TheHive | About#

Introduction#

TheHive Project consists of:

  • TheHive platform: an open-source Security Incident Response Platform.

  • Cortex: a web-based interface for configuring integrations for ingestion and analysis.

An integration of EclecticIQ Intelligence Center (EIQ IC) with TheHive involves connecting the IC to Cortex so that information collected in TheHive gets send through Cortex to EIQ IC.

Features#

  • Enrich observables in TheHive with information from your EclecticIQ Intelligence Center.

  • Export your cases and observables from TheHive directly to EclecticIQ Intelligence Center

Prerequisites#

  • EclecticIQ Intelligence Center v3.0.0 or later

  • TheHive Platform v4.1.24 or later

  • Cortex v3.1.8 or later

  • A user with the relevant permissions.

Configuring EIQ IC user

To set up the analyzer and set up the responder, you have to create an API token as a user with at least the permissions and group memberships the API will need.

Recommended: Create a new EclecticIQ Intelligence Center user to act as a service account. This user can then be configured with the permissions and group memberships required.

Getting started#

User types

Both TheHive platform and Cortex have two user types:

  • regular users

  • system admins

Unless otherwise stated, the actions described in this documentation need to be carried out by regular users.

  1. Configure the responder.

  2. Configure the analyzer.

  3. Enrich cases & observables in TheHive with the Analyzer.

  4. Export cases & observables to EclecticIQ Intelligence Center with the Responder.