OpenCTI-Platform/opencti 5.7.0

Version 5.7.0

on GitHub

Dear community, we're so glad to announce that OpenCTI 5.7.0 has been released 👏! This new version brings major features to the platform and fixes several bugs 🛸. This milestone also contains important code refactors and underlying enhancements which will allow us to speed-up the delivery of our 2023 strategic roadmap 🚀!

First of all, the RBAC has been reworked to be more adapted to organization composed of users and groups ✍🏻. Roles / marking definitions are now associated to groups so SSO / active directory integrations are now straightforward 🛡️. Also, we are progressively rolling out more capabilities to customize roles with default hidden entities, default dashboards, etc. to address several levels of stakeholders within an organization 🪄.

Also, it is now possible to fully customize confidence scale (colors, labels, min/max, ticks, etc.) by entity type like we did for mandatory attributes in the previous release. This work has triggered so many bugfixes and enhancements on forms and entities display 🌈.

Finally, opinions are now subject to the new capability "Access to collaborative creation" as notes, to allow read-only users to give their opinions and put comments in entities and relationships. Dashboard widgets start to be more interactive and you can click on horizontal bars and case management is now ready for takeoff with tasks / tasks template and requests for information scheduled for the next release 🎆.

📰 Please be sure to read the documentation about the RBAC refactoring to understand what changed and how you should adapt your SSO mappings. Basically, if you are using "roles_mapping", just replace "roles" with "groups". Whether you are using roles or groups on your SSO side, everything should now be mapped to OpenCTI groups.

Enhancements:

• #3175 Be able to use assignees in dashboards and implement distribution list
• #3136 "Top Labels" text overflows on small screens
• #3117 In malware, make 2 fields "upsertable"
• #3114 Merging hashes in the analyst workbench
• #3098 Improve engine to handle large amount of text to search
• #3095 Enforce merging to update elements base on their current index
• #3088 Add case container management in Workbench
• #3081 Dependabots fix and user edit api protection
• #3064 Add indicator objectContains filtering capability + align contains filtering
• #3012 Modularization of relation refs
• #2994 Report -> Observables page mislabels Author/Creator
• #2990 Improve Synchronizer client to try reconnect if started but connection is closed (404, ..)
• #2977 Separate Case and Feedback, and implement Request for Information
• #2872 Disable list export when more than X elements are targeted (static parameter with default value 50,000)
• #2849 User overview modification
• #2847 On horizontal bars chart representing an entity, be able to click on the bar to go on the entity
• #2555 Customizable confidence scale
• #2516 Align opinions behaviour on notes
• #2512 Refactor RBAC / seggregation to put everything under the "group"
• #2419 Automatically create groups on SSO

Bug Fixes:

• #3148 Modifying Valid Until Date
• #3147 Pie chart displaying IDs instead of names for attribute created-by.internal_id
• #3143 Rules are not displayed anymore in rule engine settings (Demo)
• #3138 Confidence scale setting input not behaves correctly
• #3135 Don't show sub-narratives twice in Techniques->Narratives view
• #3125 Modify the mechanism on created nested relationship in Graph
• #3110 Unknown ObservedData in several display contexts
• #3106 Creation of entities sometimes doesnt close the panel due to localstorage "types" element
• #3103 Live stream / taxii collection query indices resolve too much information
• #3102 contain_refs not authorized between files and other observable
• #3101 Unable to create dashboard using Revoke filter
• #3091 Channel creation with channel type is broken
• #3090 Observable type User Agent cannot be sent through data sharing stream
• #3084 Unknown channel value in Knowledge>Details
• #3079 Unknown names in Overview>Latest relationships
• #3077 Link entity from a located-at relationship creation form
• #3070 Create entity from a located-at relationship creation form
• #3069 Observables upserts don't appear in streams with label filters
• #3067 Ref creation on observable can fail because of representative extraction
• #3066 Extract referer can fail if malformed + user token must not be logged
• #3060 'No label' filtering combination
• #3059 Author negative filtering not working on streams
• #3047 Report name is Unknown when creating a relationship between an object and a report
• #3044 Entities distribution graph display in Groupings
• #3033 Can't update end date of an event
• #3031 Cannot share observables/artifacts/indicators with Organizations
• #3029 You shouldn't be able to merge vocab when builtin
• #3011 Multiple errors in logs: This attribute key first_seen is not allowed on the type targets
• #3037 [MITRE] Mitre connector fails to create "The MITRE Corporation" entity with default connector permissions
• #2985 Settings routes are not protected consistently with APIs
• #2623 Synchronizer Stream Restarting on Error

Pull Requests:

• [back] Improve Synchronizer client (#2990) by @richard-julien in #3009
• [Front] Report -> Observables page mislabels Author/Creator (#2994) by @Archidoit in #3008
• [tests] Introduce editor and participate users and a way to use the underlying platform by @richard-julien in #3013
• [back/front] Add Confidence Scale Configuration (#2555) by @SarahBocognano in #3006
• [back/front] Settings routes protection (#issue/2985) by @SarahBocognano in #3032
• [front] Fix on access menu and redirections by @Kedae in #3042
• [front] Fix entities distribution in Grouping > entity details by @marieflorescontact in #3048
• [Front] event end_date edition bug fix (#3033) by @Archidoit in #3043
• [Front] relationship creation between an object and an entity from analysis: name display (#3047) by @Archidoit in #3053
• [backend] Bump esbuild to 0.17.X (#2971) by @richard-julien in #3073
• [back] Adapt refresh behaviors to handle session refresh for workers that impersonate the connectors (#3037) by @richard-julien in #3038
• [back] Add missing refs organization declaration (#3031) by @richard-julien in #3056
• [Back] 'No label' filtering combination (#3060) by @Archidoit in #3062
• [backend/frontend] Add indicator objectContains filtering capability + align contains filtering (#3064) by @richard-julien in #3065
• [Front] Bug fix: Create entity from a located-at relationship creation form (#3070) by @Archidoit in #3071
• [backend] Improve dynamic resolution for negative filtering in streams (#3059) by @richard-julien in #3061
• [back] Vitest update by @Kedae in #3078
• [back] Patch Weakness CWE-843 by @mc256 in #3051
• [Front] Unknown names in Overview>Latest relationships (#3079) by @Archidoit in #3080
• [Back/Front] Align opinions behaviour on notes by @marieflorescontact in #2988
• Unknown channel value in Knowledge>Details (#3084) by @Archidoit in #3085
• [Front] Fix link entity from a located-at relationship creation form by @marieflorescontact in #3083
• [Front] Prevent update on builtIn Vocabularies by @Kedae in #3086
• [Front] Fix on channel creation (#3091) by @Kedae in #3092
• [frontend] Add case container management in Workbench (#3088) by @richard-julien in #3089
• [backend] Enforce merging to update elements base on their current index (#3095) by @richard-julien in #3096
• [backend] Add converter for User Agent observable (#3090) by @richard-julien in #3097
• [backend/frontend] Dependabots fix and user edit api protection (#3081) by @richard-julien in #3082
• [backend] Live stream / taxii collection query indices resolve too much information (#3103) by @richard-julien in #3104
• (frontend) Unknown ObservedData in several display contexts (#3110) by @Archidoit in #3118
• [frontend/backend] In malware, make 2 fields "upsertable" (#3117) by @Archidoit in #3119
• [frontend] Disable list export when more than X elements are targeted (#2872) by @Archidoit in #3108
• [backend/frontend] User overview modification (#2849) by @Archidoit in #3105
• [backend/frontend] Refactor RBAC / seggregation to put everything under the "group" (#2512) by @Archidoit in #2903
• [frontend] On horizontal bars chart representing an entity, be able to click on the bar to go to the entity (#2847) by @Archidoit in #2993
• [frontend] Fix on localStorage, not reproducing bug (#3106) by @Kedae in #3124
• [backend/frontend] Separate Incident and Feedback from Case (#2977) by @SarahBocognano in #3093
• [backend] - Fix on subnarrative by @Kedae in #3139
• [backend] Improve engine to handle large amount of text to search (#3098) by @richard-julien in #3099
• [backend/frontend] Modularization of relation refs (#3012) by @RomuDeuxfois in #3063
• [backend] Improve synchronizer restart management (#2623) by @richard-julien in #3100
• [backend] Fix rule inferred relations updates to save only supported attributes (#3011) by @SouadHadjiat in #3035
• [frontend/backend] Fix on settings page (#2512bis) by @Kedae in #3134
• [frontend] Fix confidence scale setting input (#3138) by @RomuDeuxfois in #3140
• [front] fix rules list display with undefined searchTerm (#3143) by @SouadHadjiat in #3146
• [backend] Automatically create groups on SSO (#2419) by @Archidoit in #3028
• Top label update on dashboard by @Kedae in #3150
• [frontend] enable Valid Until date modification (#3148) by @Archidoit in #3152

New Contributors:

• @mc256 made their first contribution in #3051
• @SouadHadjiat made their first contribution in #3035

Full Changelog: 5.6.2...5.7.0