Merge pull request #3608 from intelowlproject/develop

v6.6.0

Author: mlodic

.github/CHANGELOG.md

@@ -2,6 +2,9 @@
 
 [**Upgrade Guide**](https://intelowlproject.github.io/docs/IntelOwl/installation/#update-to-the-most-recent-version)
 
+## [v6.6.0](https://github.com/intelowlproject/IntelOwl/releases/tag/v6.6.0)
+A lot of minor contributions to fix bugs and improve maintenance plus some new visualizers and analyzers improvements
+
 ## [v6.5.1](https://github.com/intelowlproject/IntelOwl/releases/tag/v6.5.1)
 A lot of minor contributions to fix bugs and improve maintenance
 
@@ -620,7 +623,7 @@ We are proud to announce two new sponsorships today!
 If you are interested in helping the project through a donation, read [here](https://github.com/intelowlproject/IntelOwl/blob/master/.github/partnership_and_sponsors.md) how you can do it!
 
 **New/Improved Analyzers:**
-- New [CyberChef](https://gchq.githuba.io/CyberChef/) Analyzer! Run your own recipes in IntelOwl! Check the [docs](https://intelowlproject.github.io/docs/advanced_usage/#cyberchef)!
+- New [CyberChef](https://gchq.github.io/CyberChef/) Analyzer! Run your own recipes in IntelOwl! Check the [docs](https://intelowlproject.github.io/docs/advanced_usage/#cyberchef)!
 
 **Other:**
 - fixes: [#931](https://github.com/intelowlproject/IntelOwl/issues/931)

.github/FUNDING.yml

@@ -1,2 +1 @@
 open_collective: intelowl-project
-github: intelowlproject

.github/pull_request_template.md

@@ -11,6 +11,7 @@ Please delete options that are not relevant.
 - [ ] Bug fix (non-breaking change which fixes an issue).
 - [ ] New feature (non-breaking change which adds functionality).
 - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected).
+- [ ] Chore (refactoring, dependency updates, CI/CD changes, code cleanup, docs-only changes).
 
 # Checklist
 
@@ -38,6 +39,8 @@ Please delete options that are not relevant.
     - [ ] I have a provided a screenshot of the result in the PR.
     - [ ] I have created new frontend tests for the new component or updated existing ones.
 - [ ] After you had submitted the PR, if `DeepSource`, `Django Doctors` or other third-party linters have triggered any alerts during the CI checks, I have solved those alerts.
+- [ ] I have addressed raised Copilot issues. In case of FPs, I have commented the Copilot issue and proved that it is wrong before having the comment resolved.
+- [ ] I have reviewed and verified any LLM-generated code included in this PR. Also, I have explicitly stated that I have used LLMs in this PR.
 
 ### Important Rules
 - If you miss to compile the Checklist properly, your PR won't be reviewed by the maintainers.

.github/workflows/codeql-analysis.yml

@@ -65,7 +65,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v4.32.0
+      uses: github/codeql-action/init@v4.35.1
       with:
         languages: python
         # Override the default behavior so that the action doesn't attempt
@@ -93,4 +93,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v4.32.0
+      uses: github/codeql-action/analyze@v4.35.1

.github/workflows/docker-build-cache.yml

@@ -0,0 +1,45 @@
+permissions:
+  contents: read
+  packages: write
+
+name: Docker Build Cache
+
+on:
+  push:
+    branches: [develop]
+    paths-ignore:
+      - "**.md"
+      - "docs/**"
+      - "integrations/**"
+
+jobs:
+  build-main-image:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout IntelOwl
+        uses: actions/checkout@v6.0.2
+
+      - name: Set image repo
+        run: echo "IMAGE_REPO=ghcr.io/${GITHUB_REPOSITORY,,}" >> "$GITHUB_ENV"
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
+
+      - name: Login to GHCR
+        uses: docker/login-action@v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build main image and push cache
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          file: docker/Dockerfile
+          push: false
+          build-args: |
+            REPO_DOWNLOADER_ENABLED=false
+          cache-from: type=registry,ref=${{ env.IMAGE_REPO }}:cache-main
+          cache-to: type=registry,ref=${{ env.IMAGE_REPO }}:cache-main,mode=max

.github/workflows/pull_request_automation.yml

@@ -76,6 +76,16 @@ jobs:
           cp docker/env_file_app_template docker/env_file_app
           cp docker/env_file_postgres_template docker/env_file_postgres
 
+      - name: Set image repo
+        run: echo "IMAGE_REPO=ghcr.io/${GITHUB_REPOSITORY,,}" >> "$GITHUB_ENV"
+
+      - name: Login to GHCR
+        uses: docker/login-action@v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Startup script launch (Slow)
         if: contains(github.base_ref, 'master')
         run: |
@@ -96,7 +106,7 @@ jobs:
           BUILDKIT_PROGRESS: "plain"
           STAGE: "ci"
           REPO_DOWNLOADER_ENABLED: false
-
+          
       - name: Docker debug
         if: always()
         run: |
@@ -154,4 +164,4 @@ jobs:
       - name: Test with Jest
         run: |
           npm run test -- --silent --coverage
-        working-directory: ./frontend
+        working-directory: ./frontend

.github/workflows/scorecard.yml

@@ -68,6 +68,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@ee1e1399e292f3386c840526dac6a4dc7509ad72 # v2.22.11
+        uses: github/codeql-action/upload-sarif@a899987af240c0578ed84ce13c02319a693e168f # v2.22.11
         with:
           sarif_file: results.sarif

.pre-commit-config.yaml

@@ -21,12 +21,12 @@ repos:
           - eslint-plugin-react@7.30.0
           - eslint-plugin-react-hooks@4.5.0
         args: ["--fix"]
-        files: frontend/src/
+        files: frontend/(src|tests)/
   - repo: https://github.com/pre-commit/mirrors-prettier
     rev: v3.1.0
     hooks:
       - id: prettier
-        files: frontend/src/
+        files: frontend/(src|tests)/
   - repo: https://github.com/awebdeveloper/pre-commit-stylelint
     rev: 0.0.2
     hooks:

README.md

@@ -15,6 +15,9 @@
 [![DeepSource](https://app.deepsource.com/gh/intelowlproject/IntelOwl.svg/?label=resolved+issues&token=BSvKHrnk875Y0Bykb79GNo8w)](https://app.deepsource.com/gh/intelowlproject/IntelOwl/?ref=repository-badge)
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/intelowlproject/IntelOwl/badge)](https://api.securityscorecards.dev/projects/github.com/intelowlproject/IntelOwl)
 [![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/7120/badge)](https://bestpractices.coreinfrastructure.org/projects/7120)
+
+<a href="https://trendshift.io/repositories/11483" target="_blank"><img src="https://trendshift.io/api/badge/repositories/11483" alt="intelowlproject%2FIntelOwl | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>
+
 # Intel Owl
 
 Do you want to get **threat intelligence data** about a malware, an IP address or a domain? Do you want to get this kind of data from multiple sources at the same time using **a single API request**?
@@ -39,6 +42,8 @@ It provides:
   - *ingestors* that allow to automatically ingest stream of observables or files to IntelOwl itself
   - *playbooks* that are meant to make analysis easily repeatable
   - *data models* to map the different data extracted from analyzers to a single common schema
+  - *artifacts* that are representations of observables or files that can be analyzed multiple times for different evaluations
+  - *user events* that allow users to add custom evaluation or additional info to any artifact
 - A starting point for analysts' **Investigations**: users can register their findings, correlate the information found, and collaborate...all in a single place
 
 
@@ -63,7 +68,7 @@ You can see the full list of all available analyzers in the [documentation](http
 
 As open source project maintainers, we strongly rely on external support to get the resources and time to work on keeping the project alive, with a constant release of new features, bug fixes and general improvements.
 
-Because of this, we joined [Open Collective](https://opencollective.com/intelowl-project) to obtain US and EU non-profit equal level status which allows the organization to receive and manage donations transparently and with tax exemption. Please support IntelOwl and all the community by choosing a plan (BRONZE, SILVER, etc).
+Because of this, we joined [Open Collective](https://opencollective.com/intelowl-project) to obtain US and EU non-profit equal level status which allows the organization to receive and manage donations transparently and with tax exemption. Please support IntelOwl and all the community.
 
 <a href="https://opencollective.com/intelowl-project/donate" target="_blank">
   <img src="https://opencollective.com/intelowl-project/donate/button@2x.png?color=blue" width=200 />
@@ -108,8 +113,8 @@ In 2022 IntelOwl joined the official [DigitalOcean Open Source Program](https://
 
 Feel free to contact the main developers at any time on Twitter:
 
-- [Matteo Lodi](https://twitter.com/matte_lodi): Author, Advisor and Administrator
-- [Daniele Rosetti](https://github.com/drosetti): Administrator and Frontend Maintainer
-- [Simone Berni](https://twitter.com/0ssig3no): Backend Maintainer
+- [Matteo Lodi](https://twitter.com/matte_lodi): Author and Principal Maintainer
+- [Daniele Rosetti](https://github.com/drosetti): Frontend Maintainer
 - [Federico Gibertoni](https://x.com/fgibertoni1): Maintainer and Community Assistant
+- [Simone Berni](https://twitter.com/0ssig3no): Key Contributor
 - [Eshaan Bansal](https://twitter.com/eshaan7_): Key Contributor

api_app/analyzers_manager/admin.py

@@ -3,7 +3,18 @@
 from django.contrib import admin
 
 from api_app.admin import AbstractReportAdminView, PythonConfigAdminView
-from api_app.analyzers_manager.models import AnalyzerConfig, AnalyzerReport
+from api_app.analyzers_manager.models import (
+    AnalyzerConfig,
+    AnalyzerReport,
+    PhishingArmyDomain,
+    Ja4DBEntry,
+    TorDanMeUKNode,
+    TorExitNode,
+    TweetFeedItem,
+    SpamhausDropItem,
+    StratosphereIPEntry,
+    FireholIPEntry,
+)
 
 
 # flake8: noqa
@@ -20,3 +31,51 @@ class AnalyzerConfigAdminView(PythonConfigAdminView):
     )
     list_filter = ["type", "maximum_tlp"] + PythonConfigAdminView.list_filter
     exclude = ["update_task"]
+
+
+@admin.register(TorExitNode)
+class TorExitNodeAdmin(admin.ModelAdmin):
+    list_display = ["ip", "updated_at"]
+
+
+@admin.register(TorDanMeUKNode)
+class TorDanMeUKNodeAdmin(admin.ModelAdmin):
+    list_display = ["ip", "updated_at"]
+
+
+@admin.register(PhishingArmyDomain)
+class PhishingArmyDomainAdmin(admin.ModelAdmin):
+    list_display = ["domain", "updated_at"]
+
+
+@admin.register(TweetFeedItem)
+class TweetFeedItemAdmin(admin.ModelAdmin):
+    list_display = ["value", "updated_at"]
+
+
+@admin.register(SpamhausDropItem)
+class SpamhausDropItemAdmin(admin.ModelAdmin):
+    list_display = ["data_type", "value", "network_address", "updated_at"]
+    list_filter = ["data_type"]
+    search_fields = ["value", "network_address"]
+
+
+@admin.register(StratosphereIPEntry)
+class StratosphereIPEntryAdmin(admin.ModelAdmin):
+    list_display = ["ip", "list_type", "rating", "updated_at"]
+    list_filter = ["list_type"]
+    search_fields = ["ip"]
+
+
+@admin.register(FireholIPEntry)
+class FireholIPEntryAdmin(admin.ModelAdmin):
+    list_display = ["ip_or_subnet", "list_name", "network_address", "updated_at"]
+    list_filter = ["list_name"]
+    search_fields = ["ip_or_subnet", "network_address"]
+
+
+@admin.register(Ja4DBEntry)
+class Ja4DBEntryAdmin(admin.ModelAdmin):
+    list_display = ["fingerprint_type", "fingerprint_value", "updated_at"]
+    list_filter = ["fingerprint_type"]
+    search_fields = ["fingerprint_value"]