v3.0.0-beta1
Pre-release
Pre-release
Changes:
- Significant changes to the analysis engine.
- Import and analyze are combined in a single step.
- Introduced a rolling feature that allows continually importing new data into a dataset that keeps a fixed 24 hour view.
- No longer store the original conn, dns, or http logs. This drastically reduces the size of the stored databases.
- Added ssl and x509 parsing (#369)
- Added support for ja3 hashes as a client identifier.
- Added ssl/tls certificate analysis.
Already in master
- Install ja3 module into Bro as part of the Rita installer. (#384)
- Add a --disable-rita command line option. (#392)
- Enable SSL certificate logging (#393)
Still to be done:
- Update documentation
- More testing to ensure this is stable