Skip to content

Policies

The Policies configuration window (in "Settings > Security > Policies") encompasses essential settings that govern the organizational sharing, authentication strategies, password policies, login messages, and banner appearance within the OpenCTI platform.

Platform main organization

Allow to set a main organization for the entire platform. Users belonging to the main organization enjoy unrestricted access to all data stored in the platform. In contrast, users affiliated with other organizations will only have visibility into data explicitly shared with them.

Platform main organization

Numerous repercussions linked to the activation of this feature

This feature has implications for the entire platform and must be fully understood before being used. For example, it's mandatory to have organizations set up for each user, otherwise they won't be able to log in. It is also advisable to include connector's users in the platform main organization to avoid import problems.

Authentication strategies

The authentication strategies section provides insights into the configured authentication methods. Additionally, an "Enforce Two-Factor Authentication" button is available, allowing administrators to mandate 2FA activation for users, enhancing overall account security.

Please see the Authentication section for further details on available authentication strategies.

Authentication strategies

Local password policies

This section encompasses a comprehensive set of parameters defining the local password policy. Administrators can specify requirements such as minimum/maximum number of characters, symbols, digits, and more to ensure robust password security across the platform. Here are all the parameters available:

Parameter Description
Number of chars must be greater than or equals to Define the minimum length required for passwords.
Number of chars must be lower or equals to (0 equals no maximum) Set an upper limit for password length.
Number of symbols must be greater or equals to Specify the minimum number of symbols required in a password.
Number of digits must be greater or equals to Set the minimum number of numeric characters in a password.
Number of words (split on hyphen, space) must be greater or equals to Enforce a minimum count of words in a password.
Number of lowercase chars must be greater or equals to Specify the minimum number of lowercase characters.
Number of uppercase chars must be greater or equals to Specify the minimum number of uppercase characters.

Local password policies

Login messages

Allow to define messages on the login page to customize and highlight your platform's security policy. Three distinct messages can be customized:

  • Platform login message: Appears above the login form to convey important information or announcements.
  • Platform consent message: A consent message that obscures the login form until users check the approval box, ensuring informed user consent.
  • Platform consent confirm text: A message accompanying the consent box, providing clarity on the consent confirmation process.

Login message configuration

Login message illustration

Platform banner configuration

The platform banner configuration section allows administrators to display a custom banner message at the top and bottom of the screen. This feature enables customization for enhanced visual communication and branding within the OpenCTI platform. It can be used to add a disclaimer or system purpose.

This configuration has two parameters:

  • Platform banner level: Options defining the banner background color (Green, Red, or Yellow).
  • Platform banner text: Field referencing the message to be displayed within the banner.

Platform Banner

Maximum marking definitions shareable

This configuration allows to define, for each type of marking definitions, until which level we allow to share data externally.

For now this max marking definitions is used only for Public dashboard.

For example in the capture below, for the type of marking TLP, only data with a marking definition with a level equal or below GREEN will be shareable through Public Dashboard. And no data with marking definition statement will be shared at all.

Maximum marking definitions shareable