Cortex

Cortex integration on indie.money — run analyzers and responders on observables

Written By pvdyck

Last updated About 1 hour ago

Cortex

Supported — Apply the Cortex analyzer/responder on a given entity and retrieve job results.

NodesCortex
AuthAPI Key (Bearer token) via Secure Vault

Credential Setup

When configuring the Cortex credential in Secure Vault, provide:

  • API Key — your Cortex API key, sent as a Bearer token on every request
  • Cortex Instance — the URL of your Cortex instance (e.g. https://localhost:9001)

Operations

Analyzer

  • Execute — run a selected analyzer against an observable. Choose the observable type, supply its value (or a binary file for file observables), set the TLP, and optionally force a cache bypass or wait for the report up to a timeout.

Responder

  • Execute — run a selected responder against an entity. Provide the entity type and either a JSON object or individual attributes (case, alert, observable, and related fields).

Job

  • Get — retrieve the details of a job by its ID.
  • Report — retrieve the full report of a job by its ID.

Compatibility

All operations supported.