OpenCTI – The open source solution for processing and sharing threat intelligence knowledge

The OpenCTI project (Open Cyber Threat Intelligence) is a platform meant for processing and sharing knowledge for cyber threat intelligence purposes. It has been developed by the French national cybersecurity agency (ANSSI) along with the CERT-EU (Computer Emergency Response Team of the European Union). It was initially designed to develop and facilitate ANSSI’s interactions with its partners. Today, the platform has been fully released in open source and made available to the entire cyber threat intelligence community, in order to allow the actors to structure, store, organize, visualize and share their knowledge.

In order to fulfill its missions as the French national authority for cybersecurity and cyber defense, ANSSI daily expands and shares its knowledge and analysis on strategic, operational and technical aspects of cyber threats. This expertise is central in helping ANSSI to anticipate major threats and risks and better respond to them. Thus, to be effectively leveraged, this amount of information has to be structured and properly processed.

OpenCTI – a platform for structuring, processing and sharing knowledge

OpenCTI logo

The OpenCTI project started in September 2018. It was developed by ANSSI along with the CERT-EU to answer a common need for an adequate solution to structure, store, organize, visualize and share cyber threat intelligence on various levels.

ANSSI not only leverages this knowledge to properly fulfill its cyber defense missions, but also shares it with its partners (such as CSIRTs and other cybersecurity agencies) on both the national and the international levels.

On the long term, the widespread use of the OpenCTI platform by ANSSI and its partners will help develop and facilitate the exchange of structured knowledge on cyber threats, in order to build a collective and increasingly accurate vision of these threats.


Collectively developing a tool answering every need and every use case for cyber threat intelligence

Although ANSSI mainly shares its knowledge on cyber threats with approved partners, both the Agency and CERT-EU wished to share the OpenCTI platform with the whole cyber threat intelligence community and present a tool compliant with threat intelligence standards and able to answer to a global need to structure cyber threat knowledge.
This is why ANSSI today releases this tool in open source*, allowing every interested organization or individual to install and use the platform to the full extent of its capabilities.

By publishing the source code of OpenCTI, ANSSI and the CERT-EU also invite every contributor to the project to help the tool evolve and keep it close as possible to operational requirements. This will allow the project to strive on the long-term and to be always adapted to the cyber threat intelligence community’s needs.

The project will be maintained on the long-term by ANSSI and CERT-EU as well as with all the contributors who will wish to partake in the OpenCTI journey.

To find the source code to develop and use OpenCTI

To learn more about the project, see the dedicated documentation

*under a general public licence GNU Affero v3