Jason Franscisco
OpenCTI is an open source threat intelligence platform developed by Filigran in collaboration with French national cybersecurity agency (ANSSI), CERT-EU and Luatix. Organizations can manage threat intelligence knowledge and observables such as TTPs structuring data in STIX2, store, organize and visualize cyber threats. This product is available on GitHub.
Developing a Connector OpenCTI connector is developed using Python3 and the type of connector depends on the Use Case. There are five connector types to choose from based on your Use Cases:
The connector should pass the following criteria for the community to use:
Data Model OpenCTI uses concept of Nodes and Edges as two entities for Graphical visualization of threats. Nodes to describe an entity and its values like IP address, domain, malware etc. Edges to describe relationship between two entity nodes. Once data is integrated in OpenCTI by analysts, new relations may be inferred from current to facilitate the understanding of information. This allows the analysts to leverage meaningful knowledge on the observables.
The value of OpenCTI integration allows organizations manage data from multiple sources for enhanced threat hunting and detection.
Explore Cybersecurity Platforms
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros.
For over 16 years, leading companies in Telecom, Cybersecurity, Healthcare, Banking, New Media and more have come to rely on Loginsoft as a trusted resource for technology talent. Whether Onsite, Offsite, or Offshore, we deliver.
Loginsoft is a leading Cybersecurity services company providing Security Advisory Research to generate metadata for vulnerabilities in Open source components, Discovering ZeroDay Vulnerabilities, Developing Vulnerability Detection signatures using MITRE OVAL Language.
Expertise in Integrations with Threat Intelligence and Security Products, integrated more than 200+ integrations with leading TIP, SIEM, SOAR and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar, IBM Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency APIs with Digital Exchange Platforms, CISCO, Datadog, Symantec, Carbonblack, F5, Fortinet and so on.
Interested to learn more? Let’s start a conversation.
IN-HOUSE EXPERTISE
Get practical solutions to real-world challenges, straight from experts who conquered them.
View all our articles
