Feature -Request integration with OpenCTI

[alnash28]

Additional context ThreatMapper is missing features used to connect to an open-source Cyber Threat Intelligence Platform, such as OpenCTI. This feature request can be used used to map vulnerabilities exploited by known malicious actors (i.e APT). Additionally,

Is your feature request related to a problem? Please describe. Similar to Anomali, or ThreatConnect, a novice CTI analyst will have difficulties mapping CRITICAL/HIGH vulnerabilities to a malicious actor (i.e. APT, or UNC) without integration between ThreatMapper and a CTI platform.

Describe the solution you'd like This feature enhancement would allow CTI analysts to prioritize and rank vulnerabilities exploited, and security advisories warning to patch vulnerabilities commonly propagated by malicious actors

Describe alternatives you've considered

MITRE ATT&CK ThreatConnect Anomali ThreatStrem Securonix

Components/Services

• [ ] UI/Frontend
• [ ] API/Backend
• [ ] Agent
• [ ] Deployment/YAMLs
• [ ] CI/CD Integration
• [x] Other (specify) - Support for OpenCTI Connectors

Additional context https://www.opencti.io/en/ https://github.com/OpenCTI-Platform https://github.com/OpenCTI-Platform/connectors

[ramanan-ravi]

Hello @alnash28 , As per this feature request, you are interested in OpenCTI external import connector, which will pull most exploitable vulnerabilities from Deepfence and enhance data in OpenCTI. Is it correct?

[alnash28]

@ramanan-ravi Yes, this is correct. The goal would be to enhance vulnerability prioritization between both solutions. DeepFence would benefit as well, matching CVEs to Threat Actor Profiles created within OpenCTI. Sorry for the delayed response.