Awesome TheHive
A curated list of awesome things related to TheHive & Cortex
TheHive
Official Resources
Libraries
- TheHive4Py - Official TheHive API client written in Python
- thehive.js - TheHive API client written in Javascript (WIP)
- hive4go - A Golang API for TheHive, by @frikky
- go-thehive - A Golang API for TheHive, by @ilyaglow
- TheHive4PS - PowerShell functions to interact with TheHive API, by @vi-or-die
- TheHive4node - TheHive API client written in Node (WIP), by @agix
Integrations
- Synapse - Meta Alert feeder, inluding Qradar and Exchange connectors
- DigitalShadows2TH - Alert feeder for DigitalShadows
- Zerofox2TH - Alert feeder for ZeroFox
- CrowdStrike2TH - Alert feeder for CrowdStrike, by @xg5-simon
- FireEye2TH - FireEye iSIGHT Alert Feeder for TheHive, by @LDO-CERT
- graylog2thehive - Alert feeder for Graylog, by @ReconInfoSec
- graylog2thehive4 - Alert feeder for Graylog from TheHive4, by @malinkinsa
- mailgun2thehive - Simple Python flask app that runs as a web server, and accepts POST requests from your Mailgun routes, by @ReconInfoSec
- qradar2thehive - Alert feeder for Qradar, by @pierrebarlet
- TA-thehive-CE - Splunk Application for TheHive, by @remg427
- thehiveemail - Reading and processing of email folders for TheHive + Autoupdating case histories, by @ReconInfoSec
- thehive-falcon - Falcon streaming api alert integration for TheHive, by @ag-michael
- Elastalert TheHive alerter - Elastalert connector for TheHive, by @Nclose-ZA
- StackStorm - TheHive pack for StackStorm
- TheHive Opendxl - TheHive service for use with the OpenDXL Python Client
- TheHive OpenAPI definition - OpenAPI definition for TheHive, by @frikky
- thehive-slack-webhook - A simple Lambda function for delivering The Hive webhooks to Slack, by ReconInfoSec
- TheHive2Sigma - Python script to automatically create sigma rules from Thehive observables, by @jordisk
- TheHive WALKOFF app - A TheHive WALKOFF application, by @frikky
- Cyrating Feeder - Cyrating Reputation alert importer for TheHive, by vletoux
- Canaries to TheHive - Create alerts in TheHive from your Thinkst Canary alerts, to be turned into TheHive cases, by ReconInfoSec
- Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS, by @ThalesCERT
- thehive-sentinel-integration - Open solution to integrate TheHive with Microsoft Azure Sentinel and implement also automation, by NVisoSecurity
Tools
- Pollen - A command-line tool for interacting with TheHive, by @bromiley
- mihari - A sidekick tool for TheHive to monitor malicious hosts, by @ninoseki
Devops
- itamae_thehive - Automated installation of TheHive/Cortex by using Itamae, by ninoseki
- ansible-thehive 1 - Ansible role for installing TheHive, by @drewstinnett
- ansible-thehive 2 - Ansible Role for TheHive, by @rhythmictech
- thehive-standalone - Terraform module and supporting tools to build and create a fully self-contained instance of TheHive and Cortex, by @rhythmictech
Blogs & Articles
- Security Distractions
- agood.cloud
- SANS ISC InfoSec Forums - IR using TheHive Project.
- Chris Sanders blog - Investigation Case Management with TheHive, by @chrissanders88
- Cisco Umbrella blog - Hive-Cortex Analyzer and Maltego Transform for Investigate
- SOAR webhook integration - Example integration between TheHive and NSA's WALKOFF project
- DNS Threat Intelligence for Our Community - DomainTools Iris Integration - How to do DNS Threat Intelligence with DomainTools Iris integration in TheHive and Cortex by Paul Sourin.
- AleSecurity Blog - How to use OAuth2/OIDC (OpenID Connect) with TheHive
- Create and delete training alerts in TheHive, by Koen Van Impe
Podcasts
- NoLimitSecu - A French podcast
Cortex
Official Resources
Libraries
- Cortex4Py - Official Cortex API client written in Python
- go-cortex - Cortex API client written in Golang, by @ilyaglow
Analyzers & Responders
- Cortex-Analyzers - Official Cortex Analyzers and Responders collection
- SendEmail - Cortex Responder to send emails from TheHive tasks and logs, by @norgalades
- Cortex-Analyzers by @aacgood - A collection of Cortex Analyzers and Responders for TheHive/Cortex, by @aacgood
Tools
- cortex-tgbot - Threat intelligence Telegram bot based on Cortex engine, by @ilyaglow
- cortextester - Inspired by cortexutils - a testing framework for Cortex-Analyzers and -Responders, by @TKCERT
- ThePhish - An automated phishing email analysis tool based on TheHive, Cortex and MISP, by @emalderson
Devops
- ansible-cortex 1 - Ansible module for installing Cortex, by @drewstinnett
- ansible-cortex 2 - Ansible role for Cortex, an observable analyzer that works with TheHive, by @rhythmictech
Blogs & Articles
- Nviso Labs - Creating Responders in TheHive, by @NVISO-BE
Contribute
Contributions welcome! Read the contribution guidelines first.