RITA – Real Intelligence Threat Analysis
Released by the SANS, the RITA toolkit is intended to help approach the of ten overwhelming task of combing through piles of log
data looking for the following suspicious behaviors:
- Beaconing : Connections that happen frequently and on similar intervals could be an indicator of malware calling home
- Blacklisted IPs: Blacklisted IPs are addresses reported as being involved with malware, spamming, and other dangerous activities
- Scanning: These events occur when a computer attempts to connect to a large number of ports on a system, searching for vulnerabilities
- Long Durations: Connections that are beyond the length of average on a network could indicate a compromised system
- Long URLs: Longer than normal URLs could potentially be used to transfer malicious data into the system
- Concurrent Logins: A user being logged into a high number of systems could indicate that this user’s account or original system has been compromised
[button size=medium style=round color=red align=none url=https://www.dropbox.com/sh/nvwevym6zrj8d9f/AAAdoH6RR8D1AmdlqrnF_Lpqa?dl=0 ]Download [/button]