The Problem Statement

I’ve been wanting to fiddle around with OpenCTI for some time now. I finally found the time, so I went to https://opencti.io and took a look at the documentation. Unfortunately, it’s hosted on Notion.so and seems to be a bit .. flakey/unreachable. Luckily I found both a Docker download and a OVA virtual machine template. Since I’m not very well versed in Docker, I decided to take the OVA route.

So, I’ve downloaded the latest OVA release, imported it into VirtualBox and started it up. The documentation warned me that starting it up for the first time might take 3-5 minutes, so I waited for a bit before browsing to http://$(IP-ADDRESS):8080. Unfortunately peanut butter, Unable to connect. A quick netstat -tlpn on the box confirmed there is nothing listening on port 8080.

So that’s where we are now.

Update 2021

It’s been a while, I know.. I never did manage to get the OVA release to work. However, I did try an installation from scratch, using the installation scripts and tools. Aside from some package incompatibilities due to Debian lagging a bit behind (easily fixed by adding repositories for the concerning packages), installation went quite smoothly.

As for usage, that’s a different story. I find OpenCTI to be a bit opaque in terms of how you’re supposed to model your information. The documentation seems to be lacking in this regard. Seeing as there are quite some high profile, mature organisations using it, I’m sure there’s a way. It’s just that I haven’t found it yet. When I have some more time, I’m going to see if there are perhaps conferences, training sessions or similar available.