OSSIM-alert-feeder-for-TheHive
The repository is for the development and improvement of thehive alert feeder for alienvault OSSIM.
TheHive is a scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
Available @ https://thehive-project.org/
OSSIM is an open source security information and event management system, integrating a selection of tools designed to aid network administrators in computer security, intrusion detection and prevention.
Available @ https://cybersecurity.att.com/products/ossim
TheHive can injest alerts from different sources such as SIEMs, emails, etc. The developement of these alert feeders can be done using TheHive opensource API: https://github.com/TheHive-Project/TheHive4py
Alert feeders out in the open:
https://github.com/TheHive-Project/Zerofox2TH
https://github.com/TheHive-Project/Synapse
https://laptrinhx.com/digitalshadows-alert-feeder-for-thehive-an-open-source-and-free-security-incident-response-platform-1706295445/
How alert feeders work:
Image.png
References:
https://blog.thehive-project.org/category/alert-feeders/
https://blog.thehive-project.org/2017/06/19/thehive-cortex-and-misp-how-they-all-fit-together/