diff --git a/docs/admin_guides/how-to-upgrade-analyzers-responders.md b/docs/admin_guides/how-to-upgrade-analyzers-responders.md new file mode 100644 index 000000000..533622b9e --- /dev/null +++ b/docs/admin_guides/how-to-upgrade-analyzers-responders.md @@ -0,0 +1,66 @@ +# How to upgrade analyzers & responders to the latest version + +This guide outlines the steps to take when there is a new release of Cortex-Analyzers so that you can benefit from the new or updated analyzers and responders. + +There are three steps to perform, two of which require user action: + +1. **Catalog Update** (automatic) +2. **Configure Analyzers & Responders in Cortex** (user action required) +3. **Update Analyzers' Report Templates** (user action required) + + +## Step 1: Catalog Update + +With **TheHive version 5.0.14 and above** and **Cortex version 3.1.7 and above**, Cortex automatically fetches and updates the catalog. As a result, you may receive a notification in TheHive indicating that action is required if there is any new version of an analyzer or responder you are already using. + +This notification can be seen in the *bottom left* corner of your TheHive interface. + +![TheHive Notification for new analyzers/responders](../images/cortex-thehive-analyzers-upgrade-notification.png){ width=20% } + +Clicking on it will open a drawer indicating if there are any obsolete analyzers or responders. + +![TheHive Obsolete Analyzers](<../images/thehive-cortex-obsolete-drawer.png>) + +## Step 2: Configure Analyzers & Responders in Cortex + +### 2a. Setting Up Newly Available Analyzers or Responders + +When new analyzers or responders are available, please refer to the [changelog](https://thehive-project.github.io/Cortex-Analyzers/CHANGELOG/) to review the new additions so you don't miss anything. + +Then, perform the following steps: + +- **Log in to Cortex** as an Org Administrator +- **Refresh Analyzers and Responders** by navigating to the ***Organization*** section, selecting the ***Analyzers*** and ***Responders*** tab and pressing the ***Refresh*** button. +- **Enable new analyzers and responders** you wish to use. +- **Configure the settings and authentication parameters** as needed. + +![refresh responders](../images/refresh-responders.png) + +### 2b. Updating Obsolete Analyzers or Responders + +Analyzers or responders become obsolete when a new version is available. + +#### Check for Updates in Cortex + +- **Log in to Cortex** as an Org Administrator to review available updates. +- Look out for any **red badge notifications**, as they indicate actions that need your attention. +- **Refresh Analyzers and Responders** by navigating to the ***Organization*** section, selecting the ***Analyzers*** and ***Responders*** tab and pressing the ***Refresh*** button. + +![obsolete analyzer refresh](../images/obsolete-analyzer-refresh.png) + +#### Update Your Configuration + +- If there is a version increment, **disable older versions** that are no longer needed, and enable the new versions by pressing the "Enable" button on the newer one. +- **Configure the settings and authentication parameters** as needed. + + +![enable analyzer](../images/enable-analyzer.png) + + +## Step 3: Update the Analyzers' Report Templates + +If you're using **TheHive 5**, remember to always **import the new report templates** into your instance. This step is essential for an optimal experience with the updated analyzers and responders. Otherwise, you may encounter issues with the report templates for the new analyzers. + +Refer to the [official documentation on how to update Analyzers templates](https://docs.strangebee.com/thehive/administration/analyzers-templates/) in your TheHive tenant. + +![update-analyzers-template](../images/update-analyzers-template.png) diff --git a/docs/images/cortex-thehive-analyzers-upgrade-notification.png b/docs/images/cortex-thehive-analyzers-upgrade-notification.png new file mode 100644 index 000000000..c9710f84f Binary files /dev/null and b/docs/images/cortex-thehive-analyzers-upgrade-notification.png differ diff --git a/docs/images/enable-analyzer.png b/docs/images/enable-analyzer.png new file mode 100644 index 000000000..1542d1db6 Binary files /dev/null and b/docs/images/enable-analyzer.png differ diff --git a/docs/images/obsolete-analyzer-refresh.png b/docs/images/obsolete-analyzer-refresh.png new file mode 100644 index 000000000..e42d8ee33 Binary files /dev/null and b/docs/images/obsolete-analyzer-refresh.png differ diff --git a/docs/images/refresh-responders.png b/docs/images/refresh-responders.png new file mode 100644 index 000000000..8496780ff Binary files /dev/null and b/docs/images/refresh-responders.png differ diff --git a/docs/images/thehive-cortex-obsolete-drawer.png b/docs/images/thehive-cortex-obsolete-drawer.png new file mode 100644 index 000000000..6586993e3 Binary files /dev/null and b/docs/images/thehive-cortex-obsolete-drawer.png differ diff --git a/docs/images/update-analyzers-template.png b/docs/images/update-analyzers-template.png new file mode 100644 index 000000000..a6bde2749 Binary files /dev/null and b/docs/images/update-analyzers-template.png differ