Skip to content

The Hive

The Hive

TheHive is a scalable, open source and free Security Incident Response Platform

Configuration

Name Type Description
base_url string Your TheHive instance URL
apikey string An API key
organisation string The user organisation

Actions

Create an alert in The Hive

Arguments

Name Type Description
alert object A SEKOIA.IO alert
events array The alert events used to create TheHive alert artifacts
artifact_tlp integer Case's TLP: 0, 1, 2, 3 for WHITE, GREEN, AMBER, RED. Default: 1
artifact_sighted boolean Observable's sighted flag, True to mark the observable as sighted. Default: True
artifact_ignore_similarity boolean Observable's similarity ignore flag. True to ignore the observable during similarity computing. Default: True

Outputs

Name Type Description
id string
createdBy string
createdAt string
updatedAt string
type string
source string
sourceRef string
externalLink string
title string
description string
severity integer
date integer
tags array
tlp integer
pap integer
status string
follow boolean
customFields object
artifacts array

Extra

Module The Hive v1.4