🔧Configure Hive

Before we stat the configurations of the hive we want to make sure that hive user and group has access to certain file path.

ls -la /opt/thp

Hive file path

As we can see now root has access to the hive directory. we need to change that. In order to change that you can use below command

chown -R thehive:thehive /opt/thp

Then you can use the above command again to verify the status.

ls -la /opt/thp

Hive file path permission change

Now we are good to go for configure the hive configuration files.

The hive configuration files located under the,

/etc/thehive/application.conf

Use below command to edit the configuration file.

gedit /etc/thehive/application.conf

The hive config file

When you scroll down you can find the database and index configurations. This is what we need to configure. We have to remove the default host name IP and add the hive VM IP.

Here I have replace the 127.0.0.1 in to my IP 192.168.200.200.

Hive Hostname IP

Also you have to change the Cassandra cluster name here as well as the host name under the index search below. please make sure to add the same cluster name as we configured in Cassandra cluster.

The Hive Cluster Name

Then you scroll down you can find the application based URL which is pointing to the local host. I'll change it to my usual IP of the VM 192.168.200.200

The Hive Application Base URL

That’s all… now we have to save the configuration file and exit from the text editor.

Now we can start the hive as well as the enable the hive.

systemctl start thehive
systemctl enable thehive

Hive service enable

Now lets go and check the service status of the hive.

systemctl status thehive

As you can see it is active and running

Thehive Service is Active and Running

NOTE - If you cannot access the hive please make sure check all the service

Cassandra, Elasticsearch and hive without all of them the hive won’t start.

If all good then we can try to access the hive web interface using the IP address and the port number. in my case 192.168.200.200:9000

The Hive Login Page

We can use the default credentials to log in to the hive

username- admin@thehive.local

password - secret

The Hive Logins

Now we have done with the hive configuration and will move to the Wazuh and configure that.