Arkime (formerly Moloch) is an open-source, large-scale, indexed packet capture and search tool used for deep network traffic visibility.

Can I export data for use in other tools?

Yes, the skill can download PCAP data directly, which can then be opened in tools like Wireshark for further manual analysis.

Which security frameworks are supported?

This skill is mapped to MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, and NIST AI RMF.

Does this skill require an existing Arkime server?

Yes, you need an accessible Arkime viewer URL and valid credentials to utilize this skill's automated querying capabilities.

How does it detect beaconing?

The skill analyzes connection intervals and jitter percentages over a 24-hour period to identify highly consistent communication patterns typical of C2 traffic.

Arkime Network Traffic Analysis

Name: Arkime Network Traffic Analysis
Author: mukul975

bymukul975

•

4,121

•

보안 및 테스팅

Automates network traffic analysis and full packet capture querying using the Arkime API to detect sophisticated security threats.

This skill enables AI agents to interface directly with Arkime (formerly Moloch) for high-fidelity network forensics and threat hunting. By leveraging the Arkime API v3, the skill automates the process of searching sessions, downloading PCAP data, and analyzing connection patterns for indicators of compromise. It is designed to identify complex threats such as C2 beaconing, DNS tunneling, and TLS certificate anomalies, making it an essential tool for security operations centers (SOCs) looking to integrate AI into their incident response and monitoring workflows while maintaining alignment with NIST CSF and MITRE ATT&CK frameworks.

주요 기능

01DNS tunneling identification through query length and frequency statistics

02Full packet capture (FPC) session querying via Arkime API v3

03Forensic PCAP extraction for deep-dive packet-level investigation

04TLS certificate anomaly detection and malicious issuer flagging

05Automated C2 beaconing detection with jitter and interval analysis

064,121 GitHub stars

사용 사례

01Proactive threat hunting for low-and-slow command-and-control communication

02Monitoring network traffic for unauthorized DNS-based data exfiltration

03Automating incident response by programmatically retrieving network sessions for suspicious IPs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-network-traffic-analysis-with-arkime

For use in Claude.ai and ChatGPT

주요 기능

01DNS tunneling identification through query length and frequency statistics

02Full packet capture (FPC) session querying via Arkime API v3

03Forensic PCAP extraction for deep-dive packet-level investigation

04TLS certificate anomaly detection and malicious issuer flagging

05Automated C2 beaconing detection with jitter and interval analysis

064,121 GitHub stars

사용 사례

01Proactive threat hunting for low-and-slow command-and-control communication

02Monitoring network traffic for unauthorized DNS-based data exfiltration

03Automating incident response by programmatically retrieving network sessions for suspicious IPs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-network-traffic-analysis-with-arkime

For use in Claude.ai and ChatGPT