Dear community, the OpenCTI platform version 2.1.2 has been released! This version provides users of the platform with many new features that will allow them to better modelize their CTI knowledge. We have resolved the gap that existed between the OpenCTI data model and the STIX2 schema by definitively separating the concepts of observables and indicators. It is now possible to create indicator in various formats: STIX Pattern, Snort, Sigma, YARA, etc.
All graphics and visuals are now based on ElasticSearch queries to increase performance. This will allow us to completely reword the workspaces and make them real monitoring tools in the next release. Also we have disables all inferences rules on the platform by default, so a very important screen has been added to the settings section, allowing users to enable inferences rules if they really need it. The MISP connector has been fully refactored and a documentation is available. Finally, we have added many examples to the Python library.
Enhancements:
- #383 Improve performance by using Elastic when searching for relations (when we can)
- #375 Enhance display of relations and separate inferred/not inferred
- #366 Use ElasticSearch for all statistics (timeseries, distribution, etc.)
- #349 Enhance loaders/spinners everywhere
- #341 Yarn install for OpenCTI-GraphQL fails
- #335 Detection rules (yara, snort, suricata, sigma, etc)
- #316 Split indicator/observable concepts, create indicators from observables
- #162 Refactor the observables schema to match STIX2 references
- #145 Enable/disable inferences rules in settings
- #58 Observables : expiration date
- #57 Observables : scoring/rating
Bug Fixes:
- #369 Store the remote IDs in some ES entities is useless and performance killer
Directly related posts:
![Andrax Install [Step by Step]](https://cdn.cyberpunk.rs/wp-content/uploads/2020/12/ANDRAX-install-step-by-step-500x275.jpg "Andrax Install [Step by Step]")