Version 6.0.6

Enhancements:

• #6170 Ability to create observables/indicators from observabel/indicator when select all in the context of a container is not possible
• #5696 Enforce input validation against schema for patching object attributes

Bug Fixes:

• #6322 Take into account empty last seen in the playbook rule
• #6315 When upserting an entity, name should also change
• #6313 Critical bug in subscribers / instance trigger
• #6296 Icon size in dashboard choice (on home)
• #6294 Max confidence level in user disabled field
• #6293 In activity tab, the relation history is not working anymore
• #6291 Creation of created-by relatiohship is not protected to target only identity
• #6290 Login Display Issues
• #6288 'Add' icon bad alignement in forms fields
• #6283 Mass selection with the shift key does not work on Incident
• #6282 Missing "System" objects when trying to update incident author
• #6274 I can't create indicators within a report at once.
• #6264 Labels are clickable in horizontal bars (home dashboard) and should not be
• #6261 Mutation icon not always well displayed in Activity
• #6112 Cannot add TTP directly from matrix

Pull Requests:

• [frontend] fix content mapping view by @frapuks in #6159
• [frontend] Improve Simplified Chinese translations by @satan1a in #6277
• [frontend] add System in author update via background task (#6282) by @Archidoit in #6286
• [frontend] harmonise the size of dashboard icons (#6296) by @frapuks in #6300
• [backend] extend our vitest config for easier dev process by @labo-flg in #5796
• [backend] validate elUpdateElement input value against schema before indexing (#5696) by @labo-flg in #6046
• Update dependency convert to v5 by @renovate in #6234
• [frontend] fix bulk indicators generation (#6274) by @Archidoit in #6306
• [frontend] horizontal bars representing labels should not be clickable by @Archidoit in #6289
• [frontend] dont disable when value > limit (#6294) by @frapuks in #6299
• [frontend] Fix instance triggers subscription (#6313) by @SouadHadjiat in #6317
• [frontend] mutation icon appears in activity (#6261) by @CelineSebe in #6301
• [frontend] Fix cannot add TTP directly from matrix (#6112) by @SarahBocognano in #6272
• [frontend] Fix mass selection with the shift key in incidents container (#6283) by @CelineSebe in #6331
• [backend]Verify createdBy type on malware creation (#6291) by @aHenryJard in #6309
• [backend] Fix createdBy validation on SDO edit (#6291) by @SouadHadjiat in #6332
• [frontend] fix history filters in activity tab (#6293) by @marieflorescontact in #6305

New Contributors:

• @satan1a made their first contribution in #6277

Full Changelog: 6.0.5...6.0.6

Version 6.0.5

Enhancements:

• #6267 [Playbook] Imporve the "Promote observable to indicator" component

Bug Fixes:

• #6268 Bulk deletion with the "select all" button deletes entities it shouldn't
• #6266 [Playbook] "Promote observable to indicator" component doesn't work
• #6265 Regression on enrichment button in multiple SDOs
• #6260 Bad behavior on top search bar

Pull Requests:

• [frontend] Do not submit on blur if the search value has not changed by @jpkha in #6262
• [backend] Generate observables/indicators for all objects in bundle (#6266) by @SouadHadjiat in #6271
• [frontend] fix entity type filter right bar in containers (#6268) by @Archidoit in #6269

Full Changelog: 6.0.4...6.0.5

Version 6.0.4

Enhancements:

• #6253 Improve hub/children synchronization pattern

Bug Fixes:

• #6257 [backend] Merge failure when merging complex multiple object
• #6244 Error when accessing the public feeds page
• #6210 Button askAI in plain text field and HTML field is not well positionned
• #6134 Top bar elements clump if the screen has not appropriate width

Pull Requests:

• Update dependency monocart-reporter to v2.4.0 by @renovate in #6236
• Update dependency react-cookie to v7.1.0 by @renovate in #6239
• Update dependency express to v4.18.3 by @renovate in #6240
• Update dependency graphql-scalars to v1.22.5 by @renovate in #6241
• consistent uppercase CSV + change 5MB labels to 1 MB as it should be by @yassine-ouaamou in #6243
• Update dependency express-rate-limit to v7.2.0 by @renovate in #6245
• Update typescript-eslint monorepo to v7.1.0 by @renovate in #6246
• Update dependency esbuild to v0.20.1 by @renovate in #6247
• Update dependency @types/react to v18.2.61 by @renovate in #6250
• Update dependency @emotion/react to v11.11.4 by @renovate in #6248
• Update dependency @types/ramda to v0.29.11 by @renovate in #6249
• Update dependency csv-parse to v5.5.5 by @renovate in #6251
• Update dependency js-base64 to v3.7.7 by @renovate in #6252
• [backend] Improve hub/children synchronization pattern (#6253) by @SamuelHassine in #6254
• Update dependency nodemailer to v6.9.11 by @renovate in #6255
• Update dependency react-pdf to v7.7.1 by @renovate in #6256

Full Changelog: 6.0.3...6.0.4

Version 6.0.3

Enhancements:

• #6200 Handle complex paths in stix filtering resolution and use it consistently
• #6154 Adding PAP marking definition by default in fresh images

Bug Fixes:

• #6212 Infinite loop still possible in some use case for platform stream sync for files
• #6191 SearchInput is not correctly cleared

Pull Requests:

• [frontend] Clear search input on click clearFilters button by @jpkha in #6209
• [backend] Add path resolution in filtering by @Kedae in #6207
• [frontend/backend] Add PAP at init + fix leftbar by @Kedae in #6160
• Update rabbitmq Docker tag to v3.13 by @renovate in #6205
• Update dependency @mistralai/mistralai to v0.1.3 by @renovate in #6213
• Update dependency apexcharts to v3.46.0 by @renovate in #6215
• Update aws-sdk-js-v3 monorepo - autoclosed by @renovate in #6204
• Update dependency @playwright/test to v1.42.1 by @renovate in #6214
• Update dependency eslint to v8.57.0 by @renovate in #6216
• Update dependency i18n-auto-translation to v1.4.0 by @renovate in #6217
• Update opentelemetry-js monorepo by @renovate in #6218
• Update dependency recharts to v2.12.2 by @renovate in #6230
• Update vitest monorepo to v1.3.1 by @renovate in #6219
• Update Node.js to v20.11.1 by @renovate in #6220
• Update dependency @elastic/elasticsearch to v8.12.2 by @renovate in #6221
• Update docker.elastic.co/kibana/kibana Docker tag to v8.12.2 by @renovate in #6224
• Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.12.2 by @renovate in #6223
• Update material-ui monorepo by @renovate in #6227
• Update dependency @elastic/transport to v8.4.1 by @renovate in #6222
• Update graphqlcodegenerator monorepo by @renovate in #6226
• Update dependency openai to v4.28.4 by @renovate in #6228
• Update dependency react-router-dom-v5-compat to v6.22.2 by @renovate in #6229
• Update dependency vite to v5.1.4 by @renovate in #6231
• Update dependency webpack to v5.90.3 - autoclosed by @renovate in #6232
• Update dependency archiver to v7 by @renovate in #6233
• Update graphql-tools monorepo by @renovate in #6225
• Update dependency eslint-config-airbnb-typescript to v18 - autoclosed by @renovate in #6235

Full Changelog: 6.0.2...6.0.3

Version 6.0.2

Enhancements:

• #3179 Deprecated filters with deleted entities as value

Bug Fixes:

• #6201 Inline creation of SDO in containers breaks UI
• #6198 Update that changes the standard id triggers incorrect notification
• #6197 Select all in Observables tabs's report is not working well
• #6196 Relationship type in entity type in Observable
• #6192 Playbook regression for deleting labels / markings
• #6188 Select ALL now affect to all Data instead of a Page
• #6181 Dashboard exported on 6.0 can't be imported again (invalid version error)
• #6164 Breadcrumbs error on Case
• #6113 Provide feedback on an entity is difficult when you have a big DB
• #6048 Creator changed when accessing an Analyst workbench
• #5991 [Playbooks] Entities linked with inferred relationships missed by "resolve container references" rule

Pull Requests:

• [frontend] fix search input disappears when going back to list by @jpkha in #6161
• [frontend] Fix tooltip issue when adding a filter(#6036) by @CelineSebe in #6162
• [frontend] Fix on perf issue by @Kedae in #6173
• [frontend] fix breadcrumbs (#6164) by @frapuks in #6168
• [backend/frontend] fix creator replaced by user in workbench (#6048) by @marieflorescontact in #6180
• [backend] Fix dashboard import minimal version check (#6181) by @SouadHadjiat in #6184
• [backend] fix filter key 'objects', usable in any sro and sco (#6188) by @labo-flg in #6195
• [frontend] Fix localStorage useless method by @Kedae in #6194
• Fix on instance trigger incorrect message when updating the standard Id by @Kedae in #6199
• [frontend] Fix pagination Options for SDO creation in container by @Kedae in #6202
• Update slack orb to v4.13.1 by @renovate in #6206

Full Changelog: 6.0.1...6.0.2

Version 6.0.1

Bug Fixes:

• #6169 Infinite fetching on low speed connection introduced by triggers update

Full Changelog: 6.0.0...6.0.1

Version 6.0.0

Dear community, after several intense months of work, we're thrilled to announce the release of OpenCTI version 6.0 🥳! This version transforms the OpenCTI platform in so many ways! Let’s dig into it!

Welcome to OpenCTI 6.0, where we're thrilled to introduce the transformative capabilities of Generative AI to elevate your daily analyst workflow! ✨ Now, you can harness the power of Generative AI to assist in crafting textual content, explaining report descriptions, summarizing file contents, and even generating STIX-structured knowledge seamlessly. Whether in our cloud or on-premise, any Enterprise Edition customer can leverage our custom AI endpoint, use its own or integrate with native OpenAI or Mistral AI services using their tokens. 🚀

In this release, we've fully revamped the platform's design, including a modification to the left menu. The former top menu is now integrated into the left menu, simplifying navigation throughout the platform. Additionally, a new breadcrumb feature allows you to effortlessly track your position in the platform, particularly when the left menu is collapsed! 🧭

⚠️ Breaking change in the confidence level system for connectors, feeds, and streams

OpenCTI 6.0 also introduces an important change about the confidence level system. From now on, Users and Groups get a “Max Confidence level” playing the role of a threshold for their capacity to modify existing data. Fine-tune users' impact on your meticulously crafted Knowledge base by managing these max confidence levels. External Connectors, Feeds, and Streams now use the max confidence level of their associated user, making ACL in OpenCTI nearly limitless! 🛡️ Please read carefully the dedicated blog post about this breaking change! 👁️‍🗨️

Indicator Lifecycle management is paramount in CTI teams, and we're excited to introduce a decay algorithm to enhance the existing score and revoking system. Create your decay rules, depreciate indicator scores over time based on their main observable type, lifetime, acceleration factor, and define crucial scores to trigger reactions! 🔃 We value your feedback to further improve this feature! 🤝

Another addition with the 6.0 is the CSV feed ingester! You can now automatically ingest data from URL-exposed CSV files! Like with uploaded CSV files, build a CSV mapper, link it to your new CSV Feed, and it’s done! 🪄 Talking about CSV Mappers, multiple improvements have been shipped into OpenCTI 6.0, and it is now possible to define default values in a mapper, to ingest incomplete CSV files!

Amid these groundbreaking features, extensive improvements have been made, particularly in filters! The new UI is now deployed almost everywhere in the platform! 💅 But more importantly, you can now filter on any object's attributes on lists and dashboards! 🎉 Of course, the system takes into account the context of the view you are navigating on. Improvement on the filtering system also comes with new operators! “In regards of” allows you to filter Objects based on their relationship with a specific Entity. “Contains” and “Search” allow you to operate any filtering you want on short and long texts!

On the connectors side, the Recorded Future connector has been improved even further, now handling the import of Malwares and Threat Actors into OpenCTI! Some work has also been done on Greynoise, Shodan, and Malbeacon enrichment connectors to make them compatible with our automation playbooks. 🤖

Last but not least, the complete documentation for OpenCTI is now accessible at docs.opencti.io! 📘 Feel free to refer to it for assistance, and remember, we're always available in the Community Slack for any questions or support!

⚠️ Other breaking changes:

• NetworkTraffic src and dst creation attribute have been renamed to networkSrc and networkDst. Python client is not impacted but if you use your own GraphQL queries, it will required some changes.

⚠️ This release includes a security fix, we advise all organizations to upgrade their platform as soon as possible.

Enhancements:

• #6102 Allow to bypass engine version validation for AWS default compatibility mode
• #6099 Handle revoked input for Indicators without valid_until date
• #6042 [backend] Organization sharing behavior change for upsert and enrichment
• #5973 Implement fuzzy search (approximative search) in the platform
• #5858 Implement support of GenAI APIs in the platform
• #5807 Rework email templates for notifications
• #5805 Design upgrade for major release
• #5759 Make sure confidence level is always between 0 and 100
• #5033 Ability to filter on Organization the data is shared with
• #5032 Filter Refactoring Follow Up
• #4944 Improve error messaging on ImportCSV
• #4940 Add a "contains" / "do not contains" operator in new filter
• #3426 Add OpenID Proxy configuration capability
• #3406 Add a new version of platform / workers images OpenSSL FIPS 140
• #4939 Be able to filter on every properties with new filters
• #4932 Add an optional default value for an attribute that is missing mapping value from a file
• #4931 Align Nested Object panel with other in the platform
• #4806 Map with CSV mapper a file containing columns sha1, sha256, md5, sha-512
• #3585 In filters, be able to used all possible vocabularies / the current user
• #3470 Organizations types to be in the vocabularies
• #3426 Add OpenID Proxy configuration capability
• #3154 Expand name in "progress works panel"
• #2859 Decay settings for Indicators scores
• #2248 Remove the default search wildcard and check the behaviour in Elastic
• #1989 OpenCTI frontend test suite
• #4569 Implement Ingestion CSV Feeds (like TAXII, RSS, etc.) using mappers

Bug Fixes:

• #6137 [frontend] Green background color with white text doesn’t seem visible enough
• #6121 The ImportDocument connector doesn't work when importing document from a "Data" tab
• #6117 In Settings => Activity => Config, groups are red when selecting
• #6109 TTP names are replaced by ID in some screens
• #6108 Infinite upload when two platforms synchronize on each other
• #6104 Creating a user with a group is bypassing default group belonging
• #6094 [Playbooks] Incorrect score filter
• #6093 Relationships created though inference rules must have the confidence of the Rule Manager user
• #6089 Widget number always display 0 when asking to count relationships "contains"
• #6087 Trigger filters not aligned
• #6075 Creating a Report with an associated file gives an error
• #6070 Having Network Traffic observable with a dst ref makes the observable listing crash
• #6068 Based on relationship should inherit markings & restrictions when created from Indicators or observables
• #6065 [filters] 'sighted in/at' relationship type filter not working in widgets
• #6056 Worker error when importing Network-Traffic object with nested properties
• #6052 No error message when attempting to create an artifact without file
• #6043 Updating Description of multiple objects at once doesn't work
• #6037 Entity settings display edit default value input even if attribute has "editDefault" false
• [#5996](https://github.com/OpenCTI-Plat...

Version 5.12.33

Bug Fixes:

• #6083 In some rare cases, streaming dependencies is not working

Full Changelog: 5.12.32...5.12.33

Version 5.12.32

Bug Fixes:

• #6003 SAML attributes mapping including groups / roles mapping is not working
• #5983 [Data segregation / Admin organization] Incomplete cleaning of org administrators
• #5982 [Data segregation / Admin organization] I can't modify Group of user
• #5981 [Data segregation / Admin organization] "User" panel in Setting doesn't work
• #5980 [Data segregation / Admin organization] Administration buggy if right "manage marking"
• #5960 [Data segregation] "Sharing with the organization" not applied to contained entities as previously
• #5848 User can't access authors list to edit entity
• #5835 Default marking are not cleaned when marking is deleted, leading to full crashed platform
• #5822 File indexing blocked

Full Changelog: 5.12.31...5.12.32

Version 5.12.31

Bug Fixes:

• #5957 Worker is still pinging too much the API and Elastic queries