Morning did anyone manage to implement opendxl-thehive-service-python with the ePO and create alert successfully in TheHive?
OpenDXL
Security Intelligence Sharing
Morning did anyone manage to implement opendxl-thehive-service-python with the ePO and create alert successfully in TheHive?
Hi-
Yes, we have demonstrated an integration between ePO, TheHive, and Node-RED. The particular workflow is that ePO sends threat events over DXL, the event is received by Node-RED, which in turn creates a case in TheHive (via the OpenDXL TheHive Service).
Is there a specific use case you are looking to accomplish?
Thanks,
Chris
In short when i have an ePO alert i need to create the same alert into theHive. At a leter stage i would also like to be able to do it the other way, for instance an alert received into theHive from misp with a particular malicious URL the same url added to the Allow and Block list of web control. The latter however is not my priority for the moment.
Hi
For your first use case, like Chris mentioned you can do that using ePO, TheHive and Node-RED integration.
Thanks,
Viji