The tool is able to use the MITRE ATT&CK framework (through a dedicated connector) to help structure the data. The goal is to create a comprehensive tool allowing users to capitalize technical (such as TTPs and observables) and non-technical information (such as suggested attribution, victimology etc.) while linking each piece of information to its primary source (a report, a MISP event, etc.), with features such as links between each information, first and last seen dates, levels of confidence, etc. Also, OpenCTI can be integrated with other tools and applications such as MISP, TheHive, MITRE ATT&CK, etc. It has been designed as a modern web application including a GraphQL API and an UX oriented frontend.
The structuration of the data is performed using a knowledge schema based on the STIX2 standards. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats. OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables.
0 kommentar(er)
