# Protocol & Service Analysis

Protocol & Service Analysis in Astral focuses on understanding how network protocols and services are used across the environment. This capability enables analysis of traffic distribution by protocol, service, and port, supporting both security and operational use cases.

Astral identifies the most frequently used protocols and services over time, allowing security teams to establish behavioral baselines and detect abnormal usage patterns. Sudden changes in protocol distribution or unexpected service exposure may indicate misuse, misconfiguration, or malicious activity.

In addition, Astral provides aggregated views of connection counts grouped by protocol and service type. This analysis helps identify high-risk services, legacy protocols, or unnecessary exposure within the environment, supporting risk reduction and informed security decision-making.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inopli.com/astral/rules/detection-capabilities/network-traffic-analytics/protocol-and-service-analysis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.