OpenCTI is an open source platform designed to help organizations manage their Cyber Threat Intelligence (CTI) data and observations.
The platform structures its data using a knowledge schema based on the STIX2 standards. It has a modern web application architecture with a GraphQL API and a user-friendly frontend.
OpenCTI integrates with other tools and applications, including MISP and TheHive, to better serve as a central hub for managing cyber threat intelligence.
The goal is to develop a comprehensive tool that allows users to effectively use technical and non-technical data while ensuring that each piece of information can be traced back to its source. Key features include linking data points, tracking first and last seen data, assessing confidence levels, and more. The tool is integrated with the MITRE ATT&CK framework via a dedicated connector to help structure the data, but users can also incorporate their own datasets.
Once OpenCTI’s analysts have processed and curated the data, the tool can derive new relationships from existing ones, improving the understanding and visualization of the information. This enables users to gain valuable insights and extract meaningful knowledge from the raw data.
Download
OpenCTI is available for free on GitHub. All components are delivered as Docker images and manual installation packages. For production deployment, the developers recommend deploying all components including dependencies in containers using native cloud services or orchestration systems such as Kubernetes.
Must read:
