Skip to content

Version 3.0.0

Compare
Choose a tag to compare
@SamuelHassine SamuelHassine released this 19 Feb 16:00
· 6195 commits to master since this release
63edd22

Dear OpenCTI community, we are proud to announce the release of OpenCTI version 3.0.0. This version is a turning point in the OpenCTI roadmap, as we worked hard on the following objective: allow you to deploy OpenCTI in production within your organization with the right level of security and the expected stability and performances, turn OpenCTI into an enterprise-grade product.

One of the most important enhancement in this version is the implementation of the RBAC system, associated to 3 new authentication strategies (LDAP/AD, OpenID, etc.). You are now able to create roles and assign roles to users to grant them capabilities (read knowledge, update knowledge, import, manage accesses, etc.). The other feature is about reports and data. The import/export system is now stable (with the observed-data management) and we improved again the performances of write operations. We also speeded-up a lot a views (report knowledge graph, listing of some relationships, etc.).

A lot of improvements not related to the main features of this release have been made. We published a new connector to analyze and extract IOCs from PDF files thanks to a member of our community. Many bugfixes on the API and the frontend, new content in the documentation and the creation of the virtual machine template hosting the whole stack for testing purposes. As we prepare a lot of new enrichment connectors for observables, we introduced the max TLP option to avoid leaking sensitive information. Other knowledge connectors will be soon published: AlienVault, CrowdStrike, TheHive, and other vendors.

In a few days, we will send you a message with the date of our first webinar, during which we will present how the platform could be used in different types of organization. As we often say, it is just the beginning of an exciting adventure, with soon much more community activities, data management, intelligent subsystems, visualizations and investigations capabilities.

Enhancements:

  • #487 Introduce kill chain view and diamond model
  • #484 Automatic completion of marking when creating links
  • #467 Enrichment connectors must have a "MAX TLP" config to avoid enrichment on sensitive data
  • #466 Report views enhancement
  • #442 Huge documentation enhancement
  • #403 Creating "targets" relation between an Attack Pattern and a Vulnerability
  • #398 Pre-installed OpenCTI iso or ready VM?
  • #380 Add inference when action is linked to a specific malware
  • #373 LDAP / SSO authentication
  • #372 Automatically populate reports
  • #330 threats to entities relations
  • #329 Organization to threat actor relations
  • #328 Organization to organization relations
  • #260 Automatically compute the marking of entities/relations from reports
  • #182 Change the behavior of auto-complete field
  • #148 Workspaces : Add type of entity when selecting an entity for widget creation
  • #86 Implement Lockheed Martin Cyber Kill Chain in model
  • #75 Implement the RBAC system
  • #62 Organisation : reliability

Bug Fixes:

  • #485 Have campaigns with no authors
  • #472 Create person fails with "Thing does not have exactly one key of type [user_email]." error.
  • #465 STIX2 file import error (example with the latest CERT-FR publication)
  • #456 Bad entity_type on stix_observable_relation