Dear community, OpenCTI version 2.1.3 has been released! We mainly focused our work on the stability of the whole product as well as the resolution of some major bugs. However, several new features have also been implemented, in particular the possibility of exporting lists of entities in STIX2 or CSV format: exporting campaign indicators, reports about an intrusion sets, all malwares, etc. We have completed the refactoring of the Python library and added all the methods that were still missing on some entity types as well as the file upload feature. For the next release, we will carry on our huge refactor of workspaces and statistics in general. We also plan to conduct a documentation working session to improve it in depth.
Last but not least, we will soon plan the organization of a webinar that will be didicated to OpenCTI basics but also a very interesting use case for both red teams and blue teams: how to put all knowledge about an incident in OpenCTI and replay it using Caldera. Double advantage of such a scenario: the capitalization of knowledge related to the incident as well as the ability to test the reaction of SOC / CSIRT in the event of a similar attack. Your feedback and your impressions are precious, do not hesitate to send us your use cases and the difficulties you encounter!
⚠️ Breaking changes ⚠️
Grakn Core Server has been upgraded from 1.5.9 to version 1.6.2. The migration process of existing data cannot be done automatically even if you are using the Grakn Docker container. You have to follow the migration procedure Upgrading an Existing Installation to Grakn Core 1.6.x. available in the Grakn documentation. If you have any trouble to make this work, we are available to help you on our Slack channel or you can reach the Grakn team directly on their channel.
Enhancements:
- #424 Enhance searching of entities
- #412 Add OR/AND option to filter Observables & Indicators
- #396 Infinite loading lists in observables and entities of a report
- #391 Export lists of objects (intrusion sets, indicators, etc.)
- #390 Duplicate function askEnrich in the API
- #388 Display the number of entities in each view/lists
- #371 Migrate to Grakn 1.6.1
- #360 Redirect to the requested page after login
- #345 Add tagging for Tools/Vulnerabilities/Observables/Reports
- #334 Tags for reports
- #123 Implement CSV export
Bug Fixes:
- #432 Uploading a PDF threat report results in "Cannot read property 'toLowerCase' of null" error
- #427 Organisation type vs category
- #419 Filter with no tag not working anymore
- #416 infinite loading of reports using specific sort options
- #415 Mutation intrusionSetAdd creates an intrusion set with the first_seen value as the last_seen value
- #410 Exception when importing STIX 2 Indicators due to invalid default type in valid_from
- #407 Mandatory properties are not filled for inferred relations
- #405 Displaying an indicator constantly refreshes the page
- #404 Cannot create an Indicator of type Mac-Addr or Directory
- #381 New reports are added without a set "Processing Status"?