DOC-410 & DOC-405 (#109)

* First draft

* Added link in installation procedures

* Created equivalent for Cortex

* Added links

* Functional check

* Changed package pages names

* Changed admonition type

* Reduced explanation in security

* Modified ways to find latest packages

* Updated package page

* Changed a text

* Changed TOC

* Small adjustments

* Removed manifest for Cortex

Author: AnneLaure1307

docs/cortex/installation-and-configuration/cortex-packages.md

@@ -0,0 +1,47 @@
+# Cortex Package Repository
+
+Cortex packages are distributed as RPM and DEB files, as well as ZIP binary packages, all available for direct download via tools like `wget` or `curl`, with installation performed manually.
+
+All packages are hosted on an [HTTPS-secured website](https://cortex.download.strangebee.com/){target=_blank} and come with a [SHA256 checksum](https://linux.die.net/man/1/sha256sum){target=_blank} and a [GPG](https://www.gnupg.org/){target=_blank} signature for verification.
+
+For detailed installation instructions, see [Step-by-Step Installation Guide](step-by-step-guide.md).
+
+## Repository structure
+
+```bash
+/
+├─ <major.minor>/
+│ ├─ asc/
+│ ├─ deb/
+│ ├─ rpm/
+│ ├─ sha256/
+│ └─ zip/
+```
+
+At the top level, each directory corresponds to a Cortex release branch.
+
+Within each version directory, packages are grouped by distribution format:
+
+* `deb/`: Debian and Ubuntu packages
+* `rpm/`: Packages for RHEL-compatible and Fedora distributions
+* `zip/`: Standalone binary distributions
+* `asc/`: GPG signature files used to verify the authenticity of packages
+* `sha256/`: SHA256 checksum files used to verify package integrity
+
+## Package naming convention
+
+All Cortex packages follow standard Linux packaging conventions.
+
+* For DEB packages: `<product>_<major.minor.patch>-<packaging_revision>_<architecture>.<package_format>`
+* For RPM packages: `<product>-<major.minor.patch>-<packaging_revision>.<architecture>.<package_format>`
+* For ZIP packages: `<product>-<major.minor.patch>-<packaging_revision>.<package_format>`
+
+### Understanding packaging revisions
+
+The packaging revision number identifies successive builds of the same Cortex application version. This number increases monotonically and indicates the build sequence. The same version with different packaging revisions contain identical Cortex application code.
+
+Always use the highest packaging revision available for a given version to benefit from packaging improvements.
+
+<h2>Next steps</h2>
+
+* [Step-by-Step Installation Guide](step-by-step-guide.md)

docs/cortex/installation-and-configuration/step-by-step-guide.md

@@ -200,7 +200,7 @@ This section provides step-by-step instructions to install Cortex and configure
 
 ### Installation
 
-Cortex packages are distributed as RPM and DEB files available for direct download via tools like Wget or cURL, with installation performed manually.
+Cortex packages are distributed as RPM and DEB files available for direct download via tools like `wget` or `curl`, with installation performed manually.
 
 All packages are hosted on an HTTPS-secured website and come with a [SHA256 checksum](https://linux.die.net/man/1/sha256sum){target=_blank} and a [GPG](https://www.gnupg.org/){target=_blank} signature for verification.
 
@@ -215,7 +215,7 @@ All packages are hosted on an HTTPS-secured website and come with a [SHA256 chec
 
     1. Download the binary package along with its SHA256 checksum and signature files. You can install Cortex anywhere on your filesystem.
 
-        * Using Wget
+        * Using `wget`
 
             ```bash
             wget -O /opt/cortex/cortex-{% include-markdown "includes/cortex-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1.zip https://cortex.download.strangebee.com/{% include-markdown "includes/cortex-latest-version.md" start="<!--start-shortversion-->" end="<!--end-shortversion-->" %}/zip/cortex-{% include-markdown "includes/cortex-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1.zip
@@ -234,7 +234,10 @@ All packages are hosted on an HTTPS-secured website and come with a [SHA256 chec
             * Replace `<file_name>` with the full name of the versioned file you want to install. For example, use `cortex-3.2.1-2`.
             * Replace `<major.minor_version>` with the corresponding version directory. For example, use `3.2`.
 
-        * Using cURL
+            !!! tip "Package repository"
+                For details on package organization and naming conventions, see [Cortex Package Repository](cortex-packages.md).
+
+        * Using `curl`
 
             ```bash
             curl -o /opt/cortex/cortex-{% include-markdown "includes/cortex-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1.zip https://cortex.download.strangebee.com/{% include-markdown "includes/cortex-latest-version.md" start="<!--start-shortversion-->" end="<!--end-shortversion-->" %}/zip/cortex-{% include-markdown "includes/cortex-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1.zip
@@ -253,6 +256,9 @@ All packages are hosted on an HTTPS-secured website and come with a [SHA256 chec
             * Replace `<file_name>` with the full name of the versioned file you want to install. For example, use `cortex-3.2.1-2`.
             * Replace `<major.minor_version>` with the corresponding version directory. For example, use `3.2`.
 
+            !!! tip "Package repository"
+                For details on package organization and naming conventions, see [Cortex Package Repository](cortex-packages.md).
+
     2. Verify the integrity of the downloaded package.
 
         * Check the SHA256 checksum by comparing it with the provided value.
@@ -273,7 +279,7 @@ All packages are hosted on an HTTPS-secured website and come with a [SHA256 chec
 
           * Verify the GPG signature using the public key.
      
-            a. Download the public key at [keys.download.strangebee.com](https://keys.download.strangebee.com){target=_blank} using Wget or cURL.
+            a. Download the public key at [keys.download.strangebee.com](https://keys.download.strangebee.com){target=_blank} using `wget` or `curl`.
 
             ```bash
             wget -O /opt/strangebee.gpg https://keys.download.strangebee.com/latest/gpg/strangebee.gpg

docs/includes/manual-download-installation-cortex.md

@@ -5,7 +5,7 @@
 
     1. Download the installation package along with its SHA256 checksum and signature files.
 
-        * Using Wget:
+        * Using `wget`:
 
             ```bash
             wget -O /tmp/cortex_{% include-markdown "includes/cortex-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1_all.deb https://cortex.download.strangebee.com/{% include-markdown "includes/cortex-latest-version.md" start="<!--start-shortversion-->" end="<!--end-shortversion-->" %}/deb/cortex_{% include-markdown "includes/cortex-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1_all.deb
@@ -24,7 +24,10 @@
             * Replace `<file_name>` with the full name of the versioned file you want to install. For example, use `cortex_3.2.1-2_all`.
             * Replace `<major.minor_version>` with the corresponding version directory. For example, use `3.2`.
 
-        * Using cURL:
+            !!! tip "Package repository"
+                For details on package organization and naming conventions, see [Cortex Package Repository](/cortex/installation-and-configuration/cortex-packages/).
+
+        * Using `curl`:
 
             ```bash
             curl -o /tmp/cortex_{% include-markdown "includes/cortex-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1_all.deb https://cortex.download.strangebee.com/{% include-markdown "includes/cortex-latest-version.md" start="<!--start-shortversion-->" end="<!--end-shortversion-->" %}/deb/cortex_{% include-markdown "includes/cortex-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1_all.deb
@@ -42,9 +45,12 @@
 
             * Replace `<file_name>` with the full name of the versioned file you want to install. For example, use `cortex_3.2.1-2_all`.
             * Replace `<major.minor_version>` with the corresponding version directory. For example, use `3.2`.
+
+            !!! tip "Package repository"
+                For details on package organization and naming conventions, see [Cortex Package Repository](/cortex/installation-and-configuration/cortex-packages/).
             
 
-    2. Verify the integrity of the downloaded package.
+    1. Verify the integrity of the downloaded package.
 
           * Check the SHA256 checksum by comparing it with the provided value.
 
@@ -64,7 +70,7 @@
 
           * Verify the GPG signature using the public key.
      
-            a. Download the public key at [keys.download.strangebee.com](https://keys.download.strangebee.com){target=_blank} using Wget or cURL.
+            a. Download the public key at [keys.download.strangebee.com](https://keys.download.strangebee.com){target=_blank} using `wget` or `curl`.
 
             ```bash
             wget -O /tmp/strangebee.gpg https://keys.download.strangebee.com/latest/gpg/strangebee.gpg
@@ -105,7 +111,7 @@
 
             If you don't see `Good signature`, if the fingerprint differs, or if the signature is reported as `BAD`, don't install the package. This indicates the integrity or authenticity of the file can't be confirmed. Report the issue to the [StrangeBee Security Team](mailto:security@strangebee.com).
 
-    3. Install the package.
+    2. Install the package.
 
         * Using `apt-get` to manage dependencies automatically:
 
@@ -126,7 +132,7 @@
 
     1. Download the installation package along with its SHA256 checksum and signature files.
 
-        * Using Wget:
+        * Using `wget`:
 
             ```bash
             wget -O /tmp/cortex-{% include-markdown "includes/cortex-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1.noarch.rpm https://cortex.download.strangebee.com/{% include-markdown "includes/cortex-latest-version.md" start="<!--start-shortversion-->" end="<!--end-shortversion-->" %}/rpm/cortex-{% include-markdown "includes/cortex-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1.noarch.rpm
@@ -145,7 +151,10 @@
             * Replace `<file_name>` with the full name of the versioned file you want to install. For example, use `cortex-3.2.1-1`.
             * Replace `<major.minor_version>` with the corresponding version directory. For example, use `3.2`.
 
-        * Using cURL:
+            !!! tip "Package repository"
+                For details on package organization and naming conventions, see [Cortex Package Repository](/cortex/installation-and-configuration/cortex-packages/).
+
+        * Using `curl`:
 
             ```bash
             curl -o /tmp/cortex-{% include-markdown "includes/cortex-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1.noarch.rpm https://cortex.download.strangebee.com/{% include-markdown "includes/cortex-latest-version.md" start="<!--start-shortversion-->" end="<!--end-shortversion-->" %}/rpm/cortex-{% include-markdown "includes/cortex-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1.noarch.rpm
@@ -164,7 +173,10 @@
             * Replace `<file_name>` with the full name of the versioned file you want to install. For example, use `cortex-3.2.1-1`.
             * Replace `<major.minor_version>` with the corresponding version directory. For example, use `3.2`.
 
-    2. Verify the integrity of the downloaded package.
+            !!! tip "Package repository"
+                For details on package organization and naming conventions, see [Cortex Package Repository](/cortex/installation-and-configuration/cortex-packages/).
+
+    1. Verify the integrity of the downloaded package.
 
           * Check the SHA256 checksum by comparing it with the provided value.
 
@@ -184,7 +196,7 @@
 
           * Verify the GPG signature using the public key.
      
-            a. Download the public key at [keys.download.strangebee.com](https://keys.download.strangebee.com){target=_blank} using Wget or cURL.
+            a. Download the public key at [keys.download.strangebee.com](https://keys.download.strangebee.com){target=_blank} using `wget` or `curl`.
 
             ```bash
             wget -O /tmp/strangebee.gpg https://keys.download.strangebee.com/latest/gpg/strangebee.gpg
@@ -225,7 +237,7 @@
 
             If you don't see `Good signature`, if the fingerprint differs, or if the signature is reported as `BAD`, don't install the package. This indicates the integrity or authenticity of the file can't be confirmed. Report the issue to the [StrangeBee Security Team](mailto:security@strangebee.com).
 
-    3. Install the package.
+    2. Install the package.
 
         * Using `yum` to manage dependencies automatically:
 

docs/includes/manual-download-installation-thehive.md

@@ -5,7 +5,7 @@
 
     1. Download the installation package along with its SHA256 checksum and signature files.
 
-        * Using Wget:
+        * Using `wget`:
 
             ```bash
             wget -O /tmp/thehive_{% include-markdown "includes/thehive-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1_all.deb https://thehive.download.strangebee.com/{% include-markdown "includes/thehive-latest-version.md" start="<!--start-shortversion-->" end="<!--end-shortversion-->" %}/deb/thehive_{% include-markdown "includes/thehive-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1_all.deb
@@ -24,7 +24,10 @@
             * Replace `<file_name>` with the full name of the versioned file you want to install. For example, use `thehive_5.5.14-2_all`. 
             * Replace `<major.minor_version>` with the corresponding version directory. For example, use `5.5`.
 
-        * Using cURL:
+            !!! tip "Package repository"
+                For details on package organization and naming conventions, see [TheHive Package Repository](/thehive/installation/thehive-packages/).
+
+        * Using `curl`:
 
             ```bash
             curl -o /tmp/thehive_{% include-markdown "includes/thehive-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1_all.deb https://thehive.download.strangebee.com/{% include-markdown "includes/thehive-latest-version.md" start="<!--start-shortversion-->" end="<!--end-shortversion-->" %}/deb/thehive_{% include-markdown "includes/thehive-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1_all.deb
@@ -43,6 +46,9 @@
             * Replace `<file_name>` with the full name of the versioned file you want to install. For example, use `thehive_5.5.14-2_all`. 
             * Replace `<major.minor_version>` with the corresponding version directory. For example, use `5.5`.
 
+            !!! tip "Package repository"
+                For details on package organization and naming conventions, see [TheHive Package Repository](/thehive/installation/thehive-packages/).
+
         
     2. Verify the integrity of the downloaded package.
 
@@ -64,7 +70,7 @@
 
           * Verify the GPG signature using the public key.
      
-            a. Download the public key at [keys.download.strangebee.com](https://keys.download.strangebee.com){target=_blank} using Wget or cURL.
+            a. Download the public key at [keys.download.strangebee.com](https://keys.download.strangebee.com){target=_blank} using `wget` or `curl`.
 
             ```bash
             wget -O /tmp/strangebee.gpg https://keys.download.strangebee.com/latest/gpg/strangebee.gpg
@@ -126,7 +132,7 @@
 
     1. Download the installation package along with its SHA256 checksum and signature files.
 
-        * Using Wget:
+        * Using `wget`:
 
             ```bash
             wget -O /tmp/thehive-{% include-markdown "includes/thehive-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1.noarch.rpm https://thehive.download.strangebee.com/{% include-markdown "includes/thehive-latest-version.md" start="<!--start-shortversion-->" end="<!--end-shortversion-->" %}/rpm/thehive-{% include-markdown "includes/thehive-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1.noarch.rpm
@@ -145,7 +151,10 @@
             * Replace `<file_name>` with the full name of the versioned file you want to install. For example, use `thehive-5.5.14-2`.
             * Replace `<major.minor_version>` with the corresponding version directory. For example, use `5.5`.
 
-        * Using cURL:
+            !!! tip "Package repository"
+                For details on package organization and naming conventions, see [TheHive Package Repository](/thehive/installation/thehive-packages/).
+
+        * Using `curl`:
 
             ```bash
             curl -o /tmp/thehive-{% include-markdown "includes/thehive-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1.noarch.rpm https://thehive.download.strangebee.com/{% include-markdown "includes/thehive-latest-version.md" start="<!--start-shortversion-->" end="<!--end-shortversion-->" %}/rpm/thehive-{% include-markdown "includes/thehive-latest-version.md" start="<!--start-fullversion-->" end="<!--end-fullversion-->" %}-1.noarch.rpm
@@ -163,9 +172,11 @@
 
             * Replace `<file_name>` with the full name of the versioned file you want to install. For example, use `thehive-5.5.14-2`.
             * Replace `<major.minor_version>` with the corresponding version directory. For example, use `5.5`.
-            
 
-    2. Verify the integrity of the downloaded package.
+            !!! tip "Package repository"
+                For details on package organization and naming conventions, see [TheHive Package Repository](/thehive/installation/thehive-packages/).
+            
+    1. Verify the integrity of the downloaded package.
               
           * Check the SHA256 checksum by comparing it with the provided value.
 
@@ -185,7 +196,7 @@
 
           * Verify the GPG signature using the public key.
      
-            a. Download the public key at [keys.download.strangebee.com](https://keys.download.strangebee.com){target=_blank} using Wget or cURL.
+            a. Download the public key at [keys.download.strangebee.com](https://keys.download.strangebee.com){target=_blank} using `wget` or `curl`.
 
             ```bash
             wget -O /tmp/strangebee.gpg https://keys.download.strangebee.com/latest/gpg/strangebee.gpg
@@ -226,7 +237,7 @@
 
             If you don't see `Good signature`, if the fingerprint differs, or if the signature is reported as `BAD`, don't install the package. This indicates the integrity or authenticity of the file can't be confirmed. Report the issue to the [StrangeBee Security Team](mailto:security@strangebee.com).
 
-    3. Install the package.
+    2. Install the package.
 
         * Using `yum` to manage dependencies automatically:
 

docs/resources/security.md

@@ -22,6 +22,18 @@ Local account passwords are stored using strong cryptographic hashing. TheHive i
 
 This approach ensures that passwords remain protected against brute-force attacks even if the database is compromised.
 
+## Software supply chain transparency
+
+TheHive provides [SBOM](https://github.com/resources/articles/what-is-an-sbom-software-bill-of-materials){target=_blank} files for its published packages. These files describe the third-party components and dependencies included in the backend and frontend of each TheHive build and are provided for transparency and audit purposes. They don't affect the runtime behavior of TheHive.
+
+SBOM files are intended to support:
+
+* Security audits
+* Vulnerability management processes
+* Compliance and regulatory requirements
+
+For details on retrieving SBOM files, see [TheHive Package Repository](../thehive/installation/thehive-packages.md).
+
 <h2>Next steps</h2>
 
 * [Install TheHive on Linux Systems](../thehive/installation/installation-guide-linux-standalone-server.md)