opencti v4.4 releases: Open Cyber Threat Intelligence Platform

OpenCTI

OpenCTI is an open-source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.

The structuration of the data is performed using a knowledge schema based on STIX2 standards. It has been designed as a modern web application including a GraphQL API and a UX oriented frontend. Also, OpenCTI can be integrated with other tools and applications such as MISP, TheHive, MITRE ATT&CK, etc.

The goal is to create a comprehensive tool allowing users to capitalize technical (such as TTPs and observables) and non-technical information (such as suggested attribution, victimology etc.) while linking each piece of information to its primary source (a report, a MISP event, etc.), with features such as links between each information, first and last seen dates, levels of confidence, etc. The tool is able to use the MITRE ATT&CK framework (through a dedicated connector) to help structure the data. The user can also choose to implement its own datasets.

Once data has been capitalized and processed by the analysts within OpenCTI, new relations may be inferred from existing ones to facilitate the understanding and the representation of this information. This allows the user to extract and leverage meaningful knowledge from the raw data.

OpenCTI not only allows imports but also exports of data under different formats (CSV, STIX2 bundles, etc.). Connectors are currently developed to accelerate interactions between the tool and other platforms.

Changelog v4.4

Enhancements:

• #1264 Support for RabbitMQ over SSL
• #1255 Make Optional – Automatically start connectors when upload a report
• #1249 Migration to webpack 5
• #1239 OpenCTI is failing to connect to Amazon MQ/RabbitMQ cluster
• #1237 Promote observable to indicator
• #1216 Want to edit the “Details” part of “Malware”
• #1207 TTPs matrix in all entities (including reports)
• #1170 Add Client Certificate Authentication
• #1163 Selectable Date Types in Advanced Search
• #1144 Creation of a checkbox to select all the info in data curation
• #1045 Login and administration audit log Activity
• #986 Top CVE Widget
• #977 Export Indicators/Observables from Reports
• #883 TTPs matrix in the product
• #827 Improve federated SSO authentication
• #771 Multiple entities selection action (tag / delete …)
• #730 select all under data-> data curation
• #719 Be able to add generic “related-to” relations from knowledge

Bug Fixes:

• #1259 Critical error in custom dashboards
• #1254 Bug when add entity in investigation
• #1251 The user id of UI action is now missing in the stream
• #1246 Cannot create a X509 Observable
• #1241 In relationship list view, the First Observed date is not the right one
• #1238 Functional Error: “Only stix-core-relationhip can be created through this method” when creating “authored-by” relationships
• #1223 First object added to Report not visible in Knowledge graph

Download && Use

Copyright © 2019 OpenCTI