Automate TheHive Case Creation and Slack Notifications
detail.loadingPreview
Seamlessly integrate TheHive security incident management with Slack for real-time alerts and task management. This workflow automates the creation of new cases in TheHive based on specific events and pushes detailed notifications to Slack, enabling faster response and collaboration.
About This Workflow
This n8n workflow bridges the gap between your security operations center (SOC) and your communication channels by automating crucial incident response processes. It leverages TheHive's powerful case management system and Slack's real-time messaging capabilities to streamline your security workflows.
The workflow begins by triggering on specific events within TheHive, such as new case creation. It then processes this information, enriching it with relevant details and mapping it into a visually appealing and actionable format for Slack. Crucially, it allows for immediate interaction within Slack, enabling users to directly add tasks to TheHive cases, ensuring no critical detail is lost and that the response process remains agile and efficient. This integration significantly reduces manual effort, improves communication, and accelerates incident resolution times, making your security operations more effective.
Key Features
- Real-time TheHive Event Triggering: Automatically captures and processes new case creation events from TheHive.
- Rich Slack Notifications: Sends detailed case information to Slack using Block Kit for better readability and context.
- Interactive Task Management: Allows users to add tasks to TheHive cases directly from Slack modals.
- Customizable Mapping: Define dictionaries for status, severity, and TLP to standardize your reporting.
- Centralized Workflow Automation: Consolidates security incident management and communication into a single, automated flow.
How To Use
- Configure TheHive Trigger: Set up the 'TheHive Trigger' node by defining the events you want to monitor (e.g.,
case_create). Ensure your TheHive instance is configured with a webhook pointing to your n8n instance. - Set Up TheHive URL and Mappings: In the 'Edit Fields' node, update the
theHiveUrlwith your TheHive instance's address and customize thedictionaryfor statuses, severities, and TLP levels as needed. - Design Slack Notifications: Connect the output of your TheHive trigger to a node that formats the case data for Slack. The provided JSON snippet suggests using Block Kit for rich messages. Configure this node to extract relevant case details.
- Implement Task Modal: Utilize the 'Task Modal' node (or an equivalent HTTP Request node) to configure a Slack modal for adding tasks. Map the
trigger_idfrom your incoming Slack event and populate the modal's fields (title, description, group, due date) with dynamic data from TheHive. - Connect Slack Actions: Ensure that the submission of the Slack modal is correctly handled by a subsequent node, which should then interact with TheHive API to create new tasks based on the user's input.
Apps Used
Workflow JSON
{
"id": "e765cbae-9bb2-4fc2-9a3a-a4f40a233f74",
"name": "Automate TheHive Case Creation and Slack Notifications",
"nodes": 10,
"category": "DevOps",
"status": "active",
"version": "1.0.0"
}Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.
Get This Workflow
ID: e765cbae-9bb2...
About the Author
N8N_Community_Pick
Curator
Hand-picked high quality workflows from the global community.
Statistics
Related Workflows
Discover more workflows you might like
Effortless Bug Reporting: Slack Slash Command to Linear Issue
Streamline your bug reporting process by instantly creating Linear issues directly from Slack using a simple slash command. This workflow enhances team collaboration by providing immediate feedback and a structured approach to logging defects, saving valuable time for development and QA teams.
Automate Qualys Report Generation and Retrieval
Streamline your Qualys security reporting by automating the generation and retrieval of reports. This workflow ensures timely access to crucial security data without manual intervention.
Automated PR Merged QA Notifications
Streamline your QA process with this automated workflow that notifies your team upon successful Pull Request merges. Leverage AI and vector stores to enrich notifications and ensure seamless integration into your development pipeline.