TheHive is a scalable Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs, and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. Here's our guide for authenticating TheHive for use with Tines:
First, get a TheHive API key
Log into TheHive.
In the top right corner, click the profile icon and select "Settings"
Choose "Create" under the "API Key" tab.
Copy your API key
Lastly, create a TheHive credential in Tines
TheHive Project connect flow (recommended):
Login to your Tines tenant
Navigate to the team that will be using the API and click "Credentials"
Click "+ New Credential" and select "TheHive Project" and follow the prompts to connect.
Manual credential creation
This method is not recommended as the TheHive Project connect flow creates this credential with much less complexity. However, if you need to create this credential set manually, see the following steps below:
Login to your Tines tenant
Navigate to the team that will be using the API and click "Credential"
Click "+ New Credential" and select "Text"
Input the values for the TheHive credential
Name: Required
Description: Optional
Value: API Key
Metadata: Select 'Enable metadata' and then paste in the following in Plain code mode. Replace the sample URL below with your TheHive Project URL.
{
"url": "https://thcp1.aws.thehive-cloud.io/0abc1234-5678-9d01-234e-567890f123g45/thehive"
}
Optional
Domains: Ensure this credential can only be used when making HTTP requests to specific domains.
Access: What other teams can also use the API
Learn more about our connect flows here.
For more on creating credentials in Tines, click here.
You can find a selection of TheHive stories in the Tines story library.