Skip to content

v3.0.0-beta1

Pre-release
Pre-release
Compare
Choose a tag to compare
@ethack ethack released this 13 Mar 17:35
v3.0.0-beta1
56b205a

Changes:

  • Significant changes to the analysis engine.
  • Import and analyze are combined in a single step.
  • Introduced a rolling feature that allows continually importing new data into a dataset that keeps a fixed 24 hour view.
  • No longer store the original conn, dns, or http logs. This drastically reduces the size of the stored databases.
  • Added ssl and x509 parsing (#369)
  • Added support for ja3 hashes as a client identifier.
  • Added ssl/tls certificate analysis.

Already in master

  • Install ja3 module into Bro as part of the Rita installer. (#384)
  • Add a --disable-rita command line option. (#392)
  • Enable SSL certificate logging (#393)

Still to be done:

  • Update documentation
  • More testing to ensure this is stable
Assets 4