A connector in OpenCTI is a service that runs next to the platform and can be implemented in almost any programming language that has STIX2 support. Connectors are used to extend the functionality of OpenCTI and allow operators to shift some of the processing workload to external services. To use the conveniently provided OpenCTI connector SDK you need to use Python3 at the moment.
We choose to have a very decentralized approach on connectors, in order to bring a maximum freedom to developers and vendors. So a connector on OpenCTI can be defined by a standalone Python 3 process that pushes an understandable format of data to an ingestion queue of messages.
Each connector must implement a long-running process that can be launched just by executing the main Python file. The only mandatory dependency is the
OpenCTIConnectorHelper class that enables the connector to send data to OpenCTI.
In the beginning first think about your use-case to choose and appropriate connector type - what do want to achieve with your connector? The following table gives you an overview of the current connector types and some typical use-cases:
After you've selected your connector type make yourself familiar with STIX2 and the supported relationships in OpenCTI. Having some knowledge about the internal data models with help you a lot with the implementation of your idea.
Create and edit entities
🖼️ STIX2 Data model
To develop and test your connector, you need a running OpenCTI instance with the frontend and the messaging broker accessible. If you don't plan on developing anything for the OpenCTI platform or the frontend, the easiest setup for the connector development is using the docker setup, For more details see here.
To give you an easy starting point we prepared an example connector in the public repository you can use as template to bootstrap your development.
Some prerequisites we recommend to follow this tutorial:
In the terminal check out the connectors repository and copy the template connector to
$myconnector (replace it with your name throughout the following text examples).
$ pip3 install black flake8 pycti # Fork the current repository, then clone your fork $ git clone <https://github.com/YOUR-USERNAME/connectors.git> $ cd connectors $ git remote add upstream <https://github.com/OpenCTI-Platform/connectors.git> # Create a branch for your feature/fix $ git checkout -b [branch-name] $ cp -r template $connector_type/$myconnector $ cd $connector_type/$myconnector $ tree . . ├── docker-compose.yml ├── Dockerfile ├── entrypoint.sh ├── README.md └── src ├── config.yml.sample ├── main.py └── requirements.txt 1 directory, 7 files