Тёмный

TheHive and Cortex Integration - Add Intelligence to Your SOC! 

Taylor Walton
Подписаться 19 тыс.
Просмотров 16 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

Join me as we add intelligence to our SOC! Quickly analyze observables within your cases to discover what needs immediate action. Let's deploy a Host Intrusion Detection System and SIEM with free open source tools. Join me as we explore and learn together.
Check us out: www.opensecure...
Interact with our demo: www.opensecure...
Hire us: www.opensecure...

Опубликовано:

 

3 окт 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 26   
@Sniperrkr
@Sniperrkr 2 года назад
Your videos are "GOLD" keep it up!
@mamtatiwari2872
@mamtatiwari2872 3 года назад
you deserve 5 Star Rating
@taylorwalton_socfortress
@taylorwalton_socfortress 3 года назад
Thanks for watching :)
@comandocibernetico
@comandocibernetico 3 года назад
Worked after I payed attention to the carp! :-) Congratulations!
@taylorwalton_socfortress
@taylorwalton_socfortress 3 года назад
awesome! thanks for watching!
@ian230187
@ian230187 2 года назад
Loved this ❤️❤️
@ndapandulaandreas5153
@ndapandulaandreas5153 3 года назад
Great tutorial! I’d really like to integrate my The Hive instance with my exchange server via Synapse. Please do a video on it or share some links
@danielkwakuntiamoahaddai4854
@danielkwakuntiamoahaddai4854 Год назад
lets connect Andreas
@younessaitichou5319
@younessaitichou5319 2 года назад
Thanks for the great video, I did what u ve done step by step and it worked but I want to secure my instances so as offered by thehive they recommend deploying a reverse proxy. when I did a reverse proxy for both my instances thehive and cortex, the connection between those two breaks and it doesn't show OK status anymore rather than ERROR. Could you help with that please !!!
@fikadumilkesa5327
@fikadumilkesa5327 Год назад
great tutorial. please can you show me how we can install thehive on production enviroment
@novelsync5229
@novelsync5229 2 года назад
Great tutorial, could you please create video about the hive dashboard of MTTD, MTTR
@taylorwalton_socfortress
@taylorwalton_socfortress 2 года назад
I look to get that added...thanks for watching!
@allam8842
@allam8842 11 месяцев назад
Hi! im following all your video relating soc. Everything was working well untill this morning. Today i start the integration part at nano /etc/thehive/application.conf. Unfortunately, it happens to be error since that and my the hive 4 web cannot be access. When i run the systemctl status thehive. It display main process existed. status=255. Im quiet new in this soc field. I hope anyone can help me with it. Btw, I install everything on my ubuntu 23.04
@JoaoVictor-rw9qb
@JoaoVictor-rw9qb 2 года назад
Can you explain for me what is Responders? And the difference between of the Analyzers?
@taylorwalton_socfortress
@taylorwalton_socfortress 2 года назад
Analyzers and Responders are autonomous applications managed by and run through the Cortex core engine. Analyzers allow analysts and security researchers to analyze observables and IOCs such as domain names, IP addresses, hashes, files, URLs at scale. While many analyzers are free to use, some require special access while others necessitate a valid service subscription or product license, even though the analyzers themselves are released under an the AGPL (Affero General Public License). Responders are programs that perform different actions and apply to alerts, cases, tasks, task logs, and observables.
@vietpdMKT
@vietpdMKT 2 года назад
i followed the video but i cant connect the cortex with thehive. when I click on about it says Unknown version ( Error)
@imranahmed5524
@imranahmed5524 Год назад
how to find that API KEY ?
@danykarim1414
@danykarim1414 2 года назад
did not work
@jayavardhanvejendla7311
@jayavardhanvejendla7311 2 года назад
This is a great video. But I want to integrate the TheHive and Velociraptor tool. Is it possible? If possible, please recommend me some ways to do it.
@taylorwalton_socfortress
@taylorwalton_socfortress 2 года назад
Hey, I think your best bet would be to interact with Velociraptor's api via Cortex or Shuffle rather than thehive
@cristianonate4253
@cristianonate4253 3 года назад
Please could you help me with two questions. 1 How to send alerts or information to the hive, so that the hive can process it? 2. The analyzer template management option does not appear in The hive, what would be the reason?
@taylorwalton_socfortress
@taylorwalton_socfortress 3 года назад
Hey Cristian, you can follow this recent video to setup ElastAlert ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-7zBGQxqf2G4.html&ab_channel=OpenSecure . ElastAlert can be configured to forward Wazuh alerts to TheHIVE automatically. Im not sure I am completely following with question 2. Analzyer configuration is setup within Cortex. TheHIVE can connect to Cortex's API to run analyzers, but analyzer management is handled within the Cortex UI Hope that helps and thanks for watching!
@FrenchSparda
@FrenchSparda 2 года назад
Great tutorial, unfortunately for me I tried many times and can't integrate miso or cortex to the hive and i don't understand why
@taylorwalton_socfortress
@taylorwalton_socfortress 2 года назад
Hey there, can you provide any debug information? Take a look at the /var/log/thehive/application.log and that should provide some detail as to why thehive cannot connect
@FrenchSparda
@FrenchSparda 2 года назад
@@taylorwalton_socfortress hello, thank you, there was some issue with owner on the application.conf file and finally, I'm able to integrate misp with TheHive. Many thanks ;) Just one more question. Do i need to install elasticsearch on each server ? I already have an ELK server setup, but i really don't understand if I need to install elasticsearch on each server or if I must use my elk setup (I'm running each services on different server on my homemade). Sorry for the noob questions ;)
@FrenchSparda
@FrenchSparda 2 года назад
@@taylorwalton_socfortress Finally, i did it ;) many thanks
Далее
MISP Install and Intro - Build your own Malware Database!
20:17
MISP Install and Intro - Build your own Malware Database!
Просмотров 36 тыс.
CORTEX - Analyze Observables (IPs, domains, etc.) at Scale! - Build Your Own Intelligence Platform!
26:37
CORTEX - Analyze Observables (IPs, domains, etc.) at Scale! - Build Your Own Intelligence Platform!
Просмотров 26 тыс.
LOLLIPOP-SCHUTZ-GADGET 🍭 DAS BRAUCHST DU!
00:28
LOLLIPOP-SCHUTZ-GADGET 🍭 DAS BRAUCHST DU!
Просмотров 5 млн
Выкупил Мустанг за 500$! Оживление Утопленника за Рекордное Время
1:04:28
Выкупил Мустанг за 500$! Оживление Утопленника за Рекордное Время
Просмотров 552 тыс.
I Built a SECRET Lamborghini Dealership!
33:02
I Built a SECRET Lamborghini Dealership!
Просмотров 8 млн
Рено взрывает мозг! Год мучений, никто не завёл!
2:02:16
Рено взрывает мозг! Год мучений, никто не завёл!
Просмотров 1,3 млн
Cortex and MISP Integration - Quickly search your MISP database for IOCs!
14:00
Cortex and MISP Integration - Quickly search your MISP database for IOCs!
Просмотров 13 тыс.
TheHive, Cortex & MISP Installation Using Docker Compose - Virtual Lab Building Series: Ep10
24:36
TheHive, Cortex & MISP Installation Using Docker Compose - Virtual Lab Building Series: Ep10
Просмотров 30 тыс.
How to enable Cortex analyzers - Virtual Lab Building Series: Ep12
9:18
How to enable Cortex analyzers - Virtual Lab Building Series: Ep12
Просмотров 6 тыс.
Automate Your Phishing Workflow - Automate Phishing Email Analysis with Shuffle!
26:44
Automate Your Phishing Workflow - Automate Phishing Email Analysis with Shuffle!
Просмотров 16 тыс.
The Value of Source Code
17:46
The Value of Source Code
Просмотров 51 тыс.
Open Source & Collaborative Security with CrowdSec and Traefik - CrowdSec & Traefik Tutorial
29:25
Open Source & Collaborative Security with CrowdSec and Traefik - CrowdSec & Traefik Tutorial
Просмотров 88 тыс.
How to Integrate Cortex & MISP with TheHive in your SOC - Virtual Lab Building Series: Ep11
30:48
How to Integrate Cortex & MISP with TheHive in your SOC - Virtual Lab Building Series: Ep11
Просмотров 18 тыс.
TheHive - Build Your Own Security Operations Center (SOC)
31:13
TheHive - Build Your Own Security Operations Center (SOC)
Просмотров 62 тыс.
Decrypting SSL to Chinese Cloud Servers - Hacking the VStarcam CB73 Security Camera
19:45
Decrypting SSL to Chinese Cloud Servers - Hacking the VStarcam CB73 Security Camera
Просмотров 281 тыс.
Open Source Incident Response Platform - Your SOC Needs This!
21:46
Open Source Incident Response Platform - Your SOC Needs This!
Просмотров 33 тыс.
LOLLIPOP-SCHUTZ-GADGET 🍭 DAS BRAUCHST DU!
00:28
LOLLIPOP-SCHUTZ-GADGET 🍭 DAS BRAUCHST DU!
Просмотров 5 млн