# Network Traffic Analytics Network Traffic Analytics in Astral provides analytical and observational capabilities focused on understanding network behavior over time. Rather than detecting individual threats or triggering alerts, this capability is designed to offer visibility into traffic patterns, trends, and usage characteristics across the environment, supporting investigation, threat hunting, and operational awareness. Astral analyzes network telemetry derived from flow data, IDS signals, and other network sources to build a comprehensive view of how hosts, services, and protocols interact. By aggregating and contextualizing this data, the platform enables security teams to identify deviations from normal behavior, understand attack surfaces, and validate the impact and scope of security incidents. Network traffic analytics complements Astral’s detection capabilities by providing historical context and behavioral baselines. These insights support deeper analysis during investigations and enable security teams to move beyond reactive alerting toward proactive and informed security operations. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inopli.com/astral/rules/detection-capabilities/network-traffic-analytics.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.