Thehive_misp_cortex

Making Thehive Soar With Microsoft Power Automate and Cortex

Security Orchestration and Automated Response (SOAR), its the natural evolution of where security teams are heading, and as our numbers in this space seems to never be enough, we look to SOAR tools to automate to free up our time to so we can spend it doing more productive things, like drinking coffee and threat hunting. Automation brings standard and repeatable processes which could just buy us that breathing space.

Continue reading

Releasing My First Responder for TheHive

Now that I’ve gone through a series on TheHive, I’ve started to expand on the capabilities of this DFIR platform by starting to write my own Responders. Responders are essentially a way to perform an enhancement action on a given case, alert or observable. The built in Responders from the Cortex GitHub repo include a responder that will email the case or alert details to you as well as responders that interface with CrowdStrike, QRadar, Umbrella and ZeroFox.

Continue reading

Wrapup of Thehive Misp Cortex

This is the formal end of this series but I wanted to write a quick conclusion peice, so this post is a reflection about this 4 in 1 open source threat and incident response platform and the journey to get there. All the other posts in this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP

Continue reading

Upgrading Cortex

This is part 11 of the series about TheHive/MISP/Cortex and im covering off an upgrade of Cortex from 2.1.3 to 3.0.0. The other posts for this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex

Continue reading

Updating MISP

This is part 10 of this series. In this part I’m updating multiple minor versions of MISP. The other posts for this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex

Continue reading

Upgrading TheHive

This is part 9 where I begin to lifecycle manage TheHive/MISP/Cortex software stack. Previous posts in this series are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex Part VIII - Integrate MISP to TheHive

Continue reading

Integrate Misp to Thehive

This is part 8 of the Cortex build. In this part I’m integrating TheHive with MISP and it doesnt go as smooth as I would have liked, but I got some good troubleshooting done in the process which I’ve documented. This will allow us to post observables to MISP from TheHive and vice versa! Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive

Continue reading

Integrate TheHive and Cortex

This is part 7 of the TheHive/Cortex/MISP build. In this part I’m integrating TheHive with Cortex. This is where the real magic happens! Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex

Continue reading

Setup Reverse Proxy for Cortex

This is part 6 of the Cortex build. In this part I’ll add, configure and test out an analyser. Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex

Continue reading

Adding analysers to Cortex

This is part 5 of the Cortex build. In this part I’ll add, configure and test out an analysers. Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex

Continue reading

Building Cortex

This is part 4 of TheHive/Cortex/MISP build. In this part were standing up Cortex. Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex Part VIII - Integrate MISP to TheHive

Continue reading

Upgrading TheHive 3.2.1_1 to 3.4

Its upgrading time! Its been a while since ive visited TheHive and version 3.4.0 has been released. The astute reader will noticed that when I originally stood up my instance of TheHive I opted for version 3.3.1 and yes, that will be getting an upgrade, but the reason for this post is that this is a test run for the instance upgrade at work and thats what were using, so thats what im testing about.

Continue reading