Skip to content

duomotomo/qradar-2-thehive-alert

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
conf
conf
 
 
objects
objects
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
smart_cloner.py
smart_cloner.py
 
 

Repository files navigation

What is it?

the script is getting offenses from QRadar, creating Alerts for TheHive and importing them.

How to run script

update config file (conf/smartclonner.conf) by your values
launch smart_clonner.py. You could run script inside crontab also.

Parameters

TheHive - related:

url - URL to TheHive instance (for ex. http://172.20.1.5:9000)
user - TheHive user used to connect to the TheHive(for ex. quser)
api_key = API key used to connect to the TheHive(for ex. = g1p5xYJiT/rAqsdf98fTdfsBa620Zypu)

QRadar - related:

server = IP address of the QRAdar server( for ex. 172.16.0.1)
auth_token = API key configured on QRAdar used to gather information about Offences (for ex. f598c71e-a7b8-44fc-9116-51a5dsdf2e1)

How this script differs from Pierre BARLET (https://github.com/pierrebarlet/qradar2thehive) work?

qradar2thehive script creates Cases with static task list while our script creates Alerts that you could turn into Cases with any templates you want.

About

Scripts to push IBM QRadar events to TheHive IRP

Resources

Readme
Activity

Stars

7 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages