Elasticsearch

In my last post, I covered how I went about upgrading TheHive from 3.4 to 3.5RC1 along with a double upgrade of Elasticsearch. Well now its Cortex’s time. Cortex 3.1.0 also uses Elasticsearch 7.8 so we are in for a similar upgrade process. Depending on your reliance on Cortex it may be a nice addition to TheHive that is rarely used, or it may be critical to your operation. Either way, getting to the latest version is desirable as there are always welcome bug fixes and improvements with error handling, reporting and general integration.

Upgrading TheHive 3.4.0-1/ES5.6 to TheHive 3.5.0-RC1/ES7.8

By Adrian in Projects

August 22, 2020

TheHive 3.5.0 RC1 has now been released and my environment is in a bit of a shambles for this upgrade. You see when I performed my upgrade of TheHive 3.2.1 to 3.4.0 I elected to not upgrade to ElasticSearch 6.8 at the time as I wanted to do some more testing on it. I told myself, TheHive 3.4 was working just fine using Elasticsearch 5.6, so I never went ahead with the Elastic part of the upgrade.

Browsing Elasticsearch With Kaizen

By Adrian in tools

October 11, 2019

Recently I had a few questions about what a particular Elasticsearch NoSQL Database was holding and I started poking using curl and the json search language, and for the untrained it can be daunting. Heaps of syntax, nesting and JSON arrays. It was overwhelming at first. On the plus side, its super granular so if you know exactly what you are looking for its super quick. Well I had a problem, I wasnt 100% sure what I was looking for and merely just wanted to browse the data for you know….

Upgrading TheHive 3.2.1_1 to 3.4

By Adrian in Projects

September 12, 2019

Its upgrading time! Its been a while since ive visited TheHive and version 3.4.0 has been released. The astute reader will noticed that when I originally stood up my instance of TheHive I opted for version 3.3.1 and yes, that will be getting an upgrade, but the reason for this post is that this is a test run for the instance upgrade at work and thats what were using, so thats what im testing about.

Setting Up an ELK Stack

By Adrian in Projects

November 25, 2018

Splunk. Love it to bits, use it at work heaps, but sadly for personal use once you go past that 500Mb/day license requirement thats it, get your wallet out. This is where ELK comes into play. Being open source I thought i’d give it a crack. Here is my experience. I know there are plenty of guides online for this, but went through a bit of trial and error for my setup.