TheHive | About#
Introduction#
TheHive Project consists of:
TheHive platform: an open-source Security Incident Response Platform.
Cortex: a web-based interface for configuring integrations for ingestion and analysis.
An integration of EclecticIQ Intelligence Center (EIQ IC) with TheHive involves connecting the IC to Cortex so that information collected in TheHive gets send through Cortex to EIQ IC.
Features#
Enrich observables in TheHive with information from your EclecticIQ Intelligence Center.
Export your cases and observables from TheHive directly to EclecticIQ Intelligence Center
Prerequisites#
EclecticIQ Intelligence Center v3.0.0 or later
TheHive Platform v4.1.24 or later
Cortex v3.1.8 or later
A user with the relevant permissions.
Configuring EIQ IC user
To set up the analyzer and set up the responder, you have to create an API token as a user with at least the permissions and group memberships the API will need.
Recommended: Create a new EclecticIQ Intelligence Center user to act as a service account. This user can then be configured with the permissions and group memberships required.
Getting started#
User types
Both TheHive platform and Cortex have two user types:
regular users
system admins
Unless otherwise stated, the actions described in this documentation need to be carried out by regular users.