How to Integrate Thehive with OpenCTI

TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

https://thehive-project.org

GNU Affero General Public License v3.0

3.36k stars 614 forks source link

How to Integrate Thehive with OpenCTI #1609

Open MarcoGeek opened 3 years ago

MarcoGeek commented 3 years ago

Work Environment

Question	Answer
OS version (server)	Ubuntu 18.04
TheHive version / git hash	4
Package Type	DEB
Browser type & version	If applicable

Problem Description I need to add my TheHive4 with openCTI. Not looking for Cortex Integration. Can I send my OpenCTI incident to TheHive4 If yes how. Or can i be vice versa?

Complementary information I am using OpenCTI in Docker environment or the hive on the server. Manual Installation.

jeromeleonard commented 3 years ago

Hi,

Could you please detail your use cases ? What type of incidents would you like create in TH from OpenCTI and with what type of information ?

Thanks/

MarcoGeek commented 3 years ago

Hi,

I have an OpenCTI instance running. I create an Incident to investigate and to generate threat intelligence out of it. Can I push that incident to my TheHive4 server? If Yes then How? Is there anyway to send notification to thehive instance?

Thanks and Regards, Mustaque