Attribute/Feature Name | Type of attribute | Description of Connection-based content attribute |
hot | continuous | hot indicators e.g., creation, and execution of programs, access to system directories, etc |
num failed logins | continuous | login attempts failed count |
logged in | binary | if logged in successfully then 1; otherwise 0 |
num compromised | continuous | number of compromised/warning states on the destination host (e.g., Jump to instructions, and file/path not found errors, etc.) |
root shell | binary | if root shell is acquired then 1; otherwise 0 |
su attempted | binary | if su root command tried then 1; otherwise 0 |
num root | continuous | total root accesses |
num file creations | continuous | number of file operations(creation) |
num shells | continuous | number of prompts(shell) |