rita import: "value out of range" for the missed_bytes field

activecm / rita

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

https://www.activecountermeasures.com/free-tools/rita/

GNU General Public License v3.0

185 stars 22 forks source link

rita import: "value out of range" for the missed_bytes field #28

Open william-stearns opened 2 months ago

william-stearns commented 2 months ago

Customer report in ticket 1625 where rita import complains about "value out of range" for the missed_bytes field in conn.log . Customer has provided "rita507.txt" as the output lines of the import and sample input log file "conn_parseint_issue.txt" in TSV format. Zeek is claiming that the missed_bytes type is "count". The log file has multiple examples of missed_bytes values on the order of: 18446744073709546036 == ("18,446,744,073,709,546,036").

william-stearns commented 2 months ago

Note, the database is still created even with these warnings.