I’m about to start hosting an OpenCTI instance for work and was looking for advice on pretty much everything. I’m new to self hosting and was wondering if anyone had any advice or helpful guides (storage space, config tips, etc).

I’m looking to set up an OCTI server as a docker container behind nginx. I’d love to practice at home so this is sort of relevant to the community. Have you done this, what did you learn, do you have any things I should watch out for?

  • JoshCodes@programming.devOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 months ago

    I’m thinking data entry for threat hunters, and integrations with our other platforms apis but I couldn’t say anything specific. SSDs are a good shout, I might have tried setting it up with hdds if you hadn’t said.

    Did you find it easier to add connectors in seperate docker containers or within the main octi container?

    It feels like there’s a pretty high ceiling for this platform and the data you can generate. Do you find it easy to create good data? Do you have any habits?

    I’m pretty keen to learn so feel free to answer what you can.