Configuration Guide - V1D1AN/S1EM Wiki

Original URL: https://github.com/V1D1AN/S1EM/wiki/Configuration-Guide

Configuration

Configuration of MISP, TheHive, Cortex, FleetDM

MISP

Go to the interface MISP Enter the login: "[email protected]" Enter the password: "admin"

Enter a new password for MISP

After go to "Automation" and get the API Key.

TheHive

Follow the official documentation for create an organization and a API key for TheHive: https://github.com/TheHive-Project/TheHiveDocs/blob/master/TheHive4/User/Quick-start.md get the API Key.

Cortex

Follow the official documentation for create an organization and a API key for Cortex: https://github.com/TheHive-Project/CortexDocs/blob/master/admin/quick-start.md get the API Key.

Activation of S1EM's preconfigured analyzers

Go to Cortex Homepage:

Cortex

Go to Organization:

Cortex2

Go to Analyzers :

Cortex3

Enter Misp_2_1 and click on Enable:

Cortex6

Verify the API Key (it's preconfigured), and click on Save:

Cortex7

Enter OpenCTI_SearchObservables_2_0 and click on Enable:

Cortex8

Verify the API Key (it's preconfigured), and click on Save:

Cortex9

Go to Analyzers and verify analyzers actived:

Cortex10

Activation of other analyzers:

You can activate the analyzer VirusTotal, go to the Url : https://www.virustotal.com/gui/join-us

You can activate the analyzer OTX, go to the Url : https://otx.alienvault.com/

FleetDM

Go to the interface FleetDM.

For the first connection, you must configure FleetDM. Enter Username , Password, and Email, and click on Next:

FleetDM

Enter Organization name , and click on Next:

FleetDM2

Set Fleet Url and click on Submit:

FleetDM3

Verify and click on Finish:

FleetDM4

FleetDM is now configured:

FleetDM5

Use Deploy_api_key.sh

once you have the API Key, to simplify the deployment. Use the script and enter the different API Keys.

bash 02_deploy_api_key.sh