Incident Analysis with The Hive and Cortex

Searching for Clues

Load Balancing and APIs

Once set up, The Hive interacts with Cortex to provide many ways to streamline incident handling for your incident response team. For load balancing, you can configure multiple Cortex instances and control the selection of individual "neurons" with tags. Many tools already exist with connections to common services that just need to be configured for use.

If you want to develop your own analyzers or responders, Python will get you there quickly, allowing you to connect internal APIs for further incident handling. Automating analyzers and responders lets the analyst concentrate on essential tasks without the need for additional information.

Conclusions

In this workshop, I showed you how to configure and use Cortex as an extension to The Hive incident response platform by enabling some initial analyzers and responders and successfully testing their use. Even though the project's documentation unfortunately tends to lag slightly a bit behind the development work, the developers of The Hive and Cortex and the project's community are there to help you with any questions. At the end of the day, The Hive with Cortex ensures a significant productivity boost for any incident response team.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus