Network Monitoring

The detecting-network-anomalies-with-zeek skill helps deploy Zeek for passive network monitoring, review structured logs, and build custom detections for beaconing, DNS tunneling, and unusual protocol activity. It is suited for threat hunting, incident response, SIEM-ready network metadata, and Security Audit workflows—not inline prevention.

detecting-exfiltration-over-dns-with-zeek helps detect DNS data exfiltration from Zeek dns.log by flagging high-entropy subdomains, long labels, and unusual query volume. Use this detecting-exfiltration-over-dns-with-zeek skill for threat hunting, triage, and repeatable analysis with Zeek field references and scripts.

analyzing-network-traffic-for-incidents helps incident responders analyze PCAPs, flow logs, and packet captures to confirm C2, lateral movement, exfiltration, and exploitation attempts. Built for analyzing-network-traffic-for-incidents for Incident Response with Wireshark, Zeek, and NetFlow-style investigation.

detecting-attacks-on-historian-servers helps detect suspicious activity on OT historian servers like OSIsoft PI, Ignition, and Wonderware at the IT/OT boundary. Use this detecting-attacks-on-historian-servers guide for Incident Response, unauthorized queries, data manipulation, API abuse, and lateral-movement triage.

The configuring-suricata-for-network-monitoring skill helps deploy and tune Suricata for IDS/IPS monitoring, EVE JSON logging, rules management, and SIEM-ready output. It suits the configuring-suricata-for-network-monitoring for Security Audit workflow when you need practical setup, validation, and false-positive reduction.