This document discusses how network monitoring can be used to detect and manage threats. It describes Cisco's Stealthwatch solution, which leverages NetFlow data to provide network visibility. Stealthwatch collects and analyzes NetFlow records to generate conversational flow records that provide context about network communications. This enriched flow data can be used to identify anomalies, track indicators of compromise, and monitor for potential insider threats or data exfiltration. The document also outlines how Stealthwatch features like host groups, reports, behavioral analysis and policy monitoring can aid in network security investigations.