Skip to content

Releases: OpenCTI-Platform/opencti

Version 5.2.1

26 May 12:26
Compare
Choose a tag to compare

Bug Fixes:

  • #1940 Local docker build failing
  • #1939 Change express default timeout to help ingest big reports
  • #1938 Error when update from 5.1.4 to 5.2.0

Full Changelog: 5.2.0...5.2.1

Version 5.2.0

03 Mar 14:32
Compare
Choose a tag to compare

Dear community, we are very happy to announce that OpenCTI 5.2.0 has been released πŸ₯³! This new version is mostly linked to the full upgrade of all platform underlying dependencies 🀯. As OpenCTI is a growing ecosystem, it is so important we can deliver our roadmap while keeping our key commitment to provide a modern platform using latest technologies and seamless user experience πŸ’Ž.

By introducing a new build system, some TypeScript and all up-to-date libraries, we've also prepared ourselves to deliver more quickly all the features expected for the coming year πŸš€, especially around STIX Schema extension, custom ontologies, case management and more connectors 🎁. Also, a huge work around a new correlation engine will begin in a few months!

This version includes full refresh of both dark and light themes (fully customizable), as well as new charts over the entire platform 🌈. Some important bugs have been fixed on single sign on features and a few management screens βš™οΈ. Also, fuzzy hashing will not lead to hash collision anymore. Some connectors such as MISP, RiskIQ and Shodan have been updated to fix some minor bugs when creating relationships or indicators 😎.

For the moment, the HTML enriched-text editor has been removed. It will be re-introduced in the next releases.

Enhancements:

  • #1931 Create additional permission to manage who can dynamically create new Report types, Malware parameters, TA parameters, etc
  • #1925 OpenCTI dark mode and label color
  • #1924 Be abble to click on the Knowledges timelines
  • #1916 Add option wantAssertionsSigned in the SAML configuration
  • #1913 Creation of a campaign with an accurate first_seen timestamp
  • #1911 OpenID Configuration not applying
  • #1900 Creation of an attack pattern without description
  • #1895 Introduce typescript in graphQL API
  • #1891 Upgrade graphql API dependencies to latest graphql implementation
  • #1886 Change report types management to be only based on database values
  • #1883 Add configuration option for certificate passphrase
  • #1882 Elasticsearch SSL CA configuration meaning changed in 5.1.2, but didn't get documented
  • #1874 Update of field description in a resolves-to relationship is not possible
  • #1594 Bump Material UI
  • #1260 Misunderstanding in targeted countries (3 last months)

Bug Fixes:

  • #1923 widget area/vertical bar x-axis issue
  • #1910 Errors when sending email subscription but no information of the problem are provided
  • #1908 Reference creation fails
  • #1899 listEntitiesByHashes should not look for fuzzy algorithm to prevent unwanted merging
  • #1897 Update Notion Links in Documentation
  • #1884 Creating multiples resolves-to between a domain and an ip raises a cyclic relationship error
  • #1881 Export to PDF doesn't work in "Global Kill Chain" under Knowledge of Intrusion set
  • #1879 GraphQL Pagination Query cursors not working
  • #1828 Error Updating Author
  • #1807 Descriptions modifications are sometimes not taken into account

Pull Requests:

New Contributors:

Full Changelog: 5.1.4...5.2.0

Version 5.1.4

07 Feb 13:35
Compare
Choose a tag to compare

Dear community, OpenCTI version 5.1.4 has been released πŸš€! This is the last minor version before we start to work on new features and enhancements planned in 2022 πŸ€“. This milestone includes multiple bugfixes and performance improvements πŸ’ͺ! We have finally managed to dynamically load the latest ElasticSearch / OpenSearch clients by detecting automatically which one is used on the backend side πŸ’‘.

Also, multiple connectors have been fixed, including MISP, RiskIQ (@axelfahy), TAXII 2 and Elastic Security 🎊. One new connector for VirusTotal download has been added by @YungBinary. Finally, we have introduced a new button in the connectors overview page to give administrators the capability to purge all stale works to release the pressure on Redis keys 🧹. Don't hesitate to use it especially if you have stalled enrichment jobs πŸͺ›.

It's now the time to prepare a global bump in platform features and user experience, with new charts and graphs, lighter user interface and more seamless experience when pivoting between the data, among an overall theme enhancement and a lot of new features ✈️.

Enhancements:

  • #1875 Separate ElasticSearch / OpenSearch library loading (and bump)
  • #1846 Migration and button to purge all stale works in connectors
  • #1819 OPENID CONNECT : Add possibility to retrieve first name and last name
  • #1651 Chinese translation

Bug Fixes:

  • #1853 Bug when creating and deleting a relationship
  • #1852 Change the status of a campaign
  • #1843 Does not exit properly from main process when handles SIGTERM
  • #1834 Adding External Reference to File object (possibly other SCOs), while creating that object, results in Error
  • #1832 Stream closed when too many dependencies exists for the resolved element
  • #1821 Notes : not possible to scroll down + not visible selection of related objects
  • #1818 Cyclic relationship between domain-name and ipv4-addr
  • #1816 Issues with the label&attributes tab parameter : cannot create label from the parameters, cannot manage attributes and cannot scroll
  • #1802 Bugs with the display of some types of relations
  • #1801 Error message when suppressing a relation between two entites in the knowledge graph of report
  • #1800 File download url can lead to platform shutdown if user is not authenticated

Pull Requests:

  • add Chinese translation in Localization.js by @little-roach in #1827
  • [worker] Implement dynamic timeout in thread dispatch loop by @ckane in #1797
  • [frontend] Fix Analysis Correlation Graph edge creation by @ckane in #1798
  • [api] Introduce dynamic client selection between elastic and opensearch by @richard-julien in #1878

New Contributors:

Full Changelog: 5.1.3...5.1.4

Version 5.1.3

27 Dec 18:00
Compare
Choose a tag to compare

πŸŽ„Christmas release! πŸŽ„

Dear community, OpenCTI 5.1.3 has been released 🎁! This version includes a dozen bugfixes and important enhancements. First of all, a lot of organizations in the community have reported performances issues in general and especially when importing reports which contain a huge amount of entities or observables πŸ‘Ύ. This can lead to RabbitMQ timeout, Queues do not decrease or Overall low worker throughput. OpenCTI 5.1.3 fixes this issue and brings a bump in the OpenCTI performances πŸš€.

Also, multiple new connectors are available in this version πŸŽ‰, and we would like to thank @YungBinary and @stevie-codes for their contributions πŸ™. As always, the OpenCTI ecosystem page has been updated to reference all new integrations available in the OpenCTI platform πŸ†•.

Last but not least, bugs have been fixed in both user interface and API, whether related to mass operations including filters, base URL rewrite or automatic enrichment of all entities πŸ’ͺ. Next major releases are coming!

Breaking changes

Please note that the platform UI settings "Base URL" has been removed in favor of the base_url file configuration. This setting was only used for generating correct URL in emails of the Subscriptions & digests feature. For users using this feature, please setup the base_url configuration of your config file or use the APP__BASE_URL environment variable.

Enhancements:

  • #1772 Improve ingestion speed for massive reports
  • #1754 Add capability to support multiple OpenID Connect strategy providers

Bug Fixes:

  • #1795 [Report][Entities] Remove entity in successful list still shows tick in Add Entities popup
  • #1793 URLs are rewritten with an additional / when using a reverse proxy
  • #1791 Enable bulk changes when objects are selected using "Select all" feature
  • #1790 No labels on dashboard with functional date
  • #1782 The first seen and last seen attribute aren't saved in intrusion set page
  • #1780 Observables Display Error in Timeline
  • #1777 Vertical ultra vires attack
  • #1774 SDO enrichment is unable to initiate automatically
  • #1773 Adjust English language calendar to have accurate dates

Full Changelog: 5.1.2...5.1.3

Version 5.1.2

07 Dec 14:36
Compare
Choose a tag to compare

OpenCTI 5.1.2 has been released πŸ₯³! This version contains bug fixes for Python client, connectors and core platform (CVE connector, marking definition creation, etc.). It also allows indicators to be filtered using the revoked attribute πŸ”¨.

Enhancements:

  • #1768 Add a revoked filter everywhere
  • #1732 Create a feature to write a freetext as a .txt file for import

Bug Fixes:

  • #1767 History CSS alignment
  • #1763 Create a new mark definition
  • #1760 Filters are not taking in account when exporting indicators related to a malware
  • #1759 Observed data bug
  • #1752 Error when adding observable without hashes

Pull Requests:

Full Changelog: 5.1.1...5.1.2

Version 5.1.1

30 Nov 12:43
Compare
Choose a tag to compare

Dear community, OpenCTI 5.1.1 has been released πŸš€! This version hotfixes a few bugs which could prevent some organizations to use OpenCTI specific features. Some bug fixes for Python library and connectors are also included πŸ₯³.

Bug Fixes:

  • #1749 hashMergeValidation failed in some conditions
  • #1748 Infinite redirect with some user roles in dashboard
  • #1751 [Import-document] Demo instance 5.1.0 importing report shows no entities

Full Changelog: 5.1.0...5.1.1

Version 5.1.0

29 Nov 21:52
Compare
Choose a tag to compare

πŸŽ‰ DING DING!! πŸŽ‰

Dear community, we are very happy to announce OpenCTI 5.1.0 has been released πŸš€! This new version will provide all OpenCTI users with many bugfixes and long-awaited new features 🎁. Also, we would like to thank all contributors and testers who contributed to this new achievement πŸ™πŸ».

First of all, OpenCTI 5.1.0 introduces a proper retention management and garbage collector system πŸ—‘οΈ. It is now possible to create new retention policies based on multiple filters (entity types, attribute values, etc.) directly in the settings workbench βš™οΈ. In addition, we have re-worked hashes management in the platform. New mechanisms to merge/upsert existing hashes and avoid inconsistencies have been introduced so hashes management in OpenCTI in now 100% consistent with no possible duplicates or mistakes anymore πŸͺ„.

Moreover, when importing data whether manually or through connectors, it is now possible to use the parameter validate_before_import to leverage the new STIX 2.1 bundle pre-validation feature πŸ—„οΈ. Before the actual ingestion, analyst can now select/unselect entities and relationships which will be created in the context of an entity or globally. All connectors are compatible with this new parameter and examples of this usage are available in ImportDocument and ImportFileStix πŸ’‘.

Furthermore, a lot of organizations using OpenCTI have faced search latency issues, in dedicated areas or autocomplete fields such as authors or labels πŸ”Ž. We have finally managed to solve this issue and to increase by 20 the overall search performances πŸš„. In all list screens, the search keyword is now taken into account when requesting an export along with the current filters of the page πŸ₯³.

All graphs views have been enhanced and will be reworked in the future to increase display performances and user experience ⛓️. Also, two new optional global parameters have been introduced (app:enforce_references and app:reference_attachment) to enforce the usage of external references (and associated files) when creating/modifying entities and relationships (for intelligence deep analysis teams who need to "source" everything) πŸ–ΌοΈ.

A new rule is also available in the Rule manager settings for part-of relationships and as requested since a long time, users can now customize their home dashboard with a custom dashboards created in the workspaces workbench ✨.

Last but not least, it is important for us to highlight the amazing job done by @YungBinary and @axelfahy on developing and maintaining new connectors πŸ’. OpenCTI 5.1.0 provides the community with lot of new integrations: RiskIQ, IVRE Network scanner, CAPE sandbox, Cuckoo sandbox, VirusTotal livehunting, Intezer, Hatching Triage, UnpacMe, etc.This brings a true added value for the OpenCTI ecosystem πŸ¦„.

Please note that the connector ImportReport is now named ImportDocument (Docker and archives names have been changed accordingly). Also, this connector can now be used with contextual: false (not only in a report) and also with auto: true (using validate_before_import to avoid any problems).

Stay tuned for next steps πŸ˜‰

Enhancements:

  • #1740 Bug in victimology graph in dashboard section
  • #1736 External reference of entities could not be updated
  • #1722 Welcome dashboard functional date
  • #1709 Change the location of the reference error message
  • #1708 Freetext box to import txt files
  • #1707 Be able to create references when assigning
  • #1706 Attachment required for created external reference
  • #1677 In graph display all filters should be selected by default
  • #1676 Add Basic and bearer authentication session validation
  • #1672 Modify the login page Logo to integrate custom logo
  • #1670 Have de version number of the OpenCTI instance displayed somewhere visible in all the platform
  • #1746 Add a capability to bypass mandatory references
  • #1663 Missing menus in knowledge display for some types of objects (arsenal and entities)
  • #1662 Missing an inference rule for "part-of"
  • #1661 Search Query Latency Issue (Identities, ...)
  • #1659 Automatically clear research fields when changing pages
  • #1644 Custom dashboard settings
  • #1627 Inferences in V5 : multiple same case displayed
  • #1549 Minor spelling mistake in some relationship error messages
  • #1533 [FEATURE] Flatten File Observables on all hash types
  • #1518 When promoting file Observable to Indicator, include all hashes in the Indicator
  • #1504 Handle search box filtering in bulk actions
  • #1463 Add column of report status in Intrusion-Set, Threat-Actor and Campaign
  • #1431 Add events to the "Timeline" view
  • #1385 Notes : include in timelines
  • #1353 Improve handling of duplicate objects with different parameters (most notably, File objects)
  • #1228 Introduce a garbage collector on revoked entities and old observables (with customizable settings)
  • #881 Link between victim and attacker IP addresses
  • #810 Select/unselect IoC to import
  • #135 Provide STIX2 Validation on import with notification

Bug Fixes:

  • #1726 Taxii2 root doesn't have the required 'title' field
  • #1723 No title report in External References Tab
  • #1721 'yarn clean:relations' script SyntaxError: Invalid or unexpected token
  • #1720 Bug when alias is added
  • #1719 Consist-of, STIX documentation
  • #1716 System Identity type produces invalid standard_id
  • #1705 Observed-data is Unknown in Investigation menu
  • #1704 Disappearance of a direct relationship after creation
  • #1702 Bug when modifying a campaign
  • #1693 "Individual" entities can create a relationship with themselves
  • #1691 resolves-to relationship between two domain-names
  • #1690 OpenCTI API temporary unavailability during a Stix export of Observables can trigger again the export or let it displayed in running state
  • #1689 Error when clicking on "value" column for observables
  • #1684 Creation "plus" button hidden by map (display bug)
  • #1678 Some relations (nested) not taken into account in graph view of all analysis
  • #1673 Disrespectancies in date display for inferences relations
  • #1671 Backward jump of the graph while zooming (because of late refresh of the page ?)
  • #1658 Research field for linking together entities is not working properly
  • #1656 Problem with marking filtering in the investigation space
  • #1653 An irrelevant response with unauthenticated GraphQL requests
  • #1634 Indicator : "valid until" not correctly filled
  • #1632 Exports of knowledge graphs: the image is automatically zoomed out when captured (light th...
Read more

Version 5.0.3

21 Oct 10:50
Compare
Choose a tag to compare

Dear community, we have released a hotfix version 5.0.3. This version fixes a major bug in the TAXII collections πŸ₯³.

Enhancements:

  • #1405 Display the full name of an entity

Bug Fixes:

  • #1650 TAXII collection error

Full Changelog: 5.0.2...5.0.3

Version 5.0.2

20 Oct 18:28
Compare
Choose a tag to compare

Dear community, OpenCTI 5.0.2 is now available πŸ₯³! This new release fixes 13 minor issues and contains a lot of tiny enhancements πŸ€™.

The subscription scheduler is now optional by default, so SMTP configuration is not mandatory anymore πŸ’‘. Graphs of knowledge have been enhanced (higher resolution in PNG exports, reports in knowledge aggregation, etc.) and external references can now be enforced (in configuration) on any creation or modification for traceability πŸ“‘.

This release re-introduces the compatibility with ElasticSearch >= 7.10 (and OpenSearch >= 1.1) which has been broken in previous minor (5.0.1) 🎊.

Among all bug fixes, we have worked to ensure more consistency between screens, including the resolution of errors when using RBAC / data segregation 🧱. Also, the computation of valid_until field of indicators has been fixed (for the moment no migration of already ingested indicators, it will be in the next minor release).

Stay tuned for the next upcoming major releases: case management, garbage collector, and a lot more to come πŸš€!

Enhancements:

  • #1646 Improve background task error logging
  • #1645 Prevent operation on inferences when not permitted
  • #1623 Create a view for external references
  • #1621 Make rule engine correctly supported in UI when disable
  • #1615 Make subscription scheduler optional by default
  • #1606 Rule manager auto restart support in multiple API env
  • #1601 Maintains support of OpenSearch (auto disable features require by elasticsearch 7.10.1+)
  • #1595 Expose express server metrics for prometheus
  • #1592 Add reports in master graph
  • #1591 Datetime field in dashboards
  • #1590 Filter timelines
  • #1589 Take files into account in synchronization
  • #1569 Restrict individual live streams to specific user Groups
  • #1436 Enhance resolution of images when exporting a graph in PNG/PDF

Bug Fixes:

  • #1647 Cannot query Course of Action by x_mitre_id or external_id
  • #1641 No error message if start date is after stop date
  • #1640 Opinion radar not visible with light theme
  • #1639 Delay to take into account changes resulting in dropping them
  • #1637 Error with relations display when modifying inferences
  • #1634 Indicator : "valid until" not correctly filled
  • #1631 Error with exports : troncated marking levels
  • #1629 Cities coordinates cannot be filled (lat and long)
  • #1624 Top 10 Active Entities (Dashboard) widget show only the top 8 entities
  • #1618 Observed data unknown in reports
  • #1612 Can’t modify description field of entities
  • #1607 Can't remove atime, mtime, ctime from File observable in GUI
  • #1603 Multiple Groups in SAML response are seen as a single string

Pull Requests:

New Contributors:

Full Changelog: 5.0.1...5.0.2

Version 5.0.1

27 Sep 15:24
Compare
Choose a tag to compare

Dear community, OpenCTI 5.0.1 has been released πŸ₯³! This minor release includes several bug fixes for all known issues since the release of the version 5 πŸ‘Ύ. Also, a new rule has been introduced to automatically create incidents based on sightings in order to prepare our future case management system πŸ’‘.

One of the major enhancements in 5.0.1 is also the activation of new sorting capabilities (by observable "value", by author, by marking definition, etc.) 🎁, thanks to new ElasticSearch runtime fields. Next releases will be focused on garbage collection and case management, as planned in our strategic roadmap πŸ’ͺ.

This version requires ElasticSearch >= 7.12 (for observables sorting). This is not compatible with OpenSearch/AWS. Given the feedback from the community, we have decided to bring back the support of OpenSearch in the next version using a feature flag to disable this feature if not supported.

Enhancements:

  • #1588 Enhancement of modification reference
  • #1587 Add UI capability to manage x_opencti_stix_ids
  • #1585 Create the SightingIncident rule and adapt the observed sighting one
  • #1578 Migration to Yarn 2
  • #1571 Improve inputs resolution and change tests to use object_refs direct creation
  • #1570 Populate x_opencti_additional_names field of File observable when merging multiple file names
  • #1564 The deleted or merged entities should not be imported once again.
  • #1477 Multitenancy support
  • #1394 [frontend] Sort report observables causes crash

Bug Fixes:

  • #1586 Creating report with all object_refs unknown fail
  • #1582 Artifact STIX2.1 export
  • #1581 Artifact - Mutual exclusion of properties 'url' and 'payload_bin'
  • #1575 TAXII Collections Discovery URL
  • #1572 [frontent] File - Artifact relationship wrong name
  • #1517 It will show error if the TLP level is not granted to the user on the whole page

Pull Requests:

  • [worker] add the option to log as json in worker's opencti client by @axelfahy in #1583

Full Changelog: 5.0.0...5.0.1