Detecting Long Connections With Zeek/Bro and RITA
Summary
This article and accompanying video discuss using Zeek (formerly Bro) and RITA (Real Intelligence Threat Analytics) to detect long-duration network connections. The focus is on leveraging these tools for threat analysis, particularly in relation to DNS traffic.
IFF Assessment
FRIEND
The article provides insights into defensive tools and techniques that help security professionals identify potential threats on their networks.
Defender Context
Detecting long connections can be a crucial indicator of suspicious activity, such as data exfiltration or command-and-control communication. Understanding how to use tools like Zeek and RITA for this purpose is vital for network defenders.