• This repository has been archived on 20/Sep/2023
  • Stars
    star
    170
  • Rank 223,357 (Top 5 %)
  • Language
  • License
    GNU Affero Genera...
  • Created over 7 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Documentation of Cortex


Cortex documentation has moved and can be found at https://docs.thehive-project.org/cortex/.


Cortex solves two common problems frequently encountered by SOCs, CSIRTs and security researchers in the course of threat intelligence, digital forensics and incident response:

  • How to analyze observables they have collected, at scale, by querying a single tool instead of several?
  • How to actively respond to threats and interact with the constituency and other teams?

Thanks to its many analyzers and to its RESTful API, Cortex makes observable analysis a breeze, particularly if called from TheHive, our highly popular, free and open source Security Incident Response Platform (SIRP). TheHive can also leverage Cortex responders to perform specific actions on alerts, cases, tasks and observables collected in the course of the investigation: send an email to the constituents, block an IP address at the proxy level, notify team members that an alert needs to be taken care of urgently and much more.

Starting from Cortex version 2, you can create and manage multiple organizations (i.e multi-tenancy), manage the associated users and give them different roles. You can also specify per-org analyzer configuration and rate limits to avoid consuming all your quotas at once. We have also added a cache so that an analysis is not re-executed for the same observable if a given analyzer is called on that observable several times within a specific timespan (10 minutes by default, can be adjusted for each analyzer).

Notes:

  • This is the Cortex documentation repository. If you are looking for its source code, please visit https://github.com/TheHive-Project/Cortex/.
  • Cortex4py, the FOSS Python library we provide to submit observables in bulk mode through the Cortex REST API from alternative SIRP platforms & custom scripts, is compatible with Cortex 2 starting from v 2.0.0.
  • Active Response is a new feature that was introduced in TheHive 3.1.0 and Cortex 2.1.0.
  • If you are looking for the Cortex 1 documentation, please check the cortex-1 branch.

Hardware Pre-requisites

Cortex uses a Java VM. We recommend using a virtual machine with 8vCPU, 8 GB of RAM and 10 GB of disk. You can also use a physical machine with similar specifications.

What's New

Guides

Miscellaneous Information

License

Cortex is an open source and free software released under the AGPL (Affero General Public License). We, TheHive Project, are committed to ensure that TheHive will remain a free and open source project on the long-run.

Updates

Information, news and updates are regularly posted on TheHive Project Twitter account and on the blog.

Contributing

We welcome your contributions. Please feel free to fork the code, play with it, make some patches and send us pull requests using issues.

We do have a Code of conduct. Make sure to check it out before contributing.

Support

Please open an issue on GitHub if you'd like to report a bug or request a feature. We are also available on Gitter to help you out.

If you need to contact the Project's team, send an email to [email protected].

Important Note:

Community Discussions

We have set up a Google forum at https://groups.google.com/a/thehive-project.org/d/forum/users. To request access, you need a Google account. You may create one using a Gmail address or without it.

Website

https://thehive-project.org/

More Repositories

1

TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Scala
3,345
star
2

Cortex

Cortex: a Powerful Observable Analysis and Active Response Engine
Scala
1,311
star
3

Cortex-Analyzers

Cortex Analyzers Repository
Python
428
star
4

TheHiveDocs

Documentation of TheHive
392
star
5

TheHive4py

Python API Client for TheHive
Python
211
star
6

awesome

A curated list of awesome things related to TheHive & Cortex
169
star
7

Hippocampe

Threat Feed Aggregation, Made Easy
Python
165
star
8

Docker-Templates

Docker configurations for TheHive, Cortex and 3rd party tools
Shell
110
star
9

Synapse

Synapse: a Meta Alert Feeder for TheHive, a Security Incident Response Platform
Python
71
star
10

DigitalShadows2TH

DigitalShadows Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform
Python
36
star
11

Zerofox2TH

Zerofox Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform
Python
36
star
12

Cortex4py

Python API Client for Cortex
Python
31
star
13

TheHiveHooks

This is a python tool aiming to make using TheHive webhooks easier.
Python
26
star
14

ScalliGraph

Scala Framework for web applications using graph database
Scala
23
star
15

TheHive-Resources

A repository to share contributions related to TheHive Project
C++
22
star
16

docs

Official documentation for TheHive Project applications
HTML
20
star
17

TheHive4go

Go API client for TheHive
8
star
18

cortexutils

Python
5
star
19

elastic4play

Scala Framework for web applications using Elasticsearch
Scala
5
star
20

thehive.js

A Javascript library for TheHive and Cortex
JavaScript
2
star
21

doc-builder

Used by Drone to build documentation website
Python
2
star
22

cortex-neurons-builder

Python
1
star
23

api-docs

Documentation of TheHive 4 API
HTML
1
star