TheHive Project

I'm thrilled to introduce a new feature from PurpleLab : The PurpleLab Analyzer for TheHive Project and Cortex. 🚀🔍 This latest integration enhances incident response by automating the detonation of observables on your PurpleLab VM directly from TheHive cases. This means you can now streamline your SOC workflows and improve threat analysis with ease. 💼🔒 For more details, check out the GitHub repository: https://lnkd.in/encyFN33 And don't forget to explore the main PurpleLab project : https://lnkd.in/etc2qAnN Here's a video demo of the new feature #PurpleLab #SOC #CyberSecurity #TheHive #Cortex #Automation #ThreatAnalysis #SIEM #SigmaRules

🎉 This week, we had a special date to celebrate! It marks the 10th anniversary of the first commit for TheHive.  🚀 A decade of innovation, collaboration, and dedication to advancing security incident response solutions. Happy Birthday to TheHive. 🎂 Reflecting on the past ten years, #TheHive began as a private project in 2014 and became open source in 2016. Since then, it has evolved into a stronger, enterprise-ready solution powered by our users' needs. Thanks to our incredible team, our users, and loyal supporters. You've fueled our journey over the years and helped shape TheHive into what it is today. Here's to another ten years of growth and making an impact. 🥳 #StrangeBee #SecuritySolutions #IncidentResponse

🎉 Hoje é o meu aniversário e eu quero começá-lo com vocês, compartilhando um pouco do que eu gosto de fazer, divulgação sobre #opensource... 🔄 Voltando ao mundo #SOC, hoje, vamos explorar o #Cortex, uma ferramenta que você pode adicionar ao seu ecossistema sem custo... 🧠 Cortex é uma ferramenta de #códigoaberto mantida pela StrangeBee para fornecer capacidades avançadas de análise e resposta automatizada em ambientes de #segurançacibernética. 🤖 As principais funcionalidades do Cortex incluem: -Orquestração de análise e resposta - #Multitenancy - Enriquecimento de dados -Automatização de tarefas de #segurança 🚀 Ao integrar o Cortex junto com TheHive Project em seu SOC, você pode acelerar significativamente a detecção e resposta a ameaças cibernéticas. 👉 Dica: A Atricore já possui um SOC super completo de código aberto, que inclui ferramentas como The Hive, Cortex, MISP (MISP Project (@misp@misp-community.org ), o #SIEM do Wazuh, Inc. e seu próprio #SOAR! 👋 Se você quiser receber mais informações, deixe-nos saber nos comentários, até a próxima, pessoal!

Security Case Management: How to choose a platform that aligns with your company's needs

🚀 Excited to Share: Building a Fully Automated SOC Home Lab for Detection and Response 🚀 Recently, I embarked on a thrilling journey to create a cutting-edge SOC automation project aimed at enhancing detection and response capabilities. Leveraging open-source tools like Wazuh, Shuffle, and TheHive, I meticulously crafted a comprehensive environment tailored for robust cybersecurity operations. My approach involved setting up a Windows 10 machine on VirtualBox to host Sysmon, a powerful tool for monitoring system activity. Additionally, I utilized DigitalOcean's trial version to deploy the Wazuh, Inc. server, enabling centralized alert management and analysis. To generate telemetry data, I executed Mimikatz in PowerShell on the Windows VM, leveraging Sysmon to relay telemetry to the Wazuh manager. Configuring Wazuh to receive alerts from endpoint agents was critical for establishing a robust detection framework. Upon receiving alerts, Shuffle, acting as a Security Orchestration, Automation, and Response (SOAR) tool, sprang into action. It automatically enriched IOCs using VirusTotal integration and initiated communication with SOC analysts, soliciting their input on appropriate response measures. Simultaneously, Shuffle seamlessly interfaced with TheHive Project, facilitating the creation of incident response cases for meticulous documentation and analysis. This integration streamlined collaboration among SOC team members, fostering synergy in addressing security incidents. Empowering SOC analysts to choose their preferred course of action, Shuffle served as a centralized hub for orchestrating response activities. Once analysts determined the appropriate response, Shuffle communicated instructions to the Wazuh agent via the Wazuh manager, orchestrating timely remediation efforts. This endeavor underscores the pivotal role of automation in fortifying cybersecurity postures. By automating routine tasks and response procedures, organizations can bolster their resilience against evolving cyber threats while optimizing resource utilization and response times. In conclusion, the successful implementation of this fully automated SOC home lab represents a significant milestone in advancing cybersecurity capabilities. Moving forward, I remain committed to exploring innovative strategies and technologies to further enhance threat detection, response, and mitigation efforts in the ever-evolving landscape of cybersecurity. I have tried to document the process at https://lnkd.in/dDXcaase #Cybersecurity #SOC #Automation #IncidentResponse #ThreatDetection #TheHive #Wazuh #Shuffle #CyberDefense #SecurityAutomation #VirusTotal #Sysmon #DigitalOcean

We've got good news if your team uses #ONYPHE with TheHive Project and Cortex. We've released not one, not two but three new Cortex analyzers for integrating ONYPHE data with The Hive ⭐ ⭐ ⭐ 🔎 ONYPHE_Search : get full ONYPHE scan data from within a case 🔥 ONYPHE_Vulnscan : leverage the vulnscan category to display known critical CVEs* 📊 ONYPHE_ASM : use observables to manage your attack surface** They are open source, and available now on the Cortex-Analyzers github Github link => https://lnkd.in/gmfeirCw Find out more here : ONYPHE write-up => https://lnkd.in/gZEitgZ7 Thanks to StrangeBee for your tech support 🙏 #ASM #SIRP #attacksurfacemanagement * Vulnscan category requires an Eagle View licence or higher ** Riskscan (ASM) category requires a Griffin View licence or higher Pricing info => https://lnkd.in/exNYd_qy

⚡ Let's take a closer look at our SIEM/SOC solution and discover three reasons why having this tool is indispensable for your business… ❓ Why SIEM/SOC Implementation? 🔐 Integrating a #SOC with Wazuh, Inc.'s #SIEM as the central tool provides your company with a comprehensive dashboard for monitoring and managing security efficiently. Here are some benefits of having a SIEM/ SOC in your company: 1️⃣ Real-time Threat Detection: A SIEM system allows for real-time monitoring of security events, enabling swift detection of potential #threats. By analyzing logs and data in real-time, your company can respond promptly to mitigate #risks and prevent security breaches. 2️⃣ Centralized Security Management: With a SIEM, all security-related information is centralized in one dashboard. This facilitates streamlined management, making it easier for your team to track and respond to security incidents, ensuring a more organized and effective approach to #cybersecurity. 3️⃣ #Compliance and Reporting: SOC solutions assist in meeting regulatory compliance requirements by providing detailed logs and #reports, helping them demonstrate adherence to security standards and regulations. 💪 Enhancements with Open Source Tools: ➡ Our SIEM/SOC implementation goes beyond the basics by incorporating additional open-source tools, each offering unique benefits: 📌 #Suricata: Enhances network security through high-performance Network #IDS, #IPS, and Network Security Monitoring (NSM). 📌MITRE ATT&CK : Provides a framework for organizing and sharing #cyberthreat intelligence, improving overall #threatdetection and response. 📌#Snort : A powerful IDS/IPS tool that detects and prevents network intrusions. 📌#GRR (Google Rapid Response): Enables fast incident response and remote live forensics. 📌TheHive Project : Collaborative incident response and case management for investigations. 🔥 If you want to receive further information about SIEM/SOC Implementation, just DM us, and we'll send you our latest and detailed document right away!