Cortex Analyzers 3.3.8 Release: new tools, fresh upgrades and more!
We’re excited to share the latest release of Cortex Analyzers, version 3.3.8! This update brings a range of new analyzers, responders and improvements that we think you’ll love. Whether you’re exploring new investigation capabilities or upgrading your favorites, there’s something here for everyone. And, of course, thanks to the awesome contributors who made it happen!
What’s new?
Our new analyzers are here to help you dig deeper, faster, directly in TheHive. Here’s what’s joining the lineup:
- QrDecode by EnzoCyberSec
- EclecticIQ Analyzer by deepanshu-eiq
- MS Entra ID GetSignIns by jahamilto
- DNSDumpster by korteke
- OktaUserLookup by mjleesment
- Mandiant CAPA by weslambert; nusantara-self, StrangeBee
Analyzers updates
Familiar with Crowdsec, RecordedFuture and others? Now they’re better than ever:
- Crowdsec 1.1 by julienloizelet
- RecordedFuture Triage 2.0 by rpitts-recordedfuture
- ANY.RUN Sandbox 1.1 by nolsen311
- NERD 1.1 by vaclavbartos
- Censys 2.0 by nusantara-self, StrangeBee
New responders
Responders help you take swift action. This release introduces:
- AWS Lambda InvokeFunction by nusantara-self, StrangeBee
- EclecticIQ Responder by deepanshu-eiq
- Cloudflare IP Blocker by nickbabkin
- MS Entra ID TokenRevoker by jahamilto
- BinAnalyze_AIR by binalyze-murat
- Telegram by alexkolnik
- Netcraft by korteke
- Ansible AWX by Timmu91
- JAMF Protect by nusantara-self, StrangeBee
Responders updates
Some of your go-to responders got a tune-up, too:
- CrowdStrike Custom IOC 2.0 by nicoctn
- MSDefender Endpoints by louismaxx
- Duo Security Account Bypass Mode by jahamilto
Analyzers and responders removed or replaced
We’ve also retired a few outdated tools to keep things efficient. For instance, AzureTokenRevoker has been replaced by MSEntraID Token Revoker.
Various improvements, fixes or patches
Some of these analyzers / responders are now either back in shape or in better shape than they already were!
- SpamHausDBL, Phishtank, KasperskyTIP by emalderson
- HybridAnalysis by X0x1RG9f; nusantara-self, StrangeBee
- TorBlutmagie by red-ship-it
- DomainMailSPFDMARC by ch0wm3in
- Shuffle by tbi88
- OpenCTI by evost
- AbuseFinder, AbuseIPDB by vpiserchia
- and more… see full changelog!
How to benefit from the latest updates?
We would like to quickly remind you how to keep your analyzers and responders up to date with the latest features and improvements.
Here’s a simple checklist:
Catalog Update
- On TheHive 5.0.14+ and Cortex 3.1.7+, updates happen automatically. Check for notifications in TheHive to see if any analyzers or responders need attention.
Configure Analyzers & Responders
- For New Additions: Log in to Cortex as an Org Admin, refresh the Analyzers/Responders list, enable the new options, and configure any necessary parameters.
- For Obsolete Versions: Disable older versions, enable the latest, and adjust configurations as needed.
Update Report Templates
- In TheHive 5, remember to import the latest report templates to ensure compatibility and avoid issues.
For more details, refer to the official documentation here.
If you’re looking for integrations with the tools you use or wondering which analyzers and responders to add, you’ll find all the details in our dedicated documentation. Each analyzer and responder has its own page here.
Need support?
Should you encounter any difficulty, contact StrangeBee’s support.