# Network Traffic Monitor

Monitors active TCP connections and DNS cache for malicious activity using live threat intelligence feeds, AbuseIPDB reputation scoring, and local behavioral heuristics. Runs hourly via Syncro RMM and raises alerts categorized as `network_traffic_critical` or `network_traffic_warning`.

See [project.md](project.md) for full architecture, detection layers, and deployment details.

## Files

| File | Description |
|---|---|
| `network_traffic_monitor.ps1` | Main Syncro script — deploy this |
| `project.md` | Architecture, detection layers, deployment guide |