In the last Elastic SIEM Presentation (11/21/2019), the presentation showed the integration with MISP... Is that the same MISP that is part of TheHive ?
AND
is there is there any consideration of having hooks in the SIEM to integrate with TheHive to handle case management ?
In the last Elastic SIEM Presentation (11/21/2019), the presentation showed the integration with MISP... Is that the same MISP that is part of TheHive ?
No, but we have a Filebeat MISP module, that you can use to ingest the threat intel data from MISP. Note that this module is available in the 7.5 release of Filebeat, which we expect early next week.
is there is there any consideration of having hooks in the SIEM to integrate with TheHive to handle case management ?
We do plan to have webhooks as actions in the future. In the meantime, you could use Watcher (paid feature) to implement the integration.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.