TheHive

Mobile alerting with tracking & escalation for TheHive

signl4-thehive

 Why SIGNL4

TheHive is a scalable, cloud-based or on-premise Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform). It is designed to makes life easier for SOCs, CSIRTs, CERTs and any information security practitioner when dealing with security incidents that need to be investigated and acted upon swiftly.

SIGNL4 extends TheHive and adds app-based mobile alerting and incident response including push, SMS text, voice calls, escalations and collaboration. The integrated duty planning helps you to schedule your team’s on-call duties and allows you to see who is on duty at any given time.

 How it Works

TheHive uses webhooks to submit alert information to SIGNL4. You can simply configure it by entering your SIGNL4 webhook URL including team secret. Specifically the integration helps you with the following.

  • Forwards TheHive events to SIGNL4 for mobile alerting
  • Uses Webhook or SMTP email to connect to your SIGNL4 team
  • Staff can acknowledge and take ownership for critical events that occur
  • Communicate within an alert to address a particular problem
  • Alerts are escalated in case of no response
  • On-call scheduling to alert the right people at the right time

 Scenarios

  • 24×7 SecOps with on-call staff
  • Critical SecOps Alerting
  • Customer service hotline
  • Anywhere critical incidence response
  • On-call scheduling of IT / network teams

Benefits

  • Significantly shorter response times for security incidents, thus shorter mean time to repair (MTTR)
  • Ensures attention for critical alerts and minimizes false alerts
  • Clear responsibilities and transparent ownership of security incidents
  • Collaboration with team members when assistance is needed
FS_neu_2

Alerts in TheHive are sent to SIGNL4 via HTTP request

Event categorization, routing and automated delivery

Persistent Notifications by push, text and voice call with Tracking, Escalation and Confirmation to Staff on Duty

HOW TO INTEGRATE

In the TheHive web portal log in as a user to configure SIGNL4 alerting.

TheHive-Endpoints

In the user portal under Organization -> Endpoints you can create a new Webhook endpoint and use the SIGNL4 webhook URL.

https://connect.signl4.com/webhook/{team-secret}

Here, {team-secret} is your SIGNL4 team secret.

TheHive-Notifications

Now, under Organization -> Notifications you can create a new Notification. Under Notifiers select your SIGNL4 webhook endpoint and as Trigger select what is suitable for your scenario, e.g. “AnyEvent” or “AlertCreated”.

That’s it. Now your SIGNL4 team gets notified when there is a new event or alert available in TheHive.

TheHive-n8n

If you would like to have a deeper integration, e.g. two-way, certain formatting, etc. you might want to use a no-code platform like n8n for integrating SIGNL4 with TheHive. You can find a sample workflow here.

 

ALERT OPTIMIZATION
SIGNL4 can further increase the visibility of alerts through its Signals and Services section. Augmenting the color and icon of alerts will provide more relevant information at a glance without having to open the alert.

alertoptimization

Change alert color and override title + text 

Override text, colors and titles are triggered by keywords set within the mobile app.

Related Integrations

Camunda BPM

Business / IoT

Crosser

Industry 4.0 / IoT / IT Ops

Cumulocity

IoT

Datacake

IoT

ELEMENT IoT

Industry 4.0 / IoT

Flic

Business / IoT

GitHub Actions

IoT / IT Ops

Google IoT Core

Industry 4.0 / IoT

Healthchecks.io

IoT / IT Ops

IBM App Connect

IoT / IT Ops

Icinga2

IoT / IT Ops

ifm IO-Link

Industry 4.0 / IoT / production

InfluxDB

IoT / IT Ops

Instana

IoT / IT Ops

IXON Cloud

Industry 4.0 / IoT

Kaa IoT

Industry 4.0 / IoT

Kaseya

Business / Industry 4.0 / IoT

Elasticsearch / Kibana

IoT / IT Ops

Losant

Industry 4.0 / IoT

MariaDB

Industry 4.0 / IoT / IT Ops

Melrose Labs SMS

Industry 4.0 / IoT

MySQL

Industry 4.0 / IoT / IT Ops

Particle

Industry 4.0 / IoT

Perinet

Industry 4.0 / IoT

Ready for a free 30-days trial?