Cortex API Documentation

TheHive can interact with one or several Cortex instances to analyze observables and aid you in your investigation in the best possible way while taking into account your OPSEC needs. But you don’t need TheHive to unleash the power of Cortex.

Cortex can be used as a standalone product. You can run analyzers on observables you supply using its simple yet useful Web UI. And if you are not using TheHive, you can bridge your SIRP (Security Incident Response Platform) or any other tool with Cortex thanks to its REST API. To do so, please read the API documentation that we have published. And in a very few days, things will get easier as we will release Cortex4py, a Python API client for Cortex.

Let us know if you have any questions or problems on our user forum, on Gitter, or by sending us an email at We will be more than happy to help you!