Skip to content

Additional Resources#

The following page lists additional resources that should help you get more acquainted with TheHive, Cortex & other tools.

Table of Contents#


We make several presentations throughout the year during conferences and various events. Please find below some of the latest presentation material we produced:

  • Cruising Ocean Threat without Sinking Using TheHive, Cortex & MISP. BSidesLisbon 2018. November 29, 2018. (PDF)
  • TheHive & Cortex UYBHYS 2018. November 17, 2018. ( PDF)
  • MISP, TheHive & Cortex: better, faster, happier. MISP Summit 04. October 16, 2018. (PDF)

Workshops and Trainings#

We frequently organize workshops and trainings, often with our friends from the MISP Project. We do not publish all the materials because we often leverage MISP instances containing training-specific events and Cortex servers configured with commercial analyzers that supporting partners such as DomainTools and Onyphe kindly give us access to for the duration of the workshops and trainings.

If you'd like to attend a future workshop or training, please follow us on or regularly visit our blog.

However, if you'd like to do the training at your own pace, you can find below the materials used for some of the workshops and trainings we gave in the past. Please note that you might have some difficulties completing the case studies without access to the commercial analyzers highlighted above. 2019#

We gave a workshop during on Thu Oct 24, 2019. We prepared a MISP and Cortex instance on the cloud as well as a custom built training VM containing TheHive 3.4.0 which took advantage of those cloud instances.The VM was shared with the attendees during the workshop but will not be posted online. Indeed, the above-mentioned cloud instances were turned off after the workshop.

That being said, you can still get a look at the slides we used to set the stage for the workshop. They contain some valuable information if you are considering installing TheHive, Cortex & MISP or just beginning with the trio.

Botconf 2018#

We gave a workshop during Botconf on Tue Dec 4, 2018. If you'd like to give it a try on your own, you will need: - familiarity with TCP/IP, Linux (including editing configuration files), SSH & incident response - the joint MISP, TheHive & Cortex training VM (SHA256 checksum) - a powerful laptop with virtualization software (either VMware Workstation, VMware Fusion or VirtualBox) - the ability to give the training VM 6GB of RAM and 2 processor cores. If that's not possible, we consider 4GB and 1 processor core the bare minimum - the training instructions and cheatsheet - Case Study 1 - Case Study 2

Before undertaking the workshop, we highly recommend reading the following slides in the specified order: - Threat Intelligence and Information Sharing with MISP - Detect, Investigate & Respond with MISP, TheHive & Cortex

Important Note: you won't be able to do case study 3 as it requires access to the instructors' MISP instance which is only available during the workshops and trainings. You must also skip the steps which ask you to synchronize your MISP instance with the instructors' (unless you have access to an instance pre-populated with events) or configure TheHive to leverage the instructors' Cortex instance.

User Contributions#

The resources below have been contributed by our user community. Please note that the fact that they are listed here does not mean that they have been checked, validated or endorsed in any way by TheHive Project. Use your own judgment if you decide to read them.

Last update: March 2, 2021 11:02:04