Skip to content
This repository has been archived by the owner on Oct 10, 2022. It is now read-only.

[Layout enhancement] Job Result: one view of all the findings #48

Open
n2x4 opened this issue Aug 15, 2020 · 3 comments
Open

[Layout enhancement] Job Result: one view of all the findings #48

n2x4 opened this issue Aug 15, 2020 · 3 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@n2x4
Copy link

n2x4 commented Aug 15, 2020

Was using IntelOwl for IP and URL analysis to begin building a profile on the source. I didn't see a way to consolidate the resulting search data and had to view the output for each separately. It would be nice to be able to skip blank results or get the combined output into a single export of results - one view of all the findings.
@eshaan7
Copy link
Member

eshaan7 commented Aug 15, 2020
edited

It would be nice to be able to skip blank results.

When you get the result on the web interface, in the table on RHS the analyzers with the green checkmark are ones which provided some valid output. You can sort the table to have these on top, that way you can avoid looking (clicking) at ones with the red cross (unless you are interested in knowing why a particular analyzer failed).

get the combined output into a single export of results - one view of all the findings.

You can click on the 'view as raw json' button and view the full report as a .json file in your browser or download it to open it in an IDE, etc.

We actually struggled alot with finding a perfect way to show the analyzer's results. When you select an analyzer, it's report is shown in an JSON view which provides filtering, searching even querying functionalities which can be quite useful.
But we are well open to ideas (and designs) in this space.

EDIT: We have pushed a new release v1.3.x with support for elastic search. Our goal is this will help users customize IntelOwl's behavior, making sense of the output/results in a more customizable and efficient manner.

@eshaan7
Copy link
Member

eshaan7 commented Aug 18, 2020
edited

Transferring to the IntelOwl-ng repository since this is related to the web interface.

@eshaan7 eshaan7 transferred this issue from intelowlproject/IntelOwl Aug 18, 2020
@eshaan7 eshaan7 added enhancement New feature or request help wanted Extra attention is needed labels Aug 25, 2020
@eshaan7 eshaan7 changed the title Intel Reporting - TLDR Analysis [Layout enhancement] Job Result: one view of all the findings Aug 25, 2020
@eshaan7 eshaan7 pinned this issue Sep 7, 2020
@dutchgioproject
Copy link

A similar threat intel tool called GOSINT (https://github.com/ciscocsirt/GOSINT) handles showing results quite well, although it is dated, no longer maintained and consists of only three API connections being Cisco Umbrella, Virutstotal and ThreatCrowd.

Results for a single domain lookup are shown as follows:

2020-09-08 14_06_59-Ubuntu 18 04 3 LTS op DESKTOP-HNTFUNN - verbinding met virtuele machine

The tool is able to list the retrieved results and add information regarding it's maliciousness and resolved IP-adresses in a very clear way, with results of multiple sources on the same page.

Perhaps this could be built with Elasticsearch as well, but it may improve the user interface of the tool itself as it could replace browsing JSON files for each analyer individually.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dutchgioproject @eshaan7 @n2x4