- By Cpl Iverson, Matthew


## Overview

RITA is an open-source framework for network traffic analysis.
The framework ingests Zeek Logs in TSV format, and currently supports the following major features:
    - Beaconing Detection: Search for signs of beaconing behavior in and out of your network
    - DNS Tunneling Detection Search for signs of DNS-based covert channels
    - Blacklist Checking: Query blacklists to search for suspicious domains and hosts

## Requirements

#### Without ZEEK
CPU: 2+
Ram: 16GB+
STORAGE: 40GB 

#### With ZEEK
CPUs: 3-8
RAM: 16GB - 128GB
STORAGE: 300GB+
NICs: 2

normal ubuntu install

```
sudo apt install git
git clone https://github.com/activecm/rita.git
cd /rita
sudo ./install.sh
```

```
Would you like to continue running the zeek configuration script and generate a new node.cfg file?
y

Would you like to include it as a sniff interface (y/n)?
y

```enp2s0```

would you like to replace the existing node.cfg with the above file?
yes

sudo apt install zkg
zkg install zeek/activecm/zeek-open-connections
```