search

activecm / rita

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
https://www.activecountermeasures.com/free-tools/rita/
GNU General Public License v3.0
189 stars 22 forks source link

Correct path to http_extensions_list.csv in docker-compose.yml #9

Closed joswr1ght closed 3 months ago

joswr1ght commented 3 months ago

Closes #8

rita (main) $ git diff
diff --git a/docker-compose.yml b/docker-compose.yml
index e95662e..988cffe 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,13 +4,13 @@ networks:
   rita-network: {}
 services:
   rita:
-    # image:
+    # image:
     build: .
     depends_on:
       - clickhouse
     volumes:
       - ${CONFIG_FILE:-/etc/rita/config.hjson}:/config.hjson
-      - ${CONFIG_DIR:-/etc/rita}/http_extensions_list.csv:/http_extensions_list.csv
+      - ${CONFIG_DIR:-/etc/rita}/http_extensions_list.csv:/deployment/http_extensions_list.csv
       - .env:/.env
       # - ${LOGS:?"You must provide a directory for logs to be read from"}:/logs:ro
     links:
@@ -62,4 +62,4 @@ services:
       nproc: 65535
       nofile:
         soft: 131070
-        hard: 131070
\ No newline at end of file
+        hard: 131070
rita (main) $ ./rita.sh import -l ~/wardrobe99logs -d wardrobe99
[+] Running 3/3
 ✔ Container syslog-ng    Running                                          0.0s
 ✔ Container clickhouse   Running                                          0.0s
 ✔ Container rita-rita-1  Started                                          0.3s
[+] Creating 2/0
 ✔ Container syslog-ng   Running                                           0.0s
 ✔ Container clickhouse  Running                                           0.0s
2024-07-30T10:53:18Z INF Initiating new import... dataset=wardrobe99 directory=/tmp/zeek_logs rebuild=false rolling=false started_at="2024-07-30 10:53:18.698700524 +0000 UTC m=+0.007713222"
2024-07-30T10:53:18Z INF [THREAT INTEL] Updating online feed... feed_url=https://feodotracker.abuse.ch/downloads/ipblocklist.txt
[-] Parsing:  /tmp/zeek_logs/conn.log.gz
[-] Parsing:  /tmp/zeek_logs/http.log.gz
[-] Parsing:  /tmp/zeek_logs/dns.log.gz
[-] Parsing:  /tmp/zeek_logs/ssl.log.gz
Log Parsing 🎉 ╢▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌╟ 4 / 4
2024-07-30T10:53:21Z INF Finished Parsing Logs! 🎉 elapsed_time=2.188931592s parsing_began=1722336799 parsing_finished=1722336801
...