Releases: OpenCTI-Platform/opencti
Version 4.2.3
Dear community, OpenCTI version 4.2.3 has been released π! This version introduces minor bug fixes mostly linked to user interface screens.
Enhancements:
- #1085 The items "Countries" and "Sectors" should be present in the right menu of an Organisation
Bug Fixes:
Version 4.2.2
Dear community, OpenCTI 4.2.2 has been released π€―! This new version includes some bugfixes and tiny enhancements such as hashes syntax verification and better management of the MITRE ATT&CK framework π.
As you may know, we have decided to prioritize works around integrations and use cases π‘ so this version also provides a bunch of new connectors ready for production: TAXII2, TheHive, AbuseIPDB, Malbeacon and Abuse.ch URLhaus π. We are actively working on more third-party integrations to strengthen our ecosystem in the coming weeks πͺ!
Enhancements:
- #1078 Stix cyber observable - cant update existing observable using argument: update=True
- #1042 Hash Verification
Bug Fixes:
Version 4.2.1
Dear community, OpenCTI 4.2.1 has been released! It fixes a major bug which prevents some connectors to work properly.
Bug Fixes:
- #1074 Python library is not working
Version 4.2.0
π€ Dear community, we are thrilled to announce the release of OpenCTI version 4.2.0 π! This release introduces major new features and you may have noted that we have closed the Github issue #2 π
Foremost, we have reached a new very important milestone in our strategic roadmap π―, which was the implementation of what we call the "data segregation" π‘. OpenCTI is now one of the few knowledge and intelligence products which implement proper isolation of accesses to entities and relationships π€: you can assign specific marking definitions to a group. The users of this group will only see things that are not above the defined marking(s)π₯.
β οΈ If you have non-administrator accounts in your current platform, you have to create a group, then add all users in it and adjust marking definitions to give access to the data.
Then, we are very happy to release the first intelligent background processing in the platform π§ , with the automatic management of the indicators life-cycle. Indeed, all expired indicators (valid_until < now) are now automatically revoked. This allows future integrations with SIEMs and EDRs to benefit from out-of-the-box life-cycle management π.
Last but not least, advanced search and logical operators in all filters have been implemented to allow for instance users to display entities based on several tags (tag1 OR tag2 OR ...) π.
Our main focus in the next coming weeks is to build new integrations, connectors and use cases to let everyone to familiarize with these new features π¦Έ.
Enhancements:
- #1069 File Observables with no Hash Create their own Hash
- #1059 Issue : The platform does not accept derived from relation between 2 indicators
- #1043 Do not index indicates relationships in entities
- #955 Management of indicators lifecycle
- #733 Search Attributes
- #543 Implement tag cumulation
- #438 Enhance global and local search
- #2 Integrate the MarkingDefinition restriction to domains queries (aka data segregation)
Bug Fixes:
Version 4.1.2
Dear community, OpenCTI version 4.1.2 is out! This release fixes important bugs found in the automatic merging process and UX issues. We advise to upgrade OpenCTI instances as soon as possible.
Enhancements:
- #269 Most active threats by sector
Bug Fixes:
- #1053 TOP 10 THREATS TARGETING THIS ENTITY - box scrolling infinitely
- #1052 Entity merging can sometime raise "missing index" errors
- #1050 Reports have system set as creator and have no history
- #1048 Unable to manually create new entities when working from a report
- #1047 Unable to connect to "http://{IP_ADDRESS}:8080"
- #1043 Do not index indicates relationships in entities"
Version 4.1.1
Version 4.1.0
Dear community, OpenCTI 4.1.0 has been released π! This release introduces a lot of new features and bugfixes in visualization, automatic merging, massing deleting, performances, etc π.
First of all, we have reached a new milestone in our strategic roadmap with the implementation of custom dashboards and visualization widgets π. Users can now build dashboards to follow threats, victims, entities and overall knowledge in their OpenCTI platforms π₯οΈ.
Also, we have solved potential consistency issues by implementing more automatic merging of entities when a connector try to inject trusted data in the platform (MITRE, OpenCTI datasets, etc.) πͺ. If any errors occurred in the latest runs of some connectors, it should now be solved.
Finally, for advanced users who would like to have a better management of their ElasticSearch indexes (roll-over, freeze, sharding, etc..), OpenCTI is now working well with rolled/cold indexes.
Let's now focus on graph investigation and SIEM integrations π!
Enhancements:
- #1027 Automatically merge entities resolved when update parameter is true
- #1026 Change the Attack Pattern / Courses Of Action standard IDs
- #1019 Generic entities "Location" are not correctly handled
- #1016 From a tools page, the user can't add an attack pattern
- #1015 The field DESCRIPTION of a vulnerability is not displayed.
- #1014 Allow a tool to be associated to a vulnerability
- #1013 Not possible to associate a sighting to a vulnerability
- #1012 Not possible to associate an observable to a vulnerability
- #1011 When on an ATTACK Pattern, is not possible to associate with a TOOL since the relation ship is missing
- #1010 The organizations listing should contain a filter on TYPE, to easily filter the organisations.
- #1009 Attack patterns & Tools should be associated with Organisations
- #1008 Countries entities should contain intrusion sets originating from the country
- #1003 Give more control in elastic index configuration
- #997 Improve hashed observable managment
- #993 Top Actor Widget
- #992 Most Active Malware Widget
- #986 Top CVE Widget
- #974 Change pagination system to use search_after instead of from
- #892 [import file stix] Improve Error logging
- #890 Full CSV export fails
- #738 Date Management
- #688 Improve the import of reports
- #667 Adding a tooltip to the menu items icons
- #655 Pin/Docking Navigation in WebUI
- #588 Heat map for victimology
- #532 have the same presentation in the frontend for countries and regions than for sectors/subsectors
- #505 Create a threat activity dashboard
- #307 Full refactor of workspaces and custom dashboards
- #271 Most active malware
Bug Fixes:
Version 4.0.7
Version 4.0.6
OpenCTI version 4.0.6 has been released π! A few minor bugs have been fixed and a new feature is now be used to configure memory limits of the OpenCTI main NodeJS process. This has been requested by some users to increase OpenCTI capabilities to ingest more data π.
Enhancements:
- #985 Configurable API max memory + memory usage in /about
Bug Fixes:
Version 4.0.5
OpenCTI version 4.0.5 is out π! This version fixes minor bugs but which turn to be blockers for some organizations in the OpenCTI community π.
We will strengthen our documentation effort in the next few days, especially for all "usage" pages and the OpenCTI to OpenCTI synchronization π.
Bug Fixes:
- #983 Work cleanup (Elastic/Redis) must be time based instead of count based
- #982 Unable to Remove Objects from Entities in Reports
- #976 Confidence level resolved to early lead to creation error sometimes
- #975 Change the method to compute number of connected workers
- #973 Unable to remove permissions from Group after setting it.
- #971 Wrong STIX indicator pattern when indicator is created from a process observable