Generally, one expects a client-server conversation to be greater on the download side rather than more data uploaded. This search can detect greater upload than download over a time period, like a client sending significantly more data than it receives from a server (e.g. data ex-filtration). For the best search results, query on a sourcetype […]
