OpenCTI is an open source threat intelligence platform developed by Filigran in collaboration with French national cybersecurity agency (ANSSI), CERT-EU and Luatix. Organizations can manage threat intelligence knowledge and observables such as TTPs structuring data in STIX2, store, organize and visualize cyber threats. This product is available on GitHub.
Developing a Connector OpenCTI connector is developed using Python3 and the type of connector depends on the Use Case. There are five connector types to choose from based on your Use Cases:
Connector Type Use Case
External Import Integrate external Threat Intelligence Provider or Platform
Internal Import File (Bulk) import knowledge from files
Internal Export File (Bulk) export knowledge from files
Internal Enrichment Enhance existing data with additional knowledge
Stream Integrate external Threat Intelligence Provider or Platform
The connector should pass the following criteria for the community to use:
  • # Linting with flake8 contains no errors or warnings
  • $ flake8 –ignore=E,W
  • # Verify formatting with black
  • $ black
Data Model OpenCTI uses concept of Nodes and Edges as two entities for Graphical visualization of threats. Nodes to describe an entity and its values like IP address, domain, malware etc. Edges to describe relationship between two entity nodes. Once data is integrated in OpenCTI by analysts, new relations may be inferred from current to facilitate the understanding of information. This allows the analysts to leverage meaningful knowledge on the observables.

The value of OpenCTI integration allows organizations manage data from multiple sources for enhanced threat hunting and detection.

About Loginsoft:

For over 15 years, leading companies in Telecom, Cybersecurity, Healthcare, Finance, New Media and more have come to rely on Loginsoft as a trusted resource for technology talent. Whether Onsite, Offsite, or Offshore, we deliver.

Loginsoft is a leading expert in Integrations with Threat Intelligence Platforms, integrated more than 200+ integrations with Security TIP, SIEM, SOAR and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar, IBM Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency APIs with Digital Exchange Platforms and so on.

Interested to build an integration? Let’s start a conversation.

Connect Now