This report documents the end‑to‑end process of deploying the OpenCTI threat intelligence platform on AWS using Docker and Docker Compose. The goal was to build a scalable, cloud‑based threat intelligence environment and integrate external intelligence sources such as AlienVault OTX.

Prerequisites & System Requirements

• AWS account (A free tier account is suitable)
• Ubuntu EC2 instance (Recommended type: m7i-flex.large)
• Minimum 8 GB RAM and 50 GB storage (highly recommended)
• Docker Engine and Docker Compose
• SSH client

AWS Environment Setup

Login to your AWS account via the console and create an Ubuntu Instance that meets the requirements above. Use an existing or create a new key pair for SSH access. Also create a security group allowing SSH (port 22). After the deployment, you can edit the inbound rules of the security group to allow TCP, Port 8080, My IP address, for OpenCTI web access, though SSH tunneling is preferred for security.

Ubuntu System Preparation & Docker Installation

Using the AWS CloudShell SSH into the newly created Ubuntu VM. Replace <KEYPAIR>, <PUBLIC IP> and the region (eu-west-1) in the code below.

ssh -i <KEYPAIR> ubuntu@ec2-<PUBLIC IP>.eu-west-1.compute.amazonaws.com

Next, the system packages were updated, and essential dependencies were installed to ensure a stable environment for Docker and OpenCTI services. Docker also installed. The following codes will fulfill this important step:

# Update packages and install dependencies
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings

# Add Docker’s official GPG signing key
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc

sudo chmod a+r /etc/apt/keyrings/docker.asc

# Adds Docker’s official download server (“repository”) to your system 
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Run the update again  
sudo apt-get update

Next, install docker compose. Docker compose is a tool for running multi-container apps defined in a YAML file. OpenCTI uses Docker Compose to start multiple services (databases, backend, frontend, etc.).

sudo apt install docker-compose

Install and Deploy OpenCTI

First, I created a directory called opencti then I navigated to it.

mkdir opencti
cd opencti

I cloned OpenCTI Docker repository into the opencti directory.

git clone https://github.com/OpenCTI-Platform/docker.git

This repository contains a directory called docker which contains the Docker Compose files and environment templates required to run OpenCTI. Navigate to the docker directory.

cd docker

The next action is to edit the environment configuration file. We first create a copy before editing.

# Long list all files in the directory including hidden files
ls -la

# Create a copy of the environment config file
cp .env.sample .env

Next, let’s edit the newly created .env file.

nano .env

We need to edit all the places written changeme. These places have been highlighted in the screenshot. These places require either a password or a UUIDv4 key.

You can use the same password (at least 8 characters recommended) at highlighted section 1–4.

Generate a UUIDv4 for highlighted sections 5 and 6.

Generate key here: https://www.uuidgenerator.net/version4

After generating the first key (for point 5), refresh and get the another key (for point 6).

Start Docker Service and Containers

With all that done, we can now start docker service:

sudo systemctl start docker.service

You can confirm if docker service is now running by:

sudo systemctl status docker.service

Start the containers:

sudo docker compose up -d

This starts all containers defined in the docker-compose.yml file for OpenCTI.

One of the challenge I faced was that when I ran sudo docker compose up -d is that I got an error as below:

I searched online for help, and saw that I just had to remove the old version of docker compose and install version 2. I did this with the next two codes:

# Remove docker version 1
sudo apt-get remove docker-compose

# Install docker version 2
sudo apt-get install docker-compose-plugin

Then rerun the code:

sudo docker compose up -d

The above code will pull all the required images and default connectors for OpenCTI. The default pulled items should be at least 18. You can confirm the number of items pulled by using the code below:

sudo docker images | wc -l

Access OpenCTI

You can now access OpenCTI in your browser through the public IP of your Ubuntu VM via Port 8080.

http://<EC2-Public-IP>:8080

You may need to open TCP port 8080 on the VM Security Group to allow web access by editing the inbound rules.

Important caution:
Opening to 0.0.0.0/0 means anyone on the internet can reach your public address and that port. Safer is restricting to your IP address.

Congratulations 🎉!!! You did it!

Default Login: admin@opencti.io
Password: Use the password you selected under the Install and Deploy OpenCTI section (when editing the .env file).

Conclusion

OpenCTI was successfully deployed on AWS, providing a functional cloud‑based threat intelligence platform capable of ingesting and analyzing external intelligence feeds. The deployment can be extended with additional connectors and security enhancements. Adding additional connectors will form the major part of my next article.

Thank you for reading through. I hope it helped.

Let’s Connect

LinkedIn

My Web Links

#infosec #cybersecurity #AWS #OpenCTI #Threatintelligence #AgriCyberJourney #networksecurity #AgriCyberGuy #BenMac.

Let’s just dive in! I am sure there are tons of information out there on the details of what to expect in the exam, so I won’t bother you with that!

Here are some of the resources that helped me pass the CompTIA Network+.

𝐅𝐮𝐥𝐥 𝐂𝐨𝐮𝐫𝐬𝐞𝐬:

The following are two YouTube links to full courses that covers the exam topics:

👉 Professor Messer free complete course: YouTube link

👉 Howtonetwork: The link

𝐎𝐭𝐡𝐞𝐫 𝐢𝐦𝐩𝐨𝐫𝐭𝐚𝐧𝐭 𝐜𝐨𝐮𝐫𝐬𝐞𝐬:

I also took two courses from Cisco Networking Academy:

👉 Networking Devices and Initial Configuration: Course link.

👉 Networking Basics: See Course.

After studying through the exam topics, it is important to practice, practice and practice before your exams:

𝐒𝐨𝐦𝐞 𝐩𝐫𝐚𝐜𝐭𝐢𝐜𝐞 𝐪𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬:

👉 DeanCyber: Link here.

👉 Andrew Ramdayal: See here.

👉 Vincent Humble: Link here.

𝐀𝐝𝐝𝐢𝐭𝐢𝐨𝐧𝐚𝐥 𝐏𝐃𝐅 𝐑𝐞𝐬𝐨𝐮𝐫𝐜𝐞𝐬:

For other resources, such as exam topics, cheat sheets, study guides and textbooks, see other PDF resources in my drive: Drive link.

I hope these resources help you ace your CompTIA Network+. Leave a comment and share with others.

Wish you all the best!

Benjamin Macartan

Let’s Connect

LinkedIn

My Web Links

#infosec #cybersecurity #CompTIA #AgriCyberJourney #networksecurity #network+ #AgriCyberGuy #BenMac.