Unable to Install Open CTI on Docker and Manual Install

[MarcoGeek]

New Bee to Open CTI and looking for some quick help.

While deploying through Docker getting below message all the time:

root@opencti_server:~/opt/docker# docker-compose --compatibility up ERROR: Invalid interpolation format for "environment" option in service "connector-export-file-stix": "CONNECTOR_ID=${4d1ead8e-2641-425b-a1e5-1f8c23d793d5}" root@opencti_server:~/opt/docker# nano docker-compose.yml root@opencti_server:~/opt/docker# nano docker-compose.yml root@opencti_server:~/opt/docker# docker-compose --compatibility up ERROR: Invalid interpolation format for "environment" option in service "opencti": "APPADMINEMAIL=${admin@opencti.local}" root@opencti_server:~/opt/docker# nano docker-compose.yml root@opencti_server:~/opt/docker# docker-compose --compatibility up WARNING: The guest variable is not set. Defaulting to a blank string. ERROR: Invalid interpolation format for "environment" option in service "connector-import-file-pdf-observables": "CONNECTOR_ID=${6071c91c-e403-4be9-9149-bc7dd142b466}"

While doing manual download getting database error stating rabbitq is down.

can some one assist. I would really appreciate or share me on the docker where to make the change. I am I am doing something silly but cant figure it out for last one week. Thanks in advance.

[vxsh4d0w]

Please share your .env file and docker-compose.yml

[MarcoGeek]

version: '3' services: grakn: image: graknlabs/grakn:1.7.2 ports:

• 48555:48555 volumes:

• grakndata:/grakn-core-all-linux/server/db restart: always redis: image: redis:6.0.5 restart: always elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0 volumes:

• esdata:/usr/share/elasticsearch/data environment:

• discovery.type=single-node restart: always ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 minio: image: minio/minio:RELEASE.2020-05-16T01-33-21Z volumes:

• s3data:/data ports:

• "9000:9000" environment: MINIO_ACCESS_KEY: ${mypassword} MINIO_SECRET_KEY: ${mysecret} command: server /data healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 restart: always rabbitmq: image: rabbitmq:3.8-management environment:

• RABBITMQ_DEFAULT_USER=${guest}

• RABBITMQ_DEFAULT_PASS=${guest} restart: always opencti: image: opencti/platform:3.3.2 environment:

• APP__PORT=8080

• APPADMINEMAIL=${admin@opencti.io}

• APPADMINPASSWORD=${mypassword}

• APPADMINTOKEN=${81fbbaf2-07a9-11eb-adc1-0242ac120002}

• APP__LOGS_LEVEL=error

• APP__LOGS=./logs

• APP__REACTIVE=true

• APP__COOKIE_SECURE=false

• GRAKN__HOSTNAME=grakn

• GRAKN__PORT=48555

• GRAKN__TIMEOUT=30000

• REDIS__HOSTNAME=redis

• REDIS__PORT=6379

• ELASTICSEARCH__URL=http://elasticsearch:9200

• MINIO__ENDPOINT=minio

• MINIO__PORT=9000

• MINIO__USE_SSL=false

• MINIO__ACCESS_KEY=${MINIO_ACCESS_KEY}

• MINIO__SECRET_KEY=${MINIO_SECRET_KEY}

• RABBITMQ__HOSTNAME=rabbitmq

• RABBITMQ__PORT=5672

• RABBITMQ__PORT_MANAGEMENT=15672

• RABBITMQ__MANAGEMENT_SSL=false

• RABBITMQ__USERNAME=${RABBITMQ_DEFAULT_USER}

• RABBITMQ__PASSWORD=${RABBITMQ_DEFAULT_PASS}

• PROVIDERSLOCALSTRATEGY=LocalStrategy ports:

• "8080:8080" depends_on:

• grakn

• redis

• elasticsearch

• minio

• rabbitmq restart: always worker: image: opencti/worker:3.3.2 environment:

• OPENCTI_URL=http://10.51.0.90:8080

• OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}

• WORKER_LOG_LEVEL=info depends_on:

• opencti deploy: mode: replicated replicas: 3 restart: always connector-export-file-stix: image: opencti/connector-export-file-stix:3.3.2 environment:

• OPENCTI_URL=http://10.51.0.90:8080

• OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}

• CONNECTOR_ID=${4d1ead8e-2641-425b-a1e5-1f8c23d793d5} # Valid UUIDv4

• CONNECTOR_TYPE=INTERNAL_EXPORT_FILE

• CONNECTOR_NAME=ExportFileStix2

• CONNECTOR_SCOPE=application/json

• CONNECTOR_CONFIDENCE_LEVEL=3

• CONNECTOR_LOG_LEVEL=info restart: always connector-export-file-csv: image: opencti/connector-export-file-csv:3.3.2 environment:

• OPENCTI_URL=http://10.51.0.90:8080

• OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}

• CONNECTOR_ID=${e612d914-270c-42c2-a531-9a1f4dbd656f} # Valid UUIDv4

• CONNECTOR_TYPE=INTERNAL_EXPORT_FILE

• CONNECTOR_NAME=ExportFileCsv

• CONNECTOR_SCOPE=application/csv

• CONNECTOR_CONFIDENCE_LEVEL=3

• CONNECTOR_LOG_LEVEL=info restart: always connector-import-file-stix: image: opencti/connector-import-file-stix:3.3.2 environment:

• OPENCTI_URL=http://10.51.0.90:8080

• OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}

• CONNECTOR_ID=${e00d35f8-d4ca-4557-b8c1-cdc47991042f} # Valid UUIDv4

• CONNECTOR_TYPE=INTERNAL_IMPORT_FILE

• CONNECTOR_NAME=ImportFileStix2

• CONNECTOR_SCOPE=application/json

• CONNECTOR_CONFIDENCE_LEVEL=3

• CONNECTOR_LOG_LEVEL=info restart: always connector-import-file-pdf-observables: image: opencti/connector-import-file-pdf-observables:3.3.2 environment:

• OPENCTI_URL=http://10.51.0.90:8080

• OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}

• CONNECTOR_ID=${6071c91c-e403-4be9-9149-bc7dd142b466} # Valid UUIDv4

• CONNECTOR_TYPE=INTERNAL_IMPORT_FILE

• CONNECTOR_NAME=ImportFilePdfObservables

• CONNECTOR_SCOPE=application/pdf

• CONNECTOR_CONFIDENCE_LEVEL=3

• CONNECTOR_LOG_LEVEL=info

• PDF_OBSERVABLES_CREATE_INDICATOR=False restart: always connector-opencti: image: opencti/connector-opencti:3.3.2 environment:

• OPENCTI_URL=http://10.51.0.90:8080

• OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}

• CONNECTOR_ID=${f6ae4c64-6b25-40ef-9708-e1da00916ae0} # Valid UUDv4

• CONNECTOR_TYPE=EXTERNAL_IMPORT

• CONNECTOR_NAME=OpenCTI

• CONNECTOR_SCOPE=identity,sector,region,country,city

• CONNECTOR_CONFIDENCE_LEVEL=5

• CONNECTOR_UPDATE_EXISTING_DATA=true

• CONNECTOR_LOG_LEVEL=info

• CONFIG_SECTORS_FILE_URL=https://raw.githubusercontent.com/OpenCTI-Platform/datasets/master/data/sectors.json

• CONFIG_GEOGRAPHY_FILE_URL=https://raw.githubusercontent.com/OpenCTI-Platform/datasets/master/data/geography.json

• CONFIG_INTERVAL=7 # Days restart: always connector-mitre: image: opencti/connector-mitre:3.3.2 environment:

• OPENCTI_URL=http://10.51.0.90:8080

• OPENCTI_TOKEN=${df8635b1-39b5-41c2-8873-2f19b0e6ca8c}

• CONNECTOR_ID=${c0d380c4-e5ff-40fa-90d8-c3ee8012c5d5} # Valid UUDv4

• CONNECTOR_TYPE=EXTERNAL_IMPORT

• CONNECTOR_NAME=MITRE ATT&CK

• CONNECTOR_SCOPE=identity,attack-pattern,course-of-action,intrusion-set,malware,tool,report

• CONNECTOR_CONFIDENCE_LEVEL=3

• CONNECTOR_UPDATE_EXISTING_DATA=true

• CONNECTOR_LOG_LEVEL=info

• MITRE_ENTERPRISE_FILE_URL=https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json

• MITRE_PRE_ATTACK_FILE_URL=https://raw.githubusercontent.com/mitre/cti/master/pre-attack/pre-attack.json

• MITRE_INTERVAL=7 # Days restart: always volumes: grakndata: esdata: s3data:

[vxsh4d0w]

edit the .env file and fill it like in this following example: OPENCTI_ADMIN_EMAIL=admin@blabla.xxx OPENCTI_ADMIN_PASSWORD=Your_Password OPENCTI_ADMIN_TOKEN=Generated_UUID MINIO_ACCESS_KEY=NYour Access Key MINIO_SECRET_KEY=Your secret key RABBITMQ_DEFAULT_USER=guest RABBITMQ_DEFAULT_PASS=guest CONNECTOR_EXPORT_FILE_STIX_ID=Generated_UUID CONNECTOR_EXPORT_FILE_CSV_ID=Generated_UUID CONNECTOR_IMPORT_FILE_STIX_ID=Generated_UUID CONNECTOR_IMPORT_FILE_PDF_OBSERVABLES_ID=Generated_UUID CONNECTOR_OPENCTI_ID=Generated_UUID CONNECTOR_MITRE_ID=Generated_UUID CONNECTOR_MITRE_ATTACK_ID=Generated_UUID CONNECTOR_CYBER_THREAT_COALITION_ID=Generated_UUID and so on...

and then edit the docker-compose.yml file filling the field CONNECTOR_ID= with the name assigned to each uuid within the .env file. This means, for example:

• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_STIX_ID}

or

connector-opencti: image: opencti/connector-opencti:3.3.2 environment:

• OPENCTI_URL=http://opencti:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• CONNECTOR_ID=${CONNECTOR_OPENCTI_ID}

So your docker-compose file will contain all info set within the .env file. I hope it's clear. This should fix your issue.

[MarcoGeek]

In my docker folder all I have is below file. I dont have .env file. I am only editing docker-compose.yml. Am I doing something stupid herE?

docker-compose-dev.yml docker-compose.yml docker-compose.yml.save docker-compose.yml.save.1 README.md

[vxsh4d0w]

Try ls -la command.

[MarcoGeek]

Great thanks. I have added all the info in .env file. And on the docker-compose.yml all the variable are already there that point to .env. should I change anything on docker-compose.yml file. any hard coded value. I tried to add APPADMINTOKEN=${987654321}" and resulted the below error. Please help last time .

root@opencti_server:~/opt/docker# docker-compose --compatibility up ERROR: Invalid interpolation format for "environment" option in service "opencti": "APPADMINTOKEN=${987654321}" root@opencti_server:~/opt/docker#

[vxsh4d0w]

APPADMINTOKEN=${OPENCTI_ADMIN_TOKEN} that means the same UID you used for all connectors (each connector has this value OPENCTI_TOKEN=$...)

[MarcoGeek]

Amazing. It is now installing I guess. Thank You. I will update once all goes well.

[MarcoGeek]

OK. It is keep running anf throwing the below error. How long does it take to complete? I am running docker on ubuntu 18.04

OpenCTI API is not reachable. Waiting for OpenCTI API to etc..

[vxsh4d0w]

Try to check each running container with: sudo docker ps

then sudo docker logs name_container

I suggest you to check opencti and grakn sudo docker logs opencti sudo docker logs grakn

Sometimes Grakn fails to start so in case of Grakn fail use sudo docker-compose restart name_of_container

in case of grakn

sudo docker-compose restart grakn

at the end you have just to wait a couple of minutes and try to reach Opencti via web

[MarcoGeek]

ok Everything was going well.. All checks were done. Untill Worker_1. Now I have the error that the API is not reachable. I dont think it is that difficult to install untill I am missing soemething. I change the port from 8080 to 4000. Anything else needs to be looked upon?

[MarcoGeek]

Its aways be like this. For docker ends up with Database error and Grakn is down. Even if it is running and for manual install it would same database error and rabbitmq is down. something someh were is broken,

$ node --max_old_space_size=8192 build/index.js {"error":{"name":"DatabaseError","_error":{},"_showLocations":false,"_showPath":false,"time_thrown":"2020-10-07T08:39:59.134Z","data":{"reason":"Grakn seems down","category":"technical"},"internalData":{}},"level":"error","message":"[OPENCTI] GraphQL initialization fail","timestamp":"2020-10-07T08:39:59.135Z"} error Command failed with exit code 1.