Flowintel is an open-source platform designed to assist analysts in organizing their cases and tasks. It features a range of tools and functionalities to enhance workflow efficiency.
-
Case and Task Management: Tailored for security analysts, enabling efficient tracking and organization.
-
Rich Documentation Tools: Includes Markdown and Mermaid integration for detailed notes, with export options like PDF.
-
Integration with MISP standard: Seamless connection with MISP taxonomies and MISP galaxy.
-
Calendar and Notifications: Features an efficient calendar view and notifications for timely task management.
-
Templating System: Provides templates for cases and tasks, creating a playbook and process repository for cybersecurity.
-
Flexible Data Export: Offers modules for exporting data to platforms like MISP, AIL, and more.
-
Accessible API: Exposes an API for easy interaction with FlowIntel's functionalities.
-
Advanced Analysis Modules: Leverages MISP modules for automated enrichment, threat intelligence, and data correlation.
-
User and Workflow Management: Supports organizational structuring, task assignments, and a queueing system for efficient workload distribution.
-
Comprehensive Audit Logging: Maintains a full audit trail of all actions, ensuring transparency and compliance.
- Python 3.10+
- PostgreSQL (or SQLite, MySQL, MariaDB)
- Valkey (or Redis)
- uv (for Python dependency management)
- Bun (for Node.js dependency management)
- Copy the default configuration:
cd flowintel
cp conf/config.py.default conf/config.py
cp conf/config_module.py.default conf/config_module.py-
Configure the application in
conf/config.py -
Run the installation script:
./install.sh- Start the application:
./launch.sh -lIn /bin there's a script for installation and for launching
- email:
admin@admin.admin - password:
admin
./launch.sh -l # Development launch
./launch.sh -ld # Docker launch
./launch.sh -i # Initialize database
./launch.sh -ip # Production database initialization
./launch.sh -r # Recreate database
./launch.sh -p # Production launch
./launch.sh -t # Run tests
./launch.sh -ks # Kill running sessions
./launch.sh -tg # Update taxonomies and galaxies
./launch.sh -mm # Update MISP modules
./launch.sh -tdc <key> # Create community test data
./launch.sh -dtdc <key> # Delete community test data
./launch.sh -tdcc # Create test cases
./launch.sh -dtdcc # Delete test casesTo build assets using vite:
cd app/assets
bun run build:staticOr with npm:
cd app/assets
npm run build:staticIf you would like to add your own galaxies and taxonomies to Flowintel, add it to:
-
flowintel/modules/custom_taxonomies/ -
flowintel/modules/custom_galaxies/
Just keep in mind that for taxonomies a MANIFEST.json is required and for galaxies two folders clusters and galaxies
See: misp-galaxy, misp-taxonomies
Overview of features currently under development. https://github.com/orgs/flowintel/projects/5
This software is licensed under GNU Affero General Public License version 3
Copyright (C) 2022-2023 CIRCL - Computer Incident Response Center Luxembourg
Copyright (C) 2022-2023 David Cruciani
Flowintel is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.