OpenCTI is an open-source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created to structure, store, organize and visualize technical and non-technical information about cyber threats.
The structuration of the data is performed using a knowledge schema based on the STIX2 standards. It has been designed as a modern web application including a GraphQL API and an UX oriented frontend. Also, OpenCTI can be integrated with other tools and applications such as MISP, TheHive, MITRE ATT&CK, etc.
OpenCTI solves the following challenges:
From a strategic level:
Victimology of an intrusion set of a threat actor over time
Tactics and procedures of a campaign targeting a specific sector
Reusing of legitimate tools in malicious codes families
Campaigns targeting an organization or sector over time
To an operational level:
Observables linked to a specific threat and evolution over time
Clusters of malicious artefacts and enrichment