Releases: OpenCTI-Platform/opencti
Version 4.0.3
OpenCTI 4.0.3 is out! This release fixes the last bugs we discovered after the initial release of OpenCTI 4. Especially, we fixed the connectors activity monitoring which was not accurate and lead to useless ElasticSearch load (another performance improvement is expected in this version).
We are now ready to work on the next milestones and features. We would like to thank you all for the valuable feedback and testing you have provided and the overall enthusiasm about the platform.
Enhancements:
- #740 iso 3166-1 for country code liking with the actual country
Bug Fixes:
Version 4.0.2
OpenCTI 4.0.2 has been released! This one fixes minor bugs.
NB: we have updated our Docker Installation documentation with the correct procedure to upgrade your deployment.
Enhancements:
- #921 Remove the predefined list of items when associating an indicator (or an observable) with a sighting
Bug Fixes:
Version 4.0.1
OpenCTI 4.0.1 is out! This is a hotfix release for a few mintor bugs.
Bug Fixes:
- #940 Safari displays a blank page
- #939 Changing an attribute value in the admin throw errors
- #938 Queries with role-based relationships do not work
- #937 Organization ordering is broken
- #936 Creating entities from report lists does not work
- #935 Deleting entities is not consistent
- #934 Targeted organization in a sector are throwing errors
Version 4.0.0
🎉 DING DING!! 🎉
We are so happy to finally announce the release of OpenCTI version 4.0.0 🎀, after more than 8 months of tremendous collective work by the core development team. In this release, we have tackled all known main needs and issues our community has expressed over the past few months 🔨🔨.
We enhanced the data model 📉, we simplified the technological stack, we increased (a lot) the performances 🛫 and, above all, we developed much more features which will allow everyone to store, organize and share Cyber Threat Intelligence at the level we expected in the first place and within a full Open Source product 👐.
Even if we are a non profit organization, we know the wait might have seemed a bit long ⏲️, this is why we are already committed to resume a much more effective release rate in 2021, to provide all OpenCTI users with all the capabilities already planned in the strategic roadmap 🧭: integration with SOC and SIEM, analysts workflow, graph investigation, customizable dashboards, data science, etc..
We hope that you will love this release, and if you found OpenCTI difficult to install or to spawn in the past, please do not give up and try this one!
🚨This release introduces breaking changes in the data model and the schema. You cannot upgrade directly on V3.X data and you have to follow the migration procedure.
⚠️ Grakn Core Server is no longer part of our stack for the moment and has been removed from dependencies, you do not need to deploy it. ElasticSearch >= 7.10.X is required.
🖴 If you are using Docker, please do not forget to use volumes for persistence on ElasticSearch, Redis, Minio and RabbitMQ. All dependencies need to be persistent now.
Enhancements:
- #928 Knowledge section of CAMPAIGNS is missing the "Victimology" tab
- #908 Show only entities of the selected filter, when associating a report to one/more entities
- #907 Remove the predefined list of items when associating a report with any entity
- #905 Display a confirmation message / error message upon actions
- #901 Username authentication cases sensible
- #887 Limit the number of lazy queries in GraphQL
- #873 Filter list is not sorted alphabetically
- #871 Global refactoring of export workflow (entity & list)
- #865 Existance of more Aliases for an entity isn't imediately obvious
- #863 Passwords appear in cleartext in logs when auth fails
- #841 Provide option to disable auto-enrichment of Observables
- #830 Do not acknowledge messages on the worker if an entity is missing (4 retries)
- #818 Notes cannot be reached from the search panel
- #813 Be able to add tags to notes
- #802 Unable to change the value of an observable
- #800 Please add domain resolve to IP relationship
- #792 Migration script to V4
- #791 IDs generation
- #782 "Detection" section for MITRE Att&ck - Attack patterns not present
- #777 Import sha1 and sha256 is not in the STIXv2 format
- #774 Merge of 2 intrusion sets dans OpenCTI
- #773 External reference should be opened as new tab
- #757 OpenCTI Virtual Template Connection Issue
- #754 External references & reports : simplification
- #726 add the country of origin of an APT
- #695 Sightings - threats targeting this org
- #692 Allow users to display tags as "type:value" instead of just "value" in the web UI.
- #676 Set score field to STIX2 confidence
- #673 Apply Grakn schema only when needed, improve migration system
- #665 Attack patterns : relationship to indicators (sigma, yara, etc)
- #637 Additional observables
- #617 Rename the relation "localized-in" to "located-in"
- #572 Not possible to have multiple tags with the same value but not the same type
- #562 How to upgrade from ver 3.0.2 to 3.0.3
- #553 Create a new inference - part-of type
- #539 Improve connector stack to limit concurrent injection on same elements
- #501 Dates should not always be required
- #498 Sync OpenCTI instances together
- #491 Markdown editor
- #389 Enhance geographic entities views
- #387 Migation to STIX 2.1
- #296 Connector work monitoring & management
- #270 Most active threats by country
- #176 Introduce geographic maps and geo codes
Bug Fixes:
- #929 Duplicate Entry
- #924 [OPENCTI] GraphQL initialization fail
- #923 Export of Observables/Indicators is not working when a filter was applied
- #919 Documentation Zip is corrupted in release
- #909 Export of reports is bugging
- #902 Error when connecting to opencti behind a reverse proxy
- #897 new docker install error: manifest for opencti/platform:4.0.0 not found: manifest unknown: manifest unknown
- #894 Stable Docker Compose File- Nothing Works SO Far and bit frustrating
- #893 new docker install error: manifest for opencti/platform:4.0.0 not found: manifest unknown: manifest unknown
- #889 Full JSON export fails - GRAPHQL_VALIDATION_FAILED
- #886 "ImportFileStix2" Connector Fails on .json created by "ExportFileStix" connector
- #885 FrontEnd does not display "Sighting" relationship when imported with "Import-File-STIX" connector
- #860 Threat Actor relation to an Identity don't exist
- #859 Note card does not exist
- #857 Failed to create missing observables
- #856 An export in .CSV gives a file in .FALSE
- #855 Cities cannot be exported
- #854 Cannot filter on person, observables
- #853 Relationship delete history
- #847 Still grakn Issues
- #845 SHA-1 and SHA-256 indicators do not automatically create observables
- #843 demo.opencti.io
- #839 Grakn schema initialization fails
- #838 cant import json file
- [#826](https://github.com/OpenCTI-Platform/opencti/issues...
Version 3.3.2
OpenCTI 3.3.2 has been released! A lot of bug fixes including one that induces a new inconsistent behavior on entities deletion. A lot of new enhancements on current connectors, especially the introduction of new features/filters on the MISP one.
We are currently working hard on the next major releases, which will be a new step for the OpenCTI project!
ElasticSearch has been upgraded to 7.8.0.
Enhancements:
- #765 Bump Apollo version (security fix)
Bug Fixes:
Version 3.3.1
OpenCTI 3.3.1 is out! This version fixes some bugs on entities deletion that leaded to inconsistent behavior. Also other bugs have been fixed in connectors and MITRE Mobile ATT&CK has been added to the MITRE connector.
We also confirmed the compatibility with Grakn version 1.7.2 so feel free to update. Next milestone will be focus on visualization, workspaces/dashboards, and light theming!
Enhancements:
- #749 Upgrade to Grakn 1.7.2
Bug Fixes:
Version 3.3.0
Dear community, OpenCTI 3.3.0 has been released! This version introduces many new features and also fixes several bugs reported by the community: more progresses in taking STIX 2.1 into account, enhancing the victimology overview in threats, warning users about potential duplicate entities at creation, etc.
One of the major enhancements of this version is the improvement of platform integration performance. Just as we fixed more than 30 bugs during the introduction of integration tests at the release of the version 3.1.0, the implementation of performance tests allowed us to identify multiple areas for improvement. In this version, we have increased by 30% the ingestion speed compared to the previous version. And that's just the beginning! We plan to publish the results of these tests as well as a monitoring dashboard in the coming days.
Another important change is the syntax validation of all indicators imported/created in OpenCTI. STIX patterns, YARA rules, SIGMA rules, Suricata signatures and SNORT rules are now subject to syntax check, allowing all third-party software integrated with OpenCTI to be sure that the indicators provided are valid. Also, merging entities together is now stable if users need to advanced data curation.
⚠️ Breaking changes ⚠️
Grakn Core Server has been upgraded from 1.6.2 to version 1.7.1. We tested the migration process of existing data with several organizations and it is fully transparent (just start Grakn Server 1.7.1 on your current Grakn data). OpenCTI 3.3.0 is not compatible with Grakn 1.6.2 anymore since the Grakn driver has been updated and is only compatible with Grakn 1.7.X. You can also update your ElasticSearch to version 7.7.0 which is now the recommended version but this is not mandatory.
Last but not least, we are glad to announce the release of 4 new connectors. We really wish to thank @rhaist from DCSO for his amazing works during the last weeks: Malpedia connector, Valhalla connector, Python library documentation and testing, starting to work on a Go client as well as on the CORTEX connector, with progressive ideas and quality source codes. Stay tuned for next release which will be focus on vizualisation and workspaces!
Enhancements:
- #699 [UI] Remove trailing whitespaces at the creation of an observable
- #693 Migration to grakn 1.7.1
- #687 Add customized observable type by admin when creating an observable
- #645 Implement performances test infrastructure
- #640 Possibility to filter vulnerabilities on Score and Severity field
- #635 Organization should implement gathering relations
- #632 Syntax validation of indicators
- #601 Support Active Directory of TLS/SSl
- #554 Display persons in victimology
- #470 Prevent users from accidentally creating duplicate objects (e.g. threat actors).
- #462 Observables dates (creation and modification) required seconds precision
- #370 Add new observable types
- #368 Add contact_information to entity object
- #362 Observables export
Bug Fixes:
- #723 Display bug in Attack Patterns
- #710 Merging entities : recurring bug
- #707 Requesting creator through log fail if the action was executed by SYSTEM_ADMIN
- #703 UI Display of connectors - Not showing connectors after page cut-off.
- #701 Broken page for Malware attribution
- #700 Migration failed due to incorrect function call
- #691 Unable to Add Victimology to Custom Threat Actors or Incidents
Version 3.2.2
OpenCTI 3.2.2 has been released! This version fixes a few minor bugs affecting the merging of entities and the LDAP authentication. We are committed to fix all bugs the community reported as fast as we can. But this version also introduces a very important feature for the integration of OpenCTI with the whole cybersecurity ecosystem.
The sightings (true positive and false positive) are now available for observables and indicators. As provided by the STIX 2 standard, sightings could originate from an organization, a person or from any location (region, country or city).
This version also introduce a lot of enhancements in the Python library: ingestion performances have been increased (you will be able to see that in our future performance monitoring infrastructure) and you are now able to use the API pagination directly in the *.list methods.
Enhancements:
- #55 Observables / Indicators: Sighting
Bug Fixes:
Version 3.2.1
OpenCTI 3.2.1 has been released! This version fixes a few minor bugs introduced in the previous version but also enhances and adds some connectors. The next major release will be focus on two very important needs.
First of all, the deployment of performances tests, with the generation of daily public reports about performances of the platform for various infrastructure templates. Then monitoring of the platform itself to allow you to know exactly what's going on during the ingestion processes that are implemented in OpenCTI. The objective is to be able to follow the progression of ingestions and potential errors.
As usual, do not hesitate to report any bugs or ask the features you need on Github!
Enhancements:
- #671 Improve LDAP authentication error logging
- #642 Introduce new migrations directory for pre-schema initialization
Bug Fixes:
Version 3.2.0
Dear community, we are so proud to announce the release of OpenCTI 3.2.0! This is a major version introducing more than 16 new features. As you can see on the demonstration instance, we refreshed the whole user interface for a better experience. We introduced analysis notes and comments for all objects (including relations), using the corresponding STIX 2.1 entity. Also, you are now able to filter all lists of entities with much more options (for instance the last 24 hours observables/indicators).
But one of the most interesting feature is creation of the knowledge history, which is available in all screens so you can understand what's going on on entities and relations. Using dedicated tokens for your connectors, you will see modifications and new relations. This history is logged in STIX 2 so it will be used for future implementation of platforms synchronization (including other TIPs).
As written in the documentation, we encourage OpenCTI administrators to use dedicated tokens for each connector of the platform to ensure consistent history.
Last but not least, code coverage of the API is now at 84% and almost all critical methods are covered. We would like to thank all community members and developers who were involved in this new release. More to come! Especially documentation on the data model :)
Enhancements:
- #647 Global enhancement of the user interface
- #633 Introduce functional logs / comments
- #627 Enforce versions in the worker requirements.txt
- #622 Ability to export indicators based on additional filters
- #600 Full test coverage of files in the directory database
- #596 [api] Allow filtering indicators by name
- #566 Reports : "imported by XYZ"
- #559 List and export with date filters everywhere
- #479 Improve filtering / sorting of reports
- #474 Introduce technical logs
- #431 OpenCTI class diagram/blueprints
- #406 Automating the OpenCTI Manual Install Process
- #340 Reports & Organizations (authors)
- #265 Organization display mode should be a user choice
- #264 Manual filters and tags display enhancement
- #239 Multiple authors for reports
- #172 Implement list filtering on some fields
- #56 Syntax validation of observables