graylog2thehive

Create alerts in The Hive from your Graylog alerts, to be turned into Hive cases.

Simple Python flask app that runs as a web server, and accepts POST requests from your Graylog notifications.

git clone https://github.com/ReconInfoSec/graylog2thehive.git /opt/graylog2thehive

Get up and running:

Configure SSL certificate paths in app.py, or remove all context lines if not using SSL
Copy init.d/graylog2thehive.service to /etc/systemd/system/graylog2thehive.service
Set your Hive API key in /etc/systemd/system/graylog2thehive.service for the HIVE_SECRET_KEY
Set your Hive and Graylog URLs in config.py
Optional: app/__init__.py, configure any other IP, hash, URL, or filename fields in place of src_ip and dst_ip to include them as artifacts/observables in your alert

pip install -r requirements.txt
cp init.d/graylog2thehive.service /etc/systemd/system/graylog2thehive.service
systemctl enable graylog2thehive
systemctl start graylog2thehive

Runs at https://0.0.0.0:5000, accepts POST requests
- Point your Graylog Legacy Alarm Callback to https://[YOURSERVER].com:5000/create_alert
- Point your Graylog HTTP Notification to https://[YOURSERVER].com:5000/create_alert_http

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

app

app

init.d

init.d

README.md

README.md

app.py

app.py

config.py

config.py

requirements.txt

requirements.txt

Repository files navigation

graylog2thehive

About

Releases

Packages

Languages

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
app		app
init.d		init.d
README.md		README.md
app.py		app.py
config.py		config.py
requirements.txt		requirements.txt

ReconInfoSec/graylog2thehive

Folders and files

Latest commit

History

Repository files navigation

graylog2thehive

About

Topics

Resources

Stars

Watchers

Forks

Languages