Skip to content

Version 3.3.0

Compare
Choose a tag to compare
@SamuelHassine SamuelHassine released this 28 May 09:05
· 6053 commits to master since this release

Dear community, OpenCTI 3.3.0 has been released! This version introduces many new features and also fixes several bugs reported by the community: more progresses in taking STIX 2.1 into account, enhancing the victimology overview in threats, warning users about potential duplicate entities at creation, etc.

One of the major enhancements of this version is the improvement of platform integration performance. Just as we fixed more than 30 bugs during the introduction of integration tests at the release of the version 3.1.0, the implementation of performance tests allowed us to identify multiple areas for improvement. In this version, we have increased by 30% the ingestion speed compared to the previous version. And that's just the beginning! We plan to publish the results of these tests as well as a monitoring dashboard in the coming days.

Another important change is the syntax validation of all indicators imported/created in OpenCTI. STIX patterns, YARA rules, SIGMA rules, Suricata signatures and SNORT rules are now subject to syntax check, allowing all third-party software integrated with OpenCTI to be sure that the indicators provided are valid. Also, merging entities together is now stable if users need to advanced data curation.

⚠️ Breaking changes ⚠️

Grakn Core Server has been upgraded from 1.6.2 to version 1.7.1. We tested the migration process of existing data with several organizations and it is fully transparent (just start Grakn Server 1.7.1 on your current Grakn data). OpenCTI 3.3.0 is not compatible with Grakn 1.6.2 anymore since the Grakn driver has been updated and is only compatible with Grakn 1.7.X. You can also update your ElasticSearch to version 7.7.0 which is now the recommended version but this is not mandatory.

Last but not least, we are glad to announce the release of 4 new connectors. We really wish to thank @rhaist from DCSO for his amazing works during the last weeks: Malpedia connector, Valhalla connector, Python library documentation and testing, starting to work on a Go client as well as on the CORTEX connector, with progressive ideas and quality source codes. Stay tuned for next release which will be focus on vizualisation and workspaces!

Enhancements:

  • #699 [UI] Remove trailing whitespaces at the creation of an observable
  • #693 Migration to grakn 1.7.1
  • #687 Add customized observable type by admin when creating an observable
  • #645 Implement performances test infrastructure
  • #640 Possibility to filter vulnerabilities on Score and Severity field
  • #635 Organization should implement gathering relations
  • #632 Syntax validation of indicators
  • #601 Support Active Directory of TLS/SSl
  • #554 Display persons in victimology
  • #470 Prevent users from accidentally creating duplicate objects (e.g. threat actors).
  • #462 Observables dates (creation and modification) required seconds precision
  • #370 Add new observable types
  • #368 Add contact_information to entity object
  • #362 Observables export

Bug Fixes:

  • #723 Display bug in Attack Patterns
  • #710 Merging entities : recurring bug
  • #707 Requesting creator through log fail if the action was executed by SYSTEM_ADMIN
  • #703 UI Display of connectors - Not showing connectors after page cut-off.
  • #701 Broken page for Malware attribution
  • #700 Migration failed due to incorrect function call
  • #691 Unable to Add Victimology to Custom Threat Actors or Incidents