FortiSOAR Ideas
Anonymous
Not applicable
Status: Delivered

Posting on behalf of an internal request, a FortiSOAR connector for OpenCTI Threat intelligence. 

Build actions using an open source platform in order to structure, store, organize and visualize technical and non-technical information about cyber threats. 

OpenCTI can be integrated with tools and applications such as MISP, TheHive, MITRE ATT&CK, etc. 

 

Reference Link: https://github.com/OpenCTI-Platform/opencti 

9 Comments
Fabien1
New Contributor II

@Anonymous definitevely get openCTI as connector is something that TI and SOC Teams hosted in EU are exiciting to get

Anonymous
Not applicable

@Fabien1 Thank you for your interest in the OpenCTI connector for your Threat Intelligence (TI) and Security Operations Center (SOC) teams based in the European Union.

We appreciate the importance of your request and will definitely consider it within our team. While we can't commit to a specific timeline at the moment due to our existing priorities, we will make every effort to adjust our schedule to accommodate your request.

 

Anonymous
Not applicable

FortiSOAR is excited to announce the release of the OpenCTI connector. For more information, please visit: https://fortisoar.contenthub.fortinet.com//detail.html?entity=opencti&version=1.0.0&type=connector

Fabien1
New Contributor II

Hello @Anonymous ,

 

Thank you for the new OpenCTI connector delivered

 

We are still bit confused, because we are mainly looking for action that for a given indicator value as input to get infomation details from OpenCTI ( same concept as Fortinet Fortiguard Threat Intel search is doing ) 

 

Can we can get this enhancement in a short period of time because this action to get indicator details will be main usage for this connector

 

Thanks and Regards

Fabien

Anonymous
Not applicable

Thanks for yours inputs @Fabien1!!
We have addressed this request in response to the needs of one of our esteemed customers. Your feedback on the desired enhancement is valuable to us, and we are pleased to hear about the improvements you would like to see. Rest assured that we will thoroughly consider your request for implementation.

We understand the significance of the proposed enhancement, particularly in expediting the process of obtaining indicator details from OpenCTI, akin to the functionality provided by Fortinet Fortiguard Threat Intel search. While we cannot provide a specific timeline for implementation, we want to assure you that your requirements are a priority for us.

Anonymous
Not applicable

We are happy to announce an updated version of the connector.
Reference Link: https://fortisoar.contenthub.fortinet.com//detail.html?entity=opencti&version=1.0.1&type=connector

Fabien1
New Contributor II

Hello @Anonymous , we thank you a lot, GG, really appreciate all help from Support, Dev and community Team

 

if you can just forward the below remark to Dev Team for looking into , bcoz seems new feature will work fine for all type of indicator except for Hashes

 

if search_value:
filters.append ({"key": "value", "values": [search_value], "operator": "eq", "mode": "or"})

but for hashes , it has to be "key: "hashes. (removed lower than sign here*)hash type( removed the great than sign here*)"

 

*otherwise we cannot post in the chat

Merci!

Fabien1
New Contributor II

 

@Anonymous , additional info : 

if I remember well "value" field does not exist on the OpenCTI GraphQL API for Hash type, we have to rely on "hashes.(removed lower than sign here)hash type(removed the great than sign here)" , otherwise, the ouput for Hashes will be always empty

 

We'll custom connector code on this way, it's just to highligh to some other people if they are facing some unexpected result when using this capabilities for hashes

 

Merci !

Anonymous
Not applicable

Your feedback is valuable. I've shared your suggestion with the Team.
Merci beaucoup!