Create alerts in The Hive from your Graylog alerts, to be turned into Hive cases.
Simple Python flask app that runs as a web server, and accepts POST requests from your Graylog notifications.
git clone https://github.com/ReconInfoSec/graylog2thehive.git /opt/graylog2thehive
Get up and running:
- Configure SSL certificate paths in
app.py
, or remove all context lines if not using SSL - Copy
init.d/graylog2thehive.service
to/etc/systemd/system/graylog2thehive.service
- Set your Hive API key in
/etc/systemd/system/graylog2thehive.service
for theHIVE_SECRET_KEY
- Set your Hive and Graylog URLs in
config.py
- Optional:
app/__init__.py
, configure any other IP, hash, URL, or filename fields in place of src_ip and dst_ip to include them as artifacts/observables in your alert
pip install -r requirements.txt
cp init.d/graylog2thehive.service /etc/systemd/system/graylog2thehive.service
systemctl enable graylog2thehive
systemctl start graylog2thehive
- Runs at https://0.0.0.0:5000, accepts POST requests
- Point your Graylog
Legacy Alarm Callback
tohttps://[YOURSERVER].com:5000/create_alert
- Point your Graylog
HTTP Notification
tohttps://[YOURSERVER].com:5000/create_alert_http
- Point your Graylog