Name: IOC Lens – Obsidian Plugin · Obsidian Stats
Rating: 54 (27 reviews)
Author: Aaron Gabbert

by Aaron Gabbert

Score: 54/100

Install Code

Description

Category: Privacy & Security

#ioc #cybersecurity #indicators-of-compromise #incident-response

The IOC Lens plugin for Obsidian is a powerful tool designed for cybersecurity professionals and incident responders. It simplifies the process of extracting and analyzing Indicators of Compromise (IOCs) from your notes. By recognizing key elements such as IP addresses, domain names, and file hashes, the plugin automatically highlights them and provides quick access to security-focused resources like AbuseIPDB, Censys, Shodan, and more. This integration helps streamline the investigation process, allowing users to pivot directly to relevant online tools for deeper analysis. With customizable settings to choose which IOCs to extract and which resources to link, IOC Lens enhances your workflow and keeps you focused on actionable security data.

Reviews

No reviews yet.

Stats

stars

857

downloads

forks

543

days

513

days

514

days

total PRs

open PRs

closed PRs

merged PRs

total issues

open issues

closed issues

commits

Latest Version

1.1.0

a year ago

Changelog

Added defang functionality

Accessible through the command palette and editor context menu

Improved IOC view responsiveness

Sidebar now updates instantly in response to settings changes such as search engines being enabled or disabled

Search engine button improvements

Hover tooltip now displays the complete search engine name

Full Changelog: https://github.com/acgabbert/IOC-Lens/compare/1.0.2...1.1.0

See all version on GitHub

README file from

Github

IOC Lens

IOC Lens is a note-taking helper for Obsidian focused on cyber security and incident response.

As security professionals, we encounter indicators of compromise (IOCs) constantly in our work. Whether you’re an incident responder, threat researcher, or SOC analyst, keeping track of these indicators within lengthy notes can be challenging. IOC Lens solves this by providing a dedicated Obsidian view that automatically extracts and organizes:

IP addresses (both public and private)
Domain names
SHA256 hashes
MD5 hashes

demo

To activate IOC Lens, click the ribbon icon or use the command palette.

command palette

Key features:

Automatic IOC extraction from your notes
Defang domains and IP addresses via context menu options or command palette
Smart recognition of both standard and defanged IOCs (e.g. "evil[.]com")
One-click pivot buttons to search indicators across various security engines
Clean, organized view of all IOCs in your current note

Security considerations:

It's recommended to defang IOCs in your notes (e.g., using "evil[.]com" instead of "evil.com") to prevent accidental clicks or automated scanning
For compatibility with search engines, IOCs are automatically "refanged" in the sidebar view and when using the search pivot buttons
IOCs are displayed as plaintext in the sidebar - they are never clickable links
All interaction with IOCs is intentional and requires explicit user action

Tips:

Per the guidance in Obsidian's Developer Documentation, a default hotkey has not been set for any IOC Lens functions. However, you can bind commands to hot keys via the Obsidian settings ("Hotkeys" section). Example: hotkey-example

This allows you to defang IOCs with a hotkey - for example, ⌘+⇧+A.

Supported Search Engines

IOC Lens currently supports pivots to the following resources/search engines. Pivots are configurable via toggle switches in the plugin settings.