# Geographical Traffic Analysis

Geographical Traffic Analysis provides visibility into the geographic distribution of network connections and traffic sources. Astral correlates network activity with geographic information to help security teams understand where traffic originates and how it relates to organizational risk profiles.

This capability includes visualization and analysis of blocked and suspicious connections by geographic origin. By identifying countries or regions associated with high volumes of blocked or anomalous traffic, security teams can detect potential abuse, coordinated attack campaigns, or policy violations.

Geographical analysis also supports validation of security assumptions. Traffic originating from regions outside of expected operational areas can be quickly identified and investigated, providing additional context for threat detection and response activities.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inopli.com/astral/rules/detection-capabilities/network-traffic-analytics/geographical-traffic-analysis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.