Skip to content
OS X Strata builds upon Yelps OSXCollector, providing a user interface to analyze data collected from a potentially compromised system.
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.meteor Add version of synced-cron Apr 17, 2017
client - Added percolate:synced-cron package to handle crons, Jan 27, 2016
lib Initial Commit Dec 18, 2015
public Initial Commit Dec 18, 2015
scripts - Added percolate:synced-cron package to handle crons, Jan 27, 2016
server - Added percolate:synced-cron package to handle crons, Jan 27, 2016
LICENSE Initial commit Oct 21, 2015
README.md Update README.md Dec 19, 2015
doom.json
osxstrata.linux.tar.gz Initial Commit Dec 18, 2015
osxstrata.osx.tar.gz Initial Commit Dec 18, 2015

README.md

osxstrata

OS X Strata builds upon Yelps OSXCollector(http://yelp.github.io/osxcollector/), providing a user interface to analyze data collected from a potentially compromised system.

Currently there are two ways that you can run OSXStrata.

  1. Run from the git directory. - Quick and easy.
  2. Run as an application.

We are working on a thrid option a docker container. We hope to have that done in the next couple of weeks.

This probably goes without saying but this app should only be used internally.

Pre Installation Checklist

  1. Xcode is needed if you plan to use git to clone the project code. <-OS X only obviously.

  2. pip (package manger) needs to be installed.

sudo easy_install pip
  1. Install required python modules
sudo pip install pymongo (2.8 required)
sudo pip install requests 
sudo pip install simplejson
Install Meteor
	-> curl https://install.meteor.com/ | sh

1. Running from the git directory.

OS X & Linux

git clone <insert git repo>
export PATH_TO_SCRIPTS=<path> MONGO_CONNECT=mongodb://localhost:3001/
meteor run

2. Run as an application.

OS X BUILD APP Option 1: Ensure pre-installation checklist is done.

meteor build osxstrata
cd osxstrata
mv osxstrata.tar.gz ~/dirctoryofchoice
tar -xvf osxstrata.tar.gz

The uncompressed file should create a directory called bundle.

Build APP Option 2: Instead of creating the tar file you can download it from the git repo.

tar -xvf osxstrata.tar.gz

The uncompressed file should create a directory called bundle.

Installing NODE and MONGO

Node: Download and install: https://nodejs.org/dist/v0.10.40/node-v0.10.40.pkg

Mongo: Follow these Instructions: https://docs.mongodb.org/v3.0/tutorial/install-mongodb-on-os-x/

Add /mongodb/bin to full path

sudo vim /etc/paths
	/Users/<user>/mongodb/bin

Start mongodb

mongod --port 3001

Change to the bundle directory you created earlier.

cd <bundle>/programs/server
npm install

Start the app

cd bundle
env PORT=3000 PATH_TO_SCRIPTS=<path> MONGO_CONNECT=mongodb://localhost:3001/ ROOT_URL=http://localhost MONGO_URL=mongodb://localhost:3001/meteor node main.js

Linux Build APP Option 1: Ensure pre-installation checklist is done.

meteor build osxstrata
cd osxstrata
mv osxstrata.tar.gz ~/directoryofchoice
tar -xvf osxstrata.tar.gz

The uncompressed file should create a directory called bundle.

BUILD APP Option 2: Instead of creating the tar file you can download it from the git repo.

tar -xvf osxstrata.tar.gz

The uncompressed file should create a directory called bundle.

Installing NODE and MONGO

Node:

wget http://nodejs.org/dist/v0.10.40/node-v0.10.40-linux-x64.tar.gz
tar -xvf node-v0.10.40-linux-x64.tar.gz
cd node-v0.10.40-linux-x64/lib/node_modules/npm/
./configure
make install

Follow instructions here: https://docs.mongodb.org/v3.0/tutorial/install-mongodb-on-red-hat/

Start Mongo: edit mongo conf change port to 3001

sudo vim /etc/mongod.conf
service mongod start

TO START APP:

	cd bundle
	env PORT=3000 PATH_TO_SCRIPTS=<path> MONGO_CONNECT=mongodb://localhost:3001/ ROOT_URL=http://localhost MONGO_URL=mongodb://localhost:3001/meteor node main.js

Other:


PATH_TO_SCRIPTS will be where ever you put the scripts folder.


Link to Sign up for IBM X-Force Threat Exchange https://www.ibm.com/account/profile/us?page=reg

Sign up for Public VirusTotal API https://www.virustotal.com/


USAGE:

OSXCollector json file can be imported from the UI or CLI.

export MONGO_CONNECT=mongodb://localhost:3001/ PATH_TO_SCRIPTS=/full/path/osxstrata/scripts/

python scripts/strata -h 

-a  	 Import Json File and Run Analysis
 		 -a <Path to File>

-n  	 Import Json File
 	 	 -n <Path to File>

-r  	 Remove all imported data from Project Collection
-ri 	 Remove a specific incident from Project Collection
  		 -ri <osxcollector_incident_id>

--virusTotal  	 Send either hash or domain/url to VirusTotal API
  		 --virusTotal --hash <md5>
 		 --virusTotal <domain/url>

--ibmXforce  	 Send either hash or domain/url to IBM Xforce API
  		 --ibmXforce --hash <md5>
 		 --ibmXforce <domain/url>

-h This Help Menu

Example

python scripts/strata.py -a doom.json
You can’t perform that action at this time.