https://community.splunk.com/t5/Getting-Data-In/How-to-send-data-from-Splunk-to-quot-TheHive-quot-ticketing-tool/m-p/292222#M55681 <P>Thanks for some valuable information. </P> <P>To integrate I mean to send data from Splunk to hive and auto incident to be created when any alert triggers. </P> Wed, 05 Jul 2017 06:28:31 GMT bagarwal 2017-07-05T06:28:31Z https://community.splunk.com/t5/Getting-Data-In/How-to-send-data-from-Splunk-to-quot-TheHive-quot-ticketing-tool/m-p/292220#M55679 <P>Hello Everyone, </P> <P>I am working to integrate "TheHive" i.e. ticketing tool like Demisto with Splunk. I searched in SplunkBase but there is no app available for TheHive. </P> <P>Can anyone please guide me how I can start with integration or steps need to follow. </P> <P>Many thanks in advance. </P> <P>Regards<BR /> Binay Agarwal </P> Fri, 30 Jun 2017 06:15:15 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-send-data-from-Splunk-to-quot-TheHive-quot-ticketing-tool/m-p/292220#M55679 bagarwal 2017-06-30T06:15:15Z https://community.splunk.com/t5/Getting-Data-In/How-to-send-data-from-Splunk-to-quot-TheHive-quot-ticketing-tool/m-p/292221#M55680 <P>I don't use TheHive (and never heard of it before), but some ideas...</P> <P>First, when you say integrate, do you mean send alerts to hive from splunk? Or bring data from hive into splunk for analysis? Or both?</P> <P>If alerting, it depends on what hive offeres. For example, if there is an API then maybe you can use a <A href="http://docs.splunk.com/Documentation/Splunk/latest/Alert/Webhooks">webhook</A>. Or if not, but there is someway to automate it, then you could <A href="http://docs.splunk.com/Documentation/Splunk/latest/Alert/Runscriptaction">run a script</A> when an alert fires (or an eqivalent custom action). I did find <A href="https://github.com/CERT-BDF/TheHive4py">this</A> referenced on their site which seems like it might be a good option.</P> <P>For analysis, same question but the other way. Do they allow you to get data out of it? Maybe via an API? or is the data stored in database that you can get access to (in which case use dbconnect). Etc. At that point, just use splunk normally to get at the data.</P> Fri, 30 Jun 2017 15:46:00 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-send-data-from-Splunk-to-quot-TheHive-quot-ticketing-tool/m-p/292221#M55680 maciep 2017-06-30T15:46:00Z https://community.splunk.com/t5/Getting-Data-In/How-to-send-data-from-Splunk-to-quot-TheHive-quot-ticketing-tool/m-p/292222#M55681 <P>Thanks for some valuable information. </P> <P>To integrate I mean to send data from Splunk to hive and auto incident to be created when any alert triggers. </P> Wed, 05 Jul 2017 06:28:31 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-send-data-from-Splunk-to-quot-TheHive-quot-ticketing-tool/m-p/292222#M55681 bagarwal 2017-07-05T06:28:31Z https://community.splunk.com/t5/Getting-Data-In/How-to-send-data-from-Splunk-to-quot-TheHive-quot-ticketing-tool/m-p/292223#M55682 <P>To create alerts in the hive based on Splunk searches you may have a look st <A href="https://github.com/remg427/misp42splunk">https://github.com/remg427/misp42splunk</A><BR /> Although meant to pull and push attributes in MISP you can easily connect to TH</P> Tue, 30 Jan 2018 22:16:52 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-send-data-from-Splunk-to-quot-TheHive-quot-ticketing-tool/m-p/292223#M55682 remiseguy 2018-01-30T22:16:52Z https://community.splunk.com/t5/Getting-Data-In/How-to-send-data-from-Splunk-to-quot-TheHive-quot-ticketing-tool/m-p/599790#M104581 <P>Any brand new improvements on the entagration of splunk and the hive ??&nbsp;</P> Tue, 31 May 2022 05:12:43 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-send-data-from-Splunk-to-quot-TheHive-quot-ticketing-tool/m-p/599790#M104581 Jaseemin 2022-05-31T05:12:43Z