github OpenCTI-Platform/opencti 6.8.0
Version 6.8.0
on GitHub

17 hours ago

Dear community, we're excited to announce the launch of OpenCTI 6.8.0! 🥳

This release focuses on solving key pain points and unlocking new use cases:

  • Priority Intelligence Requirements
  • Connector Catalog and Manager
  • Chatbot/AI assistant
  • Import AI document (more entities and relations)
  • User Management (Service Accounts, onBoarding emails, Massive Operations)
  • Data Quality & Security Enhancements
  • UI & UX improvements
  • Many other improvements (export/import playbooks, …)
  • New Integrations/Connectors

🌟 Priority Intelligence Requirements (PIR) (EE)

We are thrilled to introduce the first implementation of PIR (Priority Intelligence Requirement), a powerful feature that enables users to concentrate only on the threats that matter most to them. This enhancement is designed to help users navigate and prioritize among the vast data within the platform more effectively.

With PIR, users can define the specific criteria such as their organization's industry, locations they operate in, or any sectors and regions they wish to monitor. By setting these criteria, the platform will automatically flag relevant threats with an associated relevance score and highlight priority reports to review.
This initial version focuses on helping you identify threats relevant to your organization. Future releases will enable you to operationalize PIR-identified threats in your daily workflows. We welcome your feedback on how to make this most valuable for you.

⚙️ Connector Catalog and Manager (EE)

We are excited to introduce the connector catalog and manager, a feature designed to streamline the deployment and configuration of connectors directly from the user interface.

To achieve this, we've added a connector catalog in the platform's ingestion section, listing connectors currently available for deployment through the interface. This catalog initially features a first selection of "Verified" connectors, with plans to expand the collection over time. From this catalog, users have now the possibility to view details, deploy, and configure these connectors directly within the interface.

We've also enhanced the connector view with new management capabilities. Users can now easily start and stop “managed connectors” and access their logs directly, significantly improving troubleshooting efficiency.

For on-premise deployments, this feature requires adding a new component called "xtm-composer" to the OpenCTI technology stack. This component connects your OpenCTI platform to major container orchestration systems and handles the deployment and lifecycle management of your connectors. More info on: https://github.com/FiligranHQ/xtm-composer

🤖 Chatbot/AI assistant (EE)

You have a CTI question? Ask Ariane!

We are launching the first iteration of Ariane, our brand new Agentic AI assistant, an interface that will change the way users interact with Cyber Threat Intelligence! Ariane is designed to understand complex questions related to the CTI and will leverage all the structured knowledge stored in your platform and also all the OpenCTI documentation.

With this initial release, users will have the ability to ask questions to their OpenCTI platform in natural language! Thanks to Ariane, you don’t need to know the arcane of STIX and OpenCTI to get answers anymore! It greatly lower the barrier of entry for new user and also reduce the time to create reports from structured CTI. Future iterations will further enhance its capability to deliver even deeper insights and will allow to take action on retrieve Intel, like creating a Objects or using features of the platform.

Mind that it is a Preview feature. Usage is limited at the moment. Try it and, if you want more, just reach out to us and we’ll work together on the next step!

If you’re curious on what’s happening under the hood, this feature leverages a dedicated set of tools bundled in an MCP server, publicly available here https://github.com/FiligranHQ/xtm-mcp. The main challenge to tackle was being able to translate a natural language question into a query in graphQL, the technology running the OpenCTI database. Because this is not something easy, we decided to share this capabilities through the standard Model Context Protocol, so that the largest number of OpenCTI users can keep on their AI journey.

💡 Import AI document (EE)

This release features significant improvements to our entity extraction service, accessible through our AI Import Document connector. The service now recognizes a broader range of entities (Organization, Sector, Channel, Tool, Individual, Region). Beyond this expanded recognition capability, the service can now identify and establish relationships (Uses, Targets, Located-at, Exploits, Originates-from) between detected entities.

👤 User management (CE and EE)

The user management part has been enhanced with three new capabilities that improve administrative efficiency:

  • Ability to create Service Accounts, a specialized user type restricted to API-based integrations with no access to the UI login. This addition should provide more control on their users, while facilitating the creation of service accounts on the fly for CVS feeds & Connectors for now. A user can be turned into a service account & vice-versa, in order to provide flexibility to the administrators to manage their users. Important to note, if platform organisation is enabled on your platform, when logging in, service accounts will pertain to the main platform organisation: this way, if your platform organisation changes (or gets added), the service accounts will still be able to push data without any issue into your platform. More info on**:** https://docs.opencti.io/latest/administration/users/ (CE)
  • The ability to perform bulk operations on user accounts. This new capability empowers administrators to execute mass operations, such as activating, deactivating, or updating multiple user accounts at once. This enhancement not only saves time but also reduces the potential for errors associated with manual, individual account management. (CE)
  • The ability to create email templates for your users, that will enable administrators to create an email template, using variables of the user/service account to create some dynamic emails. With this feature, administrators will be able to: send an email at user creation for a first time login process, send important emails to your user base, for instance to inform about maintenance, system unavailability… Please note that this email templating is different form the email templating of platform notification. (EE)

🛡️ Data Quality & Security Enhancements (CE and EE)

As part of our ongoing commitment to data excellence and security, we're pleased to introduce several enhancements designed to strengthen data quality, improve reliability, and reinforce the protection of your information across our platform.

  • Understanding what’s happening on your platform is crucial. This is why we have worked on extending the activity log with additional informations like "Source IP" and "User-Agent" information. (EE)
  • Audit logs can now be streamed to console or files, enabling seamless integration with external monitoring systems like Splunk. (EE)
  • A contribution has also been made to enable viewing a user's complete activity history, not just their most recent actions. (CE)
  • To enhance security and user confidence, we have updated the user interface to ensure that Ingestion Feeds credentials are no longer displayed in clear text. (CE)
  • The “Manage Taxonomies” capability has been removed and split into smaller capabilities (Manage Tags, Manage Vocabularies, Manage Case Models, Manage Status Models, Manage Kill Chain Phases), allowing for more precise permission control. (CE)
  • The vulnerability and software models have been enhanced with additional attributes, specifically “first seen active” for Vulnerability and “product” for Software, and new relationships have been established between Infrastructure and Vulnerability entities.

🎨 UI & UX improvements (CE)

We are aware that the UI & UX of the platform can sometimes be difficult to grasp. We are working towards improving this part.

  • Users can now view nested objects in the overview of observables, especially in network traffic data. This enhancement allows for a more comprehensive understanding of complex data structures, enabling users to analyze detailed relationships without navigating away from the overview.
  • We have introduced the ability to expand fields within observables, eliminating the need to copy and paste values to view them in their entirety.

🔄 Some other improvements have also been provided:

  • Draft from an entity: You can now create draft directly within an entity. This improvement helps us to even more bridge the gap with the workbench, to be on a feature parity level before being able to decomission the workbenches. (CE)
  • Export/Import/Duplicate Playbooks: A long an awaited feature has been delivered: the ability to duplicate, import, and export playbooks! This should help you create and share your playbooks. (EE)

:opencti: XTM HUB: One click deploy (CE)

During the 6.8, XTM hub has released the ability to enroll your platform onto XTM hub. From an added value perspective from OpenCTI, this means that you can also use the newly deployed feature “One Click Deploy”, to easily deploy Dashboard & CSV feeds directly from the Hub.

Directly browse, from your OpenCTI platform the service you need on XTM Hub and within one click, get it into your OpenCTI platform!

🔗 Connectors & Integrations (CE)

Regarding connectors and integrations, this milestone brought several new connectors.

Check out latest releases or
releases around OpenCTI-Platform/opencti 6.8.0

Don't miss a new opencti release

NewReleases is sending notifications on new releases.

Get notifications