# Temporal Traffic Analysis Temporal Traffic Analysis in Astral focuses on understanding how network activity evolves over time. This capability enables security teams to analyze trends, spikes, and behavioral changes by observing traffic metrics across defined time ranges. Astral provides visibility into the most active source and destination hosts over time, allowing analysts to identify systems that generate or receive unusually high volumes of traffic. This analysis helps uncover abnormal behavior, misconfigurations, or compromised assets that may not be evident from isolated events. In addition, Astral tracks allowed and blocked connections as reported by perimeter and network defense controls. By analyzing these events over time, security teams can identify periods of increased attack activity, validate the effectiveness of security controls, and correlate traffic behavior with known incidents or environmental changes. Temporal analysis supports investigations by providing historical context and enabling analysts to reconstruct activity timelines, validate hypotheses, and understand how threats evolve within the network. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inopli.com/astral/rules/detection-capabilities/network-traffic-analytics/temporal-traffic-analysis.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.