Ingest data C2 Tracker Data into an OpenCTI instance.
- Import C2 Tracker IOCs as Indicators in OpenCTI in STIX format
- Intelligently manage Indicators
- Delete indicators if they are no longer seen in C2 Tracker
- Use "c2-tracker" label to avoid deleting unrelated IOCs
- Link indicators to MITRE tools and malware (requires MITRE Connector)
- Docker compose file is configured to automatically launch the image on boot
- The script will automatically restart if an error is encountered
- Create a user with "Connector" & "Default" roles, take note of the Token that is made and put it in an environment variable called
OPENCTI_C2TRACKER_TOKEN - Download the repo:
git clone https://github.com/montysecurity/C2-Tracker.git - Navigate to connector:
cd C2-Tracker/opencti-connector/ - Review
docker-compose.ymland updateOPENCTI_URLif necessary - Run
docker-compose up -d
Requires Python 3
- Create a user with "Connector" & "Default" roles, take note of the Token that is made and put it in an environment variable called
OPENCTI_C2TRACKER_TOKEN - Download the repo:
git clone https://github.com/montysecurity/C2-Tracker.git - Navigate to connector:
cd C2-Tracker/opencti-connector/ - Review
src/connector.pyvariablesapi_urlandapi_token; set environment variableOPENCTI_URL - Install packages:
pip3 install --upgrade pip && pip3 install requests pycti - Run
src/connector.py - Set Cron Job or Service to run
src/connector.pywhen OpenCTI starts up
There is a script at opencti-connector/src/purge.py that is not executed by the docker container. It solely exists to allow the operator to easily delete all of the indicators that were made by this connector. It relies on the label c2-tracker to identify those.