1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [..192.168.1.121][52746] -> [...52.149.21.60][..443] [MIDSTREAM]
new: [.....2] [ip4][..tcp] [..192.168.1.121][52721] -> [..192.168.1.139][55367] [MIDSTREAM]
new: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53]
detected: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][121.1.168.192.in-addr.arpa]
detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][60.21.149.52.in-addr.arpa]
RISK: Unidirectional Traffic
detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][139.1.168.192.in-addr.arpa]
RISK: Unidirectional Traffic
detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][139.1.168.192.in-addr.arpa]
RISK: Error Code
detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][60.21.149.52.in-addr.arpa]
RISK: Error Code
new: [.....4] [ip4][..udp] [..192.168.1.139][.5353] -> [....224.0.0.251][.5353]
detected: [.....4] [ip4][..udp] [..192.168.1.139][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_companion-link._tcp.local]
new: [.....5] [ip6][..udp] [..............fe80::1059:a858:f9e7:cf94][.5353] -> [...............................ff02::fb][.5353]
detected: [.....5] [ip6][..udp] [..............fe80::1059:a858:f9e7:cf94][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_companion-link._tcp.local]
new: [.....6] [ip4][..udp] [..192.168.1.121][.5353] -> [..192.168.1.139][.5353]
detected: [.....6] [ip4][..udp] [..192.168.1.121][.5353] -> [..192.168.1.139][.5353] [MDNS][Unknown][Network][Acceptable][_companion-link._tcp.local]
new: [.....7] [ip4][....2] [..192.168.1.139] -> [......224.0.0.2]
detected: [.....7] [ip4][....2] [..192.168.1.139] -> [......224.0.0.2] [IGMP][Unknown][Network][Acceptable]
new: [.....8] [ip4][....2] [..192.168.1.139] -> [....224.0.0.251]
detected: [.....8] [ip4][....2] [..192.168.1.139] -> [....224.0.0.251] [IGMP][Unknown][Network][Acceptable]
new: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53]
detected: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][wdcp.microsoft.com]
new: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53]
detected: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][wdcp.microsoft.com]
detection-update: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][wdcp.microsoft.com]
new: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53]
detected: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS.Azure][Google][Network][Acceptable][wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com]
new: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443]
detection-update: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][wdcp.microsoft.com]
new: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443]
detection-update: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS.Azure][Google][Network][Acceptable][wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com]
detected: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
detected: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
detection-update: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
new: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53]
detected: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][www.microsoft.com]
new: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53]
detected: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][www.microsoft.com]
detection-update: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][www.microsoft.com]
new: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53]
detected: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
new: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53]
detected: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
detection-update: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
detection-update: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
new: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80]
detection-update: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][www.microsoft.com]
detected: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Cloud][Safe][www.microsoft.com]
detection-update: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
detection-update: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt)
new: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80]
detected: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Cloud][Safe][www.microsoft.com]
detection-update: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt)
new: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [MIDSTREAM]
new: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53]
detected: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Google][Network][Safe][time-macos.apple.com]
detection-update: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Google][Network][Safe][time-macos.apple.com]
new: [....22] [ip4][..udp] [..192.168.1.121][49216] -> [..17.253.54.251][..123]
detected: [....22] [ip4][..udp] [..192.168.1.121][49216] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
detected: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [TLS][Github][Web][Safe]
new: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53]
detected: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][235.33.22.2.in-addr.arpa]
detection-update: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][26.113.82.140.in-addr.arpa]
RISK: Unidirectional Traffic
new: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [MIDSTREAM]
detected: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
RISK: Unidirectional Traffic
new: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [MIDSTREAM]
detected: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
RISK: Unidirectional Traffic
detection-update: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][235.33.22.2.in-addr.arpa]
detection-update: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
detection-update: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
analyse: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.067| 0.004| 0.014| 198.149| 1.700]
[PKTLEN......: 40.000| 1488.000| 409.600| 443.800| 196953.100| 4.300]
[BINS(c->s)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[BINS(s->c)..: 2,3,0,1,0,0,11,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1]
[IATS(ms)....: 0.0,1.3,0.0,0.0,22.7,2.8,42.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,66.6,0.0,0.2,0.0,0.0,0.0]
[PKTLENS.....: 1488,922,1488,1488,1006,40,40,1358,152,98,255,267,271,267,253,259,273,259,261,261,257,267,259,269,259,100,40,40,240,261,327,82]
[ENTROPIES...: 7.8,7.8,7.8,7.9,7.8,4.9,4.9,7.9,6.6,5.9,7.1,7.1,7.1,7.1,7.1,7.1,7.1,7.1,7.2,7.0,7.1,7.1,7.1,7.0,7.0,5.9,4.7,4.7,7.0,7.1,7.3,5.7]
analyse: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.048| 0.009| 0.014| 206.122| 3.300]
[PKTLEN......: 40.000| 1488.000| 439.200| 490.600| 240677.500| 4.200]
[BINS(c->s)..: 4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 4,6,1,0,2,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,0,1,1,1,1,1,1,0,1,0,1,0,0,0,1,0,1,1,0,1,1,1,1,1,1,1,0,1]
[IATS(ms)....: 0.0,1.1,23.2,47.6,37.0,0.0,0.0,0.0,0.0,0.0,11.7,0.4,0.5,9.9,10.2,0.0,0.6,25.3,48.0,32.2,0.0,8.7,0.4,0.0,0.0,0.0,0.0,0.0,0.0,0.5,13.0]
[PKTLENS.....: 1488,922,1278,40,1278,1352,175,259,438,82,85,40,74,40,52,1488,921,694,40,694,989,431,40,179,239,281,123,82,85,74,40,52]
[ENTROPIES...: 7.9,7.8,7.9,4.9,7.9,7.8,6.6,7.1,7.5,5.7,5.6,4.7,5.4,4.7,4.9,7.9,7.8,7.6,4.9,7.6,7.8,7.5,4.6,6.6,7.0,7.2,6.2,5.6,5.8,5.5,4.7,5.0]
new: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443]
new: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443]
detected: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
detected: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
detection-update: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
detection-update: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
new: [....28] [ip4][..udp] [..192.168.1.121][50288] -> [..17.253.54.251][..123]
detected: [....28] [ip4][..udp] [..192.168.1.121][50288] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
new: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443]
new: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443]
detected: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
detected: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
detection-update: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
detection-update: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
new: [....31] [ip4][..udp] [..192.168.1.121][65099] -> [..17.253.54.251][..123]
detected: [....31] [ip4][..udp] [..192.168.1.121][65099] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
new: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443]
new: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443]
detected: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
detected: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
detection-update: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
detection-update: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
new: [....34] [ip4][..udp] [..192.168.1.121][56865] -> [..17.253.54.251][..123]
detected: [....34] [ip4][..udp] [..192.168.1.121][56865] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
new: [....35] [ip4][..tcp] [.130.211.33.145][..443] -> [..192.168.1.121][53432] [MIDSTREAM]
detected: [....35] [ip4][..tcp] [.130.211.33.145][..443] -> [..192.168.1.121][53432] [TLS][GoogleCloud][Web][Safe]
idle: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][wdcp.microsoft.com]
idle: [....34] [ip4][..udp] [..192.168.1.121][56865] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
idle: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
idle: [.....5] [ip6][..udp] [..............fe80::1059:a858:f9e7:cf94][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
idle: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][wdcp.microsoft.com]
idle: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
guessed: [.....1] [ip4][..tcp] [..192.168.1.121][52746] -> [...52.149.21.60][..443] [TLS][Azure][Web][Safe]
idle: [.....1] [ip4][..tcp] [..192.168.1.121][52746] -> [...52.149.21.60][..443]
end: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt)
end: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt)
idle: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][www.microsoft.com]
idle: [....31] [ip4][..udp] [..192.168.1.121][65099] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
idle: [.....8] [ip4][....2] [..192.168.1.139] -> [....224.0.0.251] [IGMP][Unknown][Network][Acceptable]
idle: [.....7] [ip4][....2] [..192.168.1.139] -> [......224.0.0.2] [IGMP][Unknown][Network][Acceptable]
idle: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Google][Network][Safe][time-macos.apple.com]
idle: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS.Azure][Google][Network][Acceptable][wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com]
idle: [....35] [ip4][..tcp] [.130.211.33.145][..443] -> [..192.168.1.121][53432] [TLS][GoogleCloud][Web][Safe]
end: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [TLS][Github][Web][Safe]
idle: [.....4] [ip4][..udp] [..192.168.1.139][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
idle: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
idle: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
idle: [....22] [ip4][..udp] [..192.168.1.121][49216] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
idle: [....28] [ip4][..udp] [..192.168.1.121][50288] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
end: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
RISK: TLS Cert Validity Too Long
end: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
RISK: TLS Cert Validity Too Long
end: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
RISK: TLS Cert Validity Too Long
end: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
RISK: TLS Cert Validity Too Long
end: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
RISK: TLS Cert Validity Too Long
end: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
RISK: TLS Cert Validity Too Long
end: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
RISK: TLS Cert Validity Too Long
end: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
RISK: TLS Cert Validity Too Long
not-detected: [.....2] [ip4][..tcp] [..192.168.1.121][52721] -> [..192.168.1.139][55367] [Unknown][Unknown][Unrated]
RISK: Susp Entropy
idle: [.....2] [ip4][..tcp] [..192.168.1.121][52721] -> [..192.168.1.139][55367]
idle: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][www.microsoft.com]
idle: [.....6] [ip4][..udp] [..192.168.1.121][.5353] -> [..192.168.1.139][.5353] [MDNS][Unknown][Network][Acceptable][_companion-link._tcp.local]
idle: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][235.33.22.2.in-addr.arpa]
idle: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][60.21.149.52.in-addr.arpa]
RISK: Error Code
DAEMON-EVENT: shutdown
|