Logan Lembke
Logan Lembke
The malware domains threat intel list is no longer available. This PR remove the threat intel source and alleviates a stall that occurred the first time a user went to...
Bro IDS possesses an extensible architecture allowing for new code to be distributed and ran along side it. In particular, it allows plugins to define new log writers. In theory,...
As seen in #729, Go will no longer prioritize the DNS link provided by Docker over the `/hosts` file generated inside the container by Docker. This means that we can...
RITA has the ability to detect beacons to domain names which should help with finding C2 channels which utilize DNS to distribute their traffic. However, if an attacker creates a...
The IDS formerly known as Bro IDS has been known as Zeek for a while now. In general, additions added to RITA after this rename have used `Zeek` while additions...
In many RITA modules, we attempt to perform an upsert into an array by querying to see if a matching record already exists and then issuing a `$push` or `$set`...
Description: Currently, the host based exploded dns analysis is performed in the host package. https://github.com/activecm/rita/blob/e6c740f6ef1e2b88950eb63b1f3c6538720d0de3/pkg/host/analyzer.go#L86 This analysis should be broken out into its own package in order to keep the...
https://github.com/activecm/rita/pull/591#discussion_r522562305
Going through the RITA code, I noticed we limit each unique connection pair to only 5 (transport, port, service) tuples. This was noted in https://github.com/activecm/rita/issues/463#issuecomment-494924541 The code for it is...
This PR adds some helpful hints for getting Beaker running in response to issues #47 and #60.