Open Cyber Threat Intelligence Platform
Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/6.1.7...6.1.8
Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/6.1.6...6.1.7
Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/6.1.5...6.1.6
Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/6.1.4...6.1.5
Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/6.1.3...6.1.4
Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/6.1.2...6.1.3
Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/6.1.1...6.1.2
Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/6.1.0...6.1.1
Dear community, we're delighted to announce the release of OpenCTI 6.1.0 :partying_face:! This milestone materializes our Extended Threat Management suite by integrating OpenCTI with our new Breach and Attack Simulation open-source platform OpenBAS :fire: !! And that’s not all! 6.1 incorporates also a lot of long awaited features:rocket:!
First of all, let's discuss the OpenBAS integration :handshake:. OpenBAS is a platform where you can define series of events (technical or not) to be simulated towards endpoints or players. These simulations help you evaluate your security posture. Evaluating security posture makes more sense when tested against real and relevant threats. Here comes your OpenCTI and all of its carefully triaged, qualified, and crafted CTI! Directly from the Overview of Reports, Cases, and even Threats, you can generate a Breach and Attack simulation, evaluate your security posture, and have results integrated into your threat context. At a glance, you'll know if you are at risk! :exploding_head: We are very excited to bring this to the community and can't wait to receive your feedback on it!
OpenCTI 6.1.0 also brings Public Dashboards :loudspeaker:! Now, you can create snapshots of your custom Dashboards and share them via a permalink, with people who don't have access to your OpenCTI platform. But these snapshots aren't static—they dynamically update as data in OpenCTI changes over time! Because data confidentiality always matters :shushing_face:, users and platform administrators can control which data is shared through Public Dashboards using a maximum marking definition setting.
Now, regarding confidentiality, we've enhanced how marking definitions are handled for files associated with Knowledge entities. You can specify the maximum marking for generating exported file contents and apply markings directly to the files themselves :shield:.
With this milestone, we're thrilled to introduce a long-awaited feature: rollback on deletion! Who hasn't felt the frustration of accidentally deleting the APT28 Intrusion Set from the platform :scream:? I certainly have :wink: ! Mistakes are inevitable, and until now, some deletion actions were not easily reversible. But those days are behind us! Users now have the ability to rollback deletions for up to 7 days, by default. When you delete a Knowledge entity or relation, it's sent to a Trash collector where it can be restored from! So, the next time you accidentally delete APT28 or Cobalt Strike and their countless relationships, fear not—they'll be waiting for you in the trash, ready to be restored :relieved:.
Speaking of rollback, you may have also noticed that a 6.0 minor release introduced rollback functionality for investigations' graphs. Give it a try! Version 6.0 introduced the Max Confidence level feature for users and groups, offering a powerful tool for enhancing Knowledge quality within your platform. If you haven't already, check out the dedicated blog post for more details. OpenCTI 6.1 takes it a step further :rocket:! Now, you can define max confidence level overrides per entity types! This means you can tailor the impact of connectors on entities like Intrusion Sets and Vulnerabilities differently. You can also give more control to users over certain entities like Reports while limiting control over others like Locations and Sectors, for example. Give it a try and let us know what you think about it!
We've dedicated some time to enhance our Assignee system for Cases. Now, when users are assigned to Cases (whether as Assignee or Participant), they'll receive automatic notifications about the assignment and any subsequent changes made to the Case. Additionally, you now have the option to define in your Profile how you prefer to be notified by default for these assignments :briefcase:.
To enhance our ability to address any bugs you encounter on your OpenCTI platform, we're implementing a Support Package generation system. Administrators can now generate an archive containing relevant log files from all nodes, aiding in more precise diagnostics of any situation. Additionally, users now have the capability to copy and paste the stack trace directly when an error occurs in the front-end :hammer_and_wrench:.
On the Integration side, we updated Malpedia and Recorded Future connector to make them Playbook compatible. We also created a Crowdstrike Falcon EDR connector to send IoC from OpenCTI to Falcon. Community members brought also a lot of value over the last minor releases, with the development of connectors for NIST NVD CPE, RST Noise Control, MITRE ATLAS matrix, Malcore and Socprime. Thanks a lot! :hearts:
OpenCTI 6.1 also introduces our telemetry framework. These metrics collection is now mandatory for us to improve platform performances, as current usage implies significantly larger data volumes than before. It is also essential for us to enhance internal workflows and adapt them to community usage patterns. All collected data are anonymous and statistical. You can find detailed information on the collected data and associated usage in the telemetry documentation.
Finally, for those within our community operating in highly confidential environments, we've made a significant improvement to our Python framework to natively support air-gapped architecture. Our CTO, Julien Richard, has authored a dedicated blogpost to assist you with this. Be sure to check it out for detailed guidance :brain:.
:warning: Breaking changes
It is not possible anymore to ingest Objects with a name containing less than 3 characters (space character at the beginning or the end of the string are not included in the count)
Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/6.0.10...6.1.0
Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/6.0.9...6.0.10