Difference between revisions of "Cyber Security: thehive install"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 62: | Line 62: | ||
If you are using one of the supported operating systems, use our all-in-one installation script: | If you are using one of the supported operating systems, use our all-in-one installation script: | ||
| + | apt update | ||
wget -q -O /tmp/install.sh https://archives.strangebee.com/scripts/install.sh ; sudo -v ; bash /tmp/install.sh | wget -q -O /tmp/install.sh https://archives.strangebee.com/scripts/install.sh ; sudo -v ; bash /tmp/install.sh | ||
| + | |||
This script helps with the installation process on a fresh and supported OS ; the program also run successfully if the conditions in terms of hardware requirements are met. | This script helps with the installation process on a fresh and supported OS ; the program also run successfully if the conditions in terms of hardware requirements are met. | ||
| Line 69: | Line 71: | ||
Once executed, several options are available: | Once executed, several options are available: | ||
| − | Setup proxy settings ; will configure everything on the host to work with a HTTP proxy, and custom CA certificate. | + | * Setup proxy settings ; will configure everything on the host to work with a HTTP proxy, and custom CA certificate. |
| − | Install TheHive ; use this option to install TheHive 5 and its dependencies | + | * Install TheHive ; use this option to install TheHive 5 and its dependencies |
| − | Install Cortex and all its dependencies to run Analyzers & Responders as Docker | + | * Install Cortex and all its dependencies to run Analyzers & Responders as Docker Images |
| − | Install Cortex and all its dependencies to run Analyzers & Responders on the host (Debian and Ubuntu ONLY) | + | * Install Cortex and all its dependencies to run Analyzers & Responders on the host (Debian and Ubuntu ONLY) |
| + | |||
For each release, DEB, RPM and ZIP binary packages are built and provided. Discover how to install TheHive quickly by following our installation guides: | For each release, DEB, RPM and ZIP binary packages are built and provided. Discover how to install TheHive quickly by following our installation guides: | ||
Revision as of 04:14, 17 July 2023
Installation & configuration guides# Overview# Application StackTheHive can be deployed on a standalone server or as a cluster. The application relies on:
- Apache Cassandra to store data (Supported version: 4.x).
- Elasticsearch as indexing engine (Supported version: 7.x).
- A file storage solution is also required ; the local filesystem of the server hosting the application is adequate in the standalone server scenario ; S3 MINIO otherwise.
Architecture#
Each layer, TheHive application, the Database & index engine, and file storage, is independant and can be set up as a standalone node or cluster. As a result, TheHive could be setup and work in a complex clustered archicteture, using virtual IP addresses and load balancers.
Standalone server
Cluster or hybrid architecture
Standalone server
All applications are installed on the same server.
- Cassandra
- Elasticsearch
- Files are store on the filesystem (or MinIO if desired)
TheHive NGINX (optional): to manage HTTPS communications
Instructions included in the step-by-step installation guide ends up to install a standalone server.
Requirements#
Hardware requirements depends on the number of concurrent users (including integrations) and how they use the system. The following table diplays safe thresholds when hosting all services on the same machine:
Number of users TheHive Cassandra ElasticSearch < 10 2 / 2 GB 2 / 2 GB 2 / 2 GB < 20 2-4 / 4 GB 2-4 / 4 GB 2-4 / 4 GB < 50 4-6 / 8 GB 4-6 / 8 GB 4-6 / 8 GB
Spec yang aman
- 4 core CPU
- 16 G RAM
Tip
If you are installing everything on the same server, we recommend at least 4 cores and 16 GB of RAM. And don't forget to set up jvm.options at least for Elasticsearch.
Operating systems# TheHive has been tested and is supported on the following operating systems:
- Ubuntu 20.04 LTS & 22.04 LTS
- Debian 11
- RHEL 8
- Fedora 35 & 37
StrangeBee also provides an official Docker image.
Installation guides# Too much in a hurry to read ?
If you are using one of the supported operating systems, use our all-in-one installation script:
apt update wget -q -O /tmp/install.sh https://archives.strangebee.com/scripts/install.sh ; sudo -v ; bash /tmp/install.sh
This script helps with the installation process on a fresh and supported OS ; the program also run successfully if the conditions in terms of hardware requirements are met.
Once executed, several options are available:
- Setup proxy settings ; will configure everything on the host to work with a HTTP proxy, and custom CA certificate.
- Install TheHive ; use this option to install TheHive 5 and its dependencies
- Install Cortex and all its dependencies to run Analyzers & Responders as Docker Images
- Install Cortex and all its dependencies to run Analyzers & Responders on the host (Debian and Ubuntu ONLY)
For each release, DEB, RPM and ZIP binary packages are built and provided. Discover how to install TheHive quickly by following our installation guides:
Use a dedicated server# TheHive can be used on virtual or physical servers.
Our step-by-step guide let you prepare, install and configure TheHive and its prerequisites for Debian and RPM packages based Operating Systems, as well as for other systems and using our binary packages.
TheHive supports beeing installed in virtualized environments:
Using VMware Using Proxmox virtual machines or containers (lxc) Use Docker # An Official Docker image publicly available. Follow our installation guide for Docker to use it in production.
Use Kubernetes # TheHive is now compatible with Kubernetes - follow the related guide here.
Configuration Guides# The configuration files are stored in the /etc/thehive folder:
application.conf contains all parameters and options logback.xml is dedicated to log management
/etc/thehive ├── application.conf ├── logback.xml └── secret.conf
A separate secret.conf file is automatically created by DEB or RPM packages. This file contains a secret that should be used by one instance.
The configuration should only contain the necessary information to start the application:
database and indexing File storage Connectors enabled Other service parameters All other settings are available in the application WebUI.