TheHive4py allows analysts to create cases out of different sources such as email or a SIEM. For example, a SOC may ask its constituency to send suspicious email reports to a specific mailbox that a script polls at regular intervals. When a new email is received, the script parses it then calls TheHive4py to send an alert to the TheHive.
A curated list of awesome things related to TheHive & Cortex Synapse - Meta Alert feeder, inluding Qradar and Exchange connectors DigitalShadows2TH - Alert feeder for DigitalShadows Zerofox2TH - Alert feeder for ZeroFox CrowdStrike2TH - Alert feeder for CrowdStrike, by @xg5-simon FireEye2TH - FireEye iSIGHT Alert Feeder for TheHive, by
Turning TheHive into a SOAR
Introducing Shuffle - an Open Source SOAR platform part 1
Shuffle was started as a hobby project about a year ago (mid 2019). I was writing the same code over and over to duct tape systems together, which was quite tedious with 30+ systems. I knew there was a better way, and as a developer and security professional, I saw a need for better structure, eventually leading to Shuffle.