Skill UI

This script performs statistical analysis on Zeek connection logs (conn.log) to detect Command and Control (C2) beaconing patterns. It leverages the ZAT library to load data into Pandas DataFrames, calculates inter-arrival time statistics, and flags connections with low standard deviation relative to the mean. This technique is crucial for network threat hunting and security incident investigation when identifying malicious, periodic callbacks.

This capability provides advanced threat hunting by analyzing network telemetry (DNS, proxy, connection logs) to detect Command and Control (C2) beaconing patterns. It uses statistical analysis, frequency detection, and jitter analysis to identify compromised endpoints communicating with adversary infrastructure, crucial for proactive threat detection and incident response.