search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.42k stars 947 forks source link

How to Import Data from OpenCTI Connectors into Elasticsearch for Task Creation and Data Exchange? #4417

Open rached64 opened 1 year ago

rached64 commented 1 year ago

Hello everyone,

I'm working on a project where I need to import data from OpenCTI connectors into Elasticsearch to create tasks. These tasks will be used for various purposes, including API development and data exchange with tools like Kibana.

Specifically, I'm looking for guidance on how to:

API Development: I want to expose a REST API endpoint (e.g., /threat-intelligence/query) that allows external tools to request specific threat intelligence data from the data stored in Elasticsearch. How can I achieve this integration with OpenCTI connectors and Elasticsearch?

Data Exchange: Additionally, I want to expose the data from my threat intelligence dashboard via a RESTful API endpoint (e.g., /threat-dashboard-data) so that external systems or security tools can retrieve the latest threat intelligence statistics. What's the best approach for this?

I have already installed OpenCTI and ELK. Furthermore, I have successfully integrated the Elastic connector with OpenCTI, as depicted in this screenshot image

I would appreciate any insights or recommendations on how to implement these features effectively. Thank you in advance for your help!

ambuj-sec commented 1 year ago

Is there any specific document you followed for integrating Elasticsearch with Opencti. I am trying to integrate the same. Thanks for the help in advance @rached64 I have integrated with allenvalut otx successfully. I want I can help you there

rached64 commented 1 year ago

Is there any specific document you followed for integrating Elasticsearch with Opencti. I am trying to integrate the same. Thanks for the help in advance @rached64 I have integrated with allenvalut otx successfully. I want I can help you there

To facilitate the integration of Elasticsearch with OpenCTI, you may find the following link useful: Link to OpenCTI Elasticsearch Integration.

nino-filigran commented 10 months ago

@rached64 Did you also try to post your question on Slack? I'm not myself a dev, but the community on the top of the Filigran might be able to help you over there.