OpenCTI is an open source Cyber Threat Intelligence platform that provides a powerful knowledge management database for storing, organising and sharing knowledge about cyber threats and uses the STIX2 schema for it structure. It has been designed for CTI analysts. The platform is built on Modern technologies of Grakn, GraphQL, Elastic, RabbitMQ, Redis and React. The project is available as a docker image which make installation simple. While I’m probably not going to do the best job of talking up the full feature set of this platform, you can view more about it on their website and github page.
This post is a continuation of TheHive v4 RC1 in that I am providing the instructions to add Internal Authentication to Cassandra as well as a reverse proxy so we can connect back to TheHive with https. Add Internal Authentication to Cassandra It is recommended that you don’t allow access to the cqlsh unless there is some sort of authentication mechanism attached to it. There are too many horror stories of databases being dumped, and the internal authentication will make it that little bit harder to access from the cqlsh shell.
TheHive version 4 RC1, it’s here, its been here for a solid few weeks and I’m only just getting around to checking it out now. The new update looks to include a few nice features and a welcome back end technology refresh which should keep the platform in support for a good while yet. At this stage, I would not suggest attempting to either upgrade your existing version 3 installations to version 4, or run a clean install as your main case management production system if you’re just starting out, but get to know this version by spinning up a new virtual machine because when the time comes around, you will give yourself a good leg up.
I’ve been a little absent of late. I’ve been quite busy at home having to get a few last minute things, like additional landscaping, pressure cleaning concrete, putting together flat pack furniture for my house in preparation for sale. Which brings me to why I’m writing this this post. I am a huge UniFi fan having multiple devices in my home network installation which have been flawless since installation. A few of those components include a CloudKey controller and a number of UniFi Protect cameras which naturally became a bit of a selling point for the house.
Cortex 3.0.1: The better logging edition has been released now. I am quite surprised that the developers were able to release a point upgrade out while they are working on the new major release of TheHive but I welcome it as it brings a number of fixes and enhancements which you can read about on TheHive project Blog. Some of the bug fixes will make my life easier as some logging issues have been corrected which will make testing and developing responders for Cortex less painful.
Well what a write off of a year so far. Over the Xmas break, I wasn’t able to get in as many hikes as I would like due to the terrible fires we have had over the last few months. Given the air quality has been rated as hazardous, I’ve erred on the side of caution, not wanting to fill my lungs with it. I was however able to write up the 3 that I did.
I’ve blogged quite a bit about TheHive and Cortex to date, so much so that the wonderful people over at TheHive-project have added this blog onto the Blogs & Articles section of TheHive’s curated Awesome List. Its seems The more I write, the more I realise how much more there is to write about this stacks ability and feature set. Throughout the course of the last year, I wrote a 12 part series about standing up TheHive, MISP and Cortex detailing my experiences in how to install, integrate and upgrade each of them.
For the last 4 years on New Years day, I like to start the year off right, get up nice and early and take a drive out to Healesville to hike up Mt Riddell. Not sure how, why or when I decided that this was going to be a tradition, but I’d completed it a few times in the past and its kinda stuck now. New Years Day 2020 wasn’t going to stop that.
Our local council been quite busy over the years preparing a new 40km trail that is designed to connect with other trails in our area. The concept for this trail went back prior to Black Saturday fires in 2009 where parts of the old bridges were destroyed by fires and the project seemed to stall as a result. Recently stage 1A was opened which is a 7.5km trail from Lilydale to Yering.
The Glasgow firetrail as its affectionately known as (it doesn’t have an official name) is a brutal unmarked track that follows a rocky riverbed up the side of Mt. Dandenong on the outskirts of Melbourne Victoria. It has an initial rise of about 400m over a distance of 1400m, or a 28% grade. It is as technically challenging navigating through the loose rock as it is physically demanding. It is also a much harder alternative than the popular 1000 steps track located on the other side of Mt.
What a crazy year its been for me. It started off with migrating my blog from WordPress to Hugo and setting up some additional AWS services to complement my domain and completing a few AWS based labs off the back of the AWS Certified Cloud Practitioner exam I sat in late 2018. I then started looking at some open source tools namely, Chris Long’s Detection Lab and Quasar RAT before starting a new role which mixed things up in a good way.
In my last post I wrote about Installing and Securing NodeRED. The reason behind this was twofold. First, NodeRED is pretty cool and I want to be able to do some more ETL (Extract, Transform, Load) operations for personal projects I want to start on and secondly, I’ve been looking into TheHive webhooks functionality and needed some way to drive it in a way that didn’t require hundreds of lines of bespoke python code.