Skip to content

Step-by-Step guide#

This page is a step by step installation and configuration guide to get a Cortex instance up and running. This guide is illustrated with examples for Debian and RPM packages based systems and for installation from binary packages.

Required packages#

apt install wget gnupg apt-transport-https git ca-certificates ca-certificates-java curl  software-properties-common python3-pip lsb_release
yum install pkg-install gnupg chkconfig python3-pip git 

Java Virtual Machine#

Install Java

apt install -y openjdk-11-jre-headless
echo JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64" >> /etc/environment
export JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64"
sudo yum install -y java-11-openjdk-headless.x86_64
echo JAVA_HOME="/usr/lib/jvm/jre-1.8.0" | sudo tee -a /etc/environment
export JAVA_HOME="/usr/lib/jvm/jre-1.8.0"

The installation requires Java 11, so refer to your system documentation to install it.


wget -qO - |  sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] stable main" |  sudo tee /etc/apt/sources.list.d/elastic-7.x.list 
sudo apt install elasticsearch   
name=Elasticsearch repository for 7.x packages
sudo yum install --enablerepo=elasticsearch elasticsearch


/etc/elasticsearch/elasticsearch.yml hive 100000
path.logs: "/var/log/elasticsearch" "/var/lib/elasticsearch" false
script.allowed_types: "inline,stored"

Adjust this file according to the amount of RAM available on your server:



If using Docker images of Analyzers and Responders, Docker engine is required on the Operating System:

curl -fsSL | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
apt install docker-ce
sudo yum remove -yq docker \
          docker-client \
          docker-client-latest \
          docker-common \
          docker-latest \
          docker-latest-logrotate \
          docker-logrotate \
sudo dnf -yq install dnf-plugins-core
sudo dnf config-manager --add-repo
sudo dnf install -yq docker-ce docker-ce-cli docker-compose-plugin


This part contains instructions to install Cortex and then configure it.


All packages are published on our packages repository. We support Debian and RPM packages as well as binary packages (zip archive). All packages are signed using our GPG key 562CBC1C. Its fingerprint is 0CD5 AC59 DE5C 5A8E 0EE1 3849 3D99 BB18 562C BC1C.

wget -O- ""  | sudo apt-key add -
wget -qO- |  sudo gpg --dearmor -o /usr/share/keyrings/thehive-project.gpg
echo 'deb release main' | sudo tee -a /etc/apt/sources.list.d/thehive-project.list
apt install cortex
name=TheHive-Project RPM repository
yum install cortex

Once installed, if running Analyzers & Responders with Docker, ensure cortex service account can use it:

sudo usermod -a -G docker cortex


Following settings are required to start Cortex successfully:

Advanced configuration settings might be added to run the application successfully:

Start Cortex service#


Before starting the service, ensure to have configured accordingly the application. Start by setting up the secret key.

Save configuration file and run the service:

systemctl start cortex

Please note that the service may take some time to start. Once it is started, you may launch your browser and connect to http://YOUR_SERVER_ADDRESS:9001/.

First start#

Refer to the First start guide for the next steps.