A Juju charm for deploying and managing the OpenCTI open source threat intelligence platform in your systems.
This charm simplifies the configuration and maintenance of OpenCTI system and commonly used OpenCTI connectors across a range of environments, enabling users to collect, correlate, and leverage threat data at strategic, operational and tactical levels.
For information about how to deploy, integrate, and manage this charm, see the Official OpenCTI Charm Documentation.
In this section, we will deploy the base OpenCTI charm.
You’ll need a workstation, e.g., a laptop, with sufficient resources to launch a virtual machine with 4 CPUs, 8 GB RAM, and 50 GB disk space.
You can follow the tutorial here to set up a test environment for Juju.
First, deploy the OpenSearch and RabbitMQ databases on the VM model. Note that deploying the OpenSearch database requires you to configure certain kernel parameters on the host as required by the OpenSearch charm. The sysconfig charm will be used for this.
juju switch lxd:welcome-lxd
juju deploy self-signed-certificates
juju deploy opensearch --channel 2/stable --num-units 3
juju deploy sysconfig --channel latest/stable --config sysctl="{vm.max_map_count: 262144, vm.swappiness: 0, net.ipv4.tcp_retries2: 5, fs.file-max: 1048576}"
juju integrate sysconfig opensearch
juju deploy rabbitmq-server --channel 3.9/stable
juju integrate self-signed-certificates opensearchNext, we will create some offers for cross-model integrations.
juju offer opensearch:opensearch-client opensearch-client
juju offer rabbitmq-server:amqp amqpIn the Kubernetes model, deploy the OpenCTI charm along with the rest of dependencies.
juju switch lxd:welcome-microk8s
juju deploy minio --channel ckf-1.9/stable --config access-key=minioadmin --config secret-key=minioadmin
juju deploy s3-integrator --config "endpoint=http://minio-endpoints.welcome-microk8s.svc.cluster.local:9000" --config bucket=opencti
juju deploy redis-k8s --channel latest/edge
juju deploy nginx-ingress-integrator --trust --revision 109 --channel latest/edge --config path-routes=/ --config service-hostname=opencti.local
juju deploy opencti --channel latest/edgeConfigure minio to provide a S3 compatible storage for the OpenCTI charm.
export AWS_ACCESS_KEY_ID=minioadmin
export AWS_SECRET_ACCESS_KEY=minioadmin
export AWS_ENDPOINT_URL=http://$(juju status --format=json | jq -r '.applications.minio.units."minio/0".address'):9000
aws s3 mb s3://opencti
juju run s3-integrator/0 sync-s3-credentials --string-args access-key=minioadmin secret-key=minioadminIntegrate the OpenCTI charm with all its dependencies.
juju integrate opencti lxd:admin/welcome-lxd.opensearch-client
juju integrate opencti lxd:admin/welcome-lxd.amqp
juju integrate opencti redis-k8s
juju integrate opencti s3-integrator
juju integrate opencti nginx-ingress-integratorCreate the initial admin user for the OpenCTI deployment and provide it to the OpenCTI charm.
OPENCTI_ADMIN_USER_SECRET_ID=$(juju add-secret opencti-admin-user email=admin@example.com password=test)
juju grant-secret opencti-admin-user opencti
juju config opencti admin-user=$OPENCTI_ADMIN_USER_SECRET_IDWhen the OpenCTI charm has completed deployment and installation, you can
access OpenCTI from a browser. First, we need to modify the /etc/hosts file
to point the opencti.local domain to the IP address of the virtual machine.
After that, we can access the OpenCTI instance in the browser using the address
http://opencti.local and the test admin username admin@example.com and
password test.
The opencti-connector integration integrates the OpenCTI charm and OpenCTI
connector charms. OpenCTI connectors are add-ons used by OpenCTI for platform
integration with other tools and applications. The OpenCTI connector
charms help with the deployment, configuration, and management of OpenCTI
connectors.
Existing OpenCTI connector charms can be found here.
Deploy and integrate an OpenCTI connector charm with:
juju deploy opencti-export-file-stix-connector --channel latest/edge
juju integrate opencti opencti-export-file-stix-connector