And now, for the first time, you can send alerts via action from ArcSight ESM Console to the TheHive when Correlation Rules are triggered.

Related tags

Third-party APIs WrappersArcSight-TheHive-Alert
Overview

ArcSight Integration with TheHive

And now, for the first time, you can send alerts via action from ArcSight ESM Console to the TheHive when Correlation Rules are triggered.

All actions taken on a SIEM to enhance its functionalities are in line with the goal of being able to send the alerts and results of all detected incidents centrally to an Incident Response platform. One of the best Incident Response platforms is the TheHive. As you know, Some Add-ons have already been developed to integrate TheHive with Splunk Enterprise, but there was no way to integrate TheHive with ArcSight ESM. Here you can find a general and extensible script that can be used as an execution command in ArcSight ESM, you can send the results of the triggered correlation rules to the TheHive platform in the form of an Alert.

Quick Start

In this section, a brief explanation of how to use and function of this script is provided.

Pre-Requirements

Knowledge

For using this python script you must be completely proficient in the functionality of the ArcSight ESM Execution Command Resource and the structure of the CEF log format. Also, you must be familiar with the functionalities of the TheHive and TheHive4Py.

Creating Custom Fields

At the first, login to the ArcSight Console and Find the Rule resource that you want to add an action with the type of Command Execution. Related to the all fields of correlation events, you must add the Custom Fields in the Thehive. All types of fields(string, boolean, integer, date) must be defined in the custom fields.

Configuration the script file

Edit the sample-makealert.py file and put the IP address or Hostname of Thehive server. Also, put the API key Insert all fields name of correlation events in the custom fields helper section. Save and exit. Place the script file in the appropriate path on the ArcSight server.

Add command execution as action

In the ArcSight Console, add an action as a command execution. Add below command /usr/bin/python3 <Path_of_script_file>/makealert.py Add all fields name as a variable type in the parameter section. Save and Apply.

Owner
Amir Hossein Zargaran
SOC the Next-Gen Architect & Open-Source SIEM and related tools implementor and deployer
Amir Hossein Zargaran
GitHub Repository
E-Commerce Telegram Bot for UCA Students

ucaStudentStore To buy from and sell to other students Features Register the first time, after that you will always be recognised You can login either

Shukur Sabzaliev 5 Jun 26, 2022
DDoS Script (DDoS Panel) with Multiple Bypass ( Cloudflare UAM,CAPTCHA,BFM,NOSEC / DDoS Guard / Google Shield / V Shield / Amazon / etc.. )

KARMA DDoS DDoS Script (DDoS Panel) with Multiple Bypass ( Cloudflare UAM,CAPTCHA,BFM,NOSEC / DDoS Guard / Google Shield / V Shield / Amazon / etc.. )

Hyuk 256 Jan 02, 2023
A bot for Large Fry Larrys

GroupMe Bot Driver This driver is written entirely in Python, and with easy configuration in mind. Using this driver, you'll be able to monitor multip

1 Oct 25, 2021
A simple google translator telegram bot version 2

Translator-Bot-V2 A simple google translator telegram bot version 2 Made with Python3 (C) @FayasNoushad Copyright permission under MIT License License

Fayas Noushad 15 Oct 21, 2022
Allows you to easily share bookmarks from Raindrop.io in Telegram chats.

Allows you to easily share bookmarks from Raindrop.io in Telegram chats. As well as save links/photos/longreads from Telegram right into Raindrop.io. Join us, we have a nice 'reader mode' :)

Oleh 36 Dec 19, 2022
Ini Hanya Shortcut Untuk Menambahkan Kunci Tambahan Pada Termux & Membantu Para Nub Yang Decode Script Orang:v

Ini Hanya Shortcut Untuk Menambahkan Kunci Tambahan Pada Termux & Membantu Para Nub Yang Decode Script Orang:v

Lord_Ammar 1 Jan 23, 2022
A Discord Rich Presence App to set your own custom rich presence.

discord-rich-presence A Discord Rich Presence App to set your own custom rich presence. #BUILDS Ready to use package are available inside "finalpackag

1 Nov 22, 2021
The Most advanced and User-Friendly Google Collab NoteBook to download Torrent directly to Google Drive with File or Magnet Link support and with added protection of Timeout Preventer.

Torrent To Google Drive (UI Added! 😊 ) A Simple and User-Friendly Google Collab Notebook with UI to download Torrent to Google Drive using (.Torrent)

Dr.Caduceus 33 Aug 16, 2022
Python client for Midea dhumidifier

This is a library that allows communication with Midea dehumidifier appliances via the local area network. midea-beautiful-dehumidifier This library a

Nenad Bogojevic 42 Dec 22, 2022
A python script that changes our background based on current weather and time of the day.

Desktop background on Windows 10, based on current weather and time A python script that changes our background based on current weather and time of t

Maj Gaberőček 1 Nov 16, 2021
A bot written in python that send prefilled Google Forms. It supports multithreading for faster execution time.

GoogleFormsBot https://flassy.xyz https://github.com/Shawey/GoogleFormsBot Requirements: os (Default) ast (Default) threading (Default) configparser (

Shawey 1 Jul 10, 2022
Group Management Bot

❀️ π—¦π—›π—”π——π—œπ—¬π—’ ❀️ A Powerful, Smart And Advance Group Manager ... Written with AioGram , Pyrogram and Telethon... ⭐️ Thanks to everyone who starred

Abdisamad Omar Mohamed 4 Dec 01, 2021
GUI Pancakeswap2 and Uniswap3 trading client (and bot)

GUI Pancakeswap2 and Uniswap3 trading client (and bot) (MOST ADVANCE TRADING BOT SUPPORT WINDOWS LINUX MAC) (AUTO BUY TOKEN ON LUNCH AFTER ADD LIQUIDI

16 Dec 23, 2021
Telegram Group Calls Streaming bot with some useful features, written in Python with Pyrogram and Py-Tgcalls. Supporting platforms like Youtube, Spotify, Resso, AppleMusic, Soundcloud and M3u8 Links.

Yukki Music Bot Yukki Music Bot is a Powerful Telegram Music+Video Bot written in Python using Pyrogram and Py-Tgcalls by which you can stream songs,

Team Yukki 996 Dec 28, 2022
Bavera is an extensive and extendable Python 3.x library for the Discord API

Bavera is an extensive and extendable Python 3.x library for the Discord API. Bavera boasts the following major features: Expressive, functiona

Bavera 1 Nov 17, 2021
A discord webhook client written in Python.

DiscordWebhook A discord webhook client written in Python. Installation pip install webhook-client Example from webhook_client import WebhookClient, E

Elijah 4 Nov 28, 2022
πŸ” Google Search unofficial API for Python with no external dependencies

Python Google Search API Unofficial Google Search API for Python. It uses web scraping in the background and is compatible with both Python 2 and 3. W

Avi Aryan 204 Dec 28, 2022
Kali Kush - Account Nuker Tool

Kali Kush - Account Nuker Tool This is a discord tool made by me, and SSL :) antho#1731 How to use? pip3 install -r requirements.txt -py kalikush.py -

ryan 3 Dec 21, 2021
Actively maintained, pure Python wrapper for the Twitter API. Supports both normal and streaming Twitter APIs.

Twython Twython is a Python library providing an easy way to access Twitter data. Supports Python 3. It's been battle tested by companies, educational

Ryan McGrath 1.9k Jan 02, 2023
Automatically Edits Videos and Uploads to Tiktok with 1 line of code.

TiktokAutoUploader - Open to code contributions Automatically Edits Videos and Uploads to Tiktok with 1 line of code. Setup pip install -r requirement

Michael Peres 199 Dec 27, 2022