{"id":14782,"date":"2022-11-10T22:58:47","date_gmt":"2022-11-10T19:58:47","guid":{"rendered":"https:\/\/kifarunix.com\/?p=14782"},"modified":"2024-03-09T23:16:35","modified_gmt":"2024-03-09T20:16:35","slug":"how-to-enable-and-configure-cortex-analyzers","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/how-to-enable-and-configure-cortex-analyzers\/","title":{"rendered":"How to Easily Enable and Configure Cortex Analyzers"},"content":{"rendered":"\n<p>Follow through this tutorial to learn how to enable and configure Cortex Analyzers. <a href=\"https:\/\/docs.thehive-project.org\/cortex\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cortex<\/a> is an opensource software created by TheHive that can be used by IT security personnel to manually or automatically (through Cortex REST APIs) analyze event\/incident observables and IOCs such as IP addresses, file, hashes, domain names, URLs, email addresses e.t.c. Analyzers allow analysts and security researchers to analyze such observables and IOCs at scale.<\/p>\n\n\n\n<p>You can check our previous guide on how to install Cortex on Ubuntu;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-cortex-on-ubuntu\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Cortex on Ubuntu 22.04\/Ubuntu 20.04<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to Enable and Configure Cortex Analyzers<\/h2>\n\n\n\n<p>Cortex ships with the support of various analyzers. Some that are free to use, some that requires special access or valid subscription or product license.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Free Analyzers\n<ul class=\"wp-block-list\">\n<li>Abuse_Finder<\/li>\n\n\n\n<li>AbuseIPDB<\/li>\n\n\n\n<li>Backscatter.io<\/li>\n\n\n\n<li>C1fApp<\/li>\n\n\n\n<li>Censys.io<\/li>\n\n\n\n<li>Clamav<\/li>\n\n\n\n<li>Crtsh<\/li>\n\n\n\n<li>CuckooSandbox<\/li>\n\n\n\n<li>CyberChef<\/li>\n\n\n\n<li>Cybercrime-Tracker<\/li>\n\n\n\n<li>Cyberprotect<\/li>\n\n\n\n<li>Cymon<\/li>\n\n\n\n<li>DNSSinkhole<\/li>\n\n\n\n<li>DShield<\/li>\n\n\n\n<li>EmailRep<\/li>\n\n\n\n<li>EmlParser<\/li>\n\n\n\n<li>FileInfo<\/li>\n\n\n\n<li>FireHOLBlocklists<\/li>\n\n\n\n<li>Fortiguard<\/li>\n\n\n\n<li>GoogleDNS<\/li>\n\n\n\n<li>GoogleSafeBrowsing<\/li>\n\n\n\n<li>Hashdd<\/li>\n\n\n\n<li>HIBP<\/li>\n\n\n\n<li>Hippocampe<\/li>\n\n\n\n<li>HybridAnalysis<\/li>\n\n\n\n<li>Hunterio_DomainSearch<\/li>\n\n\n\n<li>Maltiverse<\/li>\n\n\n\n<li>MalwareClustering<\/li>\n\n\n\n<li>MaxMind<\/li>\n\n\n\n<li>MISP<\/li>\n\n\n\n<li>MISP Warninglists<\/li>\n\n\n\n<li>Msg_Parser<\/li>\n\n\n\n<li>NSLR<\/li>\n\n\n\n<li>Onyphe<\/li>\n\n\n\n<li>OpenCTI<\/li>\n\n\n\n<li>OTXQuery<\/li>\n\n\n\n<li>Patrowl<\/li>\n\n\n\n<li>PhishTank<\/li>\n\n\n\n<li>PhishingInitiative<\/li>\n\n\n\n<li>Pulsedive<\/li>\n\n\n\n<li>Robtex<\/li>\n\n\n\n<li>SpamhausDBL<\/li>\n\n\n\n<li>StaxxSearch<\/li>\n\n\n\n<li>StopForumSpam<\/li>\n\n\n\n<li>Talos Reputation<\/li>\n\n\n\n<li>Team Cymru MHR<\/li>\n\n\n\n<li>ThreatCrowd<\/li>\n\n\n\n<li>Tor Blutmagie<\/li>\n\n\n\n<li>Tor Project<\/li>\n\n\n\n<li>Unshortenlink<\/li>\n\n\n\n<li>UrlScan.io<\/li>\n\n\n\n<li>URLhaus<\/li>\n\n\n\n<li>Virusshare<\/li>\n\n\n\n<li>WOT<\/li>\n\n\n\n<li>Yara<\/li>\n\n\n\n<li>Yeti<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Analyzers Requiring Special Access\n<ul class=\"wp-block-list\">\n<li>ANY.RUN<\/li>\n\n\n\n<li>CERTatPassiveDNS<\/li>\n\n\n\n<li>CIRCLPassiveDNS<\/li>\n\n\n\n<li>CIRCLPassiveSSL<\/li>\n\n\n\n<li>GreyNoise<\/li>\n\n\n\n<li>IBM X-Force<\/li>\n\n\n\n<li>IPInfo<\/li>\n\n\n\n<li>IntezerCommunity<\/li>\n\n\n\n<li>LastInfoSec<\/li>\n\n\n\n<li>Malpedia<\/li>\n\n\n\n<li>Malwares<\/li>\n\n\n\n<li>MalwareBazaar<\/li>\n\n\n\n<li>MnemonicPDNS<\/li>\n\n\n\n<li>Sendgrid<\/li>\n\n\n\n<li>SinkDB<\/li>\n\n\n\n<li>Shodan<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Subscription and License-based Analyzers\n<ul class=\"wp-block-list\">\n<li>Autofocus<\/li>\n\n\n\n<li>DNSDB<\/li>\n\n\n\n<li>DomainTools<\/li>\n\n\n\n<li>DomainTools Iris<\/li>\n\n\n\n<li>EmergingThreats<\/li>\n\n\n\n<li>FireEye iSIGHT<\/li>\n\n\n\n<li>JoeSandbox<\/li>\n\n\n\n<li>Investigate<\/li>\n\n\n\n<li>IPVoid<\/li>\n\n\n\n<li>Nessus<\/li>\n\n\n\n<li>PassiveTotal<\/li>\n\n\n\n<li>PayloadSecurity<\/li>\n\n\n\n<li>RecordedFuture<\/li>\n\n\n\n<li>SecurityTrails<\/li>\n\n\n\n<li>SoltraEdge<\/li>\n\n\n\n<li>ThreatGrid<\/li>\n\n\n\n<li>Threat Response<\/li>\n\n\n\n<li>Umbrella<\/li>\n\n\n\n<li>VirusTotal<\/li>\n\n\n\n<li>VMRay<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>In this guide, we will just see how to enable and configure some of the analyzers to get you started.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Login to Cortex as an Organization Admin<\/h3>\n\n\n\n<p>To get started, login to Cortex as a specific organization admin for you to be able to access, enable and configure your organization analyzers.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1911\" height=\"704\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/login-as-organization-admin-cortex.png\" alt=\"\" class=\"wp-image-14794\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/login-as-organization-admin-cortex.png?v=1668072162 1911w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/login-as-organization-admin-cortex-768x283.png?v=1668072162 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/login-as-organization-admin-cortex-1536x566.png?v=1668072162 1536w\" sizes=\"(max-width: 1911px) 100vw, 1911px\" \/><\/figure>\n\n\n\n<p>Note that for you to create an organization and organization administrative user, you need to login as <strong>super-admin<\/strong> first.<\/p>\n\n\n\n<p>The check the guide below on how to create an organization and admin user for that account;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-cortex-on-ubuntu\/#create-cortex-organizations\" target=\"_blank\" rel=\"noreferrer noopener\">Next, Create Cortex Organization and Organization administrator<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Install and Host Cortex Analyzers Locally on the Host<\/h3>\n\n\n\n<p>You can view available analyzers by navigating to <strong>Organization &gt; Analyzers<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1891\" height=\"937\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/available-analyzers.png\" alt=\"\" class=\"wp-image-14795\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/available-analyzers.png?v=1668074225 1891w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/available-analyzers-768x381.png?v=1668074225 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/available-analyzers-1536x761.png?v=1668074225 1536w\" sizes=\"(max-width: 1891px) 100vw, 1891px\" \/><\/figure>\n\n\n\n<p>From the above, you can see we have 217 available analyzers.<\/p>\n\n\n\n<p>By default, Cortex is configured to get the list of analyzers from <strong><code>https:\/\/download.thehive-project.org\/analyzers.json<\/code><\/strong>;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo vim \/etc\/cortex\/application.conf<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>## ANALYZERS\n#\nanalyzer {\n  # analyzer location\n  # url can be point to:\n  # - directory where analyzers are installed\n  # - json file containing the list of analyzer descriptions\n  urls = [\n<strong>    \"https:\/\/download.thehive-project.org\/analyzers.json\"\n<\/strong>    #\"\/absolute\/path\/of\/analyzers\"\n  ]\n\n  # Sane defaults. Do not change unless you know what you are doing.\n  fork-join-executor {\n    # Min number of threads available for analysis.\n    parallelism-min = 2\n    # Parallelism (threads) ... ceil(available processors * factor).\n    parallelism-factor = 2.0\n    # Max number of threads available for analysis.\n    parallelism-max = 4\n  }\n}\n<\/code><\/pre>\n\n\n\n<p>We will however install and host our analyzers on the Cortex server.<\/p>\n\n\n\n<p>Hence, install required packages.<\/p>\n\n\n\n<p>Note that you will need both Python 2 and Python 3 for compatibility of different analyzers.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install -y --no-install-recommends python2.7-dev python3-pip \\\npython3-dev ssdeep libfuzzy-dev libfuzzy2 libimage-exiftool-perl libmagic1 \\\npython3-testresources build-essential git libssl-dev<\/code><\/pre>\n\n\n\n<p>Next, install Python setuptools;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo pip3 install -U pip setuptools<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo pip install -U pip setuptools<\/code><\/pre>\n\n\n\n<p>Clone the Cortex-analyzers repository in the directory of your preferred directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo git clone https:\/\/github.com\/TheHive-Project\/Cortex-Analyzers \/opt\/cortex\/analyzers-responders<\/code><\/pre>\n\n\n\n<p>Install Python requirements of each analyzer thereafter;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>for i in `find \/opt\/cortex\/analyzers-responders -name 'requirements.txt'`; do sudo -H pip install -r $i; done &amp;&amp; \\\nfor i in `find \/opt\/cortex\/analyzers-responders -name 'requirements.txt'`; do sudo -H pip3 install -r $i || true; done<\/code><\/pre>\n\n\n\n<p>We will now our analyzers on our custom directory, <code><strong>\/opt\/cortex\/analyzers-responders\/analyzers\/<\/strong><\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ls \/opt\/cortex\/analyzers-responders\/analyzers\/<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>AbuseIPDB         Crowdsec            EchoTrail               GreyNoise         KasperskyTIP       NSRL                Robtex                    TeamCymruMHR    Verifalia\nAbuse_Finder      Crtsh               Elasticsearch           HIBP              LastInfoSec        Nessus              SEKOIAIntelligenceCenter  ThreatGrid      VirusTotal\nAnyRun            CuckooSandbox       EmailRep                Hashdd            LdapQuery          OTXQuery            SecurityTrails            ThreatMiner     Virusshare\nAutofocus         CyberChef           EmergingThreats         Hippocampe        MISP               Onyphe              SentinelOne               ThreatResponse  Vulners\nBackscatterIO     CyberCrime-Tracker  EmlParser               Hunterio          MISPWarningLists   OpenCTI             Shodan                    Threatcrowd     WOT\nBitcoinAbuse      Cyberprotect        FalconSandbox           HybridAnalysis    Malpedia           PaloAltoWildFire    SinkDB                    Thunderstorm    Yara\nC1fApp            Cylance             FileInfo                IBMXForce         Maltiverse         PassiveTotal        SoltraEdge                TorBlutmagie    Yeti\nCERTatPassiveDNS  DNSDB               FireEyeiSight           IP-API            MalwareBazaar      Patrowl             SophosIntelix             TorProject      Zscaler\nCIRCLHashlookup   DNSLookingglass     FireHOLBlocklists       IPVoid            MalwareClustering  PayloadSecurity     SpamAssassin              Triage\nCIRCLPassiveDNS   DNSSinkhole         ForcepointWebsensePing  IPinfo            Malwares           PhishTank           SpamhausDBL               URLhaus\nCIRCLPassiveSSL   DShield             Fortiguard              IVRE              MaxMind            PhishingInitiative  Splunk                    Umbrella\nCISMCAP           Diario              GRR                     Inoitsu           MetaDefender       ProofPoint          StamusNetworks            UnshortenLink\nCensys            DomainMailSPFDMARC  GoogleDNS               IntezerCommunity  MnemonicPDNS       Pulsedive           StaxxSearch               Urlscan.io\nCheckPhish        DomainTools         GoogleSafebrowsing      Investigate       MsgParser          RecordedFuture      StopForumSpam             VMRay\nClamAV            DomainToolsIris     GoogleVisionAPI         JoeSandbox        NERD               RiskIQ              TalosReputation           Valhalla\n<\/code><\/pre>\n\n\n\n<p>They might be less than those you can obtain from the <strong><code>https:\/\/download.thehive-project.org\/analyzers.json<\/code><\/strong>.<\/p>\n\n\n\n<p>Now that you have locally installed Analyzers, configure Cortex to use these local analyzers.<\/p>\n\n\n\n<p>Thus, change the urls from <strong><code>https:\/\/download.thehive-project.org\/analyzers.json<\/code><\/strong> to the local file system path containing Analyzers;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo vim \/etc\/cortex\/application.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>analyzer {\n  # analyzer location\n  # url can be point to:\n  # - directory where analyzers are installed\n  # - json file containing the list of analyzer descriptions\n<strong>  urls = &#91;\n    \"https:\/\/download.thehive-project.org\/analyzers.json\"<\/strong>\n    #\"\/absolute\/path\/of\/responders\"\n  ]<\/code><\/pre>\n\n\n\n<p>To something like;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>analyzer {\n  # analyzer location\n  # url can be point to:\n  # - directory where analyzers are installed\n  # - json file containing the list of analyzer descriptions\n  urls = &#91;\n    #\"https:\/\/download.thehive-project.org\/analyzers.json\"\n<strong>    \"\/opt\/cortex\/analyzers-responders\/analyzers\"\n<\/strong>  ]<\/code><\/pre>\n\n\n\n<p>Save and exit the file;<\/p>\n\n\n\n<p>Restart Cortex;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart cortex<\/code><\/pre>\n\n\n\n<p>You can tail the logs immediately to see if Cortex has found the new Analyzer worker list;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo tail -f \/opt\/cortex\/logs\/application.log<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Enable Cortex Analyzers<\/h3>\n\n\n\n<p>From the list of available analyzers above, you can see that none of the analyzer is enabled by default.<\/p>\n\n\n\n<p>Some Analyzers requires some configurations such as API keys to be able to use them while some are just available for use out of the box without any further configuration.<\/p>\n\n\n\n<p>You can get the requirements of each Analyzer on <a href=\"https:\/\/thehive-project.github.io\/Cortex-Analyzers\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cortex Analyzers page<\/a>.<\/p>\n\n\n\n<p>As an example, let&#8217;s see how to enable AbuseIPDB Analyzer. Thus, from the Organization Analyzers, click <strong>+Enable<\/strong> against the analyzer;<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/enable-abusedbip-analyzer.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1879\" height=\"492\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/enable-abusedbip-analyzer.png\" alt=\"How to Enable and Configure Cortex Analyzers\" class=\"wp-image-14798\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/enable-abusedbip-analyzer.png?v=1668078923 1879w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/enable-abusedbip-analyzer-768x201.png?v=1668078923 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/enable-abusedbip-analyzer-1536x402.png?v=1668078923 1536w\" sizes=\"(max-width: 1879px) 100vw, 1879px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>The analyzer configuration pops up!<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/abusedbip-analyzer.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1247\" height=\"950\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/abusedbip-analyzer.png\" alt=\"How to Enable and Configure Cortex Analyzers\" class=\"wp-image-14799\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/abusedbip-analyzer.png?v=1668079110 1247w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/abusedbip-analyzer-768x585.png?v=1668079110 768w\" sizes=\"(max-width: 1247px) 100vw, 1247px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>As you can see, you need an API key from <a href=\"https:\/\/www.abuseipdb.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">AbuseIPDB<\/a> in order to be able to utilize this analyzer.<\/p>\n\n\n\n<p>Thus, create an account on <a href=\"https:\/\/www.abuseipdb.com\/pricing\" target=\"_blank\" rel=\"noreferrer noopener\">AbuseIPDB<\/a> (it has different plans from Free to Enterprise plans). Choose your subscription plan accordingly.<\/p>\n\n\n\n<p>Once you have an account;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Login and navigate to your account summary page and head over to <strong>API<\/strong> tab &gt; <strong>Create<\/strong> Key.<\/li>\n\n\n\n<li>Enter the name of the API key<\/li>\n\n\n\n<li>Click Create to create the key.<\/li>\n<\/ul>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/abusedbip-api-key.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1446\" height=\"832\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/abusedbip-api-key.png\" alt=\"How to Enable and Configure Cortex Analyzers\" class=\"wp-image-14801\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/abusedbip-api-key.png?v=1668079848 1446w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/abusedbip-api-key-768x442.png?v=1668079848 768w\" sizes=\"(max-width: 1446px) 100vw, 1446px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>Copy the API key and paste it under the AbuseIPDB analyzer key configuration.<\/p>\n\n\n\n<p>Once you paste the key, click Save.<\/p>\n\n\n\n<p>The analyzer should now be showing like in the screenshot below;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1882\" height=\"438\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/cortex-abusedbip-analyzer-enabled.png\" alt=\"\" class=\"wp-image-14802\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/cortex-abusedbip-analyzer-enabled.png?v=1668080130 1882w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/cortex-abusedbip-analyzer-enabled-768x179.png?v=1668080130 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/cortex-abusedbip-analyzer-enabled-1536x357.png?v=1668080130 1536w\" sizes=\"(max-width: 1882px) 100vw, 1882px\" \/><\/figure>\n\n\n\n<p>You can enable other Cortex analyzers in the same way.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Using Enabled Cortex Analyzers<\/h3>\n\n\n\n<p>Once you enable an analyzer, click Analyzers menu at the top. You will now see enabled analyzers ready to do the analysis.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/cortex-analyzers.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1898\" height=\"527\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/cortex-analyzers.png\" alt=\"How to Enable and Configure Cortex Analyzers\" class=\"wp-image-14803\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/cortex-analyzers.png?v=1668081084 1898w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/cortex-analyzers-768x213.png?v=1668081084 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/cortex-analyzers-1536x426.png?v=1668081084 1536w\" sizes=\"(max-width: 1898px) 100vw, 1898px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>Each analyzer will show what observables it applies to. For example, AbuseIPDB is used to analyze IP addresses, domain names or network subnets for any abuse.<\/p>\n\n\n\n<p>When you click on the <strong>&gt; Run<\/strong> button, a wizard that let&#8217;s you enter the IP address or domain name to manually analyze pops up.<\/p>\n\n\n\n<p>Similarly, you can click <strong>+New analysis<\/strong> to start a new analysis.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1551\" height=\"469\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/analyze-IP-using-cortex-abuseDB-IP.png\" alt=\"\" class=\"wp-image-14805\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/analyze-IP-using-cortex-abuseDB-IP.png?v=1668082371 1551w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/analyze-IP-using-cortex-abuseDB-IP-768x232.png?v=1668082371 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/analyze-IP-using-cortex-abuseDB-IP-1536x464.png?v=1668082371 1536w\" sizes=\"(max-width: 1551px) 100vw, 1551px\" \/><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Data type<\/strong>: select IP<\/li>\n\n\n\n<li><strong>Data<\/strong>: enter IP address or domain name.<\/li>\n<\/ul>\n\n\n\n<p>Click Start to analyze IP\/domain in question.<\/p>\n\n\n\n<p>You analysis job should now run and be completed in a short while;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1914\" height=\"561\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/analyze-IP-address-using-abuseipdb-analyzer.png\" alt=\"\" class=\"wp-image-14809\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/analyze-IP-address-using-abuseipdb-analyzer.png?v=1668108870 1914w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/analyze-IP-address-using-abuseipdb-analyzer-768x225.png?v=1668108870 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/analyze-IP-address-using-abuseipdb-analyzer-1536x450.png?v=1668108870 1536w\" sizes=\"(max-width: 1914px) 100vw, 1914px\" \/><\/figure>\n\n\n\n<p>Click <strong>View<\/strong> to check the analysis report;<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/abuseipdb-status-report.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1876\" height=\"935\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/abuseipdb-status-report.png\" alt=\"\" class=\"wp-image-14811\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/abuseipdb-status-report.png?v=1668109090 1876w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/abuseipdb-status-report-768x383.png?v=1668109090 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/11\/abuseipdb-status-report-1536x766.png?v=1668109090 1536w\" sizes=\"(max-width: 1876px) 100vw, 1876px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>In a similar way, you can now enable and configure other Cortex analyzers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-integrate-thehive-with-misp\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Integrate TheHive with MISP<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-misp-on-ubuntu\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install MISP on Ubuntu 22.04\/Ubuntu 20.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Follow through this tutorial to learn how to enable and configure Cortex Analyzers. Cortex is an opensource software created by TheHive that can be used<\/p>\n","protected":false},"author":1,"featured_media":14813,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,72],"tags":[6082,6083,6079,6080,6081],"class_list":["post-14782","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-monitoring","tag-cortex","tag-cortex-analysis","tag-cortex-analyzers","tag-enable-cortex-analyzers","tag-install-cortex-analyzers","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/14782"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=14782"}],"version-history":[{"count":18,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/14782\/revisions"}],"predecessor-version":[{"id":20655,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/14782\/revisions\/20655"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/14813"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=14782"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=14782"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=14782"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}