OpenCTI
Open cyber threat intelligence platform with knowledge graph, connectors (MISP, STIX/TAXII), and investigation UI.
Why it is included
Graph-centric TI operations with strong connector story vs flat IOC lists.
Best for
Mature TI teams building structured reports and relationships.
Strengths
- STIX
- Connectors
- UI for analysts
Limitations
- Elastic/Redis/MinIO stack complexity
Good alternatives
MISP · commercial TIP
Related tools
Security & Privacy
MISP
Threat intelligence sharing platform: IOCs, galaxies, taxonomies, sync between communities, and API automation.
Security & Privacy
TheHive
Security incident response platform: cases, tasks, observables, MISP sync, and timeline collaboration.
Security & Privacy
Cortex
Observable analysis engine powering TheHive: run analyzers and responders against IOCs via a unified API.
Security & Privacy
Shuffle
Open-source security automation (SOAR) with visual workflows, webhooks, and app integrations for SOC glue code.
Security & Privacy
Wazuh
Open security platform combining SIEM, XDR, file integrity monitoring, and compliance checks across endpoints and cloud.
Security & Privacy
BloodHound
Active Directory attack-path graphing: ingest collectors, map privilege chains, and plan remediations.