Industrialize your CTI workflows with GLIMPS Malware and OpenCTI

Faced with increasingly fast and polymorphic threats, CTI teams can no longer limit themselves to manually enriching indicators. Without automation, they waste valuable hours:

• Manually analyzing each artifact
• Switching between platforms to find specialized analyses
• Consolidating results into their STIX/CTI database

This fragmentation slows down detection, increases MTTR (Mean Time to Respond), and causes fatigue that negatively impacts the quality and speed of investigations.

To solve this issue, GLIMPS and OpenCTI have developed a dual connector to provide you with:

• Real-time multi-engine enrichment in OpenCTI with GLIMPS Malware

• An alerting channel in GLIMPS Malware with OpenCTI

The GLIMPS Malware connector automates the sorting, characterization, and analysis of malware within OpenCTI:

1. Analyzes artifacts (files) contained in OpenCTI
2. Provides real-time enrichment of your STIX object via the GLIMPS Malware Detect API
3. Adds an “External References” link to switch to the GLIMPS Malware Expert interface and explore each verdict in detail

The GLIMPS Malware Alerting connector reverses the flow: for each malware detection or suspicious file identified by GLIMPS, it:

1. Formats the alert as a STIX object
2. Automatically pushes the new bundle into OpenCTI
3. Notifies your SOC/CERT team directly

The alert threshold is fully customizable and can be segmented according to the detection engine used (e.g., YARA).

Both connectors enrich your OpenCTI platform with the following information:

• Generated STIX objects: score, files, malware, malware-analysis, indicator, observable, external-reference, labels
• Types of indicators: hashes (MD5/SHA1/SHA256), filenames, URLs, domains, etc.

With the combined technologies of Filigran and GLIMPS, CTI teams gain access to a next-generation detection and enrichment solution whose main advantages include:

1. Seamless Integration: Simplifies the import and use of indicators of compromise (IoCs) directly within your OpenCTI platform
2. Advanced Automation: Automates IoC analysis and classification tasks, reducing reaction time and increasing security process efficiency
3. Threat Visualization and Management
   
4. CTI Data Enrichment: Connectors enrich data with detailed contextual information, enhancing analysts’ decision-making capabilities
5. Collaboration and Knowledge Sharing: All analyses performed by the connector are visible in the GLIMPS Malware Expert platform, fostering collaboration between teams thanks to centralized analysis and sharing features

“As a former CTI analyst, I know how time-consuming it can be to correlate alerts, qualify IoCs, and produce actionable reports — all under tight deadlines and pressure. That’s exactly what we wanted to automate with these connectors. This project was born from a simple observation familiar to every analyst: intelligence is only useful if it can be leveraged at the right time, not afterwards.”
 — Jordan Théodore – VP Product Engineering North America – GLIMPS