Oriana Logo

Oriana

0
Free
Visit Website

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals, and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments. Oriana was built using Python, the Django Web Framework, the Postgres database, and Bootstrap. The Windows Event exporting script was written in PowerShell. For more information on how Oriana works, visit the Wiki at https://github.com/mvelazc0/Oriana/wiki. To see Oriana in action, check the demos at https://github.com/mvelazc0/Oriana/wiki/Demos. Oriana was initially presented at Derbycon VII (https://www.youtube.com/watch?v=hVTkkkM9XDg) and released at the SANS Threat Hunting Summit (https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1536265369.pdf). Quick Start Guide: Prerequisites: On Windows, download & install Python 2.7 from https://www.python.org/downloads/ and download & install Postgres from https://www.postgresql.org/download/windows/. On Linux, run 'sudo apt-get install postgresql postgresql-contrib'. Installation: 'git clone https://github.com/mvelazc0/Oriana.git' and 'pip install -r Oriana/requirements.txt'.

FEATURES

ALTERNATIVES

A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel

In-depth analysis of real-world attacks and threat tactics

Bearded Avenger is a cybersecurity tool with various integrations and deployment instructions available.

A robust Python implementation of TAXII Services with a friendly pythonic API.

Check if an IP address was used as a Tor relay on a given date.

A framework for managing cyber threat intelligence in structured formats.

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring.

DNSDumpster is a domain research tool for discovering and analyzing DNS records to map an organization's attack surface.