-
Notifications
You must be signed in to change notification settings - Fork 233
FAQ
- What version of MaxMind TheHive uses?
- How often are the MaxMind databases refreshed?
- How shall I configure the MaxMind analyzer?
- Can I use the commercial versions of the databases?
The MaxMind analyzer includes the GeoLite2 free City and Country databases.
Cortex does not refresh those databases. It is up to you to create a cron job to refresh them at the frequency you want. The files to update are:
analyzers/MaxMind/GeoLite2-City.mmdbanalyzers/MaxMind/GeoLite2-Country.mmdb
You can fetch up-to-date versions from https://dev.maxmind.com/geoip/geoip2/geolite2/.
No configuration is required. If it looks like the analyzer is not working, please clear the cache of your browser and retry. If it still doesn't work, please join TheHive User Discussion Forum or open an issue on GitHub.
The current version of Cortex does not offer that possibility. If you'd like to have it, please request it.
- Does Cortex support authentication?
- How can I make sure that only authorized users get access to Cortex?
- How can I make sure that only authorized services get access to the Cortex API?
No. Cortex 1 does not support authentication. Cortex 2, slated for September 2017, will support local, LDAP and AD authentication.
Cortex does not currently support authentication. The next major version (v2), slated for September 2017, will implement it. In the meantime, you should either install an authenticating reverse proxy in front of Cortex or limit access to it using a firewall or an alternative filtering device.
If you do not protect your Cortex instance, anyone who has access to your network may run jobs or retrieve existing reports.
Cortex does not currently support service authentication or API keys. The next major version (v2), slated for September 2017, will implement it.
Any service may query Cortex without authentication. If you need to let only authorized services get access to your instance(s), make sure to use a filtering device and authorize only the IP addresses of those services.
Add the following lines to /etc/cortex/application.conf
https.port: 9443
play.server.https.keyStore {
path: "/path/to/keystore.jks"
type: "JKS"
password: "password_of_keystore"
}
HTTP can disabled by adding line http.port=disabled
To enable HTTPS in the application, add the following lines to /etc/cortex/application.conf:
https.port: 9443
play.server.https.keyStore {
path: "/path/to/keystore.jks"
type: "JKS"
password: "password_of_keystore"
}
As HTTPS is enabled HTTP can be disabled by adding http.port=disabled in configuration.
To import your certificate in the keystore, depending on your situation, you can follow Digital Ocean's tutorial.
More information: This is a setting of the Play framework that is documented on its website. Please refer to https://www.playframework.com/documentation/2.5.x/ConfiguringHttps.