Elastic Integration

Siem & Analytics

A picture of U2hhcmVhYmxlUmVzb3VyY2VJbWFnZTo3ZWY4MTU2ZC1jODk0LTQxZGMtOWVlMy1hNTU5ZDlhMjJiYmM=

Overview

The Elastic OpenCTI integration ingests threat intelligence from OpenCTI into Elastic, enriching security events with IOCs (indicators of compromise) and threat context so analysts can detect, investigate, and respond to attacks more effectively.

The Elastic OpenCTI integration enables the ingestion of threat intelligence indicators from an OpenCTI platform into Elastic.

It collects structured IOC data (such as IPs, domains, URLs, file hashes, and certificates) via the OpenCTI GraphQL API and maps them to ECS fields.

These indicators can then be searched, visualized, and used in detection rules to enrich security analysis and identify malicious activity in near real time.

Basic information

Organization

Filigran

Author

Nino Rowlands

Type

Third party integrations

Subtype

Detection (SIEM, XDR & EDR)

Last updated atJanuary 26, 2026

Vendor URLhttps://www.elastic.co/docs/reference/integrations/ti_opencti

Github URLhttps://github.com/elastic/integrations/tree/main/packages/ti_opencti

OpenCTI compatibility version5.12.24

Shares0