TheHive
Version: 2.0.0
TheHive is a scalable, open source and free security incident response platform.
Connect TheHive with LogicHub
- Navigate to Automations > Integrations.
- Search for TheHive.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- Server IP or Hostname: Server IP or Hostname where TheHive is installed and running.Example: http://111.111.111.111
- Port Number: Port Number for TheHive instance.
- API Key: API Key for TheHive instance.
- After you've entered all the details, click Connect.
Actions for TheHive
List Cases
Get a list of cases.
Input Field
Choose a connection that you have previously created to complete the connection.
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: List of cases.
Find Cases
Find cases.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Search Text | Column name from parent table containing search text for the Case. | Required |
| Case Status | Column name from parent table containing case status. Example: Open, Resolved. | Optional |
| Case Assignee | Column name from parent table containing case assignee. | Optional |
| Case Severity | Column name from parent table containing case severity. Example: High, Medium, Low. | Optional |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Cases that matches search criteria
Create a Case
Creates a case
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Title | Column name from the parent table for the title field. | Required |
| Description | Column name from parent table containing a description of the case. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Case details
Get a Case
Get a case
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Case ID | Column name from the parent table for caseid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Case details
Update a Case
Update a case
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Case Id | Column name from the parent table for caseid field. | Required |
| Title | Column name from the parent table for the title field. | Required |
| Description | Column name from parent table containing a description of the case. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Case details
Remove a Case
Remove a case
Input Field
| Input Name | Description | Required |
|---|---|---|
| Case Id | Column name from the parent table for caseid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Case Id
Get Linked Cases
Get the list of cases linked to the case
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Decription | Required |
|---|---|---|
| Case Id | Column name from the parent table for caseid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: List of cases
Merge Cases
Merge cases
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Case Id (First) | Column name from the parent table for first caseid field. | Required |
| Case Id (Second) | Column name from the parent table for second caseid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Case details
List Alerts
Get a list of alerts.
Input Field
Choose a connection that you have previously created to complete the connection.
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: List of alerts.
Find Alerts
Find alerts.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Search Text | Column name from parent table containing search text for the Case. | Required |
| Status | Column name from parent table containing status. Example: New, Updated, Ignored, Imported. | Optional |
| Source | Column name from parent table containing the source. | Optional |
| Severity | Column name from parent table containing severity. Example: High, Medium, Low. | Optional |
| Type | Column name from parent table containing case severity. Example: External, Internal. | Optional |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Alerts that matches search criteria
Compute Stats on Alerts
Compute stats on alerts.
Input Field
Choose a connection that you have previously created to complete the connection.
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Stats on alerts.
Create an Alert
Creates an alert
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Title | Column name from the parent table for the title field. | Required |
| Description | Column name from parent table containing description field. | Required |
| Type | Column name from parent table containing type field. | Required |
| Source | Column name from parent table containing source field. | Required |
| Source Reference | Column name from parent table containing source reference field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Alert details
Get an Alert
Get an alert
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alert Id | Column name from the parent table for alertid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Alert details
Update an Alert
Update an alert
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alert Id | Column name from the parent table for alertid field. | Required |
| Title | Column name from the parent table for the title field. | Required |
| Description | Column name from parent table containing description field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Alert details
Delete an Alert
Delete an alert
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alert Id | Column name from the parent table for alertid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Alert Id
Mark an Alert as Read
Mark an alert as read.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alert Id | Column name from the parent table for alertid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Alert details
Mark an Alert as Unread
Mark an alert as unread.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alert Id | Column name from the parent table for alertid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Alert details
Create a Case from an Alert
Create a case from an alert.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alert Id | Column name from the parent table for alertid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Case details
Merge an Alert in a Case
Merge an alert in a case.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alert Id | Column name from the parent table for alertid field. | Required |
| Case Id | Column name from the parent table for caseid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Case details
Merge Several Alerts in One Case
Merge several alerts in one case.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alert Ids | Column name from the parent table for alertids field. Example: a_id1,a_id2,a_id3. | Required |
| Case Id | Column name from the parent table for caseid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Case details
Find Tasks
Find tasks.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Case Id | Column name from the parent table for caseid field. | Required |
| Search Text | Column name from parent table containing search text for the task. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Tasks that matches search criteria
Get a Task
Get a task.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Task Id | Column name from the parent table for taskid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Task details
Update a Task
Update a task.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Task Id | Column name from the parent table for task id field. | Required |
| Title | Column name from the parent table for title field. | Required |
| Description | Column name from parent table containing description field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Task details
Create a Task
Creates a task.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Title | Column name from the parent table for the title field. | Required |
| Description | Column name from parent table containing description field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Task details
Find Observables
Find observables.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Case Id | Column name from the parent table for caseid field. | Required |
| Search Text | Column name from parent table containing search text field. | Required |
| Type | Column name from parent table containing type. Example: ip, domain, url, filename. | Optional |
| Value | Column name from parent table containing the value. | Optional |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Observables that matches search criteria
Create an Observable
Creates an observable.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Case Id | Column name from the parent table for caseid field. | Required |
| Observable datatype | Column name from the parent table for an observable datatype. | Required |
| Observable data | Column name from the parent table for observable data. Example: pic.png. | Required |
| Observable message | Column name from the parent table for an observable message. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Observable details
Get an Observable
Get an observable.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Observable Id | Column name from the parent table for observableid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Observable details
Create a Log
Creates a log.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Task Id | Column name from the parent table for taskid field. | Required |
| Message | Column name from parent table containing the message of case. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Log details
Update a Log
Update a log.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Log Id | Column name from the parent table for logid field. | Required |
| Message | Column name from parent table containing the message of case. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Log details
Get a Log
Get a log.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Log Id | Column name from the parent table for logid field. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Log details
Release Notes
v2.0.0- Updated architecture to support IO via filesystem
Updated about 1 year ago