Security Stack Logo
OpenCTI logo

Threat Intelligence

OpenCTI

Open-source CTI platform to unify, operationalize, and prioritize threat intel in SecOps.

Cyberthreat Intelligence Technologies

OpenCTI Overview

What it does

OpenCTI is an open-source threat intelligence platform that structures, stores, and operationalizes cyber threat knowledge at tactical, operational, and strategic levels using a Structured Threat Information Expression (STIX) 2.1 schema. The platform links technical observables and non-technical context such as attribution and victimology to primary sources with confidence scoring, relationship mapping, and timeline visualization across a STIX-structured knowledge hypergraph with MITRE ATT&CK mappings.

How it works

The platform ingests intelligence through 300+ one-click connector integrations, TAXII 2.1, and RSS feeds, then applies automation and agentic workflows for enrichment, correlation, case management, and finished report generation. A new Filigran Browser Extension converts web pages into structured threat reports with one click and connects investigations to OpenCTI and OpenAEV. Enterprise Edition adds Priority Intelligence Requirements (PIRs), advanced automation playbooks, and data segregation for multi-organization deployments across SaaS, on-premise, or air-gapped environments.

Credentials and traction

Filigran holds SOC 2 Type II and ISO 27001:2022 certifications. OpenCTI was named an Outperformer and Challenger in the 2026 GigaOm Radar for Threat Intelligence Platforms, and Filigran's XTM platform won The Hacker News Cybersecurity Stars Award for Best Intelligence-Powered Cybersecurity Platform in 2026. The platform is used by 6,000+ public and private organizations worldwide, including the FBI and the European Commission.

Key Capabilities

mapped to solution categories
Cyberthreat Intelligence Technologies

Provides an interactive portal with contextualized dashboards, configurable alerting, search and built-in analysis.

Provides comprehensive indicators of compromise such as IPs, URLs, domains and file hashes with maliciousness ratings and enrichments like geolocation and TTPs.

Delivers tailored vulnerability and exposure intelligence highlighting actively exploited vulnerabilities with associated IoCs, TTPs and threat actors.

Supports machine-to-machine integration via JSON, APIs and STIX or TAXII, with sharing across private and public communities such as ISACs.

Auto-generates detection rules and syntax for SIEM, firewalls, IPS or IDS and EDR.

Offers analyst support such as requests for information, recurring analyst augmentation and takedown services.

Produces finished intelligence reports at technical, operational and strategic levels.

Ingests and shares intelligence via STIX/TAXII and other machine-to-machine formats and APIs.

Aggregates indicators from multiple sources into comprehensive, deduplicated coverage.

Profiles threat actors with associated TTPs and attribution context.

Compliance

certifications
ISO 27001SOC 2 Type II

Integrations

compatible tools
AlienVault OTXAnomaliArctic WolfAtosCrowdStrikeCVECyber Threat CoalitionDeepwatchDeloitteEclecticIQElasticExabeamFortinetIBM QRadarIBM X-ForceIntrinsecKasperskyLogRhythmMaltiverseMalwareBazaarMISPMITRE ATT&CKOrange CyberdefensePalo Alto NetworksProofpointRecorded FutureRiskIQSekoiaSentinelOneShodanSlackSplunkTaniumTheHiveThreat FoxThreatConnectThreatQVirusTotalWavestoneWazuh

Implementation & support

Deployment model
Air-GappedCloudOn-PremisesSaaS
Pricing structure
Community EditionFree TrialSubscription
Support channels
Community ForumCustomer Success Manager (CSM)Customer Success TeamDocumentationEmail SupportSlack (Customer Channel)Technical Account Manager (TAM)Ticketing PortalTraining / Academy

Info last updated on May 28, 2026

Vendors

Is this your product?

Claim your profile to connect with the teams looking for your solutions.

Security Stack Logo

The curated research platform for enterprise cybersecurity solutions.

All product and company names, logos, and brands are property of their respective owners and are used on this website for identification purposes only. Security Stack does not endorse any vendor, product, or service listed, and makes no warranties, express or implied, as to the accuracy or completeness of this content, including any warranties of merchantability or fitness for a particular purpose.

© 2026 Security Stack. All rights reserved.