statistical interval analysis · C2 beaconing patterns · jitter detection · periodic callback identification
drop connection logs
Drop CSV / TSV connection logs
supports Zeek conn.log, Syslog, generic CSV with IP + timestamp — no PCAP parsing (use pcap-reader first)
status
drop connection logs or PCAP CSV — detect C2 beaconing patterns