Version 6.6.3

Bug Fixes:

• #10577 Add participants in RFI is broken
• #10559 fix(deps): update dependency @opensearch-project/opensearch to v3
• #10554 [Draft] The search crashes in the Draft menu
• #10534 Error on the diamond screen in infrastructure
• #10523 Import stix file in draft: number of element expected doubled from actual count.
• #10518 Bulk search result panel is broken
• #9690 Missing "uses" relationship when linking incident with TTP
• #9263 Missing button to generate Observables in container
• #8021 Removing indicator score causes invalid decay history entry, crash indicator view
• #7208 When having 2 relations with the same type between the 2 entities, deleting the first one leads to purge _rel

Pull Requests:

• [frontend] Fix bulk search result panel (#10518) by @SouadHadjiat in #10532
• [backend] fix clean up of denormalized rel if multiple rel of same type exists (#7208) by @JeremyCloarec in #10549
• [frontend] Missing button to generate Observables in container (#9263) by @SarahBocognano in #9302
• [frontend] removing an indicator score from the UI should not be possible (#8021) by @Archidoit in #10501
• [backend] fix draft search (#10554) by @JeremyCloarec in #10575
• [frontend] fix Diamond tab in Observations > Infrastructure by @CelineSebe in #10562
• [frontend] fix entity type when creating relationship from attack pattern matrix (#9690) by @CelineSebe in #10578
• [frontend] Fix missing attribute in CaseRfi fragment (#10577) by @lndrtrbn in #10579
• fix(deps): update dependency moment-timezone to v0.5.48 by @renovate in #10572
• fix(deps): update dependency html-react-parser to v5.2.3 by @renovate in #10567

Full Changelog: 6.6.2...6.6.3

Version 6.6.2

Bug Fixes:

• #10557 Enforce two-factor authentication option prevent connectors to communicate with the platform
• #10536 Exclusion list on file are broken
• #10529 In entities view, no number anymore in the list
• #10257 [Bug] Backend decay test mingles UTC/Z time and "local time" in the date calculations
• #9902 Observable types displayed with technical name in Decay rules
• #9566 In a custom dashboard, the popover is not vertically aligned with title and first form input
• #9403 [Activity log] Missing logs when a user perform a bulk search
• #6715 When an indicator score is set to 1000000, the object does not load properly and the system hangs

Pull Requests:

• [frontend] Trying to get vite running faster (#9869) by @aHenryJard in #9799
• fix(deps): update dependency graphql-ws to v6 by @renovate in #9957
• fix(deps): update dependency recharts to v2.15.2 by @renovate in #10488
• [frontend] Observable types displayed with technical name in Decay rules (#9902) by @Gwendoline-FAVRE-FELIX in #10522
• [frontend] clamp confidence input values between 0 and 100 (#6715) by @delemaf in #9119
• Dev environment: configure rabbitmq max message size by @sbocahu in #10446
• [frontend/backend] Missing logs when a user perform a bulk search (#9403) by @richard-julien in #10539
• fix(deps): update dependency react-intl to v7.1.10 by @renovate in #10542
• fix(deps): update dependency html-to-image to v1.11.13 by @renovate in #10411
• fix(deps): update dependency validator to v13.15.0 by @renovate in #10400
• [frontend] display the number of “Indicators” in the malware knowledge view (#10529) by @CelineSebe in #10546
• [backend] fix handling of hashed observable type in indicator exclusion list check (#10536) by @JeremyCloarec in #10537
• [backend] fix the base time set in decayRule test by @CelineSebe in #10547
• [backend] Enforce two-factor authentication option prevent connectors to communicate with the platform (#10557) by @richard-julien in #10563

Full Changelog: 6.6.1...6.6.2

Version 6.6.1

Bug Fixes:

• #10094 Incomplete search for Observable User Account entities

Full Changelog: 6.6.0...6.6.1

Version 6.6.0

Dear community, we're excited to announce the launch of OpenCTI 6.6.0! 🥳

This release focuses on solving key pain points and unlocking new use cases:

• AI: become an assistant for analysts
• Make import workflow seamless
• Case management: improve filtering capabilities

OpenCTI offers lots of functionalities & various ways to see and collect information. However, sometimes, especially for new users, understand where and how to find the information can be a struggle.

We hope that 6.6 will relieve you from this pain, thanks to the introduction of our new AI functionality: the Natural Language Query powered by Arianne AI 💫. This Entreprise Edition feature allows you, from the top search bar, to ask questions to the platform! Your question will be translated into a set of filters and the corresponding results will be displayed as usual, letting you narrow down your search if needed 🔍.

This capability will fully rely on our filters and solely provide results about entities ⚠️ : as a result, any questions that would lead to filters that do not exists or a combination of filter not available in the app won’t provide you the expected results. In addition, the scope of the questions are restricted to entities. For more information regarding this functionality, please go to the dedicated documentation page https://docs.opencti.io/latest/usage/ask-ai/#assistance-for-finding-specific-entities-natural-language-query.

We are eager to hear your feedback for this functionality which is a first step towards making Arianne AI a real assistant in your daily life on OpenCTI.

Finding intelligence first requires ingesting it into the platform. We have worked hard to be able to revamp our import workflow and introduce two major features: a full rework of the import from files workflow ↖️ and the Draft feature 🎨.

First regarding the import workflow: you are now able to import multiple files at once 💡, and create a single draft out of it. As a result, this should make you win quite some time while gathering all information in a single place for validation purpose.

The second feature that comes along the import is the Draft 🎨. Draft workspaces aims to replace workbenches on the long run.

Basically, Drafts will provide the same capabilities than a workbench: the ability to view what has been extracted from the file & validate it before import. But that is not all: all the functionalities available in the application will also be available within a Draft workspace! For this first release, you will be able to enrich in Draft, apply bulk operation (mass create, edit…)💥. Switching your platform to a Draft “mode” will allow you to still browse your data, manipulate it, without impacting the main database.

You will also be able to convert your existing workbenches to Drafts.

As a result, the new import workflow coupled with the Draft functionality will enable you to better control your ingestion from files, ensuring that only high quality data is ingested for real in your OpenCTI instance.

We are keen to get feedback on this functionality that has required quite some work, therefore, feel free to try out & let us know what you think. More information on: https://docs.opencti.io/latest/usage/draftWorkspaces

We have spent some time to improve features around Case Management. We have introduced two new filters: the “@me” filter 🤝 & the ability to filter on relative date range ⏱️. This way, you will be able to create query like “show me all cases created within the last week” ⏱️. This should improve your operational efficiency.

OpenCTI’s complex and multi-layered ACL allows organizations to implement their own data segregation, each teams having their scope of responsibility, with need-to-know based sharing. This kind of process have impact on collaboration efficiency, and it is not rare that a teamA works on a correlated case handled by teamB without knowing it. Now in OpenCTI, with the Request Access feature (EE) 🧐 teamA is able to request access to the corelated case and thus, with respect to need-to-know basis, collaborate further with teams working already on it. Basically, in the context of a platform configured to segregate data per Organizations, if an entity, having a marking accessible to user exists in the platform, but not shared to the user’s organization, upon manual creation of entity, the user will have the ability to request access to this entity. It will result in a creation of an RFI that only a specific group of user pertaining to the correct organization could approve or reject, providing full control over data to users of the platform. Try it out!

We have also improved the playbooks to be able to filter on any container sub type 🎊 (incident response type, report type, request for information type…). Therefore, you will be able to automate with more granularity the automation of your cases. All together, these filtering capabilities should help you improve the operational efficiency of your teams working on cases.

Filtering has not only be improved in the context of containers, but globally within the application. All entities having a knowledge view can now benefit from a new view, the All view 🔥, which gathers all entities and all relations without any filters at all. This is a known pain point that has been raised since a while, since you were not able to easily see all linked entity with the one you’re looking at. This view will be used to also improve the current diamond model view 💎, since the various views of the diamond model will now redirect to a view All, with some predefined filters matching your view!

Some of your cases, container or even investigations can be huge and difficult to handle by our current front-end graph engine. This is one of the reason we have heavily reworked our graphs within the platform 📈, to ensure we are able to load large graphs. To do so, we have introduced a pagination when loading your graph, avoiding your platform to crash when you attempt to load a large graph. On the top of this, we have also clarified the select & search behavior to find more easily the information you are looking for. Dedicated documentation is available here : https://docs.opencti.io/latest/usage/pivoting/?h=pivoting. This technical rework opens the path to further improvements in our graph with objective to help users perform in-graph intelligence analysis and correlation.

A few other improvements have also been provided:

• Import/Export CSV mappers 💥: this should help you to use them easily (in addition to sharing them among team members) and even troubleshoot CSV issues seamlessly. And, who knows, may be find, soon, ready-to-use CSV feeds and mappers in an online library… 😉
• IOC management 💡 : allow you to update massively through mass operation and in playbooks
• Danger Zone 🚸 : Add reset connector state into danger zone

Regarding connectors and integrations, this milestone brought several new connectors and integrations like:

• VulnCheck
• PAN Cortex XSOAR
• Proofpoint TAP
• Proofpoint ET
• Microsoft Defender Incidents
• Bambenek
• RST WHOIS
• Infoblox
• SentinelOne Incidents
• SentinelOne Intel

Last but not least, we are excited to introduce our new AI-powered import-document 💫 connector. This connector allows Enterprise Edition organizations to feed information from document to OpenCTI, with more extraction capabilities than regular Import Document connector. Go to the readme of the connector to understand how to use it and its scope: https://github.com/OpenCTI-Platform/connectors/tree/master/internal-import-file/import-document-ai

⚠️ Deprecation notes:

Given that the DRAFT feature has been released, Workbench will be deprecated within approximatively 6 months from this release. As a result, we strongly encourage you to have a look at the draft functionality, to try it out, and already highlight us any issue or feature existing in workbench that you do not find in Drafts.

Enhancements:

• #10243 Improve gradient buttons
• #10037 Telemetry technical improvements for cluster mode
• #9952 [Authorized Member]: Enhance Authorized Member feature to support intersection between organizations and groups
• #9805 Internal cache performance improvements
• #9760 Improve the Import Workflow
• #9751 [POC]: Natural Language Query capabilities in OpenCTI
• #9657 Request Access: Notification & Authorized Members
• #9387 Add reset connector state under danger zone
• #9300 [Placeholder] Ensure draft readiness for release
• #9298 Graph Rework step 1: Refactor, Improve loading & add enriching capability
• #9144 [Playbook]: Support for more filtering capabilities to trigger a playbook
• #9128 [Filters]: Dynamic "Me'" Filter
• #8949 [Dissemination]: Ability to disseminate any file type
• #8877 Move basic auth and bearer authentication out of platform sessions
• #8245 Enhance massive operations on Indi...

Version 6.5.11

Bug Fixes:

• #10425 [playbook] use playbook icon in "Last execution traces" panel
• #10338 Some ordering attributes not working in list widgets with OpenSearch
• #10289 [Incidents] Issues in searching for Entities and adding relationships to Incidents
• #10277 Missing file hashes when creating indicator with a stix pattern
• #10214 [Victimology] When searching for an entity in the panel the page crash
• #10186 Page crashes when conducting a search in the Knowledge tab
• #10156 Error when searching for an org in Victimology of a Channel
• #9841 Exclusion List: Restrict upload of "text" file
• #9463 Hovering over the 'Subscribe to Updates' button displays an useless horizontal scrollbar
• #9449 Map container is already initialized error shown in logs when trying to filter entities for creating victimology relationship for intrusion set
• #9243 Subject is undefined on email notification for relationships

Pull Requests:

• chore(deps): update dependency vite to v5.4.15 [security] by @renovate in #10390
• chore(deps): update dependency esbuild to v0.25.1 by @renovate in #10324
• chore(deps): update dependency @types/react to v18.3.20 by @renovate in #10323
• chore(deps): update dependency @types/express to v5.0.1 by @renovate in #10321
• fix(deps): update dependency canonicalize to v2.1.0 by @renovate in #10317
• fix(deps): update dependency @sesamecare-oss/redlock to v1.4.0 by @renovate in #9846
• [cd] prerelease use bastion by @adrienbroyere in #10361
• Bump vite from 5.4.14 to 5.4.15 in /opencti-platform/opencti-graphql by @dependabot in #10389
• Bump vite from 5.4.14 to 5.4.15 in /opencti-platform/opencti-front by @dependabot in #10388
• Bump tar-fs from 2.1.1 to 2.1.2 in /opencti-platform/opencti-front by @dependabot in #10393
• [CI] Add auto label on all PR creation by @aHenryJard in #10385
• [frontend] Workspace Header updated (#9566) by @ValentinBouzinFiligran in #10104
• chore(deps): update quay.io/keycloak/keycloak docker tag to v26.1.4 by @renovate in #10409
• chore(deps): update docker.elastic.co/elasticsearch/elasticsearch docker tag to v8.17.4 by @renovate in #10406
• chore(deps): update docker.elastic.co/kibana/kibana docker tag to v8.17.4 by @renovate in #10407
• chore(deps): update opensearchproject/opensearch-dashboards docker tag to v2.19.1 by @renovate in #10408
• [backend] rename STIX types and converter to STIX-2-1 (#8832) by @marieflorescontact in #10232
• fix(deps): update dependency helmet to v8 by @renovate in #9039
• [backend] add hashes to indicator observable values (#10277) by @JeremyCloarec in #10426
• [frontend] fix an useless horizontal scrollbar when hovering over the 'Subscribe to Updates' button (#9463) by @CelineSebe in #10469
• [backend/frontend] add file type restriction to exclusion lists (#9841) by @JeremyCloarec in #9845
• [frontend] list widgets sortable values according to runtime mapping enabled (#10338) by @Archidoit in #10348
• [frontend] fix crash when using search in knowledge/victimology relationship creation drawer (#9449, #10156, #10214, 10186, #10289) by @lndrtrbn in #10305
• [frontend] playbook execution traces icon (#10425) by @Archidoit in #10455
• fix(deps): update dependency graphql-scalars to v1.24.2 by @renovate in #10487
• fix(deps): update dependency react-grid-layout to v1.5.1 by @renovate in #10413

Full Changelog: 6.5.10...6.5.11

Version 6.5.10

Enhancements:

• #10364 Add new predefined rule in playbook to resolve containers containing an entity
• #6477 Support Azure OpenAI

Bug Fixes:

• #10381 export stix of IOC would export all IOCs of the platform
• #10328 Remove "Import from Hub" button on investigation page
• #10325 Upsert overrides properties with blank fields
• #10298 Indicator scores not updated during upsert
• #10281 Updating my own user when I have a confidence level less than 100 shows error
• #10241 CSV mapper duplicate still linked to the original
• #10208 Relationships still undefined in the email notification
• #10174 Decay algorithm doesn't update the score for revoked Indicators
• #10118 Spacing is not correct in vulnerability overview
• #10033 Content Mapping: Popup dialog is not opened for the main content
• #10008 Export on multiple indicators from knowledge view throws weird error
• #9776 External Reference Search Field Missing Options
• #8763 "Description" filter does not work on inferred relationships

Pull Requests:

• [backend] Update decay score when expiration manager revoke an indicator. (#10174) by @aHenryJard in #10302
• [frontend] Content Mapping: Popup dialog is not opened for the main content (#10033) by @SarahBocognano in #10275
• [frontend] fix the loadQuery update after duplicating a CSV mapper by @CelineSebe in #10279
• chore(deps): update dependency vite-plugin-static-copy to v2.3.0 by @renovate in #10314
• Add generated files from latest commit by @aHenryJard in #10334
• chore(deps): update otel/opentelemetry-collector-contrib docker tag to v0.122.1 by @renovate in #10315
• fix(deps): update fontsource monorepo to v5.2.5 by @renovate in #10319
• chore(deps): update dependency jose to v5.10.0 by @renovate in #10312
• [frontend] Remove "Import from Hub" button on investigation page (#10328) by @Gwendoline-FAVRE-FELIX in #10336
• [frontend] large spacing on vulnerability details (#10118) by @ValentinBouzinFiligran in #10262
• [backend] Relationship representative in email notifications (#10208) by @Archidoit in #10270
• [backend] bypass confidence check when updating individual (#10281) by @JeremyCloarec in #10341
• [backend] upsert indicator score if revoked (#10298) by @SouadHadjiat in #10304
• [backend] now trim inputData to check if element should be upserted (#10325) by @JeremyCloarec in #10337
• [frontend] Spacing of left submenu without icons is incorrect (#10296) by @SarahBocognano in #10332
• [backend] Initial support of Azure OpenAI by @sbocahu in #10180
• [backend] New filter 'is inferred' (#8763) by @Archidoit in #10295
• [frontend] fix export of Indicators in Knowledge tab (#10381) by @lndrtrbn in #10384
• [frontend] fix External reference search field by @CelineSebe in #10372

Full Changelog: 6.5.9...6.5.10

Version 6.5.9

Bug Fixes:

• #10166 Icon column in dissemination list width is not correct
• #10151 Relationship creation between 2 orgs, the options are doubled
• #10099 Error in tasks filter groups details if regardingOf filter
• #10074 Marking definitions lists does not show left icons anymore
• #9945 Missing entity in Report when synchronising 2 platforms
• #9619 [Playbooks] The “Reduce/Filter” and “Match” component output an empty bundle
• #9576 Threat actor group should not be part-of threat ctor individual
• #9157 ELASTICSEARCH__NUMBER_OF_REPLICAS does not update the opencti-core-settings component template
• #7791 [decay] When using Automation Playbooks to change Score, computed score for decay appears unchanged

Pull Requests:

• [frontend] add marking icon in definiton column (#10074) by @marieflorescontact in #10144
• chore: Revert "[ci] update prerelease deployment workflow (#10242)" by @adrienbroyere in #10294
• [backend/frontend] Threat actor group should not be part-of threat actor individual (#9576) by @SarahBocognano in #9649
• [backend] update el core settings when updating indices mappings (#9157) by @JeremyCloarec in #9179
• [frontend] avoid duplicate relationship types in relationship creation form (#10151) by @Archidoit in #10167
• [frontend] regardingOf filter display in tasks details (#10099) by @Archidoit in #10138
• [frontend] Align column content with title in Support package (#9731) by @Gwendoline-FAVRE-FELIX in #10282
• [frontend] Also apply gradient on text for GradientButton (#10243) by @lndrtrbn in #10254

Full Changelog: 6.5.8...6.5.9

Version 6.5.8

No changelog for this release.

Pull Requests:

• [ci] update prerelease deployment workflow by @adrienbroyere in #10242
• [frontend] remove Feature Flag XTM_HUB_INTEGRATION (#10027) by @jbanety in #10261

New Contributors:

• @adrienbroyere made their first contribution in #10242

Full Changelog: 6.5.7...6.5.8

Version 6.5.7

Enhancements:

• #10046 Introduce api protocol for listening connectors

Bug Fixes:

• #10204 Not possible to edit a country after a first edition opening
• #9914 Wrong page title in Security settings

Pull Requests:

• [frontend] feat: Hide XTM Hub CTA button if platform_xtmhub_url variable is empty by @jbanety in #10222
• Bump xml-crypto from 6.0.0 to 6.0.1 in /opencti-platform/opencti-graphql by @dependabot in #10246
• [backend] Introduce api protocol for listening connectors (#10046) by @richard-julien in #10048
• [frontend] fix the ability to edit a country after a first edition opening (#10204) by @CelineSebe in #10239

Full Changelog: 6.5.6...6.5.7

Version 6.5.6

Enhancements:

• #9994 Separate URLs for OpenBAS API and OpenBAS links cannot be configured

Bug Fixes:

• #10201 Live stream consuming can crash when inferences and specific filters are used
• #10178 Need a e2e test to ensure Dashboard widgets keep working well anytime
• #10173 Platform crashes when removing a filter in the knowledge of an indicator
• #10118 Spacing is not correct in vulnerability overview
• #9933 Dashboard unresponsive
• #9171 Adding external references is failing when the user has a lower confidence level than the entity

Pull Requests:

• [backend] Allow OpenBAS API URL to be overriden (#9994) by @rubyroobs in #9995
• Update rjsf monorepo to v5.24.7 by @renovate in #10199
• Update opensearchproject/opensearch Docker tag to v2.19.1 by @renovate in #10198
• Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.17.3 by @renovate in #10197
• Update dependency html-to-pdfmake to v2.5.23 by @renovate in #10196
• [frontend] add e2e test to ensure all dashboards widgets are working correctly (#10178) by @lndrtrbn in #10179
• Update dependency filigran-icon to v0.14.1 by @renovate in #10195
• Update dependency @graphql-codegen/client-preset to v4.7.0 by @renovate in #10194
• Update docker.elastic.co/kibana/kibana Docker tag to v8.17.3 by @renovate in #10189
• [frontend] vulnerability detail grid updated (#10118) by @ValentinBouzinFiligran in #10158
• [backend] Live stream consuming can crash when inferences and specific filters are used (#10201) by @richard-julien in #10202
• Update dependency axios to v1.8.2 [SECURITY] by @renovate in #10212
• Update dependency @ckeditor/ckeditor5-react to v9.5.0 by @renovate in #10019
• [backend] do not check confidence when adding external ref or label (#9171) by @lndrtrbn in #10217
• [frontend] fix URL generation for xtm hub (#10027) by @labo-flg in #10218
• [frontend] fix filters modification in Indicator Knowledge view (#10173) by @Archidoit in #10175

New Contributors:

• @rubyroobs made their first contribution in #9995

Full Changelog: 6.5.5...6.5.6