Use this skill for Janus requests that ask what to measure, how to measure it, which analyzer should answer it, or how to implement or adjust source-aware analysis across Janus-supported C2 telemetry.
Use this skill when the user wants Janus to answer a measurement question, design a new metric, extend an analyzer, or explain how a finding or implementation should vary across Janus-supported C2 telemetry.
Start from the existing Janus execution path instead of inventing new analysis flows. Read the source-specific reference that matches the request before making source-specific claims.
mythic, ghostwriter, cobaltstrike, or a cross-source comparison. If the source is omitted, infer it from the task or config only when low-risk.janus.pyCore/analyzer_registry.pyCore/analyzer_behavior_registry.pyConfig/analyzers.ymlConfig/analyzer_registry.ymlreferences/mythic.md, then Parsers/Mythic/mythic_pull.pyreferences/mythic.md, then Parsers/Mythic/partial_data_adapter.pyreferences/ghostwriter.md, then Parsers/Ghostwriter/main.pyreferences/cobaltstrike.md, then Parsers/CobaltStrike/cobalt_strike_rest.pydocs/architecture.md, then the relevant source references aboveCore/analyzer_registry.py.Core/analyzer_registry.pyConfig/analyzers.ymljanus.py ANALYZER_FUNCTIONSjanus.py run_analyze()'s explicit analyzer dispatch branchConfig/analyzer_registry.yml over hard-coding special cases.Core/html_output.py when an analyzer's output schema changes. Find the _render_<analyzer_name> function and update any .get("key") references that no longer match. Silently empty tables are the failure mode.run_analyze() registration.normalize_timestamp() accepts ISO and epoch values; malformed timestamps should be handled intentionally (skip with counters or raise early).load_events() can validate schema and warns on unknown event types.run_merge() remaps missing or duplicate operation_id values to deterministic unique IDs to avoid cross-operation key collisions.When answering the user, produce:
docs/architecture.mddocs/partial-data.mddocs/ghostwriter-api-reference.md