The provided data shows network activity primarily from the internal host 172.17.0.99 (hostname desktop-rnvo9at, user afletcher)

What are the suspicious external IP addresses contacted, which might be involved in command-and-control (C2) communication? **Analysis** The question asks for suspicious external I

1 Pith paper cite this work. Polarity classification is still indexing.

1 Pith paper citing it

browse 1 citing papers

representative citing papers

Retrieval-Augmented LLMs for Security Incident Analysis

cs.CR · 2026-03-18 · accept · novelty 5.0

A RAG system with query-based log filtering achieves up to 94% recall in malware incident analysis and 96% attack-step detection, with ablation studies confirming the filtering step is essential.

citing papers explorer

Showing 1 of 1 citing paper.

Retrieval-Augmented LLMs for Security Incident Analysis cs.CR · 2026-03-18 · accept · none · ref 39
A RAG system with query-based log filtering achieves up to 94% recall in malware incident analysis and 96% attack-step detection, with ablation studies confirming the filtering step is essential.

The provided data shows network activity primarily from the internal host 172.17.0.99 (hostname desktop-rnvo9at, user afletcher)

fields

years

verdicts

representative citing papers

citing papers explorer