KB-Filigran-001 — Overview of OpenCTI Threat Intelligence Platform
Purpose
Overview
OpenCTI is an open-source threat intelligence platform developed by Filigran. It is designed to support the collection, structuring, analysis, and sharing of cyber threat intelligence across security, risk, and cyber defence functions.
The platform enables organizations to centralize threat intelligence using a standardized data model, supporting correlation across indicators, threat actors, campaigns, techniques, and observed activity.
Scope
This article provides conceptual and reference information only. Configuration, deployment, integrations, and operational workflows are environment-specific and governed by organizational policies and agreements.
This article does not provide:
Deployment or configuration instructions
Detection logic or automation workflows
Operational playbooks or procedures
Authoritative Documentation
Support & Escalation
C3SA Service Context
Compliance & Control Alignment (Informative)
ITSG-33 (Canada – GC / PBMM): PL-2, SA-9, SI-4, IR-1 / IR-4, AU-2 / AU-6
CMMC (United States – DoD): SI.L2-3.14.1, IR.L2-3.6.1, AU.L2-3.3.1, RM.L2-3.11.1, CA.L2-3.12.1
ISO/IEC 27001:2022: A.5.1, A.5.19, A.5.23, A.5.24, A.8.16
FedRAMP (Moderate / High – Informative): PL-2, SA-9, SI-4, IR-4, AU-6
NIS2 (EU): Article 21(2)(a), (b), (d), (e)
DORA (EU – Financial Sector): Articles 5, 6, 10, 28
Important NoteThis article does not constitute evidence of compliance, certification, authorization, or accreditation. Compliance outcomes depend on implemented controls, governance processes, and independent assessment results.
Related Articles
KB-Filigran-003 — OpenCTI Integration and Data Sources
Purpose Provides a high-level overview of the types of integrations and data sources supported by OpenCTI to assist customers in understanding how the platform can consume, enrich, and correlate threat intelligence. Overview OpenCTI supports the ...KB-Filigran-002 — Overview of OpenAEV Attack Emulation and Validation
Purpose Provides a high-level overview of OpenAEV to support understanding of its role in cyber defence validation and attack emulation activities. Overview OpenAEV is an open-source Attack Emulation and Validation platform developed by Filigran. It ...KB-GoogleCloud-020 — Overview of Google Threat Intelligence (GTI)
Purpose Explains Google Threat Intelligence (GTI) and its role in threat hunting and incident investigation. Overview Google Threat Intelligence provides curated intelligence, including IOCs, malware analysis, and threat actor context to support ...KB-OPSWAT-000 — Platform Overview
Purpose This article provides an overview of OPSWAT technologies and how they are used by C3SA to reduce malware, supply-chain, and data transfer risk across IT and OT environments. OPSWAT focuses on deep content inspection, file sanitization (CDR), ...KB-GoogleCloud-010 — Overview of Google Security Operations (SecOps)
Purpose Provides a high-level overview of Google Security Operations (SecOps) and its role in security monitoring, detection, and investigation. Overview Google Security Operations is a cloud-native security operations platform designed to ingest, ...