github OpenCTI-Platform/opencti 4.0.0
Version 4.0.0

latest releases: 6.3.13, 6.3.12, 6.3.11...
3 years ago

πŸŽ‰ DING DING!! πŸŽ‰

We are so happy to finally announce the release of OpenCTI version 4.0.0 πŸŽ€, after more than 8 months of tremendous collective work by the core development team. In this release, we have tackled all known main needs and issues our community has expressed over the past few months πŸ”¨πŸ”¨.

We enhanced the data model πŸ“‰, we simplified the technological stack, we increased (a lot) the performances πŸ›« and, above all, we developed much more features which will allow everyone to store, organize and share Cyber Threat Intelligence at the level we expected in the first place and within a full Open Source product πŸ‘.

Even if we are a non profit organization, we know the wait might have seemed a bit long ⏲️, this is why we are already committed to resume a much more effective release rate in 2021, to provide all OpenCTI users with all the capabilities already planned in the strategic roadmap 🧭: integration with SOC and SIEM, analysts workflow, graph investigation, customizable dashboards, data science, etc..

We hope that you will love this release, and if you found OpenCTI difficult to install or to spawn in the past, please do not give up and try this one!

🚨This release introduces breaking changes in the data model and the schema. You cannot upgrade directly on V3.X data and you have to follow the migration procedure.

⚠️ Grakn Core Server is no longer part of our stack for the moment and has been removed from dependencies, you do not need to deploy it. ElasticSearch >= 7.10.X is required.

πŸ–΄ If you are using Docker, please do not forget to use volumes for persistence on ElasticSearch, Redis, Minio and RabbitMQ. All dependencies need to be persistent now.

Enhancements:

  • #928 Knowledge section of CAMPAIGNS is missing the "Victimology" tab
  • #908 Show only entities of the selected filter, when associating a report to one/more entities
  • #907 Remove the predefined list of items when associating a report with any entity
  • #905 Display a confirmation message / error message upon actions
  • #901 Username authentication cases sensible
  • #887 Limit the number of lazy queries in GraphQL
  • #873 Filter list is not sorted alphabetically
  • #871 Global refactoring of export workflow (entity & list)
  • #865 Existance of more Aliases for an entity isn't imediately obvious
  • #863 Passwords appear in cleartext in logs when auth fails
  • #841 Provide option to disable auto-enrichment of Observables
  • #830 Do not acknowledge messages on the worker if an entity is missing (4 retries)
  • #818 Notes cannot be reached from the search panel
  • #813 Be able to add tags to notes
  • #802 Unable to change the value of an observable
  • #800 Please add domain resolve to IP relationship
  • #792 Migration script to V4
  • #791 IDs generation
  • #782 "Detection" section for MITRE Att&ck - Attack patterns not present
  • #777 Import sha1 and sha256 is not in the STIXv2 format
  • #774 Merge of 2 intrusion sets dans OpenCTI
  • #773 External reference should be opened as new tab
  • #757 OpenCTI Virtual Template Connection Issue
  • #754 External references & reports : simplification
  • #726 add the country of origin of an APT
  • #695 Sightings - threats targeting this org
  • #692 Allow users to display tags as "type:value" instead of just "value" in the web UI.
  • #676 Set score field to STIX2 confidence
  • #673 Apply Grakn schema only when needed, improve migration system
  • #665 Attack patterns : relationship to indicators (sigma, yara, etc)
  • #637 Additional observables
  • #617 Rename the relation "localized-in" to "located-in"
  • #572 Not possible to have multiple tags with the same value but not the same type
  • #562 How to upgrade from ver 3.0.2 to 3.0.3
  • #553 Create a new inference - part-of type
  • #539 Improve connector stack to limit concurrent injection on same elements
  • #501 Dates should not always be required
  • #498 Sync OpenCTI instances together
  • #491 Markdown editor
  • #389 Enhance geographic entities views
  • #387 Migation to STIX 2.1
  • #296 Connector work monitoring & management
  • #270 Most active threats by country
  • #176 Introduce geographic maps and geo codes

Bug Fixes:

  • #929 Duplicate Entry
  • #924 [OPENCTI] GraphQL initialization fail
  • #923 Export of Observables/Indicators is not working when a filter was applied
  • #919 Documentation Zip is corrupted in release
  • #909 Export of reports is bugging
  • #902 Error when connecting to opencti behind a reverse proxy
  • #897 new docker install error: manifest for opencti/platform:4.0.0 not found: manifest unknown: manifest unknown
  • #894 Stable Docker Compose File- Nothing Works SO Far and bit frustrating
  • #893 new docker install error: manifest for opencti/platform:4.0.0 not found: manifest unknown: manifest unknown
  • #889 Full JSON export fails - GRAPHQL_VALIDATION_FAILED
  • #886 "ImportFileStix2" Connector Fails on .json created by "ExportFileStix" connector
  • #885 FrontEnd does not display "Sighting" relationship when imported with "Import-File-STIX" connector
  • #860 Threat Actor relation to an Identity don't exist
  • #859 Note card does not exist
  • #857 Failed to create missing observables
  • #856 An export in .CSV gives a file in .FALSE
  • #855 Cities cannot be exported
  • #854 Cannot filter on person, observables
  • #853 Relationship delete history
  • #847 Still grakn Issues
  • #845 SHA-1 and SHA-256 indicators do not automatically create observables
  • #843 demo.opencti.io
  • #839 Grakn schema initialization fails
  • #838 cant import json file
  • #826 timeout to acces to setings
  • #823 Problem in the OPENCTI VM, no service is running
  • #822 Merging entities doesn't copy the relations from the old entities
  • #821 Case not enforced on SHA256 Observables
  • #817 Increasing percentage of "Duplicate entry" errors in queued messages
  • #816 Grapql result does not returns reports connection correctly
  • #814 Inconsistencies in some views
  • #808 The inference option automatically disables but not in all menus
  • #801 log_level ignored?
  • #798 Cannot start OpenCTI {"error":{},"level":"error","message":"[GRAKN] executeWrite error"}
  • #794 Export Course-Of-Action / Tools to STIX file don't work
  • #790 "Entity Type" is blank in ---> Incidents > Observables > (+) > Create Entity
  • #789 Can't add a relationship for a tool to an incident
  • #785 Missing marking levels when creating relations
  • #783 Relationship intrusion-set attributed-to organization (identity)
  • #775 Errors when running multiple platforms simultaneously
  • #772 Error react in /dashboard/settings : id missing
  • #769 OpenCTI Server Errors when scrolling through Threat Reports & Malware
  • #761 Organisation to organisation relationship : not bidirectional
  • #751 Opencti login error
  • #696 Not all report types are taken into account in all views
  • #664 yarn index fails due to Grakn timeouts
  • #638 OpenCTI - Front end crashes - Out of memory
  • #616 yarn serv
  • #608 Attribute Error Preventing Connectors From Creating Observables
  • #603 Docker installation failures due to Grakn
  • #595 Grakn crashes, caused by "No node was available to execute the query"

Don't miss a new opencti release

NewReleases is sending notifications on new releases.