TheHive-Stuff

A collection of scripts for the TheHive (not submitted (yet) to the project)

These scripts are not perfect.. they all work, but would need some futher development.. perhaps

• CANARY2Alert - Push Canary alerts into TheHive
• CVE2Alert - Uses CVE-Search as the base and then searches in one or several vulnerablity managment systems for any "hits"
• RSS2Alert - Keep track of "security" news in the form of TheHive Alerts
• Rapid7 - A Rapid7 analyzer, search for information about a host or IP
• Zscaler Responder - Block offending URL's/Domains in Zscaler (works like a charm), credit goes to Darren Sykes for the orginal version.
• Zscaler Sandbox - Utilize the Zscaler Sandbox to analyse your samples
• Netcraft Responder - When you are done anlyzing a phishing site, report it to Netcraft

A list of analyzer that have been commited to the TheHive/Cortex project:

• CIRCL Hashlookup: https://github.com/TheHive-Project/Cortex-Analyzers/tree/master/analyzers/CIRCLHashlookup

• Triage Sandbox analyzer: https://github.com/TheHive-Project/Cortex-Analyzers/tree/master/analyzers/Triage

A list of analyzer and "fixes" that I have done, that are still in "PR" status:

• Cortex Utils - fix for analyzer and Mitm proxies:
  TheHive-Project/cortexutils#18

• Cylance analyzer: TheHive-Project/Cortex-Analyzers#979

• Zscaler Analyzer: TheHive-Project/Cortex-Analyzers#981 (credit goes to xg5-simon for the orginal version)