TheHive Project Integration [GOT CREATED]

nadouani · June 5, 2020, 9:20pm

First of all, thanks to the team for this very nice project.

I’m co-creator of TheHive Project, an open source and free Security Incident Response Platform. It’s a project that has a very big footprint in the case management field.

TheHive Project products are open and flexible:

All the features have REST APIs
All the actions on the tool can trigger a webhook

The software is ready for what the security operation communities request most: automation and orchestration.

The community usually refer to Apache Nifi, or NodeRed to define workflows that interact with TheHive, but I’ve discovered n8n and I’m a big fan of it.

I would like to know how we can work together to provide nodes that allow defining TheHive related workflows, example:

Receive and email, extract technical element from it, call TheHive APIs to create alerts
Listen to TheHive events related to alert creation, call external services to enrich the alert in TheHive, notify a slack or a mattermost channel

The examples amount is endless.

I’m open to any discussion, here or privately if needed.

Best regards

Tephlon · June 5, 2020, 9:49pm

Hey @nadouani! So, to begin with, welcome to the community! Happy you are here!

Next, I’m a huge fan of TheHive and I get giddy when I think of the things that I could do if I can get these two tools working together! I’ll probably be of little help writing the nodes or making code but if you need a beta tester, I’m your guy!

I think there is massive potential here!

nadouani · June 5, 2020, 10:24pm

Thanks @Tephlon

I’ve started some node development but I will certainly need some help from people who have better experience with that than me

Best

nadouani · June 5, 2020, 10:29pm

This is a sample of what could be done with nodes for TheHive and Cortex

RicardoE105 · June 5, 2020, 11:00pm

Hey @nadouani, welcome to the community.

Really excited about the possibilities. Looking forward to work together. I know our head of content @tanay and the CEO @jan are gonna be happy about this opportunity. I will check Hive API over the weekend.

btw I saw you already created a node which is amazing. I wonder which features/endpoints you already covered? Which one in your opinion are the most important ones?

Feel free to reach me out either here or in private about any questions.

nadouani · June 6, 2020, 11:47am

Thanks,

If you think that making a call/meeting to discuss this integration is a good idea, then yes I would be more than happy to talk to @jan @tanay and you.

I’m pretty sure that adding this integration will bring more success to our both projects.

Best

jan · June 6, 2020, 11:56am

@nadouani We are a small team so sadly do not have the resources to bind 3 people for a meeting like that. We have to try to be efficient with our time. So it would be one depending on what the discussion is supposed to be about. If it is for example a purely technical one then @RicardoE105 is the one you want to talk to. A discussion about related to content like tutorials, blog-posts or similar @tanay would be right and for a possible partnership probably myself.

nadouani · June 8, 2020, 7:03am

Hello @jan, thanks for your answer. It sounds logical to me, since our team is exactly on the same situation.

I’ll be back to you soon

Best

jan · June 8, 2020, 7:05am

Perfect, talk with you soon!

empiresailor · July 27, 2020, 8:37am

Hello,

Is there any progress?

Thank you

RicardoE105 · July 28, 2020, 6:18pm

@empiresailor welcome to the community.

Not yet, I know @nadouani got a node working. Not sure if they are planing on doing a PR to the project so that everybody can use it.

nadouani · July 29, 2020, 9:47pm

Hello, we are working on it, and it deserves the necessary amount of time to be clean, tested and stable, so please be patient

We might also take some holidays like anybody else to breath a little bit, and come back to share with the community.

Stay tuned

nadouani · August 26, 2020, 8:44am

Hello Folks,

Glad to tell you that we have pushed a PR of nodes and docs for TheHive and Cortex.

Waiting for a code review to make this real

Best

RicardoE105 · September 4, 2020, 3:27pm

Hey @nadouani I’m about to review the nodes. I wonder if you can give me access to a sandbox instance for TheHive and Cortex? That would speed up the review process. Thanks.

Jules_DUVIVIER · September 24, 2020, 4:20pm

Great news this feature request!

At @ManoMano, we use a lot the TheHive/N8N combo to manage our automated responses to incidents.

It would make it a lot easier for us to have dedicated nodes, really excited about the possibilities!

If I can help you in any way, I will be happy to do so.

nadouani · September 29, 2020, 8:18am

Nice to know that ManoMano uses TheHive and n8n. Really eager to see the workflows you used to automate things.

Jules_DUVIVIER · November 23, 2020, 3:01pm

Hey @RicardoE105, any update on the review process ?

I look forward to using these new nodes, thanks !

RicardoE105 · November 23, 2020, 3:03pm

Ah we are close. Making some small changes today in the node and then will hand it over to my coworker again to finish reviewing.

wloody54 · December 7, 2020, 9:09am

jan · December 7, 2020, 4:35pm

Welcome to the community @wloody54!

Thanks a lot for posting! I somehow totally forgot to post here. So very appreciated.