Splunk

Adding TheHive Case Data to Splunk

By Adrian in thehive_misp_cortex

June 14, 2020

TheHive dashboards, while they are great at showing data counts and displaying then as graphs, there is one feature that was lacking in that it cant display a data table of what those cases are. So while you can build a dashboard to get a snapshot of where your team is at, you can’t see what cases and task that are in play. While there is an open issue to add this functionality, I thought i’d try something a little different with TheHive to fill that gap, and export the case and task data into a Splunk kvstore and build it out that way.

Continue reading

Setting Up an ELK Stack

By Adrian in Projects

November 25, 2018

Splunk. Love it to bits, use it at work heaps, but sadly for personal use once you go past that 500Mb/day license requirement thats it, get your wallet out. This is where ELK comes into play. Being open source I thought i’d give it a crack. Here is my experience. I know there are plenty of guides online for this, but went through a bit of trial and error for my setup.

Continue reading

Search

Tags