Tagging needed on the relevant release #19
Comments
I'm flattered!
I think that you mean I should make a version tag of my Helm charts, yes? Because I specified tagged versions of TheHive and MISP containers in the chart code. You would want tagged chart versions because you want to take this to production. I want you to know about some prerequisites and challenges that face you. I can tag a version of what exists now. It worked a year ago, and I suppose you may have some initial good signs that it works for you now. But I haven't touched these charts in a year. Proper maintenance would require:
So about (4) above, the pull request I made to the Cortex project was to enable running analysis/response jobs inside a Kubernetes environment. It was never merged into Cortex. The only way I know to run those jobs, in a Kubernetes environment, with an official version of Cortex, is to put the entire Python environment and all the analysis/response job code inside the Cortex container, and run those jobs as subprocesses of the Cortex web app, inside the same container. It's possible, but it makes building the Cortex container image both more difficult and more frequently needed, and it throws away a lot of the gains you can make by containerizing software---security among them. I put that Cortex pull request in, talked about it on the Discord, and heard from the maintainers that they were very busy at the time. A few weeks later, TheHive 5 was announced, along with a big focus on Strangebee maintaining your Hive/Cortex installation in the cloud for you. So I am not sure if the Cortex authors want that code in Cortex. I haven't talked with them since then, to know what their motives are toward my contribution; but a few other people gave the pull request a thumbs up or comment on GitHub, and asked for it on the Discord, and there it sits. Now, as announced, TheHive 5 is not open-source software, and Strangebee is going to quit work on TheHive 4 at the end of 2022. That's six months away now. They just announced a major security vulnerability in TheHive and Cortex. In six months, this sort of problem will have to be both found and fixed by whatever community remains on TheHive 4. I don't mean to scare you off with all this; I just want your plans to be well-informed and well-founded, and to succeed. What do you think? |
|
Oh good grief. I forgot my blog at j.agrue.info is also dead. I have to bring that back too. |
|
OK, blog resurrected, http://j.agrue.info. The series of articles about TheHive, Cortex, MISP, and Kubernetes is not tagged nor categorized well; I hope to improve that. I've tagged and released v1.0.0 of this chart, as well as of the helm-cortex and helm-misp charts. Note that for the Cortex chart you have to use my nonstandard Cortex fork, which needs maintenance. The MISP you will get from the MISP chart cannot email you. That's items 0 through 3 in my above list. |
|
Hello @jaredjennings, |
|
Thanks, @ThirtyThirds ! That means a lot. I've been working on the Cortex pull request. It's more of a challenge to bring it up to date than I expected, because there were larger changes than I expected to the Docker job runner in the past year, and I want to know more about what I'm doing than I bothered to find out last time. Keep up with changes on my blog, https://j.agrue.info. (Now with HTTPS goodness!) |
|
We're through step 6. Version 1.0.1 of this chart specifies the latest released version of TheHive 4 as of this writing. |
Jared, We're thinking of giving a go to your charts for hive, cortex as well as misp. However we'd like to request you to please create a release/tag a particular version so that we can pickup the exact version and not get surprises by the constantly changing
mainbranch.Is this possible?
The text was updated successfully, but these errors were encountered: