TheHive is a security incident response software, which is segmented in ui and backend (TheHive) as well as the analyzer backend (Cortex). This repository contains our set of analyzers we're using for JAMIE (Joint Analysis for Malware and Incident Evaluation).
Available analyzers:
- CERT.at passive dns
- CIRCL.lu passive dns info
- CIRCL.lu passive ssl info
- FireHOL ip blocklists info
- Google Safebrowsing info
- MISP info
- Virusshare info
- VMRay info
- Yara info rules
The documentation can be found under https://cert-bund-cortex-analyzers.readthedocs.io/en/latest/.