OpenCTI: Version 4.3.2

03/29/2021 11:11 am

OpenCTI: Version 4.3.2

\U0001f381 Dear community, we are glad to announce that OpenCTI 4.3.2 has been released \U0001f680! It introduces a lot of new features and fixes all currently known bugs \U0001f6e0\ufe0f. In the field of security first of all, this version includes the native TLS certificate handling and a completely reworked authentication mechanism (and sessions timeout) \U0001f6e1\ufe0f.

About bugs, we’ve fixed 2 important bugs, one about all the overall full text search \U0001f50e, which was not pretty accurate until now and one other concerning the sectors/organizations/countries/regions de-duplication \u2705. We advise you to upgrade and reset the state of the OpenCTI datasets connector to force a new import which will de-duplicate everything and fix all entities \u2728.

Last but not least, the graph capacities have been enhanced \U0001f9ec, whether in reports or within the brand new workspaces which allow users to conduct investigations and pivots on all knowledge stored in the platform \U0001f64b\u200d\u2640\ufe0f. It’s now possible to disable forces or filter the nodes/edges using a timeline slider \U0001f62f.

Enhancements:

  • #1206 Display a time range selection in graphs
  • #1198 Add Basic Auth for TAXII API
  • #1196 [api] Implement session timeout (default 20 minutes) – Change authentication
  • #1190 Ability to disable/enable the forces in the Knowledge graph
  • #1188 Adding killchain phase to indicator creation
  • #1160 Unable to change confidence level on entities other than a report
  • #1080 A way to control which users can create/modify labels
  • #1024 Attack patterns layouts
  • #1209 Automatically start connectors when upload a report
  • #550 Direct support of HTTPS instead of using a proxy
  • #529 Malicious levels of observables (ie. VirusTotal) must impact indicators
  • #21 Implement the investigation graph with workspaces

Bug Fixes:

  • #1217 [api/frontend] Note abstract property should not be required
  • #1215 Can’t create an observable of type Directory
  • #1214 Can’t create an observable of type Process
  • #1212 There is no entity type to select in Notes
  • #1208 Duplicate sectors with the same name and/or aliases
  • #1205 Individual List view doesn’t load new entities when scrolling down
  • #1199 Full text search is not prioritizing the name
  • #1197 Unable to filter reports by status in the frontend
  • #1189 Replace individualal with individual in source code
  • #1187 Observable of type “user account” not displayed correctly in the GUI