Customization
Threat Intelligence

Take control of your OpenCTI experience with entity overview customization

Oct 24, 2024 4 min read
Thumbnail_Customize_Entities_Type_BlogPost_svg

At Filigran, we believe that your digital tools should adapt to your organization. That’s why we’re excited to introduce our latest feature: entity overview layout customization. Available in OpenCTI Community Edition, this new feature gives administrators the flexibility to tailor how information is presented across the platform, making it easier to focus on what matters most for your organization.


What platform-level customization brings to your organization

1. Focus on what’s important

Custom layouts allow you to arrange widgets in the order that best suits your organization. Whether you need to prioritize the latest reports about malware, the details of a vulnerability, or the latest notes about a threat actor, this feature lets you customize the layout so the most crucial information is always front and center.

2. Streamline your workflow

Organizations often manage threat intelligence differently. By customizing entity overviews, you can optimize the layout to match how your analysts work, reducing time spent searching for key data and improving overall workflow efficiency. This feature allows for different customizations across different entity types, ensuring that each overview is optimized for its specific context.

How it works: simple and intuitive customization

OpenCTI’s Custom Overview Layouts are designed to be user-friendly for platform administrators.

The custom overview layout configuration screen, for each entity type
The custom overview layout configuration screen, for each entity type

As a platform administrator, here’s how you can get started:

  1. Navigate to the Settings Panel: Go to Settings > Customization > Entity Types.
  2. Select the entity type you want to customize, and navigate to the Overview layout customization panel.
  3. Adjust the layout: Use the drag-and-drop interface to reorder widgets and adjust their sizes to fit your preferred layout. Whether you want a full-width display for viewing comfort or a compact view for supporting information, you have control.
  4. Preview: View your changes in real-time using the preview panel on the left
  5. Easily Reset to Default: If you need to revert to the default layout, simply click the 🔄 button to reset it to its original state.

That’s it! This customization is appied platform-wide, and all users will see the new layout when navigating to entity details.

Note: If you have a window open while customizing the screen, you’ll need to refresh the page to apply the changes.

Entity types that can be customized

This new feature is available across a wide range of entity types, allowing you to tailor each based on how your organization interacts with the data. Some of the entity types that can benefit from Custom Overview Layouts include:

  • Threat Actors (both Groups and Individuals)
  • Campaigns
  • Intrusion Sets
  • Incidents
  • Reports
  • Malware
  • …and many more

Custom layouts in action

Imagine your team is focused on tracking threat actors and their activity. With the Custom Overview Layouts feature, you can arrange the “Latest containers about the object” and “Latest created relationships” widgets at the top of the overview, ensuring your analysts have immediate access to the most recent activity.

Customizing the Threat Actor Group entity overview
Customizing the Threat Actor Group entity overview
Showing the latest reports and relationships on top of the Threat Actor Group details screen
Showing the latest reports and relationships on top of the Threat Actor Group details screen

This simple adjustment leads to quicker insights and more efficient analysis, enhancing your team’s daily operations with OpenCTI.

Conclusion

At Filigran, we’re committed to building tools that grow with your organization, helping you work smarter and more efficiently every step of the way. Start customizing your platform today to unlock a more efficient and personalized platform. Whether you’re focused on managing incidents, tracking threat actors, or analyzing malware, you can tailor your experience to your needs.

We’ll continue improving OpenCTI user experience in the next releases, stay tuned !

We hope this article has helped you better understand the benefits and possibilities offered by this new feature. Interested in more tips and advice on OpenCTI? Join our Slack community and connect with other users to share ideas and solutions.

Stay up to date with everything at Filigran

Sign up for our newsletter and get bi-monthly updates of Filigran major events: product updates, upcoming events, latest content and more.