Required settings

The following settings must be set, as they have no default values. If you have followed the installation instructions, you should already have the necessary users, passwords and tokens ready.

All required settings are marked [Required] in the configuration reference.

Required settings

Env. var.

Setting name

Description

OPENCTI_URL

opencti.url

OpenCTI URL

OPENCTI_TOKEN

opencti.token

See create OpenCTI user

CONNECTOR_ID

connector.id

Any unique identifier, like a UUID

CONNECTOR_SCOPE

connector.scope

Which entities the connector should accept.

CONNECTOR_AUTO

connector.auto

Whether to run automatically or manually. See when to run.

WAZUH_OPENSEARCH_URL

opensearch.url

Wazuh OpenSearch URL (typically the app URL + :9200)

WAZUH_OPENSEARCH_USERNAME

opensearch.username

See create OpenSearch user

WAZUH_OPENSEARCH_PASSWORD

opensearch.password

See create OpenSearch user

WAZUH_APP_URL

url

Wazuh URL used to create links

WAZUH_MAX_TLP

max_tlp

The highest marking definition the connector should be entrusted

The following scopes are supported by the connector (read more in the alert search section):

  • Artifact

  • Directory

  • Domain-Name

  • Email-Addr

  • Hostname

  • IPv4-Addr

  • IPv6-Addr

  • Mac-Addr

  • Network-Traffic

  • Process

  • StixFile

  • Url

  • User-Account

  • User-Agent

  • Windows-Registry-Key

  • Windows-Registry-Value-Type

  • Vulnerability

  • Indicator