intelowlproject/intelowl_nginx Docker Image Overview

intelowlproject/intelowl_nginx

intelowlproject

IntelOwl Nginx custom build

下载次数: 0状态：社区镜像维护者：intelowlproject仓库类型：镜像最近更新：1 天前

![GitHub release (latest by date)]([] ![GitHub Repo stars]([] ![Docker]([] ![ Follow]([] ![Linkedin]([] ![Official Site]([] ![Live Instance]([]

![Ruff]([] ![CodeQL]([] ![Dependency Review]([] ![Build & Tests]([] ![DeepSource]([] ![OpenSSF Scorecard]([] ![OpenSSF Best Practices]([***]

Intel Owl

Do you want to get threat intelligence data about a malware, an IP address or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request?

You are in the right place!

IntelOwl is an Open Source solution for management of Threat Intelligence at scale. It integrates a number of analyzers available online and a lot of cutting-edge malware analysis tools.

Features

This application is built to scale out and to speed up the retrieval of threat info.

It provides:

Enrichment of Threat Intel for files as well as observables (IP, Domain, URL, hash, etc).
A Fully-fledged REST APIs written in Django and Python.
An easy way to be integrated in your stack of security tools to automate common jobs usually performed, for instance, by SOC analysts manually. (Thanks to the official libraries pyintelowl and go-intelowl)
A built-in GUI: provides features such as dashboard, visualizations of analysis data, easy to use forms for requesting new analysis, etc.
A framework composed of modular components called Plugins:
- analyzers that can be run to either retrieve data from external sources (like VirusTotal or AbuseIPDB) or to generate intel from internally available tools (like Yara or Oletools)
- connectors that can be run to export data to external platforms (like MISP or OpenCTI)
- pivots that are designed to trigger the execution of a chain of analysis and connect them to each other
- visualizers that are designed to create custom visualizations of analyzers results in the GUI
- ingestors that allow to automatically ingest stream of observables or files to IntelOwl itself
- playbooks that are meant to make analysis easily repeatable
- data models to map the different data extracted from analyzers to a single common schema
- artifacts that are representations of observables or files that can be analyzed multiple times for different evaluations
- user events that allow users to add custom evaluation or additional info to any artifact
A starting point for analysts' Investigations: users can register their findings, correlate the information found, and collaborate...all in a single place

Documentation

We try hard to keep our documentation well written, easy to understand and always updated. All info about installation, usage, configuration and contribution can be found here

Publications and Media

To know more about the project and its growth over time, you may be interested in reading the official blog posts and/or videos about the project by clicking on this link

Available services or analyzers

You can see the full list of all available analyzers in the documentation.

Type	Analyzers Available
Inbuilt modules	- Static Office Document, RTF, PDF, PE, ELF, APK File Analysis and metadata extraction - Strings Deobfuscation and analysis (FLOSS, Stringsifter, ...) - Yara, ClamAV (a lot of public rules are available. You can also add your own rules) - PE Emulation with Qiling and Speakeasy - PE Signature verification - PE Capabilities Extraction (CAPA and Blint) - Javascript Emulation (Box-js) - Android Malware Analysis (Quark-Engine, Androguard, Mobsf, ...) - SPF and DMARC Validator - PCAP Analysis with Suricata and Hfinger - Honeyclients (Thug, Selenium) - Scanners (WAD, Nuclei, ...) - more...
External services	- Abuse.ch MalwareBazaar/URLhaus/Threatfox/YARAify - GreyNoise v2 - Intezer - VirusTotal v3 - Crowdsec - URLscan - Shodan - AlienVault OTX - Intelligence_X - MISP - many more..

Type

Analyzers Available

Inbuilt modules

- Static Office Document, RTF, PDF, PE, ELF, APK File Analysis and metadata extraction
- Strings Deobfuscation and analysis (FLOSS, Stringsifter, ...)
- Yara, ClamAV (a lot of public rules are available. You can also add your own rules)
- PE Emulation with Qiling and Speakeasy
- PE Signature verification
- PE Capabilities Extraction (CAPA and Blint)
- Javascript Emulation (Box-js)
- Android Malware Analysis (Quark-Engine, Androguard, Mobsf, ...)
- SPF and DMARC Validator
- PCAP Analysis with Suricata and Hfinger
- Honeyclients (Thug, Selenium)
- Scanners (WAD, Nuclei, ...)
- more...

External services

- Abuse.ch MalwareBazaar/URLhaus/Threatfox/YARAify
- GreyNoise v2
- Intezer
- VirusTotal v3
- Crowdsec
- URLscan
- Shodan
- AlienVault OTX
- Intelligence_X
- MISP
- many more..

Partnerships and ***

As open source project maintainers, we strongly rely on external support to get the resources and time to work on keeping the project alive, with a constant release of new features, bug fixes and general improvements.

Because of this, we joined Open Collective to obtain US and EU non-profit equal level status which allows the organization to receive and manage ***s transparently and with tax exemption. Please support IntelOwl and all the community by choosing a plan (BRONZE, SILVER, etc).

Certego

Certego is a MDR (Managed Detection and Response) and Threat Intelligence Provider based in Italy.

IntelOwl was born out of Certego's Threat intelligence R&D division and is mostly maintained and updated thanks to them.

The Honeynet Project

The Honeynet Project is a non-profit organization working on creating open source cyber security tools and sharing knowledge about cyber threats.

Thanks to Honeynet, we are hosting a public demo of the application here. If you are interested, please contact a member of Honeynet or an IntelOwl maintainer to get access to the public service.

Google Summer of Code

Since its birth this project has been participating in the Google Summer of Code (GSoC)!

If you are interested in participating in the next Google Summer of Code, check all the info available in the dedicated repository!

Docker

In 2021 IntelOwl joined the official Docker Open Source Program. This allows IntelOwl developers to easily manage Docker images and focus on writing the code. You may find the official IntelOwl Docker images here.