Setup

Dependencies

apt install wget gnupg apt-transport-https git ca-certificates ca-certificates-java curl  software-properties-common python3-pip lsb_release

Java Virtual Machine

Installation

wget -qO- https://apt.corretto.aws/corretto.key | sudo gpg --dearmor  -o /usr/share/keyrings/corretto.gpg
echo "deb [signed-by=/usr/share/keyrings/corretto.gpg] https://apt.corretto.aws stable main" |  sudo tee -a /etc/apt/sources.list.d/corretto.sources.list
sudo apt update
sudo apt install java-common java-11-amazon-corretto-jdk
echo JAVA_HOME="/usr/lib/jvm/java-11-amazon-corretto" | sudo tee -a /etc/environment 
export JAVA_HOME="/usr/lib/jvm/java-11-amazon-corretto"

sudo rpm --import https://yum.corretto.aws/corretto.key  &> /dev/null
wget -qO-  https://yum.corretto.aws/corretto.repo | sudo tee -a /etc/yum.repos.d/corretto.repo
yum install java-1.11.0-amazon-corretto-devel &> /dev/null
echo JAVA_HOME="/usr/lib/jvm/java-11-amazon-corretto" |sudo tee -a /etc/environment
export JAVA_HOME="/usr/lib/jvm/java-11-amazon-corretto"

Cassandra

Installation

wget -qO -  https://downloads.apache.org/cassandra/KEYS | sudo gpg --dearmor  -o /usr/share/keyrings/cassandra-archive.gpg
echo "deb [signed-by=/usr/share/keyrings/cassandra-archive.gpg] https://debian.cassandra.apache.org 40x main" |  sudo tee -a /etc/apt/sources.list.d/cassandra.sources.list
sudo apt update
sudo apt install cassandra

Edit `cassandra.yaml`

First we need to edit the configuration file for Cassandra by making the following changes.

/etc/cassandra/cassandra.yml

--  cluster_name: 'Test Cluster'
++  cluster_name: 'OSSOC'

--  listen_address: localhost
++  listen_address: (Ubuntu machine's IP address)

--  rpc_address: localhost
++  rpc_address: (Ubuntu machine's IP address)

    seed_provider: 
        parameters:
--          seeds: "127.0.0.1:7000"
++          seeds: "(Ubuntu machine's IP address):7000"

Perform the following steps next:

Stop `cassandra.service`

systemctl stop cassandra.service

Remove the old files

rm -rf /var/lib/cassandra/*

Start `cassandra.service`

systemctl start cassandra.service

Check `cassandra.service` status

systemctl status cassandra.service

Elasticsearch

Installation

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch |  sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
sudo apt-get install apt-transport-https
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" |  sudo tee /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update
sudo apt install elasticsearch

Edit `elasticsearch.yml`

/etc/elasticsearch/elasticsearch.yml

--  #cluster.name: my-application
++  cluster.name: ossoc
 
--  #node.name: node-1
++  node.name: node-1
 
--  #network.host: 192.18.0.1   
++  network.host: (Ubuntu machine's IP address)
   
--  #http.port: 9200 
++  http.port: 9200
    
--  #cluster.initial_master_nodes: ["node-1", "node-2"]
++  cluster.initial_master_nodes: ["node-1"]

Start `elasticsearch`

systemctl start elasticsearch

Enable `elasticsearch`

systemctl enable elasticsearch

Check `elasticsearch.service` status

systemctl status elasticsearch.service

File Storage

Create `/opt/thp/thehive/files`

sudo mkdir -p /opt/thp/thehive/files

Change ownership of `/opt/thp` to `(User):thehive`

chown -R (User):thehive /opt/thp/thehive/files

TheHive

Installation

wget -O- https://archives.strangebee.com/keys/strangebee.gpg | sudo gpg --dearmor -o /usr/share/keyrings/strangebee-archive-keyring.gpg
echo 'deb [signed-by=/usr/share/keyrings/strangebee-archive-keyring.gpg] https://deb.strangebee.com thehive-5.2 main' | sudo tee -a /etc/apt/sources.list.d/strangebee.list
sudo apt-get update
sudo apt-get install -y thehive

Change ownership of `/opt/thp` to `(User):thehive`

chown -R (User):thehive /opt/thp

Edit `application.conf`

/etc/thehive/application.conf

    db.janusgraph {
        storage {
--          hostname = ["127.0.0.1"]
++          hostname = ["(Ubuntu machine's IP address)"]
            cql {
--              cluster-name = thp
++              cluster-name = ossoc
            }
        }
        index.search {
--          hostname = ["127.0.0.1"]
++          hostname = ["(Ubuntu machine's IP address)"]
        }
    }
    
--  application.baseUrl = "http://localhost:9000"
++  application.baseUrl = "http://(Ubuntu machine's IP address):9000"

Start `thehive`

systemctl start thehive

Enable `thehive`

systemctl enable thehive

Check `thehive` status

systemctl status thehive

Dashboard

We can now access TheHive's dashboard at:

## URI: 
http://(Ubuntu machine's IP address):9000

Username

Password

admin@thehive.local

secret

PreviousSetup NextIntegrating with Shuffle

Last updated 1 year ago

Was this helpful?

Dependencies

Java Virtual Machine

Installation

Cassandra

Installation

Edit cassandra.yaml

Stop cassandra.service

Remove the old files

Start cassandra.service

Check cassandra.service status

Elasticsearch

Installation

Edit elasticsearch.yml

Start elasticsearch

Enable elasticsearch

Check elasticsearch.service status

File Storage

Create /opt/thp/thehive/files

Change ownership of /opt/thp to (User):thehive

TheHive

Installation

Change ownership of /opt/thp to (User):thehive

Edit application.conf

Start thehive

Enable thehive

Check thehive status

Dashboard

Login credentials

Edit `cassandra.yaml`

Stop `cassandra.service`

Start `cassandra.service`

Check `cassandra.service` status

Edit `elasticsearch.yml`

Start `elasticsearch`

Enable `elasticsearch`

Check `elasticsearch.service` status

Create `/opt/thp/thehive/files`

Change ownership of `/opt/thp` to `(User):thehive`

Change ownership of `/opt/thp` to `(User):thehive`

Edit `application.conf`

Start `thehive`

Enable `thehive`

Check `thehive` status