Hi Richard,
My usage of hogzilla was mostly in a VM as a troubleshooting/investigative tool, however reviewing the project it appears that it may not be as active as it was previously on the open source side. I can see sFlow being the primary input for this as its anomaly detection through statistical analysis. They had a section of reference papers, wether those are what Hogzilla is based on or not i’m not sure.
Most of what I used hogzilla for I’ve replaced with Jupyter+scikit+pandas+seaborn. I have looked at getting https://openargus.org/ setup for a more automated collection and processing.
OpenArgus maybe the better suggestion here in-place of hogzilla.