drop pcap pcapng or zeek conn log · apply statistical anomaly detection to network flows · surface outliers in byte count duration connection rate and port usage · identify scanning exfiltration and tunneling anomalies · runs locally
input
drop capture or flow log
or click
drop pcap · pcapng · zeek conn.log · csv