TheHive is a scalable Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs, and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. Here's our guide for authenticating TheHive for use with Tines:
First, get a TheHive API key
Log into TheHive.
In the top right corner, click the profile icon and select "Settings"
Choose "Create" under the "API Key" tab.
Copy your API key
Lastly, create a TheHive credential in Tines
Login to your Tines tenant
Navigate to the team that will be using the API and click "Credential"
Click "+ New Credential" and select "Text"
Input the values for the TheHive credential
Value: API Key
Domains: Ensure this credential can only be used when making HTTP requests to specific domains.
Access: What other teams can also use the API