Table 5 Suspicious portscan
From: A flexible approach for cyber threat hunting based on kernel audit records
C_IP | num | proc |
|---|---|---|
128.55.12 | 47824 | {cmdLine:tcexec,cid:27201} |
128.55.12 | 721 | {cmdLine:/tmp/ztmp,cid:19482} |
128.55.12 | 108 | {cmdLine:sshd,cid:1810} |
128.55.12 | 15 | {cmdLine:avahi-daemon,cid:1170} |
216.66.26 | 5 | {cmdLine:firefox,cid:31814} |