rita
Network traffic analyzer
A framework for detecting malicious communication patterns in network traffic by analyzing Zeek logs.
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
215 stars
4 watching
23 forks
Language: Go
last commit: 6 days ago
Linked from 1 awesome list
anomaly-detectionbeaconsblue-teamc2c2-detectioncommand-and-controlcyber-securityincident-responseintrusion-detectionlog-analysisnetwork-monitoringnetwork-traffic-analysissecurity-toolsthreat-huntingthreat-intelligencezeek
fabacab/awesome-cybersecurity-blueteamRelated projects:
| Repository | Description | Stars |
|---|---|---|
 austin-taylor/flare | An analytical framework designed to identify malicious behavior in networks by analyzing network traffic and domain information. | 449 |
 tomchop/malcom | Analyzes network traffic to detect malware communication and behavior | 1,158 |
 idaholab/malcolm | A powerful tool suite for analyzing and visualizing network traffic data | 368 |
 ch3k1/squidmagic | Analyzes web-based network traffic to detect malicious command and control servers using Squid proxy server and Spamhaus | 78 |
 cisagov/malcolm | A network traffic analysis tool suite that accepts various data formats and provides visualization and incident response capabilities. | 2,001 |
 eremit4/cs-discovery | Detects malicious servers in network traffic by analyzing encoded byte patterns | 20 |
 zeek/zeek | An in-depth network analysis framework for analyzing network traffic and security monitoring. | 6,513 |
 mandiant/flare-fakenet-ng | A tool to intercept and analyze network traffic for malware analysis and testing | 1,824 |
 shmohammadi86/netdecode | A tool to decode and analyze network traffic patterns | 0 |
| activecm/beaker | Aggregates Microsoft Sysmon network events with Elasticsearch and Kibana for threat hunting analysis | 287 |
 nesfit/netfoxdetective | A network forensic analysis tool that extracts content from communication protocols and visualizes it in various ways | 38 |
 xplico/xplico | Analyzes network traffic data from captured packets to extract and decode specific protocols and information. | 182 |
 michoo/pci | Analyzes network traffic to investigate packet interactions and visualize connections on a graph-based platform. | 90 |
 benjeems/packetstrider | Analyzes network traffic from SSH connections to detect potential security threats and reverse sessions. | 254 |
 antirez/hping | A network tool for custom TCP/IP packet sending and target reply display | 1,455 |