OpenCTI: Version 2.0.0

OpenCTI 2.0.0 – New Features & Fixes

New dependency

• To handle file storage for import, export and files linked to entities, Minio has been introduced in the OpenCTI stack as a required component. In the future, any S3 storage system will be able to store the OpenCTI data and files.
• The file management system can be used by connectors to extract intelligence such as IoCs, TTPs or store any export from the platform (generated PDFs, STIX2, etc.).

Workers and connectors

• There is now only one worker for writing data coming from the RabbitMQ broker on the platform, so the export worker is deprecated. The worker remain the same base code, the parameter type is no longer required.
• To handle import and export (only STIX2 for the moment), 2 new connectors have been introduced.
• For the worker and connectors configuration, the RabbitMQ parameters are no longer needed, only the OpenCTI API hostname and token are required. RabbitMQ parameters are provided by the API through the Python helpers.

The new configuration of connectors is available in the dedicated documentation.

Enhancements:

• Separate observables list of reports in a different QueryRenderer
• Create new attack pattern to be associated to a report
• Add a “drops” relation between malwares/tools.
• Enhance the custom attributes management and update
• Add version/build number and minimal system info in dashboard
• Aliases display enhancement
• Global tagging system
• 5 level certainty scale not adaptable
• Better handling of concurrent integration
• Remove “waiting behavior” from entrypoint, let docker restart the containers
• Redesign the connector status page
• Reduce opencti/platform docker image size
• Add standalone observables
• Observables don’t appear when importing a file
• Introduce file storage for export download
• Add Kill Chain Phase selection when adding observable
• Enhance knowledge graph of reports
• Organisation : associated IP addresses, domain names, URL-s
• Implement the observable enrichment
• Attach files to report
• Differenciate the display of sectors that are subsectors
• Add relationships and knowledge everywhere
• Add aliases to the generic entity creation form
• Automatic graph organization on report
• Display marking definitions in all entities / relations
• Display entity information in a graph view

Bug Fixes:

• The entity “Region” can’t be added as the location property of a relation.
• Inferred relations not displayed in the relationships lists
• Inferred relation instrusion set – country – region
• Unable to create a “Workspace” in the “Explore” view
• Observables of entities cannot be sorted
• Marking color