Cyber Analytics Platform and Examination System (CAPES)

capes logo

CAPES is an operational-focused service hub for segmented, self-hosted, and offline (if necessary) incident response, intelligence analysis, and hunt operations.

Services in CAPES

  1. Mattermost (Chat)
  2. HackMD (Collaboration-style documentation)
  3. Gitea (Version controlled documentation)
  4. TheHive (Incident Response)
  5. Cortex (Indicator enrichment)
  6. CyberChef (Data analysis)
  7. Mumble (VoIP)
  8. Beats - Metric, Heart, and File (Performance and health metrics)
  9. Kibana (Data visualization)

capes logo


Please see below for Build, Operate, Maintain specifics on the different web applications


There has not been extensive testing with these requirements, but all of these services have run without issue on a single virtual machine with approximately 20 users and no issue for a week (I’m sure it would have kept running, 1 week was just when we stopped our testing). That said, your mileage may vary.

While the OS version isn’t a hard requirement, all testing and development work has been done with CentOS 7.4.1708 (Core).

Component Number
OS CentOS 7.4.1708 (Core)
Cores 4
Hard Disk 20 GB


Finally, here we go.

sudo yum install git -y
git clone
cd capes
sudo sh

This will start the automated build of:

  • Configure NTP (likely already done, but in the event you skipped the Build your OS steps)
  • Install Kibana
  • Install Filebeat
  • Install Metricbeat
  • Install Heartbeat
  • Install Mattermost
  • Install Gitea
  • Install HackMD
  • Install Mumble
  • Install TheHive
  • Install Cortex
  • Install Nginx
  • Install CyberChef
  • Install the CAPES landing page
  • Secure the MySQL installation
  • Set everything to autostart

Get Started

After the CAPES installation, you should be able to browse to http://your_capes_system (or http://your_capes_IP if you don’t have DNS set up) get get to the CAPES landing page and start setting up services by following the post installation steps.

Although most of these services are fairly intuitive, I strongly recommend that you look at the Build, Operate, Maintain guides for these services before you get going too far. A few of the services launch a configuration pipeline that is obnoxious to restart if you don’t complete it the first time (I’m looking at you TheHive and Gitea).


Please see the documentation or feel free to open a GitHub Issue.

You can run $ capes_processes to make sure all of your processes are running.

Want to join the discussion? Send a request to join our Slack Workspace to contact [at] capesstack[.]io


Interested in some CAPES swag? Send me a email to contact [at] capesstack[.]io and I’ll send you some laptop decals.

If you’re interested in CAPES t-shirts, we parter with TeeSpring for those. Feel free to check out our storefront. We don’t make a penny on these - 100% of the profits go to the National Alliance to End Homelessness.

Training & Professional Services

While CAPES is a FOSS project (and always will be) we’ll attempt to support deployment questions via the GitHub Issues page, if you need training or PS, please feel free to check out some options over at Perched