« Previous 1 2 3
Incident Analysis with The Hive and Cortex
Searching for Clues
Load Balancing and APIs
Once set up, The Hive interacts with Cortex to provide many ways to streamline incident handling for your incident response team. For load balancing, you can configure multiple Cortex instances and control the selection of individual "neurons" with tags. Many tools already exist with connections to common services that just need to be configured for use.
If you want to develop your own analyzers or responders, Python will get you there quickly, allowing you to connect internal APIs for further incident handling. Automating analyzers and responders lets the analyst concentrate on essential tasks without the need for additional information.
Conclusions
In this workshop, I showed you how to configure and use Cortex as an extension to The Hive incident response platform by enabling some initial analyzers and responders and successfully testing their use. Even though the project's documentation unfortunately tends to lag slightly a bit behind the development work, the developers of The Hive and Cortex and the project's community are there to help you with any questions. At the end of the day, The Hive with Cortex ensures a significant productivity boost for any incident response team.
Infos
- GRR Rapid Response: https://grr-doc.readthedocs.io/en/latest/
- MISP: https://www.misp-project.org
- The Hive Project: https://docs.thehive-project.org
- Cortex: https://github.com/TheHive-Project/Cortex
- Docker templates: https://github.com/TheHive-Project/Docker-Templates
- Traffic Light Protocol: https://www.first.org/tlp/
- Permissible Actions Protocol: https://misp-project.org/taxonomies.html#_pap
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Diving into infrastructure security
How to deal with threat intelligence on the corporate network when the existing security tools are not effective. -
Detecting security threats with Apache Spot
Security vulnerabilities often remain unknown when the data they reveal is buried in the depths of logfiles. Apache Spot uses big data and machine learning technologies to sniff out known and unknown IT security threats. - DARPA Dives into Graph Analytics
-
Forensic analysis with Autopsy and Sleuth Kit
Forensic admins can use the Autopsy digital forensics platform to perform an initial analysis of a failed system, looking for traces of a potential attack. -
Extended detection and response in networks, endpoint devices, and the cloud
Extended detection and response (XDR) integrates security functions across endpoint devices and networks. But is XDR the only integrated approach to cybersecurity challenges? We investigate the new technology.