Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local, LDAP, AD and API Key Authentication #7

Closed
saadkadhi opened this issue Feb 16, 2017 · 0 comments
Closed

Local, LDAP, AD and API Key Authentication #7

saadkadhi opened this issue Feb 16, 2017 · 0 comments
Assignees
@nadouani @To-om
Labels
feature request
Milestone
2.0.0

Comments

@saadkadhi
Copy link
Contributor

Request Type

Feature Request

Work Environment

NA

Problem Description

As stated in #2, anyone can access Cortex with no authentication. Anonymous users/services can run analyzers and consume quotas/queries and that is not desirable.

Possible Solutions

  1. Implement local, LDAP and AD authentication on the Web UI
  2. Implement local, LDAP and AD authentication on the REST API
  3. Implement API key authentication on the REST API for TheHive and 3rd party services

Complementary information

It must be possible to change or lock down the API key if it is compromised/leaked.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nadouani nadouani

@To-om To-om

Labels
feature request
Projects
None yet
Milestone
2.0.0
Development

No branches or pull requests
3 participants
@nadouani @saadkadhi @To-om