[KB8315] ESET Threat Intelligence with OpenCTI

Issue

  • You need to utilize the OpenCTI TAXII2 Connector to ingest ESET Threat Intelligence feed data

Solution

Before you proceed

For a list of all available OpenCTI integrations, see OpenCTI Ecosystem.

For information on how to set up OpenCTI connectors, see OpenCTI Connectors.

  1. Access OpenCTI TAXII2 Connector GitHub. In this example, we utilize OpenCTI TAXII2 connector integration using docker-compose as a preferred installation type.

  2. Double-click docker-compose.yml to open docker_compose.yml from the OpenCTI TAXII2 Connector on the GitHub repository.

    Figure 1-1
  3. Copy the content of the OpenCTI TAXII2 Connector docker-compose.yml file and replace the configuration variables. Read more about the configuration and installation of the OpenCTI TAXII2 Connector.

    • OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
    • CONNECTOR_ID=${CONNECTOR_TAXII2_ID}
    • TAXII2_DISCOVERY_URL= URL of ETI TAXII 2.x discovery
    • TAXII2_USERNAME=ESET Threat Intelligence username
    • TAXII2_PASSWORD=ESET Threat Intelligence password
    Environment variables

    You can utilize the environment variables using the docker-compose command.

    Environment variables:

    OPENCTI_ADMIN_TOKEN =$(cat /proc/sys/kernel/random/uuid)
    CONNECTOR_TAXII2_ID=$(cat /proc/sys/kernel/random/uuid) 
    Figure 1-2