Progressive rollout of the OpenCTI Enterprise Edition: why, what and how?

We are thrilled to announce that, from OpenCTI 5.8, Filigran is now providing some customers with Enterprise Edition of the platform, whether on-premise or in our SaaS. This version, which remains open source and aligned with our core values, is included in the main stream GitHub repository as well as in all product releases. OCTI EE has been designed to provide organizations with outstanding features for enterprise-grade cyber threat intelligence use cases.

Why introducing OpenCTI EE?

First of all, we would like to reaffirm that the commitment of all the Filigran teams to open source software, products communities and free-to-use applications remains strictly untouched, as part of our DNA since day 1 of the OpenCTI’s journey. Introducing OpenCTI Enterprise Edition is definitely not part of an overall strategy to turn the platform into a proprietary licensed solution as other cybertech companies did in the past few years.

That being said, in our journey to make OpenCTI the best next-generation eXtended Threat Knowledge Platform (XTK), it is clear that the development of certain features requires substantial investment from our teams. Rest assured, we are not talking here about security, single sign on, knowledge segregation or integrations, but rather issues reserved for very advanced usage of the platform such as generative artificial intelligence for correlation, supervised learning based natural language processing, playbooks and workflows engine or user activity / resources advanced monitoring.

The decision to extend the platform to an OpenCTI Enterprise Edition (EE) was not taken lightly. It was based on a single observation and driven by a single objective: the OpenCTI platform development only relies on the work of the Filigran software engineering team (20 FTEs so far) and we must ensure its long-term sustainability, while making sure to have the resources necessary to innovate in order to offer the best solutions to the teams who use our entire portfolio.

What is OpenCTI EE?

OpenCTI Enterprise Edition is based on the open core concept. This means that the source code of OCTI EE remains open source and included in the main GitHub repository of the platform but is published under a specific license. As precised in the GitHub license file:

• The OpenCTI Community Edition is licensed under the Apache License, Version 2.0 (the “Apache License”).
• The OpenCTI Enterprise Edition is licensed under the OpenCTI
  Non-Commercial License (the “Non-Commercial License”).

The source files in this repository have a header indicating which license they are under. If no such header is provided, this means that the file is belonging to the Community Edition under the Apache License, Version 2.0.

As already mentioned, the Filigran team will continue in long-term to mainly develop the community edition, according to our strategic roadmap, but will progressively include major epics reserved to the enterprise edition, such as:

• Audit logs and advanced user behavior’s monitoring and analytics.
• Automation scenarios and playbooks engine.
• Generative AI for correlation and content generation.
• Supervised machine learning for natural language processing.

Also, it is important to understand that OpenCTI CE and EE will be part of the same package and included in release archives as well as Docker images for all versions from 5.8.X. All the features mentioned above are obviously not yet available and will be gradually developed and included in the coming months.

How to enable and use OpenCTI EE?

As part of all OpenCTI releases, any organization is able to enable OpenCTI Enterprise Edition in the platform settings. When enabling OpenCTI EE, the user must agree to the OpenCTI Enterprise Edition (EE) supplemental license terms. After the activation, all features specifically included in OCTI EE will be available for all users in the platform. As mentioned in the license:

• OpenCTI EE is free-to-use for development, testing and research purposes as well as for non-profit organizations.
• OpenCTI EE is included for all Filigran SaaS customers without additional fee.
• For all other usages, OpenCTI EE is reserved to organizations that have entered in a Filigran Enterprise agreement.

Our main objective remains to make all OpenCTI features accessible to as many organizations as possible, while ensuring the sustainability of the solution over the long term and the fair use of the platform in commercial contexts.

We really insist on the fact that this evolution takes place in a context of professionalization of the usage of the platform and is in no way intended to lock OpenCTI users into any commercial vehicle. The credibility of Filigran and our teams depends on it and we are committed to dedicate all our resources to provide the best possible support to our communities in terms of content, documentation and training materials.

If you have any concern about the introduction of OpenCTI enterprise edition or you just need more information, don’t hesitate to join our Slack channels or contact us directly.