Overview
This is a repackaged open source software product with fees associated with security features and a ready to deploy secure OpenCTI CE . Decyphertek has secured OpenCTI CE by running it in docker within an Immutable OS called Flatcar Linux. OpenCTI CE is also secure behind an nginx reverse proxy with self signed certs. Flatcar Linux is self updating and the docker containers run on first boot. Easily manage your OpenCTI with the latest Portainer provided. OpenCTI is an open-source platform designed to facilitate the collection, storage, and dissemination of cyber threat intelligence. It offers a structured environment for the analysis and sharing of technical and non-technical information, enhancing an organization's ability to understand and respond to cybersecurity threats. With its user-friendly interface and robust integrations, OpenCTI is an essential tool for cybersecurity professionals seeking to streamline their intelligence operations.
Highlights
- OpenCTi CE Features: * Threat Intelligence * Data Visualization * Knowledge management * Observables and indicators * Case Management
- Security Features: * Immutable OS - Flatcar Linux * Auto-Updating OS * Containerized Server * Nginx Reverse proxy W/ SSL certs * Easily manage with Portainer
Details
Typical total price
$0.196/hour
Pricing
Free trial
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
---|---|---|---|
t2.large | $0.03 | $0.093 | $0.123 |
t2.xlarge | $0.03 | $0.186 | $0.216 |
t2.2xlarge | $0.03 | $0.371 | $0.401 |
t3.large | $0.03 | $0.083 | $0.113 |
t3.xlarge Recommended | $0.03 | $0.166 | $0.196 |
t3.2xlarge | $0.03 | $0.333 | $0.363 |
t3a.large | $0.03 | $0.075 | $0.105 |
t3a.xlarge | $0.03 | $0.15 | $0.18 |
t3a.2xlarge | $0.03 | $0.301 | $0.331 |
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
Refunds Available Upon Request.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
Note:
- Opencti Requires at least 4cpu + 16GB RAM + 20GB storage. Xlarge Instance and larger is required.
- Please allow up to 10 minutes for OpenCTI to be accessible.
- Dashboards takes up to 30-60 minutes to pull in data and populate the visuals.
- I have set basic connectors - Mitre, CISA , Threafox , and some internal enrichment.
- To see the data ingestion progress > Data > Ingestion > Connectors
SSH Into the server:
- Linux + MAC - add .pem key to ~/.ssh/id_rsa > change permisisons > chmod 400 id_rsa
- ssh core@ip-of-server
- If using putty or mobaxterm make sure to convert .pem using puttygen.
Passwords - DB AND/OR User:
- ssh into server
- cat ~/.docker/.env
- This will display the randomly generated passwords for DB AND/OR User.
OpenCTI CE:
- Login > https://ip-of-server username: admin@opencti.io Password: ( From terminal run : cat ~/.docker/.env | grep OPENCTI_ADMIN_PASSWORD )
- Please be patient, If you access too early you may get a 502 gateway error, since OpenCTI isnt ready yet.
Add an OpenCTI connector:
-
You can add a connector without bringing down Opencti and can just add to it.
-
cd ~/.docker/connectors-6.1.12/external-import/{Connector-Name-HERE}
-
vim docker-compose.yml
-
Change the following in Environment and add API Key / User / Password if required ( Add Container Name to easily manage / Troubleshoot . )
-
Get Opencti Admin Token > cat ~/.docker/.env | grep OPENCTI_ADMIN_TOKEN
-
Generate a UUID > cat /proc/sys/kernel/random/uuid
container_name: CUSTOM-NAME-HERE environment: - OPENCTI_URL=http://opencti:8080 - OPENCTI_TOKEN=Run_Command_above_to_Get_Token - CONNECTOR_ID=GENERATE_A_RANDOM_UUID
-
Make sure to Add it to the Network > Opencti-net:
restart: always networks: docker_opencti-net:
networks: docker_opencti-net: external: true
-
Once those parameters are changed and added run > docker-compose up -d
-
Check Connector > Login > Data > Ingestion > Connectors > look for the new connector
-
From Terminal: If you have issues run > docker logs CUSTOM-NAME-HERE
Enabled Rss Feeds:
-
Data > Ingestion > Rss Feeds > Add your rss feed > Once created > Click on right side , three buttons > Start
Portainer - Manage Docker:
- How to access Portainer to manage your containers > https://ip-of-server:9443
- Follow the instructions to create a new admin account.
- Caution - Portainer can timeout if you dont create an account fast enough
- If this happens you need to restart the container, ssh into the server, then run. > docker restart portainer
- Once logged into portainer, click get started and select local. You can manage docker from here.
Manage Flatcar Linux:
- Optional: Manaully update Flatcar. Updates will happen automatically.
- If you want to manually check for updates run this command: update_engine_client -update
References: https://docs.docker.com/ https://docs.portainer.io/ https://docs.opencti.io/latest/ https://www.flatcar.org/docs/latest
Support
Vendor support
We do not offer support.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.