OpenCTI: Version 4.3.2

CyberPunk Latest Releases

03/29/2021 11:11 am

\U0001f381 Dear community, we are glad to announce that OpenCTI 4.3.2 has been released \U0001f680! It introduces a lot of new features and fixes all currently known bugs \U0001f6e0\ufe0f. In the field of security first of all, this version includes the native TLS certificate handling and a completely reworked authentication mechanism (and sessions timeout) \U0001f6e1\ufe0f.

About bugs, we’ve fixed 2 important bugs, one about all the overall full text search \U0001f50e, which was not pretty accurate until now and one other concerning the sectors/organizations/countries/regions de-duplication \u2705. We advise you to upgrade and reset the state of the OpenCTI datasets connector to force a new import which will de-duplicate everything and fix all entities \u2728.

Last but not least, the graph capacities have been enhanced \U0001f9ec, whether in reports or within the brand new workspaces which allow users to conduct investigations and pivots on all knowledge stored in the platform \U0001f64b\u200d\u2640\ufe0f. It’s now possible to disable forces or filter the nodes/edges using a timeline slider \U0001f62f.

Enhancements:

#1206 Display a time range selection in graphs
#1198 Add Basic Auth for TAXII API
#1196 [api] Implement session timeout (default 20 minutes) – Change authentication
#1190 Ability to disable/enable the forces in the Knowledge graph
#1188 Adding killchain phase to indicator creation
#1160 Unable to change confidence level on entities other than a report
#1080 A way to control which users can create/modify labels
#1024 Attack patterns layouts
#1209 Automatically start connectors when upload a report
#550 Direct support of HTTPS instead of using a proxy
#529 Malicious levels of observables (ie. VirusTotal) must impact indicators
#21 Implement the investigation graph with workspaces