We use cookies to ensure our website operates correctly and to monitor visits to our site. This helps us to improve the way our website works, ensuring that users easily find what they are looking for. To allow us to keep doing this, click 'Accept All Cookies'. Alternatively, you can personalise your cookie settings.

Accept All Cookies Personalise settings


Reducing Installation Time for Open Source Threat Intelligence Platform, OpenCTI


OpenCTI, an open source Threat Intelligence platform, does not currently support a publically released native cloud deployment strategy that adheres to typical cloud principles. This slows down installations and reduces the flexibility, extensibility and usability of the platform for organisations, forcing them to create their own deployment strategy – a time consuming and costly process.

Backed by the likes of the French National Cyber Security Agency (ANSSI), OpenCTI allows for the creation, ingestion and dissemination of threat information regarding a threat actor’s current behaviours, ongoing campaigns against corporate entities and the monitoring of new malware, as well as vulnerabilities, of interest to us and our partners. Taken and analysed together, this data provides a “Threat Landscape” which can inform Cyber Defenders of current threats.

As part of our contributions, we are pleased to release an infrastructure as code (Terraform) deployment of OpenCTI into Amazon Web Services (AWS). This deployment will reduce installation overhead and, we hope, help to drive wider adoption and growth of this tool. The Terraform code can be found at https://github.com/QinetiQ-Cyber-Intelligence/OpenCTI-Terraform.

The platform allows for graphical visualisation along with the ability to perform correlation with other similar events. Content that is ingested from open source and paid threat feeds can be correlated with hand-curated work, providing an even more comprehensive view of threats faced.