-
Notifications
You must be signed in to change notification settings - Fork 630
Docker guide
This guide assume that you will use docker.
docker run certbdf/thehive
TheHive listens on 9000/tcp. In order to make the port accessible add --publish parameter:
docker run --publish 8080:9000 certbdf/thehive
Then you can hit http://localhost:8080 or http://host-ip:8080 in your browser.
TheHive stores its data in /data (inside the container). You can add --volume parameter :
docker run --volume /path/to/persistent/data:/data certbdf/thehive
Default configuration is enough to start TheHive and Cortex but most analyzers require configuration. Configuration is splitted in the following files:
-
/opt/docker/thehive.confmain configuration file for TheHive. -
/opt/docker/cortex.confmain configuration file for Cortex. By default it includesanalyzers.conf -
/opt/docker/analyzers.confconfiguration for analyzers. (empty by default)
If you wish to adapt the default configuration, add a volume parameter to overwrite the configuration file:
docker run --volume /path/to/your/analyzers.conf:/opt/docker/conf/analyzers.conf certbdf/thehive
You can find configuration details in the documentation
This image comes with ElasticSearch and Cortex. You can disable them by adding environment one or more following variables:
DISABLE_ELASTICSEARCHDISABLE_CORTEX
docker run --env DISABLE_CORTEX --env DISABLE_ELASTICSEARCH certbdf/thehive
Disabling ElasticSearch permits to connect to an external ElasticSearch instance. TheHive doesn't work without ElasticSearch.
The server key (play.crypto.secret configuration item) is used to secure session data (more details in playframework documentation). If TheHive runs in cluster mode, all instance must share the same key. Docker generate a random key at startup. If you want to use your own key, you can set the variable CRYPTO_SECRET
docker run --env DISABLE_CORTEX --env CRYPTO_SECRET=JXGzd9Cyvaaupa4MqMg4fBBvRO7OegikeP7l09HDwkTEJs9vr6KNqSkzglE5wxGX certbdf/thehive