- $Alarm_Name = The "alarm name" field is a variable on the Remote Commands McAfee SIEM side.
- $Description = The "Description" field is a variable on the Remote Commands McAfee SIEM side.
- $Severity = The "Severity" field is a variable on the Remote Commands McAfee SIEM side.
- $Source_IP = The "Source IP" field is a variable on the Remote Commands McAfee SIEM side.
- TheHive_IpAddress = "TheHive_IpAddress" is the ip address of the server where thehive is installed. ex: 1.1.1.1 default port 9000
- Command String are: send_thehive.py -thehiveip="$TheHive_IpAddress" --username="" --password="" --title="[$Alarm_Name]" --description="[$Description]" --severity="- [$Severity]" --ip="[$Source_IP]"
With this script, you can automatically send the alarms that occur on "McAfee SIEM" to the "TheHive" platform, the alarms you send will be automatically opened as a case.
If you want all alarm logs to be opened, you need to configure the remote command execution page of all your alarms.
"Execute remote command" must be selected in your alarm settings.
To automatically send alarms, you need a server that you can connect to with a "ssh". then you can save it by entering the appropriate parameters in the "Command String" field.
