Add XTM-Composer service integration

[maelv-filigran]

Summary

This PR integrates the XTM-Composer service into the OpenCTI Docker Compose stack, providing connector management capabilities with automatic RSA key generation for secure credential storage.

Changes Made

1. Added XTM-Composer Service

   • Integrated filigran/xtm-composer as a new service in the Docker stack
   • Configured to connect to OpenCTI API using admin token authentication
   • Set up Docker daemon integration for container management
   • Added proper health check dependencies for service startup order

2. RSA Key Generation Service

   • Added rsa-key-generator service using Alpine OpenSSL image
   • Automatically generates a 2048-bit RSA private key in PKCS#8 format
   • Key is stored in a persistent volume and shared with XTM-Composer
   • Includes health check to ensure key is generated before dependent services start

3. Configuration Updates

   • Added XTM_COMPOSER_ID environment variable to .env.sample
   • Added COMPOSE_PROJECT_NAME=opencti for proper Docker network naming
   • Created new rsakeys volume for secure key storage

Testing Instructions

1. Setup Environment

   # Copy and configure environment variables
   cp .env.sample .env
   # Edit .env file to set your specific values (especially OPENCTI_ADMIN_TOKEN)

2. Start the Stack

   # Pull latest images and start all services
   docker-compose pull
   #  Make sure to start with clean volumes
   docker-compose down -v
   # Start the stack
   docker-compose up -d

3. Verify Services

   # Check all services are running
   docker-compose ps
   
   # Verify RSA key was generated
   docker-compose exec rsa-key-generator ls -la /keys/
   
   # Check XTM-Composer logs
   docker-compose logs xtm-composer

4. Access OpenCTI

   • Navigate to http://localhost:8080 (or your configured URL)
   • Login with admin credentials
   • Go to Data > Ingestion > Connector catalog
   • Add EE keys
   • Deploy and start "MITRE ATT&CK" connector
   • Check log and job progress

5. Cleanup (if needed)

   # Stop and remove containers
   docker-compose down
   
   # To also remove volumes (caution: this deletes data)
   docker-compose down -v

Notes

• The RSA key is automatically generated on first startup and persisted across restarts
• XTM-Composer requires access to Docker socket for container management
• Service dependencies ensure proper startup order: RSA key → OpenCTI/RabbitMQ → XTM-Composer

[efaure]

@maelv-filigran I tried to test locally but when trying to create a connector I see a warning message.
To be able to deploy a connector, you must deploy the composer
I see following error in xtm composer container log:

{"timestamp":"2025-09-08T13:21:45.557241Z","level":"ERROR","fields":{"message":"GraphQL operation failed","error":"Variable \"$input\" got invalid value { id: \"8215614c-7139-422e-b825-b20fd2a13a23\", name: \"OpenCTI Connector Manager\" }; Field \"public_key\" of required type \"String!\" was not provided.","operation":"register_connectors_manager"},"target":"xtm_composer::api::opencti::error_handler"}
{"timestamp":"2025-09-08T13:21:45.588496Z","level":"ERROR","fields":{"message":"GraphQL operation failed","error":"Cant find element to update","operation":"update_connector_manager_status"},"target":"xtm_composer::api::opencti::error_handler"}

Do I need to configure something to enable the composer ?
It's my first time using this docker composer, do not hesitate to state the obvious...

[efaure]

Did you test it with docker swarm ? I see that it's an option in OpenCTI documentation https://docs.opencti.io/latest/deployment/installation/#using-docker-swarm)

[maelv-filigran]

@efaure
It was due to the missing amd64 build for xtm-composer. Could you pull the latest image and check again?

docker compose pull xtm-composer
docker compose up -d

PS/ I use docker desktop on Mac Os

[efaure]

Good job. It seems all good to me, but it may be interesting to have other review on this.