Difference between revisions of "Cyber Security: thehive install"

Latest revision as of 07:55, 17 July 2023

Application Stack TheHive dapat di deploy pada standalone server atau sebagai cluster. Aplikasi TheHive bergantung pada:

Apache Cassandra untuk menyimpan data (Versi yang didukung: 4.x).
Elasticsearch sebagai mesin pengindeksan (Versi yang didukung: 7.x).
Sebuah solusi penyimpanan file juga diperlukan; sistem berkas lokal dari server yang menghosting aplikasi memadai dalam skenario server mandiri; S3 MINIO jika ingin lebih enak.

Arsitektur The Hive

Setiap lapisan, aplikasi TheHive, mesin Database & indeks, dan penyimpanan file, bersifat independen dan dapat diatur sebagai node atau cluster yang berdiri sendiri. Akibatnya, TheHive dapat diatur dan bekerja dalam arsitektur custer yang kompleks, menggunakan alamat IP virtual dan load balancer.

Kebutuhan Hardware

Persyaratan perangkat keras bergantung pada jumlah pengguna bersamaan (termasuk integrasi) dan cara mereka menggunakan sistem. Tabel berikut menampilkan ambang aman saat menghosting semua layanan di mesin yang sama:

Jumlah User	TheHive	Cassandra	ElasticSearch
 < 10	2  / 2 GB 	2  / 2 GB 	2  / 2 GB 
 < 20	2-4  / 4 GB 	2-4  / 4 GB 	2-4  / 4 GB 
 < 50	4-6  / 8 GB 	4-6  / 8 GB 	4-6  / 8 GB

Pada saat instalasi, biasanya TheHive agak rewel. Spesifikasi yang aman

4 core CPU
16 GB RAM

Sistem Operasi

Sistem operasi yang di dukung,

Ubuntu 20.04 LTS & 22.04 LTS
Debian 11
RHEL 8
Fedora 35 & 37

Jika kita menggunakan salah satu OS di atas, kita dapat menjalankan script berikut,

apt update
wget -q -O /tmp/install.sh https://archives.strangebee.com/scripts/install.sh ; sudo -v ; bash /tmp/install.sh

Jika semua syarat di penuhi maka akan tampil pada layar, informasi berikut,

TheHive & Cortex installation script, for Linux operating systems with DEB or RPM packages.
This script supports the installtion of TheHive on x86_64 and ARM servers, and Cortex on x86_64 only. 

Following install options are available:
  - Configure proxy settings
  - Install TheHive 5.1 (x86_64 or ARM)
  - Install Cortex (running Analyzers and Responders with Docker) (x86_64 only)
  - Install Cortex (running Analyzers and Responders on the host -- Not recommended, supported on Ubuntu and Debian ONLY) (x86_64 only)

This script has sucessfully been tested on freshly installed Operating Systems:
  - Fedora 35 & 37
  - RHEL 8.5
  - Ubuntu 20.04 LTS & 22.04 LTS
  - Debian 11

Requirements: 
  - 4vCPU
  - 16 GB of RAM

Usage:
 
   $ wget -q -O /tmp/install.sh https://archives.strangebee.com/scripts/install.sh ; sudo -v ; bash /tmp/install.sh

Maintained by: ©StrangeBee - https://www.strangebee.com

---

1) Setup proxy settings
2) Install TheHive
3) Install Cortex (run Neurons with docker)
4) Install Cortex (run Neurons locally)
5) Quit
Select an option:

Untuk intalasi TheHive pilih no 2. Kita perlu menunggu beberapa jam sampai proses instalasi selesai.

Cek status

systemctl status cassandra
systemctl status elasticsearch
systemctl status thehive

Pastikan semua kondisi active running.

Edit konfigurasi

vi /etc/thehive/application.conf

Pastikan localhost:9000 diubah menjadi IP address:9000, misalnya,

# Service configuration
# application.baseUrl = "http://localhost:9000"
# application.baseUrl = "http://0.0.0.0:9000"
application.baseUrl = "http://192.168.0.192:9000"
play.http.context = "/"

Restart cassandra, elasticsearch dan thehive

systemctl restart cassandra
systemctl restart elasticsearch
systemctl restart thehive

Tunggu beberapa saat sampai thehive stabil dan sudah beroperasi pada port 9000. Cek menggunakan

netstat -ntlp

Pastikan ada aplikasi yang beroperasi di port 9000

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:35261         0.0.0.0:*               LISTEN      1230/java           
tcp        0      0 127.0.0.1:9042          0.0.0.0:*               LISTEN      1230/java           
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      768/sshd: /usr/sbin 
tcp        0      0 127.0.0.1:7000          0.0.0.0:*               LISTEN      1230/java           
tcp        0      0 127.0.0.1:7199          0.0.0.0:*               LISTEN      1230/java           
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      658/systemd-resolve 
tcp6       0      0 127.0.0.1:33621         :::*                    LISTEN      2292/java           
tcp6       0      0 127.0.0.1:9200          :::*                    LISTEN      674/java            
tcp6       0      0 :::9000                 :::*                    LISTEN      2292/java           
tcp6       0      0 127.0.0.1:9300          :::*                    LISTEN      674/java            
tcp6       0      0 :::22                   :::*                    LISTEN      768/sshd: /usr/sbin

Akses web Menggunakan

http://ip-address-thehive:9000

Menggunakan

username admin@thehive.local
password secret

Referensi

https://docs.strangebee.com/thehive/setup/#update-from-thehive-3x

Pranala Menarik

Cyber Security

@@ Line 1: / Line 1: @@
-Installation & configuration guides#
+Application Stack TheHive dapat di deploy pada standalone server atau sebagai cluster. Aplikasi TheHive bergantung pada:
-Overview#
-Application StackTheHive can be deployed on a standalone server or as a cluster. The application relies on:
-* Apache Cassandra to store data (Supported version: 4.x).
+* Apache Cassandra untuk menyimpan data (Versi yang didukung: 4.x).
-* Elasticsearch as indexing engine (Supported version: 7.x).
+* Elasticsearch sebagai mesin pengindeksan (Versi yang didukung: 7.x).
-* A file storage solution is also required ; the local filesystem of the server hosting the application is adequate in the standalone server scenario ; S3 MINIO otherwise.
+* Sebuah solusi penyimpanan file juga diperlukan; sistem berkas lokal dari server yang menghosting aplikasi memadai dalam skenario server mandiri; S3 MINIO jika ingin lebih enak.
+==Arsitektur The Hive==
-Architecture#
+Setiap lapisan, aplikasi TheHive, mesin Database & indeks, dan penyimpanan file, bersifat independen dan dapat diatur sebagai node atau cluster yang berdiri sendiri. Akibatnya, TheHive dapat diatur dan bekerja dalam arsitektur custer yang kompleks, menggunakan alamat IP virtual dan load balancer.
-Each layer, TheHive application, the Database & index engine, and file storage, is independant and can be set up as a standalone node or cluster. As a result, TheHive could be setup and work in a complex clustered archicteture, using virtual IP addresses and load balancers.
+==Kebutuhan Hardware==
+Persyaratan perangkat keras bergantung pada jumlah pengguna bersamaan (termasuk integrasi) dan cara mereka menggunakan sistem. Tabel berikut menampilkan ambang aman saat menghosting semua layanan di mesin yang sama:
-Standalone server
+  Jumlah User	TheHive	Cassandra	ElasticSearch
-Cluster or hybrid architecture
-Standalone server
-All applications are installed on the same server.
-* Cassandra
-* Elasticsearch
-* Files are store on the filesystem (or MinIO if desired)
-TheHive
-NGINX (optional): to manage HTTPS communications
-Instructions included in the step-by-step installation guide ends up to install a standalone server.
-Requirements#
-Hardware requirements depends on the number of concurrent users (including integrations) and how they use the system. The following table diplays safe thresholds when hosting all services on the same machine:
-  Number of users	TheHive	Cassandra	ElasticSearch
    < 10	2  / 2 GB 	2  / 2 GB 	2  / 2 GB
    < 20	2-4  / 4 GB 	2-4  / 4 GB 	2-4  / 4 GB
    < 50	4-6  / 8 GB 	4-6  / 8 GB 	4-6  / 8 GB
-Spec yang aman
+Pada saat instalasi, biasanya TheHive agak rewel. Spesifikasi yang aman
 * 4 core CPU
-* 16 G RAM
+* 16 GB RAM
-Tip
-If you are installing everything on the same server, we recommend at least 4 cores and 16 GB of RAM. And don't forget to set up jvm.options at least for Elasticsearch.
+==Sistem Operasi==
-Operating systems#
+Sistem operasi yang di dukung,
-TheHive has been tested and is supported on the following operating systems:
 * Ubuntu 20.04 LTS & 22.04 LTS
@@ Line 53: / Line 31: @@
 * Fedora 35 & 37
-StrangeBee also provides an official Docker image.
+Jika kita menggunakan salah satu OS di atas, kita dapat menjalankan script berikut,
+ apt update
+ wget -q -O /tmp/install.sh https://archives.strangebee.com/scripts/install.sh ; sudo -v ; bash /tmp/install.sh
+Jika semua syarat di penuhi maka akan tampil pada layar, informasi berikut,
+ TheHive & Cortex installation script, for Linux operating systems with DEB or RPM packages.
+ This script supports the installtion of TheHive on x86_64 and ARM servers, and Cortex on x86_64 only.
+ Following install options are available:
+   - Configure proxy settings
+   - Install TheHive 5.1 (x86_64 or ARM)
+   - Install Cortex (running Analyzers and Responders with Docker) (x86_64 only)
+   - Install Cortex (running Analyzers and Responders on the host -- Not recommended, supported on Ubuntu and Debian ONLY) (x86_64 only)
+ This script has sucessfully been tested on freshly installed Operating Systems:
+   - Fedora 35 & 37
+   - RHEL 8.5
+   - Ubuntu 20.04 LTS & 22.04 LTS
+   - Debian 11
+ Requirements:
+   - 4vCPU
+   - 16 GB of RAM
+ Usage:
+    $ wget -q -O /tmp/install.sh https://archives.strangebee.com/scripts/install.sh ; sudo -v ; bash /tmp/install.sh
+ Maintained by: ©StrangeBee - https://www.strangebee.com
+ ---
+) Setup proxy settings
+) Install TheHive
+) Install Cortex (run Neurons with docker)
+) Install Cortex (run Neurons locally)
+) Quit
+ Select an option:
+Untuk intalasi TheHive pilih no 2. Kita perlu menunggu beberapa jam sampai proses instalasi selesai.
+Cek status
-Installation guides#
+ systemctl status cassandra
-Too much in a hurry to read ?
+ systemctl status elasticsearch
+ systemctl status thehive
+Pastikan semua kondisi active running.
+Edit konfigurasi
-If you are using one of the supported operating systems, use our all-in-one installation script:
+ vi /etc/thehive/application.conf
- wget -q -O /tmp/install.sh https://archives.strangebee.com/scripts/install.sh ; sudo -v ; bash /tmp/install.sh
+Pastikan localhost:9000 diubah menjadi IP address:9000, misalnya,
-This script helps with the installation process on a fresh and supported OS ; the program also run successfully if the conditions in terms of hardware requirements are met.
+ # Service configuration
+ # application.baseUrl = "http://localhost:9000"
+ # application.baseUrl = "http://0.0.0.0:9000"
+ application.baseUrl = "http://192.168.0.192:9000"
+ play.http.context = "/"
+Restart cassandra, elasticsearch dan thehive
-Once executed, several options are available:
+ systemctl restart cassandra
+ systemctl restart elasticsearch
+ systemctl restart thehive
-Setup proxy settings ; will configure everything on the host to work with a HTTP proxy, and custom CA certificate.
+Tunggu beberapa saat sampai thehive stabil dan sudah beroperasi pada port 9000. Cek menggunakan
-Install TheHive ; use this option to install TheHive 5 and its dependencies
-Install Cortex and all its dependencies to run Analyzers & Responders as Docker Iiages
-Install Cortex and all its dependencies to run Analyzers & Responders on the host (Debian and Ubuntu ONLY)
-For each release, DEB, RPM and ZIP binary packages are built and provided. Discover how to install TheHive quickly by following our installation guides:
-Use a dedicated server#
+ netstat -ntlp
-TheHive can be used on virtual or physical servers.
-Our step-by-step guide let you prepare, install and configure TheHive and its prerequisites for Debian and RPM packages based Operating Systems, as well as for other systems and using our binary packages.
+Pastikan ada aplikasi yang beroperasi di port 9000
-TheHive supports beeing installed in virtualized environments:
+ Active Internet connections (only servers)
+ Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
+ tcp        0      0 127.0.0.1:35261         0.0.0.0:*               LISTEN      1230/java
+ tcp        0      0 127.0.0.1:9042          0.0.0.0:*               LISTEN      1230/java
+ tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      768/sshd: /usr/sbin
+ tcp        0      0 127.0.0.1:7000          0.0.0.0:*               LISTEN      1230/java
+ tcp        0      0 127.0.0.1:7199          0.0.0.0:*               LISTEN      1230/java
+ tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      658/systemd-resolve
+ tcp6       0      0 127.0.0.1:33621         :::*                    LISTEN      2292/java
+ tcp6       0      0 127.0.0.1:9200          :::*                    LISTEN      674/java
+ '''tcp6       0      0 :::9000                 :::*                    LISTEN      2292/java'''
+ tcp6       0      0 127.0.0.1:9300          :::*                    LISTEN      674/java
+ tcp6       0      0 :::22                   :::*                    LISTEN      768/sshd: /usr/sbin
-Using VMware
-Using Proxmox  virtual machines or containers (lxc)
-Use Docker #
-An Official Docker image publicly available. Follow our installation guide for Docker to use it in production.
-Use Kubernetes #
+Akses web
-TheHive is now compatible with Kubernetes - follow the related guide here.
+Menggunakan
-Configuration Guides#
+ http://ip-address-thehive:9000
-The configuration files are stored in the /etc/thehive folder:
-application.conf contains all parameters and options
+Menggunakan
-logback.xml is dedicated to log management
- /etc/thehive
- ├── application.conf
- ├── logback.xml
- └── secret.conf
-A separate secret.conf file is automatically created by DEB or RPM packages. This file contains a secret that should be used by one instance.
+ username admin@thehive.local
+ password secret
-The configuration should only contain the necessary information to start the application:
-database and indexing
-File storage
-Connectors enabled
-Other service parameters
-All other settings are available in the application WebUI.
@@ Line 117: / Line 141: @@
 ==Pranala Menarik==
-* [[Cyber Security]
+* [[Cyber Security]]