IntelOwl
Cortex
Our great sponsors
IntelOwl | Cortex | |
---|---|---|
13 | 4 | |
3,103 | 1,249 | |
2.1% | 2.1% | |
9.6 | 4.9 | |
5 days ago | 3 months ago | |
Python | Scala | |
GNU Affero General Public License v3.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
IntelOwl
- Monthly Security Checklist
-
To GSoC and beyond...
Allowed bulk analysis of files as well as observables, leading to a more efficient workflow for IntelOwl users. #1032
-
IntelOwl 101
If you want to know how IntelOwl works and its underlying architecture visit their github and website
-
Threat detection
One thing I ran for a while was security onion and utilized port mirroring to mirror the uplink port from my primary switch to my LAN on my router, so I was catching anything coming into/out of my network destined for internet. I've also used ElastiFlow ( https://github.com/robcowart/elastiflow ) which is absolutely phenomenal and awesome, I did the same and it provides some great data. You could also leverage IntelOwl ( https://github.com/intelowlproject/IntelOwl ) , one thing I have added to all my VMs is a OSSEC agent, Wazuh to be specific which is free ( https://github.com/wazuh/wazuh ) and while I am not using it to its full potential such as monitoring file deletions/modifications etc it is a powerful tool.
- [Tool] Intel Owl new release v3.0.0 (FOSS threat intel solution)
- [Tool] Intel Owl v3.0.0, free and open source threat intelligence solution
- [FOSS] IntelOwl v2.3.0 is out!
- Intel Owl is an OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale (OS TIP)
-
IOCs Validation
https://github.com/intelowlproject/IntelOwl And MISP - however they both require a little bit of setup and such.
- Threat Intelligence
Cortex
-
Internal Threat Intel Database
TheHive Cortex might come in handy here:https://github.com/TheHive-Project/Cortex
-
Top 20 Open-source tools for every Blue Teamer
TheHive is a scalable 4-in-1 open source and free security incident response platform designed to make life easier for SOCs, CSIRTs, CERTs, and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. Thanks to Cortex, our powerful free and open-source analysis engine, you can analyze (and triage) observables at scale using more than 100 analyzers.
-
Looking for a web script dashboard solution
Basically, I am looking for something a bit like Cortex (screenshot), but for a generic and standalone use.
-
Launch HN: Opstrace (YC S19) – open-source Datadog
Thanks for the correction! You linked to the right Cortex, not to be confused with https://github.com/TheHive-Project/Cortex, haha. https://github.com/cortexproject/cortex is what we talk about. Naming is hard.
What are some alternatives?
TheHiveDocs - Documentation of TheHive
Kuiper - Digital Forensics Investigation Platform
intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
catalyst - Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes
PatrowlManager - PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
dfir-orc - Forensics artefact collection tool for systems running Microsoft Windows
dumpulator - An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
ThePhish - ThePhish: an automated phishing email analysis tool
pyintelowl - Robust Python SDK and Command Line Client for interacting with IntelOwl's API.
loki - Like Prometheus, but for logs.
opensquat - The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains.
opencti - Open Cyber Threat Intelligence Platform