@srivastavad definitevely get openCTI as connector is something that TI and SOC Teams hosted in EU are exiciting to get

@Fabien1 Thank you for your interest in the OpenCTI connector for your Threat Intelligence (TI) and Security Operations Center (SOC) teams based in the European Union.

We appreciate the importance of your request and will definitely consider it within our team. While we can't commit to a specific timeline at the moment due to our existing priorities, we will make every effort to adjust our schedule to accommodate your request.

FortiSOAR is excited to announce the release of the OpenCTI connector. For more information, please visit: https://fortisoar.contenthub.fortinet.com//detail.html?entity=opencti&version=1.0.0&type=connector

Hello @srivastavad ,

Thank you for the new OpenCTI connector delivered

We are still bit confused, because we are mainly looking for action that for a given indicator value as input to get infomation details from OpenCTI ( same concept as Fortinet Fortiguard Threat Intel search is doing ) 

Can we can get this enhancement in a short period of time because this action to get indicator details will be main usage for this connector

Thanks and Regards

Fabien

Thanks for yours inputs @Fabien1!!
We have addressed this request in response to the needs of one of our esteemed customers. Your feedback on the desired enhancement is valuable to us, and we are pleased to hear about the improvements you would like to see. Rest assured that we will thoroughly consider your request for implementation.

We understand the significance of the proposed enhancement, particularly in expediting the process of obtaining indicator details from OpenCTI, akin to the functionality provided by Fortinet Fortiguard Threat Intel search. While we cannot provide a specific timeline for implementation, we want to assure you that your requirements are a priority for us.

We are happy to announce an updated version of the connector.
Reference Link: https://fortisoar.contenthub.fortinet.com//detail.html?entity=opencti&version=1.0.1&type=connector

Hello @srivastavad , we thank you a lot, GG, really appreciate all help from Support, Dev and community Team

if you can just forward the below remark to Dev Team for looking into , bcoz seems new feature will work fine for all type of indicator except for Hashes

if search_value:
filters.append ({"key": "value", "values": [search_value], "operator": "eq", "mode": "or"})

but for hashes , it has to be "key: "hashes. (removed lower than sign here*)hash type( removed the great than sign here*)"

*otherwise we cannot post in the chat

Merci!

@srivastavad , additional info : 

if I remember well "value" field does not exist on the OpenCTI GraphQL API for Hash type, we have to rely on "hashes.(removed lower than sign here)hash type(removed the great than sign here)" , otherwise, the ouput for Hashes will be always empty

We'll custom connector code on this way, it's just to highligh to some other people if they are facing some unexpected result when using this capabilities for hashes

Merci !