OpenCTI connector is developed using Python3 and the type of connector depends on the Use Case. There are five connector types to choose from based on your Use Cases:
Connector Type | Use Case |
External Import | Integrate external Threat Intelligence Provider or Platform |
Internal Import File | (Bulk) import knowledge from files |
Internal Export File | (Bulk) export knowledge from files |
Internal Enrichment | Enhance existing data with additional knowledge |
Stream | Integrate external Threat Intelligence Provider or Platform |
- # Linting with flake8 contains no errors or warnings
- $ flake8 –ignore=E,W
- # Verify formatting with black
- $ black
OpenCTI uses concept of Nodes and Edges as two entities for Graphical visualization of threats. Nodes to describe an entity and its values like IP address, domain, malware etc. Edges to describe relationship between two entity nodes. Once data is integrated in OpenCTI by analysts, new relations may be inferred from current to facilitate the understanding of information. This allows the analysts to leverage meaningful knowledge on the observables.
The value of OpenCTI integration allows organizations manage data from multiple sources for enhanced threat hunting and detection.
About Loginsoft:
For over 15 years, leading companies in Telecom, Cybersecurity, Healthcare, Finance, New Media and more have come to rely on Loginsoft as a trusted resource for technology talent. Whether Onsite, Offsite, or Offshore, we deliver.
Loginsoft is a leading expert in Integrations with Threat Intelligence Platforms, integrated more than 200+ integrations with Security TIP, SIEM, SOAR and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar, IBM Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency APIs with Digital Exchange Platforms and so on.
Interested to build an integration? Let’s start a conversation.