On June 6, 2018, we released Cortex-Analyzers 1.10, which contained 11 new analyzers, bringing the total to 83 programs. You read that correctly: 83 ways to assess and gain insight on observables collected during the course of an investigation or while performing threat intelligence thanks to Cortex, our free & open source analysis engine. One day after, we published version 1.10.1 which fixed the name of the Anomali STAXX reports for TheHive. Since then we uncovered a few additional issues which version 1.10.2 corrects:
- #273 & #283: two encoding issues in the ThreatCrowd JSON definition file
- #275: the GreyNoise mini-report for TheHive did not produce any information when no record was found
- #278: the IBM X-Force analyzer forced the TLP in its configuration
- #279: the VMRay should authorize self-signed certificates
- #280: the name of the IBM X-Force Exchange report folder was incorrect preventing TheHive from displaying mini-reports or usefully laid out long ones
To install this hotfix release on your Cortex instance:
$ cd /path/to/Cortex-Analyzers $ sudo git pull
Then log in to the Cortex Web UI as an
orgAdmin and click on Refresh Analyzers:
If you are using TheHive, make sure to download the latest version of the report templates and import them into your instance.
Something does not work as expected? No worries, please join our user forum, contact us on Gitter, or send us an email at firstname.lastname@example.org. We are here to help.