🧠Humans of Cyber | Samuel Hassine
Open source CTI platform that structures and links threat data using STIX, enabling teams to manage, analyze, and operationalize intelligence collaboratively.
Cyber threat intelligence often becomes hard to use when data is scattered across reports, feeds, indicators, and analyst notes. One open source project that helps teams structure and operationalize that intelligence is OpenCTI by Filigran, led by Samuel Hassine, CEO and co-founder of Filigran.
Hassine helped build OpenCTI as an open source platform designed to manage cyber threat intelligence knowledge and observables in a more connected and usable way. Rather than leaving intelligence in separate tools or unstructured reports, the platform was created to help analysts organize, store, visualize, and operationalize both technical and non-technical threat data.
Technically, OpenCTI uses a knowledge schema based on STIX 2 standards and is built as a modern web application with a GraphQL API. It supports integrations with tools and frameworks such as MISP and MITRE ATT&CK, and it is designed to link threat entities, observables, reports, dates, relationships, and confidence levels so analysts can turn fragmented information into structured intelligence.
Because of this approach, OpenCTI has become useful for threat intelligence teams that need to collect, correlate, enrich, and share intelligence in a consistent way. The project also supports imports, exports, and connector-driven workflows, making it easier to integrate intelligence into broader security operations and analysis pipelines.
The platform is still actively evolving. Filigran announced OpenCTI v7 on February 25, 2026, highlighting updates such as long-term support, RBAC improvements, browser-based intelligence workflows, and broader usability enhancements, which shows the project remains under active development and community use.
Today, OpenCTI stands out as one of the more important open source efforts focused on making threat intelligence more structured, collaborative, and operational for defenders. Samuel Hassine’s work has helped move CTI from static reporting toward a more connected knowledge platform that security teams can actually use in daily investigations.
Subscribe and Comment.
Copyright © 2026 911Cyber. All Rights Reserved.
Follow 911Cyber on: