Opencti Versions Save

Open Cyber Threat Intelligence Platform

6.0.1

2 months ago

Bug Fixes:

  • #6169 Infinite fetching on low speed connection introduced by triggers update

Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/6.0.0...6.0.1

6.0.0

2 months ago

Dear community, after several intense months of work, we're thrilled to announce the release of OpenCTI version 6.0 🥳! This version transforms the OpenCTI platform in so many ways! Let’s dig into it!

Welcome to OpenCTI 6.0, where we're thrilled to introduce the transformative capabilities of Generative AI to elevate your daily analyst workflow! ✨ Now, you can harness the power of Generative AI to assist in crafting textual content, explaining report descriptions, summarizing file contents, and even generating STIX-structured knowledge seamlessly. Whether in our cloud or on-premise, any Enterprise Edition customer can leverage our custom AI endpoint, use its own or integrate with native OpenAI or Mistral AI services using their tokens. 🚀

In this release, we've fully revamped the platform's design, including a modification to the left menu. The former top menu is now integrated into the left menu, simplifying navigation throughout the platform. Additionally, a new breadcrumb feature allows you to effortlessly track your position in the platform, particularly when the left menu is collapsed! 🧭

⚠️ Breaking change in the confidence level system for connectors, feeds, and streams

OpenCTI 6.0 also introduces an important change about the confidence level system. From now on, Users and Groups get a “Max Confidence level” playing the role of a threshold for their capacity to modify existing data. Fine-tune users' impact on your meticulously crafted Knowledge base by managing these max confidence levels. External Connectors, Feeds, and Streams now use the max confidence level of their associated user, making ACL in OpenCTI nearly limitless! 🛡️ Please read carefully the dedicated blog post about this breaking change! 👁️‍🗨️

Indicator Lifecycle management is paramount in CTI teams, and we're excited to introduce a decay algorithm to enhance the existing score and revoking system. Create your decay rules, depreciate indicator scores over time based on their main observable type, lifetime, acceleration factor, and define crucial scores to trigger reactions! 🔃 We value your feedback to further improve this feature! 🤝

Another addition with the 6.0 is the CSV feed ingester! You can now automatically ingest data from URL-exposed CSV files! Like with uploaded CSV files, build a CSV mapper, link it to your new CSV Feed, and it’s done! 🪄 Talking about CSV Mappers, multiple improvements have been shipped into OpenCTI 6.0, and it is now possible to define default values in a mapper, to ingest incomplete CSV files!

Amid these groundbreaking features, extensive improvements have been made, particularly in filters! The new UI is now deployed almost everywhere in the platform! 💅 But more importantly, you can now filter on any object's attributes on lists and dashboards! 🎉 Of course, the system takes into account the context of the view you are navigating on. Improvement on the filtering system also comes with new operators! “In regards of” allows you to filter Objects based on their relationship with a specific Entity. “Contains” and “Search” allow you to operate any filtering you want on short and long texts!

On the connectors side, the Recorded Future connector has been improved even further, now handling the import of Malwares and Threat Actors into OpenCTI! Some work has also been done on Greynoise, Shodan, and Malbeacon enrichment connectors to make them compatible with our automation playbooks. 🤖

Last but not least, the complete documentation for OpenCTI is now accessible at docs.opencti.io! 📘 Feel free to refer to it for assistance, and remember, we're always available in the Community Slack for any questions or support!

⚠️ Other breaking changes:

  • NetworkTraffic src and dst creation attribute have been renamed to networkSrc and networkDst. Python client is not impacted but if you use your own GraphQL queries, it will required some changes.

⚠️ This release includes a security fix, we advise all organizations to upgrade their platform as soon as possible.

Enhancements:

  • #6102 Allow to bypass engine version validation for AWS default compatibility mode
  • #6099 Handle revoked input for Indicators without valid_until date
  • #6042 [backend] Organization sharing behavior change for upsert and enrichment
  • #5973 Implement fuzzy search (approximative search) in the platform
  • #5858 Implement support of GenAI APIs in the platform
  • #5807 Rework email templates for notifications
  • #5805 Design upgrade for major release
  • #5759 Make sure confidence level is always between 0 and 100
  • #5033 Ability to filter on Organization the data is shared with
  • #5032 Filter Refactoring Follow Up
  • #4944 Improve error messaging on ImportCSV
  • #4940 Add a "contains" / "do not contains" operator in new filter
  • #3426 Add OpenID Proxy configuration capability
  • #3406 Add a new version of platform / workers images OpenSSL FIPS 140
  • #4939 Be able to filter on every properties with new filters
  • #4932 Add an optional default value for an attribute that is missing mapping value from a file
  • #4931 Align Nested Object panel with other in the platform
  • #4806 Map with CSV mapper a file containing columns sha1, sha256, md5, sha-512
  • #3585 In filters, be able to used all possible vocabularies / the current user
  • #3470 Organizations types to be in the vocabularies
  • #3426 Add OpenID Proxy configuration capability
  • #3154 Expand name in "progress works panel"
  • #2859 Decay settings for Indicators scores
  • #2248 Remove the default search wildcard and check the behaviour in Elastic
  • #1989 OpenCTI frontend test suite
  • #4569 Implement Ingestion CSV Feeds (like TAXII, RSS, etc.) using mappers

Bug Fixes:

  • #6137 [frontend] Green background color with white text doesn’t seem visible enough
  • #6121 The ImportDocument connector doesn't work when importing document from a "Data" tab
  • #6117 In Settings => Activity => Config, groups are red when selecting
  • #6109 TTP names are replaced by ID in some screens
  • #6108 Infinite upload when two platforms synchronize on each other
  • #6104 Creating a user with a group is bypassing default group belonging
  • #6094 [Playbooks] Incorrect score filter
  • #6093 Relationships created though inference rules must have the confidence of the Rule Manager user
  • #6089 Widget number always display 0 when asking to count relationships "contains"
  • #6087 Trigger filters not aligned
  • #6075 Creating a Report with an associated file gives an error
  • #6070 Having Network Traffic observable with a dst ref makes the observable listing crash
  • #6068 Based on relationship should inherit markings & restrictions when created from Indicators or observables
  • #6065 [filters] 'sighted in/at' relationship type filter not working in widgets
  • #6056 Worker error when importing Network-Traffic object with nested properties
  • #6052 No error message when attempting to create an artifact without file
  • #6043 Updating Description of multiple objects at once doesn't work
  • #6037 Entity settings display edit default value input even if attribute has "editDefault" false
  • #5996 Report->Knowledge->Correlation view missing data and inconsistent
  • #5963 Quick subcription button is not working properly
  • #5950 [Playbooks] remove marking definition doesn't work
  • #5943 Markdown in rich text fields is reverted when first applied
  • #5861 Cannot add tag to a dashboard/investigation

Pull Requests:

New Contributors:

Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/5.12.27...6.0.0

5.12.33

2 months ago

Bug Fixes:

  • #6083 In some rare cases, streaming dependencies is not working

Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/5.12.32...5.12.33

5.12.32

3 months ago

Bug Fixes:

  • #6003 SAML attributes mapping including groups / roles mapping is not working
  • #5983 [Data segregation / Admin organization] Incomplete cleaning of org administrators
  • #5982 [Data segregation / Admin organization] I can't modify Group of user
  • #5981 [Data segregation / Admin organization] "User" panel in Setting doesn't work
  • #5980 [Data segregation / Admin organization] Administration buggy if right "manage marking"
  • #5960 [Data segregation] "Sharing with the organization" not applied to contained entities as previously
  • #5848 User can't access authors list to edit entity
  • #5835 Default marking are not cleaned when marking is deleted, leading to full crashed platform
  • #5822 File indexing blocked

Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/5.12.31...5.12.32

5.12.31

3 months ago

Bug Fixes:

  • #5957 Worker is still pinging too much the API and Elastic queries

5.12.30

3 months ago

Bug Fixes:

  • #5841 Broken attack patterns matrix everywhere
  • #5803 Unable to delete large entities
  • #5841 Adapt default pagination and max pagination

Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/5.12.29...5.12.30

5.12.29

3 months ago

Bug Fixes:

  • #5794 AWS Role authentication broken after library upgrade

Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/5.12.28...5.12.29

5.12.28

3 months ago

Bug Fixes:

  • #5778 Connectors seem to re-open sessions despite pinging / extending the existing session
  • #5775 Audit logging is not searchable
  • #5773 Simple mailer does not work anymore (testing or notification based)
  • #5772 Users are not updatable
  • #5760 Not-existing page for redirection to creators that are not user

Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/5.12.27...5.12.28

5.12.27

3 months ago

Bug Fixes:

  • #5762 [backend] Works tracking fail to complete at "update processed time"
  • #5753 Sorting on max confidence level in groups is not working
  • #5751 CSV mapper configuration can mix up entity types fields
  • #5636 Filters display in Report Timeline view
  • #5621 [backend] Invalid TAXII header when collection is exposed to public

Pull Requests:

Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/5.12.26...5.12.27

5.12.26

3 months ago

Bug Fixes:

  • #5749 Analyst workbenches not correctly displayed in entities
  • #5745 [Playbooks] Changing the score on indicator does not work
  • #5679 Useless console.log in domino patch need to be remove for log consistency
  • #5580 Account deletion error

Pull Requests:

Full Changelog: https://github.com/OpenCTI-Platform/opencti/compare/5.12.25...5.12.26