Intel Owl - Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale
IntelOwl was designed with the intent to help the community, in particular those researchers that can not afford commercial solutions, in the generation of threat intelligence data, in a simple, scalable and reliable way.
Intel Owl is composed of analyzers that can be run to retrieve data from external sources (like VirusTotal or AbuseIPDB) or to generate intel from internal analyzers (like Yara or Oletools)
This solution is for everyone who needs a single point to query for info about a specific file or observable (domain, IP, URL, hash).
This application is built to scale out and to speed up the retrieval of threat info.
It can be integrated easily in your stack of security tools to automate
common jobs usually performed, for instance, by SOC analysts manually.
Main features:
- Full django-python application
- Customizable, both the APIs and the analyzers
- clone the project, and ready to run on docker
- It has dashboard, visualizations of analysis data, and forms for requesting new analysis, etc.
Links:
- https://intelowl.readthedocs.io/en/latest/Introduction.html
- https://github.com/intelowlproject/pyintelowl
- https://www.kitploit.com/2020/08/intel-owl-analyze-files-domains-ips-in.html