By Adrian | October 1, 2019
This is part 9 where I begin to lifecycle manage TheHive/MISP/Cortex software stack. Previous posts in this series are here:
Part I - Building TheHive
Part II - Setup reverse proxy for TheHive
Part III - Building MISP
Part IV - Building Cortex
Part V - Adding analyzers to Cortex
Part VI - Setup reverse proxy for Cortex
Part VII - Integrate TheHive and Cortex
Part VIII - Integrate MISP to TheHive
Part IX - Upgrading TheHive
Part X - Updating MISP
Part XI - Upgrading Cortex
Part XII - Wrapup of TheHive, MISP, Cortex
I’ve previously documented this upgrade when I was performing some testing for work. See Upgrading TheHive 3.2.1_1 to 3.4. While that particualr post covers the upgrade of an older version of TheHive (v3.2.1) to the current one, I refollowed these exact same steps to complete this upgrade and I can confirm that the steps upgrading from v3.3.0 to v3.4 are the same and that there were no variations that I had to make as a result.
In short the high level steps are
- Backup!
- Download and apply the new binaries
- Apply the required changes to the
application.conffile (critical!) - Perform post upgrade DB tasks
- Test your integrations with Cortex/MISP
I’ve also decided against upgrading the Elasticsearch components to version 6.x as there are plans on moving away from Elasticsearch over to a GraphDB in the next major release. See the blog post about that over on thehive-project blog about that.