X hits on this document

141 views

0 shares

0 downloads

0 comments

8 / 47

Orion Incident Response Live CD

7

4.9. Palantir

Palantir is a product of Palantir Technologies. The original inspiration for Palantir was Incident 216 as documented in the original Palantir report (Khurana, Basney, Bakht, Freemon, Welch, & Butler, 2009). Palantir appears to be a very excellent analysis and collaboration platform, but is not based on bootable media and is not an open source framework.

5. What is Orion?

Orion is a customized version of BackTrack 4 that adds tools to support the secure collaboration, incident tracking, and analysis goals of the project. BackTrack was chosen as the base for Orion because it is a respected Linux-based security distribution that comes pre-installed with a number of security tools. Since BackTrack 4 is now based on Ubuntu Linux, it is easy to customize using the aptitude installer and install using tools such as remastersys and ubiquity (Ubuntu Home Page, 2010).

The packages listed in Appendix B were removed because they are intended primarily as attack tools. Other tools have been added to support the analysis and collaboration goals. These full list of tools added to create Orion are listed in Appendix A. Some of the more important ones include:

Collaboration Tools: o Citadel: o ssvnc: o X11vnc: Case Tracking: o Incident Response Questionnaire (custom): A web-based form to gather details, help triage, build the team, and create complete and feature-rich groupware server VNC viewer sessions tunneled over SSH/SSL VNC server for real X displays

a new incident ticket

  • o

    RTIR:

Network Analysis:

  • o

    argus:

Request Tracker for Incident Response

IP Network transaction auditing tool

John Jarocki, john.jarocki@gmail.com

Document info
Document views141
Page views142
Page last viewedWed Dec 07 20:37:44 UTC 2016
Pages47
Paragraphs864
Words8806

Comments