🎉 DING DING!! 🎉
Dear community, we are glad to announce the release of OpenCTI 5.0.0 🎁, after 3 months of collective work from the whole OpenCTI community. This new version is based on two fundamental principles:
- Make OpenCTI more reactive and intelligent with the data while we ensure consistency and robustness of our current components 🧠.
- Build the roots of more collaboration, sharing and engagement on threat intelligence structured data 🤝.
In this major release, we have entirely reworked most of our essential components, especially the data streams to enable community sharing and synchronization between platforms 📡. Furthermore, this milestone re-introduces a global reasoning mechanism on the data, allowing analysts to visualize accurate and exhaustive knowledge without constantly pivoting between entities and relationships 📉.
A lot of new features described in our blog post are available in OpenCTI 5.0.0: subscriptions / digests, content viewer / enriched editor, custom workflows, dashboard widgets, etc 🚀. Among all these changes, more than 50 bugfixes are part of this release, whether related to the core platform or the connectors/libraries ecosystem 🔨🔨.
We are working on updating our strategic roadmap so it will reflect where we stand, but next steps have been already planned in the different Luatix development committees: garbage collector, case management, connectors and widgets will be our main focus in the coming months 🎇.
Please note that the subscription manager is enabled by default. This means you will be required to provide the API with SMTP access. If you don't have a SMTP server, just disable the Subscription manager with:
"subscription_scheduler": { "enabled": false }
- SUBSCRIPTION_SCHEDULER__ENABLED=false
in your configuration.
Enhancements:
- #1550 Allow file upload in external refereance
- #1534 how can i add the relation "CONSISTS_OF" between INFRASTRUCTURE and OBSERVED_DATA
- #1530 Implement a generic status for all entities
- #1521 OpenIDConnect Strategy doesn't support roles from claims
- #1486 Increase body-parser express limit to prevent "request entity too large"
- #1467 Marking column is missing
- #1455 Improve elastic-searching from platform. (global searching, author searching, individual entity screen searching)
- #1453 Ability to filter on types of Report Type in Report's Correlation view
- #1449 Add an option to automatically add new marking to certain groups
- #1447 Clickable links on Attack Matrix View
- #1444 Observed data upsert management (first_seen, last_seen, number_observed)
- #1438 [frontend] Report can't create Course of Action
- #1437 Enhance the large graph performances
- #1435 Remove this red cross sign when no access in observable
- #1433 Feed subscription / bulletin / digests
- #1425 'belongs-to' is not a permissible relation between IP and ASN
- #1419 Re-implement inferences and automatic rules of computing
- #1402 Importing STIX file from Report doesn't associate objects from the report
- #1359 Get Alert / Notification from OpenCTI
- #1358 Refactor sightings (viewing Sighting Description)
- #1351 Create Exportable list of Courses of Action per Incident, based on related Attack Patterns
- #1347 List Widget for Dashboarding
- #1324 Missing permissions to prevent access to Data/Entities and Data/Background tasks
- #1322 Implement system identity objects
- #1319 Creating relationships between entities in the context of investigations
- #1312 Enable Tree Mode in Knowledge Graph while forces are in disabled
- #1304 Refactor sightings and display history of relations
- #1303 Refactor notes & opinions to be more "user friendly"
- #1287 Add dashboard widget to display indicators lifecycle
- #1275 Default connector role and mutation
- #1265 The description content is different from the preview page.
- #1063 Filtering based on area of concern & Watch List feature request
- #912 Rules for correlation
- #904 "Rich text editor" (report creator + export PDF)
- #876 Referenced all platform information
- #874 Make a backup of the platform
- #788 Targeted organisations should be able to connect to locations/regions
- #753 Add description of infered relations
- #649 Inferences - threat actors -intrusion sets
- #183 Implement a timeline visualization for multiple entities
Bug Fixes:
- #1559 Line break in description fields for notes and relations is not displayed
- #1558 Plateform freezing when creating a new entity without an author
- #1552 URLs are incorrectly rewritten when using a reverse proxy
- #1548 Investigations error when contains
resolves-to
relationship - #1539 ElasticSearchMetrics GraphQL error: Int cannot represent non 32-bit signed integer value
- #1538 Custom colour setting hex-code handling
- #1531 Setting x_mitre_id to None Causes webUI Crash
- #1529 Can not delete "marking definition" on incident page
- #1525 Unable to manually create "observed data" entry
- #1524 Check why standard_id is in other STIX IDs and create a migration
- #1502 Error Displaying Intrusion Sets
- #1489 CVEs Identified in OpenCTI
- #1480 Observables missing from the menu to create a new entity in Reports
- #1479 Bug with bookmarks when an entity is suppressed
- #1478 Internal server error when launching pdf file import
- #1471 Report titles appear blank when creating relationships
- #1465 Bug when expand TTP in investigation menu
- #1448 Unable to change time period in custom dashboards with a "Read Only" role
- #1446 [frontend] Report entities can't select check box
- #1443 Exporting of entities in a Threat Report exports all entities when filtered.
- #1439 Creation of embedded relations broken in the latest release
- #1430 Filter by marking not working in graph view
- #1418 Uploading from python connector stopped working
- #1369 Elasticsearch multi-node connexion