Every few months, StrangeBee puts out an update to TheHive (Security Incident Response Platform). This month they have added Elasticsearch as an index engine to alleviate issues with using Cassandra, and they have integrated support for MISP galaxies as well!
Now Incident Responders using TheHive can export IOCs and Galaxy assignment directly from TheHive to MISP.
Read More “TheHive 4.1.0 Deployment and Integration with MISP” »
Static analysis for me has become more fun with the inclusion of Assemblyline into my arsenal. But the lack of integration between other elements of my FOSS SOC stack was concerning.
In this post I detail not only how to write a Cortex Analyzer, but also how to integrate with other appliances with that analyzer.
Read More “Building the Assemblyline Analyzer for TheHive’s Cortex.” »
Since the last write up I published on TheHive, there have been some significant changes and updates to TheHive. So for this post I will be walking through the installation and deployment of TheHive4 (4.0.5) and the connection to MISP, Cortex and enabling Webhooks.
Read More “Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.” »
I have been an off and on user of TheHive for nearly a year now, and it is encouraging to see the development and release of TheHive4 (even if in pre-release). In this post I will walk through the deployment, configuration and migration of TheHive to TheHive4, and what improvements have been implemented into this release.