v4.2.0

Changes:

• Added TotalBytes to show-beacons and html-report (#625)
• Add Indices to Quickly Search for Hosts which Contacted BL Hosts (#627)
• Add no-browser flag to prevent html-report from auto-launching the browser (#630)

Bug Fixes:

• Remove old fqdn beacon info when rolling imports roll over (#621)

v4.1.0

Changes:

• Beacon Detection by FQDN (#604, #615, #616, #619, #621)
  • Adds a new command show-beacons-fqdn which reports beaconing activity to groups of external IP addresses based on domain names
• Run exploded dns analysis for the set of domains queried by each host (#608, #610, #613)
  • Adds new data to the host collection for scoring an individual host
    Domain filtering and fqdn threshold hotfix #619

v4.0.0

Changes:

• Replace reflect with type assertions in import (#586)
  • Speeds up the import.
• Update threat intel feeds (#581)
  • Reduces false positives in threat intel/blacklist results.
• Support Parsing Zeek Logs Collected By Multiple Remote Agents (e.g. Sysmon) (#591)
  • Allows integrating with Sysmon logs through espy.

This release includes breaking changes. There may be incorrect results or errors if you try to use RITA v4 to read a v3 database or vice versa.

v3.3.1

Changes:

• Always Update Custom Blacklists (#575)
• Update installer to v3.3.1 (#579)

v3.3.0

Changes:

• Fixed empty log handling and error messages (#555)
• Batch Files During Import To Lower RAM Usage / Break Up Importing for Datasets Larger than 2GB (#560)
• Remove error printed on every incompatible file (#563)
• Specify Output Delimiter with CLI Flag (#573)

Documentation:

• Updating usage docs to make rolling import use cases more clear. (#557)
• Escape % symbols in cron example (#570)

Development:

• Switch to Go modules (#564)

v3.2.1

Bugfixes:

• Fixed RITA misspelling (#551)

Installer:

• Use ACM managed Bro repos; Install bro 2.5.5 for Ubuntu Xenial (#554)
• Update installer to v3.2.1 (#558)

Documentation:

• Update zeek links in install documentation (#552)

v3.2.0

Changes:

• Add RFC1918 as default subnets (#515)
• Add support for Zeek JSON logs (#513)
• Wrap long domains in human readable exploded-dns output (#535)
• Human readable duration for show-long-connections output (#536)

Bugfixes:

• Allow html report to be created when there are no results for some modules (#527)
• Distinguish empty User Agent strings from empty JA3 hashes (#539)

Installer changes and fixes:

• Pin ja3 download commit to pre-zeek renaming (#523)
• Add identifier so we support RHEL workstation as well as RHEL server (#528)
• Support /var/log/bro/ as log location (#531)
• Prevent Installation Errors When Default Ubuntu Bro Package is Installed (#530)
• Removed unneeded workaround for Bro install on CentOS (#480)
• Don't run gen-node-cfg in noexec temp dir (#541)
• Update installer to rita 3.2.0 (#547)

Documentation:

• Gittiquete summary fix (#534)
• Updating contributing documentation to align with current workflow (#537)
• Update readme to reflect json import (#540)

v3.1.1

Changes:

• Update installer to v3.1.1 (#518)

Bugfixes:

• Fixed maxdur to include incoming connections (#517)

Development changes:

• Fix test workflow to accept files in subdirectories (#519)

v3.1.0

Changes:

• Force rita build even if it is up to date (#507)
• Add install.sh support for Ubuntu 18.04 (#510)
• Add --delete flag to import to allow re-import (#511)
• Revise install documentation (#502)
• Update installer to version 3.1.0 (#514)

Bugfixes:

• Invalid certificate bug fix (#506)
• Fix to keep track of max duration in hosts (#512)

v3.0.6

Changes:

• Update Security Onion link in documentation (#494)
• Update installer to 3.0.6 (#499)

Bugfixes:

• Fix if InternalSubnets is updated (#496)

Development:

• Initial Github action workflows (#497)