Cisco Security and TheHive Project

TheHive is a scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.

Product Integrations

• Secure threat response: Cisco SecureX threat response connects to TheHive, so the user can query Threat Response for Verdicts and Sightings for domain, filename, fqdn, hash (MD5, SHA1, SHA256), ip, and url. Then pivot into a Threat Response investigation of an observable.
• Secure Endpoint: The Cisco Security Endpoint responder includes the following features: add a SHA256 to a Simple Custom Detection List, the Hive Case ID and Description are appended to the description, remove a SHA256 from a Simple Custom Detection List, move a connector GUID to a new group, start Host Isolation, set a custom unlock code and stop Host Isolation.
• Secure Malware Analytics: The Cisco Thread Grid (Malware Analytics) analyzer features include: submit a file for analysis, submit a URL for analysis, query Malware Analytics for a hash (MD5, SHA1, SHA256) and get the highest-scoring analysis results, pivot into Malware Analytics report to view the analysis, pivot into Malware Analytics report to a specific Behavioral Indicator and pivot into Malware Analytics report to a specific TCP/IP Stream.