To use the OpenCTI connector for integration with the OpenCTI Platform:
src/requirements.txt file, so that the version of the pycti package is the same as the version of the installed OpenCTI Platform.For example, if your OpenCTI Platform has version 5.9.6, then the src/requirements.txt file should be updated in the following way:
... pycti==5.9.6 ... |
We recommend running this connector from a container, when appropriate. To build docker container and use it with OCI runtime like Docker or Kubernetes, simply run the build command:
docker build -t kaspersky-feeds-for-opencti . |
Configuration parameters can be passed via a configuration file and/or via environment variables. By default, the container looks for the configuration file at the path /app/config.yml. The easiest way to prepare your configuration file is to copy the config.yml.sample sample configuration file from sources:
cp src/config.yml.sample config.yml |
opencti.url, opencti.token, and kaspersky.api_token parameters with the actual values. Check the Configuration section to see the list of the available parameters and their description.
In case of test launches, it is recommended to replace the connector.run_and_terminate parameter with the true value to launch the connector in one-shot mode, as well as to replace the kaspersky.initial_history parameter with some small value, like 3600 (equals to 1 hour), or reduce number of collections to use (for example, specify only TAXII_Malicious_Hash_Data_Feed) to receive less data from a TAXII server.
After successful build and prepared configuration, you can integrate produced container into your virtualization infrastructure or you can just launch the container by Docker locally to check the container:
docker run --rm -it --volume $(pwd)/config.yml:/app/config.yml kaspersky-feeds-for-opencti:latest |