{"id":794,"date":"2026-06-03T22:46:30","date_gmt":"2026-06-03T22:46:30","guid":{"rendered":"https:\/\/quantusintel.group\/osint\/blog\/2026\/06\/03\/new-tools-new-errors-deploying-thehive-cortex-on-kali-linux-with-docker\/"},"modified":"2026-06-03T22:46:30","modified_gmt":"2026-06-03T22:46:30","slug":"new-tools-new-errors-deploying-thehive-cortex-on-kali-linux-with-docker","status":"publish","type":"post","link":"https:\/\/quantusintel.group\/osint\/blog\/2026\/06\/03\/new-tools-new-errors-deploying-thehive-cortex-on-kali-linux-with-docker\/","title":{"rendered":"New Tools, New Errors: Deploying TheHive & Cortex on Kali Linux with Docker"},"content":{"rendered":"

New Tools, New Errors: Deploying TheHive & Cortex on Kali Linux with\u00a0Docker<\/h3>\n

\u201cEvery new tool is a lesson in patience, precision, and unexpected problems.\u201d<\/p><\/blockquote>\n

\"\"
Image generated by\u00a0AI<\/figcaption><\/figure>\n

As a Security Analyst, I\u2019m always on the lookout for open-source tooling that elevates threat detection, incident response, and case management. Recently, I decided to dive into TheHive<\/strong>\u00a0,a powerful Security Incident Response Platform (SIRP), alongside its analyst-friendly companion, Cortex<\/strong>.<\/p>\n

Like most promising tools in infosec, the install process didn\u2019t go\u00a0quietly.<\/p>\n

This blog captures the raw, unpolished journey of deploying TheHive using Docker on Kali Linux<\/strong>, from pulling the image to hitting cryptic errors, chasing down missing directories, and ultimately documenting what actually works and what\u00a0doesn\u2019t.<\/p>\n

The Plan<\/h3>\n
    \n
  1. Pull Docker images for TheHive and\u00a0Cortex.<\/li>\n
  2. Run containers, map ports, and mount\u00a0volumes.<\/li>\n
  3. Start analyzing incidents like a\u00a0boss.<\/li>\n<\/ol>\n

    Reality:<\/strong>
    \u201cContainer started.\u201d
    Then:<\/p>\n

    AccessDeniedException: \/opt\/thp\/thehive\/db\/je.properties<\/em><\/p><\/blockquote>\n

    Let\u2019s break it all down, step by painful\u00a0step.<\/p>\n

    Step 1: Pulling TheHive Docker\u00a0Image<\/h3>\n
    docker pull strangebee\/thehive:5.0.23
    docker run -d --name thehive -p 9000:9000 strangebee\/thehive:5.0.23<\/pre>\n
    Step 2: Java Death Logs\u00a0Begin<\/h3>\n
    org.thp.scalligraph.ScalligraphApplicationImpl$InitialisationFailure: \/opt\/thp\/thehive\/db\/je.properties
    Caused by: java.nio.file.AccessDeniedException<\/pre>\n
    This screamed BerkeleyDB<\/strong> and permission issues<\/strong>.<\/p>\n
    Step 3: File Doesn\u2019t\u00a0Exist?<\/h3>\n
    Ran this:<\/p>\n
    ls -l \/opt\/thp\/thehive\/db\/je.properties<\/pre>\n
    No such file or directory.<\/p>\n
    Tried to fix permissions anyway:<\/p>\n
    sudo chown -R thehive:thehive \/opt\/thp<\/pre>\n
    sudo chown -R thehive:thehive \/opt\/thp<\/p>\n
    Result?<\/p>\n
    invalid user: thehive:thehive<\/p>\n
    Naturally. There\u2019s no \u201cthehive\u201d user, we\u2019re in Docker land, not systemd territory.<\/p>\n
    Step 4: Clean It All\u00a0Up<\/strong><\/h3>\n
    At this point, I made a call, let\u2019s delete TheHive and reinstall<\/strong>:<\/p>\n
    docker ps -a                    # Find container ID
    docker rm <container-id>        # Remove it
    docker rmi <image-id>           # Remove image<\/pre>\n
    docker rmi <image-id> # Remove\u00a0image<\/p>\n
    Only after killing the container was I allowed to delete the\u00a0image.<\/strong><\/p>\n
    Step 5: Docker Compose Templates Galore<\/strong><\/h3>\n
    Navigated to my Docker templates folder, and guess\u00a0what?<\/p>\n
    cd ~\/Docker-Templates\/docker\/<\/pre>\n
    Over 10+ TheHive variations, from thehive4-cortex31-nginx-https to thehive35-cortex3-es7. Overwhelming? A bit. But the community support is\u00a0real.<\/p>\n
    Step 6: Cortex. Still Untested, but\u00a0Pulled<\/h3>\n
    docker pull cortexproject\/cortex:latest<\/pre>\n
    Image pulled, ready to test, but I paused deployment until I got TheHive running\u00a0cleanly.<\/p>\n
    Lessons Learned<\/strong><\/p>\n