BTPI-CTI | Scalable CTI Infrastructure

https://github.com/cmndcntrlcyber/btpi-cti

Blue Team Portable Infrastructure - Cyber Threat Intelligence

A Cyber Threat Intelligence and Threat Hunting flavor of the Blue Team Portable Infrastructure

Rapidly Deployable CTI Infrastructure

This project provides a comprehensive, ready-to-deploy Cyber Threat Intelligence (CTI) infrastructure using Docker containers.

It integrates multiple industry-standard tools to enable effective threat hunting, incident response, and threat intelligence operations via any cloud provider or delivered through dedicated hardware assets.

Components

GRR Rapid Response: Live forensics and incident response framework
TheHive: Security incident response platform
Cortex: Observable analysis engine
MISPmove : Threat intelligence platform
Kasm Workspaces: Browser isolation and virtual desktop environment
Portainer: Container management interface

Architecture

The architecture is designed to be modular and integrates all components within a common Docker network:

┌────────────────────────────────────────────────────────────────┐
│                        CTI Infrastructure                      │
│                                                                │
│  ┌──────────┐        ┌──────────┐        ┌──────────┐          │
│  │   GRR    │◄──────►│  TheHive │◄──────►│  Cortex  │          │
│  └──────────┘        └──────────┘        └──────────┘          │
│        ▲                   ▲                   ▲               │
│        │                   │                   │               │
│        │              ┌──────────┐             │               │
│        └──────────────┤   MISP   ├─────────────┘               │
│                       └──────────┘                             │
│                            ▲                                   │
│  ┌──────────┐              │              ┌──────────┐         │
│  │  Kasm    │◄─────────────┴──────────────┤Portainer │         │
│  │Workspaces│                             │          │         │
│  └──────────┘                             └──────────┘         │
│                                                                │
└────────────────────────────────────────────────────────────────┘

System Requirements

CPU: 4+ cores (8+ recommended for production use)