Detection-only (no mitigation actions) Clean, readable Python Uses standard libraries where possible Handles errors gracefully (missing log file, permissions) ...