OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically designed to address this need-delivering robust capabilities for cyber threat intelligence (CTI) management and analysis.
Created by Filigran, OpenCTI allows organizations to structure, store, and visualize both technical details (like Tactics, Techniques, and Procedures-TTPs-and observables) and non-technical information (such as attribution or victimology).
The platform leverages the STIX2 standard for its knowledge schema, supporting interoperability and existing intelligence frameworks.
.png
)
OpenCTI distinguishes itself with a modern, user-friendly web application built around a responsive UX and a powerful GraphQL API.
It offers seamless integrations with popular cybersecurity tools such as MISP, TheHive, and MITRE ATT&CK, making it easy for analysts to pull in and correlate data from multiple sources.
At its core, OpenCTI is designed to be a comprehensive CTI platform.
Analysts can link every piece of information to its source-whether it’s a research report or an external threat feed-while supplementing it with context like first and last seen dates, confidence levels, and relationships to other data.
The use of the MITRE ATT&CK framework via a dedicated connector helps structure threat data and uncover hidden relationships.
OpenCTI not only supports importing data in multiple formats, but also enables exporting intelligence in formats like CSV or STIX2 bundles, making sharing and automation straightforward.
Connectors further streamline integration with external platforms, boosting collaboration and operational efficiency.
OpenCTI is available in two editions: Community (CE) and Enterprise (EE). The Community Edition, licensed under Apache 2.0, is open source and free to use.
The Enterprise Edition introduces advanced capabilities-aimed at organizations requiring enterprise-level support and additional features-and can be easily enabled from within the platform settings.
Getting Started & Community Involvement
Comprehensive documentation, demonstration environments, and a vibrant Slack channel support onboarding and knowledge exchange.
Releases are hosted on GitHub, and multiple deployment methods (Docker, manual, Terraform, Helm charts) suit organizations of all sizes.
OpenCTI welcomes contributions from its community, providing a structured Code of Conduct and a list of beginner-friendly issues.
Developers and analysts can help shape the platform’s future, while bug reports and feature requests are managed via GitHub.
OpenCTI collects minimal anonymous telemetry and offers users control over their data. Users leveraging the included OpenStreetMap services can opt for privacy by deploying their own instance.
In an era where actionable threat intelligence is critical, OpenCTI offers a compelling, free solution that empowers both individuals and organizations to stay ahead of cyber threats-supported by an active developer and user community.
Setting Up SOC Team? – Download Free Ultimate SIEM Pricing Guide (PDF) For Your SOC Team -> Free Download
