Skip to content

Releases: intelowlproject/IntelOwl

Elastic Search + LDAP + groups/permissions + some fixes

16 Aug 23:30
@eshaan7 eshaan7
v1.3.0
635e827
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Elastic Search + LDAP + groups/permissions + some fixes
  • Added the ability to leverage Django's permissions system to organize users into groups, allow/restrict different permissions to different groups, mark particular jobs as private so they are not visible to other users. Docs on how to use this.
  • Added support for Elastic Search. If elastic search is enabled, all analysis are auto synced between the postgreSQL database and the Elastic Search index. Docs.
    • As a bonus, a preconfigured Kibana configuration (having some helpful visualizations and dashboard) is also provided which can be imported as a "Saved Object" into Kibana.
  • Added basic support for LDAP authentication mechanism. Docs.
  • Fixed: CUCKOO_API_KEY variable missing from env_file_app_template.
  • Increased observable_name field's max_length to support upto 512 chars. Up from the previous 128 limit. (Issue #144)
  • Cleaner log messages throughout analyzer related functions.
  • Various other under-the-hood improvements, fixes and optimizations.

For users upgrading to v1.3.0 from prior versions - Please follow the steps described here.

Assets 2
Loading

Capa + Box-JS + APKiD + logging issue fixed (Stable Release)

27 Jul 20:56
@eshaan7 eshaan7
v1.2.0
d54dc98
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Capa + Box-JS + APKiD + logging issue fixed (Stable Release)
  • Integrations for analyzers: Capa by FireEye, Box-JS and APKiD. All of these are available as optional analyzers which can be enabled as per user's need.
  • Fix for issue #129. Now supports max length of 128 chars so SHA256/512 hashes can be scanned.
  • Refactoring and various bug fixes in Docker based optional analyzers, especially the logging issue.
  • changed flush_expired_tokens cron schedule from every 6h to 3h. So the user's DB is not cluttered.
  • Cleaner log messages throughout analyzer related functions.

Note: To update the web-client, please run docker pull intelowlproject/intelowl_ng:latest before starting Intel Owl.

Assets 2
Loading

Patch release

16 Jul 19:09
@eshaan7 eshaan7
v1.1.1
5c7960d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Patch release

Patch release after v1.1.0.

  • Fix for the wrong service name in docker-compose.thug.yml
  • Slim Thug's docker image by a few MBs
  • For full changelog/new features, see v1.1.0.

Note: To update the web-client, please run docker pull intelowlproject/intelowl_ng:latest before starting Intel Owl.

Assets 2
Loading

Thug Honeyclient, bug fixes, optimizations

15 Jul 15:24
@eshaan7 eshaan7
v1.1.0
cc4c764
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Thug Honeyclient, bug fixes, optimizations

Note: Please use v1.1.1 which is a patched version of this.

  • Now supports Thug honeyclient for analysis of URL, Domain, HTML files. This is available via an optional docker container and in various flavors of invoking user-agent and thug specific configurations.
    Here's how-to enable it and use it in Intel Owl.
  • Bug fixes: PEframe logs not being created, whitespace around = operator in .env file.
  • Major under the hood improvements and optimizations and codefactor.io alert fixes.
  • Improvements on the web interface for easier navigation/filtering of analysis results.

Note: To update the web-client, please run docker pull intelowlproject/intelowl_ng:latest before starting Intel Owl.

Assets 2
Loading

Revamped web interface + some new analyzers and code refactoring

05 Jul 12:39
@mlodic mlodic
1.0.0
920a9b2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Revamped web interface + some new analyzers and code refactoring

Check the official blog posts for all the details:

https://www.honeynet.org/2020/07/05/intel-owl-release-v1-0-0/

Assets 2
Loading

21 new analyzers and a new docker-based system for integrations

16 Apr 14:55
@mlodic mlodic
0.4.0
718fc09
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
21 new analyzers and a new docker-based system for integrations

Added a new way to integrate analysis tools as separated Docker-based analyzers. PEframe is the first of this kind.

21 New analyzers:

  • PEframe: Perform static analysis on Portable Executable malware and malicious MS Office documents
  • MalwareBazaar_Get_File: Check if a particular malware sample is known to MalwareBazaar
  • Censys_Search: scan an IP address against Censys View API
  • URLhaus: Query a domain or URL against URLhaus API
  • MalwareBazaar_Get_Observable: Check if a particular malware hash is known to MalwareBazaar
  • GreyNoise: scan an IP against the Greynoise API (requires API key)
  • ONYPHE: search an observable in the ONYPHE
  • HoneyDB_Get: IP lookup service
  • Threatminer_PDNS: retrieve PDNS data from Threatminer API
  • Threatminer_Reports_Tagging: retrieve reports from Threatminer API
  • Threatminer_Subdomains: retrieve subdomains from Threatminer API
  • ActiveDNS_Google: Retrieve current domain resolution with Google DoH (DNS over HTTPS)
  • ActiveDNS_CloudFlare: Retrieve current domain resolution with CloudFlare DoH (DNS over HTTPS)
  • ActiveDNS_Classic: Retrieve current domain resolution with default DNS
  • Auth0: scan an IP against the Auth0 API
  • Securitytrails_IP_Neighbours: scan an IP against securitytrails API for neighbour IPs
  • Securitytrails_Details: scan a domain against securitytrails API for general details
  • Securitytrails_Subdomains: scan a domain against securitytrails API for subdomains
  • Securitytrails_Tags: scan a domain against securitytrails API for tags
  • Securitytrails_History_WHOIS: scan a domain against securitytrails API for historical WHOIS
  • Securitytrails_History_DNS: scan a domain against securitytrails API for historical DNS
Assets 2
Loading

0.3.0

22 Mar 22:31
@mlodic mlodic
0.3.0
8d61e37
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.3.0
  • Added new analyzers for Shodan, HoneyDB, Hunter.io
  • updated testing suite
  • updated docs to help testing and external contributions
  • little fixes
Assets 2
Loading

Improvements

21 Jan 14:56
@mlodic mlodic
0.2.0
3c3d4f8
Compare
Choose a tag to compare
Improvements
  • Added DNSDB analyzer
  • Improved Maxmind Analayzer
  • little tweaks
Assets 2
Loading

First release

09 Jan 11:40
@mlodic mlodic
0.1.0
9bb9a66
Compare
Choose a tag to compare
First release 
0.1.0

Merge branch 'master' of github.com:certego/IntelOwl
Assets 2
Loading