MISP works really well in an internet connected environment in gathering and creating correlations. However, in air-gapped environments the ability to query MISP for indicators is still incredibly useful, except…
TheHive 4.1.0 Deployment and Integration with MISP
Every few months, StrangeBee puts out an update to TheHive (Security Incident Response Platform). This month they have added Elasticsearch as an index engine to alleviate issues with using Cassandra,…
Building the Assemblyline Analyzer for TheHive’s Cortex.
Static analysis for me has become more fun with the inclusion of Assemblyline into my arsenal. But the lack of integration between other elements of my FOSS SOC stack was…
Implementing Elastic Cloud and using Elastic Security
Elastic offers a Cloud based solution which would allow a very modest lightweight SIEM to be implemented for around $0.05 AUD/hour (60GB of Index Storage), but this does not include…
Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
Since the last write up I published on TheHive, there have been some significant changes and updates to TheHive. So for this post I will be walking through the installation…