RITA
Real Intelligence Threat Analytics: ingest Zeek logs to score beaconing, long connections, blacklisted DNS, and lateral patterns.
Why it is included
Standard open companion to Zeek for finding C2-style network behavior without signature-only IDS.
Best for
Hunters and IR teams already exporting Zeek conn/DNS/http datasets.
Strengths
- Beaconing analytics
- Zeek-native
- CLI + UI options
Limitations
- Quality follows Zeek coverage and log fidelity
Good alternatives
Elastic ML jobs · commercial NDR analytics
Related tools
Security & Privacy
Zeek
Network security monitor producing rich logs (conn, DNS, HTTP, SSL, files) for analytics—not a classic IDS signature engine.
Security & Privacy
Arkime
Large-scale full packet capture, indexing, and search (SPIE) with a web UI—successor to the Moloch lineage for NSM teams.
Security & Privacy
Sigma
Generic signature format for SIEM/detection rules convertible to Splunk, Elastic, KQL, and many backends.
Security & Privacy
Wireshark
Network protocol analyzer for deep packet inspection and forensic debugging.
Security & Privacy
bettercap
Network attack framework: Wi-Fi, BLE, LAN recon, ARP/DNS spoofing, proxy, and modular caplets.
Security & Privacy
YARA
Pattern matching for malware researchers—rules over files, memory, and streams in IR pipelines.