I’m about to start hosting an OpenCTI instance for work and was looking for advice on pretty much everything. I’m new to self hosting and was wondering if anyone had any advice or helpful guides (storage space, config tips, etc).

I’m looking to set up an OCTI server as a docker container behind nginx. I’d love to practice at home so this is sort of relevant to the community. Have you done this, what did you learn, do you have any things I should watch out for?

  • WanderingCat@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 months ago

    I have this at home and enjoy it. What will your work use it for?

    Resource usage and storage would be the main things to look out for. Octi really does need ssds as hdds will slow it to a crawl, a good amount of ram is nice but not fully a requirement for home use

    • JoshCodesOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      I’m thinking data entry for threat hunters, and integrations with our other platforms apis but I couldn’t say anything specific. SSDs are a good shout, I might have tried setting it up with hdds if you hadn’t said.

      Did you find it easier to add connectors in seperate docker containers or within the main octi container?

      It feels like there’s a pretty high ceiling for this platform and the data you can generate. Do you find it easy to create good data? Do you have any habits?

      I’m pretty keen to learn so feel free to answer what you can.