Skip to content

base shell

Jump to bottom
MBromiley edited this page May 16, 2019 · 1 revision

Pollen Logo

pollen has a command shell which allows you to interact with TheHive without having to leave the command line. The command shell is based off of Python's Cmd class, and is dynamic in that it changes as you move through cases and tasks. There are technically four different shells within pollen, I'll detail each below.

Accessing the pollen shell

To hop into pollen's command-shell, run the following:

python3 pollen.py -c

If you are greeted with a question to setup your configuration, please check out the configuration Wiki page first!

Navigation Notes

pollen is built on multiple shells that have situational-awareness. Meaning, you cannot add a task log without first being in a case and task command prompt! However, each shell has the following options:

  • back: Back to the previous shell
  • exit: Exit back to the previous shell
  • clear: Clear the screen (simply runs the Linux clear command)
  • All inputs will accept Ctrl+C to drop you back to the previous menu

basic shell

Your command prompt will look like: (pollen )

This is your basic command prompt, which means you're not in a case yet. However, from this shell, you have the following options:

case

The case option allows you to select a case from your current Hive instance and switch into that command-line for that case. After running case, you should be presented with your list of available cases and an option to select one. Here's an example:

(pollen) case
There are 3 open cases:
0 - Top-Secret Investigation!
1 - Ransomware Incident
2 - Internal JIRA Tickets
Case selection (0-2) [Ctrl+C to exit]:

Once you select a case, you will be dropped into the case-specific shell, and your prompt will reflect that change.

config

The config option allows you to enter the config mode, which displays statistics about TheHive as well as your currently-configured Server and API key details. You can also reconfigure these items from this menu. Your command prompt will change to reflect that you're in config mode.

See more on the configuration shell here.

newcase

The newcase option allows you to create a new case within TheHive. Pretty straightforward!

(At the moment, pollen only accepts title and description. Severity, TLP, and other details will be built-in shortly)

When you enter newcase, you'll receive prompts to input the case title and description. Here's a sample output:

(pollen) newcase
Let's create a new case! The next few steps will request some data from you. Hit Enter to accept any defaults:
Case Title: Sample Case Title
Case Description: Sample Case Description
Successfully created case Sample Case Title!

After case creation, you'll be dropped back into the (pollen) shell. You can navigate to your new case using the case command.

pollen wiki

Clone this wiki locally