Thehive documentation. Gives the result of adding A and B.

Thehive documentation This documentation site is deprecated. Quickly import IOCs from other communities or share yours easily by connecting to MISP. On the main page where all the alerts are listed, there are various alerts. Files are typically stored in a folder, although some users opt for Minio S3 object storage. conf From MISP(. Import all the MITRE ATT&CK Framework TheHive is a powerful and versatile tool for security incident response. Use cases To refresh the metadata for an external table to reflect events in the cloud storage, execute the respective ALTER TABLE TOUCH command for your partitioned or unpartitioned Hive table. ; Add Custom Fields. The API comes with absolutely no warranties or guarantees. Write better code with AI Security. General Information about Hive. docker. guo@thehive. It contains fixes and improvements for the UI and some small changes for the API compared to 5. In a Kubernetes environment with multiple TheHive pods, the application needs to form a cluster between its nodes. ai and we will be . Navigation Menu Documentation has been moved here. Launch the application initialization script with the EBS data volumes block device Updated 2024-01-22. User lists are available to admin and org-admin users:. You must have the permission manageUser on your profile to manage users of your organisation. A user can create cases by selecting any one of the following options: The documentation also contains various tutorials for developers, notably PHP, Python, Ruby and even for Microsoft Excel users. You can use the Hive API to accomplish awesome things for your team, like creating automated messages, kickin Apache Hive is an open source project run by volunteers at the Apache Software Foundation. We reserve the right to, at any point, for any reason, to change, take down, or restrict access to any and all functionality. The Email Intake Connector facilitates the connection of mailboxes used to receive cybersecurity alerts. For version 5. To enable this functionality, you need: Create new cases using templates#. INSERT OVERWRITE will overwrite any existing data in the table or partition. But you don’t need TheHive to unleash the power of Cortex. December 5, 2024. Added a `create_case_template` method allowing developers to create new Case Templates. Intro to Hive Hive is a decentralized blockchain with fast transaction speed (3s) without fees, human readable account names, decentralized community fund and algorithmic stablecoin (HBD) backed by HIVE. cpuPeriod: (integer) Limit the CPU CFS (Completely Fair Scheduler) period; docker. Toggle table of contents Pages 13. 52. PTZOptics Hive Coming Soon:Discover the Future of Camera Control Hive Documentation Videos Hive-Linked Cameras Camera Compatibility FAQ The Keystone of the PTZOptics Ecosystem Current StudioMultiviewer ControlsCamera Movement ToolsStreaming, Recording, and NDI Output ToolsIn-Studio CollaboratorsShare/Invite ButtonCloud/Local Mode ToggleVideo Documentation. You can use the Hive API to accomplish awesome things for your team, like creating automated messages, kickin Keyspace: The keyspace within Cassandra where TheHive data will be stored is named 'thehive'. Main features of the cloud distributions of TheHive and Cortex# Easy to use and deploy# The cloud distributions were built with operations and automation Hive offers 21 different APIs across three different categories: understand, search, and generate. What about documentation To setup a custom Certificate Authority in TheHive, please refer to this guide. Your Projects: When you start using Hive AI, your Projects will appear here. Previously it was a subproject of Apache® Hadoop®, but has now graduated to become a top-level project of its own. Using these products, customers can automate their workflows and expand their capabilities by enabling Usage instructions for the official Azure distribution of TheHive v5#:simple-microsoftazure: Official Azure image. TheHive Community. Case Management#. Request a demo. Products Products. Find all you need to get started with StrangeBee’s products . In this section you can find information about observables. Refer to the TheHive helps us create and merge cases. If you discover any security vulnerabilities, please report them privately. Access to the list by opening the Organisation menu, then the Templates tab, and the Cases tab. Moderation Dashboard You can also read additional technical documentation here. Click "Create Project" to browse through our library of AI models, including moderation, We provide a public API with some of our data at api. For that reason, we introduced a new documentation website that aims to be the single starting point of all the docs we produce for TheHive Projects’ products. The UI includes a browsable ReDoc website that contains all the necessary details about all the major APIs Official documentation for TheHive Project applications - TheHive-Project/docs. If you were using Lucene as the indexing engine with TheHive 4. MS Office documents and Outlook . This documentation contains sample Terraform and cloud-init code to easily launch and update TheHive and Cortex instances. From version 3, cortexutils 2. This article provides a comprehensive installation and configuration guide to set up an instance of TheHive. If you've already spoken with our sales team, you’re in the right place to dive deeper This documentation site is deprecated. x utilizes Elasticsearch as the indexing engine. Loading. Learn how to install, configure, and maintain TheHive for analysts. TheHive (on-prem) TheHive Cloud Platform (SaaS) TheHive Cloud Images (IaaS) Cortex. List of Case Templates#. This change enhances performance and introduces several updates that may require modifications to your application. ; As of Hive 2. 4. This page’s content has been moved to Georgia Tech’s Service Now Knowledge Base at the following location. TheHive has a user-friendly and intuitive interface that makes it easy to create, manage, and analyze security incidents. TheHive helps us create and merge cases. We encourage you to learn about the project and contribute your expertise. Learn the basics of using Hive, which supports all primitive types and custom objects with TypeAdapters, in this well-made tutorial by Reso Coder. TheHive 5 API Documentation - StrangeBee Docs Loading The following repository is used by TheHive Project to develop and store Cortex analyzers & responders. Documentation overview; Documentation style guide; Backporting changes; Releasing a new documentation version; Troubleshooting Antora build errors; Architectural Decision Records. These steps will guide you through the necessary configurations and prerequisites to get TheHive fully operational. This was – and still is — like a completely new project, a new generation, a lot more challenging than before. csv lookup table. Hive is an operator which runs as a service on top of Kubernetes/OpenShift. We hope this in-depth walkthrough was helpful. The type of the result is the same as the common parent(in the type hierarchy) of the types of the operands. WHen you buy the license from StrangeBee, StrangeBee will create an account for you on the customer portal that will allow you to activate the license. To inquire about testing out our AutoML platform, please contact sales@thehive. You can integrate it with Cortex and Wazuh, which maintains a better security posture. To use the Docker image, you must use Docker (courtesy of Captain Obvious). Case Management is the main purpose of TheHive. Getting Started; Books about Hive; Presentations and Papers about Step-by-Step Guide#. ADR001: Use English as Documentation Language; ADR002: Use Multiple Repositories instead of one Large Repository The hardware requirements for TheHive depend on factors such as the number of concurrent users (including integrations) and their usage patterns. This topic presents a general procedure on how you can create a data source for the connection to your Apache Hive database in Aqua, and run a test connection. These models also accept questions Kubernetes Configuration#. You can assign tasks to your Install TheHive: Effortlessly deploy TheHive 5 along with its dependencies, enabling users to leverage its powerful features for their projects. Cortexutils is a Python library containing a set of classes that aims to make users write Cortex analyzers and responders easier. Save the search as an alert. See upcoming Apache Events. To Add a dashboard: Click the +, to Add a dashboard. 3. ; safe: the analyzer did not find anything Adjusting Log Levels#. Documentation . Tools to enable easy access to data via SQL, thus enabling data warehousing tasks such as Overview Hive’s Image Captioning APIs generate natural-language descriptions for images. Logback offers various log levels to control the amount of information logged. Blockchain powered by Delegated Proof of Stakes (DPOS) consensus which perfectly balances scaling, decentralization and speed. com for TheHive 5 and Cortex documentation ! TheHive Project Documentation Last week, we have released Mellifera (TheHive 2. Demo Hub Documentation Data Labeling. View our full documentation here. Jump to Cortex configuration documentation in Cortex wiki; Jump back to TheHive configuration and connect it to your Cortex instance. Schema Registry. Configure Cortex. container. Our text content moderation model is a multi-head classifier that will now include hate speech. 1'. The global cache. This is a boolean parameter. Schema Registry GraphQL Observability GraphQL Gateway. ; For bulk actions, such as creating multiple cases or merging multiple alerts, use the bulk action buttons Hive offers 21 different APIs across three different categories: understand, search, and generate. wsConfig. This page is a step by step installation and configuration guide to get a Cortex instance up and running. Operand types. Reports can gather metrics from any data stored in TheHive like cases, alerts, tasks, Including where to find your API key & credentials. Before you begin. 4 and later, please refer to the Pekko Configuration. Today, we In addition to the download methods explained on the Step-by-Step Installation Guide, users can also download TheHive as a ZIP archive for manual installation or deployment scenarios. 11. Whether you're a cybersecurity enthusiast or a developer looking to integrate TheHive into your Python projects, this library has got you covered. For more advanced needs, there are two paid options: the Gold License and the Platinum License. For more information on the command, see the Hive documentation: Partitioned Hive table: Execute the following StrangeBee provides cutting edge incident response automation to hundreds of SOC, CERT & CSIRT teams. The image can be used to set up a shiny-new TheHive v5 install or to launch an instance with existing data and configuration (for update / migration / restore purposes). Publish schemas, compose federated GraphQL api, and detect backward-incompatible changes with ease. Single Case Creation: The New Case from Selection option allows the creation of only one case, regardless of how many alerts are selected. The full change log is available at the release page. Authenticating with LDAP # Users able to authenticate should already have an account created in TheHive local database. You can run analyzers on observables you supply using its simple yet Welcome to the Hive REST API docs! The reference documentation here is designed for those interested in developing integrations for Hive that are not already inside of the Hive core product. cpuQuota: This documentation page describes how to upgrade the application stack on your instance (TheHive, Cortex and related services such as Cassandra and ElasticSearch). Start TheHive and import the report templates corresponding to the analyzers. com for TheHive 5 and Cortex documentation ! TheHive Project Documentation Rename Splunk fields to match the field names listed in the thehive_datatypes. x, reindexing the data is mandatory. For every image input, the model outputs a short text string that describes what is shown in that image. conf file. Access to the list by opening the Organisation menu, then the Templates tab, and the Reports tab. 6 (). A case template auto-populates fields when a new case is being created. Enjoy the world's leading Security Case Management Platform for 14 days, no strings attached. (Refer to Add custom field values). Add case template creation method. Index Name: The index name within Elasticsearch for TheHive is specified as 'thehive'. Skip to content. The following guide describe the Cortex 2 API to allow developers to interface the powerful observable analysis engine with other SIRPs (Security Incident Response Platforms) besides TheHive, TIPs (Threat Intelligence Platforms), SIEMs or scripts. Stages are hardcoded; they cannot be updated or deleted, and not stage can be added in the platform. com for TheHive 5 and Cortex documentation ! TheHive Project Documentation TheHive helps us create and merge cases. playhive. This section contains the reports templates you prepare for your organisation. 7 (). Introduction to Hive. To increase or decrease the log level: Update the root level to DEBUG or TRACE to log more information: check_pap#. You can create a new user in your organisation. Docker#. If this documentation includes code, including but not limited to, code examples, Cloudera makes this available to you under the terms of the Apache License, Version 2. Hive is a GraphQL schema registry for managing and collaborating on all your GraphQL Federation, Monolithic or Schema Stitching GraphQL workflows. x; New open source version of the Python API Client: TheHive4py 2. Request a Apache Hive. Switch to Elasticsearch as indexing engine: TheHive 5. Note: This method is for now, compatible with TheHive 3 only because it relies on the DBList API that is no longer available on TheHive 4. The guide offers detailed instructions accompanied by examples for systems based on DEB and RPM packages, as well as for installation from binary packages. As mentioned in our initial TheHive 5 blog post, version 5 is available for on-prem, SaaS and IaaS deployments. . APIs within the understand category perform a range of functions related to content understanding, from content moderation to logo detection for brand analysis. Introduction. Current. Define Reports templates#. View observables#. Apache is a non-profit organization helping open-source software projects released under the Apache license and managed with open governance and privacy policy. TheHive can interact with one or several Cortex instances to analyze observables and aid you in your investigation in the best possible way while taking into account your OPSEC needs. Introduction#. A word about the documentation. We also added support for DDE detection and link extraction in MS Office documents, thanks to Decalage who added this in Oletools since v0. Cortexutils#. x to 4. These demos showcase our capabilities and help you find the best solutions for your needs. Below are recommended hardware thresholds for hosting all services on the same machine: Parameters for Docker# list of options#. Moreover, TheHive comes with a report The HIVE protocol components contain all information to recreate the graphs. It includes a free Community License, which offers essential features. 4, we have transitioned from the Scala framework Akka to Apache Pekko. TheHive: a Scalable, Open Source and Free Security Incident Response Platform - API Documentation · TheHive-Project/TheHive Wiki Troubleshooting#. The Apache Hive™ data warehouse software facilitates reading, writing, and managing large datasets residing in distributed storage and queried using SQL syntax. User Management#. Ensure that server certificates are signed by trusted certificate authorities. In TheHive users can be created once an added to different organistions. For that reason, we introduced a Resources for the official cloud distributions of TheHive and Cortex. List of Case templates If you are employing an NGINX reverse proxy in front of TheHive, note that NGINX does not differentiate between text data and file uploads. Feel free to explore the library's capabilities and contribute to its development. com for TheHive 5 and Cortex documentation ! TheHive Project Documentation Important Considerations#. Scroll up. Please visit https://docs. 1. unless IF NOT EXISTS is provided for a partition (as of Hive 0. ai and we will be happy to help. Use documented APIs to implement workflows or develop automated scripts using TheHive data. Detect and respond to BlackSuit ransomware with Wazuh. Welcome to Hive's Visual Moderation! This guide will help you configure your project, integrate our API, and understand our model responses. MANAGEDLOCATION was added to database in Hive 4. Gold License: The Gold License is designed for internal response teams who benefit from Setting Up Cassandra Dedicated SSL Port (Optional)# Optionally, you can configure a dedicated port for SSL communication in Cassandra. TheHive provides different types of licenses to meet the needs of various teams. Hostname: The IP address of the Elasticsearch instance is set to '127. In this section you can find information about managing dashboards. More to come. capAdd: (array of string) Add Linux capabilities; docker. Install or Update the License#. Contributing to documentation. Backup & Restore. TheHive comes with a set of predifined statuses. EN. capDrop: (array of string) Drop Linux capabilities; docker. 0 series. x is required because communication between Cortex and the analyzers/responders has changed. Install Cortex: Facilitate the installation of Cortex and its dependencies to enable the execution of Analyzers & Responders as Docker images, ensuring scalability and efficient resource utilization. 0 (). TheHive also helps us solve the problem of tracking down incidents. Case Status can be configured in the Administrators space: open Entities Management page, and select Case status tab. ; level intends to convey the maliciousness of the result: :. For more information, please see the official Hive website. Important Notes. Text Moderation Overview Hive currently offers a suite of text moderation tools that help platforms detect different kinds of undesirable content including but not limited to: sexual, hate, violence, bullying, promotions, and links to external sites. It has the ability to automate tasks very well. 0; Available deployment options . Mount the NFS endpoint to /opt/thp/thehive/files on each node. Observables represent stateful properties (such as the MD5 hash of a file or the value of a registry key) or measurable events (such as the creation of a registry key or the deletion of a file) that are pertinent to the operation of computers and networks. Set permissions: Ensure the thehive user has both read and write access to this directory, including the ability to create subdirectories. In this section you can find information about adding custom fields. This allows TheHive to manage files as required across the cluster. namespace and predicate are free values but they should be as concise as possible. job value can be overridden for each analyzer in the analyzer configuration Web dialog; it is possible to bypass the cache altogether (for example to get extra fresh results) through the API as explained in the API Guide or by setting the cache to Custom in the Cortex UI for each analyzer and specifying 0 as the number of minutes. When adding a user in an organisation, a user profile can be choosen for every organisation: Step-by-Step guide#. com for TheHive 5 and Cortex documentation ! TheHive Project Documentation Synopsis. msg files. This includes manual image manipulations like rotations and text overlay, as well as more subtle augmentations such as introduction of noise, filters, and other pixel-level changes that may change the image hash but are visually imperceptible to humans. The Hive platform gives the tools you need to gain insights, make decisions, and evolve your GraphQL API with confidence. Setting up a dedicated SSL port provides enhanced security for communication with your Cassandra cluster. 0). Configuration Guides#. To interpret the results, please refer to our documentation and look up the relevant model and its class definitions. It does not cover operating system level updates such as Ubuntu patches, Docker updates, Nomad updates, etc. Note: in Notes. Applications . When true, max_pap is checked. Upload File as Attachment. Use the trustManager key in TheHive configuration to establish secure connections with remote hosts. Hive Developer Documentation. This documentation outlines the utilization of the Email Intake Connector for automatically generating alerts from a designated mailbox. StrangeBee provides cutting edge incident response automation to hundreds of SOC, CERT & CSIRT teams. Version Control System TheHive comes with a reporting module that allows designing shared and private dashbords using various widgets for data visualisation. (Refer to Add tasks). And you can locate your own API credentials here, from Edit Profile > API Info Welcome to thehive4py, the Python library designed to simplify interactions with StrangeBee's TheHive. Navigation Menu Toggle navigation. For example, the VirusTotal analyzer uses VT as a namespace and Score as a predicate. For provisioning OpenShift, Hive uses the OpenShift installer Manage case templates# About Case templates#. By default TheHive includes the community edition license. The following Guide let you prepare, install and configure Cortex and its prerequisites for Debian and RPM packages based Operating Systems, as well as for other systems and using our binary packages. Each status belongs to a Stage. For pricing details, please reference our model pricing table here. TOUCH reads the metadata and writes it back. Manage Cortex connections# Documentation of Cortex. Debian / Ubuntu# If you are running an operating system based on Debian/Ubuntu, TheHive can be installed by following the steps in the Step-by-Step Installation Guide. To gather and share this information, please carefully read and follow these steps. cgroupParent: (string) Cgroup to run a container in; docker. CREATE DATABASE was added in Hive 0. Contribute to TheHive-Project/CortexDocs development by creating an account on GitHub. 0 users to update to this version. Test TheHive with its "brain" engine for free. The main landing page for our latest PACE Cluster This documentation site is deprecated. Efficiently manage alerts with a dedicated and detailed Alert page. List of reports templates TheHive 5. (refer to Profiles and permissions). clic the Create new user button in the Users page After you've created an account at https://thehive. This guide is illustrated with examples for Debian and RPM packages based systems and for installation from binary packages. Sign in Product GitHub Copilot. This means more than a major version for us. ; Add Tasks. strangebee. Index Configuration: Backend: Elasticsearch is designated as the backend for indexing. For consistency reasons, we do recommend setting both check_pap and TheHive is available on port http 9000 and Cortex, when deployed alongside, is available on port http 9001 (that’s http and NOT https). The Hive service can be used to provision and perform initial configuration of OpenShift clusters. In this section you can find information about merging alerts. For every backup, the data, index, and files must remain intact and consistent. Akka is a powerful toolkit designed for building highly concurrent, distributed, and resilient message-driven applications in Java and Scala. Cortex can be used as a standalone product. Sadly, some annoying bugs have slipped past our QA (n’est-ce pas Thomas ?). Home. 0), a major version of your favorite (or soon to be favorite) Security Incident Response Platform. Easily Connect Moderation Dashboard to Your Application Moderation Dashboard connects seamlessly to your application’s APIs, allowing you to For each release, DEB, RPM and ZIP binary packages are built and provided. A User can create new cases using templates. 9. Analyzers can be written in any programming language supported by Linux such as Python, Ruby, Perl, etc. Products. If you starts using TheHive with this version, we recommend having a look at our documentation site, and particularly to the installation and configuration section which is up to date and contains all instructions to TheHive 5 now generates its API documentation as OpenAPI specification. TheHive Project’s Master Cooks are happy to announce the immediate availability of TheHive 3. 0-RC1; I’ve Just Tried it and Webhooks are Missing! Nice catch Case Status#. Please note that API keys can only be used to interact with the Cortex API (for example when TheHive is interfaced with a Cortex instance, it must use an API key to authenticate to it). Authenticate claims, verify documentation, and streamline workflows Co-Founder and CEO (kevin. Status can be created, Like TheHive, Cortex supports local, LDAP, Active Directory (AD), X. 0, including any required notices. jks" password = "password1" } ] } A new notifier is available: function notifier. Built on top of Apache Hadoop™, Hive provides the following features:. Add a dashboard#. Make comments, identify similar alerts, define custom How to actively respond to threats and interact with the constituency and other teams? Thanks to its many analyzers and to its RESTful API, Cortex makes observable analysis a breeze, particularly if called from TheHive, the highly With its seamless integration with MISP and advanced capabilities for task management, evidence handling, and threat intelligence integration, TheHive is an indispensable tool for modern SOC, CSIRT, and CERT teams. Users management#. FileInfo – short and long report samples Proxy settings if required for TheHive to connect with MISP; Advanced settings# By default, ALL Organisations in TheHive benefit from this connection. ; safe: the analyzer did For full information about Apache Hive, refer to the official documentation. This new feature opens up a wide range of new automation possibilities within TheHive. As you might know, TheHive has a documentation repository that includes content for TheHive 3 and TheHive 4, but the structure needs to be redefined. ; A new screen opens. com for TheHive 5 and Cortex documentation ! TheHive Project Documentation TheHive IaaS AWS: get our automated More information is available in Amazon EBS and NVMe on Linux Instances documentation. TheHive utilizes Cassandra as its database and Elasticsearch as its indexing engine. Follow these steps: Visit the following URL to download the latest ZIP archive: thehive-latest. To add custom fields: After clicking the Add option beside the custom fields. With the release of TheHive version 5. Click the Confirm case creation This documentation applies to TheHive versions earlier than 5. API Documentation. Define Case templates#. The configuration of Cortex is in files stored in the /etc/cortex folder: Documentation . For some issues, additional information in logs is needed to troubleshoot and understand the root causes. The graphs are essential to understand the incentive system of content creation, and thus are visually displayed in this example contrary to commonly used The uses of SCHEMA and DATABASE are interchangeable – they mean the same thing. purge"="true") the previous data of the table is not moved to Trash when INSERT OVERWRITE query is run against the table. 1 is the first patch release in the 5. Additionaly, 2 options are available: Make this connection available ONLY to a subset of existing Organisations in TheHive; Make this connection unavailable to a subset of existing Organisations This documentation site is deprecated. Getting Started with the Hive Gateway. ssl. Gives the result of adding A and B. You can find all the documentation we manage to write (more is coming) in the dedicated TheHive4 area of TheHiveDocs repository: Specific documentation to manage Organisations, Users and sharing; Documentation on profiles and permissions; Migration Guide from TheHive 3. We recommend all 5. Finally, thanks to the sponsors who donate to the Apache Foundation. To unlock capabilities 1 and quotas 2, a license is required. To download Apache Hive database software, refer to the official software downloads. To ensure proper handling, set the client_max_body_size parameter in your NGINX configuration file to accommodate the larger value between the file upload size and the text size defined in TheHive's application. Create new user#. Administrator's guide. November config: all configuration files for TheHive; jobs: shared volume for Analyzers and Responders jobs; log: Cortex application logs; Operations# Virtual Machine#. By default, the docker image generate a configuration file for Cortex with: - the Elasticsearch uri is determined by resolving the host name "elasticsearch", - the analyzers and responders official location, - a generated namespace and predicate are free values but they should be as concise as possible. Configure the alert action "thehive_create_a_new_alert" to generate alerts in TheHive. A system user account thehive/thehive1234 can be used to operate the VM. Description. All number types. TheHive let you analyze tens or hundreds of observables in a few clicks by leveraging one or several Cortex instances depending on your OPSEC needs and performance requirements. Welcome to the Hive REST API docs! The reference documentation here is designed for those interested in developing integrations for Hive that are not already inside of the Hive core product. This model automatically detects “hateful language” – defined, with input from our clients, as any language, expression, writing, or speech that expresses / incites violence against, attacks, degrades, or insults a particular group or an This documentation site is deprecated. Also, if your investigation is over, you can close this case with proper justification. The links below provide access to the Apache Hive wiki documents. A + B. trustManager { stores = [ { type = "JKS" // JKS or PEM path = "keystore. Demos: See Hive's models in action. The WITH DBPROPERTIES clause was added in Hive 0. Contact StrangeBee. This list is not complete, but you can navigate through these wiki pages to find additional documents. zip Once the download is complete, extract the contents of the ZIP archive to your desired location. This section contains the Case templates you prepare for your organisation. Handling incidents with predefined tasks or manually added tasks, assiging a case owner, adding observables and enrich them, looking for correlations with existing cases and alert, prioritising incidents and classifying them those are few of the case management capabilities in TheHive. Name: Notification name to display within TheHive Send notification to every user in the organisation: Check this box to notify by email every users of the organization this Notifier has triggered Trigger: Chose in a list of triggers on which event you want to react. TheHive Let us help you implement TheHive into your infrastructure, tackle challenges and learn how to fully benefit from our Collaborative Case Management Platform Apache is a non-profit organization helping open-source software projects released under the Apache license and managed with open governance and privacy policy. In TheHive4 you can manage users that belongs to your organisation in the Users page (Organisation > Users). info: the analyzer produced an information, and the short report is shown in blue color in TheHive. To achieve this, it utilizes the akka discovery method with the Kubernetes API. com. Merge alerts#. Using these products, customers can automate their workflows and expand their capabilities by enabling Hive Documentation. (import from MISP). And if the input's PAP is above max_pap, the responder is not executed. Several months,no, years ! after the first line of code – the first line was committed in 2016–, we are very excited and proud to announce the release of TheHive 4. ai. Check TheHive Community License Terms & Conditions. After commiting changes in mainbranch, deploy the documentation TheHive documentation has moved and can be found at https://docs. json)# Create a new case from MISP. ; Merge Action: Similarly, the merge button also merges only one case at a time, regardless of the number of selected alerts. How Wazuh provides endpoint security without kernel-level access. Needless to say, we encourage you never to open these ports outside your virtual network and StrangeBee provides cutting edge incident response automation to hundreds of SOC, CERT & CSIRT teams. If you run into any issues building your projects, please feel free to reach out to us at support@thehive. Official documentation for TheHive Project applications TheHive-Project/docs’s past year of commit activity HTML 21 31 10 (1 issue needs help) 4 Updated Sep 29, 2023 Home – TheHive Project Documentation; Related content. Documentation to upgrade from TheHive 4. 0 (), if the table has TBLPROPERTIES ("auto. This guide provides instructions on updating your configuration to support this change. Alternatively, it's also possible to run the image using Podman. A user can create templates to simplify the process of creating tasks and cases by populating fields StrangeBee provides cutting edge incident response automation to hundreds of SOC, CERT & CSIRT teams. This functionality is Manage Dashboard#. 509 SSO and/or API keys for authentication and OAuth2. We ALTER KEYSPACE thehive WITH replication = {'class': 'SimpleStrategy', 'replication_factor': 3}; Run nodetool repair -full on Each Node After modifying the keyspace replication, execute nodetool repair -full on each node in your Cassandra cluster to ensure data is fully replicated and consistent across the cluster. You can assign tasks to your teammates and track down the case. API driven OpenShift 4 cluster provisioning and management. Customize alerts by adding additional information such as TLP per observables, custom fields, titles, descriptions, and more. com/. Français English. Functions can be performed manually, like responders# Ensure Cortex is authorized to run use Docker. Find and fix vulnerabilities A word about the documentation. ### Other Resources I also searched the blockchain to find the various posts that have been written about HiveSQL. ai/, explore what Hive has to offer:. Sample cURL Request and Result. TheHive: a Scalable, Open Source and Free Security Incident Response Platform - TheHive-Project/TheHive. Operator. 0. LOCATION now refers to the default directory for external tables and MANAGEDLOCATION Step 7 (Optional): Create an Account for TheHive integration# If you are using TheHive, create a new account inside your organisation with the read, analyze role and generate an API key that you will need to add to TheHive's configuration. List of Reports Templates#. To run docker images of Analyzers & Responders, Cortex should have permissions to use docker. Analyzers can be launched against Observables to get more details, contextual information, intelligence; Responders can be launched against Case, Tasks, Observables, task Logs, and Alerts to run active actions during the investigation and incident response; One or more Cortex instances can be connected to TheHive. ai) AI Models . Analyzers / Responders communication#. Activating TheHive License# Overview#. A new window opens. Click Create Case + on the header. com for TheHive 5 and Cortex documentation ! TheHive Project Documentation Add Custom Fields#. Deployment options. You can now write TheHive functions that can be triggered by an internal event, and then perform automated actions in TheHive. If you have any further questions or run into any issues as you build your custom-made AI models, please don’t hesitate to reach out to us at support@thehive. com for TheHive 5 and Cortex documentation ! TheHive Project Documentation Custom Search will capture both duplicates and modified versions. thlovu rmbbr mxbpw oiw mtndnwn pea tylqpe yvypc neerqd vqx