GitHub – OpenCTI-Platform/opencti: Open Cyber Threat Intelligence Platform Skip to content You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert OpenCTI-Platform / opencti Public Notifications You must be signed in to change notification settings Fork 1.2k Star 8.5k Open Cyber Threat Intelligence Platform opencti.io License View license 8.5k stars 1.2k forks Branches Tags Activity Star Notifications You must be signed in to change notification settings OpenCTI-Platform/opencti master Branches Tags Go to file Code Open more actions menu Folders and files Name Name Last commit message Last commit date Latest commit History 12,400 Commits 12,400 Commits .circleci .circleci .devcontainer .devcontainer .github .github client-python client-python docs docs opencti-platform opencti-platform opencti-worker opencti-worker scripts scripts .gitattributes .gitattributes .gitignore .gitignore .grenrc.js .grenrc.js .pre-commit-config.yaml .pre-commit-config.yaml .readthedocs.yaml .readthedocs.yaml CODE_OF_CONDUCT.md CODE_OF_CONDUCT.md CONTRIBUTING.md CONTRIBUTING.md LICENSE LICENSE README.md README.md SECURITY.md SECURITY.md generatelicenseconfig.json generatelicenseconfig.json renovate.json5 renovate.json5 View all files Repository files navigation Introduction OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats. The structuration of the data is performed using a knowledge schema based on the STIX2 standards . It has been designed as a modern web application including a GraphQL API and an UX oriented frontend. Also, OpenCTI can be integrated with other tools and applications such as MISP , TheHive , MITRE ATT&CK , etc. Objective The goal is to create a comprehensive tool allowing users to capitalize technical (such as TTPs and observables) and non-technical information (such as suggested attribution, victimology etc.) while linking each piece of information to its primary source (a report, a MISP event, etc.), with features such as links between each information, first and last seen dates, levels of confidence, etc. The tool is able to use the MITRE ATT&CK framework (through a dedicated connector ) to help structure the data. The user can also choose to implement their own datasets. Once data has been capitalized and processed by the analysts within OpenCTI, new relations may be inferred from existing ones to facilitate the understanding and the representation of this information. This allows the user to extract and leverage meaningful knowledge from the raw data. OpenCTI not only allows imports but also exports of data under different formats (CSV, STIX2 bundles, etc.).

Source: GitHub Trending | Original Link