TheHive Project

Details
Content
Dependencies
Version History

Provides an integration, incident type and layout for use with TheHive Project.

TheHive Project is an open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.

What does this pack do?

It supports different methods to store data, files, and indexes according to the user needs.

Pack Contributors:

Adam Burt

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

What does this pack do?

It supports different methods to store data, files, and indexes according to the user needs.

Pack Contributors:

Adam Burt

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Classifiers

Name	Description
TheHive - Classifier	Default classifier for TheHive Project cases
TheHive - Outgoing Mapper	Default outbound mapping for TheHive Project cases.
TheHive - Incoming Mapper	Default incoming mapper for TheHive Project cases

Incident Fields

Name	Description
TheHive Case TLP
TheHive Case Status
TheHive Case Resolution Status
TheHive Flag
TheHive Observables
TheHive Tasks
TheHive Case Summary
TheHive Case PAP

Incident Types

Name	Description
TheHive

Integrations

Name	Description
TheHive Project	Integration with The Hive Project Security Incident Response Platform.

Layouts

Name	Description
TheHive layout (custom)

Classifiers

Name	Description
TheHive - Classifier	Default classifier for TheHive Project cases
TheHive - Incoming Mapper	Default incoming mapper for TheHive Project cases
TheHive - Outgoing Mapper	Default outbound mapping for TheHive Project cases.

Incident Fields

Name	Description
TheHive Flag
TheHive Case TLP
TheHive Case Summary
TheHive Case Status
TheHive Observables
TheHive Case Resolution Status
TheHive Case PAP
TheHive Tasks

Incident Types

Name	Description
TheHive

Integrations

Name	Description
TheHive Project	Integration with The Hive Project Security Incident Response Platform.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (2)

Pack Name	Pack By
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.1.20 - R6950398 (November 21, 2023)

Integrations

Fixed an issue with fetch-incidents command that cases fetch were stopped.
Added support for Look back in fetch-incidents command.
Updated the Docker image to: demisto/python3:3.10.13.80014.

Related pull requests:
- 30471

Download

1.1.19 - R6834680 (November 8, 2023)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.13.78960.

Related pull requests:
- 30634

Download

1.1.18 - 6226805 (September 3, 2023)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.13.72123.
Fixed an issue in thehive-update-case command where the severity argument was sent incorrectly.

Related pull requests:
- 29379

Download

1.1.17 - R5866730 (July 25, 2023)

Integrations

TheHive Project

Added the API Key integration parameters to support credentials fetching object.
Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27463

Download

1.1.16 - R5170573 (May 2, 2023)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.10.48392.
Removed mirroring parameters from cortex XSIAM.

Related pull requests:
- 24220

Download

1.1.15 - R4646022 (February 19, 2023)

Layouts

New: TheHive layout (custom)
This item is no longer supported in XSIAM.

Related pull requests:
- 24221

Download

1.1.14 - R4085738 (November 22, 2022)

Integrations

TheHive Project

Added the fetch_closed parameter to be able to fetch closed cases.
Updated the Docker image to: demisto/python3:3.10.6.33415.

Related pull requests:
- 20331

Download

1.1.13 - 3343460 (July 27, 2022)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.5.31928.

Related pull requests:
- 20247

Download

1.1.12 - 3243583 (July 11, 2022)

Integrations

TheHive Project

Removed excessive error traceback printing.
Updated the Docker image to: demisto/python3:3.10.5.31797.

Related pull requests:
- 19659

Download

1.1.11 - 2962208 (May 22, 2022)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.4.29342.

Download

1.1.10 - 2830268 (April 27, 2022)

Integrations

TheHive Project

Fixed an issue in thehive-create-case and thehive-update-case commands where the tags argument was not parsed correctly.

Download

1.1.9 - 2674843 (March 30, 2022)

Integrations

TheHive Project

Added type validations and other internal code improvements.

Download

1.1.8 - 2589896 (March 16, 2022)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.1.26972.

Download

1.1.7 - 2347248 (February 2, 2022)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.1.25933.

Download

1.1.6 - 2183875 (December 30, 2021)

Incident Fields

TheHive Case Resolution Status
- Maintenance and stability enhancements.

Download

1.1.5 - R2146019 (December 21, 2021)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.9.8.24399.

Download

1.1.4 - R2009340 (November 25, 2021)

Incident Fields

TheHive Case PAP
- Maintenance and stability enhancements.
TheHive Observables
- Maintenance and stability enhancements.

Download

1.1.3 - 1793249 (October 14, 2021)

Integrations

TheHive Project

Documentation and metadata improvements.

Download

1.1.2 - 7740378 (September 23, 2021)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.9.7.24076.
Moved the Pack to Cortex XSOAR support instead of community support.

Download

1.1.1 - 349609 (May 8, 2021)

Integrations

TheHive Project

Maintenance and stability enhancements.
Updated the Docker image to: demisto/python3:3.9.4.19537.

Download

1.1.0 - 323432 (April 8, 2021)

Integrations

TheHive Project

Added support for the get-modified-remote-data command.
Updated the Docker image to: demisto/python3:3.9.2.18414.

Incident Fields

TheHive Observables

The field is editable.

TheHive Tasks

The field is editable.

Download

1.0.0 - 322974 (March 30, 2021)

Provides an integration, incident type and layout for use with TheHive Project.

Download

PUBLISHER

aburt-demisto

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	March 30, 2021
Last Release	November 21, 2023

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.