github OpenCTI-Platform/opencti 5.5.3
Version 5.5.3

latest releases: 6.3.11, 6.3.10, 6.3.9...
21 months ago

Dear community, OpenCTI 5.5.3 is out πŸ₯³! This huge release aims to fix all known issues and bugs affecting our community and customers and introduce major features in the platform πŸ’₯. One of the most important fixes is a better management of the workers cache which solves performance decrease over time (and the need to restart workers from time to time)⚑️ as well as many issues in the new dashboarding engine (some widgets remain empty) πŸ’«. Also multiple connectors / export / UI problems have been solved πŸ”₯.

That being said, OpenCTI 5.5.3 offers deep and essential enhancements. First of all, the long-awaited notifications system, with customizable triggers and digests which ring the bell in the UI, by email and, in the future, with webhooks or specific connectors 🎊. Also, we plan to add "quick subscriptions" buttons everywhere in the user interface very soon, to be able to subscribe to specific threats, vulnerability, sectors, country, etc 🧬. Also, this milestone finally introduces negative filtering everywhere and open the door to much more complex filtering capabilities (boolean operators, complex syntax, etc.) πŸ’‘.

Furthermore, a new type of location now covers areas between a city and a country (for administrative zones, sub-regions, states, etc.) πŸ—ΊοΈ. The export capabilities now takes into account checkboxes, so it's possible to pick-up entities to be exported in all lists without targeting them with specific filters πŸ“„. All entities in the platform can now be "assigned" to specific users and parameters for each entity types (workflows, external references enforcements) are now available in a comprehensive space of the platform settings βš™οΈ. Moreover, the platform now supports Redis cluster, which was the latest OpenCTI dependency to not be deployable as a cluster. Also, it's possible to enforce 2FA in platform settings.

Last but not least, the first version of the case management is here πŸ’Ό. Even if tasks and proper discussion system is not available yet, the new "case" entity type already supports subscriptions, notifications, assignments, graph visualization, merging, etc πŸͺ„. By using OpenCTI to handle incident response cases and, in the future, requests for information or takedown requests, the power of the platform is available out of the box πŸ”¦.

Enhancements:

  • #2788 Improve pagination management + UI handling of disabled managers
  • #2781 Protect the platform from missing resolution due to shard failure
  • #2753 Organization/Knowledge add Vulnerabilities to Arsenal to the filters on the right.
  • #2746 Add Confidence Attribute if missing on entities
  • #2722 Add a shortcut on containers list (general and in "Analysis" of entities) to the content section
  • #2709 Engines / schedulers awareness across cluster of instances
  • #2703 Automatically generate ID in external references
  • #2683 Reorganize settings for entity types
  • #2588 [back/front] Be able to use negative operator in filters
  • #2504 Be able to enforce MFA in the settings of the platform
  • #2415 Remove investigation from investigations list
  • #2413 Implement a generic notification bus and migrate the subscription systems to the bus
  • #2385 Add States to Location
  • #2138 Analysis ownership or accountability
  • #1741 Export only selected entities
  • #1400 Support Redis cluster
  • #243 Case management for incident response and request for information

Bug Fixes:

  • #2814 Incident pages never show a donut chart of Observables distribution
  • #2807 Observables copy from the Tool Bar: copy only the 10 first element
  • #2806 Can't insert Observables from entity>Knowledge>Observables
  • #2804 List exports bugs for contained data
  • #2802 Can't update incident assignee(s)
  • #2801 Once update stop time, it can't be updated to "none" on the relationship between Threat Actor and Attack Patterns
  • #2800 Updating Start time and Stop time of relationship between Attack Patterns and Threat Actor, it couldn't update by inputting mm/dd/yyyy manual without selecting the calendar.
  • #2795 [Demo][5.5.3] Attempting to add an observable of file in an analyst workbench in a report goes to error screen
  • #2794 [5.5.3] Demo works on report's entities screen but breaks on report's Observables
  • #2793 Some dashboard widgets do not work as expected
  • #2787 Performing bulk operations via Global Search results in an inaccurate scope being passed to the background job
  • #2779 Can't update a relationship
  • #2776 Error in Intrusion set > attack patterns
  • #2770 Error with Attack Patterns (Intrusion Sets)
  • #2769 Can't filter Incidents by Incident type
  • #2762 Latitude/longitude values should stay float if updated
  • #2760 BaseUri / BasePath is not always correctly set
  • #2757 Incident/Knowledge/Observables once you select filter it provides an error
  • #2756 Error when select Entities/Individuals/Knowledge/Threat-Actor or Intrusion-set
  • #2752 Arsenal/Vulnerabilities doesn't display the number of entities
  • #2744 Rule on sightings throw errors
  • #2738 Number of elements of list is written in local storage which leads to inconsistent count.
  • #2732 relationship_image relation only allows 1 relation
  • #2730 Analyst Workbench does not appear to parse STIX Observables of type File
  • #2729 Bug when creating an external reference

Pull Requests:

Full Changelog: 5.5.2...5.5.3

Don't miss a new opencti release

NewReleases is sending notifications on new releases.