Majid Mortazavi
Reputation: 11
Create a task with observable in thehive 4 triggered by kibana
Description: I have a single node ELK 7 with some beats and endpoint (Linux and windows). So I have logs of some servers in ELK. Base on SOAR, I install TheHive, MISP and Cortex to implement SOAR. In Kibana rules are activated and some rules created. Two connectors in Kibana are created that both are connected to CASE and ALERT API of TheHive. Connectors has been tested and work correctly.
Question: I need to create case in TheHive with observable(s). After creating the case, a user or admin of TheHive just test observables by MISP and Cortex. I just can create case OR alert without observables. TheHive users and admins don't have access to ELK Stack.
Environment:
ELK Stack 7.17.25
TheHive 4.1.24
Upvotes: 0
Views: 75
Answers (0)
Related Questions
- How to display mysql table (data) on kibana in table format
- Kibana Logstash ElasticSearch | Unindexed fields cannot be searched
- Using REST API to create alerting rule in Kibana fails on 400 "Invalid action groups: default"
- How to use html in elastalert?
- Kibana shows only 1 servers logs among 2 servers sent via Logstash
- Kibana - Deleted filter reappears after switching dashboards
- Kibana discover no results found