OpenCTI: Open Cyber Threat Intelligence Platform

OpenCTI

OpenCTI is an open-source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created to structure, store, organize, and visualize technical and non-technical information about cyber threats.

The structuration of the data is performed using a knowledge schema based on STIX2 standards. It has been designed as a modern web application including a GraphQL API and a UX-oriented frontend. Also, OpenCTI can be integrated with other tools and applications such as MISP, TheHive, MITRE ATT&CK, etc.

The goal is to create a comprehensive tool allowing users to capitalize technical (such as TTPs and observables) and non-technical information (such as suggested attribution, victimology, etc.) while linking each piece of information to its primary source (a report, a MISP event, etc.), with features such as links between each information, first and last seen dates, levels of confidence, etc. The tool can use the MITRE ATT&CK framework (through a dedicated connector) to help structure the data. The user can also choose to implement its datasets.

Once data has been capitalized and processed by the analysts within OpenCTI, new relations may be inferred from existing ones to facilitate the understanding and representation of this information. This allows the user to extract and leverage meaningful knowledge from the raw data.

OpenCTI not only allows imports but also exports of data under different formats (CSV, STIX2 bundles, etc.). Connectors are currently developed to accelerate interactions between the tool and other platforms.

Download && Use

Copyright © 2019 OpenCTI