I’m about to start hosting an OpenCTI instance for work and was looking for advice on pretty much everything. I’m new to self hosting and was wondering if anyone had any advice or helpful guides (storage space, config tips, etc).
I’m looking to set up an OCTI server as a docker container behind nginx. I’d love to practice at home so this is sort of relevant to the community. Have you done this, what did you learn, do you have any things I should watch out for?
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Looks like they have a docker-compose file you can start with:
https://github.com/OpenCTI-Platform/docker/blob/master/docker-compose.yml
Why would you start with such a complex and advanced tool when you are new to self-hosting?
Yeah, that was my first thought.
Probably driven by: then I can put that on my CV. But just playing around with that self-hosted is not going to give you any actionable skills.
Alternative explanation: Lemmy is big enough now for astroturfing 😑
Really don’t care much about my cv. This program is a great way to learn about the STIX protocol so no idea what you mean about “no actionable skills”. STIX is an interesting information sharing method, the program is well designed to educate the user on it and seeing the format it imports and exports data will teach me a buttload.
More to the point, maybe could you be less cynical and share some advice. I’m not going to flex my qualifications cos they’re mediocre but I’ve got smart people around me who just don’t know this particular program and I’m interested to hear from those who do.
Do you run this program at work or at home? Have you learned anything interesting from using it? Are there avoidable mistakes I could not repeat from hosting it? Answers to those questions would be very useful.
I dont see myself doing too much configuration with connectors to begin with which brings some of the difficulty down. I was asking to see if others run anything similar in their home configuration. I’ve met people who run MISP from home before so it sounded feasible to me.
I was also looking for the community aspect of this, I already knew they had a docker-compose config. I wanted to know who had attempted this before and what they’d learned, that sort of thing.
I have this at home and enjoy it. What will your work use it for?
Resource usage and storage would be the main things to look out for. Octi really does need ssds as hdds will slow it to a crawl, a good amount of ram is nice but not fully a requirement for home use
I’m thinking data entry for threat hunters, and integrations with our other platforms apis but I couldn’t say anything specific. SSDs are a good shout, I might have tried setting it up with hdds if you hadn’t said.
Did you find it easier to add connectors in seperate docker containers or within the main octi container?
It feels like there’s a pretty high ceiling for this platform and the data you can generate. Do you find it easy to create good data? Do you have any habits?
I’m pretty keen to learn so feel free to answer what you can.