I’m using OSSEC to feed an instance of TheHive to investigate security incidents reported by OSSEC. To better categorize the alerts and merge similar events, I needed to add more observables. OSSEC alerts are delivered by email with interesting information for TheHive. This was an interesting use case to play
![Imap2TheHive Logo](https://blog.rootshell.be/wp-content/uploads/2018/02/imap2thehive.png)