TheHive Trigger node
On this page, you'll find a list of events the TheHive Trigger node can respond to and links to more resources.
Otera provides two nodes for TheHive. Use this node (TheHive Trigger) if you want to use TheHive's version 3 or 4 API. If you want to use version 5, use TheHive 5 Trigger.
Events
- Alert
- Created
- Deleted
- Updated
- Case
- Created
- Deleted
- Updated
- Log
- Created
- Deleted
- Updated
- Observable
- Created
- Deleted
- Updated
- Task
- Created
- Deleted
- Updated
Related resources
Otera provides an app node for TheHive. You can find the node docs here.
Refer to TheHive's documentation for more information about the service:
Configure a webhook in TheHive
To configure the webhook for your TheHive instance:
-
Copy the testing and production webhook URLs from TheHive Trigger node.
-
Add the following lines to the
application.conffile. This is TheHive configuration file:notification.webhook.endpoints = [
{
name: TESTING_WEBHOOK_NAME
url: TESTING_WEBHOOK_URL
version: 0
wsConfig: {}
includedTheHiveOrganisations: ["ORGANIZATION_NAME"]
excludedTheHiveOrganisations: []
},
{
name: PRODUCTION_WEBHOOK_NAME
url: PRODUCTION_WEBHOOK_URL
version: 0
wsConfig: {}
includedTheHiveOrganisations: ["ORGANIZATION_NAME"]
excludedTheHiveOrganisations: []
}
] -
Replace
TESTING_WEBHOOK_URLandPRODUCTION_WEBHOOK_URLwith the URLs you copied in the previous step. -
Replace
TESTING_WEBHOOK_NAMEandPRODUCTION_WEBHOOK_NAMEwith your preferred endpoint names. -
Replace
ORGANIZATION_NAMEwith your organization name. -
Execute the following cURL command to enable notifications:
curl -XPUT -uTHEHIVE_USERNAME:THEHIVE_PASSWORD -H 'Content-type: application/json' THEHIVE_URL/api/config/organisation/notification -d '
{
"value": [
{
"delegate": false,
"trigger": { "name": "AnyEvent"},
"notifier": { "name": "webhook", "endpoint": "TESTING_WEBHOOK_NAME" }
},
{
"delegate": false,
"trigger": { "name": "AnyEvent"},
"notifier": { "name": "webhook", "endpoint": "PRODUCTION_WEBHOOK_NAME" }
}
]
}'