Oriana Logo

Oriana

0
Free
Visit Website

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals, and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments. Oriana was built using Python, the Django Web Framework, the Postgres database, and Bootstrap. The Windows Event exporting script was written in PowerShell. For more information on how Oriana works, visit the Wiki at https://github.com/mvelazc0/Oriana/wiki. To see Oriana in action, check the demos at https://github.com/mvelazc0/Oriana/wiki/Demos. Oriana was initially presented at Derbycon VII (https://www.youtube.com/watch?v=hVTkkkM9XDg) and released at the SANS Threat Hunting Summit (https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1536265369.pdf). Quick Start Guide: Prerequisites: On Windows, download & install Python 2.7 from https://www.python.org/downloads/ and download & install Postgres from https://www.postgresql.org/download/windows/. On Linux, run 'sudo apt-get install postgresql postgresql-contrib'. Installation: 'git clone https://github.com/mvelazc0/Oriana.git' and 'pip install -r Oriana/requirements.txt'.

FEATURES

ALTERNATIVES

msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks with extensive functionality for log data analysis, threat intelligence enrichment, and visualization.

SecurityTrails API provides access to a vast repository of historical DNS lookups, WHOIS records, hostnames, and domains for cyber forensics and investigations.

Scan files with Yara, match findings to VirusTotal comments.

Repository of YARA rules for identifying and classifying malware.

Collect various intelligence sources for hosts in CSV format.

Maltiverse automates Threat Intelligence for small and medium-sized SecOps teams, providing an effective and affordable service.

VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.

Stixview is a JS library for embeddable interactive STIX2 graphs, aiming to bridge the gap between CTI stories and structured CTI snapshots.