OpenCTI-Platform/opencti 5.5.0

Version 5.5.0

on GitHub

🔔 Dear community, we are very happy to announce the release of OpenCTI 5.5.0 🥳! A new amazing milestone in our journey to make OpenCTI more relevant for CTI analysts, SOC teams and incident responders ✨. We would like to thank all the contributors who, once again, made an amazing job especially by bringing new connectors to life (Domain Tools, FlashPoint, Recorded Future, CrowdSec, Sophos Labs Intellix and much more...) 🚀.

On the core platform side, this new version brings major features and bugfixes 🎁:

• Fully reworded dashboarding engine with dynamic filtering and widgets which will allow you to build advanced KPIs across the whole knowledge graph 📊.
• Custom ontology for all open vocabularies with alias management and merging so you can map your own ontology with the STIX one and any other vendor-specific categorization 📜.
• Massive copy/paste of observables and enhancement on list selection across all screens (shift selection, etc.) ❤️‍🔥.
• Introduction of new types of entity to handle MITRE data components and data sources as well as detection courses of action 🖥️.
• Timeline view in all report that will continue to be enhanced with interval customization and horizontal views in the future ⌛.
• On-the-fly container creation (report or grouping) by selecting entities you would like to add 📋.
• Automatic creation of external references when a file is uploaded 🏢.
• Multiple enhancements in notes management, workspaces and organization seggregation ⚙️.

This major version was also the opportunity to prepare the field for the future full-fledged case management system (and integrated notifications bus) 🔥, with enrichment connectors for SIEMs, XDRs and operational subsystems in modern IT environments 📡. As usual, latest version of Elastic and Redis are supported by OpenCTI 5.5.0 🎀.

Enhancements:

• #2650 Improve note management for participating users
• #2640 Protect platform organization change with SET ACCESS capability
• #2625 Add organizations to SSO Users when login in
• #2581 Display data labels in charts
• #2534 Add a background task capabilities to massively add entities to a container
• #2425 Custom Dashboards Entity Filtering Feature Request
• #2417 Automatically create external references when a file is uploaded in an entity (settings in platform)
• #2410 Heatmaps everywhere, including dashboards
• #2409 Enhance dashboard widgets: multi-data + filters
• #2173 Timeline view in reports
• #1724 Add a copy button to the toolbar in Observations page
• #1602 [Custom Ontology] Ability to add/edit parameters for objects such as Malware, Indicator, Intrusion Set
• #1554 Compare activity of multiple entities
• #1348 Dashboard Filter
• #1342 Ability to SHIFT+select multiple objects to edit in bulk, rather than clicking on each individual object
• #680 Adding "Data Source" and "Data component" entities

Bug Fixes:

• #2647 Live stream invalid check of element access rights
• #2637 CSVFeed: Removal of Entity -unknown Error
• #2633 We can't create a course of action from an attack pattern
• #2631 Error occurs in Observable > Knowledge > adding a Nested object
• #2626 SSDEEP hashes stored in lowercase
• #2617 Unknown Error when attempting to sort investigations by modification date
• #2609 Missing organizations in user create/edit screen

Pull Requests:

• Tool/relay hook template by @Kedae in #2575
• [build] fix front-builder in dockerfile by @axelfahy in #2607
• [front] Filters update to pure function by @Kedae in #2610
• [worker] fix description of metric by @axelfahy in #2620
• Tiny fix for Japanese translation by @minanokawari1124 in #2619
• [worker] set isNumber for prometheus telemetry port by @axelfahy in #2616
• [api/frontend] Full refactor of statistics and dashboarding engine (#2409, #2410, #1348, #2425) by @SamuelHassine in #2613
• [Front & Back] Bulk copy of observables in the tool-bar (#1724) by @Archidoit in #2595
• [front] - Fix course of action creation from attack pattern (#2630) by @RomuDeuxfois in #2636
• Adding "Data Source" & "Data Component" entity by @SarahBocognano in #2627
• [front/api] Add vocabulary as module by @Kedae in #2630
• [front] Fix use of convert filter by @RomuDeuxfois in #2642
• [back/front] Improve Custom Ontology (#1602) by @richard-julien in #2645
• Bugfix/release by @RomuDeuxfois in #2646
• [api] SSDEEP hashes stored in case-sensitive way (#2626) by @richard-julien in #2649
• [api] Live stream invalid check of element access rights (#2647) by @richard-julien in #2648
• [Front] ExternalReference creation when a file is uploaded in an entity (#2417) by @Archidoit in #2614
• [back/front] Improve note management for participating users (#2650) by @richard-julien in #2651

New Contributors

• @minanokawari1124 made their first contribution in #2619
• @SarahBocognano made their first contribution in #2627

Full Changelog: 5.4.1...5.5.0