TheHive Database and Index Connection Settings#

TheHive uses JanusGraph for database and index connections. These parameters configure Cassandra and Elasticsearch back ends.

Database storage parameters#

Core storage settings#

Parameter	Type	Description
`db.provider`	string	Provider name for the database back end. Must be: `janusgraph`.
`db.janusgraph.storage.backend`	string	Storage back end type. Must be: `cql`.
`db.janusgraph.storage.hostname`	list of string	IP addresses or host names of Cassandra nodes. Must be `["127.0.0.1"]` for a standalone server deployment.
`db.janusgraph.storage.port`	integer	Port number for Cassandra connection. Default: `9042` for CQL. Use a different port when SSL is enabled or when Cassandra is configured with a custom port.

Cassandra authentication#

Parameter	Type	Description
`db.janusgraph.storage.username`	string	Username for Cassandra authentication. Required when authentication is enabled.
`db.janusgraph.storage.password`	string	Password for Cassandra authentication. Required when authentication is enabled.

Cassandra CQL configuration#

Parameter	Type	Description
`db.janusgraph.storage.cql.keyspace`	string	Keyspace name for TheHive data storage in Cassandra. Must be: `thehive`.
`db.janusgraph.storage.cql.replication-factor`	integer	Replication factor for the keyspace. Use `1` for a standalone server, `3` or higher for production clusters.

Cassandra SSL/TLS settings#

Parameter	Type	Description
`db.janusgraph.storage.cql.ssl.enabled`	boolean	Enable SSL for Cassandra connections. Default: `false`.
`db.janusgraph.storage.cql.ssl.truststore.location`	string	Path to the Java truststore file containing CA certificates.
`db.janusgraph.storage.cql.ssl.truststore.password`	string	Password to access the truststore.
`db.janusgraph.storage.cql.ssl.client-authentication-enabled`	boolean	Enable client certificate authentication. Default: `false`.
`db.janusgraph.storage.cql.ssl.keystore.location`	string	Path to the Java keystore containing client certificate. Required when client authentication is enabled.
`db.janusgraph.storage.cql.ssl.keystore.storepassword`	string	Password to access the keystore.
`db.janusgraph.storage.cql.ssl.keystore.keypassword`	string	Password for the private key in the keystore.

For more detailed information on configuring Cassandra connection, refer to the official JanusGraph documentation..

Index search parameters#

Core index settings#

Parameter	Type	Description
`index.search.backend`	string	Index back end type. Must be: `elasticsearch`.
`index.search.hostname`	list of string	IP addresses or host names of Elasticsearch nodes with optional port. Must be `["127.0.0.1"]` for a standalone server deployment.
`index.search.index-name`	string	Name of the Elasticsearch index for TheHive data. Must be: `thehive`.

Elasticsearch HTTP authentication#

Parameter	Type	Description
`index.search.elasticsearch.http.auth.type`	string	Authentication type. Must be: `basic`.
`index.search.elasticsearch.http.auth.basic.username`	string	Username for Elasticsearch authentication. Required when authentication is enabled.
`index.search.elasticsearch.http.auth.basic.password`	string	Password for Elasticsearch authentication. Required when authentication is enabled.

Required Elasticsearch privileges

The Elasticsearch user must have specific privileges to work with TheHive. See the detailed configuration steps in the installation guide.

Elasticsearch SSL/TLS settings#

Parameter	Type	Description
`index.search.elasticsearch.ssl.enabled`	boolean	Enable SSL for Elasticsearch connections. Default: `false`.
`index.search.elasticsearch.ssl.truststore.location`	string	Path to the Java truststore file containing CA certificates.
`index.search.elasticsearch.ssl.truststore.password`	string	Password to access the truststore.
`index.search.elasticsearch.ssl.keystore.location`	string	Path to the Java keystore containing client certificate for mutual TLS.
`index.search.elasticsearch.ssl.keystore.storepassword`	string	Password to access the keystore.
`index.search.elasticsearch.ssl.keystore.keypassword`	string	Password for the private key in the keystore.
`index.search.elasticsearch.ssl.disable-hostname-verification`	boolean	Turn off host name verification in SSL certificates. Default: `false`.
`index.search.elasticsearch.ssl.allow-self-signed-certificates`	boolean	Accept self-signed certificates. Default: `false`.

For more detailed information on configuring Elasticsearch connection, refer to the official JanusGraph documentation..

Configuration example with authentication and ssl#

Database and index configuration with authentication and ssl for a standalone server installation

# Content from /etc/thehive/application.conf
[..]
# Database and index configuration
db.janusgraph {
    storage {
        backend = cql
        hostname = ["127.0.0.1"]
        username = "thehive"
        password = "<thehive_role_password>"
        cql {
            keyspace = thehive
            ssl {
                enabled = true
                truststore {
                    location = /path/to/<truststore_file>
                    password = <truststore_password>
                }
            }
        }
    }
    index.search {
        backend = elasticsearch
        hostname = ["127.0.0.1"]
        index-name = thehive
        elasticsearch {
          http {
              auth {
                  type = basic
                  basic {
                      username = "thehive"
                      password = "<thehive_user_password>"
                  }
              }
          }
          ssl {
                enabled = true
                truststore {
                    location = /path/to/<truststore_file>
                    password = <truststore_password>
                }
            }
        }
    }
}
[..]