activecm / rita-legacy

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
GNU General Public License v3.0
2.51k stars 362 forks source link

No Local Network Traffic #769

Open eswanso2 opened 1 year ago

eswanso2 commented 1 year ago

[!] No Host data to analyze [!!] No local network traffic found, please check InternalSubnets in your RITA config (/etc/rita/config.yaml) [!] No Uconn data to analyze [!!] No local network traffic found, please check InternalSubnets in your RITA config (/etc/rita/config.yaml)

This returned after importing Zeek logs into Rita, has been working perfectly up until recently. Checked the InternalSubnets in config and they haven't changed

caffeinatedpixel commented 1 year ago

Hello, What version of rita are you using? Is FilterExternalToInternal set to true in /etc/rita/config.yaml?

eswanso2 commented 1 year ago

Looks like the FilterExternalToInternal is set to false

running v4.5.1