By Adrian | January 17, 2020
I’ve blogged quite a bit about TheHive and Cortex to date, so much so that the wonderful people over at TheHive-project have added this blog onto the Blogs & Articles section of TheHive’s curated Awesome List.
Its seems The more I write, the more I realise how much more there is to write about this stacks ability and feature set.
Throughout the course of the last year, I wrote a 12 part series about standing up TheHive, MISP and Cortex detailing my experiences in how to install, integrate and upgrade each of them. It’s been a popular series to say the least, however it’s a lot of instruction to follow if all you want to do is quickly look at the product.
So, ive gone about taking the fun out of this for you by writing an unofficial Vagrantfile and shell script that will perform the entire installation for you. Only after writing a script to do this, I discovered that there was an ova_builder repository that contains a build script to wel….build the entire solution as well. It’s the official Training VM that the developers created.
The build script mimics the current TrainingVM that is located on TheHive’s GitHub repository. It contains the latest versions of TheHive and Cortex, as well as the Docker versions of the Analyzers and Responders. I also consider this as not for production. This setup is a great way to quickly evaluate TheHive and Cortex or to stand up a quick development environment for testing stuff out.
To avoid issues with the installation, you will need a minimum of 2Gb RAM assigned to the virtual machine, although the more you can give it the better.
To save retyping the same things twice, all the information you will need about this can be found in the README at my GitHub Repository. You can download the required scripts from there.
I hope to add more short scripts and code to this repository over time.