...
TheHive is a scalable, open source and free security incident response platform.
Connect TheHive with Devo SOAR
Navigate to Automations > Integrations.
Search for TheHive.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
Server IP or Hostname: Server IP or Hostname where TheHive is installed and running.Example: http://111.111.111.111
Port Number: Port Number for TheHive instance.
API Key: API Key for TheHive instance.
After you've entered all the details, click Connect.
Actions for TheHive
List Cases
Get a list of cases.
Input Field
Choose a connection that you have previously created to complete the connection.
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: List of cases.
...
Find Cases
Find cases.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Search Text | Column name from parent table containing search text for the Case. | Required |
Case Status | Column name from parent table containing case status. | |
Example: Open, Resolved. | Optional | |
Case Assignee | Column name from parent table containing case assignee. | Optional |
Case Severity | Column name from parent table containing case severity. Example: High, Medium, Low. | Optional |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Cases that matches search criteria
...
Create a Case
Creates a case
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Title | Column name from the parent table for the title field. | Required |
Description | Column name from parent table containing a description of the case. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Case details
...
Get a Case
Get a case
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Case ID | Column name from the parent table for caseid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Case details
...
Update a Case
Update a case
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Case Id | Column name from the parent table for caseid field. | Required |
Title | Column name from the parent table for the title field. | Required |
Description | Column name from parent table containing a description of the case. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Case details
...
Remove a Case
Remove a case
Input Field
Input Name | Description | Required |
|---|---|---|
Case Id | Column name from the parent table for caseid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Case Id
...
Get Linked Cases
Get the list of cases linked to the case
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Decription | Required |
|---|---|---|
Case Id | Column name from the parent table for caseid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: List of cases
...
Merge Cases
Merge cases
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Case Id (First) | Column name from the parent table for first caseid field. | Required |
Case Id (Second) | Column name from the parent table for second caseid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Case details
...
List Alerts
Get a list of alerts.
Input Field
Choose a connection that you have previously created to complete the connection.
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: List of alerts.
...
Find Alerts
Find alerts.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Search Text | Column name from parent table containing search text for the Case. | Required |
Status | Column name from parent table containing status. Example: New, Updated, Ignored, Imported. | Optional |
Source | Column name from parent table containing the source. | Optional |
Severity | Column name from parent table containing severity. Example: High, Medium, Low. | Optional |
Type | Column name from parent table containing case severity. Example: External, Internal. | Optional |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Alerts that matches search criteria
...
Compute Stats on Alerts
Compute stats on alerts.
Input Field
Choose a connection that you have previously created to complete the connection.
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Stats on alerts.
...
Create an Alert
Creates an alert
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Title | Column name from the parent table for the title field. | Required |
Description | Column name from parent table containing description field. | Required |
Type | Column name from parent table containing type field. | Required |
Source | Column name from parent table containing source field. | Required |
Source Reference | Column name from parent table containing source reference field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Alert details
...
Get an Alert
Get an alert
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Alert Id | Column name from the parent table for alertid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Alert details
...
Update an Alert
Update an alert
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Alert Id | Column name from the parent table for alertid field. | Required |
Title | Column name from the parent table for the title field. | Required |
Description | Column name from parent table containing description field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Alert details
...
Delete an Alert
Delete an alert
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Alert Id | Column name from the parent table for alertid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Alert Id
...
Mark an Alert as Read
Mark an alert as read.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Alert Id | Column name from the parent table for alertid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Alert details
...
Mark an Alert as Unread
Mark an alert as unread.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Alert Id | Column name from the parent table for alertid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Alert details
...
Create a Case from an Alert
Create a case from an alert.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Alert Id | Column name from the parent table for alertid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Case details
...
Merge an Alert in a Case
Merge an alert in a case.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Alert Id | Column name from the parent table for alertid field. | Required |
Case Id | Column name from the parent table for caseid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Case details
...
Merge Several Alerts in One Case
Merge several alerts in one case.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Alert Ids | Column name from the parent table for alertids field. Example: a_id1,a_id2,a_id3. | Required |
Case Id | Column name from the parent table for caseid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Case details
...
Find Tasks
Find tasks.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Case Id | Column name from the parent table for caseid field. | Required |
Search Text | Column name from parent table containing search text for the task. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Tasks that matches search criteria
...
Get a Task
Get a task.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Task Id | Column name from the parent table for taskid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Task details
...
Update a Task
Update a task.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Task Id | Column name from the parent table for task id field. | Required |
Title | Column name from the parent table for title field. | Required |
Description | Column name from parent table containing description field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Task details
...
Create a Task
Creates a task.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Title | Column name from the parent table for the title field. | Required |
Description | Column name from parent table containing description field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Task details
...
Find Observables
Find observables.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Case Id | Column name from the parent table for caseid field. | Required |
Search Text | Column name from parent table containing search text field. | Required |
Type | Column name from parent table containing type. Example: ip, domain, url, filename. | Optional |
Value | Column name from parent table containing the value. | Optional |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Observables that matches search criteria
...
Create an Observable
Creates an observable.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Case Id | Column name from the parent table for caseid field. | Required |
Observable datatype | Column name from the parent table for an observable datatype. | Required |
Observable data | Column name from the parent table for observable data. Example: pic.png. | Required |
Observable message | Column name from the parent table for an observable message. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Observable details
...
Get an Observable
Get an observable.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Observable Id | Column name from the parent table for observableid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Observable details
...
Create a Log
Creates a log.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Task Id | Column name from the parent table for taskid field. | Required |
Message | Column name from parent table containing the message of case. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Log details
...
Update a Log
Update a log.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Log Id | Column name from the parent table for logid field. | Required |
Message | Column name from parent table containing the message of case. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Log details
...
Get a Log
Get a log.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Log Id | Column name from the parent table for logid field. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
result: Log details
...
Release Notes
v2.0.0- Updated architecture to support IO via filesystem
...