Submit an observable for security analysis. Note: At least one of the following parameters is required:
  • Analyzers Requested
  • Connectors Requested
External DocumentationTo learn more, visit the Intel Owl documentation.

Basic Parameters

ParameterDescription
Analyzers RequestedA comma-separated list of specific analyzers to run.

For the list of all observable analyzers, refer to Intel Owl API documentation.

Important! Required if Connectors Requested parameter is not provided.
Connectors RequestedA comma-separated list of specific connectors to run.

For the list of all connectors, refer to Intel Owl API documentation.

Important! Required if Analyzers Requested parameter is not provided.
Observable ClassificationThe type of observable being analyzed.
Observable NameThe observable to analyze (IP address, domain, URL, file hash, etc.).
TLPTraffic Light Protocol classification level to control information sharing.
Tags LabelsA comma-separated list of tag labels to assign to the analysis.

Advanced Parameters

ParameterDescription
Analyzers Runtime ConfigurationA configuration object to override default analyzers configuration.

For example:
{
    “Doc_Info”: {
      “additional_passwords_to_check”: [“passwd”, “2020”]
    }
}
For more information about the Runtime Configuration, refer to Intel Owl API documentation.

Example Output

{
	"job_id": 19,
	"analyzers_running": [],
	"connectors_running": [
		"AbuseSubmitter",
		"EmailSender"
	],
	"visualizers_running": [],
	"playbook_running": null,
	"investigation": null,
	"status": "accepted",
	"already_exists": false
}

Workflow Library Example

Send Observable Analysis Request with Intel Owl and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop