Archivo mensual abril 2020

PorMateo Martinez

Install AIL Framework

git clone https://github.com/CIRCL/AIL-framework.git
cd AIL-framework
./installing_deps.sh

cd ~/AIL-framework/
cd bin/
./LAUNCH.sh -l
PorMateo Martinez

Installing CORTEX

cd /opt
wget https://dl.bintray.com/thehive-project/binary/cortex-latest.zip
unzip cortex-latest.zip
ln -s cortex-3.0.1-1/ cortex

cd /opt/cortex/conf
mv application.sample application.conf

sudo chgrp cortex /opt/cortex/conf/application.conf
sudo chmod 640 /opt/cortex/conf/application.conf

Edit application.conf and uncomment and create secret

Edit /usr/lib/systemd/system/cortex.service and update with correct paths to /opt

ExecStart=/opt/cortex/bin/cortex \
        -Dconfig.file=/opt/cortex/config/application.conf \
        -Dlogger.file=/opt/cortex/config/logback.xml \
        -Dpidfile.path=/dev/null

Edit /opt/cortex/package/cortex.service

ExecStart=/opt/cortex/bin/cortex \
        -Dconfig.file=/opt/cortex/conf/application.conf \
        -Dlogger.file=/opt/cortex/conf/logback.xml \
        -Dpidfile.path=/dev/null

Edit /opt/cortex/package/cortex.conf

script
  DAEMON_USER="cortex"
  DAEMON_ARGS="-Dconfig.file=/opt/cortex/conf/application.conf -Dlogger.file=/opt/cortex/conf/logback.xml -Dpidfile.path=/dev/null"

systemctl daemon-reload

sudo systemctl enable cortex
sudo service cortex start


PorMateo Martinez

Integrating TheHive and MISP

Edit the file /opt/thehive/conf/application.conf and enable the MISP section by uncommenting (deleting the #) the following lines and adding some configuration information.

  1. Uncomment some lines (delete the # at the start of the lines)
  2. Add MISP url and sync user key
  3. Define sync time interval in minutes (m) or hours(h)
  4. Save the file and restart TheHive service (service thehive restart)

if TheHive fails to start, check all the modifications to the application.conf file, you may mistype something.

If everything is working fine, you will see this icon in the lower right corner of TheHive web console:

Leer más
PorMateo Martinez

Installing TheHive is really easy!

Installing TheHive on Ubuntu 18.04

1) Install JDK

sudo apt-get install openjdk-11-jre-headless

If fails, run: apt-get update --fix-missing and run it again

2) Install Elasticsearch

# PGP key installation
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-key D88E42B4

# Debian repository configuration
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list

# Install https support for apt
sudo apt install apt-transport-https

# Elasticsearch installation
sudo apt update && sudo apt install elasticsearch
service elasticsearch start
service elasticsearch status

if fails, edit file vim /etc/elasticsearch/jvm.options and change heap space to:

-Xms1g
-Xmx1g

3)Download and unzip TheHive

cd /opt
wget https://dl.bintray.com/thehive-project/binary/thehive-latest.zip
apt install unzip
unzip thehive-latest.zip
ln -s thehive-3.4.0-1 thehive

4)Add user and define service

sudo addgroup thehive
sudo adduser --system thehive
sudo cp /opt/thehive/package/thehive.service /usr/lib/systemd/system
sudo chown -R thehive:thehive /opt/thehive
sudo chgrp thehive /opt/thehive/conf/application.conf
sudo chmod 640 /opt/thehive/conf/application.conf

5) Configure the service for TheHive

Edit the paths in the file  /usr/lib/systemd/system/thehive.service

ExecStart=/opt/thehive/bin/thehive \
        -Dconfig.file=/opt/thehive/conf/application.conf \
        -Dlogger.file=/opt/thehive/conf/logback.xml \
        -Dpidfile.path=/dev/null


6) Update Service configuration

systemctl daemon-reload

7) Define Secret Code in the Application.conf file

Edit file /opt/thehive/conf/application.conf and uncomment secret code section and define a new one

8) Enable Service and Start TheHive
sudo systemctl enable thehive
sudo service thehive start

9) Launch TheHive, update Database and define login user

Go to the server IP and port 9000 in your browser. Update Database and define users.







PorMateo Martinez

Install MISP in 2 easy steps

MISP
  1. Prepare an Ubuntu 18.04.
  2. Execute the following commands: