Version 4.4.0

Dear community, the major version release OpenCTI 4.4.0 is out 🤯! We're glad to announce this version not only fixes all currently known bugs but also introduces a lot of important enhancements 🙀.

First of all, the implementation of background / long-running tasks now allow users to take massive actions from the interface such as bulk delete, bulk labeling or modification, etc 🚀. These tasks can be monitored and canceled if needed. Also, it's now possible to convert any observable to a STIX indicator and to update any malware attributes in the interface 🎀.

A new tactics matrix visualization has been developed for reports and attack patterns related to a specific threat 🧮, this will be enhanced and extended in custom dashboards in the future. We've also implemented new platform-related features such as client certificate authentication, audit logs, RabbitMQ over SSL, etc 🌠.

Last but not least, some important bugs, especially related to the history of entities and automatic import of file (PDF or STIX), have been fixed. We definitely encourage everyone to upgrade to this version as soon as possible 🙇🏽‍♂️. As we you may know, we're working hard on different integrations with SIEM, datalake and EDR systems, which should be included in the next release 🎠.

⚠️ The application log level configuration has been modified. Now, if you want to change this level from info to error for example you need to change the app > app_logs > logs_level configuration (for more information, please check the documentation).

Enhancements:

• #1264 Support for RabbitMQ over SSL
• #1255 Make Optional - Automatically start connectors when upload a report
• #1249 Migration to webpack 5
• #1239 OpenCTI is failing to connect to Amazon MQ/RabbitMQ cluster
• #1237 Promote observable to indicator
• #1216 Want to edit the "Details" part of "Malware"
• #1207 TTPs matrix in all entities (including reports)
• #1170 Add Client Certificate Authentication
• #1163 Selectable Date Types in Advanced Search
• #1144 Creation of a checkbox to select all the info in data curation
• #1045 Login and administration audit log Activity
• #986 Top CVE Widget
• #977 Export Indicators/Observables from Reports
• #883 TTPs matrix in the product
• #827 Improve federated SSO authentication
• #771 Multiple entities selection action (tag / delete ...)
• #730 select all under data-> data curation
• #719 Be able to add generic "related-to" relations from knowledge

Bug Fixes:

• #1259 Critical error in custom dashboards
• #1254 Bug when add entity in investigation
• #1251 The user id of UI action is now missing in the stream
• #1246 Cannot create a X509 Observable
• #1241 In relationship list view, the First Observed date is not the right one
• #1238 Functional Error: "Only stix-core-relationhip can be created through this method" when creating "authored-by" relationships
• #1223 First object added to Report not visible in Knowledge graph

Version 4.3.5

Dear community, OpenCTI version 4.3.5 has been released 🥳! Among a lot of bug fixes 🛠️, this version introduces one major enhancement regarding the sessions management: It's now possible to view (and kill) sessions of the users directly in the platform 🧍.

We've also fixed some bugs in the Python library and some new connectors have been added (details will be shared in dedicated blog posts) 🚀. SIEM/EDR integrations such as Splunk, Q-Radar, ElasticSearch, Azure Sentinel and others will be released soon! CORTEX XSOAR and Maltego announcements are coming as well 🎁.

Enhancements:

• #1234 Users sessions management (view/kill)
• #499 Ask for confirmation before suppressing an entity from a graph from the pannel

Bug Fixes:

• #1236 There seems to be a limit to how many entities are shown on a page
• #1231 Workspaces standard IDs should be UUIDv4 to avoid problems in the creation
• #1230 Changing the limit of objects in investigation expand raises errors
• #1229 Data seggregation in graphs raises errors
• #1226 No access control on some creation buttons
• #1225 Adding an already existing relationship to a graph raises errors

Version 4.3.4

Dear community, OpenCTI 4.3.4 has been released 🥳! This version introduces some tiny enhancements in the platform and fixes 2 bugs including 1 related to performance issues (back to normal now) 🚄. Also, the connector ImportFileStix has been improved and is now compatible with STIX 1.X bundles (XML files).

As already mentioned, next works will be focus on connectors features, documentation improvements, massive operations in the UI as well as subscription to entities (daily/weekly digests of knowledge) 🚀.

⚠️ If you've configured cookie:secure (COOKIE_SECURE) to true. You MUST remove this configuration or set to false.

Enhancements:

• #1194 Add a route to redirect any ID to the right dashboard
• #1180 Add one-click clear function and reverse election function in the indicator type selection sidebar
• #1143 Display additional object details when hovering over them in Knowledge Graph
• #916 Show the reports created by an organisation, by adding a "Display as" view mode
• #265 Organization display mode should be a user choice

Bug Fixes:

• #1221 Session touch/extension lead to performance issue
• #1082 Incident Timeline Reflects Order of Kill Chain Phases instead of Start/Stop Times

Version 4.3.3

🚀 Dear community, OpenCTI 4.3.3 is out! Quick hotfix of performance issues in the 4.3.2.

Bug Fixes:

• #1220 Sessions not used in the worker, leading to performances issues

Version 4.3.2

🎁 Dear community, we are glad to announce that OpenCTI 4.3.2 has been released 🚀! It introduces a lot of new features and fixes all currently known bugs 🛠️. In the field of security first of all, this version includes the native TLS certificate handling and a completely reworked authentication mechanism (and sessions timeout) 🛡️.

About bugs, we've fixed 2 important bugs, one about all the overall full text search 🔎, which was not pretty accurate until now and one other concerning the sectors/organizations/countries/regions de-duplication ✅. We advise you to upgrade and reset the state of the OpenCTI datasets connector to force a new import which will de-duplicate everything and fix all entities ✨.

Last but not least, the graph capacities have been enhanced 🧬, whether in reports or within the brand new workspaces which allow users to conduct investigations and pivots on all knowledge stored in the platform 🙋‍♀️. It's now possible to disable forces or filter the nodes/edges using a timeline slider 😯.

Enhancements:

• #1206 Display a time range selection in graphs
• #1198 Add Basic Auth for TAXII API
• #1196 [api] Implement session timeout (default 20 minutes) - Change authentication
• #1190 Ability to disable/enable the forces in the Knowledge graph
• #1188 Adding killchain phase to indicator creation
• #1160 Unable to change confidence level on entities other than a report
• #1080 A way to control which users can create/modify labels
• #1024 Attack patterns layouts
• #1209 Automatically start connectors when upload a report
• #550 Direct support of HTTPS instead of using a proxy
• #529 Malicious levels of observables (ie. VirusTotal) must impact indicators
• #21 Implement the investigation graph with workspaces

Bug Fixes:

• #1217 [api/frontend] Note abstract property should not be required
• #1215 Can't create an observable of type Directory
• #1214 Can't create an observable of type Process
• #1212 There is no entity type to select in Notes
• #1208 Duplicate sectors with the same name and/or aliases
• #1205 Individual List view doesn't load new entities when scrolling down
• #1199 Full text search is not prioritizing the name
• #1197 Unable to filter reports by status in the frontend
• #1189 Replace individualal with individual in source code
• #1187 Observable of type "user account" not displayed correctly in the GUI

Version 4.3.1

📣 Dear community, OpenCTI 4.3.1 version is out! This new release includes a lot of bug fixes and enhancements 🎁. Knowledge graphs in reports and custom dashboards are now considered as stable, next step will be to implement a full graph investigation capabilities within workspaces 🚀.

A lot of upcoming work for the next milestones: new connectors (especially for SIEMs), documentation enhancement, subscription to entities and use cases demonstrations (including training program and webinars) 👨‍💻👩‍💻.

Enhancements:

• #1176 Add an option to limit the size of the OpenCTI Redis stream
• #1174 Implement nested relations in the report graphs
• #1159 OpenCTI UI : Create a "not clickable" external reference section for Threat Actors entities
• #1156 Refactored Knowledge Graph
• #1067 No way to set Threat actor field "Threat actor types"
• #1034 The most active intrusion sets, per country (in the context of dashboards)
• #1030 The most active malware (in the dashboard feature context)
• #675 Flag when objects (indicators, relationships, etc.) are no longer valid

Bug Fixes:

• #1181 Missing default_assignation in RolesOrdering and GroupsOrdering
• #1179 Switching between Write/Preview deletes ALL text in description-field
• #1177 In some case platform doesnt fallback to EN when client language is not supported
• #1166 Map in custom dashboard is not correctly displayed
• #1165 identity_class field not added to entities created from the knowledge graph
• #1162 Custom marking on Note not displaying in "Add notes" list
• #1158 Search filter value input issue.
• #1154 Potential vulnerability with query of settings
• #1153 Connector connectivity issues after adding auth options for elasticsearch

Version 4.3.0

Dear community, OpenCTI 4.3.0 has been released 🥳! This new version fixes all currently known bugs and includes the update of all dependencies as part of our 0-bug / 0-technical debt strategy 💪.

We have also introduced a new user interface force graph technology within the platform 🦋. This is just the beginning of many future works around graph investigation and visualizations in the platform ✨.

Next milestones will be focused on mass operations in the platform (deleting, tagging, select all, etc.) and subscription/notifications system to follow entities and receive knowledge digests 📰.

Enhancements:

• #1149 [api] Improve data segregation to handle multiple marking type
• #1117 Prevent element creation in case of concurrent deletions
• #1113 Improve Elasticsearch configuration options
• #1068 Filter relationships in reports
• #866 Add a way to save the position of entities in knowledge graph view
• #593 Entities overlapping in relational graph
• #574 Filters entities in relational graph of report knowledge
• #504 Full refactor of knowledge graph and graph everywhere

Bug Fixes:

• #1146 Live update of the observable description doesn't always works
• #1142 Loading files in minio with special chars can fail
• #1141 Problems creating Attack Patterns via send_stix2_bundle
• #1138 Registry Value Observable displays as Unknown
• #1136 Base path context is not taken into account in the stream
• #1133 IdentitiesFilter should use x_opencti_aliases instead of aliases
• #1127 Attributes query search can fail and throw a READ ERROR
• #1132 Error while creating an observable type Directory
• #1124 Cant create key for X-OpenCTI-Hostname from empty data when creating a new hostname observable
• #1123 Duplicate STIX IDs
• #1120 Unable to create a new autonomous system in observables tab
• #1116 The attribute infrastructure_types is not readable in the API

Version 4.2.4

Dear community, OpenCTI version 4.2.4 has been released 🥳! Even if it's a minor release, we are glad to announce major enhancements in this version 🎁. Among a lot of bugfixes, we have implemented the TAXII 2.1 API Endpoints 🔗, with the capability to create custom collections based on some filters directly in the user interface 🚀.

Also, we have dramatically enhanced the search speed 🚄 in lists and have tackled some interesting requirements related to our first implementation of data segregation. We are now working on the documentation 📄 of all these new features released in the past few weeks: map server, data segregation, synchronization, stream, TAXII API endpoints, etc 🔨.

Enhancements:

• #1111 Search of entities is slow
• #1044 Create a TAXII2.1 compliant endpoint in the API
• #620 Expose OpenCTI to other protocols

Bug Fixes:

• #1112 IP / Domain relationships go the wrong way
• #1109 Can't view edit members of Group from Group's page
• #1103 Incidents infinite loading not working
• #1102 Problem creating indicators from obervables type file without hash also in 4.2.3
• #1100 Can't create User Account Observable
• #1099 User Access Management
• #1098 Observable of type Directory is not correctly formatted

Version 4.2.3

Dear community, OpenCTI version 4.2.3 has been released 🚀! This version introduces minor bug fixes mostly linked to user interface screens.

Enhancements:

• #1085 The items "Countries" and "Sectors" should be present in the right menu of an Organisation

Bug Fixes:

• #1093 Problem while trying to create indicators of observables type file without hash on pycti
• #1092 Notes web page is flashing...
• #1090 Full opencti page starts to blink if "no lable" is clicked/filtered
• #1084 Intrusion set filter is being applied to other entities (such as organisations)

Version 4.2.2

Dear community, OpenCTI 4.2.2 has been released 🤯! This new version includes some bugfixes and tiny enhancements such as hashes syntax verification and better management of the MITRE ATT&CK framework 🎁.

As you may know, we have decided to prioritize works around integrations and use cases 💡 so this version also provides a bunch of new connectors ready for production: TAXII2, TheHive, AbuseIPDB, Malbeacon and Abuse.ch URLhaus 🚀. We are actively working on more third-party integrations to strengthen our ecosystem in the coming weeks 💪!

Enhancements:

• #1078 Stix cyber observable - cant update existing observable using argument: update=True
• #1042 Hash Verification

Bug Fixes:

• #1079 "Start" and "Stop" Times not Saved When Creating Relationships
• #1076 Names in aliases leads to inconsistent attack patterns ingestion
• #1075 Opinions list is blinking is sort by opinion
• #1074 Python library is not working