Threat Intelligence Connector for OpenCTI Cyber Threat Intelligence Platform

Threat Intelligence Connector for OpenCTI Cyber Threat Intelligence Platform

December 2, 2022
Profile Icon

Jason Franscisco

OpenCTI is an open source threat intelligence platform developed by Filigran in collaboration with French national cybersecurity agency (ANSSI), CERT-EU and Luatix. Organizations can manage threat intelligence knowledge and observables such as TTPs structuring data in STIX2, store, organize and visualize cyber threats. This product is available on GitHub.


Developing a Connector OpenCTI connector is developed using Python3 and the type of connector depends on the Use Case. There are five connector types to choose from based on your Use Cases:

Connector Type Use Case
External Import Integrate external Threat Intelligence Provider or Platform
Internal Import File (Bulk) import knowledge from files
Internal Export File (Bulk) export knowledge from files
Internal Enrichment Enhance existing data with additional knowledge
Stream Integrate external Threat Intelligence Provider or Platform

The connector should pass the following criteria for the community to use:

  • # Linting with flake8 contains no errors or warnings
  • $ flake8 –ignore=E,W
  • # Verify formatting with black
  • $ black

Data Model OpenCTI uses concept of Nodes and Edges as two entities for Graphical visualization of threats. Nodes to describe an entity and its values like IP address, domain, malware etc. Edges to describe relationship between two entity nodes. Once data is integrated in OpenCTI by analysts, new relations may be inferred from current to facilitate the understanding of information. This allows the analysts to leverage meaningful knowledge on the observables.

The value of OpenCTI integration allows organizations manage data from multiple sources for enhanced threat hunting and detection.

Explore Cybersecurity Platforms

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros.

Learn more
white arrow pointing top right

About Loginsoft

For over 16 years, leading companies in Telecom, Cybersecurity, Healthcare, Banking, New Media and more have come to rely on Loginsoft as a trusted resource for technology talent. Whether Onsite, Offsite, or Offshore, we deliver.

Loginsoft is a leading Cybersecurity services company providing Security Advisory Research to generate metadata for vulnerabilities in Open source components, Discovering ZeroDay Vulnerabilities, Developing Vulnerability Detection signatures using MITRE OVAL Language.

Expertise in Integrations with Threat Intelligence and Security Products, integrated more than 200+ integrations with leading TIP, SIEM, SOAR and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar, IBM Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency APIs with Digital Exchange Platforms, CISCO, Datadog, Symantec, Carbonblack, F5, Fortinet and so on.

Interested to learn more? Let’s start a conversation.

Book a meeting


Latest Articles

Get practical solutions to real-world challenges, straight from experts who conquered them.

View all our articles

Sign up to our Newsletter