Threat intelligence management with one API to query many sources and analysis tools at once
- Stars4.6k
- Forks644
- Open Issues68
AGPL-3.0
- Python
- JavaScript
- Shell
About IntelOwl
IntelOwl manages threat intelligence at scale. It gathers data about files and observables such as IPs, domains, URLs, and hashes, so analysts can enrich an indicator from many sources with a single API request instead of querying each service by hand.
A Django and Python REST API and a built-in GUI with dashboards drive the work, backed by a modular plugin framework. Analyzers, connectors, pivots, visualizers, ingestors, and playbooks let teams run analyses, export results, chain jobs, and replay whole investigations.
It is self-hosted, with official Docker images for quick deployment and a public demo to try first. Plugins make it straightforward to wire in new services or in-house tooling as an investigation grows.
Key features
- Enriches threat intel for files and observables like IPs, domains, URLs, and hashes
- REST API written in Django and Python
- Built-in GUI with dashboards and visualizations
- Plugins for analyzers, connectors, pivots, visualizers, ingestors, and playbooks
- Artifacts and user events for repeated analyses and investigations
Details
- First released
- 2019
- Platforms
- Web · Docker
- Deployment
- self-hostable · docker
- Language
- Python · Django
- Focus
- Threat intelligence at scale
- Integrations
- External analyzers and export connectors