How To Install Cortex on Ubuntu 22.04 LTS
In this tutorial, we will show you how to install Cortex on Ubuntu 22.04 LTS. For those of you who didn’t know, Cortex observable analysis is a powerful open-source platform that provides organizations with a unified view of their threat data. With its flexible and scalable architecture, rich set of features, and seamless integration with popular data sources, Cortex is a valuable tool for anyone looking to improve their observability capabilities.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Cortex observable analysis tool on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
Prerequisites
- A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for Cortex.
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Cortex on Ubuntu 22.04 LTS Jammy Jellyfish
Step 1. First, make sure that all your system packages are up-to-date by running the following apt commands in the terminal.
sudo apt update sudo apt upgrade sudo apt install dirmngr gnupg apt-transport-https ca-certificates software-properties-common
Step 2. Installing Java.
Before you install Cortex, you need to have Java installed on your system. If you do not have Java installed, you can follow our guide here.
You can verify the Java version using the following command:
java --version
Next, set the Java environment variable using the following command:
echo JAVA_HOME="/usr/lib/jvm/java-11-openjdk-amd64" | tee -a /etc/environment
Then, activate the environment variable using the following command:
source /etc/environment
Step 3. Installing Elasticsearch.
By default, Elasticsearch is not available on Ubuntu 22.04 base repository. Now run the following command below to add the Elasticsearch repository to your Ubuntu system:
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
Next, import the GPG key:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
After the repository is enabled, now install the latest version of Elasticsearch using the below command:
sudo apt update sudo apt install elasticsearch
Elasticsearch service is not started automatically after installation, to start the service and enable it on system boot, type the following systemctl command:
sudo systemctl enable elasticsearch sudo systemctl start elasticsearch sudo systemctl status elasticsearch
To configure Elasticsearch, we edit its main configuration file elasticsearch.yml where most of its configuration options are stored:
nano /etc/elasticsearch/elasticsearch.yml
Change the following line:
cluster.name: my-application
Save and close the file, then create a jvm.options file:
nano /etc/elasticsearch/jvm.options.d/jvm.options
Add the following file:
-Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true
Save and close the file, then restart the ElasticSearch service to apply the changes:
systemctl restart elasticsearch
For additional resources on installing Elasticsearch, read the post below:
Step 4. Installing Cortex Ubuntu 22.04.
By default, Cortex is not available on Ubuntu 22.04 base repository. Now run the following command below to add the Cortex repository to your Ubuntu system:
echo 'deb https://deb.thehive-project.org release main' | tee -a /etc/apt/sources.list.d/thehive-project.list
Next, import the GPG key using the following command:
wget -qO- "https://raw.githubusercontent.com/TheHive-Project/Cortex/master/PGP-PUBLIC-KEY" | gpg --dearmor -o /etc/apt/trusted.gpg.d/cortex.gpg wget -qO- https://raw.githubusercontent.com/TheHive-Project/Cortex/master/PGP-PUBLIC-KEY | gpg --dearmor -o /etc/apt/trusted.gpg.d/thehive.gpg
After the repository is enabled, now install the latest version of Cortex using the below command:
sudo apt update sudo apt install cortex
Step 5. Configure Cortex.
Now we create Cortex secret key required for secure cryptographic cortex functions:
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
Output:
GDTc1rXTf4mx8TWEdBMWJYunwiLwHSaDS7gUR6g4Pe46LWgMNIxI9bvw
Next, edit the Cortex configuration file and define your secret:
nano /etc/cortex/application.conf
Define your secrets as shown below:
play.http.secret.key="GDTc1rXTf4mx8TWEdBMWJYunwiLwHSaDS7gUR6g4Pe46LWgMNIxI9bvw"
Save and close the file, then start and enable the Cortex service using the following command below:
systemctl enable --now cortex
Step 6. Configure Firewall.
Now we set up an Uncomplicated Firewall (UFW) with Cortex to allow public access on default web ports for 9001:
sudo ufw allow OpenSSH sudo ufw allow 9001 sudo ufw enable
Step 7. Accessing Cortex Web Interface.
Once successfully installed, open your web browser and access the Cortex Web UI using the URL http://your-IP-address:9001. You will be redirected to the following page:
Once the database update is done, create your Cortex admin account:
Congratulations! You have successfully installed Cortex. Thanks for using this tutorial for installing Cortex observable analysis on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official Cortex website.
