IntelMQ vs OpenCTI
GitHub Stats
About IntelMQ
IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments) to collect and process security feeds, pastebins, and tweets using a message queue protocol. It provides a modular bot framework where collector bots fetch data from sources, parser bots normalize it into a standard format (IDEA), expert bots enrich and filter, and output bots distribute to databases, ticketing systems, or downstream tools. IntelMQ handles hundreds of feed formats (abuse.ch, Shadowserver, MISP, PhishTank, etc.) and deduplicates across sources. The web management interface (IntelMQ Manager) allows visual pipeline configuration and monitoring.
About OpenCTI
OpenCTI is an open-source platform for managing cyber threat intelligence knowledge and observables. Built on a STIX2-native data model, it provides a unified view of threat data including threat actors, intrusion sets, campaigns, malware, vulnerabilities, and their relationships. OpenCTI uses a graph database (Neo4j or Amazon Neptune) to store and visualize complex relationships between entities, making it easy to understand how threat actors, TTPs, and infrastructure are connected. It supports connectors for automatic ingestion from MISP, AlienVault, VirusTotal, Shodan, and dozens of other sources. The platform includes role-based access control, workflow management for analyst collaboration, and export capabilities for integration with SIEMs and SOAR platforms.
Platform Support
Tags
IntelMQ only
OpenCTI only