Source Code: https://github.com/thehive-project/Cortex/
Cortex solves two common problems frequently encountered by SOCs, CSIRTs and security researchers in the course of threat intelligence, digital forensics and incident response:
- How to analyze observables they have collected, at scale, by querying a single tool instead of several?
- How to actively respond to threats and interact with the constituency and other teams?
Thanks to its many analyzers and to its RESTful API, Cortex makes observable analysis a breeze, particularly if called from TheHive, the highly popular, Security Incident Response Platform (SIRP).
TheHive can also leverage Cortex responders to perform specific actions on alerts, cases, tasks and observables collected in the course of the investigation: send an email to the constituents, block an IP address at the proxy level, notify team members that an alert needs to be taken care of urgently and much more.
Many features are included with Cortex:
- Manage multiple organizations (i.e multi-tenancy)
- Manage users per organizations and roles
- Specify per-org analyzer & responder configuration
- Define rate limits: avoid consuming all your quotas at once
- Cache: an analysis is not re-executed for the same observable if a given analyzer is called on that observable several times within a specific timespan (10 minutes by default, can be adjusted for each analyzer).
Installation and configuration guides#
This documentation contains step-by-step installation instructions for Cortex for different operating systems as well as corresponding binary archives.
All aspects of the configuration are aslo detailled in a dedicated section. s
The first connection to the application requires several actions.
Cortex supports differents roles for users. Refer to User roles for more details.
Cortex is an open source and free software released under the AGPL (Affero General Public License). We, StrangeBee, are committed to ensure that Cortex will remain a free and open source project on the long-run.
Updates and community discussions#
Information, news and updates are regularly posted on several communication channels:
Since 2018, Cortex is fully developped and maintained by StrangeBee. Should you need specific assistance, be aware that StrangeBee also provides professional services and support.