opencti v5.5.2 releases: Open Cyber Threat Intelligence Platform

OpenCTI

OpenCTI is an open-source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.

The structuration of the data is performed using a knowledge schema based on STIX2 standards. It has been designed as a modern web application including a GraphQL API and a UX oriented frontend. Also, OpenCTI can be integrated with other tools and applications such as MISP, TheHive, MITRE ATT&CK, etc.

The goal is to create a comprehensive tool allowing users to capitalize technical (such as TTPs and observables) and non-technical information (such as suggested attribution, victimology, etc.) while linking each piece of information to its primary source (a report, a MISP event, etc.), with features such as links between each information, first and last seen dates, levels of confidence, etc. The tool is able to use the MITRE ATT&CK framework (through a dedicated connector) to help structure the data. The user can also choose to implement its own datasets.

Once data has been capitalized and processed by the analysts within OpenCTI, new relations may be inferred from existing ones to facilitate the understanding and the representation of this information. This allows the user to extract and leverage meaningful knowledge from the raw data.

OpenCTI not only allows imports but also exports of data under different formats (CSV, STIX2 bundles, etc.). Connectors are currently developed to accelerate interactions between the tool and other platforms.

Changelog v5.5.2

Enhancements:

• #2720 Enable import button in all types of entity
• #2710 Add the enrichment button in ContainerHeader
• #2708 Be able to “go” on the external reference everywhere instead of opening the link
• #2707 Visualize HTML in read-only in “content”
• #2704 Display full text of Marking Definition on mouse hover
• #2473 Be able to list threats targeting a specific country and sector (with advanced filters)
• #2218 Add information icon and explanation on retention time
• #1404 Marking level display (almost) everywhere
• #544 Be able to filter by countries/regions AND sectors

Bug Fixes:

• #2719 Verify/create push_sync and listen_sync queues at platform start
• #2714 Error when sorting by some items
• #2712 Marking definition and organization segregation are applied to works management
• #2711 Incorrect values for Incident severity break incident listing in version 5.5.1
• #2697 DataSources knowledge is broken
• #1461 Connector Run Error
• #1440 Intrusion-set activities widgets also include “Attack Pattern”

Pull Requests:

• [api] TS on StoreLoadById and InternalLoadById by @Kedae in #2460
• [Front] Debug Knowledge url in DataSource/DataComponent (#issue/2697) by @SarahBocognano in #2699
• [api] Add received_time and processed_time to WorksFilter enum by @sc0ttes in #2705
• [front/api] Fix on issue for relationTypes list in expand menu by @Kedae in #2693
• [Back] bug fix: order lines by Creator for Notes, Opinions and Extern… by @Archidoit in #2715
• [Front] Adding enrichment button in ContainerHeader (#2710) by @Archidoit in #2716
• [Front] full MarkingDefinition displayed on mouse hover (#2704) by @Archidoit in #2717
• [front] Add targets view to Localisation/Entities/Vulnerability to get all the targeting entities + Filters by @Kedae in #2698
• [front] Fix for externalReferences count and selection by @Kedae in #2723
• [all] Release 5.5.2 by @SarahBocognano in #2724

Download && Use

Copyright © 2019 OpenCTI