OpenCTI: Version 5.3.0

05/23/2022 8:08 am

OpenCTI: Version 5.3.0

DING! DING!🔔 Dear community, we are deeply happy to announce the release of OpenCTI 5.3.0 🥳. This milestone represents a very important step in our strategic roadmap progress as it fixes and resolves more than 100 issues across our platform, connectors and libraries 🔥. This release also includes some security fixes, then you are kindly advised to upgrade 🛡️.

First of all, OpencTI 5.3.0 brings a bunch of new features 🚀:

  • custom CSV feeds (to ease integration with third-parties) 🗄️;
  • enriched editors and PDF conversion for report content 🍒;
  • history improvement and automated reports correlation 📰;
  • automatic extraction of observables when indicators are created ⚒️;
  • support of STIX 2.1 extensions in the streams (as well as a new consistency mecanism to get update and delete events) 💡;
  • compatibility with all object references in import and export (for instance, resolves-to_refs, bcc_refs, etc.) 🧱;
  • a few more inference rules (which can be able for sightings management) 🎁.

Also, the user experience has been greatly enhanced in a lot of different screens: victimology, bundle import validation, dashboards, graphs and a new global relationships list (under the section data) 🪄. Furthermore, this new version also includes several bug fixes and performances improvement (management of IDs, configuration cache, etc.) as well as multiple connector enhancement (including new connectors such as CISA Known Exploited vulnerabilities and APT & Campaigns collections) 📚.

Finally, this release also includes new administration capabilities: hide some sections in the user interface (example: hide the Threat Actors category if not used),

🖥️ Technical dependencies: support of Redis 7 and below, RabbitMQ 3.10 and below, Elastic 7.17.3 and below (no Elastic 8 support yet)

📺 Stream change: for stream consumers (connectors or scripts), all x_opencti_* attributes have been moved to a STIX 2.1 extension in the entities and relationships.

📰 History connector change: the history connector has been removed and replaced by an internal history manager, it should be removed from OpenCTI stacks.

🥏 Python library change: SimpleObservable class has been removed, native STIX 2.1 classes must be used for observables in connectors.

⚙️ A correct app:base_url (APP__BASE_URL) in the configuration is now highly recommended for optimal work of all features.


  • #2097 Reintegrate X509V3ExtensionsType in X509 certificate
  • #2091 Entity Types missing in Advanced Search
  • #2086 Investigation Panel does not keep entity types filter when expand an entity
  • #2079 Entity ID must be kept when key is rewritten in specific condition
  • #2077 Bump dependencies blocked by patches
  • #2076 Be able to hide some entity types screen in the UI
  • #2074 Docker build fails for Platform service in latest master (5.2.5? )
  • #2073 Implements configuration cache to improve performance
  • #2065 Ability to choose to remove from container or delete
  • #2063 Report Context Rich Text Editor
  • #2062 Migrate to Redis 7
  • #2061 Implement STIX 2.1 extensions format and binders and introduce typescript
  • #2058 Global relationships list
  • #2057 Relationship creation enhancements
  • #2056 Overall improvement of victimology screens
  • #2055 Report UI enhancements
  • #2054 Create new inference rules
  • #2053 Fix some FR translations missing
  • #2051 Do not expose platform_email to unauthenticated users
  • #2050 Ask for old password to change the current user password
  • #2045 Setting the fist and last seen of a campaign
  • #2043 Request for Stix2 Email message objects to have some optional properties on the platform
  • #2035 All Linked Observables should be available in Reports Knowledge graph
  • #2030 Export objects (especially observables) from Knowledge page of TA, Intrusion Set, other SDO entities
  • #2023 Custom dashboard – ability to list latest (or filtered reports)
  • #2019 Implement STIX import/export of nested references implemented as SRO
  • #2018 Be able to re-apply a rule for a specific entity
  • #2014 [pre-validation screen] show the value of the stix entity. Not the stix id.
  • #2011 Notification on Incidents
  • #2010 Be able to extract a first scope of observables from created indicators
  • #1998 No history not correctly centered
  • #1995 Implement deduplication of Process objects
  • #1994 Enable Custom SROs OR enable organization running OpenCTI to do so themselves
  • #1983 Re-implement HTML rich editor, PDF reader and Markdown editor in content
  • #1982 [custom SRO] Add “uses” SRO type between Organizations and Tools
  • #1974 Migrate the history connector in an internal thread
  • #1970 Be able to update title page and favicon
  • #1963 Automatic correlations: reports, files and artifacts
  • #1945 [FEATURE] HTTP list feeds
  • #1932 Be able to include inferred elements in live stream
  • #1906 Search bar in Knowledge Graph
  • #1892 Subscription: Unable to define a subscription based on a Sector, Region, Country
  • #1868 Victimology heatmap
  • #1866 Relationship with the “network” SCO
  • #1857 Correlation view don’t work
  • #1854 Already known in the platform
  • #1851 Role of threat actor is missing
  • #1848 Add relationship “Participate in” between Threat Actor and Campaign.
  • #1847 Add relationship “Cooperate with” between 2 TA
  • #1817 First wave of React pure functions / refactor frontend
  • #1815 Ability to give Vulnerability object an Alias
  • #1814 Ability to add external references to objects in bulk
  • #1812 Make the pinpointing of a position on the minimap based on lat/long more visible
  • #1810 Adding research filter menu to the tabs in the knowledge of an object
  • #1805 Create “is a sample of” relationship, for File -> Malware
  • #1804 Add option to view dates in Incident timeline
  • #1792 Ability to deselect objects after selecting all
  • #1789 Save file names upon upsert file objects
  • #1566 Modification of Report Processing Status
  • #1503 Report bulk “delete entities/observable” must removes the association, not the entities
  • #1321 Implement sightings on knowledge graphs and enable export in STIX bundles
  • #535 Filtering of kill chain view by marking (and other fields)

Bug Fixes:

  • #2089 SAML Redirect null
  • #2087 Bug in object types list in copy/paste text content
  • #2083 Exporting Timeline/Global Kill Chain to PDF doesn’t work
  • #2070 Analysis view in graph menu and bug
  • #2066 Typo in requirements.txt
  • #2052 Refactor the workflow status display (duplicated)
  • #2049 Prevent user to be able to modify token with an arbitrary value
  • #2048 Prevent user logged with SSO to modify email address on the backend side
  • #2047 Fix CORS for GraphQL requests
  • #2046 Fix CSS vulnerability in data import functionnality
  • #2032 Incorrect platform base URL for some web UI resources (/media/ SVGs)
  • #2031 Search and filter objects in Knowledge view of SDO entities
  • #2017 Processing status of reports not correctly displayed
  • #2016 Unable to modify Kill Chain phases on Infrastrcture
  • #2006 Knowledge tab bypass all capabilities permissions unknown error