Christian WellsIn today’s digital landscape, security professionals and SOC analysts face the daunting task of analyzing vast amounts of data to identify and mitigate potential threats. To streamline this process, TheHive Project has developed Cortex, a free and open-source observable analysis tool. Cortex allows users to query a single tool to analyze collected events, making it an indispensable asset for security teams. In this tutorial, we will guide you through the installation process of Cortex on Ubuntu 22.04, enabling you to leverage its powerful features and enhance your organization’s security posture.
Prerequisites
Before we dive into the installation process, let’s ensure that our system meets the necessary requirements:
- A server running Ubuntu 22.04 with a minimum of 16GB of RAM.
- Root access to the server.
Update the System To begin, it is crucial to update and upgrade all system packages to their latest versions. Open a terminal and run the following commands:
apt update -y apt upgrade -y
This will ensure that you have all the necessary updates and bug fixes before proceeding with the installation.
Install Java
Next, we need to install Java Development Kit (JDK) on our server. Cortex relies on Java for its functionality, so let’s install it by running the following command:
apt install openjdk-11-jre-headless -y
Once the installation is complete, you can verify the Java installation by running the following command:
java --version
You should see the Java version installed on your system.
Set the Java environment variable by running the following command:
echo JAVA_HOME="/usr/lib/jvm/java-11-openjdk-amd64" | tee -a /etc/environment
Activate the environment variable by running the following command:
source /etc/environment
With Java successfully installed and configured, we can now move on to installing and configuring ElasticSearch.
Install and Configure ElasticSearch
Cortex relies on ElasticSearch to store and retrieve data. Let’s install ElasticSearch and its dependencies by running the following commands:
apt install wget gnupg2 apt-transport-https git ca-certificates curl jq software-properties-common lsb-release python3-pip iproute2 -y
Next, we need to add the ElasticSearch GPG key and repository to our system. Run the following commands to achieve this:
wget -qO- https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor > /etc/apt/trusted.gpg.d/elasticsearch-keyring.gpg echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-7.x.list
Update the repository and install ElasticSearch by running the following commands:
apt update -y apt install elasticsearch -y
Once the installation is complete, we need to configure ElasticSearch. Open the configuration file using a text editor:
nano /etc/elasticsearch/elasticsearch.yml
Locate the line that specifies the cluster name and modify it to your desired name:
cluster.name: my-application
Save and close the file. We also need to create a jvm.options file:
nano /etc/elasticsearch/jvm.options.d/jvm.options
Add the following lines to the file:
-Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true
Save and close the file. Finally, restart the ElasticSearch service to apply the changes:
systemctl restart elasticsearch
You can verify the status of the ElasticSearch service by running the following command:
systemctl status elasticsearch
With ElasticSearch successfully installed and configured, we can now proceed to install Cortex.
Install Cortex on Ubuntu 22.04
By default, the Cortex package is not available in the Ubuntu default repository. Therefore, we need to add the Cortex official repository to APT. Run the following commands to achieve this:
wget -qO- "https://raw.githubusercontent.com/TheHive-Project/Cortex/master/PGP-PUBLIC-KEY" | gpg --dearmor -o /etc/apt/trusted.gpg.d/cortex.gpg wget -qO- https://raw.githubusercontent.com/TheHive-Project/Cortex/master/PGP-PUBLIC-KEY | gpg --dearmor -o /etc/apt/trusted.gpg.d/thehive.gpg
echo 'deb https://deb.thehive-project.org release main' | tee -a /etc/apt/sources.list.d/thehive-project.list
Update the repository and install Cortex by running the following commands:
apt update -y apt install cortex -y
With Cortex installed, we need to configure it before we can start using its features.
Configure Cortex
To configure Cortex, we need to create a secret and define it in the Cortex configuration file. Run the following command to generate a secret:
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
Copy the generated secret, then open the Cortex configuration file using a text editor:
nano /etc/cortex/application.conf
Locate the play.http.secret.key line and replace the existing value with the secret you generated:
play.http.secret.key="YOUR_GENERATED_SECRET"
Save and close the file. Finally, start and enable the Cortex service by running the following command:
systemctl enable --now cortex
You can check the status of the Cortex service by running the following command:
systemctl status cortex
With Cortex successfully installed and configured, we can now access its web interface.
Access Cortex Web UI
To access the Cortex web interface, open your favorite web browser and enter the following URL: http://your-server-ip:9001.
You will be greeted with the Cortex login page. Click on the “Create” button to create your account. Enter your desired login name, name, and password, then click on the “Create” button.
You will be redirected to the Cortex login page. Enter your username and password, then click on the “Sign In” button.
Congratulations! You have successfully installed and configured Cortex on Ubuntu 22.04. You can now leverage its powerful features to analyze and respond to security events effectively.
Conclusion
Cortex is a powerful and versatile observable analysis tool that empowers security professionals and SOC analysts to streamline their threat analysis process. By following this tutorial, you have successfully installed and configured Cortex on your Ubuntu 22.04 server. Now, you can leverage its capabilities to enhance your organization’s security posture and mitigate potential threats effectively.
Remember to regularly update and maintain your Cortex installation to ensure you have the latest security patches and features. Stay vigilant and leverage the power of Cortex to protect your organization from increasingly sophisticated cyber threats.
For more information about Cortex and other cloud hosting solutions, visit Shape.host. Shape.host offers reliable and scalable Linux SSD VPS services to help businesses thrive in the digital landscape.
