OpenCTI-Platform/opencti 5.5.3

Version 5.5.3

on GitHub

Dear community, OpenCTI 5.5.3 is out 🥳! This huge release aims to fix all known issues and bugs affecting our community and customers and introduce major features in the platform 💥. One of the most important fixes is a better management of the workers cache which solves performance decrease over time (and the need to restart workers from time to time)⚡️ as well as many issues in the new dashboarding engine (some widgets remain empty) 💫. Also multiple connectors / export / UI problems have been solved 🔥.

That being said, OpenCTI 5.5.3 offers deep and essential enhancements. First of all, the long-awaited notifications system, with customizable triggers and digests which ring the bell in the UI, by email and, in the future, with webhooks or specific connectors 🎊. Also, we plan to add "quick subscriptions" buttons everywhere in the user interface very soon, to be able to subscribe to specific threats, vulnerability, sectors, country, etc 🧬. Also, this milestone finally introduces negative filtering everywhere and open the door to much more complex filtering capabilities (boolean operators, complex syntax, etc.) 💡.

Furthermore, a new type of location now covers areas between a city and a country (for administrative zones, sub-regions, states, etc.) 🗺️. The export capabilities now takes into account checkboxes, so it's possible to pick-up entities to be exported in all lists without targeting them with specific filters 📄. All entities in the platform can now be "assigned" to specific users and parameters for each entity types (workflows, external references enforcements) are now available in a comprehensive space of the platform settings ⚙️. Moreover, the platform now supports Redis cluster, which was the latest OpenCTI dependency to not be deployable as a cluster. Also, it's possible to enforce 2FA in platform settings.

Last but not least, the first version of the case management is here 💼. Even if tasks and proper discussion system is not available yet, the new "case" entity type already supports subscriptions, notifications, assignments, graph visualization, merging, etc 🪄. By using OpenCTI to handle incident response cases and, in the future, requests for information or takedown requests, the power of the platform is available out of the box 🔦.

Enhancements:

• #2788 Improve pagination management + UI handling of disabled managers
• #2781 Protect the platform from missing resolution due to shard failure
• #2753 Organization/Knowledge add Vulnerabilities to Arsenal to the filters on the right.
• #2746 Add Confidence Attribute if missing on entities
• #2722 Add a shortcut on containers list (general and in "Analysis" of entities) to the content section
• #2709 Engines / schedulers awareness across cluster of instances
• #2703 Automatically generate ID in external references
• #2683 Reorganize settings for entity types
• #2588 [back/front] Be able to use negative operator in filters
• #2504 Be able to enforce MFA in the settings of the platform
• #2415 Remove investigation from investigations list
• #2413 Implement a generic notification bus and migrate the subscription systems to the bus
• #2385 Add States to Location
• #2138 Analysis ownership or accountability
• #1741 Export only selected entities
• #1400 Support Redis cluster
• #243 Case management for incident response and request for information

Bug Fixes:

• #2814 Incident pages never show a donut chart of Observables distribution
• #2807 Observables copy from the Tool Bar: copy only the 10 first element
• #2806 Can't insert Observables from entity>Knowledge>Observables
• #2804 List exports bugs for contained data
• #2802 Can't update incident assignee(s)
• #2801 Once update stop time, it can't be updated to "none" on the relationship between Threat Actor and Attack Patterns
• #2800 Updating Start time and Stop time of relationship between Attack Patterns and Threat Actor, it couldn't update by inputting mm/dd/yyyy manual without selecting the calendar.
• #2795 [Demo][5.5.3] Attempting to add an observable of file in an analyst workbench in a report goes to error screen
• #2794 [5.5.3] Demo works on report's entities screen but breaks on report's Observables
• #2793 Some dashboard widgets do not work as expected
• #2787 Performing bulk operations via Global Search results in an inaccurate scope being passed to the background job
• #2779 Can't update a relationship
• #2776 Error in Intrusion set > attack patterns
• #2770 Error with Attack Patterns (Intrusion Sets)
• #2769 Can't filter Incidents by Incident type
• #2762 Latitude/longitude values should stay float if updated
• #2760 BaseUri / BasePath is not always correctly set
• #2757 Incident/Knowledge/Observables once you select filter it provides an error
• #2756 Error when select Entities/Individuals/Knowledge/Threat-Actor or Intrusion-set
• #2752 Arsenal/Vulnerabilities doesn't display the number of entities
• #2744 Rule on sightings throw errors
• #2738 Number of elements of list is written in local storage which leads to inconsistent count.
• #2732 relationship_image relation only allows 1 relation
• #2730 Analyst Workbench does not appear to parse STIX Observables of type File
• #2729 Bug when creating an external reference

Pull Requests:

• [Front] Fix on some incorrect value in total number of elements by @Kedae in #2743
• Filter objects without some filters (#2588) by @Archidoit in #2660
• Automatically generate external id when creating an external reference (#2703) by @Archidoit in #2728
• [api/frontend] Implement assignee_refs by @SamuelHassine in #2742
• Redirection modes for Reports (Overview / Content / Knowledge) (#2722) by @Archidoit in #2734
• Be able to enforce MFA in settings of the platform (#issue/2504) by @SarahBocognano in #2736
• Engines / schedulers awareness across cluster of instances (#2709) by @Archidoit in #2745
• Add Confidence in Form or Filter when missing (#issue/2746) by @SarahBocognano in #2751
• [back/front] Reorganize settings for entity types (#2683) by @RomuDeuxfois in #2733
• [front] Rework of LocalStorage by @Kedae in #2759
• [back/front] BaseUri / BasePath is not always correctly set (#2760) by @richard-julien in #2761
• [Front] bug fix in Intrusion set > attack pattern (#2776) by @Archidoit in #2777
• [Front] Fix requestSubscription import by @marieflorescontact in #2780
• Improve pagination management + UI handling of disabled managers by @richard-julien in #2789
• [back/front] Add States to Location (#2385) by @marieflorescontact in #2731
• [back] Protect the platform from missing resolution due to shard failure by @richard-julien in #2783
• [Front] Fix filtering Incidents by Incident type by @marieflorescontact in #2785
• Fix blinking knowledge on pure function component by @Kedae in #2798
• [Front] Fix incident assignee update by @marieflorescontact in #2803
• [front/api] Fix on relationship filtering for some queries by @Kedae in #2808
• Export only selected entities + exports bug fix (#1741) by @Archidoit in #2786
• [Front] bug fix: limitation of observable bulk copy from the tool bar when doing a SelectAll (#2807) by @Archidoit in #2809
• List exports bug fixes for contained data (#2804) by @Archidoit in #2813
• [back/front] Introducing new notification system (#2413) by @richard-julien in #2694
• [backend/frontend] Enhance relationships display by @SamuelHassine in #2815

Full Changelog: 5.5.2...5.5.3