And now, for the first time, you can send alerts via action from ArcSight ESM Console to the TheHive when Correlation Rules are triggered.

Related tags

Third-party APIs WrappersArcSight-TheHive-Alert
Overview

ArcSight Integration with TheHive

And now, for the first time, you can send alerts via action from ArcSight ESM Console to the TheHive when Correlation Rules are triggered.

All actions taken on a SIEM to enhance its functionalities are in line with the goal of being able to send the alerts and results of all detected incidents centrally to an Incident Response platform. One of the best Incident Response platforms is the TheHive. As you know, Some Add-ons have already been developed to integrate TheHive with Splunk Enterprise, but there was no way to integrate TheHive with ArcSight ESM. Here you can find a general and extensible script that can be used as an execution command in ArcSight ESM, you can send the results of the triggered correlation rules to the TheHive platform in the form of an Alert.

Quick Start

In this section, a brief explanation of how to use and function of this script is provided.

Pre-Requirements

Knowledge

For using this python script you must be completely proficient in the functionality of the ArcSight ESM Execution Command Resource and the structure of the CEF log format. Also, you must be familiar with the functionalities of the TheHive and TheHive4Py.

Creating Custom Fields

At the first, login to the ArcSight Console and Find the Rule resource that you want to add an action with the type of Command Execution. Related to the all fields of correlation events, you must add the Custom Fields in the Thehive. All types of fields(string, boolean, integer, date) must be defined in the custom fields.

Configuration the script file

Edit the sample-makealert.py file and put the IP address or Hostname of Thehive server. Also, put the API key Insert all fields name of correlation events in the custom fields helper section. Save and exit. Place the script file in the appropriate path on the ArcSight server.

Add command execution as action

In the ArcSight Console, add an action as a command execution. Add below command /usr/bin/python3 <Path_of_script_file>/makealert.py Add all fields name as a variable type in the parameter section. Save and Apply.

Owner
Amir Hossein Zargaran
SOC the Next-Gen Architect & Open-Source SIEM and related tools implementor and deployer
Amir Hossein Zargaran
GitHub Repository
Telegram Group Manager Bot + Userbot Written In Python Using Pyrogram.

Telegram Group Manager Bot + Userbot Written In Python Using PyrogramTelegram Group Manager Bot + Userbot Written In Python Using Pyrogram

1 Nov 11, 2021
Yandex OSINT tool

YaSeeker Description YaSeeker - an OSINT tool to get info about any Yandex account using email or login. It can find: Fullname Photo Gender Yandex UID

HowToFind 110 Jan 03, 2023
A Pancakeswap v2 trading client (and bot) with limit orders, stop-loss, custom gas strategies, a GUI and much more.

Pancakeswap v2 trading client A Pancakeswap trading client (and bot) with limit orders, stop-loss, custom gas strategies, a GUI and much more. If you

571 Mar 15, 2022
🛰️ Scripts démontrant l'utilisation de l'imagerie RADARSAT-1 à partir d'un seau AWS | 🛰️ Scripts demonstrating the use of RADARSAT-1 imagery from an AWS bucket

🛰️ Scripts démontrant l'utilisation de l'imagerie RADARSAT-1 à partir d'un seau AWS | 🛰️ Scripts demonstrating the use of RADARSAT-1 imagery from an AWS bucket

Agence spatiale canadienne - Canadian Space Agency 4 May 18, 2022
Simple library for logging to Loggly

#Hoover A python wrapper used to hit the Loggly. API For more information on Hoover see http://wiki.loggly.com/hooverguide ##Install With this git rep

Hoover Loggly 34 May 19, 2021
Python client for Messari's API

Messari API Messari provides a free API for crypto prices, market data metrics, on-chain metrics, and qualitative information (asset profiles). This d

Messari 85 Dec 22, 2022
Validate all your Customer IAM Policies against AWS Access Analyzer - Policy Validation

✅ Access Analyzer - Batch Policy Validator This script will analyze using AWS Access Analyzer - Policy Validation all your account customer managed IA

Victor GRENU 41 Dec 12, 2022
A simple terminal UI for viewing fund P/L analysis through TEFAS

Tefas UI A simple terminal UI for viewing fund P/L analysis through TEFAS. Features (that my own bank's UI lack): Daily and weekly P/L FX comparisons

Batuhan Taskaya 4 Mar 14, 2022
MemeBot - A discord bot that tracks how good people's memes are

MemeBot A discord Meme "Karma" Tracking bot Dependancies Make sure you have pymongo installed and a mongodb cluster setup with two collections. pip in

Uday Sharma 3 Aug 10, 2022
Online Marketplace API

Online Marketplace API Table of Contents Setup Instructions Documentation Setup instructions Make sure you have python installed Clone the repository

Kanat 3 Jul 13, 2022
Wechat-file-cleaner - Clean files in PC WeChat FileStorage directory

Wechat-file-cleaner - Clean files in PC WeChat FileStorage directory

Xingjian Zhang 1 Feb 06, 2022
Una herramienta para transmitir mensajes automáticamente a múltiples grupos de chat

chat-broadcast Una herramienta para transmitir mensajes automáticamente a múltiples grupos de chat Setup Librerías Necesitas Python 3 con la librería

Seguimos 2 Jan 09, 2022
An API wrapper for discord; maintained and improved from discord.py

Fusion.py Documentation What is Fusion.py you might ask; Fusion.py is a Discord.py fork that has most of the good features from most of the big Discor

Senarc Studios 5 Apr 19, 2022
send sms via grafana alert webhook

notifier fire alarm What does this project do: the aim of this project is to send alarm notification from grafana alert manager via kavenegar api. sta

Ali Soltani 4 Oct 20, 2021
A discord bot that send SMS spam!

bruh-bot send spam sms! send spam with email! it sends you spam via sms and Email using two tools, quack and impulse! if you have some problem contact

pai 32 Dec 25, 2022
A liblary whre you can find helpful functions for your discord bot

DBotUtils A liblary whre you can find helpful functions for your discord bot Easy setup Setup is easily and flexible. Change anytime. After setup just

Kondek286 1 Nov 02, 2021
Stack Overflow Error Parser

A python tool that executes python files and opens respective Stack Overflow threads in browser for errors encountered.

Raghavendra Khare 3 Jul 24, 2022
Brute force instagram account / actonetor, 2021

Brute force instagram account / actonetor, 2021

actonetor 6 Nov 16, 2022
Host your Python Discord Bot 24/7 for free. POC

🐉 Pandore 🐉 The easiest and fastest way to host your Python3 Discord Bot 24/7 for free! 📚 Documentation 📚 If you encounter any problem while using

Billy 73 Jan 02, 2023
A wrapper to stream information from Twitter's Full-Archive Search Endpoint

A wrapper to stream information from Twitter's Full-Archive Search Endpoint. To exploit this library, one must have approved academic research access.

Daniela Pinto Veizaga 9 Nov 28, 2022