Skip to content

SEKOIA-IO/opencti-connector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

opencti-connector

This repository contains the SEKOIA.IO connector for OpenCTI.

Installation

To install the connector you can follow the official OpenCTI connectors documentation.

Docker images

The docker images of the project can be found at https://github.com/orgs/SEKOIA-IO/packages?tab=packages&q=opencti-connector

To pull an image one the following commands should be used:

$ docker pull ghcr.io/sekoia-io/opencti-connector:latest
$ docker pull ghcr.io/sekoia-io/opencti-connector:4

To use the connector with the old 3.x version of OpenCTI the 3[.x[.x]] tags must be used when pulling the image:

$ docker pull ghcr.io/sekoia-io/opencti-connector:3
$ docker pull ghcr.io/sekoia-io/opencti-connector:3.3
$ docker pull ghcr.io/sekoia-io/opencti-connector:3.3.2

Specific parameters

Here are the parameters specific to the sekoia connector:

  • api_key: The API key to access the SEKOIA API, required.
  • base_url: The SEKOIA API base url, optional.
  • collection: The SEKOIA collections to use, optional

Those parameters are located under the sekoia category in the config file or are prefixed by SEKOIA_ in the docker compose environment parameters.

Example in the config.yml file:

sekoia:
  api_key: 'ChangeMe'  # Mandatory
  base_url: 'https://api.sekoia.io'  # Optional
  collection: 'd6092c37-d8d7-45c3-8aff-c4dc26030608'  # Optional

Example in the docker-compose.yml file:

connector-sekoia:
    environment:
      ...
      - SEKOIA_API_KEY=ChangeMe  # Mandatory
      - SEKOIA_BASE_URL='https://api.sekoia.io'  # Optional
      - SEKOIA_COLLECTION='d6092c37-d8d7-45c3-8aff-c4dc26030608'  # Optional

Examples

Docker compose

Here's a an example of the docker compose part that could be added to your main file to add the SEKOIA connector to the stack:

  connector-sekoia:
    image: ghcr.io/sekoia-io/opencti-connector:latest
    environment:
      - OPENCTI_URL=http://localhost:8080
      - OPENCTI_TOKEN=ChangeMe
      - CONNECTOR_ID=ChangeMe
      - CONNECTOR_TYPE=EXTERNAL_IMPORT
      - CONNECTOR_NAME=SEKOIA.IO
      - CONNECTOR_SCOPE=identity,attack-pattern,course-of-action,intrusion-set,malware,tool,report,location,vulnerability,indicator
      - CONNECTOR_CONFIDENCE_LEVEL=3
      - CONNECTOR_UPDATE_EXISTING_DATA=true
      - CONNECTOR_LOG_LEVEL=info
      - SEKOIA_API_KEY=ChangeMe
    restart: always

Config file

An example of the config file config.yml can be found in src/config.yml.sample.

About

SEKOIA.IO connector for OpenCTI

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases 3

Connector for OpenCTI 4.3.0 Latest
Mar 22, 2021
+ 2 releases

Packages

 
 
 

Contributors 2

  •  
  •  

Languages