Releases: OpenCTI-Platform/opencti
Version 4.2.1
Dear community, OpenCTI 4.2.1 has been released! It fixes a major bug which prevents some connectors to work properly.
Bug Fixes:
- #1074 Python library is not working
Version 4.2.0
π€ Dear community, we are thrilled to announce the release of OpenCTI version 4.2.0 π! This release introduces major new features and you may have noted that we have closed the Github issue #2 π
Foremost, we have reached a new very important milestone in our strategic roadmap π―, which was the implementation of what we call the "data segregation" π‘. OpenCTI is now one of the few knowledge and intelligence products which implement proper isolation of accesses to entities and relationships π€: you can assign specific marking definitions to a group. The users of this group will only see things that are not above the defined marking(s)π₯.
β οΈ If you have non-administrator accounts in your current platform, you have to create a group, then add all users in it and adjust marking definitions to give access to the data.
Then, we are very happy to release the first intelligent background processing in the platform π§ , with the automatic management of the indicators life-cycle. Indeed, all expired indicators (valid_until < now
) are now automatically revoked. This allows future integrations with SIEMs and EDRs to benefit from out-of-the-box life-cycle management π.
Last but not least, advanced search and logical operators in all filters have been implemented to allow for instance users to display entities based on several tags (tag1 OR tag2 OR ...
) π.
Our main focus in the next coming weeks is to build new integrations, connectors and use cases to let everyone to familiarize with these new features π¦Έ.
Enhancements:
- #1069 File Observables with no Hash Create their own Hash
- #1059 Issue : The platform does not accept derived from relation between 2 indicators
- #1043 Do not index indicates relationships in entities
- #955 Management of indicators lifecycle
- #733 Search Attributes
- #543 Implement tag cumulation
- #438 Enhance global and local search
- #2 Integrate the MarkingDefinition restriction to domains queries (aka data segregation)
Bug Fixes:
Version 4.1.2
Dear community, OpenCTI version 4.1.2 is out! This release fixes important bugs found in the automatic merging process and UX issues. We advise to upgrade OpenCTI instances as soon as possible.
Enhancements:
- #269 Most active threats by sector
Bug Fixes:
- #1053 TOP 10 THREATS TARGETING THIS ENTITY - box scrolling infinitely
- #1052 Entity merging can sometime raise "missing index" errors
- #1050 Reports have system set as creator and have no history
- #1048 Unable to manually create new entities when working from a report
- #1047 Unable to connect to "http://{IP_ADDRESS}:8080"
- #1043 Do not index indicates relationships in entities"
Version 4.1.1
Version 4.1.0
Dear community, OpenCTI 4.1.0 has been released π! This release introduces a lot of new features and bugfixes in visualization, automatic merging, massing deleting, performances, etc π.
First of all, we have reached a new milestone in our strategic roadmap with the implementation of custom dashboards and visualization widgets π. Users can now build dashboards to follow threats, victims, entities and overall knowledge in their OpenCTI platforms π₯οΈ.
Also, we have solved potential consistency issues by implementing more automatic merging of entities when a connector try to inject trusted data in the platform (MITRE, OpenCTI datasets, etc.) πͺ. If any errors occurred in the latest runs of some connectors, it should now be solved.
Finally, for advanced users who would like to have a better management of their ElasticSearch indexes (roll-over, freeze, sharding, etc..), OpenCTI is now working well with rolled/cold indexes.
Let's now focus on graph investigation and SIEM integrations π!
Enhancements:
- #1027 Automatically merge entities resolved when update parameter is true
- #1026 Change the Attack Pattern / Courses Of Action standard IDs
- #1019 Generic entities "Location" are not correctly handled
- #1016 From a tools page, the user can't add an attack pattern
- #1015 The field DESCRIPTION of a vulnerability is not displayed.
- #1014 Allow a tool to be associated to a vulnerability
- #1013 Not possible to associate a sighting to a vulnerability
- #1012 Not possible to associate an observable to a vulnerability
- #1011 When on an ATTACK Pattern, is not possible to associate with a TOOL since the relation ship is missing
- #1010 The organizations listing should contain a filter on TYPE, to easily filter the organisations.
- #1009 Attack patterns & Tools should be associated with Organisations
- #1008 Countries entities should contain intrusion sets originating from the country
- #1003 Give more control in elastic index configuration
- #997 Improve hashed observable managment
- #993 Top Actor Widget
- #992 Most Active Malware Widget
- #986 Top CVE Widget
- #974 Change pagination system to use search_after instead of from
- #892 [import file stix] Improve Error logging
- #890 Full CSV export fails
- #738 Date Management
- #688 Improve the import of reports
- #667 Adding a tooltip to the menu items icons
- #655 Pin/Docking Navigation in WebUI
- #588 Heat map for victimology
- #532 have the same presentation in the frontend for countries and regions than for sectors/subsectors
- #505 Create a threat activity dashboard
- #307 Full refactor of workspaces and custom dashboards
- #271 Most active malware
Bug Fixes:
Version 4.0.7
Version 4.0.6
OpenCTI version 4.0.6 has been released π! A few minor bugs have been fixed and a new feature is now be used to configure memory limits of the OpenCTI main NodeJS process. This has been requested by some users to increase OpenCTI capabilities to ingest more data π.
Enhancements:
- #985 Configurable API max memory + memory usage in /about
Bug Fixes:
Version 4.0.5
OpenCTI version 4.0.5 is out π! This version fixes minor bugs but which turn to be blockers for some organizations in the OpenCTI community π.
We will strengthen our documentation effort in the next few days, especially for all "usage" pages and the OpenCTI to OpenCTI synchronization π.
Bug Fixes:
- #983 Work cleanup (Elastic/Redis) must be time based instead of count based
- #982 Unable to Remove Objects from Entities in Reports
- #976 Confidence level resolved to early lead to creation error sometimes
- #975 Change the method to compute number of connected workers
- #973 Unable to remove permissions from Group after setting it.
- #971 Wrong STIX indicator pattern when indicator is created from a process observable
Version 4.0.4
OpenCTI 4.0.4 has been released π! This release enhances ingestion throughput while fixes some indexation and merging problems on platforms under heavy load. It also introduces minor new features. The objective of this new version is to prepare next-year milestones without any concern about data consistency and global performances. π
We are glad to end this trying year with a stable, performant and enterprise-grade Cyber Threat Intelligence platform π». We wish you all happy holidays and a wonderful new year. π
Enhancements:
- #966 Add x_opencti_additional_names for more name in SCO Files
- #963 File SCO with same hash, but different file names doesn't create an File Observable
- #962 Refactor indexing / merging to enhance performances
- #961 Create Indicator Entity doesn't include "Pattern Type"
- #957 Support for more Special Characters in RabbitMQ Password
- #951 VM Template Not Available
Bug Fixes:
Version 4.0.3
OpenCTI 4.0.3 is out! This release fixes the last bugs we discovered after the initial release of OpenCTI 4. Especially, we fixed the connectors activity monitoring which was not accurate and lead to useless ElasticSearch load (another performance improvement is expected in this version).
We are now ready to work on the next milestones and features. We would like to thank you all for the valuable feedback and testing you have provided and the overall enthusiasm about the platform.
Enhancements:
- #740 iso 3166-1 for country code liking with the actual country