trombonehero
commented
7 years ago Resolved by d949cdf1ed0d0784725080cf762ce1c99a7f7e68 yesterday. Cheers!
Closed trombonehero closed 7 years ago
trombonehero
commented
7 years ago Resolved by d949cdf1ed0d0784725080cf762ce1c99a7f7e68 yesterday. Cheers!
When we have a socket with a remote IP of, e.g., 10.0.0.2, could it make sense to show a provenance edge between that socket and the machine that has that IP? That could help us see visually how the different parts of the attack operation are related to a single C&C server (or, alternatively, to different machines).