This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
Hi everyone,
I’m working on a project where I need to automatically create alerts and cases in TheHive based on CVE data. Here’s a brief overview of my setup and the challenges I’m facing :
>> Project Overview :
Script Functionality : I’ve written a script that pulls CVE details from Elasticsearch and generates alerts in TheHive based on a specific condition ( specific affected product for example). The script then converts these alerts into cases.
Team-Based Assignment : I want to assign cases to specific teams (e.g., Apps team for WordPress CVEs, Networking team for Cisco CVEs) based on the nature of the CVE.
Email Notifications : I need to notify all members of the relevant team when a new case is created.
>> The Problem :
1. Case Assignment : TheHive doesn’t seem to support direct assignment of cases to multiple users or groups based on tags or other criteria. I can create user profiles and organizations, but the API doesn’t allow assigning cases to multiple users in a straightforward way.
2. Notification : I need an efficient method to notify all members of a team about new cases.
>> What I’ve Tried :
1. Multiple Organizations : Creating separate organizations for each team and assigning users accordingly. This allows team members to see only their relevant cases.
2. Tags and Profiles : Using tags to identify teams and manually assigning cases based on these tags.
3. Email Notifications : Considering using an external script to send email notifications to team members.
What can I do to fix my issue or does anyone suggest any alternative solutions or tools that might be better suited to this requirement.
Thanks in advance for your help!
Subreddit
Post Details
- Posted
- 4 months ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/AskNetsec/c...