Releases: OpenCTI-Platform/opencti
Version 4.3.4
Dear community, OpenCTI 4.3.4 has been released π₯³! This version introduces some tiny enhancements in the platform and fixes 2 bugs including 1 related to performance issues (back to normal now) π. Also, the connector ImportFileStix has been improved and is now compatible with STIX 1.X bundles (XML files).
As already mentioned, next works will be focus on connectors features, documentation improvements, massive operations in the UI as well as subscription to entities (daily/weekly digests of knowledge) π.
β οΈ If you've configuredcookie:secure(COOKIE_SECURE) totrue. You MUST remove this configuration or set tofalse.
Enhancements:
- #1194 Add a route to redirect any ID to the right dashboard
- #1180 Add one-click clear function and reverse election function in the indicator type selection sidebar
- #1143 Display additional object details when hovering over them in Knowledge Graph
- #916 Show the reports created by an organisation, by adding a "Display as" view mode
- #265 Organization display mode should be a user choice
Bug Fixes:
Version 4.3.3
π Dear community, OpenCTI 4.3.3 is out! Quick hotfix of performance issues in the 4.3.2.
Bug Fixes:
- #1220 Sessions not used in the worker, leading to performances issues
Version 4.3.2
π Dear community, we are glad to announce that OpenCTI 4.3.2 has been released π! It introduces a lot of new features and fixes all currently known bugs π οΈ. In the field of security first of all, this version includes the native TLS certificate handling and a completely reworked authentication mechanism (and sessions timeout) π‘οΈ.
About bugs, we've fixed 2 important bugs, one about all the overall full text search π, which was not pretty accurate until now and one other concerning the sectors/organizations/countries/regions de-duplication β . We advise you to upgrade and reset the state of the OpenCTI datasets connector to force a new import which will de-duplicate everything and fix all entities β¨.
Last but not least, the graph capacities have been enhanced π§¬, whether in reports or within the brand new workspaces which allow users to conduct investigations and pivots on all knowledge stored in the platform πββοΈ. It's now possible to disable forces or filter the nodes/edges using a timeline slider π―.
Enhancements:
- #1206 Display a time range selection in graphs
- #1198 Add Basic Auth for TAXII API
- #1196 [api] Implement session timeout (default 20 minutes) - Change authentication
- #1190 Ability to disable/enable the forces in the Knowledge graph
- #1188 Adding killchain phase to indicator creation
- #1160 Unable to change confidence level on entities other than a report
- #1080 A way to control which users can create/modify labels
- #1024 Attack patterns layouts
- #1209 Automatically start connectors when upload a report
- #550 Direct support of HTTPS instead of using a proxy
- #529 Malicious levels of observables (ie. VirusTotal) must impact indicators
- #21 Implement the investigation graph with workspaces
Bug Fixes:
- #1217 [api/frontend] Note abstract property should not be required
- #1215 Can't create an observable of type Directory
- #1214 Can't create an observable of type Process
- #1212 There is no entity type to select in Notes
- #1208 Duplicate sectors with the same name and/or aliases
- #1205 Individual List view doesn't load new entities when scrolling down
- #1199 Full text search is not prioritizing the name
- #1197 Unable to filter reports by status in the frontend
- #1189 Replace individualal with individual in source code
- #1187 Observable of type "user account" not displayed correctly in the GUI
Version 4.3.1
π£ Dear community, OpenCTI 4.3.1 version is out! This new release includes a lot of bug fixes and enhancements π. Knowledge graphs in reports and custom dashboards are now considered as stable, next step will be to implement a full graph investigation capabilities within workspaces π.
A lot of upcoming work for the next milestones: new connectors (especially for SIEMs), documentation enhancement, subscription to entities and use cases demonstrations (including training program and webinars) π¨βπ»π©βπ».
Enhancements:
- #1176 Add an option to limit the size of the OpenCTI Redis stream
- #1174 Implement nested relations in the report graphs
- #1159 OpenCTI UI : Create a "not clickable" external reference section for Threat Actors entities
- #1156 Refactored Knowledge Graph
- #1067 No way to set Threat actor field "Threat actor types"
- #1034 The most active intrusion sets, per country (in the context of dashboards)
- #1030 The most active malware (in the dashboard feature context)
- #675 Flag when objects (indicators, relationships, etc.) are no longer valid
Bug Fixes:
- #1181 Missing default_assignation in RolesOrdering and GroupsOrdering
- #1179 Switching between Write/Preview deletes ALL text in description-field
- #1177 In some case platform doesnt fallback to EN when client language is not supported
- #1166 Map in custom dashboard is not correctly displayed
- #1165 identity_class field not added to entities created from the knowledge graph
- #1162 Custom marking on Note not displaying in "Add notes" list
- #1158 Search filter value input issue.
- #1154 Potential vulnerability with query of settings
- #1153 Connector connectivity issues after adding auth options for elasticsearch
Version 4.3.0
Dear community, OpenCTI 4.3.0 has been released π₯³! This new version fixes all currently known bugs and includes the update of all dependencies as part of our 0-bug / 0-technical debt strategy πͺ.
We have also introduced a new user interface force graph technology within the platform π¦. This is just the beginning of many future works around graph investigation and visualizations in the platform β¨.
Next milestones will be focused on mass operations in the platform (deleting, tagging, select all, etc.) and subscription/notifications system to follow entities and receive knowledge digests π°.
Enhancements:
- #1149 [api] Improve data segregation to handle multiple marking type
- #1117 Prevent element creation in case of concurrent deletions
- #1113 Improve Elasticsearch configuration options
- #1068 Filter relationships in reports
- #866 Add a way to save the position of entities in knowledge graph view
- #593 Entities overlapping in relational graph
- #574 Filters entities in relational graph of report knowledge
- #504 Full refactor of knowledge graph and graph everywhere
Bug Fixes:
- #1146 Live update of the observable description doesn't always works
- #1142 Loading files in minio with special chars can fail
- #1141 Problems creating Attack Patterns via
send_stix2_bundle - #1138 Registry Value Observable displays as Unknown
- #1136 Base path context is not taken into account in the stream
- #1133 IdentitiesFilter should use x_opencti_aliases instead of aliases
- #1127 Attributes query search can fail and throw a READ ERROR
- #1132 Error while creating an observable type Directory
- #1124 Cant create key for X-OpenCTI-Hostname from empty data when creating a new hostname observable
- #1123 Duplicate STIX IDs
- #1120 Unable to create a new autonomous system in observables tab
- #1116 The attribute infrastructure_types is not readable in the API
Version 4.2.4
Dear community, OpenCTI version 4.2.4 has been released π₯³! Even if it's a minor release, we are glad to announce major enhancements in this version π. Among a lot of bugfixes, we have implemented the TAXII 2.1 API Endpoints π, with the capability to create custom collections based on some filters directly in the user interface π.
Also, we have dramatically enhanced the search speed π in lists and have tackled some interesting requirements related to our first implementation of data segregation. We are now working on the documentation π of all these new features released in the past few weeks: map server, data segregation, synchronization, stream, TAXII API endpoints, etc π¨.
Enhancements:
- #1111 Search of entities is slow
- #1044 Create a TAXII2.1 compliant endpoint in the API
- #620 Expose OpenCTI to other protocols
Bug Fixes:
- #1112 IP / Domain relationships go the wrong way
- #1109 Can't view edit members of Group from Group's page
- #1103 Incidents infinite loading not working
- #1102 Problem creating indicators from obervables type file without hash also in 4.2.3
- #1100 Can't create User Account Observable
- #1099 User Access Management
- #1098 Observable of type Directory is not correctly formatted
Version 4.2.3
Dear community, OpenCTI version 4.2.3 has been released π! This version introduces minor bug fixes mostly linked to user interface screens.
Enhancements:
- #1085 The items "Countries" and "Sectors" should be present in the right menu of an Organisation
Bug Fixes:
Version 4.2.2
Dear community, OpenCTI 4.2.2 has been released π€―! This new version includes some bugfixes and tiny enhancements such as hashes syntax verification and better management of the MITRE ATT&CK framework π.
As you may know, we have decided to prioritize works around integrations and use cases π‘ so this version also provides a bunch of new connectors ready for production: TAXII2, TheHive, AbuseIPDB, Malbeacon and Abuse.ch URLhaus π. We are actively working on more third-party integrations to strengthen our ecosystem in the coming weeks πͺ!
Enhancements:
- #1078 Stix cyber observable - cant update existing observable using argument: update=True
- #1042 Hash Verification
Bug Fixes:
Version 4.2.1
Dear community, OpenCTI 4.2.1 has been released! It fixes a major bug which prevents some connectors to work properly.
Bug Fixes:
- #1074 Python library is not working
Version 4.2.0
π€ Dear community, we are thrilled to announce the release of OpenCTI version 4.2.0 π! This release introduces major new features and you may have noted that we have closed the Github issue #2 π
Foremost, we have reached a new very important milestone in our strategic roadmap π―, which was the implementation of what we call the "data segregation" π‘. OpenCTI is now one of the few knowledge and intelligence products which implement proper isolation of accesses to entities and relationships π€: you can assign specific marking definitions to a group. The users of this group will only see things that are not above the defined marking(s)π₯.
β οΈ If you have non-administrator accounts in your current platform, you have to create a group, then add all users in it and adjust marking definitions to give access to the data.
Then, we are very happy to release the first intelligent background processing in the platform π§ , with the automatic management of the indicators life-cycle. Indeed, all expired indicators (valid_until < now) are now automatically revoked. This allows future integrations with SIEMs and EDRs to benefit from out-of-the-box life-cycle management π.
Last but not least, advanced search and logical operators in all filters have been implemented to allow for instance users to display entities based on several tags (tag1 OR tag2 OR ...) π.
Our main focus in the next coming weeks is to build new integrations, connectors and use cases to let everyone to familiarize with these new features π¦Έ.
Enhancements:
- #1069 File Observables with no Hash Create their own Hash
- #1059 Issue : The platform does not accept derived from relation between 2 indicators
- #1043 Do not index indicates relationships in entities
- #955 Management of indicators lifecycle
- #733 Search Attributes
- #543 Implement tag cumulation
- #438 Enhance global and local search
- #2 Integrate the MarkingDefinition restriction to domains queries (aka data segregation)