I would like to feed Graylog’s events to an open source SOAR (Security Orchestration, Automation, and Response) platform, transforming them into tickets for follow up and resolution.
I have done some research about this and it seems the online reources about this subject are scarce at best. I have heard good feedback about TheHive as a SOAR platform, but I couldn’t get the integration between GL and TheHive to work (the tool to do so - graylog2thehive - seems incompatible with latest TheHive versions).
Did anyone had success in feeding GL’s event to any SOAR platform (TheHive or any other tool) ? If yes, feedback/tips/recommendations would be much appreciated.