TIOpen source · Apache-2.0
OpenCTI
By Filigran
An open-source threat intelligence platform that structures knowledge as a connected STIX graph — linking adversaries, campaigns, techniques, and indicators rather than storing flat feeds — with a large connector ecosystem for imports and enrichment. The Apache-2.0 Community Edition is fully open source; Filigran sells a proprietary Enterprise Edition and hosted service on top.
Verified Source: 1
- Product type
- Software
- Deployment
- On-premSaaS
- Organization size
- SMBMid-marketEnterprise
- Pricing tier
- Freemium
Capability checklist
TIHow OpenCTI measures up against the full Threat Intelligence taxonomy.
- Curated IOC feeds — supported
- Provides vetted lists of malicious IPs, domains, and file hashes.
- Adversary & TTP profiles — supported
- Documents known attacker groups and the techniques they typically use.
- Dark web & brand monitoring — not supported
- Watches for leaked credentials, data, or brand impersonation outside the organization.
- SIEM/SOAR enrichment integration — supported
- Automatically feeds intelligence context into alerts and playbooks.
- Vulnerability & exploit intelligence — not supported
- Tracks which vulnerabilities are being actively exploited in the wild.
- Analyst research portal — supported
- Gives analysts a searchable portal to investigate threats manually.
Alternatives
Other Threat Intelligence tools with overlapping capabilities, sized for similar teams.