OpenCTI by Filigran
Incident response software
Threat intelligence software
Unified threat management software
System security software
Network security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if OpenCTI by Filigran and its alternatives fit your requirements.
Contact the product provider
Free TrialFree version
Small
Medium
Large
- Professional services (engineering, legal, consulting, etc.)
- Public sector and nonprofit organizations
- Information technology and software
What is OpenCTI by Filigran
OpenCTI is an open source threat intelligence platform used to collect, normalize, store, and analyze cyber threat intelligence using a structured data model. It supports use cases such as CTI knowledge management, enrichment, correlation across sources, and sharing intelligence with internal teams and external communities. The platform centers on STIX2-based entities and relationships and provides connectors to ingest and export data to other security tools. Typical users include threat intelligence teams, SOC analysts, and incident response teams that need a central CTI repository and workflow.
Structured CTI knowledge graph
OpenCTI models threat intelligence as linked entities (e.g., actors, malware, indicators, incidents) and relationships, enabling analysts to pivot and correlate across datasets. Its STIX2-aligned approach helps standardize how intelligence is stored and exchanged. This structure supports repeatable analysis and reduces reliance on unstructured notes and spreadsheets.
Connector-based integrations
OpenCTI uses a connector framework to ingest from multiple sources and to export to downstream systems, supporting automation of collection and dissemination. This design helps teams integrate CTI with existing security operations workflows rather than operating a standalone repository. It is particularly useful when organizations need to combine commercial feeds, open sources, and internal observations.
Open source deployment control
As an open source platform, OpenCTI can be self-hosted, customized, and extended to match internal data handling and operational requirements. This can be important for organizations with strict data residency constraints or specialized intelligence workflows. The codebase and data model transparency can also support internal review and governance.
Not a UTM replacement
Despite overlapping security categories, OpenCTI does not function as unified threat management infrastructure (e.g., firewalling, gateway controls, endpoint prevention). It primarily manages and operationalizes intelligence rather than enforcing network or endpoint security controls. Organizations typically still require separate security control platforms for prevention and enforcement.
Operational overhead to run
Self-hosting requires maintaining the application stack, upgrades, backups, and performance tuning as data volume grows. Connector operations also require monitoring and periodic maintenance when upstream APIs change or feeds degrade. Teams without dedicated engineering or platform support may find ongoing operations challenging.
Data quality depends on sources
Correlation and analysis outcomes depend heavily on the quality, timeliness, and consistency of ingested intelligence. Without curation, deduplication, and governance, the platform can accumulate noisy indicators and conflicting context. Establishing workflows for validation and lifecycle management is often necessary to keep the repository actionable.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Community Edition (OpenCTI CE) | Free | Open-source, self-hosted edition (Apache License 2.0). Core CTI features, 300+ integrations; install from Filigran resources/GitHub. |
| Enterprise Edition (OpenCTI EE) | Contact sales | Enterprise features (audit logging, user behavior analytics, automation engine, RBAC, full-text indexing, NLP/LLM features). Pricing not published on site — contact Filigran. |
| Filigran Managed SaaS / Marketplace SaaS | Contact sales | Fully managed SaaS instances (hosted by Filigran), support subscription included; available via Filigran SaaS and AWS Marketplace (purchase/billing via marketplace). |
Seller details
Filigran
Paris, France
2022
Private
https://filigran.io/
https://x.com/FiligranHQ
https://www.linkedin.com/company/filigran/
