Cyber Tool Stack
All tools
TIOpen source · Apache-2.0

OpenCTI

By Filigran

An open-source threat intelligence platform that structures knowledge as a connected STIX graph — linking adversaries, campaigns, techniques, and indicators rather than storing flat feeds — with a large connector ecosystem for imports and enrichment. The Apache-2.0 Community Edition is fully open source; Filigran sells a proprietary Enterprise Edition and hosted service on top.

Verified Source: 1

Product type
Software
Deployment
On-premSaaS
Organization size
SMBMid-marketEnterprise
Pricing tier
Freemium

Capability checklist

TI

How OpenCTI measures up against the full Threat Intelligence taxonomy.

Curated IOC feeds — supported
Provides vetted lists of malicious IPs, domains, and file hashes.
Adversary & TTP profiles — supported
Documents known attacker groups and the techniques they typically use.
Dark web & brand monitoring — not supported
Watches for leaked credentials, data, or brand impersonation outside the organization.
SIEM/SOAR enrichment integration — supported
Automatically feeds intelligence context into alerts and playbooks.
Vulnerability & exploit intelligence — not supported
Tracks which vulnerabilities are being actively exploited in the wild.
Analyst research portal — supported
Gives analysts a searchable portal to investigate threats manually.

Alternatives

Other Threat Intelligence tools with overlapping capabilities, sized for similar teams.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.