v4.7.0
Changes:
- Improved beacon scoring algorithms by filtering out bursty connections (https://github.com/activecm/rita/pull/773, https://github.com/activecm/rita/pull/774)
- Deployed the beaconing algorithm introduced in the IP beacons module in v4.6.0 to the Web beacons module (https://github.com/activecm/rita/pull/774)
- Deployed the beaconing algorithm introduced in the IP beacons module in v4.6.0 to the Proxy beacons module (#778)
- Added filter to drop proxied traffic which is entirely on the internal network (https://github.com/activecm/rita/pull/765)
- Added
rita cleancommand to remove RITA datasets without MetaDB entries (https://github.com/activecm/rita/pull/763, #780) - Removed FQDN Beacons module due to poor performance (https://github.com/activecm/rita/pull/771)
- Removed per-host DNS command and control analysis due to overflowing document sizes (https://github.com/activecm/rita/pull/762)
- Added better error reporting to the install script. Removed support for Ubuntu 18 and Debian 10. (#776)
Bug Fixes:
- Stop host aggregation phase if there aren't any local hosts (https://github.com/activecm/rita/pull/761)
- Check if a max analysis subdocument has already been inserted into the target host's
datcollection before updating or inserting (https://github.com/activecm/rita/pull/764) - Fix strobes from overflooding database documents when strobing is cumulative (https://github.com/activecm/rita/pull/767)
- Ensure bulk writes don't break 16MB limit (https://github.com/activecm/rita/pull/770)