OpenCTI Cyber Threat Intelligence Platform

Cyber Threat Intelligence Platform
Cyber Threat Intelligence Platform

OpenCTI- An Open Source Cyber Threat Intelligence Platform.

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.

The structuralist of the data is performed using a knowledge schema based on the STIX2 standards. It has been designed as a modern web application including a GraphQL API and an UX oriented frontend. Also, OpenCTI can be integrated with other resources and applications such as MISP, TheHive, MITRE ATTACK, etc.

Objective

The goal is to create a comprehensive software allowing users to capitalize technical (such as TTPs and observables) and non-technical information (such as suggested attribution, victimlogy etc.) while linking each piece of information to its primary source (a report, a MISP event, etc.), with features such as links between each information, first and last seen dates, levels of confidence etc.

This software suite is able to use the MITRE ATT&CK framework (through a dedicated connector) to help structure the data. The user can also chose to implement its own datasets.

Once data has been capitalized and processed by the analysts within OpenCTI, new relations may be inferred from existing ones to facilitate the understanding and the representation of this information. This allow the user to extract and leverage meaningful knowledge from the raw data.

OpenCTI not only allows imports but also exports of data under different formats (CSV, STIX2 bundles, etc.). Connectors are currently developed to accelerate interactions between the software and other platforms.

Documentation and demonstration

If you want to know more on OpenCTI, you can read the documentation. If you wish to discover how the OpenCTI platform is working, a demonstration instance is available and open to everyone. This instance is reset every night and is based on reference data maintened by the OpenCTI developers.

Releases download

The releases are available on the Github releases page. You can also access to the rolling release package generated from the mater branch of the repository.

Installation

All you need to install the OpenCTI platform can be found in the official documentation.

For installation, you can:

  • Use Docker (recommended)
  • Install manually

Architecture of the application
The OpenCTI platform relies on several external databases and services in order to work.

Download OpenCTI 

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

Tags from the story
,
More from Priyanshu Sahay

Metasploit Framework 5.0 Has Released With New Features

Metasploit Framework 5.0 has released. Metasploit 5.0 brings many new features, including...
Read More

Leave a Reply