OpenCTI

OpenCTI is an open-source threat intelligence platform that enables organizations to manage cyber threat intelligence knowledge and observables at tactical, operational, and strategic levels. The platform structures, stores, organizes, and visualizes both technical and non-technical information about cyber threats using a knowledge schema based on STIX 2.1 standards. With over 10 million downloads and 4,000+ stars on GitHub, OpenCTI has become a leading community-driven threat intelligence solution trusted by government agencies and enterprises worldwide.

The platform provides modular connectors that import and enrich threat intelligence from multiple sources in a single interface. Organizations can capitalize on technical information such as TTPs and observables alongside non-technical information like attribution and victimology, with each piece of information linked to its primary source. Features include confidence levels, first and last seen dates, and relationship mapping between data points. OpenCTI helps SOC teams conduct intelligence-driven security operations, enabling significant time savings through automated workflows and collaborative threat intelligence sharing.

OpenCTI features data segregation and centralized access management through authorized member and organization mechanisms, making it particularly valuable for threat intelligence sharing in large organizations with regional offices or managed security service providers. The platform is ISO 27001 and SOC 2 certified, demonstrating enterprise-grade security and compliance. Filigran offers both a community edition under Apache 2.0 license and an enterprise edition with advanced features, along with fully managed SaaS deployments and professional support packages.