Skip to content
/ opencti-connector-disinfo Public

Connector for OpenCTI for Disinformation Intelligence data based on DISARM framework

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CyberDataLab/opencti-connector-disinfo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
src
src
 
 
.env.sample
.env.sample
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
entrypoint.sh
entrypoint.sh
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

External Ingestion Disinfo Connector

Connector for OpenCTI for Disinformation Intelligence data based on DISARM framework

Installation

Requirements

  • OpenCTI Platform >= 6.1.10

Configuration

Configuration parameters are provided using environment variables as described below. Some of them are placed directly in the docker-compose.yml since they are not expected to be modified by final users once that they have been defined by the developer of the connector.

Note that the values that follow can be grabbed within Python code using self.helper.{PARAMETER}, i. e., self.helper.connector_nane.

Expected environment variables to be set in the docker-compose.yml that describe the connector itself. Most of the times, these values are NOT expected to be changed.

Parameter Docker envvar Mandatory Description
connector_name CONNECTOR_NAME Yes A connector name to be shown in OpenCTI.
connector_scope CONNECTOR_SCOPE Yes Supported scope. E. g., text/html.

However, there are other values which are expected to be configured by end users. The following values are expected to be defined in the .env file. This file is included in the .gitignore to avoid leaking sensitive date). Note tha the .env.sample file can be used as a reference.

The ones that follow are connector's generic execution parameters expected to be added for export connectors.

Parameter Docker envvar Mandatory Description
opencti_url OPENCTI_URL Yes The URL of the OpenCTI platform. Note that final / should be avoided. Example value: http://opencti:8080
opencti_token OPENCTI_TOKEN Yes The default admin token configured in the OpenCTI platform parameters file.
connector_id CONNECTOR_ID Yes A valid arbitrary UUIDv4 that must be unique for this connector.
connector_confidence_level CONNECTOR_CONFIDENCE_LEVEL Yes The default confidence level for created sightings (a number between 1 and 4).
connector_log_level CONNECTOR_LOG_LEVEL Yes The log level for this connector, could be debug, info, warn or error (less verbose).
interval CONNECTOR_RUN_EVERY Yes The time unit is represented by a single character at the end of the string: d for days, h for hours, m for minutes, and s for seconds. e.g., 30s is 30 seconds. 1d is 1 day.
update_existing_data CONNECTOR_UPDATE_EXISTING_DATA Yes Whether to update known existing data.

Finally, the ones that follow are connector's specific execution parameters expected to be used by this connector.

Parameter Docker envvar Mandatory Description
extra_parameter EXTRA_PARAMETER Yes Any extra parameter.

Debugging

The connector can be debugged by setting the appropiate log level. Note that logging messages can be added using self.helper.log_{LOG_LEVEL}("Sample message"), i. e., self.helper.log_error("An error message").

Additional information

About

Connector for OpenCTI for Disinformation Intelligence data based on DISARM framework

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages