OpenCTI v7: Empowering users, strengthening stability, delivery a better experience

Our product team recently shipped OpenCTI v7, delivering major enhancements driven by continuous feedback from our customers and the CTI community. This blog highlights the most important updates and explains how they help you work more efficiently and get value faster from OpenCTI.

---

TL;DR

• Launch of Filigran XTM Browser Extension – transform your web browser into a powerful threat intelligence workstation.
• Debut of Long-term support (LTS) option, starting with OpenCTI v7 (version 7.260224.0), providing greater stability for customers who prioritize a reliable, long-lasting platform.
• Role Based Access Control (RBAC) improvement – a new set of capability dedicated to the draft mode has been added to enforce creation & edition of data in draft only, avoiding users to update your main database.
• Single Sign On (SSO) is now manageable directly in OpenCTI UI, providing administrators control of the security of their platform.
• Labels can now be removed via playbooks: an automated way to curate your platform.
• The whole UI has been revamped to provide data clarity and improved user experience.
• A complete, fully-featured, 30-days trial version of OpenCTI Enterprise Edition is now available to experience the full potential of OpenCTI

---

Filigran XTM Browser Extension

We are excited to share with you the launch of Filigran XTM Browser Extension, to transform your web browser into a powerful threat intelligence workstation. Seamlessly integrated with both OpenCTI (for threat intelligence) and OpenAEV (adversarial exposure validation), this extension enables security analysts to detect, enrich, and operationalize threat data directly from any web page.

You can now turn any threat report into actionable intelligence in seconds. Automatically scan pages for IoCs, threat actors, malware families, MITRE ATT&CK techniques, vulnerabilities, and more. With a single click, create structured reports, launch investigations, or generate attack scenarios, all without leaving your browser.

Key capabilities:

• Seamless Platform Integration: Connect to multiple OpenCTI and OpenAEV instances simultaneously
• Real-Time Detection: Instantly identify threats, observables, and entities as you browse
• AI-Powered Analysis: Generate intelligent descriptions, attack scenarios, and atomic tests (available in Enterprise Edition only)
• One-Click Capture: Create professional PDF snapshots and structured reports from any article
• Visual Intelligence: Color-coded highlights show what’s known, new, or dangerous
• Defanged IOC Support: Automatically detect and refang example[.]com, hxxps:// format

How to access:

• Chrome
• Edge
• Firefox

Tip: You can watch a short video on installing Filigran’s Browser Extension

Long-term support for enterprise-grade stability

Many of our customers, especially the ones with OpenCTI on-premise or air-gapped deployments, operate within strict internal processes for testing, validation, deployment, and maintenance of security systems. These cycles can be lengthy and complicated. Customers require long-term stability, timely delivery of critical or security fixes, and a release cadence that they can anticipate and plan around.

Keeping this in mind, we are now introducing Long-term Support (LTS) program for OpenCTI, starting with v7 and subsequent releases. For a period of 12 months (from opting for OpenCTI LTS license), you will be able to get complete support for v7 while you will be able to upgrade to a later version within 12 months as per your convenience and requirements. LTS includes:

• A stable release line that evolves slowly
• Access to updates limited to strictly necessary fixes, with no functional drift
• A clear time window during which the release remains safe to use
• Predictable upgrade cadence that aligns with your operational constraints

Granular control of draft capabilities and approval workflow

In this new version, OpenCTI adds the concept of control of capabilities in draft mode (Enterprise Edition feature), users can be allowed to create/edit drafts without being allowed to validate/merge them. This enables a first step towards a review/approval process for publications. It gives you flexibility where draft creators are not necessarily draft validators and you can specify granular RBAC controls. It also aligns better with your security and data governance policies in the context of CTI.

SSO managed within UI: ease of use

Admins frequently need help debugging SSO, configuration lives in environment variables, and troubleshooting often requires back-and-forth with the vendor team. OpenCTI v7 introduces self-service authentication management within the UI: admins can configure supported authentication strategies, manage mappings, see debug logs, and control who can manage authentication strategies through a dedicated capability. Existing configurations will be migrated so that they can be managed through the UI directly.

Remove labels from playbook: a long awaited feature

You provided us feedback to be able to automate cleanup (labels/markings/etc), after ingestion or processing. Much of this cleanup has been manual, which is time consuming and can lead to inconsistent automation outcomes. Good news – OpenCTI v7 extends playbooks’ ‘manipulate knowledge’ behaviors so playbooks can remove existing values, not only values introduced during the playbook run, and adds a ‘remove all’ option to clear fields without enumerating every value. Make your playbooks far more reliable for end‑to‑end automation, eliminate tedious manual cleanup and reduce the risk of inconsistent or stale labels and markings.

An overall improved user experience

OpenCTI UI has been improved with consistent design, visual hierarchy and components. These changes enhance the overall ergonomics and user experience by improving readability, reducing friction, and lowering the ‘learning cost’ for daily users.

API Token Management

In order to have a secure application, we’ve completely revamped how API tokens are handled in OpenCTI to give you more control, better security, and greater visibility.

You can now generate multiple tokens by user, control the validity period of a token, track usage and revoke tokens!

OpenCTI Enterprise Edition – 30-days trial available now

For our community users and the CTI teams out there, if you ever wanted to explore the advanced capabilities of the enterprise edition – you can now avail our 30-day trial of OpenCTI EE (SaaS version) and see for yourselves how it adds value to your existing threat management processes.

• PIRs and ATT&CK mappings to understand the attack paths that matter to you the most
• Agentic AI, advanced playbooks and workflows to automate processing so your analysts can spend more time on actual analysis
• One-click deployment of 300 integrations (commercial, open-source, internal) to make threat intelligence seamlessly flow across your security stack
• Enterprise-grade sharing & governance

Whether you’re supporting threat hunting, incident response, or case management, this trial is designed to be a real evaluation not a demo.

---

Conclusion

We’re constantly improving OpenCTI to make it simpler to use so you can get value faster, from first setup through daily operations. Whether its LTS, browser extension or granular operations; all of these are to improve usability, performance, and automation so you spend less time managing the platform and more time producing actionable intelligence. As always, your feedback directly shapes our roadmap and how to make OpenCTI better fit your real-world CTI needs.

Enjoy and feel free to ask any questions about it on our Slack community channel !