rita
rita copied to clipboard
activecm
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
The malware domains threat intel list is no longer available. This PR remove the threat intel source and alleviates a stall that occurred the first time a user went to...
Hello, rita show... commands will only return IP addresses (mainly interested in the Destination IP). In the MangoDB, the dns resolution is in the Database (home/hostnames/host and ip in dat:ips)...
Bro has an intel [log](https://www.bro.org/sphinx/script-reference/log-files.html) documented [here](https://www.bro.org/sphinx/scripts/base/frameworks/intel/main.bro.html#type-Intel::Info). One notable service that integrates with this log is [Critical Stack](https://intel.criticalstack.com/) which acts as a sort of blacklist marketplace/aggregator. The suggestion I have...
One user manually transferred databases between MongoDB instances. They transferred their MetaDatabase, however did not transfer all the databases referenced in the MetaDatabase. This caused rita to error when run,...
Currently the RITA installer requires the user to answer a number of prompts. This makes it impossible to run the installer from an automated system such as TrevorCI or Jenkins....
Bro IDS possesses an extensible architecture allowing for new code to be distributed and ran along side it. In particular, it allows plugins to define new log writers. In theory,...
The issue is that RITA only works with version 4.2-4.3 of MongoDB. The latest stable release of MongoDB is 5.0.6. I tried locking in the version installed using apt, but...
Here is my config.yaml: ``` # This section configures the connection to the MongoDB server and the database name to use MongoDB: # See https://docs.mongodb.com/manual/reference/connection-string/ ConnectionString: mongodb://localhost:27017 # Example with...
As seen in #729, Go will no longer prioritize the DNS link provided by Docker over the `/hosts` file generated inside the container by Docker. This means that we can...
RITA has the ability to detect beacons to domain names which should help with finding C2 channels which utilize DNS to distribute their traffic. However, if an attacker creates a...