OpenCTI Charm
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/stable | 17 | 21 Mar 2025 | |
| latest/edge | 46 | Today |
juju deploy opencti
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
OpenCTI charm.
<!-- Avoid using this README file for information that is maintained or published elsewhere, e.g.: * metadata.yaml > published on Charmhub * documentation > published on (or linked to from) Charmhub * detailed contribution guide > documentation or CONTRIBUTING.md Use links instead. -->
OpenCTI Operator
A Juju charm for deploying and managing the OpenCTI open source threat intelligence platform in your systems.
This charm simplifies the configuration and maintenance of OpenCTI system and commonly used OpenCTI connectors across a range of environments, enabling users to collect, correlate, and leverage threat data at strategic, operational and tactical levels.
For information about how to deploy, integrate, and manage this charm, see the Official OpenCTI Charm Documentation.
Get started
In this section, we will deploy the base OpenCTI charm.
You’ll need a workstation, e.g., a laptop, with sufficient resources to launch a virtual machine with 4 CPUs, 8 GB RAM, and 50 GB disk space.
Set up
You can follow the tutorial here to set up a test environment for Juju.
Deploy databases on the VM model
First, deploy the OpenSearch and RabbitMQ databases on the VM model. However, before deploying the OpenSearch database, we need to configure certain kernel parameters on the host as required by the OpenSearch charm.
sudo tee -a /etc/sysctl.conf > /dev/null <<EOT
vm.max_map_count=262144
vm.swappiness=0
net.ipv4.tcp_retries2=5
fs.file-max=1048576
EOT
sudo sysctl -p
juju model-config --file=./cloudinit-userdata.yaml
Now, deploy the OpenSearch and RabbitMQ database using charms.
juju switch lxd:welcome-lxd
juju deploy self-signed-certificates
juju deploy opensearch --channel 2/stable --num-units 3
juju deploy rabbitmq-server --channel 3.9/stable
juju integrate self-signed-certificates opensearch
Create Juju offers
Next, we will create some offers for cross-model integrations.
juju offer opensearch:opensearch-client opensearch-client
juju offer rabbitmq-server:amqp amqp
Deploy the OpenCTI charm
In the Kubernetes model, deploy the OpenCTI charm along with the rest of dependencies.
juju switch lxd:welcome-microk8s
juju deploy minio --channel ckf-1.9/stable --config access-key=minioadmin --config secret-key=minioadmin
juju deploy s3-integrator --config "endpoint=http://minio-endpoints.welcome-microk8s.svc.cluster.local:9000" --config bucket=opencti
juju deploy redis-k8s --channel latest/edge
juju deploy nginx-ingress-integrator --trust --revision 109 --channel latest/edge --config path-routes=/ --config service-hostname=opencti.local
juju deploy opencti --channel latest/edge
Configure and integrate
Configure minio to provide a S3 compatible storage for the OpenCTI charm.
export AWS_ACCESS_KEY_ID=minioadmin
export AWS_SECRET_ACCESS_KEY=minioadmin
export AWS_ENDPOINT_URL=http://$(juju status --format=json | jq -r '.applications.minio.units."minio/0".address'):9000
aws s3 mb s3://opencti
juju run s3-integrator/0 sync-s3-credentials --string-args access-key=minioadmin secret-key=minioadmin
Integrate the OpenCTI charm with all its dependencies.
juju integrate opencti lxd:admin/welcome-lxd.opensearch-client
juju integrate opencti lxd:admin/welcome-lxd.amqp
juju integrate opencti redis-k8s
juju integrate opencti s3-integrator
juju integrate opencti nginx-ingress-integrator
Create an admin user and access OpenCTI
Create the initial admin user for the OpenCTI deployment and provide it to the OpenCTI charm.
OPENCTI_ADMIN_USER_SECRET_ID=$(juju add-secret opencti-admin-user email=admin@example.com password=test)
juju grant-secret opencti-admin-user opencti
juju config opencti admin-user=$OPENCTI_ADMIN_USER_SECRET_ID
When the OpenCTI charm has completed deployment and installation, you can
access OpenCTI from a browser. First, we need to modify the /etc/hosts file
to point the opencti.local domain to the IP address of the virtual machine.
After that, we can access the OpenCTI instance in the browser using the address
http://opencti.local and the test admin username admin@example.com and
password test.
Integrations
The opencti-connector integration integrates the OpenCTI charm and OpenCTI
connector charms. OpenCTI connectors are add-ons used by OpenCTI for platform
integration with other tools and applications. The OpenCTI connector
charms help with the deployment, configuration, and management of OpenCTI
connectors.
Existing OpenCTI connector charms can be found here.
Deploy and integrate an OpenCTI connector charm with:
juju deploy opencti-export-file-stix-connector --channel latest/edge
juju integrate opencti opencti-export-file-stix-connector