This is the first official stable open source release of Pandora. Pandora is an analysis framework to discover if a file is suspicious and conveniently show the results. The solution can be installed on-prem to avoid information leak in organisations.

It has been tested relatively extensively over the last few months, but there might still be issues. If anything goes wrong, please open an issue and we will do our best to solve it.

If you want to test Pandora without installing it, the online version is available at pandora.circl.lu.

Core functionalities

• Easy to implement workers to analyze specific file formats, or connect to third party services
• Admin interface
• Session-based user management interface, and sharing
• Generate a preview of the submitted document (if applicable)
• Extract indicators/observables from submitted files
• Extract content of archives
• Extract attachments from email in EML and MSG format
• Extract text content (if applicable)
• Extract EXIF metadata
• Pool service to fetch emails from an IMAP mailbox
• Notify Administrator
• MISP export and submission (admin only)
• Statistics (admin only)
• Role management (admin only)
• Locally defined observables (legitimate/suspicious) (admin only)

Screenshots

Submission interface

Result page