v4.8.0
·
13 commits
to master
since this release
What's Changed
Improvements:
- Change show-long-connections to sort by total duration instead of longest duration by @Zalgo2462 in https://github.com/activecm/rita/pull/790
- Removal of connection count portion of beacon scoring and adjustment of skew by @lisaSW in https://github.com/activecm/rita/pull/792
- Duration Scoring Update by @lisaSW in https://github.com/activecm/rita/pull/793
- Update to bimodal portion of the histogram score by @lisaSW in https://github.com/activecm/rita/pull/794
Bug Fixes:
- Improve useragent aggregation runtime for datasets with many useragents by @Zalgo2462 in https://github.com/activecm/rita/pull/785
- Fix SSL and DNS log filtering by @Zalgo2462 in https://github.com/activecm/rita/pull/788
- Prevent crashing due to malformed IP addresses in Zeek logs by @lisaSW in https://github.com/activecm/rita/pull/791
- Don't filter internal -> internal DNS traffic by @Zalgo2462 in https://github.com/activecm/rita/pull/797
- Disable SNI connection analysis if SNI beacon analysis is disabled by @Zalgo2462 in https://github.com/activecm/rita/pull/798
- Only maintain one cid's worth of max scores in the host collection by @Zalgo2462 in https://github.com/activecm/rita/pull/801
Full Changelog: activecm/rita@v4.7.0...v4.8.0
Contributors
Zalgo2462 and lisaSW