Skip to content

Enterprise edition

Filigran

Filigran is providing an Enterprise Edition of the platform, whether on-premise or in the SaaS.

What is OpenCTI EE?

OpenCTI Enterprise Edition is based on the open core concept. This means that the source code of OCTI EE remains open source and included in the main GitHub repository of the platform but is published under a specific license. As specified in the GitHub license file:

  • The OpenCTI Community Edition is licensed under the Apache License, Version 2.0 (the "Apache License").
  • The OpenCTI Enterprise Edition is licensed under the OpenCTI Enterprise Edition License (the "Enterprise Edition License").

The source files in this repository have a header indicating which license they are under. If no such header is provided, this means that the file belongs to the Community Edition under the Apache License, Version 2.0.

EE Activation

Enterprise edition is easy to activate. You need to go the platform settings and click on the Activate button.

OpenCTI activation

Then you will need to put a valid OpenCTI EE license. If you don't have it, you can generate a trial license.

OpenCTI EE EULA

As a reminder, Filigran can provide free-to-use licenses for development and research purposes as well as for non-governmental charity organizations.

Available features

Activity monitoring

Audit logs help you answer "who did what, where, and when?" within your data with the maximum level of transparency. Please read Activity monitoring page to get all information.

Playbooks and automation

OpenCTI playbooks are flexible automation scenarios which can be fully customized and enabled by platform administrators to enrich, filter and modify the data created or updated in the platform. Please read Playbook automation page to get all information.

Organizations management and segregation

Organizations segregation is a way to segregate your data considering the organization associated to the users. Useful when your platform aims to share data to multiple organizations that have access to the same OpenCTI platform. Please read Organizations RBAC to get more information.

Authorized Members

On top of organization management and segregation, use authorized members to restrict access to a specific instance (entity/observable). This is particularly useful if a specific incident occurs and you need to hide the case tracking the resolution to all the users of the platform, or to control who can edit, who can view, and who can manage the entity. Please read Authorized Members page to get all information.

Full text indexing

Full text indexing grants improved searches across structured and unstructured data. OpenCTI classic searches are based on metadata fields (e.g. title, description, type) while advanced indexing capability enables searches to be extended to the document’s contents. Please read File indexing to get all information.

AI Insights

Ability to read summary of reports and activities of threats with forecasting.

Natural Language Processing

Automatic extraction of entities and relationships from raw text (PDF, etc.).

Natural Language Query

Automatic extraction of filters to display a filtered entities list from a question or assertion (please read Natural Language Query).

Fintel templates

Finished intelligence templates are models that can be used in containers to generate reports. Those reports can contain texts and visualizations and can be exported in pdf. Fintel templates can be created and managed in the Customization section (please read Fintel templates customization).

Dissemination list

Dissemination lists are email lists that are used to send documents (PDF/HTML) to the right audience. Combined with Fintel Templates, this feature allows you to send a finished intelligence document to the appropriate list of recipients (please read Dissemination list.

Email template

Use an email template to create templates of emails to be sent to your users. Leverage this functionality to automatically send emails to the users you have created without the need to send them credentials. Additionally, you can, for instance, use these templates to warn all your users of a maintenance window. (please read Email templates.

Priority Intelligence Requirement

Priority Intelligence Requirements (PIRs) gather and prioritize the most relevant and crucial information based on the user's focus, helping them analyze key insights needed for effective decision-making and risk assessment (please read Priority Intelligence Requirement).

More to come

More features will be available in OpenCTI in the future. Features like:

  • Generative AI for correlation and content generation.
  • Supervised machine learning for natural language processing.