Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Caldera error url #2195

Open
Aquariius opened this issue Jan 11, 2025 · 9 comments
Open

Caldera error url #2195

Aquariius opened this issue Jan 11, 2025 · 9 comments
Assignees
@RomuDeuxfois
Labels
bug use for describing something not working as expected community use to identify PR from community
Milestone
Bugs backlog

Comments

@Aquariius
Copy link

Aquariius commented Jan 11, 2025
edited
Loading

Description

Environment

  1. OS (where OpenBAS server runs): { e.g. Mac OS 10, Windows 10, Ubuntu 16.4, etc. }
    Ubuntu 24.04 Docker
  2. OpenBAS version: { e.g. OpenBAS 1.0.2 }
    1.10.1

Bug:
I started the caldera server for Openbas
caldera:
image: openbas/caldera-server:5.0.0
restart: always
ports:
- "8888:8888"
environment:
CALDERA_URL: http://caldera.domain.com:8888
volumes:
- type: bind
source: caldera.yml
target: /usr/src/app/conf/local.yml
openbas:
image: openbas/platform:1.10.1
environment:
- SERVER_SSL_KEY-STORE-PASSWORD=${KEYSTORE_PASSWORD}
- OPENBAS_BASE-URL=http://localhost:8080
- OPENBAS_AUTH-LOCAL-ENABLE=true
- SPRING_DATASOURCE_URL=jdbc:postgresql://pgsql:5432/openbas
- SPRING_DATASOURCE_USERNAME=${POSTGRES_USER}
- SPRING_DATASOURCE_PASSWORD=${POSTGRES_PASSWORD}
- MINIO_ENDPOINT=minio
- MINIO_ACCESS-KEY=${MINIO_ROOT_USER}
- MINIO_ACCESS-SECRET=${MINIO_ROOT_PASSWORD}
- OPENBAS_RABBITMQ_HOSTNAME=rabbitmq
- OPENBAS_RABBITMQ_USER=${RABBITMQ_DEFAULT_USER}
- OPENBAS_RABBITMQ_PASS=${RABBITMQ_DEFAULT_PASS}
- SPRING_MAIL_HOST=${SPRING_MAIL_HOST}
- SPRING_MAIL_PORT=${SPRING_MAIL_PORT}
- SPRING_MAIL_USERNAME=${SPRING_MAIL_USERNAME}
- SPRING_MAIL_PASSWORD=${SPRING_MAIL_PASSWORD}
- SPRING_MAIL_PROPERTIES_MAIL_SMTP_AUTH=${SPRING_MAIL_PROPERTIES_MAIL_SMTP_AUTH}
- SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_ENABLE=${SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_ENABLE}
- SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_TRUST=*
- SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_ENABLE=${SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_ENABLE}
- OPENBAS_MAIL_IMAP_ENABLED=${OPENBAS_MAIL_IMAP_ENABLED}
- OPENBAS_MAIL_IMAP_HOST=${OPENBAS_MAIL_IMAP_HOST}
- OPENBAS_MAIL_IMAP_PORT=${OPENBAS_MAIL_IMAP_PORT}
- OPENBAS_MAIL_IMAP_USERNAME=${SPRING_MAIL_USERNAME}
- OPENBAS_MAIL_IMAP_PASSWORD=${SPRING_MAIL_PASSWORD}
- OPENBAS_MAIL_IMAP_AUTH=${OPENBAS_MAIL_IMAP_AUTH}
- OPENBAS_MAIL_IMAP_SSL_ENABLE=${OPENBAS_MAIL_IMAP_SSL_ENABLE}
- OPENBAS_MAIL_IMAP_SSL_TRUST=*
- OPENBAS_MAIL_IMAP_STARTTLS_ENABLE=${OPENBAS_MAIL_IMAP_STARTTLS_ENABLE}
- OPENBAS_ADMIN_EMAIL=${OPENBAS_ADMIN_EMAIL}
- OPENBAS_ADMIN_PASSWORD=${OPENBAS_ADMIN_PASSWORD}
- OPENBAS_ADMIN_TOKEN=${OPENBAS_ADMIN_TOKEN}
- OPENBAS_XTM_OPENCTI_ENABLE=true
- OPENBAS_XTM_OPENCTI_URL=http://opencti:8080
- OPENBAS_XTM_OPENCTI_TOKEN=REDACTED
- EXECUTOR_CALDERA_ENABLE=true
- EXECUTOR_CALDERA_URL="http://caldera:8888"
- EXECUTOR_CALDERA_PUBLIC-URL=http://caldera.domain.com:8888
- EXECUTOR_CALDERA_API-KEY=REDACTED
But openbas always says this:

openbas-1 | Standard Commons Logging discovery in action with spring-jcl: please remove commons-logging.jar from classpath in order to avoid potential conflicts
openbas-1 | {"sequenceNumber":0,"timestamp":1736565116145,"nanoseconds":145300763,"level":"ERROR","threadName":"main","loggerName":"io.openbas.executors.caldera.service.CalderaExecutorService","context":{"name":"default","birthdate":1736565074004,"properties":{}},"mdc": {},"message":"Error creating caldera executor: java.lang.IllegalArgumentException: Illegal character in scheme name at index 0: "http://caldera:8888"/api/v2/abilities","throwable":null}
openbas-1 | {"sequenceNumber":0,"timestamp":1736565116185,"nanoseconds":185491132,"level":"ERROR","threadName":"main","loggerName":"io.openbas.executors.caldera.service.CalderaExecutorService","context":{"name":"default","birthdate":1736565074004,"properties":{}},"mdc": {},"message":"Error creating caldera executor: java.lang.IllegalArgumentException: Illegal character in scheme name at index 0: "http://caldera:8888"/api/v2/abilities","throwable":null}

Step i tried

  1. puttitng - EXECUTOR_CALDERA_URL="http://caldera:8888", - EXECUTOR_CALDERA_URL=http://caldera:8888, - "EXECUTOR_CALDERA_URL=http://caldera:8888"
  2. removing port but now cant connect
@Aquariius Aquariius added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Jan 11, 2025
@EllynBsc EllynBsc added community use to identify PR from community and removed needs triage use to identify issue needing triage from Filigran Product team labels Jan 13, 2025
@RomuDeuxfois
Copy link
Member

Hi,
Firstable, you need to remove the double quotes on the EXECUTOR_CALDERA_URL variable.
I keep going to investigate.

@EllynBsc EllynBsc added this to the Bugs backlog milestone Jan 13, 2025
@RomuDeuxfois RomuDeuxfois self-assigned this Jan 13, 2025
@RomuDeuxfois
Copy link
Member

Can you tell me if you now have your executor present on this screen?
For my part it works now.

Image

@Aquariius
Copy link
Author

So I remote the quotes inside my docker compose

Image

here in agents:

Image

here the errors:
openbas-1 | Standard Commons Logging discovery in action with spring-jcl: please remove commons-logging.jar from classpath in order to avoid potential conflicts
openbas-1 | ####### ######## ######## ## ## ######## ### ######
openbas-1 | ## ## ## ## ## ### ## ## ## ## ## ## ##
openbas-1 | ## ## ## ## ## #### ## ## ## ## ## ##
openbas-1 | ## ## ######## ###### ## ## ## ######## ## ## ######
openbas-1 | ## ## ## ## ## #### ## ## ######### ##
openbas-1 | ## ## ## ## ## ### ## ## ## ## ## ##
openbas-1 | ####### ## ######## ## ## ######## ## ## ######
openbas-1 | 1.10.1
openbas-1 |
openbas-1 | Standard Commons Logging discovery in action with spring-jcl: please remove commons-logging.jar from classpath in order to avoid potential conflicts
openbas-1 | {"sequenceNumber":0,"timestamp":1736893334850,"nanoseconds":850328584,"level":"ERROR","threadName":"main","loggerName":"io.openbas.executors.caldera.service.CalderaExecutorService","context":{"name":"default","birthdate":1736893294680,"properties":{}},"mdc": {},"message":"Error creating caldera executor: java.lang.RuntimeException: com.fasterxml.jackson.core.JsonParseException: Unexpected character (':' (code 58)): Expected space separating root-level values\n at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION disabled); line: 1, column: 4]","throwable":null}
openbas-1 | {"sequenceNumber":0,"timestamp":1736893334901,"nanoseconds":901862065,"level":"ERROR","threadName":"main","loggerName":"io.openbas.executors.caldera.service.CalderaExecutorService","context":{"name":"default","birthdate":1736893294680,"properties":{}},"mdc": {},"message":"Error creating caldera executor: java.lang.RuntimeException: com.fasterxml.jackson.core.JsonParseException: Unexpected character (':' (code 58)): Expected space separating root-level values\n at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION disabled); line: 1, column: 4]","throwable":null}
openbas-1 | {"sequenceNumber":0,"timestamp":1736893334913,"nanoseconds":913192075,"level":"ERROR","threadName":"ThreadPoolTaskScheduler1","loggerName":"io.openbas.executors.caldera.client.CalderaExecutorClient","context":{"name":"default","birthdate":1736893294680,"properties":{}},"mdc": {},"message":"Cannot retrieve agent list","throwable":null}

@RomuDeuxfois
Copy link
Member

RomuDeuxfois commented Jan 15, 2025
edited
Loading

I replicated it this morning and I am continuing to investigate further.

@RomuDeuxfois
Copy link
Member

I'm not sure to understand the issue you're experiencing.
Let me share my Docker Compose file and my Caldera yaml configuration file with you.
Could you let me know if this helps?

Docker-compose

version: '3'
services:
  pgsql:
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: openbas
    volumes:
      - pgsqldata:/var/lib/postgresql/data
    restart: always
  minio:
    image: minio/minio:RELEASE.2024-05-28T17-19-04Z
    volumes:
      - s3data:/data
    ports:
      - "9000:9000"
    environment:
      MINIO_ROOT_USER: ${MINIO_ROOT_USER}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
    command: server /data
    restart: always
  rabbitmq:
    image: rabbitmq:3.13-management
    environment:
      - RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER}
      - RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS}
      - RABBITMQ_NODENAME=rabbit01@localhost
    volumes:
      - amqpdata:/var/lib/rabbitmq
    restart: always
  caldera:
    image: openbas/caldera-server:5.0.0
    restart: always
    ports:
      - "8888:8888"
    environment:
      CALDERA_URL: http://caldera.domain.com:8888
    volumes:
      - type: bind
        source: caldera.yml
        target: /usr/src/app/conf/local.yml
  openbas:
    image: openbas/platform:alpha
    environment:
      - SERVER_SSL_KEY-STORE-PASSWORD=${KEYSTORE_PASSWORD}
      - OPENBAS_BASE-URL=http://localhost:8080
      - OPENBAS_AUTH-LOCAL-ENABLE=true
      - SPRING_DATASOURCE_URL=jdbc:postgresql://pgsql:5432/openbas
      - SPRING_DATASOURCE_USERNAME=${POSTGRES_USER}
      - SPRING_DATASOURCE_PASSWORD=${POSTGRES_PASSWORD}
      - MINIO_ENDPOINT=minio
      - MINIO_ACCESS-KEY=${MINIO_ROOT_USER}
      - MINIO_ACCESS-SECRET=${MINIO_ROOT_PASSWORD}
      - OPENBAS_RABBITMQ_HOSTNAME=rabbitmq
      - OPENBAS_RABBITMQ_USER=${RABBITMQ_DEFAULT_USER}
      - OPENBAS_RABBITMQ_PASS=${RABBITMQ_DEFAULT_PASS}
      - SPRING_MAIL_HOST=${SPRING_MAIL_HOST}
      - SPRING_MAIL_PORT=${SPRING_MAIL_PORT}
      - SPRING_MAIL_USERNAME=${SPRING_MAIL_USERNAME}
      - SPRING_MAIL_PASSWORD=${SPRING_MAIL_PASSWORD}
      - SPRING_MAIL_PROPERTIES_MAIL_SMTP_AUTH=${SPRING_MAIL_PROPERTIES_MAIL_SMTP_AUTH}
      - SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_ENABLE=${SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_ENABLE}
      - SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_TRUST=*
      - SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_ENABLE=${SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_ENABLE}
      - OPENBAS_MAIL_IMAP_ENABLED=true
      - OPENBAS_MAIL_IMAP_HOST=${OPENBAS_MAIL_IMAP_HOST}
      - OPENBAS_MAIL_IMAP_PORT=${OPENBAS_MAIL_IMAP_PORT}
      - OPENBAS_MAIL_IMAP_USERNAME=${SPRING_MAIL_USERNAME}
      - OPENBAS_MAIL_IMAP_PASSWORD=${SPRING_MAIL_PASSWORD}
      - OPENBAS_MAIL_IMAP_AUTH=${OPENBAS_MAIL_IMAP_AUTH}
      - OPENBAS_MAIL_IMAP_SSL_ENABLE=${OPENBAS_MAIL_IMAP_SSL_ENABLE}
      - OPENBAS_MAIL_IMAP_SSL_TRUST=*
      - OPENBAS_MAIL_IMAP_STARTTLS_ENABLE=${OPENBAS_MAIL_IMAP_STARTTLS_ENABLE}
      - OPENBAS_ADMIN_EMAIL=${OPENBAS_ADMIN_EMAIL}
      - OPENBAS_ADMIN_PASSWORD=${OPENBAS_ADMIN_PASSWORD}
      - OPENBAS_ADMIN_TOKEN=${OPENBAS_ADMIN_TOKEN}
#      - INJECTOR_CALDERA_URL=http://caldera:8888
#      - INJECTOR_CALDERA_PUBLIC_URL=http://caldera.domain.com:8888
#      - INJECTOR_CALDERA_API_KEY=ChangeMe
      - EXECUTOR_CALDERA_ENABLE=true
      - EXECUTOR_CALDERA_URL=http://caldera:8888
      - EXECUTOR_CALDERA_PUBLIC_URL=http://caldera.domain.com:8888
      - EXECUTOR_CALDERA_API_KEY=ChangeMe
    ports:
      - "8080:8080"
    depends_on:
      - pgsql
      - minio
      - rabbitmq
    restart: always
  collector-mitre-attack:
    image: openbas/collector-mitre-attack:1.5.1
    environment:
      - OPENBAS_URL=http://openbas:8080
      - OPENBAS_TOKEN=${OPENBAS_ADMIN_TOKEN}
      - COLLECTOR_ID=${COLLECTOR_MITRE_ATTACK_ID} # Valid UUIDv4
      - "COLLECTOR_NAME=MITRE ATT&CK"
      - COLLECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      - openbas
  collector-atomic-red-team:
    image: openbas/collector-atomic-red-team:1.5.1
    environment:
      - OPENBAS_URL=http://openbas:8080
      - OPENBAS_TOKEN=${OPENBAS_ADMIN_TOKEN}
      - COLLECTOR_ID=${COLLECTOR_ATOMIC_RED_TEAM_ID} # Valid UUIDv4
      - "COLLECTOR_NAME=Atomic Red Team"
      - COLLECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      - openbas
volumes:
  pgsqldata:
  s3data:
  amqpdata:

Caldera

users:
  red:
    red: ChangeMe                                                                     # Change this
  blue:
    blue: ChangeMe                                                                    # Change this
api_key_red: ChangeMe                                                                 # Change this
api_key_blue: ChangeMe                                                                # Change this
api_key: ChangeMe                                                                     # Change this
crypt_salt: ChangeMe                                                                  # Change this
encryption_key: ChangeMe                                                              # Change this
app.contact.http: http://caldera.domain.com:8888                                      # Change this
app.contact.tcp: 0.0.0.0:7010
app.contact.udp: 0.0.0.0:7011
app.contact.websocket: 0.0.0.0:7012
app.contact.dns.domain: localhost
app.contact.dns.socket: 0.0.0.0:53
app.contact.gist: API_KEY                                                             # Optional
app.contact.html: /weather                                                            # Optional
app.contact.slack.api_key: SLACK_TOKEN                                                # Optional
app.contact.slack.bot_id: SLACK_BOT_ID                                                # Optional
app.contact.slack.channel_id: SLACK_CHANNEL_ID                                        # Optional
app.contact.tunnel.ssh.host_key_file: REPLACE_WITH_KEY_FILE_PATH                      # Optional
app.contact.tunnel.ssh.host_key_passphrase: REPLACE_WITH_KEY_FILE_PASSPHRASE          # Optional
app.contact.tunnel.ssh.socket: 0.0.0.0:8022
app.contact.tunnel.ssh.user_name: sandcat
app.contact.tunnel.ssh.user_password: ChangeMe                                        # Change this
objects.planners.default: atomic
requirements:
  go:
    command: go version
    type: installed_program
    version: 1.11
  python:
    attr: version
    module: sys
    type: python_module
    version: 3.8.0
host: 0.0.0.0
port: 8888
ability_refresh: 60
plugins:
  - access
  - atomic
  - compass
  - debrief
  - fieldmanual
  - gameboard
  - manx
  - response
  - sandcat
  - stockpile
  - training

Thank you!

@Aquariius
Copy link
Author

Aquariius commented Jan 17, 2025
edited
Loading

Can it have something to do with rabbitmq. what i did is take one docker compose for opencti and openbas.

  nginx:
    image: nginx:latest
    volumes:
      - /opt/opencti/docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - /opt/opencti/docker/nginx/certs:/etc/nginx/certs:ro
    ports:
      - "443:443"
    depends_on:
      - opencti
      - openbas
  redis:
    image: redis:7.4.1
    restart: always
    volumes:
      - redisdata:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 3
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.17.0
    volumes:
      - esdata:/usr/share/elasticsearch/data
    environment:
      # Comment-out the line below for a cluster of multiple nodes
      - discovery.type=single-node
      # Uncomment the line below below for a cluster of multiple nodes
      # - cluster.name=docker-cluster
      - xpack.ml.enabled=false
      - xpack.security.enabled=false
      - thread_pool.search.queue_size=5000
      - logger.org.elasticsearch.discovery="ERROR"
      - "ES_JAVA_OPTS=-Xms${ELASTIC_MEMORY_SIZE} -Xmx${ELASTIC_MEMORY_SIZE}"
    restart: always
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    healthcheck:
      test: curl -s http://elasticsearch:9200 >/dev/null || exit 1
      interval: 30s
      timeout: 10s
      retries: 50
  minio:
    image: minio/minio:RELEASE.2024-05-28T17-19-04Z # Use "minio/minio:RELEASE.2024-05-28T17-19-04Z-cpuv1" to troubleshoot compatibility issues with CPU
    volumes:
      - s3data:/data
    ports:
      - "9000:9000"
    environment:
      MINIO_ROOT_USER: ${MINIO_ROOT_USER}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}    
    command: server /data
    restart: always
    healthcheck:
      test: ["CMD", "mc", "ready", "local"]
      interval: 10s
      timeout: 5s
      retries: 3
  rabbitmq:
    image: rabbitmq:4.0-management
    environment:
      - RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER}
      - RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS}
      - RABBITMQ_NODENAME=rabbit01@localhost
    volumes:
      - amqpdata:/var/lib/rabbitmq
    restart: always
    healthcheck:
      test: rabbitmq-diagnostics -q ping
      interval: 30s
      timeout: 30s
      retries: 3
  opencti:
    image: opencti/platform:6.4.5
    environment:
      - NODE_OPTIONS=--max-old-space-size=8096
      - APP__PORT=8080
      - APP__BASE_URL=${OPENCTI_BASE_URL}
      - APP__ADMIN__EMAIL=${OPENCTI_ADMIN_EMAIL}
      - APP__ADMIN__PASSWORD=${OPENCTI_ADMIN_PASSWORD}
      - APP__ADMIN__TOKEN=${OPENCTI_ADMIN_TOKEN}
      - APP__APP_LOGS__LOGS_LEVEL=error
      - APP__GRAPHQL__PLAYGROUND__FORCE_DISABLED_INTROSPECTION=false
      - NODE_OPTIONS=--max-old-space-size=4096
      - REDIS__HOSTNAME=redis
      - REDIS__PORT=6379
      - ELASTICSEARCH__URL=http://elasticsearch:9200
      - ELASTICSEARCH__NUMBER_OF_REPLICAS=0
      - ELASTIC_MEMORY_SIZE=4G
      - MINIO__ENDPOINT=minio
      - MINIO__PORT=9000
      - MINIO__USE_SSL=false
      - MINIO__ACCESS_KEY=${MINIO_ROOT_USER}
      - MINIO__SECRET_KEY=${MINIO_ROOT_PASSWORD}
      - RABBITMQ__HOSTNAME=rabbitmq
      - RABBITMQ__PORT=5672
      - RABBITMQ__PORT_MANAGEMENT=15672
      - RABBITMQ__MANAGEMENT_SSL=false
      - RABBITMQ__USERNAME=${RABBITMQ_DEFAULT_USER}
      - RABBITMQ__PASSWORD=${RABBITMQ_DEFAULT_PASS}
      - SMTP__HOSTNAME=${SMTP_HOSTNAME}
      - SMTP__PORT=25
      - PROVIDERS__LOCAL__STRATEGY=LocalStrategy
      - APP__HEALTH_ACCESS_KEY=${OPENCTI_HEALTHCHECK_ACCESS_KEY}
      - XTM__OPENBAS_URL=http://cti.domain.com:8080
      - XTM__OPENBAS_TOKEN=REDACTED
    depends_on:
      redis:
        condition: service_healthy
      elasticsearch:
        condition: service_healthy
      minio:
        condition: service_healthy
      rabbitmq:
        condition: service_healthy
    restart: always
    healthcheck:
      test:  ["CMD", "wget", "-qO-", "http://opencti:8080/health?health_access_key=${OPENCTI_HEALTHCHECK_ACCESS_KEY}"]
      interval: 10s
      timeout: 5s
      retries: 20
  worker:
    image: opencti/worker:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - WORKER_LOG_LEVEL=info
    depends_on:
      opencti:
        condition: service_healthy
    deploy:
      mode: replicated
      replicas: 3
    restart: always
  connector-export-file-stix:
    image: opencti/connector-export-file-stix:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
      - CONNECTOR_NAME=ExportFileStix2
      - CONNECTOR_SCOPE=application/json
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-export-file-csv:
    image: opencti/connector-export-file-csv:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
      - CONNECTOR_NAME=ExportFileCsv
      - CONNECTOR_SCOPE=text/csv
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-export-file-txt:
    image: opencti/connector-export-file-txt:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
      - CONNECTOR_NAME=ExportFileTxt
      - CONNECTOR_SCOPE=text/plain
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-import-file-stix:
    image: opencti/connector-import-file-stix:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
      - CONNECTOR_NAME=ImportFileStix
      - CONNECTOR_VALIDATE_BEFORE_IMPORT=true # Validate any bundle before import
      - CONNECTOR_SCOPE=application/json,text/xml
      - CONNECTOR_AUTO=true # Enable/disable auto-import of file
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-import-document:
    image: opencti/connector-import-document:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
      - CONNECTOR_NAME=ImportDocument
      - CONNECTOR_VALIDATE_BEFORE_IMPORT=true # Validate any bundle before import
      - CONNECTOR_SCOPE=application/pdf,text/plain,text/html
      - CONNECTOR_AUTO=true # Enable/disable auto-import of file
      - CONNECTOR_ONLY_CONTEXTUAL=false # Only extract data related to an entity (a report, a threat actor, etc.)
      - CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_LOG_LEVEL=info
      - IMPORT_DOCUMENT_CREATE_INDICATOR=true
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-analysis:
    image: opencti/connector-import-document:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_TYPE=INTERNAL_ANALYSIS
      - CONNECTOR_NAME=ImportDocumentAnalysis
      - CONNECTOR_VALIDATE_BEFORE_IMPORT=false # Validate any bundle before import
      - CONNECTOR_SCOPE=application/pdf,text/plain,text/html
      - CONNECTOR_AUTO=true # Enable/disable auto-import of file
      - CONNECTOR_ONLY_CONTEXTUAL=false # Only extract data related to an entity (a report, a threat actor, etc.)
      - CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-alienvault:
    image: opencti/connector-alienvault:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_NAME=AlienVault
      - CONNECTOR_SCOPE=alienvault
      - CONNECTOR_LOG_LEVEL=error
      - CONNECTOR_DURATION_PERIOD=PT30M # In ISO8601 Format starting with "P" for Period ex: "PT30M" = Period time of 30 minutes
      - ALIENVAULT_BASE_URL=https://otx.alienvault.com
      - ALIENVAULT_API_KEY=REDACTED
      - ALIENVAULT_TLP=White
      - ALIENVAULT_CREATE_OBSERVABLES=true
      - ALIENVAULT_CREATE_INDICATORS=true
      - ALIENVAULT_PULSE_START_TIMESTAMP=2024-01-01T00:00:00                  # BEWARE! Could be a lot of pulses!
      - ALIENVAULT_REPORT_TYPE=threat-report
      - ALIENVAULT_REPORT_STATUS=New
      - ALIENVAULT_GUESS_MALWARE=true                                        # Use tags to guess malware.
      - ALIENVAULT_GUESS_CVE=true                                         # Use tags to guess CVE.
      - ALIENVAULT_EXCLUDED_PULSE_INDICATOR_TYPES=FileHash-MD5,FileHash-SHA256  # Excluded Pulse indicator types.
      - ALIENVAULT_ENABLE_RELATIONSHIPS=true                                  # Enable/Disable relationship creation between SDOs.
      - ALIENVAULT_ENABLE_ATTACK_PATTERNS_INDICATES=true                     # Enable/Disable "indicates" relationships between indicators and attack patterns
      - ALIENVAULT_INTERVAL_SEC=1800
      - ALIENVAULT_DEFAULT_X_OPENCTI_SCORE=50
      - ALIENVAULT_X_OPENCTI_SCORE_IP=60
      - ALIENVAULT_X_OPENCTI_SCORE_DOMAIN=70
      - ALIENVAULT_X_OPENCTI_SCORE_HOSTNAME=75
      - ALIENVAULT_X_OPENCTI_SCORE_EMAIL=70
      - ALIENVAULT_X_OPENCTI_SCORE_FILE=85
      - ALIENVAULT_X_OPENCTI_SCORE_URL=80
      - ALIENVAULT_X_OPENCTI_SCORE_MUTEX=60
      - ALIENVAULT_X_OPENCTI_SCORE_CRYPTOCURRENCY_WALLET=80
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-mitre:
    image: opencti/connector-mitre:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - "CONNECTOR_NAME=MITRE Datasets"
      - CONNECTOR_SCOPE=tool,report,malware,identity,campaign,intrusion-set,attack-pattern,course-of-action,x-mitre-data-source,x-mitre-data-component,x-mitre-matrix,x-mitre-tactic,x-mitre-collection
      - CONNECTOR_RUN_AND_TERMINATE=false
      - CONNECTOR_LOG_LEVEL=error
      - MITRE_REMOVE_STATEMENT_MARKING=true
      - MITRE_INTERVAL=7 # In days
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-threatfox:
    image: opencti/connector-threatfox:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - "CONNECTOR_NAME=Abuse.ch | ThreatFox"
      - CONNECTOR_SCOPE=ThreatFox
      - CONNECTOR_CONFIDENCE_LEVEL=40 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_LOG_LEVEL=error
      - THREATFOX_CSV_URL=https://threatfox.abuse.ch/export/csv/recent/
      - THREATFOX_IMPORT_OFFLINE=true
      - THREATFOX_CREATE_INDICATORS=true
      - THREATFOX_DEFAULT_X_OPENCTI_SCORE=50
      - THREATFOX_X_OPENCTI_SCORE_IP=60
      - THREATFOX_X_OPENCTI_SCORE_DOMAIN=70
      - THREATFOX_X_OPENCTI_SCORE_URL=75
      - THREATFOX_X_OPENCTI_SCORE_HASH=80
      - THREATFOX_INTERVAL=3 # In days, must be strictly greater than 1
      - THREATFOX_IOC_TO_IMPORT=ip:port,domain,url # List of IOC types to import
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-greynoise-feed:
    image: opencti/connector-greynoise-feed:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_TYPE=EXTERNAL_IMPORT
      - CONNECTOR_NAME=GreyNoiseFeed
      - CONNECTOR_SCOPE=greynoisefeed
      - CONNECTOR_LOG_LEVEL=info
      - GREYNOISE_API_KEY=REDACTED
      - GREYNOISE_FEED_TYPE=malicious
      - GREYNOISE_INDICATOR_SCORE_MALICIOUS=75
      - GREYNOISE_INDICATOR_SCORE_BENIGN=20
      - "GREYNOISE_NAME=GreyNoise Feed"
      - "GREYNOISE_DESCRIPTION=GreyNoise collects and analyzes untargeted, widespread, and opportunistic scan and attack activity that reaches every server directly connected to the Internet."
      - GREYNOISE_LIMIT=10000
      - GREYNOISE_IMPORT_METADATA=false
      - GREYNOISE_INTERVAL=12 # In hours (the connector will always pull last 2 days each run)
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-ransomware:
    image: opencti/connector-ransomwarelive:6.4.5
    container_name: ransomware-connector
    environment:
      # Connector's definition parameters:
      - CONNECTOR_NAME=Ransomware Connector
      - CONNECTOR_SCOPE=identity,attack-pattern,course-of-action,intrusion-set,malware,tool,report
      # Connector's generic execution parameters:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN} #generate user token
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_CONFIDENCE_LEVEL=100 # From 0 (Unknown) to 100 (Fully trusted).
      - CONNECTOR_LOG_LEVEL=info # Log level: debug, info, warn, error
      - CONNECTOR_UPDATE_EXISTING_DATA=true
      - CONNECTOR_PULL_HISTORY=false # If true, the connector will pull the history of the data. But it is not recommended to set it to true as there will a large influx of data.
      - CONNECTOR_HISTORY_START_YEAR=2023 # Data only goes back till 2020
      - CONNECTOR_RUN_EVERY=10m # 10 minutes will be the ideal time
      # Connector's custom execution parameters:
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-cisa-known-exploited-vulnerabilities:
    image: opencti/connector-cisa-known-exploited-vulnerabilities:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - "CONNECTOR_NAME=CISA Known Exploited Vulnerabilities"
      - CONNECTOR_SCOPE=cisa
      - CONNECTOR_RUN_AND_TERMINATE=false
      - CONNECTOR_LOG_LEVEL=error
      - CONNECTOR_DURATION_PERIOD=P2D
      - CISA_CATALOG_URL=https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
      - CISA_CREATE_INFRASTRUCTURES=false
      - CISA_TLP=TLP:CLEAR
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-virustotal:
    image: opencti/connector-virustotal:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_NAME=VirusTotal
      - CONNECTOR_SCOPE=StixFile,Artifact,IPv4-Addr,Domain-Name,Url,Hostname
      - CONNECTOR_AUTO=true # Enable/disable auto-enrichment of observables
      - CONNECTOR_LOG_LEVEL=error
      - CONNECTOR_EXPOSE_METRICS=false
      - VIRUSTOTAL_TOKEN=REDACTED
      - VIRUSTOTAL_MAX_TLP=TLP:AMBER
      - VIRUSTOTAL_REPLACE_WITH_LOWER_SCORE=true # Whether to keep the higher of the VT or existing score (false) or force the score to be updated with the VT score even if its lower than existing score (true).
      # File/Artifact specific config settings
      - VIRUSTOTAL_FILE_CREATE_NOTE_FULL_REPORT=true # Whether or not to include the full report as a Note
      - VIRUSTOTAL_FILE_UPLOAD_UNSEEN_ARTIFACTS=true # Whether to upload artifacts (smaller than 32MB) that VirusTotal has no record of
      - VIRUSTOTAL_FILE_INDICATOR_CREATE_POSITIVES=10 # Create an indicator for File/Artifact based observables once this positive theshold is reached. Note: specify 0 to disable indicator creation
      - VIRUSTOTAL_FILE_INDICATOR_VALID_MINUTES=2880 # How long the indicator is valid for in minutes
      - VIRUSTOTAL_FILE_INDICATOR_DETECT=true # Whether or not to set detection for the indicator to true
      - VIRUSTOTAL_FILE_IMPORT_YARA=true # Whether or not import Crowdsourced YARA rules
      # IP specific config settings
      - VIRUSTOTAL_IP_INDICATOR_CREATE_POSITIVES=10 # Create an indicator for IPv4 based observables once this positive theshold is reached. Note: specify 0 to disable indicator creation
      - VIRUSTOTAL_IP_INDICATOR_VALID_MINUTES=2880 # How long the indicator is valid for in minutes
      - VIRUSTOTAL_IP_INDICATOR_DETECT=true # Whether or not to set detection for the indicator to true
      - VIRUSTOTAL_IP_ADD_RELATIONSHIPS=true # Whether or not to add ASN and location resolution relationships
      # Domain specific config settings
      - VIRUSTOTAL_DOMAIN_INDICATOR_CREATE_POSITIVES=10 # Create an indicator for Domain based observables once this positive theshold is reached. Note: specify 0 to disable indicator creation
      - VIRUSTOTAL_DOMAIN_INDICATOR_VALID_MINUTES=2880 # How long the indicator is valid for in minutes
      - VIRUSTOTAL_DOMAIN_INDICATOR_DETECT=true # Whether or not to set detection for the indicator to true
      - VIRUSTOTAL_DOMAIN_ADD_RELATIONSHIPS=true # Whether or not to add IP resolution relationships
      # URL specific config settings
      - VIRUSTOTAL_URL_UPLOAD_UNSEEN=true # Whether to upload URLs that VirusTotal has no record of for analysis
      - VIRUSTOTAL_URL_INDICATOR_CREATE_POSITIVES=10 # Create an indicator for Url based observables once this positive theshold is reached. Note: specify 0 to disable indicator creation
      - VIRUSTOTAL_URL_INDICATOR_VALID_MINUTES=2880 # How long the indicator is valid for in minutes
      - VIRUSTOTAL_URL_INDICATOR_DETECT=true # Whether or not to set detection for the indicator to true
    deploy:
      mode: replicated
      replicas: 1
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-urlscan-enrichment:
    image: opencti/connector-urlscan-enrichment:6.4.5
    environment:
      # OpenCTI's generic execution parameters:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      # Connector's generic execution parameters:
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_NAME=Urlscan
      - CONNECTOR_SCOPE=url,ipv4-addr,ipv6-addr
      - CONNECTOR_AUTO=false
      - CONNECTOR_LOG_LEVEL=error
      # Connector's custom execution parameters:
      - URLSCAN_ENRICHMENT_API_KEY=REDACTED
      - URLSCAN_ENRICHMENT_API_BASE_URL=https://urlscan.io/api/v1/
      - URLSCAN_ENRICHMENT_IMPORT_SCREENSHOT=true
      - URLSCAN_ENRICHMENT_VISIBILITY=public # Available values : public, unlisted, private
      - URLSCAN_ENRICHMENT_SEARCH_FILTERED_BY_DATE=>now-1y # Available : ">now-1h", ">now-1d", ">now-1y", "[2022 TO 2023]", "[2022/01/01 TO 2023/12/01]"
      - URLSCAN_ENRICHMENT_MAX_TLP=TLP:AMBER # Required, Available values: TLP:CLEAR, TLP:WHITE, TLP:GREEN, TLP:AMBER, TLP:AMBER+STRICT, TLP:RED
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-shodan:
    image: opencti/connector-shodan:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_NAME=Shodan
      - CONNECTOR_SCOPE=IPv4-Addr,Indicator
      - CONNECTOR_AUTO=true
      - CONNECTOR_LOG_LEVEL=error
      - SHODAN_TOKEN=REDACTED
      - SHODAN_MAX_TLP=TLP:AMBER
      - SHODAN_DEFAULT_SCORE=50
      - SHODAN_IMPORT_SEARCH_RESULTS=true
      - SHODAN_CREATE_NOTE=true # Add results to note rather than description
      - SHODAN_USE_ISP_NAME_FOR_ASN=true
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-export-report-pdf:
    image: opencti/connector-export-report-pdf:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_NAME=ExportReportPdf
      - CONNECTOR_SCOPE=application/pdf
      - CONNECTOR_CONFIDENCE_LEVEL=100 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_LOG_LEVEL=error
      - EXPORT_REPORT_PDF_PRIMARY_COLOR=#ff8c00 # The primary color for the output pdf
      - EXPORT_REPORT_PDF_SECONDARY_COLOR=#000000 # The secondary color for the output pdf
      - EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_1=Ited # The first line of your company address
      - EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_2=760 Montée Masson
      - EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_3=Mascouche (Quebec) J7K 3B6
      - EXPORT_REPORT_PDF_COMPANY_PHONE_NUMBER=514-666-4833 # The phone number of your company
      - EXPORT_REPORT_PDF_COMPANY_EMAIL=support@it-ed.com # The email of your company
      - EXPORT_REPORT_PDF_COMPANY_WEBSITE=https://it-ed.com # The website of your company
      - EXPORT_REPORT_PDF_INDICATORS_ONLY=false # Whether or not to only include Observables that are Indicators in the report
      - EXPORT_REPORT_PDF_DEFANG_URLS=true # Replace http in Url observables with hxxp
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-malwarebazaar-recent-additions:
    image: opencti/connector-malwarebazaar-recent-additions:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - "CONNECTOR_NAME=MalwareBazaar Recent Additions"
      - CONNECTOR_LOG_LEVEL=error
      - MALWAREBAZAAR_RECENT_ADDITIONS_API_URL=https://mb-api.abuse.ch/api/v1/
      - MALWAREBAZAAR_RECENT_ADDITIONS_COOLDOWN_SECONDS=300 # Time to wait in seconds between subsequent requests
      - MALWAREBAZAAR_RECENT_ADDITIONS_INCLUDE_TAGS=exe,dll,docm,docx,doc,xls,xlsx,xlsm,js # (Optional) Only download files if any tag matches. (Comma separated)
      - MALWAREBAZAAR_RECENT_ADDITIONS_INCLUDE_REPORTERS= # (Optional) Only download files uploaded by these reporters. (Comma separated)
      - MALWAREBAZAAR_RECENT_ADDITIONS_LABELS=malware-bazaar # (Optional) Labels to apply to uploaded Artifacts. (Comma separated)
      - MALWAREBAZAAR_RECENT_ADDITIONS_LABELS_COLOR=#54483b # Color to use for labels
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-mitre-atlas:
    image: opencti/connector-mitre-atlas:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - "CONNECTOR_NAME=MITRE ATLAS"
      - CONNECTOR_SCOPE=identity,attack-pattern,course-of-action,relationship,x-mitre-collection,x-mitre-matrix,x-mitre-tactic
      - CONNECTOR_CONFIDENCE_LEVEL=75 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_RUN_AND_TERMINATE=false
      - CONNECTOR_LOG_LEVEL=error
      - MITRE_ATLAS_URL=https://raw.githubusercontent.com/mitre-atlas/atlas-navigator-data/main/dist/stix-atlas.json
      - MITRE_ATLAS_INTERVAL=7 # In days, must be strictly greater than 1
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-phishunt:
    image: opencti/connector-phishunt:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - CONNECTOR_NAME=Phishunt
      - CONNECTOR_SCOPE=phishunt
      - CONNECTOR_CONFIDENCE_LEVEL=40 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_LOG_LEVEL=error
      - PHISHUNT_API_KEY= # Optional, if not provided, consume only https://phishunt.io/feed.txt
      - PHISHUNT_CREATE_INDICATORS=true
      - PHISHUNT_DEFAULT_X_OPENCTI_SCORE=40 # Optional: default is 40
      - PHISHUNT_X_OPENCTI_SCORE_DOMAIN=40 # Optional
      - PHISHUNT_X_OPENCTI_SCORE_IP=40 # Optional
      - PHISHUNT_X_OPENCTI_SCORE_URL=60 # Optional
      - PHISHUNT_INTERVAL=3 # In days, must be strictly greater than 1
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-urlhaus:
    image: opencti/connector-urlhaus:6.4.5
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=REDACTED
      - "CONNECTOR_NAME=Abuse.ch URLhaus"
      - CONNECTOR_SCOPE=urlhaus
      - CONNECTOR_CONFIDENCE_LEVEL=40 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_LOG_LEVEL=error
      - URLHAUS_CSV_URL=https://urlhaus.abuse.ch/downloads/csv_recent/
      - URLHAUS_DEFAULT_X_OPENCTI_SCORE=80  # Optional: Defaults to 80.
      - URLHAUS_IMPORT_OFFLINE=true
      - URLHAUS_THREATS_FROM_LABELS=true
      - URLHAUS_INTERVAL=3 # In days, must be strictly greater than 1
    restart: always
    depends_on:
      opencti:
        condition: service_healthy

#-----------------------OPENBAS-----------------------

  pgsql:
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: openbas
    volumes:
      - pgsqldata:/var/lib/postgresql/data
    restart: always
#  minio:
#    image: minio/minio:RELEASE.2024-05-28T17-19-04Z
#    volumes:
#      - s3data:/data
#    ports:
#      - "9000:9000"
#    environment:
#      MINIO_ROOT_USER: ${MINIO_ROOT_USER}
#      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
#    command: server /data
#    restart: always
#  rabbitmq:
#    image: rabbitmq:3.13-management
#    environment:
#      - RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER}
#      - RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS}
#      - RABBITMQ_NODENAME=rabbit01@localhost
#    volumes:
#      - amqpdata:/var/lib/rabbitmq
#    restart: always
  openbas:
    image: openbas/platform:1.10.1
    environment:
      - SERVER_SSL_KEY-STORE-PASSWORD=${KEYSTORE_PASSWORD}
      - OPENBAS_BASE-URL=http://localhost:8080
      - OPENBAS_AUTH-LOCAL-ENABLE=true
      - SPRING_DATASOURCE_URL=jdbc:postgresql://pgsql:5432/openbas
      - SPRING_DATASOURCE_USERNAME=${POSTGRES_USER}
      - SPRING_DATASOURCE_PASSWORD=${POSTGRES_PASSWORD}
      - MINIO_ENDPOINT=minio
      - MINIO_ACCESS-KEY=${MINIO_ROOT_USER}
      - MINIO_ACCESS-SECRET=${MINIO_ROOT_PASSWORD}
      - OPENBAS_RABBITMQ_HOSTNAME=rabbitmq
      - OPENBAS_RABBITMQ_USER=${RABBITMQ_DEFAULT_USER}
      - OPENBAS_RABBITMQ_PASS=${RABBITMQ_DEFAULT_PASS}
      - SPRING_MAIL_HOST=${SPRING_MAIL_HOST}
      - SPRING_MAIL_PORT=${SPRING_MAIL_PORT}
      - SPRING_MAIL_USERNAME=${SPRING_MAIL_USERNAME}
      - SPRING_MAIL_PASSWORD=${SPRING_MAIL_PASSWORD}
      - SPRING_MAIL_PROPERTIES_MAIL_SMTP_AUTH=${SPRING_MAIL_PROPERTIES_MAIL_SMTP_AUTH}
      - SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_ENABLE=${SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_ENABLE}
      - SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_TRUST=*
      - SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_ENABLE=${SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_ENABLE}
      - OPENBAS_MAIL_IMAP_ENABLED=${OPENBAS_MAIL_IMAP_ENABLED}
      - OPENBAS_MAIL_IMAP_HOST=${OPENBAS_MAIL_IMAP_HOST}
      - OPENBAS_MAIL_IMAP_PORT=${OPENBAS_MAIL_IMAP_PORT}
      - OPENBAS_MAIL_IMAP_USERNAME=${SPRING_MAIL_USERNAME}
      - OPENBAS_MAIL_IMAP_PASSWORD=${SPRING_MAIL_PASSWORD}
      - OPENBAS_MAIL_IMAP_AUTH=${OPENBAS_MAIL_IMAP_AUTH}
      - OPENBAS_MAIL_IMAP_SSL_ENABLE=${OPENBAS_MAIL_IMAP_SSL_ENABLE}
      - OPENBAS_MAIL_IMAP_SSL_TRUST=*
      - OPENBAS_MAIL_IMAP_STARTTLS_ENABLE=${OPENBAS_MAIL_IMAP_STARTTLS_ENABLE}
      - OPENBAS_ADMIN_EMAIL=${OPENBAS_ADMIN_EMAIL}
      - OPENBAS_ADMIN_PASSWORD=${OPENBAS_ADMIN_PASSWORD}
      - OPENBAS_ADMIN_TOKEN=${OPENBAS_ADMIN_TOKEN}
      - OPENBAS_XTM_OPENCTI_ENABLE=true
      - OPENBAS_XTM_OPENCTI_URL=http://opencti:8080
      - OPENBAS_XTM_OPENCTI_TOKEN=REDACTED
#      - INJECTOR_CALDERA_URL=http://caldera.domain.com:8888
#      - INJECTOR_CALDERA_ID=REDACTED
#      - INJECTOR_CALDERA_API-KEY=REDACTED
#      - INJECTOR_CALDERA_ENABLE=true
      - EXECUTOR_CALDERA_ENABLE=true
      - EXECUTOR_CALDERA_URL=http://caldera:8888
      - EXECUTOR_CALDERA_PUBLIC-URL=http://caldera.domain.com:8888
      - EXECUTOR_CALDERA_API-KEY=REDACTED
    depends_on:
      - pgsql
      - minio
      - rabbitmq
    restart: always
  collector-mitre-attack:
    image: openbas/collector-mitre-attack:1.10.1
    environment:
      - OPENBAS_URL=http://openbas:8080
      - OPENBAS_TOKEN=${OPENBAS_ADMIN_TOKEN}
      - COLLECTOR_ID=${COLLECTOR_MITRE_ATTACK_ID} # Valid UUIDv4
      - "COLLECTOR_NAME=MITRE ATT&CK"
      - COLLECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      - openbas
  collector-atomic-red-team:
    image: openbas/collector-atomic-red-team:1.10.1
    environment:
      - OPENBAS_URL=http://openbas:8080
      - OPENBAS_TOKEN=${OPENBAS_ADMIN_TOKEN}
      - COLLECTOR_ID=${COLLECTOR_ATOMIC_RED_TEAM_ID} # Valid UUIDv4
      - "COLLECTOR_NAME=Atomic Red Team"
      - COLLECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      - openbas
  caldera:
    image: openbas/caldera-server:5.0.0
    restart: always
    ports:
      - "8888:8888"
    environment:
      CALDERA_URL: http://caldera.domain.com:8888
    volumes:
      - type: bind
        source: caldera.yml
        target: /usr/src/app/conf/local.yml
volumes:
  pgsqldata:
  s3data:
  amqpdata:
  esdata:
  redisdata:

@RomuDeuxfois
Copy link
Member

I don't think so.
It seems to come from Caldera.
To be sure, you can lauch OpenBAS by disabled the Caldera executor and see if everything is working well.

@Aquariius
Copy link
Author

Yes it work well without the caldera

@RomuDeuxfois
Copy link
Member

The issue likely stems from the communication between OpenBAS and Caldera, I suppose.
I’ve updated the Docker Compose repository with all the necessary information to run Caldera side by side.
https://github.com/OpenBAS-Platform/docker

I changed this variables to be able to run without error your docker compose file
EXECUTOR_CALDERA_API-KEY=ChangeMe based on the caldera.yaml file and this variable -> api_key_red: ChangeMe

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RomuDeuxfois RomuDeuxfois

Labels
bug use for describing something not working as expected community use to identify PR from community
Projects
None yet
Milestone
Bugs backlog
Development

No branches or pull requests
3 participants
@EllynBsc @RomuDeuxfois @Aquariius