scythe-661fbea6 SESSION-7b48e5e7105113e9

April 23, 2026 | Ben Gilbert | Texas City

The hypergraph approach to network visualization is a sophisticated way to manage the complexity of modern infrastructure, especially when correlating disparate data sources like Deep Packet Inspection (nDPI) and active scanning results (nmap).

While traditional graphs represent binary relationships (A connects to B), a hypergraph allows an edge to connect any number of vertices. In a network security or forensics context, this is exceptionally powerful because it mirrors the multi-dimensional nature of traffic:

• Multi-Point Correlation: A single “event” or hyper-edge can represent a connection that involves a specific source IP, a destination port, a detected protocol (via nDPI), and an Autonomous System Number (ASN). Visualizing these as a single entity rather than a web of individual lines significantly reduces visual noise.
• Infrastructure Mapping: By integrating nmap data, the hypergraph can group nodes based on shared characteristics—such as all devices running a specific kernel version or those sitting behind the same gateway—making it easier to spot lateral movement or anomalous clusters that wouldn’t be obvious in a standard node-link diagram.
• Protocol Depth: Using deep packet inspection allows the visualization to move beyond simple port-mapping. It can distinguish between actual HTTP traffic and a non-standard protocol tunneled over port 80, placing those connections into distinct hyper-edges that highlight potential exfiltration or C2 activity.

Potential Considerations for Implementation:

• Visual Congestion: Hypergraphs are brilliant for analysis but can become “hairballs” as the vertex count increases. Implementation of effective filtering (e.g., filtering by GeoIP or threat score) is usually necessary to maintain utility.
• Temporal Dynamics: Network traffic is ephemeral. A static hypergraph provides a great forensic “snapshot,” but adding a temporal slider to see how these multi-dimensional relationships evolve over minutes or hours is often where the most significant insights (like beaconing patterns) are found.

The transition from standard relational maps to hypergraph visualizations represents a shift from “mapping connections” to “mapping context.” It is a robust way to bridge the gap between low-level packet data and high-level situational awareness.

✅ Ingested 1 PCAPs → 19 sessions, 128 nodes, 261 edges

1 PCAPs • 19 sessions • 11 hosts • 11 🌍 geolocated

▶ 📄 DevOpsPage_20260423_1021pmCST.pcap

2.3 MB • 19 sessions • TCP:15 UDP:4

Expanded on April 24, 2025

✅ Ingested 4 PCAPs → 34 sessions, 184 nodes, 423 edges
5 PCAPs • 53 sessions • 25 hosts • 25 🌍 geolocated
▶ 📄 DevOpsPage_20260423_1021pmCST.pcap
2.3 MB • 19 sessions • TCP:15 UDP:4
▶ 📄 capture_20260424140001.pcap
9.7 KB • 8 sessions • UDP:3 TCP:3 ICMP:2
▶ 📄 capture_20260424150002.pcap
48.5 KB • 13 sessions • ICMP:3 TCP:7 UDP:3
▶ 📄 capture_20260424160001.pcap
11.1 KB • 11 sessions • ICMP:2 TCP:6 UDP:3
▶ 📄 capture_20260424170001.pcap
1.6 KB • 2 sessions • UDP:2

Kind	ID	Labels	Position
asn	asn:714	asn=714, org=Apple Inc.
asn	asn:197540	asn=197,540, org=netcup GmbH
asn	asn:45102	asn=45,102, org=Alibaba US Technology Co., Ltd.
asn	asn:13414	asn=13,414, org=Twitter Inc.
asn	asn:47890	asn=47,890, org=Unmanaged Ltd
asn	asn:202306	asn=202,306, org=Hostglobal.plus Ltd
asn	asn:4766	asn=4,766, org=Korea Telecom
asn	asn:138915	asn=138,915, org=Kaopu Cloud HK Limited
asn	asn:6167	asn=6,167, org=Verizon Business
asn	asn:24940	asn=24,940, org=Hetzner Online GmbH
asn	asn:136958	asn=136,958, org=China Unicom Guangdong IP network
asn	asn:396982	asn=396,982, org=Google LLC
asn	asn:132203	asn=132,203, org=Tencent Building, Kejizhongyi Avenue
asn	asn:63949	asn=63,949, org=Akamai Connected Cloud
asn	asn:11878	asn=11,878, org=tzulo, inc.
asn	asn:8075	asn=8,075, org=Microsoft Corporation
asn	asn:4	asn=4, org=University of Southern California
behavior_group	BSG-DATA_EXFIL-c45ebda152e5	behavior=DATA_EXFIL, confidence=0.85, detection_rationale=total_bytes=134913; large_volume (≥100KB); high_rate (177517 B/s), dst_ip=, member_count=1, src_ip=199.16.157.181, summary=Exfil suspect: 199.16.157.181 → 1 destinations, 134,913B total, max 134,913B/session, total_bytes=134,913, total_packets=132, unique_hosts=1, unique_ports=0
behavior_group	BSG-BEACON-f6c2b3d0e42d	behavior=BEACON, confidence=0.75, detection_rationale=byte_cv=0.08 (≤0.6); count=15, dst_ip=172.232.0.17, dst_port=53, interval_cv=2.778, mean_interval=3,499.3, member_count=15, src_ip=172.234.197.23, summary=Beacon: 172.234.197.23 → 172.232.0.17:53, 15 sessions, interval CV=2.78, mean 284B, total_bytes=4,262, total_packets=30, unique_hosts=0, unique_ports=0
behavior_group	BSG-DATA_EXFIL-012d574517f4	behavior=DATA_EXFIL, confidence=0.5, detection_rationale=total_bytes=19222, dst_ip=, member_count=1, src_ip=172.234.197.23, summary=Exfil suspect: 172.234.197.23 → 1 destinations, 19,222B total, max 19,222B/session, total_bytes=19,222, total_packets=223, unique_hosts=1, unique_ports=0
behavior_group	BSG-DATA_EXFIL-6dd8484f3944	behavior=DATA_EXFIL, confidence=0.85, detection_rationale=total_bytes=132030; large_volume (≥100KB); high_rate (145088 B/s), dst_ip=, member_count=1, src_ip=144.76.23.47, summary=Exfil suspect: 144.76.23.47 → 1 destinations, 132,030B total, max 132,030B/session, total_bytes=132,030, total_packets=117, unique_hosts=1, unique_ports=0
behavior_group	BSG-DATA_EXFIL-0b1600805959	behavior=DATA_EXFIL, confidence=0.5, detection_rationale=total_bytes=35346, dst_ip=, member_count=1, src_ip=43.135.145.73, summary=Exfil suspect: 43.135.145.73 → 1 destinations, 35,346B total, max 35,346B/session, total_bytes=35,346, total_packets=49, unique_hosts=1, unique_ports=0
behavior_group	BSG-DATA_EXFIL-e6f479c60e03	behavior=DATA_EXFIL, confidence=0.85, detection_rationale=total_bytes=135310; large_volume (≥100KB); high_rate (169138 B/s), dst_ip=, member_count=1, src_ip=199.16.157.183, summary=Exfil suspect: 199.16.157.183 → 1 destinations, 135,310B total, max 135,310B/session, total_bytes=135,310, total_packets=138, unique_hosts=1, unique_ports=0
behavior_group	BSG-DATA_EXFIL-f0f719b48579	behavior=DATA_EXFIL, confidence=0.65, detection_rationale=total_bytes=33059; high_rate (103309 B/s), dst_ip=, member_count=1, src_ip=66.228.53.204, summary=Exfil suspect: 66.228.53.204 → 1 destinations, 33,059B total, max 33,059B/session, total_bytes=33,059, total_packets=39, unique_hosts=1, unique_ports=0
behavior_group	BSG-DATA_EXFIL-58becbf84c75	behavior=DATA_EXFIL, confidence=0.85, detection_rationale=total_bytes=1644041; large_volume (≥100KB); high_rate (202219 B/s), dst_ip=, member_count=1, src_ip=97.139.12.85, summary=Exfil suspect: 97.139.12.85 → 1 destinations, 1,644,041B total, max 1,644,041B/session, total_bytes=1,644,041, total_packets=1,245, unique_hosts=1, unique_ports=0
behavior_group	BSG-DATA_EXFIL-ba0a9ef14e5d	behavior=DATA_EXFIL, confidence=0.85, detection_rationale=total_bytes=135474; large_volume (≥100KB); high_rate (301053 B/s), dst_ip=, member_count=1, src_ip=17.22.237.22, summary=Exfil suspect: 17.22.237.22 → 1 destinations, 135,474B total, max 135,474B/session, total_bytes=135,474, total_packets=135, unique_hosts=1, unique_ports=0
behavior_group	BSG-DATA_EXFIL-c24d7cb3a7e4	behavior=DATA_EXFIL, confidence=0.85, detection_rationale=total_bytes=135336; large_volume (≥100KB); high_rate (171311 B/s), dst_ip=, member_count=1, src_ip=199.16.157.182, summary=Exfil suspect: 199.16.157.182 → 1 destinations, 135,336B total, max 135,336B/session, total_bytes=135,336, total_packets=138, unique_hosts=1, unique_ports=0
dns_name	dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	answer_count=0, qname=172-234-197-23.ip.linodeusercontent.com.members.linode.com
dns_name	dns:172-234-197-23.ip.linodeusercontent.com	answer_count=1, qname=172-234-197-23.ip.linodeusercontent.com
flow	flow:c63542b74c29	bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:0d727e2708b4	bytes=135,336, dst_ip=172.234.197.23, dst_port=443, pkts=138, proto=tcp, src_ip=199.16.157.182
flow	flow:88006e5933e9	bytes=236, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:d3ab3699f29d	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:53418f626ce5	bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:5091dda9661a	bytes=328, dst_ip=2.57.122.192, dst_port=0, pkts=4, proto=icmp, src_ip=172.234.197.23
flow	flow:da7065edff23	bytes=5,325, dst_ip=172.234.197.23, dst_port=443, pkts=20, proto=tcp, src_ip=144.76.23.47
flow	flow:c37aaecdcc9a	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:67799a4b0206	bytes=361, dst_ip=172.234.197.23, dst_port=443, pkts=5, proto=tcp, src_ip=199.16.157.182
flow	flow:d4998ce3363c	bytes=688, dst_ip=2.57.122.192, dst_port=15,596, pkts=8, proto=tcp, src_ip=172.234.197.23
flow	flow:c4e6a453e687	bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:42f1c8ab98a8	bytes=1,522, dst_ip=172.234.197.23, dst_port=80, pkts=12, proto=tcp, src_ip=78.153.140.148
flow	flow:2759e86a7e02	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:8f3f3aa1ab4a	bytes=292, dst_ip=2.57.122.196, dst_port=25,682, pkts=4, proto=tcp, src_ip=172.234.197.23
flow	flow:0a764492b76b	bytes=112, dst_ip=172.234.197.23, dst_port=10,006, pkts=2, proto=tcp, src_ip=45.79.109.130
flow	flow:a46be0b84889	bytes=132,030, dst_ip=172.234.197.23, dst_port=443, pkts=117, proto=tcp, src_ip=144.76.23.47
flow	flow:93cba7dfff64	bytes=134,913, dst_ip=172.234.197.23, dst_port=443, pkts=132, proto=tcp, src_ip=199.16.157.181
flow	flow:e426dc2add72	bytes=518, dst_ip=92.118.39.236, dst_port=3,210, pkts=5, proto=tcp, src_ip=172.234.197.23
flow	flow:81b8ace9a2e6	bytes=340, dst_ip=2.57.122.192, dst_port=0, pkts=4, proto=icmp, src_ip=172.234.197.23
flow	flow:99a9f8b7c5b3	bytes=186, dst_ip=172.234.197.23, dst_port=443, pkts=3, proto=tcp, src_ip=40.119.32.47
flow	flow:66bb27cf4c04	bytes=361, dst_ip=172.234.197.23, dst_port=443, pkts=5, proto=tcp, src_ip=199.16.157.183
flow	flow:991e601541a1	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:2c6c48655616	bytes=1,929, dst_ip=172.234.197.23, dst_port=443, pkts=9, proto=tcp, src_ip=97.139.12.85
flow	flow:0cab2ce4a41a	bytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117
flow	flow:6ac8bc7ce374	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:b9c87c3e6634	bytes=5,896, dst_ip=172.234.197.23, dst_port=22, pkts=31, proto=tcp, src_ip=92.118.39.236
flow	flow:3c416f42759a	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:5e470028e46b	bytes=172, dst_ip=59.6.77.80, dst_port=42,622, pkts=2, proto=tcp, src_ip=172.234.197.23
flow	flow:af46c51682fe	bytes=1,308, dst_ip=172.234.197.23, dst_port=80, pkts=10, proto=tcp, src_ip=78.153.140.148
flow	flow:1eaa2c354bb9	bytes=116, dst_ip=172.234.197.23, dst_port=5,432, pkts=2, proto=tcp, src_ip=35.233.68.173
flow	flow:d5c7343ffad3	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:236e160bf97b	bytes=6,414, dst_ip=172.234.197.23, dst_port=22, pkts=36, proto=tcp, src_ip=92.118.39.197
flow	flow:f834d92b87f4	bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:958f77dbf2ff	bytes=1,644,041, dst_ip=172.234.197.23, dst_port=443, pkts=1,245, proto=tcp, src_ip=97.139.12.85
flow	flow:f268f9985c23	bytes=236, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:43d87d43ebf2	bytes=172, dst_ip=59.6.77.80, dst_port=42,622, pkts=2, proto=tcp, src_ip=172.234.197.23
flow	flow:ffb24c296a2c	bytes=92, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=128.9.29.131
flow	flow:6485c04b666a	bytes=629, dst_ip=172.234.197.23, dst_port=22, pkts=9, proto=tcp, src_ip=8.222.219.23
flow	flow:4a465ec75db9	bytes=1,257, dst_ip=172.234.197.23, dst_port=80, pkts=10, proto=tcp, src_ip=66.228.53.204
flow	flow:743cca931674	bytes=6,930, dst_ip=172.234.197.23, dst_port=22, pkts=42, proto=tcp, src_ip=2.57.122.192
flow	flow:c8a7ee2a5fe9	bytes=164, dst_ip=2.57.122.196, dst_port=0, pkts=2, proto=icmp, src_ip=172.234.197.23
flow	flow:e62070b6aeb6	bytes=33,059, dst_ip=172.234.197.23, dst_port=443, pkts=39, proto=tcp, src_ip=66.228.53.204
flow	flow:4cb79ca168a0	bytes=135,474, dst_ip=172.234.197.23, dst_port=443, pkts=135, proto=tcp, src_ip=17.22.237.22
flow	flow:6f0c0a999555	bytes=19,222, dst_ip=97.139.12.85, dst_port=60,136, pkts=223, proto=tcp, src_ip=172.234.197.23
flow	flow:4eaa609c2624	bytes=35,346, dst_ip=172.234.197.23, dst_port=443, pkts=49, proto=tcp, src_ip=43.135.145.73
flow	flow:9b1def7bdac1	bytes=132, dst_ip=23.234.69.80, dst_port=18,249, pkts=2, proto=tcp, src_ip=172.234.197.23
flow	flow:fbf83df1b6b6	bytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117
flow	flow:b8c49dd508ec	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:9f56a1b92a85	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23
flow	flow:10959da4f2fa	bytes=361, dst_ip=172.234.197.23, dst_port=443, pkts=5, proto=tcp, src_ip=199.16.157.181
flow	flow:c51bf5b097ea	bytes=135,310, dst_ip=172.234.197.23, dst_port=443, pkts=138, proto=tcp, src_ip=199.16.157.183
flow	flow:28bd443b2c5e	bytes=3,858, dst_ip=172.234.197.23, dst_port=443, pkts=15, proto=tcp, src_ip=46.38.236.138
flow	flow:4fa77a1ba33a	bytes=100, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=58.254.182.115
geo_point	geo_49.44230_11.01910	city=Nuremberg, country=DE	[49.4423, 11.0191, 0.0000] 🌐
geo_point	geo_39.73910_-104.98660	city=Denver, country=US	[39.7391, -104.9866, 0.0000] 🌐
geo_point	geo_50.85340_4.34700	city=Brussels, country=BE	[50.8534, 4.3470, 0.0000] 🌐
geo_point	geo_33.99240_-118.39910	city=Culver City, country=US	[33.9924, -118.3991, 0.0000] 🌐
geo_point	geo_37.56250_-122.00040	city=Fremont, country=US	[37.5625, -122.0004, 0.0000] 🌐
geo_point	geo_1.29390_103.84610	city=Singapore, country=SG	[1.2939, 103.8461, 0.0000] 🌐
geo_point	geo_45.99680_24.99700	city=, country=RO	[45.9968, 24.9970, 0.0000] 🌐
geo_point	geo_1.36670_103.80000	city=, country=SG	[1.3667, 103.8000, 0.0000] 🌐
geo_point	geo_29.81190_-95.52070	city=Houston, country=US	[29.8119, -95.5207, 0.0000] 🌐
geo_point	geo_51.51640_-0.09300	city=City of London, country=GB	[51.5164, -0.0930, 0.0000] 🌐
geo_point	geo_29.42270_-98.49270	city=San Antonio, country=US	[29.4227, -98.4927, 0.0000] 🌐
geo_point	geo_37.54150_127.02520	city=Seongdong-gu, country=KR	[37.5415, 127.0252, 0.0000] 🌐
geo_point	geo_33.76970_-84.37540	city=Atlanta, country=US	[33.7697, -84.3754, 0.0000] 🌐
geo_point	geo_22.77850_115.34520	city=Shanwei, country=CN	[22.7785, 115.3452, 0.0000] 🌐
geo_point	geo_37.75100_-97.82200	city=, country=US	[37.7510, -97.8220, 0.0000] 🌐
geo_point	geo_50.47770_12.36490	city=Falkenstein, country=DE	[50.4777, 12.3649, 0.0000] 🌐
geo_point	geo_37.35300_-121.95440	city=Santa Clara, country=US	[37.3530, -121.9544, 0.0000] 🌐
geo_point	geo_32.94730_-96.70280	city=Richardson, country=US	[32.9473, -96.7028, 0.0000] 🌐
geo_point	geo_41.88350_-87.63050	city=Chicago, country=US	[41.8835, -87.6305, 0.0000] 🌐
host	host:199.16.157.183	bytes=135,310, city=Atlanta, country=US, ip=199.16.157.183, org=Twitter Inc.	[33.7697, -84.3754, 0.0000] 🌐
host	host:46.38.236.138	bytes=3,858, city=Nuremberg, country=DE, ip=46.38.236.138, org=netcup GmbH	[49.4423, 11.0191, 0.0000] 🌐
host	host:97.139.12.85	bytes=19,222, city=Houston, country=US, ip=97.139.12.85, org=Verizon Business	[29.8119, -95.5207, 0.0000] 🌐
host	host:92.118.39.197	bytes=6,414, city=, country=RO, ip=92.118.39.197, org=Unmanaged Ltd	[45.9968, 24.9970, 0.0000] 🌐
host	host:78.153.140.148	bytes=1,308, city=City of London, country=GB, ip=78.153.140.148, org=Hostglobal.plus Ltd	[51.5164, -0.0930, 0.0000] 🌐
host	host:2.57.122.196	bytes=164, city=, country=RO, ip=2.57.122.196, org=Unmanaged Ltd	[45.9968, 24.9970, 0.0000] 🌐
host	host:2.57.122.192	bytes=340, city=, country=RO, ip=2.57.122.192, org=Unmanaged Ltd	[45.9968, 24.9970, 0.0000] 🌐
host	host:23.234.69.80	bytes=132, city=Denver, country=US, ip=23.234.69.80, org=tzulo, inc.	[39.7391, -104.9866, 0.0000] 🌐
host	host:58.254.182.115	bytes=100, city=Shanwei, country=CN, ip=58.254.182.115, org=China Unicom Guangdong IP network	[22.7785, 115.3452, 0.0000] 🌐
host	host:144.76.23.47	bytes=132,030, city=Falkenstein, country=DE, ip=144.76.23.47, org=Hetzner Online GmbH	[50.4777, 12.3649, 0.0000] 🌐
host	host:172.232.0.17	bytes=313, city=Chicago, country=US, ip=172.232.0.17, org=Akamai Connected Cloud	[41.8835, -87.6305, 0.0000] 🌐
host	host:8.222.219.23	bytes=629, city=, country=SG, ip=8.222.219.23, org=Alibaba US Technology Co., Ltd.	[1.3667, 103.8000, 0.0000] 🌐
host	host:59.6.77.80	bytes=172, city=Seongdong-gu, country=KR, ip=59.6.77.80, org=Korea Telecom	[37.5415, 127.0252, 0.0000] 🌐
host	host:17.22.237.22	bytes=135,474, city=, country=US, ip=17.22.237.22, org=Apple Inc.	[37.7510, -97.8220, 0.0000] 🌐
host	host:199.16.157.182	bytes=135,336, city=Atlanta, country=US, ip=199.16.157.182, org=Twitter Inc.	[33.7697, -84.3754, 0.0000] 🌐
host	host:35.233.68.173	bytes=116, city=Brussels, country=BE, ip=35.233.68.173, org=Google LLC	[50.8534, 4.3470, 0.0000] 🌐
host	host:45.79.109.130	bytes=112, city=Fremont, country=US, ip=45.79.109.130, org=Akamai Connected Cloud	[37.5625, -122.0004, 0.0000] 🌐
host	host:92.118.39.236	bytes=5,896, city=, country=RO, ip=92.118.39.236, org=Unmanaged Ltd	[45.9968, 24.9970, 0.0000] 🌐
host	host:43.135.145.73	bytes=35,346, city=Santa Clara, country=US, ip=43.135.145.73, org=Tencent Building, Kejizhongyi Avenue	[37.3530, -121.9544, 0.0000] 🌐
host	host:128.9.29.131	bytes=92, city=Culver City, country=US, ip=128.9.29.131, org=University of Southern California	[33.9924, -118.3991, 0.0000] 🌐
host	host:103.155.16.117	bytes=84, city=Singapore, country=SG, ip=103.155.16.117, org=Kaopu Cloud HK Limited	[1.2939, 103.8461, 0.0000] 🌐
host	host:40.119.32.47	bytes=186, city=San Antonio, country=US, ip=40.119.32.47, org=Microsoft Corporation	[29.4227, -98.4927, 0.0000] 🌐
host	host:172.234.197.23	bytes=313, city=Chicago, country=US, ip=172.234.197.23, org=Akamai Connected Cloud	[41.8835, -87.6305, 0.0000] 🌐
host	host:199.16.157.181	bytes=134,913, city=Atlanta, country=US, ip=199.16.157.181, org=Twitter Inc.	[33.7697, -84.3754, 0.0000] 🌐
host	host:66.228.53.204	bytes=1,257, city=Richardson, country=US, ip=66.228.53.204, org=Akamai Connected Cloud	[32.9473, -96.7028, 0.0000] 🌐
http_host	http_host:172.234.197.23	host=172.234.197.23
org	org:Alibaba US Technology Co., Ltd.	name=Alibaba US Technology Co., Ltd.
org	org:University of Southern California	name=University of Southern California
org	org:Unmanaged Ltd	name=Unmanaged Ltd
org	org:Akamai Connected Cloud	name=Akamai Connected Cloud
org	org:Microsoft Corporation	name=Microsoft Corporation
org	org:China Unicom Guangdong IP network	name=China Unicom Guangdong IP network
org	org:Twitter Inc.	name=Twitter Inc.
org	org:Tencent Building, Kejizhongyi Avenue	name=Tencent Building, Kejizhongyi Avenue
org	org:Hostglobal.plus Ltd	name=Hostglobal.plus Ltd
org	org:Kaopu Cloud HK Limited	name=Kaopu Cloud HK Limited
org	org:Korea Telecom	name=Korea Telecom
org	org:Google LLC	name=Google LLC
org	org:Hetzner Online GmbH	name=Hetzner Online GmbH
org	org:Verizon Business	name=Verizon Business
org	org:Apple Inc.	name=Apple Inc.
org	org:netcup GmbH	name=netcup GmbH
org	org:tzulo, inc.	name=tzulo, inc.
pcap_artifact	PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	file_size=2,422,088, filename=DevOpsPage_20260423_1021pmCST.pcap, ingested_at=2026-04-24T03:28:32.249831+00:00
pcap_artifact	PCAP:capture_20260424160001:21dcec78926d	file_size=11,338, filename=capture_20260424160001.pcap, ingested_at=2026-04-24T17:52:47.023817+00:00
pcap_artifact	PCAP:capture_20260424170001:2a81081d173e	file_size=1,629, filename=capture_20260424170001.pcap, ingested_at=2026-04-24T17:52:49.492128+00:00
pcap_artifact	PCAP:capture_20260424150002:9b7ba46ff54d	file_size=49,665, filename=capture_20260424150002.pcap, ingested_at=2026-04-24T17:52:44.182060+00:00
pcap_artifact	PCAP:capture_20260424140001:b547b7157000	file_size=9,907, filename=capture_20260424140001.pcap, ingested_at=2026-04-24T17:52:41.883356+00:00
port_hub	port:tcp:443	port=443, proto=tcp
port_hub	port:tcp:15596	port=15,596, proto=tcp
port_hub	port:tcp:42622	port=42,622, proto=tcp
port_hub	port:tcp:60136	port=60,136, proto=tcp
port_hub	port:tcp:22	port=22, proto=tcp
port_hub	port:tcp:18249	port=18,249, proto=tcp
port_hub	port:tcp:5432	port=5,432, proto=tcp
port_hub	port:udp:53	port=53, proto=udp
port_hub	port:tcp:3210	port=3,210, proto=tcp
port_hub	port:tcp:10006	port=10,006, proto=tcp
port_hub	port:tcp:25682	port=25,682, proto=tcp
port_hub	port:tcp:80	port=80, proto=tcp
protocol_event	pe:tls:SESSION-c365d629ce285be9	event_type=TLS_SESSION, packet_count=5, session=SESSION-c365d629ce285be9
protocol_event	pe:syn:SESSION-dbe1edd4efb49468	count=2, event_type=TCP_SYN, session=SESSION-dbe1edd4efb49468
protocol_event	pe:syn:SESSION-801986a05f874d44	count=2, event_type=TCP_SYN, session=SESSION-801986a05f874d44
protocol_event	pe:rst:SESSION-fc3f949cbddefabd	count=4, event_type=TCP_RST, session=SESSION-fc3f949cbddefabd
protocol_event	pe:tls:SESSION-801986a05f874d44	event_type=TLS_SESSION, packet_count=39, session=SESSION-801986a05f874d44
protocol_event	pe:syn:SESSION-132c0a35e55eb362	count=2, event_type=TCP_SYN, session=SESSION-132c0a35e55eb362
protocol_event	pe:dns:SESSION-b6bccd19e88cac02	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-b6bccd19e88cac02
protocol_event	pe:tls:SESSION-df0521ee237a9620	event_type=TLS_SESSION, packet_count=9, session=SESSION-df0521ee237a9620
protocol_event	pe:dns:SESSION-32c3b80c2cc69cbc	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-32c3b80c2cc69cbc
protocol_event	pe:tls:SESSION-6b6584907add35ca	event_type=TLS_SESSION, packet_count=49, session=SESSION-6b6584907add35ca
protocol_event	pe:syn:SESSION-e5b926505913cd4c	count=2, event_type=TCP_SYN, session=SESSION-e5b926505913cd4c
protocol_event	pe:syn:SESSION-d2ebf88e7456c490	count=2, event_type=TCP_SYN, session=SESSION-d2ebf88e7456c490
protocol_event	pe:dns:SESSION-0938448bdcbd9d9c	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-0938448bdcbd9d9c
protocol_event	pe:syn:SESSION-01a793e8041caae3	count=2, event_type=TCP_SYN, session=SESSION-01a793e8041caae3
protocol_event	pe:syn:SESSION-2b16ad2cc059d584	count=2, event_type=TCP_SYN, session=SESSION-2b16ad2cc059d584
protocol_event	pe:syn:SESSION-6b6584907add35ca	count=2, event_type=TCP_SYN, session=SESSION-6b6584907add35ca
protocol_event	pe:syn:SESSION-7b48e5e7105113e9	count=2, event_type=TCP_SYN, session=SESSION-7b48e5e7105113e9
protocol_event	pe:tls:SESSION-43328f9b50a5d423	event_type=TLS_SESSION, packet_count=3, session=SESSION-43328f9b50a5d423
protocol_event	pe:dns:SESSION-f952d347444430eb	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-f952d347444430eb
protocol_event	pe:dns:SESSION-07867b4b46fa60d0	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-07867b4b46fa60d0
protocol_event	pe:dns:SESSION-e15010a8a1e57ef1	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-e15010a8a1e57ef1
protocol_event	pe:tls:SESSION-01a793e8041caae3	event_type=TLS_SESSION, packet_count=117, session=SESSION-01a793e8041caae3
protocol_event	pe:tls:SESSION-bd11a50065a6cb7c	event_type=TLS_SESSION, packet_count=20, session=SESSION-bd11a50065a6cb7c
protocol_event	pe:rst:SESSION-43328f9b50a5d423	count=1, event_type=TCP_RST, session=SESSION-43328f9b50a5d423
protocol_event	pe:rst:SESSION-137907a1c322972d	count=1, event_type=TCP_RST, session=SESSION-137907a1c322972d
protocol_event	pe:tls:SESSION-f8e62b0ad557062a	event_type=TLS_SESSION, packet_count=5, session=SESSION-f8e62b0ad557062a
protocol_event	pe:rst:SESSION-fb43e37656185293	count=2, event_type=TCP_RST, session=SESSION-fb43e37656185293
protocol_event	pe:tls:SESSION-5ae5c17cec58f583	event_type=TLS_SESSION, packet_count=1,245, session=SESSION-5ae5c17cec58f583
protocol_event	pe:rst:SESSION-a61d2aadfc894ab0	count=1, event_type=TCP_RST, session=SESSION-a61d2aadfc894ab0
protocol_event	pe:rst:SESSION-d2ebf88e7456c490	count=1, event_type=TCP_RST, session=SESSION-d2ebf88e7456c490
protocol_event	pe:dns:SESSION-ae4f295d1d4cff7e	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-ae4f295d1d4cff7e
protocol_event	pe:tls:SESSION-8a981e11d869c723	event_type=TLS_SESSION, packet_count=5, session=SESSION-8a981e11d869c723
protocol_event	pe:tls:SESSION-c52a62f7c65f2e1a	event_type=TLS_SESSION, packet_count=15, session=SESSION-c52a62f7c65f2e1a
protocol_event	pe:tls:SESSION-e9f4a4a9c8d0d99f	event_type=TLS_SESSION, packet_count=138, session=SESSION-e9f4a4a9c8d0d99f
protocol_event	pe:syn:SESSION-fc3f949cbddefabd	count=2, event_type=TCP_SYN, session=SESSION-fc3f949cbddefabd
protocol_event	pe:syn:SESSION-c13e61513d1b018d	count=2, event_type=TCP_SYN, session=SESSION-c13e61513d1b018d
protocol_event	pe:rst:SESSION-5f6379841834a338	count=4, event_type=TCP_RST, session=SESSION-5f6379841834a338
protocol_event	pe:rst:SESSION-bd11a50065a6cb7c	count=2, event_type=TCP_RST, session=SESSION-bd11a50065a6cb7c
protocol_event	pe:rst:SESSION-5b6e402ee019b6c1	count=1, event_type=TCP_RST, session=SESSION-5b6e402ee019b6c1
protocol_event	pe:syn:SESSION-4efa693f129e7ca6	count=2, event_type=TCP_SYN, session=SESSION-4efa693f129e7ca6
protocol_event	pe:syn:SESSION-03ccec65d79829da	count=2, event_type=TCP_SYN, session=SESSION-03ccec65d79829da
protocol_event	pe:dns:SESSION-dd03efe0b367bd0d	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-dd03efe0b367bd0d
protocol_event	pe:tls:SESSION-124f188fc662f45b	event_type=TLS_SESSION, packet_count=138, session=SESSION-124f188fc662f45b
protocol_event	pe:tls:SESSION-7b48e5e7105113e9	event_type=TLS_SESSION, packet_count=132, session=SESSION-7b48e5e7105113e9
protocol_event	pe:syn:SESSION-c52a62f7c65f2e1a	count=2, event_type=TCP_SYN, session=SESSION-c52a62f7c65f2e1a
protocol_event	pe:rst:SESSION-5846cd006f1eacb7	count=1, event_type=TCP_RST, session=SESSION-5846cd006f1eacb7
protocol_event	pe:dns:SESSION-47d044a3990fe914	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-47d044a3990fe914
protocol_event	pe:dns:SESSION-fe2be36828e6c4a2	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-fe2be36828e6c4a2
protocol_event	pe:syn:SESSION-e9f4a4a9c8d0d99f	count=2, event_type=TCP_SYN, session=SESSION-e9f4a4a9c8d0d99f
protocol_event	pe:rst:SESSION-01a793e8041caae3	count=2, event_type=TCP_RST, session=SESSION-01a793e8041caae3
protocol_event	pe:dns:SESSION-e7ac586ca0d0ef0f	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-e7ac586ca0d0ef0f
protocol_event	pe:tls:SESSION-2b16ad2cc059d584	event_type=TLS_SESSION, packet_count=135, session=SESSION-2b16ad2cc059d584
protocol_event	pe:syn:SESSION-124f188fc662f45b	count=2, event_type=TCP_SYN, session=SESSION-124f188fc662f45b
protocol_event	pe:syn:SESSION-2f842951575bb476	count=2, event_type=TCP_SYN, session=SESSION-2f842951575bb476
protocol_event	pe:syn:SESSION-bd11a50065a6cb7c	count=2, event_type=TCP_SYN, session=SESSION-bd11a50065a6cb7c
protocol_event	pe:dns:SESSION-7f4ca9b0d8673927	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-7f4ca9b0d8673927
protocol_event	pe:syn:SESSION-5846cd006f1eacb7	count=1, event_type=TCP_SYN, session=SESSION-5846cd006f1eacb7
protocol_event	pe:dns:SESSION-2d3d727470c1d931	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-2d3d727470c1d931
protocol_event	pe:rst:SESSION-03ccec65d79829da	count=2, event_type=TCP_RST, session=SESSION-03ccec65d79829da
protocol_event	pe:dns:SESSION-bcd7e2d1fd452ee5	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-bcd7e2d1fd452ee5
protocol_event	pe:dns:SESSION-72c3b3d3b2889ec2	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-72c3b3d3b2889ec2
protocol_event	pe:syn:SESSION-43328f9b50a5d423	count=2, event_type=TCP_SYN, session=SESSION-43328f9b50a5d423
protocol_event	pe:rst:SESSION-6b6584907add35ca	count=2, event_type=TCP_RST, session=SESSION-6b6584907add35ca
service	svc:https	name=https
service	svc:postgres	name=postgres
service	svc:ssh	name=ssh
service	svc:http	name=http
service	svc:dns	name=dns
session	SESSION-fe2be36828e6c4a2	dst_ip=172.232.0.17, dst_port=53, duration_sec=0.07, end_time=1,777,046,401.879, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=32,873, start_time=1,777,046,401.806, tcp_flags=, time_bucket=1,777,046,400, total_bytes=282, window_sec=30
session	SESSION-d2ebf88e7456c490	dst_ip=172.234.197.23, dst_port=22, duration_sec=13.93, end_time=1,777,046,420.278, expected_protocol=ssh, packet_count=36, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=92.118.39.197, src_port=24,330, start_time=1,777,046,406.352, tcp_flags=S,R,A,P, time_bucket=1,777,046,400, total_bytes=6,414, window_sec=30
session	SESSION-4efa693f129e7ca6	dst_ip=172.234.197.23, dst_port=80, duration_sec=0.37, end_time=1,777,042,846.646, expected_protocol=http, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=66.228.53.204, src_port=45,210, start_time=1,777,042,846.28, tcp_flags=F,S,A,P, time_bucket=1,777,042,830, total_bytes=1,257, window_sec=30
session	SESSION-8b6b3bfbd3509f3d	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,046,408.254, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,777,046,408.254, tcp_flags=, time_bucket=1,777,046,400, total_bytes=84, window_sec=30
session	SESSION-32c3b80c2cc69cbc	dst_ip=172.232.0.17, dst_port=53, duration_sec=0.01, end_time=1,777,001,016.747, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=50,382, start_time=1,777,001,016.738, tcp_flags=, time_bucket=1,777,001,010, total_bytes=282, window_sec=30
session	SESSION-fb43e37656185293	dst_ip=2.57.122.196, dst_port=25,682, duration_sec=11.92, end_time=1,777,046,416.056, expected_protocol=unregistered:25682, packet_count=4, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,777,046,404.138, tcp_flags=F,A,R,P, time_bucket=1,777,046,400, total_bytes=292, window_sec=30
session	SESSION-bcd7e2d1fd452ee5	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,039,201.305, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=41,260, start_time=1,777,039,201.303, tcp_flags=, time_bucket=1,777,039,200, total_bytes=282, window_sec=30
session	SESSION-137907a1c322972d	dst_ip=59.6.77.80, dst_port=42,622, duration_sec=0.18, end_time=1,777,046,407.387, expected_protocol=unregistered:42622, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,777,046,407.21, tcp_flags=A,R,P, time_bucket=1,777,046,400, total_bytes=172, window_sec=30
session	SESSION-bd11a50065a6cb7c	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.64, end_time=1,777,001,062.142, expected_protocol=https, packet_count=20, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=144.76.23.47, src_port=35,182, start_time=1,777,001,061.501, tcp_flags=S,P,R,A,F, time_bucket=1,777,001,040, total_bytes=5,325, window_sec=30
session	SESSION-5f6379841834a338	dst_ip=2.57.122.192, dst_port=15,596, duration_sec=19.71, end_time=1,777,042,849.963, expected_protocol=unregistered:15596, packet_count=8, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,777,042,830.25, tcp_flags=A,R,P, time_bucket=1,777,042,830, total_bytes=688, window_sec=30
session	SESSION-2b16ad2cc059d584	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.45, end_time=1,777,001,066.756, expected_protocol=https, packet_count=135, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=17.22.237.22, src_port=58,880, start_time=1,777,001,066.309, tcp_flags=S,A,P, time_bucket=1,777,001,040, total_bytes=135,474, window_sec=30
session	SESSION-c13e61513d1b018d	dst_ip=172.234.197.23, dst_port=80, duration_sec=0.61, end_time=1,777,042,843.004, expected_protocol=http, packet_count=12, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=78.153.140.148, src_port=36,992, start_time=1,777,042,842.39, tcp_flags=F,S,A,P, time_bucket=1,777,042,830, total_bytes=1,522, window_sec=30
session	SESSION-0afee6a6d9f48fa0	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,039,207.991, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,777,039,207.99, tcp_flags=, time_bucket=1,777,039,200, total_bytes=84, window_sec=30
session	SESSION-07867b4b46fa60d0	dst_ip=172.232.0.17, dst_port=53, duration_sec=0.04, end_time=1,777,042,802.086, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=43,269, start_time=1,777,042,802.049, tcp_flags=, time_bucket=1,777,042,800, total_bytes=313, window_sec=30
session	SESSION-a61d2aadfc894ab0	dst_ip=92.118.39.236, dst_port=3,210, duration_sec=2.31, end_time=1,777,039,232.812, expected_protocol=unregistered:3210, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,777,039,230.5, tcp_flags=A,R,P, time_bucket=1,777,039,230, total_bytes=518, window_sec=30
session	SESSION-df9c042eed58d783	dst_ip=2.57.122.196, duration_sec=11.79, end_time=1,777,046,416.056, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=172.234.197.23, start_time=1,777,046,404.268, tcp_flags=, time_bucket=1,777,046,400, total_bytes=164, window_sec=30
session	SESSION-549cd508c26f4eff	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,042,828.421, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=128.9.29.131, start_time=1,777,042,828.421, tcp_flags=, time_bucket=1,777,042,800, total_bytes=92, window_sec=30
session	SESSION-0938448bdcbd9d9c	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,039,201.307, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=48,999, start_time=1,777,039,201.305, tcp_flags=, time_bucket=1,777,039,200, total_bytes=313, window_sec=30
session	SESSION-6b6584907add35ca	dst_ip=172.234.197.23, dst_port=443, duration_sec=1.49, end_time=1,777,001,063.822, expected_protocol=https, packet_count=49, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=43.135.145.73, src_port=45,930, start_time=1,777,001,062.334, tcp_flags=S,P,R,A,F, time_bucket=1,777,001,040, total_bytes=35,346, window_sec=30
session	SESSION-e7ac586ca0d0ef0f	dst_ip=172.232.0.17, dst_port=53, duration_sec=0.01, end_time=1,777,046,401.888, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=35,015, start_time=1,777,046,401.88, tcp_flags=, time_bucket=1,777,046,400, total_bytes=313, window_sec=30
session	SESSION-132c0a35e55eb362	dst_ip=23.234.69.80, dst_port=18,249, duration_sec=16.38, end_time=1,777,042,825.77, expected_protocol=unregistered:18249, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=80, start_time=1,777,042,809.386, tcp_flags=S,A, time_bucket=1,777,042,800, total_bytes=132, window_sec=30
session	SESSION-5846cd006f1eacb7	dst_ip=172.234.197.23, dst_port=10,006, duration_sec=0, end_time=1,777,046,420.988, expected_protocol=unregistered:10006, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=45.79.109.130, src_port=48,728, start_time=1,777,046,420.988, tcp_flags=S,R,A, time_bucket=1,777,046,400, total_bytes=112, window_sec=30
session	SESSION-e5b926505913cd4c	dst_ip=172.234.197.23, dst_port=22, duration_sec=13.71, end_time=1,777,039,226.4, expected_protocol=ssh, packet_count=31, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=92.118.39.236, src_port=3,210, start_time=1,777,039,212.694, tcp_flags=S,A,P, time_bucket=1,777,039,200, total_bytes=5,896, window_sec=30
session	SESSION-b6bccd19e88cac02	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,042,846.563, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=48,760, start_time=1,777,042,846.563, tcp_flags=, time_bucket=1,777,042,830, total_bytes=282, window_sec=30
session	SESSION-b6e59bfdb17a240e	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,039,247.343, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=58.254.182.115, start_time=1,777,039,247.343, tcp_flags=, time_bucket=1,777,039,230, total_bytes=100, window_sec=30
session	SESSION-f952d347444430eb	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,001,058.242, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=56,995, start_time=1,777,001,058.24, tcp_flags=, time_bucket=1,777,001,040, total_bytes=282, window_sec=30
session	SESSION-c365d629ce285be9	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.02, end_time=1,777,001,043.285, expected_protocol=https, packet_count=5, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=199.16.157.183, src_port=37,692, start_time=1,777,001,043.263, tcp_flags=F,A,P, time_bucket=1,777,001,040, total_bytes=361, window_sec=30
session	SESSION-03ccec65d79829da	dst_ip=172.234.197.23, dst_port=22, duration_sec=0.41, end_time=1,777,046,426.077, expected_protocol=ssh, packet_count=9, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=8.222.219.23, src_port=57,194, start_time=1,777,046,425.667, tcp_flags=S,P,R,A,F, time_bucket=1,777,046,400, total_bytes=629, window_sec=30
session	SESSION-7b48e5e7105113e9	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.76, end_time=1,777,001,034.15, expected_protocol=https, packet_count=132, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=199.16.157.181, src_port=60,850, start_time=1,777,001,033.387, tcp_flags=S,C,P,E,A, time_bucket=1,777,001,010, total_bytes=134,913, window_sec=30
session	SESSION-f8e62b0ad557062a	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.02, end_time=1,777,001,043.282, expected_protocol=https, packet_count=5, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=199.16.157.181, src_port=60,850, start_time=1,777,001,043.261, tcp_flags=F,A,P, time_bucket=1,777,001,040, total_bytes=361, window_sec=30
session	SESSION-dbe1edd4efb49468	dst_ip=172.234.197.23, dst_port=5,432, duration_sec=0.34, end_time=1,777,039,209.21, expected_protocol=unregistered:5432, packet_count=2, proto=TCP, protocol_anomaly_score=0.3, protocol_violations=tcp_syn_only, protocols=TCP, src_ip=35.233.68.173, src_port=55,170, start_time=1,777,039,208.865, tcp_flags=S, time_bucket=1,777,039,200, total_bytes=116, window_sec=30
session	SESSION-c52a62f7c65f2e1a	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.46, end_time=1,777,001,022.849, expected_protocol=https, packet_count=15, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=46.38.236.138, src_port=44,430, start_time=1,777,001,022.385, tcp_flags=F,S,A,P, time_bucket=1,777,001,010, total_bytes=3,858, window_sec=30
session	SESSION-124f188fc662f45b	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.8, end_time=1,777,001,034.181, expected_protocol=https, packet_count=138, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=199.16.157.183, src_port=37,692, start_time=1,777,001,033.383, tcp_flags=S,C,P,E,A, time_bucket=1,777,001,010, total_bytes=135,310, window_sec=30
session	SESSION-01a793e8041caae3	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.91, end_time=1,777,001,063.072, expected_protocol=https, packet_count=117, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=144.76.23.47, src_port=35,198, start_time=1,777,001,062.158, tcp_flags=S,P,R,A,F, time_bucket=1,777,001,040, total_bytes=132,030, window_sec=30
session	SESSION-7f4ca9b0d8673927	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,001,059.244, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=35,224, start_time=1,777,001,059.243, tcp_flags=, time_bucket=1,777,001,040, total_bytes=282, window_sec=30
session	SESSION-43328f9b50a5d423	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.04, end_time=1,777,001,058.004, expected_protocol=https, packet_count=3, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=40.119.32.47, src_port=33,387, start_time=1,777,001,057.961, tcp_flags=S,R,A, time_bucket=1,777,001,040, total_bytes=186, window_sec=30
session	SESSION-e9f4a4a9c8d0d99f	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.79, end_time=1,777,001,034.188, expected_protocol=https, packet_count=138, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=199.16.157.182, src_port=44,512, start_time=1,777,001,033.396, tcp_flags=S,C,P,E,A, time_bucket=1,777,001,010, total_bytes=135,336, window_sec=30
session	SESSION-e15010a8a1e57ef1	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,001,021.15, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=33,893, start_time=1,777,001,021.15, tcp_flags=, time_bucket=1,777,001,010, total_bytes=282, window_sec=30
session	SESSION-5ae5c17cec58f583	dst_ip=172.234.197.23, dst_port=443, duration_sec=8.13, end_time=1,777,001,021.781, expected_protocol=https, packet_count=1,245, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=97.139.12.85, src_port=50,857, start_time=1,777,001,013.654, tcp_flags=A,P, time_bucket=1,777,001,010, total_bytes=1,644,041, window_sec=30
session	SESSION-ae4f295d1d4cff7e	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,042,802.049, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=47,200, start_time=1,777,042,802.047, tcp_flags=, time_bucket=1,777,042,800, total_bytes=282, window_sec=30
session	SESSION-2d3d727470c1d931	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,046,401.894, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=58,940, start_time=1,777,046,401.889, tcp_flags=, time_bucket=1,777,046,400, total_bytes=236, window_sec=30
session	SESSION-df0521ee237a9620	dst_ip=172.234.197.23, dst_port=443, duration_sec=1.2, end_time=1,777,001,059.345, expected_protocol=https, packet_count=9, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=97.139.12.85, src_port=50,857, start_time=1,777,001,058.141, tcp_flags=A,P, time_bucket=1,777,001,040, total_bytes=1,929, window_sec=30
session	SESSION-47d044a3990fe914	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,039,201.309, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=33,100, start_time=1,777,039,201.308, tcp_flags=, time_bucket=1,777,039,200, total_bytes=236, window_sec=30
session	SESSION-5b6e402ee019b6c1	dst_ip=59.6.77.80, dst_port=42,622, duration_sec=0.18, end_time=1,777,046,435.035, expected_protocol=unregistered:42622, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,777,046,434.858, tcp_flags=A,R,P, time_bucket=1,777,046,430, total_bytes=172, window_sec=30
session	SESSION-fc3f949cbddefabd	dst_ip=172.234.197.23, dst_port=22, duration_sec=19.47, end_time=1,777,042,828.971, expected_protocol=ssh, packet_count=42, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=2.57.122.192, src_port=15,596, start_time=1,777,042,809.502, tcp_flags=S,R,A,P, time_bucket=1,777,042,800, total_bytes=6,930, window_sec=30
session	SESSION-dd03efe0b367bd0d	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,050,001.535, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=44,159, start_time=1,777,050,001.533, tcp_flags=, time_bucket=1,777,050,000, total_bytes=282, window_sec=30
session	SESSION-46adfbb34624e2be	dst_ip=2.57.122.192, duration_sec=1.41, end_time=1,777,042,828.971, expected_protocol=unregistered:0, packet_count=4, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=172.234.197.23, start_time=1,777,042,827.563, tcp_flags=, time_bucket=1,777,042,800, total_bytes=340, window_sec=30
session	SESSION-1f6be4d567980bce	dst_ip=2.57.122.192, duration_sec=19.58, end_time=1,777,042,849.963, expected_protocol=unregistered:0, packet_count=4, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=172.234.197.23, start_time=1,777,042,830.379, tcp_flags=, time_bucket=1,777,042,830, total_bytes=328, window_sec=30
session	SESSION-1ca6064244966ba9	dst_ip=97.139.12.85, dst_port=60,136, duration_sec=3.11, end_time=1,777,001,015.056, expected_protocol=unregistered:60136, packet_count=223, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,777,001,011.941, tcp_flags=A,P, time_bucket=1,777,001,010, total_bytes=19,222, window_sec=30
session	SESSION-2f842951575bb476	dst_ip=172.234.197.23, dst_port=80, duration_sec=0.61, end_time=1,777,042,842.573, expected_protocol=http, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=78.153.140.148, src_port=36,982, start_time=1,777,042,841.964, tcp_flags=F,S,A,P, time_bucket=1,777,042,830, total_bytes=1,308, window_sec=30
session	SESSION-801986a05f874d44	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.32, end_time=1,777,042,846.646, expected_protocol=https, packet_count=39, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=66.228.53.204, src_port=8,050, start_time=1,777,042,846.325, tcp_flags=F,S,A,P, time_bucket=1,777,042,830, total_bytes=33,059, window_sec=30
session	SESSION-8a981e11d869c723	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.03, end_time=1,777,001,043.437, expected_protocol=https, packet_count=5, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=199.16.157.182, src_port=44,512, start_time=1,777,001,043.41, tcp_flags=F,A,P, time_bucket=1,777,001,040, total_bytes=361, window_sec=30
session	SESSION-72c3b3d3b2889ec2	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,050,001.537, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=38,984, start_time=1,777,050,001.535, tcp_flags=, time_bucket=1,777,050,000, total_bytes=313, window_sec=30
tls_sni	tls_sni:172-234-197-23.ip.linodeusercontent.com	sni=172-234-197-23.ip.linodeusercontent.com

Kind	ID	Nodes
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b16ad2cc059d584:host:172.234.197.23	SESSION-2b16ad2cc059d584 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7f4ca9b0d8673927:host:172.234.197.23	SESSION-7f4ca9b0d8673927 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-fc3f949cbddefabd:host:172.234.197.23	SESSION-fc3f949cbddefabd → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1ca6064244966ba9:host:172.234.197.23	SESSION-1ca6064244966ba9 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:b8c49dd508ec:dns:172-234-197-23.ip.linodeusercontent.com	flow:b8c49dd508ec → dns:172-234-197-23.ip.linodeusercontent.com
ASN_IN_ORGOBS 80%	e:ao:asn:13414:org:Twitter Inc.	asn:13414 → org:Twitter Inc.
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-6b6584907add35ca:SESSION-6b6584907add35ca	SESSION-6b6584907add35ca → pe:rst:SESSION-6b6584907add35ca
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5846cd006f1eacb7:host:172.234.197.23	SESSION-5846cd006f1eacb7 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:35.233.68.173:asn:396982	host:35.233.68.173 → asn:396982
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c365d629ce285be9:host:199.16.157.183	SESSION-c365d629ce285be9 → host:199.16.157.183
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b6584907add35ca:host:43.135.145.73	SESSION-6b6584907add35ca → host:43.135.145.73
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%	e:bsg:SESSION-5ae5c17cec58f583:BSG-DATA_EXFIL-58becbf84c75	SESSION-5ae5c17cec58f583 → BSG-DATA_EXFIL-58becbf84c75
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-124f188fc662f45b:SESSION-124f188fc662f45b	SESSION-124f188fc662f45b → pe:syn:SESSION-124f188fc662f45b
FLOW_DST_PORTOBS	e:fp:flow:9f56a1b92a85:port:udp:53	flow:9f56a1b92a85 → port:udp:53
FLOW_TO_HOSTOBS	e:to:SESSION-b6bccd19e88cac02:host:172.232.0.17	SESSION-b6bccd19e88cac02 → host:172.232.0.17
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-fe2be36828e6c4a2:BSG-BEACON-f6c2b3d0e42d	SESSION-fe2be36828e6c4a2 → BSG-BEACON-f6c2b3d0e42d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd03efe0b367bd0d:host:172.234.197.23	SESSION-dd03efe0b367bd0d → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:59.6.77.80:asn:4766	host:59.6.77.80 → asn:4766
FLOW_FROM_HOSTOBS	e:from:SESSION-bcd7e2d1fd452ee5:host:172.234.197.23	SESSION-bcd7e2d1fd452ee5 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:17.22.237.22:geo_37.75100_-97.82200	host:17.22.237.22 → geo_37.75100_-97.82200
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2ebf88e7456c490:host:172.234.197.23	SESSION-d2ebf88e7456c490 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e9f4a4a9c8d0d99f:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-e9f4a4a9c8d0d99f → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-32c3b80c2cc69cbc:SESSION-32c3b80c2cc69cbc	SESSION-32c3b80c2cc69cbc → pe:dns:SESSION-32c3b80c2cc69cbc
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-5846cd006f1eacb7:SESSION-5846cd006f1eacb7	SESSION-5846cd006f1eacb7 → pe:rst:SESSION-5846cd006f1eacb7
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-7b48e5e7105113e9:SESSION-7b48e5e7105113e9	SESSION-7b48e5e7105113e9 → pe:tls:SESSION-7b48e5e7105113e9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f8e62b0ad557062a:host:199.16.157.181:host:172.234.197.23	SESSION-f8e62b0ad557062a → host:199.16.157.181 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:f834d92b87f4:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:f834d92b87f4 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-03ccec65d79829da:SESSION-03ccec65d79829da	SESSION-03ccec65d79829da → pe:rst:SESSION-03ccec65d79829da
FLOW_TO_HOSTOBS	e:to:SESSION-2f842951575bb476:host:172.234.197.23	SESSION-2f842951575bb476 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-df9c042eed58d783:flow:c8a7ee2a5fe9	SESSION-df9c042eed58d783 → flow:c8a7ee2a5fe9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8b6b3bfbd3509f3d:host:103.155.16.117:host:172.234.197.23	SESSION-8b6b3bfbd3509f3d → host:103.155.16.117 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:43.135.145.73:asn:132203	host:43.135.145.73 → asn:132203
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4efa693f129e7ca6:SESSION-4efa693f129e7ca6	SESSION-4efa693f129e7ca6 → pe:syn:SESSION-4efa693f129e7ca6
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-f952d347444430eb:BSG-BEACON-f6c2b3d0e42d	SESSION-f952d347444430eb → BSG-BEACON-f6c2b3d0e42d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b6e59bfdb17a240e:PCAP:capture_20260424140001:b547b7157000	SESSION-b6e59bfdb17a240e → PCAP:capture_20260424140001:b547b7157000
FLOW_QUERIED_DNSOBS	e:fd:flow:88006e5933e9:dns:172-234-197-23.ip.linodeusercontent.com	flow:88006e5933e9 → dns:172-234-197-23.ip.linodeusercontent.com
HOST_IN_ASNOBS 85%	e:ha:host:8.222.219.23:asn:45102	host:8.222.219.23 → asn:45102
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fc3f949cbddefabd:flow:743cca931674	SESSION-fc3f949cbddefabd → flow:743cca931674
FLOW_DST_PORTOBS	e:fp:flow:67799a4b0206:port:tcp:443	flow:67799a4b0206 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a61d2aadfc894ab0:host:92.118.39.236	SESSION-a61d2aadfc894ab0 → host:92.118.39.236
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a61d2aadfc894ab0:flow:e426dc2add72	SESSION-a61d2aadfc894ab0 → flow:e426dc2add72
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a981e11d869c723:host:199.16.157.182	SESSION-8a981e11d869c723 → host:199.16.157.182
FLOW_TO_HOSTOBS	e:to:SESSION-bcd7e2d1fd452ee5:host:172.232.0.17	SESSION-bcd7e2d1fd452ee5 → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2f842951575bb476:flow:af46c51682fe	SESSION-2f842951575bb476 → flow:af46c51682fe
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-132c0a35e55eb362:PCAP:capture_20260424150002:9b7ba46ff54d	SESSION-132c0a35e55eb362 → PCAP:capture_20260424150002:9b7ba46ff54d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fc3f949cbddefabd:SESSION-fc3f949cbddefabd	SESSION-fc3f949cbddefabd → pe:syn:SESSION-fc3f949cbddefabd
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-72c3b3d3b2889ec2:SESSION-72c3b3d3b2889ec2	SESSION-72c3b3d3b2889ec2 → pe:dns:SESSION-72c3b3d3b2889ec2
FLOW_FROM_HOSTOBS	e:from:SESSION-46adfbb34624e2be:host:172.234.197.23	SESSION-46adfbb34624e2be → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-df0521ee237a9620:host:97.139.12.85:host:172.234.197.23	SESSION-df0521ee237a9620 → host:97.139.12.85 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f8e62b0ad557062a:SESSION-f8e62b0ad557062a	SESSION-f8e62b0ad557062a → pe:tls:SESSION-f8e62b0ad557062a
FLOW_DST_PORTOBS	e:fp:flow:1eaa2c354bb9:port:tcp:5432	flow:1eaa2c354bb9 → port:tcp:5432
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ae4f295d1d4cff7e:PCAP:capture_20260424150002:9b7ba46ff54d	SESSION-ae4f295d1d4cff7e → PCAP:capture_20260424150002:9b7ba46ff54d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:97.139.12.85:geo_29.81190_-95.52070	host:97.139.12.85 → geo_29.81190_-95.52070
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2f842951575bb476:PCAP:capture_20260424150002:9b7ba46ff54d	SESSION-2f842951575bb476 → PCAP:capture_20260424150002:9b7ba46ff54d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f842951575bb476:host:172.234.197.23	SESSION-2f842951575bb476 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2f842951575bb476:host:78.153.140.148	SESSION-2f842951575bb476 → host:78.153.140.148
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c365d629ce285be9:flow:66bb27cf4c04	SESSION-c365d629ce285be9 → flow:66bb27cf4c04
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-137907a1c322972d:host:59.6.77.80	SESSION-137907a1c322972d → host:59.6.77.80
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-e9f4a4a9c8d0d99f:SESSION-e9f4a4a9c8d0d99f	SESSION-e9f4a4a9c8d0d99f → pe:tls:SESSION-e9f4a4a9c8d0d99f
flow_observed4-aryOBS	e:fo:flow:e426dc2add72	flow:e426dc2add72 → host:172.234.197.23 → host:92.118.39.236 → port:tcp:3210
flow_observed4-aryOBS	e:fo:flow:9b1def7bdac1	flow:9b1def7bdac1 → host:172.234.197.23 → host:23.234.69.80 → port:tcp:18249
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bcd7e2d1fd452ee5:host:172.232.0.17	SESSION-bcd7e2d1fd452ee5 → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bcd7e2d1fd452ee5:PCAP:capture_20260424140001:b547b7157000	SESSION-bcd7e2d1fd452ee5 → PCAP:capture_20260424140001:b547b7157000
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-03ccec65d79829da:flow:6485c04b666a	SESSION-03ccec65d79829da → flow:6485c04b666a
flow_observed5-aryOBS	e:fo:flow:c37aaecdcc9a	flow:c37aaecdcc9a → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b6bccd19e88cac02:PCAP:capture_20260424150002:9b7ba46ff54d	SESSION-b6bccd19e88cac02 → PCAP:capture_20260424150002:9b7ba46ff54d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4efa693f129e7ca6:host:66.228.53.204:host:172.234.197.23	SESSION-4efa693f129e7ca6 → host:66.228.53.204 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-43328f9b50a5d423:SESSION-43328f9b50a5d423	SESSION-43328f9b50a5d423 → pe:rst:SESSION-43328f9b50a5d423
ASN_IN_ORGOBS 80%	e:ao:asn:202306:org:Hostglobal.plus Ltd	asn:202306 → org:Hostglobal.plus Ltd
FLOW_DST_PORTOBS	e:fp:flow:958f77dbf2ff:port:tcp:443	flow:958f77dbf2ff → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c365d629ce285be9:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-c365d629ce285be9 → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6bccd19e88cac02:host:172.234.197.23	SESSION-b6bccd19e88cac02 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:e62070b6aeb6	flow:e62070b6aeb6 → host:66.228.53.204 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_QUERIED_DNSOBS	e:fd:flow:53418f626ce5:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:53418f626ce5 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:144.76.23.47:geo_50.47770_12.36490	host:144.76.23.47 → geo_50.47770_12.36490
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01a793e8041caae3:host:144.76.23.47	SESSION-01a793e8041caae3 → host:144.76.23.47
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:172.232.0.17:geo_41.88350_-87.63050	host:172.232.0.17 → geo_41.88350_-87.63050
FLOW_DST_PORTOBS	e:fp:flow:b9c87c3e6634:port:tcp:22	flow:b9c87c3e6634 → port:tcp:22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-801986a05f874d44:host:66.228.53.204	SESSION-801986a05f874d44 → host:66.228.53.204
FLOW_FROM_HOSTOBS	e:from:SESSION-124f188fc662f45b:host:199.16.157.183	SESSION-124f188fc662f45b → host:199.16.157.183
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-801986a05f874d44:flow:e62070b6aeb6	SESSION-801986a05f874d44 → flow:e62070b6aeb6
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-df9c042eed58d783:host:172.234.197.23:host:2.57.122.196	SESSION-df9c042eed58d783 → host:172.234.197.23 → host:2.57.122.196
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0afee6a6d9f48fa0:host:103.155.16.117:host:172.234.197.23	SESSION-0afee6a6d9f48fa0 → host:103.155.16.117 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-43328f9b50a5d423:SESSION-43328f9b50a5d423	SESSION-43328f9b50a5d423 → pe:tls:SESSION-43328f9b50a5d423
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ca6064244966ba9:host:97.139.12.85	SESSION-1ca6064244966ba9 → host:97.139.12.85
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-124f188fc662f45b:host:172.234.197.23	SESSION-124f188fc662f45b → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.118.39.197:geo_45.99680_24.99700	host:92.118.39.197 → geo_45.99680_24.99700
flow_observed5-aryOBS	e:fo:flow:f268f9985c23	flow:f268f9985c23 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4efa693f129e7ca6:flow:4a465ec75db9	SESSION-4efa693f129e7ca6 → flow:4a465ec75db9
flow_observed4-aryOBS	e:fo:flow:d4998ce3363c	flow:d4998ce3363c → host:172.234.197.23 → host:2.57.122.192 → port:tcp:15596
HOST_IN_ASNOBS 85%	e:ha:host:66.228.53.204:asn:63949	host:66.228.53.204 → asn:63949
HOST_IN_ASNOBS 85%	e:ha:host:46.38.236.138:asn:197540	host:46.38.236.138 → asn:197540
FLOW_TO_HOSTOBS	e:to:SESSION-f952d347444430eb:host:172.232.0.17	SESSION-f952d347444430eb → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ae5c17cec58f583:flow:958f77dbf2ff	SESSION-5ae5c17cec58f583 → flow:958f77dbf2ff
FLOW_DST_PORTOBS	e:fp:flow:2c6c48655616:port:tcp:443	flow:2c6c48655616 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:2.57.122.192:geo_45.99680_24.99700	host:2.57.122.192 → geo_45.99680_24.99700
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-03ccec65d79829da:PCAP:capture_20260424160001:21dcec78926d	SESSION-03ccec65d79829da → PCAP:capture_20260424160001:21dcec78926d
flow_observed5-aryOBS	e:fo:flow:88006e5933e9	flow:88006e5933e9 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b6e402ee019b6c1:host:59.6.77.80	SESSION-5b6e402ee019b6c1 → host:59.6.77.80
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:23.234.69.80:geo_39.73910_-104.98660	host:23.234.69.80 → geo_39.73910_-104.98660
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f4ca9b0d8673927:host:172.234.197.23	SESSION-7f4ca9b0d8673927 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:d3ab3699f29d:port:udp:53	flow:d3ab3699f29d → port:udp:53
FLOW_FROM_HOSTOBS	e:from:SESSION-0938448bdcbd9d9c:host:172.234.197.23	SESSION-0938448bdcbd9d9c → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b48e5e7105113e9:host:199.16.157.181:host:172.234.197.23	SESSION-7b48e5e7105113e9 → host:199.16.157.181 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-0938448bdcbd9d9c:host:172.232.0.17	SESSION-0938448bdcbd9d9c → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b48e5e7105113e9:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-7b48e5e7105113e9 → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fc3f949cbddefabd:host:2.57.122.192:host:172.234.197.23	SESSION-fc3f949cbddefabd → host:2.57.122.192 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:128.9.29.131:geo_33.99240_-118.39910	host:128.9.29.131 → geo_33.99240_-118.39910
FLOW_TO_HOSTOBS	e:to:SESSION-132c0a35e55eb362:host:23.234.69.80	SESSION-132c0a35e55eb362 → host:23.234.69.80
FLOW_TO_HOSTOBS	e:to:SESSION-8a981e11d869c723:host:172.234.197.23	SESSION-8a981e11d869c723 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-fc3f949cbddefabd:host:2.57.122.192	SESSION-fc3f949cbddefabd → host:2.57.122.192
FLOW_TO_HOSTOBS	e:to:SESSION-5ae5c17cec58f583:host:172.234.197.23	SESSION-5ae5c17cec58f583 → host:172.234.197.23
PORT_IMPLIED_SERVICEIMP 70%	e:ps:port:tcp:5432:svc:postgres	port:tcp:5432 → svc:postgres
FLOW_DST_PORTOBS	e:fp:flow:af46c51682fe:port:tcp:80	flow:af46c51682fe → port:tcp:80
FLOW_TO_HOSTOBS	e:to:SESSION-6b6584907add35ca:host:172.234.197.23	SESSION-6b6584907add35ca → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-0938448bdcbd9d9c:BSG-BEACON-f6c2b3d0e42d	SESSION-0938448bdcbd9d9c → BSG-BEACON-f6c2b3d0e42d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-43328f9b50a5d423:SESSION-43328f9b50a5d423	SESSION-43328f9b50a5d423 → pe:syn:SESSION-43328f9b50a5d423
FLOW_TLS_SNIOBS	e:fs:flow:4eaa609c2624:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:4eaa609c2624 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-dd03efe0b367bd0d:SESSION-dd03efe0b367bd0d	SESSION-dd03efe0b367bd0d → pe:dns:SESSION-dd03efe0b367bd0d
FLOW_TO_HOSTOBS	e:to:SESSION-ae4f295d1d4cff7e:host:172.232.0.17	SESSION-ae4f295d1d4cff7e → host:172.232.0.17
flow_observed5-aryOBS	e:fo:flow:af46c51682fe	flow:af46c51682fe → host:78.153.140.148 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-137907a1c322972d:host:172.234.197.23:host:59.6.77.80	SESSION-137907a1c322972d → host:172.234.197.23 → host:59.6.77.80
FLOW_TO_HOSTOBS	e:to:SESSION-fb43e37656185293:host:2.57.122.196	SESSION-fb43e37656185293 → host:2.57.122.196
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae4f295d1d4cff7e:host:172.232.0.17	SESSION-ae4f295d1d4cff7e → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e15010a8a1e57ef1:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-e15010a8a1e57ef1 → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
flow_observed3-aryOBS	e:fo:flow:0cab2ce4a41a	flow:0cab2ce4a41a → host:103.155.16.117 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e7ac586ca0d0ef0f:PCAP:capture_20260424160001:21dcec78926d	SESSION-e7ac586ca0d0ef0f → PCAP:capture_20260424160001:21dcec78926d
FLOW_TO_HOSTOBS	e:to:SESSION-e5b926505913cd4c:host:172.234.197.23	SESSION-e5b926505913cd4c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32c3b80c2cc69cbc:host:172.232.0.17	SESSION-32c3b80c2cc69cbc → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-01a793e8041caae3:host:172.234.197.23	SESSION-01a793e8041caae3 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:199.16.157.183:asn:13414	host:199.16.157.183 → asn:13414
FLOW_FROM_HOSTOBS	e:from:SESSION-fe2be36828e6c4a2:host:172.234.197.23	SESSION-fe2be36828e6c4a2 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-5f6379841834a338:host:2.57.122.192	SESSION-5f6379841834a338 → host:2.57.122.192
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2b16ad2cc059d584:flow:4cb79ca168a0	SESSION-2b16ad2cc059d584 → flow:4cb79ca168a0
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:59.6.77.80:geo_37.54150_127.02520	host:59.6.77.80 → geo_37.54150_127.02520
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-e15010a8a1e57ef1:BSG-BEACON-f6c2b3d0e42d	SESSION-e15010a8a1e57ef1 → BSG-BEACON-f6c2b3d0e42d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b48e5e7105113e9:flow:93cba7dfff64	SESSION-7b48e5e7105113e9 → flow:93cba7dfff64
FLOW_DST_PORTOBS	e:fp:flow:f834d92b87f4:port:udp:53	flow:f834d92b87f4 → port:udp:53
FLOW_DST_PORTOBS	e:fp:flow:4eaa609c2624:port:tcp:443	flow:4eaa609c2624 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fb43e37656185293:host:172.234.197.23:host:2.57.122.196	SESSION-fb43e37656185293 → host:172.234.197.23 → host:2.57.122.196
FLOW_DST_PORTOBS	e:fp:flow:b8c49dd508ec:port:udp:53	flow:b8c49dd508ec → port:udp:53
FLOW_FROM_HOSTOBS	e:from:SESSION-03ccec65d79829da:host:8.222.219.23	SESSION-03ccec65d79829da → host:8.222.219.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-07867b4b46fa60d0:PCAP:capture_20260424150002:9b7ba46ff54d	SESSION-07867b4b46fa60d0 → PCAP:capture_20260424150002:9b7ba46ff54d
FLOW_FROM_HOSTOBS	e:from:SESSION-43328f9b50a5d423:host:40.119.32.47	SESSION-43328f9b50a5d423 → host:40.119.32.47
FLOW_TO_HOSTOBS	e:to:SESSION-df9c042eed58d783:host:2.57.122.196	SESSION-df9c042eed58d783 → host:2.57.122.196
flow_observed5-aryOBS	e:fo:flow:28bd443b2c5e	flow:28bd443b2c5e → host:46.38.236.138 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bd11a50065a6cb7c:flow:da7065edff23	SESSION-bd11a50065a6cb7c → flow:da7065edff23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c13e61513d1b018d:SESSION-c13e61513d1b018d	SESSION-c13e61513d1b018d → pe:syn:SESSION-c13e61513d1b018d
flow_observed5-aryOBS	e:fo:flow:c63542b74c29	flow:c63542b74c29 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ae5c17cec58f583:host:172.234.197.23	SESSION-5ae5c17cec58f583 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-2d3d727470c1d931:SESSION-2d3d727470c1d931	SESSION-2d3d727470c1d931 → pe:dns:SESSION-2d3d727470c1d931
flow_observed3-aryOBS	e:fo:flow:fbf83df1b6b6	flow:fbf83df1b6b6 → host:103.155.16.117 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-df0521ee237a9620:SESSION-df0521ee237a9620	SESSION-df0521ee237a9620 → pe:tls:SESSION-df0521ee237a9620
FLOW_DST_PORTOBS	e:fp:flow:e62070b6aeb6:port:tcp:443	flow:e62070b6aeb6 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-bd11a50065a6cb7c:SESSION-bd11a50065a6cb7c	SESSION-bd11a50065a6cb7c → pe:tls:SESSION-bd11a50065a6cb7c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-01a793e8041caae3:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-01a793e8041caae3 → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5846cd006f1eacb7:host:45.79.109.130:host:172.234.197.23	SESSION-5846cd006f1eacb7 → host:45.79.109.130 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6e59bfdb17a240e:host:58.254.182.115	SESSION-b6e59bfdb17a240e → host:58.254.182.115
FLOW_FROM_HOSTOBS	e:from:SESSION-47d044a3990fe914:host:172.234.197.23	SESSION-47d044a3990fe914 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c52a62f7c65f2e1a:host:46.38.236.138	SESSION-c52a62f7c65f2e1a → host:46.38.236.138
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-a61d2aadfc894ab0:SESSION-a61d2aadfc894ab0	SESSION-a61d2aadfc894ab0 → pe:rst:SESSION-a61d2aadfc894ab0
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dbe1edd4efb49468:host:35.233.68.173:host:172.234.197.23	SESSION-dbe1edd4efb49468 → host:35.233.68.173 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:92.118.39.236:asn:47890	host:92.118.39.236 → asn:47890
flow_observed5-aryOBS	e:fo:flow:4cb79ca168a0	flow:4cb79ca168a0 → host:17.22.237.22 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0938448bdcbd9d9c:host:172.234.197.23	SESSION-0938448bdcbd9d9c → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-124f188fc662f45b:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-124f188fc662f45b → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.79.109.130:geo_37.56250_-122.00040	host:45.79.109.130 → geo_37.56250_-122.00040
ASN_IN_ORGOBS 80%	e:ao:asn:396982:org:Google LLC	asn:396982 → org:Google LLC
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46adfbb34624e2be:host:172.234.197.23	SESSION-46adfbb34624e2be → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c51bf5b097ea:port:tcp:443	flow:c51bf5b097ea → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8e62b0ad557062a:host:199.16.157.181	SESSION-f8e62b0ad557062a → host:199.16.157.181
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2d3d727470c1d931:PCAP:capture_20260424160001:21dcec78926d	SESSION-2d3d727470c1d931 → PCAP:capture_20260424160001:21dcec78926d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c52a62f7c65f2e1a:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-c52a62f7c65f2e1a → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-132c0a35e55eb362:host:23.234.69.80	SESSION-132c0a35e55eb362 → host:23.234.69.80
FLOW_FROM_HOSTOBS	e:from:SESSION-2d3d727470c1d931:host:172.234.197.23	SESSION-2d3d727470c1d931 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f268f9985c23:port:udp:53	flow:f268f9985c23 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd11a50065a6cb7c:host:172.234.197.23	SESSION-bd11a50065a6cb7c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:2759e86a7e02:port:udp:53	flow:2759e86a7e02 → port:udp:53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-fe2be36828e6c4a2:SESSION-fe2be36828e6c4a2	SESSION-fe2be36828e6c4a2 → pe:dns:SESSION-fe2be36828e6c4a2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b6b3bfbd3509f3d:host:172.234.197.23	SESSION-8b6b3bfbd3509f3d → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:4766:org:Korea Telecom	asn:4766 → org:Korea Telecom
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-32c3b80c2cc69cbc:host:172.234.197.23	SESSION-32c3b80c2cc69cbc → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:5091dda9661a	flow:5091dda9661a → host:172.234.197.23 → host:2.57.122.192
HOST_IN_ASNOBS 85%	e:ha:host:103.155.16.117:asn:138915	host:103.155.16.117 → asn:138915
ASN_IN_ORGOBS 80%	e:ao:asn:11878:org:tzulo, inc.	asn:11878 → org:tzulo, inc.
flow_observed5-aryOBS	e:fo:flow:c51bf5b097ea	flow:c51bf5b097ea → host:199.16.157.183 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ae4f295d1d4cff7e:host:172.234.197.23	SESSION-ae4f295d1d4cff7e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e15010a8a1e57ef1:host:172.232.0.17	SESSION-e15010a8a1e57ef1 → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bd11a50065a6cb7c:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-bd11a50065a6cb7c → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
FLOW_DST_PORTOBS	e:fp:flow:da7065edff23:port:tcp:443	flow:da7065edff23 → port:tcp:443
FLOW_QUERIED_DNSOBS	e:fd:flow:9f56a1b92a85:dns:172-234-197-23.ip.linodeusercontent.com	flow:9f56a1b92a85 → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-dd03efe0b367bd0d:host:172.234.197.23	SESSION-dd03efe0b367bd0d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:6485c04b666a	flow:6485c04b666a → host:8.222.219.23 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f6379841834a338:host:172.234.197.23	SESSION-5f6379841834a338 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-0938448bdcbd9d9c:SESSION-0938448bdcbd9d9c	SESSION-0938448bdcbd9d9c → pe:dns:SESSION-0938448bdcbd9d9c
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-47d044a3990fe914:BSG-BEACON-f6c2b3d0e42d	SESSION-47d044a3990fe914 → BSG-BEACON-f6c2b3d0e42d
FLOW_FROM_HOSTOBS	e:from:SESSION-b6bccd19e88cac02:host:172.234.197.23	SESSION-b6bccd19e88cac02 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:d5c7343ffad3:dns:172-234-197-23.ip.linodeusercontent.com	flow:d5c7343ffad3 → dns:172-234-197-23.ip.linodeusercontent.com
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:66.228.53.204:geo_32.94730_-96.70280	host:66.228.53.204 → geo_32.94730_-96.70280
FLOW_QUERIED_DNSOBS	e:fd:flow:d3ab3699f29d:dns:172-234-197-23.ip.linodeusercontent.com	flow:d3ab3699f29d → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-a61d2aadfc894ab0:host:92.118.39.236	SESSION-a61d2aadfc894ab0 → host:92.118.39.236
FLOW_TO_HOSTOBS	e:to:SESSION-4efa693f129e7ca6:host:172.234.197.23	SESSION-4efa693f129e7ca6 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-801986a05f874d44:SESSION-801986a05f874d44	SESSION-801986a05f874d44 → pe:tls:SESSION-801986a05f874d44
FLOW_TO_HOSTOBS	e:to:SESSION-2d3d727470c1d931:host:172.232.0.17	SESSION-2d3d727470c1d931 → host:172.232.0.17
FLOW_QUERIED_DNSOBS	e:fd:flow:c63542b74c29:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:c63542b74c29 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-01a793e8041caae3:SESSION-01a793e8041caae3	SESSION-01a793e8041caae3 → pe:syn:SESSION-01a793e8041caae3
ASN_IN_ORGOBS 80%	e:ao:asn:6167:org:Verizon Business	asn:6167 → org:Verizon Business
FLOW_DST_PORTOBS	e:fp:flow:5e470028e46b:port:tcp:42622	flow:5e470028e46b → port:tcp:42622
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c13e61513d1b018d:PCAP:capture_20260424150002:9b7ba46ff54d	SESSION-c13e61513d1b018d → PCAP:capture_20260424150002:9b7ba46ff54d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-43328f9b50a5d423:host:40.119.32.47	SESSION-43328f9b50a5d423 → host:40.119.32.47
FLOW_TO_HOSTOBS	e:to:SESSION-549cd508c26f4eff:host:172.234.197.23	SESSION-549cd508c26f4eff → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-e15010a8a1e57ef1:SESSION-e15010a8a1e57ef1	SESSION-e15010a8a1e57ef1 → pe:dns:SESSION-e15010a8a1e57ef1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-46adfbb34624e2be:host:2.57.122.192	SESSION-46adfbb34624e2be → host:2.57.122.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b48e5e7105113e9:host:199.16.157.181	SESSION-7b48e5e7105113e9 → host:199.16.157.181
flow_observed3-aryOBS	e:fo:flow:c8a7ee2a5fe9	flow:c8a7ee2a5fe9 → host:172.234.197.23 → host:2.57.122.196
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-801986a05f874d44:PCAP:capture_20260424150002:9b7ba46ff54d	SESSION-801986a05f874d44 → PCAP:capture_20260424150002:9b7ba46ff54d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0938448bdcbd9d9c:host:172.232.0.17	SESSION-0938448bdcbd9d9c → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-137907a1c322972d:SESSION-137907a1c322972d	SESSION-137907a1c322972d → pe:rst:SESSION-137907a1c322972d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e5b926505913cd4c:PCAP:capture_20260424140001:b547b7157000	SESSION-e5b926505913cd4c → PCAP:capture_20260424140001:b547b7157000
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fb43e37656185293:PCAP:capture_20260424160001:21dcec78926d	SESSION-fb43e37656185293 → PCAP:capture_20260424160001:21dcec78926d
FLOW_FROM_HOSTOBS	e:from:SESSION-137907a1c322972d:host:172.234.197.23	SESSION-137907a1c322972d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e9f4a4a9c8d0d99f:host:199.16.157.182	SESSION-e9f4a4a9c8d0d99f → host:199.16.157.182
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c52a62f7c65f2e1a:SESSION-c52a62f7c65f2e1a	SESSION-c52a62f7c65f2e1a → pe:tls:SESSION-c52a62f7c65f2e1a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-32c3b80c2cc69cbc:host:172.234.197.23:host:172.232.0.17	SESSION-32c3b80c2cc69cbc → host:172.234.197.23 → host:172.232.0.17
FLOW_HTTP_HOSTOBS	e:fh:flow:42f1c8ab98a8:http_host:172.234.197.23	flow:42f1c8ab98a8 → http_host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d5c7343ffad3	flow:d5c7343ffad3 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
HOST_IN_ASNOBS 85%	e:ha:host:199.16.157.182:asn:13414	host:199.16.157.182 → asn:13414
FLOW_TLS_SNIOBS	e:fs:flow:4cb79ca168a0:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:4cb79ca168a0 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-c13e61513d1b018d:host:78.153.140.148	SESSION-c13e61513d1b018d → host:78.153.140.148
FLOW_TO_HOSTOBS	e:to:SESSION-e7ac586ca0d0ef0f:host:172.232.0.17	SESSION-e7ac586ca0d0ef0f → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-0afee6a6d9f48fa0:host:172.234.197.23	SESSION-0afee6a6d9f48fa0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c52a62f7c65f2e1a:host:46.38.236.138	SESSION-c52a62f7c65f2e1a → host:46.38.236.138
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a61d2aadfc894ab0:host:172.234.197.23:host:92.118.39.236	SESSION-a61d2aadfc894ab0 → host:172.234.197.23 → host:92.118.39.236
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-124f188fc662f45b:flow:c51bf5b097ea	SESSION-124f188fc662f45b → flow:c51bf5b097ea
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1f6be4d567980bce:host:172.234.197.23:host:2.57.122.192	SESSION-1f6be4d567980bce → host:172.234.197.23 → host:2.57.122.192
FLOW_QUERIED_DNSOBS	e:fd:flow:3c416f42759a:dns:172-234-197-23.ip.linodeusercontent.com	flow:3c416f42759a → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_DST_PORTOBS	e:fp:flow:c4e6a453e687:port:udp:53	flow:c4e6a453e687 → port:udp:53
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e9f4a4a9c8d0d99f:flow:0d727e2708b4	SESSION-e9f4a4a9c8d0d99f → flow:0d727e2708b4
FLOW_FROM_HOSTOBS	e:from:SESSION-8b6b3bfbd3509f3d:host:103.155.16.117	SESSION-8b6b3bfbd3509f3d → host:103.155.16.117
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e5b926505913cd4c:SESSION-e5b926505913cd4c	SESSION-e5b926505913cd4c → pe:syn:SESSION-e5b926505913cd4c
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b6bccd19e88cac02:host:172.234.197.23:host:172.232.0.17	SESSION-b6bccd19e88cac02 → host:172.234.197.23 → host:172.232.0.17
flow_observed5-aryOBS	e:fo:flow:0d727e2708b4	flow:0d727e2708b4 → host:199.16.157.182 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-801986a05f874d44:host:66.228.53.204:host:172.234.197.23	SESSION-801986a05f874d44 → host:66.228.53.204 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:67799a4b0206	flow:67799a4b0206 → host:199.16.157.182 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:58.254.182.115:geo_22.77850_115.34520	host:58.254.182.115 → geo_22.77850_115.34520
FLOW_DST_PORTOBS	e:fp:flow:e426dc2add72:port:tcp:3210	flow:e426dc2add72 → port:tcp:3210
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c52a62f7c65f2e1a:flow:28bd443b2c5e	SESSION-c52a62f7c65f2e1a → flow:28bd443b2c5e
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-07867b4b46fa60d0:flow:f834d92b87f4	SESSION-07867b4b46fa60d0 → flow:f834d92b87f4
flow_observed5-aryOBS	e:fo:flow:53418f626ce5	flow:53418f626ce5 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-07867b4b46fa60d0:host:172.234.197.23:host:172.232.0.17	SESSION-07867b4b46fa60d0 → host:172.234.197.23 → host:172.232.0.17
FLOW_FROM_HOSTOBS	e:from:SESSION-e9f4a4a9c8d0d99f:host:199.16.157.182	SESSION-e9f4a4a9c8d0d99f → host:199.16.157.182
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5f6379841834a338:PCAP:capture_20260424150002:9b7ba46ff54d	SESSION-5f6379841834a338 → PCAP:capture_20260424150002:9b7ba46ff54d
FLOW_TO_HOSTOBS	e:to:SESSION-fe2be36828e6c4a2:host:172.232.0.17	SESSION-fe2be36828e6c4a2 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6b6584907add35ca:host:172.234.197.23	SESSION-6b6584907add35ca → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-4efa693f129e7ca6:host:66.228.53.204	SESSION-4efa693f129e7ca6 → host:66.228.53.204
flow_observed5-aryOBS	e:fo:flow:9f56a1b92a85	flow:9f56a1b92a85 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_DST_PORTOBS	e:fp:flow:53418f626ce5:port:udp:53	flow:53418f626ce5 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c52a62f7c65f2e1a:host:172.234.197.23	SESSION-c52a62f7c65f2e1a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-549cd508c26f4eff:host:128.9.29.131	SESSION-549cd508c26f4eff → host:128.9.29.131
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f8e62b0ad557062a:flow:10959da4f2fa	SESSION-f8e62b0ad557062a → flow:10959da4f2fa
flow_observed4-aryOBS	e:fo:flow:5e470028e46b	flow:5e470028e46b → host:172.234.197.23 → host:59.6.77.80 → port:tcp:42622
flow_observed5-aryOBS	e:fo:flow:743cca931674	flow:743cca931674 → host:2.57.122.192 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1f6be4d567980bce:flow:5091dda9661a	SESSION-1f6be4d567980bce → flow:5091dda9661a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0afee6a6d9f48fa0:host:103.155.16.117	SESSION-0afee6a6d9f48fa0 → host:103.155.16.117
FLOW_DST_PORTOBS	e:fp:flow:88006e5933e9:port:udp:53	flow:88006e5933e9 → port:udp:53
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dd03efe0b367bd0d:PCAP:capture_20260424170001:2a81081d173e	SESSION-dd03efe0b367bd0d → PCAP:capture_20260424170001:2a81081d173e
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fc3f949cbddefabd:PCAP:capture_20260424150002:9b7ba46ff54d	SESSION-fc3f949cbddefabd → PCAP:capture_20260424150002:9b7ba46ff54d
FLOW_FROM_HOSTOBS	e:from:SESSION-2b16ad2cc059d584:host:17.22.237.22	SESSION-2b16ad2cc059d584 → host:17.22.237.22
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-6b6584907add35ca:BSG-DATA_EXFIL-0b1600805959	SESSION-6b6584907add35ca → BSG-DATA_EXFIL-0b1600805959
flow_observed5-aryOBS	e:fo:flow:236e160bf97b	flow:236e160bf97b → host:92.118.39.197 → host:172.234.197.23 → port:tcp:22 → svc:ssh
FLOW_FROM_HOSTOBS	e:from:SESSION-2f842951575bb476:host:78.153.140.148	SESSION-2f842951575bb476 → host:78.153.140.148
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b6e59bfdb17a240e:flow:4fa77a1ba33a	SESSION-b6e59bfdb17a240e → flow:4fa77a1ba33a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4efa693f129e7ca6:host:172.234.197.23	SESSION-4efa693f129e7ca6 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6b6584907add35ca:host:43.135.145.73:host:172.234.197.23	SESSION-6b6584907add35ca → host:43.135.145.73 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-43328f9b50a5d423:flow:99a9f8b7c5b3	SESSION-43328f9b50a5d423 → flow:99a9f8b7c5b3
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d2ebf88e7456c490:host:92.118.39.197:host:172.234.197.23	SESSION-d2ebf88e7456c490 → host:92.118.39.197 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-32c3b80c2cc69cbc:flow:c37aaecdcc9a	SESSION-32c3b80c2cc69cbc → flow:c37aaecdcc9a
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-df0521ee237a9620:flow:2c6c48655616	SESSION-df0521ee237a9620 → flow:2c6c48655616
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0afee6a6d9f48fa0:host:172.234.197.23	SESSION-0afee6a6d9f48fa0 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-ae4f295d1d4cff7e:BSG-BEACON-f6c2b3d0e42d	SESSION-ae4f295d1d4cff7e → BSG-BEACON-f6c2b3d0e42d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5f6379841834a338:host:172.234.197.23:host:2.57.122.192	SESSION-5f6379841834a338 → host:172.234.197.23 → host:2.57.122.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03ccec65d79829da:host:172.234.197.23	SESSION-03ccec65d79829da → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:2759e86a7e02:dns:172-234-197-23.ip.linodeusercontent.com	flow:2759e86a7e02 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c365d629ce285be9:host:199.16.157.183:host:172.234.197.23	SESSION-c365d629ce285be9 → host:199.16.157.183 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:136958:org:China Unicom Guangdong IP network	asn:136958 → org:China Unicom Guangdong IP network
FLOW_FROM_HOSTOBS	e:from:SESSION-0afee6a6d9f48fa0:host:103.155.16.117	SESSION-0afee6a6d9f48fa0 → host:103.155.16.117
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-801986a05f874d44:host:172.234.197.23	SESSION-801986a05f874d44 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d3d727470c1d931:host:172.232.0.17	SESSION-2d3d727470c1d931 → host:172.232.0.17
ASN_IN_ORGOBS 80%	e:ao:asn:24940:org:Hetzner Online GmbH	asn:24940 → org:Hetzner Online GmbH
FLOW_TO_HOSTOBS	e:to:SESSION-01a793e8041caae3:host:172.234.197.23	SESSION-01a793e8041caae3 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6485c04b666a:port:tcp:22	flow:6485c04b666a → port:tcp:22
FLOW_TLS_SNIOBS	e:fs:flow:0d727e2708b4:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:0d727e2708b4 → tls_sni:172-234-197-23.ip.linodeusercontent.com
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:46.38.236.138:geo_49.44230_11.01910	host:46.38.236.138 → geo_49.44230_11.01910
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-5f6379841834a338:SESSION-5f6379841834a338	SESSION-5f6379841834a338 → pe:rst:SESSION-5f6379841834a338
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bcd7e2d1fd452ee5:host:172.234.197.23:host:172.232.0.17	SESSION-bcd7e2d1fd452ee5 → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-43328f9b50a5d423:host:172.234.197.23	SESSION-43328f9b50a5d423 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b6e402ee019b6c1:flow:5e470028e46b	SESSION-5b6e402ee019b6c1 → flow:5e470028e46b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-b6bccd19e88cac02:SESSION-b6bccd19e88cac02	SESSION-b6bccd19e88cac02 → pe:dns:SESSION-b6bccd19e88cac02
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c52a62f7c65f2e1a:SESSION-c52a62f7c65f2e1a	SESSION-c52a62f7c65f2e1a → pe:syn:SESSION-c52a62f7c65f2e1a
flow_observed5-aryOBS	e:fo:flow:99a9f8b7c5b3	flow:99a9f8b7c5b3 → host:40.119.32.47 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-801986a05f874d44:SESSION-801986a05f874d44	SESSION-801986a05f874d44 → pe:syn:SESSION-801986a05f874d44
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-47d044a3990fe914:PCAP:capture_20260424140001:b547b7157000	SESSION-47d044a3990fe914 → PCAP:capture_20260424140001:b547b7157000
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-46adfbb34624e2be:host:172.234.197.23:host:2.57.122.192	SESSION-46adfbb34624e2be → host:172.234.197.23 → host:2.57.122.192
HOST_IN_ASNOBS 85%	e:ha:host:23.234.69.80:asn:11878	host:23.234.69.80 → asn:11878
FLOW_TO_HOSTOBS	e:to:SESSION-47d044a3990fe914:host:172.232.0.17	SESSION-47d044a3990fe914 → host:172.232.0.17
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-b6bccd19e88cac02:BSG-BEACON-f6c2b3d0e42d	SESSION-b6bccd19e88cac02 → BSG-BEACON-f6c2b3d0e42d
FLOW_QUERIED_DNSOBS	e:fd:flow:f268f9985c23:dns:172-234-197-23.ip.linodeusercontent.com	flow:f268f9985c23 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e15010a8a1e57ef1:host:172.232.0.17	SESSION-e15010a8a1e57ef1 → host:172.232.0.17
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:40.119.32.47:geo_29.42270_-98.49270	host:40.119.32.47 → geo_29.42270_-98.49270
FLOW_TLS_SNIOBS	e:fs:flow:a46be0b84889:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:a46be0b84889 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-132c0a35e55eb362:flow:9b1def7bdac1	SESSION-132c0a35e55eb362 → flow:9b1def7bdac1
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-e7ac586ca0d0ef0f:BSG-BEACON-f6c2b3d0e42d	SESSION-e7ac586ca0d0ef0f → BSG-BEACON-f6c2b3d0e42d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e7ac586ca0d0ef0f:host:172.234.197.23:host:172.232.0.17	SESSION-e7ac586ca0d0ef0f → host:172.234.197.23 → host:172.232.0.17
FLOW_FROM_HOSTOBS	e:from:SESSION-c365d629ce285be9:host:199.16.157.183	SESSION-c365d629ce285be9 → host:199.16.157.183
flow_observed5-aryOBS	e:fo:flow:991e601541a1	flow:991e601541a1 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
HOST_IN_ASNOBS 85%	e:ha:host:172.234.197.23:asn:63949	host:172.234.197.23 → asn:63949
PORT_IMPLIED_SERVICEIMP 70%	e:ps:port:udp:53:svc:dns	port:udp:53 → svc:dns
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b48e5e7105113e9:host:172.234.197.23	SESSION-7b48e5e7105113e9 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d3ab3699f29d	flow:d3ab3699f29d → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_TO_HOSTOBS	e:to:SESSION-dbe1edd4efb49468:host:172.234.197.23	SESSION-dbe1edd4efb49468 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2b16ad2cc059d584:host:17.22.237.22:host:172.234.197.23	SESSION-2b16ad2cc059d584 → host:17.22.237.22 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-32c3b80c2cc69cbc:host:172.234.197.23	SESSION-32c3b80c2cc69cbc → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8a981e11d869c723:host:199.16.157.182:host:172.234.197.23	SESSION-8a981e11d869c723 → host:199.16.157.182 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-dbe1edd4efb49468:PCAP:capture_20260424140001:b547b7157000	SESSION-dbe1edd4efb49468 → PCAP:capture_20260424140001:b547b7157000
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-549cd508c26f4eff:PCAP:capture_20260424150002:9b7ba46ff54d	SESSION-549cd508c26f4eff → PCAP:capture_20260424150002:9b7ba46ff54d
FLOW_DST_PORTOBS	e:fp:flow:236e160bf97b:port:tcp:22	flow:236e160bf97b → port:tcp:22
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8a981e11d869c723:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-8a981e11d869c723 → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%	e:bsg:SESSION-7b48e5e7105113e9:BSG-DATA_EXFIL-c45ebda152e5	SESSION-7b48e5e7105113e9 → BSG-DATA_EXFIL-c45ebda152e5
FLOW_TO_HOSTOBS	e:to:SESSION-32c3b80c2cc69cbc:host:172.232.0.17	SESSION-32c3b80c2cc69cbc → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bcd7e2d1fd452ee5:host:172.234.197.23	SESSION-bcd7e2d1fd452ee5 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-bd11a50065a6cb7c:SESSION-bd11a50065a6cb7c	SESSION-bd11a50065a6cb7c → pe:rst:SESSION-bd11a50065a6cb7c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f8e62b0ad557062a:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-f8e62b0ad557062a → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5846cd006f1eacb7:host:45.79.109.130	SESSION-5846cd006f1eacb7 → host:45.79.109.130
FLOW_FROM_HOSTOBS	e:from:SESSION-fb43e37656185293:host:172.234.197.23	SESSION-fb43e37656185293 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-1f6be4d567980bce:host:2.57.122.192	SESSION-1f6be4d567980bce → host:2.57.122.192
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8b6b3bfbd3509f3d:host:103.155.16.117	SESSION-8b6b3bfbd3509f3d → host:103.155.16.117
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%	e:bsg:SESSION-2b16ad2cc059d584:BSG-DATA_EXFIL-ba0a9ef14e5d	SESSION-2b16ad2cc059d584 → BSG-DATA_EXFIL-ba0a9ef14e5d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-7b48e5e7105113e9:SESSION-7b48e5e7105113e9	SESSION-7b48e5e7105113e9 → pe:syn:SESSION-7b48e5e7105113e9
FLOW_FROM_HOSTOBS	e:from:SESSION-801986a05f874d44:host:66.228.53.204	SESSION-801986a05f874d44 → host:66.228.53.204
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-01a793e8041caae3:flow:a46be0b84889	SESSION-01a793e8041caae3 → flow:a46be0b84889
flow_observed3-aryOBS	e:fo:flow:81b8ace9a2e6	flow:81b8ace9a2e6 → host:172.234.197.23 → host:2.57.122.192
FLOW_FROM_HOSTOBS	e:from:SESSION-5f6379841834a338:host:172.234.197.23	SESSION-5f6379841834a338 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0938448bdcbd9d9c:flow:c63542b74c29	SESSION-0938448bdcbd9d9c → flow:c63542b74c29
FLOW_FROM_HOSTOBS	e:from:SESSION-f952d347444430eb:host:172.234.197.23	SESSION-f952d347444430eb → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bd11a50065a6cb7c:host:144.76.23.47	SESSION-bd11a50065a6cb7c → host:144.76.23.47
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ae5c17cec58f583:host:97.139.12.85	SESSION-5ae5c17cec58f583 → host:97.139.12.85
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-7f4ca9b0d8673927:SESSION-7f4ca9b0d8673927	SESSION-7f4ca9b0d8673927 → pe:dns:SESSION-7f4ca9b0d8673927
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-47d044a3990fe914:flow:88006e5933e9	SESSION-47d044a3990fe914 → flow:88006e5933e9
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df0521ee237a9620:host:97.139.12.85	SESSION-df0521ee237a9620 → host:97.139.12.85
FLOW_TO_HOSTOBS	e:to:SESSION-46adfbb34624e2be:host:2.57.122.192	SESSION-46adfbb34624e2be → host:2.57.122.192
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-46adfbb34624e2be:PCAP:capture_20260424150002:9b7ba46ff54d	SESSION-46adfbb34624e2be → PCAP:capture_20260424150002:9b7ba46ff54d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2d3d727470c1d931:flow:f268f9985c23	SESSION-2d3d727470c1d931 → flow:f268f9985c23
FLOW_QUERIED_DNSOBS	e:fd:flow:6ac8bc7ce374:dns:172-234-197-23.ip.linodeusercontent.com	flow:6ac8bc7ce374 → dns:172-234-197-23.ip.linodeusercontent.com
PORT_IMPLIED_SERVICEIMP 70%	e:ps:port:tcp:443:svc:https	port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-dbe1edd4efb49468:SESSION-dbe1edd4efb49468	SESSION-dbe1edd4efb49468 → pe:syn:SESSION-dbe1edd4efb49468
FLOW_TO_HOSTOBS	e:to:SESSION-7b48e5e7105113e9:host:172.234.197.23	SESSION-7b48e5e7105113e9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df9c042eed58d783:host:172.234.197.23	SESSION-df9c042eed58d783 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-ae4f295d1d4cff7e:SESSION-ae4f295d1d4cff7e	SESSION-ae4f295d1d4cff7e → pe:dns:SESSION-ae4f295d1d4cff7e
ASN_IN_ORGOBS 80%	e:ao:asn:714:org:Apple Inc.	asn:714 → org:Apple Inc.
flow_observed5-aryOBS	e:fo:flow:c4e6a453e687	flow:c4e6a453e687 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
HOST_IN_ASNOBS 85%	e:ha:host:144.76.23.47:asn:24940	host:144.76.23.47 → asn:24940
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c13e61513d1b018d:host:78.153.140.148:host:172.234.197.23	SESSION-c13e61513d1b018d → host:78.153.140.148 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:199.16.157.181:geo_33.76970_-84.37540	host:199.16.157.181 → geo_33.76970_-84.37540
flow_observed5-aryOBS	e:fo:flow:a46be0b84889	flow:a46be0b84889 → host:144.76.23.47 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ae5c17cec58f583:host:97.139.12.85:host:172.234.197.23	SESSION-5ae5c17cec58f583 → host:97.139.12.85 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-43328f9b50a5d423:host:40.119.32.47:host:172.234.197.23	SESSION-43328f9b50a5d423 → host:40.119.32.47 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:6ac8bc7ce374:port:udp:53	flow:6ac8bc7ce374 → port:udp:53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-124f188fc662f45b:host:199.16.157.183:host:172.234.197.23	SESSION-124f188fc662f45b → host:199.16.157.183 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8b6b3bfbd3509f3d:host:172.234.197.23	SESSION-8b6b3bfbd3509f3d → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:0d727e2708b4:port:tcp:443	flow:0d727e2708b4 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb43e37656185293:host:2.57.122.196	SESSION-fb43e37656185293 → host:2.57.122.196
ASN_IN_ORGOBS 80%	e:ao:asn:138915:org:Kaopu Cloud HK Limited	asn:138915 → org:Kaopu Cloud HK Limited
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df0521ee237a9620:host:172.234.197.23	SESSION-df0521ee237a9620 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dbe1edd4efb49468:host:35.233.68.173	SESSION-dbe1edd4efb49468 → host:35.233.68.173
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-01a793e8041caae3:host:144.76.23.47:host:172.234.197.23	SESSION-01a793e8041caae3 → host:144.76.23.47 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e15010a8a1e57ef1:host:172.234.197.23:host:172.232.0.17	SESSION-e15010a8a1e57ef1 → host:172.234.197.23 → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e9f4a4a9c8d0d99f:SESSION-e9f4a4a9c8d0d99f	SESSION-e9f4a4a9c8d0d99f → pe:syn:SESSION-e9f4a4a9c8d0d99f
FLOW_DST_PORTOBS	e:fp:flow:c37aaecdcc9a:port:udp:53	flow:c37aaecdcc9a → port:udp:53
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-dd03efe0b367bd0d:BSG-BEACON-f6c2b3d0e42d	SESSION-dd03efe0b367bd0d → BSG-BEACON-f6c2b3d0e42d
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-32c3b80c2cc69cbc:BSG-BEACON-f6c2b3d0e42d	SESSION-32c3b80c2cc69cbc → BSG-BEACON-f6c2b3d0e42d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2b16ad2cc059d584:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-2b16ad2cc059d584 → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a61d2aadfc894ab0:PCAP:capture_20260424140001:b547b7157000	SESSION-a61d2aadfc894ab0 → PCAP:capture_20260424140001:b547b7157000
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6b6584907add35ca:flow:4eaa609c2624	SESSION-6b6584907add35ca → flow:4eaa609c2624
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-d2ebf88e7456c490:SESSION-d2ebf88e7456c490	SESSION-d2ebf88e7456c490 → pe:rst:SESSION-d2ebf88e7456c490
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2f842951575bb476:host:78.153.140.148:host:172.234.197.23	SESSION-2f842951575bb476 → host:78.153.140.148 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-df9c042eed58d783:host:2.57.122.196	SESSION-df9c042eed58d783 → host:2.57.122.196
FLOW_DST_PORTOBS	e:fp:flow:9b1def7bdac1:port:tcp:18249	flow:9b1def7bdac1 → port:tcp:18249
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-df9c042eed58d783:PCAP:capture_20260424160001:21dcec78926d	SESSION-df9c042eed58d783 → PCAP:capture_20260424160001:21dcec78926d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dbe1edd4efb49468:host:172.234.197.23	SESSION-dbe1edd4efb49468 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d2ebf88e7456c490:flow:236e160bf97b	SESSION-d2ebf88e7456c490 → flow:236e160bf97b
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-132c0a35e55eb362:SESSION-132c0a35e55eb362	SESSION-132c0a35e55eb362 → pe:syn:SESSION-132c0a35e55eb362
flow_observed5-aryOBS	e:fo:flow:93cba7dfff64	flow:93cba7dfff64 → host:199.16.157.181 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:10959da4f2fa:port:tcp:443	flow:10959da4f2fa → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-df0521ee237a9620:host:172.234.197.23	SESSION-df0521ee237a9620 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-132c0a35e55eb362:host:172.234.197.23	SESSION-132c0a35e55eb362 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4efa693f129e7ca6:PCAP:capture_20260424150002:9b7ba46ff54d	SESSION-4efa693f129e7ca6 → PCAP:capture_20260424150002:9b7ba46ff54d
FLOW_TO_HOSTOBS	e:to:SESSION-7f4ca9b0d8673927:host:172.232.0.17	SESSION-7f4ca9b0d8673927 → host:172.232.0.17
FLOW_DST_PORTOBS	e:fp:flow:c63542b74c29:port:udp:53	flow:c63542b74c29 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6e59bfdb17a240e:host:172.234.197.23	SESSION-b6e59bfdb17a240e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6bccd19e88cac02:host:172.232.0.17	SESSION-b6bccd19e88cac02 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-124f188fc662f45b:host:199.16.157.183	SESSION-124f188fc662f45b → host:199.16.157.183
FLOW_FROM_HOSTOBS	e:from:SESSION-e5b926505913cd4c:host:92.118.39.236	SESSION-e5b926505913cd4c → host:92.118.39.236
FLOW_FROM_HOSTOBS	e:from:SESSION-132c0a35e55eb362:host:172.234.197.23	SESSION-132c0a35e55eb362 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-6b6584907add35ca:host:43.135.145.73	SESSION-6b6584907add35ca → host:43.135.145.73
flow_observed5-aryOBS	e:fo:flow:f834d92b87f4	flow:f834d92b87f4 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
flow_observed5-aryOBS	e:fo:flow:2c6c48655616	flow:2c6c48655616 → host:97.139.12.85 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1f6be4d567980bce:PCAP:capture_20260424150002:9b7ba46ff54d	SESSION-1f6be4d567980bce → PCAP:capture_20260424150002:9b7ba46ff54d
FLOW_DST_PORTOBS	e:fp:flow:3c416f42759a:port:udp:53	flow:3c416f42759a → port:udp:53
FLOW_FROM_HOSTOBS	e:from:SESSION-7b48e5e7105113e9:host:199.16.157.181	SESSION-7b48e5e7105113e9 → host:199.16.157.181
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ae5c17cec58f583:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-5ae5c17cec58f583 → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0afee6a6d9f48fa0:flow:fbf83df1b6b6	SESSION-0afee6a6d9f48fa0 → flow:fbf83df1b6b6
FLOW_TO_HOSTOBS	e:to:SESSION-2b16ad2cc059d584:host:172.234.197.23	SESSION-2b16ad2cc059d584 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-b6e59bfdb17a240e:host:58.254.182.115	SESSION-b6e59bfdb17a240e → host:58.254.182.115
ASN_IN_ORGOBS 80%	e:ao:asn:132203:org:Tencent Building, Kejizhongyi Avenue	asn:132203 → org:Tencent Building, Kejizhongyi Avenue
FLOW_QUERIED_DNSOBS	e:fd:flow:991e601541a1:dns:172-234-197-23.ip.linodeusercontent.com	flow:991e601541a1 → dns:172-234-197-23.ip.linodeusercontent.com
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:172.234.197.23:geo_41.88350_-87.63050	host:172.234.197.23 → geo_41.88350_-87.63050
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2d3d727470c1d931:host:172.234.197.23:host:172.232.0.17	SESSION-2d3d727470c1d931 → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c365d629ce285be9:host:172.234.197.23	SESSION-c365d629ce285be9 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5f6379841834a338:host:2.57.122.192	SESSION-5f6379841834a338 → host:2.57.122.192
FLOW_TO_HOSTOBS	e:to:SESSION-bd11a50065a6cb7c:host:172.234.197.23	SESSION-bd11a50065a6cb7c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-03ccec65d79829da:host:172.234.197.23	SESSION-03ccec65d79829da → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5b6e402ee019b6c1:host:172.234.197.23	SESSION-5b6e402ee019b6c1 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07867b4b46fa60d0:host:172.234.197.23	SESSION-07867b4b46fa60d0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2b16ad2cc059d584:host:17.22.237.22	SESSION-2b16ad2cc059d584 → host:17.22.237.22
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-801986a05f874d44:BSG-DATA_EXFIL-f0f719b48579	SESSION-801986a05f874d44 → BSG-DATA_EXFIL-f0f719b48579
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c13e61513d1b018d:host:78.153.140.148	SESSION-c13e61513d1b018d → host:78.153.140.148
FLOW_TO_HOSTOBS	e:to:SESSION-c13e61513d1b018d:host:172.234.197.23	SESSION-c13e61513d1b018d → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:0a764492b76b	flow:0a764492b76b → host:45.79.109.130 → host:172.234.197.23 → port:tcp:10006
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72c3b3d3b2889ec2:host:172.232.0.17	SESSION-72c3b3d3b2889ec2 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc3f949cbddefabd:host:2.57.122.192	SESSION-fc3f949cbddefabd → host:2.57.122.192
FLOW_DST_PORTOBS	e:fp:flow:a46be0b84889:port:tcp:443	flow:a46be0b84889 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-d2ebf88e7456c490:host:172.234.197.23	SESSION-d2ebf88e7456c490 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe2be36828e6c4a2:host:172.234.197.23	SESSION-fe2be36828e6c4a2 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:199.16.157.183:geo_33.76970_-84.37540	host:199.16.157.183 → geo_33.76970_-84.37540
FLOW_TO_HOSTOBS	e:to:SESSION-dd03efe0b367bd0d:host:172.232.0.17	SESSION-dd03efe0b367bd0d → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-72c3b3d3b2889ec2:host:172.232.0.17	SESSION-72c3b3d3b2889ec2 → host:172.232.0.17
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:35.233.68.173:geo_50.85340_4.34700	host:35.233.68.173 → geo_50.85340_4.34700
HOST_IN_ASNOBS 85%	e:ha:host:128.9.29.131:asn:4	host:128.9.29.131 → asn:4
FLOW_DST_PORTOBS	e:fp:flow:66bb27cf4c04:port:tcp:443	flow:66bb27cf4c04 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:b9c87c3e6634	flow:b9c87c3e6634 → host:92.118.39.236 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e15010a8a1e57ef1:host:172.234.197.23	SESSION-e15010a8a1e57ef1 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:40.119.32.47:asn:8075	host:40.119.32.47 → asn:8075
FLOW_DST_PORTOBS	e:fp:flow:28bd443b2c5e:port:tcp:443	flow:28bd443b2c5e → port:tcp:443
FLOW_FROM_HOSTOBS	e:from:SESSION-dbe1edd4efb49468:host:35.233.68.173	SESSION-dbe1edd4efb49468 → host:35.233.68.173
FLOW_HTTP_HOSTOBS	e:fh:flow:4a465ec75db9:http_host:172.234.197.23	flow:4a465ec75db9 → http_host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-72c3b3d3b2889ec2:host:172.234.197.23	SESSION-72c3b3d3b2889ec2 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:958f77dbf2ff	flow:958f77dbf2ff → host:97.139.12.85 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fc3f949cbddefabd:host:172.234.197.23	SESSION-fc3f949cbddefabd → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-137907a1c322972d:flow:43d87d43ebf2	SESSION-137907a1c322972d → flow:43d87d43ebf2
flow_observed5-aryOBS	e:fo:flow:6ac8bc7ce374	flow:6ac8bc7ce374 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e15010a8a1e57ef1:flow:6ac8bc7ce374	SESSION-e15010a8a1e57ef1 → flow:6ac8bc7ce374
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6b6584907add35ca:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-6b6584907add35ca → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
FLOW_QUERIED_DNSOBS	e:fd:flow:c37aaecdcc9a:dns:172-234-197-23.ip.linodeusercontent.com	flow:c37aaecdcc9a → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-137907a1c322972d:host:59.6.77.80	SESSION-137907a1c322972d → host:59.6.77.80
FLOW_DST_PORTOBS	e:fp:flow:0a764492b76b:port:tcp:10006	flow:0a764492b76b → port:tcp:10006
FLOW_TLS_SNIOBS	e:fs:flow:93cba7dfff64:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:93cba7dfff64 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f952d347444430eb:host:172.234.197.23:host:172.232.0.17	SESSION-f952d347444430eb → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-46adfbb34624e2be:flow:81b8ace9a2e6	SESSION-46adfbb34624e2be → flow:81b8ace9a2e6
FLOW_TO_HOSTOBS	e:to:SESSION-5846cd006f1eacb7:host:172.234.197.23	SESSION-5846cd006f1eacb7 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:103.155.16.117:geo_1.29390_103.84610	host:103.155.16.117 → geo_1.29390_103.84610
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7ac586ca0d0ef0f:host:172.234.197.23	SESSION-e7ac586ca0d0ef0f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c52a62f7c65f2e1a:host:172.234.197.23	SESSION-c52a62f7c65f2e1a → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:ffb24c296a2c	flow:ffb24c296a2c → host:128.9.29.131 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-bd11a50065a6cb7c:SESSION-bd11a50065a6cb7c	SESSION-bd11a50065a6cb7c → pe:syn:SESSION-bd11a50065a6cb7c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-2b16ad2cc059d584:SESSION-2b16ad2cc059d584	SESSION-2b16ad2cc059d584 → pe:tls:SESSION-2b16ad2cc059d584
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f6be4d567980bce:host:172.234.197.23	SESSION-1f6be4d567980bce → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7f4ca9b0d8673927:flow:991e601541a1	SESSION-7f4ca9b0d8673927 → flow:991e601541a1
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e9f4a4a9c8d0d99f:host:172.234.197.23	SESSION-e9f4a4a9c8d0d99f → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:17.22.237.22:asn:714	host:17.22.237.22 → asn:714
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:78.153.140.148:geo_51.51640_-0.09300	host:78.153.140.148 → geo_51.51640_-0.09300
flow_observed5-aryOBS	e:fo:flow:4a465ec75db9	flow:4a465ec75db9 → host:66.228.53.204 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0938448bdcbd9d9c:host:172.234.197.23:host:172.232.0.17	SESSION-0938448bdcbd9d9c → host:172.234.197.23 → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-43328f9b50a5d423:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-43328f9b50a5d423 → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-72c3b3d3b2889ec2:PCAP:capture_20260424170001:2a81081d173e	SESSION-72c3b3d3b2889ec2 → PCAP:capture_20260424170001:2a81081d173e
FLOW_FROM_HOSTOBS	e:from:SESSION-8a981e11d869c723:host:199.16.157.182	SESSION-8a981e11d869c723 → host:199.16.157.182
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-124f188fc662f45b:SESSION-124f188fc662f45b	SESSION-124f188fc662f45b → pe:tls:SESSION-124f188fc662f45b
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b6e402ee019b6c1:host:172.234.197.23:host:59.6.77.80	SESSION-5b6e402ee019b6c1 → host:172.234.197.23 → host:59.6.77.80
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-bcd7e2d1fd452ee5:BSG-BEACON-f6c2b3d0e42d	SESSION-bcd7e2d1fd452ee5 → BSG-BEACON-f6c2b3d0e42d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f952d347444430eb:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-f952d347444430eb → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
FLOW_DST_PORTOBS	e:fp:flow:4cb79ca168a0:port:tcp:443	flow:4cb79ca168a0 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5846cd006f1eacb7:flow:0a764492b76b	SESSION-5846cd006f1eacb7 → flow:0a764492b76b
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:2.57.122.196:geo_45.99680_24.99700	host:2.57.122.196 → geo_45.99680_24.99700
FLOW_TO_HOSTOBS	e:to:SESSION-07867b4b46fa60d0:host:172.232.0.17	SESSION-07867b4b46fa60d0 → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2f842951575bb476:SESSION-2f842951575bb476	SESSION-2f842951575bb476 → pe:syn:SESSION-2f842951575bb476
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8b6b3bfbd3509f3d:flow:0cab2ce4a41a	SESSION-8b6b3bfbd3509f3d → flow:0cab2ce4a41a
FLOW_HTTP_HOSTOBS	e:fh:flow:af46c51682fe:http_host:172.234.197.23	flow:af46c51682fe → http_host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:92.118.39.197:asn:47890	host:92.118.39.197 → asn:47890
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-47d044a3990fe914:SESSION-47d044a3990fe914	SESSION-47d044a3990fe914 → pe:dns:SESSION-47d044a3990fe914
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-f952d347444430eb:SESSION-f952d347444430eb	SESSION-f952d347444430eb → pe:dns:SESSION-f952d347444430eb
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b6e59bfdb17a240e:host:58.254.182.115:host:172.234.197.23	SESSION-b6e59bfdb17a240e → host:58.254.182.115 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-bcd7e2d1fd452ee5:SESSION-bcd7e2d1fd452ee5	SESSION-bcd7e2d1fd452ee5 → pe:dns:SESSION-bcd7e2d1fd452ee5
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6b6584907add35ca:SESSION-6b6584907add35ca	SESSION-6b6584907add35ca → pe:syn:SESSION-6b6584907add35ca
ASN_IN_ORGOBS 80%	e:ao:asn:197540:org:netcup GmbH	asn:197540 → org:netcup GmbH
flow_observed5-aryOBS	e:fo:flow:3c416f42759a	flow:3c416f42759a → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6b6584907add35ca:SESSION-6b6584907add35ca	SESSION-6b6584907add35ca → pe:tls:SESSION-6b6584907add35ca
FLOW_FROM_HOSTOBS	e:from:SESSION-07867b4b46fa60d0:host:172.234.197.23	SESSION-07867b4b46fa60d0 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bd11a50065a6cb7c:host:144.76.23.47:host:172.234.197.23	SESSION-bd11a50065a6cb7c → host:144.76.23.47 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e9f4a4a9c8d0d99f:host:199.16.157.182:host:172.234.197.23	SESSION-e9f4a4a9c8d0d99f → host:199.16.157.182 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a61d2aadfc894ab0:host:172.234.197.23	SESSION-a61d2aadfc894ab0 → host:172.234.197.23
PORT_IMPLIED_SERVICEIMP 70%	e:ps:port:tcp:80:svc:http	port:tcp:80 → svc:http
flow_observed5-aryOBS	e:fo:flow:2759e86a7e02	flow:2759e86a7e02 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_TO_HOSTOBS	e:to:SESSION-1ca6064244966ba9:host:97.139.12.85	SESSION-1ca6064244966ba9 → host:97.139.12.85
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-dd03efe0b367bd0d:host:172.232.0.17	SESSION-dd03efe0b367bd0d → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-f8e62b0ad557062a:host:172.234.197.23	SESSION-f8e62b0ad557062a → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:43d87d43ebf2	flow:43d87d43ebf2 → host:172.234.197.23 → host:59.6.77.80 → port:tcp:42622
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d2ebf88e7456c490:PCAP:capture_20260424160001:21dcec78926d	SESSION-d2ebf88e7456c490 → PCAP:capture_20260424160001:21dcec78926d
FLOW_DST_PORTOBS	e:fp:flow:4a465ec75db9:port:tcp:80	flow:4a465ec75db9 → port:tcp:80
FLOW_FROM_HOSTOBS	e:from:SESSION-72c3b3d3b2889ec2:host:172.234.197.23	SESSION-72c3b3d3b2889ec2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fb43e37656185293:flow:8f3f3aa1ab4a	SESSION-fb43e37656185293 → flow:8f3f3aa1ab4a
FLOW_DST_PORTOBS	e:fp:flow:d4998ce3363c:port:tcp:15596	flow:d4998ce3363c → port:tcp:15596
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b6bccd19e88cac02:flow:2759e86a7e02	SESSION-b6bccd19e88cac02 → flow:2759e86a7e02
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b6e402ee019b6c1:PCAP:capture_20260424160001:21dcec78926d	SESSION-5b6e402ee019b6c1 → PCAP:capture_20260424160001:21dcec78926d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-07867b4b46fa60d0:host:172.232.0.17	SESSION-07867b4b46fa60d0 → host:172.232.0.17
FLOW_FROM_HOSTOBS	e:from:SESSION-5ae5c17cec58f583:host:97.139.12.85	SESSION-5ae5c17cec58f583 → host:97.139.12.85
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-03ccec65d79829da:host:8.222.219.23	SESSION-03ccec65d79829da → host:8.222.219.23
FLOW_DST_PORTOBS	e:fp:flow:93cba7dfff64:port:tcp:443	flow:93cba7dfff64 → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ae4f295d1d4cff7e:host:172.234.197.23:host:172.232.0.17	SESSION-ae4f295d1d4cff7e → host:172.234.197.23 → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5846cd006f1eacb7:PCAP:capture_20260424160001:21dcec78926d	SESSION-5846cd006f1eacb7 → PCAP:capture_20260424160001:21dcec78926d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47d044a3990fe914:host:172.234.197.23	SESSION-47d044a3990fe914 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-7f4ca9b0d8673927:BSG-BEACON-f6c2b3d0e42d	SESSION-7f4ca9b0d8673927 → BSG-BEACON-f6c2b3d0e42d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:43.135.145.73:geo_37.35300_-121.95440	host:43.135.145.73 → geo_37.35300_-121.95440
HOST_IN_ASNOBS 85%	e:ha:host:172.232.0.17:asn:63949	host:172.232.0.17 → asn:63949
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-df0521ee237a9620:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-df0521ee237a9620 → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5f6379841834a338:flow:d4998ce3363c	SESSION-5f6379841834a338 → flow:d4998ce3363c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-137907a1c322972d:PCAP:capture_20260424160001:21dcec78926d	SESSION-137907a1c322972d → PCAP:capture_20260424160001:21dcec78926d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d2ebf88e7456c490:host:92.118.39.197	SESSION-d2ebf88e7456c490 → host:92.118.39.197
FLOW_DST_PORTOBS	e:fp:flow:743cca931674:port:tcp:22	flow:743cca931674 → port:tcp:22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2d3d727470c1d931:host:172.234.197.23	SESSION-2d3d727470c1d931 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-df9c042eed58d783:host:172.234.197.23	SESSION-df9c042eed58d783 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f8e62b0ad557062a:host:172.234.197.23	SESSION-f8e62b0ad557062a → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bcd7e2d1fd452ee5:flow:3c416f42759a	SESSION-bcd7e2d1fd452ee5 → flow:3c416f42759a
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-07867b4b46fa60d0:BSG-BEACON-f6c2b3d0e42d	SESSION-07867b4b46fa60d0 → BSG-BEACON-f6c2b3d0e42d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e7ac586ca0d0ef0f:flow:c4e6a453e687	SESSION-e7ac586ca0d0ef0f → flow:c4e6a453e687
FLOW_FROM_HOSTOBS	e:from:SESSION-549cd508c26f4eff:host:128.9.29.131	SESSION-549cd508c26f4eff → host:128.9.29.131
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1ca6064244966ba9:flow:6f0c0a999555	SESSION-1ca6064244966ba9 → flow:6f0c0a999555
ASN_IN_ORGOBS 80%	e:ao:asn:63949:org:Akamai Connected Cloud	asn:63949 → org:Akamai Connected Cloud
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-47d044a3990fe914:host:172.234.197.23:host:172.232.0.17	SESSION-47d044a3990fe914 → host:172.234.197.23 → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-b6e59bfdb17a240e:host:172.234.197.23	SESSION-b6e59bfdb17a240e → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.118.39.236:geo_45.99680_24.99700	host:92.118.39.236 → geo_45.99680_24.99700
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-549cd508c26f4eff:host:172.234.197.23	SESSION-549cd508c26f4eff → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0afee6a6d9f48fa0:PCAP:capture_20260424140001:b547b7157000	SESSION-0afee6a6d9f48fa0 → PCAP:capture_20260424140001:b547b7157000
FLOW_FROM_HOSTOBS	e:from:SESSION-df0521ee237a9620:host:97.139.12.85	SESSION-df0521ee237a9620 → host:97.139.12.85
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c365d629ce285be9:SESSION-c365d629ce285be9	SESSION-c365d629ce285be9 → pe:tls:SESSION-c365d629ce285be9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8a981e11d869c723:SESSION-8a981e11d869c723	SESSION-8a981e11d869c723 → pe:tls:SESSION-8a981e11d869c723
flow_observed3-aryOBS	e:fo:flow:4fa77a1ba33a	flow:4fa77a1ba33a → host:58.254.182.115 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-03ccec65d79829da:SESSION-03ccec65d79829da	SESSION-03ccec65d79829da → pe:syn:SESSION-03ccec65d79829da
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb43e37656185293:host:172.234.197.23	SESSION-fb43e37656185293 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8a981e11d869c723:flow:67799a4b0206	SESSION-8a981e11d869c723 → flow:67799a4b0206
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dd03efe0b367bd0d:flow:d5c7343ffad3	SESSION-dd03efe0b367bd0d → flow:d5c7343ffad3
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5846cd006f1eacb7:SESSION-5846cd006f1eacb7	SESSION-5846cd006f1eacb7 → pe:syn:SESSION-5846cd006f1eacb7
FLOW_QUERIED_DNSOBS	e:fd:flow:c4e6a453e687:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:c4e6a453e687 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
flow_observed5-aryOBS	e:fo:flow:10959da4f2fa	flow:10959da4f2fa → host:199.16.157.181 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:1eaa2c354bb9	flow:1eaa2c354bb9 → host:35.233.68.173 → host:172.234.197.23 → port:tcp:5432 → svc:postgres
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-d2ebf88e7456c490:SESSION-d2ebf88e7456c490	SESSION-d2ebf88e7456c490 → pe:syn:SESSION-d2ebf88e7456c490
FLOW_DST_PORTOBS	e:fp:flow:43d87d43ebf2:port:tcp:42622	flow:43d87d43ebf2 → port:tcp:42622
FLOW_FROM_HOSTOBS	e:from:SESSION-e7ac586ca0d0ef0f:host:172.234.197.23	SESSION-e7ac586ca0d0ef0f → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a61d2aadfc894ab0:host:172.234.197.23	SESSION-a61d2aadfc894ab0 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-2b16ad2cc059d584:SESSION-2b16ad2cc059d584	SESSION-2b16ad2cc059d584 → pe:syn:SESSION-2b16ad2cc059d584
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e5b926505913cd4c:flow:b9c87c3e6634	SESSION-e5b926505913cd4c → flow:b9c87c3e6634
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-dd03efe0b367bd0d:host:172.234.197.23:host:172.232.0.17	SESSION-dd03efe0b367bd0d → host:172.234.197.23 → host:172.232.0.17
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7f4ca9b0d8673927:host:172.234.197.23:host:172.232.0.17	SESSION-7f4ca9b0d8673927 → host:172.234.197.23 → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1ca6064244966ba9:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-1ca6064244966ba9 → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
ASN_IN_ORGOBS 80%	e:ao:asn:47890:org:Unmanaged Ltd	asn:47890 → org:Unmanaged Ltd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-72c3b3d3b2889ec2:host:172.234.197.23:host:172.232.0.17	SESSION-72c3b3d3b2889ec2 → host:172.234.197.23 → host:172.232.0.17
flow_observed5-aryOBS	e:fo:flow:b8c49dd508ec	flow:b8c49dd508ec → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
ASN_IN_ORGOBS 80%	e:ao:asn:4:org:University of Southern California	asn:4 → org:University of Southern California
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c52a62f7c65f2e1a:host:46.38.236.138:host:172.234.197.23	SESSION-c52a62f7c65f2e1a → host:46.38.236.138 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:8.222.219.23:geo_1.36670_103.80000	host:8.222.219.23 → geo_1.36670_103.80000
FLOW_TO_HOSTOBS	e:to:SESSION-5b6e402ee019b6c1:host:59.6.77.80	SESSION-5b6e402ee019b6c1 → host:59.6.77.80
FLOW_TO_HOSTOBS	e:to:SESSION-43328f9b50a5d423:host:172.234.197.23	SESSION-43328f9b50a5d423 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:8f3f3aa1ab4a	flow:8f3f3aa1ab4a → host:172.234.197.23 → host:2.57.122.196 → port:tcp:25682
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f952d347444430eb:host:172.232.0.17	SESSION-f952d347444430eb → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-5b6e402ee019b6c1:SESSION-5b6e402ee019b6c1	SESSION-5b6e402ee019b6c1 → pe:rst:SESSION-5b6e402ee019b6c1
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-fc3f949cbddefabd:SESSION-fc3f949cbddefabd	SESSION-fc3f949cbddefabd → pe:rst:SESSION-fc3f949cbddefabd
HOST_IN_ASNOBS 85%	e:ha:host:2.57.122.196:asn:47890	host:2.57.122.196 → asn:47890
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e7ac586ca0d0ef0f:host:172.232.0.17	SESSION-e7ac586ca0d0ef0f → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-549cd508c26f4eff:flow:ffb24c296a2c	SESSION-549cd508c26f4eff → flow:ffb24c296a2c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0938448bdcbd9d9c:PCAP:capture_20260424140001:b547b7157000	SESSION-0938448bdcbd9d9c → PCAP:capture_20260424140001:b547b7157000
FLOW_TO_HOSTOBS	e:to:SESSION-124f188fc662f45b:host:172.234.197.23	SESSION-124f188fc662f45b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-f8e62b0ad557062a:host:199.16.157.181	SESSION-f8e62b0ad557062a → host:199.16.157.181
FLOW_DST_PORTOBS	e:fp:flow:8f3f3aa1ab4a:port:tcp:25682	flow:8f3f3aa1ab4a → port:tcp:25682
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-32c3b80c2cc69cbc:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-32c3b80c2cc69cbc → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
flow_observed5-aryOBS	e:fo:flow:4eaa609c2624	flow:4eaa609c2624 → host:43.135.145.73 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:99a9f8b7c5b3:port:tcp:443	flow:99a9f8b7c5b3 → port:tcp:443
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-e7ac586ca0d0ef0f:SESSION-e7ac586ca0d0ef0f	SESSION-e7ac586ca0d0ef0f → pe:dns:SESSION-e7ac586ca0d0ef0f
HOST_IN_ASNOBS 85%	e:ha:host:199.16.157.181:asn:13414	host:199.16.157.181 → asn:13414
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c13e61513d1b018d:flow:42f1c8ab98a8	SESSION-c13e61513d1b018d → flow:42f1c8ab98a8
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-1ca6064244966ba9:BSG-DATA_EXFIL-012d574517f4	SESSION-1ca6064244966ba9 → BSG-DATA_EXFIL-012d574517f4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-fb43e37656185293:SESSION-fb43e37656185293	SESSION-fb43e37656185293 → pe:rst:SESSION-fb43e37656185293
FLOW_FROM_HOSTOBS	e:from:SESSION-1f6be4d567980bce:host:172.234.197.23	SESSION-1f6be4d567980bce → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f6be4d567980bce:host:2.57.122.192	SESSION-1f6be4d567980bce → host:2.57.122.192
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%	e:bsg:SESSION-01a793e8041caae3:BSG-DATA_EXFIL-6dd8484f3944	SESSION-01a793e8041caae3 → BSG-DATA_EXFIL-6dd8484f3944
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e5b926505913cd4c:host:92.118.39.236:host:172.234.197.23	SESSION-e5b926505913cd4c → host:92.118.39.236 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b6e402ee019b6c1:host:172.234.197.23	SESSION-5b6e402ee019b6c1 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:45.79.109.130:asn:63949	host:45.79.109.130 → asn:63949
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-03ccec65d79829da:host:8.222.219.23:host:172.234.197.23	SESSION-03ccec65d79829da → host:8.222.219.23 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1ca6064244966ba9:host:172.234.197.23:host:97.139.12.85	SESSION-1ca6064244966ba9 → host:172.234.197.23 → host:97.139.12.85
FLOW_TLS_SNIOBS	e:fs:flow:da7065edff23:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:da7065edff23 → tls_sni:172-234-197-23.ip.linodeusercontent.com
HOST_IN_ASNOBS 85%	e:ha:host:58.254.182.115:asn:136958	host:58.254.182.115 → asn:136958
FLOW_FROM_HOSTOBS	e:from:SESSION-5846cd006f1eacb7:host:45.79.109.130	SESSION-5846cd006f1eacb7 → host:45.79.109.130
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-01a793e8041caae3:SESSION-01a793e8041caae3	SESSION-01a793e8041caae3 → pe:rst:SESSION-01a793e8041caae3
FLOW_FROM_HOSTOBS	e:from:SESSION-ae4f295d1d4cff7e:host:172.234.197.23	SESSION-ae4f295d1d4cff7e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5b926505913cd4c:host:172.234.197.23	SESSION-e5b926505913cd4c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bd11a50065a6cb7c:host:144.76.23.47	SESSION-bd11a50065a6cb7c → host:144.76.23.47
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-47d044a3990fe914:host:172.232.0.17	SESSION-47d044a3990fe914 → host:172.232.0.17
FLOW_DST_PORTOBS	e:fp:flow:6f0c0a999555:port:tcp:60136	flow:6f0c0a999555 → port:tcp:60136
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fe2be36828e6c4a2:host:172.232.0.17	SESSION-fe2be36828e6c4a2 → host:172.232.0.17
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%	e:bsg:SESSION-e9f4a4a9c8d0d99f:BSG-DATA_EXFIL-c24d7cb3a7e4	SESSION-e9f4a4a9c8d0d99f → BSG-DATA_EXFIL-c24d7cb3a7e4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8a981e11d869c723:host:172.234.197.23	SESSION-8a981e11d869c723 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:199.16.157.182:geo_33.76970_-84.37540	host:199.16.157.182 → geo_33.76970_-84.37540
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e5b926505913cd4c:host:92.118.39.236	SESSION-e5b926505913cd4c → host:92.118.39.236
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4efa693f129e7ca6:host:66.228.53.204	SESSION-4efa693f129e7ca6 → host:66.228.53.204
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c13e61513d1b018d:host:172.234.197.23	SESSION-c13e61513d1b018d → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:c51bf5b097ea:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:c51bf5b097ea → tls_sni:172-234-197-23.ip.linodeusercontent.com
PORT_IMPLIED_SERVICEIMP 70%	e:ps:port:tcp:22:svc:ssh	port:tcp:22 → svc:ssh
HOST_IN_ASNOBS 85%	e:ha:host:97.139.12.85:asn:6167	host:97.139.12.85 → asn:6167
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-72c3b3d3b2889ec2:BSG-BEACON-f6c2b3d0e42d	SESSION-72c3b3d3b2889ec2 → BSG-BEACON-f6c2b3d0e42d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-132c0a35e55eb362:host:172.234.197.23:host:23.234.69.80	SESSION-132c0a35e55eb362 → host:172.234.197.23 → host:23.234.69.80
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8b6b3bfbd3509f3d:PCAP:capture_20260424160001:21dcec78926d	SESSION-8b6b3bfbd3509f3d → PCAP:capture_20260424160001:21dcec78926d
HOST_IN_ASNOBS 85%	e:ha:host:2.57.122.192:asn:47890	host:2.57.122.192 → asn:47890
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7f4ca9b0d8673927:host:172.232.0.17	SESSION-7f4ca9b0d8673927 → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-01a793e8041caae3:SESSION-01a793e8041caae3	SESSION-01a793e8041caae3 → pe:tls:SESSION-01a793e8041caae3
ASN_IN_ORGOBS 80%	e:ao:asn:8075:org:Microsoft Corporation	asn:8075 → org:Microsoft Corporation
FLOW_DST_PORTOBS	e:fp:flow:42f1c8ab98a8:port:tcp:80	flow:42f1c8ab98a8 → port:tcp:80
FLOW_TO_HOSTOBS	e:to:SESSION-c365d629ce285be9:host:172.234.197.23	SESSION-c365d629ce285be9 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d2ebf88e7456c490:host:92.118.39.197	SESSION-d2ebf88e7456c490 → host:92.118.39.197
flow_observed5-aryOBS	e:fo:flow:42f1c8ab98a8	flow:42f1c8ab98a8 → host:78.153.140.148 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-07867b4b46fa60d0:SESSION-07867b4b46fa60d0	SESSION-07867b4b46fa60d0 → pe:dns:SESSION-07867b4b46fa60d0
FLOW_FROM_HOSTOBS	e:from:SESSION-e15010a8a1e57ef1:host:172.234.197.23	SESSION-e15010a8a1e57ef1 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-01a793e8041caae3:host:144.76.23.47	SESSION-01a793e8041caae3 → host:144.76.23.47
FLOW_TO_HOSTOBS	e:to:SESSION-801986a05f874d44:host:172.234.197.23	SESSION-801986a05f874d44 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:6f0c0a999555	flow:6f0c0a999555 → host:172.234.197.23 → host:97.139.12.85 → port:tcp:60136
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-72c3b3d3b2889ec2:flow:53418f626ce5	SESSION-72c3b3d3b2889ec2 → flow:53418f626ce5
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-549cd508c26f4eff:host:128.9.29.131:host:172.234.197.23	SESSION-549cd508c26f4eff → host:128.9.29.131 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e9f4a4a9c8d0d99f:host:172.234.197.23	SESSION-e9f4a4a9c8d0d99f → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:66bb27cf4c04	flow:66bb27cf4c04 → host:199.16.157.183 → host:172.234.197.23 → port:tcp:443 → svc:https
HOST_IN_ASNOBS 85%	e:ha:host:78.153.140.148:asn:202306	host:78.153.140.148 → asn:202306
ASN_IN_ORGOBS 80%	e:ao:asn:45102:org:Alibaba US Technology Co., Ltd.	asn:45102 → org:Alibaba US Technology Co., Ltd.
FLOW_DST_PORTOBS	e:fp:flow:991e601541a1:port:udp:53	flow:991e601541a1 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-137907a1c322972d:host:172.234.197.23	SESSION-137907a1c322972d → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-dbe1edd4efb49468:flow:1eaa2c354bb9	SESSION-dbe1edd4efb49468 → flow:1eaa2c354bb9
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fe2be36828e6c4a2:host:172.234.197.23:host:172.232.0.17	SESSION-fe2be36828e6c4a2 → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1ca6064244966ba9:host:172.234.197.23	SESSION-1ca6064244966ba9 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fe2be36828e6c4a2:flow:d3ab3699f29d	SESSION-fe2be36828e6c4a2 → flow:d3ab3699f29d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7f4ca9b0d8673927:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237	SESSION-7f4ca9b0d8673927 → PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%	e:bsg:SESSION-124f188fc662f45b:BSG-DATA_EXFIL-e6f479c60e03	SESSION-124f188fc662f45b → BSG-DATA_EXFIL-e6f479c60e03
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5ae5c17cec58f583:SESSION-5ae5c17cec58f583	SESSION-5ae5c17cec58f583 → pe:tls:SESSION-5ae5c17cec58f583
FLOW_DST_PORTOBS	e:fp:flow:d5c7343ffad3:port:udp:53	flow:d5c7343ffad3 → port:udp:53
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f952d347444430eb:flow:b8c49dd508ec	SESSION-f952d347444430eb → flow:b8c49dd508ec
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-2d3d727470c1d931:BSG-BEACON-f6c2b3d0e42d	SESSION-2d3d727470c1d931 → BSG-BEACON-f6c2b3d0e42d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fe2be36828e6c4a2:PCAP:capture_20260424160001:21dcec78926d	SESSION-fe2be36828e6c4a2 → PCAP:capture_20260424160001:21dcec78926d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ae4f295d1d4cff7e:flow:9f56a1b92a85	SESSION-ae4f295d1d4cff7e → flow:9f56a1b92a85
flow_observed5-aryOBS	e:fo:flow:da7065edff23	flow:da7065edff23 → host:144.76.23.47 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f952d347444430eb:host:172.234.197.23	SESSION-f952d347444430eb → host:172.234.197.23