EN / ES Write us
CAPABILITY // 01 // OPENCTI // PLATFORM REVIEW

OpenCTI Platform Review

OpenCTI is a powerful platform, but reaching a stable, integrated and operable on-premise version is non-trivial. If your inherited deployment or recent install isn't quite there — poor performance, broken integrations, weak identity, insufficient hardening — this service is for you.

Write us
AUTHORIZED FILIGRAN PARTNER

Authorized partner, precise scope.

KVERNO operates as an authorized Filigran partner for review, integration and hardening of OpenCTI deployments in on-premise or sensitive environments. Official support, Enterprise licensing and product roadmap belong to Filigran.

It's for you if
  • You have OpenCTI deployed or plan to in the short term.
  • You have identified operational issues or want to anticipate them before production.
  • You have platform budget and authority to engage external technical diagnostic.
  • You need a qualified second opinion before going live in production.
It's not for you if
  • You don't have OpenCTI nor concrete plans to adopt it.
  • You're looking for general cyber threat intelligence training. This service is focused on technical diagnostic and remediation plan.
  • You have an active incident and need immediate response. This service is not a substitute for a dedicated incident response engagement, although we can support at the platform layer.
  • You expect a generic MSSP or managed-everything contract. Our managed operations are scoped, selective and post-engagement.
WHAT'S INCLUDED

Review scope.

  1. 01

    Deployment audit

    Review of current architecture, underlying infrastructure, segmentation, storage, network, identity and observability.

  2. 02

    Performance and scale

    Bottleneck analysis on ingestion, indexing, queries, Elastic/Redis sizing, connector dimensioning.

  3. 03

    Integrations and data

    Connector state, ingested data quality, TAXII/STIX mapping, coherence with MISP/TheHive when applicable.

  4. 04

    Identity and RBAC

    Diagnostic of SSO/Authentik/Keycloak, roles, organizations, marking definitions, tenant segregation.

  5. 05

    Hardening and posture

    TLS, secrets, exposure, auditing, backup/restore. Preliminary alignment with operational and control requirements typical of NIS2/DORA contexts, where applicable.

  6. 06

    Remediation plan

    Document with prioritized findings (P0/P1/P2), estimated effort, dependencies and execution sequence.

HOW WE WORK

Two weeks. No surprises.

  1. 01 Day 1-2

    Technical kickoff

    NDA if it applies. Call with your team. Access to environment, documentation, read-only access.

  2. 02 Days 3-7

    Discovery + audit

    Remote work with your team. Evidence collection, technical sessions, validations.

  3. 03 Days 8-12

    Synthesis and plan

    We draft findings, prioritize, size effort. Validation with your CISO/technical lead.

  4. 04 Days 13-14

    Delivery and handover

    Closing workshop. Remediation plan delivered. Decision on next step (self-execution, Rescue, Hardening).

Pricing

Explicit band.

From 12 k€
Duration 2 weeks

Variables: deployment size, number of integrated connectors, depth of hardening audit, on-site travel (optional).

WHAT'S NOT INCLUDED

What's not included.

  • Execution of identified remediations (that's the Rescue & Hardening engagement).
  • Recurring managed operations (available for selected environments after rescue or hardening, not bundled here).
  • General OpenCTI training or education (we defer to trusted partners).
  • Active incident response (we route to a dedicated incident response team; we support at the platform layer).
EXPANSION PATH

What comes next.

If the remediation plan is executable internally by your team, we hand off the document and step back. If you prefer external execution, we can usually move into Rescue & Hardening without redoing discovery from scratch (4–8 weeks typical, extensions by CR). Managed operations may follow for selected environments.

See Rescue & Hardening
FAQ

Frequently asked.

01 Do I need OpenCTI already deployed?
Not strictly, but it helps. If you're at intent-to-deploy stage, we can run an Architecture Assessment first. If something is already running, the Review is more efficient.
02 Do you work on my team's deployment or on Filigran cloud?
Yours, on-premise. If you're on Filigran cloud and want to migrate to on-prem, that fits — the Review starts from your cloud and delivers a sovereign migration plan.
03 What if the assessment reveals I need to replace the platform?
We'll tell you directly, with technical arguments. We have no commission for keeping you on a platform that doesn't fit. If pivoting is the call, we'll recommend it before you burn 6 months of implementation.
04 Can you sign NDA before scoping?
Yes, mutual, standard template or yours. We sign before the first technical session if scope information is already sensitive.
05 Are you available for classified environments?
Yes, depending on level and procedure. Team with real operational experience in defense public-sector organizations.
06 Do you work on instances in air-gapped or disconnected environments?
Yes. The methodology adapts to environments without connectivity: on-site discovery under restricted access, evidence collected in verifiable format, and off-line deliverables. We've operated platforms on classified networks with no internet egress.

Let's talk about your OpenCTI.

Tell us where you are. If it fits, we'll say so directly. If it doesn't, we'll point you elsewhere.

Write us