Skip to content

Releases: OpenCTI-Platform/opencti

Version 2.1.0

05 Dec 14:31
Compare
Choose a tag to compare

Dear community, the OpenCTI platform version 2.1.0 has been released! This version is an important step for the future developments of OpenCTI as a full Cyber Threat Intelligence product. We have worked on major issues and features directly linked to what you can expect from OpenCTI and what we need, as a developers team, to build a powerful and durable application. We have done a lot of work on indexing in ElasticSearch and in general all the way API methods are organized (removing more than 7K lines of useless source code). Ingestion and reading performance have been improved by 12x or by 20x in some cases.

We have also completed the data model and have introduced very useful features to allow you to fully modelize threats that may target your organization. You are now able to directly link an observable on a relation "threat/incident => uses => TTP", for instance to indicate the registry key used for persistence or the sender email address of the phishing message. The attack patterns list has been reshaped to a true killchain with the description of each relation to ensure a better understanding of analysts. Observables can now be linked together, allowing you for instance to link hashes together if it corresponds to the same file, or link an IP address that resolves a domain name.

Last but not least, we have fully refactored the Python library and started to write a proper documentation, you have now access to many useful examples to interact with the OpenCTI platform in the Github repository. We will continue our efforts to make OpenCTI an indispensable tool for CTI, SOC and CSIRT teams around the world. We will soon publish usage and integration tips in existing workflows and plan a usecases-oriented webinar in January 2020.

Enhancements:

  • #351 Be able to reset the state of a connector in the UI
  • #339 ATT&CK techniques not searchable with their code
  • #336 Add the ID of Attack Patterns
  • #332 Observables must be able to indicate relations
  • #319 Technical error thrown when not logged in
  • #317 Observables filtering
  • #315 Add Minio version in the "About tab"
  • #314 Global performances improvement
  • #308 Relations between observables
  • #268 Global search in parameter of URL
  • #266 Add a tags field on creation forms
  • #245 Killchain view for Attack Patterns
  • #219 Unable to add "localized in" relation
  • #109 Import is really really slow
  • #67 Export all entities to STIX2 JSON

Bug Fixes:

  • #356 Broken links in inference explanation when relation-to-relation
  • #346 Mutex appears twice in the list of observables types.
  • #320 Login form does not display errors anymore
  • #195 Mitre import slow
  • #36 Slow display of big reports, statistics & victimology

Version 2.0.2

31 Oct 18:51
Compare
Choose a tag to compare

OpenCTI 2.0.2 has been released! This version is mainly focused on fixing bugs, one affecting the graph database that could trigger out of memory issues in Grakn and the other leading to lost data in the workers if the API is not available. Please stay tuned for the next milestone (2.1.0) which will includes a huge work about data ingestion performances. We already know that this is the one of the most important weakness of the platform right now! Do not hesitate to send us your feedbacks on our last releases!

Enhancements:

  • #309 Prevent worker for consuming messages if the API is down
  • #298 Missing script for 'npm run schema'

Bug Fixes:

  • #303 Grakn out of memory due to non closed transactions
  • #301 Relations from observables to cities/regions not displayed
  • #300 Management of sessions/transactions in Grakn
  • #299 Favicon path not handled

Version 2.0.1

27 Oct 06:45
Compare
Choose a tag to compare

We just released OpenCTI version 2.0.1! After the 2.0.0 some users reported us important bugs that are now fixed in this new version (especially on connectors & worker). We also introduced a persistent states in external import connectors such as MITRE or CVE to avoid re-sending messages to the queue each time the connector is restarted. Our work in the next milestones will be focused on improving the data ingestion speed and developing features to help users to massively handle entities and relationships in the platform (detect duplicates, merge, split, bulk delete, etc.).

Enhancements:

  • #291 Add simple state management for connectors.
  • #237 Improve search engine capacity
  • #196 OpenCTI development environment documentation is outdated

Bug Fixes:

  • #287 Subsectors cannot be added to sectors
  • #285 Worker stopped consuming messages some processing
  • #277 no inference relationship
  • #276 Cannot export some reports
  • #216 Searching for Entities returns inconsistent results
  • #211 Multiple workers and PermanentBackendException: Permanent failure in storage backend

Version 2.0.0

24 Oct 12:52
Compare
Choose a tag to compare

We are proud to announce a new major release of the OpenCTI platform: 2.0.0 is out! Although the documentation is still under construction, this new version brings many features and improvements to users. It allows you to store and manage files, add tags to entities, easily create relationships to relationships in reports, and, depending on the available connectors, enable automatic enrichment on observables, extraction of indicators in PDF files and exports in different formats. Several bugs have been fixed and multiple improvements made in display and performance. We are waiting for your feedback and future contributions, especially on connectors!

⚠️ Breaking changes ⚠️

New dependency
  • To handle file storage for import, export and files linked to entities, Minio has been introduced in the OpenCTI stack as a required component. In the future, any S3 storage system will be able to store the OpenCTI data and files.
  • The file management system can be used by connectors to extract intelligence such as IoCs, TTPs or store any export from the platform (generated PDFs, STIX2, etc.).
Workers and connectors
  • There is now only one worker for writing data coming from the RabbitMQ broker on the platform, so the export worker is deprecated. The worker remain the same base code, the parameter type is no longer required.
  • To handle import and export (only STIX2 for the moment), 2 new connectors have been introduced.
  • For the worker and connectors configuration, the RabbitMQ parameters are no longer needed, only the OpenCTI API hostname and token are required. RabbitMQ parameters are provided by the API through the Python helpers.

The new configuration of connectors is available in the dedicated documentation.

Enhancements:

  • #254 Separate observables list of reports in a different QueryRenderer
  • #249 Create new attack pattern to be associated to a report
  • #244 Add a "drops" relation between malwares/tools.
  • #241 Enhance the custom attributes management and update
  • #236 Add version/build number and minimal system info in dashboard
  • #232 Aliases display enhancement
  • #229 Global tagging system
  • #221 5 level certainty scale not adaptable
  • #217 Better handling of concurrent integration
  • #212 Remove "waiting behavior" from entrypoint, let docker restart the containers
  • #204 Redesign the connector status page
  • #191 Reduce opencti/platform docker image size
  • #170 Add standalone observables
  • #141 Observables don't appear when importing a file
  • #130 Introduce file storage for export download
  • #105 Add Kill Chain Phase selection when adding observable
  • #69 Enhance knowledge graph of reports
  • #61 Organisation : associated IP addresses, domain names, URL-s
  • #48 Implement the observable enrichment
  • #44 Attach files to report
  • #43 Differenciate the display of sectors that are subsectors
  • #42 Add relationships and knowledge everywhere
  • #39 Add aliases to the generic entity creation form
  • #38 Automatic graph organization on report
  • #37 Display marking definitions in all entities / relations
  • #34 Display entity information in a graph view

Bug Fixes:

  • #235 The entity "Region" can't be added as the location property of a relation.
  • #228 Inferred relations not displayed in the relationships lists
  • #220 Inferred relation instrusion set - country - region
  • #210 Unable to create a "Workspace" in the "Explore" view
  • #209 Observables of entities cannot be sorted
  • #136 Marking color

Version 1.1.2

05 Sep 14:22
Compare
Choose a tag to compare

Enhancements:

  • #190 Unhandled Promise rejection while yarn start
  • #180 Platform needs to log in console for easy docker logs access
  • #167 Person overview details
  • #140 Support of reverse proxy with relative path

Bug Fixes:

  • #208 OpenCTI should be able to use password with only numbers in it
  • #207 Report type with multiple spaces broke the menu bar
  • #202 Reasoning rule UserTargetsRule triggers bad inferred relations
  • #185 Performance issue in version 1.1.1
  • #181 Migration process should stop if elastic is not accessible

Version 1.1.1

04 Aug 19:11
Compare
Choose a tag to compare

⚠️ Breaking changes ⚠️

ElasticSearch 6.X is no longer supported.
You need to upgrade your current elasticsearch deployment (docker or manual) to version 7.X.

Enhancements:

  • #177 Remember views parameters for listing, sorting and searching
  • #168 Adapt current github organization and documentation to improve release lifecycle
  • #158 Refactor contextual list search
  • #157 Speed-up statistics numbers on the dashboard
  • #152 Add link to organization in report field "author"
  • #151 Refactor all the infinite scroll list views
  • #150 Migration to ES 7
  • #7 Write an article about why we choose Grakn over Neo4j

Bug Fixes:

  • #174 Inferred rule UsageTargetsRule leads to incorrect relationships
  • #169 Error Loading Mitre
  • #163 Worker does not send ack when processing a long running task
  • #160 CircleCI tests not passing from PR
  • #142 Capitalised text is sorted before lowercase

Version 1.1.0

22 Jul 01:41
Compare
Choose a tag to compare

⚠️ Breaking changes ⚠️

Integration and connectors
  • The integration process connectors_scheduler.py and the Docker image opencti/integration has been deleted and are no longer used. This has been replaced by the new connector architecture.
  • Connectors are no longer configured and enabled in the user interface, you have to launch them independently, please see the dedicated documentation on how to enable connectors.
Default credentials and token
  • To launch the platform, you have to configure the default password and the default token of the platform, either in your docker-compose.yml environment variables or in the production.json configuration file. If you do not configure these parameters, the platform will not start and will raise an error.

Enhancements:

  • #131 Keep UUIDs of STIX2 TLP marking definitions
  • #127 OpenCTI and dependencies memory documentation
  • #126 OpenCTI strategic roadmap
  • #121 Integration connectors new architecture
  • #104 Provide ability to add custom "Played Role" values when adding observables
  • #90 Multiple documentation pages missing
  • #88 OpenCTI fail to start with docker for windows
  • #74 Admin account cannot be auto-created with a migration
  • #73 Customizable report classes

Bug Fixes:

  • #144 OpenCTI datasets not being imported
  • #143 worker_import.py and worker_export.py does not work with last release of pycti
  • #133 Delete a user doesn't delete associated tokens
  • #128 Full refactor of workers
  • #125 Docker compose doesn't fix every version of dependencies
  • #120 Docker-compose issue

Version 1.0.2

07 Jul 11:26
Compare
Choose a tag to compare

Enhancements:

  • #116 Docker-compose build behind a HTTP proxy
  • #115 Add expanding to report description
  • #109 Import is really really slow
  • #85 Provide support for more Observable types

Bug Fixes:

  • #118 No module named "stix2"
  • #113 Add English as a language option for the Date selection widget
  • #101 Login redirection failed in Firefox ESR
  • #79 Left side bar does not automatically collapse

Version 1.0.1

02 Jul 06:23
Compare
Choose a tag to compare

Enhancements:

  • #94 Provide pre-built Docker images from Docker Hub instead of building it
  • #93 Ulimit should be increase for elasticsearch
  • #92 Update the docker install documentation for data persistence
  • #91 Link broken releases.opencti.io

Bug Fixes:

  • #101 Login redirection failed in Firefox ESR
  • #82 Export in STIX2 fail the official stix2-validator
  • #80 System requirements

Version 1.0.0

28 Jun 01:30
Compare
Choose a tag to compare

Enhancements:

  • #78 View the reports wrote by an organization
  • #71 Make draggable and resizable the widget in exploration workspaces
  • #68 Docker compose for development
  • #66 Connectors configuration
  • #64 Organisation : category
  • #63 Refactor exploration and start the work on analytics module
  • #60 Responsive grids and menu for display
  • #59 Refactor the knowledge right bar of all entities
  • #57 Observables : scoring/rating
  • #54 Observables : Unicity
  • #53 Observables methods in the Python library
  • #50 Courses of action management
  • #47 Create a MISP connector
  • #46 Create a connector template
  • #45 Implement the observables schema
  • #32 Change the knowledge overview with statistics instead of graphs
  • #26 Create charts in views
  • #25 Migrate the Grakn schema creation from loader to API
  • #24 Create a loader for STIX 2 json files
  • #23 Implement the CSV export of all lists of entities
  • #22 API events logs / audit logs
  • #19 Implement logout
  • #18 Create the documentation for manual installation
  • #17 Add subscriptions on any entity view (not list)
  • #16 Add README, Docker install and publish on Github
  • #15 Implement basic observables management
  • #14 Implement the user profile
  • #13 Handle default createdbyref on all entities
  • #12 Implement all knowledge entities CRUD
  • #11 Implement the global search field
  • #10 Implement the knowledge graph of a report
  • #8 Implement the report management (creation / edition / deletion)
  • #6 Create the OpenCTI website and explain the target vision
  • #5 Ensure that websocket (api, redis, ...) can be disable
  • #3 Add an error handling for disconnected users and more globally for CRUD
  • #1 Migrate security to @auth directive

Bug Fixes:

  • #51 Reconnect to Grakn server after lost connection
  • #35 Enhance the search function
  • #29 List view is stuck in dummy mode in some scenarios
  • #4 Fix case when user cannot logout