v1.1.1

Changes:

• Make some commands periodically check for program updates #255
• Update Mongo version to 3.6 #248
• Add TravisCI test automation #250
• Updating manual install documentation #265

Config file:

• UserConfig section added to config file. This controls how often RITA checks for updates. In older versions where it doesn't exist it will default to 14 days.

v1.1.0

Changes:

• Activate bash tab autocomplete (#259)
• Adding error message if there's a problem with the RITA version number (#253)
• Allow Analysis While Importing Separate Data (for IPFIX ingest) (#260)

v1.0.3

Changes:

• Install script now configures Bro, starts Bro & Mongo, and configures Bro & Mongo to start at boot #245
• Corrected several spelling errors #246
• Removed unnecessary dependencies from install.sh #242

v1.0.2

Bug Fixes

• Resolved issue with printing ports in scan results #209

Changes

• Check for Mongo version >= 3.2 and < 3.7 #221
• Remove a feature that is incompatible with Mongo 3.7 #222
• Lower default import buffer to help with memory consumption when batch processing multiple datasets #220
• Added unit tests #214
• Switched out deprecated go-mgo/mgo package for globalsign/mgo #226
• Filter out beacons with fewer than 3 packets (e.g. prevent port scans from showing up as beacons) #231
• The installer will only install one specific version of RITA instead of getting the latest version #235

v1.0.1

This release is mainly an update to documentation and a change to the way the installer works.

Instead of installing Go and compiling RITA from scratch, the installer will pull a precompiled binary from Github as part of the install. This reduces a lot of the complexity and avoids having to install a development environment just to use RITA.

Because of this, you no longer need to clone the entire RITA repository. You can instead download the install.sh file from this release and run it. The script will take care of everything else.

The installer will also now avoid overwriting an existing configuration file. The new file will be saved next to it as config.yaml.new so that a user can manually migrate it over if needed.

Version 1 Release

Changelog

---

Improved Functionality

• Better error reporting
• Better support for parsing bro logs as they are normally created
  • Now, logs in the ImportDirectory will be placed in DBRoot
  • Logs in subdirectories of the ImportDirectory will be placed in "<DBRoot>-<subdir>"

New Functionality

• New data size metrics for beaconing
• Better blacklist support through rita-bl
  • Support for custom blacklists
• Support TLS and Authentication for MongoDB

Removed Functionality

• Removed UseDates / log splitting

Configuration Updates

• Removed several configuration values for MongoDB collections (table.yaml)
• Removed the DirectoryMap in the Bro config section
• Configuration now lies in /etc/rita
• Runtime files now lie in /var/lib/rita

Installer Updates

• New installer which should handle various edge cases
  • Install to /etc/rita, /var/lib/rita, and /usr/local/bin/rita
• Support installation on CentOS 7

Documentation

• Added a documentation folder for living documentation

Version 1 Beta Release

This beta release contains many breaking changes from previous RITA versions. This release should be feature stable for our upcoming v1.0.0 release. We've worked hard to combine all breaking changes into one release with the intention of keeping RITA more stable going forward. We highly recommend running the RITA installation on a fresh install of Ubuntu 16.04.

Version 1 Alpha 2 Release

Why Alpha-2?

We are consistently rolling out new features, squashing bugs, and planning the future of RITA. Currently, we are rapidly iterating on the framework. Due to this rapid development, breaking changes are constantly rolling out. Once the framework settles, version 1.0.0 will be released and RITA will follow semantic versioning.

Installation

From Source

• Follow these instructions
• Before running make install, run git checkout tags/v1.0.0-alpha2

Binary

The attached binary is built for AMD64 Linux.

How to install RITA using the binary.

• Download the binary
• chmod +x rita
• mkdir ~/.rita
• Download the config.yaml file
• mv config.yaml ~/.rita
• Edit the config file according to the README
• Ensure MongoDB is running

Example Run

NAME:
   rita - Look for evil needles in big haystacks.

USAGE:
   rita [global options] command [command options] [arguments...]

VERSION:
   v1.0.0-alpha2-0-g5321fb6

COMMANDS:
     analyze                 Analyze imported databases, if no [database,d] flag is specified will attempt all
     delete-database         Delete an imported database
     import                  Import bro logs into the database
     html-report             Write analysis information to html output
     reset-analysis          Reset analysis of one or more databases
     show-beacons            Print beacon information to standard out
     show-blacklisted        Print blacklisted information to standard out
     show-databases          Print the databases currently stored
     show-exploded-dns       Print dns analysis. Exposes covert dns channels.
     show-long-connections   Print long connections and relevant information
     show-scans              Print scanning information
     show-long-urls          Print the longest urls
     show-most-visited-urls  Print the most visited urls
     show-user-agents        Print user agent information
     test-config             Check the configuration file for validity
     help, h                 Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --help, -h     show help
   --version, -v  print the version

Version 1 Alpha Release

Calling this release alpha because we still have some new features to incorporate into version1.x.x.