Version 5.2.4

Dear community, OpenCTI version 5.2.4 is out 🤯! This is a minor version which fixes a few bugs for TAXII 2 root endpoint and UI screens. We have also solved the regression on missing SROs 💪.

Enhancements:

• #2004 Reintroduce custom MITRE and OpenCTI SROs
• #1980 Lowercase hashes at creation

Bug Fixes:

• #2002 TAXII Root port "undefined" displayed
• #2000 [5.2.3] Entering numeric text in date filter breaks ui
• #1999 Retention policy filters not working well (must re-open to add a new filter)

Pull Requests:

• Reintroduce MITRE and OpenCTI custom SROs by @nor3th in #2005

Full Changelog: 5.2.3...5.2.4

Version 5.2.3

Dear community, OpenCTI 5.2.3 has been released 🥳! This is a hotfix for a few minor bugs, especially the edition of relationship confidence level and some user experience enhancement 🚀.

Enhancements:

• #1573 Implement missing STIX relationships

Bug Fixes:

• #1988 UX enhancements
• #1985 Relationship resolves-to for domain-name not possible
• #1986 Cannot edit SRO confidence level

Full Changelog: 5.2.2...5.2.3

Version 5.2.2

Dear community, OpenCTI 5.2.2 has been released 🎁! We are happy to announce that this version fixes all the known bugs in the OpenCTI platform repository 🤯.

First of all, we have greatly enhanced the performances of the graph visualization in reports, with a lower resources consumption in the browser 🚀. Then multiple issues have been resolved on the connectors side, especially MISP, VirusTotal, PDF Export, CSV Export and SEKOIA.IO ⚔️. Finally, some authentication strategies and the overall user experience in the platform (TTPs matrix, knowledge overview, etc.) have been enhanced 💡.

Stay tuned for next major milestones: STIX 2.1 extensions and case management are on the way as well as automated correlation for multiple use cases and a bunch of new connectors 🪄!

Enhancements:

• #1976 Improve implemented STIX 2.1 relationships
• #1975 Publish deletions by default in the live streams
• #1967 Enhance observable knowledge page (margin and others stuff)
• #1961 Add Splunk SPL as an Indicator Pattern Type
• #1957 One should not be able to delete a very important entity by mistake
• #1946 Improve openID provider to allow default scopes
• #1858 Delete / remove from report massive entities

Bug Fixes:

• #1978 LdapStrategy not working after upgrading OpenCTI 5.1.4-> 5.2.1
• #1972 LDAP authentication broken since usage of esbuild 5.2.0+
• #1971 Confidence level type error
• #1968 Login via AD/LDAP
• #1965 Fix search field in rule management
• #1964 Creating Search Entity and Create new do not work
• #1960 Error creating a report where confidence is changed from the default value
• #1959 Error when creating an external reference in events
• #1956 Rendering of the entire website when rendering PDF content of analysis in version 5.2.1 under subpath
• #1955 Dashboard distributions widget doesn't handle correctly TLP restrictions
• #1953 Slash in URL may prevent searching
• #1951 Export observables in report (CSV) not working
• #1949 Courses Of Action view broken under Malwares > Knowledge > Attack Patterns
• #1937 Error when rendering PDF in the content section of Analysis in version 5.1.4
• #1822 Plateform considerably slowed down while trying to display big reports

Pull Requests:

• [frontend] Fix mui tooltip composition issue in ExportButtons (#1949) by @tmlamb in #1954
• [api] Improve implemented STIX 2.1 relationships (#1976) by @nor3th in #1803

New Contributors:

• @tmlamb made their first contribution in #1954

Full Changelog: 5.2.1...5.2.2

Version 5.2.1

Bug Fixes:

• #1940 Local docker build failing
• #1939 Change express default timeout to help ingest big reports
• #1938 Error when update from 5.1.4 to 5.2.0

Full Changelog: 5.2.0...5.2.1

Version 5.2.0

Dear community, we are very happy to announce that OpenCTI 5.2.0 has been released 🥳! This new version is mostly linked to the full upgrade of all platform underlying dependencies 🤯. As OpenCTI is a growing ecosystem, it is so important we can deliver our roadmap while keeping our key commitment to provide a modern platform using latest technologies and seamless user experience 💎.

By introducing a new build system, some TypeScript and all up-to-date libraries, we've also prepared ourselves to deliver more quickly all the features expected for the coming year 🚀, especially around STIX Schema extension, custom ontologies, case management and more connectors 🎁. Also, a huge work around a new correlation engine will begin in a few months!

This version includes full refresh of both dark and light themes (fully customizable), as well as new charts over the entire platform 🌈. Some important bugs have been fixed on single sign on features and a few management screens ⚙️. Also, fuzzy hashing will not lead to hash collision anymore. Some connectors such as MISP, RiskIQ and Shodan have been updated to fix some minor bugs when creating relationships or indicators 😎.

For the moment, the HTML enriched-text editor has been removed. It will be re-introduced in the next releases.

Enhancements:

• #1931 Create additional permission to manage who can dynamically create new Report types, Malware parameters, TA parameters, etc
• #1925 OpenCTI dark mode and label color
• #1924 Be abble to click on the Knowledges timelines
• #1916 Add option wantAssertionsSigned in the SAML configuration
• #1913 Creation of a campaign with an accurate first_seen timestamp
• #1911 OpenID Configuration not applying
• #1900 Creation of an attack pattern without description
• #1895 Introduce typescript in graphQL API
• #1891 Upgrade graphql API dependencies to latest graphql implementation
• #1886 Change report types management to be only based on database values
• #1883 Add configuration option for certificate passphrase
• #1882 Elasticsearch SSL CA configuration meaning changed in 5.1.2, but didn't get documented
• #1874 Update of field description in a resolves-to relationship is not possible
• #1594 Bump Material UI
• #1260 Misunderstanding in targeted countries (3 last months)

Bug Fixes:

• #1923 widget area/vertical bar x-axis issue
• #1910 Errors when sending email subscription but no information of the problem are provided
• #1908 Reference creation fails
• #1899 listEntitiesByHashes should not look for fuzzy algorithm to prevent unwanted merging
• #1897 Update Notion Links in Documentation
• #1884 Creating multiples resolves-to between a domain and an ip raises a cyclic relationship error
• #1881 Export to PDF doesn't work in "Global Kill Chain" under Knowledge of Intrusion set
• #1879 GraphQL Pagination Query cursors not working
• #1828 Error Updating Author
• #1807 Descriptions modifications are sometimes not taken into account

Pull Requests:

• Change report types management to be only based on database values #1886 by @richard-julien in #1887
• Graphql api dependencies upgrade by @richard-julien in #1890
• Typescript api introduction by @richard-julien in #1894
• djds/dev by @djds in #1907
• Update the key of the Rust programming language by @guys1444 in #1920

New Contributors:

• @guys1444 made their first contribution in #1920

Full Changelog: 5.1.4...5.2.0

Version 5.1.4

Dear community, OpenCTI version 5.1.4 has been released 🚀! This is the last minor version before we start to work on new features and enhancements planned in 2022 🤓. This milestone includes multiple bugfixes and performance improvements 💪! We have finally managed to dynamically load the latest ElasticSearch / OpenSearch clients by detecting automatically which one is used on the backend side 💡.

Also, multiple connectors have been fixed, including MISP, RiskIQ (@axelfahy), TAXII 2 and Elastic Security 🎊. One new connector for VirusTotal download has been added by @YungBinary. Finally, we have introduced a new button in the connectors overview page to give administrators the capability to purge all stale works to release the pressure on Redis keys 🧹. Don't hesitate to use it especially if you have stalled enrichment jobs 🪛.

It's now the time to prepare a global bump in platform features and user experience, with new charts and graphs, lighter user interface and more seamless experience when pivoting between the data, among an overall theme enhancement and a lot of new features ✈️.

Enhancements:

• #1875 Separate ElasticSearch / OpenSearch library loading (and bump)
• #1846 Migration and button to purge all stale works in connectors
• #1819 OPENID CONNECT : Add possibility to retrieve first name and last name
• #1651 Chinese translation

Bug Fixes:

• #1853 Bug when creating and deleting a relationship
• #1852 Change the status of a campaign
• #1843 Does not exit properly from main process when handles SIGTERM
• #1834 Adding External Reference to File object (possibly other SCOs), while creating that object, results in Error
• #1832 Stream closed when too many dependencies exists for the resolved element
• #1821 Notes : not possible to scroll down + not visible selection of related objects
• #1818 Cyclic relationship between domain-name and ipv4-addr
• #1816 Issues with the label&attributes tab parameter : cannot create label from the parameters, cannot manage attributes and cannot scroll
• #1802 Bugs with the display of some types of relations
• #1801 Error message when suppressing a relation between two entites in the knowledge graph of report
• #1800 File download url can lead to platform shutdown if user is not authenticated

Pull Requests:

• add Chinese translation in Localization.js by @little-roach in #1827
• [worker] Implement dynamic timeout in thread dispatch loop by @ckane in #1797
• [frontend] Fix Analysis Correlation Graph edge creation by @ckane in #1798
• [api] Introduce dynamic client selection between elastic and opensearch by @richard-julien in #1878

New Contributors:

• @little-roach made their first contribution in #1827

Full Changelog: 5.1.3...5.1.4

Version 5.1.3

🎄Christmas release! 🎄

Dear community, OpenCTI 5.1.3 has been released 🎁! This version includes a dozen bugfixes and important enhancements. First of all, a lot of organizations in the community have reported performances issues in general and especially when importing reports which contain a huge amount of entities or observables 👾. This can lead to RabbitMQ timeout, Queues do not decrease or Overall low worker throughput. OpenCTI 5.1.3 fixes this issue and brings a bump in the OpenCTI performances 🚀.

Also, multiple new connectors are available in this version 🎉, and we would like to thank @YungBinary and @stevie-codes for their contributions 🙏. As always, the OpenCTI ecosystem page has been updated to reference all new integrations available in the OpenCTI platform 🆕.

Last but not least, bugs have been fixed in both user interface and API, whether related to mass operations including filters, base URL rewrite or automatic enrichment of all entities 💪. Next major releases are coming!

Breaking changes

Please note that the platform UI settings "Base URL" has been removed in favor of the base_url file configuration. This setting was only used for generating correct URL in emails of the Subscriptions & digests feature. For users using this feature, please setup the base_url configuration of your config file or use the APP__BASE_URL environment variable.

Enhancements:

• #1772 Improve ingestion speed for massive reports
• #1754 Add capability to support multiple OpenID Connect strategy providers

Bug Fixes:

• #1795 [Report][Entities] Remove entity in successful list still shows tick in Add Entities popup
• #1793 URLs are rewritten with an additional / when using a reverse proxy
• #1791 Enable bulk changes when objects are selected using "Select all" feature
• #1790 No labels on dashboard with functional date
• #1782 The first seen and last seen attribute aren't saved in intrusion set page
• #1780 Observables Display Error in Timeline
• #1777 Vertical ultra vires attack
• #1774 SDO enrichment is unable to initiate automatically
• #1773 Adjust English language calendar to have accurate dates

Full Changelog: 5.1.2...5.1.3

Version 5.1.2

OpenCTI 5.1.2 has been released 🥳! This version contains bug fixes for Python client, connectors and core platform (CVE connector, marking definition creation, etc.). It also allows indicators to be filtered using the revoked attribute 🔨.

Enhancements:

• #1768 Add a revoked filter everywhere
• #1732 Create a feature to write a freetext as a .txt file for import

Bug Fixes:

• #1767 History CSS alignment
• #1763 Create a new mark definition
• #1760 Filters are not taking in account when exporting indicators related to a malware
• #1759 Observed data bug
• #1752 Error when adding observable without hashes

Pull Requests:

• [doc] Fixed typos in CONTRIBUTING.md by @HugooB in #1753

Full Changelog: 5.1.1...5.1.2

Version 5.1.1

Dear community, OpenCTI 5.1.1 has been released 🚀! This version hotfixes a few bugs which could prevent some organizations to use OpenCTI specific features. Some bug fixes for Python library and connectors are also included 🥳.

Bug Fixes:

• #1749 hashMergeValidation failed in some conditions
• #1748 Infinite redirect with some user roles in dashboard
• #1751 [Import-document] Demo instance 5.1.0 importing report shows no entities

Full Changelog: 5.1.0...5.1.1

Version 5.1.0

🎉 DING DING!! 🎉

Dear community, we are very happy to announce OpenCTI 5.1.0 has been released 🚀! This new version will provide all OpenCTI users with many bugfixes and long-awaited new features 🎁. Also, we would like to thank all contributors and testers who contributed to this new achievement 🙏🏻.

First of all, OpenCTI 5.1.0 introduces a proper retention management and garbage collector system 🗑️. It is now possible to create new retention policies based on multiple filters (entity types, attribute values, etc.) directly in the settings workbench ⚙️. In addition, we have re-worked hashes management in the platform. New mechanisms to merge/upsert existing hashes and avoid inconsistencies have been introduced so hashes management in OpenCTI in now 100% consistent with no possible duplicates or mistakes anymore 🪄.

Moreover, when importing data whether manually or through connectors, it is now possible to use the parameter validate_before_import to leverage the new STIX 2.1 bundle pre-validation feature 🗄️. Before the actual ingestion, analyst can now select/unselect entities and relationships which will be created in the context of an entity or globally. All connectors are compatible with this new parameter and examples of this usage are available in ImportDocument and ImportFileStix 💡.

Furthermore, a lot of organizations using OpenCTI have faced search latency issues, in dedicated areas or autocomplete fields such as authors or labels 🔎. We have finally managed to solve this issue and to increase by 20 the overall search performances 🚄. In all list screens, the search keyword is now taken into account when requesting an export along with the current filters of the page 🥳.

All graphs views have been enhanced and will be reworked in the future to increase display performances and user experience ⛓️. Also, two new optional global parameters have been introduced (app:enforce_references and app:reference_attachment) to enforce the usage of external references (and associated files) when creating/modifying entities and relationships (for intelligence deep analysis teams who need to "source" everything) 🖼️.

A new rule is also available in the Rule manager settings for part-of relationships and as requested since a long time, users can now customize their home dashboard with a custom dashboards created in the workspaces workbench ✨.

Last but not least, it is important for us to highlight the amazing job done by @YungBinary and @axelfahy on developing and maintaining new connectors 💝. OpenCTI 5.1.0 provides the community with lot of new integrations: RiskIQ, IVRE Network scanner, CAPE sandbox, Cuckoo sandbox, VirusTotal livehunting, Intezer, Hatching Triage, UnpacMe, etc.This brings a true added value for the OpenCTI ecosystem 🦄.

Please note that the connector ImportReport is now named ImportDocument (Docker and archives names have been changed accordingly). Also, this connector can now be used with contextual: false (not only in a report) and also with auto: true (using validate_before_import to avoid any problems).

Stay tuned for next steps 😉

Enhancements:

• #1740 Bug in victimology graph in dashboard section
• #1736 External reference of entities could not be updated
• #1722 Welcome dashboard functional date
• #1709 Change the location of the reference error message
• #1708 Freetext box to import txt files
• #1707 Be able to create references when assigning
• #1706 Attachment required for created external reference
• #1677 In graph display all filters should be selected by default
• #1676 Add Basic and bearer authentication session validation
• #1672 Modify the login page Logo to integrate custom logo
• #1670 Have de version number of the OpenCTI instance displayed somewhere visible in all the platform
• #1746 Add a capability to bypass mandatory references
• #1663 Missing menus in knowledge display for some types of objects (arsenal and entities)
• #1662 Missing an inference rule for "part-of"
• #1661 Search Query Latency Issue (Identities, ...)
• #1659 Automatically clear research fields when changing pages
• #1644 Custom dashboard settings
• #1627 Inferences in V5 : multiple same case displayed
• #1549 Minor spelling mistake in some relationship error messages
• #1533 [FEATURE] Flatten File Observables on all hash types
• #1518 When promoting file Observable to Indicator, include all hashes in the Indicator
• #1504 Handle search box filtering in bulk actions
• #1463 Add column of report status in Intrusion-Set, Threat-Actor and Campaign
• #1431 Add events to the "Timeline" view
• #1385 Notes : include in timelines
• #1353 Improve handling of duplicate objects with different parameters (most notably, File objects)
• #1228 Introduce a garbage collector on revoked entities and old observables (with customizable settings)
• #881 Link between victim and attacker IP addresses
• #810 Select/unselect IoC to import
• #135 Provide STIX2 Validation on import with notification

Bug Fixes:

• #1726 Taxii2 root doesn't have the required 'title' field
• #1723 No title report in External References Tab
• #1721 'yarn clean:relations' script SyntaxError: Invalid or unexpected token
• #1720 Bug when alias is added
• #1719 Consist-of, STIX documentation
• #1716 System Identity type produces invalid standard_id
• #1705 Observed-data is Unknown in Investigation menu
• #1704 Disappearance of a direct relationship after creation
• #1702 Bug when modifying a campaign
• #1693 "Individual" entities can create a relationship with themselves
• #1691 resolves-to relationship between two domain-names
• #1690 OpenCTI API temporary unavailability during a Stix export of Observables can trigger again the export or let it displayed in running state
• #1689 Error when clicking on "value" column for observables
• #1684 Creation "plus" button hidden by map (display bug)
• #1678 Some relations (nested) not taken into account in graph view of all analysis
• #1673 Disrespectancies in date display for inferences relations
• #1671 Backward jump of the graph while zooming (because of late refresh of the page ?)
• #1658 Research field for linking together entities is not working properly
• #1656 Problem with marking filtering in the investigation space
• #1653 An irrelevant response with unauthenticated GraphQL requests
• #1634 Indicator : "valid until" not correctly filled
• #1632 Exports of knowledge graphs: the image is automatically zoomed out when captured (light th...