Awesome TheHive

A curated list of awesome things related to TheHive & Cortex

TheHive

• Official Resources
• Libraries
• Integrations
• Tools
• Devops
• Blogs & Articles

Official Resources

• Web Site
• Official Blog
• Official Docs
• GitHub Repo
• Release Notes

Libraries

• TheHive4Py - Official TheHive API client written in Python
• thehive.js - TheHive API client written in Javascript (WIP)
• hive4go - A Golang API for TheHive, by @frikky
• go-thehive - A Golang API for TheHive, by @ilyaglow
• TheHive4PS - PowerShell functions to interact with TheHive API, by @vi-or-die
• TheHive4node - TheHive API client written in Node (WIP), by @agix

Integrations

• Synapse - Meta Alert feeder, inluding Qradar and Exchange connectors
• DigitalShadows2TH - Alert feeder for DigitalShadows
• Zerofox2TH - Alert feeder for ZeroFox
• CrowdStrike2TH - Alert feeder for CrowdStrike, by @xg5-simon
• FireEye2TH - FireEye iSIGHT Alert Feeder for TheHive, by @LDO-CERT
• graylog2thehive - Alert feeder for Graylog, by @ReconInfoSec
• graylog2thehive4 - Alert feeder for Graylog from TheHive4, by @malinkinsa
• mailgun2thehive - Simple Python flask app that runs as a web server, and accepts POST requests from your Mailgun routes, by @ReconInfoSec
• qradar2thehive - Alert feeder for Qradar, by @pierrebarlet
• TA-thehive-CE - Splunk Application for TheHive, by @remg427
• thehiveemail - Reading and processing of email folders for TheHive + Autoupdating case histories, by @ReconInfoSec
• thehive-falcon - Falcon streaming api alert integration for TheHive, by @ag-michael
• Elastalert TheHive alerter - Elastalert connector for TheHive, by @Nclose-ZA
• StackStorm - TheHive pack for StackStorm
• TheHive Opendxl - TheHive service for use with the OpenDXL Python Client
• TheHive OpenAPI definition - OpenAPI definition for TheHive, by @frikky
• thehive-slack-webhook - A simple Lambda function for delivering The Hive webhooks to Slack, by ReconInfoSec
• TheHive2Sigma - Python script to automatically create sigma rules from Thehive observables, by @jordisk
• TheHive WALKOFF app - A TheHive WALKOFF application, by @frikky
• Cyrating Feeder - Cyrating Reputation alert importer for TheHive, by vletoux
• Canaries to TheHive - Create alerts in TheHive from your Thinkst Canary alerts, to be turned into TheHive cases, by ReconInfoSec
• Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS, by @ThalesCERT
• thehive-sentinel-integration - Open solution to integrate TheHive with Microsoft Azure Sentinel and implement also automation, by NVisoSecurity

Tools

• Pollen - A command-line tool for interacting with TheHive, by @bromiley
• mihari - A sidekick tool for TheHive to monitor malicious hosts, by @ninoseki

Devops

• itamae_thehive - Automated installation of TheHive/Cortex by using Itamae, by ninoseki
• ansible-thehive 1 - Ansible role for installing TheHive, by @drewstinnett
• ansible-thehive 2 - Ansible Role for TheHive, by @rhythmictech
• thehive-standalone - Terraform module and supporting tools to build and create a fully self-contained instance of TheHive and Cortex, by @rhythmictech

Blogs & Articles

• Security Distractions
• agood.cloud
• SANS ISC InfoSec Forums - IR using TheHive Project.
• Chris Sanders blog - Investigation Case Management with TheHive, by @chrissanders88
• Cisco Umbrella blog - Hive-Cortex Analyzer and Maltego Transform for Investigate
• SOAR webhook integration - Example integration between TheHive and NSA's WALKOFF project
• DNS Threat Intelligence for Our Community - DomainTools Iris Integration - How to do DNS Threat Intelligence with DomainTools Iris integration in TheHive and Cortex by Paul Sourin.
• AleSecurity Blog - How to use OAuth2/OIDC (OpenID Connect) with TheHive
• Create and delete training alerts in TheHive, by Koen Van Impe

Podcasts

• NoLimitSecu - A French podcast

Cortex

• Official Resources
• Libraries
• Analyzers & Responders
• Tools
• Devops
• Blogs & Articles

Official Resources

• Official Docs
• GitHub Repo
• Release Notes

Libraries

• Cortex4Py - Official Cortex API client written in Python
• go-cortex - Cortex API client written in Golang, by @ilyaglow

Analyzers & Responders

• Cortex-Analyzers - Official Cortex Analyzers and Responders collection
• SendEmail - Cortex Responder to send emails from TheHive tasks and logs, by @norgalades
• Cortex-Analyzers by @aacgood - A collection of Cortex Analyzers and Responders for TheHive/Cortex, by @aacgood

Tools

• cortex-tgbot - Threat intelligence Telegram bot based on Cortex engine, by @ilyaglow
• cortextester - Inspired by cortexutils - a testing framework for Cortex-Analyzers and -Responders, by @TKCERT
• ThePhish - An automated phishing email analysis tool based on TheHive, Cortex and MISP, by @emalderson

Devops

• ansible-cortex 1 - Ansible module for installing Cortex, by @drewstinnett
• ansible-cortex 2 - Ansible role for Cortex, an observable analyzer that works with TheHive, by @rhythmictech

Blogs & Articles

• Nviso Labs - Creating Responders in TheHive, by @NVISO-BE

Contribute

Contributions welcome! Read the contribution guidelines first.

License