github OpenCTI-Platform/opencti 6.1.0
Version 6.1.0
on GitHub

latest releases: 6.3.13, 6.3.12, 6.3.11...
6 months ago

Dear community, we're delighted to announce the release of OpenCTI 6.1.0 🥳! This milestone materializes our Extended Threat Management suite by integrating OpenCTI with our new Breach and Attack Simulation open-source platform OpenBAS 🔥 !! And that’s not all! 6.1 incorporates also a lot of long awaited features🚀!

First of all, let's discuss the OpenBAS integration 🤝. OpenBAS is a platform where you can define series of events (technical or not) to be simulated towards endpoints or players. These simulations help you evaluate your security posture. Evaluating security posture makes more sense when tested against real and relevant threats. Here comes your OpenCTI and all of its carefully triaged, qualified, and crafted CTI! Directly from the Overview of Reports, Cases, and even Threats, you can generate a Breach and Attack simulation, evaluate your security posture, and have results integrated into your threat context. At a glance, you'll know if you are at risk! 🤯 We are very excited to bring this to the community and can't wait to receive your feedback on it!

OpenCTI 6.1.0 also brings Public Dashboards 📢! Now, you can create snapshots of your custom Dashboards and share them via a permalink, with people who don't have access to your OpenCTI platform. But these snapshots aren't static—they dynamically update as data in OpenCTI changes over time! Because data confidentiality always matters 🤫, users and platform administrators can control which data is shared through Public Dashboards using a maximum marking definition setting.

Now, regarding confidentiality, we've enhanced how marking definitions are handled for files associated with Knowledge entities. You can specify the maximum marking for generating exported file contents and apply markings directly to the files themselves 🛡️.

With this milestone, we're thrilled to introduce a long-awaited feature: rollback on deletion! Who hasn't felt the frustration of accidentally deleting the APT28 Intrusion Set from the platform 😱? I certainly have 😉 ! Mistakes are inevitable, and until now, some deletion actions were not easily reversible. But those days are behind us! Users now have the ability to rollback deletions for up to 7 days, by default. When you delete a Knowledge entity or relation, it's sent to a Trash collector where it can be restored from! So, the next time you accidentally delete APT28 or Cobalt Strike and their countless relationships, fear not—they'll be waiting for you in the trash, ready to be restored 😌.

Speaking of rollback, you may have also noticed that a 6.0 minor release introduced rollback functionality for investigations' graphs. Give it a try!
Version 6.0 introduced the Max Confidence level feature for users and groups, offering a powerful tool for enhancing Knowledge quality within your platform. If you haven't already, check out the dedicated blog post for more details. OpenCTI 6.1 takes it a step further 🚀! Now, you can define max confidence level overrides per entity types! This means you can tailor the impact of connectors on entities like Intrusion Sets and Vulnerabilities differently. You can also give more control to users over certain entities like Reports while limiting control over others like Locations and Sectors, for example. Give it a try and let us know what you think about it!

We've dedicated some time to enhance our Assignee system for Cases. Now, when users are assigned to Cases (whether as Assignee or Participant), they'll receive automatic notifications about the assignment and any subsequent changes made to the Case. Additionally, you now have the option to define in your Profile how you prefer to be notified by default for these assignments 💼.

To enhance our ability to address any bugs you encounter on your OpenCTI platform, we're implementing a Support Package generation system. Administrators can now generate an archive containing relevant log files from all nodes, aiding in more precise diagnostics of any situation. Additionally, users now have the capability to copy and paste the stack trace directly when an error occurs in the front-end 🛠️.

On the Integration side, we updated Malpedia and Recorded Future connector to make them Playbook compatible. We also created a Crowdstrike Falcon EDR connector to send IoC from OpenCTI to Falcon. Community members brought also a lot of value over the last minor releases, with the development of connectors for NIST NVD CPE, RST Noise Control, MITRE ATLAS matrix, Malcore and Socprime. Thanks a lot! ♥️

OpenCTI 6.1 also introduces our telemetry framework. These metrics collection is now mandatory for us to improve platform performances, as current usage implies significantly larger data volumes than before. It is also essential for us to enhance internal workflows and adapt them to community usage patterns. All collected data are anonymous and statistical. You can find detailed information on the collected data and associated usage in the telemetry documentation.

Finally, for those within our community operating in highly confidential environments, we've made a significant improvement to our Python framework to natively support air-gapped architecture. Our CTO, Julien Richard, has authored a dedicated blogpost to assist you with this. Be sure to check it out for detailed guidance 🧠.

⚠️ Breaking changes

It is not possible anymore to ingest Objects with a name containing less than 3 characters (space character at the beginning or the end of the string are not included in the count)

Enhancements:

  • #6930 [playbook] Improve playbook to implement looping control and avoid extra execution
  • #6904 Report frontend error in logs and support package
  • #6899 [backend] Improve graphql subscriptions data control
  • #6898 [backend] Add batch aliases protection in graphql api
  • #6896 Secure schema changing force_disabled_introspection option to true by default
  • #6883 Introduce credential provider for elasticsearch / redis and minio
  • #6292 Implement the Telemetry framework into OpenCTI
  • #5859 OpenBAS integration
  • #5823 Marking definitions for uploaded files
  • #5797 Apply marking definition to export files
  • #5548 Be able to generate a "support package" by clicking on a button
  • #4903 Share Public Dashboard - MVP
  • #4900 Add overrides to the max confidence level of Users for specific Entities
  • #3389 Global problem about displayed nested / refs relationships everywhere
  • #3365 Notifying users when they are Assignee/Participant
  • #1536 Be able to go back or cancel suppression

Bug Fixes:

  • #6897 [backend] Prevent user to regenerate is 2FA secret
  • #6894 Cannot expand entities in investigations
  • #6888 Country flag next to IP addresses have disappeared in observables list
  • #6837 Impossible to add an override for a new user who doesn't have an initialized user confidence level.
  • #6833 Malware analysis name displayed as Unknown in Search list
  • #6832 Knowledge widget filters issues
  • #6827 OpenCTI doesn't have the same logo spacing on light and dark mode
  • #6820 Global search no indication when files are found
  • #6816 Cannot add Data Component through contextual component
  • #6809 Capability "Restrict organization access" has a different name in DB
  • #6787 Threat Actor Participate In Campaign not displayed in the Campaign knowledge Tab attribution view
  • #6779 Unusable filter for observables
  • #6777 Widgets handle relation between Role and Capability
  • #6768 Translation in french for light theme is not correct
  • #6765 Relationships of observables are not correctly displayed
  • #6764 Horizontal bar charts are not clickable anymore
  • #6753 Public dashboard area chart time serie not displaying anything
  • #6746 Feedback/attack-pattern simple export issue
  • #6742 Reports can be created with blank names
  • #6725 No error message when max confidence level not enough to update an entity
  • #6699 No control on marking when having multiple markings of the same type
  • #6697 Impossible to reset files indexing
  • #6679 The Status of Incident is not updated when creating a playbook to replace the Status field
  • #6650 Redirection to "/dashboard" when clicking on a non-exported file
  • #6632 Merging 2 countries fails for unknown reason
  • #6552 parse_exception: request body is required when Retention Policy is executed
  • #6499 Incomplete JSON export of reports
  • #6370 CSV mapper stops importing if an error occurs
  • #6302 [Playbooks] Error when creating a container

Pull Requests:

New Contributors:

Full Changelog: 6.0.10...6.1.0

Check out latest releases or
releases around OpenCTI-Platform/opencti 6.1.0

Don't miss a new opencti release

NewReleases is sending notifications on new releases.

Get notifications