OpenCTI: Version 4.5.0

04/29/2021 8:53 am

OpenCTI: Version 4.5.0

Dear community, OpenCTI version 4.5.0 has been released \U0001f973! This new major branch introduces a lot of enhancements and some minor bug fixes \U0001f3c7\U0001f3fc. We’ve also started to work on the API side to be able to build in the next versions the expected integrations with a lot of third-party systems \U0001f4e1.

Among the various new features in this version, more filters are available in the TAXII collection API \u2728, it’s now possible to upload artifacts in a dedicated section and to quickly display observables sighted in specific organizations or locations. Also, the detection attribute is now automatically disabled when an indicator is expired and LDAP group mapping with platform roles has been implemented \U0001f680.

We’ve also migrated the our custom Incident entity type to the new STIX 2.1 standard and enhanced the ability to create relationships between observables (resolves-to, contains, etc.) \U0001f528. Last but not least, the users are now able to pin entities as favorite in some views, which is the very beginning of massive work around analyst centric capabilities, users engagement, comments, subscriptions, etc \U0001f468\u200d\U0001f4bb\U0001f469\u200d\U0001f4bb.


  • #1306 Implement expandable external references panel
  • #1299 Ability to Merge Observables of the same type
  • #1296 Add Infrastructure in Knowledge section of Threat Actors, Intrusion Sets and Malware
  • #1294 Introduce artifacts upload and enrichments/imports
  • #1286 Disable attribute “Detection” when an indicator has expired
  • #1285 Filter indicators by “Detection” value and by “Score” range
  • #1284 Display of attribute “Detection”
  • #1283 Display a correct error message when Github login profile have no public email
  • #1282 Refactor the knowledge section (and the root section) of organizations & individuals.
  • #1243 Add more filters on the export taxii module
  • #1235 Its says it has 1 indicator relationships BUT there is nothing listed under Indicators
  • #1185 Migrate Incidents to new STIX2.1 official entity
  • #1089 Unable to link observable Domain Name to IPv4 Address
  • #1049 Export Observables after Filtering by (Report)
  • #1007 LDAP Group import
  • #861 Changing relationship between two entities on report knowledge graph
  • #812 Multiple selection of SDOs in order to link them to another entity
  • #614 Support Azure AD integration
  • #587 Bookmark items
  • #507 Configurable logon banner

Bug Fixes:

  • #1310 Country is not always recognized by its aliases
  • #1308 Modification date of the observable is not updated after changing observable properties
  • #1298 No relationship with course of action in attack pattern overview
  • #1292 Long tasks on observables are not working (when select all)