« Previous 1 2 3
Incident Analysis with The Hive and Cortex
Searching for Clues
Load Balancing and APIs
Once set up, The Hive interacts with Cortex to provide many ways to streamline incident handling for your incident response team. For load balancing, you can configure multiple Cortex instances and control the selection of individual "neurons" with tags. Many tools already exist with connections to common services that just need to be configured for use.
If you want to develop your own analyzers or responders, Python will get you there quickly, allowing you to connect internal APIs for further incident handling. Automating analyzers and responders lets the analyst concentrate on essential tasks without the need for additional information.
Conclusions
In this workshop, I showed you how to configure and use Cortex as an extension to The Hive incident response platform by enabling some initial analyzers and responders and successfully testing their use. Even though the project's documentation unfortunately tends to lag slightly a bit behind the development work, the developers of The Hive and Cortex and the project's community are there to help you with any questions. At the end of the day, The Hive with Cortex ensures a significant productivity boost for any incident response team.
Infos
- GRR Rapid Response: https://grr-doc.readthedocs.io/en/latest/
- MISP: https://www.misp-project.org
- The Hive Project: https://docs.thehive-project.org
- Cortex: https://github.com/TheHive-Project/Cortex
- Docker templates: https://github.com/TheHive-Project/Docker-Templates
- Traffic Light Protocol: https://www.first.org/tlp/
- Permissible Actions Protocol: https://misp-project.org/taxonomies.html#_pap
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)