Closed MarcoGeek closed 4 years ago
Please share your .env file and docker-compose.yml
version: '3' services: grakn: image: graknlabs/grakn:1.7.2 ports:
48555:48555 volumes:
grakndata:/grakn-core-all-linux/server/db restart: always redis: image: redis:6.0.5 restart: always elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0 volumes:
esdata:/usr/share/elasticsearch/data environment:
discovery.type=single-node restart: always ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 minio: image: minio/minio:RELEASE.2020-05-16T01-33-21Z volumes:
s3data:/data ports:
"9000:9000" environment: MINIO_ACCESS_KEY: ${mypassword} MINIO_SECRET_KEY: ${mysecret} command: server /data healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 restart: always rabbitmq: image: rabbitmq:3.8-management environment:
RABBITMQ_DEFAULT_USER=${guest}
RABBITMQ_DEFAULT_PASS=${guest} restart: always opencti: image: opencti/platform:3.3.2 environment:
APP__PORT=8080
APPADMINEMAIL=${admin@opencti.io}
APPADMINPASSWORD=${mypassword}
APPADMINTOKEN=${81fbbaf2-07a9-11eb-adc1-0242ac120002}
APP__LOGS_LEVEL=error
APP__LOGS=./logs
APP__REACTIVE=true
APP__COOKIE_SECURE=false
GRAKN__HOSTNAME=grakn
GRAKN__PORT=48555
GRAKN__TIMEOUT=30000
REDIS__HOSTNAME=redis
REDIS__PORT=6379
ELASTICSEARCH__URL=http://elasticsearch:9200
MINIO__ENDPOINT=minio
MINIO__PORT=9000
MINIO__USE_SSL=false
MINIO__ACCESS_KEY=${MINIO_ACCESS_KEY}
MINIO__SECRET_KEY=${MINIO_SECRET_KEY}
RABBITMQ__HOSTNAME=rabbitmq
RABBITMQ__PORT=5672
RABBITMQ__PORT_MANAGEMENT=15672
RABBITMQ__MANAGEMENT_SSL=false
RABBITMQ__USERNAME=${RABBITMQ_DEFAULT_USER}
RABBITMQ__PASSWORD=${RABBITMQ_DEFAULT_PASS}
PROVIDERSLOCALSTRATEGY=LocalStrategy ports:
"8080:8080" depends_on:
grakn
redis
elasticsearch
minio
rabbitmq restart: always worker: image: opencti/worker:3.3.2 environment:
OPENCTI_URL=http://10.51.0.90:8080
OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}
WORKER_LOG_LEVEL=info depends_on:
opencti deploy: mode: replicated replicas: 3 restart: always connector-export-file-stix: image: opencti/connector-export-file-stix:3.3.2 environment:
OPENCTI_URL=http://10.51.0.90:8080
OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}
CONNECTOR_ID=${4d1ead8e-2641-425b-a1e5-1f8c23d793d5} # Valid UUIDv4
CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
CONNECTOR_NAME=ExportFileStix2
CONNECTOR_SCOPE=application/json
CONNECTOR_CONFIDENCE_LEVEL=3
CONNECTOR_LOG_LEVEL=info restart: always connector-export-file-csv: image: opencti/connector-export-file-csv:3.3.2 environment:
OPENCTI_URL=http://10.51.0.90:8080
OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}
CONNECTOR_ID=${e612d914-270c-42c2-a531-9a1f4dbd656f} # Valid UUIDv4
CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
CONNECTOR_NAME=ExportFileCsv
CONNECTOR_SCOPE=application/csv
CONNECTOR_CONFIDENCE_LEVEL=3
CONNECTOR_LOG_LEVEL=info restart: always connector-import-file-stix: image: opencti/connector-import-file-stix:3.3.2 environment:
OPENCTI_URL=http://10.51.0.90:8080
OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}
CONNECTOR_ID=${e00d35f8-d4ca-4557-b8c1-cdc47991042f} # Valid UUIDv4
CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
CONNECTOR_NAME=ImportFileStix2
CONNECTOR_SCOPE=application/json
CONNECTOR_CONFIDENCE_LEVEL=3
CONNECTOR_LOG_LEVEL=info restart: always connector-import-file-pdf-observables: image: opencti/connector-import-file-pdf-observables:3.3.2 environment:
OPENCTI_URL=http://10.51.0.90:8080
OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}
CONNECTOR_ID=${6071c91c-e403-4be9-9149-bc7dd142b466} # Valid UUIDv4
CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
CONNECTOR_NAME=ImportFilePdfObservables
CONNECTOR_SCOPE=application/pdf
CONNECTOR_CONFIDENCE_LEVEL=3
CONNECTOR_LOG_LEVEL=info
PDF_OBSERVABLES_CREATE_INDICATOR=False restart: always connector-opencti: image: opencti/connector-opencti:3.3.2 environment:
OPENCTI_URL=http://10.51.0.90:8080
OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}
CONNECTOR_ID=${f6ae4c64-6b25-40ef-9708-e1da00916ae0} # Valid UUDv4
CONNECTOR_TYPE=EXTERNAL_IMPORT
CONNECTOR_NAME=OpenCTI
CONNECTOR_SCOPE=identity,sector,region,country,city
CONNECTOR_CONFIDENCE_LEVEL=5
CONNECTOR_UPDATE_EXISTING_DATA=true
CONNECTOR_LOG_LEVEL=info
CONFIG_SECTORS_FILE_URL=https://raw.githubusercontent.com/OpenCTI-Platform/datasets/master/data/sectors.json
CONFIG_GEOGRAPHY_FILE_URL=https://raw.githubusercontent.com/OpenCTI-Platform/datasets/master/data/geography.json
CONFIG_INTERVAL=7 # Days restart: always connector-mitre: image: opencti/connector-mitre:3.3.2 environment:
OPENCTI_URL=http://10.51.0.90:8080
OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}
CONNECTOR_ID=${c0d380c4-e5ff-40fa-90d8-c3ee8012c5d5} # Valid UUDv4
CONNECTOR_TYPE=EXTERNAL_IMPORT
CONNECTOR_NAME=MITRE ATT&CK
CONNECTOR_SCOPE=identity,attack-pattern,course-of-action,intrusion-set,malware,tool,report
CONNECTOR_CONFIDENCE_LEVEL=3
CONNECTOR_UPDATE_EXISTING_DATA=true
CONNECTOR_LOG_LEVEL=info
MITRE_ENTERPRISE_FILE_URL=https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json
MITRE_PRE_ATTACK_FILE_URL=https://raw.githubusercontent.com/mitre/cti/master/pre-attack/pre-attack.json
MITRE_INTERVAL=7 # Days restart: always volumes: grakndata: esdata: s3data:
edit the .env file and fill it like in this following example: OPENCTI_ADMIN_EMAIL=admin@blabla.xxx OPENCTI_ADMIN_PASSWORD=Your_Password OPENCTI_ADMIN_TOKEN=Generated_UUID MINIO_ACCESS_KEY=NYour Access Key MINIO_SECRET_KEY=Your secret key RABBITMQ_DEFAULT_USER=guest RABBITMQ_DEFAULT_PASS=guest CONNECTOR_EXPORT_FILE_STIX_ID=Generated_UUID CONNECTOR_EXPORT_FILE_CSV_ID=Generated_UUID CONNECTOR_IMPORT_FILE_STIX_ID=Generated_UUID CONNECTOR_IMPORT_FILE_PDF_OBSERVABLES_ID=Generated_UUID CONNECTOR_OPENCTI_ID=Generated_UUID CONNECTOR_MITRE_ID=Generated_UUID CONNECTOR_MITRE_ATTACK_ID=Generated_UUID CONNECTOR_CYBER_THREAT_COALITION_ID=Generated_UUID and so on...
and then edit the docker-compose.yml file filling the field CONNECTOR_ID= with the name assigned to each uuid within the .env file. This means, for example:
or
connector-opencti: image: opencti/connector-opencti:3.3.2 environment:
So your docker-compose file will contain all info set within the .env file. I hope it's clear. This should fix your issue.
In my docker folder all I have is below file. I dont have .env file. I am only editing docker-compose.yml. Am I doing something stupid herE?
docker-compose-dev.yml docker-compose.yml docker-compose.yml.save docker-compose.yml.save.1 README.md
Try ls -la command.
Great thanks. I have added all the info in .env file. And on the docker-compose.yml all the variable are already there that point to .env. should I change anything on docker-compose.yml file. any hard coded value. I tried to add APPADMINTOKEN=${987654321}" and resulted the below error. Please help last time .
root@opencti_server:~/opt/docker# docker-compose --compatibility up ERROR: Invalid interpolation format for "environment" option in service "opencti": "APPADMINTOKEN=${987654321}" root@opencti_server:~/opt/docker#
APPADMINTOKEN=${OPENCTI_ADMIN_TOKEN} that means the same UID you used for all connectors (each connector has this value OPENCTI_TOKEN=$...)
Amazing. It is now installing I guess. Thank You. I will update once all goes well.
OK. It is keep running anf throwing the below error. How long does it take to complete? I am running docker on ubuntu 18.04
OpenCTI API is not reachable. Waiting for OpenCTI API to etc..
Try to check each running container with: sudo docker ps
then sudo docker logs name_container
I suggest you to check opencti and grakn sudo docker logs opencti sudo docker logs grakn
Sometimes Grakn fails to start so in case of Grakn fail use sudo docker-compose restart name_of_container
in case of grakn
sudo docker-compose restart grakn
at the end you have just to wait a couple of minutes and try to reach Opencti via web
ok Everything was going well.. All checks were done. Untill Worker_1. Now I have the error that the API is not reachable. I dont think it is that difficult to install untill I am missing soemething. I change the port from 8080 to 4000. Anything else needs to be looked upon?
Its aways be like this. For docker ends up with Database error and Grakn is down. Even if it is running and for manual install it would same database error and rabbitmq is down. something someh were is broken,
$ node --max_old_space_size=8192 build/index.js {"error":{"name":"DatabaseError","_error":{},"_showLocations":false,"_showPath":false,"time_thrown":"2020-10-07T08:39:59.134Z","data":{"reason":"Grakn seems down","category":"technical"},"internalData":{}},"level":"error","message":"[OPENCTI] GraphQL initialization fail","timestamp":"2020-10-07T08:39:59.135Z"} error Command failed with exit code 1.
New Bee to Open CTI and looking for some quick help.
While deploying through Docker getting below message all the time:
root@opencti_server:~/opt/docker# docker-compose --compatibility up ERROR: Invalid interpolation format for "environment" option in service "connector-export-file-stix": "CONNECTOR_ID=${4d1ead8e-2641-425b-a1e5-1f8c23d793d5}" root@opencti_server:~/opt/docker# nano docker-compose.yml root@opencti_server:~/opt/docker# nano docker-compose.yml root@opencti_server:~/opt/docker# docker-compose --compatibility up ERROR: Invalid interpolation format for "environment" option in service "opencti": "APPADMINEMAIL=${admin@opencti.local}" root@opencti_server:~/opt/docker# nano docker-compose.yml root@opencti_server:~/opt/docker# docker-compose --compatibility up WARNING: The guest variable is not set. Defaulting to a blank string. ERROR: Invalid interpolation format for "environment" option in service "connector-import-file-pdf-observables": "CONNECTOR_ID=${6071c91c-e403-4be9-9149-bc7dd142b466}"
While doing manual download getting database error stating rabbitq is down.
can some one assist. I would really appreciate or share me on the docker where to make the change. I am I am doing something silly but cant figure it out for last one week. Thanks in advance.