What's Cortex ?
POWERFUL OBSERVABLE ANALYSIS AND ACTIVE RESPONSE ENGINE

By using Cortex, you won’t need to reinvent the wheel every time you’d like to use a service or a tool to analyze an observable, helping you investigate the case at hand or see if it contain threats before it’s too late. Leverage its very large and powerful set of analyzers or create your own analyzer or responder using any programming language supported by Linux and share them with your team or, better yet, with the whole community! Remember that you can also simultaneously query multiple MISP instances.

Cortex is the perfect companion for TheHive. TheHive can connect to one or multiple Cortex instances. With a few clicks you can analyze tens, if not hundreds of observables at once or trigger active responses. Using TheHive’s report engine, it’s easy to parse Cortex output and display it the way you want. You can also use Cortex as a standalone product thanks to its powerful Web UI to manage multiple organizations, analyzers and configure query limits. Cortex can be interfaced with other products through its REST API or by using Cortex4py.

Cortex comes with more than a hundred analyzers for popular services such as VirusTotal, Joe Sandbox, DomainTools, PassiveTotal, Google Safe Browsing, Shodan and Onyphe. Identify abuse contacts, parse files in several formats such as OLE and OpenXML to detect VBA macros, generate useful information on PE, PDF files and much more. Cortex analyzers can also be queried from MISP to enrich events and extend the coverage of your investigations.