TheHive-Project / Awesome
A curated list of awesome things related to TheHive & Cortex
Stars: ✭ 88
Labels
Projects that are alternatives of or similar to Awesome
Incident Response Docs
PagerDuty's Incident Response Documentation.
Stars: ✭ 859 (+876.14%)
Mutual labels: incident-response
Wheel Of Misfortune
A role-playing game for incident management training
Stars: ✭ 57 (-35.23%)
Mutual labels: incident-response
My Arsenal Of Aws Security Tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Stars: ✭ 6,464 (+7245.45%)
Mutual labels: incident-response
Analyst Casefile
Maltego CaseFile entities for information security investigations, malware analysis and incident response
Stars: ✭ 41 (-53.41%)
Mutual labels: incident-response
Osquery Configuration
A repository for using osquery for incident detection and response
Stars: ✭ 618 (+602.27%)
Mutual labels: incident-response
Wazuh Documentation
Wazuh - Project documentation
Stars: ✭ 82 (-6.82%)
Mutual labels: incident-response
Scripting
PS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (-46.59%)
Mutual labels: incident-response
Awesome Sre
A curated list of Site Reliability and Production Engineering resources.
Stars: ✭ 7,687 (+8635.23%)
Mutual labels: incident-response
Ios Triage
incident response tool for iOS devices
Stars: ✭ 42 (-52.27%)
Mutual labels: incident-response
Cortex
Cortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+668.18%)
Mutual labels: incident-response
Ioc Explorer
Explore Indicators of Compromise Automatically
Stars: ✭ 73 (-17.05%)
Mutual labels: incident-response
Cyberchef Recipes
A list of cyber-chef recipes and curated links
Stars: ✭ 619 (+603.41%)
Mutual labels: incident-response
Beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+1009.09%)
Mutual labels: incident-response
Response
Monzo's real-time incident response and reporting tool ⚡️
Stars: ✭ 1,252 (+1322.73%)
Mutual labels: incident-response
Yara Endpoint
Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.
Stars: ✭ 75 (-14.77%)
Mutual labels: incident-response
Historicprocesstree
An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Stars: ✭ 46 (-47.73%)
Mutual labels: incident-response
Awesome TheHive 
A curated list of awesome things related to TheHive & Cortex
TheHive
Official Resources
Libraries
- TheHive4Py - Official TheHive API client written in Python
- thehive.js - TheHive API client written in Javascript (WIP)
- hive4go - A Golang API for TheHive, by @frikky
- go-thehive - A Golang API for TheHive, by @ilyaglow
- TheHive4PS - PowerShell functions to interact with TheHive API, by @vi-or-die
- TheHive4node - TheHive API client written in Node (WIP), by @agix
Integrations
- Synapse - Meta Alert feeder, inluding Qradar and Exchange connectors
- DigitalShadows2TH - Alert feeder for DigitalShadows
- Zerofox2TH - Alert feeder for ZeroFox
- CrowdStrike2TH - Alert feeder for CrowdStrike, by @xg5-simon
- FireEye2TH - FireEye iSIGHT Alert Feeder for TheHive, by @LDO-CERT
- graylog2thehive - Alert feeder for Graylog, by @ReconInfoSec
- mailgun2thehive - Simple Python flask app that runs as a web server, and accepts POST requests from your Mailgun routes, by @ReconInfoSec
- qradar2thehive - Alert feeder for Qradar, by @pierrebarlet
- TA-thehive-CE - Splunk Application for TheHive, by @remg427
- thehiveemail - Reading and processing of email folders for TheHive + Autoupdating case histories, by @ReconInfoSec
- thehive-falcon - Falcon streaming api alert integration for TheHive, by @ag-michael
- Elastalert TheHive alerter - Elastalert connector for TheHive, by @Nclose-ZA
- StackStorm - TheHive pack for StackStorm
- TheHive Opendxl - TheHive service for use with the OpenDXL Python Client
- TheHive OpenAPI definition - OpenAPI definition for TheHive, by @frikky
- thehive-slack-webhook - A simple Lambda function for delivering The Hive webhooks to Slack, by ReconInfoSec
- TheHive2Sigma - Python script to automatically create sigma rules from Thehive observables, by @jordisk
- TheHive WALKOFF app - A TheHive WALKOFF application, by @frikky
- Cyrating Feeder - Cyrating Reputation alert importer for TheHive, by vletoux
- Canaries to TheHive - Create alerts in TheHive from your Thinkst Canary alerts, to be turned into TheHive cases, by ReconInfoSec
- Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS, by @Felix83000
Tools
- Pollen - A command-line tool for interacting with TheHive, by @bromiley
- mihari - A sidekick tool for TheHive to monitor malicious hosts, by @ninoseki
Devops
- itamae_thehive - Automated installation of TheHive/Cortex by using Itamae, by ninoseki
- ansible-thehive 1 - Ansible role for installing TheHive, by @drewstinnett
- ansible-thehive 2 - Ansible Role for TheHive, by @rhythmictech
- thehive-standalone - Terraform module and supporting tools to build and create a fully self-contained instance of TheHive and Cortex, by @rhythmictech
Blogs & Articles
- Security Distractions
- agood.cloud
- SANS ISC InfoSec Forums - IR using TheHive Project.
- Chris Sanders blog - Investigation Case Management with TheHive, by @chrissanders88
- Cisco Umbrella blog - Hive-Cortex Analyzer and Maltego Transform for Investigate
- SOAR webhook integration - Example integration between TheHive and NSA's WALKOFF project
- DNS Threat Intelligence for Our Community - DomainTools Iris Integration - How to do DNS Threat Intelligence with DomainTools Iris integration in TheHive and Cortex by Paul Sourin.
- AleSecurity Blog - How to use OAuth2/OIDC (OpenID Connect) with TheHive
- Create and delete training alerts in TheHive, by Koen Van Impe
Podcasts
- NoLimitSecu - A French podcast
Cortex
Official Resources
Libraries
- Cortex4Py - Official Cortex API client written in Python
- go-cortex - Cortex API client written in Golang, by @ilyaglow
Analyzers & Responders
- Cortex-Analyzers - Official Cortex Analyzers and Responders collection
- SendEmail - Cortex Responder to send emails from TheHive tasks and logs, by @norgalades
- Cortex-Analyzers by @aacgood - A collection of Cortex Analyzers and Responders for TheHive/Cortex, by @aacgood
Tools
- cortex-tgbot - Threat intelligence Telegram bot based on Cortex engine, by @ilyaglow
- cortextester - Inspired by cortexutils - a testing framework for Cortex-Analyzers and -Responders, by @TKCERT
Devops
- ansible-cortex 1 - Ansible module for installing Cortex, by @drewstinnett
- ansible-cortex 2 - Ansible role for Cortex, an observable analyzer that works with TheHive, by @rhythmictech
Blogs & Articles
- Nviso Labs - Creating Responders in TheHive, by @NVISO-BE
Contribute
Contributions welcome! Read the contribution guidelines first.
License
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].