How to fix OpenCTI Heat Map?

How to fix OpenCTI Heat Map?
Photo by Steve Johnson / Unsplash

If you self-host an OpenCTI instance via Docker (the recommendation), you may run into the situation where the heat-map suddenly does not work. In some instances, it probably had never worked depending on where you got your build instructions.

I'm probably on my 5th iteration and it has been running stable inside a Portainer instance for a few months now. The key to gaining the speed response compared to the office cloud implementation was me swapping-out my storage cluster from enterprise spinning disks to commercial Samsung EVO 870 SSD's. This had the additional benefit of lowering my monthly electrical bill from about half what it was when I started out with a 12-disk cluster powering my Proxmox VE 7.x hypervisor.

I found an older "bug" post in the OpenCTI Github page that mentioned this feature not running correctly:

Specifically, the fix for this non-bug is mentioned at:

When I was building my perfect deployment script, I mistakenly thought that the OpenCTI connector was to import data from another external instance. On closer inspection this connector actually serves to populate your instance with "self-data" ; how I wish they'd just named it as that :-)

With that knowledge, I then uncommented-out that section from the deployment script and updated the Portainer stack:

Monitoring the Data Connector section ingest the data showed incremental improvements:

By the time it fully imported everything, the map finally looked like this:

Voila! That's it.