OpenCTI: Version 4.1.0

CyberPunk Latest Releases
02/01/2021 9:49 am
OpenCTI: Version 4.1.0

Dear community, OpenCTI 4.1.0 has been released \U0001f381! This release introduces a lot of new features and bugfixes in visualization, automatic merging, massing deleting, performances, etc \U0001f48e.

First of all, we have reached a new milestone in our strategic roadmap with the implementation of custom dashboards and visualization widgets \U0001f4ca. Users can now build dashboards to follow threats, victims, entities and overall knowledge in their OpenCTI platforms \U0001f5a5\ufe0f.

Also, we have solved potential consistency issues by implementing more automatic merging of entities when a connector try to inject trusted data in the platform (MITRE, OpenCTI datasets, etc.) \U0001fa84. If any errors occurred in the latest runs of some connectors, it should now be solved.

Finally, for advanced users who would like to have a better management of their ElasticSearch indexes (roll-over, freeze, sharding, etc..), OpenCTI is now working well with rolled/cold indexes.

Let’s now focus on graph investigation and SIEM integrations \U0001f680!

Enhancements:

  • #1027 Automatically merge entities resolved when update parameter is true
  • #1026 Change the Attack Pattern / Courses Of Action standard IDs
  • #1019 Generic entities “Location” are not correctly handled
  • #1016 From a tools page, the user can’t add an attack pattern
  • #1015 The field DESCRIPTION of a vulnerability is not displayed.
  • #1014 Allow a tool to be associated to a vulnerability
  • #1013 Not possible to associate a sighting to a vulnerability
  • #1012 Not possible to associate an observable to a vulnerability
  • #1011 When on an ATTACK Pattern, is not possible to associate with a TOOL since the relation ship is missing
  • #1010 The organizations listing should contain a filter on TYPE, to easily filter the organisations.
  • #1009 Attack patterns & Tools should be associated with Organisations
  • #1008 Countries entities should contain intrusion sets originating from the country
  • #1003 Give more control in elastic index configuration
  • #997 Improve hashed observable managment
  • #993 Top Actor Widget
  • #992 Most Active Malware Widget
  • #986 Top CVE Widget
  • #974 Change pagination system to use search_after instead of from
  • #892 [import file stix] Improve Error logging
  • #890 Full CSV export fails
  • #738 Date Management
  • #688 Improve the import of reports
  • #667 Adding a tooltip to the menu items icons
  • #655 Pin/Docking Navigation in WebUI
  • #588 Heat map for victimology
  • #532 have the same presentation in the frontend for countries and regions than for sectors/subsectors
  • #505 Create a threat activity dashboard
  • #307 Full refactor of workspaces and custom dashboards
  • #271 Most active malware

Bug Fixes:

  • #1037 Not uploading some pages in knowledge
  • #1002 Deletion of labels does not affect label references on labeled reports

Directly related posts:

GitHub