Skip to content

Collectors

Tips

If you want to learn more about the concept and features of collectors, you can have more info here.

Collectors list

You are looking for the available collectors? The list is in the OpenAEV Ecosystem.

Installing a collector

There are multiple ways to deploy a collector from OpenAEV:

  • Integration Manager (Recommended)
  • Docker deployment
  • Manual deployment

Info

All collectors require access to the OpenAEV API. See Configuration for required parameters.

The easiest way to deploy collectors is through the Integration Manager, which allows automatic deployment directly from the OpenAEV interface.

👉 See the Integration Manager documentation for detailed instructions.

Docker Deployment

Several options are available for Docker deployment:

Add a collector to your existing deployment

For instance, to enable the MITRE ATT&CK collector, you can add a new service to your docker-compose.yml file:

  collector-mitre-attack:
    image: openaev/collector-mitre-attack:1.0.0
    environment:
      - OPENAEV_URL=http://localhost
      - OPENAEV_TOKEN=ChangeMe
      - COLLECTOR_ID=ChangeMe
      - "COLLECTOR_NAME=MITRE ATT&CK"
      - COLLECTOR_LOG_LEVEL=error
    restart: always
Note: Collector images and available versions can be found on Docker Hub.

Launch a standalone collector

To launch a standalone collector, you can use the docker-compose.yml file of the collector itself. Just download the latest release and start the collector:

$ wget https://github.com/OpenAEV-Platform/collectors/archive/{RELEASE_VERSION}.zip
$ unzip {RELEASE_VERSION}.zip
$ cd collectors-{RELEASE_VERSION}/mitre-attack/

Change the configuration in the docker-compose.yml according to the parameters of the platform and of the targeted service. Then launch the collector:

$ docker compose up

Manual deployment

If you want to manually launch collector without docker, you just have to install Python 3 and pip3 for dependencies:

$ apt install python3 python3-pip

Download the release of the collectors:

$ wget <https://github.com/OpenAEV-Platform/collectors/archive/{RELEASE_VERSION}.zip>
$ unzip {RELEASE_VERSION}.zip
$ cd collectors-{RELEASE_VERSION}/mitre-attack/src/

Install dependencies and initialize the configuration:

$ pip3 install -r requirements.txt
$ cp config.yml.sample config.yml

Change the config.yml content according to the parameters of the platform and of the targeted service. For example :

openaev:
  url: 'http://localhost:3001'
  token: 'ChangeMe'

collector:
  id: 'ChangeMe'
  name: 'MITRE ATT&CK'
  log_level: 'info'

Finally : launch the collector:

$ python3 openaev_mitre.py

Configuration

All external collectors have to be able to access the OpenAEV API. To allow this connection, they have 2 mandatory configuration parameters, the OPENAEV_URL and the OPENAEV_TOKEN. In addition to these 2 parameters, collectors have other mandatory parameters that need to be set to make them work.

Collector tokens

You can use your administrator token or create another administrator service account to put in your collectors. It is not necessary to have one dedicated user for each collector.

Here is an example of a collector docker-compose.yml file: 

- OPENAEV_URL=http://localhost
- OPENAEV_TOKEN=ChangeMe
- COLLECTOR_ID=ChangeMe # Specify a valid UUIDv4 of your choice 
- "COLLECTOR_NAME=MITRE ATT&CK"
- COLLECTOR_LOG_LEVEL=error

Here is an example in a collector config.yml file:

openaev:
  url: 'http://localhost:3001'
  token: 'ChangeMe'

collector:
  id: 'ChangeMe'
  name: 'MITRE ATT&CK'
  log_level: 'info'

Collectors status

The collector status can be displayed in the dedicated section of the platform available in Integration > collectors. You will be able to see the statistics of the RabbitMQ queue of the collector:

collectors