In the last Elastic SIEM Presentation (11/21/2019), the presentation showed the integration with MISP... Is that the same MISP that is part of TheHive ?
AND
is there is there any consideration of having hooks in the SIEM to integrate with TheHive to handle case management ?
Thanks,
-dt
In the last Elastic SIEM Presentation (11/21/2019), the presentation showed the integration with MISP... Is that the same MISP that is part of TheHive ?
No, but we have a Filebeat MISP module, that you can use to ingest the threat intel data from MISP. Note that this module is available in the 7.5 release of Filebeat, which we expect early next week.
is there is there any consideration of having hooks in the SIEM to integrate with TheHive to handle case management ?
We do plan to have webhooks as actions in the future. In the meantime, you could use Watcher (paid feature) to implement the integration.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.