Oriana Logo

Oriana

0
Free
Visit Website

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals, and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments. Oriana was built using Python, the Django Web Framework, the Postgres database, and Bootstrap. The Windows Event exporting script was written in PowerShell. For more information on how Oriana works, visit the Wiki at https://github.com/mvelazc0/Oriana/wiki. To see Oriana in action, check the demos at https://github.com/mvelazc0/Oriana/wiki/Demos. Oriana was initially presented at Derbycon VII (https://www.youtube.com/watch?v=hVTkkkM9XDg) and released at the SANS Threat Hunting Summit (https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1536265369.pdf). Quick Start Guide: Prerequisites: On Windows, download & install Python 2.7 from https://www.python.org/downloads/ and download & install Postgres from https://www.postgresql.org/download/windows/. On Linux, run 'sudo apt-get install postgresql postgresql-contrib'. Installation: 'git clone https://github.com/mvelazc0/Oriana.git' and 'pip install -r Oriana/requirements.txt'.

FEATURES

ALTERNATIVES

AbuseHelper is an open-source framework for receiving and redistributing abuse feeds and threat intel.

A community-driven list of sample security analytics for auditing cloud usage and detecting threats in Google Cloud.

Aggregator of FireHOL IP lists with HTTP-based API service and Python client package.

CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.

Automated framework for collecting and processing samples from VirusTotal with YARA rule integration.

Collection of Yara rules for file identification and classification

CLI tool for ThreatCrowd.org with multiple query functions.

In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.

PINNED