diff --git a/.env.sample b/.env.sample index c3394579..6f4db12e 100644 --- a/.env.sample +++ b/.env.sample @@ -13,5 +13,7 @@ CONNECTOR_EXPORT_FILE_TXT_ID=ca715d9c-bd64-4351-91db-33a8d728a58b CONNECTOR_IMPORT_FILE_STIX_ID=72327164-0b35-482b-b5d6-a5a3f76b845f CONNECTOR_IMPORT_DOCUMENT_ID=c3970f8a-ce4b-4497-a381-20b7256f56f0 CONNECTOR_ANALYSIS_ID=4dffd77c-ec11-4abe-bca7-fd997f79fa36 +XTM_COMPOSER_ID=8215614c-7139-422e-b825-b20fd2a13a23 SMTP_HOSTNAME=localhost ELASTIC_MEMORY_SIZE=4G +COMPOSE_PROJECT_NAME=opencti diff --git a/docker-compose.yml b/docker-compose.yml index 18010596..9ec82d68 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,17 @@ services: + # Generate RSA key for xtm-composer (PKCS#8 format) + rsa-key-generator: + image: alpine/openssl:3.5.2 + volumes: + - rsakeys:/keys + entrypoint: ["/bin/ash"] + command: ["-c", "if [ ! -f /keys/private_key.pem ]; then openssl genpkey -algorithm RSA -out /keys/private_key.pem -pkeyopt rsa_keygen_bits:4096; fi && tail -f /dev/null"] + healthcheck: + test: ["CMD", "test", "-f", "/keys/private_key.pem"] + interval: 10s + timeout: 5s + retries: 3 + restart: always redis: image: redis:8.2.1 restart: always @@ -221,10 +234,33 @@ services: depends_on: opencti: condition: service_healthy + xtm-composer: + image: filigran/xtm-composer:1.0.0 + platform: linux/amd64 + environment: + - MANAGER__ID=${XTM_COMPOSER_ID} + - MANAGER__NAME=OpenCTI Connector Manager + - MANAGER__CREDENTIALS_KEY_FILEPATH=/keys/private_key.pem + - OPENCTI__ENABLE=true + - OPENCTI__URL=http://opencti:8080 + - OPENCTI__TOKEN=${OPENCTI_ADMIN_TOKEN} + - OPENCTI__DAEMON__SELECTOR=docker + - OPENCTI__DAEMON__DOCKER__NETWORK_MODE=${COMPOSE_PROJECT_NAME}_default + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - rsakeys:/keys:ro # RSA key mounted as read-only + depends_on: + rsa-key-generator: + condition: service_healthy + opencti: + condition: service_healthy + rabbitmq: + condition: service_healthy + restart: always volumes: esdata: s3data: redisdata: amqpdata: - + rsakeys: