Foss

Lets Go Phishing

User awareness training, it matters, more than you think it does. These days security is everybody’s responsibility and not just those running your information security team. Defense in depth and technical controls are not foolproof and it only takes a single well crafted email and your organisation could be owned. People are the last line of defense so we need to train staff to adopt a critical mindset in the hostility of email.

Continue reading

Wrapup of Thehive Misp Cortex

This is the formal end of this series but I wanted to write a quick conclusion peice, so this post is a reflection about this 4 in 1 open source threat and incident response platform and the journey to get there. All the other posts in this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP

Continue reading

Upgrading Cortex

This is part 11 of the series about TheHive/MISP/Cortex and im covering off an upgrade of Cortex from 2.1.3 to 3.0.0. The other posts for this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex

Continue reading

Updating MISP

This is part 10 of this series. In this part I’m updating multiple minor versions of MISP. The other posts for this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex

Continue reading

Upgrading TheHive

This is part 9 where I begin to lifecycle manage TheHive/MISP/Cortex software stack. Previous posts in this series are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex Part VIII - Integrate MISP to TheHive

Continue reading

Integrate Misp to Thehive

This is part 8 of the Cortex build. In this part I’m integrating TheHive with MISP and it doesnt go as smooth as I would have liked, but I got some good troubleshooting done in the process which I’ve documented. This will allow us to post observables to MISP from TheHive and vice versa! Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive

Continue reading

Integrate TheHive and Cortex

This is part 7 of the TheHive/Cortex/MISP build. In this part I’m integrating TheHive with Cortex. This is where the real magic happens! Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex

Continue reading

Setup Reverse Proxy for Cortex

This is part 6 of the Cortex build. In this part I’ll add, configure and test out an analyser. Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex

Continue reading

Adding analysers to Cortex

This is part 5 of the Cortex build. In this part I’ll add, configure and test out an analysers. Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex

Continue reading

Building Cortex

This is part 4 of TheHive/Cortex/MISP build. In this part were standing up Cortex. Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex Part VIII - Integrate MISP to TheHive

Continue reading

Upgrading TheHive 3.2.1_1 to 3.4

Its upgrading time! Its been a while since ive visited TheHive and version 3.4.0 has been released. The astute reader will noticed that when I originally stood up my instance of TheHive I opted for version 3.3.1 and yes, that will be getting an upgrade, but the reason for this post is that this is a test run for the instance upgrade at work and thats what were using, so thats what im testing about.

Continue reading

Fail2ban Setup

Fail2Ban is a great piece of software to keep those who would try (and fail) to access your services. It’s easy to setup as well, and can be as complicated as you want. Firstly perform the install by using this command. This will perform the install and create a service so that when you reboot, fail2ban will automatically start. sudo apt install fail2ban The configuration I am going to be performing will be for sshd, however there are stacks of pre-configured jails that can be used, and if it doesn’t have a pre-canned option, if your app has a log file file, then it can be customised accordingly.

Continue reading