Dear community, after several intense months of work, we're thrilled to announce the release of OpenCTI version 6.0 🥳! This version transforms the OpenCTI platform in so many ways! Let’s dig into it!
Welcome to OpenCTI 6.0, where we're thrilled to introduce the transformative capabilities of Generative AI to elevate your daily analyst workflow! ✨ Now, you can harness the power of Generative AI to assist in crafting textual content, explaining report descriptions, summarizing file contents, and even generating STIX-structured knowledge seamlessly. Whether in our cloud or on-premise, any Enterprise Edition customer can leverage our custom AI endpoint, use its own or integrate with native OpenAI or Mistral AI services using their tokens. 🚀
In this release, we've fully revamped the platform's design, including a modification to the left menu. The former top menu is now integrated into the left menu, simplifying navigation throughout the platform. Additionally, a new breadcrumb feature allows you to effortlessly track your position in the platform, particularly when the left menu is collapsed! 🧭
⚠️ Breaking change in the confidence level system for connectors, feeds, and streams
OpenCTI 6.0 also introduces an important change about the confidence level system. From now on, Users and Groups get a “Max Confidence level” playing the role of a threshold for their capacity to modify existing data. Fine-tune users' impact on your meticulously crafted Knowledge base by managing these max confidence levels. External Connectors, Feeds, and Streams now use the max confidence level of their associated user, making ACL in OpenCTI nearly limitless! 🛡️ Please read carefully the dedicated blog post about this breaking change! 👁️🗨️
Indicator Lifecycle management is paramount in CTI teams, and we're excited to introduce a decay algorithm to enhance the existing score and revoking system. Create your decay rules, depreciate indicator scores over time based on their main observable type, lifetime, acceleration factor, and define crucial scores to trigger reactions! 🔃 We value your feedback to further improve this feature! 🤝
Another addition with the 6.0 is the CSV feed ingester! You can now automatically ingest data from URL-exposed CSV files! Like with uploaded CSV files, build a CSV mapper, link it to your new CSV Feed, and it’s done! 🪄 Talking about CSV Mappers, multiple improvements have been shipped into OpenCTI 6.0, and it is now possible to define default values in a mapper, to ingest incomplete CSV files!
Amid these groundbreaking features, extensive improvements have been made, particularly in filters! The new UI is now deployed almost everywhere in the platform! 💅 But more importantly, you can now filter on any object's attributes on lists and dashboards! 🎉 Of course, the system takes into account the context of the view you are navigating on. Improvement on the filtering system also comes with new operators! “In regards of” allows you to filter Objects based on their relationship with a specific Entity. “Contains” and “Search” allow you to operate any filtering you want on short and long texts!
On the connectors side, the Recorded Future connector has been improved even further, now handling the import of Malwares and Threat Actors into OpenCTI! Some work has also been done on Greynoise, Shodan, and Malbeacon enrichment connectors to make them compatible with our automation playbooks. 🤖
Last but not least, the complete documentation for OpenCTI is now accessible at docs.opencti.io! 📘 Feel free to refer to it for assistance, and remember, we're always available in the Community Slack for any questions or support!
⚠️ Other breaking changes:
- NetworkTraffic src and dst creation attribute have been renamed to networkSrc and networkDst. Python client is not impacted but if you use your own GraphQL queries, it will required some changes.
⚠️ This release includes a security fix, we advise all organizations to upgrade their platform as soon as possible.
Enhancements:
- #6102 Allow to bypass engine version validation for AWS default compatibility mode
- #6099 Handle revoked input for Indicators without valid_until date
- #6042 [backend] Organization sharing behavior change for upsert and enrichment
- #5973 Implement fuzzy search (approximative search) in the platform
- #5858 Implement support of GenAI APIs in the platform
- #5807 Rework email templates for notifications
- #5805 Design upgrade for major release
- #5759 Make sure confidence level is always between 0 and 100
- #5033 Ability to filter on Organization the data is shared with
- #5032 Filter Refactoring Follow Up
- #4944 Improve error messaging on ImportCSV
- #4940 Add a "contains" / "do not contains" operator in new filter
- #3426 Add OpenID Proxy configuration capability
- #3406 Add a new version of platform / workers images OpenSSL FIPS 140
- #4939 Be able to filter on every properties with new filters
- #4932 Add an optional default value for an attribute that is missing mapping value from a file
- #4931 Align Nested Object panel with other in the platform
- #4806 Map with CSV mapper a file containing columns sha1, sha256, md5, sha-512
- #3585 In filters, be able to used all possible vocabularies / the current user
- #3470 Organizations types to be in the vocabularies
- #3426 Add OpenID Proxy configuration capability
- #3154 Expand name in "progress works panel"
- #2859 Decay settings for Indicators scores
- #2248 Remove the default search wildcard and check the behaviour in Elastic
- #1989 OpenCTI frontend test suite
- #4569 Implement Ingestion CSV Feeds (like TAXII, RSS, etc.) using mappers
Bug Fixes:
- #6137 [frontend] Green background color with white text doesn’t seem visible enough
- #6121 The ImportDocument connector doesn't work when importing document from a "Data" tab
- #6117 In Settings => Activity => Config, groups are red when selecting
- #6109 TTP names are replaced by ID in some screens
- #6108 Infinite upload when two platforms synchronize on each other
- #6104 Creating a user with a group is bypassing default group belonging
- #6094 [Playbooks] Incorrect score filter
- #6093 Relationships created though inference rules must have the confidence of the Rule Manager user
- #6089 Widget number always display 0 when asking to count relationships "contains"
- #6087 Trigger filters not aligned
- #6075 Creating a Report with an associated file gives an error
- #6070 Having Network Traffic observable with a dst ref makes the observable listing crash
- #6068 Based on relationship should inherit markings & restrictions when created from Indicators or observables
- #6065 [filters] 'sighted in/at' relationship type filter not working in widgets
- #6056 Worker error when importing Network-Traffic object with nested properties
- #6052 No error message when attempting to create an artifact without file
- #6043 Updating Description of multiple objects at once doesn't work
- #6037 Entity settings display edit default value input even if attribute has "editDefault" false
- #5996 Report->Knowledge->Correlation view missing data and inconsistent
- #5963 Quick subcription button is not working properly
- #5950 [Playbooks] remove marking definition doesn't work
- #5943 Markdown in rich text fields is reverted when first applied
- #5861 Cannot add tag to a dashboard/investigation
Pull Requests:
- [frontend] fix user edition on fields other than confidence level (#5772) by @labo-flg in #5774
- [frontend] remove duplicates in translations by @lndrtrbn in #5777
- [frontend] improve the readability of connector names (#3154) by @frapuks in #5707
- [backend/frontend] Enable CSV Feed Ingester (#4569) by @Goumies in #5404
- [backend] Fix mailer / sending emails in the platform by @SamuelHassine in #5780
- [backend] Implement PingThread for each consumer thread in the worker (#5778) by @SamuelHassine in #5782
- [backend/frontend] Add missing search fields for activities + adapt line index to prevent collision (#5775) by @richard-julien in #5784
- [frontend] Hide Indicator decay manager from managers list (#2859) by @SouadHadjiat in #5786
- Update dependency nodemailer to v6.9.9 [SECURITY] by @renovate in #5788
- [backend] Refactor aws sdk to use the standard approach of the readme by @richard-julien in #5791
- [frontend] remove duplicate key i18n by @jpkha in #5795
- [backend/frontend] Prepare design upgrade for major release by @SamuelHassine in #5804
- [backend] Improve container api and add more tests by @richard-julien in #5806
- [frontend] Connector overview page empty (#5812) by @SarahBocognano in #5813
- [backend] crop effective confidence level in [0-100] by @labo-flg in #5787
- [frontend] improve the readability of connector names (#3154) by @frapuks in #5785
- [backend] Indicators created with same name should not be deduplicated (#5819) by @SouadHadjiat in #5820
- [backend/frontend] Introduce dev flags to deactivate feature in ongoing development by @richard-julien in #5802
- [frontend] fix filters on defaultValue in analyst workbench (#5810) by @Archidoit in #5811
- [frontend] fix MalwareAnalysis name display in relationships lists (#5816) by @Archidoit in #5840
- [backend] 'reliability of author' filter with not_eq operator (#5833) by @Archidoit in #5834
- [backend/frontend] Implement OBAS integration and native LLMs by @SamuelHassine in #5826
- [backend] add test coverage on indicator upsert issue (#5819). by @aHenryJard in #5846
- [backend] Default marking are not cleaned when marking is deleted, leading to full crashed platform by @jpkha in #5839
- [frontend] User can't access authors list to edit entity (#issue/5848) by @SarahBocognano in #5862
- [backend] manage unknown exception in FileIndexManager (#5822) by @aHenryJard in #5863
- [frontend] Fixed remaining links from old /dashboard/data/connectors address to new /dashboard/data/ingestion/connectors by @JeremyCloarec in #5869
- [frontend] Added 'application/vnd.ms-excel' as an accepted MIME type in csv mapper by @JeremyCloarec in #5866
- [frontend] restrict entity_type filter options to Containers in the Analyses tab (5850) by @Archidoit in #5851
- [backend] fix group without a role must not have any capability (#5837) by @marieflorescontact in #5875
- [backend] Rename data sharing capability description (#5831) by @marieflorescontact in #5847
- Update dependency react-force-graph-2d to v1.25.4 by @renovate in #5886
- Update dependency three-spritetext to v1.8.2 by @renovate in #5888
- Update docker.elastic.co/kibana/kibana Docker tag to v8.12.1 by @renovate in #5890
- Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.12.1 by @renovate in #5889
- Update dependency react-force-graph-3d to v1.24.2 by @renovate in #5887
- Update dependency express-session to v1.18.0 by @renovate in #5894
- Update dependency graphql-constraint-directive to v5.4.1 by @renovate in #5895
- Update graphqlcodegenerator monorepo by @renovate in #5891
- Update material-ui monorepo by @renovate in #5892
- Update react monorepo by @renovate in #5893
- Update dependency migrate to v2.1.0 by @renovate in #5897
- Update dependency lru-cache to v10.2.0 by @renovate in #5896
- Update dependency openai to v4.27.0 by @renovate in #5898
- Update dependency react-relay to v16.2.0 by @renovate in #5899
- Update dependency html-to-pdfmake to v2.5.2 by @renovate in #5901
- Update dependency moment-timezone to v0.5.45 by @renovate in #5903
- Update dependency postcss to v8.4.35 by @renovate in #5904
- Update typescript-eslint monorepo to v6.21.0 by @renovate in #5907
- Update aws-sdk-js-v3 monorepo to v3.511.0 by @renovate in #5905
- Update dependency @graphql-tools/utils to v10.0.13 by @renovate in #5909
- Update dependency jose to v5.2.1 by @renovate in #5902
- Update dependency @types/node to v20.11.17 by @renovate in #5910
- Update dependency winston-daily-rotate-file to v5 by @renovate in #5911
- Update dependency @types/relay-runtime to v14.1.23 by @renovate in #5900
- Update dependency relay-runtime to v16.2.0 by @renovate in #5913
- Update dependency semver to v7.6.0 by @renovate in #5915
- Update dependency tap to v18.7.0 by @renovate in #5916
- Update dependency vite to v5.1.1 by @renovate in #5917
- Update dependency relay-test-utils to v16.2.0 by @renovate in #5914
- Update dependency vite-plugin-relay to v2.1.0 by @renovate in #5918
- Update dependency webpack to v5.90.1 by @renovate in #5919
- Update dependency chokidar to v3.6.0 by @renovate in #5921
- Update dependency esbuild to v0.20.0 by @renovate in #5922
- Update dependency react-router-dom-v5-compat to v6.22.0 by @renovate in #5923
- Update dependency recharts to v2.12.0 by @renovate in #5924
- Update dependency @elastic/elasticsearch to v8.12.1 by @renovate in #5926
- Update dependency @testing-library/react to v14.2.1 by @renovate in #5927
- Update dependency relay-compiler to v16.2.0 by @renovate in #5925
- Update dependency babel-plugin-relay to v16.2.0 - autoclosed by @renovate in #5928
- [backend] Improve deletion for large entities (#5803) by @richard-julien in #5920
- [frontend] Added missing markdown handling in Role and Group description by @JeremyCloarec in #5936
- [backend] Rollback on anticipated activation by @Kedae in #5940
- [backend] Decay rules settings (#2859) by @SouadHadjiat in #5641
- [frontend] Fix typo on Breadcrumbs by @Kedae in #5932
- [backend] fix typo in data sharing capa description migration by @marieflorescontact in #5938
- [frontend] Fix data import redirect from workbench (#5805) by @SouadHadjiat in #5946
- [frontend/backend] Public dashboard: init phase (create dashboard and first widgets) (#4903) by @marieflorescontact in #5446
- [backend] Broken attack patterns matrix everywhere (#5841) by @richard-julien in #5937
- [frontend]Fix alias of country(#5939) by @CelineSebe in #5952
- [backend] fix attributes to display in csv mapper by @lndrtrbn in #5883
- [backend/frontend] Add "From/To" attributes ref in sightings relationships(#5814) by @CelineSebe in #5821
- [backend] fix reverse relation (#5836) by @marieflorescontact in #5942
- [frontend] Systems display in BreadCrumbs by @Archidoit in #5959
- [frontend] Decay improvement: remove moment usage, remove zoom on chart (#2859) by @aHenryJard in #5945
- [backend] Introduce fuzzy search and wildcard prefix options by @richard-julien in #5958
- [frontend] show right navigation menu when some manager are disabled. by @aHenryJard in #5949
- [backend] Fixed issue with skip char line parameter in csv mapper (#5764) by @JeremyCloarec in #5962
- [frontend] fix filters representation when filters with regardingOf (4974) by @Archidoit in #5975
- [frontend/backend] highlight selected filter by @jpkha in #5781
- [backend/frontend] Organizations types to be in the vocabularies (#3470) by @frapuks in #5876
- [frontend] Not possible to empty CVSS score in vulnerabilities (#5808) by @SarahBocognano in #5931
- [backend/frontend] Map with CSV mapper a file containing columns sha1, sha256, md5, sha-512 (#4806) by @CelineSebe in #5332
- [backend] manage long text filter like description and add search operator #4940 by @jpkha in #5633
- [backend] fix x_opencti_worfklow_id filter (5977) by @Archidoit in #5985
- [frontend] fix CSV Feeds title in the breadcrumb by @jpkha in #5984
- [frontend] remove badge in the top bar trigger icon by @Archidoit in #5988
- [frontend] remove column 'source' from task errors (#5885) by @labo-flg in #5987
- [frontend/backend] Multiple fixes on admin Orga (#5980, #5981, #5982,… by @Kedae in #5992
- [frontend] Fix subsector search by @Kedae in #5994
- [backend/frontend] update messages and translations for decay (#2859) by @SouadHadjiat in #5948
- [backend] Fix orga sharing on Cases by @Kedae in #5993
- Replace dependency passport-saml with @node-saml/passport-saml 4.0.4 by @renovate in #5908
- [backend] enforce user max confidence on create/delete/update/upsert (#5697) by @labo-flg in #5800
- [frontend] Align Nested Object panel with other in the platform (#4931) by @SarahBocognano in #5978
- [frontend] fix relationship_type filter list (#5995) by @Archidoit in #6000
- [frontend] Confidence Level logic enforced in the platform (User) (#5697) by @SarahBocognano in #5881
- [frontend/backend] Verify access to csv mapper in UI and API (#5954) by @aHenryJard in #5979
- [frontend] Fixes on label creation/deletion and user breadcrumb by @Kedae in #6007
- [backend/frontend] remove 'remove' operation from playbook (#5950) by @SouadHadjiat in #5964
- [backend] enable local mode switching for nested relation filters (#6001) by @Archidoit in #6008
- [backend] fix filtersRepresentatives when values id is not existing by @jpkha in #6009
- [Backend] Enrich model to add update attribute protection by @richard-julien in #6006
- [frontend] Fix malware analyses unknown display by @Kedae in #6011
- Update aws-sdk-js-v3 monorepo to v3.515.0 by @renovate in #6014
- Update dependency openai to v4.28.0 by @renovate in #6015
- Update dependency @types/node to v20.11.19 by @renovate in #6017
- Update dependency analytics to v0.8.11 by @renovate in #6018
- Update dependency graphql-constraint-directive to v5.4.2 by @renovate in #6019
- Update dependency http-proxy-agent to v7.0.2 by @renovate in #6020
- Update dependency https-proxy-agent to v7.0.4 by @renovate in #6021
- Update dependency jose to v5.2.2 by @renovate in #6022
- Update dependency react-router-dom-v5-compat to v6.22.1 by @renovate in #6023
- Update dependency reactflow to v11.10.4 by @renovate in #6024
- Update dependency vite to v5.1.3 by @renovate in #6025
- Update dependency webpack to v5.90.2 by @renovate in #6026
- Update material-ui monorepo to v5.15.10 - autoclosed by @renovate in #6027
- Update typescript-eslint monorepo to v7 (major) by @renovate in #6028
- [backend] Improve batch loading error control and deletion capabilities by @richard-julien in #6029
- [backend] extends Audits context filters to Knowledge events (#5611) by @Archidoit in #5613
- [backend/frontend] user's confidence level shall be the highest among user's group(s) by @labo-flg in #6033
- [frontend] Add playwright by @jpkha in #5555
- [frontend] Fix creation page + align CSV Mapper option panel by @Kedae in #6038
- [backend/frontend] In Dashboard Network Traffic Attribute Fields Returning Nothing (#5473) by @SarahBocognano in #6039
- [frontend] Fix quick subcription button(#5963) by @CelineSebe in #6002
- Update rjsf monorepo to v5.17.1 by @renovate in #5906
- [frontend/backend] Add filtering capabilities based on model definition (#4939) by @Archidoit in #5262
- [backend/frontend] Indicator decay rules improvements (#2859) by @aHenryJard in #6004
- [frontend] Fix names truncated when exporting a Radar widget as CSV(#5969) by @CelineSebe in #6040
- Bump ip from 2.0.0 to 2.0.1 in /opencti-platform/opencti-graphql by @dependabot in #6060
- Bump ip from 2.0.0 to 2.0.1 in /opencti-platform/opencti-front by @dependabot in #6061
- [frontend] use of istanbul plugin dynamic by @jpkha in #6055
- [test] First tests on navigation and parameters by @Kedae in #6057
- [backend] CSV Mapper - fix how to retrieve entity settings (#6034) by @lndrtrbn in #6041
- [backend/frontend] entity_type filter available for abstract types by @Archidoit in #6064
- [backend/frontend] Fix malware analyses pagination error on submission date if null (#6054) by @SouadHadjiat in #6058
- [backend] Support unordered types in connection resolution by @richard-julien in #6082
- [backend] Fix of creation with associated file in entities by @Kedae in #6078
- [backend] Update taskManager to handle extension attributes from toolbar actions by @Kedae in #6051
- [frontend/backend] extends widget filters and fix relationship_type filter in widgets (#6065) by @Archidoit in #6067
- [frontend] fix limit results to display correlation view (#5996) by @frapuks in #6084
- [frontend] fix trigger filters not aligned by @jpkha in #6092
- [frontend] fix empty source entity filters list in relationship widget by @Archidoit in #6095
- [frontend] new filters UI in Playbooks (#6094) by @Archidoit in #6096
- [frontend] fix filter operator size by @jpkha in #6097
- [backend] includes 'object' relationship in Number widgets (#6089) by @Archidoit in #6091
- [backend] Fix observables query for network traffic with dst_port (#6070) by @SouadHadjiat in #6073
- [backend] inferred data always have the Rule Manager's confidence (#6093) by @labo-flg in #6098
- [backend] Add OpenID proxy configuration capability by @richard-julien in #6103
- [backend] Creating a user with a group is bypassing default group belonging (#6104) by @richard-julien in #6105
- [frontend] fix spacing issue by @labo-flg in #6116
- [frontend] dev env - update optimized deps list for vite by @lndrtrbn in #6077
- [frontend] fix bad behaviour onBlur Markdown fields (#5943) by @frapuks in #6035
- [frontend] Add margin at the top/bottom of the FilterIconButtonContainer by @jpkha in #6120
- [frontend] disable field to edit default value in settings if needed (#6037) by @lndrtrbn in #6076
- [frontend] fix incorrect explanatory text about users and default groups by @labo-flg in #6118
- [frontend/test] Update settings relay management and add testing by @Kedae in #6066
- [frontend] fix tasks losing filters before start by @labo-flg in #6123
- [backend/frontend] add more details to effective confidence level source by @labo-flg in #6114
- [backend] Add test and support empty override user_confidence_level by @richard-julien in #6126
- feature-branch-deployment: Add the possibility to request upgrading f… by @sbocahu in #6111
- [frontend] Fix error message when attempting to create an artifact without file (#6052) by @CelineSebe in #6090
- [frontend] Improve playwright process by @jpkha in #6088
- Bump es5-ext from 0.10.62 to 0.10.63 in /opencti-platform/opencti-front by @dependabot in #6131
- Bump es5-ext from 0.10.62 to 0.10.63 in /opencti-platform/opencti-graphql by @dependabot in #6132
- [frontend] Fix red color issue(#6117) by @CelineSebe in #6130
- [frontend] fix position of ai button by @frapuks in #6128
- [frontend] fix display confidence initial value by @frapuks in #6127
- [frontend] Fix the quick Subscription button (#5963) by @Kedae in #6135
- [frontend] linter fix (#5963) by @Kedae in #6141
- [backend] Based on relationship should inherit markings & restrictions when created from Indicators or observables (#6068) by @SouadHadjiat in #6069
- [frontend] add eslint config to e2e tests by @lndrtrbn in #6136
- [backend] fix workflow_id throw error by @jpkha in #6139
- [frontend] fix creator filter in user history redirection by @Archidoit in #6124
- [frontend/backend] fix Threat Actor Knowledge filters + add filters in Indicator Knowledge by @Archidoit in #6122
- [frontend/backend] add filters based on schema definition in the Add entities panels by @Archidoit in #6086
- [frontend] Linter fix v2 (#5963) by @Kedae in #6144
- [backend] Misuse function for workflow_id by @jpkha in #6143
- Prevent input name collision with db name for refs (#6056) by @labo-flg in #6080
- [backend] Organization sharing behavior change for upsert and enrichment by @richard-julien in #6101
- [backend] Infinite upload when two platforms synchronize on each other by @richard-julien in #6147
- [frontend] Cannot add tag to a dashboard/investigation (#5861) by @SarahBocognano in #6063
- [backend] Fix validation and schema for ThreatActors by @Kedae in #6142
- [backend] Handle revoked input for Indicators without valid_until date (#6099) by @richard-julien in #6148
- [backend] Fix upsert indicator score since decay (#2859) by @SouadHadjiat in #6100
- [backend] Fix carousel for TA by @Kedae in #6150
- [backend] Improve csv feed by @richard-julien in #6151
- [frontend] Fix broken screen from localStorage error by @Kedae in #6153
- [frontend] fix content mapping view by @frapuks in #6152
- [backend] add missing capa for effective level computation by @labo-flg in #6157
- [frontend] Fix fetch of containers in workspace by @Kedae in #6155
New Contributors:
- @frapuks made their first contribution in #5707
- @JeremyCloarec made their first contribution in #5869
Full Changelog: 5.12.27...6.0.0