Skip to content
/ flowintel Public

An open source platform to support analysts to organise their case and tasks

License

AGPL-3.0 license
41 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

flowintel/flowintel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

292 Commits
.github/workflows
.github/workflows
 
 
app
app
 
 
conf
conf
 
 
doc
doc
 
 
migrations
migrations
 
 
modules
modules
 
 
tests
tests
 
 
.dockerignore
.dockerignore
 
 
.gitchangelog.rc
.gitchangelog.rc
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.py
app.py
 
 
install.sh
install.sh
 
 
launch.sh
launch.sh
 
 
migrate.sh
migrate.sh
 
 
pyproject.toml
pyproject.toml
 
 
requirements.txt
requirements.txt
 
 
startNotif.py
startNotif.py
 
 

Repository files navigation

flowIntel is an open-source platform designed to assist analysts in organizing their cases and tasks. It features a range of tools and functionalities to enhance workflow efficiency.

Features

  • Case and Task Management: Tailored for security analysts, enabling efficient tracking and organization.
  • Rich Documentation Tools: Includes Markdown and Mermaid integration for detailed notes, with export options like PDF.
  • Integration with MISP standard: Seamless connection with MISP taxonomies and MISP galaxy.
  • Calendar and Notifications: Features an efficient calendar view and notifications for timely task management.
  • Templating System: Provides templates for cases and tasks, creating a playbook and process repository for cybersecurity.
  • Flexible Data Export: Offers modules for exporting data to platforms like MISP, AIL, and more.
  • Accessible API: Exposes an API for easy interaction with FlowIntel CM's functionalities.

task-management

Quick start

Change the configuration /conf/config.py

run the installation script ./install.sh

Start the application with ./launch.sh -l

Account

  • email: admin@admin.admin

  • password: admin

Analyzers vs Connectors

Analyzers receive data from flowintel and can send data to flowintel to enrich notes of cases or tasks.

Connectors can only receive data from flowintel. In the case of MISP, this will result in the creation of an event with a flowintel-cm-case object for a case and a flowintel-cm-task object for a task.

Screen

A screen is created to notify recurrent case. To access it:

screen -r fcm

Importer

Import a case and its tasks:

{
  "title": "Super Case",
  "description": "My super case for the documentation",
  "uuid": "0b1f9a85-0d38-46a1-b9dd-1eeea1608308",
  "deadline": null,
  "recurring_date": null,
  "recurring_type": null,
  "tasks": [
    {
      "title": "Prepare a super tea",
      "description": "Keep it as hot as possible",
      "uuid": "ddd271b4-d7f8-4af0-a9b3-46ad52aca1bf",
      "notes": "# Preparation\n- add one sugar\n",
      "url": "",
      "deadline": null
    }
  ]
}

Api

Case

/api/case/doc

Admin

/api/admin/doc

Templating

/api/template/doc

Importer

/api/importer/doc

Screenshots

My Assignment

My Assignment

Calendar

Calendar

Template

Template Case

Importer

Importer

Orgs

Org

Users

Users

License

This software is licensed under GNU Affero General Public License version 3

Copyright (C) 2022-2023 CIRCL - Computer Incident Response Center Luxembourg
Copyright (C) 2022-2023 David Cruciani

Funding

CIRCL.lu CEF Telecom funding (D4 Project

About

An open source platform to support analysts to organise their case and tasks

Topics

incident-response case-management threatintel

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

41 stars

Watchers

11 watching

Forks

5 forks
Report repository

Releases 8

flowintel release version 1.0.0 Latest
Jun 10, 2024
+ 7 releases

Packages 1

 

Contributors 4

Languages