TheHive-Project · ballaswetha · Mar 10, 2020 · Mar 10, 2020 · Mar 12, 2020 · Mar 12, 2020
diff --git a/TheHive4/Administration/Backup_Restore.md b/TheHive4/Administration/Backup_Restore.md
@@ -11,7 +11,7 @@
 - Before taking snapshots
 
 ```
-nodetool cleanup cycling
+nodetool cleanup thehive
 ```
 
 - Take a snapshot
@@ -24,4 +24,28 @@ nodetool -h localhost -p 7199 snapshot thehive
 nodetool -h localhost -p 7199 clearsnapshot -t <snapshotname>
 ```
 
+- Restore snapshot 
+The default folder structure under thehive keyspace looks as follows:
+```
+drwxr-xr-x  4 cassandra cassandra 4096 Mar 16 01:57 edgestore-UUID
+drwxr-xr-x  4 cassandra cassandra 4096 Mar 16 01:57 edgestore_lock_-UUID
+drwxr-xr-x  4 cassandra cassandra 4096 Mar 16 01:57 graphindex-UUID
+drwxr-xr-x  4 cassandra cassandra 4096 Mar 16 01:57 graphindex_lock_-UUID
+drwxr-xr-x  4 cassandra cassandra 4096 Mar 16 01:57 janusgraph_ids-UUID
+drwxr-xr-x  4 cassandra cassandra 4096 Mar 16 01:57 system_properties-UUID
+drwxr-xr-x  4 cassandra cassandra 4096 Mar 16 01:57 system_properties_lock_-UUID
+drwxr-xr-x  4 cassandra cassandra 4096 Mar 16 01:57 systemlog-UUID
+drwxr-xr-x  4 cassandra cassandra 4096 Mar 16 01:57 txlog-UUID
+```
+
+```
+cp /var/lib/cassandra/data/thehive/<table_name-UUID>/snapshots/<snapshot_name> /var/lib/cassandra/data/thehive/<table_name-UUID>/  # Copy all snapshot files into the individual folders; copy the directory as-is into the table_name-UUID folder.  
+nodetool -h localhost -p 7199 refresh -- thehive txlog
+nodetool -h localhost -p 7199 refresh -- thehive systemlog
+nodetool -h localhost -p 7199 refresh -- thehive system_properties
+nodetool -h localhost -p 7199 refresh -- thehive edgestore
+nodetool -h localhost -p 7199 refresh -- thehive graphindex
+chown -R cassandra.root /var/lib/cassandra/ # Depending on where/how the backups are copied, chown helps fix any permissioning issues 
+```
+
 
diff --git a/TheHive4/Administration/Migration.md b/TheHive4/Administration/Migration.md
@@ -25,24 +25,57 @@ The default domain used to import existing users in, is configured in TheHive4 c
 auth.defaultUserDomain: "mydomain.com"
 ```
 
+In addition, update the authentication information as well. For instance, if a key is being used the authentication configuration block would be as follows:
+```yaml
+auth {
+  providers: [
+//    {name: session}               # required !
+//    {name: basic, realm: thehive}
+//    {name: local}
+    {name: "bearer ***APIKEY***"}
+  ]
+# The format of logins must be valid email address format. If the provided login doesn't contain `@` the following
+# domain is automatically appended
+  defaultUserDomain: "example.com"
+}
+```
+
 This domain will be appended to user accounts from TheHive 3.4.x.
 
+Prior to running the `migrate` tool, connectivity can be tested by using
+```bash
+$curl http://ELASTICSEARCH_IP_ADDRESS:9200
+{
+  "name" : "R2-U361",
+  "cluster_name" : "elasticsearch",
+  "cluster_uuid" : "***UUID***",
+  "version" : {
+    "number" : "5.6.16",
+    "build_hash" : "3a740d1",
+    "build_date" : "2019-03-13T15:33:36.565Z",
+    "build_snapshot" : false,
+    "lucene_version" : "6.6.1"
+  },
+  "tagline" : "You Know, for Search"
+}
+```
+
 Once TheHive4 configuration file (`/etc/thehive/application.conf`) is correctly filled you can run migration tool:
 
 ```bash
-/opt/thehive/bin/migration \
+/opt/thehive/bin/migrate \
   --output /etc/thehive/application.conf \
   --main-organisation myOrganisation \
   --es-uri http://ELASTICSEARCH_IP_ADDRESS:9200
 ```
 
 The *Organisation* named *myOrganisation* is created by the migration tool and Users, Cases and Alerts from TheHive3 are created under that organisation.
 
-More parameters are available, run `/opt/thehive/bin/migration --help` for a summary.
+More parameters are available, run `/opt/thehive/bin/migrate --help` for a summary.
 
 ---
 
 ⚠️ **Note**
 The migration process can be very long, from several hours to several days, depending on the volume of data to migrate. TheHive4 can be started and used during migration. More recent data are migrated first.
 
----
+---
diff --git a/TheHive4/Installation/Install_deb.md b/TheHive4/Installation/Install_deb.md
@@ -68,7 +68,7 @@ By default, data is stored in `/var/lib/cassandra`.
 
 ### Configuration
 
-Start by changing the `cluster_name` with `thp`. Run the command `sqlsh`: 
+Start by changing the `cluster_name` with `thp`. Run the command `cqlsh`: 
 
 ```bash
 UPDATE system.local SET cluster_name = 'thp' where key='local';
@@ -168,7 +168,7 @@ ln -s hadoop-3.1.3 hadoop
 - Create a user and update permissions
 
 ```bash
-useradd hadoop
+useradd -m -s /bin/bash hadoop
 chown hadoop:root -R /opt/hadoop*
 ```
 

diff --git a/api/README.md b/api/README.md
@@ -12,3 +12,6 @@ TheHive exposes REST APIs through JSON over HTTP.
 - [Log](log.md)
 - [User](user.md)
 - [Connectors](connectors)
+
+Caveats:
+- Not all information is output using the API. In order to get information about more cases/alerts, please use *?range=a-b* in the URL (e.g. curl -XGET -H 'Authorization: Bearer KEY' -H 'Content-Type: application/json' http://domain:9000/api/case?range=0-200), where a and b specify the range.