-
Notifications
You must be signed in to change notification settings - Fork 394
/
docker-compose.yml
46 lines (46 loc) · 3.57 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
version: "3"
services:
connector-misp:
image: opencti/connector-misp:6.3.1
environment:
- OPENCTI_URL=http://localhost
- OPENCTI_TOKEN=ChangeMe
- CONNECTOR_ID=ChangeMe
- CONNECTOR_NAME=MISP
- CONNECTOR_SCOPE=misp
- CONNECTOR_LOG_LEVEL=error
- CONNECTOR_EXPOSE_METRICS=false
- MISP_URL=http://localhost # Required
- MISP_REFERENCE_URL= # Optional, will be used to create external reference to MISP event (default is "url")
- MISP_KEY=ChangeMe # Required
- MISP_SSL_VERIFY=false # Required
- MISP_DATETIME_ATTRIBUTE=timestamp # Required, filter to be used in query for new MISP events
- MISP_DATE_FILTER_FIELD=timestamp # Required, field to filter on date
- MISP_REPORT_DESCRIPTION_ATTRIBUTE_FILTER= # Optional, filter to be used to find the attribute with report description (example: "type=comment,category=Internal reference")
- MISP_CREATE_REPORTS=true # Required, create report for MISP event
- MISP_CREATE_INDICATORS=true # Required, create indicators from attributes
- MISP_CREATE_OBSERVABLES=true # Required, create observables from attributes
- MISP_CREATE_OBJECT_OBSERVABLES=true # Required, create text observables for MISP objects
- MISP_CREATE_TAGS_AS_LABELS=true # Optional, create tags as labels (sanitize MISP tag to OpenCTI labels)
- MISP_GUESS_THREAT_FROM_TAGS=false # Optional, try to guess threats (threat actor, intrusion set, malware, etc.) from MISP tags when they are present in OpenCTI
- MISP_AUTHOR_FROM_TAGS=false # Optional, map creator:XX=YY (author of event will be YY instead of the author of the event)
- MISP_MARKINGS_FROM_TAGS=false # Optional, map marking:XX=YY (in addition to TLP, add XX:YY as marking definition, where XX is marking type, YY is marking value)
- MISP_ENFORCE_WARNING_LIST=false # Optional, enforce warning list in MISP queries
- MISP_REPORT_TYPE=misp-event # Optional, report_class if creating report for event
- MISP_IMPORT_FROM_DATE=2000-01-01 # Required, import all event from this date
- MISP_IMPORT_TAGS=opencti:import,type:osint # Optional, list of tags used for import events
- MISP_IMPORT_TAGS_NOT= # Optional, list of tags to not include
- MISP_IMPORT_CREATOR_ORGS= # Optional, only import events created by those orgs (put the identifiers here)
- MISP_IMPORT_CREATOR_ORGS_NOT= # Optional, do not import events created by those orgs (put the identifiers here)
- MISP_IMPORT_OWNER_ORGS= # Optional, only import events owned by those orgs (put the identifiers here)
- MISP_IMPORT_OWNER_ORGS_NOT= # Optional, do not import events owned by those orgs (put the identifiers here)
- MISP_IMPORT_KEYWORD= # Optional, search only events based on a keyword
- MISP_IMPORT_DISTRIBUTION_LEVELS= # Optional, only import events with the given distribution levels (ex: 0,1,2,3)
- MISP_IMPORT_THREAT_LEVELS= # Optional only import events with the given threat levels (ex: 1,2,3,4)
- MISP_IMPORT_ONLY_PUBLISHED=false
- MISP_IMPORT_WITH_ATTACHMENTS=false # Optional, try to import a PDF file from the attachment attribute
- MISP_IMPORT_TO_IDS_NO_SCORE=40 # Optional, use as a score for the indicator/observable if the attribute to_ids is no
- MISP_IMPORT_UNSUPPORTED_OBSERVABLES_AS_TEXT=false # Optional, import unsupported observable as x_opencti_text
- MISP_IMPORT_UNSUPPORTED_OBSERVABLES_AS_TEXT_TRANSPARENT=true # Optional, import unsupported observable as x_opencti_text just with the value
- MISP_INTERVAL=5 # Required, in minutes
restart: always