Releases: OpenCTI-Platform/opencti
Version 5.12.3
Bug Fixes:
- #5112 Enrichment is not possible if entities are selected using the "select all" button.
- #5106 source_reliability filter not working with empty operator
- #5100 Filters not correctly displayed in Threats => Knowledge
- #5097 Filters is not iterable in export panel of knowledge
- #5096 [Filters] Error when filtering on "empty" or "not empty" Entity Type in Observables
- #5095 Error when creating a File or a Certificate with MD5 hash
- #5093 Incorrect filterGroup when editing Cases
- #5090 Unamed location makes the workbench crash
- #5089 Issue with editing Taxonomies -> Case templates
- #5081 Error in some RSS feeds
- #5045 Domain Name Observable Validation fails with Unicode domain
- #5028 CERT-EU rss feeds not loading
- #5016 Failed exports are grayed out, causing two problems
Pull Requests:
- [backend] sanitize dates coming from RSS feed by @labo-flg in #5086
- Fix case template filter key, taskContains > tasks (#5089) by @labo-flg in #5091
- [Frontend] Some console errors fixes on settings page by @lndrtrbn in #5080
- [frontend] fix filtergroup not set correctly for Cases (#5093) by @labo-flg in #5094
- [backend] entity_type filter with nil and not_nil operators (#5096) by @Archidoit in #5099
- [backend] Domain Name Observable accepts unicode characters (#5045) by @marieflorescontact in #5101
- Issue/5097 by @SamuelHassine in #5102
- [backend] source_reliability filter with nil / not_nil operator (#5106) by @Archidoit in #5108
- Update dependency @types/react-relay to v16.0.5 by @renovate in #4689
- Update dependency apexcharts to v3.44.2 by @renovate in #5118
- Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.11.1 by @renovate in #5116
- Update docker.elastic.co/kibana/kibana Docker tag to v8.11.1 by @renovate in #5117
- Update Apollo GraphQL packages to v3.13.0 by @renovate in #5114
- Update aws-sdk-js-v3 monorepo to v3.465.0 by @renovate in #5115
Full Changelog: 5.12.2...5.12.3
Version 5.12.2
Bug Fixes:
- #5088 In some special conditions, the Elastic / OpenSearch settings is not corresponding to the prefix which prevent migration
- #5087 Filters refactor migration error
Full Changelog: 5.12.1...5.12.2
Version 5.12.1
Version 5.12.0
Dear community, we're delighted to announce the release of OpenCTI 5.12.0 🥳! This milestone marks a turning point for the platform, both in terms of the new features it brings and the bugs it fixes, as well as the improvements in system resource utilization and performance 🚀.
⚠️ Breaking change in the list filters system in the API (and the Python library)⚠️
First of all, in order to support more complex search and filtering use cases such as grouping, this version introduces a major breaking change in the way list filters are built 🔍. If you have specific integrations that use the Python library or the GraphQL API, please read the migration documentation carefully 👁️🗨️.
This filters enhancement will continue in future versions, but now allows you to switch logical operators (AND and OR) between two groups or within a group. Also, on several text fields it is now possible to use new modes such as "starts with / ends with" 🎉. The new filter syntax unlocks the most advanced uses of knowledge retrieval, including the ability, for example, to filter threats according to country AND sector (targeting both) 🧬.
OpenCTI 5.12 also introduces the import / export of dashboards and widgets within dashboards, as well as the export of audit logs in CSV format🗄️. Generally speaking, the data export experience has been greatly enhanced, with the introduction of several buttons to make it more fluid. You can easily convert a graph into an investigation and vice-versa, add entities to a report with their relationships, and so on 🗜️.
In OpenCTI Enterprise Edition, a new feature now enables direct indexing of raw documents (PDF, HTML, DOCX, etc.), whose content becomes immediately accessible in the global search 🚄. This is a long awaited feature which definitely solves multiple challenges if the data is not correctly extracted / modelized. It also paves the way for the platform's future integrated NLP system 🎊.
We also have started to introduce a new ACL system at the entity level (like in dashboards and investigations) for Feedback and will expand it in the future to all STIX objects. Finally, this version contains various user experience enhancement on colors usage, light theme and overall navigation. We will carry on the hard work to make the platform more accessible and user friendly all over the upcoming releases
Last but not least many connectors have been developed and enhanced in 5.12, especially HarfangLab, Tanium, Microsoft Sentinel, Mandiant and Recorded Future but also a bunch of community additions. Thank you everyone for your help, your feedback and your great contributions 🙏.
Enhancements:
- #5029 Improve CPU usage of elastic/open.search results parsing
- #5005 Improve auditing to split file read and file download
- #4982 Move top menu of entities in tabs
- #4913 [Dashboard] The colours of the labels do not match
- #4902 Improve the "click to download file" in lists
- #4883 Add the possibility to download a file as an Encrypted archive in the Export list panel
- #4804 Avoid upserting an filled attribute with something null
- #4765 Display a "By Filigran" logo on login page and on all pages of the app
- #4636 Why is there a limit of 5000 entities in a csv feed?
- #4536 Modifying Schema for filter of feed/taxii/stream
- #4505 CSV column mapping when a column can have different representations
- #4494 Enrich activity logging capabilities to cover more use cases
- #4484 In the live stream, add NOT operator filter for “observable type”
- #4455 Align search panel in Investigation with others in the platform
- #4405 Searching in knowledge graph should not make nodes disappearing but just grey them
- #4201 Add a "Indicators propagation in reports" rule in the rule engine
- #4124 Implement checkboxes on "Observations / Infrastructure" list
- #3631 Be able to download user analytics (audit / history) in JSON or CSV
- #3532 Harmonize behavior of fields in the Settings => Activity => Configuration
- #3242 Export/Import Custom Dashboard (and Widget)
- #3181 Extend authorized_members ACL system to Feedbacks
- #3165 Refactor filters display everywhere.
- #2695 Add dst_ref and src_ref properties in networktraffic or networktrafficadd object.
- #2686 Full refactor of filtering and searching using grouping / operators / fuzzy filters
- #2515 Enhance export buttons
- #2510 In users overview, create an analytics table with KPIs and data stats / health
- #1680 Information on how the research field works needed
- #1483 Full text search for documents
Bug Fixes:
- #5062 When opening a filter for the first time, focus is not taken
- #5039 Can't remove search keyword from Global Search
- #5015 Error: Enabling photo on for image carousel on Threat Actor
- #5014 No more relationship redirection in Data>relationships
- #4992 Fail to remove element with unfinished works
- #4981 Rules engine use 100% CPU in some circumstances
- #4969 Activity audit update events for the same entity are mixed up
- #4965 In Knowledge views, clicking on the "Entities view" button or the "Relationships view" when active make the UI disappeared
- #4938 The list of available triggers does not appear when creating a regular digest
- #4933 Missing icon for users in Ingestion Creation
- #4930 Page "group" not updated when adding users
- #4926 In Knwoledge overview, when "free select" is enabled and the user wants to add an entity by search through it, the search box does not allow to enter text
- #4916 Investigations Entities Limit
- #4911 [Case to Invest to Case] Cyclic relationship bug
- #4899 Logo for relationship creation suggested stays green
- #4894 logout Page Not foud using APP__BASE_PATH
- #4891 Error when sending objects from an Investigation to a Container
- #4889 Error when export list
- #4880 Version 5.11.13 packages have not been generated correctly
- #4872 [Dashboard] Area and Line view don't seem to retrieve the data correctly
- #4869 [Dashboard] Adding a "related entity" filter results in an error
- #4868 [Dashboard] The donuts and radar view don't take dynamic filters into account
- #4863 Adding a tag to a dashboard is not working
- #4860 Cannot trigger a background task on Campaign => Knowledge => Indicators
- #4845 One Organisation on my platform can no longer be added as an "Author"
- #4832 Add threat actor location: can't create a location + bad design
- #4827 Investigation Entity Display
- #4798 Cannot modify the name of an entity if already present in the alias of the same entity
- [#4735](https://github.com/OpenCTI-Platform/opencti/is...
Version 5.11.14
Version 5.11.13
Enhancements:
- #4848 Be able to use first level relationships (and associated entities) in playbooks
- #4808 Select All Marking Definitions in Groups
- #4784 Let MINIO__USE_AWS_ROLE use defaultProvider for AWS EKS hosted OpenCTI
- #4780 Improve resolution of entities to avoid "too many entities resolved"
- #4755 Additional obstacle to entity deletion in the "Entities" tab of a Report
- #4448 Migrate redirection buttons to a "settings" button with popup
- #1912 Creation of an indicator without name
- #1580 Download artifact as a zip password protected archive
Bug Fixes:
- #4861 Artifact cannot be uploaded in the generic observable creation form
- #4849 Icon alignment on home dashboard selection is not correct
- #4842 Invalid URLs redirects to a blank page
- #4840 Prevent live stream cyclic resolutions on relation dependencies
- #4833 The playbooks are not always triggered
- #4823 URL not reset after disconnection
- #4822 Organization administrators cant access the list of managed organization users
- #4807 The ")" character breaks the search
- #4805 Error "Attribute validity_not_before must be a string","reason":"Invalid field validity_not_before" in logs
- #4803 Correlated cases is not working
- #4801 Quick filter for threat targeting is not working anymore
- #4800 Filter on status is not grouped correctly
- #4797 CSV Mapper prevent related-to relationships + missing revoked by
- #4796 Blank TAXII Ingester "ca certificate" field populated with "}}"
- #4792 Infinite loading is broken on create relationships since new drawer
- #4789 Priority and Severity filters are not handled in Live streams
- #4778 Text Overflowing Paper in LINKED OBJECTS
- #4776 Investigation graph dezoom and loses the entity
- #4775 Incorrect counter in knowledge view ("author" side)
- #4774 Incorrect redirection in data / relationships for hyper relations (relation to relation)
- #4768 Can't remove Platform main organization
Pull Requests:
- [frontend] Status filter display (#4800) by @Archidoit in #4810
- [backend] match type between schema and module (issue 4805) by @yassine-ouaamou in #4814
- [frontend] Fix Text Overflowing Paper in LINKED OBJECTS by @helene-nguyen in #4802
- [frontend] fix infinite loader not working within a Drawer (#4792) by @labo-flg in #4821
- [frontend] escape characters when mapping content (issue 4807) by @yassine-ouaamou in #4812
- [backend] Fix targets relations missing in filtering by @Kedae in #4816
- [backend/frontend] Fix platform organization emptiness & internal ref… by @Kedae in #4835
- On manual logout, invalidate referrer by @labo-flg in #4830
- [Frontend/Backend] Minor improvement for CSVMapper by @jpkha in #4742
- [frontend] Fix correlated cases is not working by @Megafredo in #4818
- [frontend] by default, redirect invalid URLS to /dashboard by @labo-flg in #4843
- [frontend] Align selected dashboard (#4849) by @lndrtrbn in #4850
- [backend] fix knowledge count by author (#4775) by @SouadHadjiat in #4809
- [frontend] Fix Incorrect redirection in data / relationships for hyper relations (#4774) by @marieflorescontact in #4791
- [backend] Add defaultProvider option for AWS EKS hosted OpenCTI (#4784) by @richard-julien in #4855
- [Frontend] CSVMapper - fix missing value in relationship related-to a… by @jpkha in #4838
- [backend] Prevent live stream cyclic resolutions on relation dependencies (#4840) by @richard-julien in #4854
- [frontend] Fix Blank TAXII Ingester "ca certificate" field populated with "}}" by @helene-nguyen in #4856
New Contributors:
- @jpkha made their first contribution in #4742
- @Megafredo made their first contribution in #4818
Full Changelog: 5.11.12...5.11.13
Version 5.11.12
Enhancements:
- #4793 Improve locking system to better support high concurrency modifications
- #4767 Failed TAXII Ingester ingestion (CISA AIS 2.0)
Bug Fixes:
- #4786 Playbooks don't work correctly
- #4779 Fail Indicators export if a score filter is present
- #4772 Error at taxii collection, stream and feed ordering
Pull Requests:
- Bump crypto-js from 4.1.1 to 4.2.0 in /opencti-platform/opencti-front by @dependabot in #4763
- [backend] fix stream, taxii and feeds ordering (#2686) by @Archidoit in #4773
- [backend] Improve resolution of elements (#4780) by @SamuelHassine in #4781
- Align search panel in Investigation with others in the platform (#issue/4455) by @SarahBocognano in #4756
- [backend] Improve locking and add abort controller by @richard-julien in #4783
- [backend] Fix fail Indicators export if a score filter is present by @helene-nguyen in #4795
- [backend] handle priority and severity attributes in filters by @labo-flg in #4794
Full Changelog: 5.11.11...5.11.12
Version 5.11.11
Enhancements:
- #4668 Open streams, feeds and taxii in new tab when clicking in the lists
Bug Fixes:
- #4760 New upsert approach fails when connector push null workflow id
- #4740 Technical creator filter is not working on sightings screen
- #4730 "All threats" filter missing on Areas object
Pull Requests:
- [frontend] open feeds, streams and taxii in new tabs by @labo-flg in #4669
- [backend] Fix sightings technical creator filter (#4740) by @marieflorescontact in #4754
- show 'All threats' section in Area's knowledge (#4753) by @yassine-ouaamou in #4753
- [backend] New upsert approach fails when connector push null workflow id (#4760) by @richard-julien in #4761
Full Changelog: 5.11.10...5.11.11
Version 5.11.10
Enhancements:
- #4751 Stream can be slow in platform synchronization with large amount of data
- #4708 Prevent new platform context_data input to dynamically be mapped on unwanted type
Bug Fixes:
- #4750 Huge reports still can make the platform unresponsive
- #4743 [backend] Prevent stream too_many_clauses error in query builder
- #4739 Massive operation on sightings is not working
- #4734 Public TAXII collection does not take into account filters
Pull Requests:
- [backend] Prevent stream too_many_clauses error in query builder (#4743) by @richard-julien in #4744
- [backend/frontend] fix massive operations on sightings (#4739) by @SouadHadjiat in #4746
- [backend] Prevent new platform context_data input to dynamically be mapped on unwanted type (#4708) by @richard-julien in #4709
Full Changelog: 5.11.9...5.11.10
Version 5.11.9
Enhancements:
- #4710 Improve playbook engine container wrapper component
- #2895 Be able to disable a user, also allow user expiration date
- #2661 Extension to Demographic and Biographic data points in 2 types of entity
- #2254 User Account Expiration Date
Bug Fixes:
- #4727 Search fails when using ^ char
- #4723 At some point in 5.11.x, the Correlation View stopped rendering the report entities
- #4722 Major performance / timeout / unresponsive issue in platforms
- #4694 Cannot save changes to report content. Update button is inactive
Pull Requests:
- Update dependency babel-plugin-relay to v16 by @renovate in #4688
- Bump postcss from 8.4.30 to 8.4.31 in /opencti-platform/opencti-graphql by @dependabot in #4716
- Bump get-func-name from 2.0.0 to 2.0.2 in /opencti-platform/opencti-front by @dependabot in #4717
- Bump undici from 5.25.2 to 5.26.4 in /opencti-platform/opencti-graphql by @dependabot in #4714
- Bump get-func-name from 2.0.0 to 2.0.2 in /opencti-platform/opencti-graphql by @dependabot in #4715
- Bump @babel/traverse from 7.22.20 to 7.23.2 in /opencti-platform/opencti-front by @dependabot in #4718
- [frontend] fix enforced references for Reports/Rfi/Groupings by @labo-flg in #4720
- Major performance / timeout / unresponsive issue in platforms (#4722) by @richard-julien in #4733
Full Changelog: 5.11.8...5.11.9