Difference between revisions of "Cyber Security: thehive install step by step"

From OnnoWiki
Jump to navigation Jump to search
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
This page is a step by step installation and configuration guide to get an instance of TheHive up and running. This guide is illustrated with examples for DEB and RPM packages based systems and for installation from binary packages.
Panduan ini adalah panduan instalasi dan konfigurasi langkah demi langkah untuk menjalankan dan menjalankan instance TheHive.
This guide describes the installation of a new instance of TheHive only
Beberapa program yang dibutuhkan sebelum menginstalasi thehive
This process requires few programs beeing already installed on the system.
sudo su
apt update
  apt install wget gnupg apt-transport-https git ca-certificates ca-certificates-java curl \
  apt install wget gnupg apt-transport-https git ca-certificates ca-certificates-java curl \
  software-properties-common python3-pip lsb_release
  software-properties-common python3-pip lsb_release
==Java Virtual Machine#==
==Java Virtual Machine==
For security and long-term support reasons, we require using Amazon Corretto builds (this is OpenJDK built and packaged by Amazon)
* Untuk alasan keamanan dan dukungan jangka panjang, kami mengharuskan penggunaan build Amazon Corretto (ini adalah OpenJDK yang dibuat dan dikemas oleh Amazon)
Java version 8 is no longer supported
* Java versi 8 tidak lagi didukung
  wget -qO- https://apt.corretto.aws/corretto.key | sudo gpg --dearmor  -o /usr/share/keyrings/corretto.gpg
  wget -qO- https://apt.corretto.aws/corretto.key | sudo gpg --dearmor  -o /usr/share/keyrings/corretto.gpg
echo "deb [signed-by=/usr/share/keyrings/corretto.gpg] https://apt.corretto.aws stable main" |  sudo tee -a /etc/apt/sources.list.d/corretto.sources.list
echo "deb [signed-by=/usr/share/keyrings/corretto.gpg] https://apt.corretto.aws stable main" |  sudo tee -a /etc/apt/sources.list.d/corretto.sources.list
Line 23: Line 23:
  export JAVA_HOME="/usr/lib/jvm/java-11-amazon-corretto"
  export JAVA_HOME="/usr/lib/jvm/java-11-amazon-corretto"
==Apache Cassandra#==
==Apache Cassandra==
Apache Cassandra is a scalable and high available database. TheHive supports the latest stable version 4.0.x of Cassandra.
Apache Cassandra adalah database yang scalable dan high availablity. TheHive mendukung Cassandra versi stabil terbaru 4.0.x.
Upgrading from Cassandra 3.x
If you are upgrading from Cassandra 3.x, please follow the dedicated guide. This part is relevant for fresh installation only.
Tambahkan Apache Repository
Add Apache repository references
  wget -qO -  https://downloads.apache.org/cassandra/KEYS | sudo gpg --dearmor  -o /usr/share/keyrings/cassandra-archive.gpg
  wget -qO -  https://downloads.apache.org/cassandra/KEYS | sudo gpg --dearmor  -o /usr/share/keyrings/cassandra-archive.gpg
echo "deb [signed-by=/usr/share/keyrings/cassandra-archive.gpg] https://debian.cassandra.apache.org 40x main" |  sudo tee -a /etc/apt/sources.list.d/cassandra.sources.list  
echo "deb [signed-by=/usr/share/keyrings/cassandra-archive.gpg] https://debian.cassandra.apache.org 40x main" |  sudo tee -a /etc/apt/sources.list.d/cassandra.sources.list  
Install the package
  sudo apt update
  sudo apt update
  sudo apt install cassandra
  sudo apt install cassandra
By default, data is stored in /var/lib/cassandra.
Default setting, data di simpan di /var/lib/cassandra
Configure Cassandra by editing /etc/cassandra/cassandra.yaml file.
Konfigurasi Cassandra dilakukan dengan mengedit /etc/cassandra/cassandra.yaml file.
Line 68: Line 61:
  - '/var/lib/cassandra/hints'
  - '/var/lib/cassandra/hints'
===Start service===
===Start the service#===
Start service
  sudo systemctl start cassandra
  sudo systemctl start cassandra
Remove existing data before starting
Hapus data yang ada sebelum memulai
With the DEB packages, Cassandra service could start automatically before configuring it: Stop it, remove the data and restart once the configuration is updated:
Dengan paket DEB, layanan Cassandra dapat dimulai secara otomatis sebelum mengonfigurasinya: Hentikan, hapus data, dan mulai ulang setelah konfigurasi diperbarui:
  sudo systemctl stop cassandra
  sudo systemctl stop cassandra
  sudo rm -rf /var/lib/cassandra/*
  sudo rm -rf /var/lib/cassandra/*
By default Cassandra listens on 7000/tcp (inter-node), 9042/tcp (client).
Secara default Cassandra listen pada 7000/tcp (inter-node), 9042/tcp (client).
Additional configuration : disable tombstones (for standalone server ONLY)#
===Tambahan konfigurasi : disable tombstones (untuk standalone server ONLY)===
This action should be performed after the installation and the first start of TheHive
If you are installing a standalone server, tombstones can be disabled.
Tindakan ini harus dilakukan setelah penginstalan dan awal pertama TheHive
Check gc_grace_seconds value
Jika Anda memasang server mandiri, tombstones dapat disabled.
Cek nilai gc_grace_seconds
  cqlsh -u cassandra <IP ADDRESS> -e "SELECT table_name,gc_grace_seconds FROM system_schema.tables WHERE keyspace_name='thehive'"
  cqlsh -u cassandra <IP ADDRESS> -e "SELECT table_name,gc_grace_seconds FROM system_schema.tables WHERE keyspace_name='thehive'"
Note: default credentials for Cassandra database: cassandra/cassandra
Catatan: default username/password Cassandra database: cassandra/cassandra
Results should look like this:
Hasilnya kira-kira sebagai berikut,
             table_name      | gc_grace_seconds
             table_name      | gc_grace_seconds
Line 107: Line 103:
                 systemlog    |          864000
                 systemlog    |          864000
                     txlog    |          864000
                     txlog    |          864000
Disable by setting gc_grace_seconds to 0. Use this command line:
Disable dengan cara setting gc_grace_seconds ke 0. Gunakan perintah berikut,
  for TABLE in edgestore edgestore_lock_ graphindex graphindex_lock_ janusgraph_ids system_properties system_properties_lock_ systemlog txlog
  for TABLE in edgestore edgestore_lock_ graphindex graphindex_lock_ janusgraph_ids system_properties system_properties_lock_ systemlog txlog
Line 113: Line 110:
     cqlsh -u cassandra -e "ALTER TABLE thehive.${TABLE} WITH gc_grace_seconds = 0;"
     cqlsh -u cassandra -e "ALTER TABLE thehive.${TABLE} WITH gc_grace_seconds = 0;"
Check changes has been taken into account, by running this command again:
Cek perubahan apakah sudah terjadi, jalankan perintah ini lagi,
  cqlsh -u cassandra <IP ADDRESS> -e "SELECT table_name,gc_grace_seconds FROM system_schema.tables WHERE keyspace_name='thehive'"
  cqlsh -u cassandra <IP ADDRESS> -e "SELECT table_name,gc_grace_seconds FROM system_schema.tables WHERE keyspace_name='thehive'"
Results should look like this:
Hasilnya kira-kira:
             table_name      | gc_grace_seconds
             table_name      | gc_grace_seconds
Line 130: Line 128:
                 systemlog    |          0
                 systemlog    |          0
                     txlog    |          0
                     txlog    |          0
For additional configuration options, refer to:
Cassandra documentation page
Datastax documentation page
TheHive requires Elasticsearch to manage data indices.
Elasticsearch 7.x only is supported
TheHive membutuhkan Elasticsearch untuk manage data index.
TheHive hanya mendukung Elasticsearch 7.x
Tambahkan Elasticsearch repository keys
Add Elasticsearch repository keys
  wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch |  sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
  wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch |  sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
  sudo apt-get install apt-transport-https
  sudo apt-get install apt-transport-https
Add the DEB repository of Elasticsearch
Tambahkan DEB repository dari Elasticsearch
  echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" |  sudo tee /etc/apt/sources.list.d/elastic-7.x.list  
  echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" |  sudo tee /etc/apt/sources.list.d/elastic-7.x.list  
Install the package
  sudo apt update
  sudo apt update
  sudo apt install elasticsearch
  sudo apt install elasticsearch
Elasticsearch configuration should contain the following lines:
Pastikan Elasticsearch konfigurasi menggandung kalimat ini,
Line 176: Line 168:
* Indeks akan dibuat pada awal pertama TheHive. Butuh beberapa waktu untuk data dan file, indeks harus menjadi bagian dari kebijakan backup
* Indeks dapat dihapus dan dibuat kembali
* Opsi JVM khusus tambahkan file /etc/elasticsearch/jvm.options.d/jvm.options dengan baris berikut:
Indexes will be created at the first start of TheHive. It can take few time
Like data and files, indexes should be part of the backup policy
Indexes can removed and created again
Custom JVM options add the file /etc/elasticsearch/jvm.options.d/jvm.options with following lines:
This can be updated according the amount of memory available
===Start the service#===
Ini dapat diperbarui sesuai dengan jumlah memori yang tersedia
===Start service===
  sudo systemctl start elasticsearch
  sudo systemctl start elasticsearch
  sudo systemctl enable elasticsearch
  sudo systemctl enable elasticsearch
Remove existing data before starting
Hapus data yang ada sebelum memulai
With the DEB packages, Elastic service could start automatically before configuring it: Stop it, remove the data and restart once the configuration is updated:
Dengan paket DEB, layanan Elastis dapat dimulai secara otomatis sebelum mengonfigurasinya: Stop, hapus data, dan mulai ulang setelah konfigurasi diperbarui:
  sudo systemctl stop elasticsearch
  sudo systemctl stop elasticsearch
  sudo rm -rf /var/lib/elasticsearch/*
  sudo rm -rf /var/lib/elasticsearch/*
==File storage#==
==File storage==
For standalone production and test servers, we recommends using local filesystem. If you think about building a cluster with TheHive, you have several possible solutions: using NFS or S3 services
Untuk standalone prodution dan server test, direkomendasikan penggunaan sistem file lokal. Jika Anda berpikir untuk membangun cluster dengan TheHive, Anda memiliki beberapa kemungkinan solusi: menggunakan layanan NFS atau S3
For standalone production and test servers, we recommends using local filesystem. If you think about building a cluster with TheHive, you have several possible solutions: using NFS or S3 services; see the related guide for more details and an example with MinIO servers.
===Local Filesystem===
Local Filesystem
Untuk menyimpan file di sistem file lokal, mulailah dengan memilih folder khusus (secara default /opt/thp/thehive/files):
S3 with Min.io
To store files on the local filesystem, start by choosing the dedicated folder (by default /opt/thp/thehive/files):
  sudo mkdir -p /opt/thp/thehive/files
  sudo mkdir -p /opt/thp/thehive/files
This path will be used in the configuration of TheHive.
Path ini akan digunakan dalam konfigurasi TheHive. Kemudian, setelah menginstal TheHive, pastikan pengguna thehive memiliki path yang dipilih untuk menyimpan file:
Later, after having installed TheHive, ensure the user thehive owns the path chosen for storing files:
  chown -R thehive:thehive /opt/thp/thehive/files
  chown -R thehive:thehive /opt/thp/thehive/files
This part contains instructions to install TheHive and then configure it.
Bagian ini berisi instruksi untuk menginstal TheHive dan kemudian mengkonfigurasinya.
All packages are published on our packages repository. We support Debian and RPM packages as well as binary packages (zip archive). All packages are signed using our GPG key 562CBC1C. Its fingerprint is 0CD5 AC59 DE5C 5A8E 0EE1 3849 3D99 BB18 562C BC1C.
Semua paket dipublikasikan di repositori paket TheHive. TheHive mendukung paket Debian dan RPM serta paket biner (arsip zip). Semua paket ditandatangani menggunakan kunci GPG 562CBC1C. Fingerprint-nya adalah 0CD5 AC59 DE5C 5A8E 0EE1 3849 3D99 BB18 562C BC1C.
  wget -O- https://archives.strangebee.com/keys/strangebee.gpg | sudo gpg --dearmor -o /usr/share/keyrings/strangebee-archive-keyring.gpg
  wget -O- https://archives.strangebee.com/keys/strangebee.gpg | sudo gpg --dearmor -o /usr/share/keyrings/strangebee-archive-keyring.gpg
Install TheHive package by using the following commands:
Install TheHive menggunakan perintah berikut,
  echo 'deb [signed-by=/usr/share/keyrings/strangebee-archive-keyring.gpg] https://deb.strangebee.com thehive-5.2 main' | sudo tee -a /etc/apt/sources.list.d/strangebee.list
  echo 'deb [signed-by=/usr/share/keyrings/strangebee-archive-keyring.gpg] https://deb.strangebee.com thehive-5.2 main' | sudo tee -a /etc/apt/sources.list.d/strangebee.list
  sudo apt-get update
  sudo apt-get update
  sudo apt-get install -y thehive
  sudo apt-get install -y thehive
The configuration that comes with binary packages is ready for a standalone installation, everything on the same server.
Konfigurasi yang disertakan dengan paket biner siap untuk instalasi mandiri, semuanya di server yang sama.
In this context, and at this stage, you might need to set the following parameters accordingly:
Dalam konteks ini, dan pada tahap ini, Anda mungkin perlu men-set parameter berikut sesuai:
Line 246: Line 237:
Following configurations are required to start TheHive successfully:
Konfigurasi berikut dibutuhkan untuk men-start TheHive dengan baik,
Secret key configuration
* Konfigurasi Secret key
Database configuration
* Konfigurasi Database
File storage configuration
* Konfigurasi File storage
Secret key configuration#
===Konfigurasi Secret key===
Kunci rahasia dibuat dan disimpan secara otomatis oleh script instalasi paket di
The secret key is automatically generated and stored in /etc/thehive/secret.conf by package installation script.
===Database & index#===
===Database & index===
By default, TheHive is configured to connect to Cassandra and Elasticsearch databases installed locally.
Secara default, TheHive akan di konfigurasi untuk connect ke Cassandra dan Elasticsearch database yang di instal secara lokal.
Line 288: Line 277:
===File storage#===
===File storage===
By default, TheHive is configured to store files locally in /opt/thp/thehive/files.
Local filesystem
If you chose to store files on the local filesystem:
Ensure thehive user has permissions on the destination folder
Secara default, TheHive di konfigurasi untuk menyimpan file secara lokal di /opt/thp/thehive/files. Jika kita memilih untuk menyimpan file di filesystem local. Pastikan user thehive mempunyai ijin ke folder yang dituju,
  chown -R thehive:thehive /opt/thp/thehive/files
  chown -R thehive:thehive /opt/thp/thehive/files
Default values in the configuration file
Nilai default file konfigurasi
Kira-kira sebagai berikut,
  # Attachment storage configuration
  # Attachment storage configuration
Line 313: Line 297:
===Cortex & MISP#===
===Cortex & MISP===
By default the configuration file coming with packages contains following lines, enabling Cortex and MISP modules. If you are not using one them, you can comment the related line and restart the service.
Secara default, file konfigurasi yang disertakan dengan paket berisi baris berikut, mengaktifkan modul Cortex dan MISP. Jika Anda tidak menggunakan salah satunya, Anda dapat mengomentari baris terkait dan me-restart ulang service.
Line 327: Line 311:
  scalligraph.modules += org.thp.thehive.connector.misp.MispModule
  scalligraph.modules += org.thp.thehive.connector.misp.MispModule
  sudo systemctl start thehive
  sudo systemctl start thehive
  sudo systemctl enable thehive
  sudo systemctl enable thehive
Please consider the service may take a while at the first start
Mohon bersabar saat menjalankan pertama kali, biasanya akan memakan waktu agak lama.
Once it has started, open your browser and connect to http://YOUR_SERVER_ADDRESS:9000/.
The default admin user is admin@thehive.local with password secret. It is recommended to change the default password.
Advanced configuration#
For additional configuration options, please refer to the Configuration Guides.
To setup HTTPS, refer to the dedicated page.
Usage & Licenses#
Setelah start, kita dapat membuka browser dan connect ke http://YOUR_SERVER_ADDRESS:9000/. Username & password default adalah,
By default, TheHive comes with no license token and let everyone use the application with 2 users and 1 organisation: this is the community version.
To unlock advanced features, contact StrangeBee to get a license - https://wwww.strangebee.com / contact@strangebee.com
First steps & license activation#
Sebaiknya ubah default password.
Now the application is up & running, make your first steps as Administrator, and follow this guide to activate a license: Activate a license.
Secara default, TheHive tidak menggunakan lisensi dan mengijinkan semua orang untuk mengakses aplikasi dengan 2 user dalam 1 organisasi. Untuk advance fitur sebaiknya memperoleh lisensi dari https://wwww.strangebee.com / contact@strangebee.com

Latest revision as of 10:51, 11 July 2023

Panduan ini adalah panduan instalasi dan konfigurasi langkah demi langkah untuk menjalankan dan menjalankan instance TheHive.


Beberapa program yang dibutuhkan sebelum menginstalasi thehive

sudo su
apt update
apt install wget gnupg apt-transport-https git ca-certificates ca-certificates-java curl \
software-properties-common python3-pip lsb_release

Java Virtual Machine

  • Untuk alasan keamanan dan dukungan jangka panjang, kami mengharuskan penggunaan build Amazon Corretto (ini adalah OpenJDK yang dibuat dan dikemas oleh Amazon)
  • Java versi 8 tidak lagi didukung
wget -qO- https://apt.corretto.aws/corretto.key | sudo gpg --dearmor  -o /usr/share/keyrings/corretto.gpg

echo "deb [signed-by=/usr/share/keyrings/corretto.gpg] https://apt.corretto.aws stable main" | sudo tee -a /etc/apt/sources.list.d/corretto.sources.list

sudo apt update
sudo apt install java-common java-11-amazon-corretto-jdk
echo JAVA_HOME="/usr/lib/jvm/java-11-amazon-corretto" | sudo tee -a /etc/environment 
export JAVA_HOME="/usr/lib/jvm/java-11-amazon-corretto"

Apache Cassandra

Apache Cassandra adalah database yang scalable dan high availablity. TheHive mendukung Cassandra versi stabil terbaru 4.0.x.


Tambahkan Apache Repository

wget -qO -  https://downloads.apache.org/cassandra/KEYS | sudo gpg --dearmor  -o /usr/share/keyrings/cassandra-archive.gpg
echo "deb [signed-by=/usr/share/keyrings/cassandra-archive.gpg] https://debian.cassandra.apache.org 40x main" |  sudo tee -a /etc/apt/sources.list.d/cassandra.sources.list 


sudo apt update
sudo apt install cassandra

Default setting, data di simpan di /var/lib/cassandra


Konfigurasi Cassandra dilakukan dengan mengedit /etc/cassandra/cassandra.yaml file.

# content from /etc/cassandra/cassandra.yaml
cluster_name: 'thp'
listen_address: 'xx.xx.xx.xx' # address for nodes
rpc_address: 'xx.xx.xx.xx' # address for clients
    - class_name: org.apache.cassandra.locator.SimpleSeedProvider
        # Ex: "<ip1>,<ip2>,<ip3>"
        - seeds: 'xx.xx.xx.xx' # self for the first node data_file_directories:
- '/var/lib/cassandra/data'
commitlog_directory: '/var/lib/cassandra/commitlog'
saved_caches_directory: '/var/lib/cassandra/saved_caches'
- '/var/lib/cassandra/hints'

Start service

Start service

sudo systemctl start cassandra

Hapus data yang ada sebelum memulai

Dengan paket DEB, layanan Cassandra dapat dimulai secara otomatis sebelum mengonfigurasinya: Hentikan, hapus data, dan mulai ulang setelah konfigurasi diperbarui:

sudo systemctl stop cassandra
sudo rm -rf /var/lib/cassandra/*

Secara default Cassandra listen pada 7000/tcp (inter-node), 9042/tcp (client).

Tambahan konfigurasi : disable tombstones (untuk standalone server ONLY)

Tindakan ini harus dilakukan setelah penginstalan dan awal pertama TheHive

Jika Anda memasang server mandiri, tombstones dapat disabled.

Cek nilai gc_grace_seconds

cqlsh -u cassandra <IP ADDRESS> -e "SELECT table_name,gc_grace_seconds FROM system_schema.tables WHERE keyspace_name='thehive'"

Catatan: default username/password Cassandra database: cassandra/cassandra

Hasilnya kira-kira sebagai berikut,

            table_name       | gc_grace_seconds
                edgestore    |           864000
            edgestore_lock_  |           864000
                graphindex   |           864000
            graphindex_lock_ |           864000
            janusgraph_ids   |           864000
        system_properties    |           864000
    system_properties_lock_  |           864000
                systemlog    |           864000
                    txlog    |           864000

Disable dengan cara setting gc_grace_seconds ke 0. Gunakan perintah berikut,

for TABLE in edgestore edgestore_lock_ graphindex graphindex_lock_ janusgraph_ids system_properties system_properties_lock_ systemlog txlog
    cqlsh -u cassandra -e "ALTER TABLE thehive.${TABLE} WITH gc_grace_seconds = 0;"

Cek perubahan apakah sudah terjadi, jalankan perintah ini lagi,

cqlsh -u cassandra <IP ADDRESS> -e "SELECT table_name,gc_grace_seconds FROM system_schema.tables WHERE keyspace_name='thehive'"

Hasilnya kira-kira:

            table_name       | gc_grace_seconds
                edgestore    |           0
            edgestore_lock_  |           0
                graphindex   |           0
            graphindex_lock_ |           0
            janusgraph_ids   |           0
        system_properties    |           0
    system_properties_lock_  |           0
                systemlog    |           0
                    txlog    |           0


TheHive membutuhkan Elasticsearch untuk manage data index. TheHive hanya mendukung Elasticsearch 7.x


Tambahkan Elasticsearch repository keys

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch |  sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
sudo apt-get install apt-transport-https

Tambahkan DEB repository dari Elasticsearch

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" |  sudo tee /etc/apt/sources.list.d/elastic-7.x.list 


sudo apt update
sudo apt install elasticsearch




Pastikan Elasticsearch konfigurasi menggandung kalimat ini,

cluster.name: hive
thread_pool.search.queue_size: 100000
path.logs: "/var/log/elasticsearch"
path.data: "/var/lib/elasticsearch"
xpack.security.enabled: false
script.allowed_types: "inline,stored"


  • Indeks akan dibuat pada awal pertama TheHive. Butuh beberapa waktu untuk data dan file, indeks harus menjadi bagian dari kebijakan backup
  • Indeks dapat dihapus dan dibuat kembali
  • Opsi JVM khusus tambahkan file /etc/elasticsearch/jvm.options.d/jvm.options dengan baris berikut:

Ini dapat diperbarui sesuai dengan jumlah memori yang tersedia

Start service

sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

Hapus data yang ada sebelum memulai

Dengan paket DEB, layanan Elastis dapat dimulai secara otomatis sebelum mengonfigurasinya: Stop, hapus data, dan mulai ulang setelah konfigurasi diperbarui:

sudo systemctl stop elasticsearch
sudo rm -rf /var/lib/elasticsearch/*

File storage

For standalone production and test servers, we recommends using local filesystem. If you think about building a cluster with TheHive, you have several possible solutions: using NFS or S3 services

Untuk standalone prodution dan server test, direkomendasikan penggunaan sistem file lokal. Jika Anda berpikir untuk membangun cluster dengan TheHive, Anda memiliki beberapa kemungkinan solusi: menggunakan layanan NFS atau S3

Local Filesystem

Untuk menyimpan file di sistem file lokal, mulailah dengan memilih folder khusus (secara default /opt/thp/thehive/files):

sudo mkdir -p /opt/thp/thehive/files

Path ini akan digunakan dalam konfigurasi TheHive. Kemudian, setelah menginstal TheHive, pastikan pengguna thehive memiliki path yang dipilih untuk menyimpan file:

chown -R thehive:thehive /opt/thp/thehive/files


Bagian ini berisi instruksi untuk menginstal TheHive dan kemudian mengkonfigurasinya.


Semua paket dipublikasikan di repositori paket TheHive. TheHive mendukung paket Debian dan RPM serta paket biner (arsip zip). Semua paket ditandatangani menggunakan kunci GPG 562CBC1C. Fingerprint-nya adalah 0CD5 AC59 DE5C 5A8E 0EE1 3849 3D99 BB18 562C BC1C.

wget -O- https://archives.strangebee.com/keys/strangebee.gpg | sudo gpg --dearmor -o /usr/share/keyrings/strangebee-archive-keyring.gpg

Install TheHive menggunakan perintah berikut,

echo 'deb [signed-by=/usr/share/keyrings/strangebee-archive-keyring.gpg] https://deb.strangebee.com thehive-5.2 main' | sudo tee -a /etc/apt/sources.list.d/strangebee.list
sudo apt-get update
sudo apt-get install -y thehive


Konfigurasi yang disertakan dengan paket biner siap untuk instalasi mandiri, semuanya di server yang sama.

Dalam konteks ini, dan pada tahap ini, Anda mungkin perlu men-set parameter berikut sesuai:

# Service configuration
application.baseUrl = "http://localhost:9000" # 
play.http.context = "/"                       # 

Konfigurasi berikut dibutuhkan untuk men-start TheHive dengan baik,

  • Konfigurasi Secret key
  • Konfigurasi Database
  • Konfigurasi File storage

Konfigurasi Secret key

Kunci rahasia dibuat dan disimpan secara otomatis oleh script instalasi paket di


Database & index

Secara default, TheHive akan di konfigurasi untuk connect ke Cassandra dan Elasticsearch database yang di instal secara lokal.

# Database and index configuration
# By default, TheHive is configured to connect to local Cassandra 4.x and a
# local Elasticsearch services without authentication.
db.janusgraph {
storage {
    backend = cql
    hostname = [""]
    # Cassandra authentication (if configured)
    # username = "thehive"
    # password = "password"
    cql {
    cluster-name = thp
    keyspace = thehive
index.search {
    backend = elasticsearch
    hostname = [""]
    index-name = thehive

File storage

Secara default, TheHive di konfigurasi untuk menyimpan file secara lokal di /opt/thp/thehive/files. Jika kita memilih untuk menyimpan file di filesystem local. Pastikan user thehive mempunyai ijin ke folder yang dituju,

chown -R thehive:thehive /opt/thp/thehive/files

Nilai default file konfigurasi


Kira-kira sebagai berikut,

# Attachment storage configuration
# By default, TheHive is configured to store files locally in the folder.
# The path can be updated and should belong to the user/group running thehive service. (by default: thehive:thehive)
storage {
provider = localfs
localfs.location = /opt/thp/thehive/files

Cortex & MISP

Secara default, file konfigurasi yang disertakan dengan paket berisi baris berikut, mengaktifkan modul Cortex dan MISP. Jika Anda tidak menggunakan salah satunya, Anda dapat mengomentari baris terkait dan me-restart ulang service.

# Additional modules
# TheHive is strongly integrated with Cortex and MISP.
# Both modules are enabled by default. If not used, each one can be disabled by
# ommenting the configuration line.
scalligraph.modules += org.thp.thehive.connector.cortex.CortexModule
scalligraph.modules += org.thp.thehive.connector.misp.MispModule


sudo systemctl start thehive
sudo systemctl enable thehive

Mohon bersabar saat menjalankan pertama kali, biasanya akan memakan waktu agak lama.

Setelah start, kita dapat membuka browser dan connect ke http://YOUR_SERVER_ADDRESS:9000/. Username & password default adalah,


Sebaiknya ubah default password.


Secara default, TheHive tidak menggunakan lisensi dan mengijinkan semua orang untuk mengakses aplikasi dengan 2 user dalam 1 organisasi. Untuk advance fitur sebaiknya memperoleh lisensi dari https://wwww.strangebee.com / contact@strangebee.com


Pranala Menarik