Welcome to OpenCTI-Docker π
Docker-compose file to deploy OpenCTI with connectors
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.
Information
- This Docker-compose file include the following OpenCTI connectors :
| Name | Request a token/api key |
|---|---|
| Common Vulnerabilities and Exposures | β |
| VirusTotal | β |
| MITRE ATT&CK | β |
| OpenCTI | β |
| Cybercrime-Tracker | β |
| source ended in Nov '21 | |
| AM!TT | β |
| AlienVault | β |
| AbuseIPDB | β |
| Abuse.ch URLhaus | β |
| Malbeacon | β |
| CryptoLaemus | β |
| Shodan | β |
| Malpedia | β |
| CISA | β |
Usage
Tested on Ubuntu 20.04
git clone https://github.com/JMousqueton/OpenCTI-Docker/cd OpenCTI-Dockercp .env.sample .env- Modify .env file with your variables
sudo apt update && sudo apt upgrade -y && sudo apt install docker-composesudo docker-compose --profile start up -d- Wait a little and connect to http://<your_IP>:8080
Note:
- Use minio-keygen to generate minio keygen.
- use
uuid-gento generate TOKEN and connectors ID.
Scale
You can scale the number of worker up to X.
In the OpenCTI directory :
docker-compose scale worker=X
Upgrade
cd OpenCTI-Dockergit pulldocker-compose pulldocker-compose up -d
Note:
- To only update OpenCTI version, you can replace step 1 & 2 by editing the first line of .env with the targeted version.
References
- OpenCTI: https://www.opencti.io
- OpenCTI (sources): https://github.com/OpenCTI-Platform/opencti
- OpenCTI (Docker sources): https://github.com/OpenCTI-Platform/docker
- OpenCTI (Connectors sources): https://github.com/OpenCTI-Platform/connectors
Author
π€ Julien Mousqueton
- Website: https://julienm.io
- Twitter: @JMousqueton
- Github: @JMousqueton
- LinkedIn: Julien Mousqueton
- CV: https://jmousqueton.github.io
Show your support
Give a βοΈ if this project helped you!