The Hive trigger
TheHive is a scalable open-source and free security incident response platform.
Example Usage
This workflow allows you to receive updates when an event occurs in TheHive. You can also find the workflow on the website. This example usage workflow would use the following node.
1. TheHive Trigger node
This node will trigger the workflow whenever a new event occurs in TheHive. To trigger the workflow for a specific event, select that event instead.
- First of all, you'll have to add the webhook URL in TheHive instance configuration. Refer to the FAQs to learn how to configure a webhook in TheHive.
- Select the
*from the Events dropdown list. This will trigger the workflow for all the events. - Click on Save to run the node.
!!! note "Activate workflow for production" You'll need to save the workflow and then click on the Activate toggle on the top right of the screen to activate the workflow. Your workflow will then be triggered as specified by the settings in the TheHive Trigger node.
FAQs
How to configure a Webhook in TheHive?
To configure the webhook for your TheHive instance follow the steps mentioned below.
- Copy the webhook URL from TheHive Trigger node.
- Add the following lines to the application.conf file. This is TheHive configuration file.
notification.webhook.endpoints = [
{
name: WEBHOOK_NAME
url: WEBHOOK_URL
version: 0
wsConfig: {}
includedTheHiveOrganisations: ["ORGANIZATION_NAME"]
excludedTheHiveOrganisations: []
}
]
- Replace
WEBHOOK_URLwith the URL you copied in the previous step. - Replace
ORGANIZATION_NAMEwith your organization name. - Execute the following cURL command to enable notifications.
curl -XPUT -uTHEHIVE_USERNAME:THEHIVE_PASSWORD -H 'Content-type: application/json' THEHIVE_URL/api/config/organisation/notification -d '
{
"value": [
{
"delegate": false,
"trigger": { "name": "AnyEvent"},
"notifier": { "name": "webhook", "endpoint": "WEBHOOK_NAME" }
}
]
}'