Industrialize your CTI workflows with GLIMPS Malware and OpenCTI

Faced with increasingly fast and polymorphic threats, CTI teams can no longer limit themselves to manually enriching indicators. Without automation, they waste valuable hours:

• Manually analyzing each artifact
• Switching between platforms to find specialized analyses
• Consolidating results into their STIX/CTI database

This fragmentation slows down detection, increases MTTR (Mean Time to Respond), and causes fatigue that negatively impacts the quality and speed of investigations.

To solve this issue, GLIMPS and OpenCTI have developed a dual connector to provide you with:

• Real-time multi-engine enrichment in OpenCTI with GLIMPS Malware
• An alerting channel in GLIMPS Malware with OpenCTI

The GLIMPS Malware Enrichment Connector in OpenCTI

The GLIMPS Malware connector automates the sorting, characterization, and analysis of malware within OpenCTI:

1. Analyzes artifacts (files) contained in OpenCTI
2. Provides real-time enrichment of your STIX object via the GLIMPS Malware Detect API
   

Adds an “External References” link to switch to the GLIMPS Malware Expert interface and explore each verdict in detail.

The OpenCTI Alerting Connector in GLIMPS Malware

The GLIMPS Malware Alerting connector reverses the flow: for each malware detection or suspicious file identified by GLIMPS, it:

1. Formats the alert as a STIX object
2. Automatically pushes the new bundle into OpenCTI
3. Notifies your SOC/CERT team directly
   

The alert threshold is fully customizable and can be segmented according to the detection engine used (e.g., YARA).

Both connectors enrich your OpenCTI platform with the following information:

• Generated STIX objects: score, files, malware, malware-analysis, indicator, observable, external-reference, labels
• Types of indicators: hashes (MD5/SHA1/SHA256), filenames, URLs, domains, etc.
  

What are the benefits of this dual integration?

With the combined technologies of Filigran and GLIMPS, CTI teams gain access to a next-generation detection and enrichment solution whose main advantages include:

1. Seamless Integration: Simplifies the import and use of indicators of compromise (IoCs) directly within your OpenCTI platform
2. Advanced Automation: Automates IoC analysis and classification tasks, reducing reaction time and increasing security process efficiency
3. Threat Visualization and Management
4. CTI Data Enrichment: Connectors enrich data with detailed contextual information, enhancing analysts’ decision-making capabilities
5. Collaboration and Knowledge Sharing: All analyses performed by the connector are visible in the GLIMPS Malware Expert platform, fostering collaboration between teams thanks to centralized analysis and sharing features
   

Conclusion

By combining GLIMPS Malware’s advanced analysis capabilities with the OpenCTI platform, CTI teams can move beyond manual, time-consuming workflows and embrace a fully automated, collaborative approach. This dual integration empowers analysts to detect faster, respond smarter, and scale operations seamlessly, reducing fatigue while improving the overall quality of investigations.

Enjoy and feel free to ask any questions about it on our Slack community channel !