top of page
Search

RITA - An open source framework for network traffic analysis.

The framework ingests Zeek Logs in TSV or JSON format, and currently supports the following major features:


Beaconing Detection: 

Search for signs of beaconing behavior in and out of your network.


Long Connection Detection: Easily see connections that have communicated for long periods of time.


DNS Tunneling Detection: Search for signs of DNS based covert channels.


Threat Intel Feed Checking: Query threat intel feeds to search for suspicious domains and hosts.


Check out the Source at : Activecountermeasures

 
 

Recent Posts

See All
Untitled Goose Tool

Much useful Incident Response (IR) tool released by CISA to run a full investigation against a customer’s Azure Active Directory...

 
 
Magnet RESPONSE tool

The acquisition of volatile data in the IR process is very important and Incident Responders used to execute separate tools and commands...

 
 
bottom of page