Hi everyone, before starting the installtion OpenCTI, let's discover how OpenCTI is working, dependencies are needed.
OpenCTI core
2
8GB
Workers
1
128MB
Connectors
Connectors in OpenCTI are external Python processes that integrate with the platform via the GraphQL API and message queues (RabbitMQ)
EXTERNAL_IMPORT
Pull data from external threat intelligence sources, convert it to STIX 2 and ingest it into OpenCTI
MISP, MITRE ATT&CK, CVE, AlienVault, Mandiant, v.v.
INTERNAL_ERICHMENT
React to new data or enrich request in OpenCTI. Pull enrichment infomation from external resource and update existing entities.
Shodan, VirusTotal, Whois, v.v.
INTERNAL_IMPORT_FILE
Parse file upload via the UI/API and convert their contents to STIX2 for ingestion.
STIX 2.1, PDF, HTML, Text
INTERNAL_EXPORT_FILE
Generate export of data in OpenCTI
STIX 2.1, CSV, PDF
Stream
Subscribe to real-time data streams (with RabbitMQ) from the platform the perform actions like forwarding or trigger external system,
Send log to SIEM (ELK, Wazuh, Splunk, v.v.) syns with external DB.
ElasticSearch / OpenSearch
>=8.0 / >=2.9
Redis
>=7.1
RabbitMQ
>=3.1
S3 / MinIO
>= RELEASE.2023-02
Last updated 7 months ago
