Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
19 lines (13 sloc) 836 Bytes

Workflows

Synapse connects your security devices with TheHive to automate actions such as case creation or alert creation.
Thanks to its modular design, the list of connectable devices can easily be extended.

However, connecting a firewall and connecting a mailbox are two different things.
Above the technical point of view, the two devices have totally different workflows. When an email may be marked as read, a firewall event may not.

That is why workflows need to be documented.

This section aims to detail workflows so analysts know what's happening under the hood.
Available workflows are:

  • Ews2Case
    • Creating case from Microsoft Exchange emails.
  • QRadar2alert
    • Creating alert from QRadar offenses.
    • Closing QRadar offenses from TheHive.
You can’t perform that action at this time.