Filigran OpenCTI

Filigran OpenCTI is an open-source threat intelligence platform designed to help organizations collect, manage, and operationalize cyber threat intelligence. The platform consolidates disparate threat feeds into a centralized system using a STIX 2.1 data model. OpenCTI provides a knowledge hypergraph interface that allows analysts to navigate relationships between threat actors, malware, tactics, techniques, procedures (TTPs), and indicators of compromise. The platform includes visual graphs, timelines, and MITRE ATT&CK framework mappings to support threat analysis workflows. The platform offers customizable dashboards for different use cases including threat monitoring, threat hunting, incident response, and investigation. It includes case management capabilities for centralizing incident-related data and supporting collaborative investigations. OpenCTI incorporates automation features for processing threat intelligence workflows and generating reports. The platform includes AI-assisted capabilities for tasks such as threat feed import, search, analysis, and report generation. Access control is managed through role-based access control (RBAC) with data segregation capabilities. The platform supports threat intelligence sharing across teams and organizations through authorized member and organization mechanisms. OpenCTI is available in multiple deployment options: Community Edition (open source), Enterprise Edition (on-premise or SaaS), and fully managed SaaS hosting. The platform supports over 300 integrations with external threat feeds and security tools through connectors.