OpenCTI is a tool for integrating, storing, organising, visualising and sharing cyber threat intelligence (CTI) and knowledge.
The tool was initially designed and developed internally at ANSSI to help store and structure ANSSI’s knowledge on cyber threats. OpenCTI was open-sourced to benefit the cybersecurity community.
OpenCTI has been specifically developped using open-source technologies and standards, in order to make it accessible to all entities and facilitate information sharing between ANSSI and its partners.
Official website of the project: https://www.opencti.io/en/
Source code repository: https://github.com/OpenCTI-Platform/opencti/releases
Full documentation for OpenCTI: https://www.notion.so/OpenCTI-Public-Knowledge-Base-d411e5e477734c59887dad3649f20518
Demonstration instance of OpenCTI (with demonstration data from public sources): https://demo.opencti.io/dashboard
Luatix is a French non-profit organisation, which has been created in March 2020 and whose goal it to conduct research and development projects in cybersecurity and crisis management. Today, Luatix maintains and develops the OpenCTI public project. With its open-source, community-based approach and its features, OpenCTI has been greeted with interest and enthousiasm from the cyber security community and has today been downloaded round 100,00 times.
As a founding member of Luatix, ANSSI is strengthening its involvment in the projects conducted by Luatix and aims at contributing further to:
ANSSI’s contribution to OpenCTI and the release of its doctrine of use are the newest additions to ANSSI’s regular publications sharing its knowledge and experience in cyber threat intelligence and analysis.
To learn more about Luatix: https://www.luatix.org/en/
ANSSI has also contributed to the first webinar introducing OpenCTI to the community. In this video, you can find out how several organisations, including ANSSI, use OpenCTI on a daily basis.
Today, ANSSI also publishes it doctrine of use of OpenCTI. This document presents why and how the CTI team at ANSSI integrates data in OpenCTI.
This doctrine has been released in order to help entities and people interested in the platform understand how OpenCTI can be leveraged to integrate and enrich information and to investigate and export knowledge. The following models are implemented by ANSSI’s CTI team today and help maintaining the consistency of the database. This kind of framework help not only analysts in integrating data in the platform, but also users in understanding what they are visualising.
This document is not an official guideline or standard for using OpenCTI or for storing and enriching CTI knowledge in general, but presents one of the possibilities.
This document is published as of today, but will be adapted as new versions of OpenCTI are released.
The 15th of December 2020, Luatix, ANSSI and the CERT-EU announced the release of OpenCTI version 4. This new version brings us closer to fulfilling several goals for the project and answers many requirements made by the community.
OpenCTI V4 has the following caracteristics:
This new version is a major step in the continuous improvement of OpenCTI, which aims at keeping the platform the closest from the needs of entities and people using it for cyber threat intelligence and analysis.
To learn more about OpenCTI V4 : https://medium.com/luatix/your-cyber-threat-intelligence-knowledge-in-a-magic-box-af2cbf7dd4be