Skip to content

Intel Owl

SIEM & Threat Detection

An open‑source threat intelligence platform that enriches observables (files, IPs, domains, URLs, hashes) via a unified REST API and modular plugins.

Track releases GitHub Website
Python Latest v6.6.1 · 1mo ago Security brief →

Features

  • Multi‑source enrichment of files and observables (IP, domain, URL, hash) via a single API call
  • Fully‑featured Django REST API for programmatic integration
  • Modular plugin framework supporting analyzers, connectors, pivots, visualizers, ingestors, playbooks, data models, artifacts, and user events
  • Built‑in graphical dashboard with visualizations, analysis forms, and collaboration tools

Recent releases

View all 4 releases →
v6.6.1 Breaking risk
Breaking changes
  • Greynoise_Labs analyzer removed
Notable features
  • Workflow to check edge case dependency updates
Full changelog

please refer to the Changelog

Important update on the Current Mantainers and Future of the Project

What's Changed

  • Fix history routing constants for artifacts and wildcards by @ayushgupta704 in https://github.com/intelowlproject/IntelOwl/pull/3624
  • fix: patch peframe tostring() for Python 3.9+ compatibility (#3621) by @Abhishek9639 in https://github.com/intelowlproject/IntelOwl/pull/3625
  • fix(validin): add missing continue statement in _run_all_queries by @Abhishek9639 in https://github.com/intelowlproject/IntelOwl/pull/3644
  • fix(misp): eliminate N+1 HTTP requests in MISP connector. Closes #3571 by @jagapathi20 in https://github.com/intelowlproject/IntelOwl/pull/3579
  • refactor: remove Greynoise_Labs analyzer by @sanjib2006 in https://github.com/intelowlproject/IntelOwl/pull/3648
  • fix(hudsonrock): raise exception for non-email GENERIC observables. Closes #3647 by @Abhishek9639 in https://github.com/intelowlproject/IntelOwl/pull/3650
  • build(deps): bump apkid from 2.1.4 to 3.1.0 in /integrations/malware_tools_analyzers/requirements by @dependabot[bot] in https://github.com/intelowlproject/IntelOwl/pull/3652
  • Fix plugin state viewer org filter by @PranavShukla7 in https://github.com/intelowlproject/IntelOwl/pull/3640
  • feat: add workflow to check edge case dependency updates (#2737) by @Abhishek9639 in https://github.com/intelowlproject/IntelOwl/pull/3612

Full Changelog: https://github.com/intelowlproject/IntelOwl/compare/v6.6.0...v6.6.1

View release on GitHub
v6.6.0 Security relevant
Security fixes
  • Fix unsafe subprocess invocation in Phunter integration
  • Fix secret leakage in non-debug logs
Notable features
  • Machofile analyzer
  • URLScan.io Crawl Results Visualizer
  • Optimized Decay() method
View release on GitHub
v6.5.1 Bug fix
Security fixes
  • Sanitize notification HTML to prevent XSS
Notable features
  • Thread-safe get_root() implementation
  • Quad9 analyzer fixes
  • DNS0 to DNS4EU migration
View release on GitHub
v6.5.0 New feature
Notable features
  • Phunter Analyzer
  • JoeSandbox Analyzer
  • GuardDog Analyzer
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
4,593
Forks
642
Languages
Python JavaScript Shell
View on GitHub Homepage Live demo Documentation

Install & Platforms

Install via
docker

Similar tools

UPinar/contrastapi
Deepfence ThreatMapper
AIM-Intelligence/AIM-Guard-MCP
82ch/MCP-Dandan
OpenSandbox

Beta — feedback welcome: [email protected]