Giters

zaneGittins / go-exa-rita

Project to integrate RITA with Exabeam via uploading RITA results to context tables via the Exabeam API.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

go-exa-rita

This is a project to integrate RITA, Sysmon, and Exabeam by uploading results from the rita-beacons command to an Exabeam Advanced Analytics context table.

RITA outputs results in CSV format, this integration reads that CSV and replaces the content of a context table with the results. That context table can the be used in Advanced Analytics rules to correlate RITA beacons and Sysmon network connection events (event ID 3).

Installation

Prerequisites

  • Zeek installed.
  • RITA installed.
  • Exabeam Advanced Analytics configured and ingesting Sysmon network events.
    • An Exabeam AA user with the "manage context tables" permission.
    • A new key only context table, for example rita-beacons.

To run the automatic installer run the following commands:

wget https://github.com/zaneGittins/go-exa-rita/releases/download/v0.0.1/install.sh
chmod +x install.sh
./install.sh

Once the installer has completed modify the config file at /etc/upload-to-exabeam/config.ini

ezoic increase your site revenue

About

Project to integrate RITA with Exabeam via uploading RITA results to context tables via the Exabeam API.

License:GNU General Public License v3.0

Languages

Language:Shell 82.4%Language:Go 17.6%