TheHive Archives - /dev/random

Imap2TheHive: Support for Custom Observables

July 13, 2018 OSSEC, Security, TheHive Leave a comment

I’m using OSSEC to feed an instance of TheHive to investigate security incidents reported by OSSEC. To better categorize the alerts and merge similar events, I needed to add more observables. OSSEC alerts are delivered by email with interesting information for TheHive. This was an interesting use case to play

DShield Analyzer for Cortex

July 9, 2018 Security, TheHive 2 comments

TheHive is an awesome tool to perform incident management. One of the software components that is linked to TheHive is Cortex defined as a “Powerful observable analysis engine“. Let’s me explain why Cortex can save you a lot of time. When you are working on an incident in TheHive, observables are