OpenCTI by Filigran Reviews & Product Details

The ability for as a team to use OpenCTI to create an automated feedback loop between our CTI team and the SOC is really powerful. When our SOC colleagues need more context or want us to investigate something further, OpenCTI automatically captures those RFIs and routes them back to us.

This bidirectional flow makes our intelligence actually actionable and keeps everyone connected - something that's genuinely hard to find in other platforms.

What makes this work so well is that OpenCTI handles the full intelligence spectrum. As I often tell my team: "Higher management has an Threat Intel question, we turn to OpenCTI for answers." Whether it's strategic assessments, tactical deep-dives, or operational IOCs, we can work through the Pyramid of Pain and deliver what's needed.

The platform is flexible enough to fit exactly how we work, but solid enough that it just works from day one. That means we spend our time on threat analysis instead of platform administration, which is exactly what we need." Review collected by and hosted on G2.com.

The technical overhead of self-hosting can be overwhelming. We ran our own OpenCTI instance for about a year, and while it gave us valuable insight into how the platform works technically, which actually helped us use it more effectively. The maintenance, updates, and infrastructure management required significant attention. That's time we'd rather spend on threat analysis.

To be clear, this isn't a criticism of OpenCTI itself. Any complex platform has this challenge when you self-host. We ultimately made the decision to migrate to Filigran's hosted OpenCTI platform, and it's been the right call. We kept all the power and capabilities of OpenCTI without the operational hassle.

For teams that want to focus on intelligence work rather than platform administration, I'd definitely recommend considering the hosted option from the start. Review collected by and hosted on G2.com.

Adherence to industry standards such as MITRE and STIX. Ability to quickly pivot between related threats and reporting. Flexibility to integrate existing workflows and automate using visual playbooks. Regular feature updates. Review collected by and hosted on G2.com.

Growing pains with a fast growing startup. Inconsistent customer success experience. Inconsistent adoption of STIX standard across different connectors introducing false or fragmented data. Despite this there are clear indications of progress being made in these areas. Review collected by and hosted on G2.com.

I really appreciate OpenCTI by Filigran for its open-source OSINT focus and community mentality. The playbook and dashboard functionality are particularly high-value for our team, as they free us up to do high-level analysis instead of getting bogged down with automating and coding. Review collected by and hosted on G2.com.

Some of the feature support is unclear and we've found initial documentation gaps that slow down adoption while we build experience or read between the lines. Additionally, some features demo nicely in the test environment examples or make sense at a high level, but when implementing in a real-world environment, there are technical grey areas and significant integration effort needed to get the OpenCTI resources to perform. Review collected by and hosted on G2.com.

From a technical standpoint, It's open-source, meaning that you have the possibility to contribute to it easily. Then, the number of connectors for enrichers, external sources are very varied, meaning that a lot of external sources are easy to integrate.

The customer support is responsive, efficient, and mostly knowledgeable about their product. Review collected by and hosted on G2.com.

Even though there are a lot of connectors, most of the ones for commercial sources have not been prooftested (enough?) before deployment, which is a hassle when you are a paying customer for the source and opencti, and you end up with a poor result on the platform.

In that instance, incentivising Filigran to improve the connectors is quite difficult and it takes a long time to get any improvement made.

Lastly, the pycti library could benefit from more thorough documentation. To use it properly, we often need to read its source code to see available methods and their arguments, which is not normal. Review collected by and hosted on G2.com.

OpenCTI by Filigran already greatly excites our users. Thanks to the STIX data model, we can conduct research or produce information more easily, which is very interesting for various actors at the tactical, operational, or strategic level, as well as at the SOC level for activities like phishing. This allows us to produce KPIs, etc. The STIX data model represents threat data in the form of a graph, which is cutting-edge technology. It helps us create much more context simply than in structured relationships like MySQL. This model serves as a lever for us to produce context, enrichment, and correlation. It also allows us to make good use of our private information since we can correlate it with what we already have more easily. Review collected by and hosted on G2.com.

It is necessary to pay close attention to the sizing of the platform, otherwise there are issues. It is also a microservices platform, so the skills for the MCO (Maintenance in Operational Condition) are more important to mobilize. We would spend more on personnel to maintain it. Review collected by and hosted on G2.com.

The platform can be customized in many different ways to fit our needs, while still staying within guardrails that help keep everything consistent. Review collected by and hosted on G2.com.

There are a few features that don’t necessarily work as expected, or that feel limited in ways that can be distinctly annoying to work around. I notice this most in how some dashboards are restricted in what they can display, and in how information can be added to different cases. Many of these are things that are actively being addressed however and I'm excited to see the refinements. Review collected by and hosted on G2.com.

OpenCTI is an extremely versatile tool and I'm absolutely loving my experience with OpenCTI SaaS right now. Although the tool is great, I must say our OpenCTI support team has been my favorite part of this experience by far. Matt Griffin, Eric Ford, and Jason Murath have been absolutely phenomenal. Matt Griffin is very quick to respond, proactively lets us know when we're having issues with our OpenCTI instance before we even realize, and has continued to go above and beyond to ensure we're taken care of. Jason Murath is EXTREMELY knowledgeable in many different domains and has provided invaluable advice to help us operationalize OpenCTI according to our use cases. Eric Ford is also very knowledgeable and has been pivotal in ensuring our support tickets are taken care of in a timely manner. He grabs our support tickets almost immediately after I submit it them it seems and our migration to SaaS would not have gone as smoothly as it did without his support and dedication. Overall, we are beyond thrilled with the OpenCTI product and the treatment from the team (Matt, Jason, and Eric) has exceeded our expectations. Review collected by and hosted on G2.com.

It would be great if there was a quicker turnaround time from the developers with connector NFR's, but we at least have the ability to create custom connectors as a workaround. Adding a feature to the automation playbooks to create new STIX objects would be an amazing feature add too. Review collected by and hosted on G2.com.

I greatly appreciate the ability of OpenCTI by Filigran to integrate with a multitude of other tools thanks to its open-source connectors. This allows for smooth interconnection and makes the platform extremely versatile. The automation features, including playbooks, are a major asset, facilitating automated processing and enrichment of notifications as well as the management of the platform's observables. Moreover, the installation and migration were simple and well-managed experiences, making the transition to OpenCTI very pleasant. The interconnection with more than fifty connectors, partly developed by our company or from the community, strengthens our cyber ecosystem. The quality of service is also notable and essential for us, which encourages us to continue using and renewing our trust in OpenCTI. This is confirmed by the fact that I give a score of 9.5 out of 10 regarding the likelihood of recommending OpenCTI by Filigran. Review collected by and hosted on G2.com.

. Review collected by and hosted on G2.com.

Previous Response: Thanks to OpenCTI, we can now use the platform to manage data related to our threat actors, but also to centralize indicators that will be disseminated via our CTI program. We also make extensive use of the relationship visualization features and the STIX 2.1 data model, which allow us to map every piece of information related to our investigations. Another strong point is the fine-grained management of access rights across organizations, groups, and custom markings. Review collected by and hosted on G2.com.

There isn't much that I dislike about the platform, actually. Review collected by and hosted on G2.com.

I really appreciate the ability to manage all intelligence in a centralized platform, which allows for seamless enrichment of any segment or indicator. The integration capabilities offered by the product are excellent.

Additionally, I truly value the company’s approach and the support provided by the team, they are always helpful and guide us step-by-step to improve how we use the platform. This kind of support is extremely important to us! Review collected by and hosted on G2.com.

Sometimes certain features or implementations can be a bit too complex, which makes them challenging to apply effectively. Review collected by and hosted on G2.com.