Upload files to "8 Tools"
This commit is contained in:
48
8 Tools/rita.md
Normal file
48
8 Tools/rita.md
Normal file
@ -0,0 +1,48 @@
|
||||
- By Cpl Iverson, Matthew
|
||||
|
||||
|
||||
## Overview
|
||||
|
||||
RITA is an open-source framework for network traffic analysis.
|
||||
The framework ingests Zeek Logs in TSV format, and currently supports the following major features:
|
||||
- Beaconing Detection: Search for signs of beaconing behavior in and out of your network
|
||||
- DNS Tunneling Detection Search for signs of DNS-based covert channels
|
||||
- Blacklist Checking: Query blacklists to search for suspicious domains and hosts
|
||||
|
||||
## Requirements
|
||||
|
||||
#### Without ZEEK
|
||||
CPU: 2+
|
||||
Ram: 16GB+
|
||||
STORAGE: 40GB
|
||||
|
||||
#### With ZEEK
|
||||
CPUs: 3-8
|
||||
RAM: 16GB - 128GB
|
||||
STORAGE: 300GB+
|
||||
NICs: 2
|
||||
|
||||
normal ubuntu install
|
||||
|
||||
```
|
||||
sudo apt install git
|
||||
git clone https://github.com/activecm/rita.git
|
||||
cd /rita
|
||||
sudo ./install.sh
|
||||
```
|
||||
|
||||
```
|
||||
Would you like to continue running the zeek configuration script and generate a new node.cfg file?
|
||||
y
|
||||
|
||||
Would you like to include it as a sniff interface (y/n)?
|
||||
y
|
||||
|
||||
```enp2s0```
|
||||
|
||||
would you like to replace the existing node.cfg with the above file?
|
||||
yes
|
||||
|
||||
sudo apt install zkg
|
||||
zkg install zeek/activecm/zeek-open-connections
|
||||
```
|
||||
Reference in New Issue
Block a user