BETH Dataset

timestamp Timestamp	processid ProcessId	threadid ThreadId	parentprocessid ParentProcessId	userid UserId	mountnamespace MountNamespace	processname ProcessName	hostname HostName	eventid EventId	eventname EventName	stackaddresses StackAddresses	argsnum ArgsNum	returnvalue ReturnValue	args Args
124.439221	381	381	1	101	4026532232	systemd-resolve	ip-10-100-1-129	41	socket	[139913106282763, 139913103116537, 94901962555136]	3	15	[{'name': 'domain', 'type': 'int', 'value': 'AF_UNIX'}, {'name': 'type', 'type': 'int', 'value': 'SOCK_DGRAM\|SOCK_CLOEXEC'}, {'name': 'protocol', 'type': 'int', 'value': 0}]
124.439751	378	378	1	100	4026532231	systemd-network	ip-10-100-1-129	41	socket	[140343254628619, 93967981149065, 93967990898192]	3	15	[{'name': 'domain', 'type': 'int', 'value': 'AF_UNIX'}, {'name': 'type', 'type': 'int', 'value': 'SOCK_DGRAM\|SOCK_CLOEXEC'}, {'name': 'protocol', 'type': 'int', 'value': 0}]
124.439958	1	1			4026531840	systemd	ip-10-100-1-129	1005	security_file_open	[140074839310116, 8103505641674583864]	4		[{'name': 'pathname', 'type': 'const char*', 'value': '/proc/378/cgroup'}, {'name': 'flags', 'type': 'unsigned int', 'value': 'O_RDONLY\|O_LARGEFILE'}, {'name': 'dev', 'type': 'dev_t', 'value': 5}, {'name': 'inode', 'type': 'unsigned long', 'value': 38540}]
124.440007	1	1			4026531840	systemd	ip-10-100-1-129	257	openat	[]	4	12	[{'name': 'dirfd', 'type': 'int', 'value': -100}, {'name': 'pathname', 'type': 'const char*', 'value': '/proc/378/cgroup'}, {'name': 'flags', 'type': 'unsigned int', 'value': 'O_RDONLY\|O_CLOEXEC'}, {'name': 'mode', 'type': 'mode_t', 'value': 3070885668}]
124.440037	1	1			4026531840	systemd	ip-10-100-1-129	5	fstat	[140074839307913]	2		[{'name': 'fd', 'type': 'int', 'value': 12}, {'name': 'statbuf', 'type': 'struct stat*', 'value': '0x7FFFD3386970'}]
124.44016	1	1			4026531840	systemd	ip-10-100-1-129	3	close	[140074839332011]	1		[{'name': 'fd', 'type': 'int', 'value': 12}]
124.440379	1	1			4026531840	systemd	ip-10-100-1-129	1005	security_file_open	[140074839310116, 8103505641674583857]	4		[{'name': 'pathname', 'type': 'const char*', 'value': '/proc/381/cgroup'}, {'name': 'flags', 'type': 'unsigned int', 'value': 'O_RDONLY\|O_LARGEFILE'}, {'name': 'dev', 'type': 'dev_t', 'value': 5}, {'name': 'inode', 'type': 'unsigned long', 'value': 38542}]
124.440414	1	1			4026531840	systemd	ip-10-100-1-129	257	openat	[]	4	12	[{'name': 'dirfd', 'type': 'int', 'value': -100}, {'name': 'pathname', 'type': 'const char*', 'value': '/proc/381/cgroup'}, {'name': 'flags', 'type': 'unsigned int', 'value': 'O_RDONLY\|O_CLOEXEC'}, {'name': 'mode', 'type': 'mode_t', 'value': 3070885668}]
124.440446	1	1			4026531840	systemd	ip-10-100-1-129	5	fstat	[]	2		[{'name': 'fd', 'type': 'int', 'value': 12}, {'name': 'statbuf', 'type': 'struct stat*', 'value': '0x7FFFD3386970'}]
124.440554	1	1			4026531840	systemd	ip-10-100-1-129	3	close	[]	1		[{'name': 'fd', 'type': 'int', 'value': 12}]


CREATE TABLE labelled_validation_data (
  "timestamp" DOUBLE,
  "processid" BIGINT,
  "threadid" BIGINT,
  "parentprocessid" BIGINT,
  "userid" BIGINT,
  "mountnamespace" BIGINT,
  "processname" VARCHAR,
  "hostname" VARCHAR,
  "eventid" BIGINT,
  "eventname" VARCHAR,
  "stackaddresses" VARCHAR,
  "argsnum" BIGINT,
  "returnvalue" BIGINT,
  "args" VARCHAR,
  "sus" BIGINT,
  "evil" BIGINT
);