update_doc_thehive_cortex

SEKOIA-IO · Sep 20, 2023 · 5d7fa2c · 5d7fa2c
1 parent df3c1af
commit 5d7fa2c
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 26 deletions.
diff --git a/_shared_content/intelligence_center/integrations/thehive.md b/_shared_content/intelligence_center/integrations/thehive.md
@@ -26,50 +26,56 @@ Collect Sekoia.io CTI feed in an existing Cortex instance self-managed, for any
 
 #### 1- Setup the Analyzer configuration
 
-1- Select your _Organization_ on the top right corner
+   1- Select your _Organization_ on the top right corner
 ![Orga_setup_1](/assets/intelligence_center/orga_setup_1.png){: style="width: 100%; max-width: 100%"}
 
-2- Go to _Analyzers Config_ tab and Search `SekoiaIntelligenceCenter`
+   2- Go to _Analyzers Config_ tab and Search `SekoiaIntelligenceCenter`
 ![Orga_setup_2](/assets/intelligence_center/orga_setup_2.png){: style="width: 100%; max-width: 100%"}
 
-3- Edit and Add your Sekoia API key and Base url
+   3- Edit and Add your Sekoia API key and Base url
 ![Orga_setup_3](/assets/intelligence_center/orga_setup_3.png){: style="width: 100%; max-width: 100%"}
 
 #### 2- Enable and Setup the Analyzer
 
-1- Go to _Analyzers_ tab and Search `SekoiaIntelligenceCenter`
+The configuration setup in the previous section  will provide 3 Analyzers to enable and setup :
+- SEKOIAIntelligenceCenter_Context_1_0
+- SEKOIAIntelligenceCenter_Indicators_1_0 
+- SEKOIAIntelligenceCenter_Observables_1_0
+
+Here is below one example of setup to be done for the 3 analyzers:
+
+   1- Go to _Analyzers_ tab and Search `SekoiaIntelligenceCenter`
 ![Analyzer_ config_1](/assets/intelligence_center/analyzer_config_1.png){: style="width: 100%; max-width: 100%"}
 
-2- Edit and Add your Sekoia API key and Base url
+   2- Edit and Add your Sekoia API key and Base url
 ![Analyzer_ config_2](/assets/intelligence_center/analyzer_config_2.png){: style="width: 100%; max-width: 100%"}
 
-#### 3- Check Sekoia intelligence
 
-1- Go to job page
-
-2- Select `SekoiaIntelligenceCenter` in _Analyzers_
-![job_1](/assets/intelligence_center/job_1.png){: style="width: 100%; max-width: 100%"}
+## 3. Sekoia intelligence in TheHive Cortex
 
-3- Click on `view` to see details of the job
-![job_2](/assets/intelligence_center/job_2.png){: style="width: 100%; max-width: 100%"}
+Here is an example on how to retrieve Sekoia feed on the 3 analyzers (and the match on Sekoia intelligence)
 
-## 3. Sekoia intelligence in TheHive Cortex
+|Analyzers|Cortex|Sekoia.io|
+|--|--|--|
+|SEKOIAIntelligenceCenter_Context_1_0|context of an observable|Indicator side details (Related threats, Linked Observables, Latest reports, Indicator types,Kill chain)|
+|SEKOIAIntelligenceCenter_Indicators_1_0 |indicators|Indicators under objects tab (details)|
+|SEKOIAIntelligenceCenter_Observables_1_0|known observables|Observable under observable tab|
 
-Here is an example on how to retrieve Sekoia feed
+*Steps*
 
-1- Go to Sekoia connector    _Analyzers > SEKOIAIntelligenceCenter_ (for any) and click on button Run
+1- Go to Sekoia connector    _Analyzers > SEKOIAIntelligenceCenter_ (any) and click on button Run
 
 ![TheHive_Sekoia_connector1](/assets/intelligence_center/search_SekoiaCTI-1.png){: style="width: 100%; max-width: 100%"}
 
 2- Fill the information (depending on which elements you would like to retrieve)
 
-- Observable
+- Indicator
 ![TheHive_Sekoia_connector2a](/assets/intelligence_center/search_SekoiaCTI-2_indicators.png){: style="width: 100%; max-width: 100%"}
 
-- Object context
+- Indicator side details
 ![TheHive_Sekoia_connector2b](/assets/intelligence_center/search_SekoiaCTI-2_context.png){: style="width: 100%; max-width: 100%"}
 
-- Object
+- Observable
 ![TheHive_Sekoia_connector2c](/assets/intelligence_center/search_SekoiaCTI-2_observables.png){: style="width: 100%; max-width: 100%"}
 
 
@@ -98,16 +104,9 @@ Search in Sekoia Intelligence page
 - Observable
 ![TheHive_Sekoia_Observable](/assets/intelligence_center/searchCTI_Sekoia_observables.png){: style="width: 50%; max-width: 50%"}
 
-- Objects
+- Indicators
 ![TheHive_Sekoia_objects](/assets/intelligence_center/searchCTI_Sekoia_objects.png){: style="width: 100%; max-width: 100%"}
 
-Here are the elements of the Sekoia feed that can be found on TheHive Cortex after export:
-
-|Analyzers|Cortex|Sekoia.io|
-|--|--|--|
-|SEKOIAIntelligenceCenter_Context_1_0|context of an observable|objects other tab information|
-|SEKOIAIntelligenceCenter_Indicators_1_0 |indicators|observables|
-|SEKOIAIntelligenceCenter_Observables_1_0|known observables|objects details|
 
 ## 5. Troubleshoot
 

diff --git a/docs/assets/intelligence_center/searchExisting_SekoiaCTI.png.png b/docs/assets/intelligence_center/searchExisting_SekoiaCTI.png.png