Skip to content

McHughSecurity

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations
  • Toggle search form
  • Using the Estimative Language Taxonomy in MISP MISP - Open Source Threat Intelligence Platform
  • Auto-updating Ubuntu 20.04 in less than 2 minutes Operate
  • Using MISP in a TraceLabs Missing Persons engagement Blog
  • Building a Cuckoo Malware Analysis Server Digital Forensics & Incident Response
  • Building the Assemblyline Analyzer for TheHive’s Cortex. Digital Forensics & Incident Response
  • TheHive 4.1.0 Deployment and Integration with MISP Build
  • Implementing Elastic Cloud and using Elastic Security Build
  • Building a Cuckoo Sandbox Build

Post series: The Hive Installation

TheHive 4.1.0 Deployment and Integration with MISP

Posted on March 20, 2021 By A.McHugh 16 Comments on TheHive 4.1.0 Deployment and Integration with MISP
  1. Deploying (and using) TheHive4 [Part 1]
  2. Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  3. Building the Assemblyline Analyzer for TheHive’s Cortex.
  4. TheHive 4.1.0 Deployment and Integration with MISP

Every few months, StrangeBee puts out an update to TheHive (Security Incident Response Platform). This month they have added Elasticsearch as an index engine to alleviate issues with using Cassandra, and they have integrated support for MISP galaxies as well!

Now Incident Responders using TheHive can export IOCs and Galaxy assignment directly from TheHive to MISP.

Read More “TheHive 4.1.0 Deployment and Integration with MISP” »

Build, Digital Forensics & Incident Response

Building the Assemblyline Analyzer for TheHive’s Cortex.

Posted on March 18, 2021 By A.McHugh No Comments on Building the Assemblyline Analyzer for TheHive’s Cortex.
  1. Deploying (and using) TheHive4 [Part 1]
  2. Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  3. Building the Assemblyline Analyzer for TheHive’s Cortex.
  4. TheHive 4.1.0 Deployment and Integration with MISP

Static analysis for me has become more fun with the inclusion of Assemblyline into my arsenal. But the lack of integration between other elements of my FOSS SOC stack was concerning.

In this post I detail not only how to write a Cortex Analyzer, but also how to integrate with other appliances with that analyzer.

Read More “Building the Assemblyline Analyzer for TheHive’s Cortex.” »

Digital Forensics & Incident Response

Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.

Posted on March 3, 2021 By A.McHugh 10 Comments on Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  1. Deploying (and using) TheHive4 [Part 1]
  2. Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  3. Building the Assemblyline Analyzer for TheHive’s Cortex.
  4. TheHive 4.1.0 Deployment and Integration with MISP

Since the last write up I published on TheHive, there have been some significant changes and updates to TheHive. So for this post I will be walking through the installation and deployment of TheHive4 (4.0.5) and the connection to MISP, Cortex and enabling Webhooks.

Read More “Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.” »

Digital Forensics & Incident Response

Deploying (and using) TheHive4 [Part 1]

Posted on April 5, 2020 By A.McHugh 3 Comments on Deploying (and using) TheHive4 [Part 1]
  1. Deploying (and using) TheHive4 [Part 1]
  2. Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  3. Building the Assemblyline Analyzer for TheHive’s Cortex.
  4. TheHive 4.1.0 Deployment and Integration with MISP

I have been an off and on user of TheHive for nearly a year now, and it is encouraging to see the development and release of TheHive4 (even if in pre-release). In this post I will walk through the deployment, configuration and migration of TheHive to TheHive4, and what improvements have been implemented into this release.

Read More “Deploying (and using) TheHive4 [Part 1]” »

Build

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019
  • Exporting Maltego Graphs to MISP Intelligence
  • Building CCCS’ AssemblyLine for Static Analysis Static Analysis
  • Auto-updating Ubuntu 20.04 in less than 2 minutes Operate
  • Using the Estimative Language Taxonomy in MISP MISP - Open Source Threat Intelligence Platform
  • [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform Build
  • Building a Cuckoo Sandbox Build
  • Loading Windows Event Logs to Elasticsearch Digital Forensics & Incident Response
  • Using MISP in a TraceLabs Missing Persons engagement Blog

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Copyright © 2022 McHughSecurity.

Powered by PressBook News Dark theme