TheHive Project Integration [GOT CREATED]

nadouani · 7 December 2020 16:34

First of all, thanks to the team for this very nice project.

I’m co-creator of TheHive Project, an open source and free Security Incident Response Platform. It’s a project that has a very big footprint in the case management field.

TheHive Project products are open and flexible:

All the features have REST APIs
All the actions on the tool can trigger a webhook

The software is ready for what the security operation communities request most: automation and orchestration.

The community usually refer to Apache Nifi, or NodeRed to define workflows that interact with TheHive, but I’ve discovered n8n and I’m a big fan of it.

I would like to know how we can work together to provide nodes that allow defining TheHive related workflows, example:

Receive and email, extract technical element from it, call TheHive APIs to create alerts
Listen to TheHive events related to alert creation, call external services to enrich the alert in TheHive, notify a slack or a mattermost channel

The examples amount is endless.

I’m open to any discussion, here or privately if needed.

Best regards

Tephlon · 5 June 2020 21:49

Hey @nadouani! So, to begin with, welcome to the community! Happy you are here!

Next, I’m a huge fan of TheHive and I get giddy when I think of the things that I could do if I can get these two tools working together! I’ll probably be of little help writing the nodes or making code but if you need a beta tester, I’m your guy!

I think there is massive potential here!

nadouani · 5 June 2020 22:24

Thanks @Tephlon

I’ve started some node development but I will certainly need some help from people who have better experience with that than me

Best

nadouani · 5 June 2020 22:29

This is a sample of what could be done with nodes for TheHive and Cortex

RicardoE105 · 5 June 2020 23:20

Hey @nadouani, welcome to the community.

Really excited about the possibilities. Looking forward to work together. I know our head of content @tanay and the CEO @jan are gonna be happy about this opportunity. I will check Hive API over the weekend.

btw I saw you already created a node which is amazing. I wonder which features/endpoints you already covered? Which one in your opinion are the most important ones?

Feel free to reach me out either here or in private about any questions.

nadouani · 6 June 2020 11:47

Thanks,

If you think that making a call/meeting to discuss this integration is a good idea, then yes I would be more than happy to talk to @jan @tanay and you.

I’m pretty sure that adding this integration will bring more success to our both projects.

Best

jan · 6 June 2020 11:56

@nadouani We are a small team so sadly do not have the resources to bind 3 people for a meeting like that. We have to try to be efficient with our time. So it would be one depending on what the discussion is supposed to be about. If it is for example a purely technical one then @RicardoE105 is the one you want to talk to. A discussion about related to content like tutorials, blog-posts or similar @tanay would be right and for a possible partnership probably myself.

nadouani · 8 June 2020 07:03

Hello @jan, thanks for your answer. It sounds logical to me, since our team is exactly on the same situation.

I’ll be back to you soon

Best

jan · 8 June 2020 07:05

Perfect, talk with you soon!

empiresailor · 27 July 2020 08:37

Hello,

Is there any progress?

Thank you

RicardoE105 · 28 July 2020 18:18

@empiresailor welcome to the community.

Not yet, I know @nadouani got a node working. Not sure if they are planing on doing a PR to the project so that everybody can use it.

nadouani · 29 July 2020 21:47

Hello, we are working on it, and it deserves the necessary amount of time to be clean, tested and stable, so please be patient

We might also take some holidays like anybody else to breath a little bit, and come back to share with the community.

Stay tuned

nadouani · 26 August 2020 08:44

Hello Folks,

Glad to tell you that we have pushed a PR of nodes and docs for TheHive and Cortex.

Waiting for a code review to make this real

Best

RicardoE105 · 4 September 2020 15:27

Hey @nadouani I’m about to review the nodes. I wonder if you can give me access to a sandbox instance for TheHive and Cortex? That would speed up the review process. Thanks.

Jules_DUVIVIER · 24 September 2020 16:20

Great news this feature request!

At @ManoMano, we use a lot the TheHive/N8N combo to manage our automated responses to incidents.

It would make it a lot easier for us to have dedicated nodes, really excited about the possibilities!

If I can help you in any way, I will be happy to do so.

nadouani · 29 September 2020 08:18

Nice to know that ManoMano uses TheHive and n8n. Really eager to see the workflows you used to automate things.

Jules_DUVIVIER · 23 November 2020 15:01

Hey @RicardoE105, any update on the review process ?

I look forward to using these new nodes, thanks !

RicardoE105 · 23 November 2020 15:03

Ah we are close. Making some small changes today in the node and then will hand it over to my coworker again to finish reviewing.

wloody54 · 7 December 2020 09:09

jan · 7 December 2020 16:35

Welcome to the community @wloody54!

Thanks a lot for posting! I somehow totally forgot to post here. So very appreciated.