A few months ago, we released Synapse, our first “meta” alert feeder for TheHive in order to lower the burden of highly repetitive tasks on incident handlers. Thanks to a scalable and modular design, Synapse aims to make incident response easier by automating some of its tedious parts.
The first step towards this challenge was based on the integration of Microsoft Exchange with TheHive in Synapse 1.0.0. This way, user notifications pertaining to suspicious emails can be easily consumed and acted upon in TheHive.
Today, we are releasing version 1.1.0 which goes further by adding support for Microsoft Exchange O365 and the IBM QRadar SIEM.
Exchange O365
Theoretically, Exchange O365 was supposed to be functional in Synapse 1.0.0.
However, since we did not have an O365 account we could not fully test that feature. Thankfully with the help of one of our users we managed to solve a bug and finally validate the Exchange O365 integration.
For more details about Exchange and TheHive, have a look here.
IBM QRadar SIEM
Members of TheHive’s Core Team have practical experience with QRadar and we decided to make good use of it to the benefit of our fellow analysts.
With the Community Edition of QRadar in one hand and an instance of TheHive in the other, we managed to create alerts in TheHive out of QRadar offenses. Furthermore, when a case or alert related to a QRadar offense is closed in TheHive, it also closes it in QRadar automatically.
For more details about QRadar and TheHive, have a look here. Alternatively, you may also want to consider Pierre Barlet’s qradar2thehive script.
Send your Ideas our Way
With this 1.1.0 release, the list of integrated products with TheHive goes up to three: Exchange, Exchange O365 and QRadar. However, we don’t really have a plan regarding the next candidate for integration so tweet us at @TheHive_Project and tell us what you want!
TheHive Project 