Open Tyrell20 opened 3 years ago
Hello @Tyrell20 Thanks for the feature request.
TheHive doesn't embark any out-of-the-box integrations except MISP project, as we think this needs to be done by an independent middleware that has its own release cycle, code base etc...
This integration could be done through something like Synapse but we don't focus on that for now.
Integration with 3rd party tools deserve a dedicated product, and TheHive architecture doesn't provide a place for it, for now.
In addition to that, integration with the other tools from the market need too much effort, having access to a subscription of the corresponding product, and having access to an expertise in playing with the corresponding product.
TheHive Project doesn't have the necessary ressources to handle this, once again, for now.
Request Type
Feature Request
Work Environment
Problem Description
Enhance the integration between TheHive and Splunk Enterprise Security enriching alerts on TheHive with the "Originating Event" from correlation search and with the information about the related "Urgency". Allow to close Splunk ES Notable Event with the closing of TheHive's case.
Steps to Reproduce
Possible Solutions
Configuring the TA in order to recover the metadata about the Splunk ES CS and sent them to TheHive.