Update: Cerana 0.5 (TheHive 3.0.5) was released on Feb 8, 2018 to fix a regression introduced by Cerana 0.4, pertaining to the observable mini-reports. Please install 3.0.5 instead.
Waiting for the menu, one of the numerous guests of TheHive Project’s world-renowned code restaurant grows impatient. He stands up and walks toward the kitchen, looking for a waiter to chastise. It’s certainly a free meal and, looking at the reviews on CodeAdvisor, a delicious one. But guests shouldn’t wait more than two minutes to get a copy of the menu, right?
As he approaches the door leading to the kitchen, it slams open and an all-smiling, all-French-looking man dressed in a bee costume comes out carrying hot plates. Peering at their content, the once angry guest cheers up as he stares down at Cerana 0.4 or TheHive 3.0.4 if you prefer. If the looks and smells of the dish match its taste, this will be a terrific meal.
As he sees how Cerana 0.4 prompted a change of heart of the guest, the waiter coming out of the kitchen where TheHive Chefs were busy creating this new recipe goes on describing its content.
‘Mon bon Monsieur‘, he starts in near-perfect Parisian-English accent, ‘this is the plat du jour, or the dish of the day if you prefer. Even though the mighty Chefs insist on calling it a hotfix, not only it fixes eleven bugs in previous versions but it adds four new features and two enhancements. Would you like me to describe them?’
Source : dilbert.com © Scott Adams
The guest, feeling hungry, his mouth watery, but feeling bad about what he was about to say to the waiter just a few seconds ago nods. So the waiter goes on and describe how the latest release of TheHive will serve his hunger for efficient though free security incident response platforms even better.
- Template names will no longer appear in uppercase if you don’t create them that way.
- Fix a typo in the message displayed by the real-time stream when a bulk alert update is performed.
- Make the similarity threshold configurable for alerts in order to avoid the
too many substreams openmessage.
- Make long messages wrap on the MISP export dialog.
- Fix a nasty issue where the assignee list is not displayed when there are more than 20 users. This was impacting all drop down lists than contain dynamic data.
- An alert is uniquely identified by a tuple: type; source; sourceRef. However, the type parameter was simply ignored. Nice fail (*cough*).
- When a report template is not defined for a given analyzer, TheHive tries to load a default one that shows the raw job report. However, the path to that default template was broken.
- Make dashboard donuts clickable. This is a regression introduced in Cerana. Thank you Wayland for reporting it 😉
- Refresh custom fields on open cases when said fields are modified.
- Fix a bug related to the display of case metrics when creating a new case out of a template.
- If you run multiple Cortex analyzers at once on a given observable, some mini-reports would vanish mysteriously. Upon investigation, they were luckily not kidnapped by Belphegor, the phantom of the Louvre.
- MISP feeds made the Elastisearch audit logs grow by leaps and bounds. Thanks Andrea Garavaglia for discovering this abnormal behaviour which is fixed in Cerana 0.4.
- Make TheHive compatible with Cortex 2, the greatest and coolest version of our at-scale observable analysis engine that should be released in a couple of weeks.
- Alerts are now searchable.
- Make counts clickable in counter-type dashboard widgets, leading to the global search page with corresponding results.
- Add sort capabilities to custom fields and metrics.
- Last but not least, filter MISP events using MISP tags & more before creating alerts. That way, you won’t have to deal with a mind-numbing number of alerts when you connect an event-loaded MISP instance to TheHive for the first time. Please check out the documentation to leverage this nifty feature.
At this point, the guest cannot control his lust so he snatches one of the plates out the waiter’s hands, runs back to his table and start installing Cerana 0.4 to unleash its power and use it to fight cybercrime. Bon appétit !
Feeling Generous? Donate!
As you know, we are a FOSS project and donations are always welcome to make our products even better for the community.
All donations go to Creative Source, the non-profit organization we have created, and we will use them to improve TheHive, Cortex & Hippocampe but also to develop (even better) integrations with other FOSS solutions such as MISP.
So if you are feeling generous, please contact us at email@example.com.
Creative Source can also provide so-called professional, entreprise-grade support, help integrating the products, train your analysts before they drain or assist you in specific areas such as developing in-house analyzers for Cortex.
Download & Get Down to Work
If you have an existing installation of TheHive, please follow the migration guide.
If you are performing a fresh installation, read the installation guide corresponding to your needs and enjoy. Please note that you can install TheHive using an RPM or DEB package, use Docker, install it from a binary or build it from sources.
Something does not work as expected? You have troubles installing or upgrading? No worries, please join our user forum, contact us on Gitter, or send us an email at firstname.lastname@example.org. We are here to help.
Correction: Feb 6, 2018
An earlier version of this post contained an incomplete sentence.