Skip to main content

TheHive/Cortex Plugin

The CrowdSec Cortex Analyzer allows you to obtain a detailed report from CrowdSec's CTI smoke database.

Here is the source code of the analyzer and report template:

Installation

The CrowdSec analyzer is available in Cortex analyzers collection from version 3.2.0 and will be ready to use within your observables of type IP.

To add the CrowdSec analyzer to a case's observable you can refer to the offical documentation.

To complete/customize the template you can refer to this how to.

Usage

  1. For a case's observable of type IP click on preview

TheHive observables

  1. Run the CrowdSec analyzer
    • It should appear in the list
    • Click on the analyze (fire) icon

TheHive - Cortex Analyzers

  1. Check the report
    • Once the analyze process is complete, click on the date to see the report.
    • Note that if you run the analyzer again, multiple reports for each date will be available.

TheHive - Analyze complete

TheHive - Cortex report

CrowdSec ConsoleCrowdSec Console