Skip to content

Releases: OpenCTI-Platform/opencti

Version 5.7.6

20 May 10:08
c280f3b
Compare
Choose a tag to compare

Enhancements:

  • #3355 Enhance display of security generic settings

Full Changelog: 5.7.5...5.7.6

Version 5.7.5

19 May 17:52
57de891
Compare
Choose a tag to compare

Enhancements:

  • #3350 Reverse order of details / overview in all entities
  • #3342 Add start_time / stop_time in time field for timeseries in dashboards
  • #3340 Allow creating a stream filter based on organization
  • #1560 Entity creation : disparition of some field contents when changing the type of entity

Bug Fixes:

  • #3337 "Plus" button in Analyst Workbenches doesn't work anymore for adding entities
  • #3335 Some entities names not displayed in Data>Relationships
  • #3330 Export broken for Data components
  • #3328 Error when exporting data sources/data components
  • #3318 Notifications for relationships involving restricted entities
  • #3311 Observable handling in Workbench
  • #3308 Missing relationship type in a knowledge screen
  • #3294 "Cancel"-button doesn't work in duplicate-option in "Custom dashboards"
  • #3291 Create an entity from a sighting crash the application
  • #3290 Can't update is family field on malware
  • #3285 Background task 'delete all notifications' delete notifications for all users
  • #3281 Can't remove filters in TimeLine view

Pull Requests:

Full Changelog: 5.7.4...5.7.5

Version 5.7.4

04 May 22:39
3963bbc
Compare
Choose a tag to compare

Enhancements:

  • #3278 SSL Wrong Version Number Error when trying to receive email notification
  • #3262 Add policies for local password

Bug Fixes:

  • #3280 Unable to export indicators based on revoked status
  • #3277 Stream negative filtering on author is not working on observable (author is in extension)
  • #3276 Logo URL (login) image from initial login form, is always retrieved from light theme.
  • #3268 Version 5.7.3 still has a bug related to restricted entities in auto-generated relationships
  • #3258 Filters not reset after the creation of a live trigger
  • #3256 Better handling of empty trigger outcome
  • #3255 Broken custom dashboard use case
  • #3254 Creating a new container on the fly in massive operations is not working
  • #3253 In Malware => Knowledge => Incidents, all incidents are displayed

Pull Requests:

Full Changelog: 5.7.3...5.7.4

Version 5.7.3

29 Apr 11:18
f632564
Compare
Choose a tag to compare

Enhancements:

  • #3250 Improve performance of taxii/stream data loading by batching element refs resolution
  • #3224 Create a default Group for Connector at initialization
  • #3223 Ambiguous Error For SSO Failure when Missing Groups
  • #3145 Add Case Rfi and Case Rft Entities

Bug Fixes:

  • #3251 In threat actors / intrusion sets / campaigns list, search keyword is not remembered
  • #3246 The attribute x_opencti_graph_data is not allowed on Case-Incident
  • #3245 Uploading file in new external references not working
  • #3243 Uploading file in external references then delete, the file never disappear
  • #3239 Remove align migration date to prevent migration reapply
  • #3238 Missing first_seen date causes errors in data synchronization
  • #3231 Migration 5.6.2 -> 5.7.2 A database error has occurred
  • #3219 Filtering on indicator types is not working anymore
  • #3215 Version 5.7.2 partially fixes the relationships visibility problem. The relationships are visible, but the error arises when trying to visualize the single relationship details.
  • #3213 No distribution statistics in incidents
  • #3209 Error when generating an export for observables
  • #3208 Relationships containing not visible entities for a certain user gives a platform error
  • #3027 Creating and deleting "child" relationships between 2 Process Objects throws "t.substr is not a function"

Pull Requests:

Full Changelog: 5.7.2...5.7.3

Version 5.7.2

20 Apr 19:45
c44ad42
Compare
Choose a tag to compare

Enhancements:

  • #3120 Verify that SCOs can shared with organizations, standalone or as part of a container
  • #3116 Group default membership and auto marking must be initialized to allow correct sorting/filtering

Bug Fixes:

  • #3208 Relationships containing not visible entities for a certain user gives a platform error
  • #3206 Kill Chain Phases icon in entity overview when adding a kill chain phase
  • #3205 Upgrade to 5.7.1 does not fix failed migration to 5.7.0
  • #3202 Fix issues of case migration
  • #3199 Can't create Data sharing Feed CSV
  • #3196 List of users is broken in the backend because not enriched
  • #3178 Task Manager stucked and looped

Pull Requests:

Full Changelog: 5.7.1...5.7.2

Version 5.7.1

18 Apr 11:34
8a58988
Compare
Choose a tag to compare

Enhancements:

  • #3141 Kill chain phases are not displayed in the overview of a STIX Core Relationship

Bug Fixes:

  • #3185 Error during migration to 5.7.0

Pull Requests:

  • [frontend] Kill chain phases display in the overview of a STIX Core Relationship (#3141) by @Archidoit in #3157
  • [backend] Add creators to basic object/relationship model by @RomuDeuxfois in #3190

Full Changelog: 5.7.0...5.7.1

Version 5.7.0

17 Apr 13:20
6bc22a5
Compare
Choose a tag to compare

Dear community, we're so glad to announce that OpenCTI 5.7.0 has been released 👏! This new version brings major features to the platform and fixes several bugs 🛸. This milestone also contains important code refactors and underlying enhancements which will allow us to speed-up the delivery of our 2023 strategic roadmap 🚀!

First of all, the RBAC has been reworked to be more adapted to organization composed of users and groups ✍🏻. Roles / marking definitions are now associated to groups so SSO / active directory integrations are now straightforward 🛡️. Also, we are progressively rolling out more capabilities to customize roles with default hidden entities, default dashboards, etc. to address several levels of stakeholders within an organization 🪄.

Also, it is now possible to fully customize confidence scale (colors, labels, min/max, ticks, etc.) by entity type like we did for mandatory attributes in the previous release. This work has triggered so many bugfixes and enhancements on forms and entities display 🌈.

Finally, opinions are now subject to the new capability "Access to collaborative creation" as notes, to allow read-only users to give their opinions and put comments in entities and relationships. Dashboard widgets start to be more interactive and you can click on horizontal bars and case management is now ready for takeoff with tasks / tasks template and requests for information scheduled for the next release 🎆.

📰 Please be sure to read the documentation about the RBAC refactoring to understand what changed and how you should adapt your SSO mappings. Basically, if you are using "roles_mapping", just replace "roles" with "groups". Whether you are using roles or groups on your SSO side, everything should now be mapped to OpenCTI groups.

Enhancements:

  • #3175 Be able to use assignees in dashboards and implement distribution list
  • #3136 "Top Labels" text overflows on small screens
  • #3117 In malware, make 2 fields "upsertable"
  • #3114 Merging hashes in the analyst workbench
  • #3098 Improve engine to handle large amount of text to search
  • #3095 Enforce merging to update elements base on their current index
  • #3088 Add case container management in Workbench
  • #3081 Dependabots fix and user edit api protection
  • #3064 Add indicator objectContains filtering capability + align contains filtering
  • #3012 Modularization of relation refs
  • #2994 Report -> Observables page mislabels Author/Creator
  • #2990 Improve Synchronizer client to try reconnect if started but connection is closed (404, ..)
  • #2977 Separate Case and Feedback, and implement Request for Information
  • #2872 Disable list export when more than X elements are targeted (static parameter with default value 50,000)
  • #2849 User overview modification
  • #2847 On horizontal bars chart representing an entity, be able to click on the bar to go on the entity
  • #2555 Customizable confidence scale
  • #2516 Align opinions behaviour on notes
  • #2512 Refactor RBAC / seggregation to put everything under the "group"
  • #2419 Automatically create groups on SSO

Bug Fixes:

  • #3148 Modifying Valid Until Date
  • #3147 Pie chart displaying IDs instead of names for attribute created-by.internal_id
  • #3143 Rules are not displayed anymore in rule engine settings (Demo)
  • #3138 Confidence scale setting input not behaves correctly
  • #3135 Don't show sub-narratives twice in Techniques->Narratives view
  • #3125 Modify the mechanism on created nested relationship in Graph
  • #3110 Unknown ObservedData in several display contexts
  • #3106 Creation of entities sometimes doesnt close the panel due to localstorage "types" element
  • #3103 Live stream / taxii collection query indices resolve too much information
  • #3102 contain_refs not authorized between files and other observable
  • #3101 Unable to create dashboard using Revoke filter
  • #3091 Channel creation with channel type is broken
  • #3090 Observable type User Agent cannot be sent through data sharing stream
  • #3084 Unknown channel value in Knowledge>Details
  • #3079 Unknown names in Overview>Latest relationships
  • #3077 Link entity from a located-at relationship creation form
  • #3070 Create entity from a located-at relationship creation form
  • #3069 Observables upserts don't appear in streams with label filters
  • #3067 Ref creation on observable can fail because of representative extraction
  • #3066 Extract referer can fail if malformed + user token must not be logged
  • #3060 'No label' filtering combination
  • #3059 Author negative filtering not working on streams
  • #3047 Report name is Unknown when creating a relationship between an object and a report
  • #3044 Entities distribution graph display in Groupings
  • #3033 Can't update end date of an event
  • #3031 Cannot share observables/artifacts/indicators with Organizations
  • #3029 You shouldn't be able to merge vocab when builtin
  • #3011 Multiple errors in logs: This attribute key first_seen is not allowed on the type targets
  • #3037 [MITRE] Mitre connector fails to create "The MITRE Corporation" entity with default connector permissions
  • #2985 Settings routes are not protected consistently with APIs
  • #2623 Synchronizer Stream Restarting on Error

Pull Requests:

Version 5.6.2

11 Mar 14:21
002e102
Compare
Choose a tag to compare

Dear community, OpenCTI version 5.6.2 has been released 👏! This version hotfixes 3 minor bugs and add the support of HTTP/HTTPS proxy for the platform process (mainly for synchronization purposes) 📡.

Enhancements:

  • #2370 HTTPS-proxy support for Synchronizer

Bug Fixes:

  • #3004 Cannot update hashes in the workbench / observables tab
  • #2998 Multiple dashboards issues
  • #2996 Navigating back to Observables view creates a filter hiding all entities in reports and cases

Pull Requests:

Full Changelog: 5.6.1...5.6.2

Version 5.6.1

08 Mar 17:42
c1c9abb
Compare
Choose a tag to compare

Dear community, OpenCTI 5.6.1 is out 🥳! This is a hotfix release for a bug which prevents some lists to be ordered by author / marking definition 🦾.

Bug Fixes:

  • #2991 Runtime ordering (author, markings, etc.) is broken

Full Changelog: 5.6.0...5.6.1

Version 5.6.0

07 Mar 21:50
af0ed1b
Compare
Choose a tag to compare

Dear community, we are so happy to announce that OpenCTI 5.6.0 has been released 🎉! First of all, this new version fixes multiple issues in the analyst workbench, the dashboarding engine as well as various knowledge screens 🤯. In terms of features, it brings various major enhancements to our threat intelligence platform 🚀:

  • Be able to customize mandatory attributes for each type of entity (default values for each of them will come in the next release) 🪄 .
  • Cumulation of technical creators (connectors / users) to keep all sources of an entity over time 💭.
  • Be able to turn a "stream" (feed) to be public, and all public streams listed on a public page "/public" 🌍.
  • In synchronizers, it's now possible to consume public streams, and available streams on a remote platform are listed with their filters 📡.
  • 2 important enhancements of knowledge graphs, including lasso selection of entities and display of basic information for selected objects in a right panel 🎠.
  • All STIX indicators patterns are now canonicalized to avoid potential duplicated using STIX pattern grammar (ANTLR) 🧽.

⚠️ No breaking changes in this releases but 3 points to check / fix if necessary:

If you are using streams, they can now be turned off so check in the Data / Streams list that they are all turned on 🚦.

Old custom dashboard widgets have been deprecated, they will not be displayed anymore 🆕.

In custom dashboards, a huge refactor / improvement have fixed several bugs, and some widgets may have been impacted / reversed (check the "Display source" toggle if you find the displayed data to be inaccurate) 💡.

Enhancements:

  • #2984 Custom Dashboard - Add workflow status filter
  • #2952 In "indicators" list, add a filter for "indicator_types"
  • #2951 Rename right column filters in indicators and request pattern type OV
  • #2927 Add suport for consists-of between infrastructure and infrastructure, observed-data, + sco
  • #2923 The relationship type targets is not allowed between Attack-Pattern and System
  • #2921 [back/front] Improve relations based dashboard widgets
  • #2886 Cumulate creator_id when upserting an entity
  • #2877 Change Redis trimming default settings to 2 millions (8G average)
  • #2875 Improve Redis cluster configuration + platform stops when redis is not available
  • #2869 Marking definition information leak in entity history
  • #2860 Improve live stream to continue to send Heartbeat during long resolutions
  • #2843 Address/Postal Code support on Position GUI
  • #2817 Some entity fields are not aligned in creation and update
  • #2867 Unable to remove first_seen and last_seen atrributes from Indicator objects in UI
  • #2735 Checkboxes / selection in all "Event" categories (incidents / sightings / observed data)
  • #2606 Be able to make a stream "public" and create a public page
  • #2562 From the "mass operations" toolbar, be able to create a report and add the selected entities
  • #2447 Expand Pattern Types to include Major AV Vendors
  • #2239 Be able to hide any menu and sub menu
  • #2159 View entity details on graph panel
  • #1941 [FR] Request for the knowledge graph for reports to have the ability to be multiselected (via drag box/ window)
  • #1850 Allow to make some entity/fields mandatory
  • #1809 Unable to modify a observable in a report knowledge space
  • #1683 Improve "location" and the location form
  • #1667 When hovering over observable in Report, show related objects
  • #1551 STIX patterns that are equivalent are not canonicalised which creates duplicate objects

Bug Fixes:

  • #2980 Exit 1 / platform shutdown when Redis becomes unavailable
  • #2979 In demo, on indicators when filtering with email address, IPs are displayed
  • #2976 In Observations => Observables, filters do not impact the URL
  • #2970 Usage count of open vocab is broken
  • #2963 Specific dashboard filters cause crash of the dashboard
  • #2960 Deleted trigger still processed by the notification engine
  • #2959 Filtering of live streams with Detection:Yes
  • #2945 No submit button to modify a note
  • #2942 [Platform] SCO's disappear from the analyst workbench
  • #2941 [Platform] Once a note is created the body can not be edited
  • #2936 Observations/Indicators filtering by Creator
  • #2930 When more than 200 markings exists in the system, user build is failing
  • #2928 [backend] X-TAXII-Date-Added-First/Last response headers are broken
  • #2915 "is_family" is "null" in STIX because of "Is family" is "NOT APPLICABLE" in portal. stxi2-validator will fail if is_family is null
  • #2909 Workbench won't display when this PDF is imported
  • #2908 Workbench File hash indicators disappearing when changing any entity's type
  • #2906 File observables search broken in bulk search
  • #2902 Report/Entities inside creation is not consistent and can lead to several problems
  • #2900 Dashboard number widget must take care of the global filtering dates
  • #2896 The relationship type "contains" is not allowed between StixFile and Url
  • #2894 Details panel not updatable with enforce reference enable on Malware entity
  • #2885 Error when trying to update a Note
  • #2881 [Front] Incorrect Events filters
  • #2878 Memory leak issue due to misuse of the dataloader
  • #2873 [back] Automatic session refresh is broken after redis cluster support
  • #2870 When entering an open vocab, right menu is not highlighted
  • #2856 Delete a vocabulary let the dialog opened (and redirect instead of removing the node from the store)
  • #2845 Organization segregation breaks access to TAXII collections
  • #2844 Entity types settings page broken
  • #2842 FIlter "relatedTo" not take into account the entity types palette
  • #2840 Unknown entities when adding an observed data
  • #2837 link to Location/Sightings
  • #2835 Graph names display after update of some elements
  • #2485 Optimize the query on the screen "Intrusion Set X => Analysis => Graph view"

Pull Requests:

  • [Front] Graph names display after update of some elements (#2835) by @Archidoit in #2836
  • [Front] Refacto Incident component into .tsx pure function by @marieflorescontact in #2805
  • [Front] Enable to modify an observable in a report knowledge space (#1809) by @Archidoit in #2834
  • [Front] Highlighted right menu in deep route for Access and Labels/Attrib...