A simple CLI client for Cortex
Project description
corcli - Cortex CLI client
Cortex is a Powerful Observable Analysis and Active Response Engine. While it is usually used along with TheHive Project, why not using it on a daily basis in a CLI fashion.
corcli was built in Python for this specific purpose.
Documentation: https://0xfustang.github.io/corcli-docs/
Source Code: https://github.com/0xFustang/corcli
Features
Key features are:
- Fast job submission: Submit one or multiple observables to Cortex with a different set of analysers
- Bulk submission: Submit jobs to Cortex observables from a text file
- Extract artifacts: Submit one or multiple job and display only the extracted artifacts
- Download files: Download extracted files from the job artifacts
- Use aliases for analysers: Map your own aliases to launch your favorite analysers
- Multi instance config: Submit jobs to another Cortex instance
Installation
with pip
corcli is published as a Python package and can be installed with pip, ideally by using a virtual environment. Before installing corcli, install libmagic as explained in the installation doc.
Open up a terminal and install corcli with:
pip install corcli
using Docker
A docker image is available from the repository and comes with all dependencies pre-installed. Open up a terminal and pull the image with:
docker pull ghcr.io/0xfustang/corcli:1.1.0
License
GPLv3
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
