What types of data are analyzed (Flow, DNS, TLS, etc.)?

AI modules analyze behavioral and network features extracted from Suricata events.

Supported data types:

• Flow — network flows (volume, direction, duration, frequency);
• DNS — queries, responses, and domain behavior;
• TLS — handshake characteristics, versions, JA-like features;
• HTTP — methods, headers, and request patterns;
• Metadata — aggregated and time-based behavioral features.

The analysis is based on deviations from normal behavior rather than signatures.