OpenCTI Install - Install Your Own OpenCTI Stack!
Ғылым және технология
Join me as we deploy OpenCTI. The Open Source Threat Intelligence Platform! Let's deploy a Host Intrusion Detection System and SIEM with free open source tools. Join me as we explore and learn together.
Also check out Adrian's OpenCTI docker install here: blog.agood.cloud/posts/2020/0...
Security Operations Center as a Service: www.socfortress.co/
Buy Me A Coffee: www.buymeacoffee.com/opensecure
Win a $50 Gift Card: • CTF Challenge - Win a ...
Your Own Server: bit.ly/3Eug9Wf
Discord Channel: / discord
Check us out: www.opensecure.co/
Interact with our demo: www.opensecure.co/demo
Hire us: www.opensecure.co/contact-us
GitHub Repo: raw.githubusercontent.com/Ope...
OpenCTI Docs: www.notion.so/Installation-an...
Пікірлер: 72
You have been providing to us nice tutorials. Keep up the good work! 🎯
highly appreciated . thank you for creating this.
thank you for good intro on docker swarm.
Thanks a ton @OpenSecure for this tutorial. I managed to install OpenCTI on AWS EC2 instances. Cheers!
@zuiokopl2256
Жыл бұрын
Not getting UI while everything went smooth till IP:PORT
@openctithreatintel9088
Жыл бұрын
@@zuiokopl2256 same issue here. Did you find any solution?
@zuiokopl2256
Жыл бұрын
@@openctithreatintel9088 hello yes, I'll suggest to check your portainer logs for CTI on my logs there was issue with RAM
Mate, awesome video! Thanks!
What an awesome video!
Thanks. This gives me some ideas.
Wonderful Tutorial.
Amazing stuff.. are there anyways to export opencti data into a SIEM like microsoft sentinel?
very helpful, thanks ;)
Nice vid. I am up to the Docker Swarm part. What IP do I use for manage IP. I have a private 10.0... confused what to use. I am using opencti in Ubuntu for personal use
Great! thank you
Hey, thanks a lot for the video and explanations. I managed to install, configure and run in centos minimal.
@zuiokopl2256
Жыл бұрын
Not getting UI while everything went smooth till IP:PORT
@banano28_oficial
Жыл бұрын
@@zuiokopl2256 did you check if the docker instance is running? I think the cmd is: docker ps
@zuiokopl2256
Жыл бұрын
@@banano28_oficial Currently it shows like this CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9bcd3d4ebdd3 portainer/portainer-ce:2.11.1 "/portainer -H tcp:/…" 3 minutes ago Up 3 minutes 8000/tcp, 9000/tcp, 9443/tcp portainer_portainer.1.3ww87et8212z2q3vpjo6cmof2 9de082c80d8d portainer/agent:2.11.1 "./agent" 14 minutes ago Up 13 minutes portainer_agent.thim6okmfh9lmdv9fp131eczu.kpr2ibr2q1wwqamj1t7bk5tjb
@zuiokopl2256
Жыл бұрын
Can you help please?
great. thanks !
silly question: if i run this process on a single VM, what will be the open cti IP? AS I used manager IP once that is used as portainer ip.
PLease could you create a video showing how to cluster open CTI?
What's that terminal session application on the right side called?
Just to help anyone that may come across the same issue: I had difficulty with Portainer - it kept dropping the connection. The solution is to restart the portainer service and the portainer agent service. TO do this: 1. Find the ids of the services using: docker ps command 2. restart them using: docker restart Portainer should then reconnect
@NguyenCuong-rw9zr
Жыл бұрын
I tried but not working
I did the whole set-up but only on one machine, what is the command to start docker wothout using docker-swarm manager.
sir is there are any method to connect the zeek and the openCTI..
I am not able to view the open cti UI , containers are running fine though . kindly help
what software u r using as a terminal .
Hey. I followed the steps however containers are not getting created looking at the services it shows "mkdir /var/lib/docker: read-only file system" error. Can someone please help me out?
I have a Dropping connection on port 8080 , After deploy stack i cant connect to
I have a problem. When i start to deploy the opencti stack it shows me an error that the stack had not been created and in container menu the opencti containers are stoped. Im running crazy. Plz help
Already follow this tutorial but im stack while open it in browser with port 8080
nice
please a question necesary i need install docker SWARN???????? Uu
Everything is working properly but I got some issues when I tried to run opencti it doesn't work it shows me unhealth what is the issues
What is the name of the app on the right side of your screen?
Thank you for the tutorial, it greatly helped. I am having an error, where I am not able to view the open cti UI (The final step) My containers are running fine though @OpenSecure
@mdmehedyhasan4078
Жыл бұрын
Hi, I am having the same issue. No luck at the last stage opening opencti UI. Let us know if you find any solution. TIA
@jonathangonzalez296
Жыл бұрын
did you get this fixed?
you have opencti in OVA?
Hello ! I'm trying to install it manually but I'm stuck with a certificate problem with rabbitmq :/ Can you make a video of the manual installation ? :)
@taylorwalton_socfortress
2 жыл бұрын
Hey Brando, I will try to get around to that, probably wont be for awhile though. Any reason why you cannot go the docker route? Thanks for watching!
Trying to setup in a single server (Ubuntu 22) .. got stuck on this part .. when running this command: docker stack deploy --compose-file=portainer-agent-stack.yml portainer I got this error message: this node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again
@Vorschit
Жыл бұрын
any solution regarding this?
Thanks for the awesome tutorial! Managed to set this up once. Im trying to set it up again with a domain and https. Any suggestions on the best way to go about it? Would I just have to run letsencrypt on the manager node or would I have to do changes on the docker compose file?
@taylorwalton_socfortress
2 жыл бұрын
Glad you got some value out of it :). I would recommend using a reverse proxy such as Nginx or Apache to sit in front of your Opencti Plaform stack. Then you can use letsencrypt to generate a free cert and provide some security around the web app. There are a ton of posts out on the internet detailing setting up a simple reverse proxy that could hopefully be helpful. Thanks for watching :)
I have a single box of 16 ram and 8 core followed your process but opencti platform is not getting spinup. Can you please help me out
@taylorwalton_socfortress
2 жыл бұрын
what do the logs of the elasticsearch and redis containers look like? OpenCTI requires these services to be running in a healthy state prior to the OpenCTI platform service running.
I can never start up opencti given that I follow all the steps
At the moment I have issues with the swarm, the second vm isn't load balancing. Do you know any trick to make it works?
@taylorwalton_socfortress
2 жыл бұрын
What is it not load balancing? Are containers not getting spun up on it? Have you tried specifying the host for the image to bind too in the docker-compose file?
@banano28_oficial
2 жыл бұрын
@@taylorwalton_socfortress being honest I'm not skilled in Docker. Do you have something I can use to understand the swarming procedure? But my issue is that the second VM is not receiving the orders to share resources in portainer shows "rejected" and when a list nodes it says that the second VM is down. Also, I'm using centos 7 minimal as my os
Hi, I followed the installation steps but unable to access opencti web ui. Can you please look into this issue? Thanks
@taylorwalton_socfortress
2 жыл бұрын
Check your redis, elasticsearch, and rabbitmq containers logs to ensure those are first running properly. The OpenCTI platform will not spin up correctly if either of those 3 containers are having issues.
@bakhtawar9599
2 жыл бұрын
Yes, elastic search seems down. How can it be fixed?
@bakhtawar9599
Жыл бұрын
@@zuiokopl2256 I installed without docker swarm. Instead I went for installation on a single node. That way it works fine.
@whotopu
Жыл бұрын
@@bakhtawar9599 if i run this process on a single VM, what will be the open cti IP? AS I used manager IP once that is used as portainer ip.
What is the name of the tool that you used to access the server?
@ollytbh
Жыл бұрын
I think it's Termius - I googled around as I also wanted to know
quick dumb question what vm are u running?
@wecantalkaboutit5312
2 жыл бұрын
he is using docker (docker-compose, swarm, etc)
@banano28_oficial
2 жыл бұрын
@@wecantalkaboutit5312 I think he means the one windows in the right view. I do have the same question.
@zuiokopl2256
Жыл бұрын
@@banano28_oficial thats Termius
@ollytbh
Жыл бұрын
@@banano28_oficial I think it's Termius - I googled around as I also wanted to know
Maybe a dumb question but if you have MISP running in your environment, what is the reason to deploy OpenCTI?
@ollytbh
Жыл бұрын
Different native feeds and different options for correlation / enrichment / export etc. We have an organisation that only supports MISP output, so we take that then feed it into OpenCTI.
I literally can spin up misp in like 5 minutes
Docker info: Swarm: error Error: rpc error: code: deadlineExceeded desc= contexto deadline exceeded Warning: No swap limit support. When I want do docker Swarm join - - token........ Show: this node is already parte of a Swarm. Use docker Swarm leave
@joelmejia6702
Жыл бұрын
Then node left the Swarm, And execute docker again And show error again: This node is already parte of a Swarm..... Please helpme