cnicholas
/
Cybertek-Detection-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Cybertek-Detection-Scripts/network_traffic_monitor
History
cole@cybertek.systems 5b2c329d15 Add per-folder READMEs and network traffic monitor project.md 2026-03-16 09:21:13 -05:00
..
README.md Add per-folder READMEs and network traffic monitor project.md 2026-03-16 09:21:13 -05:00
network_traffic_monitor.ps1 Initial commit: network traffic monitor, lolrmm detector, event log monitor 2026-03-16 09:14:51 -05:00
project.md Add per-folder READMEs and network traffic monitor project.md 2026-03-16 09:21:13 -05:00

README.md

Network Traffic Monitor

Monitors active TCP connections and DNS cache for malicious activity using live threat intelligence feeds, AbuseIPDB reputation scoring, and local behavioral heuristics. Runs hourly via Syncro RMM and raises alerts categorized as network_traffic_critical or network_traffic_warning.

See project.md for full architecture, detection layers, and deployment details.

Files

File Description
network_traffic_monitor.ps1 Main Syncro script — deploy this
project.md Architecture, detection layers, deployment guide