Docker-compose Macbook Compatibility

[ftrezza-tc]

the following changes are needed for this to work on a mac with apple silicon (ARM) for compatibility

services:

###########################

DEPENDENCIES

###########################

Generate RSA key for xtm-composer (PKCS#8 format)

rsa-key-generator:
image: alpine/openssl:latest
platform: linux/amd64
volumes:
- rsakeys:/keys
entrypoint: ["/bin/ash"]
command: ["-c", "if [ ! -f /keys/private_key.pem ]; then openssl genpkey -algorithm RSA -out /keys/private_key.pem -pkeyopt rsa_keygen_bits:4096; fi && tail -f /dev/null"]
healthcheck:
test: ["CMD", "test", "-f", "/keys/private_key.pem"]
interval: 10s
timeout: 5s
retries: 3
restart: always
redis:
image: redis:8.6.1
platform: linux/amd64
restart: always
volumes:
- redisdata:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 3
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.19.12
platform: linux/amd64
volumes:
- esdata:/usr/share/elasticsearch/data
environment:
# Comment-out the line below for a cluster of multiple nodes
- discovery.type=single-node
# Uncomment the line below below for a cluster of multiple nodes
# - cluster.name=docker-cluster
- xpack.ml.enabled=false
- xpack.security.enabled=false
- thread_pool.search.queue_size=5000
- logger.org.elasticsearch.discovery="ERROR"
- "ES_JAVA_OPTS=-Xms${ELASTIC_MEMORY_SIZE} -Xmx${ELASTIC_MEMORY_SIZE}"
restart: always
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
healthcheck:
test: ["CMD-SHELL", "curl -s http://elasticsearch:9200/_cluster/health?wait_for_status=yellow >/dev/null || exit 1"]
interval: 5s
timeout: 3s
retries: 50
minio:
image: minio/minio:latest
platform: linux/amd64
volumes:
- s3data:/data
ports:
- "9000:9000"
environment:
MINIO_ROOT_USER: ${MINIO_ROOT_USER}
MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
command: server /data
restart: always
healthcheck:
test: ["CMD", "mc", "ready", "local"]
interval: 10s
timeout: 5s
retries: 3
rabbitmq:
image: rabbitmq:4.2-management
platform: linux/amd64
environment:
- RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER}
- RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS}
- RABBITMQ_NODENAME=rabbit01@localhost
volumes:
- type: bind
source: ./rabbitmq.conf
target: /etc/rabbitmq/rabbitmq.conf
- amqpdata:/var/lib/rabbitmq
restart: always
healthcheck:
test: rabbitmq-diagnostics -q ping
interval: 30s
timeout: 30s
retries: 3

###########################

COMMON

###########################

xtm-composer:
image: filigran/xtm-composer:latest
platform: linux/amd64
environment:
- MANAGER__ID=${XTM_COMPOSER_ID}
- "MANAGER__NAME=XTM Integrations Manager"
- MANAGER__CREDENTIALS_KEY_FILEPATH=/keys/private_key.pem
- OPENCTI__ENABLE=true
- OPENCTI__URL=http://opencti:8080
- OPENCTI__TOKEN=${OPENCTI_ADMIN_TOKEN}
- OPENCTI__DAEMON__SELECTOR=docker
- OPENCTI__DAEMON__DOCKER__NETWORK_MODE=${COMPOSE_PROJECT_NAME}_default
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- rsakeys:/keys:ro # RSA key mounted as read-only
depends_on:
rsa-key-generator:
condition: service_healthy
opencti:
condition: service_healthy
rabbitmq:
condition: service_healthy
restart: always

###########################

OPENCTI

###########################

opencti:
image: opencti/platform:latest
platform: linux/amd64
environment:
- NODE_OPTIONS=--max-old-space-size=8096
- APP__PORT=8080
- APP__BASE_URL=${OPENCTI_EXTERNAL_SCHEME}://${OPENCTI_HOST}:${OPENCTI_PORT}
- APP__ADMIN__EMAIL=${OPENCTI_ADMIN_EMAIL}
- APP__ADMIN__PASSWORD=${OPENCTI_ADMIN_PASSWORD}
- APP__ADMIN__TOKEN=${OPENCTI_ADMIN_TOKEN}
- APP__ENCRYPTION_KEY=${OPENCTI_ENCRYPTION_KEY}
- REDIS__HOSTNAME=redis
- REDIS__PORT=6379
- ELASTICSEARCH__URL=http://elasticsearch:9200
- ELASTICSEARCH__NUMBER_OF_REPLICAS=0
- MINIO__ENDPOINT=minio
- MINIO__PORT=9000
- MINIO__USE_SSL=false
- MINIO__ACCESS_KEY=${MINIO_ROOT_USER}
- MINIO__SECRET_KEY=${MINIO_ROOT_PASSWORD}
- RABBITMQ__HOSTNAME=rabbitmq
- RABBITMQ__PORT=5672
- RABBITMQ__PORT_MANAGEMENT=15672
- RABBITMQ__MANAGEMENT_SSL=false
- RABBITMQ__USERNAME=${RABBITMQ_DEFAULT_USER}
- RABBITMQ__PASSWORD=${RABBITMQ_DEFAULT_PASS}
- SMTP__HOSTNAME=${SMTP_HOSTNAME}
- SMTP__PORT=25
- PROVIDERS__LOCAL__STRATEGY=LocalStrategy
- APP__HEALTH_ACCESS_KEY=${OPENCTI_HEALTHCHECK_ACCESS_KEY}
ports:
- "${OPENCTI_PORT}:8080"
depends_on:
redis:
condition: service_healthy
elasticsearch:
condition: service_healthy
minio:
condition: service_healthy
rabbitmq:
condition: service_healthy
restart: always
healthcheck:
test: ["CMD", "wget", "-qO-", "http://opencti:8080/health?health_access_key=${OPENCTI_HEALTHCHECK_ACCESS_KEY}"]
interval: 10s
timeout: 5s
retries: 20
worker:
image: opencti/worker:latest
platform: linux/amd64
environment:
- OPENCTI_URL=http://opencti:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
depends_on:
opencti:
condition: service_healthy
deploy:
mode: replicated
replicas: 3
restart: always

###########################

OPENCTI CONNECTORS

###########################

connector-export-file-stix:
image: opencti/connector-export-file-stix:latest
platform: linux/amd64
environment:
- OPENCTI_URL=http://opencti:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
- CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_STIX_ID} # Valid UUIDv4
- CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
- CONNECTOR_NAME=ExportFileStix2
- CONNECTOR_SCOPE=application/json
restart: always
depends_on:
opencti:
condition: service_healthy
connector-export-file-csv:
image: opencti/connector-export-file-csv:latest
platform: linux/amd64
environment:
- OPENCTI_URL=http://opencti:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
- CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_CSV_ID} # Valid UUIDv4
- CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
- CONNECTOR_NAME=ExportFileCsv
- CONNECTOR_SCOPE=text/csv
restart: always
depends_on:
opencti:
condition: service_healthy
connector-export-file-txt:
image: opencti/connector-export-file-txt:latest
platform: linux/amd64
environment:
- OPENCTI_URL=http://opencti:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
- CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_TXT_ID} # Valid UUIDv4
- CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
- CONNECTOR_NAME=ExportFileTxt
- CONNECTOR_SCOPE=text/plain
restart: always
depends_on:
opencti:
condition: service_healthy
connector-import-file-stix:
image: opencti/connector-import-file-stix:latest
platform: linux/amd64
environment:
- OPENCTI_URL=http://opencti:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
- CONNECTOR_ID=${CONNECTOR_IMPORT_FILE_STIX_ID} # Valid UUIDv4
- CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
- CONNECTOR_NAME=ImportFileStix
- CONNECTOR_VALIDATE_BEFORE_IMPORT=true # Validate any bundle before import
- CONNECTOR_SCOPE=application/json,text/xml
- CONNECTOR_AUTO=true # Enable/disable auto-import of file
restart: always
depends_on:
opencti:
condition: service_healthy
connector-import-document:
image: opencti/connector-import-document:latest
platform: linux/amd64
environment:
- OPENCTI_URL=http://opencti:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
- CONNECTOR_ID=${CONNECTOR_IMPORT_DOCUMENT_ID} # Valid UUIDv4
- CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
- CONNECTOR_NAME=ImportDocument
- CONNECTOR_VALIDATE_BEFORE_IMPORT=true # Validate any bundle before import
- CONNECTOR_SCOPE=application/pdf,text/plain,text/html
- CONNECTOR_AUTO=true # Enable/disable auto-import of file
- CONNECTOR_ONLY_CONTEXTUAL=false # Only extract data related to an entity (a report, a threat actor, etc.)
- IMPORT_DOCUMENT_CREATE_INDICATOR=true
restart: always
depends_on:
opencti:
condition: service_healthy
connector-import-file-yara:
image: opencti/connector-import-file-yara:latest
platform: linux/amd64
environment:
- OPENCTI_URL=http://opencti:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
- CONNECTOR_ID=${CONNECTOR_IMPORT_FILE_YARA_ID} # Valid UUIDv4
- CONNECTOR_NAME=ImportFileYARA
- CONNECTOR_VALIDATE_BEFORE_IMPORT=true # Validate any bundle before import
- CONNECTOR_SCOPE=text/yara+plain
- CONNECTOR_AUTO=false # Enable/disable auto-import of file
- YARA_IMPORT_FILE_SPLIT_RULES=true
restart: always
depends_on:
opencti:
condition: service_healthy
connector-analysis:
image: opencti/connector-import-document:latest
platform: linux/amd64
environment:
- OPENCTI_URL=http://opencti:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
- CONNECTOR_ID=${CONNECTOR_ANALYSIS_ID} # Valid UUIDv4
- CONNECTOR_TYPE=INTERNAL_ANALYSIS
- CONNECTOR_NAME=ImportDocumentAnalysis
- CONNECTOR_VALIDATE_BEFORE_IMPORT=false # Validate any bundle before import
- CONNECTOR_SCOPE=application/pdf,text/plain,text/html
- CONNECTOR_AUTO=true # Enable/disable auto-import of file
- CONNECTOR_ONLY_CONTEXTUAL=false # Only extract data related to an entity (a report, a threat actor, etc.)
restart: always
depends_on:
opencti:
condition: service_healthy
connector-import-external-reference:
image: opencti/connector-import-external-reference:latest
platform: linux/amd64
environment:
- OPENCTI_URL=http://opencti:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
- CONNECTOR_ID=${CONNECTOR_IMPORT_EXTERNAL_REFERENCE_ID}
- CONNECTOR_NAME=ImportExternalReference
restart: always
depends_on:
opencti:
condition: service_healthy

###########################

OPENCTI DEFAULT DATA

###########################

connector-opencti:
image: opencti/connector-opencti:latest
platform: linux/amd64
environment:
- OPENCTI_URL=http://opencti:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
- CONNECTOR_ID=${CONNECTOR_OPENCTI_ID}
- "CONNECTOR_NAME=OpenCTI Datasets"
- CONNECTOR_SCOPE=marking-definition,identity,location
- CONNECTOR_AUTO_CREATE_SERVICE_ACCOUNT=true
- CONNECTOR_AUTO_CREATE_SERVICE_ACCOUNT_CONFIDENCE_LEVEL=100
restart: always
depends_on:
opencti:
condition: service_healthy
connector-mitre:
image: opencti/connector-mitre:latest
platform: linux/amd64
environment:
- OPENCTI_URL=http://opencti:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
- CONNECTOR_ID=${CONNECTOR_MITRE_ID}
- CONNECTOR_AUTO_CREATE_SERVICE_ACCOUNT=true
- CONNECTOR_AUTO_CREATE_SERVICE_ACCOUNT_CONFIDENCE_LEVEL=75
restart: always
depends_on:
opencti:
condition: service_healthy

volumes:
esdata:
s3data:
redisdata:
amqpdata:
rsakeys: