Update thehive.md

SEKOIA-IO · Oct 18, 2023 · 98fca4e · 98fca4e
1 parent 0d74635
commit 98fca4e
Showing 1 changed file with 63 additions and 32 deletions.
diff --git a/_shared_content/intelligence_center/integrations/thehive.md b/_shared_content/intelligence_center/integrations/thehive.md
@@ -1,6 +1,6 @@
 # External Integrations: Cortex Analyzer
 
-Sekoia.io is providing a [Cortex analyzer](https://github.com/TheHive-Project/Cortex-Analyzers/tree/master/analyzers/SEKOIAIntelligenceCenter) to enrich data in [TheHive](https://thehive-project.org/) ecosystem.
+Sekoia.io is providing its intelligence to enrich data in [Cortex](https://thehive-project.org/).
 
 ## Objective
 
@@ -11,11 +11,11 @@ Collect Sekoia.io CTI feed in an existing Cortex instance self-managed, for any
 - An operational Cortex instance with administrator privileges
 - An active Sekoia.io licence with access to the CTI
 - An access to Sekoia.io User Center with the permissions to create an API key with [CTI permissions](https://docs.sekoia.io/getting_started/Permissions/#cti-permissions)
+
+## 1. Connect to Cortex
 
 !!!note
-   Sekoia Intelligence feed will be available upon Cortex setup
-
-## 1. Connect to Cortex
+   Cortex instance must be activated on your server
 
 1- In a Web browser, type the following	_http://server_ip:cortex_port_
 
@@ -38,6 +38,7 @@ Collect Sekoia.io CTI feed in an existing Cortex instance self-managed, for any
 #### 2- Enable and Setup the Analyzer
 
 The configuration setup in the previous section  will provide 3 Analyzers to enable and setup :
+
 - SEKOIAIntelligenceCenter_Context_1_0
 - SEKOIAIntelligenceCenter_Indicators_1_0 
 - SEKOIAIntelligenceCenter_Observables_1_0
@@ -53,68 +54,98 @@ Here is below one example of setup to be done for the 3 analyzers:
 
 ## 3. Sekoia intelligence in TheHive Cortex
 
-Here is an example on how to retrieve Sekoia feed on the 3 analyzers (and the match on Sekoia intelligence)
+### 1. Matching of Sekoia intelligence
+
+**Here is a summary of the information:**
 
 |Analyzers|Cortex|Sekoia.io|
 |--|--|--|
 |SEKOIAIntelligenceCenter_Context_1_0|context of an observable|Indicator side details (Related threats, Linked Observables, Latest reports, Indicator types,Kill chain)|
 |SEKOIAIntelligenceCenter_Indicators_1_0 |indicators|Indicators under objects tab (details)|
 |SEKOIAIntelligenceCenter_Observables_1_0|known observables|Observable under observable tab|
 
-*Steps*
+**Where to find information on Sekoia.io ?**
 
-1- Go to Sekoia connector    _Analyzers > SEKOIAIntelligenceCenter_ (any) and click on button Run
+- SEKOIAIntelligenceCenter_Context_1_0
+  <screenshot_1>
+
+- SEKOIAIntelligenceCenter_Indicators_1_0
+  <screenshot_2>
+
+- SEKOIAIntelligenceCenter_Observables_1_0
+   <screenshot_3>
 
-![TheHive_Sekoia_connector1](/assets/intelligence_center/search_SekoiaCTI-1.png){: style="width: 100%; max-width: 100%"}
+### 2. Steps to retrieve and search Sekoia intelligence
 
-2- Fill the information (depending on which elements you would like to retrieve)
+**- Search existing Sekoia intelligence in Cortex**
 
-- Indicator
-![TheHive_Sekoia_connector2a](/assets/intelligence_center/search_SekoiaCTI-2_indicators.png){: style="width: 100%; max-width: 100%"}
+![TheHive_Sekoia_connector1](/assets/intelligence_center/searchExisting_SekoiaCTI.png){: style="width: 100%; max-width: 100%"}
 
-- Indicator side details
-![TheHive_Sekoia_connector2b](/assets/intelligence_center/search_SekoiaCTI-2_context.png){: style="width: 100%; max-width: 100%"}
+**- Import Sekoia intelligence**
 
-- Observable
-![TheHive_Sekoia_connector2c](/assets/intelligence_center/search_SekoiaCTI-2_observables.png){: style="width: 100%; max-width: 100%"}
+- Indicators
+
+1- Go to Sekoia connector    _Analyzers > SEKOIAIntelligenceCenter_ and click on button Run
+![TheHive_Sekoia_connector1](/assets/intelligence_center/search_SekoiaCTI-1_indicators.png){: style="width: 100%; max-width: 100%"}
 
+2- Fill the information
+![TheHive_Sekoia_connector2a](/assets/intelligence_center/search_SekoiaCTI-2_indicators.png){: style="width: 100%; max-width: 100%"}
 
 3- Check the observable in Jobs History
-![TheHive_Sekoia_job](/assets/intelligence_center/search_SekoiaCTI-3.png){: style="width: 100%; max-width: 100%"}
+![TheHive_Sekoia_job](/assets/intelligence_center/search_SekoiaCTI-3_indicators.png){: style="width: 100%; max-width: 100%"}
 
-4- Check the Sekoia feed
+4- Check the Sekoia observable 
+![TheHive_Sekoia_feed1](/assets/intelligence_center/search_SekoiaCTI-4_Observable.png){: style="width: 100%; max-width: 100%"}
 
-- Observable
-![TheHive_Sekoia_feed1](/assets/intelligence_center/search_SekoiaCTI-4_Object.png){: style="width: 100%; max-width: 100%"}
+5- In Sekoia.io
+![TheHive_Sekoia_objects](/assets/intelligence_center/searchCTI_Sekoia_objects.png){: style="width: 100%; max-width: 100%"}
 
-- Object context
-![TheHive_Sekoia_feed2](/assets/intelligence_center/search_SekoiaCTI-4_Object_context.png){: style="width: 100%; max-width: 100%"}
+------
 
-- Object
-![TheHive_Sekoia_feed3](/assets/intelligence_center/search_SekoiaCTI-4_Observable.png){: style="width: 100%; max-width: 100%"}
+- Context
 
+1- Go to Sekoia connector    _Analyzers > SEKOIAIntelligenceCenter_  and click on button Run
+![TheHive_Sekoia_connector1](/assets/intelligence_center/search_SekoiaCTI-1_context.png){: style="width: 100%; max-width: 100%"}
 
-*To only search existing Sekoia Intelligence feed*
-![TheHive_Sekoia_connector1](/assets/intelligence_center/searchExisting_SekoiaCTI.png){: style="width: 100%; max-width: 100%"}
+2- Fill the information
+![TheHive_Sekoia_connector2b](/assets/intelligence_center/search_SekoiaCTI-2_context.png){: style="width: 100%; max-width: 100%"}
 
-## 4. Where to find Sekoia intelligence feed ?
+3- Check the observable in Jobs History
+![TheHive_Sekoia_job](/assets/intelligence_center/search_SekoiaCTI-3_context.png){: style="width: 100%; max-width: 100%"}
 
-Search in Sekoia Intelligence page
+4- Check the Sekoia observable 
+![TheHive_Sekoia_feed1](/assets/intelligence_center/search_SekoiaCTI-4_Object_context.png){: style="width: 100%; max-width: 100%"}
 
-- Observable
+5- In Sekoia.io
 ![TheHive_Sekoia_Observable](/assets/intelligence_center/searchCTI_Sekoia_observables.png){: style="width: 50%; max-width: 50%"}
 
-- Indicators
-![TheHive_Sekoia_objects](/assets/intelligence_center/searchCTI_Sekoia_objects.png){: style="width: 100%; max-width: 100%"}
+------
+
+- Observables
+
+1- Go to Sekoia connector    _Analyzers > SEKOIAIntelligenceCenter_ (any) and click on button Run
+![TheHive_Sekoia_connector1](/assets/intelligence_center/search_SekoiaCTI-1_observables.png){: style="width: 100%; max-width: 100%"}
+
+2- Fill the information
+![TheHive_Sekoia_connector2c](/assets/intelligence_center/search_SekoiaCTI-2_observables.png){: style="width: 100%; max-width: 100%"}
+
+3- Check the observable in Jobs History
+![TheHive_Sekoia_job](/assets/intelligence_center/search_SekoiaCTI-3_observables.png){: style="width: 100%; max-width: 100%"}
+
+4- Check the Sekoia observable 
+![TheHive_Sekoia_feed1](/assets/intelligence_center/search_SekoiaCTI-4_Object.png){: style="width: 100%; max-width: 100%"}
+
+5- In Sekoia.io
+![TheHive_Sekoia_Observable](/assets/intelligence_center/searchCTI_Sekoia_observables.png){: style="width: 50%; max-width: 50%"}
 
 
-## 5. Troubleshoot
+## 4. Troubleshoot
 
 1- Go to _Analyzers_ tab > Run an analyzer
 
 2- Check the jobs in _Jobs History_ tab
 
-## 6. Other resources
+## 5. Other resources
 
 - **The Cortex official documentation**