docker启动es
sudo rm -rf /var/lib/elasticsearch
sudo mkdir /var/lib/elasticsearch
sudo chmod -R 777 /var/lib/elasticsearch
docker run --name elasticsearch --hostname elasticsearch -d --publish 127.0.0.1:9200:9200 --publish 127.0.0.1:9300:9300 --volume /var/lib/elasticsearch:/usr/share/elasticsearch/data -e "http.host=0.0.0.0" -e "transport.host=0.0.0.0" -e "xpack.security.enabled=false" -e "cluster.name=hive" -e "script.inline=true" -e "thread_pool.index.queue_size=100000" -e "thread_pool.search.queue_size=100000" -e "thread_pool.bulk.queue_size=100000" docker.elastic.co/elasticsearch/elasticsearch:5.6.0
安装thehive
cd /opt
wget https://dl.bintray.com/thehive-project/binary/thehive-latest.zip
unzip thehive-latest.zip
ln -s thehive-x.x.x thehive
sudo addgroup thehive
sudo adduser --system thehive
sudo cp /opt/thehive/package/thehive.service /usr/lib/systemd/system
sudo chown -R thehive:thehive /opt/thehive
sudo chgrp thehive /etc/thehive/application.conf
sudo chmod 640 /etc/thehive/application.conf
sudo systemctl enable thehive
sudo service thehive start
sudo mkdir /etc/thehive
(cat << _EOF_
# Secret key
# ~~~~~
# The secret key is used to secure cryptographics functions.
# If you deploy your application to several instances be sure to use the same key!
play.http.secret.key="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)"
_EOF_
) | sudo tee -a /etc/thehive/application.conf
访问 http://10.10.41.106:8080/index.html#/cases 会跳出初始化数据库设置. Login和Username输入一样的 输入密码 即可