MISP and TheHive can interact between each other in both ways: * TheHive is able to import events from a MISP instance as alerts and create cases from them * TheHive is able to export a case into MISP as an event and update it with the artifacts flagged as IOC as MISP attributes
It is possible to use the API to control those behaviours.
|GET||/api/connector/misp/_syncAlerts||Synchronize from all MISP instances all MISP events published since the last synchronization|
|GET||/api/connector/misp/_syncAllAlerts||Synchronize from all MISP instances all MISP published events since the beginning|
|GET||/api/connector/misp/_syncArtifacts||Synchronize all artifacts from already imported alerts from all MISP instances|
|POST||/api/connector/misp/export/:caseId/:mispName||Export a case to MISP|
Exporting a case to MISP#
Exporting a case to MISP can be done by performing the following query
No parameters need to be sent in the query body.
The response of this query will be a JSON table containing all artifacts sent as attributes in the MISP event.