RECENT POSTS
- AIL Project v6.0.1 - Improved usability in social network monitoring and many bugs fixed
- AIL Project v6.0: Improved Dark Web Analysis with a New Dashboard
- AIL Framework v5.9 Released – New Features such as dom-hash correlation, improvements and many bug fixes
- First release of onion-lookup version 0.1 - gathering metadata from Tor onion addresses
- AIL Framework v5.8 Released – New Features such as QR code extraction, improvements and fixes
- AIL Project version 5.7 released with many improvements with 2FA support, multi-organisation support, improved chat monitoring and more.
- AIL Project version 5.6 released with many improvements in the OCR and correlation functions and many updates.
- AIL Framework 5.5 Released: New OCR Module for Images, Report Generator for Tracker Module, and Numerous Improvements.
- AIL framework 5.4 released with many semantic improvements in chat channels, new Tor vanity domain explorer, Favicon Correlations and various improvements.
- AIL framework 5.3 released with chat explorer, Discord and Telegram monitoring, automatic translation, new features and various bugs fixed
- All posts ...
AIL framework 5.3 released with chat explorer, Discord and Telegram monitoring, automatic translation, new features and various bugs fixed
Feb 13, 2024 • Team CIRCL
Chat Explorer
The Chat Explorer in AIL v5.3 streamlines chat data analysis. It allows users to easily navigate through messages, threads, and subchannels, offering a straightforward approach to monitoring chat activities and extracting insightful information.
Discord and Telegram chats can now be imported using new importers/feeders:
- Discord Feeder: Monitors and imports Discord chat data. Learn more
- Telegram Feeder: Monitors and imports Telegram chat data. Learn more
Future releases will aim to further simplify the import process for other chat platforms. Basic documentation on the JSON format for importing messages is available here.
New Chat Features
AIL v5.3 introduces various new chat features, including:
- Chat Metadata: Name, username, icon, description, participants, etc.
- Chat Subchannels
- Threads in Chats/Subchannels/Messages
- Emoticons
- Images in Messages
- Message Replies
- User Metadata: Account ID, name, icon, additional info, username, etc.
To address language barriers in chat analysis, AIL v5.3 integrates LibreTranslate, an open-source, self-hosted machine translation tool. This feature allows for the translation of chat messages, facilitating easier analysis and comprehension of conversations in different languages without using external services. The information collected via the different chat are processed in the AIL framework and benefit from all the different analysis modules.
AIL v5.3 enhances the correlation of User Accounts, Chats, Images, and Messages, providing a more integrated view of the data and enabling deeper analytical insights.
Improvements
- Significant improvements in the crawling capabilities and integration with Lacus.
- Support for HHHash correlation added to correlate server per HTTP header profile.
- DomainClassifier improved especially on the performance aspect and caching.
- Kvrocks back-end updated to the latest version.
For detailed overview of the all the changes, the changelog provides an extensive overview of all the changes.
AIL images in LXD are available as download and can be used directly in production environment.
JTAN
Development of the AIL framework is co-funded by the European Union CEF program and CIRCL.
The Action will establish a Joint Threat Analysis Network, an open collaboration group of European computer security incident response teams (CSIRTs) with the focus on collecting, sharing and analysis of technical, operational and strategic threat intelligence. The purpose of this collaboration is to combine unique advantages of different teams to obtain comprehensive situational awareness and actionable information to effectively defend constituencies in each Member State, from critical infrastructure operators targeted by state-sponsored actors to individual citizens affected by cybercrime. The main part of the Action addresses gaps in the Cyber Threat Intelligence (CTI) tooling that is currently used by the national level CSIRTs in Europe. By strengthening individual tools and interconnecting them, the beneficiaries will achieve a new level of common situational awareness and they will benefit from shared knowledge and tooling.