Dear community, we are so happy to announce that OpenCTI 5.6.0 has been released 🎉! First of all, this new version fixes multiple issues in the analyst workbench, the dashboarding engine as well as various knowledge screens 🤯. In terms of features, it brings various major enhancements to our threat intelligence platform 🚀:
- Be able to customize mandatory attributes for each type of entity (default values for each of them will come in the next release) 🪄 .
- Cumulation of technical creators (connectors / users) to keep all sources of an entity over time 💭.
- Be able to turn a "stream" (feed) to be public, and all public streams listed on a public page "/public" 🌍.
- In synchronizers, it's now possible to consume public streams, and available streams on a remote platform are listed with their filters 📡.
- 2 important enhancements of knowledge graphs, including lasso selection of entities and display of basic information for selected objects in a right panel 🎠.
- All STIX indicators patterns are now canonicalized to avoid potential duplicated using STIX pattern grammar (ANTLR) 🧽.
⚠️ No breaking changes in this releases but 3 points to check / fix if necessary:
If you are using streams, they can now be turned off so check in the Data / Streams list that they are all turned on 🚦.
Old custom dashboard widgets have been deprecated, they will not be displayed anymore 🆕.
In custom dashboards, a huge refactor / improvement have fixed several bugs, and some widgets may have been impacted / reversed (check the "Display source" toggle if you find the displayed data to be inaccurate) 💡.
Enhancements:
- #2984 Custom Dashboard - Add workflow status filter
- #2952 In "indicators" list, add a filter for "indicator_types"
- #2951 Rename right column filters in indicators and request pattern type OV
- #2927 Add suport for consists-of between infrastructure and infrastructure, observed-data, + sco
- #2923 The relationship type targets is not allowed between Attack-Pattern and System
- #2921 [back/front] Improve relations based dashboard widgets
- #2886 Cumulate creator_id when upserting an entity
- #2877 Change Redis trimming default settings to 2 millions (8G average)
- #2875 Improve Redis cluster configuration + platform stops when redis is not available
- #2869 Marking definition information leak in entity history
- #2860 Improve live stream to continue to send Heartbeat during long resolutions
- #2843 Address/Postal Code support on Position GUI
- #2817 Some entity fields are not aligned in creation and update
- #2867 Unable to remove first_seen and last_seen atrributes from Indicator objects in UI
- #2735 Checkboxes / selection in all "Event" categories (incidents / sightings / observed data)
- #2606 Be able to make a stream "public" and create a public page
- #2562 From the "mass operations" toolbar, be able to create a report and add the selected entities
- #2447 Expand Pattern Types to include Major AV Vendors
- #2239 Be able to hide any menu and sub menu
- #2159 View entity details on graph panel
- #1941 [FR] Request for the knowledge graph for reports to have the ability to be multiselected (via drag box/ window)
- #1850 Allow to make some entity/fields mandatory
- #1809 Unable to modify a observable in a report knowledge space
- #1683 Improve "location" and the location form
- #1667 When hovering over observable in Report, show related objects
- #1551 STIX patterns that are equivalent are not canonicalised which creates duplicate objects
Bug Fixes:
- #2980 Exit 1 / platform shutdown when Redis becomes unavailable
- #2979 In demo, on indicators when filtering with email address, IPs are displayed
- #2976 In Observations => Observables, filters do not impact the URL
- #2970 Usage count of open vocab is broken
- #2963 Specific dashboard filters cause crash of the dashboard
- #2960 Deleted trigger still processed by the notification engine
- #2959 Filtering of live streams with Detection:Yes
- #2945 No submit button to modify a note
- #2942 [Platform] SCO's disappear from the analyst workbench
- #2941 [Platform] Once a note is created the body can not be edited
- #2936 Observations/Indicators filtering by Creator
- #2930 When more than 200 markings exists in the system, user build is failing
- #2928 [backend] X-TAXII-Date-Added-First/Last response headers are broken
- #2915 "is_family" is "null" in STIX because of "Is family" is "NOT APPLICABLE" in portal. stxi2-validator will fail if is_family is null
- #2909 Workbench won't display when this PDF is imported
- #2908 Workbench File hash indicators disappearing when changing any entity's type
- #2906 File observables search broken in bulk search
- #2902 Report/Entities inside creation is not consistent and can lead to several problems
- #2900 Dashboard number widget must take care of the global filtering dates
- #2896 The relationship type "contains" is not allowed between StixFile and Url
- #2894 Details panel not updatable with enforce reference enable on Malware entity
- #2885 Error when trying to update a Note
- #2881 [Front] Incorrect Events filters
- #2878 Memory leak issue due to misuse of the dataloader
- #2873 [back] Automatic session refresh is broken after redis cluster support
- #2870 When entering an open vocab, right menu is not highlighted
- #2856 Delete a vocabulary let the dialog opened (and redirect instead of removing the node from the store)
- #2845 Organization segregation breaks access to TAXII collections
- #2844 Entity types settings page broken
- #2842 FIlter "relatedTo" not take into account the entity types palette
- #2840 Unknown entities when adding an observed data
- #2837 link to Location/Sightings
- #2835 Graph names display after update of some elements
- #2485 Optimize the query on the screen "Intrusion Set X => Analysis => Graph view"
Pull Requests:
- [Front] Graph names display after update of some elements (#2835) by @Archidoit in #2836
- [Front] Refacto Incident component into .tsx pure function by @marieflorescontact in #2805
- [Front] Enable to modify an observable in a report knowledge space (#1809) by @Archidoit in #2834
- [Front] Highlighted right menu in deep route for Access and Labels/Attributes(#2870) by @RomuDeuxfois in #2879
- [back] Automatic session refresh is broken after redis cluster support by @richard-julien in #2874
- [Front] Vocabulary deletion bug fix (#2856) by @Archidoit in #2880
- [Front] Checkboxes / selection in all "Event" categories (incidents / sightings / observed data) #2735 by @Archidoit in #2819
- [back] Adapt dates attributes in stix converter (#2867) by @richard-julien in #2868
- [back] STIX standardized patterns to avoid duplicate objects by @richard-julien in #2865
- [backend/frontend] Alignment of entity fields in creation and update (#2817) by @RomuDeuxfois in #2818
- [back] Marking definition completion in entity history by @richard-julien in #2871
- Migrate creation and edition component to function component by @RomuDeuxfois in #2858
- [Front/Back] Events filters + date filters initial values update (#2881) by @Archidoit in #2883
- [FRONT] Fix update note on data/history menu (#2885) by @RomuDeuxfois in #2890
- [front] Dashboard number widget must take care of the global filtering by @richard-julien in #2901
- [Front] FIlter "relatedTo" not take into account the entity types palette (#2842) by @RomuDeuxfois in #2882
- [Front] Address/Postal Code/City support on Position GUI (#2843) by @Archidoit in #2855
- [front/api] - Stream collection update for public streams by @Kedae in #2766
- [Front] Fix enforce reference on malware details panel (#2894) by @RomuDeuxfois in #2912
- [back] Disable cache for dataloader (#2878) by @richard-julien in #2887
- [front] - Refactor of EntitySettings by @Kedae in #2918
- [Front] Fix not update input values in some filters by @RomuDeuxfois in #2913
- [back] Improve cluster configuration + platform stops when redis is not available (#2875) by @richard-julien in #2899
- [back] Improve live stream to continue to send Heartbeat during long resolutions by @richard-julien in #2861
- [back/front] Allow to make some entity/fields mandatory by @RomuDeuxfois in #2839
- [front] View entity details on graph panel by @marieflorescontact in #2898
- [back/frong] Improve mandatory and enforce reference management (#1850) by @richard-julien in #2946
- Improve performance of validators + add more telemetry by @richard-julien in #2968
- [back/front] Upgrade dependencies by @SamuelHassine in #2974
- [back/front] Improve relations based dashboard widgets (#2921) by @richard-julien in #2922
- [front] Report/Entities inside creation is not consistent and can lead to several problems by @richard-julien in #2907
- [back/front] Cumulate creator_id when upserting an entity by @richard-julien in #2888
- [front] Align ui filters on runtime mapping capability (#2936) by @richard-julien in #2956
- [Front] Request pattern type OV in Indicators Right Bar (#2951) by @Archidoit in #2962
- [back/front] Fix count of open vocab (#2970) by @richard-julien in #2978
- [back] Adapt filtering for detection attribute (#2959) by @richard-julien in #2965
- [back] Deleted trigger still processed by the notification engine (#2960) by @richard-julien in #2961
- [Front] add indicator_types filter + Indicator migration to tsx (#2952) by @Archidoit in #2958
- Add a "drag to select" feature to Knowledge Graphs by @ckane in #2905
- [front] - Fix on Observable types filtering by @Kedae in #2981
- [Front] indicators filtering by adress bug fix + add indicator_types filter (#2979) by @Archidoit in #2983
- [back] Fix X-TAXII-Date-Added-First/Last headers by @rlynch-ironnet in #2929
- [back] - Improve of the query for huge graphs by @Kedae in #2933
- [back/front] - Fix sur marking searching on the platform by @Kedae in #2982
- [back] Protect GraphQL Introspection and add playground options (#2932) by @richard-julien in #2957
- [front] View entity details on graph panel (#2159) by @marieflorescontact in #2964
Full Changelog: 5.5.4...5.6.0