RITA
This is a cybersecurity analysis framework focused on detecting and prioritizing genuine, high-impact threats by correlating real-world adversary behavior with technical security data. Instead of relying solely on isolated alerts or signatures, RITA emphasizes contextual intelligence combining network traffic analysis, system logs, behavioral indicators, and threat intelligence to distinguish meaningful malicious activity from background noise. This approach helps analysts identify patterns such as command-and-control communication, lateral movement, and data exfiltration attempts that align with known attacker tactics, techniques, and procedures (TTPs). By focusing on actionable intelligence rather than raw volume, RITA enables security teams to respond more effectively, reduce false positives, and concentrate resources on threats that pose actual risk to the organization.
NOTE: RITA only accepts network traffic input as Zeek logs
FEATURES
C2 beacon detection
DNS tunneling detection
Long connection detection
Data exfiltration detection
Checking threat intel feeds
Score connections by severity
Show the number of hosts communicating with a specific external IP
Shows the datetime when the external host was first seen on the network
Last updated