Download
IntelOwl is an open source platform designed to manage and enrich threat intelligence data at scale. It provides a centralized environment where security analysts can gather information about suspicious files and observables such as IP addresses, domains, URLs, or hashes using a single API request. The platform integrates numerous online intelligence sources and advanced malware analysis tools, enabling users to obtain comprehensive threat intelligence without manually querying multiple services. IntelOwl was created to automate repetitive investigation tasks typically performed by security operations center (SOC) analysts, helping teams focus on deeper analysis and incident response. The system features a modular architecture built around plugins that allow new analyzers, connectors, and integrations to be added easily. These plugins can collect data from external intelligence platforms or generate insights using internal analysis tools such as YARA or static malware analyzers.
Features
- Threat intelligence enrichment for files and observables such as IPs, domains, URLs, and hashes
- Single API interface that queries multiple intelligence sources simultaneously
- Modular plugin architecture supporting analyzers, connectors, pivots, visualizers, and playbooks
- Integration with external services like VirusTotal, AlienVault OTX, AbuseIPDB, and more
- Web-based GUI dashboard for submitting analysis jobs and visualizing results
- Automation capabilities for common SOC workflows through REST APIs and client libraries
Project Samples
