ENNAENNA

IntelOwl

AGPL-3.0

๐Ÿง  Threat Intelligence ยท Python

IntelOwl is an open-source threat intelligence management platform that aggregates and correlates data from over 100 external analyzers, scanners, and enrichment services. Feed it an observable โ€” IP address, domain, URL, file hash, or email โ€” and IntelOwl automatically queries VirusTotal, AbuseIPDB, Shodan, URLhaus, MalwareBazaar, MISP feeds, and dozens of other sources in parallel, returning a unified report with cross-referenced findings. The platform supports both automatic triage workflows and manual analyst-driven investigations. IntelOwl integrates with MISP and OpenCTI for bidirectional threat intel sharing, and its playbook system allows you to define custom analysis chains for different observable types. The Docker-based deployment includes a web UI, REST API, and Celery task queue for handling high-volume enrichment. With over 4,500 GitHub stars, IntelOwl has become a popular alternative to commercial TIP platforms like ThreatConnect and Anomali.

4.6kstars
637forks
57issues
Updated 20d ago
+I use this
๐Ÿณ Docker Ready
View on GitHubOfficial Website

Installation

$ docker compose up -d

Use Cases

  • Automated IOC enrichment at scale
  • Malware sample analysis orchestration
  • Threat intel feed aggregation and correlation

Tags

threat-inteliocmalware-analysissoarcyber-securitycyber-threat-intelligencecybersecuritydfirenrichmenthacktoberfesthoneynetincident-responseintel-owlmalware-analyzerosintosint-pythonpythonsecurity-toolsthreat-huntingthreat-intelligencethreathuntingthreatintel

Details

Category
๐Ÿง  Threat Intelligence
Language
Python
License
AGPL-3.0
Platforms
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Links

GitHub Repository

github.com/intelowlproject/IntelOwl

Official Website

intelowlproject.github.io

Releases

github.com/intelowlproject/IntelOwl/releases

Issues

github.com/intelowlproject/IntelOwl/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

MISP

PHP/Python

Open-source threat intelligence and sharing platform. Structured IOC management, feeds, correlation, and STIX/TAXII export.

Compare IntelOwl vs MISP

OpenCTI

TypeScript/Python

Cyber threat intelligence platform. Knowledge management for threat data with STIX2 native storage and graph visualization.

Compare IntelOwl vs OpenCTI

More in Threat Intelligence

MISP

PHP/Python

Open-source threat intelligence and sharing platform. Structured IOC management, feeds, correlation, and STIX/TAXII export.

threat-inteliocsharing

OpenCTI

TypeScript/Python

Cyber threat intelligence platform. Knowledge management for threat data with STIX2 native storage and graph visualization.

threat-intelstix2knowledge-graph

TheHive

Scala/JavaScript

Incident response case management platform. Collaborative investigation with observable analysis, playbooks, and MISP integration.

incident-responsecase-managementsoc

GRR Rapid Response

Python

Remote live forensics framework by Google. Deploy agents across thousands of endpoints for artifact collection and analysis.

dfirremote-forensicsendpoint

KAPE

C#

Kroll Artifact Parser and Extractor. Fast triage collection and parsing of forensic artifacts from Windows, macOS, and Linux.

dfirtriageartifact-collection

Cortex

Scala/Python

Observable analysis and active response engine. Analyze IOCs at scale with 100+ analyzers for IPs, hashes, URLs, and domains.

ioc-analysisobservableenrichment