Well this one was a bit of a learning experience for me. You see I have dabbled in the past with Traefik which seems to fit naturally when it comes to reverse proxy and Docker, but my efforts have come up short in the past through no fault but my own. Perhaps it was the fact I was trying to run before I could even crawl. Not to worry though.
While im still getting myself familiar with OpenCTI and building out an actor profile, I thought I’d link it up with my MISP instance. OpenCTI provides a connector to do this which will require an update to the docker-compose.yml file and an update of the stack. If you have been following along, this post is a continuation of Installing OpenCTI. To add the MISP connector, login to Portainer and select Stacks, opencti.
OpenCTI is an open source Cyber Threat Intelligence platform that provides a powerful knowledge management database for storing, organising and sharing knowledge about cyber threats and uses the STIX2 schema for it structure. It has been designed for CTI analysts. The platform is built on Modern technologies of Grakn, GraphQL, Elastic, RabbitMQ, Redis and React. The project is available as a docker image which make installation simple. While I’m probably not going to do the best job of talking up the full feature set of this platform, you can view more about it on their website and github page.