CRITs – Collaborative Research Into Threats
Collaborative Research Into Threats (CRITs) is a web-based tool which combines an analytic engine with a cyber threat database that not only serves as a repository for attack data and malware, but also provides analysts with a powerful platform for conducting malware analyses, correlating malware, and for targeting data. These analyses and correlations can also be saved and exploited within CRITs. CRITs employs a simple but very useful hierarchy to structure cyber threat information. This structure gives analysts the power to ‘pivot’ on metadata to discover previously unknown related content.
Installation
CRITs is designed to work on a 64-bit architecture of Ubuntu or RHEL6 using Python 2.7. The installation has beta support for OSX using Homebrew. It is also possible to install CRITs on CentOS.
CRITs come with a bootstrap script which will help you:
- Install all of the dependencies.
- Configure CRITs for database connectivity and your first admin user.
- Get MongoDB running with default settings.
- Use Django’s runserver to quickly get you up and running with the CRITs interface.
Clone the repo
git clone https://github.com/crits/crits.git
Just run the following:
sh script/bootstrap
Once you’ve run bootstrap once, do not use it again to get the runserver going, you’ll be going through the install process again. Instead, use the server script:
sh script/server
Usage
“What is CRITs?” The simplest answer is that CRITs is a system designed to house vast quantities of threat data. To expand on that, it is a system that allows you to import and generate rich metadata related to threats and threat defense. From there you can discover important data necessary for defending your network, feed that data through Services to enhance the richness of that data, discover correlations between existing data you never realized before, or export that data for sharing with other people/organizations.
The Login Screen
You are most likely staring at a screen that looks like this:
If you aren’t and seem to be logged in it is possible your Admin has enabled Remote User Authentication and it has passed along your credentials for CRITs to authenticate you with.
- Enter your username in the Username field.
- Enter your password in the Password field.
CRITs supports basic authentication as well as LDAP authentication. Contact your admin to determine how they’ve configured the system and what you should be logging in with. CRITs come with the capability to use TOTP authentication. When logging in for the first time, you’ll most likely not have this enabled or you haven’t set it up yet. Follow the instructions on the login page for your situation.
Copyright (c) 2016, The MITRE Corporation. All rights reserved.