On this page, I'll guide you through the process of setting up TheHive and Cortex using Docker.
Requirements
- A minimum of 4 CPU cores.
- At least 16 GB of RAM.
First Step: Begin by updating your package lists. Execute the following command: apt update
.
Next, install Docker and Docker Compose using the apt package manager. Run the command: apt install docker.io docker-compose
.
Proceed by creating a directory named docker-compose
and then open a new docker-compose.yml
version: "3"
services:
thehive:
image: strangebee/thehive:5.2
depends_on:
- cassandra
- elasticsearch
- minio
- cortex
mem_limit: 1500m
ports:
- "9000:9000"
environment:
- JVM_OPTS="-Xms1024M -Xmx1024M"
command:
- --secret
- "mySecretForTheHive"
- "--cql-hostnames"
- "cassandra"
- "--index-backend"
- "elasticsearch"
- "--es-hostnames"
- "elasticsearch"
- "--s3-endpoint"
- "http://minio:9000"
- "--s3-access-key"
- "minioadmin"
- "--s3-secret-key"
- "minioadmin"
- "--s3-bucket"
- "thehive"
- "--s3-use-path-access-style"
- "--no-config-cortex"
volumes:
- thehivedata:/etc/thehive/application.conf
networks:
- SOC_NET
cassandra:
image: 'cassandra:4'
mem_limit: 1600m
ports:
- "9042:9042"
environment:
- MAX_HEAP_SIZE=1024M
- HEAP_NEWSIZE=1024M
- CASSANDRA_CLUSTER_NAME=TheHive
volumes:
- cassandradata:/var/lib/cassandra
restart: on-failure
networks:
- SOC_NET
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.12
mem_limit: 1500m
ports:
- "9200:9200"
environment:
- discovery.type=single-node
- xpack.security.enabled=false
volumes:
- elasticsearchdata:/usr/share/elasticsearch/data
networks:
- SOC_NET
minio:
image: quay.io/minio/minio
mem_limit: 512m
command: ["minio", "server", "/data", "--console-address", ":9090"]
environment:
- MINIO_ROOT_USER=minioadmin
- MINIO_ROOT_PASSWORD=minioadmin
ports:
- "9090:9090"
volumes:
- "miniodata:/data"
networks:
- SOC_NET
cortex:
image: thehiveproject/cortex:3.1.7
depends_on:
- elasticsearch
environment:
- job_directory=/tmp/cortex-jobs
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /tmp/cortex-jobs:/tmp/cortex-jobs
ports:
- "9001:9001"
networks:
- SOC_NET
volumes:
miniodata:
cassandradata:
elasticsearchdata:
thehivedata:
networks:
SOC_NET:
driver: bridge
After setting up your docker-compose.yml
file, bring up your Docker containers in detached mode with the following command:
docker-compose up -d
Once the Docker containers are running, you can access TheHive and Cortex through your web browser:
- TheHive: Open
localhost:9000
to access TheHive's interface. - Cortex: Visit
localhost:9001
for the Cortex interface.
Login Credentials:
- TheHive: Use the username
[email protected]
and the passwordsecret
for initial login. - Cortex: First, update the database. After that, you will be prompted to set up a new username and password for access.