Issues installing thehive

[uskwarrior]

Hi Folks! I need to give a presentation on Incident response and I was hoping to use hive to demonstrate the IR functionality but I have been running into all sorts of issues with installation. Firstly I tried installing it on ubuntu and security onion which didn't work. Then I tried downloading the training vm but found that the GUI has no options to create case or anything. The documentation on github isnt too useful either. Can someone point me to a video or clear documentation on installing and getting the tool to work ?

[mnmnc]

GUI certainly has the option to create a case.

I found that the best idea is to setup docker + docker compose environment and use one of the templates https://github.com/TheHive-Project/Docker-Templates. In particular this one worked for me best: https://github.com/TheHive-Project/Docker-Templates/tree/main/docker/thehive4-cortex3-misp-shuffle. I removed the MISP and Shuffle from config file. First attempt failed because of incorrect permissions to elastic directories created automatically. After correcting those it worked fine and I had full Cortex3, Elastic7, Cassanda, TheHive4 setup running. First login to Cortex, create org and org-admin account. Create API key for this user and copy it to TheHive4 application.conf to the section related with cortex. Control +C should close running containers in docker compose. Use docker compose up command again and TH should see cortex. That's it.