{"id":14573,"date":"2022-10-27T23:11:47","date_gmt":"2022-10-27T20:11:47","guid":{"rendered":"https:\/\/kifarunix.com\/?p=14573"},"modified":"2024-03-09T22:49:32","modified_gmt":"2024-03-09T19:49:32","slug":"install-thehive-on-ubuntu","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-thehive-on-ubuntu\/","title":{"rendered":"Install TheHive on Ubuntu 22.04\/Ubuntu 20.04"},"content":{"rendered":"\n<p>Follow through this tutorial to learn how to install TheHive on Ubuntu 22.04\/Ubuntu 20.04 server. TheHive, <a href=\"https:\/\/docs.thehive-project.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">according to their documentation page<\/a>, is <em>a scalable, open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly<\/em>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Install TheHive on Ubuntu 22.04\/Ubuntu 20.04<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">TheHive Components<\/h3>\n\n\n\n<p>TheHive is made up of different components;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>TheHive application itself<\/li>\n\n\n\n<li>Database and Data Indexing engines such as Apache Cassandra and Elasticsearch.<\/li>\n\n\n\n<li>File Storage components.<\/li>\n<\/ul>\n\n\n\n<p>Every component is independent of each other and thus, TheHive can be deployed as a standalone node or in a clustered manner.<\/p>\n\n\n\n<p>In this tutorial, we will install TheHive on Ubuntu as a standalone node.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">System Resource Requirements<\/h3>\n\n\n\n<p>Depending on the number of users and how they will be using TheHive, various system resources are required. Consult the <a href=\"https:\/\/docs.strangebee.com\/thehive\/setup\/#requirements\" target=\"_blank\" rel=\"noreferrer noopener\">requirements page<\/a> for more details.<\/p>\n\n\n\n<p>If you are however deploying TheHive as a standalone node, then you need to provide at least 4 cores and 16 GB of RAM.<\/p>\n\n\n\n<p>For the disk, it will depend on the data you expect to receive for analysis. Hence provide enough. We get started with 50GB of disk in this demo.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Install TheHive on Ubuntu<\/h3>\n\n\n\n<p>There are different versions of TheHive that you can install. The most recent ones are TheHive 4 and TheHive 5.<\/p>\n\n\n\n<p>TheHive 5 is the latest release. We be installing TheHive 5 in this guide.<\/p>\n\n\n\n<p>You can install TheHive on Ubuntu;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"#use-install-script\">hustle free by downloading and executing the install script.<\/a><\/li>\n\n\n\n<li><a href=\"#install-manually\">manually by installing each component separately;<\/a><\/li>\n<\/ul>\n\n\n\n<p>Note that TheHive 5 is available as both a <a href=\"https:\/\/www.strangebee.com\/thehive\/pricing\/\" target=\"_blank\" rel=\"noreferrer noopener\">community version and a commercial version<\/a>. We are installing a community version in this guide.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"use-install-script\">Install TheHive 5 using Install Script<\/h4>\n\n\n\n<p>Simply download the script and execute it to install TheHive automatically on Ubuntu.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget -q -O \/tmp\/install.sh https:\/\/archives.strangebee.com\/scripts\/install.sh<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo bash \/tmp\/install.sh<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-manually\">Manually by installing each component separately;<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install required packages;<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install wget gnupg apt-transport-https git ca-certificates curl jq software-properties-common lsb-release python3-pip iproute2<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install Java;<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install openjdk-11-jre-headless<\/code><\/pre>\n\n\n\n<p>Set JAVA_HOME variable<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo JAVA_HOME=\"\/usr\/lib\/jvm\/java-11-openjdk-amd64\" | sudo tee -a \/etc\/environment <\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo ES_JAVA_HOME=\"\/usr\/lib\/jvm\/java-11-openjdk-amd64\" | sudo tee -a \/etc\/environment <\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>source \/etc\/environment<\/code><\/pre>\n\n\n\n<p>If you have multiple versions of Java installed, then set Java 11 as the default Java version to use;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo update-java-alternatives --jre-headless -s java-1.11.0-openjdk-amd64<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install Apache Cassandra Database<\/li>\n<\/ul>\n\n\n\n<p>Run the commands below to install Apache Cassandra Database on Ubuntu;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget -qO - https:\/\/downloads.apache.org\/cassandra\/KEYS | \\\nsudo gpg --dearmor  &gt; \/etc\/apt\/trusted.gpg.d\/cassandra-archive.gpg<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"deb https:\/\/downloads.apache.org\/cassandra\/debian 40x main\" | \\\nsudo tee -a \/etc\/apt\/sources.list.d\/cassandra.sources.list<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install cassandra<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Configuring Apache Cassandra Database<\/li>\n<\/ul>\n\n\n\n<p>By default, this is how the config looks like (<em><strong>with comment lines removed<\/strong><\/em>);<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo grep -vE \"^.*#|^$\" \/etc\/cassandra\/cassandra.yaml<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>cluster_name: 'Test Cluster'\nnum_tokens: 16\nallocate_tokens_for_local_replication_factor: 3\nhinted_handoff_enabled: true\nhinted_handoff_throttle_in_kb: 1024\nmax_hints_delivery_threads: 2\nhints_flush_period_in_ms: 10000\nmax_hints_file_size_in_mb: 128\nbatchlog_replay_throttle_in_kb: 1024\nauthenticator: AllowAllAuthenticator\nauthorizer: AllowAllAuthorizer\nrole_manager: CassandraRoleManager\nnetwork_authorizer: AllowAllNetworkAuthorizer\nroles_validity_in_ms: 2000\npermissions_validity_in_ms: 2000\ncredentials_validity_in_ms: 2000\npartitioner: org.apache.cassandra.dht.Murmur3Partitioner\ndata_file_directories:\n    - \/var\/lib\/cassandra\/data\ncommitlog_directory: \/var\/lib\/cassandra\/commitlog\ncdc_enabled: false\ndisk_failure_policy: stop\ncommit_failure_policy: stop\nprepared_statements_cache_size_mb:\nkey_cache_size_in_mb:\nkey_cache_save_period: 14400\nrow_cache_size_in_mb: 0\nrow_cache_save_period: 0\ncounter_cache_size_in_mb:\ncounter_cache_save_period: 7200\nsaved_caches_directory: \/var\/lib\/cassandra\/saved_caches\ncommitlog_sync: periodic\ncommitlog_sync_period_in_ms: 10000\ncommitlog_segment_size_in_mb: 32\nseed_provider:\n    - class_name: org.apache.cassandra.locator.SimpleSeedProvider\n      parameters:\n          - seeds: \"127.0.0.1:7000\"\nconcurrent_reads: 32\nconcurrent_writes: 32\nconcurrent_counter_writes: 32\nconcurrent_materialized_view_writes: 32\nmemtable_allocation_type: heap_buffers\nindex_summary_capacity_in_mb:\nindex_summary_resize_interval_in_minutes: 60\ntrickle_fsync: false\ntrickle_fsync_interval_in_kb: 10240\nstorage_port: 7000\nssl_storage_port: 7001\nlisten_address: localhost\nstart_native_transport: true\nnative_transport_port: 9042\nnative_transport_allow_older_protocols: true\nrpc_address: localhost\nrpc_keepalive: true\nincremental_backups: false\nsnapshot_before_compaction: false\nauto_snapshot: true\nsnapshot_links_per_second: 0\ncolumn_index_size_in_kb: 64\ncolumn_index_cache_size_in_kb: 2\nconcurrent_materialized_view_builders: 1\ncompaction_throughput_mb_per_sec: 64\nsstable_preemptive_open_interval_in_mb: 50\nread_request_timeout_in_ms: 5000\nrange_request_timeout_in_ms: 10000\nwrite_request_timeout_in_ms: 2000\ncounter_write_request_timeout_in_ms: 5000\ncas_contention_timeout_in_ms: 1000\ntruncate_request_timeout_in_ms: 60000\nrequest_timeout_in_ms: 10000\nslow_query_log_timeout_in_ms: 500\nendpoint_snitch: SimpleSnitch\ndynamic_snitch_update_interval_in_ms: 100 \ndynamic_snitch_reset_interval_in_ms: 600000\ndynamic_snitch_badness_threshold: 1.0\nserver_encryption_options:\n    internode_encryption: none\n    enable_legacy_ssl_storage_port: false\n    keystore: conf\/.keystore\n    keystore_password: cassandra\n    require_client_auth: false\n    truststore: conf\/.truststore\n    truststore_password: cassandra\n    require_endpoint_verification: false\nclient_encryption_options:\n    enabled: false\n    keystore: conf\/.keystore\n    keystore_password: cassandra\n    require_client_auth: false\ninternode_compression: dc\ninter_dc_tcp_nodelay: false\ntracetype_query_ttl: 86400\ntracetype_repair_ttl: 604800\nenable_user_defined_functions: false\nenable_scripted_user_defined_functions: false\nwindows_timer_interval: 1\ntransparent_data_encryption_options:\n    enabled: false\n    chunk_length_kb: 64\n    cipher: AES\/CBC\/PKCS5Padding\n    key_alias: testing:1\n    key_provider:\n      - class_name: org.apache.cassandra.security.JKSKeyProvider\n        parameters:\n          - keystore: conf\/.keystore\n            keystore_password: cassandra\n            store_type: JCEKS\n            key_password: cassandra\ntombstone_warn_threshold: 1000\ntombstone_failure_threshold: 100000\nreplica_filtering_protection:\n    cached_rows_warn_threshold: 2000\n    cached_rows_fail_threshold: 32000\nbatch_size_warn_threshold_in_kb: 5\nbatch_size_fail_threshold_in_kb: 50\nunlogged_batch_across_partitions_warn_threshold: 10\ncompaction_large_partition_warning_threshold_mb: 100\naudit_logging_options:\n    enabled: false\n    logger:\n      - class_name: BinAuditLogger\ndiagnostic_events_enabled: false\nrepaired_data_tracking_for_range_reads_enabled: false\nrepaired_data_tracking_for_partition_reads_enabled: false\nreport_unconfirmed_repaired_data_mismatches: false\nenable_materialized_views: false\nenable_sasi_indexes: false\nenable_transient_replication: false\nenable_drop_compact_storage: false\n<\/code><\/pre>\n\n\n\n<p>There are only a few things we are going to change on the Cassandra configuration and that is the cluster name.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo sed -i '\/cluster_name\/s\/Test Cluster\/thehive\/' \/etc\/cassandra\/cassandra.yaml<\/code><\/pre>\n\n\n\n<p>Next, if the service was started just after the installation, you need to remove previous data written just after it was started after installation.<\/p>\n\n\n\n<p>First of all, check if Cassandra service is started after the installation;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status cassandra<\/code><\/pre>\n\n\n\n<p>If not running, then it is fine.<\/p>\n\n\n\n<p>Otherwise, stop and delete the its data;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl stop cassandra<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo rm -rf \/var\/lib\/cassandra\/*<\/code><\/pre>\n\n\n\n<p>The Start Cassandra service again;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl start cassandra<\/code><\/pre>\n\n\n\n<p>Check status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status cassandra<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf cassandra.service - LSB: distributed storage system for structured data\n     Loaded: loaded (\/etc\/init.d\/cassandra; generated)\n     Active: active (running) since Thu 2022-10-27 16:10:44 UTC; 11s ago\n       Docs: man:systemd-sysv-generator(8)\n    Process: 37345 ExecStart=\/etc\/init.d\/cassandra start (code=exited, status=0\/SUCCESS)\n      Tasks: 52 (limit: 4610)\n     Memory: 1.2G\n     CGroup: \/system.slice\/cassandra.service\n             \u2514\u250037457 \/usr\/bin\/java -ea -da:net.openhft... -XX:+UseThreadPriorities -XX:+HeapDumpOnOutOfMemoryError -Xss256k -XX:+AlwaysPreTouch -XX:-UseBiasedLocking -XX:+&gt;\n\nOct 27 16:10:44 ubuntu20 systemd[1]: Starting LSB: distributed storage system for structured data...\nOct 27 16:10:44 ubuntu20 systemd[1]: Started LSB: distributed storage system for structured data.\n<\/code><\/pre>\n\n\n\n<p>On Standalone nodes, it is recommended to remove any Cassandra tombstones. Whenever data is deleted from Cassandra, it is not immediately purged from the system. They are added a value called tombstone to mark data as deleted.<\/p>\n\n\n\n<p>Tombstones need to be removed in a number of tables. To find out which tables to remove tombstones from;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cqlsh -u cassandra -p cassandra -e \"SELECT table_name,gc_grace_seconds FROM system_schema.tables WHERE keyspace_name='thehive'\"<\/code><\/pre>\n\n\n\n<p>Tombstones can be removed by setting the value of <strong><code>gc_grace_seconds<\/code><\/strong> to <strong>0<\/strong> on the respective table.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install Elasticsearch 7.x (the only version currently supported)<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>wget -qO - https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch | \\\nsudo gpg --dearmor &gt; \/etc\/apt\/trusted.gpg.d\/elasticsearch-keyring.gpg<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"deb  https:\/\/artifacts.elastic.co\/packages\/7.x\/apt stable main\" | \\\nsudo tee \/etc\/apt\/sources.list.d\/elastic-7.x.list<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install elasticsearch<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Configure Elasticsearch<\/li>\n<\/ul>\n\n\n\n<p>There is only a few changes we are going to make on the default Elasticsearch config. That is the cluster name.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo sed -i '\/cluster.name\/s\/^#\/\/;s\/my-application\/thehive\/' \/etc\/elasticsearch\/elasticsearch.yml<\/code><\/pre>\n\n\n\n<p>Update JVM heap size based on the system memory (not more than 50% of total RAM).<\/p>\n\n\n\n<p>Also, disable message formatting;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo tee -a \/etc\/elasticsearch\/jvm.options.d\/jvm.options &lt;&lt; 'EOL'\n-Xms1g\n-Xmx1g\n-Dlog4j2.formatMsgNoLookups=true\nEOL<\/code><\/pre>\n\n\n\n<p>Remove any previous Elasticsearch data, restart and enable it to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo rm -rf \/var\/lib\/elasticsearch\/*<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart elasticsearch<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl enable elasticsearch<\/code><\/pre>\n\n\n\n<p>Confirm it is running;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status elasticsearch<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf elasticsearch.service - Elasticsearch\n     Loaded: loaded (\/lib\/systemd\/system\/elasticsearch.service; enabled; vendor preset: enabled)\n     Active: active (running) since Thu 2022-10-27 17:24:45 UTC; 5s ago\n       Docs: https:\/\/www.elastic.co\n   Main PID: 43754 (java)\n      Tasks: 73 (limit: 4610)\n     Memory: 1.3G\n     CGroup: \/system.slice\/elasticsearch.service\n             \u251c\u250043754 \/usr\/share\/elasticsearch\/jdk\/bin\/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss&gt;\n             \u2514\u250043957 \/usr\/share\/elasticsearch\/modules\/x-pack-ml\/platform\/linux-x86_64\/bin\/controller\n\nOct 27 17:24:26 ubuntu20 systemd[1]: Starting Elasticsearch...\nOct 27 17:24:45 ubuntu20 systemd[1]: Started Elasticsearch.\n<\/code><\/pre>\n\n\n\n<p>Confirm!<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ss -altnp | grep :9200<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>LISTEN  0       1024     &#91;::ffff:127.0.0.1]:9200               *:*              \nLISTEN  0       1024                  &#91;::1]:9200            &#91;::]:*<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install TheHive 5 on Ubuntu 22.04\/Ubuntu 20.04<\/li>\n<\/ul>\n\n\n\n<p>Next, install TheHive 5 on Ubuntu as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget -qO- https:\/\/archives.strangebee.com\/keys\/strangebee.gpg | \\\nsudo gpg --dearmor &gt; \/etc\/apt\/trusted.gpg.d\/strangebee-archive-keyring.gpg<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo 'deb https:\/\/deb.strangebee.com thehive-5.x main' |  \\\nsudo tee  \/etc\/apt\/sources.list.d\/strangebee.list<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install thehive<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Configure TheHive 5 on Ubuntu<\/li>\n<\/ul>\n\n\n\n<p>The default configurations are good enough for the standalone deployments;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo grep -vE \"^.*#|^$\" \/etc\/thehive\/application.conf<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>include \"\/etc\/thehive\/secret.conf\"\ndb.janusgraph {\n  storage {\n    backend = cql\n    hostname = [\"127.0.0.1\"]\n    cql {\n      cluster-name = thp\n      keyspace = thehive\n    }\n  }\n  index.search {\n    backend = elasticsearch\n    hostname = [\"127.0.0.1\"]\n    index-name = thehive\n  }\n}\nstorage {\n  provider = localfs\n  localfs.location = \/opt\/thp\/thehive\/files\n}\nplay.http.parser.maxDiskBuffer = 1GB\nplay.http.parser.maxMemoryBuffer = 10M\napplication.baseUrl = \"http:\/\/localhost:9000\"\nplay.http.context = \"\/\"\nscalligraph.modules += org.thp.thehive.connector.cortex.CortexModule\nscalligraph.modules += org.thp.thehive.connector.misp.MispModule\n<\/code><\/pre>\n\n\n\n<p>However, let&#8217;s make a few changes;<\/p>\n\n\n\n<p>Update Cassandra cluster to match what is defined on the cluster;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i 's\/cluster-name = thp\/cluster-name = thehive\/' \/etc\/thehive\/application.conf<\/code><\/pre>\n\n\n\n<p>That is just it for now.<\/p>\n\n\n\n<p>Please note that Cortex and MISP modules are enabled by default;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>scalligraph.modules += org.thp.thehive.connector.cortex.CortexModule\nscalligraph.modules += org.thp.thehive.connector.misp.MispModule<\/code><\/pre>\n\n\n\n<p>Start and enable TheHive;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl start thehive<br>sudo systemctl enable thehive<\/code><\/pre>\n\n\n\n<p>Check the status;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf thehive.service - Scalable, Open Source and Free Security Incident Response Solutions\n     Loaded: loaded (\/lib\/systemd\/system\/thehive.service; enabled; vendor preset: enabled)\n     Active: active (running) since Thu 2022-10-27 18:08:37 UTC; 10s ago\n       Docs: https:\/\/thehive-project.org\n   Main PID: 47824 (java)\n      Tasks: 55 (limit: 4610)\n     Memory: 375.4M\n     CGroup: \/system.slice\/thehive.service\n             \u2514\u250047824 java -Dconfig.file=\/etc\/thehive\/application.conf -Dlogger.file=\/etc\/thehive\/logback.xml -Dpidfile.path=\/dev\/null -cp \/opt\/thehive\/lib\/org.thp.thehive-&gt;\n\nOct 27 18:08:37 ubuntu20 systemd[1]: Started Scalable, Open Source and Free Security Incident Response Solutions.\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Accessing TheHive Web User Interface<\/h2>\n\n\n\n<p>TheHive is now up and running.<\/p>\n\n\n\n<p>You can access the web interface via http:\/\/IP-OR-Hostname:9000.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-install-ubuntu.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1902\" height=\"949\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-install-ubuntu.png\" alt=\"Install TheHive on Ubuntu 22.04\/Ubuntu 20.04\" class=\"wp-image-14610\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-install-ubuntu.png?v=1666896577 1902w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-install-ubuntu-768x383.png?v=1666896577 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-install-ubuntu-1536x766.png?v=1666896577 1536w\" sizes=\"(max-width: 1902px) 100vw, 1902px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>The default login credentials for TheHive are;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Username: <strong>admin@thehive.local<\/strong><\/li>\n\n\n\n<li>Password: <strong>secret<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Once you login, you land on TheHive administrative web interface, Organizations menu.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-install-organizations.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1906\" height=\"943\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-install-organizations.png\" alt=\"Install TheHive on Ubuntu 22.04\/Ubuntu 20.04\" class=\"wp-image-14611\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-install-organizations.png?v=1666896877 1906w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-install-organizations-768x380.png?v=1666896877 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-install-organizations-1536x760.png?v=1666896877 1536w\" sizes=\"(max-width: 1906px) 100vw, 1906px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>You can reset the default admin password from the account settings.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click <strong>Users<\/strong> menu on the left pane.<\/li>\n\n\n\n<li>Hover your mouse over the admin user entry and click <strong>Preview<\/strong>.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1911\" height=\"516\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/default-admin-user-preview.png\" alt=\"\" class=\"wp-image-14656\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/default-admin-user-preview.png?v=1667369339 1911w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/default-admin-user-preview-768x207.png?v=1667369339 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/default-admin-user-preview-1536x415.png?v=1667369339 1536w\" sizes=\"(max-width: 1911px) 100vw, 1911px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>This opens up User settings page.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1908\" height=\"870\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/default-admin-user-settings.png\" alt=\"\" class=\"wp-image-14657\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/default-admin-user-settings.png?v=1667369415 1908w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/default-admin-user-settings-768x350.png?v=1667369415 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/default-admin-user-settings-1536x700.png?v=1667369415 1536w\" sizes=\"(max-width: 1908px) 100vw, 1908px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click <strong>Edit Password<\/strong><\/li>\n\n\n\n<li>Enter your new password<\/li>\n\n\n\n<li>Click <strong>Confirm<\/strong> to save the password.<\/li>\n\n\n\n<li>Log out and login again using your new password.<\/li>\n<\/ul>\n\n\n\n<p>You can as well add another system wide administrative user.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-thehive-org\"><a href=\"#create-thehive-org\">Creating an Organization on TheHive<\/a><\/h3>\n\n\n\n<p>On the Organizations menu, click + button to add an organization.<\/p>\n\n\n\n<p>Enter the name, description and you can leave the rest of the options with default values.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/new-organization.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1909\" height=\"943\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/new-organization.png\" alt=\"Install TheHive on Ubuntu 22.04\/Ubuntu 20.04\" class=\"wp-image-14617\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/new-organization.png?v=1666899151 1909w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/new-organization-768x379.png?v=1666899151 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/new-organization-1536x759.png?v=1666899151 1536w\" sizes=\"(max-width: 1909px) 100vw, 1909px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>Click <strong>Confirm<\/strong> to add an organization.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-organizations.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1909\" height=\"604\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-organizations.png\" alt=\"Install TheHive on Ubuntu 22.04\/Ubuntu 20.04\" class=\"wp-image-14618\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-organizations.png?v=1666899349 1909w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-organizations-768x243.png?v=1666899349 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-organizations-1536x486.png?v=1666899349 1536w\" sizes=\"(max-width: 1909px) 100vw, 1909px\" \/><\/figure><\/a><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-thehive-admin-user\"><a href=\"#create-thehive-admin-user\">Create TheHive Organization Administrative User<\/a><\/h3>\n\n\n\n<p>Create your Organization admin user by clicking on the specific <strong>Organization &gt; Users &gt; +<\/strong>;<\/p>\n\n\n\n<p>Enter the login username, the name and choose the privileges (org-admin).<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/add-thehive-org-admin.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1897\" height=\"935\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/add-thehive-org-admin.png\" alt=\"Install TheHive on Ubuntu 22.04\/Ubuntu 20.04\" class=\"wp-image-14619\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/add-thehive-org-admin.png?v=1666899574 1897w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/add-thehive-org-admin-768x379.png?v=1666899574 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/add-thehive-org-admin-1536x757.png?v=1666899574 1536w\" sizes=\"(max-width: 1897px) 100vw, 1897px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>You can save and add another or confirm the addition of the current users.<\/p>\n\n\n\n<p>You can see the user on the Users menu;<\/p>\n\n\n\n<p><\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-users.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1911\" height=\"555\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-users.png\" alt=\"Install TheHive on Ubuntu 22.04\/Ubuntu 20.04\" class=\"wp-image-14620\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-users.png?v=1666899918 1911w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-users-768x223.png?v=1666899918 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thehive-users-1536x446.png?v=1666899918 1536w\" sizes=\"(max-width: 1911px) 100vw, 1911px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>To set the users password, hover your mouse over the user and click <strong>preview<\/strong>.<\/p>\n\n\n\n<p>Scroll down the preview page and set the password.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/set-thehive-user-password.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1909\" height=\"940\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/set-thehive-user-password.png\" alt=\"Install TheHive on Ubuntu 22.04\/Ubuntu 20.04\" class=\"wp-image-14621\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/set-thehive-user-password.png?v=1666900407 1909w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/set-thehive-user-password-768x378.png?v=1666900407 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/set-thehive-user-password-1536x756.png?v=1666900407 1536w\" sizes=\"(max-width: 1909px) 100vw, 1909px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>You should then be able to login as the new user to access your organization and see a different dashboard as before\/<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thhive-org-dashboard.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1913\" height=\"656\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thhive-org-dashboard.png\" alt=\"\" class=\"wp-image-14622\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thhive-org-dashboard.png?v=1666900618 1913w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thhive-org-dashboard-768x263.png?v=1666900618 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/thhive-org-dashboard-1536x527.png?v=1666900618 1536w\" sizes=\"(max-width: 1913px) 100vw, 1913px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>That closes our guide on installing TheHive on Ubuntu.<\/p>\n\n\n\n<p>In the meantime, you can explore <a href=\"https:\/\/docs.strangebee.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">TheHive<\/a> further.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-fleet-osquery-manager-on-rocky-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Fleet Osquery Manager on Rocky Linux<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/easily-install-forticlient-vpn-on-oracle-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">Easily Install FortiClient VPN on Oracle Linux<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Follow through this tutorial to learn how to install TheHive on Ubuntu 22.04\/Ubuntu 20.04 server. TheHive, according to their documentation page, is a scalable, open<\/p>\n","protected":false},"author":1,"featured_media":14626,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,72,34],"tags":[6011,913,6013,6012,6010,6007,308,6014,6008,6009],"class_list":["post-14573","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-monitoring","category-security","tag-cassandra","tag-elk","tag-install-thehive-5-on-linux","tag-install-thehive-5-ubuntu","tag-install-thehive-linux","tag-install-thehive-on-ubuntu-22-04-ubuntu-20-04","tag-security","tag-thehive-5-installation","tag-thehive-install-ubuntu","tag-ubuntu-20-04-thehive-install","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/14573"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=14573"}],"version-history":[{"count":22,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/14573\/revisions"}],"predecessor-version":[{"id":20630,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/14573\/revisions\/20630"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/14626"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=14573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=14573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=14573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}