Skip to content

Configuration Guide

Jump to bottom
V1D1AN edited this page May 30, 2021 · 7 revisions

Configuration

Configuration of MISP, TheHive, Cortex

MISP

Go to the interface MISP
Enter the login: "[email protected]"
Enter the password: "admin"

Enter a new password for MISP

After go to "Automation" and get the API Key.

TheHive

Follow the official documentation for create an organization and a API key for TheHive:
https://github.com/TheHive-Project/TheHiveDocs/blob/master/TheHive4/User/Quick-start.md
get the API Key.

Cortex

Follow the official documentation for create an organization and a API key for Cortex:
https://github.com/TheHive-Project/CortexDocs/blob/master/admin/quick-start.md
get the API Key.

Activation of S1EM's preconfigured analyzers

Go to Cortex Homepage:

Cortex

Go to Organization:

Cortex2

Go to Analyzers :

Cortex3

Enter Yara and click on Enable:

Cortex4

Verify the path rules (it's preconfigured), and click on Save:

Cortex5

Enter Misp_2_1 and click on Enable:

Cortex6

Verify the API Key (it's preconfigured), and click on Save:

Cortex7

Enter OpenCTI_SearchObservables_2_0 and click on Enable:

Cortex8

Verify the API Key (it's preconfigured), and click on Save:

Cortex9

Go to Analyzers and verify analyzers actived:

Cortex10

Use Deploy_api_key.sh

once you have the API Key, to simplify the deployment. Use the script and enter the different API Keys.

bash 02_deploy_api_key.sh

s1em

Clone this wiki locally