Skip to content

Version 4.4.0

Compare
Choose a tag to compare
@SamuelHassine SamuelHassine released this 15 Apr 15:35
· 5288 commits to master since this release

Dear community, the major version release OpenCTI 4.4.0 is out ๐Ÿคฏ! We're glad to announce this version not only fixes all currently known bugs but also introduces a lot of important enhancements ๐Ÿ™€.

First of all, the implementation of background / long-running tasks now allow users to take massive actions from the interface such as bulk delete, bulk labeling or modification, etc ๐Ÿš€. These tasks can be monitored and canceled if needed. Also, it's now possible to convert any observable to a STIX indicator and to update any malware attributes in the interface ๐ŸŽ€.

A new tactics matrix visualization has been developed for reports and attack patterns related to a specific threat ๐Ÿงฎ, this will be enhanced and extended in custom dashboards in the future. We've also implemented new platform-related features such as client certificate authentication, audit logs, RabbitMQ over SSL, etc ๐ŸŒ .

Last but not least, some important bugs, especially related to the history of entities and automatic import of file (PDF or STIX), have been fixed. We definitely encourage everyone to upgrade to this version as soon as possible ๐Ÿ™‡๐Ÿฝโ€โ™‚๏ธ. As we you may know, we're working hard on different integrations with SIEM, datalake and EDR systems, which should be included in the next release ๐ŸŽ .

โš ๏ธ The application log level configuration has been modified. Now, if you want to change this level from info to error for example you need to change the app > app_logs > logs_level configuration (for more information, please check the documentation).

Enhancements:

  • #1264 Support for RabbitMQ over SSL
  • #1255 Make Optional - Automatically start connectors when upload a report
  • #1249 Migration to webpack 5
  • #1239 OpenCTI is failing to connect to Amazon MQ/RabbitMQ cluster
  • #1237 Promote observable to indicator
  • #1216 Want to edit the "Details" part of "Malware"
  • #1207 TTPs matrix in all entities (including reports)
  • #1170 Add Client Certificate Authentication
  • #1163 Selectable Date Types in Advanced Search
  • #1144 Creation of a checkbox to select all the info in data curation
  • #1045 Login and administration audit log Activity
  • #986 Top CVE Widget
  • #977 Export Indicators/Observables from Reports
  • #883 TTPs matrix in the product
  • #827 Improve federated SSO authentication
  • #771 Multiple entities selection action (tag / delete ...)
  • #730 select all under data-> data curation
  • #719 Be able to add generic "related-to" relations from knowledge

Bug Fixes:

  • #1259 Critical error in custom dashboards
  • #1254 Bug when add entity in investigation
  • #1251 The user id of UI action is now missing in the stream
  • #1246 Cannot create a X509 Observable
  • #1241 In relationship list view, the First Observed date is not the right one
  • #1238 Functional Error: "Only stix-core-relationhip can be created through this method" when creating "authored-by" relationships
  • #1223 First object added to Report not visible in Knowledge graph