In Episode 12 I will show you how to enable analyzers in Cortex that will be used to run analysis on observables such as IP and email addresses, domain names, files and hashes. We will revisit the docker compose file where I briefly explain the setup, then I will show you how to activate the MalwareBazzar and VirtusTotal analyzers, and how to use them to scan for common ransomware hashes to see the result. If you have been enjoying this series so far, please don’t forget to like and subscribe!
Links used in video:
https://github.com/ls111-cybersec/thehive-cortex-misp-docker-compose-lab11update