1.0 KiB
1.0 KiB
- By Cpl Iverson, Matthew
Overview
RITA is an open-source framework for network traffic analysis. The framework ingests Zeek Logs in TSV format, and currently supports the following major features: - Beaconing Detection: Search for signs of beaconing behavior in and out of your network - DNS Tunneling Detection Search for signs of DNS-based covert channels - Blacklist Checking: Query blacklists to search for suspicious domains and hosts
Requirements
Without ZEEK
CPU: 2+ Ram: 16GB+ STORAGE: 40GB
With ZEEK
CPUs: 3-8 RAM: 16GB - 128GB STORAGE: 300GB+ NICs: 2
normal ubuntu install
sudo apt install git
git clone https://github.com/activecm/rita.git
cd /rita
sudo ./install.sh
Would you like to continue running the zeek configuration script and generate a new node.cfg file?
y
Would you like to include it as a sniff interface (y/n)?
y
```enp2s0```
would you like to replace the existing node.cfg with the above file?
yes
sudo apt install zkg
zkg install zeek/activecm/zeek-open-connections