Oriana
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals, and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments. Oriana was built using Python, the Django Web Framework, the Postgres database, and Bootstrap. The Windows Event exporting script was written in PowerShell. For more information on how Oriana works, visit the Wiki at https://github.com/mvelazc0/Oriana/wiki. To see Oriana in action, check the demos at https://github.com/mvelazc0/Oriana/wiki/Demos. Oriana was initially presented at Derbycon VII (https://www.youtube.com/watch?v=hVTkkkM9XDg) and released at the SANS Threat Hunting Summit (https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1536265369.pdf). Quick Start Guide: Prerequisites: On Windows, download & install Python 2.7 from https://www.python.org/downloads/ and download & install Postgres from https://www.postgresql.org/download/windows/. On Linux, run 'sudo apt-get install postgresql postgresql-contrib'. Installation: 'git clone https://github.com/mvelazc0/Oriana.git' and 'pip install -r Oriana/requirements.txt'.
FEATURES
ALTERNATIVES
Official repository of YARA rules for threat detection and hunting
Aggregates security threats from online sources and outputs to various formats.
RedEye is a visual analytic tool for enhancing Red and Blue Team operations.
CIFv3 is the next version of the Cyber Intelligence Framework, developed against Ubuntu16, encouraging users to transition from CIFv2.
QRadio is a tool/framework designed to consolidate cyber threats intelligence sources.
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
A repository to aid Windows threat hunters in looking for common artifacts.
Repository of Yara signatures for detecting targeted attacks on civil society organizations
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.