TheHive

Mobile alerting with tracking & escalation for TheHive

signl4-thehive

 Why SIGNL4

TheHive is a scalable, cloud-based or on-premise Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform). It is designed to makes life easier for SOCs, CSIRTs, CERTs and any information security practitioner when dealing with security incidents that need to be investigated and acted upon swiftly.

SIGNL4 extends TheHive and adds app-based mobile alerting and incident response including push, SMS text, voice calls, escalations and collaboration. The integrated duty planning helps you to schedule your team’s on-call duties and allows you to see who is on duty at any given time.

 How it Works

TheHive uses webhooks to submit alert information to SIGNL4. You can simply configure it by entering your SIGNL4 webhook URL including team secret. Specifically the integration helps you with the following.

  • Forwards TheHive events to SIGNL4 for mobile alerting
  • Uses Webhook or SMTP email to connect to your SIGNL4 team
  • Staff can acknowledge and take ownership for critical events that occur
  • Communicate within an alert to address a particular problem
  • Alerts are escalated in case of no response
  • On-call scheduling to alert the right people at the right time

 Scenarios

  • 24×7 SecOps with on-call staff
  • Critical SecOps Alerting
  • Customer service hotline
  • Anywhere critical incidence response
  • On-call scheduling of IT / network teams

Benefits

  • Significantly shorter response times for security incidents, thus shorter mean time to repair (MTTR)
  • Ensures attention for critical alerts and minimizes false alerts
  • Clear responsibilities and transparent ownership of security incidents
  • Collaboration with team members when assistance is needed
FS_neu_2

Alerts in TheHive are sent to SIGNL4 via HTTP request

Event categorization, routing and automated delivery

Persistent Notifications by push, text and voice call with Tracking, Escalation and Confirmation to Staff on Duty

HOW TO INTEGRATE

In the TheHive web portal log in as a user to configure SIGNL4 alerting.

TheHive-Endpoints

In the user portal under Organization -> Endpoints you can create a new Webhook endpoint and use the SIGNL4 webhook URL.

https://connect.signl4.com/webhook/{team-secret}

Here, {team-secret} is your SIGNL4 team secret.

TheHive-Notifications

Now, under Organization -> Notifications you can create a new Notification. Under Notifiers select your SIGNL4 webhook endpoint and as Trigger select what is suitable for your scenario, e.g. “AnyEvent” or “AlertCreated”.

That’s it. Now your SIGNL4 team gets notified when there is a new event or alert available in TheHive.

TheHive-n8n

If you would like to have a deeper integration, e.g. two-way, certain formatting, etc. you might want to use a no-code platform like n8n for integrating SIGNL4 with TheHive. You can find a sample workflow here.

 

ALERT OPTIMIZATION
SIGNL4 can further increase the visibility of alerts through its Signals and Services section. Augmenting the color and icon of alerts will provide more relevant information at a glance without having to open the alert.

alertoptimization

Change alert color and override title + text 

Override text, colors and titles are triggered by keywords set within the mobile app.

Related Integrations

AppGyver

IoT

Arduino

IoT

AT&T IoT Platform

IoT

AWS IoT Button

IoT

Axonize (now Platon)

IoT

Building Management Systems

IoT

Camunda BPM

IoT

CloudFit

IoT

Crosser

Industry 4.0 / IoT

Cumulocity from Software AG

Industry 4.0 / IoT

Datacake

IoT

elastic.io

IoT / IT Ops

ELEMENT IoT

IoT

Flic

IoT

Gimasi Service Button

IoT

Hilscher

Industry 4.0 / IoT

ifm IO-Link

Industry 4.0 / IoT

IXON Cloud

IoT

Kaa IoT

IoT

Losant

IoT

Melrose Labs SMS

Industry 4.0 / IoT

Azure IoT

IoT

n8n

IoT

Node-RED

IoT

Ready for a free 30-days trial?