Skip to main content

TheHive/Cortex Plugin

The CrowdSec Cortex Analyzer allows you to obtain a detailed report from CrowdSec's CTI smoke database.

Here is the source code of the analyzer and report template:


The CrowdSec analyzer is available in Cortex analyzers collection from version 3.2.0 and will be ready to use within your observables of type IP.

To add the CrowdSec analyzer to a case's observable you can refer to the offical documentation.

To complete/customize the template you can refer to this how to.


  1. For a case's observable of type IP click on preview

TheHive observables

  1. Run the CrowdSec analyzer
    • It should appear in the list
    • Click on the analyze (fire) icon

TheHive - Cortex Analyzers

  1. Check the report
    • Once the analyze process is complete, click on the date to see the report.
    • Note that if you run the analyzer again, multiple reports for each date will be available.

TheHive - Analyze complete

TheHive - Cortex report