Black Hills Information Security has introduced an open source security vulnerability analysis tool called RITA (Real Intelligence Threat Analytics) as described below

https://isc.sans.edu/forums/diary/Using+RITA+for+Threat+Analysis/23926/

https://www.blackhillsinfosec.com/

I installed and tested this open source framework called Real Intelligence Threat Analytics (RITA) that was recently updated against my BRO logs.  “This open source project, born from Black Hills Information Security, is now developed, funded and supported by Active CounterMeasures”. A full description of RITA’s capabilities and the code is available here.  I used the automated script (install.sh) with CentOS 7 which I download from here. The installation is straight forward and it verified my setup to make sure everything is installed on my box. It supports some interesting features such as:

1. Beaconing Detection
2. DNS Tunneling Detection
3. Blacklist Checking
4. URL Length Analysis
5. Scanning Detection