OpenCTI: Version 5.0.0

09/14/2021 5:13 pm

OpenCTI: Version 5.0.0

\U0001f389 DING DING!! \U0001f389

Dear community, we are glad to announce the release of OpenCTI 5.0.0 \U0001f381, after 3 months of collective work from the whole OpenCTI community. This new version is based on two fundamental principles:

  • Make OpenCTI more reactive and intelligent with the data while we ensure consistency and robustness of our current components \U0001f9e0.
  • Build the roots of more collaboration, sharing and engagement on threat intelligence structured data \U0001f91d.

In this major release, we have entirely reworked most of our essential components, especially the data streams to enable community sharing and synchronization between platforms \U0001f4e1. Furthermore, this milestone re-introduces a global reasoning mechanism on the data, allowing analysts to visualize accurate and exhaustive knowledge without constantly pivoting between entities and relationships \U0001f4c9.

A lot of new features described in our blog post are available in OpenCTI 5.0.0: subscriptions / digests, content viewer / enriched editor, custom workflows, dashboard widgets, etc \U0001f680. Among all these changes, more than 50 bugfixes are part of this release, whether related to the core platform or the connectors/libraries ecosystem \U0001f528\U0001f528.

We are working on updating our strategic roadmap so it will reflect where we stand, but next steps have been already planned in the different Luatix development committees: garbage collector, case management, connectors and widgets will be our main focus in the coming months \U0001f387.


  • #1550 Allow file upload in external refereance
  • #1534 how can i add the relation “CONSISTS_OF” between INFRASTRUCTURE and OBSERVED_DATA
  • #1530 Implement a generic status for all entities
  • #1521 OpenIDConnect Strategy doesn’t support roles from claims
  • #1486 Increase body-parser express limit to prevent “request entity too large”
  • #1467 Marking column is missing
  • #1455 Improve elastic-searching from platform. (global searching, author searching, individual entity screen searching)
  • #1453 Ability to filter on types of Report Type in Report’s Correlation view
  • #1449 Add an option to automatically add new marking to certain groups
  • #1447 Clickable links on Attack Matrix View
  • #1444 Observed data upsert management (first_seen, last_seen, number_observed)
  • #1438 [frontend] Report can’t create Course of Action
  • #1437 Enhance the large graph performances
  • #1435 Remove this red cross sign when no access in observable
  • #1433 Feed subscription / bulletin / digests
  • #1425 ‘belongs-to’ is not a permissible relation between IP and ASN
  • #1419 Re-implement inferences and automatic rules of computing
  • #1402 Importing STIX file from Report doesn’t associate objects from the report
  • #1359 Get Alert / Notification from OpenCTI
  • #1358 Refactor sightings (viewing Sighting Description)
  • #1351 Create Exportable list of Courses of Action per Incident, based on related Attack Patterns
  • #1347 List Widget for Dashboarding
  • #1324 Missing permissions to prevent access to Data/Entities and Data/Background tasks
  • #1322 Implement system identity objects
  • #1319 Creating relationships between entities in the context of investigations
  • #1312 Enable Tree Mode in Knowledge Graph while forces are in disabled
  • #1304 Refactor sightings and display history of relations
  • #1303 Refactor notes & opinions to be more “user friendly”
  • #1287 Add dashboard widget to display indicators lifecycle
  • #1275 Default connector role and mutation
  • #1265 The description content is different from the preview page.
  • #1063 Filtering based on area of concern & Watch List feature request
  • #912 Rules for correlation
  • #904 “Rich text editor” (report creator + export PDF)
  • #876 Referenced all platform information
  • #874 Make a backup of the platform
  • #788 Targeted organisations should be able to connect to locations/regions
  • #753 Add description of infered relations
  • #649 Inferences – threat actors -intrusion sets
  • #183 Implement a timeline visualization for multiple entities

Bug Fixes:

  • #1559 Line break in description fields for notes and relations is not displayed
  • #1558 Plateform freezing when creating a new entity without an author
  • #1552 URLs are incorrectly rewritten when using a reverse proxy
  • #1548 Investigations error when contains resolves-to relationship
  • #1539 ElasticSearchMetrics GraphQL error: Int cannot represent non 32-bit signed integer value
  • #1538 Custom colour setting hex-code handling
  • #1531 Setting x_mitre_id to None Causes webUI Crash
  • #1529 Can not delete “marking definition” on incident page
  • #1525 Unable to manually create “observed data” entry
  • #1524 Check why standard_id is in other STIX IDs and create a migration
  • #1502 Error Displaying Intrusion Sets
  • #1489 CVEs Identified in OpenCTI
  • #1480 Observables missing from the menu to create a new entity in Reports
  • #1479 Bug with bookmarks when an entity is suppressed
  • #1478 Internal server error when launching pdf file import
  • #1471 Report titles appear blank when creating relationships
  • #1465 Bug when expand TTP in investigation menu
  • #1448 Unable to change time period in custom dashboards with a “Read Only” role
  • #1446 [frontend] Report entities can’t select check box
  • #1443 Exporting of entities in a Threat Report exports all entities when filtered.
  • #1439 Creation of embedded relations broken in the latest release
  • #1430 Filter by marking not working in graph view
  • #1418 Uploading from python connector stopped working
  • #1369 Elasticsearch multi-node connexion