Jeremy Kerwin

NW Respond integration with TheHive

Discussion created by Jeremy Kerwin on Jul 19, 2020
Latest reply on Jul 20, 2020 by Jeremy Kerwin

I use the TheHive - https://thehive-project.org/  as our Incident Case management tool of choice. I've started the investigation process of integrating NetWitness and the TheHive together for alerts and recording of incident response investigation cases.

 

I thought before I go down the rabbit hole, I'll ask to see if anyone else has done this and if they have what capability they got, if there were any gotcha's etc.

 

TheHive has a pretty capable API and utilises Webhooks as well, I was thinking I'd like to be able to synchronise alerts and incidents between the two tools so if an alert is generated in NW it gets created in TheHive, or if an alert is dismissed in TheHive, it then gets dismissed in NetWitness. The same going with incidents as well.

 

I'm sure I'd be able to script something together, is the NW API for Respond capable of these sorts of things?

Outcomes