Hello All,
I’m running Suricata in a linux machine (Ubuntu 20.04), and theHive in another ubuntu machine.
My question is: how can I forward Suricata alerts directly to theHive for incident response ?
Thanks in advance.
This depends what TheHive supports. You might have to use the python API from TheHive in the end. I didn’t see a direct support for specific outputs Suricata produces. Might be better asked at TheHive what logfiles they might be able to support.