From f1971cd059c16929df6179aef01fb96b43018d17 Mon Sep 17 00:00:00 2001 From: Men-hau <101662967+Men-hau@users.noreply.github.com> Date: Tue, 17 Oct 2023 17:33:43 +0200 Subject: [PATCH] Update thehive.md --- .../integrations/thehive.md | 83 ++++++++++++------- 1 file changed, 55 insertions(+), 28 deletions(-) diff --git a/_shared_content/intelligence_center/integrations/thehive.md b/_shared_content/intelligence_center/integrations/thehive.md index 51e6ed8bdf..c9ec8896f5 100644 --- a/_shared_content/intelligence_center/integrations/thehive.md +++ b/_shared_content/intelligence_center/integrations/thehive.md @@ -12,11 +12,11 @@ Collect Sekoia.io CTI feed in an existing Cortex instance self-managed, for any - An active Sekoia.io licence with access to the CTI - An access to Sekoia.io User Center with the permissions to create an API key with [CTI permissions](https://docs.sekoia.io/getting_started/Permissions/#cti-permissions) -!!!note - Sekoia Intelligence feed will be available upon Cortex setup - ## 1. Connect to Cortex +!!!Warning + Cortex instance must be activated on your server + 1- In a Web browser, type the following _http://server_ip:cortex_port_ 2- Enter your login and password of your Cortex instance setup beforehand with `orgadmin` role @@ -52,9 +52,11 @@ Here is below one example of setup to be done **for the 3 analyzers**: ![Analyzer_ config_2](/assets/intelligence_center/analyzer_config_2.png){: style="width: 100%; max-width: 100%"} -## 3. Sekoia intelligence in TheHive Cortex +## 3. Sekoia intelligence in Cortex + +#### 1- Sekoia intelligence in Cortex -Here is an example on how to retrieve Sekoia feed on the 3 analyzers (and the match on Sekoia intelligence) +_Here is a summary of Sekoia intelligence in Cortex:_ |Analyzers|Cortex|Sekoia.io| |--|--|--| @@ -62,59 +64,84 @@ Here is an example on how to retrieve Sekoia feed on the 3 analyzers (and the ma |SEKOIAIntelligenceCenter_Indicators_1_0 |indicators|Indicators under objects tab (details)| |SEKOIAIntelligenceCenter_Observables_1_0|known observables|Observable under observable tab| -*Steps* +_Detail in Sekoia.i_o:_ +- SEKOIAIntelligenceCenter_Context_1_0 + -1- Go to Sekoia connector _Analyzers > SEKOIAIntelligenceCenter_ (any) and click on button Run +- SEKOIAIntelligenceCenter_Indicators_1_0 + -![TheHive_Sekoia_connector1](/assets/intelligence_center/search_SekoiaCTI-1.png){: style="width: 100%; max-width: 100%"} +- SEKOIAIntelligenceCenter_Observables_1_0 + -2- Fill the information (depending on which elements you would like to retrieve) +#### 2- How to find Sekoia Intelligence in Cortex ? + +**1- Search existing Sekoia Intelligence feed on Cortex** +![TheHive_Sekoia_connector1](/assets/intelligence_center/searchExisting_SekoiaCTI.png){: style="width: 100%; max-width: 100%"} + +**2- Importing Sekoia Intelligence** - Indicator -![TheHive_Sekoia_connector2a](/assets/intelligence_center/search_SekoiaCTI-2_indicators.png){: style="width: 100%; max-width: 100%"} -- Indicator side details -![TheHive_Sekoia_connector2b](/assets/intelligence_center/search_SekoiaCTI-2_context.png){: style="width: 100%; max-width: 100%"} +**On Sekoia.io** +![TheHive_Sekoia_objects](/assets/intelligence_center/searchCTI_Sekoia_objects.png){: style="width: 100%; max-width: 100%"} -- Observable -![TheHive_Sekoia_connector2c](/assets/intelligence_center/search_SekoiaCTI-2_observables.png){: style="width: 100%; max-width: 100%"} +**On Cortex** + +1- Go to Sekoia connector _Analyzers > SEKOIAIntelligenceCenter_ (any) and click on button Run +![TheHive_Sekoia_connector1](/assets/intelligence_center/search_SekoiaCTI-1.png){: style="width: 100%; max-width: 100%"} +2- Fill the information +![TheHive_Sekoia_connector2a](/assets/intelligence_center/search_SekoiaCTI-2_indicators.png){: style="width: 100%; max-width: 100%"} 3- Check the observable in Jobs History ![TheHive_Sekoia_job](/assets/intelligence_center/search_SekoiaCTI-3.png){: style="width: 100%; max-width: 100%"} 4- Check the Sekoia feed - -- Observable ![TheHive_Sekoia_feed1](/assets/intelligence_center/search_SekoiaCTI-4_Object.png){: style="width: 100%; max-width: 100%"} -- Object context -![TheHive_Sekoia_feed2](/assets/intelligence_center/search_SekoiaCTI-4_Object_context.png){: style="width: 100%; max-width: 100%"} -- Object -![TheHive_Sekoia_feed3](/assets/intelligence_center/search_SekoiaCTI-4_Observable.png){: style="width: 100%; max-width: 100%"} +------------ +- Indicator side details +**On Sekoia.io** +![TheHive_Sekoia_objects](/assets/intelligence_center/searchCTI_Sekoia_objects.png){: style="width: 100%; max-width: 100%"} -*To only search existing Sekoia Intelligence feed* -![TheHive_Sekoia_connector1](/assets/intelligence_center/searchExisting_SekoiaCTI.png){: style="width: 100%; max-width: 100%"} +**On Cortex** +2- Fill the information +![TheHive_Sekoia_connector2b](/assets/intelligence_center/search_SekoiaCTI-2_context.png){: style="width: 100%; max-width: 100%"} -## 4. Where to find Sekoia intelligence feed? +3- Check the observable in Jobs History +![TheHive_Sekoia_job](/assets/intelligence_center/search_SekoiaCTI-3.png){: style="width: 100%; max-width: 100%"} + +4- Check the Sekoia feed +![TheHive_Sekoia_feed2](/assets/intelligence_center/search_SekoiaCTI-4_Object_context.png){: style="width: 100%; max-width: 100%"} -Search in Sekoia Intelligence page +------------ - Observable + +**On Sekoia.io** ![TheHive_Sekoia_Observable](/assets/intelligence_center/searchCTI_Sekoia_observables.png){: style="width: 50%; max-width: 50%"} -- Indicators -![TheHive_Sekoia_objects](/assets/intelligence_center/searchCTI_Sekoia_objects.png){: style="width: 100%; max-width: 100%"} +**On Cortex** +2- Fill the information +![TheHive_Sekoia_connector2c](/assets/intelligence_center/search_SekoiaCTI-2_observables.png){: style="width: 100%; max-width: 100%"} + +3- Check the observable in Jobs History +![TheHive_Sekoia_job](/assets/intelligence_center/search_SekoiaCTI-3.png){: style="width: 100%; max-width: 100%"} + +4- Check the Sekoia feed +![TheHive_Sekoia_feed3](/assets/intelligence_center/search_SekoiaCTI-4_Observable.png){: style="width: 100%; max-width: 100%"} + -## 5. Troubleshoot +## 4. Troubleshoot 1- Go to _Analyzers_ tab > Run an analyzer 2- Check the jobs in _Jobs History_ tab -## 6. Other resources +## 5. Other resources - **The Cortex official documentation**