Awesome DFIR - Digital Forensics & Incident Response
🐝

TheHive Project

TheHive Project

TheHive4py allows analysts to create cases out of different sources such as email or a SIEM. For example, a SOC may ask its constituency to send suspicious email reports to a specific mailbox that a script polls at regular intervals. When a new email is received, the script parses it then calls TheHive4py to send an alert to the TheHive.

thehive-project.org

TheHive Project
TheHive-Project/awesome

A curated list of awesome things related to TheHive & Cortex Synapse - Meta Alert feeder, inluding Qradar and Exchange connectors DigitalShadows2TH - Alert feeder for DigitalShadows Zerofox2TH - Alert feeder for ZeroFox CrowdStrike2TH - Alert feeder for CrowdStrike, by @xg5-simon FireEye2TH - FireEye iSIGHT Alert Feeder for TheHive, by

github.com

TheHive-Project/awesome

Turning TheHive into a SOAR

Introducing Shuffle - an Open Source SOAR platform part 1

Shuffle was started as a hobby project about a year ago (mid 2019). I was writing the same code over and over to duct tape systems together, which was quite tedious with 30+ systems. I knew there was a better way, and as a developer and security professional, I saw a need for better structure, eventually leading to Shuffle.

medium.com

Introducing Shuffle - an Open Source SOAR platform part 1