pub const NETWORK_EXFIL_BYTES_THRESHOLD: u64 = _; // 268_435_456u64Expand description
The conservative per-interval bytes_sent threshold above which a SRUM network
row is surfaced as a graded exfiltration lead (USERACT-NETWORK-EXFIL-VOLUME).
SRUM aggregates per process per ~1-hour interval. 256 MiB sent by a single process in one interval is well above routine background/telemetry traffic yet low enough to catch a deliberate bulk upload; it is a deliberately conservative lead, not a verdict — a backup client or large legitimate upload can also cross it, so the examiner adjudicates.