Install TheHive & Cortex
- 2 min read

Install TheHive & Cortex

On this page
Introduction

On this page, I'll guide you through the process of setting up TheHive and Cortex using Docker.

Requirements

  • A minimum of 4 CPU cores.
  • At least 16 GB of RAM.

First Step: Begin by updating your package lists. Execute the following command: apt update.

Next, install Docker and Docker Compose using the apt package manager. Run the command: apt install docker.io docker-compose.

Proceed by creating a directory named docker-compose and then open a new docker-compose.yml

version: "3"
services:
thehive:
image: strangebee/thehive:5.2
depends_on:
- cassandra
- elasticsearch
- minio
- cortex
mem_limit: 1500m
ports:
- "9000:9000"
environment:
- JVM_OPTS="-Xms1024M -Xmx1024M"
command:
- --secret
- "mySecretForTheHive"
- "--cql-hostnames"
- "cassandra"
- "--index-backend"
- "elasticsearch"
- "--es-hostnames"
- "elasticsearch"
- "--s3-endpoint"
- "http://minio:9000"
- "--s3-access-key"
- "minioadmin"
- "--s3-secret-key"
- "minioadmin"
- "--s3-bucket"
- "thehive"
- "--s3-use-path-access-style"
- "--no-config-cortex"
volumes:
- thehivedata:/etc/thehive/application.conf
networks:
- SOC_NET

cassandra:
image: 'cassandra:4'
mem_limit: 1600m
ports:
- "9042:9042"
environment:
- MAX_HEAP_SIZE=1024M
- HEAP_NEWSIZE=1024M
- CASSANDRA_CLUSTER_NAME=TheHive
volumes:
- cassandradata:/var/lib/cassandra
restart: on-failure
networks:
- SOC_NET

elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.12
mem_limit: 1500m
ports:
- "9200:9200"
environment:
- discovery.type=single-node
- xpack.security.enabled=false
volumes:
- elasticsearchdata:/usr/share/elasticsearch/data
networks:
- SOC_NET

minio:
image: quay.io/minio/minio
mem_limit: 512m
command: ["minio", "server", "/data", "--console-address", ":9090"]
environment:
- MINIO_ROOT_USER=minioadmin
- MINIO_ROOT_PASSWORD=minioadmin
ports:
- "9090:9090"
volumes:
- "miniodata:/data"
networks:
- SOC_NET

cortex:
image: thehiveproject/cortex:3.1.7
depends_on:
- elasticsearch
environment:
- job_directory=/tmp/cortex-jobs
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /tmp/cortex-jobs:/tmp/cortex-jobs
ports:
- "9001:9001"
networks:
- SOC_NET

volumes:
miniodata:
cassandradata:
elasticsearchdata:
thehivedata:
networks:
SOC_NET:
driver: bridge

After setting up your docker-compose.yml file, bring up your Docker containers in detached mode with the following command:

docker-compose up -d

Once the Docker containers are running, you can access TheHive and Cortex through your web browser:

  • TheHive: Open localhost:9000 to access TheHive's interface.
  • Cortex: Visit localhost:9001 for the Cortex interface.

Login Credentials:

  • TheHive: Use the username [email protected] and the password secret for initial login.
  • Cortex: First, update the database. After that, you will be prompted to set up a new username and password for access.