Automate TheHive Case Management with n8n
detail.loadingPreview
Streamline your incident response by automating the creation, updating, and retrieval of cases in TheHive using n8n. This workflow empowers your security operations center (SOC) to manage incidents more efficiently.
About This Workflow
This n8n workflow provides a robust solution for managing cases within TheHive, a popular Security Incident Response Platform (SIRP). By leveraging n8n's visual workflow builder and TheHive integration, you can automate repetitive tasks associated with incident handling. The workflow begins with a manual trigger, allowing you to initiate the process on demand. It then seamlessly creates a new case in TheHive with predefined tags, owner, severity, and description. Following creation, the workflow automatically updates the case's severity and concludes by fetching the latest case details. This automation significantly reduces manual effort, accelerates response times, and ensures consistent case management practices.
Key Features
- Automated Case Creation: Instantly generate new cases in TheHive with customizable details.
- Dynamic Case Updates: Modify case attributes like severity on the fly.
- Real-time Case Retrieval: Fetch the most up-to-date information for any case.
- Seamless Integration: Connects directly with your existing TheHive instance.
- Manual Trigger: Initiate workflows manually for controlled incident management.
How To Use
- Trigger: Start the workflow by clicking 'execute' on the manual trigger node.
- Create Case: Configure the first TheHive node to 'create' a case. Specify essential parameters like
title,description,owner,severity, andtags. Ensure your TheHive credentials are set up. - Update Case: Connect the output of the 'create' node to the 'update' node. In this node, set the
idto dynamically reference the newly created case (using={{$node["TheHive"].json["id"]}}). Define theupdateFields(e.g.,severity) you wish to modify. - Get Case: Connect the output of the 'update' node to the 'get' node. Again, use the dynamic
idexpression (={{$node["TheHive"].json["id"]}}) to specify which case to retrieve. This node will fetch the updated case details.
Apps Used
Workflow JSON
{
"id": "4a362a02-d8f5-4fd7-b6ac-3e6c2b377e4d",
"name": "Automate TheHive Case Management with n8n",
"nodes": 19,
"category": "DevOps",
"status": "active",
"version": "1.0.0"
}Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.
Get This Workflow
ID: 4a362a02-d8f5...
About the Author
Free n8n Workflows Official
System Admin
The official repository for verified enterprise-grade workflows.
Statistics
Related Workflows
Discover more workflows you might like
Automated PR Merged QA Notifications
Streamline your QA process with this automated workflow that notifies your team upon successful Pull Request merges. Leverage AI and vector stores to enrich notifications and ensure seamless integration into your development pipeline.
Automate Qualys Report Generation and Retrieval
Streamline your Qualys security reporting by automating the generation and retrieval of reports. This workflow ensures timely access to crucial security data without manual intervention.
Visualize Your n8n Workflows: Interactive Dashboard with Mermaid.js
Gain unparalleled visibility into your n8n automation landscape. This workflow transforms your n8n instance into a dynamic, interactive dashboard, leveraging Mermaid.js to visualize all your workflows in one accessible place.