Skip to content
Synapse: a Meta Alert Feeder for TheHive, a Security Incident Response Platform
Branch: master
Clone or download
Latest commit 2a507b4 Feb 13, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs update picture Feb 13, 2019
examples Updating example with a reasonnable timerange Nov 11, 2018
.gitignore Should be no change to functionality, small refactor to make qradar o… Sep 13, 2018
.pylintrc Adding in a potential pylintrc, trying to match style of existing code Sep 19, 2018
LICENSE Initial commit Jul 18, 2018 updating version Nov 12, 2018

Synapse is a free, open source meta alert feeder that allows you to feed TheHive from multiple alert sources at once.
It leverages TheHive's API to automate case and alert creation. Thanks to Synapse, you can swiftly create cases or alerts in TheHive out of email notifications or SIEM events.

Currently, Synapse supports the following alert sources:

  • Microsoft Exchange
  • Microsoft O365
  • IBM QRadar


Most of the time, transforming a security event or a notification about a suspicious email requires several actions and conditions. Synapse gathers those into workflows.

In order to have the most user-friendly application possible, we decided to put an API on top of these workflows. That way, you would only execute the workflow you are interested in by "hitting" the corresponding API endpoint.

The following workflows are currently supported by Synapse:

  • Case creation from email using Exchange Web Service & O365
  • Alert creation from QRadar offenses

For a detailed explanation of each workflow, please have a look at the workflows page.

Using Synapse

The user guide should contain all the information you need. In short:

  1. Install dependencies
  2. Fill in the config file
  3. Execute: python3

While all operating systems running Python 3 can be used for Synapse, we recommend the use of Ubuntu.


Synapse is an open source and free software released under the AGPL (Affero General Public License). We, TheHive Project, are committed to ensure that TheHive will remain a free and open source project on the long-run.


Information, news and updates are regularly posted on TheHive Project Twitter account and on the blog.


Please see our Code of conduct. We welcome your contributions. Please feel free to fork the code, play with it, make some patches and send us pull requests via issues.


Please open an issue on GitHub if you'd like to report a bug or request a feature. We are also available on Gitter to help you out.

If you need to contact the project team, send an email to

Community Discussions

We have set up a Google forum at To request access, you need a Google account. You may create one using a Gmail address or without it.



  • Closing QRadar offense after closing TheHive case or alert
  • Scheduler to periodically execute workflows

Special Thanks

Kudos to Erik Cederstrand for his amazing work on Exchangelib.

We also would like to thank the IBM team for providing a Python QRadar API client to the community.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.