Releases: OpenCTI-Platform/opencti
Version 5.12.6
Enhancements:
- #5234 avoid representatives filters queries with empty filters
- #5223 Add possibility to filter incident and events by name
- #5193 Add 'targets' filter in Threat Knowledge entities view
- #4932 Add an optional default value for an attribute that is missing mapping value from a file
- #4595 CodeCov is not updated since 2 months (0% coverage)
- #2563 In the user overview, be able to list all entities created by him (and filters / search)
Bug Fixes:
- #5232 Bad design in the triggers of a user
- #5225 Filters 'value' on observables of type File is not working
- #5219 elUpdateMapping is not correctly used in migrations and elsewhere
- #5218 [Dashboards] Difficulties to click on a line on a list widget
- #5216 Error in Knowledge > Related entities
- #5214 Background tasks on an entity with filters with 'or' as global mode not working
- #5209 Filter Autocomplete displays no value when an entity type is pre-filtered via the palette
- #5198 Error when creating Software from Vulnerability detail
- #5197 RFI and RFT created by a playbook cannot be updated
- #5195 Results columns headers are not well aligned
- #5191 Indicator filter "Based on an observable" bug
- #5187 File indexing fixes and improvements
- #5182 In the widget bookmark, we propose many options to filter but only entity-types are taken into account.
- #5181 Some filters don't support all modes and operators in widgets
- #5177 [Playbooks] "Apply predefined rule" without objects is not working
- #5168 [Dashboards] Error when creating a Heat Map
- #5166 Can't delete artifacts
- #5164 The top of the graph view in an entity is broken
- #5142 Missing translations in investigation screen in expand dialog
Pull Requests:
- [frontend] The top of the graph view in an entity is broken (#5164) by @jpkha in #5167
- Enable eslint plugin react and fixes issues by @labo-flg in #5155
- [backend] fix file deletion (#5166) by @labo-flg in #5172
- [frontend] fix widgets filters (#5168) by @Archidoit in #5174
- [frontend/backend] add eslint-plugin-import-newlines to style imports by @labo-flg in #5179
- [backend/frontend] File indexing fixes and improvements (#5187) by @SouadHadjiat in #5188
- [frontend] fix options filters in widgets (#5181) by @Archidoit in #5183
- [frontend] Fix column headers (#5196) by @jpkha in #5196
- [frontend] add targets filter in Knowledge entities list of threats (#5193) by @Archidoit in #5194
- [frontend] fix 'based on an observable' filter (#5191) by @Archidoit in #5192
- Update dependency @elastic/elasticsearch to v8.11.0 by @renovate in #5200
- Update material-ui monorepo by @renovate in #5202
- Update rjsf monorepo to v5.15.1 by @renovate in #5206
- Update docker.elastic.co/kibana/kibana Docker tag to v8.11.3 by @renovate in #5205
- Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.11.3 by @renovate in #5204
- Update typescript-eslint monorepo to v6.14.0 by @renovate in #5203
- Update github/codeql-action action to v3 by @renovate in #5207
- Update dependency @elastic/transport to v8.4.0 by @renovate in #5201
- [frontend] Fix fitlering on entities with scope (#5209) by @jpkha in #5212
- [frontend] fix filters in Knowledge view of an entity (#5216) by @Archidoit in #5217
- [frontend] Fix error when creating Software from Vulnerability (#5198) by @SouadHadjiat in #5213
- Update dependency typescript to v5.3.3 by @renovate in #5136
- [frontend] fix entity type context in background tasks filters (#5214) by @Archidoit in #5215
- [frontend/backend] handle entity_type filter in bookmark widgets (#5182) by @Archidoit in #5211
- [backend] Upgrade vitest and test coverage by @richard-julien in #5226
- Update dependency vitest to v1 by @renovate in #5208
- [frontend] switch translation key when relationship (#5142) by @lndrtrbn in #5180
- Update dependency jwt-decode to v4 by @renovate in #5022
- [frontend] add the possibility to filter some entities by name (#5223) by @Archidoit in #5224
- Update dependency yup to v1.3.3 by @renovate in #5231
- Update dependency react-force-graph-2d to v1.25.3 by @renovate in #5228
- Update dependency react-otp-input to v3.1.1 by @renovate in #5230
- Update dependency react-force-graph-3d to v1.24.1 by @renovate in #5229
- [Frontend/Backend] Quick fixes for existing CSV Mapper (#4932) by @CelineSebe in #5152
- [frontend] fix display issue on Triggers in user overview (#5232) by @jpkha in #5233
- [frontend] Redirect from user Overview to all entities and relations created by the user (#2563) by @marieflorescontact in #5185
- [frontend] rename observable_value column in Representation (#5225) by @Archidoit in #5236
- [frontend] avoid representatives filters queries if no filters (#5234) by @Archidoit in #5235
- [backend] Introduce mapping reset function for indices and templates (#5129) by @richard-julien in #5239
Full Changelog: 5.12.5...5.12.6
Version 5.12.5
Enhancements:
- #4583 Full refactor of files storage and fetching to avoid querying S3 when not necessary
- #4498 Ability to scope platform notifications (in settings) to specific groups or organizations (not always global)
- #3720 Delete cascade user => triggers / notifications / workspaces
- #3387 Be able to customize the time range of relationship de-deduplication mechanism
Bug Fixes:
- #5160 Date Column in Activity Tab Not Fully Visible
- #5158 Error in some RSS feeds again
- #5153 Can't add api filters to retention policies
- #5147 TAXII ingestion technical error
Pull Requests:
- [backend] do not convert empty filter group into null in elastic query by @labo-flg in #5146
- [backend] delete dashboard with no more admins when user when user is deleted (#3720) by @CelineSebe in #5038
- [frontend] fix filter display in retention policies by @jpkha in #5150
- [backend] authorize api filters keys for retention policies checking (#5153) by @Archidoit in #5154
- [frontend] fix remove cursor pointer on operator that is not clickable + Missing translations by @jpkha in #5157
- [backend] Customize time range of relationship de-deduplication (#3387) by @richard-julien in #5132
- [backend/frontend] Refactor files management to rely on internal engine instead of S3 (#4583) by @richard-julien in #5131
- [frontend/backend] Add support of recipients for platform message by @SamuelHassine in #5161
New Contributors:
- @CelineSebe made their first contribution in #5038
Full Changelog: 5.12.4...5.12.5
Version 5.12.4
Bug Fixes:
- #5138 UI bug in infrastructure knowledge
- #5129 Double quote are not taken into account in the file text indexing search
- #5124 Dashboard Area Widget error
- #5103 On Threat, knowledge filter when using "not_equals" filter campaign, I should not have any campaign displayed
Pull Requests:
- Bump vite from 5.0.4 to 5.0.5 in /opencti-platform/opencti-graphql by @dependabot in #5121
- Bump vite from 5.0.4 to 5.0.5 in /opencti-platform/opencti-front by @dependabot in #5122
- [backend] fix filters in TimeSeries Widgets (#5124) by @Archidoit in #5125
- On-demand deployment of feature branch for early testing by @sbocahu in #5128
- [backend] Add tests for observable syntax regex pattern (#5045) by @marieflorescontact in #5127
- [backend] fix filters refacto migration for widget with no dataSelection (#2686) by @Archidoit in #5134
- On-demand deploy of feature branch: fix slug by @sbocahu in #5140
- Update dependency react-router-dom-v5-compat to v6.20.1 by @renovate in #5135
- Update rjsf monorepo to v5.15.0 by @renovate in #5137
- Deploy feature branch: allow to pass octi config by @sbocahu in #5143
- [frontend/backend] restrict api filter keys to EQ operator and OR local mode (#5103) by @Archidoit in #5109
- Deploy feature branch: work around variable scoping by @sbocahu in #5145
- [backend] Fix search in files query (#5129) by @SouadHadjiat in #5139
New Contributors:
Full Changelog: 5.12.3...5.12.4
Version 5.12.3
Bug Fixes:
- #5112 Enrichment is not possible if entities are selected using the "select all" button.
- #5106 source_reliability filter not working with empty operator
- #5100 Filters not correctly displayed in Threats => Knowledge
- #5097 Filters is not iterable in export panel of knowledge
- #5096 [Filters] Error when filtering on "empty" or "not empty" Entity Type in Observables
- #5095 Error when creating a File or a Certificate with MD5 hash
- #5093 Incorrect filterGroup when editing Cases
- #5090 Unamed location makes the workbench crash
- #5089 Issue with editing Taxonomies -> Case templates
- #5081 Error in some RSS feeds
- #5045 Domain Name Observable Validation fails with Unicode domain
- #5028 CERT-EU rss feeds not loading
- #5016 Failed exports are grayed out, causing two problems
Pull Requests:
- [backend] sanitize dates coming from RSS feed by @labo-flg in #5086
- Fix case template filter key, taskContains > tasks (#5089) by @labo-flg in #5091
- [Frontend] Some console errors fixes on settings page by @lndrtrbn in #5080
- [frontend] fix filtergroup not set correctly for Cases (#5093) by @labo-flg in #5094
- [backend] entity_type filter with nil and not_nil operators (#5096) by @Archidoit in #5099
- [backend] Domain Name Observable accepts unicode characters (#5045) by @marieflorescontact in #5101
- Issue/5097 by @SamuelHassine in #5102
- [backend] source_reliability filter with nil / not_nil operator (#5106) by @Archidoit in #5108
- Update dependency @types/react-relay to v16.0.5 by @renovate in #4689
- Update dependency apexcharts to v3.44.2 by @renovate in #5118
- Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.11.1 by @renovate in #5116
- Update docker.elastic.co/kibana/kibana Docker tag to v8.11.1 by @renovate in #5117
- Update Apollo GraphQL packages to v3.13.0 by @renovate in #5114
- Update aws-sdk-js-v3 monorepo to v3.465.0 by @renovate in #5115
Full Changelog: 5.12.2...5.12.3
Version 5.12.2
Bug Fixes:
- #5088 In some special conditions, the Elastic / OpenSearch settings is not corresponding to the prefix which prevent migration
- #5087 Filters refactor migration error
Full Changelog: 5.12.1...5.12.2
Version 5.12.1
Version 5.12.0
Dear community, we're delighted to announce the release of OpenCTI 5.12.0 🥳! This milestone marks a turning point for the platform, both in terms of the new features it brings and the bugs it fixes, as well as the improvements in system resource utilization and performance 🚀.
⚠️ Breaking change in the list filters system in the API (and the Python library)⚠️
First of all, in order to support more complex search and filtering use cases such as grouping, this version introduces a major breaking change in the way list filters are built 🔍. If you have specific integrations that use the Python library or the GraphQL API, please read the migration documentation carefully 👁️🗨️.
This filters enhancement will continue in future versions, but now allows you to switch logical operators (AND and OR) between two groups or within a group. Also, on several text fields it is now possible to use new modes such as "starts with / ends with" 🎉. The new filter syntax unlocks the most advanced uses of knowledge retrieval, including the ability, for example, to filter threats according to country AND sector (targeting both) 🧬.
OpenCTI 5.12 also introduces the import / export of dashboards and widgets within dashboards, as well as the export of audit logs in CSV format🗄️. Generally speaking, the data export experience has been greatly enhanced, with the introduction of several buttons to make it more fluid. You can easily convert a graph into an investigation and vice-versa, add entities to a report with their relationships, and so on 🗜️.
In OpenCTI Enterprise Edition, a new feature now enables direct indexing of raw documents (PDF, HTML, DOCX, etc.), whose content becomes immediately accessible in the global search 🚄. This is a long awaited feature which definitely solves multiple challenges if the data is not correctly extracted / modelized. It also paves the way for the platform's future integrated NLP system 🎊.
We also have started to introduce a new ACL system at the entity level (like in dashboards and investigations) for Feedback and will expand it in the future to all STIX objects. Finally, this version contains various user experience enhancement on colors usage, light theme and overall navigation. We will carry on the hard work to make the platform more accessible and user friendly all over the upcoming releases
Last but not least many connectors have been developed and enhanced in 5.12, especially HarfangLab, Tanium, Microsoft Sentinel, Mandiant and Recorded Future but also a bunch of community additions. Thank you everyone for your help, your feedback and your great contributions 🙏.
Enhancements:
- #5029 Improve CPU usage of elastic/open.search results parsing
- #5005 Improve auditing to split file read and file download
- #4982 Move top menu of entities in tabs
- #4913 [Dashboard] The colours of the labels do not match
- #4902 Improve the "click to download file" in lists
- #4883 Add the possibility to download a file as an Encrypted archive in the Export list panel
- #4804 Avoid upserting an filled attribute with something null
- #4765 Display a "By Filigran" logo on login page and on all pages of the app
- #4636 Why is there a limit of 5000 entities in a csv feed?
- #4536 Modifying Schema for filter of feed/taxii/stream
- #4505 CSV column mapping when a column can have different representations
- #4494 Enrich activity logging capabilities to cover more use cases
- #4484 In the live stream, add NOT operator filter for “observable type”
- #4455 Align search panel in Investigation with others in the platform
- #4405 Searching in knowledge graph should not make nodes disappearing but just grey them
- #4201 Add a "Indicators propagation in reports" rule in the rule engine
- #4124 Implement checkboxes on "Observations / Infrastructure" list
- #3631 Be able to download user analytics (audit / history) in JSON or CSV
- #3532 Harmonize behavior of fields in the Settings => Activity => Configuration
- #3242 Export/Import Custom Dashboard (and Widget)
- #3181 Extend authorized_members ACL system to Feedbacks
- #3165 Refactor filters display everywhere.
- #2695 Add dst_ref and src_ref properties in networktraffic or networktrafficadd object.
- #2686 Full refactor of filtering and searching using grouping / operators / fuzzy filters
- #2515 Enhance export buttons
- #2510 In users overview, create an analytics table with KPIs and data stats / health
- #1680 Information on how the research field works needed
- #1483 Full text search for documents
Bug Fixes:
- #5062 When opening a filter for the first time, focus is not taken
- #5039 Can't remove search keyword from Global Search
- #5015 Error: Enabling photo on for image carousel on Threat Actor
- #5014 No more relationship redirection in Data>relationships
- #4992 Fail to remove element with unfinished works
- #4981 Rules engine use 100% CPU in some circumstances
- #4969 Activity audit update events for the same entity are mixed up
- #4965 In Knowledge views, clicking on the "Entities view" button or the "Relationships view" when active make the UI disappeared
- #4938 The list of available triggers does not appear when creating a regular digest
- #4933 Missing icon for users in Ingestion Creation
- #4930 Page "group" not updated when adding users
- #4926 In Knwoledge overview, when "free select" is enabled and the user wants to add an entity by search through it, the search box does not allow to enter text
- #4916 Investigations Entities Limit
- #4911 [Case to Invest to Case] Cyclic relationship bug
- #4899 Logo for relationship creation suggested stays green
- #4894 logout Page Not foud using APP__BASE_PATH
- #4891 Error when sending objects from an Investigation to a Container
- #4889 Error when export list
- #4880 Version 5.11.13 packages have not been generated correctly
- #4872 [Dashboard] Area and Line view don't seem to retrieve the data correctly
- #4869 [Dashboard] Adding a "related entity" filter results in an error
- #4868 [Dashboard] The donuts and radar view don't take dynamic filters into account
- #4863 Adding a tag to a dashboard is not working
- #4860 Cannot trigger a background task on Campaign => Knowledge => Indicators
- #4845 One Organisation on my platform can no longer be added as an "Author"
- #4832 Add threat actor location: can't create a location + bad design
- #4827 Investigation Entity Display
- #4798 Cannot modify the name of an entity if already present in the alias of the same entity
- [#4735](https://github.com/OpenCTI-Platform/opencti/is...
Version 5.11.14
Version 5.11.13
Enhancements:
- #4848 Be able to use first level relationships (and associated entities) in playbooks
- #4808 Select All Marking Definitions in Groups
- #4784 Let MINIO__USE_AWS_ROLE use defaultProvider for AWS EKS hosted OpenCTI
- #4780 Improve resolution of entities to avoid "too many entities resolved"
- #4755 Additional obstacle to entity deletion in the "Entities" tab of a Report
- #4448 Migrate redirection buttons to a "settings" button with popup
- #1912 Creation of an indicator without name
- #1580 Download artifact as a zip password protected archive
Bug Fixes:
- #4861 Artifact cannot be uploaded in the generic observable creation form
- #4849 Icon alignment on home dashboard selection is not correct
- #4842 Invalid URLs redirects to a blank page
- #4840 Prevent live stream cyclic resolutions on relation dependencies
- #4833 The playbooks are not always triggered
- #4823 URL not reset after disconnection
- #4822 Organization administrators cant access the list of managed organization users
- #4807 The ")" character breaks the search
- #4805 Error "Attribute validity_not_before must be a string","reason":"Invalid field validity_not_before" in logs
- #4803 Correlated cases is not working
- #4801 Quick filter for threat targeting is not working anymore
- #4800 Filter on status is not grouped correctly
- #4797 CSV Mapper prevent related-to relationships + missing revoked by
- #4796 Blank TAXII Ingester "ca certificate" field populated with "}}"
- #4792 Infinite loading is broken on create relationships since new drawer
- #4789 Priority and Severity filters are not handled in Live streams
- #4778 Text Overflowing Paper in LINKED OBJECTS
- #4776 Investigation graph dezoom and loses the entity
- #4775 Incorrect counter in knowledge view ("author" side)
- #4774 Incorrect redirection in data / relationships for hyper relations (relation to relation)
- #4768 Can't remove Platform main organization
Pull Requests:
- [frontend] Status filter display (#4800) by @Archidoit in #4810
- [backend] match type between schema and module (issue 4805) by @yassine-ouaamou in #4814
- [frontend] Fix Text Overflowing Paper in LINKED OBJECTS by @helene-nguyen in #4802
- [frontend] fix infinite loader not working within a Drawer (#4792) by @labo-flg in #4821
- [frontend] escape characters when mapping content (issue 4807) by @yassine-ouaamou in #4812
- [backend] Fix targets relations missing in filtering by @Kedae in #4816
- [backend/frontend] Fix platform organization emptiness & internal ref… by @Kedae in #4835
- On manual logout, invalidate referrer by @labo-flg in #4830
- [Frontend/Backend] Minor improvement for CSVMapper by @jpkha in #4742
- [frontend] Fix correlated cases is not working by @Megafredo in #4818
- [frontend] by default, redirect invalid URLS to /dashboard by @labo-flg in #4843
- [frontend] Align selected dashboard (#4849) by @lndrtrbn in #4850
- [backend] fix knowledge count by author (#4775) by @SouadHadjiat in #4809
- [frontend] Fix Incorrect redirection in data / relationships for hyper relations (#4774) by @marieflorescontact in #4791
- [backend] Add defaultProvider option for AWS EKS hosted OpenCTI (#4784) by @richard-julien in #4855
- [Frontend] CSVMapper - fix missing value in relationship related-to a… by @jpkha in #4838
- [backend] Prevent live stream cyclic resolutions on relation dependencies (#4840) by @richard-julien in #4854
- [frontend] Fix Blank TAXII Ingester "ca certificate" field populated with "}}" by @helene-nguyen in #4856
New Contributors:
- @jpkha made their first contribution in #4742
- @Megafredo made their first contribution in #4818
Full Changelog: 5.11.12...5.11.13
Version 5.11.12
Enhancements:
- #4793 Improve locking system to better support high concurrency modifications
- #4767 Failed TAXII Ingester ingestion (CISA AIS 2.0)
Bug Fixes:
- #4786 Playbooks don't work correctly
- #4779 Fail Indicators export if a score filter is present
- #4772 Error at taxii collection, stream and feed ordering
Pull Requests:
- Bump crypto-js from 4.1.1 to 4.2.0 in /opencti-platform/opencti-front by @dependabot in #4763
- [backend] fix stream, taxii and feeds ordering (#2686) by @Archidoit in #4773
- [backend] Improve resolution of elements (#4780) by @SamuelHassine in #4781
- Align search panel in Investigation with others in the platform (#issue/4455) by @SarahBocognano in #4756
- [backend] Improve locking and add abort controller by @richard-julien in #4783
- [backend] Fix fail Indicators export if a score filter is present by @helene-nguyen in #4795
- [backend] handle priority and severity attributes in filters by @labo-flg in #4794
Full Changelog: 5.11.11...5.11.12