IntelOwl
ElastiFlow
IntelOwl | ElastiFlow | |
---|---|---|
13 | 31 | |
3,111 | 2,311 | |
0.9% | - | |
9.8 | 4.1 | |
5 days ago | over 2 years ago | |
Python | Shell | |
GNU Affero General Public License v3.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
IntelOwl
- Monthly Security Checklist
-
To GSoC and beyond...
Allowed bulk analysis of files as well as observables, leading to a more efficient workflow for IntelOwl users. #1032
-
IntelOwl 101
If you want to know how IntelOwl works and its underlying architecture visit their github and website
-
Threat detection
One thing I ran for a while was security onion and utilized port mirroring to mirror the uplink port from my primary switch to my LAN on my router, so I was catching anything coming into/out of my network destined for internet. I've also used ElastiFlow ( https://github.com/robcowart/elastiflow ) which is absolutely phenomenal and awesome, I did the same and it provides some great data. You could also leverage IntelOwl ( https://github.com/intelowlproject/IntelOwl ) , one thing I have added to all my VMs is a OSSEC agent, Wazuh to be specific which is free ( https://github.com/wazuh/wazuh ) and while I am not using it to its full potential such as monitoring file deletions/modifications etc it is a powerful tool.
- [Tool] Intel Owl new release v3.0.0 (FOSS threat intel solution)
- [Tool] Intel Owl v3.0.0, free and open source threat intelligence solution
- [FOSS] IntelOwl v2.3.0 is out!
- Intel Owl is an OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale (OS TIP)
-
IOCs Validation
https://github.com/intelowlproject/IntelOwl And MISP - however they both require a little bit of setup and such.
- Threat Intelligence
ElastiFlow
- NETFLOW .. NTOPNG how to ?
- Seaching for How To install Elastiflow
-
Into my 6th year of this ... hobby?
As a matter of fact, I played with the now deprecated Elastiflow, however I couldn't get my head around managing ELK, scrapped it pretty quickly, and Netflow did not reach the meaningful stage at that time. OpenNMS looks pretty massive that I can't run it at the moment. Thanks for suggestion though.
-
Threat detection
One thing I ran for a while was security onion and utilized port mirroring to mirror the uplink port from my primary switch to my LAN on my router, so I was catching anything coming into/out of my network destined for internet. I've also used ElastiFlow ( https://github.com/robcowart/elastiflow ) which is absolutely phenomenal and awesome, I did the same and it provides some great data. You could also leverage IntelOwl ( https://github.com/intelowlproject/IntelOwl ) , one thing I have added to all my VMs is a OSSEC agent, Wazuh to be specific which is free ( https://github.com/wazuh/wazuh ) and while I am not using it to its full potential such as monitoring file deletions/modifications etc it is a powerful tool.
- Linux Network Traffic Monitor
-
Monitoring all inter-VLAN traffic on 9410 switch?
I'd recommend taking a look at Elastiflow (link is to the legacy version, I haven't used the pay structured tier version that replaced it) as a flow collector. Do it in a docker container, dump netflow to it, and use a sample rate that doesn't fill your collector box with flow packets after a single day. Depends on your traffic rates. We use 1 out of 250 for our rate.
-
Netflow bit rate and Interface Bit Rate
https://github.com/robcowart/elastiflow/issues/201 https://github.com/robcowart/elastiflow/issues/52
- Network Traffic visualization
- ElastiFlow help
-
Installation help, almost there.
Where as the newer version is (https://github.com/robcowart/elastiflow/) is called:
What are some alternatives?
Cortex - Cortex: a Powerful Observable Analysis and Active Response Engine
ntopng - Web-based Traffic and Security Network Traffic Monitoring
TheHiveDocs - Documentation of TheHive
pfelk - pfSense/OPNsense + Elastic Stack
intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
LibreNMS - Community-based GPL-licensed network monitoring system
PatrowlManager - PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Netdata - The open-source observability platform everyone needs
dumpulator - An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
loki - Like Prometheus, but for logs.
pyintelowl - Robust Python SDK and Command Line Client for interacting with IntelOwl's API.
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.