IntelOwl is an open-source threat intelligence management platform designed for large-scale analysis. It integrates various online analyzers and advanced malware analysis tools, providing comprehensive insights in one platform.
The creator of IntelOwl, Matteo Lodi, recognized the need for a solution to automate workflows and streamline threat intelligence data extraction and analysis. After searching for existing open-source tools that met their requirements, they decided to create one from scratch.
IntelOwl features a scalable platform with a GUI, REST APIs, and official client libraries. It integrates several online analyzers and cutting-edge malware analysis tools, allowing users to analyze digital artifacts, such as network artifacts, suspicious files, and correlate them together to construct a flow of analysis.
The platform includes inbuilt modules for static office document, RTF, PDF, PE file analysis, metadata extraction, strings deobfuscation, PE emulation, PE signature verification, and more. It also supports external services like Abuse.ch MalwareBazaar, GreyNoise v2, Intezer, VirusTotal v3, Crowdsec, URLscan, Shodan, AlienVault OTX, Intelligence_X, MISP, and more.
Future plans for IntelOwl include increasing support for the Investigation Framework, adding a granular search function, and exploring AI-based Chatbot integration. The platform is available for free on GitHub.
Source: https://www.helpnetsecurity.com/2024/08/14/intelowl-open-source-threat-intelligence-management/