Source Code: https://github.com/thehive-project/Cortex/
Cortex solves two common problems frequently encountered by SOCs, CSIRTs and security researchers in the course of threat intelligence, digital forensics and incident response:
- How to analyze observables they have collected, at scale, by querying a single tool instead of several?
- How to actively respond to threats and interact with the constituency and other teams?
Thanks to its many analyzers and to its RESTful API, Cortex makes observable analysis a breeze, particularly if called from TheHive, the highly popular, Security Incident Response Platform (SIRP).
TheHive can also leverage Cortex responders to perform specific actions on alerts, cases, tasks and observables collected in the course of the investigation: send an email to the constituents, block an IP address at the proxy level, notify team members that an alert needs to be taken care of urgently and much more.
Many features are included with Cortex:
- Manage multiple organizations (i.e multi-tenancy)
- Manage users per organizations and roles
- Specify per-org analyzer & responder configuration
- Define rate limits: avoid consuming all your quotas at once
- Cache: an analysis is not re-executed for the same observable if a given analyzer is called on that observable several times within a specific timespan (10 minutes by default, can be adjusted for each analyzer).
Installation and configuration guides#
This documentation contains step-by-step installation instructions for Cortex for different operating systems as well as corresponding binary archives.
All aspects of the configuration are aslo detailled in a dedicated section. s
The first connection to the application requires several actions.
Cortex supports differents roles for users. Refer to User roles for more details.
Cortex is an open source and free software released under the AGPL (Affero General Public License). We, StrangeBee, are committed to ensure that Cortex will remain a free and open source project on the long-run.
Updates and community discussions#
Information, news and updates are regularly posted on several communication channels:
Users forum on Google Groups. Request an access:
We welcome your contributions. Please feel free to fork the code, play with it, make some patches and send us pull requests using issues.
We do have a Code of conduct. Make sure to check it out before contributing.
If you need to contact the Project's team, send an email to email@example.com.
- If you have problems with Cortex4py, please open an issue on its dedicated repository.
- If you encounter an issue with Cortex or would like to request a Cortex-related feature, please open an issue on its dedicated GitHub repository.
- If you have troubles with a Cortex analyzer or would like to request a new one or an improvement to an existing analyzer, please open an issue on the analyzers' dedicated GitHub repository.
Since 2018, Cortex is fully developped and maintained by StrangeBee. Should you need specific assistance, be aware that StrangeBee also provides professional services and support.