933624db1b9ac84:SESSION-4933624db1b9ac84	SESSION-4933624db1b9ac84 → pe:syn:SESSION-4933624db1b9ac84
FLOW_FROM_HOSTOBS	e:from:SESSION-22ef7e58c288a4dd:host:177.10.235.171	SESSION-22ef7e58c288a4dd → host:177.10.235.171
FLOW_FROM_HOSTOBS	e:from:SESSION-e405c5dfa444c3be:host:15.152.35.247	SESSION-e405c5dfa444c3be → host:15.152.35.247
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-749084d26a1fdfcc:SESSION-749084d26a1fdfcc	SESSION-749084d26a1fdfcc → pe:syn:SESSION-749084d26a1fdfcc
FLOW_DST_PORTOBS	e:fp:flow:677c8af1315d:port:tcp:443	flow:677c8af1315d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5b203844c0afbb25:SESSION-5b203844c0afbb25	SESSION-5b203844c0afbb25 → pe:tls:SESSION-5b203844c0afbb25
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.56:asn:271410	host:131.196.30.56 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4081c2e8ed1c2925:PCAP:capture_20260430160001:9bfa4498506a	SESSION-4081c2e8ed1c2925 → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:cb2809961fc0:port:tcp:2422	flow:cb2809961fc0 → port:tcp:2422
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.216:geo_41.00190_28.96450	host:92.112.71.216 → geo_41.00190_28.96450
FLOW_DST_PORTOBS	e:fp:flow:85e06e2b4ed1:port:tcp:443	flow:85e06e2b4ed1 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:c0018fe69521	flow:c0018fe69521 → host:172.234.197.23 → host:177.10.235.234 → port:tcp:59977
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-783c4edbafa3c164:host:142.132.190.158	SESSION-783c4edbafa3c164 → host:142.132.190.158
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3075d8276a1a3ff8:SESSION-3075d8276a1a3ff8	SESSION-3075d8276a1a3ff8 → pe:syn:SESSION-3075d8276a1a3ff8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f39fdcb76f4b9f9d:host:177.10.237.63	SESSION-f39fdcb76f4b9f9d → host:177.10.237.63
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.58:asn:262880	host:177.10.236.58 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d3f8bf2b05f7ab82:flow:d8c2982da4e9	SESSION-d3f8bf2b05f7ab82 → flow:d8c2982da4e9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7b0fec424d0db7c3:SESSION-7b0fec424d0db7c3	SESSION-7b0fec424d0db7c3 → pe:syn:SESSION-7b0fec424d0db7c3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ccf862d3dae518e:host:172.234.197.23	SESSION-8ccf862d3dae518e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b6d44dc6146dcb58:host:172.234.197.23	SESSION-b6d44dc6146dcb58 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8fec7176e796	flow:8fec7176e796 → host:64.237.250.51 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_DST_PORTOBS	e:fp:flow:399167c752fc:port:tcp:5598	flow:399167c752fc → port:tcp:5598
flow_observed5-aryOBS	e:fo:flow:7d9f821e6b63	flow:7d9f821e6b63 → host:131.196.28.93 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f5347add21fd9245:flow:8d38782b460d	SESSION-f5347add21fd9245 → flow:8d38782b460d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0e515946ec2b2292:PCAP:capture_20260430070001:903a0e7a436b	SESSION-0e515946ec2b2292 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:a6b3b8505a68:port:tcp:43407	flow:a6b3b8505a68 → port:tcp:43407
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c35942669d0b12c8:SESSION-c35942669d0b12c8	SESSION-c35942669d0b12c8 → pe:syn:SESSION-c35942669d0b12c8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4aeecdec5ead7952:PCAP:capture_20260430110001:43611bdf6759	SESSION-4aeecdec5ead7952 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9b3d68511ee3e6e7:PCAP:capture_20260430070001:903a0e7a436b	SESSION-9b3d68511ee3e6e7 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.121:geo_-16.28860_-49.01640	host:177.10.234.121 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d30c685e20a11d4e:SESSION-d30c685e20a11d4e	SESSION-d30c685e20a11d4e → pe:tls:SESSION-d30c685e20a11d4e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec86a4c74825774a:host:172.234.197.23	SESSION-ec86a4c74825774a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ddf07020985eed3:host:172.234.197.23	SESSION-2ddf07020985eed3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3f077149cc71812a:PCAP:capture_20260430090001:065659c7d314	SESSION-3f077149cc71812a → PCAP:capture_20260430090001:065659c7d314
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4ce89d337c6c28e5:host:131.196.28.71:host:172.234.197.23	SESSION-4ce89d337c6c28e5 → host:131.196.28.71 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d82c2d4eaa13efdb:host:131.196.31.80	SESSION-d82c2d4eaa13efdb → host:131.196.31.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a3414b775ddfde4b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-a3414b775ddfde4b → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37bca0dc2914cafb:host:177.10.238.45	SESSION-37bca0dc2914cafb → host:177.10.238.45
FLOW_FROM_HOSTOBS	e:from:SESSION-320a5544f819c3b7:host:172.234.197.23	SESSION-320a5544f819c3b7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-73eae13080f416f8:flow:85e06e2b4ed1	SESSION-73eae13080f416f8 → flow:85e06e2b4ed1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65262d33293291dd:host:177.10.236.22	SESSION-65262d33293291dd → host:177.10.236.22
FLOW_TO_HOSTOBS	e:to:SESSION-764219a5db7d50bc:host:172.234.197.23	SESSION-764219a5db7d50bc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f9bc9a3180c6fb10:host:172.234.197.23	SESSION-f9bc9a3180c6fb10 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d77475f82108632b:host:172.234.197.23	SESSION-d77475f82108632b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7488427d80d09cd9:host:172.234.197.23	SESSION-7488427d80d09cd9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:34.216.76.26:asn:16509	host:34.216.76.26 → asn:16509
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2eec6fd9620a1613:SESSION-2eec6fd9620a1613	SESSION-2eec6fd9620a1613 → pe:tls:SESSION-2eec6fd9620a1613
flow_observed5-aryOBS	e:fo:flow:94b142bbe9f6	flow:94b142bbe9f6 → host:131.196.30.67 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:fc2a4174f5ea	flow:fc2a4174f5ea → host:177.10.239.224 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:48eead35e82a	flow:48eead35e82a → host:131.196.29.16 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-29cd9f7300aa5893:host:131.196.30.140:host:172.234.197.23	SESSION-29cd9f7300aa5893 → host:131.196.30.140 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-e61b886c68594d41:SESSION-e61b886c68594d41	SESSION-e61b886c68594d41 → pe:dns:SESSION-e61b886c68594d41
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2579d58cc01cbffa:host:177.10.236.251:host:172.234.197.23	SESSION-2579d58cc01cbffa → host:177.10.236.251 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:26f7cfa49443:port:tcp:38008	flow:26f7cfa49443 → port:tcp:38008
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-21de16798668b3a8:flow:dcc75c058cb6	SESSION-21de16798668b3a8 → flow:dcc75c058cb6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ae94ea8b15b44736:SESSION-ae94ea8b15b44736	SESSION-ae94ea8b15b44736 → pe:tls:SESSION-ae94ea8b15b44736
FLOW_FROM_HOSTOBS	e:from:SESSION-124cb6be20cbe456:host:177.10.236.222	SESSION-124cb6be20cbe456 → host:177.10.236.222
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f2e1e1ea3d3f0587:flow:1ec238a64eb6	SESSION-f2e1e1ea3d3f0587 → flow:1ec238a64eb6
FLOW_FROM_HOSTOBS	e:from:SESSION-029d1f2d00b0343a:host:172.234.197.23	SESSION-029d1f2d00b0343a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.126:geo_-23.62930_-46.63510	host:131.196.31.126 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-1355eedcc36803bb:host:45.173.156.188	SESSION-1355eedcc36803bb → host:45.173.156.188
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19ad8f01572b4d12:host:172.234.197.23	SESSION-19ad8f01572b4d12 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:879448d3de89:port:tcp:443	flow:879448d3de89 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d7f8914f0744c0dd:flow:4e18f65ce9ef	SESSION-d7f8914f0744c0dd → flow:4e18f65ce9ef
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-472112a6b5df57cd:host:131.196.29.48	SESSION-472112a6b5df57cd → host:131.196.29.48
FLOW_TO_HOSTOBS	e:to:SESSION-b479aa11234b67ae:host:172.234.197.23	SESSION-b479aa11234b67ae → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3bec1644a83cc4e1:SESSION-3bec1644a83cc4e1	SESSION-3bec1644a83cc4e1 → pe:tls:SESSION-3bec1644a83cc4e1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-67a710d2531b2faa:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-67a710d2531b2faa → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8f0e5de26982cc62:SESSION-8f0e5de26982cc62	SESSION-8f0e5de26982cc62 → pe:tls:SESSION-8f0e5de26982cc62
flow_observed5-aryOBS	e:fo:flow:f1fac0476f53	flow:f1fac0476f53 → host:177.10.234.153 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6756f0bedb2cdb12:SESSION-6756f0bedb2cdb12	SESSION-6756f0bedb2cdb12 → pe:tls:SESSION-6756f0bedb2cdb12
FLOW_TO_HOSTOBS	e:to:SESSION-4ef3ba231e3ca4d6:host:172.234.197.23	SESSION-4ef3ba231e3ca4d6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-664631b6c582f1f7:host:177.10.236.86	SESSION-664631b6c582f1f7 → host:177.10.236.86
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.150:geo_-16.28860_-49.01640	host:177.10.232.150 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-12b2fb0a733c24b6:host:172.234.197.23	SESSION-12b2fb0a733c24b6 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.201:asn:262880	host:177.10.239.201 → asn:262880
flow_observed5-aryOBS	e:fo:flow:dad04616997c	flow:dad04616997c → host:131.196.28.242 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c93e3b6f6b78357b:flow:e2597f9b7088	SESSION-c93e3b6f6b78357b → flow:e2597f9b7088
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7948a18eeb1cbc0d:host:172.234.197.23	SESSION-7948a18eeb1cbc0d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d37583bcd3c19c57:host:18.60.59.175	SESSION-d37583bcd3c19c57 → host:18.60.59.175
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-23dcfe77dd45a14a:flow:c66a26c8ade1	SESSION-23dcfe77dd45a14a → flow:c66a26c8ade1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-7c1c3bc51aa7232b:SESSION-7c1c3bc51aa7232b	SESSION-7c1c3bc51aa7232b → pe:dns:SESSION-7c1c3bc51aa7232b
FLOW_TO_HOSTOBS	e:to:SESSION-2384be4238de1707:host:172.234.197.23	SESSION-2384be4238de1707 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-32273c66c8bf9656:host:172.234.197.23	SESSION-32273c66c8bf9656 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ad7d3e5bff7d:port:tcp:34257	flow:ad7d3e5bff7d → port:tcp:34257
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.214:geo_-23.62930_-46.63510	host:131.196.28.214 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:dce980f09aca:port:tcp:443	flow:dce980f09aca → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-03f7a565a7cd59d8:host:172.234.197.23	SESSION-03f7a565a7cd59d8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5ba8512040d3b37b:host:177.10.233.148	SESSION-5ba8512040d3b37b → host:177.10.233.148
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2096050a1fa0221d:SESSION-2096050a1fa0221d	SESSION-2096050a1fa0221d → pe:syn:SESSION-2096050a1fa0221d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-56e56d8157575627:PCAP:capture_20260430070001:903a0e7a436b	SESSION-56e56d8157575627 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-b9d11ee49864a2bc:host:177.10.234.224	SESSION-b9d11ee49864a2bc → host:177.10.234.224
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fa6f99be6bce12b0:PCAP:capture_20260430110001:43611bdf6759	SESSION-fa6f99be6bce12b0 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:2961c6ce61bd	flow:2961c6ce61bd → host:131.196.31.92 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:aba14d52f442	flow:aba14d52f442 → host:172.234.197.23 → host:131.196.28.207 → port:tcp:10939
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b3a25d201ec7d699:flow:3646d9aa9585	SESSION-b3a25d201ec7d699 → flow:3646d9aa9585
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-37ce4ecafac50117:PCAP:capture_20260430070001:903a0e7a436b	SESSION-37ce4ecafac50117 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-1f78283937123fd5:host:177.10.239.136	SESSION-1f78283937123fd5 → host:177.10.239.136
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a88f0b19d496a689:SESSION-a88f0b19d496a689	SESSION-a88f0b19d496a689 → pe:syn:SESSION-a88f0b19d496a689
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.68:asn:271410	host:131.196.31.68 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.143:geo_-16.28860_-49.01640	host:177.10.239.143 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7ab52a513e5ed877:host:177.10.237.24:host:172.234.197.23	SESSION-7ab52a513e5ed877 → host:177.10.237.24 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-31cda31fe1b0dd07:SESSION-31cda31fe1b0dd07	SESSION-31cda31fe1b0dd07 → pe:rst:SESSION-31cda31fe1b0dd07
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.205:geo_-23.62930_-46.63510	host:131.196.31.205 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ad7ae70426d3354:host:172.234.197.23	SESSION-5ad7ae70426d3354 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4b4d3205861f:port:tcp:62120	flow:4b4d3205861f → port:tcp:62120
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8bd396f5705de0fe:SESSION-8bd396f5705de0fe	SESSION-8bd396f5705de0fe → pe:tls:SESSION-8bd396f5705de0fe
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6fea2a5b83daabbc:flow:0429471effef	SESSION-6fea2a5b83daabbc → flow:0429471effef
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6ed96bf23ac2f6b:host:172.234.197.23	SESSION-a6ed96bf23ac2f6b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65316f3920c6d168:host:172.234.197.23	SESSION-65316f3920c6d168 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c873de224cbac149:SESSION-c873de224cbac149	SESSION-c873de224cbac149 → pe:syn:SESSION-c873de224cbac149
FLOW_DST_PORTOBS	e:fp:flow:4cbf90c61fa6:port:tcp:9681	flow:4cbf90c61fa6 → port:tcp:9681
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8c60a94331c3e233:host:131.196.30.183:host:172.234.197.23	SESSION-8c60a94331c3e233 → host:131.196.30.183 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d9a539c485f657b5:SESSION-d9a539c485f657b5	SESSION-d9a539c485f657b5 → pe:syn:SESSION-d9a539c485f657b5
FLOW_TO_HOSTOBS	e:to:SESSION-c2bde5ab088d2882:host:172.234.197.23	SESSION-c2bde5ab088d2882 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a83b6f19c39d579f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a83b6f19c39d579f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d82ce6b730f5fc6b:flow:b73ed0c140e0	SESSION-d82ce6b730f5fc6b → flow:b73ed0c140e0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0f21a1d46f067dc:PCAP:capture_20260430090001:065659c7d314	SESSION-c0f21a1d46f067dc → PCAP:capture_20260430090001:065659c7d314
flow_observed3-aryOBS	e:fo:flow:ea6b723a5943	flow:ea6b723a5943 → host:3.102.147.184 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-853e897de6767cda:SESSION-853e897de6767cda	SESSION-853e897de6767cda → pe:syn:SESSION-853e897de6767cda
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4904f64e7943cb47:host:177.10.237.24	SESSION-4904f64e7943cb47 → host:177.10.237.24
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7f181002c59096f4:flow:a0c382eb3c90	SESSION-7f181002c59096f4 → flow:a0c382eb3c90
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.93:geo_-23.62930_-46.63510	host:131.196.31.93 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-71cc4f2ac3d57c32:host:177.10.236.82	SESSION-71cc4f2ac3d57c32 → host:177.10.236.82
FLOW_DST_PORTOBS	e:fp:flow:a080f56c4457:port:tcp:443	flow:a080f56c4457 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-d7bf020c0439ffaa:host:172.234.197.23	SESSION-d7bf020c0439ffaa → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:235168171731:port:tcp:443	flow:235168171731 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:47c5af296031:port:tcp:443	flow:47c5af296031 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:b6ce620286af:port:tcp:17088	flow:b6ce620286af → port:tcp:17088
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5257ce7e592379ae:flow:02b3a264a353	SESSION-5257ce7e592379ae → flow:02b3a264a353
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-27f33a2015337a96:SESSION-27f33a2015337a96	SESSION-27f33a2015337a96 → pe:syn:SESSION-27f33a2015337a96
flow_observed5-aryOBS	e:fo:flow:854f7b803eaa	flow:854f7b803eaa → host:177.10.236.215 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.156:asn:271410	host:131.196.30.156 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60dcadff088f62ae:host:172.234.197.23	SESSION-60dcadff088f62ae → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:e4c0f1f7a266	flow:e4c0f1f7a266 → host:172.234.197.23 → host:177.10.234.189 → port:tcp:34813
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76b86119fe5d0a6f:host:172.234.197.23	SESSION-76b86119fe5d0a6f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be67080b9ae14b48:host:131.196.31.78	SESSION-be67080b9ae14b48 → host:131.196.31.78
FLOW_DST_PORTOBS	e:fp:flow:989a9fc1eb99:port:tcp:3292	flow:989a9fc1eb99 → port:tcp:3292
FLOW_TO_HOSTOBS	e:to:SESSION-1c315b0bf7f59a30:host:131.196.28.115	SESSION-1c315b0bf7f59a30 → host:131.196.28.115
FLOW_TO_HOSTOBS	e:to:SESSION-c54b7fde1829c775:host:172.234.197.23	SESSION-c54b7fde1829c775 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d5ad022ad4096ce5:SESSION-d5ad022ad4096ce5	SESSION-d5ad022ad4096ce5 → pe:tls:SESSION-d5ad022ad4096ce5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d55d0fcf91e9ec79:host:177.10.237.192	SESSION-d55d0fcf91e9ec79 → host:177.10.237.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-337cf74c19f2631e:SESSION-337cf74c19f2631e	SESSION-337cf74c19f2631e → pe:tls:SESSION-337cf74c19f2631e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0b5f77768a227f3c:flow:c739bac7578a	SESSION-0b5f77768a227f3c → flow:c739bac7578a
FLOW_TO_HOSTOBS	e:to:SESSION-b0b067dd86042d0a:host:172.234.197.23	SESSION-b0b067dd86042d0a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3f12e4f5ba81c4d8:SESSION-3f12e4f5ba81c4d8	SESSION-3f12e4f5ba81c4d8 → pe:syn:SESSION-3f12e4f5ba81c4d8
FLOW_DST_PORTOBS	e:fp:flow:e1c367b611de:port:tcp:443	flow:e1c367b611de → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-755eaab432e9c6a6:flow:a74fab2c698c	SESSION-755eaab432e9c6a6 → flow:a74fab2c698c
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.100:geo_-16.28860_-49.01640	host:177.10.233.100 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b670e7c5e0a8e3a1:SESSION-b670e7c5e0a8e3a1	SESSION-b670e7c5e0a8e3a1 → pe:syn:SESSION-b670e7c5e0a8e3a1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-140cb8b81d438202:host:177.10.237.82	SESSION-140cb8b81d438202 → host:177.10.237.82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b0a36bcb50aee6b:host:177.10.237.189	SESSION-2b0a36bcb50aee6b → host:177.10.237.189
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-970108b06912c1b7:SESSION-970108b06912c1b7	SESSION-970108b06912c1b7 → pe:syn:SESSION-970108b06912c1b7
FLOW_FROM_HOSTOBS	e:from:SESSION-ceaacc21db1a34ae:host:172.234.197.23	SESSION-ceaacc21db1a34ae → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:17bb9dab59c4	flow:17bb9dab59c4 → host:45.145.152.178 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bcd779876233a786:host:45.145.152.15	SESSION-bcd779876233a786 → host:45.145.152.15
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eb9826b2bc40f219:host:177.10.238.191:host:172.234.197.23	SESSION-eb9826b2bc40f219 → host:177.10.238.191 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b3948aeec4a52663:flow:ba545b1ede58	SESSION-b3948aeec4a52663 → flow:ba545b1ede58
FLOW_TO_HOSTOBS	e:to:SESSION-1739bca4a014ab7e:host:172.234.197.23	SESSION-1739bca4a014ab7e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b1b714ce8916a149:host:172.234.197.23:host:131.196.29.21	SESSION-b1b714ce8916a149 → host:172.234.197.23 → host:131.196.29.21
FLOW_TO_HOSTOBS	e:to:SESSION-cd801ce1250407dd:host:172.234.197.23	SESSION-cd801ce1250407dd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-dad6cf67ed488f0b:host:131.196.31.127	SESSION-dad6cf67ed488f0b → host:131.196.31.127
FLOW_FROM_HOSTOBS	e:from:SESSION-a242c68bb3594796:host:177.10.234.71	SESSION-a242c68bb3594796 → host:177.10.234.71
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9d01126d5763bf9:host:177.10.239.229	SESSION-f9d01126d5763bf9 → host:177.10.239.229
FLOW_TO_HOSTOBS	e:to:SESSION-d2b55c597efe9edc:host:172.234.197.23	SESSION-d2b55c597efe9edc → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b2b0ee493ee38385:host:177.10.235.210	SESSION-b2b0ee493ee38385 → host:177.10.235.210
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1f29948747ee8d5c:host:177.10.235.174:host:172.234.197.23	SESSION-1f29948747ee8d5c → host:177.10.235.174 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:58c76ba5674f	flow:58c76ba5674f → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-228e058fc2527275:SESSION-228e058fc2527275	SESSION-228e058fc2527275 → pe:tls:SESSION-228e058fc2527275
FLOW_TO_HOSTOBS	e:to:SESSION-bca14afee5df98e9:host:172.234.197.23	SESSION-bca14afee5df98e9 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:32bab55f8c7a	flow:32bab55f8c7a → host:172.234.197.23 → host:45.173.156.14 → port:tcp:28449
flow_observed5-aryOBS	e:fo:flow:6b0f2e0dfbd5	flow:6b0f2e0dfbd5 → host:177.10.238.247 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:5a19d89647bf	flow:5a19d89647bf → host:131.196.30.20 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:952d15da9419	flow:952d15da9419 → host:172.234.197.23 → host:131.196.29.240 → port:tcp:19547
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7b8f87145037449c:SESSION-7b8f87145037449c	SESSION-7b8f87145037449c → pe:tls:SESSION-7b8f87145037449c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c701d534f5ceb273:host:131.196.30.147	SESSION-c701d534f5ceb273 → host:131.196.30.147
flow_observed5-aryOBS	e:fo:flow:a7c8e382dfaf	flow:a7c8e382dfaf → host:131.196.30.83 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-e3f936e849fecda0:host:172.234.197.23	SESSION-e3f936e849fecda0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa09fbb5e640ff94:host:172.234.197.23:host:177.10.237.94	SESSION-aa09fbb5e640ff94 → host:172.234.197.23 → host:177.10.237.94
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-73ac0ee86c608450:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-73ac0ee86c608450 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_IN_ASNOBS 85%	e:ha:host:103.230.240.59:asn:152194	host:103.230.240.59 → asn:152194
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8ffffed45ee6ab8:host:177.10.233.253	SESSION-f8ffffed45ee6ab8 → host:177.10.233.253
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2161d2ba591330e1:host:177.10.232.61:host:172.234.197.23	SESSION-2161d2ba591330e1 → host:177.10.232.61 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e3fba4062f618c50:SESSION-e3fba4062f618c50	SESSION-e3fba4062f618c50 → pe:syn:SESSION-e3fba4062f618c50
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-abff9bfe6a29f0b5:SESSION-abff9bfe6a29f0b5	SESSION-abff9bfe6a29f0b5 → pe:syn:SESSION-abff9bfe6a29f0b5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e4dd8b9d1b64d369:host:172.234.197.23	SESSION-e4dd8b9d1b64d369 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb2ab3101d5e046e:SESSION-cb2ab3101d5e046e	SESSION-cb2ab3101d5e046e → pe:syn:SESSION-cb2ab3101d5e046e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-40f1f2214a3951bb:flow:d4fdcb61394f	SESSION-40f1f2214a3951bb → flow:d4fdcb61394f
FLOW_FROM_HOSTOBS	e:from:SESSION-db3c6ad3393f14ad:host:177.10.234.186	SESSION-db3c6ad3393f14ad → host:177.10.234.186
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d811160d7459a4b2:host:177.10.238.113	SESSION-d811160d7459a4b2 → host:177.10.238.113
FLOW_DST_PORTOBS	e:fp:flow:679a0b8a18c3:port:tcp:14059	flow:679a0b8a18c3 → port:tcp:14059
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-724515316ace62dc:SESSION-724515316ace62dc	SESSION-724515316ace62dc → pe:tls:SESSION-724515316ace62dc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8749b2c626b3f1be:SESSION-8749b2c626b3f1be	SESSION-8749b2c626b3f1be → pe:syn:SESSION-8749b2c626b3f1be
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-08df11bd27017e71:PCAP:capture_20260428010001:b1b402c7b202	SESSION-08df11bd27017e71 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65f49e29fd3c9157:PCAP:capture_20260430080001:93f47cc296a4	SESSION-65f49e29fd3c9157 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:1d9d2a5c7efa	flow:1d9d2a5c7efa → host:185.231.226.68 → host:172.234.197.23 → port:tcp:80 → svc:http
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.217:geo_-16.28860_-49.01640	host:177.10.232.217 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:895c616786e2:port:tcp:443	flow:895c616786e2 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b93959f6df3f665b:host:177.10.234.215	SESSION-b93959f6df3f665b → host:177.10.234.215
FLOW_DST_PORTOBS	e:fp:flow:f1d4144b7eed:port:tcp:443	flow:f1d4144b7eed → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-64807579ab6c52ee:SESSION-64807579ab6c52ee	SESSION-64807579ab6c52ee → pe:tls:SESSION-64807579ab6c52ee
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-35228babc2ac6e48:SESSION-35228babc2ac6e48	SESSION-35228babc2ac6e48 → pe:syn:SESSION-35228babc2ac6e48
FLOW_DST_PORTOBS	e:fp:flow:0d2369f69026:port:tcp:443	flow:0d2369f69026 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3a3b1f52ae1679da:host:172.234.197.23	SESSION-3a3b1f52ae1679da → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d80c3cc4d9c6:port:tcp:443	flow:d80c3cc4d9c6 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-7f44cd8b141a7b5c:host:177.10.233.238	SESSION-7f44cd8b141a7b5c → host:177.10.233.238
FLOW_TO_HOSTOBS	e:to:SESSION-2290de8fcf2817df:host:172.234.197.23	SESSION-2290de8fcf2817df → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:8ad9cc7c0c57:port:tcp:58611	flow:8ad9cc7c0c57 → port:tcp:58611
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-93e5d317492a213b:flow:6cb039b7cca8	SESSION-93e5d317492a213b → flow:6cb039b7cca8
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.122:asn:262880	host:177.10.237.122 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-019264e09ceae880:SESSION-019264e09ceae880	SESSION-019264e09ceae880 → pe:tls:SESSION-019264e09ceae880
flow_observed5-aryOBS	e:fo:flow:00e85a80309b	flow:00e85a80309b → host:177.10.238.179 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf9e0725ec95e307:flow:8a712d7c1855	SESSION-bf9e0725ec95e307 → flow:8a712d7c1855
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-112ed66aeea7c1e0:host:172.234.197.23	SESSION-112ed66aeea7c1e0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-295a993db8b4e397:SESSION-295a993db8b4e397	SESSION-295a993db8b4e397 → pe:syn:SESSION-295a993db8b4e397
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f275f56cd4e0d64:host:45.173.156.117	SESSION-3f275f56cd4e0d64 → host:45.173.156.117
FLOW_DST_PORTOBS	e:fp:flow:5d01015a2df9:port:tcp:443	flow:5d01015a2df9 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:b64554ad3d41	flow:b64554ad3d41 → host:131.196.28.129 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:34.140.18.6:asn:396982	host:34.140.18.6 → asn:396982
FLOW_TO_HOSTOBS	e:to:SESSION-d3f99262a1bb3592:host:131.196.30.237	SESSION-d3f99262a1bb3592 → host:131.196.30.237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a16085aea35a1403:host:103.230.240.59	SESSION-a16085aea35a1403 → host:103.230.240.59
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-19009ef53e5ab2ef:host:195.154.100.87	SESSION-19009ef53e5ab2ef → host:195.154.100.87
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a20ec48656879fce:SESSION-a20ec48656879fce	SESSION-a20ec48656879fce → pe:tls:SESSION-a20ec48656879fce
FLOW_DST_PORTOBS	e:fp:flow:1bd45696d21f:port:tcp:443	flow:1bd45696d21f → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8dff22511e3d5727:host:172.234.197.23:host:177.10.236.139	SESSION-8dff22511e3d5727 → host:172.234.197.23 → host:177.10.236.139
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.103:geo_-23.62930_-46.63510	host:131.196.29.103 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-aa31472460997bf3:host:177.10.238.46	SESSION-aa31472460997bf3 → host:177.10.238.46
flow_observed4-aryOBS	e:fo:flow:f3f7c601b898	flow:f3f7c601b898 → host:172.234.197.23 → host:177.10.232.242 → port:tcp:36197
ASN_IN_ORGOBS 80%	e:ao:asn:214139:org:Private.coffee- Verein zur Forderung von Privatsphare und digitaler Souveranitat	asn:214139 → org:Private.coffee- Verein zur Forderung von Privatsphare und digitaler Souveranitat
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ca00666a1b5cdae:host:177.10.233.137	SESSION-1ca00666a1b5cdae → host:177.10.233.137
flow_observed5-aryOBS	e:fo:flow:ddb8eea7a241	flow:ddb8eea7a241 → host:131.196.28.92 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:08cad5f12b06:port:tcp:443	flow:08cad5f12b06 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.3:asn:262880	host:177.10.233.3 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a6a106ff5da861ac:host:177.10.236.242	SESSION-a6a106ff5da861ac → host:177.10.236.242
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79787964fff3a281:host:177.10.237.124	SESSION-79787964fff3a281 → host:177.10.237.124
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-95b6b17f9a1b89d0:host:52.12.196.158:host:172.234.197.23	SESSION-95b6b17f9a1b89d0 → host:52.12.196.158 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9ab980d26fa84a5e:host:177.10.234.87	SESSION-9ab980d26fa84a5e → host:177.10.234.87
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3f486f528dd93473:flow:c4cda82c081c	SESSION-3f486f528dd93473 → flow:c4cda82c081c
FLOW_TO_HOSTOBS	e:to:SESSION-a208e591aeac31e9:host:172.234.197.23	SESSION-a208e591aeac31e9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f6588417d002f2ed:SESSION-f6588417d002f2ed	SESSION-f6588417d002f2ed → pe:syn:SESSION-f6588417d002f2ed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4f97616f4c907a8c:host:177.10.239.43	SESSION-4f97616f4c907a8c → host:177.10.239.43
FLOW_DST_PORTOBS	e:fp:flow:643c889fdaf8:port:tcp:49996	flow:643c889fdaf8 → port:tcp:49996
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b6d920a3cc562b13:host:45.173.156.84:host:172.234.197.23	SESSION-b6d920a3cc562b13 → host:45.173.156.84 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb243e65e2b1808d:host:177.10.237.117	SESSION-eb243e65e2b1808d → host:177.10.237.117
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b93959f6df3f665b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b93959f6df3f665b → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:4a9b5bb3cf88	flow:4a9b5bb3cf88 → host:177.10.233.231 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ef849695f946a5ec:SESSION-ef849695f946a5ec	SESSION-ef849695f946a5ec → pe:tls:SESSION-ef849695f946a5ec
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-151e53ee3004033b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-151e53ee3004033b → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27da8f08a1512941:host:45.173.156.220	SESSION-27da8f08a1512941 → host:45.173.156.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-777f9d135946568c:SESSION-777f9d135946568c	SESSION-777f9d135946568c → pe:tls:SESSION-777f9d135946568c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-21a19991d129ba18:PCAP:capture_20260430090001:065659c7d314	SESSION-21a19991d129ba18 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-92fb186a1f8eeacc:host:172.234.197.23	SESSION-92fb186a1f8eeacc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-77e4374445abb63e:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-77e4374445abb63e → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30e9e6bd80ef39ea:host:131.196.30.90	SESSION-30e9e6bd80ef39ea → host:131.196.30.90
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b9574d05ba0801a5:flow:555fbcdc8478	SESSION-b9574d05ba0801a5 → flow:555fbcdc8478
flow_observed4-aryOBS	e:fo:flow:fb63bd02d584	flow:fb63bd02d584 → host:172.234.197.23 → host:177.10.233.70 → port:tcp:846
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9af79ddb47e5c950:host:131.196.31.86	SESSION-9af79ddb47e5c950 → host:131.196.31.86
flow_observed5-aryOBS	e:fo:flow:23feae6e895f	flow:23feae6e895f → host:177.10.235.175 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3c812f2a31a60fc9:host:177.10.237.202	SESSION-3c812f2a31a60fc9 → host:177.10.237.202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6f2f5812045d2e3b:SESSION-6f2f5812045d2e3b	SESSION-6f2f5812045d2e3b → pe:tls:SESSION-6f2f5812045d2e3b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b0b8b90e300d9c11:flow:8b1738dc4ada	SESSION-b0b8b90e300d9c11 → flow:8b1738dc4ada
flow_observed5-aryOBS	e:fo:flow:da6a789b8ed7	flow:da6a789b8ed7 → host:131.196.28.247 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0be9ff1ae53d349:host:172.234.197.23	SESSION-f0be9ff1ae53d349 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.183:asn:271410	host:131.196.29.183 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:a94ed5a3e04e:port:tcp:443	flow:a94ed5a3e04e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-be868fb861e0a1c8:SESSION-be868fb861e0a1c8	SESSION-be868fb861e0a1c8 → pe:tls:SESSION-be868fb861e0a1c8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d9e3720b73bcaea:host:172.234.197.23	SESSION-0d9e3720b73bcaea → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c016235dacd88a4d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c016235dacd88a4d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e12e5221262ce88f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e12e5221262ce88f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-2ee36310db765ff6:host:172.234.197.23	SESSION-2ee36310db765ff6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-455353f546d0ad3e:host:177.10.234.250:host:172.234.197.23	SESSION-455353f546d0ad3e → host:177.10.234.250 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d1fc1a294ea3	flow:d1fc1a294ea3 → host:131.196.30.221 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5b5b84f652a18f91:SESSION-5b5b84f652a18f91	SESSION-5b5b84f652a18f91 → pe:tls:SESSION-5b5b84f652a18f91
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-de2c7d1c6ad5841e:PCAP:capture_20260430150001:ded20914761d	SESSION-de2c7d1c6ad5841e → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-10314c25bdbc198a:host:177.10.233.126	SESSION-10314c25bdbc198a → host:177.10.233.126
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.234:geo_-16.28860_-49.01640	host:177.10.234.234 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-06ad44a538684c23:flow:00ea2c27d768	SESSION-06ad44a538684c23 → flow:00ea2c27d768
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ffc31ee499a3f223:flow:2d8e7a3e879f	SESSION-ffc31ee499a3f223 → flow:2d8e7a3e879f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7569a7ee383f653c:SESSION-7569a7ee383f653c	SESSION-7569a7ee383f653c → pe:tls:SESSION-7569a7ee383f653c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4289737814dbd64:host:177.10.239.150:host:172.234.197.23	SESSION-c4289737814dbd64 → host:177.10.239.150 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-44d3fd3ee1d51da1:host:177.10.232.139:host:172.234.197.23	SESSION-44d3fd3ee1d51da1 → host:177.10.232.139 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-954e70596a40db71:PCAP:capture_20260430070001:903a0e7a436b	SESSION-954e70596a40db71 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.11:geo_-16.28860_-49.01640	host:177.10.235.11 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-89c3cc1547edab47:SESSION-89c3cc1547edab47	SESSION-89c3cc1547edab47 → pe:dns:SESSION-89c3cc1547edab47
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7ddcefc7eea69488:SESSION-7ddcefc7eea69488	SESSION-7ddcefc7eea69488 → pe:syn:SESSION-7ddcefc7eea69488
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56d3faf83e1ced7d:host:172.234.197.23	SESSION-56d3faf83e1ced7d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-656bb895abc59727:host:177.10.237.49	SESSION-656bb895abc59727 → host:177.10.237.49
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b1ca06073d474c63:SESSION-b1ca06073d474c63	SESSION-b1ca06073d474c63 → pe:syn:SESSION-b1ca06073d474c63
flow_observed5-aryOBS	e:fo:flow:dbfebbe7d3ff	flow:dbfebbe7d3ff → host:45.173.156.70 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f0cdd1d919af3f4a:flow:0bf660e47544	SESSION-f0cdd1d919af3f4a → flow:0bf660e47544
FLOW_TO_HOSTOBS	e:to:SESSION-48de9f7b9a5a464c:host:172.234.197.23	SESSION-48de9f7b9a5a464c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d5cd00671f435cc6:host:177.10.233.254:host:172.234.197.23	SESSION-d5cd00671f435cc6 → host:177.10.233.254 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8293f5a95baa645a:flow:47679687883b	SESSION-8293f5a95baa645a → flow:47679687883b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc41b76983738bc7:host:177.10.233.171	SESSION-cc41b76983738bc7 → host:177.10.233.171
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4cb8ade3138db412:host:131.196.30.45	SESSION-4cb8ade3138db412 → host:131.196.30.45
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3a3b1f52ae1679da:flow:611c62356d76	SESSION-3a3b1f52ae1679da → flow:611c62356d76
FLOW_TO_HOSTOBS	e:to:SESSION-6d3dc2c705a19d83:host:172.234.197.23	SESSION-6d3dc2c705a19d83 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bb55c33944ff:port:tcp:443	flow:bb55c33944ff → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-310a1cee325ffc65:flow:933c44fe1b6d	SESSION-310a1cee325ffc65 → flow:933c44fe1b6d
FLOW_FROM_HOSTOBS	e:from:SESSION-bef08b3c32a1c401:host:177.10.234.108	SESSION-bef08b3c32a1c401 → host:177.10.234.108
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-122af33beaf7e9c5:host:172.234.197.23	SESSION-122af33beaf7e9c5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ce89d337c6c28e5:host:172.234.197.23	SESSION-4ce89d337c6c28e5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b074fbdb748702cc:host:177.10.235.195	SESSION-b074fbdb748702cc → host:177.10.235.195
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.227:geo_-23.62930_-46.63510	host:131.196.29.227 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a3bb54d95c2cdaff:PCAP:capture_20260430070001:903a0e7a436b	SESSION-a3bb54d95c2cdaff → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77a13185d72dec11:host:172.234.197.23	SESSION-77a13185d72dec11 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-59d5bafa56d514c9:host:45.173.156.31	SESSION-59d5bafa56d514c9 → host:45.173.156.31
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e488bd001486e0ee:PCAP:capture_20260430090001:065659c7d314	SESSION-e488bd001486e0ee → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-458a0c6775d84d5e:SESSION-458a0c6775d84d5e	SESSION-458a0c6775d84d5e → pe:tls:SESSION-458a0c6775d84d5e
FLOW_TO_HOSTOBS	e:to:SESSION-c421ecd159f7b93a:host:172.234.197.23	SESSION-c421ecd159f7b93a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-86e3f0fd63ed2ea3:flow:fa03de97d438	SESSION-86e3f0fd63ed2ea3 → flow:fa03de97d438
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.241:geo_-16.28860_-49.01640	host:177.10.239.241 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7377b91dd9eda5d9:host:177.10.234.34	SESSION-7377b91dd9eda5d9 → host:177.10.234.34
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.150:geo_-23.62930_-46.63510	host:131.196.29.150 → geo_-23.62930_-46.63510
flow_observed4-aryOBS	e:fo:flow:0670c67e04ae	flow:0670c67e04ae → host:172.234.197.23 → host:177.10.238.156 → port:tcp:18047
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.144:asn:262880	host:177.10.233.144 → asn:262880
flow_observed5-aryOBS	e:fo:flow:86566d19d59b	flow:86566d19d59b → host:131.196.30.201 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:c2443289afd9:port:tcp:443	flow:c2443289afd9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ddcefc7eea69488:host:131.196.31.217	SESSION-7ddcefc7eea69488 → host:131.196.31.217
FLOW_FROM_HOSTOBS	e:from:SESSION-4f95aea3e66ab57b:host:172.234.197.23	SESSION-4f95aea3e66ab57b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-92922842b80104c6:host:172.234.197.23	SESSION-92922842b80104c6 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.64:asn:262880	host:177.10.238.64 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ef734d9bbeb2d12:host:45.173.156.92	SESSION-4ef734d9bbeb2d12 → host:45.173.156.92
FLOW_DST_PORTOBS	e:fp:flow:bd6fe49aac03:port:tcp:443	flow:bd6fe49aac03 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-49652bb4e1e9db35:SESSION-49652bb4e1e9db35	SESSION-49652bb4e1e9db35 → pe:rst:SESSION-49652bb4e1e9db35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-83267dedfd50dbe7:SESSION-83267dedfd50dbe7	SESSION-83267dedfd50dbe7 → pe:syn:SESSION-83267dedfd50dbe7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d24a424002821105:SESSION-d24a424002821105	SESSION-d24a424002821105 → pe:tls:SESSION-d24a424002821105
FLOW_DST_PORTOBS	e:fp:flow:70e6dbadc53e:port:tcp:443	flow:70e6dbadc53e → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:d0366e388dff	flow:d0366e388dff → host:177.10.233.126 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d74f533686cf043:host:172.234.197.23	SESSION-0d74f533686cf043 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8dff22511e3d5727:host:177.10.236.139	SESSION-8dff22511e3d5727 → host:177.10.236.139
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d55d0fcf91e9ec79:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d55d0fcf91e9ec79 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:041259ac1bfc	flow:041259ac1bfc → host:177.10.239.15 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-f56adc7043a43d99:host:131.196.29.255	SESSION-f56adc7043a43d99 → host:131.196.29.255
FLOW_FROM_HOSTOBS	e:from:SESSION-4066f36b6ded169d:host:177.10.236.138	SESSION-4066f36b6ded169d → host:177.10.236.138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b5af66d109a4873:host:131.196.30.7	SESSION-5b5af66d109a4873 → host:131.196.30.7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4531330495d6a6b8:PCAP:capture_20260430090001:065659c7d314	SESSION-4531330495d6a6b8 → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.145:asn:271410	host:131.196.31.145 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.235:geo_-16.28860_-49.01640	host:177.10.239.235 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:918025e4b0e2:port:tcp:443	flow:918025e4b0e2 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e2f2dfbe9df7c080:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e2f2dfbe9df7c080 → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.176:geo_-16.28860_-49.01640	host:177.10.232.176 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d0a19698769d1246:SESSION-d0a19698769d1246	SESSION-d0a19698769d1246 → pe:syn:SESSION-d0a19698769d1246
FLOW_TO_HOSTOBS	e:to:SESSION-41f0125815f54041:host:45.173.156.138	SESSION-41f0125815f54041 → host:45.173.156.138
FLOW_FROM_HOSTOBS	e:from:SESSION-a70cd7da1062faad:host:177.10.233.176	SESSION-a70cd7da1062faad → host:177.10.233.176
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1cbcb5d52df9d7c9:flow:d3502ef6da0c	SESSION-1cbcb5d52df9d7c9 → flow:d3502ef6da0c
FLOW_DST_PORTOBS	e:fp:flow:099252cb5d04:port:tcp:443	flow:099252cb5d04 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6050ca7af62c0465:SESSION-6050ca7af62c0465	SESSION-6050ca7af62c0465 → pe:syn:SESSION-6050ca7af62c0465
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-27f108382ab89b5c:flow:20fcf5f8be30	SESSION-27f108382ab89b5c → flow:20fcf5f8be30
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7e110cd2632aa64:host:177.10.238.232	SESSION-e7e110cd2632aa64 → host:177.10.238.232
FLOW_FROM_HOSTOBS	e:from:SESSION-527af3b786e52b88:host:177.10.237.226	SESSION-527af3b786e52b88 → host:177.10.237.226
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-329dd162e3e18437:SESSION-329dd162e3e18437	SESSION-329dd162e3e18437 → pe:syn:SESSION-329dd162e3e18437
FLOW_DST_PORTOBS	e:fp:flow:cc4e9257354e:port:tcp:443	flow:cc4e9257354e → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-305a85099066f209:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-305a85099066f209 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-82093c184ece9713:SESSION-82093c184ece9713	SESSION-82093c184ece9713 → pe:syn:SESSION-82093c184ece9713
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1cb1824ec0ef0f8a:SESSION-1cb1824ec0ef0f8a	SESSION-1cb1824ec0ef0f8a → pe:tls:SESSION-1cb1824ec0ef0f8a
FLOW_FROM_HOSTOBS	e:from:SESSION-e991004bd02372d1:host:131.196.29.130	SESSION-e991004bd02372d1 → host:131.196.29.130
flow_observed4-aryOBS	e:fo:flow:d5753efef811	flow:d5753efef811 → host:172.234.197.23 → host:177.10.233.137 → port:tcp:63097
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.244:geo_-21.10010_-41.69200	host:45.173.156.244 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ddc82f590dd8a411:PCAP:capture_20260430060001:919b39a74464	SESSION-ddc82f590dd8a411 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0fd6726780ee8778:SESSION-0fd6726780ee8778	SESSION-0fd6726780ee8778 → pe:tls:SESSION-0fd6726780ee8778
FLOW_TO_HOSTOBS	e:to:SESSION-18af1f65a173a9cf:host:80.94.92.186	SESSION-18af1f65a173a9cf → host:80.94.92.186
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eff9d1155e5c571f:SESSION-eff9d1155e5c571f	SESSION-eff9d1155e5c571f → pe:tls:SESSION-eff9d1155e5c571f
FLOW_TO_HOSTOBS	e:to:SESSION-e488bd001486e0ee:host:172.234.197.23	SESSION-e488bd001486e0ee → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-659e9e20b25ca2e2:flow:867d546c7ebe	SESSION-659e9e20b25ca2e2 → flow:867d546c7ebe
FLOW_TO_HOSTOBS	e:to:SESSION-186abbea6a1cb4f5:host:172.234.197.23	SESSION-186abbea6a1cb4f5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:983413e2d3e3:port:tcp:443	flow:983413e2d3e3 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-674d0a1b38b3c135:host:172.234.197.23	SESSION-674d0a1b38b3c135 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9239765cb326:port:tcp:64581	flow:9239765cb326 → port:tcp:64581
flow_observed4-aryOBS	e:fo:flow:ec874a67e7cd	flow:ec874a67e7cd → host:172.234.197.23 → host:131.196.29.41 → port:tcp:13815
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ca027ca401d4d122:host:172.234.197.23	SESSION-ca027ca401d4d122 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b5dccafc7307f6ac:host:45.173.156.205	SESSION-b5dccafc7307f6ac → host:45.173.156.205
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef2cf125c8c7b83a:host:131.196.28.193	SESSION-ef2cf125c8c7b83a → host:131.196.28.193
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-57039b95174af1c3:SESSION-57039b95174af1c3	SESSION-57039b95174af1c3 → pe:syn:SESSION-57039b95174af1c3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b4751d88925ba5f3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b4751d88925ba5f3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-2dd011a07497df56:host:172.234.197.23	SESSION-2dd011a07497df56 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb88b05b3590e26e:host:45.173.156.57:host:172.234.197.23	SESSION-cb88b05b3590e26e → host:45.173.156.57 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cf669240db189a71:SESSION-cf669240db189a71	SESSION-cf669240db189a71 → pe:tls:SESSION-cf669240db189a71
flow_observed5-aryOBS	e:fo:flow:bc0d66ba9370	flow:bc0d66ba9370 → host:131.196.29.170 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:b3d6afc82aab:port:tcp:443	flow:b3d6afc82aab → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6263455e390c054e:host:172.234.197.23:host:177.10.237.216	SESSION-6263455e390c054e → host:172.234.197.23 → host:177.10.237.216
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-19fcdbc3c5b0e100:PCAP:capture_20260430060001:919b39a74464	SESSION-19fcdbc3c5b0e100 → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.194:asn:271410	host:131.196.31.194 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:37.221.79.224:asn:203771	host:37.221.79.224 → asn:203771
FLOW_FROM_HOSTOBS	e:from:SESSION-82fb3096076edb8c:host:172.234.197.23	SESSION-82fb3096076edb8c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa09fbb5e640ff94:host:177.10.237.94	SESSION-aa09fbb5e640ff94 → host:177.10.237.94
flow_observed5-aryOBS	e:fo:flow:550413e8132d	flow:550413e8132d → host:131.196.29.167 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:183fec7e62fe:port:tcp:443	flow:183fec7e62fe → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-ad31d7217a236b09:host:177.10.237.14	SESSION-ad31d7217a236b09 → host:177.10.237.14
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9a27c97c4e7ac566:flow:e02559d3bb27	SESSION-9a27c97c4e7ac566 → flow:e02559d3bb27
FLOW_DST_PORTOBS	e:fp:flow:4e885934f3d9:port:tcp:443	flow:4e885934f3d9 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-69b211b684a77852:host:172.234.197.23	SESSION-69b211b684a77852 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:01bad0e68b5f	flow:01bad0e68b5f → host:177.10.232.100 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a6d1acf39452c448:SESSION-a6d1acf39452c448	SESSION-a6d1acf39452c448 → pe:tls:SESSION-a6d1acf39452c448
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.10:asn:271410	host:131.196.28.10 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-b50835be4d5bba16:host:177.10.237.145	SESSION-b50835be4d5bba16 → host:177.10.237.145
FLOW_FROM_HOSTOBS	e:from:SESSION-d0a19698769d1246:host:172.234.197.23	SESSION-d0a19698769d1246 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.103:asn:271410	host:131.196.30.103 → asn:271410
flow_observed4-aryOBS	e:fo:flow:ab4ab2abbcf9	flow:ab4ab2abbcf9 → host:172.234.197.23 → host:177.10.237.76 → port:tcp:52813
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf85a83f91ce2875:host:131.196.30.12	SESSION-cf85a83f91ce2875 → host:131.196.30.12
FLOW_FROM_HOSTOBS	e:from:SESSION-eee0288be94ee16a:host:45.173.156.253	SESSION-eee0288be94ee16a → host:45.173.156.253
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8f62140848f2b702:SESSION-8f62140848f2b702	SESSION-8f62140848f2b702 → pe:tls:SESSION-8f62140848f2b702
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.0:geo_-16.28860_-49.01640	host:177.10.238.0 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-531f1f169db2954c:flow:2e10465cca68	SESSION-531f1f169db2954c → flow:2e10465cca68
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d0929735579c89e2:SESSION-d0929735579c89e2	SESSION-d0929735579c89e2 → pe:syn:SESSION-d0929735579c89e2
flow_observed5-aryOBS	e:fo:flow:adda313743fa	flow:adda313743fa → host:131.196.29.80 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:ad28e31e7902:port:tcp:443	flow:ad28e31e7902 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-17133b7d31116a9e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-17133b7d31116a9e → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a03e1a67bd79b062:SESSION-a03e1a67bd79b062	SESSION-a03e1a67bd79b062 → pe:tls:SESSION-a03e1a67bd79b062
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff4eb64228a8af88:host:172.234.197.23	SESSION-ff4eb64228a8af88 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fc18a12b15fb2c84:SESSION-fc18a12b15fb2c84	SESSION-fc18a12b15fb2c84 → pe:tls:SESSION-fc18a12b15fb2c84
flow_observed5-aryOBS	e:fo:flow:2291d654d6e8	flow:2291d654d6e8 → host:177.10.238.36 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:8b5bbd34f82c:port:tcp:8442	flow:8b5bbd34f82c → port:tcp:8442
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-42dd33a8e6552b73:host:34.216.30.208:host:172.234.197.23	SESSION-42dd33a8e6552b73 → host:34.216.30.208 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f5b8d372cd42441:host:177.10.237.52	SESSION-6f5b8d372cd42441 → host:177.10.237.52
FLOW_TO_HOSTOBS	e:to:SESSION-ccb8c7743352cfdc:host:131.196.31.84	SESSION-ccb8c7743352cfdc → host:131.196.31.84
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-979974e101979ba8:SESSION-979974e101979ba8	SESSION-979974e101979ba8 → pe:rst:SESSION-979974e101979ba8
FLOW_TO_HOSTOBS	e:to:SESSION-8ce2f2546c044634:host:131.196.30.81	SESSION-8ce2f2546c044634 → host:131.196.30.81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3168a3173448dd7d:SESSION-3168a3173448dd7d	SESSION-3168a3173448dd7d → pe:tls:SESSION-3168a3173448dd7d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c422154c7899227e:SESSION-c422154c7899227e	SESSION-c422154c7899227e → pe:tls:SESSION-c422154c7899227e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4be71a9ef959f500:flow:b64652804f63	SESSION-4be71a9ef959f500 → flow:b64652804f63
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4cc664d616fce9d7:host:172.234.197.23	SESSION-4cc664d616fce9d7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a1e631f6e627b67d:host:172.234.197.23	SESSION-a1e631f6e627b67d → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:562b1afc797f	flow:562b1afc797f → host:172.234.197.23 → host:131.196.28.170 → port:tcp:17317
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65f49e29fd3c9157:SESSION-65f49e29fd3c9157	SESSION-65f49e29fd3c9157 → pe:tls:SESSION-65f49e29fd3c9157
FLOW_DST_PORTOBS	e:fp:flow:df60fa020117:port:tcp:443	flow:df60fa020117 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ed80052f988e41bd:SESSION-ed80052f988e41bd	SESSION-ed80052f988e41bd → pe:syn:SESSION-ed80052f988e41bd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7a22eb4c95bd17b8:SESSION-7a22eb4c95bd17b8	SESSION-7a22eb4c95bd17b8 → pe:syn:SESSION-7a22eb4c95bd17b8
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.7:asn:273470	host:45.173.156.7 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e9b874351d52a188:SESSION-e9b874351d52a188	SESSION-e9b874351d52a188 → pe:tls:SESSION-e9b874351d52a188
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fc301fc8fa5220df:host:177.10.238.166:host:172.234.197.23	SESSION-fc301fc8fa5220df → host:177.10.238.166 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f879597a466f9080:host:177.10.238.154	SESSION-f879597a466f9080 → host:177.10.238.154
FLOW_TO_HOSTOBS	e:to:SESSION-5c439db2cd1990c9:host:172.234.197.23	SESSION-5c439db2cd1990c9 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bb5021014b7af5cb:host:177.10.234.143	SESSION-bb5021014b7af5cb → host:177.10.234.143
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9433c1773faa9882:host:172.234.197.23	SESSION-9433c1773faa9882 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:81c6f4e43850	flow:81c6f4e43850 → host:172.234.197.23 → host:131.196.30.36 → port:tcp:2911
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.153:asn:262880	host:177.10.234.153 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-587fbc18dc61ddb0:host:172.234.197.23	SESSION-587fbc18dc61ddb0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a782bfdef89df980:host:177.10.238.50:host:172.234.197.23	SESSION-a782bfdef89df980 → host:177.10.238.50 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b34520b38e3fc963:host:177.10.235.151:host:172.234.197.23	SESSION-b34520b38e3fc963 → host:177.10.235.151 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3748d9d14aafdb8:host:172.234.197.23	SESSION-f3748d9d14aafdb8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9222c19da42c0aaa:host:172.234.197.23	SESSION-9222c19da42c0aaa → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1bd78fd10af70dea:PCAP:capture_20260430150001:ded20914761d	SESSION-1bd78fd10af70dea → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-973fc1252d207af1:host:172.234.197.23	SESSION-973fc1252d207af1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-86b4956d98680667:host:177.10.232.55	SESSION-86b4956d98680667 → host:177.10.232.55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cd8dbb599c016751:SESSION-cd8dbb599c016751	SESSION-cd8dbb599c016751 → pe:tls:SESSION-cd8dbb599c016751
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-88c7e3106e33eb03:flow:5b3217c4696e	SESSION-88c7e3106e33eb03 → flow:5b3217c4696e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-41808c8c85c3c4d3:flow:0610a22af30a	SESSION-41808c8c85c3c4d3 → flow:0610a22af30a
FLOW_DST_PORTOBS	e:fp:flow:0e2a2cd94527:port:udp:53	flow:0e2a2cd94527 → port:udp:53
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.84:geo_-21.10010_-41.69200	host:45.173.156.84 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bfe3e48aa982c746:host:177.10.237.169:host:172.234.197.23	SESSION-bfe3e48aa982c746 → host:177.10.237.169 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f2ae6b0bca9a8c33:host:172.234.197.23	SESSION-f2ae6b0bca9a8c33 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.163:asn:262880	host:177.10.234.163 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-72cd504b232e316e:flow:9f294cc57752	SESSION-72cd504b232e316e → flow:9f294cc57752
FLOW_DST_PORTOBS	e:fp:flow:83f6e4e64a29:port:tcp:443	flow:83f6e4e64a29 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6c09b181dae043f:host:172.232.0.16	SESSION-d6c09b181dae043f → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-27d1e1e2170d683a:SESSION-27d1e1e2170d683a	SESSION-27d1e1e2170d683a → pe:tls:SESSION-27d1e1e2170d683a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.214:geo_-23.62930_-46.63510	host:131.196.30.214 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-99de4fcd637901fc:SESSION-99de4fcd637901fc	SESSION-99de4fcd637901fc → pe:tls:SESSION-99de4fcd637901fc
FLOW_DST_PORTOBS	e:fp:flow:2f3e5c1f74a5:port:tcp:11176	flow:2f3e5c1f74a5 → port:tcp:11176
flow_observed5-aryOBS	e:fo:flow:ea6a04b7906c	flow:ea6a04b7906c → host:177.10.234.173 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94dde62df04dcb4a:host:172.234.197.23	SESSION-94dde62df04dcb4a → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:0fd1643ef09f	flow:0fd1643ef09f → host:172.234.197.23 → host:45.173.156.124 → port:tcp:44409
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-112ed66aeea7c1e0:SESSION-112ed66aeea7c1e0	SESSION-112ed66aeea7c1e0 → pe:tls:SESSION-112ed66aeea7c1e0
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.45:asn:203771	host:31.40.196.45 → asn:203771
FLOW_FROM_HOSTOBS	e:from:SESSION-9c30e2da5c8abbcf:host:172.234.197.23	SESSION-9c30e2da5c8abbcf → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.41:asn:273470	host:45.173.156.41 → asn:273470
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.60:asn:271410	host:131.196.30.60 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-a1d147c13acfa404:host:172.234.197.23	SESSION-a1d147c13acfa404 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4defafdd27769097:SESSION-4defafdd27769097	SESSION-4defafdd27769097 → pe:syn:SESSION-4defafdd27769097
FLOW_DST_PORTOBS	e:fp:flow:8c5e40504e89:port:tcp:443	flow:8c5e40504e89 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e4f9227bbb6fbbfc:host:172.234.197.23	SESSION-e4f9227bbb6fbbfc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c5519b0e5712e1e:host:177.10.236.62	SESSION-1c5519b0e5712e1e → host:177.10.236.62
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b96d3d249635b605:host:172.234.197.23	SESSION-b96d3d249635b605 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:61e75f6e333e	flow:61e75f6e333e → host:57.128.95.174 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2875d034c942a134:SESSION-2875d034c942a134	SESSION-2875d034c942a134 → pe:tls:SESSION-2875d034c942a134
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7a65c242582e5e81:host:177.10.235.233	SESSION-7a65c242582e5e81 → host:177.10.235.233
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c2b6fa392d99e4e2:SESSION-c2b6fa392d99e4e2	SESSION-c2b6fa392d99e4e2 → pe:syn:SESSION-c2b6fa392d99e4e2
FLOW_FROM_HOSTOBS	e:from:SESSION-2ae53b938ea3675b:host:177.10.234.173	SESSION-2ae53b938ea3675b → host:177.10.234.173
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e280ba6e8e483a35:host:177.10.238.152:host:172.234.197.23	SESSION-e280ba6e8e483a35 → host:177.10.238.152 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3cd6c8dc824ee14d:PCAP:capture_20260430060001:919b39a74464	SESSION-3cd6c8dc824ee14d → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c5ed9f49ee99549f:SESSION-c5ed9f49ee99549f	SESSION-c5ed9f49ee99549f → pe:syn:SESSION-c5ed9f49ee99549f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51e02a163c57adb5:host:172.234.197.23	SESSION-51e02a163c57adb5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a4651c2a8eec0e6f:host:172.234.197.23	SESSION-a4651c2a8eec0e6f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5bb0fb568e127c0:host:177.10.238.102	SESSION-f5bb0fb568e127c0 → host:177.10.238.102
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.177:asn:262880	host:177.10.239.177 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.217:geo_-21.10010_-41.69200	host:45.173.156.217 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:c704f1ae0c68:port:tcp:443	flow:c704f1ae0c68 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:12dede9deba0:port:tcp:443	flow:12dede9deba0 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44aa905e757bc471:host:172.234.197.23	SESSION-44aa905e757bc471 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0a770693a19c2c7c:host:172.234.197.23	SESSION-0a770693a19c2c7c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b3a17f957b1f0153:host:172.234.197.23	SESSION-b3a17f957b1f0153 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8a604218ad277317:SESSION-8a604218ad277317	SESSION-8a604218ad277317 → pe:syn:SESSION-8a604218ad277317
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9963b3b3d702eb6e:host:172.234.197.23	SESSION-9963b3b3d702eb6e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e17435638a41ed24:SESSION-e17435638a41ed24	SESSION-e17435638a41ed24 → pe:syn:SESSION-e17435638a41ed24
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c9d4e1b0711d4507:SESSION-c9d4e1b0711d4507	SESSION-c9d4e1b0711d4507 → pe:tls:SESSION-c9d4e1b0711d4507
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-afa0e3a30bb0024e:SESSION-afa0e3a30bb0024e	SESSION-afa0e3a30bb0024e → pe:syn:SESSION-afa0e3a30bb0024e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a2000a0c75221682:SESSION-a2000a0c75221682	SESSION-a2000a0c75221682 → pe:syn:SESSION-a2000a0c75221682
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08a40451c9cdc962:host:172.3.50.214	SESSION-08a40451c9cdc962 → host:172.3.50.214
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8d5fc6f7b2bd264:flow:09d75a5531b0	SESSION-c8d5fc6f7b2bd264 → flow:09d75a5531b0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-99ffd8e203ea7715:SESSION-99ffd8e203ea7715	SESSION-99ffd8e203ea7715 → pe:tls:SESSION-99ffd8e203ea7715
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7b4f4901fb8368e3:SESSION-7b4f4901fb8368e3	SESSION-7b4f4901fb8368e3 → pe:tls:SESSION-7b4f4901fb8368e3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-985c12f522f7e9ff:host:172.234.197.23	SESSION-985c12f522f7e9ff → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:35f22b918404:port:tcp:443	flow:35f22b918404 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:f7227496e47f	flow:f7227496e47f → host:172.234.197.23 → host:131.196.31.217 → port:tcp:62365
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ef3ba231e3ca4d6:host:31.40.196.199	SESSION-4ef3ba231e3ca4d6 → host:31.40.196.199
FLOW_TO_HOSTOBS	e:to:SESSION-d60c66268e099206:host:177.10.237.80	SESSION-d60c66268e099206 → host:177.10.237.80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6af89b3798eaaf52:flow:9a9c7e2c78e9	SESSION-6af89b3798eaaf52 → flow:9a9c7e2c78e9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-45f8302f1d804897:host:172.234.197.23	SESSION-45f8302f1d804897 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a519ad2ae4c53179:host:172.234.197.23	SESSION-a519ad2ae4c53179 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f3b2b5737f36d7ec:flow:abef35df2d70	SESSION-f3b2b5737f36d7ec → flow:abef35df2d70
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85419ca5854a5f9c:flow:49a2db9fef59	SESSION-85419ca5854a5f9c → flow:49a2db9fef59
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf6bfb4b9f17f41e:host:131.196.31.195:host:172.234.197.23	SESSION-bf6bfb4b9f17f41e → host:131.196.31.195 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fc01b506a83e5847:host:131.196.31.47:host:172.234.197.23	SESSION-fc01b506a83e5847 → host:131.196.31.47 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dd58ba429e3d894b:flow:11405b7410bd	SESSION-dd58ba429e3d894b → flow:11405b7410bd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-200a4f7a7e5b3996:PCAP:capture_20260430060001:919b39a74464	SESSION-200a4f7a7e5b3996 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9ab980d26fa84a5e:flow:f269f8c627cd	SESSION-9ab980d26fa84a5e → flow:f269f8c627cd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-71cc4f2ac3d57c32:host:172.234.197.23	SESSION-71cc4f2ac3d57c32 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6cfabb521c7f73a1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6cfabb521c7f73a1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-b7312728f8a99afb:host:177.10.236.218	SESSION-b7312728f8a99afb → host:177.10.236.218
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-359d98e6d1200746:flow:56b16aab94d2	SESSION-359d98e6d1200746 → flow:56b16aab94d2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cdcb5008ac7e3b15:SESSION-cdcb5008ac7e3b15	SESSION-cdcb5008ac7e3b15 → pe:tls:SESSION-cdcb5008ac7e3b15
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8362a96ce0b7626:host:37.221.79.86	SESSION-f8362a96ce0b7626 → host:37.221.79.86
FLOW_DST_PORTOBS	e:fp:flow:577fe2c1120d:port:tcp:443	flow:577fe2c1120d → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.15:geo_-23.62930_-46.63510	host:131.196.28.15 → geo_-23.62930_-46.63510
flow_observed5-aryOBS	e:fo:flow:0807ce4d27d1	flow:0807ce4d27d1 → host:177.10.232.59 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ddc324b0d6a8eb6:host:131.196.29.203:host:172.234.197.23	SESSION-1ddc324b0d6a8eb6 → host:131.196.29.203 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8366f626d6b88fcf:SESSION-8366f626d6b88fcf	SESSION-8366f626d6b88fcf → pe:tls:SESSION-8366f626d6b88fcf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c9c8bcacffc7072b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c9c8bcacffc7072b → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3a44f67a1174447:host:95.170.25.97	SESSION-a3a44f67a1174447 → host:95.170.25.97
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e4e6682786f65470:SESSION-e4e6682786f65470	SESSION-e4e6682786f65470 → pe:tls:SESSION-e4e6682786f65470
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-88c19910e1cb1242:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-88c19910e1cb1242 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:ff8f00a5616f:port:tcp:443	flow:ff8f00a5616f → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-1d45ffa0c695899f:host:172.234.197.23	SESSION-1d45ffa0c695899f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc060cc400f18b5d:host:131.196.31.133	SESSION-cc060cc400f18b5d → host:131.196.31.133
flow_observed5-aryOBS	e:fo:flow:4e6607c4638e	flow:4e6607c4638e → host:177.10.233.53 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0c4b638117ccca22:SESSION-0c4b638117ccca22	SESSION-0c4b638117ccca22 → pe:syn:SESSION-0c4b638117ccca22
FLOW_TO_HOSTOBS	e:to:SESSION-c6936c129ef58e74:host:172.234.197.23	SESSION-c6936c129ef58e74 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-88ff33eaa18cf09d:SESSION-88ff33eaa18cf09d	SESSION-88ff33eaa18cf09d → pe:tls:SESSION-88ff33eaa18cf09d
FLOW_TO_HOSTOBS	e:to:SESSION-5626602f012a6e70:host:177.10.236.230	SESSION-5626602f012a6e70 → host:177.10.236.230
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4370d06debc0fcec:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-4370d06debc0fcec → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-30f00b6e6078f800:SESSION-30f00b6e6078f800	SESSION-30f00b6e6078f800 → pe:tls:SESSION-30f00b6e6078f800
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e12e5221262ce88f:host:2.57.122.192	SESSION-e12e5221262ce88f → host:2.57.122.192
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-98d504bd384337f5:SESSION-98d504bd384337f5	SESSION-98d504bd384337f5 → pe:syn:SESSION-98d504bd384337f5
FLOW_FROM_HOSTOBS	e:from:SESSION-7aa70a6d3547ceb7:host:172.234.197.23	SESSION-7aa70a6d3547ceb7 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:1604b7d7ac07	flow:1604b7d7ac07 → host:172.234.197.23 → host:131.196.30.176 → port:tcp:28756
FLOW_FROM_HOSTOBS	e:from:SESSION-c85a65cf2db0ee65:host:177.10.233.52	SESSION-c85a65cf2db0ee65 → host:177.10.233.52
flow_observed4-aryOBS	e:fo:flow:f4e1ee04b48d	flow:f4e1ee04b48d → host:172.234.197.23 → host:177.10.233.121 → port:tcp:37130
FLOW_TO_HOSTOBS	e:to:SESSION-8982cb545b77cb1a:host:172.234.197.23	SESSION-8982cb545b77cb1a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cf7009921f0152ab:SESSION-cf7009921f0152ab	SESSION-cf7009921f0152ab → pe:syn:SESSION-cf7009921f0152ab
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1984f51487784d02:host:172.234.197.23:host:177.10.235.193	SESSION-1984f51487784d02 → host:172.234.197.23 → host:177.10.235.193
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4354e5bc798bd13a:SESSION-4354e5bc798bd13a	SESSION-4354e5bc798bd13a → pe:tls:SESSION-4354e5bc798bd13a
flow_observed4-aryOBS	e:fo:flow:ebb0075612c2	flow:ebb0075612c2 → host:34.140.18.6 → host:172.234.197.23 → port:tcp:23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-52e5c47434ed6c74:SESSION-52e5c47434ed6c74	SESSION-52e5c47434ed6c74 → pe:tls:SESSION-52e5c47434ed6c74
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7c96791011a0f6f2:flow:1f4f772c7607	SESSION-7c96791011a0f6f2 → flow:1f4f772c7607
FLOW_FROM_HOSTOBS	e:from:SESSION-b32f5a9266c1045d:host:177.10.238.238	SESSION-b32f5a9266c1045d → host:177.10.238.238
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-352a47a3f8b3882e:SESSION-352a47a3f8b3882e	SESSION-352a47a3f8b3882e → pe:syn:SESSION-352a47a3f8b3882e
flow_observed4-aryOBS	e:fo:flow:08b00cb520f1	flow:08b00cb520f1 → host:172.234.197.23 → host:131.196.30.55 → port:tcp:54254
FLOW_TO_HOSTOBS	e:to:SESSION-734d97fdd69356a6:host:131.196.28.162	SESSION-734d97fdd69356a6 → host:131.196.28.162
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-41b71c4a2ccc13b3:flow:5a19d89647bf	SESSION-41b71c4a2ccc13b3 → flow:5a19d89647bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75d8d9da58d6d51c:host:177.10.238.64	SESSION-75d8d9da58d6d51c → host:177.10.238.64
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.36:asn:271410	host:131.196.30.36 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.149:geo_-16.28860_-49.01640	host:177.10.232.149 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f21aae4e1b352568:host:172.234.197.23	SESSION-f21aae4e1b352568 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c9c0456097f35e54:host:172.234.197.23	SESSION-c9c0456097f35e54 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.175:geo_-23.62930_-46.63510	host:131.196.29.175 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-2d407d786bd09817:host:172.234.197.23	SESSION-2d407d786bd09817 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:72cbbda16d03:port:tcp:443	flow:72cbbda16d03 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:f094c0b9e79e:port:tcp:48800	flow:f094c0b9e79e → port:tcp:48800
FLOW_DST_PORTOBS	e:fp:flow:f04fde117157:port:tcp:443	flow:f04fde117157 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f5731b0b8f40f73a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f5731b0b8f40f73a → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:199.16.157.181:asn:13414	host:199.16.157.181 → asn:13414
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-80f99961f353c40e:flow:a0e4099057e0	SESSION-80f99961f353c40e → flow:a0e4099057e0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-57092e6ea3a8c881:PCAP:capture_20260430050001:8868731bf8a4	SESSION-57092e6ea3a8c881 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-79574872517ba47f:host:172.234.197.23	SESSION-79574872517ba47f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:daa25e0a33bc	flow:daa25e0a33bc → host:177.10.235.126 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-87edcc7df5436fbe:PCAP:capture_20260430150001:ded20914761d	SESSION-87edcc7df5436fbe → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-23264de44b7cb73c:host:172.234.197.23	SESSION-23264de44b7cb73c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.233:asn:262880	host:177.10.232.233 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7c506d9600407809:SESSION-7c506d9600407809	SESSION-7c506d9600407809 → pe:tls:SESSION-7c506d9600407809
FLOW_FROM_HOSTOBS	e:from:SESSION-3bb818ce2b02135d:host:131.196.28.219	SESSION-3bb818ce2b02135d → host:131.196.28.219
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b47539014cc5976c:host:44.243.2.252	SESSION-b47539014cc5976c → host:44.243.2.252
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.12:geo_-16.28860_-49.01640	host:177.10.236.12 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3e5a346c4f0315a5:flow:99877575f993	SESSION-3e5a346c4f0315a5 → flow:99877575f993
FLOW_TO_HOSTOBS	e:to:SESSION-625fc1856b5bb87f:host:172.234.197.23	SESSION-625fc1856b5bb87f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:103321f9936d:port:tcp:443	flow:103321f9936d → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-55ac8b9837cbe539:host:131.196.29.75:host:172.234.197.23	SESSION-55ac8b9837cbe539 → host:131.196.29.75 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.243:asn:262880	host:177.10.237.243 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-b9d47d1bafad5ad0:host:177.10.237.47	SESSION-b9d47d1bafad5ad0 → host:177.10.237.47
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e632e9ec3b8d735c:host:172.234.197.23	SESSION-e632e9ec3b8d735c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4bd79e02a6b67038:host:172.234.197.23	SESSION-4bd79e02a6b67038 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8fb67bf931083b29:host:172.234.197.23	SESSION-8fb67bf931083b29 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d53672361f048e5:host:177.10.239.153	SESSION-2d53672361f048e5 → host:177.10.239.153
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6afafa975f8bbed9:SESSION-6afafa975f8bbed9	SESSION-6afafa975f8bbed9 → pe:tls:SESSION-6afafa975f8bbed9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0ce4962ca3a156ee:host:177.10.237.12:host:172.234.197.23	SESSION-0ce4962ca3a156ee → host:177.10.237.12 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c47d04961700459f:host:177.10.232.193	SESSION-c47d04961700459f → host:177.10.232.193
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-97344bc6f8ca22f4:host:131.196.30.103:host:172.234.197.23	SESSION-97344bc6f8ca22f4 → host:131.196.30.103 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d6ddb3deb8cc2873:host:177.10.235.214:host:172.234.197.23	SESSION-d6ddb3deb8cc2873 → host:177.10.235.214 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7e2a96a3225ff388:host:2.57.122.196	SESSION-7e2a96a3225ff388 → host:2.57.122.196
FLOW_FROM_HOSTOBS	e:from:SESSION-3bc3682173c4cf6b:host:177.10.234.130	SESSION-3bc3682173c4cf6b → host:177.10.234.130
FLOW_TO_HOSTOBS	e:to:SESSION-ffc31ee499a3f223:host:172.234.197.23	SESSION-ffc31ee499a3f223 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-efb63adb0418d7f8:BSG-BEACON-f7f4304ec72f	SESSION-efb63adb0418d7f8 → BSG-BEACON-f7f4304ec72f
FLOW_DST_PORTOBS	e:fp:flow:87d7f7a0051b:port:tcp:443	flow:87d7f7a0051b → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:a093af4fd9ab	flow:a093af4fd9ab → host:177.10.233.97 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-b4dc175dd74a3b00:BSG-DATA_EXFIL-3b025b84c8ad	SESSION-b4dc175dd74a3b00 → BSG-DATA_EXFIL-3b025b84c8ad
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.187:asn:262880	host:177.10.236.187 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.31:geo_41.00190_28.96450	host:95.170.25.31 → geo_41.00190_28.96450
FLOW_TO_HOSTOBS	e:to:SESSION-d4af1d7a3219c207:host:177.10.239.28	SESSION-d4af1d7a3219c207 → host:177.10.239.28
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20c169d44973b1e9:host:177.10.237.129	SESSION-20c169d44973b1e9 → host:177.10.237.129
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-911659ba7d4041d9:PCAP:capture_20260430060001:919b39a74464	SESSION-911659ba7d4041d9 → PCAP:capture_20260430060001:919b39a74464
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.96:geo_-16.28860_-49.01640	host:177.10.234.96 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c47d04961700459f:host:177.10.232.193:host:172.234.197.23	SESSION-c47d04961700459f → host:177.10.232.193 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.85:geo_-16.28860_-49.01640	host:177.10.235.85 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6bdcd515a2308bd:host:172.234.197.23	SESSION-d6bdcd515a2308bd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-85f6b1896204af93:SESSION-85f6b1896204af93	SESSION-85f6b1896204af93 → pe:tls:SESSION-85f6b1896204af93
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1739bca4a014ab7e:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-1739bca4a014ab7e → PCAP:capture_20260427230001:ca8bd1ce36e2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f21759fa00584782:host:177.10.237.227:host:172.234.197.23	SESSION-f21759fa00584782 → host:177.10.237.227 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-314a3839bafadb97:host:177.10.237.157	SESSION-314a3839bafadb97 → host:177.10.237.157
FLOW_FROM_HOSTOBS	e:from:SESSION-9f05806c7fdedb94:host:177.10.237.46	SESSION-9f05806c7fdedb94 → host:177.10.237.46
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.137:geo_-23.62930_-46.63510	host:131.196.31.137 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5664e67ab454dc8:host:172.234.197.23	SESSION-c5664e67ab454dc8 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-042b5a6edf64c734:host:172.234.197.23	SESSION-042b5a6edf64c734 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1745753d6a990e0e:host:172.234.197.23	SESSION-1745753d6a990e0e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7d70f7a84199:port:tcp:443	flow:7d70f7a84199 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3762cafcd0c66be2:flow:124cc7b94ae6	SESSION-3762cafcd0c66be2 → flow:124cc7b94ae6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-02163c9e3a8cc49d:flow:2f7ff643ec0e	SESSION-02163c9e3a8cc49d → flow:2f7ff643ec0e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-003677474853cb22:SESSION-003677474853cb22	SESSION-003677474853cb22 → pe:tls:SESSION-003677474853cb22
FLOW_TO_HOSTOBS	e:to:SESSION-db5e0e0456a4bec1:host:177.10.236.72	SESSION-db5e0e0456a4bec1 → host:177.10.236.72
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-288ea97e67f438e3:SESSION-288ea97e67f438e3	SESSION-288ea97e67f438e3 → pe:tls:SESSION-288ea97e67f438e3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b78ee328a5f7ceab:host:172.234.197.23	SESSION-b78ee328a5f7ceab → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8431b5fa38a73955:host:172.234.197.23	SESSION-8431b5fa38a73955 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7e2a96a3225ff388:host:172.234.197.23	SESSION-7e2a96a3225ff388 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5f416b1590e3cca4:host:172.234.197.23	SESSION-5f416b1590e3cca4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:60fb94c5157b:port:tcp:443	flow:60fb94c5157b → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:7f8de5150284	flow:7f8de5150284 → host:177.10.239.26 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6315d280130065c8:host:172.234.197.23	SESSION-6315d280130065c8 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-e5a933b86812e122:BSG-BEACON-c94af3055994	SESSION-e5a933b86812e122 → BSG-BEACON-c94af3055994
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3c282c87f3b4a743:flow:b5770b374496	SESSION-3c282c87f3b4a743 → flow:b5770b374496
FLOW_DST_PORTOBS	e:fp:flow:3d371f84b45c:port:tcp:51462	flow:3d371f84b45c → port:tcp:51462
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.56:asn:262880	host:177.10.235.56 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a3df3a26ac38d69:host:177.10.238.227:host:172.234.197.23	SESSION-4a3df3a26ac38d69 → host:177.10.238.227 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c130f2091984b84c:host:172.234.197.23:host:45.173.156.210	SESSION-c130f2091984b84c → host:172.234.197.23 → host:45.173.156.210
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.39:geo_-16.28860_-49.01640	host:177.10.239.39 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.64:geo_-16.28860_-49.01640	host:177.10.235.64 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-b6d027087dbd516e:host:177.10.236.154	SESSION-b6d027087dbd516e → host:177.10.236.154
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4289737814dbd64:host:177.10.239.150	SESSION-c4289737814dbd64 → host:177.10.239.150
FLOW_FROM_HOSTOBS	e:from:SESSION-8d11cc9a154a777c:host:172.234.197.23	SESSION-8d11cc9a154a777c → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:0a5c641a04b7	flow:0a5c641a04b7 → host:172.234.197.23 → host:45.173.156.44 → port:tcp:61134
FLOW_DST_PORTOBS	e:fp:flow:9d864593c28e:port:tcp:443	flow:9d864593c28e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f838b992fed206a8:SESSION-f838b992fed206a8	SESSION-f838b992fed206a8 → pe:syn:SESSION-f838b992fed206a8
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-350febc37b3f152d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-350febc37b3f152d → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:302bedee3e70:port:tcp:443	flow:302bedee3e70 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9e540dbaefa45433:SESSION-9e540dbaefa45433	SESSION-9e540dbaefa45433 → pe:syn:SESSION-9e540dbaefa45433
FLOW_TO_HOSTOBS	e:to:SESSION-8d587dd5c581936e:host:131.196.28.16	SESSION-8d587dd5c581936e → host:131.196.28.16
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.178:asn:262880	host:177.10.235.178 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0df43d2721e666e:flow:91f1c0546e64	SESSION-c0df43d2721e666e → flow:91f1c0546e64
flow_observed4-aryOBS	e:fo:flow:8503bab0a6df	flow:8503bab0a6df → host:172.234.197.23 → host:45.173.156.207 → port:tcp:56510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a82c7f51b8bc2f4f:SESSION-a82c7f51b8bc2f4f	SESSION-a82c7f51b8bc2f4f → pe:syn:SESSION-a82c7f51b8bc2f4f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eaed9d07c71d3d80:PCAP:capture_20260430060001:919b39a74464	SESSION-eaed9d07c71d3d80 → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.192:asn:262880	host:177.10.233.192 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a1d16880e0846180:PCAP:capture_20260430150001:ded20914761d	SESSION-a1d16880e0846180 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-2969d43ba10a409c:host:172.234.197.23	SESSION-2969d43ba10a409c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-97537ed6358a20d5:SESSION-97537ed6358a20d5	SESSION-97537ed6358a20d5 → pe:rst:SESSION-97537ed6358a20d5
FLOW_DST_PORTOBS	e:fp:flow:a0fae993b285:port:tcp:443	flow:a0fae993b285 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-eaf7cd3e5a2b7709:host:177.10.237.108	SESSION-eaf7cd3e5a2b7709 → host:177.10.237.108
FLOW_DST_PORTOBS	e:fp:flow:71c66bc2bd72:port:tcp:443	flow:71c66bc2bd72 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-658ca3f75d8ef503:host:177.10.238.102	SESSION-658ca3f75d8ef503 → host:177.10.238.102
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2ee36310db765ff6:SESSION-2ee36310db765ff6	SESSION-2ee36310db765ff6 → pe:syn:SESSION-2ee36310db765ff6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5eab3f22e87eb3f:host:45.173.156.147	SESSION-e5eab3f22e87eb3f → host:45.173.156.147
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-528b3497658f46ec:host:45.173.156.116	SESSION-528b3497658f46ec → host:45.173.156.116
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-88c7e3106e33eb03:SESSION-88c7e3106e33eb03	SESSION-88c7e3106e33eb03 → pe:tls:SESSION-88c7e3106e33eb03
FLOW_TO_HOSTOBS	e:to:SESSION-065b3042ded53057:host:177.10.232.247	SESSION-065b3042ded53057 → host:177.10.232.247
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9726c360f8e7f49c:host:177.10.236.102:host:172.234.197.23	SESSION-9726c360f8e7f49c → host:177.10.236.102 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2d407d786bd09817:flow:d1b35c5e32e7	SESSION-2d407d786bd09817 → flow:d1b35c5e32e7
FLOW_TO_HOSTOBS	e:to:SESSION-783928d3af0eed6e:host:172.234.197.23	SESSION-783928d3af0eed6e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f0cdd1d919af3f4a:SESSION-f0cdd1d919af3f4a	SESSION-f0cdd1d919af3f4a → pe:tls:SESSION-f0cdd1d919af3f4a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df4b466e6cf802c5:host:177.10.233.252	SESSION-df4b466e6cf802c5 → host:177.10.233.252
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9729058a0ea02937:SESSION-9729058a0ea02937	SESSION-9729058a0ea02937 → pe:syn:SESSION-9729058a0ea02937
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.238:geo_-16.28860_-49.01640	host:177.10.237.238 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-3cc71da406a2797a:host:45.145.152.188	SESSION-3cc71da406a2797a → host:45.145.152.188
FLOW_FROM_HOSTOBS	e:from:SESSION-99ffd8e203ea7715:host:131.196.29.232	SESSION-99ffd8e203ea7715 → host:131.196.29.232
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-dbacd0066146a93a:SESSION-dbacd0066146a93a	SESSION-dbacd0066146a93a → pe:tls:SESSION-dbacd0066146a93a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-76b86119fe5d0a6f:host:131.196.30.167:host:172.234.197.23	SESSION-76b86119fe5d0a6f → host:131.196.30.167 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bf36cee0aa989ce3:host:172.234.197.23	SESSION-bf36cee0aa989ce3 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-256da911109eccd4:host:177.10.235.122	SESSION-256da911109eccd4 → host:177.10.235.122
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-175dd6ba51fb3cf7:host:131.196.30.70:host:172.234.197.23	SESSION-175dd6ba51fb3cf7 → host:131.196.30.70 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d54bd183a716274c:SESSION-d54bd183a716274c	SESSION-d54bd183a716274c → pe:syn:SESSION-d54bd183a716274c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-84a1a640eb0d0e14:host:131.196.31.1:host:172.234.197.23	SESSION-84a1a640eb0d0e14 → host:131.196.31.1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.83:geo_-23.62930_-46.63510	host:131.196.31.83 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-2df5a0c07309bf07:host:177.10.232.155	SESSION-2df5a0c07309bf07 → host:177.10.232.155
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-723b8399a0bced6b:host:172.234.197.23:host:177.10.236.198	SESSION-723b8399a0bced6b → host:172.234.197.23 → host:177.10.236.198
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.212:asn:262880	host:177.10.235.212 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-39cfa534eb7ca418:host:172.234.197.23:host:177.10.234.76	SESSION-39cfa534eb7ca418 → host:172.234.197.23 → host:177.10.234.76
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7eb43af6b38a5d78:flow:ff9a6ac9c657	SESSION-7eb43af6b38a5d78 → flow:ff9a6ac9c657
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3fa65fdb17829700:PCAP:capture_20260430060001:919b39a74464	SESSION-3fa65fdb17829700 → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-46cfffaa3fdb7f1d:flow:a1c10d36ceb1	SESSION-46cfffaa3fdb7f1d → flow:a1c10d36ceb1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3f486f528dd93473:SESSION-3f486f528dd93473	SESSION-3f486f528dd93473 → pe:tls:SESSION-3f486f528dd93473
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.170:asn:262880	host:177.10.236.170 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2c18145c92d838e0:SESSION-2c18145c92d838e0	SESSION-2c18145c92d838e0 → pe:syn:SESSION-2c18145c92d838e0
FLOW_FROM_HOSTOBS	e:from:SESSION-e26c73b3a0fde5e3:host:131.196.29.53	SESSION-e26c73b3a0fde5e3 → host:131.196.29.53
FLOW_TO_HOSTOBS	e:to:SESSION-cd8dbb599c016751:host:172.234.197.23	SESSION-cd8dbb599c016751 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c98ee522a60a5600:host:177.10.236.6	SESSION-c98ee522a60a5600 → host:177.10.236.6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9494583da7ce1d88:SESSION-9494583da7ce1d88	SESSION-9494583da7ce1d88 → pe:syn:SESSION-9494583da7ce1d88
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2842c4c08e29d7d7:host:37.221.79.41	SESSION-2842c4c08e29d7d7 → host:37.221.79.41
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-255149252f7b9c37:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-255149252f7b9c37 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e626c78b08de0a8b:host:177.10.232.2	SESSION-e626c78b08de0a8b → host:177.10.232.2
FLOW_DST_PORTOBS	e:fp:flow:2eb51dafeff3:port:tcp:22	flow:2eb51dafeff3 → port:tcp:22
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-a9042bd9c6a81d17:BSG-BEACON-def22c405546	SESSION-a9042bd9c6a81d17 → BSG-BEACON-def22c405546
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57d2db6c2c177c2e:host:172.234.197.23	SESSION-57d2db6c2c177c2e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4eeddeaeae099136:host:172.234.197.23	SESSION-4eeddeaeae099136 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b0cba2347786f28d:SESSION-b0cba2347786f28d	SESSION-b0cba2347786f28d → pe:syn:SESSION-b0cba2347786f28d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4992d20c4573840:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-d4992d20c4573840 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aaf7ce37564a0317:host:131.196.30.201:host:172.234.197.23	SESSION-aaf7ce37564a0317 → host:131.196.30.201 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8104be0e9171978:host:172.234.197.23	SESSION-e8104be0e9171978 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:97.139.12.85:geo_29.81190_-95.52070	host:97.139.12.85 → geo_29.81190_-95.52070
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f57ffeba62df89fa:host:131.196.28.10	SESSION-f57ffeba62df89fa → host:131.196.28.10
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8a77e99309dd6e28:SESSION-8a77e99309dd6e28	SESSION-8a77e99309dd6e28 → pe:tls:SESSION-8a77e99309dd6e28
FLOW_FROM_HOSTOBS	e:from:SESSION-d79f2acd73027b39:host:177.10.238.57	SESSION-d79f2acd73027b39 → host:177.10.238.57
flow_observed4-aryOBS	e:fo:flow:bf4ff6240dc2	flow:bf4ff6240dc2 → host:172.234.197.23 → host:177.10.235.61 → port:tcp:64352
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-85714bf39e95506c:flow:5f92616743cb	SESSION-85714bf39e95506c → flow:5f92616743cb
flow_observed5-aryOBS	e:fo:flow:13693a6fdfdc	flow:13693a6fdfdc → host:177.10.232.254 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85714bf39e95506c:host:213.209.159.159	SESSION-85714bf39e95506c → host:213.209.159.159
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b60cd26b4cd717ea:host:172.234.197.23	SESSION-b60cd26b4cd717ea → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd657e34d2536dc9:host:177.10.233.77	SESSION-bd657e34d2536dc9 → host:177.10.233.77
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-521d3d94be94008e:SESSION-521d3d94be94008e	SESSION-521d3d94be94008e → pe:syn:SESSION-521d3d94be94008e
FLOW_DST_PORTOBS	e:fp:flow:b20e48464cae:port:tcp:443	flow:b20e48464cae → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-805fb07d7b5cb44b:host:172.234.197.23	SESSION-805fb07d7b5cb44b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c430ce1d88348c67:SESSION-c430ce1d88348c67	SESSION-c430ce1d88348c67 → pe:syn:SESSION-c430ce1d88348c67
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-166e94983783f266:flow:9150fc122a60	SESSION-166e94983783f266 → flow:9150fc122a60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-734d97fdd69356a6:host:131.196.28.162	SESSION-734d97fdd69356a6 → host:131.196.28.162
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3c17e2540d05f4c2:flow:2efd98f3e78d	SESSION-3c17e2540d05f4c2 → flow:2efd98f3e78d
FLOW_TO_HOSTOBS	e:to:SESSION-a2add8aa10ab84ed:host:172.234.197.23	SESSION-a2add8aa10ab84ed → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-affea3171060a6d3:flow:c31400c1dc74	SESSION-affea3171060a6d3 → flow:c31400c1dc74
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1a633dafddc79f1:host:172.234.197.23	SESSION-c1a633dafddc79f1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-21640db65210a47d:SESSION-21640db65210a47d	SESSION-21640db65210a47d → pe:tls:SESSION-21640db65210a47d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9354322f5192915a:host:80.94.92.182	SESSION-9354322f5192915a → host:80.94.92.182
FLOW_TO_HOSTOBS	e:to:SESSION-aa658fe130f71ff5:host:131.196.30.253	SESSION-aa658fe130f71ff5 → host:131.196.30.253
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f9e3e5dcd2ccb687:flow:a1775d39c56b	SESSION-f9e3e5dcd2ccb687 → flow:a1775d39c56b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1bc39f4f18cf27f2:host:172.234.197.23	SESSION-1bc39f4f18cf27f2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d098d799c39976fd:host:131.196.31.45	SESSION-d098d799c39976fd → host:131.196.31.45
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9cd8abbfdfb95d18:SESSION-9cd8abbfdfb95d18	SESSION-9cd8abbfdfb95d18 → pe:tls:SESSION-9cd8abbfdfb95d18
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0d11915f1f4e9ef9:host:172.234.197.23	SESSION-0d11915f1f4e9ef9 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e40cfbe40dbbe2d2:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e40cfbe40dbbe2d2 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d45ffa0c695899f:host:172.234.197.23	SESSION-1d45ffa0c695899f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9ca610a28dc3:port:tcp:49382	flow:9ca610a28dc3 → port:tcp:49382
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5e08e3213e2e0e28:flow:defe2d99c9e5	SESSION-5e08e3213e2e0e28 → flow:defe2d99c9e5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67b1c0091ebc1322:host:172.234.197.23	SESSION-67b1c0091ebc1322 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-61e3533744fe7104:PCAP:capture_20260430090001:065659c7d314	SESSION-61e3533744fe7104 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7549effe520d0229:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-7549effe520d0229 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-a5c85963c9f133e2:host:45.173.156.247	SESSION-a5c85963c9f133e2 → host:45.173.156.247
FLOW_DST_PORTOBS	e:fp:flow:87fdc9f515c4:port:tcp:443	flow:87fdc9f515c4 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31f4941ab57ed47b:host:172.234.197.23	SESSION-31f4941ab57ed47b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-07675572faa18905:SESSION-07675572faa18905	SESSION-07675572faa18905 → pe:syn:SESSION-07675572faa18905
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e00c0cf74d0af603:flow:b4e8fe474765	SESSION-e00c0cf74d0af603 → flow:b4e8fe474765
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-57e30ec2e308e552:flow:0e4af0a65cfa	SESSION-57e30ec2e308e552 → flow:0e4af0a65cfa
flow_observed5-aryOBS	e:fo:flow:b1e49cd1beb0	flow:b1e49cd1beb0 → host:177.10.238.59 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:855d52d5b16c:port:tcp:443	flow:855d52d5b16c → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-7391507b773a5722:host:131.196.31.92	SESSION-7391507b773a5722 → host:131.196.31.92
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-312ea7073c45e21c:host:92.112.71.33	SESSION-312ea7073c45e21c → host:92.112.71.33
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-19f74a6b62d527a5:flow:4b4999df1225	SESSION-19f74a6b62d527a5 → flow:4b4999df1225
FLOW_FROM_HOSTOBS	e:from:SESSION-15ce8c1431c2e2c7:host:177.10.239.139	SESSION-15ce8c1431c2e2c7 → host:177.10.239.139
HOST_IN_ASNOBS 85%	e:ha:host:5.75.182.251:asn:24940	host:5.75.182.251 → asn:24940
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4cf4d7f5409c1837:host:44.246.129.80	SESSION-4cf4d7f5409c1837 → host:44.246.129.80
FLOW_TO_HOSTOBS	e:to:SESSION-27b5dd82e2b65bbd:host:172.234.197.23	SESSION-27b5dd82e2b65bbd → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9ad548b3b589:port:tcp:443	flow:9ad548b3b589 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.112.71.68:geo_41.00190_28.96450	host:92.112.71.68 → geo_41.00190_28.96450
FLOW_TO_HOSTOBS	e:to:SESSION-3d6a52e82bb8db7f:host:131.196.31.69	SESSION-3d6a52e82bb8db7f → host:131.196.31.69
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f78283937123fd5:host:172.234.197.23	SESSION-1f78283937123fd5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0b2db5b5e20e8c4e:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-0b2db5b5e20e8c4e → PCAP:capture_20260427220001:43a3d6220bc6
FLOW_FROM_HOSTOBS	e:from:SESSION-5b7f4612f7527a5d:host:177.10.238.10	SESSION-5b7f4612f7527a5d → host:177.10.238.10
FLOW_TO_HOSTOBS	e:to:SESSION-ec2cd7bdebda0247:host:172.234.197.23	SESSION-ec2cd7bdebda0247 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3767fab91283496e:SESSION-3767fab91283496e	SESSION-3767fab91283496e → pe:syn:SESSION-3767fab91283496e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51de65c9ef505a13:host:172.234.197.23	SESSION-51de65c9ef505a13 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:16e5cb83f132:port:tcp:443	flow:16e5cb83f132 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a148e202465c0b29:host:131.196.30.22	SESSION-a148e202465c0b29 → host:131.196.30.22
flow_observed4-aryOBS	e:fo:flow:cb536611ed62	flow:cb536611ed62 → host:172.234.197.23 → host:177.10.233.76 → port:tcp:49438
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d33ef29909b4f2d5:SESSION-d33ef29909b4f2d5	SESSION-d33ef29909b4f2d5 → pe:syn:SESSION-d33ef29909b4f2d5
FLOW_DST_PORTOBS	e:fp:flow:86aa11a315d0:port:tcp:443	flow:86aa11a315d0 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-f737e621c51c7ecf:host:45.173.156.227	SESSION-f737e621c51c7ecf → host:45.173.156.227
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e6bf46c9eec8f990:SESSION-e6bf46c9eec8f990	SESSION-e6bf46c9eec8f990 → pe:tls:SESSION-e6bf46c9eec8f990
FLOW_TO_HOSTOBS	e:to:SESSION-04af603e6c9a6691:host:177.10.237.82	SESSION-04af603e6c9a6691 → host:177.10.237.82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-77c4ff849445b3aa:SESSION-77c4ff849445b3aa	SESSION-77c4ff849445b3aa → pe:tls:SESSION-77c4ff849445b3aa
flow_observed4-aryOBS	e:fo:flow:b73ff5f41de9	flow:b73ff5f41de9 → host:172.234.197.23 → host:177.10.238.92 → port:tcp:42791
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a770693a19c2c7c:host:131.196.31.11:host:172.234.197.23	SESSION-0a770693a19c2c7c → host:131.196.31.11 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1350be77996fff9b:PCAP:capture_20260430110001:43611bdf6759	SESSION-1350be77996fff9b → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-6350f63c148b5b0b:host:172.234.197.23	SESSION-6350f63c148b5b0b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1530091b08a9906d:host:172.234.197.23	SESSION-1530091b08a9906d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.206:asn:262880	host:177.10.232.206 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:67095d6e505a:port:tcp:443	flow:67095d6e505a → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0e6f218d3e359434:SESSION-0e6f218d3e359434	SESSION-0e6f218d3e359434 → pe:tls:SESSION-0e6f218d3e359434
FLOW_DST_PORTOBS	e:fp:flow:9889c1ff750a:port:tcp:443	flow:9889c1ff750a → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.218.65.249:geo_45.84010_-119.70500	host:54.218.65.249 → geo_45.84010_-119.70500
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9b0c47b1e862acc1:host:131.196.29.165:host:172.234.197.23	SESSION-9b0c47b1e862acc1 → host:131.196.29.165 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9e8879d591cbfcd7:SESSION-9e8879d591cbfcd7	SESSION-9e8879d591cbfcd7 → pe:syn:SESSION-9e8879d591cbfcd7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0799ff092dfcce41:PCAP:capture_20260430050001:8868731bf8a4	SESSION-0799ff092dfcce41 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-20066dd45b76b973:SESSION-20066dd45b76b973	SESSION-20066dd45b76b973 → pe:tls:SESSION-20066dd45b76b973
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-378aa47dbf901697:PCAP:capture_20260430050001:8868731bf8a4	SESSION-378aa47dbf901697 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc2833e8abe7ed0a:SESSION-cc2833e8abe7ed0a	SESSION-cc2833e8abe7ed0a → pe:syn:SESSION-cc2833e8abe7ed0a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5f3e8e9199df130f:SESSION-5f3e8e9199df130f	SESSION-5f3e8e9199df130f → pe:tls:SESSION-5f3e8e9199df130f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb6cea4441256ebd:host:177.10.233.233	SESSION-cb6cea4441256ebd → host:177.10.233.233
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96272a0a54480e7a:SESSION-96272a0a54480e7a	SESSION-96272a0a54480e7a → pe:syn:SESSION-96272a0a54480e7a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-198cd8f9bb6f8909:SESSION-198cd8f9bb6f8909	SESSION-198cd8f9bb6f8909 → pe:tls:SESSION-198cd8f9bb6f8909
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99eb989e9371b0fb:host:172.234.197.23	SESSION-99eb989e9371b0fb → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.51:geo_-21.10010_-41.69200	host:45.173.156.51 → geo_-21.10010_-41.69200
flow_observed5-aryOBS	e:fo:flow:a6f42ce3a907	flow:a6f42ce3a907 → host:177.10.234.132 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-6e5392ca321cb1ed:host:131.196.29.85	SESSION-6e5392ca321cb1ed → host:131.196.29.85
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e938dc96c7665991:PCAP:capture_20260430090001:065659c7d314	SESSION-e938dc96c7665991 → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:2591fb04a88d:port:tcp:443	flow:2591fb04a88d → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-886f0e6ca4ba19c9:host:131.196.31.107	SESSION-886f0e6ca4ba19c9 → host:131.196.31.107
flow_observed4-aryOBS	e:fo:flow:3d68dedcff75	flow:3d68dedcff75 → host:172.234.197.23 → host:131.196.31.27 → port:tcp:241
FLOW_FROM_HOSTOBS	e:from:SESSION-0667f103db24cb40:host:177.10.233.135	SESSION-0667f103db24cb40 → host:177.10.233.135
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-24ee0ec1cbf12b9d:SESSION-24ee0ec1cbf12b9d	SESSION-24ee0ec1cbf12b9d → pe:rst:SESSION-24ee0ec1cbf12b9d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-40497d6996ef2088:PCAP:capture_20260430080001:93f47cc296a4	SESSION-40497d6996ef2088 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-73ce8b7b43538e4e:SESSION-73ce8b7b43538e4e	SESSION-73ce8b7b43538e4e → pe:tls:SESSION-73ce8b7b43538e4e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f4d08df9b5b22c8b:host:131.196.28.60:host:172.234.197.23	SESSION-f4d08df9b5b22c8b → host:131.196.28.60 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.43:asn:262880	host:177.10.236.43 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77d6ed106817bb5a:host:172.234.197.23	SESSION-77d6ed106817bb5a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0804c956ce93675c:host:172.234.197.23	SESSION-0804c956ce93675c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7c274d9ac0119175:host:172.234.197.23	SESSION-7c274d9ac0119175 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20066dd45b76b973:host:172.234.197.23	SESSION-20066dd45b76b973 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a705ce382fec48a:host:172.234.197.23	SESSION-2a705ce382fec48a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d678c7d14c2f15db:host:177.10.237.146	SESSION-d678c7d14c2f15db → host:177.10.237.146
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5c3d3f3d87b7f1a0:host:177.10.233.20:host:172.234.197.23	SESSION-5c3d3f3d87b7f1a0 → host:177.10.233.20 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fb520d5460f73062:host:172.234.197.23	SESSION-fb520d5460f73062 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a733fde11cff5d03:flow:4d295ea72925	SESSION-a733fde11cff5d03 → flow:4d295ea72925
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9429230c27071ffa:flow:a6f42ce3a907	SESSION-9429230c27071ffa → flow:a6f42ce3a907
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.203:asn:203771	host:92.112.71.203 → asn:203771
FLOW_FROM_HOSTOBS	e:from:SESSION-91c3828e0c41fbe7:host:177.10.238.62	SESSION-91c3828e0c41fbe7 → host:177.10.238.62
flow_observed5-aryOBS	e:fo:flow:2f7459dc5743	flow:2f7459dc5743 → host:177.10.234.178 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TLS_SNIOBS	e:fs:flow:3284f4e4ac94:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:3284f4e4ac94 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fa49f714001a7a70:host:172.234.197.23:host:131.196.30.140	SESSION-fa49f714001a7a70 → host:172.234.197.23 → host:131.196.30.140
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e2eb0c2c4028db16:host:172.234.197.23	SESSION-e2eb0c2c4028db16 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6bca989f2c390047:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6bca989f2c390047 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-065e72b14a827150:SESSION-065e72b14a827150	SESSION-065e72b14a827150 → pe:tls:SESSION-065e72b14a827150
flow_observed4-aryOBS	e:fo:flow:46a103932f1f	flow:46a103932f1f → host:172.234.197.23 → host:177.10.236.100 → port:tcp:46890
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c67539e40b0db6c0:SESSION-c67539e40b0db6c0	SESSION-c67539e40b0db6c0 → pe:syn:SESSION-c67539e40b0db6c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b64c855cb393ccc0:host:172.234.197.23	SESSION-b64c855cb393ccc0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bd66824284de98ed:host:177.10.233.220	SESSION-bd66824284de98ed → host:177.10.233.220
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d8900744845bb6f3:flow:98854a4693d7	SESSION-d8900744845bb6f3 → flow:98854a4693d7
FLOW_TO_HOSTOBS	e:to:SESSION-f2e1e1ea3d3f0587:host:172.234.197.23	SESSION-f2e1e1ea3d3f0587 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48baa2e7639de342:host:172.234.197.23	SESSION-48baa2e7639de342 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f709c3d74e04443c:host:172.234.197.23	SESSION-f709c3d74e04443c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:abe28bc9f048:port:tcp:443	flow:abe28bc9f048 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b4e8d87fd06149df:flow:f900942fa998	SESSION-b4e8d87fd06149df → flow:f900942fa998
FLOW_FROM_HOSTOBS	e:from:SESSION-8405fabd9aa330c8:host:177.10.234.128	SESSION-8405fabd9aa330c8 → host:177.10.234.128
FLOW_FROM_HOSTOBS	e:from:SESSION-ee237db5b674d6c4:host:177.10.239.255	SESSION-ee237db5b674d6c4 → host:177.10.239.255
FLOW_DST_PORTOBS	e:fp:flow:9fdc9457113e:port:tcp:80	flow:9fdc9457113e → port:tcp:80
FLOW_DST_PORTOBS	e:fp:flow:71da073f34ae:port:tcp:443	flow:71da073f34ae → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-168a40fae7c0f56d:SESSION-168a40fae7c0f56d	SESSION-168a40fae7c0f56d → pe:tls:SESSION-168a40fae7c0f56d
flow_observed5-aryOBS	e:fo:flow:8b19fa2241ff	flow:8b19fa2241ff → host:177.10.232.251 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d9ef85fb3b83fc71:host:172.234.197.23	SESSION-d9ef85fb3b83fc71 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-53ca21169d5f7469:host:172.234.197.23	SESSION-53ca21169d5f7469 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-548dd69287ac8927:host:172.234.197.23	SESSION-548dd69287ac8927 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3d2c48d2810841c0:SESSION-3d2c48d2810841c0	SESSION-3d2c48d2810841c0 → pe:syn:SESSION-3d2c48d2810841c0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b78ee328a5f7ceab:PCAP:capture_20260428010001:b1b402c7b202	SESSION-b78ee328a5f7ceab → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7928f63a898f7aac:SESSION-7928f63a898f7aac	SESSION-7928f63a898f7aac → pe:tls:SESSION-7928f63a898f7aac
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ed8e90a0efd647ab:host:172.234.197.23	SESSION-ed8e90a0efd647ab → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-226dccfda73d96ef:SESSION-226dccfda73d96ef	SESSION-226dccfda73d96ef → pe:syn:SESSION-226dccfda73d96ef
FLOW_FROM_HOSTOBS	e:from:SESSION-0482212efb1d2581:host:177.10.234.212	SESSION-0482212efb1d2581 → host:177.10.234.212
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d43ada4a289f704d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-d43ada4a289f704d → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-c2cb78a800ce3917:host:177.10.232.168	SESSION-c2cb78a800ce3917 → host:177.10.232.168
FLOW_FROM_HOSTOBS	e:from:SESSION-35dd0088a1238ab9:host:177.10.238.231	SESSION-35dd0088a1238ab9 → host:177.10.238.231
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-85683c3aa8c095db:BSG-DATA_EXFIL-03acec341a25	SESSION-85683c3aa8c095db → BSG-DATA_EXFIL-03acec341a25
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49ffa8539a7cb217:host:131.196.30.57	SESSION-49ffa8539a7cb217 → host:131.196.30.57
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68010cf4db790ce8:host:95.170.25.245	SESSION-68010cf4db790ce8 → host:95.170.25.245
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-314272d88a452691:flow:684f698a3206	SESSION-314272d88a452691 → flow:684f698a3206
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e405c5dfa444c3be:host:172.234.197.23	SESSION-e405c5dfa444c3be → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3c812f2a31a60fc9:host:177.10.237.202	SESSION-3c812f2a31a60fc9 → host:177.10.237.202
FLOW_TO_HOSTOBS	e:to:SESSION-ecb25cc7396151e7:host:172.234.197.23	SESSION-ecb25cc7396151e7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-373bf424772e8fef:flow:6c01028ff404	SESSION-373bf424772e8fef → flow:6c01028ff404
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.40:geo_-16.28860_-49.01640	host:177.10.233.40 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:2f7ff643ec0e	flow:2f7ff643ec0e → host:131.196.28.149 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c58b004ff38abe14:SESSION-c58b004ff38abe14	SESSION-c58b004ff38abe14 → pe:tls:SESSION-c58b004ff38abe14
FLOW_DST_PORTOBS	e:fp:flow:a9fcf5a4600f:port:tcp:13804	flow:a9fcf5a4600f → port:tcp:13804
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fac4a2f466e4583d:PCAP:capture_20260430070001:903a0e7a436b	SESSION-fac4a2f466e4583d → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-27c94fb85f37f774:SESSION-27c94fb85f37f774	SESSION-27c94fb85f37f774 → pe:syn:SESSION-27c94fb85f37f774
FLOW_TO_HOSTOBS	e:to:SESSION-586cf5bb6d743be1:host:177.10.239.114	SESSION-586cf5bb6d743be1 → host:177.10.239.114
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-527af3b786e52b88:SESSION-527af3b786e52b88	SESSION-527af3b786e52b88 → pe:syn:SESSION-527af3b786e52b88
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-110ce59a2a29ac0c:host:172.234.197.23	SESSION-110ce59a2a29ac0c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.186:asn:262880	host:177.10.239.186 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-6113f2cc2cfc5017:host:177.10.237.12	SESSION-6113f2cc2cfc5017 → host:177.10.237.12
FLOW_TO_HOSTOBS	e:to:SESSION-2c24cbdb3e7b273c:host:172.234.197.23	SESSION-2c24cbdb3e7b273c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9a4b68b400a3161c:flow:390f5665cae1	SESSION-9a4b68b400a3161c → flow:390f5665cae1
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.126:asn:271410	host:131.196.28.126 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:b19ab9caf851:port:tcp:443	flow:b19ab9caf851 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-251fcdeeb3ee3f58:host:172.234.197.23:host:177.10.235.26	SESSION-251fcdeeb3ee3f58 → host:172.234.197.23 → host:177.10.235.26
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-28d2d0e8afd37453:host:45.173.156.164:host:172.234.197.23	SESSION-28d2d0e8afd37453 → host:45.173.156.164 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9bf9cf9055b9	flow:9bf9cf9055b9 → host:131.196.30.194 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:90fb23778ba2:port:tcp:50418	flow:90fb23778ba2 → port:tcp:50418
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08df11bd27017e71:host:172.234.197.23	SESSION-08df11bd27017e71 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7536a33faff5a95d:flow:47adaf8e89df	SESSION-7536a33faff5a95d → flow:47adaf8e89df
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-81c3f53ebeacb521:SESSION-81c3f53ebeacb521	SESSION-81c3f53ebeacb521 → pe:tls:SESSION-81c3f53ebeacb521
FLOW_FROM_HOSTOBS	e:from:SESSION-23c159d0ddd6e1cb:host:172.234.197.23	SESSION-23c159d0ddd6e1cb → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.5:asn:262880	host:177.10.238.5 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-4ce32efb58e1da83:host:177.10.232.226	SESSION-4ce32efb58e1da83 → host:177.10.232.226
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cf31506875543a88:SESSION-cf31506875543a88	SESSION-cf31506875543a88 → pe:tls:SESSION-cf31506875543a88
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-792b602eaec629a3:host:177.10.236.120:host:172.234.197.23	SESSION-792b602eaec629a3 → host:177.10.236.120 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d2e29524ed5dcc05:flow:f573dcd8e564	SESSION-d2e29524ed5dcc05 → flow:f573dcd8e564
flow_observed5-aryOBS	e:fo:flow:29d5777d97f1	flow:29d5777d97f1 → host:131.196.31.229 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb20bb92bfdba895:host:172.234.197.23	SESSION-bb20bb92bfdba895 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f5828198604c26af:host:172.234.197.23:host:177.10.235.185	SESSION-f5828198604c26af → host:172.234.197.23 → host:177.10.235.185
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-baf4494100018e3a:host:172.234.197.23	SESSION-baf4494100018e3a → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.14:asn:203771	host:92.112.71.14 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:1db2a351c3cf:port:tcp:443	flow:1db2a351c3cf → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f39fdcb76f4b9f9d:SESSION-f39fdcb76f4b9f9d	SESSION-f39fdcb76f4b9f9d → pe:tls:SESSION-f39fdcb76f4b9f9d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be374c360242db8a:host:177.10.235.121	SESSION-be374c360242db8a → host:177.10.235.121
flow_observed5-aryOBS	e:fo:flow:9948bfeb9f74	flow:9948bfeb9f74 → host:131.196.30.252 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-b6d027087dbd516e:host:172.234.197.23	SESSION-b6d027087dbd516e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-779f746558d2d979:flow:989a9fc1eb99	SESSION-779f746558d2d979 → flow:989a9fc1eb99
FLOW_FROM_HOSTOBS	e:from:SESSION-a83f7d2591dcabf5:host:131.196.29.125	SESSION-a83f7d2591dcabf5 → host:131.196.29.125
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.10:geo_-23.62930_-46.63510	host:131.196.31.10 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-67a9355576766cfe:host:131.196.30.253	SESSION-67a9355576766cfe → host:131.196.30.253
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-58fb8de1a3a0b1f1:host:177.10.239.208	SESSION-58fb8de1a3a0b1f1 → host:177.10.239.208
FLOW_DST_PORTOBS	e:fp:flow:6015041af7e8:port:tcp:443	flow:6015041af7e8 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-555dcb6965008cb6:host:172.234.197.23	SESSION-555dcb6965008cb6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c38263f2f5f96575:SESSION-c38263f2f5f96575	SESSION-c38263f2f5f96575 → pe:tls:SESSION-c38263f2f5f96575
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8578034648884afe:PCAP:capture_20260430150001:ded20914761d	SESSION-8578034648884afe → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a4ffce8b6e53dd75:SESSION-a4ffce8b6e53dd75	SESSION-a4ffce8b6e53dd75 → pe:syn:SESSION-a4ffce8b6e53dd75
FLOW_FROM_HOSTOBS	e:from:SESSION-fc18a12b15fb2c84:host:177.10.233.80	SESSION-fc18a12b15fb2c84 → host:177.10.233.80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-98083f958ccf36d4:SESSION-98083f958ccf36d4	SESSION-98083f958ccf36d4 → pe:tls:SESSION-98083f958ccf36d4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0553c47d8718786a:host:177.10.234.244:host:172.234.197.23	SESSION-0553c47d8718786a → host:177.10.234.244 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d1c9303996834523:SESSION-d1c9303996834523	SESSION-d1c9303996834523 → pe:syn:SESSION-d1c9303996834523
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9f6479625c7774ad:flow:bf7124d1d463	SESSION-9f6479625c7774ad → flow:bf7124d1d463
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-265a2f0fa666e936:host:131.196.30.222	SESSION-265a2f0fa666e936 → host:131.196.30.222
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-79349287be3864ac:SESSION-79349287be3864ac	SESSION-79349287be3864ac → pe:tls:SESSION-79349287be3864ac
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fed96f9f16ada01c:host:172.234.197.23	SESSION-fed96f9f16ada01c → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:77a62fb7aaf3	flow:77a62fb7aaf3 → host:172.234.197.23 → host:131.196.29.60 → port:tcp:40643
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-41b7279875030e7d:SESSION-41b7279875030e7d	SESSION-41b7279875030e7d → pe:tls:SESSION-41b7279875030e7d
flow_observed4-aryOBS	e:fo:flow:9b2064ecb7b8	flow:9b2064ecb7b8 → host:172.234.197.23 → host:177.10.232.234 → port:tcp:34762
FLOW_DST_PORTOBS	e:fp:flow:ead47c2cac82:port:tcp:19673	flow:ead47c2cac82 → port:tcp:19673
FLOW_TO_HOSTOBS	e:to:SESSION-a9042bd9c6a81d17:host:172.234.197.23	SESSION-a9042bd9c6a81d17 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-07775d37dba558b0:host:199.16.157.181	SESSION-07775d37dba558b0 → host:199.16.157.181
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5c65a4c12e9ce549:SESSION-5c65a4c12e9ce549	SESSION-5c65a4c12e9ce549 → pe:tls:SESSION-5c65a4c12e9ce549
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-733b7037c38abbcf:host:172.234.197.23	SESSION-733b7037c38abbcf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-079ef1e0e1e74623:host:172.234.197.23	SESSION-079ef1e0e1e74623 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.70:geo_-16.28860_-49.01640	host:177.10.237.70 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c7239dbaec89ca2f:SESSION-c7239dbaec89ca2f	SESSION-c7239dbaec89ca2f → pe:tls:SESSION-c7239dbaec89ca2f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-154a0a352559b94b:flow:75d2f1361fa5	SESSION-154a0a352559b94b → flow:75d2f1361fa5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.158:geo_-16.28860_-49.01640	host:177.10.239.158 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-455353f546d0ad3e:host:172.234.197.23	SESSION-455353f546d0ad3e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1532b7922e59746:host:131.196.29.241	SESSION-d1532b7922e59746 → host:131.196.29.241
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.137:geo_-23.62930_-46.63510	host:131.196.29.137 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4ddb6310055a59be:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4ddb6310055a59be → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:faeeb2dca72c	flow:faeeb2dca72c → host:177.10.239.186 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.193:geo_-23.62930_-46.63510	host:131.196.31.193 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-0a4506f2fb402b7f:host:172.234.197.23	SESSION-0a4506f2fb402b7f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a317296f8a35:port:tcp:443	flow:a317296f8a35 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-94c9082e66baa6b5:host:172.234.197.23	SESSION-94c9082e66baa6b5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:12402f5ea0e3:port:tcp:443	flow:12402f5ea0e3 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.233:geo_-16.28860_-49.01640	host:177.10.232.233 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.90:asn:262880	host:177.10.238.90 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-0fa06d2bfceab141:host:131.196.30.224	SESSION-0fa06d2bfceab141 → host:131.196.30.224
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f07097ffc1d464e5:flow:096c477c6fa2	SESSION-f07097ffc1d464e5 → flow:096c477c6fa2
FLOW_DST_PORTOBS	e:fp:flow:9c47255c861d:port:tcp:443	flow:9c47255c861d → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:e0da7e51ff4f	flow:e0da7e51ff4f → host:131.196.31.151 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9494583da7ce1d88:host:172.234.197.23	SESSION-9494583da7ce1d88 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5252ca05229eda25:PCAP:capture_20260430070001:903a0e7a436b	SESSION-5252ca05229eda25 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5cf2fdb6c848ac6c:SESSION-5cf2fdb6c848ac6c	SESSION-5cf2fdb6c848ac6c → pe:syn:SESSION-5cf2fdb6c848ac6c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fd4f176877b3d058:flow:8a0c1a3cc10c	SESSION-fd4f176877b3d058 → flow:8a0c1a3cc10c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d2ec4538209fcf12:host:172.234.197.23:host:131.196.30.192	SESSION-d2ec4538209fcf12 → host:172.234.197.23 → host:131.196.30.192
FLOW_FROM_HOSTOBS	e:from:SESSION-969e64e33723c991:host:45.173.156.33	SESSION-969e64e33723c991 → host:45.173.156.33
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf997a1aac5d0ef1:SESSION-bf997a1aac5d0ef1	SESSION-bf997a1aac5d0ef1 → pe:tls:SESSION-bf997a1aac5d0ef1
FLOW_DST_PORTOBS	e:fp:flow:57c5a1bd2723:port:tcp:443	flow:57c5a1bd2723 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-de115ad7179345b0:flow:9c37952dcebc	SESSION-de115ad7179345b0 → flow:9c37952dcebc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8f41d49423a0699:host:177.10.238.76	SESSION-c8f41d49423a0699 → host:177.10.238.76
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fb6fe079446275d:host:131.196.30.185	SESSION-5fb6fe079446275d → host:131.196.30.185
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ea7d08352653c32:host:172.234.197.23	SESSION-2ea7d08352653c32 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87843d3af97b013e:host:177.10.232.55	SESSION-87843d3af97b013e → host:177.10.232.55
FLOW_FROM_HOSTOBS	e:from:SESSION-5397b2a7490ae0fb:host:177.10.237.120	SESSION-5397b2a7490ae0fb → host:177.10.237.120
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a8ab97210507c98d:SESSION-a8ab97210507c98d	SESSION-a8ab97210507c98d → pe:tls:SESSION-a8ab97210507c98d
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.247:asn:262880	host:177.10.237.247 → asn:262880
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-d1d74e40d653f073:BSG-DATA_EXFIL-58d151b66f77	SESSION-d1d74e40d653f073 → BSG-DATA_EXFIL-58d151b66f77
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ab42e00b724a7daa:PCAP:capture_20260430060001:919b39a74464	SESSION-ab42e00b724a7daa → PCAP:capture_20260430060001:919b39a74464
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-44f16a8e9c86ada8:flow:cadf0893e2ce	SESSION-44f16a8e9c86ada8 → flow:cadf0893e2ce
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5dbf12d77f23d3eb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-5dbf12d77f23d3eb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-abc64529b37d4840:host:97.139.12.85	SESSION-abc64529b37d4840 → host:97.139.12.85
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0fa0595b0c8a6ef6:host:177.10.232.22:host:172.234.197.23	SESSION-0fa0595b0c8a6ef6 → host:177.10.232.22 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2348046789aa81fe:host:131.196.28.153	SESSION-2348046789aa81fe → host:131.196.28.153
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-903738316b123ea7:flow:6923abe353e1	SESSION-903738316b123ea7 → flow:6923abe353e1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ba12ba5c182aa430:host:172.234.197.23	SESSION-ba12ba5c182aa430 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4d17209bd675d4be:flow:5e0d4c52be74	SESSION-4d17209bd675d4be → flow:5e0d4c52be74
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2b1032a47414de8d:host:177.10.235.175:host:172.234.197.23	SESSION-2b1032a47414de8d → host:177.10.235.175 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e280ba6e8e483a35:SESSION-e280ba6e8e483a35	SESSION-e280ba6e8e483a35 → pe:tls:SESSION-e280ba6e8e483a35
FLOW_DST_PORTOBS	e:fp:flow:91131826770f:port:tcp:443	flow:91131826770f → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-7937f820efd31935:host:34.216.76.26	SESSION-7937f820efd31935 → host:34.216.76.26
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-00f403aeec8e6c17:flow:0dfc9b5d1570	SESSION-00f403aeec8e6c17 → flow:0dfc9b5d1570
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f3616b79a24490a3:PCAP:capture_20260430080001:93f47cc296a4	SESSION-f3616b79a24490a3 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:f12450bfc831	flow:f12450bfc831 → host:177.10.239.11 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1739bca4a014ab7e:host:172.234.197.23	SESSION-1739bca4a014ab7e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b479aa11234b67ae:host:131.196.30.200:host:172.234.197.23	SESSION-b479aa11234b67ae → host:131.196.30.200 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-99eb989e9371b0fb:flow:aa8dff7d28f7	SESSION-99eb989e9371b0fb → flow:aa8dff7d28f7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-845fd343ebc60049:SESSION-845fd343ebc60049	SESSION-845fd343ebc60049 → pe:tls:SESSION-845fd343ebc60049
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-119f9a3698c24414:PCAP:capture_20260430050001:8868731bf8a4	SESSION-119f9a3698c24414 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d603c58c5171ed7:host:172.234.197.23	SESSION-9d603c58c5171ed7 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d04a7b552866:port:tcp:443	flow:d04a7b552866 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-107eaa9172a242e7:flow:d44636dbb1ca	SESSION-107eaa9172a242e7 → flow:d44636dbb1ca
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47d7544842406eea:host:172.234.197.23	SESSION-47d7544842406eea → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d43da16ef3276f9b:host:177.10.236.239	SESSION-d43da16ef3276f9b → host:177.10.236.239
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-878a5ce24b3ea2a6:flow:d3fafd34c7d1	SESSION-878a5ce24b3ea2a6 → flow:d3fafd34c7d1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-367a6218c741fe93:flow:ed7f77efecef	SESSION-367a6218c741fe93 → flow:ed7f77efecef
FLOW_TO_HOSTOBS	e:to:SESSION-310c82c2a589a705:host:177.10.237.108	SESSION-310c82c2a589a705 → host:177.10.237.108
FLOW_FROM_HOSTOBS	e:from:SESSION-7fb420f75ffa7d0f:host:131.196.30.81	SESSION-7fb420f75ffa7d0f → host:131.196.30.81
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-978d4fdbc8d38350:host:177.10.239.198:host:172.234.197.23	SESSION-978d4fdbc8d38350 → host:177.10.239.198 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b0dab8159384d982:host:172.234.197.23:host:131.196.31.19	SESSION-b0dab8159384d982 → host:172.234.197.23 → host:131.196.31.19
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54b62e34296d5c17:host:131.196.29.224	SESSION-54b62e34296d5c17 → host:131.196.29.224
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.239:asn:262880	host:177.10.236.239 → asn:262880
flow_observed5-aryOBS	e:fo:flow:cd5580a464ec	flow:cd5580a464ec → host:177.10.236.199 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-51bab49b2715dbc9:host:54.149.68.137	SESSION-51bab49b2715dbc9 → host:54.149.68.137
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f98b72d4ec65d75:host:172.234.197.23	SESSION-8f98b72d4ec65d75 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-11d5793dfe2c0097:host:172.234.197.23	SESSION-11d5793dfe2c0097 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98b441f54568b58c:host:177.10.239.8	SESSION-98b441f54568b58c → host:177.10.239.8
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ac6ab160136e0424:host:172.234.197.23:host:177.10.235.129	SESSION-ac6ab160136e0424 → host:172.234.197.23 → host:177.10.235.129
FLOW_DST_PORTOBS	e:fp:flow:b968d8524475:port:tcp:443	flow:b968d8524475 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5c439db2cd1990c9:SESSION-5c439db2cd1990c9	SESSION-5c439db2cd1990c9 → pe:tls:SESSION-5c439db2cd1990c9
flow_observed4-aryOBS	e:fo:flow:bbe9e2d3420e	flow:bbe9e2d3420e → host:172.234.197.23 → host:177.10.239.114 → port:tcp:2932
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9b2bcd9d2c0b41b4:PCAP:capture_20260430150001:ded20914761d	SESSION-9b2bcd9d2c0b41b4 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-d815390d9091f577:host:172.234.197.23	SESSION-d815390d9091f577 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5eb3b0eaf7de1b7d:host:95.170.25.87:host:172.234.197.23	SESSION-5eb3b0eaf7de1b7d → host:95.170.25.87 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.247:geo_-16.28860_-49.01640	host:177.10.237.247 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-7377b91dd9eda5d9:host:177.10.234.34	SESSION-7377b91dd9eda5d9 → host:177.10.234.34
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ee402158031a28f0:SESSION-ee402158031a28f0	SESSION-ee402158031a28f0 → pe:syn:SESSION-ee402158031a28f0
FLOW_TO_HOSTOBS	e:to:SESSION-00ca7ee72922697b:host:172.234.197.23	SESSION-00ca7ee72922697b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-106a8139a282a728:host:131.196.31.144	SESSION-106a8139a282a728 → host:131.196.31.144
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.100:asn:262880	host:177.10.234.100 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9eb85eb3deaacc18:host:131.196.28.100:host:172.234.197.23	SESSION-9eb85eb3deaacc18 → host:131.196.28.100 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4c859adc1608:port:tcp:443	flow:4c859adc1608 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6bd47d8fd21ead6d:host:94.130.10.221:host:172.234.197.23	SESSION-6bd47d8fd21ead6d → host:94.130.10.221 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.215:asn:262880	host:177.10.238.215 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d083da2d95669221:flow:32513d87e909	SESSION-d083da2d95669221 → flow:32513d87e909
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b47539014cc5976c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b47539014cc5976c → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8dc993a043c8fb1:host:131.196.31.14	SESSION-b8dc993a043c8fb1 → host:131.196.31.14
flow_observed3-aryOBS	e:fo:flow:38be2a81132c	flow:38be2a81132c → host:13.208.213.50 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-37a58b55d4a339c3:SESSION-37a58b55d4a339c3	SESSION-37a58b55d4a339c3 → pe:dns:SESSION-37a58b55d4a339c3
flow_observed5-aryOBS	e:fo:flow:270633e55f2d	flow:270633e55f2d → host:177.10.236.91 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:9a9c7e2c78e9	flow:9a9c7e2c78e9 → host:172.234.197.23 → host:131.196.31.196 → port:tcp:24325
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ba1cfcea34ace70:PCAP:capture_20260430110001:43611bdf6759	SESSION-2ba1cfcea34ace70 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TLS_SNIOBS	e:fs:flow:0fbc9a4b7bce:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:0fbc9a4b7bce → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-cac46254a85b1ec3:host:172.234.197.23	SESSION-cac46254a85b1ec3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-304db5c18798dbb4:host:172.234.197.23	SESSION-304db5c18798dbb4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a80be6abc21d5bd:host:13.208.213.50:host:172.234.197.23	SESSION-8a80be6abc21d5bd → host:13.208.213.50 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f158e3bc319e69c7:host:199.16.157.182:host:172.234.197.23	SESSION-f158e3bc319e69c7 → host:199.16.157.182 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7d9ab0e2fb8bff1f:host:172.234.197.23:host:45.173.156.78	SESSION-7d9ab0e2fb8bff1f → host:172.234.197.23 → host:45.173.156.78
FLOW_DST_PORTOBS	e:fp:flow:a31746b72125:port:tcp:19227	flow:a31746b72125 → port:tcp:19227
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9726d81acc78b8e7:SESSION-9726d81acc78b8e7	SESSION-9726d81acc78b8e7 → pe:tls:SESSION-9726d81acc78b8e7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e652971bc7c2d2d5:SESSION-e652971bc7c2d2d5	SESSION-e652971bc7c2d2d5 → pe:syn:SESSION-e652971bc7c2d2d5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e7c834c7664f83e9:SESSION-e7c834c7664f83e9	SESSION-e7c834c7664f83e9 → pe:syn:SESSION-e7c834c7664f83e9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-825be4419cbefff8:flow:7eb684f9875e	SESSION-825be4419cbefff8 → flow:7eb684f9875e
FLOW_TO_HOSTOBS	e:to:SESSION-12b2fb0a733c24b6:host:172.234.197.23	SESSION-12b2fb0a733c24b6 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-29162d9ed8336732:PCAP:capture_20260430110001:43611bdf6759	SESSION-29162d9ed8336732 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-59417938792198bf:host:172.234.197.23	SESSION-59417938792198bf → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4e4de8bcb2f0334a:host:172.234.197.23	SESSION-4e4de8bcb2f0334a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-350febc37b3f152d:host:172.234.197.23	SESSION-350febc37b3f152d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-65c3eea3bc378ff0:host:172.234.197.23	SESSION-65c3eea3bc378ff0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f78283937123fd5:host:177.10.239.136	SESSION-1f78283937123fd5 → host:177.10.239.136
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-54016b03ecf1701c:SESSION-54016b03ecf1701c	SESSION-54016b03ecf1701c → pe:tls:SESSION-54016b03ecf1701c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-840476c00c988ec7:flow:98f29b91e66a	SESSION-840476c00c988ec7 → flow:98f29b91e66a
FLOW_FROM_HOSTOBS	e:from:SESSION-d077f88c61181481:host:177.10.238.179	SESSION-d077f88c61181481 → host:177.10.238.179
FLOW_TO_HOSTOBS	e:to:SESSION-f57ffeba62df89fa:host:172.234.197.23	SESSION-f57ffeba62df89fa → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb88b05b3590e26e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-cb88b05b3590e26e → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_FROM_HOSTOBS	e:from:SESSION-bfe3e48aa982c746:host:177.10.237.169	SESSION-bfe3e48aa982c746 → host:177.10.237.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de2c7d1c6ad5841e:host:131.196.30.134	SESSION-de2c7d1c6ad5841e → host:131.196.30.134
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08df11bd27017e71:host:172.232.0.17	SESSION-08df11bd27017e71 → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8d8e16e7f7cb138:SESSION-c8d8e16e7f7cb138	SESSION-c8d8e16e7f7cb138 → pe:syn:SESSION-c8d8e16e7f7cb138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e4489cf6c262aa3:host:177.10.239.93	SESSION-9e4489cf6c262aa3 → host:177.10.239.93
FLOW_TO_HOSTOBS	e:to:SESSION-de1a59c6958513ff:host:172.234.197.23	SESSION-de1a59c6958513ff → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d53672361f048e5:host:172.234.197.23	SESSION-2d53672361f048e5 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-488c9c462e491ad2:PCAP:capture_20260430110001:43611bdf6759	SESSION-488c9c462e491ad2 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c74fe87f9177e103:flow:e1110b1e3871	SESSION-c74fe87f9177e103 → flow:e1110b1e3871
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-39cfa534eb7ca418:SESSION-39cfa534eb7ca418	SESSION-39cfa534eb7ca418 → pe:tls:SESSION-39cfa534eb7ca418
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4370d06debc0fcec:host:45.173.156.219	SESSION-4370d06debc0fcec → host:45.173.156.219
FLOW_FROM_HOSTOBS	e:from:SESSION-bde2562b2e16b844:host:172.234.197.23	SESSION-bde2562b2e16b844 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:5f92616743cb	flow:5f92616743cb → host:172.234.197.23 → host:213.209.159.159
FLOW_FROM_HOSTOBS	e:from:SESSION-9ed3c0cac572dff6:host:45.173.156.37	SESSION-9ed3c0cac572dff6 → host:45.173.156.37
flow_observed4-aryOBS	e:fo:flow:b0ea91d62d64	flow:b0ea91d62d64 → host:172.234.197.23 → host:177.10.236.173 → port:tcp:55952
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1228b317d5ce27b4:host:172.234.197.23	SESSION-1228b317d5ce27b4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-64a8af826dc81e59:host:172.234.197.23	SESSION-64a8af826dc81e59 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98d504bd384337f5:host:172.234.197.23	SESSION-98d504bd384337f5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-29ee7b0c08ea02ad:host:177.10.233.191	SESSION-29ee7b0c08ea02ad → host:177.10.233.191
FLOW_FROM_HOSTOBS	e:from:SESSION-7d8111f65a253e3a:host:177.10.234.254	SESSION-7d8111f65a253e3a → host:177.10.234.254
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2e4cb96e9954f000:PCAP:capture_20260430070001:903a0e7a436b	SESSION-2e4cb96e9954f000 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-314272d88a452691:host:177.10.238.57:host:172.234.197.23	SESSION-314272d88a452691 → host:177.10.238.57 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.239:geo_-21.10010_-41.69200	host:45.173.156.239 → geo_-21.10010_-41.69200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c471169f59e284ee:PCAP:capture_20260430150001:ded20914761d	SESSION-c471169f59e284ee → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-46d2f77cc38b38db:SESSION-46d2f77cc38b38db	SESSION-46d2f77cc38b38db → pe:syn:SESSION-46d2f77cc38b38db
FLOW_DST_PORTOBS	e:fp:flow:443f40d82641:port:tcp:9589	flow:443f40d82641 → port:tcp:9589
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77755e4fda54087c:host:131.196.28.95	SESSION-77755e4fda54087c → host:131.196.28.95
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ee9ba8cae5cc2ab:PCAP:capture_20260430060001:919b39a74464	SESSION-2ee9ba8cae5cc2ab → PCAP:capture_20260430060001:919b39a74464
flow_observed4-aryOBS	e:fo:flow:ecbf4329cbae	flow:ecbf4329cbae → host:172.234.197.23 → host:177.10.232.131 → port:tcp:61144
FLOW_FROM_HOSTOBS	e:from:SESSION-02ee946ab454bede:host:131.196.29.161	SESSION-02ee946ab454bede → host:131.196.29.161
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1c0e460ce34915ff:SESSION-1c0e460ce34915ff	SESSION-1c0e460ce34915ff → pe:syn:SESSION-1c0e460ce34915ff
flow_observed4-aryOBS	e:fo:flow:a2c47ad0c791	flow:a2c47ad0c791 → host:172.234.197.23 → host:177.10.234.57 → port:tcp:8088
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e938dc96c7665991:flow:6c65188d7893	SESSION-e938dc96c7665991 → flow:6c65188d7893
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a96ffc9fa12c0c5a:host:131.196.30.156	SESSION-a96ffc9fa12c0c5a → host:131.196.30.156
flow_observed5-aryOBS	e:fo:flow:309e31a0a9a9	flow:309e31a0a9a9 → host:177.10.233.77 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:538ae4f9affa	flow:538ae4f9affa → host:172.234.197.23 → host:177.10.239.148 → port:tcp:34422
flow_observed5-aryOBS	e:fo:flow:a835b0336810	flow:a835b0336810 → host:131.196.30.90 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-941b4a1386b7be8f:host:172.234.197.23	SESSION-941b4a1386b7be8f → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.12:geo_-23.62930_-46.63510	host:131.196.30.12 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8cc58a61b872e266:SESSION-8cc58a61b872e266	SESSION-8cc58a61b872e266 → pe:syn:SESSION-8cc58a61b872e266
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d7508894fe5424d7:PCAP:capture_20260430150001:ded20914761d	SESSION-d7508894fe5424d7 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2be3bd33b6267f94:SESSION-2be3bd33b6267f94	SESSION-2be3bd33b6267f94 → pe:syn:SESSION-2be3bd33b6267f94
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89c3cc1547edab47:host:172.234.197.23	SESSION-89c3cc1547edab47 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9e0d73c88dd83fb6:host:177.10.233.53	SESSION-9e0d73c88dd83fb6 → host:177.10.233.53
HOST_IN_ASNOBS 85%	e:ha:host:13.212.244.245:asn:16509	host:13.212.244.245 → asn:16509
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.239:asn:262880	host:177.10.234.239 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72859a91c292f326:host:131.196.28.11	SESSION-72859a91c292f326 → host:131.196.28.11
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.156:geo_-21.10010_-41.69200	host:45.173.156.156 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c54b7fde1829c775:host:131.196.28.231	SESSION-c54b7fde1829c775 → host:131.196.28.231
flow_observed5-aryOBS	e:fo:flow:c871dd56570a	flow:c871dd56570a → host:177.10.234.252 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-c20a24472712669d:host:131.196.29.2	SESSION-c20a24472712669d → host:131.196.29.2
flow_observed4-aryOBS	e:fo:flow:5521a80044bf	flow:5521a80044bf → host:172.234.197.23 → host:131.196.28.165 → port:tcp:50229
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d6c901db44791138:host:172.234.197.23:host:45.173.156.36	SESSION-d6c901db44791138 → host:172.234.197.23 → host:45.173.156.36
FLOW_FROM_HOSTOBS	e:from:SESSION-7bf74715b11f1486:host:172.234.197.23	SESSION-7bf74715b11f1486 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3442e9a21fdf	flow:3442e9a21fdf → host:177.10.235.122 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.182:asn:262880	host:177.10.237.182 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:1a6c098d328f:port:tcp:443	flow:1a6c098d328f → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-39d5adc1c22dd7ee:host:172.234.197.23	SESSION-39d5adc1c22dd7ee → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f5e9ebe80065c9c:host:177.10.236.206	SESSION-8f5e9ebe80065c9c → host:177.10.236.206
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-de7198c98f7f92ee:host:177.10.235.251:host:172.234.197.23	SESSION-de7198c98f7f92ee → host:177.10.235.251 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.197:geo_-23.62930_-46.63510	host:131.196.31.197 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-331f26717743f7bf:SESSION-331f26717743f7bf	SESSION-331f26717743f7bf → pe:syn:SESSION-331f26717743f7bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-76f517468502eda0:PCAP:capture_20260430110001:43611bdf6759	SESSION-76f517468502eda0 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-12cb447eb42d83b5:host:172.234.197.23	SESSION-12cb447eb42d83b5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1d862dda647c7051:host:44.248.141.231	SESSION-1d862dda647c7051 → host:44.248.141.231
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.43:asn:271410	host:131.196.28.43 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d5ac91adedbe1ec7:SESSION-d5ac91adedbe1ec7	SESSION-d5ac91adedbe1ec7 → pe:syn:SESSION-d5ac91adedbe1ec7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-db907559277cbdbb:SESSION-db907559277cbdbb	SESSION-db907559277cbdbb → pe:syn:SESSION-db907559277cbdbb
FLOW_TO_HOSTOBS	e:to:SESSION-fbcca05a1b3df0cf:host:172.234.197.23	SESSION-fbcca05a1b3df0cf → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.65:geo_-23.62930_-46.63510	host:131.196.31.65 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5972a3b732445423:PCAP:capture_20260430060001:919b39a74464	SESSION-5972a3b732445423 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3e05f2032b3abac3:host:177.10.234.171:host:172.234.197.23	SESSION-3e05f2032b3abac3 → host:177.10.234.171 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76ac71b30f764df7:host:172.234.197.23	SESSION-76ac71b30f764df7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8f2cb956713b4a7f:host:131.196.30.129:host:172.234.197.23	SESSION-8f2cb956713b4a7f → host:131.196.30.129 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-469f9efa6316e344:host:157.180.84.94	SESSION-469f9efa6316e344 → host:157.180.84.94
FLOW_TO_HOSTOBS	e:to:SESSION-dc65fb323eff44ce:host:177.10.232.45	SESSION-dc65fb323eff44ce → host:177.10.232.45
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-8136a084d82536a6:SESSION-8136a084d82536a6	SESSION-8136a084d82536a6 → pe:rst:SESSION-8136a084d82536a6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4886aa3300be1da9:host:177.10.239.70	SESSION-4886aa3300be1da9 → host:177.10.239.70
FLOW_DST_PORTOBS	e:fp:flow:9f8b2f6a6213:port:tcp:64651	flow:9f8b2f6a6213 → port:tcp:64651
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9cc387e98cb8cb82:host:177.10.234.80:host:172.234.197.23	SESSION-9cc387e98cb8cb82 → host:177.10.234.80 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ec67d149df3809f6:host:172.234.197.23	SESSION-ec67d149df3809f6 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:68f66f8b2561:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:68f66f8b2561 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dfd5cbc4ed1c485c:flow:9652a15dd0c9	SESSION-dfd5cbc4ed1c485c → flow:9652a15dd0c9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-921389e161f019e9:host:172.234.197.23	SESSION-921389e161f019e9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a22fc187bcc4d705:SESSION-a22fc187bcc4d705	SESSION-a22fc187bcc4d705 → pe:syn:SESSION-a22fc187bcc4d705
FLOW_TO_HOSTOBS	e:to:SESSION-f9c73da0e6ec113c:host:172.234.197.23	SESSION-f9c73da0e6ec113c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a0e660e7f8fdd6f:flow:9400ae221d41	SESSION-4a0e660e7f8fdd6f → flow:9400ae221d41
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2e3f5af343ed075a:host:172.234.197.23	SESSION-2e3f5af343ed075a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a8ab97210507c98d:flow:4c8f41a5769d	SESSION-a8ab97210507c98d → flow:4c8f41a5769d
flow_observed4-aryOBS	e:fo:flow:fdf3c5552a29	flow:fdf3c5552a29 → host:172.234.197.23 → host:177.10.234.195 → port:tcp:41462
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-114b93c0875a1701:SESSION-114b93c0875a1701	SESSION-114b93c0875a1701 → pe:syn:SESSION-114b93c0875a1701
FLOW_FROM_HOSTOBS	e:from:SESSION-db946f3602afd068:host:172.234.197.23	SESSION-db946f3602afd068 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-887f47388267b095:host:177.10.237.61	SESSION-887f47388267b095 → host:177.10.237.61
FLOW_FROM_HOSTOBS	e:from:SESSION-c6924fc6c1078bec:host:131.196.28.91	SESSION-c6924fc6c1078bec → host:131.196.28.91
flow_observed5-aryOBS	e:fo:flow:05eb72932c3d	flow:05eb72932c3d → host:177.10.237.177 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c70d9a6440c9b19a:PCAP:capture_20260430080001:93f47cc296a4	SESSION-c70d9a6440c9b19a → PCAP:capture_20260430080001:93f47cc296a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7fd72175928a8e59:PCAP:capture_20260430090001:065659c7d314	SESSION-7fd72175928a8e59 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-c80fd68cbbc51442:host:177.10.236.157	SESSION-c80fd68cbbc51442 → host:177.10.236.157
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b8fb4f1df9684ff2:flow:cad221a9972e	SESSION-b8fb4f1df9684ff2 → flow:cad221a9972e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4ba070ea29625f6c:host:177.10.234.251:host:172.234.197.23	SESSION-4ba070ea29625f6c → host:177.10.234.251 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b5281b6c31b7:port:tcp:443	flow:b5281b6c31b7 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-aa32b0aa2bffc0b5:host:172.234.197.23	SESSION-aa32b0aa2bffc0b5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75c1b247d58a4094:host:45.145.152.145	SESSION-75c1b247d58a4094 → host:45.145.152.145
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc431699568b9daa:host:131.196.31.48	SESSION-cc431699568b9daa → host:131.196.31.48
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0307b3c9af33eb0:host:172.234.197.23	SESSION-c0307b3c9af33eb0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1d9d2a5c7efa:port:tcp:80	flow:1d9d2a5c7efa → port:tcp:80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4d3ca4dbaf4c9647:host:51.161.119.157:host:172.234.197.23	SESSION-4d3ca4dbaf4c9647 → host:51.161.119.157 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b0b8b90e300d9c11:host:177.10.234.161:host:172.234.197.23	SESSION-b0b8b90e300d9c11 → host:177.10.234.161 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eb8a27373acd6451:SESSION-eb8a27373acd6451	SESSION-eb8a27373acd6451 → pe:tls:SESSION-eb8a27373acd6451
FLOW_TO_HOSTOBS	e:to:SESSION-e7098e9f09e131f1:host:131.196.29.160	SESSION-e7098e9f09e131f1 → host:131.196.29.160
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1f082f9fe3332438:SESSION-1f082f9fe3332438	SESSION-1f082f9fe3332438 → pe:tls:SESSION-1f082f9fe3332438
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-045546313cbf5843:host:172.234.197.23	SESSION-045546313cbf5843 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08eebf44a6874d1b:host:177.10.234.204	SESSION-08eebf44a6874d1b → host:177.10.234.204
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a6edbcdecdf7d835:host:177.10.238.139:host:172.234.197.23	SESSION-a6edbcdecdf7d835 → host:177.10.238.139 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-24aa07f03f2c2273:host:177.10.233.118	SESSION-24aa07f03f2c2273 → host:177.10.233.118
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e583d09be0235fc:host:54.254.24.234	SESSION-3e583d09be0235fc → host:54.254.24.234
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e77787f9a5bab711:PCAP:capture_20260430070001:903a0e7a436b	SESSION-e77787f9a5bab711 → PCAP:capture_20260430070001:903a0e7a436b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.237:geo_-23.62930_-46.63510	host:131.196.29.237 → geo_-23.62930_-46.63510
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-7de8e99103378c90:BSG-BEACON-e07f4250263f	SESSION-7de8e99103378c90 → BSG-BEACON-e07f4250263f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b578cd49b856e8a0:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b578cd49b856e8a0 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4002f150bb6dd768:host:172.234.197.23	SESSION-4002f150bb6dd768 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-793bdbe15c87a87a:flow:f6be814c9910	SESSION-793bdbe15c87a87a → flow:f6be814c9910
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-81de972e9a362700:host:95.135.228.1:host:172.234.197.23	SESSION-81de972e9a362700 → host:95.135.228.1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b5d485827129:port:udp:53	flow:b5d485827129 → port:udp:53
FLOW_FROM_HOSTOBS	e:from:SESSION-d52893e766cf8155:host:177.10.235.245	SESSION-d52893e766cf8155 → host:177.10.235.245
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fcbc735dfd8018d:host:177.10.239.69	SESSION-5fcbc735dfd8018d → host:177.10.239.69
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b51ebf4113a5ef49:flow:a81a0cacd656	SESSION-b51ebf4113a5ef49 → flow:a81a0cacd656
flow_observed5-aryOBS	e:fo:flow:3289c02669aa	flow:3289c02669aa → host:177.10.239.175 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1fc279480f80cfd1:host:172.234.197.23	SESSION-1fc279480f80cfd1 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.139:asn:262880	host:177.10.232.139 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8d7cf6e510c352d8:host:131.196.29.101:host:172.234.197.23	SESSION-8d7cf6e510c352d8 → host:131.196.29.101 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fd960eced17a:port:tcp:443	flow:fd960eced17a → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-83dd76c193cbd2e0:flow:a73661cc047d	SESSION-83dd76c193cbd2e0 → flow:a73661cc047d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8b1edba75af29ea2:SESSION-8b1edba75af29ea2	SESSION-8b1edba75af29ea2 → pe:tls:SESSION-8b1edba75af29ea2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ce6819df966f00de:SESSION-ce6819df966f00de	SESSION-ce6819df966f00de → pe:syn:SESSION-ce6819df966f00de
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.84:asn:262880	host:177.10.235.84 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-850471f172c9c8e6:SESSION-850471f172c9c8e6	SESSION-850471f172c9c8e6 → pe:tls:SESSION-850471f172c9c8e6
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.243:asn:262880	host:177.10.232.243 → asn:262880
flow_observed4-aryOBS	e:fo:flow:070f0d42d41e	flow:070f0d42d41e → host:172.234.197.23 → host:131.196.28.145 → port:tcp:45298
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07dfdeddccca16ee:host:172.234.197.23	SESSION-07dfdeddccca16ee → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1462f3fe112e9d96:flow:99cb1af3b415	SESSION-1462f3fe112e9d96 → flow:99cb1af3b415
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3959c763e6312f1d:SESSION-3959c763e6312f1d	SESSION-3959c763e6312f1d → pe:tls:SESSION-3959c763e6312f1d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-67a9355576766cfe:host:131.196.30.253:host:172.234.197.23	SESSION-67a9355576766cfe → host:131.196.30.253 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-a8376f0f57e00ff1:host:177.10.232.234	SESSION-a8376f0f57e00ff1 → host:177.10.232.234
FLOW_TO_HOSTOBS	e:to:SESSION-e50198195b1abda9:host:131.196.30.145	SESSION-e50198195b1abda9 → host:131.196.30.145
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0146df147eb3c3bd:flow:8e3359af75b1	SESSION-0146df147eb3c3bd → flow:8e3359af75b1
FLOW_DST_PORTOBS	e:fp:flow:07bf3b36f425:port:tcp:443	flow:07bf3b36f425 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4d6f38e3582127c:host:172.234.197.23	SESSION-c4d6f38e3582127c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-53ca21169d5f7469:host:177.10.234.213	SESSION-53ca21169d5f7469 → host:177.10.234.213
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e88ec164d738844a:host:185.236.240.137	SESSION-e88ec164d738844a → host:185.236.240.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bf988ed4220ca0ac:SESSION-bf988ed4220ca0ac	SESSION-bf988ed4220ca0ac → pe:syn:SESSION-bf988ed4220ca0ac
FLOW_TO_HOSTOBS	e:to:SESSION-c3cd15ae05af1e0a:host:172.234.197.23	SESSION-c3cd15ae05af1e0a → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1dda0e3344468f76:host:177.10.239.62	SESSION-1dda0e3344468f76 → host:177.10.239.62
FLOW_DST_PORTOBS	e:fp:flow:45449e47259e:port:tcp:7309	flow:45449e47259e → port:tcp:7309
FLOW_FROM_HOSTOBS	e:from:SESSION-f67ce0567774b305:host:177.10.232.208	SESSION-f67ce0567774b305 → host:177.10.232.208
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5d0f919734488d0b:flow:071f43f6adb4	SESSION-5d0f919734488d0b → flow:071f43f6adb4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c05cd50533aa04ad:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c05cd50533aa04ad → PCAP:capture_20260430160001:9bfa4498506a
FLOW_TO_HOSTOBS	e:to:SESSION-8b1edba75af29ea2:host:172.234.197.23	SESSION-8b1edba75af29ea2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-455353f546d0ad3e:flow:3f3bc7b7f0bc	SESSION-455353f546d0ad3e → flow:3f3bc7b7f0bc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b53b1a2dc18d6354:flow:fafbc5eb93bd	SESSION-b53b1a2dc18d6354 → flow:fafbc5eb93bd
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.107:geo_-23.62930_-46.63510	host:131.196.31.107 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e1f57d75854220c:host:177.10.236.146	SESSION-0e1f57d75854220c → host:177.10.236.146
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8578034648884afe:host:131.196.29.4:host:172.234.197.23	SESSION-8578034648884afe → host:131.196.29.4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cac3103b39cc2b1a:flow:7638fc72224d	SESSION-cac3103b39cc2b1a → flow:7638fc72224d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8c917f93463d3774:PCAP:capture_20260430080001:93f47cc296a4	SESSION-8c917f93463d3774 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3f7e801a59e8e93f:flow:0fb65829cb27	SESSION-3f7e801a59e8e93f → flow:0fb65829cb27
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a7cfd4f435147ff3:host:177.10.236.236	SESSION-a7cfd4f435147ff3 → host:177.10.236.236
flow_observed4-aryOBS	e:fo:flow:dac34675aa7c	flow:dac34675aa7c → host:172.234.197.23 → host:177.10.238.97 → port:tcp:44765
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.23:geo_-16.28860_-49.01640	host:177.10.234.23 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cd8dbb599c016751:flow:3e996645afc3	SESSION-cd8dbb599c016751 → flow:3e996645afc3
FLOW_TO_HOSTOBS	e:to:SESSION-27ee7c401cb71f02:host:172.234.197.23	SESSION-27ee7c401cb71f02 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:88d5a4971090:port:tcp:47721	flow:88d5a4971090 → port:tcp:47721
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ad4be2ec0ec8e7ca:flow:dd422b411ab1	SESSION-ad4be2ec0ec8e7ca → flow:dd422b411ab1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5804e26655ff1a06:flow:eeea191af78d	SESSION-5804e26655ff1a06 → flow:eeea191af78d
flow_observed5-aryOBS	e:fo:flow:ddba3a69e313	flow:ddba3a69e313 → host:92.112.71.29 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e167d585a8e48501:PCAP:capture_20260430090001:065659c7d314	SESSION-e167d585a8e48501 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a9de26895ffb34a3:PCAP:capture_20260430070001:903a0e7a436b	SESSION-a9de26895ffb34a3 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-38f74251dfc6c10a:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-38f74251dfc6c10a → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-449915b4a668f160:host:172.234.197.23:host:177.10.234.135	SESSION-449915b4a668f160 → host:172.234.197.23 → host:177.10.234.135
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fce80bc522afcc8b:SESSION-fce80bc522afcc8b	SESSION-fce80bc522afcc8b → pe:syn:SESSION-fce80bc522afcc8b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79b570e2589cf059:host:131.196.29.90	SESSION-79b570e2589cf059 → host:131.196.29.90
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb29ab40cdae1c01:flow:5513de486200	SESSION-cb29ab40cdae1c01 → flow:5513de486200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da40d6e9bff8c88d:host:172.234.197.23	SESSION-da40d6e9bff8c88d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b96d3d249635b605:SESSION-b96d3d249635b605	SESSION-b96d3d249635b605 → pe:tls:SESSION-b96d3d249635b605
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e074701a4b6d6566:flow:a173045a2352	SESSION-e074701a4b6d6566 → flow:a173045a2352
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-49fc7ea897578489:flow:d2e20ee2a51f	SESSION-49fc7ea897578489 → flow:d2e20ee2a51f
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.87:asn:273470	host:45.173.156.87 → asn:273470
FLOW_DST_PORTOBS	e:fp:flow:de18500862da:port:tcp:443	flow:de18500862da → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-9868c83546c2d563:host:172.234.197.23	SESSION-9868c83546c2d563 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e2a4babdc2dc965:host:172.234.197.23	SESSION-9e2a4babdc2dc965 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ada1853624679841:flow:ec874a67e7cd	SESSION-ada1853624679841 → flow:ec874a67e7cd
FLOW_TO_HOSTOBS	e:to:SESSION-5eb3b0eaf7de1b7d:host:172.234.197.23	SESSION-5eb3b0eaf7de1b7d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.201:geo_-16.28860_-49.01640	host:177.10.239.201 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a412381d3ec6112:host:172.234.197.23	SESSION-4a412381d3ec6112 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-caaa6bcaac59e7b9:flow:bf17f6c649c7	SESSION-caaa6bcaac59e7b9 → flow:bf17f6c649c7
FLOW_DST_PORTOBS	e:fp:flow:c66a26c8ade1:port:tcp:443	flow:c66a26c8ade1 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb29ab40cdae1c01:host:177.10.237.18	SESSION-cb29ab40cdae1c01 → host:177.10.237.18
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0119815c01d3319:host:172.234.197.23	SESSION-c0119815c01d3319 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db60e018ea4d304a:host:131.196.28.0	SESSION-db60e018ea4d304a → host:131.196.28.0
flow_observed5-aryOBS	e:fo:flow:fd5aff6c936b	flow:fd5aff6c936b → host:131.196.29.50 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:41860dd78d25	flow:41860dd78d25 → host:172.234.197.23 → host:131.196.31.23 → port:tcp:63977
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.169:asn:273470	host:45.173.156.169 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bac5dc0e18d2349f:host:49.12.170.238	SESSION-bac5dc0e18d2349f → host:49.12.170.238
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7c85a8771eed4d0f:SESSION-7c85a8771eed4d0f	SESSION-7c85a8771eed4d0f → pe:tls:SESSION-7c85a8771eed4d0f
FLOW_TO_HOSTOBS	e:to:SESSION-933bde1224d44bcc:host:177.10.235.205	SESSION-933bde1224d44bcc → host:177.10.235.205
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0b8c772918251267:host:45.173.156.56:host:172.234.197.23	SESSION-0b8c772918251267 → host:45.173.156.56 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.136:asn:262880	host:177.10.233.136 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-95f80a98e12e105d:host:172.234.197.23:host:45.173.156.125	SESSION-95f80a98e12e105d → host:172.234.197.23 → host:45.173.156.125
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f8382ccd890fe862:PCAP:capture_20260430080001:93f47cc296a4	SESSION-f8382ccd890fe862 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-74d9117e815e4c77:BSG-BEACON-44d72b66ad6e	SESSION-74d9117e815e4c77 → BSG-BEACON-44d72b66ad6e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9582152c6f7e826d:PCAP:capture_20260430080001:93f47cc296a4	SESSION-9582152c6f7e826d → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f718644b6283d05d:host:177.10.238.29	SESSION-f718644b6283d05d → host:177.10.238.29
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6229e1e1c7b389d0:flow:5e3e928d9f8f	SESSION-6229e1e1c7b389d0 → flow:5e3e928d9f8f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-829f75d99e4943bf:host:177.10.235.5	SESSION-829f75d99e4943bf → host:177.10.235.5
FLOW_DST_PORTOBS	e:fp:flow:34b053eab7a8:port:tcp:32511	flow:34b053eab7a8 → port:tcp:32511
FLOW_TO_HOSTOBS	e:to:SESSION-1f991b6c62555b6c:host:172.234.197.23	SESSION-1f991b6c62555b6c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-68c9571f275cd182:SESSION-68c9571f275cd182	SESSION-68c9571f275cd182 → pe:syn:SESSION-68c9571f275cd182
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-174e61a8ff8b9c0e:host:172.234.197.23:host:131.196.29.16	SESSION-174e61a8ff8b9c0e → host:172.234.197.23 → host:131.196.29.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f42753b09b481d7e:SESSION-f42753b09b481d7e	SESSION-f42753b09b481d7e → pe:tls:SESSION-f42753b09b481d7e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.116:geo_-23.62930_-46.63510	host:131.196.28.116 → geo_-23.62930_-46.63510
flow_observed4-aryOBS	e:fo:flow:fb256eae480c	flow:fb256eae480c → host:172.234.197.23 → host:177.10.237.159 → port:tcp:43139
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bc1a8a6f7d90953a:PCAP:capture_20260430060001:919b39a74464	SESSION-bc1a8a6f7d90953a → PCAP:capture_20260430060001:919b39a74464
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.172:asn:273470	host:45.173.156.172 → asn:273470
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d3f8bf2b05f7ab82:host:172.234.197.23	SESSION-d3f8bf2b05f7ab82 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3f077149cc71812a:SESSION-3f077149cc71812a	SESSION-3f077149cc71812a → pe:tls:SESSION-3f077149cc71812a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0228dcfe5eb3ed0e:host:172.234.197.23	SESSION-0228dcfe5eb3ed0e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f81fa7919a8c03a8:SESSION-f81fa7919a8c03a8	SESSION-f81fa7919a8c03a8 → pe:tls:SESSION-f81fa7919a8c03a8
FLOW_FROM_HOSTOBS	e:from:SESSION-0844998e370f9b20:host:177.10.237.47	SESSION-0844998e370f9b20 → host:177.10.237.47
FLOW_TO_HOSTOBS	e:to:SESSION-39adf49608796443:host:172.234.197.23	SESSION-39adf49608796443 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-799494d5bb605f27:host:172.234.197.23	SESSION-799494d5bb605f27 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5bd73118ac3f9f7:host:131.196.29.67	SESSION-b5bd73118ac3f9f7 → host:131.196.29.67
flow_observed5-aryOBS	e:fo:flow:6dc46f3b4845	flow:6dc46f3b4845 → host:131.196.31.217 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c93964ffa7e29d50:host:177.10.232.193	SESSION-c93964ffa7e29d50 → host:177.10.232.193
FLOW_FROM_HOSTOBS	e:from:SESSION-3d526a62cd76fa97:host:131.196.29.235	SESSION-3d526a62cd76fa97 → host:131.196.29.235
FLOW_FROM_HOSTOBS	e:from:SESSION-4b00d7db41be144d:host:177.10.234.29	SESSION-4b00d7db41be144d → host:177.10.234.29
FLOW_DST_PORTOBS	e:fp:flow:7bd8690a791a:port:tcp:443	flow:7bd8690a791a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1228b317d5ce27b4:host:45.173.156.194	SESSION-1228b317d5ce27b4 → host:45.173.156.194
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2139588c74105d1b:host:172.234.197.23	SESSION-2139588c74105d1b → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fed96f9f16ada01c:flow:562b1afc797f	SESSION-fed96f9f16ada01c → flow:562b1afc797f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e45220a51eb759d9:host:172.234.197.23	SESSION-e45220a51eb759d9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-36f4c424d3b5f86e:host:177.10.235.36	SESSION-36f4c424d3b5f86e → host:177.10.235.36
flow_observed5-aryOBS	e:fo:flow:dcab33a7f74b	flow:dcab33a7f74b → host:177.10.233.60 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-42eae260ad8ea663:host:172.234.197.23	SESSION-42eae260ad8ea663 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-574dd53dd07894c0:host:172.234.197.23	SESSION-574dd53dd07894c0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08b637759d13ec04:host:172.234.197.23	SESSION-08b637759d13ec04 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c1640005abec031d:host:172.234.197.23	SESSION-c1640005abec031d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b0821df7b169e6a:host:131.196.28.196	SESSION-4b0821df7b169e6a → host:131.196.28.196
FLOW_FROM_HOSTOBS	e:from:SESSION-b81fa97d99ce77b6:host:131.196.29.199	SESSION-b81fa97d99ce77b6 → host:131.196.29.199
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c24aca5564d2ae55:host:172.234.197.23	SESSION-c24aca5564d2ae55 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.174:geo_-16.28860_-49.01640	host:177.10.239.174 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-77c4b389d95f1453:host:172.234.197.23	SESSION-77c4b389d95f1453 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-30ae225adc0bd1e0:host:177.10.234.2	SESSION-30ae225adc0bd1e0 → host:177.10.234.2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21b1ebb6f3d7bd68:host:172.232.0.16	SESSION-21b1ebb6f3d7bd68 → host:172.232.0.16
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-77c18cfa23ea97ee:flow:72ecfaac0bcc	SESSION-77c18cfa23ea97ee → flow:72ecfaac0bcc
flow_observed5-aryOBS	e:fo:flow:3c358770241f	flow:3c358770241f → host:177.10.237.86 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0ad9c0df7a65aa03:host:172.234.197.23	SESSION-0ad9c0df7a65aa03 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0ccbf098e115515a:flow:cc8ad11dacf5	SESSION-0ccbf098e115515a → flow:cc8ad11dacf5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-64a8475d206a0785:SESSION-64a8475d206a0785	SESSION-64a8475d206a0785 → pe:syn:SESSION-64a8475d206a0785
FLOW_TO_HOSTOBS	e:to:SESSION-6617d8dfad1357d9:host:172.234.197.23	SESSION-6617d8dfad1357d9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-92547fda1a59fab0:host:131.196.28.217	SESSION-92547fda1a59fab0 → host:131.196.28.217
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b045e9fec039082:host:172.234.197.23	SESSION-5b045e9fec039082 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32551388ee5c6c20:host:172.234.197.23	SESSION-32551388ee5c6c20 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b00134b34a3a387f:flow:701784ac65ea	SESSION-b00134b34a3a387f → flow:701784ac65ea
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9866420dbc5d2da0:host:172.234.197.23	SESSION-9866420dbc5d2da0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bb20bb92bfdba895:SESSION-bb20bb92bfdba895	SESSION-bb20bb92bfdba895 → pe:tls:SESSION-bb20bb92bfdba895
flow_observed5-aryOBS	e:fo:flow:625b35d276e8	flow:625b35d276e8 → host:177.10.237.47 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eff9d1155e5c571f:host:177.10.232.251	SESSION-eff9d1155e5c571f → host:177.10.232.251
flow_observed5-aryOBS	e:fo:flow:b59b545e522a	flow:b59b545e522a → host:177.10.237.127 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a2005509481f3ca7:SESSION-a2005509481f3ca7	SESSION-a2005509481f3ca7 → pe:syn:SESSION-a2005509481f3ca7
FLOW_FROM_HOSTOBS	e:from:SESSION-ab185a89adee30ab:host:172.234.197.23	SESSION-ab185a89adee30ab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-077636b939c69f3b:host:92.112.71.131	SESSION-077636b939c69f3b → host:92.112.71.131
FLOW_FROM_HOSTOBS	e:from:SESSION-113c4b09005431cc:host:131.196.29.155	SESSION-113c4b09005431cc → host:131.196.29.155
flow_observed4-aryOBS	e:fo:flow:9400ae221d41	flow:9400ae221d41 → host:172.234.197.23 → host:177.10.236.53 → port:tcp:54938
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3560085925cb3717:SESSION-3560085925cb3717	SESSION-3560085925cb3717 → pe:syn:SESSION-3560085925cb3717
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b96d3d249635b605:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b96d3d249635b605 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d5d721b5ee8bbbc:host:172.234.197.23	SESSION-5d5d721b5ee8bbbc → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:0e2ef251883e	flow:0e2ef251883e → host:177.10.239.97 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:140ad25dbfdb:port:tcp:443	flow:140ad25dbfdb → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:6a0990d94d28:port:tcp:10147	flow:6a0990d94d28 → port:tcp:10147
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d815390d9091f577:host:172.234.197.23:host:131.196.30.212	SESSION-d815390d9091f577 → host:172.234.197.23 → host:131.196.30.212
flow_observed5-aryOBS	e:fo:flow:b79e234ad6fb	flow:b79e234ad6fb → host:177.10.237.196 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-af24c7046d264e7e:SESSION-af24c7046d264e7e	SESSION-af24c7046d264e7e → pe:tls:SESSION-af24c7046d264e7e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eade11f9b06e449a:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-eade11f9b06e449a → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4636706714da3434:SESSION-4636706714da3434	SESSION-4636706714da3434 → pe:tls:SESSION-4636706714da3434
FLOW_DST_PORTOBS	e:fp:flow:ab4ed9ea97af:port:tcp:7698	flow:ab4ed9ea97af → port:tcp:7698
FLOW_TO_HOSTOBS	e:to:SESSION-4b5ce2843c92e119:host:172.234.197.23	SESSION-4b5ce2843c92e119 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b5bdfdede605	flow:b5bdfdede605 → host:131.196.29.172 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-70e7a4a5208b1da3:host:172.234.197.23	SESSION-70e7a4a5208b1da3 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.39:asn:262880	host:177.10.236.39 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e3ba2cf190ed0b5c:host:131.196.28.18	SESSION-e3ba2cf190ed0b5c → host:131.196.28.18
FLOW_TO_HOSTOBS	e:to:SESSION-b7832d3594ed31e4:host:172.234.197.23	SESSION-b7832d3594ed31e4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-252ece6cab0420bc:SESSION-252ece6cab0420bc	SESSION-252ece6cab0420bc → pe:tls:SESSION-252ece6cab0420bc
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3b13920773df7284:host:131.196.29.103:host:172.234.197.23	SESSION-3b13920773df7284 → host:131.196.29.103 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3992ce7fa8ec	flow:3992ce7fa8ec → host:177.10.234.206 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-608f6686d64f8e3e:SESSION-608f6686d64f8e3e	SESSION-608f6686d64f8e3e → pe:syn:SESSION-608f6686d64f8e3e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-61267dc46edf9a47:flow:7ae3387e1a5f	SESSION-61267dc46edf9a47 → flow:7ae3387e1a5f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f838b992fed206a8:SESSION-f838b992fed206a8	SESSION-f838b992fed206a8 → pe:tls:SESSION-f838b992fed206a8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-352588f71ded414b:SESSION-352588f71ded414b	SESSION-352588f71ded414b → pe:syn:SESSION-352588f71ded414b
FLOW_DST_PORTOBS	e:fp:flow:754fbbf1532a:port:tcp:20516	flow:754fbbf1532a → port:tcp:20516
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96623b45a0a307c2:SESSION-96623b45a0a307c2	SESSION-96623b45a0a307c2 → pe:syn:SESSION-96623b45a0a307c2
FLOW_TO_HOSTOBS	e:to:SESSION-48726e3ec935fccb:host:172.234.197.23	SESSION-48726e3ec935fccb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-61edd9328a7eff0d:host:172.234.197.23	SESSION-61edd9328a7eff0d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4ecf1376a54312e6:host:131.196.30.162	SESSION-4ecf1376a54312e6 → host:131.196.30.162
FLOW_TO_HOSTOBS	e:to:SESSION-5405d05650907428:host:172.234.197.23	SESSION-5405d05650907428 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-112f4fdeb678f643:host:172.234.197.23:host:177.10.238.116	SESSION-112f4fdeb678f643 → host:172.234.197.23 → host:177.10.238.116
FLOW_TO_HOSTOBS	e:to:SESSION-5b1f042103d1727f:host:172.234.197.23	SESSION-5b1f042103d1727f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2794803b6e3661a7:host:177.10.238.156	SESSION-2794803b6e3661a7 → host:177.10.238.156
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c1aa9055f8e3197b:flow:bd9b4d688669	SESSION-c1aa9055f8e3197b → flow:bd9b4d688669
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-75c1b247d58a4094:PCAP:capture_20260428010001:b1b402c7b202	SESSION-75c1b247d58a4094 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-212f7b3a9bb90264:flow:4fedbb5ad08e	SESSION-212f7b3a9bb90264 → flow:4fedbb5ad08e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5cb3d18d192da5f3:SESSION-5cb3d18d192da5f3	SESSION-5cb3d18d192da5f3 → pe:syn:SESSION-5cb3d18d192da5f3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-875fd6bdbe4ae339:SESSION-875fd6bdbe4ae339	SESSION-875fd6bdbe4ae339 → pe:tls:SESSION-875fd6bdbe4ae339
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4eec40051c49c7bf:host:131.196.30.194	SESSION-4eec40051c49c7bf → host:131.196.30.194
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f5731b0b8f40f73a:SESSION-f5731b0b8f40f73a	SESSION-f5731b0b8f40f73a → pe:syn:SESSION-f5731b0b8f40f73a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f65d16e06243eafc:SESSION-f65d16e06243eafc	SESSION-f65d16e06243eafc → pe:tls:SESSION-f65d16e06243eafc
FLOW_FROM_HOSTOBS	e:from:SESSION-c639517e7e5752d7:host:95.135.228.17	SESSION-c639517e7e5752d7 → host:95.135.228.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-687dc6215da3af8c:SESSION-687dc6215da3af8c	SESSION-687dc6215da3af8c → pe:tls:SESSION-687dc6215da3af8c
FLOW_TO_HOSTOBS	e:to:SESSION-c5ac08008a4ed5c1:host:172.234.197.23	SESSION-c5ac08008a4ed5c1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0378764a4149:port:tcp:13397	flow:0378764a4149 → port:tcp:13397
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9c68429e2f7bfcd9:SESSION-9c68429e2f7bfcd9	SESSION-9c68429e2f7bfcd9 → pe:syn:SESSION-9c68429e2f7bfcd9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e271128847ae06df:flow:e54bcb908ef4	SESSION-e271128847ae06df → flow:e54bcb908ef4
flow_observed5-aryOBS	e:fo:flow:010c8d6bcc21	flow:010c8d6bcc21 → host:177.10.234.71 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-ac0f4c4f1d3b1c15:host:172.234.197.23	SESSION-ac0f4c4f1d3b1c15 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ea2f6118de4330ea:flow:cf96beddf3bc	SESSION-ea2f6118de4330ea → flow:cf96beddf3bc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d1a930dc0f03fa17:SESSION-d1a930dc0f03fa17	SESSION-d1a930dc0f03fa17 → pe:syn:SESSION-d1a930dc0f03fa17
flow_observed4-aryOBS	e:fo:flow:28a3cd6fd6a8	flow:28a3cd6fd6a8 → host:172.234.197.23 → host:131.196.30.7 → port:tcp:23432
flow_observed5-aryOBS	e:fo:flow:e0d57b41a397	flow:e0d57b41a397 → host:177.10.236.251 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-858e7fe3651dc7b6:PCAP:capture_20260430110001:43611bdf6759	SESSION-858e7fe3651dc7b6 → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.18:asn:271410	host:131.196.28.18 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-bb0c069bf1f40e5a:host:54.91.240.230	SESSION-bb0c069bf1f40e5a → host:54.91.240.230
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cf1b38a91c361f4b:flow:0dfe7cae9b59	SESSION-cf1b38a91c361f4b → flow:0dfe7cae9b59
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a47ed447671c9b0b:flow:dfe895f305cc	SESSION-a47ed447671c9b0b → flow:dfe895f305cc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c178d8ef65578b24:host:172.234.197.23	SESSION-c178d8ef65578b24 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3854a3544c69d398:host:172.234.197.23	SESSION-3854a3544c69d398 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2096050a1fa0221d:host:172.234.197.23	SESSION-2096050a1fa0221d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3e70a8d6fd08b895:PCAP:capture_20260430090001:065659c7d314	SESSION-3e70a8d6fd08b895 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5133340de07cf838:SESSION-5133340de07cf838	SESSION-5133340de07cf838 → pe:syn:SESSION-5133340de07cf838
FLOW_FROM_HOSTOBS	e:from:SESSION-8ae580f5c3468d66:host:177.10.233.13	SESSION-8ae580f5c3468d66 → host:177.10.233.13
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4636706714da3434:flow:9183ca0bc5df	SESSION-4636706714da3434 → flow:9183ca0bc5df
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d5d249db6ec3f34e:SESSION-d5d249db6ec3f34e	SESSION-d5d249db6ec3f34e → pe:tls:SESSION-d5d249db6ec3f34e
FLOW_DST_PORTOBS	e:fp:flow:aee0a53970e5:port:tcp:443	flow:aee0a53970e5 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-6054bbc1a24cbf34:host:131.196.29.164	SESSION-6054bbc1a24cbf34 → host:131.196.29.164
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-154a0a352559b94b:PCAP:capture_20260430160001:9bfa4498506a	SESSION-154a0a352559b94b → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-70ca21a7c0c8fc42:host:172.234.197.23	SESSION-70ca21a7c0c8fc42 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:cd6b04abe81f	flow:cd6b04abe81f → host:177.10.238.195 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:b577caf03caf:port:tcp:443	flow:b577caf03caf → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-184aec41cea03479:flow:a926b88006fe	SESSION-184aec41cea03479 → flow:a926b88006fe
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-08b637759d13ec04:host:131.196.30.201:host:172.234.197.23	SESSION-08b637759d13ec04 → host:131.196.30.201 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b61a304f889dfad6:flow:6fd31bcc48c3	SESSION-b61a304f889dfad6 → flow:6fd31bcc48c3
flow_observed5-aryOBS	e:fo:flow:1df367a3fbb6	flow:1df367a3fbb6 → host:131.196.28.231 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:20044e4ee2fa	flow:20044e4ee2fa → host:172.234.197.23 → host:177.10.236.120 → port:tcp:27326
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-517e17fbfcdc9eaf:flow:97684df2988c	SESSION-517e17fbfcdc9eaf → flow:97684df2988c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-710eb7de55f51893:flow:3b557a8dfb82	SESSION-710eb7de55f51893 → flow:3b557a8dfb82
FLOW_TO_HOSTOBS	e:to:SESSION-68282fbeb04671d9:host:177.10.237.54	SESSION-68282fbeb04671d9 → host:177.10.237.54
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ee2f1f025d37aa07:SESSION-ee2f1f025d37aa07	SESSION-ee2f1f025d37aa07 → pe:syn:SESSION-ee2f1f025d37aa07
FLOW_TO_HOSTOBS	e:to:SESSION-9a207ecea3558884:host:172.232.0.17	SESSION-9a207ecea3558884 → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2f890b9cda6af294:SESSION-2f890b9cda6af294	SESSION-2f890b9cda6af294 → pe:syn:SESSION-2f890b9cda6af294
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.231:asn:271410	host:131.196.30.231 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-1f299703bc1b4ff9:host:177.10.239.148	SESSION-1f299703bc1b4ff9 → host:177.10.239.148
FLOW_TO_HOSTOBS	e:to:SESSION-e182e837f26eb64a:host:172.234.197.23	SESSION-e182e837f26eb64a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-27d1e1e2170d683a:host:131.196.28.5	SESSION-27d1e1e2170d683a → host:131.196.28.5
flow_observed5-aryOBS	e:fo:flow:02c86af336eb	flow:02c86af336eb → host:91.240.224.238 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5626602f012a6e70:host:172.234.197.23	SESSION-5626602f012a6e70 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.125:asn:271410	host:131.196.28.125 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d06d4272bf4950c7:SESSION-d06d4272bf4950c7	SESSION-d06d4272bf4950c7 → pe:syn:SESSION-d06d4272bf4950c7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3c1e38c6e6df43f1:SESSION-3c1e38c6e6df43f1	SESSION-3c1e38c6e6df43f1 → pe:syn:SESSION-3c1e38c6e6df43f1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-caa2e371708bdf2e:host:131.196.31.64	SESSION-caa2e371708bdf2e → host:131.196.31.64
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d11580ecaeb7d77b:host:177.10.232.191	SESSION-d11580ecaeb7d77b → host:177.10.232.191
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2f890b9cda6af294:SESSION-2f890b9cda6af294	SESSION-2f890b9cda6af294 → pe:tls:SESSION-2f890b9cda6af294
FLOW_DST_PORTOBS	e:fp:flow:70aa4289986d:port:tcp:443	flow:70aa4289986d → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-733b7037c38abbcf:host:177.10.235.129	SESSION-733b7037c38abbcf → host:177.10.235.129
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-980b61ddea9c5965:flow:e948c653dadd	SESSION-980b61ddea9c5965 → flow:e948c653dadd
FLOW_DST_PORTOBS	e:fp:flow:ede82bb3f685:port:udp:53	flow:ede82bb3f685 → port:udp:53
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-458faec2c6be4af1:flow:73ec004c322c	SESSION-458faec2c6be4af1 → flow:73ec004c322c
FLOW_TO_HOSTOBS	e:to:SESSION-8ec199f8b9a6f389:host:172.234.197.23	SESSION-8ec199f8b9a6f389 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e26c1de83807ce87:host:177.10.233.182:host:172.234.197.23	SESSION-e26c1de83807ce87 → host:177.10.233.182 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f65d16e06243eafc:PCAP:capture_20260430150001:ded20914761d	SESSION-f65d16e06243eafc → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6fda720fc6282204:flow:3956b259f30f	SESSION-6fda720fc6282204 → flow:3956b259f30f
FLOW_TO_HOSTOBS	e:to:SESSION-22ef7e58c288a4dd:host:172.234.197.23	SESSION-22ef7e58c288a4dd → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9d8b8dec8477:port:tcp:443	flow:9d8b8dec8477 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:5741256ce11e:port:tcp:443	flow:5741256ce11e → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-417f532a2a507181:host:177.10.238.158	SESSION-417f532a2a507181 → host:177.10.238.158
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e52ff6e3dab6ecf9:PCAP:capture_20260430110001:43611bdf6759	SESSION-e52ff6e3dab6ecf9 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-de82cbdf751e150b:host:177.10.234.64	SESSION-de82cbdf751e150b → host:177.10.234.64
flow_observed5-aryOBS	e:fo:flow:802362c03be8	flow:802362c03be8 → host:45.173.156.192 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8d587dd5c581936e:flow:f5c1b7b44120	SESSION-8d587dd5c581936e → flow:f5c1b7b44120
FLOW_TO_HOSTOBS	e:to:SESSION-7bd472de7dbc823f:host:45.173.156.209	SESSION-7bd472de7dbc823f → host:45.173.156.209
FLOW_FROM_HOSTOBS	e:from:SESSION-d269b4a1c84321cd:host:172.234.197.23	SESSION-d269b4a1c84321cd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c8300d990ddd9a21:SESSION-c8300d990ddd9a21	SESSION-c8300d990ddd9a21 → pe:syn:SESSION-c8300d990ddd9a21
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.10:asn:271410	host:131.196.31.10 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.115:geo_-16.28860_-49.01640	host:177.10.236.115 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-911659ba7d4041d9:host:177.10.239.24:host:172.234.197.23	SESSION-911659ba7d4041d9 → host:177.10.239.24 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6fd2d6a70384f754:host:185.231.226.45:host:172.234.197.23	SESSION-6fd2d6a70384f754 → host:185.231.226.45 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ce047c01fb54580f:host:45.173.156.239	SESSION-ce047c01fb54580f → host:45.173.156.239
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac3abc26fe7d2af5:host:172.234.197.23	SESSION-ac3abc26fe7d2af5 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.190:geo_-21.10010_-41.69200	host:45.173.156.190 → geo_-21.10010_-41.69200
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.129:asn:262880	host:177.10.232.129 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-da64f1d11a78111b:host:131.196.28.230	SESSION-da64f1d11a78111b → host:131.196.28.230
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-38f74251dfc6c10a:BSG-BEACON-a8a8c3c8a37f	SESSION-38f74251dfc6c10a → BSG-BEACON-a8a8c3c8a37f
FLOW_FROM_HOSTOBS	e:from:SESSION-1ff9e39cb371b24f:host:172.234.197.23	SESSION-1ff9e39cb371b24f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4db3abe06a9505c7:host:172.234.197.23	SESSION-4db3abe06a9505c7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-205f7c84653f0fb6:host:172.234.197.23	SESSION-205f7c84653f0fb6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-745ac23dbe7bf2d2:SESSION-745ac23dbe7bf2d2	SESSION-745ac23dbe7bf2d2 → pe:tls:SESSION-745ac23dbe7bf2d2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7fd0e8f46f0bc660:SESSION-7fd0e8f46f0bc660	SESSION-7fd0e8f46f0bc660 → pe:syn:SESSION-7fd0e8f46f0bc660
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1947a05c179b1d2:host:131.196.28.79	SESSION-c1947a05c179b1d2 → host:131.196.28.79
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76b0da8a82e9902a:host:177.10.235.137	SESSION-76b0da8a82e9902a → host:177.10.235.137
FLOW_FROM_HOSTOBS	e:from:SESSION-38d81f2383b0ad0b:host:172.234.197.23	SESSION-38d81f2383b0ad0b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-65274afd8d8bc249:host:37.221.79.55	SESSION-65274afd8d8bc249 → host:37.221.79.55
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-671ee03668a9eda8:host:177.10.239.252	SESSION-671ee03668a9eda8 → host:177.10.239.252
FLOW_FROM_HOSTOBS	e:from:SESSION-7301756ca24c49ab:host:177.10.239.235	SESSION-7301756ca24c49ab → host:177.10.239.235
FLOW_DST_PORTOBS	e:fp:flow:457e8ed21eb2:port:tcp:65184	flow:457e8ed21eb2 → port:tcp:65184
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-222c821677f323de:host:45.173.156.198:host:172.234.197.23	SESSION-222c821677f323de → host:45.173.156.198 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb9e9108ca8bff14:host:172.234.197.23	SESSION-cb9e9108ca8bff14 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bb512b6db53333ff:SESSION-bb512b6db53333ff	SESSION-bb512b6db53333ff → pe:tls:SESSION-bb512b6db53333ff
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-393eb1cd54ab212e:host:172.234.197.23	SESSION-393eb1cd54ab212e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db60e018ea4d304a:SESSION-db60e018ea4d304a	SESSION-db60e018ea4d304a → pe:tls:SESSION-db60e018ea4d304a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1bb46c5efd0c0159:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1bb46c5efd0c0159 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a5292197f57e4263:host:177.10.235.35:host:172.234.197.23	SESSION-a5292197f57e4263 → host:177.10.235.35 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.118:geo_-16.28860_-49.01640	host:177.10.239.118 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fc95fe30edf5706:host:177.10.234.32	SESSION-5fc95fe30edf5706 → host:177.10.234.32
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6cb17c89d7425739:SESSION-6cb17c89d7425739	SESSION-6cb17c89d7425739 → pe:syn:SESSION-6cb17c89d7425739
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a0efb63412ce5061:SESSION-a0efb63412ce5061	SESSION-a0efb63412ce5061 → pe:tls:SESSION-a0efb63412ce5061
FLOW_FROM_HOSTOBS	e:from:SESSION-2348046789aa81fe:host:131.196.28.153	SESSION-2348046789aa81fe → host:131.196.28.153
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-94eb707cf5b0b4ef:SESSION-94eb707cf5b0b4ef	SESSION-94eb707cf5b0b4ef → pe:tls:SESSION-94eb707cf5b0b4ef
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-94e9de291da3c2c9:PCAP:capture_20260430110001:43611bdf6759	SESSION-94e9de291da3c2c9 → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bc37b0c14be06192:SESSION-bc37b0c14be06192	SESSION-bc37b0c14be06192 → pe:tls:SESSION-bc37b0c14be06192
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.220:geo_-16.28860_-49.01640	host:177.10.236.220 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be374c360242db8a:flow:171a150e17c9	SESSION-be374c360242db8a → flow:171a150e17c9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e5496341eed0b869:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e5496341eed0b869 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.43:geo_-16.28860_-49.01640	host:177.10.237.43 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.159:asn:262880	host:177.10.239.159 → asn:262880
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-11da84003d7810c4:BSG-DATA_EXFIL-6e4361b4e239	SESSION-11da84003d7810c4 → BSG-DATA_EXFIL-6e4361b4e239
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2b54b11bede7a4d5:flow:b9b222cba2fe	SESSION-2b54b11bede7a4d5 → flow:b9b222cba2fe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-da64f1d11a78111b:SESSION-da64f1d11a78111b	SESSION-da64f1d11a78111b → pe:tls:SESSION-da64f1d11a78111b
FLOW_DST_PORTOBS	e:fp:flow:05ba29ffa20b:port:tcp:443	flow:05ba29ffa20b → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.6:geo_-23.62930_-46.63510	host:131.196.31.6 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-57e30ec2e308e552:host:172.234.197.23	SESSION-57e30ec2e308e552 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ddc78ca2e1d7:port:tcp:443	flow:ddc78ca2e1d7 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7771c9cc3604c57a:PCAP:capture_20260430150001:ded20914761d	SESSION-7771c9cc3604c57a → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eed27da13c534290:SESSION-eed27da13c534290	SESSION-eed27da13c534290 → pe:tls:SESSION-eed27da13c534290
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-83dd76c193cbd2e0:host:51.210.99.95:host:172.234.197.23	SESSION-83dd76c193cbd2e0 → host:51.210.99.95 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7759d4a46d500e47:host:172.234.197.23	SESSION-7759d4a46d500e47 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-76fc6cf591b9ed20:host:177.10.235.15	SESSION-76fc6cf591b9ed20 → host:177.10.235.15
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.242:geo_-23.62930_-46.63510	host:131.196.30.242 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ef1bfc51ed52e33:PCAP:capture_20260430090001:065659c7d314	SESSION-8ef1bfc51ed52e33 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-208c35e6fa834cd1:SESSION-208c35e6fa834cd1	SESSION-208c35e6fa834cd1 → pe:tls:SESSION-208c35e6fa834cd1
flow_observed5-aryOBS	e:fo:flow:018ac0da39dd	flow:018ac0da39dd → host:131.196.29.107 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aec4f33b062c0e6b:host:172.234.197.23	SESSION-aec4f33b062c0e6b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64abd49ab16af3e3:host:172.234.197.23	SESSION-64abd49ab16af3e3 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:99cb1af3b415	flow:99cb1af3b415 → host:172.234.197.23 → host:131.196.30.131 → port:tcp:11396
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e2a1b696130dd57:host:172.234.197.23	SESSION-8e2a1b696130dd57 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:90f2d84aceea:port:tcp:443	flow:90f2d84aceea → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:8c110534c1df	flow:8c110534c1df → host:177.10.239.86 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:64d50f2445dd:port:tcp:50600	flow:64d50f2445dd → port:tcp:50600
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f8ffffed45ee6ab8:host:177.10.233.253:host:172.234.197.23	SESSION-f8ffffed45ee6ab8 → host:177.10.233.253 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:85b91edb54d3:port:tcp:443	flow:85b91edb54d3 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-1ce2516dd8311d56:host:172.234.197.23	SESSION-1ce2516dd8311d56 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3753f50df565:port:tcp:31438	flow:3753f50df565 → port:tcp:31438
flow_observed5-aryOBS	e:fo:flow:1e3df4bbc206	flow:1e3df4bbc206 → host:177.10.236.8 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-39e4fa54be3b3e55:SESSION-39e4fa54be3b3e55	SESSION-39e4fa54be3b3e55 → pe:syn:SESSION-39e4fa54be3b3e55
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.19:asn:262880	host:177.10.237.19 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-27f830f77ddb5dd1:host:177.10.236.153	SESSION-27f830f77ddb5dd1 → host:177.10.236.153
FLOW_DST_PORTOBS	e:fp:flow:02bec74f62e0:port:tcp:33435	flow:02bec74f62e0 → port:tcp:33435
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-168a40fae7c0f56d:host:177.10.236.77:host:172.234.197.23	SESSION-168a40fae7c0f56d → host:177.10.236.77 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:163c6cea425f:port:tcp:42182	flow:163c6cea425f → port:tcp:42182
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96878fba39db06d8:host:177.10.236.191	SESSION-96878fba39db06d8 → host:177.10.236.191
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.222:geo_-16.28860_-49.01640	host:177.10.233.222 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-c3db1a0404e21661:host:131.196.29.128	SESSION-c3db1a0404e21661 → host:131.196.29.128
FLOW_DST_PORTOBS	e:fp:flow:ee0e8e42a22e:port:tcp:9901	flow:ee0e8e42a22e → port:tcp:9901
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3fb8ed1fbc81e736:flow:f4c8a98cb929	SESSION-3fb8ed1fbc81e736 → flow:f4c8a98cb929
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d7bdeba7c000ea7:host:172.234.197.23	SESSION-1d7bdeba7c000ea7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6e3139069f2c261e:flow:6b19deea6359	SESSION-6e3139069f2c261e → flow:6b19deea6359
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.226:asn:271410	host:131.196.29.226 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e987eea1f59290d7:host:51.92.14.54	SESSION-e987eea1f59290d7 → host:51.92.14.54
FLOW_DST_PORTOBS	e:fp:flow:84d4e523a6b1:port:tcp:33682	flow:84d4e523a6b1 → port:tcp:33682
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.21:geo_-23.62930_-46.63510	host:131.196.31.21 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c8300d990ddd9a21:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c8300d990ddd9a21 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-62e68b494cd2572d:host:177.10.236.92	SESSION-62e68b494cd2572d → host:177.10.236.92
FLOW_TO_HOSTOBS	e:to:SESSION-9e4489cf6c262aa3:host:172.234.197.23	SESSION-9e4489cf6c262aa3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4ce89d337c6c28e5:SESSION-4ce89d337c6c28e5	SESSION-4ce89d337c6c28e5 → pe:tls:SESSION-4ce89d337c6c28e5
FLOW_FROM_HOSTOBS	e:from:SESSION-d585afab4eb6ac7e:host:172.234.197.23	SESSION-d585afab4eb6ac7e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-13f8871a9bd8cb8e:host:131.196.29.15:host:172.234.197.23	SESSION-13f8871a9bd8cb8e → host:131.196.29.15 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b72f7dde05c7e1dd:SESSION-b72f7dde05c7e1dd	SESSION-b72f7dde05c7e1dd → pe:syn:SESSION-b72f7dde05c7e1dd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-633c88960b55f389:host:172.234.197.23	SESSION-633c88960b55f389 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-433230166b97139a:PCAP:capture_20260430090001:065659c7d314	SESSION-433230166b97139a → PCAP:capture_20260430090001:065659c7d314
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.176:asn:271410	host:131.196.28.176 → asn:271410
flow_observed4-aryOBS	e:fo:flow:1f7c37615ab5	flow:1f7c37615ab5 → host:172.234.197.23 → host:177.10.234.93 → port:tcp:5173
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9582152c6f7e826d:flow:944985e9d942	SESSION-9582152c6f7e826d → flow:944985e9d942
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c8c94fcea26d4cb3:flow:4a4d65023e3f	SESSION-c8c94fcea26d4cb3 → flow:4a4d65023e3f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be2d81a12844874f:host:177.10.234.193	SESSION-be2d81a12844874f → host:177.10.234.193
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-68adb943f73c50e9:SESSION-68adb943f73c50e9	SESSION-68adb943f73c50e9 → pe:tls:SESSION-68adb943f73c50e9
FLOW_TO_HOSTOBS	e:to:SESSION-1cb1824ec0ef0f8a:host:177.10.236.14	SESSION-1cb1824ec0ef0f8a → host:177.10.236.14
FLOW_TO_HOSTOBS	e:to:SESSION-3573d87c5a129f8e:host:177.10.232.63	SESSION-3573d87c5a129f8e → host:177.10.232.63
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.135:asn:262880	host:177.10.234.135 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d5aeffc2a4b56ba0:SESSION-d5aeffc2a4b56ba0	SESSION-d5aeffc2a4b56ba0 → pe:syn:SESSION-d5aeffc2a4b56ba0
flow_observed5-aryOBS	e:fo:flow:3377862fd32b	flow:3377862fd32b → host:177.10.235.90 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-019264e09ceae880:host:172.234.197.23	SESSION-019264e09ceae880 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9a6aeb664ff97dbd:PCAP:capture_20260430050001:8868731bf8a4	SESSION-9a6aeb664ff97dbd → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-054885aa6e2323da:SESSION-054885aa6e2323da	SESSION-054885aa6e2323da → pe:syn:SESSION-054885aa6e2323da
FLOW_FROM_HOSTOBS	e:from:SESSION-83267dedfd50dbe7:host:177.10.239.72	SESSION-83267dedfd50dbe7 → host:177.10.239.72
FLOW_TO_HOSTOBS	e:to:SESSION-383c10f8cce4ec29:host:172.234.197.23	SESSION-383c10f8cce4ec29 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d618ae22306fa7b9:host:177.10.234.91:host:172.234.197.23	SESSION-d618ae22306fa7b9 → host:177.10.234.91 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-02deb29800889c11:SESSION-02deb29800889c11	SESSION-02deb29800889c11 → pe:tls:SESSION-02deb29800889c11
FLOW_DST_PORTOBS	e:fp:flow:d3e623b4b6ff:port:tcp:443	flow:d3e623b4b6ff → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-e652971bc7c2d2d5:host:131.196.29.240	SESSION-e652971bc7c2d2d5 → host:131.196.29.240
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5bf52bbf16270a2a:SESSION-5bf52bbf16270a2a	SESSION-5bf52bbf16270a2a → pe:tls:SESSION-5bf52bbf16270a2a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ad3aa4b6b6de70e6:SESSION-ad3aa4b6b6de70e6	SESSION-ad3aa4b6b6de70e6 → pe:tls:SESSION-ad3aa4b6b6de70e6
FLOW_DST_PORTOBS	e:fp:flow:c6a015f3a684:port:tcp:443	flow:c6a015f3a684 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-2faf2af9b390693e:SESSION-2faf2af9b390693e	SESSION-2faf2af9b390693e → pe:rst:SESSION-2faf2af9b390693e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-06814c349a39e79e:SESSION-06814c349a39e79e	SESSION-06814c349a39e79e → pe:tls:SESSION-06814c349a39e79e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d45ffa0c695899f:host:172.234.197.23:host:131.196.30.160	SESSION-1d45ffa0c695899f → host:172.234.197.23 → host:131.196.30.160
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.97:geo_-16.28860_-49.01640	host:177.10.235.97 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-50e84f588759fadd:host:131.196.31.48	SESSION-50e84f588759fadd → host:131.196.31.48
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d9a539c485f657b5:SESSION-d9a539c485f657b5	SESSION-d9a539c485f657b5 → pe:tls:SESSION-d9a539c485f657b5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-33348e69a2613db6:flow:7241d561d9f2	SESSION-33348e69a2613db6 → flow:7241d561d9f2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5d8922fd6595a71f:SESSION-5d8922fd6595a71f	SESSION-5d8922fd6595a71f → pe:tls:SESSION-5d8922fd6595a71f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff2c95cfb4d3a4dd:host:44.243.2.252	SESSION-ff2c95cfb4d3a4dd → host:44.243.2.252
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-97a6ca320e2242f6:SESSION-97a6ca320e2242f6	SESSION-97a6ca320e2242f6 → pe:syn:SESSION-97a6ca320e2242f6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e859a84eb4eaf300:host:172.234.197.23	SESSION-e859a84eb4eaf300 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:17eb0e2e292b:port:tcp:443	flow:17eb0e2e292b → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c54c8f2f9fead0c6:PCAP:capture_20260430050001:8868731bf8a4	SESSION-c54c8f2f9fead0c6 → PCAP:capture_20260430050001:8868731bf8a4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.153:asn:271410	host:131.196.29.153 → asn:271410
flow_observed5-aryOBS	e:fo:flow:a74fab2c698c	flow:a74fab2c698c → host:177.10.233.54 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bcba548cda079292:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-bcba548cda079292 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4eec40051c49c7bf:SESSION-4eec40051c49c7bf	SESSION-4eec40051c49c7bf → pe:tls:SESSION-4eec40051c49c7bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48482b2d296d23e2:host:131.196.29.201	SESSION-48482b2d296d23e2 → host:131.196.29.201
flow_observed4-aryOBS	e:fo:flow:cb8f618e44ed	flow:cb8f618e44ed → host:172.234.197.23 → host:131.196.30.57 → port:tcp:1530
FLOW_FROM_HOSTOBS	e:from:SESSION-e182e837f26eb64a:host:177.10.232.160	SESSION-e182e837f26eb64a → host:177.10.232.160
flow_observed5-aryOBS	e:fo:flow:282a0cc9d92b	flow:282a0cc9d92b → host:45.145.152.156 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cf85a83f91ce2875:host:172.234.197.23	SESSION-cf85a83f91ce2875 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7eb684f9875e	flow:7eb684f9875e → host:177.10.239.81 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f21759fa00584782:host:177.10.237.227	SESSION-f21759fa00584782 → host:177.10.237.227
flow_observed5-aryOBS	e:fo:flow:e19ca5ebb171	flow:e19ca5ebb171 → host:131.196.28.234 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eaa7799a31d50d65:SESSION-eaa7799a31d50d65	SESSION-eaa7799a31d50d65 → pe:tls:SESSION-eaa7799a31d50d65
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-381f999774715cfc:host:177.10.232.100	SESSION-381f999774715cfc → host:177.10.232.100
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5f147f2227c6d965:SESSION-5f147f2227c6d965	SESSION-5f147f2227c6d965 → pe:syn:SESSION-5f147f2227c6d965
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-17e71ce1458770d6:PCAP:capture_20260430160001:9bfa4498506a	SESSION-17e71ce1458770d6 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd554b279ca00d73:host:177.10.236.173	SESSION-bd554b279ca00d73 → host:177.10.236.173
FLOW_TO_HOSTOBS	e:to:SESSION-51bc0a4af53b62cc:host:172.234.197.23	SESSION-51bc0a4af53b62cc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d6e7d46ad1b0c983:host:131.196.30.62	SESSION-d6e7d46ad1b0c983 → host:131.196.30.62
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e87421895e57790a:host:177.10.238.237:host:172.234.197.23	SESSION-e87421895e57790a → host:177.10.238.237 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.42:asn:262880	host:177.10.233.42 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0485e2f41480d0ab:host:131.196.31.56:host:172.234.197.23	SESSION-0485e2f41480d0ab → host:131.196.31.56 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-597e69ebdf7ef93f:host:131.196.31.193:host:172.234.197.23	SESSION-597e69ebdf7ef93f → host:131.196.31.193 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.110:asn:271410	host:131.196.31.110 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-7f9bec963f9028f2:host:172.234.197.23	SESSION-7f9bec963f9028f2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6109906c198ad0ac:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6109906c198ad0ac → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:72a55c97f7f1:port:tcp:443	flow:72a55c97f7f1 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6f4863e4efa4050:host:172.234.197.23	SESSION-b6f4863e4efa4050 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-669a514c7e7ceed8:SESSION-669a514c7e7ceed8	SESSION-669a514c7e7ceed8 → pe:tls:SESSION-669a514c7e7ceed8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6b24715291f7dc36:SESSION-6b24715291f7dc36	SESSION-6b24715291f7dc36 → pe:syn:SESSION-6b24715291f7dc36
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.47:geo_-21.10010_-41.69200	host:45.173.156.47 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-9e9c761e9ca1eb65:host:172.234.197.23	SESSION-9e9c761e9ca1eb65 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-44555c754c6c7558:host:172.234.197.23	SESSION-44555c754c6c7558 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd9b77a0701a4e1b:host:80.94.92.186	SESSION-fd9b77a0701a4e1b → host:80.94.92.186
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b1dfe7de9432473b:SESSION-b1dfe7de9432473b	SESSION-b1dfe7de9432473b → pe:tls:SESSION-b1dfe7de9432473b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-65316f3920c6d168:SESSION-65316f3920c6d168	SESSION-65316f3920c6d168 → pe:syn:SESSION-65316f3920c6d168
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b5af66d109a4873:SESSION-5b5af66d109a4873	SESSION-5b5af66d109a4873 → pe:syn:SESSION-5b5af66d109a4873
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ed5a5f4d7e8650f:host:177.10.239.135	SESSION-6ed5a5f4d7e8650f → host:177.10.239.135
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fdca441bb1b3810b:host:131.196.28.170:host:172.234.197.23	SESSION-fdca441bb1b3810b → host:131.196.28.170 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9866420dbc5d2da0:host:177.10.238.15:host:172.234.197.23	SESSION-9866420dbc5d2da0 → host:177.10.238.15 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-424264fd6333414c:flow:d47ed30c68c9	SESSION-424264fd6333414c → flow:d47ed30c68c9
FLOW_DST_PORTOBS	e:fp:flow:ce703d5cfa0d:port:tcp:443	flow:ce703d5cfa0d → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-9427f5c2202c5258:host:177.10.239.148	SESSION-9427f5c2202c5258 → host:177.10.239.148
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e44af15232c6a53:host:45.173.156.37	SESSION-8e44af15232c6a53 → host:45.173.156.37
FLOW_DST_PORTOBS	e:fp:flow:53321ee7cdbc:port:tcp:443	flow:53321ee7cdbc → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-2b9c1bf42f4683a2:host:131.196.31.73	SESSION-2b9c1bf42f4683a2 → host:131.196.31.73
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4d1df89a4cf6f008:host:177.10.237.74:host:172.234.197.23	SESSION-4d1df89a4cf6f008 → host:177.10.237.74 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.120:geo_-16.28860_-49.01640	host:177.10.235.120 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:fc7297e72fc8	flow:fc7297e72fc8 → host:172.234.197.23 → host:131.196.31.98 → port:tcp:64932
FLOW_DST_PORTOBS	e:fp:flow:b7cec5afb634:port:tcp:43259	flow:b7cec5afb634 → port:tcp:43259
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e26c1de83807ce87:SESSION-e26c1de83807ce87	SESSION-e26c1de83807ce87 → pe:syn:SESSION-e26c1de83807ce87
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e67ae3320dee0238:host:172.234.197.23	SESSION-e67ae3320dee0238 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.185:geo_-16.28860_-49.01640	host:177.10.238.185 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aec01d0deaddfc4b:host:172.234.197.23	SESSION-aec01d0deaddfc4b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2cb296f879c20d45:SESSION-2cb296f879c20d45	SESSION-2cb296f879c20d45 → pe:syn:SESSION-2cb296f879c20d45
FLOW_TO_HOSTOBS	e:to:SESSION-cf40158902d38ce6:host:172.234.197.23	SESSION-cf40158902d38ce6 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:23940c26d681	flow:23940c26d681 → host:78.12.83.235 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-ba981a6eb39461c8:BSG-BEACON-2ae80de08661	SESSION-ba981a6eb39461c8 → BSG-BEACON-2ae80de08661
FLOW_TO_HOSTOBS	e:to:SESSION-01454c90925a3a4f:host:172.234.197.23	SESSION-01454c90925a3a4f → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.239:asn:262880	host:177.10.238.239 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4341cc9426e2382:flow:3ab5e62334de	SESSION-d4341cc9426e2382 → flow:3ab5e62334de
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce92926e8e7d59d2:host:177.10.238.68	SESSION-ce92926e8e7d59d2 → host:177.10.238.68
flow_observed4-aryOBS	e:fo:flow:f0003eb8a676	flow:f0003eb8a676 → host:172.234.197.23 → host:131.196.28.44 → port:tcp:57968
FLOW_TO_HOSTOBS	e:to:SESSION-d69d721ba9bae694:host:177.10.237.172	SESSION-d69d721ba9bae694 → host:177.10.237.172
FLOW_TO_HOSTOBS	e:to:SESSION-aa51bce6270c7d63:host:172.234.197.23	SESSION-aa51bce6270c7d63 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-edf23c7505754934:PCAP:capture_20260430090001:065659c7d314	SESSION-edf23c7505754934 → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.52:geo_-16.28860_-49.01640	host:177.10.237.52 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-35228babc2ac6e48:flow:9b3007c5185e	SESSION-35228babc2ac6e48 → flow:9b3007c5185e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d12ffa49d0d3231:host:131.196.30.255	SESSION-8d12ffa49d0d3231 → host:131.196.30.255
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ce32efb58e1da83:host:172.234.197.23	SESSION-4ce32efb58e1da83 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5a6e84a9f98e2c60:SESSION-5a6e84a9f98e2c60	SESSION-5a6e84a9f98e2c60 → pe:tls:SESSION-5a6e84a9f98e2c60
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.155:geo_-16.28860_-49.01640	host:177.10.237.155 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6372f3e6dae2e87f:host:131.196.30.44:host:172.234.197.23	SESSION-6372f3e6dae2e87f → host:131.196.30.44 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c0014b04a4a7ef99:host:131.196.28.211	SESSION-c0014b04a4a7ef99 → host:131.196.28.211
FLOW_DST_PORTOBS	e:fp:flow:1373d13393f6:port:tcp:443	flow:1373d13393f6 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e3db8610837fd0b8:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e3db8610837fd0b8 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f19ceabce4d2fbb5:SESSION-f19ceabce4d2fbb5	SESSION-f19ceabce4d2fbb5 → pe:syn:SESSION-f19ceabce4d2fbb5
FLOW_DST_PORTOBS	e:fp:flow:10f8a32e96a1:port:tcp:443	flow:10f8a32e96a1 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5250861d994b3dc2:host:177.10.232.219	SESSION-5250861d994b3dc2 → host:177.10.232.219
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7f9bec963f9028f2:SESSION-7f9bec963f9028f2	SESSION-7f9bec963f9028f2 → pe:tls:SESSION-7f9bec963f9028f2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-01b1445b3dd1d2e4:flow:4481ce0e345c	SESSION-01b1445b3dd1d2e4 → flow:4481ce0e345c
flow_observed5-aryOBS	e:fo:flow:7a9af557142d	flow:7a9af557142d → host:95.135.228.151 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:f3de632b07b1:port:tcp:443	flow:f3de632b07b1 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-49f6aac001a41393:host:172.234.197.23	SESSION-49f6aac001a41393 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-15d25700bea96717:SESSION-15d25700bea96717	SESSION-15d25700bea96717 → pe:syn:SESSION-15d25700bea96717
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-801ebd343e287ece:SESSION-801ebd343e287ece	SESSION-801ebd343e287ece → pe:tls:SESSION-801ebd343e287ece
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-08ccad07eda14042:SESSION-08ccad07eda14042	SESSION-08ccad07eda14042 → pe:tls:SESSION-08ccad07eda14042
FLOW_TO_HOSTOBS	e:to:SESSION-78b6e298ccb2dbce:host:177.10.235.105	SESSION-78b6e298ccb2dbce → host:177.10.235.105
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4ddb6310055a59be:host:131.196.31.143:host:172.234.197.23	SESSION-4ddb6310055a59be → host:131.196.31.143 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2cb296f879c20d45:host:95.170.25.175	SESSION-2cb296f879c20d45 → host:95.170.25.175
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.56:geo_-23.62930_-46.63510	host:131.196.29.56 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e652f52440b112c3:SESSION-e652f52440b112c3	SESSION-e652f52440b112c3 → pe:tls:SESSION-e652f52440b112c3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f61464efb17d4b1:host:131.196.28.50	SESSION-6f61464efb17d4b1 → host:131.196.28.50
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8897ca7200c8655e:flow:07d8a2b430bf	SESSION-8897ca7200c8655e → flow:07d8a2b430bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fce590506c76a4f8:PCAP:capture_20260430150001:ded20914761d	SESSION-fce590506c76a4f8 → PCAP:capture_20260430150001:ded20914761d
flow_observed4-aryOBS	e:fo:flow:08ca89fd81e3	flow:08ca89fd81e3 → host:172.234.197.23 → host:177.10.237.248 → port:tcp:28661
FLOW_TO_HOSTOBS	e:to:SESSION-dba7d64f7032fffd:host:172.234.197.23	SESSION-dba7d64f7032fffd → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:68ab9bebddb0	flow:68ab9bebddb0 → host:172.234.197.23 → host:131.196.29.78 → port:tcp:42316
FLOW_TO_HOSTOBS	e:to:SESSION-1b3b25682727ca52:host:45.173.156.18	SESSION-1b3b25682727ca52 → host:45.173.156.18
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6d44dc6146dcb58:host:172.234.197.23	SESSION-b6d44dc6146dcb58 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1d77012e48557176:host:131.196.29.206	SESSION-1d77012e48557176 → host:131.196.29.206
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.180:asn:262880	host:177.10.236.180 → asn:262880
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-07bcf39894ea5ee9:BSG-BEACON-5db8221010e8	SESSION-07bcf39894ea5ee9 → BSG-BEACON-5db8221010e8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2a705ce382fec48a:SESSION-2a705ce382fec48a	SESSION-2a705ce382fec48a → pe:tls:SESSION-2a705ce382fec48a
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.68:asn:262880	host:177.10.234.68 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-79787964fff3a281:host:172.234.197.23	SESSION-79787964fff3a281 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b264639bb50e:port:tcp:443	flow:b264639bb50e → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-096419478460628e:PCAP:capture_20260430150001:ded20914761d	SESSION-096419478460628e → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-27ea3c16306f2f5f:host:172.234.197.23:host:177.10.232.234	SESSION-27ea3c16306f2f5f → host:172.234.197.23 → host:177.10.232.234
FLOW_FROM_HOSTOBS	e:from:SESSION-d32ea7105612ce28:host:172.234.197.23	SESSION-d32ea7105612ce28 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b4e7d8d3f995a1a9:host:172.234.197.23	SESSION-b4e7d8d3f995a1a9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a2aa611e0372	flow:a2aa611e0372 → host:131.196.29.4 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:77a62fb7aaf3:port:tcp:40643	flow:77a62fb7aaf3 → port:tcp:40643
HOST_IN_ASNOBS 85%	e:ha:host:163.192.126.71:asn:31898	host:163.192.126.71 → asn:31898
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b09cf74640ed889e:host:177.10.235.110	SESSION-b09cf74640ed889e → host:177.10.235.110
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb0bca31750919c1:host:172.234.197.23	SESSION-fb0bca31750919c1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-993efaa98cc6a9ac:host:172.234.197.23:host:177.10.232.190	SESSION-993efaa98cc6a9ac → host:172.234.197.23 → host:177.10.232.190
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8d8e16e7f7cb138:host:177.10.237.147	SESSION-c8d8e16e7f7cb138 → host:177.10.237.147
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-92fb186a1f8eeacc:flow:179393637920	SESSION-92fb186a1f8eeacc → flow:179393637920
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b00e597f7260eb50:host:131.196.31.157	SESSION-b00e597f7260eb50 → host:131.196.31.157
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2c24cbdb3e7b273c:SESSION-2c24cbdb3e7b273c	SESSION-2c24cbdb3e7b273c → pe:tls:SESSION-2c24cbdb3e7b273c
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.192:asn:262880	host:177.10.232.192 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-86feda8665cc2010:SESSION-86feda8665cc2010	SESSION-86feda8665cc2010 → pe:syn:SESSION-86feda8665cc2010
FLOW_DST_PORTOBS	e:fp:flow:a7b51cacb28e:port:tcp:15251	flow:a7b51cacb28e → port:tcp:15251
flow_observed4-aryOBS	e:fo:flow:7ec4606e67d3	flow:7ec4606e67d3 → host:172.234.197.23 → host:177.10.239.93 → port:tcp:23420
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-68a3766ff3680ecf:SESSION-68a3766ff3680ecf	SESSION-68a3766ff3680ecf → pe:tls:SESSION-68a3766ff3680ecf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c615690895f6d3c9:SESSION-c615690895f6d3c9	SESSION-c615690895f6d3c9 → pe:syn:SESSION-c615690895f6d3c9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cc35857ee3808de8:SESSION-cc35857ee3808de8	SESSION-cc35857ee3808de8 → pe:tls:SESSION-cc35857ee3808de8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7a6b146488afb43:host:177.10.238.87	SESSION-e7a6b146488afb43 → host:177.10.238.87
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fd437604af995a2a:host:172.234.197.23	SESSION-fd437604af995a2a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9c1aaa33a089	flow:9c1aaa33a089 → host:69.222.187.134 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-231f5887ddd9d406:SESSION-231f5887ddd9d406	SESSION-231f5887ddd9d406 → pe:syn:SESSION-231f5887ddd9d406
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-be4f81bef58a140b:SESSION-be4f81bef58a140b	SESSION-be4f81bef58a140b → pe:tls:SESSION-be4f81bef58a140b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-19279b7c3b267599:host:131.196.29.220:host:172.234.197.23	SESSION-19279b7c3b267599 → host:131.196.29.220 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6372f3e6dae2e87f:SESSION-6372f3e6dae2e87f	SESSION-6372f3e6dae2e87f → pe:tls:SESSION-6372f3e6dae2e87f
FLOW_DST_PORTOBS	e:fp:flow:2cea5d283468:port:tcp:443	flow:2cea5d283468 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-29fae5326f4697b4:host:131.196.30.142	SESSION-29fae5326f4697b4 → host:131.196.30.142
FLOW_TO_HOSTOBS	e:to:SESSION-f910dce05c4c16f4:host:172.234.197.23	SESSION-f910dce05c4c16f4 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.74:asn:262880	host:177.10.239.74 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8e2a1b696130dd57:host:172.234.197.23:host:177.10.235.241	SESSION-8e2a1b696130dd57 → host:172.234.197.23 → host:177.10.235.241
flow_observed5-aryOBS	e:fo:flow:e8fd61411634	flow:e8fd61411634 → host:131.196.29.8 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-ee8b7e20de209690:host:172.232.0.16	SESSION-ee8b7e20de209690 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cce146f15a17b9a1:host:131.196.29.235	SESSION-cce146f15a17b9a1 → host:131.196.29.235
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-531f1f169db2954c:host:131.196.31.180:host:172.234.197.23	SESSION-531f1f169db2954c → host:131.196.31.180 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-34a5ce0f23d7a2a1:flow:21db64e0f176	SESSION-34a5ce0f23d7a2a1 → flow:21db64e0f176
FLOW_TO_HOSTOBS	e:to:SESSION-36e366306285e270:host:172.234.197.23	SESSION-36e366306285e270 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.195:asn:262880	host:177.10.235.195 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a29c9496c44f9fe8:SESSION-a29c9496c44f9fe8	SESSION-a29c9496c44f9fe8 → pe:syn:SESSION-a29c9496c44f9fe8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c532caa5d41cfcbc:host:172.234.197.23	SESSION-c532caa5d41cfcbc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b849b4bd4115608f:SESSION-b849b4bd4115608f	SESSION-b849b4bd4115608f → pe:tls:SESSION-b849b4bd4115608f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ccde81b4fef5a18e:host:45.173.156.97	SESSION-ccde81b4fef5a18e → host:45.173.156.97
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-317129b18cf7eb6c:SESSION-317129b18cf7eb6c	SESSION-317129b18cf7eb6c → pe:tls:SESSION-317129b18cf7eb6c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c3b9d914716975ab:SESSION-c3b9d914716975ab	SESSION-c3b9d914716975ab → pe:syn:SESSION-c3b9d914716975ab
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a139b1df55cde4d7:SESSION-a139b1df55cde4d7	SESSION-a139b1df55cde4d7 → pe:syn:SESSION-a139b1df55cde4d7
flow_observed3-aryOBS	e:fo:flow:3906c12188c3	flow:3906c12188c3 → host:3.102.169.199 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4cb8ade3138db412:host:131.196.30.45:host:172.234.197.23	SESSION-4cb8ade3138db412 → host:131.196.30.45 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.174:geo_-16.28860_-49.01640	host:177.10.235.174 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83d893adc4ebe669:host:172.234.197.23	SESSION-83d893adc4ebe669 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:8db037f16449	flow:8db037f16449 → host:177.10.232.124 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-a137096eda6236d7:host:172.234.197.23	SESSION-a137096eda6236d7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a592f97b57bb2999:SESSION-a592f97b57bb2999	SESSION-a592f97b57bb2999 → pe:tls:SESSION-a592f97b57bb2999
FLOW_TO_HOSTOBS	e:to:SESSION-c178d8ef65578b24:host:172.234.197.23	SESSION-c178d8ef65578b24 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dda196b654200873:flow:a90b185749f1	SESSION-dda196b654200873 → flow:a90b185749f1
FLOW_DST_PORTOBS	e:fp:flow:06e8ffaae8d9:port:tcp:38878	flow:06e8ffaae8d9 → port:tcp:38878
FLOW_DST_PORTOBS	e:fp:flow:6bf5043c6103:port:tcp:43899	flow:6bf5043c6103 → port:tcp:43899
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-da8ba1d6891d9574:host:177.10.232.165	SESSION-da8ba1d6891d9574 → host:177.10.232.165
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-abc806ef9f1a9dce:flow:5e9fbc6cb5f2	SESSION-abc806ef9f1a9dce → flow:5e9fbc6cb5f2
flow_observed5-aryOBS	e:fo:flow:96221e72071d	flow:96221e72071d → host:177.10.237.230 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:70df9bee6094:port:tcp:443	flow:70df9bee6094 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:bb3f8d8dd333:port:tcp:443	flow:bb3f8d8dd333 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2d7ac357c55d6f7b:flow:76d7847b27d9	SESSION-2d7ac357c55d6f7b → flow:76d7847b27d9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.142:geo_-16.28860_-49.01640	host:177.10.236.142 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-a108f3a8f652bd55:SESSION-a108f3a8f652bd55	SESSION-a108f3a8f652bd55 → pe:rst:SESSION-a108f3a8f652bd55
FLOW_DST_PORTOBS	e:fp:flow:96b86482edb7:port:tcp:443	flow:96b86482edb7 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b84ff3ecb7ac9c51:host:172.234.197.23	SESSION-b84ff3ecb7ac9c51 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-16b33dfc60975324:SESSION-16b33dfc60975324	SESSION-16b33dfc60975324 → pe:rst:SESSION-16b33dfc60975324
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f033dc8b343a68ab:SESSION-f033dc8b343a68ab	SESSION-f033dc8b343a68ab → pe:syn:SESSION-f033dc8b343a68ab
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3b8a8c73a52fb2ca:SESSION-3b8a8c73a52fb2ca	SESSION-3b8a8c73a52fb2ca → pe:syn:SESSION-3b8a8c73a52fb2ca
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b2d512f3efc35f9:host:177.10.232.168	SESSION-0b2d512f3efc35f9 → host:177.10.232.168
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-14a60b0039fa135f:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-14a60b0039fa135f → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ce973eb9d12ea742:flow:f97c8850c8aa	SESSION-ce973eb9d12ea742 → flow:f97c8850c8aa
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.26:asn:271410	host:131.196.31.26 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:801bbf52a78d:port:tcp:443	flow:801bbf52a78d → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7832d3594ed31e4:host:92.112.71.6	SESSION-b7832d3594ed31e4 → host:92.112.71.6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a971dfbf90734efe:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-a971dfbf90734efe → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9c36bc9032caa64b:host:45.145.152.109:host:172.234.197.23	SESSION-9c36bc9032caa64b → host:45.145.152.109 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:3202d09bb363	flow:3202d09bb363 → host:172.234.197.23 → host:177.10.238.112 → port:tcp:14731
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.9:geo_-16.28860_-49.01640	host:177.10.239.9 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ee9ba8cae5cc2ab:host:172.234.197.23	SESSION-2ee9ba8cae5cc2ab → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38231883b4033aa4:host:172.234.197.23	SESSION-38231883b4033aa4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7f62a59cabf6a851:host:172.234.197.23	SESSION-7f62a59cabf6a851 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f003e7e66ba8f79:flow:1b20de5d296d	SESSION-4f003e7e66ba8f79 → flow:1b20de5d296d
FLOW_TO_HOSTOBS	e:to:SESSION-f35bbd3887f167bf:host:177.10.239.67	SESSION-f35bbd3887f167bf → host:177.10.239.67
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5c9754d7075a4d12:SESSION-5c9754d7075a4d12	SESSION-5c9754d7075a4d12 → pe:tls:SESSION-5c9754d7075a4d12
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-afb2aada9aae789c:host:104.28.157.111:host:172.234.197.23	SESSION-afb2aada9aae789c → host:104.28.157.111 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aab351c0be27393b:SESSION-aab351c0be27393b	SESSION-aab351c0be27393b → pe:syn:SESSION-aab351c0be27393b
FLOW_FROM_HOSTOBS	e:from:SESSION-b8107d9388b9d334:host:172.234.197.23	SESSION-b8107d9388b9d334 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.215:asn:262880	host:177.10.236.215 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-324b6311c2d003f7:host:172.234.197.23	SESSION-324b6311c2d003f7 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0796a13a25fe417a:PCAP:capture_20260430050001:8868731bf8a4	SESSION-0796a13a25fe417a → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:57.128.95.181:geo_48.85820_2.33870	host:57.128.95.181 → geo_48.85820_2.33870
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4fe97044eaa4ff8:host:172.234.197.23	SESSION-c4fe97044eaa4ff8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4862cddc1ddaa50:host:131.196.28.208:host:172.234.197.23	SESSION-d4862cddc1ddaa50 → host:131.196.28.208 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d077f88c61181481:SESSION-d077f88c61181481	SESSION-d077f88c61181481 → pe:syn:SESSION-d077f88c61181481
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fad7428bd8cc35c5:SESSION-fad7428bd8cc35c5	SESSION-fad7428bd8cc35c5 → pe:syn:SESSION-fad7428bd8cc35c5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4002f150bb6dd768:host:172.234.197.23:host:177.10.239.24	SESSION-4002f150bb6dd768 → host:172.234.197.23 → host:177.10.239.24
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-8d9f933822471a5a:BSG-BEACON-858e4f4e4626	SESSION-8d9f933822471a5a → BSG-BEACON-858e4f4e4626
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7caa5c0db9dc8d4:SESSION-b7caa5c0db9dc8d4	SESSION-b7caa5c0db9dc8d4 → pe:syn:SESSION-b7caa5c0db9dc8d4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-24f08652bbd6b16b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-24f08652bbd6b16b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:6c01e54b2136:port:tcp:443	flow:6c01e54b2136 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2560fc1185e4e3e7:host:45.173.156.202:host:172.234.197.23	SESSION-2560fc1185e4e3e7 → host:45.173.156.202 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-163f2e33c9f4a8f4:flow:9854c2bfa6b6	SESSION-163f2e33c9f4a8f4 → flow:9854c2bfa6b6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-919126906ac50297:host:177.10.233.38:host:172.234.197.23	SESSION-919126906ac50297 → host:177.10.233.38 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-368729c748b57591:host:45.173.156.174:host:172.234.197.23	SESSION-368729c748b57591 → host:45.173.156.174 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-28e21153f6abb648:host:172.234.197.23	SESSION-28e21153f6abb648 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f02a050799431d6e:SESSION-f02a050799431d6e	SESSION-f02a050799431d6e → pe:tls:SESSION-f02a050799431d6e
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.33:asn:203771	host:92.112.71.33 → asn:203771
FLOW_FROM_HOSTOBS	e:from:SESSION-5d6622ca4a22ed44:host:177.10.238.9	SESSION-5d6622ca4a22ed44 → host:177.10.238.9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72859a91c292f326:host:172.234.197.23	SESSION-72859a91c292f326 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3526e42e615eba29:SESSION-3526e42e615eba29	SESSION-3526e42e615eba29 → pe:tls:SESSION-3526e42e615eba29
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-17133b7d31116a9e:SESSION-17133b7d31116a9e	SESSION-17133b7d31116a9e → pe:tls:SESSION-17133b7d31116a9e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9fad2531a6ee4032:host:177.10.239.98	SESSION-9fad2531a6ee4032 → host:177.10.239.98
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d975c41b16afdd4:flow:b9a8ec600f68	SESSION-1d975c41b16afdd4 → flow:b9a8ec600f68
FLOW_DST_PORTOBS	e:fp:flow:ca22a7528306:port:tcp:443	flow:ca22a7528306 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-99cedbc5d14c9ef2:SESSION-99cedbc5d14c9ef2	SESSION-99cedbc5d14c9ef2 → pe:tls:SESSION-99cedbc5d14c9ef2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb59d1b27c368873:host:177.10.236.22:host:172.234.197.23	SESSION-cb59d1b27c368873 → host:177.10.236.22 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:204880:org:Stowarzyszenie Warszawski Hackerspace	asn:204880 → org:Stowarzyszenie Warszawski Hackerspace
flow_observed4-aryOBS	e:fo:flow:5d0dd65fd7cc	flow:5d0dd65fd7cc → host:172.234.197.23 → host:177.10.237.191 → port:tcp:60982
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-807885e153f56a02:SESSION-807885e153f56a02	SESSION-807885e153f56a02 → pe:syn:SESSION-807885e153f56a02
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b0233a0286136dd2:SESSION-b0233a0286136dd2	SESSION-b0233a0286136dd2 → pe:syn:SESSION-b0233a0286136dd2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b1f95fcf0f122c7:host:172.234.197.23	SESSION-4b1f95fcf0f122c7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-29ee7b0c08ea02ad:host:172.234.197.23	SESSION-29ee7b0c08ea02ad → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f5828198604c26af:SESSION-f5828198604c26af	SESSION-f5828198604c26af → pe:tls:SESSION-f5828198604c26af
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-10db7c117acba2ed:host:177.10.239.71:host:172.234.197.23	SESSION-10db7c117acba2ed → host:177.10.239.71 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:bbb0779ee5fc:port:tcp:54305	flow:bbb0779ee5fc → port:tcp:54305
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.236:geo_-16.28860_-49.01640	host:177.10.236.236 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a96ffc9fa12c0c5a:host:172.234.197.23	SESSION-a96ffc9fa12c0c5a → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-6f6577138d25ad9e:host:172.234.197.23	SESSION-6f6577138d25ad9e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e52ff6e3dab6ecf9:SESSION-e52ff6e3dab6ecf9	SESSION-e52ff6e3dab6ecf9 → pe:syn:SESSION-e52ff6e3dab6ecf9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-aae7a2cdf7b4e8cc:PCAP:capture_20260430060001:919b39a74464	SESSION-aae7a2cdf7b4e8cc → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e17435638a41ed24:SESSION-e17435638a41ed24	SESSION-e17435638a41ed24 → pe:tls:SESSION-e17435638a41ed24
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-76408b67fb88a4bd:PCAP:capture_20260430060001:919b39a74464	SESSION-76408b67fb88a4bd → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-30195220eb2aa3f5:SESSION-30195220eb2aa3f5	SESSION-30195220eb2aa3f5 → pe:tls:SESSION-30195220eb2aa3f5
flow_observed4-aryOBS	e:fo:flow:630633a4892c	flow:630633a4892c → host:172.234.197.23 → host:131.196.29.186 → port:tcp:17116
FLOW_FROM_HOSTOBS	e:from:SESSION-4a17e20e34301cc9:host:177.10.235.224	SESSION-4a17e20e34301cc9 → host:177.10.235.224
flow_observed4-aryOBS	e:fo:flow:c4c82fc5a59a	flow:c4c82fc5a59a → host:172.234.197.23 → host:177.10.238.102 → port:tcp:22164
FLOW_TO_HOSTOBS	e:to:SESSION-2f96a240aba6afcc:host:172.234.197.23	SESSION-2f96a240aba6afcc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-43a6565d7143b8ab:host:131.196.29.50	SESSION-43a6565d7143b8ab → host:131.196.29.50
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9028600f4eef977b:host:177.10.235.116:host:172.234.197.23	SESSION-9028600f4eef977b → host:177.10.235.116 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de23fe28677c4a6e:host:131.196.28.208	SESSION-de23fe28677c4a6e → host:131.196.28.208
FLOW_DST_PORTOBS	e:fp:flow:0fbc9a4b7bce:port:tcp:443	flow:0fbc9a4b7bce → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.156:geo_-23.62930_-46.63510	host:131.196.29.156 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-603529cff661c41d:SESSION-603529cff661c41d	SESSION-603529cff661c41d → pe:tls:SESSION-603529cff661c41d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99ffd8e203ea7715:host:172.234.197.23	SESSION-99ffd8e203ea7715 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2289078120ff48cc:SESSION-2289078120ff48cc	SESSION-2289078120ff48cc → pe:syn:SESSION-2289078120ff48cc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-be8cffb783bfde31:flow:46a103932f1f	SESSION-be8cffb783bfde31 → flow:46a103932f1f
flow_observed4-aryOBS	e:fo:flow:745dc28faeae	flow:745dc28faeae → host:172.234.197.23 → host:59.24.133.197 → port:tcp:55966
FLOW_TO_HOSTOBS	e:to:SESSION-5f0044b48e7e1824:host:172.234.197.23	SESSION-5f0044b48e7e1824 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c98a634aa4cfbed2:host:177.10.235.133:host:172.234.197.23	SESSION-c98a634aa4cfbed2 → host:177.10.235.133 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48baa2e7639de342:host:131.196.29.208	SESSION-48baa2e7639de342 → host:131.196.29.208
FLOW_DST_PORTOBS	e:fp:flow:7638fc72224d:port:tcp:443	flow:7638fc72224d → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-e088d2ccbc3966c5:host:185.72.218.77	SESSION-e088d2ccbc3966c5 → host:185.72.218.77
FLOW_FROM_HOSTOBS	e:from:SESSION-b135329a33dc60c2:host:131.196.31.40	SESSION-b135329a33dc60c2 → host:131.196.31.40
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-17133b7d31116a9e:SESSION-17133b7d31116a9e	SESSION-17133b7d31116a9e → pe:syn:SESSION-17133b7d31116a9e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-616ab8d382244a8d:SESSION-616ab8d382244a8d	SESSION-616ab8d382244a8d → pe:syn:SESSION-616ab8d382244a8d
FLOW_TO_HOSTOBS	e:to:SESSION-9fad2531a6ee4032:host:177.10.239.98	SESSION-9fad2531a6ee4032 → host:177.10.239.98
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-edfeffbce5127655:host:136.243.57.208:host:172.234.197.23	SESSION-edfeffbce5127655 → host:136.243.57.208 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d85be3a5c3c244d6:PCAP:capture_20260430090001:065659c7d314	SESSION-d85be3a5c3c244d6 → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a1e631f6e627b67d:SESSION-a1e631f6e627b67d	SESSION-a1e631f6e627b67d → pe:syn:SESSION-a1e631f6e627b67d
FLOW_QUERIED_DNSOBS	e:fd:flow:3100de296217:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:3100de296217 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
FLOW_TO_HOSTOBS	e:to:SESSION-4b8f135d82b00569:host:172.234.197.23	SESSION-4b8f135d82b00569 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-114b93c0875a1701:host:131.196.31.32	SESSION-114b93c0875a1701 → host:131.196.31.32
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.213:asn:273470	host:45.173.156.213 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e652f52440b112c3:flow:4f7e976f3d68	SESSION-e652f52440b112c3 → flow:4f7e976f3d68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78ad99b8772b1e3f:host:104.28.157.111	SESSION-78ad99b8772b1e3f → host:104.28.157.111
FLOW_DST_PORTOBS	e:fp:flow:b0278ad8054c:port:tcp:443	flow:b0278ad8054c → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7f56efcee303c963:host:172.234.197.23:host:177.10.233.48	SESSION-7f56efcee303c963 → host:172.234.197.23 → host:177.10.233.48
FLOW_FROM_HOSTOBS	e:from:SESSION-e652f52440b112c3:host:172.234.197.23	SESSION-e652f52440b112c3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:17f351eb2800	flow:17f351eb2800 → host:172.234.197.23 → host:172.232.0.16 → port:udp:53 → svc:dns
flow_observed5-aryOBS	e:fo:flow:215b11605fcc	flow:215b11605fcc → host:177.10.234.137 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:67200c712926	flow:67200c712926 → host:131.196.31.58 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9be6dcd7d7b7ac03:SESSION-9be6dcd7d7b7ac03	SESSION-9be6dcd7d7b7ac03 → pe:syn:SESSION-9be6dcd7d7b7ac03
FLOW_FROM_HOSTOBS	e:from:SESSION-93446cf6bcbe5afe:host:131.196.31.126	SESSION-93446cf6bcbe5afe → host:131.196.31.126
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5a7a08ae566a4a8b:flow:2849688ffc31	SESSION-5a7a08ae566a4a8b → flow:2849688ffc31
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a288a75f40d03563:host:177.10.239.55	SESSION-a288a75f40d03563 → host:177.10.239.55
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:18.100.238.122:geo_41.65790_-0.87770	host:18.100.238.122 → geo_41.65790_-0.87770
FLOW_DST_PORTOBS	e:fp:flow:f48dcc936eed:port:tcp:443	flow:f48dcc936eed → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:05b7e2fc6f55:port:tcp:42748	flow:05b7e2fc6f55 → port:tcp:42748
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-35ad9f030d1e8e6d:SESSION-35ad9f030d1e8e6d	SESSION-35ad9f030d1e8e6d → pe:tls:SESSION-35ad9f030d1e8e6d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9466cbe9e9dd26aa:host:172.234.197.23	SESSION-9466cbe9e9dd26aa → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7f3bd7044d582575:host:85.11.167.8:host:172.234.197.23	SESSION-7f3bd7044d582575 → host:85.11.167.8 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.177:asn:262880	host:177.10.238.177 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-74adb0edbcc9dd0a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-74adb0edbcc9dd0a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ce2f2546c044634:host:172.234.197.23:host:131.196.30.81	SESSION-8ce2f2546c044634 → host:172.234.197.23 → host:131.196.30.81
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fef5a77f946ef097:host:172.234.197.23	SESSION-fef5a77f946ef097 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.148:geo_-16.28860_-49.01640	host:177.10.234.148 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-921ff5b52f826cc0:PCAP:capture_20260430050001:8868731bf8a4	SESSION-921ff5b52f826cc0 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dda196b654200873:PCAP:capture_20260430160001:9bfa4498506a	SESSION-dda196b654200873 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d1e0a6d0f6eee882:SESSION-d1e0a6d0f6eee882	SESSION-d1e0a6d0f6eee882 → pe:tls:SESSION-d1e0a6d0f6eee882
FLOW_FROM_HOSTOBS	e:from:SESSION-488c9c462e491ad2:host:177.10.232.100	SESSION-488c9c462e491ad2 → host:177.10.232.100
flow_observed5-aryOBS	e:fo:flow:56162d06b962	flow:56162d06b962 → host:177.10.238.211 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.7:asn:271410	host:131.196.30.7 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0f8a559c2faf4a64:host:172.234.197.23	SESSION-0f8a559c2faf4a64 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7240be1eb77ed4f4:host:172.234.197.23:host:177.10.237.226	SESSION-7240be1eb77ed4f4 → host:172.234.197.23 → host:177.10.237.226
FLOW_TO_HOSTOBS	e:to:SESSION-5f215cf2f031026d:host:172.234.197.23	SESSION-5f215cf2f031026d → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:c3fb7e9e34f6:dns:172-234-197-23.ip.linodeusercontent.com	flow:c3fb7e9e34f6 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2887c6ee2de14ac9:SESSION-2887c6ee2de14ac9	SESSION-2887c6ee2de14ac9 → pe:syn:SESSION-2887c6ee2de14ac9
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.8:asn:262880	host:177.10.236.8 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.117:geo_-16.28860_-49.01640	host:177.10.236.117 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b475107bbd97ed39:flow:353f98464a41	SESSION-b475107bbd97ed39 → flow:353f98464a41
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0461902d351b0498:PCAP:capture_20260430150001:ded20914761d	SESSION-0461902d351b0498 → PCAP:capture_20260430150001:ded20914761d
FLOW_FROM_HOSTOBS	e:from:SESSION-3186af5a0774c3b5:host:45.173.156.117	SESSION-3186af5a0774c3b5 → host:45.173.156.117
FLOW_TO_HOSTOBS	e:to:SESSION-c6e971723a904aea:host:172.234.197.23	SESSION-c6e971723a904aea → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0e6517dadbfe4bb3:host:172.234.197.23	SESSION-0e6517dadbfe4bb3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be868fb861e0a1c8:host:172.234.197.23	SESSION-be868fb861e0a1c8 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9b447da23548:port:tcp:25089	flow:9b447da23548 → port:tcp:25089
FLOW_DST_PORTOBS	e:fp:flow:2af924a53b3a:port:tcp:443	flow:2af924a53b3a → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.148:asn:203771	host:185.231.226.148 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5fe8ac015ba2db65:SESSION-5fe8ac015ba2db65	SESSION-5fe8ac015ba2db65 → pe:tls:SESSION-5fe8ac015ba2db65
FLOW_DST_PORTOBS	e:fp:flow:a7a308f001e2:port:tcp:46673	flow:a7a308f001e2 → port:tcp:46673
flow_observed4-aryOBS	e:fo:flow:3144878b6b9a	flow:3144878b6b9a → host:172.234.197.23 → host:177.10.236.186 → port:tcp:39394
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-206979254a17108f:host:172.234.197.23	SESSION-206979254a17108f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-114b93c0875a1701:host:131.196.31.32	SESSION-114b93c0875a1701 → host:131.196.31.32
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b66b69fe93183378:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b66b69fe93183378 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a34bb428906fa48c:flow:e3dbd0b1c026	SESSION-a34bb428906fa48c → flow:e3dbd0b1c026
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c92acfae26c49330:host:172.234.197.23	SESSION-c92acfae26c49330 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:172.94.9.253:geo_35.69800_51.41150	host:172.94.9.253 → geo_35.69800_51.41150
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-34efc230578c0ec6:flow:5590b431c6bb	SESSION-34efc230578c0ec6 → flow:5590b431c6bb
flow_observed5-aryOBS	e:fo:flow:456dd9438c9b	flow:456dd9438c9b → host:131.196.28.93 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-31b6c18ffff74955:host:172.234.197.23	SESSION-31b6c18ffff74955 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5cf2fdb6c848ac6c:host:131.196.29.91	SESSION-5cf2fdb6c848ac6c → host:131.196.29.91
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5bae596d14ec2741:SESSION-5bae596d14ec2741	SESSION-5bae596d14ec2741 → pe:tls:SESSION-5bae596d14ec2741
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fd57eb7fcad3510c:SESSION-fd57eb7fcad3510c	SESSION-fd57eb7fcad3510c → pe:syn:SESSION-fd57eb7fcad3510c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2d93e5dd98af62cc:SESSION-2d93e5dd98af62cc	SESSION-2d93e5dd98af62cc → pe:syn:SESSION-2d93e5dd98af62cc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29f6930bb002305c:host:177.10.233.254	SESSION-29f6930bb002305c → host:177.10.233.254
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9866420dbc5d2da0:host:177.10.238.15	SESSION-9866420dbc5d2da0 → host:177.10.238.15
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5206c0f0c9583a29:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-5206c0f0c9583a29 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2287ae96f90f1374:host:172.234.197.23	SESSION-2287ae96f90f1374 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1e0297185954:port:tcp:443	flow:1e0297185954 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c20a24472712669d:host:131.196.29.2	SESSION-c20a24472712669d → host:131.196.29.2
FLOW_TO_HOSTOBS	e:to:SESSION-c1df48b404d2bce0:host:172.234.197.23	SESSION-c1df48b404d2bce0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4e703980a48f1e09:host:177.10.234.107	SESSION-4e703980a48f1e09 → host:177.10.234.107
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd248be3cf9515b5:host:131.196.31.182	SESSION-cd248be3cf9515b5 → host:131.196.31.182
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2b2ef1696b4c4f00:host:172.234.197.23:host:177.10.234.207	SESSION-2b2ef1696b4c4f00 → host:172.234.197.23 → host:177.10.234.207
HOST_IN_ASNOBS 85%	e:ha:host:60.214.180.150:asn:4837	host:60.214.180.150 → asn:4837
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-52edb7664c060999:SESSION-52edb7664c060999	SESSION-52edb7664c060999 → pe:rst:SESSION-52edb7664c060999
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74505beccb017396:host:177.10.238.69	SESSION-74505beccb017396 → host:177.10.238.69
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6263455e390c054e:SESSION-6263455e390c054e	SESSION-6263455e390c054e → pe:tls:SESSION-6263455e390c054e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cdfe5014ffcf69db:host:177.10.233.35:host:172.234.197.23	SESSION-cdfe5014ffcf69db → host:177.10.233.35 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:64ab56109fb3:port:tcp:50133	flow:64ab56109fb3 → port:tcp:50133
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e1e1ef170279bd06:flow:342afbe20bfa	SESSION-e1e1ef170279bd06 → flow:342afbe20bfa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2e3764b25412d87e:SESSION-2e3764b25412d87e	SESSION-2e3764b25412d87e → pe:syn:SESSION-2e3764b25412d87e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c08b167ed56233b:host:172.234.197.23	SESSION-9c08b167ed56233b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cd4f490a373a283b:host:172.234.197.23	SESSION-cd4f490a373a283b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fe9137916d2eb5d4:SESSION-fe9137916d2eb5d4	SESSION-fe9137916d2eb5d4 → pe:tls:SESSION-fe9137916d2eb5d4
FLOW_DST_PORTOBS	e:fp:flow:808794619d5d:port:tcp:22	flow:808794619d5d → port:tcp:22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e61eb47c134600b1:host:172.234.197.23	SESSION-e61eb47c134600b1 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d0366e388dff:port:tcp:443	flow:d0366e388dff → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-48baa2e7639de342:SESSION-48baa2e7639de342	SESSION-48baa2e7639de342 → pe:tls:SESSION-48baa2e7639de342
FLOW_DST_PORTOBS	e:fp:flow:6e9481ef537b:port:tcp:443	flow:6e9481ef537b → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-acf0f47433b56858:host:131.196.28.19	SESSION-acf0f47433b56858 → host:131.196.28.19
FLOW_DST_PORTOBS	e:fp:flow:47695757901b:port:tcp:443	flow:47695757901b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f38f9d39dae0e5a:host:177.10.236.192	SESSION-3f38f9d39dae0e5a → host:177.10.236.192
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-521d3d94be94008e:flow:572d4b8f9c4a	SESSION-521d3d94be94008e → flow:572d4b8f9c4a
FLOW_FROM_HOSTOBS	e:from:SESSION-cc55eac4fb6ef554:host:184.171.210.134	SESSION-cc55eac4fb6ef554 → host:184.171.210.134
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8b9228625f2ea52e:host:172.234.197.23:host:131.196.30.64	SESSION-8b9228625f2ea52e → host:172.234.197.23 → host:131.196.30.64
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-304db5c18798dbb4:PCAP:capture_20260430160001:9bfa4498506a	SESSION-304db5c18798dbb4 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f6061b9b172c119c:flow:9440bd4080fa	SESSION-f6061b9b172c119c → flow:9440bd4080fa
FLOW_FROM_HOSTOBS	e:from:SESSION-2c4d285e0a09c2a4:host:172.234.197.23	SESSION-2c4d285e0a09c2a4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-80c2fbd298f78f5d:host:172.234.197.23	SESSION-80c2fbd298f78f5d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3185739188bf8a1e:host:172.234.197.23	SESSION-3185739188bf8a1e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:bd771d790628	flow:bd771d790628 → host:45.173.156.148 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.101:geo_-21.10010_-41.69200	host:45.173.156.101 → geo_-21.10010_-41.69200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3393fca13374f4c8:host:172.234.197.23:host:177.10.239.109	SESSION-3393fca13374f4c8 → host:172.234.197.23 → host:177.10.239.109
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8327be02acf872a5:host:172.234.197.23	SESSION-8327be02acf872a5 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.224.144.61:geo_52.51960_13.40690	host:51.224.144.61 → geo_52.51960_13.40690
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0485e2f41480d0ab:PCAP:capture_20260430150001:ded20914761d	SESSION-0485e2f41480d0ab → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3a3b20edc3bf85f8:SESSION-3a3b20edc3bf85f8	SESSION-3a3b20edc3bf85f8 → pe:tls:SESSION-3a3b20edc3bf85f8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ad7e9be9d0a80554:SESSION-ad7e9be9d0a80554	SESSION-ad7e9be9d0a80554 → pe:syn:SESSION-ad7e9be9d0a80554
FLOW_DST_PORTOBS	e:fp:flow:622120e32052:port:tcp:443	flow:622120e32052 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-323caf5dcc039926:host:172.234.197.23:host:131.196.30.20	SESSION-323caf5dcc039926 → host:172.234.197.23 → host:131.196.30.20
FLOW_DST_PORTOBS	e:fp:flow:944985e9d942:port:tcp:20668	flow:944985e9d942 → port:tcp:20668
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-442d12ad40b35d12:host:45.173.156.124:host:172.234.197.23	SESSION-442d12ad40b35d12 → host:45.173.156.124 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-23dcfe77dd45a14a:host:131.196.28.106:host:172.234.197.23	SESSION-23dcfe77dd45a14a → host:131.196.28.106 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-32273c66c8bf9656:SESSION-32273c66c8bf9656	SESSION-32273c66c8bf9656 → pe:syn:SESSION-32273c66c8bf9656
FLOW_FROM_HOSTOBS	e:from:SESSION-82d78308744a8bb2:host:177.10.235.151	SESSION-82d78308744a8bb2 → host:177.10.235.151
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9fd8278b2f1d760d:host:172.234.197.23	SESSION-9fd8278b2f1d760d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a5d297f882a3348:SESSION-4a5d297f882a3348	SESSION-4a5d297f882a3348 → pe:tls:SESSION-4a5d297f882a3348
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.212:geo_-21.10010_-41.69200	host:45.173.156.212 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-398d13acd4a88a37:host:172.232.0.17	SESSION-398d13acd4a88a37 → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c0657272c618c6d4:flow:75b6c1453f5f	SESSION-c0657272c618c6d4 → flow:75b6c1453f5f
FLOW_FROM_HOSTOBS	e:from:SESSION-724b8ddf902cc285:host:16.171.55.148	SESSION-724b8ddf902cc285 → host:16.171.55.148
FLOW_TO_HOSTOBS	e:to:SESSION-5fe8ac015ba2db65:host:131.196.29.208	SESSION-5fe8ac015ba2db65 → host:131.196.29.208
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5e08e3213e2e0e28:SESSION-5e08e3213e2e0e28	SESSION-5e08e3213e2e0e28 → pe:syn:SESSION-5e08e3213e2e0e28
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-84891f6788a8f194:host:172.234.197.23:host:177.10.237.152	SESSION-84891f6788a8f194 → host:172.234.197.23 → host:177.10.237.152
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-319dd83e6310ac59:host:172.234.197.23:host:45.173.156.37	SESSION-319dd83e6310ac59 → host:172.234.197.23 → host:45.173.156.37
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-6a936b4b3a73fb0c:BSG-BEACON-5d6f1bf04fc0	SESSION-6a936b4b3a73fb0c → BSG-BEACON-5d6f1bf04fc0
FLOW_TO_HOSTOBS	e:to:SESSION-ba642a19e1a643ce:host:177.10.239.70	SESSION-ba642a19e1a643ce → host:177.10.239.70
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.6:asn:262880	host:177.10.234.6 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5206c0f0c9583a29:host:172.234.197.23	SESSION-5206c0f0c9583a29 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a1cda6283fa3945:SESSION-4a1cda6283fa3945	SESSION-4a1cda6283fa3945 → pe:syn:SESSION-4a1cda6283fa3945
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5a17077467e1bba6:SESSION-5a17077467e1bba6	SESSION-5a17077467e1bba6 → pe:syn:SESSION-5a17077467e1bba6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a74ec174530f5239:host:172.234.197.23	SESSION-a74ec174530f5239 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2a81d3c71843f89e:flow:22c4bbf97ccb	SESSION-2a81d3c71843f89e → flow:22c4bbf97ccb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-29bd7d52bed21c18:PCAP:capture_20260430150001:ded20914761d	SESSION-29bd7d52bed21c18 → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-efabffc9197efb23:host:172.234.197.23:host:131.196.29.234	SESSION-efabffc9197efb23 → host:172.234.197.23 → host:131.196.29.234
FLOW_TO_HOSTOBS	e:to:SESSION-06ba851c038c998a:host:172.234.197.23	SESSION-06ba851c038c998a → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:faadb4fd5bdf	flow:faadb4fd5bdf → host:172.234.197.23 → host:131.196.28.193 → port:tcp:40508
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ef5ed6d64625f76:flow:ff732ace4242	SESSION-8ef5ed6d64625f76 → flow:ff732ace4242
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2b7cd4519c0a4eb9:SESSION-2b7cd4519c0a4eb9	SESSION-2b7cd4519c0a4eb9 → pe:syn:SESSION-2b7cd4519c0a4eb9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-181666d0ed9d45b8:host:45.173.156.38:host:172.234.197.23	SESSION-181666d0ed9d45b8 → host:45.173.156.38 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-433230166b97139a:SESSION-433230166b97139a	SESSION-433230166b97139a → pe:syn:SESSION-433230166b97139a
FLOW_DST_PORTOBS	e:fp:flow:7ca8715707a6:port:tcp:12197	flow:7ca8715707a6 → port:tcp:12197
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a16442ff0a72733c:host:131.196.31.182	SESSION-a16442ff0a72733c → host:131.196.31.182
FLOW_DST_PORTOBS	e:fp:flow:c3397980d6ec:port:tcp:14416	flow:c3397980d6ec → port:tcp:14416
FLOW_TO_HOSTOBS	e:to:SESSION-5fc95fe30edf5706:host:177.10.234.32	SESSION-5fc95fe30edf5706 → host:177.10.234.32
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0f8a559c2faf4a64:PCAP:capture_20260430050001:8868731bf8a4	SESSION-0f8a559c2faf4a64 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-745809bcd8ad6979:SESSION-745809bcd8ad6979	SESSION-745809bcd8ad6979 → pe:rst:SESSION-745809bcd8ad6979
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-797ddf76fc257ebf:flow:35be8d7fc23e	SESSION-797ddf76fc257ebf → flow:35be8d7fc23e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4370d06debc0fcec:SESSION-4370d06debc0fcec	SESSION-4370d06debc0fcec → pe:syn:SESSION-4370d06debc0fcec
FLOW_FROM_HOSTOBS	e:from:SESSION-41f0125815f54041:host:172.234.197.23	SESSION-41f0125815f54041 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3224b320d23ec0cd:SESSION-3224b320d23ec0cd	SESSION-3224b320d23ec0cd → pe:syn:SESSION-3224b320d23ec0cd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-abf4853d72eba17e:host:45.173.156.26	SESSION-abf4853d72eba17e → host:45.173.156.26
FLOW_TO_HOSTOBS	e:to:SESSION-054885aa6e2323da:host:172.234.197.23	SESSION-054885aa6e2323da → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:66.228.53.46:asn:63949	host:66.228.53.46 → asn:63949
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-923fbccf43ed644a:SESSION-923fbccf43ed644a	SESSION-923fbccf43ed644a → pe:syn:SESSION-923fbccf43ed644a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3ea6c4aff46dde87:SESSION-3ea6c4aff46dde87	SESSION-3ea6c4aff46dde87 → pe:syn:SESSION-3ea6c4aff46dde87
FLOW_DST_PORTOBS	e:fp:flow:9e5960016eed:port:tcp:443	flow:9e5960016eed → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c1947a05c179b1d2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c1947a05c179b1d2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c49f5291ee3911b4:host:131.196.28.230:host:172.234.197.23	SESSION-c49f5291ee3911b4 → host:131.196.28.230 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.162:asn:271410	host:131.196.28.162 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-862fcc949d847857:SESSION-862fcc949d847857	SESSION-862fcc949d847857 → pe:tls:SESSION-862fcc949d847857
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4fb1f3797e8f19a3:host:177.10.239.4	SESSION-4fb1f3797e8f19a3 → host:177.10.239.4
FLOW_TO_HOSTOBS	e:to:SESSION-6cb17c89d7425739:host:177.10.239.177	SESSION-6cb17c89d7425739 → host:177.10.239.177
FLOW_TO_HOSTOBS	e:to:SESSION-3c6f10f20f24d7ff:host:177.10.234.5	SESSION-3c6f10f20f24d7ff → host:177.10.234.5
FLOW_FROM_HOSTOBS	e:from:SESSION-1da9f85a5b3be49b:host:131.196.31.167	SESSION-1da9f85a5b3be49b → host:131.196.31.167
FLOW_DST_PORTOBS	e:fp:flow:7da1874cf98a:port:tcp:443	flow:7da1874cf98a → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:abdcc655bf4a:port:tcp:2914	flow:abdcc655bf4a → port:tcp:2914
FLOW_TO_HOSTOBS	e:to:SESSION-5634ee3b30a0b6aa:host:177.10.239.154	SESSION-5634ee3b30a0b6aa → host:177.10.239.154
FLOW_TO_HOSTOBS	e:to:SESSION-323caf5dcc039926:host:131.196.30.20	SESSION-323caf5dcc039926 → host:131.196.30.20
FLOW_TO_HOSTOBS	e:to:SESSION-8ad42e8c66a89ee5:host:177.10.234.250	SESSION-8ad42e8c66a89ee5 → host:177.10.234.250
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-32626bc077790390:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-32626bc077790390 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-1110d6d36f6ebd42:host:131.196.31.180	SESSION-1110d6d36f6ebd42 → host:131.196.31.180
FLOW_FROM_HOSTOBS	e:from:SESSION-6b24715291f7dc36:host:172.234.197.23	SESSION-6b24715291f7dc36 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-14e24a51491967d5:host:163.192.126.71:host:172.234.197.23	SESSION-14e24a51491967d5 → host:163.192.126.71 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c01d0fd13ba220b:host:172.234.197.23	SESSION-0c01d0fd13ba220b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-82093c184ece9713:host:131.196.28.101	SESSION-82093c184ece9713 → host:131.196.28.101
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cd248be3cf9515b5:host:172.234.197.23	SESSION-cd248be3cf9515b5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4aeecdec5ead7952:SESSION-4aeecdec5ead7952	SESSION-4aeecdec5ead7952 → pe:tls:SESSION-4aeecdec5ead7952
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b3254874520e1dae:flow:209d675128aa	SESSION-b3254874520e1dae → flow:209d675128aa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-164b17078fceb547:SESSION-164b17078fceb547	SESSION-164b17078fceb547 → pe:syn:SESSION-164b17078fceb547
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d9a539c485f657b5:host:177.10.239.20:host:172.234.197.23	SESSION-d9a539c485f657b5 → host:177.10.239.20 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b89a1b1f5399599:host:172.234.197.23	SESSION-7b89a1b1f5399599 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.94:asn:262880	host:177.10.234.94 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-091ae841df8cdc2c:host:172.234.197.23	SESSION-091ae841df8cdc2c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4faf0bdb2ec15f7a:host:177.10.237.54:host:172.234.197.23	SESSION-4faf0bdb2ec15f7a → host:177.10.237.54 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e700dd1746307a02:SESSION-e700dd1746307a02	SESSION-e700dd1746307a02 → pe:syn:SESSION-e700dd1746307a02
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaf7cd3e5a2b7709:host:177.10.237.108	SESSION-eaf7cd3e5a2b7709 → host:177.10.237.108
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-077636b939c69f3b:SESSION-077636b939c69f3b	SESSION-077636b939c69f3b → pe:tls:SESSION-077636b939c69f3b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-36f4c424d3b5f86e:flow:f996eec81ce9	SESSION-36f4c424d3b5f86e → flow:f996eec81ce9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4235901c81cb167b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4235901c81cb167b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:28d85fd4eba1	flow:28d85fd4eba1 → host:177.10.232.63 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f2e1e1ea3d3f0587:SESSION-f2e1e1ea3d3f0587	SESSION-f2e1e1ea3d3f0587 → pe:tls:SESSION-f2e1e1ea3d3f0587
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.239:asn:262880	host:177.10.239.239 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6411f10800cf3ef5:SESSION-6411f10800cf3ef5	SESSION-6411f10800cf3ef5 → pe:syn:SESSION-6411f10800cf3ef5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-02deb29800889c11:flow:87b13a5e20d6	SESSION-02deb29800889c11 → flow:87b13a5e20d6
FLOW_FROM_HOSTOBS	e:from:SESSION-366e271d3ddb3e11:host:172.234.197.23	SESSION-366e271d3ddb3e11 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-42ac4798d48b113f:host:172.234.197.23:host:131.196.31.204	SESSION-42ac4798d48b113f → host:172.234.197.23 → host:131.196.31.204
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bcca913f927ee07e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-bcca913f927ee07e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-06b5f759c1748871:PCAP:capture_20260430150001:ded20914761d	SESSION-06b5f759c1748871 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5fdfd79cbce8be94:flow:2f58c659f6fe	SESSION-5fdfd79cbce8be94 → flow:2f58c659f6fe
FLOW_FROM_HOSTOBS	e:from:SESSION-49fc7ea897578489:host:45.145.152.169	SESSION-49fc7ea897578489 → host:45.145.152.169
FLOW_FROM_HOSTOBS	e:from:SESSION-182527d04a349453:host:131.196.29.4	SESSION-182527d04a349453 → host:131.196.29.4
FLOW_FROM_HOSTOBS	e:from:SESSION-7ac71f2f2355e0bb:host:45.173.156.116	SESSION-7ac71f2f2355e0bb → host:45.173.156.116
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb971e48f4a1e66e:host:172.234.197.23	SESSION-fb971e48f4a1e66e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-39845edf8e8f640a:host:131.196.30.130:host:172.234.197.23	SESSION-39845edf8e8f640a → host:131.196.30.130 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e6ceecc84370:port:tcp:443	flow:e6ceecc84370 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:47640395d048	flow:47640395d048 → host:172.234.197.23 → host:131.196.30.213 → port:tcp:27787
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f57d963826b0d8cc:host:172.234.197.23	SESSION-f57d963826b0d8cc → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:a6f1bedfb399:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:a6f1bedfb399 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-75add779b1a22971:host:2.57.121.112	SESSION-75add779b1a22971 → host:2.57.121.112
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f8e250b2be37e497:SESSION-f8e250b2be37e497	SESSION-f8e250b2be37e497 → pe:syn:SESSION-f8e250b2be37e497
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-b4af85088cb1b366:SESSION-b4af85088cb1b366	SESSION-b4af85088cb1b366 → pe:rst:SESSION-b4af85088cb1b366
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ae33589f66e7ab9:SESSION-6ae33589f66e7ab9	SESSION-6ae33589f66e7ab9 → pe:tls:SESSION-6ae33589f66e7ab9
flow_observed5-aryOBS	e:fo:flow:a080f56c4457	flow:a080f56c4457 → host:177.10.235.140 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-eaa7799a31d50d65:host:177.10.239.209	SESSION-eaa7799a31d50d65 → host:177.10.239.209
FLOW_FROM_HOSTOBS	e:from:SESSION-fb0bca31750919c1:host:131.196.28.147	SESSION-fb0bca31750919c1 → host:131.196.28.147
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d4dc0a9d4d6e7897:SESSION-d4dc0a9d4d6e7897	SESSION-d4dc0a9d4d6e7897 → pe:syn:SESSION-d4dc0a9d4d6e7897
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6d7eebeca6a52636:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-6d7eebeca6a52636 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47f7d0be3b0e89e2:PCAP:capture_20260430090001:065659c7d314	SESSION-47f7d0be3b0e89e2 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8631759e2d7ec30:host:172.234.197.23	SESSION-c8631759e2d7ec30 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ba98677b43b4662:SESSION-8ba98677b43b4662	SESSION-8ba98677b43b4662 → pe:tls:SESSION-8ba98677b43b4662
flow_observed5-aryOBS	e:fo:flow:92dd17f54f7f	flow:92dd17f54f7f → host:177.10.239.180 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-396a4dd85675ad96:host:177.10.238.149	SESSION-396a4dd85675ad96 → host:177.10.238.149
flow_observed3-aryOBS	e:fo:flow:9b42ce9f0d54	flow:9b42ce9f0d54 → host:47.129.136.46 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eca69a208ab39d5f:host:172.234.197.23	SESSION-eca69a208ab39d5f → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-099b4106de78317b:PCAP:capture_20260430050001:8868731bf8a4	SESSION-099b4106de78317b → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:7da1874cf98a	flow:7da1874cf98a → host:177.10.236.222 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-3f077149cc71812a:host:177.10.239.9	SESSION-3f077149cc71812a → host:177.10.239.9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-df4b466e6cf802c5:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-df4b466e6cf802c5 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7661066332b8e82:host:177.10.239.186:host:172.234.197.23	SESSION-b7661066332b8e82 → host:177.10.239.186 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-14e24a51491967d5:flow:7ad2515d1158	SESSION-14e24a51491967d5 → flow:7ad2515d1158
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-868abcdaf084ea7c:PCAP:capture_20260430130001:4249c4e0a4c4	SESSION-868abcdaf084ea7c → PCAP:capture_20260430130001:4249c4e0a4c4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74f51cf412342155:host:131.196.30.223	SESSION-74f51cf412342155 → host:131.196.30.223
FLOW_TO_HOSTOBS	e:to:SESSION-e8a6e8a4db8ac534:host:177.10.234.67	SESSION-e8a6e8a4db8ac534 → host:177.10.234.67
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2d407d786bd09817:host:172.234.197.23:host:177.10.236.176	SESSION-2d407d786bd09817 → host:172.234.197.23 → host:177.10.236.176
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9633daabdcbaa0c0:SESSION-9633daabdcbaa0c0	SESSION-9633daabdcbaa0c0 → pe:syn:SESSION-9633daabdcbaa0c0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-749084d26a1fdfcc:host:45.173.156.55	SESSION-749084d26a1fdfcc → host:45.173.156.55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-03f351fbd88acdc4:SESSION-03f351fbd88acdc4	SESSION-03f351fbd88acdc4 → pe:tls:SESSION-03f351fbd88acdc4
FLOW_FROM_HOSTOBS	e:from:SESSION-aa32b0aa2bffc0b5:host:131.196.28.200	SESSION-aa32b0aa2bffc0b5 → host:131.196.28.200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ed29e6defb1050d9:SESSION-ed29e6defb1050d9	SESSION-ed29e6defb1050d9 → pe:tls:SESSION-ed29e6defb1050d9
FLOW_DST_PORTOBS	e:fp:flow:4520e47e28d0:port:tcp:443	flow:4520e47e28d0 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9c596c163b79d372:PCAP:capture_20260430050001:8868731bf8a4	SESSION-9c596c163b79d372 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-e77787f9a5bab711:host:177.10.237.72	SESSION-e77787f9a5bab711 → host:177.10.237.72
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9cd2627e6ddbbad1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-9cd2627e6ddbbad1 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-896e151c898991bb:SESSION-896e151c898991bb	SESSION-896e151c898991bb → pe:tls:SESSION-896e151c898991bb
FLOW_DST_PORTOBS	e:fp:flow:473adaf7427d:port:tcp:25000	flow:473adaf7427d → port:tcp:25000
FLOW_DST_PORTOBS	e:fp:flow:c58065526050:port:tcp:443	flow:c58065526050 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8fbc053aa21c3a10:SESSION-8fbc053aa21c3a10	SESSION-8fbc053aa21c3a10 → pe:tls:SESSION-8fbc053aa21c3a10
flow_observed5-aryOBS	e:fo:flow:ca4f3a212e98	flow:ca4f3a212e98 → host:131.196.30.87 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.135.228.151:geo_41.00190_28.96450	host:95.135.228.151 → geo_41.00190_28.96450
FLOW_FROM_HOSTOBS	e:from:SESSION-b72f7dde05c7e1dd:host:177.10.238.190	SESSION-b72f7dde05c7e1dd → host:177.10.238.190
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-49ddbf605897eb3f:SESSION-49ddbf605897eb3f	SESSION-49ddbf605897eb3f → pe:tls:SESSION-49ddbf605897eb3f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a4167334bdfae4b6:host:172.234.197.23:host:131.196.28.223	SESSION-a4167334bdfae4b6 → host:172.234.197.23 → host:131.196.28.223
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e1e1ef170279bd06:host:172.232.0.16	SESSION-e1e1ef170279bd06 → host:172.232.0.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8b5f689fd50e4895:PCAP:capture_20260430080001:93f47cc296a4	SESSION-8b5f689fd50e4895 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed5-aryOBS	e:fo:flow:95bdf7b313dd	flow:95bdf7b313dd → host:131.196.29.215 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-de195b26c1af220a:host:177.10.232.60	SESSION-de195b26c1af220a → host:177.10.232.60
FLOW_TO_HOSTOBS	e:to:SESSION-2b2ef1696b4c4f00:host:177.10.234.207	SESSION-2b2ef1696b4c4f00 → host:177.10.234.207
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7f181002c59096f4:SESSION-7f181002c59096f4	SESSION-7f181002c59096f4 → pe:tls:SESSION-7f181002c59096f4
flow_observed4-aryOBS	e:fo:flow:6d9a418c6401	flow:6d9a418c6401 → host:172.234.197.23 → host:131.196.30.157 → port:tcp:10609
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.107:geo_-16.28860_-49.01640	host:177.10.235.107 → geo_-16.28860_-49.01640
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-b332774cd544824a:BSG-BEACON-d0e3cf456f12	SESSION-b332774cd544824a → BSG-BEACON-d0e3cf456f12
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4993bcd996008da0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4993bcd996008da0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7063a4bdff0e259c:host:172.234.197.23	SESSION-7063a4bdff0e259c → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.107:asn:271410	host:131.196.30.107 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-29bf5bdb9e3850fd:host:131.196.30.141	SESSION-29bf5bdb9e3850fd → host:131.196.30.141
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.195:geo_-16.28860_-49.01640	host:177.10.232.195 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0da9d7ff41780d23:host:177.10.232.16	SESSION-0da9d7ff41780d23 → host:177.10.232.16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ddb8ef81f168c6c0:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-ddb8ef81f168c6c0 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-5527f09aaa715d91:host:172.234.197.23	SESSION-5527f09aaa715d91 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-25fe6bafaa94a84d:host:45.145.152.13	SESSION-25fe6bafaa94a84d → host:45.145.152.13
FLOW_DST_PORTOBS	e:fp:flow:3abeeb1965d0:port:tcp:443	flow:3abeeb1965d0 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:59c0c7a37f54	flow:59c0c7a37f54 → host:131.196.31.195 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-75bc03759038657d:host:177.10.232.139:host:172.234.197.23	SESSION-75bc03759038657d → host:177.10.232.139 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a650ad390b72264d:host:172.234.197.23:host:177.10.237.164	SESSION-a650ad390b72264d → host:172.234.197.23 → host:177.10.237.164
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9fba97aa139b6de4:host:172.234.197.23	SESSION-9fba97aa139b6de4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a7c8e382dfaf:port:tcp:443	flow:a7c8e382dfaf → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98b441f54568b58c:host:172.234.197.23	SESSION-98b441f54568b58c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:32f3ac1593ad	flow:32f3ac1593ad → host:177.10.235.151 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:14fd74da1fdf:port:tcp:443	flow:14fd74da1fdf → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3526e42e615eba29:SESSION-3526e42e615eba29	SESSION-3526e42e615eba29 → pe:syn:SESSION-3526e42e615eba29
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-858e7fe3651dc7b6:SESSION-858e7fe3651dc7b6	SESSION-858e7fe3651dc7b6 → pe:tls:SESSION-858e7fe3651dc7b6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f3e5ef5a453dff40:SESSION-f3e5ef5a453dff40	SESSION-f3e5ef5a453dff40 → pe:syn:SESSION-f3e5ef5a453dff40
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9a269382e1e5b425:SESSION-9a269382e1e5b425	SESSION-9a269382e1e5b425 → pe:tls:SESSION-9a269382e1e5b425
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8c9381f88305d4e9:SESSION-8c9381f88305d4e9	SESSION-8c9381f88305d4e9 → pe:tls:SESSION-8c9381f88305d4e9
FLOW_DST_PORTOBS	e:fp:flow:9084a8142295:port:tcp:443	flow:9084a8142295 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:f99b1b2b978a	flow:f99b1b2b978a → host:45.173.156.200 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a242c68bb3594796:SESSION-a242c68bb3594796	SESSION-a242c68bb3594796 → pe:syn:SESSION-a242c68bb3594796
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cff48a7a06adcd8f:flow:dd0bd79c32ac	SESSION-cff48a7a06adcd8f → flow:dd0bd79c32ac
FLOW_FROM_HOSTOBS	e:from:SESSION-30152f28b63d1649:host:177.10.236.122	SESSION-30152f28b63d1649 → host:177.10.236.122
FLOW_FROM_HOSTOBS	e:from:SESSION-37a58b55d4a339c3:host:172.234.197.23	SESSION-37a58b55d4a339c3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-180bc1efe2db3897:host:177.10.237.245	SESSION-180bc1efe2db3897 → host:177.10.237.245
flow_observed4-aryOBS	e:fo:flow:72a4de96eca6	flow:72a4de96eca6 → host:172.234.197.23 → host:131.196.31.30 → port:tcp:14717
FLOW_DST_PORTOBS	e:fp:flow:dead05b4c0bc:port:tcp:12644	flow:dead05b4c0bc → port:tcp:12644
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bb70871923a8cd06:SESSION-bb70871923a8cd06	SESSION-bb70871923a8cd06 → pe:syn:SESSION-bb70871923a8cd06
flow_observed5-aryOBS	e:fo:flow:6abeeac5086e	flow:6abeeac5086e → host:131.196.29.33 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4e094b52f54dff79:SESSION-4e094b52f54dff79	SESSION-4e094b52f54dff79 → pe:syn:SESSION-4e094b52f54dff79
FLOW_FROM_HOSTOBS	e:from:SESSION-4e49f7df60935172:host:177.10.236.129	SESSION-4e49f7df60935172 → host:177.10.236.129
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-999a3a68382b7707:SESSION-999a3a68382b7707	SESSION-999a3a68382b7707 → pe:tls:SESSION-999a3a68382b7707
flow_observed5-aryOBS	e:fo:flow:16cd2c37ea7f	flow:16cd2c37ea7f → host:177.10.234.184 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7312728f8a99afb:host:172.234.197.23:host:177.10.236.218	SESSION-b7312728f8a99afb → host:172.234.197.23 → host:177.10.236.218
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-858a06c2b9abdebe:SESSION-858a06c2b9abdebe	SESSION-858a06c2b9abdebe → pe:syn:SESSION-858a06c2b9abdebe
FLOW_TO_HOSTOBS	e:to:SESSION-6c4ed0368ffe58f8:host:172.234.197.23	SESSION-6c4ed0368ffe58f8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-11ee8787e5fc7b06:host:131.196.30.233:host:172.234.197.23	SESSION-11ee8787e5fc7b06 → host:131.196.30.233 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:27c337ce6ac9:port:tcp:443	flow:27c337ce6ac9 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:f0f43f14c846	flow:f0f43f14c846 → host:177.10.236.101 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7c35a263dbc41a3d:flow:b7b083ee0603	SESSION-7c35a263dbc41a3d → flow:b7b083ee0603
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-342ba7535c6572a7:flow:92c6a8c1353a	SESSION-342ba7535c6572a7 → flow:92c6a8c1353a
FLOW_TO_HOSTOBS	e:to:SESSION-febabcac2b03c9d1:host:172.234.197.23	SESSION-febabcac2b03c9d1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fb645c1b10558a95:PCAP:capture_20260430060001:919b39a74464	SESSION-fb645c1b10558a95 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-60441095965530ae:SESSION-60441095965530ae	SESSION-60441095965530ae → pe:syn:SESSION-60441095965530ae
flow_observed4-aryOBS	e:fo:flow:85f692c6f243	flow:85f692c6f243 → host:172.234.197.23 → host:177.10.232.12 → port:tcp:30084
FLOW_FROM_HOSTOBS	e:from:SESSION-5133340de07cf838:host:131.196.30.226	SESSION-5133340de07cf838 → host:131.196.30.226
FLOW_FROM_HOSTOBS	e:from:SESSION-ac2cef9f7dcbf562:host:177.10.234.199	SESSION-ac2cef9f7dcbf562 → host:177.10.234.199
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7e06a830af01410:SESSION-b7e06a830af01410	SESSION-b7e06a830af01410 → pe:syn:SESSION-b7e06a830af01410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2139588c74105d1b:host:35.92.48.165	SESSION-2139588c74105d1b → host:35.92.48.165
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6d5e711c3b45ec85:host:131.196.30.50:host:172.234.197.23	SESSION-6d5e711c3b45ec85 → host:131.196.30.50 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-566179d6a12d7e1c:host:177.10.234.206:host:172.234.197.23	SESSION-566179d6a12d7e1c → host:177.10.234.206 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b11513eff2bd1e6:host:172.234.197.23	SESSION-7b11513eff2bd1e6 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-31e4a260829c636e:flow:e317ac68355a	SESSION-31e4a260829c636e → flow:e317ac68355a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3dc32d1b123f77b5:SESSION-3dc32d1b123f77b5	SESSION-3dc32d1b123f77b5 → pe:tls:SESSION-3dc32d1b123f77b5
FLOW_DST_PORTOBS	e:fp:flow:b67c661cd116:port:tcp:443	flow:b67c661cd116 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-c8d8e16e7f7cb138:host:172.234.197.23	SESSION-c8d8e16e7f7cb138 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb9e9108ca8bff14:flow:63ec30f12b69	SESSION-cb9e9108ca8bff14 → flow:63ec30f12b69
FLOW_DST_PORTOBS	e:fp:flow:8c1b2bbd3824:port:tcp:4233	flow:8c1b2bbd3824 → port:tcp:4233
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.213:geo_-16.28860_-49.01640	host:177.10.236.213 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f95aea3e66ab57b:flow:4a6ab53421e3	SESSION-4f95aea3e66ab57b → flow:4a6ab53421e3
FLOW_FROM_HOSTOBS	e:from:SESSION-40ef48225b459fb9:host:177.10.238.107	SESSION-40ef48225b459fb9 → host:177.10.238.107
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb7f3482601c970a:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-cb7f3482601c970a → PCAP:capture_20260430100001:55715ebbe6bf
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.235:asn:271410	host:131.196.31.235 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8c54e8a5253d053d:flow:5d260aa3f548	SESSION-8c54e8a5253d053d → flow:5d260aa3f548
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1191e0b24f1d121:flow:b63f651026b2	SESSION-d1191e0b24f1d121 → flow:b63f651026b2
FLOW_TO_HOSTOBS	e:to:SESSION-a1e631f6e627b67d:host:177.10.239.196	SESSION-a1e631f6e627b67d → host:177.10.239.196
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-69ca44a412c8d221:host:172.234.197.23:host:45.173.156.124	SESSION-69ca44a412c8d221 → host:172.234.197.23 → host:45.173.156.124
FLOW_TO_HOSTOBS	e:to:SESSION-b11ad70426b43374:host:177.10.235.36	SESSION-b11ad70426b43374 → host:177.10.235.36
FLOW_DST_PORTOBS	e:fp:flow:435b7b398a65:port:tcp:19550	flow:435b7b398a65 → port:tcp:19550
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-592c559641abdde0:host:177.10.237.138	SESSION-592c559641abdde0 → host:177.10.237.138
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa574f1f11f5b30b:host:131.196.31.22:host:172.234.197.23	SESSION-aa574f1f11f5b30b → host:131.196.31.22 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7d9ab0e2fb8bff1f:host:172.234.197.23	SESSION-7d9ab0e2fb8bff1f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3d9dc2a57062	flow:3d9dc2a57062 → host:131.196.31.37 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a88f0b19d496a689:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-a88f0b19d496a689 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-fc5634306e23209a:host:45.173.156.240	SESSION-fc5634306e23209a → host:45.173.156.240
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-438fb49dfab0fe81:PCAP:capture_20260430110001:43611bdf6759	SESSION-438fb49dfab0fe81 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:035870e58ce4	flow:035870e58ce4 → host:177.10.235.245 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-95e8a61a9d5e6397:PCAP:capture_20260430080001:93f47cc296a4	SESSION-95e8a61a9d5e6397 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:e99aac970179:port:tcp:443	flow:e99aac970179 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c5f8419335024f52:SESSION-c5f8419335024f52	SESSION-c5f8419335024f52 → pe:rst:SESSION-c5f8419335024f52
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a7cfd4f435147ff3:SESSION-a7cfd4f435147ff3	SESSION-a7cfd4f435147ff3 → pe:tls:SESSION-a7cfd4f435147ff3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e49b447cbf9c1ef7:flow:1b86cb8b1911	SESSION-e49b447cbf9c1ef7 → flow:1b86cb8b1911
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c155b50123efabb5:host:172.234.197.23:host:177.10.235.147	SESSION-c155b50123efabb5 → host:172.234.197.23 → host:177.10.235.147
flow_observed5-aryOBS	e:fo:flow:c6a015f3a684	flow:c6a015f3a684 → host:131.196.31.226 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-003677474853cb22:host:177.10.232.148	SESSION-003677474853cb22 → host:177.10.232.148
FLOW_FROM_HOSTOBS	e:from:SESSION-ae747b0389dd0111:host:177.10.236.187	SESSION-ae747b0389dd0111 → host:177.10.236.187
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d53928eb39cd6093:SESSION-d53928eb39cd6093	SESSION-d53928eb39cd6093 → pe:tls:SESSION-d53928eb39cd6093
FLOW_FROM_HOSTOBS	e:from:SESSION-d85be3a5c3c244d6:host:172.234.197.23	SESSION-d85be3a5c3c244d6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-8f3823f20b5aa8c6:host:172.234.197.23	SESSION-8f3823f20b5aa8c6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-783928d3af0eed6e:host:131.196.31.218	SESSION-783928d3af0eed6e → host:131.196.31.218
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.245:geo_-16.28860_-49.01640	host:177.10.235.245 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:4cb6c8af98e7:port:tcp:443	flow:4cb6c8af98e7 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ffc4775cc215b441:SESSION-ffc4775cc215b441	SESSION-ffc4775cc215b441 → pe:syn:SESSION-ffc4775cc215b441
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8405fabd9aa330c8:flow:572a057fddca	SESSION-8405fabd9aa330c8 → flow:572a057fddca
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-31de31d3c82f498d:flow:414b20fd0e30	SESSION-31de31d3c82f498d → flow:414b20fd0e30
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5ac08008a4ed5c1:host:177.10.236.46	SESSION-c5ac08008a4ed5c1 → host:177.10.236.46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc18a12b15fb2c84:host:177.10.233.80	SESSION-fc18a12b15fb2c84 → host:177.10.233.80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd8e744bc487bcb1:host:177.10.237.73	SESSION-bd8e744bc487bcb1 → host:177.10.237.73
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74adb0edbcc9dd0a:host:131.196.29.146	SESSION-74adb0edbcc9dd0a → host:131.196.29.146
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a38d88507263cddf:SESSION-a38d88507263cddf	SESSION-a38d88507263cddf → pe:syn:SESSION-a38d88507263cddf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38c7d1687d10af97:host:172.234.197.23	SESSION-38c7d1687d10af97 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-da64f1d11a78111b:SESSION-da64f1d11a78111b	SESSION-da64f1d11a78111b → pe:syn:SESSION-da64f1d11a78111b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1d0453327d6800ed:SESSION-1d0453327d6800ed	SESSION-1d0453327d6800ed → pe:syn:SESSION-1d0453327d6800ed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa372e44ee6fb3e7:host:131.196.30.157	SESSION-aa372e44ee6fb3e7 → host:131.196.30.157
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51b700d0442eff09:host:131.196.29.196:host:172.234.197.23	SESSION-51b700d0442eff09 → host:131.196.29.196 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c9716031ec5470ef:host:131.196.30.212	SESSION-c9716031ec5470ef → host:131.196.30.212
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f0cdd1d919af3f4a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f0cdd1d919af3f4a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.70:geo_-16.28860_-49.01640	host:177.10.239.70 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b11513eff2bd1e6:flow:ee3db2b4dc4c	SESSION-7b11513eff2bd1e6 → flow:ee3db2b4dc4c
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.43:asn:271410	host:131.196.29.43 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b35e3cddd5fc2e72:host:131.196.28.80:host:172.234.197.23	SESSION-b35e3cddd5fc2e72 → host:131.196.28.80 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.43:asn:262880	host:177.10.238.43 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0799ff092dfcce41:host:177.10.235.125:host:172.234.197.23	SESSION-0799ff092dfcce41 → host:177.10.235.125 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:86186a8a1700	flow:86186a8a1700 → host:177.10.233.185 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-455353f546d0ad3e:host:172.234.197.23	SESSION-455353f546d0ad3e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fd4f176877b3d058:host:172.234.197.23	SESSION-fd4f176877b3d058 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6a5d8002765cb7d3:host:177.10.239.136:host:172.234.197.23	SESSION-6a5d8002765cb7d3 → host:177.10.239.136 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-574ff4efae76e1f7:host:177.10.235.84	SESSION-574ff4efae76e1f7 → host:177.10.235.84
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17000fdd70ecbf97:host:131.196.31.98	SESSION-17000fdd70ecbf97 → host:131.196.31.98
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c5ea1449320ef78b:PCAP:capture_20260428010001:b1b402c7b202	SESSION-c5ea1449320ef78b → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3982f1a8e532b400:SESSION-3982f1a8e532b400	SESSION-3982f1a8e532b400 → pe:syn:SESSION-3982f1a8e532b400
FLOW_DST_PORTOBS	e:fp:flow:08a3c204e87b:port:tcp:443	flow:08a3c204e87b → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fc59b28fe233796a:flow:9f9f6272f7b6	SESSION-fc59b28fe233796a → flow:9f9f6272f7b6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6e3139069f2c261e:host:172.234.197.23:host:177.10.235.75	SESSION-6e3139069f2c261e → host:172.234.197.23 → host:177.10.235.75
flow_observed4-aryOBS	e:fo:flow:105430cefef1	flow:105430cefef1 → host:172.234.197.23 → host:177.10.237.122 → port:tcp:32565
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5080263f1b2fd5b9:flow:377de2a09526	SESSION-5080263f1b2fd5b9 → flow:377de2a09526
FLOW_TO_HOSTOBS	e:to:SESSION-5d5941c68a821530:host:131.196.29.140	SESSION-5d5941c68a821530 → host:131.196.29.140
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c36eb4dd059a78a3:host:177.10.233.183	SESSION-c36eb4dd059a78a3 → host:177.10.233.183
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-af55ab527d360ebd:host:131.196.29.46:host:172.234.197.23	SESSION-af55ab527d360ebd → host:131.196.29.46 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-20dfde969676b329:SESSION-20dfde969676b329	SESSION-20dfde969676b329 → pe:tls:SESSION-20dfde969676b329
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5278b2d1db18e971:host:172.234.197.23	SESSION-5278b2d1db18e971 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1bd78fd10af70dea:flow:1d5670e1573a	SESSION-1bd78fd10af70dea → flow:1d5670e1573a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5fe8ac015ba2db65:host:172.234.197.23:host:131.196.29.208	SESSION-5fe8ac015ba2db65 → host:172.234.197.23 → host:131.196.29.208
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8624692ea119f1f3:flow:cd284626d39c	SESSION-8624692ea119f1f3 → flow:cd284626d39c
FLOW_TO_HOSTOBS	e:to:SESSION-932a817ddabc353f:host:177.10.239.122	SESSION-932a817ddabc353f → host:177.10.239.122
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d93e05fe8ec7e58:host:172.234.197.23	SESSION-6d93e05fe8ec7e58 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a093af4fd9ab:port:tcp:443	flow:a093af4fd9ab → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d1c756fff84e2d4:host:172.234.197.23	SESSION-7d1c756fff84e2d4 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.148:asn:271410	host:131.196.29.148 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f49ef9eceb986e78:PCAP:capture_20260430110001:43611bdf6759	SESSION-f49ef9eceb986e78 → PCAP:capture_20260430110001:43611bdf6759
FLOW_TO_HOSTOBS	e:to:SESSION-51c60ff5c6e820bd:host:177.10.235.85	SESSION-51c60ff5c6e820bd → host:177.10.235.85
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-de1a59c6958513ff:PCAP:capture_20260430090001:065659c7d314	SESSION-de1a59c6958513ff → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a43b551ff0093c7:PCAP:capture_20260430060001:919b39a74464	SESSION-8a43b551ff0093c7 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ef7fe2bb78158297:host:177.10.239.185:host:172.234.197.23	SESSION-ef7fe2bb78158297 → host:177.10.239.185 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-192cf58c18726bf1:host:177.10.233.197	SESSION-192cf58c18726bf1 → host:177.10.233.197
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f3567442ac940551:flow:e8b8d9a22aa6	SESSION-f3567442ac940551 → flow:e8b8d9a22aa6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6543ef151e834843:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6543ef151e834843 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-6966225f20017b9e:host:177.10.236.143	SESSION-6966225f20017b9e → host:177.10.236.143
FLOW_DST_PORTOBS	e:fp:flow:15d2a905685b:port:udp:53	flow:15d2a905685b → port:udp:53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e76870e292a86821:host:45.173.156.94:host:172.234.197.23	SESSION-e76870e292a86821 → host:45.173.156.94 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-21a6fb1ae6879e55:SESSION-21a6fb1ae6879e55	SESSION-21a6fb1ae6879e55 → pe:tls:SESSION-21a6fb1ae6879e55
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ea9e167400c380e9:flow:11668ee1bc9c	SESSION-ea9e167400c380e9 → flow:11668ee1bc9c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2e3764b25412d87e:PCAP:capture_20260430090001:065659c7d314	SESSION-2e3764b25412d87e → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e01aa770e4fba49e:SESSION-e01aa770e4fba49e	SESSION-e01aa770e4fba49e → pe:syn:SESSION-e01aa770e4fba49e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dd1fe9b471d92d57:host:172.234.197.23:host:177.10.234.51	SESSION-dd1fe9b471d92d57 → host:172.234.197.23 → host:177.10.234.51
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c21627d8f6f11a27:host:172.234.197.23	SESSION-c21627d8f6f11a27 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c87b6a5476f5:port:tcp:5324	flow:c87b6a5476f5 → port:tcp:5324
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-74ad535621338757:flow:020c844cd4d3	SESSION-74ad535621338757 → flow:020c844cd4d3
FLOW_TO_HOSTOBS	e:to:SESSION-f580f0e619786fa7:host:172.234.197.23	SESSION-f580f0e619786fa7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.87:geo_19.07480_72.88560	host:45.145.152.87 → geo_19.07480_72.88560
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-af13e3f1012247aa:SESSION-af13e3f1012247aa	SESSION-af13e3f1012247aa → pe:syn:SESSION-af13e3f1012247aa
FLOW_DST_PORTOBS	e:fp:flow:a7a5a4376bf3:port:tcp:443	flow:a7a5a4376bf3 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.220:asn:271410	host:131.196.31.220 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6756f0bedb2cdb12:host:177.10.232.254	SESSION-6756f0bedb2cdb12 → host:177.10.232.254
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-621f2e97c51ae8e1:host:51.161.119.157	SESSION-621f2e97c51ae8e1 → host:51.161.119.157
FLOW_FROM_HOSTOBS	e:from:SESSION-c701d534f5ceb273:host:131.196.30.147	SESSION-c701d534f5ceb273 → host:131.196.30.147
FLOW_FROM_HOSTOBS	e:from:SESSION-a4b1418ed7a7a9f3:host:45.173.156.169	SESSION-a4b1418ed7a7a9f3 → host:45.173.156.169
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2966a121f8fe86e9:flow:dca142dce243	SESSION-2966a121f8fe86e9 → flow:dca142dce243
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1e2ace7c21b4da04:SESSION-1e2ace7c21b4da04	SESSION-1e2ace7c21b4da04 → pe:syn:SESSION-1e2ace7c21b4da04
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c4dd5260308cf6ea:host:131.196.29.34:host:172.234.197.23	SESSION-c4dd5260308cf6ea → host:131.196.29.34 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.73:asn:262880	host:177.10.237.73 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-a03e1a67bd79b062:host:172.234.197.23	SESSION-a03e1a67bd79b062 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-45f8302f1d804897:SESSION-45f8302f1d804897	SESSION-45f8302f1d804897 → pe:tls:SESSION-45f8302f1d804897
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3a99ef89e8b00159:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-3a99ef89e8b00159 → PCAP:capture_20260430140001:aaa9b3fc898b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.215:asn:262880	host:177.10.235.215 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f0b2e3019193f1ba:SESSION-f0b2e3019193f1ba	SESSION-f0b2e3019193f1ba → pe:syn:SESSION-f0b2e3019193f1ba
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3adb88175f99dced:PCAP:capture_20260430080001:93f47cc296a4	SESSION-3adb88175f99dced → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c8b9d154eee5d788:SESSION-c8b9d154eee5d788	SESSION-c8b9d154eee5d788 → pe:tls:SESSION-c8b9d154eee5d788
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1e69d77cebc13bf2:SESSION-1e69d77cebc13bf2	SESSION-1e69d77cebc13bf2 → pe:tls:SESSION-1e69d77cebc13bf2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-314a3839bafadb97:host:177.10.237.157:host:172.234.197.23	SESSION-314a3839bafadb97 → host:177.10.237.157 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b03f12d359ceed54:host:172.234.197.23	SESSION-b03f12d359ceed54 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7d1b2f476de49a99:host:177.10.238.161	SESSION-7d1b2f476de49a99 → host:177.10.238.161
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96c334cbd5a64077:host:103.230.240.59:host:172.234.197.23	SESSION-96c334cbd5a64077 → host:103.230.240.59 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4b00d7db41be144d:host:177.10.234.29:host:172.234.197.23	SESSION-4b00d7db41be144d → host:177.10.234.29 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.171:asn:262880	host:177.10.238.171 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-079c82b45cfad420:SESSION-079c82b45cfad420	SESSION-079c82b45cfad420 → pe:tls:SESSION-079c82b45cfad420
flow_observed5-aryOBS	e:fo:flow:46d5bf8a685f	flow:46d5bf8a685f → host:199.16.157.181 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3a082d71203d179a:host:177.10.233.168:host:172.234.197.23	SESSION-3a082d71203d179a → host:177.10.233.168 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5341bdb715fd:port:tcp:443	flow:5341bdb715fd → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-60aea8c76fce71c9:flow:adda313743fa	SESSION-60aea8c76fce71c9 → flow:adda313743fa
FLOW_TO_HOSTOBS	e:to:SESSION-ef90c0e24c7a1c11:host:177.10.233.118	SESSION-ef90c0e24c7a1c11 → host:177.10.233.118
FLOW_FROM_HOSTOBS	e:from:SESSION-5a6e84a9f98e2c60:host:177.10.237.247	SESSION-5a6e84a9f98e2c60 → host:177.10.237.247
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4fe97044eaa4ff8:SESSION-c4fe97044eaa4ff8	SESSION-c4fe97044eaa4ff8 → pe:syn:SESSION-c4fe97044eaa4ff8
flow_observed5-aryOBS	e:fo:flow:a2e6aeb28c67	flow:a2e6aeb28c67 → host:92.112.71.6 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-08eebf44a6874d1b:PCAP:capture_20260430070001:903a0e7a436b	SESSION-08eebf44a6874d1b → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-19f4ea615eaf7325:SESSION-19f4ea615eaf7325	SESSION-19f4ea615eaf7325 → pe:syn:SESSION-19f4ea615eaf7325
flow_observed5-aryOBS	e:fo:flow:0950ef508a6b	flow:0950ef508a6b → host:131.196.28.209 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-21de16798668b3a8:SESSION-21de16798668b3a8	SESSION-21de16798668b3a8 → pe:tls:SESSION-21de16798668b3a8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-674d0a1b38b3c135:host:45.173.156.44	SESSION-674d0a1b38b3c135 → host:45.173.156.44
FLOW_TO_HOSTOBS	e:to:SESSION-177c9265a29fe644:host:177.10.232.153	SESSION-177c9265a29fe644 → host:177.10.232.153
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cac7b08c7fb71f18:host:177.10.232.204	SESSION-cac7b08c7fb71f18 → host:177.10.232.204
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-17fce8ea46af65f2:host:172.234.197.23:host:177.10.232.249	SESSION-17fce8ea46af65f2 → host:172.234.197.23 → host:177.10.232.249
flow_observed4-aryOBS	e:fo:flow:1c2ad46b7d62	flow:1c2ad46b7d62 → host:172.234.197.23 → host:131.196.30.43 → port:tcp:50787
FLOW_TLS_SNIOBS	e:fs:flow:983413e2d3e3:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:983413e2d3e3 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fd6f9b80bb02e0f5:SESSION-fd6f9b80bb02e0f5	SESSION-fd6f9b80bb02e0f5 → pe:syn:SESSION-fd6f9b80bb02e0f5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2811f86b559a674a:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-2811f86b559a674a → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.165:geo_-23.62930_-46.63510	host:131.196.28.165 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9582152c6f7e826d:host:172.234.197.23	SESSION-9582152c6f7e826d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.10:asn:262880	host:177.10.239.10 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.153:asn:262880	host:177.10.235.153 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f5941954cc437ab4:host:45.173.156.146:host:172.234.197.23	SESSION-f5941954cc437ab4 → host:45.173.156.146 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6c4ed0368ffe58f8:PCAP:capture_20260430080001:93f47cc296a4	SESSION-6c4ed0368ffe58f8 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-44f16a8e9c86ada8:SESSION-44f16a8e9c86ada8	SESSION-44f16a8e9c86ada8 → pe:tls:SESSION-44f16a8e9c86ada8
FLOW_FROM_HOSTOBS	e:from:SESSION-f40be42edcf6e8ed:host:131.196.31.190	SESSION-f40be42edcf6e8ed → host:131.196.31.190
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5c85963c9f133e2:host:172.234.197.23	SESSION-a5c85963c9f133e2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-31b6c18ffff74955:PCAP:capture_20260430060001:919b39a74464	SESSION-31b6c18ffff74955 → PCAP:capture_20260430060001:919b39a74464
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.9:geo_-16.28860_-49.01640	host:177.10.238.9 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-537378f36f2f8a26:host:45.173.156.99	SESSION-537378f36f2f8a26 → host:45.173.156.99
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-75cb9fe69e287da9:host:172.234.197.23	SESSION-75cb9fe69e287da9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-49b6ef2582cca14b:host:177.10.234.147:host:172.234.197.23	SESSION-49b6ef2582cca14b → host:177.10.234.147 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ddce067a4751:port:tcp:48821	flow:ddce067a4751 → port:tcp:48821
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-361f1ea86b9f3cf3:host:177.10.236.253:host:172.234.197.23	SESSION-361f1ea86b9f3cf3 → host:177.10.236.253 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:04241806c2ac	flow:04241806c2ac → host:177.10.237.111 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-200a4f7a7e5b3996:host:177.10.238.228	SESSION-200a4f7a7e5b3996 → host:177.10.238.228
flow_observed5-aryOBS	e:fo:flow:84cb2f5c2276	flow:84cb2f5c2276 → host:131.196.30.91 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-843bbb86e5601bd5:host:131.196.31.142:host:172.234.197.23	SESSION-843bbb86e5601bd5 → host:131.196.31.142 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-921486915e849834:flow:3af72bc41bd9	SESSION-921486915e849834 → flow:3af72bc41bd9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ff7dac0188fe8fcb:PCAP:capture_20260430050001:8868731bf8a4	SESSION-ff7dac0188fe8fcb → PCAP:capture_20260430050001:8868731bf8a4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.38:geo_-16.28860_-49.01640	host:177.10.233.38 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:116.235.165.166:asn:4812	host:116.235.165.166 → asn:4812
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-36a0a9e003021f23:host:51.75.171.21	SESSION-36a0a9e003021f23 → host:51.75.171.21
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6dacc3093e29f894:host:172.234.197.23	SESSION-6dacc3093e29f894 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9c825a37bb7881b6:SESSION-9c825a37bb7881b6	SESSION-9c825a37bb7881b6 → pe:tls:SESSION-9c825a37bb7881b6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-17000fdd70ecbf97:PCAP:capture_20260430160001:9bfa4498506a	SESSION-17000fdd70ecbf97 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3c17e2540d05f4c2:SESSION-3c17e2540d05f4c2	SESSION-3c17e2540d05f4c2 → pe:tls:SESSION-3c17e2540d05f4c2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.44:geo_-21.10010_-41.69200	host:45.173.156.44 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:72d2c02dbed4:port:tcp:443	flow:72d2c02dbed4 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:3639fff40dd8	flow:3639fff40dd8 → host:177.10.234.176 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:26f9905a5f90	flow:26f9905a5f90 → host:172.234.197.23 → host:177.10.238.204 → port:tcp:39743
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9e0dcae8b099ffa5:host:177.10.234.115:host:172.234.197.23	SESSION-9e0dcae8b099ffa5 → host:177.10.234.115 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.200:geo_41.00190_28.96450	host:95.170.25.200 → geo_41.00190_28.96450
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ed79241b929fab43:SESSION-ed79241b929fab43	SESSION-ed79241b929fab43 → pe:tls:SESSION-ed79241b929fab43
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1b9603c0e1ea765:host:131.196.30.244	SESSION-c1b9603c0e1ea765 → host:131.196.30.244
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d941eb7985d54eff:SESSION-d941eb7985d54eff	SESSION-d941eb7985d54eff → pe:syn:SESSION-d941eb7985d54eff
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ddbd1238f020bf6b:SESSION-ddbd1238f020bf6b	SESSION-ddbd1238f020bf6b → pe:syn:SESSION-ddbd1238f020bf6b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4e79bdabe92472fb:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-4e79bdabe92472fb → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-fe84550c6b54c988:host:172.234.197.23	SESSION-fe84550c6b54c988 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-5cb36fee7e75b97b:BSG-BEACON-f5e7c8616dbf	SESSION-5cb36fee7e75b97b → BSG-BEACON-f5e7c8616dbf
flow_observed5-aryOBS	e:fo:flow:358bac299cb2	flow:358bac299cb2 → host:177.10.237.32 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:a66f17d65208	flow:a66f17d65208 → host:177.10.234.234 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-942872364f4f0f53:flow:0256f21cd65f	SESSION-942872364f4f0f53 → flow:0256f21cd65f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-596b6c60b11eaa92:host:172.234.197.23	SESSION-596b6c60b11eaa92 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f5a08fe68832616d:PCAP:capture_20260430150001:ded20914761d	SESSION-f5a08fe68832616d → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3c282c87f3b4a743:SESSION-3c282c87f3b4a743	SESSION-3c282c87f3b4a743 → pe:tls:SESSION-3c282c87f3b4a743
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f3cf945d3d1ddd41:SESSION-f3cf945d3d1ddd41	SESSION-f3cf945d3d1ddd41 → pe:tls:SESSION-f3cf945d3d1ddd41
FLOW_DST_PORTOBS	e:fp:flow:98496b0aeabc:port:tcp:443	flow:98496b0aeabc → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-dca77cba3fb011ca:host:177.10.238.205	SESSION-dca77cba3fb011ca → host:177.10.238.205
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.153:geo_-21.10010_-41.69200	host:45.173.156.153 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:05ef58c38b72:port:tcp:443	flow:05ef58c38b72 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b836173867007d89:host:177.10.232.195	SESSION-b836173867007d89 → host:177.10.232.195
flow_observed5-aryOBS	e:fo:flow:1a8a06fabc44	flow:1a8a06fabc44 → host:177.10.232.184 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-854a13cbd553e198:host:172.234.197.23	SESSION-854a13cbd553e198 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-518ecd8ebc2250f7:SESSION-518ecd8ebc2250f7	SESSION-518ecd8ebc2250f7 → pe:tls:SESSION-518ecd8ebc2250f7
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.107:geo_-16.28860_-49.01640	host:177.10.237.107 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-576e43142f03a150:flow:68a63bdf73f4	SESSION-576e43142f03a150 → flow:68a63bdf73f4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c5ea1449320ef78b:host:95.135.228.14	SESSION-c5ea1449320ef78b → host:95.135.228.14
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-309223c775254000:host:172.232.0.16	SESSION-309223c775254000 → host:172.232.0.16
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-87edcc7df5436fbe:flow:1e6d3fc93a23	SESSION-87edcc7df5436fbe → flow:1e6d3fc93a23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-09cf18cd582e793d:SESSION-09cf18cd582e793d	SESSION-09cf18cd582e793d → pe:syn:SESSION-09cf18cd582e793d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f255eba3b0795a16:SESSION-f255eba3b0795a16	SESSION-f255eba3b0795a16 → pe:tls:SESSION-f255eba3b0795a16
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1fd73a09d62d6f89:host:172.234.197.23:host:177.10.237.11	SESSION-1fd73a09d62d6f89 → host:172.234.197.23 → host:177.10.237.11
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eaae06fce38c131f:host:177.10.232.67	SESSION-eaae06fce38c131f → host:177.10.232.67
FLOW_TO_HOSTOBS	e:to:SESSION-20dfde969676b329:host:177.10.239.9	SESSION-20dfde969676b329 → host:177.10.239.9
FLOW_QUERIED_DNSOBS	e:fd:flow:8e45fdb23cc0:dns:172-234-197-23.ip.linodeusercontent.com	flow:8e45fdb23cc0 → dns:172-234-197-23.ip.linodeusercontent.com
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.99:geo_-23.62930_-46.63510	host:131.196.28.99 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ef41947f9929862:host:131.196.28.142	SESSION-8ef41947f9929862 → host:131.196.28.142
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.128:geo_-23.62930_-46.63510	host:131.196.30.128 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-be0f12df58cf6d46:SESSION-be0f12df58cf6d46	SESSION-be0f12df58cf6d46 → pe:tls:SESSION-be0f12df58cf6d46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1600cc83b8cea24d:SESSION-1600cc83b8cea24d	SESSION-1600cc83b8cea24d → pe:tls:SESSION-1600cc83b8cea24d
FLOW_FROM_HOSTOBS	e:from:SESSION-5c439db2cd1990c9:host:177.10.233.212	SESSION-5c439db2cd1990c9 → host:177.10.233.212
FLOW_FROM_HOSTOBS	e:from:SESSION-8098f7aeb1e3da6f:host:13.60.168.200	SESSION-8098f7aeb1e3da6f → host:13.60.168.200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2b523e88f9ec69c3:flow:478fb2a48727	SESSION-2b523e88f9ec69c3 → flow:478fb2a48727
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a5bede5fedae88e0:flow:358bac299cb2	SESSION-a5bede5fedae88e0 → flow:358bac299cb2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3bfa302feda190a0:SESSION-3bfa302feda190a0	SESSION-3bfa302feda190a0 → pe:tls:SESSION-3bfa302feda190a0
FLOW_DST_PORTOBS	e:fp:flow:f35a1591b089:port:tcp:443	flow:f35a1591b089 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-474ea5236769f0a3:SESSION-474ea5236769f0a3	SESSION-474ea5236769f0a3 → pe:syn:SESSION-474ea5236769f0a3
flow_observed5-aryOBS	e:fo:flow:b65737236159	flow:b65737236159 → host:45.173.156.165 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-999a3a68382b7707:host:172.234.197.23:host:131.196.28.90	SESSION-999a3a68382b7707 → host:172.234.197.23 → host:131.196.28.90
FLOW_FROM_HOSTOBS	e:from:SESSION-85383edd293fa3f5:host:172.234.197.23	SESSION-85383edd293fa3f5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e89e6db9824c:port:tcp:38524	flow:e89e6db9824c → port:tcp:38524
FLOW_TO_HOSTOBS	e:to:SESSION-caf71fb423b46c4a:host:172.234.197.23	SESSION-caf71fb423b46c4a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7034c460bd0f5720:host:172.234.197.23	SESSION-7034c460bd0f5720 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a5ceca64359b9f0d:flow:ae90b115280a	SESSION-a5ceca64359b9f0d → flow:ae90b115280a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-17e08e972fb579a9:host:177.10.233.17	SESSION-17e08e972fb579a9 → host:177.10.233.17
flow_observed5-aryOBS	e:fo:flow:1896f5231e74	flow:1896f5231e74 → host:177.10.237.74 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-608f057a6e6e376d:host:172.232.0.17	SESSION-608f057a6e6e376d → host:172.232.0.17
FLOW_FROM_HOSTOBS	e:from:SESSION-1d0453327d6800ed:host:172.234.197.23	SESSION-1d0453327d6800ed → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4b447e1896cf3c7e:flow:ee2868577a4b	SESSION-4b447e1896cf3c7e → flow:ee2868577a4b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-97537ed6358a20d5:flow:a5cf2da74863	SESSION-97537ed6358a20d5 → flow:a5cf2da74863
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d1df89a4cf6f008:host:172.234.197.23	SESSION-4d1df89a4cf6f008 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a03dc7893b60925b:flow:abbbcfb7d5c1	SESSION-a03dc7893b60925b → flow:abbbcfb7d5c1
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bfa418bfe374bf06:host:177.10.235.222:host:172.234.197.23	SESSION-bfa418bfe374bf06 → host:177.10.235.222 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2966a121f8fe86e9:host:172.234.197.23	SESSION-2966a121f8fe86e9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9af6eb1ce6cb824f:SESSION-9af6eb1ce6cb824f	SESSION-9af6eb1ce6cb824f → pe:tls:SESSION-9af6eb1ce6cb824f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a038f6735218c73a:host:177.10.233.134:host:172.234.197.23	SESSION-a038f6735218c73a → host:177.10.233.134 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:efdc052f98d7	flow:efdc052f98d7 → host:57.128.95.174 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-ae6c5a18819e9434:host:172.234.197.23	SESSION-ae6c5a18819e9434 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4fb8a50f2916880:host:131.196.30.87:host:172.234.197.23	SESSION-d4fb8a50f2916880 → host:131.196.30.87 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.252:geo_-16.28860_-49.01640	host:177.10.233.252 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:45.145.152.51:asn:203771	host:45.145.152.51 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:5b3d50f7cdb9:port:tcp:443	flow:5b3d50f7cdb9 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ad4604a15181cb67:flow:b4e10c7cf700	SESSION-ad4604a15181cb67 → flow:b4e10c7cf700
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-770902b82fea5ce5:PCAP:capture_20260430070001:903a0e7a436b	SESSION-770902b82fea5ce5 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed4-aryOBS	e:fo:flow:a453e4e4270f	flow:a453e4e4270f → host:172.234.197.23 → host:45.173.156.43 → port:tcp:13503
FLOW_TO_HOSTOBS	e:to:SESSION-7f56efcee303c963:host:177.10.233.48	SESSION-7f56efcee303c963 → host:177.10.233.48
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2646f5b9f41a01d2:host:172.234.197.23	SESSION-2646f5b9f41a01d2 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.75:geo_-16.28860_-49.01640	host:177.10.235.75 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:70352ab28497:port:tcp:443	flow:70352ab28497 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7ac9bb77fb56e773:host:172.234.197.23	SESSION-7ac9bb77fb56e773 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:23c6fe3291b5	flow:23c6fe3291b5 → host:172.234.197.23 → host:177.10.232.24 → port:tcp:18686
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2dd011a07497df56:flow:f74e1adaf7ce	SESSION-2dd011a07497df56 → flow:f74e1adaf7ce
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-98c12e77f111e64e:SESSION-98c12e77f111e64e	SESSION-98c12e77f111e64e → pe:tls:SESSION-98c12e77f111e64e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-76aff26f067fcb92:SESSION-76aff26f067fcb92	SESSION-76aff26f067fcb92 → pe:syn:SESSION-76aff26f067fcb92
FLOW_TO_HOSTOBS	e:to:SESSION-8417b06622c43718:host:172.234.197.23	SESSION-8417b06622c43718 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-08463d47d249df1d:SESSION-08463d47d249df1d	SESSION-08463d47d249df1d → pe:syn:SESSION-08463d47d249df1d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c422154c7899227e:host:177.10.234.192:host:172.234.197.23	SESSION-c422154c7899227e → host:177.10.234.192 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-036bdbf16af23428:host:172.234.197.23	SESSION-036bdbf16af23428 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a5d8002765cb7d3:host:177.10.239.136	SESSION-6a5d8002765cb7d3 → host:177.10.239.136
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-30b7709547a366f1:PCAP:capture_20260430080001:93f47cc296a4	SESSION-30b7709547a366f1 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2996f9b3a522abad:host:172.234.197.23	SESSION-2996f9b3a522abad → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-62b0720ae8fecbf5:host:45.173.156.233	SESSION-62b0720ae8fecbf5 → host:45.173.156.233
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e812ffe43c670dc:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7e812ffe43c670dc → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-0414bb340c93930b:host:172.234.197.23	SESSION-0414bb340c93930b → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-677c9237241fc75d:host:172.234.197.23	SESSION-677c9237241fc75d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.45:geo_-23.62930_-46.63510	host:131.196.31.45 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-af4f3fe4058b61ab:host:172.234.197.23	SESSION-af4f3fe4058b61ab → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f158e3bc319e69c7:host:172.234.197.23	SESSION-f158e3bc319e69c7 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8189545896e60c84:flow:dd46417013ed	SESSION-8189545896e60c84 → flow:dd46417013ed
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5a5092ccda361ecd:host:172.234.197.23	SESSION-5a5092ccda361ecd → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-381a0e70ba36b75c:host:172.234.197.23	SESSION-381a0e70ba36b75c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:19f7959faebc:port:tcp:57185	flow:19f7959faebc → port:tcp:57185
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6543ef151e834843:flow:ed345c26d220	SESSION-6543ef151e834843 → flow:ed345c26d220
FLOW_DST_PORTOBS	e:fp:flow:be1f0d23506c:port:tcp:443	flow:be1f0d23506c → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5c80786b4900f92c:flow:4383ccc27ae9	SESSION-5c80786b4900f92c → flow:4383ccc27ae9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5d5d721b5ee8bbbc:host:104.28.202.80:host:172.234.197.23	SESSION-5d5d721b5ee8bbbc → host:104.28.202.80 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-714dd24b305adb19:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-714dd24b305adb19 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-386a52b5a647d101:host:172.234.197.23	SESSION-386a52b5a647d101 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:fd28f4299f57:port:tcp:443	flow:fd28f4299f57 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8402a55882de6bd8:SESSION-8402a55882de6bd8	SESSION-8402a55882de6bd8 → pe:tls:SESSION-8402a55882de6bd8
FLOW_TO_HOSTOBS	e:to:SESSION-91da8f4807f085e6:host:177.10.235.225	SESSION-91da8f4807f085e6 → host:177.10.235.225
FLOW_FROM_HOSTOBS	e:from:SESSION-020ce81cb9d50ce5:host:177.10.234.87	SESSION-020ce81cb9d50ce5 → host:177.10.234.87
FLOW_TO_HOSTOBS	e:to:SESSION-c7b20ceba4f49bfd:host:172.234.197.23	SESSION-c7b20ceba4f49bfd → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3c4b26c6586f:port:tcp:443	flow:3c4b26c6586f → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:ced56e2b617e	flow:ced56e2b617e → host:177.10.237.166 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.103:geo_-23.62930_-46.63510	host:131.196.30.103 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9ab55f3989857eec:PCAP:capture_20260430160001:9bfa4498506a	SESSION-9ab55f3989857eec → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b117f2a3fa82af67:host:172.234.197.23	SESSION-b117f2a3fa82af67 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d298b81348e9:port:tcp:443	flow:d298b81348e9 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c9d4e1b0711d4507:flow:7d9a7cb09d6c	SESSION-c9d4e1b0711d4507 → flow:7d9a7cb09d6c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8c60a94331c3e233:SESSION-8c60a94331c3e233	SESSION-8c60a94331c3e233 → pe:syn:SESSION-8c60a94331c3e233
FLOW_TO_HOSTOBS	e:to:SESSION-81a82597e7e06ed6:host:177.10.234.140	SESSION-81a82597e7e06ed6 → host:177.10.234.140
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3afd88a73e32b466:PCAP:capture_20260430150001:ded20914761d	SESSION-3afd88a73e32b466 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-19f74a6b62d527a5:host:177.10.233.59	SESSION-19f74a6b62d527a5 → host:177.10.233.59
FLOW_DST_PORTOBS	e:fp:flow:3791da589f61:port:tcp:443	flow:3791da589f61 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6bca989f2c390047:SESSION-6bca989f2c390047	SESSION-6bca989f2c390047 → pe:syn:SESSION-6bca989f2c390047
FLOW_FROM_HOSTOBS	e:from:SESSION-486ff38c4390c341:host:54.201.244.199	SESSION-486ff38c4390c341 → host:54.201.244.199
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5cc5078bf4d23558:flow:8a02ab7093dd	SESSION-5cc5078bf4d23558 → flow:8a02ab7093dd
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-67ec60ac13d58093:flow:4c205cbdc775	SESSION-67ec60ac13d58093 → flow:4c205cbdc775
FLOW_DST_PORTOBS	e:fp:flow:2ff80900d1bb:port:tcp:28362	flow:2ff80900d1bb → port:tcp:28362
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9cc387e98cb8cb82:SESSION-9cc387e98cb8cb82	SESSION-9cc387e98cb8cb82 → pe:tls:SESSION-9cc387e98cb8cb82
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-14a74b0f0f76c3f9:SESSION-14a74b0f0f76c3f9	SESSION-14a74b0f0f76c3f9 → pe:tls:SESSION-14a74b0f0f76c3f9
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.18:asn:262880	host:177.10.234.18 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5fc80192f398e14d:SESSION-5fc80192f398e14d	SESSION-5fc80192f398e14d → pe:tls:SESSION-5fc80192f398e14d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-68282fbeb04671d9:SESSION-68282fbeb04671d9	SESSION-68282fbeb04671d9 → pe:tls:SESSION-68282fbeb04671d9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a2a075c2c818644a:flow:d7bc32b0bd73	SESSION-a2a075c2c818644a → flow:d7bc32b0bd73
flow_observed5-aryOBS	e:fo:flow:b6d5152a3f3a	flow:b6d5152a3f3a → host:177.10.233.185 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-266bac80b9ef8487:host:172.234.197.23:host:45.173.156.219	SESSION-266bac80b9ef8487 → host:172.234.197.23 → host:45.173.156.219
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6d93e05fe8ec7e58:host:131.196.29.35:host:172.234.197.23	SESSION-6d93e05fe8ec7e58 → host:131.196.29.35 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:f58fa910255a	flow:f58fa910255a → host:172.234.197.23 → host:131.196.30.67 → port:tcp:41936
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f83bf77e11c8adb3:flow:f966ec2c5ed6	SESSION-f83bf77e11c8adb3 → flow:f966ec2c5ed6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b5ce2843c92e119:host:172.234.197.23	SESSION-4b5ce2843c92e119 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-76ac71b30f764df7:PCAP:capture_20260430150001:ded20914761d	SESSION-76ac71b30f764df7 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6d3dc2c705a19d83:flow:b01ee652321d	SESSION-6d3dc2c705a19d83 → flow:b01ee652321d
FLOW_FROM_HOSTOBS	e:from:SESSION-f7273aea3ec9beab:host:172.234.197.23	SESSION-f7273aea3ec9beab → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-164cf6eccbbca478:host:172.94.9.253	SESSION-164cf6eccbbca478 → host:172.94.9.253
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-68c9571f275cd182:PCAP:capture_20260430060001:919b39a74464	SESSION-68c9571f275cd182 → PCAP:capture_20260430060001:919b39a74464
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.199:geo_-16.28860_-49.01640	host:177.10.234.199 → geo_-16.28860_-49.01640
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-ac9ecab386602d8f:BSG-BEACON-858e4f4e4626	SESSION-ac9ecab386602d8f → BSG-BEACON-858e4f4e4626
FLOW_DST_PORTOBS	e:fp:flow:b68288d4d571:port:tcp:443	flow:b68288d4d571 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-15539e18bbfcb0e8:host:131.196.30.12:host:172.234.197.23	SESSION-15539e18bbfcb0e8 → host:131.196.30.12 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-74188080b03487af:host:172.234.197.23:host:45.173.156.201	SESSION-74188080b03487af → host:172.234.197.23 → host:45.173.156.201
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7f008aa22e7b680c:host:172.234.197.23:host:131.196.29.46	SESSION-7f008aa22e7b680c → host:172.234.197.23 → host:131.196.29.46
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4d1e35f842f44326:flow:f2d1957f48c3	SESSION-4d1e35f842f44326 → flow:f2d1957f48c3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a55a830d22fea90d:host:131.196.29.130	SESSION-a55a830d22fea90d → host:131.196.29.130
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8b14f4f7e9ebbac1:SESSION-8b14f4f7e9ebbac1	SESSION-8b14f4f7e9ebbac1 → pe:syn:SESSION-8b14f4f7e9ebbac1
flow_observed5-aryOBS	e:fo:flow:f4a69c79331f	flow:f4a69c79331f → host:45.173.156.183 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:d44f21536855	flow:d44f21536855 → host:177.10.239.62 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2a0d556a7af957b2:SESSION-2a0d556a7af957b2	SESSION-2a0d556a7af957b2 → pe:syn:SESSION-2a0d556a7af957b2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f6c732897c2ca80c:flow:95e6c73ff7d7	SESSION-f6c732897c2ca80c → flow:95e6c73ff7d7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4013c9000873101b:SESSION-4013c9000873101b	SESSION-4013c9000873101b → pe:tls:SESSION-4013c9000873101b
FLOW_FROM_HOSTOBS	e:from:SESSION-b5a3cad014cd3066:host:177.10.233.185	SESSION-b5a3cad014cd3066 → host:177.10.233.185
flow_observed4-aryOBS	e:fo:flow:6b19deea6359	flow:6b19deea6359 → host:172.234.197.23 → host:177.10.235.75 → port:tcp:63370
FLOW_TO_HOSTOBS	e:to:SESSION-1acc74ca4adb622d:host:172.234.197.23	SESSION-1acc74ca4adb622d → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:227ec883bf24	flow:227ec883bf24 → host:172.234.197.23 → host:131.196.31.6 → port:tcp:858
FLOW_DST_PORTOBS	e:fp:flow:a7ced61ba274:port:tcp:443	flow:a7ced61ba274 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5048c6b31ef60c96:host:172.234.197.23	SESSION-5048c6b31ef60c96 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-87843d3af97b013e:host:177.10.232.55:host:172.234.197.23	SESSION-87843d3af97b013e → host:177.10.232.55 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.239:asn:271410	host:131.196.30.239 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2d3ff3dcf229051b:flow:85d29f3e7626	SESSION-2d3ff3dcf229051b → flow:85d29f3e7626
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a1e631f6e627b67d:PCAP:capture_20260430050001:8868731bf8a4	SESSION-a1e631f6e627b67d → PCAP:capture_20260430050001:8868731bf8a4
FLOW_TO_HOSTOBS	e:to:SESSION-e67ae3320dee0238:host:172.234.197.23	SESSION-e67ae3320dee0238 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0b8c772918251267:host:172.234.197.23	SESSION-0b8c772918251267 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5a5092ccda361ecd:host:177.10.237.226	SESSION-5a5092ccda361ecd → host:177.10.237.226
FLOW_TO_HOSTOBS	e:to:SESSION-0427ab07f20fae31:host:172.234.197.23	SESSION-0427ab07f20fae31 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-47699582b69b5d99:host:177.10.239.107	SESSION-47699582b69b5d99 → host:177.10.239.107
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.242:asn:271410	host:131.196.31.242 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b045e9fec039082:SESSION-5b045e9fec039082	SESSION-5b045e9fec039082 → pe:syn:SESSION-5b045e9fec039082
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-58fb8de1a3a0b1f1:PCAP:capture_20260430080001:93f47cc296a4	SESSION-58fb8de1a3a0b1f1 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-6a72e7bc5d973ed2:host:172.234.197.23	SESSION-6a72e7bc5d973ed2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ab491f454947df2e:host:172.234.197.23	SESSION-ab491f454947df2e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a1cda6283fa3945:host:177.10.233.239	SESSION-4a1cda6283fa3945 → host:177.10.233.239
FLOW_FROM_HOSTOBS	e:from:SESSION-d6a7aaaa54e7dd63:host:177.10.233.125	SESSION-d6a7aaaa54e7dd63 → host:177.10.233.125
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c98a634aa4cfbed2:host:172.234.197.23	SESSION-c98a634aa4cfbed2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4f8f4fc610e76fd:host:172.234.197.23	SESSION-c4f8f4fc610e76fd → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6054bbc1a24cbf34:SESSION-6054bbc1a24cbf34	SESSION-6054bbc1a24cbf34 → pe:tls:SESSION-6054bbc1a24cbf34
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89957ac1ec870b87:host:177.10.239.174	SESSION-89957ac1ec870b87 → host:177.10.239.174
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dd8a89b380cdaceb:host:177.10.236.116:host:172.234.197.23	SESSION-dd8a89b380cdaceb → host:177.10.236.116 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5ceca64359b9f0d:host:177.10.238.211	SESSION-a5ceca64359b9f0d → host:177.10.238.211
FLOW_FROM_HOSTOBS	e:from:SESSION-4fd5cc70e8cf2108:host:177.10.233.230	SESSION-4fd5cc70e8cf2108 → host:177.10.233.230
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-f3cf60c38091a57a:BSG-BEACON-cac69090d49b	SESSION-f3cf60c38091a57a → BSG-BEACON-cac69090d49b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8cc58a61b872e266:flow:9573429a84e3	SESSION-8cc58a61b872e266 → flow:9573429a84e3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-18e7a18371a0d1bf:host:172.234.197.23:host:131.196.29.196	SESSION-18e7a18371a0d1bf → host:172.234.197.23 → host:131.196.29.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fdca441bb1b3810b:host:172.234.197.23	SESSION-fdca441bb1b3810b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6350f63c148b5b0b:SESSION-6350f63c148b5b0b	SESSION-6350f63c148b5b0b → pe:syn:SESSION-6350f63c148b5b0b
flow_observed4-aryOBS	e:fo:flow:d0a8864bb9eb	flow:d0a8864bb9eb → host:172.234.197.23 → host:177.10.232.27 → port:tcp:36337
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8b858978950d9ddc:flow:72799e7cd136	SESSION-8b858978950d9ddc → flow:72799e7cd136
FLOW_FROM_HOSTOBS	e:from:SESSION-cf85e37468f1ff86:host:177.10.233.59	SESSION-cf85e37468f1ff86 → host:177.10.233.59
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d077f88c61181481:PCAP:capture_20260430070001:903a0e7a436b	SESSION-d077f88c61181481 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:6e3867982415	flow:6e3867982415 → host:177.10.234.166 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9042bd9c6a81d17:host:177.10.237.4	SESSION-a9042bd9c6a81d17 → host:177.10.237.4
flow_observed3-aryOBS	e:fo:flow:9a015298b4d0	flow:9a015298b4d0 → host:69.235.185.81 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:03576699bee3	flow:03576699bee3 → host:172.234.197.23 → host:177.10.235.78 → port:tcp:22869
FLOW_TO_HOSTOBS	e:to:SESSION-9335dee651513692:host:172.234.197.23	SESSION-9335dee651513692 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:f40ed084376e	flow:f40ed084376e → host:172.234.197.23 → host:45.173.156.38 → port:tcp:25993
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fcd4658ed0002284:host:172.234.197.23	SESSION-fcd4658ed0002284 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:4709033d4574	flow:4709033d4574 → host:172.234.197.23 → host:131.196.31.58 → port:tcp:9505
FLOW_DST_PORTOBS	e:fp:flow:22e70f9a44d8:port:tcp:35065	flow:22e70f9a44d8 → port:tcp:35065
flow_observed5-aryOBS	e:fo:flow:db631979fcd2	flow:db631979fcd2 → host:131.196.31.221 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1e69d77cebc13bf2:SESSION-1e69d77cebc13bf2	SESSION-1e69d77cebc13bf2 → pe:syn:SESSION-1e69d77cebc13bf2
FLOW_TO_HOSTOBS	e:to:SESSION-44f16a8e9c86ada8:host:172.234.197.23	SESSION-44f16a8e9c86ada8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f57871a7505a0a35:SESSION-f57871a7505a0a35	SESSION-f57871a7505a0a35 → pe:tls:SESSION-f57871a7505a0a35
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-266bac80b9ef8487:flow:29e57c1817e3	SESSION-266bac80b9ef8487 → flow:29e57c1817e3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c59147b81bc92a14:SESSION-c59147b81bc92a14	SESSION-c59147b81bc92a14 → pe:tls:SESSION-c59147b81bc92a14
FLOW_DST_PORTOBS	e:fp:flow:81504a5f849a:port:tcp:27798	flow:81504a5f849a → port:tcp:27798
flow_observed5-aryOBS	e:fo:flow:a151816abb36	flow:a151816abb36 → host:177.10.239.234 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1a14827dc654457:host:172.234.197.23	SESSION-c1a14827dc654457 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-154a0a352559b94b:SESSION-154a0a352559b94b	SESSION-154a0a352559b94b → pe:syn:SESSION-154a0a352559b94b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3d526a62cd76fa97:SESSION-3d526a62cd76fa97	SESSION-3d526a62cd76fa97 → pe:syn:SESSION-3d526a62cd76fa97
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f0d0c8f73043707f:PCAP:capture_20260430090001:065659c7d314	SESSION-f0d0c8f73043707f → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9868c83546c2d563:host:172.234.197.23	SESSION-9868c83546c2d563 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fab752fe97090e4a:host:177.10.238.135	SESSION-fab752fe97090e4a → host:177.10.238.135
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-543230bb149abbcc:host:45.173.156.254:host:172.234.197.23	SESSION-543230bb149abbcc → host:45.173.156.254 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9427f5c2202c5258:SESSION-9427f5c2202c5258	SESSION-9427f5c2202c5258 → pe:syn:SESSION-9427f5c2202c5258
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3831f1a5ed6fd2c0:SESSION-3831f1a5ed6fd2c0	SESSION-3831f1a5ed6fd2c0 → pe:syn:SESSION-3831f1a5ed6fd2c0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51257a0fcd8d6a04:host:172.234.197.23:host:131.196.28.240	SESSION-51257a0fcd8d6a04 → host:172.234.197.23 → host:131.196.28.240
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c97208f3d5d9be26:SESSION-c97208f3d5d9be26	SESSION-c97208f3d5d9be26 → pe:tls:SESSION-c97208f3d5d9be26
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5a4d952075d0ee24:flow:73763aa195b9	SESSION-5a4d952075d0ee24 → flow:73763aa195b9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ddc324b0d6a8eb6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1ddc324b0d6a8eb6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-587fbc18dc61ddb0:SESSION-587fbc18dc61ddb0	SESSION-587fbc18dc61ddb0 → pe:syn:SESSION-587fbc18dc61ddb0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bff0487aa2cdf6e6:SESSION-bff0487aa2cdf6e6	SESSION-bff0487aa2cdf6e6 → pe:tls:SESSION-bff0487aa2cdf6e6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a24ab62cbf4deb47:host:172.234.197.23	SESSION-a24ab62cbf4deb47 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-938eb42ac2c00523:flow:9c47255c861d	SESSION-938eb42ac2c00523 → flow:9c47255c861d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c4adfb3e188a176:host:177.10.236.157	SESSION-4c4adfb3e188a176 → host:177.10.236.157
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.149:asn:262880	host:177.10.239.149 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-484d7e89f92d0359:host:172.234.197.23:host:177.10.234.36	SESSION-484d7e89f92d0359 → host:172.234.197.23 → host:177.10.234.36
FLOW_DST_PORTOBS	e:fp:flow:af4d6e2418ef:port:tcp:443	flow:af4d6e2418ef → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.160:asn:271410	host:131.196.28.160 → asn:271410
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-d4992d20c4573840:BSG-DATA_EXFIL-d7434e5e712b	SESSION-d4992d20c4573840 → BSG-DATA_EXFIL-d7434e5e712b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d0cb11649434d08c:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-d0cb11649434d08c → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-5257ce7e592379ae:host:172.234.197.23	SESSION-5257ce7e592379ae → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e09e8a3cbea3c18a:SESSION-e09e8a3cbea3c18a	SESSION-e09e8a3cbea3c18a → pe:syn:SESSION-e09e8a3cbea3c18a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-22c25719fd1e6342:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-22c25719fd1e6342 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-9a207ecea3558884:host:172.234.197.23	SESSION-9a207ecea3558884 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ff9e39cb371b24f:host:172.234.197.23:host:131.196.29.249	SESSION-1ff9e39cb371b24f → host:172.234.197.23 → host:131.196.29.249
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8de37a87806b5e4:host:177.10.235.252	SESSION-e8de37a87806b5e4 → host:177.10.235.252
flow_observed5-aryOBS	e:fo:flow:6413836dd819	flow:6413836dd819 → host:131.196.30.114 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef3fadfeb89ec1c3:host:37.221.79.198	SESSION-ef3fadfeb89ec1c3 → host:37.221.79.198
FLOW_FROM_HOSTOBS	e:from:SESSION-d941eb7985d54eff:host:172.234.197.23	SESSION-d941eb7985d54eff → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.70:asn:271410	host:131.196.29.70 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bc6a5831c46f644f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-bc6a5831c46f644f → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-75f19254cb816cbd:flow:db22ad525c01	SESSION-75f19254cb816cbd → flow:db22ad525c01
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a3a44f67a1174447:PCAP:capture_20260428010001:b1b402c7b202	SESSION-a3a44f67a1174447 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4e339b9f879a911:host:37.221.79.52	SESSION-d4e339b9f879a911 → host:37.221.79.52
FLOW_TO_HOSTOBS	e:to:SESSION-0e6800c9c0f40710:host:172.234.197.23	SESSION-0e6800c9c0f40710 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4d9a4406bd7b3b41:host:172.234.197.23	SESSION-4d9a4406bd7b3b41 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.79:asn:262880	host:177.10.237.79 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e576d93486607572:flow:ab4ab2abbcf9	SESSION-e576d93486607572 → flow:ab4ab2abbcf9
FLOW_TO_HOSTOBS	e:to:SESSION-ca1727d5d29ffb7f:host:45.173.156.92	SESSION-ca1727d5d29ffb7f → host:45.173.156.92
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c390a73ee41b4c6d:host:103.230.240.59:host:172.234.197.23	SESSION-c390a73ee41b4c6d → host:103.230.240.59 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-801ebd343e287ece:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-801ebd343e287ece → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-eac07967aaca78dc:host:177.10.237.159	SESSION-eac07967aaca78dc → host:177.10.237.159
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f78775658cb84616:SESSION-f78775658cb84616	SESSION-f78775658cb84616 → pe:tls:SESSION-f78775658cb84616
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d60c66268e099206:PCAP:capture_20260430110001:43611bdf6759	SESSION-d60c66268e099206 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-102bebe502918f62:flow:0fd68f9b352a	SESSION-102bebe502918f62 → flow:0fd68f9b352a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c7ece8090c9a4b7f:SESSION-c7ece8090c9a4b7f	SESSION-c7ece8090c9a4b7f → pe:tls:SESSION-c7ece8090c9a4b7f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a4b43b46bbfc9c3:host:177.10.233.22:host:172.234.197.23	SESSION-0a4b43b46bbfc9c3 → host:177.10.233.22 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9e2a4babdc2dc965:host:185.231.226.226:host:172.234.197.23	SESSION-9e2a4babdc2dc965 → host:185.231.226.226 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a59865cbe96a	flow:a59865cbe96a → host:172.234.197.23 → host:177.10.232.80 → port:tcp:30114
FLOW_FROM_HOSTOBS	e:from:SESSION-01d7e8e7f6d6f55b:host:177.10.233.141	SESSION-01d7e8e7f6d6f55b → host:177.10.233.141
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76f517468502eda0:host:172.234.197.23	SESSION-76f517468502eda0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ad5aee9f59a3	flow:ad5aee9f59a3 → host:177.10.238.117 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.201:asn:262880	host:177.10.235.201 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f7b35d3dad632382:host:172.234.197.23:host:177.10.235.212	SESSION-f7b35d3dad632382 → host:172.234.197.23 → host:177.10.235.212
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ed55c24c9ffd87b5:PCAP:capture_20260430090001:065659c7d314	SESSION-ed55c24c9ffd87b5 → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-9e0d73c88dd83fb6:host:172.234.197.23	SESSION-9e0d73c88dd83fb6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-141e3c6c8d153d1d:host:131.196.31.17	SESSION-141e3c6c8d153d1d → host:131.196.31.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37617ebce6c7f9ac:host:177.10.234.44	SESSION-37617ebce6c7f9ac → host:177.10.234.44
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a516ba4c4f8948a0:host:177.10.236.236	SESSION-a516ba4c4f8948a0 → host:177.10.236.236
FLOW_DST_PORTOBS	e:fp:flow:eeb33d8aed7d:port:tcp:443	flow:eeb33d8aed7d → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-93e1e76eb6bfe5a3:PCAP:capture_20260430160001:9bfa4498506a	SESSION-93e1e76eb6bfe5a3 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8fb17d6554827f30:PCAP:capture_20260430110001:43611bdf6759	SESSION-8fb17d6554827f30 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b4dc175dd74a3b00:host:104.28.157.111:host:172.234.197.23	SESSION-b4dc175dd74a3b00 → host:104.28.157.111 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cb3e7e97aa8c76e6:host:172.234.197.23	SESSION-cb3e7e97aa8c76e6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-f7bf570ae8905fff:SESSION-f7bf570ae8905fff	SESSION-f7bf570ae8905fff → pe:rst:SESSION-f7bf570ae8905fff
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-69029b06bbd64972:SESSION-69029b06bbd64972	SESSION-69029b06bbd64972 → pe:tls:SESSION-69029b06bbd64972
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ccf862d3dae518e:host:131.196.28.177:host:172.234.197.23	SESSION-8ccf862d3dae518e → host:131.196.28.177 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a7b51cacb28e	flow:a7b51cacb28e → host:172.234.197.23 → host:131.196.28.164 → port:tcp:15251
FLOW_TO_HOSTOBS	e:to:SESSION-f5bb0fb568e127c0:host:177.10.238.102	SESSION-f5bb0fb568e127c0 → host:177.10.238.102
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.224:asn:262880	host:177.10.234.224 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f06d97c7ac4f577b:host:131.196.29.194	SESSION-f06d97c7ac4f577b → host:131.196.29.194
FLOW_FROM_HOSTOBS	e:from:SESSION-5826a910dfa3cb7f:host:131.196.31.170	SESSION-5826a910dfa3cb7f → host:131.196.31.170
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee4167cf60ac81c3:host:172.234.197.23	SESSION-ee4167cf60ac81c3 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:df60fa020117	flow:df60fa020117 → host:131.196.31.82 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-60f4d0af24f032dd:host:131.196.28.126	SESSION-60f4d0af24f032dd → host:131.196.28.126
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9e9c761e9ca1eb65:SESSION-9e9c761e9ca1eb65	SESSION-9e9c761e9ca1eb65 → pe:syn:SESSION-9e9c761e9ca1eb65
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8c9381f88305d4e9:host:131.196.29.79	SESSION-8c9381f88305d4e9 → host:131.196.29.79
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8402a55882de6bd8:SESSION-8402a55882de6bd8	SESSION-8402a55882de6bd8 → pe:syn:SESSION-8402a55882de6bd8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eead59d5c9e2a3d1:SESSION-eead59d5c9e2a3d1	SESSION-eead59d5c9e2a3d1 → pe:tls:SESSION-eead59d5c9e2a3d1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-341cb53ffc41c3af:SESSION-341cb53ffc41c3af	SESSION-341cb53ffc41c3af → pe:tls:SESSION-341cb53ffc41c3af
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-02ee946ab454bede:SESSION-02ee946ab454bede	SESSION-02ee946ab454bede → pe:tls:SESSION-02ee946ab454bede
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4a4f6dd7436745b4:flow:fb4025e95017	SESSION-4a4f6dd7436745b4 → flow:fb4025e95017
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-92c4be10fc1322be:SESSION-92c4be10fc1322be	SESSION-92c4be10fc1322be → pe:tls:SESSION-92c4be10fc1322be
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ced8040d8221dfbc:PCAP:capture_20260430090001:065659c7d314	SESSION-ced8040d8221dfbc → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:2009c812f0cc:port:tcp:443	flow:2009c812f0cc → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0d1e9854752b2176:PCAP:capture_20260430150001:ded20914761d	SESSION-0d1e9854752b2176 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-70e7a4a5208b1da3:SESSION-70e7a4a5208b1da3	SESSION-70e7a4a5208b1da3 → pe:tls:SESSION-70e7a4a5208b1da3
FLOW_DST_PORTOBS	e:fp:flow:24c19681bc1b:port:tcp:443	flow:24c19681bc1b → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-25fe6bafaa94a84d:host:172.234.197.23	SESSION-25fe6bafaa94a84d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fd57eb7fcad3510c:host:172.234.197.23:host:177.10.234.60	SESSION-fd57eb7fcad3510c → host:172.234.197.23 → host:177.10.234.60
FLOW_DST_PORTOBS	e:fp:flow:e013fe153b32:port:tcp:40669	flow:e013fe153b32 → port:tcp:40669
FLOW_TO_HOSTOBS	e:to:SESSION-d027fcdf19e82664:host:172.234.197.23	SESSION-d027fcdf19e82664 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-83f081267b847a58:flow:fa3e2132fc0a	SESSION-83f081267b847a58 → flow:fa3e2132fc0a
FLOW_FROM_HOSTOBS	e:from:SESSION-b65436b870ef703a:host:177.10.239.221	SESSION-b65436b870ef703a → host:177.10.239.221
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72cd504b232e316e:host:172.234.197.23	SESSION-72cd504b232e316e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-149428cb73969f2b:host:177.10.238.35:host:172.234.197.23	SESSION-149428cb73969f2b → host:177.10.238.35 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b223dcd1f64dfb9:host:172.234.197.23	SESSION-7b223dcd1f64dfb9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa7ff8c6e8f0ef9e:host:131.196.28.39:host:172.234.197.23	SESSION-aa7ff8c6e8f0ef9e → host:131.196.28.39 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eee2452aad82d1c2:host:172.234.197.23	SESSION-eee2452aad82d1c2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1844a866ec523fcf:flow:f54f749b0a4f	SESSION-1844a866ec523fcf → flow:f54f749b0a4f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1c0e460ce34915ff:flow:47394acbd284	SESSION-1c0e460ce34915ff → flow:47394acbd284
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7d1c756fff84e2d4:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-7d1c756fff84e2d4 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-77da6a9292c08caa:host:172.234.197.23	SESSION-77da6a9292c08caa → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b3edcc633e4f5b2c:flow:829f537dafee	SESSION-b3edcc633e4f5b2c → flow:829f537dafee
FLOW_DST_PORTOBS	e:fp:flow:d0c462915807:port:tcp:59636	flow:d0c462915807 → port:tcp:59636
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ab0305ac0c92587:host:172.234.197.23	SESSION-2ab0305ac0c92587 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c8984df52681cb36:host:172.234.197.23	SESSION-c8984df52681cb36 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:3d31c04c05c6:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:3d31c04c05c6 → tls_sni:172-234-197-23.ip.linodeusercontent.com
flow_observed3-aryOBS	e:fo:flow:05038aaf6329	flow:05038aaf6329 → host:78.12.17.95 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c59147b81bc92a14:PCAP:capture_20260430050001:8868731bf8a4	SESSION-c59147b81bc92a14 → PCAP:capture_20260430050001:8868731bf8a4
flow_observed5-aryOBS	e:fo:flow:d4a091344584	flow:d4a091344584 → host:177.10.239.217 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-3a3b1f52ae1679da:host:95.135.228.39	SESSION-3a3b1f52ae1679da → host:95.135.228.39
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ab1dfc7616ca079a:SESSION-ab1dfc7616ca079a	SESSION-ab1dfc7616ca079a → pe:syn:SESSION-ab1dfc7616ca079a
FLOW_DST_PORTOBS	e:fp:flow:559d1906da89:port:tcp:443	flow:559d1906da89 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-15ce8c1431c2e2c7:host:177.10.239.139:host:172.234.197.23	SESSION-15ce8c1431c2e2c7 → host:177.10.239.139 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d69d721ba9bae694:SESSION-d69d721ba9bae694	SESSION-d69d721ba9bae694 → pe:tls:SESSION-d69d721ba9bae694
FLOW_TO_HOSTOBS	e:to:SESSION-f0835af6109bb7c1:host:172.234.197.23	SESSION-f0835af6109bb7c1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-34da31e596580b61:host:172.234.197.23	SESSION-34da31e596580b61 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87462f91a35c5198:host:177.10.238.57	SESSION-87462f91a35c5198 → host:177.10.238.57
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.193:geo_-16.28860_-49.01640	host:177.10.232.193 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-578ff4b2beeb08df:host:131.196.29.61	SESSION-578ff4b2beeb08df → host:131.196.29.61
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-848ab23bc1105d57:host:131.196.31.166	SESSION-848ab23bc1105d57 → host:131.196.31.166
FLOW_FROM_HOSTOBS	e:from:SESSION-6c06bd8d9952317f:host:177.10.237.63	SESSION-6c06bd8d9952317f → host:177.10.237.63
flow_observed4-aryOBS	e:fo:flow:bfe10a3879ef	flow:bfe10a3879ef → host:172.234.197.23 → host:177.10.232.159 → port:tcp:26865
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:2.57.122.192:geo_45.99680_24.99700	host:2.57.122.192 → geo_45.99680_24.99700
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5792abf3d18d9356:flow:e2e801b5fdfc	SESSION-5792abf3d18d9356 → flow:e2e801b5fdfc
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-359d98e6d1200746:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-359d98e6d1200746 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-eb17861f5be52c2c:SESSION-eb17861f5be52c2c	SESSION-eb17861f5be52c2c → pe:syn:SESSION-eb17861f5be52c2c
FLOW_TLS_SNIOBS	e:fs:flow:62b620dd6ffc:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:62b620dd6ffc → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5f0044b48e7e1824:flow:abc8fc2a68c4	SESSION-5f0044b48e7e1824 → flow:abc8fc2a68c4
flow_observed5-aryOBS	e:fo:flow:26f8541df4db	flow:26f8541df4db → host:177.10.236.110 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d5aeffc2a4b56ba0:SESSION-d5aeffc2a4b56ba0	SESSION-d5aeffc2a4b56ba0 → pe:tls:SESSION-d5aeffc2a4b56ba0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0fe0e8460d1c75f:host:172.234.197.23	SESSION-f0fe0e8460d1c75f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:89dc4d9501c3:port:tcp:7023	flow:89dc4d9501c3 → port:tcp:7023
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-133d7db2ccbe04c8:flow:654cced2e929	SESSION-133d7db2ccbe04c8 → flow:654cced2e929
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-da15c25f39b20c68:PCAP:capture_20260430110001:43611bdf6759	SESSION-da15c25f39b20c68 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-36f4c424d3b5f86e:PCAP:capture_20260430050001:8868731bf8a4	SESSION-36f4c424d3b5f86e → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-08ccad07eda14042:host:177.10.232.192	SESSION-08ccad07eda14042 → host:177.10.232.192
FLOW_DST_PORTOBS	e:fp:flow:b41df686a0f5:port:tcp:29805	flow:b41df686a0f5 → port:tcp:29805
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4dc0a9d4d6e7897:host:177.10.234.37:host:172.234.197.23	SESSION-d4dc0a9d4d6e7897 → host:177.10.234.37 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-87f83ff8260cc70d:host:177.10.238.197	SESSION-87f83ff8260cc70d → host:177.10.238.197
FLOW_TO_HOSTOBS	e:to:SESSION-92f84fab5bd8e0c8:host:172.234.197.23	SESSION-92f84fab5bd8e0c8 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9a29e8344629	flow:9a29e8344629 → host:177.10.234.166 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.225:geo_-16.28860_-49.01640	host:177.10.239.225 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.241:asn:271410	host:131.196.29.241 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1a26d5a4b5eab898:flow:d860d97b3e43	SESSION-1a26d5a4b5eab898 → flow:d860d97b3e43
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a77e99309dd6e28:host:172.234.197.23	SESSION-8a77e99309dd6e28 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7e41a4ef6cc929c5:flow:cf7618617ae6	SESSION-7e41a4ef6cc929c5 → flow:cf7618617ae6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-002a4fad2ef08bcf:SESSION-002a4fad2ef08bcf	SESSION-002a4fad2ef08bcf → pe:tls:SESSION-002a4fad2ef08bcf
FLOW_FROM_HOSTOBS	e:from:SESSION-bc96f34750660160:host:177.10.235.83	SESSION-bc96f34750660160 → host:177.10.235.83
FLOW_DST_PORTOBS	e:fp:flow:52ff028526f6:port:tcp:22832	flow:52ff028526f6 → port:tcp:22832
HOST_IN_ASNOBS 85%	e:ha:host:8.213.192.144:asn:45102	host:8.213.192.144 → asn:45102
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4ed0c7009b8f0d4:host:172.234.197.23	SESSION-b4ed0c7009b8f0d4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4e7d8d3f995a1a9:host:177.10.237.55	SESSION-b4e7d8d3f995a1a9 → host:177.10.237.55
FLOW_TO_HOSTOBS	e:to:SESSION-ab686f0f0916fec6:host:172.234.197.23	SESSION-ab686f0f0916fec6 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-eab64f08bdc755fb:host:172.234.197.23	SESSION-eab64f08bdc755fb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f799bd198c08bce:host:177.10.232.24	SESSION-7f799bd198c08bce → host:177.10.232.24
FLOW_TO_HOSTOBS	e:to:SESSION-19fcdbc3c5b0e100:host:177.10.233.185	SESSION-19fcdbc3c5b0e100 → host:177.10.233.185
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e10e261831a1079d:SESSION-e10e261831a1079d	SESSION-e10e261831a1079d → pe:tls:SESSION-e10e261831a1079d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-754d0cc424848140:flow:7a193ca4e32c	SESSION-754d0cc424848140 → flow:7a193ca4e32c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-97a6ca320e2242f6:host:177.10.237.152:host:172.234.197.23	SESSION-97a6ca320e2242f6 → host:177.10.237.152 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e4dd8b9d1b64d369:PCAP:capture_20260430160001:9bfa4498506a	SESSION-e4dd8b9d1b64d369 → PCAP:capture_20260430160001:9bfa4498506a
flow_observed4-aryOBS	e:fo:flow:6cd7e8b30000	flow:6cd7e8b30000 → host:172.234.197.23 → host:131.196.29.60 → port:tcp:23027
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4066f36b6ded169d:flow:1845bedc5e4a	SESSION-4066f36b6ded169d → flow:1845bedc5e4a
FLOW_FROM_HOSTOBS	e:from:SESSION-1ad4b86f4c7bfaae:host:131.196.31.148	SESSION-1ad4b86f4c7bfaae → host:131.196.31.148
FLOW_DST_PORTOBS	e:fp:flow:a20e1b3cc116:port:tcp:443	flow:a20e1b3cc116 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db98e45dca973468:host:177.10.237.191	SESSION-db98e45dca973468 → host:177.10.237.191
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ba1793b4e05c9885:SESSION-ba1793b4e05c9885	SESSION-ba1793b4e05c9885 → pe:syn:SESSION-ba1793b4e05c9885
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fac4a2f466e4583d:host:177.10.237.10:host:172.234.197.23	SESSION-fac4a2f466e4583d → host:177.10.237.10 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:88.99.91.59:geo_50.47770_12.36490	host:88.99.91.59 → geo_50.47770_12.36490
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.160:asn:262880	host:177.10.234.160 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-72ea8a7fe39a298e:flow:43a1a1f1a713	SESSION-72ea8a7fe39a298e → flow:43a1a1f1a713
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7c96791011a0f6f2:PCAP:capture_20260430060001:919b39a74464	SESSION-7c96791011a0f6f2 → PCAP:capture_20260430060001:919b39a74464
flow_observed5-aryOBS	e:fo:flow:c06e3241e73d	flow:c06e3241e73d → host:177.10.234.214 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-687ff071deb77d90:flow:4ac0de8d3459	SESSION-687ff071deb77d90 → flow:4ac0de8d3459
FLOW_DST_PORTOBS	e:fp:flow:4d142266c6f4:port:tcp:443	flow:4d142266c6f4 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1e0550020c1215cf:SESSION-1e0550020c1215cf	SESSION-1e0550020c1215cf → pe:tls:SESSION-1e0550020c1215cf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e6b70cce2b53886b:SESSION-e6b70cce2b53886b	SESSION-e6b70cce2b53886b → pe:syn:SESSION-e6b70cce2b53886b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-abc806ef9f1a9dce:PCAP:capture_20260430070001:903a0e7a436b	SESSION-abc806ef9f1a9dce → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c7b12eb68f09b08a:SESSION-c7b12eb68f09b08a	SESSION-c7b12eb68f09b08a → pe:tls:SESSION-c7b12eb68f09b08a
FLOW_DST_PORTOBS	e:fp:flow:d2632cff07c3:port:tcp:23865	flow:d2632cff07c3 → port:tcp:23865
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab6d0c9e6f54de20:host:174.202.97.85	SESSION-ab6d0c9e6f54de20 → host:174.202.97.85
FLOW_TO_HOSTOBS	e:to:SESSION-f496191c2c04cb7e:host:172.234.197.23	SESSION-f496191c2c04cb7e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-433230166b97139a:host:177.10.238.11	SESSION-433230166b97139a → host:177.10.238.11
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.183:geo_-23.62930_-46.63510	host:131.196.30.183 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-517e17fbfcdc9eaf:SESSION-517e17fbfcdc9eaf	SESSION-517e17fbfcdc9eaf → pe:tls:SESSION-517e17fbfcdc9eaf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77b68b84e12bfaab:host:177.10.235.196:host:172.234.197.23	SESSION-77b68b84e12bfaab → host:177.10.235.196 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0229340abc854c0d:host:172.234.197.23	SESSION-0229340abc854c0d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-be67080b9ae14b48:host:172.234.197.23	SESSION-be67080b9ae14b48 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e3ba2cf190ed0b5c:host:172.234.197.23	SESSION-e3ba2cf190ed0b5c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c1429c4885068b09:host:172.234.197.23	SESSION-c1429c4885068b09 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:20857:org:Signet B.V.	asn:20857 → org:Signet B.V.
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4a1d91047073c4c2:SESSION-4a1d91047073c4c2	SESSION-4a1d91047073c4c2 → pe:syn:SESSION-4a1d91047073c4c2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0bcd74883eff8339:host:172.234.197.23	SESSION-0bcd74883eff8339 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b8930a348aad:port:tcp:443	flow:b8930a348aad → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-bd9436da4a7a552d:SESSION-bd9436da4a7a552d	SESSION-bd9436da4a7a552d → pe:dns:SESSION-bd9436da4a7a552d
FLOW_DST_PORTOBS	e:fp:flow:589c2fec1820:port:tcp:443	flow:589c2fec1820 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5e93d3fe416fcd95:PCAP:capture_20260430110001:43611bdf6759	SESSION-5e93d3fe416fcd95 → PCAP:capture_20260430110001:43611bdf6759
flow_observed5-aryOBS	e:fo:flow:351cb218e97f	flow:351cb218e97f → host:131.196.29.106 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-338820b1c26f8211:SESSION-338820b1c26f8211	SESSION-338820b1c26f8211 → pe:tls:SESSION-338820b1c26f8211
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-36db005d6a8b5922:SESSION-36db005d6a8b5922	SESSION-36db005d6a8b5922 → pe:syn:SESSION-36db005d6a8b5922
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-760c61036eedf2e4:SESSION-760c61036eedf2e4	SESSION-760c61036eedf2e4 → pe:tls:SESSION-760c61036eedf2e4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cb77a42bb02f4581:host:131.196.29.203:host:172.234.197.23	SESSION-cb77a42bb02f4581 → host:131.196.29.203 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8136a084d82536a6:host:172.234.197.23	SESSION-8136a084d82536a6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d585afab4eb6ac7e:SESSION-d585afab4eb6ac7e	SESSION-d585afab4eb6ac7e → pe:syn:SESSION-d585afab4eb6ac7e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-84d5ccfdbe119076:host:172.234.197.23	SESSION-84d5ccfdbe119076 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-59de2965684be0b6:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-59de2965684be0b6 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-1065c42d5133f02c:host:172.234.197.23	SESSION-1065c42d5133f02c → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.129:geo_-21.10010_-41.69200	host:45.173.156.129 → geo_-21.10010_-41.69200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6328c86c978f61df:SESSION-6328c86c978f61df	SESSION-6328c86c978f61df → pe:syn:SESSION-6328c86c978f61df
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.10:geo_-16.28860_-49.01640	host:177.10.232.10 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6667ca1b9f8ba8d1:host:172.234.197.23	SESSION-6667ca1b9f8ba8d1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae99c26bd6d2dd56:host:131.196.28.237	SESSION-ae99c26bd6d2dd56 → host:131.196.28.237
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-53d75396bd30ce89:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-53d75396bd30ce89 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-0a32c5a0b23fc272:BSG-BEACON-8837ef5499e4	SESSION-0a32c5a0b23fc272 → BSG-BEACON-8837ef5499e4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7c008c2d2b932d4b:host:177.10.235.45:host:172.234.197.23	SESSION-7c008c2d2b932d4b → host:177.10.235.45 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0553c47d8718786a:SESSION-0553c47d8718786a	SESSION-0553c47d8718786a → pe:syn:SESSION-0553c47d8718786a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-316a629875744009:SESSION-316a629875744009	SESSION-316a629875744009 → pe:tls:SESSION-316a629875744009
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ca10b4490797e89:host:177.10.236.236	SESSION-8ca10b4490797e89 → host:177.10.236.236
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c130f2091984b84c:host:172.234.197.23	SESSION-c130f2091984b84c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f355ffd88e7f5027:host:172.234.197.23	SESSION-f355ffd88e7f5027 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a6f1bedfb399	flow:a6f1bedfb399 → host:136.243.57.208 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-774b2bcff77bd614:PCAP:capture_20260430070001:903a0e7a436b	SESSION-774b2bcff77bd614 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-2c4d285e0a09c2a4:host:177.10.232.168	SESSION-2c4d285e0a09c2a4 → host:177.10.232.168
FLOW_FROM_HOSTOBS	e:from:SESSION-858a06c2b9abdebe:host:45.173.156.192	SESSION-858a06c2b9abdebe → host:45.173.156.192
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-94e9de291da3c2c9:host:177.10.236.156:host:172.234.197.23	SESSION-94e9de291da3c2c9 → host:177.10.236.156 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.114:asn:271410	host:131.196.30.114 → asn:271410
FLOW_TO_HOSTOBS	e:to:SESSION-6bdebc30581f3c5f:host:172.234.197.23	SESSION-6bdebc30581f3c5f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-536e36b5c95ee442:flow:e550e029e382	SESSION-536e36b5c95ee442 → flow:e550e029e382
flow_observed5-aryOBS	e:fo:flow:8e76dd4a0d11	flow:8e76dd4a0d11 → host:177.10.235.59 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-eee0288be94ee16a:host:172.234.197.23	SESSION-eee0288be94ee16a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a805c9901252	flow:a805c9901252 → host:177.10.235.126 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-9b2bcd9d2c0b41b4:host:131.196.30.32	SESSION-9b2bcd9d2c0b41b4 → host:131.196.30.32
FLOW_TO_HOSTOBS	e:to:SESSION-7301756ca24c49ab:host:172.234.197.23	SESSION-7301756ca24c49ab → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:05dc6ac42870:port:tcp:443	flow:05dc6ac42870 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-69d41e5348c00130:flow:9093eff6b816	SESSION-69d41e5348c00130 → flow:9093eff6b816
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f750867699c9a944:host:172.232.0.16	SESSION-f750867699c9a944 → host:172.232.0.16
FLOW_TO_HOSTOBS	e:to:SESSION-bf34c898669d01e7:host:172.234.197.23	SESSION-bf34c898669d01e7 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-16df0786ef84574d:host:172.234.197.23	SESSION-16df0786ef84574d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1ee12e96d458a4e4:host:172.234.197.23	SESSION-1ee12e96d458a4e4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8314ac7032421127:SESSION-8314ac7032421127	SESSION-8314ac7032421127 → pe:syn:SESSION-8314ac7032421127
FLOW_DST_PORTOBS	e:fp:flow:b2e0fad9a7ba:port:tcp:443	flow:b2e0fad9a7ba → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-15539e18bbfcb0e8:host:172.234.197.23	SESSION-15539e18bbfcb0e8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e6a07ad54f9ab5f8:host:172.234.197.23:host:177.10.236.32	SESSION-e6a07ad54f9ab5f8 → host:172.234.197.23 → host:177.10.236.32
FLOW_TO_HOSTOBS	e:to:SESSION-692aeceb01bd702a:host:177.10.239.134	SESSION-692aeceb01bd702a → host:177.10.239.134
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7e7ccd5c552e41a1:SESSION-7e7ccd5c552e41a1	SESSION-7e7ccd5c552e41a1 → pe:syn:SESSION-7e7ccd5c552e41a1
FLOW_DST_PORTOBS	e:fp:flow:3bc307f96255:port:tcp:443	flow:3bc307f96255 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-24ac712a23adf430:host:172.234.197.23	SESSION-24ac712a23adf430 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-16fca057f28c0943:BSG-BEACON-d4175b7190c4	SESSION-16fca057f28c0943 → BSG-BEACON-d4175b7190c4
FLOW_TO_HOSTOBS	e:to:SESSION-2b54b11bede7a4d5:host:172.234.197.23	SESSION-2b54b11bede7a4d5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ac2cef9f7dcbf562:host:177.10.234.199:host:172.234.197.23	SESSION-ac2cef9f7dcbf562 → host:177.10.234.199 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb2fd2ce02add556:host:45.173.156.13	SESSION-eb2fd2ce02add556 → host:45.173.156.13
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f00ab97ef4b401c8:flow:ce00c1120329	SESSION-f00ab97ef4b401c8 → flow:ce00c1120329
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c5664e67ab454dc8:PCAP:capture_20260430050001:8868731bf8a4	SESSION-c5664e67ab454dc8 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87843d3af97b013e:host:172.234.197.23	SESSION-87843d3af97b013e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-86f90a53110dcf25:PCAP:capture_20260430060001:919b39a74464	SESSION-86f90a53110dcf25 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-46aa20776642b201:host:172.234.197.23	SESSION-46aa20776642b201 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a038f6735218c73a:SESSION-a038f6735218c73a	SESSION-a038f6735218c73a → pe:tls:SESSION-a038f6735218c73a
FLOW_DST_PORTOBS	e:fp:flow:d56ee3dd8c0b:port:tcp:443	flow:d56ee3dd8c0b → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:e05383acf388	flow:e05383acf388 → host:185.231.226.159 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-69d28aa413742c82:SESSION-69d28aa413742c82	SESSION-69d28aa413742c82 → pe:tls:SESSION-69d28aa413742c82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fad7428bd8cc35c5:host:172.234.197.23	SESSION-fad7428bd8cc35c5 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9f294cc57752	flow:9f294cc57752 → host:131.196.30.184 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d8938c8d43c3c288:flow:f0a67aad54e3	SESSION-d8938c8d43c3c288 → flow:f0a67aad54e3
flow_observed4-aryOBS	e:fo:flow:33939d4aeb62	flow:33939d4aeb62 → host:172.234.197.23 → host:177.10.238.30 → port:tcp:16597
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-324b6311c2d003f7:host:177.10.238.211	SESSION-324b6311c2d003f7 → host:177.10.238.211
FLOW_FROM_HOSTOBS	e:from:SESSION-19f74a6b62d527a5:host:172.234.197.23	SESSION-19f74a6b62d527a5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bc2ea3f70e7bccaf:host:172.234.197.23	SESSION-bc2ea3f70e7bccaf → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-07c97e671e348352:host:172.234.197.23:host:177.10.239.191	SESSION-07c97e671e348352 → host:172.234.197.23 → host:177.10.239.191
FLOW_FROM_HOSTOBS	e:from:SESSION-38485db7731deeee:host:172.234.197.23	SESSION-38485db7731deeee → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.205:asn:262880	host:177.10.232.205 → asn:262880
flow_observed4-aryOBS	e:fo:flow:bf7598ac6715	flow:bf7598ac6715 → host:172.234.197.23 → host:177.10.235.212 → port:tcp:14105
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e2f1e05754e84c30:PCAP:capture_20260430150001:ded20914761d	SESSION-e2f1e05754e84c30 → PCAP:capture_20260430150001:ded20914761d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.109:geo_-16.28860_-49.01640	host:177.10.239.109 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-b325e5efc54d34b8:host:172.234.197.23	SESSION-b325e5efc54d34b8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c9754d7075a4d12:host:172.234.197.23	SESSION-5c9754d7075a4d12 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6b63ea10f9bb	flow:6b63ea10f9bb → host:131.196.31.82 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eb17861f5be52c2c:host:177.10.235.89:host:172.234.197.23	SESSION-eb17861f5be52c2c → host:177.10.235.89 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3168a3173448dd7d:host:177.10.239.77	SESSION-3168a3173448dd7d → host:177.10.239.77
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-463ebb9b343c8b6a:PCAP:capture_20260430160001:9bfa4498506a	SESSION-463ebb9b343c8b6a → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:01b74c686b48:port:tcp:443	flow:01b74c686b48 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:6a96e5f8b346	flow:6a96e5f8b346 → host:172.234.197.23 → host:177.10.233.95 → port:tcp:50136
FLOW_DST_PORTOBS	e:fp:flow:73b0432d21f6:port:tcp:49028	flow:73b0432d21f6 → port:tcp:49028
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-02ee946ab454bede:SESSION-02ee946ab454bede	SESSION-02ee946ab454bede → pe:syn:SESSION-02ee946ab454bede
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e391b214be46ad73:PCAP:capture_20260430150001:ded20914761d	SESSION-e391b214be46ad73 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7dc8a86be27d0230:PCAP:capture_20260430070001:903a0e7a436b	SESSION-7dc8a86be27d0230 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed5-aryOBS	e:fo:flow:362e866ff083	flow:362e866ff083 → host:177.10.238.110 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-5e80661c10e8e6e7:host:149.202.187.73	SESSION-5e80661c10e8e6e7 → host:149.202.187.73
FLOW_DST_PORTOBS	e:fp:flow:41bc1e553486:port:tcp:443	flow:41bc1e553486 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-16b33dfc60975324:host:5.75.182.251:host:172.234.197.23	SESSION-16b33dfc60975324 → host:5.75.182.251 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-28106317c083449d:SESSION-28106317c083449d	SESSION-28106317c083449d → pe:syn:SESSION-28106317c083449d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9cc387e98cb8cb82:host:177.10.234.80	SESSION-9cc387e98cb8cb82 → host:177.10.234.80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96f33e27040b9bc9:host:131.196.29.73:host:172.234.197.23	SESSION-96f33e27040b9bc9 → host:131.196.29.73 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:343bb530aa8e:port:tcp:443	flow:343bb530aa8e → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3948aeec4a52663:host:131.196.31.80	SESSION-b3948aeec4a52663 → host:131.196.31.80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2117b91b7562ba94:host:172.234.197.23	SESSION-2117b91b7562ba94 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2cbbc065f428:port:tcp:443	flow:2cbbc065f428 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f99e1376da42693:host:172.234.197.23	SESSION-6f99e1376da42693 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-27b2c896335b5c16:SESSION-27b2c896335b5c16	SESSION-27b2c896335b5c16 → pe:tls:SESSION-27b2c896335b5c16
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.210:geo_-21.10010_-41.69200	host:45.173.156.210 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b6d44dc6146dcb58:flow:26b0ffc32b11	SESSION-b6d44dc6146dcb58 → flow:26b0ffc32b11
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-eaf5b03036efa5c6:SESSION-eaf5b03036efa5c6	SESSION-eaf5b03036efa5c6 → pe:rst:SESSION-eaf5b03036efa5c6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-576e43142f03a150:host:172.234.197.23	SESSION-576e43142f03a150 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d77225c69f4fe117:host:177.10.239.5:host:172.234.197.23	SESSION-d77225c69f4fe117 → host:177.10.239.5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4531330495d6a6b8:host:177.10.232.225	SESSION-4531330495d6a6b8 → host:177.10.232.225
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.208:geo_19.07480_72.88560	host:45.145.152.208 → geo_19.07480_72.88560
flow_observed4-aryOBS	e:fo:flow:8c498086b468	flow:8c498086b468 → host:172.234.197.23 → host:177.10.234.193 → port:tcp:32777
FLOW_TO_HOSTOBS	e:to:SESSION-637d01fb7fe8b725:host:177.10.238.181	SESSION-637d01fb7fe8b725 → host:177.10.238.181
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-338b64f691539afb:SESSION-338b64f691539afb	SESSION-338b64f691539afb → pe:tls:SESSION-338b64f691539afb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e25d600ec07dd53e:SESSION-e25d600ec07dd53e	SESSION-e25d600ec07dd53e → pe:tls:SESSION-e25d600ec07dd53e
flow_observed3-aryOBS	e:fo:flow:d3fafd34c7d1	flow:d3fafd34c7d1 → host:140.179.228.29 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ac742257199be2dd:host:131.196.28.81:host:172.234.197.23	SESSION-ac742257199be2dd → host:131.196.28.81 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c130f2091984b84c:host:172.234.197.23	SESSION-c130f2091984b84c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f6b045a7a943:port:tcp:443	flow:f6b045a7a943 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e115bc688365a9e7:host:177.10.239.180:host:172.234.197.23	SESSION-e115bc688365a9e7 → host:177.10.239.180 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:aba061fcff4a	flow:aba061fcff4a → host:172.234.197.23 → host:131.196.28.193 → port:tcp:31293
FLOW_DST_PORTOBS	e:fp:flow:318f852456b4:port:tcp:42665	flow:318f852456b4 → port:tcp:42665
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0a9091855f21b6bb:SESSION-0a9091855f21b6bb	SESSION-0a9091855f21b6bb → pe:tls:SESSION-0a9091855f21b6bb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a5bede5fedae88e0:host:177.10.237.32	SESSION-a5bede5fedae88e0 → host:177.10.237.32
flow_observed5-aryOBS	e:fo:flow:0c2ade1f884a	flow:0c2ade1f884a → host:177.10.238.68 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1328d27dd48f8a49:flow:9551b9689f26	SESSION-1328d27dd48f8a49 → flow:9551b9689f26
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-3560085925cb3717:BSG-BEACON-5c9176894196	SESSION-3560085925cb3717 → BSG-BEACON-5c9176894196
FLOW_DST_PORTOBS	e:fp:flow:d4446d793930:port:tcp:443	flow:d4446d793930 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f7bf4f785679ea3b:SESSION-f7bf4f785679ea3b	SESSION-f7bf4f785679ea3b → pe:tls:SESSION-f7bf4f785679ea3b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-38485db7731deeee:SESSION-38485db7731deeee	SESSION-38485db7731deeee → pe:syn:SESSION-38485db7731deeee
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-877b851a45681e10:SESSION-877b851a45681e10	SESSION-877b851a45681e10 → pe:syn:SESSION-877b851a45681e10
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.123:geo_-21.10010_-41.69200	host:45.173.156.123 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85a8f577301970a2:host:172.234.197.23	SESSION-85a8f577301970a2 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46a01539128daee6:host:131.196.31.201	SESSION-46a01539128daee6 → host:131.196.31.201
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-136e732c63cf53f4:host:172.234.197.23	SESSION-136e732c63cf53f4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e2eb0c2c4028db16:SESSION-e2eb0c2c4028db16	SESSION-e2eb0c2c4028db16 → pe:tls:SESSION-e2eb0c2c4028db16
HOST_IN_ASNOBS 85%	e:ha:host:95.56.227.200:asn:9198	host:95.56.227.200 → asn:9198
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e4de8bcb2f0334a:host:172.234.197.23:host:131.196.28.69	SESSION-4e4de8bcb2f0334a → host:172.234.197.23 → host:131.196.28.69
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aa658fe130f71ff5:host:131.196.30.253	SESSION-aa658fe130f71ff5 → host:131.196.30.253
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-db638e9136fa3895:SESSION-db638e9136fa3895	SESSION-db638e9136fa3895 → pe:tls:SESSION-db638e9136fa3895
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-91e694161f32570f:PCAP:capture_20260430160001:9bfa4498506a	SESSION-91e694161f32570f → PCAP:capture_20260430160001:9bfa4498506a
FLOW_DST_PORTOBS	e:fp:flow:594e915dc799:port:tcp:443	flow:594e915dc799 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c8277822e9833952:host:131.196.31.94	SESSION-c8277822e9833952 → host:131.196.31.94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-36b6bef962351df3:SESSION-36b6bef962351df3	SESSION-36b6bef962351df3 → pe:syn:SESSION-36b6bef962351df3
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0c4b638117ccca22:flow:8801f7aa7326	SESSION-0c4b638117ccca22 → flow:8801f7aa7326
flow_observed5-aryOBS	e:fo:flow:d918f8fcd068	flow:d918f8fcd068 → host:95.170.25.64 → host:172.234.197.23 → port:tcp:80 → svc:http
flow_observed5-aryOBS	e:fo:flow:235158a23b67	flow:235158a23b67 → host:131.196.28.190 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2f96a240aba6afcc:SESSION-2f96a240aba6afcc	SESSION-2f96a240aba6afcc → pe:tls:SESSION-2f96a240aba6afcc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-366e271d3ddb3e11:host:177.10.234.78	SESSION-366e271d3ddb3e11 → host:177.10.234.78
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-49f6aac001a41393:SESSION-49f6aac001a41393	SESSION-49f6aac001a41393 → pe:syn:SESSION-49f6aac001a41393
FLOW_FROM_HOSTOBS	e:from:SESSION-053d7bf7ef41d243:host:172.234.197.23	SESSION-053d7bf7ef41d243 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fea0326f1ddbdfc:host:172.234.197.23	SESSION-7fea0326f1ddbdfc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f750867699c9a944:host:172.234.197.23	SESSION-f750867699c9a944 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cbc4338326105aa3:SESSION-cbc4338326105aa3	SESSION-cbc4338326105aa3 → pe:syn:SESSION-cbc4338326105aa3
flow_observed5-aryOBS	e:fo:flow:4b2d156f752b	flow:4b2d156f752b → host:177.10.237.110 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4b8f135d82b00569:host:177.10.238.239	SESSION-4b8f135d82b00569 → host:177.10.238.239
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7034c460bd0f5720:host:131.196.30.36:host:172.234.197.23	SESSION-7034c460bd0f5720 → host:131.196.30.36 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2faf2af9b390693e:SESSION-2faf2af9b390693e	SESSION-2faf2af9b390693e → pe:syn:SESSION-2faf2af9b390693e
flow_observed5-aryOBS	e:fo:flow:e33777f6cc74	flow:e33777f6cc74 → host:45.173.156.31 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3e5a346c4f0315a5:host:172.234.197.23	SESSION-3e5a346c4f0315a5 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:dd71ff03f3cb:port:tcp:19274	flow:dd71ff03f3cb → port:tcp:19274
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-365dad18baa46a43:SESSION-365dad18baa46a43	SESSION-365dad18baa46a43 → pe:rst:SESSION-365dad18baa46a43
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f10bf652ebbcd899:host:172.234.197.23:host:131.196.28.28	SESSION-f10bf652ebbcd899 → host:172.234.197.23 → host:131.196.28.28
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-517e17fbfcdc9eaf:SESSION-517e17fbfcdc9eaf	SESSION-517e17fbfcdc9eaf → pe:syn:SESSION-517e17fbfcdc9eaf
flow_observed5-aryOBS	e:fo:flow:ca9c9c940fe6	flow:ca9c9c940fe6 → host:131.196.30.189 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-650f1a0c083a2aeb:SESSION-650f1a0c083a2aeb	SESSION-650f1a0c083a2aeb → pe:dns:SESSION-650f1a0c083a2aeb
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4628aedb62e0673e:SESSION-4628aedb62e0673e	SESSION-4628aedb62e0673e → pe:syn:SESSION-4628aedb62e0673e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-efabffc9197efb23:SESSION-efabffc9197efb23	SESSION-efabffc9197efb23 → pe:syn:SESSION-efabffc9197efb23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-527acdf0d3ebbbcc:host:131.196.30.56:host:172.234.197.23	SESSION-527acdf0d3ebbbcc → host:131.196.30.56 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5a75b8c86281e6b7:host:172.234.197.23	SESSION-5a75b8c86281e6b7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-83dd76c193cbd2e0:SESSION-83dd76c193cbd2e0	SESSION-83dd76c193cbd2e0 → pe:syn:SESSION-83dd76c193cbd2e0
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33db7a85fa9e759a:host:172.234.197.23	SESSION-33db7a85fa9e759a → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-650f1a0c083a2aeb:PCAP:capture_20260430160001:9bfa4498506a	SESSION-650f1a0c083a2aeb → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22c25719fd1e6342:host:131.196.31.134	SESSION-22c25719fd1e6342 → host:131.196.31.134
FLOW_TO_HOSTOBS	e:to:SESSION-528b3497658f46ec:host:45.173.156.116	SESSION-528b3497658f46ec → host:45.173.156.116
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ef849695f946a5ec:PCAP:capture_20260430070001:903a0e7a436b	SESSION-ef849695f946a5ec → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-75d8d9da58d6d51c:SESSION-75d8d9da58d6d51c	SESSION-75d8d9da58d6d51c → pe:tls:SESSION-75d8d9da58d6d51c
HOST_IN_ASNOBS 85%	e:ha:host:149.210.194.32:asn:20857	host:149.210.194.32 → asn:20857
FLOW_TO_HOSTOBS	e:to:SESSION-89ff4b6182efd39b:host:172.234.197.23	SESSION-89ff4b6182efd39b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e9e9835a2b91f231:host:177.10.239.69	SESSION-e9e9835a2b91f231 → host:177.10.239.69
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.2:geo_-16.28860_-49.01640	host:177.10.232.2 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c0665b9726687b63:SESSION-c0665b9726687b63	SESSION-c0665b9726687b63 → pe:tls:SESSION-c0665b9726687b63
FLOW_FROM_HOSTOBS	e:from:SESSION-4d17209bd675d4be:host:131.196.28.143	SESSION-4d17209bd675d4be → host:131.196.28.143
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69ac7334931bf6c1:host:131.196.30.83	SESSION-69ac7334931bf6c1 → host:131.196.30.83
flow_observed4-aryOBS	e:fo:flow:8273b67b89ac	flow:8273b67b89ac → host:172.234.197.23 → host:131.196.31.2 → port:tcp:18869
FLOW_TO_HOSTOBS	e:to:SESSION-93be623985b95b7d:host:172.234.197.23	SESSION-93be623985b95b7d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-592c559641abdde0:host:172.234.197.23:host:177.10.237.138	SESSION-592c559641abdde0 → host:172.234.197.23 → host:177.10.237.138
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-de82cbdf751e150b:flow:c5c2c07cb426	SESSION-de82cbdf751e150b → flow:c5c2c07cb426
FLOW_TO_HOSTOBS	e:to:SESSION-040c9c1730fd990c:host:172.234.197.23	SESSION-040c9c1730fd990c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-67f971eb3e92b8d2:host:131.196.28.107	SESSION-67f971eb3e92b8d2 → host:131.196.28.107
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-531f1f169db2954c:SESSION-531f1f169db2954c	SESSION-531f1f169db2954c → pe:syn:SESSION-531f1f169db2954c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a8441f04433657ee:host:131.196.31.85	SESSION-a8441f04433657ee → host:131.196.31.85
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-58a14b9397c116a1:flow:d8263b3fe9a6	SESSION-58a14b9397c116a1 → flow:d8263b3fe9a6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd3259577d52904f:host:43.192.54.92	SESSION-bd3259577d52904f → host:43.192.54.92
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54aea84c156a3c18:host:210.156.0.132	SESSION-54aea84c156a3c18 → host:210.156.0.132
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5f0044b48e7e1824:PCAP:capture_20260430080001:93f47cc296a4	SESSION-5f0044b48e7e1824 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed4-aryOBS	e:fo:flow:45449e47259e	flow:45449e47259e → host:172.234.197.23 → host:177.10.235.179 → port:tcp:7309
FLOW_DST_PORTOBS	e:fp:flow:74e0e0e1df06:port:tcp:443	flow:74e0e0e1df06 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a03dc7893b60925b:PCAP:capture_20260430080001:93f47cc296a4	SESSION-a03dc7893b60925b → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:9e4891f10bc3:port:tcp:47041	flow:9e4891f10bc3 → port:tcp:47041
FLOW_TO_HOSTOBS	e:to:SESSION-0827c1c94491daec:host:172.234.197.23	SESSION-0827c1c94491daec → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e6abbbca78e64654:host:172.234.197.23	SESSION-e6abbbca78e64654 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-64639bf8e248f548:flow:b968d8524475	SESSION-64639bf8e248f548 → flow:b968d8524475
flow_observed5-aryOBS	e:fo:flow:a7995a0a82ed	flow:a7995a0a82ed → host:177.10.234.115 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.7:geo_-23.62930_-46.63510	host:131.196.28.7 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-469998d187b1b945:SESSION-469998d187b1b945	SESSION-469998d187b1b945 → pe:tls:SESSION-469998d187b1b945
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b6ebe77d02701b58:PCAP:capture_20260428010001:b1b402c7b202	SESSION-b6ebe77d02701b58 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-724515316ace62dc:host:199.16.157.181:host:172.234.197.23	SESSION-724515316ace62dc → host:199.16.157.181 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0c01d0fd13ba220b:SESSION-0c01d0fd13ba220b	SESSION-0c01d0fd13ba220b → pe:tls:SESSION-0c01d0fd13ba220b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-871dd8a53b87e11e:host:172.234.197.23	SESSION-871dd8a53b87e11e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2c18145c92d838e0:host:131.196.31.26	SESSION-2c18145c92d838e0 → host:131.196.31.26
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e4dd8b9d1b64d369:host:131.196.29.203:host:172.234.197.23	SESSION-e4dd8b9d1b64d369 → host:131.196.29.203 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3e9c01925d6f4319:host:45.173.156.158	SESSION-3e9c01925d6f4319 → host:45.173.156.158
flow_observed5-aryOBS	e:fo:flow:7e8c092f69b8	flow:7e8c092f69b8 → host:131.196.29.130 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9a207ecea3558884:PCAP:capture_20260428010001:b1b402c7b202	SESSION-9a207ecea3558884 → PCAP:capture_20260428010001:b1b402c7b202
flow_observed4-aryOBS	e:fo:flow:b035af59ec11	flow:b035af59ec11 → host:172.234.197.23 → host:177.10.233.126 → port:tcp:41946
FLOW_FROM_HOSTOBS	e:from:SESSION-9af79ddb47e5c950:host:131.196.31.86	SESSION-9af79ddb47e5c950 → host:131.196.31.86
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b72f7dde05c7e1dd:PCAP:capture_20260430090001:065659c7d314	SESSION-b72f7dde05c7e1dd → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6459c4621d226611:host:131.196.30.104	SESSION-6459c4621d226611 → host:131.196.30.104
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bf8f9827f106db93:SESSION-bf8f9827f106db93	SESSION-bf8f9827f106db93 → pe:tls:SESSION-bf8f9827f106db93
FLOW_TO_HOSTOBS	e:to:SESSION-8cc58a61b872e266:host:177.10.237.132	SESSION-8cc58a61b872e266 → host:177.10.237.132
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ce973eb9d12ea742:SESSION-ce973eb9d12ea742	SESSION-ce973eb9d12ea742 → pe:syn:SESSION-ce973eb9d12ea742
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c20a24472712669d:host:172.234.197.23	SESSION-c20a24472712669d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3f25ebe7728e5694:SESSION-3f25ebe7728e5694	SESSION-3f25ebe7728e5694 → pe:tls:SESSION-3f25ebe7728e5694
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ef9a5d8a17e479b:host:177.10.238.1	SESSION-8ef9a5d8a17e479b → host:177.10.238.1
flow_observed5-aryOBS	e:fo:flow:76dcffdb4705	flow:76dcffdb4705 → host:131.196.31.105 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TLS_SNIOBS	e:fs:flow:cdd071d1b1b0:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:cdd071d1b1b0 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d11c29aca82696f2:SESSION-d11c29aca82696f2	SESSION-d11c29aca82696f2 → pe:tls:SESSION-d11c29aca82696f2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.105:geo_-16.28860_-49.01640	host:177.10.236.105 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:c411afbea564:port:tcp:443	flow:c411afbea564 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:103.230.240.59:geo_22.25780_114.16570	host:103.230.240.59 → geo_22.25780_114.16570
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ca5156d485d150e2:flow:3779ddfa8909	SESSION-ca5156d485d150e2 → flow:3779ddfa8909
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cc431699568b9daa:SESSION-cc431699568b9daa	SESSION-cc431699568b9daa → pe:syn:SESSION-cc431699568b9daa
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9f05806c7fdedb94:SESSION-9f05806c7fdedb94	SESSION-9f05806c7fdedb94 → pe:tls:SESSION-9f05806c7fdedb94
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1627b9df9d2fc920:host:177.10.236.231:host:172.234.197.23	SESSION-1627b9df9d2fc920 → host:177.10.236.231 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:1f4f772c7607	flow:1f4f772c7607 → host:172.234.197.23 → host:177.10.233.176 → port:tcp:6206
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0e323950505f0871:SESSION-0e323950505f0871	SESSION-0e323950505f0871 → pe:syn:SESSION-0e323950505f0871
FLOW_TO_HOSTOBS	e:to:SESSION-866725b3664820db:host:172.234.197.23	SESSION-866725b3664820db → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.51:asn:262880	host:177.10.239.51 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-718be43f3a8e9f39:flow:30727c4988df	SESSION-718be43f3a8e9f39 → flow:30727c4988df
FLOW_TO_HOSTOBS	e:to:SESSION-166e94983783f266:host:177.10.232.217	SESSION-166e94983783f266 → host:177.10.232.217
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d269b4a1c84321cd:PCAP:capture_20260430090001:065659c7d314	SESSION-d269b4a1c84321cd → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-082589f81acb7a8f:PCAP:capture_20260430070001:903a0e7a436b	SESSION-082589f81acb7a8f → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be868fb861e0a1c8:host:177.10.234.60:host:172.234.197.23	SESSION-be868fb861e0a1c8 → host:177.10.234.60 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b2c61460e754c8f6:SESSION-b2c61460e754c8f6	SESSION-b2c61460e754c8f6 → pe:tls:SESSION-b2c61460e754c8f6
flow_observed5-aryOBS	e:fo:flow:06e6a1ef84ba	flow:06e6a1ef84ba → host:177.10.237.49 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-e576d93486607572:host:177.10.237.76	SESSION-e576d93486607572 → host:177.10.237.76
flow_observed4-aryOBS	e:fo:flow:f64e419c560e	flow:f64e419c560e → host:172.234.197.23 → host:177.10.236.115 → port:tcp:17825
FLOW_TO_HOSTOBS	e:to:SESSION-736a99dd90ae6491:host:172.234.197.23	SESSION-736a99dd90ae6491 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-03bb88743ccc2c68:host:172.234.197.23	SESSION-03bb88743ccc2c68 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cf40158902d38ce6:flow:4a0e33124638	SESSION-cf40158902d38ce6 → flow:4a0e33124638
flow_observed5-aryOBS	e:fo:flow:a2a89388e09c	flow:a2a89388e09c → host:131.196.28.133 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-61aa57a35ec0da02:SESSION-61aa57a35ec0da02	SESSION-61aa57a35ec0da02 → pe:syn:SESSION-61aa57a35ec0da02
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf6bfb4b9f17f41e:host:131.196.31.195	SESSION-bf6bfb4b9f17f41e → host:131.196.31.195
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.157:geo_-23.62930_-46.63510	host:131.196.30.157 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6263455e390c054e:PCAP:capture_20260430090001:065659c7d314	SESSION-6263455e390c054e → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-255149252f7b9c37:host:177.10.233.66	SESSION-255149252f7b9c37 → host:177.10.233.66
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f70b0605ff5c8685:host:131.196.31.146	SESSION-f70b0605ff5c8685 → host:131.196.31.146
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3e2d293cdcc6efc8:PCAP:capture_20260430070001:903a0e7a436b	SESSION-3e2d293cdcc6efc8 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e2811d191c294e0:host:177.10.236.159	SESSION-7e2811d191c294e0 → host:177.10.236.159
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2c7091281d7e2abc:flow:22e2e56d643a	SESSION-2c7091281d7e2abc → flow:22e2e56d643a
FLOW_DST_PORTOBS	e:fp:flow:7b0f0a34a565:port:tcp:443	flow:7b0f0a34a565 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cb88b05b3590e26e:flow:70ec5629793e	SESSION-cb88b05b3590e26e → flow:70ec5629793e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b654d700a53d4a94:host:177.10.232.225:host:172.234.197.23	SESSION-b654d700a53d4a94 → host:177.10.232.225 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:98854a4693d7	flow:98854a4693d7 → host:177.10.232.81 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d975c41b16afdd4:host:177.10.234.27:host:172.234.197.23	SESSION-1d975c41b16afdd4 → host:177.10.234.27 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e77bd841354043c4:PCAP:capture_20260430090001:065659c7d314	SESSION-e77bd841354043c4 → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:d0307c9199dc:port:tcp:443	flow:d0307c9199dc → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1e028dd5dd71b411:SESSION-1e028dd5dd71b411	SESSION-1e028dd5dd71b411 → pe:tls:SESSION-1e028dd5dd71b411
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.41:asn:271410	host:131.196.30.41 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-139ea45d2e45809a:SESSION-139ea45d2e45809a	SESSION-139ea45d2e45809a → pe:tls:SESSION-139ea45d2e45809a
FLOW_TO_HOSTOBS	e:to:SESSION-49b6ef2582cca14b:host:172.234.197.23	SESSION-49b6ef2582cca14b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.100:geo_-21.10010_-41.69200	host:45.173.156.100 → geo_-21.10010_-41.69200
FLOW_TO_HOSTOBS	e:to:SESSION-caadff286c632ea0:host:172.234.197.23	SESSION-caadff286c632ea0 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:c3ad4e2cf73f	flow:c3ad4e2cf73f → host:13.212.244.245 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a124566784d7	flow:a124566784d7 → host:177.10.239.105 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-82e825a4afeeff6a:PCAP:capture_20260430070001:903a0e7a436b	SESSION-82e825a4afeeff6a → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-1311876ef555b88e:host:172.234.197.23	SESSION-1311876ef555b88e → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-332b957940cff81b:SESSION-332b957940cff81b	SESSION-332b957940cff81b → pe:rst:SESSION-332b957940cff81b
FLOW_DST_PORTOBS	e:fp:flow:1c637a2b8639:port:tcp:443	flow:1c637a2b8639 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4066f36b6ded169d:PCAP:capture_20260430090001:065659c7d314	SESSION-4066f36b6ded169d → PCAP:capture_20260430090001:065659c7d314
FLOW_DST_PORTOBS	e:fp:flow:c937676c594a:port:tcp:42725	flow:c937676c594a → port:tcp:42725
flow_observed4-aryOBS	e:fo:flow:d4ea411ce131	flow:d4ea411ce131 → host:172.234.197.23 → host:177.10.238.177 → port:tcp:37279
FLOW_FROM_HOSTOBS	e:from:SESSION-338820b1c26f8211:host:177.10.237.10	SESSION-338820b1c26f8211 → host:177.10.237.10
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2966a121f8fe86e9:SESSION-2966a121f8fe86e9	SESSION-2966a121f8fe86e9 → pe:syn:SESSION-2966a121f8fe86e9
FLOW_FROM_HOSTOBS	e:from:SESSION-46ff0fa4ec42545a:host:185.231.226.50	SESSION-46ff0fa4ec42545a → host:185.231.226.50
FLOW_FROM_HOSTOBS	e:from:SESSION-c9d9495404a53bc0:host:177.10.239.20	SESSION-c9d9495404a53bc0 → host:177.10.239.20
FLOW_TO_HOSTOBS	e:to:SESSION-f56538a064e25a46:host:172.234.197.23	SESSION-f56538a064e25a46 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-083cc9a3854de3cd:host:172.234.197.23	SESSION-083cc9a3854de3cd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6a66cf91ad155464:host:45.173.156.49	SESSION-6a66cf91ad155464 → host:45.173.156.49
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7205a781bd8c8542:PCAP:capture_20260430080001:93f47cc296a4	SESSION-7205a781bd8c8542 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4d673ded8fa5efc5:host:172.234.197.23:host:177.10.237.80	SESSION-4d673ded8fa5efc5 → host:172.234.197.23 → host:177.10.237.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-19cb9f6f0c8358bd:PCAP:capture_20260428010001:b1b402c7b202	SESSION-19cb9f6f0c8358bd → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cfdf430166eb3e5d:SESSION-cfdf430166eb3e5d	SESSION-cfdf430166eb3e5d → pe:syn:SESSION-cfdf430166eb3e5d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4defafdd27769097:flow:62cee32573c2	SESSION-4defafdd27769097 → flow:62cee32573c2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4691236308c01a5:PCAP:capture_20260430080001:93f47cc296a4	SESSION-d4691236308c01a5 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-07c97e671e348352:host:172.234.197.23	SESSION-07c97e671e348352 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1c21073699e99172:host:131.196.30.106:host:172.234.197.23	SESSION-1c21073699e99172 → host:131.196.30.106 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.21:asn:271410	host:131.196.29.21 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.113:geo_-16.28860_-49.01640	host:177.10.239.113 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-79ceb7ef9cce8d79:host:172.234.197.23	SESSION-79ceb7ef9cce8d79 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.158:asn:271410	host:131.196.31.158 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6fda720fc6282204:SESSION-6fda720fc6282204	SESSION-6fda720fc6282204 → pe:tls:SESSION-6fda720fc6282204
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b37dbc8f4449b96:SESSION-5b37dbc8f4449b96	SESSION-5b37dbc8f4449b96 → pe:syn:SESSION-5b37dbc8f4449b96
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c83c0a366733c9bb:SESSION-c83c0a366733c9bb	SESSION-c83c0a366733c9bb → pe:syn:SESSION-c83c0a366733c9bb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2348046789aa81fe:flow:ec21a296c078	SESSION-2348046789aa81fe → flow:ec21a296c078
FLOW_TO_HOSTOBS	e:to:SESSION-06a6b67473c48ddd:host:131.196.28.201	SESSION-06a6b67473c48ddd → host:131.196.28.201
FLOW_TO_HOSTOBS	e:to:SESSION-1bb46c5efd0c0159:host:172.234.197.23	SESSION-1bb46c5efd0c0159 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-44aa905e757bc471:host:131.196.28.95	SESSION-44aa905e757bc471 → host:131.196.28.95
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7d1b2f476de49a99:host:177.10.238.161	SESSION-7d1b2f476de49a99 → host:177.10.238.161
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf6bfb4b9f17f41e:flow:6516de271457	SESSION-bf6bfb4b9f17f41e → flow:6516de271457
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d6be65d6480cd7d:host:177.10.237.160	SESSION-2d6be65d6480cd7d → host:177.10.237.160
FLOW_TO_HOSTOBS	e:to:SESSION-686bda995aabc86f:host:177.10.234.208	SESSION-686bda995aabc86f → host:177.10.234.208
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f11cda502f952e41:flow:5e4ddb5df46c	SESSION-f11cda502f952e41 → flow:5e4ddb5df46c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-afd30c72829a35a2:SESSION-afd30c72829a35a2	SESSION-afd30c72829a35a2 → pe:syn:SESSION-afd30c72829a35a2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-eadf7b6ccdd54c7f:SESSION-eadf7b6ccdd54c7f	SESSION-eadf7b6ccdd54c7f → pe:tls:SESSION-eadf7b6ccdd54c7f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-168c4e3df9119bba:host:172.234.197.23	SESSION-168c4e3df9119bba → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-794cf5b08878bd55:host:131.196.30.220	SESSION-794cf5b08878bd55 → host:131.196.30.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-aae44d6cd669040c:SESSION-aae44d6cd669040c	SESSION-aae44d6cd669040c → pe:syn:SESSION-aae44d6cd669040c
flow_observed5-aryOBS	e:fo:flow:83205363fad4	flow:83205363fad4 → host:177.10.238.145 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21bd08fb36aa18e9:host:172.234.197.23	SESSION-21bd08fb36aa18e9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-692dce6abc85c058:host:172.234.197.23	SESSION-692dce6abc85c058 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:510487093d98	flow:510487093d98 → host:172.234.197.23 → host:45.173.156.93 → port:tcp:61737
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57d2db6c2c177c2e:host:177.10.237.138	SESSION-57d2db6c2c177c2e → host:177.10.237.138
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.62:asn:262880	host:177.10.237.62 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-682271ad5b560620:host:172.234.197.23	SESSION-682271ad5b560620 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e76870e292a86821:host:172.234.197.23	SESSION-e76870e292a86821 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-de1fc6391256943a:SESSION-de1fc6391256943a	SESSION-de1fc6391256943a → pe:syn:SESSION-de1fc6391256943a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3759208ef2a99af0:SESSION-3759208ef2a99af0	SESSION-3759208ef2a99af0 → pe:tls:SESSION-3759208ef2a99af0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-578d76d32a2c1b81:host:172.234.197.23:host:45.173.156.11	SESSION-578d76d32a2c1b81 → host:172.234.197.23 → host:45.173.156.11
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.124:geo_-16.28860_-49.01640	host:177.10.238.124 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-c4dd5260308cf6ea:host:172.234.197.23	SESSION-c4dd5260308cf6ea → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-542567c32b647819:PCAP:capture_20260430160001:9bfa4498506a	SESSION-542567c32b647819 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ce2566c1c98d1aed:PCAP:capture_20260430160001:9bfa4498506a	SESSION-ce2566c1c98d1aed → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3b520e491b5957c0:host:172.234.197.23	SESSION-3b520e491b5957c0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-97231868d06ff2ed:host:177.10.234.152	SESSION-97231868d06ff2ed → host:177.10.234.152
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3da2bdbc54650cc7:host:177.10.233.150	SESSION-3da2bdbc54650cc7 → host:177.10.233.150
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-74d9117e815e4c77:SESSION-74d9117e815e4c77	SESSION-74d9117e815e4c77 → pe:tls:SESSION-74d9117e815e4c77
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0e2a52b4f9db01a4:SESSION-0e2a52b4f9db01a4	SESSION-0e2a52b4f9db01a4 → pe:tls:SESSION-0e2a52b4f9db01a4
flow_observed5-aryOBS	e:fo:flow:634c06e7731f	flow:634c06e7731f → host:177.10.235.152 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-28d97429831b8272:host:172.234.197.23	SESSION-28d97429831b8272 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:46a103932f1f:port:tcp:46890	flow:46a103932f1f → port:tcp:46890
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-46cfffaa3fdb7f1d:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-46cfffaa3fdb7f1d → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-be95a34ad4eedb81:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-be95a34ad4eedb81 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5206c0f0c9583a29:host:177.10.239.199:host:172.234.197.23	SESSION-5206c0f0c9583a29 → host:177.10.239.199 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.207:asn:262880	host:177.10.232.207 → asn:262880
flow_observed5-aryOBS	e:fo:flow:da97833aae7b	flow:da97833aae7b → host:177.10.236.193 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-da61b01cc679b249:host:172.234.197.23	SESSION-da61b01cc679b249 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ed34bf9fded9d68:host:131.196.30.207	SESSION-5ed34bf9fded9d68 → host:131.196.30.207
flow_observed5-aryOBS	e:fo:flow:44c13df988ff	flow:44c13df988ff → host:131.196.30.155 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d0453327d6800ed:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1d0453327d6800ed → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-7cc58ab2d16fcbf8:host:172.234.197.23	SESSION-7cc58ab2d16fcbf8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-99e2981b3b5fa520:host:177.10.239.252:host:172.234.197.23	SESSION-99e2981b3b5fa520 → host:177.10.239.252 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f8c973292e4e10a2:SESSION-f8c973292e4e10a2	SESSION-f8c973292e4e10a2 → pe:tls:SESSION-f8c973292e4e10a2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77c36ee0b21ed6bb:host:172.234.197.23	SESSION-77c36ee0b21ed6bb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b96d3d249635b605:host:45.173.156.70	SESSION-b96d3d249635b605 → host:45.173.156.70
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-febabcac2b03c9d1:flow:fae1a9cd01c6	SESSION-febabcac2b03c9d1 → flow:fae1a9cd01c6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b72757303ebc2bde:SESSION-b72757303ebc2bde	SESSION-b72757303ebc2bde → pe:tls:SESSION-b72757303ebc2bde
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b69e4016453478aa:host:199.16.157.182	SESSION-b69e4016453478aa → host:199.16.157.182
flow_observed4-aryOBS	e:fo:flow:a98344343537	flow:a98344343537 → host:172.234.197.23 → host:177.10.235.161 → port:tcp:23265
flow_observed5-aryOBS	e:fo:flow:3384d19ad96b	flow:3384d19ad96b → host:177.10.236.92 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77c18cfa23ea97ee:host:177.10.232.251:host:172.234.197.23	SESSION-77c18cfa23ea97ee → host:177.10.232.251 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f9d01126d5763bf9:host:172.234.197.23	SESSION-f9d01126d5763bf9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4b859feadb239919:host:177.10.237.151:host:172.234.197.23	SESSION-4b859feadb239919 → host:177.10.237.151 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9f7884afbce83d50:SESSION-9f7884afbce83d50	SESSION-9f7884afbce83d50 → pe:tls:SESSION-9f7884afbce83d50
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6a66cf91ad155464:flow:6c18405fe773	SESSION-6a66cf91ad155464 → flow:6c18405fe773
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e53dab5788851a26:host:103.155.16.117	SESSION-e53dab5788851a26 → host:103.155.16.117
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6109906c198ad0ac:host:177.10.238.15	SESSION-6109906c198ad0ac → host:177.10.238.15
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-de46def2c97c3533:PCAP:capture_20260430110001:43611bdf6759	SESSION-de46def2c97c3533 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-62b0720ae8fecbf5:flow:22ba5f8db438	SESSION-62b0720ae8fecbf5 → flow:22ba5f8db438
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-925ab2a859ac277f:host:172.234.197.23	SESSION-925ab2a859ac277f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2460b60c939eb75b:host:177.10.239.76	SESSION-2460b60c939eb75b → host:177.10.239.76
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-76f517468502eda0:flow:863ca651e2af	SESSION-76f517468502eda0 → flow:863ca651e2af
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.119:asn:262880	host:177.10.238.119 → asn:262880
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.176:asn:262880	host:177.10.233.176 → asn:262880
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c76cb7a55699fff8:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-c76cb7a55699fff8 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:a561fad76e93	flow:a561fad76e93 → host:172.234.197.23 → host:177.10.233.254 → port:tcp:3321
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.127:asn:262880	host:177.10.235.127 → asn:262880
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-4059a39607153158:BSG-BEACON-f0c7a9a91348	SESSION-4059a39607153158 → BSG-BEACON-f0c7a9a91348
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ef2cf125c8c7b83a:host:172.234.197.23	SESSION-ef2cf125c8c7b83a → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.78:asn:262880	host:177.10.239.78 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:395d02a06476:port:tcp:443	flow:395d02a06476 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7375b1770c27cca2:host:172.234.197.23	SESSION-7375b1770c27cca2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f392894730d574f3:host:172.234.197.23	SESSION-f392894730d574f3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0642648552e6:port:tcp:443	flow:0642648552e6 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1870bc27b62a60a2:flow:07d2e0a26bff	SESSION-1870bc27b62a60a2 → flow:07d2e0a26bff
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2be3bd33b6267f94:host:172.234.197.23	SESSION-2be3bd33b6267f94 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-46290f7655d18c8b:SESSION-46290f7655d18c8b	SESSION-46290f7655d18c8b → pe:syn:SESSION-46290f7655d18c8b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6cecd25b5e4e4c9c:SESSION-6cecd25b5e4e4c9c	SESSION-6cecd25b5e4e4c9c → pe:tls:SESSION-6cecd25b5e4e4c9c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-77c4b389d95f1453:host:172.234.197.23	SESSION-77c4b389d95f1453 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0b22fbd69b6831b9:host:172.234.197.23	SESSION-0b22fbd69b6831b9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-46290f7655d18c8b:host:177.10.238.87:host:172.234.197.23	SESSION-46290f7655d18c8b → host:177.10.238.87 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.78:geo_-16.28860_-49.01640	host:177.10.233.78 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-89e4df8c6f209b00:host:172.234.197.23	SESSION-89e4df8c6f209b00 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-84186d30322c849e:flow:15b03786a53b	SESSION-84186d30322c849e → flow:15b03786a53b
FLOW_FROM_HOSTOBS	e:from:SESSION-60d7d302576d36ac:host:131.196.31.233	SESSION-60d7d302576d36ac → host:131.196.31.233
FLOW_DST_PORTOBS	e:fp:flow:77bd6a0eb691:port:tcp:41921	flow:77bd6a0eb691 → port:tcp:41921
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2c18145c92d838e0:host:131.196.31.26:host:172.234.197.23	SESSION-2c18145c92d838e0 → host:131.196.31.26 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7014b065701d:port:tcp:443	flow:7014b065701d → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6c92725f4a9fb4a7:host:185.231.226.255:host:172.234.197.23	SESSION-6c92725f4a9fb4a7 → host:185.231.226.255 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-59d5bafa56d514c9:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-59d5bafa56d514c9 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b72757303ebc2bde:host:45.173.156.139:host:172.234.197.23	SESSION-b72757303ebc2bde → host:45.173.156.139 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8806932607856a75:PCAP:capture_20260430070001:903a0e7a436b	SESSION-8806932607856a75 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_FROM_HOSTOBS	e:from:SESSION-2fd944013b60077a:host:131.196.29.22	SESSION-2fd944013b60077a → host:131.196.29.22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c4d1c4ac80a0d275:host:172.234.197.23	SESSION-c4d1c4ac80a0d275 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-905e7318b3a63042:SESSION-905e7318b3a63042	SESSION-905e7318b3a63042 → pe:tls:SESSION-905e7318b3a63042
flow_observed5-aryOBS	e:fo:flow:886d5601dd53	flow:886d5601dd53 → host:177.10.239.203 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d30b8cd9cbd48a1:PCAP:capture_20260430160001:9bfa4498506a	SESSION-1d30b8cd9cbd48a1 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-52e1254f2f15b333:flow:3641ab71d6be	SESSION-52e1254f2f15b333 → flow:3641ab71d6be
FLOW_TO_HOSTOBS	e:to:SESSION-456e62c8b4b103dc:host:172.234.197.23	SESSION-456e62c8b4b103dc → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1f003ce3fae962ee:host:172.234.197.23	SESSION-1f003ce3fae962ee → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f4a86c40e28bf330:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f4a86c40e28bf330 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-338820b1c26f8211:SESSION-338820b1c26f8211	SESSION-338820b1c26f8211 → pe:syn:SESSION-338820b1c26f8211
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-68a3766ff3680ecf:host:172.234.197.23:host:131.196.31.227	SESSION-68a3766ff3680ecf → host:172.234.197.23 → host:131.196.31.227
flow_observed4-aryOBS	e:fo:flow:2b1ca5b244f0	flow:2b1ca5b244f0 → host:172.234.197.23 → host:177.10.236.96 → port:tcp:40421
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4b068e0f016ef609:host:131.196.30.41:host:172.234.197.23	SESSION-4b068e0f016ef609 → host:131.196.30.41 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.120:geo_-16.28860_-49.01640	host:177.10.238.120 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:9365c7904909	flow:9365c7904909 → host:45.173.156.125 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:60334d486293	flow:60334d486293 → host:131.196.28.10 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.223:asn:271410	host:131.196.31.223 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d47b3cf0d6133fea:SESSION-d47b3cf0d6133fea	SESSION-d47b3cf0d6133fea → pe:syn:SESSION-d47b3cf0d6133fea
FLOW_DST_PORTOBS	e:fp:flow:1acbe6be377b:port:tcp:443	flow:1acbe6be377b → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.246:geo_-16.28860_-49.01640	host:177.10.238.246 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:a4dd7b09efb9:port:tcp:443	flow:a4dd7b09efb9 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:b5daea78878e	flow:b5daea78878e → host:177.10.238.83 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:1cb9e3855c9b:port:tcp:443	flow:1cb9e3855c9b → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.250:geo_-16.28860_-49.01640	host:177.10.235.250 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1e0550020c1215cf:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1e0550020c1215cf → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:59f9ac0a020b	flow:59f9ac0a020b → host:131.196.31.180 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-95229c7c61064646:SESSION-95229c7c61064646	SESSION-95229c7c61064646 → pe:tls:SESSION-95229c7c61064646
flow_observed5-aryOBS	e:fo:flow:464ec57300aa	flow:464ec57300aa → host:177.10.233.171 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:ea95ed004069	flow:ea95ed004069 → host:172.234.197.23 → host:177.10.237.82 → port:tcp:44302
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d36b613f081e74cb:SESSION-d36b613f081e74cb	SESSION-d36b613f081e74cb → pe:tls:SESSION-d36b613f081e74cb
FLOW_TO_HOSTOBS	e:to:SESSION-2ac3b19d6233e6f7:host:172.234.197.23	SESSION-2ac3b19d6233e6f7 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6dbdcb9c1141	flow:6dbdcb9c1141 → host:131.196.29.21 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:54.186.85.102:asn:16509	host:54.186.85.102 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68f16c2935c85e73:host:172.234.197.23	SESSION-68f16c2935c85e73 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-14ec4f61373e7262:host:172.234.197.23	SESSION-14ec4f61373e7262 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78e554a3c30f161c:host:177.10.236.137	SESSION-78e554a3c30f161c → host:177.10.236.137
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b8dc993a043c8fb1:SESSION-b8dc993a043c8fb1	SESSION-b8dc993a043c8fb1 → pe:tls:SESSION-b8dc993a043c8fb1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a9d7ef6e96dbb9c5:flow:7ed75b9e1d66	SESSION-a9d7ef6e96dbb9c5 → flow:7ed75b9e1d66
FLOW_DST_PORTOBS	e:fp:flow:001b9cdbdba1:port:tcp:43214	flow:001b9cdbdba1 → port:tcp:43214
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9fad2531a6ee4032:host:172.234.197.23	SESSION-9fad2531a6ee4032 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b6806cb851ed3b70:host:172.234.197.23	SESSION-b6806cb851ed3b70 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be09ba54da571689:host:131.196.30.81	SESSION-be09ba54da571689 → host:131.196.30.81
flow_observed4-aryOBS	e:fo:flow:5c9dd4984fbd	flow:5c9dd4984fbd → host:172.234.197.23 → host:177.10.237.18 → port:tcp:31935
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-72f157e6b3da81bc:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-72f157e6b3da81bc → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-2d407d786bd09817:host:177.10.236.176	SESSION-2d407d786bd09817 → host:177.10.236.176
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-30052afb1f0268ab:host:95.170.25.181:host:172.234.197.23	SESSION-30052afb1f0268ab → host:95.170.25.181 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.217:asn:262880	host:177.10.238.217 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7640c6607dc14992:SESSION-7640c6607dc14992	SESSION-7640c6607dc14992 → pe:syn:SESSION-7640c6607dc14992
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-18c88d2b92c30f28:flow:94e629f23174	SESSION-18c88d2b92c30f28 → flow:94e629f23174
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ae64075781208b0:host:177.10.235.177	SESSION-6ae64075781208b0 → host:177.10.235.177
flow_observed4-aryOBS	e:fo:flow:53d4a5b90646	flow:53d4a5b90646 → host:172.234.197.23 → host:177.10.236.198 → port:tcp:59690
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85172baad8a91878:PCAP:capture_20260430080001:93f47cc296a4	SESSION-85172baad8a91878 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-316231fad61f009e:host:177.10.235.228	SESSION-316231fad61f009e → host:177.10.235.228
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ee4f55e8adb586c5:host:177.10.233.40	SESSION-ee4f55e8adb586c5 → host:177.10.233.40
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b57c4e647c9921c9:host:172.234.197.23	SESSION-b57c4e647c9921c9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:85194d6067d8	flow:85194d6067d8 → host:177.10.239.105 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f8396d269748cb9c:flow:4d7367284527	SESSION-f8396d269748cb9c → flow:4d7367284527
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5c7f3c61dd4869fc:host:172.234.197.23	SESSION-5c7f3c61dd4869fc → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-913ac926bd708af5:SESSION-913ac926bd708af5	SESSION-913ac926bd708af5 → pe:syn:SESSION-913ac926bd708af5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.108:geo_-16.28860_-49.01640	host:177.10.234.108 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c1df48b404d2bce0:SESSION-c1df48b404d2bce0	SESSION-c1df48b404d2bce0 → pe:syn:SESSION-c1df48b404d2bce0
flow_observed5-aryOBS	e:fo:flow:6511290d64f1	flow:6511290d64f1 → host:177.10.237.115 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:2bacf6d156d2:port:tcp:443	flow:2bacf6d156d2 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9136bc11056d23d:host:172.234.197.23	SESSION-c9136bc11056d23d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-92547fda1a59fab0:host:172.234.197.23	SESSION-92547fda1a59fab0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:fc21027b7229	flow:fc21027b7229 → host:177.10.239.227 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:103.97.91.27:geo_6.44740_3.39030	host:103.97.91.27 → geo_6.44740_3.39030
flow_observed4-aryOBS	e:fo:flow:e0be60225842	flow:e0be60225842 → host:172.234.197.23 → host:45.173.156.119 → port:tcp:49041
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e36c77c5ab0d7e92:host:57.128.95.174	SESSION-e36c77c5ab0d7e92 → host:57.128.95.174
FLOW_TO_HOSTOBS	e:to:SESSION-66c6d225095e379c:host:172.234.197.23	SESSION-66c6d225095e379c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a139b1df55cde4d7:flow:f3dfdf6b0313	SESSION-a139b1df55cde4d7 → flow:f3dfdf6b0313
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5a631db0468c49ef:flow:497b82a2345f	SESSION-5a631db0468c49ef → flow:497b82a2345f
FLOW_DST_PORTOBS	e:fp:flow:597b383bd45d:port:tcp:443	flow:597b383bd45d → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2287ae96f90f1374:SESSION-2287ae96f90f1374	SESSION-2287ae96f90f1374 → pe:syn:SESSION-2287ae96f90f1374
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9e6c979070fb893e:host:131.196.28.56:host:172.234.197.23	SESSION-9e6c979070fb893e → host:131.196.28.56 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-01b1445b3dd1d2e4:host:172.234.197.23	SESSION-01b1445b3dd1d2e4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-41957bf4b3a50ded:host:177.10.234.186	SESSION-41957bf4b3a50ded → host:177.10.234.186
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-93e1e76eb6bfe5a3:host:131.196.28.12:host:172.234.197.23	SESSION-93e1e76eb6bfe5a3 → host:131.196.28.12 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:52546135c686:port:tcp:12197	flow:52546135c686 → port:tcp:12197
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14e24a51491967d5:host:172.234.197.23	SESSION-14e24a51491967d5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4b869f0759406bd5:host:131.196.31.246	SESSION-4b869f0759406bd5 → host:131.196.31.246
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-34cbebf9a190be23:SESSION-34cbebf9a190be23	SESSION-34cbebf9a190be23 → pe:syn:SESSION-34cbebf9a190be23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-605cf9d10467f8d3:host:172.234.197.23	SESSION-605cf9d10467f8d3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c97208f3d5d9be26:host:177.10.236.15	SESSION-c97208f3d5d9be26 → host:177.10.236.15
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2d6545f001e19457:SESSION-2d6545f001e19457	SESSION-2d6545f001e19457 → pe:syn:SESSION-2d6545f001e19457
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.171:asn:262880	host:177.10.233.171 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ec3678e1070a7a4:host:172.234.197.23	SESSION-9ec3678e1070a7a4 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a5cf2da74863	flow:a5cf2da74863 → host:45.145.152.87 → host:172.234.197.23 → port:tcp:80 → svc:http
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:17.22.253.177:geo_37.75100_-97.82200	host:17.22.253.177 → geo_37.75100_-97.82200
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-854a13cbd553e198:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-854a13cbd553e198 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7375b1770c27cca2:SESSION-7375b1770c27cca2	SESSION-7375b1770c27cca2 → pe:syn:SESSION-7375b1770c27cca2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-424264fd6333414c:host:172.234.197.23	SESSION-424264fd6333414c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b60cd26b4cd717ea:flow:9d9eea4dccd4	SESSION-b60cd26b4cd717ea → flow:9d9eea4dccd4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.215:asn:271410	host:131.196.29.215 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3f25ebe7728e5694:host:172.234.197.23	SESSION-3f25ebe7728e5694 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f4a69b65a94c1ea1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f4a69b65a94c1ea1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f737e621c51c7ecf:SESSION-f737e621c51c7ecf	SESSION-f737e621c51c7ecf → pe:tls:SESSION-f737e621c51c7ecf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2479e88ee1ee68c6:host:177.10.239.84	SESSION-2479e88ee1ee68c6 → host:177.10.239.84
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-79f857f82eac6daa:host:177.10.239.56	SESSION-79f857f82eac6daa → host:177.10.239.56
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-42b603b0c5709a24:host:177.10.237.93	SESSION-42b603b0c5709a24 → host:177.10.237.93
FLOW_FROM_HOSTOBS	e:from:SESSION-228e058fc2527275:host:177.10.235.118	SESSION-228e058fc2527275 → host:177.10.235.118
flow_observed5-aryOBS	e:fo:flow:dc0d769fd5e9	flow:dc0d769fd5e9 → host:177.10.232.198 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e6c979070fb893e:host:172.234.197.23	SESSION-9e6c979070fb893e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-89957ac1ec870b87:host:177.10.239.174:host:172.234.197.23	SESSION-89957ac1ec870b87 → host:177.10.239.174 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5e816643ff0559e8:SESSION-5e816643ff0559e8	SESSION-5e816643ff0559e8 → pe:tls:SESSION-5e816643ff0559e8
FLOW_DST_PORTOBS	e:fp:flow:8d3473ebe422:port:tcp:443	flow:8d3473ebe422 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-036bdbf16af23428:host:172.234.197.23	SESSION-036bdbf16af23428 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-03bb88743ccc2c68:SESSION-03bb88743ccc2c68	SESSION-03bb88743ccc2c68 → pe:syn:SESSION-03bb88743ccc2c68
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-728f64f1954defae:host:177.10.239.239	SESSION-728f64f1954defae → host:177.10.239.239
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-79f857f82eac6daa:flow:a7146439792d	SESSION-79f857f82eac6daa → flow:a7146439792d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e998b802e74a3139:host:172.234.197.23	SESSION-e998b802e74a3139 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8c973292e4e10a2:host:172.234.197.23	SESSION-f8c973292e4e10a2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d89b7042eba6	flow:d89b7042eba6 → host:131.196.30.24 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:177.10.235.128:asn:262880	host:177.10.235.128 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:edc9ead3961c:port:tcp:80	flow:edc9ead3961c → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6d95ea715a47abbc:host:172.234.197.23	SESSION-6d95ea715a47abbc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8fbc053aa21c3a10:host:131.196.31.225	SESSION-8fbc053aa21c3a10 → host:131.196.31.225
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-744a603206d06e24:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-744a603206d06e24 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-86a02a9ab2988acd:host:103.155.16.117:host:172.234.197.23	SESSION-86a02a9ab2988acd → host:103.155.16.117 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-67a9355576766cfe:flow:f6468a8c8ce9	SESSION-67a9355576766cfe → flow:f6468a8c8ce9
flow_observed5-aryOBS	e:fo:flow:ae9086787421	flow:ae9086787421 → host:177.10.233.6 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fb520d5460f73062:PCAP:capture_20260430090001:065659c7d314	SESSION-fb520d5460f73062 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6353435fcd827ef1:host:95.170.25.60	SESSION-6353435fcd827ef1 → host:95.170.25.60
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e1aa0d90742fe552:host:177.10.233.20:host:172.234.197.23	SESSION-e1aa0d90742fe552 → host:177.10.233.20 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:13.61.34.23:geo_59.32870_18.07170	host:13.61.34.23 → geo_59.32870_18.07170
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98e2e9e1db14446c:host:172.234.197.23	SESSION-98e2e9e1db14446c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4531330495d6a6b8:host:172.234.197.23	SESSION-4531330495d6a6b8 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c3d488fa50a25e1f:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-c3d488fa50a25e1f → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ffa84d5a72af3dab:host:131.196.29.137:host:172.234.197.23	SESSION-ffa84d5a72af3dab → host:131.196.29.137 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d5ad022ad4096ce5:SESSION-d5ad022ad4096ce5	SESSION-d5ad022ad4096ce5 → pe:syn:SESSION-d5ad022ad4096ce5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b578cd49b856e8a0:SESSION-b578cd49b856e8a0	SESSION-b578cd49b856e8a0 → pe:syn:SESSION-b578cd49b856e8a0
flow_observed5-aryOBS	e:fo:flow:19ae6f68407d	flow:19ae6f68407d → host:131.196.30.214 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d027fcdf19e82664:host:177.10.233.47	SESSION-d027fcdf19e82664 → host:177.10.233.47
FLOW_TO_HOSTOBS	e:to:SESSION-da15c25f39b20c68:host:172.234.197.23	SESSION-da15c25f39b20c68 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cce146f15a17b9a1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-cce146f15a17b9a1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eead59d5c9e2a3d1:host:172.234.197.23	SESSION-eead59d5c9e2a3d1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-82c9dbe3cfe7e49f:host:172.234.197.23	SESSION-82c9dbe3cfe7e49f → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.33:asn:271410	host:131.196.29.33 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6113f2cc2cfc5017:flow:475c42977672	SESSION-6113f2cc2cfc5017 → flow:475c42977672
FLOW_DST_PORTOBS	e:fp:flow:9b008c214ebe:port:tcp:443	flow:9b008c214ebe → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-e6238265b6cc9ea0:host:172.234.197.23	SESSION-e6238265b6cc9ea0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:867a800da0e4:port:tcp:443	flow:867a800da0e4 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-b9f10142199cea9c:host:131.196.31.42	SESSION-b9f10142199cea9c → host:131.196.31.42
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c93e86640e8945ad:PCAP:capture_20260430090001:065659c7d314	SESSION-c93e86640e8945ad → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-176c7cfb0e699b4d:host:177.10.237.94	SESSION-176c7cfb0e699b4d → host:177.10.237.94
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.90:geo_-16.28860_-49.01640	host:177.10.235.90 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.71:asn:262880	host:177.10.238.71 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c89027ab2a1ddeda:host:51.224.144.61:host:172.234.197.23	SESSION-c89027ab2a1ddeda → host:51.224.144.61 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-025a43ae01804438:SESSION-025a43ae01804438	SESSION-025a43ae01804438 → pe:syn:SESSION-025a43ae01804438
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cf7044e44d29be7c:SESSION-cf7044e44d29be7c	SESSION-cf7044e44d29be7c → pe:tls:SESSION-cf7044e44d29be7c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-baf09a66da0e4962:host:177.10.239.213	SESSION-baf09a66da0e4962 → host:177.10.239.213
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7377b91dd9eda5d9:flow:834de8b9babd	SESSION-7377b91dd9eda5d9 → flow:834de8b9babd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-30c6bfe2ed3a5bca:host:193.32.162.28:host:172.234.197.23	SESSION-30c6bfe2ed3a5bca → host:193.32.162.28 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0c7d8b58da7be6c5:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-0c7d8b58da7be6c5 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-57096089299b193e:SESSION-57096089299b193e	SESSION-57096089299b193e → pe:tls:SESSION-57096089299b193e
FLOW_TO_HOSTOBS	e:to:SESSION-7dea1c67796075ab:host:172.234.197.23	SESSION-7dea1c67796075ab → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-16fca057f28c0943:SESSION-16fca057f28c0943	SESSION-16fca057f28c0943 → pe:tls:SESSION-16fca057f28c0943
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f307fcf20a41b5a0:host:172.234.197.23	SESSION-f307fcf20a41b5a0 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:62b73d5bb72f	flow:62b73d5bb72f → host:177.10.238.195 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ba642a19e1a643ce:host:172.234.197.23	SESSION-ba642a19e1a643ce → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0c7d8b58da7be6c5:host:131.196.28.175	SESSION-0c7d8b58da7be6c5 → host:131.196.28.175
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3526e42e615eba29:host:172.234.197.23	SESSION-3526e42e615eba29 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7ed3cc3ecfbc3d3c:SESSION-7ed3cc3ecfbc3d3c	SESSION-7ed3cc3ecfbc3d3c → pe:tls:SESSION-7ed3cc3ecfbc3d3c
FLOW_TO_HOSTOBS	e:to:SESSION-4886aa3300be1da9:host:172.234.197.23	SESSION-4886aa3300be1da9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4d237675f94d453:host:172.234.197.23	SESSION-a4d237675f94d453 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-39e4fa54be3b3e55:host:131.196.31.111	SESSION-39e4fa54be3b3e55 → host:131.196.31.111
FLOW_DST_PORTOBS	e:fp:flow:5f95ab8f43b5:port:tcp:4719	flow:5f95ab8f43b5 → port:tcp:4719
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f4bcb88049ff8a93:host:37.221.79.111	SESSION-f4bcb88049ff8a93 → host:37.221.79.111
FLOW_DST_PORTOBS	e:fp:flow:3c5f6476626b:port:tcp:64663	flow:3c5f6476626b → port:tcp:64663
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-53d75396bd30ce89:host:45.173.156.228:host:172.234.197.23	SESSION-53d75396bd30ce89 → host:45.173.156.228 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59417938792198bf:host:172.234.197.23	SESSION-59417938792198bf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-91196c5d66e04f5c:host:172.234.197.23	SESSION-91196c5d66e04f5c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f57d963826b0d8cc:host:131.196.31.192:host:172.234.197.23	SESSION-f57d963826b0d8cc → host:131.196.31.192 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:1a8a06fabc44:port:tcp:443	flow:1a8a06fabc44 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-4f30e546741e354a:host:131.196.29.139	SESSION-4f30e546741e354a → host:131.196.29.139
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-82d78308744a8bb2:PCAP:capture_20260430080001:93f47cc296a4	SESSION-82d78308744a8bb2 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_FROM_HOSTOBS	e:from:SESSION-0634c65493dd9b22:host:131.196.31.171	SESSION-0634c65493dd9b22 → host:131.196.31.171
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-abc64529b37d4840:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-abc64529b37d4840 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03724996262dbf01:host:172.234.197.23	SESSION-03724996262dbf01 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f5828198604c26af:host:172.234.197.23	SESSION-f5828198604c26af → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:62b620dd6ffc:port:tcp:443	flow:62b620dd6ffc → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-687ff071deb77d90:host:177.10.239.250	SESSION-687ff071deb77d90 → host:177.10.239.250
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7063a4bdff0e259c:SESSION-7063a4bdff0e259c	SESSION-7063a4bdff0e259c → pe:tls:SESSION-7063a4bdff0e259c
FLOW_TO_HOSTOBS	e:to:SESSION-e96c97861c631394:host:172.234.197.23	SESSION-e96c97861c631394 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4670d2b8fb3d0344:flow:f3f7c601b898	SESSION-4670d2b8fb3d0344 → flow:f3f7c601b898
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4354e5bc798bd13a:host:177.10.234.99	SESSION-4354e5bc798bd13a → host:177.10.234.99
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-954ce8dcd8b034e5:SESSION-954ce8dcd8b034e5	SESSION-954ce8dcd8b034e5 → pe:tls:SESSION-954ce8dcd8b034e5
flow_observed5-aryOBS	e:fo:flow:006a40e5f40d	flow:006a40e5f40d → host:104.28.234.79 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.49:asn:273470	host:45.173.156.49 → asn:273470
FLOW_TO_HOSTOBS	e:to:SESSION-430caa0514cbc012:host:131.196.29.192	SESSION-430caa0514cbc012 → host:131.196.29.192
flow_observed5-aryOBS	e:fo:flow:d8b43bd836a1	flow:d8b43bd836a1 → host:177.10.234.189 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f0835af6109bb7c1:host:131.196.30.78	SESSION-f0835af6109bb7c1 → host:131.196.30.78
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c80fd68cbbc51442:flow:be0b354de90a	SESSION-c80fd68cbbc51442 → flow:be0b354de90a
FLOW_DST_PORTOBS	e:fp:flow:a39ba2240db6:port:tcp:41374	flow:a39ba2240db6 → port:tcp:41374
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a0efb63412ce5061:host:172.234.197.23	SESSION-a0efb63412ce5061 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86086a72c76b1135:host:172.234.197.23	SESSION-86086a72c76b1135 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-687ff071deb77d90:host:172.234.197.23	SESSION-687ff071deb77d90 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f44e90059c2f2195:host:172.234.197.23	SESSION-f44e90059c2f2195 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1052ae798d70afda:host:172.234.197.23:host:131.196.31.169	SESSION-1052ae798d70afda → host:172.234.197.23 → host:131.196.31.169
flow_observed4-aryOBS	e:fo:flow:d196788d241e	flow:d196788d241e → host:172.234.197.23 → host:177.10.233.145 → port:tcp:60321
flow_observed4-aryOBS	e:fo:flow:af656b59467f	flow:af656b59467f → host:172.234.197.23 → host:177.10.233.130 → port:tcp:56393
FLOW_TO_HOSTOBS	e:to:SESSION-292edad33ae38c98:host:172.234.197.23	SESSION-292edad33ae38c98 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9e0dcae8b099ffa5:SESSION-9e0dcae8b099ffa5	SESSION-9e0dcae8b099ffa5 → pe:tls:SESSION-9e0dcae8b099ffa5
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.2:asn:203771	host:31.40.196.2 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:0d5c880f1cb7:port:tcp:443	flow:0d5c880f1cb7 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dca9298136f0125a:flow:b4923f25a42e	SESSION-dca9298136f0125a → flow:b4923f25a42e
flow_observed4-aryOBS	e:fo:flow:b7226f297fb9	flow:b7226f297fb9 → host:172.234.197.23 → host:131.196.28.106 → port:tcp:2282
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b43557542c64d676:host:172.234.197.23:host:45.173.156.207	SESSION-b43557542c64d676 → host:172.234.197.23 → host:45.173.156.207
FLOW_DST_PORTOBS	e:fp:flow:91eaffbcef38:port:tcp:37323	flow:91eaffbcef38 → port:tcp:37323
FLOW_FROM_HOSTOBS	e:from:SESSION-4424212d2efd30c8:host:131.196.29.55	SESSION-4424212d2efd30c8 → host:131.196.29.55
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-578d76d32a2c1b81:SESSION-578d76d32a2c1b81	SESSION-578d76d32a2c1b81 → pe:syn:SESSION-578d76d32a2c1b81
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-105866a23abaa0d9:flow:c6b6c34f4d03	SESSION-105866a23abaa0d9 → flow:c6b6c34f4d03
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2eb24274e849c36c:PCAP:capture_20260430090001:065659c7d314	SESSION-2eb24274e849c36c → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f1b581ea0c38fa14:host:172.234.197.23	SESSION-f1b581ea0c38fa14 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4be71a9ef959f500:SESSION-4be71a9ef959f500	SESSION-4be71a9ef959f500 → pe:tls:SESSION-4be71a9ef959f500
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.204:asn:262880	host:177.10.239.204 → asn:262880
FLOW_QUERIED_DNSOBS	e:fd:flow:cc7bcd74c035:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:cc7bcd74c035 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0482212efb1d2581:host:177.10.234.212:host:172.234.197.23	SESSION-0482212efb1d2581 → host:177.10.234.212 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f2a0bf61df119bc4:PCAP:capture_20260430060001:919b39a74464	SESSION-f2a0bf61df119bc4 → PCAP:capture_20260430060001:919b39a74464
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-381a570e386b12a2:host:177.10.235.1:host:172.234.197.23	SESSION-381a570e386b12a2 → host:177.10.235.1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-67e4e454d5bff348:SESSION-67e4e454d5bff348	SESSION-67e4e454d5bff348 → pe:syn:SESSION-67e4e454d5bff348
FLOW_DST_PORTOBS	e:fp:flow:2f47b2ba0bf8:port:tcp:443	flow:2f47b2ba0bf8 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fd57eb7fcad3510c:SESSION-fd57eb7fcad3510c	SESSION-fd57eb7fcad3510c → pe:tls:SESSION-fd57eb7fcad3510c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-10bd62a158add0c4:PCAP:capture_20260430090001:065659c7d314	SESSION-10bd62a158add0c4 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64a8475d206a0785:host:172.234.197.23	SESSION-64a8475d206a0785 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:f5c1b7b44120	flow:f5c1b7b44120 → host:172.234.197.23 → host:131.196.28.16 → port:tcp:49312
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2e85a67565660f7c:SESSION-2e85a67565660f7c	SESSION-2e85a67565660f7c → pe:syn:SESSION-2e85a67565660f7c
FLOW_FROM_HOSTOBS	e:from:SESSION-8ad42e8c66a89ee5:host:172.234.197.23	SESSION-8ad42e8c66a89ee5 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4b91d700ec898758:flow:68930acd3198	SESSION-4b91d700ec898758 → flow:68930acd3198
flow_observed4-aryOBS	e:fo:flow:f0576135d180	flow:f0576135d180 → host:172.234.197.23 → host:177.10.239.127 → port:tcp:50614
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.18:geo_-16.28860_-49.01640	host:177.10.234.18 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-c36eb4dd059a78a3:host:172.234.197.23	SESSION-c36eb4dd059a78a3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2dca77003c0beb45:flow:b054a34ebbee	SESSION-2dca77003c0beb45 → flow:b054a34ebbee
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.228:asn:273470	host:45.173.156.228 → asn:273470
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0b4130b0efbd1505:flow:699fc01b6874	SESSION-0b4130b0efbd1505 → flow:699fc01b6874
FLOW_FROM_HOSTOBS	e:from:SESSION-caa2e371708bdf2e:host:131.196.31.64	SESSION-caa2e371708bdf2e → host:131.196.31.64
FLOW_DST_PORTOBS	e:fp:flow:047e3c08925c:port:tcp:41027	flow:047e3c08925c → port:tcp:41027
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f43808d089ea9fde:host:131.196.28.72:host:172.234.197.23	SESSION-f43808d089ea9fde → host:131.196.28.72 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bee41282d03c4eb5:SESSION-bee41282d03c4eb5	SESSION-bee41282d03c4eb5 → pe:syn:SESSION-bee41282d03c4eb5
FLOW_FROM_HOSTOBS	e:from:SESSION-b61a304f889dfad6:host:172.234.197.23	SESSION-b61a304f889dfad6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:472712aef2aa:port:tcp:443	flow:472712aef2aa → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a7a1da766d51711:host:172.234.197.23	SESSION-1a7a1da766d51711 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93cfcdba6a26f550:host:172.234.197.23	SESSION-93cfcdba6a26f550 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.170:asn:271410	host:131.196.29.170 → asn:271410
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.204:asn:262880	host:177.10.232.204 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b849b4bd4115608f:host:177.10.239.150	SESSION-b849b4bd4115608f → host:177.10.239.150
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cdfe5014ffcf69db:host:172.234.197.23	SESSION-cdfe5014ffcf69db → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7845496c0c03c20:host:172.234.197.23	SESSION-b7845496c0c03c20 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f78268addd9f6ca3:host:177.10.236.164	SESSION-f78268addd9f6ca3 → host:177.10.236.164
FLOW_DST_PORTOBS	e:fp:flow:a34f8aafa3e2:port:tcp:42990	flow:a34f8aafa3e2 → port:tcp:42990
FLOW_TO_HOSTOBS	e:to:SESSION-a38bfeac3fad0550:host:45.173.156.128	SESSION-a38bfeac3fad0550 → host:45.173.156.128
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6e708c58166944fb:host:131.196.31.2	SESSION-6e708c58166944fb → host:131.196.31.2
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.146:asn:262880	host:177.10.238.146 → asn:262880
flow_observed4-aryOBS	e:fo:flow:097845287463	flow:097845287463 → host:172.234.197.23 → host:131.196.30.107 → port:tcp:24204
FLOW_DST_PORTOBS	e:fp:flow:8b1738dc4ada:port:tcp:443	flow:8b1738dc4ada → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e32df6cc4891bacc:host:172.234.197.23	SESSION-e32df6cc4891bacc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78704dd999ae95fc:host:131.196.29.183	SESSION-78704dd999ae95fc → host:131.196.29.183
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fe22df31c35f787d:host:172.234.197.23:host:45.173.156.110	SESSION-fe22df31c35f787d → host:172.234.197.23 → host:45.173.156.110
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2acb7632e6c37a6f:host:172.234.197.23	SESSION-2acb7632e6c37a6f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:36f9278deffd	flow:36f9278deffd → host:131.196.31.2 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6f2f5812045d2e3b:flow:d1d54af57315	SESSION-6f2f5812045d2e3b → flow:d1d54af57315
FLOW_TO_HOSTOBS	e:to:SESSION-cf7009921f0152ab:host:172.234.197.23	SESSION-cf7009921f0152ab → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d6a7aaaa54e7dd63:SESSION-d6a7aaaa54e7dd63	SESSION-d6a7aaaa54e7dd63 → pe:syn:SESSION-d6a7aaaa54e7dd63
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c2099dbde4b7ef03:PCAP:capture_20260430070001:903a0e7a436b	SESSION-c2099dbde4b7ef03 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_TO_HOSTOBS	e:to:SESSION-087551762f1417e7:host:172.234.197.23	SESSION-087551762f1417e7 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cc2cf38876d5e15c:host:172.234.197.23	SESSION-cc2cf38876d5e15c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c2ee5c4e3db47f8:host:172.234.197.23	SESSION-2c2ee5c4e3db47f8 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c3d488fa50a25e1f:flow:4d4917597a14	SESSION-c3d488fa50a25e1f → flow:4d4917597a14
FLOW_DST_PORTOBS	e:fp:flow:8cacf1a45ce9:port:tcp:17604	flow:8cacf1a45ce9 → port:tcp:17604
HOST_IN_ASNOBS 85%	e:ha:host:92.112.71.216:asn:203771	host:92.112.71.216 → asn:203771
flow_observed4-aryOBS	e:fo:flow:30b27dd71f22	flow:30b27dd71f22 → host:172.234.197.23 → host:131.196.30.253 → port:tcp:4898
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2c61460e754c8f6:host:177.10.239.155	SESSION-b2c61460e754c8f6 → host:177.10.239.155
flow_observed5-aryOBS	e:fo:flow:7a28d0814faa	flow:7a28d0814faa → host:131.196.31.144 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b8107d9388b9d334:flow:e1acc529e089	SESSION-b8107d9388b9d334 → flow:e1acc529e089
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2604bc3e94e22829:host:172.232.0.16	SESSION-2604bc3e94e22829 → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-886f0e6ca4ba19c9:SESSION-886f0e6ca4ba19c9	SESSION-886f0e6ca4ba19c9 → pe:tls:SESSION-886f0e6ca4ba19c9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5d4cb0f7560af550:PCAP:capture_20260430150001:ded20914761d	SESSION-5d4cb0f7560af550 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4d1e35f842f44326:SESSION-4d1e35f842f44326	SESSION-4d1e35f842f44326 → pe:syn:SESSION-4d1e35f842f44326
FLOW_DST_PORTOBS	e:fp:flow:035870e58ce4:port:tcp:443	flow:035870e58ce4 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c93e3b6f6b78357b:SESSION-c93e3b6f6b78357b	SESSION-c93e3b6f6b78357b → pe:syn:SESSION-c93e3b6f6b78357b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-077f434652010402:host:177.10.239.67	SESSION-077f434652010402 → host:177.10.239.67
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-13906a0b4b02de94:SESSION-13906a0b4b02de94	SESSION-13906a0b4b02de94 → pe:rst:SESSION-13906a0b4b02de94
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6a5c0858fcd0d09:host:177.10.234.64	SESSION-e6a5c0858fcd0d09 → host:177.10.234.64
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8684436ffb4e26c7:PCAP:capture_20260430150001:ded20914761d	SESSION-8684436ffb4e26c7 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b6f4863e4efa4050:SESSION-b6f4863e4efa4050	SESSION-b6f4863e4efa4050 → pe:tls:SESSION-b6f4863e4efa4050
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1065c42d5133f02c:SESSION-1065c42d5133f02c	SESSION-1065c42d5133f02c → pe:tls:SESSION-1065c42d5133f02c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d3f99262a1bb3592:host:131.196.30.237	SESSION-d3f99262a1bb3592 → host:131.196.30.237
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cf7009921f0152ab:flow:78300c522ed5	SESSION-cf7009921f0152ab → flow:78300c522ed5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a01362ca7d087a96:host:177.10.237.68	SESSION-a01362ca7d087a96 → host:177.10.237.68
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.124:geo_-23.62930_-46.63510	host:131.196.30.124 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7140a8719778d6c0:flow:d451d20656a7	SESSION-7140a8719778d6c0 → flow:d451d20656a7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b7312728f8a99afb:SESSION-b7312728f8a99afb	SESSION-b7312728f8a99afb → pe:syn:SESSION-b7312728f8a99afb
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.50:asn:203771	host:185.231.226.50 → asn:203771
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2ba1cfcea34ace70:SESSION-2ba1cfcea34ace70	SESSION-2ba1cfcea34ace70 → pe:tls:SESSION-2ba1cfcea34ace70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-11a1cfec66708475:host:172.234.197.23	SESSION-11a1cfec66708475 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9fabf4659f5f:port:tcp:443	flow:9fabf4659f5f → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-9633daabdcbaa0c0:host:177.10.234.163	SESSION-9633daabdcbaa0c0 → host:177.10.234.163
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-57092e6ea3a8c881:host:177.10.236.59	SESSION-57092e6ea3a8c881 → host:177.10.236.59
flow_observed5-aryOBS	e:fo:flow:4e7ca29ac410	flow:4e7ca29ac410 → host:45.173.156.116 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:3.102.147.184:geo_-36.85040_174.76750	host:3.102.147.184 → geo_-36.85040_174.76750
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0cf49defbe006f77:host:172.234.197.23	SESSION-0cf49defbe006f77 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7d1c756fff84e2d4:host:131.196.28.246	SESSION-7d1c756fff84e2d4 → host:131.196.28.246
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b61a304f889dfad6:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b61a304f889dfad6 → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.26:asn:262880	host:177.10.234.26 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a650ad390b72264d:SESSION-a650ad390b72264d	SESSION-a650ad390b72264d → pe:tls:SESSION-a650ad390b72264d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8a3c1d53f1688156:SESSION-8a3c1d53f1688156	SESSION-8a3c1d53f1688156 → pe:syn:SESSION-8a3c1d53f1688156
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e8278f913dbee560:host:177.10.239.45:host:172.234.197.23	SESSION-e8278f913dbee560 → host:177.10.239.45 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:607e5005bcdf	flow:607e5005bcdf → host:177.10.233.109 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-b7ac052262d51e17:host:131.196.29.27	SESSION-b7ac052262d51e17 → host:131.196.29.27
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.219:asn:262880	host:177.10.233.219 → asn:262880
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-be1454a9d7b7f3ce:BSG-DATA_EXFIL-012d574517f4	SESSION-be1454a9d7b7f3ce → BSG-DATA_EXFIL-012d574517f4
FLOW_FROM_HOSTOBS	e:from:SESSION-b8a95576c112cc14:host:131.196.31.220	SESSION-b8a95576c112cc14 → host:131.196.31.220
FLOW_DST_PORTOBS	e:fp:flow:ab9b76775656:port:tcp:4500	flow:ab9b76775656 → port:tcp:4500
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.111:geo_-16.28860_-49.01640	host:177.10.239.111 → geo_-16.28860_-49.01640
FLOW_TO_HOSTOBS	e:to:SESSION-43d9721f29111779:host:172.234.197.23	SESSION-43d9721f29111779 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-21de16798668b3a8:host:172.234.197.23	SESSION-21de16798668b3a8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ba4a623ca0c8731:SESSION-6ba4a623ca0c8731	SESSION-6ba4a623ca0c8731 → pe:tls:SESSION-6ba4a623ca0c8731
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3e70a8d6fd08b895:SESSION-3e70a8d6fd08b895	SESSION-3e70a8d6fd08b895 → pe:syn:SESSION-3e70a8d6fd08b895
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f73f713a631f7530:host:177.10.238.187	SESSION-f73f713a631f7530 → host:177.10.238.187
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ffc31ee499a3f223:SESSION-ffc31ee499a3f223	SESSION-ffc31ee499a3f223 → pe:tls:SESSION-ffc31ee499a3f223
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c5ea1449320ef78b:host:95.135.228.14:host:172.234.197.23	SESSION-c5ea1449320ef78b → host:95.135.228.14 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6054bbc1a24cbf34:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-6054bbc1a24cbf34 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:b0e1058bd513:port:tcp:443	flow:b0e1058bd513 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fa6f99be6bce12b0:host:177.10.233.151:host:172.234.197.23	SESSION-fa6f99be6bce12b0 → host:177.10.233.151 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5206c0f0c9583a29:flow:710d7a94d133	SESSION-5206c0f0c9583a29 → flow:710d7a94d133
FLOW_TO_HOSTOBS	e:to:SESSION-501c474d8a937a90:host:172.232.0.16	SESSION-501c474d8a937a90 → host:172.232.0.16
FLOW_DST_PORTOBS	e:fp:flow:d1eb76257bda:port:tcp:443	flow:d1eb76257bda → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-923fbccf43ed644a:host:177.10.239.225	SESSION-923fbccf43ed644a → host:177.10.239.225
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.95:geo_-23.62930_-46.63510	host:131.196.31.95 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:3b89477bda88:port:tcp:443	flow:3b89477bda88 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c97208f3d5d9be26:SESSION-c97208f3d5d9be26	SESSION-c97208f3d5d9be26 → pe:syn:SESSION-c97208f3d5d9be26
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8c5fe81cc60001f5:SESSION-8c5fe81cc60001f5	SESSION-8c5fe81cc60001f5 → pe:syn:SESSION-8c5fe81cc60001f5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c0cb5698f1d5957a:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-c0cb5698f1d5957a → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f5f3ac5dec394466:SESSION-f5f3ac5dec394466	SESSION-f5f3ac5dec394466 → pe:tls:SESSION-f5f3ac5dec394466
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4f6b9574b70ed197:flow:c82bccc28482	SESSION-4f6b9574b70ed197 → flow:c82bccc28482
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5626602f012a6e70:flow:1ffefd09c68f	SESSION-5626602f012a6e70 → flow:1ffefd09c68f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9c596c163b79d372:host:172.234.197.23:host:177.10.235.222	SESSION-9c596c163b79d372 → host:172.234.197.23 → host:177.10.235.222
FLOW_FROM_HOSTOBS	e:from:SESSION-dc65fb323eff44ce:host:172.234.197.23	SESSION-dc65fb323eff44ce → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-14a74b0f0f76c3f9:SESSION-14a74b0f0f76c3f9	SESSION-14a74b0f0f76c3f9 → pe:syn:SESSION-14a74b0f0f76c3f9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cd38adf08b5d5a9e:host:69.222.187.134:host:172.234.197.23	SESSION-cd38adf08b5d5a9e → host:69.222.187.134 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e6588ddd9fabb341:flow:2eef0c640804	SESSION-e6588ddd9fabb341 → flow:2eef0c640804
FLOW_TO_HOSTOBS	e:to:SESSION-7c6483e185c23934:host:172.234.197.23	SESSION-7c6483e185c23934 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d39d584292f8:port:tcp:443	flow:d39d584292f8 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:eb3e9a7dff16	flow:eb3e9a7dff16 → host:177.10.232.217 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9b2bcd9d2c0b41b4:host:172.234.197.23:host:131.196.30.32	SESSION-9b2bcd9d2c0b41b4 → host:172.234.197.23 → host:131.196.30.32
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0bf923c759cb9e4a:flow:cc7bcd74c035	SESSION-0bf923c759cb9e4a → flow:cc7bcd74c035
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-536e36b5c95ee442:host:172.234.197.23	SESSION-536e36b5c95ee442 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3b13920773df7284:SESSION-3b13920773df7284	SESSION-3b13920773df7284 → pe:tls:SESSION-3b13920773df7284
FLOW_DST_PORTOBS	e:fp:flow:a173045a2352:port:tcp:443	flow:a173045a2352 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-85172baad8a91878:SESSION-85172baad8a91878	SESSION-85172baad8a91878 → pe:tls:SESSION-85172baad8a91878
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8b8b9e098330595b:flow:d74671e865ef	SESSION-8b8b9e098330595b → flow:d74671e865ef
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-64e6d0099998fde8:flow:d71b1c3263a1	SESSION-64e6d0099998fde8 → flow:d71b1c3263a1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-393eb1cd54ab212e:PCAP:capture_20260430110001:43611bdf6759	SESSION-393eb1cd54ab212e → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a9de26895ffb34a3:host:172.234.197.23:host:177.10.236.56	SESSION-a9de26895ffb34a3 → host:172.234.197.23 → host:177.10.236.56
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-8165f1476121226e:BSG-DATA_EXFIL-096531adb0f5	SESSION-8165f1476121226e → BSG-DATA_EXFIL-096531adb0f5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b4020db38e68a457:SESSION-b4020db38e68a457	SESSION-b4020db38e68a457 → pe:syn:SESSION-b4020db38e68a457
FLOW_DST_PORTOBS	e:fp:flow:7d842f33d9ec:port:tcp:443	flow:7d842f33d9ec → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1633b12f0e20b97e:host:185.231.226.245:host:172.234.197.23	SESSION-1633b12f0e20b97e → host:185.231.226.245 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-66033cfbc7dd0c2c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-66033cfbc7dd0c2c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3e9c01925d6f4319:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-3e9c01925d6f4319 → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_DST_PORTOBS	e:fp:flow:d1769d6cea4e:port:tcp:16227	flow:d1769d6cea4e → port:tcp:16227
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3109063707c4a5e1:SESSION-3109063707c4a5e1	SESSION-3109063707c4a5e1 → pe:tls:SESSION-3109063707c4a5e1
FLOW_TO_HOSTOBS	e:to:SESSION-a70cd7da1062faad:host:172.234.197.23	SESSION-a70cd7da1062faad → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e7c69120e909	flow:e7c69120e909 → host:177.10.232.229 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dae3e228e98c74e4:host:172.234.197.23	SESSION-dae3e228e98c74e4 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7982be2235ba:port:tcp:443	flow:7982be2235ba → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:15a75a81c121	flow:15a75a81c121 → host:177.10.238.94 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a9042bd9c6a81d17:host:172.234.197.23	SESSION-a9042bd9c6a81d17 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a37420066607:port:tcp:15007	flow:a37420066607 → port:tcp:15007
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-414103fa622913fc:flow:4023081e4eab	SESSION-414103fa622913fc → flow:4023081e4eab
FLOW_DST_PORTOBS	e:fp:flow:510487093d98:port:tcp:61737	flow:510487093d98 → port:tcp:61737
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b8a95576c112cc14:SESSION-b8a95576c112cc14	SESSION-b8a95576c112cc14 → pe:syn:SESSION-b8a95576c112cc14
FLOW_TO_HOSTOBS	e:to:SESSION-c8466bbcc058d46c:host:172.234.197.23	SESSION-c8466bbcc058d46c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-106d77d887836a65:SESSION-106d77d887836a65	SESSION-106d77d887836a65 → pe:syn:SESSION-106d77d887836a65
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b55fe86aa2a31ece:SESSION-b55fe86aa2a31ece	SESSION-b55fe86aa2a31ece → pe:syn:SESSION-b55fe86aa2a31ece
FLOW_TO_HOSTOBS	e:to:SESSION-2348046789aa81fe:host:172.234.197.23	SESSION-2348046789aa81fe → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1ee12e96d458a4e4:SESSION-1ee12e96d458a4e4	SESSION-1ee12e96d458a4e4 → pe:syn:SESSION-1ee12e96d458a4e4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f951b8fc6e0dd11c:SESSION-f951b8fc6e0dd11c	SESSION-f951b8fc6e0dd11c → pe:syn:SESSION-f951b8fc6e0dd11c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4e49f7df60935172:host:177.10.236.129:host:172.234.197.23	SESSION-4e49f7df60935172 → host:177.10.236.129 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-eeeeaab9fc572806:host:172.234.197.23	SESSION-eeeeaab9fc572806 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-328b0864666a263b:host:172.234.197.23	SESSION-328b0864666a263b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.188:geo_-23.62930_-46.63510	host:131.196.31.188 → geo_-23.62930_-46.63510
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc41b76983738bc7:flow:464ec57300aa	SESSION-cc41b76983738bc7 → flow:464ec57300aa
FLOW_TO_HOSTOBS	e:to:SESSION-36b6bef962351df3:host:172.234.197.23	SESSION-36b6bef962351df3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6af366568a421f52:host:172.234.197.23	SESSION-6af366568a421f52 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b16231fef814b904:SESSION-b16231fef814b904	SESSION-b16231fef814b904 → pe:tls:SESSION-b16231fef814b904
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.69:geo_-16.28860_-49.01640	host:177.10.232.69 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a3e524c73cd89280:host:172.234.197.23	SESSION-a3e524c73cd89280 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3cdf0b404a4678c5:SESSION-3cdf0b404a4678c5	SESSION-3cdf0b404a4678c5 → pe:syn:SESSION-3cdf0b404a4678c5
flow_observed5-aryOBS	e:fo:flow:b4b58943af29	flow:b4b58943af29 → host:177.10.234.76 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-67fe6c66ab1f1fcd:host:172.234.197.23	SESSION-67fe6c66ab1f1fcd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f6c732897c2ca80c:host:45.173.156.116	SESSION-f6c732897c2ca80c → host:45.173.156.116
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8f5e9ebe80065c9c:flow:ce541888aeb1	SESSION-8f5e9ebe80065c9c → flow:ce541888aeb1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f8d6efdf3cd688f1:SESSION-f8d6efdf3cd688f1	SESSION-f8d6efdf3cd688f1 → pe:syn:SESSION-f8d6efdf3cd688f1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b3057ab5d68c477:host:177.10.235.80	SESSION-5b3057ab5d68c477 → host:177.10.235.80
FLOW_TO_HOSTOBS	e:to:SESSION-759329d52e4cabab:host:172.232.0.16	SESSION-759329d52e4cabab → host:172.232.0.16
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.24:geo_-16.28860_-49.01640	host:177.10.236.24 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-08d3390238946fda:host:195.154.100.87	SESSION-08d3390238946fda → host:195.154.100.87
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.33:asn:262880	host:177.10.232.33 → asn:262880
FLOW_FROM_HOSTOBS	e:from:SESSION-8327be02acf872a5:host:177.10.232.184	SESSION-8327be02acf872a5 → host:177.10.232.184
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4d6f38e3582127c:SESSION-c4d6f38e3582127c	SESSION-c4d6f38e3582127c → pe:syn:SESSION-c4d6f38e3582127c
FLOW_DST_PORTOBS	e:fp:flow:9a5df56c59b0:port:tcp:443	flow:9a5df56c59b0 → port:tcp:443
ASN_IN_ORGOBS 80%	e:ao:asn:216030:org:GoodLeaf Hosting & Development LLC	asn:216030 → org:GoodLeaf Hosting & Development LLC
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68342cf3c00e7f2e:host:131.196.28.6	SESSION-68342cf3c00e7f2e → host:131.196.28.6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.238:geo_-16.28860_-49.01640	host:177.10.236.238 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:c06565ad7f6a:port:tcp:42972	flow:c06565ad7f6a → port:tcp:42972
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5fbe82bcd0d20589:SESSION-5fbe82bcd0d20589	SESSION-5fbe82bcd0d20589 → pe:syn:SESSION-5fbe82bcd0d20589
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-35ad9f030d1e8e6d:SESSION-35ad9f030d1e8e6d	SESSION-35ad9f030d1e8e6d → pe:syn:SESSION-35ad9f030d1e8e6d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b72f7dde05c7e1dd:flow:260ed1123d22	SESSION-b72f7dde05c7e1dd → flow:260ed1123d22
flow_observed5-aryOBS	e:fo:flow:dbade0df5981	flow:dbade0df5981 → host:131.196.31.143 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:f678dba79a31:port:tcp:443	flow:f678dba79a31 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-97e21cf514a48728:host:45.173.156.240	SESSION-97e21cf514a48728 → host:45.173.156.240
FLOW_DST_PORTOBS	e:fp:flow:a602b99696cd:port:tcp:11030	flow:a602b99696cd → port:tcp:11030
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-98e2e9e1db14446c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-98e2e9e1db14446c → PCAP:capture_20260430050001:8868731bf8a4
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.127:asn:271410	host:131.196.29.127 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-617da6f9980af1b7:host:172.234.197.23	SESSION-617da6f9980af1b7 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1acc74ca4adb622d:host:45.173.156.85:host:172.234.197.23	SESSION-1acc74ca4adb622d → host:45.173.156.85 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-045b8a3eae800458:SESSION-045b8a3eae800458	SESSION-045b8a3eae800458 → pe:syn:SESSION-045b8a3eae800458
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e7e110cd2632aa64:SESSION-e7e110cd2632aa64	SESSION-e7e110cd2632aa64 → pe:syn:SESSION-e7e110cd2632aa64
FLOW_TO_HOSTOBS	e:to:SESSION-40d48b3e3ce773b5:host:172.234.197.23	SESSION-40d48b3e3ce773b5 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ca55f398b8ed07e1:host:131.196.31.200	SESSION-ca55f398b8ed07e1 → host:131.196.31.200
FLOW_FROM_HOSTOBS	e:from:SESSION-9b2bcd9d2c0b41b4:host:172.234.197.23	SESSION-9b2bcd9d2c0b41b4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ac742257199be2dd:host:131.196.28.81	SESSION-ac742257199be2dd → host:131.196.28.81
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a7f859cb03c026fc:PCAP:capture_20260430090001:065659c7d314	SESSION-a7f859cb03c026fc → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-098ed7054a17b347:host:172.234.197.23	SESSION-098ed7054a17b347 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:5bdf9bbf4f3e	flow:5bdf9bbf4f3e → host:37.221.79.86 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3224b320d23ec0cd:host:172.234.197.23	SESSION-3224b320d23ec0cd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d24a424002821105:flow:eab68470020d	SESSION-d24a424002821105 → flow:eab68470020d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b1dabd85b6a07947:host:177.10.232.217	SESSION-b1dabd85b6a07947 → host:177.10.232.217
FLOW_FROM_HOSTOBS	e:from:SESSION-cc1c86e42be942bd:host:103.155.16.117	SESSION-cc1c86e42be942bd → host:103.155.16.117
FLOW_DST_PORTOBS	e:fp:flow:456dd9438c9b:port:tcp:443	flow:456dd9438c9b → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ffb0d51cd8f7dd7:SESSION-8ffb0d51cd8f7dd7	SESSION-8ffb0d51cd8f7dd7 → pe:syn:SESSION-8ffb0d51cd8f7dd7
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.234:asn:262880	host:177.10.236.234 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-87f83ff8260cc70d:host:177.10.238.197	SESSION-87f83ff8260cc70d → host:177.10.238.197
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-44a6b99289a2f8de:SESSION-44a6b99289a2f8de	SESSION-44a6b99289a2f8de → pe:syn:SESSION-44a6b99289a2f8de
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.116:geo_-16.28860_-49.01640	host:177.10.232.116 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-7f008aa22e7b680c:host:172.234.197.23	SESSION-7f008aa22e7b680c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-db187e026dbc97b6:host:172.234.197.23:host:177.10.234.46	SESSION-db187e026dbc97b6 → host:172.234.197.23 → host:177.10.234.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-693fee7d62fe51b9:SESSION-693fee7d62fe51b9	SESSION-693fee7d62fe51b9 → pe:syn:SESSION-693fee7d62fe51b9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-29bf5bdb9e3850fd:flow:d09c26b22168	SESSION-29bf5bdb9e3850fd → flow:d09c26b22168
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.29:asn:271410	host:131.196.31.29 → asn:271410
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-39452ac6bcbae8d3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-39452ac6bcbae8d3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed5-aryOBS	e:fo:flow:1ace16a3669e	flow:1ace16a3669e → host:177.10.234.184 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5f5575c7d9faf65d:host:177.10.232.164:host:172.234.197.23	SESSION-5f5575c7d9faf65d → host:177.10.232.164 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-840476c00c988ec7:host:177.10.238.91	SESSION-840476c00c988ec7 → host:177.10.238.91
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9e1cb285535c63d0:host:177.10.233.228	SESSION-9e1cb285535c63d0 → host:177.10.233.228
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-34efc230578c0ec6:host:192.99.232.216:host:172.234.197.23	SESSION-34efc230578c0ec6 → host:192.99.232.216 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2f35e45e57d830f4:SESSION-2f35e45e57d830f4	SESSION-2f35e45e57d830f4 → pe:tls:SESSION-2f35e45e57d830f4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ad7d874b9cd6bce1:SESSION-ad7d874b9cd6bce1	SESSION-ad7d874b9cd6bce1 → pe:tls:SESSION-ad7d874b9cd6bce1
FLOW_FROM_HOSTOBS	e:from:SESSION-76fc6cf591b9ed20:host:172.234.197.23	SESSION-76fc6cf591b9ed20 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c0df43d2721e666e:host:172.234.197.23	SESSION-c0df43d2721e666e → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5a2ec532c0b9:port:tcp:58216	flow:5a2ec532c0b9 → port:tcp:58216
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1be36b841cb9bb38:host:172.234.197.23	SESSION-1be36b841cb9bb38 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:8a3c0b7a19d4:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:8a3c0b7a19d4 → tls_sni:172-234-197-23.ip.linodeusercontent.com
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.237:asn:271410	host:131.196.29.237 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2be203d892e5c4c6:host:172.234.197.23	SESSION-2be203d892e5c4c6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0461902d351b0498:SESSION-0461902d351b0498	SESSION-0461902d351b0498 → pe:tls:SESSION-0461902d351b0498
FLOW_FROM_HOSTOBS	e:from:SESSION-fc0d354223e065ab:host:172.234.197.23	SESSION-fc0d354223e065ab → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3a286fa1508a759d:flow:0807ce4d27d1	SESSION-3a286fa1508a759d → flow:0807ce4d27d1
FLOW_DST_PORTOBS	e:fp:flow:d4d7e5e657ae:port:tcp:12473	flow:d4d7e5e657ae → port:tcp:12473
FLOW_FROM_HOSTOBS	e:from:SESSION-ce973eb9d12ea742:host:174.202.97.85	SESSION-ce973eb9d12ea742 → host:174.202.97.85
flow_observed3-aryOBS	e:fo:flow:578e20cc2601	flow:578e20cc2601 → host:103.155.16.117 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a4b062ac7956d3a5:SESSION-a4b062ac7956d3a5	SESSION-a4b062ac7956d3a5 → pe:tls:SESSION-a4b062ac7956d3a5
FLOW_FROM_HOSTOBS	e:from:SESSION-f29ae4ea1d6d03ed:host:177.10.232.89	SESSION-f29ae4ea1d6d03ed → host:177.10.232.89
FLOW_TO_HOSTOBS	e:to:SESSION-5bab109b42e3a8d7:host:131.196.28.167	SESSION-5bab109b42e3a8d7 → host:131.196.28.167
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b4dc175dd74a3b00:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-b4dc175dd74a3b00 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_DST_PORTOBS	e:fp:flow:5761bb4e0fa0:port:tcp:443	flow:5761bb4e0fa0 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-309223c775254000:flow:3f94093d8b40	SESSION-309223c775254000 → flow:3f94093d8b40
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7b1078812f997c85:SESSION-7b1078812f997c85	SESSION-7b1078812f997c85 → pe:tls:SESSION-7b1078812f997c85
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1da9f85a5b3be49b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1da9f85a5b3be49b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.231.226.205:geo_41.02140_28.99480	host:185.231.226.205 → geo_41.02140_28.99480
FLOW_DST_PORTOBS	e:fp:flow:00e9278de537:port:tcp:46415	flow:00e9278de537 → port:tcp:46415
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8e743a12f6a9d6a4:SESSION-8e743a12f6a9d6a4	SESSION-8e743a12f6a9d6a4 → pe:tls:SESSION-8e743a12f6a9d6a4
flow_observed5-aryOBS	e:fo:flow:f5e14a7ff597	flow:f5e14a7ff597 → host:131.196.30.156 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ba981a6eb39461c8:flow:776d8c0cfcb9	SESSION-ba981a6eb39461c8 → flow:776d8c0cfcb9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b11ad70426b43374:SESSION-b11ad70426b43374	SESSION-b11ad70426b43374 → pe:tls:SESSION-b11ad70426b43374
FLOW_DST_PORTOBS	e:fp:flow:f7553640b4c3:port:tcp:36879	flow:f7553640b4c3 → port:tcp:36879
FLOW_FROM_HOSTOBS	e:from:SESSION-ed79241b929fab43:host:177.10.239.190	SESSION-ed79241b929fab43 → host:177.10.239.190
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-136e732c63cf53f4:SESSION-136e732c63cf53f4	SESSION-136e732c63cf53f4 → pe:syn:SESSION-136e732c63cf53f4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5d5e50cd91d4ac54:PCAP:capture_20260430150001:ded20914761d	SESSION-5d5e50cd91d4ac54 → PCAP:capture_20260430150001:ded20914761d
FLOW_TO_HOSTOBS	e:to:SESSION-3f25ebe7728e5694:host:177.10.239.144	SESSION-3f25ebe7728e5694 → host:177.10.239.144
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-14d517e62aef6020:flow:879448d3de89	SESSION-14d517e62aef6020 → flow:879448d3de89
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c54c8f2f9fead0c6:host:172.234.197.23	SESSION-c54c8f2f9fead0c6 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.46:asn:262880	host:177.10.234.46 → asn:262880
flow_observed4-aryOBS	e:fo:flow:f80c07f5c415	flow:f80c07f5c415 → host:172.234.197.23 → host:177.10.232.56 → port:tcp:15904
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ac742257199be2dd:SESSION-ac742257199be2dd	SESSION-ac742257199be2dd → pe:syn:SESSION-ac742257199be2dd
flow_observed3-aryOBS	e:fo:flow:02b3a264a353	flow:02b3a264a353 → host:3.103.16.171 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-7b2f232bbd4758bf:host:172.234.197.23	SESSION-7b2f232bbd4758bf → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-938eb42ac2c00523:host:172.234.197.23	SESSION-938eb42ac2c00523 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3ba452c5658f:port:tcp:443	flow:3ba452c5658f → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.124:asn:271410	host:131.196.30.124 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-310c82c2a589a705:host:172.234.197.23:host:177.10.237.108	SESSION-310c82c2a589a705 → host:172.234.197.23 → host:177.10.237.108
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7fad01c8dca4d847:host:177.10.234.74	SESSION-7fad01c8dca4d847 → host:177.10.234.74
FLOW_DST_PORTOBS	e:fp:flow:1f974a8deb0f:port:tcp:443	flow:1f974a8deb0f → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-21a19991d129ba18:SESSION-21a19991d129ba18	SESSION-21a19991d129ba18 → pe:syn:SESSION-21a19991d129ba18
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fab752fe97090e4a:flow:cc5fcd208a7d	SESSION-fab752fe97090e4a → flow:cc5fcd208a7d
FLOW_FROM_HOSTOBS	e:from:SESSION-57e30ec2e308e552:host:92.112.71.168	SESSION-57e30ec2e308e552 → host:92.112.71.168
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ef002e94e1d9ac81:PCAP:capture_20260430150001:ded20914761d	SESSION-ef002e94e1d9ac81 → PCAP:capture_20260430150001:ded20914761d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eaa23bb51e1c2dee:host:131.196.28.156:host:172.234.197.23	SESSION-eaa23bb51e1c2dee → host:131.196.28.156 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e6a07ad54f9ab5f8:host:172.234.197.23	SESSION-e6a07ad54f9ab5f8 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.56:asn:271410	host:131.196.29.56 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7aec1fe7f0c7787b:SESSION-7aec1fe7f0c7787b	SESSION-7aec1fe7f0c7787b → pe:tls:SESSION-7aec1fe7f0c7787b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b4d5ec492dcde12c:host:131.196.30.74:host:172.234.197.23	SESSION-b4d5ec492dcde12c → host:131.196.30.74 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c3bfd44b04badb9b:host:172.234.197.23	SESSION-c3bfd44b04badb9b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9cd2627e6ddbbad1:host:172.234.197.23	SESSION-9cd2627e6ddbbad1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5f56081dde23b5ed:SESSION-5f56081dde23b5ed	SESSION-5f56081dde23b5ed → pe:syn:SESSION-5f56081dde23b5ed
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-28e949edc1bba418:host:172.234.197.23:host:131.196.31.220	SESSION-28e949edc1bba418 → host:172.234.197.23 → host:131.196.31.220
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b3a17f957b1f0153:host:177.10.235.185	SESSION-b3a17f957b1f0153 → host:177.10.235.185
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d9e1dffa0e2317c3:SESSION-d9e1dffa0e2317c3	SESSION-d9e1dffa0e2317c3 → pe:syn:SESSION-d9e1dffa0e2317c3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47f0fc6e11d78716:host:95.135.228.136:host:172.234.197.23	SESSION-47f0fc6e11d78716 → host:95.135.228.136 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4bb4f425427d3bee:PCAP:capture_20260430050001:8868731bf8a4	SESSION-4bb4f425427d3bee → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-85483e16d9e2576e:PCAP:capture_20260430160001:9bfa4498506a	SESSION-85483e16d9e2576e → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2384be4238de1707:PCAP:capture_20260430070001:903a0e7a436b	SESSION-2384be4238de1707 → PCAP:capture_20260430070001:903a0e7a436b
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.247:asn:262880	host:177.10.232.247 → asn:262880
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-973fc1252d207af1:BSG-BEACON-026b83b0f096	SESSION-973fc1252d207af1 → BSG-BEACON-026b83b0f096
FLOW_DST_PORTOBS	e:fp:flow:6e9f8e4544a3:port:tcp:443	flow:6e9f8e4544a3 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-9e540dbaefa45433:host:172.234.197.23	SESSION-9e540dbaefa45433 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4da5ddbc1348c177:host:172.234.197.23	SESSION-4da5ddbc1348c177 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b0e4303498e9ae3e:host:45.173.156.46:host:172.234.197.23	SESSION-b0e4303498e9ae3e → host:45.173.156.46 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8d11cc9a154a777c:host:177.10.233.95	SESSION-8d11cc9a154a777c → host:177.10.233.95
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-124cb6be20cbe456:host:177.10.236.222	SESSION-124cb6be20cbe456 → host:177.10.236.222
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-030a81db4532bd3a:host:172.234.197.23:host:177.10.238.204	SESSION-030a81db4532bd3a → host:172.234.197.23 → host:177.10.238.204
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-196ad93208fa5be9:SESSION-196ad93208fa5be9	SESSION-196ad93208fa5be9 → pe:tls:SESSION-196ad93208fa5be9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b2754fb6a113c6b7:flow:92c68a9e0443	SESSION-b2754fb6a113c6b7 → flow:92c68a9e0443
FLOW_TO_HOSTOBS	e:to:SESSION-f9479b510131ce6c:host:172.234.197.23	SESSION-f9479b510131ce6c → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-087551762f1417e7:flow:ac271c0d298b	SESSION-087551762f1417e7 → flow:ac271c0d298b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-314272d88a452691:host:172.234.197.23	SESSION-314272d88a452691 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:cb8f618e44ed:port:tcp:1530	flow:cb8f618e44ed → port:tcp:1530
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ef022cf55a10b05:host:131.196.31.47:host:172.234.197.23	SESSION-6ef022cf55a10b05 → host:131.196.31.47 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:dd422b411ab1:port:tcp:443	flow:dd422b411ab1 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-b72757303ebc2bde:host:172.234.197.23	SESSION-b72757303ebc2bde → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-09c97c2e7f8ca5a6:PCAP:capture_20260430070001:903a0e7a436b	SESSION-09c97c2e7f8ca5a6 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-73bdc276c5a845ed:host:131.196.30.104	SESSION-73bdc276c5a845ed → host:131.196.30.104
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ad4604a15181cb67:PCAP:capture_20260430150001:ded20914761d	SESSION-ad4604a15181cb67 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:93e9c37360c6:port:tcp:38086	flow:93e9c37360c6 → port:tcp:38086
FLOW_TO_HOSTOBS	e:to:SESSION-136e732c63cf53f4:host:172.234.197.23	SESSION-136e732c63cf53f4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-14b4ac17b4f35bc0:SESSION-14b4ac17b4f35bc0	SESSION-14b4ac17b4f35bc0 → pe:syn:SESSION-14b4ac17b4f35bc0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-02999fe2096ad39b:host:45.173.156.78:host:172.234.197.23	SESSION-02999fe2096ad39b → host:45.173.156.78 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-62e68b494cd2572d:host:172.234.197.23:host:177.10.236.92	SESSION-62e68b494cd2572d → host:172.234.197.23 → host:177.10.236.92
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-330bec399d401574:host:172.234.197.23	SESSION-330bec399d401574 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-67a9355576766cfe:SESSION-67a9355576766cfe	SESSION-67a9355576766cfe → pe:tls:SESSION-67a9355576766cfe
FLOW_DST_PORTOBS	e:fp:flow:2e77d5b01871:port:tcp:443	flow:2e77d5b01871 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:0fd1643ef09f:port:tcp:44409	flow:0fd1643ef09f → port:tcp:44409
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4bd4f427df690125:PCAP:capture_20260430090001:065659c7d314	SESSION-4bd4f427df690125 → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3075d8276a1a3ff8:flow:060fa8c13a73	SESSION-3075d8276a1a3ff8 → flow:060fa8c13a73
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.205:geo_-21.10010_-41.69200	host:45.173.156.205 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7a800bc67052acb8:flow:5792429a5c60	SESSION-7a800bc67052acb8 → flow:5792429a5c60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cde6fb5ccac54489:host:177.10.236.169	SESSION-cde6fb5ccac54489 → host:177.10.236.169
flow_observed5-aryOBS	e:fo:flow:998829d1b012	flow:998829d1b012 → host:177.10.237.31 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0a586e6b93cbc00d:PCAP:capture_20260430090001:065659c7d314	SESSION-0a586e6b93cbc00d → PCAP:capture_20260430090001:065659c7d314
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5fc80192f398e14d:host:172.234.197.23	SESSION-5fc80192f398e14d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-21a19991d129ba18:host:172.234.197.23:host:177.10.237.35	SESSION-21a19991d129ba18 → host:172.234.197.23 → host:177.10.237.35
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bb7c4827354230c4:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-bb7c4827354230c4 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1d9ece39eb531c8b:SESSION-1d9ece39eb531c8b	SESSION-1d9ece39eb531c8b → pe:tls:SESSION-1d9ece39eb531c8b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-650fd2b828a7b477:flow:bc6e4eea3acb	SESSION-650fd2b828a7b477 → flow:bc6e4eea3acb
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ea20601fa7d993b:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1ea20601fa7d993b → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-c2099dbde4b7ef03:host:177.10.236.92	SESSION-c2099dbde4b7ef03 → host:177.10.236.92
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a83b6f19c39d579f:SESSION-a83b6f19c39d579f	SESSION-a83b6f19c39d579f → pe:tls:SESSION-a83b6f19c39d579f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a88f0b19d496a689:host:172.234.197.23	SESSION-a88f0b19d496a689 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.192:geo_-16.28860_-49.01640	host:177.10.233.192 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fb9800c0b594ef9b:SESSION-fb9800c0b594ef9b	SESSION-fb9800c0b594ef9b → pe:tls:SESSION-fb9800c0b594ef9b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bcd94ff2cea5ca72:host:177.10.239.10	SESSION-bcd94ff2cea5ca72 → host:177.10.239.10
flow_observed4-aryOBS	e:fo:flow:8cc36fa22779	flow:8cc36fa22779 → host:172.234.197.23 → host:177.10.232.120 → port:tcp:26711
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:95.170.25.5:geo_41.00190_28.96450	host:95.170.25.5 → geo_41.00190_28.96450
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-aaf7ce37564a0317:host:131.196.30.201	SESSION-aaf7ce37564a0317 → host:131.196.30.201
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7c6580975a2d7416:host:177.10.238.35:host:172.234.197.23	SESSION-7c6580975a2d7416 → host:177.10.238.35 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-105ac3e4c69fbe80:SESSION-105ac3e4c69fbe80	SESSION-105ac3e4c69fbe80 → pe:tls:SESSION-105ac3e4c69fbe80
FLOW_DST_PORTOBS	e:fp:flow:6ad316de0461:port:tcp:443	flow:6ad316de0461 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8a43b551ff0093c7:SESSION-8a43b551ff0093c7	SESSION-8a43b551ff0093c7 → pe:syn:SESSION-8a43b551ff0093c7
FLOW_FROM_HOSTOBS	e:from:SESSION-d47b3cf0d6133fea:host:177.10.236.21	SESSION-d47b3cf0d6133fea → host:177.10.236.21
FLOW_DST_PORTOBS	e:fp:flow:9b52713bd4bb:port:tcp:8735	flow:9b52713bd4bb → port:tcp:8735
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ce2516dd8311d56:host:177.10.232.143	SESSION-1ce2516dd8311d56 → host:177.10.232.143
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9de698333fa1afcb:host:45.173.156.205	SESSION-9de698333fa1afcb → host:45.173.156.205
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0940876600cf1421:host:177.10.233.177	SESSION-0940876600cf1421 → host:177.10.233.177
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-105ac3e4c69fbe80:flow:183fec7e62fe	SESSION-105ac3e4c69fbe80 → flow:183fec7e62fe
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a1d9624273099964:host:131.196.29.229:host:172.234.197.23	SESSION-a1d9624273099964 → host:131.196.29.229 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a07ffa981e156af1:host:172.234.197.23	SESSION-a07ffa981e156af1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2c59cadc4597ab32:host:172.234.197.23	SESSION-2c59cadc4597ab32 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-97e21cf514a48728:SESSION-97e21cf514a48728	SESSION-97e21cf514a48728 → pe:tls:SESSION-97e21cf514a48728
FLOW_TO_HOSTOBS	e:to:SESSION-597a035229423245:host:172.234.197.23	SESSION-597a035229423245 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5e7f6e07782bad0e:flow:3915f5099d4a	SESSION-5e7f6e07782bad0e → flow:3915f5099d4a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-df3beb1e5143a102:PCAP:capture_20260430150001:ded20914761d	SESSION-df3beb1e5143a102 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-38ea28f2e42013a7:host:172.234.197.23	SESSION-38ea28f2e42013a7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9df048180bcb59b6:host:172.234.197.23	SESSION-9df048180bcb59b6 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-171cec02c0effee6:PCAP:capture_20260430050001:8868731bf8a4	SESSION-171cec02c0effee6 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e503c69e36c27590:host:177.10.233.54	SESSION-e503c69e36c27590 → host:177.10.233.54
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f7287a957cb5e0d9:host:172.234.197.23	SESSION-f7287a957cb5e0d9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c774247ce2f7d3db:SESSION-c774247ce2f7d3db	SESSION-c774247ce2f7d3db → pe:syn:SESSION-c774247ce2f7d3db
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e2f1449f3d42ccdf:host:131.196.29.157:host:172.234.197.23	SESSION-e2f1449f3d42ccdf → host:131.196.29.157 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5a6dc0e99827:port:tcp:80	flow:5a6dc0e99827 → port:tcp:80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-68a45a74f687a5a4:SESSION-68a45a74f687a5a4	SESSION-68a45a74f687a5a4 → pe:syn:SESSION-68a45a74f687a5a4
flow_observed5-aryOBS	e:fo:flow:15feef3af155	flow:15feef3af155 → host:131.196.31.226 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-14b4ac17b4f35bc0:SESSION-14b4ac17b4f35bc0	SESSION-14b4ac17b4f35bc0 → pe:tls:SESSION-14b4ac17b4f35bc0
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4bd79e02a6b67038:PCAP:capture_20260427230001:ca8bd1ce36e2	SESSION-4bd79e02a6b67038 → PCAP:capture_20260427230001:ca8bd1ce36e2
FLOW_DST_PORTOBS	e:fp:flow:ad0281c16a8a:port:tcp:443	flow:ad0281c16a8a → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-750fc9f72ee279c6:SESSION-750fc9f72ee279c6	SESSION-750fc9f72ee279c6 → pe:syn:SESSION-750fc9f72ee279c6
FLOW_FROM_HOSTOBS	e:from:SESSION-b3c5b9cd096d7e31:host:131.196.31.222	SESSION-b3c5b9cd096d7e31 → host:131.196.31.222
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0f4fd2f0020968b3:flow:5c52d18525d9	SESSION-0f4fd2f0020968b3 → flow:5c52d18525d9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8be5aa373d930e54:PCAP:capture_20260430110001:43611bdf6759	SESSION-8be5aa373d930e54 → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c587e64f570c8df7:flow:c71fc06a8217	SESSION-c587e64f570c8df7 → flow:c71fc06a8217
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-331f26717743f7bf:host:172.234.197.23	SESSION-331f26717743f7bf → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-488c9c462e491ad2:host:177.10.232.100	SESSION-488c9c462e491ad2 → host:177.10.232.100
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-764a731a27d64086:host:31.40.196.4	SESSION-764a731a27d64086 → host:31.40.196.4
FLOW_FROM_HOSTOBS	e:from:SESSION-7d5ec38dc75ef648:host:131.196.29.154	SESSION-7d5ec38dc75ef648 → host:131.196.29.154
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2824f9b79e0fb1f1:host:172.234.197.23	SESSION-2824f9b79e0fb1f1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-474ea5236769f0a3:host:131.196.29.196:host:172.234.197.23	SESSION-474ea5236769f0a3 → host:131.196.29.196 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:8b5bbd34f82c	flow:8b5bbd34f82c → host:172.234.197.23 → host:177.10.239.203 → port:tcp:8442
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-603529cff661c41d:host:172.234.197.23	SESSION-603529cff661c41d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-decb8c6a12a4d67a:flow:5a2daebd33ff	SESSION-decb8c6a12a4d67a → flow:5a2daebd33ff
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6353435fcd827ef1:host:172.234.197.23	SESSION-6353435fcd827ef1 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-37bca0dc2914cafb:host:177.10.238.45	SESSION-37bca0dc2914cafb → host:177.10.238.45
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.59:asn:262880	host:177.10.238.59 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-41172116812e3a49:host:172.234.197.23	SESSION-41172116812e3a49 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4e6511da7c7cd8e1:SESSION-4e6511da7c7cd8e1	SESSION-4e6511da7c7cd8e1 → pe:tls:SESSION-4e6511da7c7cd8e1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f9a24e91c66cf817:PCAP:capture_20260430080001:93f47cc296a4	SESSION-f9a24e91c66cf817 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f776838979623936:host:172.234.197.23	SESSION-f776838979623936 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4db3abe06a9505c7:host:131.196.31.226:host:172.234.197.23	SESSION-4db3abe06a9505c7 → host:131.196.31.226 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b25c94efbacaf7d7:flow:589314d484ec	SESSION-b25c94efbacaf7d7 → flow:589314d484ec
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-903738316b123ea7:SESSION-903738316b123ea7	SESSION-903738316b123ea7 → pe:syn:SESSION-903738316b123ea7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d90a5aaa3545c15:host:131.196.28.169	SESSION-1d90a5aaa3545c15 → host:131.196.28.169
FLOW_FROM_HOSTOBS	e:from:SESSION-e1aa0d90742fe552:host:177.10.233.20	SESSION-e1aa0d90742fe552 → host:177.10.233.20
FLOW_TO_HOSTOBS	e:to:SESSION-ae99c26bd6d2dd56:host:172.234.197.23	SESSION-ae99c26bd6d2dd56 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f9479b510131ce6c:host:177.10.236.29	SESSION-f9479b510131ce6c → host:177.10.236.29
flow_observed5-aryOBS	e:fo:flow:f5dd5c63cbac	flow:f5dd5c63cbac → host:177.10.234.126 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-49652bb4e1e9db35:SESSION-49652bb4e1e9db35	SESSION-49652bb4e1e9db35 → pe:syn:SESSION-49652bb4e1e9db35
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bfa1612081e2aa61:PCAP:capture_20260430070001:903a0e7a436b	SESSION-bfa1612081e2aa61 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d31138dfabe85cd6:host:172.234.197.23:host:131.196.30.90	SESSION-d31138dfabe85cd6 → host:172.234.197.23 → host:131.196.30.90
FLOW_QUERIED_DNSOBS	e:fd:flow:d103874e528f:dns:172-234-197-23.ip.linodeusercontent.com	flow:d103874e528f → dns:172-234-197-23.ip.linodeusercontent.com
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.192:geo_-16.28860_-49.01640	host:177.10.238.192 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4f2a561db8449259:SESSION-4f2a561db8449259	SESSION-4f2a561db8449259 → pe:syn:SESSION-4f2a561db8449259
FLOW_DST_PORTOBS	e:fp:flow:83205363fad4:port:tcp:443	flow:83205363fad4 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9fb0652618e8095:host:177.10.233.120	SESSION-b9fb0652618e8095 → host:177.10.233.120
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-388e36b23caa508f:flow:df4d7faedab5	SESSION-388e36b23caa508f → flow:df4d7faedab5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c9136bc11056d23d:SESSION-c9136bc11056d23d	SESSION-c9136bc11056d23d → pe:syn:SESSION-c9136bc11056d23d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-32091c263c5425e7:SESSION-32091c263c5425e7	SESSION-32091c263c5425e7 → pe:syn:SESSION-32091c263c5425e7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5c60d99c484411b4:SESSION-5c60d99c484411b4	SESSION-5c60d99c484411b4 → pe:syn:SESSION-5c60d99c484411b4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3ea33f21558d3ba7:PCAP:capture_20260430070001:903a0e7a436b	SESSION-3ea33f21558d3ba7 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed4-aryOBS	e:fo:flow:e69639bf8de0	flow:e69639bf8de0 → host:172.234.197.23 → host:177.10.239.226 → port:tcp:29231
FLOW_FROM_HOSTOBS	e:from:SESSION-02199a3eaa60c28c:host:131.196.29.167	SESSION-02199a3eaa60c28c → host:131.196.29.167
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f228c5492216a597:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f228c5492216a597 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4cd4ae8706680eb9:host:172.234.197.23	SESSION-4cd4ae8706680eb9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3bb178420802ca16:host:177.10.239.67:host:172.234.197.23	SESSION-3bb178420802ca16 → host:177.10.239.67 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:41b26e9c961c:port:tcp:443	flow:41b26e9c961c → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5c7bf6a31f6e2d56:flow:934dce83ff49	SESSION-5c7bf6a31f6e2d56 → flow:934dce83ff49
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4c7b4cea62f376fb:host:131.196.30.143:host:172.234.197.23	SESSION-4c7b4cea62f376fb → host:131.196.30.143 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.182:asn:262880	host:177.10.239.182 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-bef08b3c32a1c401:host:172.234.197.23	SESSION-bef08b3c32a1c401 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6d7eebeca6a52636:host:172.234.197.23	SESSION-6d7eebeca6a52636 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fad7428bd8cc35c5:PCAP:capture_20260430050001:8868731bf8a4	SESSION-fad7428bd8cc35c5 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ce88726966df20e:host:172.234.197.23	SESSION-5ce88726966df20e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-414103fa622913fc:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-414103fa622913fc → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4145be500857fbf:PCAP:capture_20260430050001:8868731bf8a4	SESSION-c4145be500857fbf → PCAP:capture_20260430050001:8868731bf8a4
HOST_IN_ASNOBS 85%	e:ha:host:95.170.25.181:asn:203771	host:95.170.25.181 → asn:203771
FLOW_TO_HOSTOBS	e:to:SESSION-2be3bd33b6267f94:host:177.10.232.35	SESSION-2be3bd33b6267f94 → host:177.10.232.35
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d2af0189f90c79b2:SESSION-d2af0189f90c79b2	SESSION-d2af0189f90c79b2 → pe:syn:SESSION-d2af0189f90c79b2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e3f936e849fecda0:host:177.10.233.116:host:172.234.197.23	SESSION-e3f936e849fecda0 → host:177.10.233.116 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bf988ed4220ca0ac:host:172.234.197.23	SESSION-bf988ed4220ca0ac → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ff732ace4242:port:tcp:41209	flow:ff732ace4242 → port:tcp:41209
FLOW_DST_PORTOBS	e:fp:flow:20ec45634b2c:port:tcp:443	flow:20ec45634b2c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-60dcadff088f62ae:PCAP:capture_20260430070001:903a0e7a436b	SESSION-60dcadff088f62ae → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a770693a19c2c7c:host:172.234.197.23	SESSION-0a770693a19c2c7c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f2cb88ffae09:port:tcp:443	flow:f2cb88ffae09 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bebd9f8afa50544a:host:45.173.156.68:host:172.234.197.23	SESSION-bebd9f8afa50544a → host:45.173.156.68 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b7832d3594ed31e4:flow:a2e6aeb28c67	SESSION-b7832d3594ed31e4 → flow:a2e6aeb28c67
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0bf80193393b0fad:host:172.234.197.23:host:177.10.233.183	SESSION-0bf80193393b0fad → host:172.234.197.23 → host:177.10.233.183
FLOW_DST_PORTOBS	e:fp:flow:8350e26d0af7:port:tcp:443	flow:8350e26d0af7 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ab686f0f0916fec6:host:13.53.140.247	SESSION-ab686f0f0916fec6 → host:13.53.140.247
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-04737cadee3282a6:SESSION-04737cadee3282a6	SESSION-04737cadee3282a6 → pe:syn:SESSION-04737cadee3282a6
FLOW_TO_HOSTOBS	e:to:SESSION-2eb24274e849c36c:host:172.234.197.23	SESSION-2eb24274e849c36c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0827c1c94491daec:PCAP:capture_20260430090001:065659c7d314	SESSION-0827c1c94491daec → PCAP:capture_20260430090001:065659c7d314
FLOW_TO_HOSTOBS	e:to:SESSION-196ad93208fa5be9:host:172.234.197.23	SESSION-196ad93208fa5be9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4e3ca473e8fbcab1:host:177.10.239.145	SESSION-4e3ca473e8fbcab1 → host:177.10.239.145
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ba98677b43b4662:SESSION-8ba98677b43b4662	SESSION-8ba98677b43b4662 → pe:syn:SESSION-8ba98677b43b4662
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4a4f6dd7436745b4:host:131.196.30.11	SESSION-4a4f6dd7436745b4 → host:131.196.30.11
flow_observed5-aryOBS	e:fo:flow:70dd50a07339	flow:70dd50a07339 → host:45.173.156.116 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-97b2355356a85562:host:177.10.232.129	SESSION-97b2355356a85562 → host:177.10.232.129
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e26c73b3a0fde5e3:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-e26c73b3a0fde5e3 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-77593e2039f5e18a:host:177.10.233.52:host:172.234.197.23	SESSION-77593e2039f5e18a → host:177.10.233.52 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7f9f21fabb0b	flow:7f9f21fabb0b → host:177.10.235.210 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.177:geo_-16.28860_-49.01640	host:177.10.238.177 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e6bf46c9eec8f990:PCAP:capture_20260430070001:903a0e7a436b	SESSION-e6bf46c9eec8f990 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c47a34d160ec21ba:SESSION-c47a34d160ec21ba	SESSION-c47a34d160ec21ba → pe:syn:SESSION-c47a34d160ec21ba
FLOW_DST_PORTOBS	e:fp:flow:21a048a11bf5:port:tcp:443	flow:21a048a11bf5 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-660cb7ef624de29d:SESSION-660cb7ef624de29d	SESSION-660cb7ef624de29d → pe:tls:SESSION-660cb7ef624de29d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3959c763e6312f1d:host:177.10.237.128	SESSION-3959c763e6312f1d → host:177.10.237.128
FLOW_DST_PORTOBS	e:fp:flow:ce00c1120329:port:tcp:37974	flow:ce00c1120329 → port:tcp:37974
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-efabffc9197efb23:host:172.234.197.23	SESSION-efabffc9197efb23 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a519ad2ae4c53179:PCAP:capture_20260430050001:8868731bf8a4	SESSION-a519ad2ae4c53179 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b7f4612f7527a5d:flow:6854fb7aca06	SESSION-5b7f4612f7527a5d → flow:6854fb7aca06
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-19279b7c3b267599:SESSION-19279b7c3b267599	SESSION-19279b7c3b267599 → pe:tls:SESSION-19279b7c3b267599
flow_observed5-aryOBS	e:fo:flow:f74617d5541f	flow:f74617d5541f → host:45.173.156.34 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fa49e5af791c6122:host:131.196.31.140:host:172.234.197.23	SESSION-fa49e5af791c6122 → host:131.196.31.140 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:35322a654e75:port:tcp:443	flow:35322a654e75 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e991043fa3bca90d:host:172.234.197.23	SESSION-e991043fa3bca90d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f81e7ae5e8e38135:SESSION-f81e7ae5e8e38135	SESSION-f81e7ae5e8e38135 → pe:tls:SESSION-f81e7ae5e8e38135
FLOW_TO_HOSTOBS	e:to:SESSION-f392894730d574f3:host:131.196.30.0	SESSION-f392894730d574f3 → host:131.196.30.0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.161:geo_-23.62930_-46.63510	host:131.196.31.161 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2a19838102931ca6:host:177.10.233.44	SESSION-2a19838102931ca6 → host:177.10.233.44
FLOW_FROM_HOSTOBS	e:from:SESSION-eb7b7dca9012c682:host:172.234.197.23	SESSION-eb7b7dca9012c682 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9c64ea68345b811b:host:172.234.197.23:host:177.10.235.234	SESSION-9c64ea68345b811b → host:172.234.197.23 → host:177.10.235.234
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1e69d77cebc13bf2:host:185.231.226.20:host:172.234.197.23	SESSION-1e69d77cebc13bf2 → host:185.231.226.20 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-501c474d8a937a90:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-501c474d8a937a90 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac3abc26fe7d2af5:host:177.10.238.218	SESSION-ac3abc26fe7d2af5 → host:177.10.238.218
FLOW_TO_HOSTOBS	e:to:SESSION-045b8a3eae800458:host:177.10.235.46	SESSION-045b8a3eae800458 → host:177.10.235.46
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-805d717a82cbb042:SESSION-805d717a82cbb042	SESSION-805d717a82cbb042 → pe:syn:SESSION-805d717a82cbb042
FLOW_FROM_HOSTOBS	e:from:SESSION-4fb1f3797e8f19a3:host:172.234.197.23	SESSION-4fb1f3797e8f19a3 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4793a163d681d0d0:host:177.10.239.156	SESSION-4793a163d681d0d0 → host:177.10.239.156
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.156:geo_-16.28860_-49.01640	host:177.10.238.156 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-eb40f64797e3fe16:host:177.10.238.5	SESSION-eb40f64797e3fe16 → host:177.10.238.5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6a9e4c3921500675:SESSION-6a9e4c3921500675	SESSION-6a9e4c3921500675 → pe:syn:SESSION-6a9e4c3921500675
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-78dc8874b859c826:SESSION-78dc8874b859c826	SESSION-78dc8874b859c826 → pe:tls:SESSION-78dc8874b859c826
FLOW_DST_PORTOBS	e:fp:flow:a561fad76e93:port:tcp:3321	flow:a561fad76e93 → port:tcp:3321
FLOW_FROM_HOSTOBS	e:from:SESSION-1fa31db6279a0e7c:host:172.234.197.23	SESSION-1fa31db6279a0e7c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-621f42bc5edaa56f:host:172.234.197.23	SESSION-621f42bc5edaa56f → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:cb7e1163ea09:port:tcp:443	flow:cb7e1163ea09 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-a5b7661178bc9fc6:host:131.196.29.184	SESSION-a5b7661178bc9fc6 → host:131.196.29.184
FLOW_DST_PORTOBS	e:fp:flow:b63263aab3b3:port:tcp:443	flow:b63263aab3b3 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-05167940272dd019:host:177.10.236.115	SESSION-05167940272dd019 → host:177.10.236.115
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.80:asn:271410	host:131.196.31.80 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-7d9d7757b20ed84d:host:131.196.28.214	SESSION-7d9d7757b20ed84d → host:131.196.28.214
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6f99e1376da42693:host:172.234.197.23:host:131.196.30.233	SESSION-6f99e1376da42693 → host:172.234.197.23 → host:131.196.30.233
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e088d2ccbc3966c5:PCAP:capture_20260430110001:43611bdf6759	SESSION-e088d2ccbc3966c5 → PCAP:capture_20260430110001:43611bdf6759
FLOW_FROM_HOSTOBS	e:from:SESSION-57e20c08f6c0c2c9:host:131.196.30.61	SESSION-57e20c08f6c0c2c9 → host:131.196.30.61
FLOW_FROM_HOSTOBS	e:from:SESSION-738a9f5daf478976:host:172.234.197.23	SESSION-738a9f5daf478976 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-31f3a24ceae3d348:PCAP:capture_20260430150001:ded20914761d	SESSION-31f3a24ceae3d348 → PCAP:capture_20260430150001:ded20914761d
FLOW_DST_PORTOBS	e:fp:flow:ae154a35ce42:port:tcp:443	flow:ae154a35ce42 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-1d0bad8110700772:host:131.196.28.243	SESSION-1d0bad8110700772 → host:131.196.28.243
FLOW_FROM_HOSTOBS	e:from:SESSION-9c4ebc5699ec1c63:host:172.234.197.23	SESSION-9c4ebc5699ec1c63 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-08a40451c9cdc962:SESSION-08a40451c9cdc962	SESSION-08a40451c9cdc962 → pe:syn:SESSION-08a40451c9cdc962
FLOW_TO_HOSTOBS	e:to:SESSION-43a9f8d54e48850a:host:172.234.197.23	SESSION-43a9f8d54e48850a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f4a69b65a94c1ea1:host:172.234.197.23	SESSION-f4a69b65a94c1ea1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-3186af5a0774c3b5:SESSION-3186af5a0774c3b5	SESSION-3186af5a0774c3b5 → pe:syn:SESSION-3186af5a0774c3b5
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-2acb7632e6c37a6f:BSG-DATA_EXFIL-00e5892dbdcb	SESSION-2acb7632e6c37a6f → BSG-DATA_EXFIL-00e5892dbdcb
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-04737cadee3282a6:flow:1b9bafe320dc	SESSION-04737cadee3282a6 → flow:1b9bafe320dc
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.152:asn:271410	host:131.196.30.152 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-96c334cbd5a64077:SESSION-96c334cbd5a64077	SESSION-96c334cbd5a64077 → pe:syn:SESSION-96c334cbd5a64077
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-024c55a268626b80:host:131.196.30.42	SESSION-024c55a268626b80 → host:131.196.30.42
FLOW_DST_PORTOBS	e:fp:flow:ae7fdfef3c61:port:tcp:443	flow:ae7fdfef3c61 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-74744b11834c8470:host:172.234.197.23	SESSION-74744b11834c8470 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3739e8b613327ce5:host:172.234.197.23:host:131.196.31.159	SESSION-3739e8b613327ce5 → host:172.234.197.23 → host:131.196.31.159
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d37583bcd3c19c57:host:18.60.59.175	SESSION-d37583bcd3c19c57 → host:18.60.59.175
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c9278fb58fb6165:host:172.234.197.23	SESSION-4c9278fb58fb6165 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a87c967af45101a2:SESSION-a87c967af45101a2	SESSION-a87c967af45101a2 → pe:syn:SESSION-a87c967af45101a2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-68342cf3c00e7f2e:SESSION-68342cf3c00e7f2e	SESSION-68342cf3c00e7f2e → pe:syn:SESSION-68342cf3c00e7f2e
flow_observed4-aryOBS	e:fo:flow:afb4988040a5	flow:afb4988040a5 → host:172.234.197.23 → host:131.196.31.223 → port:tcp:5300
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-6411f10800cf3ef5:SESSION-6411f10800cf3ef5	SESSION-6411f10800cf3ef5 → pe:rst:SESSION-6411f10800cf3ef5
flow_observed4-aryOBS	e:fo:flow:6534d92e5619	flow:6534d92e5619 → host:172.234.197.23 → host:177.10.232.222 → port:tcp:7986
flow_observed3-aryOBS	e:fo:flow:d860d97b3e43	flow:d860d97b3e43 → host:51.224.74.176 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-96afec3035986aab:host:195.154.100.87:host:172.234.197.23	SESSION-96afec3035986aab → host:195.154.100.87 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-35ad9f030d1e8e6d:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-35ad9f030d1e8e6d → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46ff0fa4ec42545a:host:185.231.226.50	SESSION-46ff0fa4ec42545a → host:185.231.226.50
FLOW_TO_HOSTOBS	e:to:SESSION-2963f6e37ebf1d0d:host:177.10.234.203	SESSION-2963f6e37ebf1d0d → host:177.10.234.203
FLOW_DST_PORTOBS	e:fp:flow:e698e5bcd13e:port:tcp:443	flow:e698e5bcd13e → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:12dede9deba0	flow:12dede9deba0 → host:177.10.239.99 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-754d0cc424848140:SESSION-754d0cc424848140	SESSION-754d0cc424848140 → pe:tls:SESSION-754d0cc424848140
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-97b2355356a85562:flow:d4d7e5e657ae	SESSION-97b2355356a85562 → flow:d4d7e5e657ae
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2b9c1bf42f4683a2:host:172.234.197.23:host:131.196.31.73	SESSION-2b9c1bf42f4683a2 → host:172.234.197.23 → host:131.196.31.73
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cac7b08c7fb71f18:PCAP:capture_20260430110001:43611bdf6759	SESSION-cac7b08c7fb71f18 → PCAP:capture_20260430110001:43611bdf6759
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a015ddbfdf91f569:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-a015ddbfdf91f569 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_DST_PORTOBS	e:fp:flow:a364bf313740:port:tcp:443	flow:a364bf313740 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6ac21eed532c969e:host:16.60.106.214:host:172.234.197.23	SESSION-6ac21eed532c969e → host:16.60.106.214 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5a78d91cebd5172f:flow:414c0680932d	SESSION-5a78d91cebd5172f → flow:414c0680932d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f3e8e9199df130f:host:177.10.236.237	SESSION-5f3e8e9199df130f → host:177.10.236.237
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-910213045742f7e4:PCAP:capture_20260430060001:919b39a74464	SESSION-910213045742f7e4 → PCAP:capture_20260430060001:919b39a74464
FLOW_FROM_HOSTOBS	e:from:SESSION-c4d1c4ac80a0d275:host:131.196.30.98	SESSION-c4d1c4ac80a0d275 → host:131.196.30.98
FLOW_DST_PORTOBS	e:fp:flow:9948bfeb9f74:port:tcp:443	flow:9948bfeb9f74 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f9c73da0e6ec113c:host:172.234.197.23	SESSION-f9c73da0e6ec113c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c92acfae26c49330:SESSION-c92acfae26c49330	SESSION-c92acfae26c49330 → pe:tls:SESSION-c92acfae26c49330
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a8eb3ecb5c5b32a8:PCAP:capture_20260430090001:065659c7d314	SESSION-a8eb3ecb5c5b32a8 → PCAP:capture_20260430090001:065659c7d314
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47e6906e0a27d254:PCAP:capture_20260430080001:93f47cc296a4	SESSION-47e6906e0a27d254 → PCAP:capture_20260430080001:93f47cc296a4
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.127:asn:262880	host:177.10.233.127 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4db42491c04de440:SESSION-4db42491c04de440	SESSION-4db42491c04de440 → pe:syn:SESSION-4db42491c04de440
FLOW_DST_PORTOBS	e:fp:flow:97684df2988c:port:tcp:443	flow:97684df2988c → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-807885e153f56a02:host:177.10.238.164:host:172.234.197.23	SESSION-807885e153f56a02 → host:177.10.238.164 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c393069a667f4e79:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c393069a667f4e79 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-163f2e33c9f4a8f4:host:172.234.197.23:host:131.196.29.94	SESSION-163f2e33c9f4a8f4 → host:172.234.197.23 → host:131.196.29.94
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-949f3e8f4d37c52a:PCAP:capture_20260430090001:065659c7d314	SESSION-949f3e8f4d37c52a → PCAP:capture_20260430090001:065659c7d314
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.226:geo_-23.62930_-46.63510	host:131.196.29.226 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-22873a115734b4a8:SESSION-22873a115734b4a8	SESSION-22873a115734b4a8 → pe:syn:SESSION-22873a115734b4a8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-19279b7c3b267599:SESSION-19279b7c3b267599	SESSION-19279b7c3b267599 → pe:syn:SESSION-19279b7c3b267599
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ce76d6af7b7d93f:host:172.234.197.23	SESSION-1ce76d6af7b7d93f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-f42753b09b481d7e:host:172.234.197.23	SESSION-f42753b09b481d7e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a24676d50b48eccf:host:131.196.28.207	SESSION-a24676d50b48eccf → host:131.196.28.207
FLOW_FROM_HOSTOBS	e:from:SESSION-80f68e8f687f2dc5:host:131.196.28.242	SESSION-80f68e8f687f2dc5 → host:131.196.28.242
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7af80619f13211ba:host:37.221.79.224	SESSION-7af80619f13211ba → host:37.221.79.224
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e13a35a59d4e8cb3:host:172.234.197.23	SESSION-e13a35a59d4e8cb3 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-05a7cad64bbe69e6:flow:05b7e2fc6f55	SESSION-05a7cad64bbe69e6 → flow:05b7e2fc6f55
FLOW_DST_PORTOBS	e:fp:flow:fc2f9ab2e66c:port:tcp:443	flow:fc2f9ab2e66c → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-ab75a0984f628f7a:host:172.234.197.23	SESSION-ab75a0984f628f7a → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:9887d287d357	flow:9887d287d357 → host:131.196.28.216 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-c4f8f4fc610e76fd:host:172.234.197.23	SESSION-c4f8f4fc610e76fd → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6774651fbdd3:port:tcp:443	flow:6774651fbdd3 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f5c08654c75b915c:PCAP:capture_20260430050001:8868731bf8a4	SESSION-f5c08654c75b915c → PCAP:capture_20260430050001:8868731bf8a4
FLOW_DST_PORTOBS	e:fp:flow:30edcb23ec52:port:tcp:443	flow:30edcb23ec52 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-1a9948d7535bcfa1:host:172.234.197.23	SESSION-1a9948d7535bcfa1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94e9de291da3c2c9:host:177.10.236.156	SESSION-94e9de291da3c2c9 → host:177.10.236.156
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4363548d57b1d6df:host:131.196.31.121	SESSION-4363548d57b1d6df → host:131.196.31.121
FLOW_TO_HOSTOBS	e:to:SESSION-8f1e08bfeea32aa0:host:172.234.197.23	SESSION-8f1e08bfeea32aa0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5252ca05229eda25:SESSION-5252ca05229eda25	SESSION-5252ca05229eda25 → pe:tls:SESSION-5252ca05229eda25
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0957d40de01926ae:host:177.10.233.145:host:172.234.197.23	SESSION-0957d40de01926ae → host:177.10.233.145 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0fe99f41b36441fa:host:131.196.31.223:host:172.234.197.23	SESSION-0fe99f41b36441fa → host:131.196.31.223 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7fb420f75ffa7d0f:SESSION-7fb420f75ffa7d0f	SESSION-7fb420f75ffa7d0f → pe:tls:SESSION-7fb420f75ffa7d0f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b5dccafc7307f6ac:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-b5dccafc7307f6ac → PCAP:capture_20260430140001:aaa9b3fc898b
FLOW_TO_HOSTOBS	e:to:SESSION-578ff4b2beeb08df:host:172.234.197.23	SESSION-578ff4b2beeb08df → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47ac7feaf227c129:PCAP:capture_20260428010001:b1b402c7b202	SESSION-47ac7feaf227c129 → PCAP:capture_20260428010001:b1b402c7b202
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-e1e1ef170279bd06:SESSION-e1e1ef170279bd06	SESSION-e1e1ef170279bd06 → pe:dns:SESSION-e1e1ef170279bd06
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-16ea01a17fc6b7f7:host:177.10.232.167:host:172.234.197.23	SESSION-16ea01a17fc6b7f7 → host:177.10.232.167 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:2b6a2177ee0d	flow:2b6a2177ee0d → host:177.10.236.146 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ba035d2018b1429:host:172.234.197.23	SESSION-6ba035d2018b1429 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14a60b0039fa135f:host:131.196.30.104	SESSION-14a60b0039fa135f → host:131.196.30.104
FLOW_DST_PORTOBS	e:fp:flow:a9c2935fca0c:port:tcp:80	flow:a9c2935fca0c → port:tcp:80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-57096089299b193e:SESSION-57096089299b193e	SESSION-57096089299b193e → pe:syn:SESSION-57096089299b193e
FLOW_FROM_HOSTOBS	e:from:SESSION-e47cd7d3b6c5e00d:host:172.234.197.23	SESSION-e47cd7d3b6c5e00d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f377c5e49ededc1c:flow:00b9bd232140	SESSION-f377c5e49ededc1c → flow:00b9bd232140
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ee088f254667f6a:host:172.234.197.23	SESSION-6ee088f254667f6a → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.200.68.109:geo_45.84010_-119.70500	host:54.200.68.109 → geo_45.84010_-119.70500
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aa8465f08de511a2:host:177.10.235.237:host:172.234.197.23	SESSION-aa8465f08de511a2 → host:177.10.235.237 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a83465e2bbc20296:SESSION-a83465e2bbc20296	SESSION-a83465e2bbc20296 → pe:tls:SESSION-a83465e2bbc20296
FLOW_DST_PORTOBS	e:fp:flow:17af5446ca65:port:tcp:443	flow:17af5446ca65 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-60aea8c76fce71c9:host:172.234.197.23	SESSION-60aea8c76fce71c9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8f0e5de26982cc62:flow:aba14d52f442	SESSION-8f0e5de26982cc62 → flow:aba14d52f442
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1c47767899447038:host:177.10.232.160	SESSION-1c47767899447038 → host:177.10.232.160
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-23f94e137932a031:SESSION-23f94e137932a031	SESSION-23f94e137932a031 → pe:syn:SESSION-23f94e137932a031
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-db9e8149201eae0f:host:172.234.197.23	SESSION-db9e8149201eae0f → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:ec23e5b035b6	flow:ec23e5b035b6 → host:172.234.197.23 → host:131.196.29.105 → port:tcp:20292
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8b3f73c59938d0a7:SESSION-8b3f73c59938d0a7	SESSION-8b3f73c59938d0a7 → pe:syn:SESSION-8b3f73c59938d0a7
flow_observed5-aryOBS	e:fo:flow:35ff38a37805	flow:35ff38a37805 → host:177.10.236.12 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:8687f09773c4:port:tcp:443	flow:8687f09773c4 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4af1d7a3219c207:host:172.234.197.23:host:177.10.239.28	SESSION-d4af1d7a3219c207 → host:172.234.197.23 → host:177.10.239.28
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6ae37c351bfd95cd:SESSION-6ae37c351bfd95cd	SESSION-6ae37c351bfd95cd → pe:tls:SESSION-6ae37c351bfd95cd
FLOW_FROM_HOSTOBS	e:from:SESSION-8ae8076186321ef8:host:131.196.29.8	SESSION-8ae8076186321ef8 → host:131.196.29.8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-650fd2b828a7b477:SESSION-650fd2b828a7b477	SESSION-650fd2b828a7b477 → pe:tls:SESSION-650fd2b828a7b477
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e6d45a86f046cac8:host:172.234.197.23	SESSION-e6d45a86f046cac8 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b048ecd988d76f67:host:172.234.197.23:host:131.196.28.175	SESSION-b048ecd988d76f67 → host:172.234.197.23 → host:131.196.28.175
flow_observed5-aryOBS	e:fo:flow:c4efba82fdeb	flow:c4efba82fdeb → host:31.40.196.4 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c6fd3205e4a34033:PCAP:capture_20260430060001:919b39a74464	SESSION-c6fd3205e4a34033 → PCAP:capture_20260430060001:919b39a74464
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ffb355c8f64da05f:SESSION-ffb355c8f64da05f	SESSION-ffb355c8f64da05f → pe:syn:SESSION-ffb355c8f64da05f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-23b772dcd58e4ef3:SESSION-23b772dcd58e4ef3	SESSION-23b772dcd58e4ef3 → pe:tls:SESSION-23b772dcd58e4ef3
flow_observed5-aryOBS	e:fo:flow:5141ce494628	flow:5141ce494628 → host:45.173.156.99 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-2ef8854f2d4650c5:host:172.234.197.23	SESSION-2ef8854f2d4650c5 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:90b77d1a7adb	flow:90b77d1a7adb → host:45.173.156.71 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-2f890b9cda6af294:host:177.10.237.175	SESSION-2f890b9cda6af294 → host:177.10.237.175
flow_observed5-aryOBS	e:fo:flow:6f31c7eb2d73	flow:6f31c7eb2d73 → host:177.10.234.43 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67fb5a3b6b27b953:host:131.196.31.183	SESSION-67fb5a3b6b27b953 → host:131.196.31.183
flow_observed5-aryOBS	e:fo:flow:ae46cf6a525d	flow:ae46cf6a525d → host:177.10.234.2 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-49ffa8539a7cb217:flow:cb8f618e44ed	SESSION-49ffa8539a7cb217 → flow:cb8f618e44ed
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c7c9a5d15324e2ea:SESSION-c7c9a5d15324e2ea	SESSION-c7c9a5d15324e2ea → pe:syn:SESSION-c7c9a5d15324e2ea
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b4af85088cb1b366:host:92.112.71.111	SESSION-b4af85088cb1b366 → host:92.112.71.111
flow_observed5-aryOBS	e:fo:flow:b537df97de95	flow:b537df97de95 → host:177.10.233.22 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b9d6fb279031158e:host:177.10.238.210:host:172.234.197.23	SESSION-b9d6fb279031158e → host:177.10.238.210 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0414bb340c93930b:host:172.234.197.23	SESSION-0414bb340c93930b → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:b1606163ab99	flow:b1606163ab99 → host:131.196.29.62 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a979a64e0f94d26:host:131.196.30.59:host:172.234.197.23	SESSION-8a979a64e0f94d26 → host:131.196.30.59 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9b2064ecb7b8:port:tcp:34762	flow:9b2064ecb7b8 → port:tcp:34762
FLOW_DST_PORTOBS	e:fp:flow:6c5259300412:port:tcp:55270	flow:6c5259300412 → port:tcp:55270
FLOW_TO_HOSTOBS	e:to:SESSION-fd6f9b80bb02e0f5:host:172.234.197.23	SESSION-fd6f9b80bb02e0f5 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-4793a163d681d0d0:host:172.234.197.23	SESSION-4793a163d681d0d0 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.144:geo_-21.10010_-41.69200	host:45.173.156.144 → geo_-21.10010_-41.69200
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.204:geo_-21.10010_-41.69200	host:45.173.156.204 → geo_-21.10010_-41.69200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-871dd8a53b87e11e:host:177.10.234.121	SESSION-871dd8a53b87e11e → host:177.10.234.121
FLOW_TO_HOSTOBS	e:to:SESSION-f39fdcb76f4b9f9d:host:172.234.197.23	SESSION-f39fdcb76f4b9f9d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:dec8c7b5212e	flow:dec8c7b5212e → host:177.10.232.55 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-43ba6051cf9120c0:SESSION-43ba6051cf9120c0	SESSION-43ba6051cf9120c0 → pe:syn:SESSION-43ba6051cf9120c0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.125:geo_-23.62930_-46.63510	host:131.196.30.125 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:bfd00da90046:port:tcp:51942	flow:bfd00da90046 → port:tcp:51942
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-303cd1de44c58c29:host:172.234.197.23	SESSION-303cd1de44c58c29 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9cb4473bd3389dab:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9cb4473bd3389dab → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fd8832d374e053cc:host:172.234.197.23:host:177.10.235.192	SESSION-fd8832d374e053cc → host:172.234.197.23 → host:177.10.235.192
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.62:asn:271410	host:131.196.30.62 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7f008aa22e7b680c:flow:4f18ab34c3f5	SESSION-7f008aa22e7b680c → flow:4f18ab34c3f5
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.234:geo_-16.28860_-49.01640	host:177.10.235.234 → geo_-16.28860_-49.01640
flow_observed4-aryOBS	e:fo:flow:c550b9d61da6	flow:c550b9d61da6 → host:172.234.197.23 → host:131.196.30.19 → port:tcp:54639
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.91:geo_-16.28860_-49.01640	host:177.10.234.91 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:a093cc81b878	flow:a093cc81b878 → host:177.10.239.185 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a137096eda6236d7:host:177.10.238.107	SESSION-a137096eda6236d7 → host:177.10.238.107
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.222:asn:271410	host:131.196.28.222 → asn:271410
FLOW_DST_PORTOBS	e:fp:flow:7558413065e5:port:tcp:443	flow:7558413065e5 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8578034648884afe:flow:cb52c83e2455	SESSION-8578034648884afe → flow:cb52c83e2455
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3185739188bf8a1e:flow:38ea61ca398c	SESSION-3185739188bf8a1e → flow:38ea61ca398c
flow_observed5-aryOBS	e:fo:flow:e09580f25865	flow:e09580f25865 → host:131.196.29.134 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-b34520b38e3fc963:host:177.10.235.151	SESSION-b34520b38e3fc963 → host:177.10.235.151
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.103:asn:271410	host:131.196.29.103 → asn:271410
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4a5a6c818be705f:host:92.112.71.203:host:172.234.197.23	SESSION-d4a5a6c818be705f → host:92.112.71.203 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3b13920773df7284:flow:d6d0c5309c54	SESSION-3b13920773df7284 → flow:d6d0c5309c54
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a6b762e1d0d174fb:flow:c7467d26947e	SESSION-a6b762e1d0d174fb → flow:c7467d26947e
FLOW_FROM_HOSTOBS	e:from:SESSION-6ff9e556bf199706:host:172.234.197.23	SESSION-6ff9e556bf199706 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-113354c1b6207940:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-113354c1b6207940 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-29cd9f7300aa5893:SESSION-29cd9f7300aa5893	SESSION-29cd9f7300aa5893 → pe:tls:SESSION-29cd9f7300aa5893
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f3e5ef5a453dff40:PCAP:capture_20260430090001:065659c7d314	SESSION-f3e5ef5a453dff40 → PCAP:capture_20260430090001:065659c7d314
FLOW_FROM_HOSTOBS	e:from:SESSION-e77d19d6eee479c3:host:172.234.197.23	SESSION-e77d19d6eee479c3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8f486345fbdf5443:host:172.234.197.23:host:131.196.31.2	SESSION-8f486345fbdf5443 → host:172.234.197.23 → host:131.196.31.2
FLOW_DST_PORTOBS	e:fp:flow:adc510d649e0:port:tcp:5942	flow:adc510d649e0 → port:tcp:5942
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-91c14db05e009245:flow:8bd8f63c48f5	SESSION-91c14db05e009245 → flow:8bd8f63c48f5
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-19009ef53e5ab2ef:PCAP:capture_20260430160001:9bfa4498506a	SESSION-19009ef53e5ab2ef → PCAP:capture_20260430160001:9bfa4498506a
flow_observed4-aryOBS	e:fo:flow:3922a7adf516	flow:3922a7adf516 → host:172.234.197.23 → host:177.10.235.129 → port:tcp:30380
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-75cb9fe69e287da9:flow:886d5601dd53	SESSION-75cb9fe69e287da9 → flow:886d5601dd53
FLOW_FROM_HOSTOBS	e:from:SESSION-531f1f169db2954c:host:131.196.31.180	SESSION-531f1f169db2954c → host:131.196.31.180
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1842fb1b2a9a6572:host:177.10.236.199	SESSION-1842fb1b2a9a6572 → host:177.10.236.199
FLOW_FROM_HOSTOBS	e:from:SESSION-3ea2e2a37f857a7f:host:172.234.197.23	SESSION-3ea2e2a37f857a7f → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e3933798ce80a4c:host:177.10.234.120	SESSION-8e3933798ce80a4c → host:177.10.234.120
FLOW_DST_PORTOBS	e:fp:flow:351cb218e97f:port:tcp:443	flow:351cb218e97f → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2ae37191400d64fc:flow:1542bd3463f5	SESSION-2ae37191400d64fc → flow:1542bd3463f5
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-20c169d44973b1e9:flow:337390b0db9e	SESSION-20c169d44973b1e9 → flow:337390b0db9e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fbcf03ac27ad8556:host:177.10.239.62	SESSION-fbcf03ac27ad8556 → host:177.10.239.62
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e331ebe372f514c8:host:2.57.121.112	SESSION-e331ebe372f514c8 → host:2.57.121.112
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fcdaaf650d72b5bc:SESSION-fcdaaf650d72b5bc	SESSION-fcdaaf650d72b5bc → pe:tls:SESSION-fcdaaf650d72b5bc
FLOW_DST_PORTOBS	e:fp:flow:972221c19bc6:port:tcp:443	flow:972221c19bc6 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.79:asn:271410	host:131.196.28.79 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e36c77c5ab0d7e92:SESSION-e36c77c5ab0d7e92	SESSION-e36c77c5ab0d7e92 → pe:tls:SESSION-e36c77c5ab0d7e92
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1633b12f0e20b97e:host:172.234.197.23	SESSION-1633b12f0e20b97e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7c87f156575d	flow:7c87f156575d → host:177.10.234.39 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-8b858978950d9ddc:host:131.196.31.10	SESSION-8b858978950d9ddc → host:131.196.31.10
FLOW_FROM_HOSTOBS	e:from:SESSION-9d0c24f0912a7520:host:172.234.197.23	SESSION-9d0c24f0912a7520 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d8d89328eefc28d4:flow:012736c3643c	SESSION-d8d89328eefc28d4 → flow:012736c3643c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5ce88726966df20e:SESSION-5ce88726966df20e	SESSION-5ce88726966df20e → pe:tls:SESSION-5ce88726966df20e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7912a0e1302b3ba3:host:172.234.197.23:host:131.196.31.79	SESSION-7912a0e1302b3ba3 → host:172.234.197.23 → host:131.196.31.79
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ab0305ac0c92587:PCAP:capture_20260430070001:903a0e7a436b	SESSION-2ab0305ac0c92587 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ffc4775cc215b441:host:172.234.197.23:host:131.196.29.26	SESSION-ffc4775cc215b441 → host:172.234.197.23 → host:131.196.29.26
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e77738dbb03f9aec:host:177.10.239.4:host:172.234.197.23	SESSION-e77738dbb03f9aec → host:177.10.239.4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-149428cb73969f2b:host:172.234.197.23	SESSION-149428cb73969f2b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-88a21eebc91cc549:host:45.173.156.244:host:172.234.197.23	SESSION-88a21eebc91cc549 → host:45.173.156.244 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6c8fb4510aa3:port:tcp:29037	flow:6c8fb4510aa3 → port:tcp:29037
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-928f584a0bc46099:flow:fa3e8260206c	SESSION-928f584a0bc46099 → flow:fa3e8260206c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8366f626d6b88fcf:PCAP:capture_20260430090001:065659c7d314	SESSION-8366f626d6b88fcf → PCAP:capture_20260430090001:065659c7d314
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-9c4a3ef3072acfd2:SESSION-9c4a3ef3072acfd2	SESSION-9c4a3ef3072acfd2 → pe:syn:SESSION-9c4a3ef3072acfd2
FLOW_FROM_HOSTOBS	e:from:SESSION-8139f2a89dd46f4b:host:131.196.31.126	SESSION-8139f2a89dd46f4b → host:131.196.31.126
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4337995d605bd9f8:host:172.234.197.23	SESSION-4337995d605bd9f8 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6ae64075781208b0:host:172.234.197.23	SESSION-6ae64075781208b0 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:b56df08c2f82:port:tcp:60477	flow:b56df08c2f82 → port:tcp:60477
FLOW_DST_PORTOBS	e:fp:flow:15c9711f86b0:port:tcp:443	flow:15c9711f86b0 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-397164cbc5836ff1:PCAP:capture_20260430060001:919b39a74464	SESSION-397164cbc5836ff1 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:7003bc151096:port:tcp:443	flow:7003bc151096 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5133340de07cf838:host:172.234.197.23	SESSION-5133340de07cf838 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7a800bc67052acb8:SESSION-7a800bc67052acb8	SESSION-7a800bc67052acb8 → pe:syn:SESSION-7a800bc67052acb8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df1edf3c82c78294:host:172.234.197.23	SESSION-df1edf3c82c78294 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:7ee73ad39b9d	flow:7ee73ad39b9d → host:177.10.232.160 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-b875e262090a3924:host:131.196.28.167	SESSION-b875e262090a3924 → host:131.196.28.167
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cb59d1b27c368873:SESSION-cb59d1b27c368873	SESSION-cb59d1b27c368873 → pe:syn:SESSION-cb59d1b27c368873
FLOW_DST_PORTOBS	e:fp:flow:634f522b6025:port:tcp:37649	flow:634f522b6025 → port:tcp:37649
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-33fdac1ad6f47ac8:SESSION-33fdac1ad6f47ac8	SESSION-33fdac1ad6f47ac8 → pe:tls:SESSION-33fdac1ad6f47ac8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a139b1df55cde4d7:SESSION-a139b1df55cde4d7	SESSION-a139b1df55cde4d7 → pe:tls:SESSION-a139b1df55cde4d7
FLOW_TO_HOSTOBS	e:to:SESSION-051bd0ccc4bec756:host:172.234.197.23	SESSION-051bd0ccc4bec756 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:e3dcadda68db:port:tcp:443	flow:e3dcadda68db → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c6e971723a904aea:host:172.234.197.23	SESSION-c6e971723a904aea → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:08a65ced42d7:port:tcp:443	flow:08a65ced42d7 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-c58c12f678d65836:host:172.234.197.23	SESSION-c58c12f678d65836 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.197:asn:262880	host:177.10.233.197 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-37e4af30bda4d3e9:host:172.234.197.23	SESSION-37e4af30bda4d3e9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b73c5a859c05f554:host:172.234.197.23	SESSION-b73c5a859c05f554 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f11cda502f952e41:host:172.234.197.23	SESSION-f11cda502f952e41 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4ba3ff89783efd81:SESSION-4ba3ff89783efd81	SESSION-4ba3ff89783efd81 → pe:tls:SESSION-4ba3ff89783efd81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-df8de933ba817d8f:SESSION-df8de933ba817d8f	SESSION-df8de933ba817d8f → pe:tls:SESSION-df8de933ba817d8f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-eb8a27373acd6451:host:131.196.30.197:host:172.234.197.23	SESSION-eb8a27373acd6451 → host:131.196.30.197 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d6c901db44791138:host:172.234.197.23	SESSION-d6c901db44791138 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.216:asn:262880	host:177.10.232.216 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.140:geo_-16.28860_-49.01640	host:177.10.238.140 → geo_-16.28860_-49.01640
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.72:geo_-16.28860_-49.01640	host:177.10.237.72 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:8b62a2da5c95:port:tcp:6482	flow:8b62a2da5c95 → port:tcp:6482
FLOW_DST_PORTOBS	e:fp:flow:2435bf05528c:port:tcp:443	flow:2435bf05528c → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-56d3faf83e1ced7d:host:163.192.126.71	SESSION-56d3faf83e1ced7d → host:163.192.126.71
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b65436b870ef703a:host:177.10.239.221	SESSION-b65436b870ef703a → host:177.10.239.221
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fcdaaf650d72b5bc:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-fcdaaf650d72b5bc → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-31068e75a101287d:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-31068e75a101287d → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-bb7c4827354230c4:host:172.234.197.23	SESSION-bb7c4827354230c4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-65d181126b4cfd8f:host:172.234.197.23	SESSION-65d181126b4cfd8f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-677c9237241fc75d:host:45.173.156.68:host:172.234.197.23	SESSION-677c9237241fc75d → host:45.173.156.68 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1e028dd5dd71b411:host:177.10.237.25:host:172.234.197.23	SESSION-1e028dd5dd71b411 → host:177.10.237.25 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.65:asn:271410	host:131.196.31.65 → asn:271410
flow_observed4-aryOBS	e:fo:flow:f573dcd8e564	flow:f573dcd8e564 → host:172.234.197.23 → host:177.10.234.193 → port:tcp:62133
FLOW_TLS_SNIOBS	e:fs:flow:aeca250f29dc:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:aeca250f29dc → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-a238538ee50c7862:SESSION-a238538ee50c7862	SESSION-a238538ee50c7862 → pe:tls:SESSION-a238538ee50c7862
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4bc305941088d24:host:172.234.197.23:host:172.232.0.16	SESSION-d4bc305941088d24 → host:172.234.197.23 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c828adcf318b7963:host:172.234.197.23	SESSION-c828adcf318b7963 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e5a2ddb999c90e17:host:172.234.197.23:host:177.10.234.100	SESSION-e5a2ddb999c90e17 → host:172.234.197.23 → host:177.10.234.100
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-eed281d532ce25c6:flow:35ff38a37805	SESSION-eed281d532ce25c6 → flow:35ff38a37805
FLOW_TO_HOSTOBS	e:to:SESSION-aaa8cebb6aaa8760:host:172.234.197.23	SESSION-aaa8cebb6aaa8760 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-422ba54da9c49203:SESSION-422ba54da9c49203	SESSION-422ba54da9c49203 → pe:syn:SESSION-422ba54da9c49203
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-85383edd293fa3f5:host:172.234.197.23	SESSION-85383edd293fa3f5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-415460770952c9a4:SESSION-415460770952c9a4	SESSION-415460770952c9a4 → pe:tls:SESSION-415460770952c9a4
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-90426299281da133:flow:83d4b6376697	SESSION-90426299281da133 → flow:83d4b6376697
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e2f5f99625dcfae4:PCAP:capture_20260428020001:ce87acd1c162	SESSION-e2f5f99625dcfae4 → PCAP:capture_20260428020001:ce87acd1c162
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-66dcd1fd6d28b07f:PCAP:capture_20260430070001:903a0e7a436b	SESSION-66dcd1fd6d28b07f → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-42ac4798d48b113f:SESSION-42ac4798d48b113f	SESSION-42ac4798d48b113f → pe:syn:SESSION-42ac4798d48b113f
FLOW_FROM_HOSTOBS	e:from:SESSION-723b8399a0bced6b:host:172.234.197.23	SESSION-723b8399a0bced6b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-efabffc9197efb23:host:172.234.197.23	SESSION-efabffc9197efb23 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.147:geo_-23.62930_-46.63510	host:131.196.30.147 → geo_-23.62930_-46.63510
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fe1d6d23886f083a:host:131.196.31.141:host:172.234.197.23	SESSION-fe1d6d23886f083a → host:131.196.31.141 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b048d8915129480a:host:172.234.197.23	SESSION-b048d8915129480a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-829f75d99e4943bf:SESSION-829f75d99e4943bf	SESSION-829f75d99e4943bf → pe:syn:SESSION-829f75d99e4943bf
FLOW_DST_PORTOBS	e:fp:flow:8943c204982c:port:tcp:443	flow:8943c204982c → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1bc39f4f18cf27f2:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1bc39f4f18cf27f2 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed4-aryOBS	e:fo:flow:fc2d97c28801	flow:fc2d97c28801 → host:172.234.197.23 → host:177.10.233.118 → port:tcp:35049
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cefaeddbbade6b50:flow:2520bf4367e5	SESSION-cefaeddbbade6b50 → flow:2520bf4367e5
FLOW_FROM_HOSTOBS	e:from:SESSION-f21aae4e1b352568:host:45.145.152.104	SESSION-f21aae4e1b352568 → host:45.145.152.104
FLOW_DST_PORTOBS	e:fp:flow:829f537dafee:port:tcp:443	flow:829f537dafee → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e7ad62492e870e2b:PCAP:capture_20260430110001:43611bdf6759	SESSION-e7ad62492e870e2b → PCAP:capture_20260430110001:43611bdf6759
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f49ef9eceb986e78:host:177.10.232.88	SESSION-f49ef9eceb986e78 → host:177.10.232.88
FLOW_FROM_HOSTOBS	e:from:SESSION-ca59b4a9ab5138ce:host:177.10.238.10	SESSION-ca59b4a9ab5138ce → host:177.10.238.10
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-91919daf8511716e:flow:0c4bd7089ed1	SESSION-91919daf8511716e → flow:0c4bd7089ed1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5826a910dfa3cb7f:SESSION-5826a910dfa3cb7f	SESSION-5826a910dfa3cb7f → pe:tls:SESSION-5826a910dfa3cb7f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-82e825a4afeeff6a:SESSION-82e825a4afeeff6a	SESSION-82e825a4afeeff6a → pe:tls:SESSION-82e825a4afeeff6a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cfb2466cf35b5342:PCAP:capture_20260430070001:903a0e7a436b	SESSION-cfb2466cf35b5342 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7e0284f837155748:PCAP:capture_20260430060001:919b39a74464	SESSION-7e0284f837155748 → PCAP:capture_20260430060001:919b39a74464
FLOW_DST_PORTOBS	e:fp:flow:5c7c371a697d:port:tcp:9592	flow:5c7c371a697d → port:tcp:9592
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-915c694a7f41c8e3:host:172.234.197.23	SESSION-915c694a7f41c8e3 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-18e7a18371a0d1bf:SESSION-18e7a18371a0d1bf	SESSION-18e7a18371a0d1bf → pe:syn:SESSION-18e7a18371a0d1bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b481f21a133f6fd1:SESSION-b481f21a133f6fd1	SESSION-b481f21a133f6fd1 → pe:syn:SESSION-b481f21a133f6fd1
FLOW_DST_PORTOBS	e:fp:flow:15a75a81c121:port:tcp:443	flow:15a75a81c121 → port:tcp:443
FLOW_DST_PORTOBS	e:fp:flow:da97833aae7b:port:tcp:443	flow:da97833aae7b → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-89ddb9a3043f63a3:host:177.10.234.120	SESSION-89ddb9a3043f63a3 → host:177.10.234.120
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8e6988ed77a3d110:host:131.196.30.13	SESSION-8e6988ed77a3d110 → host:131.196.30.13
FLOW_FROM_HOSTOBS	e:from:SESSION-f2f14bb2a06741aa:host:172.234.197.23	SESSION-f2f14bb2a06741aa → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d82c2d4eaa13efdb:host:172.234.197.23	SESSION-d82c2d4eaa13efdb → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-34913801790eb8e4:host:172.234.197.23	SESSION-34913801790eb8e4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1328d27dd48f8a49:SESSION-1328d27dd48f8a49	SESSION-1328d27dd48f8a49 → pe:tls:SESSION-1328d27dd48f8a49
FLOW_FROM_HOSTOBS	e:from:SESSION-52c764b77552a86d:host:177.10.234.3	SESSION-52c764b77552a86d → host:177.10.234.3
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-3524905b33baacd0:BSG-BEACON-1f5c19bfbe6f	SESSION-3524905b33baacd0 → BSG-BEACON-1f5c19bfbe6f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-adc05f42cd7b2533:flow:e7662d06a0dc	SESSION-adc05f42cd7b2533 → flow:e7662d06a0dc
flow_observed4-aryOBS	e:fo:flow:3d634a6706b3	flow:3d634a6706b3 → host:172.234.197.23 → host:131.196.29.170 → port:tcp:61538
FLOW_TO_HOSTOBS	e:to:SESSION-8f5e9ebe80065c9c:host:172.234.197.23	SESSION-8f5e9ebe80065c9c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b0b8b90e300d9c11:SESSION-b0b8b90e300d9c11	SESSION-b0b8b90e300d9c11 → pe:tls:SESSION-b0b8b90e300d9c11
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-c37bd5454075ced3:BSG-BEACON-e07f4250263f	SESSION-c37bd5454075ced3 → BSG-BEACON-e07f4250263f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2f4918b67fbcc63f:SESSION-2f4918b67fbcc63f	SESSION-2f4918b67fbcc63f → pe:tls:SESSION-2f4918b67fbcc63f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8fcd4a12026b870e:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8fcd4a12026b870e → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5250861d994b3dc2:SESSION-5250861d994b3dc2	SESSION-5250861d994b3dc2 → pe:syn:SESSION-5250861d994b3dc2
FLOW_TO_HOSTOBS	e:to:SESSION-5b3057ab5d68c477:host:172.234.197.23	SESSION-5b3057ab5d68c477 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f8d7516bed96e97:host:172.234.197.23	SESSION-5f8d7516bed96e97 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-68a45a74f687a5a4:host:172.234.197.23	SESSION-68a45a74f687a5a4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bfbb16ce344dac5c:SESSION-bfbb16ce344dac5c	SESSION-bfbb16ce344dac5c → pe:syn:SESSION-bfbb16ce344dac5c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ea53a00807c951b5:PCAP:capture_20260427200001:3ed6eed62060	SESSION-ea53a00807c951b5 → PCAP:capture_20260427200001:3ed6eed62060
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6ae33589f66e7ab9:flow:fa102252011b	SESSION-6ae33589f66e7ab9 → flow:fa102252011b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3c787945ac898609:host:172.234.197.23:host:131.196.28.228	SESSION-3c787945ac898609 → host:172.234.197.23 → host:131.196.28.228
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-acada2cd7035c790:SESSION-acada2cd7035c790	SESSION-acada2cd7035c790 → pe:syn:SESSION-acada2cd7035c790
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.191:asn:262880	host:177.10.232.191 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-122af33beaf7e9c5:host:131.196.29.114	SESSION-122af33beaf7e9c5 → host:131.196.29.114
FLOW_TO_HOSTOBS	e:to:SESSION-3109063707c4a5e1:host:172.234.197.23	SESSION-3109063707c4a5e1 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.201:asn:262880	host:177.10.238.201 → asn:262880
FLOW_DST_PORTOBS	e:fp:flow:ee4982f68279:port:tcp:443	flow:ee4982f68279 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9338ac17b36dc2c1:SESSION-9338ac17b36dc2c1	SESSION-9338ac17b36dc2c1 → pe:tls:SESSION-9338ac17b36dc2c1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8c1a20baa14a0758:SESSION-8c1a20baa14a0758	SESSION-8c1a20baa14a0758 → pe:syn:SESSION-8c1a20baa14a0758
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6da898acb6c07034:host:177.10.233.192:host:172.234.197.23	SESSION-6da898acb6c07034 → host:177.10.233.192 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d9a539c485f657b5:host:172.234.197.23	SESSION-d9a539c485f657b5 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:18d89fc4a32d	flow:18d89fc4a32d → host:172.234.197.23 → host:177.10.239.88 → port:tcp:616
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b7d005fcddd05eb:host:172.234.197.23	SESSION-5b7d005fcddd05eb → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f709c3d74e04443c:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-f709c3d74e04443c → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-561fca01c9d6b351:host:172.234.197.23	SESSION-561fca01c9d6b351 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b420826720a06333:host:172.234.197.23	SESSION-b420826720a06333 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f7b35d3dad632382:host:172.234.197.23	SESSION-f7b35d3dad632382 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fd524e1c02193f64:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-fd524e1c02193f64 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-282c3beb2e9d9d39:flow:d80c3cc4d9c6	SESSION-282c3beb2e9d9d39 → flow:d80c3cc4d9c6
flow_observed5-aryOBS	e:fo:flow:5d7ec192c72c	flow:5d7ec192c72c → host:177.10.236.10 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b2aed99cc8c09f5c:host:172.234.197.23	SESSION-b2aed99cc8c09f5c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:a7e5050c5b2a	flow:a7e5050c5b2a → host:45.173.156.139 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:9e4891f10bc3	flow:9e4891f10bc3 → host:172.234.197.23 → host:177.10.235.186 → port:tcp:47041
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-923fbccf43ed644a:flow:c1436067dd70	SESSION-923fbccf43ed644a → flow:c1436067dd70
FLOW_FROM_HOSTOBS	e:from:SESSION-fb6fbeeb95cb61c8:host:177.10.238.20	SESSION-fb6fbeeb95cb61c8 → host:177.10.238.20
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-20e3655a208f66c6:SESSION-20e3655a208f66c6	SESSION-20e3655a208f66c6 → pe:syn:SESSION-20e3655a208f66c6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2824f9b79e0fb1f1:host:131.196.29.50	SESSION-2824f9b79e0fb1f1 → host:131.196.29.50
FLOW_TO_HOSTOBS	e:to:SESSION-742c2d67dec63a6f:host:172.234.197.23	SESSION-742c2d67dec63a6f → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-643a90c68c400c64:flow:2a26dc28d5ba	SESSION-643a90c68c400c64 → flow:2a26dc28d5ba
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ea5a5c8bbfcfd548:flow:af7a09bb9bc0	SESSION-ea5a5c8bbfcfd548 → flow:af7a09bb9bc0
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0c6cb018cbd8a763:flow:d80b0058aa80	SESSION-0c6cb018cbd8a763 → flow:d80b0058aa80
FLOW_FROM_HOSTOBS	e:from:SESSION-c47a34d160ec21ba:host:177.10.239.177	SESSION-c47a34d160ec21ba → host:177.10.239.177
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.123:asn:271410	host:131.196.29.123 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-25fe6bafaa94a84d:SESSION-25fe6bafaa94a84d	SESSION-25fe6bafaa94a84d → pe:tls:SESSION-25fe6bafaa94a84d
FLOW_DST_PORTOBS	e:fp:flow:6f77ba0efd14:port:tcp:43536	flow:6f77ba0efd14 → port:tcp:43536
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0af842276eef56a1:SESSION-0af842276eef56a1	SESSION-0af842276eef56a1 → pe:syn:SESSION-0af842276eef56a1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5c9754d7075a4d12:PCAP:capture_20260430160001:9bfa4498506a	SESSION-5c9754d7075a4d12 → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.219:geo_-16.28860_-49.01640	host:177.10.236.219 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:a125a071d169:port:tcp:443	flow:a125a071d169 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2096050a1fa0221d:PCAP:capture_20260430160001:9bfa4498506a	SESSION-2096050a1fa0221d → PCAP:capture_20260430160001:9bfa4498506a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fd573746c1e36a64:flow:2b4878d22749	SESSION-fd573746c1e36a64 → flow:2b4878d22749
FLOW_TO_HOSTOBS	e:to:SESSION-7a8bea4194d810df:host:172.234.197.23	SESSION-7a8bea4194d810df → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9633daabdcbaa0c0:flow:ae01755e2c80	SESSION-9633daabdcbaa0c0 → flow:ae01755e2c80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5d84fd327ccf4e65:SESSION-5d84fd327ccf4e65	SESSION-5d84fd327ccf4e65 → pe:tls:SESSION-5d84fd327ccf4e65
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-973fc1252d207af1:SESSION-973fc1252d207af1	SESSION-973fc1252d207af1 → pe:syn:SESSION-973fc1252d207af1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-083cc9a3854de3cd:SESSION-083cc9a3854de3cd	SESSION-083cc9a3854de3cd → pe:syn:SESSION-083cc9a3854de3cd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cfb2466cf35b5342:host:177.10.232.35:host:172.234.197.23	SESSION-cfb2466cf35b5342 → host:177.10.232.35 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6263455e390c054e:host:172.234.197.23	SESSION-6263455e390c054e → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e6f3d2670453324e:host:177.10.237.24	SESSION-e6f3d2670453324e → host:177.10.237.24
FLOW_FROM_HOSTOBS	e:from:SESSION-dbacd0066146a93a:host:172.234.197.23	SESSION-dbacd0066146a93a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-47e6906e0a27d254:SESSION-47e6906e0a27d254	SESSION-47e6906e0a27d254 → pe:tls:SESSION-47e6906e0a27d254
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2bf5c26caf57dc4e:SESSION-2bf5c26caf57dc4e	SESSION-2bf5c26caf57dc4e → pe:syn:SESSION-2bf5c26caf57dc4e
FLOW_FROM_HOSTOBS	e:from:SESSION-3ca442589a0a5e5d:host:177.10.236.115	SESSION-3ca442589a0a5e5d → host:177.10.236.115
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-aae7a2cdf7b4e8cc:host:177.10.233.249:host:172.234.197.23	SESSION-aae7a2cdf7b4e8cc → host:177.10.233.249 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b2c61460e754c8f6:PCAP:capture_20260430070001:903a0e7a436b	SESSION-b2c61460e754c8f6 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-aab351c0be27393b:flow:5a300d7140a6	SESSION-aab351c0be27393b → flow:5a300d7140a6
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c7201144bad9d462:SESSION-c7201144bad9d462	SESSION-c7201144bad9d462 → pe:tls:SESSION-c7201144bad9d462
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4f95aea3e66ab57b:SESSION-4f95aea3e66ab57b	SESSION-4f95aea3e66ab57b → pe:tls:SESSION-4f95aea3e66ab57b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-24ee0ec1cbf12b9d:SESSION-24ee0ec1cbf12b9d	SESSION-24ee0ec1cbf12b9d → pe:syn:SESSION-24ee0ec1cbf12b9d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-99af0da0e550d67b:flow:23392fb83d00	SESSION-99af0da0e550d67b → flow:23392fb83d00
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7832d3594ed31e4:host:172.234.197.23	SESSION-b7832d3594ed31e4 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e47cd7d3b6c5e00d:host:177.10.237.221	SESSION-e47cd7d3b6c5e00d → host:177.10.237.221
FLOW_FROM_HOSTOBS	e:from:SESSION-5739ac8f3bafac6c:host:177.10.232.182	SESSION-5739ac8f3bafac6c → host:177.10.232.182
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d0a2ec1133f1da31:host:177.10.239.16:host:172.234.197.23	SESSION-d0a2ec1133f1da31 → host:177.10.239.16 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:1bdfdcdcdcb1	flow:1bdfdcdcdcb1 → host:177.10.237.147 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f6588417d002f2ed:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-f6588417d002f2ed → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6966225f20017b9e:host:172.234.197.23	SESSION-6966225f20017b9e → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-873a01bbf1ba0d09:host:95.135.228.95:host:172.234.197.23	SESSION-873a01bbf1ba0d09 → host:95.135.228.95 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.249:asn:271410	host:131.196.29.249 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ac8ab77b48a8c37:host:172.234.197.23	SESSION-6ac8ab77b48a8c37 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:4372f6da63a9:port:tcp:443	flow:4372f6da63a9 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.48:asn:273470	host:45.173.156.48 → asn:273470
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1ee986621b3f988f:SESSION-1ee986621b3f988f	SESSION-1ee986621b3f988f → pe:tls:SESSION-1ee986621b3f988f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e2f1449f3d42ccdf:flow:acd01af9e4bf	SESSION-e2f1449f3d42ccdf → flow:acd01af9e4bf
FLOW_TO_HOSTOBS	e:to:SESSION-5080263f1b2fd5b9:host:172.234.197.23	SESSION-5080263f1b2fd5b9 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.71:asn:271410	host:131.196.28.71 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-84e5e89f26aa2ca2:flow:3289c02669aa	SESSION-84e5e89f26aa2ca2 → flow:3289c02669aa
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b679e6887c5a68a:host:177.10.235.85	SESSION-7b679e6887c5a68a → host:177.10.235.85
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f778ec59760ca534:host:40.177.218.231	SESSION-f778ec59760ca534 → host:40.177.218.231
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3adb88175f99dced:host:177.10.235.155	SESSION-3adb88175f99dced → host:177.10.235.155
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.145.152.164:geo_19.07480_72.88560	host:45.145.152.164 → geo_19.07480_72.88560
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-af1aec9a84a08d25:host:172.234.197.23	SESSION-af1aec9a84a08d25 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:ca6e1431913e:port:tcp:443	flow:ca6e1431913e → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-39adf49608796443:PCAP:capture_20260430070001:903a0e7a436b	SESSION-39adf49608796443 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b5dccafc7307f6ac:host:45.173.156.205	SESSION-b5dccafc7307f6ac → host:45.173.156.205
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8417b06622c43718:host:131.196.30.131:host:172.234.197.23	SESSION-8417b06622c43718 → host:131.196.30.131 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96623b45a0a307c2:flow:84ed01f64073	SESSION-96623b45a0a307c2 → flow:84ed01f64073
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f74caf722af4b362:PCAP:capture_20260430070001:903a0e7a436b	SESSION-f74caf722af4b362 → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-82e825a4afeeff6a:flow:41bca09d381c	SESSION-82e825a4afeeff6a → flow:41bca09d381c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-96878fba39db06d8:host:172.234.197.23	SESSION-96878fba39db06d8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33fcdd018bdc1a2c:host:172.234.197.23	SESSION-33fcdd018bdc1a2c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fbee5c60d72abd4e:SESSION-fbee5c60d72abd4e	SESSION-fbee5c60d72abd4e → pe:syn:SESSION-fbee5c60d72abd4e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64a8af826dc81e59:host:177.10.236.121	SESSION-64a8af826dc81e59 → host:177.10.236.121
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ac14845b1a23366d:SESSION-ac14845b1a23366d	SESSION-ac14845b1a23366d → pe:syn:SESSION-ac14845b1a23366d
flow_observed5-aryOBS	e:fo:flow:bb9ff70d845a	flow:bb9ff70d845a → host:131.196.28.167 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c0b0070ff484a299:host:172.234.197.23	SESSION-c0b0070ff484a299 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.239.196:asn:262880	host:177.10.239.196 → asn:262880
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-472adb1eeb20f880:BSG-BEACON-c722144663f7	SESSION-472adb1eeb20f880 → BSG-BEACON-c722144663f7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-69c66b3db447dca1:host:172.234.197.23	SESSION-69c66b3db447dca1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51c60ff5c6e820bd:host:172.234.197.23	SESSION-51c60ff5c6e820bd → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:224dc220eca8:port:tcp:443	flow:224dc220eca8 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:ef75b0633734	flow:ef75b0633734 → host:177.10.238.236 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:ae3a6176a3b5	flow:ae3a6176a3b5 → host:92.112.71.216 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-620284e2b3f3a282:flow:29ed78ca1b4e	SESSION-620284e2b3f3a282 → flow:29ed78ca1b4e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4619747059efac6f:flow:5d01015a2df9	SESSION-4619747059efac6f → flow:5d01015a2df9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-a0605f48b345a3ed:SESSION-a0605f48b345a3ed	SESSION-a0605f48b345a3ed → pe:syn:SESSION-a0605f48b345a3ed
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ee4167cf60ac81c3:PCAP:capture_20260430150001:ded20914761d	SESSION-ee4167cf60ac81c3 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a238538ee50c7862:host:131.196.28.10	SESSION-a238538ee50c7862 → host:131.196.28.10
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cb9e9108ca8bff14:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-cb9e9108ca8bff14 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2e627b58284e1729:SESSION-2e627b58284e1729	SESSION-2e627b58284e1729 → pe:tls:SESSION-2e627b58284e1729
FLOW_FROM_HOSTOBS	e:from:SESSION-6c8dea047b3a203b:host:131.196.29.164	SESSION-6c8dea047b3a203b → host:131.196.29.164
flow_observed5-aryOBS	e:fo:flow:fd1e7c8fc228	flow:fd1e7c8fc228 → host:177.10.238.55 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f5c08654c75b915c:host:172.234.197.23	SESSION-f5c08654c75b915c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0a11bbc1f12398e3:host:177.10.235.241:host:172.234.197.23	SESSION-0a11bbc1f12398e3 → host:177.10.235.241 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3759208ef2a99af0:host:177.10.233.1:host:172.234.197.23	SESSION-3759208ef2a99af0 → host:177.10.233.1 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c47a34d160ec21ba:SESSION-c47a34d160ec21ba	SESSION-c47a34d160ec21ba → pe:tls:SESSION-c47a34d160ec21ba
FLOW_TO_HOSTOBS	e:to:SESSION-3ae59ca72364f9e1:host:172.234.197.23	SESSION-3ae59ca72364f9e1 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3854a3544c69d398:PCAP:capture_20260430080001:93f47cc296a4	SESSION-3854a3544c69d398 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-1dda0e3344468f76:host:172.234.197.23	SESSION-1dda0e3344468f76 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7e89ccbf4d277fb8:host:177.10.236.248	SESSION-7e89ccbf4d277fb8 → host:177.10.236.248
FLOW_TO_HOSTOBS	e:to:SESSION-112ed66aeea7c1e0:host:177.10.237.2	SESSION-112ed66aeea7c1e0 → host:177.10.237.2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b88c76d0206f2960:host:172.234.197.23	SESSION-b88c76d0206f2960 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-32551388ee5c6c20:SESSION-32551388ee5c6c20	SESSION-32551388ee5c6c20 → pe:syn:SESSION-32551388ee5c6c20
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-16fca057f28c0943:SESSION-16fca057f28c0943	SESSION-16fca057f28c0943 → pe:syn:SESSION-16fca057f28c0943
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-afbbd778f47cc6c1:flow:a89327de536a	SESSION-afbbd778f47cc6c1 → flow:a89327de536a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ce1a5aa06c53f62:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-8ce1a5aa06c53f62 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c4e9a3a3a63cdb2e:flow:28d9e57edc1e	SESSION-c4e9a3a3a63cdb2e → flow:28d9e57edc1e
FLOW_TO_HOSTOBS	e:to:SESSION-e10e261831a1079d:host:177.10.236.186	SESSION-e10e261831a1079d → host:177.10.236.186
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1739bca4a014ab7e:SESSION-1739bca4a014ab7e	SESSION-1739bca4a014ab7e → pe:syn:SESSION-1739bca4a014ab7e
flow_observed5-aryOBS	e:fo:flow:7241d561d9f2	flow:7241d561d9f2 → host:92.112.71.27 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:952d15da9419:port:tcp:19547	flow:952d15da9419 → port:tcp:19547
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-9c36bc9032caa64b:SESSION-9c36bc9032caa64b	SESSION-9c36bc9032caa64b → pe:tls:SESSION-9c36bc9032caa64b
flow_observed5-aryOBS	e:fo:flow:22753125df6d	flow:22753125df6d → host:177.10.233.98 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d8d921ace7c85ce9:SESSION-d8d921ace7c85ce9	SESSION-d8d921ace7c85ce9 → pe:tls:SESSION-d8d921ace7c85ce9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d6bdcd515a2308bd:SESSION-d6bdcd515a2308bd	SESSION-d6bdcd515a2308bd → pe:syn:SESSION-d6bdcd515a2308bd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0414bb340c93930b:host:177.10.234.93	SESSION-0414bb340c93930b → host:177.10.234.93
FLOW_TO_HOSTOBS	e:to:SESSION-6c15e0230f45f826:host:172.234.197.23	SESSION-6c15e0230f45f826 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b8f2b3515afd502b:host:131.196.28.94	SESSION-b8f2b3515afd502b → host:131.196.28.94
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-708abc4c81aa7c60:SESSION-708abc4c81aa7c60	SESSION-708abc4c81aa7c60 → pe:syn:SESSION-708abc4c81aa7c60
FLOW_TO_HOSTOBS	e:to:SESSION-662271688fa2b491:host:172.234.197.23	SESSION-662271688fa2b491 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1705f35e2db46a43:host:177.10.234.194	SESSION-1705f35e2db46a43 → host:177.10.234.194
FLOW_FROM_HOSTOBS	e:from:SESSION-53d75396bd30ce89:host:45.173.156.228	SESSION-53d75396bd30ce89 → host:45.173.156.228
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c4dd5260308cf6ea:SESSION-c4dd5260308cf6ea	SESSION-c4dd5260308cf6ea → pe:syn:SESSION-c4dd5260308cf6ea
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-22bb8f06cde321ca:SESSION-22bb8f06cde321ca	SESSION-22bb8f06cde321ca → pe:syn:SESSION-22bb8f06cde321ca
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.111:geo_-16.28860_-49.01640	host:177.10.235.111 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-49ddbf605897eb3f:host:177.10.238.103	SESSION-49ddbf605897eb3f → host:177.10.238.103
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-970263f3772afe71:SESSION-970263f3772afe71	SESSION-970263f3772afe71 → pe:syn:SESSION-970263f3772afe71
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e69d77cebc13bf2:host:172.234.197.23	SESSION-1e69d77cebc13bf2 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5cc5476d95a5:port:tcp:443	flow:5cc5476d95a5 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2ed5513c22512ddd:host:172.234.197.23	SESSION-2ed5513c22512ddd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e8ebb92b3cccc0ee:host:172.234.197.23	SESSION-e8ebb92b3cccc0ee → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4ffce8b6e53dd75:host:177.10.233.67	SESSION-a4ffce8b6e53dd75 → host:177.10.233.67
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64913b40dfec355f:host:131.196.29.182	SESSION-64913b40dfec355f → host:131.196.29.182
FLOW_TO_HOSTOBS	e:to:SESSION-5d8922fd6595a71f:host:172.234.197.23	SESSION-5d8922fd6595a71f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9c825a37bb7881b6:host:172.234.197.23:host:131.196.28.222	SESSION-9c825a37bb7881b6 → host:172.234.197.23 → host:131.196.28.222
FLOW_FROM_HOSTOBS	e:from:SESSION-9db977289667177f:host:177.10.234.96	SESSION-9db977289667177f → host:177.10.234.96
FLOW_TO_HOSTOBS	e:to:SESSION-cc58620ced71d747:host:172.234.197.23	SESSION-cc58620ced71d747 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ead89ade728d357d:host:51.224.181.45	SESSION-ead89ade728d357d → host:51.224.181.45
flow_observed5-aryOBS	e:fo:flow:2d5bc9418602	flow:2d5bc9418602 → host:31.40.196.211 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.192:geo_-16.28860_-49.01640	host:177.10.237.192 → geo_-16.28860_-49.01640
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ff2bd1b9d0923cc1:flow:b8531a25e714	SESSION-ff2bd1b9d0923cc1 → flow:b8531a25e714
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5f215cf2f031026d:SESSION-5f215cf2f031026d	SESSION-5f215cf2f031026d → pe:tls:SESSION-5f215cf2f031026d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96639b4b4a33e422:flow:b08eb85e8c9a	SESSION-96639b4b4a33e422 → flow:b08eb85e8c9a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e21e19309bc8d324:SESSION-e21e19309bc8d324	SESSION-e21e19309bc8d324 → pe:syn:SESSION-e21e19309bc8d324
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4a1570467d4c9a43:SESSION-4a1570467d4c9a43	SESSION-4a1570467d4c9a43 → pe:tls:SESSION-4a1570467d4c9a43
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-946275ea323f6900:SESSION-946275ea323f6900	SESSION-946275ea323f6900 → pe:tls:SESSION-946275ea323f6900
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c55eb6f1c0bb6137:host:172.234.197.23:host:172.232.0.16	SESSION-c55eb6f1c0bb6137 → host:172.234.197.23 → host:172.232.0.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9c08b167ed56233b:host:177.10.239.241	SESSION-9c08b167ed56233b → host:177.10.239.241
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-08df11bd27017e71:BSG-BEACON-f6c2b3d0e42d	SESSION-08df11bd27017e71 → BSG-BEACON-f6c2b3d0e42d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ee402158031a28f0:PCAP:capture_20260430050001:8868731bf8a4	SESSION-ee402158031a28f0 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1e2ace7c21b4da04:PCAP:capture_20260430070001:903a0e7a436b	SESSION-1e2ace7c21b4da04 → PCAP:capture_20260430070001:903a0e7a436b
FLOW_DST_PORTOBS	e:fp:flow:7b60f2dd452b:port:tcp:3866	flow:7b60f2dd452b → port:tcp:3866
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-5e80661c10e8e6e7:SESSION-5e80661c10e8e6e7	SESSION-5e80661c10e8e6e7 → pe:rst:SESSION-5e80661c10e8e6e7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c98ee522a60a5600:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-c98ee522a60a5600 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-379e8704803db8ae:host:177.10.237.132	SESSION-379e8704803db8ae → host:177.10.237.132
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fcd4658ed0002284:host:131.196.28.106	SESSION-fcd4658ed0002284 → host:131.196.28.106
flow_observed5-aryOBS	e:fo:flow:4006f2fdc1f3	flow:4006f2fdc1f3 → host:131.196.29.158 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e088d2ccbc3966c5:flow:0f84ecdb7bf2	SESSION-e088d2ccbc3966c5 → flow:0f84ecdb7bf2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-002a4fad2ef08bcf:SESSION-002a4fad2ef08bcf	SESSION-002a4fad2ef08bcf → pe:syn:SESSION-002a4fad2ef08bcf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f255eba3b0795a16:flow:d89b7042eba6	SESSION-f255eba3b0795a16 → flow:d89b7042eba6
flow_observed5-aryOBS	e:fo:flow:2893802bb933	flow:2893802bb933 → host:177.10.232.193 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e088d2ccbc3966c5:host:172.234.197.23	SESSION-e088d2ccbc3966c5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-71917de89d264496:host:45.173.156.172:host:172.234.197.23	SESSION-71917de89d264496 → host:45.173.156.172 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c0df43d2721e666e:host:131.196.31.255:host:172.234.197.23	SESSION-c0df43d2721e666e → host:131.196.31.255 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-0a4200861230ead3:host:131.196.28.69	SESSION-0a4200861230ead3 → host:131.196.28.69
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-deef720c855898df:SESSION-deef720c855898df	SESSION-deef720c855898df → pe:syn:SESSION-deef720c855898df
FLOW_DST_PORTOBS	e:fp:flow:7286bcf23af8:port:tcp:443	flow:7286bcf23af8 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e867c3054a212916:SESSION-e867c3054a212916	SESSION-e867c3054a212916 → pe:syn:SESSION-e867c3054a212916
FLOW_FROM_HOSTOBS	e:from:SESSION-23b772dcd58e4ef3:host:177.10.234.146	SESSION-23b772dcd58e4ef3 → host:177.10.234.146
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bb512b6db53333ff:host:172.234.197.23:host:177.10.238.28	SESSION-bb512b6db53333ff → host:172.234.197.23 → host:177.10.238.28
FLOW_TO_HOSTOBS	e:to:SESSION-c4437969c398261c:host:172.234.197.23	SESSION-c4437969c398261c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9dcf6e772a239b46:host:172.234.197.23	SESSION-9dcf6e772a239b46 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:46adb11afed3:port:tcp:59439	flow:46adb11afed3 → port:tcp:59439
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01716d55cf2099e5:host:177.10.234.179	SESSION-01716d55cf2099e5 → host:177.10.234.179
flow_observed5-aryOBS	e:fo:flow:707d93617716	flow:707d93617716 → host:177.10.239.76 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-9466cbe9e9dd26aa:host:172.234.197.23	SESSION-9466cbe9e9dd26aa → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9d43b9fecb8f031e:flow:5ca8afe796b8	SESSION-9d43b9fecb8f031e → flow:5ca8afe796b8
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49ea9885c560f158:host:177.10.238.113	SESSION-49ea9885c560f158 → host:177.10.238.113
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5cb36fee7e75b97b:host:104.28.202.79:host:172.234.197.23	SESSION-5cb36fee7e75b97b → host:104.28.202.79 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:3fd84d52a8b0:port:tcp:443	flow:3fd84d52a8b0 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2842c4c08e29d7d7:PCAP:capture_20260428010001:b1b402c7b202	SESSION-2842c4c08e29d7d7 → PCAP:capture_20260428010001:b1b402c7b202
FLOW_TO_HOSTOBS	e:to:SESSION-1bd78fd10af70dea:host:131.196.29.25	SESSION-1bd78fd10af70dea → host:131.196.29.25
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.90:asn:273470	host:45.173.156.90 → asn:273470
flow_observed5-aryOBS	e:fo:flow:a80934ee9d8f	flow:a80934ee9d8f → host:177.10.234.104 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.154:geo_-16.28860_-49.01640	host:177.10.236.154 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.196:asn:271410	host:131.196.28.196 → asn:271410
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-91919daf8511716e:host:131.196.31.98	SESSION-91919daf8511716e → host:131.196.31.98
FLOW_FROM_HOSTOBS	e:from:SESSION-a7f859cb03c026fc:host:172.234.197.23	SESSION-a7f859cb03c026fc → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a9b85b89d918f42:PCAP:capture_20260430160001:9bfa4498506a	SESSION-8a9b85b89d918f42 → PCAP:capture_20260430160001:9bfa4498506a
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.168:asn:271410	host:131.196.29.168 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d846bfa2b8f8474d:flow:00661a8aa975	SESSION-d846bfa2b8f8474d → flow:00661a8aa975
flow_observed4-aryOBS	e:fo:flow:9010546a6a57	flow:9010546a6a57 → host:172.234.197.23 → host:177.10.236.116 → port:tcp:56163
FLOW_FROM_HOSTOBS	e:from:SESSION-985fc991cba9cb9c:host:13.61.34.23	SESSION-985fc991cba9cb9c → host:13.61.34.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dc755b03d1f3f489:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-dc755b03d1f3f489 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-043f15d6badfcd64:host:177.10.235.36	SESSION-043f15d6badfcd64 → host:177.10.235.36
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.149:asn:271410	host:131.196.28.149 → asn:271410
flow_observed4-aryOBS	e:fo:flow:af26800f6859	flow:af26800f6859 → host:172.234.197.23 → host:131.196.30.60 → port:tcp:35946
FLOW_TO_HOSTOBS	e:to:SESSION-9a5aae11508cfd60:host:172.234.197.23	SESSION-9a5aae11508cfd60 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.234:asn:262880	host:177.10.237.234 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8cf2e3dd1491b22c:host:177.10.237.177	SESSION-8cf2e3dd1491b22c → host:177.10.237.177
flow_observed5-aryOBS	e:fo:flow:6b27cbf98b5b	flow:6b27cbf98b5b → host:177.10.235.188 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-843bbb86e5601bd5:host:172.234.197.23	SESSION-843bbb86e5601bd5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8366f626d6b88fcf:SESSION-8366f626d6b88fcf	SESSION-8366f626d6b88fcf → pe:syn:SESSION-8366f626d6b88fcf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-02270ea748fd3855:SESSION-02270ea748fd3855	SESSION-02270ea748fd3855 → pe:syn:SESSION-02270ea748fd3855
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-28599206da4f4816:host:177.10.239.143:host:172.234.197.23	SESSION-28599206da4f4816 → host:177.10.239.143 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6050ca7af62c0465:SESSION-6050ca7af62c0465	SESSION-6050ca7af62c0465 → pe:tls:SESSION-6050ca7af62c0465
FLOW_TO_HOSTOBS	e:to:SESSION-8405fabd9aa330c8:host:172.234.197.23	SESSION-8405fabd9aa330c8 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-924a4e21bceaf0d1:SESSION-924a4e21bceaf0d1	SESSION-924a4e21bceaf0d1 → pe:tls:SESSION-924a4e21bceaf0d1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ba12ba5c182aa430:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-ba12ba5c182aa430 → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_TO_HOSTOBS	e:to:SESSION-4c6ce7a55e2ab654:host:172.234.197.23	SESSION-4c6ce7a55e2ab654 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6cb17c89d7425739:PCAP:capture_20260430050001:8868731bf8a4	SESSION-6cb17c89d7425739 → PCAP:capture_20260430050001:8868731bf8a4
FLOW_FROM_HOSTOBS	e:from:SESSION-a57e7ba0de33dea3:host:177.10.235.166	SESSION-a57e7ba0de33dea3 → host:177.10.235.166
flow_observed5-aryOBS	e:fo:flow:c3621c90336e	flow:c3621c90336e → host:45.173.156.228 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-38231883b4033aa4:host:172.234.197.23:host:131.196.30.148	SESSION-38231883b4033aa4 → host:172.234.197.23 → host:131.196.30.148
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-da64f1d11a78111b:host:131.196.28.230:host:172.234.197.23	SESSION-da64f1d11a78111b → host:131.196.28.230 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7fad01c8dca4d847:host:172.234.197.23	SESSION-7fad01c8dca4d847 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:46ae3fb9e627	flow:46ae3fb9e627 → host:45.173.156.209 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-31b6c18ffff74955:SESSION-31b6c18ffff74955	SESSION-31b6c18ffff74955 → pe:tls:SESSION-31b6c18ffff74955
FLOW_FROM_HOSTOBS	e:from:SESSION-2eec6fd9620a1613:host:131.196.31.104	SESSION-2eec6fd9620a1613 → host:131.196.31.104
FLOW_DST_PORTOBS	e:fp:flow:7f517bebfe14:port:tcp:443	flow:7f517bebfe14 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-fef93e1a24936adf:host:131.196.28.134	SESSION-fef93e1a24936adf → host:131.196.28.134
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8247aea4532236dc:SESSION-8247aea4532236dc	SESSION-8247aea4532236dc → pe:syn:SESSION-8247aea4532236dc
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-feb3207d55e7c5c5:flow:d73ed284b477	SESSION-feb3207d55e7c5c5 → flow:d73ed284b477
FLOW_TO_HOSTOBS	e:to:SESSION-d0929735579c89e2:host:177.10.236.143	SESSION-d0929735579c89e2 → host:177.10.236.143
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.204:asn:262880	host:177.10.233.204 → asn:262880
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e872279913929717:SESSION-e872279913929717	SESSION-e872279913929717 → pe:syn:SESSION-e872279913929717
FLOW_DST_PORTOBS	e:fp:flow:69177a9aac9e:port:tcp:61119	flow:69177a9aac9e → port:tcp:61119
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e72c530de39a222:host:177.10.234.164	SESSION-5e72c530de39a222 → host:177.10.234.164
flow_observed3-aryOBS	e:fo:flow:0e813fc9aed2	flow:0e813fc9aed2 → host:54.201.244.199 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-228e058fc2527275:SESSION-228e058fc2527275	SESSION-228e058fc2527275 → pe:syn:SESSION-228e058fc2527275
FLOW_DST_PORTOBS	e:fp:flow:9652a15dd0c9:port:tcp:49075	flow:9652a15dd0c9 → port:tcp:49075
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8dbd1afb05a3a814:host:172.234.197.23:host:45.173.156.228	SESSION-8dbd1afb05a3a814 → host:172.234.197.23 → host:45.173.156.228
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.234.162:geo_-16.28860_-49.01640	host:177.10.234.162 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e13a35a59d4e8cb3:SESSION-e13a35a59d4e8cb3	SESSION-e13a35a59d4e8cb3 → pe:syn:SESSION-e13a35a59d4e8cb3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7eb43af6b38a5d78:host:157.180.84.94	SESSION-7eb43af6b38a5d78 → host:157.180.84.94
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-23002560e1da6de3:flow:0234eaac2961	SESSION-23002560e1da6de3 → flow:0234eaac2961
flow_observed4-aryOBS	e:fo:flow:9e2efcab33d5	flow:9e2efcab33d5 → host:172.234.197.23 → host:131.196.28.69 → port:tcp:50004
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f3b2b5737f36d7ec:host:177.10.236.220	SESSION-f3b2b5737f36d7ec → host:177.10.236.220
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1cb1824ec0ef0f8a:SESSION-1cb1824ec0ef0f8a	SESSION-1cb1824ec0ef0f8a → pe:syn:SESSION-1cb1824ec0ef0f8a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f7b35d3dad632382:flow:bf7598ac6715	SESSION-f7b35d3dad632382 → flow:bf7598ac6715
FLOW_DST_PORTOBS	e:fp:flow:f1d2d3e59021:port:tcp:443	flow:f1d2d3e59021 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-02999fe2096ad39b:SESSION-02999fe2096ad39b	SESSION-02999fe2096ad39b → pe:syn:SESSION-02999fe2096ad39b
FLOW_TO_HOSTOBS	e:to:SESSION-1ddc324b0d6a8eb6:host:172.234.197.23	SESSION-1ddc324b0d6a8eb6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2632ba515271ea31:host:172.234.197.23	SESSION-2632ba515271ea31 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3d6a52e82bb8db7f:host:131.196.31.69	SESSION-3d6a52e82bb8db7f → host:131.196.31.69
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4db3abe06a9505c7:PCAP:capture_20260430150001:ded20914761d	SESSION-4db3abe06a9505c7 → PCAP:capture_20260430150001:ded20914761d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-24763432928200fc:PCAP:capture_20260430080001:93f47cc296a4	SESSION-24763432928200fc → PCAP:capture_20260430080001:93f47cc296a4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8431b5fa38a73955:host:103.155.16.117	SESSION-8431b5fa38a73955 → host:103.155.16.117
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-37fa495f79e351e9:host:131.196.28.88:host:172.234.197.23	SESSION-37fa495f79e351e9 → host:131.196.28.88 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.210:geo_-16.28860_-49.01640	host:177.10.235.210 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:ec23e5b035b6:port:tcp:20292	flow:ec23e5b035b6 → port:tcp:20292
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-febabcac2b03c9d1:SESSION-febabcac2b03c9d1	SESSION-febabcac2b03c9d1 → pe:tls:SESSION-febabcac2b03c9d1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-cf1b38a91c361f4b:SESSION-cf1b38a91c361f4b	SESSION-cf1b38a91c361f4b → pe:syn:SESSION-cf1b38a91c361f4b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3759208ef2a99af0:flow:2ad543ca6167	SESSION-3759208ef2a99af0 → flow:2ad543ca6167
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7e7ccd5c552e41a1:host:177.10.239.200	SESSION-7e7ccd5c552e41a1 → host:177.10.239.200
FLOW_TO_HOSTOBS	e:to:SESSION-0a9091855f21b6bb:host:172.234.197.23	SESSION-0a9091855f21b6bb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1633b12f0e20b97e:host:185.231.226.245	SESSION-1633b12f0e20b97e → host:185.231.226.245
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b12621bc2223af13:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b12621bc2223af13 → PCAP:capture_20260430080001:93f47cc296a4
FLOW_DST_PORTOBS	e:fp:flow:b961b57bcd95:port:tcp:443	flow:b961b57bcd95 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0a4200861230ead3:host:131.196.28.69	SESSION-0a4200861230ead3 → host:131.196.28.69
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1110d6d36f6ebd42:host:131.196.31.180:host:172.234.197.23	SESSION-1110d6d36f6ebd42 → host:131.196.31.180 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.239:asn:262880	host:177.10.233.239 → asn:262880
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:91.240.224.238:geo_51.50810_-0.12780	host:91.240.224.238 → geo_51.50810_-0.12780
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d6a7aaaa54e7dd63:host:177.10.233.125:host:172.234.197.23	SESSION-d6a7aaaa54e7dd63 → host:177.10.233.125 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-15d25700bea96717:host:172.234.197.23	SESSION-15d25700bea96717 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.70:asn:262880	host:177.10.233.70 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-34cbebf9a190be23:host:172.234.197.23	SESSION-34cbebf9a190be23 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8139f2a89dd46f4b:SESSION-8139f2a89dd46f4b	SESSION-8139f2a89dd46f4b → pe:tls:SESSION-8139f2a89dd46f4b
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ff369745433a15b5:host:172.234.197.23	SESSION-ff369745433a15b5 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-682271ad5b560620:host:131.196.28.176:host:172.234.197.23	SESSION-682271ad5b560620 → host:131.196.28.176 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2aa7e55175462248:host:172.234.197.23	SESSION-2aa7e55175462248 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e96c97861c631394:SESSION-e96c97861c631394	SESSION-e96c97861c631394 → pe:syn:SESSION-e96c97861c631394
FLOW_DST_PORTOBS	e:fp:flow:fe720b597bbb:port:tcp:443	flow:fe720b597bbb → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-86f48b7df98fd466:host:172.234.197.23	SESSION-86f48b7df98fd466 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0612d11703a94cf9:host:172.234.197.23	SESSION-0612d11703a94cf9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6dacc3093e29f894:host:177.10.234.250	SESSION-6dacc3093e29f894 → host:177.10.234.250
FLOW_TO_HOSTOBS	e:to:SESSION-f7d282d56df8eba3:host:172.234.197.23	SESSION-f7d282d56df8eba3 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a117da50f6c2c30f:host:131.196.31.42:host:172.234.197.23	SESSION-a117da50f6c2c30f → host:131.196.31.42 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-db1b4e286dc089a9:host:131.196.29.60	SESSION-db1b4e286dc089a9 → host:131.196.29.60
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.248:asn:262880	host:177.10.238.248 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-5016108ab6552957:host:172.234.197.23	SESSION-5016108ab6552957 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fdee4339c7caabb6:SESSION-fdee4339c7caabb6	SESSION-fdee4339c7caabb6 → pe:syn:SESSION-fdee4339c7caabb6
FLOW_DST_PORTOBS	e:fp:flow:6ccc6c1f2d86:port:tcp:443	flow:6ccc6c1f2d86 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-9d59512d9649ead5:host:177.10.238.181	SESSION-9d59512d9649ead5 → host:177.10.238.181
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-61838f073a9a90b1:SESSION-61838f073a9a90b1	SESSION-61838f073a9a90b1 → pe:syn:SESSION-61838f073a9a90b1
HOST_IN_ASNOBS 85%	e:ha:host:177.10.233.22:asn:262880	host:177.10.233.22 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-64639bf8e248f548:host:172.234.197.23	SESSION-64639bf8e248f548 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-21ae4bade70b1440:host:177.10.235.165	SESSION-21ae4bade70b1440 → host:177.10.235.165
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-587cecb9c2d65d84:host:177.10.235.85	SESSION-587cecb9c2d65d84 → host:177.10.235.85
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8c3d14af1a5eb503:flow:707d93617716	SESSION-8c3d14af1a5eb503 → flow:707d93617716
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d06d4272bf4950c7:SESSION-d06d4272bf4950c7	SESSION-d06d4272bf4950c7 → pe:tls:SESSION-d06d4272bf4950c7
flow_observed3-aryOBS	e:fo:flow:91f35460d00f	flow:91f35460d00f → host:40.177.170.73 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-29e21c95f9df9427:flow:519dfe2ba798	SESSION-29e21c95f9df9427 → flow:519dfe2ba798
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e7a6b146488afb43:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-e7a6b146488afb43 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-760c61036eedf2e4:flow:ea7d04d29ddc	SESSION-760c61036eedf2e4 → flow:ea7d04d29ddc
FLOW_DST_PORTOBS	e:fp:flow:2c20c026d21d:port:tcp:443	flow:2c20c026d21d → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a3c1d53f1688156:flow:309a8c27afa8	SESSION-8a3c1d53f1688156 → flow:309a8c27afa8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-082f90538556b940:SESSION-082f90538556b940	SESSION-082f90538556b940 → pe:syn:SESSION-082f90538556b940
flow_observed5-aryOBS	e:fo:flow:ef09ac1cb842	flow:ef09ac1cb842 → host:177.10.234.32 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:9854c2bfa6b6	flow:9854c2bfa6b6 → host:172.234.197.23 → host:131.196.29.94 → port:tcp:27432
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-597e69ebdf7ef93f:host:131.196.31.193	SESSION-597e69ebdf7ef93f → host:131.196.31.193
flow_observed5-aryOBS	e:fo:flow:ef017bf11c12	flow:ef017bf11c12 → host:177.10.239.72 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:19dac7843a48:port:tcp:443	flow:19dac7843a48 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-2f4918b67fbcc63f:host:172.234.197.23	SESSION-2f4918b67fbcc63f → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:f2c6379e0a88	flow:f2c6379e0a88 → host:172.234.197.23 → host:177.10.235.184 → port:tcp:32499
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f3748d9d14aafdb8:SESSION-f3748d9d14aafdb8	SESSION-f3748d9d14aafdb8 → pe:syn:SESSION-f3748d9d14aafdb8
FLOW_TO_HOSTOBS	e:to:SESSION-4354e5bc798bd13a:host:172.234.197.23	SESSION-4354e5bc798bd13a → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cde6fb5ccac54489:host:177.10.236.169:host:172.234.197.23	SESSION-cde6fb5ccac54489 → host:177.10.236.169 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:672cf5da582b:port:tcp:443	flow:672cf5da582b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-49c1d2d9ba1746da:host:172.234.197.23	SESSION-49c1d2d9ba1746da → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f59e3038c71b15e1:host:177.10.234.0:host:172.234.197.23	SESSION-f59e3038c71b15e1 → host:177.10.234.0 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e217016f21152908:host:172.234.197.23	SESSION-e217016f21152908 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.221:geo_-23.62930_-46.63510	host:131.196.30.221 → geo_-23.62930_-46.63510
FLOW_FROM_HOSTOBS	e:from:SESSION-3560085925cb3717:host:177.10.237.15	SESSION-3560085925cb3717 → host:177.10.237.15
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2d7ac357c55d6f7b:SESSION-2d7ac357c55d6f7b	SESSION-2d7ac357c55d6f7b → pe:syn:SESSION-2d7ac357c55d6f7b
flow_observed5-aryOBS	e:fo:flow:6a91f40678b6	flow:6a91f40678b6 → host:177.10.239.57 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-764a731a27d64086:flow:c4efba82fdeb	SESSION-764a731a27d64086 → flow:c4efba82fdeb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9d0657eb87257c08:host:172.234.197.23:host:172.232.0.17	SESSION-9d0657eb87257c08 → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-16fca057f28c0943:host:172.234.197.23	SESSION-16fca057f28c0943 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-954ce8dcd8b034e5:SESSION-954ce8dcd8b034e5	SESSION-954ce8dcd8b034e5 → pe:rst:SESSION-954ce8dcd8b034e5
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb9800c0b594ef9b:host:177.10.232.124	SESSION-fb9800c0b594ef9b → host:177.10.232.124
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0371abab0ef43e73:flow:3c2314f862f2	SESSION-0371abab0ef43e73 → flow:3c2314f862f2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-020ce81cb9d50ce5:flow:0d37e7327420	SESSION-020ce81cb9d50ce5 → flow:0d37e7327420
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9eda278d49363b57:flow:332f4fe52ebe	SESSION-9eda278d49363b57 → flow:332f4fe52ebe
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-65a2e80880ae05c5:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-65a2e80880ae05c5 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8de302c0e306721c:SESSION-8de302c0e306721c	SESSION-8de302c0e306721c → pe:tls:SESSION-8de302c0e306721c
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-8d58c039fa1a1304:BSG-BEACON-f6c2b3d0e42d	SESSION-8d58c039fa1a1304 → BSG-BEACON-f6c2b3d0e42d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-ef2cf125c8c7b83a:SESSION-ef2cf125c8c7b83a	SESSION-ef2cf125c8c7b83a → pe:tls:SESSION-ef2cf125c8c7b83a
FLOW_TO_HOSTOBS	e:to:SESSION-67c350ca0312f6cb:host:172.234.197.23	SESSION-67c350ca0312f6cb → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0481c3a1b2d7b867:host:44.243.2.252:host:172.234.197.23	SESSION-0481c3a1b2d7b867 → host:44.243.2.252 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8d9f933822471a5a:flow:aae931213988	SESSION-8d9f933822471a5a → flow:aae931213988
FLOW_FROM_HOSTOBS	e:from:SESSION-213b6cb7e75b87f2:host:177.10.236.77	SESSION-213b6cb7e75b87f2 → host:177.10.236.77
FLOW_TO_HOSTOBS	e:to:SESSION-b1f8267b24b78f93:host:131.196.30.231	SESSION-b1f8267b24b78f93 → host:131.196.30.231
FLOW_DST_PORTOBS	e:fp:flow:139df7a387eb:port:tcp:443	flow:139df7a387eb → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8be5aa373d930e54:SESSION-8be5aa373d930e54	SESSION-8be5aa373d930e54 → pe:tls:SESSION-8be5aa373d930e54
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0b8fd41df39b968c:host:45.173.156.158	SESSION-0b8fd41df39b968c → host:45.173.156.158
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.120:geo_-21.10010_-41.69200	host:45.173.156.120 → geo_-21.10010_-41.69200
FLOW_FROM_HOSTOBS	e:from:SESSION-592f6a5ffad96a3b:host:35.95.128.58	SESSION-592f6a5ffad96a3b → host:35.95.128.58
FLOW_TO_HOSTOBS	e:to:SESSION-63be833bbb100650:host:131.196.28.128	SESSION-63be833bbb100650 → host:131.196.28.128
FLOW_DST_PORTOBS	e:fp:flow:41bca09d381c:port:tcp:443	flow:41bca09d381c → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-51cdac11b30f43cf:host:172.234.197.23	SESSION-51cdac11b30f43cf → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c6fd3205e4a34033:host:172.234.197.23	SESSION-c6fd3205e4a34033 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4bc49d07a666c670:flow:1472db5bfc99	SESSION-4bc49d07a666c670 → flow:1472db5bfc99
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fef5a77f946ef097:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-fef5a77f946ef097 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
flow_observed3-aryOBS	e:fo:flow:73b49dd6ca85	flow:73b49dd6ca85 → host:18.60.59.175 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cdfe5014ffcf69db:host:177.10.233.35	SESSION-cdfe5014ffcf69db → host:177.10.233.35
FLOW_DST_PORTOBS	e:fp:flow:30f3c6e42212:port:tcp:443	flow:30f3c6e42212 → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-175dd6ba51fb3cf7:host:131.196.30.70	SESSION-175dd6ba51fb3cf7 → host:131.196.30.70
flow_observed5-aryOBS	e:fo:flow:99ab03576013	flow:99ab03576013 → host:131.196.30.67 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.116:geo_-21.10010_-41.69200	host:45.173.156.116 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3da2bdbc54650cc7:flow:73e5710b1731	SESSION-3da2bdbc54650cc7 → flow:73e5710b1731
flow_observed5-aryOBS	e:fo:flow:e2840bae4bd6	flow:e2840bae4bd6 → host:177.10.232.122 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:4183b8da1840:port:tcp:443	flow:4183b8da1840 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-3676532bb2f3ac59:host:172.234.197.23	SESSION-3676532bb2f3ac59 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ef354b4063646368:host:172.234.197.23	SESSION-ef354b4063646368 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d5d20e36d494:port:tcp:61039	flow:d5d20e36d494 → port:tcp:61039
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-44a5aa522f98da19:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-44a5aa522f98da19 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f5c9b4c9e225ad1d:host:172.234.197.23:host:177.10.239.11	SESSION-f5c9b4c9e225ad1d → host:172.234.197.23 → host:177.10.239.11
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-132ae74090c90dac:flow:c2c5cb086fef	SESSION-132ae74090c90dac → flow:c2c5cb086fef
FLOW_FROM_HOSTOBS	e:from:SESSION-b2586028491b4edc:host:172.234.197.23	SESSION-b2586028491b4edc → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c393069a667f4e79:flow:6abf6297d34f	SESSION-c393069a667f4e79 → flow:6abf6297d34f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-99eb989e9371b0fb:host:131.196.31.81	SESSION-99eb989e9371b0fb → host:131.196.31.81
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ac7bdbcc541a2d8:SESSION-8ac7bdbcc541a2d8	SESSION-8ac7bdbcc541a2d8 → pe:tls:SESSION-8ac7bdbcc541a2d8
FLOW_TO_HOSTOBS	e:to:SESSION-6aacd35f912a2971:host:172.234.197.23	SESSION-6aacd35f912a2971 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a7401284f40d9f52:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-a7401284f40d9f52 → PCAP:capture_20260428000001:7e90c7cb899e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ce217831fb6e1103:host:172.234.197.23	SESSION-ce217831fb6e1103 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f51f16a6829ff61b:flow:7952e1e20910	SESSION-f51f16a6829ff61b → flow:7952e1e20910
flow_observed5-aryOBS	e:fo:flow:ff3a11bb817b	flow:ff3a11bb817b → host:177.10.236.77 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-391d28a36308a996:flow:3ebbfb7f9178	SESSION-391d28a36308a996 → flow:3ebbfb7f9178
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6535f7c42f72cb7f:flow:e55b6d94395b	SESSION-6535f7c42f72cb7f → flow:e55b6d94395b
flow_observed5-aryOBS	e:fo:flow:d0d81899cf28	flow:d0d81899cf28 → host:177.10.237.247 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:f52ba8ec3146	flow:f52ba8ec3146 → host:172.234.197.23 → host:177.10.236.189 → port:tcp:43442
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e3944d5014504521:host:37.221.79.250:host:172.234.197.23	SESSION-e3944d5014504521 → host:37.221.79.250 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cfde024084873f29:flow:3284f4e4ac94	SESSION-cfde024084873f29 → flow:3284f4e4ac94
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a4d237675f94d453:host:144.76.23.34:host:172.234.197.23	SESSION-a4d237675f94d453 → host:144.76.23.34 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b5498d903f3b2d41:host:177.10.238.170:host:172.234.197.23	SESSION-b5498d903f3b2d41 → host:177.10.238.170 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3e54eb0866acbe21:flow:52ff028526f6	SESSION-3e54eb0866acbe21 → flow:52ff028526f6
FLOW_TO_HOSTOBS	e:to:SESSION-200b6d1dbf438627:host:177.10.239.226	SESSION-200b6d1dbf438627 → host:177.10.239.226
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-024c55a268626b80:PCAP:capture_20260430160001:9bfa4498506a	SESSION-024c55a268626b80 → PCAP:capture_20260430160001:9bfa4498506a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0debd2a005265c6e:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-0debd2a005265c6e → PCAP:capture_20260430140001:aaa9b3fc898b
flow_observed5-aryOBS	e:fo:flow:243d6111af24	flow:243d6111af24 → host:51.161.119.157 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-f70b0605ff5c8685:host:172.234.197.23	SESSION-f70b0605ff5c8685 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.138:asn:203771	host:185.231.226.138 → asn:203771
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.137:geo_-16.28860_-49.01640	host:177.10.238.137 → geo_-16.28860_-49.01640
FLOW_DST_PORTOBS	e:fp:flow:8655dfcab066:port:tcp:443	flow:8655dfcab066 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.118:geo_-16.28860_-49.01640	host:177.10.235.118 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e4f9227bbb6fbbfc:SESSION-e4f9227bbb6fbbfc	SESSION-e4f9227bbb6fbbfc → pe:syn:SESSION-e4f9227bbb6fbbfc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e991043fa3bca90d:SESSION-e991043fa3bca90d	SESSION-e991043fa3bca90d → pe:syn:SESSION-e991043fa3bca90d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d7aef03828b51e64:SESSION-d7aef03828b51e64	SESSION-d7aef03828b51e64 → pe:syn:SESSION-d7aef03828b51e64
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-3ea33f21558d3ba7:SESSION-3ea33f21558d3ba7	SESSION-3ea33f21558d3ba7 → pe:tls:SESSION-3ea33f21558d3ba7
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-954029bd3fad39c7:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-954029bd3fad39c7 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c3f426eb3b5d19b7:SESSION-c3f426eb3b5d19b7	SESSION-c3f426eb3b5d19b7 → pe:syn:SESSION-c3f426eb3b5d19b7
FLOW_FROM_HOSTOBS	e:from:SESSION-3573d87c5a129f8e:host:172.234.197.23	SESSION-3573d87c5a129f8e → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9c36bc9032caa64b:flow:20963c4b5f0e	SESSION-9c36bc9032caa64b → flow:20963c4b5f0e
flow_observed5-aryOBS	e:fo:flow:7cceb0b75ef6	flow:7cceb0b75ef6 → host:177.10.237.120 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e77d19d6eee479c3:host:172.234.197.23:host:177.10.233.95	SESSION-e77d19d6eee479c3 → host:172.234.197.23 → host:177.10.233.95
FLOW_FROM_HOSTOBS	e:from:SESSION-7549effe520d0229:host:177.10.239.25	SESSION-7549effe520d0229 → host:177.10.239.25
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f8ffffed45ee6ab8:flow:bf0d984d5e42	SESSION-f8ffffed45ee6ab8 → flow:bf0d984d5e42
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fa6f99be6bce12b0:host:177.10.233.151	SESSION-fa6f99be6bce12b0 → host:177.10.233.151
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-08b25d9f54ecadf2:flow:ca00d71cbdd7	SESSION-08b25d9f54ecadf2 → flow:ca00d71cbdd7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c85a65cf2db0ee65:host:172.234.197.23	SESSION-c85a65cf2db0ee65 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-942872364f4f0f53:host:177.10.235.49	SESSION-942872364f4f0f53 → host:177.10.235.49
FLOW_DST_PORTOBS	e:fp:flow:e477027ac4a6:port:tcp:443	flow:e477027ac4a6 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-94f070a5530c9e09:host:172.234.197.23	SESSION-94f070a5530c9e09 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-290c9b11e52fd3ba:host:172.234.197.23	SESSION-290c9b11e52fd3ba → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-caf4287e8000c114:host:104.28.157.111	SESSION-caf4287e8000c114 → host:104.28.157.111
HOST_IN_ASNOBS 85%	e:ha:host:177.10.234.41:asn:262880	host:177.10.234.41 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4385c2f73c2ee0db:host:177.10.237.244	SESSION-4385c2f73c2ee0db → host:177.10.237.244
flow_observed4-aryOBS	e:fo:flow:3a0edaf239a2	flow:3a0edaf239a2 → host:172.234.197.23 → host:177.10.232.211 → port:tcp:8633
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3e70a8d6fd08b895:flow:0cf17e9c0d46	SESSION-3e70a8d6fd08b895 → flow:0cf17e9c0d46
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1a52ffd6f24f0f87:host:177.10.237.124	SESSION-1a52ffd6f24f0f87 → host:177.10.237.124
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7c85a8771eed4d0f:PCAP:capture_20260430060001:919b39a74464	SESSION-7c85a8771eed4d0f → PCAP:capture_20260430060001:919b39a74464
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ee8b7e20de209690:PCAP:capture_20260430110001:43611bdf6759	SESSION-ee8b7e20de209690 → PCAP:capture_20260430110001:43611bdf6759
HOST_IN_ASNOBS 85%	e:ha:host:177.10.232.69:asn:262880	host:177.10.232.69 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd5c7cb019cd55a3:host:172.234.197.23	SESSION-dd5c7cb019cd55a3 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34a5ce0f23d7a2a1:host:177.10.237.166	SESSION-34a5ce0f23d7a2a1 → host:177.10.237.166
FLOW_DST_PORTOBS	e:fp:flow:87b13a5e20d6:port:tcp:2107	flow:87b13a5e20d6 → port:tcp:2107
FLOW_TO_HOSTOBS	e:to:SESSION-e66594520e7edee5:host:172.234.197.23	SESSION-e66594520e7edee5 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.173:asn:271410	host:131.196.31.173 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-d2ec4538209fcf12:host:172.234.197.23	SESSION-d2ec4538209fcf12 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-424fe4b4ecc22e45:host:172.234.197.23	SESSION-424fe4b4ecc22e45 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fa9dc0f394726313:flow:90da32842d78	SESSION-fa9dc0f394726313 → flow:90da32842d78
HOST_IN_ASNOBS 85%	e:ha:host:185.231.226.255:asn:203771	host:185.231.226.255 → asn:203771
FLOW_DST_PORTOBS	e:fp:flow:8e3359af75b1:port:tcp:10882	flow:8e3359af75b1 → port:tcp:10882
FLOW_TO_HOSTOBS	e:to:SESSION-52c764b77552a86d:host:172.234.197.23	SESSION-52c764b77552a86d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-caf71fb423b46c4a:flow:a1fd172a9ae7	SESSION-caf71fb423b46c4a → flow:a1fd172a9ae7
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1898da4930ba04f2:host:131.196.31.30:host:172.234.197.23	SESSION-1898da4930ba04f2 → host:131.196.31.30 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-cc0003e096ddb203:host:131.196.31.34	SESSION-cc0003e096ddb203 → host:131.196.31.34
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8d12ffa49d0d3231:host:172.234.197.23	SESSION-8d12ffa49d0d3231 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-030b2a260e8012dd:PCAP:capture_20260430150001:ded20914761d	SESSION-030b2a260e8012dd → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e3089f893be8ea87:SESSION-e3089f893be8ea87	SESSION-e3089f893be8ea87 → pe:syn:SESSION-e3089f893be8ea87
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-74f51cf412342155:PCAP:capture_20260430150001:ded20914761d	SESSION-74f51cf412342155 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c2474adee374207e:host:131.196.31.98	SESSION-c2474adee374207e → host:131.196.31.98
FLOW_FROM_HOSTOBS	e:from:SESSION-aab54ece2b0af0b4:host:177.10.237.114	SESSION-aab54ece2b0af0b4 → host:177.10.237.114
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d7baf95bca9d9bdc:host:177.10.235.218	SESSION-d7baf95bca9d9bdc → host:177.10.235.218
flow_observed5-aryOBS	e:fo:flow:d21b6b0f101f	flow:d21b6b0f101f → host:177.10.234.74 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8405fabd9aa330c8:SESSION-8405fabd9aa330c8	SESSION-8405fabd9aa330c8 → pe:tls:SESSION-8405fabd9aa330c8
FLOW_DST_PORTOBS	e:fp:flow:6ae674c519e5:port:tcp:51177	flow:6ae674c519e5 → port:tcp:51177
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b7b7470a9d5ba162:host:172.234.197.23	SESSION-b7b7470a9d5ba162 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:13414:org:Twitter Inc.	asn:13414 → org:Twitter Inc.
flow_observed4-aryOBS	e:fo:flow:3646d9aa9585	flow:3646d9aa9585 → host:172.234.197.23 → host:131.196.30.236 → port:tcp:17692
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-992ac29a78433ae4:host:177.10.235.56:host:172.234.197.23	SESSION-992ac29a78433ae4 → host:177.10.235.56 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6ff9e556bf199706:host:177.10.234.15	SESSION-6ff9e556bf199706 → host:177.10.234.15
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2ae53b938ea3675b:PCAP:capture_20260430060001:919b39a74464	SESSION-2ae53b938ea3675b → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-f307fcf20a41b5a0:host:177.10.239.106	SESSION-f307fcf20a41b5a0 → host:177.10.239.106
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3bec1644a83cc4e1:host:177.10.232.253	SESSION-3bec1644a83cc4e1 → host:177.10.232.253
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-db858a9d0e579c0c:PCAP:capture_20260430080001:93f47cc296a4	SESSION-db858a9d0e579c0c → PCAP:capture_20260430080001:93f47cc296a4
FLOW_TO_HOSTOBS	e:to:SESSION-f9a24e91c66cf817:host:172.234.197.23	SESSION-f9a24e91c66cf817 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.64:asn:271410	host:131.196.30.64 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.236.196:geo_-16.28860_-49.01640	host:177.10.236.196 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ac3ac59e74f457a2:SESSION-ac3ac59e74f457a2	SESSION-ac3ac59e74f457a2 → pe:syn:SESSION-ac3ac59e74f457a2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1a136c944084425c:SESSION-1a136c944084425c	SESSION-1a136c944084425c → pe:syn:SESSION-1a136c944084425c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cf1b38a91c361f4b:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-cf1b38a91c361f4b → PCAP:capture_20260430100001:55715ebbe6bf
flow_observed5-aryOBS	e:fo:flow:c51b8507e6fd	flow:c51b8507e6fd → host:177.10.235.153 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:d4b99e72a5e5:port:tcp:27546	flow:d4b99e72a5e5 → port:tcp:27546
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.56:geo_-16.28860_-49.01640	host:177.10.235.56 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fad7428bd8cc35c5:SESSION-fad7428bd8cc35c5	SESSION-fad7428bd8cc35c5 → pe:tls:SESSION-fad7428bd8cc35c5
FLOW_DST_PORTOBS	e:fp:flow:8db037f16449:port:tcp:443	flow:8db037f16449 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cce146f15a17b9a1:host:172.234.197.23	SESSION-cce146f15a17b9a1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2c7091281d7e2abc:host:177.10.234.6	SESSION-2c7091281d7e2abc → host:177.10.234.6
flow_observed5-aryOBS	e:fo:flow:266d570cd855	flow:266d570cd855 → host:177.10.232.139 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-76cae08532c4b8eb:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-76cae08532c4b8eb → PCAP:capture_20260430100001:55715ebbe6bf
FLOW_FROM_HOSTOBS	e:from:SESSION-ac3abc26fe7d2af5:host:177.10.238.218	SESSION-ac3abc26fe7d2af5 → host:177.10.238.218
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.194:geo_-16.28860_-49.01640	host:177.10.235.194 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-54d23880cad1a846:host:131.196.30.123	SESSION-54d23880cad1a846 → host:131.196.30.123
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-042b5a6edf64c734:flow:cc96ecdc8b9f	SESSION-042b5a6edf64c734 → flow:cc96ecdc8b9f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e088d2ccbc3966c5:host:185.72.218.77	SESSION-e088d2ccbc3966c5 → host:185.72.218.77
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-23fc04533211debf:SESSION-23fc04533211debf	SESSION-23fc04533211debf → pe:syn:SESSION-23fc04533211debf
HOST_IN_ASNOBS 85%	e:ha:host:131.196.31.54:asn:271410	host:131.196.31.54 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-20cf12e311e55250:SESSION-20cf12e311e55250	SESSION-20cf12e311e55250 → pe:syn:SESSION-20cf12e311e55250
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-defe39665fdb6580:SESSION-defe39665fdb6580	SESSION-defe39665fdb6580 → pe:syn:SESSION-defe39665fdb6580
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2842c4c08e29d7d7:SESSION-2842c4c08e29d7d7	SESSION-2842c4c08e29d7d7 → pe:tls:SESSION-2842c4c08e29d7d7
FLOW_TO_HOSTOBS	e:to:SESSION-b60a9d1a25ff8255:host:172.234.197.23	SESSION-b60a9d1a25ff8255 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0200d7ef8e83c7c3:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-0200d7ef8e83c7c3 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-eead3829bc62f23e:PCAP:capture_20260430070001:903a0e7a436b	SESSION-eead3829bc62f23e → PCAP:capture_20260430070001:903a0e7a436b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf68ee1b1745b1ca:host:172.234.197.23:host:177.10.236.191	SESSION-bf68ee1b1745b1ca → host:172.234.197.23 → host:177.10.236.191
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7b223dcd1f64dfb9:SESSION-7b223dcd1f64dfb9	SESSION-7b223dcd1f64dfb9 → pe:tls:SESSION-7b223dcd1f64dfb9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6634561e4b2b2821:PCAP:capture_20260430050001:8868731bf8a4	SESSION-6634561e4b2b2821 → PCAP:capture_20260430050001:8868731bf8a4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-78dc8874b859c826:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-78dc8874b859c826 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d37583bcd3c19c57:host:18.60.59.175:host:172.234.197.23	SESSION-d37583bcd3c19c57 → host:18.60.59.175 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-037b6464dda97429:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-037b6464dda97429 → PCAP:capture_20260428000001:7e90c7cb899e
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.217:geo_-16.28860_-49.01640	host:177.10.238.217 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ef5ed6d64625f76:SESSION-8ef5ed6d64625f76	SESSION-8ef5ed6d64625f76 → pe:tls:SESSION-8ef5ed6d64625f76
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-80f99961f353c40e:PCAP:capture_20260427220001:43a3d6220bc6	SESSION-80f99961f353c40e → PCAP:capture_20260427220001:43a3d6220bc6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-623bfc839a4f3b4e:host:172.234.197.23:host:131.196.28.78	SESSION-623bfc839a4f3b4e → host:172.234.197.23 → host:131.196.28.78
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-678637d3dc5962bf:SESSION-678637d3dc5962bf	SESSION-678637d3dc5962bf → pe:tls:SESSION-678637d3dc5962bf
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.249:geo_-16.28860_-49.01640	host:177.10.239.249 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-208c35e6fa834cd1:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-208c35e6fa834cd1 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_TO_HOSTOBS	e:to:SESSION-2e316662e5f9d5ce:host:131.196.30.143	SESSION-2e316662e5f9d5ce → host:131.196.30.143
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-314272d88a452691:host:177.10.238.57	SESSION-314272d88a452691 → host:177.10.238.57
FLOW_TO_HOSTOBS	e:to:SESSION-1fc279480f80cfd1:host:177.10.236.96	SESSION-1fc279480f80cfd1 → host:177.10.236.96
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2761ffbe76598549:host:172.234.197.23	SESSION-2761ffbe76598549 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bd554b279ca00d73:SESSION-bd554b279ca00d73	SESSION-bd554b279ca00d73 → pe:tls:SESSION-bd554b279ca00d73
flow_observed5-aryOBS	e:fo:flow:a1fd172a9ae7	flow:a1fd172a9ae7 → host:177.10.233.183 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-096419478460628e:flow:ede82bb3f685	SESSION-096419478460628e → flow:ede82bb3f685
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4c33b44718448cc2:host:177.10.233.138	SESSION-4c33b44718448cc2 → host:177.10.233.138
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d5b56d4198adefd3:SESSION-d5b56d4198adefd3	SESSION-d5b56d4198adefd3 → pe:tls:SESSION-d5b56d4198adefd3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c3f426eb3b5d19b7:host:177.10.234.119:host:172.234.197.23	SESSION-c3f426eb3b5d19b7 → host:177.10.234.119 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6a304c3ca72ee3e7:host:177.10.234.214	SESSION-6a304c3ca72ee3e7 → host:177.10.234.214
FLOW_DST_PORTOBS	e:fp:flow:e80b8abc3477:port:tcp:443	flow:e80b8abc3477 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1b7e5e87f526ce8d:host:177.10.232.233	SESSION-1b7e5e87f526ce8d → host:177.10.232.233
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51bc0a4af53b62cc:flow:d6d44c6f5200	SESSION-51bc0a4af53b62cc → flow:d6d44c6f5200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e576d93486607572:SESSION-e576d93486607572	SESSION-e576d93486607572 → pe:tls:SESSION-e576d93486607572
FLOW_TO_HOSTOBS	e:to:SESSION-2e0b5328aa075dd2:host:172.234.197.23	SESSION-2e0b5328aa075dd2 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a2005509481f3ca7:host:131.196.31.234	SESSION-a2005509481f3ca7 → host:131.196.31.234
FLOW_DST_PORTOBS	e:fp:flow:9340cb45584a:port:tcp:443	flow:9340cb45584a → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-651f6fdc4d4e9c59:host:45.173.156.111	SESSION-651f6fdc4d4e9c59 → host:45.173.156.111
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-166e94983783f266:SESSION-166e94983783f266	SESSION-166e94983783f266 → pe:tls:SESSION-166e94983783f266
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.93:geo_-21.10010_-41.69200	host:45.173.156.93 → geo_-21.10010_-41.69200
FLOW_DST_PORTOBS	e:fp:flow:da047bc8435b:port:tcp:443	flow:da047bc8435b → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-66f42b3418de6818:host:45.173.156.47:host:172.234.197.23	SESSION-66f42b3418de6818 → host:45.173.156.47 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-10314c25bdbc198a:SESSION-10314c25bdbc198a	SESSION-10314c25bdbc198a → pe:syn:SESSION-10314c25bdbc198a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.122:geo_-23.62930_-46.63510	host:131.196.31.122 → geo_-23.62930_-46.63510
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-cb7b2ae66396fc75:SESSION-cb7b2ae66396fc75	SESSION-cb7b2ae66396fc75 → pe:tls:SESSION-cb7b2ae66396fc75
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8d11cc9a154a777c:SESSION-8d11cc9a154a777c	SESSION-8d11cc9a154a777c → pe:tls:SESSION-8d11cc9a154a777c
flow_observed5-aryOBS	e:fo:flow:1373d13393f6	flow:1373d13393f6 → host:131.196.28.11 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-37ba5323333f9720:host:177.10.233.130	SESSION-37ba5323333f9720 → host:177.10.233.130
FLOW_FROM_HOSTOBS	e:from:SESSION-eead59d5c9e2a3d1:host:131.196.31.113	SESSION-eead59d5c9e2a3d1 → host:131.196.31.113
flow_observed5-aryOBS	e:fo:flow:05dc6ac42870	flow:05dc6ac42870 → host:177.10.232.168 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-78dc8874b859c826:host:131.196.28.195	SESSION-78dc8874b859c826 → host:131.196.28.195
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-92484e45d6e7b321:SESSION-92484e45d6e7b321	SESSION-92484e45d6e7b321 → pe:tls:SESSION-92484e45d6e7b321
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a3a44f67a1174447:flow:f14115578559	SESSION-a3a44f67a1174447 → flow:f14115578559
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-76aff26f067fcb92:host:172.234.197.23	SESSION-76aff26f067fcb92 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.118:geo_-23.62930_-46.63510	host:131.196.31.118 → geo_-23.62930_-46.63510
flow_observed4-aryOBS	e:fo:flow:abbbcfb7d5c1	flow:abbbcfb7d5c1 → host:172.234.197.23 → host:177.10.237.161 → port:tcp:3500
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f76d275e2b42c8d0:host:172.234.197.23:host:177.10.233.230	SESSION-f76d275e2b42c8d0 → host:172.234.197.23 → host:177.10.233.230
FLOW_FROM_HOSTOBS	e:from:SESSION-73eca1f22df524d3:host:104.28.234.78	SESSION-73eca1f22df524d3 → host:104.28.234.78
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e905599dc3c27c65:host:177.10.236.118	SESSION-e905599dc3c27c65 → host:177.10.236.118
flow_observed5-aryOBS	e:fo:flow:e1dc74fab400	flow:e1dc74fab400 → host:177.10.239.69 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-68a3da1f806283eb:host:172.234.197.23	SESSION-68a3da1f806283eb → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-68f16c2935c85e73:host:172.234.197.23	SESSION-68f16c2935c85e73 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a90b185749f1	flow:a90b185749f1 → host:172.234.197.23 → host:131.196.30.98 → port:tcp:6388
FLOW_DST_PORTOBS	e:fp:flow:92f0c3db5e8f:port:tcp:45203	flow:92f0c3db5e8f → port:tcp:45203
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1a930dc0f03fa17:host:172.234.197.23:host:177.10.236.244	SESSION-d1a930dc0f03fa17 → host:172.234.197.23 → host:177.10.236.244
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.235.89:geo_-16.28860_-49.01640	host:177.10.235.89 → geo_-16.28860_-49.01640
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-58a14b9397c116a1:SESSION-58a14b9397c116a1	SESSION-58a14b9397c116a1 → pe:tls:SESSION-58a14b9397c116a1
FLOW_DST_PORTOBS	e:fp:flow:f55cb372d8b9:port:tcp:65297	flow:f55cb372d8b9 → port:tcp:65297
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bb3f1e71e19d60be:host:131.196.28.118:host:172.234.197.23	SESSION-bb3f1e71e19d60be → host:131.196.28.118 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-14ec4f61373e7262:SESSION-14ec4f61373e7262	SESSION-14ec4f61373e7262 → pe:syn:SESSION-14ec4f61373e7262
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fef5e1438bdea640:host:92.118.39.236	SESSION-fef5e1438bdea640 → host:92.118.39.236
FLOW_TO_HOSTOBS	e:to:SESSION-b61117bf3d91dba8:host:172.234.197.23	SESSION-b61117bf3d91dba8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b9f43ed2bc91ec43:host:177.10.235.169	SESSION-b9f43ed2bc91ec43 → host:177.10.235.169
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b3f73c59938d0a7:host:177.10.237.74	SESSION-8b3f73c59938d0a7 → host:177.10.237.74
flow_observed5-aryOBS	e:fo:flow:d880470ab7bc	flow:d880470ab7bc → host:177.10.239.221 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-324b6311c2d003f7:PCAP:capture_20260430080001:93f47cc296a4	SESSION-324b6311c2d003f7 → PCAP:capture_20260430080001:93f47cc296a4
flow_observed4-aryOBS	e:fo:flow:1f92222490cc	flow:1f92222490cc → host:172.234.197.23 → host:131.196.29.203 → port:tcp:7618
FLOW_TO_HOSTOBS	e:to:SESSION-4dcbfb7362ab6402:host:172.234.197.23	SESSION-4dcbfb7362ab6402 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-93446cf6bcbe5afe:host:172.234.197.23	SESSION-93446cf6bcbe5afe → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2ca971b9386eb0b9:host:172.234.197.23	SESSION-2ca971b9386eb0b9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:3265b036568c	flow:3265b036568c → host:177.10.239.184 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.232.152:geo_-16.28860_-49.01640	host:177.10.232.152 → geo_-16.28860_-49.01640
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.158:asn:271410	host:131.196.29.158 → asn:271410
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8f62140848f2b702:SESSION-8f62140848f2b702	SESSION-8f62140848f2b702 → pe:syn:SESSION-8f62140848f2b702
HOST_IN_ASNOBS 85%	e:ha:host:52.81.77.92:asn:55960	host:52.81.77.92 → asn:55960
FLOW_DST_PORTOBS	e:fp:flow:c79982b91957:port:tcp:443	flow:c79982b91957 → port:tcp:443
HOST_IN_ASNOBS 85%	e:ha:host:177.10.236.16:asn:262880	host:177.10.236.16 → asn:262880
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-367825c4b1c7c6d4:host:177.10.236.235	SESSION-367825c4b1c7c6d4 → host:177.10.236.235
FLOW_TO_HOSTOBS	e:to:SESSION-c0014b04a4a7ef99:host:172.234.197.23	SESSION-c0014b04a4a7ef99 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d7508894fe5424d7:flow:5d47d77cbd8d	SESSION-d7508894fe5424d7 → flow:5d47d77cbd8d
FLOW_FROM_HOSTOBS	e:from:SESSION-f92c0af2b04d2b16:host:45.173.156.183	SESSION-f92c0af2b04d2b16 → host:45.173.156.183
FLOW_TO_HOSTOBS	e:to:SESSION-4da5ddbc1348c177:host:177.10.233.126	SESSION-4da5ddbc1348c177 → host:177.10.233.126
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8165f1476121226e:host:147.135.97.222:host:172.234.197.23	SESSION-8165f1476121226e → host:147.135.97.222 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:5e70f5bd0100:port:tcp:443	flow:5e70f5bd0100 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3ea63b0a223461f6:host:172.234.197.23	SESSION-3ea63b0a223461f6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d7c23b0aff57d2da:host:172.234.197.23	SESSION-d7c23b0aff57d2da → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b6ebe77d02701b58:host:92.112.71.14	SESSION-b6ebe77d02701b58 → host:92.112.71.14
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-57e20c08f6c0c2c9:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-57e20c08f6c0c2c9 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2ba1cfcea34ace70:host:177.10.239.244:host:172.234.197.23	SESSION-2ba1cfcea34ace70 → host:177.10.239.244 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-347bad418eab3a6f:host:177.10.236.144	SESSION-347bad418eab3a6f → host:177.10.236.144
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-44cdc048c80875b5:host:177.10.238.20:host:172.234.197.23	SESSION-44cdc048c80875b5 → host:177.10.238.20 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6d6335a56d67:port:tcp:443	flow:6d6335a56d67 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-651f6fdc4d4e9c59:host:45.173.156.111:host:172.234.197.23	SESSION-651f6fdc4d4e9c59 → host:45.173.156.111 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0a4200861230ead3:host:172.234.197.23	SESSION-0a4200861230ead3 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.29.217:geo_-23.62930_-46.63510	host:131.196.29.217 → geo_-23.62930_-46.63510
FLOW_TO_HOSTOBS	e:to:SESSION-0fe55e7c11d50f79:host:177.10.236.116	SESSION-0fe55e7c11d50f79 → host:177.10.236.116
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-86f90a53110dcf25:SESSION-86f90a53110dcf25	SESSION-86f90a53110dcf25 → pe:syn:SESSION-86f90a53110dcf25
FLOW_FROM_HOSTOBS	e:from:SESSION-decb8c6a12a4d67a:host:177.10.237.64	SESSION-decb8c6a12a4d67a → host:177.10.237.64
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:44.246.129.80:geo_45.84010_-119.70500	host:44.246.129.80 → geo_45.84010_-119.70500
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b65c6ec30f2c8117:PCAP:capture_20260430080001:93f47cc296a4	SESSION-b65c6ec30f2c8117 → PCAP:capture_20260430080001:93f47cc296a4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5792abf3d18d9356:SESSION-5792abf3d18d9356	SESSION-5792abf3d18d9356 → pe:syn:SESSION-5792abf3d18d9356
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-866725b3664820db:host:177.10.234.147:host:172.234.197.23	SESSION-866725b3664820db → host:177.10.234.147 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-354c21b56902e892:host:131.196.31.10	SESSION-354c21b56902e892 → host:131.196.31.10
flow_observed4-aryOBS	e:fo:flow:1e0a32bc1765	flow:1e0a32bc1765 → host:172.234.197.23 → host:131.196.31.111 → port:tcp:51496
FLOW_TO_HOSTOBS	e:to:SESSION-952305350dc386c3:host:172.234.197.23	SESSION-952305350dc386c3 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-379e8704803db8ae:PCAP:capture_20260430070001:903a0e7a436b	SESSION-379e8704803db8ae → PCAP:capture_20260430070001:903a0e7a436b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-24ee1f6ef023209d:SESSION-24ee1f6ef023209d	SESSION-24ee1f6ef023209d → pe:syn:SESSION-24ee1f6ef023209d
flow_observed5-aryOBS	e:fo:flow:450566424628	flow:450566424628 → host:131.196.30.104 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-01ac49b549a49417:SESSION-01ac49b549a49417	SESSION-01ac49b549a49417 → pe:syn:SESSION-01ac49b549a49417
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fe9137916d2eb5d4:PCAP:capture_20260430150001:ded20914761d	SESSION-fe9137916d2eb5d4 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b97d7b281ae973a8:SESSION-b97d7b281ae973a8	SESSION-b97d7b281ae973a8 → pe:tls:SESSION-b97d7b281ae973a8
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8139f2a89dd46f4b:SESSION-8139f2a89dd46f4b	SESSION-8139f2a89dd46f4b → pe:syn:SESSION-8139f2a89dd46f4b
FLOW_TO_HOSTOBS	e:to:SESSION-e905599dc3c27c65:host:172.234.197.23	SESSION-e905599dc3c27c65 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ec91eda6d4bd732e:host:177.10.237.211:host:172.234.197.23	SESSION-ec91eda6d4bd732e → host:177.10.237.211 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2f4918b67fbcc63f:host:131.196.31.27:host:172.234.197.23	SESSION-2f4918b67fbcc63f → host:131.196.31.27 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6ac71782250ec9a1:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-6ac71782250ec9a1 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5fcf38b0a54673cb:host:177.10.232.34:host:172.234.197.23	SESSION-5fcf38b0a54673cb → host:177.10.232.34 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-65262d33293291dd:host:177.10.236.22	SESSION-65262d33293291dd → host:177.10.236.22
FLOW_TO_HOSTOBS	e:to:SESSION-0ab8c1601f71acf4:host:172.234.197.23	SESSION-0ab8c1601f71acf4 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bde2562b2e16b844:SESSION-bde2562b2e16b844	SESSION-bde2562b2e16b844 → pe:tls:SESSION-bde2562b2e16b844
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9e6c979070fb893e:flow:9e86a2f1ebc9	SESSION-9e6c979070fb893e → flow:9e86a2f1ebc9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e62c7e5ed36c3850:host:172.234.197.23	SESSION-e62c7e5ed36c3850 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:fe36b6a000f8	flow:fe36b6a000f8 → host:172.234.197.23 → host:177.10.235.34 → port:tcp:37794
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8578034648884afe:SESSION-8578034648884afe	SESSION-8578034648884afe → pe:tls:SESSION-8578034648884afe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7240be1eb77ed4f4:SESSION-7240be1eb77ed4f4	SESSION-7240be1eb77ed4f4 → pe:syn:SESSION-7240be1eb77ed4f4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-59aca44477f61d35:host:177.10.236.57	SESSION-59aca44477f61d35 → host:177.10.236.57
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d6c09b181dae043f:host:172.234.197.23:host:172.232.0.16	SESSION-d6c09b181dae043f → host:172.234.197.23 → host:172.232.0.16
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bff0166abbd0d576:SESSION-bff0166abbd0d576	SESSION-bff0166abbd0d576 → pe:syn:SESSION-bff0166abbd0d576
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d00c2356d94b56a1:flow:a4d5024da31b	SESSION-d00c2356d94b56a1 → flow:a4d5024da31b
FLOW_DST_PORTOBS	e:fp:flow:b5daea78878e:port:tcp:443	flow:b5daea78878e → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ee8a8be73e4592b1:PCAP:capture_20260430140001:aaa9b3fc898b	SESSION-ee8a8be73e4592b1 → PCAP:capture_20260430140001:aaa9b3fc898b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cdcb5008ac7e3b15:flow:5139d2cd5544	SESSION-cdcb5008ac7e3b15 → flow:5139d2cd5544
FLOW_FROM_HOSTOBS	e:from:SESSION-17fb8dd67040757e:host:172.234.197.23	SESSION-17fb8dd67040757e → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:ca4954cc6e7b	flow:ca4954cc6e7b → host:177.10.236.203 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:811923523f71	flow:811923523f71 → host:45.173.156.101 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:1a6c098d328f	flow:1a6c098d328f → host:177.10.238.87 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-2f4918b67fbcc63f:host:131.196.31.27	SESSION-2f4918b67fbcc63f → host:131.196.31.27
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b654d700a53d4a94:SESSION-b654d700a53d4a94	SESSION-b654d700a53d4a94 → pe:tls:SESSION-b654d700a53d4a94
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.28.21:geo_-23.62930_-46.63510	host:131.196.28.21 → geo_-23.62930_-46.63510
FLOW_DST_PORTOBS	e:fp:flow:3a3b86705699:port:tcp:443	flow:3a3b86705699 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e7a6b146488afb43:SESSION-e7a6b146488afb43	SESSION-e7a6b146488afb43 → pe:syn:SESSION-e7a6b146488afb43
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-045a77174f347205:SESSION-045a77174f347205	SESSION-045a77174f347205 → pe:syn:SESSION-045a77174f347205
FLOW_DST_PORTOBS	e:fp:flow:29c853a24919:port:tcp:443	flow:29c853a24919 → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:2aa9d961f850	flow:2aa9d961f850 → host:172.234.197.23 → host:131.196.31.83 → port:tcp:32943
FLOW_TO_HOSTOBS	e:to:SESSION-74d9117e815e4c77:host:172.234.197.23	SESSION-74d9117e815e4c77 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-65f49e29fd3c9157:flow:b36d5e36f32f	SESSION-65f49e29fd3c9157 → flow:b36d5e36f32f
FLOW_TO_HOSTOBS	e:to:SESSION-07dfdeddccca16ee:host:172.234.197.23	SESSION-07dfdeddccca16ee → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:611c62356d76:port:tcp:80	flow:611c62356d76 → port:tcp:80
flow_observed5-aryOBS	e:fo:flow:269699bbdb62	flow:269699bbdb62 → host:185.231.226.199 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:34516a1d625a:port:tcp:443	flow:34516a1d625a → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:e8b5b6c6f846	flow:e8b5b6c6f846 → host:172.234.197.23 → host:177.10.238.140 → port:tcp:37507
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.34:asn:273470	host:45.173.156.34 → asn:273470
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.238.41:geo_-16.28860_-49.01640	host:177.10.238.41 → geo_-16.28860_-49.01640
flow_observed5-aryOBS	e:fo:flow:0d2a7c280705	flow:0d2a7c280705 → host:177.10.235.227 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6944fe230f08618b:SESSION-6944fe230f08618b	SESSION-6944fe230f08618b → pe:tls:SESSION-6944fe230f08618b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fc3065336ab4dc3e:host:172.234.197.23:host:177.10.235.213	SESSION-fc3065336ab4dc3e → host:172.234.197.23 → host:177.10.235.213
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-86f296cd3a39a7c2:host:95.170.25.215	SESSION-86f296cd3a39a7c2 → host:95.170.25.215
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08924e756ead6523:host:154.85.87.65	SESSION-08924e756ead6523 → host:154.85.87.65
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.233.97:geo_-16.28860_-49.01640	host:177.10.233.97 → geo_-16.28860_-49.01640
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9b22fd3d92fd3016:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-9b22fd3d92fd3016 → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
FLOW_FROM_HOSTOBS	e:from:SESSION-b3a25d201ec7d699:host:172.234.197.23	SESSION-b3a25d201ec7d699 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1328d27dd48f8a49:host:95.135.228.39	SESSION-1328d27dd48f8a49 → host:95.135.228.39
FLOW_DST_PORTOBS	e:fp:flow:fa03de97d438:port:tcp:4429	flow:fa03de97d438 → port:tcp:4429
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-65d310d8fe50c39e:SESSION-65d310d8fe50c39e	SESSION-65d310d8fe50c39e → pe:tls:SESSION-65d310d8fe50c39e
flow_observed5-aryOBS	e:fo:flow:e3ea775b7999	flow:e3ea775b7999 → host:177.10.239.42 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-204050056bc27f05:host:177.10.234.193:host:172.234.197.23	SESSION-204050056bc27f05 → host:177.10.234.193 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-360f4972fec5b7e0:host:172.234.197.23	SESSION-360f4972fec5b7e0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-26e26ae77a5f41e1:SESSION-26e26ae77a5f41e1	SESSION-26e26ae77a5f41e1 → pe:syn:SESSION-26e26ae77a5f41e1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-828db1ebc34fa50a:SESSION-828db1ebc34fa50a	SESSION-828db1ebc34fa50a → pe:syn:SESSION-828db1ebc34fa50a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-df1a511d64dc2d8e:SESSION-df1a511d64dc2d8e	SESSION-df1a511d64dc2d8e → pe:tls:SESSION-df1a511d64dc2d8e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0a586e6b93cbc00d:SESSION-0a586e6b93cbc00d	SESSION-0a586e6b93cbc00d → pe:syn:SESSION-0a586e6b93cbc00d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-26e26ae77a5f41e1:host:177.10.238.247:host:172.234.197.23	SESSION-26e26ae77a5f41e1 → host:177.10.238.247 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a1ec79192d74c7af:host:177.10.237.48	SESSION-a1ec79192d74c7af → host:177.10.237.48
flow_observed5-aryOBS	e:fo:flow:d6d0c5309c54	flow:d6d0c5309c54 → host:131.196.29.103 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-c5ea1449320ef78b:SESSION-c5ea1449320ef78b	SESSION-c5ea1449320ef78b → pe:rst:SESSION-c5ea1449320ef78b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bded37485db78f4a:SESSION-bded37485db78f4a	SESSION-bded37485db78f4a → pe:tls:SESSION-bded37485db78f4a
FLOW_FROM_HOSTOBS	e:from:SESSION-dd9f2ee14ec6ee20:host:131.196.30.135	SESSION-dd9f2ee14ec6ee20 → host:131.196.30.135
FLOW_FROM_HOSTOBS	e:from:SESSION-e3f936e849fecda0:host:177.10.233.116	SESSION-e3f936e849fecda0 → host:177.10.233.116
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.56:geo_-21.10010_-41.69200	host:45.173.156.56 → geo_-21.10010_-41.69200
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-96298fdbde5cf19b:flow:b214172954f6	SESSION-96298fdbde5cf19b → flow:b214172954f6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6242cf24a2978d6d:host:45.173.156.48	SESSION-6242cf24a2978d6d → host:45.173.156.48
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5133340de07cf838:PCAP:capture_20260430150001:ded20914761d	SESSION-5133340de07cf838 → PCAP:capture_20260430150001:ded20914761d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-fb520d5460f73062:SESSION-fb520d5460f73062	SESSION-fb520d5460f73062 → pe:tls:SESSION-fb520d5460f73062
HOST_IN_ASNOBS 85%	e:ha:host:131.196.29.225:asn:271410	host:131.196.29.225 → asn:271410
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b5498d903f3b2d41:flow:2622d4ad7ff2	SESSION-b5498d903f3b2d41 → flow:2622d4ad7ff2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-36f959353527c71a:host:172.234.197.23:host:131.196.29.148	SESSION-36f959353527c71a → host:172.234.197.23 → host:131.196.29.148
FLOW_FROM_HOSTOBS	e:from:SESSION-feb3207d55e7c5c5:host:177.10.238.122	SESSION-feb3207d55e7c5c5 → host:177.10.238.122
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-592321b004976459:SESSION-592321b004976459	SESSION-592321b004976459 → pe:tls:SESSION-592321b004976459
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-14b61e43a384fdb4:host:172.234.197.23	SESSION-14b61e43a384fdb4 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c4d1c4ac80a0d275:PCAP:capture_20260430150001:ded20914761d	SESSION-c4d1c4ac80a0d275 → PCAP:capture_20260430150001:ded20914761d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ea9e167400c380e9:host:177.10.236.60	SESSION-ea9e167400c380e9 → host:177.10.236.60
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-216df7510915a954:flow:ce3ec0d56928	SESSION-216df7510915a954 → flow:ce3ec0d56928
FLOW_DST_PORTOBS	e:fp:flow:3af72bc41bd9:port:tcp:443	flow:3af72bc41bd9 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-597e69ebdf7ef93f:host:172.234.197.23	SESSION-597e69ebdf7ef93f → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-cad98c39a19fe348:BSG-BEACON-0536ad8c19a0	SESSION-cad98c39a19fe348 → BSG-BEACON-0536ad8c19a0
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-15539e18bbfcb0e8:SESSION-15539e18bbfcb0e8	SESSION-15539e18bbfcb0e8 → pe:syn:SESSION-15539e18bbfcb0e8
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a83465e2bbc20296:flow:aefa52022610	SESSION-a83465e2bbc20296 → flow:aefa52022610
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b330864bc1d39cd9:host:131.196.29.29	SESSION-b330864bc1d39cd9 → host:131.196.29.29
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3617089369b58aaa:PCAP:capture_20260430070001:903a0e7a436b	SESSION-3617089369b58aaa → PCAP:capture_20260430070001:903a0e7a436b
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-09db40e08b93496c:flow:e1d835a506a3	SESSION-09db40e08b93496c → flow:e1d835a506a3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5e8c587e48bf8617:host:172.234.197.23	SESSION-5e8c587e48bf8617 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:177.10.238.96:asn:262880	host:177.10.238.96 → asn:262880
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6222707cbae0e281:host:37.221.79.41:host:172.234.197.23	SESSION-6222707cbae0e281 → host:37.221.79.41 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-be09ba54da571689:host:131.196.30.81:host:172.234.197.23	SESSION-be09ba54da571689 → host:131.196.30.81 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20cf12e311e55250:host:172.234.197.23	SESSION-20cf12e311e55250 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b9ca26e5420bb5bf:SESSION-b9ca26e5420bb5bf	SESSION-b9ca26e5420bb5bf → pe:tls:SESSION-b9ca26e5420bb5bf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c2927944fbf9fbe3:PCAP:capture_20260430160001:9bfa4498506a	SESSION-c2927944fbf9fbe3 → PCAP:capture_20260430160001:9bfa4498506a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.239.80:geo_-16.28860_-49.01640	host:177.10.239.80 → geo_-16.28860_-49.01640
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a9042bd9c6a81d17:host:177.10.237.4:host:172.234.197.23	SESSION-a9042bd9c6a81d17 → host:177.10.237.4 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a20fc4ba13bfca4:flow:2344215c9738	SESSION-8a20fc4ba13bfca4 → flow:2344215c9738
FLOW_DST_PORTOBS	e:fp:flow:1dab4caf120b:port:tcp:443	flow:1dab4caf120b → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-70ca21a7c0c8fc42:host:177.10.234.26	SESSION-70ca21a7c0c8fc42 → host:177.10.234.26
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4f3c3204c65c6f4:host:172.234.197.23	SESSION-d4f3c3204c65c6f4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e5a2ddb999c90e17:host:177.10.234.100	SESSION-e5a2ddb999c90e17 → host:177.10.234.100
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-3b8a8c73a52fb2ca:BSG-BEACON-f7f4304ec72f	SESSION-3b8a8c73a52fb2ca → BSG-BEACON-f7f4304ec72f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-69461a2f3e15a448:PCAP:capture_20260428000001:7e90c7cb899e	SESSION-69461a2f3e15a448 → PCAP:capture_20260428000001:7e90c7cb899e
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.63:asn:262880	host:177.10.237.63 → asn:262880
FLOW_TO_HOSTOBS	e:to:SESSION-ce2566c1c98d1aed:host:131.196.31.198	SESSION-ce2566c1c98d1aed → host:131.196.31.198
flow_observed5-aryOBS	e:fo:flow:6da1329b00da	flow:6da1329b00da → host:131.196.30.23 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:ce3ec0d56928	flow:ce3ec0d56928 → host:177.10.236.176 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-d6bdcd515a2308bd:host:172.234.197.23	SESSION-d6bdcd515a2308bd → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-67e4e454d5bff348:host:172.234.197.23	SESSION-67e4e454d5bff348 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b43557542c64d676:host:45.173.156.207	SESSION-b43557542c64d676 → host:45.173.156.207
FLOW_FROM_HOSTOBS	e:from:SESSION-da14e554ef56152a:host:172.234.197.23	SESSION-da14e554ef56152a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c977f56fc361:port:tcp:443	flow:c977f56fc361 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c7201144bad9d462:flow:b1e5035369fe	SESSION-c7201144bad9d462 → flow:b1e5035369fe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f5731b0b8f40f73a:SESSION-f5731b0b8f40f73a	SESSION-f5731b0b8f40f73a → pe:tls:SESSION-f5731b0b8f40f73a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.86:geo_-16.28860_-49.01640	host:177.10.237.86 → geo_-16.28860_-49.01640
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4db3abe06a9505c7:host:172.234.197.23	SESSION-4db3abe06a9505c7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:177.10.237.90:geo_-16.28860_-49.01640	host:177.10.237.90 → geo_-16.28860_-49.01640
FLOW_FROM_HOSTOBS	e:from:SESSION-c0af0d5d1b3f6259:host:172.234.197.23	SESSION-c0af0d5d1b3f6259 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-27536868d2d29d68:host:131.196.31.21	SESSION-27536868d2d29d68 → host:131.196.31.21
ASN_IN_ORGOBS 80%	e:ao:asn:271410:org:Smart Servico de Internet Ltda	asn:271410 → org:Smart Servico de Internet Ltda
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-33fcdd018bdc1a2c:host:177.10.233.29	SESSION-33fcdd018bdc1a2c → host:177.10.233.29
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.173.156.131:geo_-21.10010_-41.69200	host:45.173.156.131 → geo_-21.10010_-41.69200
FLOW_FROM_HOSTOBS	e:from:SESSION-195f8b2639df23c4:host:172.234.197.23	SESSION-195f8b2639df23c4 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ead27f853a5aab01:host:172.234.197.23	SESSION-ead27f853a5aab01 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-31f3a24ceae3d348:host:172.234.197.23	SESSION-31f3a24ceae3d348 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:03e51e79ea00:port:tcp:443	flow:03e51e79ea00 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6af366568a421f52:host:131.196.31.74	SESSION-6af366568a421f52 → host:131.196.31.74
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b325e5efc54d34b8:host:177.10.236.125	SESSION-b325e5efc54d34b8 → host:177.10.236.125
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6e798ff0c310952a:SESSION-6e798ff0c310952a	SESSION-6e798ff0c310952a → pe:tls:SESSION-6e798ff0c310952a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bc2ea3f70e7bccaf:SESSION-bc2ea3f70e7bccaf	SESSION-bc2ea3f70e7bccaf → pe:syn:SESSION-bc2ea3f70e7bccaf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4b447e1896cf3c7e:SESSION-4b447e1896cf3c7e	SESSION-4b447e1896cf3c7e → pe:syn:SESSION-4b447e1896cf3c7e
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-20dfde969676b329:host:177.10.239.9	SESSION-20dfde969676b329 → host:177.10.239.9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1065c42d5133f02c:SESSION-1065c42d5133f02c	SESSION-1065c42d5133f02c → pe:syn:SESSION-1065c42d5133f02c
FLOW_DST_PORTOBS	e:fp:flow:c3353594435e:port:tcp:443	flow:c3353594435e → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-d96c6feac6dadd94:SESSION-d96c6feac6dadd94	SESSION-d96c6feac6dadd94 → pe:tls:SESSION-d96c6feac6dadd94
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0586166ee52acb1f:PCAP:capture_20260430060001:919b39a74464	SESSION-0586166ee52acb1f → PCAP:capture_20260430060001:919b39a74464
FLOW_TO_HOSTOBS	e:to:SESSION-124cb6be20cbe456:host:172.234.197.23	SESSION-124cb6be20cbe456 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-449915b4a668f160:PCAP:capture_20260430110001:43611bdf6759	SESSION-449915b4a668f160 → PCAP:capture_20260430110001:43611bdf6759
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4a1cda6283fa3945:host:177.10.233.239:host:172.234.197.23	SESSION-4a1cda6283fa3945 → host:177.10.233.239 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:9c5e84c9804a:port:tcp:443	flow:9c5e84c9804a → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c9d9495404a53bc0:host:177.10.239.20:host:172.234.197.23	SESSION-c9d9495404a53bc0 → host:177.10.239.20 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f9bc9a3180c6fb10:SESSION-f9bc9a3180c6fb10	SESSION-f9bc9a3180c6fb10 → pe:syn:SESSION-f9bc9a3180c6fb10
HOST_IN_ASNOBS 85%	e:ha:host:69.235.185.81:asn:9808	host:69.235.185.81 → asn:9808
FLOW_DST_PORTOBS	e:fp:flow:7c6a2a150cfa:port:tcp:443	flow:7c6a2a150cfa → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b8f87145037449c:host:172.234.197.23	SESSION-7b8f87145037449c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-3075d8276a1a3ff8:host:172.234.197.23	SESSION-3075d8276a1a3ff8 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a519ad2ae4c53179:host:172.234.197.23	SESSION-a519ad2ae4c53179 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.30.194:geo_-23.62930_-46.63510	host:131.196.30.194 → geo_-23.62930_-46.63510
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08ee685c4e8cc842:host:172.234.197.23	SESSION-08ee685c4e8cc842 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dedab35c401db9fa:SESSION-dedab35c401db9fa	SESSION-dedab35c401db9fa → pe:syn:SESSION-dedab35c401db9fa
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6c53b2c88ff7f785:PCAP:capture_20260430070001:903a0e7a436b	SESSION-6c53b2c88ff7f785 → PCAP:capture_20260430070001:903a0e7a436b
flow_observed4-aryOBS	e:fo:flow:cd42884691eb	flow:cd42884691eb → host:172.234.197.23 → host:131.196.28.22 → port:tcp:48067
HOST_IN_ASNOBS 85%	e:ha:host:45.173.156.178:asn:273470	host:45.173.156.178 → asn:273470
HOST_IN_ASNOBS 85%	e:ha:host:31.40.196.97:asn:203771	host:31.40.196.97 → asn:203771
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f0e5de26982cc62:host:172.234.197.23	SESSION-8f0e5de26982cc62 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-be1454a9d7b7f3ce:host:97.139.12.85	SESSION-be1454a9d7b7f3ce → host:97.139.12.85
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-b4e7d8d3f995a1a9:SESSION-b4e7d8d3f995a1a9	SESSION-b4e7d8d3f995a1a9 → pe:tls:SESSION-b4e7d8d3f995a1a9
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc35857ee3808de8:flow:3d9dc2a57062	SESSION-cc35857ee3808de8 → flow:3d9dc2a57062
FLOW_DST_PORTOBS	e:fp:flow:32513d87e909:port:tcp:443	flow:32513d87e909 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:2ff53ffc0eae	flow:2ff53ffc0eae → host:177.10.237.35 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed4-aryOBS	e:fo:flow:9573429a84e3	flow:9573429a84e3 → host:172.234.197.23 → host:177.10.237.132 → port:tcp:25245
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-db9e8149201eae0f:flow:440525ebabd8	SESSION-db9e8149201eae0f → flow:440525ebabd8
HOST_IN_ASNOBS 85%	e:ha:host:131.196.28.243:asn:271410	host:131.196.28.243 → asn:271410
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:131.196.31.92:geo_-23.62930_-46.63510	host:131.196.31.92 → geo_-23.62930_-46.63510
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1052ae798d70afda:PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260	SESSION-1052ae798d70afda → PCAP:DevOpswithGrok_20260430_1112amCST:c0ebd60a8260
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b11513eff2bd1e6:host:131.196.29.215	SESSION-7b11513eff2bd1e6 → host:131.196.29.215
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-69b211b684a77852:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-69b211b684a77852 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-74adb0edbcc9dd0a:host:172.234.197.23	SESSION-74adb0edbcc9dd0a → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-5491ebf26b201b1a:SESSION-5491ebf26b201b1a	SESSION-5491ebf26b201b1a → pe:rst:SESSION-5491ebf26b201b1a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e2b4854b4491f9b7:host:172.234.197.23:host:131.196.29.233	SESSION-e2b4854b4491f9b7 → host:172.234.197.23 → host:131.196.29.233
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c491b8c96ce6e8c2:host:172.234.197.23	SESSION-c491b8c96ce6e8c2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-9b9ddad698cc7ffe:host:172.234.197.23	SESSION-9b9ddad698cc7ffe → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-637d01fb7fe8b725:SESSION-637d01fb7fe8b725	SESSION-637d01fb7fe8b725 → pe:syn:SESSION-637d01fb7fe8b725
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-40a7926fcdf458e7:flow:df60fa020117	SESSION-40a7926fcdf458e7 → flow:df60fa020117
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-51cc268447a19ae7:SESSION-51cc268447a19ae7	SESSION-51cc268447a19ae7 → pe:tls:SESSION-51cc268447a19ae7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-94594005437ae120:host:172.234.197.23	SESSION-94594005437ae120 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-921389e161f019e9:host:172.234.197.23:host:177.10.235.205	SESSION-921389e161f019e9 → host:172.234.197.23 → host:177.10.235.205
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4ec222cc1c3a7faf:host:177.10.232.165	SESSION-4ec222cc1c3a7faf → host:177.10.232.165
FLOW_TO_HOSTOBS	e:to:SESSION-8a43b551ff0093c7:host:172.234.197.23	SESSION-8a43b551ff0093c7 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b8196f582d24c6a3:SESSION-b8196f582d24c6a3	SESSION-b8196f582d24c6a3 → pe:syn:SESSION-b8196f582d24c6a3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-97a722c9ef92a65e:SESSION-97a722c9ef92a65e	SESSION-97a722c9ef92a65e → pe:tls:SESSION-97a722c9ef92a65e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-174ad36923ec98ba:PCAP:capture_20260430110001:43611bdf6759	SESSION-174ad36923ec98ba → PCAP:capture_20260430110001:43611bdf6759
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-0146df147eb3c3bd:SESSION-0146df147eb3c3bd	SESSION-0146df147eb3c3bd → pe:tls:SESSION-0146df147eb3c3bd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-38ea28f2e42013a7:PCAP:capture_20260430100001:55715ebbe6bf	SESSION-38ea28f2e42013a7 → PCAP:capture_20260430100001:55715ebbe6bf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4898aa8f3840ecd5:SESSION-4898aa8f3840ecd5	SESSION-4898aa8f3840ecd5 → pe:tls:SESSION-4898aa8f3840ecd5
flow_observed5-aryOBS	e:fo:flow:6c47df989bb5	flow:6c47df989bb5 → host:177.10.232.55 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6c5381aaad8fa568:host:172.234.197.23	SESSION-6c5381aaad8fa568 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-85d2db504e73f17a:host:131.196.29.139	SESSION-85d2db504e73f17a → host:131.196.29.139
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-355b17fab14031de:SESSION-355b17fab14031de	SESSION-355b17fab14031de → pe:tls:SESSION-355b17fab14031de
HOST_IN_ASNOBS 85%	e:ha:host:177.10.237.201:asn:262880	host:177.10.237.201 → asn:262880
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-afeab5601fa36440:flow:73c4fbb68f1e	SESSION-afeab5601fa36440 → flow:73c4fbb68f1e
FLOW_TO_HOSTOBS	e:to:SESSION-6ccddbdb53d5af45:host:131.196.30.83	SESSION-6ccddbdb53d5af45 → host:131.196.30.83
FLOW_DST_PORTOBS	e:fp:flow:be59cc1e99e5:port:tcp:22	flow:be59cc1e99e5 → port:tcp:22
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b7ba8377fba710c4:host:172.234.197.23:host:131.196.28.177	SESSION-b7ba8377fba710c4 → host:172.234.197.23 → host:131.196.28.177
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a4fdea987cb08476:host:177.10.234.41:host:172.234.197.23	SESSION-a4fdea987cb08476 → host:177.10.234.41 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-31cda31fe1b0dd07:host:45.148.10.151	SESSION-31cda31fe1b0dd07 → host:45.148.10.151
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c0df43d2721e666e:SESSION-c0df43d2721e666e	SESSION-c0df43d2721e666e → pe:syn:SESSION-c0df43d2721e666e
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6fdc52c769919c0f:SESSION-6fdc52c769919c0f	SESSION-6fdc52c769919c0f → pe:tls:SESSION-6fdc52c769919c0f
FLOW_FROM_HOSTOBS	e:from:SESSION-cbaaa2b8364f7158:host:45.173.156.136	SESSION-cbaaa2b8364f7158 → host:45.173.156.136
FLOW_DST_PORTOBS	e:fp:flow:9a89f177ff4c:port:tcp:443	flow:9a89f177ff4c → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-91c14db05e009245:host:172.234.197.23	SESSION-91c14db05e009245 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-0228dcfe5eb3ed0e:SESSION-0228dcfe5eb3ed0e	SESSION-0228dcfe5eb3ed0e → pe:syn:SESSION-0228dcfe5eb3ed0e
HOST_IN_ASNOBS 85%	e:ha:host:131.196.30.43:asn:271410	host:131.196.30.43 → asn:271410
FLOW_FROM_HOSTOBS	e:from:SESSION-c227f10fbea5d546:host:172.234.197.23	SESSION-c227f10fbea5d546 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:cbfa9d763d6b:port:tcp:443	flow:cbfa9d763d6b → port:tcp:443