Oriana
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals, and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments. Oriana was built using Python, the Django Web Framework, the Postgres database, and Bootstrap. The Windows Event exporting script was written in PowerShell. For more information on how Oriana works, visit the Wiki at https://github.com/mvelazc0/Oriana/wiki. To see Oriana in action, check the demos at https://github.com/mvelazc0/Oriana/wiki/Demos. Oriana was initially presented at Derbycon VII (https://www.youtube.com/watch?v=hVTkkkM9XDg) and released at the SANS Threat Hunting Summit (https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1536265369.pdf). Quick Start Guide: Prerequisites: On Windows, download & install Python 2.7 from https://www.python.org/downloads/ and download & install Postgres from https://www.postgresql.org/download/windows/. On Linux, run 'sudo apt-get install postgresql postgresql-contrib'. Installation: 'git clone https://github.com/mvelazc0/Oriana.git' and 'pip install -r Oriana/requirements.txt'.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
RedEye is a visual analytic tool for enhancing Red and Blue Team operations.
A cybersecurity tool with online demo, mailing list, and multiple installation methods.
A threat intelligence platform that collects, analyzes, and operationalizes threat data from multiple sources to help organizations identify and respond to security threats.
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
Provides breach and attack simulation products for security control validation, offering three different products to meet the needs of organizations of various sizes and maturity levels.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
A free threat intelligence feed and banlist feed of known malicious IP addresses for public use only.
Repository of Yara signatures for detecting targeted attacks on civil society organizations
Globally-accessible knowledge base of adversary tactics and techniques for cybersecurity.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.