OpenCTI is a comprehensive on-premises platform for managing, analyzing, and sharing cyber threat intelligence to enhance threat hunting and security automation.
On-Premises Open Cyber Threat Intelligence Platform
This tool is designed for cybersecurity professionals and threat intelligence analysts to centralize and automate the collection, analysis, and dissemination of threat intelligence data. It facilitates threat hunting and integration with SIEM tools, enabling organizations to proactively detect and respond to cyber threats. Users deploy it on Linux Azure VMs or local environments to manage and visualize threat data effectively.
Ensure that all required ports are properly opened and secured in the Azure network security group to allow access to OpenCTI and Portainer. Docker and Portainer are prerequisites for container management. It is recommended to use SSH key authentication for secure VM access. The platform supports flexible deployment environments but Azure Linux VM with Ubuntu is the primary tested setup.
Create an Azure Linux VM with Ubuntu distribution
Configure VM basics: subscription, resource group, region, VM name, and size (D8s_v4)
Select SSH Public Key authentication and open port 22 for SSH access
Attach a new OS disk with 128 GB size
Configure networking and management settings as default
Provision the VM and wait for successful deployment
Configure network security group rules to allow ports 22 (SSH), 8080 (OpenCTI), 443 (HTTPS), 9900 (Portainer), and ICMP
SSH into the VM
Install Docker Engine on the VM
Install Portainer for container managementssh -i <your-private-key> azureuser@<vm-ip-address>
Connect to the Azure Linux VM via SSH
sudo apt-get update && sudo apt-get install docker.io
Install Docker Engine on the VM
docker-compose -f docker-compose.yml up -d
Deploy OpenCTI production containers
Access OpenCTI via http://<vm-ip-address>:8080
Open the OpenCTI web interface in a browser
Configure connectors via the OpenCTI UI
Onboard data sources such as MITRE datasets and Cybercrime Tracker