Argus is a network activity logging facility, generating status reports on the existence, and status of network transactions. This data is modeled after the telco voice system's Call Detail Record, which has been used by the telcos to support a huge number of management operations, including security, operations and performance management. As a result, argus data has security, operations and performance metrics embedded in its data model to support these efforts.
Analytics can be very simple, such as the count of TCP connections seen in a day, or the maximum bandwidth seen in any HTTP request, or total bytes transmitted, or the total number of IPv4 and IPv6 addresses access by this server.
Analytics can also be complex, such as is this network connection different from what we expect, is this network traffic allowed, or what is the likelihood of this network relationship being a threat to an organization.
From a security perspective, having a comprehensive network log of all the activity of a network link, or even a single host, is huge, as it enables post incident network forensics analysis, so you can figure out answers to " what went wrong ", " when did they start ", " how did they get in ", " are they still around ", " is it a machine or a person " or " how bad is it " ????
But having a lot of network history enables you to understand normal behavior, whether you're a security person, or a network operations person. What is normal can help you to understand if things are ok, and what you can expect.
If the data is well developed, you should be able to do the kinds of things that the telcos have been doing with their CDRs. Establish baselines of network usage, characterize the services being used, account for network failures, charge back for network use, troubleshoot poor connectivity, etc ...
The existing argus-client programs provide the basic foundation for answering these questions, and more. Historical projects have centered around visualizations of network activity, social network analysis of network matrix data, scan detection, lateral movement detection, etc ...