This is a docker-compose configuration to run a TheHive 4.0.2 + Cortex 3.1.0 instances with a Cassandra 3.1.1 database backend for TheHive and Elasticsearch 7.8.1 backend for Cortex.
Populate the .env with the following entries.
| variable | entry |
|---|---|
| CORTEX_KEY | API KEY OF CORTEX USER - POPULATED POST SETUP |
| JOB_DIRECTORY | DIRECTORY TO STORE JOB FILES |
docker-compose up -d- Local files stored in
./vol/nginxare mapped to the container under/etc/nginx/conf.d. - Local files stored in
./vol/sslare mapped to the container under/etc/ssl. - TheHive
application.conffile stored in./vol/thehive/application.confis mapped to the container as/etc/thehive/application.conf. - Data for TheHive is stored under
./vol/thehive/dataand is automatically created. - Data for Elasticsearch is stored under
./vol/elasticsearchand is automatically created, but may require folder ownership is corrected. - Data for Cassandra is stored under
./vol/cassandra_dataand is automatically created.
If the elasticsearch container fails to start correctly, or constantly crashes, ensure that the folder ownership is set to the user that ran docker-compose.
This can be corrected by running the following command:
chown -R 1000:1000 <path_to_elasticsearch>Followed by restarting the elasticsearch node with:
docker-compose up -d elasticsearchThe following items require your attention:
- Update
thehive.confandcortex.conffiles for nginx as appropriate- Update
server_namefor your fqdn - Review/modify the configuration for your requirements
- Update
- Add your certificates to
./vol/ssl - Update
./vol/nginx/certs.confwith the certificate file names - Update
.envwith theCORTEX_KEYafter Cortex has been setup and configured. A restart of TheHive node is required.