If you are using TheHive as a SIRP (Security Incident Response Platform), you don't need to master the Cortex REST API. If you have a different SIRP or would like to interface other tools with Cortex, please read on.
The current Cortex version doesn't require authentication and all API call results are provided in JSON format.
- List analyzers
- Get an analyzer's definition
- List analyzers for a given datatype
- Run an analyzer
- List jobs
- Get a job definition
- Delete a job
- Get a job report
- Wait and get a job report
If you want to create an analyzer, follow this guide.