Releases: OpenCTI-Platform/opencti
Version 6.3.5
Enhancements:
- #8536 [Backend] Add SAML option to get email from attribute
- #7255 [Investigation]: Change the "representation" key used in an investigation for an observable of type "File"
- #4864 Enhance retention policy deletion performances / speed
Bug Fixes:
- #8568 Not enough margin top in entity => history (search bar hidden)
- #8520 Indicator valid_until field is not displayed in list view
- #8514 Different font styles in correlated reports list
- #8445 English grammar errors in the toggle labels for the "Update a group" panel
- #8433 [Dashboards] Can't modify dashboards settings even in admin (bypass all cap)
- #8316 Infinite load is broken in container add entity
- #8273 Right menu in security is not correctly highlighted when entering roles / users / groups
- #8249 Update Observable header has wrong color
- #8174 Multiple issues in markdown content files
- #8050 Group members are inconsistent and can lead to mistakes on managing RBAC
- #7634 Cannot search by hashes in knowledge graph
- #7043 User can merge entities without the full visibility of entities merged
- #6656 Autocomplete in filters return odd results
Pull Requests:
- Update docker.elastic.co/kibana/kibana Docker tag to v8.15.2 by @renovate in #8543
- Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.15.2 by @renovate in #8542
- [backend] store enum filters values in constants by @Archidoit in #8436
- Update dependency @types/ramda to v0.30.2 by @renovate in #8532
- Update dependency @types/node to v20.16.10 by @renovate in #8531
- Update dependency http-proxy-middleware to v3.0.2 by @renovate in #8526
- Update dependency jsdom to v24.1.3 by @renovate in #8527
- Update dependency vite to v5.4.8 by @renovate in #8540
- Update dependency express to v4.21.0 by @renovate in #8476
- [frontend] Allow middle-mouse button to click on DataTable (#8394) by @Kedae in #8464
- [frontend] remove valid_until column in indicators list (#8520) by @labo-flg in #8521
- [frontend] correlated reports policies size (#8514) by @Archidoit in #8555
- [frontend] Fix right menu in security not being correctly highlighted when entering roles, users, or groups. (#8273) by @CelineSebe in #8567
- Update dependency html-to-pdfmake to v2.5.13 by @renovate in #8525
- [frontend] Group members are inconsistent and can lead to mistakes on managing RBAC (#8050) by @SarahBocognano in #8098
- [frontend] Fix margin (#8568) by @Kedae in #8573
- [frontend] Change the "representation" key used in an investigation for an observable of type "File" (#7634) by @Gwendoline-FAVRE-FELIX in #8504
- [Backend] Add SAML option to get email from attribute (#8536) by @richard-julien in #8537
- [frontend] fixed header colors (#8249) by @stefan1anuby in #8277
- [frontend] Add pop up warning when activate organization segregation (#8284) by @marieflorescontact in #8586
- [frontend] English grammar errors in the toggle labels for the "Update a group" panel (#8445) by @SarahBocognano in #8595
- [backend/frontend] Dashboard selection fix + some widget alignment (#8433) by @Kedae in #8590
- [backend/frontend] Implementation of sensitive configuration protection (#8284) by @aHenryJard in #8509
- [frontend] Improve PDF handling in Content (#8174) by @Kedae in #8593
- [frontend] Trial for color in DangerZone (#8284) by @Kedae in #8603
- [Backend] Enhance retention policy deletion performances / speed (#4864) by @richard-julien in #8569
- [frontend] fix danger zone display in capabilities (#8284) by @labo-flg in #8609
Full Changelog: 6.3.4...6.3.5
Version 6.3.4
Bug Fixes:
- #7477 OpenCTI fails to detect successfully authenticated OpenID Connect SSO via ADFS
- #8512 [livestream] update and removal are not done anymore on destination
- #7925 OIDC logout remote not working
- #8451 [Export] Inconsistency in the number of exported entities
- #8515 [RSS feed] Author set in ingester not applied
- #8265 Worbench creation pop-up freezes if workbench of same name already exists
- #8440 Can't remove latitude and longitude of locations in UI
Pull Requests:
- Bump rollup from 4.21.3 to 4.22.4 in /opencti-platform/opencti-graphql by @dependabot in #8461
- Bump rollup from 4.21.0 to 4.22.4 in /opencti-platform/opencti-front by @dependabot in #8462
- [frontend] enable latitude and longitude removing from UI (#8440) by @Archidoit in #8450
- Left Nav Menu Changes by @Bonsai8863 in #8137
- [frontend] fixed workbench creation pop-up in case of error (#8265) by @stefan1anuby in #8285
- [frontend] Need to refresh the page to see the new attack patterns added in Techniques / Attack Patterns (#8516) by @Gwendoline-FAVRE-FELIX in #8517
- Update dependency react-intl to v6.7.0 by @renovate in #8503
- Update dependency pdfmake to v0.2.13 by @renovate in #8474
- Update aws-sdk-js-v3 monorepo to v3.658.1 by @renovate in #8475
- Update dependency nodemailer to v6.9.15 by @renovate in #8473
- Update dependency axios to v1.7.7 by @renovate in #8471
- Update dependency antlr4 to v4.13.2 by @renovate in #8470
- Update dependency @playwright/test to v1.47.2 by @renovate in #8355
- [backend] Add remote logout_remote value to openId options (#7766) by @aHenryJard in #8466
- [dev] Add a profile to run opensearch locally by @aHenryJard in #8397
- [backend] Fix the detection and usage of dedicated headers by @richard-julien in #8528
- [Backend] Add OpenID Connect SSO support for Microsoft ADFS to get user claims from the id_token by @animedbz16 in #7478
New Contributors:
- @animedbz16 made their first contribution in #7478
Full Changelog: 6.3.3...6.3.4
Version 6.2.19
Bug Fixes:
- #8512 [livestream] update and removal are not done anymore on destination
Full Changelog: 6.2.18...6.2.19
Version 6.3.3
Bug Fixes:
- #8451 In global search, the "local" search field should not be displayed (and is not working currently)
- #8443 Breadcrumb is too high / spacing incorrect
- #8435 Search bar too high in Customization
- #8424 MITRE ATT&CK ordering is not applied in the matrix view
- #8421 Export button is missing in the global search
- #8419 Playbook position is raising errors float versus int
- #8414 [Activity log - Filter] Missing value in Activity log filters
- #8407 User unable to export filtered indicators
- #8401 Double scrollbars in custom dashboards
- #8396 Table pagination counter should be rounded to first digit
- #8394 CTRL-Click is no longer possible on entity tables
- #8393 Bug/Regression - Bulk edition of status not possible
- #8280 Loader in knowledge graph should be position at center vertically, not at the top
- #8274 Missing breadcrumb in multiple entities/objects overview
- #8241 There are 'Exports lists' in another report (OBSERVABLES in report)
- #8240 Settings panels not aligned
- #8162 Search in "Correlation view" is not working
- #7921 [Dashboard] Date displayed as non-human readable format (timestamp)
- #7226 Created field not present but required for CSV Mapper
Pull Requests:
- [frontend] Fix ctrl+click on DataTable (#8394) by @Kedae in #8402
- [backend] Fix orga sharing tests (#4538) by @marieflorescontact in #8404
- [frontend] Fix number of elements (#8396) by @Kedae in #8406
- Bump vite from 5.4.1 to 5.4.6 in /opencti-platform/opencti-graphql by @dependabot in #8392
- Bump vite from 5.2.8 to 5.2.14 in /opencti-platform/opencti-front by @dependabot in #8390
- Update dependency vite to v5.4.6 [SECURITY] by @renovate in #8391
- [frontend] Fix search in Containers Correlation view (#8162) by @Archidoit in #8382
- [frontend] Observables exports list of containers should be independant (#8241) by @Archidoit in #8309
- [backend] display created field for csv mapper (#7226) by @frapuks in #7966
- [front] add missing breadcrumb in multiple entites (#8274) by @CelineSebe in #8377
- [platform] Prepare new branch pre-release by @Kedae in #8412
- [front] add missing breadcrumbs in customization+ fix(#8274) by @CelineSebe in #8420
- [frontend] added missing exportContext in global search (#8421) by @JeremyCloarec in #8423
- Update body-parser to 1.20.3 for transitive dependencies by @aHenryJard in #8331
- [frontend] deleted 2nd scrollbar from dashboard-details-page (#8401) by @stefan1anuby in #8408
- [frontend] center loader (#8280) by @frapuks in #8386
- [front] fix date format (timestamp) in horizontal bars widget (#7921) by @CelineSebe in #8032
- [frontend] Bulk edition of status regression fix (#8393) by @Archidoit in #8400
- [frontend] Fix attack patterns matrix columns sorting by score (#8424) by @SouadHadjiat in #8431
- [backend] add 'unauthorized' in event scope filter values (#8414) by @Archidoit in #8417
- [frontend] enhancing the settings panels layout (#8240) by @CelineSebe in #8437
- [backend] change the way restricted entities are built (#8407) by @JeremyCloarec in #8441
- [frontend] Alignment fixes (#8443) (#8435) by @Kedae in #8444
New Contributors:
- @stefan1anuby made their first contribution in #8408
Full Changelog: 6.3.1...6.3.3
Version 6.3.1
Bug Fixes:
- #8395 In some very rare cases when a bundle is too large, sending to the queue can end up with "Blocked connection timeout expired.".
Full Changelog: 6.3.0...6.3.1
Version 6.3.0
Dear community, we're excited to announce the launch of OpenCTI 6.3! 🥳
This released has been focused on solving well known pains 🎯 :
- providing more control & clarity to admins related to the ingestion process
- improve application usability by making it easier to ingest
- manipulate data and initiating work toward vulnerability management.
Clarity & control over the ingestion process is a must. Hence the introduction of our feature Integrated feeds Ingestion 🧠*.* More and more of you are ingesting data via “integrated” feeds (TAXII, RSS, CSV), and we've worked to give you greater visibility over the data ingestion flow by representing these feeds in the form of a dedicated connector and by allocating dedicated RabbitMQ queues per ingestion configurations in place of common queues (see our depreciation announcements).
Thanks to this enhancement, you'll be able to identify bottlenecks more quickly and gain real-time insights into your data ingestion flow. 💡
Following up on this pain of providing more control to admins over the ingestion, we have introduced a new capability: bypass custom mandatory fields.
The problem is that your connectors providing you data do no always have a a specific field that you want your analyst to provide, which results in failing the creation of entity. ❌ As a result, thanks to this new capability, you will be able to enforce this custom mandatory attribute only for specific groups of users (your analysts), while allowing others (your connectors) to be able to create data without a specific field. 🔥
As mentioned in introduction, we focused on usability. This is why we introduced a new feature: bulk creation 🥇
- Bulk Creation of Entities: For entities that only require a single field, you can now copy and paste a list directly into the platform. This allows for the instant creation of multiple entities at once, eliminating the need for repetitive, step-by-step creation processes.
- Bulk Creation of Relations: In addition, we’ve added the ability to create relationships in bulk, even for entities that don’t yet exist in the platform. This powerful feature, adapted from our Analyst Workbench’s "add context" functionality, streamlines the process of building connections between entities.
Together, these features are designed to save you time and enhance your productivity, enabling you to focus on more critical tasks.
Improving app usability means better identification of the data that matters to you 💡
Every organization has unique data needs, even within different entities of the same company. To meet this, we introduce the new Custom Overview per Entity Type feature.
This allows users to customize each entity’s layout, selecting key information "blocks" to prioritize and adjust their size. It makes it easier to quickly spot and focus on critical data.
Usability also comes from having similar functionalities in similar screens across the app.
First of all, we have introduced List views for Threat Actors, Intrusion Sets, Campaigns & Malware, on the top of the existing card view 🪪. This will tremendously help the management of these entities without the need to go in data/entities to manage them.
Massive operations have also been added to all Arsenal entities (Malware, Channels, Tools, Vulnerability), Narratives and Attack Patterns! In this way, the consistency of operations across the application is greatly enhanced.
Last but not least, you will notice one last update that has been heavily worked in order to improve our application usability: New data tables 🎉
When upgrading to our new version, you’ll notice that data table look different: we have upgraded them. As a result, you’ll notice that:
- the table will introduce proper pagination (size of each page can be defined) in order to improve loading.
- another long awaited improvement is the ability to resize each columns in order to view long names or values. This would make the usability of our app way better. 🚀
- Additionally, when clicking on one of the columns title, you’ll enable a quick filter: efficiency is key when dealing with loads of data. ❤️🩹
- Behind the scenes, this new technology reduce our technical debt and enable future use cases that we can’t wait to develop!
As some of you may be aware, we would like to make easier the vulnerability management process in OpenCTI.
The first step to achieve this goal was to extend our Vulnerability model to support EPSS and CISA KEV attributes. Support of these two information were highly requested by the community🔥. Regarding EPSS, an enrichment connector to fill the data has been created too, see below.
Having these fields was not enough, we also added the ability to use them (like other vulnerability fields) in playbook components to help you build your own vulnerability decision tree 🪄.
While files and workbenches are essential, they can contribute to performance issues over time, since documents are piling up in the platform. ❌
Retention Rules for Files and Workbenches: We’ve added configurable retention rules, which are not set by default but can be easily customized. For example, you can implement a one-year policy to automatically delete any file or workbench created over a year ago. This helps prevent outdated data from accumulating and improves overall platform performance. 💯
Administrators have also been heard with an additional feature, or rather a UX improvement. To ease management of dashboard we have also introduce a new tab in the dashboard menu, to be able to view only the public dashboards as list without needing to enter in each dashboard to view the corresponding dashboards.
In terms of integrations, lots of effort has been put to deliver new connectors & improvements of existing connectors.
We already announced it on slack, but during this release, we delivered a new Splunk app 🔥, aiming to:
- seamlessly ingest indicators through an OpenCTI live stream.
- Instantly trigger actions in response to alerts and investigate them directly within OpenCTI.
With the OpenCTI Add-on for Splunk, you can leverage comprehensive threat information, improving your ability to detect and respond to security incidents more effectively. More info can be found on : https://splunkbase.splunk.com/app/7485.
To provide more support to our community, we completely refactored the Qradar connector to become an official Filigran support connector. This means that we will be able to provide support on this connector if a bug arise. The refactor has also fixed some known bugs, which are listed in the below list of issues.
Being open source also means ensuring that everybody has the capacity to contribute to our codebase. However, in the past, our readmes & guidelines to contribute in our connector repository were not up to date. We’ve made some effort to update it so that all the documentation is up to date, allowing everybody to bring their own contribution more easily 💪!
As mentioned earlier, we have worked towards helping analysts to perform vulnerability management with OpenCTI. To cater this need, we built an enrichment connector to provide values for EPSS 🤘This connector integrates with the organisation “FIRST” API, aiming to retrieve EPSS values about a specific vulnerability. This enrichment connector is of course playbook compatible 🚀
Some connectors have also been reworked (namely Sekoia, Crowdstrike, Mandiant, AlienVault, Recorded Future, CISA KEV) to support our new scheduling and auto-pausing feature that will pause your connector when its queue gets full.
You’ll see in these connectors new variables "duration_period" & "queue_threshold" that you need to define to enable these features. More details can be found in the respective connector pages.
We also improved the Mandiant connector by providing an option to import aliases of malwares & improve campaigns import. Campaigns import improvement provide more details regarding TTPs (labels, relation with intrusion sets, start & stop time & addition of description). In essence, we’ve made sure that we import as much data as we can.
To list them all, here are all the new connectors delivered in the milestone: Jira, Infloblox, Cisco SMA, Group IB, Cofense. The detailed list of connectors & improvement is available here: ****https://github.com/OpenCTI-Platform/connectors/releases?page=1
On a finish note, we would like to thank you for your contributions 🙏 to our product, that helps making our product better: shmztk, Bonsai8863, Fhwang0926, ParamConstructor, VerboseCat, WolfByttner, brett-fitz, mmolenda, Mathieu4141, annoyingapt, DNRRomero, DinkoReversingLabs, pietrocapece, sari3l, bradchiappetta, debelyoo, uTomasAnderson, leitosama, XGREENi3, sudesh0sudesh, cert-orangecyberdefense, cmandich, obideuce, sda06407, Obdam, piolug93, daemitus, polakovicp, julienloizelet, khalidelborai, Renizmy, curiouspython1!
Of course, a huge thank you to all for your contributions 🥇
We hope this release will please you! Feel free to drop us a note about anything. We’re always happy to get feedback about our product usage, whether it’s to hear that everything works perfectly or to get some improvement ideas to.
Depreciation announcements
The RabbitMQ “push_sync...
Version 6.2.18
Bug Fixes:
- #8129 User overview light theme hidden entities tiles
- #8116 [CSV Mapper] When having error, "Create" button is disabled
- #7964 Bulk Search - inconsistent results involving HashedObservable objects
- #7793 TAXII2 pagination incorrectly sets more to false if MAX_TAXII_PAGINATION > ES_DEFAULT_PAGINATION
- #7623 [Bulk search] The column ordering doesn't work
- #6758 [Workbench] Campaign object unrecognized in relationships
Full Changelog: 6.2.17...6.2.18
Version 6.2.17
Bug Fixes:
- #8205 app.base_path configuration is not working anymore (default empty works fine)
- #8011 When a user is administrator of an organization, he should be able to manage the users of this organization (enable / disable)
- #7651 Unable to scroll a large markdown content file in preview mode
Full Changelog: 6.2.16...6.2.17
Version 6.2.16
Bug Fixes:
- #8182 Order of kill chain phases are lost after dataset is updated
- #8150 [Retention policy] Entities are not deleted
- #8013 Error when creating a user in my organisation as an organisation administrator
- #7951 Float values are not exported on csv
Full Changelog: 6.2.15...6.2.16
Version 6.2.15
Bug Fixes:
- #8134 UI Bug: Limited File Display and Missing Scrollbar in File Upload & Import Interfaces
- #8124 Rule engine list view is crashing (out of memory)
- #8122 When editing a user administrator of an organization, error is raised
- #8113 [UI] "Distribution of opinions" is not fully displayed
- #8053 [Taxonomies] Problem adding aliases to open vocab
- #7885 History is not correct when you impact the score with a background task
- #7682 Changing "Organizations" in a user make the page full re-render and close the drawer
- #7656 Manipulating organizations in the user edit panel is very slow / triggering errors
- #7559 Diamond model captures scroll action for zooming rather than page scrolling
Pull Requests:
- [backend] Fix migration timestamp (#6509) by @lndrtrbn in #8112
- [backend] Fix UI issue when changing organization in a user (#7682) by @CelineSebe in #8054
- Update vitest monorepo to v2 (major) by @renovate in #8111
- Update dependency uuid to v10 by @renovate in #8110
- Update dependency @testing-library/react to v16 by @renovate in #8107
- Update dependency tap to v21 by @renovate in #8109
- [backend] History is not correct when you impact the score with a background task (#7885) by @ValentinBouzinFiligran in #8118
- [frontend] roll back apexcharts to 3.51.0 (#8124) by @labo-flg in #8126
- [backend/frontend] enable custom overview layout for most entities (#6724) by @labo-flg in #8010
- [frontend] display alias value in place of alias label in form field (#8053) by @frapuks in #8130
- [frontend] allow transparent background Radar option (#8113) by @frapuks in #8136
- [frontend] Diamond view : disable zoom on scroll (#7559) by @lndrtrbn in #8056
Full Changelog: 6.2.14...6.2.15