Releases: intelowlproject/IntelOwl
Releases · intelowlproject/IntelOwl
API docs, 7 new analyzers, dependency upgrades and other adjusts
- Added API documentation with both Redoc and OpenAPI Format
NEW INBUILT ANALYZERS:
- added ThreatFox Abuse.ch analyzer for observables
- added GreyNoise Community analyzer for IP addresses
- added FireHol analyzer to detect malicious IP addresses
- added SSAPINet analyzer to capture a screenshot of a web page
- added optional Google Rendertron analyzer to capture a screenshot of a web page without using an external source (this won't leak the URL externally like the previous one)
- added IBM X-Force Exchange analyzer for observables
- added Google Web Risk analyzer, an alternative of GoogleSafeBrowsing for commercial purposes
Others:
- A lot of dependency upgrades and clean up of unnecessary ones
- refactor to some APIs + added tests for untested APIs
- adjustments to MISP, OTX and Cymru analyzers
New logos, New API endpoints
fixes and version upgrades
v2.1.1
FIXES/IMPROVEMENTS/Dependency upgrades
- now
start.pyworks with the most recent 1.28.2 version of docker-compose - updated Django, Yara and Speakeasy to most recent versions
several fixes + 2 new analyzers
IMPORTANT FIX
We changed docker-compose file names for optional analyzers. In the v.2.0.0 this broke Docker Hub builds, causing them to fail. Please upgrade to this version to be able to use the optional analyzers again.
NEW INBUILT ANALYZERS:
- added CRXCavator analyzer for malicious Chrome extensions
- added CERT Polska MWDB analyzer for malicious files
FIXES/IMPROVEMENTS/Dependency upgrades:
- updated
Quark_Engineto last version and fixed rules Maxmindanalyzer now retrieves City data too- fixes for
Qilinganalyzer - re-enabled
APKiD_Scan_APK_DEX_JARanalyzer for Android samples - adjusts to auto-build, PR template and documentation
Happy First Birthday IntelOwl!
Note: There were some major bugs in this version so we request you to checkout the latest version here instead.
Happy 1st Birthday IntelOwl! The gift is a new major release 🚀
BREAKING CHANGES:
- moved docker and docker-compose files under
docker/folder. - users upgrading from previous versions need to manually move
env_file_app,env_file_postgresandenv_file_integrationsfiles underdocker/. - users are to use the new start.py method to build or start IntelOwl containers
- moved the following analyzers together in a specific optional docker container named
static_analyzers.CapaPeFrameStrings_Info_Classic(based on flarestrings)Strings_Info_ML(based on stringsifter)
Please see docs to understand how to enable these optional analyzers
NEW INBUILT ANALYZERS:
- added Qiling file analyzer. This is an optional analyzer (see docs to understand how to activate it).
- added Stratosphere blacklists analyzer
- added FireEye Red Team Tool Countermeasures Yara rules analyzer
- added emailrep.io analyzer
- added Triage analyzer for observables (
searchAPI) - added InQuest analyzer
- added WiGLE analyzer
- new analyzers were added to the
static_analyzersoptional docker container (see docs to understand how to activate it).FireEye Flossstrings analysis.Manalyzefile analyzer
FIXES/IMPROVEMENTS/Dependency upgrades:
- upgraded main Dockerfile to python 3.8
- added support for the
genericobservable type. In this way it is possible to build analyzers that can analyze everything and not only IPs, domains, URLs or hashes - added Multi-queue option to optimize usage of Celery queues. This is intended for advanced users.
- updated GUI to new IntelOwl-ng version
- upgraded Speakeasy, Quark-Engine and Dnstwist analyzers to last versions
- moved from Travis CI to Github CI
- added CodeCov coverage support (so we will be improving the test coverage shortly)
- moved PEFile library pointer to a forked pip repo that contains some fixes.
- fix to log directiories that could result in some optional analyzers to break
- added milliseconds to logs
fix release with some improvements and new analyzers
This version was released earlier to fix installation problems triggered by the new version of pip (peepdfpackage was incompatible and had to be changed).
NEW INBUILT ANALYZERS:
- Added MalwareBazaar_Google_Observable analyzer: Check if a particular IP, domain or url is known to MalwareBazaar using google search
- Added InQuest YARA rules analyzer.
- Added StrangerealIntel Daily Ioc Yara rules analyzer.
FIXES/IMPROVEMENTS/Dependency upgrades:
- changed
peepdfpip repo topeepdf-forkto fix broken installation - adjustments to documentation
- upgraded
quark-engineto v20.11 - fixes to
UnpacMe_EXE_UnpackerandPE_Infoanalyzers - managed RAM utilization by celery to avoid issues when using IntelOwl for a lot of analysis.
- added PR template
- removed nginx banner
new analyzers + some tweaks
NEW INBUILT ANALYZERS:
- Added Triage file analyzer.
- Added Zoomeye analyzer.
- Added Dnstwist analyzers.
- Added Ipinfo analyzer.
- Added ReversingLabs YARA rules analyzer.
- Added Samir YARA rules analyzer.
FIXES/IMPROVEMENTS/Dependency upgrades:
- several little fixes on analyzers (
OTXQuery,DNSDB,Classic_DNS,Fortiguard,XMLDeobfuscator) - increased filename max_length to
512 - added validation checks to avoid DB problems
- upgraded Yara to v4.0.2
- added Yara rule location to the analyzer output
Major Release: v1.8.0; Nov'20
Refer to CHANGELOG.md.
Improvements to recent malicious document analysis
Improvements to recent malicious document analysis:
- Added XLMMacroDeobfuscator analyzer, refer #196 thanks to @0ssigeno
- Updated oletools to last available changes
Other:
- updated black to 20.8b1 and little fix in the docs
Unpacme + whoisxml API + checkdmarc analyzer + Fix VT2
- 3 new analyzers which can be used out of the box:
UnpacMe_EXE_Unpacker: UnpacMe is an automated malware unpacking service. (Thanks to @0ssigeno)CheckDMARC: checdmarc provides SPF and DMARC DNS records validator for domains. (Thanks to @goodlandsecurity)Whoisxmlapi: Fetch WHOIS record data, of a domain name, an IP address, or an email address. (Thanks to @tamthaitu)
- Some fixes to Cymru Malware and VT2 analyzers.
- Now you or your organization can get paid support/extra features/custom integrations for IntelOwl via xscode platform. Details.