Open Threat Intelligence Platform

Store, organize, visualize and share knowledge about cyber threats.
Handle incident response cases and collaborative work.


Get a holistic view of your threat environment, and enhance decision-making for faster incident response

Access consolidated view of threat data from multiple sources.

Streamline incident response with powerful case management.

Transform raw data into actionnable insights.

Ease sharing and actions across teams and tools with standardized intel.

Knowledge Management

The OpenCTI platform provides a powerful knowledge management database with an enforced schema especially tailored for cyber threat intelligence and cyber operations.

With multiple tools and viewing capabilities, explore the whole dataset by pivoting on the platform between entities and relations. Relations having the possibility to own multiple context attributes, it is easy to have several levels of context for a given entity.

Data visualization

Easily visualize any entity and its relationships. Multiple views are available as well as an analytics system based on dynamic widgets. For instance, users are able to compare the victimology of two different intrusion sets.

OpenCTI has now implemented a full investigation capability, allowing analysts to explore the whole knowledge graph by pivoting on entities in a unified space.

Observables and indicators context

The goal is to create a comprehensive tool allowing users to capitalize technical (such as TTPs and observables) and non-technical information (such as suggested attribution, victimology etc.) while linking each piece of information to its primary source (a report, a MISP event, etc.).

All indicators are linked to threats with all the information needed to the analysts to fully understand the situation, the role played by the observables regarding the threat, the source of the information and the malicious behavior scoring.

Case Management

Designed to enhance investigations by seamlessly centralizing incident-related data. Through user-initiated cases, real-time collaboration, automated workflow and dynamic knowledge visualization in graphs, it significantly boosts incident response efficiency.

This comprehensive approach empowers organizations to proactively manage incidents with precision and agility.

Join the OpenCTI community





Choose the deployment that works for you

Ready to see OpenCTI in action?