Installing TheHive on Ubuntu 18.04
1) Install JDK
sudo apt-get install openjdk-11-jre-headless
If fails, run: apt-get update --fix-missing and run it again
2) Install Elasticsearch
# PGP key installation
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-key D88E42B4
# Debian repository configuration
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list
# Install https support for apt
sudo apt install apt-transport-https
# Elasticsearch installation
sudo apt update && sudo apt install elasticsearch
service elasticsearch start
service elasticsearch status
if fails, edit file vim /etc/elasticsearch/jvm.options and change heap space to:
-Xms1g
-Xmx1g
3)Download and unzip TheHive
cd /opt
wget https://dl.bintray.com/thehive-project/binary/thehive-latest.zip
apt install unzip
unzip thehive-latest.zip
ln -s thehive-3.4.0-1 thehive
4)Add user and define service
sudo addgroup thehive
sudo adduser --system thehive
sudo cp /opt/thehive/package/thehive.service /usr/lib/systemd/system
sudo chown -R thehive:thehive /opt/thehive
sudo chgrp thehive /opt/thehive/conf/application.conf
sudo chmod 640 /opt/thehive/conf/application.conf
5) Configure the service for TheHive
Edit the paths in the file /usr/lib/systemd/system/thehive.service
ExecStart=/opt/thehive/bin/thehive \
-Dconfig.file=/opt/thehive/conf/application.conf \
-Dlogger.file=/opt/thehive/conf/logback.xml \
-Dpidfile.path=/dev/null
6) Update Service configuration
systemctl daemon-reload
7) Define Secret Code in the Application.conf file
Edit file /opt/thehive/conf/application.conf and uncomment secret code section and define a new one
8) Enable Service and Start TheHive
sudo systemctl enable thehive
sudo service thehive start
9) Launch TheHive, update Database and define login user
Go to the server IP and port 9000 in your browser. Update Database and define users.
Install MISP Dashboard
We will cover 2 different scenarios:
A) MISP v2.4 installed without the Dashboard. Installed with the script without... read more
Edit the file /opt/thehive/conf/application.conf and enable the MISP section by uncommenting (deleting the #) the following lines and adding... read more