Skip to content

Interpres Application - OpenCTI

  • Type: SIEM/Data Lake
  • Vendor OpenCTI

Open CTI is a database of campaigns

Vendor setup

  1. Have a valid account and navigate to your dashboard. At the top right click on the Profile icon then > Profile. Scroll down to "API access". All that's required for access is the API Key that's shown.

    • Roles and permissions can be adjusted from the Settings tab on the left. So far it seems a "Default" role with the "Access knowledge" Capabilities should be enough. This is subject to testing and any additional functionality added lated on. As such, a unique "Interpres API Connector" user can be created with its unique API Key and assigned the role and permissions detailed above.

  2. Copy the link from the dashboard (only up through the hostname e.g. http://opencti.dev.security) and pass it in as the base url.

App Configuration

App Parameters:

  • Base URL: Base URL
  • API Key: API Key
  • proxy: Proxy Settings. Example: 'https://proxy.example.com:8443'. Optional.

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

  • Get Campaigns: Returns a list of campaigns.

  • Get Uploaded Campaigns: Returns a list of uploaded campaigns.