opencti
by OpenCTI-Platform
OpenCTI is an open source platform designed to manage, structure, and visualize cyber threat intelligence data using STIX2 standards.
Open Cyber Threat Intelligence Platform
Primary Use Case
OpenCTI is used by security analysts and organizations to centralize and organize both technical and non-technical cyber threat intelligence, enabling efficient threat hunting and analysis. It facilitates integration with other security tools and frameworks, helping teams to capitalize on threat data and automate intelligence workflows.
- Structuring and storing cyber threat intelligence using STIX2 standards
- Modern web application with a GraphQL API and user-friendly frontend
- Integration with external tools like MISP, TheHive, and MITRE ATT&CK
- Support for both technical (TTPs, observables) and non-technical (attribution, victimology) data
- Data import and export in multiple formats including CSV and STIX2 bundles
- Automated relation inference to enhance knowledge extraction
- Two editions: Community Edition (Apache 2.0) and Enterprise Edition with advanced features
- Extensible via connectors to accelerate interactions with other platforms
Installation
- Visit the official website https://opencti.io for detailed setup guides
- Deploy the platform using Docker images available at https://hub.docker.com/u/opencti
- Configure the platform via the web interface after deployment
- Enable Enterprise Edition features in platform settings if licensed
- Integrate with external tools like MISP or TheHive through available connectors
- Use the GraphQL API for custom integrations and automation
Usage
>_ Access the OpenCTI web frontendUse the web interface to manage and visualize threat intelligence data
>_ Use GraphQL APIQuery and manipulate threat intelligence data programmatically
>_ Import data via automated connectorsIngest threat intelligence from external sources like MISP or MITRE ATT&CK
>_ Export data in CSV or STIX2 formatsExtract and share threat intelligence data in standard formats
>_ Enable Enterprise Edition in settingsActivate additional advanced features available in the paid edition
- Integrate OpenCTI with SIEM and SOAR platforms to automate threat intelligence ingestion and response workflows.
- Leverage the MITRE ATT&CK connector to enrich threat data and improve detection rule tuning.
- Use OpenCTI's GraphQL API to build custom dashboards tailored for SOC analysts and threat hunters.
- Employ automated relation inference to uncover hidden connections between threat actors and campaigns.
- Extend OpenCTI with custom connectors to ingest proprietary or industry-specific threat feeds for enhanced situational awareness.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about opencti. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
sherlock
sherlock-project/sherlock
Hunt down social media accounts by username across social networks
web-check
Lissy93/web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
hosts
StevenBlack/hosts
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
awesome-osint
jivoi/awesome-osint
:scream: A curated list of amazingly awesome OSINT
social-analyzer
qeeqbox/social-analyzer
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
maigret
soxoj/maigret
🕵️♂️ Collect a dossier on a person by username from thousands of sites