RITA is an open source framework for network traffic analysis.
The framework processes Bro logs, and currently supports the following analysis features:
- Beaconing Detection: Search for signs of beaconing behavior in and out of your network
- DNS Tunneling Detection Search for signs of DNS based covert channels
- Blacklist Checking: Query blacklists to search for suspicious domains and hosts
- URL Length Analysis: Search for lengthy URLs indicative of malware
- Scanning Detection: Search for signs of port scans in your network
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.