Cortex is a powerful open-source observable analysis tool that is used for cyber threat intelligence and incident response workflows. In this guide, we will walk through the steps to install Cortex on Ubuntu 22.04. Whether you’re using a local machine or deploying Cortex on a Windows VPS UK, this guide will help you get started.
Step 1: Update Your System
Before installing Cortex, ensure your system is up-to-date. Run the following commands to update your Ubuntu 22.04 system:
sudo apt update && sudo apt upgradeKeeping your system updated ensures the latest security patches and software updates. This is essential whether you’re hosting locally or on a UK Windows VPS.
Step 2: Install Java
Cortex requires Java to run. Install OpenJDK 11, the recommended version for Cortex, using the following command:
sudo apt install openjdk-11-jdkAfter installation, verify that Java is installed:
java -versionThe output should show OpenJDK 11 installed. Java is critical for running Cortex, whether hosted on Ubuntu or on a VPS Windows Servers setup.
Step 3: Install Elasticsearch
Cortex uses Elasticsearch as its database. To install Elasticsearch, first download and install its GPG key:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
Add the Elasticsearch repository:
sudo sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'
sudo apt update
Now, install Elasticsearch:
sudo apt install elasticsearchOnce installed, start Elasticsearch and enable it to start on boot:
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
This database will store Cortex's analysis data, whether you’re running on a local server or on a Windows Virtual Private Server hosting.
Step 4: Download and Install Cortex
Now that Java and Elasticsearch are installed, download the latest version of Cortex:
cd /opt
sudo wget https://download.thehive-project.org/cortex-3.1.1-1.zip
sudo unzip cortex-3.1.1-1.zip
sudo mv cortex-3.1.1 /opt/cortex
Set the correct ownership for the Cortex directory:
sudo chown -R cortex:cortex /opt/cortexStep 5: Configure Cortex
Next, you need to configure Cortex to communicate with Elasticsearch and set other application settings. Start by copying the default configuration file:
sudo cp /opt/cortex/application.conf.example /opt/cortex/application.confEdit the configuration file to set your database details and customize the application:
sudo nano /opt/cortex/application.confSet the Elasticsearch URL and other essential details like so:
# Elasticsearch configuration
search {
index = cortex
host = ["http://127.0.0.1:9200"]
}
Once done, save the file and exit.
Step 6: Run Cortex
To start Cortex, run the following command:
sudo /opt/cortex/bin/cortexCortex will start running, and you can access it via http://your-server-ip:9001. This interface allows you to manage observable analysis, whether you’re using a local server or a UK VPS Windows hosting platform.
Step 7: Configure Cortex as a Service
To ensure that Cortex starts automatically on boot, you can set it up as a systemd service. Create a service file:
sudo nano /etc/systemd/system/cortex.serviceAdd the following content to the file:
[Unit]
Description=Cortex Service
After=network.target
[Service]
ExecStart=/opt/cortex/bin/cortex
User=cortex
Restart=always
[Install]
WantedBy=multi-user.target
Save the file, reload systemd, and enable the service:
sudo systemctl daemon-reload
sudo systemctl enable cortex
sudo systemctl start cortex
Cortex will now automatically start on system boot, making it ideal for monitoring and observable analysis in production environments like Windows VPS hosting UK.
