OpenCTI

A new star at the CTI sky…  (Credits to Hugo)

Check out opencti and correlate all your CTI sources at one tool to give you a fine overview.

Knowledge graph

The whole platform relies on a knowledge hypergraph allowing the usage of hyper-entities and hyper-relationships including nested relationships.

Unified and consistent data model

From operational to strategic level, all information are linked through a unifed and consistent data model based on the STIX2 standards.

By-design sourcing of data origin

Every relationships between entities have time-based and space-based attributes and must by sourced by a report with a specific confidence level.

Exploration and correlation

The whole dataset could be explored with analytics and correlation engines including many visualization plugins, MapReduce and Pregel computations.

Automated reasoning

The database engine performs logical inference through deductive reasoning, in order to derive implicit facts and associations in real-time.

Data access management

Full control of data access management using groups with permissions based on granular markings on both entities and relationships.

Have a look at the open demo:

Installation is fairly simple by the use of docker:

$ mkdir /path/to/your/app && cd /path/to/your/app
$ git clone https://github.com/OpenCTI-Platform/opencti.git
$ cd opencti/opencti-docker

vi docker-compose.yml and change the value of APP__SECRET to a random string
$ sysctl -w vm.max_map_count=262144  to adjust elasticsearch
$ docker-compose up

Browse to:  http://localhost:8080 and log in with username admin@opencti.io and password admin