Feeding Graylog Events to a SOAR platform

I would like to feed Graylog’s events to an open source SOAR (Security Orchestration, Automation, and Response) platform, transforming them into tickets for follow up and resolution.

I have done some research about this and it seems the online reources about this subject are scarce at best. I have heard good feedback about TheHive as a SOAR platform, but I couldn’t get the integration between GL and TheHive to work (the tool to do so - graylog2thehive - seems incompatible with latest TheHive versions).

Did anyone had success in feeding GL’s event to any SOAR platform (TheHive or any other tool) ? If yes, feedback/tips/recommendations would be much appreciated.

i have done setup to MISP. created a lookup to MISP with rest api
but not feeding the hive yet.
im gonna do the test soon to feed the HIVE that we got

// Anders

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.