This is a tunned version of OpenCTI preloaded with disinformation connectors and incidents datasets.
Currently, the DISARM Connector and the DISINFO connector are used to load some datasets found in the wild as STIX2 objects.
- Clone the repository and access the folder.
- Copy the
.env.examplefile and name it.env. - Edit all the changeme references in the
.envfile to your chosen values. - Deploy the docker-compose environment:
docker-compose up - Once the images are built and lauched, wait about 5-10 minutes for the system to start. If there is an exception on the DISINFO connector container, restart it and should work.
Loaded incidents can be analyzed under the Intrusion Sets section.