Oriana Logo

Oriana

0
Free
Visit Website

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals, and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments. Oriana was built using Python, the Django Web Framework, the Postgres database, and Bootstrap. The Windows Event exporting script was written in PowerShell. For more information on how Oriana works, visit the Wiki at https://github.com/mvelazc0/Oriana/wiki. To see Oriana in action, check the demos at https://github.com/mvelazc0/Oriana/wiki/Demos. Oriana was initially presented at Derbycon VII (https://www.youtube.com/watch?v=hVTkkkM9XDg) and released at the SANS Threat Hunting Summit (https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1536265369.pdf). Quick Start Guide: Prerequisites: On Windows, download & install Python 2.7 from https://www.python.org/downloads/ and download & install Postgres from https://www.postgresql.org/download/windows/. On Linux, run 'sudo apt-get install postgresql postgresql-contrib'. Installation: 'git clone https://github.com/mvelazc0/Oriana.git' and 'pip install -r Oriana/requirements.txt'.

FEATURES

ALTERNATIVES

A collection of public YARA signatures for various malware families.

SeaSponge is an accessible web-based threat modeling tool with a focus on accessibility, aesthetics, and intuitive user experience.

Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.

Real-time monitoring tool for newly issued SSL certificates.

Stixview is a JS library for embeddable interactive STIX2 graphs, aiming to bridge the gap between CTI stories and structured CTI snapshots.

In-depth analysis of real-world attacks and threat tactics

A framework for managing cyber threat intelligence in structured formats.

Tools to export data from MISP MySQL database for post-incident analysis and correlation.