Configuration Guide

Configuration

Configuration of MISP, TheHive, Cortex, FleetDM

MISP

Go to the interface MISP
Enter the login: "[email protected]"
Enter the password: "admin"

Enter a new password for MISP

After go to "Automation" and get the API Key.

TheHive

Follow the official documentation for create an organization and a API key for TheHive:
https://github.com/TheHive-Project/TheHiveDocs/blob/master/TheHive4/User/Quick-start.md
get the API Key.

Cortex

Follow the official documentation for create an organization and a API key for Cortex:
https://github.com/TheHive-Project/CortexDocs/blob/master/admin/quick-start.md
get the API Key.

Activation of S1EM's preconfigured analyzers

Go to Cortex Homepage:

Go to Organization:

Go to Analyzers :

Enter Yara and click on Enable:

Verify the path rules (it's preconfigured), and click on Save:

Enter Misp_2_1 and click on Enable:

Verify the API Key (it's preconfigured), and click on Save:

Enter OpenCTI_SearchObservables_2_0 and click on Enable:

Verify the API Key (it's preconfigured), and click on Save:

Go to Analyzers and verify analyzers actived:

Activation of other analyzers:

You can activate the analyzer VirusTotal, go to the Url : https://www.virustotal.com/gui/join-us

You can activate the analyzer OTX, go to the Url : https://otx.alienvault.com/

FleetDM

Go to the interface FleetDM.

For the first connection, you must configure FleetDM.
Enter Username , Password, and Email, and click on Next:

Enter Organization name , and click on Next:

Set Fleet Url and click on Submit:

Verify and click on Finish:

FleetDM is now configured:

Use Deploy_api_key.sh

once you have the API Key, to simplify the deployment. Use the script and enter the different API Keys.

bash 02_deploy_api_key.sh