{"id":19508967,"url":"https://github.com/rhythmictech/ansible-thehive","last_synced_at":"2025-04-26T03:31:49.369Z","repository":{"id":98716474,"uuid":"169119359","full_name":"rhythmictech/ansible-thehive","owner":"rhythmictech","description":"Ansible Role for TheHive, an excellent incident response tool.","archived":false,"fork":false,"pushed_at":"2019-02-04T18:12:00.000Z","size":14,"stargazers_count":3,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-04T07:11:37.747Z","etag":null,"topics":["ansible-role","thehive"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rhythmictech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-04T17:35:44.000Z","updated_at":"2022-02-08T18:24:01.000Z","dependencies_parsed_at":"2023-05-24T21:45:26.970Z","dependency_job_id":null,"html_url":"https://github.com/rhythmictech/ansible-thehive","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fansible-thehive","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fansible-thehive/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fansible-thehive/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fansible-thehive/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rhythmictech","download_url":"https://codeload.github.com/rhythmictech/ansible-thehive/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250926819,"owners_count":21509044,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible-role","thehive"],"created_at":"2024-11-10T23:10:32.788Z","updated_at":"2025-04-26T03:31:49.362Z","avatar_url":"https://github.com/rhythmictech.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# ansible-thehive\n\n## Description\n\nDeploys and configures [TheHive](https://thehive-project.org), an excellent\nopen source incident response tool. It installs based off the RPM and can\noptionally pre-seed the ElasticSearch index, eliminating some of the annoying\nmanual steps in getting TheHive running.\n\nYou will need to install ElasticSearch separately. The role is tested with the\n[Elastic-provided ansible role](https://github.com/elastic/ansible-elasticsearch).\nSample configuration is included in the documentation.\n\nThis should cover most use cases of TheHive, but PRs and suggested improvements\nare welcome.\n\n## Requirements\n\n* Ansible 2.0 or higher\n* CentOS 7\n* ElasticSearch 5.x\n\n## Usage\n\nThis is recommended to be installed on a dedicated server, though both ElasticSearch\nand Cortex can safely be installed together with TheHive. An optional Nginx proxy\nis enabled by default, and support is available for Vouch and LDAP authentication.\nIf using delegated authentication, it is important to correctly set a seed user\nthat you can log in as.\n\nElasticSearch must be installed and running already. This role is tested using the\nansible-elasticsearch role, which can be imported from Ansible Galaxy.\n\nThe following vars are recommended:\n\n```yaml\nes_instance_name: \"thehive\"\nes_version: 5.6.14\nes_major_version: 5.x\nes_data_dirs:\n  - \"/data/es\"\nes_config:\n  node.name: \"thehive\"\n  cluster.name: \"thehive\"\n  node.data: true\n  node.master: true\n  script.inline: on\n  thread_pool.index.queue_size: 100000\n  thread_pool.search.queue_size: 100000\n  thread_pool.bulk.queue_size: 100000\nes_scripts: true\nes_templates: false\nes_version_lock: false\nes_heap_size: 1g\nes_xpack_features: [\"alerting\",\"monitoring\"]\n```\n\nNote that ElasticSearch 6.x is not supported by TheHive. Currently the master\nbranch of the ansible-elasticsearch module supports 5.x.\n\nThe following vars must be set at a minimum:\n\n* thehive_url (fqdn where thehive will be accessible)\n* thehive_crypto_secret (see `defaults/main.yml` for instructions on how to generate this)\n\nA sample common configuration that automatically seeds TheHive and uses LDAP authentication\nand Cortex is included below:\n\n```yaml\nthehive_url: \"thehive.corp\"\nthehive_seed_initial_username: \"admin\"\n\nthehive_http_addr: \"127.0.0.1\"\n\nthehive_crypto_secret: \"...\"\n\nthehive_auth_ldap:\n  enabled: true\n  servers: [\"ldapserver.corp:636\"]\n  use_ssl: true\n  bind_dn: \"bind_dn\"\n  bind_pw: \"bind_pw\"\n  search_base: \"dc=corp\"\n  username_attribute: \"sAMAccountName\"\n}\n\nthehive_cortex_servers:\n  cortex:\n    url: \"http://127.0.0.1:9001/\"\n    key: \"...\"\n\n```\n\n## Vouch Authentication\nThis role supports authentication through a Vouch (formerly known as Lasso) proxy.\nThis allows you to do OAUTH authentication through providers such as Okta.\n\nWhen using Vouch, it is critical to set ```thehive_http_addr``` to 127.0.0.1.\nBecause Vouch uses cookies to communicate authentication information back to the\napplication, you must place both your Vouch proxy and TheHive site under a common\ndomain name (e.g., vouch.corp and thehive.corp).\n\n## Role Variables\n\n```yaml\n# Whether or not the TheHive RPM repo should be installed.\n# This is generally what you want, unless you are using your own RPM repo.\nthehive_install_repo: true\n\n# TheHive version to lock and install\nthehive_version: 3.2.1\n\n# Note that the mappings and seed data are dependent on the schema version.\n# If you are installing a version of TheHive that uses a different index name,\n# the mappings and data files need to be updated.\nthehive_index: thehive_14\n\n# TheHive URL.\nthehive_url: localhost\n\n# Wheteher or not an nginx instance should be installed as a proxy\nthehive_install_nginx: true\n\n# Whether or not to configure nginx proxy\nthehive_configure_nginx: true\n\n# Referenced files will be included in each nginx server config\nthehive_nginx_includes: []\n\n# Optionally use SSL with Nginx\nthehive_nginx_ssl:\n  enabled: false\n  certificate: \"\"\n  key: \"\"\n  #cabundle: provide if using a bundle\n\n# The port TheHive will listen to. This var can be changed even when using\n# the nginx proxy.\nthehive_http_port: 9000\n\n# IP address TheHive should bind to. In general, this can be left as is. However,\n# this must be set to 127.0.0.1 when authenticating through a proxy\nthehive_http_addr: \"0.0.0.0\"\n\n# Mandatory. Generate a key like this:\n# cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1\nthehive_secret: \"\"\n\n# By default, TheHive requires manual steps to configure.\n# You can optionally load a pre-configured mapping and seed data, which makes\n# TheHive immediately usable out of the box.\nthehive_load_seed_data: true\n\n# Name of the initial user to create. Note if you are using vouch or LDAP for\n# authentication, you must set this to a valid username in your directory.\n# TheHive does not create users on first logon.\nthehive_seed_initial_username: \"admin\"\n\n# Optionally use Vouch authentication (e.g., for Google Authentication, Okta, etc)\nthehive_auth_vouch:\n  enabled: false\n  url: \"\"\n  logon_header: THEHIVE_USER\n\n# Optionally use LDAP authentication.\nthehive_auth_ldap:\n  enabled: false\n  servers: []\n  use_ssl: \"\"\n  bind_dn: \"\"\n  bind_pw: \"\"\n  search_base: \"\"\n  username_attribute: \"cn\"\n\n# ElasticSearch configuration. If using recommended ES configuration, this\n# does not need to be changed.\nthehive_es:\n  index: thehive\n  cluster: thehive\n  endpoint: 127.0.0.1:9300\n\n# Packages that will be installed with TheHive\nthehive_packages:\n  - java-1.8.0-openjdk\n  - python-pip\n  - unzip\n  - git\n  - thehive-{{ thehive_version }}\n\n# Packages that will be installed if the nginx proxy is used.\n# libsemanage-python is necessary for selinux.\nthehive_nginx_packages:\n  - nginx\n  - libsemanage-python\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhythmictech%2Fansible-thehive","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frhythmictech%2Fansible-thehive","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhythmictech%2Fansible-thehive/lists"}