Instead of adding the same tasks to a given type of case every time one is created, analysts can use TheHive's template engine to create them once and for all.
Cases can be created from scratch or from MISP events, SIEM alerts, email reports and any other noteworthy source of security events.Įach case can be broken down into one or more tasks. Within TheHive, every investigation corresponds to a case. For example, one case can be created by a first organisation who start investigating and ask for contribution from other teams or escalate to another organisation. Multi-tenancy and fine grained user profiles let organisations and analysts work and collaborate on a same case accross organisations. Using TheHive's live stream, everyone can keep an eye on what's happening on the platform, in real time. For example, an analyst may deal with malware analysis while another may work on tracking C2 beaconing activity on proxy logs as soon as IOCs have been added by their coworker.
Multiple analysts from one organisations can work together on the same case simultaneously. Additionally, when TheHive is used in conjunction with Cortex, security analysts and researchers can easily analyze tens if not hundred of observables.Ĭollaboration is at the heart of TheHive.
You can also export an investigation's results as a MISP event to help your peers detect and react to attacks you've dealt with. You can synchronize it with one or multiple MISP instances to start investigations out of MISP events.
The hive minecraft server us free#
TheHive is a scalable 3-in-1 open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
0 kommentar(er)
