Version 4.1.2

Dear community, OpenCTI version 4.1.2 is out! This release fixes important bugs found in the automatic merging process and UX issues. We advise to upgrade OpenCTI instances as soon as possible.

Enhancements:

• #269 Most active threats by sector

Bug Fixes:

• #1053 TOP 10 THREATS TARGETING THIS ENTITY - box scrolling infinitely
• #1052 Entity merging can sometime raise "missing index" errors
• #1050 Reports have system set as creator and have no history
• #1048 Unable to manually create new entities when working from a report
• #1047 Unable to connect to "http://{IP_ADDRESS}:8080"
• #1043 Do not index indicates relationships in entities"

Version 4.1.1

OpenCTI 4.1.1 is out! A few minor hotfixes for some community members, especially in the History connector and the time filters in custom dashboards.

Bug Fixes:

• #1041 History connector is not working
• #1040 Dashboard time are not working in some use cases

Version 4.1.0

Dear community, OpenCTI 4.1.0 has been released 🎁! This release introduces a lot of new features and bugfixes in visualization, automatic merging, massing deleting, performances, etc 💎.

First of all, we have reached a new milestone in our strategic roadmap with the implementation of custom dashboards and visualization widgets 📊. Users can now build dashboards to follow threats, victims, entities and overall knowledge in their OpenCTI platforms 🖥️.

Also, we have solved potential consistency issues by implementing more automatic merging of entities when a connector try to inject trusted data in the platform (MITRE, OpenCTI datasets, etc.) 🪄. If any errors occurred in the latest runs of some connectors, it should now be solved.

Finally, for advanced users who would like to have a better management of their ElasticSearch indexes (roll-over, freeze, sharding, etc..), OpenCTI is now working well with rolled/cold indexes.

Let's now focus on graph investigation and SIEM integrations 🚀!

Enhancements:

• #1027 Automatically merge entities resolved when update parameter is true
• #1026 Change the Attack Pattern / Courses Of Action standard IDs
• #1019 Generic entities "Location" are not correctly handled
• #1016 From a tools page, the user can't add an attack pattern
• #1015 The field DESCRIPTION of a vulnerability is not displayed.
• #1014 Allow a tool to be associated to a vulnerability
• #1013 Not possible to associate a sighting to a vulnerability
• #1012 Not possible to associate an observable to a vulnerability
• #1011 When on an ATTACK Pattern, is not possible to associate with a TOOL since the relation ship is missing
• #1010 The organizations listing should contain a filter on TYPE, to easily filter the organisations.
• #1009 Attack patterns & Tools should be associated with Organisations
• #1008 Countries entities should contain intrusion sets originating from the country
• #1003 Give more control in elastic index configuration
• #997 Improve hashed observable managment
• #993 Top Actor Widget
• #992 Most Active Malware Widget
• #986 Top CVE Widget
• #974 Change pagination system to use search_after instead of from
• #892 [import file stix] Improve Error logging
• #890 Full CSV export fails
• #738 Date Management
• #688 Improve the import of reports
• #667 Adding a tooltip to the menu items icons
• #655 Pin/Docking Navigation in WebUI
• #588 Heat map for victimology
• #532 have the same presentation in the frontend for countries and regions than for sectors/subsectors
• #505 Create a threat activity dashboard
• #307 Full refactor of workspaces and custom dashboards
• #271 Most active malware

Bug Fixes:

• #1037 Not uploading some pages in knowledge
• #1002 Deletion of labels does not affect label references on labeled reports

Version 4.0.7

OpenCTI version 4.0.7 is out! A few minor enhancements for the community.

Enhancements:

• #995 Improve error log at initialization + minio only numbers access/pass
• #990 Cant logout with Single SSO configured
• #989 Improve UI Performance - batch loading of relations connections

Version 4.0.6

OpenCTI version 4.0.6 has been released 🚀! A few minor bugs have been fixed and a new feature is now be used to configure memory limits of the OpenCTI main NodeJS process. This has been requested by some users to increase OpenCTI capabilities to ingest more data 🏇.

Enhancements:

• #985 Configurable API max memory + memory usage in /about

Bug Fixes:

• #987 Cannot create a Network Traffic Observable
• #984 Cannot create a X509 Observable

Version 4.0.5

OpenCTI version 4.0.5 is out 🎀! This version fixes minor bugs but which turn to be blockers for some organizations in the OpenCTI community 🙏.

We will strengthen our documentation effort in the next few days, especially for all "usage" pages and the OpenCTI to OpenCTI synchronization 📝.

Bug Fixes:

• #983 Work cleanup (Elastic/Redis) must be time based instead of count based
• #982 Unable to Remove Objects from Entities in Reports
• #976 Confidence level resolved to early lead to creation error sometimes
• #975 Change the method to compute number of connected workers
• #973 Unable to remove permissions from Group after setting it.
• #971 Wrong STIX indicator pattern when indicator is created from a process observable

Version 4.0.4

OpenCTI 4.0.4 has been released 🚀! This release enhances ingestion throughput while fixes some indexation and merging problems on platforms under heavy load. It also introduces minor new features. The objective of this new version is to prepare next-year milestones without any concern about data consistency and global performances. 😎

We are glad to end this trying year with a stable, performant and enterprise-grade Cyber Threat Intelligence platform 🍻. We wish you all happy holidays and a wonderful new year. 🎉

Enhancements:

• #966 Add x_opencti_additional_names for more name in SCO Files
• #963 File SCO with same hash, but different file names doesn't create an File Observable
• #962 Refactor indexing / merging to enhance performances
• #961 Create Indicator Entity doesn't include "Pattern Type"
• #957 Support for more Special Characters in RabbitMQ Password
• #951 VM Template Not Available

Bug Fixes:

• #968 Observables distribution in incidents is not working
• #967 When a user is deleted, knowlerdge cannot be displayed
• #960 Can't display a file observable after size attribute deletion
• #959 SSO buttons doesn't appears if only one SSO provider is configured

Version 4.0.3

OpenCTI 4.0.3 is out! This release fixes the last bugs we discovered after the initial release of OpenCTI 4. Especially, we fixed the connectors activity monitoring which was not accurate and lead to useless ElasticSearch load (another performance improvement is expected in this version).

We are now ready to work on the next milestones and features. We would like to thank you all for the valuable feedback and testing you have provided and the overall enthusiasm about the platform.

Enhancements:

• #740 iso 3166-1 for country code liking with the actual country

Bug Fixes:

• #954 User Profile - Description : Not Saving
• #953 Resolution of IDs may lead to duplucate
• #952 URL observables can have duplicate
• #950 Users cannot be removed from groups
• #944 Expectations in works monitoring are not correctly counted (and raise some errors)

Version 4.0.2

OpenCTI 4.0.2 has been released! This one fixes minor bugs.

NB: we have updated our Docker Installation documentation with the correct procedure to upgrade your deployment.

Enhancements:

• #921 Remove the predefined list of items when associating an indicator (or an observable) with a sighting

Bug Fixes:

• #949 Migrations throw errors in Docker
• #947 Connector id must only be base on the config uuid, not also on the name
• #945 Global kill chain is empty in the UI
• #943 Possible conflict when trying to upsert an entity
• #942 Enrichment is triggered at upsert

Version 4.0.1

OpenCTI 4.0.1 is out! This is a hotfix release for a few mintor bugs.

Bug Fixes:

• #940 Safari displays a blank page
• #939 Changing an attribute value in the admin throw errors
• #938 Queries with role-based relationships do not work
• #937 Organization ordering is broken
• #936 Creating entities from report lists does not work
• #935 Deleting entities is not consistent
• #934 Targeted organization in a sector are throwing errors