# OpenCTI by Filigran Reviews **Vendor:** Filigran **Category:** [Threat Intelligence Software](https://www.g2.com/categories/threat-intelligence) **Average Rating:** 4.7/5.0 **Total Reviews:** 39 ## About OpenCTI by Filigran OpenCTI is an open-source threat intelligence platform built by practitioners, for practitioners - to break data silos and make threat intelligence available and actionable. Make threat intelligence flow freely between your security systems, make it relevant with business context and build threat exposure reports for executive visibility. Operationalize Threat Intelligence like never before. Visualize, link and enrich it through a unified and consistent data model, STIX. ## OpenCTI by Filigran Pros & Cons **What users like:** - Users find OpenCTI's **ease of use** exceptional, benefiting from seamless integrations and straightforward implementation. (18 reviews) - Users commend the **powerful data ingestion capabilities** of OpenCTI, facilitating seamless integration with various security tools. (18 reviews) - Users appreciate the **excellent and supportive customer support** of OpenCTI, aiding in seamless platform integration and usage. (11 reviews) - Users value the **numerous integrations** of OpenCTI, enhancing its functionality across various security tools seamlessly. (10 reviews) - Users value the **seamless integration capabilities** of OpenCTI, enhancing operational efficiency and connectivity with various platforms. (9 reviews) - Easy Integrations (8 reviews) - Support (8 reviews) - Users value the **robust threat detection capabilities** of OpenCTI, enjoying seamless integration and community support. (7 reviews) - Users value the **automation capabilities** of OpenCTI, which significantly enhances efficiency in threat analysis and incident response. (6 reviews) - Solutions (6 reviews) **What users dislike:** - Users find the **limited graphing and dashboard functionalities** restrict their ability to customize and utilize the platform effectively. (6 reviews) - Users find the **complexity of outputs and workflows** in OpenCTI challenging, impacting effective application of features. (5 reviews) - Users experience **poor customer support** for custom playbooks and documentation, leading to challenges with implementation and flexibility. (4 reviews) - Users face challenges with **poor documentation** , leading to confusion and slower adoption of OpenCTI's features. (4 reviews) - Users find the **dashboard limitations** frustrating, with restricted display options and challenges in adding custom features. (3 reviews) - Users find the **difficult learning curve** of OpenCTI challenging, yet acknowledge its long-term benefits once mastered. (3 reviews) - Users find the **learning curve challenging** , requiring time and practice to fully utilize OpenCTI's extensive features. (3 reviews) - Limited Features (3 reviews) - Users find OpenCTI **not user-friendly** due to cumbersome workflows and a lack of detailed documentation. (3 reviews) - Technical Issues (3 reviews) ## OpenCTI by Filigran Reviews ### 1. OpenCTI: The Threat Intelligence Platform That Lets Us Focus on Intelligence **Rating:** 5.0/5.0 stars **Reviewed by:** Jeroen d. | Senior Security Analyst - CTI, Enterprise (> 1000 emp.) **Reviewed Date:** February 16, 2026 **What do you like best about OpenCTI by Filigran?** The ability for as a team to use OpenCTI to create an automated feedback loop between our CTI team and the SOC is really powerful. When our SOC colleagues need more context or want us to investigate something further, OpenCTI automatically captures those RFIs and routes them back to us. This bidirectional flow makes our intelligence actually actionable and keeps everyone connected - something that's genuinely hard to find in other platforms. What makes this work so well is that OpenCTI handles the full intelligence spectrum. As I often tell my team: "Higher management has an Threat Intel question, we turn to OpenCTI for answers." Whether it's strategic assessments, tactical deep-dives, or operational IOCs, we can work through the Pyramid of Pain and deliver what's needed. The platform is flexible enough to fit exactly how we work, but solid enough that it just works from day one. That means we spend our time on threat analysis instead of platform administration, which is exactly what we need." **What do you dislike about OpenCTI by Filigran?** The technical overhead of self-hosting can be overwhelming. We ran our own OpenCTI instance for about a year, and while it gave us valuable insight into how the platform works technically, which actually helped us use it more effectively. The maintenance, updates, and infrastructure management required significant attention. That's time we'd rather spend on threat analysis. To be clear, this isn't a criticism of OpenCTI itself. Any complex platform has this challenge when you self-host. We ultimately made the decision to migrate to Filigran's hosted OpenCTI platform, and it's been the right call. We kept all the power and capabilities of OpenCTI without the operational hassle. For teams that want to focus on intelligence work rather than platform administration, I'd definitely recommend considering the hosted option from the start. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI solved several critical problems we were facing. We previously had threat intelligence scattered across multiple tools and sources, with manual processes for ingestion and correlation. Our old TI platform simply didn't deliver what it promised, and we struggled to provide timely, actionable intelligence to our SOC and management. OpenCTI gave us a way to centralize and correlate everything. Now all our threat data, regardless of source, is in one place and properly contextualized and enriched. The biggest benefit has been enabling our SOC's detection and response capabilities. OpenCTI lets us transform raw threat data into intelligence that's actually relevant to our organization's threat landscape. The automated feedback loop means our SOC can quickly request additional context when needed, which has cut our average response time to RFIs by roughly 60%. For our stakeholders (from CISOs to Directors), OpenCTI enables us to deliver proper, actionable intelligence based on actual threats to our organization. We've increased our intelligence product output, while spending less time on tool- and platform administration. Whether it's a strategic briefing for management or operational IOCs for the SOC, OpenCTI gives us the capability to deliver what's needed faster and with better quality. The platform has transformed us from struggling with tools to actually doing the intelligence work we're meant to do. ### 2. Fast evolving platform with expected growing pains understands CTI analysis and industry standards **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.) **Reviewed Date:** February 05, 2026 **What do you like best about OpenCTI by Filigran?** Adherence to industry standards such as MITRE and STIX. Ability to quickly pivot between related threats and reporting. Flexibility to integrate existing workflows and automate using visual playbooks. Regular feature updates. **What do you dislike about OpenCTI by Filigran?** Growing pains with a fast growing startup. Inconsistent customer success experience. Inconsistent adoption of STIX standard across different connectors introducing false or fragmented data. Despite this there are clear indications of progress being made in these areas. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI is a night and day experience compared to our old "industry leading" Threat Intel Platform (TIP) that had become complacent and stagnated. Using OpenCTI we have been able to integrate multiple analysis and escalation workflows that previously lived outside our TIP. Where we had to wait years for requested functionality to be implemented in our last TIP we have had several feature requests already completed in the first year of contract with Filigran. We now have a better visibility of the threats our organization is facing and how they interlink. While STIX adoption could be improved with several of our essential connectors what we already have has allowed better pivoting between named threats and related reporting. ### 3. Centralized Threat Intel with Some Setup Challenges **Rating:** 4.0/5.0 stars **Reviewed by:** Cody P. **Reviewed Date:** February 13, 2026 **What do you like best about OpenCTI by Filigran?** I really appreciate OpenCTI by Filigran for its open-source OSINT focus and community mentality. The playbook and dashboard functionality are particularly high-value for our team, as they free us up to do high-level analysis instead of getting bogged down with automating and coding. **What do you dislike about OpenCTI by Filigran?** Some of the feature support is unclear and we've found initial documentation gaps that slow down adoption while we build experience or read between the lines. Additionally, some features demo nicely in the test environment examples or make sense at a high level, but when implementing in a real-world environment, there are technical grey areas and significant integration effort needed to get the OpenCTI resources to perform. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** We use OpenCTI by Filigran for threat actor attribution, tracking, IOC ingestion, and it centralizes threat intelligence for investigation, curating our threat library, managing CVE exploitation visibility, and enriching our detection data. ### 4. Great Open-Source Platform with Many Connectors, but Commercial Integrations Need Work **Rating:** 4.5/5.0 stars **Reviewed by:** Quentin F. | CTI Analyst, Enterprise (> 1000 emp.) **Reviewed Date:** October 16, 2025 **What do you like best about OpenCTI by Filigran?** From a technical standpoint, It's open-source, meaning that you have the possibility to contribute to it easily. Then, the number of connectors for enrichers, external sources are very varied, meaning that a lot of external sources are easy to integrate. The customer support is responsive, efficient, and mostly knowledgeable about their product. **What do you dislike about OpenCTI by Filigran?** Even though there are a lot of connectors, most of the ones for commercial sources have not been prooftested (enough?) before deployment, which is a hassle when you are a paying customer for the source and opencti, and you end up with a poor result on the platform. In that instance, incentivising Filigran to improve the connectors is quite difficult and it takes a long time to get any improvement made. Lastly, the pycti library could benefit from more thorough documentation. To use it properly, we often need to read its source code to see available methods and their arguments, which is not normal. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** CTI is much more than disseminating indicators, and Filigran clearly understood that when building OpenCTI. It is a powerful tool that helps correlating, enriching, and simply using multiple CTI sources at the different levels (Operational, Strategical, Tactical). In addition, even though we are going in a direction where STIX/TAXII is the CTI standard, many sources still rely on their private API to disseminate intel. For that purpose, OpenCTI builds custom connectors that clearly contribute to making CTI more accessible. ### 5. Advanced Data Model, Cost Effective **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Oil & Energy | Enterprise (> 1000 emp.) **Reviewed Date:** February 16, 2026 **What do you like best about OpenCTI by Filigran?** OpenCTI by Filigran already greatly excites our users. Thanks to the STIX data model, we can conduct research or produce information more easily, which is very interesting for various actors at the tactical, operational, or strategic level, as well as at the SOC level for activities like phishing. This allows us to produce KPIs, etc. The STIX data model represents threat data in the form of a graph, which is cutting-edge technology. It helps us create much more context simply than in structured relationships like MySQL. This model serves as a lever for us to produce context, enrichment, and correlation. It also allows us to make good use of our private information since we can correlate it with what we already have more easily. **What do you dislike about OpenCTI by Filigran?** It is necessary to pay close attention to the sizing of the platform, otherwise there are issues. It is also a microservices platform, so the skills for the MCO (Maintenance in Operational Condition) are more important to mobilize. We would spend more on personnel to maintain it. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI by Filigran offers a cutting-edge and more affordable data model, and a standard stack, allowing for less costly development even with juniors, simplifies information retrieval, and enhances the production of contexts and data correlations. ### 6. Highly Customizable Platform That Still Keeps Everything Consistent **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Airlines/Aviation | Enterprise (> 1000 emp.) **Reviewed Date:** February 11, 2026 **What do you like best about OpenCTI by Filigran?** The platform can be customized in many different ways to fit our needs, while still staying within guardrails that help keep everything consistent. **What do you dislike about OpenCTI by Filigran?** There are a few features that don’t necessarily work as expected, or that feel limited in ways that can be distinctly annoying to work around. I notice this most in how some dashboards are restricted in what they can display, and in how information can be added to different cases. Many of these are things that are actively being addressed however and I'm excited to see the refinements. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI helps me collect data and prioritize it for analysis and review, so I can produce intelligence faster and with greater accuracy. ### 7. OpenCTI SaaS is a fantastic product and our support team is even better! **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Security and Investigations | Mid-Market (51-1000 emp.) **Reviewed Date:** February 05, 2026 **What do you like best about OpenCTI by Filigran?** OpenCTI is an extremely versatile tool and I'm absolutely loving my experience with OpenCTI SaaS right now. Although the tool is great, I must say our OpenCTI support team has been my favorite part of this experience by far. Matt Griffin, Eric Ford, and Jason Murath have been absolutely phenomenal. Matt Griffin is very quick to respond, proactively lets us know when we're having issues with our OpenCTI instance before we even realize, and has continued to go above and beyond to ensure we're taken care of. Jason Murath is EXTREMELY knowledgeable in many different domains and has provided invaluable advice to help us operationalize OpenCTI according to our use cases. Eric Ford is also very knowledgeable and has been pivotal in ensuring our support tickets are taken care of in a timely manner. He grabs our support tickets almost immediately after I submit it them it seems and our migration to SaaS would not have gone as smoothly as it did without his support and dedication. Overall, we are beyond thrilled with the OpenCTI product and the treatment from the team (Matt, Jason, and Eric) has exceeded our expectations. **What do you dislike about OpenCTI by Filigran?** It would be great if there was a quicker turnaround time from the developers with connector NFR's, but we at least have the ability to create custom connectors as a workaround. Adding a feature to the automation playbooks to create new STIX objects would be an amazing feature add too. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI enables us to combine OSINT and Organic Intelligence into one central location to be leveraged across all of our teams and service offerings. ### 8. OpenCTI: Indispensable for Our Cyber Teams **Rating:** 5.0/5.0 stars **Reviewed by:** Antoine D. **Reviewed Date:** October 30, 2025 **What do you like best about OpenCTI by Filigran?** I greatly appreciate the ability of OpenCTI by Filigran to integrate with a multitude of other tools thanks to its open-source connectors. This allows for smooth interconnection and makes the platform extremely versatile. The automation features, including playbooks, are a major asset, facilitating automated processing and enrichment of notifications as well as the management of the platform's observables. Moreover, the installation and migration were simple and well-managed experiences, making the transition to OpenCTI very pleasant. The interconnection with more than fifty connectors, partly developed by our company or from the community, strengthens our cyber ecosystem. The quality of service is also notable and essential for us, which encourages us to continue using and renewing our trust in OpenCTI. This is confirmed by the fact that I give a score of 9.5 out of 10 regarding the likelihood of recommending OpenCTI by Filigran. **What do you dislike about OpenCTI by Filigran?** . **What problems is OpenCTI by Filigran solving and how is that benefiting you?** I use OpenCTI by Filigran to centralize and share information within our cyber teams, automate the processing and enrichment of notifications, and ensure seamless integration with other tools through open source connectors. ### 9. Centralizes Threat Data with Powerful Visualization and Access Controls **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Entertainment | Enterprise (> 1000 emp.) **Reviewed Date:** October 27, 2025 **What do you like best about OpenCTI by Filigran?** Previous Response: Thanks to OpenCTI, we can now use the platform to manage data related to our threat actors, but also to centralize indicators that will be disseminated via our CTI program. We also make extensive use of the relationship visualization features and the STIX 2.1 data model, which allow us to map every piece of information related to our investigations. Another strong point is the fine-grained management of access rights across organizations, groups, and custom markings. **What do you dislike about OpenCTI by Filigran?** There isn't much that I dislike about the platform, actually. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** We use indicators (IOCs) for different use cases, namely in a worldwide defense-in-depth program to secure Internet browsing, enrich matches on our SIEM, and monitor suspicious activity. Therefore, the real challenges are to regularly evaluate the quality and use of CTI sources while limiting false positives with data that is relevant and adapted to our specific context. ### 10. Centralized Intelligence & Stellar Support, Though Some Features Are Complex **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Pharmaceuticals | Enterprise (> 1000 emp.) **Reviewed Date:** October 28, 2025 **What do you like best about OpenCTI by Filigran?** I really appreciate the ability to manage all intelligence in a centralized platform, which allows for seamless enrichment of any segment or indicator. The integration capabilities offered by the product are excellent. Additionally, I truly value the company’s approach and the support provided by the team, they are always helpful and guide us step-by-step to improve how we use the platform. This kind of support is extremely important to us! **What do you dislike about OpenCTI by Filigran?** Sometimes certain features or implementations can be a bit too complex, which makes them challenging to apply effectively. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI helps us centralize all intelligence data, including indicators, in one place. This allows us to reference and cross-check information during every investigation we conduct. As a research-focused team, the platform also enables strategic analysis, helping us identify trends and patterns over time — which is a significant benefit to our work. ### 11. Comprehensive Features and Flexible Integration Options **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Enterprise (> 1000 emp.) **Reviewed Date:** December 04, 2025 **What do you like best about OpenCTI by Filigran?** Comprehensive feature set even in the community version. Ability to try before you buy. Great bi-directional integration with many types of sources to serve many intelligence use cases. Self hosted option gives flexibility when it comes to sensitivity requirements or compliance requirements. Community and response to bugs/issues on Github is highly responsive. **What do you dislike about OpenCTI by Filigran?** Raw platform contains no inclusive data sources that leaves Enterprise pricing feeling expensive. Community version is obviously a mitigating factor to this at a loss of the enterprise features. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** Aggregation of intelligence from multiple sources with the ability to normalise the data through applying STIIX is highly beneficial as is the ability to tag/label the intelligence to allow the ability to make intelligence relevant for specific parties. ### 12. I wish we had more solutions and companies like OpenCTI and Filigran. **Rating:** 5.0/5.0 stars **Reviewed by:** Pedro K. | Senior Solutions Architect & CTI SME, Enterprise (> 1000 emp.) **Reviewed Date:** September 25, 2025 **What do you like best about OpenCTI by Filigran?** It's Open Source and flexible. Has so many great features (impossible to mention one-by-one) and they help push CTI best practices forward. They are easy to integrate with other CTI vendors and that helps so much. **What do you dislike about OpenCTI by Filigran?** I don't really have any complaints. Even their price point is reasonable, and the fact that they are a start-up it gives them the speed necessary on this fast-paced part of the industry. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** It helps aggregate CTI Feeds under a single pane of glass with correlation and search capabilities. The new LLM/AI Modules are great for extra context and user friendly human explanation of certain complex threats. ### 13. Great Community Support Drives Fast Development **Rating:** 5.0/5.0 stars **Reviewed by:** Nick P. | Sr. Staff Cybersecurity Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** October 15, 2025 **What do you like best about OpenCTI by Filigran?** Broad community support for open source project allows for rapid development and product improvement. Platform is also very approachable from a user perspective and easy to understand. **What do you dislike about OpenCTI by Filigran?** Case management system still needs fine-tuning to compete with dedicated case management platforms. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** It is the backbone of our cyber threat intelligence, incident response, and CSOC programs. OpenCTI acts as the central repository for all reporting, indicators, identities, etc. and also our primary case management system. This allows for rapid correlation of internally observed activity with external reporting. ### 14. OpenCTI - Most Effective TIP I've Used **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Oil & Energy | Enterprise (> 1000 emp.) **Reviewed Date:** October 15, 2025 **What do you like best about OpenCTI by Filigran?** Supportive and timely customer support. The platform is easy to adopt and has transformed our way of working, helping to foster greater collaboration and awareness amongst multiple teams. The platform has become a core component of our work stream and is used daily. Furthermore, OpenCTI supports integrations with multiple tools core to our security function, with support from the OpenCTI team to facilitate implementation. **What do you dislike about OpenCTI by Filigran?** The platform often has minor bugs and the user interface could be better **What problems is OpenCTI by Filigran solving and how is that benefiting you?** Has fostered greater collaboration and awareness amongst the various security functions within my company. Provides an audit trail of mitigations/actions applied in response to threats identified. Aggregates all of our intelligence sources into a signal repository, allowing for easy enrichment, searching and analysis. ### 15. Would recommend, has a lot of potential. **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Government Administration | Mid-Market (51-1000 emp.) **Reviewed Date:** October 30, 2025 **What do you like best about OpenCTI by Filigran?** OpenCTI allows us to centralize all the platforms we are using, and create overviews we were unable to do before. The Customer support is great, they are very eager to help. The Python library also allows us to write integrations quite easily. The goal is to move as much to this platform and start using it every day. **What do you dislike about OpenCTI by Filigran?** The dashboards show a lot of potential, but currently they are quite limited in terms of what can be displayed. It would be very helpful if we could add custom columns using GraphQL queries. Additionally, it would be useful to have support for adding subnets as infrastructures that we can set alerts on, such as triggering alerts for any IP within a subnet. At the moment, we have to resolve several /15 or larger networks individually, which makes the platform feel cluttered and takes up unnecessary storage. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** Giving a visual overview with the current threats and allows us to add workflows more easily. ### 16. OpenCTI: Easy to use, responsive support, indispensable for cyber intelligence **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.) **Reviewed Date:** October 28, 2025 **What do you like best about OpenCTI by Filigran?** OpenCTI is at the heart of our cyber intelligence and we therefore use it daily. It is a tool that is very easy to use with many features. The support, which we regularly request, is also responsive and knows how to take our priorities into account. **What do you dislike about OpenCTI by Filigran?** There are still some minor improvements to be made, particularly in terms of UX. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI allows us to capitalize on all publicly available IOCs, as well as IOCs from our analyses. Making them available through multiple feeds allows our clients to benefit from them. It also allows us to visualize the campaigns we are investigating while facilitating the search for pivots. ### 17. OpenCTI Promotes an Environment to Mature CTI Operations **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Luxury Goods & Jewelry | Enterprise (> 1000 emp.) **Reviewed Date:** October 31, 2025 **What do you like best about OpenCTI by Filigran?** OpenCTI by Filigran has added an entirely new layer of structure to our team’s existing Threat Intelligence processes. It has also provided us with an environment where we can discover new opportunities for collaboration and continue to develop our capabilities. **What do you dislike about OpenCTI by Filigran?** The learning curve is challenging, but worth it **What problems is OpenCTI by Filigran solving and how is that benefiting you?** By enabling us to create tailored automation playbooks and orchestrated workflows, OpenCTI helps our team cut down on the time spent performing repetitive manual tasks. This not only boosts our capacity to generate high-quality intelligence deliverables, but also lets us dedicate more attention to the areas that truly matter. ### 18. OpenCTI has drastically reduced our mean time to detect for Threat Hunting in the SOC. **Rating:** 5.0/5.0 stars **Reviewed by:** Justin W. | Network IT Specialist, Mid-Market (51-1000 emp.) **Reviewed Date:** October 07, 2025 **What do you like best about OpenCTI by Filigran?** OpenCTI supports numerous integrations, the community, support, the documentation promotes an easy implementation. This platform is utilized frequently to support our internal operations. **What do you dislike about OpenCTI by Filigran?** The platform has a learning curve, training is still being developed, the vast array of features creates a sense of 'feature bloat' despite most of them being really fleshed out and mature. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** Platform centralization, CTI correlation, SIEM integration to threat intelligence platforms, self-hosted solutions. ### 19. Excellent Data Structuring & Visualization for Strategic and Operational Work **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Oil & Energy | Enterprise (> 1000 emp.) **Reviewed Date:** February 13, 2026 **What do you like best about OpenCTI by Filigran?** data structuring, data visualization, and the ability to work at both the strategic and operational levels **What do you dislike about OpenCTI by Filigran?** A little complicated in terms of the outputs and possibilities of the dashboards. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** the capitalization of data and therefore long-term knowledge about our priorities ### 20. Highly Customizable, But Needs Better Admin Monitoring **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Consulting | Enterprise (> 1000 emp.) **Reviewed Date:** October 28, 2025 **What do you like best about OpenCTI by Filigran?** The customization freedom allowed by the tool ; you can implement a lot of features and tailor them to your needs. **What do you dislike about OpenCTI by Filigran?** The lack of administration panel where you can supervise or monitor the use of your storage or the CPU limit allocated to your SaaS plan. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** It well agregates all the CTI information coming from various places in one single place. It allows my company to save time when the analysts need to have some ifnromation about specific threats (they go to OpenCTI rather than to a plenty of different websites) ### 21. Constantly Improving Platform with Excellent Support **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Security and Investigations | Small-Business (50 or fewer emp.) **Reviewed Date:** October 21, 2025 **What do you like best about OpenCTI by Filigran?** OpenCTI is always improving and getting better over the 2 years I have been using it. The customer support and service level is excellent. The training academy is a fantastic resource and an excellent tool. **What do you dislike about OpenCTI by Filigran?** Dislike is too strong of a word, but I struggle with connecting the documentation to my current challenge. As expected, some fiddling is expected, but customer support is easy to get ahold of and replies promptly. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI is where we perform our CTI tasks and being able to enrich and share this information with our stakeholders is very useful. ### 22. Eye-Catching OpenCTI Interface with Strong Integrations and Knowledge Linking **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Oil & Energy | Small-Business (50 or fewer emp.) **Reviewed Date:** January 30, 2026 **What do you like best about OpenCTI by Filigran?** The OpenCTI interface, functions and integration are nice, with Knowledge function which can link up with data sources are eye catching. **What do you dislike about OpenCTI by Filigran?** I wouldn’t say this is something to dislike, because it’s more about functionality and the learning curve. For a beginner, it may take more time to learn, but that isn’t necessarily a bad thing. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** It helps us to organize the threat intelligence news/threats with analysis data integration, group into a single portal. ### 23. good platform for data collection and CTI work **Rating:** 5.0/5.0 stars **Reviewed by:** A L. | Cyber threat intelligence analyst, Small-Business (50 or fewer emp.) **Reviewed Date:** October 31, 2025 **What do you like best about OpenCTI by Filigran?** use of STIX , customer support , constant improvements **What do you dislike about OpenCTI by Filigran?** it could be a bit more flexible with the graphing functionality **What problems is OpenCTI by Filigran solving and how is that benefiting you?** the collection of the data ### 24. OpenCTI: a powerful, modular CTI platform **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** May 02, 2025 **What do you like best about OpenCTI by Filigran?** The complete STIX 2.1 modeling that allows for the representation of relationships between threats, actors, infrastructures, and events with precision. The clear and scalable interface, with a graph-oriented approach very useful for complex analyses as well as visualization with dashboards. **What do you dislike about OpenCTI by Filigran?** Some connectors do not harmonize the use of the STIX format, particularly regarding the capitalization of objects or attributes, which requires manual adjustments or post-processing to ensure data consistency. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI allows structuring and linking information (actors, TTPs, campaigns, infrastructures) through a graph-oriented database and the STIX 2.1 format. Thanks to its logic of historization and temporal relationships between objects, OpenCTI enables precise tracking of the evolution of adversary campaigns, techniques, or infrastructures. Better threat prioritization by visualizing their context, origin, and potential impact. Improvement of actionable intelligence transmitted to the SOC or to tools like SIEM, EDR, or SOAR. ### 25. A unique platform that centralizes cyber intelligence **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.) **Reviewed Date:** April 10, 2025 **What do you like best about OpenCTI by Filigran?** OpenCTI is an extremely valuable tool for managing cyber threat intelligence. The platform excels in processing data at different levels: tactical, technical, and strategic. The use of recognized frameworks like STIX, TAXII, and MITRE ATT&CK greatly facilitates the sharing of information between various security tools. Another major asset is the active community around OpenCTI. Thanks to its open-source approach, many connectors and updates are regularly developed based on user feedback. This allows for the centralization of all data on a single platform, which is a considerable gain in terms of time and efficiency. **What do you dislike about OpenCTI by Filigran?** Although OpenCTI has extensive documentation, the platform requires some time to fully master. The wealth of features and available options can be confusing at first. However, the recently established Filigran Academy greatly facilitates getting to grips with the tool. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI allowed me to centralize all data streams and normalize them in STIX, thus providing an integrated workspace where I can easily access different data sources. This is particularly useful for ingesting external threat intelligence and quickly sharing it with third parties. ### 26. Head of CTI **Rating:** 5.0/5.0 stars **Reviewed by:** Kevin G. | Head of CTI, Mid-Market (51-1000 emp.) **Reviewed Date:** April 09, 2025 **What do you like best about OpenCTI by Filigran?** As a Threat Intelligence Platform, OpenCTI offers valuable capabilities for managing cyber threat intelligence, particularly across tactical, technical, and strategic intelligence layers. The strength of the platform lies in its powerful ability to ingest cyber threat intelligence through widely recognized frameworks such as STIX, TAXII, and MITRE ATT&CK. This enables seamless data sharing across a wide range of security tools (TIPs, EDR, SIEM, XDR, etc.). A large number of data ingestion connectors are available, allowing me to centralize all intelligence within a single platform. Filigran, having developed this solution through an open-source approach, benefits from a broad community of internal and external contributors, which is quite unique in the market. This also allows Filigran to build its roadmap based on user feedback and to remain closely aligned with user needs. **What do you dislike about OpenCTI by Filigran?** The platform is evolving rapidly to increase the number of connectors to third-party services. However, it is essential that the services provided through these connectors are equivalent to those offered directly by the third parties themselves. For example, if a data connector I’m using does not provide the same level of information as a direct query to the third-party source, and I’m forced to access the third-party platform directly instead of relying solely on OpenCTI, then the connector loses its value. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** Ingestion of external threat intelligence into a single TIP instance Ability to quickly and automatically share my threat intelligence with third parties Integration of intelligence into widely recognized frameworks ### 27. A powerful and user-friendly platform that takes on many challenges **Rating:** 5.0/5.0 stars **Reviewed by:** Emma C. | Cyber Threat Intelligence Analyst, Enterprise (> 1000 emp.) **Reviewed Date:** April 01, 2025 **What do you like best about OpenCTI by Filigran?** What I like best about OpenCTI would be that : - it is based on STIX 2.1 model - it keeps evolving by taking feedbacks and release new updates accordingly - it is open source so really customisable **What do you dislike about OpenCTI by Filigran?** What I would improve on OpenCTI would be : - the documentation around pycti - the 'import document' connector on reports to be more precise on object scrapping - AI features (AI insights, Ask AI, NLP import document connector) **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI is our most valuable daily work tool. In a nutshell, the platform allows our CTI team to centralize data with its integrated RSS feed aggregator, connectors, streams and enrichers. Thanks to these features, the analysts team can capitalise, create and turn information into intelligence. All the information we gathered regarding the threats going on around the world is stored. Then we can share it with our clients or other cybersecurity analysts. ### 28. A platform that fully leverages STIX 2.1 **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.) **Reviewed Date:** March 27, 2025 **What do you like best about OpenCTI by Filigran?** OpenCTI is one of the few, if not the only, open-source solutions that fully leverages STIX 2.1 almost in its entirety. Beyond the data format, its integrations and architecture are state-of-the-art (microservices, scalability, security, etc.). The support teams are extremely responsive and the community is highly active. I have been using it for almost 2.5 years and am completely satisfied with the direction in which the platform is evolving. It is focused on threat analysts, providing them with a tool that centralizes their daily activities in one place. The UI is designed with the analyst in mind; menus are intuitive. New AI features add real value. It's a great solution that continues to evolve in the right direction. **What do you dislike about OpenCTI by Filigran?** One challenge that can be encountered is keeping up with the releases, which is quite important. This is the downside of flexibility. A bug is generally fixed very quickly, but this requires industrial-grade deployment and management capabilities to be production ready. Otherwise, the SaaS solution allows you not to worry about this aspect. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI centralizes data streams, normalizes them into STIX, and provides analysts with a workspace that integrates a significant amount of different data sources. ### 29. Filigran handles intelligence better than many of the market's biggest players **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** March 26, 2025 **What do you like best about OpenCTI by Filigran?** Firstly, OpenCTI is open-source and makes no secret of it. There's a clear desire to share with the community in order to advance the tool (over 5,000 members on Slack at the time of writing). Having opted for an Enterprise account, we have very regular discussions with their highly qualified CSM team. The support team is very responsive and assists us on many issues. The platform is manipulated daily by a team of CTI analysts in charge of capitalizing reports, consulted by numerous SOC analysts to find context on a threat, and requested by different security equipment all day long. Worst of all? OpenCTI does all this without flinching, and its responsiveness is always spot on. With full integration of the STIX2.1 standard, it's very easy to use the platform to bring out the contextual intelligence needed by other teams such as the SOC. There's also a fairly extensive list of connectors, making it easy to exchange data with the big solutions that everyone is familiar with. In conclusion, the graphical interface is easy to use and intuitive, making it easy to implement many functions. **What do you dislike about OpenCTI by Filigran?** After positive feedback like this, I don't really see how I can tarnish the image I want to project of Filigran. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI is an intelligence management platform, enabling intelligence to be stored, capitalized on to provide context and then disseminated to the equipment / people who need it. ### 30. Best for STIX2.1 and Threat Intel, But Needs More Features and QA **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.) **Reviewed Date:** October 24, 2025 **What do you like best about OpenCTI by Filigran?** It's the best we've got for working with STIX2.1. It's the best we've got for self-controlled correlation, enrichment and dissemination of threat intelligence. **What do you dislike about OpenCTI by Filigran?** More developers are needed - there are many crucial features still lacking. Workflows are too cumbersome for users. More QA is needed - there are too many (regression) bugs. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** We need a central solution for our various threat intelligence source and incident response case-management. We need to publish our intelligence to our constituents. ### 31. Review of the OpenCTI tool **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Luxury Goods & Jewelry | Enterprise (> 1000 emp.) **Reviewed Date:** October 29, 2025 **What do you like best about OpenCTI by Filigran?** What I like most about the OpenCTI tool is the integration of indicators of compromise and observables to help us during investigations as a SOC analyst. **What do you dislike about OpenCTI by Filigran?** What I like a little less is the integration of the OpenCTI connector where you have to go through pull requests, which can be a bit long for integration, especially if we want to do tests on our staging. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** Centralization of IOC and data feed ### 32. Promising, versatile & a capable product **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Banking | Enterprise (> 1000 emp.) **Reviewed Date:** April 22, 2025 **What do you like best about OpenCTI by Filigran?** I've been using OpenCTI daily for threat intelligence and incident response, and it's been a great addition. The dashboard is clean and informative, and the way it links Integrations/connectors, entities like threat actors, observables, and incidents is really helpful. Implementing the instance, connecting the connectors and understanding the basic concepts has really been helpful with the documentation. Connecting the connectors on on-prem was pretty easy as well. Playbook automation has saved me a lot of manual effort, and the platform overall feels flexible and well thought out. Definitely a strong option if you're looking to level up your threat visibility and response workflows. The customer as well as community support has really been top notch. **What do you dislike about OpenCTI by Filigran?** I wish there was better support for custom playbooks—especially something that lets us plug in custom Python code directly. It would open up a lot more flexibility for advanced use cases. Also, having a dedicated professional services team to help with SaaS deployments or platform customisation would be a huge plus. Apart from that, I think the steps/documentation for developing custom connectors could be improved further so that anyone starting can pick it up with ease. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** OpenCTI centralizes all my threat intelligence—connecting indicators, threat actors, campaigns, and incidents in a meaningful way. This connected view makes it much easier to understand the "who," "what," and "why" behind threats. It's also streamlined how I respond to incidents, especially with playbook automation handling repetitive tasks. That’s saved me a lot of time doing the grunt work. OpenCTI has helped me respond faster, and make more informed security decisions. ### 33. Powerful CTI platform with wide range of features **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.) **Reviewed Date:** November 07, 2025 **What do you like best about OpenCTI by Filigran?** The platform offers a wide range of features corresponding to CTI variable needs and is very powerful to collect, store, and export intelligence. The team at Filigran is very active to answer our requests. **What do you dislike about OpenCTI by Filigran?** Some bugs can occur between updates/versions. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** Collect, store, enrich, and export data with context. ### 34. OpenCTI experience **Rating:** 4.5/5.0 stars **Reviewed by:** DIMITRIOS k. | IT Security Officer, Mid-Market (51-1000 emp.) **Reviewed Date:** October 24, 2025 **What do you like best about OpenCTI by Filigran?** Easy of Use, Number of Features, ecosystem of connectors **What do you dislike about OpenCTI by Filigran?** Complex architecture and operational overhead **What problems is OpenCTI by Filigran solving and how is that benefiting you?** Fragmented threat intelligence ### 35. OpenCTI est la meilleure plateforme de renseignement sur les menaces (expérience utilisateur et fonctionnalités) **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Consulting | Mid-Market (51-1000 emp.) **Reviewed Date:** May 07, 2025 **What do you like best about OpenCTI by Filigran?** Its ability to structure, correlate, and effectively visualize Threat Intelligence in an interoperable format like STIX **What do you dislike about OpenCTI by Filigran?** The initial learning curve can be steep, especially for advanced modeling or integration with certain external sources. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** I use it to centralize, structure, and enrich Threat Intelligence, facilitate detection through the dissemination of IoCs, and support tactical and strategic analyses within the CERT. OpenCTI allows breaking down information silos by unifying Threat Intelligence data into a structured model, which facilitates collaboration, proactive threat detection, and decision-making within the CERT. ### 36. very useful and practical platform **Rating:** 5.0/5.0 stars **Reviewed by:** Ahmed A. | cyber threat inteligence, Small-Business (50 or fewer emp.) **Reviewed Date:** August 18, 2025 **What do you like best about OpenCTI by Filigran?** This application is practical and easy to use **What do you dislike about OpenCTI by Filigran?** Sometimes the loading speed could be improved **What problems is OpenCTI by Filigran solving and how is that benefiting you?** open cti helps us organize and analyze threat inteligence data efficiently , saving time and improving visibility on potential threats ### 37. CTI DEPUTY LEAD **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.) **Reviewed Date:** April 11, 2025 **What do you like best about OpenCTI by Filigran?** I really appreciate the interface. It is very user-friendly. The fact that the platform is built around the STIX 2.1 format is impressive. The playbook functionalities enable the automation of many tasks. The dashboard capabilities are also a strong point. Additionally, the wide range of integrations is very beneficial. The capability to build custom connector/enricher is also a good feature. **What do you dislike about OpenCTI by Filigran?** The documentation around PyCTI could be more detailed and user-friendly1. The 'import document' connector on reports could be more precise in object scrapping2. The AI features, including AI insights, Ask AI, and the NLP import document connector, could be further enhance **What problems is OpenCTI by Filigran solving and how is that benefiting you?** Centralized Threat Intelligence Management Data Contextualization and Actionable Insights Enhanced Collaboration and Sharing ### 38. A well thought platform and a skilled team to support it **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Luxury Goods & Jewelry | Enterprise (> 1000 emp.) **Reviewed Date:** May 02, 2025 **What do you like best about OpenCTI by Filigran?** Ease of use, the ability to centralize intelligence, the STIX integration, the usecases unlocked by the platform. The team has always been here to support integration and debug. Use this product daily to keep up with all the threats. **What do you dislike about OpenCTI by Filigran?** The UI needs a bit of practice at first to be confortable with it. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** Detection capabilities Intelligence centralization ### 39. One of the best Threat Intel Project (A good alternative to MISP) **Rating:** 4.5/5.0 stars **Reviewed by:** sudesh y. | Senior IR analyst, Mid-Market (51-1000 emp.) **Reviewed Date:** February 16, 2025 **What do you like best about OpenCTI by Filigran?** They are one of the best opensource threat intel products out there. Number of connectors, Ease of developing connectors for OpencTI. This in combination with Openbas becomes a super product. **What do you dislike about OpenCTI by Filigran?** It needs more refinement but they are working on it. **What problems is OpenCTI by Filigran solving and how is that benefiting you?** Ease of investigation and understanding of threats - [View OpenCTI by Filigran pricing details and edition comparison](https://www.g2.com/products/opencti-by-filigran/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-20+16%3A01%3A35+-0500&secure%5Bsession_id%5D=8bd29d45-bc1e-426e-b836-711e7b46641d&secure%5Btoken%5D=b44889f75de02c65eedef8105885337496141bb54aaa1eef71057fb821592562&format=llm_user) ## OpenCTI by Filigran Integrations - [DomainTools](https://www.g2.com/products/domaintools/reviews) - [Feedly for Threat Intelligence](https://www.g2.com/products/feedly-for-threat-intelligence/reviews) - [Google Threat Intelligence](https://www.g2.com/products/google-threat-intelligence/reviews) - [Group-IB Threat Intelligence](https://www.g2.com/products/group-ib-threat-intelligence/reviews) - [Microsoft Sentinel](https://www.g2.com/products/microsoft-sentinel/reviews) - [Splunk Enterprise](https://www.g2.com/products/splunk-enterprise/reviews) - [Torq AI SOC Platform](https://www.g2.com/products/torq-ai-soc-platform/reviews) - [VirusTotal](https://www.g2.com/products/virustotal/reviews) ## OpenCTI by Filigran Features **Orchestration** - Asset Management - Security Workflow Automation - Deployment - Sandboxing **Administration** - Reports & Analytics - Dashboard **Information** - Proactive Alerts - Malware Detection - Intelligence Reports **Personalization** - Endpoint Intelligence - Dynamic/Code Analysis **Generative AI** - AI Text Summarization - Generate Attack Scenarios - Generate Threat Detection Rules - Generate Threat Summaries **Agentic AI - Threat Intelligence** - Autonomous Task Execution - Multi-step Planning - Proactive Assistance - Decision Making ## Top OpenCTI by Filigran Alternatives - [Cloudflare Application Security and Performance](https://www.g2.com/products/cloudflare-application-security-and-performance/reviews) - 4.5/5.0 (578 reviews) - [Check Point Next Generation Firewalls (NGFWs)](https://www.g2.com/products/check-point-next-generation-firewalls-ngfws/reviews) - 4.5/5.0 (502 reviews) - [CrowdStrike Falcon Endpoint Protection Platform](https://www.g2.com/products/crowdstrike-falcon-endpoint-protection-platform/reviews) - 4.7/5.0 (381 reviews)