/TheHIve-and-Cortex

Primary LanguageShell

The Hive and Cortex

This project was initiated to support a demonstration of Splunk SOAR integration with Cortex and TheHive.

I needed to build a minimal working stack with Cortex / TheHive to test some SOAR playbooks that will interact with the stack.

Steps

  • Launch Cortex:

     docker compose up -d elasticsearch cortex

  • Initialize the underlying DB by opening in a browser: http://localhost:9001

  • Update Database:

Cortex - Update DB

  • Create the initial superadmin user:

Cortex - Create admin

  • Login as superadmin:

Cortex - Initial Login

  • Select the "Users" tab:

Cortex - Select Users tab

  • Create the API key for the superadmin:

Cortex - Create API

  • Copy the API key to the clipboard

Cortex - Copy API to clipboard

  • Open a terminal and start the Cortex configuration:

    ./setup.sh <pasted API key>

  • Wait one minute ( theHive is starting up)

  • Login as superadmin ( admin / secret )

  • Check the Cortex integration ( should be green )

References

https://chinyati.medium.com/the-hive-cortex-through-docker-installation-e50cbadb6cb0 https://github.com/chinyati/Article-Resources