Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
GPL-3.0 License
Bot releases are visible (Hide)
Published by ethack about 5 years ago
Changes:
Published by ethack over 5 years ago
Changes:
Backend changes:
Installer changes:
Important Notes:
import
command's --chunk|--CC
parameter previously accepted values 1 <= chunk <= numchunks (or 1 based indexing). This has been changed to 0 <= chunk < numchunks (or 0 based indexing). If you have a script that uses this parameter please update it accordingly. If you specify chunk
such that it is equal to numchunk
you will get an error.Published by ethack over 5 years ago
Changes:
Published by ethack over 5 years ago
Changes:
Published by ethack over 5 years ago
Changes:
Bugfixes:
Published by ethack over 5 years ago
See the v3.0.0-beta1 release notes for a list of changes.
Since v3.0.0-beta1 there was a small bug fix and documentation updates for v3.
Published by ethack over 5 years ago
Bugfix:
Published by ethack over 5 years ago
Changes:
Already in master
Still to be done:
Published by ethack over 5 years ago
Changes:
Bugfixes:
freqConn
collection from being reset (#323)Config file changes:
Enabled
flags to each section to allow turning analysis modules on or off individually. All are enabled by default.Filtering
section added to defaults.Filtering: NeverInclude
section added and initialized to safe universal values.Filtering: InternalSubnets
section commented out by default. ❗ IMPORTANT ❗ This config section must be filled out before RITA will process new data.General Notes:
This release includes new aliases and flags to commands to help streamline workflow.
reset-analysis
-> reset
. Added flag -f|--force
to bypass prompt.analyze
. Added flag -r|--reset
to automatically perform reset
without prompting followed by analyze
.delete-database
-> delete
. Added -f|--force
flag to bypass prompt.Published by ethack almost 6 years ago
This version makes significant changes to the modules that are run. It removes a couple of low-value, high-cost analysis modules, which should greatly improve performance for large datasets. In order to use this version of RITA with older datasets they will require a re-analysis (rita reset-analysis <dataset> && rita analyze <dataset>
Removed:
Changes:
Bugfixes:
Config file changes:
Scanning
sectionBlacklisted: SafeBrowsing
subsectionFiltering
section added (but not included by default)Known Issues:
InternalSubnets
is not configured (as is the default) RITA will filter all connections (#341)Published by ethack almost 6 years ago
Changes:
Config file:
UserConfig
section added to config file. This controls how often RITA checks for updates. In older versions where it doesn't exist it will default to 14 days.Published by ethack about 6 years ago
Changes:
Published by ethack about 6 years ago
Changes:
Published by ethack about 6 years ago
Bug Fixes
Changes
Published by ethack over 6 years ago
This release is mainly an update to documentation and a change to the way the installer works.
Instead of installing Go and compiling RITA from scratch, the installer will pull a precompiled binary from Github as part of the install. This reduces a lot of the complexity and avoids having to install a development environment just to use RITA.
Because of this, you no longer need to clone the entire RITA repository. You can instead download the install.sh
file from this release and run it. The script will take care of everything else.
The installer will also now avoid overwriting an existing configuration file. The new file will be saved next to it as config.yaml.new
so that a user can manually migrate it over if needed.
Published by ethack over 6 years ago
Published by ethack over 6 years ago
This beta release contains many breaking changes from previous RITA versions. This release should be feature stable for our upcoming v1.0.0 release. We've worked hard to combine all breaking changes into one release with the intention of keeping RITA more stable going forward. We highly recommend running the RITA installation on a fresh install of Ubuntu 16.04.
Published by activecm over 7 years ago
We are consistently rolling out new features, squashing bugs, and planning the future of RITA. Currently, we are rapidly iterating on the framework. Due to this rapid development, breaking changes are constantly rolling out. Once the framework settles, version 1.0.0 will be released and RITA will follow semantic versioning.
make install
, run git checkout tags/v1.0.0-alpha2
The attached binary is built for AMD64 Linux.
chmod +x rita
mkdir ~/.rita
mv config.yaml ~/.rita
NAME:
rita - Look for evil needles in big haystacks.
USAGE:
rita [global options] command [command options] [arguments...]
VERSION:
v1.0.0-alpha2-0-g5321fb6
COMMANDS:
analyze Analyze imported databases, if no [database,d] flag is specified will attempt all
delete-database Delete an imported database
import Import bro logs into the database
html-report Write analysis information to html output
reset-analysis Reset analysis of one or more databases
show-beacons Print beacon information to standard out
show-blacklisted Print blacklisted information to standard out
show-databases Print the databases currently stored
show-exploded-dns Print dns analysis. Exposes covert dns channels.
show-long-connections Print long connections and relevant information
show-scans Print scanning information
show-long-urls Print the longest urls
show-most-visited-urls Print the most visited urls
show-user-agents Print user agent information
test-config Check the configuration file for validity
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help
--version, -v print the version
Published by joelillo over 7 years ago
Calling this release alpha because we still have some new features to incorporate into version1.x.x.