Download
OpenCTI is a comprehensive open-source cyber threat intelligence platform designed to help organizations collect, structure, analyze, and share information about cyber threats. It provides a modern web application backed by a GraphQL API and a data model aligned with the STIX2 standard to ensure interoperability across the threat intelligence ecosystem. The platform enables teams to correlate technical indicators such as observables and TTPs with higher-level context like attribution and victimology, creating a unified intelligence knowledge base. OpenCTI is built to integrate with external tools including MISP, TheHive, and MITRE ATT&CK, allowing it to function as a central intelligence hub in security operations. Its design emphasizes traceability by linking intelligence objects back to their original sources and tracking confidence levels and temporal metadata.
Features
- STIX2-based threat intelligence data model
- GraphQL API with modern web interface
- Integration with tools like MISP and MITRE ATT&CK
- Correlation of technical and contextual threat data
- Source tracking with confidence and timeline metadata
- Designed for collaborative cyber intelligence workflows
Project Samples
