The telemetry we receive is roughly equivalent to what you see in your .status.minute. file. In addition your SNF node sends:

GBUdb alerts - These contain periodic updates on IP information in your GBUdb database so that the information can be shared with the cloud. An example might be:

<gbu time="20080116220039" ip="190.28.248.159" t="Ugly" b="1" g="0"/>
<gbu time="20080116220041" ip="74.50.113.233" t="Ugly" b="1" g="0"/>
<gbu time="20080116220045" ip="201.92.79.22" t="Ugly" b="1" g="0"/>
<gbu time="20080116220047" ip="74.50.113.233" t="Ugly" b="2" g="0"/>

Spam samples - Messages that would normally be truncated but do not fail pattern rules are randomly sampled by default and sent to our virtual spamtrap system. This feature can be disabled if you wish.

Your node then receives:

Rulebase status - Our system sends back information on the latest rulebase file.

GBUdb reflections - Our system sends back GBUdb reflections (same format as above) corresponding to any alerts that your system sends us. This allows your system to learn from the cloud.