Closed Linow974 closed 2 years ago
This should be possible by utilising webhooks. I wrote about how you can auto enrich an observable on creation via NodeRed. In theory it should be possible to do the same when a tag is added to an observable, but ive not tested that scenario out. https://blog.agood.cloud/posts/2019/12/18/thehive-webhooks-with-nodered/
You could even use other automation apps such as Shuffle, N8N, MS PowerAutomate or even a custom python listener to listen for the requests
Hello and thank you for your answer.
Congratulations for your article, I read it and it seems very interesting.
I will study webhooks on TheHive, I did not know.
I would add that an interesting idea would be to be able to have a responder to activate on each observable containing IPs, and to filter if the AbuserIPDB analyzer (for example) gave a malicious IP score. If so, pass the IP in IOC and send it to MISP or save the IP in a takedown list ...
EDIT : Sorry for missclik (closed)
Ok, I got interested in Shuffle and this tool seems very sensible to me.
But, I saw that it has to be installed by Docker, and I'm working in a proxmox server with LXC non-privileged containers... I know there are some issues about this. I will think about it
Work Environment
Question
Hello !
I wanted to know if there are any responders that would automatically perform recurring tasks based on observables or case titles or tags.
For example, I have a case called "typosquatting" with the typosquatting tag and domain, I would like a responder to directly activate the appropriate parsers and perform other tasks if possible.
I don't know if I was clear, you know what I mean?
Are there any responders that come close to this?