Filigran XTM Browser Extension: Real-Time Threat Intelligence Enrichment for Security Analysts

The Filigran XTM Browser Extension transforms your web browser into a powerful threat intelligence workstation. Seamlessly integrated with OpenCTI (Cyber Threat Intelligence) and OpenAEV (Attack & Exposure Validation), this extension enables security analysts to detect, enrich, and operationalize threat data directly from any webpage.

TL;DR

• Seamless Platform Integration – Connect to multiple OpenCTI and OpenAEV instances simultaneously
• Real-Time Detection – Instantly identify threats, observables, and entities as you browse
• AI-Powered Analysis – Generate intelligent descriptions, attack scenarios, and atomic tests (available in Enterprise Edition only)
• One-Click Capture – Create professional PDF snapshots and structured reports from any article
• Visual Intelligence – Color-coded highlights show what’s known, new, or dangerous
• Defanged IOC Support – Automatically detect and refang example[.]com, hxxps:// format

Your OpenCTI Database is accessible from the browser

As a threat analyst, context is everything and losing it by switching between tabs adds up. When browsing a webpage, you may spot an indicator, a threat actor name, or a piece of malware and immediately want to know: is this already in my platform? What do we know about it?

Filigran XTM Browser Extension that brings OpenCTI directly into your browsing experience and vice versa. Without leaving the page you’re on, you can instantly query your OpenCTI knowledge base, searching for indicators, cross-referencing intelligence, and surfacing relevant context in seconds. And then, ingest the new intel directly into your OpenCTI instance.

No tab switching. No copy-pasting. No lost focus.

And because the extension operates within your existing OpenCTI permissions, every result you see reflects exactly what you have access to, ensuring data access controls remain enforced, regardless of where you’re working.

Here’s an interactive demo for you to install and set-up our browser extension in a few simple clicks.

Ingest any data you find useful and format it in STIX 2.1 structure

With Filigran’s browser extension, when browsing through web pages, you can now in a simple click, ingest data directly within your instances, whether it is to to get data related to existing threats (CTI data) or adding new entities.

Once the plugin have been set up with your instances, simply click on the extension when navigating on a webpage that you find interesting & select the option you want. You do not have to leave your webpage to get the data imported within OpenCTI. You can even configure which entities the plugin should look for.

As an analyst, this is a huge time saver, since it will allow you to quickly get useful information within your platform, in a structured, STIX 2.1 formatted way.

And when something warrants deeper investigation, you can launch an OpenCTI investigation directly from the extension, keeping your analytical thread intact from the moment you spot something of interest.

Plugin is available for all main browsers

Whether you are using Chrome, Mozilla or Edge, our web plug-in is available for you:

• Chrome
• Mozilla
• Edge

Filigran XTM Browser Extension also allows the creation of tests & scenarios in OpenAEV

Our browser extension works with both OpenCTI and OpenAEV so you can now generate scenarios to validate threats right from your web browser.

Reading an interesting article that can be converted into a tabletop exercise? Simply click on the generate scenario to convert it in into a scenario in OpenAEV.

Use the Browser extension as a source of inspiration to test real life scenarios in order to help you assess your security posture against some real life risk.

Filigran XTM Browser Extension supports AI (and your own LLM)

The web browser extension, when used it OpenCTI Enterprise Edition (EE), allows you to use OpenCTI’s embedded agentic AI capabilities to extract with even more power and speed, while also providing you choice to connect with an LLM of your choice.

Once configured, AI can help you with:

• Container Description: Generate intelligent descriptions when creating containers in OpenCTI
• Smart Entity Discovery: Discover additional entities that regex patterns might miss during page scans
• Relationship Resolution: Automatically suggest STIX relationships between entities based on page context

And for OpenAEV, it can work on:

• Full Scenario Generation: Generate complete OpenAEV scenarios with AI-created injects, payloads, or emails based on page content
• Email Content Generation: Generate realistic email subjects and bodies for table-top scenarios
• On-the-fly Atomic Testing: Generate custom atomic tests with executable commands for attack patterns

Explore more possibilities with our interactive demo and feel free to ask any questions about it on our Slack community channel !