OpenCTI-Platform/opencti 5.0.0

Version 5.0.0

on GitHub

🎉 DING DING!! 🎉

Dear community, we are glad to announce the release of OpenCTI 5.0.0 🎁, after 3 months of collective work from the whole OpenCTI community. This new version is based on two fundamental principles:

• Make OpenCTI more reactive and intelligent with the data while we ensure consistency and robustness of our current components 🧠.
• Build the roots of more collaboration, sharing and engagement on threat intelligence structured data 🤝.

In this major release, we have entirely reworked most of our essential components, especially the data streams to enable community sharing and synchronization between platforms 📡. Furthermore, this milestone re-introduces a global reasoning mechanism on the data, allowing analysts to visualize accurate and exhaustive knowledge without constantly pivoting between entities and relationships 📉.

A lot of new features described in our blog post are available in OpenCTI 5.0.0: subscriptions / digests, content viewer / enriched editor, custom workflows, dashboard widgets, etc 🚀. Among all these changes, more than 50 bugfixes are part of this release, whether related to the core platform or the connectors/libraries ecosystem 🔨🔨.

We are working on updating our strategic roadmap so it will reflect where we stand, but next steps have been already planned in the different Luatix development committees: garbage collector, case management, connectors and widgets will be our main focus in the coming months 🎇.

Please note that the subscription manager is enabled by default. This means you will be required to provide the API with SMTP access. If you don't have a SMTP server, just disable the Subscription manager with:

"subscription_scheduler": {
  "enabled": false
}

- SUBSCRIPTION_SCHEDULER__ENABLED=false

in your configuration.

Enhancements:

• #1550 Allow file upload in external refereance
• #1534 how can i add the relation "CONSISTS_OF" between INFRASTRUCTURE and OBSERVED_DATA
• #1530 Implement a generic status for all entities
• #1521 OpenIDConnect Strategy doesn't support roles from claims
• #1486 Increase body-parser express limit to prevent "request entity too large"
• #1467 Marking column is missing
• #1455 Improve elastic-searching from platform. (global searching, author searching, individual entity screen searching)
• #1453 Ability to filter on types of Report Type in Report's Correlation view
• #1449 Add an option to automatically add new marking to certain groups
• #1447 Clickable links on Attack Matrix View
• #1444 Observed data upsert management (first_seen, last_seen, number_observed)
• #1438 [frontend] Report can't create Course of Action
• #1437 Enhance the large graph performances
• #1435 Remove this red cross sign when no access in observable
• #1433 Feed subscription / bulletin / digests
• #1425 'belongs-to' is not a permissible relation between IP and ASN
• #1419 Re-implement inferences and automatic rules of computing
• #1402 Importing STIX file from Report doesn't associate objects from the report
• #1359 Get Alert / Notification from OpenCTI
• #1358 Refactor sightings (viewing Sighting Description)
• #1351 Create Exportable list of Courses of Action per Incident, based on related Attack Patterns
• #1347 List Widget for Dashboarding
• #1324 Missing permissions to prevent access to Data/Entities and Data/Background tasks
• #1322 Implement system identity objects
• #1319 Creating relationships between entities in the context of investigations
• #1312 Enable Tree Mode in Knowledge Graph while forces are in disabled
• #1304 Refactor sightings and display history of relations
• #1303 Refactor notes & opinions to be more "user friendly"
• #1287 Add dashboard widget to display indicators lifecycle
• #1275 Default connector role and mutation
• #1265 The description content is different from the preview page.
• #1063 Filtering based on area of concern & Watch List feature request
• #912 Rules for correlation
• #904 "Rich text editor" (report creator + export PDF)
• #876 Referenced all platform information
• #874 Make a backup of the platform
• #788 Targeted organisations should be able to connect to locations/regions
• #753 Add description of infered relations
• #649 Inferences - threat actors -intrusion sets
• #183 Implement a timeline visualization for multiple entities

Bug Fixes:

• #1559 Line break in description fields for notes and relations is not displayed
• #1558 Plateform freezing when creating a new entity without an author
• #1552 URLs are incorrectly rewritten when using a reverse proxy
• #1548 Investigations error when contains resolves-to relationship
• #1539 ElasticSearchMetrics GraphQL error: Int cannot represent non 32-bit signed integer value
• #1538 Custom colour setting hex-code handling
• #1531 Setting x_mitre_id to None Causes webUI Crash
• #1529 Can not delete "marking definition" on incident page
• #1525 Unable to manually create "observed data" entry
• #1524 Check why standard_id is in other STIX IDs and create a migration
• #1502 Error Displaying Intrusion Sets
• #1489 CVEs Identified in OpenCTI
• #1480 Observables missing from the menu to create a new entity in Reports
• #1479 Bug with bookmarks when an entity is suppressed
• #1478 Internal server error when launching pdf file import
• #1471 Report titles appear blank when creating relationships
• #1465 Bug when expand TTP in investigation menu
• #1448 Unable to change time period in custom dashboards with a "Read Only" role
• #1446 [frontend] Report entities can't select check box
• #1443 Exporting of entities in a Threat Report exports all entities when filtered.
• #1439 Creation of embedded relations broken in the latest release
• #1430 Filter by marking not working in graph view
• #1418 Uploading from python connector stopped working
• #1369 Elasticsearch multi-node connexion