OpenCTI can be deployed using the docker-compose command.

For production deployment, we advise you to deploy ElasticSearch and Redis manually in a dedicated environment and then to start the other components using Docker.

Pre-requisites

To install OpenCTI using Docker, you will need the docker-compose command, you can install it using:

$ sudo apt-get install docker-compose

Clone the repository

$ mkdir /path/to/your/app && cd /path/to/your/app
$ git clone <https://github.com/OpenCTI-Platform/docker.git>
$ cd docker

Configure the environment

Before running the docker-compose command, the docker-compose.yml file must be configured. Two ways to do that:

Whether you are using one method or the other, here are the mandatory parameters to fill:

[OPENCTI_ADMIN_EMAIL=admin@opencti.io](<mailto:OPENCTI_ADMIN_EMAIL=admin@opencti.io>) # Valid email address
OPENCTI_ADMIN_PASSWORD=ChangeMe # String
OPENCTI_ADMIN_TOKEN=ChangeMe # Valid UUIDv4
MINIO_ACCESS_KEY=ChangeMeAccess # String
MINIO_SECRET_KEY=ChangeMeKey # String
RABBITMQ_DEFAULT_USER=guest # String
RABBITMQ_DEFAULT_PASS=guest # String
CONNECTOR_HISTORY_ID=ChangeMe # Valid UUIDv4
CONNECTOR_EXPORT_FILE_STIX_ID=ChangeMe # Valid UUIDv4
CONNECTOR_EXPORT_FILE_CSV_ID=ChangeMe # Valid UUIDv4
CONNECTOR_IMPORT_FILE_STIX_ID=ChangeMe # Valid UUIDv4
CONNECTOR_IMPORT_FILE_PDF_OBSERVABLES_ID=ChangeMe # Valid UUIDv4

UUIDv4 values can be generated by using https://www.uuidgenerator.net/version4 or uuidgen -r

As OpenCTI has a dependency on ElasticSearch, you have to set the vm.max_map_count before running the containers, as mentioned in the ElasticSearch documentation.

$ sudo sysctl -w vm.max_map_count=1048575

To make this parameter persistent, please update your /etc/sysctl.conf file and add the following line at the end:

$ vm.max_map_count=1048575

Run