11 OpenCTI by Filigran Reviews
The complete STIX 2.1 modeling that allows for the representation of relationships between threats, actors, infrastructures, and events with precision.
The clear and scalable interface, with a graph-oriented approach very useful for complex analyses as well as visualization with dashboards. Review collected by and hosted on G2.com.
Some connectors do not harmonize the use of the STIX format, particularly regarding the capitalization of objects or attributes, which requires manual adjustments or post-processing to ensure data consistency. Review collected by and hosted on G2.com.
OpenCTI is an extremely valuable tool for managing cyber threat intelligence. The platform excels in processing data at different levels: tactical, technical, and strategic. The use of recognized frameworks like STIX, TAXII, and MITRE ATT&CK greatly facilitates the sharing of information between various security tools.
Another major asset is the active community around OpenCTI. Thanks to its open-source approach, many connectors and updates are regularly developed based on user feedback. This allows for the centralization of all data on a single platform, which is a considerable gain in terms of time and efficiency. Review collected by and hosted on G2.com.
Although OpenCTI has extensive documentation, the platform requires some time to fully master. The wealth of features and available options can be confusing at first.
However, the recently established Filigran Academy greatly facilitates getting to grips with the tool. Review collected by and hosted on G2.com.
As a Threat Intelligence Platform, OpenCTI offers valuable capabilities for managing cyber threat intelligence, particularly across tactical, technical, and strategic intelligence layers.
The strength of the platform lies in its powerful ability to ingest cyber threat intelligence through widely recognized frameworks such as STIX, TAXII, and MITRE ATT&CK. This enables seamless data sharing across a wide range of security tools (TIPs, EDR, SIEM, XDR, etc.).
A large number of data ingestion connectors are available, allowing me to centralize all intelligence within a single platform. Filigran, having developed this solution through an open-source approach, benefits from a broad community of internal and external contributors, which is quite unique in the market. This also allows Filigran to build its roadmap based on user feedback and to remain closely aligned with user needs. Review collected by and hosted on G2.com.
The platform is evolving rapidly to increase the number of connectors to third-party services. However, it is essential that the services provided through these connectors are equivalent to those offered directly by the third parties themselves.
For example, if a data connector I’m using does not provide the same level of information as a direct query to the third-party source, and I’m forced to access the third-party platform directly instead of relying solely on OpenCTI, then the connector loses its value. Review collected by and hosted on G2.com.
What I like best about OpenCTI would be that :
- it is based on STIX 2.1 model
- it keeps evolving by taking feedbacks and release new updates accordingly
- it is open source so really customisable Review collected by and hosted on G2.com.
What I would improve on OpenCTI would be :
- the documentation around pycti
- the 'import document' connector on reports to be more precise on object scrapping
- AI features (AI insights, Ask AI, NLP import document connector) Review collected by and hosted on G2.com.
OpenCTI is one of the few, if not the only, open-source solutions that fully leverages STIX 2.1 almost in its entirety. Beyond the data format, its integrations and architecture are state-of-the-art (microservices, scalability, security, etc.). The support teams are extremely responsive and the community is highly active. I have been using it for almost 2.5 years and am completely satisfied with the direction in which the platform is evolving. It is focused on threat analysts, providing them with a tool that centralizes their daily activities in one place. The UI is designed with the analyst in mind; menus are intuitive. New AI features add real value. It's a great solution that continues to evolve in the right direction. Review collected by and hosted on G2.com.
One challenge that can be encountered is keeping up with the releases, which is quite important. This is the downside of flexibility. A bug is generally fixed very quickly, but this requires industrial-grade deployment and management capabilities to be production ready. Otherwise, the SaaS solution allows you not to worry about this aspect. Review collected by and hosted on G2.com.
Firstly, OpenCTI is open-source and makes no secret of it. There's a clear desire to share with the community in order to advance the tool (over 5,000 members on Slack at the time of writing). Having opted for an Enterprise account, we have very regular discussions with their highly qualified CSM team. The support team is very responsive and assists us on many issues.
The platform is manipulated daily by a team of CTI analysts in charge of capitalizing reports, consulted by numerous SOC analysts to find context on a threat, and requested by different security equipment all day long. Worst of all? OpenCTI does all this without flinching, and its responsiveness is always spot on.
With full integration of the STIX2.1 standard, it's very easy to use the platform to bring out the contextual intelligence needed by other teams such as the SOC. There's also a fairly extensive list of connectors, making it easy to exchange data with the big solutions that everyone is familiar with. In conclusion, the graphical interface is easy to use and intuitive, making it easy to implement many functions. Review collected by and hosted on G2.com.
After positive feedback like this, I don't really see how I can tarnish the image I want to project of Filigran. Review collected by and hosted on G2.com.
I've been using OpenCTI daily for threat intelligence and incident response, and it's been a great addition. The dashboard is clean and informative, and the way it links Integrations/connectors, entities like threat actors, observables, and incidents is really helpful.
Implementing the instance, connecting the connectors and understanding the basic concepts has really been helpful with the documentation. Connecting the connectors on on-prem was pretty easy as well.
Playbook automation has saved me a lot of manual effort, and the platform overall feels flexible and well thought out. Definitely a strong option if you're looking to level up your threat visibility and response workflows.
The customer as well as community support has really been top notch. Review collected by and hosted on G2.com.
I wish there was better support for custom playbooks—especially something that lets us plug in custom Python code directly. It would open up a lot more flexibility for advanced use cases. Also, having a dedicated professional services team to help with SaaS deployments or platform customisation would be a huge plus.
Apart from that, I think the steps/documentation for developing custom connectors could be improved further so that anyone starting can pick it up with ease. Review collected by and hosted on G2.com.
Its ability to effectively structure, correlate, and visualize Threat Intelligence in an interoperable format like STIX Review collected by and hosted on G2.com.
The initial learning curve can be steep, especially for advanced modeling or integration with certain external sources. Review collected by and hosted on G2.com.
I really appreciate the interface. It is very user-friendly. The fact that the platform is built around the STIX 2.1 format is impressive. The playbook functionalities enable the automation of many tasks. The dashboard capabilities are also a strong point. Additionally, the wide range of integrations is very beneficial. The capability to build custom connector/enricher is also a good feature. Review collected by and hosted on G2.com.
The documentation around PyCTI could be more detailed and user-friendly1.
The 'import document' connector on reports could be more precise in object scrapping2.
The AI features, including AI insights, Ask AI, and the NLP import document connector, could be further enhance Review collected by and hosted on G2.com.
Ease of use, the ability to centralize intelligence, the STIX integration, the usecases unlocked by the platform.
The team has always been here to support integration and debug.
Use this product daily to keep up with all the threats. Review collected by and hosted on G2.com.
The UI needs a bit of practice at first to be confortable with it. Review collected by and hosted on G2.com.
