UbuntuUbuntu Based

How To Install Cortex on Ubuntu 22.04 LTS

Install Cortex on Ubuntu 22.04

In this tutorial, we will show you how to install Cortex on Ubuntu 22.04 LTS. For those of you who didn’t know, Cortex observable analysis is a powerful open-source platform that provides organizations with a unified view of their threat data. With its flexible and scalable architecture, rich set of features, and seamless integration with popular data sources, Cortex is a valuable tool for anyone looking to improve their observability capabilities.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Cortex observable analysis tool on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.


  • A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for Cortex.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Cortex on Ubuntu 22.04 LTS Jammy Jellyfish

Step 1. First, keep your system up-to-date with the latest security patches and updates. You can do this by running the following commands in your terminal:

sudo apt update
sudo apt upgrade
sudo apt install dirmngr gnupg apt-transport-https ca-certificates software-properties-common

Step 2. Installing Java.

Before you install Cortex, you need to have Java installed on your system. If you do not have Java installed, you can follow our guide here.

You can verify the Java version using the following command:

java --version

You should see output similar to the following:

openjdk version "11.0.18" 2023-01-17
OpenJDK Runtime Environment (build 11.0.18+10-post-Ubuntu-0ubuntu122.04)
OpenJDK 64-Bit Server VM (build 11.0.18+10-post-Ubuntu-0ubuntu122.04, mixed mode, sharing)

Next, set the Java environment variable using the following command:

echo JAVA_HOME="/usr/lib/jvm/java-11-openjdk-amd64" | tee -a /etc/environment

Then, activate the environment variable using the following command:

source /etc/environment

Step 3. Installing Elasticsearch.

By default, Elasticsearch is not available on Ubuntu 22.04 base repository. Now run the following command below to add the Elasticsearch repository to your Ubuntu system:

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

Next, import the GPG key:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

After the repository is enabled, now install the latest version of Elasticsearch using the below command:

sudo apt update
sudo apt install elasticsearch

Elasticsearch service is not started automatically after installation, to start the service and enable it on system boot, type the following systemctl command:

sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch
sudo systemctl status elasticsearch

To configure Elasticsearch, we edit its main configuration file elasticsearch.yml where most of its configuration options are stored:

nano /etc/elasticsearch/elasticsearch.yml

Change the following line:

cluster.name: my-application

Save and close the file, then create a jvm.options file:

nano /etc/elasticsearch/jvm.options.d/jvm.options

Add the following file:


Save and close the file, then restart the ElasticSearch service to apply the changes:

systemctl restart elasticsearch

For additional resources on installing Elasticsearch, read the post below:

Step 4. Installing Cortex Ubuntu 22.04.

By default, Cortex is not available on Ubuntu 22.04 base repository. Now run the following command below to add the Cortex repository to your Ubuntu system:

echo 'deb https://deb.thehive-project.org release main' | tee -a /etc/apt/sources.list.d/thehive-project.list

Next, import the GPG key using the following command:

wget -qO- "https://raw.githubusercontent.com/TheHive-Project/Cortex/master/PGP-PUBLIC-KEY" | gpg --dearmor -o /etc/apt/trusted.gpg.d/cortex.gpg
wget -qO- https://raw.githubusercontent.com/TheHive-Project/Cortex/master/PGP-PUBLIC-KEY | gpg --dearmor -o /etc/apt/trusted.gpg.d/thehive.gpg

 With the Cortex repository added, you can now install Cortex using the following command:

sudo apt update
sudo apt install cortex

Step 5. Configure Cortex.

Now we create the Cortex secret key required for secure cryptographic cortex functions:

cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1



Next, edit the Cortex configuration file and define your secret:

nano /etc/cortex/application.conf

Define your secrets as shown below:


Save and close the file, then start and enable the Cortex service using the following command below:

systemctl enable --now cortex

Step 6. Configure Firewall.

Now we set up an Uncomplicated Firewall (UFW) with Cortex to allow public access on default web ports for 9001:

sudo ufw allow OpenSSH
sudo ufw allow 9001
sudo ufw enable

Step 7. Accessing Cortex Web Interface.

Once successfully installed, open your web browser and access the Cortex Web UI using the URL http://your-IP-address:9001. You will be redirected to the following page:

Install Cortex on Ubuntu 22.04 LTS Jammy Jellyfish

Once the database update is done, create your Cortex admin account:

Install Cortex on Ubuntu 22.04 LTS Jammy Jellyfish

Congratulations! You have successfully installed Cortex. Thanks for using this tutorial for installing Cortex observable analysis on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official Cortex website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!


r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button