opencti

A Helm chart to deploy OpenCTI

Homepage:

Values

Key	Type	Default	Description
elasticsearch.allowMmap	bool	`true`	Explicitly set the usage of ES Memory Mapping settings to allow a better usage of virtual memory Ref: https://www.elastic.co/docs/deploy-manage/deploy/cloud-on-k8s/virtual-memory
elasticsearch.clusterName	string	`"elasticsearch"`	ES cluster name
elasticsearch.dataNodes.affinity	object	`{}`	Affinity for ES data nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
elasticsearch.dataNodes.javaOpts	string	`"-Xms2g -Xmx2g -Xlog:disable -Xlog:all=warning:stderr:utctime,level,tags -Xlog:gc=debug:stderr:utctime"`
elasticsearch.dataNodes.nodeSelector	object	`{}`	Node labels for ES data nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
elasticsearch.dataNodes.priorityClass	object	`{"enabled":false,"name":"default"}`	Configure the priority class for your ES data nodes Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
elasticsearch.dataNodes.priorityClass.enabled	bool	`false`	Enable or disable the priority class configuration
elasticsearch.dataNodes.priorityClass.name	string	`"default"`	Priority class name to apply on your ES data nodes
elasticsearch.dataNodes.replicas	int	`2`	Number of data node replicas
elasticsearch.dataNodes.resources	object	`{"limits":{"memory":"6Gi"},"requests":{"cpu":1,"memory":"4Gi"}}`	The resources limits and requests for ES data nodes Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
elasticsearch.dataNodes.storageClassName	string	`""`	Storage Class Name to use in your volumes
elasticsearch.dataNodes.storageSize	string	`"100Gi"`	Default size of your ES data nodes
elasticsearch.dataNodes.threadPoolSearchQueueSize	int	`5000`	Sets the default Queue Size for the Search thread pool. This is a value recommended by Filigran Ref: https://docs.opencti.io/latest/deployment/installation#configure-the-environment
elasticsearch.dataNodes.tolerations	list	`[]`	Tolerations for ES data nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
elasticsearch.disableDowngradeValidation	bool	`true`	Allows ECK to rollback to a previous version if performed an undesired upgrade
elasticsearch.enableXpackML	bool	`false`	Enable or disable the ML features built-in ES Ref: https://www.elastic.co/docs/reference/elasticsearch/configuration-reference/machine-learning-settings
elasticsearch.enabled	bool	`false`	Set to true to deploy your own Elastic instance. Be aware you need to install the CRDs beforehand.
elasticsearch.imagePullPolicy	string	`"IfNotPresent"`	Image pull policy
elasticsearch.imagePullSecrets	object	`{}`	Configure your secrets to pull from private registries. Make sure your secret exists beforehand Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
elasticsearch.kibana	object	`{"elasticsearchRequestTimeout":1800000,"enabled":true,"http":{"tls":{"selfSignedCertificate":{"disabled":true}}},"ingress":{"enabled":false},"name":"kibana","podTemplate":{},"serverSocketTimeout":1800000,"telemetryAllowChangingOptInStatus":false,"telemetryOptIn":false}`	Configuration block for Kibana instance
elasticsearch.kibana.elasticsearchRequestTimeout	int	`1800000`	Override the timeout value for ES requests
elasticsearch.kibana.enabled	bool	`true`	Enable or disable Kibana deployment
elasticsearch.kibana.http	object	`{"tls":{"selfSignedCertificate":{"disabled":true}}}`	Define the http configuration to expose Kibana Ref: https://www.elastic.co/docs/deploy-manage/security/k8s-https-settings
elasticsearch.kibana.ingress	object	`{"enabled":false}`	Ingress configuration to expose Kibana Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
elasticsearch.kibana.name	string	`"kibana"`	Set Kibana deployment name
elasticsearch.kibana.podTemplate	object	`{}`	Define the podTemplate properties for Kibana pods Ref: https://www.elastic.co/docs/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-advanced-configuration
elasticsearch.kibana.serverSocketTimeout	int	`1800000`	Override the timeout value for sockets in Kibana
elasticsearch.kibana.telemetryAllowChangingOptInStatus	bool	`false`	Override the telemetry allow opt-in status
elasticsearch.kibana.telemetryOptIn	bool	`false`	Override the telemetry opt-in boolean
elasticsearch.loggerDiscoveryLevel	string	`"ERROR"`	Sets the default log level for your ES instance Ref: https://www.elastic.co/docs/deploy-manage/monitor/logging-configuration/update-elasticsearch-logging-levels
elasticsearch.masterNodes.affinity	object	`{}`	Affinity for ES master nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
elasticsearch.masterNodes.javaOpts	string	`"-Xms500m -Xmx500m -Xlog:disable -Xlog:all=warning:stderr:utctime,level,tags -Xlog:gc=debug:stderr:utctime"`
elasticsearch.masterNodes.nodeSelector	object	`{}`	Node labels for ES master nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
elasticsearch.masterNodes.priorityClass	object	`{"enabled":false,"name":"default"}`	Configure the priority class for your ES master nodes Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
elasticsearch.masterNodes.priorityClass.enabled	bool	`false`	Enable or disable the priority class configuration
elasticsearch.masterNodes.priorityClass.name	string	`"default"`	Priority class name to apply on your ES master nodes
elasticsearch.masterNodes.replicas	int	`1`	Number of master nodes replicas (must be odd or 0)
elasticsearch.masterNodes.resources	object	`{"limits":{"memory":"4Gi"},"requests":{"cpu":0.5,"memory":"2Gi"}}`	The resources limits and requests for ES master nodes Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
elasticsearch.masterNodes.storageClassName	string	`""`	Storage Class Name to use in your volumes
elasticsearch.masterNodes.storageSize	string	`"10Gi"`	Default size of your ES master nodes
elasticsearch.masterNodes.tolerations	list	`[]`	Tolerations for ES master nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
elasticsearch.service	object	`{"name":"es-data-nodes","port":9200,"targetPort":9200}`	Configuration of the ES related Kubernetes Service
elasticsearch.service.name	string	`"es-data-nodes"`	ES data service name
elasticsearch.service.port	int	`9200`	ES data port
elasticsearch.service.targetPort	int	`9200`	ES data target port
elasticsearch.snapshots	object	`{"accessKey":"","clientName":"default","enableCustomClient":false,"secretKey":""}`	Setup a custom S3 client to use in a Snapshot Registry to perform backups Ref: https://www.elastic.co/docs/deploy-manage/tools/snapshot-and-restore/cloud-on-k8s#k8s-s3-compatible
elasticsearch.version	string	`"8.18.4"`	Version of ES to use
global	object	`{}`	Global section contains parameters applied across all resources
importDocumentAiWebservice	object	{"annotations":{},"enabled":false,"env":{},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"filigran/import-document-ai-webservice","version":"latest"},"imagePullSecrets":{},"ingress":{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"import-document-ai-webservice.local","paths":[{"path":"/","pathType":"Prefix"}]}],"labels":{},"path":"/","pathType":"Prefix","tls":[]},"labels":{"app":"import-document-ai-webservice"},"livenessProbe":{"failureThreshold":3,"httpGet":{"path":"/health","port":8000},"initialDelaySeconds":30,"periodSeconds":10},"name":"import-document-ai-webservice","nodeSelector":{},"podAnnotations":{},"podLabels":{"app":"import-document-ai-webservice"},"priorityClass":null,"readinessProbe":{"failureThreshold":10,"initialDelaySeconds":10,"periodSeconds":5,"successThreshold":1,"tcpSocket":{"port":8000}},"resources":{"limits":{"cpu":"2","memory":"16Gi"},"requests":{"cpu":"1","memory":"4Gi"}},"service":{"port":80,"targetPort":8000,"type":"ClusterIP"},"tolerations":[]}	Configuration of the AI import document Webservice Ref: https://docs.opencti.io/latest/deployment/ai-import-document/
importDocumentAiWebservice.annotations	object	`{}`	The annotations configured for the deployment itself
importDocumentAiWebservice.imagePullSecrets	object	`{}`	Configure your secrets to pull from private registries. Make sure your secret exists beforehand Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
importDocumentAiWebservice.nodeSelector	object	`{}`	Node labels for import-document-ai-webservice pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
importDocumentAiWebservice.podAnnotations	object	`{}`	The annotations configured on the import-document-ai-webservice pods
importDocumentAiWebservice.podLabels	object	`{"app":"import-document-ai-webservice"}`	The labels configured on the import-document-ai-webservice pods
importDocumentAiWebservice.priorityClass	string	`nil`	Configure the priority class for your import-document-ai-webservice containers Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
importDocumentAiWebservice.tolerations	list	`[]`	Tolerations for import-document-ai-webservice pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
minio.buckets	list	`[]`	Array of objects describing one or more buckets to create during tenant provisioning.
minio.certificate	object	`{"certConfig":"","externalCaCertSecret":[],"externalCertSecret":[],"requestAutoCert":false}`	Manage MinIO certificate configuration Ref: https://github.com/minio/operator/blob/master/helm/tenant/values.yaml#L245
minio.certificate.certConfig	string	`""`	Configuration of your custom certificate Ref: https://docs.min.io/community/minio-object-store/operations/network-encryption/enable-minio-tls.html#procedure
minio.certificate.externalCaCertSecret	list	`[]`	List of secrets to use for your external cert authority
minio.certificate.externalCertSecret	list	`[]`	List of secrets to use for your external cert clients
minio.certificate.requestAutoCert	bool	`false`	Enable or disable automatic TLS configuration in your tenant
minio.enabled	bool	`false`	Set to true to deploy your own MinIO instance
minio.env	list	`[]`	Array of environment variables that you want to add to your MinIO containers
minio.exposeServices	object	`{}`	Tells the operator to expose the S3 API or Console services as LB objects
minio.features	object	`{"bucketDNS":false,"domains":"","enableSFTP":false}`	Configure MinIO features for your tenant Ref: https://docs.min.io/community/minio-object-store/reference/operator-crd.html#features
minio.image	string	`"quay.io/minio/minio:RELEASE.2025-05-24T17-08-30Z"`	Reference of your Redis image
minio.imagePullPolicy	string	`"IfNotPresent"`	Image pull policy
minio.imagePullSecrets	object	`{}`	Configure your secrets to pull from private registries. Make sure your secret exists beforehand Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
minio.ingress	object	`{"enabled":false}`	Ingress configuration to expose MinIO Web Console Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
minio.liveness	object	`{}`	Liveness probe configuration
minio.logging	object	`{"anonymous":true,"json":true,"quiet":true}`	Configure pod logging in your tenant
minio.logging.anonymous	bool	`true`	Anonymized logs
minio.logging.json	bool	`true`	JSON Formatted logs
minio.logging.quiet	bool	`true`	Supress logging
minio.podManagementPolicy	string	`"Parallel"`	Can be "OrderedReady" or "Parallel" Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podmanagementpolicytype-v1-apps
minio.priorityClass	object	`{"enabled":false,"name":"default"}`	Configure the priority class for your MinIO containers Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
minio.priorityClass.enabled	bool	`false`	Enable or disable the priority class configuration
minio.priorityClass.name	string	`"default"`	Priority class name to apply on your MinIO containers
minio.prometheusOperator	bool	`false`	Enable or disable the tenant"s metrics scrape config
minio.readiness	object	`{}`	Readiness probe configuration
minio.serviceAccountName	string	`""`	Service account to associate with your MinIO tenant resources
minio.serviceMetadata	object	`{}`	Define additional labels or annotations to the MinIO services (Console and API endpoint)
minio.standardClass	int	`1`	Value referenced in the MinIO secret object. It helps define the Default Parity setting in your tenant Ref: https://docs.min.io/community/minio-object-store/reference/minio-server/settings/storage-class.html#envvar.MINIO_STORAGE_CLASS_STANDARD
minio.standardPool	object	`{"enableHostAffinity":false,"nodeSelector":{},"resources":{"limits":{"cpu":"2","memory":"2Gi"},"requests":{"cpu":"1","memory":"1Gi"}},"serversCount":4,"storageClassName":"","storageSize":"10Gi","tolerations":[]}`	Configuration of the default MinIO Tenant for OpenCTI
minio.standardPool.enableHostAffinity	bool	`false`	Enable or disable the default affinity rule. preferredDuringSchedulingIgnoredDuringExecution based on kubernetes.io/hostname
minio.standardPool.nodeSelector	object	`{}`	Node labels for MinIO pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
minio.standardPool.resources	object	`{"limits":{"cpu":"2","memory":"2Gi"},"requests":{"cpu":"1","memory":"1Gi"}}`	The resources limits and requests for your MinIO containers Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
minio.standardPool.storageClassName	string	`""`	Storage Class Name to use in your volumes
minio.standardPool.storageSize	string	`"10Gi"`	Default size of MinIO data node
minio.standardPool.tolerations	list	`[]`	Tolerations for MinIO pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
minio.startup	object	`{}`	Startup probe configuration
minio.users	list	`[]`	Pre-configured users as a list of Kubernetes secrets. Each secret should specify the `CONSOLE_ACCESS_KEY` and `CONSOLE_SECRET_KEY` as the access key and secret key for that user.
opencti.connector.commonEnv	object	`{"CONNECTOR_LOG_LEVEL":"info","OPENCTI_URL":"http://opencti-ingest:80"}`	Environment variables deployed accross all connectors
opencti.connector.connectors	list	[{"annotations":{},"enabled":false,"env":{"CONFIG_GEOGRAPHY_FILE_URL":"https://raw.githubusercontent.com/OpenCTI-Platform/datasets/master/data/geography.json","CONFIG_INTERVAL":"15","CONFIG_SECTORS_FILE_URL":"https://raw.githubusercontent.com/OpenCTI-Platform/datasets/master/data/sectors.json","CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"OpenCTI Datasets","CONNECTOR_SCOPE":"marking-definition,identity,location","CONNECTOR_TYPE":"EXTERNAL_IMPORT","CONNECTOR_UPDATE_EXISTING_DATA":"true","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-opencti"},"labels":{},"name":"opencti","podLabels":{"app":"opencti-connector-opencti"},"replicaCount":1},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportFileCsv","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-file-csv"},"labels":{},"name":"export-file-csv","podLabels":{"app":"opencti-connector-export-file-csv"}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportFileStix2","CONNECTOR_SCOPE":"application/vnd.oasis.stix+json","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-file-stix"},"labels":{},"name":"export-file-stix","podLabels":{"app":"opencti-connector-export-file-stix"}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportReportPdf","CONNECTOR_SCOPE":"application/pdf","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_1":"Example Name","EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_2":"123 Main Street","EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_3":"Miami, FL 33101 USA","EXPORT_REPORT_PDF_COMPANY_EMAIL":"intelligence_reports@example.com","EXPORT_REPORT_PDF_COMPANY_PHONE_NUMBER":"888.888.8888","EXPORT_REPORT_PDF_COMPANY_WEBSITE":"https://example.com","EXPORT_REPORT_PDF_DEFANG_URLS":"false","EXPORT_REPORT_PDF_INDICATORS_ONLY":"false","EXPORT_REPORT_PDF_PRIMARY_COLOR":"#ff8c00","EXPORT_REPORT_PDF_SECONDARY_COLOR":"#000000","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-report-pdf"},"labels":{},"name":"export-report-pdf","podLabels":{"app":"opencti-connector-export-report-pdf"}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportFileTxt","CONNECTOR_SCOPE":"text/plain","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-file-txt"},"labels":{},"name":"export-file-txt","podLabels":{"app":"opencti-connector-export-file-txt"}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportTTPsFileNavigator","CONNECTOR_SCOPE":"application/vnd.mitre.navigator+json","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-ttps-file-navigator"},"labels":{},"name":"export-ttps-file-navigator"},{"annotations":{},"enabled":false,"env":{"CONNECTOR_AUTO":"false","CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ImportDocument","CONNECTOR_SCOPE":"application/pdf,text/plain,text/html,text/markdown","CONNECTOR_TYPE":"INTERNAL_IMPORT_FILE","CONNECTOR_VALIDATE_BEFORE_IMPORT":"true","CONNECTOR_WEB_SERVICE_URL":"https://importdoc.ariane.filigran.io","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-import-document"},"labels":{},"name":"import-document","resources":{"limits":{"memory":"4Gi"}}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_AUTO":"false","CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ImportFileStix","CONNECTOR_SCOPE":"application/json,text/xml,application/xml","CONNECTOR_TYPE":"INTERNAL_IMPORT_FILE","CONNECTOR_VALIDATE_BEFORE_IMPORT":"true","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-import-file-stix"},"labels":{},"name":"import-file-stix"},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ImportFileMISP","CONNECTOR_SCOPE":"application/json","CONNECTOR_TYPE":"INTERNAL_IMPORT_FILE","MISP_IMPORT_FILE_AUTHOR_FROM_TAGS":"false","MISP_IMPORT_FILE_CREATE_INDICATORS":"true","MISP_IMPORT_FILE_CREATE_OBJECT_OBSERVABLES":"true","MISP_IMPORT_FILE_CREATE_OBSERVABLES":"true","MISP_IMPORT_FILE_CREATE_REPORTS":"true","MISP_IMPORT_FILE_CREATE_TAGS_AS_LABELS":"true","MISP_IMPORT_FILE_GUESS_THREAT_FROM_TAGS":"true","MISP_IMPORT_FILE_IMPORT_TO_IDS_NO_SCORE":"40","MISP_IMPORT_FILE_IMPORT_UNSUPPORTED_OBSERVABLES_AS_TEXT":"false","MISP_IMPORT_FILE_IMPORT_UNSUPPORTED_OBSERVABLES_AS_TEXT_TRANSPARENT":"true","MISP_IMPORT_FILE_IMPORT_WITH_ATTACHMENTS":"true","MISP_IMPORT_FILE_REPORT_TYPE":"misp-event","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-import-file-misp"},"labels":{},"name":"import-file-misp"},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ImportFileYARA","CONNECTOR_SCOPE":"text/yara+plain","CONNECTOR_TYPE":"INTERNAL_IMPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-import-file-yara"},"labels":{},"name":"import-file-yara"}]	Connectors configuration for your OpenCTI platform Ref: https://docs.opencti.io/latest/deployment/connectors Ref: https://github.com/OpenCTI-Platform/connectors
opencti.env	object	{"APP__ADMIN__EMAIL":"admin@opencti.io","APP__ADMIN__PASSWORD":"ChangeMe","APP__ADMIN__TOKEN":"ChangeMe","APP__BASE_PATH":"/","APP__BASE_URL":"ChangeMe","APP__CHILD_LOCKING_PROCESS__ENABLED":true,"APP__GRAPHQL__PLAYGROUND__ENABLED":false,"APP__GRAPHQL__PLAYGROUND__FORCE_DISABLED_INTROSPECTION":false,"APP__HEALTH_ACCESS_KEY":"ChangeMe","APP__TELEMETRY__METRICS__ENABLED":false,"ELASTICSEARCH__URL":"https://elasticsearch:9200","MINIO__ENDPOINT":"minio","MINIO__PORT":80,"NODE_OPTIONS":"--max-old-space-size=8192","PROVIDERS__LOCAL__STRATEGY":"LocalStrategy","RABBITMQ__HOSTNAME":"rabbitmq","RABBITMQ__PORT":5672,"RABBITMQ__PORT_MANAGEMENT":15672,"REDIS__HOSTNAME":"redis","REDIS__MODE":"single","REDIS__PORT":6379}	Environment variables to configure OpenCTI Applied to both Front and Ingesters deployments. Ref: https://docs.opencti.io/latest/deployment/configuration/#platform
opencti.envFromSecrets	object	`{}`	Environment variables sets from secrets
opencti.front.affinity	object	`{}`	Affinity for OpenCTI server pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
opencti.front.dnsConfig	object	`{}`	DNS configuration for OpenCTI server pods Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
opencti.front.dnsPolicy	string	`"ClusterFirst"`	DNS policy for OpenCTI server pods Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
opencti.front.env	object	{"ACTIVITY_MANAGER__ENABLED":"false","CONNECTOR_MANAGER__ENABLED":"false","EXPIRATION_SCHEDULER__ENABLED":"false","FILE_INDEX_MANAGER__ENABLED":"false","GARBAGE_COLLECTION_MANAGER__ENABLED":"false","HISTORY_MANAGER__ENABLED":"false","HUB_REGISTRATION_MANAGER__ENABLED":"false","INDICATOR_DECAY_MANAGER__ENABLED":"false","INGESTION_MANAGER__ENABLED":"false","NOTIFICATION_MANAGER__ENABLED":"false","PIR_MANAGER__ENABLED":"false","PLAYBOOK_MANAGER__ENABLED":"false","PROVIDERS__SAML__CONFIG__WANT_AUTHN_RESPONSE_SIGNED":"false","PUBLISHER_MANAGER__ENABLED":"false","RETENTION_MANAGER__ENABLED":"false","RULE_ENGINE__ENABLED":"false","SYNC_MANAGER__ENABLED":"false","TASK_SCHEDULER__ENABLED":"false"}	Platform dedicated env vars By default all managers are disabled
opencti.front.ingress	object	`{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}`	Ingress configuration to expose OpenCTI Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
opencti.front.livenessProbe	object	`{"enabled":false}`	Configure liveness checker for OpenCTI container Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
opencti.front.nodeSelector	object	`{}`	Node labels for OpenCTI server pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
opencti.front.podAnnotations	object	`{}`	The annotations configured on OpenCTI server pods
opencti.front.podLabels	object	`{"app.kubernetes.io/component":"opencti-front","app.kubernetes.io/name":"opencti"}`	The labels configured on OpenCTI server pods
opencti.front.podSecurityContext	object	`{}`	Defines privilege and access control settings for OpenCTI server pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
opencti.front.readinessProbe	object	`{"enabled":false}`	Configure readinessProbe checker for OpenCTI container Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
opencti.front.replicaCount	int	`1`	Number of OpenCTI servers
opencti.front.resources	object	`{}`	The resources limits and requested for OpenCTI container Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
opencti.front.securityContext	object	`{}`	Defines privilege and access control settings for OpenCTI containers Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
opencti.front.service	object	`{"port":80,"targetPort":4000,"type":"ClusterIP"}`	Kubernetes service to expose OpenCTI server pods Ref: https://kubernetes.io/docs/concepts/services-networking/service/
opencti.front.terminationGracePeriodSeconds	int	`30`	Configure OpenCTI server pods termination grace period Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
opencti.front.tolerations	list	`[]`	Tolerations for OpenCTI server pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
opencti.front.topologySpreadConstraints	list	`[]`	Control how OpenCTI server pods are spread across your cluster Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints
opencti.image	object	`{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/platform"}`	Image configuration for the OpenCTI server
opencti.image.pullPolicy	string	`"IfNotPresent"`	Overrides the image tag whose default is the opencti version tag: ""
opencti.ingest.affinity	object	`{}`	Affinity for OpenCTI ingest server assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
opencti.ingest.dnsConfig	object	`{}`	DNS configuration for OpenCTI ingest pods Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
opencti.ingest.dnsPolicy	string	`"ClusterFirst"`	DNS policy for OpenCTI ingest pods Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
opencti.ingest.livenessProbe	object	`{"enabled":false}`	Configure liveness checker for OpenCTI container Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
opencti.ingest.nodeSelector	object	`{}`	Node labels for OpenCTI ingest pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
opencti.ingest.podAnnotations	object	`{}`	The annotations configured on OpenCTI ingest server pods
opencti.ingest.podLabels	object	`{"app.kubernetes.io/component":"opencti-ingest","app.kubernetes.io/name":"opencti"}`	The labels configured on OpenCTI ingest pods
opencti.ingest.podSecurityContext	object	`{}`	Defines privilege and access control settings for OpenCTI ingest pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
opencti.ingest.readinessProbe	object	`{"enabled":false}`	Configure readinessProbe checker for OpenCTI container Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
opencti.ingest.replicaCount	int	`3`	Number of OpenCTI ingest servers
opencti.ingest.resources	object	`{}`	The resources limits and requested for OpenCTI container Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
opencti.ingest.securityContext	object	`{}`	Defines privilege and access control settings for OpenCTI containers Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
opencti.ingest.service	object	`{"port":80,"targetPort":4000,"type":"ClusterIP"}`	Kubernetes service to expose OpenCTI ingest pods Ref: https://kubernetes.io/docs/concepts/services-networking/service/
opencti.ingest.terminationGracePeriodSeconds	int	`30`	Configure OpenCTI ingest pods termination grace period Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
opencti.ingest.tolerations	list	`[]`	Tolerations for OpenCTI ingest pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
opencti.ingest.topologySpreadConstraints	list	`[]`	Control how OpenCTI ingest pods are spread across your cluster Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints
opencti.version	string	`"6.8.13"`	The version of OpenCTI to deploy
opencti.worker.affinity	object	`{}`	Affinity for OpenCTI worker server assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
opencti.worker.dnsConfig	object	`{}`	DNS configuration for OpenCTI worker pods Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
opencti.worker.dnsPolicy	string	`"ClusterFirst"`	DNS policy for OpenCTI worker pods Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
opencti.worker.env	object	`{"OPENCTI_TOKEN":"ChangeMe","OPENCTI_URL":"http://opencti-ingest:80","WORKER_LOG_LEVEL":"info"}`	Environment variables to configure OpenCTI workers Ref: https://docs.opencti.io/latest/deployment/configuration/#worker-and-connector
opencti.worker.envFromSecrets	object	`{}`	Environment variables sets from secrets
opencti.worker.image	object	`{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/worker"}`	Image configuration for the OpenCTI server
opencti.worker.nodeSelector	object	`{}`	Node labels for OpenCTI worker pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
opencti.worker.podAnnotations	object	`{}`	The annotations configured on OpenCTI worker server pods
opencti.worker.podLabels	object	`{"app.kubernetes.io/component":"opencti-worker","app.kubernetes.io/name":"opencti"}`	The labels configured on OpenCTI worker pods
opencti.worker.podSecurityContext	object	`{}`	Defines privilege and access control settings for OpenCTI worker pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
opencti.worker.replicaCount	int	`3`	Number of OpenCTI worker servers
opencti.worker.resources	object	`{}`	The resources limits and requested for OpenCTI container Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
opencti.worker.securityContext	object	`{}`	Defines privilege and access control settings for OpenCTI containers Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
opencti.worker.terminationGracePeriodSeconds	int	`30`	Configure OpenCTI worker pods termination grace period Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
opencti.worker.tolerations	list	`[]`	Tolerations for OpenCTI worker pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
opencti.worker.topologySpreadConstraints	list	`[]`	Control how OpenCTI worker pods are spread across your cluster Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints
rabbitmq.additionalConfig	string	`"disk_free_limit.absolute = 500Mi\nmax_message_size = 536870912\nmanagement.disable_stats = false\ncollect_statistics_interval = 10000\nlog.console.level = error\nmanagement_agent.disable_metrics_collector = false\n"`	Additional config that will be passed down to set up your RabbitMQ cluster Ref: https://www.rabbitmq.com/kubernetes/operator/using-operator#additional-config
rabbitmq.additionalPlugins	list	`["rabbitmq_management"]`	Additional plugins to be enabled in your RabbitMQ cluster Ref: https://www.rabbitmq.com/kubernetes/operator/using-operator#additional-plugins
rabbitmq.affinity	object	`{}`	Affinity for RabbitMQ nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
rabbitmq.enabled	bool	`false`	Set to true to deploy your own RabbitMQ instance. Be aware you need to install the CRDs beforehand
rabbitmq.image	string	`"docker.io/rabbitmq:4.1.4"`	Reference of your RabbitMQ image
rabbitmq.imagePullSecrets	object	`{}`	Configure your secrets to pull from private registries. Make sure your secret exists beforehand Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
rabbitmq.ingress	object	`{"enabled":false}`	Ingress configuration to expose RabbitMQ Management endpoint Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
rabbitmq.nodeSelector	object	`{}`	Node labels for RabbitMQ pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
rabbitmq.override	object	`{}`	Override the default for RabbitMQ resources (services, sts...) Ref: https://www.rabbitmq.com/kubernetes/operator/using-operator#override
rabbitmq.priorityClass	object	`{"enabled":false,"name":"default"}`	Configure the priority class for your RabbitMQ containers Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
rabbitmq.priorityClass.enabled	bool	`false`	Enable or disable the priority class configuration
rabbitmq.priorityClass.name	string	`"default"`	Priority class name to apply on your RabbitMQ containers
rabbitmq.replicas	int	`1`	Number of replicas in your RabbitMQ cluster
rabbitmq.resources	object	`{}`	The resources limits and requests for your RabbitMQ containers Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
rabbitmq.storageClassName	string	`""`	Storage Class Name to use in your volumes
rabbitmq.storageSize	string	`"5Gi"`	Default size of your RabbitMQ nodes
rabbitmq.tolerations	list	`[]`	Tolerations for RabbitMQ pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
redis.affinity	object	`{}`	Affinity for Redis nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
redis.enableSecurityContext	bool	`false`	Enable the security context option for your Redis containers Default: false
redis.enabled	bool	`false`	Set to true to deploy your own Redis instance
redis.image	string	`"docker.io/redis:8.0.4"`	Reference of your Redis image
redis.imagePullPolicy	string	`"IfNotPresent"`	Image pull policy
redis.imagePullSecrets	object	`{}`	Configure your secrets to pull from private registries. Make sure your secret exists beforehand Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
redis.mode	string	`"standalone"`	Choose the mode you want to deploy in, options are: standalone (a single Redis node) sentinel (highly available Redis mode with sentinels and replications nodes) More info: https://redis.io/docs/latest/operate/oss_and_stack/management/sentinel/
redis.nodeSelector	object	`{}`	Node labels for Redis pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
redis.priorityClass	object	`{"enabled":false,"name":"default"}`	Configure the priority class for your Redis containers Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
redis.priorityClass.enabled	bool	`false`	Enable or disable the priority class configuration
redis.priorityClass.name	string	`"default"`	Priority class name to apply on your Redis containers
redis.resources	object	`{"limits":{"cpu":"2","memory":"2Gi"},"requests":{"cpu":"1","memory":"1Gi"}}`	The resources limits and requests for your Redis DATA containers Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
redis.securityContext	object	`{"fsGroup":1000,"runAsGroup":1000,"runAsUser":1000}`	Security context config for your Redis containers
redis.sentinel	object	`{"replicationReplicas":2,"resources":{"limits":{"cpu":"1","memory":"1Gi"},"requests":{"cpu":"1","memory":"1Gi"}},"sentinelReplicas":3}`	Sentinel mode dedicated configuration
redis.sentinel.replicationReplicas	int	`2`	Number of Redis Replication replicas
redis.sentinel.resources	object	`{"limits":{"cpu":"1","memory":"1Gi"},"requests":{"cpu":"1","memory":"1Gi"}}`	The resources limits and requests for your Redis SENTINEL containers Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
redis.sentinel.sentinelReplicas	int	`3`	Number of Sentinel replicas
redis.storageClassName	string	`""`	Storage Class Name to use in your volumes
redis.storageSize	string	`"4Gi"`	Default size of your Redis nodes. Should at least be the double of the RAM allocated to allow rdb dumps.
redis.tolerations	list	`[]`	Tolerations for Redis pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
xtmComposer	object	{"affinity":{},"annotations":{},"baseDeployment":{"metadata":{"labels":{"app.kubernetes.io/deployed-by":"xtm-composer","app.kubernetes.io/part-of":"opencti"},"name":"name"},"spec":{"template":{"metadata":{"labels":{"app.kubernetes.io/component":"opencti-connector","app.kubernetes.io/deployed-by":"xtm-composer"}}}}},"containerSecurityContext":{},"enabled":false,"env":{"MANAGER__LOGGER__LEVEL":"error"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"filigran/xtm-composer","version":"1.0.0"},"imagePullSecrets":{},"labels":{"app":"xtm-composer"},"managerUUID":"c0mp0s3r-f1l1-gr4n-00io-000000000001","nodeSelector":{},"podAnnotations":{},"podLabels":{"app":"xtm-composer"},"podSecurityContext":{},"rsaKeyFileName":"private_key.pem","tolerations":[],"topologySpreadConstraints":[]}	Configuration of the XTM Composer component Ref: https://github.com/FiligranHQ/xtm-composer
xtmComposer.affinity	object	`{}`	Affinity composer pods server assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
xtmComposer.annotations	object	`{}`	The annotations configured for the deployment itself
xtmComposer.baseDeployment	object	`{"metadata":{"labels":{"app.kubernetes.io/deployed-by":"xtm-composer","app.kubernetes.io/part-of":"opencti"},"name":"name"},"spec":{"template":{"metadata":{"labels":{"app.kubernetes.io/component":"opencti-connector","app.kubernetes.io/deployed-by":"xtm-composer"}}}}}`	Base YAML definition of the deployments that will be spawned for each connector Must respect the Kubernetes deployment definition : https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#writing-a-deployment-spec
xtmComposer.containerSecurityContext	object	`{}`	Defines privilege and access control settings for the composer pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
xtmComposer.env	object	`{"MANAGER__LOGGER__LEVEL":"error"}`	Environment variables to be passed to the manager
xtmComposer.image	object	`{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"filigran/xtm-composer","version":"1.0.0"}`	Image configuration for the XTM Composer
xtmComposer.imagePullSecrets	object	`{}`	Configure your secrets to pull from private registries. Make sure your secret exists beforehand Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
xtmComposer.labels	object	`{"app":"xtm-composer"}`	The labels configured for the deployment itself
xtmComposer.managerUUID	string	`"c0mp0s3r-f1l1-gr4n-00io-000000000001"`	Default UUID for the Manager deployment
xtmComposer.nodeSelector	object	`{}`	Node labels for composer pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
xtmComposer.podAnnotations	object	`{}`	The annotations configured on the composer pods
xtmComposer.podLabels	object	`{"app":"xtm-composer"}`	The labels configured on the composer pods
xtmComposer.podSecurityContext	object	`{}`	Defines privilege and access control settings for the composer pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
xtmComposer.tolerations	list	`[]`	Tolerations for composer pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
xtmComposer.topologySpreadConstraints	list	`[]`	Control how the composer pods are spread across your cluster Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints

Autogenerated from chart metadata using helm-docs v1.14.2