OpenCTI is an open-source platform designed to help organizations manage their cyber threat intelligence (CTI) data and observables.
The platform structures its data using a knowledge schema built on the STIX2 standards. It features a modern web application architecture with a GraphQL API and a user-friendly front end.
OpenCTI integrates with other tools and applications, such as MISP and TheHive, among others, enhancing its capability to serve as a central hub for cyber threat intelligence management.
The objective is to develop a comprehensive tool that enables users to effectively capitalize on technical and non-technical data while ensuring that every piece of information is traceable back to its source. Key features include interlinking data points, tracking first and last-seen dates, assessing confidence levels, and more. The tool is integrated with the MITRE ATT&CK framework via a dedicated connector to assist in structuring the data, though users can also incorporate their datasets.
Once analysts within OpenCTI have processed and curated the data, the tool can infer new relationships from the existing ones, enhancing the understanding and visualization of the information. This empowers users to extract valuable insights and leverage meaningful knowledge from the raw data.
Download
OpenCTI is available for free on GitHub. All components are shipped as Docker images and manual installation packages. For a production deployment, the developers recommend deploying all components in containers, including dependencies, using native cloud services or orchestration systems such as Kubernetes.
Must read: