How to Import Data from OpenCTI Connectors into Elasticsearch/kibana for Task Creation and Data Exchange? - eviltoast
This is an automated archive.

The original was posted on /r/cybersecurity by /u/rached2023 on 2023-09-23 12:15:09+00:00.


Hello everyone,

I’m working on a project where I need to import data from OpenCTI connectors into Elasticsearch to create tasks. These tasks will be used for various purposes, including API development and data exchange with tools like Kibana.

Specifically, I’m looking for guidance on how to:

API Development: I want to expose a REST API endpoint (e.g., /threat-intelligence/query) that allows external tools to request specific threat intelligence data from the data stored in Elasticsearch. How can I achieve this integration with OpenCTI connectors and Elasticsearch?

Data Exchange: Additionally, I want to expose the data from my threat intelligence dashboard via a RESTful API endpoint (e.g., /threat-dashboard-data) so that external systems or security tools can retrieve the latest threat intelligence statistics. What’s the best approach for this?

I have already installed OpenCTI and ELK. Furthermore, I have successfully integrated the Elastic connector with OpenCTI.

I would appreciate any insights or recommendations on how to implement these features effectively. Thank you in advance for your help!