Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jan 31 2019 21:52
    zpriddy edited #860
  • Jan 31 2019 21:52
    zpriddy opened #860
  • Jan 31 2019 20:47
    gregcopenhaver forked
    gregcopenhaver/TheHive
  • Jan 31 2019 14:03
    adl1995 opened #165
  • Jan 31 2019 13:56
    nadouani closed #769
  • Jan 31 2019 13:55

    nadouani on develop

    #769 Add a case template select… Merge branch 'feature/template-… #769 Add case template selector (compare)

  • Jan 31 2019 13:55
    nadouani commented #769
  • Jan 31 2019 13:54
    nadouani milestoned #769
  • Jan 30 2019 18:41
    amr-cossi opened #164
  • Jan 30 2019 16:21
    nadouani edited #271
  • Jan 30 2019 16:20

    nadouani on develop

    #271 Allow merging multiple ale… (compare)

  • Jan 30 2019 16:18

    To-om on develop

    #271 Update alert status when m… (compare)

  • Jan 30 2019 15:53

    To-om on develop

    #271 Add API to merge alert in … (compare)

  • Jan 30 2019 10:44
    nadouani closed #857
  • Jan 30 2019 10:44
    nadouani labeled #857
  • Jan 30 2019 10:44
    Xumeiquer commented #857
  • Jan 30 2019 10:30
    nadouani edited #271
  • Jan 30 2019 10:30
    nadouani edited #271
  • Jan 30 2019 10:30
    nadouani edited #271
  • Jan 30 2019 10:30
    nadouani edited #271
Kaan S. Karadag
@KaanSK

how do I purge all alerts from hive, any suggestions?

After 4.0.0 there is bulk removal function. You are selecting the alerts from UI and there should be a delete button on top left. If you want to do it programmatically (which I did) just use chrometools to identify the endpoint of bulk removal from that UI, get all alerts programmatically and provide this list to that API. I personally dont use thehive4py and reverse engineered majority of the endpoints.

Kaan S. Karadag
@KaanSK
anyone got multiple thehive 4 instances running in cluster mode? No matter what configuration I used, I just couldnt configure the akka cluster
Nic
@nicpenning
@vimtechnologies cool, yeah I can send you a sample JSON request to do that tomorrow.
vimtechnologies
@vimtechnologies
@nicpenning thanks a million
Andrea Cardaropoli
@andreacardaropoli
Is Cassandra the only storage supported by TheHive4?
garanews
@garanews
Cassandra is db
As storage can choose local file system or Hadoop
Ghost
@ghost~5fb93334d73408ce4ff49c3d
After upgrading to 4.0.2, i am no longer able to add CustomFields within CaseTemplates page. ...or I am not doing something right
Nic
@nicpenning
@vimtechnologies Here is an untested way, but you should be able to get the idea:
(Basically you need to have your artifact object composed of dataType, data, and message. Data is the filename, content-type, and a base64 encoding of the file. The code below shows how you can do that via PowerShell. Note: I was gather $contentType from the email attachments as I loaded them. I am not sure what value needs to be here.)
$theHiveApiURL = 'https://thehive.sample.org:9000/api/'
$theHiveApiURLAlert = $theHiveApiURL+'alert'
$headers=@{'Authorization'= 'Bearer '+ 'the_api_key_goes_here'}

function createTheHiveAlert{
    $alertArtifacts = @()
    $fileName = ''
    $contentType = ''
    $fileLocation = ''
    $b64File = ''

    $fileName = malicousFile.doc
    $contentType = $fileContentType
    $fileLocation = "C:\Users\Rigsby\Desktop\malicousFile.doc"
    $b64File = [Convert]::ToBase64String([IO.File]::ReadAllBytes($fileLocation))
    Write-Host "$fileName - $contentType added to alert artifacts"
    $alertArtifacts += [PSCustomObject]@{
        "dataType" = "file"
        "data" = "$fileName;$contentType;$b64File"
        "message" = "Attachment Found"
    }

    $alertObject = [PSCustomObject]@{
        "title" = "Malicious File Found"
        "type" = "test-alert"
        "description" = "Hello world"
        "source" = "Anti-Malware"
        "sourceRef" = $("test-alert - $(Get-Date -Format o)")
        "artifacts" = $alertArtifacts
    } | ConvertTo-JSON

    Write-Host 'Creating alert in The Hive!'
    #Create new Alert
    Invoke-RestMethod -Method POST -Headers $headers -Uri $theHiveApiURLAlert -Body $alertObject -ContentType "application/json"

}
Nabil Adouani
@nadouani

Hello everybody. We are more than 1k people here, with different levels of knowledge, with different type of issues and questions. Discussions on gitter is getting hard to follow, even for people who want to help answering questions.

Many community members asked few months ago for a move from Gitter, but we didn't have the bandwidth to work on that.

Today we want to make it real, and improve your experience with TheHive.

Please give your opinion about migrating to an official Discord community for TheHive Project: https://twitter.com/TheHive_Project/status/1330414838116474881

Have a good day

garanews
@garanews
Ping @milesflo :)
lafcabra
@lafcabra
chumpappleexchange
al3xj0su3
@al3xj0su3

Hey guys,

How do I upgrade the TheHive 4.0 to 4.2? I installed thehive4 through the RPM repository, but since it doesn't find any updates on the repo, what are my options? Is it necessary to build it? What alternatives do I have?

thank you for your time :)
garanews
@garanews
@al3xj0su3
1) you mean from 4.0.0 to 4.0.2 :)
2) if you read guide, https://github.com/TheHive-Project/TheHiveDocs/blob/master/installation/install-guide.md#rpm
you will see that the baseurl in /etc/yum.repos.d/thehive-project.repo is
https://rpm.thehive-project.org/release/noarch
(previously stable instead release)
so after modify that you can fetch last version with yum install thehive4
Nawarix
@Nawarix
hi all
Nawarix
@Nawarix
i'm new to hive btw great work !!! i'm trying to connect a local misp to our hive but max age filter isn't working i'm getting
filters:
max age: <not set>
garanews
@garanews
did you try max-age?
Nawarix
@Nawarix
yup
garanews
@garanews
this is The age of the last publish date
Nawarix
@Nawarix
sorry what i mean by not working, that i'm getting all the events
but anyway i'm suppose to get max age : 10 days from logs, right??
garanews
@garanews
if it is set I would say yes
let me see if I can do a fast try
Nawarix
@Nawarix
btw i'm using 4.0.2-1 but the same issue existed in 4.0.1
Ettatabe
@Ettatabe
Hey guys, I just installed thehive4.0.0-1 on a Debian system and the status is up and running on the backend but nothing's happening on the frontend when I go to http://YOUR_SERVER_ADDRESS:9000/. Any ideas how to see the login page on the front end?
al3xj0su3
@al3xj0su3
@garanews Thank you :)
I actually tried to open that url on my browser before (using 'release' instead of 'stable'), but the 403 error made me think I was replacing the word on the wrong resource. After replacing it on the repo it did the job, thank you again!
garanews
@garanews
@Nawarix in logs I confirm "not set" like you
but in my case seems to work
I put max-age = 1 min
and I have sync interval 10min, so I created an event, published it and it didn't return as alert in the hive
@al3xj0su3 you're welcome
jared jennings
@jaredjennings
@nawarix it looks like you wrote "max age" with a space but @garanews put max-age with a dash
lafcabra
@lafcabra
change
Nawarix
@Nawarix
@garanews let me get something, published means when the event shared or when it was sync to our instance???
@jaredjennings I wrote it max-age but the log wrote it max age without dash
garanews
@garanews
published means published
image.png
Nawarix
@Nawarix
@garanews I know, but what I noticed all the events I pulled from feeders have the same published date - the day I configured misp instance - that's why the hive imported 1300 events
I don't know if this a bug or intentional
WingerHusar
@WingerHusar
Hi everyone, I would like to connect my logstash with TheHive, is it possible ?
maximillian42
@maximillian42

Hi all,

Is it possible to create a responder to push/update event for a MISP Instance ?

garanews
@garanews
don't you like the export feature that publish case with observables from the hive to an event in misp with attributes?
maximillian42
@maximillian42
@garanews nop, I want this feature from another responder Trigger like a SIEM Elastic ?
beagnc
@beagnc
@WingerHusar me too! :)
Nic
@nicpenning
@Waltyon and @beagnc what's your use case?
Clinton Dsouza
@cvdsouza
Hi, I installed the latest stable release of theHive. Created a custom field and now trying to delete that field. however I keep getting this error
2020-11-24 21:19:12,348 [ERROR] from org.thp.scalligraph.utils.Retry in application-akka.actor.default-dispatcher-33 [000004c4|34859770] uncaught error, not retrying
org.thp.scalligraph.NotFoundError: CustomField reporting-type not found
at org.thp.scalligraph.services.VertexSrv.$anonfun$getOrFail$1(VertexSrv.scala:35)
at scala.Option.fold(Option.scala:251)
any idea what could be causing this error ? I raised an issue with full log details and a snapshot as well TheHive-Project/TheHive#1684
Nabil Adouani
@nadouani
Hello community, here you go https://blog.thehive-project.org/2020/11/25/thehive-projects-chat-has-a-new-home/
crackytsi
@crackytsi
Hi! Is there a different data format in ElasticSearch 5 compared to a elasticsearch 6 with migrated ES 5 data (not reindexed)? Or will all ES5 continue to work?