Skip to content

Releases: OpenCTI-Platform/opencti

Version 5.6.1

08 Mar 17:42
@SamuelHassine SamuelHassine
5.6.1
c1c9abb
This commit was signed with the committer’s verified signature.
SamuelHassine Samuel Hassine
GPG key ID: 966CA4FD74C31B9B
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 5.6.1

Dear community, OpenCTI 5.6.1 is out 🥳! This is a hotfix release for a bug which prevents some lists to be ordered by author / marking definition 🦾.

Bug Fixes:

  • #2991 Runtime ordering (author, markings, etc.) is broken

Full Changelog: 5.6.0...5.6.1

Assets 4
Loading

Version 5.6.0

07 Mar 21:50
@SamuelHassine SamuelHassine
5.6.0
af0ed1b
This commit was signed with the committer’s verified signature.
SamuelHassine Samuel Hassine
GPG key ID: 966CA4FD74C31B9B
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 5.6.0

Dear community, we are so happy to announce that OpenCTI 5.6.0 has been released 🎉! First of all, this new version fixes multiple issues in the analyst workbench, the dashboarding engine as well as various knowledge screens 🤯. In terms of features, it brings various major enhancements to our threat intelligence platform 🚀:

  • Be able to customize mandatory attributes for each type of entity (default values for each of them will come in the next release) 🪄 .
  • Cumulation of technical creators (connectors / users) to keep all sources of an entity over time 💭.
  • Be able to turn a "stream" (feed) to be public, and all public streams listed on a public page "/public" 🌍.
  • In synchronizers, it's now possible to consume public streams, and available streams on a remote platform are listed with their filters 📡.
  • 2 important enhancements of knowledge graphs, including lasso selection of entities and display of basic information for selected objects in a right panel 🎠.
  • All STIX indicators patterns are now canonicalized to avoid potential duplicated using STIX pattern grammar (ANTLR) 🧽.

⚠️ No breaking changes in this releases but 3 points to check / fix if necessary:

If you are using streams, they can now be turned off so check in the Data / Streams list that they are all turned on 🚦.

Old custom dashboard widgets have been deprecated, they will not be displayed anymore 🆕.

In custom dashboards, a huge refactor / improvement have fixed several bugs, and some widgets may have been impacted / reversed (check the "Display source" toggle if you find the displayed data to be inaccurate) 💡.

Enhancements:

  • #2984 Custom Dashboard - Add workflow status filter
  • #2952 In "indicators" list, add a filter for "indicator_types"
  • #2951 Rename right column filters in indicators and request pattern type OV
  • #2927 Add suport for consists-of between infrastructure and infrastructure, observed-data, + sco
  • #2923 The relationship type targets is not allowed between Attack-Pattern and System
  • #2921 [back/front] Improve relations based dashboard widgets
  • #2886 Cumulate creator_id when upserting an entity
  • #2877 Change Redis trimming default settings to 2 millions (8G average)
  • #2875 Improve Redis cluster configuration + platform stops when redis is not available
  • #2869 Marking definition information leak in entity history
  • #2860 Improve live stream to continue to send Heartbeat during long resolutions
  • #2843 Address/Postal Code support on Position GUI
  • #2817 Some entity fields are not aligned in creation and update
  • #2867 Unable to remove first_seen and last_seen atrributes from Indicator objects in UI
  • #2735 Checkboxes / selection in all "Event" categories (incidents / sightings / observed data)
  • #2606 Be able to make a stream "public" and create a public page
  • #2562 From the "mass operations" toolbar, be able to create a report and add the selected entities
  • #2447 Expand Pattern Types to include Major AV Vendors
  • #2239 Be able to hide any menu and sub menu
  • #2159 View entity details on graph panel
  • #1941 [FR] Request for the knowledge graph for reports to have the ability to be multiselected (via drag box/ window)
  • #1850 Allow to make some entity/fields mandatory
  • #1809 Unable to modify a observable in a report knowledge space
  • #1683 Improve "location" and the location form
  • #1667 When hovering over observable in Report, show related objects
  • #1551 STIX patterns that are equivalent are not canonicalised which creates duplicate objects

Bug Fixes:

  • #2980 Exit 1 / platform shutdown when Redis becomes unavailable
  • #2979 In demo, on indicators when filtering with email address, IPs are displayed
  • #2976 In Observations => Observables, filters do not impact the URL
  • #2970 Usage count of open vocab is broken
  • #2963 Specific dashboard filters cause crash of the dashboard
  • #2960 Deleted trigger still processed by the notification engine
  • #2959 Filtering of live streams with Detection:Yes
  • #2945 No submit button to modify a note
  • #2942 [Platform] SCO's disappear from the analyst workbench
  • #2941 [Platform] Once a note is created the body can not be edited
  • #2936 Observations/Indicators filtering by Creator
  • #2930 When more than 200 markings exists in the system, user build is failing
  • #2928 [backend] X-TAXII-Date-Added-First/Last response headers are broken
  • #2915 "is_family" is "null" in STIX because of "Is family" is "NOT APPLICABLE" in portal. stxi2-validator will fail if is_family is null
  • #2909 Workbench won't display when this PDF is imported
  • #2908 Workbench File hash indicators disappearing when changing any entity's type
  • #2906 File observables search broken in bulk search
  • #2902 Report/Entities inside creation is not consistent and can lead to several problems
  • #2900 Dashboard number widget must take care of the global filtering dates
  • #2896 The relationship type "contains" is not allowed between StixFile and Url
  • #2894 Details panel not updatable with enforce reference enable on Malware entity
  • #2885 Error when trying to update a Note
  • #2881 [Front] Incorrect Events filters
  • #2878 Memory leak issue due to misuse of the dataloader
  • #2873 [back] Automatic session refresh is broken after redis cluster support
  • #2870 When entering an open vocab, right menu is not highlighted
  • #2856 Delete a vocabulary let the dialog opened (and redirect instead of removing the node from the store)
  • #2845 Organization segregation breaks access to TAXII collections
  • #2844 Entity types settings page broken
  • #2842 FIlter "relatedTo" not take into account the entity types palette
  • #2840 Unknown entities when adding an observed data
  • #2837 link to Location/Sightings
  • #2835 Graph names display after update of some elements
  • #2485 Optimize the query on the screen "Intrusion Set X => Analysis => Graph view"

Pull Requests:

  • [Front] Graph names display after update of some elements (#2835) by @Archidoit in #2836
  • [Front] Refacto Incident component into .tsx pure function by @marieflorescontact in #2805
  • [Front] Enable to modify an observable in a report knowledge space (#1809) by @Archidoit in #2834
  • [Front] Highlighted right menu in deep route for Access and Labels/Attrib...
Read more

Contributors

richard-julien, SamuelHassine, and 6 other contributors
Assets 4
Loading

Version 5.5.4

09 Feb 09:32
@SamuelHassine SamuelHassine
5.5.4
1dc342e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 5.5.4

Dear community, OpenCTI 5.5.4 is out 🥳! It is a hotfix release which solves major issues of the 5.5 branch 🛠. This new version fixes the history generated by the rule engine as well as issues affecting the analyst workbench 💡. Also, CISA and MISP connectors has been enhanced. Last but not least, the Microsoft Sentinel connector has been released thanks to @The-Stuke 🔥!

Enhancements:

  • #2830 Ability to relate an Indicator and Infrastructure via 'indicates' relationship
  • #2826 Improve user loading in history + align creator loading on multiple screens

Bug Fixes:

  • #2825 Resolution of entities in files can fail because some IDs are null
  • #2824 Rule manager "activated" field still relies on static config
  • #2823 History of rule engine creating inferred meta relationships is not correct
  • #2821 List export errors (ordering, cases, location)

Pull Requests:

Full Changelog: 5.5.3...5.5.4

Contributors

richard-julien, The-Stuke, and Archidoit
Assets 4
Loading

Version 5.5.3

06 Feb 02:22
@SamuelHassine SamuelHassine
5.5.3
4d7900c
This commit was signed with the committer’s verified signature.
SamuelHassine Samuel Hassine
GPG key ID: 966CA4FD74C31B9B
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 5.5.3

Dear community, OpenCTI 5.5.3 is out 🥳! This huge release aims to fix all known issues and bugs affecting our community and customers and introduce major features in the platform 💥. One of the most important fixes is a better management of the workers cache which solves performance decrease over time (and the need to restart workers from time to time)⚡️ as well as many issues in the new dashboarding engine (some widgets remain empty) 💫. Also multiple connectors / export / UI problems have been solved 🔥.

That being said, OpenCTI 5.5.3 offers deep and essential enhancements. First of all, the long-awaited notifications system, with customizable triggers and digests which ring the bell in the UI, by email and, in the future, with webhooks or specific connectors 🎊. Also, we plan to add "quick subscriptions" buttons everywhere in the user interface very soon, to be able to subscribe to specific threats, vulnerability, sectors, country, etc 🧬. Also, this milestone finally introduces negative filtering everywhere and open the door to much more complex filtering capabilities (boolean operators, complex syntax, etc.) 💡.

Furthermore, a new type of location now covers areas between a city and a country (for administrative zones, sub-regions, states, etc.) 🗺️. The export capabilities now takes into account checkboxes, so it's possible to pick-up entities to be exported in all lists without targeting them with specific filters 📄. All entities in the platform can now be "assigned" to specific users and parameters for each entity types (workflows, external references enforcements) are now available in a comprehensive space of the platform settings ⚙️. Moreover, the platform now supports Redis cluster, which was the latest OpenCTI dependency to not be deployable as a cluster. Also, it's possible to enforce 2FA in platform settings.

Last but not least, the first version of the case management is here 💼. Even if tasks and proper discussion system is not available yet, the new "case" entity type already supports subscriptions, notifications, assignments, graph visualization, merging, etc 🪄. By using OpenCTI to handle incident response cases and, in the future, requests for information or takedown requests, the power of the platform is available out of the box 🔦.

Enhancements:

  • #2788 Improve pagination management + UI handling of disabled managers
  • #2781 Protect the platform from missing resolution due to shard failure
  • #2753 Organization/Knowledge add Vulnerabilities to Arsenal to the filters on the right.
  • #2746 Add Confidence Attribute if missing on entities
  • #2722 Add a shortcut on containers list (general and in "Analysis" of entities) to the content section
  • #2709 Engines / schedulers awareness across cluster of instances
  • #2703 Automatically generate ID in external references
  • #2683 Reorganize settings for entity types
  • #2588 [back/front] Be able to use negative operator in filters
  • #2504 Be able to enforce MFA in the settings of the platform
  • #2415 Remove investigation from investigations list
  • #2413 Implement a generic notification bus and migrate the subscription systems to the bus
  • #2385 Add States to Location
  • #2138 Analysis ownership or accountability
  • #1741 Export only selected entities
  • #1400 Support Redis cluster
  • #243 Case management for incident response and request for information

Bug Fixes:

  • #2814 Incident pages never show a donut chart of Observables distribution
  • #2807 Observables copy from the Tool Bar: copy only the 10 first element
  • #2806 Can't insert Observables from entity>Knowledge>Observables
  • #2804 List exports bugs for contained data
  • #2802 Can't update incident assignee(s)
  • #2801 Once update stop time, it can't be updated to "none" on the relationship between Threat Actor and Attack Patterns
  • #2800 Updating Start time and Stop time of relationship between Attack Patterns and Threat Actor, it couldn't update by inputting mm/dd/yyyy manual without selecting the calendar.
  • #2795 [Demo][5.5.3] Attempting to add an observable of file in an analyst workbench in a report goes to error screen
  • #2794 [5.5.3] Demo works on report's entities screen but breaks on report's Observables
  • #2793 Some dashboard widgets do not work as expected
  • #2787 Performing bulk operations via Global Search results in an inaccurate scope being passed to the background job
  • #2779 Can't update a relationship
  • #2776 Error in Intrusion set > attack patterns
  • #2770 Error with Attack Patterns (Intrusion Sets)
  • #2769 Can't filter Incidents by Incident type
  • #2762 Latitude/longitude values should stay float if updated
  • #2760 BaseUri / BasePath is not always correctly set
  • #2757 Incident/Knowledge/Observables once you select filter it provides an error
  • #2756 Error when select Entities/Individuals/Knowledge/Threat-Actor or Intrusion-set
  • #2752 Arsenal/Vulnerabilities doesn't display the number of entities
  • #2744 Rule on sightings throw errors
  • #2738 Number of elements of list is written in local storage which leads to inconsistent count.
  • #2732 relationship_image relation only allows 1 relation
  • #2730 Analyst Workbench does not appear to parse STIX Observables of type File
  • #2729 Bug when creating an external reference

Pull Requests:

Read more

Contributors

richard-julien, SamuelHassine, and 5 other contributors
Assets 4
Loading

Version 5.5.2

12 Jan 08:15
@SamuelHassine SamuelHassine
5.5.2
904f7d5
This commit was signed with the committer’s verified signature.
SamuelHassine Samuel Hassine
GPG key ID: 966CA4FD74C31B9B
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 5.5.2

Dear community, OpenCTI 5.5.2 has been released! 🙌  The main changes focus on some user experience enhancements and major bugs fixes affecting the 5.5 branch. Among bugs fixes, we have fixed the Incidents section 💥, the sorting of some items such as Notes, Opinions as well as an error which can prevent some connectors to run correctly.👾⚒️

In term of user experience 📺 many screens have been reworked such as the possibility to navigate on the external reference everywhere instead of opening a link 🎇. An enrichement button has been added in all containers display.😎 It's now possible to display all marking definitions in list on mouse over 📜. Threats targeting a specific identity or locations can now be filtered by sector or any other cross-targeting. 🤩

Enhancements:

  • #2720 Enable import button in all types of entity
  • #2710 Add the enrichment button in ContainerHeader
  • #2708 Be able to "go" on the external reference everywhere instead of opening the link
  • #2707 Visualize HTML in read-only in "content"
  • #2704 Display full text of Marking Definition on mouse hover
  • #2473 Be able to list threats targeting a specific country and sector (with advanced filters)
  • #2218 Add information icon and explanation on retention time
  • #1404 Marking level display (almost) everywhere
  • #544 Be able to filter by countries/regions AND sectors

Bug Fixes:

  • #2719 Verify/create push_sync and listen_sync queues at platform start
  • #2714 Error when sorting by some items
  • #2712 Marking definition and organization segregation are applied to works management
  • #2711 Incorrect values for Incident severity break incident listing in version 5.5.1
  • #2697 DataSources knowledge is broken
  • #1461 Connector Run Error
  • #1440 Intrusion-set activities widgets also include "Attack Pattern"

Pull Requests:

  • [api] TS on StoreLoadById and InternalLoadById by @Kedae in #2460
  • [Front] Debug Knowledge url in DataSource/DataComponent (#issue/2697) by @SarahBocognano in #2699
  • [api] Add received_time and processed_time to WorksFilter enum by @sc0ttes in #2705
  • [front/api] Fix on issue for relationTypes list in expand menu by @Kedae in #2693
  • [Back] bug fix: order lines by Creator for Notes, Opinions and Extern… by @Archidoit in #2715
  • [Front] Adding enrichment button in ContainerHeader (#2710) by @Archidoit in #2716
  • [Front] full MarkingDefinition displayed on mouse hover (#2704) by @Archidoit in #2717
  • [front] Add targets view to Localisation/Entities/Vulnerability to get all the targeting entities + Filters by @Kedae in #2698
  • [front] Fix for externalReferences count and selection by @Kedae in #2723
  • [all] Release 5.5.2 by @SarahBocognano in #2724

New Contributors:

Full Changelog: 5.5.1...5.5.2

Contributors

sc0ttes, Kedae, and 2 other contributors
Assets 4
Loading

Version 5.5.1

29 Dec 22:08
@SamuelHassine SamuelHassine
5.5.1
a4e9d83
This commit was signed with the committer’s verified signature.
SamuelHassine Samuel Hassine
GPG key ID: 966CA4FD74C31B9B
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 5.5.1

Dear community, OpenCTI 5.5.1 is out 🎉! This version fixes all known bugs of the 5.5 branch and introduces multiple features and user experience enhancements 🤯.

First of all, all "knowledge" views can now be visualized as list of entities or relationships 💡, which allows analysts and stakeholders to sort and search in them more simply 🔬. Then, we've added new attributes on notes to cover different use cases and comments capabilities and a dashboard widget to display the bookmarked entities 🚀.

Also, in terms of user experience, usage of checkboxes, colors and technical creator has been extended in multiple sections 🎨. The left menu can now be collapsed to ensure a better display of screens 🖼️.

Finally, it's now possible for users to provide a global feedback to administrators 🌠, which creates a case, in preparation of the upcoming case management system for incident response and requests for information 💼.

Enhancements:

  • #2681 [back] Prevent name update if already available in aliases
  • #2654 x_opencti_score showing as "Unknown" is inconsistent
  • #2621 [Feature] Rework of Filter.js
  • #2558 In custom dashboards, create a new widget with "favorite" entities for quick access
  • #2553 Introduce "entities" view in all knowledge sections, reverse views order and check filters
  • #2520 Be able to provide global feedback (free text field) to the plateform owner
  • #2511 Note of type "assessment" should be displayed differently
  • #2506 Add attributes “Likelihood” and note_types in note
  • #2496 Allow filtering for labels in the Global>Activity>Vulnerability list custom dashboard
  • #1688 Implement ordering on every column (and drop the "entity type" column)
  • #1512 Ability to filter objects by Creator

Bug Fixes:

  • #2679 [back] Inference cleanup/deletion can fail after successive cleanup
  • #2672 Unable to view External References
  • #2669 Can't access to my reports
  • #2667 Bug: Context Filter in Groupings
  • #2662 Some knowledge pages are broken when trying to orderBy some columns
  • #2658 Delete in background task is not working
  • #2657 Cannot Filter Feeds by "Score higher than or equals"
  • #2655 Unable to dowload an export file in lists
  • #2653 This page is not found on the OpenCTI application

Pull Requests:

New Contributors:

Full Changelog: 5.5.0...5.5.1

Contributors

richard-julien, SamuelHassine, and 5 other contributors
Assets 4
Loading

Version 5.5.0

16 Dec 18:52
@SamuelHassine SamuelHassine
5.5.0
1615d51
This commit was signed with the committer’s verified signature.
richard-julien Julien Richard
GPG key ID: 5A3D156BFCC8BAA7
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 5.5.0

🔔 Dear community, we are very happy to announce the release of OpenCTI 5.5.0 🥳! A new amazing milestone in our journey to make OpenCTI more relevant for CTI analysts, SOC teams and incident responders ✨. We would like to thank all the contributors who, once again, made an amazing job especially by bringing new connectors to life (Domain Tools, FlashPoint, Recorded Future, CrowdSec, Sophos Labs Intellix and much more...) 🚀.

On the core platform side, this new version brings major features and bugfixes 🎁:

  • Fully reworded dashboarding engine with dynamic filtering and widgets which will allow you to build advanced KPIs across the whole knowledge graph 📊.
  • Custom ontology for all open vocabularies with alias management and merging so you can map your own ontology with the STIX one and any other vendor-specific categorization 📜.
  • Massive copy/paste of observables and enhancement on list selection across all screens (shift selection, etc.) ❤️‍🔥.
  • Introduction of new types of entity to handle MITRE data components and data sources as well as detection courses of action 🖥️.
  • Timeline view in all report that will continue to be enhanced with interval customization and horizontal views in the future ⌛.
  • On-the-fly container creation (report or grouping) by selecting entities you would like to add 📋.
  • Automatic creation of external references when a file is uploaded 🏢.
  • Multiple enhancements in notes management, workspaces and organization seggregation ⚙️.

This major version was also the opportunity to prepare the field for the future full-fledged case management system (and integrated notifications bus) 🔥, with enrichment connectors for SIEMs, XDRs and operational subsystems in modern IT environments 📡. As usual, latest version of Elastic and Redis are supported by OpenCTI 5.5.0 🎀.

Enhancements:

  • #2650 Improve note management for participating users
  • #2640 Protect platform organization change with SET ACCESS capability
  • #2625 Add organizations to SSO Users when login in
  • #2581 Display data labels in charts
  • #2534 Add a background task capabilities to massively add entities to a container
  • #2425 Custom Dashboards Entity Filtering Feature Request
  • #2417 Automatically create external references when a file is uploaded in an entity (settings in platform)
  • #2410 Heatmaps everywhere, including dashboards
  • #2409 Enhance dashboard widgets: multi-data + filters
  • #2173 Timeline view in reports
  • #1724 Add a copy button to the toolbar in Observations page
  • #1602 [Custom Ontology] Ability to add/edit parameters for objects such as Malware, Indicator, Intrusion Set
  • #1554 Compare activity of multiple entities
  • #1348 Dashboard Filter
  • #1342 Ability to SHIFT+select multiple objects to edit in bulk, rather than clicking on each individual object
  • #680 Adding "Data Source" and "Data component" entities

Bug Fixes:

  • #2647 Live stream invalid check of element access rights
  • #2637 CSVFeed: Removal of Entity -unknown Error
  • #2633 We can't create a course of action from an attack pattern
  • #2631 Error occurs in Observable > Knowledge > adding a Nested object
  • #2626 SSDEEP hashes stored in lowercase
  • #2617 Unknown Error when attempting to sort investigations by modification date
  • #2609 Missing organizations in user create/edit screen

Pull Requests:

New Contributors

Full Changelog: 5.4.1...5.5.0

Contributors

richard-julien, SamuelHassine, and 6 other contributors
Assets 4
Loading

Version 5.4.1

24 Nov 17:28
@SamuelHassine SamuelHassine
5.4.1
51c2ea9
This commit was signed with the committer’s verified signature.
SamuelHassine Samuel Hassine
GPG key ID: 966CA4FD74C31B9B
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 5.4.1

Dear community, OpenCTI 5.4.1 has been released 🎉! This new version fixes all known bugs affecting the platform especially the creation of indicators without kill chain phases, sightings screen and bulk enrichment of artifacts 🎊. OpenCTI 5.4.1 also contains some performance and export improvements ✨.

Enhancements:

  • #2600 [front] Add sharing organization capability to indicator
  • #2599 [back] Prevent organization sharing to be empty by an upsert
  • #2596 Issue with valid_from field when creating indicator
  • #2592 [back] Improve containerWithRefsBuilder for fastest rescan and live handling
  • #2587 Inconstant use of "Indicator Type" terminology & Limited Indicator filtering ability
  • #2580 [BUG][5.4.0] Custom SAML config options dont seem to be passed to passportjs
  • #481 Export improvement. Use file to ask list of ids or queries

Bug Fixes:

  • #2604 Bulk enrichment from artifacts doesn't use whole filter
  • #2602 [front] Sighting screens keep reloading
  • #2594 [BUG] Multiple Indicator Type Filters in live datastream
  • #2593 [BUG] Cannot create indicator with KillChainPhases
  • #2579 [BUG] OIDC reports invalid token from ADFS
  • #2578 [BUG/FEATURE] 5.4.0 Upgrade Revoking Indicators w/o valid_until set on upgrade

Pull Requests:

Full Changelog: 5.4.0...5.4.1

Contributors

richard-julien
Assets 4
Loading

Version 5.4.0

18 Nov 17:39
@SamuelHassine SamuelHassine
5.4.0
3f3fdce
This commit was signed with the committer’s verified signature.
richard-julien Julien Richard
GPG key ID: 5A3D156BFCC8BAA7
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 5.4.0

🔔DING! DING!🔔 Dear community, we are so proud to announce that OpenCTI version 5.4.0 has been released 💥! This was a huge joint effort from the brand new Filigran engineering team as well as all community contributors 🍻. Thank you everyone for your continuous efforts to make OpenCTI the world leading threat intelligence platform 🙏!

This milestone contains important new features but also the implementation of more systematic development best practices (TypeScript, pure functions, etc.) 🧩 that will allow us to speed-up future milestones in the months and years to come 🚀.

First of all, OpenCTI 5.4.0 brings long-awaited features 🎁:

  • bulk search of entities and observables in the platform 🔍;
  • customization of workflow statuses for all types of entity 🛠️;
  • introduce an analyst workbench to modelize entities and relationships massively and easily before create the knowledge in the platform 👩‍💻;
  • new inference rules to propagate reports to parent entities (sectors / locations) 🗺️;
  • performances improvement due to the new way to validate indicators syntax (creation of indicators speed x10) 🚅;
  • it is now possible to deny connectors from creating new labels and keep a set of pre-defined labels in the platform ✨;
  • country flags for IPs when located-at relationship is set to a specific country 🏴;
  • new specific capabilities for notes and opinions to allow feedback even from read-only users ✍️;
  • implement the STIX 2.1 "Grouping" entity type to allow information clustering without creating a report when it is not relevant 📦;
  • Japanese translation, OpenTelemetry, investigation improvements and much more 💝...

Last but not least, this release introduces a major new data segregation and sharing capability by organization 🏢. This allows administrators to associate users to organizations (organizations can belong to parent organizations as well) and to distribute knowledge across one or multiple organizations in the platform 🔓.

It is also possible to set a default organization for the whole platform to restrict all data and starting to share progressively information 🌎. A demonstration video will be published to better explain this new feature which will help organizations to open access to third-parties / constituents with full confidence about the confidentiality of the data 🥳.

⚠️ All internal-export-file connectors should now be launched with a user which has the Administrator role, because they now impersonate the user requesting the export to prevent data leak.

⚠️ All technical creators (users) of existing entities are no longer mapped on the history and then are displayed as "SYSTEM". New entities / relationships will be created with the correct creator fully modelized. If you would like to recover the creators information of your existing data, you can launch a background task (based on the history) on the selected entities (or all of them) using the mass operations toolbar Update => Replace => Creator.

⚙️ When using the organization segregation capability, it is recommended to enable the inference rule ORGANIZATION PROPAGATION VIA PARTICIPATION so it will propagate if a user A participates in organization B and organization B is part of organization C, then the user A also participates in organization C.

Since the last release, minio implements breaking change. If you decide to upgrade minio, a procedure must be applied. Please read https://min.io/docs/minio/linux/operations/install-deploy-manage/migrate-fs-gateway.html

Enhancements:

  • #2543 [api] Improve version checking of platform start
  • #2535 Be able to hide background tasks screen using RBAC capabilities
  • #2530 Add new attributes to the entity incident
  • #2502 Improv dev env by injecting a data set
  • #2483 Be able to use workflow status in the stream filters
  • #2475 Implement the "Grouping" STIX 2.1 entity as a container
  • #2470 Limit the history message length both in backend (when inserting) and frontend
  • #2464 Title and meta description of the platform
  • #2463 [api] Add usage of impersonate feature to connectors
  • #2456 Add Japanese translation
  • #2446 Add "Shodan" Pattern Type to Indicators
  • #2435 [api] Filters support multiples keys to search on
  • #2420 Add a quick filter for sighting lists (false / true positive)
  • #2408 Full refactor of pre-validation screen into an analyst workbench
  • #2414 Support "content_ref" for StixFile to Artifact (obs_content ?) relation
  • #2406 [Feature] Filter for 'Score less than' within Retention Policy Rules
  • #2401 Improve of performance indicator checkIndicatorSyntax function
  • #2397 Enhance the view of the rules definition in the frontend
  • #2341 [rules] Add report objects related rules
  • #2336 Bulk search of SDOs and SCOs
  • #2331 Mass delete labels
  • #2293 Add Infrastructure fields to UI when creating new Objects
  • #2263 Ability to search OpenCTI for a list of Observables (as opposed to one by one)
  • #2196 Finer access controls for Reports for feedback - Separate "Opinions" as a knowledge creation access control under roles.
  • #2188 Add organizations restrictions on top of markings to increase data segregation possibilities
  • #2163 Entity details edition during data import
  • #2116 Session refresh on user rights change
  • #2109 Create/Update notes and opinions specifying author with a different user
  • #2029 Add technical creator in data + ordering/filtering
  • #1991 Exporting Report details, Malware or Intrusion Sets is hard to do
  • #1943 Ability to create additional custom workflow status names straight from the UI if possible.
  • #1934 Ability to expand to any kind of entity from Investigations Workspace
  • #1867 Removing report
  • #1799 Bulk creation of knowledge around a threat entity
  • #1781 STIX ID standard is useless to analysts but have the most visible spot in item pages
  • #1757 Add Indicator to Report when Observable+Indicator created within the context of a Report
  • #1755 Be able to select labels to import
  • #1730 Add country flag icons to IPv4/IPv6 observables
  • #1596 Expose worker metrics for prometheus
  • #1468 Remove entities after report deletion
  • #1428 Suppressing an entity does not suppress its relations
  • #1182 Infrastructure, Systems and Vulnerabilities
  • #1071 No way to implement STIX's Windows Service (and Process) extensions

Bug Fixes:

  • #2550 Events/Incidents/Observables. Doesn't display more than 25 observables.
  • #2487 Empty channels type break the UI
  • #2448 Pending Imports UI potentially referencing incorrect path for STIX bundles when APP__BASE_PATH is set

Pull Requests:

Read more

Contributors

richard-julien, SamuelHassine, and 5 other contributors
Assets 4
Loading

Version 5.3.17

09 Oct 19:35
@SamuelHassine SamuelHassine
5.3.17
70d2c41
Compare
Choose a tag to compare
Version 5.3.17

Dear community, OpenCTI 5.3.17 has been released 🎉! This is a hotfix for a few minor bugs in the user interface and some connectors updates in the ecosystem 🐨.

Enhancements:

  • #2351 Report's Correlation View does not show all "correlated" data
  • #1784 Add aliases to CVE
  • #1674 Add filters for display before image export
  • #1610 Ability to control merging of entities
  • #1576 Implement more complex exports forms
  • #1563 Display error in distribution of entities in reports for cryptocurrency wallet
  • #1484 Organize objects in Knowledge Graph into tree while forces are disabled
  • #1469 View reports in the master graph
  • #1381 Filter types of entities included in Incident Global Kill Chain/Timeline
  • #1108 Create relationships between observables in the context of a report

Bug Fixes:

  • #2432 Synchronizer Erroring and Looping
  • #2426 don´t see the Marking Definition

Pull Requests:

Full Changelog: 5.3.16...5.3.17

Contributors

ckane
Assets 4
Loading