drop pcap files or http log exports · fingerprint cobalt strike sliver havoc brute ratel metasploit c2 traffic · beacon interval analysis · malleable c2 profiles · jarm fingerprints · uri patterns · runs locally
network artifacts
drop pcap or http / conn logs
pcap scanned as printable strings · zeek conn csv supported
drop pcap · http access logs · zeek conn csv · tls exports