← Back to Skills Marketplace
Soc Deploy Thehive
by
Solomon Neas
· GitHub ↗
· v1.0.0
· MIT-0
147
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install soc-deploy-thehive
Description
Deploy TheHive 5 + Cortex 3 incident response platform on any Docker-ready Linux host. Automates account creation, API key generation, Cortex CSRF handling,...
Usage Guidance
This skill appears to do what it says: deploy TheHive + Cortex to a Docker-ready Linux host and generate API keys. Before using it: (1) only run it on a host you control and trust — it will create containers and save plaintext credentials to ~/thehive-cortex/api-keys.txt and print them to stdout; delete or move that file to secure storage when done. (2) Ensure the target has prerequisites installed (docker, docker compose v2, curl, openssl, sed) and that you have SSH/SCP access as instructed. (3) Review the included setup.sh and docker-compose.yml yourself (they are provided) to confirm network/port exposure and volumes meet your security policy. (4) Consider using a stronger generated secret and rotating keys after initial setup. If you want tighter security, run the deployment in an isolated lab or VM, and then harden the instance (firewall, remove plaintext key files, enable TLS) before exposing it to production.
Capability Analysis
Type: OpenClaw Skill
Name: soc-deploy-thehive
Version: 1.0.0
The skill is a legitimate automation bundle for deploying TheHive 5 and Cortex 3 incident response platforms via Docker. The core logic in `scripts/setup.sh` correctly handles complex multi-step setup processes, including service health polling, administrative password rotation, and the specific CSRF-token requirements of the Cortex API. It generates secure random secrets using `openssl` and properly integrates the two services by programmatically updating the `docker-compose.yml` file. All network activity is restricted to `localhost` for service configuration, and the documentation provided in `gotchas.md` and `api-reference.md` is accurate and helpful for the stated purpose.
Capability Assessment
Purpose & Capability
The name/description match the included artifacts: SKILL.md, docker-compose.yml, and setup.sh all perform TheHive+Cortex deployment and API key setup. Minor mismatch: the registry metadata lists no required binaries, but the instructions and script expect common system tools (ssh/scp, docker, docker compose, curl, sed, openssl). This is expected for the stated purpose but the manifest omits declaring those prerequisites.
Instruction Scope
SKILL.md and setup.sh stay within deployment scope: they create/write docker-compose.yml (after user SCP), start containers, perform HTTP calls to local services to create users/keys, and wire integration. They explicitly save generated credentials to ~/thehive-cortex/api-keys.txt and print them to stdout — this is necessary for the task but is sensitive and should be handled carefully. The instructions do not read unrelated host files or call external endpoints.
Install Mechanism
No install spec; this is an instruction-only skill with an included setup.sh and static docker-compose. Nothing is downloaded from arbitrary URLs or installed on the agent's machine. Risk from installation is low.
Credentials
The skill does not request credentials or environment variables in its manifest, which is consistent. However, the script relies on host binaries (docker, docker compose, curl, openssl, sed, ssh/scp for SCP/SSH steps) that are not declared; ensure these exist on the target. The script writes plaintext credentials and API keys to a file in the target user's home and prints them — appropriate for deployment but a sensitive side-effect.
Persistence & Privilege
The skill does not request privileged platform features (always:true is false). It creates Docker containers with restart: unless-stopped and writes files under the target user's home; that persistence is expected for a service deployment and is within scope.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install soc-deploy-thehive - After installation, invoke the skill by name or use
/soc-deploy-thehive - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of soc-deploy-thehive: Deploy TheHive 5 + Cortex 3 via Docker on any Linux host.
- Automates deployment of TheHive 5.4 and Cortex 3.1.8, including all integration wiring.
- Handles admin account creation, password setting, API key generation, and Cortex CSRF/workflow.
- Verifies all services are running, writes ready-to-use API keys and URLs to disk.
- Platform-agnostic: works on any SSH-accessible, Docker-ready Linux host.
- Includes guidance on required RAM, dependencies, integration gotchas, and output usage.
Metadata
Frequently Asked Questions
What is Soc Deploy Thehive?
Deploy TheHive 5 + Cortex 3 incident response platform on any Docker-ready Linux host. Automates account creation, API key generation, Cortex CSRF handling,... It is an AI Agent Skill for Claude Code / OpenClaw, with 147 downloads so far.
How do I install Soc Deploy Thehive?
Run "/install soc-deploy-thehive" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Soc Deploy Thehive free?
Yes, Soc Deploy Thehive is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Soc Deploy Thehive support?
Soc Deploy Thehive is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Soc Deploy Thehive?
It is built and maintained by Solomon Neas (@solomonneas); the current version is v1.0.0.
More Skills