First of all, thanks to the team for this very nice project.
I’m co-creator of TheHive Project, an open source and free Security Incident Response Platform. It’s a project that has a very big footprint in the case management field.
TheHive Project products are open and flexible:
- All the features have REST APIs
- All the actions on the tool can trigger a webhook
The software is ready for what the security operation communities request most: automation and orchestration.
The community usually refer to Apache Nifi, or NodeRed to define workflows that interact with TheHive, but I’ve discovered n8n and I’m a big fan of it.
I would like to know how we can work together to provide nodes that allow defining TheHive related workflows, example:
- Receive and email, extract technical element from it, call TheHive APIs to create alerts
- Listen to TheHive events related to alert creation, call external services to enrich the alert in TheHive, notify a slack or a mattermost channel
The examples amount is endless.
I’m open to any discussion, here or privately if needed.