Coder Social home page Coder Social logo

dkota1992 / thehivehooks Goto Github PK

View Code? Open in Web Editor NEW

This project forked from thehive-project/thehivehooks

0.0 1.0 0.0 20 KB

This is a python tool aiming to make using TheHive webhooks easier.

License: GNU Affero General Public License v3.0

Shell 2.01% Python 97.99%

thehivehooks's Introduction

Overview

This tool is designed as an entrypoint to users willing to consume TheHive's audit events using webhooks. It's a Flask web application that exposes a REST API to be declared in your TheHive's application.conf configuration file, and will receive all the changes made on TheHive side.

Once configured, users/developers need to define their custom event handlers, by writing some Python love.

Installation

First, start by closing the repository:

git clone https://github.com/TheHive-Project/TheHiveHooks.git

We recommend to use virtualenv for development:

  • Start by installing virtualenv if you don't have it
pip install virtualenv
  • Once installed access the project folder
cd TheHiveHooks
  • Create a virtual environment
virtualenv venv
  • Enable the virtual environment
source venv/bin/activate
  • Install the python dependencies on the virtual environment
pip install -r requirements.txt
  • Start the web application
./debug.sh

Once these steps are successfully done, the web application will start receiving the changes made on TheHive side, and you will see some default logs generated from the default handlers (just print the received events)

Write you own event handlers

Following is the list of events that can listened to:

  • AlertCreation
  • AlertUpdate
  • CaseArtifactCreation
  • CaseArtifactJobCreation
  • CaseArtifactJobUpdate
  • CaseArtifactJobUpdate
  • CaseArtifactUpdate
  • CaseCreation
  • CaseTaskCreation
  • CaseTaskLogCreation
  • CaseTaskUpdate
  • CaseUpdate

To add a new event handler, developers have to add methods to the thehive_hooks/handlers.py file.

A handler method is as simple as the Following bit of code:

@ee.on('CaseUpdate')
def caseClosed(event):
    if 'status' in event['details'] and event['details']['status'] == 'Resolved':
        app.logger.info('Case {} has been marked as resolved'.format(event['rootId']))

The sample above declare an event handler for CaseUpdate event. The code checks if the event is related to a case close action, and do some work (just logging a message in this case)

We can imaging an event handler that sends an email to some inbox once a case is closed.

Be creative, and enjoy.

thehivehooks's People

Contributors

nadouani avatar tnvo avatar cyberpescadito avatar to-om avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.