Quickly integrate DFIR-IRIS with Cortex to run any Cortex Analyzer.
Use the Cortex Analyzer
module to run Cortex Analyzers via the DFIR-IRIS platform.
Get started with Cortex: Video Tutorial
The module is built for the below IoC types:
- Ip Address
- Domain
- Hash (MD5, SHA224, SHA256, SHA512)
You can configure the module to run any Cortex Analyzer you like.
⚠ You must have the Analyzer enabled within Cortex prior to running the module.
Currently, the Cortex Analyzer module can be ran as DFIR-IRIS
Module.
Get started with DFIR-IRIS: Video Tutorial
- Fetch the
Cortex Analyzer Module
Repogit clone https://github.com/socfortress/iris-cortexanalyzer-module cd iris-cortexanalyzer-module
- Install the module
./buildnpush2iris.sh -a
Once installed, configure the module to include:
- Cortex API Endpoint (e.g.
http://localhost:9001
) - Cortex API Key
- Cortex Analyzer Name (e.g.
VirusTotal_GetReport_3_0
)
- Navigate to
Advanced -> Modules
- Add a new module
- Input the Module name:
iris_cortexanalyzer_module
- Configure the module
To run the module select Case -> IOC
and select the dropdown menu.
Module currently supports IoC of type:
ip, domain, hash
Auto refresh is coming soon
If you are experiencing issues, please contact us at
[email protected]