Real Intelligence Threat Analytics (RITA) is an open-source framework for network traffic analysis.
The framework ingests Bro Logs, and currently supports the following analysis features:
- Beaconing Detection: Search for signs of beaconing behaviour in and out of your network
- DNS Tunneling Detection Search for signs of DNS based covert channels
- Blacklist Checking: Query blacklists to search for suspicious domains and hosts
- URL Length Analysis: Search for lengthy URLs indicative of malware
- Scanning Detection: Search for signs of port scans in your network