search

OpenCTI-Platform / connectors

OpenCTI Connectors
https://www.opencti.io
Apache License 2.0
365 stars 397 forks source link

ALIENVAULT CONNECTOR TERMINATED LOG #2578

Open anavitgo opened 1 month ago

anavitgo commented 1 month ago 
  connector-alienvault:
    networks:
      - opencti-network
    image: opencti/connector-alienvault:6.2.13
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=4fe10786-3b0d-4af0-97e9-549f3040264b
      - CONNECTOR_NAME=AlienVault
      - CONNECTOR_SCOPE=alienvault
      - CONNECTOR_LOG_LEVEL=error
      - ALIENVAULT_BASE_URL=https://otx.alienvault.com
      - ALIENVAULT_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
      - ALIENVAULT_TLP=White
      - ALIENVAULT_CREATE_OBSERVABLES=true
      - ALIENVAULT_CREATE_INDICATORS=true
      - ALIENVAULT_PULSE_START_TIMESTAMP=2022-05-01T00:00:00                  # BEWARE! Could be a lot of pulses!
      - ALIENVAULT_REPORT_TYPE=threat-report
      - ALIENVAULT_REPORT_STATUS=New
      - ALIENVAULT_GUESS_MALWARE=true                                        # Use tags to guess malware.
      - ALIENVAULT_GUESS_CVE=true                                            # Use tags to guess CVE.
      - ALIENVAULT_EXCLUDED_PULSE_INDICATOR_TYPES=FileHash-MD5,FileHash-SHA1  # Excluded Pulse indicator types.
      - ALIENVAULT_ENABLE_RELATIONSHIPS=true                                  # Enable/Disable relationship creation between SDOs.
      - ALIENVAULT_ENABLE_ATTACK_PATTERNS_INDICATES=true                     # Enable/Disable "indicates" relationships between indicators and attack patterns
      - ALIENVAULT_INTERVAL_SEC=1800
    restart: always
    depends_on:
      - opencti
    volumes:
      - /usr/share/ca-certificates/root-2023.09.06.crt:/etc/ssl/certs/ca-certificates.crt:ro

All other connectors runs just fine (mitre, mitre-atlas, cve) but alien vault doesn't seem to work at all. Whenever I do docker logs to see alienvault logs all I get is: Terminated. Opencti currently looks like this:

Screenshot from 2024-08-14 14-25-09

anavitgo commented 1 month ago

I was trying to mount my certificate inside the container so it is not blocked by the firewall

anavitgo commented 1 month ago

@richard-julien

richard-julien commented 1 month ago

Transferring issue to connector repository.