ethack
ethack
### Current behavior I have a network configured in RITA"s NeverInclude section but JA3 hashes still end up being processed from that network. Same behavior for User Agent strings. ###...
We already offer this script to help install a more performant version of Bro. https://github.com/activecm/bro-install We should modify the RITA installer to use bro-install to compile bro from source with...
Specifically, the beacon output has tables with obtuse labels, but other modules would benefit as well. When you run "rita show-beacons", you get a nifty report with the column titles:...
Add functionality that displays the database versions. This could be a new command, but might make more sense as an extra flag on the existing `rita list` command. e.g. `rita...
The following line will attempt to append a `/32` on any string configured in the Filtering section if it fails to parse. The rationale is that the user may simply...
This change should only have to be made in the Dockerfile and test.Dockerfile files. Then make sure the tests pass and that rita still runs correctly.
[Here](https://github.com/activecm/rita/blob/v3.0.6/parser/fsimporter.go#L456-L466) is where we keep track of the longest connection made for the `show-long-connections` output. We could easily store the [tuple](https://github.com/activecm/rita/blob/v3.0.6/parser/fsimporter.go#L345-L350) of port/protocol/service as well. This way we could print...
We currently import certificates and keep track of invalid ones. But we don't have an associated `show-certificates` command. Add a `show-certificates` command that displays the information about the certificates we...
While watching a talk about threat hunting it was pointed out that bad certificates are often smaller than good ones. This is due to attackers being lazy and not filling...