ANSSI becomes a founding member of the Luatix non-profit to support the OpenCTI project

The French National Agency for the Security of Information Systems (ANSSI) has been actively developping the OpenCTI platform since its beginning, in cooperation with the CERT-EU. This tool is used for integrating, storing, managing and sharing cyber threat intelligence (CTI). Its source code has been publicly released and the project is now managed by the Luatix non-profit organisation, which was created for this purpose. ANSSI officially joins the governing board of Luatix in order to keep supporting the development of the project.
Logo OpenCTI

OpenCTI is a tool for integrating, storing, organising, visualising and sharing cyber threat intelligence (CTI) and knowledge.

The tool was initially designed and developed internally at ANSSI to help store and structure ANSSI’s knowledge on cyber threats. OpenCTI was open-sourced to benefit the cybersecurity community.

OpenCTI has been specifically developped using open-source technologies and standards, in order to make it accessible to all entities and facilitate information sharing between ANSSI and its partners.

Official website of the project:

Source code repository:

Full documentation for OpenCTI:

Demonstration instance of OpenCTI (with demonstration data from public sources):

ANSSI becomes a founding member of the Luatix non-profit

Luatix is a French non-profit organisation, which has been created in March 2020 and whose goal it to conduct research and development projects in cybersecurity and crisis management. Today, Luatix maintains and develops the OpenCTI public project. With its open-source, community-based approach and its features, OpenCTI has been greeted with interest and enthousiasm from the cyber security community and has today been downloaded round 100,00 times.

As a founding member of Luatix, ANSSI is strengthening its involvment in the projects conducted by Luatix and aims at contributing further to:

  • Luatix’s governance;
  • the roadmaps of the projects;
  • the coordination with other entities on the OpenCTI project;
  • the development of new features and the integration with other tools;
  • events and actions organised to animate the OpenCTI community of users.

ANSSI’s contribution to OpenCTI and the release of its doctrine of use are the newest additions to ANSSI’s regular publications sharing its knowledge and experience in cyber threat intelligence and analysis.

To learn more about Luatix:

ANSSI has also contributed to the first webinar introducing OpenCTI to the community. In this video, you can find out how several organisations, including ANSSI, use OpenCTI on a daily basis.

ANSSI releases its doctrine of use of OpenCTI

ANSSI - Doctrine OpenCTI - v1.0 - couverture

Today, ANSSI also publishes it doctrine of use of OpenCTI. This document presents why and how the CTI team at ANSSI integrates data in OpenCTI.

This doctrine has been released in order to help entities and people interested in the platform understand how OpenCTI can be leveraged to integrate and enrich information and to investigate and export knowledge. The following models are implemented by ANSSI’s CTI team today and help maintaining the consistency of the database. This kind of framework help not only analysts in integrating data in the platform, but also users in understanding what they are visualising.

This document is not an official guideline or standard for using OpenCTI or for storing and enriching CTI knowledge in general, but presents one of the possibilities.

This document is published as of today, but will be adapted as new versions of OpenCTI are released.

ANSSI – Doctrine OpenCTI – v1.0

A new version of OpenCTI has been published!

The 15th of December 2020, Luatix, ANSSI and the CERT-EU announced the release of OpenCTI version 4. This new version brings us closer to fulfilling several goals for the project and answers many requirements made by the community.

OpenCTI V4 has the following caracteristics:

  • the data schema has been redesigned for more clarity and to bring it as close as possible to the STIX 2.1 standard;
  • the performances and scalability of the ingestion process have been greatly improved;
  • real time synchronisation of several OpenCTI platforms and live feeds are now possible;
  • the technology stack has been simplified;
  • several new connectors for data import and management have also been released.

This new version is a major step in the continuous improvement of OpenCTI, which aims at keeping the platform the closest from the needs of entities and people using it for cyber threat intelligence and analysis.

To learn more about OpenCTI V4 :