Hi,
suppose a network device detects infected clients by identifying malware
callback patterns in the clients network communication (typically HTTP GETs
or POSTs initiated by the client). Which XDAS taxonomy should apply to such
events and who is initiator and who the target?

Norbert