BETH Dataset

timestamp Timestamp	processid ProcessId	threadid ThreadId	parentprocessid ParentProcessId	userid UserId	mountnamespace MountNamespace	processname ProcessName	hostname HostName	eventid EventId	eventname EventName	stackaddresses StackAddresses	argsnum ArgsNum	returnvalue ReturnValue	args Args
129.050634	382	382	1	101	4026532232	systemd-resolve	ip-10-100-1-217	41	socket	[140159195621643, 140159192455417, 94656731598592]	3	15	[{'name': 'domain', 'type': 'int', 'value': 'AF_UNIX'}, {'name': 'type', 'type': 'int', 'value': 'SOCK_DGRAM\|SOCK_CLOEXEC'}, {'name': 'protocol', 'type': 'int', 'value': 0}]
129.051238	379	379	1	100	4026532231	systemd-network	ip-10-100-1-217	41	socket	[139853228042507, 93935071185801, 93935080775184]	3	15	[{'name': 'domain', 'type': 'int', 'value': 'AF_UNIX'}, {'name': 'type', 'type': 'int', 'value': 'SOCK_DGRAM\|SOCK_CLOEXEC'}, {'name': 'protocol', 'type': 'int', 'value': 0}]
129.051434	1	1			4026531840	systemd	ip-10-100-1-217	1005	security_file_open	[140362867191588, 8103505641674583858]	4		[{'name': 'pathname', 'type': 'const char*', 'value': '/proc/382/cgroup'}, {'name': 'flags', 'type': 'int', 'value': 'O_RDONLY\|O_LARGEFILE'}, {'name': 'dev', 'type': 'dev_t', 'value': 5}, {'name': 'inode', 'type': 'unsigned long', 'value': 38584}]
129.051481	1	1			4026531840	systemd	ip-10-100-1-217	257	openat	[]	4	17	[{'name': 'dirfd', 'type': 'int', 'value': -100}, {'name': 'pathname', 'type': 'const char*', 'value': '/proc/382/cgroup'}, {'name': 'flags', 'type': 'int', 'value': 'O_RDONLY\|O_CLOEXEC'}, {'name': 'mode', 'type': 'int', 'value': 3335958308}]
129.051522	1	1			4026531840	systemd	ip-10-100-1-217	5	fstat	[140362867189385]	2		[{'name': 'fd', 'type': 'int', 'value': 17}, {'name': 'statbuf', 'type': 'struct stat*', 'value': '0x7FFE8293A360'}]
129.051635	1	1			4026531840	systemd	ip-10-100-1-217	3	close	[140362867213483]	1		[{'name': 'fd', 'type': 'int', 'value': 17}]
129.051935	1	1			4026531840	systemd	ip-10-100-1-217	1005	security_file_open	[140362867191588, 8103505641674583865]	4		[{'name': 'pathname', 'type': 'const char*', 'value': '/proc/379/cgroup'}, {'name': 'flags', 'type': 'int', 'value': 'O_RDONLY\|O_LARGEFILE'}, {'name': 'dev', 'type': 'dev_t', 'value': 5}, {'name': 'inode', 'type': 'unsigned long', 'value': 38586}]
129.05197	1	1			4026531840	systemd	ip-10-100-1-217	257	openat	[]	4	17	[{'name': 'dirfd', 'type': 'int', 'value': -100}, {'name': 'pathname', 'type': 'const char*', 'value': '/proc/379/cgroup'}, {'name': 'flags', 'type': 'int', 'value': 'O_RDONLY\|O_CLOEXEC'}, {'name': 'mode', 'type': 'int', 'value': 3335958308}]
129.051995	1	1			4026531840	systemd	ip-10-100-1-217	5	fstat	[]	2		[{'name': 'fd', 'type': 'int', 'value': 17}, {'name': 'statbuf', 'type': 'struct stat*', 'value': '0x7FFE8293A360'}]
129.05211	1	1			4026531840	systemd	ip-10-100-1-217	3	close	[]	1		[{'name': 'fd', 'type': 'int', 'value': 17}]


CREATE TABLE labelled_testing_data (
  "timestamp" DOUBLE,
  "processid" BIGINT,
  "threadid" BIGINT,
  "parentprocessid" BIGINT,
  "userid" BIGINT,
  "mountnamespace" BIGINT,
  "processname" VARCHAR,
  "hostname" VARCHAR,
  "eventid" BIGINT,
  "eventname" VARCHAR,
  "stackaddresses" VARCHAR,
  "argsnum" BIGINT,
  "returnvalue" BIGINT,
  "args" VARCHAR,
  "sus" BIGINT,
  "evil" BIGINT
);