OpenCTI

OpenCTI Transforms for Maltego

OpenCTI is a free, open-source threat intelligence management & sharing platform​.

The French National Agency for the Security of Information Systems (ANSSI) has been actively developing the OpenCTI platform since its beginning, in cooperation with the CERT-EU. This tool is used for integrating, storing, managing, and sharing cyber threat intelligence (CTI). The main purpose of the OpenCTI platform is to provide a powerful knowledge management database with an enforced schema especially tailored for cyber threat intelligence and cyber operations. Its source code has been publicly released and the project is now managed by the Luatix non-profit organisation.

This integration was developed by ANSSI and Luatix, with support from Maltego, and is available as open- source software on GitHub. The Transforms can also be deployed on-premises to connect with local OpenCTI deployments, please refer to the GitHub repository or contact support@maltego.com for assistance in this.

We recommend also installing the STIX Utilities Hub item to use OpenCTI.

To get started, users need an OpenCTI instance, create an account as well as a demo instance here.

For more information on how to use the integration, check out our blogs: Unleashing the Power of Cyber Threat Intelligence with Maltego, STIX and OpenCTI, Investigating TA413 Threat Actor Group Using OpenCTI in Maltego

Benefits of The Integration

• These Transforms allow cyber analysts to query and explore threat intelligence data from any OpenCTI instance, using Maltego’s official STIX 2 Entities
• Gain a comprehensive perspective of investigations by pivoting across other disparate data sources available on the Transform Hub, all in one single UI

Typical Users of This Data

• Threat Intelligence
• CERT
• SOC
• Cyber Analysts