diff --git a/docs/deployment/configuration.md b/docs/deployment/configuration.md index 7845d5c..e3b57d7 100644 --- a/docs/deployment/configuration.md +++ b/docs/deployment/configuration.md @@ -69,7 +69,7 @@ Here are the configuration keys, for both containers (environment variables) and ### Dependencies -#### XTM Suite: OpenCTI +#### XTM Suite: OpenCTI (Classic API) | Parameter | Environment variable | Default value | Description | |:------------------------------------|:------------------------------------|:--------------|:----------------------------------------------------------------------------------------------------| @@ -79,6 +79,19 @@ Here are the configuration keys, for both containers (environment variables) and | openbas.xtm.opencti.token | OPENBAS_XTM_OPENCTI_TOKEN | | OpenCTI token | | openbas.xtm.opencti.disable-display | OPENBAS_XTM_OPENCTI_DISABLE-DISPLAY | `false` | Disable OpenCTI in the UI | +#### XTM Suite: OpenCTI (Connector) + +You can configure connectors individually, on the basis of a single connector per connector type per OpenAEV instance. + +Currently, the only supported connector is "OpenAEV Coverage" (aka Security Coverage). + +| Parameter | Environment variable | Default value | Description | +|:--------------------------------------------------------------------|:--------------------------------------------------------------------|:--------------|:--------------------------------------------------------------------------------------------------------------| +| openaev.xtm.opencti.connector.security-coverage.url | OPENAEV_XTM_OPENCTI_CONNECTOR_SECURITY-COVERAGE_URL | | Root URL (FQDN) to the OpenCTI instance to connect with the Connector. Example: `https://opencti.example` | +| openaev.xtm.opencti.connector.security-coverage.id | OPENAEV_XTM_OPENCTI_CONNECTOR_SECURITY-COVERAGE_ID | | Unique ID for the Connector. Will be visible to the target OpenCTI instance. | +| openaev.xtm.opencti.connector.security-coverage.auth-token | OPENAEV_XTM_OPENCTI_CONNECTOR_SECURITY-COVERAGE_AUTH-TOKEN | | An OpenCTI API token that is valid on the configured OpenCTI instance. Ask the OpenCTI administrator for one. | + + #### XTM Suite: XTM Hub | Parameter | Environment variable | Default value | Description | diff --git a/docs/usage/assets/active_openaev_connector_in_opencti.png b/docs/usage/assets/active_openaev_connector_in_opencti.png new file mode 100644 index 0000000..c42e68b Binary files /dev/null and b/docs/usage/assets/active_openaev_connector_in_opencti.png differ diff --git a/docs/usage/xtm_suite_connector.md b/docs/usage/xtm_suite_connector.md new file mode 100644 index 0000000..7ad6139 --- /dev/null +++ b/docs/usage/xtm_suite_connector.md @@ -0,0 +1,32 @@ +# XTM Suite: automated enrichment of Security Coverage + +!!! tip "Under construction" + + We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). + + +OpenAEV enables other products from the XTM Suite to benefit from a comprehensive Security Coverage enrichment for a given Adversarial Exposure scenario. +This means that OpenAEV can be triggered via an XTM Suite product to execute a scenario based on a desired scenario, and results from the scenario execution such as Detection rate, Prevention rate... can +be returned to the triggering product for ingestion. + +This feature is currently available for the following product: + +* OpenCTI + +## Automated enrichment for OpenCTI + +### Ensuring an up and running OpenCTI instance +This feature requires an active OpenCTI instance. Refer to the [OpenCTI documentation](https://docs.opencti.io/latest/) for enabling this instance. + +Once the OpenCTI instance is up and running, make sure to obtain these two settings: + +* The instance's full domain name (i.e. _https://opencti.domain.example_) +* A valid API Token associated with an account with sufficient privileges (refer to: [Configuring the Connector API token](https://docs.opencti.io/latest/deployment/connectors/#connector-token)) + +### Enabling the Security Coverage connector in OpenAEV +Make sure you set a value for all mandatory configuration keys, following the [Configuration documentation for the Security Coverage Connector](/deployment/configuration#xtm-suite-opencti-connector). + +### Use OpenCTI to trigger security coverage enrichments seamlessly +The connector is now up and running and should be visible in OpenCTI as _OpenAEV Coverage_. +![Active OpenAEV Coverage connector in OpenCTI](assets/active_openaev_connector_in_opencti.png) +Refer to the [OpenCTI documentation](https://docs.opencti.io/latest/) for how to trigger the enabled connector to get automated enriched security posture assessments with OpenAEV. \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index 28c40df..ca227de 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -144,6 +144,7 @@ nav: - Dashboards: - Custom Dashboards: usage/dashboards/custom-dashboards/custom-dashboards.md - Widgets: usage/dashboards/widgets/widgets.md + - Security Coverage enrichment (XTM Suite): usage/xtm_suite_connector.md - Build your own Threat Scenario: - Scenario: usage/scenario.md - Generating Scenario from OpenCTI: usage/scenario/opencti_scenario.md