Skip to content

Version 2.0.0

Compare
Choose a tag to compare
@SamuelHassine SamuelHassine released this 24 Oct 12:52
· 6357 commits to master since this release

We are proud to announce a new major release of the OpenCTI platform: 2.0.0 is out! Although the documentation is still under construction, this new version brings many features and improvements to users. It allows you to store and manage files, add tags to entities, easily create relationships to relationships in reports, and, depending on the available connectors, enable automatic enrichment on observables, extraction of indicators in PDF files and exports in different formats. Several bugs have been fixed and multiple improvements made in display and performance. We are waiting for your feedback and future contributions, especially on connectors!

⚠️ Breaking changes ⚠️

New dependency
  • To handle file storage for import, export and files linked to entities, Minio has been introduced in the OpenCTI stack as a required component. In the future, any S3 storage system will be able to store the OpenCTI data and files.
  • The file management system can be used by connectors to extract intelligence such as IoCs, TTPs or store any export from the platform (generated PDFs, STIX2, etc.).
Workers and connectors
  • There is now only one worker for writing data coming from the RabbitMQ broker on the platform, so the export worker is deprecated. The worker remain the same base code, the parameter type is no longer required.
  • To handle import and export (only STIX2 for the moment), 2 new connectors have been introduced.
  • For the worker and connectors configuration, the RabbitMQ parameters are no longer needed, only the OpenCTI API hostname and token are required. RabbitMQ parameters are provided by the API through the Python helpers.

The new configuration of connectors is available in the dedicated documentation.

Enhancements:

  • #254 Separate observables list of reports in a different QueryRenderer
  • #249 Create new attack pattern to be associated to a report
  • #244 Add a "drops" relation between malwares/tools.
  • #241 Enhance the custom attributes management and update
  • #236 Add version/build number and minimal system info in dashboard
  • #232 Aliases display enhancement
  • #229 Global tagging system
  • #221 5 level certainty scale not adaptable
  • #217 Better handling of concurrent integration
  • #212 Remove "waiting behavior" from entrypoint, let docker restart the containers
  • #204 Redesign the connector status page
  • #191 Reduce opencti/platform docker image size
  • #170 Add standalone observables
  • #141 Observables don't appear when importing a file
  • #130 Introduce file storage for export download
  • #105 Add Kill Chain Phase selection when adding observable
  • #69 Enhance knowledge graph of reports
  • #61 Organisation : associated IP addresses, domain names, URL-s
  • #48 Implement the observable enrichment
  • #44 Attach files to report
  • #43 Differenciate the display of sectors that are subsectors
  • #42 Add relationships and knowledge everywhere
  • #39 Add aliases to the generic entity creation form
  • #38 Automatic graph organization on report
  • #37 Display marking definitions in all entities / relations
  • #34 Display entity information in a graph view

Bug Fixes:

  • #235 The entity "Region" can't be added as the location property of a relation.
  • #228 Inferred relations not displayed in the relationships lists
  • #220 Inferred relation instrusion set - country - region
  • #210 Unable to create a "Workspace" in the "Explore" view
  • #209 Observables of entities cannot be sorted
  • #136 Marking color