The TOR Traffic analytic is designed to identify allowed network traffic to The Onion Router (TOR), an anonymity service often associated with malicious activities such as hacking, data breaches, and illicit content distribution. This analytic utilizes data from Next Generation Firewalls and employs the Network_Traffic data model to detect instances where the application identified is TOR and the action taken is allowed. The significance of monitoring TOR traffic lies in its potential to enable unauthorized access and data exfiltration while bypassing conventional monitoring systems. The detection rule specifically looks for allowed actions to gauge potential security risks, essentially targeting the circumvention of standard traffic protocols and alerting on potential compliance breaches.