Merge pull request #1327 from SEKOIA-IO/update_doc_cti_thehive

update_thehivecortex_cti_doc
SEKOIA-IO · Sep 19, 2023 · 894d0af · 894d0af
2 parents fb46607 + cd66447
commit 894d0af
Show file tree

Hide file tree

Showing 6 changed files with 69 additions and 20 deletions.
diff --git a/_shared_content/intelligence_center/integrations/thehive.md b/_shared_content/intelligence_center/integrations/thehive.md
@@ -1,22 +1,71 @@
 # External Integrations: Cortex Analyzer
 
-SEKOIA is also providing a [Cortex analyzer](https://github.com/TheHive-Project/Cortex-Analyzers/tree/master/analyzers/SEKOIAIntelligenceCenter) to enrich data in [TheHive](https://thehive-project.org/) ecosystem.
-
-To setup the analyzer please [follow this guide](https://github.com/TheHive-Project/CortexDocs/blob/master/analyzer_requirements.md).
-
-In a nutshell:
-
-- Get the Sekoia.io API Key
-- Install the Analyzer refering to this section of the [TheHive](https://github.com/TheHive-Project/CortexDocs/blob/master/installation/install-guide.md#installation) documentation
-- Connect into Cortex with `orgadmin` role
-- Select your organization on the top right corner
-![!Cortex Organisation Page](/assets/intelligence_center/organization.png){: style="width: 100%; max-width: 100%"}
-- Move to `Analyser Config` and search `sekoia`
-![!Cortex Analyser Config Page](/assets/intelligence_center/analyzer_config.png){: style="width: 100%; max-width: 100%"}
-- Select `SEKOIAIntelligenceCenter`
-- Provide simple configurations
-![!Cortex Analyser Config API Page](/assets/intelligence_center/sekoia_api.png){: style="width: 100%; max-width: 100%"}
-- Enable the Analyzer you would like to use, by clicking on the right side
-![!Cortex Analyser Enable Page](/assets/intelligence_center/analyzer_activation.png){: style="width: 100%; max-width: 100%"}
-- If wanted, tailor made your Analyzer with additional details
-![!Cortex Analyser Enable Context Page](/assets/intelligence_center/enable_context.png){: style="width: 100%; max-width: 100%"}
+Sekoia.io is providing a [Cortex analyzer](https://github.com/TheHive-Project/Cortex-Analyzers/tree/master/analyzers/SEKOIAIntelligenceCenter) to enrich data in [TheHive](https://thehive-project.org/) ecosystem.
+
+## Objective
+
+Collect Sekoia.io CTI feed in an existing Cortex instance self-managed, for any operational purpose such as CTI aggregation, dissemination, hunting...
+
+## Prerequisites:
+
+- An operational Cortex instance with administrator privileges
+- An active Sekoia.io licence with access to the CTI
+- An access to Sekoia.io User Center with the permissions to create an API key with [CTI permissions](https://docs.sekoia.io/getting_started/Permissions/#cti-permissions)
+
+!!!note
+   Sekoia Intelligence feed will be available upon Cortex setup
+
+## 1. Connect to Cortex
+
+1- In a Web browser, type the following	_http://server_ip:cortex_port_
+
+2- Enter your login and password of your Cortex instance setup beforehand with `orgadmin` role
+
+
+## 2. Configuration
+
+#### 1- Setup the Analyzer configuration
+
+1- Select your _Organization_ on the top right corner
+![Orga_setup_1](/assets/intelligence_center/orga_setup_1.png){: style="width: 100%; max-width: 100%"}
+
+2- Go to _Analyzers Config_ tab and Search `SekoiaIntelligenceCenter`
+![Orga_setup_2](/assets/intelligence_center/orga_setup_2.png){: style="width: 100%; max-width: 100%"}
+
+3- Edit and Add your Sekoia API key and Base url
+![Orga_setup_3](/assets/intelligence_center/orga_setup_3.png){: style="width: 100%; max-width: 100%"}
+
+#### 2- Setup the Analyzer
+
+1- Go to _Analyzers_ tab and Search `SekoiaIntelligenceCenter`
+![Analyzer_ config_1](/assets/intelligence_center/analyzer_config_1.png){: style="width: 100%; max-width: 100%"}
+
+2- Edit and Add your Sekoia API key and Base url
+![Analyzer_ config_2](/assets/intelligence_center/analyzer_config_2.png){: style="width: 100%; max-width: 100%"}
+
+#### 3- Check Sekoia intelligence
+
+1- Go to job page
+
+2- Select `SekoiaIntelligenceCenter` in _Analyzers_
+![job_1](/assets/intelligence_center/job_1.png){: style="width: 100%; max-width: 100%"}
+
+3- Click on `view` to see details of the job
+![job_2](/assets/intelligence_center/job_2.png){: style="width: 100%; max-width: 100%"}
+
+## 3. Troubleshoot
+
+1- Go to _Analyzers_ tab > Run an analyzer
+
+2- Check the jobs in _Jobs History_ tab
+
+## 4. Other resources
+
+- **The Cortex official documentation**
+
+https://github.com/TheHive-Project/CortexDocs/blob/master/installation/install-guide.md#docker
+
+http://docs.thehive-project.org/cortex/user-guides/first-start/
+
+https://github.com/TheHive-Project/CortexDocs/blob/master/admin/quick-start.md
+
diff --git a/docs/assets/intelligence_center/Analyzer_ config_1.png b/docs/assets/intelligence_center/Analyzer_ config_1.png
diff --git a/docs/assets/intelligence_center/Analyzer_ config_2.png b/docs/assets/intelligence_center/Analyzer_ config_2.png
diff --git a/docs/assets/intelligence_center/Orga_setup_1.png b/docs/assets/intelligence_center/Orga_setup_1.png
diff --git a/docs/assets/intelligence_center/Orga_setup_2.png b/docs/assets/intelligence_center/Orga_setup_2.png
diff --git a/docs/assets/intelligence_center/Orga_setup_3.png b/docs/assets/intelligence_center/Orga_setup_3.png