-
Notifications
You must be signed in to change notification settings - Fork 379
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1294 from TheHive-Project/update-analyzers-guide
Update analyzers & responders upgrade guide
- Loading branch information
Showing
7 changed files
with
66 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
# How to upgrade analyzers & responders to the latest version | ||
|
||
This guide outlines the steps to take when there is a new release of Cortex-Analyzers so that you can benefit from the new or updated analyzers and responders. | ||
|
||
There are three steps to perform, two of which require user action: | ||
|
||
1. **Catalog Update** (automatic) | ||
2. **Configure Analyzers & Responders in Cortex** (user action required) | ||
3. **Update Analyzers' Report Templates** (user action required) | ||
|
||
|
||
## Step 1: Catalog Update | ||
|
||
With **TheHive version 5.0.14 and above** and **Cortex version 3.1.7 and above**, Cortex automatically fetches and updates the catalog. As a result, you may receive a notification in TheHive indicating that action is required if there is any new version of an analyzer or responder you are already using. | ||
|
||
This notification can be seen in the *bottom left* corner of your TheHive interface. | ||
|
||
![TheHive Notification for new analyzers/responders](../images/cortex-thehive-analyzers-upgrade-notification.png) | ||
|
||
Clicking on it will open a drawer indicating if there are any obsolete analyzers or responders. | ||
|
||
![TheHive Obsolete Analyzers](<../images/thehive-cortex-obsolete-drawer.png>) | ||
|
||
## Step 2: Configure Analyzers & Responders in Cortex | ||
|
||
### 2a. Setting Up Newly Available Analyzers or Responders | ||
|
||
When new analyzers or responders are available, please refer to the [changelog](https://thehive-project.github.io/Cortex-Analyzers/CHANGELOG/) to review the new additions so you don't miss anything. | ||
|
||
Then, perform the following steps: | ||
|
||
- **Log in to Cortex** as an Org Administrator | ||
- **Refresh Analyzers and Responders** by navigating to the ***Organization*** section, selecting the ***Analyzers*** and ***Responders*** tab and pressing the ***Refresh*** button. | ||
- **Enable new analyzers and responders** you wish to use. | ||
- **Configure the settings and authentication parameters** as needed. | ||
|
||
![refresh responders](../images/refresh-responders.png) | ||
|
||
### 2b. Updating Obsolete Analyzers or Responders | ||
|
||
Analyzers or responders become obsolete when a new version is available. | ||
|
||
#### Check for Updates in Cortex | ||
|
||
- **Log in to Cortex** as an Org Administrator to review available updates. | ||
- Look out for any **red badge notifications**, as they indicate actions that need your attention. | ||
- **Refresh Analyzers and Responders** by navigating to the ***Organization*** section, selecting the ***Analyzers*** and ***Responders*** tab and pressing the ***Refresh*** button. | ||
|
||
![obsolete analyzer refresh](../images/obsolete-analyzer-refresh.png) | ||
|
||
#### Update Your Configuration | ||
|
||
- If there is a version increment, **disable older versions** that are no longer needed, and enable the new versions by pressing the "Enable" button on the newer one. | ||
- **Configure the settings and authentication parameters** as needed. | ||
|
||
|
||
![enable analyzer](../images/enable-analyzer.png) | ||
|
||
|
||
## Step 3: Update the Analyzers' Report Templates | ||
|
||
If you're using **TheHive 5**, remember to always **import the new report templates** into your instance. This step is essential for an optimal experience with the updated analyzers and responders. Otherwise, you may encounter issues with the report templates for the new analyzers. | ||
|
||
Refer to the [official documentation on how to update Analyzers templates](https://docs.strangebee.com/thehive/administration/analyzers-templates/) in your TheHive tenant. | ||
|
||
![update-analyzers-template](../images/update-analyzers-template.png) |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.