- I Can't Add a Template
- Why My Freshly Added Template Doesn't Show Up?
- Can I Use a Specific Template for Imported MISP Events?
You need to log in as an administrator to add a template.
When you add a new template and hit the +NEW button, you don't see it because unlike other events that you can see in the Flow, it is not broadcasted to all the user sessions. So you need to refresh the page before clicking the +NEW button.
You don't need to log out then log in again.
Definitely! You just need to add a caseTemplate parameter in the section corresponding to the MISP connector in your conf/application.conf file. This is described in the Administrator's Guide.
Analyzers are no longer bundled with TheHive. Since the release of Buckfast (TheHive 2.10), the analysis engine has been released as a separate product called Cortex. If you'd like to develop or ask for an analyzer that will help you get the most out of TheHive, please open a feature request first. This will give us a chance to validate the use cases and avoid having multiple persons working on the same analyzer.
Once validated, you can either develop your analyzer or wait for TheHive Project or a contributor to undertake the task and if everything is alright, we will schedule its addition to a future Cortex release.
- Can I Enable HTTPS to Connect to TheHive?
- Can I Import Events from Multiple MISP Servers?
- Can I connect TheHive to a AWS ElasticSearch service?
- Do you support Elasticsearch 5.x?
Add the following lines to /etc/thehive/application.conf
https.port: 9443
play.server.https.keyStore {
path: "/path/to/keystore.jks"
type: "JKS"
password: "password_of_keystore"
}
HTTP can disabled by adding line http.port=disabled
Please read the relevant section in the Configuration guide.
Yes, this is possible. For each MISP server, add a misp section in your conf/application.conf file as described in the Administrator's Guide.
AWS Elasticsearch service only supports HTTP transport protocol. It does not support the binary protocol which the Java client used by TheHive relies on to communicate with ElasticSearch. As a result, it is not possible to setup TheHive with AWS Elasticsearch service. More information is available at the following URLs:
“TCP Transport : The service supports HTTP on port 80, but does not support TCP transport”
“TCP Transport : Used for communication between nodes in the cluster, by the Java Transport client and by the Tribe node. HTTP: Exposes the JSON-over-HTTP interface used by all clients other than the Java clients.”
Elasticsearch 5.x is supported starting from TheHive 2.13.0 (Mellifera 13). Please note that all versions starting from TheHive 2.13.0 support only ES 5 and do not support ES2 anymore as it is very hard to support both. All versions preceding TheHive 2.13.0 supports only ES2.