github OpenCTI-Platform/opencti 5.4.0
Version 5.4.0
on GitHub

latest releases: 6.1.2, 6.1.1, 6.1.0...
18 months ago

πŸ””DING! DING!πŸ”” Dear community, we are so proud to announce that OpenCTI version 5.4.0 has been released πŸ’₯! This was a huge joint effort from the brand new Filigran engineering team as well as all community contributors 🍻. Thank you everyone for your continuous efforts to make OpenCTI the world leading threat intelligence platform πŸ™!

This milestone contains important new features but also the implementation of more systematic development best practices (TypeScript, pure functions, etc.) 🧩 that will allow us to speed-up future milestones in the months and years to come πŸš€.

First of all, OpenCTI 5.4.0 brings long-awaited features 🎁:

  • bulk search of entities and observables in the platform πŸ”;
  • customization of workflow statuses for all types of entity πŸ› οΈ;
  • introduce an analyst workbench to modelize entities and relationships massively and easily before create the knowledge in the platform πŸ‘©β€πŸ’»;
  • new inference rules to propagate reports to parent entities (sectors / locations) πŸ—ΊοΈ;
  • performances improvement due to the new way to validate indicators syntax (creation of indicators speed x10) πŸš…;
  • it is now possible to deny connectors from creating new labels and keep a set of pre-defined labels in the platform ✨;
  • country flags for IPs when located-at relationship is set to a specific country 🏴;
  • new specific capabilities for notes and opinions to allow feedback even from read-only users ✍️;
  • implement the STIX 2.1 "Grouping" entity type to allow information clustering without creating a report when it is not relevant πŸ“¦;
  • Japanese translation, OpenTelemetry, investigation improvements and much more πŸ’...

Last but not least, this release introduces a major new data segregation and sharing capability by organization 🏒. This allows administrators to associate users to organizations (organizations can belong to parent organizations as well) and to distribute knowledge across one or multiple organizations in the platform πŸ”“.

It is also possible to set a default organization for the whole platform to restrict all data and starting to share progressively information 🌎. A demonstration video will be published to better explain this new feature which will help organizations to open access to third-parties / constituents with full confidence about the confidentiality of the data πŸ₯³.

⚠️ All internal-export-file connectors should now be launched with a user which has the Administrator role, because they now impersonate the user requesting the export to prevent data leak.

⚠️ All technical creators (users) of existing entities are no longer mapped on the history and then are displayed as "SYSTEM". New entities / relationships will be created with the correct creator fully modelized. If you would like to recover the creators information of your existing data, you can launch a background task (based on the history) on the selected entities (or all of them) using the mass operations toolbar Update => Replace => Creator.

βš™οΈ When using the organization segregation capability, it is recommended to enable the inference rule ORGANIZATION PROPAGATION VIA PARTICIPATION so it will propagate if a user A participates in organization B and organization B is part of organization C, then the user A also participates in organization C.

Since the last release, minio implements breaking change. If you decide to upgrade minio, a procedure must be applied. Please read https://min.io/docs/minio/linux/operations/install-deploy-manage/migrate-fs-gateway.html

Enhancements:

  • #2543 [api] Improve version checking of platform start
  • #2535 Be able to hide background tasks screen using RBAC capabilities
  • #2530 Add new attributes to the entity incident
  • #2502 Improv dev env by injecting a data set
  • #2483 Be able to use workflow status in the stream filters
  • #2475 Implement the "Grouping" STIX 2.1 entity as a container
  • #2470 Limit the history message length both in backend (when inserting) and frontend
  • #2464 Title and meta description of the platform
  • #2463 [api] Add usage of impersonate feature to connectors
  • #2456 Add Japanese translation
  • #2446 Add "Shodan" Pattern Type to Indicators
  • #2435 [api] Filters support multiples keys to search on
  • #2420 Add a quick filter for sighting lists (false / true positive)
  • #2408 Full refactor of pre-validation screen into an analyst workbench
  • #2414 Support "content_ref" for StixFile to Artifact (obs_content ?) relation
  • #2406 [Feature] Filter for 'Score less than' within Retention Policy Rules
  • #2401 Improve of performance indicator checkIndicatorSyntax function
  • #2397 Enhance the view of the rules definition in the frontend
  • #2341 [rules] Add report objects related rules
  • #2336 Bulk search of SDOs and SCOs
  • #2331 Mass delete labels
  • #2293 Add Infrastructure fields to UI when creating new Objects
  • #2263 Ability to search OpenCTI for a list of Observables (as opposed to one by one)
  • #2196 Finer access controls for Reports for feedback - Separate "Opinions" as a knowledge creation access control under roles.
  • #2188 Add organizations restrictions on top of markings to increase data segregation possibilities
  • #2163 Entity details edition during data import
  • #2116 Session refresh on user rights change
  • #2109 Create/Update notes and opinions specifying author with a different user
  • #2029 Add technical creator in data + ordering/filtering
  • #1991 Exporting Report details, Malware or Intrusion Sets is hard to do
  • #1943 Ability to create additional custom workflow status names straight from the UI if possible.
  • #1934 Ability to expand to any kind of entity from Investigations Workspace
  • #1867 Removing report
  • #1799 Bulk creation of knowledge around a threat entity
  • #1781 STIX ID standard is useless to analysts but have the most visible spot in item pages
  • #1757 Add Indicator to Report when Observable+Indicator created within the context of a Report
  • #1755 Be able to select labels to import
  • #1730 Add country flag icons to IPv4/IPv6 observables
  • #1596 Expose worker metrics for prometheus
  • #1468 Remove entities after report deletion
  • #1428 Suppressing an entity does not suppress its relations
  • #1182 Infrastructure, Systems and Vulnerabilities
  • #1071 No way to implement STIX's Windows Service (and Process) extensions

Bug Fixes:

  • #2550 Events/Incidents/Observables. Doesn't display more than 25 observables.
  • #2487 Empty channels type break the UI
  • #2448 Pending Imports UI potentially referencing incorrect path for STIX bundles when APP__BASE_PATH is set

Pull Requests:

New Contributors:

Full Changelog: 5.3.17...5.4.0

Check out latest releases or
releases around OpenCTI-Platform/opencti 5.4.0

Don't miss a new opencti release

NewReleases is sending notifications on new releases.

Get notifications