Dear community, the OpenCTI platform version 2.1.0 has been released! This version is an important step for the future developments of OpenCTI as a full Cyber Threat Intelligence product. We have worked on major issues and features directly linked to what you can expect from OpenCTI and what we need, as a developers team, to build a powerful and durable application. We have done a lot of work on indexing in ElasticSearch and in general all the way API methods are organized (removing more than 7K lines of useless source code). Ingestion and reading performance have been improved by 12x or by 20x in some cases.
We have also completed the data model and have introduced very useful features to allow you to fully modelize threats that may target your organization. You are now able to directly link an observable on a relation "threat/incident => uses => TTP", for instance to indicate the registry key used for persistence or the sender email address of the phishing message. The attack patterns list has been reshaped to a true killchain with the description of each relation to ensure a better understanding of analysts. Observables can now be linked together, allowing you for instance to link hashes together if it corresponds to the same file, or link an IP address that resolves a domain name.
Last but not least, we have fully refactored the Python library and started to write a proper documentation, you have now access to many useful examples to interact with the OpenCTI platform in the Github repository. We will continue our efforts to make OpenCTI an indispensable tool for CTI, SOC and CSIRT teams around the world. We will soon publish usage and integration tips in existing workflows and plan a usecases-oriented webinar in January 2020.
Enhancements:
- #351 Be able to reset the state of a connector in the UI
- #339 ATT&CK techniques not searchable with their code
- #336 Add the ID of Attack Patterns
- #332 Observables must be able to indicate relations
- #319 Technical error thrown when not logged in
- #317 Observables filtering
- #315 Add Minio version in the "About tab"
- #314 Global performances improvement
- #308 Relations between observables
- #268 Global search in parameter of URL
- #266 Add a tags field on creation forms
- #245 Killchain view for Attack Patterns
- #219 Unable to add "localized in" relation
- #109 Import is really really slow
- #67 Export all entities to STIX2 JSON