Configure Connectors

Connectors are manual uploads/imports, as well as API endpoints for data fees.

OpenCTI provide several connectors on their GitHub repository

In this example we'll use the Malware Bazaar recently added items.

version: '3'
services:
  connector-malware-bazaar-recent-additions:
    image: opencti/connector-malwarebazaar-recent-additions:5.2.4
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=ChangeMe
      - CONNECTOR_ID=ChangeMe
      - CONNECTOR_TYPE=EXTERNAL_IMPORT
      - "CONNECTOR_NAME=MalwareBazaar Recent Additions"
      - CONNECTOR_CONFIDENCE_LEVEL=50 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_UPDATE_EXISTING_DATA=true
      - CONNECTOR_LOG_LEVEL=info
      - MALWAREBAZAAR_RECENT_ADDITIONS_API_URL=https://mb-api.abuse.ch/api/v1/
      - MALWAREBAZAAR_RECENT_ADDITIONS_COOLDOWN_SECONDS=300 # Time to wait in seconds between subsequent requests
      - MALWAREBAZAAR_RECENT_ADDITIONS_INCLUDE_TAGS=exe,dll,docm,docx,doc,xls,xlsx,xlsm,js # (Optional) Only download files if any tag matches. (Comma separated)
      - MALWAREBAZAAR_RECENT_ADDITIONS_INCLUDE_REPORTERS= # (Optional) Only download files uploaded by these reporters. (Comma separated)
      - MALWAREBAZAAR_RECENT_ADDITIONS_LABELS=malware-bazar # (Optional) Labels to apply to uploaded Artifacts. (Comma separated)
      - MALWAREBAZAAR_RECENT_ADDITIONS_LABELS_COLOR=#54483b # Color to use for labels
    restart: always

Replace OPENCTI_URL with your static IP (or hostname), for example

OPENCTI_URL=http://172.18.0.8:8080

You'll want the IP address of the OpenCTI container to be accessible from the container created for this connector. To do this, append the following to the bottom of the above example;

networks:
  default:
    external:
      name: opencti_default (replace this with your default network's name)

Go back to Portainer. Stack. Add Stack. Name: Malware-Bazaar-feed. Same process as before, paste the above contents into web editor (with the appropriately changed values of course). Deploy the stack. Give it 1-2 minutes, and then go back to Portainer > Containers and make sure the container is running, it's healthy, and it is joined to the correct network.

PreviousContainer Management NextSetting Up Nessus (Essentials)

Last updated 3 years ago

Was this helpful?

version: '3' services: connector-malware-bazaar-recent-additions: image: opencti/connector-malwarebazaar-recent-additions:5.2.4 environment: - OPENCTI_URL=http://opencti:8080 - OPENCTI_TOKEN=ChangeMe - CONNECTOR_ID=ChangeMe - CONNECTOR_TYPE=EXTERNAL_IMPORT - "CONNECTOR_NAME=MalwareBazaar Recent Additions" - CONNECTOR_CONFIDENCE_LEVEL=50 # From 0 (Unknown) to 100 (Fully trusted) - CONNECTOR_UPDATE_EXISTING_DATA=true - CONNECTOR_LOG_LEVEL=info - MALWAREBAZAAR_RECENT_ADDITIONS_API_URL=https://mb-api.abuse.ch/api/v1/ - MALWAREBAZAAR_RECENT_ADDITIONS_COOLDOWN_SECONDS=300 # Time to wait in seconds between subsequent requests - MALWAREBAZAAR_RECENT_ADDITIONS_INCLUDE_TAGS=exe,dll,docm,docx,doc,xls,xlsx,xlsm,js # (Optional) Only download files if any tag matches. (Comma separated) - MALWAREBAZAAR_RECENT_ADDITIONS_INCLUDE_REPORTERS= # (Optional) Only download files uploaded by these reporters. (Comma separated) - MALWAREBAZAAR_RECENT_ADDITIONS_LABELS=malware-bazar # (Optional) Labels to apply to uploaded Artifacts. (Comma separated) - MALWAREBAZAAR_RECENT_ADDITIONS_LABELS_COLOR=#54483b # Color to use for labels restart: always