OpenCTI-Platform/opencti 5.3.8

Version 5.3.8

on GitHub

Dear community, we are proud to announce the release of OpenCTI 5.3.8 🥳! Even if this version is shipped as minor, it introduces many enhancements and several connectors 💥. Also, all known bugs have been fixed 🌈!

Foremost, new features have been implemented such as:

• New entities and relationships for Foreign Information Manipulation and Interference (FIMI) modelization ⚡️.
• Built-in two-factor authentication 🔒.
• Huge improvement on synchronization engine speed (using workers instead of background process) 🚄.
• Data segregation in the history / audit log displayed in the entities 🗃️.
• Migration to TLPv2 🚦.
• New massive operations such as enrichment, promoting observables to indicators, etc 🛞.
• New observable types: Payment Cards, Bank Accounts and Phone numbers 🏦.

Then, we would like to warmly thank all the contributors of the community for the considerable effort made on the connectors:

• New connectors for standalone MISP Feeds (JSON), Intel471, URLScan, Maltiverse, MWDB, Orange Cyberdefense, etc 🚀.
• Multiple fixes in Mandiant, Elastic Security and globally stream-based connectors 🧑‍🚀.
• Improvements in the ImportDocument connector as well as VirusTotal and Splunk 🎈.

This version includes the full compatibility with ElasticSearch 8 (including latest 8.4.1) and OpenSearch 2 (including latest 2.2.0) and major bug fixes in stream / TAXII / migrations 🎁.

Enhancements:

• #2303 Implement background tasks on relationships screen
• #2298 Improve platform history manager to handle marking definition of modifications
• #2290 Implement new SROs for Vulnerability and Infrastructure
• #2280 Ability to filter on Observable type in the Knowledge view on a specific object
• #2273 Background task for indicator / observables creation
• #2267 TLP v2 Standard
• #2261 Implement 2FA authentication
• #2252 Additional Observable/Indicator Types - Credit Card, Bank Card,Phone Number
• #2251 Better management of enrichment / expired works in Redis
• #2240 Observable Filters to be added Reports > Observables
• #2237 "Expand labels" functionality in Investigations view
• #2224 Click on TTPs matrix to create a new relationship
• #2223 [BUCKET] All needed new relationship types and screens to modelize desinformation / interferences
• #2222 [BUCKET] All needed new entity types to modelize desinformation / interferences
• #2219 On dashboard, be able to only display reports in the "latest analysis" section
• #2211 Be able to filter on relationship type in subscriptions
• #2210 Rename attribute to column in CSV feed configuration
• #2208 Migrate synchronizer to use workers absorption. Improve speed and prevent hung up
• #2207 Increase the maximum number of results in global search
• #2199 Add vhost configuration for RabbitMQ
• #2186 Cannot modify External ID on Courses of Action
• #2178 When exporting observables, include all information about them (including file name(s), hashes, etc)
• #2132 Content files has a trash button that should prompt for a confirmation
• #1715 Bulk Enrichment of compatible elements
• #1429 (small) Issues with PNG exports
• #1375 Graph improvement: add a search bar in graphs display

Bug Fixes:

• #2302 Home dashboard not reloading
• #2295 Static resources are being incorrectly rewritten behind NGINX reverse proxy
• #2292 Sighting link not working in inference explanation graph
• #2286 Can't create "uses" relationship from File to Attack Pattern
• #2279 Multiple Startup errors with migration from 5.2.4 to 5.3.7
• #2265 Default stream URL is flooding with heartbeats
• #2247 Artifact file not included in stream files extensions
• #2246 MITRE "will produce only internal modification" error
• #2241 Malware first_seen and last_seen not updated during "upsert"
• #2227 Date picker crashes when language is not correctly set for a user
• #2205 Multiple errors "this update will only produce internal modifications"
• #2291 In v5.3.7 /taxii2/root/collections/:id/objects no longer works.
• #2184 Can't see mitigates relationships data in relationship tab
• #1608 Display of some HTML files uploaded as attachment is incorrect

Pull Requests:

• Add rabbitmq:vhost config option (#2199) by @rlynch-ironnet in #2200
• Switch object storage to use AWS S3 SDK by @jake-walker in #2260
• Loading refactor to support partial access rights in relationship by @richard-julien in #2277
• Introduce Disinformation entities (channel / event / language / narrative) by @richard-julien in #2297
• Refactor of relation stix generation / File upload auto enrichment by @richard-julien in #2304

New Contributors:

• @rlynch-ironnet made their first contribution in #2200

Full Changelog: 5.3.7...5.3.8