Stats
Actions
Tags
From cybersec-toolkit
Deploys and queries Arkime (formerly Moloch) for full packet capture network traffic analysis. Searches sessions, downloads PCAPs, detects beaconing, DNS tunneling, and TLS anomalies via the Arkime API v3.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersec-toolkit:implementing-network-traffic-analysis-with-arkimeThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When deploying or configuring implementing network traffic analysis with arkime capabilities in your environment
pip install requestspython scripts/agent.py --arkime-url https://arkime.local:8005 --user admin --password secret --output arkime_report.json
Source: 10.1.2.50 -> 185.220.101.34:443
Sessions: 288 over 24 hours
Avg interval: 300s, Jitter: 4.2%
Verdict: HIGH confidence C2 beaconing (jitter < 5%)
npx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkitDeploys and queries Arkime (formerly Moloch) for full packet capture network traffic analysis. Searches sessions, downloads PCAPs, detects beaconing, DNS tunneling, and TLS anomalies via the Arkime API v3.
Deploys and queries Arkime via API v3 for packet capture analysis: search sessions by IP/port/protocol, download PCAPs, detect C2 beaconing, monitor DNS/HTTP/TLS anomalies.
Deploys and queries Arkime for full packet capture network traffic analysis via API v3. Searches sessions by IP/port/protocol, downloads PCAPs, detects beaconing/C2, suspicious traffic, DNS tunneling, TLS anomalies.