ANSSI, the French national agency for the security of information systems, contributed to the development of the OpenCTI project (Open Cyber Threat Intelligence), in a partnership with the Computer Emergency Response Team for the EU Institutions, bodies and agencies (CERT-EU). The community project released its latest software version in September 2021.

OpenCTI is a cyber threat analysis knowledge management and sharing tool, published under an Apache 2.0 licence, and today managed by the Luatix association. Luatix is a non-profit organisation which conducts research and development in the fields of cybersecurity and crisis management. ANSSI, one of the software users, aims to continue supporting the development of OpenCTI by joining the association as a founding member.

The OpenCTI tool was built to respond to two initial needs and constrains: the lack of automation and the lack of a structure that can consolidate and visualise information on intrusion sets. With OpenCTI, ANSSI is able to share knowledge more widely and more easily, as well as structure, enrich, and investigate information on intrusion sets, campaigns and incidents.

OpenCTI is built on STIX2, a data model that stores cyber threat intelligence knowledge. The work of the OpenCTI community includes a wide array of analyses, such as investigating adversary behaviours and infrastructures. Everything OpenCTI community members learn about certain threats then becomes shared knowledge with the actors of interest.

In its vision for the mid-term future, OpenCTI wishes to further improve collaboration and traceability among analysts; its platform monitoring and its analytics and visualisation tools; develop integrations and inter-platforms synchronisation; and finally apply correlation engines and data discovery.

As also underlined by the Open Source Experience 2021 held in Paris, the subject of cybersecurity and OSS is an increasingly important topic. In fact, open source solutions are essential elements of trust built into applications and infrastructures because one of the advantages offered is security.

Interested in learning more about OpenCTI? The following resources contain further relevant information on its technical background:

• The code repository of OpenCTI
• The complete documentation
• The demonstration (populated with data available in open source) (registration required)
• Webinar recording, presenting OpenCTI and ANSSI’s contribution and work process.