ee-outliers icon indicating copy to clipboard operation
ee-outliers copied to clipboard

Published 20 hours ago verified publisher icon NVISOsecurity

Notifier TheHive

Open V1D1AN opened this issue 4 years ago • 1 comments

Hello, ee-outliers seems like a good project, do you plan to add "notifier" like "TheHive" or other ?? SMTP is only the possibility for the moment.

V1D1AN avatar Jun 15 '20 08:06 V1D1AN

Hi there,

Thanks for the question! At the moment, we only support mail indeed (in a very basic way) - internally, we also use The Hive with ee-outliers in the following way:

  • We add a tag to the use cases we want to alert on, i.e. outliers_type = "thehive_alert"
  • In our templates of elastalert, we filter out all the events with this field & value
  • Those are the ones we send through to The Hive for alerting

We wanted to keep the framework as agnostic of other tools as possible for now, so that's how we solve it ourselves internally - this ofcourse needs an integration with something like elastalert but we found that very simple to setup. Does this make sense for your use case?

daanraman avatar Jun 17 '20 14:06 daanraman