weslambert / DinoSOARLab

Security Onion + Automation + Response Lab including n8n and Velociraptor
GNU General Public License v3.0
105 stars 13 forks source link

Will there be a new version of DinoSOAR that will work with SO2.3.100? #19

Closed h4m5t closed 1 year ago

h4m5t commented 1 year ago

Hi! I read your notes in the readme :

NOTE: The above article has since been deprecated, as TheHive has been removed from Security Onion (as of version 2.3.100) -- a new > article is currently in development to address these changes.

So,Will there be a new version of DinoSOAR that will work with SO2.3.100 or later? Thank you very much!

weslambert commented 1 year ago

Hi! I've already put in some work into revising this for newer versions of Security Onion, and plan on making it available as soon as I can. Thanks for the interest!

h4m5t commented 1 year ago

Thank you!

offsetkeyz commented 1 year ago

Planning on bugging you in Augusta about this @weslambert :D I've been working on your adapting your framework using n8n and Elastic Cases (instead of The Hive) but am having a heck of a time connecting the API.

weslambert commented 1 year ago

No worries! I moved to having the project use Security Onion Cases instead of TheHive, but I have not tried Elastic Cases. It should be pretty straightforward. I would be happy to chat soon.

offsetkeyz commented 1 year ago

That would be even better! I chose elastic cases because there is a well documented API, but I'd rather use SOC cases as well. Do you have a WIP repo that I could peruse for guidance?