Releases: OpenCTI-Platform/opencti
Version 3.3.2
OpenCTI 3.3.2 has been released! A lot of bug fixes including one that induces a new inconsistent behavior on entities deletion. A lot of new enhancements on current connectors, especially the introduction of new features/filters on the MISP one.
We are currently working hard on the next major releases, which will be a new step for the OpenCTI project!
ElasticSearch has been upgraded to 7.8.0.
Enhancements:
- #765 Bump Apollo version (security fix)
Bug Fixes:
Version 3.3.1
OpenCTI 3.3.1 is out! This version fixes some bugs on entities deletion that leaded to inconsistent behavior. Also other bugs have been fixed in connectors and MITRE Mobile ATT&CK has been added to the MITRE connector.
We also confirmed the compatibility with Grakn version 1.7.2 so feel free to update. Next milestone will be focus on visualization, workspaces/dashboards, and light theming!
Enhancements:
- #749 Upgrade to Grakn 1.7.2
Bug Fixes:
Version 3.3.0
Dear community, OpenCTI 3.3.0 has been released! This version introduces many new features and also fixes several bugs reported by the community: more progresses in taking STIX 2.1 into account, enhancing the victimology overview in threats, warning users about potential duplicate entities at creation, etc.
One of the major enhancements of this version is the improvement of platform integration performance. Just as we fixed more than 30 bugs during the introduction of integration tests at the release of the version 3.1.0, the implementation of performance tests allowed us to identify multiple areas for improvement. In this version, we have increased by 30% the ingestion speed compared to the previous version. And that's just the beginning! We plan to publish the results of these tests as well as a monitoring dashboard in the coming days.
Another important change is the syntax validation of all indicators imported/created in OpenCTI. STIX patterns, YARA rules, SIGMA rules, Suricata signatures and SNORT rules are now subject to syntax check, allowing all third-party software integrated with OpenCTI to be sure that the indicators provided are valid. Also, merging entities together is now stable if users need to advanced data curation.
⚠️ Breaking changes ⚠️
Grakn Core Server has been upgraded from 1.6.2 to version 1.7.1. We tested the migration process of existing data with several organizations and it is fully transparent (just start Grakn Server 1.7.1 on your current Grakn data). OpenCTI 3.3.0 is not compatible with Grakn 1.6.2 anymore since the Grakn driver has been updated and is only compatible with Grakn 1.7.X. You can also update your ElasticSearch to version 7.7.0 which is now the recommended version but this is not mandatory.
Last but not least, we are glad to announce the release of 4 new connectors. We really wish to thank @rhaist from DCSO for his amazing works during the last weeks: Malpedia connector, Valhalla connector, Python library documentation and testing, starting to work on a Go client as well as on the CORTEX connector, with progressive ideas and quality source codes. Stay tuned for next release which will be focus on vizualisation and workspaces!
Enhancements:
- #699 [UI] Remove trailing whitespaces at the creation of an observable
- #693 Migration to grakn 1.7.1
- #687 Add customized observable type by admin when creating an observable
- #645 Implement performances test infrastructure
- #640 Possibility to filter vulnerabilities on Score and Severity field
- #635 Organization should implement gathering relations
- #632 Syntax validation of indicators
- #601 Support Active Directory of TLS/SSl
- #554 Display persons in victimology
- #470 Prevent users from accidentally creating duplicate objects (e.g. threat actors).
- #462 Observables dates (creation and modification) required seconds precision
- #370 Add new observable types
- #368 Add contact_information to entity object
- #362 Observables export
Bug Fixes:
- #723 Display bug in Attack Patterns
- #710 Merging entities : recurring bug
- #707 Requesting creator through log fail if the action was executed by SYSTEM_ADMIN
- #703 UI Display of connectors - Not showing connectors after page cut-off.
- #701 Broken page for Malware attribution
- #700 Migration failed due to incorrect function call
- #691 Unable to Add Victimology to Custom Threat Actors or Incidents
Version 3.2.2
OpenCTI 3.2.2 has been released! This version fixes a few minor bugs affecting the merging of entities and the LDAP authentication. We are committed to fix all bugs the community reported as fast as we can. But this version also introduces a very important feature for the integration of OpenCTI with the whole cybersecurity ecosystem.
The sightings (true positive and false positive) are now available for observables and indicators. As provided by the STIX 2 standard, sightings could originate from an organization, a person or from any location (region, country or city).
This version also introduce a lot of enhancements in the Python library: ingestion performances have been increased (you will be able to see that in our future performance monitoring infrastructure) and you are now able to use the API pagination directly in the *.list methods.
Enhancements:
- #55 Observables / Indicators: Sighting
Bug Fixes:
Version 3.2.1
OpenCTI 3.2.1 has been released! This version fixes a few minor bugs introduced in the previous version but also enhances and adds some connectors. The next major release will be focus on two very important needs.
First of all, the deployment of performances tests, with the generation of daily public reports about performances of the platform for various infrastructure templates. Then monitoring of the platform itself to allow you to know exactly what's going on during the ingestion processes that are implemented in OpenCTI. The objective is to be able to follow the progression of ingestions and potential errors.
As usual, do not hesitate to report any bugs or ask the features you need on Github!
Enhancements:
- #671 Improve LDAP authentication error logging
- #642 Introduce new migrations directory for pre-schema initialization
Bug Fixes:
Version 3.2.0
Dear community, we are so proud to announce the release of OpenCTI 3.2.0! This is a major version introducing more than 16 new features. As you can see on the demonstration instance, we refreshed the whole user interface for a better experience. We introduced analysis notes and comments for all objects (including relations), using the corresponding STIX 2.1 entity. Also, you are now able to filter all lists of entities with much more options (for instance the last 24 hours observables/indicators).
But one of the most interesting feature is creation of the knowledge history, which is available in all screens so you can understand what's going on on entities and relations. Using dedicated tokens for your connectors, you will see modifications and new relations. This history is logged in STIX 2 so it will be used for future implementation of platforms synchronization (including other TIPs).
As written in the documentation, we encourage OpenCTI administrators to use dedicated tokens for each connector of the platform to ensure consistent history.
Last but not least, code coverage of the API is now at 84% and almost all critical methods are covered. We would like to thank all community members and developers who were involved in this new release. More to come! Especially documentation on the data model :)
Enhancements:
- #647 Global enhancement of the user interface
- #633 Introduce functional logs / comments
- #627 Enforce versions in the worker requirements.txt
- #622 Ability to export indicators based on additional filters
- #600 Full test coverage of files in the directory database
- #596 [api] Allow filtering indicators by name
- #566 Reports : "imported by XYZ"
- #559 List and export with date filters everywhere
- #479 Improve filtering / sorting of reports
- #474 Introduce technical logs
- #431 OpenCTI class diagram/blueprints
- #406 Automating the OpenCTI Manual Install Process
- #340 Reports & Organizations (authors)
- #265 Organization display mode should be a user choice
- #264 Manual filters and tags display enhancement
- #239 Multiple authors for reports
- #172 Implement list filtering on some fields
- #56 Syntax validation of observables
Bug Fixes:
Version 3.1.0
Dear community, OpenCTI 3.1.0 has been released! This major version marks another step towards the stable and professional platform that we want to build over the long term. Thanks to the amazing work of @richard-julien, the implementation of the test coverage of critical functions of the platform has solved no less than 30 major bugs. Above all, this integration tests coverage now allows the community to grow in serenity, since we have more and more organizations that want to contribute to the development of OpenCTI.
We have also improved integration performance for reports containing a large number of indicators. We can now start the ambitious construction of the next milestones alongside CERT-EU and ANSSI: analytics and visualizations, collaboration and notification functions, integration with SIEMs and EDRs, etc.
Enhancements:
- #513 Introduce test coverage of critical database functions (API)
Bug Fixes:
Version 3.0.3
OpenCTI 3.0.3 has been released! This version fixes some bugs found by community members in the platform as well as in the Python library. Thanks to the amazing work of @maertv from the @certeu, the CrowdStrike (Falcon CTI platform) connector has been released too!
For the next major release, @richard-julien is working hard on the full test coverage of the API source code and we will introduce a lot of new features in future works (refactoring the workspaces, generalization of graphs and enhancing a lot of visualizations). Also, be ready for engagement features: analysts comments, modification/audit logs, sightings, etc.
Enhancements:
- #537 Additional fields for filtering indicators
- #531 Order tags in list
- #480 Merge duplicates entities
- #246 Implement a bulk data manager for entities/relations (delete, merge, split, etc.)
Bug Fixes:
Version 3.0.2
Dear community, OpenCTI 3.0.2 has been released! We fixed a lot of bugs related to the new RBAC system as well as some slowness in the ingestion process provided by workers. We also released a first version of the VirusTotal connector and enhanced the vulnerabilities entities with new attributes (CVSS3).
We are working hard on the next release to dramatically extend the test coverage and develop the data curation features (de-duplicate, merge, split, bulk edit/delete).
Enhancements:
- #503 Have a more detailed view of description when adding entities
- #469 Drop-down selection options/suggestions don't appear until you type something
- #429 "Edit this Doc" button URL
- #322 Documentation/Default Script to be updated
- #257 Enhance vulnerability entity
- #147 Vulnerability : add external information
- #49 Implement vulnerability enrichment
Bug Fixes:
- #523 Lower performances of the ingestion process since 3.X
- #521 Unable to delete relations in reports
- #520 Unable to delete a tag on an actor
- #519 Disrepectancies between the general search field and the search field to add entities in a report
- #500 Display issue in the pannel to add entities to the knowledge of a report
- #451 Dates for very long term relations
Version 3.0.1
OpenCTI version 3.0.1 has been released! We hotfixed 6 bugs linked to the implementation of the RBAC capabilities. On the next milestone, we will work on the test coverage of the platform to strengthen our ability to develop the product and its features in depth. Thank you to all community members who reported these bugs.
Bug Fixes:
- #488 First seen date can be more recent than last seen date
- #511 Unable to add permissions to a group
- #510 Problem when trying to add an external reference to a Threat Report
- #509 Author field does not update after creation of the entity
- #514 Incident view load indefinitely
- #516 User roles/capabilities change doesn't clear the token cache