Demo Virtual Machine

This virtual machines (OVA) contains TheHive 5 and Cortex. Cortex Neurons are downloaded and run as docker containers "on demand".
This virtual machine is maintained by StrangeBee and is for testing purpose only.

TheHive interface screenshot

Quick connect

This VM comes with 2 accounts in TheHive:

Administrator:

A user named thehive has been created and is org-admin of the organisation named testing:

Click here to login to TheHive.

TheHive database comes with several samples of data, like custom fields, MISP taxonomies, MITRE Att&ck data, a Case Template and an Alert.

This VM comes with 2 accounts in Cortex:

Administrator:

  • Login: admin
  • Password: thehive1234

An Organisation is also created with an orgadmin account:

  • Login: thehive
  • Password: thehive1234

Connect here with the orgadmin account to configure Analyzers and Responders.

⚠️ Warning

The VM is solely intended to be used for testing purposes. We strongly encourage you to refrain from using it in production.

Ensure good performance by allocating a minimum of 6 GB of RAM to run this Virtual Machine flawlessly. Adjusting the allocation below this threshold may lead to potential complications.

Content

The VM runs Debian 11. The most recent VM includes:

  • TheHive 5.2 using a local BerkeleyDB and file storage,
  • Cortex 3.1.7, and Elasticsearch 7.17.1.
  • TheHive4py 1.8.1
  • Cortex4py 2.0.1
  • Public Cortex Analyzers and Responders are running with Docker

Configuration details

Applications launched with Docker-compose, as docker containers with attached volumes in /opt/thp.

.
├── cassandra
├── cortex
├── docker-compose.yml
├── elasticsearch
├── nginx
└── thehive

TheHive

TheHive is configured to use Cassandra as database and Elasticsearch to index data. Files are stored in a local path.

thehive
├── config
├── files
└── log
  • config: all configuration files for TheHive
  • files: files storage
  • log: TheHive application logs

Cortex

Cortex uses Elasticsearch as database which is also run as a container with Docker-Compose. Dedicated volumes are configured: /opt/thp/elasticsearch/data to store data, and /opt/thp/elasticsearch/log, for logs.

cortex
├── config
├── jobs
└── log
  • config: all configuration files for TheHive
  • jobs: shared volume for Analyzers and Responders jobs
  • log: Cortex application logs

Operations

Virtual Machine

A system user account thehive/thehive1234 can be used to operate the VM.

All applications are run as docker containers, using docker-compose. The docker-compose.yml is in the folder /opt/thp.

TheHive

After each modification of TheHive configuration service should be restart.

  • Configuration file of TheHive is in /opt/thp/thehive/config/application.conf

  • Service can be restart by running following commands:

cd /opt/thp
docker compose restart thehive

Cortex

After each modification of Cortex configuration service should be restart.

  • Configuration file of TheHive is in /opt/thp/cortex/config/application.conf

  • Service can be restart by running following commands:

cd /opt/thp
docker compose restart cortex

Check for update

Check for update for TheHive and Cortex by running following commands (this will stop running applications):

cd /opt/thp
bash update.sh

Documentation

Documentation for TheHive 5 is available there: https://docs.strangebee.com.

Troubleshooting

TheHive service logs are located in /opt/thp/thehive/log/application.log.

Cortex service logs are located in /opt/thp/cortex/log/application.log.

Need Help?

Something does not work as expected? No worries, we got you covered. Join our community and contact us on Discord!