rita-legacy

command module
v1.0.0-alpha Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 24, 2017 License: GPL-3.0 Imports: 5 Imported by: 0

README

#RITA

Brought to you by Offensive CounterMeasures

###What's here

RITA is an open source network traffic analysis framework.

The framework ingests Bro Logs, and currently supports the following analysis features:

  • Beaconing: Search for signs of beaconing behavior in and out of your network
  • Blacklisted: Query blacklists to search for suspicious domains and hosts in your network traffic
  • Scanning: Search for signs of port scans in your network

Additional functionality is being developed and will be included soon.

Automatic Installation

The automatic RITA installer is officially supported on Ubuntu 16.04 LTS

Clone the package:

git clone https://github.com/ocmdev/rita.git

Change into the source directory:

cd rita

Run the installer:

Note: By default, Rita will install to /usr/local/rita. However, you can change the install location with the -i flag.

sudo ./install.sh

or

sudo ./install.sh -i /path/to/install/directory

Manual Installation

To install each component of Rita by hand, check out the instructions in the wiki.

Configuration File

RITA contains a yaml format configuration file.

You can specify the location for the configuration file with the -c command line flag. If not specified, RITA will first look for the configuration in ~/.rita/config.yaml then /etc/rita/config.yaml.

API Keys

Rita relies on the the Google Safe Browsing API to check network log data for connections to known threats. An API key is required to use this service. Obtaining a key is free, and only requires a Google account.

To obtain an API key:

  • Go to the cloud platform console.
  • From the projects list, select a project or create a new one.
  • If the API Manager page isn't already open, open the left side menu and select API Manager.
  • On the left, choose Credentials.
  • Click Create credentials and then select API key.
  • Copy this API key to the APIKey field under SafeBrowsing in the configuration file.
  • On the left, choose Library.
  • Search for Safe Browsing.
  • Click on Google Safe Browsing API.
  • Near the top, click Enable.

Now replace the APIKey field under SafeBrowsing in the configuration file with the obtained key.

Getting Started

Link to video tutorial will be added soon!

###Getting help Head over to OFTC and join #ocmdev for any questions you may have.

###License GNU GPL V3 © Offensive CounterMeasures ™

###Contributing

Want to help? We'd love that! Here are some ways to get involved ranging in difficulty from easiest to hardest.

  1. Run the software and tell us when it breaks. We're happy to recieve bug reports. Just be sure to do the following:

    • Give very specific descriptions of how to reproduce the bug
    • Let us know if you're running RITA on weird hardware
    • Tell us about the size of the test, and the physical resources available
  2. Add godoc comments to the code. This software was developed for internal use mostly on the fly and as needed. This means that the code was not built to the typical standards of an open source project and we would like to get it there.

  3. Fix style compliance issues. Just run golint and start fixing non-compliant code.

  4. Work on bug fixes. Grab from the issues list and submit fixes.

  5. Help add features:

    • If you would like to become involved in the development effort, please hop on our OFTC channel at #ocmdev and chat about what's currently being worked on.

#####Submitting work: Please send pull requests and such as small as possible. As this is a product that we use internally, as well as a backend for a piece of commercially supported software. Every line of code that goes in must be inspected and approved. So if it is taking a while to get back to you on your work, or we reject code, don't be offended, we're just paranoid and desire to get this project to a very stable and useable place.

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
analysis
datatypes

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL