diff --git a/_shared_content/intelligence_center/integrations/thehive.md b/_shared_content/intelligence_center/integrations/thehive.md index 5f51069d91..35fa6c4d0d 100644 --- a/_shared_content/intelligence_center/integrations/thehive.md +++ b/_shared_content/intelligence_center/integrations/thehive.md @@ -1,22 +1,71 @@ # External Integrations: Cortex Analyzer -SEKOIA is also providing a [Cortex analyzer](https://github.com/TheHive-Project/Cortex-Analyzers/tree/master/analyzers/SEKOIAIntelligenceCenter) to enrich data in [TheHive](https://thehive-project.org/) ecosystem. - -To setup the analyzer please [follow this guide](https://github.com/TheHive-Project/CortexDocs/blob/master/analyzer_requirements.md). - -In a nutshell: - -- Get the Sekoia.io API Key -- Install the Analyzer refering to this section of the [TheHive](https://github.com/TheHive-Project/CortexDocs/blob/master/installation/install-guide.md#installation) documentation -- Connect into Cortex with `orgadmin` role -- Select your organization on the top right corner -![!Cortex Organisation Page](/assets/intelligence_center/organization.png){: style="width: 100%; max-width: 100%"} -- Move to `Analyser Config` and search `sekoia` -![!Cortex Analyser Config Page](/assets/intelligence_center/analyzer_config.png){: style="width: 100%; max-width: 100%"} -- Select `SEKOIAIntelligenceCenter` -- Provide simple configurations -![!Cortex Analyser Config API Page](/assets/intelligence_center/sekoia_api.png){: style="width: 100%; max-width: 100%"} -- Enable the Analyzer you would like to use, by clicking on the right side -![!Cortex Analyser Enable Page](/assets/intelligence_center/analyzer_activation.png){: style="width: 100%; max-width: 100%"} -- If wanted, tailor made your Analyzer with additional details -![!Cortex Analyser Enable Context Page](/assets/intelligence_center/enable_context.png){: style="width: 100%; max-width: 100%"} +Sekoia.io is providing a [Cortex analyzer](https://github.com/TheHive-Project/Cortex-Analyzers/tree/master/analyzers/SEKOIAIntelligenceCenter) to enrich data in [TheHive](https://thehive-project.org/) ecosystem. + +## Objective + +Collect Sekoia.io CTI feed in an existing Cortex instance self-managed, for any operational purpose such as CTI aggregation, dissemination, hunting... + +## Prerequisites: + +- An operational Cortex instance with administrator privileges +- An active Sekoia.io licence with access to the CTI +- An access to Sekoia.io User Center with the permissions to create an API key with [CTI permissions](https://docs.sekoia.io/getting_started/Permissions/#cti-permissions) + +!!!note + Sekoia Intelligence feed will be available upon Cortex setup + +## 1. Connect to Cortex + +1- In a Web browser, type the following _http://server_ip:cortex_port_ + +2- Enter your login and password of your Cortex instance setup beforehand with `orgadmin` role + + +## 2. Configuration + +#### 1- Setup the Analyzer configuration + +1- Select your _Organization_ on the top right corner +![Orga_setup_1](/assets/intelligence_center/orga_setup_1.png){: style="width: 100%; max-width: 100%"} + +2- Go to _Analyzers Config_ tab and Search `SekoiaIntelligenceCenter` +![Orga_setup_2](/assets/intelligence_center/orga_setup_2.png){: style="width: 100%; max-width: 100%"} + +3- Edit and Add your Sekoia API key and Base url +![Orga_setup_3](/assets/intelligence_center/orga_setup_3.png){: style="width: 100%; max-width: 100%"} + +#### 2- Setup the Analyzer + +1- Go to _Analyzers_ tab and Search `SekoiaIntelligenceCenter` +![Analyzer_ config_1](/assets/intelligence_center/analyzer_config_1.png){: style="width: 100%; max-width: 100%"} + +2- Edit and Add your Sekoia API key and Base url +![Analyzer_ config_2](/assets/intelligence_center/analyzer_config_2.png){: style="width: 100%; max-width: 100%"} + +#### 3- Check Sekoia intelligence + +1- Go to job page + +2- Select `SekoiaIntelligenceCenter` in _Analyzers_ +![job_1](/assets/intelligence_center/job_1.png){: style="width: 100%; max-width: 100%"} + +3- Click on `view` to see details of the job +![job_2](/assets/intelligence_center/job_2.png){: style="width: 100%; max-width: 100%"} + +## 3. Troubleshoot + +1- Go to _Analyzers_ tab > Run an analyzer + +2- Check the jobs in _Jobs History_ tab + +## 4. Other resources + +- **The Cortex official documentation** + +https://github.com/TheHive-Project/CortexDocs/blob/master/installation/install-guide.md#docker + +http://docs.thehive-project.org/cortex/user-guides/first-start/ + +https://github.com/TheHive-Project/CortexDocs/blob/master/admin/quick-start.md + diff --git a/docs/assets/intelligence_center/Analyzer_ config_1.png b/docs/assets/intelligence_center/Analyzer_ config_1.png deleted file mode 100644 index 15b7eb9ad2..0000000000 Binary files a/docs/assets/intelligence_center/Analyzer_ config_1.png and /dev/null differ diff --git a/docs/assets/intelligence_center/Analyzer_ config_2.png b/docs/assets/intelligence_center/Analyzer_ config_2.png deleted file mode 100644 index 199912282c..0000000000 Binary files a/docs/assets/intelligence_center/Analyzer_ config_2.png and /dev/null differ diff --git a/docs/assets/intelligence_center/Orga_setup_1.png b/docs/assets/intelligence_center/Orga_setup_1.png deleted file mode 100644 index e75d5640da..0000000000 Binary files a/docs/assets/intelligence_center/Orga_setup_1.png and /dev/null differ diff --git a/docs/assets/intelligence_center/Orga_setup_2.png b/docs/assets/intelligence_center/Orga_setup_2.png deleted file mode 100644 index a07fc929ef..0000000000 Binary files a/docs/assets/intelligence_center/Orga_setup_2.png and /dev/null differ diff --git a/docs/assets/intelligence_center/Orga_setup_3.png b/docs/assets/intelligence_center/Orga_setup_3.png deleted file mode 100644 index dcab8429b1..0000000000 Binary files a/docs/assets/intelligence_center/Orga_setup_3.png and /dev/null differ