Netflow

analyzing-ransomware-network-indicators helps analyze Zeek conn.log and NetFlow to spot C2 beaconing, TOR exits, exfiltration, and suspicious DNS for Security Audit and incident response.

analyzing-network-traffic-for-incidents helps incident responders analyze PCAPs, flow logs, and packet captures to confirm C2, lateral movement, exfiltration, and exploitation attempts. Built for analyzing-network-traffic-for-incidents for Incident Response with Wireshark, Zeek, and NetFlow-style investigation.