Observable analysis and active response engine for threat intelligence and incident response
- Stars1.6k
- Forks258
- Open Issues170
AGPL-3.0
- Scala
- JavaScript
- HTML
About Cortex
Cortex is an engine for analyzing observables gathered during threat intelligence, digital forensics, and incident response. It lets SOCs, CSIRTs, and researchers run IP addresses, email addresses, URLs, domain names, files, and hashes through one tool instead of juggling many separate services.
Observables can be analyzed individually or in bulk from a web interface, while a REST API drives the same work from automation pipelines. Bundled analyzers cover common observable types, and teams can add their own to expose any external service or in-house tool.
The stateless API scales horizontally to handle heavy analysis loads, and Cortex pairs natively with TheHive and MISP to enrich cases and intelligence. It is self-hosted and released under the AGPL.
Key features
- Analyze observables one by one or in bulk
- Web interface for analyst review
- REST API for automation
- Stateless API for horizontal scaling
- Extensible analyzer model for new services or tools
Details
- First released
- 2017
- License
- AGPL
- Languages
- Scala · Python
- API
- REST, stateless
- Scalability
- Horizontally scalable
- Integrations
- TheHive · MISP