OpenCTI: Version 4.5.1

05/13/2021 4:40 pm

OpenCTI: Version 4.5.1

Dear community, OpenCTI 4.5.1 has been released \U0001f680! This version introduces a lot of new features and minor bugfixes \U0001f973. First of all, as planned in our roadmap, we’ve tackled our brand new live streaming system \U0001f4e1, which allows to create as many streams as needed (like TAXII 2.1 collections) \U0001f4f0.

To demonstrate the power of this new system \U0001f4a1, this release also brings the availability of 2 new and long-awaited connectors: Splunk KV Stores & ElasticSearch SIEM \U0001f381. Also, the Tanium connector has been entirely refactored to use this new streaming system.

Finally, our Synchronizer connector has been enhanced so we’ll soon be able to start working on true exchange communities built on top of OpenCTI instances \U0001f6f0\ufe0f.

\U0001f4dc To know more about the live streams and our event format (STIX 2.1 compliant), don’t hesitate to read our dedicated documentation.

Last but not least, this new version also contains some enhancements in the user interface with new capabilities in custom dashboards and investigations. Also, global graphs of knowledge for each entity have been introduced \u2728. They gather all the entities and relationships from the reports associated to the concerned entity \U0001f44d.

Next milestones will be focused on improving the overall engagement of OpenCTI users with a refactor of notes, opinions and the introduction of subscriptions and workflows \U0001f49d.

Enhancements:

  • #1334 Extend the Dashboards for “Sector or locations” to the entity “Organistion”
  • #1314 Description is not appearing in the Course of Action
  • #1313 Score filters for Observables & Indicators
  • #1302 Export full indicator via SSE upon deletion
  • #1297 Improve platform initialization to prevent concurrency problems
  • #1269 OpenCTI fails to start with clean Redis instance
  • #1261 Create a relational “master” graph in Intrusion-Set and Threat-Actor menu
  • #1232 Implement custom/filtered streams
  • #811 Possibility to obtain a synthesis report of knowledge

Bug Fixes:

  • #1344 Datetimepicker – wrong language on days header
  • #1343 Prevent creation conflict when user have no visibility on element creation
  • #1339 Organizations knowledge – Add new observables relationship doesn’t work
  • #1333 Dashboards – changing the time window has no effect on the shown results
  • #1328 TAXII API – Filters (Score greater than) not working
  • #1323 First seen and last seen not updated for existing sighting