[docker] Adapt opensearch docker compose

SamuelHassine · SamuelHassine · commit 2d86552b07fb · 2025-12-12T11:54:28.000+01:00
diff --git a/docker-compose.opensearch.yml b/docker-compose.opensearch.yml
@@ -1,4 +1,9 @@
 services:
+  
+  ###########################
+  # DEPENDENCIES            #
+  ###########################
+
   # Generate RSA key for xtm-composer (PKCS#8 format)
   rsa-key-generator:
     image: alpine/openssl:3.5.2
@@ -81,16 +86,48 @@ services:
       interval: 30s
       timeout: 30s
       retries: 3
+
+  ###########################
+  # COMMON                  #
+  ###########################
+
+  xtm-composer:
+    image: filigran/xtm-composer:1.0.1
+    platform: linux/amd64
+    environment:
+      - MANAGER__ID=${XTM_COMPOSER_ID}
+      - MANAGER__NAME=OpenCTI Connector Manager
+      - MANAGER__CREDENTIALS_KEY_FILEPATH=/keys/private_key.pem
+      - OPENCTI__ENABLE=true
+      - OPENCTI__URL=http://opencti:8080
+      - OPENCTI__TOKEN=${OPENCTI_ADMIN_TOKEN}
+      - OPENCTI__DAEMON__SELECTOR=docker
+      - OPENCTI__DAEMON__DOCKER__NETWORK_MODE=${COMPOSE_PROJECT_NAME}_default
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - rsakeys:/keys:ro  # RSA key mounted as read-only
+    depends_on:
+      rsa-key-generator:
+        condition: service_healthy
+      opencti:
+        condition: service_healthy
+      rabbitmq:
+        condition: service_healthy
+    restart: always
+
+  ###########################
+  # OPENCTI                 #
+  ###########################
+  
   opencti:
-    image: opencti/platform:6.8.17
+    image: opencti/platform:6.9.0
     environment:
       - NODE_OPTIONS=--max-old-space-size=8096
       - APP__PORT=8080
-      - APP__BASE_URL=${OPENCTI_BASE_URL}
+      - APP__BASE_URL=${OPENCTI_EXTERNAL_SCHEME}://${OPENCTI_HOST}:${OPENCTI_PORT}
       - APP__ADMIN__EMAIL=${OPENCTI_ADMIN_EMAIL}
       - APP__ADMIN__PASSWORD=${OPENCTI_ADMIN_PASSWORD}
       - APP__ADMIN__TOKEN=${OPENCTI_ADMIN_TOKEN}
-      - APP__APP_LOGS__LOGS_LEVEL=error
       - REDIS__HOSTNAME=redis
       - REDIS__PORT=6379
       - ELASTICSEARCH__URL=http://opensearch:9200
@@ -113,11 +150,11 @@ services:
       - PROVIDERS__LOCAL__STRATEGY=LocalStrategy
       - APP__HEALTH_ACCESS_KEY=${OPENCTI_HEALTHCHECK_ACCESS_KEY}
     ports:
-      - "8080:8080"
+      - "${OPENCTI_PORT}:8080"
     depends_on:
       redis:
         condition: service_healthy
-      opensearch:
+      elasticsearch:
         condition: service_healthy
       minio:
         condition: service_healthy
@@ -130,62 +167,63 @@ services:
       timeout: 5s
       retries: 20
   worker:
-    image: opencti/worker:6.8.17
+    image: opencti/worker:6.9.0
     environment:
       - OPENCTI_URL=http://opencti:8080
       - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
-      - WORKER_LOG_LEVEL=info
     depends_on:
       opencti:
         condition: service_healthy
     deploy:
       mode: replicated
       replicas: 3
     restart: always
+
+  ###########################
+  # OPENCTI CONNECTORS      #
+  ###########################
+
   connector-export-file-stix:
-    image: opencti/connector-export-file-stix:6.8.17
+    image: opencti/connector-export-file-stix:6.9.0
     environment:
       - OPENCTI_URL=http://opencti:8080
       - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
       - CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_STIX_ID} # Valid UUIDv4
       - CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
       - CONNECTOR_NAME=ExportFileStix2
       - CONNECTOR_SCOPE=application/json
-      - CONNECTOR_LOG_LEVEL=info
     restart: always
     depends_on:
       opencti:
         condition: service_healthy
   connector-export-file-csv:
-    image: opencti/connector-export-file-csv:6.8.17
+    image: opencti/connector-export-file-csv:6.9.0
     environment:
       - OPENCTI_URL=http://opencti:8080
       - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
       - CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_CSV_ID} # Valid UUIDv4
       - CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
       - CONNECTOR_NAME=ExportFileCsv
       - CONNECTOR_SCOPE=text/csv
-      - CONNECTOR_LOG_LEVEL=info
     restart: always
     depends_on:
       opencti:
         condition: service_healthy
   connector-export-file-txt:
-    image: opencti/connector-export-file-txt:6.8.17
+    image: opencti/connector-export-file-txt:6.9.0
     environment:
       - OPENCTI_URL=http://opencti:8080
       - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
       - CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_TXT_ID} # Valid UUIDv4
       - CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
       - CONNECTOR_NAME=ExportFileTxt
       - CONNECTOR_SCOPE=text/plain
-      - CONNECTOR_LOG_LEVEL=info
     restart: always
     depends_on:
       opencti:
         condition: service_healthy
   connector-import-file-stix:
-    image: opencti/connector-import-file-stix:6.8.17
+    image: opencti/connector-import-file-stix:6.9.0
     environment:
       - OPENCTI_URL=http://opencti:8080
       - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
@@ -195,13 +233,12 @@ services:
       - CONNECTOR_VALIDATE_BEFORE_IMPORT=true # Validate any bundle before import
       - CONNECTOR_SCOPE=application/json,text/xml
       - CONNECTOR_AUTO=true # Enable/disable auto-import of file
-      - CONNECTOR_LOG_LEVEL=info
     restart: always
     depends_on:
       opencti:
         condition: service_healthy
   connector-import-document:
-    image: opencti/connector-import-document:6.8.17
+    image: opencti/connector-import-document:6.9.0
     environment:
       - OPENCTI_URL=http://opencti:8080
       - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
@@ -212,14 +249,28 @@ services:
       - CONNECTOR_SCOPE=application/pdf,text/plain,text/html
       - CONNECTOR_AUTO=true # Enable/disable auto-import of file
       - CONNECTOR_ONLY_CONTEXTUAL=false # Only extract data related to an entity (a report, a threat actor, etc.)
-      - CONNECTOR_LOG_LEVEL=info
       - IMPORT_DOCUMENT_CREATE_INDICATOR=true
     restart: always
     depends_on:
       opencti:
         condition: service_healthy
+  connector-import-file-yara:
+    image: opencti/connector-import-file-yara:6.9.0
+    environment:
+      - OPENCTI_URL=http://opencti:8080
+      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
+      - CONNECTOR_ID=${CONNECTOR_IMPORT_FILE_YARA_ID} # Valid UUIDv4
+      - CONNECTOR_NAME=ImportFileYARA
+      - CONNECTOR_VALIDATE_BEFORE_IMPORT=true # Validate any bundle before import
+      - CONNECTOR_SCOPE=text/yara+plain
+      - CONNECTOR_AUTO=false # Enable/disable auto-import of file
+      - YARA_IMPORT_FILE_SPLIT_RULES=true
+    restart: always
+    depends_on:
+      opencti:
+        condition: service_healthy
   connector-analysis:
-    image: opencti/connector-import-document:6.8.17
+    image: opencti/connector-import-document:6.9.0
     environment:
       - OPENCTI_URL=http://opencti:8080
       - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
@@ -230,34 +281,52 @@ services:
       - CONNECTOR_SCOPE=application/pdf,text/plain,text/html
       - CONNECTOR_AUTO=true # Enable/disable auto-import of file
       - CONNECTOR_ONLY_CONTEXTUAL=false # Only extract data related to an entity (a report, a threat actor, etc.)
-      - CONNECTOR_LOG_LEVEL=info
     restart: always
     depends_on:
       opencti:
         condition: service_healthy
-  xtm-composer:
-    image: filigran/xtm-composer:1.0.1
-    platform: linux/amd64
+  connector-import-external-reference:
+    image: opencti/connector-import-external-reference:6.9.0
     environment:
-      - MANAGER__ID=${XTM_COMPOSER_ID}
-      - MANAGER__NAME=OpenCTI Connector Manager
-      - MANAGER__CREDENTIALS_KEY_FILEPATH=/keys/private_key.pem
-      - OPENCTI__ENABLE=true
-      - OPENCTI__URL=http://opencti:8080
-      - OPENCTI__TOKEN=${OPENCTI_ADMIN_TOKEN}
-      - OPENCTI__DAEMON__SELECTOR=docker
-      - OPENCTI__DAEMON__DOCKER__NETWORK_MODE=${COMPOSE_PROJECT_NAME}_default
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - rsakeys:/keys:ro  # RSA key mounted as read-only
+      - OPENCTI_URL=http://opencti:8080
+      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
+      - CONNECTOR_ID=${CONNECTOR_IMPORT_EXTERNAL_REFERENCE_ID}
+      - CONNECTOR_NAME=ImportExternalReference
+    restart: always
     depends_on:
-      rsa-key-generator:
-        condition: service_healthy
       opencti:
-        condition: service_healthy
-      rabbitmq:
-        condition: service_healthy
+        condition: service_healthy          
+
+  ###########################
+  # OPENCTI DEFAULT DATA    #
+  ###########################
+
+  connector-opencti:
+    image: opencti/connector-opencti:6.9.0
+    environment:
+      - OPENCTI_URL=http://opencti:8080
+      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
+      - CONNECTOR_ID=${CONNECTOR_OPENCTI_ID}
+      - "CONNECTOR_NAME=OpenCTI Datasets"
+      - CONNECTOR_SCOPE=marking-definition,identity,location
+      - CONNECTOR_AUTO_CREATE_SERVICE_ACCOUNT=true
+      - CONNECTOR_AUTO_CREATE_SERVICE_ACCOUNT_CONFIDENCE_LEVEL=100
     restart: always
+    depends_on:
+      opencti:
+        condition: service_healthy      
+  connector-mitre:
+    image: opencti/connector-mitre:6.9.0
+    environment:
+      - OPENCTI_URL=http://opencti:8080
+      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
+      - CONNECTOR_ID=${CONNECTOR_MITRE_ID}
+      - CONNECTOR_AUTO_CREATE_SERVICE_ACCOUNT=true
+      - CONNECTOR_AUTO_CREATE_SERVICE_ACCOUNT_CONFIDENCE_LEVEL=75      
+    restart: always
+    depends_on:
+      opencti:
+        condition: service_healthy 
 
 volumes:
   esdata:
