Intel Owl Release v1.0.0
05 Jul 2020 Eshaan Bansal intelowl threatintel featured
Intel Owl is an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale. It integrates a number of analyzers available online and is for everyone who needs a single point to query for info about a specific file or observable.
Born at the start of 2020 (announcement), this fresh and new tool was accepted as part of the Google Summer of Code under The Honeynet Project. Great improvements have been developed since the start of this project.
With the release of version 1.0.0, we are excited to announce a completely new and revamped web interface and some new features in our API to help you better manage your threat intelligence data.
Sneak peek of some features from the new web interface:
- Want to get threat intelligence data quick without having to wait for the entire analysis to end ? We got you covered! With the new interface, requesting a malware/observable scan is a breeze with just a few clicks and as a bonus, you can go through the result as it keeps getting updated from our API in background.
Request new scan and view Job result instantly (See It In Action)
As you can see here, one can now add specific and custom tags to a new analysis. This helps you group different scans together and differentiate between them.
- A dashboard to display different visualizations of analysis data, with the following features:
- Tabular view of all analysis jobs which can be filtered, sorted or searched through.
- Pie charts for visualizing analysis data on the basis of status, observable_classification and file_mimetype.
- Clicking on any slice on the Pie Chart will filter the jobs list based on the selected classification.
- You can also choose to view analysis having a particular tag.
Dashboard (See It In Action)
- Intel Owl’s query power comes from the many (80+ and growing) different analyzers (external or internal) that are seamlessly integrated into the core API. Ofcourse, with this comes the issue of managing them - so we have made it easy for you.
You can view the list of all analyzers along with their use-case and supported types in a tabular view which can be filtered, sorted or searched through. Along with this, there’s also a dendrogram tree view inspired by https://osintframework.com/.
Our motive is that the layman can easily understand and use the API in a way that prevents him/her from gathering noise and speed up threat intelligence operations in their organization.
Analyzers Configuration (See It In Action)
- Different themes for different times of the day ? We understand. Switch between dark and light themes in a single click without the need of refreshing the page.
Theme Switcher (See It In Action)
And we were saving the best part for the last - this new web interface comes with no extra configuration on your side, it’s lightweight and built-in to the core application.
Not impressed ? More of a backend/ Show me the code person ?
- Intel Owl now supports new analyzers such as,
- Team Cymru Hash analyzer
- Tranco Domain Rank
- Cloudflare DNS over HTTPS Malware check
- Yara Scan with McAfee public rules
- You can now choose the retention days for old jobs from the config environment variables.
- We care about your security therefore now using JSON Web Tokens (JWT) for authentication with periodical refresh and blacklisting. They can be easily managed from the inbuilt admin interface. And of course, the PyIntelOwl Client and the web interface take care of automatically refreshing the tokens for you.
We suggest you to try the application! It’s easy and fast, just follow the step-by-step instructions and, in a few minutes, you can get it running on your machine.
We are continuously working on under-the-hood improvements and optimizations and always looking for more contributors and feedback.
Don’t like something ? Need help ? Create an issue on the GitHub page and we will look into it.
Looking to contribute to Open Source ? Here’s the list of beginner-friendly issues and the documentation on how to contribute.