Dear community, OpenCTI version 4.5.4 has been released 🤯! This iteration fixes some minor bugs and introduces a bunch of new features 🚀. Among them, we are proud to announce the global availability of the OpenCTI light theme 🎉, including the ability for organizations to customize colors and logos of their OpenCTI instances 💅🏻. This new feature comes with more advanced export capabilities (theme selection, transparent backgrounds, etc.) for basically every visualizations in the platform ⚙️.
Also, the enrichment APIs and screens have been moved to the global meta entity Stix-Core-Object, which covers STIX Cyber observables but also STIX Domain Objects 🏖️. This move prepares the work around new STIX Domain Object enrichment connectors for vulnerabilities, organizations, incidents, etc. such as Wikipedia, CRMs, ticket management systems... 🏠
Last but not least, a few connectors have been enhanced 🦋. The AlienVault connector has new options to enable/disable relationships between Attack Patterns and Indicators (which may lead to have a lot of relationship for each pulse). It's also possible to fully disable relationships.
The
ImportFilePdfObservablesconnector has been replaced by a fully rewritten ImportReport connector which also supports plain text files. A huge thank you to @nor3th for this amazing work 🙏!
We are preparing an update of our strategic roadmap to give everyone more visibility on where we are and what is coming. Our focus remains on analysts centric features, logical inferences and reports builder 💻.
Enhancements:
- #1380 Add "Attack Pattern" to Incident timeline
- #1367 Bug in the custom dashboard : campaign activity and incidents activity displaying "not implemented yet"
- #1307 Background task for confidence level
- #1305 Enhance the observable knowledge section
- #1191 Create relationships between similar objects in bulk
- #779 Course of Action for Threat Hunting
- #530 Implement a light theme (and allow users to select the theme)
Bug Fixes:
- #1377 Donut visualization of the threat or arsenal item perspective is not restricted to the selected entity
- #1373 The relationship type belongs-to is not allowed between IPv4-Addr and Autonomous-System although offered by UI
- #1371 Vulnerability Severity can't be set to CRITICAL
- #1370 Can't modify Observable network-traffic object
- #1365 Bug in the dashboards - can't see the day/date when picking the last 7 days period
- #1364 Bug when switching the type of relationship between a country and an intrustion set