🎉 DING DING!! 🎉
Dear community, we are very happy to announce OpenCTI 5.1.0 has been released 🚀! This new version will provide all OpenCTI users with many bugfixes and long-awaited new features 🎁. Also, we would like to thank all contributors and testers who contributed to this new achievement 🙏🏻.
First of all, OpenCTI 5.1.0 introduces a proper retention management and garbage collector system 🗑️. It is now possible to create new retention policies based on multiple filters (entity types, attribute values, etc.) directly in the settings workbench ⚙️. In addition, we have re-worked hashes management in the platform. New mechanisms to merge/upsert existing hashes and avoid inconsistencies have been introduced so hashes management in OpenCTI in now 100% consistent with no possible duplicates or mistakes anymore 🪄.
Moreover, when importing data whether manually or through connectors, it is now possible to use the parameter validate_before_import
to leverage the new STIX 2.1 bundle pre-validation feature 🗄️. Before the actual ingestion, analyst can now select/unselect entities and relationships which will be created in the context of an entity or globally. All connectors are compatible with this new parameter and examples of this usage are available in ImportDocument and ImportFileStix 💡.
Furthermore, a lot of organizations using OpenCTI have faced search latency issues, in dedicated areas or autocomplete fields such as authors or labels 🔎. We have finally managed to solve this issue and to increase by 20 the overall search performances 🚄. In all list screens, the search keyword is now taken into account when requesting an export along with the current filters of the page 🥳.
All graphs views have been enhanced and will be reworked in the future to increase display performances and user experience ⛓️. Also, two new optional global parameters have been introduced (app:enforce_references
and app:reference_attachment
) to enforce the usage of external references (and associated files) when creating/modifying entities and relationships (for intelligence deep analysis teams who need to "source" everything) 🖼️.
A new rule is also available in the Rule manager settings for part-of
relationships and as requested since a long time, users can now customize their home dashboard with a custom dashboards created in the workspaces workbench ✨.
Last but not least, it is important for us to highlight the amazing job done by @YungBinary and @axelfahy on developing and maintaining new connectors 💝. OpenCTI 5.1.0 provides the community with lot of new integrations: RiskIQ, IVRE Network scanner, CAPE sandbox, Cuckoo sandbox, VirusTotal livehunting, Intezer, Hatching Triage, UnpacMe, etc.This brings a true added value for the OpenCTI ecosystem 🦄.
Please note that the connector
ImportReport
is now namedImportDocument
(Docker and archives names have been changed accordingly). Also, this connector can now be used withcontextual: false
(not only in a report) and also withauto: true
(usingvalidate_before_import
to avoid any problems).
Stay tuned for next steps 😉
Enhancements:
- #1740 Bug in victimology graph in dashboard section
- #1736 External reference of entities could not be updated
- #1722 Welcome dashboard functional date
- #1709 Change the location of the reference error message
- #1708 Freetext box to import txt files
- #1707 Be able to create references when assigning
- #1706 Attachment required for created external reference
- #1677 In graph display all filters should be selected by default
- #1676 Add Basic and bearer authentication session validation
- #1672 Modify the login page Logo to integrate custom logo
- #1670 Have de version number of the OpenCTI instance displayed somewhere visible in all the platform
- #1746 Add a capability to bypass mandatory references
- #1663 Missing menus in knowledge display for some types of objects (arsenal and entities)
- #1662 Missing an inference rule for "part-of"
- #1661 Search Query Latency Issue (Identities, ...)
- #1659 Automatically clear research fields when changing pages
- #1644 Custom dashboard settings
- #1627 Inferences in V5 : multiple same case displayed
- #1549 Minor spelling mistake in some relationship error messages
- #1533 [FEATURE] Flatten File Observables on all hash types
- #1518 When promoting file Observable to Indicator, include all hashes in the Indicator
- #1504 Handle search box filtering in bulk actions
- #1463 Add column of report status in Intrusion-Set, Threat-Actor and Campaign
- #1431 Add events to the "Timeline" view
- #1385 Notes : include in timelines
- #1353 Improve handling of duplicate objects with different parameters (most notably, File objects)
- #1228 Introduce a garbage collector on revoked entities and old observables (with customizable settings)
- #881 Link between victim and attacker IP addresses
- #810 Select/unselect IoC to import
- #135 Provide STIX2 Validation on import with notification
Bug Fixes:
- #1726 Taxii2 root doesn't have the required 'title' field
- #1723 No title report in External References Tab
- #1721 'yarn clean:relations' script SyntaxError: Invalid or unexpected token
- #1720 Bug when alias is added
- #1719 Consist-of, STIX documentation
- #1716 System Identity type produces invalid standard_id
- #1705 Observed-data is Unknown in Investigation menu
- #1704 Disappearance of a direct relationship after creation
- #1702 Bug when modifying a campaign
- #1693 "Individual" entities can create a relationship with themselves
- #1691
resolves-to
relationship between twodomain-names
- #1690 OpenCTI API temporary unavailability during a Stix export of Observables can trigger again the export or let it displayed in running state
- #1689 Error when clicking on "value" column for observables
- #1684 Creation "plus" button hidden by map (display bug)
- #1678 Some relations (nested) not taken into account in graph view of all analysis
- #1673 Disrespectancies in date display for inferences relations
- #1671 Backward jump of the graph while zooming (because of late refresh of the page ?)
- #1658 Research field for linking together entities is not working properly
- #1656 Problem with marking filtering in the investigation space
- #1653 An irrelevant response with unauthenticated GraphQL requests
- #1634 Indicator : "valid until" not correctly filled
- #1632 Exports of knowledge graphs: the image is automatically zoomed out when captured (light theme)
- #1523 Number of operations complete is larger than the total number of operations
- #1401 Workers statistics empty (all zeroes)