{"id":19508996,"url":"https://github.com/rhythmictech/ansible-cortex","last_synced_at":"2025-02-25T22:42:43.885Z","repository":{"id":98715603,"uuid":"169124515","full_name":"rhythmictech/ansible-cortex","owner":"rhythmictech","description":"Ansible role for Cortex, an observable analyzer that works with TheHive","archived":false,"fork":false,"pushed_at":"2019-02-04T18:13:26.000Z","size":11,"stargazers_count":3,"open_issues_count":2,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-08T11:41:06.275Z","etag":null,"topics":["ansible-role","thehive"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rhythmictech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-04T18:13:13.000Z","updated_at":"2020-02-06T08:34:06.000Z","dependencies_parsed_at":"2023-04-05T21:35:58.097Z","dependency_job_id":null,"html_url":"https://github.com/rhythmictech/ansible-cortex","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fansible-cortex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fansible-cortex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fansible-cortex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fansible-cortex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rhythmictech","download_url":"https://codeload.github.com/rhythmictech/ansible-cortex/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240761095,"owners_count":19853254,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible-role","thehive"],"created_at":"2024-11-10T23:10:36.999Z","updated_at":"2025-02-25T22:42:43.843Z","avatar_url":"https://github.com/rhythmictech.png","language":null,"readme":"# ansible-cortex\n\n## Description\n\nDeploys and configures [Cortex](https://github.com/TheHive-Project/Cortex), an open source\nobservable analyzer that integrates closely with [TheHive](https://thehive-project.org)\nopen source incident response tool. It installs based off the RPM and can\noptionally pre-seed the ElasticSearch index, eliminating some of the annoying\nmanual steps in getting Cortex running.\n\nYou will need to install ElasticSearch separately. The role is tested with the\n[Elastic-provided ansible role](https://github.com/elastic/ansible-elasticsearch).\nSample configuration is included in the documentation.\n\nThis should cover most use cases of Cortex, but PRs and suggested improvements\nare welcome.\n\n## Requirements\n\n* Ansible 2.0 or higher\n* CentOS 7\n* ElasticSearch 5.x\n\n## Usage\n\nThis is recommended to be installed on a dedicated server, though both ElasticSearch\nand TheHive can safely be installed together with Cortex. An optional Nginx proxy\nis enabled by default, and support is available for Vouch and LDAP authentication.\nIf using delegated authentication, it is important to correctly set a seed user\nthat you can log in as.\n\nElasticSearch must be installed and running already. This role is tested using the\nansible-elasticsearch role, which can be imported from Ansible Galaxy.\n\nThe following vars are recommended:\n\n```yaml\nes_instance_name: \"thehive\"\nes_version: 5.6.14\nes_major_version: 5.x\nes_data_dirs:\n  - \"/data/es\"\nes_config:\n  node.name: \"thehive\"\n  cluster.name: \"thehive\"\n  node.data: true\n  node.master: true\n  script.inline: on\n  thread_pool.index.queue_size: 100000\n  thread_pool.search.queue_size: 100000\n  thread_pool.bulk.queue_size: 100000\nes_scripts: true\nes_templates: false\nes_version_lock: false\nes_heap_size: 1g\nes_xpack_features: [\"alerting\",\"monitoring\"]\n```\n\nNote that ElasticSearch 6.x is not supported by Cortex. Currently the master\nbranch of the ansible-elasticsearch module supports 5.x.\n\nThe following vars must be set at a minimum:\n\n* cortex_url (fqdn where cortex will be accessible)\n* cortex_crypto_secret (see `defaults/main.yml` for instructions on how to generate this)\n\nA sample common configuration that automatically seeds TheHive and uses LDAP authentication\nand Cortex is included below:\n\n```yaml\ncortex_url: \"cortex.corp\"\ncortex_seed_initial_username: \"admin\"\n\ncortex_http_addr: \"127.0.0.1\"\n\ncortex_crypto_secret: \"...\"\n\ncortex_auth_ldap:\n  enabled: true\n  servers: [\"ldapserver.corp:636\"]\n  use_ssl: true\n  bind_dn: \"bind_dn\"\n  bind_pw: \"bind_pw\"\n  search_base: \"dc=corp\"\n  username_attribute: \"sAMAccountName\"\n}\n\n\n```\n\n## Vouch Authentication\nThis role supports authentication through a Vouch (formerly known as Lasso) proxy.\nThis allows you to do OAUTH authentication through providers such as Okta.\n\nWhen using Vouch, it is critical to set ```cortex_http_addr``` to 127.0.0.1.\nBecause Vouch uses cookies to communicate authentication information back to the\napplication, you must place both your Vouch proxy and Cortex site under a common\ndomain name (e.g., vouch.corp and cortex.corp).\n\n## Role Variables\n\n```yaml\n# Whether or not the TheHive RPM repo should be installed.\n# This is generally what you want, unless you are using your own RPM repo.\ncortex_install_repo: true\n\n# Cortex version to lock and install\ncortex_version: 2.1.3\n\n# Note that the mappings and seed data are dependent on the schema version.\n# If you are installing a version of Cortex that uses a different index name,\n# the mappings and data files need to be updated.\ncortex_index: cortex_2\n\n# Cortex URL\ncortex_url: localhost\n\n# Wheteher or not an nginx instance should be installed as a proxy\ncortex_install_nginx: true\n\n# Whether or not to configure nginx proxy\ncortex_configure_nginx: true\n\n# Referenced files will be included in each nginx server config\ncortex_nginx_includes: []\n\n# Optionally use SSL with Nginx\ncortex_nginx_ssl:\n  enabled: false\n  certificate: \"\"\n  key: \"\"\n  #cabundle: provide if using a bundle\n\n# Defines where analyzers will be found.\ncortex_analyzer_paths: [\"/opt/cortex_analyzers/analyzers\"]\n\n# Whether or not the Cortex-Analyzers project will be checked out\ncortex_install_public_analyzers: true\n\n# Where public repo will be cloned\ncortex_public_repo_path: \"/opt/cortex_analyzers\"\n\n# All analyzers are available to Cortex but the lists below will cause\n# ansible to process the requirements. Nearly all analyzers have requirements,\n# so this is essential for them to work. Unfortuantely, some analyzers use\n# python3 and some use python2 (explicitly), so identify which list to add\n# your analyzer to.\n# Only Cortex-Analyzer modules will be configured with these vars.\ncortex_python2_analyzers: []\ncortex_python3_analyzers: []\n\n# The port Cortex will listen to. This var can be changed even when using\n# the nginx proxy.\ncortex_http_port: 9001\n\n# IP address Cortex should bind to. In general, this can be left as is. However,\n# this must be set to 127.0.0.1 when authenticating through a proxy\ncortex_http_addr: \"0.0.0.0\"\n\n\n# Set this. Generate a key like this:\n# cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1\ncortex_secret: \"\"\n\n# By default, Cortex requires manual steps to configure.\n# You can optionally load a pre-configured mapping and seed data, which makes\n# Cortex immediately usable out of the box.\ncortex_load_seed_data: true\n\n# Name of the initial user to create. Note if you are using vouch or LDAP for\n# authentication, you must set this to a valid username in your directory.\n# Cortex does not create users on first logon.\ncortex_seed_initial_username: \"admin\"\n\n# Set this to automatically create an API key for TheHive to use. This results\n# in Cortex being ready out of the box for TheHive integration.\n# Generate a key like this:\n# cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1\ncortex_api_key: \"\"\n\n# Optionally use Vouch authentication (e.g., for Google Authentication, Okta, etc)\ncortex_auth_vouch:\n  enabled: false\n  url: \"\"\n  logon_header: THEHIVE_USER\n\n# Optionally use LDAP authentication.\ncortex_auth_ldap:\n  enabled: false\n  servers: []\n  use_ssl: \"\"\n  bind_dn: \"\"\n  bind_pw: \"\"\n  search_base: \"\"\n  username_attribute: \"cn\"\n\n# ElasticSearch configuration. If using recommended ES configuration, this\n# does not need to be changed.\ncortex_es:\n  index: cortex\n  cluster: thehive\n  endpoint: 127.0.0.1:9300\n\n# Packages that will be installed with Cortex\ncortex_packages:\n  - java-1.8.0-openjdk\n  - python-pip\n  - python-setuptools\n  - unzip\n  - git\n  - python-devel\n  - python36-pip\n  - python36-devel\n  - python36-setuptools\n  - ssdeep\n  - cortex-{{ cortex_version }}\n\n# Packages that will be installed if the nginx proxy is used.\n# libsemanage-python is necessary for selinux.\ncortex_nginx_packages:\n  - nginx\n  - libsemanage-python\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhythmictech%2Fansible-cortex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frhythmictech%2Fansible-cortex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhythmictech%2Fansible-cortex/lists"}