[TheHive] Compability with version 4 (aka TheHive 4)

[SamuelHassine]

Problem to Solve

The current connector only works with TheHive 3.X.

Current Workaround

None.

Proposed Solution

Implement compatibility with TheHive 4.X.

[paul-thi]

@SamuelHassine any update on this? if not, can you point me in the direction of what would need to be tested?

[robben-ar]

@SamuelHassine Do you know if OpenCTI will have compatibility with TheHive 4 and 5 in the future? Thanks.-

[TheMatrix97]

Hi! Can you describe the problem that makes the connector incompatible with TheThive 4.X? Hope we can find a solution

[TheMatrix97]

I can confirm it works with thehive 4..... Dunno why is this still open...

[paul-thi]

So there are 2 issues at least that I am aware of on both 4.x and 5.x. #1 the connector is hard coded to only handle up to 100 cases in TheHive. However ours has over 300, which caused the import to break and typically just ingest one case. Often this was the same one over and over. #2 the logic of the connector doesn't apply updates to cases made in TheHive to the corresponding event in OpenCTI. This assumes a workflow where the case is added from day one with all the information however with our workflow, the case typically starts barebones and gets updates during the life of the incident. We forked the connector and made updates so that it has been working consistently. I will see if we can make a merge request if you are interested in fixing.

[Jipegien]

Hi @paul-thi! Are you still OK to submit a PR with your modified connector?

It will be great have this resolved! :)

[SamuelHassine]

Issue solved by multiple enhancements in 5.8.4.