Displaying 1 to 5 from 5 results

TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform

  •    Javascript

TheHive is a scalable 3-in-1 open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. It is the perfect companion to MISP. You can synchronize it with one or multiple MISP instances to start investigations out of MISP events. You can also export an investigation's results as a MISP event to help your peers detect and react to attacks you've dealt with. Additionally, when TheHive is used in conjunction with Cortex, security analysts and researchers can easily analyze tens if not hundred of observables. Collaboration is at the heart of TheHive. Multiple analysts can work on the same case simultaneously. For example, an analyst may deal with malware analysis while another may work on tracking C2 beaconing activity on proxy logs as soon as IOCs have been added by their coworker. Using TheHive's live stream, everyone can keep an eye on what's happening on the platform, in real time.

Cortex - Powerful Observable Analysis Engine

  •    Scala

Cortex, an open source and free software, has been created by TheHive Project for this very purpose. Observables, such as IP and email addresses, URLs, domain names, files or hashes, can be analyzed one by one or in bulk mode using a Web interface. Analysts can also automate these operations thanks to the Cortex REST API. By using Cortex, you won't need to rewrite the wheel every time you'd like to use a service or a tool to analyze an observable and help you investigate the case at hand. Leverage one of the several analyzers it contains and if you are missing a tool or a service, create a suitable program easily and make it available for the whole team (or better, for the whole community) thanks to Cortex.

Cortex-Analyzers - Cortex Analyzers Repository

  •    Python

The following repository is used by TheHive Project to develop and store Cortex analyzers. Analyzers can be written in any programming language supported by Linux such as Python, Ruby, Perl, etc. Refer to the How to Write and Submit an Analyzer page for details on how to write and submit one.

TheHive4py - Python API Client for TheHive

  •    Python

TheHive4py is a Python API client for TheHive, a scalable 3-in-1 open source and free security incident response platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. TheHive4py allows analysts to send alerts to TheHive out of different sources. Those alerts can then be previewed and imported into cases using pre-defined templates.




TheHiveDocs - Documentation of TheHive

  •    

TheHive is a scalable 4-in-1 open source and free security incident response platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. Thanks to Cortex, our powerful free and open source analysis engine, you can analyze (and triage) observables at scale using more than 80 analyzers. Additionally and starting from TheHive 3.1.0, you can actively respond to threats and interact with your constituency and other parties thanks to Cortex responders.