Skip to content
Scripts for TheHive.
Branch: master
Clone or download
Latest commit 73a5743 Feb 26, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.


qradar2thehive python script was created to use TheHive as an incident response platform for the IBM QRadar SIEM. I made it as simple as possible so that everyone could adapt it to their needs. It requires a little configuration. All the details are described in the comments of the script. Any improvement is welcome. Many thanks to The Hive project team for their outstanding work:


You need:

  • TheHive4py
  • TheHive API key
  • QRadar API key
  • TheHive instance URL
  • QRadar IP address
  • A local file to save last QRadar Offense ID
  • Create custom fields on TheHive with the same internal reference and the same type as the script

Use cron to automate the execution of the script. Sample:

*/1 * * * * /usr/bin/python3 /path/to/


A little script to update a large number of cases. You have to configure the range of cases id you want to update and of course the attributes you want to modifiy. I use the script to close a large number of cases when i have false positive from QRadar. If you want to update a small number of cases you can get samples from TheHive-Project here.

You can’t perform that action at this time.