Explore OpenCTI or OpenAEV platform with 30 days Free Trial!
XTM Hub by FiligranSign In
OpenCTI for Elastic Security logo

OpenCTI for Elastic Security

Detection & Response Enablement

Overview

The Elastic OpenCTI integration ingests threat intelligence from OpenCTI into Elastic, enriching security events with IOCs (indicators of compromise) and threat context so analysts can detect, investigate, and respond to attacks more effectively.

The Elastic OpenCTI integration enables the ingestion of threat intelligence indicators from an OpenCTI platform into Elastic.

It collects structured IOC data (such as IPs, domains, URLs, file hashes, and certificates) via the OpenCTI GraphQL API and maps them to ECS fields.

These indicators can then be searched, visualized, and used in detection rules to enrich security analysis and identify malicious activity in near real time.

Basic information

Filigran
Nino Rowlands
Third party integrations
Detection (SIEM, XDR & EDR)
July 07, 2026
5.12.24
1

    We use cookies to make the XTM Hub work, understand how it's used, and improve your experience. Strictly necessary cookies are always on. With your consent, we also use optional cookies for functionality, performance and analytics, and marketing. You can accept all, reject all, or choose which optional cookies to allow. You can change your preferences at any time via "Cookie settings". See our Cookie Policy for more information.