OpenCTI

Benefits

• Best pricing assured with flexible adoption options to cater for every institution
• Centralised threat intelligence management with actionable, structured intelligence
• Secure collaboration and sharing across teams, the sector and trusted communities
• Reduced manual effort through automation to facilitate a proactive security posture
• Agreement aligns with upcoming activity from Jisc's Threat Intelligence team

Important dates

Agreement start: 01 March 2026

Agreement end: 28 February 2029

Invoice date: Invoices will be issued three months in advance of the licence anniversary date.

Commitment Period

Institutions may participate in the Agreement at any time during the agreement period, and are bound by its Terms and Conditions, including payments, until the end of the Institution’s chosen Commitment (Licence) Period

Licence type

Per instance

Trial

Contact Chest Help for more information.

Eligible Institutions

Higher and Further Education and Research Councils in the United Kingdom, and to Universities and Colleges of Further Education in the Republic of Ireland.   Other organisations supporting education, including research bodies and the public sector, may ask to participate in the Agreement. Chest will liaise with the Supplier about any such requests 

Background Information 

This agreement aligns with SUPC's SLRA Lot 4, with Softcat having been appointed as reseller.

The agreement also ties into Jisc's Threat Intelligence team's use of OpenCTI (see Product Information tab)

Supplier Details

Licensor: Filigran, a French simplified joint-stock company (SAS), with its principal place of business at 66 avenue des Champs Elysées, 75008 Paris, France. 

Website: www.filigran.io

Company Overview: Filigran, a cybersecurity company founded in 2022, offers open-source, AI-powered solutions covering end-to-end threat intelligence management, attack simulation, and security posture validation.

Product Descriptions

This agreement offers OpenCTI, an open-source Threat Intelligence Platform that allows organisations to unify, operationalise and prioritise threat intelligence to make your SecOps better with their open-source threat intelligence platform. It provides the following benefits: 

Centralised intelligence hub – Aggregate internal reporting, OSINT and commercial feeds into one structured, STIX-native platform, eliminating silos and creating a single source of truth for your CTI function.

Deep relationship modelling – Map connections between threat actors, campaigns, malware, tools, vulnerabilities and indicators to build rich, contextual intelligence that supports both strategic and operational decision-making. 

Actionable outputs for security teams – Produce intelligence that directly supports SOC, incident response and vulnerability management workflows, improving prioritisation and reducing noise.

Automation across the intelligence lifecycle – Automate ingestion, enrichment, correlation and dissemination to reduce manual effort, increase consistency and accelerate time to insight.

Seamless security stack integration – Integrate with SIEM, SOAR and EDR solutions to operationalise intelligence and strengthen detection and response capabilities.

Flexible deployment and collaboration – Deploy as secure SaaS or self-hosted open source, with granular access controls to enable trusted internal and cross-sector intelligence sharing.

The Agreement offers four different solutions:

1. Stream & Self-Host - the OpenCTI Community Edition - is available for free.  Institutions can host OpenCTI themselves, in due course receiving the Jisc cyber threat intelligence data stream (see below), ensuring that the deliverables from the team can be received by any member.
   
   
2. Managed Starter - OpenCTI Enterprise Edition - Extra Small SaaS instance.  Institutions take advantage of a fully managed SaaS instance that removes the overhead of maintaining OpenCTI on their own infrastructure and enables access to the Enterprise Edition features.  Managed Starter is appropriate for institutions receiving intelligence from a very limited number of sources.
   
   
3. Automated workflows - OpenCTI Enterprise Edition - Small SaaS instance.  Over and above the Managed Starter, this instance size would enable members to automate how they use the threat intelligence streams from the Jisc OpenCTI instance as well as ingest some additional OSINT.  This version is appropriate for institutions receiving intelligence from around five different sources.
   
   
4. Advanced Insights - OpenCTI Enterprise Edition - Medium SaaS instance.  Over and above Automated workflows, this instance size would enable members to ingest premium intelligence from commercial intelligence providers (e.g. Google, CrowdStrike etc)

Important Information

In the coming months, Jisc will be adopting OpenCTI and becoming the central node, sharing all our threat intelligence information.  More information on this will be shared via Jisc's Cyber Community and via Licensing newsletters when available.

https://www.jisc.ac.uk/cyber-threat-intelligence 

Trials

Free trials are available via Filigran's XTM Hub: https://hub.filigran.io. Contact Chest Help for more information.

Product Documentation

Filigran provides access to full documentation, deployment guides and best practice via: https://docs.opencti.io/latest

Training and Training Materials

Filigran Academy can be accessed here: https://academy.filigran.io/

Technical Support 

All institutions purchasing through this agreement will receive Filigran's Standard Support, including: 

• Ticketing system 
• 8/5 support coverage 
• Security notifications 
• Hot fixes and bug escalation 
• Unlimited support portal access 
• Unlimited questions and issues 
• Privileged access to Filigran Academy 

Supplier Web Address: https://filigran.io/

For more information contact: ross.macara@filigran.io

System releases, new versions and functionality

Details of system releases and/or new versions and/or new supporting documentation will be shared directly with licensed institutions when available.