Just to help anyone that may come across the same issue: I had difficulty with Portainer - it kept dropping the connection. The solution is to restart the portainer service and the portainer agent service. TO do this: 1. Find the ids of the services using: docker ps command 2. restart them using: docker restart Portainer should then reconnect
Check your redis, elasticsearch, and rabbitmq containers logs to ensure those are first running properly. The OpenCTI platform will not spin up correctly if either of those 3 containers are having issues.
@@banano28_oficial Currently it shows like this CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9bcd3d4ebdd3 portainer/portainer-ce:2.11.1 "/portainer -H tcp:/…" 3 minutes ago Up 3 minutes 8000/tcp, 9000/tcp, 9443/tcp portainer_portainer.1.3ww87et8212z2q3vpjo6cmof2 9de082c80d8d portainer/agent:2.11.1 "./agent" 14 minutes ago Up 13 minutes portainer_agent.thim6okmfh9lmdv9fp131eczu.kpr2ibr2q1wwqamj1t7bk5tjb
Nice vid. I am up to the Docker Swarm part. What IP do I use for manage IP. I have a private 10.0... confused what to use. I am using opencti in Ubuntu for personal use
Hello Taylor, i dont use docker and try to manual setup opencti on ubuntu. once i run the command " yarn serv" the terminal keep running, endless stop, i cant access terminal to run workers or connectors. good news is i can access web UI. but if i stop the above terminal or it timeout, whole platform is down. can u help me what is problem?
I have a problem. When i start to deploy the opencti stack it shows me an error that the stack had not been created and in container menu the opencti containers are stoped. Im running crazy. Plz help
Hello ! I'm trying to install it manually but I'm stuck with a certificate problem with rabbitmq :/ Can you make a video of the manual installation ? :)
Hey. I followed the steps however containers are not getting created looking at the services it shows "mkdir /var/lib/docker: read-only file system" error. Can someone please help me out?
what do the logs of the elasticsearch and redis containers look like? OpenCTI requires these services to be running in a healthy state prior to the OpenCTI platform service running.
What is it not load balancing? Are containers not getting spun up on it? Have you tried specifying the host for the image to bind too in the docker-compose file?
@@taylorwalton_socfortress being honest I'm not skilled in Docker. Do you have something I can use to understand the swarming procedure? But my issue is that the second VM is not receiving the orders to share resources in portainer shows "rejected" and when a list nodes it says that the second VM is down. Also, I'm using centos 7 minimal as my os
Trying to setup in a single server (Ubuntu 22) .. got stuck on this part .. when running this command: docker stack deploy --compose-file=portainer-agent-stack.yml portainer I got this error message: this node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again
Thank you for the tutorial, it greatly helped. I am having an error, where I am not able to view the open cti UI (The final step) My containers are running fine though @OpenSecure
Different native feeds and different options for correlation / enrichment / export etc. We have an organisation that only supports MISP output, so we take that then feed it into OpenCTI.
Thanks for the awesome tutorial! Managed to set this up once. Im trying to set it up again with a domain and https. Any suggestions on the best way to go about it? Would I just have to run letsencrypt on the manager node or would I have to do changes on the docker compose file?
Glad you got some value out of it :). I would recommend using a reverse proxy such as Nginx or Apache to sit in front of your Opencti Plaform stack. Then you can use letsencrypt to generate a free cert and provide some security around the web app. There are a ton of posts out on the internet detailing setting up a simple reverse proxy that could hopefully be helpful. Thanks for watching :)
Docker info: Swarm: error Error: rpc error: code: deadlineExceeded desc= contexto deadline exceeded Warning: No swap limit support. When I want do docker Swarm join - - token........ Show: this node is already parte of a Swarm. Use docker Swarm leave
Just to help anyone that may come across the same issue:
I had difficulty with Portainer - it kept dropping the connection. The solution is to restart the portainer service and the portainer agent service. TO do this:
1. Find the ids of the services using: docker ps command
2. restart them using: docker restart
Portainer should then reconnect
I tried but not working
You have been providing to us nice tutorials.
Keep up the good work! 🎯
what software u r using as a terminal .
Thanks a ton @OpenSecure for this tutorial. I managed to install OpenCTI on AWS EC2 instances. Cheers!
Not getting UI while everything went smooth till IP:PORT
@@zuiokopl2256
same issue here. Did you find any solution?
@@openctithreatintel9088 hello yes, I'll suggest to check your portainer logs for CTI on my logs there was issue with RAM
What's that terminal session application on the right side called?
I have a Dropping connection on port 8080 , After deploy stack i cant connect to
Amazing stuff.. are there anyways to export opencti data into a SIEM like microsoft sentinel?
Hi, I followed the installation steps but unable to access opencti web ui. Can you please look into this issue? Thanks
Check your redis, elasticsearch, and rabbitmq containers logs to ensure those are first running properly. The OpenCTI platform will not spin up correctly if either of those 3 containers are having issues.
Yes, elastic search seems down. How can it be fixed?
@@zuiokopl2256 I installed without docker swarm. Instead I went for installation on a single node. That way it works fine.
@@bakhtawar9599 if i run this process on a single VM, what will be the open cti IP? AS I used manager IP once that is used as portainer ip.
quick dumb question what vm are u running?
he is using docker (docker-compose, swarm, etc)
@@wecantalkaboutit5312 I think he means the one windows in the right view. I do have the same question.
@@banano28_oficial thats Termius
@@banano28_oficial I think it's Termius - I googled around as I also wanted to know
Hey, thanks a lot for the video and explanations. I managed to install, configure and run in centos minimal.
Not getting UI while everything went smooth till IP:PORT
@@zuiokopl2256 did you check if the docker instance is running? I think the cmd is: docker ps
@@banano28_oficial Currently it shows like this
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9bcd3d4ebdd3 portainer/portainer-ce:2.11.1 "/portainer -H tcp:/…" 3 minutes ago Up 3 minutes 8000/tcp, 9000/tcp, 9443/tcp portainer_portainer.1.3ww87et8212z2q3vpjo6cmof2
9de082c80d8d portainer/agent:2.11.1 "./agent" 14 minutes ago Up 13 minutes portainer_agent.thim6okmfh9lmdv9fp131eczu.kpr2ibr2q1wwqamj1t7bk5tjb
Can you help please?
Already follow this tutorial but im stack while open it in browser with port 8080
I have the same problem :(
I have a issue with minio container '' it is hunealthy'' I tried to change version but same issues. Do you have a solution please ?
i try wiht cpuv1, i tried the two latest...
Nice vid. I am up to the Docker Swarm part. What IP do I use for manage IP. I have a private 10.0... confused what to use. I am using opencti in Ubuntu for personal use
silly question: if i run this process on a single VM, what will be the open cti IP? AS I used manager IP once that is used as portainer ip.
PLease could you create a video showing how to cluster open CTI?
any instruction to deploy OPENcti on eks ?
highly appreciated . thank you for creating this.
I did the whole set-up but only on one machine, what is the command to start docker wothout using docker-swarm manager.
Hello Taylor, i dont use docker and try to manual setup opencti on ubuntu. once i run the command " yarn serv" the terminal keep running, endless stop, i cant access terminal to run workers or connectors. good news is i can access web UI. but if i stop the above terminal or it timeout, whole platform is down. can u help me what is problem?
I am not able to view the open cti UI , containers are running fine though . kindly help
Everything is working properly but I got some issues when I tried to run opencti it doesn't work it shows me unhealth what is the issues
thank you for good intro on docker swarm.
please a question necesary i need install docker SWARN???????? Uu
sir is there are any method to connect the zeek and the openCTI..
you have opencti in OVA?
What is the name of the app on the right side of your screen?
Have you find out yet ?
I have a problem. When i start to deploy the opencti stack it shows me an error that the stack had not been created and in container menu the opencti containers are stoped.
Im running crazy.
Plz help
Did you get help?
What is the name of the tool that you used to access the server?
I think it's Termius - I googled around as I also wanted to know
Hello ! I'm trying to install it manually but I'm stuck with a certificate problem with rabbitmq :/ Can you make a video of the manual installation ? :)
Hey Brando,
I will try to get around to that, probably wont be for awhile though. Any reason why you cannot go the docker route?
Thanks for watching!
Hey. I followed the steps however containers are not getting created looking at the services it shows "mkdir /var/lib/docker: read-only file system" error. Can someone please help me out?
I have a single box of 16 ram and 8 core followed your process but opencti platform is not getting spinup.
Can you please help me out
what do the logs of the elasticsearch and redis containers look like? OpenCTI requires these services to be running in a healthy state prior to the OpenCTI platform service running.
At the moment I have issues with the swarm, the second vm isn't load balancing. Do you know any trick to make it works?
What is it not load balancing? Are containers not getting spun up on it? Have you tried specifying the host for the image to bind too in the docker-compose file?
@@taylorwalton_socfortress being honest I'm not skilled in Docker. Do you have something I can use to understand the swarming procedure? But my issue is that the second VM is not receiving the orders to share resources in portainer shows "rejected" and when a list nodes it says that the second VM is down. Also, I'm using centos 7 minimal as my os
Trying to setup in a single server (Ubuntu 22) .. got stuck on this part ..
when running this command: docker stack deploy --compose-file=portainer-agent-stack.yml portainer
I got this error message: this node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again
any solution regarding this?
Thank you for the tutorial, it greatly helped. I am having an error, where I am not able to view the open cti UI (The final step) My containers are running fine though @OpenSecure
Hi, I am having the same issue. No luck at the last stage opening opencti UI. Let us know if you find any solution. TIA
did you get this fixed?
I can never start up opencti given that I follow all the steps
Mate, awesome video! Thanks!
Maybe a dumb question but if you have MISP running in your environment, what is the reason to deploy OpenCTI?
Different native feeds and different options for correlation / enrichment / export etc. We have an organisation that only supports MISP output, so we take that then feed it into OpenCTI.
Thanks. This gives me some ideas.
Thanks for the awesome tutorial! Managed to set this up once. Im trying to set it up again with a domain and https. Any suggestions on the best way to go about it? Would I just have to run letsencrypt on the manager node or would I have to do changes on the docker compose file?
Glad you got some value out of it :). I would recommend using a reverse proxy such as Nginx or Apache to sit in front of your Opencti Plaform stack. Then you can use letsencrypt to generate a free cert and provide some security around the web app. There are a ton of posts out on the internet detailing setting up a simple reverse proxy that could hopefully be helpful.
Thanks for watching :)
What an awesome video!
Wonderful Tutorial.
very helpful, thanks ;)
Docker info:
Swarm: error
Error: rpc error: code: deadlineExceeded desc= contexto deadline exceeded
Warning: No swap limit support.
When I want do docker Swarm join - - token........
Show: this node is already parte of a Swarm. Use docker Swarm leave
Then node left the Swarm, And execute docker again And show error again:
This node is already parte of a Swarm.....
Please helpme
notion guide no longer exists
🙃
great. thanks !
nice
I literally can spin up misp in like 5 minutes
Great! thank you